Template
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo synced 2024-11-24 10:46:10 +01:00
Commit graph

14223 commits

Author SHA1 Message Date
Gusted 70cf3e76b8
[PRIVACY] Add a DNS method to fetch new updates
- Use TXT records in order to determine the latest available version.
- This addresses a valid privacy issue, as with HTTP requests the server
can keep track(estimated) of how many instances are using Forgejo, with
DNS that's basically not possible as the server will never receive any
data, as the only ones receiving data are DNS resolvers.

(cherry picked from commit e68aaa0c16)
2023-02-20 16:38:08 +01:00
Gusted e4061e1010
[PRIVACY] Disable update_checker cron tasks
- This is being disabled as it will weekly connect to a domain.
- This only affects existing installations, as new installations will
have a explicit value being written into app.ini due to https://github.com/go-gitea/gitea/pull/21655

(cherry picked from commit 6c81fc8f9c)
2023-02-20 16:38:08 +01:00
Earl Warren 82edd2421c
[API] Forgejo API /api/forgejo/v1 2023-02-20 15:09:29 +01:00
Percy Ma af47016bad
[DOCS] LICENSE: add Forgejo Authors
(cherry picked from commit 7c98a4c54e)
2023-02-20 15:05:24 +01:00
Loïc Dachary 75bf53d14f
[DOCS] RELEASE-NOTES.md 2023-02-20 15:05:24 +01:00
Loïc Dachary 6386f9dfc1
[WORKFLOW] issues & pr templates
(cherry picked from commit 9dd224f00c)
2023-02-20 15:05:24 +01:00
Loïc Dachary d18cb242ed
[DOCS] README
(cherry picked from commit a47b474586)
2023-02-20 15:05:24 +01:00
Loïc Dachary f46d4279c7
[DOCS] CONTRIBUTING
Refs: https://codeberg.org/forgejo/forgejo/issues/8
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/153
Refs: https://codeberg.org/forgejo/forgejo/issues/123
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/299
2023-02-20 15:05:24 +01:00
Loïc Dachary e772c9bacf
delete Gitea specific files that need rewriting for Forgejo
Although it would be possible to modify these files, it would create
conflicts when rebasing. Instead, this commit removes them entirely
and another commit can start from scratch, borrowing content from the
original files.

The drawback of this approach is that some content updates from Gitea
that also need updating in Forgejo will have to be copy/pasted
instead of being merged.

(cherry picked from commit eb85782115)
2023-02-20 15:05:22 +01:00
Loïc Dachary 5cf88a1824
[CI] use test-env:1.18
(cherry picked from commit ae6474ba93)
2023-02-20 13:55:45 +01:00
Loïc Dachary e66cfb6567
[CI] implementation: forgejo container images
(cherry picked from commit e280a94204)
2023-02-20 13:55:44 +01:00
Loïc Dachary 35a0ebbb71
[CI] implementation: Woodpecker based CI 2023-02-20 13:55:44 +01:00
Loïc Dachary abdc1f7e60
[CI] implementation: publish forgejo- binaries instead of gitea-
(cherry picked from commit 3628d16aa3)
2023-02-20 13:49:41 +01:00
Gary Moon ee09afbb4a
Skip GitHub migration tests if the API token is undefined (#21824)
GitHub migration tests will be skipped if the secret for the GitHub API
token hasn't been set.

This change should make all tests pass (or skip in the case of this one)
for anyone running the pipeline on their own infrastructure without
further action on their part.

Resolves https://github.com/go-gitea/gitea/issues/21739

Signed-off-by: Gary Moon <gary@garymoon.net>
(cherry picked from commit af149bd91f)
2023-02-20 13:49:41 +01:00
Lunny Xiao 4c7786b3b6
Add 1.18.4 changelog (#22991)
Feel free to change the content. @go-gitea/maintainers

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-02-20 10:45:07 +08:00
zeripath c702e7995d
Provide the ability to set password hash algorithm parameters (#22942) (#22943)
Backport #22942

This PR refactors and improves the password hashing code within gitea
and makes it possible for server administrators to set the password
hashing parameters

In addition it takes the opportunity to adjust the settings for `pbkdf2`
in order to make the hashing a little stronger.

