Version 1.6.0

CHANGELOG

@@ -80,3 +80,97 @@
 [1.4.0]
 * Fix email sending (use SMTPS)
 
+[1.4.1]
+* Update Gitea to 1.3.3
+* Security fixes
+    * Fix escaping changed title in comments (#3530) (#3535)
+    * Escape search query display (#3486) (#3489)
+* Bug fixes
+    * Fix repo-transfer-and-team-repo-count bug (#3241) (#3244)
+    * Open external tracker in blank window, consistently with wiki (#3227) (#3228)
+    * Change SSL Mode from checkbox to string in admin page (#3208) (#3211)
+
+[1.5.0]
+* Update Gitea to 1.4.0
+
+[1.5.1]
+* Update Gitea to 1.4.1
+* Add “error” as reserved username (#3882) (#3886)
+* Do not allow inactive users to access repositories using private key (#3887) (#3889)
+* Fix path cleanup in file editor, when initilizing new repository and LFS oids (#3871) (#3873)
+* Remove unnecessary allowed safe HTML (#3778) (#3779)
+* Correctly check http git access rights for reverse proxy authorized users (#3721) (#3743)
+* Fix to use only needed columns from tables to get repository git paths (#3870) (#3883)
+* Fix GPG expire time display when time is zero (#3584) (#3884)
+* Fix to update only issue last update time when adding a comment (#3855) (#3860)
+* Fix repository star count after deleting user (#3781) (#3783)
+* Use the active branch for the code tab (#3720) (#3776)
+* Set default branch name on first push (#3715) (#3723)
+* Show clipboard button if disable HTTP of git protocol (#3773) (#3774)
+
+[1.5.2]
+* Update Gitea to 1.4.2
+* Adjust z-index for floating labels (#3939) (#3950)
+* Add missing token validation on application settings page (#3976) #3978
+* Webhook and hook_task clean up (#4006)
+* Fix webhook bug of response info is not displayed in UI (#4023)
+* Fix writer cannot read bare repo guide (#4033) (#4039)
+* Don't force due date to current time (#3830) (#4057)
+* Fix wiki redirects (#3919) (#4065)
+* Fix attachment ENABLED (#4064) (#4066)
+* Added deletion of an empty line at the end of file (#4054) (#4074)
+* Use ResolveReference instead of path.Join (#4073)
+* Fix #4081 Check for leading / in base before removing it (#4083)
+* Respository's home page not updated after first push (#4075)
+
+[1.5.2-1]
+* Rebuild Gitea package because of https://github.com/go-gitea/gitea/issues/4167
+* Adjust z-index for floating labels (#3939) (#3950)
+* Add missing token validation on application settings page (#3976) #3978
+* Webhook and hook_task clean up (#4006)
+* Fix webhook bug of response info is not displayed in UI (#4023)
+* Fix writer cannot read bare repo guide (#4033) (#4039)
+* Don't force due date to current time (#3830) (#4057)
+* Fix wiki redirects (#3919) (#4065)
+* Fix attachment ENABLED (#4064) (#4066)
+* Added deletion of an empty line at the end of file (#4054) (#4074)
+* Use ResolveReference instead of path.Join (#4073)
+* Fix #4081 Check for leading / in base before removing it (#4083)
+* Respository's home page not updated after first push (#4075)
+
+[1.5.3]
+* Update Gitea to 1.4.3
+* SECURITY
+  * HTML-escape plain-text READMEs (#4192) (#4214)
+  * Fix open redirect vulnerability on login screen (#4312) (#4312)
+* BUGFIXES
+  * Fix broken monitoring page when running processes are shown (#4203) (#4208)
+  * Fix delete comment bug (#4216) (#4228)
+  * Delete reactions added to issues and comments when deleting repository (#4232) (#4237)
+  * Fix wiki URL encoding bug (#4091) (#4254)
+  * Fix code tab link when viewing tags (#3908) (#4263)
+  * Fix webhook type conflation (#4285) (#4285)
+
+[1.5.4]
+* Allow customization using gitea's custom data directory
+
+[1.6.0]
+* Update Gitea to 1.5.0
+* Security
+  * Check that repositories can only be migrated to own user or organizations (#4366) (#4370)
+  * Limit uploaded avatar image-size to 4096px x 3072px by default (#4353)
+  * Do not allow to reuse TOTP passcode (#3878)
+* Features
+  * Add cli commands to regen hooks & keys (#3979)
+  * Add support for FIDO U2F (#3971)
+  * Added user language setting (#3875)
+  * Add topic support (#3711)
+  * Multiple assignees (#3705)
+  * Add protected branch whitelists for merging (#3689)
+  * Global code search support (#3664)
+  * Add label descriptions (#3662)
+  * Add issue search via API (#3612)
+  * Add repository setting to enable/disable health checks (#3607)
+  * Emoji Autocomplete (#3433)
+  * Implements generator cli for secrets (#3531)
+

