Version 1.7.0

Use latest base image
Avoid nxdomain during tests and always specify app id
2025-09-25 14:37:44 +00:00 · 2018-10-10 20:17:18 -07:00 · 2018-10-10 20:09:26 -07:00 · 2018-09-03 17:44:23 +02:00 · 2018-09-03 17:17:32 +02:00 · 2018-08-12 10:37:38 -07:00
7 changed files with 175 additions and 35 deletions
--- a/37
+++ b/37
@@ -153,3 +153,40 @@

 [1.5.4]
 * Allow customization using gitea's custom data directory
+
+[1.6.0]
+* Update Gitea to 1.5.0
+* Security
+  * Check that repositories can only be migrated to own user or organizations (#4366) (#4370)
+  * Limit uploaded avatar image-size to 4096px x 3072px by default (#4353)
+  * Do not allow to reuse TOTP passcode (#3878)
+* Features
+  * Add cli commands to regen hooks & keys (#3979)
+  * Add support for FIDO U2F (#3971)
+  * Added user language setting (#3875)
+  * Add topic support (#3711)
+  * Multiple assignees (#3705)
+  * Add protected branch whitelists for merging (#3689)
+  * Global code search support (#3664)
+  * Add label descriptions (#3662)
+  * Add issue search via API (#3612)
+  * Add repository setting to enable/disable health checks (#3607)
+  * Emoji Autocomplete (#3433)
+  * Implements generator cli for secrets (#3531)
+
+[1.6.1]
+* Update Gitea to 1.5.1
+* Security
+  * Don't disclose emails of all users when sending out emails (#4784)
+  * Improve URL validation for external wiki and external issues (#4710) (#4740)
+  * Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706) (#4707)
+* Bugfixes
+  * Fix missing release title in webhook (#4783) (#4800)
+  * Make sure to reset commit count in the cache on mirror syncing (#4770)
+  * Fixed bug where team with admin privelege type doesn't get any unit (#4759)
+  * Fix failure on creating pull request with assignees (#4583) (#4727)
+  * Hide org/create menu item in Dashboard if user has no rights (#4678) (#4686)
+
+[1.7.0]
+* Update base image
+
--- a/CloudronManifest.json
+++ b/CloudronManifest.json
@@ -4,7 +4,7 @@
  "author": "Gitea developers",
  "description": "file://DESCRIPTION.md",
  "tagline": "A painless self-hosted Git Service",
-  "version": "1.5.4",
+  "version": "1.7.0",
  "healthCheckPath": "/healthcheck",
  "httpPort": 3000,
  "addons": {
--- a/DESCRIPTION.md
+++ b/DESCRIPTION.md
@@ -1,4 +1,4 @@
-This app packages Gitea <upstream>1.4.3</upstream>
+This app packages Gitea <upstream>1.5.1</upstream>

 Gitea is a painless self-hosted Git service. It is similar to GitHub, Bitbucket or Gitlab.

--- a/10
+++ b/10
@@ -1,6 +1,4 @@
-FROM cloudron/base:0.10.0
-
-ENV VERSION 1.4.3
+FROM cloudron/base:1.0.0@sha256:147a648a068a2e746644746bbfb42eb7a50d682437cead3c67c933c546357617

 RUN apt-get update && \
    apt-get install -y openssh-server git && \
@@ -16,7 +14,7 @@ RUN passwd -d git

 RUN mkdir -p /home/git/gitea
 ## TODO: use redis as well
-RUN curl -L https://dl.gitea.io/gitea/${VERSION}/gitea-${VERSION}-linux-amd64 -o /home/git/gitea/gitea \
+RUN curl -L https://dl.gitea.io/gitea/1.5.1/gitea-1.5.1-linux-amd64 -o /home/git/gitea/gitea \
    && chmod +x /home/git/gitea/gitea

 # setup config paths
@@ -31,9 +29,7 @@ RUN ln -s /app/data/gitconfig /home/git/.gitconfig

 ADD start.sh /home/git/start.sh

-# disable pam authentication for sshd
-RUN sed -e 's/UsePAM yes/UsePAM no/' -e 's/UsePrivilegeSeparation yes/UsePrivilegeSeparation no/' -i /etc/ssh/sshd_config
-RUN echo "UseDNS no" >> /etc/ssh/sshd_config
+COPY sshd_config /etc/ssh/sshd_config

