Merge pull request '[gitea] week 2024-32 cherry pick (gitea/main -> forgejo)' (#4801) from earl-warren/wcp/2024-32 into forgejo

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4801
Reviewed-by: Gusted <gusted@noreply.codeberg.org>

models/actions/runner.go

@@ -26,14 +26,25 @@ import (
 )
 
 // ActionRunner represents runner machines
+//
+// It can be:
+//  1. global runner, OwnerID is 0 and RepoID is 0
+//  2. org/user level runner, OwnerID is org/user ID and RepoID is 0
+//  3. repo level runner, OwnerID is 0 and RepoID is repo ID
+//
+// Please note that it's not acceptable to have both OwnerID and RepoID to be non-zero,
+// or it will be complicated to find runners belonging to a specific owner.
+// For example, conditions like `OwnerID = 1` will also return runner {OwnerID: 1, RepoID: 1},
+// but it's a repo level runner, not an org/user level runner.
+// To avoid this, make it clear with {OwnerID: 0, RepoID: 1} for repo level runners.
 type ActionRunner struct {
 	ID          int64
 	UUID        string                 `xorm:"CHAR(36) UNIQUE"`
 	Name        string                 `xorm:"VARCHAR(255)"`
 	Version     string                 `xorm:"VARCHAR(64)"`
-	OwnerID     int64                  `xorm:"index"` // org level runner, 0 means system
+	OwnerID     int64                  `xorm:"index"`
 	Owner       *user_model.User       `xorm:"-"`
-	RepoID      int64                  `xorm:"index"` // repo level runner, if OwnerID also is zero, then it's a global
+	RepoID      int64                  `xorm:"index"`
 	Repo        *repo_model.Repository `xorm:"-"`
 	Description string                 `xorm:"TEXT"`
 	Base        int                    // 0 native 1 docker 2 virtual machine
@@ -176,7 +187,7 @@ func init() {
 type FindRunnerOptions struct {
 	db.ListOptions
 	RepoID        int64
-	OwnerID       int64
+	OwnerID       int64 // it will be ignored if RepoID is set
 	Sort          string
 	Filter        string
 	IsOnline      optional.Option[bool]
@@ -193,8 +204,7 @@ func (opts FindRunnerOptions) ToConds() builder.Cond {
 			c = c.Or(builder.Eq{"repo_id": 0, "owner_id": 0})
 		}
 		cond = cond.And(c)
-	}
-	if opts.OwnerID > 0 {
+	} else if opts.OwnerID > 0 { // OwnerID is ignored if RepoID is set
 		c := builder.NewCond().And(builder.Eq{"owner_id": opts.OwnerID})
 		if opts.WithAvailable {
 			c = c.Or(builder.Eq{"repo_id": 0, "owner_id": 0})
@@ -297,6 +307,11 @@ func DeleteRunner(ctx context.Context, id int64) error {
 
 // CreateRunner creates new runner.
 func CreateRunner(ctx context.Context, t *ActionRunner) error {
+	if t.OwnerID != 0 && t.RepoID != 0 {
+		// It's trying to create a runner that belongs to a repository, but OwnerID has been set accidentally.
+		// Remove OwnerID to avoid confusion; it's not worth returning an error here.
+		t.OwnerID = 0
+	}
 	return db.Insert(ctx, t)
 }
 

models/actions/runner_token.go

@@ -15,12 +15,23 @@ import (
 )
 
 // ActionRunnerToken represents runner tokens
+//
+// It can be:
+//  1. global token, OwnerID is 0 and RepoID is 0
+//  2. org/user level token, OwnerID is org/user ID and RepoID is 0
+//  3. repo level token, OwnerID is 0 and RepoID is repo ID
+//
+// Please note that it's not acceptable to have both OwnerID and RepoID to be non-zero,
+// or it will be complicated to find tokens belonging to a specific owner.
+// For example, conditions like `OwnerID = 1` will also return token {OwnerID: 1, RepoID: 1},
+// but it's a repo level token, not an org/user level token.
+// To avoid this, make it clear with {OwnerID: 0, RepoID: 1} for repo level tokens.
 type ActionRunnerToken struct {
 	ID       int64
 	Token    string                 `xorm:"UNIQUE"`
-	OwnerID  int64                  `xorm:"index"` // org level runner, 0 means system
+	OwnerID  int64                  `xorm:"index"`
 	Owner    *user_model.User       `xorm:"-"`
-	RepoID   int64                  `xorm:"index"` // repo level runner, if orgid also is zero, then it's a global
+	RepoID   int64                  `xorm:"index"`
 	Repo     *repo_model.Repository `xorm:"-"`
 	IsActive bool                   // true means it can be used
 
