Commit graph

172 commits

Author SHA1 Message Date
Gergely Nagy
0792f81e04
Add a release note for cherry-picked features
This adds a release note file for features cherry picked during the
2024-30 weekly gitea->forgejo cherry pick.

Thanks @earl-warren for the notes themselves!

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-07-22 15:46:01 +02:00
0ko
78a0ca1c9d feat: allow .webp attachments by default 2024-07-21 13:01:08 +05:00
Gusted
d731dc793b
[UI] Convert milestone to HTMX
- Currently if you want to update the milestone of an issue or pull
request, your whole page will be reloaded to reflect the newly set
milestone. This is quite unecessary, as only the milestone text is
updated and a new timeline event is added.
- This patch converts the milestone section in the issue/pull request
sidebar to use HTMX, so it becomes a progressive element and avoids
reloading the whole page to update the milestone.
- The update of the milestone section itself is quite straightforward
and nothing special is happening. To support adding new timeline events,
a new element `#insert-timeline` is conviently placed after the last
timeline event, which can be used with
[`hx-swap-oob`](https://htmx.org/attributes/hx-swap-oob/) to position
new timeline events before that element.
- Adds E2E test.
2024-07-17 14:52:00 +02:00
Earl Warren
573ba5e9ac Merge pull request 'docs(release-notes): proofread multiline release-notes files' (#4515) from earl-warren/forgejo:wip-release-notes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4515
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-07-15 19:24:00 +00:00
Earl Warren
c0f20a4e0a
docs(release-notes): proofread multiline release-notes files
It is not yet possible to manually edit them in the release notes
because the release notes assistant does not support that.
2024-07-15 21:22:56 +02:00
Gusted
45341ee9ce
[CHORE] Use github.com/ProtonMail/go-crypto
- We were previously using `github.com/keybase/go-crypto`, because the
package for openpgp by Go itself is deprecated and no longer
maintained. This library provided a maintained version of the openpgp
package. However, it hasn't seen any activity for the last five years,
 and I would therefore consider this also unmaintained.
- This patch switches the package to `github.com/ProtonMail/go-crypto`
which provides a maintained version of the openpgp package and was
already being used in the tests.
- Adds unit tests, I've carefully checked the callstacks to ensure the
OpenPGP-related code was covered under either a unit test or integration
tests to avoid regression, as this can easily turn into security
vulnerabilities if a regression happens here.
- Small behavior update, revocations are now checked correctly instead
of checking if they merely exist and the expiry time of a subkey is used
if one is provided (this is just cosmetic and doesn't impact security).
- One more dependency eliminated :D
2024-07-15 17:27:37 +02:00
Earl Warren
1171069ced
docs(release-notes): flatten release-notes files
It is not for the developer to keep them sorted in a hierarchy when
the release they belong to can be deduced from the tag of the release
into which they were merged. The release notes assistant does that
work instead.

Some files appeared in more than one directory (feat and fix for
instance) when the PR contains multiple unrelated commits which is
what happens on a regular basis with the weekly cherry-pick of
Gitea. Those files were merged into one and each line changed to start
with a conventional commit prefix (feat: fix:).

Each line in a file will be a separate line in the release notes, they
are not groupped together even when they relate to the same PR. The
determination of the category in which they should be displayed will
be based on regular expressions using either the PR title or the line
to add to the release notes itself.

Unify the content of each file to either be a bullet list of
independent pull requests or be folded into a single line if it is
multiline. Multiline content belongs to the documentation.

Refs: https://code.forgejo.org/forgejo/release-notes-assistant
Refs: https://www.conventionalcommits.org/en/v1.0.0/
2024-07-11 14:20:34 +02:00
Xavier Vello
147ae2c5be Fix opengraph meta for wiki pages (#4427)
Fixes https://codeberg.org/forgejo/forgejo/issues/4417 by adding a conditional branch to the `head_opengraph` template to match wiki pages. I tried to be consistent with the other types:

- `og:title` is the wiki page title
- `og:url` is built via `{{AppUrl}}{{.Link}}` like it is done for commit and file views. This has the caveat of doubling the slash (see test below). Should we `{{trimSuffix "/" AppUrl}}` to remove this, if sprig is available?
- `og:description` is the repository description to match GH behaviour. Also, the first sentences of the page might not be descriptive enough. Should we prefix the repo description with the repo name?
- `og:type` and `og:image` are common

Added a `TestOpenGraphProperties` integration test using existing fixtures. Coverage is not 100% but can be improved later.

## Output on a test repo

```html
<meta property="og:title" content="Project architecture">
<meta property="og:url" content="http://localhost:3000//xvello/wiki-test/wiki/Project-architecture">
<meta property="og:description" content="description for a test project">
<meta property="og:type" content="object">
<meta property="og:image" content="http://localhost:3000/avatars/3dd4d1e4eef065d1b4ad4bdb081ab6e7">
```