The majority of this work was inspired by PR #14751 and I would like to
thank @boppy for their work on this.

Thanks to @gusted for the suggestion to adjust the `pbkdf2` hashing
parameters.

Close #14751

---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-19 15:35:52 +08:00
Yarden Shoham b2e58edd74
Notify on container image create (#22806) (#22965)
Backport #22806

Fixes #22791

---------

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-18 21:54:22 +08:00
Yarden Shoham 98b7714c3b
Fix 404 error viewing the LFS file (#22945) (#22948)
Backport #22945

Fix #22734.

According to
[`view_file.tmpl`](https://github.com/go-gitea/gitea/blob/main/templates/repo/view_file.tmpl#L82),
`lfs_file.tmpl` should use `AssetUrlPrefix` instead of `AppSubUrl`.

Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
2023-02-17 15:22:05 +08:00
zeripath 9da4642c8c
Fix blame view missing lines (#22826) (#22929)
Backport #22826

Creating a new buffered reader for every part of the blame can miss
lines, as it will read and buffer bytes that the next buffered reader
will not get.

---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Brecht Van Lommel <brecht@blender.org>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-17 10:19:24 +08:00
Lunny Xiao 1d191f9b5a
some refactor about code comments(#20821) (#22707)
fix #22691
backport #20821

Co-authored-by: zeripath <art27@cantab.net>
2023-02-16 21:21:25 +08:00
zeripath 2e1afd54b2
Add command to bulk set must-change-password (#22823) (#22928)
Backport #22823

As part of administration sometimes it is appropriate to forcibly tell
users to update their passwords.

This PR creates a new command `gitea admin user must-change-password`
which will set the `MustChangePassword` flag on the provided users.
---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Jason Song <i@wolfogre.com>
2023-02-16 20:33:24 +08:00
Yarden Shoham 9e68261ca7
fix incorrect role labels for migrated issues and comments (#22914) (#22923)
Backport #22914

Fix #22797.

## Reason
If a comment was migrated from other platforms, this comment may have an
original author and its poster is always not the original author. When
the `roleDescriptor` func get the poster's role descriptor for a
comment, it does not check if the comment has an original author. So the
migrated comments' original authors might be marked as incorrect roles.

Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-16 11:19:46 +08:00
zeripath e4238583db
Improve trace logging for pulls and processes (#22633) (#22812)
Backport #22633

Our trace logging is far from perfect and is difficult to follow.

This PR:

* Add trace logging for process manager add and remove.
* Fixes an errant read file for git refs in getMergeCommit
* Brings in the pullrequest `String` and `ColorFormat` methods
introduced in #22568
* Adds a lot more logging in to testPR etc.

Ref #22578

---------
Signed-off-by: Andrew Thornton <art27@cantab.net>
2023-02-13 11:17:36 +08:00
Yarden Shoham 656d5a144f
Fix PR file tree folders no longer collapsing (#22864) (#22872)
Backport #22864

Collapsing folders currently just throws a console error

```
index.js?v=1.19.0~dev-403-gb6b8feb3d:10 TypeError: this.$set is not a function
    at Proxy.handleClick (index.js?v=1.19.0~dev-403-gb6b8feb3d:58:7159)
    at index.js?v=1.19.0~dev-403-gb6b8feb3d:58:6466
    at index.js?v=1.19.0~dev-403-gb6b8feb3d:10:93922
    at ce (index.js?v=1.19.0~dev-403-gb6b8feb3d:10:1472)
    at Q (index.js?v=1.19.0~dev-403-gb6b8feb3d:10:1567)
    at HTMLDivElement.$e (index.js?v=1.19.0~dev-403-gb6b8feb3d:10:79198)
```

This PR fixes this and allows folders to be collapsed again.

