change log for 1.26.1 (#37357)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

CHANGELOG.md

@@ -4,6 +4,28 @@ This changelog goes through the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.com).
 
+## [1.26.1](https://github.com/go-gitea/gitea/releases/tag/v1.26.1) - 2026-04-21
+
+* BUGFIXES
+  * Add event.schedule context for schedule actions task (#37320) (#37348)
+  * Fix an issue where changing an organization's visibility caused problems when users had forked its repositories. (#37324) (#37344)
+  * Use modern "git update-index --cacheinfo" syntax to support more file names (#37338) (#37343)
+  * Fix URL related escaping for oauth2 (#37334) (#37340)
+  * When the requested arch rpm is missing fall back to noarch (#37236) (#37339)
+  * Fix actions concurrency groups cross-branch leak (#37311) (#37331)
+  * Fix bug when accessing user badges (#37321) (#37329)
+  * Fix AppFullLink (#37325) (#37328)
+  * Fix container auth for public instance (#37290) (#37294)
+  * Enhance GetActionWorkflow to support fallback references (#37189) (#37283)
+  * Fix vite manifest update masking build errors (#37279) (#37310)
+  * Fix Mermaid diagrams failing when node labels contain line breaks (#37296) (#37299)
+  * Use TriggerEvent instead of Event in workflow runs API response for scheduled runs (#37288) #37360
+  * Add URL to Learn more about blocking a user. (#37355) #37367
+  * Fix button layout shift when collapsing file tree in editor (#37363) #37375
+  * Fix org team assignee/reviewer lookups for team member permissions (#37365) #37391
+  * Fix repo init README EOL (#37388) #37399
+  * Fix: dump with default zip type produces uncompressed zip (#37401)#37402
+
 ## [1.26.0](https://github.com/go-gitea/gitea/releases/tag/v1.26.0) - 2026-04-17
 
 * BREAKING

models/organization/org_user.go

@@ -8,10 +8,7 @@ import (
 	"fmt"
 
 	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/perm"
-	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/container"
 	"code.gitea.io/gitea/modules/log"
 
 	"xorm.io/builder"
@@ -129,49 +126,6 @@ func IsUserOrgOwner(ctx context.Context, users user_model.UserList, orgID int64)
 	return results
 }
 
-// GetOrgAssignees returns all users that have write access and can be assigned to issues
-// of the any repository in the organization.
-func GetOrgAssignees(ctx context.Context, orgID int64) (_ []*user_model.User, err error) {
-	e := db.GetEngine(ctx)
-	userIDs := make([]int64, 0, 10)
-	if err = e.Table("access").
-		Join("INNER", "repository", "`repository`.id = `access`.repo_id").
-		Where("`repository`.owner_id = ? AND `access`.mode >= ?", orgID, perm.AccessModeWrite).
-		Select("user_id").
-		Find(&userIDs); err != nil {
-		return nil, err
-	}
-
-	additionalUserIDs := make([]int64, 0, 10)
-	if err = e.Table("team_user").
-		Join("INNER", "team_repo", "`team_repo`.team_id = `team_user`.team_id").
-		Join("INNER", "team_unit", "`team_unit`.team_id = `team_user`.team_id").
-		Join("INNER", "repository", "`repository`.id = `team_repo`.repo_id").
-		Where("`repository`.owner_id = ? AND (`team_unit`.access_mode >= ? OR (`team_unit`.access_mode = ? AND `team_unit`.`type` = ?))",
-			orgID, perm.AccessModeWrite, perm.AccessModeRead, unit.TypePullRequests).
-		Distinct("`team_user`.uid").
-		Select("`team_user`.uid").
-		Find(&additionalUserIDs); err != nil {
-		return nil, err
-	}
-
-	uniqueUserIDs := make(container.Set[int64])
-	uniqueUserIDs.AddMultiple(userIDs...)
-	uniqueUserIDs.AddMultiple(additionalUserIDs...)
-
-	users := make([]*user_model.User, 0, len(uniqueUserIDs))
-	if len(userIDs) > 0 {
-		if err = e.In("id", uniqueUserIDs.Values()).
-			Where(builder.Eq{"`user`.is_active": true}).
-			OrderBy(user_model.GetOrderByName()).
-			Find(&users); err != nil {
-			return nil, err
-		}
-	}
-
-	return users, nil
-}
-
 func loadOrganizationOwners(ctx context.Context, users user_model.UserList, orgID int64) (map[int64]*TeamUser, error) {
 	if len(users) == 0 {
 		return nil, nil //nolint:nilnil // return nil when there are no users

