Merge branch 'main' into service-use

cli/repo/repo_update.go

@@ -36,8 +36,8 @@ var repoUpdateCmd = &cli.Command{
 			Usage: "repository is trusted",
 		},
 		&cli.BoolFlag{
-			Name:  "gated",
+			Name:   "gated", // TODO: remove in next release
-			Usage: "repository is gated",
+			Hidden: true,
 		},
 		&cli.StringFlag{
 			Name:  "require-approval",
@@ -82,7 +82,6 @@ func repoUpdate(ctx context.Context, c *cli.Command) error {
 		config          = c.String("config")
 		timeout         = c.Duration("timeout")
 		trusted         = c.Bool("trusted")
-		gated           = c.Bool("gated")
 		requireApproval = c.String("require-approval")
 		pipelineCounter = int(c.Int("pipeline-counter"))
 		unsafe          = c.Bool("unsafe")
@@ -92,29 +91,18 @@ func repoUpdate(ctx context.Context, c *cli.Command) error {
 	if c.IsSet("trusted") {
 		patch.IsTrusted = &trusted
 	}
-	// TODO: remove isGated in next major release
+
+	// TODO: remove in next release
 	if c.IsSet("gated") {
-		if gated {
+		return fmt.Errorf("'gated' option has been set in version 2.8, use 'require-approval' in >= 3.0")
-			patch.RequireApproval = &woodpecker.RequireApprovalAllEvents
-		} else {
-			patch.RequireApproval = &woodpecker.RequireApprovalNone
-		}
 	}
+
 	if c.IsSet("require-approval") {
 		if mode := woodpecker.ApprovalMode(requireApproval); mode.Valid() {
 			patch.RequireApproval = &mode
 		} else {
 			return fmt.Errorf("update approval mode failed: '%s' is no valid mode", mode)
 		}
-
-		// TODO: remove isGated in next major release
-		if requireApproval == string(woodpecker.RequireApprovalAllEvents) {
-			trueBool := true
-			patch.IsGated = &trueBool
-		} else if requireApproval == string(woodpecker.RequireApprovalNone) {
-			falseBool := false
-			patch.IsGated = &falseBool
-		}
 	}
 	if c.IsSet("timeout") {
 		v := int64(timeout / time.Minute)

docs/docs/30-administration/11-forges/100-addon.md

@@ -38,7 +38,7 @@ Addons use RPC to communicate to the server and are implemented using the [`go-p
 
 This example will use the Go language.
 
-Directly import Woodpecker's Go packages (`go.woodpecker-ci.org/woodpecker/woodpecker/v2`) and use the interfaces and types defined there.
+Directly import Woodpecker's Go packages (`go.woodpecker-ci.org/woodpecker/v2`) and use the interfaces and types defined there.
 
 In the `main` function, just call `"go.woodpecker-ci.org/woodpecker/v2/server/forge/addon".Serve` with a `"go.woodpecker-ci.org/woodpecker/v2/server/forge".Forge` as argument.
 This will take care of connecting the addon forge to the server.

docs/src/pages/migrations.md

@@ -10,6 +10,7 @@ This will be the next version of Woodpecker.
 
 ## User migrations
 
+- `gated` has been replaced by `require-approval`
 - Removed built-in environment variables:
   - `CI_COMMIT_URL` use `CI_PIPELINE_FORGE_URL`
   - `CI_STEP_FINISHED` as empty during execution

pipeline/backend/kubernetes/pod.go

@@ -437,7 +437,7 @@ func podSecurityContext(sc *SecurityContext, secCtxConf SecurityContextConfig, s
 		apparmor = apparmorProfile(sc.ApparmorProfile)
 	}
 
-	if nonRoot == nil && user == nil && group == nil && fsGroup == nil && seccomp == nil {
+	if nonRoot == nil && user == nil && group == nil && fsGroup == nil && seccomp == nil && apparmor == nil {
 		return nil
 	}
 

server/api/repo.go

@@ -258,12 +258,9 @@ func PatchRepo(c *gin.Context) {
 			c.String(http.StatusBadRequest, "Invalid require-approval setting")
 			return
 		}
-	} else if in.IsGated != nil { // TODO: remove isGated in next major release
+	} else if in.IsGated != nil {
-		if *in.IsGated {
+		c.String(http.StatusBadRequest, "'gated' option has been removed, use 'require-approval' in >= 3.0")
-			repo.RequireApproval = model.RequireApprovalAllEvents
+		return
-		} else {
-			repo.RequireApproval = model.RequireApprovalForks
-		}
 	}
 	if in.Timeout != nil {
 		repo.Timeout = *in.Timeout

server/forge/addon/client.go

@@ -139,8 +139,8 @@ func (g *RPC) Repo(_ context.Context, u *model.User, remoteID model.ForgeRemoteI
 		return nil, err
 	}
 
