Merge remote-tracking branch 'giteaofficial/main'

* giteaofficial/main:
  Use `Set[Type]` instead of `map[Type]bool/struct{}`. (go-gitea#26804)
  Fix verifyCommits error when push a new branch (go-gitea#26664)
  Fix Uint8Array comparisons and update vitest (go-gitea#26805)
  Add various missing files-changed dependencies (go-gitea#26799)
  Improve flex list item padding (go-gitea#26779)
  Include the GITHUB_TOKEN/GITEA_TOKEN secret for fork pull requests (go-gitea#26759)
  feat(API): add route and implementation for creating/updating repository secret (go-gitea#26766)
  Replace deprecated `elliptic.Marshal` (go-gitea#26800)
  Updating the js libraries to latest version. (go-gitea#26795)
  Fix some slice append usages (go-gitea#26778)
  Use Go 1.21 for golangci-lint (go-gitea#26786)
  Fix notification circle (border-radius) (go-gitea#26794)
  Fix context filter has no effect in dashboard (go-gitea#26695)
  Add default label in branch select list (go-gitea#26697)
  Remove redundant nil check in `WalkGitLog` (go-gitea#26773)
  Remove fomantic `item` module (go-gitea#26775)
  Update info regarding internet connection for build (go-gitea#26776)
  Fix being unable to use a repo that prohibits accepting PRs as a PR source. (go-gitea#26785)

.github/workflows/files-changed.yml

@@ -43,6 +43,8 @@ jobs:
               - "go.mod"
               - "go.sum"
               - "Makefile"
+              - ".golangci.yml"
+              - ".editorconfig"
 
             frontend:
               - "**/*.js"
@@ -51,16 +53,21 @@ jobs:
               - "package.json"
               - "package-lock.json"
               - "Makefile"
+              - ".eslintrc.yaml"
+              - ".stylelintrc.yaml"
+              - ".npmrc"
 
             docs:
               - "**/*.md"
               - "docs/**"
+              - ".markdownlint.yaml"
 
             actions:
               - ".github/workflows/*"
 
             templates:
               - "templates/**/*.tmpl"
+              - "pyproject.toml"
               - "poetry.lock"
 
             docker:
@@ -72,3 +79,6 @@ jobs:
             swagger:
               - "templates/swagger/v1_json.tmpl"
               - "Makefile"
+              - "package.json"
+              - "package-lock.json"
+              - ".spectral.yml"

.golangci.yml

@@ -29,7 +29,7 @@ linters:
   fast: false
 
 run:
-  go: "1.20"
+  go: "1.21"
   timeout: 10m
   skip-dirs:
     - node_modules
@@ -75,7 +75,7 @@ linters-settings:
       - name: modifies-value-receiver
   gofumpt:
     extra-rules: true
-    lang-version: "1.20"
+    lang-version: "1.21"
   depguard:
     rules:
       main:

README.md

@@ -79,10 +79,10 @@ or if SQLite support is required:
 
 The `build` target is split into two sub-targets:
 
-- `make backend` which requires [Go Stable](https://go.dev/dl/), required version is defined in [go.mod](/go.mod).
-- `make frontend` which requires [Node.js LTS](https://nodejs.org/en/download/) or greater and Internet connectivity to download npm dependencies.
+- `make backend` which requires [Go Stable](https://go.dev/dl/), the required version is defined in [go.mod](/go.mod).
+- `make frontend` which requires [Node.js LTS](https://nodejs.org/en/download/) or greater.
 
-When building from the official source tarballs which include pre-built frontend files, the `frontend` target will not be triggered, making it possible to build without Node.js and Internet connectivity.
+Internet connectivity is required to download the go and npm modules. When building from the official source tarballs which include pre-built frontend files, the `frontend` target will not be triggered, making it possible to build without Node.js.
 
 Parallelism (`make -j <num>`) is not supported.
 

build/backport-locales.go

@@ -12,6 +12,7 @@ import (
 	"path/filepath"
 	"strings"
 
+	"code.gitea.io/gitea/modules/container"
 	"code.gitea.io/gitea/modules/setting"
 )
 
