Conversation
lunny
added
type/bug
type/refactoring
GiteaBot
added
the
lgtm/need 2
github-actions
bot
added
modifies/api
|
"// Trim '--' prefix to prevent command line argument vulnerability." How it can be right? Where is the vulnerability? If you think there is a vulnerability, why don't you fix the branch names? |
Removed at 9e37d1b which introduced at 0a78d99#diff-ff6356f0c6f4aae97d82e1c488527eb91065a8a7e474add4e74cdc5bd167f7caR70-R71 |
|
This is ready to review now. |
There was a problem hiding this comment.
Pull request overview
Reworks release/tag creation flows to support UI-created tags, adds invalid tag name checks, and threads request context through release service calls.
Changes:
- Introduced
createGitTagand refactoredCreateRelease,CreateNewTag, andUpdateReleaseto usecontext.Contextand handle existing tags. - Updated web/API/test call sites to pass context into
CreateRelease. - Improved branch creation error handling by adding invalid tag name feedback.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/integration/mirror_pull_test.go | Updates integration test to pass context into CreateRelease. |
| services/release/release_test.go | Updates tests for new CreateRelease signature and adds basic createGitTag coverage. |
| services/release/release.go | Major refactor: new createGitTag, context-aware CreateRelease, updated CreateNewTag + UpdateRelease logic. |
| routers/web/repo/release.go | Updates UI release creation to call new CreateRelease(ctx, ...) and removes pre-check for target branch existence. |
| routers/web/repo/branch.go | Refactors error handling and adds handling for invalid tag names. |
| routers/api/v1/repo/release.go | Updates API endpoint to call new CreateRelease(ctx, ...). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if rel.Repo == nil || rel.Publisher == nil { | ||
| return errors.New("repo or publisher is not loaded") | ||
| } |
There was a problem hiding this comment.
It is definitely a programming error, why you tolerate it to happen?
| switch { | ||
| case err == nil: | ||
| return nil | ||
| case strings.Contains(err.Error(), "is not a valid tag name"): |
| case release_service.IsErrProtectedTagName(err): | ||
| ctx.RenderWithErr(ctx.Tr("repo.release.tag_name_protected"), tplReleaseNew, &form) | ||
| case git.IsErrNotExist(err): | ||
| ctx.RenderWithErr(ctx.Tr("repo.release.tag_target_not_exist", form.Target), tplReleaseNew, &form) |
There was a problem hiding this comment.
You should use new JSON-based "form-fetch-action", instead of the fragile RenderWithErr. In most cases, RenderWithErr is wrong and the template is not able to recover to the correct state.
| return false, ErrProtectedTagName{ | ||
| TagName: rel.TagName, | ||
| if rel.PublisherID <= 0 { | ||
| u, err := user_model.GetUserByEmail(ctx, commit.Author.Email) |
There was a problem hiding this comment.
Why you trust the commit's email and use it for Gitea's user?
Does it mean that I can use your email to create a commit then create a release, and then the publisher is recognized as you?
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com>
4 participants
CreateRelease,CreateNewTagandUpdateRelease