Version 1.31.0

CHANGELOG.md

@@ -1316,3 +1316,54 @@
 * [docs] Add missing backtick in quickstart.zh-cn.md (#26349) (#26357)
 * Upgrade x/net to 0.13.0 (#26301)
 
+[1.29.4]
+* Update Gitea to 1.20.4
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.20.4)
+* Check blocklist for emails when adding them to account (#26812) (#26831)
+* Add branch_filter to hooks API endpoints (#26599) (#26632)
+* Fix incorrect "tabindex" attributes (#26733) (#26734)
+* Use line-height: normal by default (#26635) (#26708)
+* Fix unable to display individual-level project (#26198) (#26636)
+* Fix wrong review requested number (#26784) (#26880)
+* Avoid double-unescaping of form value (#26853) (#26863)
+* Redirect from {repo}/issues/new to {repo}/issues/new/choose when blank issues are disabled (#26813) (#26847)
+* Sync tags when adopting repos (#26816) (#26834)
+* Fix verifyCommits error when push a new branch (#26664) (#26810)
+* Include the GITHUB_TOKEN/GITEA_TOKEN secret for fork pull requests (#26759) (#26806)
+* Fix some slice append usages (#26778) (#26798)
+* Add fix incorrect can_create_org_repo for org owner team (#26683) (#26791)
+* Fix bug for ctx usage (#26763)
+* Make issue template field template access correct template data (#26698) (#26709)
+* Use correct minio error (#26634) (#26639)
+* Ignore the trailing slashes when comparing oauth2 redirect_uri (#26597) (#26618)
+* Set errwriter for urfave/cli v1 (#26616)
+* Fix reopen logic for agit flow pull request (#26399) (#26613)
+* Fix context filter has no effect in dashboard (#26695) (#26811)
+* Fix being unable to use a repo that prohibits accepting PRs as a PR source. (#26785) (#26790)
+* Fix Page Not Found error (#26768)
+
+[1.30.0]
+* Implement OIDC auth
+
+[1.30.1]
+* Update Gitea to 1.20.5
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.20.5)
+* Fix z-index on markdown completion (#27237) (#27242 & #27238)
+* Use secure cookie for HTTPS sites (#26999) (#27013)
+* Fix git 2.11 error when checking IsEmpty (#27393) (#27396)
+* Allow get release download files and lfs files with oauth2 token format (#26430) (#27378)
+* Fix orphan check for deleted branch (#27310) (#27320)
+* Quote table release in sql queries (#27205) (#27219)
+* Fix release URL in webhooks (#27182) (#27184)
+* Fix successful return value for SyncAndGetUserSpecificDiff (#27152) (#27156)
+* fix pagination for followers and following (#27127) (#27138)
+* Fix issue templates when blank isses are disabled (#27061) (#27082)
+* Fix context cache bug & enable context cache for dashabord commits' authors(#26991) (#27017)
+* Fix INI parsing for value with trailing slash (#26995) (#27001)
+* Fix PushEvent NullPointerException jenkinsci/github-plugin (#27203) (#27249)
+* Fix organization field being null in POST /orgs/{orgid}/teams (#27150) (#27167 & #27162)
+* Fix bug of review request number (#27406) (#27104)
+
+[1.31.0]
+* Update base image to 4.2.0
+

CloudronManifest.json

@@ -4,8 +4,8 @@
   "author": "Gitea developers",
   "description": "file://DESCRIPTION.md",
   "tagline": "A painless self-hosted Git Service",
-  "version": "1.29.3",
-  "upstreamVersion": "1.20.3",
+  "version": "1.31.0",
+  "upstreamVersion": "1.20.5",
   "healthCheckPath": "/explore",
   "httpPort": 3000,
   "memoryLimit": 536870912,
@@ -13,7 +13,7 @@
     "mysql": { },
     "sendmail": { "supportsDisplayName": true },
     "localstorage": { },
-    "ldap": { }
+    "oidc": { "loginRedirectUri": "/user/oauth2/cloudron/callback" }
   },
   "tcpPorts": {
     "SSH_PORT": {
@@ -37,7 +37,7 @@
   "tags": [ "version control", "git", "code hosting", "development", "github", "bitbucket", "gitlab" ],
   "changelog": "file://CHANGELOG.md",
   "postInstallMessage": "file://POSTINSTALL.md",
-  "minBoxVersion": "7.3.0",
+  "minBoxVersion": "7.5.1",
   "forumUrl": "https://forum.cloudron.io/category/19/gitea",
   "documentationUrl": "https://docs.cloudron.io/apps/gitea/"
 }