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4427
Co-authored-by: Xavier Vello <xavier.vello@gmail.com>
Co-committed-by: Xavier Vello <xavier.vello@gmail.com>
2024-07-10 18:29:35 +00:00
Earl Warren
9b8622bc58 Merge pull request 'docs(release-notes): fix artifact range requests [skip ci]' (#4443) from earl-warren/forgejo:wip-release-notes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4443
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-10 18:27:03 +00:00
Earl Warren
52775aa66a
docs(release-notes): fix artifact range requests
Refs: https://codeberg.org/forgejo/forgejo/pulls/4218
2024-07-10 08:52:06 +02:00
Earl Warren
436f8fda07 Merge pull request 'Make user privacy settings more clear' (#4439) from 0ko/forgejo:ui-settings-activity into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4439
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-10 06:09:52 +00:00
Earl Warren
2d85d51879 docs(release-notes): for pull requests #4400, #4375 [skip ci] (#4442)
Refs: https://codeberg.org/forgejo/forgejo/pulls/4400
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4442
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
2024-07-10 05:14:16 +00:00
0ko
29a1c786a3 ui(settings): make user privacy settings more clear 2024-07-10 10:07:23 +05:00
Earl Warren
e2d09101d4
docs(release-notes): display URLs in .sh-session files 2024-07-09 08:24:46 +02:00
Gusted
70a7d6a0de
[ENHANCEMENT] Improve caching of contributor stats
- It was noticed [in the Forgejo matrix channel](https://matrix.to/#/!qjPHwFPdxhpLkXMkyP:matrix.org/$vk78UR0eFCwQMDMTZ7-DWjMVB_LIAwHW6SkjhEcGkQQ?via=matrix.org) that the generation of the Forgejo project contributor stats was taking quite a while on codeberg.org. This was continued with the fact that a few moments later it was once again generating them again; it seemed like they weren't being cached while they were.
- The problem was that the cache TTL is hardcoded to ten minutes and not to the configured TTL. This patch changes that by using the configured TLL for the contributor cache, as this is a computationally heavy operation and should be cached for as long as possible for a good user experience. This doesn't impact the accuracy of this feature because the commit ID of the default branch is used as a cache key.
- Also changed in this patch, is that errors aren't cached and are instead being logged, this is more helpful to the administrator. For the user essentially nothing changed on this side, the contributor stats just looks like it's loading indefinitely.
- Realistically, testing this isn't possible, as the cache library Forgejo currently uses doesn't expose the TTL or expiration time of a key. Manually testing this behavior is quite lengthy, as one of the steps would need to be "wait for ten minutes" and describe how you can notice the data was cached or was just generated, and because you could use different types of cache, it will be quite hard to write down how you could check the TTL of a key for a particular cache (I'm not even sure it's even possible for some).
2024-07-06 21:23:46 +02:00
Earl Warren
4c4aaea26d Merge pull request 'Update dependency katex to v0.16.11' (#4291) from renovate/katex-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4291
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-04 10:19:32 +00:00
Earl Warren
dc0fa915d4
docs(release-notes): 7.0.5 [skip ci] 2024-07-03 21:02:39 +02:00
Earl Warren
4b485825c9
docs(release-notes): KaTeX add support for \emph 2024-07-03 20:38:22 +02:00
Twenty Panda
5561e80b04 fix(hook): ignore unknown push options instead of failing
If a repository has

git config --add push.pushOption submit=".sourcehut/*.yml"

it failed when pushed because of the unknown submit push
option. It will be ignored instead.

Filtering out the push options is done in an earlier stage, when the
hook command runs, before it submits the options map to the private
endpoint.

* move all the push options logic to modules/git/pushoptions
* add 100% test coverage for modules/git/pushoptions

Test coverage for the code paths from which code was moved to the
modules/git/pushoptions package:

* cmd/hook.go:runHookPreReceive
* routers/private/hook_pre_receive.go:validatePushOptions
  tests/integration/git_push_test.go:TestOptionsGitPush runs through
  both. The test verifying the option is rejected was removed and, if
  added again, will fail because the option is now ignored instead of
  being rejected.

* cmd/hook.go:runHookProcReceive
* services/agit/agit.go:ProcReceive
  tests/integration/git_test.go: doCreateAgitFlowPull runs through
  both. It uses variations of AGit related push options.

* cmd/hook.go:runHookPostReceive
* routers/private/hook_post_receive.go:HookPostReceive
  tests/integration/git_test.go:doPushCreate called by TestGit/HTTP/sha1/PushCreate
  runs through both.
  Note that although it provides coverage for this code path it does not use push options.

Fixes: https://codeberg.org/forgejo/forgejo/issues/3651
2024-07-02 21:39:01 +02:00
Earl Warren
c7bb90bc6b Merge pull request '[gitea] week 2024-27 cherry pick (gitea/main -> forgejo)' (#4266) from earl-warren/wcp/2024-27 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4266
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-02 08:29:04 +00:00
Danko Aleksejevs
36b6444f34 Remove tab key handling in markdown editor, add toolbar buttons instead, re #4072 #4142 (#4263)
We haven't decided much (to my knowledge), and I've been using the main branch in production (as one does) and found out even I myself rely on Tab sometimes working to move focus and have been caught off guard by it indenting lines instead.

So this removes Tab handling and instead adds two new buttons to the toolbar. The indentation logic is unchanged (other than now focusing the textarea during button handling, to ensure execCommand works, and thus undo history is preserved).

I'm not sure which terminology to use in tooltips. Could also add keyboard shortcuts for the whole toolbar eventually, but as is this is hopefully an better solution to the problems I previously created than un-merging the whole thing :)

<img width="414" alt="Screenshot with two new buttons" src="/attachments/b7af3aa4-a195-48d1-be0a-1559f25dce8e">

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4263
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Danko Aleksejevs <danko@very.lv>
Co-committed-by: Danko Aleksejevs <danko@very.lv>
2024-06-30 13:03:32 +00:00
Shiny Nematoda
8546b01249 [FEAT] branch/tag dropdown for git-grep (#4262)
#3654 introduced support for searching non-default branches and tags.

However, the results page lacked any indicator (aside from the url) on which branch/tag the searcg was performed. A branch dropdown was introduced to the code search page when git-grep is used both as an indicator and as a intrusive way to switch between branches/tags.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4262
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2024-06-29 06:57:34 +00:00
Earl Warren
a2426e2f90
docs(release-notes): week 2024-27 cherry pick 2024-06-29 08:03:51 +02:00
0ko
28ceec6fad ui: fix wrong string used in a search box (#4258)
Resolves https://codeberg.org/forgejo/forgejo/issues/4256.
Fixes regression caused by https://github.com/go-gitea/gitea/pull/29530/files#diff-b46ae540c8eb41d1ccaa1659489fcc47d72eee4c4f04dc83c5ccf4d6d1a3395eR45.

Preview:
Before - https://codeberg.org/forgejo/forgejo/attachments/d629f2e9-0d07-4719-9250-52d3ba9f4a9e
After - https://codeberg.org/forgejo/forgejo/attachments/6a5f5cb2-124d-4673-a387-8483125a89eb

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4258
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-06-28 16:28:03 +00:00
Mai-Lapyst
51735c415b Add support for workflow_dispatch (#3334)
Closes #2797

I'm aware of https://github.com/go-gitea/gitea/pull/28163 exists, but since I had it laying around on my drive and collecting dust, I might as well open a PR for it if anyone wants the feature a bit sooner than waiting for upstream to release it or to be a forgejo "native" implementation.

