mirror of
https://github.com/go-gitea/gitea.git
synced 2026-05-14 17:27:05 +00:00
04f0bbcf387ec575781baeda4ae345f81c8287d2
157 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Nicolas
|
71f3e28fe5 | ci: Also lint json5 files (#37659) | ||
|
Giteabot
|
7621b65403 |
chore(deps): update action dependencies (major) (#37638)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [bitnamilegacy/minio](https://redirect.github.com/bitnami/containers) ([source](https://redirect.github.com/bitnami/containers/tree/HEAD/bitnami/minio)) | service | major | `2021.12.29` → `2025.7.23` | | [bitnamilegacy/minio](https://redirect.github.com/bitnami/containers) ([source](https://redirect.github.com/bitnami/containers/tree/HEAD/bitnami/minio)) | service | major | `2023.12.23` → `2025.7.23` | | [bitnamilegacy/mysql](https://redirect.github.com/bitnami/containers) ([source](https://redirect.github.com/bitnami/containers/tree/HEAD/bitnami/mysql)) | service | major | `8.4` → `9.4` | --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - Only on Monday (`* * * * 1`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
silverwind
|
a5d81d9ce2 |
perf: replace goheader linter with custom check (#37599)
Replace the [slow `goheader` linter](https://github.com/denis-tingaikin/go-header/issues/70) with a custom check. Local go lint time is down from 247s to 32s. 6 new files that were previously undetected because of `//go:build ignore` are fixed. The exit code of the make target preserves the golangci-lint exit code, if present. Also refactors and consolidates the linting targets. Signed-off-by: silverwind <me@silverwind.io> Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io> |
||
|
Giteabot
|
c81eca9904 |
chore(deps): update action dependencies (#37603)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/labeler](https://redirect.github.com/actions/labeler) | action | minor | `v6.0.1` → `v6.1.0` | | [aws-actions/configure-aws-credentials](https://redirect.github.com/aws-actions/configure-aws-credentials) | action | patch | `v6.1.0` → `v6.1.1` | | [docker.elastic.co/elasticsearch/elasticsearch](https://www.elastic.co/products/elasticsearch) ([source](https://redirect.github.com/elastic/elasticsearch)) | service | patch | `8.19.14` → `8.19.15` | | [renovatebot/github-action](https://redirect.github.com/renovatebot/github-action) | action | patch | `v46.1.12` → `v46.1.13` | --- ### Release Notes <details> <summary>actions/labeler (actions/labeler)</summary> ### [`v6.1.0`](https://redirect.github.com/actions/labeler/releases/tag/v6.1.0) [Compare Source](https://redirect.github.com/actions/labeler/compare/v6.0.1...v6.1.0) #### Enhancements - Add changed-files-labels-limit and max-files-changed configuration options to cap the number of labels added by [@​bluca](https://redirect.github.com/bluca) in [#​923](https://redirect.github.com/actions/labeler/pull/923) #### Bug Fixes - Improve Labeler Action documentation and permission error handling by [@​chiranjib-swain](https://redirect.github.com/chiranjib-swain) in [#​897](https://redirect.github.com/actions/labeler/pull/897) - Preserve manually added labels during workflow runs and refine label synchronization logic by [@​chiranjib-swain](https://redirect.github.com/chiranjib-swain) in [#​917](https://redirect.github.com/actions/labeler/pull/917) #### Dependency Updates - Upgrade brace-expansion from 1.1.11 to 1.1.12 and document breaking changes in v6 by [@​dependabot](https://redirect.github.com/dependabot) in [#​877](https://redirect.github.com/actions/labeler/pull/877) - Upgrade minimatch from 10.0.1 to 10.2.3 by [@​dependabot](https://redirect.github.com/dependabot) in [#​926](https://redirect.github.com/actions/labeler/pull/926) - Upgrade dependencies ([@​actions/core](https://redirect.github.com/actions/core), [@​actions/github](https://redirect.github.com/actions/github), js-yaml, minimatch, [@​typescript-eslint](https://redirect.github.com/typescript-eslint)) by [@​Copilot](https://redirect.github.com/Copilot) in [#​934](https://redirect.github.com/actions/labeler/pull/934) #### New Contributors - [@​chiranjib-swain](https://redirect.github.com/chiranjib-swain) made their first contribution in [#​897](https://redirect.github.com/actions/labeler/pull/897) - [@​bluca](https://redirect.github.com/bluca) made their first contribution in [#​923](https://redirect.github.com/actions/labeler/pull/923) - [@​Copilot](https://redirect.github.com/Copilot) made their first contribution in [#​934](https://redirect.github.com/actions/labeler/pull/934) **Full Changelog**: <https://github.com/actions/labeler/compare/v6...v6.1.0> </details> <details> <summary>aws-actions/configure-aws-credentials (aws-actions/configure-aws-credentials)</summary> ### [`v6.1.1`](https://redirect.github.com/aws-actions/configure-aws-credentials/releases/tag/v6.1.1) [Compare Source](https://redirect.github.com/aws-actions/configure-aws-credentials/compare/v6.1.0...v6.1.1) ##### What's Changed - chore(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1722](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1722) - chore(deps-dev): bump [@​types/node](https://redirect.github.com/types/node) from 25.5.0 to 25.5.2 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1723](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1723) - chore(deps-dev): bump [@​smithy/property-provider](https://redirect.github.com/smithy/property-provider) from 4.2.12 to 4.2.13 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1724](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1724) - chore(deps): bump proxy-agent from 8.0.0 to 8.0.1 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1726](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1726) - chore(deps): bump [@​smithy/node-http-handler](https://redirect.github.com/smithy/node-http-handler) from 4.5.1 to 4.5.2 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1725](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1725) - chore(deps): bump [@​aws-sdk/client-sts](https://redirect.github.com/aws-sdk/client-sts) from 3.1020.0 to 3.1025.