Commit graph

1523 commits

Author SHA1 Message Date
6543
7751bb64cb
Calculate PublicOnly for org membership only once (#32234)
Refactoring of #32211

this move the PublicOnly() filter calcuation next to the DB querys and
let it be decided by the Doer

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit 43c252dfeaf9ab03c4db3e7ac5169bc0d69901ac)

Conflicts:
	models/organization/org_test.go
	models/organization/org_user_test.go
	routers/web/org/home.go

  rather simple conflict resolution but not trivial
  tests/integration/user_count_test.go had to be adapted (simple)
  because it does not exist in Gitea and uses the modified model
2024-11-17 21:57:34 +01:00
ChristopherHX
7f51210672
Harden runner updateTask and updateLog api (#32462)
Per proposal https://github.com/go-gitea/gitea/issues/32461

(cherry picked from commit f888e45432ccb86b18e6709fbd25223e07f2c422)
2024-11-17 08:45:37 +01:00
Angel Nunez Mencias
01c9c19536
fmt 2024-11-16 18:12:40 +01:00
angelnu
d2dc4fae3a
review changes 2024-11-16 18:12:40 +01:00
angelnu
e434ecdaca
check IsCommitExist 2024-11-16 18:12:40 +01:00
Gusted
061abe6004
fix: don't show private forks in forks list
- If a repository is forked to a private or limited user/organization,
the fork should not be visible in the list of forks depending on the
doer requesting the list of forks.
- Added integration testing for web and API route.
2024-11-15 10:59:36 +01:00
Otto
0fb48872ac Merge pull request '[FEAT] Trim spaces from repo names on form submission' (#5822) from gusted/forgejo-trim-spaces-form into forgejo
Some checks are pending
/ release (push) Waiting to run
testing / backend-checks (push) Waiting to run
testing / frontend-checks (push) Waiting to run
testing / test-unit (push) Blocked by required conditions
testing / test-e2e (push) Blocked by required conditions
testing / test-remote-cacher (map[image:docker.io/bitnami/redis:7.2 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:docker.io/bitnami/valkey:7.2 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:ghcr.io/microsoft/garnet-alpine:1.0.14 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:registry.redict.io/redict:7.3.0-scratch port:6379]) (push) Blocked by required conditions
testing / test-mysql (push) Blocked by required conditions
testing / test-pgsql (push) Blocked by required conditions
testing / test-sqlite (push) Blocked by required conditions
testing / security-check (push) Blocked by required conditions
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5822
Reviewed-by: Otto <otto@codeberg.org>
2024-11-06 09:16:17 +00:00
Earl Warren
36b18fb6cc Merge pull request '[gitea] week 2024-45 cherry pick (gitea/main -> forgejo)' (#5789) from algernon/wcp/2024-45 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5789
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-11-06 08:57:43 +00:00
Gusted
310376525b
[CHORE] Use forked binding library
- Use the forked [binding](https://code.forgejo.org/go-chi/binding)
library. This library has two benefits, it removes the usage of
`github.com/goccy/go-json` (has no benefit as the minimo library is also
using it). It adds the `TrimSpace` feature, which will during the
binding part trim the spaces around the value it got from the form, this
is done before validation.
2024-11-05 22:47:34 +01:00
Gusted
d5a1188086 Merge pull request 'feat: add partial quoting' (#5677) from gusted/forgejo-partial-qouting into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5677
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-11-05 20:13:04 +00:00
Zettat123
6b74043b85
Fix missing signature key error when pulling Docker images with SERVE_DIRECT enabled (#32365)
Fix #28121

I did some tests and found that the `missing signature key` error is
caused by an incorrect `Content-Type` header. Gitea correctly sets the
`Content-Type` header when serving files.

