Merge remote-tracking branch 'upstream/main'

* upstream/main:
  Fix broken link in tests/e2e/README (go-gitea#24576)
  [skip ci] Updated licenses and gitignores
  Add goto issue id function (go-gitea#24479)
  Improve decryption failure message (go-gitea#24573)
  Simplify template helper functions (go-gitea#24570)
  Makefile: Use portable !, not GNUish -not, with find(1). (go-gitea#24565)
  Add org visibility label to non-organization's dashboard (go-gitea#24558)
  Sort users and orgs on explore by recency by default (go-gitea#24279)
  Change `add_on` translation to `added_on` and include placeholder for the date (go-gitea#24562)
  Change `valid_until` translation to `valid_until_date` and include placeholder for the date (go-gitea#24563)
  Fix docs failing the build on `main` (go-gitea#24561)
  Improve wiki user title test (go-gitea#24559)
  Fix incorrect user visibility (go-gitea#24557)
  Change `join_on` translation to `joined_on` and include placeholder for the date (go-gitea#24550)
  Require at least one unit to be enabled (go-gitea#24189)
  Fix broken `README` link (go-gitea#24546)
  Check latest version on CI (go-gitea#24556)

.github/workflows/pull-compliance.yml

@@ -16,6 +16,7 @@ jobs:
         uses: actions/setup-go@v4
         with:
           go-version: '>=1.20'
+          check-latest: true
       - name: deps-backend
         run: make deps-backend deps-tools
       - name: lint backend
@@ -33,6 +34,7 @@ jobs:
         uses: actions/setup-go@v4
         with:
           go-version: '>=1.20'
+          check-latest: true
       - name: deps-backend
         run: make deps-backend deps-tools
       - name: lint-backend-windows
@@ -52,6 +54,7 @@ jobs:
         uses: actions/setup-go@v4
         with:
           go-version: '>=1.20'
+          check-latest: true
       - name: deps-backend
         run: make deps-backend deps-tools
       - name: lint-backend-gogit
@@ -71,6 +74,7 @@ jobs:
         uses: actions/setup-go@v4
         with:
           go-version: '>=1.20'
+          check-latest: true
       - name: deps-backend
         run: make deps-backend deps-tools
       - name: checks backend
@@ -101,6 +105,7 @@ jobs:
         uses: actions/setup-go@v4
         with:
           go-version: '>=1.20'
+          check-latest: true
       - name: setup node
         uses: actions/setup-node@v3
         with:

.github/workflows/pull-e2e.yml

@@ -16,6 +16,7 @@ jobs:
         uses: actions/setup-go@v4
         with:
           go-version: '>=1.20'
+          check-latest: true
       - name: setup node
         uses: actions/setup-node@v3
         with:

Makefile

@@ -139,7 +139,7 @@ GO_DIRS := build cmd models modules routers services tests
 WEB_DIRS := web_src/js web_src/css
 
 GO_SOURCES := $(wildcard *.go)
-GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" -not -path modules/options/bindata.go -not -path modules/public/bindata.go -not -path modules/templates/bindata.go)
+GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" ! -path modules/options/bindata.go ! -path modules/public/bindata.go ! -path modules/templates/bindata.go)
 GO_SOURCES += $(GENERATED_GO_DEST)
 GO_SOURCES_NO_BINDATA := $(GO_SOURCES)
 

README.md

@@ -110,7 +110,7 @@ Translations are done through Crowdin. If you want to translate to a new languag
 
 You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope to fill it as questions pop up.
 
-https://docs.gitea.io/en-us/translation-guidelines/
+https://docs.gitea.io/en-us/contributing/translation-guidelines/
 
 [![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)
 

docs/content/doc/usage/packages/rpm.en-us.md

@@ -38,7 +38,7 @@ dnf config-manager --add-repo https://gitea.example.com/api/packages/{owner}/rpm
 | ----------- | ----------- |
 | `owner`     | The owner of the package. |
 
