1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-22 12:54:53 -05:00
Commit graph

1712 commits

Author SHA1 Message Date
Zettat123
6b74043b85
Fix missing signature key error when pulling Docker images with SERVE_DIRECT enabled (#32365)
Fix #28121

I did some tests and found that the `missing signature key` error is
caused by an incorrect `Content-Type` header. Gitea correctly sets the
`Content-Type` header when serving files.

348d1d0f32/routers/api/packages/container/container.go (L712-L717)
However, when `SERVE_DIRECT` is enabled, the `Content-Type` header may
be set to an incorrect value by the storage service. To fix this issue,
we can use query parameters to override response header values.

https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
<img width="600px"
src="https://github.com/user-attachments/assets/f2ff90f0-f1df-46f9-9680-b8120222c555"
/>

In this PR, I introduced a new parameter to the `URL` method to support
additional parameters.

```
URL(path, name string, reqParams url.Values) (*url.URL, error)
```

---

Most S3-like services support specifying the content type when storing
objects. However, Gitea always use `application/octet-stream`.
Therefore, I believe we also need to improve the `Save` method to
support storing objects with the correct content type.

b7fb20e73e/modules/storage/minio.go (L214-L221)
(cherry picked from commit 0690cb076bf63f71988a709f62a9c04660b51a4f)

Conflicts:
	- modules/storage/azureblob.go
	  Dropped the change, as we do not support Azure blob storage.
	- modules/storage/helper.go
	  Resolved by adjusting their `discardStorage` to our
	  `DiscardStorage`
	- routers/api/actions/artifacts.go
	  routers/api/actions/artifactsv4.go
	  routers/web/repo/actions/view.go
	  routers/web/repo/download.go
	  Resolved the conflicts by manually adding the new `nil`
	  parameter to the `storage.Attachments.URL()` calls.

	  Originally conflicted due to differences in the if expression
	  above these calls.
2024-11-05 09:33:15 +01:00
Oleksandr Redko
4aa61601c3
refactor: remove redundant err declarations (#32381)
(cherry picked from commit f4d3aaeeb9e1b11c5495e4608a3f52f316c35758)

Conflicts:
	- modules/charset/charset_test.go
	  Resolved by manually changing a `=` to `:=`, as per the
	  original patch. Conflict was due to `require.NoError`.
2024-11-05 09:33:15 +01:00
Royce Remer
fe5adbbbdc
Add new [lfs_client].BATCH_SIZE and [server].LFS_MAX_BATCH_SIZE config settings. (#32307)
This contains two backwards-compatible changes:
* in the lfs http_client, the number of lfs oids requested per batch is
loaded from lfs_client#BATCH_SIZE and defaulted to the previous value of
20
* in the lfs server/service, the max number of lfs oids allowed in a
batch api request is loaded from server#LFS_MAX_BATCH_SIZE and defaults
to 'nil' which equates to the previous behavior of 'infinite'

This fixes #32306

---------

Signed-off-by: Royce Remer <royceremer@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit c60e4dc1095ef90a790582cacfad27c972637bb2)

Conflicts:
	- services/lfs/server.go
	  Conflict due to our Quota implementation. Resolved by manually
	  adding the change after the quota check.
2024-11-05 09:33:15 +01:00
Earl Warren
407396cde0 Merge pull request 'Add label to Forgejo Actions PR labeled/unlabeled events and update the commit status' (#5778) from earl-warren/forgejo:wip-label-status into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5778
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Otto <otto@codeberg.org>
2024-11-04 14:09:23 +00:00
Otto
1418ac176d Merge pull request '[PORT] Fix git error handling (gitea#32401)' (#5794) from gusted/forgejo-port-32401 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5794
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-11-04 10:40:07 +00:00
Earl Warren
66c85b7d8b
fix: Actions PR workflows must update the commit status
When a workflow has

on:
  pull_request:
    types:
      - labeled
      - unlabeled

The outcome of the workflow (success or failure) must be associated
with the head sha commit status. Otherwise it cannot be used as a
requirement for merging the pull request (branch protections).
2024-11-04 11:27:14 +01:00
Earl Warren
58e3c1fbdb
fix: add label to issues and PR labeled/unlabeled events
When a workflow has

on:
  pull_request:
    types:
      - labeled
      - unlabeled

The payload misses the label field describing the added or removed
label.

