Merge branch 'master' of https://github.com/go-gitea/gitea into fix-lfs-server

Author: KN4CK3R

.editorconfig

@@ -18,6 +18,9 @@ insert_final_newline = false
 [templates/swagger/v1_json.tmpl]
 indent_style = space
 
+[templates/user/auth/oidc_wellknown.tmpl]
+indent_style = space
+
 [Makefile]
 indent_style = tab
 

.gitignore

@@ -32,6 +32,7 @@ _testmain.go
 
 *coverage.out
 coverage.all
+cpu.out
 
 /modules/options/bindata.go
 /modules/options/bindata.go.hash

CHANGELOG.md

@@ -4,6 +4,36 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).
 
+## [1.14.1](https://github.com/go-gitea/gitea/releases/tag/v1.14.1) - 2021-04-15
+
+* BUGFIXES
+  * Fix bug clone wiki (#15499) (#15502)
+  * Github Migration ignore rate limit, if not enabled (#15490) (#15495)
+  * Use subdir for URL (#15446) (#15493)
+  * Query the DB for the hash before inserting in to email_hash (#15457) (#15491)
+  * Ensure review dismissal only dismisses the correct review (#15477) (#15489)
+  * Use index of the supported tags to choose user lang (#15452) (#15488)
+  * Fix wrong file link in code search page (#15466) (#15486)
+  * Quick template fix for built-in SSH server in admin config (#15464) (#15481)
+  * Prevent superfluous response.WriteHeader (#15456) (#15476)
+  * Fix ambiguous argument error on tags (#15432) (#15474)
+  * Add created_unix instead of expiry to migration (#15458) (#15463)
+  * Fix repository search (#15428) (#15442)
+  * Prevent NPE on avatar direct rendering if federated avatars disabled (#15434) (#15439)
+  * Fix wiki clone urls (#15430) (#15431)
+  * Fix dingtalk icon url at webhook (#15417) (#15426)
+  * Standardise icon on projects PR page (#15387) (#15408)
+* ENHANCEMENTS
+  * Add option to skip LFS/attachment files for `dump` (#15407) (#15492)
+  * Clone panel fixes (#15436)
+  * Use semantic dropdown for code search query type (#15276) (#15364)
+* BUILD
+  * Build go-git variants for windows (#15482) (#15487)
+  * Lock down build-images dependencies (Partial #15479) (#15480)
+* MISC
+  * Performance improvement for list pull requests (#15447) (#15500)
+  * Fix potential copy lfs records failure when fork a repository (#15441) (#15485)
+
 ## [1.14.0](https://github.com/go-gitea/gitea/releases/tag/v1.14.0) - 2021-04-11
 
 * SECURITY

Makefile

@@ -613,6 +613,9 @@ release-windows: | $(DIST_DIRS)
 		$(GO) install src.techknowlogick.com/xgo@latest; \
 	fi
 	CGO_CFLAGS="$(CGO_CFLAGS)" xgo -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
+ifeq (,$(findstring gogit,$(TAGS)))
+	CGO_CFLAGS="$(CGO_CFLAGS)" xgo -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
+endif
 ifeq ($(CI),drone)
 	cp /build/* $(DIST)/binaries
 endif
@@ -733,8 +736,8 @@ generate-gitignore:
 	GO111MODULE=on $(GO) run build/generate-gitignores.go
 
 .PHONY: generate-images
-generate-images:
-	npm install --no-save --no-package-lock fabric imagemin-zopfli
+generate-images: | node_modules
+	npm install --no-save --no-package-lock fabric@4 imagemin-zopfli@7
 	node build/generate-images.js $(TAGS)
 
 .PHONY: generate-manpage

build/generate-images.js

@@ -1,10 +1,11 @@
 import imageminZopfli from 'imagemin-zopfli';
 import {optimize, extendDefaultPlugins} from 'svgo';
 import {fabric} from 'fabric';
-import {readFile, writeFile} from 'fs/promises';
+import fs from 'fs';
 import {resolve, dirname} from 'path';
 import {fileURLToPath} from 'url';
 
