mirror of
1
Fork 0
Commit Graph

4873 Commits

Author SHA1 Message Date
Marcell Mars 4eb8d8c496 OAuth2 provider: support for granular scopes
- `CheckOAuthAccessToken` returns both user ID and additional scopes
- `grantAdditionalScopes` returns AccessTokenScope ready string (grantScopes)
   compiled from requested additional scopes by the client
- `userIDFromToken` sets returned grantScopes (if any) instead of default `all`
2024-08-09 14:58:15 +02:00
Ivan Shapovalov 012a1e0497 log: journald integration (#2869)
Provide a bit more journald integration. Specifically:

- support emission of printk-style log level prefixes, documented in [`sd-daemon`(3)](https://man7.org/linux/man-pages/man3/sd-daemon.3.html#DESCRIPTION), that allow journald to automatically annotate stderr log lines with their level;
- add a new "journaldflags" item that is supposed to be used in place of "stdflags" when under journald to reduce log clutter (i. e. strip date/time info to avoid duplication, and use log level prefixes instead of textual log levels);
- detect whether stderr and/or stdout are attached to journald by parsing `$JOURNAL_STREAM` environment variable and adjust console logger defaults accordingly.

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/2869): <!--number 2869 --><!--line 0 --><!--description bG9nOiBqb3VybmFsZCBpbnRlZ3JhdGlvbg==-->log: journald integration<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2869
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Ivan Shapovalov <intelfx@intelfx.name>
Co-committed-by: Ivan Shapovalov <intelfx@intelfx.name>
2024-08-09 07:49:13 +00:00
Gusted bb448f3dc2
disallow javascript: URI in the repository description
- Fixes an XSS that was introduced in
https://codeberg.org/forgejo/forgejo/pulls/1433
- This XSS allows for `href`s in anchor elements to be set to a
`javascript:` uri in the repository description, which would upon
clicking (and not upon loading) the anchor element execute the specified
javascript in that uri.
- [`AllowStandardURLs`](https://pkg.go.dev/github.com/microcosm-cc/bluemonday#Policy.AllowStandardURLs) is now called for the repository description
policy, which ensures that URIs in anchor elements are `mailto:`,
`http://` or `https://` and thereby disallowing the `javascript:` URI.
It also now allows non-relative links and sets `rel="nofollow"` on
anchor elements.
- Unit test added.
2024-08-09 07:04:01 +02:00
Yaroslav Halchenko 5ae2dbcb14 Adjust codespell config + make it fix few typos which sneaked in since addition of codespell support (#4857)
Now that my colleague just posted a wonderful blog post https://blog.datalad.org/posts/forgejo-runner-podman-deployment/ on forgejo runner, some time I will try to add that damn codespell action to work on CI here ;)  meanwhile some typos managed to sneak in and this PR should address them (one change might be functional in a test -- not sure if would cause a fail or not)

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4857
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Yaroslav Halchenko <debian@onerussian.com>
Co-committed-by: Yaroslav Halchenko <debian@onerussian.com>
2024-08-08 16:07:35 +00:00
Shivaram Lingamneni 878c236f49 cherry-pick OIDC changes from gitea (#4724)
These are the three conflicted changes from #4716:

* https://github.com/go-gitea/gitea/pull/31632
* https://github.com/go-gitea/gitea/pull/31688
* https://github.com/go-gitea/gitea/pull/31706

cc @earl-warren; as per discussion on https://github.com/go-gitea/gitea/pull/31632 this involves a small compatibility break (OIDC introspection requests now require a valid client ID and secret, instead of a valid OIDC token)

## Checklist

The [developer guide](https://forgejo.org/docs/next/developer/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Breaking features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4724): <!--number 4724 --><!--line 0 --><!--description T0lEQyBpbnRlZ3JhdGlvbnMgdGhhdCBQT1NUIHRvIGAvbG9naW4vb2F1dGgvaW50cm9zcGVjdGAgd2l0aG91dCBzZW5kaW5nIEhUVFAgYmFzaWMgYXV0aGVudGljYXRpb24gd2lsbCBub3cgZmFpbCB3aXRoIGEgNDAxIEhUVFAgVW5hdXRob3JpemVkIGVycm9yLiBUbyBmaXggdGhlIGVycm9yLCB0aGUgY2xpZW50IG11c3QgYmVnaW4gc2VuZGluZyBIVFRQIGJhc2ljIGF1dGhlbnRpY2F0aW9uIHdpdGggYSB2YWxpZCBjbGllbnQgSUQgYW5kIHNlY3JldC4gVGhpcyBlbmRwb2ludCB3YXMgcHJldmlvdXNseSBhdXRoZW50aWNhdGVkIHZpYSB0aGUgaW50cm9zcGVjdGlvbiB0b2tlbiBpdHNlbGYsIHdoaWNoIGlzIGxlc3Mgc2VjdXJlLg==-->OIDC integrations that POST to `/login/oauth/introspect` without sending HTTP basic authentication will now fail with a 401 HTTP Unauthorized error. To fix the error, the client must begin sending HTTP basic authentication with a valid client ID and secret. This endpoint was previously authenticated via the introspection token itself, which is less secure.<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4724
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Shivaram Lingamneni <slingamn@cs.stanford.edu>
Co-committed-by: Shivaram Lingamneni <slingamn@cs.stanford.edu>
2024-08-08 06:32:14 +00:00
TheFox0x7 2e2a044493
Revert "Open telemetry integration (#3972)"
This reverts commit c738542201.
2024-08-07 11:22:43 +02:00
Aravinth Manivannan f9cbea3d6b feat: access ActivityPub client through interfaces to facilitate mocking in unit tests (#4853)
Was facing issues while writing unit tests for federation code. Mocks weren't catching all network calls, because was being out of scope of the mocking infra. Plus, I think we can have more granular tests.

This PR puts the client behind an interface, that can be retrieved from `ctx`. Context doesn't require initialization, as it defaults to the implementation available in-tree. It may be overridden when required (like testing).

## Mechanism

1. Get client factory from `ctx` (factory contains network and crypto parameters that are needed)
2. Initialize client with sender's keys and the receiver's public key
3. Use client as before.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4853
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
Co-committed-by: Aravinth Manivannan <realaravinth@batsense.net>
2024-08-07 05:45:24 +00:00
Gusted 05e163aaf3
[BUG] Render references to cross-repo issues with external issues
- If you have the external issue setting enabled, any reference would
have been rendered as an external issue, however this shouldn't be
happening to references that refer to issues in other repositories.
- Unit test added.
2024-08-07 03:19:26 +02:00
Shiny Nematoda 06d2e90fa4 feat: highlighted code search results (#4749)
closes #4534

<details>
<summary>Screenshots</summary>

![](https://codeberg.org/attachments/0ab8a7b0-6485-46dc-a730-c016abb1f287)
</details>

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4749
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2024-08-06 05:57:25 +00:00
Earl Warren 517637137c Merge pull request '[gitea] week 2024-32 cherry pick (gitea/main -> forgejo)' (#4801) from earl-warren/wcp/2024-32 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4801
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-06 05:47:20 +00:00
Earl Warren 6e98a57096 Merge pull request 'Implement an instance-wide activitypub actor' (#4811) from algernon/forgejo:to-be-or-not-to-be into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4811
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-05 14:23:02 +00:00
TheFox0x7 c738542201 Open telemetry integration (#3972)
This PR adds opentelemetry and chi wrapper to have basic instrumentation

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3972): <!--number 3972 --><!--line 0 --><!--description YWRkIHN1cHBvcnQgZm9yIGJhc2ljIHJlcXVlc3QgdHJhY2luZyB3aXRoIG9wZW50ZWxlbWV0cnk=-->add support for basic request tracing with opentelemetry<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3972
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>
Co-committed-by: TheFox0x7 <thefox0x7@gmail.com>
2024-08-05 06:04:39 +00:00
Gergely Nagy cd17eb0fa7
activitypub: Sign the Host header too
Mastodon with `AUTHORIZED_FETCH` enabled requires the `Host` header to
be signed too, add it to the default for `setting.Federation.GetHeaders`
and `setting.Federation.PostHeaders`.

For this to work, we need to sign the request later: not immediately
after `NewRequest`, but just before sending them out with `client.Do`.
Doing so also lets us use `setting.Federation.GetHeaders` (we were using
`.PostHeaders` even for GET requests before).

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-08-04 23:57:48 +02:00
Jason Song 0c40cff9a4
Clear up old Actions logs (#31735)
Part of #24256.

Clear up old action logs to free up storage space.

Users will see a message indicating that the log has been cleared if
they view old tasks.

<img width="1361" alt="image"
src="https://github.com/user-attachments/assets/9f0f3a3a-bc5a-402f-90ca-49282d196c22">

Docs: https://gitea.com/gitea/docs/pulls/40

---------

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 687c1182482ad9443a5911c068b317a91c91d586)

Conflicts:
	custom/conf/app.example.ini
	routers/web/repo/actions/view.go
  trivial context conflict
2024-08-04 18:24:10 +02:00
Jason Song f6b1407e4c
Add permission description for API to add repo collaborator (#31744)
Fix #31552.

(cherry picked from commit 333c9ed8cab961b6dd58b04edc47a57dc4d6dbab)
2024-08-04 18:24:10 +02:00
Jason Song 2302cf63c8
Distinguish LFS object errors to ignore missing objects during migration (#31702)
Fix #31137.

Replace #31623 #31697.

When migrating LFS objects, if there's any object that failed (like some
objects are losted, which is not really critical), Gitea will stop
migrating LFS immediately but treat the migration as successful.

This PR checks the error according to the [LFS api
doc](https://github.com/git-lfs/git-lfs/blob/main/docs/api/batch.md#successful-responses).