This PR Contains:
- Support for the `workflow_dispatch` trigger
- Inputs: boolean, string, number, choice

Things still to be done:
- [x] API Endpoint `/api/v1/<org>/<repo>/actions/workflows/<workflow id>/dispatches`
- ~~Fixing some UI bugs I had no time figuring out, like why dropdown/choice inputs's menu's behave weirdly~~ Unrelated visual bug with dropdowns inside dropdowns
- [x] Fix bug where opening the branch selection submits the form
- [x] Limit on inputs to render/process

Things not in this PR:
- Inputs: environment (First need support for environments in forgejo)

Things needed to test this:
- A patch for https://code.forgejo.org/forgejo/runner to actually consider the inputs inside the workflow.
  ~~One possible patch can be seen here: https://code.forgejo.org/Mai-Lapyst/runner/src/branch/support-workflow-inputs~~
  [PR](https://code.forgejo.org/forgejo/runner/pulls/199)

![image](/attachments/2db50c9e-898f-41cb-b698-43edeefd2573)

## Testing

- Checkout PR
- Setup new development runner with [this PR](https://code.forgejo.org/forgejo/runner/pulls/199)
- Create a repo with a workflow (see below)
- Go to the actions tab, select the workflow and see the notice as in the screenshot above
- Use the button + dropdown to run the workflow
  - Try also running it via the api using the `` endpoint
- ...
- Profit!

<details>
<summary>Example workflow</summary>

```yaml
on:
  workflow_dispatch:
    inputs:
      logLevel:
        description: 'Log Level'
        required: true
        default: 'warning'
        type: choice
        options:
        - info
        - warning
        - debug
      tags:
        description: 'Test scenario tags'
        required: false
        type: boolean
      boolean_default_true:
        description: 'Test scenario tags'
        required: true
        type: boolean
        default: true
      boolean_default_false:
        description: 'Test scenario tags'
        required: false
        type: boolean
        default: false
      number1_default:
        description: 'Number w. default'
        default: '100'
        type: number
      number2:
        description: 'Number w/o. default'
        type: number
      string1_default:
        description: 'String w. default'
        default: 'Hello world'
        type: string
      string2:
        description: 'String w/o. default'
        required: true
        type: string

jobs:
  test:
    runs-on: docker
    steps:
      - uses: actions/checkout@v3
      - run: whoami
      - run: cat /etc/issue
      - run: uname -a
      - run: date
      - run: echo ${{ inputs.logLevel }}
      - run: echo ${{ inputs.tags }}
      - env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"
      - run: echo "abc"
```
</details>

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3334
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Co-committed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
2024-06-28 05:17:11 +00:00
Earl Warren
282dfa1bea Merge pull request 'Clarify author label in tooltip' (#4201) from 0ko/forgejo:ui-author-tooltip into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4201
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-26 08:38:55 +00:00
Renovate Bot
d9b83719d6 Update module github.com/yuin/goldmark to v1.7.4 2024-06-26 06:19:55 +00:00
0ko
0c4716b047 Clarify author label in tooltip 2024-06-25 18:30:06 +05:00
0ko
1496bb6079 Better logic for showing user feed/public activity elements (#4189)
There are a few changes of template logic which defines when which elements should be shown on profile page. The motivation is to have the elements when needed and don't when they're not relevant.

## Changes

### RSS button

Now displayed if:
* feeds are enabled
AND one or more of:
* the current user is an admin
* the current user is viewing their profile
* the activity is publicly available

So, basically in cases when the .rss feed actually contains any events. Before this change this button was constantly shown and was giving an empty feed if it was unavailable.

### Public activity tab

The tab is displayed if:
* the current user is an admin
* the current user is viewing their profile
* the activity is publicly available
* the current tab is this exact tab, for example, in case it was accessed by adding `?tab=activity` to the URL, so that the UI is not broken w/o a highlighted tab

So, this tab is not displayed when it's not going to contain any information, but still can be accessed.

### Banner "This user has disabled the public visibility of the activity."

For admins:
* always show the big blue banner to warn that sharing a screenshot of this publicly is bad idea

For self:
* always display a little note about the current visibility status with a "Change" link

For others:
* only display a little note to explain why the activity is not shown

### Heatmap and activity feed

Elements are only displayed when relevant, instead of keeping empty leftovers, for easier testing. This template change is also covered by test. **Everything in this Changes section is covered by test unless I forgot something.**

## Preview

There's obviously too many states to screenshot, here are highlights:

![](https://codeberg.org/attachments/47559531-9bcd-46c0-90d4-8b51512da752)
_Warning admin for why they're seeing the information_

![](https://codeberg.org/attachments/3107bf62-955b-4fe5-bce3-6305a928afe1)
_Viewing self - private_

![](https://codeberg.org/attachments/afb63ead-fb0b-4fc7-9d8b-c6c09e9ae62b)
_Viewing self - public_

![](https://codeberg.org/attachments/df3c090a-7490-4827-b33b-771fd4fa0a9f)
_Don't have access to the information_

![](https://codeberg.org/attachments/2dd2b0ac-2fe0-4453-aa4b-e91fd08f4411)
_The tab is not shown when the activity can't be accessed_

![](https://codeberg.org/attachments/ed4c61de-b3b7-4523-b92b-bc76e1d8b7c5)
_Can't access the RSS feed_

![](https://codeberg.org/attachments/5a27f2be-d79c-4fb4-85a5-758348398f1b)
_Can access the RSS feed_

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4189
Reviewed-by: Otto <otto@codeberg.org>
2024-06-24 08:19:11 +00:00
Renovate Bot
e91961224d
Update module github.com/yuin/goldmark to v1.7.3 2024-06-24 08:03:18 +02:00
oliverpool
65f8c22cc7 [BUG] admin oauth2 source required check (#4194)
#4059 was unfortunately incomplete: some custom_url fields are currently shown, even if they are not used by the provider. Moreover the `Use Custom URLs Instead of Default URLs` is always checked by default.

Manual testing:
- go to http://localhost:3000/admin/auths
- click on `Add authentication source`
- Choose `Authentication type`: `OAuth2`
- Choose `OAuth2 provider`: `GitLab`
- verify that the `Use Custom URLs Instead of Default URLs` option is **initially unchecked**
- enable the `Use Custom URLs Instead of Default URLs` checkbox
- verify that only the fields "Authorize", "Token" and "Profile" URLs are shown (no "Email URL", nor "Tenant").
- Switch the `OAuth2 provider` to `Azure AD v2`
- verify that the `Use Custom URLs Instead of Default URLs` option is **initially checked**
- verify that only the field "Tenant" is shown (with the default "organizations").

