Fixes#36333
## Problem
When CODEOWNERS automatically assigns reviewers to a pull request, the
timeline incorrectly shows the PR author as the one who requested the
review (e.g., "PR_AUTHOR requested review from CODE_OWNER"). This is
misleading since the action was triggered automatically by CODEOWNERS
rules, not by the PR author.
## Solution
Store CODEOWNERS attribution in comment metadata instead of changing the
doer user:
- Add `SpecialDoerName` field to `CommentMetaData` struct (value:
`"CODEOWNERS"` for CODEOWNERS-triggered requests)
- Pass `isCodeOwners=true` to `AddReviewRequest` and
`AddTeamReviewRequest` functions
- Template can check this metadata to show appropriate attribution
message
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
- Update JS and PY dependencies
- Workaround https://github.com/stylelint/stylelint/issues/8893 by
moving the stylint config file to JS
- Regenerate SVGs
- Bump to python 3.14 in devcontainer and actions
- Verified `@github/text-expander-element`
- Removed obsolete type stub
When a user has been revoked permission to access a repository, the
related notification could still be visited. But the repository's
information should not be leaked any more.
Enable chunked transfer encoding for Git LFS uploads by adding
Transfer-Encoding: chunked header to upload action responses. This
prevents large file uploads (100+ MB) from being blocked by reverse
proxies like Cloudflare that buffer non-chunked requests.
Fix https://github.com/go-gitea/gitea/issues/22233
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
`import.meta.env` is supported in both vitest and webpack [as of
recent](https://github.com/webpack/webpack/pull/19996), so replace all
previous use of `process.env` with it. Current usage is limited to test
files, I've also verified it works in actual frontend code.
`webpack/module` is added to typescript types which includes the
definition for `import.meta.env`. I've also made the eslint globals more
precise. Finally, `__webpack_public_path__` is removed from our type
definitions because `webpack/module` also provides it.
Bumps
[appleboy/git-push-action](https://github.com/appleboy/git-push-action)
from 1.0.0 to 1.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/appleboy/git-push-action/releases">appleboy/git-push-action's
releases</a>.</em></p>
<blockquote>
<h2>v1.2.0</h2>
<h2>Changelog</h2>
<h3>Features</h3>
<ul>
<li>2722561d2c158e67f0e4b908bda83937e53bbdd4: feat: add options for
insecure SSL and SSH version selection (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
</ul>
<h3>Others</h3>
<ul>
<li>2c87d5bacd46972f72523394e67af39825081037: style: standardize YAML
quoting and update input descriptions (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>66a962f89a56024b2a36de61fe65ba6b9994be15: fix: rename drone-git-push
env vars and update default version (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
</ul>
<h3>Enhancements</h3>
<ul>
<li>e37f17de403a8b0b59184d852be6b7a7e017d376: chore: mark all
directories as safe in global git configuration (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
</ul>
<h3>Refactor</h3>
<ul>
<li>7bdda76242d8f6b40576a039a2d2233c43b7661e: refactor: refactor GitHub
Action to use Bash instead of Docker (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
<li>4873de66e7bed19267cc8cd66959005c42d41cc7: refactor: simplify stdout
capturing by removing legacy logic (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
</ul>
<h3>Build process updates</h3>
<ul>
<li>d1c361f2d2e128593b5dfeb3c2d9a5c6a1af7128: ci: run Docker actions as
nobody and inject GITHUB_WORKSPACE (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
<li>fdf995de1284df95f38a3d99275eb38537eb05a4: ci: simplify Docker action
environment variable configuration (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
<li>8e938ac7df8937d595e4c4fcf345139339a34819: ci: update
GITHUB_WORKSPACE to use /github/home path (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
</ul>
<h3>Documentation updates</h3>
<ul>
<li>3b2c8661652360dbf1afe1b319a49dbb739c39f1: docs: migrate to composite
GitHub Action and standardize env vars (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
</ul>
<h2>v1.1.0</h2>
<h2>Changelog</h2>
<h3>Features</h3>
<ul>
<li>28a54bbef16233cbea6f9fe39f318a4f055cd749: feat: add mirror input
support to GitHub Action configuration (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>a63ac675f748ad297929b6d9688f94939fbe3dea: fix: fix spelling of
'force' option in git push actions (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
</ul>
<h3>Enhancements</h3>
<ul>
