Merge branch 'master' of github.com:go-gitea/gitea into template-branch-prot

Author: jolheiser

.drone.yml

@@ -10,6 +10,12 @@ workspace:
   base: /go
   path: src/code.gitea.io/gitea
 
+trigger:
+  event:
+    - push
+    - tag
+    - pull_request
+
 steps:
   - name: deps-frontend
     pull: always
@@ -63,7 +69,7 @@ steps:
 
   - name: checks-backend
     pull: always
-    image: golang:1.14
+    image: golang:1.15
     commands:
       - make checks-backend
     depends_on: [lint-backend]
@@ -76,7 +82,7 @@ steps:
 
   - name: build-backend-no-gcc
     pull: always
-    image: golang:1.13 # this step is kept as the lowest version of golang that we support
+    image: golang:1.14 # this step is kept as the lowest version of golang that we support
     environment:
       GO111MODULE: on
       GOPROXY: off
@@ -131,6 +137,12 @@ platform:
 depends_on:
   - compliance
 
+trigger:
+  event:
+    - push
+    - tag
+    - pull_request
+
 workspace:
   base: /go
   path: src/code.gitea.io/gitea
@@ -164,7 +176,7 @@ services:
     image: elasticsearch:7.5.0
 
   - name: minio
-    image: minio/minio:RELEASE.2020-10-09T22-55-05Z
+    image: minio/minio:RELEASE.2021-01-16T02-19-44Z
     commands:
     - minio server /data
     environment:
@@ -306,6 +318,12 @@ platform:
 depends_on:
   - compliance
 
+trigger:
+  event:
+    - push
+    - tag
+    - pull_request
+
 workspace:
   base: /go
   path: src/code.gitea.io/gitea
@@ -404,7 +422,7 @@ steps:
 
   - name: update
     pull: default
-    image: alpine:3.12
+    image: alpine:3.13
     commands:
       - ./build/update-locales.sh
 
@@ -433,6 +451,45 @@ steps:
       CROWDIN_KEY:
         from_secret: crowdin_key
 
+---
+kind: pipeline
+name: update_gitignore_and_licenses
+
+platform:
+  os: linux
+  arch: amd64
+
+workspace:
+  base: /go
+  path: src/code.gitea.io/gitea
+
+trigger:
+  branch:
+    - master
+  event:
+    - cron
+  cron:
+    - update_gitignore_and_licenses
+
+steps:
+  - name: download
+    image: golang:1.15
+    commands:
+      - timeout -s ABRT 40m make generate-license generate-gitignore
+
+  - name: push
+    pull: always
+    image: appleboy/drone-git-push
+    settings:
+      author_email: "[email protected]"
+      author_name: GiteaBot
+      commit: true
+      commit_message: "[skip ci] Updated licenses and gitignores "
+      remote: "[email protected]:go-gitea/gitea.git"
+    environment:
+      GIT_PUSH_SSH_KEY:
+        from_secret: git_push_ssh_key
+
 ---
 kind: pipeline
 name: release-latest
@@ -623,6 +680,12 @@ platform:
 depends_on:
   - compliance
 
+trigger:
+  event:
+    - push
+    - tag
+    - pull_request
+
 steps:
   - name: build-docs
     pull: always

.github/FUNDING.yml

@@ -1 +1,2 @@
 open_collective: gitea
+custom: https://www.bountysource.com/teams/gitea

.golangci.yml

@@ -70,7 +70,7 @@ issues:
     - path: modules/log/
       linters:
         - errcheck
-    - path: routers/routes/macaron.go
+    - path: routers/routes/web.go
       linters:
         - dupl
     - path: routers/api/v1/repo/issue_subscription.go

Dockerfile

@@ -1,7 +1,7 @@
 
 ###################################
 #Build stage
-FROM golang:1.15-alpine3.12 AS build-env
+FROM golang:1.15-alpine3.13 AS build-env
 
 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -22,7 +22,7 @@ WORKDIR ${GOPATH}/src/code.gitea.io/gitea
 RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
  && make clean-all build
 