![image](/attachments/0e2b1508-861c-4b0e-ae6a-6eb24ce94911)

Note: this is loosely based on the upstream fix https://github.com/go-gitea/gitea/pull/31246 which I initially overlooked.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4194
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
2024-06-21 06:21:37 +00:00
Earl Warren
328b5d79d3 Merge pull request '[gitea] week 2024-25 cherry pick (gitea/main -> forgejo)' (#4145) from earl-warren/wcp/2024-25 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4145
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-06-18 07:56:20 +00:00
Shiny Nematoda
b5d96e7db7 [FEAT] expose fuzzy search for issues/repo (#4160)
Ports fuzzy search for `/issues` and `/pulls` from gitea.
Adds fuzzy search for `/user/repo/issues` and `/user/repo/pulls`.

---
## Notes
### Port: [`gitea#be5be0ac81`](be5be0ac81)

- CONFLICT (content): Merge conflict in routers/web/user/home.go

Conflict resolved by
  1. keeping both `PageIsOrgIssues` and the newly introduced `IsFuzzy`
  2. using `pager.AddParam(ctx, "fuzzy", "IsFuzzy")` rather than `pager.AddParamString("fuzzy", fmt.Sprintf("%v", isFuzzy))`

- CONFLICT (content): Merge conflict in templates/user/dashboard/issues.tmpl

Conflict resolved by keeping the changes from #4096, and picking the `&fuzzy=${{.IsFuzzy}}` inclusion to all urls and `{{if .PageIsPulls}}...`

### Port: [`gitea#fede3cbada`](fede3cbada)

- CONFLICT (content): Merge conflict in templates/user/dashboard/issues.tmpl

Conflict resolved by keeping previous changes and picking the replacement of `{{if .PageIsPulls}}...` with `{{template "shared/search/combo_fuzzy"...` which contains the replacement of `explorer.go` to `explorer.go_to`

### Fixup commit

replaces `Iif` with `if` which was introduced in gitea#fede3cbada

### Feature commit

adds in support for /user/repo/(issues|pulls) + test

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Kerwin Bryant <kerwin612@qq.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4160
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2024-06-17 18:58:24 +00:00
oliverpool
82ae7460bf [BUG] admin authentication source JS errors (#4059)
While trying to understand #1236, I was quite confused not to see the `Use Custom URLs` checkbox.

This checkbox disappeared in b95a893b22 (because `getElementById` does not expect a `#` as first char), fixed in 4e816e1326.

After solving this, switching from `Nextcloud` to `OpenID Connect` triggered a JS error, which is addressed in 3efa4d836a.

Manual testing:
- go to http://localhost:3000/admin/auths
- click on `Add authentication source`
- Choose `Authentication type`: `OAuth2`
- Choose `OAuth2 provider`: `Nextcloud`
- check that the `Use Custom URLs Instead of Default URLs` checkbox toggles the fields below
- let the checkbox be checked
- Switch the `OAuth2 provider` to `OpenID Connect`
- ensure that no JS error is shown
- Switch the `OAuth2 provider` to `Mastodon`
- check that the fields below `Use Custom URLs Instead of Default URLs` have the right defaults (mastodon.social)

![2024-06-07-101638.png](/attachments/5bd6692e-3457-4dd8-b1c1-50e9a95a3100)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4059
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
2024-06-17 10:05:59 +00:00
Earl Warren
f3c475eeba Merge pull request 'Fix bug in GetIssueStats' (#4124) from JakobDev/forgejo:statfix into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4124
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-16 18:27:50 +00:00
Lunny Xiao
8efef06fb1 fix(repository): git push to an adopted repository fails
Fix adopt repository has empty object name in database (#31333)

Fix #31330
Fix #31311

A workaround to fix the old database is to update object_format_name to
`sha1` if it's empty or null.

(cherry picked from commit 1968c2222dcf47ebd1697afb4e79a81e74702d31)

With tests services/repository/adopt_test.go
2024-06-16 19:06:06 +02:00
0ko
0a026a9cd8 Reorder repo tabs (#4139)
More info in the linked PR.

---

Make positioning of the repo tabs make more sense. This is an isolated implementation for one of many changes discussed in the referenced issue, it will work good without the other changes too.

## Changes

- Actions are moved to the edge. This tab is the least relevant to both visitors and developers. The first don't really need it at all, the second only visit it when something goes unexpected (run did not happen or attached to the wrong event), or just to see the run queue to know when their actions is going to get processed. This is not a tab with always-relevant information.

- put Packages after releases. The Packages are like a download page for Releases, but for released packages instead of binaries/source code. It is relevant to Releases, so it should stay close, but it is secondary to Releases by importance. For example, because they don't actually contain release notes unlike Releases.

- the above makes Projects appear next to Issues and Pull requests which I think is nice as they're related.

## Preview

### v7
https://codeberg.org/attachments/c434e8fd-aaab-4c27-9071-2a3ba68ad4b7

### This PR
https://codeberg.org/attachments/74743c03-883e-40cf-8cb1-384d1d8cf63c

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4139
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Beowulf <beowulf@noreply.codeberg.org>
2024-06-16 12:36:41 +00:00
Earl Warren
053eb65a0b
docs(release-notes): week 2024-25 cherry pick
Refs: https://codeberg.org/forgejo/forgejo/pulls/4145
2024-06-16 13:42:59 +02:00
Earl Warren
642501e365
chore(dependency): asciinema-player to v3.8.0 release notes 2024-06-16 07:30:29 +02:00
Shiny Nematoda
53d4e90411 [FEAT] folding results for repo search (#4134)
closes #3855

unlike #3854, this implementation uses a generic details html tag and a bit of tailwind magic...

---
## Maintainers Note
- previously tailwind classes of the form `[-a-zA-Z:0-9_.]` was disabled, however they were enabled since they were required for the `group-open:` classes

---

## Manual Testing
1. Visit the code search results after submitting a valid query for repo (if indexer disabled) or repo, user, explore (if indexer enabled)
2. Verify thst
    1. the results are unfloded/open by default
    2. the chevron points down when open and right when closed

<video src="/attachments/5a55c56f-6159-4422-ab80-962e0121e7d2" title="fold2.mp4" controls></video>

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4134
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2024-06-15 20:16:18 +00:00
Danko Aleksejevs
221ca0c404 Implement tab indentation and list continuation in the new editor (#3848, #3849) (#4072)
This overrides handling of Tab and Enter keys in the ComboMarkdownEditor, so that:

* Pressing Tab prepending 4 spaces to the line under cursor, or all the lines in the selection.
* Pressing Shift+Tab removes up to 4 spaces.
* Pressing Enter repeats any indentation and a "repeatable" prefix (list or blockquote) from the current line.

