Merge remote-tracking branch 'giteaofficial/main'

* giteaofficial/main: (29 commits)
  [skip ci] Updated translations via Crowdin
  Support localized README (go-gitea#20508)
  Clean up and fix clone button script (go-gitea#20415)
  Add disable download source configuration (go-gitea#20548)
  Fix default merge style (go-gitea#20564)
  Update login methods in package docs (go-gitea#20561)
  Add missing Tabs on organisation/package view (Frontport go-gitea#20539) (go-gitea#20540)
  [skip ci] Updated licenses and gitignores
  Add setting `SQLITE_JOURNAL_MODE` to enable WAL (go-gitea#20535)
  Rework file highlight rendering and fix yaml copy-paste (go-gitea#19967)
  Add new API endpoints for push mirrors management (go-gitea#19841)
  WebAuthn CredentialID field needs to be increased in size (go-gitea#20530)
  Add latest commit's SHA to content response (go-gitea#20398)
  Improve token and secret key generation docs (go-gitea#20387)
  [skip ci] Updated translations via Crowdin
  Rework raw file http header logic (go-gitea#20484)
  Update lunny/levelqueue to prevent NPE when reads are performed after close (go-gitea#20534)
  Added guidance on file to choose to download (go-gitea#20474)
  [skip ci] Updated translations via Crowdin
  Ensure that all unmerged files are merged when conflict checking (go-gitea#20528)
  ...

custom/conf/app.example.ini

@@ -313,6 +313,7 @@ USER = root
 ;DB_TYPE = sqlite3
 ;PATH= ; defaults to data/gitea.db
 ;SQLITE_TIMEOUT = ; Query timeout defaults to: 500
+;SQLITE_JOURNAL_MODE = ; defaults to sqlite database default (often DELETE), can be used to enable WAL mode. https://www.sqlite.org/pragma.html#pragma_journal_mode
 ;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
@@ -878,6 +879,9 @@ ROUTER = console
 ;; Allow deletion of unadopted repositories
 ;ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES = false
 
+;; Don't allow download source archive files from UI
+;DISABLE_DOWNLOAD_SOURCE_ARCHIVES = false
+
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[repository.editor]

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -78,6 +78,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `DEFAULT_BRANCH`: **main**: Default branch name of all repositories.
 - `ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to adopt unadopted repositories
 - `ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to delete unadopted repositories
+- `DISABLE_DOWNLOAD_SOURCE_ARCHIVES`: **false**: Don't allow download source archive files from UI
 
 ### Repository - Editor (`repository.editor`)
 
@@ -382,6 +383,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
     - `verify-ca`: Enable TLS with verification of the database server certificate against its root certificate.
     - `verify-full`: Enable TLS and verify the database server name matches the given certificate in either the `Common Name` or `Subject Alternative Name` fields.
 - `SQLITE_TIMEOUT`: **500**: Query timeout for SQLite3 only.
+- `SQLITE_JOURNAL_MODE`: **""**: Change journal mode for SQlite3. Can be used to enable [WAL mode](https://www.sqlite.org/wal.html) when high load causes write congestion. See [SQlite3 docs](https://www.sqlite.org/pragma.html#pragma_journal_mode) for possible values. Defaults to the default for the database file, often DELETE.
 - `ITERATE_BUFFER_SIZE`: **50**: Internal buffer size for iterating.
 - `CHARSET`: **utf8mb4**: For MySQL only, either "utf8" or "utf8mb4". NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
 - `PATH`: **data/gitea.db**: For SQLite3 only, the database file path.

docs/content/doc/installation/from-binary.en-us.md

@@ -24,13 +24,29 @@ embedded assets. This can be different for older releases.
 
 ## Download
 
-Choose the file matching your platform from the [downloads page](https://dl.gitea.io/gitea/), copy the URL and replace the URL within the commands below:
+You can find the file matching your platform from the [downloads page](https://dl.gitea.io/gitea/) after navigating to the version you want to download.
+
+### Choosing the right file
+
+**For Linux**, you will likely want `linux-amd64`. It's for 64-bit Intel/AMD platforms, but there are other platforms available, including `arm64` (e.g. Raspberry PI 4), `386` (i.e. 32-bit), `arm-5`, and `arm-6`.
+
+**For Windows**, you will likely want `windows-4.0-amd64`. It's for all modern versions of Windows, but there is also a `386` platform available designed for older, 32-bit versions of Windows.
+
+*Note: there is also a `gogit-windows` file available that was created to help with some [performance problems](https://github.com/go-gitea/gitea/pull/15482) reported by some Windows users on older systems/versions. You should consider using this file if you're experiencing performance issues, and let us know if it improves performance.*
+
+**For macOS**, you should choose `darwin-arm64` if your hardware uses Apple Silicon, or `darwin-amd64` for Intel.
+
+### Downloading with wget
+
+Copy the commands below and replace the URL within the one you wish to download.
 
 ```sh
 wget -O gitea https://dl.gitea.io/gitea/{{< version >}}/gitea-{{< version >}}-linux-amd64
 chmod +x gitea
 ```
 