models/repo/user_repo.go

@@ -8,6 +8,7 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/organization"
 	"code.gitea.io/gitea/models/perm"
 	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
@@ -94,8 +95,7 @@ func GetWatchedRepos(ctx context.Context, opts *WatchedReposOptions) ([]*Reposit
 	return db.FindAndCount[Repository](ctx, opts)
 }
 
-// GetRepoAssignees returns all users that have write access and can be assigned to issues
-// of the repository,
+// GetRepoAssignees returns all users that have write access and can be assigned to issues or pull-requests of the repository,
 func GetRepoAssignees(ctx context.Context, repo *Repository) (_ []*user_model.User, err error) {
 	if err = repo.LoadOwner(ctx); err != nil {
 		return nil, err
@@ -114,15 +114,9 @@ func GetRepoAssignees(ctx context.Context, repo *Repository) (_ []*user_model.Us
 	uniqueUserIDs.AddMultiple(userIDs...)
 
 	if repo.Owner.IsOrganization() {
-		additionalUserIDs := make([]int64, 0, 10)
-		if err = e.Table("team_user").
-			Join("INNER", "team_repo", "`team_repo`.team_id = `team_user`.team_id").
-			Join("INNER", "team_unit", "`team_unit`.team_id = `team_user`.team_id").
-			Where("`team_repo`.repo_id = ? AND (`team_unit`.access_mode >= ? OR (`team_unit`.access_mode = ? AND `team_unit`.`type` = ?))",
-				repo.ID, perm.AccessModeWrite, perm.AccessModeRead, unit.TypePullRequests).
-			Distinct("`team_user`.uid").
-			Select("`team_user`.uid").
-			Find(&additionalUserIDs); err != nil {
+		// issues and pull requests both need "assignee list"
+		additionalUserIDs, err := organization.GetTeamUserIDsWithAccessToAnyRepoUnit(ctx, repo.OwnerID, repo.ID, perm.AccessModeRead, unit.TypeIssues, unit.TypePullRequests)
+		if err != nil {
 			return nil, err
 		}
 		uniqueUserIDs.AddMultiple(additionalUserIDs...)

models/repo/user_repo_test.go

@@ -6,7 +6,12 @@ package repo_test
 import (
 	"testing"
 
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/organization"
+	perm_model "code.gitea.io/gitea/models/perm"
+	access_model "code.gitea.io/gitea/models/perm/access"
 	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 
@@ -14,9 +19,14 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func TestRepoAssignees(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
+func TestUserRepo(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+	t.Run("GetIssuePostersWithSearch", testUserRepoGetIssuePostersWithSearch)
+	t.Run("Assignees", testUserRepoAssignees)
+	t.Run("AssigneesNoTeamUnit", testRepoAssigneesNoTeamUnit)
+}
 
+func testUserRepoAssignees(t *testing.T) {
 	repo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2})
 	users, err := repo_model.GetRepoAssignees(t.Context(), repo2)
 	assert.NoError(t, err)
@@ -39,9 +49,29 @@ func TestRepoAssignees(t *testing.T) {
 	}
 }
 
-func TestGetIssuePostersWithSearch(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
+func testRepoAssigneesNoTeamUnit(t *testing.T) {
+	ctx := t.Context()
 
