Fix various version parsing problems

go.mod

@@ -296,8 +296,6 @@ ignore (
 
 replace github.com/jaytaylor/html2text => github.com/Necoro/html2text v0.0.0-20250804200300-7bf1ce1c7347
 
-replace github.com/hashicorp/go-version => github.com/6543/go-version v1.3.1
-
 replace github.com/nektos/act => gitea.com/gitea/act v0.261.7-0.20251003180512-ac6e4b751763
 
 replace git.sr.ht/~mariusor/go-xsd-duration => gitea.com/gitea/go-xsd-duration v0.0.0-20220703122237-02e73435a078

go.sum

@@ -53,8 +53,6 @@ github.com/42wim/httpsig v1.2.3 h1:xb0YyWhkYj57SPtfSttIobJUPJZB9as1nsfo7KWVcEs=
 github.com/42wim/httpsig v1.2.3/go.mod h1:nZq9OlYKDrUBhptd77IHx4/sZZD+IxTBADvAPI9G/EM=
 github.com/42wim/sshsig v0.0.0-20250502153856-5100632e8920 h1:mWAVGlovzUfREJBhm0GwJnDNu21yRrL9QH9NIzAU3rg=
 github.com/42wim/sshsig v0.0.0-20250502153856-5100632e8920/go.mod h1:zWxcT7BIWOe05xVJL0VMvO/PJ6RpoCux10heb77H6Q8=
-github.com/6543/go-version v1.3.1 h1:HvOp+Telns7HWJ2Xo/05YXQSB2bE0WmVgbHqwMPZT4U=
-github.com/6543/go-version v1.3.1/go.mod h1:oqFAHCwtLVUTLdhQmVZWYvaHXTdsbB4SY85at64SQEo=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.0 h1:ci6Yd6nysBRLEodoziB6ah1+YOzZbZk+NYneoA6q+6E=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.0/go.mod h1:QyVsSSN64v5TGltphKLQ2sQxe4OBQg0J1eKRcVBnfgE=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1 h1:B+blDbyVIG3WaikNxPnhPiJ1MThR03b3vKGtER95TP4=
@@ -474,6 +472,8 @@ github.com/hashicorp/go-retryablehttp v0.7.8 h1:ylXZWnqa7Lhqpk0L1P1LzDtGcCR0rPVU
 github.com/hashicorp/go-retryablehttp v0.7.8/go.mod h1:rjiScheydd+CxvumBsIrFKlx3iS0jrZ7LvzFGFmuKbw=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-version v1.8.0 h1:KAkNb1HAiZd1ukkxDFGmokVZe1Xy9HG6NUp+bPle2i4=
+github.com/hashicorp/go-version v1.8.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=

modules/git/git.go

@@ -88,12 +88,17 @@ func parseGitVersionLine(s string) (*version.Version, error) {
 		return nil, fmt.Errorf("invalid git version: %q", s)
 	}
 
-	// version string is like: "git version 2.29.3" or "git version 2.29.3.windows.1"
+	// version output is like: "git version {versionString}"
+	// versionString can be:
+	// * "2.5.3"
+	// * "2.29.3.windows.1"
+	// * "2.28.0.618.gf4bc123cb7": https://github.com/go-gitea/gitea/issues/12731
 	versionString := fields[2]
-	if pos := strings.Index(versionString, "windows"); pos >= 1 {
-		versionString = versionString[:pos-1]
+	versionFields := strings.Split(versionString, ".")
+	if len(versionFields) > 3 {
+		versionFields = versionFields[:3]
 	}
-	return version.NewVersion(versionString)
+	return version.NewVersion(strings.Join(versionFields, "."))
 }
 
 func checkGitVersionCompatibility(gitVer *version.Version) error {

modules/git/git_test.go

@@ -23,6 +23,10 @@ func TestParseGitVersion(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, "2.29.3", v.String())
 
+	v, err = parseGitVersionLine("git version 2.28.0.618.gf4bc123cb7")
+	assert.NoError(t, err)
+	assert.Equal(t, "2.28.0", v.String())
+
 	_, err = parseGitVersionLine("git version")
 	assert.Error(t, err)
 

modules/packages/rubygems/metadata.go

@@ -9,6 +9,7 @@ import (
 	"io"
 	"regexp"
 	"strings"
+	"sync"
 
