- Use a whitelist-based approach to find *.go files so we can use
standard find syntax. Also included is a change that files no
longer pass a leading './' which should help performance further.
- Instead of running `find` multiple times in make because of the
lazy evaluation, run it only once and add the bindata files when
the bindata tag is present
This is another huge speedup on my machine of around 2000%.
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Create system webhook column (and migration)
* Create system webhook DB methods
Based on the default webhook ones
* Modify router to handle system webhooks and default ones
* Remove old unused admin nav template
* Adjust orgRepoCtx to differentiate system and default webhook URLs
* Assign IsSystemWebhook when creating webhooks
* Correctly use booleans for IsSystemWebhook
* Use system webhooks when preparing webhooks for payload
* Add UI and locale changes
* Use router params to differentiate admin hook pages
* Fix deleting admin webhooks and rename method
* Add clarity to webhook docs
* Revert "Remove old unused admin nav template"
This reverts commit 191a20a738.
* Rename WebHooksNewPost to GiteaHooksNewPost for clarity
* Reintroduce blank line lost during merge conflict
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix task-list checkbox styling
The pandoc renderer will append the class "task-list" to the ul element
wrapping a li with one or more check-boxes. This allows us to select for
them, removing their list-style-type property. However, goldmark and the
gfm spec doesn't specify the "task-list" class name, so we can't use
that to fix the issue there.
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
* Update to goldmark v1.1.25
This version adds the missing space after a checkbox.
Resolves: #9656
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Also adjusted other version mentions so go version is always mentioned
as major.minor and node only as major.
Co-authored-by: silverwind <me@silverwind.io>
* Display pull request head branch even the branch deleted or repository deleted
* Merge getHeadRepo/loadHeadRepo and getBaseRepo/loadBaseRepo on pull and fill repo when pr.Issue.Repo is available
* retrieve sha from pull head when pull request branch deleted and fix tests
* Fix test
* Ensure MustHeadRepoName returns empty string if no head repo
Co-authored-by: zeripath <art27@cantab.net>
* Speed up make
- stop `find` from venturing into node_modules and other directories
that do not contain *.go files
- only run `find` once for *.go files
- move image tempdir generation to that task
- rename GOFILES to GO_SOURCES_OWN for consistency and to indicate that
vendor files are not included
- pre-resolve FOMANTIC_SOURCES
* exclude more
Co-authored-by: Lauris BH <lauris@nix.lv>
Unfortunately the fix in #10511 was slightly incorrect and placed the
detail box at one level too far out.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* adding search capability to user's issues dashboard
* global issue search
* placement of search bar on issues dashboard
* fixed some bugs in the issue dashboard search
* added unit test because IssueIDs option was added to UserIssueStatsOptions
* some renaming of fields in the issue dashboard code to be more clear; also trying to fix issue of searching the right repos based on the filter
* added unit test fro GetRepoIDsForIssuesOptions; fixed search lost on pagination; using shown issue status for open/close count; removed some debugging
* fix issue with all count showing incorrectly
* removed todo comment left in by mistake
* typo pulling wrong count
* fxied all count being off when selecting repositories
* setting the opts.IsClosed after pulling repos to search, this is done so that the list of repo ids to serach for the keyword is not limited, we need to get all the issue ids for the shown issue stats
* added "accessibleRepositoryCondition" check on the query to pull the repo ids to search for issues, this is an added protection to ensure we don't search repos the user does not have access to
* added code so that in the issues search, we won't use an in clause of issues ids that goes over 1000
* fixed unit test
* using 950 as the limit for issue search, removed unneeded group by in GetRepoIDsForIssuesOptions, showing search on pulls dashboard page too (not just issues)
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
* add API endpoint to create OAuth2 Application.
* move endpoint to /user. Add swagger documentations and proper response type.
* change json tags to snake_case. add CreateOAuth2ApplicationOptions to swagger docs.
* change response status to Created (201)
* add methods to list OAuth2 apps and delete an existing OAuth2 app by ID.
* add APIFormat convert method and file header
* fixed header
* hide secret on oauth2 application list
* add Created time to API response
* add API integration tests for create/list/delete OAuth2 applications.
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Looking at github/markup#245 it is clear that GH uses https://github.com/jch/html-pipeline to sanitize. This PR relaxes our sanitization to more closely match this.
Fixes#10471
and likely others...
* Show Signer in commit lists and add basic trust
Show the avatar of the signer in the commit list pages as we do not
enforce that the signer is an author or committer. This makes it
clearer who has signed the commit.
Also display commits signed by non-members differently from
members and in particular make it clear when a non-member signer
is different from the committer to help reduce the risk of
spoofing.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* ensure orange text and background is available
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update gpg_key.go
* Update models/gpg_key.go
* Apply suggestions from code review
* Require team collaborators to have access to UnitTypeCode
* as per @6543
* fix position of sha as per @silverwind
* as per @guillep2k
- Ensure bar does not overflow parent
- Remove unneccessary borders/background
- Fix shaky animation caused by JS animation miscalculation by setting
fixed height on the summary box. Box itself is still shaky during
animation, but better it then the whole page.
Fixes: https://github.com/go-gitea/gitea/issues/10474
* refactor
* optimize
* remove Iretating function
LoadWatchUsers do not load Users into IW object and it is used only in api ... so move this logic
* remove unessesary
* Apply suggestions from code review
Thx
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* make Tests more robust
* fix rebase
* restart CI
* CI no dont hit sqlites deadlock
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
- Fixes a JWT decoding issue in the OpenID provider
- Updates the GitHub provider to use the authorization header for authentication
- Updates the Twitch provider for Twitch's v5 API changes
- Adds the email and is_private_email fields to the Apple provider's GetUser implementation
- Modifies gothic to export a non-collidable context key for setting the Provider in a context.Context
- Adds new scopes to the Spotify provider
- Adds the IDToken from OpenID providers on the user struct
- Make Apple provider's SecretParams public
- Adds support for sign in with Apple, and drops support for Go versions 1.7 and 1.8
- Fixes the Slack provider's FetchURL logic to use the appropriate scope for the info it needs
Signed-off-by: Oscar LÃfwenhamn <oscar.lofwenhamn@cgi.com>
- unvendor vue and vue-calendar-heatmap
- remove unused moment.js leftover from previous heatmap version
- ensure webpack loads the full version of vue
- fix vue devmode warning related to 'searchLimit' type
I wanted to name the chunk heatmap.js but adblockers don't like that
filename [1].
[1] 3899d5dff3/easyprivacy/easyprivacy_general.txt (L2095)
* Prevent Firefox from using apple-touch-icon
The opaque background does not work well in Firefox which uses the icon
as a "rich icon". Prevent this by not specifying it in HTML. Real Apple
devices will still request the icon on the static path.
Fixes: https://github.com/go-gitea/gitea/issues/10394
Also adjust gitignore so app.ini.sample becomes searchable and fixed a
variable name in app.ini.sample.
* fix gitignore
* Add frontend/backend make targets, fix source release
- Add 'make backend' and 'make frontend' make targets which are used to
build go and js/css/svg files respectively.
- The 'backend' target can be invoked without requiring Node.js to be
present on the system if pre-built frontend assets are present like
in the release source tarballs.
- Fix source releases missing 'dist' folders inside 'node_modules' which
were erronously excluded from tar.
- Store VERSION in file VERSION for the release tarballs and prefer that
file over git-derived version.
* fix release task
* fix typo
* fix another typo
If you attempt to merge to a branch which on a PR there will be a nil pointer error in the pull request checker.
This panic is uncaught and will bring down the gitea server.
This PR adds protection to prevent this.
Move langauge detection to separate module to be more reusable
Add option to disable vendored file exclusion from file search
Allways show all language stats for search
- only `mkdir`the dist dirs when they are absent
- add the dist dirs as prereqs so targets like `make release-sources`
can run standalone
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
* Database Preparation
* Apply suggestions from @guillep2k
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Repeat strong password notice on PostgreSQL
* Add prerequisite note
* Use utf8mb4 instead of utf8
* Use utf8mb4 if complete character coverage wanted
* utf8mb4 recommended
* Reword utf8mb4 recommendation
* Set InnoDB global variables may be needed
* Reorder step number
* Whoops, bump year date
* Remove `SET GLOBAL`s and step number reorder
It is assumed that such global variables value are already as default on MySQL 5.7 and later, so those are redundant.
* Syntax edit on MySQL GRANT PRIVILEGEs
* DB engine uniformity intro edit
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
The commit status code has a bug whereby setting the initial status to Pending means you can never have the status of Success - it should be set to Success.
* Truncate long commit message header
* Fix overflow in view commit table
* Use @media less
* Further improvements
* Fix the commit message on small screens
* adjust width of minimal table
* Don't manually replace whitespace during render
For historical reasons Gitea manually alters the urlPrefix and replaces
a whitespace with a +. This Works for URLs, but we're also passing
urlPrefix to git calls and adding the + is breaking the tree path.
Goldmark will automatically convert a white space to the proper %20, so
we should leave the string as is which lets us pass it to git unmodified
and then let Goldmark fix it.
Also fixed separate bug in URLJoin I noticed while testing where it will
silently discard sections of a path that have # in them (possibly
others). We should just escape it first.
Fixes 10156
* Escape elems as well
* Revert "Escape elems as well"
This reverts commit 8bf49596fe.
* restart ci
* remove changes to URLJoin
* restart ci
Co-authored-by: techknowlogick <matti@mdranta.net>
* Add fixture gen tool and fix "access" test
* Close file before exiting
* Add missing repo_unit for repo id: 5
* Fix count on TestAPIOrgRepos
* Generate access fixture from contrib and add test
* Remove old access fixture generation
* Fix lint
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add fixture gen tool and fix "access" test
* Close file before exiting
* Add missing repo_unit for repo id: 5
* Fix count on TestAPIOrgRepos
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* add API branch protection endpoint
* lint
* Change to use team names instead of ids.
* Status codes.
* fix
* Fix
* Add new branch protection options (BlockOnRejectedReviews, DismissStaleApprovals, RequireSignedCommits)
* Do xorm query directly
* fix xorm GetUserNamesByIDs
* Add some tests
* Improved GetTeamNamesByID
* http status created for CreateBranchProtection
* Correct status code in integration test
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Write out TAGS to .make_evidence/tags and compare it to the previous
invocation. If they differ, insert the evidence file into the prereqs
of targets that use TAGS. I made it .PHONY so it always builds.
I did not include the prereq on release tasks, asssuming the will always
do a clean build.
Fixes: https://github.com/go-gitea/gitea/issues/10196
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
* Implementation for calculating language statistics
Impement saving code language statistics to database
Implement rendering langauge stats
Add primary laguage to show in repository list
Implement repository stats indexer queue
Add indexer test
Refactor to use queue module
* Do not timeout for queues
* Only check for merging if the PR has not been merged in the interim
* fixup! Only check for merging if the PR has not been merged in the interim
* Try to fix test failure
* Use PR2 not PR1 in tests as PR1 merges automatically
* return already merged error
* enforce locking
* enforce locking - fix-test
* enforce locking - fix-testx2
* enforce locking - fix-testx3
* move pullrequest checking to after merge
This might improve the chance that the race does not affect us but does not prevent it.
* Remove minor race with getting merge commit id
* fixup
* move check pr after merge
* Remove unnecessary prepareTestEnv - onGiteaRun does this for us
* Add information about when merging occuring
* fix fmt
* More logging
* Attempt to fix mysql
* Try MySQL fix again
* try again
* Try again?!
* Try again?!
* Sigh
* remove the count - perhaps that will help
* next remove the update id
* next remove the update id - make it updated_unix instead
* On failure to merge ensure that the pr is rechecked for conflict errors
* On failure to merge ensure that the pr is rechecked for conflict errors
* Update models/pull.go
* Update models/pull.go
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Apply suggestions from code review
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
* allow emoji on popup label
* Make emojify work
* Remove unnecessary class
Co-Authored-By: silverwind <me@silverwind.io>
Co-authored-by: silverwind <me@silverwind.io>
- created lazy-loaded webpack chunk for clipboard.js
- upgraded clipboard.js from 1.5.9 to 2.0.4
- parallelize initialization of all lazy-loaded features
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
- move "vendor" files to js/vendor and less/vendor
- move swagger to js/standalone (meant for standalone pages)
- move gitgraph to features and streamline its loading
- add linting configs to webpack dependencies in make
- set ignored files for eslint/stylelint directly in their configs
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
* add check to DeleteUser
* add check to DeleteOrganization
* add Test
* remove redundancy (deleteOrg is only used in DeleteOrganization)
* Update models/org.go
Co-authored-by: zeripath <art27@cantab.net>
* Upgrade levelqueue to version 0.2.0
This adds functionality for Unique Queues
* Add UniqueQueue interface and functions to create them
* Add UniqueQueue implementations
* Move TestPullRequests over to use UniqueQueue
* Reduce code duplication
* Add bytefifos
* Ensure invalid types are logged
* Fix close race in PersistableChannelQueue Shutdown
* Check if go exists before generating the GOPATH
* Move export PATH into Go protected section
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* go function contexting is not what you expect
* Apply suggestions from code review
Co-Authored-By: Lauris BH <lauris@nix.lv>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Use evidence file as dependency instead of dir
* fix eol
* Update .gitignore
Co-Authored-By: silverwind <me@silverwind.io>
* Use FOMANTIC_SOURCES to establish dependencies as per @silverwind
Co-authored-by: silverwind <me@silverwind.io>
* Cache last commit to accelerate the repository directory page visit
* Default use default cache configuration
* add tests for last commit cache
* Simplify last commit cache
* Revert Enabled back
* Change the last commit cache default ttl to 8760h
* Fix test
* Support references ending in , . and ;
* Accept :;, in simple refs; fix 2+ consecutive refs
* Include cross-repository references
* Add ?!, fix spacing problem
this speeds up repeated webpack builds by around 20%. It will use the
default cache directory `node_modules/.cache/babel-loader`.
Also added cache invalidation to workaround https://github.com/babel/babel-loader/issues/690
* fix apple-touch-icon, regenerate images
Fixed semi-transparent pixels of apple-touch-icon.png.
I had to manually exclude public/img/loading.png from the commit because
it's an APNG and one of the tools destroys the animation.
* exclude loading.png
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add doctor check of app.ini paths
* Make /custom dir not mandatory
* Fix message and improve interface
* Update cmd/doctor.go
Co-Authored-By: John Olheiser <42128690+jolheiser@users.noreply.github.com>
* Apaise lint
* Isn't the linter a sweet? (1)
* Isn't the linter a sweet? (2)
* Isn't the linter a sweet?? (3)
* Restart CI
Co-authored-by: John Olheiser <42128690+jolheiser@users.noreply.github.com>
Co-authored-by: zeripath <art27@cantab.net>
* Update documentation for the go module era
use go env instead of $GOPATH
Update instructions to just use git clone
Slight update to readme
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fixup
* Apply suggestions from code review
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
Co-Authored-By: Bagas Sanjaya <bagasdotme@gmail.com>
* Apply suggestions from code review
* Fix GOPATH settings
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: Bagas Sanjaya <bagasdotme@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Make WorkerPools and Queues flushable
Adds Flush methods to Queues and the WorkerPool
Further abstracts the WorkerPool
Adds a final step to Flush the queues in the defer from PrintCurrentTest
Fixes an issue with Settings inheritance in queues
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Change to for loop
* Add IsEmpty and begin just making the queues composed WorkerPools
* subsume workerpool into the queues and create a flushable interface
* Add manager command
* Move flushall to queue.Manager and add to testlogger
* As per @guillep2k
* as per @guillep2k
* Just make queues all implement flushable and clean up the wrapped queue flushes
* cope with no timeout
Co-authored-by: Lauris BH <lauris@nix.lv>
because the CSS was lazy-loaded the rules in arc-green did not win.
included the css file in the main bundle to fix. the black dots can not
be fixed via CSS because they are drawn in a `<canvas>` element
unfortunately.
- introduced window.config to help with js-based lazy-loading
- adjusted webpack chunk naming to avoid 'vendors~name.js' that webpack
defaults to for vendor chunks.
- added theme class to html and prefixed all selectors. this is
neccesary so that the theme styles win over the lazy-loaded ones.
Co-authored-by: zeripath <art27@cantab.net>
* Always limit results by what is accessible to the user
* Change signature of AccessibleRepoIDsQuery
* Ensure that user with ID <= 0 is handled
* Update models/repo_list.go
* Repo name added to automatically generated commit message when merging pull request
* As per @lunny
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: zeripath <art27@cantab.net>
* Some refactor on git diff and ignore getting commit information failed on migrating pull request review comments
* fix test
* fix lint
* Change error log to warn
- added new 'make webpack' target
- deprecated 'make js' and 'make css'
- extend webpack config to load the less files
- updated docs
I had to rename the source file of `arc-green.less` to avoid generating
a useless JS entrypoint via webpack-fix-style-only-entries which would
not work with different source/destination filenames. I hear that there
should be cleaner solutions possible once we upgrade to Webpack 5.
Co-authored-by: zeripath <art27@cantab.net>
* Only generate bindata if necessary
* Only generate bindata if they are not up-to-date
* generate a hash of the fileinfo and use that to keep up-to-date
* Newer test is redundant
* handle missing bindata and clean
* Only update hash after successful write
* switch to sha1 hash
* Apply suggestions from code review
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
* add explicit dimensions to navbar avatar
this prevents a temporary layout change when navigating between
pages with cache disabled.
* also add dimensions on frontpage
Co-authored-by: Lauris BH <lauris@nix.lv>
the `fomantic` target for some reason does sometimes not update the
timestamp on the directory, leading to useless rebuild. Manually update
the timestamp at the end of the build to avoid this and also added the
same to js/css targets.
* fix commit view JS features, reimplement folding
File content folding was not working so I reimplemented it in a saner
way. Then I noticed the issue was actually because of missing JS
libraries (seen on the console of every commit with error
'SimpleMDE is not defined').
Fixed the libraries. I think the reimplementation is worth to keep.
* add .closest polyfill
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
loadCSS was used as a polyfill for rel=preload but it seems we only used
it on a single CSS file which did not help much. Changed the icon CSS to
a blocking load and preload the woff2 variants which does work in modern
browsers (Firefox currently needs the network.preload about:config
setting but should gain proper support soon).
Co-authored-by: zeripath <art27@cantab.net>
* combine make calls on drone
combine most make calls on drone into one command. this should give a
speedup of about 5-15 seconds per make invocation because make only
needs to resolve file globs once.
* combine timeout calls as well
* make node_modules a order-only prerequisite
Package installations and our fomantic step results in changes inside
node_modules which lead to make triggering that target unnecessarily.
Moved all node_modules prerequisites to order-only which will make skip
the timestamp check on in and eliminate useless npm calls.
Changes in package-lock.json will still result in reinstallation so
node_modules should stay consistent.
* revert change to clean-all
This changes the CSS output of webpack to output to the public/css
directory instead of inling CSS in JS. This enables CSS minification and
autoprefixer based on browserslist which would otherwise not be
possible.
The result of this change is two new output files currently:
- public/css/swagger.css
- public/css/gitgraph.css
Co-authored-by: techknowlogick <matti@mdranta.net>
* fix pull view when head repository or head branch missed and close related pull requests when delete branch
* fix pull view broken when head repository deleted
* close pull requests when head repositories deleted
* Add tests for broken pull request head repository or branch
* fix typo
* ignore special error when close pull request
Co-authored-by: Lauris BH <lauris@nix.lv>
* fix typo
* Migrate reviews when migrating repository from github
* fix lint
* Added test and migration when external user login
* fix test
* fix commented state
* Some improvements
* fix bug when get pull request and ref original author on code comments
* Fix migrated line; Added comment for review
* Don't load all pull requests attributes
* Fix typo
* wrong change copy head
* fix tests
* fix reactions
* Fix test
* fix fmt
* fix review comment reactions
* Fix wrong hint when status checking is running on pull request view
* fix lint
* fix test
* fix test
* fix wrong tmpl
* fix import
* rename function name
Currently, this needs to be its own chunk because fomantic depends
on jQuery being present. The next step is to move fomantic to webpack
too after which we can combine the index,fomantic and jquery files into
one.
jquery-migrate is still neccessary because our ancient version of Dropzone
seems to break without it. I imagine it can be removed after a Dropzone
upgrade.
* fixed link to issue in issue comments after adding/removing a dependency, before links assumed the issue was in the same repository. also changed the format of the displayed issue since the issue will not necessarily be in the same repo
* based on pr comments, changed to use HTMLURL instead of piecing together the issue url, and added an if statement around the issue link display as a nil protection
* only showing repo name in dependency comment if the issue is from another repo
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
* Use npm to manage fomantic
* Only build needed semantic components
* Fix make
* Don't import fonts from google sites since we have loaded
* [misc] devendor fomantic-ui and rebuild upon src or config changes only
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* Change sort alphabetically of semantic components
* Fix trailing slash
* fix makefile
* Remove dependency to gulp from package.json
* Fix something
* Simplife the makefile
* add missed fomantic compnent
Co-authored-by: Jakob Ackermann <das7pad@outlook.com>
* Add support for database schema
* Require setting search_path for the db user
* Add schema setting to admin/config.tmpl
* Use a schema different from default for psql tests
* Update postgres scripts to use custom schema
* Update to xorm/core 0.7.3 and xorm/xorm c37aff9b3a
* Fix migration test
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix wrong permissions check when issues/prs shared operations
* move redirect to the last of the function
* fix swagger
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Make CertFile and KeyFile relative to CustomPath
The current code will absolute CertFile and KeyFile against the current working directory. This is quite unexpected for users. This code makes relative paths absolute against the CustomPath.
Fix#4196
* Improve error reporting when reading certificates
* Apply suggestions from code review
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Add possibility to global disable repo units.
* Add Default Repo Unit app.ini setting.