> LFS object error codes should match HTTP status codes where possible:
>
> - 404 - The object does not exist on the server.
> - 409 - The specified hash algorithm disagrees with the server's
acceptable options.
> - 410 - The object was removed by the owner.
> - 422 - Validation error.

If the error is `404`, it's safe to ignore it and continue migration.
Otherwise, stop the migration and mark it as failed to ensure data
integrity of LFS objects.

And maybe we should also ignore others errors (maybe `410`? I'm not sure
what's the difference between "does not exist" and "removed by the
owner".), we can add it later when some users report that they have
failed to migrate LFS because of an error which should be ignored.

(cherry picked from commit 09b56fc0690317891829906d45c1d645794c63d5)
2024-08-04 18:24:10 +02:00
Exploding Dragon f17194ca91 Arch packages implementation (#4785)
This PR is from https://github.com/go-gitea/gitea/pull/31037

This PR was originally created by @d1nch8g , and the original source code comes from https://ion.lc/core/gitea.

This PR adds a package registry for [Arch Linux](https://archlinux.org/) packages with support for package files, [signatures](https://wiki.archlinux.org/title/Pacman/Package_signing), and automatic [pacman-database](https://archlinux.org/pacman/repo-add.8.html) management.

Features:

1. Push any ` tar.zst ` package and Gitea sign it.
2. Delete endpoint for specific package version and all related files
3. Supports trust levels with `SigLevel = Required`.
4. Package UI with instructions to connect to the new pacman database and visualised package metadata

![](/attachments/810ca6df-bd20-44c2-bdf7-95e94886d750)

You can follow [this tutorial](https://wiki.archlinux.org/title/Creating_packages) to build a *.pkg.tar.zst package for testing

docs pr: https://codeberg.org/forgejo/docs/pulls/791

Co-authored-by: d1nch8g@ion.lc
Co-authored-by: @KN4CK3R
Co-authored-by: @mahlzahn
Co-authored-by: @silverwind
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4785
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
Co-committed-by: Exploding Dragon <explodingfkl@gmail.com>
2024-08-04 06:16:29 +00:00
Gergely Nagy e1fe3bbdc0
feat(quota): Humble beginnings of a quota engine
This is an implementation of a quota engine, and the API routes to
manage its settings. This does *not* contain any enforcement code: this
is just the bedrock, the engine itself.

The goal of the engine is to be flexible and future proof: to be nimble
enough to build on it further, without having to rewrite large parts of
it.

It might feel a little more complicated than necessary, because the goal
was to be able to support scenarios only very few Forgejo instances
need, scenarios the vast majority of mostly smaller instances simply do
not care about. The goal is to support both big and small, and for that,
we need a solid, flexible foundation.

There are thee big parts to the engine: counting quota use, setting
limits, and evaluating whether the usage is within the limits. Sounds
simple on paper, less so in practice!

Quota counting
==============

Quota is counted based on repo ownership, whenever possible, because
repo owners are in ultimate control over the resources they use: they
can delete repos, attachments, everything, even if they don't *own*
those themselves. They can clean up, and will always have the permission
and access required to do so. Would we count quota based on the owning
user, that could lead to situations where a user is unable to free up
space, because they uploaded a big attachment to a repo that has been
taken private since. It's both more fair, and much safer to count quota
against repo owners.

This means that if user A uploads an attachment to an issue opened
against organization O, that will count towards the quota of
organization O, rather than user A.

One's quota usage stats can be queried using the `/user/quota` API
endpoint. To figure out what's eating into it, the
`/user/repos?order_by=size`, `/user/quota/attachments`,
`/user/quota/artifacts`, and `/user/quota/packages` endpoints should be
consulted. There's also `/user/quota/check?subject=<...>` to check
whether the signed-in user is within a particular quota limit.

Quotas are counted based on sizes stored in the database.

Setting quota limits
====================

There are different "subjects" one can limit usage for. At this time,
only size-based limits are implemented, which are:

- `size:all`: As the name would imply, the total size of everything
  Forgejo tracks.
- `size:repos:all`: The total size of all repositories (not including
  LFS).
- `size:repos:public`: The total size of all public repositories (not
  including LFS).
- `size:repos:private`: The total size of all private repositories (not
  including LFS).
- `size:git:all`: The total size of all git data (including all
  repositories, and LFS).
- `size:git:lfs`: The size of all git LFS data (either in private or
  public repos).
- `size:assets:all`: The size of all assets tracked by Forgejo.
- `size:assets:attachments:all`: The size of all kinds of attachments
  tracked by Forgejo.
- `size:assets:attachments:issues`: Size of all attachments attached to
  issues, including issue comments.
- `size:assets:attachments:releases`: Size of all attachments attached
  to releases. This does *not* include automatically generated archives.
- `size:assets:artifacts`: Size of all Action artifacts.
- `size:assets:packages:all`: Size of all Packages.
- `size:wiki`: Wiki size

Wiki size is currently not tracked, and the engine will always deem it
within quota.

These subjects are built into Rules, which set a limit on *all* subjects
within a rule. Thus, we can create a rule that says: "1Gb limit on all
release assets, all packages, and git LFS, combined". For a rule to
stand, the total sum of all subjects must be below the rule's limit.

Rules are in turn collected into groups. A group is just a name, and a
list of rules. For a group to stand, all of its rules must stand. Thus,
if we have a group with two rules, one that sets a combined 1Gb limit on
release assets, all packages, and git LFS, and another rule that sets a
256Mb limit on packages, if the user has 512Mb of packages, the group
will not stand, because the second rule deems it over quota. Similarly,
if the user has only 128Mb of packages, but 900Mb of release assets, the
group will not stand, because the combined size of packages and release
assets is over the 1Gb limit of the first rule.

Groups themselves are collected into Group Lists. A group list stands
when *any* of the groups within stand. This allows an administrator to
set conservative defaults, but then place select users into additional
groups that increase some aspect of their limits.

To top it off, it is possible to set the default quota groups a user
belongs to in `app.ini`. If there's no explicit assignment, the engine
will use the default groups. This makes it possible to avoid having to
assign each and every user a list of quota groups, and only those need
to be explicitly assigned who need a different set of groups than the
defaults.

If a user has any quota groups assigned to them, the default list will
not be considered for them.

The management APIs
===================

This commit contains the engine itself, its unit tests, and the quota
management APIs. It does not contain any enforcement.

The APIs are documented in-code, and in the swagger docs, and the
integration tests can serve as an example on how to use them.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-08-02 11:10:34 +02:00
Exploding Dragon 471265c4e0 Add signature support for the RPM module (#4780)
This pull request comes from https://github.com/go-gitea/gitea/pull/27069.

If the rpm package does not contain a matching gpg signature, the installation will fail. See ([gitea/gitea#27031](https://github.com/go-gitea/gitea/issues/27031)) , now auto-signing all new rpm uploads.

This option is turned off by default for compatibility.

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4780): <!--number 4780 --><!--line 0 --><!--description QWRkIHNpZ25hdHVyZSBzdXBwb3J0IGZvciB0aGUgUlBNIG1vZHVsZQ==-->Add signature support for the RPM module<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4780
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
Co-committed-by: Exploding Dragon <explodingfkl@gmail.com>
2024-08-02 05:56:57 +00:00
0ko ca5a5bf120 feat: allow color and background-color style properties for table cells (#4766)
* Allow adding text color and background color to HTML table headers and cells in markdown.
* Added a few test cases.

Preview and example: https://codeberg.org/attachments/98634f30-4fa2-4a76-adb3-6086af73744f

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4766
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-31 18:48:46 +00:00
TheFox0x7 4de909747b Add testifylint to lint checks (#4535)
go-require lint is ignored for now

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4535
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>
Co-committed-by: TheFox0x7 <thefox0x7@gmail.com>
2024-07-30 19:41:10 +00:00
Earl Warren 94933470cd Merge pull request 'Implement external release assets' (#1445) from maltejur/forgejo:forgejo-external-attachments into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1445
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-30 15:50:57 +00:00
Malte Jürgens a61e7c7a39
Implement external assets 2024-07-29 20:35:55 +02:00
Kemal Zebari f61873c7e4
Properly filter issue list given no assignees filter (#31522)
Quick fix #31520. This issue is related to #31337.

(cherry picked from commit c0b5a843badf7afa1f1aeb8f41cac87806ee188e)
2024-07-28 07:24:21 +02:00
Earl Warren 14d079a1eb Merge pull request '[FEAT] Enable `INVALIDATE_REFRESH_TOKENS`' (#4633) from gusted/sec-oauth into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4633
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-23 20:45:22 +00:00
Earl Warren ded237ee77 Merge pull request '[gitea] week 2024-30 cherry pick (gitea/main -> forgejo)' (#4607) from algernon/wcp/2024-30 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4607
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-23 16:01:28 +00:00
Gusted 89b1723d35
[FEAT] Enable `INVALIDATE_REFRESH_TOKENS`
- It's possible to detect if refresh tokens are used more than once, if
it's used more than it's a indication of a replay attack and it should
invalidate the associated access token. This behavior is controlled by
the `INVALIDATE_REFRESH_TOKENS` setting.
- Altough in a normal scenario where TLS is being used, it should be
very hard to get to situation where replay attacks are being used, but
this is better safe than sorry.
- Enable `INVALIDATE_REFRESH_TOKENS` by default.
2024-07-22 20:45:13 +02:00
0ko de24846309 Merge pull request 'Allow .webp attachments by default' (#4605) from 0ko/forgejo:webp into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4605
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-22 15:34:32 +00:00
0ko e819c1622e i18n: restore Malayalam and Serbian files, remove ml-IN from the language selector (#4576)
* Closes https://codeberg.org/forgejo/forgejo/issues/4563
* A followup to my 2024-February investigation in the Localization room

* Restore Malayalam and Serbian locales that were deleted in 067b0c2664 and f91092453e. Bulgarian was also deleted, but we already have better Bulgarian translation.
* Remove ml-IN from the language selector. It was not usable for 1.5 years, has ~18% completion and was not maintained in those ~1.5 years. It could also have placeholder bugs due to refactors.

