Merge remote-tracking branch 'giteaofficial/main'

* giteaofficial/main:
  [skip ci] Updated translations via Crowdin
  Vertical align avatar at middle (go-gitea#20302)
  Changed scroll to auto for some UI elements. (go-gitea#20294)
  Add hint to GNUPGHOME environment variable (go-gitea#20134)
  Refactor SSH init code, fix directory creation for TrustedUserCAKeys file (go-gitea#20299)
  [skip ci] Updated translations via Crowdin
  Use dedicated draft PR icon when possible (go-gitea#20303)
  Update goldmark (go-gitea#20300)
  Do not create empty ".ssh" directory when loading config (go-gitea#20289)

Author: zjjhot

docs/content/doc/advanced/signing.en-us.md

@@ -100,9 +100,9 @@ ideal UI and therefore subject to change.
 **Since 1.17**, Gitea runs git in its own home directory `[git].HOME_PATH` (default to `%(APP_DATA_PATH)/home`)
 and uses its own config `{[git].HOME_PATH}/.gitconfig`.
 If you have your own customized git config for Gitea, you should set these configs in system git config (aka `/etc/gitconfig`)
-or the Gitea internal git config `{[git].HOME_PATH}/.gitconfig`. 
-Related home files for git command (like `.gnupg`) should also be put in Gitea's git home directory `[git].HOME_PATH`. 
-
+or the Gitea internal git config `{[git].HOME_PATH}/.gitconfig`.
+Related home files for git command (like `.gnupg`) should also be put in Gitea's git home directory `[git].HOME_PATH`.
+If you like to keep the `.gnupg` directory outside of `{[git].HOME_PATH}/`, consider setting the `$GNUPGHOME` environment variable to your preferred location.
 
 ### `INITIAL_COMMIT`
 

go.mod

@@ -87,7 +87,7 @@ require (
 	github.com/urfave/cli v1.22.9
 	github.com/xanzy/go-gitlab v0.64.0
 	github.com/yohcop/openid-go v1.0.0
-	github.com/yuin/goldmark v1.4.12
+	github.com/yuin/goldmark v1.4.13
 	github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594
 	github.com/yuin/goldmark-meta v1.1.0
 	go.jolheiser.com/hcaptcha v0.0.4

go.sum

@@ -1550,8 +1550,8 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.5/go.mod h1:rmuwmfZ0+bvzB24eSC//bk1R1Zp3hM0OXYv/G2LIilg=
-github.com/yuin/goldmark v1.4.12 h1:6hffw6vALvEDqJ19dOJvJKOoAOKe4NDaTqvd2sktGN0=
-github.com/yuin/goldmark v1.4.12/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+github.com/yuin/goldmark v1.4.13 h1:fVcFKWvrslecOb/tg+Cc05dkeYx540o0FuFt3nUVDoE=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594 h1:yHfZyN55+5dp1wG7wDKv8HQ044moxkyGq12KFFMFDxg=
 github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594/go.mod h1:U9ihbh+1ZN7fR5Se3daSPoz1CGF9IYtSvWwVQtnzGHU=
 github.com/yuin/goldmark-meta v1.1.0 h1:pWw+JLHGZe8Rk0EGsMVssiNb/AaPMHfSRszZeUeiOUc=

modules/setting/setting.go

@@ -840,16 +840,17 @@ func loadFromConf(allowEmpty bool, extraConfig string) {
 		SSH.StartBuiltinServer = false
 	}
 
-	trustedUserCaKeys := sec.Key("SSH_TRUSTED_USER_CA_KEYS").Strings(",")
-	for _, caKey := range trustedUserCaKeys {
+	SSH.TrustedUserCAKeysFile = sec.Key("SSH_TRUSTED_USER_CA_KEYS_FILENAME").MustString(filepath.Join(SSH.RootPath, "gitea-trusted-user-ca-keys.pem"))
+
+	for _, caKey := range SSH.TrustedUserCAKeys {
 		pubKey, _, _, _, err := gossh.ParseAuthorizedKey([]byte(caKey))
 		if err != nil {
 			log.Fatal("Failed to parse TrustedUserCaKeys: %s %v", caKey, err)
 		}
 
