Backport #32424 by @Zettat123
Resolve#32232
Users can disable the "Actions" unit for all mirror repos by running
```
gitea doctor check --run disable-mirror-actions-unit --fix
```
Co-authored-by: Zettat123 <zettat123@gmail.com>
Partially backport #32473. LFS related changes are not in 1.22, so skip
them.
1. Ignore non-existing repos during migrations
2. Improve ReadBatchLine's comment
3. Use `X-Gitea-Internal-Auth` header for internal API calls and make
the comparing constant time (it wasn't a serous problem because in a
real world it's nearly impossible to timing-attack the token, but indeed
security related and good to fix and backport)
4. Fix route mock nil check
Backport #32432 by @kemzeb
Resolves#32371.
#31970 should have just showed the commit summary, but
`strings.SplitN()` was misused such that we did not perform any
splitting at all and just used the message. This was not caught in the
unit test made in that PR since the test commit summary was > 50 (which
truncated away the commit description).
This snapshot resolves this and adds another unit test to ensure that we
only show the commit summary.
Co-authored-by: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
backport #32144
This PR fixes javascript errors when an anonymous user visits the
migration page.
It also makes task view checking more restrictive.
The router moved from `/user/task/{id}/status` to
`/username/reponame/-/migrate/status` because it's a migrate status.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #32185 by @bsofiato
Resolves#32184
Signed-off-by: Bruno Sofiato <bruno.sofiato@gmail.com>
Co-authored-by: Bruno Sofiato <bruno.sofiato@gmail.com>
Backport #32130 by @wolfogre
Since page templates keep changing, some pages that contained forms with
CSRF token no longer have them.
It leads to some calls of `GetCSRF` returning an empty string, which
fails the tests. Like
3269b04d61/tests/integration/attachment_test.go (L62-L63)
The test did try to get the CSRF token and provided it, but it was
empty.
Co-authored-by: Jason Song <i@wolfogre.com>
Backport #32075 by @lunny
After migrating a repository with pull request, the branch is missed and
after the pull request merged, the branch cannot be deleted.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #31946 by @lunny
Fix#13489
In the original implementation, only `All` will display your owned and
collaborated repositories. For other filters like `Source`, `Mirrors`
and etc. will only display your owned repositories.
This PR removed the limitations. Now except `collbrations`, other
filters will always display your owned and collaborated repositories.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #32066 by @lunny
The previous implementation requires admin permission to rename branches
which should be write permission.
Fix#31993
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #32102 by @lunny
Fix#31930 and more places which use `http.TimeFormat` wrongly.
`http.TimeFormat` requires a UTC time. refer to
https://pkg.go.dev/net/http#TimeFormat
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #32099 by @maantje
This PR addresses the missing `bin` field in Composer metadata, which
currently causes vendor-provided binaries to not be symlinked to
`vendor/bin` during installation.
In the current implementation, running `composer install` does not
publish the binaries, leading to issues where expected binaries are not
available.
By properly declaring the `bin` field, this PR ensures that binaries are
correctly symlinked upon installation, as described in the [Composer
documentation](https://getcomposer.org/doc/articles/vendor-binaries.md).
Co-authored-by: Jamie Schouten <j4mie@hey.com>
Giteabot