Merge branch 'main' into introduce-tar-transform-to-prevent-tarbomb

Author: zeripath

docs/content/doc/installation/with-docker-rootless.en-us.md

@@ -147,7 +147,7 @@ services:
 +      - db
 +
 +  db:
-+    image: postgres:13
++    image: postgres:14
 +    restart: always
 +    environment:
 +      - POSTGRES_USER=gitea

docs/content/doc/installation/with-docker.en-us.md

@@ -187,7 +187,7 @@ services:
 +      - db
 +
 +  db:
-+    image: postgres:13
++    image: postgres:14
 +    restart: always
 +    environment:
 +      - POSTGRES_USER=gitea

docs/content/doc/installation/with-docker.zh-cn.md

@@ -172,7 +172,7 @@ services:
 +      - db
 +
 +  db:
-+    image: postgres:13
++    image: postgres:14
 +    restart: always
 +    environment:
 +      - POSTGRES_USER=gitea

docs/content/doc/packages/helm.en-us.md

@@ -0,0 +1,67 @@
+---
+date: "2022-04-14T00:00:00+00:00"
+title: "Helm Chart Registry"
+slug: "packages/helm"
+draft: false
+toc: false
+menu:
+  sidebar:
+    parent: "packages"
+    name: "Helm"
+    weight: 50
+    identifier: "helm"
+---
+
+# Helm Chart Registry
+
+Publish [Helm](https://helm.sh/) charts for your user or organization.
+
+**Table of Contents**
+
+{{< toc >}}
+
+## Requirements
+
+To work with the Helm Chart registry use a simple HTTP client like `curl` or the [`helm cm-push`](https://github.com/chartmuseum/helm-push/) plugin.
+
+## Publish a package
+
+Publish a package by running the following command:
+
+```shell
+curl --user {username}:{password} -X POST --upload-file ./{chart_file}.tgz https://gitea.example.com/api/packages/{owner}/helm/api/charts
+```
+
+or with the `helm cm-push` plugin:
+
+```shell
+helm repo add  --username {username} --password {password} {repo} https://gitea.example.com/api/packages/{owner}/helm
+helm cm-push ./{chart_file}.tgz {repo}
+```
+
+| Parameter    | Description |
+| ------------ | ----------- |
+| `username`   | Your Gitea username. |
+| `password`   | Your Gitea password or a personal access token. |
+| `repo`       | The name for the repository. |
+| `chart_file` | The Helm Chart archive. |
+| `owner`      | The owner of the package. |
+
+## Install a package
+
+To install a Helm char from the registry, execute the following command:
+
+```shell
+helm repo add  --username {username} --password {password} {repo} https://gitea.example.com/api/packages/{owner}/helm
+helm repo update
+helm install {name} {repo}/{chart}
+```
+
+| Parameter  | Description |
+| ---------- | ----------- |
+| `username` | Your Gitea username. |
+| `password` | Your Gitea password or a personal access token. |
+| `repo`     | The name for the repository. |
+| `owner`    | The owner of the package. |
+| `name`     | The local name. |
+| `chart`    | The name Helm Chart. |

docs/content/doc/packages/maven.en-us.md

@@ -8,7 +8,7 @@ menu:
   sidebar:
     parent: "packages"
     name: "Maven"
-    weight: 50
+    weight: 60
     identifier: "maven"
 ---
 

docs/content/doc/packages/npm.en-us.md

@@ -8,7 +8,7 @@ menu:
   sidebar:
     parent: "packages"
     name: "npm"
-    weight: 60
+    weight: 70
     identifier: "npm"
 ---
 

docs/content/doc/packages/nuget.en-us.md

@@ -8,7 +8,7 @@ menu:
   sidebar:
     parent: "packages"
     name: "NuGet"
-    weight: 70
+    weight: 80
     identifier: "nuget"
 ---
 

docs/content/doc/packages/overview.en-us.md

@@ -30,6 +30,7 @@ The following package managers are currently supported:
 | [Conan]({{< relref "doc/packages/conan.en-us.md" >}}) | C++ | `conan` |
 | [Container]({{< relref "doc/packages/container.en-us.md" >}}) | - | any OCI compliant client |
 | [Generic]({{< relref "doc/packages/generic.en-us.md" >}}) | - | any HTTP client |
+| [Helm]({{< relref "doc/packages/helm.en-us.md" >}}) | - | any HTTP client, `cm-push` |
 | [Maven]({{< relref "doc/packages/maven.en-us.md" >}}) | Java | `mvn`, `gradle` |
 | [npm]({{< relref "doc/packages/npm.en-us.md" >}}) | JavaScript | `npm`, `yarn` |
 | [NuGet]({{< relref "doc/packages/nuget.en-us.md" >}}) | .NET | `nuget` |

