Merge remote-tracking branch 'upstream/main'

* upstream/main:
  Add popup to hashed comments/pull requests/issues in file editing/adding preview tab (go-gitea#24040)
  Use reactive store to share data between components (go-gitea#23996)
  [skip ci] Updated translations via Crowdin
  Fix accidental overwriting of LDAP team memberships (go-gitea#24050)
  Add cardtype to org/user level project on creation, edit and view (go-gitea#24043)
  Fix branch protection priority (go-gitea#24045)
  Update documentation to explain which projects allow Gitea to host static pages (go-gitea#23993)
  Fix date  display bug (go-gitea#24047)
  Fine tune markdown editor toolbar (go-gitea#24046)
  Add tooltips for MD editor buttons and add `muted` class for buttons (go-gitea#23896)
  Prefer native parser for SSH public key parsing (go-gitea#23798)

custom/conf/app.example.ini

@@ -186,8 +186,8 @@ RUN_MODE = ; prod
 ;; default is the system temporary directory.
 ;SSH_KEY_TEST_PATH =
 ;;
-;; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
-;SSH_KEYGEN_PATH = ssh-keygen
+;; Use `ssh-keygen` to parse public SSH keys. The value is passed to the shell. By default, Gitea does the parsing itself.
+;SSH_KEYGEN_PATH =
 ;;
 ;; Enable SSH Authorized Key Backup when rewriting all keys, default is true
 ;SSH_AUTHORIZED_KEYS_BACKUP = true

docs/content/doc/administration/config-cheat-sheet.en-us.md

@@ -345,7 +345,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `SSH_SERVER_MACS`: **[email protected], hmac-sha2-256, hmac-sha1**: For the built-in SSH server, choose the MACs to support for SSH connections, for system SSH this setting has no effect
 - `SSH_SERVER_HOST_KEYS`: **ssh/gitea.rsa, ssh/gogs.rsa**: For the built-in SSH server, choose the keypairs to offer as the host key. The private key should be at `SSH_SERVER_HOST_KEY` and the public `SSH_SERVER_HOST_KEY.pub`. Relative paths are made absolute relative to the `APP_DATA_PATH`. If no key exists a 4096 bit RSA key will be created for you.
 - `SSH_KEY_TEST_PATH`: **/tmp**: Directory to create temporary files in when testing public keys using ssh-keygen, default is the system temporary directory.
-- `SSH_KEYGEN_PATH`: **ssh-keygen**: Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
+- `SSH_KEYGEN_PATH`: **\<empty\>**: Use `ssh-keygen` to parse public SSH keys. The value is passed to the shell. By default, Gitea does the parsing itself.
 - `SSH_EXPOSE_ANONYMOUS`: **false**: Enable exposure of SSH clone URL to anonymous visitors, default is false.
 - `SSH_PER_WRITE_TIMEOUT`: **30s**: Timeout for any write to the SSH connections. (Set to
   -1 to disable all timeouts.)

docs/content/doc/help/faq.en-us.md

@@ -118,6 +118,14 @@ The correct path for the template(s) will be relative to the `CustomPath`
 2. If you are still unable to find a path, the default can be [calculated above](#where-does-gitea-store-what-file)
 3. Once you have figured out the correct custom path, you can refer to the [customizing Gitea]({{< relref "doc/administration/customizing-gitea.en-us.md" >}}) page to add your template to the correct location.
 
+## Does Gitea have a "GitHub/GitLab pages" feature?
+
+Gitea doesn't provide a built-in Pages server. You need a dedicated domain to serve static pages to avoid CSRF security risks.
+
+For simple usage, you can use a reverse proxy to rewrite & serve static contents from Gitea's raw file URLs.
+
+And there are already available third-party services, like a standalone [pages server](https://codeberg.org/Codeberg/pages-server) or a [caddy plugin](https://github.com/42wim/caddy-gitea), that can provide the required functionality.
+
 ## Active user vs login prohibited user
 
 In Gitea, an "active" user refers to a user that has activated their account via email.