* Hide units
* Hide disabled repo units
* Minor fixes
* Indicate disabled units in team settings.
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
* Admin shall be able to bypass merge checks.
* Repository admin should not bypass if merge whitelist is set.
* Add code comment about checks that PR are ready
* notAllOverrideableChecksOk->notAllOverridableChecksOk
* Fix merge, require signed currently not overridable.
* fix
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
* ci: configure remaining github limmit
* prepend with github since package is common to all migrations
* add RefreshRate
* Update github.go
* add missing space
* go fmt
* Read env variable GITHUB_READ_TOKEN for token
* Update .drone.yml
Now includes Firefox ESR, Opera and a few more browser with usages
between 0.5% and 1%. defaults resolves to > 0.5%, last 2 versions, Firefox ESR, not dead.
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add require signed commit for protected branch
* Fix fmt
* Make editor show if they will be signed
* bugfix
* Add basic merge check and better information for CRUD
* linting comment
* Add descriptors to merge signing
* Slight refactor
* Slight improvement to appearances
* Handle Merge API
* manage CRUD API
* Move error to error.go
* Remove fix to delete.go
* prep for merge
* need to tolerate \r\n in message
* check protected branch before trying to load it
* Apply suggestions from code review
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* fix commit-reader
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Created a second webpack output file for swagger-ui which is loaded on
the /api/swagger route. One notable difference is the absence of the
swagger favicon that was previously used which is now the gitea icon. I
see no easy way to restore that favicon, so I decided to not keep it.
* introduce GET /notifications/new
* add TEST
* use Sprintf instead of path.Join
* Error more verbose
* return number of notifications if unreaded exist
* 200 http status for available notifications
* Add privacy policy page and link
* Add TOS page and link
* Add update date
* [Docs] Add customizing PP and TOS
* Separate h2 user-generated content with its paragraph
* Reimplement Privacy Policy
The document is inspired from GitHub.
* Refactor to contrib
* [Docs] Mention how to add legal pages
* Reimplement Terms of Service
Adapted from GitHub
* Update revision date
* Rename to mark as sample file
* Apply suggestion from @sapk
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
* Apply suggestion from @sapk
Use absolute link instead
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
* Apply suggestion from @zeripath
Change `Last Updated` element to `<h4>`
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestion from @zeripath
Close this `<li>` element instance
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestion from @zeripath
Intentionally grammar fix
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestion from @zeripath
Information grammar
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestion from @zeripath
Cannot guarantee absolute security...
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestion from @zeripath
Use `<h4>` element for last updated date
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestion from @zeripath
Remove trailing `</p>` at the end of API clause
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestion from @zeripath
Migrate privacy email domain to Your Gitea Instance
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestions from @zeripath
Remove `<p>` container for `<ol>` definitions
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestions from @zeripath
Remove `<p>` container that contain `<ol>` user-generated content
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestions from @zeripath
Remove `<p>` container for private repositories `<ol>` listing
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestions from @zeripath
Migrate remaining email domains to Your Gitea Instance
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestion from @zeripath
Offer support
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestion from @zeripath
Change "Your Gitea Instance" references to match your situation and Gitea project disclaimer
Co-Authored-By: zeripath <art27@cantab.net>
* Reword transmission data to reflect hosting on third-party provider
* Reword Analytics clause to reflects that not all Gitea instances deploy analytics OOTB
* Remove `<p>` container from account terms
* Migrate support email on tos to your-gitea-instance
* Reword Tracking and Analytics clause for OOTB case
* [Docs] Append privacy.html to cp destination
* Apply suggestion from @6543
Create or append to footer template
Co-Authored-By: 6543 <6543@obermui.de>
* Apply suggestion from myself
@6543 suggest replacing this `cp` line (which assumed that Gitea sources are available) with `wget` to GitHub raw link. At the time of writing this, this returned 404, but when this PR has been merged, this should get the actual page.
* Apply suggestions from @6543
1. Add gpg key to profile information
2. Add Git repos to list of User Personal Information
3. Comment out responsibility for sensitive information
Co-Authored-By: 6543 <6543@obermui.de>
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
* Fix missing updated time on migrated issues and comments
* Fix testing and missing updated on migrating pullrequest
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
* Restricted users (#4334): initial implementation
* Add User.IsRestricted & UI to edit it
* Pass user object instead of user id to places where IsRestricted flag matters
* Restricted users: maintain access rows for all referenced repos (incl public)
* Take logged in user & IsRestricted flag into account in org/repo listings, searches and accesses
* Add basic repo access tests for restricted users
Signed-off-by: Manush Dodunekov <manush@stendahls.se>
* Mention restricted users in the faq
Signed-off-by: Manush Dodunekov <manush@stendahls.se>
* Revert unnecessary change `.isUserPartOfOrg` -> `.IsUserPartOfOrg`
Signed-off-by: Manush Dodunekov <manush@stendahls.se>
* Remove unnecessary `org.IsOrganization()` call
Signed-off-by: Manush Dodunekov <manush@stendahls.se>
* Revert to an `int64` keyed `accessMap`
* Add type `userAccess`
* Add convenience func updateUserAccess()
* Turn accessMap into a `map[int64]userAccess`
Signed-off-by: Manush Dodunekov <manush@stendahls.se>
* or even better: `map[int64]*userAccess`
* updateUserAccess(): use tighter syntax as suggested by lafriks
* even tighter
* Avoid extra loop
* Don't disclose limited orgs to unauthenticated users
* Don't assume block only applies to orgs
* Use an array of `VisibleType` for filtering
* fix yet another thinko
* Ok - no need for u
* Revert "Ok - no need for u"
This reverts commit 5c3e886aab.
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
* ci: try re-ordering for optimizing time
* ci: try re-ordering for optimizing time
* ci: try re-ordering for optimizing time
* ci: try re-ordering for optimizing time
* ci: try re-ordering for optimizing time
* ci: try re-ordering for optimizing time
* ci: try offloading mysql8 to arm64
* Revert "ci: try offloading mysql8 to arm64"
This reverts commit c60de5db1c.
* ci: try offloading pgsql to arm64
* ci: activate ldap on arm64
* ci: test mysql8 in place pgsql arm64
* chore: clean un-needed move
* typo
* ci: revert runnning mysql on arm64
* ci: run compliance on arm
* chore: limit change
* chore: readd maybe need for release fetch-tags
* ci: remove docker-linux-amd64-dry-run
* ci: remove docker-linux-amd64-dry-run
* Revert "ci: remove docker-linux-amd64-dry-run"
This reverts commit 0715f65b11.
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Some users (like me) have this option disabled in their global npm
config which can lead to package-lock.json not being updated. This
explicitely enables the option for this repo, so that the file is
always updated when adding/removing dependencies.
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
webpack polyfills did not work because useBuiltIns: 'entry' expects a
explicit core-js import. Changed it to 'usage' which does not require
these explicit imports and polyfills based on browserslist.
As a result, the built index.js now went from 128kB to 192kB.
Ref: https://babeljs.io/docs/en/babel-preset-env#usebuiltins
Co-authored-by: zeripath <art27@cantab.net>
* introduce `GET /orgs`
* add TEST
* show also other VisibleType's
* update description
* refactor a lot
* SearchUserOptions by default return only public
* Delay printing hook statuses until after 1 second
* Move to a 5s delay, wrapped writer structure and add config
* Update cmd/hook.go
* Apply suggestions from code review
* Update cmd/hook.go
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Fomantic expects all tabs to have a target element with content as
defined by the data-tab attribute. All our usage of the tab module seems
to use <a> element tabs that link to new pages so these content elements
are never present and fomantic complains about that in the console with
an "Activated tab cannot be found" error. This silences that error.
* add doctor
* Add a new command doctor to check if some wrong configurations on gitea instance
* fix import
* use regex match authorized_keys on doctor
* Add documentation
* Move push commits from models to modules/repository
* fix test
* fix test
* fix test
* fix test
* fix test
Co-authored-by: zeripath <art27@cantab.net>
* deprecate /api/v1/org/{org}/repos in favour of /api/v1/orgs/{org}/repos + cleanup api repository routes a bit
* remove redundant code
* use upstream function for api cal
* make generate-swagger
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
* API: orgEditTeam make Fields optional
* add TestCase
* Update integrations/api_team_test.go
* suggestions from lafriks
use len() to check if string is empty
Co-Authored-By: Lauris BH <lauris@nix.lv>
* change ...
* use Where not ID to get mssql
* add return and code format
* fix test
* fix test ... null pointer exept
* update specific colums
* only specific colums too
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Fix#5997.
If a push causes the patch/diff of a PR towards target branch to change, all existing reviews for the PR will be set and shown as stale.
New branch protection option to dismiss stale approvals are added.
To show that a review is not based on the latest PR changes, an hourglass is shown
* Rename h3 title
* Add intro
Should work on Ubuntu Xenial, but should work on any Linux distros.
* Indirect edit files
Instead of providing `sudo vim`, invite to edit files.
* enable now instead of enable and start
* Re-add systemctl enable && systemctl start
* Revert service enablement back to status quo
* Add enable now counterpart for systemd > v220
* Apply suggestions from @sapk
Strip `vim` from editor usage
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Once a branch has been merged if the commit ID no longer equals that of
the pulls ref commit id don't offer to delete the branch on the pull screen
and don't list it as merged on branches.
Fix#9201
When looking at the pull page we should also get the commits from the refs/pulls/x/head
Fix#9158
* test: add current attachement responses
* refactor: check if attachement is linked and accessible by user
* chore: clean TODO
* fix: typo attachement -> attachment
* revert un-needed go.sum change
* refactor: move models logic to models
* fix TestCreateIssueAttachment which was wrongly successful
* fix unit tests with unittype added
* fix unit tests with changes
* use a valid uuid format for pgsql int. test
* test: add unit test TestLinkedRepository
* refactor: allow uploader to access unlinked attachement
* add missing blank line
* refactor: move to a separate function repo.GetAttachment
* typo
* test: remove err test return
* refactor: use repo perm for access checking generally + 404 for all reject
* Add footer extra links template
* [Docs] Update to mention extra links footer template
* Commit suggestion from @davidsvantesson
Co-Authored-By: David Svantesson <davidsvantesson@gmail.com>
* Move template placement to right side of footer
Co-authored-by: David Svantesson <davidsvantesson@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Some more e-mail notification fixes
A few more small e-mail notification fixes/changes
* Style footer of notification email to be smaller
* Include text for when pull request is merged
* Don't include original body of issue or PR when merging/closing by
setting issue.Content to "" in these cases
* Set Re: prefix and meessage-ID headers based on actName instead of checking for a
comment. This fixes a bug where certain actions that didn't have a
comment were setting Message-ID instead of In-Reply-To which caused some
mail programs not to show those messages as they would have had the same
Message-ID as a previous message. Also fixes the case where a final
comment and closing message would have been displayed out of order if
you didn't have a copy of the original issue/pr cretion message.
* Update other template footers for consistency
* dont insert "-1" in any case to issue.poster_id
* Make sure API cant override importand fields
* code format
* fix lint
* WIP test
* add missing poster_id
* fix test
* user.IsGhost handle nil
* CI.restart()
* make sure no -1 is realy added
* CI.restart()
* @lunny suggestion remove some not allowed fields
* seperate issue.LoadMilestone
* load milestone and return it on IssueEdit via API
* extend Test for TestAPIEditIssue
* fix fixtures
* declare allowedColumnsUpdateIssueByAPI only once
* Update Year
* no var just write id drecty into func cal
Co-authored-by: Lauris BH <lauris@nix.lv>
Some small changes:
* Include text if approve/comment/request changes on PR
* List filename for review comments
* Bold username when mentioned
This will stop empty body messages when approving PR on gitea.com
* Move to goldmark
Markdown rendering moved from blackfriday to the goldmark.
Multiple subtle changes required to the goldmark extensions to keep
current rendering and defaults.
Can go further with goldmark linkify and have this work within markdown
rendering making the link processor unnecessary.
Need to think about how to go about allowing extensions - at present it
seems that these would be hard to do without recompilation.
* linter fixes
Co-authored-by: Lauris BH <lauris@nix.lv>
* remove since it is there for 3years
* fix 500 error for ghost avatar
* dont insert "-1" in any case to issue.poster_id
* fix lint
* Test: ghost avatar link
* fix test
* Revert "remove since it is there for 3years"
This reverts commit fd9ad05159.
* Revert "dont insert "-1" in any case to issue.poster_id"
This reverts commit 05469ab6d8.
Co-authored-by: zeripath <art27@cantab.net>
* Handle if two or more attachments have the same name
* previously only the first could be downloaded - now each is downloadable
* dos also take care of #6506 (fix was: #6512)
* use func DownloadURL() at issue attatchments too
Instead of just adding test generated files to .gitignore prevent
them from being produced in the first place.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add contrib/environment-to-ini
This contrib command provides a mechanism to allow arbitrary setting
of ini values using the environment variable in a more docker standard
fashion.
Environment variable keys should be structured as:
"GITEA__SECTION_NAME__KEY_NAME"
Use of the command is explained in the README.
Partial fix for #350Closes#7287
* Update contrib/environment-to-ini/environment-to-ini.go
Co-Authored-By: 6543 <6543@obermui.de>
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: 6543 <6543@obermui.de>
#8982 attempted to enforce the gitea environment for pushes - unfortunately it tested the settings before they were actually read in - and therefore does not do that!
* Push update after branch is restored
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Apply suggestions from code review
Use name from deletedBranch
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
* make notifyWatchers work on multiple actions
* more efficient multiple notifyWatchers
* Make CommitRepoAction take advantage of multiple actions
* Batch post and pre-receive results
* Set batch to 30
* Auto adjust timeout & add logging
* adjust processing message
* Add some messages to pre-receive
* Make any non-200 status code from pre-receive an error
* Add missing hookPrintResults
* Remove shortcut for single action
* mistaken merge fix
* oops
* Move master branch to the front
* If repo was empty and the master branch is pushed ensure that that is set as the default branch
* fixup
* fixup
* Missed HookOptions in setdefaultbranch
* Batch PushUpdateAddTag and PushUpdateDelTag
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* fixed so when deleting a branch after merging a PR, a webhook is triggered
* changed to use pr.HeadRepo instead of ctx.Repo when sending webhook for a deletion of branch after merging pr
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Wrap the code indexer
In order to prevent a data race in the code indexer it must be wrapped
with a holder otherwise it is possible to Search/Index on an
incompletely initialised indexer, and search will fail with a nil
pointer until the repository indexer is initialised.
Further a completely initialised repository indexer should not be closed
until Termination otherwise actions in Hammer/Shutdown phases could
block or be lost.
Finally, there is a complex dance of shutdown etiquette should the index
initialisation fail. This PR restores that.
* Always return err if closed whilst waiting
Co-authored-by: techknowlogick <matti@mdranta.net>
* Prefix all user-generated IDs in markup
* Add user-content- to IDs in unit-tests
* fixup markdown_test.go
* update the hrefs for the wiki test
* Add blackfriday extension regex
Signed-off-by: jolheiser <john.olheiser@gmail.com>
The minimum key size defaults weren't set as suggested in app.ini.sample
so if you enabled MINIMUM_KEY_SIZE_CHECK it would always fail since
there would be no matching values to check against. This pr adds the
default values that should have been there.
Should fix#9465
* Add ActionCommentPull action
Adds ActionCommentPull action to distinguish between a comment on an
issue and on a pull request
* Update modules/notification/action/action.go
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Issue with Migration rule v111
I was facing some issues with migration rule v111
* Update v111.go
Fix pgsql test cases
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
* use numbers and not http.Status___ enum
* fix test
* add many missing swagger responses
* code format
* Deletion Sould return 204 ...
* error handling improvements
* if special error type ... then add it to swagger too
* one smal nit
* invalidTopicsError is []string
* valid swagger specification 2.0
- if you add responses swagger can tell you if you do it right 👍
* use ctx.InternalServerError
* Revert "use numbers and not http.Status___ enum"
This reverts commit b1ff386e24.
* use http.Status* enum everywhere
* Add migration to sanitize repository original_url
During a large code move in #6200 the OriginalURL field was
accidentially changed to be populated with the CloneAddr field which
will contain the username and/or password provided during a migration.
This behavior was fixed in previous PR #9097 and this migration will
remove any authentication details that were stored in the database
between those two.
* use net/url to rebuild URL instead of strings.Replace
* Update models/migrations/migrations.go
* changes per lunny
* make fmt
* Add .ignore file for search tools
Tools like `rg` [1] and `ag` [2] support a `.ignore` file which defines
files that are ignored during a recursive search. This adds the file
which makes recursive file searches in the code base ignore files that
are generally not desirable to search in like bindata, vendored files
and compiled frontend assets.
[1] https://github.com/BurntSushi/ripgrep/
[2] https://github.com/ggreer/the_silver_searcher
* add leading slash
* remove files already in .gitignore
CloneAddr will contain username and password credentials and they will
get stored in system notices about failed migrations (and logs if trace
is set). Replace with OriginalURL that doesn't have those.
Change the repository referenced when displaying commits or diffs in
pull request to the base repository. The forked repository may not be
readable by users who can read the base repository. See discussion for
(#3356).
* Add os specific sed for FreeBSD.
* Replace hardcoded "make" with $(MAKE)
Some systems don't use GNU make by default, and use something like
gnumake or gmake. Respect that when determining the make version.
* DOCS: add mention of swagger api reference
It's(swagger api link) mentioned vaguely in the FAQ but IMHO missing from API usage page.
* Add warning to avoid template mismatches
Related to https://github.com/go-gitea/gitea/issues/9320
* Fix Slack webhook payload title generation to work with Mattermost by using a markdown link instead of html
* Fix Slack webhook attachment title and title link handling
* Fixed errors logging in dump.go
* Replaced overlooked log.Fatal() with fatal()
* Run make fmt on dump.go
* Added missing new line to the fatal log
* Run make fmt on dump.go
* Sleep longer if request speed is over github limitation
* improve code
* remove unused code
* fix lint
* Use github's rate limit remain value to determine how long to sleep
* Save reset time when finished github api request
* fix bug
* fix lint
* Add context.Context for sleep
* fix test
* improve code
* fix bug and lint
* fix import order
* update #9132 and #8834 - add SimpleMDE for issue and fix image paste for comment editor
* attache tribute to simplemde
* update #9197 force simplemde file input event when backspace press
* Combine Drone release steps
Fixes missing JS/CSS because drone did unwanted parallelization of the
js/css task and the generate task. Combined the tasks into one and made
'make release' work standalone.
Fixes: https://github.com/go-gitea/gitea/issues/9324
Fixes: https://github.com/go-gitea/gitea/issues/9362
* move js/css to generate dependencies
* remove unneccessary go-all target
* remove go target as well
* Fix the intermittent TestGPGGit failures
Reattempt to open the listener if the port is busy with a delay up to a second
Switch from generating a private key each time, just use a known good key
* Change graceful to use a singleton obtained through GetManager instead of a global.
* Graceful: Make TestPullRequests shutdownable
* Graceful: Make the cron tasks graceful
* Graceful: AddTestPullRequest run in graceful ctx
* Graceful: SyncMirrors shutdown
* Graceful: SetDefaultContext for Xorm to be HammerContext
* Avoid starting graceful for migrate commands and checkout
* Graceful: DeliverHooks now can be shutdown
* Fix multiple syncing errors in modules/sync/UniqueQueue & Make UniqueQueue closable
* Begin the process of making the repo indexer shutdown gracefully
* Refactor
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Add push-create to SSH serv
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Cannot push for another user unless admin
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Get owner in case admin pushes for another user
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Set new repo ID in result
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Update to service and use new org perms
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Move pushCreateRepo to services
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Fix import order
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Changes for @guillep2k
* Check owner (not user) in SSH
* Add basic tests for created repos (private, not empty)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Default NO_REPLY_ADDRESS to DOMAIN
The default NO_REPLY_ADDRESS was previously noreply.example.org
This PR changes this to default to the default DOMAIN for gitea.
* Change default to noreply.%(DOMAIN)s
* Change default to "noreply" + Domain
* Make sure only issues are redirected to external tracker
* Ensure correct redirects for pulls after dependency or watch.
* NewIssuePost is always issues so no need to redirect with type.
* Save patches to temporary files
* Remove SavePatch and generate patches on the fly
* Use ioutil.TempDir
* fixup! Use ioutil.TempDir
* fixup! fixup! Use ioutil.TempDir
* RemoveAll LocalCopyPath() in initIntergrationTest
* Default to status checking on PR creation
* Remove unnecessary set to StatusChecking
* Protect against unable to load repo
* Handle conflicts
* Restore original conflict setting
* In TestPullRequests update status to StatusChecking before running TestPatch
The underlying implementation of os.exec uses channels and goroutines.
It is possible to have time-variant error values returned from Cmd.Wait
depending on which comes first.
Also, the git subcommand and options should be separated tokens.
Fixes a flaky test in modules/git/command_test.go
* Remove more explicit 'generate' calls
`generate` is now implicit during `build` since #9114, it is no longer
necessary or desired to specify it explicitely.
* add js,css,generate dependencies to release task
* remove generate warning as per @lunny
* reject reactions wich ar not allowed
* dont duble check CreateReaction now throw ErrForbiddenIssueReaction
* add /repos/{owner}/{repo}/issues/comments/{id}/reactions endpoint
* add Find Functions
* fix some swagger stuff + add issue reaction endpoints + GET ReactionList now use FindReactions...
* explicite Issue Only Reaction for FindReactionsOptions with "-1" commentID
* load issue; load user ...