CloudronManifest.json

@@ -4,7 +4,7 @@
   "author": "Gitea developers",
   "description": "file://DESCRIPTION.md",
   "tagline": "A painless self-hosted Git Service",
-  "version": "1.4.0",
+  "version": "1.6.0",
   "healthCheckPath": "/healthcheck",
   "httpPort": 3000,
   "addons": {

DESCRIPTION.md

@@ -1,4 +1,4 @@
-This app packages Gitea <upstream>1.3.2</upstream>
+This app packages Gitea <upstream>1.5.0</upstream>
 
 Gitea is a painless self-hosted Git service. It is similar to GitHub, Bitbucket or Gitlab.
 

Dockerfile

@@ -1,6 +1,6 @@
 FROM cloudron/base:0.10.0
 
-ENV VERSION 1.3.2
+ENV VERSION 1.5.0
 
 RUN apt-get update && \
     apt-get install -y openssh-server git && \

start.sh

@@ -97,8 +97,7 @@ crudini --set "/run/gitea/app.ini" log MODE "console"
 crudini --set "/run/gitea/app.ini" log ROOT_PATH "/run/gitea"
 crudini --set "/run/gitea/app.ini" indexer ISSUE_INDEXER_PATH "/app/data/appdata/indexers/issues.bleve"
 
-
-mkdir -p /app/data/repository /app/data/ssh
+mkdir -p /app/data/repository /app/data/ssh /app/data/custom
 
 chown -R git:git /app/data /run/gitea
 

supervisor/gitea.conf

@@ -9,4 +9,4 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-environment=HOME="/home/git",USER="git"
+environment=HOME="/home/git",USER="git",GITEA_CUSTOM="/app/data/custom"

test/package.json

@@ -17,6 +17,7 @@
     "superagent": "^1.4.0"
   },
   "dependencies": {
+    "chromedriver": "^2.38.2",
     "selenium-server-standalone-jar": "^3.3.1",
     "selenium-webdriver": "^3.3.0",
     "superagent": "^1.8.5"

test/test.js

@@ -9,6 +9,8 @@
 
 'use strict';
 
+require('chromedriver');
+
 var execSync = require('child_process').execSync,
     ejs = require('ejs'),
     expect = require('expect.js'),
@@ -71,7 +73,7 @@ describe('Application life cycle test', function () {
         expect(app).to.be.an('object');
     }
 
-    function setAvatar(done) {
+    function setAvatarOld(done) {
         browser.get('https://' + app.fqdn + '/user/settings/avatar').then(function () {
             return browser.findElement(by.xpath('//input[@type="file" and @name="avatar"]')).sendKeys(path.resolve(__dirname, '../logo.png'));
         }).then(function () {
@@ -87,6 +89,25 @@ describe('Application life cycle test', function () {
         });
     }
 