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 32})
+	require.NoError(t, repo.LoadOwner(ctx))
+	require.True(t, repo.Owner.IsOrganization())
+
+	require.NoError(t, db.TruncateBeans(ctx, &organization.Team{}, &organization.TeamUser{}, &organization.TeamRepo{}, &organization.TeamUnit{}, &access_model.Access{}))
+
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})
+	team := &organization.Team{OrgID: repo.OwnerID, LowerName: "admin-team", AccessMode: perm_model.AccessModeAdmin}
+	require.NoError(t, db.Insert(ctx, team))
+	require.NoError(t, db.Insert(ctx, &organization.TeamUser{OrgID: repo.OwnerID, TeamID: team.ID, UID: user.ID}))
+	require.NoError(t, db.Insert(ctx, &organization.TeamRepo{OrgID: repo.OwnerID, TeamID: team.ID, RepoID: repo.ID}))
+	require.NoError(t, db.Insert(ctx, &organization.TeamUnit{OrgID: repo.OwnerID, TeamID: team.ID, Type: unit.TypePullRequests, AccessMode: perm_model.AccessModeNone}))
+
+	users, err := repo_model.GetRepoAssignees(ctx, repo)
+	require.NoError(t, err)
+	require.Len(t, users, 1)
+	assert.ElementsMatch(t, []int64{4}, []int64{users[0].ID})
+}
+
+func testUserRepoGetIssuePostersWithSearch(t *testing.T) {
 	repo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2})
 
 	users, err := repo_model.GetIssuePostersWithSearch(t.Context(), repo2, false, "USER")

modules/dump/dumper.go

@@ -4,6 +4,7 @@
 package dump
 
 import (
+	"archive/zip"
 	"context"
 	"errors"
 	"fmt"
@@ -85,7 +86,7 @@ func NewDumper(ctx context.Context, format string, output io.Writer) (*Dumper, e
 	var comp archives.ArchiverAsync
 	switch format {
 	case "zip":
-		comp = archives.Zip{}
+		comp = archives.Zip{Compression: zip.Deflate}
 	case "tar":
 		comp = archives.Tar{}
 	case "tar.sz":

modules/util/util.go

@@ -255,11 +255,13 @@ func EnumValue[T comparable](val EnumConst[T]) (ret T, valid bool) {
 	return enums[0], false
 }
 
-func ReserveLineBreakForTextarea(input string) string {
+func NormalizeStringEOL(input string) string {
 	// Since the content is from a form which is a textarea, the line endings are \r\n.
 	// It's a standard behavior of HTML.
-	// But we want to store them as \n like what GitHub does.
-	// And users are unlikely to really need to keep the \r.
+	// But in most cases, we only want "\n" for EOL
+	// * Text files: use "\n" by default because "\r\n" sometimes doesn't work in POSIX
+	// * Actions values: store them as "\n" like what GitHub does.
+	// And users are unlikely to really need the "\r".
 	// Other than this, we should respect the original content, even leading or trailing spaces.
-	return strings.ReplaceAll(input, "\r\n", "\n")
+	return UnsafeBytesToString(NormalizeEOL(UnsafeStringToBytes(input)))
 }

modules/util/util_test.go

@@ -175,9 +175,9 @@ func TestToTitleCase(t *testing.T) {
 	assert.Equal(t, `Foo Bar Baz`, ToTitleCase(`FOO BAR BAZ`))
 }
 
-func TestReserveLineBreakForTextarea(t *testing.T) {
-	assert.Equal(t, "test\ndata", ReserveLineBreakForTextarea("test\r\ndata"))
-	assert.Equal(t, "test\ndata\n", ReserveLineBreakForTextarea("test\r\ndata\r\n"))
+func TestNormalizeStringEOL(t *testing.T) {
+	assert.Equal(t, "test\ndata", NormalizeStringEOL("test\r\ndata"))
+	assert.Equal(t, " test\ndata\n ", NormalizeStringEOL(" test\rdata\r "))
 }
 
 func TestOptionalArg(t *testing.T) {

routers/web/org/projects.go

@@ -11,7 +11,6 @@ import (
 
 	"code.gitea.io/gitea/models/db"
 	issues_model "code.gitea.io/gitea/models/issues"
-	org_model "code.gitea.io/gitea/models/organization"
 	project_model "code.gitea.io/gitea/models/project"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
@@ -459,9 +458,9 @@ func ViewProject(ctx *context.Context) {
 	ctx.Data["MilestoneID"] = milestoneID
 