Also:
- better cursor interaction with folders
- added some color to the diff detail stats
- remove green link color from all the file names

Screenshots:

![image](https://user-images.githubusercontent.com/9765622/218269712-2f3dda55-6d70-407f-8d34-2a5d9c8df548.png)

![image](https://user-images.githubusercontent.com/9765622/218269714-6ce8a954-daea-4ed6-9eea-8b2323db4d8f.png)

Co-authored-by: gempir <daniel.pasch.s@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-12 13:14:19 +02:00
Yarden Shoham 43d1183f67
escape filename when assemble URL (#22850) (#22871)
Backport #22850

Fixes: #22843 

### Cause:

affdd40296/services/repository/files/content.go (L161)

Previously, we did not escape the **"%"** that might be in "treePath"
when call "url.parse()".


![image](https://user-images.githubusercontent.com/33891828/218066318-5a909e50-2a17-46e6-b32f-684b2aa4b91f.png)

This function will check whether "%" is the beginning of an escape
character. Obviously, the "%" in the example (hello%mother.txt) is not
that. So, the function will return a error.

### Solution:
We can escape "treePath" by call "url.PathEscape()" function firstly.

### Screenshot:

![image](https://user-images.githubusercontent.com/33891828/218069781-1a030f8b-18d0-4804-b0f8-73997849ef43.png)

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: sillyguodong <33891828+sillyguodong@users.noreply.github.com>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2023-02-12 09:39:52 +00:00
Gusted 8fa419c4c1
Use proxy for pull mirror (#22771) (#22772)
- Backport #22771
  - Use the proxy (if one is specified) for pull mirrors syncs.
- Pulled the code from
c2774d9e80/modules/git/repo.go (L164-L170)
  - Downstream issue: https://codeberg.org/forgejo/forgejo/issues/302

---------

Co-authored-by: zeripath <art27@cantab.net>
2023-02-11 16:11:54 +08:00
Jason Song 77c89572e9
Fix isAllowed of escapeStreamer (#22814) (#22837)
Backport #22814.

The use of `sort.Search` is wrong: The slice should be sorted, and
`return >= 0` doen't mean it exists, see the
[manual](https://pkg.go.dev/sort#Search).

Could be fixed like this if we really need it:

```diff
diff --git a/modules/charset/escape_stream.go b/modules/charset/escape_stream.go
index 823b63513..fcf1ffbc1 100644
--- a/modules/charset/escape_stream.go
+++ b/modules/charset/escape_stream.go
@@ -20,6 +20,9 @@ import (
 var defaultWordRegexp = regexp.MustCompile(`(-?\d*\.\d\w*)|([^\` + "`" + `\~\!\@\#\$\%\^\&\*\(\)\-\=\+\[\{\]\}\\\|\;\:\'\"\,\.\<\>\/\?\s\x00-\x1f]+)`)

 func NewEscapeStreamer(locale translation.Locale, next HTMLStreamer, allowed ...rune) HTMLStreamer {
+       sort.Slice(allowed, func(i, j int) bool {
+               return allowed[i] < allowed[j]
+       })
        return &escapeStreamer{
                escaped:                 &EscapeStatus{},
                PassthroughHTMLStreamer: *NewPassthroughStreamer(next),
@@ -284,14 +287,8 @@ func (e *escapeStreamer) runeTypes(runes ...rune) (types []runeType, confusables
 }

 func (e *escapeStreamer) isAllowed(r rune) bool {
-       if len(e.allowed) == 0 {
-               return false
-       }
-       if len(e.allowed) == 1 {
-               return e.allowed[0] == r
-       }
-
-       return sort.Search(len(e.allowed), func(i int) bool {
+       i := sort.Search(len(e.allowed), func(i int) bool {
                return e.allowed[i] >= r
-       }) >= 0
+       })
+       return i < len(e.allowed) && e.allowed[i] == r
 }
```

But I don't think so, a map is better to do it.
2023-02-10 11:36:58 +08:00
John Olheiser 68b908d92a
Load issue before accessing index in merge message (#22822) (#22830)
Backport #22822

---------

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-02-09 16:53:14 -05:00
Yarden Shoham 638fbd0b78
add default user visibility to cli command "admin user create" (#22750) (#22760)
Backport #22750

Fixes https://github.com/go-gitea/gitea/issues/22523

Co-authored-by: yp05327 <576951401@qq.com>
2023-02-08 11:04:38 -06:00
Yarden Shoham 3647e62ef9
Fix color of tertiary button on dark theme (#22739) (#22744)
Backport #22739

Before:
<img width="266" alt="Screenshot 2023-02-03 at 14 07 34"
src="https://user-images.githubusercontent.com/115237/216611151-92e98305-c4b5-42f3-b2e2-8b1b805fa644.png">

After:
<img width="271" alt="Screenshot 2023-02-03 at 14 07 52"
src="https://user-images.githubusercontent.com/115237/216611156-878a8a75-39a1-415b-9b6d-4f035985444e.png">

This is the only instance of such a button in all templates.

