Merge branch 'master' into contents-api-should-return-404-on-not-found

Makefile

@@ -1,4 +1,5 @@
 DIST := dist
+DIST_DIRS := $(DIST)/binaries $(DIST)/release
 IMPORT := code.gitea.io/gitea
 export GO111MODULE=off
 
@@ -446,14 +447,13 @@ $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
 	GO111MODULE=on $(GO) build -mod=vendor $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
 
 .PHONY: release
-release: generate release-dirs release-windows release-linux release-darwin release-copy release-compress release-sources release-check
+release: generate release-windows release-linux release-darwin release-copy release-compress release-sources release-check
 
-.PHONY: release-dirs
-release-dirs:
-	mkdir -p $(DIST)/binaries $(DIST)/release
+$(DIST_DIRS):
+	mkdir -p $(DIST_DIRS)
 
 .PHONY: release-windows
-release-windows:
+release-windows: | $(DIST_DIRS)
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) get -u src.techknowlogick.com/xgo; \
 	fi
@@ -463,7 +463,7 @@ ifeq ($(CI),drone)
 endif
 
 .PHONY: release-linux
-release-linux:
+release-linux: | $(DIST_DIRS)
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) get -u src.techknowlogick.com/xgo; \
 	fi
@@ -473,7 +473,7 @@ ifeq ($(CI),drone)
 endif
 
 .PHONY: release-darwin
-release-darwin:
+release-darwin: | $(DIST_DIRS)
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) get -u src.techknowlogick.com/xgo; \
 	fi
@@ -483,22 +483,22 @@ ifeq ($(CI),drone)
 endif
 
 .PHONY: release-copy
-release-copy:
+release-copy: | $(DIST_DIRS)
 	cd $(DIST); for file in `find /build -type f -name "*"`; do cp $${file} ./release/; done;
 
 .PHONY: release-check
-release-check:
+release-check: | $(DIST_DIRS)
 	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "checksumming $${file}" && $(SHASUM) `echo $${file} | sed 's/^..//'` > $${file}.sha256; done;
 
 .PHONY: release-compress
-release-compress:
+release-compress: | $(DIST_DIRS)
 	@hash gxz > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) get -u github.com/ulikunitz/xz/cmd/gxz; \
 	fi
 	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "compressing $${file}" && gxz -k -9 $${file}; done;
 
 .PHONY: release-sources
-release-sources:
+release-sources: | $(DIST_DIRS)
 	tar cvzf $(DIST)/release/gitea-src-$(VERSION).tar.gz --exclude $(DIST) --exclude .git --exclude $(MAKE_EVIDENCE_DIR) .
 
 node_modules: package-lock.json

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -518,7 +518,7 @@ NB: You must `REDIRECT_MACARON_LOG` and have `DISABLE_ROUTER_LOG` set to `false`
 
 ### Cron - Repository Health Check (`cron.repo_health_check`)
 
-- `SCHEDULE`: **every 24h**: Cron syntax for scheduling repository health check.
+- `SCHEDULE`: **@every 24h**: Cron syntax for scheduling repository health check.
 - `TIMEOUT`: **60s**: Time duration syntax for health check execution timeout.
 - `ARGS`: **\<empty\>**: Arguments for command `git fsck`, e.g. `--unreachable --tags`. See more on http://git-scm.com/docs/git-fsck
 

docs/content/doc/advanced/signing.en-us.md

@@ -44,6 +44,16 @@ There are a number of places where Gitea will generate commits itself:
 Depending on configuration and server trust you may want Gitea to
 sign these commits.
 
+## Installing and generating a GPG key for Gitea
+
+It is up to a server administrator to determine how best to install
+a signing key. Gitea generates all its commits using the server `git`
+command at present - and therefore the server `gpg` will be used for
+signing (if configured.) Administrators should review best-practices
+for gpg - in particular it is probably advisable to only install a
+signing secret subkey without the master signing and certifying secret
+key.
+
 ## General Configuration
 
 Gitea's configuration for signing can be found with the
@@ -81,7 +91,7 @@ of the `user.signingkey`, `user.name` and `user.email` as appropriate.
 
 Please note: by adjusting git's `config` file within Gitea's
 repositories, `SIGNING_KEY=default` could be used to provide different
-signing keys on a per-repository basis. However, this is cleary not an
+signing keys on a per-repository basis. However, this is clearly not an
 ideal UI and therefore subject to change.
 
 ### `INITIAL_COMMIT`
@@ -142,22 +152,16 @@ The possible options are:
 Options other than `never` and `always` can be combined as a comma
 separated list.
 