<li>ee39884535468c8b6f101c0980aec38a61bc6c8b: chore(readme): refactor
codebase and update dependencies (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
<li>94fb0c0d87ba52affdcb2daf8505a0e7f086f205: chore: bump drone-git-push
base image to version 1.2.0 (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
<li>a939634b19fa88f0d4c853f4b604a4df5549911d: chore: pin Drone Git Push
image to a specific version (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
</ul>
<h3>Build process updates</h3>
<ul>
<li>0a16d15bfdca306c84a299db735f248e9d408bb3: ci: improve CI workflow
for semantic version releases (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
<li>1807bf9a1b801f99799e4e2a64ca1c6b11301fc3: ci: automate maintenance
and enhance repository security (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
<li>f39abba130277d16a141588c1b4c194a8f0b4636: build: run container as
non-root user for enhanced security (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
<li>ed86ac596a332db5353062d7cbdf24d61554f5f1: ci: update CI workflows to
trigger on main branch (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
<li>cd8de7f6c86b1390f0108011580b6c9845b9f5df: build: eliminate
"nobody" user references from Dockerfile (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
<li>7465fee0c6ac1466048408a99c52598be9abf00f: ci: update CI workflow to
use newer actions/checkout version (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
<li>b9d4e07212dd711b7e57352e5b6172038ab20f6e: build: simplify Docker
build by removing entrypoint.sh chmod step (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
<li>14d3003b72ea485bf8707bfbef4926eca78cc341: build: upgrade CI pipeline
to latest drone-git-push base image (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
</ul>
<h3>Documentation updates</h3>
<ul>
<li>378ab1be62cfbae4111d3bbbec417d5b2e97134d: docs: clarify and
standardize input and action descriptions (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
<li>4c679526c0d1910c6e058a82fdde978d5cd8c0c2: docs: revamp documentation
with expanded features and usage examples (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
<li>61f29e5108e85fa252a0556c08ec87f0c425f1b2: docs: document GitHub
Action integration and Claude Code guidelines (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
<li>a7ef8abff3f71345b67dc056ac3d7b2d006efa42: docs: add Trivy security
scan badge to documentation (<a
href="https://github.com/appleboy"><code>@appleboy</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3b2c866165"><code>3b2c866</code></a>
docs: migrate to composite GitHub Action and standardize env vars</li>
<li><a
href="4873de66e7"><code>4873de6</code></a>
refactor: simplify stdout capturing by removing legacy logic</li>
<li><a
href="2c87d5bacd"><code>2c87d5b</code></a>
style: standardize YAML quoting and update input descriptions</li>
<li><a
href="2722561d2c"><code>2722561</code></a>
feat: add options for insecure SSL and SSH version selection</li>
<li><a
href="66a962f89a"><code>66a962f</code></a>
fix: rename drone-git-push env vars and update default version</li>
<li><a
href="7bdda76242"><code>7bdda76</code></a>
refactor: refactor GitHub Action to use Bash instead of Docker</li>
<li><a
href="8e938ac7df"><code>8e938ac</code></a>
ci: update GITHUB_WORKSPACE to use /github/home path</li>
<li><a
href="e37f17de40"><code>e37f17d</code></a>
chore: mark all directories as safe in global git configuration</li>
<li><a
href="fdf995de12"><code>fdf995d</code></a>
ci: simplify Docker action environment variable configuration</li>
<li><a
href="d1c361f2d2"><code>d1c361f</code></a>
ci: run Docker actions as nobody and inject GITHUB_WORKSPACE</li>
<li>Additional commits viewable in <a
href="https://github.com/appleboy/git-push-action/compare/v1.0.0...v1.2.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- reduce file name font size from 15px to 14px
- fix labels and buttons being cut off when their size is constrained
- change labels from monospace to sans-serif font
- move diff stats to right and change them from sum of changes to +/-
- change filemode to label and change text to match other labels
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
1. correctly parse git protocol's "OldCommit NewCommit RefName" line, it
should be explicitly split by space
2. add missing "return" in CreatePullRequest
3. add comments for "/user.keys" and "/user.gpg" outputs
4. trim space for the "commit status context name" to follow the same
behavior of git_model.NewCommitStatus
Replace #34651 and address more problems including fix framework bugs and changing to QueryInfo and QueryContent calls.