 		SSH.TrustedUserCAKeysParsed = append(SSH.TrustedUserCAKeysParsed, pubKey)
 	}
-	if len(trustedUserCaKeys) > 0 {
+	if len(SSH.TrustedUserCAKeys) > 0 {
 		// Set the default as email,username otherwise we can leave it empty
 		sec.Key("SSH_AUTHORIZED_PRINCIPALS_ALLOW").MustString("username,email")
 	} else {
@@ -858,22 +859,6 @@ func loadFromConf(allowEmpty bool, extraConfig string) {
 
 	SSH.AuthorizedPrincipalsAllow, SSH.AuthorizedPrincipalsEnabled = parseAuthorizedPrincipalsAllow(sec.Key("SSH_AUTHORIZED_PRINCIPALS_ALLOW").Strings(","))
 
-	if !SSH.Disabled && !SSH.StartBuiltinServer {
-		if err := os.MkdirAll(SSH.RootPath, 0o700); err != nil {
-			log.Fatal("Failed to create '%s': %v", SSH.RootPath, err)
-		} else if err = os.MkdirAll(SSH.KeyTestPath, 0o644); err != nil {
-			log.Fatal("Failed to create '%s': %v", SSH.KeyTestPath, err)
-		}
-
-		if len(trustedUserCaKeys) > 0 && SSH.AuthorizedPrincipalsEnabled {
-			fname := sec.Key("SSH_TRUSTED_USER_CA_KEYS_FILENAME").MustString(filepath.Join(SSH.RootPath, "gitea-trusted-user-ca-keys.pem"))
-			if err := os.WriteFile(fname,
-				[]byte(strings.Join(trustedUserCaKeys, "\n")), 0o600); err != nil {
-				log.Fatal("Failed to create '%s': %v", fname, err)
-			}
-		}
-	}
-
 	SSH.MinimumKeySizeCheck = sec.Key("MINIMUM_KEY_SIZE_CHECK").MustBool(SSH.MinimumKeySizeCheck)
 	minimumKeySizes := Cfg.Section("ssh.minimum_key_sizes").Keys()
 	for _, key := range minimumKeySizes {

modules/ssh/init.go

@@ -0,0 +1,55 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+import (
+	"fmt"
+	"net"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+)
+
+func Init() error {
+	if setting.SSH.Disabled {
+		return nil
+	}
+
+	if setting.SSH.StartBuiltinServer {
+		Listen(setting.SSH.ListenHost, setting.SSH.ListenPort, setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs)
+		log.Info("SSH server started on %s. Cipher list (%v), key exchange algorithms (%v), MACs (%v)",
+			net.JoinHostPort(setting.SSH.ListenHost, strconv.Itoa(setting.SSH.ListenPort)),
+			setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs,
+		)
+		return nil
+	}
+
+	builtinUnused()
+
+	// FIXME: why 0o644 for a directory .....
+	if err := os.MkdirAll(setting.SSH.KeyTestPath, 0o644); err != nil {
+		return fmt.Errorf("failed to create directory %q for ssh key test: %w", setting.SSH.KeyTestPath, err)
+	}
+
+	if len(setting.SSH.TrustedUserCAKeys) > 0 && setting.SSH.AuthorizedPrincipalsEnabled {
+		caKeysFileName := setting.SSH.TrustedUserCAKeysFile
+		caKeysFileDir := filepath.Dir(caKeysFileName)
+
+		err := os.MkdirAll(caKeysFileDir, 0o700) // SSH.RootPath by default (That is `~/.ssh` in most cases)
+		if err != nil {
+			return fmt.Errorf("failed to create directory %q for ssh trusted ca keys: %w", caKeysFileDir, err)
+		}
+
+		if err := os.WriteFile(caKeysFileName, []byte(strings.Join(setting.SSH.TrustedUserCAKeys, "\n")), 0o600); err != nil {
+			return fmt.Errorf("failed to write ssh trusted ca keys to %q: %w", caKeysFileName, err)
+		}
+	}
+
+	return nil
+}

modules/ssh/ssh_graceful.go

@@ -29,7 +29,7 @@ func listen(server *ssh.Server) {
 	log.Info("SSH Listener: %s Closed", server.Addr)
 }
 