 CMD [ "/home/git/start.sh" ]

--- a/79
+++ b/79
@@ -0,0 +1,79 @@
+# Package generated configuration file
+# See the sshd_config(5) manpage for details
+
+# What ports, IPs and protocols we listen for
+Port 29418
+# Use these options to restrict which interfaces/protocols sshd will bind to
+ListenAddress 0.0.0.0
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /app/data/sshd/ssh_host_rsa_key
+HostKey /app/data/sshd/ssh_host_dsa_key
+HostKey /app/data/sshd/ssh_host_ecdsa_key
+HostKey /app/data/sshd/ssh_host_ed25519_key
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin prohibit-password
+StrictModes yes
+
+PubkeyAuthentication yes
+#AuthorizedKeysFile	%h/.ssh/authorized_keys
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Change to no to disable tunnelled clear text passwords
+#PasswordAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+X11Forwarding yes
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog yes
+TCPKeepAlive yes
+#UseLogin no
+
+#MaxStartups 10:30:60
+#Banner /etc/issue.net
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM no
+UseDNS no
--- a/start.sh
+++ b/start.sh
@@ -2,7 +2,7 @@

 set -eu -o pipefail

-mkdir -p /run/gitea/tmp/uploads
+mkdir -p /run/gitea/tmp/uploads /run/sshd

 setup_ldap_source() {
    set -eu
@@ -50,10 +50,7 @@ fi
 chmod 0600 /app/data/sshd/*_key
 chmod 0644 /app/data/sshd/*.pub

-sed -e "s/^Port .*/Port ${SSH_PORT}/" \
-    -e "s/^#ListenAddress .*/ListenAddress 0.0.0.0/" \
-    -e "s,^HostKey /etc/ssh/,HostKey /app/data/sshd/," \
-    /etc/ssh/sshd_config > /run/gitea/sshd_config
+sed -e "s/^Port .*/Port ${SSH_PORT}/" /etc/ssh/sshd_config > /run/gitea/sshd_config

 cp /home/git/app.ini.template "/run/gitea/app.ini"

--- a/test/test.js
+++ b/test/test.js
@@ -73,7 +73,7 @@ describe('Application life cycle test', function () {
        expect(app).to.be.an('object');
    }

-    function setAvatar(done) {
+    function setAvatarOld(done) {
        browser.get('https://' + app.fqdn + '/user/settings/avatar').then(function () {
            return browser.findElement(by.xpath('//input[@type="file" and @name="avatar"]')).sendKeys(path.resolve(__dirname, '../logo.png'));
        }).then(function () {
@@ -89,6 +89,25 @@ describe('Application life cycle test', function () {
        });
    }

+    function setAvatar(done) {
+        if (app.manifest.version === '1.5.4') return setAvatarOld(done);
+
+        browser.get('https://' + app.fqdn + '/user/settings').then(function () {
+            var button = browser.findElement(by.xpath('//label[contains(text(), "Use Custom Avatar")]'));
+            return browser.executeScript('arguments[0].scrollIntoView(false)', button);
+        }).then(function () {
+            return browser.findElement(by.xpath('//label[contains(text(), "Use Custom Avatar")]')).click();
+        }).then(function () {
+            return browser.findElement(by.xpath('//input[@type="file" and @name="avatar"]')).sendKeys(path.resolve(__dirname, '../logo.png'));
+        }).then(function () {
+            return browser.findElement(by.xpath('//button[contains(text(), "Update Avatar")]')).click();
+        }).then(function () {
+            return browser.wait(until.elementLocated(by.xpath('//p[contains(text(),"Your avatar has been updated.")]')), TIMEOUT);
+        }).then(function () {
+            done();
+        });
+    }
+
    function checkAvatar(done) {
 return done();
        superagent.get('https://' + app.fqdn + '/avatars/a3e6f3316fc1738e29d621e6a26e93d3').end(function (error, result) {
@@ -129,12 +148,7 @@ return done();
    function addPublicKey(done) {
        var publicKey = fs.readFileSync(__dirname + '/id_rsa.pub', 'utf8');