docs/content/doc/installation/comparison.en-us.md

@@ -31,6 +31,8 @@ _Symbols used in table:_
 
 - _✘ - unsupported_
 
+- _⚙️ - supported through third-party software_
+
 ## General Features
 
 | Feature                                          | Gitea                                               | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket | RhodeCode CE |
@@ -51,7 +53,7 @@ _Symbols used in table:_
 | Custom Theme Support                             | ✓                                                   | ✓    | ✘         | ✘         | ✘         | ✓         | ✘            |
 | Markdown support                                 | ✓                                                   | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
 | CSV support                                      | ✓                                                   | ✘    | ✓         | ✘         | ✘         | ✓         | ?            |
-| 'GitHub / GitLab pages'                          | [✘](https://github.com/go-gitea/gitea/issues/302)   | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| 'GitHub / GitLab pages'                          | [⚙️][gitea-pages-server], [⚙️][gitea-caddy-plugin]    | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
 | Repo-specific wiki (as a repo itself)            | ✓                                                   | ✓    | ✓         | ✓         | ✓         | /         | ✘            |
 | Deploy Tokens                                    | ✓                                                   | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
 | Repository Tokens with write rights              | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
@@ -144,3 +146,6 @@ _Symbols used in table:_
 | Two factor authentication (2FA)                | ✓                                                  | ✓    | ✓         | ✓         | ✓         | ✓         | ✘            |
 | Integration with the most common services      | ✓                                                  | /    | ⁄         | ✓         | ✓         | ⁄         | ✓            |
 | Incorporate external CI/CD                     | ✓                                                  | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+
+[gitea-caddy-plugin]: https://github.com/42wim/caddy-gitea
+[gitea-pages-server]: https://codeberg.org/Codeberg/pages-server

docs/content/doc/installation/comparison.zh-cn.md

@@ -29,6 +29,8 @@ _表格中的符号含义:_
 
 * _? - 不确定_
 
+* _⚙️ - 由第三方服务或插件支持_
+
 #### 主要特性
 
 | 特性                  | Gitea                                              | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket      | RhodeCode CE |
@@ -42,7 +44,7 @@ _表格中的符号含义:_
 | 支持 Orgmode          | ✓                                                  | ✘    | ✓         | ✘         | ✘         | ✘              | ?            |
 | 支持 CSV              | ✓                                                  | ✘    | ✓         | ✘         | ✘         | ✓              | ?            |
 | 支持第三方渲染工具    | ✓                                                  | ✘    | ✘         | ✘         | ✘         | ✓              | ?            |
-| Git 驱动的静态 pages  | [✘](https://github.com/go-gitea/gitea/issues/302)  | ✘    | ✓         | ✓         | ✓         | ✘              | ✘            |
+| Git 驱动的静态 pages  | [⚙️][gitea-pages-server], [⚙️][gitea-caddy-plugin]   | ✘    | ✓         | ✓         | ✓         | ✘              | ✘            |
 | Git 驱动的集成化 wiki | ✓                                                  | ✓    | ✓         | ✓         | ✓         | ✓ (cloud only) | ✘            |
 | 部署令牌              | ✓                                                  | ✓    | ✓         | ✓         | ✓         | ✓              | ✓            |
 | 仓库写权限令牌        | ✓                                                  | ✘    | ✓         | ✓         | ✓         | ✓              | ✓            |
@@ -129,3 +131,6 @@ _表格中的符号含义:_
 | 集成 Discord               | ✓                                                  | ✓                                             | ✓         | ✓         | ✓         | ✘         | ✘            |
 | 集成 Microsoft Teams       | ✓                                                  | ✘                                             | ✓         | ✓         | ✓         | ✓         | ✘            |
 | 显示外部 CI/CD 的状态      | ✓                                                  | ✘                                             | ✓         | ✓         | ✓         | ✓         | ✓            |
+
+[gitea-caddy-plugin]: https://github.com/42wim/caddy-gitea
+[gitea-pages-server]: https://codeberg.org/Codeberg/pages-server

docs/content/doc/installation/comparison.zh-tw.md

@@ -31,6 +31,8 @@ menu:
 
