Fix test

.gitignore

@@ -1,4 +1,2 @@
 node_modules/
 
-test/test-results.xml
-test/screenshots/

CHANGELOG.md

@@ -1649,362 +1649,3 @@
 * Fix basic auth with webauthn (#32531) (#32536)
 * Refactor internal routers (partial backport, auth token const time comparing) (#32473) (#32479)
 
-[1.33.5]
-* Update gitea to 1.22.5
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.22.5)
-* Upgrade crypto library ([#​32791](https://github.com/go-gitea/gitea/issues/32791))
-* Fix delete branch perm checking ([#​32654](https://github.com/go-gitea/gitea/issues/32654)) ([#​32707](https://github.com/go-gitea/gitea/issues/32707))
-* Add standard-compliant route to serve outdated R packages ([#​32783](https://github.com/go-gitea/gitea/issues/32783)) ([#​32789](https://github.com/go-gitea/gitea/issues/32789))
-* Fix internal server error when updating labels without write permission ([#​32776](https://github.com/go-gitea/gitea/issues/32776)) ([#​32785](https://github.com/go-gitea/gitea/issues/32785))
-* Add Swift login endpoint ([#​32693](https://github.com/go-gitea/gitea/issues/32693)) ([#​32701](https://github.com/go-gitea/gitea/issues/32701))
-* Fix fork page branch selection ([#​32711](https://github.com/go-gitea/gitea/issues/32711)) ([#​32725](https://github.com/go-gitea/gitea/issues/32725))
-* Fix word overflow in file search page ([#​32695](https://github.com/go-gitea/gitea/issues/32695)) ([#​32699](https://github.com/go-gitea/gitea/issues/32699))
-* Fix gogit `GetRefCommitID` ([#​32705](https://github.com/go-gitea/gitea/issues/32705)) ([#​32712](https://github.com/go-gitea/gitea/issues/32712))
-* Fix race condition in mermaid observer ([#​32599](https://github.com/go-gitea/gitea/issues/32599)) ([#​32673](https://github.com/go-gitea/gitea/issues/32673))
-* Fixe a keystring misuse and refactor duplicates keystrings ([#​32668](https://github.com/go-gitea/gitea/issues/32668)) ([#​32792](https://github.com/go-gitea/gitea/issues/32792))
-* Bump relative-time-element to v4.4.4 ([#​32739](https://github.com/go-gitea/gitea/issues/32739))
-* Make wiki pages visit fast ([#​32732](https://github.com/go-gitea/gitea/issues/32732)) ([#​32745](https://github.com/go-gitea/gitea/issues/32745))
-* Don't create action when syncing mirror pull refs ([#​32659](https://github.com/go-gitea/gitea/issues/32659)) ([#​32664](https://github.com/go-gitea/gitea/issues/32664))
-
-[1.33.6]
-* Update gitea to 1.22.6
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.22.6)
-* Fix misuse of PublicKeyCallback([#​32810](https://github.com/go-gitea/gitea/issues/32810))
-* Fix lfs migration ([#​32812](https://github.com/go-gitea/gitea/issues/32812)) ([#​32818](https://github.com/go-gitea/gitea/issues/32818))
-* Add missing two sync feed for refs/pull ([#​32815](https://github.com/go-gitea/gitea/issues/32815))
-* Avoid MacOS keychain dialog in integration tests ([#​32813](https://github.com/go-gitea/gitea/issues/32813)) ([#​32816](https://github.com/go-gitea/gitea/issues/32816))
-
-[1.34.0]
-* Update gitea to 1.23.0
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.0)
-* Rename config option `[camo].Allways` to `[camo].Always` ([#​32097](https://github.com/go-gitea/gitea/issues/32097))
-* Remove SHA1 for support for SSH RSA signing ([#​31857](https://github.com/go-gitea/gitea/issues/31857))
-* Use UTC as the default timezone when scheduling Actions cron tasks ([#​31742](https://github.com/go-gitea/gitea/issues/31742))
-* Delete Actions logs older than 1 year by default ([#​31735](https://github.com/go-gitea/gitea/issues/31735))
-* Make OIDC introspection authentication strictly require Client ID and secret ([#​31632](https://github.com/go-gitea/gitea/issues/31632))
-* Include file extension checks in attachment API ([#​32151](https://github.com/go-gitea/gitea/issues/32151))
-
-[1.34.1]
-* Update gitea to 1.23.1
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.1)
-* Move repo size to sidebar ([#​33155](https://github.com/go-gitea/gitea/issues/33155))
-* Fix editor markdown not incrementing in a numbered list ([#​33187](https://github.com/go-gitea/gitea/issues/33187)) [#​33193](https://github.com/go-gitea/gitea/issues/33193)
-
-[1.34.2]
-* Update gitea to 1.23.3
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.3)
-* Build Gitea with Golang v1.23.6 to fix security bugs
-* Fix a bug caused by status webhook template #33512
-
-[1.34.3]
-* Update gitea to 1.23.4
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.4)
-* Enhance routers for the Actions variable operations (#33547) (#33553)
-* Enhance routers for the Actions runner operations (#33549) (#33555)
-* Fix project issues list and counting (#33594) #33619
-* Add a transaction to pickTask (#33543) (#33563)
-* Fix mirror bug (#33597) (#33607)
-* Use default Git timeout when checking repo health (#33593) (#33598)
-* Fix PR's target branch dropdown (#33589) (#33591)
-* Fix various problems (artifact order, api empty slice, assignee check, fuzzy prompt, mirror proxy, adopt git) (#33569) (#33577)
-* Rework suggestion backend (#33538) (#33546)
-* Fix context usage (#33554) (#33557)
-
-[1.34.4]
-* Update gitea to 1.23.5
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.5)
-* Compile with Go 1.24.1
-* Bump x/oauth2 & x/crypto (#33704) (#33727)
-* Optimize user dashboard loading (#33686) (#33708)
-* Fix navbar dropdown item align (#33782)
-* Fix inconsistent closed issue list icon (#33722) (#33728)
-* Fix for Maven Package Naming Convention Handling (#33678) (#33679)
-* Improve Open-with URL encoding (#33666) (#33680)
-* Deleting repository should unlink all related packages (#33653) (#33673)
-* Fix omitempty bug (#33663) (#33670)
-* Upgrade go-crypto from 1.1.4 to 1.1.6 (#33745) (#33754)
-* Fix OCI image.version annotation for releases to use full semver (#33698) (#33701)
-* Try to fix ACME path when renew (#33668) (#33693)
-* Fix mCaptcha bug (#33659) (#33661)
-* Git graph: don't show detached commits (#33645) (#33650)
-
-[1.35.0]
-* Base image 5
-
-[1.35.1]
-* Fix hard coded mysql hostname
-
-[1.35.2]
-* Update gitea to 1.23.6
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.6)
-* Fix LFS URL (#33840) (#33843)
-* Update jwt and redis packages (#33984) (#33987)
-* Update golang crypto and net (#33989)
-* Drop timeout for requests made to the internal hook api (#33947) (#33970)
-* Fix maven panic when no package exists (#33888) (#33889)
-* Fix markdown render (#33870) (#33875)
-* Fix auto concurrency cancellation skips commit status updates (#33764) (#33849)
-* Fix oauth2 auth (#33961) (#33962)
-
-[1.35.3]
-* Update gitea to 1.23.7
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.7)
-* Compile with Go 1.23.8
-* Add a config option to block "expensive" pages for anonymous users ([#​34024](https://github.com/go-gitea/gitea/issues/34024)) ([#​34071](https://github.com/go-gitea/gitea/issues/34071))
-* Also check default ssh-cert location for host ([#​34099](https://github.com/go-gitea/gitea/issues/34099)) ([#​34100](https://github.com/go-gitea/gitea/issues/34100)) ([#​34116](https://github.com/go-gitea/gitea/issues/34116))
-* Fix discord webhook 400 status code when description limit is exceeded ([#​34084](https://github.com/go-gitea/gitea/issues/34084)) ([#​34124](https://github.com/go-gitea/gitea/issues/34124))
-* Get changed files based on merge base when checking `pull_request` actions trigger ([#​34106](https://github.com/go-gitea/gitea/issues/34106)) ([#​34120](https://github.com/go-gitea/gitea/issues/34120))
-* Fix invalid version in RPM package path ([#​34112](https://github.com/go-gitea/gitea/issues/34112)) ([#​34115](https://github.com/go-gitea/gitea/issues/34115))
-* Return default avatar url when user id is zero rather than updating database ([#​34094](https://github.com/go-gitea/gitea/issues/34094)) ([#​34095](https://github.com/go-gitea/gitea/issues/34095))
-* Add additional ReplaceAll in pathsep to cater for different pathsep ([#​34061](https://github.com/go-gitea/gitea/issues/34061)) ([#​34070](https://github.com/go-gitea/gitea/issues/34070))
-* Try to fix check-attr bug ([#​34029](https://github.com/go-gitea/gitea/issues/34029)) ([#​34033](https://github.com/go-gitea/gitea/issues/34033))
-* Git client will follow 301 but 307 ([#​34005](https://github.com/go-gitea/gitea/issues/34005)) ([#​34010](https://github.com/go-gitea/gitea/issues/34010))
-
-[1.35.4]
-* Update gitea to 1.23.8
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.8)
-* Fix a bug when uploading file via lfs ssh command ([#34408](https://github.com/go-gitea/gitea/issues/34408)) ([#34411](https://github.com/go-gitea/gitea/issues/34411))
