Merge branch 'main' into refactor-git-cmd

Author: lunny

cmd/admin.go

@@ -180,6 +180,11 @@ var (
 				Name:  "raw",
 				Usage: "Display only the token value",
 			},
+			cli.StringFlag{
+				Name:  "scopes",
+				Value: "",
+				Usage: "Comma separated list of scopes to apply to access token",
+			},
 		},
 		Action: runGenerateAccessToken,
 	}
@@ -698,9 +703,15 @@ func runGenerateAccessToken(c *cli.Context) error {
 		return err
 	}
 
+	accessTokenScope, err := auth_model.AccessTokenScope(c.String("scopes")).Normalize()
+	if err != nil {
+		return err
+	}
+
 	t := &auth_model.AccessToken{
-		Name: c.String("token-name"),
-		UID:  user.ID,
+		Name:  c.String("token-name"),
+		UID:   user.ID,
+		Scope: accessTokenScope,
 	}
 
 	if err := auth_model.NewAccessToken(t); err != nil {

custom/conf/app.example.ini

@@ -2458,6 +2458,8 @@ ROUTER = console
 ;LIMIT_SIZE_COMPOSER = -1
 ;; Maximum size of a Conan upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_CONAN = -1
+;; Maximum size of a Conda upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;LIMIT_SIZE_CONDA = -1
 ;; Maximum size of a Container upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_CONTAINER = -1
 ;; Maximum size of a Generic upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -1214,6 +1214,7 @@ Task queue configuration has been moved to `queue.task`. However, the below conf
 - `LIMIT_TOTAL_OWNER_SIZE`: **-1**: Maximum size of packages a single owner can use (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 - `LIMIT_SIZE_COMPOSER`: **-1**: Maximum size of a Composer upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 - `LIMIT_SIZE_CONAN`: **-1**: Maximum size of a Conan upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_CONDA`: **-1**: Maximum size of a Conda upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 - `LIMIT_SIZE_CONTAINER`: **-1**: Maximum size of a Container upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 - `LIMIT_SIZE_GENERIC`: **-1**: Maximum size of a Generic upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 - `LIMIT_SIZE_HELM`: **-1**: Maximum size of a Helm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)

docs/content/doc/packages/conda.en-us.md

@@ -0,0 +1,85 @@
+---
+date: "2022-12-28T00:00:00+00:00"
+title: "Conda Packages Repository"
+slug: "packages/conda"
+draft: false
+toc: false
+menu:
+  sidebar:
+    parent: "packages"
+    name: "Conda"
+    weight: 25
+    identifier: "conda"
+---
+
+# Conda Packages Repository
+
+Publish [Conda](https://docs.conda.io/en/latest/) packages for your user or organization.
+
+**Table of Contents**
+
+{{< toc >}}
+
+## Requirements
+
+To work with the Conda package registry, you need to use [conda](https://docs.conda.io/projects/conda/en/stable/user-guide/install/index.html).
+
+## Configuring the package registry
+
+To register the package registry and provide credentials, edit your `.condarc` file:
+
+```yaml
+channel_alias: https://gitea.example.com/api/packages/{owner}/conda
+channels:
+  - https://gitea.example.com/api/packages/{owner}/conda
+default_channels:
+  - https://gitea.example.com/api/packages/{owner}/conda
+```
+
+| Placeholder  | Description |
+| ------------ | ----------- |
+| `owner`      | The owner of the package. |
+
+See the [official documentation](https://conda.io/projects/conda/en/latest/user-guide/configuration/use-condarc.html) for explanations of the individual settings.
+
+If you need to provide credentials, you may embed them as part of the channel url (`https://user:[email protected]/...`).
+
+## Publish a package
+
+To publish a package, perform a HTTP PUT operation with the package content in the request body.
+
+```
+PUT https://gitea.example.com/api/packages/{owner}/conda/{channel}/{filename}
+```
+
+| Placeholder  | Description |
+| ------------ | ----------- |
+| `owner`      | The owner of the package. |
+| `channel`    | The [channel](https://conda.io/projects/conda/en/latest/user-guide/concepts/channels.html) of the package. (optional) |
+| `filename`   | The name of the file. |
+
+Example request using HTTP Basic authentication:
+
+```shell
+curl --user your_username:your_password_or_token \
+     --upload-file path/to/package-1.0.conda \
+     https://gitea.example.com/api/packages/testuser/conda/package-1.0.conda
+```
+
+You cannot publish a package if a package of the same name and version already exists. You must delete the existing package first.
+
+## Install a package
+
+To install a package from the package registry, execute one of the following commands:
+
+```shell
+conda install {package_name}
+conda install {package_name}={package_version}
+conda install -c {channel} {package_name}
+```
+
+| Parameter         | Description |
+| ----------------- | ----------- |
+| `package_name`    | The package name. |
+| `package_version` | The package version. |
+| `channel`         | The channel of the package. (optional) |

docs/content/doc/packages/overview.en-us.md

@@ -28,6 +28,7 @@ The following package managers are currently supported:
 | ---- | -------- | -------------- |
 | [Composer]({{< relref "doc/packages/composer.en-us.md" >}}) | PHP | `composer` |
 | [Conan]({{< relref "doc/packages/conan.en-us.md" >}}) | C++ | `conan` |
+| [Conda]({{< relref "doc/packages/conda.en-us.md" >}}) | - | `conda` |
 | [Container]({{< relref "doc/packages/container.en-us.md" >}}) | - | any OCI compliant client |
 | [Generic]({{< relref "doc/packages/generic.en-us.md" >}}) | - | any HTTP client |
 | [Helm]({{< relref "doc/packages/helm.en-us.md" >}}) | - | any HTTP client, `cm-push` |

docs/content/doc/secrets/overview.en-us.md

@@ -1,6 +1,6 @@
 ---
 date: "2022-12-19T21:26:00+08:00"
-title: "Encrypted secrets"
+title: "Secrets"
 slug: "secrets/overview"
 draft: false
 toc: false
@@ -12,24 +12,24 @@ menu:
     identifier: "overview"
 ---
 
-# Encrypted secrets
+# Secrets
 
-Encrypted secrets allow you to store sensitive information in your organization or repository.
+Secrets allow you to store sensitive information in your user, organization or repository.
 Secrets are available on Gitea 1.19+.
 
