Merge remote-tracking branch 'giteaofficial/main'

* giteaofficial/main:
  [skip ci] Updated translations via Crowdin
  switch destination directory for apt signing keys (go-gitea#28639)
  Extend description for ARTIFACT_RETENTION_DAYS (go-gitea#28626)
  Refactor timeutil package (go-gitea#28623)
  Refactor some legacy code and remove unused code (go-gitea#28622)
  Remove unnecessary syncbranchToDB with tests (go-gitea#28624)
  Do not set `Accept` header twice (go-gitea#28598)
  [skip ci] Updated translations via Crowdin
  fix wrong link in user and organization profile when using relative url (go-gitea#28617)
  Add get actions runner registration token for API routes, repo, org, user and global level (go-gitea#27144)
  Fix session key conflict with database keyword (go-gitea#28613)

docs/content/administration/config-cheat-sheet.en-us.md

@@ -1390,7 +1390,7 @@ PROXY_HOSTS = *.github.com
 - `DEFAULT_ACTIONS_URL`: **github**: Default platform to get action plugins, `github` for `https://github.com`, `self` for the current Gitea instance.
 - `STORAGE_TYPE`: **local**: Storage type for actions logs, `local` for local disk or `minio` for s3 compatible object storage service, default is `local` or other name defined with `[storage.xxx]`
 - `MINIO_BASE_PATH`: **actions_log/**: Minio base path on the bucket only available when STORAGE_TYPE is `minio`
-- `ARTIFACT_RETENTION_DAYS`: **90**: Number of days to keep artifacts. Set to 0 to disable artifact retention. Default is 90 days if not set.
+- `ARTIFACT_RETENTION_DAYS`: **90**: Default number of days to keep artifacts. This can be overridden in `actions/upload_artifact`. Set to 0 to disable artifact retention. Default is 90 days if not set. Each artifact can have it's own number of retention days.
 - `ZOMBIE_TASK_TIMEOUT`: **10m**: Timeout to stop the task which have running status, but haven't been updated for a long time
 - `ENDLESS_TASK_TIMEOUT`: **3h**: Timeout to stop the tasks which have running status and continuous updates, but don't end for a long time
 - `ABANDONED_JOB_TIMEOUT`: **24h**: Timeout to cancel the jobs which have waiting status, but haven't been picked by a runner for a long time

docs/content/usage/packages/debian.en-us.md

@@ -27,7 +27,7 @@ The following examples use `apt`.
 To register the Debian registry add the url to the list of known apt sources:
 
 ```shell
-echo "deb https://gitea.example.com/api/packages/{owner}/debian {distribution} {component}" | sudo tee -a /etc/apt/sources.list.d/gitea.list
+echo "deb [signed-by=/etc/apt/keyrings/gitea-{owner}.asc] https://gitea.example.com/api/packages/{owner}/debian {distribution} {component}" | sudo tee -a /etc/apt/sources.list.d/gitea.list
 ```
 
 | Placeholder    | Description |
@@ -39,13 +39,13 @@ echo "deb https://gitea.example.com/api/packages/{owner}/debian {distribution} {
 If the registry is private, provide credentials in the url. You can use a password or a [personal access token](development/api-usage.md#authentication):
 
 ```shell
-echo "deb https://{username}:{your_password_or_token}@gitea.example.com/api/packages/{owner}/debian {distribution} {component}" | sudo tee -a /etc/apt/sources.list.d/gitea.list
+echo "deb [signed-by=/etc/apt/keyrings/gitea-{owner}.asc] https://{username}:{your_password_or_token}@gitea.example.com/api/packages/{owner}/debian {distribution} {component}" | sudo tee -a /etc/apt/sources.list.d/gitea.list
 ```
 
 The Debian registry files are signed with a PGP key which must be known to apt:
 
 ```shell
-sudo curl https://gitea.example.com/api/packages/{owner}/debian/repository.key -o /etc/apt/trusted.gpg.d/gitea-{owner}.asc
+sudo curl https://gitea.example.com/api/packages/{owner}/debian/repository.key -o /etc/apt/keyrings/gitea-{owner}.asc
 ```
 