@@ -58,7 +59,7 @@ func main() {
 
 	// use old en-US as the base, and copy the new translations to the old locales
 	enUsOld := inisOld["options/locale/locale_en-US.ini"]
-	brokenWarned := map[string]bool{}
+	brokenWarned := make(container.Set[string])
 	for path, iniOld := range inisOld {
 		if iniOld == enUsOld {
 			continue
@@ -77,7 +78,7 @@ func main() {
 					broken := oldStr != "" && strings.Count(oldStr, "%") != strings.Count(newStr, "%")
 					broken = broken || strings.Contains(oldStr, "\n") || strings.Contains(oldStr, "\n")
 					if broken {
-						brokenWarned[secOld.Name()+"."+keyEnUs.Name()] = true
+						brokenWarned.Add(secOld.Name() + "." + keyEnUs.Name())
 						fmt.Println("----")
 						fmt.Printf("WARNING: skip broken locale: %s , [%s] %s\n", path, secEnUS.Name(), keyEnUs.Name())
 						fmt.Printf("\told: %s\n", strings.ReplaceAll(oldStr, "\n", "\\n"))
@@ -103,7 +104,7 @@ func main() {
 				broken = broken || strings.HasPrefix(str, "`\"")
 				broken = broken || strings.Count(str, `"`)%2 == 1
 				broken = broken || strings.Count(str, "`")%2 == 1
-				if broken && !brokenWarned[sec.Name()+"."+key.Name()] {
+				if broken && !brokenWarned.Contains(sec.Name()+"."+key.Name()) {
 					fmt.Printf("WARNING: found broken locale: %s , [%s] %s\n", path, sec.Name(), key.Name())
 					fmt.Printf("\tstr: %s\n", strings.ReplaceAll(str, "\n", "\\n"))
 					fmt.Println("----")

build/generate-go-licenses.go

@@ -15,6 +15,8 @@ import (
 	"regexp"
 	"sort"
 	"strings"
+
+	"code.gitea.io/gitea/modules/container"
 )
 
 // regexp is based on go-license, excluding README and NOTICE
@@ -55,20 +57,14 @@ func main() {
 	//    yml
 	//
 	// It could be removed once we have a better regex.
-	excludedExt := map[string]bool{
-		".gitignore": true,
-		".go":        true,
-		".mod":       true,
-		".sum":       true,
-		".toml":      true,
-		".yml":       true,
-	}
+	excludedExt := container.SetOf(".gitignore", ".go", ".mod", ".sum", ".toml", ".yml")
+
 	var paths []string
 	err := filepath.WalkDir(base, func(path string, entry fs.DirEntry, err error) error {
 		if err != nil {
 			return err
 		}
-		if entry.IsDir() || !licenseRe.MatchString(entry.Name()) || excludedExt[filepath.Ext(entry.Name())] {
+		if entry.IsDir() || !licenseRe.MatchString(entry.Name()) || excludedExt.Contains(filepath.Ext(entry.Name())) {
 			return nil
 		}
 		paths = append(paths, path)

models/fixtures/email_address.yml

@@ -276,4 +276,12 @@
   email: [email protected]
   lower_email: [email protected]
   is_activated: false
-  is_primary: false
+  is_primary: false
+
+-
+  id: 36
+  uid: 36
+  email: [email protected]
+  lower_email: [email protected]
+  is_activated: true
+  is_primary: false

models/fixtures/gpg_key.yml

@@ -1 +1,23 @@
-[] # empty
+-
+  id: 5
+  owner_id: 36
+  key_id: B15431642629B826
+  primary_key_id:
+  content: xsDNBGTrY3UBDAC2HLBqmMplAV15qSnC7g1c4dV406f5EHNhFr95Nup2My6b2eafTlvedv77s8PT/I7F3fy4apOZs5A7w2SsPlLMcQ3ev4uGOsxRtkq5RLy1Yb6SNueX0Da2UVKR5KTC5Q6BWaqxwS0IjKOLZ/xz0Pbe/ClV3bZSKBEY2omkVo3Z0HZ771vB2clPRvGJ/IdeKOsZ3ZytSFXfyiJBdARmeSPmydXLil8+Ibq5iLAeow5PK8hK1TCOnKHzLWNqcNq70tyjoHvcGi70iGjoVEEUgPCLLuU8WmzTJwlvA3BuDzjtaO7TLo/jdE6iqkHtMSS8x+43sAH6hcFRCWAVh/0Uq7n36uGDfNxGnX3YrmX3LR9x5IsBES1rGGWbpxio4o5GIf/Xd+JgDd9rzJCqRuZ3/sW/TxK38htWaVNZV0kMkHUCTc1ctzWpCm635hbFCHBhPYIp+/z206khkAKDbz/CNuU91Wazsh7KO07wrwDtxfDDbInJ8TfHE2TGjzjQzgChfmcAEQEAAQ==
+  verified: true
+  can_sign: true
+  can_encrypt_comms: true
+  can_encrypt_storage: true
+  can_certify: true
+
+-
+  id: 6
+  owner_id: 36
+  key_id: EE3AF48454AFD619
+  primary_key_id: B15431642629B826
+  content: zsDNBGTrY3UBDADsHrzuOicQaPdUQm0+0UNrs92cESm/j/4yBBUk+sfLZAo6J99c4eh4nAQzzZ7al080rYKB0G+7xoRz1eHcQH6zrVcqB8KYtf/sdY47WaMiMyxM+kTSvzp7tsv7QuSQZ0neUEXRyYMz5ttBfIjWUd+3NDItuHyB+MtNWlS3zXgaUbe5VifqKaNmzN0Ye4yXTKcpypE3AOqPVz+iIFv3c6TmsqLHJaR4VoicCleAqLyF/28WsJO7M9dDW+EM3MZVnsVpycTURyHAJGfSk10waQZAaRwmarCN/q0KEJ+aEAK/SRliUneBZoMO5hY5iBeG432tofwaQqAahPv9uXIb1n2JEMKwnMlMA9UGD1AcDbywfj1m/ZGBBw95i4Ekkfn43RvV3THr7uJU/dRqqP+iic4MwpUrOxqELW/kmeHXlBcNbZZhEEvwRoW7U2/9eeuog4nRleRJ0pi/xOP9wmxkKjaIPIK3phdBtEpVk4w/UTAWNdyIIrFggukeAnZFyGJwlm8AEQEAAQ==
+  verified: true
+  can_sign: true
+  can_encrypt_comms: true
+  can_encrypt_storage: true
+  can_certify: true