Dockerfile

@@ -1,4 +1,4 @@
-FROM cloudron/base:4.0.0@sha256:31b195ed0662bdb06a6e8a5ddbedb6f191ce92e8bee04c03fb02dd4e9d0286df
+FROM cloudron/base:4.2.0@sha256:46da2fffb36353ef714f97ae8e962bd2c212ca091108d768ba473078319a47f4
 
 RUN apt-get update && \
     apt-get install -y openssh-server git asciidoctor pandoc && \
@@ -19,7 +19,7 @@ WORKDIR /home/git
 # for autosign feature
 ENV GNUPGHOME="/app/data/gnupg"
 
-ARG VERSION=1.20.3
+ARG VERSION=1.20.5
 
 RUN curl -L https://dl.gitea.io/gitea/${VERSION}/gitea-${VERSION}-linux-amd64 -o /home/git/gitea/gitea \
     && chmod +x /home/git/gitea/gitea

app.ini.template

@@ -48,6 +48,11 @@ ENABLED = true
 ; APP_DATA_PATH/attachments
 PATH =
 
+[oauth2_client]
+ENABLE_AUTO_REGISTRATION = true
+USERNAME = sub
+UPDATE_AVATAR = false
+ACCOUNT_LINKING = auto
 
 [mailer]
 ENABLED = true

start.sh

@@ -4,25 +4,23 @@ set -eu -o pipefail
 
 mkdir -p /run/gitea/tmp/uploads /run/sshd /run/gitea/sessions
 
-setup_ldap_source() {
+migrate_ldap_users_to_oidc() {
     set -eu
 
-    echo "==> Setup LDAP source"
+    echo "==> migrate LDAP to OIDC"
+    mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e \
+        "UPDATE user u, (select id from login_source WHERE name='cloudron' and type='6') ls SET u.login_type=6, u.login_source=ls.id WHERE u.login_type=2 AND u.login_source=1"
+}
 
-    # Get the existing LDAP source status. This allows the user to disable LDAP
-    # Note that this method is deprecated since this app now supports optionalSso
-    ldap_status=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "select is_active from login_source WHERE name='cloudron';")
-    [[ -z "${ldap_status}" ]] && ldap_status="1"
+setup_oidc_source() {
+    set -eu
+
+    echo "==> Setup OIDC source"
 
     now=$(date +%s)
+    mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -e \
+        "REPLACE INTO login_source (id, type, name, is_active, cfg, created_unix, updated_unix) VALUES (1,6,'cloudron', 1,'{\"Provider\":\"openidConnect\",\"ClientID\":\"${CLOUDRON_OIDC_CLIENT_ID}\",\"ClientSecret\":\"${CLOUDRON_OIDC_CLIENT_SECRET}\",\"OpenIDConnectAutoDiscoveryURL\":\"${CLOUDRON_OIDC_ISSUER}/.well-known/openid-configuration\",\"CustomURLMapping\":null,\"IconURL\":\"\",\"Scopes\":[\"openid email profile\"],\"RequiredClaimName\":\"\",\"RequiredClaimValue\":\"\",\"GroupClaimName\":\"\",\"AdminGroup\":\"\",\"GroupTeamMap\":\"\",\"GroupTeamMapRemoval\":false,\"RestrictedGroup\":\"\"}','${now}','${now}')"
 
-    if mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" \
-        -e "REPLACE INTO login_source (id, type, name, is_active, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron',${ldap_status},'{\"Name\":\"cloudron\",\"Host\":\"${CLOUDRON_LDAP_SERVER}\",\"Port\":${CLOUDRON_LDAP_PORT},\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\"${CLOUDRON_LDAP_BIND_DN}\",\"BindPassword\":\"${CLOUDRON_LDAP_BIND_PASSWORD}\",\"UserBase\":\"${CLOUDRON_LDAP_USERS_BASE_DN}\",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\"}','${now}','${now}');"; then
-        echo "==> LDAP Authentication was setup with activation status ${ldap_status}"
-    else
-        echo "==> Failed to setup LDAP authentication"
-        exit 1
-    fi
 }
 
 setup_root_user() {
@@ -47,11 +45,12 @@ setup_auth() {
 
     echo "==> Gitea is up, setting up auth"
 