* return error again
* swagger def canged after LINT
* check if user has ben loaded
* add Tests
* better way of comparing results
* add suggestion
* use different issue for test
(dont interfear with integration test)
* test dont compare Location on timeCompare
* TEST: add forbidden dubble add
* add comments in code to explain
* add settings.UI.ReactionsMap
so if !setting.UI.ReactionsMap[opts.Type] works
* Support custom sanitization policy
Allowing the gitea administrator to configure sanitization policy allows
them to couple external renders and custom templates to support more
markup. In particular, the `pandoc` renderer allows generating KaTeX
annotations, wrapping them in `<span>` elements with class `math` and
either `inline` or `display` (depending on whether or not inline or
block mode was requested).
This iteration gives the administrator whitelisting powers; carefully
crafted regexes will thus let through only the desired attributes
necessary to support their custom markup.
Resolves: #9054
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
* Document new sanitization configuration
- Adds basic documentation to app.ini.sample,
- Adds an example to the Configuration Cheat Sheet, and
- Adds extended information to External Renderers section.
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
* Drop extraneous length check in newMarkupSanitizer(...)
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
* Fix plural ELEMENT and ALLOW_ATTR in docs
These were left over from their initial names. Make them singular to
conform with the current expectations.
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
* Showing the list of labels of template files #7812
* Returning and logging errors when loading labels
* Commenting public method
* Change log level in case of error loading labels.
This results in around 4kB saving in CSS size and also resolves with a
particular issue on git bash which had issues with the format of the
lessc arguments.
This will ensure our repo is always checked out with LF line endings
which should help Windows users who have line ending normalization
enabled.
Additionally, added the LF preference to .editorconfig.
* Possibility to not use whitelist but allow anyone with write access
* fix existing test
* rename migration function
* Try to give a better name for migration step
* Clear settings if higher level setting is not set
* Move official reviews to db instead of counting approvals each time
* migration
* fix
* fix migration
* fix migration
* Remove NOT NULL from EnableWhitelist as migration isn't possible
* Fix migration, reviews are connected to issues.
* Fix SQL query issues in GetReviewersByPullID.
* Simplify function GetReviewersByIssueID
* Handle reviewers that has been deleted
* Ensure reviews for test is in a well defined order
* Only clear and set official reviews when it is an approve or reject.
In #7907 a change was made to use the same template for repo and wiki
commit lists. However, there is no code or logic for showing the diff of
a wiki commit so it just produces broken links like:
5e72eeb008
This just removes the link for now until that feature is implemented
* Make repository list @ issues/PR page persist
Will partially fix#6355
* Enable multiple selections in repo list @ issues/PR page
Part of issue #6355
* Add RepoIDs to UserIssueStatsOptions to make "type" count correct when selecting one/multiple repos.
* Replace variable "repo" with list "repos[]" and enable multiple selections of repositories from list by including/excluding RepoIDs in list.
*
* Remove redundant code
* Add 'All' button
Improves functionality of the page, so that backtracking is not necessary to reset the page
* Remove redundant variable
Completely replace 'RepoID' with 'RepoIDs' and remove redundant code
* Add RepoIDs to label link
* Revert part of code to previous version to troubleshoot build failure
* Implement old and new pieces of code whilst adhering to multi select
* Attempt to join the two versions
Last commit passed tests but doesn't work in practice, this works in practice and hopefully passes the tests.
* Update tests to desired state
* Fix pagination implementation and tests
* Pass repoIDs as `repos=[1,2,3...]` instead of several `repos[]=..`
* Update tests file to reflect new functionality
* Update template with new `repos` format
* Implement new solution to show constant "total issues" count for "All" button
* Correct behavior when passing zero to array
* Comment out test url returning 404
This keeps returning 404 in the test despite working in practice, for the sake of running more tests I am commenting it out
* Comment out another test url returning 404
Last attempt, if more tests crash I will uncomment the urls and request assistance.
* Reenable tests and test fix
* Re-enable tests
* Make selecting "In your repositories" reset selection as passing IDs of repos belonging to other profiles causes breakage
* Remove unnecessary (with multi-selection enable) code
* Drop repo from repo map and total count if permission denied
* Remove extra parenthesis
* make template work again
* find bug!
* forgot the '#' at bugfixing
* delete unused RepoID
* compile regex only one time
* make fmt
* local variable = capital letter lower
* check if repos query pattern is correct
* pagination remove last , - make regex work again
* use Replace instead of ReplaceAll; del delete
* fix test
* how did this test binary got in?!?
dont forgot the "-p" at git add * !
* dont replace -> cut fisrt & last string
Co-Authored-By: zeripath <art27@cantab.net>
* jet another regex
dont mind as long as it has the same result and is performatn ...
Co-Authored-By: zeripath <art27@cantab.net>
* dont use nonexisting repo for test
* exclude /issues?type=created_by from test
* add table to querys
use same syntax in each query (table.colum)
* add new issue for test
* dont make a workaround or something else
this need a refactor itself and is out of scope for this PR
* fix misspell
* CI.redo()
* englisch txt update
Co-Authored-By: zeripath <art27@cantab.net>
* add sugestions
* Tweak & Fix
* CI.restart()
* add [ui] Reactions
* move contend check from form to go functions
* use else if
* check if reaction is allowed only on react
(so previous custom reaction can be still removed)
* use $.AllowedReactions in templates
* use ctx.Flash.Error
* use it there too
* add redirection
* back to server error
because a wrong reaction is a template issue ...
* add emoji list link
* add docs entry
* small wording nit
suggestions from @jolheiser - thx
* same reactions as github
* fix PR reactions
* handle error so template JS could check
* Add Integrations Test
* add REACTIONS setting to cheat-sheet doc page
* Add support for local vs. remote xrefs
* Add doc for references
* Docs: fix cases not currently supported
* One more doc fix
* Doc: mentions for teams and orgs
* Change !num ref concept, no change in functionality
* Fix test
* Improve table of issue reference types
* Fix paragraph mark
* Graceful: Create callbacks to with contexts
* Graceful: Say when Gitea is completely finished
* Graceful: Git and Process within HammerTime
Force all git commands to terminate at HammerTime
Force all process commands to terminate at HammerTime
Move almost all git processes to run as git Commands
* Graceful: Always Hammer after Shutdown
* ProcessManager: Add cancel functionality
* Fix tests
* Make sure that process.Manager.Kill() cancels
* Make threadsafe access to Processes and remove own unused Kill
* Remove cmd from the process manager as it is no longer used
* the default context is the correct context
* get rid of double till
* Properly fix#7127
Although #7300 properly shadows the password from the virtual session
provider, the template displaying the provider config still presumed
that the config was JSON.
This PR updates the template and properly hides the Virtual Session
provider.
Fixes#7127
* update per @silverwind's suggestion
* Yet another attempt to fix the race in gpg_git_test
* add some fail nows
* Need to set preparetestenv
* Ensure that http messages go to the correct server
* Graceful: Allow graceful restart for fcgi
My previous interpretation was incorrect - we do not handle sockets
being passed in over stdin
* Update web.go
* Add single sign-on support via SSPI on Windows
* Ensure plugins implement interface
* Ensure plugins implement interface
* Move functions used only by the SSPI auth method to sspi_windows.go
* Field SSPISeparatorReplacement of AuthenticationForm should not be required via binding, as binding will insist the field is non-empty even if another login type is selected
* Fix breaking of oauth authentication on download links. Do not create new session with SSPI authentication on download links.
* Update documentation for the new 'SPNEGO with SSPI' login source
* Mention in documentation that ROOT_URL should contain the FQDN of the server
* Make sure that Contexter is not checking for active login sources when the ORM engine is not initialized (eg. when installing)
* Always initialize and free SSO methods, even if they are not enabled, as a method can be activated while the app is running (from Authentication sources)
* Add option in SSPIConfig for removing of domains from logon names
* Update helper text for StripDomainNames option
* Make sure handleSignIn() is called after a new user object is created by SSPI auth method
* Remove default value from text of form field helper
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Remove default value from text of form field helper
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Remove default value from text of form field helper
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Only make a query to the DB to check if SSPI is enabled on handlers that need that information for templates
* Remove code duplication
* Log errors in ActiveLoginSources
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Revert suffix of randomly generated E-mails for Reverse proxy authentication
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Revert unneeded white-space change in template
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Add copyright comments at the top of new files
* Use loopback name for randomly generated emails
* Add locale tag for the SSPISeparatorReplacement field with proper casing
* Revert casing of SSPISeparatorReplacement field in locale file, moving it up, next to other form fields
* Update docs/content/doc/features/authentication.en-us.md
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Remove Priority() method and define the order in which SSO auth methods should be executed in one place
* Log authenticated username only if it's not empty
* Rephrase helper text for automatic creation of users
* Return error if more than one active SSPI auth source is found
* Change newUser() function to return error, letting caller log/handle the error
* Move isPublicResource, isPublicPage and handleSignIn functions outside SSPI auth method to allow other SSO methods to reuse them if needed
* Refactor initialization of the list containing SSO auth methods
* Validate SSPI settings on POST
* Change SSPI to only perform authentication on its own login page, API paths and download links. Leave Toggle middleware to redirect non authenticated users to login page
* Make 'Default language' in SSPI config empty, unless changed by admin
* Show error if admin tries to add a second authentication source of type SSPI
* Simplify declaration of global variable
* Rebuild gitgraph.js on Linux
* Make sure config values containing only whitespace are not accepted
* 'update'
* Send push tag event when release created
* send tag create event while release created in UI
* update to go v1.13
* fix gofmt error
* update #8671 move release tag created hook to modules/notification/webhook due to #8802 refactoring
* use NotifyCreateRef and NotifyPushCommits instead of NotifyNewReleaseTag
* move tag notification to correct place
* move semantic.dropdown.custom.js to webpack
Also disabled a annoying linter rule which insisted that imports can not
contain a file extension.
Fixes: https://github.com/go-gitea/gitea/issues/8971
* reorganize web_src files and rebuild
* restart ci
* Add USE_SERVICE_WORKER setting
This will be very useful setting for anyone doing frontend work.
Fixes: https://github.com/go-gitea/gitea/issues/9044
* prevent potential syntax error on old browsers
* Graceful Shutdown for windows and others
Restructures modules/graceful, adding shutdown for windows, removing and
replacing the old minwinsvc code.
Creates a new waitGroup - terminate which allows for goroutines to
finish up after the shutdown of the servers.
Shutdown and terminate hooks are added for goroutines.
* Remove unused functions - these can be added in a different PR
* Add startup timeout functionality
* Document STARTUP_TIMEOUT
* FIX: getIssueWatchers() get only aktive suscriber
* save query to work later with it or not ...
* fix test + add new case
* corect tests + GetIssueWatch
* API issue_subscripton: Put/Delete require tocken
* remove redundant code
* swagger specify return value
* remove unused binding
* remove note
because I'll implement this in a different way and in another PR
* ID should be unique!
* use xorm session
* Revert "use xorm session"
This reverts commit c1de540147.
* better test code
* more acurate comments
* use assert.False/True instead of Equal
* use more assert methodes
* Add team permission setting to allow creating repo in organization.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add test case for creating repo when have team creation access.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* build error: should omit comparison to bool constant
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add comment on exported functions
* Fix fixture consistency, fix existing unit tests
* Fix boolean comparison in xorm query.
* addCollaborator and changeCollaborationAccessMode separate steps
More clear to use different if-cases.
* Create and commit xorm session
* fix
* Add information of create repo permission in team sidebar
* Add migration step
* Clarify that repository creator will be administrator.
* Fix some things after merge
* Fix language text that use html
* migrations file
* Create repository permission -> Create repositories
* fix merge
* fix review comments
* Add password requirement info on error
* Move BuildComplexityError to the password pkg
* Unexport complexity type
* Fix extra line
* Update modules/password/password.go
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Mail issue subscribers, rework the function
* Simplify a little more
* Fix unused variable
* Refactor mail delivery to avoid heavy load on server
* Avoid splitting into too many goroutines
* Fix comments and optimize GetMaileableUsersByIDs()
* Fix return on errors
- moved gitgraph.js to web_src and made it importable and es6-compatible
- created new webpack chunk for gitgraph
- enabled CSS loader in webpack
- enabled async/await syntax via regenerator-runtime
- added script to ensure webpack chunks are loaded correctly
- disable terser's comment extraction to prevent .LICENCE files
gitgraph.js has many issues:
1. it is incompatible with ES6 because of strict-mode violations
1. it does not export anything
1. it's css has weird styles like for `body`
1. it is not available on npm
I fixed points 1-3 in our version so it's now loadable in webpack. We should eventually consider alternatives.
* Add add 'write' 'preview' buttons to wiki edit like in issues
affects #6975
Signed-off-by: Michael Gnehr <michael@gnehr.de>
* update dark theme
Signed-off-by: Michael Gnehr <michael@gnehr.de>
* fix css lint warnings - missing spaces
Signed-off-by: Michael Gnehr <michael@gnehr.de>
* hide preview button on no fullscreen toolbar
Signed-off-by: Michael Gnehr <michael@gnehr.de>
* Add retry for migration http/https requests
* give the more suitable name for retry configuraion items
* fix docs and lint
* Only use retryDownloader when setting > 1
* wiki - enable side-by-side button in editor
and add some delay so side-by-side live preview is updated
* every 10th keypress
* if keypress < 10 -> apter no input for 1 sec
affects #5436
Signed-off-by: Michael Gnehr <michael@gnehr.de>
* decrease timeinterval user need to stop before rendering is triggered
Signed-off-by: Michael Gnehr <michael@gnehr.de>
* removed not needed code with simpleMDE placeholder
Signed-off-by: Michael Gnehr <michael@gnehr.de>
* run highlight.js on markdown preview
Signed-off-by: Michael Gnehr <michael@gnehr.de>
* fix white border around side-by-side preview
Signed-off-by: Michael Gnehr <michael@gnehr.de>
Fix#9001
The GZIP ProxyReponseWriter doesn't currently respond correctly
to requests about its Written status - leading to #9001.
This PR properly reimplements these methods.
* Fix broken link to branch from issue list
* Update templates/repo/issue/list.tmpl
Co-Authored-By: mrsdizzie <info@mrsdizzie.com>
* apply @mrsdizzie's review
* move transfer repository and rename repository on a service package and start action notification
* remove unused codes
* fix lint
* fix bugs
* fix test
* fix test
* fix test
* fix lint
* update go mod and sum
* modernize js and use babel
- add babel toolchain to transform modern JS to ES5
- extend eslint config for modern rules
- fixes linting issues via `eslint --fix` and manual fixes
* run 'make css' to satisfy CI
* code style tweaks and set js indendation to 2 in .editorconfig
* regenerate js
Fix#8718
This PR shadows passwords in session config correctly by detecting
the VirtualProvider, unmarshalling the original config and then
shadowing config within that.
* Update User information in Gitea based on LDAP when login
* Update Admin Flag only if exist in settings
* Fix affectation
* Update models/login_source.go
Co-Authored-By: JustKiddingCode <JustKiddingCode@users.noreply.github.com>
* Better ident
* Apply suggestions from code review
Update user information
Co-Authored-By: 6543 <24977596+6543@users.noreply.github.com>
* Make fmt
* add err handling
* if user exist but login is Prohibit return return nil, and Prohibit err
* keep login speed
* User sync is implemented at #1478 - so only make sure that admin acces is drpoed if changed
* handle error and still use async task
* no async
* only update admin if Sync is enabled
* update two comments
* add lafriks suggestions
Co-Authored-By: Lauris BH <lauris@nix.lv>
* if adminFilter is set - use it
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Update models/login_source.go
well - I should look more detaild at suggestions :D
Co-Authored-By: Lauris BH <lauris@nix.lv>
* make it work again
* set is_admin value to user
* look nicer
Passing these volumes to the container enable gitea to use hosts localtime and timezone.
This is a mandatory change when using the "Setup fail2ban" Guide, but it is not described in the documentation.
In investigating #7947 it has become clear that the storage component of go-git repositories needs closing.
This PR adds this Close function and adds the Close functions as necessary.
In TransferOwnership the ctx.Repo.GitRepo is closed if it is open to help prevent the risk of multiple open files.
Fixes#7947
* Convert EOL to UNIX-style to render MD properly
* Update modules/markup/markdown/markdown.go
Co-Authored-By: zeripath <art27@cantab.net>
* Fix lint optimization
* Check for empty content before conversion
* Update modules/util/util.go
Co-Authored-By: zeripath <art27@cantab.net>
* Improved checks and tests
* Add paragraph render test
* Improve speed even more, improve tests
* Small improvement by @gary-kim
* Fix test for DOS
* More improvements
* Restart CI
Update all Github migration tests to use a new repo created just for
these tests that won't accidentially be modified by regular users
interacting with issues.
Fixes#8895
This PR migrates temp_repo.go to use git.NewCommand instead creating processes by itself - this fixes the problem underlying PR #8905.
There are other places that run git outside of the controlled locale defined in #8548 but temp_repo.go is the only cause of failure of local testing in cases where English is not the default - implying that error messages from those other commands are not interpreted.
Replaces #8905
* Add support for AUTO_WATCH_ON_CHANGES and AUTO_WATCH_ON_CLONE
* Update models/repo_watch.go
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Round up changes suggested by lafriks
* Added changes suggested from automated tests
* Updated deleteUser to take RepoWatchModeDont into account, corrected inverted DefaultWatchOnClone and DefaultWatchOnChanges behaviour, updated and added tests.
* Reinsert import "github.com/Unknwon/com" on http.go
* Add migration for new column `watch`.`mode`
* Remove serv code
* Remove WATCH_ON_CLONE; use hooks, add integrations
* Renamed watch_test.go to repo_watch_test.go
* Correct fmt
* Add missing EOL
* Correct name of test function
* Reword cheat and ini descriptions
* Add update to migration to ensure column value
* Clarify comment
Co-Authored-By: zeripath <art27@cantab.net>
* Simplify if condition
There are two major components to this PR:
* This PR handles merge and rebase failures from merging a little more nicely with Flash errors rather a 500.
* All git commands are run in the LC_ALL="C" environment to ensure that error messages are in English. This DefaultLocale is defined in a way that if necessary (due to platform weirdness) it can be overridden at build time using LDFLAGS="-X "code.gitea.io/gitea/modules/git.DefaultLocale=C"" with C changed for the locale as necessary.
* Update Github migration test
Earlier today #716 was reopened which updated the modification time for
an old milestone (1.6.0) that we use in testing with the assumption that
it is old and won't change. This breaks all builds now, so remove this
test since we have others that test the same code and this milestone
will likely be updated again as that issue changes etc...
* ci
* Allow to add and remove all repositories to team.
* Change style, buttons on same row.
* Apply suggestions from code review
Grammar
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Move set num repos to lower function.
* Make general language sentences
* js: Import Semantic-UI's dropdown.js (version 2.3.1)
* js: Set tabindex=-1 on dropdown items
Setting tabindex=-1 on focusable elements within dropdown menus allows
the user to treat dropdown menus as a single focusable item with its own
internal navigation using arrow keys.
* js: Don't use jQuery to click menu items
Menu items are often <a> elements, which jQuery refuses to trigger click
events on. Instead it just bubbles up to the menu.
Using HTMLElement's click method fixes this and makes menu items
clickable from the keyboard using dropdown menus.
* js: Set correct ARIA 1.1 roles on dropdown menus
Setting role= makes assistive technology aware there is a widget here.
In this case, Orca will now exit browse mode and allow us to capture
keydown events when focused on a dropdown menu. It will also inform the
user that there's a menu focused.
Since dropdowns can be used in multiple elements each with different
ARIA roles, a guessRole method is used to find the correct role.
All roles I consider possible are listed, but only menu is implemented.
* js: Set aria-expanded when dropdown menus show and hide
This is deliberately done before the transition finishes so that screen
readers get immediate feedback.
* js: Set aria-label or aria-labelledby on dropdown menus
This makes dropdown menu buttons screen reader accessible.
aria-labelledby refers to an element using an ID, so the chosen labels
are now assigned a unique ID- This ID is not stable, do not refer to it
with user scripts.
* js: Set aria-activedescendant on dropdown menus
As the menus grab focus and navigate by tracking a 'selected' div class,
assistive technology has no idea that what the current selection is.
Assign IDs to each menu item and set aria-activedescendant to the ID of
the currently selected menu item.
When the menu is unfocused, remove aria-activedescendant- This isn't
neccessary but in my experience it triggers Orca to remind the user of
their current selection when re-focusing the menu.
* Makefile: Make eslint ignore semantic.dropdown.js
This file is taken from Semantic UI which isn't linted upstream.
Ignore it as we won't fix these issues.
* js: Add version note to semantic.dropdown.js
* Add Md5 AppVer to templates/base/footer.tmpl
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Add Md5 AppVer to templates/pwa/serviceworker_js.tmpl
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* semantic.dropdown.js -> semantic.dropdown.custom.js
* Use eslintignore
* remove bogus submodule
* Show due date in dashboard issues list
Include due date when vieiwiing all issues on dashboard (matching what
we show for repo issue lists).
Fixes#8859
* Put in same order as repo issue list
* Add suggested changes and also update repo issue list to match
* Add template capability for issue mail subject
* Remove test string
* Fix trim subject length
* Add comment to template and run make fmt
* Add information for the template
* Rename defaultMailSubject() to fallbackMailSubject()
* General rewrite of the mail template code
* Fix .Doer name
* Use text/template for subject instead of html
* Fix subject Re: prefix
* Fix mail tests
* Fix static templates
* [skip ci] Updated translations via Crowdin
* Expose db.SetMaxOpenConns and allow non MySQL dbs to set conn pool params (#8528)
* Expose db.SetMaxOpenConns and allow other dbs to set their connection params
* Add note about port exhaustion
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Prevent .code-view from overriding font on icon fonts (#8614)
* Correct some outdated statements in the contributing guidelines (#8612)
* More information for drone-cli in CONTRIBUTING.md
* Increases the version of drone-cli to 1.2.0
* Adds a note for the Docker Toolbox on Windows
Signed-off-by: LukBukkit <luk.bukkit@gmail.com>
* Fix the url for the blog repository (now on gitea.com)
Signed-off-by: LukBukkit <luk.bukkit@gmail.com>
* Remove TrN due to lack of lang context
* Redo templates to match previous code
* Fix extra character in template
* Unify PR & Issue tempaltes, fix format
* Remove default subject
* Add template tests
* Fix template
* Remove replaced function
* Provide User as models.User for better consistency
* Add docs
* Fix doc inaccuracies, improve examples
* Change mail footer to math AppName
* Add test for mail subject/body template separation
* Add support for code review comments
* Update docs/content/doc/advanced/mail-templates-us.md
Co-Authored-By: 6543 <24977596+6543@users.noreply.github.com>
* Theme arc-green: reverse heatmap colors
This uses the same colors as the updated palette in the base theme.