 Afterwards update the local package index:

docs/content/usage/packages/debian.zh-cn.md

@@ -27,7 +27,7 @@ menu:
 要注册 Debian 注册表，请将 URL 添加到已知 `apt` 源列表中：
 
 ```shell
-echo "deb https://gitea.example.com/api/packages/{owner}/debian {distribution} {component}" | sudo tee -a /etc/apt/sources.list.d/gitea.list
+echo "deb [signed-by=/etc/apt/keyrings/gitea-{owner}.asc] https://gitea.example.com/api/packages/{owner}/debian {distribution} {component}" | sudo tee -a /etc/apt/sources.list.d/gitea.list
 ```
 
 | 占位符         | 描述           |
@@ -39,13 +39,13 @@ echo "deb https://gitea.example.com/api/packages/{owner}/debian {distribution} {
 如果注册表是私有的，请在 URL 中提供凭据。您可以使用密码或[个人访问令牌](development/api-usage.md#通过-api-认证)：
 
 ```shell
-echo "deb https://{username}:{your_password_or_token}@gitea.example.com/api/packages/{owner}/debian {distribution} {component}" | sudo tee -a /etc/apt/sources.list.d/gitea.list
+echo "deb [signed-by=/etc/apt/keyrings/gitea-{owner}.asc] https://{username}:{your_password_or_token}@gitea.example.com/api/packages/{owner}/debian {distribution} {component}" | sudo tee -a /etc/apt/sources.list.d/gitea.list
 ```
 
 Debian 注册表文件使用 PGP 密钥进行签名，`apt` 必须知道该密钥：
 
 ```shell
-sudo curl https://gitea.example.com/api/packages/{owner}/debian/repository.key -o /etc/apt/trusted.gpg.d/gitea-{owner}.asc
+sudo curl https://gitea.example.com/api/packages/{owner}/debian/repository.key -o /etc/apt/keyrings/gitea-{owner}.asc
 ```
 
 然后更新本地软件包索引：

models/activities/user_heatmap_test.go

@@ -59,8 +59,8 @@ func TestGetUserHeatmapDataByUser(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
 	// Mock time
-	timeutil.Set(time.Date(2021, 1, 1, 0, 0, 0, 0, time.UTC))
-	defer timeutil.Unset()
+	timeutil.MockSet(time.Date(2021, 1, 1, 0, 0, 0, 0, time.UTC))
+	defer timeutil.MockUnset()
 
 	for _, tc := range testCases {
 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: tc.userID})

models/asymkey/gpg_key_verify.go

@@ -107,8 +107,9 @@ func VerifyGPGKey(ctx context.Context, ownerID int64, keyID, token, signature st
 // VerificationToken returns token for the user that will be valid in minutes (time)
 func VerificationToken(user *user_model.User, minutes int) string {
 	return base.EncodeSha256(
-		time.Now().Truncate(1*time.Minute).Add(time.Duration(minutes)*time.Minute).Format(time.RFC1123Z) + ":" +
-			user.CreatedUnix.FormatLong() + ":" +
+		time.Now().Truncate(1*time.Minute).Add(time.Duration(minutes)*time.Minute).Format(
+			time.RFC1123Z) + ":" +
+			user.CreatedUnix.Format(time.RFC1123Z) + ":" +
 			user.Name + ":" +
 			user.Email + ":" +
 			strconv.FormatInt(user.ID, 10))

models/auth/session.go

@@ -41,12 +41,15 @@ func ReadSession(ctx context.Context, key string) (*Session, error) {
 	}
 	defer committer.Close()
 