348d1d0f32/routers/api/packages/container/container.go (L712-L717)
However, when `SERVE_DIRECT` is enabled, the `Content-Type` header may
be set to an incorrect value by the storage service. To fix this issue,
we can use query parameters to override response header values.

https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
<img width="600px"
src="https://github.com/user-attachments/assets/f2ff90f0-f1df-46f9-9680-b8120222c555"
/>

In this PR, I introduced a new parameter to the `URL` method to support
additional parameters.

```
URL(path, name string, reqParams url.Values) (*url.URL, error)
```

---

Most S3-like services support specifying the content type when storing
objects. However, Gitea always use `application/octet-stream`.
Therefore, I believe we also need to improve the `Save` method to
support storing objects with the correct content type.

b7fb20e73e/modules/storage/minio.go (L214-L221)
(cherry picked from commit 0690cb076bf63f71988a709f62a9c04660b51a4f)

Conflicts:
	- modules/storage/azureblob.go
	  Dropped the change, as we do not support Azure blob storage.
	- modules/storage/helper.go
	  Resolved by adjusting their `discardStorage` to our
	  `DiscardStorage`
	- routers/api/actions/artifacts.go
	  routers/api/actions/artifactsv4.go
	  routers/web/repo/actions/view.go
	  routers/web/repo/download.go
	  Resolved the conflicts by manually adding the new `nil`
	  parameter to the `storage.Attachments.URL()` calls.

	  Originally conflicted due to differences in the if expression
	  above these calls.
2024-11-05 09:33:15 +01:00
Oleksandr Redko
4aa61601c3
refactor: remove redundant err declarations (#32381)
(cherry picked from commit f4d3aaeeb9e1b11c5495e4608a3f52f316c35758)

Conflicts:
	- modules/charset/charset_test.go
	  Resolved by manually changing a `=` to `:=`, as per the
	  original patch. Conflict was due to `require.NoError`.
2024-11-05 09:33:15 +01:00
wxiaoguang
171de4d107
[PORT] Fix git error handling (gitea#32401)
---
Conflict resolution: Trivial, for `repo_attributes.go` move where the
`IsErrCanceledOrKilled` needs to happen because of other changes that
happened in this file.

To add some words to this change: It seems to be mostly simplifying the
error handling of git operations.

(cherry picked from commit e524f63d58900557d7d57fc3bcd19d9facc8b8ee)
2024-11-03 16:47:44 +01:00
JakobDev
86546fe63e
feat: Add Search to Releases Page 2024-11-02 10:24:35 +01:00
Tom Neuber
68d5cf0e92
Add branch auto deletion for scheduled PRs 2024-10-31 03:49:15 +01:00
Earl Warren
485db0a3ba Merge pull request '[gitea] week 2024-44 cherry pick (gitea/main -> forgejo)' (#5714) from algernon/wcp/2024-44 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5714
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-10-29 09:05:27 +00:00
Gusted
266e0b2ce9
security: add permission check to 'delete branch after merge'
- Add a permission check that the doer has write permissions to the head
repository if the the 'delete branch after merge' is enabled when
merging a pull request.
- Unify the checks in the web and API router to `DeleteBranchAfterMerge`.
- Added integration tests.
2024-10-28 05:48:10 +01:00
Zettat123
8c79008d6f
Add DISABLE_ORGANIZATIONS_PAGE and DISABLE_CODE_PAGE settings for explore pages and fix an issue related to user search (#32288)
These settings can allow users to only display the repositories explore page.

Thanks to yp05327 and wxiaoguang !

---------

Co-authored-by: Giteabot <teabot@gitea.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 9206fbb55fd28f21720072fce6a36cc22277934c)

Conflicts:
	 - templates/explore/navbar.tmpl
	   Resolved by manually applying the last hunk to our template.
2024-10-27 11:27:40 +01:00
Gusted
2c2ac80030 feat: Add partial quoting
- If you select a portion of the comment, `Quote reply` will not only
quote that portion and not copy paste the whole text as it previously
did. This is achieved by using the `@github/quote-selection` package.
- There's preprocessing to ensure Forgejo-flavored markdown syntax is
preserved.
- e2e test added.
- Resolves #1342
2024-10-26 19:15:43 +02:00
Earl Warren
c1a08156f8 Merge pull request '[gitea] week 2024-43 cherry pick (gitea/main -> forgejo)' (#5621) from algernon/wcp/2024-43 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5621
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-10-22 17:37:03 +00:00
Gusted
f298bf125a Merge pull request 'fix: use ValidateEmail as binding across web forms' (#5158) from solomonv/consolidate-email-validation into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5158
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-10-21 14:31:32 +00:00
dragon
95c7599db5 fix arch pkg 2024-10-21 10:08:57 +08:00
6543
f4c2c401ec
API: enhance SearchIssues swagger docs (#32208)
this will result in better api clients generated out of the openapi docs
... for SearchIssues