See #8709 and #5864, in particular [my comment showing the problem](https://github.com/go-gitea/gitea/issues/5864#issuecomment-462334171)
* Rebuild CSS
* Use link color as hot, interpolate between hot and cold colors
* Use color from a:hover
* Add field IsAllRepositories to team
* Add AllRepositories to team UI
* Manage team with access to all repositories
* Add field IsAllRepositories to team API
* put backticks around table/column names
* rename IsAllRepositories to IncludesAllRepositories
* do not reload slice if already loaded
* add repo to teams with access to all repositories when changing repo owner
* improve tests for teams with access to all repositories
* Merge branch 'master'
* Change code for adding all repositories
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* fmt after merge
* Change code in API EditTeam similar to EditTeamPost web interface
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Clarify that all repositories will be added
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* All repositories option under Permissions headline
* New setting group 'Repository access'
* Move check IncludeAllRepositories to removeRepository.
* Revert "Move check IncludeAllRepositories to removeRepository." and add comment instead.
This reverts commit 753b7d205b.
* Clarify help text what options do.
* use relative instead of absolute paths
* update badges of ZH readme
* update screenshots
* use <style> for table
* remove useles stype
* absolute paths for images
* rename socket file, make example more precise, use long parameter name
* correct path
* use the correct path to the configuration file according to the documentation
* rename the socket unit back to 'gitea.main.socket', explicitly indicate that the socket unit should use the service file 'gitea.service'
* Handle deadline is zero (to remove deadline)
* Better API documentation for issue deadline.
* Add parameter to unset due date.
* Update pull edit API comment
Avoid out of bounds error by using strings.HasPrefix to check for
starting SSH2 text rather than assuming user input has at least 31
characters.
Add tests for bad input as well.
Fixes#8800
* add issue subscriber API
* subscribers return []user.APIFormat
* add comments
* more meaningfull description
* without "reqToken()" api works ...
* should be still secure beause ctx.user has to be there or nothing will hapen
* FIX: getIssueWatchers() get only aktive suscriber
* add return avter error on right position
* Revert "FIX: getIssueWatchers() get only aktive suscriber"
This reverts commit 5eca929185.
* Update routers/api/v1/repo/issue.go
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* test go linter again
* update swagger
* GetIssueWatchers -> GetIssueSubscribers
part one
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* GetIssueWatchers -> GetIssueSubscribers
part two
* Revert "test go linter again"
This reverts commit bab1235622.
* change description for unsubscribe too
* golangci-lint timeout avter 5min
* move issueSubscription to seperate file
* dont create black entitys
* use IsWatching until refactoring
* Update License Info
* better swagger description
* Update .golangci.yml
because functions moved from issue.go to issue_subscription.go
* add IssueWatchList type
* batch tasks
* use e Engien
* add error handling
* error should be the last type when returning multiple items
* short version
* reurn empy UserList instead of nil
* Check if file is locked on upload file commit.
* Better user message if file is locked.
* Check lfs lock before creating temporary repository. fix some errors.
* move lines
* Add comment that enabled setting is checked.
* Fix commit expand button to not go to commit link
* Fix message rendering to have correct HTML in result
* Fix check for empty commit message
* Code optimization
* if a filename in a repository contains " or \ the owner can't merge pull request with this files
because "git diff-tree" adds double quotes to that filepath
example: filepath is ab"cd but "git diff-tree" returns "ab\"cd"
now, when the owner click "Merge Pull Request" button the server returns 500
this commit fix it
Signed-off-by: Ilya Pavlov <ilux@cpan.org>
* add -z option to getDiffTree
escape spec symbols for sparse-checkout
Signed-off-by: Ilya Pavlov <ilux@cpan.org>
* go fmt
Signed-off-by: Ilya Pavlov <ilux@cpan.org>
* typo
Signed-off-by: Ilya Pavlov <ilux@cpan.org>
* escape '\'
escape all spaces and '!'
* use regexp.ReplaceAllString()
Signed-off-by: Ilya Pavlov <ilux@cpan.org>
* strings.ReplaceAll was added in go 1.12
Signed-off-by: Ilya Pavlov <ilux@cpan.org>
* add '\' to regexp.MustCompile
Signed-off-by: Ilya Pavlov <ilux@cpan.org>
* in progress changes for #7405, added ability to add cross-repo dependencies
* removed unused repolink var
* fixed query that was breaking ci tests; fixed check in issue dependency add so that the id of the issue and dependency is checked rather than the indexes
* reverted removal of string in local files becasue these are done via crowdin, not updated manually
* removed 'Select("issue.*")' from getBlockedByDependencies and getBlockingDependencies based on comments in PR review
* changed getBlockedByDependencies and getBlockingDependencies to use a more xorm-like query, also updated the sidebar as a result
* simplified the getBlockingDependencies and getBlockedByDependencies methods; changed the sidebar to show the dependencies in a different format where you can see the name of the repository
* made some changes to the issue view in the dependencies (issue name on top, repo full name on separate line). Change view of issue in the dependency search results (also showing the full repo name on separate line)
* replace call to FindUserAccessibleRepoIDs with SearchRepositoryByName. The former was hardcoded to use isPrivate = false on the repo search, but this code needed it to be true. The SearchRepositoryByName method is used more in the code including on the user's dashboard
* some more tweaks to the layout of the issues when showing dependencies and in the search box when you add new dependencies
* added Name to the RepositoryMeta struct
* updated swagger doc
* fixed total count for link header on SearchIssues
* fixed indentation
* fixed aligment of remove icon on dependencies in issue sidebar
* removed unnecessary nil check (unnecessary because issue.loadRepo is called prior to this block)
* reverting .css change, somehow missed or forgot that less is used
* updated less file and generated css; updated sidebar template with styles to line up delete and issue index
* added ordering to the blocked by/depends on queries
* fixed sorting in issue dependency search and the depends on/blocks views to show issues from the current repo first, then by created date descending; added a "all cross repository dependencies" setting to allow this feature to be turned off, if turned off, the issue dependency search will work the way it did before (restricted to the current repository)
* re-applied my swagger changes after merge
* fixed split string condition in issue search
* changed ALLOW_CROSS_REPOSITORY_DEPENDENCIES description to sound more global than just the issue dependency search; returning 400 in the cross repo issue search api method if not enabled; fixed bug where the issue count did not respect the state parameter
* when adding a dependency to an issue, added a check to make sure the issue and dependency are in the same repo if cross repo dependencies is not enabled
* updated sortIssuesSession call in PullRequests, another commit moved this method from pull.go to pull_list.go so I had to re-apply my change here
* fixed incorrect setting of user id parameter in search repos call
* 'update'
* Send push tag event when release created
* send tag create event while release created in UI
* update to go v1.13
* fix gofmt error
* fix#8576 create pull request on current repository by default
* Show zero lines on the line counter if the file empty
Signed-off-by: LukBukkit <luk.bukkit@gmail.com>
* A single variable to check whether NumLines is set
Signed-off-by: LukBukkit <luk.bukkit@gmail.com>
This PR adds basic repository LFS management UI including the ability to find all possible pointers within the repository. Locks are not managed at present but would be addable through some simple additions.
* Add basic repository lfs management
* add auto-associate function
* Add functionality to find commits with this lfs file
* Add link to find commits on the lfs file view
* Adjust commit view to state the likely branch causing the commit
* Only read Oid from database
* Move some repositories' operations to a standalone service package
* improve code
* remove unused codes
* add rollback when fork failed
* add repo when return
* Send email to assigned user
* Only send mail if enabled
* Mail also when assigned through API
* Need to refactor functions from models to issue service
* Refer to issue index rather than ID
* Disable email notifications completly at initalization if global disable
* Check of user enbled mail shall be in mail notification function only
* Initialize notifications from routers init function.
* Use the assigned comment when sending assigned mail
* Refactor so that assignees always added as separate step when new issue/pr.
* Check error from AddAssignees
* Check if user can be assiged to issue or pull request
* Missing return
* Refactor of CanBeAssigned check.
CanBeAssigned shall have same check as UI.
* Clarify function names (toggle rather than update/change), and clean up.
* Fix review comments.
* Flash error if assignees was not added when creating issue/pr
* Generate error if assignee users doesn't exist
When doing GET /api/v1/users/{user} as an unauthenticated user,
gitea throws a 500 because it's trying to dereference elements
from the context user. It wants to do this to see whether to
show the primary email and will do that if the logged in user
is admin or the user in question. However, if ctx.User is nil,
go gets really unhappy.
* Only attempt to kill parent once
* Apply suggestions from code review
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Add waitgroup for running servers
* Enabling and disabling the commit button to prevent empty commits
Signed-off-by: LukBukkit <luk.bukkit@gmail.com>
* The button won't get enabled if you change the commit message
Signed-off-by: LukBukkit <luk.bukkit@gmail.com>
* Fixes a spelling mistake for 'silent'
Signed-off-by: LukBukkit <luk.bukkit@gmail.com>
* static url
* add cors support for static resources
* [assets] work on the migration to configurable url for assets
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [misc] fix whitespace
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [assets] fix the loading of the manifest.json
It is generated dynamically, and as such can not be served by the cdn.
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* Revert "add cors support for static resources"
This reverts commit 42f964fd18
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [docs] add the STATIC_URL_PREFIX option
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [docs] reverse-proxy: nginx: add two setups for STATIC_URL_PREFIX
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [assets] migrate the url of a new asset to the static url prefix
REF: f2a3abc683
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* More information for drone-cli in CONTRIBUTING.md
* Increases the version of drone-cli to 1.2.0
* Adds a note for the Docker Toolbox on Windows
Signed-off-by: LukBukkit <luk.bukkit@gmail.com>
* Fix the url for the blog repository (now on gitea.com)
Signed-off-by: LukBukkit <luk.bukkit@gmail.com>
* Expose db.SetMaxOpenConns and allow other dbs to set their connection params
* Add note about port exhaustion
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
Add an option to protected branches to add writing deploy keys to the whitelist for pushing.
Please note this is technically a breaking change: previously if the owner of a repository was on the whitelist then any writing deploy key was effectively on the whitelist. This option will now need to be set if that is desired.
Closes#8472
Details:
* Allow Protected Branches to Whitelist Deploy Keys
* Add migration
* Ensure that IsDeployKey is set to false on the http pushes
* add not null default false
This PR ensures that once opened the diff stats detail box can be scrolled independently of the diff on the compare page.
Fixes#5532
Details:
* make diff-detail-box the main container
* move file diff at the same level as diff-stats
* make diff-view options sticy again
* make diff-stats scroll if to mouch
* rm useless css info
* less: mv diff-stats to own class
* use new css class
* cleanup less file
* diff-counter: margin-right: 15px;
* make CI work
* make numbers colorful
* add sign (-/+) to numbers
* allow external rendering of other filetypes
fixes#4996 and #7614
allows rendering of non-tex files, or otherwise accounted for filetypes
* Moves flie-size check before read()
And performs gofmt -s
* Only reads if markType is detected
* Ensure defaultGPGSettings not nil
* Ensure that coerced commits gain a reference to the repo
* Add warning if trying to get defaultgpgsetting on an unattached commit
* Allow committing / adding empty files from the web ui (#8420)
Signed-off-by: LukBukkit <luk.bukkit@gmail.com>
* Add a modal to confirm the commit of an empty file
Signed-off-by: LukBukkit <luk.bukkit@gmail.com>
This PR fixes#7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however.
## Features
- [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.)
- [x] Verify commits signed with the default gpg as valid
- [x] Signer, Committer and Author can all be different
- [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon.
- [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available
- Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg
- [x] Try to match the default key with a user on gitea - this is done at verification time
- [x] Make things configurable?
- app.ini configuration done
- [x] when checking commits are signed need to check if they're actually verifiable too
- [x] Add documentation
I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
* Update the provided gitea.service since we have graceful restarting again
* Update contrib/systemd/gitea.service
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
editorconfig-core-go made breaking api changes and has recently released
v2.1.1. This change consumes the new api and fixes up any breaking
references.
* Prevent deadlock in indexer initialisation during graceful restart
* Move from gracehttp to our own service to add graceful ssh
* Add timeout for start of indexers and make hammer time configurable
* Fix issue with re-initialization in indexer during tests
* move the code to detect use of closed to graceful
* Handle logs gracefully - add a pid suffix just before restart
* Move to using a cond and a holder for indexers
* use time.Since
* Add some comments and attribution
* update modules.txt
* Use zero to disable timeout
* Move RestartProcess to its own file
* Add cleanup routine
* Add Diff Download to Compare List
* Add&Change Text for Diff Options
* move button to seperate template
* add drop down menue with options
* Update: Compare
update Gogs, BitBucket, RhodeCode and remove gitea issue link
Co-Authored-By: Lauris BH <lauris@nix.lv>
* remove last things from TESTing
* Update app.ini.sample
Give further information on hyperlink rendering in Markdown
* Update app.ini.sample
Follow feedback from @guillep2k for CUSTOM_URL in markdown to indicate http and https are always rendered as links.
* Update custom/conf/app.ini.sample
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Update custom/conf/app.ini.sample
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
* Update config-cheat-sheet.en-us.md
Add more information on configuring URI hyperlink rendering for Markdown.
* Update config-cheat-sheet.en-us.md
Update description as suggested by @guillep2k
* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Recalculate repository access only for specific user
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Handle user repositories as well, and only add access if minimum mode
* Need to get repo owner to check if organization
@@ -313,7 +968,7 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
* SECURITY
* Fix No PGP signature on 1.9.1 tag (#7874)
* Release built with go 1.12.9 to fix security fixes in golang std lib, ref: https://groups.google.com/forum/#!msg/golang-announce/oeMaeUnkvVE/a49yvTLqAAAJ
* ENHANCEMENT
* ENHANCEMENTS
* Fix pull creation with empty changes (#7920) (#7926)
- Change into the base directory of your copy of the gitea repository,
and run `drone exec --event pull_request`.
- At the moment `drone exec` doesn't support the Docker Toolbox on Windows 10
(see [drone-cli#135](https://github.com/drone/drone-cli/issues/135))
The drone version, command line, and disk requirements do change over
time (see [#4053](https://github.com/go-gitea/gitea/issues/4053) and
@@ -110,13 +114,7 @@ included in the next released version.
## Building Gitea
Generally, the go build tools are installed as-needed in the `Makefile`.
An exception are the tools to build the CSS and images.
- To build CSS: Install [Node.js](https://nodejs.org/en/download/package-manager) at version 8.0 or above
with `npm` and then run `npm install` and `make css`.
- To build Images: ImageMagick, inkscape and zopflipng binaries must be
available in your `PATH` to run `make generate-images`.
See the [hacking instructions](https://docs.gitea.io/en-us/hacking-on-gitea/).
## Code review
@@ -157,6 +155,59 @@ import (
)
```
## Design guideline
To maintain understandable code and avoid circular dependencies it is important to have a good structure of the code. The gitea code is divided into the following parts:
- **integration:** Integrations tests
- **models:** Contains the data structures used by xorm to construct database tables. It also contains supporting functions to query and update the database. Dependecies to other code in Gitea should be avoided although some modules might be needed (for example for logging).
- **models/fixtures:** Sample model data used in integration tests.
- **models/migrations:** Handling of database migrations between versions. PRs that changes a database structure shall also have a migration step.
- **modules:** Different modules to handle specific functionality in Gitea.
- **routers:** Handling of server requests. As it uses other Gitea packages to serve the request, other packages (models, modules or services) shall not depend on routers
- **services:** Support functions for common routing operations. Uses models and modules to handle the request.
- **templates:** Golang templates for generating the html output.
- **vendor:** External code that Gitea depends on.
## API v1
The API is documented by [swagger](http://try.gitea.io/api/swagger) and is based on [GitHub API v3](https://developer.github.com/v3/).
Thus, Gitea´s API should use the same endpoints and fields as GitHub´s API as far as possible, unless there are good reasons to deviate.
If Gitea provides functionality that GitHub does not, a new endpoint can be created.
If information is provided by Gitea that is not provided by the GitHub API, a new field can be used that doesn't collide with any GitHub fields.
Updating an existing API should not remove existing fields unless there is a really good reason to do so.
The same applies to status responses. If you notice a problem, feel free to leave a comment in the code for future refactoring to APIv2 (which is currently not planned).
All expected results (errors, success, fail messages) should be documented
@@ -283,14 +339,14 @@ be reviewed by two maintainers and must pass the automatic tests.
* Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
* And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically created a release and upload all the compiled binary. (But currently it didn't add the release notes automatically. Maybe we should fix that.)
* If needed send PR for changelog on branch `master`.
* Send PR to [blog repository](https://github.com/go-gitea/blog) announcing the release.
* Send PR to [blog repository](https://gitea.com/gitea/blog) announcing the release.
## Copyright
Code that you contribute should use the standard copyright header:
```
// Copyright 2019 The Gitea Authors. All rights reserved.
// Copyright 2020 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
cd$(DIST);for file in `find /build -type f -name "*"`;do cp $${file} ./release/;done;
.PHONY:release-check
release-check:
release-check:|$(DIST_DIRS)
cd$(DIST)/release/;for file in `find . -type f -name "*"`;doecho"checksumming $${file}"&&$(SHASUM)`echo$${file}| sed 's/^..//'` > $${file}.sha256;done;
.PHONY:release-compress
release-compress:
release-compress:|$(DIST_DIRS)
@hash gxz > /dev/null 2>&1;if[$$? -ne 0];then\
$(GO) get -u github.com/ulikunitz/xz/cmd/gxz;\
fi
cd$(DIST)/release/;for file in `find . -type f -name "*"`;doecho"compressing $${file}"&& gxz -k -9 $${file};done;
npm-check:
@hash npm > /dev/null 2>&1;if[$$? -ne 0];then\
echo"Please install Node.js 8.x or greater with npm";\
exit 1;\
fi;
@hash npx > /dev/null 2>&1;if[$$? -ne 0];then\
echo"Please install Node.js 8.x or greater with npm";\
exit 1;\
fi;
.PHONY:release-sources
release-sources:|$(DIST_DIRS)node_modules
echo$(VERSION) > $(STORED_VERSION_FILE)
tar --exclude=./$(DIST) --exclude=./.git --exclude=./$(MAKE_EVIDENCE_DIR) --exclude=./node_modules/.cache -czf $(DIST)/release/gitea-src-$(VERSION).tar.gz .