-## Installing and generating a GPG key for Gitea
-
-It is up to a server administrator to determine how best to install
-a signing key. Gitea generates all its commits using the server `git`
-command at present - and therefore the server `gpg` will be used for
-signing (if configured.) Administrators should review best-practices
-for gpg - in particular it is probably advisable to only install a
-signing secret subkey without the master signing and certifying secret
-key.
-
 ## Obtaining the Public Key of the Signing Key
 
 The public key used to sign Gitea's commits can be obtained from the API at:
 
-```/api/v1/signing-key.gpg```
+```
+/api/v1/signing-key.gpg
+```
 
 In cases where there is a repository specific key this can be obtained from:
 
-```/api/v1/repos/:username/:reponame/signing-key.gpg```
+```
+/api/v1/repos/:username/:reponame/signing-key.gpg
+```

docs/content/doc/installation/database-preparation.en-us.md

@@ -0,0 +1,156 @@
+---
+date: "2020-01-16"
+title: "Database Preparation"
+slug: "database-prep"
+weight: 10
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "installation"
+    name: "Database preparation"
+    weight: 20
+    identifier: "database-prep"
+---
+
+You need a database to use Gitea. Gitea supports PostgreSQL, MySQL, SQLite, and MSSQL. This page will guide into preparing database. Only PostgreSQL and MySQL will be covered here since those database engines are widely-used in production.
+
+Database instance can be on same machine as Gitea (local database setup), or on different machine (remote database).
+
+Note: All steps below requires that the database engine of your choice is installed on your system. For remote database setup, install the server part on database instance and client part on your Gitea server. In addition, make sure you use same engine version for both server and client for some engine features to work. For security reason, protect `root` (MySQL) or `postgres` (PostgreSQL) database superuser with secure password.  The steps assumes that you run Linux for both database and Gitea servers.
+
+## MySQL
+
+1.  On database instance, login to database console as root:
+
+    ```
+    mysql -u root -p
+    ```
+
+    Enter the password as prompted.
+
+2.  Create database user which will be used by Gitea, authenticated by password. This example uses `'gitea'` as password. Please use a secure password for your instance. 
+
+    For local database:
+
+    ```sql
+    SET old_passwords=0;
+    CREATE USER 'gitea' IDENTIFIED BY 'gitea';
+    ```
+
+    For remote database:
+
+    ```sql
+    SET old_passwords=0;
+    CREATE USER 'gitea'@'12.34.56.78' IDENTIFIED BY 'gitea';
+    ```
+
+    where `12.34.56.78` is the IP address of your Gitea instance.
+
+    Replace username and password above as appropriate.
+
+3.  Create database with UTF-8 charset and collation. Make sure to use `utf8mb4` charset instead of `utf8` as the former supports all Unicode characters (including emojis) beyond *Basic Multilingual Plane*. Also, collation chosen depending on your expected content. When in doubt, use either `unicode_ci` or `general_ci`.
+
+    ```sql
+    CREATE DATABASE 'giteadb' CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_unicode_ci';
+    ```
+
+    Replace database name as appropriate.
+
+4.  Grant all privileges on the database to database user created above.
+
+    For local database:
+
+    ```sql
+    GRANT ALL PRIVILEGES ON giteadb.* TO 'gitea';
+    FLUSH PRIVILEGES;
+    ```
+
+    For remote database:
+
+    ```sql
+    GRANT ALL PRIVILEGES ON giteadb.* TO 'gitea'@'12.34.56.78';
+    FLUSH PRIVILEGES;
+    ```
+
+5.  Quit from database console by `exit`.
+
+6.  On your Gitea server, test connection to the database:
+
+    ```
+    mysql -u gitea -h 23.45.67.89 -p giteadb
+    ```
+
+    where `gitea` is database username, `giteadb` is database name, and `23.45.67.89` is IP address of database instance. Omit `-h` option for local database.
+
+    You should be connected to the database.
+
+## PostgreSQL
+
+1.  PostgreSQL uses `md5` challenge-response encryption scheme for password authentication by default. Nowadays this scheme is not considered secure anymore. Use SCRAM-SHA-256 scheme instead by editing the `postgresql.conf` configuration file on the database server to:
+
+    ```ini
+    password_encryption = scram-sha-256
+    ```
+
+    Restart PostgreSQL to apply the setting.
+
+2.  On the database server, login to the database console as superuser:
+
+    ```
+    su -c "psql" - postgres
+    ```
+
+3.  Create database user (role in PostgreSQL terms) with login privilege and password. Please use a secure, strong password instead of `'gitea'` below:
+
+    ```sql
+    CREATE ROLE gitea WITH LOGIN PASSWORD 'gitea';
+    ```
+
+    Replace username and password as appropriate.
+
+4.  Create database with UTF-8 charset and owned by the database user created earlier. Any `libc` collations can be specified with `LC_COLLATE` and `LC_CTYPE` parameter, depending on expected content:
+
+    ```sql
+    CREATE DATABASE giteadb WITH OWNER gitea TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';
+    ```
+
+    Replace database name as appropriate.
+
+5.  Allow the database user to access the database created above by adding the following authentication rule to `pg_hba.conf`.
+
+    For local database:
+
+    ```ini
+    local    giteadb    gitea    scram-sha-256
+    ```
+
+    For remote database:
+
+    ```ini
+    host    giteadb    gitea    12.34.56.78/32    scram-sha-256
+    ```
+
+    Replace database name, user, and IP address of Gitea instance with your own.
+
+    Note: rules on `pg_hba.conf` are evaluated sequentially, that is the first matching rule will be used for authentication. Your PostgreSQL installation may come with generic authentication rules that match all users and databases. You may need to place the rules presented here above such generic rules if it is the case.
+
+    Restart PostgreSQL to apply new authentication rules.
+    
+6.  On your Gitea server, test connection to the database.
+
+    For local database:
+
+    ```
+    psql -U gitea -d giteadb
+    ```
+
+    For remote database:
+
+    ```
+    psql "postgres://gitea@23.45.67.89/giteadb"
+    ```
+
+    where `gitea` is database user, `giteadb` is database name, and `23.45.67.89` is IP address of your database instance.
+
+    You should be prompted to enter password for the database user, and connected to the database.

