Commit graph

1046 commits

Author SHA1 Message Date
Otto Richter 3695f5d096 Parallelize playwright tests
- allow running with multiple workers (tested with up to four workers locally which
  didn't show signs of flakiness)
- prevent race condition with webauthn tests (running them in parallel
  on the same user could prevent another test from logging in)
- fix flakiness on CI action status (Chromium sometimes needs a long
  time to fill the href field, firefox is always faster)

This reverts commit e8585eff5c.
2024-09-11 16:53:51 +02:00
Otto Richter e4234fe6ab tests(e2e): remove unnecessary example test
The login behaviour is basically covered in login_user from utils_e2e.js, too.
2024-09-11 14:30:29 +02:00
Otto Richter a62521f241 New release form semantics
- correctly render labels without help text
- accessibility: fix external release button focus
- accessibility: test form aspects in browser test
2024-09-11 13:30:30 +02:00
Shiny Nematoda 6178a46fe2 feat: set fuzzy as default for issue search (#5270)
Closes #5225

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5270
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2024-09-10 15:57:58 +00:00
Otto Richter 0f3ba99ff0 Add detailed instructions for e2e testing
- rewrite parts of and improve README
- simplify repo declaration
- list coverage in workflow path filter
2024-09-09 14:06:10 +02:00
Otto Richter d06da0d9c6 Update integration test README
and remove outdated chinese version
2024-09-09 14:06:10 +02:00
Solomon Victorino 829e661c39 test: assert navigation URLs in release E2E test
- last one waits for release deletion before the next browser run
- disambiguates failures due to error responses
2024-09-01 10:33:29 -06:00
Otto 1004ecd56b Merge pull request 'fix: WIP toggle by reducing max issue title' (#5143) from fnetx/wip-toggle-workaround into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5143
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-29 21:05:35 +00:00
Gusted 38076a44d7 Merge pull request 'Update module github.com/go-webauthn/webauthn to v0.11.2 (forgejo)' (#5147) from renovate/forgejo-github.com-go-webauthn-webauthn-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5147
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-29 20:35:23 +00:00
Exploding Dragon 6eb88be6e8 Merge branch 'forgejo' into bugfix-arch 2024-08-29 12:39:16 +00:00
Gusted 63736e8301
[FEAT] Add support for webauthn credential level 3
- For WebAuthn Credential level 3, the `backup_eligible` and
`backup_state` flags are checked if they are consistent with the values
given on login. Forgejo never stored this data, so add a database
migration that makes all webauthn credentials 'legacy' and on the next
first use capture the values of `backup_eligible` and `backup_state`.
As suggested in https://github.com/go-webauthn/webauthn/discussions/219#discussioncomment-10429662
- Adds unit tests.
- Add E2E test.
2024-08-29 10:05:03 +02:00
Gusted c87655b7ff Merge pull request '[CHORE] Move cache & captcha library' (#5146) from gusted/forgejo-captcha into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5146
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-29 08:02:09 +00:00
Otto Richter 7eac5feb74 fix: WIP toggle by reducing max issue title
- when the PR title has the maximum length, the WIP toggle switch does nothing
- work around this by slightly reducing the max input size (- 10 characters for eventually long prefixes)
- test WIP toggling edge case in playwright

