profile
viewpoint
ᴜɴᴋɴᴡᴏɴ unknwon @sourcegraph Hangzhou, China https://unknwon.io ʟɪғᴇ ɪs ᴍᴀɢɪᴄ. ᴄᴏᴅɪɴɢ ɪs ᴀʀᴛ.

unknwon/go-fundamental-programming 7476

《Go 编程基础》是一套针对 Google 出品的 Go 语言的视频语音教程,主要面向新手级别的学习者。

unknwon/go-study-index 3676

Go 语言学习资料索引

unknwon/go-web-foundation 2517

《Go Web 基础》是一套针对 Google 出品的 Go 语言的视频语音教程,主要面向完成《Go 编程基础》教程后希望进一步了解有关 Go Web 开发的学习者。

unknwon/go-rock-libraries-showcases 1520

《Go名库讲解》是一套针对 Google 出品的 Go 语言的第三方库进行评测讲解的集博客、示例与语音视频为一体的综合教程,适合完成学习完成《Go编程基础》教程的学习者。

studygolang/GCTT 1138

GCTT Go中文网翻译组。

unknwon/com 618

This is an open source project for commonly used functions for the Go programming language.

unknwon/gowalker 609

Go Walker is a server that generates Go projects API documentation on the fly.

unknwon/building-web-applications-in-go 550

Go 语言 Web 应用开发系列教程,从新手到双手残废

unknwon/goconfig 547

Package goconfig is a fully functional and comments-support configuration file (.ini) parser.

unknwon/bra 356

Bra (Brilliant Ridiculous Assistant) is a command line utility tool.

issue commentgogs/gogs

Generate New Token button doesn't take any actions

@aeltawela Thanks!

  • What browser you're using? Can you use the same browser and reproduce this behavior on https://try.gogs.io?
  • Can you check the Console tab see if there is any error?
aeltawela

comment created time in 18 minutes

pull request commentgo-ini/ini

Add extends functionality to allow embedded fields

Thanks for the PR!

I feel like we're abusing the struct tags 😂

Any reason why the same purpose can't be achieved by:

type testExtend struct {
	BaseStruct `ini:"extended"`
	Extend     bool
}

Which indicates the section name directly?

zeripath

comment created time in 27 minutes

issue commentgogs/gogs

Generate New Token button doesn't take any actions

Screen Shot 2020-09-26 at 10 41 51 PM

I've enabled 2FA, then able to create a new token.

aeltawela

comment created time in 31 minutes

IssuesEvent

issue commentgogs/gogs

Generate New Token button doesn't take any actions

Haha, let me see if I can reproduce on 0.12.2 (I can't reproduce on try.gogs.io).

aeltawela

comment created time in 33 minutes

pull request commentgo-macaron/session

Add ability to set cookie SameSite attribute

A new release has been created for this merge: https://github.com/go-macaron/session/releases/tag/v1.0.0

lfuelling

comment created time in 34 minutes

created taggo-macaron/session

tagv1.0.0

Package session is a middleware that provides the session management of Macaron.

created time in 35 minutes

release go-macaron/session

v1.0.0

released time in 35 minutes

push eventgo-macaron/session

Lerk

commit sha 6021384dc9051849322e3e06752efeadb64b693b

Add ability to set cookie SameSite attribute (#38)

view details

push time in 35 minutes

PR merged go-macaron/session

Add ability to set cookie SameSite attribute

Hi,

This adds the ability to set the cookie SameSite attribute as requested in #14.

This implementation is using a boolean param that switches between Lax and Strict because I was unsure if it was okay to use Go types in the Options because they only contain primitives.

+11 -0

1 comment

1 changed file

lfuelling

pr closed time in 35 minutes

issue closedgo-macaron/session

How do I set the SameSite option on the session cookies?

https://tools.ietf.org/html/draft-west-first-party-cookies-07

closed time in 35 minutes

lol768
PullRequestReviewEvent

issue closedgogs/gogs

Generate New Token button doesn't take any actions

<!--

First of all, please read https://www.chiark.greenend.org.uk/~sgtatham/bugs.html.

If you don't want to read, it's up to you. But don't waste your time continue reporting.

The issue will be closed without any explanation if it does not satisfy any of following requirements:

  1. Please speak English, we have forum in 中文: https://discuss.gogs.io/c/getting-help/getting-help-chinese.
  2. Please post any questions, configuration or deploy problems on our forum: https://discuss.gogs.io.
  3. Please do not end your title with a question mark or period.
  4. Please take a moment to search and make sure the issue doesn't already exist.
  5. Please give all relevant information below for bug reports; incomplete details are considered invalid report.