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1727](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1727) - chore(deps): bump basic-ftp from 5.2.0 to 5.2.1 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1728](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1728) - chore(deps): bump basic-ftp from 5.2.1 to 5.2.2 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1729](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1729) - chore(deps-dev): bump [@​types/node](https://redirect.github.com/types/node) from 25.5.2 to 25.6.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1730](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1730) - chore(deps-dev): bump [@​aws-sdk/credential-provider-env](https://redirect.github.com/aws-sdk/credential-provider-env) from 3.972.24 to 3.972.25 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1733](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1733) - chore(deps): bump [@​aws-sdk/client-sts](https://redirect.github.com/aws-sdk/client-sts) from 3.1025.0 to 3.1030.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1732](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1732) - chore(deps-dev): bump [@​biomejs/biome](https://redirect.github.com/biomejs/biome) from 2.4.10 to 2.4.11 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1734](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1734) - chore(deps): bump basic-ftp from 5.2.2 to 5.3.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1736](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1736) - chore(deps-dev): bump memfs from 4.57.1 to 4.57.2 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1737](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1737) - chore(deps-dev): bump typescript from 6.0.2 to 6.0.3 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1740](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1740) - chore(deps-dev): bump [@​smithy/property-provider](https://redirect.github.com/smithy/property-provider) from 4.2.13 to 4.2.14 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1741](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1741) - chore(deps-dev): bump [@​aws-sdk/credential-provider-env](https://redirect.github.com/aws-sdk/credential-provider-env) from 3.972.25 to 3.972.28 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1742](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1742) - chore(deps): bump [@​aws-sdk/client-sts](https://redirect.github.com/aws-sdk/client-sts) from 3.1030.0 to 3.1033.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1743](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1743) - chore(deps-dev): bump [@​biomejs/biome](https://redirect.github.com/biomejs/biome) from 2.4.11 to 2.4.12 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1739](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1739) - chore(deps-dev): bump [@​biomejs/biome](https://redirect.github.com/biomejs/biome) from 2.4.12 to 2.4.13 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1747](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1747) - chore(deps): bump postcss from 8.5.6 to 8.5.12 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1752](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1752) - chore(deps): bump [@​smithy/node-http-handler](https://redirect.github.com/smithy/node-http-handler) from 4.6.0 to 4.6.1 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1750](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1750) - chore(deps-dev): bump [@​aws-sdk/credential-provider-env](https://redirect.github.com/aws-sdk/credential-provider-env) from 3.972.28 to 3.972.32 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1751](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1751) - chore(deps): bump [@​aws-sdk/client-sts](https://redirect.github.com/aws-sdk/client-sts) from 3.1033.0 to 3.1038.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1749](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1749) - chore: release 6.1.1 by [@​lehmanmj](https://redirect.github.com/lehmanmj) in [#​1757](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1757) **Full Changelog**: <https://github.com/aws-actions/configure-aws-credentials/compare/v6...v6.1.1> </details> <details> <summary>elastic/elasticsearch (docker.elastic.co/elasticsearch/elasticsearch)</summary> ### [`v8.19.15`](https://redirect.github.com/elastic/elasticsearch/releases/tag/v8.19.15): Elasticsearch 8.19.15 [Compare Source](https://redirect.github.com/elastic/elasticsearch/compare/v8.19.14...v8.19.15) Downloads: <https://elastic.co/downloads/elasticsearch> Release notes: <https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.15.html> </details> <details> <summary>renovatebot/github-action (renovatebot/github-action)</summary> ### [`v46.1.13`](https://redirect.github.com/renovatebot/github-action/releases/tag/v46.1.13) [Compare Source](https://redirect.github.com/renovatebot/github-action/compare/v46.1.12...v46.1.13) ##### Documentation - update references to renovatebot/github-action to v46.1.12 ([a871d4d]( |