-* Update net package ([#34228](https://github.com/go-gitea/gitea/issues/34228)) ([#34232](https://github.com/go-gitea/gitea/issues/34232))
-* Fix releases sidebar navigation link ([#34436](https://github.com/go-gitea/gitea/issues/34436)) [#34439](https://github.com/go-gitea/gitea/issues/34439)
-* Fix bug webhook milestone is not right. ([#34419](https://github.com/go-gitea/gitea/issues/34419)) [#34429](https://github.com/go-gitea/gitea/issues/34429)
-* Fix two missed null value checks on the wiki page. ([#34205](https://github.com/go-gitea/gitea/issues/34205)) ([#34215](https://github.com/go-gitea/gitea/issues/34215))
-* Swift files can be passed either as file or as form value ([#34068](https://github.com/go-gitea/gitea/issues/34068)) ([#34236](https://github.com/go-gitea/gitea/issues/34236))
-* Fix bug when API get pull changed files for deleted head repository ([#34333](https://github.com/go-gitea/gitea/issues/34333)) ([#34368](https://github.com/go-gitea/gitea/issues/34368))
-* Upgrade github v61 -> v71 to fix migrating bug ([#34389](https://github.com/go-gitea/gitea/issues/34389))
-* Fix bug when visiting comparation page ([#34334](https://github.com/go-gitea/gitea/issues/34334)) ([#34364](https://github.com/go-gitea/gitea/issues/34364))
-* Fix wrong review requests when updating the pull request ([#34286](https://github.com/go-gitea/gitea/issues/34286)) ([#34304](https://github.com/go-gitea/gitea/issues/34304))
-
-[1.35.5]
-* Update gitea to 1.23.8
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.8)
-* Fix a bug when uploading file via lfs ssh command ([#34408](https://github.com/go-gitea/gitea/issues/34408)) ([#34411](https://github.com/go-gitea/gitea/issues/34411))
-* Update net package ([#34228](https://github.com/go-gitea/gitea/issues/34228)) ([#34232](https://github.com/go-gitea/gitea/issues/34232))
-* Fix releases sidebar navigation link ([#34436](https://github.com/go-gitea/gitea/issues/34436)) [#34439](https://github.com/go-gitea/gitea/issues/34439)
-* Fix bug webhook milestone is not right. ([#34419](https://github.com/go-gitea/gitea/issues/34419)) [#34429](https://github.com/go-gitea/gitea/issues/34429)
-* Fix two missed null value checks on the wiki page. ([#34205](https://github.com/go-gitea/gitea/issues/34205)) ([#34215](https://github.com/go-gitea/gitea/issues/34215))
-* Swift files can be passed either as file or as form value ([#34068](https://github.com/go-gitea/gitea/issues/34068)) ([#34236](https://github.com/go-gitea/gitea/issues/34236))
-* Fix bug when API get pull changed files for deleted head repository ([#34333](https://github.com/go-gitea/gitea/issues/34333)) ([#34368](https://github.com/go-gitea/gitea/issues/34368))
-* Upgrade github v61 -> v71 to fix migrating bug ([#34389](https://github.com/go-gitea/gitea/issues/34389))
-* Fix bug when visiting comparation page ([#34334](https://github.com/go-gitea/gitea/issues/34334)) ([#34364](https://github.com/go-gitea/gitea/issues/34364))
-* Fix wrong review requests when updating the pull request ([#34286](https://github.com/go-gitea/gitea/issues/34286)) ([#34304](https://github.com/go-gitea/gitea/issues/34304))
-
-[1.36.0]
-* Update gitea to 1.24.0
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.24.0)
-* Make Gitea always use its internal config, ignore `/etc/gitconfig` ([#33076](https://github.com/go-gitea/gitea/issues/33076))
-* Improve log format ([#33814](https://github.com/go-gitea/gitea/issues/33814))
-* Fix markdown render behaviors ([#34122](https://github.com/go-gitea/gitea/issues/34122))
-* Add package version api endpoints ([#34173](https://github.com/go-gitea/gitea/issues/34173))
-* Enforce two-factor auth (2FA: TOTP or WebAuthn) ([#34187](https://github.com/go-gitea/gitea/issues/34187))
-* Add fullscreen mode as a more efficient operation way to view projects ([#34081](https://github.com/go-gitea/gitea/issues/34081))
-* Add anonymous access support for private/unlisted repositories ([#34051](https://github.com/go-gitea/gitea/issues/34051))
-* Support public code/issue access for private repositories ([#33127](https://github.com/go-gitea/gitea/issues/33127))
-* Add middleware for request prioritization ([#33951](https://github.com/go-gitea/gitea/issues/33951))
-* Add cli flags LDAP group configuration ([#33933](https://github.com/go-gitea/gitea/issues/33933))
-
-[1.36.1]
-* Update gitea to 1.24.1
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.24.1)
-* Improve alignment of commit status icon on commit page ([#​34750](https://github.com/go-gitea/gitea/issues/34750)) ([#​34757](https://github.com/go-gitea/gitea/issues/34757))
-* Support title and body query parameters for new MRs ([#​34537](https://github.com/go-gitea/gitea/issues/34537)) ([#​34752](https://github.com/go-gitea/gitea/issues/34752))
-* When using rules to delete packages, remove unclean bugs ([#​34632](https://github.com/go-gitea/gitea/issues/34632)) ([#​34761](https://github.com/go-gitea/gitea/issues/34761))
-* Fix ghost user in feeds when pushing in an actions, it should be gitea-actions ([#​34703](https://github.com/go-gitea/gitea/issues/34703)) ([#​34756](https://github.com/go-gitea/gitea/issues/34756))
-* Prevent double markdown link brackets when pasting URL ([#​34745](https://github.com/go-gitea/gitea/issues/34745)) ([#​34748](https://github.com/go-gitea/gitea/issues/34748))
-* Prevent duplicate form submissions when creating forks ([#​34714](https://github.com/go-gitea/gitea/issues/34714)) ([#​34735](https://github.com/go-gitea/gitea/issues/34735))
-* Fix markdown wrap ([#​34697](https://github.com/go-gitea/gitea/issues/34697)) ([#​34702](https://github.com/go-gitea/gitea/issues/34702))
-* Fix pull requests API convert panic when head repository is deleted. ([#​34685](https://github.com/go-gitea/gitea/issues/34685)) ([#​34687](https://github.com/go-gitea/gitea/issues/34687))
-* Fix commit message rendering and some UI problems ([#​34680](https://github.com/go-gitea/gitea/issues/34680)) ([#​34683](https://github.com/go-gitea/gitea/issues/34683))
-* Fix container range bug ([#​34725](https://github.com/go-gitea/gitea/issues/34725)) ([#​34732](https://github.com/go-gitea/gitea/issues/34732))
-
-[1.36.2]
-* Update gitea to 1.24.2
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.24.2)
-* Fix container range bug ([#​34795](https://github.com/go-gitea/gitea/issues/34795)) ([#​34796](https://github.com/go-gitea/gitea/issues/34796))
-* Upgrade chi to v5.2.2 ([#​34798](https://github.com/go-gitea/gitea/issues/34798)) ([#​34799](https://github.com/go-gitea/gitea/issues/34799))
-
-[1.36.3]
-* With Cloudron OIDC, disable registration by default on new installation
-* Without Cloudron OIDC, enable registration by default and add checklist item
-
-[1.36.4]
-* Update gitea to 1.24.3
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.24.3)
-* Fix form property assignment edge case ([#​35073](https://github.com/go-gitea/gitea/issues/35073)) ([#​35078](https://github.com/go-gitea/gitea/issues/35078))
-* Improve submodule relative path handling ([#​35056](https://github.com/go-gitea/gitea/issues/35056)) ([#​35075](https://github.com/go-gitea/gitea/issues/35075))
-* Fix incorrect comment diff hunk parsing, fix github asset ID nil panic ([#​35046](https://github.com/go-gitea/gitea/issues/35046)) ([#​35055](https://github.com/go-gitea/gitea/issues/35055))
-* Fix updating user visibility ([#​35036](https://github.com/go-gitea/gitea/issues/35036)) ([#​35044](https://github.com/go-gitea/gitea/issues/35044))
-* Support base64-encoded agit push options ([#​35037](https://github.com/go-gitea/gitea/issues/35037)) ([#​35041](https://github.com/go-gitea/gitea/issues/35041))
-* Make submodule link work with relative path ([#​35034](https://github.com/go-gitea/gitea/issues/35034)) ([#​35038](https://github.com/go-gitea/gitea/issues/35038))
-* Fix bug when displaying git user avatar in commits list ([#​35006](https://github.com/go-gitea/gitea/issues/35006))
-* Fix API response for swagger spec ([#​35029](https://github.com/go-gitea/gitea/issues/35029))
-* Start automerge check again after the conflict check and the schedule ([#​34988](https://github.com/go-gitea/gitea/issues/34988)) ([#​35002](https://github.com/go-gitea/gitea/issues/35002))
-* Fix the response format for actions/workflows ([#​35009](https://github.com/go-gitea/gitea/issues/35009)) ([#​35016](https://github.com/go-gitea/gitea/issues/35016))
-
-[1.36.5]
-* Update gitea to 1.24.4
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.24.4)
-* Fix various bugs (1.24) ([#​35186](https://github.com/go-gitea/gitea/issues/35186))