-If the registry is private, provide credentials in the url. You can use a password or a [personal access token]({{< relref "doc/developers/api-usage.en-us.md#authentication" >}}):
+If the registry is private, provide credentials in the url. You can use a password or a [personal access token]({{< relref "doc/development/api-usage.en-us.md#authentication" >}}):
 
 ```shell
 dnf config-manager --add-repo https://{username}:{your_password_or_token}@gitea.example.com/api/packages/{owner}/rpm.repo
@@ -66,7 +66,7 @@ curl --user your_username:your_password_or_token \
      https://gitea.example.com/api/packages/testuser/rpm/upload
 ```
 
-If you are using 2FA or OAuth use a [personal access token]({{< relref "doc/developers/api-usage.en-us.md#authentication" >}}) instead of the password.
+If you are using 2FA or OAuth use a [personal access token]({{< relref "doc/development/api-usage.en-us.md#authentication" >}}) instead of the password.
 You cannot publish a file with the same name twice to a package. You must delete the existing package version first.
 
 The server reponds with the following HTTP Status codes.

models/repo.go

@@ -40,7 +40,9 @@ var ItemsPerPage = 40
 
 // Init initialize model
 func Init(ctx context.Context) error {
-	unit.LoadUnitConfig()
+	if err := unit.LoadUnitConfig(); err != nil {
+		return err
+	}
 	return system_model.Init(ctx)
 }
 

models/unit/unit.go

@@ -4,6 +4,7 @@
 package unit
 
 import (
+	"errors"
 	"fmt"
 	"strings"
 
@@ -106,12 +107,6 @@ var (
 		TypeExternalTracker,
 	}
 
-	// MustRepoUnits contains the units could not be disabled currently
-	MustRepoUnits = []Type{
-		TypeCode,
-		TypeReleases,
-	}
-
 	// DisabledRepoUnits contains the units that have been globally disabled
 	DisabledRepoUnits = []Type{}
 )
@@ -122,18 +117,13 @@ func validateDefaultRepoUnits(defaultUnits, settingDefaultUnits []Type) []Type {
 
 	// Use setting if not empty
 	if len(settingDefaultUnits) > 0 {
-		// MustRepoUnits required as default
-		units = make([]Type, len(MustRepoUnits))
-		copy(units, MustRepoUnits)
+		units = make([]Type, 0, len(settingDefaultUnits))
 		for _, settingUnit := range settingDefaultUnits {
 			if !settingUnit.CanBeDefault() {
 				log.Warn("Not allowed as default unit: %s", settingUnit.String())
 				continue
 			}
-			// MustRepoUnits already added
-			if settingUnit.CanDisable() {
-				units = append(units, settingUnit)
-			}
+			units = append(units, settingUnit)
 		}
 	}
 
@@ -150,30 +140,30 @@ func validateDefaultRepoUnits(defaultUnits, settingDefaultUnits []Type) []Type {
 }
 
 // LoadUnitConfig load units from settings
-func LoadUnitConfig() {
+func LoadUnitConfig() error {
 	var invalidKeys []string
 	DisabledRepoUnits, invalidKeys = FindUnitTypes(setting.Repository.DisabledRepoUnits...)
 	if len(invalidKeys) > 0 {
 		log.Warn("Invalid keys in disabled repo units: %s", strings.Join(invalidKeys, ", "))
 	}
-	// Check that must units are not disabled
-	for i, disabledU := range DisabledRepoUnits {
-		if !disabledU.CanDisable() {
-			log.Warn("Not allowed to global disable unit %s", disabledU.String())
-			DisabledRepoUnits = append(DisabledRepoUnits[:i], DisabledRepoUnits[i+1:]...)
-		}
-	}
 
 	setDefaultRepoUnits, invalidKeys := FindUnitTypes(setting.Repository.DefaultRepoUnits...)
 	if len(invalidKeys) > 0 {
 		log.Warn("Invalid keys in default repo units: %s", strings.Join(invalidKeys, ", "))
 	}
 	DefaultRepoUnits = validateDefaultRepoUnits(DefaultRepoUnits, setDefaultRepoUnits)
+	if len(DefaultRepoUnits) == 0 {
+		return errors.New("no default repository units found")
+	}
 	setDefaultForkRepoUnits, invalidKeys := FindUnitTypes(setting.Repository.DefaultForkRepoUnits...)
 	if len(invalidKeys) > 0 {
 		log.Warn("Invalid keys in default fork repo units: %s", strings.Join(invalidKeys, ", "))
 	}
 	DefaultForkRepoUnits = validateDefaultRepoUnits(DefaultForkRepoUnits, setDefaultForkRepoUnits)
+	if len(DefaultForkRepoUnits) == 0 {
+		return errors.New("no default fork repository units found")
+	}
+	return nil
 }
 