fix(e2e): increase timeouts

A look at recent runs suggests they should be increased globally. The timeouts in the config file have no timeout by default.
2024-08-29 01:36:58 +02:00
Exploding Dragon 95f6cb7513 Merge branch 'forgejo' into bugfix-arch 2024-08-28 10:48:33 +00:00
Gusted 5a871f6095
[SEC] Ensure propagation of API scopes for Conan and Container authentication
- The Conan and Container packages use a different type of
authentication. It first authenticates via the regular way (api tokens
or user:password, handled via `auth.Basic`) and then generates a JWT
token that is used by the package software (such as Docker) to do the
action they wanted to do. This JWT token didn't properly propagate the
API scopes that the token was generated for, and thus could lead to a
'scope escalation' within the Conan and Container packages, read
access to write access.
- Store the API scope in the JWT token, so it can be propagated on
subsequent calls that uses that JWT token.
- Integration test added.
- Resolves #5128
2024-08-28 10:33:32 +02:00
Exploding Dragon 3a55604d3c Merge branch 'forgejo' into bugfix-arch 2024-08-28 00:38:10 +00:00
Gusted 0404662e99
[CHORE] Move captcha library
- This is a fork of https://github.com/dchest/captcha, as
https://gitea.com/go-chi/captcha is a fork of
github.com/go-macaron/captcha which is a fork (although not properly
credited) of a older version of https://github.com/dchest/captcha. Hence
why I've just forked the original.
- The fork includes some QoL improvements (uses standard library for
determistic RNG instead of rolling your own crypto), and removal of
audio support (500KiB unused data that bloated the binary otherwise).
Flips the image over the x-asis.
47270f2b55..main
- This move is needed for the next commit, because
gitea.com/go-chi/captcha included the gitea.com/go-chi/cache dependency.
2024-08-27 21:28:16 +02:00
Earl Warren 9addaedaf3 Merge pull request '[gitea] week 2024-35 cherry pick (gitea/main -> forgejo)' (#5109) from algernon/wcp/2024-35 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5109
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-27 06:09:19 +00:00
Exploding Dragon bc4849a904 Merge branch 'forgejo' into bugfix-arch 2024-08-27 02:34:54 +00:00
dragon 60b54c42ec add zst,xz,gz tests 2024-08-27 10:02:43 +08:00
dragon 97ec997a04 add zst,xz,gz tests 2024-08-27 09:58:08 +08:00
Otto bf65f1e510 Merge pull request 'feat: Trivial default quota configuration' (#5125) from algernon/forgejo:falling-in-reverse into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5125
Reviewed-by: Otto <otto@codeberg.org>
2024-08-27 01:22:41 +00:00
Otto c856f77622 Merge pull request 'Update links affected by the renaming of 'developer' documentation sub-path into 'contributor'' (#5129) from floss4good/forgejo__forgejo:contrib-doc into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5129
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-08-26 18:50:40 +00:00
Otto e5ea08b38b Merge pull request 'feat: Improve diffs generated by Forgejo' (#5110) from fnetx/better-diffs into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5110
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-26 18:47:21 +00:00
Gusted d623126103 Merge pull request '[PORT] Refactor the usage of batch catfile (gitea#31754)' (#5122) from gusted/forgejo-port-gt-31754 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5122
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-26 16:04:47 +00:00
floss4good 5879cdc6fa
Update the translator contributing guide from user language settings. 2024-08-26 17:43:35 +03:00
Otto Richter d97e36f6d7 Playwright testing for commit diffs
includes:

- easier repo declaration for playwright tests by @Gusted
- full backend build for pushing Git repos by @Gusted
- playwright testing (which fails with the current diff algorithm, but
  passes with the new)
- disable eslint rule for conditional expect, because it defeats the
  purpose (working around it would result in much more complex test code
  in our cases)
2024-08-26 13:57:42 +02:00
Gergely Nagy 3b70949651
feat: Trivial default quota configuration
This adds a new configuration setting: `[quota.default].TOTAL`, which
will be used if no groups are configured for a particular user. The new
option makes it possible to entirely skip configuring quotas via the API
if all that one wants is a total size.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-08-26 13:25:34 +02:00
Earl Warren 190b5a3859 Merge pull request '[FIX] Don't allow SSH authentication without ssh executable' (#5123) from gusted/forgejo-prevent-no-ssh into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5123
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-26 08:03:52 +00:00
Earl Warren e2ae389184 Merge pull request '[CHORE] Move to new sessioner library' (#5090) from gusted/forgejo-sessioner-fork into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5090
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-26 07:31:56 +00:00
Gusted 1a68d14cf8
[FIX] Don't allow SSH authentication without ssh executable
- Follow up of #4819
- When no `ssh` executable is present, disable the UI and backend bits
that allow the creation of push mirrors that use SSH authentication. As
this feature requires the usage of the `ssh` binary.
- Integration test added.
2024-08-26 08:58:35 +02:00
Gusted b44dcf553c
[TESTS] Fix usage of LoadRepoCommit
It loads the Commit with a temporary open GitRepo. This is incorrect,
the GitRepo should be open as long as the Commit can be used. This
mainly removes the usage of this function as it's not needed.
2024-08-26 08:03:48 +02:00
Otto 32735b1e61 Merge pull request '[TESTS] Move CreateDeclarativeRepo to more accessible location' (#5108) from gusted/forgejo-chore-declerative-repo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5108
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-08-25 11:15:22 +00:00
Gergely Nagy 0aa3e6e4e4
tests: Use require.NoError in tests picked from Gitea
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-08-25 13:02:19 +02:00
Lunny Xiao dda53569b1
Fix agit automerge (#31207)
(cherry picked from commit 8b92eba21f5c5cca277b8101ada0ea7a1fb32ae0)
2024-08-25 10:47:37 +02:00
Lunny Xiao bdf477f6ef
Fix actions notify bug (#31866)
Try to fix
https://github.com/go-gitea/gitea/issues/31757#issuecomment-2295131062