docs/content/doc/packages/pypi.en-us.md

@@ -8,7 +8,7 @@ menu:
   sidebar:
     parent: "packages"
     name: "PyPI"
-    weight: 80
+    weight: 90
     identifier: "pypi"
 ---
 

docs/content/doc/packages/rubygems.en-us.md

@@ -8,7 +8,7 @@ menu:
   sidebar:
     parent: "packages"
     name: "RubyGems"
-    weight: 90
+    weight: 100
     identifier: "rubygems"
 ---
 

integrations/README_ZH.md

@@ -36,7 +36,7 @@ TEST_MYSQL_HOST=localhost:3306 TEST_MYSQL_DBNAME=test TEST_MYSQL_USERNAME=root T
 ## 如何使用 pgsql 数据库进行集成测试
 同上，首先在 docker 容器里部署一个 pgsql 数据库
 ```
-docker run -e "POSTGRES_DB=test" -p 5432:5432 --rm --name pgsql postgres:13 #(just ctrl-c to stop db and clean the container) 
+docker run -e "POSTGRES_DB=test" -p 5432:5432 --rm --name pgsql postgres:14 #(just ctrl-c to stop db and clean the container) 
 ```
 之后便可以基于这个数据库进行集成测试
 ```

integrations/api_packages_helm_test.go

@@ -0,0 +1,166 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"archive/tar"
+	"bytes"
+	"compress/gzip"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/packages"
+	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
+	helm_module "code.gitea.io/gitea/modules/packages/helm"
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/stretchr/testify/assert"
+	"gopkg.in/yaml.v2"
+)
+
+func TestPackageHelm(t *testing.T) {
+	defer prepareTestEnv(t)()
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
+
+	packageName := "test-chart"
+	packageVersion := "1.0.3"
+	packageAuthor := "KN4CK3R"
+	packageDescription := "Gitea Test Package"
+
+	filename := fmt.Sprintf("%s-%s.tgz", packageName, packageVersion)
+
+	chartContent := `apiVersion: v2
+description: ` + packageDescription + `
+name: ` + packageName + `
+type: application
+version: ` + packageVersion + `
+maintainers:
+- name: ` + packageAuthor + `
+dependencies:
+- name: dep1
+  repository: https://example.com/
+  version: 1.0.0`
+
+	var buf bytes.Buffer
+	zw := gzip.NewWriter(&buf)
+	archive := tar.NewWriter(zw)
+	archive.WriteHeader(&tar.Header{
+		Name: fmt.Sprintf("%s/Chart.yaml", packageName),
+		Mode: 0o600,
+		Size: int64(len(chartContent)),
+	})
+	archive.Write([]byte(chartContent))
+	archive.Close()
+	zw.Close()
+	content := buf.Bytes()
+
+	url := fmt.Sprintf("/api/packages/%s/helm", user.Name)
+
+	t.Run("Upload", func(t *testing.T) {
+		defer PrintCurrentTest(t)()
+
+		uploadURL := url + "/api/charts"
+
+		req := NewRequestWithBody(t, "POST", uploadURL, bytes.NewReader(content))
+		req = AddBasicAuthHeader(req, user.Name)
+		MakeRequest(t, req, http.StatusCreated)
+
+		pvs, err := packages.GetVersionsByPackageType(db.DefaultContext, user.ID, packages.TypeHelm)
+		assert.NoError(t, err)
+		assert.Len(t, pvs, 1)
+
+		pd, err := packages.GetPackageDescriptor(db.DefaultContext, pvs[0])
+		assert.NoError(t, err)
+		assert.NotNil(t, pd.SemVer)
+		assert.IsType(t, &helm_module.Metadata{}, pd.Metadata)
+		assert.Equal(t, packageName, pd.Package.Name)
+		assert.Equal(t, packageVersion, pd.Version.Version)
+
+		pfs, err := packages.GetFilesByVersionID(db.DefaultContext, pvs[0].ID)
+		assert.NoError(t, err)
+		assert.Len(t, pfs, 1)
+		assert.Equal(t, filename, pfs[0].Name)
+		assert.True(t, pfs[0].IsLead)
+
+		pb, err := packages.GetBlobByID(db.DefaultContext, pfs[0].BlobID)
+		assert.NoError(t, err)
+		assert.Equal(t, int64(len(content)), pb.Size)
+
+		req = NewRequestWithBody(t, "POST", uploadURL, bytes.NewReader(content))
+		req = AddBasicAuthHeader(req, user.Name)
+		MakeRequest(t, req, http.StatusCreated)
+	})
+
+	t.Run("Download", func(t *testing.T) {
+		defer PrintCurrentTest(t)()
+
+		checkDownloadCount := func(count int64) {
+			pvs, err := packages.GetVersionsByPackageType(db.DefaultContext, user.ID, packages.TypeHelm)