rm -f $(STORED_VERSION_FILE)
.PHONY:npm
npm:npm-check
node_modules:package-lock.json
npm install --no-save
@touch node_modules
.PHONY:npm-update
npm-update:npm-check
npm-update:node-check|node_modules
npx updates -cu
rm -rf node_modules package-lock.json
npm install --package-lock
.PHONY:js
js:npm
npx eslint public/js
js:
@echo "'make js' is deprecated, please use 'make webpack'"
<h1><imgsrc="https://raw.githubusercontent.com/go-gitea/gitea/master/public/img/gitea-192.png"alt="logo"width="30"height="30"> Gitea - Git with a cup of tea</h1>
[](https://discord.gg/NsatcWJ)
[](https://discord.gg/Gitea)
[](https://microbadger.com/images/gitea/gitea "Get your own image badge on microbadger.com")
<h1><imgsrc="https://raw.githubusercontent.com/go-gitea/gitea/master/public/img/gitea-192.png"alt="logo"width="30"height="30"> Gitea - Git with a cup of tea</h1>
[](https://discord.gg/gitea)
[](https://discord.gg/Gitea)
[](https://microbadger.com/images/gitea/gitea "Get your own image badge on microbadger.com")
[](https://www.codetriage.com/go-gitea/gitea)
[](https://opencollective.com/gitea)
log.Info("Running Let's Encrypt handler on %s",setting.HTTPAddr+":"+setting.PortToRedirect)
varerr=http.ListenAndServe(setting.HTTPAddr+":"+setting.PortToRedirect,certManager.HTTPHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
<p>We collect following personal data (collectively called User Personal Information):</p>
<ol>
<li>Registration information (username, email, password, etc.)</li>
<li>Profile information for your Account (such as your full name, biography, website, gpg key, and location.)</li>
<li>Usage information (pages you view, your IP address, referring site, session information, and request date and time.)</li>
<li>Device information (its IP address, client application information, language preference, operating system and application version, device type, ID, model and manufacturer.)</li>
<li>Git data that you upload to a repository</li>
<li>Cookies and Similar Technologies</li>
</ol>
<p>We may also collect User Personal Information from third-parties (vendors, partners, or affiliates). We don't purchase them from third-party data brokers, though.</p>
<p>However, we don't intentionally collect sensitive information (such as racial or ethnic origin, political affiliations, religious/philosophical beliefs, biometric data, etc.)</p>
<!--If you choose to store any of such data on our servers, you are responsible for complying with any regulations regarding them.-->
<h2>How We Share Information We Collect?</h2>
<p>We may share your User Personal Information with third-parties under following circumstances:</p>
<h3>With your Consent</h3>
<p>We share your User Personal Information, if you consent, after letting you know what information will be shared, with whom, and why. For example, if you allow third party applications to access your Account using <a href="https://docs.gitea.io/en-us/oauth2-provider/">OAuth2 providers</a>, we share all information associated with your Account, including private repos and organizations. You may also direct us through your action on Your Gitea Instance to share your User Personal Information, such as when joining an Organization.</p>
<h3>With Service Providers</h3>
<p>We share User Personal Information with a limited number of service providers who process it on our behalf to provide or improve our Service, and who have agreed to privacy restrictions similar to the ones in our Privacy Statement by signing data protection agreements or making similar commitments. Our service providers perform payment processing, customer support ticketing, network data transmission, security, and other similar services. While Your Gitea Instance processes all User Personal Information in the (country/state where Gitea is deployed), our service providers may process data outside of (country/state where Gitea is deployed), the United States or the European Union.</p>
<h3>For Security Purposes</h3>
<p>If you are a member of an Organization, Your Gitea Instance may share your username, Usage Information, and Device Information associated with that Organization with an owner and/or administrator of the Organization who has agreed to the Corporate Terms of Service or applicable customer agreements, to the extent that such information is provided only to investigate or respond to a security incident that affects or compromises the security of that particular Organization.</p>
<h3>For Legal Disclosure</h3>
<p>Your Gitea Instance strives for transparency in complying with legal process and legal obligations. Unless prevented from doing so by law or court order, or in rare, exigent circumstances, we make a reasonable effort to notify users of any legally compelled or required disclosure of their information. Your Gitea Instance may disclose User Personal Information or other information we collect about you to law enforcement if required in response to a valid subpoena, court order, search warrant, a similar government order, or when we believe in good faith that disclosure is necessary to comply with our legal obligations, to protect our property or rights, or those of third parties or the public at large.</p>
<h3>Change in Control or Sale</h3>
<p>We may share User Personal Information if we are involved in a merger, sale, or acquisition of corporate entities or business units. If any such change of ownership happens, we will ensure that it is under terms that preserve the confidentiality of User Personal Information, and we will notify you on our Website or by email before any transfer of your User Personal Information. The organization receiving any User Personal Information will have to honor any promises we made in our Privacy Statement or Terms of Service.</p>
<p>We share certain aggregated, non-personally identifying information with others about how our users, collectively, use Your Gitea Instance, or how our users respond to our other offerings, such as our conferences or events. For example, we may compile statistics on the open source activity across Your Gitea Instance.</p>
<p>We <b>don't</b> sell your User Personal Information for monetary or other consideration. </p>
<h2>How We Use Your Information?</h2>
<p>We may use your information for following purposes:</p>
<ol>
<li>We use your Registration Information to create your account, and to provide you the Service.</li>
<li>We use your User Personal Information, specifically your username, to identify you on Your Gitea Instance.</li>
<li>We use your Profile Information to fill out your Account profile and to share that profile with other users if you ask us to.</li>
<li>We use your email address to communicate with you, if you've said that's okay, and only for the reasons you’ve said that’s okay.</li>
<li>We use User Personal Information and other data to make recommendations for you, such as to suggest projects you may want to follow or contribute to. We learn from your public behavior on Your Gitea Instance—such as the projects you star—to determine your coding interests, and we recommend similar projects. These recommendations are automated decisions, but they have no legal impact on your rights.</li>
<li>We use Usage Information and Device Information to better understand how our Users use Your Gitea Instance and to improve our Website and Service.</li>
<li>We may use your User Personal Information if it is necessary for security purposes or to investigate possible fraud or attempts to harm Your Gitea Instance or our Users.</li>
<li>We may use your User Personal Information to comply with our legal obligations, protect our intellectual property, and enforce our Terms of Service.</li>
<li>We limit our use of your User Personal Information to the purposes listed in this Privacy Statement. If we need to use your User Personal Information for other purposes, we will ask your permission first. You can always see what information we have, how we're using it, and what permissions you have given us in your user profile.</li>
</ol>
<h2>How Your Gitea Instance Secures Your Information?</h2>
<p>Your Gitea Instance takes all measures reasonably necessary to protect User Personal Information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of User Personal Information.</p>
<p>To the extent above, we enforce a written security information program, which:</p>
<ul>
<li>aligns with industry recognized frameworks;</li>
<li>includes security safeguards reasonably designed to protect the confidentiality, integrity, availability, and resilience of our Users' data;</li>
<li>is appropriate to the nature, size, and complexity of Your Gitea Instance’s business operations;</li>
<li>includes incident response and data breach notification processes; and</li>
<li>complies with applicable information security-related laws and regulations in the geographic regions where Your Gitea Instance does business.</li>
</ul>
<p>In the event of a data breach that affects your User Personal Information, we will act promptly to mitigate the impact of a breach and notify any affected Users without undue delay.</p>
<p>Transmission of data on Your Gitea Instance is encrypted using SSH, HTTPS (TLS), and git repository content is encrypted at rest. We host Your Gitea Instance at our hosting partner, which they provide data centers with high level of physical and network security.</p>
<p><b>Disclaimer:</b> No method of transmission, or method of electronic storage, is 100% secure, therefore, we cannot guarantee absolute security.</p>
<h2>Cookies and Tracking Usage</h2>
<h3>Cookies</h3>
<p>We uses cookies to make interactions with our service easy and meaningful. Cookies are small text files that websites often store on computer hard drives or mobile devices of visitors. We use cookies (and similar technologies, like HTML5 localStorage) to keep you logged in, remember your preferences, and provide information for future development of Your Gitea Instance. For security purposes, we use cookies to identify a device. By using our Website, you agree that we can place these types of cookies on your computer or device. If you disable your browser or device’s ability to accept these cookies, you will not be able to log in or use our services.</p>
<h3>Tracking and Analytics</h3>
<p>Out of the box, Gitea doesn't use third-party analytics. In case when we opt in to their usage, we do that to help us evaluate our Users' use of Your Gitea Instance, compile statistical reports on activity, and improve our content and Website performance. We only use these third-party analytics providers on certain areas of our Website, and all of them have signed data protection agreements with us that limit the type of User Personal Information they can collect and the purpose for which they can process the information. In addition, we may also deploy internal analytics software to provide similar functionality.</p>
<p>Some browsers have incorporated "Do Not Track" (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Your Gitea Instance responds to browser DNT signals and follows the <a href="https://www.w3.org/TR/tracking-dnt/">W3C standard for responding to DNT signals</a>. If you have not enabled DNT on a browser that supports it, cookies on some parts of our Website will track your online browsing activity on other online services over time, though we do not permit third parties other than our analytics and service providers to track Your Gitea Instance Users' activity over time on Your Gitea Instance.</p>
<h2>Repository Contents</h2>
<p>Our employees do not access private repositories unless required to for security purposes, for support, to maintain integrity of the Service, or to comply with our legal obligations. While we don't generally search for content in your repositories, we may scan our servers and your content to detect tokens or security signatures, known malwares, or child exploitation imagery.</p>
<p>If your repository is public, anyone may view its contents. If you include private, confidential or Sensitive Personal Information, such as email addresses or passwords, in your public repository, that information may be indexed by search engines or used by third parties.</p>
<h2>Public Information</h2>
<p>Many of our services and feature are public-facing. If your content is public-facing, third parties may access and use it in compliance with our Terms of Service, such as by viewing your profile or repositories or pulling data via our API. We do not sell that content; it is yours. However, we do allow third parties, such as research organizations or archives, to compile public-facing Your Gitea Instance information. Other third parties, such as data brokers, have been known to scrape Your Gitea Instance and compile data as well.</p>
<p>Your User Personal Information associated with your content could be gathered by third parties in these compilations of Your Gitea Instance data. If you do not want your User Personal Information to appear in third parties’ compilations of Your Gitea Instance data, please do not make your User Personal Information publicly available and be sure to configure your email address to be private in your user profile and in your git commit settings.</p>
<p>If you would like to compile Your Gitea Instance data, you must comply with our Terms of Service regarding scraping and privacy, and you may only use any public-facing User Personal Information you gather for the purpose for which our user authorized it. For example, where a Your Gitea Instance user has made an email address public-facing for the purpose of identification and attribution, do not use that email address for commercial advertising. We expect you to reasonably secure any User Personal Information you have gathered from Your Gitea Instance, and to respond promptly to complaints, removal requests, and "do not contact" requests from Your Gitea Instance or Your Gitea Instance users.</p>
<p>In similar fashion, projects on Your Gitea Instance may include publicly available User Personal Information collected as part of the collaborative events.</p>
<h2>Organizations</h2>
<p>If you collaborate on or become a member of an Organization, then its Account owners may receive your User Personal Information. When you accept an invitation to an Organization, you will be notified of the types of information owners may be able to see. If you accept an invitation to an Organization with a verified domain, then the owners of that Organization will be able to see your full email address(es) within that Organization's verified domain(s).</p>
<p>Please note, Your Gitea Instance may share your username, Usage Information, and Device Information with the owner of the Organization you are a member of, to the extent that your User Personal Information is provided only to investigate or respond to a security incident that affects or compromises the security of that particular Organization.</p>
<p>If you collaborate with or become a member of an Account that has agreed to a Data Protection Addendum (DPA) to this Privacy Policy, then that DPA governs in the event of conflicts between this Privacy Policy and DPA with respect to your activity in the Account.</p>
<p>Please contact the Account owners for more information about how they might process your User Personal Information in their Organization and the ways for you to access, update, alter, or delete the User Personal Information stored in the Account.</p>
<h2>How You Can Access and Control the Information We Collect?</h2>
<p>If you're already a Your Gitea Instance user, you may access, update, alter, or delete your basic user information by editing your user profile. You can control the information we collect about you by limiting what information is in your profile, or by keeping your information current.</p>
<p>If Your Gitea Instance processes information about you, such as information receives from third parties, and you do not have an account, then you may, subject to applicable law, access, update, alter, delete, or object to the processing of your personal information by contacting our support.</p>
<h3>Data Portability</h3>
<p>As a Your Gitea Instance User, you can always take your data with you. You can clone your repositories to your computer, or you can <a href="https://docs.gitea.io/en-us/migrations-interfaces/">perform migrations using the provided interfaces</a>, for example.</p>
<h3>Data Retention and Deletion of Data</h3>
<p>In general, Your Gitea Instance retains User Personal Information for as long as your account is active, or as needed to provide you service.</p>
<p>If you would like to cancel your account or delete your User Personal Information, you may do so in your user profile. We retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile (within reason) within 90 days of your request. Feel free to contact our support to request erasure of the data we process on the bassis of consent within 30 days.</p>
<p>After an account has been deleted, certain data, such as contributions to other Users' repositories and comments in others' issues, will remain. However, we will delete or de-identify your User Personal Information, including your username and email address, from the author field of issues, pull requests, and comments by associating them with a ghost user.</p>
<p>That said, the email address you have supplied via your Git commit settings will always be associated with your commits in the Git system. If you choose to make your email address private, you should also update your Git commit settings. We are unable to change or delete data in the Git commit history — the Git software is designed to maintain a record — but we do enable you to control what information you put in that record.</p>
<h2>Our Global Privacy Practices</h2>
<p>We store and process the information that we collect in the (country/state where Gitea is deployed) in accordance with this Privacy Statement though our service providers may store and process data outside the (country/state where Gitea is deployed). However, we understand that we have Users from different countries and regions with different privacy expectations, and we try to meet those needs even when the (country/state where Gitea is deployed) does not have the same privacy framework as other countries.</p>
<p>We provide a high standard of privacy protection—as described in this Privacy Statement—to all our users around the world, regardless of their country of origin or location, and we are proud of the levels of notice, choice, accountability, security, data integrity, access, and recourse we provide. We work hard to comply with the applicable data privacy laws wherever we do business, working with our Data Protection Officer as part of a cross-functional team that oversees our privacy compliance efforts. Additionally, if our vendors or affiliates have access to User Personal Information, they must sign agreements that require them to comply with our privacy policies and with applicable data privacy laws.</p>
<p>In particular:</p>
<ul>
<li>Your Gitea Instance provides clear methods of unambiguous, informed, specific, and freely given consent at the time of data collection, when we collect your User Personal Information using consent as a basis.</li>
<li>We collect only the minimum amount of User Personal Information necessary for our purposes, unless you choose to provide more. We encourage you to only give us the amount of data you are comfortable sharing.</li>
<li>We offer you simple methods of accessing, altering, or deleting the User Personal Information we have collected, where legally permitted.</li>
<li>We provide our Users notice, choice, accountability, security, and access regarding their User Personal Information, and we limit the purpose for processing it. We also provide our Users a method of recourse and enforcement. These are the Privacy Shield Principles, but they are also just good practices.</li>
</ul>
<h2>How We Communicate with You?</h2>
<p>We use your email address to communicate with you, if you've said that's okay, and only for the reasons you’ve said that’s okay. For example, if you contact our support with a request, we respond to you via email. You have a lot of control over how your email address is used and shared on and through Your Gitea instance. You may manage your communication preferences in your user profile.</p>
<p>By design, the Git version control system associates many actions with a User's email address, such as commit messages. We are not able to change many aspects of the Git system. If you would like your email address to remain private, even when you’re commenting on public repositories, you can create a private email address in your user profile. You should also update your local Git configuration to use your private email address. This will not change how we contact you, but it will affect how others see you.</p>
<p>Depending on your email settings, Your Gitea instance may occasionally send notification emails about changes in a repository you’re watching, new features, requests for feedback, important policy changes, or to offer customer support. We also send marketing emails, based on your choices and in accordance with applicable laws and regulations. There's an “unsubscribe” link located at the bottom of each of the marketing emails we send you. Note that you can opt out of any communications with us, except the important ones (like from our support and system emails).</p>
<p>Our emails may contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email more effective for you and to make sure we’re not sending you unwanted email.</p>
<h2>Changes to this Privacy Policy</h2>
<p>Although most changes are likely to be minor, Your Gitea Instance may change our Privacy Statement from time to time. We will provide notification to Users of material changes to this Privacy Statement through our Website at least 30 days prior to the change taking effect by posting a notice on our home page or sending email to the primary email address specified in your account.</p>
<h2>Contact</h2>
<p>If you have any concerns about privacy, please contact us at <a href="mailto:privacy@your-gitea-instance">privacy@your-gitea-instance</a>. We will respond promptly, within 45 days.</p>
<h2>COPYING</h2>
<p>This document is licensed under <a href="https://creativecommons.org/publicdomain/zero/1.0/">CC0 Public Domain license</a>.</p>
<p>Thank you for choosing Your Gitea Instance! Before you use it, please read this Terms of Service agreement carefully, which contains important contract between us and our users.</p>
<h2>Definitions</h2>
<ol>
<li>An "Account" represents your legal relationship with Your Gitea Instance. A “User Account” represents an individual User’s authorization to log in to and use the Service and serves as a User’s identity on Your Gitea Instance. “Organizations” are shared workspaces that may be associated with a single entity or with one or more Users where multiple Users can collaborate across many projects at once. A User Account can be a member of any number of Organizations.</li>
<li>The "Agreement" collectively refers to all terms, conditions, and notices referenced or contained in this document and other operating rules, policies (including Privacy Policy) and procedures that we may publish from time to time on this Website.</li>
<li>“Content” refers to content featured or displayed through the Website, including without limitation code, text, data, articles, images, photographs, graphics, software, applications, packages, designs, features, and other materials that are available on the Website or otherwise available through the Service. "Content" also includes Services. “User-Generated Content” is Content, written or otherwise, created or uploaded by our Users. "Your Content" is Content that you create or own.</li>
<li>"Your Gitea Instance", "We", and "Us" refers to Your Gitea Instance, as well as our affiliates, directors, subsidiaries, contractors, licensors, officers, agents, and employees.</li>
<li>The "Service" refers to applications/software, products, and services provided by Your Gitea Instance.</li>
<li>The "User", "You", and "Your" refers to individual person or institution (organizations or company) that has visited or using the Service; that have access or use any part of the Account; or that directs to use the Account to perform its function. Please note that additional terms may apply for Accounts related to business or government.</li>
<li>The "Website" refers to Your Gitea Instance's website at <a href="https://your-gitea-instance">your-gitea-instance</a>, including its subdomains and other websites owned by Your Gitea Instance.</li>
</ol>
<h2>Account Terms</h2>
<h3>Account Controls</h3>
<ul>
<li>Users: Subject to these Terms, you retain ultimate administrative control over your User Account and the Content within it.</li>
<li>Organizations. The "owner" of an Organization that was created under these Terms has ultimate administrative control over that Organization and the Content within it. Within the Service, an owner can manage User access to the Organization’s data and projects. An Organization may have multiple owners, but there must be at least one User Account designated as an owner of an Organization. If you are the owner of an Organization under these Terms, we consider you responsible for the actions that are performed on or through that Organization.</li>
</ul>
<h3>Required Information</h3>
<p>You must provide a valid email address in order to complete the signup process. Any other information requested, such as your real name, is optional, unless you are accepting these terms on behalf of a legal entity (in which case we need more information about the legal entity).</p>
<h3>Account Requirements</h3>
<ul>
<li>You must be a human to create an Account. Accounts registered by "bots" or other automated methods are not permitted. We do permit machine accounts:</li>
<li>A machine account is an Account set up by an individual human who accepts the Terms on behalf of the Account, provides a valid email address, and is responsible for its actions. A machine account is used exclusively for performing automated tasks. Multiple users may direct the actions of a machine account, but the owner of the Account is ultimately responsible for the machine's actions.</li>
<li>You must be age 13 or older. If we learn of any User under that age, we will immediately terminate that User's Account. Different countries may have different minimum age; in such cases you are responsible for complying with your country's regulation. By using Your Gitea Instance, you agree to comply with <a href="https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule">COPPA</a> and/or similar law in your country.</li>
</ul>
<h3>User Account Security</h3>
<p>You are responsible for keeping your Account secure while you use our Service. We offer tools such as two-factor authentication to help you maintain your Account's security, but the content of your Account and its security are up to you.</p>
<h3>Additional Terms</h3>
<p>In some situations, third parties' terms may apply to your use of Your Gitea Instance. For example, you may be a member of an organization on Your Gitea Instance with its own terms or license agreements; you may download an application that integrates with Your Gitea Instance; or you may use Your Gitea Instance to authenticate to another service. Please be aware that while these Terms are our full agreement with you, other parties' terms govern their relationships with you.</p>
<h2>Acceptable Use</h2>
<p>Your use of the Website and Service must not violate any applicable laws, including copyright or trademark laws, export control or sanctions laws, or other laws in your jurisdiction. You are responsible for making sure that your use of the Service is in compliance with laws and any applicable regulations.</p>
<h2>User-Generated Content</h2>
<ol>
<li>You may create or upload User-Generated Content while using the Service. You are solely responsible for the content of, and for any harm resulting from, any User-Generated Content that you post, upload, link to or otherwise make available via the Service, regardless of the form of that Content. We are not responsible for any public display or misuse of your User-Generated Content.</li>