||
|
silverwind
|
b4085c7e3c |
build: update pnpm to v11 (#37591)
Update to https://github.com/pnpm/pnpm/releases/tag/v11.0.0 - move all pnpm settings to `pnpm-workspace.yaml`, pnpm v11 only reads that file - drop redundant or no-op settings - disable `strictDepBuilds` to avoid having to manually specify deps with build scripts, this is equivalent to v10 where it will not execute and warn. - add workarounds for https://github.com/SukkaW/nolyfill/issues/119 - remove dead eslintrc entry --- This PR was written with the help of Claude Opus 4.7 --------- Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> |
||
|
wxiaoguang
|
a39af1a829 |
refactor: use modernc sqlite driver as default (#37562)
The mattn driver is still kept, can be enabled by TAGS="sqlite_mattn sqlite_unlock_notify" --------- Co-authored-by: TheFox0x7 <thefox0x7@gmail.com> |
||
|
silverwind
|
ebc058f682 |
ci: increase renovate frequency and fix RENOVATE_ALLOWED_POST_UPGRADE_COMMANDS (#37565)
1. Sync `RENOVATE_ALLOWED_POST_UPGRADE_COMMANDS` with the recent `renovate.json5` change (#37537) — the npm group now runs `make svg nolyfill`, but the workflow allowlist still only matched `^make (tidy|svg)$`, so the post-upgrade task was being rejected. 2. Bump the cron from daily at 01:00 UTC to hourly at :23, matching the cadence of Mend's hosted Renovate App. Hourly gives sub-hour responsiveness to dependency-dashboard checkbox interactions and PR-close reactions; the `:23` offset avoids the GHA scheduler congestion at multiples of 15. Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
Nicolas
|
45ffe5aa6a |
ci: lint PR titles with commitlint (#37498)
## Summary - Enforce **Conventional Commits** on PR titles (PRs are squash-merged, so the PR title becomes the final commit message). - Add a local `make lint-pr-title` target so contributors can validate titles before pushing. ## Why We squash-merge PRs, which means the final repository history is largely shaped by **PR titles**. Enforcing a consistent Conventional Commits format makes: - **Release notes & changelogs easier to generate** (types like `feat` / `fix` can be grouped automatically). - **History easier to scan** (uniform structure, optional scopes, explicit breaking changes via `!`). - **Automation more reliable** (future tooling can infer category and scope from the title). ## PR title format ```text type(scope)!: subject type: one of build|chore|ci|docs|feat|fix|perf|refactor|revert|style|test scope: optional (e.g. web, api, actions, repo, …) !: optional, indicates a breaking change subject: short, imperative, no trailing period ``` ## Examples ```text feat(web): add dark mode toggle fix(api): avoid panic when repo is missing chore(ci): lint PR titles with commitlint refactor(templates): reduce duplication in repo list rendering feat!: remove legacy OAuth endpoint ``` ## Local testing ```text make deps-frontend make lint-pr-title PR_TITLE="feat(web): add dark mode toggle" ``` --------- Signed-off-by: Nicolas <bircni@icloud.com> Co-authored-by: nb <nb@users.noreply.local> Co-authored-by: GPT-5.2 <gpt-5.2@openai.com> |
||
|
Giteabot
|
62300eab3b |
chore(deps): update action dependencies (#37540)
This PR contains the following updates: | Package | Type | Update | Change | Pending | |---|---|---|---|---| | [bitnamilegacy/minio](https://redirect.github.com/bitnami/containers) ([source](https://redirect.github.com/bitnami/containers/tree/HEAD/bitnami/minio)) | service | minor | `2021.3.17` → `2021.12.29` | | | [bitnamilegacy/minio](https://redirect.github.com/bitnami/containers) ([source](https://redirect.github.com/bitnami/containers/tree/HEAD/bitnami/minio)) | service | minor | `2023.8.31` → `2023.12.23` | | | [bitnamilegacy/mysql](https://redirect.github.com/bitnami/containers) ([source](https://redirect.github.com/bitnami/containers/tree/HEAD/bitnami/mysql)) | service | minor | `8.0` → `8.4` | | | [renovatebot/github-action](https://redirect.github.com/renovatebot/github-action) | action | patch | `v46.1.10` → `v46.1.12` | `v46.1.13` | --- ### Release Notes <details> <summary>renovatebot/github-action (renovatebot/github-action)</summary> ### [`v46.1.12`](https://redirect.github.com/renovatebot/github-action/releases/tag/v46.1.12) [Compare Source](https://redirect.github.com/renovatebot/github-action/compare/v46.1.11...v46.1.12) ##### Bug Fixes - **deps:** update dependency [@​actions/core](https://redirect.github.com/actions/core) to v3.0.1 ([e8a6055]( |
||
|
silverwind
|
abcfa53040 |
Replace olivere/elastic with REST API client, add OpenSearch support (#37411)
Drops `github.com/olivere/elastic/v7` (unmaintained) and replaces it
with a small in-house wrapper that speaks the Elasticsearch REST API
directly via `net/http`. The subset used by Gitea (`_cluster/health`,
`_bulk`, `_doc`, `_delete_by_query`, `_refresh`, `_search`, `HEAD`/`PUT`
index) is stable across the targeted servers, so no client library is
needed.
**Targets tested**
- Elasticsearch 7, 8, 9
- OpenSearch 1, 2, 3
**Why not `go-elasticsearch`?**
The official client enforces an `X-Elastic-Product` server-identity
check that OpenSearch deliberately fails, which would force shipping a
transport shim to defeat it. Going direct over `net/http` removes that
fight along with several MB of transitive deps (`elastic-transport-go`,
`go.opentelemetry.io/otel{,/metric,/trace}`, `auto/sdk`, `easyjson`,
`intern`, `logr`, `stdr`).