The unlabeled event type was also incorrectly mapped to the labeled
event type.
2024-11-04 10:41:11 +01:00
wxiaoguang
498b5f9867
[PORT] Refactor the DB migration system slightly (gitea#32344)
Introduce "idNumber" for each migration, and clarify the difference
between the migration ID number and database version.

---
Conflict resolution: trivial

(cherry picked from commit d70af38447a759d4a935e315e18efa4dd625f655)
2024-11-03 17:00:48 +01:00
wxiaoguang
171de4d107
[PORT] Fix git error handling (gitea#32401)
---
Conflict resolution: Trivial, for `repo_attributes.go` move where the
`IsErrCanceledOrKilled` needs to happen because of other changes that
happened in this file.

To add some words to this change: It seems to be mostly simplifying the
error handling of git operations.

(cherry picked from commit e524f63d58900557d7d57fc3bcd19d9facc8b8ee)
2024-11-03 16:47:44 +01:00
wxiaoguang
f2eabf6308
[PORT] Replace DateTime with DateUtils (gitea#32383)
(cherry picked from commit fec6b3d50072e48bb51c18c5c4ea682dc6319573)
2024-11-03 16:37:01 +01:00
Michael Kriese
284ffe4e00
fix: support www.github.com for migrations 2024-11-03 16:08:58 +01:00
Gusted
4c67023c7e
tests: improve actvititypub integration test code
- Make use of `test.MockVariableValue` to override variables for the
duration of the test.
- Don't needlessly call `onGiteaRun`, its only needed when a HTTP server
needs to be called by the code.
- When `onGiteaRun` is used, make use of the passed parameters, such as
the passed `*testing.T` variable and `*url.URL` (this also avoids
needing to serve the routers in the test code again).
- Use `(*url.URL).JoinPath` to craft new URLs.
- Don't override `setting.AppURL` & `setting.Database.LogSQL` when its
does not affect the test.
- Add empty fixture files for `FederatedUser` & `FederationHost` so they
are truncated and do not persist between tests.
2024-11-01 22:39:49 +01:00
Tom Neuber
68d5cf0e92
Add branch auto deletion for scheduled PRs 2024-10-31 03:49:15 +01:00
Tom Neuber
3f01fb31d9
create "shared" package to workaround import loop issues 2024-10-31 03:49:14 +01:00
Earl Warren
485db0a3ba Merge pull request '[gitea] week 2024-44 cherry pick (gitea/main -> forgejo)' (#5714) from algernon/wcp/2024-44 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5714
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-10-29 09:05:27 +00:00
Gusted
266e0b2ce9
security: add permission check to 'delete branch after merge'
- Add a permission check that the doer has write permissions to the head
repository if the the 'delete branch after merge' is enabled when
merging a pull request.
- Unify the checks in the web and API router to `DeleteBranchAfterMerge`.
- Added integration tests.
2024-10-28 05:48:10 +01:00
Lunny Xiao
261c0a95b4
Add warn log when deleting inactive users (#32318)
Add log for the problem #31480

(cherry picked from commit a264c46fb04112c5ec2c1b2acd523a2e4450da40)

Conflicts:
	- services/user/user.go
	  Resolved by manually adding the log line.
2024-10-27 11:27:40 +01:00
Renovate Bot
b597725fa0 Update module github.com/jhillyerd/enmime to v2 2024-10-23 06:04:11 +00:00
Earl Warren
c1a08156f8 Merge pull request '[gitea] week 2024-43 cherry pick (gitea/main -> forgejo)' (#5621) from algernon/wcp/2024-43 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5621
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-10-22 17:37:03 +00:00
Gusted
f298bf125a Merge pull request 'fix: use ValidateEmail as binding across web forms' (#5158) from solomonv/consolidate-email-validation into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5158
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-10-21 14:31:32 +00:00
dragon
95c7599db5 fix arch pkg 2024-10-21 10:08:57 +08:00
谈笑风生间
c3741d7fb0
Support requested_reviewers data in comment webhook events (#26178)
close #25833

Currently, the information for "requested_reviewers" is only included in
the webhook event for reviews. I would like to suggest adding this
information to the webhook event for "PullRequest comment" as well, as
they both pertain to the "PullRequest" event.