<li>We do not pre-screen User-Generated Content, but we have the right (though not the obligation) to refuse or remove any User-Generated Content that, in our sole discretion, violates any our terms or policies.</li>
<li>
<p>You retain ownership of and responsibility for Your Content. If you're posting anything you did not create yourself or do not own the rights to, you agree that you are responsible for any Content you post; that you will only submit Content that you have the right to post; and that you will fully comply with any third party licenses relating to Content you post.</p>
<p>Because of above, we need you to grant us -- and other Your Gitea Instance users -- certain legal permissions, listed below in this section. If you upload Content that already comes with a license granting Your Gitea Instance the permissions we need to run our Service, no additional license is required. You understand that you will not receive any payment for any of the rights granted below. The licenses you grant to us will end when you remove Your Content from our servers, unless other Users have forked it.</p>
</li>
<li>
<p>We need the legal right to do things like host Your Content, publish it, and share it. You grant us and our legal successors the right to store, parse, and display Your Content, and make incidental copies as necessary to render the Website and provide the Service. This includes the right to do things like copy it to our database and make backups; show it to you and other users; parse it into a search index or otherwise analyze it on our servers; share it with other users; and perform it, in case Your Content is something like music or video.</p>
<p>This license, however, doesn't grant Your Gitea Instance the right to sell Your Content or otherwise distribute or use it outside of our provision of the Service.</p>
</li>
<li>
<p>Any User-Generated Content you post publicly, including issues, comments, and contributions to other Users' repositories, may be viewed by others. By setting your repositories to be viewed publicly, you agree to allow others to view and "fork" your repositories (this means that others may make their own copies of Content from your repositories in repositories they control).</p>
<p>If you set your pages and repositories to be viewed publicly, you grant each User of Your Gitea Instance a nonexclusive, worldwide license to use, display, and perform Your Content through the Your Gitea Instance Service and to reproduce Your Content solely on Your Gitea Instance as permitted through Your Gitea Instance's functionality (for example, through forking). You may grant further rights if you adopt a license. If you are uploading Content you did not create or own, you are responsible for ensuring that the Content you upload is licensed under terms that grant these permissions to other Your Gitea Instance Users.</p>
</li>
<li>
<p>Whenever you make a contribution to a repository containing notice of a license, you license your contribution under the same terms, and you agree that you have the right to license your contribution under those terms. If you have a separate agreement to license your contributions under different terms, such as a contributor license agreement, that agreement will supersede.</p>
<p><i>Isn't this just how it works already? Yep. This is widely accepted as the norm in the open-source community; it's commonly referred to by the shorthand "inbound=outbound". We're just making it explicit.</i></p>
</li>
<li>
<p>You retain all moral rights to Your Content that you upload, publish, or submit to any part of the Service, including the rights of integrity and attribution. However, you waive these rights and agree not to assert them against us, to enable us to reasonably exercise the rights granted above, but not otherwise.</p>
<p>To the extent this agreement is not enforceable by applicable law, you grant Your Gitea Instance the rights we need to use Your Content without attribution and to make reasonable adaptations of Your Content as necessary to render the Website and provide the Service.</p>
</li>
</ol>
<h2>Private Repositories</h2>
<ol>
<li>Some Accounts may have private repositories, which allow the User to control access to Content.</li>
<li>Your Gitea Instance considers the contents of private repositories to be confidential to you. Your Gitea Instance will protect the contents of private repositories from unauthorized use, access, or disclosure in the same manner that we would use to protect our own confidential information of a similar nature and in no event with less than a reasonable degree of care.</li>
<li>
<p>Your Gitea Instance employees may only access the content of your private repositories in the following situations:</p>
<ul>
<li>With your consent and knowledge, for support reasons. If Your Gitea Instance accesses a private repository for support reasons, we will only do so with the owner’s consent and knowledge.</li>
<li>When access is required for security reasons, including when access is required to maintain ongoing confidentiality, integrity, availability and resilience of Your Gitea Instance's systems and Service.</li>
</ul>
</li>
<li>You may choose to enable additional access to your private repositories. For example: You may enable various Your Gitea Instance services or features that require additional rights to Your Content in private repositories. These rights may vary depending on the service or feature, but Your Gitea Instance will continue to treat your private repository Content as confidential. If those services or features require rights in addition to those we need to provide the Your Gitea Instance Service, we will provide an explanation of those rights.</li>
</ol>
<h2>Copyright Infringement and DMCA Policy</h2>
<p>If you are copyright owner and believe that content on our website violates your copyright, please contact us at <a href="mailto:copyright@your-gitea-instance">copyright@your-gitea-instance</a>. Please note that before sending a takedown notice, consider legal uses (such as fair use and licensed use); and legal consequences for sending false notices.</p>
<p>If you'd like to use our trademarks, you must follow all of our trademark guidelines.</p>
<p>This Agreement is licensed under <a href="https://creativecommons.org/publicdomain/zero/1.0/">CCO Public Domain License</a>.</p>
<h2>API Terms</h2>
<p>Abuse or excessively frequent requests to Your Gitea Instance via the API may result in the temporary or permanent suspension of your Account's access to the API. Your Gitea Instance, in our sole discretion, will determine abuse or excessive usage of the API. We will make a reasonable attempt to warn you via email prior to suspension.</p>
<p>You may not share API tokens to exceed Your Gitea Instance's rate limitations.</p>
<p>You may not use the API to download data or Content from Your Gitea Instance for spamming purposes, including for the purposes of selling Your Gitea Instance users' personal information, such as to recruiters, headhunters, and job boards.</p>
<p>All use of the Your Gitea Instance API is subject to these Terms of Service and the Your Gitea Instance Privacy Statement.</p>
<p>However, we may provide subscription-based access to our API for Users who need high-throughput access or reselling our Service.</p>
<h2>Cancellation and Termination</h2>
<h3>Account Cancellation</h3>
<p>It is your responsibility to properly cancel your Account with Your Gitea Instance. You can cancel your Account at any time by going into your Settings in the global navigation bar at the top of the screen. The Account screen provides a simple, no questions asked cancellation link. We are not able to cancel Accounts in response to an email or phone request.</p>
<h3>Upon Cancellation</h3>
<p>We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile and the Content of your repositories within 90 days of cancellation or termination (though some information may remain in encrypted backups). This information can not be recovered once your Account is cancelled.</p>
<p>We will not delete Content that you have contributed to other Users' repositories or that other Users have forked.</p>
<p>Upon request, we will make a reasonable effort to provide an Account owner with a copy of your lawful, non-infringing Account contents after Account cancellation or termination. You must make this request within 90 days of cancellation or termination.</p>
<h3>We May Terminate</h3>
<p>Your Gitea Instance has the right to suspend or terminate your access to all or any part of the Website at any time, with or without cause, with or without notice, effective immediately. Your Gitea Instance reserves the right to refuse service to anyone for any reason at any time.</p>
<h3>Survival</h3>
<p>All provisions of this Agreement which, by their nature, should survive termination will survive termination — including, without limitation: ownership provisions, warranty disclaimers, indemnity, and limitations of liability.</p>
<h2>Communications with Us</h2>
<h3>Electronic Communications Required</h3>
<p>For contractual purposes, you (1) consent to receive communications from us in an electronic form via the email address you have submitted or via the Service; and (2) agree that all Terms of Service, agreements, notices, disclosures, and other communications that we provide to you electronically satisfy any legal requirement that those communications would satisfy if they were on paper. This section does not affect your non-waivable rights.</p>
<h3>Legal Notices to Us Must Be in Writing</h3>
<p>Communications made through email or Your Gitea Instance Support's messaging system will not constitute legal notice to Your Gitea Instance or any of its officers, employees, agents or representatives in any situation where notice to Your Gitea Instance is required by contract or any law or regulation. Legal notice to Your Gitea Instance must be in writing and served on Your Gitea Instance's legal agent.</p>
<h3>No Phone Support</h3>
<p>We only offer support via email, in-Service communications, and electronic messages. We do not offer telephone support.</p>
<h2>Disclaimer of Warranties</h2>
<p>Your Gitea Instance provides the Website and the Service “as is” and “as available,” without warranty of any kind. Without limiting this, we expressly disclaim all warranties, whether express, implied or statutory, regarding the Website and the Service including without limitation any warranty of merchantability, fitness for a particular purpose, title, security, accuracy and non-infringement.</p>
<p>Your Gitea Instance does not warrant that the Service will meet your requirements; that the Service will be uninterrupted, timely, secure, or error-free; that the information provided through the Service is accurate, reliable or correct; that any defects or errors will be corrected; that the Service will be available at any particular time or location; or that the Service is free of viruses or other harmful components. You assume full responsibility and risk of loss resulting from your downloading and/or use of files, information, content or other material obtained from the Service.</p>
<h2>Limitation of Liability</h2>
<p>You understand and agree that we will not be liable to you or any third party for any loss of profits, use, goodwill, or data, or for any incidental, indirect, special, consequential or exemplary damages, however arising, that result from:</p>
<ul>
<li>the use, disclosure, or display of your User-Generated Content;</li>
<li>your use or inability to use the Service;</li>
<li>any modification, price change, suspension or discontinuance of the Service;</li>
<li>the Service generally or the software or systems that make the Service available;</li>
<li>unauthorized access to or alterations of your transmissions or data;</li>
<li>statements or conduct of any third party on the Service;</li>
<li>any other user interactions that you input or receive through your use of the Service; or
any other matter relating to the Service.</li>
</ul>
<p>Our liability is limited whether or not we have been informed of the possibility of such damages, and even if a remedy set forth in this Agreement is found to have failed of its essential purpose. We will have no liability for any failure or delay due to matters beyond our reasonable control.</p>
<h2>Release and Indemnification</h2>
<p>If you have a dispute with one or more Users, you agree to release Your Gitea Instance from any and all claims, demands and damages (actual and consequential) of every kind and nature, known and unknown, arising out of or in any way connected with such disputes.</p>
<p>You agree to indemnify us, defend us, and hold us harmless from and against any and all claims, liabilities, and expenses, including attorneys’ fees, arising out of your use of the Website and the Service, including but not limited to your violation of this Agreement, provided that Your Gitea Instance (1) promptly gives you written notice of the claim, demand, suit or proceeding; (2) gives you sole control of the defense and settlement of the claim, demand, suit or proceeding (provided that you may not settle any claim, demand, suit or proceeding unless the settlement unconditionally releases Your Gitea Instance of all liability); and (3) provides to you all reasonable assistance, at your expense.</p>
<h2>Changes to These Terms</h2>
<p>We reserve the right, at our sole discretion, to amend these Terms of Service at any time and will update these Terms of Service in the event of any such amendments. We will notify our Users of material changes to this Agreement, such as price changes, at least 30 days prior to the change taking effect by posting a notice on our Website. For non-material modifications, your continued use of the Website constitutes agreement to our revisions of these Terms of Service.</p>
<h2>Miscellaneous</h2>
<h3>Governing Law</h3>
<p>Except to the extent applicable law provides otherwise, this Agreement between you and us and any access to or use of the Website or the Service are governed by (national laws of country/state where Gitea is deployed) and (regional laws of locality where Gitea is deployed), without regard to conflict of law provisions. You and Your Gitea Instance agree to submit to the exclusive jurisdiction and venue of the courts located in (locality where Gitea is deployed).</p>
<h3>Non-Assignability</h3>
<p>Your Gitea Instance may assign or delegate these Terms of Service and/or our Privacy Policy in whole or in part, to any person or entity at any time with or without your consent, including the license granted in <i>User-Generated Content</i>. You may not assign or delegate any rights or obligations under the Terms of Service or Privacy Statement without our prior written consent, and any unauthorized assignment and delegation by you is void.</p>
<h3>Severablity, No Waiver, and Survival</h3>
<p>If any part of this Agreement is held invalid or unenforceable, that portion of the Agreement will be construed to reflect the parties’ original intent. The remaining portions will remain in full force and effect. Any failure on the part of Your Gitea Instance to enforce any provision of this Agreement will not be considered a waiver of our right to enforce such provision. Our rights under this Agreement will survive any termination of this Agreement.</p>
<h3>Amendments and Complete Agreement</h3>
<p>This Agreement may only be modified by a written amendment signed by an authorized representative of Your Gitea Instance, or by the posting by Your Gitea Instance of a revised version in accordance with <i>Changes to These Terms</i>. These Terms of Service, together with the Your Gitea Instance Privacy Policy, represent the complete and exclusive statement of the agreement between you and us. This Agreement supersedes any proposal or prior agreement oral or written, and any other communications between you and Your Gitea Instance relating to the subject matter of these terms including any confidentiality or nondisclosure agreements.</p>
<h3>Contact</h3>
<p>If you have questions about these Terms of Service, you can <a href="mailto:support@your-gitea-instance">contact our support</a>.</p>
; List of keywords used in Pull Request comments to automatically reopen a related issue
REOPEN_KEYWORDS=reopen,reopens,reopened
; In the default merge message for squash commits include at most this many commits
DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT=50
; In the default merge message for squash commits limit the size of the commit messages to this
DEFAULT_MERGE_MESSAGE_SIZE=5120
; In the default merge message for squash commits walk all commits to include all authors in the Co-authored-by otherwise just use those in the limited list
DEFAULT_MERGE_MESSAGE_ALL_AUTHORS=false
; In default merge messages limit the number of approvers listed as Reviewed-by: to this many
DEFAULT_MERGE_MESSAGE_MAX_APPROVERS=10
; In default merge messages only include approvers who are official
[](https://discord.gg/NsatcWJ)
[](https://discord.gg/Gitea)
[](http://microbadger.com/images/gitea/docs "Get your own image badge on microbadger.com")
Some jurisdictions (such as EU), requires certain legal pages (e.g. Privacy Policy) to be added to website. Follow these steps to add them to your Gitea instance.
## Getting Pages
Gitea source code ships with sample pages, available in `contrib/legal` directory. Copy them to `custom/public/`. For example, to add Privacy Policy:
Now you need to edit the page to meet your requirements. In particular you must change the email addresses, web addresses and references to "Your Gitea Instance" to match your situation.
You absolutely must not place a general ToS or privacy statement that implies that the gitea project is responsible for your server.
## Make it Visible
Create or append to `/path/to/custom/templates/custom/extra_links_footer.tmpl`:
**NOTE:** These tools are not endorsed by Gitea. They are listed here for convenience only.
## Hey! This page may be out of date or even removed in the future! :scream:
Instead, check out [awesome-gitea](https://gitea.com/gitea/awesome-gitea/src/branch/master/README.md#user-content-devops)!
## Listing
CI/CD solutions that have integration with Gitea. Following list is not complete,
@@ -30,5 +32,6 @@ the purpose is to give a starting point to integrate a CI/CD process with your G
- [Buildbot](https://www.buildbot.net/) with [Gitea plugin](https://github.com/lab132/buildbot-gitea)
Others CI/CD solutions that partially can be integrated with Gitea:
Others CI/CD solutions that can partially be integrated with Gitea:
- [Concourse](https://www.concourse-ci.org), see more information at [Concourse community forum](https://discuss.concourse-ci.org/t/concourse-ci-and-gitea-oauth/1475)
- `WORK_IN_PROGRESS_PREFIXES`: **WIP:,\[WIP\]**: List of prefixes used in Pull Request
title to mark them as Work In Progress
- `CLOSE_KEYWORDS`: **close**, **closes**, **closed**, **fix**, **fixes**, **fixed**, **resolve**, **resolves**, **resolved**: List of
keywords used in Pull Request comments to automatically close a related issue
- `REOPEN_KEYWORDS`: **reopen**, **reopens**, **reopened**: List of keywords used in Pull Request comments to automatically reopen
a related issue
- `DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT`: **50**: In the default merge message for squash commits include at most this many commits. Set to `-1` to include all commits
- `DEFAULT_MERGE_MESSAGE_SIZE`: **5120**: In the default merge message for squash commits limit the size of the commit messages. Set to `-1` to have no limit.
- `DEFAULT_MERGE_MESSAGE_ALL_AUTHORS`: **false**: In the default merge message for squash commits walk all commits to include all authors in the Co-authored-by otherwise just use those in the limited list
- `DEFAULT_MERGE_MESSAGE_MAX_APPROVERS`: **10**: In default merge messages limit the number of approvers listed as `Reviewed-by:`. Set to `-1` to include all.
- `DEFAULT_MERGE_MESSAGE_OFFICIAL_APPROVERS_ONLY`: **true**: In default merge messages only include approvers who are officially allowed to review.
### Repository - Issue (`repository.issue`)
- `LOCK_REASONS`: **Too heated,Off-topic,Resolved,Spam**: A list of reasons why a Pull Request or Issue can be locked
- `SIGNING_NAME` & `SIGNING_EMAIL`: if a KEYID is provided as the `SIGNING_KEY`, use these as the Name and Email address of the signer. These should match publicized name and email address for the key.
- `approved`: Only sign approved merges to a protected branch.
- `basesigned`: Only sign if the parent commit in the base repo is signed.
- `headsigned`: Only sign if the head commit in the head branch is signed.
- `commitssigned`: Only sign if all the commits in the head branch to the merge point are signed.
## CORS (`cors`)
- `ENABLED`: **false**: enable cors headers (disabled by default)
@@ -90,13 +122,16 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
- `EXPLORE_PAGING_NUM`: **20**: Number of repositories that are shown in one explore page.
- `ISSUE_PAGING_NUM`: **10**: Number of issues that are shown in one page (for all pages that list issues).
- `MEMBERS_PAGING_NUM`: **20**: Number of members that are shown in organization members.
- `FEED_MAX_COMMIT_NUM`: **5**: Number of maximum commits shown in one activity feed.
- `GRAPH_MAX_COMMIT_NUM`: **100**: Number of maximum commits shown in the commit graph.
- `DEFAULT_THEME`: **gitea**: \[gitea, arc-green\]: Set the default theme for the Gitea install.
- `THEMES`: **gitea,arc-green**: All available themes. Allow users select personalized themes
regardless of the value of `DEFAULT_THEME`.
- `DEFAULT_SHOW_FULL_NAME`: false: Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
- `SEARCH_REPO_DESCRIPTION`: true: Whether to search within description at repository search on explore page.
- `REACTIONS`: All available reactions. Allow users react with different emoji's.
- `DEFAULT_SHOW_FULL_NAME`: **false**: Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
- `SEARCH_REPO_DESCRIPTION`: **true**: Whether to search within description at repository search on explore page.
- `USE_SERVICE_WORKER`: **true**: Whether to enable a Service Worker to cache frontend assets.
### UI - Admin (`ui.admin`)
@@ -108,18 +143,28 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
## Markdown (`markdown`)
- `ENABLE_HARD_LINE_BREAK`: **false**: Enable Markdown's hard line break extension.
- `CUSTOM_URL_SCHEMES`: Use a comma separated list (ftp,git,svn) to indicate additional
URL hyperlinks to be rendered in Markdown. URLs beginning in http and https are
- `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files.
- `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string.
- `LFS_HTTP_AUTH_EXPIRY`: **20m**: LFS authentication validity period in time.Duration, pushes taking longer than this may fail.
- `LFS_MAX_FILE_SIZE`: **0**: Maximum allowed LFS file size in bytes (Set to 0 for no limit).
- `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, allows redirecting http requests on `PORT_TO_REDIRECT` to the https port Gitea listens on.
- `PORT_TO_REDIRECT`: **80**: Port for the http redirection service to listen on. Used when `REDIRECT_OTHER_PORT` is true.
- `ENABLE_LETSENCRYPT`: **false**: If enabled you must set `DOMAIN` to valid internet facing domain (ensure DNS is set and port 80 is accessible by letsencrypt validation server).
@@ -153,6 +200,9 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
- `LETSENCRYPT_ACCEPTTOS`: **false**: This is an explicit check that you accept the terms of service for Let's Encrypt.
- `LETSENCRYPT_DIRECTORY`: **https**: Directory that Letsencrypt will use to cache information such as certs and private keys.
- `LETSENCRYPT_EMAIL`: **email@example.com**: Email used by Letsencrypt to notify about problems with issued certificates. (No default)
- `ALLOW_GRACEFUL_RESTARTS`: **true**: Perform a graceful restart on SIGHUP
- `GRACEFUL_HAMMER_TIME`: **60s**: After a restart the parent process will stop accepting new connections and will allow requests to finish before stopping. Shutdown will be forced if it takes longer than this time.
- `STARTUP_TIMEOUT`: **0**: Shutsdown the server if startup takes longer than the provided time. On Windows setting this sends a waithint to the SVC host to tell the SVC host startup may take some time. Please note startup is determined by the opening of the listeners - HTTP/HTTPS/SSH. Indexers may take longer to startup and can have their own timeouts.
## Database (`database`)
@@ -161,19 +211,29 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
- `NAME`: **gitea**: Database name.
- `USER`: **root**: Database username.
- `PASSWD`: **\<empty\>**: Database user password. Use \`your password\` for quoting if you use special characters in the password.
-`SCHEMA`: **\<empty\>**: For PostgreSQL only, schema to use if different from "public". The schema must exist beforehand,
the user must have creation privileges on it, and the user search path must be set to the look into the schema first
(e.g. `ALTER USER user SET SEARCH_PATH = schema_name,"$user",public;`).
-`SSL_MODE`: **disable**: For PostgreSQL and MySQL only.
-`CHARSET`: **utf8**: For MySQL only, either "utf8" or "utf8mb4", default is "utf8". NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
-`PATH`: **data/gitea.db**: For SQLite3 only, the database file path.
-`LOG_SQL`: **true**: Log the executed SQL.
-`DB_RETRIES`: **10**: How many ORM init / DB connect attempts allowed.
-`DB_RETRY_BACKOFF`: **3s**: time.Duration to wait before trying another ORM init / DB connect attempt, if failure occured.
-`MAX_IDLE_CONNS`**0**: Max idle database connections on connnection pool, default is 0
-`CONN_MAX_LIFETIME`**3s**: Database connection max lifetime
-`MAX_OPEN_CONNS`**0**: Database maximum open connections - default is 0, meaning there is no limit.
-`MAX_IDLE_CONNS`**2**: Max idle database connections on connnection pool, default is 2 - this will be capped to `MAX_OPEN_CONNS`.
-`CONN_MAX_LIFETIME`**0 or 3s**: Sets the maximum amount of time a DB connection may be reused - default is 0, meaning there is no limit (except on MySQL where it is 3s - see #6804ᮟ).
Please see #8540⁑ for further discussion of the appropriate values for `MAX_OPEN_CONNS`, `MAX_IDLE_CONNS`&`CONN_MAX_LIFETIME` and their
relation to port exhaustion.
## Indexer (`indexer`)
-`ISSUE_INDEXER_TYPE`: **bleve**: Issue indexer type, currently support: bleve or db, if it's db, below issue indexer item will be invalid.
-`ISSUE_INDEXER_PATH`: **indexers/issues.bleve**: Index file used for issue search.
-`ISSUE_INDEXER_TYPE`: **bleve**: Issue indexer type, currently supported: `bleve`, `db` or `elasticsearch`.
-`ISSUE_INDEXER_CONN_STR`: ****: Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch. i.e. http://elastic:changeme@localhost:9200
-`ISSUE_INDEXER_NAME`: **gitea_issues**: Issue indexer name, available when ISSUE_INDEXER_TYPE is elasticsearch
-`ISSUE_INDEXER_PATH`: **indexers/issues.bleve**: Index file used for issue search; available when ISSUE_INDEXER_TYPE is bleve and elasticsearch.
- The next 4 configuration values are deprecated and should be set in `queue.issue_indexer` however are kept for backwards compatibility:
-`ISSUE_INDEXER_QUEUE_TYPE`: **levelqueue**: Issue indexer queue, currently supports:`channel`, `levelqueue`, `redis`.
-`ISSUE_INDEXER_QUEUE_DIR`: **indexers/issues.queue**: When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this will be the queue will be saved path.
-`ISSUE_INDEXER_QUEUE_CONN_STR`: **addrs=127.0.0.1:6379 db=0**: When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
@@ -183,8 +243,32 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
-`REPO_INDEXER_PATH`: **indexers/repos.bleve**: Index file used for code search.
-`REPO_INDEXER_INCLUDE`: **empty**: A comma separated list of glob patterns (see https://github.com/gobwas/glob) to **include** in the index. Use `**.txt` to match any files with .txt extension. An empty list means include all files.
-`REPO_INDEXER_EXCLUDE`: **empty**: A comma separated list of glob patterns (see https://github.com/gobwas/glob) to **exclude** from the index. Files that match this list will not be indexed, even if they match in `REPO_INDEXER_INCLUDE`.
-`REPO_INDEXER_EXCLUDE_VENDORED`: **true**: Exclude vendored files from index.
-`UPDATE_BUFFER_LEN`: **20**: Buffer length of index request.
-`MAX_FILE_SIZE`: **1048576**: Maximum size in bytes of files to be indexed.