 - ✘ - 不支援
 
+- _⚙️ - 由第三方服務或外掛程式支援_
+
 ## 一般功能
 
 | 功能                     | Gitea                                              | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket | RhodeCode CE |
@@ -44,7 +46,7 @@ menu:
 | 支援 Orgmode             | ✓                                                  | ✘    | ✓         | ✘         | ✘         | ✘         | ?            |
 | 支援 CSV                 | ✓                                                  | ✘    | ✓         | ✘         | ✘         | ✓         | ?            |
 | 支援第三方渲染工具       | ✓                                                  | ✘    | ✘         | ✘         | ✘         | ✓         | ?            |
-| Git 驅動的靜態頁面       | [✘](https://github.com/go-gitea/gitea/issues/302)  | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| Git 驅動的靜態頁面       | [⚙️][gitea-pages-server], [⚙️][gitea-caddy-plugin]   | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
 | Git 驅動的整合 wiki      | ✓                                                  | ✓    | ✓         | ✓         | ✓         | ✓         | ✘            |
 | 部署 Token               | ✓                                                  | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
 | 有寫入權限的儲存庫 Token | ✓                                                  | ✘    | ✓         | ✓         | ✓         | ✘         | ✓            |
@@ -130,3 +132,6 @@ menu:
 | 整合 Discord              | ✓                                                | ✓    | ✓         | ✓         | ✓         | ✘         | ✘            |
 | 整合 Microsoft Teams      | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
 | 顯示外部 CI/CD 狀態       | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+
+[gitea-caddy-plugin]: https://github.com/42wim/caddy-gitea
+[gitea-pages-server]: https://codeberg.org/Codeberg/pages-server

models/asymkey/ssh_key_parse.go

@@ -179,7 +179,7 @@ func CheckPublicKeyString(content string) (_ string, err error) {
 		keyType string
 		length  int
 	)
-	if setting.SSH.StartBuiltinServer {
+	if len(setting.SSH.KeygenPath) == 0 {
 		fnName = "SSHNativeParsePublicKey"
 		keyType, length, err = SSHNativeParsePublicKey(content)
 	} else {
@@ -285,7 +285,12 @@ func SSHKeyGenParsePublicKey(key string) (string, int, error) {
 		}
 	}()
 
-	stdout, stderr, err := process.GetManager().Exec("SSHKeyGenParsePublicKey", setting.SSH.KeygenPath, "-lf", tmpName)
+	keygenPath := setting.SSH.KeygenPath
+	if len(keygenPath) == 0 {
+		keygenPath = "ssh-keygen"
+	}
+
+	stdout, stderr, err := process.GetManager().Exec("SSHKeyGenParsePublicKey", keygenPath, "-lf", tmpName)
 	if err != nil {
 		return "", 0, fmt.Errorf("fail to parse public key: %s - %s", err, stderr)
 	}

models/asymkey/ssh_key_test.go

@@ -57,6 +57,14 @@ func Test_SSHParsePublicKey(t *testing.T) {
 				assert.Equal(t, tc.keyType, keyTypeK)
 				assert.EqualValues(t, tc.length, lengthK)
 			})
+			t.Run("SSHParseKeyNative", func(t *testing.T) {
+				keyTypeK, lengthK, err := SSHNativeParsePublicKey(tc.content)
+				if err != nil {
+					assert.Fail(t, "%v", err)
+				}
+				assert.Equal(t, tc.keyType, keyTypeK)
+				assert.EqualValues(t, tc.length, lengthK)
+			})
 		})
 	}
 }

models/git/protected_banch_list_test.go

@@ -0,0 +1,76 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package git
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestBranchRuleMatchPriority(t *testing.T) {
+	kases := []struct {
+		Rules            []string
+		BranchName       string
+		ExpectedMatchIdx int
+	}{
+		{
+			Rules:            []string{"release/*", "release/v1.17"},
+			BranchName:       "release/v1.17",
+			ExpectedMatchIdx: 1,
+		},
+		{
+			Rules:            []string{"release/v1.17", "release/*"},
+			BranchName:       "release/v1.17",
+			ExpectedMatchIdx: 0,
+		},
+		{
+			Rules:            []string{"release/**/v1.17", "release/test/v1.17"},
+			BranchName:       "release/test/v1.17",
+			ExpectedMatchIdx: 1,
+		},
+		{
+			Rules:            []string{"release/test/v1.17", "release/**/v1.17"},
+			BranchName:       "release/test/v1.17",
+			ExpectedMatchIdx: 0,
+		},
+		{
+			Rules:            []string{"release/**", "release/v1.0.0"},
+			BranchName:       "release/v1.0.0",
+			ExpectedMatchIdx: 1,
+		},
+		{
+			Rules:            []string{"release/v1.0.0", "release/**"},
+			BranchName:       "release/v1.0.0",
+			ExpectedMatchIdx: 0,
+		},
+		{
+			Rules:            []string{"release/**", "release/v1.0.0"},
+			BranchName:       "release/v2.0.0",
+			ExpectedMatchIdx: 0,
+		},
+		{
+			Rules:            []string{"release/*", "release/v1.0.0"},
+			BranchName:       "release/1/v2.0.0",
+			ExpectedMatchIdx: -1,
+		},
+	}
+
+	for _, kase := range kases {
+		var pbs ProtectedBranchRules
+		for _, rule := range kase.Rules {
+			pbs = append(pbs, &ProtectedBranch{RuleName: rule})
+		}
+		pbs.sort()
+		matchedPB := pbs.GetFirstMatched(kase.BranchName)
+		if matchedPB == nil {
+			if kase.ExpectedMatchIdx >= 0 {
+				assert.Error(t, fmt.Errorf("no matched rules but expected %s[%d]", kase.Rules[kase.ExpectedMatchIdx], kase.ExpectedMatchIdx))
+			}
+		} else {
+			assert.EqualValues(t, kase.Rules[kase.ExpectedMatchIdx], matchedPB.RuleName)
+		}
+	}
+}

