Commit graph

586 commits

Author SHA1 Message Date
James Hatfield
16d06705b3 feat: add setting to block disposable emails
- Add a new setting `EMAIL_DOMAIN_BLOCK_DISPOSABLE` that will append a list of
  domains that are known for being used by temporary or disposable email
  services.

- Add a utility to automatically download and format the list of domains from
  the disposable-email-domains project on github.

  (https://github.com/disposable-email-domains/disposable-email-domains)
  license: CC0 1.0 Universal (CC0 1.0) [Public Domain]

  from README:
  """
  This repo contains a list of disposable and temporary email address domains often used to register dummy users in order to spam or abuse some services.

  We cannot guarantee all of these can still be considered disposable but we do basic checking so chances are they were disposable at one point in time.
  """
2024-11-20 23:17:37 -06:00
Renovate Bot
6553148de9 Update renovate to v39.19.1 (forgejo) (#6008)
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-11-18 05:52:58 +00:00
Otto Richter
40551de313 tests(e2e): Refactor various tests
Goals:

- speedup
- less flakiness
- best practices and more use
- documentation

config:
- sync ports in Makefile and playwright config
  (otherwise, some tests fail locally because they assert the full URL including the (wrong) port)
- even more generous timeouts
- limit workers to one again (because I finally understand how
  Playwright works)
- allow nested functions to group them together with the related test

all:

- deprecate waitForLoadState('networkidle')
  - it is discouraged as per https://playwright.dev/docs/api/class-page#page-wait-for-load-state
  - I could not find a usage that seems to require it actually (see
    added documentation in README)
  - adding an exception should be made explicitly
  - it does not do what you might expect anyway in most cases
- only log in when necessary

webauthn:

- verify that login is possible after disabling key
- otherwise, the cleanup was not necessary after the previous refactor to create a fresh user each

issue-sidebar / WIP toggle:

- split into smaller chunks
- restore original state first
- add missed assertion to fix race condition (not waiting
  before state was reached)
- explicitly toggle the state to detect mismatch earlier

issue-sidebar / labels:

- restore original state first
- better waiting for background request
2024-11-13 13:15:37 +01:00
Renovate Bot
7f31d892ac Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.62.0 (forgejo) (#5911)
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-11-11 13:02:01 +00:00
Renovate Bot
ff1a084fa3 Update renovate to v39.9.0 (forgejo) (#5907)
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-11-11 05:57:44 +00:00
Gusted
f352d6db81
chore: improve database docker instructions
- Do not require minio for mariadb docker.
- Do not require elasticsearch for mysql.
- Fix postgress password parameter.
- Add the multistatement query for mysql (this is not optimal but adding
Makefile code doesn't seem to work really well either)
2024-11-10 19:41:04 +01:00
Renovate Bot
8b27dcb3b6 Update renovate to v39 (forgejo) (major) (#5829)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5829
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-11-06 14:39:53 +00:00
Renovate Bot
fb1b3e2c6d Update renovate to v38.142.5 (forgejo) (#5802)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5802
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-11-04 05:52:26 +00:00
Otto
099efe2bdd Merge pull request 'Add typescript support' (#5690) from anbraten/forgejo:ts into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5690
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-10-31 02:02:44 +00:00
Gusted
dfe3ffc581 feat: harden localization against malicious HTML (#5703)
- Add a new script that proccess the localization files and verify that
they only contain HTML according to our strictly defined rules.
- This should make adding malicious HTML near-impossible.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5703
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2024-10-30 15:59:48 +00:00
Anbraten
8dc72589ca
Add typescript 2024-10-29 18:15:09 +01:00
Renovate Bot
f9a16f8be0 Update renovate to v38.133.0 2024-10-28 06:26:24 +00:00
Gusted
7ad83fce40 chore: move to Eslint flat config
Make the big move to Eslint flat config format. The outcome of Eslint
still should be the same, but some things has changed:
- `eslint-plugin-github` is dropped, flat configs have been out for a
while and most eslint plugins support it, but for no reason and no
activity in sight this plugin is likely not going to support flat config
for a while and to avoid other plugins not being able to update (as they
are requiring flat configs) drop the github rules.
- Nested configs don't work properly and are unified into the root
eslint config, this unification did cause some conflicts and thats why
the `import-x` is in a seperate 'group' to exclude targeting Vue files.
- The `eslint-plugin-i` is deprecated and `esplint-plugin-import-x` is
its succesor which has better support for flat configs, the same rules
are still applied.