-* Fix migrate input box bug ([#​35166](https://github.com/go-gitea/gitea/issues/35166)) ([#​35171](https://github.com/go-gitea/gitea/issues/35171))
-* Only hide dropzone when no files have been uploaded ([#​35156](https://github.com/go-gitea/gitea/issues/35156)) ([#​35167](https://github.com/go-gitea/gitea/issues/35167))
-* Fix review comment/dimiss comment x reference can be refereced back ([#​35094](https://github.com/go-gitea/gitea/issues/35094)) ([#​35099](https://github.com/go-gitea/gitea/issues/35099))
-* Fix submodule nil check ([#​35096](https://github.com/go-gitea/gitea/issues/35096)) ([#​35098](https://github.com/go-gitea/gitea/issues/35098))
-* Don't use full-file highlight when there is a git diff textconv ([#​35114](https://github.com/go-gitea/gitea/issues/35114)) ([#​35119](https://github.com/go-gitea/gitea/issues/35119))
-* Increase gap on latest commit ([#​35104](https://github.com/go-gitea/gitea/issues/35104)) ([#​35113](https://github.com/go-gitea/gitea/issues/35113))
-
-[1.36.6]
-* Update gitea to 1.24.5
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.24.5)
-* Fix a bug where lfs gc never worked. (#35198) (#35255)
-* Reload issue when sending webhook to make num comments is right. (#35243) (#35248)
-* Fix bug when review pull request commits (#35192) (#35246)
-
-[1.36.7]
-* Update gitea to 1.24.6
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.24.6)
-* Upgrade xz to v0.5.15 ([#35385](https://github.com/go-gitea/gitea/issues/35385))
-* Fix a compare page 404 bug when the pull request disabled ([#35441](https://github.com/go-gitea/gitea/issues/35441)) ([#35453](https://github.com/go-gitea/gitea/issues/35453))
-* Fix bug when issue disabled, pull request number in the commit message cannot be redirected ([#35420](https://github.com/go-gitea/gitea/issues/35420)) ([#35442](https://github.com/go-gitea/gitea/issues/35442))
-* Add author.name field to Swift Package Registry API response ([#35410](https://github.com/go-gitea/gitea/issues/35410)) ([#35431](https://github.com/go-gitea/gitea/issues/35431))
-* Remove usernames when empty in discord webhook ([#35412](https://github.com/go-gitea/gitea/issues/35412)) ([#35417](https://github.com/go-gitea/gitea/issues/35417))
-* Allow foreachref parser to grow its buffer ([#35365](https://github.com/go-gitea/gitea/issues/35365)) ([#35376](https://github.com/go-gitea/gitea/issues/35376))
-* Allow deleting comment with content via API like web did ([#35346](https://github.com/go-gitea/gitea/issues/35346)) ([#35354](https://github.com/go-gitea/gitea/issues/35354))
-* Fix atom/rss mixed error ([#35345](https://github.com/go-gitea/gitea/issues/35345)) ([#35347](https://github.com/go-gitea/gitea/issues/35347))
-* Fix review request webhook bug ([#35339](https://github.com/go-gitea/gitea/issues/35339))
-* Remove duplicate html IDs ([#35210](https://github.com/go-gitea/gitea/issues/35210)) ([#35325](https://github.com/go-gitea/gitea/issues/35325))
-
-[1.36.8]
-* Update gitea to 1.24.7
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.24.7)
-* Refactor legacy code ([#​35708](https://github.com/go-gitea/gitea/issues/35708)) ([#​35713](https://github.com/go-gitea/gitea/issues/35713))
-* Fixing issue [#​35530](https://github.com/go-gitea/gitea/issues/35530): Password Leak in Log Messages ([#​35584](https://github.com/go-gitea/gitea/issues/35584)) ([#​35665](https://github.com/go-gitea/gitea/issues/35665))
-* Fix a bug missed return ([#​35655](https://github.com/go-gitea/gitea/issues/35655)) ([#​35671](https://github.com/go-gitea/gitea/issues/35671))
-* Fix inputing review comment will remove reviewer ([#​35591](https://github.com/go-gitea/gitea/issues/35591)) ([#​35664](https://github.com/go-gitea/gitea/issues/35664))
-* Mock external service in hcaptcha TestCaptcha ([#​35604](https://github.com/go-gitea/gitea/issues/35604)) ([#​35663](https://github.com/go-gitea/gitea/issues/35663))
-* Fix build ([#​35669](https://github.com/go-gitea/gitea/issues/35669))
-
-[1.37.0]
-* Update gitea to 1.25.0
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.25.0)
-* Return 201 Created for CreateVariable API responses ([#​34517](https://github.com/go-gitea/gitea/issues/34517))
-* Add label 'state' to metric 'gitea\_users' ([#​34326](https://github.com/go-gitea/gitea/issues/34326))
-* Upgrade security public key ([#​34956](https://github.com/go-gitea/gitea/issues/34956))
-* Also include all security fixes in 1.24.x after 1.25.0-rc0
-* Stream repo zip/tar.gz/bundle achives by default ([#​35487](https://github.com/go-gitea/gitea/issues/35487))
-* Fix possible panic ([#​34508](https://github.com/go-gitea/gitea/issues/34508))
-* Fix autofocus behavior ([#​34397](https://github.com/go-gitea/gitea/issues/34397))
-* Fix Actions API ([#​35204](https://github.com/go-gitea/gitea/issues/35204))
-* Fix ListWorkflowRuns OpenAPI response model. ([#​35026](https://github.com/go-gitea/gitea/issues/35026))
-* Small fix in Merge Requests page ([#​34612](https://github.com/go-gitea/gitea/issues/34612))
-* Fix http auth header parsing ([#​34936](https://github.com/go-gitea/gitea/issues/34936))
-* Fix modal + form abuse ([#​34921](https://github.com/go-gitea/gitea/issues/34921))
-* Fix MR toggle WIP ([#​34920](https://github.com/go-gitea/gitea/issues/34920))
-* Fix log fmt ([#​34810](https://github.com/go-gitea/gitea/issues/34810))
-* Replace stopwatch toggle with explicit start/stop actions ([#​34818](https://github.com/go-gitea/gitea/issues/34818))
-* Fix some package registry problems ([#​34759](https://github.com/go-gitea/gitea/issues/34759))
-* Fix RPM package download routing & missing package version count ([#​34909](https://github.com/go-gitea/gitea/issues/34909))
-* Fix repo search input height ([#​34330](https://github.com/go-gitea/gitea/issues/34330))
-* Fix "The sidebar of the repository file list does not have a fixed height [#​34298](https://github.com/go-gitea/gitea/issues/34298)" ([#​34321](https://github.com/go-gitea/gitea/issues/34321))
-* Fix minor typos in two files #HSFDPMUW ([#​34944](https://github.com/go-gitea/gitea/issues/34944))
-* Fix actions skipped commit status indicator ([#​34507](https://github.com/go-gitea/gitea/issues/34507))
-* Fix job status aggregation logic ([#​35000](https://github.com/go-gitea/gitea/issues/35000))
-* Fix broken OneDev migration caused by various REST API changes in OneDev 7.8.0 and later ([#​35216](https://github.com/go-gitea/gitea/issues/35216))
-* Fix typo in locale\_en-US.ini ([#​35196](https://github.com/go-gitea/gitea/issues/35196))
-
-[1.37.1]
-* Update gitea to 1.25.1
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.25.1)
-* Make ACME email optional ([#35849](https://github.com/go-gitea/gitea/issues/35849)) [#35857](https://github.com/go-gitea/gitea/issues/35857))
-* Add a doctor command to fix inconsistent run status ([#35840](https://github.com/go-gitea/gitea/issues/35840)) ([#35845](https://github.com/go-gitea/gitea/issues/35845))
-* Remove wrong code ([#35846](https://github.com/go-gitea/gitea/issues/35846))
-* Fix viewed files number is not right if not all files loaded ([#35821](https://github.com/go-gitea/gitea/issues/35821)) ([#35844](https://github.com/go-gitea/gitea/issues/35844))
-* Fix incorrect pull request counter ([#35819](https://github.com/go-gitea/gitea/issues/35819)) ([#35841](https://github.com/go-gitea/gitea/issues/35841))
-* Upgrade go mail to 0.7.2 and fix the bug ([#35833](https://github.com/go-gitea/gitea/issues/35833)) ([#35837](https://github.com/go-gitea/gitea/issues/35837))
-* Revert gomail to v0.7.0 to fix sending mail failed ([#35816](https://github.com/go-gitea/gitea/issues/35816)) ([#35824](https://github.com/go-gitea/gitea/issues/35824))
-* Fix clone mixed bug ([#35810](https://github.com/go-gitea/gitea/issues/35810)) ([#35822](https://github.com/go-gitea/gitea/issues/35822))
-* Fix cli "Before" handling ([#35797](https://github.com/go-gitea/gitea/issues/35797)) ([#35808](https://github.com/go-gitea/gitea/issues/35808))
-* Improve and fix markup code preview rendering ([#35777](https://github.com/go-gitea/gitea/issues/35777)) ([#35787](https://github.com/go-gitea/gitea/issues/35787))
-
-[1.37.2]
-* Update gitea to 1.25.2
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.25.2)
-* Upgrade golang.org/x/crypto to 0.45.0 ([#35985](https://github.com/go-gitea/gitea/issues/35985)) ([#35988](https://github.com/go-gitea/gitea/issues/35988))
-* Fix various permission & login related bugs ([#36002](https://github.com/go-gitea/gitea/issues/36002)) ([#36004](https://github.com/go-gitea/gitea/issues/36004))