(cherry picked from commit 4f5c96627b4622d64593db2d436b1f3befa5f3c3)
2024-08-25 10:41:24 +02:00
Gusted fc40a5e242
[CHORE] Move to new sessioner library
- Moves to a fork of gitea.com/go-chi/session that removed support for
couchbase (and ledis, but that was never made available in Forgejo)
along with other code improvements.
f8ce677595..main
- The rationale for removing Couchbase is quite simple. Its not licensed
under FOSS
license (https://www.couchbase.com/blog/couchbase-adopts-bsl-license/)
and therefore cannot be tested by Forgejo and shouldn't be supported.
This is a similair vein to the removal of MSSQL
support (https://codeberg.org/forgejo/discussions/issues/122)
- A additional benefit is that this reduces the Forgejo binary by ~600Kb.
2024-08-25 03:47:08 +02:00
Gusted f78e397dd6
[TESTS] Move CreateDeclarativeRepo to more accessible location
- This allows `CreateDeclarativeRepo` to be used by other testing
packages such as E2EE testing.
- Removes unused function in `services/webhook/sourcehut/builds_test.go`.
2024-08-25 02:54:43 +02:00
Gusted 4f54918381 Merge pull request 'fix(ui): prevent exceptions on other users' repo migration pages' (#4875) from solomonv/forgejo:fix-migration-guest-exception into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4875
Reviewed-by: Caesar Schinas <caesar@caesarschinas.com>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-24 23:49:20 +00:00
Gusted 5dbacb70f4 Merge pull request 'Allow pushmirror to use publickey authentication' (#4819) from ironmagma/forgejo:publickey-auth-push-mirror into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4819
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-24 16:53:56 +00:00
Otto Richter 00276dfc30 feat(i18n): Branch protection improvements
- adds a header to indicate creating a new rule
  - test that header is different between new and edit form
- consistently avoids colons in the form
- excludes some accessibility checks that require a global solution for
  forms
2024-08-22 22:05:12 +02:00
Earl Warren 3bbd129270 Merge pull request 'Reintroduce tests of updated pull request icons' (#4598) from bramh/forgejo:update-pr-icons into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4598
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-22 16:54:28 +00:00
Bram Hagens 7f62acb4d9 ui: fix go to citation button url (#4597)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4597
Reviewed-by: Ghost <twenty-panda@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Bram Hagens <bram@bramh.me>
Co-committed-by: Bram Hagens <bram@bramh.me>
2024-08-22 15:36:12 +00:00
Bram Hagens d39c8fec8c
ui: update pull request icons
Added a new icon for closed PRs (similar to GitHub, GitLab, etc),
Fixes https://codeberg.org/forgejo/forgejo/issues/4454.

Before:
- https://codeberg.org/attachments/b17c5846-506f-4b32-97c9-03f31c5ff758
- https://codeberg.org/attachments/babcd011-d340-4a9e-94db-ea17ef6d3c2b
- https://codeberg.org/attachments/dbca009a-413e-48ab-84b1-55ad7f4fcd3d

After:
- https://codeberg.org/attachments/3e161f7b-4172-4a8c-a8eb-54bcf81c0cae
- https://codeberg.org/attachments/0c308f7e-25a0-49a3-9c86-1b1f9ab39467
- https://codeberg.org/attachments/b982b6b8-c78a-4332-8269-50d01de834e0

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4455
Reviewed-by: Caesar Schinas <caesar@caesarschinas.com>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Bram Hagens <bram@bramh.me>
Co-committed-by: Bram Hagens <bram@bramh.me>
2024-08-22 17:06:10 +02:00
Philip Peterson 03508b33a8
[FEAT] Allow pushmirror to use publickey authentication
- Continuation of https://github.com/go-gitea/gitea/pull/18835 (by
@Gusted, so it's fine to change copyright holder to Forgejo).
- Add the option to use SSH for push mirrors, this would allow for the
deploy keys feature to be used and not require tokens to be used which
cannot be limited to a specific repository. The private key is stored
encrypted (via the `keying` module) on the database and NEVER given to
the user, to avoid accidental exposure and misuse.
- CAVEAT: This does require the `ssh` binary to be present, which may
not be available in containerized environments, this could be solved by
adding a SSH client into forgejo itself and use the forgejo binary as
SSH command, but should be done in another PR.
- CAVEAT: Mirroring of LFS content is not supported, this would require
the previous stated problem to be solved due to LFS authentication (an
attempt was made at forgejo/forgejo#2544).
- Integration test added.
- Resolves #4416
2024-08-22 17:05:07 +02:00
Earl Warren f19f31ac73
cron task to cleanup dangling container images with version sha256:*
Fixes: https://codeberg.org/forgejo/forgejo/issues/4378
2024-08-22 09:10:15 +02:00
Solomon Victorino a4814bca2d fix(ui): prevent exceptions on other users' repo migration pages
- don't expect the retry button to always be attached
- don't parse status response as JSON when it was a login redirect
- add E2E test
2024-08-21 19:57:08 +00:00
Gusted e3243a9465 Merge pull request 'feat(ui): Add rel="nofollow" to in-list labels' (#5002) from xlii/forgejo:forgejo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5002
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-21 19:54:59 +00:00
Otto Richter 83d2b3b7fa Implement CSS-only input toggling, refactor related forms
UX/Translation changes:

- new teams: remove redundant tooltips that don't add meaningful information
  - move general information to table fieldset
- new teams: rename "general" to "custom" access for clarity
- new teams: show labels beside options on mobile

Accessibility:

- semantic form elements allow easier navigation (fieldset, mostly)
- improve better labelling of new teams table
- fix accessibility scan issues
- TODO: the parts that "disable" form elements were not yet touched and
  are not really accessible to screenreaders

Technical:

- replace two JavaScript solutions with one CSS standard
- implement a simpler grid (.simple-grid)
- simplify markup
- remove some webhook settings specific CSS

Testing:

- check more form content for accessibility issues
- but exclude tooltips from the scan :(
- reuse existing form tests from previous PR
2024-08-21 15:03:19 +02:00
Otto c20c534b90 Merge pull request 'fix: validate title length when updating an issue' (#4809) from thilinajayanath/forgejo:validate-issue-title-update into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4809
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-21 12:55:26 +00:00
thilinajayanath 1e922d906f validate the title length when updating an issue and add integration test for issue title update
using middleware validator to validate title length on update

use error name from binding package

add integration test for title update

rebase upstream and update test var name

fix test slice formatting

just a try (#1)

Reviewed-on: https://codeberg.org/thilinajayanath/forgejo/pulls/1
Co-authored-by: Otto Richter <git@otto.splvs.net>
Co-committed-by: Otto Richter <git@otto.splvs.net>

fix errors + add test for 255 char title

fix test domain

fix CSRF token error on test

updaate result struct that's used to decode the json response

add json tags for struct and check changed title when http 200 is received

try to decode the title if the request succeeded

add comment in integration test
2024-08-21 08:56:52 +02:00
Gusted 68cc61b537
Add integration test 2024-08-20 19:09:22 +02:00
Gusted f28cde134e Merge pull request '[UI] Adjust trailing EOL behavior for empty file' (#5013) from gusted/forgejo-adjust-eol into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5013
Reviewed-by: Otto <otto@codeberg.org>
2024-08-20 13:42:04 +00:00
Earl Warren c76a73ad35 Merge pull request '[gitea] week 2024-34 cherry pick (gitea/main -> forgejo)' (#4998) from earl-warren/wcp/2024-34 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4998
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-20 06:32:09 +00:00
Gusted e9a89a188e
[UI] Adjust trailing EOL behavior for empty file
- Follow up #4835
- Currently for empty files (file size is shown in the file header) the
"No EOL" information is being shown, even though it doesn't really
make sense to show that for empty files.
- Add integration test.
- Ref: https://codeberg.org/Codeberg/Community/issues/1612#issuecomment-2169437
2024-08-19 20:23:15 +02:00
Otto 3b8ac4388a Merge pull request 'Refactor grouped forms to semantic HTML' (#4995) from fnetx/refactor-grouped-forms into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4995
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-19 14:53:35 +00:00
Otto Richter c9e402afdc feat(tmpl): Introduce semantic HTML in forms
Modifies forms:

- (new) org team
- (new) repo webhook
- (new) repo protected branch

The forms are not completely rewritten to semantic HTML yet. The focus
of this change was on standard elements, some custom solutions were left
untouched for now.

- swaps the order fo permission radio buttons as per https://codeberg.org/forgejo/forgejo/issues/4983
- uses fieldsets to group related inputs
  - ensures consistent styling across forms
  - can be improved later, e.g. using horizontal lines between sections
- fixes: previous font size of labels was smaller than the font size of the help text
- help text are now part of the label, clicking them now also activates the input
- drop unused CSS (no required checkboxes in grouped class remain)
- playwright testing:
  - move login boilerplate to utils
  - automated form accessibility checking
    - allow defining the scope, because legacy parts of the forms are not yet accessible
  - assert some CSS properties that should not be overriden
- the Makefile adjustment was necessary, because eslint scanned some internal files in the tests/e2e/reports directory
2024-08-19 01:14:18 +02:00
Gusted fe18428806
Fix linting issues 2024-08-18 16:25:13 +02:00
Rowan Bohde ebfdc659d8
render plain text file if the LFS object doesn't exist (#31812)
We had an issue where a repo was using LFS to store a file, but the user
did not push the file. When trying to view the file, Gitea returned a
500 HTTP status code referencing `ErrLFSObjectNotExist`. It appears the
intent was the render this file as plain text, but the conditional was
flipped. I've also added a test to verify that the file is rendered as
plain text.