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This PR fixes#27383 where HTML headings like `<h1>Title</h1>` in
markdown files would have empty permalink anchors
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
WebUI has a checkbox for enabling maintainer edits you can check right
away when creating a new pull request.
Also, it is possible to set `allow_maintainer_edit` in an existing pull
request via API.
This change enables the option while creating a new pull request via
API.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
The code incorrectly assumed rel.Assets.Links and rel.Assets.Sources
arrays have equal length. This causes index out of bounds panic when
migrating GitLab releases with more links than sources, which is common
with GoReleaser-generated releases.
Fixes#36292
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fix#35998
1. Fix `<a rel>` :
* "_blank" already means "noopener"
* "noreferrer" is already provided by page's `<meta name="referrer">`
2. Fix "redirect_to" mechisam
* Use "referer" header to determine the redirect link for a successful
login
3. Simplify code and merge duplicate logic
- The compare page head title should be `compare` but not `new pull
request`.
- Use `UnstableGuessRefByShortName` instead of duplicated functions
calls.
- Direct-compare, tags, commits compare will not display `New Pull
Request` button any more.
The new screenshot
<img width="1459" height="391" alt="image"
src="https://github.com/user-attachments/assets/64e9b070-9c0b-41d1-b4b8-233b96270e1b"
/>
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Make Debian repository signing key generation use explicit stronger defaults
and embed the creation time in the OpenPGP comment for newly created keys.
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
- Use `gitrepo.IsRepositoryExist` instead of `util.IsExit` or
`util.IsDir`
- Use `gitrepo.OpenRepository` instead of `git.OpenRepository`
- Use `gitrepo.DeleteRepository` instead of `util.RemoveAll`
- Use `gitrepo.RenameRepository` instead of `util.Rename`
## Summary
This PR adds support for closing keywords (`closes`, `fixes`, `reopens`,
etc.) with full URL references in markdown links.
**Before:**
- `closes #123` ✅ works
- `closes org/repo#123` ✅ works
- `Closes [this issue](https://gitea.io/user/repo/issues/123)` ❌ didn't
work
- `Fixes [#456](https://gitea.io/org/project/issues/456)` ❌ didn't work
**After:**
All of the above now work correctly.
## Problem
When users reference issues using full URLs in markdown links (e.g.,
`Closes [this issue](https://gitea.io/user/repo/issues/123)`), the
closing keywords were not detected. This was because the URL processing
code explicitly stated:
```go
// Note: closing/reopening keywords not supported with URLs
```
Both methods of writing the reference render the same in the UI, so
users expected the closing keywords to behave the same.
## Solution
The fix works by:
1. Passing the original (unstripped) content to
`findAllIssueReferencesBytes`
2. When processing URL links from markdown, finding the URL position in
the original content
3. For markdown links `[text](url)`, finding the opening bracket `[`
position
4. Using that position to detect closing keywords before the link
## Testing
Added test cases for:
- `Closes [this issue](url)` - single URL with closing keyword
- `This fixes [#456](url)` - keyword in middle of text
- `Reopens [PR](url)` - reopen keyword with pull request URL
- Multiple URLs where only one has a closing keyword
All existing tests continue to pass.
Fixes#27549
