Update package version to 1.36.7

| datasource      | package        | from   | to     |
| --------------- | -------------- | ------ | ------ |
| github-releases | go-gitea/gitea | 1.24.5 | 1.24.6 |

CHANGELOG

@@ -1,836 +0,0 @@
-[0.1.0]
-* Initial package (forked from Gogs app)
-
-[0.1.1]
-* Removed reference to Gogs
-
-[0.1.2]
-* Updated description
-
-[0.1.3]
-* Updated to version 1.1.2
-
-[1.0.0]
-* Update to version 1.1.3
-
-[1.0.1]
-* Update Git to v2.7.4-0ubuntu1.2
-* Fixes critical security issue that allows remote command execution in git
-* https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000117.html
-
-[1.0.2]
-* Preserve SECRET_KEY across updates and restarts
-
-[1.0.3]
-* Update to version 1.1.4
-
-[1.1.0]
-* Update to version 1.2.0
-* New logo!
-* SECURITY: Sanitation fix from Gogs (#1461)
-* Status-API
-* Implement GPG api
-* https://github.com/go-gitea/gitea/releases/tag/v1.2.0
-
-[1.1.1]
-* Update to version 1.2.1
-* Fix PR, milestone and label functionality if issue unit is disabled (#2710) (#2714)
-* Fix plain readme didn't render correctly on repo home page (#2705) (#2712)
-* Fix so that user can still fork his own repository to his organizations (#2699) (#2707)
-* Fix .netrc authentication (#2700) (#2708)
-* Fix slice out of bounds error in mailer (#2479) (#2696)
-
-[1.1.2]
-* Update to version 1.2.2
-* Add checks for commits with missing author and time (#2771) (#2785)
-* Fix sending mail with a non-latin display name (#2559) (#2783)
-* Sync MaxGitDiffLineCharacters with conf/app.ini (#2779) (#2780)
-* Update vendor git (#2765) (#2772)
-* Fix emojify image URL (#2769) (#2773)
-
-[1.1.3]
-* Update to version 1.2.3
-* Only require one email when validating GPG key (#2266, #2467, #2663) (#2788)
-* Fix order of comments (#2835) (#2839)
-
-[1.2.0]
-* Update to version 1.3.0
-
-[1.3.0]
-* Update to version 1.3.1
-* Add documentationUrl
-* Sanitize logs for mirror sync (#3057, #3082) (#3078)
-* Fix missing branch in release bug (#3108) (#3117)
-* Fix repo indexer and submodule bug (#3107) (#3110)
-* Fix legacy URL redirects (#3100) (#3106)
-* Fix redis session failed (#3086) (#3089)
-* Fix issue list branch link broken (#3061) (#3070)
-* Fix missing password length check when change password (#3039) (#3071)
-
-[1.3.1]
-* Update Gitea to 1.3.2
-* Fix run web with -p push failed (#3154) (#3179)
-* Fix source download link when no code unit allowed (#3166) (#3169)
-* Allow adding collaborators with (fullname) (#3103) (#3168)
-* Fix repo links (#3093) (#3163)
-* Fix Uninitialized variable in ParsePatch (#3156) (#3162)
-* Fix migration order v1.3 (#3157)
-* Fix avatar URLs (#3069) (#3143)
-
-[1.4.0]
-* Fix email sending (use SMTPS)
-
-[1.4.1]
-* Update Gitea to 1.3.3
-* Security fixes
-    * Fix escaping changed title in comments (#3530) (#3535)
-    * Escape search query display (#3486) (#3489)
-* Bug fixes
-    * Fix repo-transfer-and-team-repo-count bug (#3241) (#3244)
-    * Open external tracker in blank window, consistently with wiki (#3227) (#3228)
-    * Change SSL Mode from checkbox to string in admin page (#3208) (#3211)
-
-[1.5.0]
-* Update Gitea to 1.4.0
-
-[1.5.1]
-* Update Gitea to 1.4.1
-* Add “error” as reserved username (#3882) (#3886)
-* Do not allow inactive users to access repositories using private key (#3887) (#3889)
-* Fix path cleanup in file editor, when initilizing new repository and LFS oids (#3871) (#3873)
-* Remove unnecessary allowed safe HTML (#3778) (#3779)
-* Correctly check http git access rights for reverse proxy authorized users (#3721) (#3743)
-* Fix to use only needed columns from tables to get repository git paths (#3870) (#3883)
-* Fix GPG expire time display when time is zero (#3584) (#3884)
-* Fix to update only issue last update time when adding a comment (#3855) (#3860)
-* Fix repository star count after deleting user (#3781) (#3783)
-* Use the active branch for the code tab (#3720) (#3776)
-* Set default branch name on first push (#3715) (#3723)
-* Show clipboard button if disable HTTP of git protocol (#3773) (#3774)
-
-[1.5.2]
-* Update Gitea to 1.4.2
-* Adjust z-index for floating labels (#3939) (#3950)
-* Add missing token validation on application settings page (#3976) #3978
-* Webhook and hook_task clean up (#4006)
-* Fix webhook bug of response info is not displayed in UI (#4023)
-* Fix writer cannot read bare repo guide (#4033) (#4039)
-* Don't force due date to current time (#3830) (#4057)
-* Fix wiki redirects (#3919) (#4065)
-* Fix attachment ENABLED (#4064) (#4066)
-* Added deletion of an empty line at the end of file (#4054) (#4074)
-* Use ResolveReference instead of path.Join (#4073)
-* Fix #4081 Check for leading / in base before removing it (#4083)
-* Respository's home page not updated after first push (#4075)
-
-[1.5.2-1]
-* Rebuild Gitea package because of https://github.com/go-gitea/gitea/issues/4167
-* Adjust z-index for floating labels (#3939) (#3950)
-* Add missing token validation on application settings page (#3976) #3978
-* Webhook and hook_task clean up (#4006)
-* Fix webhook bug of response info is not displayed in UI (#4023)
-* Fix writer cannot read bare repo guide (#4033) (#4039)
-* Don't force due date to current time (#3830) (#4057)
-* Fix wiki redirects (#3919) (#4065)
-* Fix attachment ENABLED (#4064) (#4066)
-* Added deletion of an empty line at the end of file (#4054) (#4074)
-* Use ResolveReference instead of path.Join (#4073)
-* Fix #4081 Check for leading / in base before removing it (#4083)
-* Respository's home page not updated after first push (#4075)
-
-[1.5.3]
-* Update Gitea to 1.4.3
-* SECURITY
-  * HTML-escape plain-text READMEs (#4192) (#4214)
-  * Fix open redirect vulnerability on login screen (#4312) (#4312)
-* BUGFIXES
-  * Fix broken monitoring page when running processes are shown (#4203) (#4208)
-  * Fix delete comment bug (#4216) (#4228)
-  * Delete reactions added to issues and comments when deleting repository (#4232) (#4237)
-  * Fix wiki URL encoding bug (#4091) (#4254)
-  * Fix code tab link when viewing tags (#3908) (#4263)
-  * Fix webhook type conflation (#4285) (#4285)
-
-[1.5.4]
-* Allow customization using gitea's custom data directory
-
-[1.6.0]
-* Update Gitea to 1.5.0
-* Security
-  * Check that repositories can only be migrated to own user or organizations (#4366) (#4370)
-  * Limit uploaded avatar image-size to 4096px x 3072px by default (#4353)
-  * Do not allow to reuse TOTP passcode (#3878)
-* Features
-  * Add cli commands to regen hooks & keys (#3979)
-  * Add support for FIDO U2F (#3971)
-  * Added user language setting (#3875)
-  * Add topic support (#3711)
-  * Multiple assignees (#3705)
-  * Add protected branch whitelists for merging (#3689)
-  * Global code search support (#3664)
-  * Add label descriptions (#3662)
-  * Add issue search via API (#3612)
-  * Add repository setting to enable/disable health checks (#3607)
-  * Emoji Autocomplete (#3433)
-  * Implements generator cli for secrets (#3531)
-
-[1.6.1]
-* Update Gitea to 1.5.1
-* Security
-  * Don't disclose emails of all users when sending out emails (#4784)
-  * Improve URL validation for external wiki and external issues (#4710) (#4740)
-  * Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706) (#4707)
-* Bugfixes
-  * Fix missing release title in webhook (#4783) (#4800)
-  * Make sure to reset commit count in the cache on mirror syncing (#4770)
-  * Fixed bug where team with admin privelege type doesn't get any unit (#4759)
-  * Fix failure on creating pull request with assignees (#4583) (#4727)
-  * Hide org/create menu item in Dashboard if user has no rights (#4678) (#4686)
-
-[1.7.0]
-* Update base image
-
-[1.7.1]
-* Update Gitea to 1.5.2
-
-[1.7.2]
-* Update Gitea to 1.5.3
-* Security
-  * Fix remote command execution vulnerability in upstream library (#5177) (#5196)
-
-[1.8.0]
-* Update Gitea to 1.6.0
-
-[1.8.1]
-* Update Gitea to 1.6.1
-
-[1.8.2]
-* Update Gitea to 1.6.2
-* SECURITY
-  * Sanitize uploaded file names (#5571) (#5573)
-  * HTMLEncode user added text (#5570) (#5575)
-* BUGFIXES
-  * Fix indexer reindex bug when gitea restart (#5563) (#5564)
-  * Fix bug when a read perm user to edit his issue (#5516) (#5534)
-  * Detect force push failure on deletion of protected branches (#5522) (#5531)
-  * Fix forgot deletion of notification when delete repository (#5506) (#5514)
-  * Fix undeleted content when deleting user (#5429) (#5509)
-  * Fix empty wiki (#5504) (#5508)
-
-[1.8.3]
-* Update Gitea to 1.6.3
-* SECURITY: Prevent DeleteFilePost doing arbitrary deletion (#5631)
-* BUGFIX: Fix wrong text getting saved on editing second comment on an issue (#5608)
-
-[1.8.4]
-* Update Gitea to 1.6.4
-* Fix SSH key now can be reused as public key after deleting as deploy key (#5671) (#5685)
-* When redirecting clean the path to avoid redirecting to external site (#5669) (#5703)
-* Fix to use correct value for "MSpan Structures Obtained" (#5706) (#5715)
-
-[1.9.0]
-* Update Gitea to 1.7.0
-
-[1.9.1]
-* Update Gitea to 1.7.1
-* [Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.7.1)
-* Disable redirect for i18n (#5910) (#5916)
-* Only allow local login if password is non-empty (#5906) (#5908)
-* Fix go-get URL generation (#5905) (#5907)
-* Fix TLS errors when using acme/autocert for local connections (#5820) (#5826)
-* Request for public keys only if LDAP attribute is set (#5816) (#5819)
-* Fix delete correct temp directory (#5840) (#5839)
-* Fix an error while adding a dependency via UI (#5862) (#5876)
-* Fix null pointer in attempt to Sudo if not logged in (#5872) (#5884)
-* When creating new repository fsck option should be enabled (#5817) (#5885)