(cherry picked from commit 1310649331648d747c57a52ea3bc92da85e7d4d1)

Conflicts:
	tests/integration/lfs_view_test.go
  trivial context conflict
2024-08-18 05:58:33 +02:00
Jason Song 7f1db1df3e
Show lock owner instead of repo owner on LFS setting page (#31788)
Fix #31784.

Before:

<img width="1648" alt="image"
src="https://github.com/user-attachments/assets/03f32545-4a85-42ed-bafc-2b193a5d8023">

After:

<img width="1653" alt="image"
src="https://github.com/user-attachments/assets/e5bcaf93-49cb-421f-aac1-5122bc488b02">

(cherry picked from commit 0470646d46f90c20f40fde718be6ef8d8c84ee2c)
2024-08-18 05:47:06 +02:00
Gusted 760b99bd5a Merge pull request 'test: fail on unhandled JS exceptions' (#4959) from solomonv/e2e-fail-on-errors into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4959
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Caesar Schinas <caesar@caesarschinas.com>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-17 00:58:18 +00:00
Earl Warren 24eb401a0a Merge pull request 'Enhancing Gitea OAuth2 Provider with Granular Scopes for Resource Access' (#4449) from marcellmars/forgejo:forgejo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4449
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-16 12:38:15 +00:00
Solomon Victorino 750deb9367 test: fail on unhandled JS exceptions 2024-08-14 15:35:20 -06:00
Otto b77f45f46b Merge pull request 'Revert "Prevent allow/reject reviews on merged/closed PRs"' (#4907) from caesar/forgejo:revert-no-closed-pr-review into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4907
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-08-13 23:25:54 +00:00
Otto 01affa0908 Merge pull request 'fix: Run full PR checks on agit push' (#4885) from viceice/forgejo:fix/agit/force-push into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4885
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-08-13 18:23:40 +00:00
Jason Song a627b885c7
Support compression for Actions logs (#31761)
Support compression for Actions logs to save storage space and
bandwidth. Inspired by
https://github.com/go-gitea/gitea/issues/24256#issuecomment-1521153015

The biggest challenge is that the compression format should support
[seekable](https://github.com/facebook/zstd/blob/dev/contrib/seekable_format/zstd_seekable_compression_format.md).
So when users are viewing a part of the log lines, Gitea doesn't need to
download the whole compressed file and decompress it.

That means gzip cannot help here. And I did research, there aren't too
many choices, like bgzip and xz, but I think zstd is the most popular
one. It has an implementation in Golang with
[zstd](https://github.com/klauspost/compress/tree/master/zstd) and
[zstd-seekable-format-go](https://github.com/SaveTheRbtz/zstd-seekable-format-go),
and what is better is that it has good compatibility: a seekable format
zstd file can be read by a regular zstd reader.

This PR introduces a new package `zstd` to combine and wrap the two
packages, to provide a unified and easy-to-use API.

And a new setting `LOG_COMPRESSION` is added to the config, although I
don't see any reason why not to use compression, I think's it's a good
idea to keep the default with `none` to be consistent with old versions.

`LOG_COMPRESSION` takes effect for only new log files, it adds `.zst` as
an extension to the file name, so Gitea can determine if it needs
decompression according to the file name when reading. Old files will
keep the format since it's not worth converting them, as they will be
cleared after #31735.

<img width="541" alt="image"
src="https://github.com/user-attachments/assets/e9598764-a4e0-4b68-8c2b-f769265183c9">

(cherry picked from commit 33cc5837a655ad544b936d4d040ca36d74092588)

Conflicts:
	assets/go-licenses.json
	go.mod
	go.sum
  resolved with make tidy
2024-08-13 06:51:49 +02:00
Caesar Schinas 65c2595f26
Revert "Prevent allow/reject reviews on merged/closed PRs"
This reverts commit 4ed372af13.
This change from Gitea was not considered by the Forgejo UI team and there is a consensus that it feels like a regression.

The test which was added in that commit is kept and modified to test that reviews can successfully be submitted on closed and merged PRs.