-	var resp *modelRepo
+	var resp modelRepo
-	err = json.Unmarshal(jsonResp, resp)
+	err = json.Unmarshal(jsonResp, &resp)
 	if err != nil {
 		return nil, err
 	}

server/forge/addon/server.go

@@ -54,8 +54,8 @@ func (s *RPCServer) URL(_ []byte, resp *string) error {
 }
 
 func (s *RPCServer) Teams(args []byte, resp *[]byte) error {
-	var a *modelUser
+	var a modelUser
-	err := json.Unmarshal(args, a)
+	err := json.Unmarshal(args, &a)
 	if err != nil {
 		return err
 	}
@@ -82,8 +82,8 @@ func (s *RPCServer) Repo(args []byte, resp *[]byte) error {
 }
 
 func (s *RPCServer) Repos(args []byte, resp *[]byte) error {
-	var a *modelUser
+	var a modelUser
-	err := json.Unmarshal(args, a)
+	err := json.Unmarshal(args, &a)
 	if err != nil {
 		return err
 	}
@@ -261,12 +261,12 @@ func (s *RPCServer) Hook(args []byte, resp *[]byte) error {
 }
 
 func (s *RPCServer) Login(args []byte, resp *[]byte) error {
-	var a *types.OAuthRequest
+	var a types.OAuthRequest
-	err := json.Unmarshal(args, a)
+	err := json.Unmarshal(args, &a)
 	if err != nil {
 		return err
 	}
-	user, red, err := s.Impl.Login(mkCtx(), a)
+	user, red, err := s.Impl.Login(mkCtx(), &a)
 	if err != nil {
 		return err
 	}

server/pipeline/gated.go

@@ -31,23 +31,25 @@ func needsApproval(repo *model.Repo, pipeline *model.Pipeline) bool {
 		return false
 	}
 
+	switch repo.RequireApproval {
 	// repository allows all events without approval
-	if repo.RequireApproval == model.RequireApprovalNone {
+	case model.RequireApprovalNone:
 		return false
-	}
 
 	// repository requires approval for pull requests from forks
+	case model.RequireApprovalForks:
 		if pipeline.Event == model.EventPull && pipeline.FromFork {
 			return true
 		}
 
 	// repository requires approval for pull requests
-	if pipeline.Event == model.EventPull && repo.RequireApproval == model.RequireApprovalPullRequests {
+	case model.RequireApprovalPullRequests:
+		if pipeline.Event == model.EventPull {
 			return true
 		}
 
 		// repository requires approval for all events
-	if repo.RequireApproval == model.RequireApprovalAllEvents {
+	case model.RequireApprovalAllEvents:
 		return true
 	}
 

server/services/config/forge.go

@@ -140,9 +140,9 @@ func (f *forgeFetcherContext) checkPipelineFile(c context.Context, config string
 func (f *forgeFetcherContext) getFirstAvailableConfig(c context.Context, configs []string) ([]*types.FileMeta, error) {
 	var forgeErr []error
 	for _, fileOrFolder := range configs {
+		log.Trace().Msgf("fetching %s from forge", fileOrFolder)
 		if strings.HasSuffix(fileOrFolder, "/") {
 			// config is a folder
-			log.Trace().Msgf("fetching %s from forge", fileOrFolder)
 			files, err := f.forge.Dir(c, f.user, f.repo, f.pipeline, strings.TrimSuffix(fileOrFolder, "/"))
 			// if folder is not supported we will get a "Not implemented" error and continue
 			if err != nil {

server/store/datastore/migration/019_gated_to_require_approval.go

@@ -26,10 +26,8 @@ var gatedToRequireApproval = xormigrate.Migration{
 	ID: "gated-to-require-approval",
 	MigrateSession: func(sess *xorm.Session) (err error) {
 		const (
-			RequireApprovalNone         string = "none"
+			requireApprovalOldNotGated string = "old_not_gated"
-			RequireApprovalForks        string = "forks"
+			requireApprovalAllEvents   string = "all_events"
-			RequireApprovalPullRequests string = "pull_requests"
-			RequireApprovalAllEvents    string = "all_events"
 		)
 
 		type repos struct {
@@ -45,25 +43,17 @@ var gatedToRequireApproval = xormigrate.Migration{
 