-* Prevent nil dereference in mailIssueCommentToParticipants (#5891) (#5895) (#5894)
-* Fix bug when read public repo lfs file (#5913) (#5912)
-* Respect value of REQUIRE_SIGNIN_VIEW (#5901) (#5915)
-* Fix compare button on upstream repo leading to 404 (#5877) (#5914)
-
-[1.9.2]
-* Update Gitea to 1.7.2
-* Remove all CommitStatus when a repo is deleted (#5940) (#5941)
-* Fix notifications on pushing with deploy keys by setting hook environment variables (#5935) (#5944)
-* Silence console logger in gitea serv (#5887) (#5943)
-* Handle milestone webhook events for issues and PR (#5947) (#5955)
-* Show user who created the repository instead of the organization in action feed (#5948) (#5956)
-* Fix ssh deploy and user key constraints (#1357) (#5939) (#5966)
-* Fix bug when deleting a linked account will removed all (#5989) (#5990)
-* Fix empty ssh key importing in ldap (#5984) (#6009)
-* Fix metrics auth token detection (#6006) (#6017)
-* Create repository on organisation by default on its dashboard (#6026) (#6048)
-* Make sure labels are actually returned in API (#6053) (#6059)
-* Switch to more recent build of xgo (#6070) (#6072)
-* In basic auth check for tokens before call UserSignIn (#5725) (#6083)
-
-[1.9.3]
-* Update Gitea to 1.7.3
-* Fix server 500 when trying to migrate to an already existing repository (#6188) (#6197)
-* Load Issue attributes for API /repos/{owner}/{repo}/issues/{index} (#6122) (#6185)
-* Fix bug whereby user could change private repository to public when force private enabled. (#6156) (#6165)
-* Fix bug when update owner team then visit team's repo return 404 (#6119) (#6166)
-* Fix heatmap and repository menu display in Internet Explorer 9+ (#6117) (#6137)
-* Fix prohibit login check on authorization (#6106) (#6115)
-* Fix LDAP protocol error regression by moving to ldap.v3 (#6105) (#6107)
-* Fix deadlock in webhook PullRequest (#6102) (#6104)
-* Fix redirect loop when password change is required and Gitea is installed as a suburl (#5965) (#6101)
-* Fix compare button regression (#5929) (#6098)
-* Recover panic in orgmode.Render if bad orgfile (#4982) (#5903) (#6097)
-
-[1.9.4]
-* Update Gitea to 1.7.4
-* Fix potential XSS vulnerability in repository description. (#6306) (#6308)
-* Fix wrong release commit id (#6224) (#6300)
-* Fix panic on empty signed commits (#6292) (#6300)
-* Fix organization dropdown not being scrollable when using mouse wheel (#5988) (#6246)
-* Fix displaying dashboard even if required to change password (#6214) (#6215)
-
-[1.9.5]
-* Update Gitea to 1.7.5
-* unitTypeCode not being used in accessLevelUnit (#6419) (#6423)
-* ParsePatch function to work with quoted diff --git strings (#6323) (#6332)
-
-[1.9.6]
-* Update Gitea to 1.7.6
-* Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6595)
-* Allow resend of confirmation email when logged in (#6482) (#6487)
-
-[1.10.0]
-* Update Gitea to 1.8.0
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.8.0)
-* Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6594)
-* Resolve 2FA bypass on API (#6676) (#6674)
-* Prevent the creation of empty sessions for non-logged in users (#6690) (#6677)
-* Expose issue stopwatch toggling via API (#5970)
-* Pull request conflict files detection (#5951)
-* Implement "conversation lock" for issue comments (#5073)
-* Feature: Archive repos (#5009)
-* Allow to set organization visibility (public, internal, private) (#1763)
-* Added URL mapping for Release attachments like on github.com (#1707)
-
-[1.10.1]
-* Update Gitea to 1.8.1
-
-[1.10.2]
-* Update Gitea to 1.8.2
-
-[1.11.0]
-* better custom app.ini integration
-* optional sso support
-
-[1.12.0]
-* Update Gitea to 1.8.3
-* Update manifest to v2
-
-[1.13.0]
-* Update Gitea to 1.9.0
-
-[1.13.1]
-* Update Gitea to 1.9.1
-
-[1.13.2]
-* Make sessions persist restarts
-
-[1.13.3]
-* Update Gitea to 1.9.2
-* Fix wrong sender when send slack webhook (#7918) (#7924)
-* Upload support text/plain; charset=utf8 (#7899)
-* Lfs/lock: round locked_at timestamp to second (#7872) (#7875)
-* Fix non existent milestone with 500 error (#7867) (#7873)
-* SECURITY
-  * Fix No PGP signature on 1.9.1 tag (#7874)
-  * Release built with go 1.12.9 to fix security fixes in golang std lib, ref: https://groups.google.com/forum/#!msg/golang-announce/oeMaeUnkvVE/a49yvTLqAAAJ
-* ENHANCEMENT
-  * Fix pull creation with empty changes (#7920) (#7926)
-* BUILD
-  * Drone/docker: prepare multi-arch release + provide arm64 image (#7571) (#7884)
-
-[1.13.4]
-* Update Gitea to 1.9.3
-* Fix go get from a private repository with Go 1.13 (#8100)
-* Strict name matching for Repository.GetTagID() (#8082)
-* Avoid ambiguity of branch/directory names for the git-diff-tree command (#8070)
-* Add change title notification for issues (#8064)
-* Run CORS handler first for /api routes (#7967) (#8053)
-* Evaluate emojis in commit messages in list view (#8044)
-* Fix failed to synchronize tags to releases for repository (#7990) (#7994)
-* Fix adding default Telegram webhook (#7972) (#7992)
-* Abort synchronization from LDAP source if there is some error (#7965)
-* Fix deformed emoji in commit message (#8071)
-* Keep blame view buttons sequence consistent with normal view when viewing a file (#8007) (#8009)
-
-[1.13.5]
-* Update Gitea to 1.9.4
-* Highlight issue references (#8101) (#8404)
-* Fix bug when migrating a private repository #7917 (#8403)
-* Change general form binding to gogs form (#8334) (#8402)
-* Fix editor commit to new branch if PR disabled (#8375) (#8401)
-* Fix milestone num_issues (#8221) (#8400)
-* Allow users with explicit read access to give approvals (#8398)
-* Fix commit status in PR #8316 and PR #8321 (#8339)
-* Fix API for edit and delete release attachment (#8290)
-* Fix assets on release webhook (#8283)
-* Fix release API URL generation (#8239)
-* Allow registration when button is hidden (#8238)
-* MS Teams webhook misses commit messages (backport v1.9) (#8225)
-
-[1.13.6]
-* Update Gitea to 1.9.5
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.9.5)
-* Hide some user information via API if user doesn't have enough permission (#8655) (#8658)
-* Fix milestone close timestamp (#8728) (#8731)
-* Fix deadline on update issue or PR via API (#8699)
-* Fix 'New Issue Missing Milestone Comment' (#8678) (#8682)
-* Fix 500 when getting user as unauthenticated user (#8653) (#8662)
-* Use AppSubUrl for more redirections (#8647) (#8652)
-* Add SubURL to redirect path (#8632) (#8634) (#8640)
-* Fix #8582 by handling empty repos (#8587) (#8593)
-* Fix bug on pull requests when transfer head repository (#8571)
-* Add missed close in ServeBlobLFS (#8527) (#8543)
-* Return false if provided branch name is empty for IsBranchExist (#8485) (#8492)
-* Create .ssh dir as necessary (#8369) (#8486) (#8489)
-* Restore functionality for early gits (#7775) (#8476)
-* Add check for empty set when dropping indexes during migration (#8475)
-* Ensure Request Body Readers are closed in LFS server (#8454) (#8459)
-* Ensure that LFS files are relative to the LFS content path (#8455) (#8458)
-* Ignore mentions for users with no access (#8395) (#8484)
-
-[1.14.0]
-* Update Gitea to 1.10.0
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.10.0)
-
-[1.14.1]
-* Update Gitea to 1.10.1
-* Fix max length check and limit in multiple repo forms (#9148) (#9204)
-* Properly fix displaying virtual session provider in admin panel (#9137) (#9203)
-* Upgrade levelqueue to 0.1.0 (#9192) (#9199)
-* Fix panic when diff (#9187) (#9193)
-* Smtp logger configuration sendTos should be an array (#9154) (#9157)
-* Always Show Password Field on Link Account Sign-in Page (#9150)
-* Create PR on Current Repository by Default (#8670) (#9141)
-* Fix race on indexer (#9136) (#9139)
-* Fix reCAPTCHA URL (#9119)
-* Hide migrated credentials (#9098)
-* Update golang.org/x/crypto vendor to use acme v2 (#9056) (#9085)
-* Fix password checks on admin create/edit user (#9076) (#9081)
-* Fix add search as a reserved username (#9063) (#9065)
-* Fix permission checks for close/reopen from commit (#8875) (#9033)
-* Ensure Written is set in GZIP ProxyResponseWriter (#9018) (#9025)
-* Fix broken link to branch from issue list (#9003) (#9021)
-* Fix wrong system notice when repository is empty (#9020)
-* Shadow password correctly for session config (#8984) (#9002)
-
-[1.14.2]
-* Update Gitea to 1.10.2
-* Allow only specific Columns to be updated on Issue via API (#9539) (#9580)
-* Add ErrReactionAlreadyExist error (#9550) (#9564)
-* Fix bug when migrate from API (#8631) (#9563)
-* Use default avatar for ghost user (#9536) (#9537)
-* Fix repository issues pagination bug when there are more than one label filter (#9512) (#9528)
-* Fix deleted branch not removed when push the branch again (#9516) (#9524)
-* Fix missing repository status when migrating repository via API (#9511)
-* Trigger webhook when deleting a branch after merging a PR (#9510)
-* Fix paging on /repos/{owner}/{repo}/git/trees/{sha} API endpoint (#9482)
-* Fix NewCommitStatus (#9434) (#9435)
-* Use OriginalURL instead of CloneAddr in migration logging (#9418) (#9420)
-* Fix Slack webhook payload title generation to work with Mattermost (#9404)
-* DefaultBranch needs to be prefixed by BranchPrefix (#9356) (#9359)
-* Fix issue indexer not triggered when migrating a repository (#9333)
-* Fix bug that release attachment files not deleted when deleting repository (#9322) (#9329)
-* Fix migration releases (#9319) (#9326) (#9328)
-* Fix File Edit: Author/Committer interchanged (#9297) (#9300)
-
-[1.14.3]
-* Update Gitea to 1.10.3
-* Hide credentials when submitting migration (#9102) (#9704)
-* Never allow an empty password to validate (#9682) (#9684)