-// Unused informs our cleanup routine that we will not be using a ssh port
-func Unused() {
+// builtinUnused informs our cleanup routine that we will not be using a ssh port
+func builtinUnused() {
 	graceful.GetManager().InformCleanup()
 }

modules/templates/helper.go

@@ -628,7 +628,7 @@ func SVG(icon string, others ...interface{}) template.HTML {
 
 // Avatar renders user avatars. args: user, size (int), class (string)
 func Avatar(item interface{}, others ...interface{}) template.HTML {
-	size, class := parseOthers(avatars.DefaultAvatarPixelSize, "ui avatar image", others...)
+	size, class := parseOthers(avatars.DefaultAvatarPixelSize, "ui avatar image vm", others...)
 
 	switch t := item.(type) {
 	case *user_model.User:

options/locale/locale_de-DE.ini

@@ -861,7 +861,6 @@ default_branch=Standardbranch
 default_branch_helper=Der default Branch ist der Basisbranch für Pull-Requests und Commits.
 mirror_prune=Entfernen
 mirror_prune_desc=Entferne veraltete remote-tracking Referenzen
-mirror_interval=Mirror-Intervall. Gültige Zeiteinheiten sind 'h', 'm', sowie 's'. 0 deaktiviert die automatische Synchronisierung. (Minimum: %s)
 mirror_interval_invalid=Das Spiegel-Intervall ist ungültig.
 mirror_address=Klonen via URL
 mirror_address_desc=Gib alle erforderlichen Anmeldedaten im Abschnitt "Authentifizierung" ein.

options/locale/locale_el-GR.ini

@@ -861,7 +861,6 @@ default_branch=Προεπιλεγμένος Κλάδος
 default_branch_helper=Ο προεπιλεγμένος κλάδος είναι ο βασικός κλάδος για pull requests και υποβολές κώδικα.
 mirror_prune=Καθαρισμός
 mirror_prune_desc=Αφαίρεση παρωχημένων αναφορών απομακρυσμένης-παρακολούθησης
-mirror_interval=Διάστημα ανανέωσης ειδώλου (έγκυρες μονάδες ώρας είναι 'h', 'm', 's'). 0 για απενεργοποίηση του αυτόματου συγχρονισμού. (Ελάχιστο διάστημα: %s)
 mirror_interval_invalid=Το χρονικό διάστημα του ειδώλου δεν είναι έγκυρο.
 mirror_address=Κλωνοποίηση Από Το URL
 mirror_address_desc=Τοποθετήστε όλα τα απαιτούμενα διαπιστευτήρια στην ενότητα Εξουσιοδότηση.

options/locale/locale_en-US.ini

@@ -1303,6 +1303,7 @@ issues.previous = Previous
 issues.next = Next
 issues.open_title = Open
 issues.closed_title = Closed
+issues.draft_title = Draft
 issues.num_comments = %d comments
 issues.commented_at = `commented <a href="#%s">%s</a>`
 issues.delete_comment_confirm = Are you sure you want to delete this comment?

options/locale/locale_es-ES.ini

@@ -861,8 +861,9 @@ default_branch=Rama por defecto
 default_branch_helper=La rama por defecto es la rama base para pull requests y commits de código.
 mirror_prune=Purgar
 mirror_prune_desc=Eliminar referencias de seguimiento de remotes obsoletas
-mirror_interval=Intervalo de replicación (las unidades de tiempo válidas son «h», «m» y «s»). 0 desactiva la sincronización automática. (Intervalo mínimo: %s)
+mirror_interval=Intervalo de réplica (Las unidades de tiempo válidas son 'h', 'm', 's'). 0 para deshabilitar la sincronización automática. (Intervalo mínimo: %s)
 mirror_interval_invalid=El intervalo de réplica no es válido.
+mirror_sync_on_commit=Sincronizar cuando los commits sean subidos
 mirror_address=Clonar desde URL
 mirror_address_desc=Ponga cualquier credencial requerida en la sección de Autorización.
 mirror_address_url_invalid=La url proporcionada no es válida. Debe escapar correctamente de todos los componentes de la url.

