Merge remote-tracking branch 'giteaofficial/main'

* giteaofficial/main:
  Fix possible bug when migrating issues/pull requests (go-gitea#33487)
  allow action user have read permission in public repo like other user (go-gitea#36095)
  [skip ci] Updated translations via Crowdin

Author: zjjhot

models/perm/access/repo_permission.go

@@ -276,8 +276,14 @@ func GetActionsUserRepoPermission(ctx context.Context, repo *repo_model.Reposito
 		if !actionsCfg.IsCollaborativeOwner(taskRepo.OwnerID) || !taskRepo.IsPrivate {
 			// The task repo can access the current repo only if the task repo is private and
 			// the owner of the task repo is a collaborative owner of the current repo.
-			// FIXME allow public repo read access if tokenless pull is enabled
 			// FIXME should owner's visibility also be considered here?
+
+			// check permission like simple user but limit to read-only
+			perm, err = GetUserRepoPermission(ctx, repo, user_model.NewActionsUser())
+			if err != nil {
+				return perm, err
+			}
+			perm.AccessMode = min(perm.AccessMode, perm_model.AccessModeRead)
 			return perm, nil
 		}
 		accessMode = perm_model.AccessModeRead

options/locale/locale_ga-IE.ini

@@ -215,6 +215,7 @@ more=Níos mó
 buttons.heading.tooltip=Cuir ceannteideal leis
 buttons.bold.tooltip=Cuir téacs trom leis
 buttons.italic.tooltip=Cuir téacs iodálach leis
+buttons.strikethrough.tooltip=Cuir téacs trína chéile
 buttons.quote.tooltip=Téacs luaigh
 buttons.code.tooltip=Cuir cód leis
 buttons.link.tooltip=Cuir nasc leis

options/locale/locale_pt-PT.ini

@@ -215,6 +215,7 @@ more=Mais
 buttons.heading.tooltip=Adicionar cabeçalho
 buttons.bold.tooltip=Adicionar texto em negrito
 buttons.italic.tooltip=Adicionar texto em itálico
+buttons.strikethrough.tooltip=Adicionar texto rasurado
 buttons.quote.tooltip=Citar texto
 buttons.code.tooltip=Adicionar código-fonte
 buttons.link.tooltip=Adicionar uma ligação

services/migrations/migrate.go

@@ -16,6 +16,7 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	system_model "code.gitea.io/gitea/models/system"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/container"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/hostmatcher"
 	"code.gitea.io/gitea/modules/log"
@@ -327,6 +328,9 @@ func migrateRepository(ctx context.Context, doer *user_model.User, downloader ba
 		messenger("repo.migrate.migrating_issues")
 		issueBatchSize := uploader.MaxBatchInsertSize("issue")
 
+		// because when the migrating is running, some issues maybe removed, so after the next page
+		// some of issue maybe duplicated, so we need to record the inserted issue indexes
+		mapInsertedIssueIndexes := container.Set[int64]{}
 		for i := 1; ; i++ {
 			issues, isEnd, err := downloader.GetIssues(ctx, i, issueBatchSize)
 			if err != nil {
@@ -336,6 +340,14 @@ func migrateRepository(ctx context.Context, doer *user_model.User, downloader ba
 				log.Warn("migrating issues is not supported, ignored")
 				break
 			}
+			for i := 0; i < len(issues); i++ {
+				if mapInsertedIssueIndexes.Contains(issues[i].Number) {
+					issues = append(issues[:i], issues[i+1:]...)
+					i--
+					continue
+				}
+				mapInsertedIssueIndexes.Add(issues[i].Number)
+			}
 
 			if err := uploader.CreateIssues(ctx, issues...); err != nil {
 				return err
@@ -381,6 +393,7 @@ func migrateRepository(ctx context.Context, doer *user_model.User, downloader ba
 		log.Trace("migrating pull requests and comments")
 		messenger("repo.migrate.migrating_pulls")
 		prBatchSize := uploader.MaxBatchInsertSize("pullrequest")
+		mapInsertedPRIndexes := container.Set[int64]{}
 		for i := 1; ; i++ {
 			prs, isEnd, err := downloader.GetPullRequests(ctx, i, prBatchSize)
 			if err != nil {
@@ -390,6 +403,14 @@ func migrateRepository(ctx context.Context, doer *user_model.User, downloader ba
 				log.Warn("migrating pull requests is not supported, ignored")
 				break
 			}
+			for i := 0; i < len(prs); i++ {
+				if mapInsertedPRIndexes.Contains(prs[i].Number) {
+					prs = append(prs[:i], prs[i+1:]...)
+					i--
+					continue
+				}
+				mapInsertedPRIndexes.Add(prs[i].Number)
+			}
 
 			if err := uploader.CreatePullRequests(ctx, prs...); err != nil {
 				return err

tests/integration/api_actions_permission_test.go

@@ -0,0 +1,54 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"net/http"
+	"testing"
+
+	"code.gitea.io/gitea/modules/setting"
+	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/test"
+	"code.gitea.io/gitea/tests"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func testActionUserSignIn(t *testing.T) {
+	req := NewRequest(t, "GET", "/api/v1/user").
+		AddTokenAuth("8061e833a55f6fc0157c98b883e91fcfeeb1a71a")
+	resp := MakeRequest(t, req, http.StatusOK)
+
+	var u api.User
+	DecodeJSON(t, resp, &u)
+	assert.Equal(t, "gitea-actions", u.UserName)
+}
+
+func testActionUserAccessPublicRepo(t *testing.T) {
+	req := NewRequestf(t, "GET", "/api/v1/repos/user2/repo1/raw/README.md").
+		AddTokenAuth("8061e833a55f6fc0157c98b883e91fcfeeb1a71a")
+	resp := MakeRequest(t, req, http.StatusOK)
+	assert.Equal(t, "file", resp.Header().Get("x-gitea-object-type"))
+
+	defer test.MockVariableValue(&setting.Service.RequireSignInViewStrict, true)()
+
+	req = NewRequestf(t, "GET", "/api/v1/repos/user2/repo1/raw/README.md").
+		AddTokenAuth("8061e833a55f6fc0157c98b883e91fcfeeb1a71a")
+	resp = MakeRequest(t, req, http.StatusOK)
+	assert.Equal(t, "file", resp.Header().Get("x-gitea-object-type"))
+}
+
+func testActionUserNoAccessOtherPrivateRepo(t *testing.T) {
+	req := NewRequestf(t, "GET", "/api/v1/repos/user2/repo2/raw/README.md").
+		AddTokenAuth("8061e833a55f6fc0157c98b883e91fcfeeb1a71a")
+	MakeRequest(t, req, http.StatusNotFound)
+}
+
+func TestActionUserAccessPermission(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("ActionUserSignIn", testActionUserSignIn)
+	t.Run("ActionUserAccessPublicRepo", testActionUserAccessPublicRepo)
+	t.Run("ActionUserNoAccessOtherPrivateRepo", testActionUserNoAccessOtherPrivateRepo)
+}