+const {readFile, writeFile} = fs.promises;
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const logoFile = resolve(__dirname, '../assets/logo.svg');
 

build/generate-svg.js

@@ -1,9 +1,10 @@
 import fastGlob from 'fast-glob';
 import {optimize, extendDefaultPlugins} from 'svgo';
 import {resolve, parse, dirname} from 'path';
-import {readFile, writeFile, mkdir} from 'fs/promises';
+import fs from 'fs';
 import {fileURLToPath} from 'url';
 
+const {readFile, writeFile, mkdir} = fs.promises;
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const glob = (pattern) => fastGlob.sync(pattern, {cwd: resolve(__dirname), absolute: true});
 const outputDir = resolve(__dirname, '../public/img/svg');

custom/conf/app.example.ini

@@ -19,7 +19,7 @@ PROJECT_BOARD_BASIC_KANBAN_TYPE = To Do, In Progress, Done
 PROJECT_BOARD_BUG_TRIAGE_TYPE = Needs Triage, High Priority, Low Priority, Closed
 
 [repository]
-; Root path for storing all repository data. It must be an absolute path. By default it is stored in a sub-directory of `APP_DATA_PATH`.
+; Root path for storing all repository data. It must be an absolute path. By default, it is stored in a sub-directory of `APP_DATA_PATH`.
 ROOT =
 ; The script type this server supports. Usually this is `bash`, but some users report that only `sh` is available.
 SCRIPT_TYPE = bash
@@ -48,7 +48,7 @@ PREFERRED_LICENSES = Apache License 2.0,MIT License
 ; Disable the ability to interact with repositories using the HTTP protocol
 DISABLE_HTTP_GIT = false
 ; Value for Access-Control-Allow-Origin header, default is not to present
-; WARNING: This maybe harmful to you website if you do not give it a right value.
+; WARNING: This may be harmful to your website if you do not give it a right value.
 ACCESS_CONTROL_ALLOW_ORIGIN =
 ; Force ssh:// clone url instead of scp-style uri when default SSH port is used
 USE_COMPAT_SSH_URI = false
@@ -70,6 +70,8 @@ PREFIX_ARCHIVE_FILES = true
 DISABLE_MIRRORS = false
 ; Disable migrating feature.
 DISABLE_MIGRATIONS = false
+; Disable stars feature.
+DISABLE_STARS = false
 ; The default branch name of new repositories
 DEFAULT_BRANCH = master
 ; Allow adoption of unadopted repositories
@@ -134,7 +136,7 @@ ALLOWED_TYPES =
 SIGNING_KEY = default
 ; If a SIGNING_KEY ID is provided and is not set to default, use the provided Name and Email address as the signer.
 ; These should match a publicized name and email address for the key. (When SIGNING_KEY is default these are set to
-; the results of git config --get user.name and git config --get user.email respectively and can only be overrided
+; the results of git config --get user.name and git config --get user.email respectively and can only be overridden
 ; by setting the SIGNING_KEY ID to the correct ID.)
 SIGNING_NAME =
 SIGNING_EMAIL =
@@ -447,7 +449,7 @@ LOG_SQL = true
 DB_RETRIES = 10
 ; Backoff time per DB retry (time.Duration)
 DB_RETRY_BACKOFF = 3s
-; Max idle database connections on connnection pool, default is 2
+; Max idle database connections on connection pool, default is 2
 MAX_IDLE_CONNS = 2
 ; Database connection max life time, default is 0 or 3s mysql (See #6804 & #7071 for reasoning)
 CONN_MAX_LIFETIME = 3s
@@ -466,7 +468,7 @@ ISSUE_INDEXER_PATH = indexers/issues.bleve
 ; Issue indexer queue, currently support: channel, levelqueue or redis, default is levelqueue
 ISSUE_INDEXER_QUEUE_TYPE = levelqueue
 ; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the path where the queue will be saved.
-; This can be overriden by `ISSUE_INDEXER_QUEUE_CONN_STR`.
+; This can be overridden by `ISSUE_INDEXER_QUEUE_CONN_STR`.
 ; default is indexers/issues.queue
 ISSUE_INDEXER_QUEUE_DIR = indexers/issues.queue
 ; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
@@ -514,9 +516,9 @@ BATCH_LENGTH = 20
 ; When `TYPE` is `persistable-channel`, this provides a directory for the underlying leveldb
 ; or additional options of the form `leveldb://path/to/db?option=value&....`, and will override `DATADIR`.
 CONN_STR = "addrs=127.0.0.1:6379 db=0"
-; Provides the suffix of the default redis/disk queue name - specific queues can be overriden within in their [queue.name] sections.
+; Provides the suffix of the default redis/disk queue name - specific queues can be overridden within in their [queue.name] sections.
 QUEUE_NAME = "_queue"
-; Provides the suffix of the default redis/disk unique queue set name - specific queues can be overriden within in their [queue.name] sections.
+; Provides the suffix of the default redis/disk unique queue set name - specific queues can be overridden within in their [queue.name] sections.
 SET_NAME = "_unique"
 ; If the queue cannot be created at startup - level queues may need a timeout at startup - wrap the queue:
 WRAP_IF_NECESSARY = true
@@ -617,6 +619,30 @@ WHITELISTED_URIS =
 ; Example value: loadaverage.org/badguy stackexchange.com/.*spammer
 BLACKLISTED_URIS =
 
