Merge branch 'main' into update-i.8713187.xyz/google/go-github

6543 · web-flow · commit 3d7a3419e179 · 2023-04-07T00:47:31.000+02:00
diff --git a/Makefile b/Makefile
@@ -747,7 +747,7 @@ generate-go: $(TAGS_PREREQ)
 
 .PHONY: security-check
 security-check:
-	go run $(GOVULNCHECK_PACKAGE) -v ./...
+	go run $(GOVULNCHECK_PACKAGE) ./...
 
 $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
diff --git a/models/actions/run.go b/models/actions/run.go
@@ -36,7 +36,7 @@ type ActionRun struct {
 	TriggerUser       *user_model.User       `xorm:"-"`
 	Ref               string
 	CommitSHA         string
-	IsForkPullRequest bool
+	IsForkPullRequest bool  // If this is triggered by a PR from a forked repository or an untrusted user, we need to check if it is approved and limit permissions when running the workflow.
 	NeedApproval      bool  // may need approval if it's a fork pull request
 	ApprovedBy        int64 `xorm:"index"` // who approved
 	Event             webhook_module.HookEventType
diff --git a/modules/context/repo.go b/modules/context/repo.go
@@ -240,35 +240,34 @@ func (r *Repository) FileExists(path, branch string) (bool, error) {
 
 // GetEditorconfig returns the .editorconfig definition if found in the
 // HEAD of the default repo branch.
-func (r *Repository) GetEditorconfig(optCommit ...*git.Commit) (*editorconfig.Editorconfig, error) {
+func (r *Repository) GetEditorconfig(optCommit ...*git.Commit) (cfg *editorconfig.Editorconfig, warning, err error) {
 	if r.GitRepo == nil {
-		return nil, nil
+		return nil, nil, nil
 	}
-	var (
-		err    error
-		commit *git.Commit
-	)
+
+	var commit *git.Commit
+
 	if len(optCommit) != 0 {
 		commit = optCommit[0]
 	} else {
 		commit, err = r.GitRepo.GetBranchCommit(r.Repository.DefaultBranch)
 		if err != nil {
-			return nil, err
+			return nil, nil, err
 		}
 	}
 	treeEntry, err := commit.GetTreeEntryByPath(".editorconfig")
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 	if treeEntry.Blob().Size() >= setting.UI.MaxDisplayFileSize {
-		return nil, git.ErrNotExist{ID: "", RelPath: ".editorconfig"}
+		return nil, nil, git.ErrNotExist{ID: "", RelPath: ".editorconfig"}
 	}
 	reader, err := treeEntry.Blob().DataAsync()
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 	defer reader.Close()
-	return editorconfig.Parse(reader)
+	return editorconfig.ParseGraceful(reader)
 }
 
 // RetrieveBaseRepo retrieves base repository
diff --git a/routers/api/v1/repo/file.go b/routers/api/v1/repo/file.go
@@ -381,7 +381,7 @@ func GetEditorconfig(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
-	ec, err := ctx.Repo.GetEditorconfig(ctx.Repo.Commit)
+	ec, _, err := ctx.Repo.GetEditorconfig(ctx.Repo.Commit)
 	if err != nil {
 		if git.IsErrNotExist(err) {
 			ctx.NotFound(err)
diff --git a/routers/web/repo/editor.go b/routers/web/repo/editor.go
@@ -165,7 +165,7 @@ func editFile(ctx *context.Context, isNewFile bool) {
 
 // GetEditorConfig returns a editorconfig JSON string for given treePath or "null"
 func GetEditorConfig(ctx *context.Context, treePath string) string {
-	ec, err := ctx.Repo.GetEditorconfig()
+	ec, _, err := ctx.Repo.GetEditorconfig()
 	if err == nil {
 		def, err := ec.GetDefinitionForFilename(treePath)
 		if err == nil {
diff --git a/routers/web/repo/middlewares.go b/routers/web/repo/middlewares.go
@@ -19,7 +19,7 @@ func SetEditorconfigIfExists(ctx *context.Context) {
 		return
 	}
 
