mirror of
1
Fork 0
Commit Graph

576 Commits

Author SHA1 Message Date
Gusted dfe3ffc581 feat: harden localization against malicious HTML (#5703)
- Add a new script that proccess the localization files and verify that
they only contain HTML according to our strictly defined rules.
- This should make adding malicious HTML near-impossible.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5703
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2024-10-30 15:59:48 +00:00
Renovate Bot f9a16f8be0 Update renovate to v38.133.0 2024-10-28 06:26:24 +00:00
Gusted 7ad83fce40 chore: move to Eslint flat config
Make the big move to Eslint flat config format. The outcome of Eslint
still should be the same, but some things has changed:
- `eslint-plugin-github` is dropped, flat configs have been out for a
while and most eslint plugins support it, but for no reason and no
activity in sight this plugin is likely not going to support flat config
for a while and to avoid other plugins not being able to update (as they
are requiring flat configs) drop the github rules.
- Nested configs don't work properly and are unified into the root
eslint config, this unification did cause some conflicts and thats why
the `import-x` is in a seperate 'group' to exclude targeting Vue files.
- The `eslint-plugin-i` is deprecated and `esplint-plugin-import-x` is
its succesor which has better support for flat configs, the same rules
are still applied.

The majority of the flat config was generated by
`@eslint/migrate-config` tool.
2024-10-23 15:28:43 +02:00
Renovate Bot 13762759fd Update renovate to v38.128.6 2024-10-21 00:03:17 +00:00
Renovate Bot 7e805fa665 Update renovate to v38.121.0 2024-10-14 20:04:12 +00:00
Renovate Bot dc93b843cd Update x/tools to v0.26.0 2024-10-10 06:03:14 +00:00
Renovate Bot e9040fafec Update renovate to v38.110.2 2024-10-07 00:03:30 +00:00
Otto cb91e5a4dc Merge pull request 'Makefile: support gotestsum' (#5249) from yoctozepto/gotestsum into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5249
Reviewed-by: Otto <otto@codeberg.org>
2024-10-04 14:24:12 +00:00
Renovate Bot 1b06287fe3 Update renovate to v38.101.1 2024-09-30 00:08:52 +00:00
Renovate Bot 15ec27e658 Update renovate to v38.93.2 2024-09-23 02:02:04 +00:00
Renovate Bot 4cff39c4d9 Update renovate to v38.80.0 2024-09-16 00:02:10 +00:00
Renovate Bot 6e02a6b422 Update renovate to v38.77.2 2024-09-12 16:02:09 +00:00
forgejo-renovate-action f8eb608a5b Merge pull request 'Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.61.0 (forgejo)' (#5282) from renovate/forgejo-github.com-golangci-golangci-lint-cmd-golangci-lint-1.x into forgejo 2024-09-11 04:47:33 +00:00
Renovate Bot 54f3284faa Update x/tools to v0.25.0 2024-09-11 02:02:38 +00:00
Renovate Bot 0f10e9a72f Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.61.0 2024-09-11 00:02:45 +00:00
Radosław Piliszek e4134f0a81 Makefile: support gotestsum
gotestsum [1] is a tool that brings sanity to human-powered
analysis of test results, supporting handy summaries of results
and more.

This implementation allows for the use of `USE_GOTESTSUM=yes`
to switch the implementation from raw `go test` to `gotestsum`.
It also gives general flexibility in choice of go tests runner.

The PREFIX-SUFFIX play is needed for compiled tests and may
be subject to modification depending on the outcome of #5248

[1] https://pkg.go.dev/gotest.tools/gotestsum
2024-09-06 11:54:14 +00:00
Renovate Bot eaad11ae8b Update module golang.org/x/tools/gopls to v0.16.2 2024-09-06 00:02:39 +00:00
Renovate Bot d9893ed2b6 Update renovate to v38.59.2 2024-09-02 00:02:39 +00:00
Gusted c2e11058bb
chore: update mock redis client
- Follow up of #5173
2024-09-01 05:42:34 +02:00
Renovate Bot fbe464309b Update renovate to v38.52.3 2024-08-26 04:05:34 +00:00
Earl Warren 9fee7ea763
chore(license): clarify the API swagger file is and stays MIT (take 2)
Override the swagger default.
2024-08-23 19:17:07 +02:00
Renovate Bot cbee178245 Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.60.3 2024-08-23 02:05:38 +00:00
Twenty Panda 94631ccef6
Forgejo v9.0 is GPLv3+
* display Forgejo license first
* do not send go-license in a loop because Gitea & Forgejo have
  different licenses

Refs: 62ac0cc334/AGREEMENTS.md
2024-08-22 09:09:29 +02:00
Renovate Bot 63faeb365c Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.60.2 2024-08-21 02:03:34 +00:00
Gusted 5b81cab0ed Merge pull request '[CHORE] Support reproducible builds' (#4970) from gusted/forgejo-reproducible-builds into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4970
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Radosław Piliszek <radek@piliszek.it>
2024-08-20 18:14:33 +00:00
Gusted be46795975
[CHORE] Support reproducible builds
This is a step towards making Forgejo's binaries (the one listed in the
release tab) reproducible.

In order to make the actual binary reproducible, we have to ensure that
the release workflow has the correct configuration to produce such
reproducible binaries. The release workflow currently uses the
Dockerfile to produce binaries, as this is one of the easiest ways to do
cross-compiling for Go binaries with CGO enabled (due to SQLite). In the
Dockerfile, two new arguments are being given to the build command.
`-trimpath` ensures that the workpath directory doesn't get included in
the binary; this means that file names (such as for panics) are
relative (to the workpath) and not absolute, which shouldn't impact
debugging. `-buildid=` is added to the linker flag; it sets the BuildID
of the Go linker to be empty; the `-buildid` hashes the input actions
and output content; these vary from build to build for unknown reasons,
but likely because of the involvement of temporary file names, this
doesn't have any effect on the behavior of the resulting binary.