Since Tab "capture" can interfere with keyboard navigation, it's only done if there was any previous input in the textarea or if it was selected with a pointer. Additionally, presing Esc will make the textarea lose focus, resuming tab navigation. This seems adequate to me, but I might be wrong.

Had to use the "deprecated" execCommand method, since anything else I tried messes up the undo history. There's a fallback for when (if?) it's actually removed.

Only tested in desktop Firefox and Chrome so far.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4072
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@noreply.codeberg.org>
Co-authored-by: Danko Aleksejevs <danko@very.lv>
Co-committed-by: Danko Aleksejevs <danko@very.lv>
2024-06-15 13:40:31 +00:00
Earl Warren
b386d23d09
chore(dependency): github.com/yuin/goldmark v1.7.2 release notes 2024-06-15 06:38:04 +02:00
JakobDev
4c90d20c9c
Add release note 2024-06-13 10:29:23 +02:00
Earl Warren
6176063e73
[skip ci] docs(release-notes): 7.0.4 2024-06-13 08:09:27 +02:00
Earl Warren
df373c9f7e Merge pull request '[gitea] week 2024-24 cherry pick (gitea/main -> forgejo)' (#4083) from earl-warren/wcp/2024-24 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4083
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-06-11 10:37:26 +00:00
Earl Warren
0cbe402e99
docs(release): week 2024-24 cherry pick
Refs: https://codeberg.org/forgejo/forgejo/pulls/4083
2024-06-11 09:19:09 +02:00
0ko
367317af6c Disable issue subscribe button for guest users (#4095)
* disabled the button itself, but added the tooltip to the form, because it didn't work for the button and likely has something to do with JS
* added an integration test to verify the new logic

## Preview

|Signed in|Guest|
|-|-|
|![](/attachments/b1441565-6aec-4a72-a28f-6383914c8918)|![](/attachments/839cc58e-18cf-4a5d-a9d7-f0e3e2556c98)|

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4095
Reviewed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
2024-06-11 05:54:35 +00:00
Beowulf
187860bded Fix margin above headline in rendered org-mode (#4076)
This Fixes #3962 by adding `!important` to the margin of the heading in the rendered markdown.

In the current behaviour, the margin-top was always overridden by a global css-rule. This is prevented by this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4076
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Co-committed-by: Beowulf <beowulf@beocode.eu>
2024-06-11 03:34:21 +00:00
oliverpool
7d6a0bced9 fix: PKCE only for supported providers 2024-06-10 11:24:32 +02:00
Earl Warren
77078cded4 Merge pull request 'fix(cmd): actions artifacts cannot be migrated' (#4085) from earl-warren/forgejo:wip-migration-artifacts into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4085
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-06-09 14:51:04 +00:00
Rowan Bohde
4afbfd3946
fix: allow actions artifacts storage migration to complete succesfully (#31251)
Change the copy to use `ActionsArtifact.StoragePath` instead of the
`ArtifactPath`. Skip artifacts that are expired, and don't error if the
file to copy does not exist.

---

When trying to migrate actions artifact storage from local to MinIO, we
encountered errors that prevented the process from completing
successfully:

* The migration tries to copy the files using the per-run
`ArtifactPath`, instead of the unique `StoragePath`.
* Artifacts that have been marked expired and had their files deleted
would throw an error
* Artifacts that are pending, but don't have a file uploaded yet will
throw an error.

This PR addresses these cases, and allow the process to complete
successfully.

(cherry picked from commit 8de8972baf5d82ff7b58ed77d78e8e1869e64eb5)
2024-06-09 16:02:31 +02:00
Mai-Lapyst
0a7767eaaa [FEAT] Adds x-mode-only anchor styles to display images based if the theme is light or dark mode. (#3985)
Adds a feature similar to this https://github.blog/changelog/2021-11-24-specify-theme-context-for-images-in-markdown/ , by adding styles to elements which `src` or `href` attribute ends with `#light-mode-only` or `#dark-mode-only`. To improve compability, the github variants with the `gh-` prefix are also contained.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3985
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Co-committed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
2024-06-09 10:50:53 +00:00
mirko
f015846c11 Add slogan config (#3752)
This is a PR for #3616

Currently added a new optional config `SLOGAN`  in ini file. When this config is set title page is modified in APP_NAME [ - SLOGAN]

Example in image below

![Selezione_075.png](/attachments/7a72171e-e730-4e57-8c97-ffc94258e00f)

Add the new config value in the admin settings page (readonly)

![Screenshot 2024-05-13 at 18-04-13 My Forgejo.png](/attachments/dad00fc2-29fa-4371-a7b9-5233eadeac13)

## TODO

* [x] Add the possibility to add the `SLOGAN` config from the installation form
* [ ] Update https://forgejo.org/docs/next/admin/config-cheat-sheet

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3752
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: mirko <mirko.perillo@gmail.com>
Co-committed-by: mirko <mirko.perillo@gmail.com>
2024-06-07 17:12:48 +00:00
Earl Warren
9ca80d30ce Merge pull request '[gitea] webhooks openproject compatible (gitea#28435)' (#4027) from oliverpool/forgejo:gitea-cp-28435 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4027
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-05 15:13:49 +00:00
oliverpool
8763225972 add release note 2024-06-05 15:58:51 +02:00
Earl Warren
32c882af91
test(oauth): coverage for the redirection of a denied grant
See 886a675f62 Return `access_denied` error when an OAuth2 request is denied
2024-06-05 12:51:44 +02:00
Earl Warren
c2382d4f5b Merge pull request '[gitea] week 2024-23 cherry pick (gitea/main -> forgejo)' (#3989) from earl-warren/wcp/2024-23 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3989
Reviewed-by: Otto <otto@codeberg.org>
2024-06-04 07:40:35 +00:00
Earl Warren
7e8890cc55
docs(release): add release notes 2024-06-03 10:03:29 +02:00
Earl Warren
1571052a74
[skip ci] docs(release): week 2024-21-v7.0 cherry pick
Refs: https://codeberg.org/forgejo/forgejo/pulls/3859
2024-06-03 09:12:49 +02:00
Earl Warren
eee908d02c
[skip ci] docs(release): week 2024-21 cherry pick
Refs: https://codeberg.org/forgejo/forgejo/pulls/3838
2024-06-03 09:11:17 +02:00
Earl Warren
d43ce30663
[skip ci] docs(release): week 2024-22 cherry pick
Refs: https://codeberg.org/forgejo/forgejo/pulls/3917
2024-06-03 08:24:21 +02:00
Earl Warren
bbdba70db6 Merge pull request 'fix(hook): repo admins are wrongly denied the right to force merge' (#3976) from earl-warren/forgejo:wip-admin-protection into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3976
Reviewed-by: Victoria <efertone@noreply.codeberg.org>
2024-06-02 19:48:44 +00:00
Earl Warren
09f3518069
fix(hook): repo admins are wrongly denied the right to force merge
The right to force merge is uses the wrong predicate and
applies to instance admins:

  ctx.user.IsAdmin

It must apply to repository admins and use the following predicate:

 ctx.userPerm.IsAdmin()

This regression is from the ApplyToAdmins implementation in
79b7089360.

Fixes: https://codeberg.org/forgejo/forgejo/issues/3780
2024-06-02 21:16:46 +02:00
Mai-Lapyst
56a6d3f77d
Adding release note for #3337 2024-06-02 06:04:53 +02:00
Earl Warren
f887972348 Merge pull request 'forgejo-federated-star: UI to define following repos' (#3886) from meissa/forgejo:forgejo-federated-pr5 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3886
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-31 15:57:17 +00:00
Michael Jerger
8aade372cb add a release note 2024-05-31 16:28:26 +02:00
Earl Warren
a1ef8eaf29 Merge pull request 'Disable self-registration by default on the install page' (#3934) from algernon/forgejo:abandon-all-registration-all-ye-who-enter-here into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3934
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-05-31 11:49:20 +00:00
Gergely Nagy
6b24a7919d
Add a release note about the previous changes
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-31 08:21:55 +02:00
Earl Warren
e417e424fa
Update module github.com/alecthomas/chroma/v2 to v2.14.0 (take 2)
Because the branch of the other PR was deleted by mistake.

Refs: https://codeberg.org/forgejo/forgejo/pulls/3922
2024-05-30 22:52:26 +02:00
Gergely Nagy
ade7304eea
migrations: Map non-existant external users to Ghost
When performing migrations, and need to remap external users to local
ones, when no local mapping is possible, map the external user to Ghost,
rather than the user who initiated the migration.

Mapping the external user to the migration initiator has the potential
of breaking assumptions elsewhere, like only having one review per pull
request per user. Mapping these migrated, locally unavailable users to
Ghost makes sure these - often hidden - assumptions do not break.

Fixes #3860.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-28 12:40:11 +02:00
Earl Warren
ff2a3f4e3a
fix(services): set SendNotificationEmailOnNewUser
regression from 767e9634d3. It changed
the parsing of the [admin] section from being derived from the content
of each key with mustMapSetting(rootCfg, "admin", &Admin) to
explicitly listing all keys in the code.

SEND_NOTIFICATION_EMAIL_ON_NEW_USER was not added and therefore
ignored. As a consequence notifications of newly registered users were
never sent.
2024-05-25 16:27:44 +02:00
0ko
da12320a0c Replace imgage diff png background pattern with gradient (#3870)
Made the checkerboard background be more flexible in terms of scale and coloring. Provides dark theme for image diff.

I suppose these colors should not be re-used for a color-picker for a example, because it's usually more convenient to always have it in the light mode.

## Test

* go to e6d3623c7e
* or migrate https://next.forgejo.org/image-test/image-diff to your local instance

## Before/after

![image](/attachments/3835a455-69e0-4aec-bc67-5b226d8016c1)

(Old any - New Forgejo dark - New Gitea dark - New Forgejo/Gitea light)

---

Gradient property is taken from [here](https://www.reddit.com/r/css/comments/u08pf3/how_to_make_a_checkerboard_using_background/).

[CSS compatibility](https://developer.mozilla.org/en-US/docs/Web/CSS/gradient/conic-gradient#browser_compatibility): about four years of browser versions.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3870
Reviewed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
2024-05-24 17:33:13 +00:00
oliverpool
4ffda656e8 mysql: use inner join for hook_task deletion
Attempt to fix #3678
2024-05-24 10:31:41 +02:00
Earl Warren
32222d7d0a Merge pull request '[BUG] Fix SourceHut Builds webhook with triggers field' (#3864) from oliverpool/forgejo:sourcehut_trigger into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3864
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-24 00:16:22 +00:00
Earl Warren
8cfe353061 Merge pull request 'Update module github.com/jhillyerd/enmime to v1.2.0' (#3791) from renovate/github.com-jhillyerd-enmime-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3791
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-23 10:21:31 +00:00
Earl Warren
ba6d5ae2af
chore(release-notes): enmime upgrade to v1.2.0
Refs: https://codeberg.org/forgejo/forgejo/pulls/3791
2024-05-23 11:44:26 +02:00
Earl Warren
c66c4d8fd5 Merge pull request 'Update module github.com/markbates/goth to v1.80.0' (#3808) from renovate/github.com-markbates-goth-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3808
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-23 09:26:08 +00:00
Earl Warren
f84235166e
chore(release-notes): goth upgrade to v1.80.0
Refs: https://codeberg.org/forgejo/forgejo/pulls/3808
2024-05-23 10:55:32 +02:00
oliverpool
0e479f3502 add release-notes 2024-05-22 12:59:41 +02:00
Earl Warren
ce0921d0c5
[skip ci] docs(release-notes): 7.0.3 2024-05-22 12:34:50 +02:00
Earl Warren
fb1338537b Merge pull request '[FEAT] Wiki Search' (#3847) from snematoda/wiki-search-grep into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3847
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-21 06:27:30 +00:00
Victoria Nadasdi
df0d1a2134 feat: parse prefix from redis URI for queues (#3836)
For security reasons, scoping access to a redis server via ACL rules is
a good practice. Some parts of the codebase handles prefix like cache[^1]
and session[^2], but the queue module doesn't.

This patch adds this missing functionality to the queue module.

