Fix actions lint (#36029)

actionlint since https://github.com/rhysd/actionlint/releases/tag/v1.7.9
detects constant conditions and this workflow was being disabled in
58d2a87c6c
by such a condition which made the lint fail:


https://github.com/go-gitea/gitea/actions/runs/19673752806/job/56349128912?pr=36028

Instead, remove the whole workflow file. I'm sure we can re-create it if
the need arises.

Also, I locked the actionlint dependency to prevent similar surprises in
the future.

.github/workflows/pull-e2e-tests.yml

@@ -1,35 +0,0 @@
-name: e2e-tests
-
-on:
-  pull_request:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  files-changed:
-    uses: ./.github/workflows/files-changed.yml
-
-  test-e2e:
-    # the "test-e2e" won't pass, and it seems that there is no useful test, so skip
-    # if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.frontend == 'true' || needs.files-changed.outputs.actions == 'true'
-    if: false
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v5
-      - uses: actions/setup-go@v6
-        with:
-          go-version-file: go.mod
-          check-latest: true
-      - uses: pnpm/action-setup@v4
-      - uses: actions/setup-node@v5
-        with:
-          node-version: 24
-      - run: make deps-frontend frontend deps-backend
-      - run: pnpm exec playwright install --with-deps
-      - run: make test-e2e-sqlite
-        timeout-minutes: 40
-        env:
-          USE_REPO_TEST_DIR: 1

Makefile

@@ -39,7 +39,7 @@ SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.33.1
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
 GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1
-ACTIONLINT_PACKAGE ?= github.com/rhysd/actionlint/cmd/actionlint@v1
+ACTIONLINT_PACKAGE ?= github.com/rhysd/actionlint/cmd/actionlint@v1.7.9
 GOPLS_PACKAGE ?= golang.org/x/tools/gopls@v0.20.0
 
 DOCKER_IMAGE ?= gitea/gitea

go.mod

@@ -17,7 +17,7 @@ require (
 	gitea.com/go-chi/binding v0.0.0-20240430071103-39a851e106ed
 	gitea.com/go-chi/cache v0.2.1
 	gitea.com/go-chi/captcha v0.0.0-20240315150714-fb487f629098
-	gitea.com/go-chi/session v0.0.0-20250926004215-636cadd82e15
+	gitea.com/go-chi/session v0.0.0-20251124165456-68e0254e989e
 	gitea.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96
 	gitea.com/lunny/levelqueue v0.4.2-0.20230414023320-3c0159fe0fe4
 	github.com/42wim/httpsig v1.2.3

go.sum

@@ -41,8 +41,8 @@ gitea.com/go-chi/cache v0.2.1 h1:bfAPkvXlbcZxPCpcmDVCWoHgiBSBmZN/QosnZvEC0+g=
 gitea.com/go-chi/cache v0.2.1/go.mod h1:Qic0HZ8hOHW62ETGbonpwz8WYypj9NieU9659wFUJ8Q=
 gitea.com/go-chi/captcha v0.0.0-20240315150714-fb487f629098 h1:p2ki+WK0cIeNQuqjR98IP2KZQKRzJJiV7aTeMAFwaWo=
 gitea.com/go-chi/captcha v0.0.0-20240315150714-fb487f629098/go.mod h1:LjzIOHlRemuUyO7WR12fmm18VZIlCAaOt9L3yKw40pk=
-gitea.com/go-chi/session v0.0.0-20250926004215-636cadd82e15 h1:qFYmz05u/s9664o7+XEgrlHXSPQ4uHO8/ccZGUb1uxA=
-gitea.com/go-chi/session v0.0.0-20250926004215-636cadd82e15/go.mod h1:0iEpFKnwO5dG0aF98O4eq6FMsAiXkNBaDIlUOlq4BtM=
+gitea.com/go-chi/session v0.0.0-20251124165456-68e0254e989e h1:4bugwPyGMLvblEm3pZ8fZProSPVxE4l0UXF2Kv6IJoY=
+gitea.com/go-chi/session v0.0.0-20251124165456-68e0254e989e/go.mod h1:KDvcfMUoXfATPHs2mbMoXFTXT45/FAFAS39waz9tPk0=
 gitea.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96 h1:+wWBi6Qfruqu7xJgjOIrKVQGiLUZdpKYCZewJ4clqhw=
 gitea.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96/go.mod h1:VyMQP6ue6MKHM8UsOXfNfuMKD0oSAWZdXVcpHIN2yaY=
 gitea.com/lunny/levelqueue v0.4.2-0.20230414023320-3c0159fe0fe4 h1:IFT+hup2xejHqdhS7keYWioqfmxdnfblFDTGoOwcZ+o=

