Merge remote-tracking branch 'upstream/main'

* upstream/main: Simplify the error message when `index.js` couldn't be loaded (go-gitea#22354) Support asciicast files as new markup (go-gitea#22448) Support scoped access tokens (go-gitea#20908) some refactor about code comments (go-gitea#20821) docs: add swagger.json file location to FAQ (go-gitea#22489) docs: bump Gitea version (go-gitea#22490) chore: changelog 1.18.1 (go-gitea#22471) (go-gitea#22487) Fixed lint warnings in Grafana raised by Mixtool (go-gitea#22486) Set disable_gravatar/enable_federated_avatar when offline mode is true (go-gitea#22479) Fix pull request API field `closed_at` always being `null` (go-gitea#22482) Fix migration from gitbucket (repost) (go-gitea#22477)
zjjhot · Jan 18, 2023 · d6b4a01 · d6b4a01
2 parents a78e77c + 7ddc11d
commit d6b4a01
Show file tree

Hide file tree

Showing 105 changed files with 1,760 additions and 644 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,47 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).
 
+## [1.18.1](https://github.com/go-gitea/gitea/releases/tag/v1.18.1) - 2023-01-17
+
+* API
+ * Add `sync_on_commit` option for push mirrors api (#22271) (#22292)
+* BUGFIXES
+ * Update `github.com/zeripath/zapx/v15` (#22485)
+ * Fix pull request API field `closed_at` always being `null` (#22482) (#22483)
+ * Fix container blob mount (#22226) (#22476)
+ * Fix error when calculating repository size (#22392) (#22474)
+ * Fix Operator does not exist bug on explore page with ONLY_SHOW_RELEVANT_REPOS (#22454) (#22472)
+ * Fix environments for KaTeX and error reporting (#22453) (#22473)
+ * Remove the netgo tag for Windows build (#22467) (#22468)
+ * Fix migration from GitBucket (#22477) (#22465)
+ * Prevent panic on looking at api "git" endpoints for empty repos (#22457) (#22458)
+ * Fix PR status layout on mobile (#21547) (#22441)
+ * Fix wechatwork webhook sends empty content in PR review (#21762) (#22440)
+ * Remove duplicate "Actions" label in mobile view (#21974) (#22439)
+ * Fix leaving organization bug on user settings -> orgs (#21983) (#22438)
+ * Fixed colour transparency regex matching in project board sorting (#22092) (#22437)
+ * Correctly handle select on multiple channels in Queues (#22146) (#22428)
+ * Prepend refs/heads/ to issue template refs (#20461) (#22427)
+ * Restore function to "Show more" buttons (#22399) (#22426)
+ * Continue GCing other repos on error in one repo (#22422) (#22425)
+ * Allow HOST has no port (#22280) (#22409)
+ * Fix omit avatar_url in discord payload when empty (#22393) (#22394)
+ * Don't display stop watch top bar icon when disabled and hidden when click other place (#22374) (#22387)
+ * Don't lookup mail server when using sendmail (#22300) (#22383)
+ * Fix gravatar disable bug (#22337)
+ * Fix update settings table on install (#22326) (#22327)
+ * Fix sitemap (#22272) (#22320)
+ * Fix code search title translation (#22285) (#22316)
+ * Fix due date rendering the wrong date in issue (#22302) (#22306)
+ * Fix get system setting bug when enabled redis cache (#22298)
+ * Fix bug of DisableGravatar default value (#22297)
+ * Fix key signature error page (#22229) (#22230)
+* TESTING
+ * Remove test session cache to reduce possible concurrent problem (#22199) (#22429)
+* MISC
+ * Restore previous official review when an official review is deleted (#22449) (#22460)
+ * Log STDERR of external renderer when it fails (#22442) (#22444)
+
 ## [1.18.0](https://github.com/go-gitea/gitea/releases/tag/v1.18.0) - 2022-12-29
 
 * SECURITY

diff --git a/contrib/gitea-monitoring-mixin/dashboards/overview.libsonnet b/contrib/gitea-monitoring-mixin/dashboards/overview.libsonnet
@@ -29,7 +29,7 @@ local addIssueLabelsOverrides(labels) =
 
  grafanaDashboards+:: {
 
- local giteaSelector = 'job="$job", instance="$instance"',
+ local giteaSelector = 'job=~"$job", instance=~"$instance"',
  local giteaStatsPanel =
  grafana.statPanel.new(
  'Gitea stats',
@@ -399,25 +399,31 @@ local addIssueLabelsOverrides(labels) =
  .addTemplate(
  {
  hide: 0,
- label: null,
+ label: 'job',
  name: 'job',
  options: [],
+ datasource: '$datasource',
  query: 'label_values(gitea_organizations, job)',
  refresh: 1,
  regex: '',
  type: 'query',
+ multi: true,
+ allValue: '.+'
  },
  )
  .addTemplate(
  {
  hide: 0,
- label: null,
+ label: 'instance',
  name: 'instance',
  options: [],
+ datasource: '$datasource',
  query: 'label_values(gitea_organizations{job="$job"}, instance)',
  refresh: 1,
  regex: '',
  type: 'query',
+ multi: true,
+ allValue: '.+'
  },
  )
  .addTemplate(