-* Display source code downloads last for release attachments ([#35897](https://github.com/go-gitea/gitea/issues/35897)) ([#35903](https://github.com/go-gitea/gitea/issues/35903))
-* Change project default column icon to 'star' ([#35967](https://github.com/go-gitea/gitea/issues/35967)) ([#35979](https://github.com/go-gitea/gitea/issues/35979))
-* Allow empty commit when merging pull request with squash style ([#35989](https://github.com/go-gitea/gitea/issues/35989)) ([#36003](https://github.com/go-gitea/gitea/issues/36003))
-* Fix container push tag overwriting ([#35936](https://github.com/go-gitea/gitea/issues/35936)) ([#35954](https://github.com/go-gitea/gitea/issues/35954))
-* Fix corrupted external render content ([#35946](https://github.com/go-gitea/gitea/issues/35946)) and upgrade golang.org/x packages ([#35950](https://github.com/go-gitea/gitea/issues/35950))
-* Limit reading bytes instead of ReadAll ([#35928](https://github.com/go-gitea/gitea/issues/35928)) ([#35934](https://github.com/go-gitea/gitea/issues/35934))
-* Use correct form field for allowed force push users in branch protection API ([#35894](https://github.com/go-gitea/gitea/issues/35894)) ([#35908](https://github.com/go-gitea/gitea/issues/35908))
-* Fix team member access check ([#35899](https://github.com/go-gitea/gitea/issues/35899)) ([#35905](https://github.com/go-gitea/gitea/issues/35905))
-
-[1.37.3]
-* Update gitea to 1.25.3
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.25.3)
-* SECURITY Bump toolchain to go1.25.5, misc fixes ([#​36082](https://github.com/go-gitea/gitea/issues/36082))
-* ENHANCEMENTS Add strikethrough button to markdown editor ([#​36087](https://github.com/go-gitea/gitea/issues/36087)) ([#​36104](https://github.com/go-gitea/gitea/issues/36104))
-* ENHANCEMENTS Add "site admin" back to profile menu ([#​36010](https://github.com/go-gitea/gitea/issues/36010)) ([#​36013](https://github.com/go-gitea/gitea/issues/36013))
-* ENHANCEMENTS Improve math rendering ([#​36124](https://github.com/go-gitea/gitea/issues/36124)) ([#​36125](https://github.com/go-gitea/gitea/issues/36125))
-* BUGFIXES Check user visibility when redirecting to a renamed user ([#​36148](https://github.com/go-gitea/gitea/issues/36148)) ([#​36159](https://github.com/go-gitea/gitea/issues/36159))
-* BUGFIXES Fix various bugs ([#​36139](https://github.com/go-gitea/gitea/issues/36139)) ([#​36151](https://github.com/go-gitea/gitea/issues/36151))
-* BUGFIXES Fix bug when viewing the commit diff page with non-ANSI files ([#​36149](https://github.com/go-gitea/gitea/issues/36149)) ([#​36150](https://github.com/go-gitea/gitea/issues/36150))
-* BUGFIXES Hide RSS icon when viewing a file not under a branch ([#​36135](https://github.com/go-gitea/gitea/issues/36135)) ([#​36141](https://github.com/go-gitea/gitea/issues/36141))
-* BUGFIXES Fix SVG size calulation, only use `style` attribute ([#​36133](https://github.com/go-gitea/gitea/issues/36133)) ([#​36134](https://github.com/go-gitea/gitea/issues/36134))
-* BUGFIXES Make Golang correctly delete temp files during uploading ([#​36128](https://github.com/go-gitea/gitea/issues/36128)) ([#​36129](https://github.com/go-gitea/gitea/issues/36129))
-
-[1.37.4]
-* Update gitea to 1.25.4
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.25.4)
-* Release attachments must belong to the intended repo ([#36347](https://github.com/go-gitea/gitea/issues/36347)) ([#36375](https://github.com/go-gitea/gitea/issues/36375))
-* Fix permission check on org project operations ([#36318](https://github.com/go-gitea/gitea/issues/36318)) ([#36373](https://github.com/go-gitea/gitea/issues/36373))
-* Clean watches when make a repository private and check permission when send release emails ([#36319](https://github.com/go-gitea/gitea/issues/36319)) ([#36370](https://github.com/go-gitea/gitea/issues/36370))
-* Add more check for stopwatch read or list ([#36340](https://github.com/go-gitea/gitea/issues/36340)) ([#36368](https://github.com/go-gitea/gitea/issues/36368))
-* Fix openid setting check ([#36346](https://github.com/go-gitea/gitea/issues/36346)) ([#36361](https://github.com/go-gitea/gitea/issues/36361))
-* Fix cancel auto merge bug ([#36341](https://github.com/go-gitea/gitea/issues/36341)) ([#36356](https://github.com/go-gitea/gitea/issues/36356))
-* Fix delete attachment check ([#36320](https://github.com/go-gitea/gitea/issues/36320)) ([#36355](https://github.com/go-gitea/gitea/issues/36355))
-* LFS locks must belong to the intended repo ([#36344](https://github.com/go-gitea/gitea/issues/36344)) ([#36349](https://github.com/go-gitea/gitea/issues/36349))
-* Fix bug on notification read ([#36339](https://github.com/go-gitea/gitea/issues/36339)) [#36387](https://github.com/go-gitea/gitea/issues/36387)
-* Add more routes to the "expensive" list ([#36290](https://github.com/go-gitea/gitea/issues/36290))
-
-[1.37.5]
-* Update gitea to 1.25.5
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.25.5)
-* Make `security-check` informational only
-* Upgrade to github.com/cloudflare/circl 1.6.3, svgo 4.0.1, markdownlint-cli 0.48.0
-* Add some validation on values provided to USER_DISABLED_FEATURES and EXTERNAL_USER_DISABLED_FEATURES
-* Upgrade gogit to 5.16.5
-* Add wrap to runner label list
-* Add dnf5 command for Fedora in RPM package instructions
-* Allow scroll propagation outside code editor
-* Fix non-admins unable to automerge MRs from forks
-* Fix bug when pushing mirror with wiki
-* Fix artifacts v4 backend upload problems
-
-[1.38.0]
-* Update gitea to 1.26.0
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.26.0)
-* Correct swagger annotations for enums, status codes, and notification state ([#37030](https://github.com/go-gitea/gitea/issues/37030))
-* Remove GET API registration-token ([#36801](https://github.com/go-gitea/gitea/issues/36801))
-* Support Actions `concurrency` syntax ([#32751](https://github.com/go-gitea/gitea/issues/32751))
-* Make PUBLIC_URL_DETECTION default to "auto" ([#36955](https://github.com/go-gitea/gitea/issues/36955))
-* Add terraform state registry ([#36710](https://github.com/go-gitea/gitea/issues/36710))
-* Instance-wide (global) info banner and maintenance mode ([#36571](https://github.com/go-gitea/gitea/issues/36571))
-* Support rendering OpenAPI spec ([#36449](https://github.com/go-gitea/gitea/issues/36449))
-* Add keyboard shortcuts for repository file and code search ([#36416](https://github.com/go-gitea/gitea/issues/36416))
-* Automatic generation of release notes ([#35977](https://github.com/go-gitea/gitea/issues/35977))
-* Add button to re-run failed jobs in Actions ([#36924](https://github.com/go-gitea/gitea/issues/36924))
-
-[1.38.1]
-* Update gitea to 1.26.1
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.26.1)
-* Add event.schedule context for schedule actions task ([#37320](https://github.com/go-gitea/gitea/issues/37320)) ([#37348](https://github.com/go-gitea/gitea/issues/37348))
-* Fix an issue where changing an organization's visibility caused problems when users had forked its repositories. ([#37324](https://github.com/go-gitea/gitea/issues/37324)) ([#37344](https://github.com/go-gitea/gitea/issues/37344))
-* Use modern "git update-index --cacheinfo" syntax to support more file names ([#37338](https://github.com/go-gitea/gitea/issues/37338)) ([#37343](https://github.com/go-gitea/gitea/issues/37343))
-* Fix URL related escaping for oauth2 ([#37334](https://github.com/go-gitea/gitea/issues/37334)) ([#37340](https://github.com/go-gitea/gitea/issues/37340))
-* When the requested arch rpm is missing fall back to noarch ([#37236](https://github.com/go-gitea/gitea/issues/37236)) ([#37339](https://github.com/go-gitea/gitea/issues/37339))
-* Fix actions concurrency groups cross-branch leak ([#37311](https://github.com/go-gitea/gitea/issues/37311)) ([#37331](https://github.com/go-gitea/gitea/issues/37331))
-* Fix bug when accessing user badges ([#37321](https://github.com/go-gitea/gitea/issues/37321)) ([#37329](https://github.com/go-gitea/gitea/issues/37329))
-* Fix container auth for public instance ([#37290](https://github.com/go-gitea/gitea/issues/37290)) ([#37294](https://github.com/go-gitea/gitea/issues/37294))
-* Fix Mermaid diagrams failing when node labels contain line breaks ([#37296](https://github.com/go-gitea/gitea/issues/37296)) ([#37299](https://github.com/go-gitea/gitea/issues/37299))
-* Fix: dump with default zip type produces uncompressed zip ([#37401](https://github.com/go-gitea/gitea/issues/37401)) [#37402](https://github.com/go-gitea/gitea/issues/37402)
-