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-08 23:44:40 +08:00
Yarden Shoham 37bbf2c902
Fix restore repo bug, clarify the problem of ForeignIndex (#22776) (#22794)
Backport #22776

Fix #22581

TLDR: #18446 made a mess with ForeignIndex and triggered a design
flaw/bug of #16356, then a quick patch #21271 helped #18446, then the
the bug was re-triggered by #21721 .

Related:
* #16356
* BasicIssueContext
https://github.com/go-gitea/gitea/pull/16356/files#diff-7938eb670d42a5ead6b08121e16aa4537a4d716c1cf37923c70470020fb9d036R16-R27
* #18446 
* If some issues were dumped without ForeignIndex, then they would be
imported as ForeignIndex=0
https://github.com/go-gitea/gitea/pull/18446/files#diff-1624a3e715d8fc70edf2db1630642b7d6517f8c359cc69d58c3958b34ba4ce5eR38-R39
* #21271
* It patched the above bug (somewhat), made the issues without
ForeignIndex could have the same value as LocalIndex
* #21721 
    * It re-triggered the zero-ForeignIndex bug.


ps: I am not sure whether the changes in `GetForeignIndex` are ideal (at
least, now it has almost the same behavior as BasicIssueContext in
#16356), it's just a quick fix. Feel free to edit on this PR directly or
replace it.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-02-08 08:39:42 +00:00
KN4CK3R a239d6c4a9
Use import of OCI structs (#22765) (#22805)
Backport of #22765

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-02-08 07:50:19 +08:00
Lunny Xiao ff2014690d
upgrade golangcilint to v1.51.0 (#22764)
With the upgrade to go 1.20 golangci-lint no longer correctly works. We must therefore upgrade to the latest golangci-lint.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-02-07 19:28:25 +00:00
wxiaoguang 03c644c48c
Escape path for the file list (#22741) (#22757)
Backport #22741
Fix #22740
2023-02-06 12:58:06 +00:00
Yarden Shoham 965376d476
use drone secrets for s3 config (#22770) (#22773) 2023-02-05 18:42:45 -05:00
zeripath 2e12161620
Fix bugs with WebAuthn preventing sign in and registration. (#22651) (#22721)
Partial Backport #22651

This PR fixes a longstanding bug within webauthn due to the backend
using URLEncodedBase64 but the javascript using decoding using plain
base64. This causes intermittent issues with users reporting decoding
errors.

Fix #22507

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-02 15:45:57 +08:00
crystal 9cde526f87
Fix line spacing for plaintext previews (#22699) (#22701)
Backport #22699

Adding `<br>` between each line is not necessary since the entire file
is rendered inside a `<pre>`

fixes https://codeberg.org/Codeberg/Community/issues/915
2023-02-01 22:06:58 +00:00
Yarden Shoham 4c20be7c00
Add missing close bracket in imagediff (#22710) (#22712)
Backport #22710

There was a missing `]` in imagediff.js:

```
const $range = $container.find("input[type='range'"); 
```

This PR simply adds this.