-	session, exist, err := db.Get[Session](ctx, builder.Eq{"key": key})
+	session, exist, err := db.Get[Session](ctx, builder.Eq{"`key`": key})
 	if err != nil {
 		return nil, err
 	} else if !exist {
-		session.Expiry = timeutil.TimeStampNow()
-		if err := db.Insert(ctx, &session); err != nil {
+		session = &Session{
+			Key:    key,
+			Expiry: timeutil.TimeStampNow(),
+		}
+		if err := db.Insert(ctx, session); err != nil {
 			return nil, err
 		}
 	}
@@ -56,7 +59,7 @@ func ReadSession(ctx context.Context, key string) (*Session, error) {
 
 // ExistSession checks if a session exists
 func ExistSession(ctx context.Context, key string) (bool, error) {
-	return db.Exist[Session](ctx, builder.Eq{"key": key})
+	return db.Exist[Session](ctx, builder.Eq{"`key`": key})
 }
 
 // DestroySession destroys a session
@@ -75,13 +78,13 @@ func RegenerateSession(ctx context.Context, oldKey, newKey string) (*Session, er
 	}
 	defer committer.Close()
 
-	if has, err := db.Exist[Session](ctx, builder.Eq{"key": newKey}); err != nil {
+	if has, err := db.Exist[Session](ctx, builder.Eq{"`key`": newKey}); err != nil {
 		return nil, err
 	} else if has {
 		return nil, fmt.Errorf("session Key: %s already exists", newKey)
 	}
 
-	if has, err := db.Exist[Session](ctx, builder.Eq{"key": oldKey}); err != nil {
+	if has, err := db.Exist[Session](ctx, builder.Eq{"`key`": oldKey}); err != nil {
 		return nil, err
 	} else if !has {
 		if err := db.Insert(ctx, &Session{
@@ -96,7 +99,7 @@ func RegenerateSession(ctx context.Context, oldKey, newKey string) (*Session, er
 		return nil, err
 	}
 
-	s, _, err := db.Get[Session](ctx, builder.Eq{"key": newKey})
+	s, _, err := db.Get[Session](ctx, builder.Eq{"`key`": newKey})
 	if err != nil {
 		// is not exist, it should be impossible
 		return nil, err

models/avatars/avatar.go

@@ -5,6 +5,8 @@ package avatars
 
 import (
 	"context"
+	"crypto/md5"
+	"encoding/hex"
 	"fmt"
 	"net/url"
 	"path"
@@ -13,7 +15,6 @@ import (
 	"sync/atomic"
 
 	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/cache"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@@ -90,7 +91,9 @@ func DefaultAvatarLink() string {
 
 // HashEmail hashes email address to MD5 string. https://en.gravatar.com/site/implement/hash/
 func HashEmail(email string) string {
-	return base.EncodeMD5(strings.ToLower(strings.TrimSpace(email)))
+	m := md5.New()
+	_, _ = m.Write([]byte(strings.ToLower(strings.TrimSpace(email))))
+	return hex.EncodeToString(m.Sum(nil))
 }
 
 // GetEmailForHash converts a provided md5sum to the email

models/git/protected_branch.go

@@ -17,7 +17,6 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/util"
@@ -127,7 +126,7 @@ func (protectBranch *ProtectedBranch) CanUserPush(ctx context.Context, user *use
 		return writeAccess
 	}
 
-	if base.Int64sContains(protectBranch.WhitelistUserIDs, user.ID) {
+	if slices.Contains(protectBranch.WhitelistUserIDs, user.ID) {
 		return true
 	}
 
@@ -150,7 +149,7 @@ func IsUserMergeWhitelisted(ctx context.Context, protectBranch *ProtectedBranch,
 		return permissionInRepo.CanWrite(unit.TypeCode)
 	}
 
-	if base.Int64sContains(protectBranch.MergeWhitelistUserIDs, userID) {
+	if slices.Contains(protectBranch.MergeWhitelistUserIDs, userID) {
 		return true
 	}
 
@@ -182,7 +181,7 @@ func IsUserOfficialReviewer(ctx context.Context, protectBranch *ProtectedBranch,
 		return writeAccess, nil
 	}
 