-    if [[ -n "${CLOUDRON_LDAP_SERVER:-}" ]]; then
-        setup_ldap_source
+    if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
+        setup_oidc_source
+        migrate_ldap_users_to_oidc
     fi
 
-    user_count=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user;")
+    user_count=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user")
     # be careful, not to create root user for existing LDAP based installs
     if [[ "${user_count}" == "0" ]]; then
         echo "==> Setting up root user for first run"

test/package-lock.json

@@ -9,11 +9,11 @@
       "version": "1.0.0",
       "license": "ISC",
       "dependencies": {
-        "chromedriver": "^115.0.0",
+        "chromedriver": "^118.0.1",
         "expect.js": "^0.3.1",
         "mocha": "^10.2.0",
-        "selenium-webdriver": "^4.10.0",
-        "superagent": "^8.0.9"
+        "selenium-webdriver": "^4.14.0",
+        "superagent": "^8.1.2"
       }
     },
     "node_modules/@testim/chrome-version": {
@@ -236,9 +236,9 @@
       }
     },
     "node_modules/chromedriver": {
-      "version": "115.0.0",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-115.0.0.tgz",
-      "integrity": "sha512-mkPL+sXMLMUenoXCiKREw+cBl3ibfhiWxkiv9ByIPpqtrrInCt9zKdOolAsbmN/ndlH51WtT5ukUKbeRdrpikg==",
+      "version": "118.0.1",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-118.0.1.tgz",
+      "integrity": "sha512-GlGfyRE47IuSJnuadIiDy89EMDMQFBVWxUmiclLJKzQhFsiWAtcIr/mNOxjljZdsw9IwIOQEkrB9wympKYFPLw==",
       "hasInstallScript": true,
       "dependencies": {
         "@testim/chrome-version": "^1.1.3",
@@ -253,7 +253,7 @@
         "chromedriver": "bin/chromedriver"
       },
       "engines": {
-        "node": ">=16"
+        "node": ">=18"
       }
     },
     "node_modules/cliui": {
@@ -1171,13 +1171,13 @@
       ]
     },
     "node_modules/selenium-webdriver": {
-      "version": "4.10.0",
-      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.10.0.tgz",
-      "integrity": "sha512-hSQPw6jgc+ej/UEcdQPG/iBwwMeCEgZr9HByY/J8ToyXztEqXzU9aLsIyrlj1BywBcStO4JQK/zMUWWrV8+riA==",
+      "version": "4.14.0",
+      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.14.0.tgz",
+      "integrity": "sha512-637rs8anqMKHbWxcBZpyG3Gcs+rBUtAUiqk0O/knUqH4Paj3MFUZrz88/pVGOLNryEVy2z92fZomT8p1ENl1gA==",
       "dependencies": {
         "jszip": "^3.10.1",
         "tmp": "^0.2.1",
-        "ws": ">=8.13.0"
+        "ws": ">=8.14.2"
       },
       "engines": {
         "node": ">= 14.20.0"
@@ -1272,9 +1272,9 @@
       }
     },
     "node_modules/superagent": {
-      "version": "8.0.9",
-      "resolved": "https://registry.npmjs.org/superagent/-/superagent-8.0.9.tgz",
-      "integrity": "sha512-4C7Bh5pyHTvU33KpZgwrNKh/VQnvgtCSqPRfJAUdmrtSYePVzVg4E4OzsrbkhJj9O7SO6Bnv75K/F8XVZT8YHA==",
+      "version": "8.1.2",
+      "resolved": "https://registry.npmjs.org/superagent/-/superagent-8.1.2.tgz",
+      "integrity": "sha512-6WTxW1EB6yCxV5VFOIPQruWGHqc3yI7hEmZK6h+pyk69Lk/Ut7rLUY6W/ONF2MjBuGjvmMiIpsrVJ2vjrHlslA==",
       "dependencies": {
         "component-emitter": "^1.3.0",
         "cookiejar": "^2.1.4",