-->

Describe the bug <!-- A clear and concise description of what the bug is -->

Gogs version and commit <!-- The version number or the commit SHA of the Gogs instance you use. You can find these information in the admin dashboard ("/admin"). -->

Git version

$ git version

Operating system Alpine in docker container

Database sqlite

To Reproduce

  1. Install a fresh gogs Application version 0.12.1 Git version 2.26.2 Go version go1.15.2

Can you reproduce the bug at https://try.gogs.io? <!-- If yes, please provide the example URL; if no, please explain why -->

Expected behavior <!-- A clear and concise description of what you expected to happen -->

Actual behavior <!-- A clear and concise description of what you see instead -->

Screenshots <!-- If applicable, add screenshots to help explain your problem -->

Additional context <!-- Please include any error logs found in log/gogs.log -->

closed time in 37 minutes

aeltawela

issue commentgogs/gogs

Generate New Token button doesn't take any actions

Please fill in details :)

aeltawela

comment created time in 37 minutes

PullRequestReviewEvent
PullRequestReviewEvent
PullRequestReviewEvent
PullRequestReviewEvent

issue closedgogs/gogs

can't use token git clone

option: git clone https://xishengcai:e6f05c90be5ca4052b5e8d144f8bc4cdebxxxx@try.gogs.io/xishengcai/cloud.git

result: Cloning into 'cloud'... fatal: Authentication failed for 'https://try.gogs.io/xishengcai/cloud.git/'

closed time in an hour

xishengcai

issue commentgogs/gogs

can't use token git clone

Try git clone e6f05c90be5ca4052b5e8d144f8bc4cdebxxxx@try.gogs.io/xishengcai/cloud.git

xishengcai

comment created time in an hour

issue commentgogs/gogs

Gogs respone time very slow [20-40 seconds] after update when served through Nginx ssl proxy

FYI, 0.13 removed/renamed some config options as listed here: https://github.com/gogs/gogs/blob/main/CHANGELOG.md#removed

That could be a cause, you can pin to gogs/gogs:0.12 as a way of not changing the config right now.

Besides, try to turn on the offline mode:

https://github.com/gogs/gogs/blob/211a1394b86dafc90d73d5d622ca85686c2fb5f6/conf/app.ini#L43-L44

If that still doesn't help, please attach a screenshot of Chrome DevTools > Network see which requests are being slow.

Screen Shot 2020-09-26 at 10 10 33 PM

ziSo12

comment created time in an hour

issue closedgogs/gogs

can you release a version for arm64? please

I tried to compile it by self,but golang for me it's too difficult to use. I can't compile it success, can you help me? please

closed time in an hour

codeoflin

issue commentgogs/gogs

can you release a version for arm64? please

Will do on next release :)

Is it arm64/armv8 what you're looking for?

codeoflin

comment created time in an hour

issue commentgogs/gogs

Package/publish/host helm chart

Thanks for the suggestion!

However, I'm not well equipped to understand what is supposed to happen here because never used Helm chart before.

So my questions are:

  • What is missing?
  • What should be done?
mhio

comment created time in an hour

issue commentgogs/gogs

mssql database file could not be found

Hi, I do not understand what does it mean that "mssql database file could not be found"? Can you elaborate more (I've never used MSSQL so have no idea what's going on)?

wjl1627

comment created time in an hour

push eventgogs/gogs

dependabot-preview[bot]

commit sha 211a1394b86dafc90d73d5d622ca85686c2fb5f6

build(deps): bump gorm.io/driver/postgres from 1.0.0 to 1.0.1 (#6351) Bumps [gorm.io/driver/postgres](https://github.com/go-gorm/postgres) from 1.0.0 to 1.0.1. - [Release notes](https://github.com/go-gorm/postgres/releases) - [Commits](https://github.com/go-gorm/postgres/compare/v1.0.0...v1.0.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

view details

push time in an hour

delete branch gogs/gogs

delete branch : dependabot/go_modules/gorm.io/driver/postgres-1.0.1

delete time in an hour

PR merged gogs/gogs

build(deps): bump gorm.io/driver/postgres from 1.0.0 to 1.0.1 🤖 dependencies

Bumps gorm.io/driver/postgres from 1.0.0 to 1.0.1. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/go-gorm/postgres/commit/1d0612061fb9fad26c15b10bab0551735a61a1e8"><code>1d06120</code></a> Fix index type support, close <a href="https://github-redirect.dependabot.com/go-gorm/postgres/issues/3495">#3495</a></li> <li><a href="https://github.com/go-gorm/postgres/commit/27487897c53bfe629a8f654e3783e568f70f07bb"><code>2748789</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/go-gorm/postgres/issues/7">#7</a> from go-gorm/dependabot/go_modules/gorm.io/gorm-1.20.1</li> <li><a href="https://github.com/go-gorm/postgres/commit/327a75c8980c60bd59b6f1e150a38e5a9b03eb1a"><code>327a75c</code></a> Bump gorm.io/gorm from 1.20.0 to 1.20.1</li> <li><a href="https://github.com/go-gorm/postgres/commit/b94d6c28c557b0e78e537281928d98190edc6058"><code>b94d6c2</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/go-gorm/postgres/issues/6">#6</a> from go-gorm/dependabot/go_modules/gorm.io/gorm-1.20.0</li> <li><a href="https://github.com/go-gorm/postgres/commit/b2976fc4f78741d1184330bb1c7f89abc6f9a1fa"><code>b2976fc</code></a> Bump gorm.io/gorm from 1.9.19 to 1.20.0</li> <li><a href="https://github.com/go-gorm/postgres/commit/81b47ddff0bd61e2f1e013b22b3565862708340c"><code>81b47dd</code></a> Create dependabot.yml</li> <li>See full diff in <a href="https://github.com/go-gorm/postgres/compare/v1.0.0...v1.0.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+3 -1