Also, The reviewer information for the Pull Request is not displayed
when it is approved or rejected.

(cherry picked from commit d50ed0abf731a10741831d4b6dd54791e3e567ec)
2024-10-20 09:34:46 +02:00
Zettat123
e8700cee61
Update scheduled tasks even if changes are pushed by "ActionsUser" (#32246)
Fix #32219

---------

Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit 81aec6d621a3ea0dfb02d3b4d20b9be77c30c6ab)
2024-10-20 09:24:58 +02:00
Zettat123
89446e60a6
Support migrating GitHub/GitLab PR draft status (#32242)
Resolve #32196

(cherry picked from commit 74664b08a004393ce013e872e47901f52645b65a)
2024-10-20 09:24:25 +02:00
Gusted
cd7c015dd3 Merge pull request 'mail issue: Display issue type in email header' (#5389) from xenrox/forgejo:mail-issue into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5389
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-10-19 21:54:56 +00:00
Thorben Günther
74403d1f0f
mail issue: Display issue type in email header
Currently notification emails for Pull Requests or Issues are
indistinguishable at first glance. This adds the type ("PR" or "Issue")
before the index number.
2024-10-19 21:25:54 +02:00
Earl Warren
e2354703ed Merge pull request '[gitea] week 2024-42 cherry pick (gitea/main -> forgejo)' (#5543) from earl-warren/wcp/2024-42 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5543
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-10-19 13:54:24 +00:00
Earl Warren
69bedb8933 Merge pull request 'fix: correct documentation for non 200 responses in swagger' (#5491) from JakobDev/forgejo:fixswagger into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5491
Reviewed-by: Otto <otto@codeberg.org>
2024-10-15 11:34:35 +00:00
Otto
1d13249e17 Merge pull request '[BUG] Don't allow owner team with incorrect unit access' (#5529) from gusted/forgejo-owners-team-description into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5529
Reviewed-by: Otto <otto@codeberg.org>
2024-10-14 19:56:58 +00:00
Earl Warren
e299a7f4cd Merge pull request 'fix: don't cancel schedule workflows on push to main branch' (#5470) from Kwonunn/forgejo:dont-cancel-schedule-workflow into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5470
2024-10-13 12:06:02 +00:00
Lunny Xiao
8f61fce938
Only rename a user when they should receive a different name (#32247)
Fix #31996

(cherry picked from commit 9df5ddaf44aa5a3f319acba7b18645b7b1d4d8a2)
2024-10-13 14:17:08 +03:00
Earl Warren
7855e4bb56
Improve the maintainblity of the reserved username list (#32229)
(cherry picked from commit 6029d78ab5006e8fb4f42adb5a8c491f19fa7b0a)

Conflicts:
  models/user/user.go
	services/user/user_test.go
    trivial context conflict
	tests/integration/user_test.go
    discarded entirely because dot may be allowed in Forgejo under
    some conditions
2024-10-13 14:17:08 +03:00
Gusted
9de9034400
[BUG] Don't allow owner team with incorrect unit access
- On editting a team, only update the units if the team isn't the
'Owners' team. Otherwise the 'Owners' team end up having all of their
unit access modes set to 'None'; because the request form doesn't send
over any units, as it's simply not shown in the UI.
- Adds a database inconstency check and fix for the case where the
'Owners' team is affected by this bug.
- Adds unit test.
- Adds integration test.
- Resolves #5528
- Regression of https://github.com/go-gitea/gitea/pull/24012
2024-10-11 14:48:47 +02:00
Lunny Xiao
a052d2b602
Fix bug when a token is given public only
Port of https://github.com/go-gitea/gitea/pull/32204

(cherry picked from commit d6d3c96e6555fc91b3e2ef21f4d8d7475564bb3e)