-FROM alpine:3.12
+FROM alpine:3.13
 LABEL maintainer="[email protected]"
 
 EXPOSE 22 3000

Dockerfile.rootless

@@ -1,7 +1,7 @@
 
 ###################################
 #Build stage
-FROM golang:1.15-alpine3.12 AS build-env
+FROM golang:1.15-alpine3.13 AS build-env
 
 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -22,7 +22,7 @@ WORKDIR ${GOPATH}/src/code.gitea.io/gitea
 RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
  && make clean-all build
 
-FROM alpine:3.12
+FROM alpine:3.13
 LABEL maintainer="[email protected]"
 
 EXPOSE 2222 3000

Makefile

@@ -25,7 +25,7 @@ HAS_GO = $(shell hash $(GO) > /dev/null 2>&1 && echo "GO" || echo "NOGO" )
 COMMA := ,
 
 XGO_VERSION := go-1.15.x
-MIN_GO_VERSION := 001013000
+MIN_GO_VERSION := 001014000
 MIN_NODE_VERSION := 010013000
 
 DOCKER_IMAGE ?= gitea/gitea
@@ -232,7 +232,7 @@ fmt:
 vet:
 	@echo "Running go vet..."
 	@$(GO) vet $(GO_PACKAGES)
-	@$(GO) build -mod=vendor code.gitea.io/gitea-vet
+	@GOOS= GOARCH= $(GO) build -mod=vendor code.gitea.io/gitea-vet
 	@$(GO) vet -vettool=gitea-vet $(GO_PACKAGES)
 
 .PHONY: $(TAGS_EVIDENCE)
@@ -709,7 +709,7 @@ pr\#%: clean-all
 golangci-lint:
 	@hash golangci-lint > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		export BINARY="golangci-lint"; \
-		curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(GOPATH)/bin v1.31.0; \
+		curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(GOPATH)/bin v1.35.2; \
 	fi
 	golangci-lint run --timeout 10m
 

README.md

@@ -42,6 +42,9 @@
   <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea" title="TODOs">
     <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea">
   </a>
+  <a href="https://www.bountysource.com/teams/gitea" title="Bountysource">
+    <img src="https://img.shields.io/bountysource/team/gitea/activity">
+  </a>
 </p>
 
 <p align="center">

README_ZH.md

@@ -42,6 +42,9 @@
   <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea" title="TODOs">
     <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea">
   </a>
+  <a href="https://img.shields.io/bountysource/team/gitea" title="Bountysource">
+    <img src="https://img.shields.io/bountysource/team/gitea/activity">
+  </a>
 </p>
 
 <p align="center">

cmd/dump.go

@@ -21,7 +21,7 @@ import (
 	"code.gitea.io/gitea/modules/storage"
 	"code.gitea.io/gitea/modules/util"
 
-	"gitea.com/macaron/session"
+	"gitea.com/go-chi/session"
 	archiver "github.com/mholt/archiver/v3"
 	"github.com/urfave/cli"
 )

cmd/serv.go

@@ -58,7 +58,7 @@ func setup(logPath string, debug bool) {
 	}
 	setting.NewContext()
 	if debug {
-		setting.ProdMode = false
+		setting.RunMode = "dev"
 	}
 }
 
@@ -76,7 +76,7 @@ func fail(userMessage, logMessage string, args ...interface{}) {
 	fmt.Fprintln(os.Stderr, "Gitea:", userMessage)
 
 	if len(logMessage) > 0 {
-		if !setting.ProdMode {
+		if !setting.IsProd() {
 			fmt.Fprintf(os.Stderr, logMessage+"\n", args...)
 		}
 	}

cmd/web.go

@@ -22,7 +22,6 @@ import (
 
 	context2 "github.com/gorilla/context"
 	"github.com/urfave/cli"
-	"golang.org/x/crypto/acme/autocert"
 	ini "gopkg.in/ini.v1"
 )
 