Replaces: #30755
Fixes: https://github.com/go-gitea/gitea/issues/30752
---
This PR was written with the help of Claude Opus 4.7
---------
Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
|
||
|
wxiaoguang
|
1721c235a7 |
Refactor CI workflows (#37487)
1. only trigger docker-dryrun arm64&riscv64 when dockerfile changes 2. de-duplicate "contents: read" permission for most workflows 3. merge various "lint-*" jobs into one job 4. add missing lint targets to the "lint" (all) target |
||
|
silverwind
|
d57d06335d |
Refactor integration tests infrastructure (#37462)
Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
silverwind
|
99cd4f6b22 |
Integrate renovate bot for all dependency updates (#37050)
Replaces Dependabot with Renovate. The new setup: - One PR per ecosystem (GitHub Actions, Go modules + Makefile go-tool pins, npm, Python via uv, Nix flake), opened weekly on Mondays with a 5-day release-age cooldown. Vulnerability PRs ship next-day via daily cron + Renovate's `vulnerabilityAlerts` schedule bypass. - All `uses:` action refs SHA-pinned with patch-level version comments (same format as #36971, which this supersedes); `helpers:pinGitHubActionDigests` keeps future bumps in that format. - `renovatebot/github-action` runtime image pinned via the upstream-recommended `RENOVATE_VERSION` env + magic comment + `customManagers:githubActionsVersions` preset, so Renovate keeps the pin updated. - Custom regex manager tracks the `*_PACKAGE ?= <import-path>@<version>` lines in `Makefile` (golangci-lint, swagger, actionlint, etc.) and groups them into the same Go PR via `matchDatasources: ["go"]`. - Post-upgrade tasks regenerate `assets/go-licenses.json` (`make tidy`) and the SVG sprite (`make svg`), gated by an env-level command allowlist. - Replaces the standalone `cron-flake-updater` workflow — Renovate's nix manager tracks `flake.nix` inputs and produces the same `flake.lock` bump PRs on the regular weekly schedule. - npm and gomod-replace pins live in `renovate.json5` only; `updates@17.16.3` reads them from there too, so the standalone `updates.config.ts` is gone and one source of truth covers both tools. Fixes: https://github.com/go-gitea/gitea/issues/33386 Signed-off-by: silverwind <me@silverwind.io> Signed-off-by: TheFox0x7 <thefox0x7@gmail.com> Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com> Co-authored-by: TheFox0x7 <thefox0x7@gmail.com> Co-authored-by: Nicolas <bircni@icloud.com> Co-authored-by: Giteabot <teabot@gitea.io> |
||
|
silverwind
|
ebf30ac4db |
Optimize CI caches (#37387)
Cache includes go, lint and unittests. Integration tests with their standalone binaries are uncacheable with their current architecture. Every Go job uses a new composite action (`.github/actions/go-cache`) that restores and saves the Go module cache, a shared build cache, and the golangci-lint cache. A `cache-seeder` workflow runs on `push: main` to pre-populate those slots; PRs read them via GitHub's default-branch fallback, so the common case is warm from the first commit. Also dropped `-coverprofile` from `test-unit` (it silently disabled Go's test result cache), and `-race` from `test-pgsql` and `test-mysql` (kept on `test-unit` and `test-sqlite`). Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: Nicolas <bircni@icloud.com> |
||
|
Sebastian Ertz
|
8068d608d1 |
Update GitHub Actions to latest major versions (#37313)
| | from | to | | --- | --- | --- | | actions/setup-node | `v5` | `v6` | | astral-sh/setup-uv | `v8.0.0` | `v8.1.0` | |
||
|
silverwind
|
b31eef2828 |
Stabilize issue-project e2e test, increase timeout factor (#37297)
1. stabilize flaky e2e test from
|
||
|
silverwind
|
a9108ab6aa |
Replace custom Go formatter with golangci-lint fmt (#37194)
Use `golangci-lint fmt` to format code, replacing the previous custom formatter tool. https://github.com/daixiang0/gci is used to order the imports. `make fmt` performs ~13% faster while consuming ~57% less cpu while formatting for me. `GOFUMPT_PACKAGE` is gone because it's using the builtin package from golangci-lint. Co-authored-by: Claude (claude-opus-4-6) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
silverwind
|
3c17daf615 |
Update setup-uv to v8.0.0 (#37101)
Update to https://github.com/astral-sh/setup-uv/releases/tag/v8.0.0. Note that version here must be the immutable `v8.0.0`, a mutable `v8` tag does not exist. |
||
|
silverwind
|
cf1e4d7c42 |
Update GitHub Actions to latest major versions (#36964)
Update all Actions to their latest major versions: - `actions/checkout`: v5 → v6 - `dorny/paths-filter`: v3 → v4 - `pnpm/action-setup`: v4 → v5 - `docker/setup-qemu-action`: v3 → v4 - `docker/setup-buildx-action`: v3 → v4 - `docker/build-push-action`: v6 → v7 - `docker/metadata-action`: v5 → v6 - `docker/login-action`: v3 → v4 - `crazy-max/ghaction-import-gpg`: v6 → v7 - `aws-actions/configure-aws-credentials`: v5 → v6 All updates are Node 24 runtime bumps with no workflow-breaking changes for our usage. Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com> |
||
|
silverwind
|
08254cf126 |
Enable docker layer caching for dry-run and nightly container builds (#36738)
Enable Docker BuildKit layer caching for the dry-run and nightly container build workflows using GHCR registry cache. - **Dry-run** (`pull-docker-dryrun.yml`): adds `cache-from`, read-only, PRs can't write cache - **Nightly** (`release-nightly.yml`): adds `cache-from` and `cache-to` to both read and write cach --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
silverwind
|
18e0746b7b |
Rework e2e tests (#36634)
- Replace the e2e tests initialization with a simple bash script, removing the previous Go harness. - `make test-e2e` is the single entry point. It always starts a fully isolated ephemeral Gitea instance with its own temp directory, SQLite database, and config — no interference with the developer's running instance. - A separate `gitea-e2e` binary is built via `EXECUTABLE_E2E` using `TEST_TAGS` (auto-includes sqlite with `CGO_ENABLED=1`), keeping the developer's regular `gitea` binary untouched. - No more split into database-specific e2e tests. Test timeouts are strict, can be relaxed later if needed. - Simplified and streamlined the playwright config and test files. - Remove all output generation of playwright and all references to visual testing. - Tests run on Chrome locally, Chrome + Firefox on CI. - Simplified CI workflow — visible separate steps for frontend, backend, and test execution. - All exported env vars use `GITEA_TEST_E2E_*` prefix. - Use `GITEA_TEST_E2E_FLAGS` to pass flags to playwright, e.g. `GITEA_TEST_E2E_FLAGS="--ui" make test-e2e` for UI mode or `GITEA_TEST_E2E_FLAGS="--headed" make test-e2e` for headed mode. - Use `GITEA_TEST_E2E_DEBUG=1 make test-e2e` to show Gitea server output. --------- Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
