mirror of
1
Fork 0
Commit Graph

20730 Commits

Author SHA1 Message Date
Philip Peterson 03508b33a8
[FEAT] Allow pushmirror to use publickey authentication
- Continuation of https://github.com/go-gitea/gitea/pull/18835 (by
@Gusted, so it's fine to change copyright holder to Forgejo).
- Add the option to use SSH for push mirrors, this would allow for the
deploy keys feature to be used and not require tokens to be used which
cannot be limited to a specific repository. The private key is stored
encrypted (via the `keying` module) on the database and NEVER given to
the user, to avoid accidental exposure and misuse.
- CAVEAT: This does require the `ssh` binary to be present, which may
not be available in containerized environments, this could be solved by
adding a SSH client into forgejo itself and use the forgejo binary as
SSH command, but should be done in another PR.
- CAVEAT: Mirroring of LFS content is not supported, this would require
the previous stated problem to be solved due to LFS authentication (an
attempt was made at forgejo/forgejo#2544).
- Integration test added.
- Resolves #4416
2024-08-22 17:05:07 +02:00
Earl Warren 41d13ee44b
chore(dependency): use forgejo/act instead of gitea/act
The subset of ACT used by Forgejo was the same as Gitea until
https://code.forgejo.org/forgejo/act/pulls/45. Since it is now
different, use the Forgejo soft-fork instead of the Gitea soft-fork.

Refs: https://codeberg.org/forgejo/forgejo/issues/4789
2024-08-22 16:31:00 +02:00
Gusted 9eb22ddc19
[CHORE] Proper chunking for swagger
- Tell webpack to chunk the swagger-ui dependency, so it can be re-used for the
forgejo-swagger.js and swagger.js files (these two files are two
seperate javascript files in the output).
- This saves off 400KB when Forgejo is built with the `bindata` build
tag.
2024-08-22 15:48:05 +02:00
Earl Warren b670f111ff Merge pull request 'cron task to cleanup dangling container images with version sha256:*' (#4698) from earl-warren/forgejo:wip-container-cleanup into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4698
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-22 08:09:19 +00:00
Earl Warren 801ae21200 Merge pull request 'Forgejo v9.0 is GPLv3+' (#4737) from earl-warren/forgejo:wip-pr-4684 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4737
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-22 08:07:58 +00:00
Earl Warren f19f31ac73
cron task to cleanup dangling container images with version sha256:*
Fixes: https://codeberg.org/forgejo/forgejo/issues/4378
2024-08-22 09:10:15 +02:00
Twenty Panda 94631ccef6
Forgejo v9.0 is GPLv3+
* display Forgejo license first
* do not send go-license in a loop because Gitea & Forgejo have
  different licenses

Refs: 62ac0cc334/AGREEMENTS.md
2024-08-22 09:09:29 +02:00
Codeberg Translate d30be160c9 i18n: update of translations from Codeberg Translate (#4984)
Translations update from [Codeberg Translate](https://translate.codeberg.org) for [Forgejo/forgejo](https://translate.codeberg.org/projects/forgejo/forgejo/).

Current translation status:

![Weblate translation status](https://translate.codeberg.org/widget/forgejo/forgejo/horizontal-auto.svg)

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Localization
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4984): <!--number 4984 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
<!--end release-notes-assistant-->

Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: qui <qui@users.noreply.translate.codeberg.org>
Co-authored-by: hahahahacker2009 <hahahahacker2009@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: Outbreak2096 <Outbreak2096@users.noreply.translate.codeberg.org>
Co-authored-by: Wuzzy <Wuzzy@users.noreply.translate.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: fnetX <otto@codeberg.org>
Co-authored-by: Panagiotis \"Ivory\" Vasilopoulos <git@n0toose.net>
Co-authored-by: emansije <emansije@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4984
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
2024-08-22 06:23:28 +00:00
Renovate Bot 3dbeafa7ba Update module github.com/meilisearch/meilisearch-go to v0.28.0 2024-08-22 00:04:14 +00:00
Solomon Victorino a4814bca2d fix(ui): prevent exceptions on other users' repo migration pages
- don't expect the retry button to always be attached
- don't parse status response as JSON when it was a login redirect
- add E2E test
2024-08-21 19:57:08 +00:00
Gusted e3243a9465 Merge pull request 'feat(ui): Add `rel="nofollow"` to in-list labels' (#5002) from xlii/forgejo:forgejo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5002
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-21 19:54:59 +00:00
Gusted 0c2ec195e4 Merge pull request 'Update dependency eslint-plugin-no-jquery to v3 (forgejo)' (#5054) from renovate/forgejo-eslint-plugin-no-jquery-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5054
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-21 19:45:56 +00:00
Renovate Bot f0da48dd4d Update dependency eslint-plugin-no-jquery to v3 2024-08-21 16:18:41 +00:00
Gusted 61e018f8b4 Merge pull request '[SEC] Add `keying` module' (#5041) from gusted/sec-keying into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5041
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-21 15:19:44 +00:00
Gusted a054201e20 Merge pull request 'Fix naming consistency and remove unused strings in teams' (#5052) from 0ko/forgejo:i18n-admin into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5052
Reviewed-by: Otto <otto@codeberg.org>
2024-08-21 14:57:11 +00:00
Gusted f0fa959c4e Merge pull request 'fix: release: Forgejo version is not set' (#5042) from earl-warren/forgejo:wip-dockerfile into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5042
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-21 14:25:54 +00:00
Gusted eea9ba5bfb Merge pull request 'Update golang packages (forgejo) (minor)' (#5048) from renovate/forgejo-minor-1.23-golang-packages into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5048
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-21 14:17:43 +00:00
Gusted 12f97ef51f
[SEC] Add `keying` module
The keying modules tries to solve two problems, the lack of key
separation and the lack of AEAD being used for encryption. The currently
used `secrets` doesn't provide this and is hard to adjust to provide
this functionality.