models/fixtures/user.yml

@@ -1301,7 +1301,7 @@
   lower_name: limited_org36
   name: limited_org36
   full_name: Limited Org 36
-  email: limited_org36@example.com
+  email: abcde@gitea.com
   keep_email_private: false
   email_notifications_preference: enabled
   passwd: ZogKvWdyEx:password
@@ -1320,7 +1320,7 @@
   allow_create_organization: true
   prohibit_login: false
   avatar: avatar22
-  avatar_email: limited_org36@example.com
+  avatar_email: abcde@gitea.com
   use_custom_avatar: false
   num_followers: 0
   num_following: 0

models/migrations/v1_16/v210.go

@@ -4,7 +4,6 @@
 package v1_16 //nolint
 
 import (
-	"crypto/elliptic"
 	"encoding/base32"
 	"fmt"
 	"strings"
@@ -123,13 +122,17 @@ func RemigrateU2FCredentials(x *xorm.Engine) error {
 				if err != nil {
 					continue
 				}
+				pubKey, err := parsed.PubKey.ECDH()
+				if err != nil {
+					continue
+				}
 				remigrated := &webauthnCredential{
 					ID:              reg.ID,
 					Name:            reg.Name,
 					LowerName:       strings.ToLower(reg.Name),
 					UserID:          reg.UserID,
 					CredentialID:    base32.HexEncoding.EncodeToString(parsed.KeyHandle),
-					PublicKey:       elliptic.Marshal(elliptic.P256(), parsed.PubKey.X, parsed.PubKey.Y),
+					PublicKey:       pubKey.Bytes(),
 					AttestationType: "fido-u2f",
 					AAGUID:          []byte{},
 					SignCount:       reg.Counter,

models/secret/secret.go

@@ -160,3 +160,31 @@ func DeleteSecret(ctx context.Context, orgID, repoID int64, name string) error {
 
 	return nil
 }
+
+// CreateOrUpdateSecret creates or updates a secret and returns true if it was created
+func CreateOrUpdateSecret(ctx context.Context, orgID, repoID int64, name, data string) (bool, error) {
+	sc := new(Secret)
+	name = strings.ToUpper(name)
+	has, err := db.GetEngine(ctx).
+		Where("owner_id=?", orgID).
+		And("repo_id=?", repoID).
+		And("name=?", name).
+		Get(sc)
+	if err != nil {
+		return false, err
+	}
+
+	if !has {
+		_, err = InsertEncryptedSecret(ctx, orgID, repoID, name, data)
+		if err != nil {
+			return false, err
+		}
+		return true, nil
+	}
+
+	if err := UpdateSecret(ctx, orgID, repoID, name, data); err != nil {
+		return false, err
+	}
+
+	return false, nil
+}

models/unit/unit.go

@@ -9,6 +9,7 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models/perm"
+	"code.gitea.io/gitea/modules/container"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 )
@@ -318,14 +319,13 @@ var (
 
 // FindUnitTypes give the unit key names and return valid unique units and invalid keys
 func FindUnitTypes(nameKeys ...string) (res []Type, invalidKeys []string) {
-	m := map[Type]struct{}{}
+	m := make(container.Set[Type])
 	for _, key := range nameKeys {
 		t := TypeFromKey(key)
 		if t == TypeInvalid {
 			invalidKeys = append(invalidKeys, key)
-		} else if _, ok := m[t]; !ok {
+		} else if m.Add(t) {
 			res = append(res, t)
-			m[t] = struct{}{}
 		}
 	}
 	return res, invalidKeys

modules/assetfs/layered.go

@@ -14,6 +14,7 @@ import (
 	"sort"
 	"time"
 