-`STARTUP_TIMEOUT`: **30s**: If the indexer takes longer than this timeout to start - fail. (This timeout will be added to the hammer time above for child processes - as bleve will not start until the previous parent is shutdown.) Set to zero to never timeout.
## Queue (`queue` and `queue.*`)
-`TYPE`: **persistable-channel**: General queue type, currently support: `persistable-channel`, `channel`, `level`, `redis`, `dummy`
-`DATADIR`: **queues/**: Base DataDir for storing persistent and level queues. `DATADIR` for inidividual queues can be set in `queue.name` sections but will default to `DATADIR/`**`name`**.
-`LENGTH`: **20**: Maximal queue size before channel queues block
-`BATCH_LENGTH`: **20**: Batch data before passing to the handler
-`CONN_STR`: **addrs=127.0.0.1:6379 db=0**: Connection string for the redis queue type.
-`QUEUE_NAME`: **_queue**: The suffix for default redis queue name. Individual queues will default to **`name`**`QUEUE_NAME` but can be overriden in the specific `queue.name` section.
-`SET_NAME`: **_unique**: The suffix that will added to the default redis
set name for unique queues. Individual queues will default to
**`name`**`QUEUE_NAME`_`SET_NAME`_ but can be overridden in the specific
`queue.name` section.
-`WRAP_IF_NECESSARY`: **true**: Will wrap queues with a timeoutable queue if the selected queue is not ready to be created - (Only relevant for the level queue.)
-`MAX_ATTEMPTS`: **10**: Maximum number of attempts to create the wrapped queue
-`TIMEOUT`: **GRACEFUL_HAMMER_TIME + 30s**: Timeout the creation of the wrapped queue if it takes longer than this to create.
- Queues by default come with a dynamically scaling worker pool. The following settings configure this:
-`WORKERS`: **1**: Number of initial workers for the queue.
-`MAX_WORKERS`: **10**: Maximum number of worker go-routines for the queue.
-`BLOCK_TIMEOUT`: **1s**: If the queue blocks for this time, boost the number of workers - the `BLOCK_TIMEOUT` will then be doubled before boosting again whilst the boost is ongoing.
-`BOOST_TIMEOUT`: **5m**: Boost workers will timeout after this long.
-`BOOST_WORKERS`: **5**: This many workers will be added to the worker pool if there is a boost.
## Admin (`admin`)
-`DEFAULT_EMAIL_NOTIFICATIONS`: **enabled**: Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
@@ -203,6 +287,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
authentication provided email.
-`DISABLE_GIT_HOOKS`: **false**: Set to `true` to prevent all users (including admin) from creating custom
git hooks.
-`ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET`: **true**: Set to `false` to allow local users to push to gitea-repositories without setting up the Gitea environment. This is not recommended and if you want local users to push to gitea repositories you should set the environment appropriately.
-`IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server.
-`INTERNAL_TOKEN`: **\<random at every install if no uri set\>**: Secret used to validate communication within Gitea binary.
-`INTERNAL_TOKEN_URI`: **<empty>**: Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token`)
@@ -212,7 +297,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
- lower - use one or more lower latin characters
- upper - use one or more upper latin characters
- digit - use one or more digits
- spec - use one or more special characters as ``][!"#$%&'()*+,./:;<=>?@\^_{|}~`-`` and space symbol.
- spec - use one or more special characters as ``!"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~``
- off - do not check password complexity
## OpenID (`openid`)
@@ -235,9 +321,13 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
-`REQUIRE_EXTERNAL_REGISTRATION_PASSWORD`: **false**: Enable this to force externally created
accounts (via GitHub, OpenID Connect, etc) to create a password. Warning: enabling this will
decrease security, so you should only enable it if you know what you're doing.
-`REQUIRE_SIGNIN_VIEW`: **false**: Enable this to force users to log in to view any page.
-`REQUIRE_SIGNIN_VIEW`: **false**: Enable this to force users to log in to view any page or to use API.
-`ENABLE_NOTIFY_MAIL`: **false**: Enable this to send e-mail to watchers of a repository when
something happens, like creating issues. Requires `Mailer` to be enabled.
-`ENABLE_BASIC_AUTHENTICATION`: **true**: Disable this to disallow authenticaton using HTTP
BASIC and the user's password. Please note if you disable this you will not be able to access the
tokens API endpoints using a password. Further, this only disables BASIC authentication using the
password - not tokens or OAuth Basic.
-`ENABLE_REVERSE_PROXY_AUTHENTICATION`: **false**: Enable this to allow reverse proxy authentication.
-`ENABLE_REVERSE_PROXY_AUTO_REGISTRATION`: **false**: Enable this to allow auto-registration
for reverse authentication.
@@ -251,13 +341,19 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
-`RECAPTCHA_SITEKEY`: **""**: Go to https://www.google.com/recaptcha/admin to get a sitekey for recaptcha.
-`RECAPTCHA_URL`: **https://www.google.com/recaptcha/**: Set the recaptcha url - allows the use of recaptcha net.
-`DEFAULT_ENABLE_DEPENDENCIES`: **true**: Enable this to have dependencies enabled by default.
-`ALLOW_CROSS_REPOSITORY_DEPENDENCIES` : **true** Enable this to allow dependencies on issues from any repository where the user is granted access.
-`ENABLE_USER_HEATMAP`: **true**: Enable this to display the heatmap on users profiles.
-`EMAIL_DOMAIN_WHITELIST`: **\<empty\>**: If non-empty, list of domain names that can only be used to register
on this instance.
-`SHOW_REGISTRATION_BUTTON`: **! DISABLE\_REGISTRATION**: Show Registration Button
-`SHOW_MILESTONES_DASHBOARD_PAGE`: **true** Enable this to show the milestones dashboard page - a view of all the user's milestones
-`AUTO_WATCH_NEW_REPOS`: **true**: Enable this to let all organisation users watch new repos when they are created
-`AUTO_WATCH_ON_CHANGES`: **false**: Enable this to make users watch a repository after their first commit to it
-`DEFAULT_ORG_VISIBILITY`: **public**: Set default visibility mode for organisations, either "public", "limited" or "private".
-`DEFAULT_ORG_MEMBER_VISIBLE`: **false** True will make the membership of the users visible when added to the organisation.
-`ALLOW_ONLY_EXTERNAL_REGISTRATION`: **false** Set to true to force registration only using third-party services.
-`NO_REPLY_ADDRESS`: **DOMAIN** Default value for the domain part of the user's email address in the git log if he has set KeepEmailPrivate to true.
The user's email will be replaced with a concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS.
## Webhook (`webhook`)
@@ -265,6 +361,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
-`DELIVER_TIMEOUT`: **5**: Delivery timeout (sec) for shooting webhooks.
@@ -348,7 +453,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
NB: You must `REDIRECT_MACARON_LOG` and have `DISABLE_ROUTER_LOG` set to `false` for this option to take effect. Configure each mode in per mode log subsections `\[log.modename.router\]`.
-`ENABLE_ACCESS_LOG`: **false**: Creates an access.log in NCSA common log format, or as per the following template
-`ACCESS`: **file**: Logging mode for the access logger, use a comma to separate values. Configure each mode in per mode log subsections `\[log.modename.access\]`. By default the file mode will log to `$ROOT_PATH/access.log`. (If you set this to `,` it will log to the default gitea logger.)
-`ACCESS_LOG_TEMPLATE`: **`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`**: Sets the template used to create the access log.
-`ACCESS_LOG_TEMPLATE`: **`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`**: Sets the template used to create the access log.
- The following variables are available:
-`Ctx`: the `macaron.Context` of the request.
-`Identity`: the SignedUserName or `"-"` if not logged in.
@@ -415,7 +520,7 @@ NB: You must `REDIRECT_MACARON_LOG` and have `DISABLE_ROUTER_LOG` set to `false`
### Cron - Repository Health Check (`cron.repo_health_check`)
-`SCHEDULE`: **every 24h**: Cron syntax for scheduling repository health check.
-`SCHEDULE`: **@every 24h**: Cron syntax for scheduling repository health check.
-`TIMEOUT`: **60s**: Time duration syntax for health check execution timeout.
-`ARGS`: **\<empty\>**: Arguments for command `git fsck`, e.g. `--unreachable --tags`. See more on http://git-scm.com/docs/git-fsck
@@ -436,6 +541,9 @@ NB: You must `REDIRECT_MACARON_LOG` and have `DISABLE_ROUTER_LOG` set to `false`
-`MAX_GIT_DIFF_FILES`: **100**: Max number of files shown in diff view.
-`GC_ARGS`: **\<empty\>**: Arguments for command `git gc`, e.g. `--aggressive --auto`. See more on http://git-scm.com/docs/git-gc/
-`ENABLE_AUTO_GIT_WIRE_PROTOCOL`: **true**: If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
-`PULL_REQUEST_PUSH_MESSAGE`: **true**: Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled)
-`VERBOSE_PUSH`: **true**: Print status information about pushes as they are being processed.
-`VERBOSE_PUSH_DELAY`: **5s**: Only print verbose information if push takes longer than this delay.
-`ELEMENT`: The element this policy applies to. Must be non-empty.
-`ALLOW_ATTR`: The attribute this policy allows. Must be non-empty.
-`REGEXP`: A regex to match the contents of the attribute against. Must be present but may be empty for unconditional whitelisting of this attribute.
You may redefine `ELEMENT`, `ALLOW_ATTR`, and `REGEXP` multiple times; each time all three are defined is a single policy entry.
## Time (`time`)
-`FORMAT`: Time format to diplay on UI. i.e. RFC1123 or 2006-01-02 15:04:05
@@ -529,10 +655,16 @@ Two special environment variables are passed to the render command:
## Task (`task`)
- Task queue configuration has been moved to `queue.task` however, the below configuration values are kept for backwards compatibilityx:
-`QUEUE_TYPE`: **channel**: Task queue type, could be `channel` or `redis`.
-`QUEUE_LENGTH`: **1000**: Task queue length, available only when `QUEUE_TYPE` is `channel`.
-`QUEUE_CONN_STR`: **addrs=127.0.0.1:6379 db=0**: Task queue connection string, available only when `QUEUE_TYPE` is `redis`. If there redis needs a password, use `addrs=127.0.0.1:6379 password=123 db=0`.
## Migrations (`migrations`)
-`MAX_ATTEMPTS`: **3**: Max attempts per http/https request on migrations.
-`RETRY_BACKOFF`: **3**: Backoff time per http/https request retry (seconds)
## Other (`other`)
-`SHOW_FOOTER_BRANDING`: **false**: Show Gitea branding in the footer.
Customizing Gitea is typically done using the `CustomPath` folder - by default this is
the `custom` folder from the running directory, but may be different if your build has
set this differently. This is the central place to override configuration settings,
templates, etc. You can check the `CustomPath` using `gitea help`. You can override
templates, etc. You can check the `CustomPath` using `gitea help`. You can also find
the path on the _Configuration_ tab in the _Site Administration_ page. You can override
the `CustomPath` by setting either the `GITEA_CUSTOM` environment variable or by
using the `--custom-path` option on the `gitea` binary. (The option will override the
environment variable.)
@@ -44,12 +45,6 @@ environment variable; this can be used to override the default path to something
**Note:** Gitea must perform a full restart to see configuration changes.
## Customizing /robots.txt
To make Gitea serve a custom `/robots.txt` (default: empty 404), create a file called
`robots.txt` in the `custom` folder (or `CustomPath`) with
[expected contents](http://www.robotstxt.org/).
## Serving custom public files
To make Gitea serve custom public files (like pages and images), use the folder
@@ -62,26 +57,41 @@ the url `http://gitea.domain.tld/image.png`.
Place the png image at the following path: `custom/public/img/avatar_default.png`
## Customizing Gitea pages
## Customizing Gitea pages and resources
The `custom/templates` folder allows changing every single page of Gitea. Templates
to override can be found in the [`templates`](https://github.com/go-gitea/gitea/tree/master/templates) directory of Gitea source. Override by
making a copy of the file under `custom/templates` using a full path structure
matching source.
Gitea's executable contains all the resources required to run: templates, images, style-sheets
and translations. Any of them can be overridden by placing a replacement in a matching path
inside the `custom` directory. For example, to replace the default `.gitignore` provided
for C++ repositories, we want to replace `options/gitignore/C++`. To do this, a replacement
must be placed in `custom/options/gitignore/C++` (see about the location of the `custom`
directory at the top of this document).
Any statement contained inside `{{` and `}}` are Gitea's template syntax and
Every single page of Gitea can be changed. Dynamic content is generated using [go templates](https://golang.org/pkg/html/template/),
which can be modified by placing replacements below the `custom/templates` directory.
To obtain any embedded file (including templates), the [`gitea embedded` tool]({{< relref "doc/advanced/cmd-embedded.en-us.md" >}}) can be used. Alternatively, they can be found in the [`templates`](https://github.com/go-gitea/gitea/tree/master/templates) directory of Gitea source (Note: the example link is from the `master` branch. Make sure to use templates compatible with the release you are using).
Be aware that any statement contained inside `{{` and `}}` are Gitea's template syntax and
shouldn't be touched without fully understanding these components.
### Customizing startpage / homepage
Copy [`home.tmpl`](https://github.com/go-gitea/gitea/blob/master/templates/home.tmpl) for your version of Gitea from `templates` to `custom/templates`.
Edit as you wish.
Dont forget to restart your gitea to apply the changes.
### Adding links and tabs
If all you want is to add extra links to the top navigation bar, or extra tabs to the repository view, you can put them in `extra_links.tmpl` and `extra_tabs.tmpl` inside your `custom/templates/custom/` directory.
If all you want is to add extra links to the top navigation bar or footer, or extra tabs to the repository view, you can put them in `extra_links.tmpl` (links added to the navbar), `extra_links_footer.tmpl` (links added to the left side of footer), and `extra_tabs.tmpl` inside your `custom/templates/custom/` directory.
For instance, let's say you are in Germany and must add the famously legally-required "Impressum"/about page, listing who is responsible for the site's content:
just place it under your "custom/public/" directory (for instance `custom/public/impressum.html`) and put a link to it in `custom/templates/custom/extra_links.tmpl`.
just place it under your "custom/public/" directory (for instance `custom/public/impressum.html`) and put a link to it in either `custom/templates/custom/extra_links.tmpl` or `custom/templates/custom/extra_links_footer.tmpl`.
To match the current style, the link should have the class name "item", and you can use `{{AppSubUrl}}` to get the base URL:
You can then add blocks like the following to your markdown:
```plantuml
Alice -> Bob: Authentication Request
Bob --> Alice: Authentication Response
Alice -> Bob: Another authentication Request
Alice <-- Bob: Another authentication Response
```
The script will detect tags with `class="language-plantuml"`, but you can change this by providing a second argument to `parsePlantumlCodeBlocks`.
## Customizing Gitea mails
The `custom/templates/mail` folder allows changing the body of every mail of Gitea.
@@ -110,8 +192,6 @@ full path structure matching source.
Any statement contained inside `{{` and `}}` are Gitea's template
syntax and shouldn't be touched without fully understanding these components.
## Adding Analytics to Gitea
Google Analytics, Matomo (previously Piwik), and other analytics services can be added to Gitea. To add the tracking code, refer to the `Other additions to the page` section of this document, and add the JavaScript to the `custom/templates/custom/header.tmpl` file.
@@ -140,7 +220,7 @@ To add a custom license, add a file with the license text to `custom/options/lic
Locales are managed via our [crowdin](https://crowdin.com/project/gitea).
You can override a locale by placing an altered locale file in `custom/options/locale`.
Gitea's default locale files can be found in the [`options/locale`](https://github.com/go-gitea/gitea/tree/master/options/locale) source folder and these should be used as examples for your changes.
To add a completely new locale, as well as placing the file in the above location, you will need to add the new lang and name to the `[i18n]` section in your `app.ini`. Keep in mind that Gitea will use those settings as **overrides**, so if you want to keep the other languages as well you will need to copy/paste the default values and add your own to them.
```
@@ -155,6 +235,15 @@ Locales may change between versions, so keeping track of your customized locales
To add a custom Readme, add a markdown formatted file (without an `.md` extension) to `custom/options/readme`
### Reactions
To change reaction emoji's you can set allowed reactions at app.ini
A full list of supported emoji's is at [emoji list](https://gitea.com/gitea/gitea.com/issues/8)
## Customizing the look of Gitea
As of version 1.6.0 Gitea has built-in themes. The two built-in themes are, the default theme `gitea`, and a dark theme `arc-green`. To change the look of your Gitea install change the value of `DEFAULT_THEME` in the [ui](https://docs.gitea.io/en-us/config-cheat-sheet/#ui-ui) section of `app.ini` to another one of the available options.
This supports rendering of whole files. If you want to render code blocks in markdown you would need to do something with javascript. See some examples on the [Customizing Gitea](../customizing-gitea) page.
## Installing external binaries
In order to get file rendering through external binaries, their associated packages must be installed.
@@ -51,7 +53,7 @@ add one `[markup.XXXXX]` section per external renderer on your custom `app.ini`:
[markup.asciidoc]
ENABLED = true
FILE_EXTENSIONS = .adoc,.asciidoc
RENDER_COMMAND = "asciidoctor --out-file=- -"
RENDER_COMMAND = "asciidoctor -e -a leveloffset=-1 --out-file=- -"
; Input is not a standard input but a file
IS_INPUT_FILE = false
@@ -68,4 +70,22 @@ RENDER_COMMAND = rst2html.py
IS_INPUT_FILE = false
```
If your external markup relies on additional classes and attributes on the generated HTML elements, you might need to enable custom sanitizer policies. Gitea uses the [`bluemonday`](https://godoc.org/github.com/microcosm-cc/bluemonday) package as our HTML sanitizier. The example below will support [KaTeX](https://katex.org/) output from [`pandoc`](https://pandoc.org/).
```ini
[markup.sanitizer]
; Pandoc renders TeX segments as <span>s with the "math" class, optionally
; with "inline" or "display" classes depending on context.
You may redefine `ELEMENT`, `ALLOW_ATTR`, and `REGEXP` multiple times; each time all three are defined is a single policy entry. All three must be defined, but `REGEXP` may be blank to allow unconditional whitelisting of that attribute.
Once your configuration changes have been made, restart Gitea to have changes take effect.
The simplest recommended way to build from source is:
```bash
TAGS="bindata sqlite sqlite_unlock_notify" make generate build
TAGS="bindata sqlite sqlite_unlock_notify" make build
```
However, there are a number of additional make tasks you should be aware of.
@@ -110,7 +100,7 @@ how our continuous integration works.
### Formatting, code analysis and spell check
Our continous integration will reject PRs that are not properly formatted, fail
Our continuous integration will reject PRs that are not properly formatted, fail
code analysis or spell check.
You should format your code with `go fmt` using:
@@ -136,23 +126,20 @@ You should run revive, vet and spell-check on the code with:
make revive vet misspell-check
```
### Updating CSS
### Working on JS and CSS
To generate the CSS, you will need [Node.js](https://nodejs.org/) 8.0 or greater with npm. At present we use [less](http://lesscss.org/) and [postcss](https://postcss.org) to generate our CSS. Do **not** edit the files in `public/css` directly, as they are generated from `lessc` from the files in `public/less`.
Edit files in `public/less`, run the linter, regenerate the CSS and commit all changed files:
Edit files in `web_src` and run the linter and build the files in `public`:
```bash
make css
make webpack
```
### Updating JS
Note: When working on frontend code, it is advisable to set `USE_SERVICE_WORKER` to `false` in `app.ini` which will prevent undesirable caching of frontend assets.
To run the JavaScript linter you will need [Node.js](https://nodejs.org/) 8.0 or greater with npm. Edit files in `public/js` and run the linter:
### Building Images
```bash
make js
```
To build the images, ImageMagick, `inkscape` and `zopflipng` binaries must be available in
your `PATH` to run `make generate-images`.
### Updating the API
@@ -233,11 +220,12 @@ Unit tests will not and cannot completely test Gitea alone. Therefore, we
have written integration tests; however, these are database dependent.
```bash
TAGS="bindata sqlite sqlite_unlock_notify" make generate build test-sqlite
TAGS="bindata sqlite sqlite_unlock_notify" make build test-sqlite
```
will run the integration tests in an sqlite environment. Other database tests
are available but may need adjustment to the local environment.
will run the integration tests in an sqlite environment. Integration tests
require `git lfs` to be installed. Other database tests are available but
| `.FallbackSubject` | string | Always | A default subject line. See Below. |
| `.Subject` | string | Only in body | The _subject_, once resolved. |
| `.Body` | string | Always | The message of the issue, pull request or comment, parsed from Markdown into HTML and sanitized. Do not confuse with the _mail body_. |
| `.Link` | string | Always | The address of the originating issue, pull request or comment. |
| `.Issue` | models.Issue | Always | The issue (or pull request) originating the notification. To get data specific to a pull request (e.g. `HasMerged`), `.Issue.PullRequest` can be used, but care should be taken as this field will be `nil` if the issue is *not* a pull request. |
| `.Comment` | models.Comment | If applicable | If the notification is from a comment added to an issue or pull request, this will contain the information about the comment. |
| `.IsPull` | bool | Always | `true` if the mail notification is associated with a pull request (i.e. `.Issue.PullRequest` is not `nil`). |
| `.Repo` | string | Always | Name of the repository, including owner name (e.g. `mike/stuff`) |
| `.User` | models.User | Always | Owner of the repository from which the event originated. To get the user name (e.g. `mike`),`.User.Name` can be used. |
| `.Doer` | models.User | Always | User that executed the action triggering the notification event. To get the user name (e.g. `rhonda`), `.Doer.Name` can be used. |
| `.IsMention` | bool | Always | `true` if this notification was only generated because the user was mentioned in the comment, while not being subscribed to the source. It will be `false` if the recipient was subscribed to the issue or repository. |
| `.SubjectPrefix` | string | Always | `Re: ` if the notification is about other than issue or pull request creation; otherwise an empty string. |
| `.ActionType` | string | Always | `"issue"` or `"pull"`. Will correspond to the actual _action type_ independently of which template was selected. |
| `.ActionName` | string | Always | It will be one of the action types described above (`new`, `comment`, etc.), and will correspond to the actual _action name_ independently of which template was selected. |
| `.ReviewComments` | []models.Comment | Always | List of code comments in a review. The comment text will be in `.RenderedContent` and the referenced code will be in `.Patch`. |
All names are case sensitive.