modules/auth/webauthn/webauthn.go

@@ -22,7 +22,7 @@ var WebAuthn *webauthn.WebAuthn
 
 // Init initializes the WebAuthn instance from the config.
 func Init() {
-	gob.Register(&webauthn.SessionData{})
+	gob.Register(&webauthn.SessionData{}) // TODO: CHI-SESSION-GOB-REGISTER.
 
 	appURL, _ := protocol.FullyQualifiedOrigin(setting.AppURL)
 

routers/api/packages/container/container.go

@@ -290,8 +290,8 @@ func PostBlobsUploads(ctx *context.Context) {
 				Creator: ctx.Doer,
 			},
 		); err != nil {
-			switch err {
-			case packages_service.ErrQuotaTotalCount, packages_service.ErrQuotaTypeSize, packages_service.ErrQuotaTotalSize:
+			switch {
+			case errors.Is(err, packages_service.ErrQuotaTotalCount), errors.Is(err, packages_service.ErrQuotaTypeSize), errors.Is(err, packages_service.ErrQuotaTotalSize):
 				apiError(ctx, http.StatusForbidden, err)
 			default:
 				apiError(ctx, http.StatusInternalServerError, err)
@@ -439,8 +439,8 @@ func PutBlobsUpload(ctx *context.Context) {
 			Creator: ctx.Doer,
 		},
 	); err != nil {
-		switch err {
-		case packages_service.ErrQuotaTotalCount, packages_service.ErrQuotaTypeSize, packages_service.ErrQuotaTotalSize:
+		switch {
+		case errors.Is(err, packages_service.ErrQuotaTotalCount), errors.Is(err, packages_service.ErrQuotaTypeSize), errors.Is(err, packages_service.ErrQuotaTotalSize):
 			apiError(ctx, http.StatusForbidden, err)
 		default:
 			apiError(ctx, http.StatusInternalServerError, err)
@@ -592,13 +592,10 @@ func PutManifest(ctx *context.Context) {
 			apiErrorDefined(ctx, namedError)
 		} else if errors.Is(err, container_model.ErrContainerBlobNotExist) {
 			apiErrorDefined(ctx, errBlobUnknown)
+		} else if errors.Is(err, packages_service.ErrQuotaTotalCount) || errors.Is(err, packages_service.ErrQuotaTypeSize) || errors.Is(err, packages_service.ErrQuotaTotalSize) {
+			apiError(ctx, http.StatusForbidden, err)
 		} else {
-			switch err {
-			case packages_service.ErrQuotaTotalCount, packages_service.ErrQuotaTypeSize, packages_service.ErrQuotaTotalSize:
-				apiError(ctx, http.StatusForbidden, err)
-			default:
-				apiError(ctx, http.StatusInternalServerError, err)
-			}
+			apiError(ctx, http.StatusInternalServerError, err)
 		}
 		return
 	}

routers/api/packages/container/manifest.go

@@ -82,9 +82,11 @@ type processManifestTxRet struct {
 }
 
 func handleCreateManifestResult(ctx context.Context, err error, mci *manifestCreationInfo, contentStore *packages_module.ContentStore, txRet *processManifestTxRet) (string, error) {
-	if err != nil && txRet.created && txRet.pb != nil {
-		if err := contentStore.Delete(packages_module.BlobHash256Key(txRet.pb.HashSHA256)); err != nil {
-			log.Error("Error deleting package blob from content store: %v", err)
+	if err != nil {
+		if txRet.created && txRet.pb != nil {
+			if err := contentStore.Delete(packages_module.BlobHash256Key(txRet.pb.HashSHA256)); err != nil {
+				log.Error("Error deleting package blob from content store: %v", err)
+			}
 		}
 		return "", err
 	}
@@ -198,14 +200,14 @@ func processOciImageIndex(ctx context.Context, mci *manifestCreationInfo, buf *p
 				if errors.Is(err, container_model.ErrContainerBlobNotExist) {
 					return errManifestBlobUnknown
 				}
-				return err
+				return fmt.Errorf("GetContainerBlob: %w", err)
 			}
 