models/git/protected_branch_list.go

@@ -28,12 +28,8 @@ func (rules ProtectedBranchRules) sort() {
 	sort.Slice(rules, func(i, j int) bool {
 		rules[i].loadGlob()
 		rules[j].loadGlob()
-		if rules[i].isPlainName {
-			if !rules[j].isPlainName {
-				return true
-			}
-		} else if rules[j].isPlainName {
-			return true
+		if rules[i].isPlainName != rules[j].isPlainName {
+			return rules[i].isPlainName // plain name comes first, so plain name means "less"
 		}
 		return rules[i].CreatedUnix < rules[j].CreatedUnix
 	})
@@ -46,7 +42,7 @@ func FindRepoProtectedBranchRules(ctx context.Context, repoID int64) (ProtectedB
 	if err != nil {
 		return nil, err
 	}
-	rules.sort()
+	rules.sort() // to make non-glob rules have higher priority, and for same glob/non-glob rules, first created rules have higher priority
 	return rules, nil
 }
 

modules/setting/ssh.go

@@ -58,7 +58,7 @@ var SSH = struct {
 	ServerCiphers:                 []string{"[email protected]", "aes128-ctr", "aes192-ctr", "aes256-ctr", "[email protected]", "[email protected]"},
 	ServerKeyExchanges:            []string{"curve25519-sha256", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"},
 	ServerMACs:                    []string{"[email protected]", "hmac-sha2-256", "hmac-sha1"},
-	KeygenPath:                    "ssh-keygen",
+	KeygenPath:                    "",
 	MinimumKeySizeCheck:           true,
 	MinimumKeySizes:               map[string]int{"ed25519": 256, "ed25519-sk": 256, "ecdsa": 256, "ecdsa-sk": 256, "rsa": 2047},
 	ServerHostKeys:                []string{"ssh/gitea.rsa", "ssh/gogs.rsa"},
@@ -134,7 +134,7 @@ func loadSSHFrom(rootCfg ConfigProvider) {
 		}
 	}
 
-	SSH.KeygenPath = sec.Key("SSH_KEYGEN_PATH").MustString("ssh-keygen")
+	SSH.KeygenPath = sec.Key("SSH_KEYGEN_PATH").String()
 	SSH.Port = sec.Key("SSH_PORT").MustInt(22)
 	SSH.ListenPort = sec.Key("SSH_LISTEN_PORT").MustInt(SSH.Port)
 	SSH.UseProxyProtocol = sec.Key("SSH_SERVER_USE_PROXY_PROTOCOL").MustBool(false)

options/locale/locale_cs-CZ.ini

@@ -110,6 +110,7 @@ never=Nikdy
 
 rss_feed=RSS kanál
 
+
 [aria]
 navbar=Navigační lišta
 footer=Patička
@@ -2247,8 +2248,6 @@ release.edit_subheader=Vydání organizuje verze projektu.
 release.tag_name=Název značky
 release.target=Cíl
 release.tag_helper=Vyberte existující značku nebo vytvořte novou značku.
-release.title=Název
-release.content=Obsah
 release.prerelease_desc=Označit jako předběžná verze
 release.prerelease_helper=Označit vydání jako nevhodné pro produkční nasazení.
 release.cancel=Zrušit
@@ -3109,7 +3108,6 @@ details.documentation_site=Stránka dokumentace
 details.license=Licence
 assets=Prostředky
 versions=Verze
-versions.on= 
 versions.view_all=Zobrazit všechny
 dependency.id=ID
 dependency.version=Verze

options/locale/locale_de-DE.ini

@@ -107,6 +107,7 @@ never=Niemals
 
 rss_feed=RSS Feed
 
+
 [aria]
 