0 comment

2 changed files

dependabot-preview[bot]

pr closed time in an hour

push eventunknwon/the-way-to-go_ZH_CN

Jck

commit sha b4dbc14dd52842d0def12570aec47f9d5bab3348

修改前后不一致的表述方式 (#776)

view details

push time in an hour

PR merged unknwon/the-way-to-go_ZH_CN

修改前后不一致的表述方式
  • 添加赋值操作符左侧的空白
  • 修改函数描述
  • 八进制 -> 8 进制
    • 希望整本电子书可以统一进制的描述方式,个人倾向于中文的十六进制、八进制等:)
  • rune 类型 or runes
+5 -5

0 comment

2 changed files

jckling

pr closed time in an hour

PullRequestReviewEvent

issue closedgogs/gogs

Release 0.12.2

Before release

On develop branch:

  • [x] Update CHANGELOG to include entries for the current patch release, git log v0.12.1...HEAD --pretty=format:'- [ ] %H %s' --reverse:
    • [x] 98c65f319f4b94a022f3b46bdbcaea21ae934b92 web: correctly serving go-get pages for subdirs (#6318)
    • [x] 672625b55c6989a2fa9e516999255b6eff72aa1f gitutil: infer submodule with baseURL when it is a relative path (#6337)
    • [x] 9044afa40fbe9aaa78b6089573ab9bedb939a39e dep: update github.com/unknwon/cae to v1.0.2 (#6342)
    • [x] ca54cbd05502cd8679a7d7becd878bbb7e21664d action: fix issue reference regexp and error handling (#6352)

During release

On release branch:

  • [x] Update the hard-coded version to the current release, e.g. 0.12.0 -> 0.12.1.
  • [x] Wait for GitHub Actions to complete and no failed jobs.
  • [x] Publish a new GitHub release with entries from CHANGELOG for the current patch release and all previous releases with same minor version.
  • [x] Update all previous GitHub releases with same minor version with the warning:
    **ℹ️ Heads up! There is a new patch release [0.12.1](https://github.com/gogs/gogs/releases/tag/v0.12.1) available, we recommend directly installing or upgrading to that version.**
    
  • [x] Wait for a new Docker Hub tag for the current release to be created automatically.
  • [x] Update Docker image tag for the minor release <MAJOR>.<MINOR>, e.g. 0.12.
  • [x] Compile and pack binaries (all prefixed with gogs_<MAJOR>.<MINOR>.<PATCH>_, e.g. gogs_0.12.0_):
    • [x] macOS: darwin_amd64.zip
    • [x] Linux: linux_386.tar.gz, linux_386.zip, linux_amd64.tar.gz, linux_amd64.zip
    • [x] ARM: linux_armv7.tar.gz, linux_armv7.zip
    • [x] Windows: windows_amd64.zip, windows_amd64_mws.zip
  • [x] Generate SHA256 checksum for all binaries to the file checksum_sha256.txt.
  • [x] Upload all binaries to:
    • [x] GitHub release
    • [x] https://dl.gogs.io (also upload checksum_sha256.txt)
  • [x] Build, push and tag a new Docker image for ARM to Docker Hub.

After release

On develop branch:

  • [x] Update the repository mirror on Gitee.
  • [x] Reply to the release topic for the minor release on Gogs Discussion.

closed time in 4 hours

unknwon

issue commentgogs/gogs

"pre-receive hook declined" after running Gogs for some time on Windows

I've set up a 0.13.0+dev on a Windows server see if I can reproduce this problem after few hours.

ZantsuRocks

comment created time in 5 hours

push eventgogs/gogs

ᴜɴᴋɴᴡᴏɴ

commit sha 73e593622030cee1c3679fd95fa0f4cd4c4b8a1a

docs: update patch release issue template (#6353)

view details

push time in 5 hours

delete branch gogs/gogs

delete branch : docs-patch-release

delete time in 5 hours

PR merged gogs/gogs

docs: update patch release issue template
+3 -4

0 comment

1 changed file

unknwon

pr closed time in 5 hours

created taggogs/gogs

tagv0.12.2

Gogs is a painless self-hosted Git service

created time in 6 hours

release gogs/gogs

v0.12.2

released time in 6 hours

push eventgogs/gogs

ᴜɴᴋɴᴡᴏɴ

commit sha 253b2bef4c26925d2fd0555aa8911cd21fb68b8c

ci: update Go workflow from main

view details

push time in 6 hours

push eventgogs/gogs

ᴜɴᴋɴᴡᴏɴ

commit sha 1a051ae5f8b6eaf7e565ed8bb86be2d52063cf99

release: update version to 0.12.2

view details

push time in 6 hours

push eventgogs/gogs

ᴜɴᴋɴᴡᴏɴ

commit sha e4e46d8fbc6746e324ccccb6add4f73bd350948a

release: cut entries for 0.12.2 (#6355)

view details

push time in 6 hours

delete branch gogs/gogs

delete branch : changelog-0.12.2

delete time in 6 hours

PR merged gogs/gogs

release: cut entries for 0.12.2
+9 -5

0 comment

1 changed file

unknwon

pr closed time in 6 hours

PR opened gogs/gogs

release: cut entries for 0.12.2
+9 -5

0 comment

1 changed file

pr created time in 6 hours

create barnchgogs/gogs

branch : changelog-0.12.2

created branch time in 6 hours

push eventgogs/gogs

ᴜɴᴋɴᴡᴏɴ

commit sha 6c631ab09934655004cd3ec31e16d5a1dd10564b

Update issue_template_patch_release.md

view details

push time in 6 hours

push eventgogs/gogs

ᴜɴᴋɴᴡᴏɴ

commit sha 6b3cad1e5c85ebadd1d93c7b193d4f6b4d2d60eb

Update issue_template_patch_release.md

view details

push time in 6 hours

issue openedgogs/gogs

Release 0.12.2

Before release

On develop branch:

  • [ ] Update CHANGELOG to include entries for the current patch release.