@@ -58,7 +69,14 @@ func UpdateRunnerToken(ctx context.Context, r *ActionRunnerToken, cols ...string
 }
 
 // NewRunnerToken creates a new active runner token and invalidate all old tokens
+// ownerID will be ignored and treated as 0 if repoID is non-zero.
 func NewRunnerToken(ctx context.Context, ownerID, repoID int64) (*ActionRunnerToken, error) {
+	if ownerID != 0 && repoID != 0 {
+		// It's trying to create a runner token that belongs to a repository, but OwnerID has been set accidentally.
+		// Remove OwnerID to avoid confusion; it's not worth returning an error here.
+		ownerID = 0
+	}
+
 	token, err := util.CryptoRandomString(40)
 	if err != nil {
 		return nil, err
@@ -84,6 +102,12 @@ func NewRunnerToken(ctx context.Context, ownerID, repoID int64) (*ActionRunnerTo
 
 // GetLatestRunnerToken returns the latest runner token
 func GetLatestRunnerToken(ctx context.Context, ownerID, repoID int64) (*ActionRunnerToken, error) {
+	if ownerID != 0 && repoID != 0 {
+		// It's trying to get a runner token that belongs to a repository, but OwnerID has been set accidentally.
+		// Remove OwnerID to avoid confusion; it's not worth returning an error here.
+		ownerID = 0
+	}
+
 	var runnerToken ActionRunnerToken
 	has, err := db.GetEngine(ctx).Where("owner_id=? AND repo_id=?", ownerID, repoID).
 		OrderBy("id DESC").Get(&runnerToken)

models/actions/schedule.go

@@ -13,8 +13,6 @@ import (
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/timeutil"
 	webhook_module "code.gitea.io/gitea/modules/webhook"
-
-	"github.com/robfig/cron/v3"
 )
 
 // ActionSchedule represents a schedule of a workflow file
@@ -53,8 +51,6 @@ func GetReposMapByIDs(ctx context.Context, ids []int64) (map[int64]*repo_model.R
 	return repos, db.GetEngine(ctx).In("id", ids).Find(&repos)
 }
 
-var cronParser = cron.NewParser(cron.Minute | cron.Hour | cron.Dom | cron.Month | cron.Dow | cron.Descriptor)
-
 // CreateScheduleTask creates new schedule task.
 func CreateScheduleTask(ctx context.Context, rows []*ActionSchedule) error {
 	// Return early if there are no rows to insert
@@ -80,19 +76,21 @@ func CreateScheduleTask(ctx context.Context, rows []*ActionSchedule) error {
 		now := time.Now()
 
 		for _, spec := range row.Specs {
+			specRow := &ActionScheduleSpec{
+				RepoID:     row.RepoID,
+				ScheduleID: row.ID,
+				Spec:       spec,
+			}
 			// Parse the spec and check for errors
-			schedule, err := cronParser.Parse(spec)
+			schedule, err := specRow.Parse()
 			if err != nil {
 				continue // skip to the next spec if there's an error
 			}
 
+			specRow.Next = timeutil.TimeStamp(schedule.Next(now).Unix())
+
 			// Insert the new schedule spec row
-			if err = db.Insert(ctx, &ActionScheduleSpec{
-				RepoID:     row.RepoID,
-				ScheduleID: row.ID,
-				Spec:       spec,
-				Next:       timeutil.TimeStamp(schedule.Next(now).Unix()),
-			}); err != nil {
+			if err = db.Insert(ctx, specRow); err != nil {
 				return err
 			}
 		}

models/actions/schedule_spec.go

@@ -5,6 +5,8 @@ package actions
 
 import (
 	"context"
+	"strings"
+	"time"
 
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
@@ -32,8 +34,29 @@ type ActionScheduleSpec struct {
 	Updated timeutil.TimeStamp `xorm:"updated"`
 }
 