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/modules/validation"
@@ -25,7 +26,9 @@ var (
 	ErrInvalidVersion = util.NewInvalidArgumentErrorf("package version is invalid")
 )
 
-var versionMatcher = regexp.MustCompile(`\A[0-9]+(?:\.[0-9a-zA-Z]+)*(?:-[0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*)?\z`)
+var versionMatcher = sync.OnceValue(func() *regexp.Regexp {
+	return regexp.MustCompile(`\A[0-9]+(?:\.[0-9a-zA-Z]+)*(?:-[0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*)?\z`)
+})
 
 // Package represents a RubyGems package
 type Package struct {
@@ -128,7 +131,7 @@ func (r requirement) AsVersionRequirement() []VersionRequirement {
 			continue
 		}
 		version, ok := versionInt.(string)
-		if !ok || version == "0" {
+		if !ok || (version == "0" && restriction == ">=") {
 			continue
 		}
 
@@ -176,7 +179,7 @@ func parseMetadataFile(r io.Reader) (*Package, error) {
 		return nil, ErrInvalidName
 	}
 
-	if !versionMatcher.MatchString(spec.Version.Version) {
+	if !versionMatcher().MatchString(spec.Version.Version) {
 		return nil, ErrInvalidVersion
 	}
 

modules/packages/rubygems/metadata_test.go

@@ -4,60 +4,117 @@
 package rubygems
 
 import (
-	"archive/tar"
-	"bytes"
-	"encoding/base64"
-	"io"
 	"testing"
 
+	"code.gitea.io/gitea/modules/test"
+
 	"github.com/stretchr/testify/assert"
 )
 
 func TestParsePackageMetaData(t *testing.T) {
-	createArchive := func(filename string, content []byte) io.Reader {
-		var buf bytes.Buffer
-		tw := tar.NewWriter(&buf)
-		hdr := &tar.Header{
-			Name: filename,
-			Mode: 0o600,
-			Size: int64(len(content)),
-		}
-		tw.WriteHeader(hdr)
-		tw.Write(content)
-		tw.Close()
-		return &buf
-	}
-
 	t.Run("MissingMetadataFile", func(t *testing.T) {
-		data := createArchive("dummy.txt", []byte{0})
-
+		data := test.WriteTarArchive(map[string]string{"dummy.txt": ""})
 		rp, err := ParsePackageMetaData(data)
 		assert.ErrorIs(t, err, ErrMissingMetadataFile)
 		assert.Nil(t, rp)
 	})
 
 	t.Run("Valid", func(t *testing.T) {
-		content, _ := base64.StdEncoding.DecodeString("H4sICHC/I2EEAG1ldGFkYXRhAAEeAOH/bmFtZTogZwp2ZXJzaW9uOgogIHZlcnNpb246IDEKWw35Tx4AAAA=")
-		data := createArchive("metadata.gz", content)
-
+		metadataContent := test.CompressGzip(`
+name: g
+version:
+  version: 1
+`)
+		data := test.WriteTarArchive(map[string]string{
+			"metadata.gz": metadataContent.String(),
+		})
 		rp, err := ParsePackageMetaData(data)
 		assert.NoError(t, err)
 		assert.NotNil(t, rp)
 	})
 }
 