Restoring files gives the translators a base to work with and makes the project advertised on Weblate homepage for logged in users in the Suggestions tab. Unlike Gitea, we store our current translations directly in the repo and not on a separate platform, so it makes sense to add these files back.
Removing selector entry avoids bugs and user confusion. I will make a followup for the documentation.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4576
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-22 14:08:15 +00:00
6543 004cc6dc0a
Add option to change mail from user display name (#31528)
Make it posible to let mails show e.g.:

`Max Musternam (via gitea.kithara.com) <gitea@kithara.com>`

Docs: https://gitea.com/gitea/docs/pulls/23

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit 0f533241829d0d48aa16a91e7dc0614fe50bc317)

Conflicts:
	- services/mailer/mail_release.go
	  services/mailer/mail_test.go

	  In both cases, applied the changes manually.
2024-07-22 15:44:13 +02:00
6543 d0227c236a
Issue Templates: add option to have dropdown printed list (#31577)
Issue template dropdown can have many entries, and it could be better to
have them rendered as list later on if multi-select is enabled.

so this adds an option to the issue template engine to do so.

DOCS: https://gitea.com/gitea/docs/pulls/19

---

## demo:

```yaml
name: Name
title: Title
about: About
labels: ["label1", "label2"]
ref: Ref
body:
  - type: dropdown
    id: id6
    attributes:
      label: Label of dropdown (list)
      description: Description of dropdown
      multiple: true
      list: true
      options:
        - Option 1 of dropdown
        - Option 2 of dropdown
        - Option 3 of dropdown
        - Option 4 of dropdown
        - Option 5 of dropdown
        - Option 6 of dropdown
        - Option 7 of dropdown
        - Option 8 of dropdown
        - Option 9 of dropdown
```

![image](https://github.com/user-attachments/assets/102ed0f4-89da-420b-ab2a-1788b59676f9)

![image](https://github.com/user-attachments/assets/a2bdb14e-43ff-4cc6-9bbe-20244830453c)

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit 1064e817c4a6fa6eb5170143150505503c4ef6ed)
2024-07-22 15:44:13 +02:00
0ko 78a0ca1c9d feat: allow .webp attachments by default 2024-07-21 13:01:08 +05:00
Gusted efd63ec1d8
[BUG] Don't panic on empty blockquote
- On a empty blockquote the callout feature would panic, as it expects
to always have at least one child.
- This panic cannot result in a DoS, because any panic that happens
while rendering any markdown input will be recovered gracefully.
- Adds a simple condition to avoid this panic.
2024-07-21 01:10:20 +02:00
TheFox0x7 3fca6c0bf5
test: enforce tenv usage in tests 2024-07-17 23:07:41 +02:00
Earl Warren 8901fac2bf
Revert "update redis mock"
This reverts commit dd9f885293.
2024-07-17 06:36:36 +02:00
Gusted 45401e044f
[CHORE] Update jsonschema library to v6
- Update the `github.com/santhosh-tekuri/jsonschema` library from v5 to
v6.
- Update the migration loader function to a type, which is now required
in V6.
- `github.com/santhosh-tekuri/jsonschema/v6` was already used by gof3,
so removing the v5 library and using the v6 library reduces the binary
size of Forgejo.
  - Before: 95912040 bytes
  - After: 95706152 bytes
2024-07-15 17:20:50 +02:00
Victoria Nadasdi dd9f885293
update redis mock
Signed-off-by: Victoria Nadasdi <victoria@efertone.me>
2024-07-13 11:11:45 +02:00
Earl Warren 4f6c823ae7 Merge pull request '[gitea] week 2024-28 cherry pick (gitea/main -> forgejo)' (#4391) from earl-warren/wcp/2024-28 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4391
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-09 05:37:52 +00:00
Brecht Van Lommel 33f9fb8150
Fix slow patch checking with commits that add or remove many files (#31548)
Running git update-index for every individual file is slow, so add and
remove everything with a single git command.

When such a big commit lands in the default branch, it could cause PR
creation and patch checking for all open PRs to be slow, or time out
entirely. For example, a commit that removes 1383 files was measured to
take more than 60 seconds and timed out. With this change checking took
about a second.

This is related to #27967, though this will not help with commits that
change many lines in few files.

(cherry picked from commit b88e5fc72d99e9d4a0aa9c13f70e0a9e967fe057)
2024-07-07 07:33:01 +02:00
charles f92591b825
Fix markdown preview $$ support (#31514)
close #31481

currently `$$A + B$$ test` will ignore text after $$ block

test text

![圖片](https://github.com/go-gitea/gitea/assets/30816317/39b2974b-c0b6-48a0-87d0-5f4a13615eed)

before fix

![圖片](https://github.com/go-gitea/gitea/assets/30816317/15469e4c-474d-4128-b46f-d6cadaafbd68)

after fix

![圖片](https://github.com/go-gitea/gitea/assets/30816317/c1025eef-177f-4ade-988f-510e7039f3f9)

github display

![圖片](https://github.com/go-gitea/gitea/assets/30816317/97cd1e10-ac94-4899-86d8-8e359ef1d694)

(cherry picked from commit f0033051d5ce07f5a18d2aacef6bfdca5fc69014)
2024-07-07 07:29:49 +02:00
Gusted cf8f26d616
[CHORE] Remove github.com/yuin/goldmark-meta
- Remove a unused dependency. This dependency was added to handle YAML
'frontmatter' meta, parsing them and converting them to a table or
details in the resulting HTML. As can be read in the issue that reported
the behavior of YAML frontmatter being rendered literally,
https://github.com/go-gitea/gitea/issues/5377.
- It's an unused dependency as the codebase since then moved on to do this YAML
parsing and rendering on their own, this was implemented in
812cfd0ad9.
- Adds unit tests that was related to this functionality, to proof the
codebase already handles this and to prevent regressions.
2024-07-07 03:18:13 +02:00
Gusted 3eb178db49
[CHORE] Update terminal-to-html dependency
- Update the `github.com/buildkite/terminal-to-html/v3` dependency from
version v3.10.1 to v3.13.0.
- Version v3.12.0 introduced an incompatible change, the return type of
`AsHTML` changed from `[]byte` to `string`. That same version also
introduced streaming mode
https://github.com/buildkite/terminal-to-html/pull/126, which allows us
to avoid reading the whole input into memory.
- Closes #4313
2024-07-04 23:41:17 +02:00
Earl Warren 11596374ba
test: remove performance sensitive test
A test must not fail depending on the performance of the machine it
runs on. It creates false negative and serves no purpose. These are
not benchmark tests for the hardware running them.
2024-07-04 07:03:54 +02:00
Twenty Panda 5561e80b04 fix(hook): ignore unknown push options instead of failing
If a repository has

git config --add push.pushOption submit=".sourcehut/*.yml"

it failed when pushed because of the unknown submit push
option. It will be ignored instead.

Filtering out the push options is done in an earlier stage, when the
hook command runs, before it submits the options map to the private
endpoint.

* move all the push options logic to modules/git/pushoptions
* add 100% test coverage for modules/git/pushoptions

Test coverage for the code paths from which code was moved to the
modules/git/pushoptions package:

* cmd/hook.go:runHookPreReceive
* routers/private/hook_pre_receive.go:validatePushOptions
  tests/integration/git_push_test.go:TestOptionsGitPush runs through
  both. The test verifying the option is rejected was removed and, if
  added again, will fail because the option is now ignored instead of
  being rejected.

* cmd/hook.go:runHookProcReceive
* services/agit/agit.go:ProcReceive
  tests/integration/git_test.go: doCreateAgitFlowPull runs through
  both. It uses variations of AGit related push options.

* cmd/hook.go:runHookPostReceive
* routers/private/hook_post_receive.go:HookPostReceive
  tests/integration/git_test.go:doPushCreate called by TestGit/HTTP/sha1/PushCreate
  runs through both.
  Note that although it provides coverage for this code path it does not use push options.

Fixes: https://codeberg.org/forgejo/forgejo/issues/3651
2024-07-02 21:39:01 +02:00
Earl Warren c7bb90bc6b Merge pull request '[gitea] week 2024-27 cherry pick (gitea/main -> forgejo)' (#4266) from earl-warren/wcp/2024-27 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4266
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-02 08:29:04 +00:00
Mai-Lapyst 9b225b56a9
Fixes git references wrongly transmitted to the action run 2024-06-30 06:17:40 +02:00
Royce Remer 45181ee945
Support legacy _links LFS batch responses (#31513)
Support legacy _links LFS batch response.

Fixes #31512.

This is backwards-compatible change to the LFS client so that, upon
mirroring from an upstream which has a batch api, it can download
objects whether the responses contain the `_links` field or its
successor the `actions` field. When Gitea must fallback to the legacy
`_links` field a logline is emitted at INFO level which looks like this:
```
...s/lfs/http_client.go:188:performOperation() [I] <LFSPointer ee95d0a27ccdfc7c12516d4f80dcf144a5eaf10d0461d282a7206390635cdbee:160> is using a deprecated batch schema response!
```

I've only run `test-backend` with this code, but added a new test to
cover this case. Additionally I have a fork with this change deployed
which I've confirmed syncs LFS from Gitea<-Artifactory (which has legacy
`_links`) as well as from Gitea<-Gitea (which has the modern `actions`).

