Merge branch 'main' into patch-1

Author: snematoda

.devcontainer/devcontainer.json

@@ -1,6 +1,6 @@
 {
   "name": "Gitea DevContainer",
-  "image": "mcr.microsoft.com/devcontainers/go:1.20-bullseye",
+  "image": "mcr.microsoft.com/devcontainers/go:1.21-bullseye",
   "features": {
     // installs nodejs into container
     "ghcr.io/devcontainers/features/node:1": {

README.md

@@ -110,13 +110,13 @@ Translations are done through Crowdin. If you want to translate to a new languag
 
 You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope to fill it as questions pop up.
 
-https://docs.gitea.io/en-us/contributing/translation-guidelines/
+https://docs.gitea.com/contributing/localization
 
 [![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)
 
 ## Further information
 
-For more information and instructions about how to install Gitea, please look at our [documentation](https://docs.gitea.io/en-us/).
+For more information and instructions about how to install Gitea, please look at our [documentation](https://docs.gitea.com/).
 If you have questions that are not covered by the documentation, you can get in contact with us on our [Discord server](https://discord.gg/Gitea) or create  a post in the [discourse forum](https://discourse.gitea.io/).
 
 We maintain a list of Gitea-related projects at [gitea/awesome-gitea](https://gitea.com/gitea/awesome-gitea).
@@ -151,7 +151,6 @@ Support this project by becoming a sponsor. Your logo will show up here with a l
 <a href="https://opencollective.com/gitea/sponsor/7/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/7/avatar.svg"></a>
 <a href="https://opencollective.com/gitea/sponsor/8/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/8/avatar.svg"></a>
 <a href="https://opencollective.com/gitea/sponsor/9/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/9/avatar.svg"></a>
-<a href="https://cynkra.com/" target="_blank"><img src="https://images.opencollective.com/cynkra/logo/square/64/192.png"></a>
 
 ## FAQ
 

custom/conf/app.example.ini

@@ -4,7 +4,7 @@
 ;; Do not copy the whole file as-is, as it contains some invalid sections for illustrative purposes.
 ;; If you don't know what a setting is you should not set it.
 ;;
-;; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation.
+;; see https://docs.gitea.com/administration/config-cheat-sheet for additional documentation.
 
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -454,7 +454,7 @@ INTERNAL_TOKEN=
 ;REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128
 ;;
 ;; The minimum password length for new Users
-;MIN_PASSWORD_LENGTH = 6
+;MIN_PASSWORD_LENGTH = 8
 ;;
 ;; Set to true to allow users to import local server paths
 ;IMPORT_LOCAL_PATHS = false

docs/content/administration/config-cheat-sheet.en-us.md

@@ -559,7 +559,7 @@ And the following unique queues:
     - `scrypt`:    `scrypt$65536$16$2$50`
   - Adjusting the algorithm parameters using this functionality is done at your own risk.
 - `CSRF_COOKIE_HTTP_ONLY`: **true**: Set false to allow JavaScript to read CSRF cookie.
-- `MIN_PASSWORD_LENGTH`: **6**: Minimum password length for new users.
+- `MIN_PASSWORD_LENGTH`: **8**: Minimum password length for new users.
 - `PASSWORD_COMPLEXITY`: **off**: Comma separated list of character classes required to pass minimum complexity. If left empty or no valid values are specified, checking is disabled (off):
   - lower - use one or more lower latin characters
   - upper - use one or more upper latin characters

modules/setting/security.go

@@ -124,7 +124,7 @@ func loadSecurityFrom(rootCfg ConfigProvider) {
 		ReverseProxyTrustedProxies = []string{"127.0.0.0/8", "::1/128"}
 	}
 
-	MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6)
+	MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(8)
 	ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false)
 	DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(true)
 	DisableWebhooks = sec.Key("DISABLE_WEBHOOKS").MustBool(false)

modules/storage/minio.go

@@ -91,8 +91,8 @@ func NewMinioStorage(ctx context.Context, cfg *setting.Storage) (ObjectStorage,
 	}
 
 	// Check to see if we already own this bucket
-	exists, errBucketExists := minioClient.BucketExists(ctx, config.Bucket)
-	if errBucketExists != nil {
+	exists, err := minioClient.BucketExists(ctx, config.Bucket)
+	if err != nil {
 		return nil, convertMinioErr(err)
 	}
 

modules/structs/secret.go

@@ -5,11 +5,23 @@ package structs
 
 import "time"
 