+// Parse parses the spec and returns a cron.Schedule
+// Unlike the default cron parser, Parse uses UTC timezone as the default if none is specified.
 func (s *ActionScheduleSpec) Parse() (cron.Schedule, error) {
-	return cronParser.Parse(s.Spec)
+	parser := cron.NewParser(cron.Minute | cron.Hour | cron.Dom | cron.Month | cron.Dow | cron.Descriptor)
+	schedule, err := parser.Parse(s.Spec)
+	if err != nil {
+		return nil, err
+	}
+
+	// If the spec has specified a timezone, use it
+	if strings.HasPrefix(s.Spec, "TZ=") || strings.HasPrefix(s.Spec, "CRON_TZ=") {
+		return schedule, nil
+	}
+
+	specSchedule, ok := schedule.(*cron.SpecSchedule)
+	// If it's not a spec schedule, like "@every 5m", timezone is not relevant
+	if !ok {
+		return schedule, nil
+	}
+
+	// Set the timezone to UTC
+	specSchedule.Location = time.UTC
+	return specSchedule, nil
 }
 
 func init() {

models/actions/schedule_spec_test.go

@@ -0,0 +1,71 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package actions
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestActionScheduleSpec_Parse(t *testing.T) {
+	// Mock the local timezone is not UTC
+	local := time.Local
+	tz, err := time.LoadLocation("Asia/Shanghai")
+	require.NoError(t, err)
+	defer func() {
+		time.Local = local
+	}()
+	time.Local = tz
+
+	now, err := time.Parse(time.RFC3339, "2024-07-31T15:47:55+08:00")
+	require.NoError(t, err)
+
+	tests := []struct {
+		name    string
+		spec    string
+		want    string
+		wantErr assert.ErrorAssertionFunc
+	}{
+		{
+			name:    "regular",
+			spec:    "0 10 * * *",
+			want:    "2024-07-31T10:00:00Z",
+			wantErr: assert.NoError,
+		},
+		{
+			name:    "invalid",
+			spec:    "0 10 * *",
+			want:    "",
+			wantErr: assert.Error,
+		},
+		{
+			name:    "with timezone",
+			spec:    "TZ=America/New_York 0 10 * * *",
+			want:    "2024-07-31T14:00:00Z",
+			wantErr: assert.NoError,
+		},
+		{
+			name:    "timezone irrelevant",
+			spec:    "@every 5m",
+			want:    "2024-07-31T07:52:55Z",
+			wantErr: assert.NoError,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := &ActionScheduleSpec{
+				Spec: tt.spec,
+			}
+			got, err := s.Parse()
+			tt.wantErr(t, err)
+
+			if err == nil {
+				assert.Equal(t, tt.want, got.Next(now).UTC().Format(time.RFC3339))
+			}
+		})
+	}
+}

models/actions/task.go

@@ -35,7 +35,7 @@ type ActionTask struct {
 	RunnerID int64              `xorm:"index"`
 	Status   Status             `xorm:"index"`
 	Started  timeutil.TimeStamp `xorm:"index"`
-	Stopped  timeutil.TimeStamp
+	Stopped  timeutil.TimeStamp `xorm:"index(stopped_log_expired)"`
 
 	RepoID            int64  `xorm:"index"`
 	OwnerID           int64  `xorm:"index"`
@@ -51,8 +51,8 @@ type ActionTask struct {
 	LogInStorage bool       // read log from database or from storage
 	LogLength    int64      // lines count
 	LogSize      int64      // blob size
-	LogIndexes   LogIndexes `xorm:"LONGBLOB"` // line number to offset
-	LogExpired   bool       // files that are too old will be deleted
+	LogIndexes   LogIndexes `xorm:"LONGBLOB"`                   // line number to offset
+	LogExpired   bool       `xorm:"index(stopped_log_expired)"` // files that are too old will be deleted
 
 	Created timeutil.TimeStamp `xorm:"created"`
 	Updated timeutil.TimeStamp `xorm:"updated index"`
@@ -470,6 +470,16 @@ func StopTask(ctx context.Context, taskID int64, status Status) error {
 	return nil
 }
 
+func FindOldTasksToExpire(ctx context.Context, olderThan timeutil.TimeStamp, limit int) ([]*ActionTask, error) {
+	e := db.GetEngine(ctx)
+
+	tasks := make([]*ActionTask, 0, limit)
+	// Check "stopped > 0" to avoid deleting tasks that are still running
+	return tasks, e.Where("stopped > 0 AND stopped < ? AND log_expired = ?", olderThan, false).
+		Limit(limit).
+		Find(&tasks)
+}
+
 func isSubset(set, subset []string) bool {
 	m := make(container.Set[string], len(set))
 	for _, v := range set {

models/actions/variable.go

@@ -5,7 +5,6 @@ package actions
 
 import (
 	"context"
-	"errors"
 	"strings"
 