Signed-off-by: Royce Remer <royceremer@gmail.com>
(cherry picked from commit df805d6ed0458dbec258d115238fde794ed4d0ce)
2024-06-29 07:56:18 +02:00
Mai-Lapyst 51735c415b Add support for workflow_dispatch (#3334)
Closes #2797

I'm aware of https://github.com/go-gitea/gitea/pull/28163 exists, but since I had it laying around on my drive and collecting dust, I might as well open a PR for it if anyone wants the feature a bit sooner than waiting for upstream to release it or to be a forgejo "native" implementation.

This PR Contains:
- Support for the `workflow_dispatch` trigger
- Inputs: boolean, string, number, choice

Things still to be done:
- [x] API Endpoint `/api/v1/<org>/<repo>/actions/workflows/<workflow id>/dispatches`
- ~~Fixing some UI bugs I had no time figuring out, like why dropdown/choice inputs's menu's behave weirdly~~ Unrelated visual bug with dropdowns inside dropdowns
- [x] Fix bug where opening the branch selection submits the form
- [x] Limit on inputs to render/process

Things not in this PR:
- Inputs: environment (First need support for environments in forgejo)

Things needed to test this:
- A patch for https://code.forgejo.org/forgejo/runner to actually consider the inputs inside the workflow.
  ~~One possible patch can be seen here: https://code.forgejo.org/Mai-Lapyst/runner/src/branch/support-workflow-inputs~~
  [PR](https://code.forgejo.org/forgejo/runner/pulls/199)

![image](/attachments/2db50c9e-898f-41cb-b698-43edeefd2573)

## Testing

- Checkout PR
- Setup new development runner with [this PR](https://code.forgejo.org/forgejo/runner/pulls/199)
- Create a repo with a workflow (see below)
- Go to the actions tab, select the workflow and see the notice as in the screenshot above
- Use the button + dropdown to run the workflow
  - Try also running it via the api using the `` endpoint
- ...
- Profit!

<details>
<summary>Example workflow</summary>

```yaml
on:
  workflow_dispatch:
    inputs:
      logLevel:
        description: 'Log Level'
        required: true
        default: 'warning'
        type: choice
        options:
        - info
        - warning
        - debug
      tags:
        description: 'Test scenario tags'
        required: false
        type: boolean
      boolean_default_true:
        description: 'Test scenario tags'
        required: true
        type: boolean
        default: true
      boolean_default_false:
        description: 'Test scenario tags'
        required: false
        type: boolean
        default: false
      number1_default:
        description: 'Number w. default'
        default: '100'
        type: number
      number2:
        description: 'Number w/o. default'
        type: number
      string1_default:
        description: 'String w. default'
        default: 'Hello world'
        type: string
      string2:
        description: 'String w/o. default'
        required: true
        type: string

jobs:
  test:
    runs-on: docker
    steps:
      - uses: actions/checkout@v3
      - run: whoami
      - run: cat /etc/issue
      - run: uname -a
      - run: date
      - run: echo ${{ inputs.logLevel }}
      - run: echo ${{ inputs.tags }}
      - env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"
      - run: echo "abc"
```
</details>

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3334
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Co-committed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
2024-06-28 05:17:11 +00:00
charles b53be9d45c
Fix markdown math brackets render problem (#31420)
Close #31371, support `($ ... $)` like GitHub

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 90a3c20e7996e2db577a51d37f2190e2e990a22a)

Conflicts:
	modules/markup/markdown/markdown_test.go
	trivial context conflict
2024-06-23 12:40:06 +02:00
Tobias Balle-Petersen cdefd617d0
Increase max length of org team names from 30 to 255 characters (#31410)
This PR modifies the structs for editing and creating org teams to allow
team names to be up to 255 characters. The previous maximum length was
30 characters.

(cherry picked from commit 1c26127b520858671ce257c7c9ab978ed1e95252)
2024-06-23 12:21:38 +02:00
wxiaoguang 75bbca68ce
Refactor markup code (#31399)
1. use clearer names
2. remove deadcode
3. avoid name shadowing
4. eliminate some lint warnings

(cherry picked from commit 5a7376c0605415e63cb5b3b8f89ead01e567229b)

Conflicts:
	modules/markup/html.go
	simple code divergence, trivial logic
2024-06-23 11:53:36 +02:00
Earl Warren 9c48511c69
[PORT] Add cache test for admins (#31265)
* the cache was not refactored in Forgejo
* fix the test modifying a global variable
2024-06-23 11:38:35 +02:00
6543 77da92f42a
Add cache test for admins (#31265)
Add a test to probe the cache similar to the email test func.

![image](https://github.com/go-gitea/gitea/assets/24977596/700e2733-586d-4091-900f-f5f71e6e94bf)

![image](https://github.com/go-gitea/gitea/assets/24977596/2a953802-18fc-4e81-a37d-24ebe1297365)

![image](https://github.com/go-gitea/gitea/assets/24977596/e00d62ad-bb60-41cc-9138-09993daee156)

---------

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 363c1235987793dffa5cc851aaae585eb81f091e)

Conflicts:
	options/locale/locale_en-US.ini
	templates/admin/self_check.tmpl
	trivial context conflict
2024-06-23 11:27:03 +02:00
Earl Warren 328b5d79d3 Merge pull request '[gitea] week 2024-25 cherry pick (gitea/main -> forgejo)' (#4145) from earl-warren/wcp/2024-25 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4145
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-06-18 07:56:20 +00:00
Lunny Xiao 8efef06fb1 fix(repository): git push to an adopted repository fails
Fix adopt repository has empty object name in database (#31333)

Fix #31330
Fix #31311

A workaround to fix the old database is to update object_format_name to
`sha1` if it's empty or null.

(cherry picked from commit 1968c2222dcf47ebd1697afb4e79a81e74702d31)

With tests services/repository/adopt_test.go
2024-06-16 19:06:06 +02:00
Zoupers Zou baad8337f9
Fix #31185 try fix lfs download from bitbucket failed (#31201)
Fix #31185

(cherry picked from commit e25d6960b5749fbf7f88ebb6b27878c0459817da)
2024-06-16 13:42:59 +02:00
mzroot ff43d02803
Add tag protection via rest api #17862 (#31295)
Add tag protection manage via rest API.

---------

Co-authored-by: Alexander Kogay <kogay.a@citilink.ru>
Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit d4e4226c3cbfa62a6adf15f4466747468eb208c7)

Conflicts:
	modules/structs/repo_tag.go
	trivial context conflict
	templates/swagger/v1_json.tmpl
	fixed with make generate-swagger
2024-06-16 13:42:59 +02:00
KN4CK3R 7fa7ec0891
Extract and display readme and comments for Composer packages (#30927)
Related #30075

CC @thojo0

Example with rendered readme:

![grafik](https://github.com/go-gitea/gitea/assets/1666336/3516fef5-2631-40fd-8841-5d9894ec8904)

(cherry picked from commit 4e7b067a7fdfb3e2c8dfdf87475e3938051fd400)
2024-06-16 13:42:59 +02:00
Lunny Xiao 9aa3ae955f
Fix bug filtering issues which have no project (#31337)
Fix #31327
This is a quick patch to fix the bug.
Some parameters are using 0, some are using -1. I think it needs a
refactor to keep consistent. But that will be another PR.

(cherry picked from commit e4abaff7ffbbc5acd3aa668a9c458fbdf76f9573)
2024-06-16 13:42:59 +02:00
Oleksandr Redko b640ac4660
Refactor to use UnsafeStringToBytes (#31358)
The PR replaces all `goldmark/util.BytesToReadOnlyString` with
`util.UnsafeBytesToString`, `goldmark/util.StringToReadOnlyBytes` with
`util.UnsafeStringToBytes`. This removes one `TODO`.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 1761459ebc7eb6d432eced093b4583425a5c5d4b)
2024-06-16 13:42:58 +02:00
Lunny Xiao 62ed5f2db5
Fix hash render end with colon (#31319)
Fix a hash render problem like `<hash>: xxxxx` which is usually used in
release notes.

(cherry picked from commit 7115dce773e3021b3538ae360c4e7344d5bbf45b)
2024-06-16 13:42:58 +02:00
Lunny Xiao 80357bbcb3
Fix adopt repository has empty object name in database (#31333)
Fix #31330
Fix #31311

A workaround to fix the old database is to update object_format_name to
`sha1` if it's empty or null.

(cherry picked from commit 1968c2222dcf47ebd1697afb4e79a81e74702d31)
2024-06-16 13:42:58 +02:00
silverwind d8bc0495de
Enable `unparam` linter (#31277)
Enable [unparam](https://github.com/mvdan/unparam) linter.