+Note that the above command will download Gitea {{< version >}} for 64-bit Linux.
+
 ## Verify GPG signature
 
 Gitea signs all binaries with a [GPG key](https://keys.openpgp.org/search?q=teabot%40gitea.io) to prevent against unwanted modification of binaries.

docs/content/doc/installation/with-docker.en-us.md

@@ -303,7 +303,23 @@ services:
     - GITEA__mailer__PASSWD="""${GITEA__mailer__PASSWD:?GITEA__mailer__PASSWD not set}"""
 ```
 
-To set required TOKEN and SECRET values, consider using Gitea's built-in [generate utility functions](https://docs.gitea.io/en-us/command-line/#generate).
+Gitea will generate new secrets/tokens for every new installation automatically and write them into the app.ini. If you want to set the secrets/tokens manually, you can use the following docker commands to use of Gitea's built-in [generate utility functions](https://docs.gitea.io/en-us/command-line/#generate). Do not lose/change your SECRET_KEY after the installation, otherwise the encrypted data can not be decrypted anymore.
+
+The following commands will output a new `SECRET_KEY` and `INTERNAL_TOKEN` to `stdout`, which you can then place in your environment variables.
+
+```bash
+docker run -it --rm gitea/gitea:1 gitea generate secret SECRET_KEY
+docker run -it --rm  gitea/gitea:1 gitea generate secret INTERNAL_TOKEN
+```
+
+```yaml
+...
+services:
+  server:
+    environment:
+      - GITEA__security__SECRET_KEY=[value returned by generate secret SECRET_KEY]
+      - GITEA__security__INTERNAL_TOKEN=[value returned by generate secret INTERNAL_TOKEN]
+```
 
 ## SSH Container Passthrough
 

docs/content/doc/packages/composer.en-us.md

@@ -60,6 +60,8 @@ curl --user your_username:your_password_or_token \
      https://gitea.example.com/api/packages/testuser/composer?version=1.0.3
 ```
 
+If you are using 2FA or OAuth use a [personal access token]({{< relref "doc/developers/api-usage.en-us.md#authentication" >}}) instead of the password.
+
 The server responds with the following HTTP Status codes.
 
 | HTTP Status Code  | Meaning |

docs/content/doc/packages/conan.en-us.md

@@ -37,7 +37,7 @@ conan user --remote {remote} --password {password} {username}
 | -----------| ----------- |
 | `remote`   | The remote name. |
 | `username` | Your Gitea username. |
-| `password` | Your Gitea password or a personal access token. |
+| `password` | Your Gitea password. If you are using 2FA or OAuth use a [personal access token]({{< relref "doc/developers/api-usage.en-us.md#authentication" >}}) instead of the password. |
 | `owner`    | The owner of the package. |
 
 For example:

docs/content/doc/packages/container.en-us.md

@@ -34,6 +34,8 @@ To push an image or if the image is in a private registry, you have to authentic
 docker login gitea.example.com
 ```
 
+If you are using 2FA or OAuth use a [personal access token]({{< relref "doc/developers/api-usage.en-us.md#authentication" >}}) instead of the password.
+
 ## Image naming convention
 
 Images must follow this naming convention:

docs/content/doc/packages/generic.en-us.md

@@ -37,7 +37,7 @@ PUT https://gitea.example.com/api/packages/{owner}/generic/{package_name}/{packa
 | ----------------- | ----------- |
 | `owner`           | The owner of the package. |
 | `package_name`    | The package name. It can contain only lowercase letters (`a-z`), uppercase letter (`A-Z`), numbers (`0-9`), dots (`.`), hyphens (`-`), or underscores (`_`). |
-| `package_version` | The package version as described in the [SemVer](https://semver.org/) spec. |
+| `package_version` | The package version, a non-empty string. |
 | `file_name`       | The filename. It can contain only lowercase letters (`a-z`), uppercase letter (`A-Z`), numbers (`0-9`), dots (`.`), hyphens (`-`), or underscores (`_`). |
 
 Example request using HTTP Basic authentication:
@@ -48,6 +48,8 @@ curl --user your_username:your_password_or_token \
      https://gitea.example.com/api/packages/testuser/generic/test_package/1.0.0/file.bin
 ```
 