Fix #22702

Co-authored-by: zeripath <art27@cantab.net>
2023-02-01 12:30:52 +00:00
Yarden Shoham 263d06f616
Fix wrong hint when deleting a branch successfully from pull request UI (#22673) (#22698)
Backport #22673

Fix #18785

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-01 01:35:38 +00:00
crystal 6dc16c1154
Fix README TOC links (#22577) (#22677)
Backport #22577 

Fixes anchored markup links by adding `user-content-` (which is
prepended to IDs)

Closes https://codeberg.org/Codeberg/Community/issues/894
2023-01-31 17:23:19 +08:00
Gusted fd2c250b52
Don't return duplicated users who can create org repo (#22560) (#22562)
- Backport of #22560
- Currently the function `GetUsersWhoCanCreateOrgRepo` uses a query that
is able to have duplicated users in the result, this is can happen under
the condition that a user is in team that either is the owner team or
has permission to create organization repositories.
- Add test code to simulate the above condition for user 3,
[`TestGetUsersWhoCanCreateOrgRepo`](a1fcb1cfb8/models/organization/org_test.go (L435))
is the test function that tests for this.
  - The fix is quite trivial, use a map as a set to get distinct orgs.
2023-01-30 16:59:20 +00:00
John Olheiser e6d6bce1f6
Fix missing message in git hook when pull requests disabled on fork (#22625) (#22658)
Backport #22625

Co-authored-by: Brecht Van Lommel <brecht@blender.org>
2023-01-30 08:55:45 +08:00
zeripath a9ba7379fe
Improve checkIfPRContentChanged (#22611) (#22644)
Backport #22611

The code for checking if a commit has caused a change in a PR is
extremely inefficient and affects the head repository instead of using a
temporary repository.

This PR therefore makes several significant improvements:

* A temporary repo like that used in merging.
* The diff code is then significant improved to use a three-way diff
instead of comparing diffs (possibly binary) line-by-line - in memory...

Ref #22578

Signed-off-by: Andrew Thornton <art27@cantab.net>
2023-01-28 17:56:16 +00:00
Yarden Shoham 6be1d71e2b
Link issue and pull requests status change in UI notifications directly to their event in the timelined view. (#22627) (#22642)
Backport #22627

Adding the related comment to the issue and pull request status change
in the UI notifications allows to navigate directly to the specific
event in its dedicated view, easing the reading of last comments and to
the editor for additional comments if desired.

Co-authored-by: Felipe Leopoldo Sologuren Gutiérrez <fsologureng@users.noreply.github.com>
2023-01-28 15:51:00 +00:00
Yarden Shoham 9f5e44bf50
Use --index-url in PyPi description (#22620) (#22636) 2023-01-28 12:57:12 +08:00
Yarden Shoham f204ff4ef7
Prevent duplicate labels when importing more than 99 (#22591) (#22598)
Backport #22591

Importing labels (via `gitea restore-repo`) did not split them up into
batches properly. The first "batch" would create all labels, the second
"batch" would create all labels except those in the first "batch", etc.
This meant that when importing more than 99 labels (the batch size)
there would always be duplicate ones.

This is solved by actually passing `labels[:lbBatchSize]` to the
`CreateLabels()` function, instead of the entire list `labels`.

Co-authored-by: Sybren <122987084+drsybren@users.noreply.github.com>
2023-01-24 14:48:21 -06:00
John Olheiser f6cb7860a2
Changelog 1.18.3 (#22575)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-01-23 08:42:02 -06:00
Yarden Shoham 6068978c42
Prevent multiple To recipients (#22566) (#22569)
Backport #22566

Change the mailer interface to prevent the leaking of possible hidden
email addresses when sending to multiple recipients.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
2023-01-22 11:37:26 -06:00
Yarden Shoham c320caed97
Truncate commit summary on repo files table. (#22551) (#22552)
Backport #22551
There was an unintended regression in #21124 which assumed that
.commits-list .message-wrapper would only match the commit summaries on
/{owner}/{name}/commits/*. This assumption is incorrect as the
directory/file view also uses a .commits-list wrapper.

Rather than completely restructure this page this PR simply adjusts the
styling to again use display: inline-block; for #repo-files-table
.commit-list .message-wrapper

Fix #22360
2023-01-20 23:34:52 +08:00
silverwind f1c826ed29
Mute all links in issue timeline (#22534)
Backport of https://github.com/go-gitea/gitea/pull/22533.
https://github.com/go-gitea/gitea/pull/21799 introduced a regression
where some links in the issue timeline were not muted any more. Fix it
by replacing all `class="text grey"` with `class="text grey
muted-links"` in the file.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-01-20 00:18:58 -05:00