-	if base.Int64sContains(protectBranch.ApprovalsWhitelistUserIDs, user.ID) {
+	if slices.Contains(protectBranch.ApprovalsWhitelistUserIDs, user.ID) {
 		return true, nil
 	}
 

models/git/protected_tag.go

@@ -6,11 +6,11 @@ package git
 import (
 	"context"
 	"regexp"
+	"slices"
 	"strings"
 
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/organization"
-	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/timeutil"
 
 	"github.com/gobwas/glob"
@@ -76,7 +76,7 @@ func DeleteProtectedTag(ctx context.Context, pt *ProtectedTag) error {
 
 // IsUserAllowedModifyTag returns true if the user is allowed to modify the tag
 func IsUserAllowedModifyTag(ctx context.Context, pt *ProtectedTag, userID int64) (bool, error) {
-	if base.Int64sContains(pt.AllowlistUserIDs, userID) {
+	if slices.Contains(pt.AllowlistUserIDs, userID) {
 		return true, nil
 	}
 

models/issues/comment.go

@@ -899,15 +899,15 @@ func createDeadlineComment(ctx context.Context, doer *user_model.User, issue *Is
 	// newDeadline = 0 means deleting
 	if newDeadlineUnix == 0 {
 		commentType = CommentTypeRemovedDeadline
-		content = issue.DeadlineUnix.Format("2006-01-02")
+		content = issue.DeadlineUnix.FormatDate()
 	} else if issue.DeadlineUnix == 0 {
 		// Check if the new date was added or modified
 		// If the actual deadline is 0 => deadline added
 		commentType = CommentTypeAddedDeadline
-		content = newDeadlineUnix.Format("2006-01-02")
+		content = newDeadlineUnix.FormatDate()
 	} else { // Otherwise modified
 		commentType = CommentTypeModifiedDeadline
-		content = newDeadlineUnix.Format("2006-01-02") + "|" + issue.DeadlineUnix.Format("2006-01-02")
+		content = newDeadlineUnix.FormatDate() + "|" + issue.DeadlineUnix.FormatDate()
 	}
 
 	if err := issue.LoadRepo(ctx); err != nil {

models/issues/milestone.go

@@ -86,7 +86,7 @@ func (m *Milestone) AfterLoad() {
 		return
 	}
 
-	m.DeadlineString = m.DeadlineUnix.Format("2006-01-02")
+	m.DeadlineString = m.DeadlineUnix.FormatDate()
 	if m.IsClosed {
 		m.IsOverdue = m.ClosedDateUnix >= m.DeadlineUnix
 	} else {

models/issues/review.go

@@ -6,6 +6,7 @@ package issues
 import (
 	"context"
 	"fmt"
+	"slices"
 	"strings"
 
 	"code.gitea.io/gitea/models/db"
@@ -15,7 +16,6 @@ import (
 	access_model "code.gitea.io/gitea/models/perm/access"
 	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/util"
@@ -279,7 +279,7 @@ func IsOfficialReviewerTeam(ctx context.Context, issue *Issue, team *organizatio
 		return team.UnitAccessMode(ctx, unit.TypeCode) >= perm.AccessModeWrite, nil
 	}
 
-	return base.Int64sContains(pb.ApprovalsWhitelistTeamIDs, team.ID), nil
+	return slices.Contains(pb.ApprovalsWhitelistTeamIDs, team.ID), nil
 }
 
 // CreateReview creates a new review based on opts

modules/base/tool.go

@@ -4,7 +4,6 @@
 package base
 
 import (
-	"crypto/md5"
 	"crypto/sha1"
 	"encoding/base64"
 	"encoding/hex"
@@ -16,7 +15,6 @@ import (
 	"strconv"
 	"strings"
 	"time"
-	"unicode"
 	"unicode/utf8"
 
 	"code.gitea.io/gitea/modules/git"
@@ -27,13 +25,6 @@ import (
 	"github.com/minio/sha256-simd"
 )
 