@@ -1398,9 +1398,9 @@
       "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8="
     },
     "node_modules/ws": {
-      "version": "8.13.0",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-8.13.0.tgz",
-      "integrity": "sha512-x9vcZYTrFPC7aSIbj7sRCYo7L/Xb8Iy+pW0ng0wt2vCJv7M9HOMy0UoN3rr+IFC7hb7vXoqS+P9ktyLLLhO+LA==",
+      "version": "8.14.2",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.14.2.tgz",
+      "integrity": "sha512-wEBG1ftX4jcglPxgFCMJmZ2PLtSbJ2Peg6TmpJFTbe9GZYOQCDPdMYu/Tm0/bGZkw8paZnJY45J4K2PZrLYq8g==",
       "engines": {
         "node": ">=10.0.0"
       },
@@ -1657,9 +1657,9 @@
       }
     },
     "chromedriver": {
-      "version": "115.0.0",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-115.0.0.tgz",
-      "integrity": "sha512-mkPL+sXMLMUenoXCiKREw+cBl3ibfhiWxkiv9ByIPpqtrrInCt9zKdOolAsbmN/ndlH51WtT5ukUKbeRdrpikg==",
+      "version": "118.0.1",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-118.0.1.tgz",
+      "integrity": "sha512-GlGfyRE47IuSJnuadIiDy89EMDMQFBVWxUmiclLJKzQhFsiWAtcIr/mNOxjljZdsw9IwIOQEkrB9wympKYFPLw==",
       "requires": {
         "@testim/chrome-version": "^1.1.3",
         "axios": "^1.4.0",
@@ -2323,13 +2323,13 @@
       "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ=="
     },
     "selenium-webdriver": {
-      "version": "4.10.0",
-      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.10.0.tgz",
-      "integrity": "sha512-hSQPw6jgc+ej/UEcdQPG/iBwwMeCEgZr9HByY/J8ToyXztEqXzU9aLsIyrlj1BywBcStO4JQK/zMUWWrV8+riA==",
+      "version": "4.14.0",
+      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.14.0.tgz",
+      "integrity": "sha512-637rs8anqMKHbWxcBZpyG3Gcs+rBUtAUiqk0O/knUqH4Paj3MFUZrz88/pVGOLNryEVy2z92fZomT8p1ENl1gA==",
       "requires": {
         "jszip": "^3.10.1",
         "tmp": "^0.2.1",
-        "ws": ">=8.13.0"
+        "ws": ">=8.14.2"
       }
     },
     "semver": {
@@ -2402,9 +2402,9 @@
       "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig=="
     },
     "superagent": {
-      "version": "8.0.9",
-      "resolved": "https://registry.npmjs.org/superagent/-/superagent-8.0.9.tgz",
-      "integrity": "sha512-4C7Bh5pyHTvU33KpZgwrNKh/VQnvgtCSqPRfJAUdmrtSYePVzVg4E4OzsrbkhJj9O7SO6Bnv75K/F8XVZT8YHA==",
+      "version": "8.1.2",
+      "resolved": "https://registry.npmjs.org/superagent/-/superagent-8.1.2.tgz",
+      "integrity": "sha512-6WTxW1EB6yCxV5VFOIPQruWGHqc3yI7hEmZK6h+pyk69Lk/Ut7rLUY6W/ONF2MjBuGjvmMiIpsrVJ2vjrHlslA==",
       "requires": {
         "component-emitter": "^1.3.0",
         "cookiejar": "^2.1.4",
@@ -2497,9 +2497,9 @@
       "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8="
     },
     "ws": {
-      "version": "8.13.0",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-8.13.0.tgz",
-      "integrity": "sha512-x9vcZYTrFPC7aSIbj7sRCYo7L/Xb8Iy+pW0ng0wt2vCJv7M9HOMy0UoN3rr+IFC7hb7vXoqS+P9ktyLLLhO+LA==",
+      "version": "8.14.2",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.14.2.tgz",
+      "integrity": "sha512-wEBG1ftX4jcglPxgFCMJmZ2PLtSbJ2Peg6TmpJFTbe9GZYOQCDPdMYu/Tm0/bGZkw8paZnJY45J4K2PZrLYq8g==",
       "requires": {}
     },
     "y18n": {