-	ec, err := ctx.Repo.GetEditorconfig()
+	ec, _, err := ctx.Repo.GetEditorconfig()
 
 	if err != nil && !git.IsErrNotExist(err) {
 		description := fmt.Sprintf("Error while getting .editorconfig file: %v", err)
diff --git a/routers/web/repo/view.go b/routers/web/repo/view.go
@@ -346,11 +346,18 @@ func renderFile(ctx *context.Context, entry *git.TreeEntry, treeLink, rawLink st
 	ctx.Data["RawFileLink"] = rawLink + "/" + util.PathEscapeSegments(ctx.Repo.TreePath)
 
 	if ctx.Repo.TreePath == ".editorconfig" {
-		_, editorconfigErr := ctx.Repo.GetEditorconfig(ctx.Repo.Commit)
-		ctx.Data["FileError"] = editorconfigErr
+		_, editorconfigWarning, editorconfigErr := ctx.Repo.GetEditorconfig(ctx.Repo.Commit)
+		if editorconfigWarning != nil {
+			ctx.Data["FileWarning"] = strings.TrimSpace(editorconfigWarning.Error())
+		}
+		if editorconfigErr != nil {
+			ctx.Data["FileError"] = strings.TrimSpace(editorconfigErr.Error())
+		}
 	} else if ctx.Repo.IsIssueConfig(ctx.Repo.TreePath) {
 		_, issueConfigErr := ctx.Repo.GetIssueConfig(ctx.Repo.TreePath, ctx.Repo.Commit)
-		ctx.Data["FileError"] = issueConfigErr
+		if issueConfigErr != nil {
+			ctx.Data["FileError"] = strings.TrimSpace(issueConfigErr.Error())
+		}
 	}
 
 	isDisplayingSource := ctx.FormString("display") == "source"
diff --git a/services/actions/notifier_helper.go b/services/actions/notifier_helper.go
@@ -152,6 +152,21 @@ func notify(ctx context.Context, input *notifyInput) error {
 		return fmt.Errorf("json.Marshal: %w", err)
 	}
 
+	isForkPullRequest := false
+	if pr := input.PullRequest; pr != nil {
+		switch pr.Flow {
+		case issues_model.PullRequestFlowGithub:
+			isForkPullRequest = pr.IsFromFork()
+		case issues_model.PullRequestFlowAGit:
+			// There is no fork concept in agit flow, anyone with read permission can push refs/for/<target-branch>/<topic-branch> to the repo.
+			// So we can treat it as a fork pull request because it may be from an untrusted user
+			isForkPullRequest = true
+		default:
+			// unknown flow, assume it's a fork pull request to be safe
+			isForkPullRequest = true
+		}
+	}
+
 	for id, content := range workflows {
 		run := &actions_model.ActionRun{
 			Title:             strings.SplitN(commit.CommitMessage, "\n", 2)[0],
@@ -161,7 +176,7 @@ func notify(ctx context.Context, input *notifyInput) error {
 			TriggerUserID:     input.Doer.ID,
 			Ref:               ref,
 			CommitSHA:         commit.ID.String(),
-			IsForkPullRequest: input.PullRequest != nil && input.PullRequest.IsFromFork(),
+			IsForkPullRequest: isForkPullRequest,
 			Event:             input.Event,
 			EventPayload:      string(p),
 			Status:            actions_model.StatusWaiting,
diff --git a/services/release/release.go b/services/release/release.go
@@ -227,7 +227,7 @@ func UpdateRelease(doer *user_model.User, gitRepo *git.Repository, rel *repo_mod
 			deletedUUIDs.Add(attach.UUID)
 		}
 