-* Prevent redirect to Host (#9678) (#9680)
-* Hide public repos owned by private orgs (#9609) (#9616)
-* Allow assignee on Pull Creation when Issue Unit is deactivated (#9836) (#9838)
-* Fix download file wrong content-type (#9825) (#9835)
-* Fix wrong identify poster on a migrated pull request when submit review (#9827) (#9831)
-* Fix dump non-exist log directory (#9818) (#9820)
-* Fix compare (#9808) (#9815)
-* Fix missing msteam webhook on organization (#9781) (#9795)
-* Fix add team on collaborator page when same name as organization (#9783)
-* Fix cache problem on dashboard (#9358) (#9703)
-* Send tag create and push webhook when release created on UI (#8671) (#9702)
-* Branches not at ref commit ID should not be listed as Merged (#9614) (#9639)
-
-[1.15.0]
-* Update Gitea to 1.11.0
-
-[1.15.1]
-* Update Gitea to 1.11.1
-* Repo name added to automatically generated commit message when merging (#9997) (#10285)
-* Fix Workerpool deadlock (#10283) (#10284)
-* Divide GetIssueStats query in smaller chunks (#10176) (#10282)
-* Fix reply on code review (#10257)
-* Stop hanging issue indexer initialisation from preventing shutdown (#10243) (#10249)
-* Fix filter label emoji width (#10241) (#10244)
-* Fix issue sidebar menus having an infinite height (#10239) (#10240)
-* Fix commit between two commits calculation if there is only last commit (#10225) (#10226)
-* Only check for conflicts/merging if the PR has not been merged in the interim (#10132) (#10206)
-* Blacklist manifest.json & milestones user (#10292) (#10293)
-
-[1.15.2]
-* Update Gitea to 1.11.2
-
-[1.15.3]
-* Update Gitea to 1.11.3
-
-[1.15.4]
-* Update Gitea to 1.11.4
-
-[1.16.0]
-* Update Gitea to [1.11.5](https://github.com/go-gitea/gitea/releases/tag/v1.11.5)
-* Update base image to 2.0.0
-
-[1.16.1]
-* Update Gitea to 1.11.6
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.11.6)
-* Fix missing authorization check on pull for public repos of private/limited org (#11656) (#11683)
-* Use session for retrieving org teams (#11438) (#11439)
-* Return json on 500 error from API (#11574) (#11660)
-* Fix wrong milestone in webhook message (#11596) (#11612)
-* Prevent (caught) panic on login (#11590) (#11598)
-* Fix commit page js error (#11527)
-
-[1.17.0]
-* Update Gitea to 1.12.1
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.12.0)
-
-[1.18.0]
-* Add forumUrl and update tags and screenshots
-
-[1.18.1]
-* Update Gitea to 1.12.2
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.12.2)
-
-[1.18.2]
-* Update Gitea to 1.12.3
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.12.3)
-* Don't change creation date when updating Release (#12343) (#12351)
-* Show 404 page when release not found (#12328) (#12332)
-* Fix emoji detection in certain cases (#12320) (#12327)
-* Reduce emoji size (#12317) (#12327)
-* Fix double-indirection bug in logging IDs (#12294) (#12308)
-* Link to pull list page on sidebar when view pr (#12256) (#12263)
-* Extend Notifications API and return pinned notifications by default (#12164) (#12232)
-
-[1.18.3]
-* Update Gitea to 1.12.4
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.12.4)
-* Escape provider name in oauth2 provider redirect (#12648) (#12650)
-* Escape Email on password reset page (#12610) (#12612)
-* When reading expired sessions - expire them (#12686) (#12690)
-* StaticRootPath configurable at compile time (#12371) (#12652)
-* Fix to show an issue that is related to a deleted issue (#12651) (#12692)
-* Expire time acknowledged for cache (#12605) (#12611)
-* Fix diff path unquoting (#12554) (#12575)
-* Improve HTML escaping helper (#12562)
-* models: break out of loop (#12386) (#12561)
-* Default empty merger list to those with write permissions (#12535) (#12560)
-* Skip SSPI authentication attempts for /api/internal (#12556) (#12559)
-* Prevent NPE on commenting on lines with invalidated comments (#12549) (#12550)
-* Remove hardcoded ES indexername (#12521) (#12526)
-* Fix bug preventing transfer to private organization (#12497) (#12501)
-* Keys should not verify revoked email addresses (#12486) (#12495)
-* Do not add prefix on http/https submodule links (#12477) (#12479)
-* Fix ignored login on compare (#12476) (#12478)
-* Fix incorrect error logging in Stats indexer and OAuth2 (#12387) (#12422)
-* Upgrade google/go-github to v32.1.0 (#12361) (#12390)
-* Render emoji's of Commit message on feed-page (#12373)
-* Fix handling of diff on unrelated branches when Git 2.28 used (#12370)
-
-[1.18.4]
-* Update Gitea to 1.12.5
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.12.5)
-* Allow U2F with default settings for gitea in subpath (#12990) (#13001)
-* Prevent empty div when editing comment (#12404) (#12991)
-* On mirror update also update address in DB (#12964) (#12967)
-* Allow extended config on cron settings (#12939) (#12943)
-* Open transaction when adding Avatar email-hash pairs to the DB (#12577) (#12940)
-* Fix internal server error from ListUserOrgs API (#12910) (#12915)
-* Update only the repository columns that need updating (#12900) (#12912)
-* Fix panic when adding long comment (#12892) (#12894)
-* Add size limit for content of comment on action ui (#12881) (#12890)
-* Convert User expose ID each time (#12855) (#12883)
-* Support slashes in release tags (#12864) (#12882)
-* Add missing information to CreateRepo API endpoint (#12848) (#12867)
-* On Migration respect old DefaultBranch (#12843) (#12858)
-* Fix notifications page links (#12838) (#12853)
-* Stop cloning unnecessarily on PR update (#12839) (#12852)
-* Escape more things that are passed through str2html (#12622) (#12850)
-* Remove double escape on labels addition in comments (#12809) (#12810)
-* Fix "only mail on mention" bug (#12775) (#12789)
-* Fix yet another bug with diff file names (#12771) (#12776)
-* RepoInit Respect AlternateDefaultBranch (#12746) (#12751)
-* Fix Avatar Resize (resize algo NearestNeighbor -> Bilinear) (#12745) (#12750)
-
-[1.18.5]
-* Update Gitea to 1.12.6
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.12.6)
-* Prevent git operations for inactive users (#13527) (#13537)
-* Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525)
-* API should only return Json (#13511) (#13564)
-* Fix before and since query arguments at API (#13559) (#13560)
-* Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492)
-* Fix link detection in repository description with tailing '_' (#13407) (#13408)
-* Remove obsolete change of email on profile page (#13341) (#13348)
-* Fix permission check on get Reactions API endpoints (#13344) (#13346)
-* Add migrated pulls to pull request task queue (#13331) (#13335)
-* API deny wrong pull creation options (#13308) (#13327)
-* Fix initial commit page & binary munching problem (#13249) (#13259)
-* Fix diff parsing (#13157) (#13136) (#13139)
-* Return error 404 not 500 from API if team does not exist (#13118) (#13119)
-* Prohibit automatic downgrades (#13108) (#13111)
-* Fix GitLab Migration Option AuthToken (#13101)
-* GitLab Label Color Normalizer (#12793) (#13100)
-* Log the underlying panic in runMigrateTask (#13096) (#13098)
-* Fix attachments list in edit comment (#13036) (#13097)
-* Fix deadlock when deleting team user (#13093)
-* Fix error create comment on outdated file (#13041) (#13042)
-* Fix repository create/delete event webhooks (#13008) (#13027)
-* Fix internal server error on README in submodule (#13006) (#13016)
-
-[1.19.0]
-* Update Gitea to 1.13.0
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.13.0)
-
-[1.19.1]
-* Update Gitea to 1.13.1
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.13.1)
-* Security: Hide private participation in Orgs (#13994) (#14031)
-* Security: Fix escaping issue in diff (#14153) (#14154)
-
-[1.19.2]
-* Update Gitea to 1.13.2
-* Prevent panic on fuzzer provided string (#14405) (#14409)
-* Add secure/httpOnly attributes to the lang cookie (#14279) (#14280)
-* If release publisher is deleted use ghost user (#14375)
-* Internal ssh server respect Ciphers, MACs and KeyExchanges settings (#14523) (#14530)
-* Set the name Mapper in migrations (#14526) (#14529)
-* Fix wiki preview (#14515)
-* Update code.gitea.io/sdk/gitea v0.13.1 -> v0.13.2 (#14497)
-* ChangeUserName: rename user files back on DB issue (#14447)
-* Fix lfs preview bug (#14428) (#14433)
-* Ensure timeout error is shown on u2f timeout (#14417) (#14431)
-* Fix Deadlock & Delete affected reactions on comment deletion (#14392) (#14425)
-* Use path not filepath in routers/editor (#14390) (#14396)
-* Check if label template exist first (#14384) (#14389)
-* Fix migration v141 (#14387) (#14388)
-* Use Request.URL.RequestURI() for fcgi (#14347)
-* Use ServerError provided by Context (#14333) (#14345)
-* Fix edit-label form init (#14337)
-* Fix mailIssueCommentBatch for pull request (#14252) (#14296)
-* Render links for commit hashes followed by comma (#14224) (#14227)
-* Send notifications for mentions in pulls, issues, (code-)comments (#14218) (#14221)
-* Fix avatar bugs (#14217) (#14220)
-* Ensure that schema search path is set with every connection on postgres (#14131) (#14216)
-* Fix dashboard issues labels filter bug (#14210) (#14214)
-* When visit /favicon.ico but the static file is not exist return 404 but not continue to handle the route (#14211) (#14213)
-* Fix branch selector on new issue page (#14194) (#14207)
-* Check for notExist on profile repository page (#14197) (#14203)
-
-[1.20.0]
-* Use base image v3
-
-[1.20.1]
-* Update Gitea to 1.13.3
-* Turn default hash password algorithm back to pbkdf2 from argon2 until we find a better one (#14673) (#14675)
-* Fix paging of file commit logs (#14831) (#14879)