Often I could not tell the intention why param is unused, so I put
`//nolint` for those cases like webhook request creation functions never
using `ctx`.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit fc2d75f86d77b022ece848acf2581c14ef21d43b)

Conflicts:
	modules/setting/config_env.go
	modules/storage/azureblob.go
	services/webhook/dingtalk.go
	services/webhook/discord.go
	services/webhook/feishu.go
	services/webhook/matrix.go
	services/webhook/msteams.go
	services/webhook/packagist.go
	services/webhook/slack.go
	services/webhook/telegram.go
	services/webhook/wechatwork.go

	run make lint-go and fix Forgejo specific warnings
2024-06-16 13:42:58 +02:00
Earl Warren 50afca7961
fix(f3): do not run the F3 CLI if F3 is disabled 2024-06-16 13:33:33 +02:00
wxiaoguang 20ca5e37e9
Delete legacy cookie before setting new cookie (#31306)
Try to fix #31202

(cherry picked from commit 5342a61124bf2d4fbe4c1d560b13866198149ac9)
2024-06-16 08:21:32 +02:00
Shiny Nematoda d6abb363f6 FIX: use proper time format (activitypub/client) (#4132)
use proper http time format than replacing with GMT in time.RFC1123 =)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4132
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2024-06-14 15:22:37 +00:00
Earl Warren e99d3f7055
feat(F3): CLI: f3 mirror to convert to/from Forgejo
feat(F3): driver stub

feat(F3): util.Logger

feat(F3): driver compliance tests

feat(F3): driver/users implementation

feat(F3): driver/user implementation

feat(F3): driver/{projects,project} implementation

feat(F3): driver/{labels,label} implementation

feat(F3): driver/{milestones,milestone} implementation

feat(F3): driver/{repositories,repository} implementation

feat(F3): driver/{organizations,organization} implementation

feat(F3): driver/{releases,release} implementation

feat(F3): driver/{issues,issue} implementation

feat(F3): driver/{comments,comment} implementation

feat(F3): driver/{assets,asset} implementation

feat(F3): driver/{pullrequests,pullrequest} implementation

feat(F3): driver/{reviews,review} implementation

feat(F3): driver/{topics,topic} implementation

feat(F3): driver/{reactions,reaction} implementation

feat(F3): driver/{reviewComments,reviewComment} implementation

feat(F3): CLI: f3 mirror

chore(F3): move to code.forgejo.org

feat(f3): upgrade to gof3 3.1.0

repositories in pull requests are represented with a reference instead
of an owner/project pair of names
2024-06-14 12:52:12 +02:00
Henrique Pimentel 433b6c6910
Add `MAX_ROWS` option for CSV rendering (#30268)
This solution implements a new config variable MAX_ROWS, which
corresponds to the “Maximum allowed rows to render CSV files. (0 for no
limit)” and rewrites the Render function for CSV files in markup module.
Now the render function only reads the file once, having MAX_FILE_SIZE+1
as a reader limit and MAX_ROWS as a row limit. When the file is larger
than MAX_FILE_SIZE or has more rows than MAX_ROWS, it only renders until
the limit, and displays a user-friendly warning informing that the
rendered data is not complete, in the user's language.

---

Previously, when a CSV file was larger than the limit, the render
function lost its function to render the code. There were also multiple
reads to the file, in order to determine its size and render or
pre-render.

The warning: ![image](https://s3.amazonaws.com/i.snag.gy/vcKh90.jpg)

(cherry picked from commit f7125ab61aaa02fd4c7ab0062a2dc9a57726e2ec)
2024-06-09 16:04:57 +02:00
6543 1d4bff4f65
Add option for mailer to override mail headers (#27860)
Add option to override headers of mails, gitea send out

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit aace3bccc3290446637cac30b121b94b5d03075f)

Conflicts:
	docs/content/administration/config-cheat-sheet.en-us.md
	does not exist in Forgejo
	services/mailer/mailer_test.go
	trivial context conflict
2024-06-09 11:13:39 +02:00
Kemal Zebari 90753a2c11
Document possible action types for the user activity feed API (#31196)
Resolves #31131.

It uses the the go-swagger `enum` property to document the activity
action types.

(cherry picked from commit cb27c438a82fec9f2476f6058bc5dcda2617aab5)
2024-06-09 11:13:39 +02:00
mirko f015846c11 Add slogan config (#3752)
This is a PR for #3616

Currently added a new optional config `SLOGAN`  in ini file. When this config is set title page is modified in APP_NAME [ - SLOGAN]

Example in image below

![Selezione_075.png](/attachments/7a72171e-e730-4e57-8c97-ffc94258e00f)

Add the new config value in the admin settings page (readonly)

![Screenshot 2024-05-13 at 18-04-13 My Forgejo.png](/attachments/dad00fc2-29fa-4371-a7b9-5233eadeac13)

## TODO

* [x] Add the possibility to add the `SLOGAN` config from the installation form
* [ ] Update https://forgejo.org/docs/next/admin/config-cheat-sheet

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3752
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: mirko <mirko.perillo@gmail.com>
Co-committed-by: mirko <mirko.perillo@gmail.com>
2024-06-07 17:12:48 +00:00
André Rosenhammer fb7b17d240 Make gitea webhooks openproject compatible (gitea#28435)
This PR adds some fields to the gitea webhook payload that
[openproject](https://www.openproject.org/) expects to exists in order
to process the webhooks.
These fields do exists in Github's webhook payload so adding them makes
Gitea's native webhook more compatible towards Github's.
2024-06-05 15:58:51 +02:00
Earl Warren d2c4d833f4
test(avatar): deleting a user avatar is idempotent
If the avatar file in storage does not exist, it is not an error and
the database can be updated.

See 1be797faba Fix bug on avatar
2024-06-05 09:10:42 +02:00
Earl Warren 1b3ccfffe8 Merge pull request 'test(avatar): deleting a user avatar and file is atomic' (#4015) from earl-warren/forgejo:wip-delete-avatar into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4015
Reviewed-by: Victoria <efertone@noreply.codeberg.org>
2024-06-04 22:38:07 +00:00
Earl Warren 20148e061a
test(storage): export UninitializedStorage to simulate failure 2024-06-04 23:20:20 +02:00
Victoria Nadasdi b80677d009
chore(deps): update module github.com/redis/go-redis/v9 to v9.5.2
Renovate tried to update redis/go-redis, but failed because they changes
the interface, they added two new functions: `BitFieldRO` and
`ObjectFreq`.

Changes:
- Update redis/go-redis
- Run mockgen:
  ```
  mockgen -package mock -destination ./modules/queue/mock/redisuniversalclient.go  github.com/redis/go-redis/v9 UniversalClient
  ```

References:
- https://codeberg.org/forgejo/forgejo/pulls/4009
2024-06-04 12:38:35 +02:00
Earl Warren c2382d4f5b Merge pull request '[gitea] week 2024-23 cherry pick (gitea/main -> forgejo)' (#3989) from earl-warren/wcp/2024-23 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3989
Reviewed-by: Otto <otto@codeberg.org>
2024-06-04 07:40:35 +00:00
Mai-Lapyst e58ce86264 Update the elasticsearch mappings for issues to use long instead of integer for int64 (#3982)
This updates the mapping definition of the elasticsearch issue indexer backend to use `long` instead of `integer`s wherever the go type is a `int64`. Without it larger instances could run into an issue.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3982
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Co-committed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
2024-06-04 07:37:59 +00:00
Lunny Xiao ee2247d77c
Add topics for repository API (#31127)
Fix ##31100

(cherry picked from commit de4616690f742aebc3e019fde5c73c432d543292)
2024-06-02 16:26:54 +02:00
Earl Warren 884b3c0f4b
test(util): MockProtect when mocking multiple times
It is fine to use MockVariableValue to change a setting such as:

defer test.MockVariableValue(&setting.Mirror.Enabled, true)()

But when testing for errors and mocking a function, multiple variants
of the functions will be used, not just one. MockProtect a function
will make sure that when the test fails it always restores a sane
version of the function. For instance:

defer test.MockProtect(&mirror_service.AddPushMirrorRemote)()

mirror_service.AddPushMirrorRemote = mockOne
do some tests that may fail

mirror_service.AddPushMirrorRemote = mockTwo
do more tests that may fail
2024-06-02 15:24:06 +02:00
Rowan Bohde 73706ae26d
feat: add support for a credentials chain for minio access (#31051)
We wanted to be able to use the IAM role provided by the EC2 instance
metadata in order to access S3 via the Minio configuration. To do this,
a new credentials chain is added that will check the following locations
for credentials when an access key is not provided. In priority order,
they are:

1. MINIO_ prefixed environment variables
2. AWS_ prefixed environment variables
3. a minio credentials file
4. an aws credentials file
5. EC2 instance metadata

(cherry picked from commit c0880e7695346997c6a93f05cd01634cb3ad03ee)

Conflicts:
	docs/content/administration/config-cheat-sheet.en-us.md
	does not exist in Forgejo
2024-06-02 10:14:09 +02:00
Lunny Xiao a7591f9738
Rename project board -> column to make the UI less confusing (#30170)
This PR split the `Board` into two parts. One is the struct has been
renamed to `Column` and the second we have a `Template Type`.

But to make it easier to review, this PR will not change the database
schemas, they are just renames. The database schema changes could be in
future PRs.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 98751108b11dc748cc99230ca0fc1acfdf2c8929)

Conflicts:
	docs/content/administration/config-cheat-sheet.en-us.md
	docs/content/index.en-us.md
	docs/content/installation/comparison.en-us.md
	docs/content/usage/permissions.en-us.md
	non existent files

	options/locale/locale_en-US.ini
	routers/web/web.go
	templates/repo/header.tmpl
	templates/repo/settings/options.tmpl
	trivial context conflicts
2024-06-02 09:42:39 +02:00
Michael Jerger 2f7f1aab8a fix review 2024-05-29 18:31:06 +02:00
Michael Jerger 5620dd76fa Merge branch 'forgejo' into forgejo-federated-pr5 2024-05-29 18:26:16 +02:00
Zettat123 df15abd072
Support setting the `default` attribute of the issue template dropdown field (#31045)
Fix #31044

According to [GitHub issue template
documentation](https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema#attributes-for-dropdown),
the `default` attribute can be used to specify the preselected option
for a dropdown field.

(cherry picked from commit 7ab0988af140aa3e0204979765f75961f1dc9c11)
2024-05-26 20:13:09 +02:00
wxiaoguang 5612cf32e5
Refactor sha1 and time-limited code (#31023)
Remove "EncodeSha1", it shouldn't be used as a general purpose hasher
(just like we have removed "EncodeMD5" in #28622)

Rewrite the "time-limited code" related code and write better tests, the
old code doesn't seem quite right.