CloudronManifest.json

@@ -4,8 +4,8 @@
   "author": "Gitea developers",
   "description": "file://DESCRIPTION.md",
   "tagline": "A painless self-hosted Git Service",
-  "version": "1.38.1",
+  "version": "1.33.4",
-  "upstreamVersion": "1.26.1",
+  "upstreamVersion": "1.22.4",
   "healthCheckPath": "/explore",
   "httpPort": 3000,
   "memoryLimit": 536870912,
@@ -23,8 +23,7 @@
     "SSH_PORT": {
       "title": "SSH Port",
       "description": "SSH Port over which repos can be pushed & pulled",
-      "defaultValue": 29418,
+      "defaultValue": 29418
-      "enabledByDefault": true
     }
   },
   "manifestVersion": 2,
@@ -53,13 +52,9 @@
   "checklist": {
     "change-default-password": {
       "message": "Change the default admin password"
-    },
-    "disable-registration": {
-      "message": "Disable registration, if required, to prevent misuse",
-      "sso": false
     }
   },
-  "minBoxVersion": "9.0.0",
+  "minBoxVersion": "8.1.0",
   "forumUrl": "https://forum.cloudron.io/category/19/gitea",
-  "documentationUrl": "https://docs.cloudron.io/packages/gitea/"
+  "documentationUrl": "https://docs.cloudron.io/apps/gitea/"
 }

Dockerfile

@@ -1,27 +1,28 @@
-FROM cloudron/base:5.0.0@sha256:04fd70dbd8ad6149c19de39e35718e024417c3e01dc9c6637eaf4a41ec4e596c
+FROM cloudron/base:4.2.0@sha256:46da2fffb36353ef714f97ae8e962bd2c212ca091108d768ba473078319a47f4
 
 RUN apt-get update && \
-    apt-get install -y openssh-server git asciidoctor pandoc pipx && \
+    apt-get install -y openssh-server git asciidoctor pandoc && \
     rm -rf /etc/ssh_host_* && \
     rm -r /var/cache/apt /var/lib/apt/lists
-
+RUN pip3 install jupyter
-# pipx --global does not work, not sure why
-RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install jupyter docutils --include-deps
 
 ADD supervisor/ /etc/supervisor/conf.d/
 
-RUN useradd --comment "Gogs" --create-home --shell /bin/bash git
+RUN adduser --disabled-login --gecos 'Gitea' git
-RUN passwd -d git # by default, git account is created as inactive which prevents login via openssh. this disables password for account
+# by default, git account is created as inactive which prevents login via openssh
+# https://github.com/gitlabhq/gitlabhq/issues/5304
+RUN passwd -d git
+
+RUN mkdir -p /home/git/gitea
 WORKDIR /home/git
 
 # for autosign feature
 ENV GNUPGHOME="/app/data/gnupg"
 
 # renovate: datasource=github-releases depName=go-gitea/gitea versioning=semver extractVersion=^v(?<version>.+)$
-ARG GITEA_VERSION=1.26.1
+ARG GITEA_VERSION=1.22.4
 
-RUN mkdir -p /home/git/gitea && \
+RUN curl -L https://dl.gitea.io/gitea/${GITEA_VERSION}/gitea-${GITEA_VERSION}-linux-amd64 -o /home/git/gitea/gitea \
-    curl -L https://github.com/go-gitea/gitea/releases/download/v${GITEA_VERSION}/gitea-${GITEA_VERSION}-linux-amd64 -o /home/git/gitea/gitea \
     && chmod +x /home/git/gitea/gitea
 
 # setup config paths
@@ -31,10 +32,10 @@ ADD app.ini.template /home/git/app.ini.template
 RUN mkdir -p /run/gitea && chown -R git:git /run/gitea
 RUN sed -e 's,^logfile=.*$,logfile=/run/gitea/supervisord.log,' -i /etc/supervisor/supervisord.conf
 
-RUN ln -s /app/data/ssh /home/git/.ssh && \
+RUN ln -s /app/data/ssh /home/git/.ssh
-    ln -s /app/data/gitconfig /home/git/.gitconfig
+RUN ln -s /app/data/gitconfig /home/git/.gitconfig
 