During release

On release branch:

  • [ ] Cherry-pick commits from develop branch, git log v0.12.1...HEAD --pretty=format:'- [ ] %H %s' --reverse:
    • [ ] link to the commit
  • [ ] Wait for GitHub Actions to complete and no failed jobs.
  • [ ] Update the hard-coded version to the current release, e.g. 0.12.0 -> 0.12.1.
  • [ ] Publish a new GitHub release with entries from CHANGELOG for the current patch release and all previous releases with same minor version.
  • [ ] Update all previous GitHub releases with same minor version with the warning:
    **ℹ️ Heads up! There is a new patch release [0.12.1](https://github.com/gogs/gogs/releases/tag/v0.12.1) available, we recommend directly installing or upgrading to that version.**
    
  • [ ] Wait for a new Docker Hub tag for the current release to be created automatically.
  • [ ] Update Docker image tag for the minor release <MAJOR>.<MINOR>, e.g. 0.12.
  • [ ] Compile and pack binaries (all prefixed with gogs_<MAJOR>.<MINOR>.<PATCH>_, e.g. gogs_0.12.0_):
    • [ ] macOS: darwin_amd64.zip
    • [ ] Linux: linux_386.tar.gz, linux_386.zip, linux_amd64.tar.gz, linux_amd64.zip
    • [ ] ARM: linux_armv7.tar.gz, linux_armv7.zip
    • [ ] Windows: windows_amd64.zip, windows_amd64_mws.zip
  • [ ] Generate SHA256 checksum for all binaries to the file checksum_sha256.txt.
  • [ ] Upload all binaries to:
    • [ ] GitHub release
    • [ ] https://dl.gogs.io (also upload checksum_sha256.txt)
  • [ ] Build, push and tag a new Docker image for ARM to Docker Hub.

After release

On develop branch:

  • [ ] Update the repository mirror on Gitee.
  • [ ] Reply to the release topic for the minor release on Gogs Discussion.

created time in 7 hours

PR opened gogs/gogs

docs: update patch release issue template
+1 -1

0 comment

1 changed file

pr created time in 7 hours

create barnchgogs/gogs

branch : docs-patch-release

created branch time in 7 hours

push eventgogs/gogs

ᴜɴᴋɴᴡᴏɴ

commit sha b4abbf3ac83c4a19c99372f7fce4cbfe2ccd55d4

ci: enable Go for release branches

view details

push time in 7 hours

push eventgogs/gogs

ᴜɴᴋɴᴡᴏɴ

commit sha ca54cbd05502cd8679a7d7becd878bbb7e21664d

action: fix issue reference regexp and error handling (#6352)

view details

push time in 7 hours

push eventgogs/gogs

ᴜɴᴋɴᴡᴏɴ

commit sha 83a89127fdad6f551551b741c1a6967f13a02e8a

action: fix issue reference regexp and error handling (#6352)

view details

push time in 7 hours

delete branch gogs/gogs

delete branch : fix-issue-ref-pattern

delete time in 7 hours

PR merged gogs/gogs

action: fix issue reference regexp and error handling

Fixes https://github.com/gogs/gogs/issues/6289

Post merge

  • [ ] Cherry-pick to release/0.12.
+50 -29

0 comment

5 changed files

unknwon

pr closed time in 7 hours

issue closedgogs/gogs

Push declined with "invalid issue reference"

Affected versions

All

Description

When the commit message somehow has a match for the issue pattern regex, then it looks for # sign to be included, which is not always the case.

https://github.com/gogs/gogs/blob/b38139a85542389bc593b628fa032e5cc33ee814/internal/db/action.go#L62

Possible solutions

  1. (preferred) Instead of returning InvalidIssueReference, just return ErrIssueNotExist in GetIssueByRef.
  2. Make call sites to special case InvalidIssueReference.

Post merge

Backport to 0.12.

closed time in 7 hours

unknwon

push eventgogs/gogs

ᴜɴᴋɴᴡᴏɴ

commit sha b06af96e88026efeea5e0a6a806d301c09135ce1

Update CHANGELOG

view details

push time in 7 hours

push eventgogs/gogs

ᴜɴᴋɴᴡᴏɴ

commit sha 4ca260392b533db8b3faac5f0aa7fd713a60de1a

action: fix `IssueReferenceKeywordsPat` and error handling

view details

ᴜɴᴋɴᴡᴏɴ

commit sha 7fb648027eb3d2fc7bb9d3e65ad2498521d6837c

Add tests

view details

push time in 7 hours

PR opened gogs/gogs

action: fix issue reference regexp and error handling
+5 -26

0 comment

3 changed files

pr created time in 7 hours

create barnchgogs/gogs

branch : fix-issue-ref-pattern

created branch time in 7 hours

pull request commentsourcegraph/sourcegraph

Set the z-index for settings hover items

I reassigned to @sourcegraph/web team :)