docs/content/page/index.en-us.md

@@ -123,7 +123,7 @@ Windows, on architectures like amd64, i386, ARM, PowerPC, and others.
             - Cron jobs
                 - Update mirrors
                 - Repository health check
-                - Check repository statstics
+                - Check repository statistics
                 - Clean up old archives
     - Environment variables
     - Command line options

models/attachment.go

@@ -79,7 +79,11 @@ func (a *Attachment) LinkedRepository() (*Repository, UnitType, error) {
 			return nil, UnitTypeIssues, err
 		}
 		repo, err := GetRepositoryByID(iss.RepoID)
-		return repo, UnitTypeIssues, err
+		unitType := UnitTypeIssues
+		if iss.IsPull {
+			unitType = UnitTypePullRequests
+		}
+		return repo, unitType, err
 	} else if a.ReleaseID != 0 {
 		rel, err := GetReleaseByID(a.ReleaseID)
 		if err != nil {

models/attachment_test.go

@@ -138,7 +138,7 @@ func TestLinkedRepository(t *testing.T) {
 		expectedUnitType UnitType
 	}{
 		{"LinkedIssue", 1, &Repository{ID: 1}, UnitTypeIssues},
-		{"LinkedComment", 3, &Repository{ID: 1}, UnitTypeIssues},
+		{"LinkedComment", 3, &Repository{ID: 1}, UnitTypePullRequests},
 		{"LinkedRelease", 9, &Repository{ID: 1}, UnitTypeReleases},
 		{"Notlinked", 10, nil, -1},
 	}

models/issue.go

@@ -1873,9 +1873,8 @@ func UpdateIssuesMigrationsByType(gitServiceType structs.GitServiceType, origina
 // UpdateReactionsMigrationsByType updates all migrated repositories' reactions from gitServiceType to replace originalAuthorID to posterID
 func UpdateReactionsMigrationsByType(gitServiceType structs.GitServiceType, originalAuthorID string, userID int64) error {
 	_, err := x.Table("reaction").
-		Join("INNER", "issue", "issue.id = reaction.issue_id").
-		Where("issue.repo_id IN (SELECT id FROM repository WHERE original_service_type = ?)", gitServiceType).
-		And("reaction.original_author_id = ?", originalAuthorID).
+		Where("original_author_id = ?", originalAuthorID).
+		And(migratedIssueCond(gitServiceType)).
 		Update(map[string]interface{}{
 			"user_id":            userID,
 			"original_author":    "",

models/migrate.go

@@ -208,20 +208,24 @@ func InsertReleases(rels ...*Release) error {
 	return sess.Commit()
 }
 
+func migratedIssueCond(tp structs.GitServiceType) builder.Cond {
+	return builder.In("issue_id",
+		builder.Select("issue.id").
+			From("issue").
+			InnerJoin("repository", "issue.repo_id = repository.id").
+			Where(builder.Eq{
+				"repository.original_service_type": tp,
+			}),
+	)
+}
+
 // UpdateReviewsMigrationsByType updates reviews' migrations information via given git service type and original id and poster id
 func UpdateReviewsMigrationsByType(tp structs.GitServiceType, originalAuthorID string, posterID int64) error {
 	_, err := x.Table("review").
-		Where(builder.In("issue_id",
-			builder.Select("issue.id").
-				From("issue").
-				InnerJoin("repository", "issue.repo_id = repository.id").
-				Where(builder.Eq{
-					"repository.original_service_type": tp,
-				}),
-		)).
-		And("review.original_author_id = ?", originalAuthorID).
+		Where("original_author_id = ?", originalAuthorID).
+		And(migratedIssueCond(tp)).
 		Update(map[string]interface{}{
-			"poster_id":          posterID,
+			"reviewer_id":        posterID,
 			"original_author":    "",
 			"original_author_id": 0,
 		})

models/repo.go

@@ -1619,6 +1619,7 @@ func DeleteRepository(doer *User, uid, repoID int64) error {
 	}
 
 	if err = sess.Commit(); err != nil {
+		sess.Close()
 		if len(deployKeys) > 0 {
 			// We need to rewrite the public keys because the commit failed
 			if err2 := RewriteAllPublicKeys(); err2 != nil {