 [filter]
@@ -2184,8 +2185,6 @@ release.edit_subheader=In Releases werden Projektversionen verwaltet.
 release.tag_name=Tag-Name
 release.target=Ziel
 release.tag_helper=Wähle einen existierenden oder erstelle einen neuen Tag.
-release.title=Titel
-release.content=Inhalt
 release.prerelease_desc=Als Pre-Release kennzeichnen
 release.prerelease_helper=Dieses Release als „ungeeignet für den produktiven Einsatz“ markieren.
 release.cancel=Abbrechen
@@ -3035,7 +3034,6 @@ details.project_site=Projektseite
 details.license=Lizenz
 assets=Dateien
 versions=Versionen
-versions.on=am
 versions.view_all=Alle anzeigen
 dependency.id=ID
 dependency.version=Version

options/locale/locale_el-GR.ini

@@ -110,6 +110,7 @@ never=Ποτέ
 
 rss_feed=Ροή RSS
 
+
 [aria]
 navbar=Γραμμή Πλοήγησης
 footer=Υποσέλιδο
@@ -2277,8 +2278,6 @@ release.target=Στόχος
 release.tag_helper=Επιλέξτε μια υπάρχουσα ετικέτα ή δημιουργήστε μια νέα.
 release.tag_helper_new=Νέα ετικέτα. Αυτή η ετικέτα θα δημιουργηθεί από τον προορισμό.
 release.tag_helper_existing=Υπάρχουσα ετικέτα.
-release.title=Τίτλος
-release.content=Περιεχόμενο
 release.prerelease_desc=Σήμανση ως Προ-Κυκλοφορία
 release.prerelease_helper=Σημείωση αυτής της κυκλοφορίας ως ακατάλληλη για χρήση στη παραγωγή.
 release.cancel=Ακύρωση
@@ -3148,7 +3147,6 @@ details.documentation_site=Ιστοσελίδα Τεκμηρίωσης
 details.license=Άδεια
 assets=Πόροι
 versions=Εκδόσεις
-versions.on=τη
 versions.view_all=Προβολή όλων
 dependency.id=ID
 dependency.version=Έκδοση

options/locale/locale_en-US.ini

@@ -120,6 +120,20 @@ footer = Footer
 footer.software = About Software
 footer.links = Links
 
+[editor]
+buttons.heading.tooltip = Add heading
+buttons.bold.tooltip = Add bold text
+buttons.italic.tooltip = Add italic text
+buttons.quote.tooltip = Quote text
+buttons.code.tooltip = Add code
+buttons.link.tooltip = Add a link
+buttons.list.unordered.tooltip = Add a bullet list
+buttons.list.ordered.tooltip = Add a numbered list
+buttons.list.task.tooltip = Add a list of tasks
+buttons.mention.tooltip = Mention a user or team
+buttons.ref.tooltip = Reference an issue or pull request
+buttons.switch_to_legacy.tooltip = Use the legacy editor instead
+
 [filter]
 string.asc = A - Z
 string.desc = Z - A

options/locale/locale_es-ES.ini

@@ -107,6 +107,7 @@ never=Nunca
 
 rss_feed=Fuentes RSS
 
+
 [aria]
 
 [filter]
@@ -2215,8 +2216,6 @@ release.edit_subheader=Los lanzamientos organizan las versiones de proyectos.
 release.tag_name=Nombre de la etiqueta
 release.target=Destino
 release.tag_helper=Escoge una etiqueta existente o crea una nueva.
-release.title=Título
-release.content=Contenido
 release.prerelease_desc=Marcar como Pre-Lanzamiento
 release.prerelease_helper=Marcar este lanzamiento como no es adecuada para usar en producción.
 release.cancel=Cancelar
@@ -3070,7 +3069,6 @@ details.project_site=Sitio del proyecto
 details.license=Licencia
 assets=Activos
 versions=Versiones
-versions.on=en
 versions.view_all=Ver todo
 dependency.id=Id.
 dependency.version=Versión