 			size, err := packages_model.CalculateFileSize(ctx, &packages_model.PackageFileSearchOptions{
 				VersionID: pfd.File.VersionID,
 			})
 			if err != nil {
-				return err
+				return fmt.Errorf("CalculateFileSize: %w", err)
 			}
 
 			metadata.Manifests = append(metadata.Manifests, &container_module.Manifest{
@@ -217,7 +219,7 @@ func processOciImageIndex(ctx context.Context, mci *manifestCreationInfo, buf *p
 
 		pv, err := createPackageAndVersion(ctx, mci, metadata)
 		if err != nil {
-			return err
+			return fmt.Errorf("createPackageAndVersion: %w", err)
 		}
 
 		txRet.pv = pv
@@ -240,7 +242,7 @@ func createPackageAndVersion(ctx context.Context, mci *manifestCreationInfo, met
 	if p, err = packages_model.TryInsertPackage(ctx, p); err != nil {
 		if !errors.Is(err, packages_model.ErrDuplicatePackage) {
 			log.Error("Error inserting package: %v", err)
-			return nil, err
+			return nil, fmt.Errorf("TryInsertPackage: %w", err)
 		}
 		created = false
 	}
@@ -248,7 +250,7 @@ func createPackageAndVersion(ctx context.Context, mci *manifestCreationInfo, met
 	if created {
 		if _, err := packages_model.InsertProperty(ctx, packages_model.PropertyTypePackage, p.ID, container_module.PropertyRepository, strings.ToLower(mci.Owner.LowerName+"/"+mci.Image)); err != nil {
 			log.Error("Error setting package property: %v", err)
-			return nil, err
+			return nil, fmt.Errorf("InsertProperty(PropertyRepository): %w", err)
 		}
 	}
 
@@ -256,7 +258,7 @@ func createPackageAndVersion(ctx context.Context, mci *manifestCreationInfo, met
 
 	metadataJSON, err := json.Marshal(metadata)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("json.Marshal(metadata): %w", err)
 	}
 
 	// "docker buildx imagetools create" multi-arch operations:
@@ -276,43 +278,43 @@ func createPackageAndVersion(ctx context.Context, mci *manifestCreationInfo, met
 	pv, err := packages_model.GetOrInsertVersion(ctx, _pv)
 	if err != nil {
 		if !errors.Is(err, packages_model.ErrDuplicatePackageVersion) {
-			log.Error("Error inserting package: %v", err)
-			return nil, err
+			log.Error("Error GetOrInsertVersion (first try) package: %v", err)
+			return nil, fmt.Errorf("GetOrInsertVersion: first try: %w", err)
 		}
 		if err = packages_service.DeletePackageVersionAndReferences(ctx, pv); err != nil {
-			return nil, err
+			return nil, fmt.Errorf("DeletePackageVersionAndReferences: %w", err)
 		}
 		// keep download count on overwriting
 		_pv.DownloadCount = pv.DownloadCount
 		pv, err = packages_model.GetOrInsertVersion(ctx, _pv)
 		if err != nil {
 			if !errors.Is(err, packages_model.ErrDuplicatePackageVersion) {
-				log.Error("Error inserting package: %v", err)
-				return nil, err
+				log.Error("Error GetOrInsertVersion (second try) package: %v", err)
+				return nil, fmt.Errorf("GetOrInsertVersion: second try: %w", err)
 			}
 		}
 	}
 
 	if err := packages_service.CheckCountQuotaExceeded(ctx, mci.Creator, mci.Owner); err != nil {
-		return nil, err
+		return nil, fmt.Errorf("CheckCountQuotaExceeded: %w", err)
 	}
 