options/locale/locale_ja-JP.ini

@@ -861,7 +861,6 @@ default_branch=デフォルトブランチ
 default_branch_helper=デフォルトブランチはプルリクエストとコードコミットのベースブランチとなります。
 mirror_prune=Prune
 mirror_prune_desc=不要になった古いリモートトラッキング参照を削除
-mirror_interval=ミラー間隔 (有効な時間の単位は'h'、'm'、's')。 自動的な同期を無効にする場合は0。(最小間隔: %s)
 mirror_interval_invalid=ミラー間隔が不正です。
 mirror_address=クローンするURL
 mirror_address_desc=必要な資格情報は「認証」セクションに設定してください。

options/locale/locale_lv-LV.ini

@@ -861,7 +861,6 @@ default_branch=Noklusējuma atzars
 default_branch_helper=Noklusētais atzars nosaka pamata atzaru uz kuru tiks veidoti izmaiņu pieprasījumi un koda revīziju iesūtīšana.
 mirror_prune=Izmest
 mirror_prune_desc=Izdzēst visas ārējās atsauces, kas ārējā repozitorijā vairs neeksistē
-mirror_interval=Spoguļošanas intervāls (derīgas laika vienības ir 'h', 'm', 's'). Norādiet 0, lai atslēgtu automātisku spoguļošanu. (Minimālais intervāls: %s)
 mirror_interval_invalid=Nekorekts spoguļošanas intervāls.
 mirror_address=Spoguļa adrese
 mirror_address_desc=Pieslēgšanās rekvizītus norādiet autorizācijas sadaļā.

options/locale/locale_pt-PT.ini

@@ -861,8 +861,9 @@ default_branch=Ramo principal
 default_branch_helper=O ramo principal é o ramo base para pedidos de integração e cometimentos.
 mirror_prune=Podar
 mirror_prune_desc=Remover referências obsoletas de seguimento remoto
-mirror_interval=Intervalo entre sincronizações (as unidades de tempo válidas são 'h', 'm' e 's'). O valor zero desabilita a sincronização automática. (Intervalo mínimo: %s)
+mirror_interval=Intervalo entre sincronizações (as unidades de tempo válidas são 'h', 'm' e 's'). O valor zero desabilita a sincronização periódica. (Intervalo mínimo: %s)
 mirror_interval_invalid=O intervalo entre sincronizações não é válido.
+mirror_sync_on_commit=Sincronizar quando forem enviados cometimentos
 mirror_address=Clonar a partir do URL
 mirror_address_desc=Coloque, na secção de Autorização, as credenciais que, eventualmente, sejam necessárias.
 mirror_address_url_invalid=O URL fornecido é inválido. Tem que codificar adequadamente todos os componentes do URL.
@@ -1302,6 +1303,7 @@ issues.previous=Anterior
 issues.next=Seguinte
 issues.open_title=Aberta
 issues.closed_title=Fechada
+issues.draft_title=Rascunho
 issues.num_comments=%d comentários
 issues.commented_at=`comentou <a href="#%s">%s</a>`
 issues.delete_comment_confirm=Tem a certeza que quer eliminar este comentário?

options/locale/locale_zh-CN.ini

@@ -861,7 +861,6 @@ default_branch=默认分支
 default_branch_helper=默认分支是用于合并请求和代码提交的基础分支。
 mirror_prune=修剪
 mirror_prune_desc=删除过时的远程跟踪引用
-mirror_interval=镜像间隔 (有效的时间单位是 'h', 'm', 's')。0 禁用自动同步 (最短间隔: %s)
 mirror_interval_invalid=镜像间隔无效。
 mirror_address=从URL克隆
 mirror_address_desc=在授权框中输入必要的凭据。

options/locale/locale_zh-TW.ini

@@ -861,7 +861,6 @@ default_branch=預設分支
 default_branch_helper=預設分支是合併請求和提交程式碼的基礎分支。
 mirror_prune=裁減
 mirror_prune_desc=刪除過時的遠端追蹤參考
-mirror_interval=鏡像間隔 (有效時間單位為 'h'、'm'、's')，設為 0 以停用自動同步。(最小間隔: %s)
 mirror_interval_invalid=鏡像週期無效
 mirror_address=從 URL Clone
 mirror_address_desc=在授權資訊中填入必要的資料。

routers/init.go

@@ -6,10 +6,8 @@ package routers
 
 import (
 	"context"
-	"net"
 	"reflect"
 	"runtime"
-	"strconv"
 