-// User represents a secret
+// Secret represents a secret
 // swagger:model
 type Secret struct {
 	// the secret's name
 	Name string `json:"name"`
 	// swagger:strfmt date-time
 	Created time.Time `json:"created_at"`
 }
+
+// CreateSecretOption options when creating secret
+// swagger:model
+type CreateSecretOption struct {
+	// Name of the secret to create
+	//
+	// required: true
+	// unique: true
+	Name string `json:"name" binding:"Required;AlphaDashDot;MaxSize(100)"`
+	// Data of the secret to create
+	Data string `json:"data" binding:"Required"`
+}

options/locale/locale_en-US.ini

@@ -3503,6 +3503,7 @@ workflow.disable = Disable Workflow
 workflow.disable_success = Workflow '%s' disabled successfully.
 workflow.enable = Enable Workflow
 workflow.enable_success = Workflow '%s' enabled successfully.
+workflow.disabled = Workflow is disabled.
 
 need_approval_desc = Need approval to run workflows for fork pull request.
 

routers/api/v1/api.go

@@ -1301,6 +1301,7 @@ func Routes() *web.Route {
 			})
 			m.Group("/actions/secrets", func() {
 				m.Get("", reqToken(), reqOrgOwnership(), org.ListActionsSecrets)
+				m.Post("", reqToken(), reqOrgOwnership(), bind(api.CreateSecretOption{}), org.CreateOrgSecret)
 			})
 			m.Group("/public_members", func() {
 				m.Get("", org.ListPublicMembers)

routers/api/v1/org/action.go

@@ -6,10 +6,13 @@ package org
 import (
 	"net/http"
 
-	"code.gitea.io/gitea/models/secret"
+	secret_model "code.gitea.io/gitea/models/secret"
 	"code.gitea.io/gitea/modules/context"
 	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/api/v1/utils"
+	"code.gitea.io/gitea/routers/web/shared/actions"
+	"code.gitea.io/gitea/services/convert"
 )
 
 // ListActionsSecrets list an organization's actions secrets
@@ -42,18 +45,18 @@ func ListActionsSecrets(ctx *context.APIContext) {
 
 // listActionsSecrets list an organization's actions secrets
 func listActionsSecrets(ctx *context.APIContext) {
-	opts := &secret.FindSecretsOptions{
+	opts := &secret_model.FindSecretsOptions{
 		OwnerID:     ctx.Org.Organization.ID,
 		ListOptions: utils.GetListOptions(ctx),
 	}
 
-	count, err := secret.CountSecrets(ctx, opts)
+	count, err := secret_model.CountSecrets(ctx, opts)
 	if err != nil {
 		ctx.InternalServerError(err)
 		return
 	}
 
-	secrets, err := secret.FindSecrets(ctx, *opts)
+	secrets, err := secret_model.FindSecrets(ctx, *opts)
 	if err != nil {
 		ctx.InternalServerError(err)
 		return
@@ -70,3 +73,43 @@ func listActionsSecrets(ctx *context.APIContext) {
 	ctx.SetTotalCountHeader(count)
 	ctx.JSON(http.StatusOK, apiSecrets)
 }
+
+// CreateOrgSecret create one secret of the organization
+func CreateOrgSecret(ctx *context.APIContext) {
+	// swagger:operation POST /orgs/{org}/actions/secrets organization createOrgSecret
+	// ---
+	// summary: Create a secret in an organization
+	// consumes:
+	// - application/json
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: org
+	//   in: path
+	//   description: name of organization
+	//   type: string
+	//   required: true
+	// - name: body
+	//   in: body
+	//   schema:
+	//     "$ref": "#/definitions/CreateSecretOption"
+	// responses:
+	//   "201":
+	//     "$ref": "#/responses/Secret"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	//   "403":
+	//     "$ref": "#/responses/forbidden"
+	opt := web.GetForm(ctx).(*api.CreateSecretOption)
+	s, err := secret_model.InsertEncryptedSecret(
+		ctx, ctx.Org.Organization.ID, 0, opt.Name, actions.ReserveLineBreakForTextarea(opt.Data),
+	)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "InsertEncryptedSecret", err)
+		return
+	}
+
+	ctx.JSON(http.StatusCreated, convert.ToSecret(s))
+}

routers/api/v1/swagger/action.go

@@ -11,3 +11,10 @@ type swaggerResponseSecretList struct {
 	// in:body
 	Body []api.Secret `json:"body"`
 }
+
+// Secret
+// swagger:response Secret
+type swaggerResponseSecret struct {
+	// in:body
+	Body api.Secret `json:"body"`
+}

routers/api/v1/swagger/options.go

@@ -187,4 +187,7 @@ type swaggerParameterBodies struct {
 
 	// in:body
 	UpdateRepoAvatarOptions api.UpdateRepoAvatarOption
+
+	// in:body
+	CreateSecretOption api.CreateSecretOption
 }

routers/web/repo/actions/view.go

@@ -259,31 +259,35 @@ func ViewPost(ctx *context_module.Context) {
 	ctx.JSON(http.StatusOK, resp)
 }
 
