petru/gitea
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases 2 Wiki Activity

Added - Added optional sensitive-secret import for installer app.ini uploads.
release-nightly / nightly-binary (push) Has been cancelled
Details
release-nightly / nightly-container (push) Has been cancelled
Details

Browse Source 
- 1 - I added an explicit installer checkbox for importing sensitive secrets from `app.ini` in `templates/install.tmpl`.
- 2 - I extended the installer form, submit pipeline, and final config writer so the optional import reuses `LFS_JWT_SECRET`, `INTERNAL_TOKEN`, and `oauth2.JWT_SECRET` from the uploaded `app.ini` instead of generating new values, including a submit-time fallback that re-reads the uploaded file if the checkbox was enabled after the first auto-import.
- 3 - I finalized secret resolution for both direct values and `LFS_JWT_SECRET_URI` / `INTERNAL_TOKEN_URI` / `JWT_SECRET_URI` file-based references, and added regression coverage for direct imports, URI-based imports, the real `POST /import_app_ini` flow, and the persisted `app.ini` output.
This commit is contained in:
petru
2026-05-12 20:35:52 +00:00
parent e69839ed88
commit 512e577c3f
13 changed files with 457 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.update-gitea.sh
Executable
+151
View File
@@ -0,0 +1,151 @@
#!/usr/bin/env bash
set -euo pipefail
# This script safely updates the current local branch on top of the official
# Gitea upstream without losing local work.
# It:
# 1. checks that no git operation is already in progress;
# 2. ensures the upstream remote exists and points to the official repository;
# 3. creates a local backup branch at the current HEAD;
# 4. stashes tracked and untracked local changes;
# 5. fetches the latest upstream changes and rebases the current branch on top
# of upstream/main;
# 6. reapplies the local stash only after a successful rebase.
# If a conflict happens, the backup branch and the stash are both kept so the
# local work can be recovered manually.
BRANCH="${BRANCH:-main}"
REMOTE_NAME="${REMOTE_NAME:-upstream}"
REMOTE_URL="${REMOTE_URL:-https://github.com/go-gitea/gitea.git}"
say() {
printf '%s\n' "$*"
}
die() {
say "ERROR: $*" >&2
exit 1
}
ensure_git_repo() {
git rev-parse --show-toplevel >/dev/null 2>&1 || die "This script must be run inside a git repository."
}
ensure_no_git_operation_in_progress() {
local git_path
for git_path in rebase-merge rebase-apply MERGE_HEAD CHERRY_PICK_HEAD REVERT_HEAD BISECT_LOG; do
if [ -e "$(git rev-parse --git-path "$git_path")" ]; then
die "A git operation is already in progress ($git_path). Finish it before running this script."
fi
done
if [ -n "$(git diff --name-only --diff-filter=U)" ]; then
die "There are unmerged files in the working tree. Resolve them first."
fi
}
ensure_current_branch() {
CURRENT_BRANCH="$(git symbolic-ref --quiet --short HEAD || true)"
[ -n "$CURRENT_BRANCH" ] || die "Detached HEAD is not supported. Check out a branch first."
}
ensure_upstream_remote() {
local current_remote_url
if current_remote_url="$(git remote get-url "$REMOTE_NAME" 2>/dev/null)"; then
if [ "$current_remote_url" != "$REMOTE_URL" ]; then
die "Remote '$REMOTE_NAME' points to '$current_remote_url', expected '$REMOTE_URL'."
fi
return
fi
say "Adding remote '$REMOTE_NAME'..."
git remote add "$REMOTE_NAME" "$REMOTE_URL"
}
create_backup_branch() {
local safe_branch_name timestamp
safe_branch_name="${CURRENT_BRANCH//\//-}"
timestamp="$(date +%Y%m%d-%H%M%S)"
BACKUP_BRANCH="backup/${safe_branch_name}-before-upstream-sync-${timestamp}"
git branch "$BACKUP_BRANCH" HEAD >/dev/null
say "Backup branch created: $BACKUP_BRANCH"
}
stash_local_changes() {
local timestamp
STASH_REF=""
if git diff --quiet && git diff --cached --quiet && [ -z "$(git ls-files --others --exclude-standard)" ]; then
say "No local tracked/untracked changes to stash."
return
fi
timestamp="$(date +%Y%m%d-%H%M%S)"
STASH_NAME="pre-upstream-sync-${CURRENT_BRANCH//\//-}-${timestamp}"
say "Stashing local tracked and untracked changes..."
git stash push --include-untracked --message "$STASH_NAME" >/dev/null
STASH_REF="$(git stash list -1 --format='%gd')"
[ -n "$STASH_REF" ] || die "Failed to locate the created stash entry."
say "Local changes saved in $STASH_REF"
}
fetch_upstream() {
say "Fetching latest changes from $REMOTE_NAME/$BRANCH..."
git fetch --prune "$REMOTE_NAME"
git show-ref --verify --quiet "refs/remotes/$REMOTE_NAME/$BRANCH" || die "Remote branch '$REMOTE_NAME/$BRANCH' was not found."
}
rebase_onto_upstream() {
say "Rebasing '$CURRENT_BRANCH' onto '$REMOTE_NAME/$BRANCH'..."
if git rebase "$REMOTE_NAME/$BRANCH"; then
say "Rebase completed successfully."
return
fi
say "Rebase stopped because of conflicts."
say "Backup branch kept at: $BACKUP_BRANCH"
if [ -n "$STASH_REF" ]; then
say "Local stash kept at: $STASH_REF"
fi
say "Resolve conflicts and run 'git rebase --continue', or abort with 'git rebase --abort'."
exit 1
}
restore_stash() {
if [ -z "$STASH_REF" ]; then
return
fi
say "Restoring stashed local changes from $STASH_REF..."
if git stash apply --index "$STASH_REF"; then
git stash drop "$STASH_REF" >/dev/null
say "Local changes restored successfully."
return
fi
say "Conflicts occurred while restoring local changes."
say "Backup branch kept at: $BACKUP_BRANCH"
say "Stash kept at: $STASH_REF"
say "Resolve the conflicts manually. After that, drop the stash yourself if it is no longer needed."
exit 1
}
main() {
ensure_git_repo
ensure_no_git_operation_in_progress
ensure_current_branch
ensure_upstream_remote
create_backup_branch
stash_local_changes
fetch_upstream
rebase_onto_upstream
restore_stash
say "Project is now synchronized with $REMOTE_NAME/$BRANCH."
say "Safety backup branch available at: $BACKUP_BRANCH"
}
main "$@"