 		// migrate gated repos
 		if _, err := sess.Exec(
-			builder.Update(builder.Eq{"require_approval": RequireApprovalAllEvents}).
+			builder.Update(builder.Eq{"require_approval": requireApprovalAllEvents}).
 				From("repos").
 				Where(builder.Eq{"gated": true})); err != nil {
 			return err
 		}
 
-		// migrate public repos to new default require approval
+		// migrate non gated repos to old_not_gated (no approval required)
 		if _, err := sess.Exec(
-			builder.Update(builder.Eq{"require_approval": RequireApprovalForks}).
+			builder.Update(builder.Eq{"require_approval": requireApprovalOldNotGated}).
 				From("repos").
-				Where(builder.Eq{"gated": false, "visibility": "public"})); err != nil {
+				Where(builder.Eq{"gated": false})); err != nil {
-			return err
-		}
-
-		// migrate private repos to new default require approval
-		if _, err := sess.Exec(
-			builder.Update(builder.Eq{"require_approval": RequireApprovalNone}).
-				From("repos").
-				Where(builder.Eq{"gated": false}.And(builder.Neq{"visibility": "public"}))); err != nil {
 			return err
 		}
 

server/store/datastore/migration/022_set-new-defaults-for-require_approval.go

@@ -0,0 +1,62 @@
+// Copyright 2024 Woodpecker Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package migration
+
+import (
+	"fmt"
+
+	"src.techknowlogick.com/xormigrate"
+	"xorm.io/builder"
+	"xorm.io/xorm"
+)
+
+var setNewDefaultsForRequireApproval = xormigrate.Migration{
+	ID: "set-new-defaults-for-require-approval",
+	MigrateSession: func(sess *xorm.Session) (err error) {
+		const (
+			RequireApprovalOldNotGated string = "old_not_gated"
+			RequireApprovalNone        string = "none"
+			RequireApprovalForks       string = "forks"
+			RequireApprovalAllEvents   string = "all_events"
+		)
+
+		type repos struct {
+			RequireApproval string `xorm:"require_approval"`
+			Visibility      string `xorm:"varchar(10) 'visibility'"`
+		}
+
+		if err := sess.Sync(new(repos)); err != nil {
+			return fmt.Errorf("sync new models failed: %w", err)
+		}
+
+		// migrate public repos to require approval for forks
+		if _, err := sess.Exec(
+			builder.Update(builder.Eq{"require_approval": RequireApprovalForks}).
+				From("repos").
+				Where(builder.Eq{"require_approval": RequireApprovalOldNotGated, "visibility": "public"})); err != nil {
+			return err
+		}
+
+		// migrate private repos to require no approval
+		if _, err := sess.Exec(
+			builder.Update(builder.Eq{"require_approval": RequireApprovalNone}).
+				From("repos").
+				Where(builder.Eq{"require_approval": RequireApprovalOldNotGated}.And(builder.Neq{"visibility": "public"}))); err != nil {
+			return err
+		}
+
+		return nil
+	},
+}

server/store/datastore/migration/migration.go

@@ -50,6 +50,7 @@ var migrationTasks = []*xormigrate.Migration{
 	&gatedToRequireApproval,
 	&removeRepoNetrcOnlyTrusted,
 	&renameTokenFields,
+	&setNewDefaultsForRequireApproval,
 }
 
 var allBeans = []any{

web/src/assets/locales/de.json

@@ -518,7 +518,8 @@
         "not_started": "noch nicht gestartet",
         "sec_short": "sek",
         "template": "DD.MM.YYYY, HH:mm z",
-        "weeks_short": "w"
+        "weeks_short": "w",
+        "just_now": "gerade eben"
     },
     "unknown_error": "Ein unbekannter Fehler ist aufgetreten",
     "update_woodpecker": "Du solltest deine Woodpecker-Instanz auf {0} aktualisieren",

woodpecker-go/woodpecker/types.go

@@ -80,7 +80,6 @@ type (
 	RepoPatch struct {
 		Config          *string       `json:"config_file,omitempty"`
 		IsTrusted       *bool         `json:"trusted,omitempty"`
-		IsGated         *bool         `json:"gated,omitempty"` // TODO: remove in next major release
 		RequireApproval *ApprovalMode `json:"require_approval,omitempty"`
 		Timeout         *int64        `json:"timeout,omitempty"`
 		Visibility      *string       `json:"visibility"`