Conflicts:
  routers/api/v1/api.go
	services/context/api.go
  trivial context conflicts
2024-10-10 10:41:42 +03:00
Otto
fd3bff3181 Merge pull request 'fix: Small fixes and rename for #5482' (#5505) from timedin/forgejo:forgejo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5505
Reviewed-by: Otto <otto@codeberg.org>
2024-10-09 20:13:51 +00:00
Otto
ca2c850122 Merge pull request 'fix: correct Discord webhook JSON for issue events' (#5492) from kidsan/forgejo:discord-api-conformance into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5492
Reviewed-by: Otto <otto@codeberg.org>
2024-10-09 16:02:49 +00:00
TimedIn
e988a25237 Small fixes and rename for #5482
- New Issue Fixed assign me being hidden after assignees were cleared https://codeberg.org/forgejo/forgejo/pulls/5482/files#issuecomment-2365431
- Test for verifying the above
- Removed wait for network idle from e2e test
- Renamed templ key assigneeId to assigneeIds
2024-10-09 14:17:41 +02:00
Earl Warren
31fc0f66b7 Merge pull request '[gitea] week 2024-41 cherry pick (gitea/main -> forgejo)' (#5477) from earl-warren/wcp/2024-41 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5477
Reviewed-by: Otto <otto@codeberg.org>
2024-10-09 05:02:20 +00:00
Kidsan
6ea6f224b8 fix: improve discord webhook api conformance
This commit corrects some cases in the discord webhook payload that do
not align with the discord documentation
2024-10-08 22:43:28 +02:00
TimedIn
2feb3d03d7 feat: "assign to me" button on PRs and issues
includes:
Tests for assignees on issues
Move assignees selector of new Issue to assignees.tmpl
2024-10-08 18:36:37 +02:00
Kidsan
cf3ebab4ba fix: add length limit to discord webhook icon_url 2024-10-08 17:22:27 +02:00
JakobDev
fcc3dd228d
fix: correct documentation for non 200 responses in swagger 2024-10-07 18:36:07 +02:00
Zettat123
b67b7c1238
Fix the logic of finding the latest pull review commit ID (#32139)
Fix #31423

(cherry picked from commit f4b8f6fc40ce2869135372a5c6ec6418d27ebfba)

Conflicts:
	models/fixtures/comment.yml
  comment fixtures have to be shifted because there is one more in Forgejo
2024-10-06 07:44:28 +02:00
Kwonunn
b20c0b1469
fix: don't cancel schedule workflows on push to main branch 2024-10-05 12:14:44 +02:00
Otto
f7f7800460 Merge pull request 'feat: support regexp in git-grep search' (#4968) from yoctozepto/git-grep-regexp into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4968
Reviewed-by: Shiny Nematoda <snematoda@noreply.codeberg.org>
2024-10-04 17:10:14 +00:00
Otto
2c4a3d6641 Merge pull request 'Remove some Windows-specific files' (#5353) from 0ko/forgejo:no-windows into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5353
Reviewed-by: Otto <otto@codeberg.org>
2024-10-04 14:03:07 +00:00
Kwonunn
15a407a617
log concise repo names in lfs doctor
the old log prints the entire repo object
2024-10-03 16:15:08 +02:00
Earl Warren
d25a3709d9 Merge pull request 'chore: remove spurious comment in tests' (#5434) from earl-warren/forgejo:wip-container-cleanup into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5434
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-10-01 08:37:36 +00:00
Earl Warren
aec55ac1b6 Merge pull request '[gitea] week 2024-40 cherry pick (gitea/main -> forgejo)' (#5416) from earl-warren/wcp/2024-40 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5416
Reviewed-by: Shiny Nematoda <snematoda@noreply.codeberg.org>
2024-10-01 07:52:05 +00:00
Earl Warren
2099c2af7c
chore: remove spurious comment in tests 2024-09-30 18:47:30 +02:00
Earl Warren
0a5fd7fdb8
fix: referenced sha256:* container images may be deleted
The inventory of the sha256:* images and the manifest index that
reference them is incomplete because it does not take into account any
image older than the expiration limit. As a result some sha256:* will
be considered orphaned although they are referenced from a manifest
index that was created more recently than the expiration limit.