Note about relevant test:
I tried to keep the PR as small as possible (and reasonable), and not
change how the test runs. Updated the existing test to use the same
redis address and basically duplicated the test with the extra flag. It
does NOT test if the keys are correct, it ensures only it works as
expected. To make assertions about the keys, the whole test has to be
updated as the general wrapper doesn't allow the main test to check
anything provider (redis) specific property. That's not something I
wanted to take on now.

[^1]: e4c3c039be/modules/cache/cache_redis.go (L139-L150)
[^2]: e4c3c039be/modules/session/redis.go (L122-L129)

Signed-off-by: Victoria Nadasdi <victoria@efertone.me>

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3836
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Victoria Nadasdi <victoria@efertone.me>
Co-committed-by: Victoria Nadasdi <victoria@efertone.me>
2024-05-20 14:10:54 +00:00
Shiny Nematoda
ec4f5495ba feat: wiki search using git-grep
+ add release note
2024-05-20 13:48:50 +00:00
Gergely Nagy
d6915f4d5f
badges: Relax the default workflow badge conditions
Previously, if no branch was explicitly specified for a workflow, it
defaulted to the default branch of the repo. This worked fine for
workflows that were triggered on push, but it prevented showing badges
for workflows that only run on tags, or on schedule - since they do not
run on a specific branch.

Thus, relax the conditions, and if no branch is specified, just return
the latest run of the given workflow. If one is specified, *then*
restrict it to said branch.

Fixes #3487.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-20 11:20:11 +02:00
Haoyuan (Bill) Xing
6cb8c81de1 Add minimal implementation for RubyGems compact index API. (#3811)
Current package registry for RubyGems does not work with Bundler, because it implements neither the [compact index](https://guides.rubygems.org/rubygems-org-compact-index-api/) or the [dependency API](https://guides.rubygems.org/rubygems-org-api/). As a result, bundler complains about finding non-existing dependencies when installing anything with dependency: `revealed dependencies not in the API or the lockfile`.

This patch provides a minimal implementation for the compact index API to solve this issue. Specifically, we implemented a version that does not cache the results / do incremental updates; which is consistent with the current implementation.

Testing:
  * Modified existing integration tests.
  * Manually Verified bundler is able to parse the served versions / info file.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3811
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Haoyuan (Bill) Xing <me@hoppinglife.com>
Co-committed-by: Haoyuan (Bill) Xing <me@hoppinglife.com>
2024-05-19 23:30:41 +00:00
Emmanuel BENOÎT
0801518f5d fix(actions): prevent deleted records' UUID from colliding with new records (#3830)
This commit changes the code that deletes a runner so it updates the UUID before deleting the record. The new UUID is set to 8 0xff bytes followed by a little endian version of the record's numeric ID. Such UUIDs cannot be created from tokens when registering runners, as the first 16 bytes of the token are in the `[0-9a-f]` range. This should prevent deleted runners from colliding with new records if the tokens share the same first 16 characters.

It is a possible solution to issue #3828

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3830
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Emmanuel BENOÎT <tseeker@nocternity.net>
Co-committed-by: Emmanuel BENOÎT <tseeker@nocternity.net>
2024-05-19 10:46:15 +00:00
Earl Warren
e47dd122f8
chore(release-notes): update dependency mermaid to v10.9.1
Refs: https://codeberg.org/forgejo/forgejo/pulls/3776
2024-05-16 15:34:17 +02:00
Shiny Nematoda
b6ca8abcfd [FEAT] support searching non default branches/tags when using git-grep (#3654)
resolves https://codeberg.org/forgejo/forgejo/pulls/3639#issuecomment-1806676 and https://codeberg.org/forgejo/forgejo/pulls/3513#issuecomment-1794990

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3654
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2024-05-14 15:41:03 +00:00
Earl Warren
1b3e6a4831 Merge pull request '[gitea] week 2024-20 cherry pick (gitea-github/main -> forgejo)' (#3729) from earl-warren/wcp/2024-20 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3729
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-05-14 12:23:10 +00:00
Earl Warren
d09a6d130c Merge pull request 'Update module github.com/go-enry/go-enry/v2 to v2.8.8' (#3723) from renovate/github.com-go-enry-go-enry-v2-2.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3723
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-13 18:28:44 +00:00
Earl Warren
48c18e17d5
chore(release-notes): go-enry v2.8.8
Refs: https://codeberg.org/forgejo/forgejo/pulls/3723
2024-05-13 17:32:28 +02:00
Earl Warren
337f4f9d87
Rename Str2html to SanitizeHTML and clarify its behavior (followup) (take 2)
In
  801792e4dc Rename Str2html to SanitizeHTML and clarify its behavior (followup)
the replacement was incorrect because
  c9d0e63c20  Remove unnecessary "Str2html" modifier from templates
was not applied and Str2html should have not been present in the first
place.

Fixes: https://codeberg.org/forgejo/forgejo/issues/3554
2024-05-13 17:05:03 +02:00
Earl Warren
81e3156f8b
chore(release-notes): [gitea] week 2024-20 cherry pick 2024-05-12 20:20:18 +02:00
Renovate Bot
8672ad12b1 Update module github.com/caddyserver/certmagic to v0.21.0 (#3724)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic) | require | minor | `v0.20.0` -> `v0.21.0` |

---

### Release Notes

<details>
<summary>caddyserver/certmagic (github.com/caddyserver/certmagic)</summary>

### [`v0.21.0`](https://github.com/caddyserver/certmagic/releases/tag/v0.21.0)

[Compare Source](https://github.com/caddyserver/certmagic/compare/v0.20.0...v0.21.0)

CertMagic v0.21 introduces some big changes:

-   Draft support for draft-03 of [ACME Renewal Information (ARI)](https://datatracker.ietf.org/doc/draft-ietf-acme-ari/) which assists with deciding when to renew certificates. This augments CertMagic's already-advanced logic using cert lifetime and OCSP/revocation status.
-   New [`ZeroSSLIssuer`](https://pkg.go.dev/github.com/caddyserver/certmagic@v0.21.0#ZeroSSLIssuer) uses the [ZeroSSL API](https://zerossl.com/documentation/api/) to get certificates. ZeroSSL also has an ACME endpoint, which can still be accesed using the existing ACMEIssuer, as always. Their proprietary API is paid, but has extra features like IP certificates, better reliability, and support.
-   DNS challenges should be smoother in some cases as we've improved propagation checking.
-   In the odd case your ACME account disappears from the ACME server, CertMagic will automatically retry with a new account. (This happens in some test/dev environments.)
-   ACME accounts are identified only by their public keys, but CertMagic maps accounts by CA+email for practical/storage reasons. So now you can "pin" an account key to use by specifying your email and the account public key in your config, which is useful if you need to absolutely be sure to use a specific account (like if you get rate limit exemptions from a CA).