+If you are using 2FA or OAuth use a [personal access token]({{< relref "doc/developers/api-usage.en-us.md#authentication" >}}) instead of the password.
+
 The server reponds with the following HTTP Status codes.
 
 | HTTP Status Code  | Meaning |

docs/content/doc/packages/helm.en-us.md

@@ -42,7 +42,7 @@ helm cm-push ./{chart_file}.tgz {repo}
 | Parameter    | Description |
 | ------------ | ----------- |
 | `username`   | Your Gitea username. |
-| `password`   | Your Gitea password or a personal access token. |
+| `password`   | Your Gitea password. If you are using 2FA or OAuth use a [personal access token]({{< relref "doc/developers/api-usage.en-us.md#authentication" >}}) instead of the password. |
 | `repo`       | The name for the repository. |
 | `chart_file` | The Helm Chart archive. |
 | `owner`      | The owner of the package. |

docs/content/doc/packages/nuget.en-us.md

@@ -38,7 +38,7 @@ dotnet nuget add source --name {source_name} --username {username} --password {p
 | ------------- | ----------- |
 | `source_name` | The desired source name. |
 | `username`    | Your Gitea username. |
-| `password`    | Your Gitea password or a personal access token. |
+| `password`    | Your Gitea password. If you are using 2FA or OAuth use a [personal access token]({{< relref "doc/developers/api-usage.en-us.md#authentication" >}}) instead of the password. |
 | `owner`       | The owner of the package. |
 
 For example:

docs/content/doc/packages/pypi.en-us.md

@@ -42,7 +42,7 @@ password = {password}
 | ------------ | ----------- |
 | `owner`      | The owner of the package. |
 | `username`   | Your Gitea username. |
-| `password`   | Your Gitea password or a [personal access token]({{< relref "doc/developers/api-usage.en-us.md#authentication" >}}). |
+| `password`   | Your Gitea password. If you are using 2FA or OAuth use a [personal access token]({{< relref "doc/developers/api-usage.en-us.md#authentication" >}}) instead of the password. |
 
 ## Publish a package
 

docs/content/doc/packages/rubygems.en-us.md

@@ -36,7 +36,7 @@ https://gitea.example.com/api/packages/{owner}/rubygems: Bearer {token}
 | Parameter     | Description |
 | ------------- | ----------- |
 | `owner`       | The owner of the package. |
-| `token`       | Your personal access token. |
+| `token`       | Your [personal access token]({{< relref "doc/developers/api-usage.en-us.md#authentication" >}}). |
 
 For example:
 

go.mod

@@ -9,7 +9,7 @@ require (
 	gitea.com/go-chi/cache v0.2.0
 	gitea.com/go-chi/captcha v0.0.0-20211013065431-70641c1a35d5
 	gitea.com/go-chi/session v0.0.0-20211218221615-e3605d8b28b8
-	gitea.com/lunny/levelqueue v0.4.1
+	gitea.com/lunny/levelqueue v0.4.2-0.20220729054728-f020868cc2f7
 	github.com/42wim/sshsig v0.0.0-20211121163825-841cf5bbc121
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/PuerkitoBio/goquery v1.8.0