-func RerunOne(ctx *context_module.Context) {
+// Rerun will rerun jobs in the given run
+// jobIndex = 0 means rerun all jobs
+func Rerun(ctx *context_module.Context) {
 	runIndex := ctx.ParamsInt64("run")
 	jobIndex := ctx.ParamsInt64("job")
 
-	job, _ := getRunJobs(ctx, runIndex, jobIndex)
-	if ctx.Written() {
+	run, err := actions_model.GetRunByIndex(ctx, ctx.Repo.Repository.ID, runIndex)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, err.Error())
 		return
 	}
 
-	if err := rerunJob(ctx, job); err != nil {
-		ctx.Error(http.StatusInternalServerError, err.Error())
+	// can not rerun job when workflow is disabled
+	cfgUnit := ctx.Repo.Repository.MustGetUnit(ctx, unit.TypeActions)
+	cfg := cfgUnit.ActionsConfig()
+	if cfg.IsWorkflowDisabled(run.WorkflowID) {
+		ctx.JSONError(ctx.Locale.Tr("actions.workflow.disabled"))
 		return
 	}
 
-	ctx.JSON(http.StatusOK, struct{}{})
-}
-
-func RerunAll(ctx *context_module.Context) {
-	runIndex := ctx.ParamsInt64("run")
-
-	_, jobs := getRunJobs(ctx, runIndex, 0)
+	job, jobs := getRunJobs(ctx, runIndex, jobIndex)
 	if ctx.Written() {
 		return
 	}
 
+	if jobIndex != 0 {
+		jobs = []*actions_model.ActionRunJob{job}
+	}
+
 	for _, j := range jobs {
 		if err := rerunJob(ctx, j); err != nil {
 			ctx.Error(http.StatusInternalServerError, err.Error())

routers/web/web.go

@@ -1211,14 +1211,14 @@ func registerRoutes(m *web.Route) {
 					m.Combo("").
 						Get(actions.View).
 						Post(web.Bind(actions.ViewRequest{}), actions.ViewPost)
-					m.Post("/rerun", reqRepoActionsWriter, actions.RerunOne)
+					m.Post("/rerun", reqRepoActionsWriter, actions.Rerun)
 					m.Get("/logs", actions.Logs)
 				})
 				m.Post("/cancel", reqRepoActionsWriter, actions.Cancel)
 				m.Post("/approve", reqRepoActionsWriter, actions.Approve)
 				m.Post("/artifacts", actions.ArtifactsView)
 				m.Get("/artifacts/{artifact_name}", actions.ArtifactsDownloadView)
-				m.Post("/rerun", reqRepoActionsWriter, actions.RerunAll)
+				m.Post("/rerun", reqRepoActionsWriter, actions.Rerun)
 			})
 		}, reqRepoActionsReader, actions.MustEnableActions)
 

services/convert/secret.go

@@ -0,0 +1,18 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package convert
+
+import (
+	secret_model "code.gitea.io/gitea/models/secret"
+	api "code.gitea.io/gitea/modules/structs"
+)
+
+// ToSecret converts Secret to API format
+func ToSecret(secret *secret_model.Secret) *api.Secret {
+	result := &api.Secret{
+		Name: secret.Name,
+	}
+
+	return result
+}

templates/base/head_script.tmpl

@@ -4,7 +4,9 @@ If you are customizing Gitea, please do not change this file.
 If you introduce mistakes in it, Gitea JavaScript code wouldn't run correctly.
 */}}
 <script>
+	{{/* before our JS code gets loaded, use arrays to store errors, then the arrays will be switched to our error handler later */}}
 	window.addEventListener('error', function(e) {window._globalHandlerErrors=window._globalHandlerErrors||[]; window._globalHandlerErrors.push(e);});
+	window.addEventListener('unhandledrejection', function(e) {window._globalHandlerErrors=window._globalHandlerErrors||[]; window._globalHandlerErrors.push(e);});
 	window.config = {
 		appUrl: '{{AppUrl}}',
 		appSubUrl: '{{AppSubUrl}}',