Please try it out and report any issues!

Thanks to [@&#8203;Framer](https://github.com/Framer) for their contributions to this release!

#### What's Changed

-   Bump golang.org/x/crypto from 0.14.0 to 0.17.0 by [@&#8203;dependabot](https://github.com/dependabot) in https://github.com/caddyserver/certmagic/pull/264
-   Demote "storage cleaning happened too recently" from WARN to INFO by [@&#8203;francislavoie](https://github.com/francislavoie) in https://github.com/caddyserver/certmagic/pull/270
-   Check DNS propagation at authoritative nameservers only with default resolvers by [@&#8203;pgeh](https://github.com/pgeh) in https://github.com/caddyserver/certmagic/pull/274
-   Retry with new account if account disappeared remotely by [@&#8203;mholt](https://github.com/mholt) in https://github.com/caddyserver/certmagic/pull/269
-   Update readme examples to use TLS-ALPN const from ACMEz by [@&#8203;goksan](https://github.com/goksan) in https://github.com/caddyserver/certmagic/pull/277
-   Initial implementation of ZeroSSL API issuer by [@&#8203;mholt](https://github.com/mholt) in https://github.com/caddyserver/certmagic/pull/279
-   Allow deleting directories via FileStorage by [@&#8203;goksan](https://github.com/goksan) in https://github.com/caddyserver/certmagic/pull/282
-   Use the `email` configuration in the ACME issuer to "pin" an account to a key by [@&#8203;ankon](https://github.com/ankon) in https://github.com/caddyserver/certmagic/pull/283
-   Initial implementation of ARI by [@&#8203;mholt](https://github.com/mholt) in https://github.com/caddyserver/certmagic/pull/286

#### New Contributors

-   [@&#8203;pgeh](https://github.com/pgeh) made their first contribution in https://github.com/caddyserver/certmagic/pull/274
-   [@&#8203;goksan](https://github.com/goksan) made their first contribution in https://github.com/caddyserver/certmagic/pull/277

**Full Changelog**: https://github.com/caddyserver/certmagic/compare/v0.20.0...v0.21.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am" (UTC), Automerge - "before 4am" (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNTEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM1MS4yIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6W119-->

Co-authored-by: Earl Warren <contact@earl-warren.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3724
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-05-12 14:56:39 +00:00
Earl Warren
09855c0caf Merge pull request 'Add a release note for #3285' (#3697) from algernon/forgejo:release-notes/cloning-in-sshtyle into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3697
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-10 09:32:35 +00:00
Gergely Nagy
a5c038f5e8
Add a release note for #3464
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-10 09:39:52 +02:00
Gergely Nagy
9d1ceee797
Add a release note for #3285
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-10 09:32:07 +02:00
Gergely Nagy
9cb2aa989a
Teach activities.GetFeeds() how to avoid returning duplicates
Before explaining the fix itself, lets look at the `action` table, and
how it is populated. Data is only ever inserted into it via
`activities_model.NotifyWatchers`, which will:

- Insert a row for each activity with `UserID` set to the acting user's
  ID - this is the original activity, and is always inserted if anything
  is to be inserted at all.
- It will insert a copy of each activity with the `UserID` set to the
  repo's owner, if the owner is an Organization, and isn't the acting
  user.
- It will insert a copy of each activity for every watcher of the repo,
  as long as the watcher in question has read permission to the repo
  unit the activity is about.

This means that if a repository belongs to an organizations, for most
activities, it will have at least two rows in the table. For
repositories watched by people other than their owner, an additional row
for each watcher.

These are useful duplicates, because they record which activities are
relevant for a particular user. However, for cases where we wish to see
the activities that happen around a repository, without limiting the
results to a particular user, we're *not* interested in the duplicates
stored for the watchers and the org. We only need the originals.

And this is what this change does: it introduces an additional option to
`GetFeedsOptions`: `OnlyPerformedByActor`. When this option is set,
`activities.GetFeeds()` will only return the original activities, where
the user id and the acting user id are the same. As these are *always*
inserted, we're not missing out on any activities. We're just getting
rid of the duplicates. As this is an additional `AND` condition, it can
never introduce items that would not have been included in the result
set before, it can only reduce, not extend.

These duplicates were only affecting call sites where `RequestedRepo`
was set, but `RequestedUser` and `RequestedTeam` were not. Both of those
call sites were updated to set `OnlyPerformedByActor`. As a result,
repository RSS feeds, and the `/repos/{owner}/{repo}/activities/feeds`
API end points no longer return dupes, only the original activities.

Rather than hardcoding this behaviour into `GetFeeds()` itself, I chose
to implement it as an explicit option, for the sake of clarity.

Fixes Codeberg/Community#684, and addresses gitea#20986.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-09 18:33:33 +02:00
Gergely Nagy
f4dd53d79d Fix an incorrect form submission in repo-issue.js (#3675)
This fixes `initRepoPullRequestAllowMaintainerEdit()` to submit the form correctly (as a web form, rather than as JSON payload).

Fixes #3618, cherry picked from gitea#30854.

Co-Authored-By: wxiaoguang <wxiaoguang@gmail.com>

---

Manual testing steps:

- Open a PR against any repository, with the "Allow edits from maintainers" option checked.
- Open the developer console (`Ctrl-Shift-I` on Firefox), and look at the Network tab.
- Visit the PR, find the "Allow edits from maintainers" checkbox, and click it.
- See the developer console, and check that the response says the setting is false.
- Refresh the page *completely* (`Ctrl-Shift-R` on Firefox)
- Observe that the setting is off.
- Click the box again to enable it.
- See the developer console, and check that the response says the setting is true.
- Reload without cache again (`Ctrl-Shift-R` on Firefox)
- Observe that the setting is now on.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3675
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Co-committed-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-08 21:14:46 +00:00
Earl Warren
f3045f0519
fix(security): CVE-2024-24788 malformed DNS message
Refs: https://pkg.go.dev/vuln/GO-2024-2824
2024-05-08 14:25:08 +02:00