 	"code.gitea.io/gitea/models/db"
@@ -15,6 +14,18 @@ import (
 	"xorm.io/builder"
 )
 
+// ActionVariable represents a variable that can be used in actions
+//
+// It can be:
+//  1. global variable, OwnerID is 0 and RepoID is 0
+//  2. org/user level variable, OwnerID is org/user ID and RepoID is 0
+//  3. repo level variable, OwnerID is 0 and RepoID is repo ID
+//
+// Please note that it's not acceptable to have both OwnerID and RepoID to be non-zero,
+// or it will be complicated to find variables belonging to a specific owner.
+// For example, conditions like `OwnerID = 1` will also return variable {OwnerID: 1, RepoID: 1},
+// but it's a repo level variable, not an org/user level variable.
+// To avoid this, make it clear with {OwnerID: 0, RepoID: 1} for repo level variables.
 type ActionVariable struct {
 	ID          int64              `xorm:"pk autoincr"`
 	OwnerID     int64              `xorm:"UNIQUE(owner_repo_name)"`
@@ -29,30 +40,26 @@ func init() {
 	db.RegisterModel(new(ActionVariable))
 }
 
-func (v *ActionVariable) Validate() error {
-	if v.OwnerID != 0 && v.RepoID != 0 {
-		return errors.New("a variable should not be bound to an owner and a repository at the same time")
-	}
-	return nil
-}
-
 func InsertVariable(ctx context.Context, ownerID, repoID int64, name, data string) (*ActionVariable, error) {
+	if ownerID != 0 && repoID != 0 {
+		// It's trying to create a variable that belongs to a repository, but OwnerID has been set accidentally.
+		// Remove OwnerID to avoid confusion; it's not worth returning an error here.
+		ownerID = 0
+	}
+
 	variable := &ActionVariable{
 		OwnerID: ownerID,
 		RepoID:  repoID,
 		Name:    strings.ToUpper(name),
 		Data:    data,
 	}
-	if err := variable.Validate(); err != nil {
-		return variable, err
-	}
 	return variable, db.Insert(ctx, variable)
 }
 
 type FindVariablesOpts struct {
 	db.ListOptions
-	OwnerID int64
 	RepoID  int64
+	OwnerID int64 // it will be ignored if RepoID is set
 	Name    string
 }
 
@@ -60,8 +67,13 @@ func (opts FindVariablesOpts) ToConds() builder.Cond {
 	cond := builder.NewCond()
 	// Since we now support instance-level variables,
 	// there is no need to check for null values for `owner_id` and `repo_id`
-	cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})
 	cond = cond.And(builder.Eq{"repo_id": opts.RepoID})
+	if opts.RepoID != 0 { // if RepoID is set
+		// ignore OwnerID and treat it as 0
+		cond = cond.And(builder.Eq{"owner_id": 0})
+	} else {
+		cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})
+	}
 
 	if opts.Name != "" {
 		cond = cond.And(builder.Eq{"name": strings.ToUpper(opts.Name)})

models/git/branch.go

@@ -385,6 +385,13 @@ func RenameBranch(ctx context.Context, repo *repo_model.Repository, from, to str
 		return err
 	}
 
+	// 4.1 Update all not merged pull request head branch name
+	if _, err = sess.Table("pull_request").Where("head_repo_id=? AND head_branch=? AND has_merged=?",
+		repo.ID, from, false).
+		Update(map[string]any{"head_branch": to}); err != nil {
+		return err
+	}
+
 	// 5. insert renamed branch record
 	renamedBranch := &RenamedBranch{
 		RepoID: repo.ID,

models/git/commit_status.go

@@ -141,13 +141,17 @@ func GetNextCommitStatusIndex(ctx context.Context, repoID int64, sha string) (in
 	return newIdx, nil
 }
 
-func (status *CommitStatus) loadAttributes(ctx context.Context) (err error) {
+func (status *CommitStatus) loadRepository(ctx context.Context) (err error) {
 	if status.Repo == nil {
 		status.Repo, err = repo_model.GetRepositoryByID(ctx, status.RepoID)
 		if err != nil {
 			return fmt.Errorf("getRepositoryByID [%d]: %w", status.RepoID, err)
 		}
 	}
+	return nil
+}
+
+func (status *CommitStatus) loadCreator(ctx context.Context) (err error) {
 	if status.Creator == nil && status.CreatorID > 0 {
 		status.Creator, err = user_model.GetUserByID(ctx, status.CreatorID)
 		if err != nil {
@@ -157,6 +161,13 @@ func (status *CommitStatus) loadAttributes(ctx context.Context) (err error) {
 	return nil
 }
 