silverwind
|
5e9b9b33d1 |
Clean up Makefile, tests and legacy code (#36638)
This simplifies the Makefile by removing the whole-file wrapping that creates a tempdir introduced by https://github.com/go-gitea/gitea/pull/11126. REPO_TEST_DIR is removed as well. Also clean up a lot of legacy code: unnecessary XSS test, incorrect test env init, unused "_old_uid" hack, etc Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
techknowlogick
|
2cdf86e184 | automate updating nix flakes (#35641) | ||
|
silverwind
|
9d96039027 |
Bump alpine to 3.23, add platforms to docker-dryrun (#36379)
- Bump alpine to 3.23 following https://github.com/go-gitea/gitea/pull/36185 and https://github.com/go-gitea/gitea/pull/36202. - Enable all architectures in `docker-dryrun`. - Tweak actions conditions to be more precise. --------- Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: techknowlogick <techknowlogick@gitea.com> Co-authored-by: Giteabot <teabot@gitea.io> |
||
|
silverwind
|
49edbbbc2e |
Update JS and PY deps (#36383)
- Update JS and PY dependencies - Workaround https://github.com/stylelint/stylelint/issues/8893 by moving the stylint config file to JS - Regenerate SVGs - Bump to python 3.14 in devcontainer and actions - Verified `@github/text-expander-element` - Removed obsolete type stub |
||
|
dependabot[bot]
|
b1b5897795 |
Bump appleboy/git-push-action from 1.0.0 to 1.2.0 (#36306)
Bumps [appleboy/git-push-action](https://github.com/appleboy/git-push-action) from 1.0.0 to 1.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/appleboy/git-push-action/releases">appleboy/git-push-action's releases</a>.</em></p> <blockquote> <h2>v1.2.0</h2> <h2>Changelog</h2> <h3>Features</h3> <ul> <li>2722561d2c158e67f0e4b908bda83937e53bbdd4: feat: add options for insecure SSL and SSH version selection (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Others</h3> <ul> <li>2c87d5bacd46972f72523394e67af39825081037: style: standardize YAML quoting and update input descriptions (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>66a962f89a56024b2a36de61fe65ba6b9994be15: fix: rename drone-git-push env vars and update default version (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Enhancements</h3> <ul> <li>e37f17de403a8b0b59184d852be6b7a7e017d376: chore: mark all directories as safe in global git configuration (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Refactor</h3> <ul> <li>7bdda76242d8f6b40576a039a2d2233c43b7661e: refactor: refactor GitHub Action to use Bash instead of Docker (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>4873de66e7bed19267cc8cd66959005c42d41cc7: refactor: simplify stdout capturing by removing legacy logic (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Build process updates</h3> <ul> <li>d1c361f2d2e128593b5dfeb3c2d9a5c6a1af7128: ci: run Docker actions as nobody and inject GITHUB_WORKSPACE (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>fdf995de1284df95f38a3d99275eb38537eb05a4: ci: simplify Docker action environment variable configuration (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>8e938ac7df8937d595e4c4fcf345139339a34819: ci: update GITHUB_WORKSPACE to use /github/home path (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Documentation updates</h3> <ul> <li>3b2c8661652360dbf1afe1b319a49dbb739c39f1: docs: migrate to composite GitHub Action and standardize env vars (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h2>v1.1.0</h2> <h2>Changelog</h2> <h3>Features</h3> <ul> <li>28a54bbef16233cbea6f9fe39f318a4f055cd749: feat: add mirror input support to GitHub Action configuration (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>a63ac675f748ad297929b6d9688f94939fbe3dea: fix: fix spelling of 'force' option in git push actions (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Enhancements</h3> <ul> <li>ee39884535468c8b6f101c0980aec38a61bc6c8b: chore(readme): refactor codebase and update dependencies (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>94fb0c0d87ba52affdcb2daf8505a0e7f086f205: chore: bump drone-git-push base image to version 1.2.0 (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>a939634b19fa88f0d4c853f4b604a4df5549911d: chore: pin Drone Git Push image to a specific version (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Build process updates</h3> <ul> <li>0a16d15bfdca306c84a299db735f248e9d408bb3: ci: improve CI workflow for semantic version releases (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>1807bf9a1b801f99799e4e2a64ca1c6b11301fc3: ci: automate maintenance and enhance repository security (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>f39abba130277d16a141588c1b4c194a8f0b4636: build: run container as non-root user for enhanced security (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>ed86ac596a332db5353062d7cbdf24d61554f5f1: ci: update CI workflows to trigger on main branch (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>cd8de7f6c86b1390f0108011580b6c9845b9f5df: build: eliminate "nobody" user references from Dockerfile (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>7465fee0c6ac1466048408a99c52598be9abf00f: ci: update CI workflow to use newer actions/checkout version (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>b9d4e07212dd711b7e57352e5b6172038ab20f6e: build: simplify Docker build by removing entrypoint.sh chmod step (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>14d3003b72ea485bf8707bfbef4926eca78cc341: build: upgrade CI pipeline to latest drone-git-push base image (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Documentation updates</h3> <ul> <li>378ab1be62cfbae4111d3bbbec417d5b2e97134d: docs: clarify and standardize input and action descriptions (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>4c679526c0d1910c6e058a82fdde978d5cd8c0c2: docs: revamp documentation with expanded features and usage examples (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>61f29e5108e85fa252a0556c08ec87f0c425f1b2: docs: document GitHub Action integration and Claude Code guidelines (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>a7ef8abff3f71345b67dc056ac3d7b2d006efa42: docs: add Trivy security scan badge to documentation (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Lunny Xiao
