Fix test

CHANGELOG.md

@@ -1649,114 +1649,3 @@
 * Fix basic auth with webauthn (#32531) (#32536)
 * Refactor internal routers (partial backport, auth token const time comparing) (#32473) (#32479)
 
-[1.33.5]
-* Update gitea to 1.22.5
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.22.5)
-* Upgrade crypto library ([#​32791](https://github.com/go-gitea/gitea/issues/32791))
-* Fix delete branch perm checking ([#​32654](https://github.com/go-gitea/gitea/issues/32654)) ([#​32707](https://github.com/go-gitea/gitea/issues/32707))
-* Add standard-compliant route to serve outdated R packages ([#​32783](https://github.com/go-gitea/gitea/issues/32783)) ([#​32789](https://github.com/go-gitea/gitea/issues/32789))
-* Fix internal server error when updating labels without write permission ([#​32776](https://github.com/go-gitea/gitea/issues/32776)) ([#​32785](https://github.com/go-gitea/gitea/issues/32785))
-* Add Swift login endpoint ([#​32693](https://github.com/go-gitea/gitea/issues/32693)) ([#​32701](https://github.com/go-gitea/gitea/issues/32701))
-* Fix fork page branch selection ([#​32711](https://github.com/go-gitea/gitea/issues/32711)) ([#​32725](https://github.com/go-gitea/gitea/issues/32725))
-* Fix word overflow in file search page ([#​32695](https://github.com/go-gitea/gitea/issues/32695)) ([#​32699](https://github.com/go-gitea/gitea/issues/32699))
-* Fix gogit `GetRefCommitID` ([#​32705](https://github.com/go-gitea/gitea/issues/32705)) ([#​32712](https://github.com/go-gitea/gitea/issues/32712))
-* Fix race condition in mermaid observer ([#​32599](https://github.com/go-gitea/gitea/issues/32599)) ([#​32673](https://github.com/go-gitea/gitea/issues/32673))
-* Fixe a keystring misuse and refactor duplicates keystrings ([#​32668](https://github.com/go-gitea/gitea/issues/32668)) ([#​32792](https://github.com/go-gitea/gitea/issues/32792))
-* Bump relative-time-element to v4.4.4 ([#​32739](https://github.com/go-gitea/gitea/issues/32739))
-* Make wiki pages visit fast ([#​32732](https://github.com/go-gitea/gitea/issues/32732)) ([#​32745](https://github.com/go-gitea/gitea/issues/32745))
-* Don't create action when syncing mirror pull refs ([#​32659](https://github.com/go-gitea/gitea/issues/32659)) ([#​32664](https://github.com/go-gitea/gitea/issues/32664))
-
-[1.33.6]
-* Update gitea to 1.22.6
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.22.6)
-* Fix misuse of PublicKeyCallback([#​32810](https://github.com/go-gitea/gitea/issues/32810))
-* Fix lfs migration ([#​32812](https://github.com/go-gitea/gitea/issues/32812)) ([#​32818](https://github.com/go-gitea/gitea/issues/32818))
-* Add missing two sync feed for refs/pull ([#​32815](https://github.com/go-gitea/gitea/issues/32815))
-* Avoid MacOS keychain dialog in integration tests ([#​32813](https://github.com/go-gitea/gitea/issues/32813)) ([#​32816](https://github.com/go-gitea/gitea/issues/32816))
-
-[1.34.0]
-* Update gitea to 1.23.0
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.0)
-* Rename config option `[camo].Allways` to `[camo].Always` ([#​32097](https://github.com/go-gitea/gitea/issues/32097))
-* Remove SHA1 for support for SSH RSA signing ([#​31857](https://github.com/go-gitea/gitea/issues/31857))
-* Use UTC as the default timezone when scheduling Actions cron tasks ([#​31742](https://github.com/go-gitea/gitea/issues/31742))
-* Delete Actions logs older than 1 year by default ([#​31735](https://github.com/go-gitea/gitea/issues/31735))
-* Make OIDC introspection authentication strictly require Client ID and secret ([#​31632](https://github.com/go-gitea/gitea/issues/31632))
-* Include file extension checks in attachment API ([#​32151](https://github.com/go-gitea/gitea/issues/32151))
-
-[1.34.1]
-* Update gitea to 1.23.1
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.1)
-* Move repo size to sidebar ([#​33155](https://github.com/go-gitea/gitea/issues/33155))
-* Fix editor markdown not incrementing in a numbered list ([#​33187](https://github.com/go-gitea/gitea/issues/33187)) [#​33193](https://github.com/go-gitea/gitea/issues/33193)
-
-[1.34.2]
-* Update gitea to 1.23.3