+			assert.NoError(t, err)
+			assert.Len(t, pvs, 1)
+			assert.Equal(t, count, pvs[0].DownloadCount)
+		}
+
+		checkDownloadCount(0)
+
+		req := NewRequest(t, "GET", fmt.Sprintf("%s/%s", url, filename))
+		req = AddBasicAuthHeader(req, user.Name)
+		resp := MakeRequest(t, req, http.StatusOK)
+
+		assert.Equal(t, content, resp.Body.Bytes())
+
+		checkDownloadCount(1)
+	})
+
+	t.Run("Index", func(t *testing.T) {
+		defer PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", fmt.Sprintf("%s/index.yaml", url))
+		req = AddBasicAuthHeader(req, user.Name)
+		resp := MakeRequest(t, req, http.StatusOK)
+
+		type ChartVersion struct {
+			helm_module.Metadata `yaml:",inline"`
+			URLs                 []string  `yaml:"urls"`
+			Created              time.Time `yaml:"created,omitempty"`
+			Removed              bool      `yaml:"removed,omitempty"`
+			Digest               string    `yaml:"digest,omitempty"`
+		}
+
+		type ServerInfo struct {
+			ContextPath string `yaml:"contextPath,omitempty"`
+		}
+
+		type Index struct {
+			APIVersion string                     `yaml:"apiVersion"`
+			Entries    map[string][]*ChartVersion `yaml:"entries"`
+			Generated  time.Time                  `yaml:"generated,omitempty"`
+			ServerInfo *ServerInfo                `yaml:"serverInfo,omitempty"`
+		}
+
+		var result Index
+		assert.NoError(t, yaml.NewDecoder(resp.Body).Decode(&result))
+		assert.NotEmpty(t, result.Entries)
+		assert.Contains(t, result.Entries, packageName)
+
+		cvs := result.Entries[packageName]
+		assert.Len(t, cvs, 1)
+
+		cv := cvs[0]
+		assert.Equal(t, packageName, cv.Name)
+		assert.Equal(t, packageVersion, cv.Version)
+		assert.Equal(t, packageDescription, cv.Description)
+		assert.Len(t, cv.Maintainers, 1)
+		assert.Equal(t, packageAuthor, cv.Maintainers[0].Name)
+		assert.Len(t, cv.Dependencies, 1)
+		assert.ElementsMatch(t, []string{fmt.Sprintf("%s%s/%s", setting.AppURL, url[1:], filename)}, cv.URLs)
+
+		assert.Equal(t, url, result.ServerInfo.ContextPath)
+	})
+}

models/admin/main_test.go

@@ -12,7 +12,8 @@ import (
 )
 
 func TestMain(m *testing.M) {
-	unittest.MainTest(m, filepath.Join("..", ".."),
-		"notice.yml",
-	)
+	unittest.MainTest(m, &unittest.TestOptions{
+		GiteaRootPath: filepath.Join("..", ".."),
+		FixtureFiles:  []string{"notice.yml"},
+	})
 }

models/asymkey/main_test.go

@@ -18,12 +18,15 @@ func init() {
 }
 
 func TestMain(m *testing.M) {
-	unittest.MainTest(m, filepath.Join("..", ".."),
-		"gpg_key.yml",
-		"public_key.yml",
-		"deploy_key.yml",
-		"gpg_key_import.yml",
-		"user.yml",
-		"email_address.yml",
-	)
+	unittest.MainTest(m, &unittest.TestOptions{
+		GiteaRootPath: filepath.Join("..", ".."),
+		FixtureFiles: []string{
+			"gpg_key.yml",
+			"public_key.yml",
+			"deploy_key.yml",
+			"gpg_key_import.yml",
+			"user.yml",
+			"email_address.yml",
+		},
+	})
 }

models/auth/main_test.go

@@ -12,11 +12,14 @@ import (
 )
 
 func TestMain(m *testing.M) {
-	unittest.MainTest(m, filepath.Join("..", ".."),
-		"login_source.yml",
-		"oauth2_application.yml",
-		"oauth2_authorization_code.yml",
-		"oauth2_grant.yml",
-		"webauthn_credential.yml",
-	)
+	unittest.MainTest(m, &unittest.TestOptions{
+		GiteaRootPath: filepath.Join("..", ".."),
+		FixtureFiles: []string{
+			"login_source.yml",
+			"oauth2_application.yml",
+			"oauth2_authorization_code.yml",
+			"oauth2_grant.yml",
+			"webauthn_credential.yml",
+		},
+	})
 }

models/db/paginator/main_test.go

@@ -12,5 +12,7 @@ import (
 )
 
 func TestMain(m *testing.M) {
-	unittest.MainTest(m, filepath.Join("..", "..", ".."))
+	unittest.MainTest(m, &unittest.TestOptions{
+		GiteaRootPath: filepath.Join("..", "..", ".."),
+	})
 }