### The _subject_ part of the template
The template engine used for the mail _subject_ is golang's [`text/template`](https://golang.org/pkg/text/template/).
Please refer to the linked documentation for details about its syntax.
The _subject_ is built using the following steps:
* A template is selected according to the type of notification and to what templates are present.
* The template is parsed and resolved (e.g. `{{.Issue.Index}}` is converted to the number of the issue
or pull request).
* All space-like characters (e.g. `TAB`, `LF`, etc.) are converted to normal spaces.
* All leading, trailing and redundant spaces are removed.
* The string is truncated to its first 256 runes (characters).
If the end result is an empty string, **or** no subject template was available (i.e. the selected template
did not include a subject part), Gitea's **internal default** will be used.
The internal default (fallback) subject is the equivalent of:
@@ -42,6 +42,8 @@ Gitea applies glob pattern matching from the [`gobwas/glob` library](https://git
Limiting the list of files prevents the indexes from becoming polluted with derived or irrelevant files (e.g. lss, sym, map, etc.), so the search results are more relevant. It can also help reduce the index size.
`REPO_INDEXER_EXCLUDE_VENDORED` (default: true) excludes vendored files from index.
`REPO_INDEXER_INCLUDE` (default: empty) is a comma separated list of glob patterns to **include** in the index. An empty list means "_include all files_".
`REPO_INDEXER_EXCLUDE` (default: empty) is a comma separated list of glob patterns to **exclude** from the index. Files that match this list will not be indexed. `REPO_INDEXER_EXCLUDE` takes precedence over `REPO_INDEXER_INCLUDE`.
[GitNex for Android](https://gitlab.com/mmarif4u/gitnex)
-[GitNex for Android](https://gitlab.com/mmarif4u/gitnex)
### Editor Extensions
- [Gitea Extension for Visual Studio](https://github.com/maikebing/Gitea.VisualStudio) Download from [Visual Studio Marketplace](https://marketplace.visualstudio.com/items?itemName=MysticBoy.GiteaExtensionforVisualStudio)
- [Gitea Extension for Visual Studio](https://github.com/maikebing/Gitea.VisualStudio)
- Download from [Visual Studio Marketplace](https://marketplace.visualstudio.com/items?itemName=MysticBoy.GiteaExtensionforVisualStudio)
### Project Management
- [YouTrack by JetBrains](https://blog.jetbrains.com/youtrack/2019/12/whats-new-in-youtrack-2019-3/)
@@ -216,3 +216,42 @@ configure this, set the fields below:
- Log in to Gitea as an Administrator and click on "Authentication" under Admin Panel.
Then click `Add New Source` and fill in the details, changing all where appropriate.
## SPNEGO with SSPI (Kerberos/NTLM, for Windows only)
Gitea supports SPNEGO single sign-on authentication (the scheme defined by RFC4559) for the web part of the server via the Security Support Provider Interface (SSPI) built in Windows. SSPI works only in Windows environments - when both the server and the clients are running Windows.
Before activating SSPI single sign-on authentication (SSO) you have to prepare your environment:
- Create a separate user account in active directory, under which the `gitea.exe` process will be running (eg. `user` under domain `domain.local`):
- Create a service principal name for the host where `gitea.exe` is running with class `HTTP`:
- Start `Command Prompt` or `PowerShell` as a priviledged domain user (eg. Domain Administrator)
- Run the command below, replacing `host.domain.local` with the fully qualified domain name (FQDN) of the server where the web application will be running, and `domain\user` with the name of the account created in the previous step:
```
setspn -A HTTP/host.domain.local domain\user
```
- Sign in (*sign out if you were already signed in*) with the user created
- Make sure that `ROOT_URL` in the `[server]` section of `custom/conf/app.ini` is the fully qualified domain name of the server where the web application will be running - the same you used when creating the service principal name (eg. `host.domain.local`)
- Start the web server (`gitea.exe web`)
- Enable SSPI authentication by adding an `SPNEGO with SSPI` authentication source in `Site Administration -> Authentication Sources`
- Sign in to a client computer in the same domain with any domain user (client computer, different from the server running `gitea.exe`)
- If you are using Chrome, Edge or Internet Explorer, add the URL of the web app to the Local intranet sites (`Internet Options -> Security -> Local intranet -> Sites`)
- Start Chrome, Edge or Internet Explorer and navigate to the FQDN URL of gitea (eg. `http://host.domain.local:3000`)
- Click the `Sign In` button on the dashboard and choose SSPI to be automatically logged in with the same user that is currently logged on to the computer
- If it does not work, make sure that:
- You are not running the web browser on the same server where gitea is running. You should be running the web browser on a domain joined computer (client) that is different from the server. If both the client and server are runnning on the same computer NTLM will be prefered over Kerberos.
- There is only one `HTTP/...` SPN for the host
- The SPN contains only the hostname, without the port
- You have added the URL of the web app to the `Local intranet zone`
- The clocks of the server and client should not differ with more than 5 minutes (depends on group policy)
- `Integrated Windows Authentication` should be enabled in Internet Explorer (under `Advanced settings`)
To migrate from Gitlab to Gitea, you can use this non-affiliated tool:
https://github.com/loganinak/MigrateGitlabToGogs
@@ -144,6 +151,14 @@ You can configure `WHITELISTED_URIS` or `BLACKLISTED_URIS` under `[openid]` in y
### Issue only users
The current way to achieve this is to create/modify a user with a max repo creation limit of 0.
### Restricted users
Restricted users are limited to a subset of the content based on their organization/team memberships and collaborations, ignoring the public flag on organizations/repos etc.__
Example use case: A company runs a Gitea instance that requires login. Most repos are public (accessible/browseable by all co-workers).
At some point, a customer or third party needs access to a specific repo and only that repo. Making such a customer account restricted and granting any needed access using team membership(s) and/or collaboration(s) is a simple way to achieve that without the need to make everything private.
### Enable Fail2ban
Use [Fail2Ban]({{ relref "doc/usage/fail2ban-setup.md" >}}) to monitor and stop automated login attempts or other malicious behavior based on log patterns
@@ -272,3 +287,24 @@ Check the value of `LFS_HTTP_AUTH_EXPIRY` in your `app.ini` file.
By default, your LFS token will expire after 20 minutes. If you have a slow connection or a large file (or both), it may not finish uploading within the time limit.
You may want to set this value to `60m` or `120m`.
## How can I create users before starting Gitea
Gitea provides a sub-command `gitea migrate` to initialize the database, after which you can use the [admin CLI commands]({{< relref "doc/usage/command-line.en-us.md#admin" >}}) to add users like normal.
## How can I enable password reset
There is no setting for password resets. It is enabled when a [mail service]({{< relref "doc/usage/email-setup.en-us.md" >}}) is configured, and disabled otherwise.
## How can a user's password be changed
- As an **admin**, you can change any user's password (and optionally force them to change it on next login)...
- By navigating to your `Site Administration -> User Accounts` page and editing a user.
- By using the [admin CLI commands]({{< relref "doc/usage/command-line.en-us.md#admin" >}}).
Keep in mind most commands will also need a [global flag]({{< relref "doc/usage/command-line.en-us.md#global-options" >}}) to point the CLI at the correct configuration.
- As a **user** you can change it...
- In your account `Settings -> Account` page (this method **requires** you to know your current password).
- By using the `Forgot Password` link.
If the `Forgot Password/Account Recovery` page is disabled, please contact your administrator to configure a [mail service]({{< relref "doc/usage/email-setup.en-us.md" >}}).
## Why is my markdown broken
In Gitea version `1.11` we moved to [goldmark](https://github.com/yuin/goldmark) for markdown rendering, which is [CommonMark](https://commonmark.org/) compliant.
If you have markdown that worked as you expected prior to version `1.11` and after upgrading it's not working anymore, please look through the CommonMark spec to see whether the problem is due to a bug or non-compliant syntax.
If it is the latter, _usually_ there is a compliant alternative listed in the spec.
You need a database to use Gitea. Gitea supports PostgreSQL, MySQL, SQLite, and MSSQL. This page will guide into preparing database. Only PostgreSQL and MySQL will be covered here since those database engines are widely-used in production.
Database instance can be on same machine as Gitea (local database setup), or on different machine (remote database).
Note: All steps below requires that the database engine of your choice is installed on your system. For remote database setup, install the server part on database instance and client part on your Gitea server. In addition, make sure you use same engine version for both server and client for some engine features to work. For security reason, protect `root` (MySQL) or `postgres` (PostgreSQL) database superuser with secure password. The steps assumes that you run Linux for both database and Gitea servers.
## MySQL
1. On database instance, login to database console as root:
```
mysql -u root -p
```
Enter the password as prompted.
2. Create database user which will be used by Gitea, authenticated by password. This example uses `'gitea'` as password. Please use a secure password for your instance.
For local database:
```sql
SET old_passwords=0;
CREATE USER 'gitea' IDENTIFIED BY 'gitea';
```
For remote database:
```sql
SET old_passwords=0;
CREATE USER 'gitea'@'192.0.2.10' IDENTIFIED BY 'gitea';
```
where `192.0.2.10` is the IP address of your Gitea instance.
Replace username and password above as appropriate.
3. Create database with UTF-8 charset and collation. Make sure to use `utf8mb4` charset instead of `utf8` as the former supports all Unicode characters (including emojis) beyond *Basic Multilingual Plane*. Also, collation chosen depending on your expected content. When in doubt, use either `unicode_ci` or `general_ci`.
```sql
CREATE DATABASE giteadb CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_unicode_ci';
```
Replace database name as appropriate.
4. Grant all privileges on the database to database user created above.
For local database:
```sql
GRANT ALL PRIVILEGES ON giteadb.* TO 'gitea';
FLUSH PRIVILEGES;
```
For remote database:
```sql
GRANT ALL PRIVILEGES ON giteadb.* TO 'gitea'@'192.0.2.10';
FLUSH PRIVILEGES;
```
5. Quit from database console by `exit`.
6. On your Gitea server, test connection to the database:
```
mysql -u gitea -h 203.0.113.3 -p giteadb
```
where `gitea` is database username, `giteadb` is database name, and `203.0.113.3` is IP address of database instance. Omit `-h` option for local database.
You should be connected to the database.
## PostgreSQL
1. PostgreSQL uses `md5` challenge-response encryption scheme for password authentication by default. Nowadays this scheme is not considered secure anymore. Use SCRAM-SHA-256 scheme instead by editing the `postgresql.conf` configuration file on the database server to:
```ini
password_encryption = scram-sha-256
```
Restart PostgreSQL to apply the setting.
2. On the database server, login to the database console as superuser:
```
su -c "psql" - postgres
```
3. Create database user (role in PostgreSQL terms) with login privilege and password. Please use a secure, strong password instead of `'gitea'` below:
```sql
CREATE ROLE gitea WITH LOGIN PASSWORD 'gitea';
```
Replace username and password as appropriate.
4. Create database with UTF-8 charset and owned by the database user created earlier. Any `libc` collations can be specified with `LC_COLLATE` and `LC_CTYPE` parameter, depending on expected content:
5. Allow the database user to access the database created above by adding the following authentication rule to `pg_hba.conf`.
For local database:
```ini
local giteadb gitea scram-sha-256
```
For remote database:
```ini
host giteadb gitea 192.0.2.10/32 scram-sha-256
```
Replace database name, user, and IP address of Gitea instance with your own.
Note: rules on `pg_hba.conf` are evaluated sequentially, that is the first matching rule will be used for authentication. Your PostgreSQL installation may come with generic authentication rules that match all users and databases. You may need to place the rules presented here above such generic rules if it is the case.
Restart PostgreSQL to apply new authentication rules.
6. On your Gitea server, test connection to the database.
For local database:
```
psql -U gitea -d giteadb
```
For remote database:
```
psql "postgres://gitea@203.0.113.3/giteadb"
```
where `gitea` is database user, `giteadb` is database name, and `203.0.113.3` is IP address of your database instance.
You should be prompted to enter password for the database user, and connected to the database.
@@ -42,4 +42,4 @@ Si vous obtenez l'erreur `702 runWeb()] [E] Failed to start server: listen tcp 0
## Il manque quelque chose ?
Est-ce que nous avons oublié quelque chose sur cette page ? N'hésitez pas à nous contacter sur notre [serveur Discord](https://discord.gg/NsatcWJ), vous obtiendrez des réponses à toute vos questions assez rapidement.
Est-ce que nous avons oublié quelque chose sur cette page ? N'hésitez pas à nous contacter sur notre [serveur Discord](https://discord.gg/Gitea), vous obtiendrez des réponses à toute vos questions assez rapidement.
@@ -54,4 +54,4 @@ Pour exécuter Gitea en tant que service, utilisez la commande `sysrc gitea_enab
## Il manque quelque chose ?
Est-ce que nous avons oublié quelque chose sur cette page ? N'hésitez pas à nous contacter sur notre [serveur Discord](https://discord.gg/NsatcWJ), vous obtiendrez des réponses à toute vos questions assez rapidement.
Est-ce que nous avons oublié quelque chose sur cette page ? N'hésitez pas à nous contacter sur notre [serveur Discord](https://discord.gg/Gitea), vous obtiendrez des réponses à toute vos questions assez rapidement.
@@ -60,10 +60,10 @@ Comme nous regroupons déjà toutes les bibliothèques requises pour compiler Gi
*`sqlite sqlite_unlock_notify`: Active la prise en charge d'une base de données [SQLite3](https://sqlite.org/), ceci n'est recommandé que pour les petites installations de Gitea.
*`pam`: Active la prise en charge de PAM (mLinux Pluggable Authentication Modules), très utile si vos utilisateurs doivent être authentifiés avec les comptes du système.
Il est temps de compiler le binaire, nous suggérons d'intégrer les ressources avec l'option de compilation `bindata`. Pour inclure les ressources, vous devrez également exécuter la tâche Make `generate`. Dans le cas échéant, les ressources ne pourront pas être intégrées:
Il est temps de compiler le binaire, nous suggérons d'intégrer les ressources avec l'option de compilation `bindata`:
```
TAGS="bindata" make generate build
TAGS="bindata" make build
```
## Test
@@ -76,4 +76,4 @@ Après avoir suivi toutes les étapes, vous devriez avoir le binaire `gitea` dan
## Il manque quelque chose ?
Est-ce que nous avons oublié quelque chose sur cette page ? N'hésitez pas à nous contacter sur notre [serveur Discord](https://discord.gg/NsatcWJ), vous obtiendrez des réponses à toute vos questions assez rapidement.
Est-ce que nous avons oublié quelque chose sur cette page ? N'hésitez pas à nous contacter sur notre [serveur Discord](https://discord.gg/Gitea), vous obtiendrez des réponses à toute vos questions assez rapidement.
You can run Gitea as service, using either systemd or supervisor. The steps below tested on Ubuntu 16.04, but those should work on any Linux distributions (with little modification).
#### Using systemd
Run the below command in a terminal:
```
sudo vim /etc/systemd/system/gitea.service
```
Copy the sample [gitea.service](https://github.com/go-gitea/gitea/blob/master/contrib/systemd/gitea.service).
Copy the sample [gitea.service](https://github.com/go-gitea/gitea/blob/master/contrib/systemd/gitea.service) to `/etc/systemd/system/gitea.service`, then edit the file with your favorite editor.
Uncomment any service that needs to be enabled on this host, such as MySQL.
@@ -35,6 +32,10 @@ sudo systemctl enable gitea
sudo systemctl start gitea
```
If you have systemd version 220 or later, you can enable and immediately start Gitea at once by:
```
sudo systemctl enable gitea --now
```
#### Using supervisor
@@ -49,19 +50,20 @@ Create a log dir for the supervisor logs:
@@ -107,4 +107,4 @@ Le fichier de configuration sera sauvegardé à l'emplacement suivant : `/data/g
## Il manque quelque chose ?
Est-ce que nous avons oublié quelque chose sur cette page ? N'hésitez pas à nous contacter sur notre [serveur Discord](https://discord.gg/NsatcWJ), vous obtiendrez des réponses à toute vos questions assez rapidement.
Est-ce que nous avons oublié quelque chose sur cette page ? N'hésitez pas à nous contacter sur notre [serveur Discord](https://discord.gg/Gitea), vous obtiendrez des réponses à toute vos questions assez rapidement.
-`gitea web --config /etc/gitea.ini --pid /var/run/gitea.pid`
- Notes:
- Gitea should not be run as root. To bind to a port below 1000, you can use setcap on
- Gitea should not be run as root. To bind to a port below 1024, you can use setcap on
Linux: `sudo setcap 'cap_net_bind_service=+ep' /path/to/gitea`. This will need to be
redone every time you update Gitea.
@@ -134,6 +134,7 @@ Admin operations:
-`--user-search-base value`: The LDAP base at which user accounts will be searched for. Required.
-`--user-filter value`: An LDAP filter declaring how to find the user record that is attempting to authenticate. Required.
-`--admin-filter value`: An LDAP filter specifying if a user should be given administrator privileges.
-`--restricted-filter value`: An LDAP filter specifying if a user should be given restricted status.
-`--username-attribute value`: The attribute of the user’s LDAP record containing the user name.
-`--firstname-attribute value`: The attribute of the user’s LDAP record containing the user’s first name.
-`--surname-attribute value`: The attribute of the user’s LDAP record containing the user’s surname.
@@ -158,6 +159,7 @@ Admin operations:
-`--user-search-base value`: The LDAP base at which user accounts will be searched for.
-`--user-filter value`: An LDAP filter declaring how to find the user record that is attempting to authenticate.
-`--admin-filter value`: An LDAP filter specifying if a user should be given administrator privileges.
-`--restricted-filter value`: An LDAP filter specifying if a user should be given restricted status.
-`--username-attribute value`: The attribute of the user’s LDAP record containing the user name.
-`--firstname-attribute value`: The attribute of the user’s LDAP record containing the user’s first name.
-`--surname-attribute value`: The attribute of the user’s LDAP record containing the user’s surname.
@@ -182,6 +184,7 @@ Admin operations:
-`--user-search-base value`: The LDAP base at which user accounts will be searched for.
-`--user-filter value`: An LDAP filter declaring how to find the user record that is attempting to authenticate. Required.
-`--admin-filter value`: An LDAP filter specifying if a user should be given administrator privileges.
-`--restricted-filter value`: An LDAP filter specifying if a user should be given restricted status.
-`--username-attribute value`: The attribute of the user’s LDAP record containing the user name.
-`--firstname-attribute value`: The attribute of the user’s LDAP record containing the user’s first name.
-`--surname-attribute value`: The attribute of the user’s LDAP record containing the user’s surname.
@@ -202,6 +205,7 @@ Admin operations:
-`--user-search-base value`: The LDAP base at which user accounts will be searched for.
-`--user-filter value`: An LDAP filter declaring how to find the user record that is attempting to authenticate.
-`--admin-filter value`: An LDAP filter specifying if a user should be given administrator privileges.
-`--restricted-filter value`: An LDAP filter specifying if a user should be given restricted status.
-`--username-attribute value`: The attribute of the user’s LDAP record containing the user name.
-`--firstname-attribute value`: The attribute of the user’s LDAP record containing the user’s first name.
-`--surname-attribute value`: The attribute of the user’s LDAP record containing the user’s surname.
@@ -281,3 +285,36 @@ provided key. You should also set the value
NB: opensshd requires the gitea program to be owned by root and not
writable by group or others. The program must be specified by an absolute
path.
NB: Gitea must be running for this command to succeed.
#### migrate
Migrates the database. This command can be used to run other commands before starting the server for the first time.
This command is idempotent.
#### convert
Converts an existing MySQL database from utf8 to utf8mb4.
#### doctor
Diagnose the problems of current gitea instance according the given configuration.
Currently there are a check list below:
- Check if OpenSSH authorized_keys file id correct
When your gitea instance support OpenSSH, your gitea instance binary path will be written to `authorized_keys`
when there is any public key added or changed on your gitea instance.
Sometimes if you moved or renamed your gitea binary when upgrade and you haven't run `Update the '.ssh/authorized_keys' file with Gitea SSH keys. (Not needed for the built-in SSH server.)` on your Admin Panel. Then all pull/push via SSH will not be work.
This check will help you to check if it works well.
For contributors, if you want to add more checks, you can wrie ad new function like `func(ctx *cli.Context) ([]string, error)` and
append it to `doctor.go`.
```go
varchecklist=[]check{
{
title:"Check if OpenSSH authorized_keys file id correct",
f:runDoctorLocationMoved,
},
// more checks please append here
}
```
This function will receive a command line context and return a list of details about the problems or error.
Note: Your connection between your reverse proxy and Gitea might be unencrypted. To encrypt it too, follow the [built-in server guide](#using-built-in-server) and change
the proxy url to `https://[URL]`.
Note: Enabling HTTPS only at the proxy level is referred as [TLS Termination Proxy](https://en.wikipedia.org/wiki/TLS_termination_proxy). The proxy server accepts incoming TLS connections, decrypts the contents, and passes the now unencrypted contents to Gitea. This is normally fine as long as both the proxy and Gitea instances are either on the same machine, or on different machines within private network (with the proxy is exposed to outside network). If your Gitea instance is separated from your proxy over a public network, or if you want full end-to-end encryption, you can also [enable HTTPS support directly in Gitea using built-in server](#using-the-built-in-server) and forward the connections over HTTPS instead.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