-* Print useful error if SQLite is used in settings but not supported (#14476) (#14874)
-* Fix display since time round (#14226) (#14873)
-* When Deleting Repository only explicitly close PRs whose base is not this repository (#14823) (#14842)
-* Set HCaptchaSiteKey on Link Account pages (#14834) (#14839)
-* Fix a couple of CommentAsPatch issues. (#14804) (#14820)
-* Disable broken OAuth2 providers at startup (#14802) (#14811)
-* Repo Transfer permission checks (#14792) (#14794)
-* Fix double alert in oauth2 application edit view (#14764) (#14768)
-* Fix broken spans in diffs (#14678) (#14683)
-* Prevent race in PersistableChannelUniqueQueue.Has (#14651) (#14676)
-* HasPreviousCommit causes recursive load of commits unnecessarily (#14598) (#14649)
-* Do not assume all 40 char strings are SHA1s (#14624) (#14648)
-* Allow org labels to be set with issue templates (#14593) (#14647)
-* Accept multiple SSH keys in single LDAP SSHPublicKey attribute (#13989) (#14607)
-* Fix bug about ListOptions and stars/watchers pagnation (#14556) (#14573)
-* Fix GPG key deletion during account deletion (#14561) (#14569)
-
-[1.20.2]
-* Update Gitea to 1.13.4
-* Fix issue popups (#14898) (#14899)
-* Fix race in LFS ContentStore.Put(...) (#14895) (#14913)
-* Fix a couple of issues with a feeds (#14897) (#14903)
-* When transfering repository and database transaction failed, rollback the renames (#14864) (#14902)
-* Fix race in local storage (#14888) (#14901)
-* Fix 500 on pull view page if user is not loged in (#14885) (#14886)
-
-[1.20.3]
-* Update Gitea to 1.13.5
-* Update to goldmark 1.3.3 (#15059) (#15061)
-* Another clusterfuzz spotted issue (#15032) (#15034)
-* Fix set milestone on PR creation (#14981) (#15001)
-* Prevent panic when editing forked repos by API (#14960) (#14963)
-* Fix bug when upload on web (#15042) (#15055)
-* Delete Labels & IssueLabels on Repo Delete too (#15039) (#15051)
-* Fix postgres ID sequences broken by recreate-table (#15015) (#15029)
-* Fix several render issues (#14986) (#15013)
-* Make sure sibling images get a link too (#14979) (#14995)
-* Fix Anchor jumping with escaped query components (#14969) (#14977)
-* Fix release mail html template (#14976)
-* Fix excluding more than two labels on issues list (#14962) (#14973)
-* Don't mark each comment poster as OP (#14971) (#14972)
-* Add "captcha" to list of reserved usernames (#14930)
-* Re-enable import local paths after reversion from #13610 (#14925) (#14927)
-
-[1.20.4]
-* Update Gitea to 1.13.6
-* Fix bug on avatar middleware (#15124) (#15125)
-* Fix another clusterfuzz identified issue (#15096) (#15114)
-* Fix nil exeption for get pull reviews API #15104 (#15106)
-* Fix markdown rendering in milestone content (#15056) (#15092)
-
-[1.20.5]
-* Update Gitea to 1.13.7
-* Update to bluemonday-1.0.6 (#15294) (#15298)
-* Clusterfuzz found another way (#15160) (#15169)
-* Fix wrong user returned in API (#15139) (#15150)
-* Add 'fonts' into 'KnownPublicEntries' (#15188) (#15317)
-* Speed up enry.IsVendor (#15213) (#15246)
-* Response 404 for diff/patch of a commit that not exist (#15221) (#15238)
-* Prevent NPE in CommentMustAsDiff if no hunk header (#15199) (#15201)
-* Add size to Save function (#15264) (#15271)
-
-[1.21.0]
-* Update Gitea to 1.14.0
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.14.0)
-
-[1.21.1]
-* Update Gitea to 1.14.1
-* Fix bug clone wiki (#15499) (#15502)
-* Github Migration ignore rate limit, if not enabled (#15490) (#15495)
-* Use subdir for URL (#15446) (#15493)
-* Query the DB for the hash before inserting in to email_hash (#15457) (#15491)
-* Ensure review dismissal only dismisses the correct review (#15477) (#15489)
-* Use index of the supported tags to choose user lang (#15452) (#15488)
-* Fix wrong file link in code search page (#15466) (#15486)
-* Quick template fix for built-in SSH server in admin config (#15464) (#15481)
-* Prevent superfluous response.WriteHeader (#15456) (#15476)
-* Fix ambiguous argument error on tags (#15432) (#15474)
-* Add created_unix instead of expiry to migration (#15458) (#15463)
-* Fix repository search (#15428) (#15442)
-* Prevent NPE on avatar direct rendering if federated avatars disabled (#15434) (#15439)
-* Fix wiki clone urls (#15430) (#15431)
-* Fix dingtalk icon url at webhook (#15417) (#15426)
-* Standardise icon on projects PR page (#15387) (#15408)
-* Add option to skip LFS/attachment files for dump (#15407) (#15492)
-* Clone panel fixes (#15436)
-* Use semantic dropdown for code search query type (#15276) (#15364)
-
-[1.21.2]
-* Update Gitea to 1.14.2
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.14.2)
-* Display conflict-free merge messages for pull requests (#15773) (#15796)
-* Exponential Backoff for ByteFIFO (#15724) (#15793)
-* Issue list alignment tweaks (#15483) (#15766)
-* Implement delete release attachments and update release attachments' name (#14130) (#15666)
-* Add placeholder text to deploy key textarea (#15575) (#15576)
-* Project board improvements (#15429) (#15560)
-* Repo branch page: label size, PR ref, new PR button alignment (#15363) (#15365)
-
-[1.21.3]
-* Update Gitea to 1.14.3
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.14.3)
-* Encrypt migration credentials at rest (#15895) (#16187)
-* Only check access tokens if they are likely to be tokens (#16164) (#16171)
-* Add missing SameSite settings for the i_like_gitea cookie (#16037) (#16039)
-* Fix setting of SameSite on cookies (#15989) (#15991)
-
-[1.21.4]
-* Update Gitea to 1.14.4
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.14.4)
-* Fix relative links in postprocessed images (#16334) (#16340)
-* Fix list_options GetStartEnd (#16303) (#16305)
-* Fix API to use author for commits instead of committer (#16276) (#16277)
-* Handle misencoding of login_source cfg in mssql (#16268) (#16275)
-* Fixed issues not updated by commits (#16254) (#16261)
-* Improve efficiency in FindRenderizableReferenceNumeric and getReference (#16251) (#16255)
-* Use html.Parse rather than html.ParseFragment (#16223) (#16225)
-* Fix milestone counters on new issue (#16183) (#16224)
-* reqOrgMembership calls need to be preceded by reqToken (#16198) (#16219)
-
-[1.21.5]
-* Update Gitea to 1.14.5
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.14.5)
-* Hide mirror passwords on repo settings page (#16022) (#16355)
-* Update bluemonday to v1.0.15 (#16379) (#16380)
-* Retry rename on lock induced failures (#16435) (#16439)
-* Validate issue index before querying DB (#16406) (#16410)
-* Fix crash following ldap authentication update (#16447) (#16449)
-* Redirect on bad CSRF instead of presenting bad page (#14937) (#16378)
-
-[1.21.6]
-* Update Gitea to 1.14.6
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.14.6)
-* SECURITY
-  * Bump github.com/markbates/goth from v1.67.1 to v1.68.0 (#16538) (#16540)
-  * Switch to maintained JWT lib (#16532) (#16535)
-  * Upgrade to latest version of golang-jwt (as forked for 1.14) (#16590) (#16607)
-
-[1.22.0]
-* Update Gitea to 1.15.0
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.15.0)
-
-[1.22.1]
-* Update Gitea to 1.15.1
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.15.1)
-
-[1.22.2]
-* Update Gitea to 1.15.2
-* Add unique constraint back into issue_index (#16938)
-* Close storage objects before cleaning (#16934) (#16942)
-
-[1.22.3]
-* Update Gitea to 1.15.3
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.15.3)
-* Add fluid to ui container class to remove margin (#16396) (#16976)
-* Add caller to cat-file batch calls (#17082) (#17089)
-* Many bug fixes
-
-[1.22.4]
-* Update Gitea to 1.15.4
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.15.4)
-* Raw file API: don't try to interpret 40char filenames as commit SHA (#17185) (#17272)
-* Don't allow merged PRs to be reopened (#17192) (#17271)
-* Fix incorrect repository count on organization tab of dashboard (#17256) (#17266)
-* Fix unwanted team review request deletion (#17257) (#17264)
-* Fix broken Activities link in team dashboard (#17255) (#17258)
-* API pull's head/base have correct permission(#17214) (#17245)
-* Fix stange behavior of DownloadPullDiffOrPatch in incorect index (#17223) (#17227)
-* Upgrade xorm to v1.2.5 (#17177) (#17188)
-* Fix missing repo link in issue/pull assigned emails (#17183) (#17184)
-* Fix bug of get context user (#17169) (#17172)
-* Nicely handle missing user in collaborations (#17049) (#17166)
-* Add Horizontal scrollbar to inner menu on Chrome (#17086) (#17164)
-* Fix wrong i18n keys (#17150) (#17153)
-* Fix Archive Creation: correct transaction ending (#17151)
-* Prevent panic in Org mode HighlightCodeBlock (#17140) (#17141)
-* Create doctor command to fix repo_units broken by dumps from 1.14.3-1.14.6 (#17136) (#17137)
-
-[1.22.5]
-* Update Gitea to 1.15.5
-* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.15.5)
-* Upgrade Bluemonday to v1.0.16 (#17372) (#17374)
-* Ensure correct SSH permissions check for private and restricted users (#17370) (#17373)
-* Prevent NPE in CSV diff rendering when column removed (#17018) (#17377)
-* Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) (#17376)
-* Don't panic if we fail to parse U2FRegistration data (#17304) (#17371)
-* Ensure popup text is aligned left (backport for 1.15) (#17343)
-* Ensure that git daemon export ok is created for mirrors (#17243) (#17306)
-* Disable core.protectNTFS (#17300) (#17302)
-* Use pointer for wrappedConn methods (#17295) (#17296)
-* AutoRegistration is supposed to be working with disabled registration (backport) (#17292)
-* Handle duplicate keys on GPG key ring (#17242) (#17284)
-* Fix SVG side by side comparison link (#17375) (#17391)