diff --git a/docs/config.yaml b/docs/config.yaml
@@ -18,7 +18,7 @@ params:
  description: Git with a cup of tea
  author: The Gitea Authors
  website: https://docs.gitea.io
- version: 1.18.0
+ version: 1.18.1
  minGoVersion: 1.18
  goVersion: 1.19
  minNodeVersion: 16

diff --git a/docs/content/doc/developers/oauth2-provider.en-us.md b/docs/content/doc/developers/oauth2-provider.en-us.md
@@ -42,7 +42,41 @@ To use the Authorization Code Grant as a third party application it is required
 
 ## Scopes
 
-Currently Gitea does not support scopes (see [#4300](https://github.com/go-gitea/gitea/issues/4300)) and all third party applications will be granted access to all resources of the user and their organizations.
+Gitea supports the following scopes for tokens:
+
+| Name | Description |
+| ---- | ----------- |
+| **(no scope)** | Grants read-only access to public user profile and public repositories. |
+| **repo** | Full control over all repositories. |
+| &nbsp;&nbsp;&nbsp; **repo:status** | Grants read/write access to commit status in all repositories. |
+| &nbsp;&nbsp;&nbsp; **public_repo** | Grants read/write access to public repositories only. |
+| **admin:repo_hook** | Grants access to repository hooks of all repositories. This is included in the `repo` scope. |
+| &nbsp;&nbsp;&nbsp; **write:repo_hook** | Grants read/write access to repository hooks |
+| &nbsp;&nbsp;&nbsp; **read:repo_hook** | Grants read-only access to repository hooks |
+| **admin:org** | Grants full access to organization settings |
+| &nbsp;&nbsp;&nbsp; **write:org** | Grants read/write access to organization settings |
+| &nbsp;&nbsp;&nbsp; **read:org** | Grants read-only access to organization settings |
+| **admin:public_key** | Grants full access for managing public keys |
+| &nbsp;&nbsp;&nbsp; **write:public_key** | Grant read/write access to public keys |
+| &nbsp;&nbsp;&nbsp; **read:public_key** | Grant read-only access to public keys |
+| **admin:org_hook** | Grants full access to organizational-level hooks |
+| **notification** | Grants full access to notifications |
+| **user** | Grants full access to user profile info |
+| &nbsp;&nbsp;&nbsp; **read:user** | Grants read access to user's profile |
+| &nbsp;&nbsp;&nbsp; **user:email** | Grants read access to user's email addresses |
+| &nbsp;&nbsp;&nbsp; **user:follow** | Grants access to follow/un-follow a user |
+| **delete_repo** | Grants access to delete repositories as an admin |
+| **package** | Grants full access to hosted packages |
+| &nbsp;&nbsp;&nbsp; **write:package** | Grants read/write access to packages |
+| &nbsp;&nbsp;&nbsp; **read:package** | Grants read access to packages |
+| &nbsp;&nbsp;&nbsp; **delete:package** | Grants delete access to packages |
+| **admin:gpg_key** | Grants full access for managing GPG keys |
+| &nbsp;&nbsp;&nbsp; **write:gpg_key** | Grants read/write access to GPG keys |
+| &nbsp;&nbsp;&nbsp; **read:gpg_key** | Grants read-only access to GPG keys |
+| **admin:application** | Grants full access to manage applications |
+| &nbsp;&nbsp;&nbsp; **write:application** | Grants read/write access for managing applications |
+| &nbsp;&nbsp;&nbsp; **read:application** | Grants read access for managing applications |
+| **sudo** | Allows to perform actions as the site admin. |
 
 ## Client types
 

diff --git a/docs/content/doc/help/faq.en-us.md b/docs/content/doc/help/faq.en-us.md
@@ -138,6 +138,8 @@ For more information, refer to Gitea's [API docs]({{< relref "doc/developers/api
 
 You can see the latest API (for example) on <https://try.gitea.io/api/swagger>.
 
+You can also see an example of the `swagger.json` file at <https://try.gitea.io/swagger.v1.json>.
+
 ## Adjusting your server for public/private use
 
 ### Preventing spammers

diff --git a/main.go b/main.go
@@ -17,6 +17,7 @@ import (
  "code.gitea.io/gitea/modules/setting"
 
  // register supported doc types
+ _ "code.gitea.io/gitea/modules/markup/asciicast"
  _ "code.gitea.io/gitea/modules/markup/console"
  _ "code.gitea.io/gitea/modules/markup/csv"
  _ "code.gitea.io/gitea/modules/markup/markdown"

diff --git a/models/auth/token.go b/models/auth/token.go
@@ -65,6 +65,7 @@ type AccessToken struct {
  TokenHash string `xorm:"UNIQUE"` // sha256 of token
  TokenSalt string
  TokenLastEight string `xorm:"INDEX token_last_eight"`
+ Scope AccessTokenScope
 
  CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
  UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`