 	if mci.IsTagged {
 		if err = packages_model.InsertOrUpdateProperty(ctx, packages_model.PropertyTypeVersion, pv.ID, container_module.PropertyManifestTagged, ""); err != nil {
-			return nil, err
+			return nil, fmt.Errorf("InsertOrUpdateProperty(ManifestTagged): %w", err)
 		}
 	} else {
 		if err = packages_model.DeletePropertiesByName(ctx, packages_model.PropertyTypeVersion, pv.ID, container_module.PropertyManifestTagged); err != nil {
-			return nil, err
+			return nil, fmt.Errorf("DeletePropertiesByName(ManifestTagged): %w", err)
 		}
 	}
 
 	if err = packages_model.DeletePropertiesByName(ctx, packages_model.PropertyTypeVersion, pv.ID, container_module.PropertyManifestReference); err != nil {
-		return nil, err
+		return nil, fmt.Errorf("DeletePropertiesByName(ManifestReference): %w", err)
 	}
 	for _, manifest := range metadata.Manifests {
 		if _, err = packages_model.InsertProperty(ctx, packages_model.PropertyTypeVersion, pv.ID, container_module.PropertyManifestReference, manifest.Digest); err != nil {
-			return nil, err
+			return nil, fmt.Errorf("InsertProperty(ManifestReference): %w", err)
 		}
 	}
 

routers/common/middleware.go

@@ -5,6 +5,7 @@ package common
 
 import (
 	"fmt"
+	"log"
 	"net/http"
 	"strings"
 
@@ -107,7 +108,11 @@ func ForwardedHeadersHandler(limit int, trustedProxies []string) func(h http.Han
 	return proxy.ForwardedHeaders(opt)
 }
 
-func Sessioner() (func(next http.Handler) http.Handler, error) {
+func MustInitSessioner() func(next http.Handler) http.Handler {
+	// TODO: CHI-SESSION-GOB-REGISTER: chi-session has a design problem: it calls gob.Register for "Set"
+	// But if the server restarts, then the first "Get" will fail to decode the previously stored session data because the structs are not registered yet.
+	// So each package should make sure their structs are registered correctly during startup for session storage.
+
 	middleware, err := session.Sessioner(session.Options{
 		Provider:       setting.SessionConfig.Provider,
 		ProviderConfig: setting.SessionConfig.ProviderConfig,
@@ -120,8 +125,7 @@ func Sessioner() (func(next http.Handler) http.Handler, error) {
 		Domain:         setting.SessionConfig.Domain,
 	})
 	if err != nil {
-		return nil, fmt.Errorf("failed to create session middleware: %w", err)
+		log.Fatalf("common.Sessioner failed: %v", err)
 	}
-
-	return middleware, nil
+	return middleware
 }

routers/install/install.go

@@ -55,8 +55,8 @@ func getSupportedDbTypeNames() (dbTypeNames []map[string]string) {
 	return dbTypeNames
 }
 
-// Contexter prepare for rendering installation page
-func Contexter() func(next http.Handler) http.Handler {
+// installContexter prepare for rendering installation page
+func installContexter() func(next http.Handler) http.Handler {
 	rnd := templates.HTMLRenderer()
 	dbTypeNames := getSupportedDbTypeNames()
 	envConfigKeys := setting.CollectEnvConfigKeys()

routers/install/routes.go

@@ -8,7 +8,6 @@ import (
 	"html"
 	"net/http"
 
-	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/public"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/web"
@@ -25,11 +24,8 @@ func Routes() *web.Router {
 	base.Methods("GET, HEAD", "/assets/*", public.FileHandlerFunc())
 
 	r := web.NewRouter()
-	if sessionMid, err := common.Sessioner(); err == nil && sessionMid != nil {
-		r.Use(sessionMid, Contexter())
-	} else {
-		log.Fatal("common.Sessioner failed: %v", err)
-	}
+	r.Use(common.MustInitSessioner(), installContexter())
+
 	r.Get("/", Install) // it must be on the root, because the "install.js" use the window.location to replace the "localhost" AppURL
 	r.Post("/", web.Bind(forms.InstallForm{}), SubmitInstall)
 	r.Get("/post-install", InstallDone)