For encryption, the additional data is now a parameter that can be used,
as the underlying primitive is an AEAD constructions. This allows for
context binding to happen and can be seen as defense-in-depth; it
ensures that if a value X is encrypted for context Y (e.g. ID=3,
Column="private_key") it will only decrypt if that context Y is also
given in the Decrypt function. This makes confused deputy attack harder
to exploit.[^1]

For key separation, HKDF is used to derives subkeys from some IKM, which
is the value of the `[service].SECRET_KEY` config setting. The context
for subkeys are hardcoded, any variable should be shuffled into the the
additional data parameter when encrypting.

[^1]: This is still possible, because the used AEAD construction is not
key-comitting. For Forgejo's current use-case this risk is negligible,
because the subkeys aren't known to a malicious user (which is required
for such attack), unless they also have access to the IKM (at which
point you can assume the whole system is compromised). See
https://scottarc.blog/2022/10/17/lucid-multi-key-deputies-require-commitment/
2024-08-21 16:06:17 +02:00
Otto 86be767939 Merge pull request 'Refactor some forms: semantic HTML, usability, accessibility, less JS' (#5031) from fnetx/css-only-hide into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5031
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-08-21 13:50:37 +00:00
0ko b65a1312b3 i18n(en): remove unused strings related to team permissions
Added in 72aa5a20ec.
Dropped in cb41f5cae1.
2024-08-21 18:41:07 +05:00
0ko a1c87db46f i18n(en): fix administrator access naming consistency 2024-08-21 18:39:51 +05:00
Otto Richter 83d2b3b7fa Implement CSS-only input toggling, refactor related forms
UX/Translation changes:

- new teams: remove redundant tooltips that don't add meaningful information
  - move general information to table fieldset
- new teams: rename "general" to "custom" access for clarity
- new teams: show labels beside options on mobile

Accessibility:

- semantic form elements allow easier navigation (fieldset, mostly)
- improve better labelling of new teams table
- fix accessibility scan issues
- TODO: the parts that "disable" form elements were not yet touched and
  are not really accessible to screenreaders

Technical:

- replace two JavaScript solutions with one CSS standard
- implement a simpler grid (.simple-grid)
- simplify markup
- remove some webhook settings specific CSS

Testing:

- check more form content for accessibility issues
- but exclude tooltips from the scan :(
- reuse existing form tests from previous PR
2024-08-21 15:03:19 +02:00
Otto c20c534b90 Merge pull request 'fix: validate title length when updating an issue' (#4809) from thilinajayanath/forgejo:validate-issue-title-update into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4809
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-21 12:55:26 +00:00
Renovate Bot df907ec7f9 Update golang packages 2024-08-21 09:58:16 +00:00
Earl Warren 6ea97ffe9b Merge pull request 'chore(renovate): fix grouping' (#5047) from viceice/forgejo:chore/renovate/grouping into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5047
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-21 09:45:34 +00:00
Michael Kriese d9d7f8dc92
chore(renovate): fix grouping 2024-08-21 11:27:19 +02:00
Michael Kriese f4b6da00fb Merge pull request 'chore(renovate): bump go version inside go.mod' (#5044) from viceice/forgejo:chore/renovate/gomod into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5044
2024-08-21 08:44:45 +00:00
Michael Kriese 171e4cc3be
chore(renovate): bump go version inside go.mod 2024-08-21 10:10:00 +02:00
thilinajayanath 1e922d906f validate the title length when updating an issue and add integration test for issue title update
using middleware validator to validate title length on update

use error name from binding package

add integration test for title update

rebase upstream and update test var name

fix test slice formatting

just a try (#1)

Reviewed-on: https://codeberg.org/thilinajayanath/forgejo/pulls/1
Co-authored-by: Otto Richter <git@otto.splvs.net>
Co-committed-by: Otto Richter <git@otto.splvs.net>

fix errors + add test for 255 char title

fix test domain

fix CSRF token error on test

updaate result struct that's used to decode the json response

add json tags for struct and check changed title when http 200 is received

try to decode the title if the request succeeded

add comment in integration test
2024-08-21 08:56:52 +02:00
Earl Warren 6c8d9823ac
fix: release: Forgejo version is not set
LDFLAGS="-buildid=" must be set in the environment so the Makefile
adds to it. Setting it via the make arguments overrides it and removes
the -X "main.*Version" arguments which are used to set the Forgejo
version of the binary.