CloudronManifest.json

@@ -4,15 +4,20 @@
   "author": "Gitea developers",
   "description": "file://DESCRIPTION.md",
   "tagline": "A painless self-hosted Git Service",
-  "version": "1.22.5",
+  "version": "1.36.7",
+  "upstreamVersion": "1.24.6",
   "healthCheckPath": "/explore",
   "httpPort": 3000,
   "memoryLimit": 536870912,
   "addons": {
-    "mysql": { },
-    "sendmail": { },
-    "localstorage": { },
-    "ldap": { }
+    "mysql": {},
+    "sendmail": {
+      "supportsDisplayName": true
+    },
+    "localstorage": {},
+    "oidc": {
+      "loginRedirectUri": "/user/oauth2/cloudron/callback"
+    }
   },
   "tcpPorts": {
     "SSH_PORT": {
@@ -33,10 +38,27 @@
     "https://screenshots.cloudron.io/io.gitea.cloudronapp/4.png",
     "https://screenshots.cloudron.io/io.gitea.cloudronapp/5.png"
   ],
-  "tags": [ "version control", "git", "code hosting", "development", "github", "bitbucket", "gitlab" ],
-  "changelog": "file://CHANGELOG",
+  "tags": [
+    "version control",
+    "git",
+    "code hosting",
+    "development",
+    "github",
+    "bitbucket",
+    "gitlab"
+  ],
+  "changelog": "file://CHANGELOG.md",
   "postInstallMessage": "file://POSTINSTALL.md",
-  "minBoxVersion": "5.3.0",
+  "checklist": {
+    "change-default-password": {
+      "message": "Change the default admin password"
+    },
+    "disable-registration": {
+      "message": "Disable registration, if required, to prevent misuse",
+      "sso": false
+    }
+  },
+  "minBoxVersion": "8.1.0",
   "forumUrl": "https://forum.cloudron.io/category/19/gitea",
-  "documentationUrl": "https://docs.cloudron.io/apps/gitea/"
+  "documentationUrl": "https://docs.cloudron.io/packages/gitea/"
 }

DESCRIPTION.md

@@ -1,5 +1,3 @@
-This app packages Gitea <upstream>1.15.5</upstream>
-
 Gitea is a painless self-hosted Git service. It is similar to GitHub, Bitbucket or Gitlab.
 
 ### Purpose

Dockerfile

@@ -1,23 +1,27 @@
-FROM cloudron/base:3.0.0@sha256:455c70428723e3a823198c57472785437eb6eab082e79b3ff04ea584faf46e92
+FROM cloudron/base:5.0.0@sha256:04fd70dbd8ad6149c19de39e35718e024417c3e01dc9c6637eaf4a41ec4e596c
 
 RUN apt-get update && \
-    apt-get install -y openssh-server git && \
+    apt-get install -y openssh-server git asciidoctor pandoc pipx && \
     rm -rf /etc/ssh_host_* && \
     rm -r /var/cache/apt /var/lib/apt/lists
 
+# pipx --global does not work, not sure why
+RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install jupyter docutils --include-deps
+
 ADD supervisor/ /etc/supervisor/conf.d/
 
-RUN adduser --disabled-login --gecos 'Gitea' git
-# by default, git account is created as inactive which prevents login via openssh
-# https://github.com/gitlabhq/gitlabhq/issues/5304
-RUN passwd -d git
-
-RUN mkdir -p /home/git/gitea
+RUN useradd --comment "Gogs" --create-home --shell /bin/bash git
+RUN passwd -d git # by default, git account is created as inactive which prevents login via openssh. this disables password for account
 WORKDIR /home/git
 
-ARG VERSION=1.15.5
+# for autosign feature
+ENV GNUPGHOME="/app/data/gnupg"
 
-RUN curl -L https://dl.gitea.io/gitea/${VERSION}/gitea-${VERSION}-linux-amd64 -o /home/git/gitea/gitea \
+# renovate: datasource=github-releases depName=go-gitea/gitea versioning=semver extractVersion=^v(?<version>.+)$
+ARG GITEA_VERSION=1.24.6
+
+RUN mkdir -p /home/git/gitea && \
+    curl -L https://github.com/go-gitea/gitea/releases/download/v${GITEA_VERSION}/gitea-${GITEA_VERSION}-linux-amd64 -o /home/git/gitea/gitea \
     && chmod +x /home/git/gitea/gitea
 
 # setup config paths
@@ -27,10 +31,10 @@ ADD app.ini.template /home/git/app.ini.template
 RUN mkdir -p /run/gitea && chown -R git:git /run/gitea
 RUN sed -e 's,^logfile=.*$,logfile=/run/gitea/supervisord.log,' -i /etc/supervisor/supervisord.conf
 
-RUN ln -s /app/data/ssh /home/git/.ssh
-RUN ln -s /app/data/gitconfig /home/git/.gitconfig
+RUN ln -s /app/data/ssh /home/git/.ssh && \
+    ln -s /app/data/gitconfig /home/git/.gitconfig
 
-ADD start.sh /home/git/start.sh
+COPY start.sh /home/git/
 
 COPY sshd_config /etc/ssh/sshd_config
 

POSTINSTALL.md

@@ -1,8 +1,9 @@
-This app is pre-setup with an admin account (use the `Local` authentication source for logging in as admin).
-The initial credentials are:
+This app is pre-setup with an admin account. The initial credentials are:
 
 **Username**: root<br/>
 **Password**: changeme<br/>
 
-Please change the admin password immediately.
+<sso>
+Use the `Local` authentication source for logging in as admin.
+</sso>
 

app.ini.template

@@ -48,26 +48,34 @@ ENABLED = true
 ; APP_DATA_PATH/attachments
 PATH =
 
+[oauth2_client]
+ENABLE_AUTO_REGISTRATION = true
+USERNAME = sub
+UPDATE_AVATAR = false
+ACCOUNT_LINKING = auto
 
 [mailer]
 ENABLED = true
 
 ; those settings are protected and can't be modified
-HOST = ##MAIL_SERVER:##MAIL_PORT
+SMTP_ADDR = ##MAIL_SERVER
+SMTP_PORT = ##MAIL_PORT
 USER = ##MAIL_SMTP_USERNAME
 PASSWD = ##MAIL_SMTP_PASSWORD
 FROM = ##MAIL_FROM
-SKIP_VERIFY = true
+PROTOCOL = smtps
+FORCE_TRUST_SERVER_CERT = true
 
 
 [security]
 ; those settings are protected and can't be modified
 INSTALL_LOCK = true
 SECRET_KEY = ##SECRET_KEY
-
+REVERSE_PROXY_LIMIT = 1
+REVERSE_PROXY_TRUSTED_PROXIES = *
 
 [service]
-DISABLE_REGISTRATION = false
+DISABLE_REGISTRATION = true
 SHOW_REGISTRATION_BUTTON = false
 ENABLE_NOTIFY_MAIL = true
 
@@ -103,3 +111,24 @@ COOKIE_SECURE = true
 COOKIE_NAME = cloudron_gitea
 GC_INTERVAL_TIME = 2592000
 