+[oauth2_client]
+; Whether a new auto registered oauth2 user needs to confirm their email.
+; Do not include to use the REGISTER_EMAIL_CONFIRM setting from the `[service]` section.
+REGISTER_EMAIL_CONFIRM =
+; Scopes for the openid connect oauth2 provider (separated by space, the openid scope is implicitly added).
+; Typical values are profile and email.
+; For more information about the possible values see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
+OPENID_CONNECT_SCOPES =
+; Automatically create user accounts for new oauth2 users.
+ENABLE_AUTO_REGISTRATION = false
+; The source of the username for new oauth2 accounts:
+; userid = use the userid / sub attribute
+; nickname = use the nickname attribute
+; email = use the username part of the email attribute
+USERNAME = nickname
+; Update avatar if available from oauth2 provider.
+; Update will be performed on each login.
+UPDATE_AVATAR = false
+; How to handle if an account / email already exists:
+; disabled = show an error
+; login = show an account linking login
+; auto = link directly with the account
+ACCOUNT_LINKING = disabled
+
 [service]
 ; Time limit to confirm account/email registration
 ACTIVE_CODE_LIVE_MINUTES = 180
@@ -822,7 +848,7 @@ REPOSITORY_AVATAR_FALLBACK_IMAGE = /img/repo_default.png
 ; This is to limit the amount of RAM used when resizing the image.
 AVATAR_MAX_WIDTH = 4096
 AVATAR_MAX_HEIGHT = 3072
-; Maximum alloved file size for uploaded avatars.
+; Maximum allowed file size for uploaded avatars.
 ; This is to limit the amount of RAM used when resizing the image.
 AVATAR_MAX_FILE_SIZE = 1048576
 ; Chinese users can choose "duoshuo"

docs/config.yaml

@@ -18,7 +18,7 @@ params:
   description: Git with a cup of tea
   author: The Gitea Authors
   website: https://docs.gitea.io
-  version: 1.14.0
+  version: 1.14.1
   minGoVersion: 1.14
   goVersion: 1.16
   minNodeVersion: 12.17

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -75,6 +75,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `PREFIX_ARCHIVE_FILES`: **true**: Prefix archive files by placing them in a directory named after the repository.
 - `DISABLE_MIRRORS`: **false**: Disable the creation of **new** mirrors. Pre-existing mirrors remain valid.
 - `DISABLE_MIGRATIONS`: **false**: Disable migrating feature.
+- `DISABLE_STARS`: **false**: Disable stars feature.
 - `DEFAULT_BRANCH`: **master**: Default branch name of all repositories.
 - `ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to adopt unadopted repositories
 - `ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to delete unadopted repositories
@@ -429,6 +430,21 @@ relation to port exhaustion.
 - `BLACKLISTED_URIS`: **\<empty\>**: If non-empty, list of POSIX regex patterns matching
    OpenID URI's to block.
 