+    function setAvatar(done) {
+        if (app.manifest.version === '1.5.4') return setAvatarOld(done);
+
+        browser.get('https://' + app.fqdn + '/user/settings').then(function () {
+            var button = browser.findElement(by.xpath('//label[contains(text(), "Use Custom Avatar")]'));
+            return browser.executeScript('arguments[0].scrollIntoView(false)', button);
+        }).then(function () {
+            return browser.findElement(by.xpath('//label[contains(text(), "Use Custom Avatar")]')).click();
+        }).then(function () {
+            return browser.findElement(by.xpath('//input[@type="file" and @name="avatar"]')).sendKeys(path.resolve(__dirname, '../logo.png'));
+        }).then(function () {
+            return browser.findElement(by.xpath('//button[contains(text(), "Update Avatar")]')).click();
+        }).then(function () {
+            return browser.wait(until.elementLocated(by.xpath('//p[contains(text(),"Your avatar has been updated.")]')), TIMEOUT);
+        }).then(function () {
+            done();
+        });
+    }
+
     function checkAvatar(done) {
 return done();
         superagent.get('https://' + app.fqdn + '/avatars/a3e6f3316fc1738e29d621e6a26e93d3').end(function (error, result) {
@@ -127,12 +148,7 @@ return done();
     function addPublicKey(done) {
         var publicKey = fs.readFileSync(__dirname + '/id_rsa.pub', 'utf8');
 
-        var sshPage;
-        if (app.manifest.version === '1.0.3') {
-            sshPage = 'https://' + app.fqdn + '/user/settings/ssh';
-        } else {
-            sshPage = 'https://' + app.fqdn + '/user/settings/keys';
-        }
+        const sshPage = 'https://' + app.fqdn + '/user/settings/keys';
 
         browser.get(sshPage).then(function () {
             return browser.findElement(by.xpath('//div[text()="Add Key"]')).click();
@@ -216,6 +232,23 @@ return done();
         done();
     }
 
+    function addCustomFile(done) {
+        fs.writeFileSync('/tmp/customfile.txt', 'GOGS TEST', 'utf8');
+        execSync('cloudron exec -- mkdir -p /app/data/custom/public');
+        execSync('cloudron push /tmp/customfile.txt /app/data/custom/public/customfile.txt');
+        fs.unlinkSync('/tmp/customfile.txt');
+        done();
+    }
+
+    function checkCustomFile(done) {
+        superagent.get('https://' + app.fqdn + '/customfile.txt').end(function (error, result) {
+            if (error) return done(error);
+
+            expect(result.text).to.contain('GOGS TEST');
+            done();
+        });
+    }
+
     function fileExists() {
         expect(fs.existsSync(repodir + '/newfile')).to.be(true);
     }
@@ -229,7 +262,7 @@ return done();
         }).then(function () {
             return browser.findElement(by.xpath('//button[@id="test-mail-btn"]')).click();
         }).then(function () {
-            return browser.wait(until.elementLocated(by.xpath('//p[contains(text(),"Test email has been sent to \'test@cloudron.io\'")]')), TIMEOUT);
+            return browser.wait(until.elementLocated(by.xpath('//p[contains(text(),"A testing email has been sent to \'test@cloudron.io\'")]')), TIMEOUT);
         }).then(function () {
             done();
         });
@@ -249,7 +282,7 @@ return done();
             if (error) return done(error);
             if (result.statusCode !== 200) return done(new Error('Login failed with status ' + result.statusCode));
 
-            token = result.body.token;
+            token = result.body.accessToken;
 
             superagent.get('https://' + inspect.apiEndpoint + '/api/v1/profile')
                 .query({ access_token: token }).end(function (error, result) {
@@ -292,8 +325,11 @@ return done();
     it('can add and push a file', pushFile);
     it('can edit file', editFile);
 
+    it('can add custom file', addCustomFile);
+    it('can check custom file', checkCustomFile);
+
     it('can restart app', function (done) {
-        execSync('cloudron restart --wait');
+        execSync('cloudron restart --wait --app ' + app.id);
         done();
     });
 
@@ -317,7 +353,7 @@ return done();
 
     it('move to different location', function () {
         //browser.manage().deleteAllCookies(); // commented because of error "'Network.deleteCookie' wasn't found"
-        execSync('cloudron configure --wait --location ' + LOCATION + '2', { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+        execSync('cloudron configure --wait --location ' + LOCATION + '2 --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
         var inspect = JSON.parse(execSync('cloudron inspect'));
         app = inspect.apps.filter(function (a) { return a.location === LOCATION + '2'; })[0];
         expect(app).to.be.an('object');