-COPY start.sh /home/git/
+ADD start.sh /home/git/start.sh
 
 COPY sshd_config /etc/ssh/sshd_config
 

POSTINSTALL.md

@@ -6,4 +6,3 @@ This app is pre-setup with an admin account. The initial credentials are:
 <sso>
 Use the `Local` authentication source for logging in as admin.
 </sso>
-

app.ini.template

@@ -75,7 +75,7 @@ REVERSE_PROXY_LIMIT = 1
 REVERSE_PROXY_TRUSTED_PROXIES = *
 
 [service]
-DISABLE_REGISTRATION = true
+DISABLE_REGISTRATION = false
 SHOW_REGISTRATION_BUTTON = false
 ENABLE_NOTIFY_MAIL = true
 
@@ -91,6 +91,8 @@ ROOT_PATH = /run/gitea
 ; APP_DATA_PATH/avatars
 AVATAR_UPLOAD_PATH =
 GRAVATAR_SOURCE = gravatar
+DISABLE_GRAVATAR = false
+
 
 [attachment]
 ENABLE = true

sshd_config

@@ -1,37 +1,80 @@
-Port 29418
+# Package generated configuration file
+# See the sshd_config(5) manpage for details
 
-AddressFamily any
+# What ports, IPs and protocols we listen for
+Port 29418
+# Use these options to restrict which interfaces/protocols sshd will bind to
 ListenAddress 0.0.0.0
 ListenAddress ::
-
+Protocol 2
+# HostKeys for protocol version 2
 HostKey /app/data/sshd/ssh_host_rsa_key
+HostKey /app/data/sshd/ssh_host_dsa_key
 HostKey /app/data/sshd/ssh_host_ecdsa_key
 HostKey /app/data/sshd/ssh_host_ed25519_key
 
+# Logging
+SyslogFacility AUTH
 LogLevel INFO
 
-# no reverse DNS lookup
+# Authentication:
-UseDNS no
-UsePAM no
-AllowAgentForwarding no
-AllowTcpForwarding no
-PrintMotd no
-PrintLastLog no
-
 LoginGraceTime 120
+PermitRootLogin prohibit-password
 StrictModes yes
+
 PubkeyAuthentication yes
-PermitUserEnvironment yes
+#AuthorizedKeysFile	%h/.ssh/authorized_keys
-PermitRootLogin no
+
-ChallengeResponseAuthentication no
+# Don't read the user's ~/.rhosts and ~/.shosts files
-PasswordAuthentication no
+IgnoreRhosts yes
-PermitEmptyPasswords no
+# similar for protocol version 2
 HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
 
-AllowUsers git
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
 
-Banner none
+# Change to yes to enable challenge-response passwords (beware issues with
-Subsystem sftp /usr/lib/ssh/sftp-server
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
 
-AcceptEnv GIT_PROTOCOL LANG LC_*
+# Change to no to disable tunnelled clear text passwords
+#PasswordAuthentication yes
 
+# Kerberos options
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+X11Forwarding yes
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog yes
+TCPKeepAlive yes
+#UseLogin no
+
+#MaxStartups 10:30:60
+#Banner /etc/issue.net
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM no
+UseDNS no

start.sh

@@ -4,15 +4,25 @@ set -eu -o pipefail
 
 mkdir -p /run/gitea/tmp/uploads /run/sshd /run/gitea/sessions
 
-# CLOUDRON_OIDC_PROVIDER_NAME not supported as it will be used in rest route!
 setup_oidc_source() {
     set -eu
 
     echo "==> Setup OIDC source"
 
     now=$(date +%s)
-    mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h"${CLOUDRON_MYSQL_HOST}" -P"${CLOUDRON_MYSQL_PORT}" --database="${CLOUDRON_MYSQL_DATABASE}" -e \
+    mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -e \
-        "REPLACE INTO login_source (id, type, name, is_active, cfg, created_unix, updated_unix) VALUES (1,6,'cloudron', 1,'{\"Provider\":\"openidConnect\",\"ClientID\":\"${CLOUDRON_OIDC_CLIENT_ID}\",\"ClientSecret\":\"${CLOUDRON_OIDC_CLIENT_SECRET}\",\"OpenIDConnectAutoDiscoveryURL\":\"${CLOUDRON_OIDC_ISSUER}/.well-known/openid-configuration\",\"CustomURLMapping\":null,\"IconURL\":\"\",\"Scopes\":[\"openid email profile\"],\"RequiredClaimName\":\"\",\"RequiredClaimValue\":\"\",\"GroupClaimName\":\"\",\"AdminGroup\":\"\",\"GroupTeamMap\":\"\",\"GroupTeamMapRemoval\":false,\"RestrictedGroup\":\"\"}','${now}','${now}')"
+        "REPLACE INTO login_source (id, type, name, is_active, cfg, created_unix, updated_unix) VALUES (1,6,'${CLOUDRON_OIDC_PROVIDER_NAME:-Cloudron}', 1,'{\"Provider\":\"openidConnect\",\"ClientID\":\"${CLOUDRON_OIDC_CLIENT_ID}\",\"ClientSecret\":\"${CLOUDRON_OIDC_CLIENT_SECRET}\",\"OpenIDConnectAutoDiscoveryURL\":\"${CLOUDRON_OIDC_ISSUER}/.well-known/openid-configuration\",\"CustomURLMapping\":null,\"IconURL\":\"\",\"Scopes\":[\"openid email profile\"],\"RequiredClaimName\":\"\",\"RequiredClaimValue\":\"\",\"GroupClaimName\":\"\",\"AdminGroup\":\"\",\"GroupTeamMap\":\"\",\"GroupTeamMapRemoval\":false,\"RestrictedGroup\":\"\"}','${now}','${now}')"
+}
+
+setup_root_user() {
+    set -eu
+
+    if sudo -H -u git /home/git/gitea/gitea admin user create --username root --password changeme --email admin@cloudron.local --admin -c /run/gitea/app.ini; then
+        echo "==> root user added"
+    else
+        echo "==> Failed to add root user"
+        exit 1
+    fi
 }
 
 setup_auth() {
@@ -30,16 +40,11 @@ setup_auth() {
         setup_oidc_source
     fi
 
-    user_count=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h"${CLOUDRON_MYSQL_HOST}" -P"${CLOUDRON_MYSQL_PORT}" --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user")
+    user_count=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user")
     # be careful, not to create root user for existing LDAP based installs
     if [[ "${user_count}" == "0" ]]; then
         echo "==> Setting up root user for first run"
-        if sudo -H -u git /home/git/gitea/gitea admin user create --username root --password changeme --email admin@cloudron.local --admin -c /run/gitea/app.ini; then
+        setup_root_user
-            echo "==> root user added"
-        else
-            echo "==> Failed to add root user"
-            exit 1
-        fi
     fi
 }
 
@@ -72,11 +77,6 @@ if [[ ! -f /app/data/app.ini ]]; then
 
     echo "==> Generating new SECRET_KEY"
     crudini --set "/app/data/app.ini" security SECRET_KEY $(pwgen -1 -s)
-
-    if [[ -z "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
-        crudini --set "/app/data/app.ini" service DISABLE_REGISTRATION false
-        crudini --set "/app/data/app.ini" service SHOW_REGISTRATION_BUTTON true
-    fi
 fi
 
 # merge user config file
@@ -118,12 +118,7 @@ echo "==> Creating dirs and changing permissions"
 mkdir -p /app/data/repository /app/data/ssh /app/data/custom /app/data/gnupg
 chown -R git:git /app/data /run/gitea
 
-# OIDC creds are read from the db at gitea startup, so if migrations have already
+# this expects app.ini to be available
-# run (i.e. the user table exists), refresh the OIDC source synchronously now.
+( setup_auth ) &
-if mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h"${CLOUDRON_MYSQL_HOST}" -P"${CLOUDRON_MYSQL_PORT}" --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user" >/dev/null 2>&1; then
-    [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]] && setup_oidc_source
-else
-    ( setup_auth ) &
-fi
 
 exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Gitea

test/package.json

@@ -0,0 +1,18 @@
+{
+  "name": "test",
+  "version": "1.0.0",
+  "description": "",
+  "main": "test.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "chromedriver": "^131.0.1",
+    "expect.js": "^0.3.1",
+    "mocha": "^10.8.2",
+    "selenium-webdriver": "^4.27.0",
+    "superagent": "^10.1.1"
+  }
+}

test/test.js

@@ -1,156 +1,309 @@
 #!/usr/bin/env node
 
-import assert from 'node:assert/strict';
+/* jshint esversion: 8 */
-import { execSync } from 'node:child_process';
+/* global it, xit, describe, before, after, afterEach */
-import fs from 'node:fs';
-import path from 'node:path';
-import { app, clearCache, click, cloudronCli, goto, loginOIDC, sendKeys, setupBrowser, takeScreenshot, teardownBrowser, username, waitFor, waitForUrl, press } from '@cloudron/charlie';
 