flying-robot

comment created time in 10 hours

Pull request review commentsourcegraph/sourcegraph

RFC 213: UI changes on sign-in/sign-up form

 func SafeRedirectURL(urlStr string) string { 	u = &url.URL{Path: u.Path, RawQuery: u.RawQuery} 	return u.String() }++// Redirects to sign in page to display error messages after third-party auth errors.+//+// 🚨 SECURITY: The `message` must not contain any confidential information.+func ProviderErrorRedirect(w http.ResponseWriter, r *http.Request, message string) {+	http.Redirect(w, r, "/sign-in?auth_error="+message, http.StatusFound)

Just noticed the message might contain spaces, have you had chance to verify it works in major browsers? Otherwise, we might need to escape spaces ourselves here:

	http.Redirect(w, r, "/sign-in?auth_error="+url.QueryEscape(message), http.StatusFound)
tjkandala

comment created time in 11 hours

PullRequestReviewEvent
PullRequestReviewEvent

Pull request review commentsourcegraph/about

Explain how bounties are paid

 When we receive [a report of a security vulnerability](#how-to-report-a-security  -------------------------- +## How we pay out bounties++When a reported vulnerability is fixed, the security team will decide upon an appropriate bounty, and follow up with the reporter. A simple template response is++> We have fixed the vulnerability you reported in the following PR: $PRLINK+>This fix is included in the following versions of Sourcegraph: $SGVERSION++>A bounty of $BOUNTYVAL will be awarded. To pay the bounty, we require the following information:

nit: Just to make it crystal clear within the message since a recent reporter asked about it.

>A bounty of $BOUNTYVAL will be awarded. To pay the bounty through PayPal, we require the following information:
ElizabethStirling

comment created time in 11 hours

PullRequestReviewEvent
PullRequestReviewEvent

PR opened sourcegraph/sourcegraph

ripping saved_searches and secrets into its own branch to be PRed once unit tests exist

Encrypts and decrypts secrets columns in our database transparently.

Notes:

  • event_logs.argument is left out, see discussions in Slack.
  • repo.metadata is not encrypted because we normalized most of its value and decided not worth encrypting.

Co-authored-by: Dax McDonald 31839142+daxmc99@users.noreply.github.com

+396 -70

0 comment

19 changed files

pr created time in 11 hours

PR closed sourcegraph/sourcegraph

Reviewers
Transparent encryption and decryption for all tables that contain secrets or tokens

Encrypts and decrypts secrets columns in our database transparently.

Notes:

  • event_logs.argument is left out, see discussions in Slack.
  • repo.metadata is not encrypted because we normalized most of its value and decided not worth encrypting.
+396 -70

9 comments

19 changed files

daxmc99

pr closed time in 11 hours

pull request commentsourcegraph/sourcegraph

Transparent encryption and decryption for all tables that contain secrets or tokens

Closing this PR because it has too many history "noises", will create a fresh one for people to review.

daxmc99

comment created time in 11 hours

push eventsourcegraph/sourcegraph

ᴜɴᴋɴᴡᴏɴ

commit sha 41efc8b892ffc79209c560cc4a71218a72c852ab

secret: rename from secrets to avoid conflict with db.secrets (#14213)

view details

Joe Chen

commit sha 1abedd3d56cf112450cf6f128a645ab2ce292eb0

Merge branch 'main' of github.com:sourcegraph/sourcegraph into rfc196/encoding

view details

push time in 11 hours

push eventsourcegraph/sourcegraph

ᴜɴᴋɴᴡᴏɴ

commit sha 41efc8b892ffc79209c560cc4a71218a72c852ab

secret: rename from secrets to avoid conflict with db.secrets (#14213)

view details

push time in 11 hours

delete branch sourcegraph/sourcegraph

delete branch : rfc196/encoding-pkg-rename

delete time in 11 hours

PR merged sourcegraph/sourcegraph

Reviewers
secret: rename from secrets to avoid conflict with db.secrets

Simply rename internal/secrets to internal/secret to avoid import path rename in every single place because it conflicts with db.secrets variable.

This is a subset of #13759 and extracted here to have much smaller diff to review.

+8 -8

2 comments

7 changed files

unknwon

pr closed time in 11 hours

pull request commentsourcegraph/sourcegraph

secret: rename from secrets to avoid conflict with db.secrets

This is a harmless change so I'm merging it eagerly to unblock subsequent work. Happy to address any post-merge comments!

unknwon

comment created time in 11 hours

PR opened sourcegraph/sourcegraph

secret: rename from secrets to avoid conflict with db.secrets

Simply rename internal/secrets to internal/secret to avoid package rename in every single place because it conflicts with db.secrets variable.

This is a subset of #13759 and extracted here to have much smaller diff to review.

+8 -8

0 comment

7 changed files

pr created time in 11 hours

create barnchsourcegraph/sourcegraph

branch : rfc196/encoding-pkg-rename

created branch time in 11 hours

PR opened sourcegraph/sourcegraph

migrations: update go generate command

Alternative is to run go generate ./migrations/... but since it is the README of the frontend/ directory, I think this is more accurate.