(cherry picked from commit fb1ad920b769799aa1287441289d15477d9878c5)

Conflicts:
	modules/git/utils_test.go
	trivial context conflict because sha256 testing in Forgejo has diverged
2024-05-26 18:43:30 +02:00
Earl Warren bd32dedb48 Merge pull request 'fix(services): set SendNotificationEmailOnNewUser' (#3904) from earl-warren/forgejo:wip-new-user-notify into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3904
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-05-25 15:11:16 +00:00
Earl Warren ff2a3f4e3a
fix(services): set SendNotificationEmailOnNewUser
regression from 767e9634d3. It changed
the parsing of the [admin] section from being derived from the content
of each key with mustMapSetting(rootCfg, "admin", &Admin) to
explicitly listing all keys in the code.

SEND_NOTIFICATION_EMAIL_ON_NEW_USER was not added and therefore
ignored. As a consequence notifications of newly registered users were
never sent.
2024-05-25 16:27:44 +02:00
Earl Warren c7711dac6d
chore: fix typos identified by mispell 2024-05-25 09:43:50 +02:00
Michael Jerger 82cb9e0203 ui for adding following repos 2024-05-24 13:28:15 +02:00
Victoria Nadasdi 87e2454858
lint: fix import order issue
Signed-off-by: Victoria Nadasdi <victoria@efertone.me>
2024-05-21 18:02:37 +02:00
Victoria Nadasdi 54acfa8880
refactor: redis queue backend test cleanup
Summary:
- Move existing test under a `testify` Suite as `baseRedisWithServerTestSuite`
  - Those tests require real redis server.
- Add `go.uber.org/mock/mockgen@latest` as dependency
  - as a tool (Makefile).
  - in the `go.mod` file.
- Mock redis client lives under a `mock` directory under the queue module.
  - That mock module has an extra hand-written mock in-memory redis-like struct.
- Add tests using the mock redis client.
- Changed the logic around queue provider creation.
  - Now the `getNewQueue` returns a Queue provider directly, not an init
    function to create it.

The whole Queue module is close to impossible to test properly because
everything is private, everything goes through a struct route. Because
of that, we can't test for example what keys are used for given queue.

To overcome this, as a first step I removed one step from that hard
route by allowing custom calls to create new queue provider. To achieve
this, I moved the creation logic into the `getNewQueue` (previously it
was `getNewQueueFn`). That changes nothing on that side, everything goes
as before, except the `newXXX` call happens directly in that function
and not outside that.

That made it possible to add extra provider specific parameters to those
function (`newXXX`). For example a client on redis. Calling it through
the `getNewQueue` function, it gets `nil`.

- If the provided client is not `nil`, it will use that instead of the
connection string.
- If it's `nil` (default behaviour), it creates a new redis client as it
  did before, no changes to that.

The rest of the provider code is unchanged. All these changes were
required to make it possible to generate mock clients for providers and
use them.

For the tests, the existing two test cases are good with redis server,
and they need some extra helpers, for example to start a new redis
server if required, or waiting on a redis server to be ready to use.
These helpers are only required for test cases using real redis server.

For better isolation, moved existing test under a testify Suite, and
moved them into a new test file called `base_redis_with_server_test.go`
because, well they test the code with server. These tests do exactly the
same as before, calling the same sub-tests the same way as before, the
only change is the structure of the test (remove repetition, scope
server related helper functions).

Finally, we can create unit tests without redis server. The main focus of
this group of tests are higher level overview of operations. With the
mock redis client we can set up expectations about used queue names,
received values, return value to simulate faulty state.

These new unit test functions don't test all functionality, at least
it's not aimed for it now. It's more about the possibility of doing that
and add extra tests around parts we couldn't test before, for example
key.

What extra features can test the new unit test group:
- What is the received key for given queue? For example using `prefix`,
  or if all the `SXxx` calls are expected to use `queue_unique` if
  it's a unique queue.
- If it's not a unique queue, no `SXxx` functions are called, because
  those sets are used only to check if a value is unique or not.
- `HasItem` return `false` always if it's a non-unique queue.
- All functions are called exactly `N` times, and we don't have any
  unexpected calls to redis from the code.

Signed-off-by: Victoria Nadasdi <victoria@efertone.me>
2024-05-21 18:02:33 +02:00
Earl Warren 74e07656d2 Merge pull request '[gitea] week 2024-21 cherry pick (gitea/main -> forgejo)' (#3838) from algernon/wcp/2024-21 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3838
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-21 08:05:01 +00:00
Earl Warren fb1338537b Merge pull request '[FEAT] Wiki Search' (#3847) from snematoda/wiki-search-grep into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3847
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-21 06:27:30 +00:00
Victoria Nadasdi df0d1a2134 feat: parse prefix from redis URI for queues (#3836)
For security reasons, scoping access to a redis server via ACL rules is
a good practice. Some parts of the codebase handles prefix like cache[^1]
and session[^2], but the queue module doesn't.

This patch adds this missing functionality to the queue module.

Note about relevant test:
I tried to keep the PR as small as possible (and reasonable), and not
change how the test runs. Updated the existing test to use the same
redis address and basically duplicated the test with the extra flag. It
does NOT test if the keys are correct, it ensures only it works as
expected. To make assertions about the keys, the whole test has to be
updated as the general wrapper doesn't allow the main test to check
anything provider (redis) specific property. That's not something I
wanted to take on now.

[^1]: e4c3c039be/modules/cache/cache_redis.go (L139-L150)
[^2]: e4c3c039be/modules/session/redis.go (L122-L129)

Signed-off-by: Victoria Nadasdi <victoria@efertone.me>

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3836
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Victoria Nadasdi <victoria@efertone.me>
Co-committed-by: Victoria Nadasdi <victoria@efertone.me>
2024-05-20 14:10:54 +00:00
Shiny Nematoda ec4f5495ba feat: wiki search using git-grep
+ add release note
2024-05-20 13:48:50 +00:00
wxiaoguang 193ac67176
Always load or generate oauth2 jwt secret (#30942)
Fix #30923

(cherry picked from commit effb405cae88474c27f5c8322a2627019af1cf64)
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>

Conflicts:
	- modules/setting/oauth2.go
	  Conflicted due to different ways of logging. Since the log
	  message is removed anyway, resolved by removing it.
	- modules/setting/oauth2_test.go
	  Manually copied the test added by Gitea.
	- routers/install/install.go
	  Not a conflict per se, but adjusted to use NewJwtSecret().
2024-05-19 15:47:39 +02:00
wxiaoguang 50b4e7f26e
Simplify mirror repository API logic (#30963)
Fix #30921

(cherry picked from commit 821d2fc2a3cc897f21d707455850177077b72410)
2024-05-19 13:57:52 +02:00
Zettat123 8e1de85980
Support using label names when changing issue labels (#30943)
Resolve #30917

Make the APIs for adding labels and replacing labels support both label
IDs and label names so the
[`actions/labeler`](https://github.com/actions/labeler) action can work
in Gitea.

<img width="600px"
src="https://github.com/go-gitea/gitea/assets/15528715/7835c771-f637-4c57-9ce5-e4fbf56fa0d3"
/>

(cherry picked from commit b3beaed147466739de0c24fd80206b5af8b71617)

Conflicts:
	- modules/structs/issue_label.go
	  Resolved by applying the Gitea change by hand.
	- tests/integration/api_issue_label_test.go
	  Resolved by copying the new tests.
2024-05-19 13:12:35 +02:00
oliverpool 5e73c67d67 fix: hook post-receive for sha256 repos 2024-05-15 16:43:16 +02:00
Earl Warren 77092c7a0c Merge pull request 'Federation: Parse ActorId & cache FederationHost' (#3662) from meissa/forgejo:forgejo-federated-parse-actorId into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3662
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-14 22:42:02 +00:00
Shiny Nematoda b6ca8abcfd [FEAT] support searching non default branches/tags when using git-grep (#3654)
resolves https://codeberg.org/forgejo/forgejo/pulls/3639#issuecomment-1806676 and https://codeberg.org/forgejo/forgejo/pulls/3513#issuecomment-1794990

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3654
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2024-05-14 15:41:03 +00:00
Michael Jerger fddc063b97 missed by diff 2024-05-14 08:48:05 +02:00
Michael Jerger 9d32c5a29b added validation fixes 2024-05-14 08:31:34 +02:00
Michael Jerger fc38e56373 enhance test & fix reviews 2024-05-14 08:24:31 +02:00
Lunny Xiao eb792d9f8a
Move database operations of merging a pull request to post receive hook and add a transaction (#30805)
Merging PR may fail because of various problems. The pull request may
have a dirty state because there is no transaction when merging a pull
request. ref
https://github.com/go-gitea/gitea/pull/25741#issuecomment-2074126393

This PR moves all database update operations to post-receive handler for
merging a pull request and having a database transaction. That means if
database operations fail, then the git merging will fail, the git client
will get a fail result.

There are already many tests for pull request merging, so we don't need
to add a new one.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit ebf0c969403d91ed80745ff5bd7dfbdb08174fc7)

Conflicts:
	modules/private/hook.go
	routers/private/hook_post_receive.go
	trivial conflicts because
	  263a716cb5 * Performance optimization for git push (#30104)
	was not cherry-picked and because of
	  998a431747 Do not update PRs based on events that happened before they existed
2024-05-12 20:03:10 +02:00
wxiaoguang 8cb8547532
Make "sync branch" also sync object format and add tests (#30878)
(cherry picked from commit 9c08637eae8c3a44d15e62d85144e07ae9dabbec)
2024-05-12 20:03:10 +02:00
Yaroslav Halchenko 2b2fd2728c Add codespell support and fix a good number of typos with its help (#3270)
More about codespell: https://github.com/codespell-project/codespell .