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit d638067d3cb0a7f69b4d899f65b9be4940bd3e41)
2024-10-20 09:44:18 +02:00
Earl Warren
e2354703ed Merge pull request '[gitea] week 2024-42 cherry pick (gitea/main -> forgejo)' (#5543) from earl-warren/wcp/2024-42 into forgejo
Some checks are pending
/ release (push) Waiting to run
testing / backend-checks (push) Waiting to run
testing / frontend-checks (push) Waiting to run
testing / security-check (push) Blocked by required conditions
testing / test-unit (push) Blocked by required conditions
testing / test-e2e (push) Blocked by required conditions
testing / test-remote-cacher (map[image:docker.io/bitnami/redis:7.2 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:docker.io/bitnami/valkey:7.2 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:ghcr.io/microsoft/garnet-alpine:1.0.14 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:registry.redict.io/redict:7.3.0-scratch port:6379]) (push) Blocked by required conditions
testing / test-mysql (push) Blocked by required conditions
testing / test-pgsql (push) Blocked by required conditions
testing / test-sqlite (push) Blocked by required conditions
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5543
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-10-19 13:54:24 +00:00
Earl Warren
e299a7f4cd Merge pull request 'fix: don't cancel schedule workflows on push to main branch' (#5470) from Kwonunn/forgejo:dont-cancel-schedule-workflow into forgejo
Some checks are pending
/ release (push) Waiting to run
testing / backend-checks (push) Waiting to run
testing / frontend-checks (push) Waiting to run
testing / test-unit (push) Blocked by required conditions
testing / test-e2e (push) Blocked by required conditions
testing / test-remote-cacher (map[image:docker.io/bitnami/redis:7.2 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:docker.io/bitnami/valkey:7.2 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:ghcr.io/microsoft/garnet-alpine:1.0.14 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:registry.redict.io/redict:7.3.0-scratch port:6379]) (push) Blocked by required conditions
testing / test-mysql (push) Blocked by required conditions
testing / test-pgsql (push) Blocked by required conditions
testing / test-sqlite (push) Blocked by required conditions
testing / security-check (push) Blocked by required conditions
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5470
2024-10-13 12:06:02 +00:00
6543
d0af8fe4dc
Allow filtering PRs by poster in the ListPullRequests API (#32209)
as title

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit bdd655f2bde5facada4394f36fe54e364787de7a)
2024-10-13 07:58:01 +03:00
Lunny Xiao
a052d2b602
Fix bug when a token is given public only
Port of https://github.com/go-gitea/gitea/pull/32204

(cherry picked from commit d6d3c96e6555fc91b3e2ef21f4d8d7475564bb3e)

Conflicts:
  routers/api/v1/api.go
	services/context/api.go
  trivial context conflicts
2024-10-10 10:41:42 +03:00
yp05327
af901ac7bb
Add support for searching users by email (#30908)
Fix #30898

we have an option `SearchByEmail`, so enable it, then we can search user
by email.
Also added a test for it.