@@ -72,36 +71,6 @@ func runHTTPRedirector() {
 	}
 }
 
-func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error {
-	certManager := autocert.Manager{
-		Prompt:     autocert.AcceptTOS,
-		HostPolicy: autocert.HostWhitelist(domain),
-		Cache:      autocert.DirCache(directory),
-		Email:      email,
-	}
-	go func() {
-		log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
-		// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
-		var err = runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, certManager.HTTPHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
-		if err != nil {
-			log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
-		}
-	}()
-	return runHTTPSWithTLSConfig("tcp", listenAddr, certManager.TLSConfig(), context2.ClearHandler(m))
-}
-
-func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
-	if r.Method != "GET" && r.Method != "HEAD" {
-		http.Error(w, "Use HTTPS", http.StatusBadRequest)
-		return
-	}
-	// Remove the trailing slash at the end of setting.AppURL, the request
-	// URI always contains a leading slash, which would result in a double
-	// slash
-	target := strings.TrimSuffix(setting.AppURL, "/") + r.URL.RequestURI()
-	http.Redirect(w, r, target, http.StatusFound)
-}
-
 func runWeb(ctx *cli.Context) error {
 	managerCtx, cancel := context.WithCancel(context.Background())
 	graceful.InitManager(managerCtx)
@@ -133,8 +102,7 @@ func runWeb(ctx *cli.Context) error {
 				return err
 			}
 		}
-		c := routes.NewChi()
-		routes.RegisterInstallRoute(c)
+		c := routes.InstallRoutes()
 		err := listen(c, false)
 		select {
 		case <-graceful.GetManager().IsShutdown():
@@ -165,11 +133,9 @@ func runWeb(ctx *cli.Context) error {
 			return err
 		}
 	}
-	// Set up Chi routes
-	c := routes.NewChi()
-	c.Mount("/", routes.NormalRoutes())
-	routes.DelegateToMacaron(c)
 
+	// Set up Chi routes
+	c := routes.NormalRoutes()
 	err := listen(c, true)
 	<-graceful.GetManager().Done()
 	log.Info("PID: %d Gitea Web Finished", os.Getpid())

cmd/web_letsencrypt.go

@@ -0,0 +1,69 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"net/http"
+	"strings"
+
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/caddyserver/certmagic"
+	context2 "github.com/gorilla/context"
+)
+
+func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error {
+
+	// If HTTP Challenge enabled, needs to be serving on port 80. For TLSALPN needs 443.
+	// Due to docker port mapping this can't be checked programatically
+	// TODO: these are placeholders until we add options for each in settings with appropriate warning
+	enableHTTPChallenge := true
+	enableTLSALPNChallenge := true
+
+	magic := certmagic.NewDefault()
+	magic.Storage = &certmagic.FileStorage{Path: directory}
+	myACME := certmagic.NewACMEManager(magic, certmagic.ACMEManager{
+		Email:                   email,
+		Agreed:                  setting.LetsEncryptTOS,
+		DisableHTTPChallenge:    !enableHTTPChallenge,
+		DisableTLSALPNChallenge: !enableTLSALPNChallenge,
+	})
+
+	magic.Issuer = myACME
+
+	// this obtains certificates or renews them if necessary
+	err := magic.ManageSync([]string{domain})
+	if err != nil {
+		return err
+	}
+
+	tlsConfig := magic.TLSConfig()
+
+	if enableHTTPChallenge {
+		go func() {
+			log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
+			// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
+			var err = runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
+			if err != nil {
+				log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
+			}
+		}()
+	}
+
+	return runHTTPSWithTLSConfig("tcp", listenAddr, tlsConfig, context2.ClearHandler(m))
+}
+
+func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method != "GET" && r.Method != "HEAD" {
+		http.Error(w, "Use HTTPS", http.StatusBadRequest)
+		return
+	}
+	// Remove the trailing slash at the end of setting.AppURL, the request
+	// URI always contains a leading slash, which would result in a double
+	// slash
+	target := strings.TrimSuffix(setting.AppURL, "/") + r.URL.RequestURI()
+	http.Redirect(w, r, target, http.StatusFound)
+}