Regression introduced in [CHORE] Support reproducible builds' (#4970)
2024-08-21 07:27:38 +02:00
Gusted 821875e057 Merge pull request 'Update dependency chart.js to v4.4.4 (forgejo)' (#5037) from renovate/forgejo-chart.js-4.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5037
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-21 03:17:48 +00:00
Gusted 35cc077d82 Merge pull request 'Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.60.2 (forgejo)' (#5039) from renovate/forgejo-github.com-golangci-golangci-lint-cmd-golangci-lint-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5039
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-21 03:13:43 +00:00
Renovate Bot 63faeb365c Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.60.2 2024-08-21 02:03:34 +00:00
Renovate Bot b8690562d2 Update dependency chart.js to v4.4.4 2024-08-21 00:03:20 +00:00
Gusted 5b81cab0ed Merge pull request '[CHORE] Support reproducible builds' (#4970) from gusted/forgejo-reproducible-builds into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4970
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Radosław Piliszek <radek@piliszek.it>
2024-08-20 18:14:33 +00:00
Gusted 68cc61b537
Add integration test 2024-08-20 19:09:22 +02:00
Gusted 9111eb3473 Merge pull request '[PORT] Fix overflow for images on project cards (gitea#31683)' (#5029) from gusted/forgejo-bp-gt-31683 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5029
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-08-20 16:11:42 +00:00
Gusted 0764b7c18b
[UI] Remove snapping for images on project cards
Remove the snapping of the images on the projects cards, the images are
way too small to notice that when scrolling you're being snapped to
these images and when you do notice it, it doesn't make sense as you
wouldn't expect it to be snapped.
2024-08-20 16:02:52 +02:00
Simon Priet 8e46efef95
[PORT] Scroll images in project issues separately from the remaining issue (gitea#31683)
As discussed in https://github.com/go-gitea/gitea/issues/31667 &
https://github.com/go-gitea/gitea/issues/26561, when a card on a Project
contains images, they can overflow the card on its containing column.
This aims to fix this issue via snapping scrollbars.

---
Conflict resolution: none

(cherry picked from commit fe7c9416777243264e8482d3af29e30c2b671074)
2024-08-20 15:54:22 +02:00
Otto d9ae23188f Merge pull request 'chore(renovate): F3 is under development, update quarterly' (#5025) from earl-warren/forgejo:wip-f3-renovate into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5025
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-20 13:52:38 +00:00
Otto 01a153555a Merge pull request 'chore(CODEOWNERS): @earl-warren watches over all PRs [skip ci]' (#5027) from earl-warren/forgejo:wip-codeowner into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5027
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-08-20 13:51:38 +00:00
Gusted f28cde134e Merge pull request '[UI] Adjust trailing EOL behavior for empty file' (#5013) from gusted/forgejo-adjust-eol into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5013
Reviewed-by: Otto <otto@codeberg.org>
2024-08-20 13:42:04 +00:00
Michael Kriese 0d45ed0faa Merge pull request 'chore(renovate): better linter and postcss grouping' (#5026) from viceice/forgejo:chore/renovate/grouping into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5026
2024-08-20 07:03:45 +00:00
Earl Warren c76a73ad35 Merge pull request '[gitea] week 2024-34 cherry pick (gitea/main -> forgejo)' (#4998) from earl-warren/wcp/2024-34 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4998
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-20 06:32:09 +00:00
Earl Warren 5a58741879
chore(CODEOWNERS): @earl-warren watches over all PRs
As I watch all PRs created daily, there is no need to rely on the
CODEOWNERS logic for me to be notified that it exists.
2024-08-20 08:24:48 +02:00
Michael Kriese bf609ce874
chore(renovate): better linter and postcss grouping 2024-08-20 08:14:08 +02:00
Earl Warren 0c2d527aec
chore(renovate): F3 is under development, update quarterly 2024-08-20 08:02:00 +02:00
Earl Warren 027a2fb0a4 Merge pull request 'Update dependency @axe-core/playwright to v4.10.0 (forgejo)' (#5021) from renovate/forgejo-axe-core-playwright-4.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5021
Reviewed-by: Otto <otto@codeberg.org>
2024-08-20 05:57:07 +00:00
Gusted 85cd07a263 Merge pull request 'Update dependency mini-css-extract-plugin to v2.9.1 (forgejo)' (#5020) from renovate/forgejo-mini-css-extract-plugin-2.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5020
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-20 00:43:37 +00:00
Renovate Bot 74ebb47509 Update dependency @axe-core/playwright to v4.10.0 2024-08-20 00:04:06 +00:00