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.3)
-* Build Gitea with Golang v1.23.6 to fix security bugs
-* Fix a bug caused by status webhook template #33512
-
-[1.34.3]
-* Update gitea to 1.23.4
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.4)
-* Enhance routers for the Actions variable operations (#33547) (#33553)
-* Enhance routers for the Actions runner operations (#33549) (#33555)
-* Fix project issues list and counting (#33594) #33619
-* Add a transaction to pickTask (#33543) (#33563)
-* Fix mirror bug (#33597) (#33607)
-* Use default Git timeout when checking repo health (#33593) (#33598)
-* Fix PR's target branch dropdown (#33589) (#33591)
-* Fix various problems (artifact order, api empty slice, assignee check, fuzzy prompt, mirror proxy, adopt git) (#33569) (#33577)
-* Rework suggestion backend (#33538) (#33546)
-* Fix context usage (#33554) (#33557)
-
-[1.34.4]
-* Update gitea to 1.23.5
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.5)
-* Compile with Go 1.24.1
-* Bump x/oauth2 & x/crypto (#33704) (#33727)
-* Optimize user dashboard loading (#33686) (#33708)
-* Fix navbar dropdown item align (#33782)
-* Fix inconsistent closed issue list icon (#33722) (#33728)
-* Fix for Maven Package Naming Convention Handling (#33678) (#33679)
-* Improve Open-with URL encoding (#33666) (#33680)
-* Deleting repository should unlink all related packages (#33653) (#33673)
-* Fix omitempty bug (#33663) (#33670)
-* Upgrade go-crypto from 1.1.4 to 1.1.6 (#33745) (#33754)
-* Fix OCI image.version annotation for releases to use full semver (#33698) (#33701)
-* Try to fix ACME path when renew (#33668) (#33693)
-* Fix mCaptcha bug (#33659) (#33661)
-* Git graph: don't show detached commits (#33645) (#33650)
-
-[1.35.0]
-* Base image 5
-
-[1.35.1]
-* Fix hard coded mysql hostname
-
-[1.35.2]
-* Update gitea to 1.23.6
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.6)
-* Fix LFS URL (#33840) (#33843)
-* Update jwt and redis packages (#33984) (#33987)
-* Update golang crypto and net (#33989)
-* Drop timeout for requests made to the internal hook api (#33947) (#33970)
-* Fix maven panic when no package exists (#33888) (#33889)
-* Fix markdown render (#33870) (#33875)
-* Fix auto concurrency cancellation skips commit status updates (#33764) (#33849)
-* Fix oauth2 auth (#33961) (#33962)
-
-[1.35.3]
-* Update gitea to 1.23.7
-* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.7)
-* Compile with Go 1.23.8
-* Add a config option to block "expensive" pages for anonymous users ([#​34024](https://github.com/go-gitea/gitea/issues/34024)) ([#​34071](https://github.com/go-gitea/gitea/issues/34071))
-* Also check default ssh-cert location for host ([#​34099](https://github.com/go-gitea/gitea/issues/34099)) ([#​34100](https://github.com/go-gitea/gitea/issues/34100)) ([#​34116](https://github.com/go-gitea/gitea/issues/34116))
-* Fix discord webhook 400 status code when description limit is exceeded ([#​34084](https://github.com/go-gitea/gitea/issues/34084)) ([#​34124](https://github.com/go-gitea/gitea/issues/34124))
-* Get changed files based on merge base when checking `pull_request` actions trigger ([#​34106](https://github.com/go-gitea/gitea/issues/34106)) ([#​34120](https://github.com/go-gitea/gitea/issues/34120))
-* Fix invalid version in RPM package path ([#​34112](https://github.com/go-gitea/gitea/issues/34112)) ([#​34115](https://github.com/go-gitea/gitea/issues/34115))
-* Return default avatar url when user id is zero rather than updating database ([#​34094](https://github.com/go-gitea/gitea/issues/34094)) ([#​34095](https://github.com/go-gitea/gitea/issues/34095))
-* Add additional ReplaceAll in pathsep to cater for different pathsep ([#​34061](https://github.com/go-gitea/gitea/issues/34061)) ([#​34070](https://github.com/go-gitea/gitea/issues/34070))
-* Try to fix check-attr bug ([#​34029](https://github.com/go-gitea/gitea/issues/34029)) ([#​34033](https://github.com/go-gitea/gitea/issues/34033))
-* Git client will follow 301 but 307 ([#​34005](https://github.com/go-gitea/gitea/issues/34005)) ([#​34010](https://github.com/go-gitea/gitea/issues/34010))
-