go.sum

@@ -80,8 +80,8 @@ gitea.com/go-chi/captcha v0.0.0-20211013065431-70641c1a35d5 h1:J/1i8u40TbcLP/w2w
 gitea.com/go-chi/captcha v0.0.0-20211013065431-70641c1a35d5/go.mod h1:hQ9SYHKdOX968wJglb/NMQ+UqpOKwW4L+EYdvkWjHSo=
 gitea.com/go-chi/session v0.0.0-20211218221615-e3605d8b28b8 h1:tJQRXgZigkLeeW9LPlps9G9aMoE6LAmqigLA+wxmd1Q=
 gitea.com/go-chi/session v0.0.0-20211218221615-e3605d8b28b8/go.mod h1:fc/pjt5EqNKgqQXYzcas1Z5L5whkZHyOvTA7OzWVJck=
-gitea.com/lunny/levelqueue v0.4.1 h1:RZ+AFx5gBsZuyqCvofhAkPQ9uaVDPJnsULoJZIYaJNw=
-gitea.com/lunny/levelqueue v0.4.1/go.mod h1:HBqmLbz56JWpfEGG0prskAV97ATNRoj5LDmPicD22hU=
+gitea.com/lunny/levelqueue v0.4.2-0.20220729054728-f020868cc2f7 h1:Zc3RQWC2xOVglLciQH/ZIC5IqSk3Jn96LflGQLv18Rg=
+gitea.com/lunny/levelqueue v0.4.2-0.20220729054728-f020868cc2f7/go.mod h1:HBqmLbz56JWpfEGG0prskAV97ATNRoj5LDmPicD22hU=
 gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a h1:lSA0F4e9A2NcQSqGqTOXqu2aRi/XEQxDCBwM8yJtE6s=
 gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a/go.mod h1:EXuID2Zs0pAQhH8yz+DNjUbjppKQzKFAn28TMYPB6IU=
 gitee.com/travelliu/dm v1.8.11192/go.mod h1:DHTzyhCrM843x9VdKVbZ+GKXGRbKM2sJ4LxihRxShkE=

integrations/api_packages_container_test.go

@@ -27,6 +27,7 @@ import (
 
 func TestPackageContainer(t *testing.T) {
 	defer prepareTestEnv(t)()
+
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
 
 	has := func(l packages_model.PackagePropertyList, name string) bool {
@@ -37,6 +38,15 @@ func TestPackageContainer(t *testing.T) {
 		}
 		return false
 	}
+	getAllByName := func(l packages_model.PackagePropertyList, name string) []string {
+		values := make([]string, 0, len(l))
+		for _, pp := range l {
+			if pp.Name == name {
+				values = append(values, pp.Value)
+			}
+		}
+		return values
+	}
 
 	images := []string{"test", "te/st"}
 	tags := []string{"latest", "main"}
@@ -67,7 +77,7 @@ func TestPackageContainer(t *testing.T) {
 			Token string `json:"token"`
 		}
 
-		authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token"`}
+		authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`}
 
 		t.Run("Anonymous", func(t *testing.T) {
 			defer PrintCurrentTest(t)()
@@ -237,7 +247,8 @@ func TestPackageContainer(t *testing.T) {
 						assert.Nil(t, pd.SemVer)
 						assert.Equal(t, image, pd.Package.Name)
 						assert.Equal(t, tag, pd.Version.Version)
-						assert.True(t, has(pd.Properties, container_module.PropertyManifestTagged))
+						assert.ElementsMatch(t, []string{strings.ToLower(user.LowerName + "/" + image)}, getAllByName(pd.PackageProperties, container_module.PropertyRepository))
+						assert.True(t, has(pd.VersionProperties, container_module.PropertyManifestTagged))
 
 						assert.IsType(t, &container_module.Metadata{}, pd.Metadata)
 						metadata := pd.Metadata.(*container_module.Metadata)
@@ -331,7 +342,8 @@ func TestPackageContainer(t *testing.T) {
 				assert.Nil(t, pd.SemVer)
 				assert.Equal(t, image, pd.Package.Name)
 				assert.Equal(t, untaggedManifestDigest, pd.Version.Version)
-				assert.False(t, has(pd.Properties, container_module.PropertyManifestTagged))
+				assert.ElementsMatch(t, []string{strings.ToLower(user.LowerName + "/" + image)}, getAllByName(pd.PackageProperties, container_module.PropertyRepository))
+				assert.False(t, has(pd.VersionProperties, container_module.PropertyManifestTagged))
 
 				assert.IsType(t, &container_module.Metadata{}, pd.Metadata)
 
@@ -363,18 +375,10 @@ func TestPackageContainer(t *testing.T) {
 				assert.Nil(t, pd.SemVer)
 				assert.Equal(t, image, pd.Package.Name)
 				assert.Equal(t, multiTag, pd.Version.Version)
-				assert.True(t, has(pd.Properties, container_module.PropertyManifestTagged))
+				assert.ElementsMatch(t, []string{strings.ToLower(user.LowerName + "/" + image)}, getAllByName(pd.PackageProperties, container_module.PropertyRepository))
+				assert.True(t, has(pd.VersionProperties, container_module.PropertyManifestTagged))
 