+func (status *CommitStatus) loadAttributes(ctx context.Context) (err error) {
+	if err := status.loadRepository(ctx); err != nil {
+		return err
+	}
+	return status.loadCreator(ctx)
+}
+
 // APIURL returns the absolute APIURL to this commit-status.
 func (status *CommitStatus) APIURL(ctx context.Context) string {
 	_ = status.loadAttributes(ctx)
@@ -168,6 +179,25 @@ func (status *CommitStatus) LocaleString(lang translation.Locale) string {
 	return lang.TrString("repo.commitstatus." + status.State.String())
 }
 
+// HideActionsURL set `TargetURL` to an empty string if the status comes from Gitea Actions
+func (status *CommitStatus) HideActionsURL(ctx context.Context) {
+	if status.RepoID == 0 {
+		return
+	}
+
+	if status.Repo == nil {
+		if err := status.loadRepository(ctx); err != nil {
+			log.Error("loadRepository: %v", err)
+			return
+		}
+	}
+
+	prefix := fmt.Sprintf("%s/actions", status.Repo.Link())
+	if strings.HasPrefix(status.TargetURL, prefix) {
+		status.TargetURL = ""
+	}
+}
+
 // CalcCommitStatus returns commit status state via some status, the commit statues should order by id desc
 func CalcCommitStatus(statuses []*CommitStatus) *CommitStatus {
 	if len(statuses) == 0 {
@@ -471,3 +501,19 @@ func ConvertFromGitCommit(ctx context.Context, commits []*git.Commit, repo *repo
 		repo,
 	)
 }
+
+// CommitStatusesHideActionsURL hide Gitea Actions urls
+func CommitStatusesHideActionsURL(ctx context.Context, statuses []*CommitStatus) {
+	idToRepos := make(map[int64]*repo_model.Repository)
+	for _, status := range statuses {
+		if status == nil {
+			continue
+		}
+
+		if status.Repo == nil {
+			status.Repo = idToRepos[status.RepoID]
+		}
+		status.HideActionsURL(ctx)
+		idToRepos[status.RepoID] = status.Repo
+	}
+}

models/git/commit_status_test.go

@@ -4,9 +4,11 @@
 package git_test
 
 import (
+	"fmt"
 	"testing"
 	"time"
 
+	actions_model "code.gitea.io/gitea/models/actions"
 	"code.gitea.io/gitea/models/db"
 	git_model "code.gitea.io/gitea/models/git"
 	repo_model "code.gitea.io/gitea/models/repo"
@@ -240,3 +242,26 @@ func TestFindRepoRecentCommitStatusContexts(t *testing.T) {
 		assert.Equal(t, "compliance/lint-backend", contexts[0])
 	}
 }
+
+func TestCommitStatusesHideActionsURL(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
+	run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 791, RepoID: repo.ID})
+	require.NoError(t, run.LoadAttributes(db.DefaultContext))
+
+	statuses := []*git_model.CommitStatus{
+		{
+			RepoID:    repo.ID,
+			TargetURL: fmt.Sprintf("%s/jobs/%d", run.Link(), run.Index),
+		},
+		{
+			RepoID:    repo.ID,
+			TargetURL: "https://mycicd.org/1",
+		},
+	}
+
+	git_model.CommitStatusesHideActionsURL(db.DefaultContext, statuses)
+	assert.Empty(t, statuses[0].TargetURL)
+	assert.Equal(t, "https://mycicd.org/1", statuses[1].TargetURL)
+}

models/migrations/migrations.go

@@ -593,6 +593,12 @@ var migrations = []Migration{
 
 	// v299 -> v300
 	NewMigration("Add content version to issue and comment table", v1_23.AddContentVersionToIssueAndComment),
+	// v300 -> v301
+	NewMigration("Add force-push branch protection support", v1_23.AddForcePushBranchProtection),
+	// v301 -> v302
+	NewMigration("Add skip_secondary_authorization option to oauth2 application table", v1_23.AddSkipSecondaryAuthColumnToOAuth2ApplicationTable),
+	// v302 -> v303
+	NewMigration("Add index to action_task stopped log_expired", v1_23.AddIndexToActionTaskStoppedLogExpired),
 }
 