-// EncodeMD5 encodes string to md5 hex value.
-func EncodeMD5(str string) string {
-	m := md5.New()
-	_, _ = m.Write([]byte(str))
-	return hex.EncodeToString(m.Sum(nil))
-}
-
 // EncodeSha1 string to sha1 hex value.
 func EncodeSha1(str string) string {
 	h := sha1.New()
@@ -70,11 +61,6 @@ func BasicAuthDecode(encoded string) (string, string, error) {
 	return auth[0], auth[1], nil
 }
 
-// BasicAuthEncode encode basic auth string
-func BasicAuthEncode(username, password string) string {
-	return base64.StdEncoding.EncodeToString([]byte(username + ":" + password))
-}
-
 // VerifyTimeLimitCode verify time limit code
 func VerifyTimeLimitCode(data string, minutes int, code string) bool {
 	if len(code) <= 18 {
@@ -184,22 +170,6 @@ func Int64sToStrings(ints []int64) []string {
 	return strs
 }
 
-// Int64sContains returns if a int64 in a slice of int64
-func Int64sContains(intsSlice []int64, a int64) bool {
-	for _, c := range intsSlice {
-		if c == a {
-			return true
-		}
-	}
-	return false
-}
-
-// IsLetter reports whether the rune is a letter (category L).
-// https://github.com/golang/go/blob/c3b4918/src/go/scanner/scanner.go#L342
-func IsLetter(ch rune) bool {
-	return 'a' <= ch && ch <= 'z' || 'A' <= ch && ch <= 'Z' || ch == '_' || ch >= 0x80 && unicode.IsLetter(ch)
-}
-
 // EntryIcon returns the octicon class for displaying files/directories
 func EntryIcon(entry *git.TreeEntry) string {
 	switch {

modules/base/tool_test.go

@@ -11,13 +11,6 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-func TestEncodeMD5(t *testing.T) {
-	assert.Equal(t,
-		"3858f62230ac3c915f300c664312c63f",
-		EncodeMD5("foobar"),
-	)
-}
-
 func TestEncodeSha1(t *testing.T) {
 	assert.Equal(t,
 		"8843d7f92416211de9ebb963ff4ce28125932878",
@@ -52,11 +45,6 @@ func TestBasicAuthDecode(t *testing.T) {
 	assert.Error(t, err)
 }
 
-func TestBasicAuthEncode(t *testing.T) {
-	assert.Equal(t, "Zm9vOmJhcg==", BasicAuthEncode("foo", "bar"))
-	assert.Equal(t, "MjM6IjotLS0t", BasicAuthEncode("23:\"", "----"))
-}
-
 func TestVerifyTimeLimitCode(t *testing.T) {
 	tc := []struct {
 		data    string
@@ -167,29 +155,6 @@ func TestInt64sToStrings(t *testing.T) {
 	)
 }
 
-func TestInt64sContains(t *testing.T) {
-	assert.True(t, Int64sContains([]int64{6, 44324, 4324, 32, 1, 2323}, 1))
-	assert.True(t, Int64sContains([]int64{2323}, 2323))
-	assert.False(t, Int64sContains([]int64{6, 44324, 4324, 32, 1, 2323}, 232))
-}
-
-func TestIsLetter(t *testing.T) {
-	assert.True(t, IsLetter('a'))
-	assert.True(t, IsLetter('e'))
-	assert.True(t, IsLetter('q'))
-	assert.True(t, IsLetter('z'))
-	assert.True(t, IsLetter('A'))
-	assert.True(t, IsLetter('E'))
-	assert.True(t, IsLetter('Q'))
-	assert.True(t, IsLetter('Z'))
-	assert.True(t, IsLetter('_'))
-	assert.False(t, IsLetter('-'))
-	assert.False(t, IsLetter('1'))
-	assert.False(t, IsLetter('$'))
-	assert.False(t, IsLetter(0x00))
-	assert.False(t, IsLetter(0x93))
-}
-
 // TODO: Test EntryIcon
 
 func TestSetupGiteaRoot(t *testing.T) {