 # Naming your secrets
 
 The following rules apply to secret names:
 
-Secret names can only contain alphanumeric characters (`[a-z]`, `[A-Z]`, `[0-9]`) or underscores (`_`). Spaces are not allowed.
+- Secret names can only contain alphanumeric characters (`[a-z]`, `[A-Z]`, `[0-9]`) or underscores (`_`). Spaces are not allowed.
 
-Secret names must not start with the `GITHUB_` and `GITEA_` prefix.
+- Secret names must not start with the `GITHUB_` and `GITEA_` prefix.
 
-Secret names must not start with a number.
+- Secret names must not start with a number.
 
-Secret names are not case-sensitive.
+- Secret names are not case-sensitive.
 
-Secret names must be unique at the level they are created at.
+- Secret names must be unique at the level they are created at.
 
 For example, a secret created at the repository level must have a unique name in that repository, and a secret created at the organization level must have a unique name at that level.
 

go.mod

@@ -26,6 +26,7 @@ require (
 	github.com/dimiro1/reply v0.0.0-20200315094148-d0136a4c9e21
 	github.com/djherbis/buffer v1.2.0
 	github.com/djherbis/nio/v3 v3.0.1
+	github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5
 	github.com/dustin/go-humanize v1.0.0
 	github.com/editorconfig/editorconfig-core-go/v2 v2.5.1
 	github.com/emersion/go-imap v1.2.1
@@ -161,7 +162,6 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/dlclark/regexp2 v1.7.0 // indirect
-	github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect
 	github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21 // indirect
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/felixge/httpsnoop v1.0.3 // indirect
@@ -284,7 +284,7 @@ replace github.com/shurcooL/vfsgen => github.com/lunny/vfsgen v0.0.0-20220105142
 
 replace github.com/blevesearch/zapx/v15 v15.3.6 => github.com/zeripath/zapx/v15 v15.3.6-alignment-fix
 
-replace github.com/nektos/act => gitea.com/gitea/act v0.234.0
+replace github.com/nektos/act => gitea.com/gitea/act v0.234.2-0.20230131074955-e46ede1b1744
 
 exclude github.com/gofrs/uuid v3.2.0+incompatible
 

go.sum

@@ -70,8 +70,8 @@ codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570/go.mod h1:IIAjsi
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 git.sr.ht/~mariusor/go-xsd-duration v0.0.0-20220703122237-02e73435a078 h1:cliQ4HHsCo6xi2oWZYKWW4bly/Ory9FuTpFPRxj/mAg=
 git.sr.ht/~mariusor/go-xsd-duration v0.0.0-20220703122237-02e73435a078/go.mod h1:g/V2Hjas6Z1UHUp4yIx6bATpNzJ7DYtD0FG3+xARWxs=
-gitea.com/gitea/act v0.234.0 h1:gWgMPMKdNcMrp/o2CF/SyVKiiJLBFl+xmzfvoHCpykU=
-gitea.com/gitea/act v0.234.0/go.mod h1:2C/WbTalu1VPNgbVaZJaZDzlOtAKqkXJhdOClxkMy14=
+gitea.com/gitea/act v0.234.2-0.20230131074955-e46ede1b1744 h1:cqzKmGlX0wynSXO04NILpL25eBGwogDrKpkkbwmIpj4=
+gitea.com/gitea/act v0.234.2-0.20230131074955-e46ede1b1744/go.mod h1:2C/WbTalu1VPNgbVaZJaZDzlOtAKqkXJhdOClxkMy14=
 gitea.com/go-chi/binding v0.0.0-20221013104517-b29891619681 h1:MMSPgnVULVwV9kEBgvyEUhC9v/uviZ55hPJEMjpbNR4=
 gitea.com/go-chi/binding v0.0.0-20221013104517-b29891619681/go.mod h1:77TZu701zMXWJFvB8gvTbQ92zQ3DQq/H7l5wAEjQRKc=
 gitea.com/go-chi/cache v0.0.0-20210110083709-82c4c9ce2d5e/go.mod h1:k2V/gPDEtXGjjMGuBJiapffAXTv76H4snSmlJRLUhH0=

models/asymkey/error.go

@@ -24,6 +24,9 @@ func (err ErrKeyUnableVerify) Error() string {
 	return fmt.Sprintf("Unable to verify key content [result: %s]", err.Result)
 }
 
+// ErrKeyIsPrivate is returned when the provided key is a private key not a public key
+var ErrKeyIsPrivate = util.NewSilentWrapErrorf(util.ErrInvalidArgument, "the provided key is a private key")
+
 // ErrKeyNotExist represents a "KeyNotExist" kind of error.
 type ErrKeyNotExist struct {
 	ID int64

models/asymkey/ssh_key_parse.go

@@ -96,6 +96,9 @@ func parseKeyString(content string) (string, error) {
 			if block == nil {
 				return "", fmt.Errorf("failed to parse PEM block containing the public key")
 			}
+			if strings.Contains(block.Type, "PRIVATE") {
+				return "", ErrKeyIsPrivate
+			}
 
 			pub, err := x509.ParsePKIXPublicKey(block.Bytes)
 			if err != nil {