 // GetCurrentDBVersion returns the current db version

models/migrations/v1_23/v300.go

@@ -0,0 +1,17 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package v1_23 //nolint
+
+import "xorm.io/xorm"
+
+func AddForcePushBranchProtection(x *xorm.Engine) error {
+	type ProtectedBranch struct {
+		CanForcePush                 bool    `xorm:"NOT NULL DEFAULT false"`
+		EnableForcePushAllowlist     bool    `xorm:"NOT NULL DEFAULT false"`
+		ForcePushAllowlistUserIDs    []int64 `xorm:"JSON TEXT"`
+		ForcePushAllowlistTeamIDs    []int64 `xorm:"JSON TEXT"`
+		ForcePushAllowlistDeployKeys bool    `xorm:"NOT NULL DEFAULT false"`
+	}
+	return x.Sync(new(ProtectedBranch))
+}

models/migrations/v1_23/v301.go

@@ -0,0 +1,14 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package v1_23 //nolint
+
+import "xorm.io/xorm"
+
+// AddSkipSeconderyAuthToOAuth2ApplicationTable: add SkipSecondaryAuthorization column, setting existing rows to false
+func AddSkipSecondaryAuthColumnToOAuth2ApplicationTable(x *xorm.Engine) error {
+	type oauth2Application struct {
+		SkipSecondaryAuthorization bool `xorm:"NOT NULL DEFAULT FALSE"`
+	}
+	return x.Sync(new(oauth2Application))
+}

models/migrations/v1_23/v302.go

@@ -0,0 +1,18 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package v1_23 //nolint
+
+import (
+	"code.gitea.io/gitea/modules/timeutil"
+
+	"xorm.io/xorm"
+)
+
+func AddIndexToActionTaskStoppedLogExpired(x *xorm.Engine) error {
+	type ActionTask struct {
+		Stopped    timeutil.TimeStamp `xorm:"index(stopped_log_expired)"`
+		LogExpired bool               `xorm:"index(stopped_log_expired)"`
+	}
+	return x.Sync(new(ActionTask))
+}

models/project/project.go

@@ -103,6 +103,13 @@ type Project struct {
 	ClosedDateUnix timeutil.TimeStamp
 }
 
+// Ghost Project is a project which has been deleted
+const GhostProjectID = -1
+
+func (p *Project) IsGhost() bool {
+	return p.ID == GhostProjectID
+}
+
 func (p *Project) LoadOwner(ctx context.Context) (err error) {
 	if p.Owner != nil {
 		return nil

models/repo/release.go

@@ -413,32 +413,6 @@ func GetReleaseAttachments(ctx context.Context, rels ...*Release) (err error) {
 	return err
 }
 
-type releaseSorter struct {
-	rels []*Release
-}
-
-func (rs *releaseSorter) Len() int {
-	return len(rs.rels)
-}
-
-func (rs *releaseSorter) Less(i, j int) bool {
-	diffNum := rs.rels[i].NumCommits - rs.rels[j].NumCommits
-	if diffNum != 0 {
-		return diffNum > 0
-	}
-	return rs.rels[i].CreatedUnix > rs.rels[j].CreatedUnix
-}
-
-func (rs *releaseSorter) Swap(i, j int) {
-	rs.rels[i], rs.rels[j] = rs.rels[j], rs.rels[i]
-}
-
-// SortReleases sorts releases by number of commits and created time.
-func SortReleases(rels []*Release) {
-	sorter := &releaseSorter{rels: rels}
-	sort.Sort(sorter)
-}
-
 // UpdateReleasesMigrationsByType updates all migrated repositories' releases from gitServiceType to replace originalAuthorID to posterID
 func UpdateReleasesMigrationsByType(ctx context.Context, gitServiceType structs.GitServiceType, originalAuthorID string, posterID int64) error {
 	_, err := db.GetEngine(ctx).Table("release").

models/repo/repo.go

@@ -766,17 +766,18 @@ func GetRepositoryByOwnerAndName(ctx context.Context, ownerName, repoName string
 