CloudronManifest.json

@@ -4,8 +4,8 @@
   "author": "Gitea developers",
   "description": "file://DESCRIPTION.md",
   "tagline": "A painless self-hosted Git Service",
-  "version": "1.35.3",
-  "upstreamVersion": "1.23.7",
+  "version": "1.33.4",
+  "upstreamVersion": "1.22.4",
   "healthCheckPath": "/explore",
   "httpPort": 3000,
   "memoryLimit": 536870912,

Dockerfile

@@ -1,27 +1,28 @@
-FROM cloudron/base:5.0.0@sha256:04fd70dbd8ad6149c19de39e35718e024417c3e01dc9c6637eaf4a41ec4e596c
+FROM cloudron/base:4.2.0@sha256:46da2fffb36353ef714f97ae8e962bd2c212ca091108d768ba473078319a47f4
 
 RUN apt-get update && \
-    apt-get install -y openssh-server git asciidoctor pandoc pipx && \
+    apt-get install -y openssh-server git asciidoctor pandoc && \
     rm -rf /etc/ssh_host_* && \
     rm -r /var/cache/apt /var/lib/apt/lists
-
-# pipx --global does not work, not sure why
-RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install jupyter docutils --include-deps
+RUN pip3 install jupyter
 
 ADD supervisor/ /etc/supervisor/conf.d/
 
-RUN useradd --comment "Gogs" --create-home --shell /bin/bash git
-RUN passwd -d git # by default, git account is created as inactive which prevents login via openssh. this disables password for account
+RUN adduser --disabled-login --gecos 'Gitea' git
+# by default, git account is created as inactive which prevents login via openssh
+# https://github.com/gitlabhq/gitlabhq/issues/5304
+RUN passwd -d git
+
+RUN mkdir -p /home/git/gitea
 WORKDIR /home/git
 
 # for autosign feature
 ENV GNUPGHOME="/app/data/gnupg"
 
 # renovate: datasource=github-releases depName=go-gitea/gitea versioning=semver extractVersion=^v(?<version>.+)$
-ARG GITEA_VERSION=1.23.7
+ARG GITEA_VERSION=1.22.4
 
-RUN mkdir -p /home/git/gitea && \
-    curl -L https://github.com/go-gitea/gitea/releases/download/v${GITEA_VERSION}/gitea-${GITEA_VERSION}-linux-amd64 -o /home/git/gitea/gitea \
+RUN curl -L https://dl.gitea.io/gitea/${GITEA_VERSION}/gitea-${GITEA_VERSION}-linux-amd64 -o /home/git/gitea/gitea \
     && chmod +x /home/git/gitea/gitea
 
 # setup config paths

sshd_config

@@ -1,37 +1,80 @@
-Port 29418
+# Package generated configuration file
+# See the sshd_config(5) manpage for details
 
-AddressFamily any
+# What ports, IPs and protocols we listen for
+Port 29418
+# Use these options to restrict which interfaces/protocols sshd will bind to
 ListenAddress 0.0.0.0
 ListenAddress ::
-
+Protocol 2
+# HostKeys for protocol version 2
 HostKey /app/data/sshd/ssh_host_rsa_key
+HostKey /app/data/sshd/ssh_host_dsa_key
 HostKey /app/data/sshd/ssh_host_ecdsa_key
 HostKey /app/data/sshd/ssh_host_ed25519_key
 