routers/web/auth/oauth.go

@@ -277,8 +277,11 @@ type LinkAccountData struct {
 	GothUser     goth.User
 }
 
+func init() {
+	gob.Register(LinkAccountData{}) // TODO: CHI-SESSION-GOB-REGISTER
+}
+
 func oauth2GetLinkAccountData(ctx *context.Context) *LinkAccountData {
-	gob.Register(LinkAccountData{})
 	v, ok := ctx.Session.Get("linkAccountData").(LinkAccountData)
 	if !ok {
 		return nil
@@ -287,7 +290,6 @@ func oauth2GetLinkAccountData(ctx *context.Context) *LinkAccountData {
 }
 
 func Oauth2SetLinkAccountData(ctx *context.Context, linkAccountData LinkAccountData) error {
-	gob.Register(LinkAccountData{})
 	return updateSession(ctx, nil, map[string]any{
 		"linkAccountData": linkAccountData,
 	})

routers/web/web.go

@@ -267,11 +267,7 @@ func Routes() *web.Router {
 	routes.Get("/ssh_info", misc.SSHInfo)
 	routes.Get("/api/healthz", healthcheck.Check)
 
-	if sessionMid, err := common.Sessioner(); err == nil && sessionMid != nil {
-		mid = append(mid, sessionMid, context.Contexter())
-	} else {
-		log.Fatal("common.Sessioner failed: %v", err)
-	}
+	mid = append(mid, common.MustInitSessioner(), context.Contexter())
 
 	// Get user from session if logged in.
 	mid = append(mid, webAuth(buildAuthGroup()))

services/auth/source/oauth2/init.go

@@ -22,9 +22,6 @@ import (
 
 var gothRWMutex = sync.RWMutex{}
 
-// UsersStoreKey is the key for the store
-const UsersStoreKey = "gitea-oauth2-sessions"
-
 // ProviderHeaderKey is the HTTP header key
 const ProviderHeaderKey = "gitea-oauth2-provider"
 
@@ -33,7 +30,7 @@ func Init(ctx context.Context) error {
 	// Lock our mutex
 	gothRWMutex.Lock()
 
-	gob.Register(&sessions.Session{})
+	gob.Register(&sessions.Session{}) // TODO: CHI-SESSION-GOB-REGISTER. FIXME: it seems to be an abuse, why the Session struct itself is stored in session store again?
 
 	gothic.Store = &SessionsStore{
 		maxLength: int64(setting.OAuth2.MaxTokenLength),

tests/e2e/README.md

@@ -17,13 +17,7 @@ make clean frontend
 
 ## Install playwright system dependencies
 ```
-npx playwright install-deps
-```
-
-
-## Run all tests via local act_runner
-```
-act_runner exec -W ./.github/workflows/pull-e2e-tests.yml --event=pull_request --default-actions-url="https://github.com" -i catthehacker/ubuntu:runner-latest
+pnpm exec playwright install-deps
 ```
 
 ## Run sqlite e2e tests
@@ -85,8 +79,8 @@ TEST_MSSQL_HOST=localhost:1433 TEST_MSSQL_DBNAME=test TEST_MSSQL_USERNAME=sa TES
 
 Although the main goal of e2e is assertion testing, we have added a framework for visual regress testing. If you are working on front-end features, please use the following:
  - Check out `main`, `make clean frontend`, and run e2e tests with `VISUAL_TEST=1` to generate outputs. This will initially fail, as no screenshots exist. You can run the e2e tests again to assert it passes.
- - Check out your branch, `make clean frontend`, and run e2e tests with `VISUAL_TEST=1`. You should be able to assert you front-end changes don't break any other tests unintentionally. 
+ - Check out your branch, `make clean frontend`, and run e2e tests with `VISUAL_TEST=1`. You should be able to assert you front-end changes don't break any other tests unintentionally.
 
-VISUAL_TEST=1 will create screenshots in tests/e2e/test-snapshots. The test will fail the first time this is enabled (until we get visual test image persistence figured out), because it will be testing against an empty screenshot folder. 
+VISUAL_TEST=1 will create screenshots in tests/e2e/test-snapshots. The test will fail the first time this is enabled (until we get visual test image persistence figured out), because it will be testing against an empty screenshot folder.
 
 ACCEPT_VISUAL=1 will overwrite the snapshot images with new images.