-/* global it, describe, before, after, afterEach */
+'use strict';
 
-const SSH_PORT = 29420;
+require('chromedriver');
-const INSTALL_TCP_FLAGS = { SSH_PORT };
+
-const repodir = '/tmp/testrepo';
+const execSync = require('child_process').execSync,
-const reponame = 'testrepo';
+    expect = require('expect.js'),
+    fs = require('fs'),
+    path = require('path'),
+    superagent = require('superagent'),
+    { Builder, By, until } = require('selenium-webdriver'),
+    { Options } = require('selenium-webdriver/chrome');
+
+if (!process.env.USERNAME || !process.env.PASSWORD || !process.env.EMAIL) {
+    console.log('USERNAME, PASSWORD and EMAIL env vars need to be set');
+    process.exit(1);
+}
 
 describe('Application life cycle test', function () {
-    before(setupBrowser);
+    this.timeout(0);
-    after(async function () {
+
-        await teardownBrowser();
+    const TIMEOUT = parseInt(process.env.TIMEOUT, 10) || 5000;
+    const EXEC_ARGS = { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' };
+    const LOCATION = process.env.LOCATION || 'test';
+    const SSH_PORT = 29420;
+
+    let app, browser;
+
+    const repodir = '/tmp/testrepo';
+    const reponame = 'testrepo';
+
+    const username = process.env.USERNAME;
+    const password = process.env.PASSWORD;
+
+    before(function () {
+        const chromeOptions = new Options().windowSize({ width: 1280, height: 1024 });
+        if (process.env.CI) chromeOptions.addArguments('no-sandbox', 'disable-dev-shm-usage', 'headless');
+        browser = new Builder().forBrowser('chrome').setChromeOptions(chromeOptions).build();
+        if (!fs.existsSync('./screenshots')) fs.mkdirSync('./screenshots');
+    });
+
+    after(function () {
+        browser.quit();
         fs.rmSync(repodir, { recursive: true, force: true });
     });
 
     afterEach(async function () {
-        await takeScreenshot(this.currentTest);
+        if (!process.env.CI || !app) return;
+
+        const currentUrl = await browser.getCurrentUrl();
+        if (!currentUrl.includes(app.domain)) return;
+        expect(this.currentTest.title).to.be.a('string');
+
+        const screenshotData = await browser.takeScreenshot();
+        fs.writeFileSync(`./screenshots/${new Date().getTime()}-${this.currentTest.title.replaceAll(' ', '_')}.png`, screenshotData, 'base64');
     });
 
-    async function login(user, passwd) {
+    function getAppInfo() {
-        await goto(`https://${app.fqdn}/user/login`, 'label=Username or Email Address');
+        const inspect = JSON.parse(execSync('cloudron inspect'));
-        await sendKeys('label=Username or Email Address', user);
+        app = inspect.apps.filter(function (a) { return a.location.indexOf(LOCATION) === 0; })[0];
-        await sendKeys('label=Password', passwd);
+        expect(app).to.be.an('object');
-        await click('Sign In', { role: 'button' }); // there is a sign in link at the top
+    }
-        await waitFor('Milestones');
+
+    async function waitForElement(elem) {
+        await browser.wait(until.elementLocated(elem), TIMEOUT);
+        await browser.wait(until.elementIsVisible(browser.findElement(elem)), TIMEOUT);
+    }
+
+    function sleep(millis) {
+        return new Promise(resolve => setTimeout(resolve, millis));
+    }
+
+    async function setAvatar() {
+        await browser.get('https://' + app.fqdn + '/user/settings');
+
+        var button = await browser.findElement(By.xpath('//label[contains(text(), "Use Custom Avatar")]'));
+        await browser.executeScript('arguments[0].scrollIntoView(false)', button);
+        await browser.findElement(By.xpath('//label[contains(text(), "Use Custom Avatar")]')).click();
+        await browser.findElement(By.xpath('//input[@type="file" and @name="avatar"]')).sendKeys(path.resolve(__dirname, '../logo.png'));
+        await browser.findElement(By.xpath('//button[contains(text(), "Update Avatar")]')).click();
+        await browser.wait(until.elementLocated(By.xpath('//p[contains(text(),"Your avatar has been updated.")]')), TIMEOUT);
+    }
+
+    async function checkAvatar() {
+        await browser.get(`https://${app.fqdn}/${username}`);
+
+        const avatarSrc = await browser.findElement(By.xpath('//div[@id="profile-avatar"]/a/img')).getAttribute('src');
+
+        const response = await superagent.get(avatarSrc);
+        expect(response.statusCode).to.equal(200);
+    }
+
+    async function login(username, password) {
+        await browser.get('https://' + app.fqdn + '/user/login');
+
+        await browser.findElement(By.id('user_name')).sendKeys(username);
+        await browser.findElement(By.id('password')).sendKeys(password);
+        await browser.findElement(By.xpath('//form[@action="/user/login"]//button')).click();
+        await browser.wait(until.elementLocated(By.xpath('//img[contains(@class, "avatar")]')), TIMEOUT);
     }
 
     async function adminLogin() {
         await login('root', 'changeme');
     }
 
-    async function loginGiteaOIDC() {
+    async function loginOIDC(username, password, alreadyAuthenticated = true) {
-        await goto(`https://${app.fqdn}/user/login`, /Sign in with/);
+        browser.manage().deleteAllCookies();
-        await click(/Sign in with/);
+        await browser.get(`https://${app.fqdn}/user/login`);
-        await loginOIDC('Milestones');
+        await browser.sleep(2000);
+
+        await browser.findElement(By.xpath('//a[contains(@href, "/user/oauth2/Cloudron")]')).click();
+        await browser.sleep(2000);
+
+        if (!alreadyAuthenticated) {
+            await waitForElement(By.xpath('//input[@name="username"]'));
+            await browser.findElement(By.xpath('//input[@name="username"]')).sendKeys(username);
+            await browser.findElement(By.xpath('//input[@name="password"]')).sendKeys(password);
+            await browser.sleep(2000);
+            await browser.findElement(By.id('loginSubmitButton')).click();
+            await browser.sleep(2000);
+        }
+
+        await waitForElement(By.xpath('//img[contains(@class, "avatar")]'));
+    }
+
+    async function logout() {
+        await browser.get('https://' + app.fqdn);
+
+        await browser.findElement(By.xpath('//img[contains(@class, "avatar")]')).click();
+        await sleep(2000);
+        await browser.findElement(By.xpath('//a[@data-url="/user/logout"]')).click();
+        await sleep(2000);
     }
 
     async function addPublicKey() {
-        const keyPath = path.join(import.meta.dirname, 'id_ed25519');
+        const publicKey = fs.readFileSync(__dirname + '/id_ed25519.pub', 'utf8');
-        fs.chmodSync(keyPath, 0o600);
+        execSync(`chmod g-rw,o-rw ${__dirname}/id_ed25519`); // ssh will complain about perms later
 
-        await goto(`https://${app.fqdn}/user/settings/keys`, 'css=#add-ssh-button');
+        await browser.get('https://' + app.fqdn + '/user/settings/keys');
-        await click('css=#add-ssh-button'); // there are two Add key buttons
+
-        await sendKeys('label=Content', fs.readFileSync(`${import.meta.dirname}/id_ed25519.pub`, 'utf8').trim()); // there are two Content labels
+        await browser.wait(until.elementLocated(By.id('add-ssh-button')), TIMEOUT);
-        await sendKeys('label=Key Name', 'testkey');
+        await browser.findElement(By.id('add-ssh-button')).click();
-        await press('label=Key Name', 'Enter');
+        await browser.findElement(By.id('ssh-key-title')).sendKeys('testkey');
-        await waitFor(/has been added/);
+        await browser.findElement(By.id('ssh-key-content')).sendKeys(publicKey.trim()); // #3480
+        var button = browser.findElement(By.xpath('//button[contains(text(), "Add Key")]'));
+        await browser.executeScript('arguments[0].scrollIntoView(false)', button);
+        await browser.findElement(By.xpath('//form//button[contains(text(),"Add Key")]')).click();
+
+        await browser.wait(until.elementLocated(By.xpath('//p[contains(text(), "has been added.")]')), TIMEOUT);
     }
 