-				getAllByName := func(l packages_model.PackagePropertyList, name string) []string {
-					values := make([]string, 0, len(l))
-					for _, pp := range l {
-						if pp.Name == name {
-							values = append(values, pp.Value)
-						}
-					}
-					return values
-				}
-				assert.ElementsMatch(t, []string{manifestDigest, untaggedManifestDigest}, getAllByName(pd.Properties, container_module.PropertyManifestReference))
+				assert.ElementsMatch(t, []string{manifestDigest, untaggedManifestDigest}, getAllByName(pd.VersionProperties, container_module.PropertyManifestReference))
 
 				assert.IsType(t, &container_module.Metadata{}, pd.Metadata)
 				metadata := pd.Metadata.(*container_module.Metadata)
@@ -536,4 +540,56 @@ func TestPackageContainer(t *testing.T) {
 			})
 		})
 	}
+
+	t.Run("OwnerNameChange", func(t *testing.T) {
+		defer PrintCurrentTest(t)()
+
+		checkCatalog := func(owner string) func(t *testing.T) {
+			return func(t *testing.T) {
+				defer PrintCurrentTest(t)()
+
+				req := NewRequest(t, "GET", fmt.Sprintf("%sv2/_catalog", setting.AppURL))
+				addTokenAuthHeader(req, userToken)
+				resp := MakeRequest(t, req, http.StatusOK)
+
+				type RepositoryList struct {
+					Repositories []string `json:"repositories"`
+				}
+
+				repoList := &RepositoryList{}
+				DecodeJSON(t, resp, &repoList)
+
+				assert.Len(t, repoList.Repositories, len(images))
+				names := make([]string, 0, len(images))
+				for _, image := range images {
+					names = append(names, strings.ToLower(owner+"/"+image))
+				}
+				assert.ElementsMatch(t, names, repoList.Repositories)
+			}
+		}
+
+		t.Run(fmt.Sprintf("Catalog[%s]", user.LowerName), checkCatalog(user.LowerName))
+
+		session := loginUser(t, user.Name)
+
+		newOwnerName := "newUsername"
+
+		req := NewRequestWithValues(t, "POST", "/user/settings", map[string]string{
+			"_csrf":    GetCSRF(t, session, "/user/settings"),
+			"name":     newOwnerName,
+			"email":    "user2@example.com",
+			"language": "en-US",
+		})
+		session.MakeRequest(t, req, http.StatusSeeOther)
+
+		t.Run(fmt.Sprintf("Catalog[%s]", newOwnerName), checkCatalog(newOwnerName))
+
+		req = NewRequestWithValues(t, "POST", "/user/settings", map[string]string{
+			"_csrf":    GetCSRF(t, session, "/user/settings"),
+			"name":     user.Name,
+			"email":    "user2@example.com",
+			"language": "en-US",
+		})
+		session.MakeRequest(t, req, http.StatusSeeOther)
+	})
 }

integrations/api_packages_generic_test.go

@@ -42,7 +42,6 @@ func TestPackageGeneric(t *testing.T) {
 
 		pd, err := packages.GetPackageDescriptor(db.DefaultContext, pvs[0])
 		assert.NoError(t, err)
-		assert.NotNil(t, pd.SemVer)
 		assert.Nil(t, pd.Metadata)
 		assert.Equal(t, packageName, pd.Package.Name)
 		assert.Equal(t, packageVersion, pd.Version.Version)

integrations/api_packages_npm_test.go

@@ -85,9 +85,9 @@ func TestPackageNpm(t *testing.T) {
 		assert.IsType(t, &npm.Metadata{}, pd.Metadata)
 		assert.Equal(t, packageName, pd.Package.Name)
 		assert.Equal(t, packageVersion, pd.Version.Version)
-		assert.Len(t, pd.Properties, 1)
-		assert.Equal(t, npm.TagProperty, pd.Properties[0].Name)
-		assert.Equal(t, packageTag, pd.Properties[0].Value)
+		assert.Len(t, pd.VersionProperties, 1)
+		assert.Equal(t, npm.TagProperty, pd.VersionProperties[0].Name)
+		assert.Equal(t, packageTag, pd.VersionProperties[0].Value)
 
 		pfs, err := packages.GetFilesByVersionID(db.DefaultContext, pvs[0].ID)
 		assert.NoError(t, err)