+# Logging
+SyslogFacility AUTH
 LogLevel INFO
 
-# no reverse DNS lookup
-UseDNS no
-UsePAM no
-AllowAgentForwarding no
-AllowTcpForwarding no
-PrintMotd no
-PrintLastLog no
-
+# Authentication:
 LoginGraceTime 120
+PermitRootLogin prohibit-password
 StrictModes yes
+
 PubkeyAuthentication yes
-PermitUserEnvironment yes
-PermitRootLogin no
-ChallengeResponseAuthentication no
-PasswordAuthentication no
-PermitEmptyPasswords no
+#AuthorizedKeysFile	%h/.ssh/authorized_keys
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# similar for protocol version 2
 HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
 
-AllowUsers git
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
 
-Banner none
-Subsystem sftp /usr/lib/ssh/sftp-server
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
 
-AcceptEnv GIT_PROTOCOL LANG LC_*
+# Change to no to disable tunnelled clear text passwords
+#PasswordAuthentication yes
 
+# Kerberos options
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+X11Forwarding yes
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog yes
+TCPKeepAlive yes
+#UseLogin no
+
+#MaxStartups 10:30:60
+#Banner /etc/issue.net
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM no
+UseDNS no

start.sh

@@ -4,15 +4,14 @@ set -eu -o pipefail
 
 mkdir -p /run/gitea/tmp/uploads /run/sshd /run/gitea/sessions
 
-# CLOUDRON_OIDC_PROVIDER_NAME not supported as it will be used in rest route!
 setup_oidc_source() {
     set -eu
 
     echo "==> Setup OIDC source"
 
     now=$(date +%s)
-    mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h"${CLOUDRON_MYSQL_HOST}" -P"${CLOUDRON_MYSQL_PORT}" --database="${CLOUDRON_MYSQL_DATABASE}" -e \
-        "REPLACE INTO login_source (id, type, name, is_active, cfg, created_unix, updated_unix) VALUES (1,6,'cloudron', 1,'{\"Provider\":\"openidConnect\",\"ClientID\":\"${CLOUDRON_OIDC_CLIENT_ID}\",\"ClientSecret\":\"${CLOUDRON_OIDC_CLIENT_SECRET}\",\"OpenIDConnectAutoDiscoveryURL\":\"${CLOUDRON_OIDC_ISSUER}/.well-known/openid-configuration\",\"CustomURLMapping\":null,\"IconURL\":\"\",\"Scopes\":[\"openid email profile\"],\"RequiredClaimName\":\"\",\"RequiredClaimValue\":\"\",\"GroupClaimName\":\"\",\"AdminGroup\":\"\",\"GroupTeamMap\":\"\",\"GroupTeamMapRemoval\":false,\"RestrictedGroup\":\"\"}','${now}','${now}')"
+    mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -e \
+        "REPLACE INTO login_source (id, type, name, is_active, cfg, created_unix, updated_unix) VALUES (1,6,'${CLOUDRON_OIDC_PROVIDER_NAME:-Cloudron}', 1,'{\"Provider\":\"openidConnect\",\"ClientID\":\"${CLOUDRON_OIDC_CLIENT_ID}\",\"ClientSecret\":\"${CLOUDRON_OIDC_CLIENT_SECRET}\",\"OpenIDConnectAutoDiscoveryURL\":\"${CLOUDRON_OIDC_ISSUER}/.well-known/openid-configuration\",\"CustomURLMapping\":null,\"IconURL\":\"\",\"Scopes\":[\"openid email profile\"],\"RequiredClaimName\":\"\",\"RequiredClaimValue\":\"\",\"GroupClaimName\":\"\",\"AdminGroup\":\"\",\"GroupTeamMap\":\"\",\"GroupTeamMapRemoval\":false,\"RestrictedGroup\":\"\"}','${now}','${now}')"
 }
 
 setup_root_user() {
@@ -41,7 +40,7 @@ setup_auth() {
         setup_oidc_source
     fi
 