There must not be any filtering based on the creation time when
building the inventory. The expiration limit must only be taken into
account when deleting orphaned images: those that are more recent than
the expiration limit must not be deleted.

This limit is specially important because it protects against a race
between a cleanup task and an ongoing mirroring task. A mirroring
task (such as skopeo sync) will first upload sha256:* images and then
create the corresponding manifest index. If a cleanup races against
it, the sha256:* images that are not yet referenced will be deleted
without skopeo noticing and the published index manifest that happens
at a later time will contain references to non-existent images.
2024-09-30 16:56:21 +02:00
Lunny Xiao
b496317b5a
Fix bug when deleting a migrated branch (#32075)
After migrating a repository with pull request, the branch is missed and
after the pull request merged, the branch cannot be deleted.

(cherry picked from commit 5a8568459d22e57cac506465463660526ca6a08f)

Conflicts:
	services/repository/branch.go
  conflict because of [GITEA] Fix typo in formatting error e71b5a038e
2024-09-29 10:37:39 +02:00
Kemal Zebari
30b8b45e5e
Truncate commit message during Discord webhook push events (#31970)
Resolves #31668.

(cherry picked from commit aadbe0488f454b9f7f5a56765f4530f9d1e2c6ec)
2024-09-29 10:25:52 +02:00
Exploding Dragon
89742c4913 feat: add architecture-specific removal support for arch package (#5351)
- [x] add architecture-specific removal support
- [x] Fix upload competition
- [x] Fix not checking input when downloading

docs: https://codeberg.org/forgejo/docs/pulls/874

### Release notes

- [ ] I do not want this change to show in the release notes.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5351
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
Co-committed-by: Exploding Dragon <explodingfkl@gmail.com>
2024-09-27 08:21:22 +00:00
Earl Warren
89d9307d56 Merge pull request '[gitea] week 2024-39 cherry pick (gitea/main -> forgejo)' (#5372) from earl-warren/wcp/2024-39 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5372
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-09-27 08:12:43 +00:00
Earl Warren
6275d1bc50
Refactor CSRF protector (#32057) (fix forgejo tests)
Fix the tests unique to Forgejo that are impacted by the refactor.
2024-09-27 08:42:48 +02:00
wxiaoguang
1ae3b127fc
Refactor CSRF protector (#32057)
Remove unused CSRF options, decouple "new csrf protector" and "prepare"
logic, do not redirect to home page if CSRF validation falis (it
shouldn't happen in daily usage, if it happens, redirecting to home
doesn't help either but just makes the problem more complex for "fetch")

(cherry picked from commit 1fede04b83288d8a91304a83b7601699bb5cba04)

Conflicts:
	options/locale/locale_en-US.ini
	tests/integration/repo_branch_test.go
  trivial context conflicts
2024-09-27 08:42:48 +02:00
Exploding Dragon
a6508f5b03 Fix: database not updated when using git push --tags --force (#5319)
Closes #4274

link: https://github.com/go-gitea/gitea/pull/32040

### Release notes

- [ ] I do not want this change to show in the release notes.

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5319): <!--number 5319 --><!--line 0 --><!--description Rml4OiBkYXRhYmFzZSBub3QgdXBkYXRlZCB3aGVuIHVzaW5nIGBnaXQgcHVzaCAtLXRhZ3MgLS1mb3JjZWA=-->Fix: database not updated when using `git push --tags --force`<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5319
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
Co-committed-by: Exploding Dragon <explodingfkl@gmail.com>
2024-09-22 07:35:25 +00:00
KN4CK3R
0cafec4c7a
Do not escape relative path in RPM primary index (#32038)
Fixes #32021

Do not escape the relative path.

(cherry picked from commit f528df944bb9436afcb9272add2ee0cccefbdb55)
2024-09-22 09:07:45 +02:00
0ko
d7aa109dc6 chore: remove some Windows-specific files 2024-09-19 20:39:55 +05:00
Radosław Piliszek
6d6116857c git-grep: support regexp 2024-09-16 16:20:40 +02:00
Kemal Zebari
eb765dabfd
Handle invalid target when creating releases using API (#31841)
A 500 status code was thrown when passing a non-existent target to the
create release API. This snapshot handles this error and instead throws
a 404 status code.