|
ffea9a27c3 |
Convert locale files from ini to json format (#35489)
Migrate from the current INI format to JSON for translations. JSON is widely supported, including by platforms such as Crowdin and Weblate. |
||
|
dependabot[bot]
|
9764ae87d2 |
Bump crowdin/github-action from 1 to 2 (#36204)
Bumps [crowdin/github-action](https://github.com/crowdin/github-action) from 1 to 2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/crowdin/github-action/releases">crowdin/github-action's releases</a>.</em></p> <blockquote> <h2>v2.0.0</h2> <h2>What's Changed</h2> <h3>Features</h3> <ul> <li>Now the Action uses the new <a href="https://crowdin.github.io/crowdin-cli/blog/2024/05/28/cli-v4">CLI v4</a></li> </ul> <h3>Deprecations</h3> <p>Removed deprecated options:</p> <ul> <li><code>add_crowdin_branch</code></li> <li><code>new_branch_title</code></li> <li><code>new_branch_export_pattern</code></li> <li><code>new_branch_priority</code></li> <li><code>delete_crowdin_branch</code></li> </ul> <p>Instead, use the <code>command: branch add <name></code> to create a new branch.</p> <ul> <li><code>identity</code> - this option doesn't make much sense in the context of the GitHub action, where environment variables are a de facto standard for credentials loading.</li> </ul> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/crowdin/github-action/compare/v1.20.4...v2.0.0">https://github.com/crowdin/github-action/compare/v1.20.4...v2.0.0</a></p> <h2>v1.20.4</h2> <h2>What's Changed</h2> <ul> <li>CLI <a href="https://github.com/crowdin/crowdin-cli/releases/tag/3.19.4">3.19.4</a> by <a href="https://github.com/andrii-bodnar"><code>@andrii-bodnar</code></a></li> <li>ci: upgrade actions by <a href="https://github.com/andrii-bodnar"><code>@andrii-bodnar</code></a> in <a href="https://redirect.github.com/crowdin/github-action/pull/226">crowdin/github-action#226</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/crowdin/github-action/compare/v1.20.3...v1.20.4">https://github.com/crowdin/github-action/compare/v1.20.3...v1.20.4</a></p> <h2>v1.20.3</h2> <h2>What's Changed</h2> <ul> <li>CLI <a href="https://github.com/crowdin/crowdin-cli/releases/tag/3.19.3">3.19.3</a> by <a href="https://github.com/andrii-bodnar"><code>@andrii-bodnar</code></a></li> <li>chore: deprecate the 'identity' option by <a href="https://github.com/andrii-bodnar"><code>@andrii-bodnar</code></a> in <a href="https://redirect.github.com/crowdin/github-action/pull/224">crowdin/github-action#224</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/crowdin/github-action/compare/v1.20.2...v1.20.3">https://github.com/crowdin/github-action/compare/v1.20.2...v1.20.3</a></p> <h2>v1.20.2</h2> <h2>What's Changed</h2> <ul> <li>CLI <a href="https://github.com/crowdin/crowdin-cli/releases/tag/3.19.2">3.19.2</a> by <a href="https://github.com/andrii-bodnar"><code>@andrii-bodnar</code></a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/crowdin/github-action/compare/v1.20.1...v1.20.2">https://github.com/crowdin/github-action/compare/v1.20.1...v1.20.2</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
684a541799 |
Bump appleboy/git-push-action from 0.0.3 to 1.0.0 (#36194)
Bumps [appleboy/git-push-action](https://github.com/appleboy/git-push-action) from 0.0.3 to 1.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/appleboy/git-push-action/releases">appleboy/git-push-action's releases</a>.</em></p> <blockquote> <h2>v1.0.0</h2> <h2>Changelog</h2> <h3>Enhancements</h3> <ul> <li>50ae8aaf06c6fc08b3d13da3aa03deb50d970125: chore(docker): improve overall system performance and API integration (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Build process updates</h3> <ul> <li>feea2e25baaa5ea24a9689a8af03f229ec1dd1a2: ci: improve testing workflow and API usage (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>5d65d1094eb0415898554ba83c4f3196778f9a85: ci: improve testing workflow and API usage (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>b31dd8d6e7ba1e80a96a4772d8c4290fe7bac0ce: build: update base image in Dockerfile (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>fc585cfea49d10c08f8009f674c05961a0934647: ci(goreleaser): implement automated release process with GoReleaser (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>b1e5e3d76ccb4afd43bc0859672a6f9113fa0458: ci(test): optimize CI workflow and test configurations (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Documentation updates</h3> <ul> <li>8f1f45876617e5d74085a38164c421be39f099b3: docs(readme): refactor codebase and improve test coverage (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
silverwind
|
b915e6908c |
Add JSON linting (#36192)
Uses https://github.com/eslint/json to lint all JSON and JSONC files in the repo. |
||
|
silverwind
|
36aa39fffe | Bump setup-node to v6, re-enable cache (#36207) | ||
|
dependabot[bot]
|
5fa40bacea |
Bump astral-sh/setup-uv from 6 to 7 (#36198)
Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 6 to 7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/setup-uv/releases">astral-sh/setup-uv's releases</a>.</em></p> <blockquote> <h2>v7.0.0 🌈 node24 and a lot of bugfixes</h2> <h2>Changes</h2> <p>This release comes with a load of bug fixes and a speed up. Because of switching from node20 to node24 it is also a breaking change. If you are running on GitHub hosted runners this will just work, if you are using self-hosted runners make sure, that your runners are up to date. If you followed the normal installation instructions your self-hosted runner will keep itself updated.</p> <p>This release also removes the deprecated input <code>server-url</code> which was used to download uv releases from a different server. The <a href="https://github.com/astral-sh/setup-uv?tab=readme-ov-file#manifest-file">manifest-file</a> input supersedes that functionality by adding a flexible way to define available versions and where they should be downloaded from.