 // UnitGlobalDisabled checks if unit type is global disabled
@@ -186,16 +176,6 @@ func (u Type) UnitGlobalDisabled() bool {
 	return false
 }
 
-// CanDisable checks if this unit type can be disabled.
-func (u *Type) CanDisable() bool {
-	for _, mu := range MustRepoUnits {
-		if *u == mu {
-			return false
-		}
-	}
-	return true
-}
-
 // CanBeDefault checks if the unit type can be a default repo unit
 func (u *Type) CanBeDefault() bool {
 	for _, nadU := range NotAllowedDefaultRepoUnits {
@@ -216,11 +196,6 @@ type Unit struct {
 	MaxAccessMode perm.AccessMode // The max access mode of the unit. i.e. Read means this unit can only be read.
 }
 
-// CanDisable returns if this unit could be disabled.
-func (u *Unit) CanDisable() bool {
-	return u.Type.CanDisable()
-}
-
 // IsLessThan compares order of two units
 func (u Unit) IsLessThan(unit Unit) bool {
 	if (u.Type == TypeExternalTracker || u.Type == TypeExternalWiki) && unit.Type != TypeExternalTracker && unit.Type != TypeExternalWiki {

models/unit/unit_test.go

@@ -12,42 +12,84 @@ import (
 )
 