 	// Get assignees.
-	assigneeUsers, err := org_model.GetOrgAssignees(ctx, project.OwnerID)
+	assigneeUsers, err := project_service.LoadIssuesAssigneesForProject(ctx, issuesMap)
 	if err != nil {
-		ctx.ServerError("GetRepoAssignees", err)
+		ctx.ServerError("LoadIssuesAssigneesForProject", err)
 		return
 	}
 	ctx.Data["Assignees"] = shared_user.MakeSelfOnTop(ctx.Doer, assigneeUsers)

routers/web/shared/secrets/secrets.go

@@ -29,7 +29,7 @@ func SetSecretsContext(ctx *context.Context, ownerID, repoID int64) {
 func PerformSecretsPost(ctx *context.Context, ownerID, repoID int64, redirectURL string) {
 	form := web.GetForm(ctx).(*forms.AddSecretForm)
 
-	s, _, err := secret_service.CreateOrUpdateSecret(ctx, ownerID, repoID, form.Name, util.ReserveLineBreakForTextarea(form.Data), form.Description)
+	s, _, err := secret_service.CreateOrUpdateSecret(ctx, ownerID, repoID, form.Name, util.NormalizeStringEOL(form.Data), form.Description)
 	if err != nil {
 		log.Error("CreateOrUpdateSecret failed: %v", err)
 		ctx.JSONError(ctx.Tr("secrets.save_failed"))

services/actions/variables.go

@@ -16,7 +16,7 @@ func CreateVariable(ctx context.Context, ownerID, repoID int64, name, data, desc
 		return nil, err
 	}
 
-	v, err := actions_model.InsertVariable(ctx, ownerID, repoID, name, util.ReserveLineBreakForTextarea(data), description)
+	v, err := actions_model.InsertVariable(ctx, ownerID, repoID, name, util.NormalizeStringEOL(data), description)
 	if err != nil {
 		return nil, err
 	}
@@ -29,7 +29,7 @@ func UpdateVariableNameData(ctx context.Context, variable *actions_model.ActionV
 		return false, err
 	}
 
-	variable.Data = util.ReserveLineBreakForTextarea(variable.Data)
+	variable.Data = util.NormalizeStringEOL(variable.Data)
 
 	return actions_model.UpdateVariableCols(ctx, variable, "name", "data", "description")
 }

services/projects/issue.go

@@ -6,11 +6,14 @@ package project
 import (
 	"context"
 	"errors"
+	"slices"
+	"strings"
 
 	"code.gitea.io/gitea/models/db"
 	issues_model "code.gitea.io/gitea/models/issues"
 	project_model "code.gitea.io/gitea/models/project"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/container"
 	"code.gitea.io/gitea/modules/optional"
 )
 
@@ -86,6 +89,31 @@ func MoveIssuesOnProjectColumn(ctx context.Context, doer *user_model.User, colum
 	})
 }
 
+func LoadIssuesAssigneesForProject(ctx context.Context, issuesMap map[int64]issues_model.IssueList) ([]*user_model.User, error) {
+	var issueList issues_model.IssueList
+	for _, colIssues := range issuesMap {
+		issueList = append(issueList, colIssues...)
+	}
+	err := issueList.LoadAssignees(ctx)
+	if err != nil {
+		return nil, err
+	}
+	users := make([]*user_model.User, 0, len(issueList))
+	usersAdded := container.Set[int64]{}
+	for _, issue := range issueList {
+		for _, assignee := range issue.Assignees {
+			if !usersAdded.Contains(assignee.ID) {
+				usersAdded.Add(assignee.ID)
+				users = append(users, assignee)
+			}
+		}
+	}
+	slices.SortFunc(users, func(a, b *user_model.User) int {
+		return strings.Compare(a.Name, b.Name)
+	})
+	return users, nil
+}
+
 // LoadIssuesFromProject load issues assigned to each project column inside the given project
 func LoadIssuesFromProject(ctx context.Context, project *project_model.Project, opts *issues_model.IssuesOptions) (results map[int64]issues_model.IssueList, _ error) {
 	issueList, err := issues_model.Issues(ctx, opts.Copy(func(o *issues_model.IssuesOptions) {