The majority of the flat config was generated by
`@eslint/migrate-config` tool.
2024-10-23 15:28:43 +02:00
Renovate Bot
13762759fd Update renovate to v38.128.6 2024-10-21 00:03:17 +00:00
Renovate Bot
7e805fa665 Update renovate to v38.121.0 2024-10-14 20:04:12 +00:00
Renovate Bot
dc93b843cd Update x/tools to v0.26.0 2024-10-10 06:03:14 +00:00
Renovate Bot
e9040fafec Update renovate to v38.110.2 2024-10-07 00:03:30 +00:00
Otto
cb91e5a4dc Merge pull request 'Makefile: support gotestsum' (#5249) from yoctozepto/gotestsum into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5249
Reviewed-by: Otto <otto@codeberg.org>
2024-10-04 14:24:12 +00:00
Renovate Bot
1b06287fe3 Update renovate to v38.101.1 2024-09-30 00:08:52 +00:00
Renovate Bot
15ec27e658 Update renovate to v38.93.2 2024-09-23 02:02:04 +00:00
Renovate Bot
4cff39c4d9 Update renovate to v38.80.0 2024-09-16 00:02:10 +00:00
Renovate Bot
6e02a6b422 Update renovate to v38.77.2 2024-09-12 16:02:09 +00:00
forgejo-renovate-action
f8eb608a5b Merge pull request 'Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.61.0 (forgejo)' (#5282) from renovate/forgejo-github.com-golangci-golangci-lint-cmd-golangci-lint-1.x into forgejo 2024-09-11 04:47:33 +00:00
Renovate Bot
54f3284faa Update x/tools to v0.25.0 2024-09-11 02:02:38 +00:00
Renovate Bot
0f10e9a72f Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.61.0 2024-09-11 00:02:45 +00:00
Radosław Piliszek
e4134f0a81 Makefile: support gotestsum
gotestsum [1] is a tool that brings sanity to human-powered
analysis of test results, supporting handy summaries of results
and more.

This implementation allows for the use of `USE_GOTESTSUM=yes`
to switch the implementation from raw `go test` to `gotestsum`.
It also gives general flexibility in choice of go tests runner.

The PREFIX-SUFFIX play is needed for compiled tests and may
be subject to modification depending on the outcome of #5248

[1] https://pkg.go.dev/gotest.tools/gotestsum
2024-09-06 11:54:14 +00:00
Renovate Bot
eaad11ae8b Update module golang.org/x/tools/gopls to v0.16.2 2024-09-06 00:02:39 +00:00
Renovate Bot
d9893ed2b6 Update renovate to v38.59.2 2024-09-02 00:02:39 +00:00
Gusted
c2e11058bb
chore: update mock redis client
- Follow up of #5173
2024-09-01 05:42:34 +02:00
Renovate Bot
fbe464309b Update renovate to v38.52.3 2024-08-26 04:05:34 +00:00
Earl Warren
9fee7ea763
chore(license): clarify the API swagger file is and stays MIT (take 2)
Override the swagger default.
2024-08-23 19:17:07 +02:00
Renovate Bot
cbee178245 Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.60.3 2024-08-23 02:05:38 +00:00
Twenty Panda
94631ccef6
Forgejo v9.0 is GPLv3+
* display Forgejo license first
* do not send go-license in a loop because Gitea & Forgejo have
  different licenses

Refs: 62ac0cc334/AGREEMENTS.md
2024-08-22 09:09:29 +02:00
Renovate Bot
63faeb365c Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.60.2 2024-08-21 02:03:34 +00:00
Gusted
5b81cab0ed Merge pull request '[CHORE] Support reproducible builds' (#4970) from gusted/forgejo-reproducible-builds into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4970
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Radosław Piliszek <radek@piliszek.it>
2024-08-20 18:14:33 +00:00
Gusted
be46795975
[CHORE] Support reproducible builds
This is a step towards making Forgejo's binaries (the one listed in the
release tab) reproducible.

In order to make the actual binary reproducible, we have to ensure that
the release workflow has the correct configuration to produce such
reproducible binaries. The release workflow currently uses the
Dockerfile to produce binaries, as this is one of the easiest ways to do
cross-compiling for Go binaries with CGO enabled (due to SQLite). In the
Dockerfile, two new arguments are being given to the build command.
`-trimpath` ensures that the workpath directory doesn't get included in
the binary; this means that file names (such as for panics) are
relative (to the workpath) and not absolute, which shouldn't impact
debugging. `-buildid=` is added to the linker flag; it sets the BuildID
of the Go linker to be empty; the `-buildid` hashes the input actions
and output content; these vary from build to build for unknown reasons,
but likely because of the involvement of temporary file names, this
doesn't have any effect on the behavior of the resulting binary.