+[markup.asciidoc]
+ENABLED = true
+FILE_EXTENSIONS = .adoc,.asciidoc
+RENDER_COMMAND = "asciidoctor -s -a showtitle --out-file=- -"
+; Input is not a standard input but a file
+IS_INPUT_FILE = false
+
+[markup.restructuredtext]
+ENABLED = true
+FILE_EXTENSIONS = .rst
+RENDER_COMMAND = "timeout 30s pandoc +RTS -M512M -RTS -f rst"
+IS_INPUT_FILE = false
+
+[markup.jupyter]
+ENABLED = true
+FILE_EXTENSIONS = .ipynb
+RENDER_COMMAND = "jupyter nbconvert --stdin --stdout --to html --template basic"
+IS_INPUT_FILE = false
+
+[markup.sanitizer.jupyter.img]
+ALLOW_DATA_URI_IMAGES = true

renovate.json5

@@ -0,0 +1,4 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": ["local>devops/renovator//default.renovate.json5"]
+}

sshd_config

@@ -1,79 +1,37 @@
-# Package generated configuration file
-# See the sshd_config(5) manpage for details
-
-# What ports, IPs and protocols we listen for
 Port 29418
-# Use these options to restrict which interfaces/protocols sshd will bind to
+
+AddressFamily any
 ListenAddress 0.0.0.0
-Protocol 2
-# HostKeys for protocol version 2
+ListenAddress ::
+
 HostKey /app/data/sshd/ssh_host_rsa_key
-HostKey /app/data/sshd/ssh_host_dsa_key
 HostKey /app/data/sshd/ssh_host_ecdsa_key
 HostKey /app/data/sshd/ssh_host_ed25519_key
 
-# Logging
-SyslogFacility AUTH
 LogLevel INFO
 
-# Authentication:
-LoginGraceTime 120
-PermitRootLogin prohibit-password
-StrictModes yes
-
-PubkeyAuthentication yes
-#AuthorizedKeysFile	%h/.ssh/authorized_keys
-
-# Don't read the user's ~/.rhosts and ~/.shosts files
-IgnoreRhosts yes
-# similar for protocol version 2
-HostbasedAuthentication no
-# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
-#IgnoreUserKnownHosts yes
-
-# To enable empty passwords, change to yes (NOT RECOMMENDED)
-PermitEmptyPasswords no
-
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-ChallengeResponseAuthentication no
-
-# Change to no to disable tunnelled clear text passwords
-#PasswordAuthentication yes
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosGetAFSToken no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-
-X11Forwarding yes
-X11DisplayOffset 10
-PrintMotd no
-PrintLastLog yes
-TCPKeepAlive yes
-#UseLogin no
-
-#MaxStartups 10:30:60
-#Banner /etc/issue.net
-
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-
-Subsystem sftp /usr/lib/openssh/sftp-server
-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication.  Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-UsePAM no
+# no reverse DNS lookup
 UseDNS no
+UsePAM no
+AllowAgentForwarding no
+AllowTcpForwarding no
+PrintMotd no
+PrintLastLog no
+
+LoginGraceTime 120
+StrictModes yes
+PubkeyAuthentication yes
+PermitUserEnvironment yes
+PermitRootLogin no
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+PermitEmptyPasswords no
+HostbasedAuthentication no
+
+AllowUsers git
+
+Banner none
+Subsystem sftp /usr/lib/ssh/sftp-server
+
+AcceptEnv GIT_PROTOCOL LANG LC_*
+

start.sh

@@ -4,29 +4,21 @@ set -eu -o pipefail
 
 mkdir -p /run/gitea/tmp/uploads /run/sshd /run/gitea/sessions
 
-setup_ldap_source() {
+# CLOUDRON_OIDC_PROVIDER_NAME not supported as it will be used in rest route!
+setup_oidc_source() {
     set -eu
 
-    # Get the existing LDAP source status. This allows the user to disable LDAP
-    # Note that this method is deprecated since this app now supports optionalSso
-    ldap_status=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "select is_actived from login_source WHERE name='cloudron';")
-    [[ -z "${ldap_status}" ]] && ldap_status="1"
+    echo "==> Setup OIDC source"
 
     now=$(date +%s)
-
-    if mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" \
-        -e "REPLACE INTO login_source (id, type, name, is_actived, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron',${ldap_status},'{\"Name\":\"cloudron\",\"Host\":\"${CLOUDRON_LDAP_SERVER}\",\"Port\":${CLOUDRON_LDAP_PORT},\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\"${CLOUDRON_LDAP_BIND_DN}\",\"BindPassword\":\"${CLOUDRON_LDAP_BIND_PASSWORD}\",\"UserBase\":\"${CLOUDRON_LDAP_USERS_BASE_DN}\",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\"}','${now}','${now}');"; then
-        echo "==> LDAP Authentication was setup with activation status ${ldap_status}"
-    else
-        echo "==> Failed to setup LDAP authentication"
-        exit 1
-    fi
+    mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h"${CLOUDRON_MYSQL_HOST}" -P"${CLOUDRON_MYSQL_PORT}" --database="${CLOUDRON_MYSQL_DATABASE}" -e \
+        "REPLACE INTO login_source (id, type, name, is_active, cfg, created_unix, updated_unix) VALUES (1,6,'cloudron', 1,'{\"Provider\":\"openidConnect\",\"ClientID\":\"${CLOUDRON_OIDC_CLIENT_ID}\",\"ClientSecret\":\"${CLOUDRON_OIDC_CLIENT_SECRET}\",\"OpenIDConnectAutoDiscoveryURL\":\"${CLOUDRON_OIDC_ISSUER}/.well-known/openid-configuration\",\"CustomURLMapping\":null,\"IconURL\":\"\",\"Scopes\":[\"openid email profile\"],\"RequiredClaimName\":\"\",\"RequiredClaimValue\":\"\",\"GroupClaimName\":\"\",\"AdminGroup\":\"\",\"GroupTeamMap\":\"\",\"GroupTeamMapRemoval\":false,\"RestrictedGroup\":\"\"}','${now}','${now}')"
 }
 
 setup_root_user() {
     set -eu
 
-    if sudo -H -u git /home/git/gitea/gitea admin user create --name root --password changeme --email test@cloudron.io --admin -c /run/gitea/app.ini; then
+    if sudo -H -u git /home/git/gitea/gitea admin user create --username root --password changeme --email admin@cloudron.local --admin -c /run/gitea/app.ini; then
         echo "==> root user added"
     else
         echo "==> Failed to add root user"
@@ -45,11 +37,11 @@ setup_auth() {
 
     echo "==> Gitea is up, setting up auth"
 
-    if [[ -n "${CLOUDRON_LDAP_SERVER:-}" ]]; then
-        setup_ldap_source
+    if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
+        setup_oidc_source
     fi
 
-    user_count=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user;")
+    user_count=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h"${CLOUDRON_MYSQL_HOST}" -P"${CLOUDRON_MYSQL_PORT}" --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user")
     # be careful, not to create root user for existing LDAP based installs
     if [[ "${user_count}" == "0" ]]; then
         echo "==> Setting up root user for first run"
@@ -86,6 +78,11 @@ if [[ ! -f /app/data/app.ini ]]; then
 
     echo "==> Generating new SECRET_KEY"
     crudini --set "/app/data/app.ini" security SECRET_KEY $(pwgen -1 -s)
+
+    if [[ -z "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
+        crudini --set "/app/data/app.ini" service DISABLE_REGISTRATION false
+        crudini --set "/app/data/app.ini" service SHOW_REGISTRATION_BUTTON true
+    fi
 fi
 
 # merge user config file
@@ -109,22 +106,25 @@ crudini --set "/run/gitea/app.ini" server SSH_PORT "${SSH_PORT}"
 crudini --set "/run/gitea/app.ini" server APP_DATA_PATH "/app/data/appdata"
 crudini --set "/run/gitea/app.ini" repository ROOT "/app/data/repository"
 crudini --set "/run/gitea/app.ini" repository.upload TEMP_PATH "/run/gitea/tmp/uploads"
-crudini --set "/run/gitea/app.ini" mailer HOST "${CLOUDRON_MAIL_SMTP_SERVER}:${CLOUDRON_MAIL_SMTPS_PORT}"
+crudini --set "/run/gitea/app.ini" mailer SMTP_ADDR "${CLOUDRON_MAIL_SMTP_SERVER}"
+crudini --set "/run/gitea/app.ini" mailer SMTP_PORT "${CLOUDRON_MAIL_SMTPS_PORT}"
+crudini --set "/run/gitea/app.ini" mailer PROTOCOL smtps
 crudini --set "/run/gitea/app.ini" mailer USER "${CLOUDRON_MAIL_SMTP_USERNAME}"
 crudini --set "/run/gitea/app.ini" mailer PASSWD "${CLOUDRON_MAIL_SMTP_PASSWORD}"
-crudini --set "/run/gitea/app.ini" mailer FROM "${CLOUDRON_MAIL_FROM}"
-crudini --set "/run/gitea/app.ini" mailer SKIP_VERIFY "true"
+crudini --set "/run/gitea/app.ini" mailer FROM "${CLOUDRON_MAIL_FROM_DISPLAY_NAME:-Gitea} <${CLOUDRON_MAIL_FROM}>"
+crudini --set "/run/gitea/app.ini" mailer FORCE_TRUST_SERVER_CERT "true"
 crudini --set "/run/gitea/app.ini" security INSTALL_LOCK "true"
+crudini --set "/run/gitea/app.ini" security REVERSE_PROXY_LIMIT 1
+crudini --set "/run/gitea/app.ini" security REVERSE_PROXY_TRUSTED_PROXIES "*"
 crudini --set "/run/gitea/app.ini" log MODE "console"
 crudini --set "/run/gitea/app.ini" log ROOT_PATH "/run/gitea"
 crudini --set "/run/gitea/app.ini" indexer ISSUE_INDEXER_PATH "/app/data/appdata/indexers/issues.bleve"
 
 echo "==> Creating dirs and changing permissions"
-mkdir -p /app/data/repository /app/data/ssh /app/data/custom
+mkdir -p /app/data/repository /app/data/ssh /app/data/custom /app/data/gnupg
 chown -R git:git /app/data /run/gitea
 