-		if _, err := repo_model.DeleteAttachments(ctx, attachments, false); err != nil {
+		if _, err := repo_model.DeleteAttachments(ctx, attachments, true); err != nil {
 			return fmt.Errorf("DeleteAttachments [uuids: %v]: %w", delAttachmentUUIDs, err)
 		}
 	}
diff --git a/templates/package/content/nuget.tmpl b/templates/package/content/nuget.tmpl
@@ -4,11 +4,11 @@
 		<div class="ui form">
 			<div class="field">
 				<label>{{svg "octicon-terminal"}} {{.locale.Tr "packages.nuget.registry"}}</label>
-				<div class="markup"><pre class="code-block"><code>dotnet nuget add source --name Gitea --username your_username --password your_token <gitea-origin-url data-url="{{AppSubUrl}}/api/packages/{{.PackageDescriptor.Owner.Name}}/nuget/index.json"></gitea-origin-url></code></pre></div>
+				<div class="markup"><pre class="code-block"><code>dotnet nuget add source --name {{.PackageDescriptor.Owner.Name}} --username your_username --password your_token <gitea-origin-url data-url="{{AppSubUrl}}/api/packages/{{.PackageDescriptor.Owner.Name}}/nuget/index.json"></gitea-origin-url></code></pre></div>
 			</div>
 			<div class="field">
 				<label>{{svg "octicon-terminal"}} {{.locale.Tr "packages.nuget.install"}}</label>
-				<div class="markup"><pre class="code-block"><code>dotnet add package --source Gitea --version {{.PackageDescriptor.Version.Version}} {{.PackageDescriptor.Package.Name}}</code></pre></div>
+				<div class="markup"><pre class="code-block"><code>dotnet add package --source {{.PackageDescriptor.Owner.Name}} --version {{.PackageDescriptor.Version.Version}} {{.PackageDescriptor.Package.Name}}</code></pre></div>
 			</div>
 			<div class="field">
 				<label>{{.locale.Tr "packages.nuget.documentation" | Safe}}</label>
diff --git a/templates/repo/view_file.tmpl b/templates/repo/view_file.tmpl
@@ -1,9 +1,12 @@
 <div class="{{TabSizeClass .Editorconfig .FileName}} non-diff-file-content">
 	{{- if .FileError}}
+		<div class="ui error message">
+			<div class="text left gt-whitespace-pre">{{.FileError}}</div>
+		</div>
+	{{end}}
+	{{- if .FileWarning}}
 		<div class="ui warning message">
-			<div class="text left">
-				<div>{{.FileError}}</div>
-			</div>
+			<div class="text left gt-whitespace-pre">{{.FileWarning}}</div>
 		</div>
 	{{end}}
 	<h4 class="file-header ui top attached header gt-df gt-ac gt-sb gt-fw">
diff --git a/web_src/css/helpers.css b/web_src/css/helpers.css
@@ -25,6 +25,7 @@
 .gt-overflow-x-scroll { overflow-x: scroll !important; }
 .gt-cursor-default { cursor: default !important; }
 .gt-items-start { align-items: flex-start !important; }
+.gt-whitespace-pre { white-space: pre !important }
 
 .gt-mono {
   font-family: var(--fonts-monospace) !important;

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ func SetEditorconfigIfExists(ctx *context.Context) {`
`19`	`19`	`return`
`20`	`20`	`}`
`21`	`21`
`22`		`- ec, err := ctx.Repo.GetEditorconfig()`
	`22`	`+ ec, _, err := ctx.Repo.GetEditorconfig()`
`23`	`23`
`24`	`24`	`if err != nil && !git.IsErrNotExist(err) {`
`25`	`25`	`description := fmt.Sprintf("Error while getting .editorconfig file: %v", err)`
Original file line number	Diff line number	Diff line change
`@@ -227,7 +227,7 @@ func UpdateRelease(doer user_model.User, gitRepo git.Repository, rel *repo_mod`
`227`	`227`	`deletedUUIDs.Add(attach.UUID)`
`228`	`228`	`}`
`229`	`229`
`230`		`- if _, err := repo_model.DeleteAttachments(ctx, attachments, false); err != nil {`
	`230`	`+ if _, err := repo_model.DeleteAttachments(ctx, attachments, true); err != nil {`
`231`	`231`	`return fmt.Errorf("DeleteAttachments [uuids: %v]: %w", delAttachmentUUIDs, err)`
`232`	`232`	`}`
`233`	`233`	`}`