 func TestParseMetadataFile(t *testing.T) {
-	content, _ := base64.StdEncoding.DecodeString(`H4sIAMe7I2ECA9VVTW/UMBC9+1eYXvaUbJpSQBZUHJAqDlwK4kCFIseZzZrGH9iTqisEv52Js9nd
-0KqggiqRXWnX45n3ZuZ5nCzL+JPQ15ulq7+AQnEORoj3HpReaSVRO8usNCB4qxEku4YQySbuCPo4
-bjHOd07HeZGfMt9JXLlgBB9imOxx7UIULOPnCZMMLsDXXgeiYbW2jQ6C0y9TELBSa6kJ6/IzaySS
-R1mUx1nxIitPeFGI9M2L6eGfWAMebANWaUgktzN9M3lsKNmxutBb1AYyCibbNhsDFu+q9GK/Tc4z
-d2IcLBl9js5eHaXFsLyvXeNz0LQyL/YoLx8EsiCMBZlx46k6sS2PDD5AgA5kJPNKdhH2elWzOv7n
-uv9Q9Aau/6ngP84elvNpXh5oRVlB5/yW7BH0+qu0G4gqaI/JdEHBFBS5l+pKtsARIjIwUnfj8Le0
-+TrdJLl2DG5A9SjrjgZ1mG+4QbAD+G4ZZBUap6qVnnzGf6Rwp+vliBRqtnYGPBEKvkb0USyXE8mS
-dVoR6hj07u0HZgAl3SRS8G/fmXcRK20jyq6rDMSYQFgidamqkXbbuspLXE/0k7GphtKqe67GuRC/
-yjAbmt9LsOMp8xMamFkSQ38fP5EFjdz8LA4do2C69VvqWXAJgrPbKZb58/xZXrKoW6ttW13Bhvzi
-4ftn7/yUxd4YGcglvTmmY8aGY3ZwRn4CqcWcidUGAAA=`)
-	rp, err := parseMetadataFile(bytes.NewReader(content))
+	content := test.CompressGzip(`--- !ruby/object:Gem::Specification
+name: gitea
+version: !ruby/object:Gem::Version
+  version: 1.0.5
+platform: ruby
+authors:
+- Gitea
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2021-08-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: runtime-dep
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: dev-dep
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.2'
+description: RubyGems package test
+email: rubygems@gitea.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/gitea.rb
+homepage: https://gitea.io/
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.7.6.2
+signing_key:
+specification_version: 4
+summary: Gitea package
+test_files: []
+`)
+	rp, err := parseMetadataFile(content)
 	assert.NoError(t, err)
 	assert.NotNil(t, rp)
 
@@ -84,5 +141,5 @@ yjAbmt9LsOMp8xMamFkSQ38fP5EFjdz8LA4do2C69VvqWXAJgrPbKZb58/xZXrKoW6ttW13Bhvzi
 	assert.Equal(t, "dev-dep", rp.Metadata.DevelopmentDependencies[0].Name)
 	assert.Len(t, rp.Metadata.DevelopmentDependencies[0].Version, 1)
 	assert.Equal(t, "~>", rp.Metadata.DevelopmentDependencies[0].Version[0].Restriction)
-	assert.Equal(t, "5.2", rp.Metadata.DevelopmentDependencies[0].Version[0].Version)
+	assert.Equal(t, "0", rp.Metadata.DevelopmentDependencies[0].Version[0].Version)
 }

modules/test/utils.go

@@ -5,13 +5,15 @@ package test
 
 import (
 	"archive/tar"
+	"bytes"
 	"compress/gzip"
 	"io"
 	"net/http"
 	"net/http/httptest"
 	"strings"
 
 	"code.gitea.io/gitea/modules/json"
+	"code.gitea.io/gitea/modules/util"
 )
 
 // RedirectURL returns the redirect URL of a http response.
@@ -82,3 +84,40 @@ func ReadAllTarGzContent(r io.Reader) (map[string]string, error) {
 	}
 	return content, nil
 }
+
+func WriteTarArchive(files map[string]string) *bytes.Buffer {
+	return WriteTarCompression(func(w io.Writer) io.WriteCloser { return util.NopCloser{Writer: w} }, files)
+}
+
+func WriteTarCompression[F func(io.Writer) io.WriteCloser | func(io.Writer) (io.WriteCloser, error)](compression F, files map[string]string) *bytes.Buffer {
+	buf := &bytes.Buffer{}
+	var cw io.WriteCloser
+	switch compressFunc := any(compression).(type) {
+	case func(io.Writer) io.WriteCloser:
+		cw = compressFunc(buf)
+	case func(io.Writer) (io.WriteCloser, error):
+		cw, _ = compressFunc(buf)
+	}
+	tw := tar.NewWriter(cw)
+
+	for name, content := range files {
+		hdr := &tar.Header{
+			Name: name,
+			Mode: 0o600,
+			Size: int64(len(content)),
+		}
+		_ = tw.WriteHeader(hdr)
+		_, _ = tw.Write([]byte(content))
+	}
+	_ = tw.Close()
+	_ = cw.Close()
+	return buf
+}
+
+func CompressGzip(content string) *bytes.Buffer {
+	buf := &bytes.Buffer{}
+	cw := gzip.NewWriter(buf)
+	_, _ = cw.Write([]byte(content))
+	_ = cw.Close()
+	return buf
+}