test/package.json

@@ -9,10 +9,10 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^115.0.0",
+    "chromedriver": "^118.0.1",
     "expect.js": "^0.3.1",
     "mocha": "^10.2.0",
-    "selenium-webdriver": "^4.10.0",
-    "superagent": "^8.0.9"
+    "selenium-webdriver": "^4.14.0",
+    "superagent": "^8.1.2"
   }
 }

test/test.js

@@ -33,6 +33,7 @@ describe('Application life cycle test', function () {
     const SSH_PORT = 29420;
 
     let app, browser;
+    var athenticated_by_oidc = false;
 
     const repodir = '/tmp/testrepo';
     const reponame = 'testrepo';
@@ -56,6 +57,11 @@ describe('Application life cycle test', function () {
         expect(app).to.be.an('object');
     }
 
+    async function waitForElement(elem) {
+        await browser.wait(until.elementLocated(elem), TIMEOUT);
+        await browser.wait(until.elementIsVisible(browser.findElement(elem)), TIMEOUT);
+    }
+
     function sleep(millis) {
         return new Promise(resolve => setTimeout(resolve, millis));
     }
@@ -93,6 +99,29 @@ describe('Application life cycle test', function () {
         await login('root', 'changeme');
     }
 
+    async function loginOIDC(username, password) {
+        browser.manage().deleteAllCookies();
+        await browser.get(`https://${app.fqdn}/user/login`);
+        await browser.sleep(2000);
+
+
+        await browser.findElement(By.xpath('//a[contains(@class, "openidConnect") and contains(., "Sign in with cloudron")]')).click();
+        await browser.sleep(2000);
+
+        if (!athenticated_by_oidc) {
+            await waitForElement(By.xpath('//input[@name="username"]'));
+            await browser.findElement(By.xpath('//input[@name="username"]')).sendKeys(username);
+            await browser.findElement(By.xpath('//input[@name="password"]')).sendKeys(password);
+            await browser.sleep(2000);
+            await browser.findElement(By.xpath('//button[@type="submit" and contains(text(), "Sign in")]')).click();
+            await browser.sleep(2000);
+
+            athenticated_by_oidc = true;
+        }
+
+        await waitForElement(By.xpath('//img[contains(@class, "avatar")]'));
+    }
+
     async function logout() {
         await browser.get('https://' + app.fqdn);
 
@@ -182,7 +211,7 @@ describe('Application life cycle test', function () {
     it('can send mail', sendMail);
     it('can logout', logout);
 
-    it('can login', login.bind(null, username, password));
+    it('can login', loginOIDC.bind(null, username, password));
     it('can set avatar', setAvatar);
     it('can get avatar', checkAvatar);
 
@@ -198,7 +227,7 @@ describe('Application life cycle test', function () {
 
     it('can restart app', function () { execSync('cloudron restart  --app ' + app.id); });
 
-    xit('can login', login.bind(null, username, password)); // no need to relogin since session persists
+    xit('can login', loginOIDC.bind(null, username, password)); // no need to relogin since session persists
     it('displays correct clone url', checkCloneUrl);
     it('can clone the url', cloneRepo);
     it('file exists in repo', fileExists);
@@ -206,7 +235,7 @@ describe('Application life cycle test', function () {
     it('backup app', function () { execSync('cloudron backup create --app ' + app.id, EXEC_ARGS); });
     it('restore app', function () { execSync('cloudron restore --app ' + app.id, EXEC_ARGS); });
 
-    it('can login', login.bind(null, username, password));
+    it('can login', loginOIDC.bind(null, username, password));
     it('can get avatar', checkAvatar);
     it('can clone the url', cloneRepo);
     it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });
@@ -220,7 +249,7 @@ describe('Application life cycle test', function () {
     });
     it('can get app information', getAppInfo);
 
-    it('can login', login.bind(null, username, password));
+    it('can login', loginOIDC.bind(null, username, password));
     it('can get avatar', checkAvatar);
     it('displays correct clone url', checkCloneUrl);
     it('can clone the url', cloneRepo);
@@ -248,7 +277,7 @@ describe('Application life cycle test', function () {
     it('can install app', function () { execSync(`cloudron install --appstore-id ${app.manifest.id} --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, EXEC_ARGS); });
 
     it('can get app information', getAppInfo);
-    it('can login', login.bind(null, username, password));
+    it('can login', loginOIDC.bind(null, username, password));
     it('can set avatar', setAvatar);
     it('can get avatar', checkAvatar);
     it('can add public key', addPublicKey);
@@ -263,7 +292,7 @@ describe('Application life cycle test', function () {
     it('can send mail', sendMail);
     it('can logout', logout);
 
-    it('can login', login.bind(null, username, password));
+    it('can login', loginOIDC.bind(null, username, password));
     it('can get avatar', checkAvatar);
     it('can clone the url', cloneRepo);
     it('file exists in cloned repo', fileExists);