(cherry picked from commit 5d6d025c9b8d2abca9ec2bfdc795d1f0c1c6592d)
2024-10-06 08:10:22 +02:00
Job
1dfe58ad11
Fix PR creation on forked repositories (#31863)
Resolves #20475

(cherry picked from commit 7e68bc88238104d2ee8b5a877fc1ad437f1778a4)

Conflicts:
	tests/integration/pull_create_test.go
  add missing testPullCreateDirectly from
  c63060b130d34e3f03f28f4dccbf04d381a95c17 Fix code owners will not be mentioned when a pull request comes from a forked repository (#30476)
2024-10-06 08:08:40 +02:00
Zettat123
b67b7c1238
Fix the logic of finding the latest pull review commit ID (#32139)
Fix #31423

(cherry picked from commit f4b8f6fc40ce2869135372a5c6ec6418d27ebfba)

Conflicts:
	models/fixtures/comment.yml
  comment fixtures have to be shifted because there is one more in Forgejo
2024-10-06 07:44:28 +02:00
Kwonunn
b20c0b1469
fix: don't cancel schedule workflows on push to main branch 2024-10-05 12:14:44 +02:00
ChristopherHX
8f0a05a7e4
Fix artifact v4 upload above 8MB (#31664)
Multiple chunks are uploaded with type "block" without using
"appendBlock" and eventually out of order for bigger uploads.
8MB seems to be the chunk size

This change parses the blockList uploaded after all blocks to get the
final artifact size and order them correctly before calculating the
sha256 checksum over all blocks

Fixes #31354

(cherry picked from commit b594cec2bda6f861effedb2e8e0a7ebba191c0e9)

Conflicts:
	routers/api/actions/artifactsv4.go
  conflict because of Refactor AppURL usage (#30885) 67c1a07285008cc00036a87cef966c3bd519a50c
    that was not cherry-picked in Forgejo
    the resolution consist of removing the extra ctx argument
2024-09-29 09:24:15 +02:00
Exploding Dragon
89742c4913 feat: add architecture-specific removal support for arch package (#5351)
Some checks are pending
/ release (push) Waiting to run
testing / backend-checks (push) Waiting to run
testing / frontend-checks (push) Waiting to run
testing / test-unit (push) Blocked by required conditions
testing / test-remote-cacher (map[image:docker.io/bitnami/redis:7.2 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:docker.io/bitnami/valkey:7.2 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:ghcr.io/microsoft/garnet-alpine:1.0.14 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:registry.redict.io/redict:7.3.0-scratch port:6379]) (push) Blocked by required conditions
testing / test-mysql (push) Blocked by required conditions
testing / test-pgsql (push) Blocked by required conditions
testing / test-sqlite (push) Blocked by required conditions
testing / security-check (push) Blocked by required conditions
- [x] add architecture-specific removal support
- [x] Fix upload competition
- [x] Fix not checking input when downloading

docs: https://codeberg.org/forgejo/docs/pulls/874

### Release notes

- [ ] I do not want this change to show in the release notes.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5351
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
Co-committed-by: Exploding Dragon <explodingfkl@gmail.com>
2024-09-27 08:21:22 +00:00
Lunny Xiao
f709de2403
Fix wrong last modify time (#32102)
(cherry picked from commit a802508f88e546bf18990559e44bf27a09c869ee)
2024-09-27 08:42:48 +02:00
KN4CK3R
526054332a
Fix incorrect /tokens api (#32085)
Fixes #32078

- Add missing scopes output.
- Disallow empty scope.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 08adbc468f8875fd4763c3656b334203c11adc0a)
2024-09-27 08:42:48 +02:00
Zettat123
961766744b
Check if the due_date is nil when editing issues (#32035)
(cherry picked from commit 3a51c37672d2fbad1f222922e75ce704d5a1ac71)
2024-09-22 09:05:15 +02:00
Kemal Zebari
eb765dabfd
Handle invalid target when creating releases using API (#31841)
A 500 status code was thrown when passing a non-existent target to the
create release API. This snapshot handles this error and instead throws
a 404 status code.

Discovered while working on #31840.