+1 -1

0 comment

1 changed file

pr created time in 11 hours

create barnchsourcegraph/sourcegraph

branch : jc/update-migrations-readme

created branch time in 11 hours

push eventsourcegraph/sourcegraph

Quinn Slack

commit sha 37d4bc18bca41a7547ad07a42da3cf56260992fb

make RepogroupPage less noisy/self-serving (#14122) Hide the PrivateCodeCta on this page. Yes, it might make some people aware of our commercial offering, but if they love the product, they will find that out soon anyway.

view details

Quinn Slack

commit sha fc52b9e58965af2addd1d8afb9cc362583f6c63c

remove search scope pages (/search/scope/:id) (#14127) The search scope page was a page at `/search/scope/:id` (where `:id` is the ID of a search scope in settings) that displayed the name and description of the scope, plus a search bar that searched within the scope. It was never documented (other than in the settings JSON Schema), usage was very low on Sourcegraph.com (not surprisingly, because it was disabled in 2018), and we only used it at in-person conference booths more than a year ago. We don't have any data on whether customers use this feature, but given these factors, we can assume that they do not (and if we find out otherwise before the release, we can plan accordingly).

view details

Quinn Slack

commit sha 027882828ac7b8e10988e7c644732ff84c412ce9

do not show search scopes on main/repogroup search pages (#14128) Search scopes are still suggested as filters on the search results page, but they are no longer shown underneath the center search input on the main `/search` page or on repogroup search pages. These were not very useful. The default ones on Sourcegraph.com were: "Test code", "Non-test files", "JSON files", "Text documents", "Non-vendor code", and "Vendor code". If a user clicked on these from the `/search` page, they would get a bunch of fairly arbitrary results; none were useful as the first step in a search. Usage was low. Also, they conflicted with the much more useful repogroups and other search examples, which are much more effective at helping a user start their first search. On self-hosted instances, the recommended replacement (mentioned in the CHANGELOG.md) is better because it lets you define useful links to show on the homepage without also showing those links as suggested filters on every search (where they are unlikely to be relevant).

view details

Quinn Slack

commit sha 1801461fcb5b25ff1361d830c2486c06cb5a24ec

remove explore page (#7363)

view details

renovate[bot]

commit sha 7932d2c48f296e99476d38ed93e184fc8ac5118b

Update dependency autoprefixer to ^9.8.6 (#12612) Co-authored-by: Renovate Bot <bot@renovateapp.com>

view details

Quinn Slack

commit sha d6dadf92cd915d46737c46abd973dfecb8cbb66c

disable interactive search (splitSearchModes) by default (#14149) Switches the default back to interactive search mode being disabled. The plain text search input (using Monaco) has gotten a lot smarter since we introduced interactive search mode, and interactive search mode has seen fairly low usage as a % of all searches. See https://sourcegraph.slack.com/archives/CHEKCRWKV/p1600450926015300?thread_ts=1600443200.010300 for discussion about potentially completely removing interactive search mode in the future. For now, it's still there, but it's disabled by default.

view details

Quinn Slack

commit sha 356846eeaacf8a6d6445f72d3e4fccd232ea571c

ignore https errors when running e2e/integration tests (#14151) We use https for local dev, but our self-signed certificates aren't trusted by all systems reliably (despite Caddy's best efforts at making this smooth). A common case is where you're developing in Chrome and you've manually accepted the cert, but your system doesn't trust it systemwide. In that case, the e2e and integration tests will fail because the vendored Chromium/Firefox doesn't trust your cert. This ignoreHTTPSErrors setting is necessary to run the tests in that case (and bypass the `Error: net::ERR_CERT_AUTHORITY_INVALID at https://sourcegraph.test:3443` error in the test output) I can't think of a realistic downside to setting this, and it will probably save people many minutes here and there.

view details

Erik Seliger

commit sha a86e438308a7a506815f92bd63557bf0bd78fc16

Don't skip pipelines and notes already seen (#14129) This optimization caused problems, because we cannot ensure that resources beyond that timestamp never get updated, and in fact, they do. Hence the Pipelines would never get into their final state, because a refetch would not happen. Also, there were some state mappings missing in the GitlabPipelineState -> ChangesetCheckstate conversion.

view details

ᴜɴᴋɴᴡᴏɴ

commit sha 60fe30140dd5fbfa1ffee84aeed00ff32f622285

gqltest: re-enable external service tests (#14156)

view details

Erik Seliger

commit sha 92547c0299986418512c45d53a8451c7ff712192

Switch to new recommended graphql extension (#14139) Also features more features, like syntax support for implementing multiple interfaces and go to definition.