 func TestLoadUnitConfig(t *testing.T) {
-	defer func(disabledRepoUnits, defaultRepoUnits, defaultForkRepoUnits []Type) {
-		DisabledRepoUnits = disabledRepoUnits
-		DefaultRepoUnits = defaultRepoUnits
-		DefaultForkRepoUnits = defaultForkRepoUnits
-	}(DisabledRepoUnits, DefaultRepoUnits, DefaultForkRepoUnits)
-	defer func(disabledRepoUnits, defaultRepoUnits, defaultForkRepoUnits []string) {
-		setting.Repository.DisabledRepoUnits = disabledRepoUnits
-		setting.Repository.DefaultRepoUnits = defaultRepoUnits
-		setting.Repository.DefaultForkRepoUnits = defaultForkRepoUnits
-	}(setting.Repository.DisabledRepoUnits, setting.Repository.DefaultRepoUnits, setting.Repository.DefaultForkRepoUnits)
-
 	t.Run("regular", func(t *testing.T) {
+		defer func(disabledRepoUnits, defaultRepoUnits, defaultForkRepoUnits []Type) {
+			DisabledRepoUnits = disabledRepoUnits
+			DefaultRepoUnits = defaultRepoUnits
+			DefaultForkRepoUnits = defaultForkRepoUnits
+		}(DisabledRepoUnits, DefaultRepoUnits, DefaultForkRepoUnits)
+		defer func(disabledRepoUnits, defaultRepoUnits, defaultForkRepoUnits []string) {
+			setting.Repository.DisabledRepoUnits = disabledRepoUnits
+			setting.Repository.DefaultRepoUnits = defaultRepoUnits
+			setting.Repository.DefaultForkRepoUnits = defaultForkRepoUnits
+		}(setting.Repository.DisabledRepoUnits, setting.Repository.DefaultRepoUnits, setting.Repository.DefaultForkRepoUnits)
+
 		setting.Repository.DisabledRepoUnits = []string{"repo.issues"}
 		setting.Repository.DefaultRepoUnits = []string{"repo.code", "repo.releases", "repo.issues", "repo.pulls"}
 		setting.Repository.DefaultForkRepoUnits = []string{"repo.releases"}
-		LoadUnitConfig()
+		assert.NoError(t, LoadUnitConfig())
 		assert.Equal(t, []Type{TypeIssues}, DisabledRepoUnits)
 		assert.Equal(t, []Type{TypeCode, TypeReleases, TypePullRequests}, DefaultRepoUnits)
-		assert.Equal(t, []Type{TypeCode, TypeReleases}, DefaultForkRepoUnits)
+		assert.Equal(t, []Type{TypeReleases}, DefaultForkRepoUnits)
 	})
 	t.Run("invalid", func(t *testing.T) {
+		defer func(disabledRepoUnits, defaultRepoUnits, defaultForkRepoUnits []Type) {
+			DisabledRepoUnits = disabledRepoUnits
+			DefaultRepoUnits = defaultRepoUnits
+			DefaultForkRepoUnits = defaultForkRepoUnits
+		}(DisabledRepoUnits, DefaultRepoUnits, DefaultForkRepoUnits)
+		defer func(disabledRepoUnits, defaultRepoUnits, defaultForkRepoUnits []string) {
+			setting.Repository.DisabledRepoUnits = disabledRepoUnits
+			setting.Repository.DefaultRepoUnits = defaultRepoUnits
+			setting.Repository.DefaultForkRepoUnits = defaultForkRepoUnits
+		}(setting.Repository.DisabledRepoUnits, setting.Repository.DefaultRepoUnits, setting.Repository.DefaultForkRepoUnits)
+
 		setting.Repository.DisabledRepoUnits = []string{"repo.issues", "invalid.1"}
 		setting.Repository.DefaultRepoUnits = []string{"repo.code", "invalid.2", "repo.releases", "repo.issues", "repo.pulls"}
 		setting.Repository.DefaultForkRepoUnits = []string{"invalid.3", "repo.releases"}
-		LoadUnitConfig()
+		assert.NoError(t, LoadUnitConfig())
 		assert.Equal(t, []Type{TypeIssues}, DisabledRepoUnits)
 		assert.Equal(t, []Type{TypeCode, TypeReleases, TypePullRequests}, DefaultRepoUnits)
-		assert.Equal(t, []Type{TypeCode, TypeReleases}, DefaultForkRepoUnits)
+		assert.Equal(t, []Type{TypeReleases}, DefaultForkRepoUnits)
 	})
 	t.Run("duplicate", func(t *testing.T) {
+		defer func(disabledRepoUnits, defaultRepoUnits, defaultForkRepoUnits []Type) {
+			DisabledRepoUnits = disabledRepoUnits
+			DefaultRepoUnits = defaultRepoUnits
+			DefaultForkRepoUnits = defaultForkRepoUnits
+		}(DisabledRepoUnits, DefaultRepoUnits, DefaultForkRepoUnits)
+		defer func(disabledRepoUnits, defaultRepoUnits, defaultForkRepoUnits []string) {
+			setting.Repository.DisabledRepoUnits = disabledRepoUnits
+			setting.Repository.DefaultRepoUnits = defaultRepoUnits
+			setting.Repository.DefaultForkRepoUnits = defaultForkRepoUnits
+		}(setting.Repository.DisabledRepoUnits, setting.Repository.DefaultRepoUnits, setting.Repository.DefaultForkRepoUnits)
+
 		setting.Repository.DisabledRepoUnits = []string{"repo.issues", "repo.issues"}
 		setting.Repository.DefaultRepoUnits = []string{"repo.code", "repo.releases", "repo.issues", "repo.pulls", "repo.code"}
 		setting.Repository.DefaultForkRepoUnits = []string{"repo.releases", "repo.releases"}
-		LoadUnitConfig()
+		assert.NoError(t, LoadUnitConfig())
 		assert.Equal(t, []Type{TypeIssues}, DisabledRepoUnits)
 		assert.Equal(t, []Type{TypeCode, TypeReleases, TypePullRequests}, DefaultRepoUnits)
-		assert.Equal(t, []Type{TypeCode, TypeReleases}, DefaultForkRepoUnits)
+		assert.Equal(t, []Type{TypeReleases}, DefaultForkRepoUnits)
+	})
+	t.Run("empty_default", func(t *testing.T) {
+		defer func(disabledRepoUnits, defaultRepoUnits, defaultForkRepoUnits []Type) {
+			DisabledRepoUnits = disabledRepoUnits
+			DefaultRepoUnits = defaultRepoUnits
+			DefaultForkRepoUnits = defaultForkRepoUnits
+		}(DisabledRepoUnits, DefaultRepoUnits, DefaultForkRepoUnits)
+		defer func(disabledRepoUnits, defaultRepoUnits, defaultForkRepoUnits []string) {
+			setting.Repository.DisabledRepoUnits = disabledRepoUnits
+			setting.Repository.DefaultRepoUnits = defaultRepoUnits
+			setting.Repository.DefaultForkRepoUnits = defaultForkRepoUnits
+		}(setting.Repository.DisabledRepoUnits, setting.Repository.DefaultRepoUnits, setting.Repository.DefaultForkRepoUnits)
+
+		setting.Repository.DisabledRepoUnits = []string{"repo.issues", "repo.issues"}
+		setting.Repository.DefaultRepoUnits = []string{}
+		setting.Repository.DefaultForkRepoUnits = []string{"repo.releases", "repo.releases"}
+		assert.NoError(t, LoadUnitConfig())
+		assert.Equal(t, []Type{TypeIssues}, DisabledRepoUnits)
+		assert.ElementsMatch(t, []Type{TypeCode, TypePullRequests, TypeReleases, TypeWiki, TypePackages, TypeProjects}, DefaultRepoUnits)
+		assert.Equal(t, []Type{TypeReleases}, DefaultForkRepoUnits)
 	})
 }