 // GetRepositoryByName returns the repository by given name under user if exists.
 func GetRepositoryByName(ctx context.Context, ownerID int64, name string) (*Repository, error) {
-	repo := &Repository{
-		OwnerID:   ownerID,
-		LowerName: strings.ToLower(name),
-	}
-	has, err := db.GetEngine(ctx).Get(repo)
+	var repo Repository
+	has, err := db.GetEngine(ctx).
+		Where("`owner_id`=?", ownerID).
+		And("`lower_name`=?", strings.ToLower(name)).
+		NoAutoCondition().
+		Get(&repo)
 	if err != nil {
 		return nil, err
 	} else if !has {
 		return nil, ErrRepoNotExist{0, ownerID, "", name}
 	}
-	return repo, err
+	return &repo, err
 }
 
 // getRepositoryURLPathSegments returns segments (owner, reponame) extracted from a url

models/secret/secret.go

@@ -5,7 +5,6 @@ package secret
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"strings"
 
@@ -22,6 +21,19 @@ import (
 )
 
 // Secret represents a secret
+//
+// It can be:
+//  1. org/user level secret, OwnerID is org/user ID and RepoID is 0
+//  2. repo level secret, OwnerID is 0 and RepoID is repo ID
+//
+// Please note that it's not acceptable to have both OwnerID and RepoID to be non-zero,
+// or it will be complicated to find secrets belonging to a specific owner.
+// For example, conditions like `OwnerID = 1` will also return secret {OwnerID: 1, RepoID: 1},
+// but it's a repo level secret, not an org/user level secret.
+// To avoid this, make it clear with {OwnerID: 0, RepoID: 1} for repo level secrets.
+//
+// Please note that it's not acceptable to have both OwnerID and RepoID to zero, global secrets are not supported.
+// It's for security reasons, admin may be not aware of that the secrets could be stolen by any user when setting them as global.
 type Secret struct {
 	ID          int64
 	OwnerID     int64              `xorm:"INDEX UNIQUE(owner_repo_name) NOT NULL"`
@@ -46,6 +58,15 @@ func (err ErrSecretNotFound) Unwrap() error {
 
 // InsertEncryptedSecret Creates, encrypts, and validates a new secret with yet unencrypted data and insert into database
 func InsertEncryptedSecret(ctx context.Context, ownerID, repoID int64, name, data string) (*Secret, error) {
+	if ownerID != 0 && repoID != 0 {
+		// It's trying to create a secret that belongs to a repository, but OwnerID has been set accidentally.
+		// Remove OwnerID to avoid confusion; it's not worth returning an error here.
+		ownerID = 0
+	}
+	if ownerID == 0 && repoID == 0 {
+		return nil, fmt.Errorf("%w: ownerID and repoID cannot be both zero, global secrets are not supported", util.ErrInvalidArgument)
+	}
+
 	encrypted, err := secret_module.EncryptSecret(setting.SecretKey, data)
 	if err != nil {
 		return nil, err
@@ -56,9 +77,6 @@ func InsertEncryptedSecret(ctx context.Context, ownerID, repoID int64, name, dat
 		Name:    strings.ToUpper(name),
 		Data:    encrypted,
 	}
-	if err := secret.Validate(); err != nil {
-		return secret, err
-	}
 	return secret, db.Insert(ctx, secret)
 }
 
@@ -66,29 +84,25 @@ func init() {
 	db.RegisterModel(new(Secret))
 }
 
-func (s *Secret) Validate() error {
-	if s.OwnerID == 0 && s.RepoID == 0 {
-		return errors.New("the secret is not bound to any scope")
-	}
-	return nil
-}
-
 type FindSecretsOptions struct {
 	db.ListOptions
-	OwnerID  int64
 	RepoID   int64
+	OwnerID  int64 // it will be ignored if RepoID is set
 	SecretID int64
 	Name     string
 }
 
 func (opts FindSecretsOptions) ToConds() builder.Cond {
 	cond := builder.NewCond()
-	if opts.OwnerID > 0 {
+
+	cond = cond.And(builder.Eq{"repo_id": opts.RepoID})
+	if opts.RepoID != 0 { // if RepoID is set
+		// ignore OwnerID and treat it as 0
+		cond = cond.And(builder.Eq{"owner_id": 0})
+	} else {
 		cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})
 	}
-	if opts.RepoID > 0 {
-		cond = cond.And(builder.Eq{"repo_id": opts.RepoID})
-	}
+
 	if opts.SecretID != 0 {
 		cond = cond.And(builder.Eq{"id": opts.SecretID})
 	}