</p> <h3>Fixes</h3> <ul> <li>The action now respects when the environment variable <code>UV_CACHE_DIR</code> is already set and does not overwrite it. It now also finds <a href="https://docs.astral.sh/uv/reference/settings/#cache-dir">cache-dir</a> settings in config files if you set them.</li> <li>Some users encountered problems that <a href="https://github.com/astral-sh/setup-uv?tab=readme-ov-file#disable-cache-pruning">cache pruning</a> took forever because they had some <code>uv</code> processes running in the background. Starting with uv version <code>0.8.24</code> this action uses <code>uv cache prune --ci --force</code> to ignore the running processes</li> <li>If you just want to install uv but not have it available in path, this action now respects <code>UV_NO_MODIFY_PATH</code></li> <li>Some other actions also set the env var <code>UV_CACHE_DIR</code>. This action can now deal with that but as this could lead to unwanted behavior in some edgecases a warning is now displayed.</li> </ul> <h3>Improvements</h3> <p>If you are using minimum version specifiers for the version of uv to install for example</p> <pre lang="toml"><code>[tool.uv] required-version = ">=0.8.17" </code></pre> <p>This action now detects that and directly uses the latest version. Previously it would download all available releases from the uv repo to determine the highest matching candidate for the version specifier, which took much more time.</p> <p>If you are using other specifiers like <code>0.8.x</code> this action still needs to download all available releases because the specifier defines an upper bound (not 0.9.0 or later) and "latest" would possibly not satisfy that.</p> <h2>🚨 Breaking changes</h2> <ul> <li>Use node24 instead of node20 <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/608">#608</a>)</li> <li>Remove deprecated input server-url <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/607">#607</a>)</li> </ul> <h2>🐛 Bug fixes</h2> <ul> <li>Respect UV_CACHE_DIR and cache-dir <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/612">#612</a>)</li> <li>Use --force when pruning cache <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/611">#611</a>)</li> <li>Respect UV_NO_MODIFY_PATH <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/603">#603</a>)</li> <li>Warn when <code>UV_CACHE_DIR</code> has changed <a href="https://github.com/jamesbraza"><code>@jamesbraza</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/601">#601</a>)</li> </ul> <h2>🚀 Enhancements</h2> <ul> <li>Shortcut to latest version for minimum version specifier <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/598">#598</a>)</li> </ul> <h2>🧰 Maintenance</h2> <ul> <li>Bump dependencies <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/613">#613</a>)</li> <li>Fix test-uv-no-modify-path <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/604">#604</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
dcad5d8879 |
Bump dev-hanz-ops/install-gh-cli-action from 0.1.0 to 0.2.1 (#36195)
Bumps [dev-hanz-ops/install-gh-cli-action](https://github.com/dev-hanz-ops/install-gh-cli-action) from 0.1.0 to 0.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dev-hanz-ops/install-gh-cli-action/releases">dev-hanz-ops/install-gh-cli-action's releases</a>.</em></p> <blockquote> <h2>v0.2.1 - arm64 support</h2> <ul> <li>support arm64 architecture - <a href="https://redirect.github.com/dev-hanz-ops/install-gh-cli-action/pull/10">dev-hanz-ops/install-gh-cli-action#10</a> (by <a href="https://github.com/whatthefinemanual"><code>@whatthefinemanual</code></a>)</li> </ul> <h2>v0.2.0 - update to node20</h2> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5f5a87f015 |
Bump aws-actions/configure-aws-credentials from 4 to 5 (#36196)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) from 4 to 5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aws-actions/configure-aws-credentials/releases">aws-actions/configure-aws-credentials's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2><a href="https://github.com/aws-actions/configure-aws-credentials/compare/v4.3.1...v5.0.0">5.0.0</a> (2025-09-03)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>Cleanup input handling. Changes invalid boolean input behavior (see <a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1445">#1445</a>)</li> </ul> <h3>Features</h3> <ul> <li>add skip OIDC option (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1458">#1458</a>) (<a href=" |
||
|
dependabot[bot]
|
aca6726607 |
Bump docker/build-push-action from 5 to 6 (#36197)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5 to 6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/build-push-action/releases">docker/build-push-action's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <ul> <li>Export build record and generate <a href="https://docs.docker.com/build/ci/github-actions/build-summary/">build summary</a> by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1120">docker/build-push-action#1120</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.24.0 to 0.26.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1132">docker/build-push-action#1132</a> <a href="https://redirect.github.com/docker/build-push-action/pull/1136">docker/build-push-action#1136</a> <a href="https://redirect.github.com/docker/build-push-action/pull/1138">docker/build-push-action#1138</a></li> <li>Bump braces from 3.0.2 to 3.0.3 in <a href="https://redirect.github.com/docker/build-push-action/pull/1137">docker/build-push-action#1137</a></li> </ul> <blockquote> <p>[!NOTE] This major release adds support for generating <a href="https://docs.docker.com/build/ci/github-actions/build-summary/">Build summary</a> and exporting build record for your build. You can disable this feature by setting <a href="https://docs.docker.com/build/ci/github-actions/build-summary/#disable-job-summary"> <code>DOCKER_BUILD_SUMMARY: false</code> environment variable in your workflow</a>.</p> </blockquote> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v5.4.0...v6.0.0">https://github.com/docker/build-push-action/compare/v5.4.0...v6.0.0</a></p> <h2>v5.4.0</h2> <ul> <li>Show builder information before building by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1128">docker/build-push-action#1128</a></li> <li>Handle attestations correctly with provenance and sbom inputs by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1086">docker/build-push-action#1086</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.19.0 to 0.24.