 # this expects app.ini to be available
 ( setup_auth ) &
 
 exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Gitea
-

supervisor/sshd.conf

@@ -8,4 +8,3 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-

test/git_ssh_wrapper.sh

@@ -2,4 +2,4 @@
 
 readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
-ssh -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${SCRIPT_DIR}/id_rsa "$@"
+ssh -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${SCRIPT_DIR}/id_ed25519 "$@"

test/id_ed25519

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACDECyFdxcmgOemNvs0wUhkgzfj9IS2OTG6bU5AXfNkXfgAAAJAoNQg/KDUI
+PwAAAAtzc2gtZWQyNTUxOQAAACDECyFdxcmgOemNvs0wUhkgzfj9IS2OTG6bU5AXfNkXfg
+AAAEC9nIZlzus9hn/b99E/cnSE2Vpycx0invItrrzgOX9qwMQLIV3FyaA56Y2+zTBSGSDN
++P0hLY5MbptTkBd82Rd+AAAADW5lYnVsb25AbHVuYXI=
+-----END OPENSSH PRIVATE KEY-----

test/id_ed25519.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQLIV3FyaA56Y2+zTBSGSDN+P0hLY5MbptTkBd82Rd+ nebulon@lunar

test/id_rsa

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA14L+HdwPXRHC2A+fyRv1FTsRE/OPl0Z0KnEigzIIdA65CzTy
-l3m3ATNFI1o/Ies7RW6rsr9UHuLLufNVg1NwIBdns8sPE4pSZSjfdPnznifIIs7y
-wL/vn2D3JEhpA8EOasSy0c+z+6X23evsLB3D81y7ICsBc16Q147WZ6D+QMUP+A4b
-wlmEcy0hAoPx/jnnPlRDVOK1ZnBvuAaHBkcBh+sA272BhB6Kv13MBu0wctDjKw5w
-cNmgVWbzBBtK1L8BZVMDKmKWZ2PKP4GkkpnAvkD0+4sdARe148faV8HHigAKKNN7
-vt+njs6nHuS4ksJL1E9cKGHdBJudJc3p24iI7QIDAQABAoIBABm5ojnQPek/KIIA
-A3PPKYc6QMSf60EEgPNcA+GjRE0OQNpsnJSmS8kR5KvepvCWksGr/0Tb/9+b9POi
-b0+40waRpKhakdckSMeYhGwDNihn2UUGbQXDI4hj27xyBE8VaXInPq063OIqInjF
-I7D0cKKJLDEf0RGDdUi13TQLjK4QX78W/9S8d5ClznAVi4wUBb1urs7fAoVetn/i
-PnlEj9KZHio4mCg28djTudAoWzjzUikRqKRYY5QNEJ13abVoLqIRSRHC1DzwpxVv
-Y88l4hmm6IcmWGo0O9lpu5IJFvEmngfpmyaVbeLE0fhLPFWcEHARw37SThTZVQeY
-Tx1816UCgYEA9j5dyNbFcC4YL9i9DQyut658bYziY2vsAvZNMMf249IJGbZOxlZK
-ylB00zlbO/2uNh12Y9z6BN2hO2lER3O3SM75tCnvXR0+qG+xmfjLcRVczEkU10+r
-8UxKBgg7Sf9uvfeONefEYPwiwzFoWgdaFSrR2sCmuoHPwfc9i+PSp+8CgYEA4Azq
-DToKdv6VBWPlNXT6OW3+HUPeHF087Ve03+3orCckZ+d2DImEOvWdt+pDeGQJJcq+
-o+SzZk9FjFOIiQehuA44OFrvcbag9YAlm1JQYYrRTdZEJz3iSucXCzJH/P5TrB84
-BHvzgCklZzZ0IpEFxzMe8oNS6XfJmilh6I98YOMCgYBybOy7xUGeLW1D3p2LENen
-t0dOyObyeFYF0lpwTpulphZgglz8wWCjvttqw/5nVCy+LNa09RyhYjPoHbSC13zW
-MofKdqoqRMq3DqAjAn/XHqwuqc8rdnRZ/q9vOigC7NWTJRRKbFbPEps8xRrOqxfr
-OiimVFul02ito6xP8yAStQKBgQDHbPdPup/h9wzx9U7p3Ct1vt/3cJddK+i1YeIP
-iBYYVebjzXSYCDd4u3MdZxmTKYey6dnyy/ibUmgXVassPWzHBXEpSFflIaf3nY7b
-x9LgX82ZuOSFAWJRRYyPXLwTBtW3WTplU2cUZotyaVfKBMfd3TToq9e7E/KQk9Eg
-Tcdp/QKBgCyKD1gGU/H1bsQOuWHuFR1v7v82V1DLVjyn5kllej0tlfTLO/5uUsEE
-SIjGHfTHxgpww9HN9BPyy8xdQMAc6p7UyvJAIyhg679AQBrMLLvhE5niaGu4jQOa
-ZVY6nZUQNCwgxJwnUkFnOyXDYjzjyxZOCAWPxghYbS+IEl1GzhZU
------END RSA PRIVATE KEY-----

test/id_rsa.pub

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXgv4d3A9dEcLYD5/JG/UVOxET84+XRnQqcSKDMgh0DrkLNPKXebcBM0UjWj8h6ztFbquyv1Qe4su581WDU3AgF2ezyw8TilJlKN90+fOeJ8gizvLAv++fYPckSGkDwQ5qxLLRz7P7pfbd6+wsHcPzXLsgKwFzXpDXjtZnoP5AxQ/4DhvCWYRzLSECg/H+Oec+VENU4rVmcG+4BocGRwGH6wDbvYGEHoq/XcwG7TBy0OMrDnBw2aBVZvMEG0rUvwFlUwMqYpZnY8o/gaSSmcC+QPT7ix0BF7Xjx9pXwceKAAoo03u+36eOzqce5LiSwkvUT1woYd0Em50lzenbiIjt girish@beast

test/package.json

@@ -9,11 +9,10 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^94.0.0",
+    "chromedriver": "^140.0.1",
     "expect.js": "^0.3.1",
-    "mocha": "^9.1.3",
-    "rimraf": "^3.0.2",
-    "selenium-webdriver": "^4.0.0",
-    "superagent": "^6.1.0"
+    "mocha": "^11.7.2",
+    "selenium-webdriver": "^4.35.0",
+    "superagent": "^10.2.3"
   }
 }

test/test.js

@@ -1,21 +1,16 @@
 #!/usr/bin/env node
 
 /* jshint esversion: 8 */
-/* global it:false */
-/* global xit:false */
-/* global describe:false */
-/* global before:false */
-/* global after:false */
+/* global it, xit, describe, before, after, afterEach */
 
 'use strict';
 
 require('chromedriver');
 
-var execSync = require('child_process').execSync,
+const execSync = require('child_process').execSync,
     expect = require('expect.js'),
     fs = require('fs'),
     path = require('path'),
-    rimraf = require('rimraf'),
     superagent = require('superagent'),
     { Builder, By, until } = require('selenium-webdriver'),
     { Options } = require('selenium-webdriver/chrome');
@@ -28,36 +23,53 @@ if (!process.env.USERNAME || !process.env.PASSWORD || !process.env.EMAIL) {
 describe('Application life cycle test', function () {
     this.timeout(0);
 
-    var TIMEOUT = parseInt(process.env.TIMEOUT, 10) || 5000;
-    var EXEC_ARGS = { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' };
-    var LOCATION = 'test';
-    var SSH_PORT = 29420;
+    const TIMEOUT = parseInt(process.env.TIMEOUT, 10) || 5000;
+    const EXEC_ARGS = { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' };
+    const LOCATION = process.env.LOCATION || 'test';
+    const SSH_PORT = 29420;
 
-    var app;
-    var browser;
+    let app, browser;
 
-    var repodir = '/tmp/testrepo';
-    var reponame = 'testrepo';
+    const repodir = '/tmp/testrepo';
+    const reponame = 'testrepo';
 
-    var username = process.env.USERNAME;
-    var password = process.env.PASSWORD;
-    var email = process.env.EMAIL;
+    const username = process.env.USERNAME;
+    const password = process.env.PASSWORD;
 
     before(function () {
-        browser = new Builder().forBrowser('chrome').setChromeOptions(new Options().windowSize({ width: 1280, height: 1024 })).build();
+        const chromeOptions = new Options().windowSize({ width: 1280, height: 1024 });
+        if (process.env.CI) chromeOptions.addArguments('no-sandbox', 'disable-dev-shm-usage', 'headless');
+        browser = new Builder().forBrowser('chrome').setChromeOptions(chromeOptions).build();
+        if (!fs.existsSync('./screenshots')) fs.mkdirSync('./screenshots');
     });
 
     after(function () {
         browser.quit();
-        rimraf.sync(repodir);
+        fs.rmSync(repodir, { recursive: true, force: true });
+    });
+
+    afterEach(async function () {
+        if (!process.env.CI || !app) return;
+
+        const currentUrl = await browser.getCurrentUrl();
+        if (!currentUrl.includes(app.domain)) return;
+        expect(this.currentTest.title).to.be.a('string');
+
+        const screenshotData = await browser.takeScreenshot();
+        fs.writeFileSync(`./screenshots/${new Date().getTime()}-${this.currentTest.title.replaceAll(' ', '_')}.png`, screenshotData, 'base64');
     });
 
     function getAppInfo() {
-        var inspect = JSON.parse(execSync('cloudron inspect'));
+        const inspect = JSON.parse(execSync('cloudron inspect'));
         app = inspect.apps.filter(function (a) { return a.location.indexOf(LOCATION) === 0; })[0];
         expect(app).to.be.an('object');
     }
 
+    async function waitForElement(elem) {
+        await browser.wait(until.elementLocated(elem), TIMEOUT);
+        await browser.wait(until.elementIsVisible(browser.findElement(elem)), TIMEOUT);
+    }
+
     function sleep(millis) {
         return new Promise(resolve => setTimeout(resolve, millis));
     }
@@ -76,10 +88,10 @@ describe('Application life cycle test', function () {
     async function checkAvatar() {
         await browser.get(`https://${app.fqdn}/${username}`);
 
-        var avatarSrc = await browser.findElement(By.xpath('//a[@id="profile-avatar"]/img')).getAttribute('src');
+        const avatarSrc = await browser.findElement(By.xpath('//div[@id="profile-avatar"]/a/img')).getAttribute('src');
 