-    user_count=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h"${CLOUDRON_MYSQL_HOST}" -P"${CLOUDRON_MYSQL_PORT}" --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user")
+    user_count=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user")
     # be careful, not to create root user for existing LDAP based installs
     if [[ "${user_count}" == "0" ]]; then
         echo "==> Setting up root user for first run"

test/package.json

@@ -9,10 +9,10 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^135.0.0",
+    "chromedriver": "^131.0.1",
     "expect.js": "^0.3.1",
-    "mocha": "^11.1.0",
-    "selenium-webdriver": "^4.31.0",
-    "superagent": "^10.2.0"
+    "mocha": "^10.8.2",
+    "selenium-webdriver": "^4.27.0",
+    "superagent": "^10.1.1"
   }
 }

test/test.js

@@ -112,14 +112,13 @@ describe('Application life cycle test', function () {
         await browser.get(`https://${app.fqdn}/user/login`);
         await browser.sleep(2000);
 
-
-        await browser.findElement(By.xpath('//a[contains(@class, "openidConnect") and contains(., "Sign in with cloudron")]')).click();
+        await browser.findElement(By.xpath('//a[contains(@href, "/user/oauth2/Cloudron")]')).click();
         await browser.sleep(2000);
 
         if (!alreadyAuthenticated) {
-            await waitForElement(By.id('inputUsername'));
-            await browser.findElement(By.id('inputUsername')).sendKeys(username);
-            await browser.findElement(By.id('inputPassword')).sendKeys(password);
+            await waitForElement(By.xpath('//input[@name="username"]'));
+            await browser.findElement(By.xpath('//input[@name="username"]')).sendKeys(username);
+            await browser.findElement(By.xpath('//input[@name="password"]')).sendKeys(password);
             await browser.sleep(2000);
             await browser.findElement(By.id('loginSubmitButton')).click();
             await browser.sleep(2000);
@@ -170,6 +169,14 @@ describe('Application life cycle test', function () {
         }, TIMEOUT);
     }
 
+    async function checkCloneUrl() {
+        await browser.get('https://' + app.fqdn + '/' + username + '/' + reponame);
+        await browser.findElement(By.id('repo-clone-ssh')).click();
+
+        var cloneUrl = await browser.findElement(By.id('repo-clone-url')).getAttribute('value');
+        expect(cloneUrl).to.be(`ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame}.git`);
+    }
+
     function cloneRepo() {
         fs.rmSync(repodir, { recursive: true, force: true });
         var env = Object.create(process.env);
@@ -190,13 +197,13 @@ describe('Application life cycle test', function () {
     }
 
     async function sendMail() {
-        await browser.get(`https://${app.fqdn}/-/admin/config`);
-        await browser.sleep(3000);
-        const button = await browser.findElement(By.xpath('//button[contains(., "Send")]'));
+        await browser.get(`https://${app.fqdn}/admin/config`);
+
+        var button = await browser.findElement(By.xpath('//button[contains(text(), "Send")]'));
         await browser.executeScript('arguments[0].scrollIntoView(true)', button);
         await browser.findElement(By.xpath('//input[@name="email"]')).sendKeys('test@cloudron.io');
-        await browser.findElement(By.xpath('//button[contains(., "Send")]')).click();
-        await browser.wait(until.elementLocated(By.xpath('//p[contains(., "A testing email has been sent")]')), TIMEOUT);
+        await browser.findElement(By.xpath('//button[contains(text(), "Send")]')).click();
+        await browser.wait(until.elementLocated(By.xpath('//p[contains(text(), "A testing email has been sent")]')), TIMEOUT);
     }
 
     xit('build app', function () { execSync('cloudron build', EXEC_ARGS); });
@@ -216,6 +223,8 @@ describe('Application life cycle test', function () {
 
     it('can create repo', createRepo);
 
+    it('displays correct clone url', checkCloneUrl);
+
     it('can clone the url', cloneRepo);
 
     it('can add and push a file', pushFile);
@@ -223,6 +232,7 @@ describe('Application life cycle test', function () {
     it('can restart app', function () { execSync('cloudron restart  --app ' + app.id); });
 
     xit('can login', loginOIDC.bind(null, username, password)); // no need to relogin since session persists
+    it('displays correct clone url', checkCloneUrl);
     it('can clone the url', cloneRepo);
     it('file exists in repo', fileExists);
 
@@ -245,6 +255,7 @@ describe('Application life cycle test', function () {
 
     it('can login', loginOIDC.bind(null, username, password));
     it('can get avatar', checkAvatar);
+    it('displays correct clone url', checkCloneUrl);
     it('can clone the url', cloneRepo);
     it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });