mirrors/git-pages
1
0
Fork 0
mirror of https://codeberg.org/git-pages/git-pages.git synced 2026-05-14 03:01:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
430 Commits 3 Branches 13 Tags
3830af5392aea8cd8f2bfafb04842d9f038eeb64
Commit Graph

430 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
woodpecker-bot
3830af5392 [Renovate] Update all dependencies v0.6.0 2026-03-07 03:32:16 +00:00
miyuko
9e9664013b Record the authorized forge user's name in the audit log. 2026-03-03 03:21:40 +00:00
miyuko
3e377986bc Accept forge authorization for deleting a site. 2026-03-03 01:29:27 +00:00
miyuko
c85c7327bf Reword the code comment regarding the webhook delivery timer. 2026-03-03 01:29:03 +00:00
woodpecker-bot
886ee2ddae [Renovate] Update all dependencies v0.5.0 2026-02-28 00:29:38 +00:00
woodpecker-bot
ac751e23b5 [Renovate] Update module golang.org/x/net to v0.51.0 [SECURITY] 2026-02-28 00:29:01 +00:00
woodpecker-bot
ebe7d07b3b [Renovate] Update all dependencies 2026-02-21 23:56:24 +00:00
woodpecker-bot
4f14c345a6 [Renovate] Update all dependencies 2026-02-14 00:15:28 +00:00
miyuko
7e293d6ef9 Normalize archive member names. 2026-02-10 15:34:13 +00:00
woodpecker-bot
f7067b939b [Renovate] Update module github.com/go-git/go-billy/v6 to v6.0.0-20260207062542-7cf3dc9049c3 2026-02-08 00:35:21 +00:00
woodpecker-bot
6bf4200f26 [Renovate] Update all dependencies 2026-02-07 00:15:58 +00:00
Catherine
e9a5a901ec Improve panic messages in ApplyTarPatch. 2026-02-03 09:51:22 +00:00
woodpecker-bot
d3c8db6229 [Renovate] Update all dependencies 2026-01-24 00:18:54 +00:00
Catherine
8f811147d6 Enable Sentry telemetry buffer by default. 
No observed issues on Grebedoc for a month, so it should be stable now.
 2026-01-19 02:41:15 +00:00
Catherine
0d33c64372 [breaking-change] Only allow a single [[wildcard]].index-repo. 
The git-pages webhook security model depends on there being
a 1:1 mapping between site URLs and repositories; being able to
specify multiple of them breaks this model, as anyone could switch
the published site from one to the other if both repositories exist.
 2026-01-19 02:25:01 +00:00
Catherine
9b25ccdc35 CI: update to Go 1.25.6. 
To address CVE-2025-61728.
v0.4.0 		2026-01-17 00:29:38 +00:00
woodpecker-bot
18012d46e8 [Renovate] Update all dependencies 2026-01-17 00:22:21 +00:00
woodpecker-bot
750f76aa9d [Renovate] Update https://code.forgejo.org/actions/checkout action to v6.0.2 2026-01-11 00:27:31 +00:00
woodpecker-bot
6019a64c41 [Renovate] Update all dependencies 2026-01-10 00:20:46 +00:00
woodpecker-bot
890029a98d [Renovate] Update all dependencies 2026-01-03 00:11:55 +00:00
bin
cf26a89026 nix: use gomod2nix. 2025-12-29 04:37:41 -05:00
woodpecker-bot
b75c37f651 [Renovate] Update module github.com/go-git/go-git/v6 to v6.0.0-20251224103503-78aff6aa5ea9 2025-12-28 23:28:36 +00:00
Catherine
c84e773df1 Update module codeberg.org/git-pages/go-headers to v1.1.1. 2025-12-28 23:22:46 +00:00
Catherine
07133df6d2 Fix the Docker build script. 2025-12-24 14:44:23 +00:00
Catherine
1f1927d95d Log Accept: value for HEAD/GET requests. 
Instead of `Content-Type:` which is essentially never relevant.
 2025-12-24 14:28:16 +00:00
David Leadbeater
7334b8f637 Add a Vary header when content negotiation happens 
Without this, if a cache first sees a compressed version of the request,
it will return that for potentially any future requests, even if they
don't request compression.
 2025-12-24 14:36:23 +11:00
Catherine
96f210d253 Clear git metadata from PATCH'd manifests. 2025-12-24 02:18:09 +00:00
Catherine
a4bfa82388 Configure Renovate commit messages. 2025-12-24 00:19:20 +00:00
Catherine
338957eb3f Switch CI to self-hosted runners. 2025-12-23 17:37:16 +00:00
Catherine
26d9d784ba Configure Renovate commit messages. 2025-12-23 12:52:33 +00:00
woodpecker-bot
f163b9a42a chore(deps): update module github.com/maypok86/otter/v2 to v2.3.0 2025-12-23 12:48:37 +00:00
David Leadbeater
04729c1f48 Ensure leading directories always exist in manifest 
When extracting from an archive it is possible the leading directories
are not part of the archive. Add them to the manifest as otherwise the
behaviour of "index.html" varies depending how the archive was created.
 2025-12-23 13:40:05 +01:00
miyuko
121f557048 Fix go vet and staticcheck not performing any work in CI. 2025-12-22 16:10:55 +00:00
miyuko
c5df116673 Scrub the Forge-Authorization header from Sentry events. 2025-12-22 14:35:02 +00:00
woodpecker-bot
71fd1c39df chore(deps): update all dependencies 2025-12-22 00:47:56 +00:00
Catherine
d97f5ac056 Fix manifest StoredSize field being always zero. 2025-12-16 20:05:35 +00:00
Catherine
79407ba406 Fix timeout bug introduced in commit 9c6f735d. 
This bug would cause POST hooks triggered for large repositories to
silently fail.

We need the update context to have the principal (which is tied to
the HTTP request), but not the cancellation (which is also tied to
the HTTP request and is triggered once the request is done either way).
 2025-12-16 14:43:36 +00:00
David Leadbeater
937aadc5d3 Allow setting custom Cache-Control headers via _headers 
Before this change Cache-Control header would always be overridden, this
change allows custom Cache-Control, provided Cache-Control is added to
the header allow list.
 2025-12-15 21:02:25 +11:00
Catherine
24dbab6813 Begin paths with / in problem report. 
Otherwise you get reports like:

    (archive)
    : directory shadows redirect "/ /foo 301"; remove the directory or use a 301! forced redirect instead
 2025-12-14 19:47:28 +00:00
Catherine
30b6db2758 Limit amount of data fetched from git repository. 
Like limiting the size of an archive, it is a supplementary check meant
to limit resource consumption prior to the final check done in
`StoreManifest()`.
 2025-12-14 19:42:25 +00:00
Catherine
7655400560 Limit original size of the contents of a site manifest. 
The limit is applied to the original size and not compressed size for
predictability and fairness.
 2025-12-14 19:30:45 +00:00
woodpecker-bot
32ccb0920f chore(deps): update all dependencies 2025-12-13 05:26:59 +00:00
Catherine
c88d04c71b Add a relaxed-idna feature to allow some uses of _ in hostnames. 
This is added to aid migration from Codeberg Pages v2. Forgejo allows
both `_` and `-` in usernames, and it is necessary to be able to accept
host names like `user_name.codeberg.page` under a wildcard domain.
(It is not possible to get a TLS certificate for a host name like this,
so only a wildcard certificate will be able to cover it.)
 2025-12-12 02:27:22 +00:00
David Leadbeater
86845f2505 Check for overflow when calculating size of zip 2025-12-12 01:24:24 +00:00
Catherine
7f112a761c Simplify signal handling code. 
This does not require `//go:build`.
 2025-12-11 10:09:50 +00:00
David Leadbeater
a9cf69c04a Ensure the branch parameter really is a branch 
Currently you can specify "Branch: HEAD" or "Branch: refs/tags/v1" and
go-git will resolve it to the relevant ref. Given the HTTP header is
called Branch this is confusing.
 2025-12-11 17:18:19 +11:00
Catherine
132d093021 Implement -audit-rollback. 
This feature is useful if you need to restore data after an accidental
overwrite or compromise.
 2025-12-11 03:12:57 +00:00
David Leadbeater
62917824fa Support zstd inside zip files. 
Given this is already depending on zstd I don't see a reason not to.

Can be tested with libarchive via: `bsdtar -a --options zip:compression=zstd -cf file.zip files...`

Reviewed-on: https://codeberg.org/git-pages/git-pages/pulls/91
Co-authored-by: David Leadbeater <dgl@dgl.cx>
Co-committed-by: David Leadbeater <dgl@dgl.cx>
 2025-12-09 06:16:30 +01:00
Catherine
62ef4a5366 Make project name validation more consistent and stricter. 
Previously, you could issue e.g. a `GET /%2e%2e/%2e%2e` and it would
get interpreted as a parent directory path segment in the handler.
This didn't result in a path traversal vulnerability when passed to
the S3 backend because of a `path.Clean()` call indirectly done by
`makeWebRoot()`, but it's prudent to not take chances.
 2025-12-07 20:24:50 +00:00
Catherine
8fa986015d Process IDNA host names. 2025-12-07 19:28:05 +00:00