-        var sshPage;
-        if (app.manifest.version === '1.0.3') {
-            sshPage = 'https://' + app.fqdn + '/user/settings/ssh';
-        } else {
-            sshPage = 'https://' + app.fqdn + '/user/settings/keys';
-        }
+        const sshPage = 'https://' + app.fqdn + '/user/settings/keys';

        browser.get(sshPage).then(function () {
            return browser.findElement(by.xpath('//div[text()="Add Key"]')).click();
@@ -220,8 +234,8 @@ return done();

    function addCustomFile(done) {
        fs.writeFileSync('/tmp/customfile.txt', 'GOGS TEST', 'utf8');
-        execSync('cloudron exec -- mkdir -p /app/data/custom/public');
-        execSync('cloudron push /tmp/customfile.txt /app/data/custom/public/customfile.txt');
+        execSync(`cloudron exec --app ${app.id} -- mkdir -p /app/data/custom/public`);
+        execSync(`cloudron push --app ${app.id} /tmp/customfile.txt /app/data/custom/public/customfile.txt`);
        fs.unlinkSync('/tmp/customfile.txt');
        done();
    }
@@ -248,7 +262,7 @@ return done();
        }).then(function () {
            return browser.findElement(by.xpath('//button[@id="test-mail-btn"]')).click();
        }).then(function () {
-            return browser.wait(until.elementLocated(by.xpath('//p[contains(text(),"Test email has been sent to \'test@cloudron.io\'")]')), TIMEOUT);
+            return browser.wait(until.elementLocated(by.xpath('//p[contains(text(),"A testing email has been sent to \'test@cloudron.io\'")]')), TIMEOUT);
        }).then(function () {
            done();
        });
@@ -337,12 +351,17 @@ return done();
    it('can clone the url', cloneRepo);
    it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });

-    it('move to different location', function () {
+    it('move to different location', function (done) {
        //browser.manage().deleteAllCookies(); // commented because of error "'Network.deleteCookie' wasn't found"
-        execSync('cloudron configure --wait --location ' + LOCATION + '2 --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-        var inspect = JSON.parse(execSync('cloudron inspect'));
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION + '2'; })[0];
-        expect(app).to.be.an('object');
+        // ensure we don't hit NXDOMAIN in the mean time
+        browser.get('about:blank').then(function () {
+            execSync('cloudron configure --wait --location ' + LOCATION + '2 --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+            var inspect = JSON.parse(execSync('cloudron inspect'));
+            app = inspect.apps.filter(function (a) { return a.location === LOCATION + '2'; })[0];
+            expect(app).to.be.an('object');
+
+            done();
+        });
    });

    it('can login', login);
@@ -351,8 +370,12 @@ return done();
    it('can clone the url', cloneRepo);
    it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });

-    it('uninstall app', function () {
-        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    it('uninstall app', function (done) {
+        // ensure we don't hit NXDOMAIN in the mean time
+        browser.get('about:blank').then(function () {
+            execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+            done();
+        });
    });

    // check if the _first_ login via email succeeds
@@ -365,8 +388,12 @@ return done();

        login(function (error) {
            if (error) return done(error);
-            execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-            done();
+
+            // ensure we don't hit NXDOMAIN in the mean time
+            browser.get('about:blank').then(function () {
+                execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+                done();
+            });
        });
    });

@@ -394,7 +421,11 @@ return done();
    it('can clone the url', cloneRepo);
    it('file exists in cloned repo', fileExists);

-    it('uninstall app', function () {
-        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    it('uninstall app', function (done) {
+        // ensure we don't hit NXDOMAIN in the mean time
+        browser.get('about:blank').then(function () {
+            execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+            done();
+        });
    });
 });
Author	SHA1	Message	Date
Girish Ramakrishnan	278116abdb	Version 1.7.0	2018-10-10 20:17:18 -07:00
Girish Ramakrishnan	8a942dc8f7	Use latest base image	2018-10-10 20:09:26 -07:00
Johannes Zellner	1b15db85e3	Avoid nxdomain during tests and always specify app id	2018-09-03 17:44:23 +02:00
Johannes Zellner	d37044f8e0	Bump version for 1.5.1	2018-09-03 17:17:32 +02:00
Girish Ramakrishnan	e7671bd3f2	Version 1.6.0	2018-08-12 10:37:38 -07:00
Girish Ramakrishnan	32cc8175e5	Fix tests	2018-08-12 10:36:17 -07:00
Girish Ramakrishnan	534e4884b4	Update Gitea to 1.5.0	2018-08-12 10:17:14 -07:00