Closes forgejo/design#11
2024-08-12 12:24:52 +01:00
Michael Kriese 2d05e922a2
fix(agit): run full pr checks on force-push 2024-08-12 09:00:41 +02:00
a1012112796 e5f8d144f2
[PORT] Add warning message in merge instructions when AutodetectManualMerge was not enabled (gitea#31805)
---

Conflict resolution: trivial
Things done differently: Improve localization message, use the paragraph
element instead of the div element, fix passing this variable to the
template and add a integration test

(cherry picked from commit 9633f336c87947dc7d2a5e76077a10699ba5e50d)
2024-08-11 19:15:37 +02:00
Earl Warren 44002a6399 Merge pull request 'chore(refactor): split repo_service.ForkRepository in two' (#4879) from earl-warren/forgejo:wip-fork-split into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4879
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-11 15:50:52 +00:00
Earl Warren cfefe2b6c9
chore(refactor): split repo_service.ForkRepository in two
ForkRepository performs two different functions:

* The fork itself, if it does not already exist
* Updates and notifications after the fork is performed

The function is split to reflect that and otherwise unmodified.

The two function are given different names to:

* clarify which integration tests provides coverage
* distinguish it from the notification method by the same name
2024-08-11 12:40:34 +02:00
Exploding Dragon 87d50eca87 feat: support grouping by any path for arch package (#4903)
Previous arch package grouping was not well-suited for complex or multi-architecture environments. It now supports the following content:

- Support grouping by any path.
- New support for packages in `xz` format.
- Fix clean up rules

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4903): <!--number 4903 --><!--line 0 --><!--description c3VwcG9ydCBncm91cGluZyBieSBhbnkgcGF0aCBmb3IgYXJjaCBwYWNrYWdl-->support grouping by any path for arch package<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4903
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
Co-committed-by: Exploding Dragon <explodingfkl@gmail.com>
2024-08-11 10:35:11 +00:00
Earl Warren f8728ad881 Merge pull request '[BUG] Return blocking errors as JSON errors' (#4914) from gusted/forgejo-block-json into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4914
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-10 05:52:27 +00:00
Earl Warren 40e51e4ca7 Merge pull request 'fix(ui): allow unreacting from comment popover' (#4798) from solomonv/forgejo:issue-reaction-fixes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4798
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-10 05:45:55 +00:00
Gusted d97cf0e854
[BUG] Return blocking errors as JSON errors
- These endspoints are since b71cb7acdc
JSON-based and should therefore return JSON errors.
- Integration tests adjusted.
2024-08-09 20:34:38 +02:00
Solomon Victorino b8a5ca2c40 fix(ui): allow unreacting from comment popover
- fix selectors for hasReacted
- don't send empty HTML on reaction errors
- add E2E test
2024-08-09 10:17:04 -06:00
Marcell Mars d6647f710f tests additional grant scopes
- parsing scopes in `grantAdditionalScopes`
- read basic user info if `read:user`
- fail reading repository info if only `read:user`
- read repository info if `read:repository`
- if `setting.OAuth2.EnabledAdditionalGrantScopes` not provided it reads
  all groups (public+private)
- if `setting.OAuth2.EnabledAdditionalGrantScopes` provided it reads
  only public groups
- if `setting.OAuth2.EnabledAdditionalGrantScopes` and `read:organization`
 provided it reads all groups
2024-08-09 14:58:15 +02:00
Yaroslav Halchenko 5ae2dbcb14 Adjust codespell config + make it fix few typos which sneaked in since addition of codespell support (#4857)
Now that my colleague just posted a wonderful blog post https://blog.datalad.org/posts/forgejo-runner-podman-deployment/ on forgejo runner, some time I will try to add that damn codespell action to work on CI here ;)  meanwhile some typos managed to sneak in and this PR should address them (one change might be functional in a test -- not sure if would cause a fail or not)

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4857
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Yaroslav Halchenko <debian@onerussian.com>
Co-committed-by: Yaroslav Halchenko <debian@onerussian.com>
2024-08-08 16:07:35 +00:00
Shivaram Lingamneni 878c236f49 cherry-pick OIDC changes from gitea (#4724)
These are the three conflicted changes from #4716:

* https://github.com/go-gitea/gitea/pull/31632
* https://github.com/go-gitea/gitea/pull/31688
* https://github.com/go-gitea/gitea/pull/31706

cc @earl-warren; as per discussion on https://github.com/go-gitea/gitea/pull/31632 this involves a small compatibility break (OIDC introspection requests now require a valid client ID and secret, instead of a valid OIDC token)