+	"code.gitea.io/gitea/modules/container"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/process"
 	"code.gitea.io/gitea/modules/util"
@@ -130,22 +131,19 @@ func readDir(layer *Layer, name string) ([]fs.FileInfo, error) {
 // * false: only directories will be returned.
 // The returned files are sorted by name.
 func (l *LayeredFS) ListFiles(name string, fileMode ...bool) ([]string, error) {
-	fileMap := map[string]bool{}
+	fileSet := make(container.Set[string])
 	for _, layer := range l.layers {
 		infos, err := readDir(layer, name)
 		if err != nil {
 			return nil, err
 		}
 		for _, info := range infos {
 			if shouldInclude(info, fileMode...) {
-				fileMap[info.Name()] = true
+				fileSet.Add(info.Name())
 			}
 		}
 	}
-	files := make([]string, 0, len(fileMap))
-	for file := range fileMap {
-		files = append(files, file)
-	}
+	files := fileSet.Values()
 	sort.Strings(files)
 	return files, nil
 }
@@ -161,7 +159,7 @@ func (l *LayeredFS) ListAllFiles(name string, fileMode ...bool) ([]string, error
 }
 
 func listAllFiles(layers []*Layer, name string, fileMode ...bool) ([]string, error) {
-	fileMap := map[string]bool{}
+	fileSet := make(container.Set[string])
 	var list func(dir string) error
 	list = func(dir string) error {
 		for _, layer := range layers {
@@ -172,7 +170,7 @@ func listAllFiles(layers []*Layer, name string, fileMode ...bool) ([]string, err
 			for _, info := range infos {
 				path := util.PathJoinRelX(dir, info.Name())
 				if shouldInclude(info, fileMode...) {
-					fileMap[path] = true
+					fileSet.Add(path)
 				}
 				if info.IsDir() {
 					if err = list(path); err != nil {
@@ -186,10 +184,7 @@ func listAllFiles(layers []*Layer, name string, fileMode ...bool) ([]string, err
 	if err := list(name); err != nil {
 		return nil, err
 	}
-	var files []string
-	for file := range fileMap {
-		files = append(files, file)
-	}
+	files := fileSet.Values()
 	sort.Strings(files)
 	return files, nil
 }

modules/git/log_name_status.go

@@ -374,27 +374,25 @@ heaploop:
 			break heaploop
 		}
 		parentRemaining.Remove(current.CommitID)
-		if current.Paths != nil {
-			for i, found := range current.Paths {
-				if !found {
-					continue
+		for i, found := range current.Paths {
+			if !found {
+				continue
+			}
+			changed[i] = false
+			if results[i] == "" {
+				results[i] = current.CommitID
+				if err := repo.LastCommitCache.Put(headRef, path.Join(treepath, paths[i]), current.CommitID); err != nil {
+					return nil, err
 				}
-				changed[i] = false
-				if results[i] == "" {
-					results[i] = current.CommitID
-					if err := repo.LastCommitCache.Put(headRef, path.Join(treepath, paths[i]), current.CommitID); err != nil {
+				delete(path2idx, paths[i])
+				remaining--
+				if results[0] == "" {
+					results[0] = current.CommitID
+					if err := repo.LastCommitCache.Put(headRef, treepath, current.CommitID); err != nil {
 						return nil, err
 					}
-					delete(path2idx, paths[i])
+					delete(path2idx, "")
 					remaining--
-					if results[0] == "" {
-						results[0] = current.CommitID
-						if err := repo.LastCommitCache.Put(headRef, treepath, current.CommitID); err != nil {
-							return nil, err
-						}
-						delete(path2idx, "")
-						remaining--
-					}
 				}
 			}
 		}

modules/setting/service.go

@@ -223,7 +223,7 @@ func loadServiceFrom(rootCfg ConfigProvider) {
 	Service.UserDeleteWithCommentsMaxTime = sec.Key("USER_DELETE_WITH_COMMENTS_MAX_TIME").MustDuration(0)
 	sec.Key("VALID_SITE_URL_SCHEMES").MustString("http,https")
 	Service.ValidSiteURLSchemes = sec.Key("VALID_SITE_URL_SCHEMES").Strings(",")
-	schemes := make([]string, len(Service.ValidSiteURLSchemes))
+	schemes := make([]string, 0, len(Service.ValidSiteURLSchemes))
 	for _, scheme := range Service.ValidSiteURLSchemes {
 		scheme = strings.ToLower(strings.TrimSpace(scheme))
 		if scheme != "" {