I personally introduced it to dozens if not hundreds of projects already and so far only positive feedback.

```
❯ grep lint-spell Makefile
	@echo " - lint-spell                       lint spelling"
	@echo " - lint-spell-fix                   lint spelling and fix issues"
lint: lint-frontend lint-backend lint-spell
lint-fix: lint-frontend-fix lint-backend-fix lint-spell-fix
.PHONY: lint-spell
lint-spell: lint-codespell
.PHONY: lint-spell-fix
lint-spell-fix: lint-codespell-fix
❯ git grep lint- -- .forgejo/
.forgejo/workflows/testing.yml:      - run: make --always-make -j$(nproc) lint-backend checks-backend # ensure the "go-licenses" make target runs
.forgejo/workflows/testing.yml:      - run: make lint-frontend
```
so how would you like me to invoke `lint-codespell` on CI? (without that would be IMHO very suboptimal and let typos sneak in)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3270
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Yaroslav Halchenko <debian@onerussian.com>
Co-committed-by: Yaroslav Halchenko <debian@onerussian.com>
2024-05-09 13:49:37 +00:00
Earl Warren a2c8fe0370 Merge pull request '[gitea] week 2024-19 cherry pick (gitea-github/main -> forgejo)' (#3639) from earl-warren/wcp/2024-19 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3639
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-05-07 22:47:53 +00:00
Michael Jerger 1a76664d56 next step on the way to federation 2024-05-07 17:58:13 +02:00
Michael Jerger 2177d38e9c feat(federation): validate like activities (#3494)
First step on the way to #1680

The PR will

* accept like request on the api
* validate activity in a first level

You can find

* architecture at: https://codeberg.org/meissa/forgejo/src/branch/forgejo-federated-star/docs/unsure-where-to-put/federation-architecture.md

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3494
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
2024-05-07 07:59:49 +00:00
yp05327 6a4bc0289d
Fix no edit history after editing issue's title and content (#30814)
Fix #30807

reuse functions in services

(cherry picked from commit a50026e2f30897904704895362da0fb12c7e5b26)

Conflicts:
	models/issues/issue_update.go
	routers/api/v1/repo/issue.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
2024-05-05 12:15:40 +01:00
silverwind fb693442f5
Remove external API calls in `TestPassword` (#30716)
The test had a dependency on `https://api.pwnedpasswords.com` which
caused many failures on CI recently:

```
--- FAIL: TestPassword (2.37s)
    pwn_test.go:41: Get "https://api.pwnedpasswords.com/range/e6b6a": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
FAIL
coverage: 82.9% of statements
```

(cherry picked from commit 9235442ba58524c8d12ae54865d583acfa1f439d)
2024-05-05 12:15:40 +01:00
wxiaoguang 4e35e5b8ae
Skip gzip for some well-known compressed file types (#30796)
Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit be112c1fc30f87a248b30f48e891d1c8c18e8280)

Conflicts:
	routers/web/web.go
	trivial conflict because of https://codeberg.org/forgejo/forgejo/pulls/1533
2024-05-05 12:15:40 +01:00
Chester 1a40fe54a6
Add API endpoints for getting action jobs status (#26673)
Sample of response, it is similar to Github actions

ref
https://docs.github.com/en/rest/actions/workflow-runs?apiVersion=2022-11-28#list-workflow-runs-for-a-repository

``` json
{
    "workflow_runs": [
        {
            "id": 3,
            "name": "Explore-Gitea-Actions",
            "head_branch": "main",
            "head_sha": "6d8d29a9f7a01ded8f8aeb64341cb31ee1ab5f19",
            "run_number": 3,
            "event": "push",
            "display_title": "More job",
            "status": "success",
            "workflow_id": "demo2.yaml",
            "url": "/chester/test/actions/runs/3",
            "created_at": "2023-08-22T13:41:33-04:00",
            "updated_at": "2023-08-22T13:41:37-04:00",
            "run_started_at": "2023-08-22T13:41:33-04:00"
        },
        {
            "id": 2,
            "name": "Explore-Gitea-Actions",
            "head_branch": "main",
            "head_sha": "6d8d29a9f7a01ded8f8aeb64341cb31ee1ab5f19",
            "run_number": 2,
            "event": "push",
            "display_title": "More job",
            "status": "success",
            "workflow_id": "demo.yaml",
            "url": "/chester/test/actions/runs/2",
            "created_at": "2023-08-22T13:41:30-04:00",
            "updated_at": "2023-08-22T13:41:33-04:00",
            "run_started_at": "2023-08-22T13:41:30-04:00"
        },
        {
            "id": 1,
            "name": "Explore-Gitea-Actions",
            "head_branch": "main",
            "head_sha": "e5369ab054cae79899ba36e45ee82811a6e0acd5",
            "run_number": 1,
            "event": "push",
            "display_title": "Add job",
            "status": "failure",
            "workflow_id": "demo.yaml",
            "url": "/chester/test/actions/runs/1",
            "created_at": "2023-08-22T13:15:21-04:00",
            "updated_at": "2023-08-22T13:18:10-04:00",
            "run_started_at": "2023-08-22T13:15:21-04:00"
        }
    ],
    "total_count": 3
}
```

---------

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: puni9869 <80308335+puni9869@users.noreply.github.com>
(cherry picked from commit 6709e28da78a0ea7e63f9fe4e32f620abdc88d14)

Conflicts:
	routers/api/v1/swagger/repo.go
	trivial context conflict
2024-05-05 12:15:40 +01:00
Chongyi Zheng c504461b66
Resolve lint for unused parameter and unnecessary type arguments (#30750)
Resolve all cases for `unused parameter` and `unnecessary type
arguments`

Related: #30729

---------

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit e80466f7349164ce4cf3c07bdac30d736d20f035)

Conflicts:
	modules/markup/markdown/transform_codespan.go
	modules/setting/incoming_email.go
	routers/api/v1/admin/user_badge.go
	routers/private/hook_pre_receive.go
	tests/integration/repo_search_test.go
	resolved by discarding the change, this is linting only and
	for the sake of avoiding future conflicts
2024-05-05 08:38:16 +01:00
Micash b8e7b3941a
Add support for npm bundleDependencies (#30751)
(cherry picked from commit ad4e902d5a1430c0c1df18bf404537df5ded1dba)
2024-05-05 08:24:01 +01:00
Gergely Nagy 8164ef9762
markup: Allow cross references to contain URL query parameters too
Adjust the `anyHashPattern` to match URL query parameters too, and
adjust `fullHashPatternProcessor` accordingly.

Includes a test case, and an update to an existing one to account for
the new capture group.

Fixes #3548.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 21:14:16 +02:00
Gergely Nagy 9a01062ae2
Fix user mention processing
When mentioning a user, the markup post-processor did not handle the
case where the mentioned user did not exist well: it tried to skip to
the next node, which in turn, ended up skipping the rest of the line.

To fix this, lets skip just the mentioned, but non-existing user, and
continue processing the current node from there.

Fixes #3535.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-30 12:51:30 +02:00
Chongyi Zheng 781789e779
Replace deprecated `math/rand` functions (#30733)
Suggested by logs in #30729

- Remove `math/rand.Seed`
`rand.Seed is deprecated: As of Go 1.20 there is no reason to call Seed
with a random value.`
- Replace `math/rand.Read`
`rand.Read is deprecated: For almost all use cases, [crypto/rand.Read]
is more appropriate.`
- Replace `math/rand` with `math/rand/v2`, which is available since Go
1.22

(cherry picked from commit 7b8e418da1e082786b844562a05864ec1177ce97)
2024-04-28 15:39:02 +02:00
Kemal Zebari 50917ead5f
Perform Newest sort type correctly when sorting issues (#30644)
Should resolve #30642.

Before this commit, we were treating an empty `?sort=` query parameter
as the correct sorting type (which is to sort issues in descending order
by their created UNIX time). But when we perform `sort=latest`, we did
not include this as a type so we would sort by the most recently updated
when reaching the `default` switch statement block.

This commit fixes this by considering the empty string, "latest", and
just any other string that is not mentioned in the switch statement as
sorting by newest.

(cherry picked from commit 9b7af4340c36d3e1888788499d16f83feeb1601b)
2024-04-28 15:39:00 +02:00
silverwind 12b199c5e5
Enable more `revive` linter rules (#30608)
Noteable additions:

- `redefines-builtin-id` forbid variable names that shadow go builtins
- `empty-lines` remove unnecessary empty lines that `gofumpt` does not
remove for some reason
- `superfluous-else` eliminate more superfluous `else` branches

Rules are also sorted alphabetically and I cleaned up various parts of
`.golangci.yml`.

(cherry picked from commit 74f0c84fa4245a20ce6fb87dac1faf2aeeded2a2)

Conflicts:
	.golangci.yml
	apply the linter recommendations to Forgejo code as well
2024-04-28 15:39:00 +02:00
oliverpool 20350846fc Merge pull request 'fix: git.ComputeHash did not write the content' (#3466) from oliverpool/forgejo:fix_compute_hash into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3466
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-26 10:15:23 +00:00
Earl Warren c31ae1a651 fix(lfs): gogit /settings/lfs/find 500 error (#3472)
Refs: https://codeberg.org/forgejo/forgejo/pulls/3448
Refs: https://codeberg.org/forgejo/forgejo/issues/3438
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3472
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
2024-04-26 09:22:09 +00:00
Earl Warren 801554f708 Merge pull request 'Limit database max connections by default' (#3383) from fnetx/Limit database max connections by default into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3383
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-26 08:31:15 +00:00
oliverpool 5247fd50db fix: git.ComputeHash did not write the content 2024-04-26 10:16:59 +02:00
oliverpool 3dfa5ba43a test: LFS gc should not delete all metadata objects
and ComputeBlobHash should depend on the blob content (not only the
length)
2024-04-26 10:16:59 +02:00
Shiny Nematoda a641ebf221 [FIX] Set max fuzziness to 2 for bleve (#3444)
closes #3443

regression from ab5f0b7558

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3444
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2024-04-26 08:08:47 +00:00
Earl Warren f7786e207e Merge pull request 'Change the default SSH clone url to the ssh:// style' (#3285) from algernon/forgejo:cloning-in-sshtyle into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3285
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-25 19:24:54 +00:00
JakobDev 1bce2dc5c5 [FEAT]Add Option to hide Release Archive links (#3139)
This adds a new options to releases to hide the links to the automatically generated archives. This is useful, when the automatically generated Archives are broken e.g. because of Submodules.