Discovered while working on #31840.

(cherry picked from commit f05d9c98c4cb95e3a8a71bf3e2f8f4529e09f96f)
2024-09-14 18:45:18 +02:00
charles-plutohealth
5af168fb92
Fix /repos/{owner}/{repo}/pulls/{index}/files endpoint not populating previous_filename (#32017)
---
`status == "rename"` should have read `status == "renamed"`. The typo
means that file.PreviousFilename would never be populated, which e.g.
breaks usage of the Github Action at
https://github.com/dorny/paths-filter.

(cherry picked from commit 7c6edf1ba06d4c3269eaa78f4039c9123b006c51)
2024-09-14 17:53:55 +02:00
Jason Song
2da0ebbd23
Support allowed hosts for migrations to work with proxy (#32025)
(cherry picked from commit 125679f2e14cdc8a26a147f7e8fd0e5f174fb5cb)
2024-09-14 17:52:54 +02:00
Moritz Kobel
7724559a8e migrate scoped gitlab labels as scoped forgejo labels
* fix handling of scoped labels
* change gitlab migration test repo from gitea to forgejo
* rewrite test for new gitlab test_repo, add scoped labels
2024-09-08 09:13:02 +00:00
Radosław Piliszek
f0a6ea454f chore: remove extra go-sqlite3 imports
go-sqlite3 is already properly included conditionally within the
`modules/setting` package.
2024-09-06 09:36:08 +00:00
Zettat123
1751825256
Handle "close" actionable references for manual merges (#31879)
Fix #31743

(cherry picked from commit 725a3ed9ad110f8354303140f527326c64f42dc8)
2024-09-01 08:07:27 +02:00
Gusted
c87655b7ff Merge pull request '[CHORE] Move cache & captcha library' (#5146) from gusted/forgejo-captcha into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5146
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-29 08:02:09 +00:00
Solomon Victorino
471567b3ba fix: use ValidateEmail as binding across web forms 2024-08-28 22:25:17 -06:00
Gusted
5a871f6095
[SEC] Ensure propagation of API scopes for Conan and Container authentication
- The Conan and Container packages use a different type of
authentication. It first authenticates via the regular way (api tokens
or user:password, handled via `auth.Basic`) and then generates a JWT
token that is used by the package software (such as Docker) to do the
action they wanted to do. This JWT token didn't properly propagate the
API scopes that the token was generated for, and thus could lead to a
'scope escalation' within the Conan and Container packages, read
access to write access.
- Store the API scope in the JWT token, so it can be propagated on
subsequent calls that uses that JWT token.
- Integration test added.
- Resolves #5128
2024-08-28 10:33:32 +02:00
Gusted
bf0d100b84
[CHORE] Move cache library
- This is in the spirit of #5090.
- Move to a fork of gitea.com/go-chi/cache,
code.forgejo.org/go-chi/cache. It removes unused code (a lot of
adapters, that can't be used by Forgejo) and unused dependencies (see
go.sum). Also updates existing dependencies.
8c64f1a362..main
2024-08-27 21:28:56 +02:00
Gusted
0404662e99
[CHORE] Move captcha library
- This is a fork of https://github.com/dchest/captcha, as
https://gitea.com/go-chi/captcha is a fork of
github.com/go-macaron/captcha which is a fork (although not properly
credited) of a older version of https://github.com/dchest/captcha. Hence
why I've just forked the original.
- The fork includes some QoL improvements (uses standard library for
determistic RNG instead of rolling your own crypto), and removal of
audio support (500KiB unused data that bloated the binary otherwise).
Flips the image over the x-asis.
47270f2b55..main
- This move is needed for the next commit, because
gitea.com/go-chi/captcha included the gitea.com/go-chi/cache dependency.
2024-08-27 21:28:16 +02:00
Earl Warren
9addaedaf3 Merge pull request '[gitea] week 2024-35 cherry pick (gitea/main -> forgejo)' (#5109) from algernon/wcp/2024-35 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5109
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-27 06:09:19 +00:00
Otto Richter
94af0e53e5 fix: correct doctor commands and rename to forgejo
The syntax is `doctor check --run` , see https://forgejo.org/docs/latest/admin/command-line/#doctor
2024-08-27 02:40:55 +02:00
Otto
e5ea08b38b Merge pull request 'feat: Improve diffs generated by Forgejo' (#5110) from fnetx/better-diffs into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5110
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-26 18:47:21 +00:00
Gusted
d623126103 Merge pull request '[PORT] Refactor the usage of batch catfile (gitea#31754)' (#5122) from gusted/forgejo-port-gt-31754 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5122
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-26 16:04:47 +00:00
Gusted
58ee9fdc4a feat: Improve diff being generated
Add `DiffCleanupSemantic` into the mix when generated diffs (PR review,
commit view and issue/comment history). This avoids trying to produce a
optimal diff and tries to reduce the amount of edits, by combing them
into larger edits, which is nicer and easier to 'look at'. There's no
need for a perfect minimal diff, as the output isn't being parsed by a
computer, it's parsed by people.