## Checklist

The [developer guide](https://forgejo.org/docs/next/developer/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Breaking features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4724): <!--number 4724 --><!--line 0 --><!--description T0lEQyBpbnRlZ3JhdGlvbnMgdGhhdCBQT1NUIHRvIGAvbG9naW4vb2F1dGgvaW50cm9zcGVjdGAgd2l0aG91dCBzZW5kaW5nIEhUVFAgYmFzaWMgYXV0aGVudGljYXRpb24gd2lsbCBub3cgZmFpbCB3aXRoIGEgNDAxIEhUVFAgVW5hdXRob3JpemVkIGVycm9yLiBUbyBmaXggdGhlIGVycm9yLCB0aGUgY2xpZW50IG11c3QgYmVnaW4gc2VuZGluZyBIVFRQIGJhc2ljIGF1dGhlbnRpY2F0aW9uIHdpdGggYSB2YWxpZCBjbGllbnQgSUQgYW5kIHNlY3JldC4gVGhpcyBlbmRwb2ludCB3YXMgcHJldmlvdXNseSBhdXRoZW50aWNhdGVkIHZpYSB0aGUgaW50cm9zcGVjdGlvbiB0b2tlbiBpdHNlbGYsIHdoaWNoIGlzIGxlc3Mgc2VjdXJlLg==-->OIDC integrations that POST to `/login/oauth/introspect` without sending HTTP basic authentication will now fail with a 401 HTTP Unauthorized error. To fix the error, the client must begin sending HTTP basic authentication with a valid client ID and secret. This endpoint was previously authenticated via the introspection token itself, which is less secure.<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4724
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Shivaram Lingamneni <slingamn@cs.stanford.edu>
Co-committed-by: Shivaram Lingamneni <slingamn@cs.stanford.edu>
2024-08-08 06:32:14 +00:00
0ko bad3b32037 feat(i18n): allow different translations of creation links and titles (#4829)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4829
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-07 16:54:05 +00:00
Earl Warren 690b63fc74 Merge pull request '[BUG] Ensure all filters are persistent in issue filters' (#4852) from gusted/forgejo-filter-links into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4852
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-07 05:49:25 +00:00
Aravinth Manivannan f9cbea3d6b feat: access ActivityPub client through interfaces to facilitate mocking in unit tests (#4853)
Was facing issues while writing unit tests for federation code. Mocks weren't catching all network calls, because was being out of scope of the mocking infra. Plus, I think we can have more granular tests.

This PR puts the client behind an interface, that can be retrieved from `ctx`. Context doesn't require initialization, as it defaults to the implementation available in-tree. It may be overridden when required (like testing).

## Mechanism

1. Get client factory from `ctx` (factory contains network and crypto parameters that are needed)
2. Initialize client with sender's keys and the receiver's public key
3. Use client as before.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4853
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
Co-committed-by: Aravinth Manivannan <realaravinth@batsense.net>
2024-08-07 05:45:24 +00:00
Gusted 192177fc88
[BUG] Ensure all filters are persistent in issue filters
- Ensure that all filters are set in the issue filters links, thus
becoming persistent.
- Adds integration test
- Resolves #4843
2024-08-06 17:12:10 +02:00
Gusted 7faea490fc Merge pull request '[UI] Do not include trailing EOL character when counting lines' (#4835) from gusted/forgejo-num-lines into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4835
Reviewed-by: Caesar Schinas <caesar@caesarschinas.com>
Reviewed-by: Otto <otto@codeberg.org>
2024-08-06 12:23:24 +00:00
Shiny Nematoda 06d2e90fa4 feat: highlighted code search results (#4749)
closes #4534

<details>
<summary>Screenshots</summary>

![](https://codeberg.org/attachments/0ab8a7b0-6485-46dc-a730-c016abb1f287)
</details>

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4749
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2024-08-06 05:57:25 +00:00
Earl Warren 517637137c Merge pull request '[gitea] week 2024-32 cherry pick (gitea/main -> forgejo)' (#4801) from earl-warren/wcp/2024-32 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4801
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-06 05:47:20 +00:00
Gusted 5cf976739c
[UI] Do not include trailing EOL character when counting lines
- Adjust the counting of the number of lines of a file to match the
amount of rendered lines. This simply means that a file with the content
of `a\n` will be shown as having `1 line` rather than `2 lines`. This
matches with the amount of lines that are being rendered (the last empty
line is never rendered) and matches more with the expecation of the
user (a trailing EOL is a technical detail).
- In the case there's no EOL, the reason why it was counting
'incorrectly' was to show if there was a trailing EOL or not, but now
text is shown to tell the user this.
- Integration test added.
- Resolves Codeberg/Community#1612
2024-08-06 04:36:57 +02:00
Gusted b967fce25d
[BUG] Allow 4 charachter SHA in /src/commit
- Adjust the `RepoRefByType` middleware to allow for commit SHAs that
are as short as 4 characters (the minium that Git requires).
- Integration test added.
- Follow up to 4d76bbeda7
- Resolves #4781
2024-08-06 01:45:41 +02:00
Earl Warren 6e98a57096 Merge pull request 'Implement an instance-wide activitypub actor' (#4811) from algernon/forgejo:to-be-or-not-to-be into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4811
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-05 14:23:02 +00:00
Gergely Nagy f121e87aa6
activitypub: Implement an instance-wide actor
An instance-wide actor is required for outgoing signed requests that are
done on behalf of the instance, rather than on behalf of other actors.
Such things include updating profile information, or fetching public
keys.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-08-05 10:50:26 +02:00
Solomon Victorino 3ee5bc262f fix(ui): handle out-of-bounds end line in code selection (#4788)
- fallback to the last line, preventing TypeError
- add E2E test