+## OAuth2 Client (`oauth2_client`)
+
+- `REGISTER_EMAIL_CONFIRM`: *[service]* **REGISTER\_EMAIL\_CONFIRM**: Set this to enable or disable email confirmation of OAuth2 auto-registration. (Overwrites the REGISTER\_EMAIL\_CONFIRM setting of the `[service]` section)
+- `OPENID_CONNECT_SCOPES`: **\<empty\>**: List of additional openid connect scopes. (`openid` is implicitly added)
+- `ENABLE_AUTO_REGISTRATION`: **false**: Automatically create user accounts for new oauth2 users.
+- `USERNAME`: **nickname**: The source of the username for new oauth2 accounts:
+    - userid - use the userid / sub attribute
+    - nickname - use the nickname attribute
+    - email - use the username part of the email attribute
+- `UPDATE_AVATAR`: **false**: Update avatar if available from oauth2 provider. Update will be performed on each login.
+- `ACCOUNT_LINKING`: **disabled**: How to handle if an account / email already exists:
+    - disabled - show an error
+    - login - show an account linking login
+    - auto - automatically link with the account (Please be aware that this will grant access to an existing account just because the same username or email is provided. You must make sure that this does not cause issues with your authentication providers.)
+
 ## Service (`service`)
 
 - `ACTIVE_CODE_LIVE_MINUTES`: **180**: Time limit (min) to confirm account/email registration.
@@ -831,12 +847,14 @@ Gitea can support Markup using external tools. The example below will add a mark
 ```ini
 [markup.asciidoc]
 ENABLED = true
+NEED_POSTPROCESS = true
 FILE_EXTENSIONS = .adoc,.asciidoc
 RENDER_COMMAND = "asciidoc --out-file=- -"
 IS_INPUT_FILE = false
 ```
 
 - ENABLED: **false** Enable markup support; set to **true** to enable this renderer.
+- NEED\_POSTPROCESS: **true** set to **true** to replace links / sha1 and etc.
 - FILE\_EXTENSIONS: **\<empty\>** List of file extensions that should be rendered by an external
    command. Multiple extentions needs a comma as splitter.
 - RENDER\_COMMAND: External command to render all matching extensions.

docs/content/doc/advanced/config-cheat-sheet.zh-cn.md

@@ -297,12 +297,14 @@ test01.xls: application/vnd.ms-excel; charset=binary
 ```ini
 [markup.asciidoc]
 ENABLED = false
+NEED_POSTPROCESS = true
 FILE_EXTENSIONS = .adoc,.asciidoc
 RENDER_COMMAND = "asciidoc --out-file=- -"
 IS_INPUT_FILE = false
 ```
 
 - ENABLED: 是否启用，默认为false。
+- NEED\_POSTPROCESS: **true** 设置为 true 则会替换渲染文件中的内部链接和Commit ID 等。
 - FILE_EXTENSIONS: 关联的文档的扩展名，多个扩展名用都好分隔。
 - RENDER_COMMAND: 工具的命令行命令及参数。
 - IS_INPUT_FILE: 输入方式是最后一个参数为文件路径还是从标准输入读取。

docs/content/doc/advanced/signing.en-us.md

@@ -109,7 +109,7 @@ when creating a repository. The possible values are:
 - `always`: Always sign
 
 Options other than `never` and `always` can be combined as a comma
-separated list.
+separated list. The commit will be signed if all selected options are true.
 
 ### `WIKI`
 
@@ -123,7 +123,7 @@ The possible values are:
 - `always`: Always sign
 
 Options other than `never` and `always` can be combined as a comma
-separated list.
+separated list. The commit will be signed if all selected options are true.
 