Ref: https://codeberg.org/forgejo/forgejo/issues/4996
2024-08-26 13:58:17 +02:00
Earl Warren
e2ae389184 Merge pull request '[CHORE] Move to new sessioner library' (#5090) from gusted/forgejo-sessioner-fork into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5090
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-26 07:31:56 +00:00
Gusted
b44dcf553c
[TESTS] Fix usage of LoadRepoCommit
It loads the Commit with a temporary open GitRepo. This is incorrect,
the GitRepo should be open as long as the Commit can be used. This
mainly removes the usage of this function as it's not needed.
2024-08-26 08:03:48 +02:00
Lunny Xiao
dda53569b1
Fix agit automerge (#31207)
(cherry picked from commit 8b92eba21f5c5cca277b8101ada0ea7a1fb32ae0)
2024-08-25 10:47:37 +02:00
Lunny Xiao
bdf477f6ef
Fix actions notify bug (#31866)
Try to fix
https://github.com/go-gitea/gitea/issues/31757#issuecomment-2295131062

(cherry picked from commit 4f5c96627b4622d64593db2d436b1f3befa5f3c3)
2024-08-25 10:41:24 +02:00
Gusted
fc40a5e242
[CHORE] Move to new sessioner library
- Moves to a fork of gitea.com/go-chi/session that removed support for
couchbase (and ledis, but that was never made available in Forgejo)
along with other code improvements.
f8ce677595..main
- The rationale for removing Couchbase is quite simple. Its not licensed
under FOSS
license (https://www.couchbase.com/blog/couchbase-adopts-bsl-license/)
and therefore cannot be tested by Forgejo and shouldn't be supported.
This is a similair vein to the removal of MSSQL
support (https://codeberg.org/forgejo/discussions/issues/122)
- A additional benefit is that this reduces the Forgejo binary by ~600Kb.
2024-08-25 03:47:08 +02:00
Gusted
f78e397dd6
[TESTS] Move CreateDeclarativeRepo to more accessible location
- This allows `CreateDeclarativeRepo` to be used by other testing
packages such as E2EE testing.
- Removes unused function in `services/webhook/sourcehut/builds_test.go`.
2024-08-25 02:54:43 +02:00
Gusted
78e4736db6 Merge pull request '[BUG] First user created through reverse proxy should be admin' (#4549) from gusted/forgejo-reverseproxy-admin into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4549
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Radosław Piliszek <radek@piliszek.it>
2024-08-24 22:45:32 +00:00
Gusted
a72be741d4 Merge pull request 'Update module github.com/google/go-github/v63 to v64 (forgejo)' (#5101) from renovate/forgejo-github.com-google-go-github-v63-64.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5101
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-24 18:43:11 +00:00
Gusted
5dbacb70f4 Merge pull request 'Allow pushmirror to use publickey authentication' (#4819) from ironmagma/forgejo:publickey-auth-push-mirror into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4819
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-24 16:53:56 +00:00
Renovate Bot
c111730d08 Update module github.com/google/go-github/v63 to v64 2024-08-24 16:05:36 +00:00
Philip Peterson
03508b33a8
[FEAT] Allow pushmirror to use publickey authentication
- Continuation of https://github.com/go-gitea/gitea/pull/18835 (by
@Gusted, so it's fine to change copyright holder to Forgejo).
- Add the option to use SSH for push mirrors, this would allow for the
deploy keys feature to be used and not require tokens to be used which
cannot be limited to a specific repository. The private key is stored
encrypted (via the `keying` module) on the database and NEVER given to
the user, to avoid accidental exposure and misuse.
- CAVEAT: This does require the `ssh` binary to be present, which may
not be available in containerized environments, this could be solved by
adding a SSH client into forgejo itself and use the forgejo binary as