The Makefile receives a new command, `reproduce-build#$VERSION` which
can be used by people to produce a reproducible Forgejo binary of a
particular release; it roughly does what the release workflow also does.
Build the Dockerfile and extract the Forgejo binary from it. This
doesn't allow to produce a reproducible version for every release, only
for those that include this patch, as it needs to call the makefile of
that version in order to make a reproducible binary.

There's one thing left to do: the Dockerfile pins the Go version to a
minor level and not to a patch level. This means that if a new Go patch
version is released, that will be used instead and will result in a
different binary that isn't bit to bit the same as the one that Forgejo
has released.
2024-08-19 17:31:57 +02:00
Otto 3b8ac4388a Merge pull request 'Refactor grouped forms to semantic HTML' (#4995) from fnetx/refactor-grouped-forms into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4995
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-19 14:53:35 +00:00
Earl Warren 51620ab0f3 Merge pull request 'Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.60.1 (forgejo)' (#4953) from renovate/forgejo-github.com-golangci-golangci-lint-cmd-golangci-lint-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4953
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-19 07:38:14 +00:00
Renovate Bot 1b9222f6e2 Update renovate to v38.39.6 2024-08-19 02:03:33 +00:00
Otto Richter c9e402afdc feat(tmpl): Introduce semantic HTML in forms
Modifies forms:

- (new) org team
- (new) repo webhook
- (new) repo protected branch

The forms are not completely rewritten to semantic HTML yet. The focus
of this change was on standard elements, some custom solutions were left
untouched for now.

- swaps the order fo permission radio buttons as per https://codeberg.org/forgejo/forgejo/issues/4983
- uses fieldsets to group related inputs
  - ensures consistent styling across forms
  - can be improved later, e.g. using horizontal lines between sections
- fixes: previous font size of labels was smaller than the font size of the help text
- help text are now part of the label, clicking them now also activates the input
- drop unused CSS (no required checkboxes in grouped class remain)
- playwright testing:
  - move login boilerplate to utils
  - automated form accessibility checking
    - allow defining the scope, because legacy parts of the forms are not yet accessible
  - assert some CSS properties that should not be overriden
- the Makefile adjustment was necessary, because eslint scanned some internal files in the tests/e2e/reports directory
2024-08-19 01:14:18 +02:00
Gusted 22d57cfc6b Merge pull request 'chore(make): structure and clean up Makefile a little' (#4979) from fnetx/makefile-structure into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4979
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-18 15:27:02 +00:00
Renovate Bot 674689af4a
Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.60.1 2024-08-18 16:03:29 +02:00
Otto Richter 7e0cebecb0 Drop docker target from Makefile
as per https://codeberg.org/forgejo/forgejo/pulls/4979#issuecomment-2181764
2024-08-18 15:14:34 +02:00
Renovate Bot 1b8a79f820 Update module mvdan.cc/gofumpt to v0.7.0 2024-08-17 00:02:59 +00:00
Otto Richter b390641478 Drop vendor filter (dir is gone), left-align help messages 2024-08-16 15:28:48 +02:00
Otto Richter ac5d4f68d1 Comments for structure, moving things around, drop Gitea mentions 2024-08-16 15:04:25 +02:00
Otto Richter f2ab8c8ea7 Drop legacy update-translation target 2024-08-16 14:54:55 +02:00
Gusted a21128a734
[CHORE] Drop `go-git` support
See https://codeberg.org/forgejo/discussions/issues/164 for the
rationale and discussion of this change.

Everything related to the `go-git` dependency is dropped (Only a single
instance is left in a test file to test for an XSS, it requires crafting
an commit that Git itself refuses to craft). `_gogit` files have
been removed entirely, `go:build: !gogit` is removed, `XXX_nogogit.go` files
either have been renamed or had their code being merged into the
`XXX.go` file.
2024-08-12 19:11:09 +02:00
Renovate Bot eb6afae1c0 Update renovate to v38.25.0 2024-08-12 00:04:22 +00:00
Renovate Bot 8039240c26
Update module github.com/editorconfig-checker/editorconfig-checker/v2/cmd/editorconfig-checker to v3 2024-08-09 21:03:37 +02:00
Renovate Bot 99d78fb9e7 Update x/tools to v0.24.0 2024-08-09 10:25:53 +00:00
Renovate Bot 52666d4a8a Update renovate to v38.21.3 2024-08-08 08:05:32 +00:00
Renovate Bot 00ae44129d Update renovate to v38.18.12 2024-08-05 00:02:57 +00:00
Michael Kriese 707318fcc8
chore(renovate): use mirror image 2024-07-30 09:23:44 +02:00
Renovate Bot 5e3d4b001c Update renovate to v38.9.0 2024-07-29 08:02:14 +00:00
Renovate Bot 5da7b3ae1f Update renovate to v38 2024-07-26 20:01:43 +00:00
Renovate Bot 20de7e5fdf Update renovate to v37.438.2 2024-07-22 00:04:06 +00:00
Gusted 984d0127f1
Enable multiStatements for MySQL 2024-07-16 23:16:03 +02:00
Renovate Bot 20161546d5 Update renovate to v37.431.4 2024-07-15 04:03:33 +00:00
Earl Warren 4f6c823ae7 Merge pull request '[gitea] week 2024-28 cherry pick (gitea/main -> forgejo)' (#4391) from earl-warren/wcp/2024-28 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4391
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-09 05:37:52 +00:00