-        var avatar = await superagent.get(avatarSrc);
-        expect(avatar.statusCode).to.equal(200);
+        const response = await superagent.get(avatarSrc);
+        expect(response.statusCode).to.equal(200);
     }
 
     async function login(username, password) {
@@ -88,13 +100,34 @@ describe('Application life cycle test', function () {
         await browser.findElement(By.id('user_name')).sendKeys(username);
         await browser.findElement(By.id('password')).sendKeys(password);
         await browser.findElement(By.xpath('//form[@action="/user/login"]//button')).click();
-        await browser.wait(until.elementLocated(By.linkText('Dashboard')), TIMEOUT);
+        await browser.wait(until.elementLocated(By.xpath('//img[contains(@class, "avatar")]')), TIMEOUT);
     }
 
     async function adminLogin() {
         await login('root', 'changeme');
     }
 
+    async function loginOIDC(username, password, alreadyAuthenticated = true) {
+        browser.manage().deleteAllCookies();
+        await browser.get(`https://${app.fqdn}/user/login`);
+        await browser.sleep(2000);
+
+
+        await browser.findElement(By.xpath('//a[contains(@class, "openidConnect") and contains(., "Sign in with cloudron")]')).click();
+        await browser.sleep(2000);
+
+        if (!alreadyAuthenticated) {
+            await waitForElement(By.id('inputUsername'));
+            await browser.findElement(By.id('inputUsername')).sendKeys(username);
+            await browser.findElement(By.id('inputPassword')).sendKeys(password);
+            await browser.sleep(2000);
+            await browser.findElement(By.id('loginSubmitButton')).click();
+            await browser.sleep(2000);
+        }
+
+        await waitForElement(By.xpath('//img[contains(@class, "avatar")]'));
+    }
+
     async function logout() {
         await browser.get('https://' + app.fqdn);
 
@@ -105,25 +138,25 @@ describe('Application life cycle test', function () {
     }
 
     async function addPublicKey() {
-        var publicKey = fs.readFileSync(__dirname + '/id_rsa.pub', 'utf8');
+        const publicKey = fs.readFileSync(__dirname + '/id_ed25519.pub', 'utf8');
+        execSync(`chmod g-rw,o-rw ${__dirname}/id_ed25519`); // ssh will complain about perms later
 
-        const sshPage = 'https://' + app.fqdn + '/user/settings/keys';
+        await browser.get('https://' + app.fqdn + '/user/settings/keys');
 
-        await browser.get(sshPage);
-
-        await browser.findElement(By.xpath('//div[text()="Add Key"]')).click();
+        await browser.wait(until.elementLocated(By.id('add-ssh-button')), TIMEOUT);
+        await browser.findElement(By.id('add-ssh-button')).click();
         await browser.findElement(By.id('ssh-key-title')).sendKeys('testkey');
         await browser.findElement(By.id('ssh-key-content')).sendKeys(publicKey.trim()); // #3480
         var button = browser.findElement(By.xpath('//button[contains(text(), "Add Key")]'));
         await browser.executeScript('arguments[0].scrollIntoView(false)', button);
-        await browser.findElement(By.xpath('//button[contains(text(), "Add Key")]')).click();
+        await browser.findElement(By.xpath('//form//button[contains(text(),"Add Key")]')).click();
 
         await browser.wait(until.elementLocated(By.xpath('//p[contains(text(), "has been added.")]')), TIMEOUT);
     }
 
     async function createRepo() {
-        var getRepoPage = await browser.get('https://' + app.fqdn + '/repo/create');
-
+        await browser.get(`https://${app.fqdn}/repo/create`);
+        await browser.wait(until.elementLocated(By.id('repo_name')));
         await browser.findElement(By.id('repo_name')).sendKeys(reponame);
         var button = browser.findElement(By.xpath('//button[contains(text(), "Create Repository")]'));
         await browser.executeScript('arguments[0].scrollIntoView(true)', button);
@@ -137,27 +170,19 @@ describe('Application life cycle test', function () {
         }, TIMEOUT);
     }
 
-    async function checkCloneUrl() {
-        await browser.get('https://' + app.fqdn + '/' + username + '/' + reponame);
-        await browser.findElement(By.id('repo-clone-ssh')).click();
-
-        var cloneUrl = await browser.findElement(By.id('repo-clone-url')).getAttribute('value');
-        expect(cloneUrl).to.be(`ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame}.git`);
-    }
-
     function cloneRepo() {
-        rimraf.sync(repodir);
+        fs.rmSync(repodir, { recursive: true, force: true });
         var env = Object.create(process.env);
         env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
         execSync(`git clone ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame}.git ${repodir}`, { env: env });
     }
 
     function pushFile() {
-        var env = Object.create(process.env);
+        const env = Object.create(process.env);
         env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
-        execSync(`touch newfile && git add newfile && git commit -a -mx && git push ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame} master`,
+        execSync(`touch newfile && git add newfile && git commit -a -mx && git push ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame} main`,
                  { env: env, cwd: repodir });
-        rimraf.sync('/tmp/testrepo');
+        fs.rmSync(repodir, { recursive: true, force: true });
     }
 
     function fileExists() {
@@ -165,13 +190,13 @@ describe('Application life cycle test', function () {
     }
 
     async function sendMail() {
-        await browser.get(`https://${app.fqdn}/admin/config`);
-
-        var button = await browser.findElement(By.xpath('//button[@id="test-mail-btn"]'));
+        await browser.get(`https://${app.fqdn}/-/admin/config`);
+        await browser.sleep(3000);
+        const button = await browser.findElement(By.xpath('//button[contains(., "Send")]'));
         await browser.executeScript('arguments[0].scrollIntoView(true)', button);
         await browser.findElement(By.xpath('//input[@name="email"]')).sendKeys('test@cloudron.io');
-        await browser.findElement(By.xpath('//button[@id="test-mail-btn"]')).click();
-        await browser.wait(until.elementLocated(By.xpath('//p[contains(text(),"A testing email has been sent to \'test@cloudron.io\'")]')), TIMEOUT);
+        await browser.findElement(By.xpath('//button[contains(., "Send")]')).click();
+        await browser.wait(until.elementLocated(By.xpath('//p[contains(., "A testing email has been sent")]')), TIMEOUT);
     }
 
     xit('build app', function () { execSync('cloudron build', EXEC_ARGS); });
@@ -183,7 +208,7 @@ describe('Application life cycle test', function () {
     it('can send mail', sendMail);
     it('can logout', logout);
 
-    it('can login', login.bind(null, username, password));
+    it('can login', loginOIDC.bind(null, username, password, false));
     it('can set avatar', setAvatar);
     it('can get avatar', checkAvatar);
 
@@ -191,23 +216,20 @@ describe('Application life cycle test', function () {
 
     it('can create repo', createRepo);
 
-    it('displays correct clone url', checkCloneUrl);
-
     it('can clone the url', cloneRepo);
 
     it('can add and push a file', pushFile);
 
     it('can restart app', function () { execSync('cloudron restart  --app ' + app.id); });
 
-    xit('can login', login.bind(null, username, password)); // no need to relogin since session persists
-    it('displays correct clone url', checkCloneUrl);
+    xit('can login', loginOIDC.bind(null, username, password)); // no need to relogin since session persists
     it('can clone the url', cloneRepo);
     it('file exists in repo', fileExists);
 
     it('backup app', function () { execSync('cloudron backup create --app ' + app.id, EXEC_ARGS); });
     it('restore app', function () { execSync('cloudron restore --app ' + app.id, EXEC_ARGS); });
 
-    it('can login', login.bind(null, username, password));
+    it('can login', loginOIDC.bind(null, username, password));
     it('can get avatar', checkAvatar);
     it('can clone the url', cloneRepo);
     it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });
@@ -221,9 +243,8 @@ describe('Application life cycle test', function () {
     });
     it('can get app information', getAppInfo);
 
-    it('can login', login.bind(null, username, password));
+    it('can login', loginOIDC.bind(null, username, password));
     it('can get avatar', checkAvatar);
-    it('displays correct clone url', checkCloneUrl);
     it('can clone the url', cloneRepo);
     it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });
 
@@ -233,18 +254,6 @@ describe('Application life cycle test', function () {
         execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
     });
 
-    // check if the _first_ login via email succeeds
-    it('can login via email', async function () { execSync(`cloudron install --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, EXEC_ARGS); });
-
-    it('can get app information', getAppInfo);
-    it('can login', login.bind(null, email, password));
-
-    it('uninstall app', async function () {
-        // ensure we don't hit NXDOMAIN in the mean time
-        await browser.get('about:blank');
-        execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
-    });
-
     // No SSO
     it('install app (no sso)', function () { execSync(`cloudron install --no-sso --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, EXEC_ARGS); });
 
@@ -261,7 +270,7 @@ describe('Application life cycle test', function () {
     it('can install app', function () { execSync(`cloudron install --appstore-id ${app.manifest.id} --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, EXEC_ARGS); });
 
     it('can get app information', getAppInfo);
-    it('can login', login.bind(null, username, password));
+    it('can login', loginOIDC.bind(null, username, password));
     it('can set avatar', setAvatar);
     it('can get avatar', checkAvatar);
     it('can add public key', addPublicKey);
@@ -270,12 +279,13 @@ describe('Application life cycle test', function () {
     it('can add and push a file', pushFile);
 
     it('can update', function () { execSync('cloudron update --app ' + app.id, EXEC_ARGS); });
+    it('can get app information', getAppInfo);
 
-    xit('can admin login', adminLogin);
-    xit('can send mail', sendMail);
-    xit('can logout', logout);
+    it('can admin login', adminLogin);
+    it('can send mail', sendMail);
+    it('can logout', logout);
 
-    it('can login', login.bind(null, username, password));
+    it('can login', loginOIDC.bind(null, username, password));
     it('can get avatar', checkAvatar);
     it('can clone the url', cloneRepo);
     it('file exists in cloned repo', fileExists);