The Makefile receives a new command, `reproduce-build#$VERSION` which
can be used by people to produce a reproducible Forgejo binary of a
particular release; it roughly does what the release workflow also does.
Build the Dockerfile and extract the Forgejo binary from it. This
doesn't allow to produce a reproducible version for every release, only
for those that include this patch, as it needs to call the makefile of
that version in order to make a reproducible binary.

There's one thing left to do: the Dockerfile pins the Go version to a
minor level and not to a patch level. This means that if a new Go patch
version is released, that will be used instead and will result in a
different binary that isn't bit to bit the same as the one that Forgejo
has released.
2024-08-19 17:31:57 +02:00
Otto
3b8ac4388a Merge pull request 'Refactor grouped forms to semantic HTML' (#4995) from fnetx/refactor-grouped-forms into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4995
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-19 14:53:35 +00:00
Earl Warren
51620ab0f3 Merge pull request 'Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.60.1 (forgejo)' (#4953) from renovate/forgejo-github.com-golangci-golangci-lint-cmd-golangci-lint-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4953
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-19 07:38:14 +00:00
Renovate Bot
1b9222f6e2 Update renovate to v38.39.6 2024-08-19 02:03:33 +00:00
Otto Richter
c9e402afdc feat(tmpl): Introduce semantic HTML in forms
Modifies forms:

- (new) org team
- (new) repo webhook
- (new) repo protected branch

The forms are not completely rewritten to semantic HTML yet. The focus
of this change was on standard elements, some custom solutions were left
untouched for now.

- swaps the order fo permission radio buttons as per https://codeberg.org/forgejo/forgejo/issues/4983
- uses fieldsets to group related inputs
  - ensures consistent styling across forms
  - can be improved later, e.g. using horizontal lines between sections
- fixes: previous font size of labels was smaller than the font size of the help text
- help text are now part of the label, clicking them now also activates the input
- drop unused CSS (no required checkboxes in grouped class remain)
- playwright testing:
  - move login boilerplate to utils
  - automated form accessibility checking
    - allow defining the scope, because legacy parts of the forms are not yet accessible
  - assert some CSS properties that should not be overriden
- the Makefile adjustment was necessary, because eslint scanned some internal files in the tests/e2e/reports directory
2024-08-19 01:14:18 +02:00
Gusted
22d57cfc6b Merge pull request 'chore(make): structure and clean up Makefile a little' (#4979) from fnetx/makefile-structure into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4979
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-18 15:27:02 +00:00
Renovate Bot
674689af4a
Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.60.1 2024-08-18 16:03:29 +02:00
Otto Richter
7e0cebecb0 Drop docker target from Makefile
as per https://codeberg.org/forgejo/forgejo/pulls/4979#issuecomment-2181764
2024-08-18 15:14:34 +02:00
Renovate Bot
1b8a79f820 Update module mvdan.cc/gofumpt to v0.7.0 2024-08-17 00:02:59 +00:00
Otto Richter
b390641478 Drop vendor filter (dir is gone), left-align help messages 2024-08-16 15:28:48 +02:00
Otto Richter
ac5d4f68d1 Comments for structure, moving things around, drop Gitea mentions 2024-08-16 15:04:25 +02:00
Otto Richter
f2ab8c8ea7 Drop legacy update-translation target 2024-08-16 14:54:55 +02:00
Gusted
a21128a734
[CHORE] Drop go-git support
See https://codeberg.org/forgejo/discussions/issues/164 for the
rationale and discussion of this change.

Everything related to the `go-git` dependency is dropped (Only a single
instance is left in a test file to test for an XSS, it requires crafting
an commit that Git itself refuses to craft). `_gogit` files have
been removed entirely, `go:build: !gogit` is removed, `XXX_nogogit.go` files
either have been renamed or had their code being merged into the
`XXX.go` file.
2024-08-12 19:11:09 +02:00
Renovate Bot
eb6afae1c0 Update renovate to v38.25.0 2024-08-12 00:04:22 +00:00
Renovate Bot
8039240c26
Update module github.com/editorconfig-checker/editorconfig-checker/v2/cmd/editorconfig-checker to v3 2024-08-09 21:03:37 +02:00