view details

davejrt

commit sha 75b0385a1c3e51a2d29b8e3a915d7d591f925b63

Dt/e2e (#14118) * add e2e tests in vagrant

view details

Erik Seliger

commit sha ccfd3f4f61e8b4c6a4a910523a17ff9c19117203

Trigger tracking issue syncer on PR events as well (#14158) Since PRs can be included in tracking issues, they should also trigger the syncer. Sadly, no (de)milestoned events for PRs :-[

view details

Eric Fritz

commit sha 923013f8a35b1fa575d60b996873991b6caf3075

tracking-issue: Nest unlinked PRs under the closest tracking issue (#14108)

view details

davejrt

commit sha 6c1129a741dfbe02d09de459e38c60cbf4a14be4

run tests on baremetal (#14160)

view details

Juliana Peña

commit sha 628b5e0e27bb0229c39f4931ce0d2339cc4b08e5

search: enable panels in sourcegraph.com under the experimental feature flag (#14125)

view details

davejrt

commit sha 282cb6bc5ef0b80906531a92fc13613d40261599

pipeline baremetal (#14162) * run tests on baremetal

view details

Juliana Peña

commit sha 2d20c7fcff683fbf7684af66f28c889ed42c876b

search: log telemetry for enterprise home panels (#14109) Fixes #14002

view details

Erik Seliger

commit sha 4ebdb9a3a204bbfc9e5e0f4869aaeb6c2204f047

Fix another flaky campaigns story (#14161)

view details

Eric Fritz

commit sha 645c7cb65eb6f639d5eaf5b6209015413f1d0ce2

db: Add sql.TxOptions to basestore (#14061)

view details

Eric Fritz

commit sha 1f5d286bd32ba00d9ff7ac2c74bc9c16277c86db

tracking-issue: Order finished work chronologically (#14124)

view details

push time in 11 hours

push eventsourcegraph/sourcegraph

ᴜɴᴋɴᴡᴏɴ

commit sha b108f7bd26bb3da7376e8691d79f728d27db73c4

secrets: add scanners for transparent encryption and decryption (#14191)

view details

push time in 11 hours

PR merged sourcegraph/sourcegraph

Reviewers
secrets: add scanners for transparent encryption and decryption

Add two types in secrets package: StringValue and NullStringValue, both implements sql.Scanner and driver.Valuer for "automatic" encryption and decryption during DB scan and write time.

This is a subset of #13759 and extracted here to have much smaller diff to review.

+186 -12

2 comments

4 changed files

unknwon

pr closed time in 11 hours

pull request commentsourcegraph/sourcegraph

secrets: add scanners for transparent encryption and decryption

Thank you both for the quick reviews! @asdine @tsenart, merging 🎉

unknwon

comment created time in 11 hours

Pull request review commentsourcegraph/sourcegraph

Do not display tokens in the Mirroring page (#13852)

 All notable changes to Sourcegraph are documented in this file.  - The new GraphQL API query field `namespaceByName(name: String!)` makes it easier to look up the user or organization with the given name. Previously callers needed to try looking up the user and organization separately. +### Changed++- Tokens and similar sensitive information included in the userinfo portion of remote repository URLs will no longer be visible on the Mirroring settings page [#14153](https://github.com/sourcegraph/sourcegraph/pull/14153).

nit: we end sentences with a period before the issue/PR link.

-- Tokens and similar sensitive information included in the userinfo portion of remote repository URLs will no longer be visible on the Mirroring settings page [#14153](https://github.com/sourcegraph/sourcegraph/pull/14153).
+- Tokens and similar sensitive information included in the userinfo portion of remote repository URLs will no longer be visible on the Mirroring settings page. [#14153](https://github.com/sourcegraph/sourcegraph/pull/14153)
flying-robot

comment created time in a day

PullRequestReviewEvent
PullRequestReviewEvent

Pull request review commentsourcegraph/sourcegraph

Simplify usage of StringValue

 func TestScanner(t *testing.T) { 		t.Skip() 	} +	ctx := context.Background()+ 	dbtesting.SetupGlobalTestDB(t) 	defaultEncryptor = newAESGCMEncodedEncryptor(mustGenerateRandomAESKey(), nil)  	t.Run("base", func(t *testing.T) { 		message := "Able was I ere I saw Elba"-		encryptedMessage := StringValue(message)+		esMessage := StringValue{S: &message} -		_, err := dbconn.Global.Exec(`CREATE TABLE IF NOT EXISTS secret_scanner_test(name text, message text)`)+		_, err := dbconn.Global.ExecContext(ctx, `CREATE TABLE IF NOT EXISTS secret_scanner_test(name text, message text)`) 		if err != nil { 			t.Fatal(err) 		} -		_, err = dbconn.Global.Exec(`INSERT INTO secret_scanner_test(name,message) VALUES ($1,$2)`, t.Name(), encryptedMessage)+		_, err = dbconn.Global.ExecContext(ctx, `INSERT INTO secret_scanner_test(name,message) VALUES ($1,$2)`, t.Name(), esMessage) 		if err != nil { 			t.Fatal(err) 		} -		rows, err := dbconn.Global.Query(`SELECT name,message FROM secret_scanner_test`)+		var gotName string+		var gotMessage string+		err = dbconn.Global.QueryRowContext(ctx, `SELECT name,message FROM secret_scanner_test`).+			Scan(&gotName, &StringValue{S: &gotMessage}) 		if err != nil { 			t.Fatal(err) 		}-		defer rows.Close()--		var gotName string-		var gotEncryptedMessage StringValue-		for rows.Next() {-			if err := rows.Scan(&gotName, &gotEncryptedMessage); err != nil {-				t.Fatal(err)-			}-		}  		if gotName != t.Name() { 			t.Fatalf("expected %q, got %q for name", t.Name(), gotName) 		}-		if gotEncryptedMessage != encryptedMessage {-			t.Fatalf("expected %q, got %q", encryptedMessage, gotEncryptedMessage)+		if gotMessage != message {+			t.Fatalf("expected %q, got %q", message, gotMessage) 		} 	})  	t.Run("null example", func(t *testing.T) {--		_, err := dbconn.Global.Exec(`CREATE TABLE IF NOT EXISTS secret_null_test(name text, message text)`)+		_, err := dbconn.Global.ExecContext(ctx, `CREATE TABLE IF NOT EXISTS secret_null_test(name text, message text)`) 		if err != nil { 			t.Fatal(err) 		} -		nullMessage := NullStringValue{}-		_, err = dbconn.Global.Exec(`INSERT INTO secret_null_test(name, message) VALUES ($1,$2)`, t.Name(), nullMessage)+		_, err = dbconn.Global.ExecContext(ctx, `INSERT INTO secret_null_test(name, message) VALUES ($1, $2)`, t.Name(), NullStringValue{}) 		if err != nil { 			t.Fatal(err) 		} -		rows, err := dbconn.Global.Query(`SELECT name,message FROM secret_null_test`)+		var gotName string+		var gotMessage string+		esMessage := NullStringValue{S: &gotMessage}+		err = dbconn.Global.QueryRowContext(ctx, `SELECT name,message FROM secret_null_test`).+			Scan(&gotName, &esMessage) 		if err != nil { 			t.Fatal(err) 		}-		defer rows.Close()