     async function createRepo() {
-        await goto(`https://${app.fqdn}/repo/create`, 'label=Repository Name');
+        await browser.get(`https://${app.fqdn}/repo/create`);
-        await sendKeys('label=Repository Name', reponame);
+        await browser.wait(until.elementLocated(By.id('repo_name')));
-        await click(/Initialize Repository/);
+        await browser.findElement(By.id('repo_name')).sendKeys(reponame);
-        await click('Create Repository');
+        var button = browser.findElement(By.xpath('//button[contains(text(), "Create Repository")]'));
-        await waitForUrl(`https://${app.fqdn}/${username}/${reponame}`);
+        await browser.executeScript('arguments[0].scrollIntoView(true)', button);
+        await browser.findElement(By.id('auto-init')).click();
+        await browser.findElement(By.xpath('//button[contains(text(), "Create Repository")]')).click();
+
+        await browser.wait(function () {
+            return browser.getCurrentUrl().then(function (url) {
+                return url === 'https://' + app.fqdn + '/' + username + '/' + reponame;
+            });
+        }, TIMEOUT);
+    }
+
+    async function checkCloneUrl() {
+        await browser.get('https://' + app.fqdn + '/' + username + '/' + reponame);
+        await browser.findElement(By.id('repo-clone-ssh')).click();
+
+        var cloneUrl = await browser.findElement(By.id('repo-clone-url')).getAttribute('value');
+        expect(cloneUrl).to.be(`ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame}.git`);
     }
 
     function cloneRepo() {
         fs.rmSync(repodir, { recursive: true, force: true });
-        const env = Object.create(process.env);
+        var env = Object.create(process.env);
-        env.GIT_SSH = path.join(import.meta.dirname, 'git_ssh_wrapper.sh');
+        env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
-        execSync(`git clone ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame}.git ${repodir}`, { env });
+        execSync(`git clone ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame}.git ${repodir}`, { env: env });
     }
 
     function pushFile() {
         const env = Object.create(process.env);
-        env.GIT_SSH = path.join(import.meta.dirname, 'git_ssh_wrapper.sh');
+        env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
-        execSync(
+        execSync(`touch newfile && git add newfile && git commit -a -mx && git push ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame} main`,
-            `touch newfile && git add newfile && git commit -a -mx && git push ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame} main`,
+                 { env: env, cwd: repodir });
-            { env, cwd: repodir }
-        );
         fs.rmSync(repodir, { recursive: true, force: true });
     }
 
     function fileExists() {
-        assert.strictEqual(fs.existsSync(`${repodir}/newfile`), true);
+        expect(fs.existsSync(repodir + '/newfile')).to.be(true);
     }
 
-    it('install app', function () {
+    async function sendMail() {
-        cloudronCli.install({ tcpPortFlags: INSTALL_TCP_FLAGS });
+        await browser.get(`https://${app.fqdn}/admin/config`);
-    });
+
+        var button = await browser.findElement(By.xpath('//button[contains(text(), "Send")]'));
+        await browser.executeScript('arguments[0].scrollIntoView(true)', button);
+        await browser.findElement(By.xpath('//input[@name="email"]')).sendKeys('test@cloudron.io');
+        await browser.findElement(By.xpath('//button[contains(text(), "Send")]')).click();
+        await browser.wait(until.elementLocated(By.xpath('//p[contains(text(), "A testing email has been sent")]')), TIMEOUT);
+    }
+
+    xit('build app', function () { execSync('cloudron build', EXEC_ARGS); });
+    it('install app', function () { execSync(`cloudron install --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, EXEC_ARGS); });
+
+    it('can get app information', getAppInfo);
 
     it('can admin login', adminLogin);
-    it('can logout', clearCache);
+    it('can send mail', sendMail);
+    it('can logout', logout);
 
-    it('can login', loginGiteaOIDC);
+    it('can login', loginOIDC.bind(null, username, password, false));
+    it('can set avatar', setAvatar);
+    it('can get avatar', checkAvatar);
 
     it('can add public key', addPublicKey);
 
     it('can create repo', createRepo);
 
+    it('displays correct clone url', checkCloneUrl);
+
     it('can clone the url', cloneRepo);
 
     it('can add and push a file', pushFile);
 
-    it('can restart app', cloudronCli.restart);
+    it('can restart app', function () { execSync('cloudron restart  --app ' + app.id); });
 
+    xit('can login', loginOIDC.bind(null, username, password)); // no need to relogin since session persists
+    it('displays correct clone url', checkCloneUrl);
     it('can clone the url', cloneRepo);
     it('file exists in repo', fileExists);
 
-    it('backup app', cloudronCli.createBackup);
+    it('backup app', function () { execSync('cloudron backup create --app ' + app.id, EXEC_ARGS); });
-    it('restore app', cloudronCli.restoreFromLatestBackup);
+    it('restore app', function () { execSync('cloudron restore --app ' + app.id, EXEC_ARGS); });
 
-    it('can login', loginGiteaOIDC);
+    it('can login', loginOIDC.bind(null, username, password));
+    it('can get avatar', checkAvatar);
     it('can clone the url', cloneRepo);
-    it('file exists in repo', function () {
+    it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });
-        assert.strictEqual(fs.existsSync(`${repodir}/newfile`), true);
+
+    it('move to different location', async function () {
+        //browser.manage().deleteAllCookies(); // commented because of error "'Network.deleteCookie' wasn't found"
+        // ensure we don't hit NXDOMAIN in the mean time
+        await browser.get('about:blank');
+
+        execSync('cloudron configure --location ' + LOCATION + '2 --app ' + app.id, EXEC_ARGS);
     });
+    it('can get app information', getAppInfo);
 
-    it('move to different location', cloudronCli.changeLocation);
+    it('can login', loginOIDC.bind(null, username, password));
-
+    it('can get avatar', checkAvatar);
-    it('can login', loginGiteaOIDC);
+    it('displays correct clone url', checkCloneUrl);
     it('can clone the url', cloneRepo);
-    it('file exists in repo', function () {
+    it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });
-        assert.strictEqual(fs.existsSync(`${repodir}/newfile`), true);
+
+    it('uninstall app', async function () {
+        // ensure we don't hit NXDOMAIN in the mean time
+        await browser.get('about:blank');
+        execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
     });
 
-    it('uninstall app', cloudronCli.uninstall);
+    // No SSO
-
+    it('install app (no sso)', function () { execSync(`cloudron install --no-sso --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, EXEC_ARGS); });
-    it('install app (no sso)', function () {
-        cloudronCli.install({ noSso: true, tcpPortFlags: INSTALL_TCP_FLAGS });
-    });
 
+    it('can get app information', getAppInfo);
     it('can admin login (no sso)', adminLogin);
-    it('can logout', clearCache);
+    it('can logout', logout);
 
-    it('uninstall app (no sso)', cloudronCli.uninstall);
+    it('uninstall app (no sso)', async function () {
-
+        await browser.get('about:blank');
-    it('can install app for update', async function () {
+        execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
-        await cloudronCli.appstoreInstall({ tcpPortFlags: INSTALL_TCP_FLAGS });
     });
 
-    it('can login', loginGiteaOIDC);
+    // test update
+    it('can install app', function () { execSync(`cloudron install --appstore-id ${app.manifest.id} --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, EXEC_ARGS); });
+
+    it('can get app information', getAppInfo);
+    it('can login', loginOIDC.bind(null, username, password));
+    it('can set avatar', setAvatar);
+    it('can get avatar', checkAvatar);
     it('can add public key', addPublicKey);
     it('can create repo', createRepo);
     it('can clone the url', cloneRepo);
     it('can add and push a file', pushFile);
 
-    it('can update', cloudronCli.update);
+    it('can update', function () { execSync('cloudron update --app ' + app.id, EXEC_ARGS); });
+    it('can get app information', getAppInfo);
 
     it('can admin login', adminLogin);
-    it('can logout', clearCache);
+    it('can send mail', sendMail);
+    it('can logout', logout);
 
-    it('can login', loginGiteaOIDC);
+    it('can login', loginOIDC.bind(null, username, password));
+    it('can get avatar', checkAvatar);
     it('can clone the url', cloneRepo);
     it('file exists in cloned repo', fileExists);
 
-    it('uninstall app', cloudronCli.uninstall);
+    it('uninstall app', async function () {
+        // ensure we don't hit NXDOMAIN in the mean time
+        await browser.get('about:blank');
+        execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
+    });
 });