![grafik](/attachments/5686edf6-f318-4175-8459-89c33973b181)
![grafik](/attachments/74a8bf92-2abb-47a0-876d-d41024770d0b)

Note:
This juts hides the Archives from the UI. Users can still download 5the Archive if they know t correct URL.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3139
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-committed-by: JakobDev <jakobdev@gmx.de>
2024-04-24 15:15:55 +00:00
Otto Richter f23fd221e4 Limit database max connections by default
Our default of unlimited database connections is not sane, because every database has a limit, and our default should just follow this. Otherwise it will lead to issues every time a small instance gets a high traffic peak.

Part of https://codeberg.org/forgejo/forgejo/issues/3381

The value of 100 is the lowest value from:

- 100 Postgres https://www.postgresql.org/docs/current/runtime-config-connection.html#GUC-MAX-CONNECTIONS
- 151 MySQL https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_max_connections
- 151 MariaDB https://mariadb.com/docs/server/ref/mdb/system-variables/max_connections/
2024-04-23 00:47:50 +02:00
Earl Warren b63b224c36 Merge pull request '[gitea] week 2024-17 cherry pick (gitea/main -> forgejo)' (#3350) from algernon/wcp/2024-17 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3350
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-22 18:48:13 +00:00
Gergely Nagy 0cb46f63df
setting: Infer [email.incoming].PORT from .USE_TLS
If `[email.incoming].USE_TLS` is set, but the port isn't, infer the
default from `.USE_TLS`: set the port to 993 if using tls, and to 143
otherwise. Explicitly setting a port overrides this.

Fixes #3357.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-22 16:30:35 +02:00
Gergely Nagy 073cc891c6
setting: Allow aliases for some email settings
The keys for setting the username and password for incoming and outgoing
mail are inconsisent: one uses `USERNAME` and `PASSWORD`, the other uses
`USER` and `PASSWD`.

To make things simpler, allow both to be configured by either, thus,
`[mailer].USERNAME` and `[mailer.PASSWORD]` will be aliases for `.USER`
and `.PASSWD`, and similarly, `[email.incoming].USER` and
`[email.incoming].PASSWD` will be aliases for `.USERNAME` and
`.PASSWORD`.

Fixes #3355.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-22 16:09:01 +02:00
0ko 469c214ec8 s/Gitea/Forgejo in various log messages and comments 2024-04-21 21:26:15 +05:00
wxiaoguang 27434acef6
Fix commit file status parser (#30602)
Try to fix  #30492

(cherry picked from commit 53cf46cae7475befa2dde554bbd9147e436072b9)
2024-04-21 16:28:16 +02:00
Jason Song e7a484e401
Avoid importing `modules/web/middleware` in `modules/session` (#30584)
Related to #30375.

It doesn't make sense to import `modules/web/middleware` and
`modules/setting` in `modules/web/session` since the last one is more
low-level.

And it looks like a workaround to call `DeleteLegacySiteCookie` in
`RegenerateSession`, so maybe we could reverse the importing by
registering hook functions.

(cherry picked from commit 61457cdf6b49225ae831fd9fb084deadd8bdb0fb)
2024-04-21 16:28:16 +02:00
Tobias Balle-Petersen 23f032eaa5
Update API to return 'source_id' for users (#29718)
Using the API, a user's _source_id_ can be set in the _CreateUserOption_
model, but the field is not returned in the _User_ model.

This PR updates the _User_ model to include the field _source_id_ (The
ID of the Authentication Source).

(cherry picked from commit 58b204b813cd3a97db904d889d552e64a7e398ff)
2024-04-21 12:04:18 +02:00
Bo-Yi Wu e025ec0131
feat(api): implement branch/commit comparison API (#30349)
- Add new `Compare` struct to represent comparison between two commits
- Introduce new API endpoint `/compare/*` to get commit comparison
information
- Create new file `repo_compare.go` with the `Compare` struct definition
- Add new file `compare.go` in `routers/api/v1/repo` to handle
comparison logic
- Add new file `compare.go` in `routers/common` to define `CompareInfo`
struct
- Refactor `ParseCompareInfo` function to use `common.CompareInfo`
struct
- Update Swagger documentation to include the new API endpoint for
commit comparison
- Remove duplicate `CompareInfo` struct from
`routers/web/repo/compare.go`
- Adjust base path in Swagger template to be relative (`/api/v1`)

GitHub API
https://docs.github.com/en/rest/commits/commits?apiVersion=2022-11-28#compare-two-commits

---------

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit c70e442ce4b99e2a1f1bf216afcfa1ad78d1925a)

Conflicts:
	- routers/api/v1/swagger/repo.go
	  Conflict resolved by manually adding the lines from the Gitea
	  PR.
2024-04-21 11:58:18 +02:00
Earl Warren d029796e1e Merge pull request 'Fix some edge cases with permalink rendering' (#3286) from Mai-Lapyst/forgejo:fix-permalink-rendering-edgecases into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3286
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-20 10:24:05 +00:00
Mai-Lapyst acfae43253
Fix panic where now a third link breaks everything 2024-04-19 23:54:46 +02:00
Mai-Lapyst e9eacdecd2
Fix issue where rendering stops after the first invalid parmalink 2024-04-19 18:21:21 +02:00
Earl Warren d07f12e010 Merge pull request 'Do not require login_name & source_id for /admin/user/{username}' (#3278) from algernon/forgejo:leave-your-name-at-the-door into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3278
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-17 11:05:13 +00:00
Mai-Lapyst 5b6b3f3fb3
Fix some edge cases; closes #3232
- Fixes wrong usage of AppURL
- Fixes wrong rendering with extra path segments when AppSubURL is empty
- Now also renders all links when 2+ permalinks are present
2024-04-17 13:02:48 +02:00
Gergely Nagy dc39043cd6
Change the default SSH clone url to the ssh:// style
Rather than using an scp-style URI, use the same URL style for SSH
clones as for HTTP(S) ones. This is not only more consistent, but the
URL style allows one to specify a port, and makes it clear that it is an
SSH clone URL.

git itself favours the URL style, and mentions the scp-style in passing
only. Said style is prominently used by GitHub, and might be more
familiar for a lot of people, but other than familiarity, it has no
advantage over the URL style.

For the benefit of consistency, and flexibility, lets flip the default,
and make it the URL style. Instance admins who prefer to use the
scp-style, and are running SSH on its standard port, can change the
setting back to false.

This addresses #3193.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-17 11:04:48 +02:00
Gergely Nagy d07c8c821c
Do not require login_name & source_id for /admin/user/{username}
When editing a user via the API, do not require setting `login_name` or
`source_id`: for local accounts, these do not matter. However, when
editing a non-local account, require *both*, as before.

Fixes #1861.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-17 10:33:52 +02:00
Gergely Nagy df8e58c5cb
Allow changing global wiki editability via the API
The global wiki editability can be set via the web UI, this patch makes
it possible to set the same thing via the API too. This is accomplished
by adjusting the GET and PATCH handlers of the
`/api/v1/repos/{owner}/{repo}` route.

The first will include the property when checking the repo's settings,
the second allows a repo admin to change the setting too.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-16 22:51:36 +02:00
oliverpool df042909bb Merge pull request '[Port] container.FilterSlice function (gitea#30339 & gitea#30370)' (#3264) from oliverpool/forgejo:port_30339 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3264
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-04-16 13:12:11 +00:00
oliverpool 525accfae6 Add container.FilterSlice function (gitea#30339)
Many places have the following logic:
```go
func (jobs ActionJobList) GetRunIDs() []int64 {
	ids := make(container.Set[int64], len(jobs))
	for _, j := range jobs {
		if j.RunID == 0 {
			continue
		}
		ids.Add(j.RunID)
	}
	return ids.Values()
}
```

this introduces a `container.FilterMapUnique` function, which reduces
the code above to:
```go
func (jobs ActionJobList) GetRunIDs() []int64 {
	return container.FilterMapUnique(jobs, func(j *ActionRunJob) (int64, bool) {
		return j.RunID, j.RunID != 0
	})
}
```
Conflicts:
models/issues/comment_list.go due to premature refactor in #3116
2024-04-16 11:49:44 +02:00
wxiaoguang f692069616
Refactor markdown render (#30139)
Only split the file into small ones (and rename AttentionTypes to
attentionTypes)

(cherry picked from commit 71706126b56616750a65290460fd211b9b8449da)
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>

Conflicts:
	- modules/markup/markdown/goldmark.go
	- modules/markup/markdown/transform_blockquote.go
	Conflicts were resolved by favouring the Forgejo implementation:
	I copied the Forgejo code to the same place Gitea copied them
	to, and adjusted the imports accordingly.

	Apart from conflict resolution, this also moves
	`applyElementDir` from a local func in `goldmark.Transform` to a
	method on `*ASTTransformer`, to make it callable from the
	extracted functions.
2024-04-16 10:42:49 +02:00