I believe it is handled inside the QueryRowContext because we're only getting a single row, i.e. once the row is there, no point for QueryRowContext to keep the underlying rows open.

unknwon

comment created time in a day

PullRequestReviewEvent

issue openedsourcegraph/sourcegraph

GitHub organization membership is not enforced when configured multiple auth providers

If the site admin configures multiple auth providers using GitHub OAuth, the "allowOrgs" is not taking effect.

Example config:

{
  "auth.providers": [
    {
      "displayName": "GitHub.com",
      "type": "github",
      "clientID": "<REDACTED>",
      "clientSecret": "<REDACTED>"
    },
    {
      "type": "github",
      "url": "",
      "displayName": "GitHub Enterprise Cloud",
      "clientID": "<REDACTED>",
      "clientSecret": "<REDACTED>",
      "allowSignup": true,
      "allowOrgs": [
        "sourcegraph-enterprise-test"
      ]
    }
  ],
}

Remove the first one that has no "allowOrgs" then it works as expected.

created time in a day

issue commentsourcegraph/sourcegraph

RFC-214: Eyeball validate data being encrypted in the database

Closed in favor of https://github.com/sourcegraph/sourcegraph/issues/14192

unknwon

comment created time in a day

push eventsourcegraph/sourcegraph

Joe Chen

commit sha f1f297609ea8d9a73ef782edf1e53be9757c3a52

secret: add scanners for transparent encryption and decryption

view details

push time in 2 days

PR opened sourcegraph/sourcegraph

secrets: add scanners for transparent encryption and decryption

Add two types in secrets package: StringValue and NullStringValue, both implements sql.Scanner and driver.Valuer for "automatic" encryption and decryption during DB scan and store time.

This is a subset of #13759 and extracted here to have much smaller diff to review.

+186 -12

0 comment

4 changed files

pr created time in 2 days

create barnchsourcegraph/sourcegraph

branch : rfc196/encoding-scanner

created branch time in 2 days

Pull request review commentsourcegraph/sourcegraph

Transparent encryption and decryption for all tables that contain secrets or tokens

 func (s *savedSearches) ListSavedSearchesByOrgID(ctx context.Context, orgID int3 	} 	for rows.Next() { 		var ss types.SavedSearch-		if err := rows.Scan(&ss.ID, &ss.Description, &ss.Query, &ss.Notify, &ss.NotifySlack, &ss.UserID, &ss.OrgID, &ss.SlackWebhookURL); err != nil {+		var es secret.StringValue+		if err := rows.Scan(&ss.ID, &ss.Description, &es, &ss.Notify, &ss.NotifySlack, &ss.UserID, &ss.OrgID, &ss.SlackWebhookURL); err != nil {

Addressed in https://github.com/sourcegraph/sourcegraph/pull/13759/commits/8088062a92659e6bc31ed9acf8686ad71a5a15d7.

daxmc99

comment created time in 2 days

PullRequestReviewEvent
PullRequestReviewEvent

pull request commentsourcegraph/sourcegraph

Do not display tokens in the Mirroring page (#13852)

Don't forget other formats of the clone URL (e.g. ssh://).

@unknwon right on - as an example, is it meaningful in this case to transform ssh://git@example.com/my/repo => ssh://example.com/my/repo, or are we just focused on the basic auth case for HTTP/S and ensuring we don't break the display for other varieties?

@flying-robot Hmm, it could be rare but I think ssh://git:password@example.com/my/repo is a valid clone URL?

flying-robot

comment created time in 2 days

push eventsourcegraph/sourcegraph

ᴜɴᴋɴᴡᴏɴ

commit sha 60fe30140dd5fbfa1ffee84aeed00ff32f622285

gqltest: re-enable external service tests (#14156)

view details

push time in 2 days

delete branch sourcegraph/sourcegraph

delete branch : master-dry-run/enable-external-service-tests

delete time in 2 days

more