 	"code.gitea.io/gitea/models"
 	asymkey_model "code.gitea.io/gitea/models/asymkey"
@@ -158,14 +156,8 @@ func GlobalInitInstalled(ctx context.Context) {
 
 	mustInitCtx(ctx, syncAppPathForGit)
 
-	if setting.SSH.StartBuiltinServer {
-		ssh.Listen(setting.SSH.ListenHost, setting.SSH.ListenPort, setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs)
-		log.Info("SSH server started on %s. Cipher list (%v), key exchange algorithms (%v), MACs (%v)",
-			net.JoinHostPort(setting.SSH.ListenHost, strconv.Itoa(setting.SSH.ListenPort)),
-			setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs)
-	} else {
-		ssh.Unused()
-	}
+	mustInit(ssh.Init)
+
 	auth.Init()
 	svg.Init()
 }

templates/repo/issue/view_title.tmpl

@@ -24,7 +24,11 @@
 	{{else if .Issue.IsClosed}}
 		<div class="ui red large label">{{if .Issue.IsPull}}{{svg "octicon-git-pull-request"}}{{else}}{{svg "octicon-issue-closed"}}{{end}} {{.locale.Tr "repo.issues.closed_title"}}</div>
 	{{else if .Issue.IsPull}}
-		<div class="ui green large label">{{svg "octicon-git-pull-request"}} {{.locale.Tr "repo.issues.open_title"}}</div>
+		{{if .IsPullWorkInProgress}}
+			<div class="ui grey large label">{{svg "octicon-git-pull-request-draft"}} {{.locale.Tr "repo.issues.draft_title"}}</div>
+		{{else}}
+			<div class="ui green large label">{{svg "octicon-git-pull-request"}} {{.locale.Tr "repo.issues.open_title"}}</div>
+		{{end}}
 	{{else}}
 		<div class="ui green large label">{{svg "octicon-issue-opened"}} {{.locale.Tr "repo.issues.open_title"}}</div>
 	{{end}}

templates/shared/issuelist.tmpl

@@ -17,7 +17,11 @@
 							{{if .IsClosed}}
 								{{svg "octicon-git-pull-request" 16 "text red"}}
 							{{else}}
-								{{svg "octicon-git-pull-request" 16 "text green"}}
+								{{if .PullRequest.IsWorkInProgress}}
+									{{svg "octicon-git-pull-request-draft" 16 "text grey"}}
+								{{else}}
+									{{svg "octicon-git-pull-request" 16 "text green"}}
+								{{end}}
 							{{end}}
 						{{end}}
 					{{else}}

web_src/less/_admin.less

@@ -12,7 +12,7 @@
   .table.segment {
     padding: 0;
     font-size: 13px;
-    overflow-x: scroll;
+    overflow-x: auto;
 
     &:not(.striped) {
       thead {

web_src/less/_repository.less

@@ -3352,7 +3352,7 @@ td.blob-excerpt {
   .commit-header-row {
     .ui.horizontal.list {
       width: 100%;
-      overflow-x: scroll;
+      overflow-x: auto;
       margin-top: 2px;
 
       .item {
@@ -3401,7 +3401,7 @@ td.blob-excerpt {
   }
 
   .commit-table {
-    overflow-x: scroll;
+    overflow-x: auto;
 
     td.sha,
     th.sha {

web_src/less/_user.less

@@ -170,5 +170,5 @@
 }
 
 #notification_div .tab.segment {
-  overflow-x: scroll;
+  overflow-x: auto;
 }

web_src/less/features/gitgraph.less

@@ -1,5 +1,5 @@
 #git-graph-container {
-  overflow-x: scroll;
+  overflow-x: auto;
   width: 100%;
   min-height: 350px;