SSH command, but should be done in another PR.
- CAVEAT: Mirroring of LFS content is not supported, this would require
the previous stated problem to be solved due to LFS authentication (an
attempt was made at forgejo/forgejo#2544).
- Integration test added.
- Resolves #4416
2024-08-22 17:05:07 +02:00
Earl Warren
f19f31ac73
cron task to cleanup dangling container images with version sha256:*
Fixes: https://codeberg.org/forgejo/forgejo/issues/4378
2024-08-22 09:10:15 +02:00
Gusted
0692cc2cc1
[BUG] First user created through reverse proxy should be admin
- Currently users created through the reverse proxy aren't created
trough the normal route of `createAndHandleCreatedUser` as this does a
lot of other routines which aren't necessary for the reverse proxy auth,
however one routine is important to have: the first created user should
be an admin. This patch adds that code
- Adds unit test.
- Resolves #4437
2024-08-19 21:04:35 +02:00
Earl Warren
7e37c4d831 Merge pull request '[BUG] Don't fire notification for comment of pending review' (#4487) from gusted/webhook-issue into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4487
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-19 09:04:50 +00:00
Earl Warren
51620ab0f3 Merge pull request 'Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.60.1 (forgejo)' (#4953) from renovate/forgejo-github.com-golangci-golangci-lint-cmd-golangci-lint-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4953
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-19 07:38:14 +00:00
Earl Warren
90e03e410a Merge pull request 'feat: upgrade F3 to v3.7.0' (#5004) from earl-warren/forgejo:wip-f3 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5004
Reviewed-by: Otto <otto@codeberg.org>
2024-08-18 19:30:15 +00:00
limiting-factor
b26a0aea19
feat: upgrade F3 to v3.7.0
* support changing label colors
* support changing issue state
* use helpers to keep type conversions DRY
* drop the x/exp license because it is no longer used

The tests are performed by the gof3 compliance suite
2024-08-18 19:39:20 +02:00
Gusted
15c64122a6
[BUG] Don't fire notification for comment of pending review
- When a comment was updated or deleted and was part of an
pending/ongoing review, it would have triggered a notification, such as
a webhook.
- This patch checks if the comment is part of a pending review and then
does not fire a notification and, in the case of updating a comment,
does not save the content history because this is not necessary if it is
still a "draft" comment given it is a pending comment (there is no need
to see my embarrassing typos).
- Adds integration tests.
- Resolves https://codeberg.org/forgejo/forgejo/issues/4368
2024-08-18 17:04:00 +02:00
Gusted
fe18428806
Fix linting issues 2024-08-18 16:25:13 +02:00
TheFox0x7
8322882265
style: reenable switch check 2024-08-18 15:19:01 +02:00
Earl Warren
24eb401a0a Merge pull request 'Enhancing Gitea OAuth2 Provider with Granular Scopes for Resource Access' (#4449) from marcellmars/forgejo:forgejo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4449
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-16 12:38:15 +00:00
Otto
b77f45f46b Merge pull request 'Revert "Prevent allow/reject reviews on merged/closed PRs"' (#4907) from caesar/forgejo:revert-no-closed-pr-review into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4907
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-08-13 23:25:54 +00:00
Otto
01affa0908 Merge pull request 'fix: Run full PR checks on agit push' (#4885) from viceice/forgejo:fix/agit/force-push into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4885
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-08-13 18:23:40 +00:00