(cherry picked from commit f05d9c98c4cb95e3a8a71bf3e2f8f4529e09f96f)
2024-09-14 18:45:18 +02:00
Adam Majer
5f3a2aafdf
Return 404 instead of error when commit not exist (#31977)
Fix #31976

(cherry picked from commit bf7ae0429cdf236510aa6702e499878bc2345a6e)
2024-09-09 20:54:47 +02:00
Solomon Victorino
471567b3ba fix: use ValidateEmail as binding across web forms 2024-08-28 22:25:17 -06:00
Gusted
5a871f6095
[SEC] Ensure propagation of API scopes for Conan and Container authentication
- The Conan and Container packages use a different type of
authentication. It first authenticates via the regular way (api tokens
or user:password, handled via `auth.Basic`) and then generates a JWT
token that is used by the package software (such as Docker) to do the
action they wanted to do. This JWT token didn't properly propagate the
API scopes that the token was generated for, and thus could lead to a
'scope escalation' within the Conan and Container packages, read
access to write access.
- Store the API scope in the JWT token, so it can be propagated on
subsequent calls that uses that JWT token.
- Integration test added.
- Resolves #5128
2024-08-28 10:33:32 +02:00
Gusted
d623126103 Merge pull request '[PORT] Refactor the usage of batch catfile (gitea#31754)' (#5122) from gusted/forgejo-port-gt-31754 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5122
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-26 16:04:47 +00:00
Gusted
1a68d14cf8
[FIX] Don't allow SSH authentication without ssh executable
- Follow up of #4819
- When no `ssh` executable is present, disable the UI and backend bits
that allow the creation of push mirrors that use SSH authentication. As
this feature requires the usage of the `ssh` binary.
- Integration test added.
2024-08-26 08:58:35 +02:00
Gusted
b44dcf553c
[TESTS] Fix usage of LoadRepoCommit
It loads the Commit with a temporary open GitRepo. This is incorrect,
the GitRepo should be open as long as the Commit can be used. This
mainly removes the usage of this function as it's not needed.
2024-08-26 08:03:48 +02:00
Philip Peterson
03508b33a8
[FEAT] Allow pushmirror to use publickey authentication
- Continuation of https://github.com/go-gitea/gitea/pull/18835 (by
@Gusted, so it's fine to change copyright holder to Forgejo).
- Add the option to use SSH for push mirrors, this would allow for the
deploy keys feature to be used and not require tokens to be used which
cannot be limited to a specific repository. The private key is stored
encrypted (via the `keying` module) on the database and NEVER given to
the user, to avoid accidental exposure and misuse.
- CAVEAT: This does require the `ssh` binary to be present, which may
not be available in containerized environments, this could be solved by
adding a SSH client into forgejo itself and use the forgejo binary as
SSH command, but should be done in another PR.
- CAVEAT: Mirroring of LFS content is not supported, this would require
the previous stated problem to be solved due to LFS authentication (an
attempt was made at forgejo/forgejo#2544).
- Integration test added.
- Resolves #4416
2024-08-22 17:05:07 +02:00
Gusted
fe18428806
Fix linting issues 2024-08-18 16:25:13 +02:00
Otto
b77f45f46b Merge pull request 'Revert "Prevent allow/reject reviews on merged/closed PRs"' (#4907) from caesar/forgejo:revert-no-closed-pr-review into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4907
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-08-13 23:25:54 +00:00
Otto Richter
e330c88411 fix(api): Correct descriptions for quota calls 2024-08-12 22:05:56 +02:00
Caesar Schinas
65c2595f26
Revert "Prevent allow/reject reviews on merged/closed PRs"
This reverts commit 4ed372af13.
This change from Gitea was not considered by the Forgejo UI team and there is a consensus that it feels like a regression.

The test which was added in that commit is kept and modified to test that reviews can successfully be submitted on closed and merged PRs.

Closes forgejo/design#11
2024-08-12 12:24:52 +01:00
Earl Warren
44002a6399 Merge pull request 'chore(refactor): split repo_service.ForkRepository in two' (#4879) from earl-warren/forgejo:wip-fork-split into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4879
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-11 15:50:52 +00:00
Earl Warren
cfefe2b6c9
chore(refactor): split repo_service.ForkRepository in two
ForkRepository performs two different functions:

* The fork itself, if it does not already exist
* Updates and notifications after the fork is performed

The function is split to reflect that and otherwise unmodified.

The two function are given different names to:

* clarify which integration tests provides coverage
* distinguish it from the notification method by the same name
2024-08-11 12:40:34 +02:00