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1088">docker/build-push-action#1088</a> <a href="https://redirect.github.com/docker/build-push-action/pull/1105">docker/build-push-action#1105</a> <a href="https://redirect.github.com/docker/build-push-action/pull/1121">docker/build-push-action#1121</a> <a href="https://redirect.github.com/docker/build-push-action/pull/1127">docker/build-push-action#1127</a></li> <li>Bump undici from 5.28.3 to 5.28.4 in <a href="https://redirect.github.com/docker/build-push-action/pull/1090">docker/build-push-action#1090</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v5.3.0...v5.4.0">https://github.com/docker/build-push-action/compare/v5.3.0...v5.4.0</a></p> <h2>v5.3.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.18.0 to 0.19.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1080">docker/build-push-action#1080</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v5.2.0...v5.3.0">https://github.com/docker/build-push-action/compare/v5.2.0...v5.3.0</a></p> <h2>v5.2.0</h2> <ul> <li>Disable quotes detection for <code>outputs</code> input by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1074">docker/build-push-action#1074</a></li> <li>Warn about ignored inputs by <a href="https://github.com/favonia"><code>@favonia</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1019">docker/build-push-action#1019</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.14.0 to 0.18.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1070">docker/build-push-action#1070</a></li> <li>Bump undici from 5.26.3 to 5.28.3 in <a href="https://redirect.github.com/docker/build-push-action/pull/1057">docker/build-push-action#1057</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v5.1.0...v5.2.0">https://github.com/docker/build-push-action/compare/v5.1.0...v5.2.0</a></p> <h2>v5.1.0</h2> <ul> <li>Add <code>annotations</code> input by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/992">docker/build-push-action#992</a></li> <li>Add <code>secret-envs</code> input by <a href="https://github.com/elias-lundgren"><code>@elias-lundgren</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/980">docker/build-push-action#980</a></li> <li>Bump <code>@babel/traverse</code> from 7.17.3 to 7.23.2 in <a href="https://redirect.github.com/docker/build-push-action/pull/991">docker/build-push-action#991</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.13.0-rc.1 to 0.14.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/990">docker/build-push-action#990</a> <a href="https://redirect.github.com/docker/build-push-action/pull/1006">docker/build-push-action#1006</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v5.0.0...v5.1.0">https://github.com/docker/build-push-action/compare/v5.0.0...v5.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
silverwind
|
3e57ba5b36 |
Add permissions tofiles-changed jobs (#36142)
Followup to https://github.com/go-gitea/gitea/pull/36140. `files-changed` is a job that imports another workflow via `uses` statement but CodeQL still complains about lack of permissions on these jobs, so add it. This will fix the remaining [3 CodeQL issues](https://github.com/go-gitea/gitea/security/code-scanning?query=is%3Aopen+branch%3Amain+permissions). |
||
|
silverwind
|
4c06c98dda |
Add explicit permissions to all actions workflows (#36140)
Explicitely specify all workflow [`permissions`](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#permissions). This will fix [26 CodeQL alerts](https://github.com/go-gitea/gitea/security/code-scanning?query=permissions+is%3Aopen+branch%3Amain+). |
||
|
silverwind
|
87b855bd15 |
Bump actions/checkout to v6 (#36136)
https://github.com/actions/checkout#checkout-v6 Result of `perl -p -i -e 's#actions\/checkout\@v5#actions/checkout\@v6#g' .github/workflows/*` |
||
|
silverwind
|
66707bc3ea |
Fix actions lint (#36029)
actionlint since https://github.com/rhysd/actionlint/releases/tag/v1.7.9
detects constant conditions and this workflow was being disabled in
|
||
|
TheFox0x7
|
685c8c314f |
Add cache to container build (#35697)
add mount cache directives to container builds, which speeds up local builds bypassing node and go package download entirely on second build and caching go compilation. drop job level split on regular/rootless, which allows to reuse the previously made stage for rootless, skipping duplicate builds in CI. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> |
||
|
silverwind
|
5bf7cf788d |
Bump actions/labeler to v6 (#35681)
https://github.com/actions/labeler/releases/tag/v6.0.0 |
||
|
silverwind
|
96102c69e7 | Bump setup-go to v6 (#35660) | ||
|
silverwind
|
912515e63a | Bump actions/checkout to v5 (#35644) | ||
|
junoberryferry
|
151ef80e28 |
use experimental go json v2 library (#35392)
details: https://pkg.go.dev/encoding/json/v2 --------- Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
silverwind
|
4d43d85941 |
Bump setup-node to v5 (#35448)
See https://github.com/actions/setup-node/releases/tag/v5.0.0 Caching is now enabled by default when `packageManager` is present in package.json, and we have that. `cache-dependency-path` is unneccesary because the action will automatically detect it. |
||
|
techknowlogick
|
361e59fd53 |
Switch to pnpm (#35274)
Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: silverwind <me@silverwind.io> |
||
|
silverwind
|
ca6c0dee2e |
Switch bitnami images to bitnamilegacy on CI (#35402)
As per https://github.com/bitnami/containers/issues/83267, my understanding is that the `docker.io/bitnami` images will be deleted on September 29. To prevent this failure mode, use the images on the `bitnamilegacy` org instead which are snapshots from when they stopped updating them. Long-term, we should replace these images with official ones. |
||
|
techknowlogick
|
ed8d4dc37a |
rename nightly docker tag for main branch (#35344)
fixes https://github.com/go-gitea/gitea/issues/35338 |
||
|
silverwind
|
3531e9dbfd |
Replace setup-python with setup-uv (#35116)
|
||
|
silverwind
|
7413e8583d |
Replace poetry with uv (#35084)
|