 ### `CRUD_ACTIONS`
 
@@ -137,7 +137,7 @@ editor or API CRUD actions. The possible values are:
 - `always`: Always sign
 
 Options other than `never` and `always` can be combined as a comma
-separated list.
+separated list. The change will be signed if all selected options are true.
 
 ### `MERGES`
 
@@ -154,7 +154,7 @@ The possible options are:
 - `always`: Always sign
 
 Options other than `never` and `always` can be combined as a comma
-separated list.
+separated list. The merge will be signed if all selected options are true.
 
 ## Obtaining the Public Key of the Signing Key
 

integrations/api_branch_test.go

@@ -151,22 +151,28 @@ func testAPICreateBranches(t *testing.T, giteaURL *url.URL) {
 	for _, test := range tests {
 		defer resetFixtures(t)
 		session := ctx.Session
-		token := getTokenForLoggedInUser(t, session)
-		req := NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/my-noo-repo/branches?token="+token, &api.CreateBranchRepoOption{
-			BranchName:    test.NewBranch,
-			OldBranchName: test.OldBranch,
-		})
-		resp := session.MakeRequest(t, req, test.ExpectedHTTPStatus)
-
-		var branch api.Branch
-		DecodeJSON(t, resp, &branch)
-
-		if test.ExpectedHTTPStatus == http.StatusCreated {
-			assert.EqualValues(t, test.NewBranch, branch.Name)
-		}
+		testAPICreateBranch(t, session, "user2", "my-noo-repo", test.OldBranch, test.NewBranch, test.ExpectedHTTPStatus)
 	}
 }
 
+func testAPICreateBranch(t testing.TB, session *TestSession, user, repo, oldBranch, newBranch string, status int) bool {
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestWithJSON(t, "POST", "/api/v1/repos/"+user+"/"+repo+"/branches?token="+token, &api.CreateBranchRepoOption{
+		BranchName:    newBranch,
+		OldBranchName: oldBranch,
+	})
+	resp := session.MakeRequest(t, req, status)
+
+	var branch api.Branch
+	DecodeJSON(t, resp, &branch)
+
+	if status == http.StatusCreated {
+		assert.EqualValues(t, newBranch, branch.Name)
+	}
+
+	return resp.Result().StatusCode == status
+}
+
 func TestAPIBranchProtection(t *testing.T) {
 	defer prepareTestEnv(t)()
 

integrations/api_repo_file_create_test.go

@@ -105,6 +105,36 @@ func getExpectedFileResponseForCreate(commitID, treePath string) *api.FileRespon
 	}
 }
 
+func BenchmarkAPICreateFileSmall(b *testing.B) {
+	onGiteaRunTB(b, func(t testing.TB, u *url.URL) {
+		b := t.(*testing.B)
+		user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)             // owner of the repo1 & repo16
+		repo1 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository) // public repo
+
+		for n := 0; n < b.N; n++ {
+			treePath := fmt.Sprintf("update/file%d.txt", n)
+			createFileInBranch(user2, repo1, treePath, repo1.DefaultBranch, treePath)
+		}
+	})
+}
+
+func BenchmarkAPICreateFileMedium(b *testing.B) {
+	data := make([]byte, 10*1024*1024)
+
+	onGiteaRunTB(b, func(t testing.TB, u *url.URL) {
+		b := t.(*testing.B)
+		user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)             // owner of the repo1 & repo16
+		repo1 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository) // public repo
+
+		b.ResetTimer()
+		for n := 0; n < b.N; n++ {
+			treePath := fmt.Sprintf("update/file%d.txt", n)
+			copy(data, treePath)
+			createFileInBranch(user2, repo1, treePath, repo1.DefaultBranch, treePath)
+		}
+	})
+}
+
 func TestAPICreateFile(t *testing.T) {
 	onGiteaRun(t, func(t *testing.T, u *url.URL) {
 		user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)               // owner of the repo1 & repo16