modules/context/form.go

@@ -65,3 +65,8 @@ func (ctx *Context) FormOptionalBool(key string) util.OptionalBool {
 	v = v || strings.EqualFold(s, "on")
 	return util.OptionalBoolOf(v)
 }
+
+func (ctx *Context) SetFormString(key, value string) {
+	_ = ctx.Req.FormValue(key) // force parse form
+	ctx.Req.Form.Set(key, value)
+}

modules/secret/secret.go

@@ -10,6 +10,7 @@ import (
 	"encoding/base64"
 	"encoding/hex"
 	"errors"
+	"fmt"
 	"io"
 
 	"github.com/minio/sha256-simd"
@@ -19,13 +20,13 @@ import (
 func AesEncrypt(key, text []byte) ([]byte, error) {
 	block, err := aes.NewCipher(key)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("AesEncrypt invalid key: %v", err)
 	}
 	b := base64.StdEncoding.EncodeToString(text)
 	ciphertext := make([]byte, aes.BlockSize+len(b))
 	iv := ciphertext[:aes.BlockSize]
-	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
-		return nil, err
+	if _, err = io.ReadFull(rand.Reader, iv); err != nil {
+		return nil, fmt.Errorf("AesEncrypt unable to read IV: %w", err)
 	}
 	cfb := cipher.NewCFBEncrypter(block, iv)
 	cfb.XORKeyStream(ciphertext[aes.BlockSize:], []byte(b))
@@ -39,15 +40,15 @@ func AesDecrypt(key, text []byte) ([]byte, error) {
 		return nil, err
 	}
 	if len(text) < aes.BlockSize {
-		return nil, errors.New("ciphertext too short")
+		return nil, errors.New("AesDecrypt ciphertext too short")
 	}
 	iv := text[:aes.BlockSize]
 	text = text[aes.BlockSize:]
 	cfb := cipher.NewCFBDecrypter(block, iv)
 	cfb.XORKeyStream(text, text)
 	data, err := base64.StdEncoding.DecodeString(string(text))
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("AesDecrypt invalid decrypted base64 string: %w", err)
 	}
 	return data, nil
 }
@@ -58,21 +59,21 @@ func EncryptSecret(key, str string) (string, error) {
 	plaintext := []byte(str)
 	ciphertext, err := AesEncrypt(keyHash[:], plaintext)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to encrypt by secret: %w", err)
 	}
 	return hex.EncodeToString(ciphertext), nil
 }
 
 // DecryptSecret decrypts a previously encrypted hex string
-func DecryptSecret(key, cipherhex string) (string, error) {
+func DecryptSecret(key, cipherHex string) (string, error) {
 	keyHash := sha256.Sum256([]byte(key))
-	ciphertext, err := hex.DecodeString(cipherhex)
+	ciphertext, err := hex.DecodeString(cipherHex)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to decrypt by secret, invalid hex string: %w", err)
 	}
 	plaintext, err := AesDecrypt(keyHash[:], ciphertext)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to decrypt by secret, the key (maybe SECRET_KEY?) might be incorrect: %w", err)
 	}
 	return string(plaintext), nil
 }