services/projects/issue_test.go

@@ -15,6 +15,7 @@ import (
 	user_model "code.gitea.io/gitea/models/user"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func Test_Projects(t *testing.T) {
@@ -207,4 +208,18 @@ func Test_Projects(t *testing.T) {
 			assert.Len(t, columnIssues[3], 1)
 		})
 	})
+
+	t.Run("LoadIssuesAssigneesForProject", func(t *testing.T) {
+		issuesMap := map[int64]issues_model.IssueList{}
+		issue1 := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: 1})
+		issue6 := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: 6})
+		issuesMap[1] = issues_model.IssueList{issue1}
+		issuesMap[2] = issues_model.IssueList{issue6}
+		assignees, err := LoadIssuesAssigneesForProject(t.Context(), issuesMap)
+		require.NoError(t, err)
+		require.Len(t, assignees, 3)
+		require.Equal(t, "user1", assignees[0].Name)
+		require.Equal(t, "user10", assignees[1].Name)
+		require.Equal(t, "user2", assignees[2].Name)
+	})
 }

services/pull/reviewer.go

@@ -40,15 +40,8 @@ func GetReviewers(ctx context.Context, repo *repo_model.Repository, doerID, post
 	uniqueUserIDs.AddMultiple(collaboratorIDs...)
 
 	if repo.Owner.IsOrganization() {
-		additionalUserIDs := make([]int64, 0, 10)
-		if err := e.Table("team_user").
-			Join("INNER", "team_repo", "`team_repo`.team_id = `team_user`.team_id").
-			Join("INNER", "team_unit", "`team_unit`.team_id = `team_user`.team_id").
-			Where("`team_repo`.repo_id = ? AND (`team_unit`.access_mode >= ? AND `team_unit`.`type` = ?)",
-				repo.ID, perm.AccessModeRead, unit.TypePullRequests).
-			Distinct("`team_user`.uid").
-			Select("`team_user`.uid").
-			Find(&additionalUserIDs); err != nil {
+		additionalUserIDs, err := organization.GetTeamUserIDsWithAccessToAnyRepoUnit(ctx, repo.OwnerID, repo.ID, perm.AccessModeRead, unit.TypePullRequests)
+		if err != nil {
 			return nil, err
 		}
 		uniqueUserIDs.AddMultiple(additionalUserIDs...)

services/repository/create.go

@@ -31,6 +31,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/templates/vars"
+	"code.gitea.io/gitea/modules/util"
 )
 
 // CreateRepoOptions contains the create repository options
@@ -85,7 +86,7 @@ func prepareRepoCommit(ctx context.Context, repo *repo_model.Repository, tmpDir
 	cloneLink := repo.CloneLink(ctx, nil /* no doer so do not generate user-related SSH link */)
 	match := map[string]string{
 		"Name":           repo.Name,
-		"Description":    repo.Description,
+		"Description":    util.NormalizeStringEOL(repo.Description),
 		"CloneURL.SSH":   cloneLink.SSH,
 		"CloneURL.HTTPS": cloneLink.HTTPS,
 		"OwnerName":      repo.OwnerName,

tests/e2e/events.test.ts

@@ -68,6 +68,13 @@ test.describe('events', () => {
     // Verify page2 is logged in
     await expect(page2.getByRole('link', {name: 'Sign In'})).toBeHidden();
 
+    // Give page2's SharedWorker time to register its SSE connection on the
+    // server — otherwise the logout event can race the connection and be
+    // silently dropped. See https://github.com/go-gitea/gitea/pull/37403
+    // In the future, we can set an attribute to HTML page when the connection is established,
+    // then here we can just wait for that attribute (it should also work for the planned WebSocket SharedWorker)
+    await page2.waitForTimeout(500); // eslint-disable-line playwright/no-wait-for-timeout
+
     // Logout from page1 — this sends a logout event to all tabs
     await page1.goto('/user/logout');