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4788
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Solomon Victorino <git@solomonvictorino.com>
Co-committed-by: Solomon Victorino <git@solomonvictorino.com>
2024-08-05 04:45:07 +00:00
Jason Song 6844258c67
Clarify Actions resources ownership (#31724)
Fix #31707.

Also related to #31715.

Some Actions resources could has different types of ownership. It could
be:

- global: all repos and orgs/users can use it.
- org/user level: only the org/user can use it.
- repo level: only the repo can use it.

There are two ways to distinguish org/user level from repo level:
1. `{owner_id: 1, repo_id: 2}` for repo level, and `{owner_id: 1,
repo_id: 0}` for org level.
2. `{owner_id: 0, repo_id: 2}` for repo level, and `{owner_id: 1,
repo_id: 0}` for org level.

The first way seems more reasonable, but it may not be true. The point
is that although a resource, like a runner, belongs to a repo (it can be
used by the repo), the runner doesn't belong to the repo's org (other
repos in the same org cannot use the runner). So, the second method
makes more sense.

And the first way is not user-friendly to query, we must set the repo id
to zero to avoid wrong results.

So, #31715 should be right. And the most simple way to fix #31707 is
just:

```diff
-	shared.GetRegistrationToken(ctx, ctx.Repo.Repository.OwnerID, ctx.Repo.Repository.ID)
+	shared.GetRegistrationToken(ctx, 0, ctx.Repo.Repository.ID)
```

However, it is quite intuitive to set both owner id and repo id since
the repo belongs to the owner. So I prefer to be compatible with it. If
we get both owner id and repo id not zero when creating or finding, it's
very clear that the caller want one with repo level, but set owner id
accidentally. So it's OK to accept it but fix the owner id to zero.

(cherry picked from commit a33e74d40d356e8f628ac06a131cb203a3609dec)
2024-08-04 18:24:10 +02:00
Exploding Dragon f17194ca91 Arch packages implementation (#4785)
This PR is from https://github.com/go-gitea/gitea/pull/31037

This PR was originally created by @d1nch8g , and the original source code comes from https://ion.lc/core/gitea.

This PR adds a package registry for [Arch Linux](https://archlinux.org/) packages with support for package files, [signatures](https://wiki.archlinux.org/title/Pacman/Package_signing), and automatic [pacman-database](https://archlinux.org/pacman/repo-add.8.html) management.

Features:

1. Push any ` tar.zst ` package and Gitea sign it.
2. Delete endpoint for specific package version and all related files
3. Supports trust levels with `SigLevel = Required`.
4. Package UI with instructions to connect to the new pacman database and visualised package metadata

![](/attachments/810ca6df-bd20-44c2-bdf7-95e94886d750)

You can follow [this tutorial](https://wiki.archlinux.org/title/Creating_packages) to build a *.pkg.tar.zst package for testing

docs pr: https://codeberg.org/forgejo/docs/pulls/791

Co-authored-by: d1nch8g@ion.lc
Co-authored-by: @KN4CK3R
Co-authored-by: @mahlzahn
Co-authored-by: @silverwind
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4785
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
Co-committed-by: Exploding Dragon <explodingfkl@gmail.com>
2024-08-04 06:16:29 +00:00
0ko 37151d75cb Merge pull request 'Refactor user-cards as a grid' (#4760) from 0ko/forgejo:ui-usercards-grid into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4760
Reviewed-by: Caesar Schinas <caesar@caesarschinas.com>
2024-08-02 17:43:40 +00:00
0ko cad8d09ba8 ui: refactor user-cards as a grid 2024-08-02 19:27:31 +05:00
Gergely Nagy 67fa52dedb
feat(quota): Quota enforcement
The previous commit laid out the foundation of the quota engine, this
one builds on top of it, and implements the actual enforcement.

Enforcement happens at the route decoration level, whenever possible. In
case of the API, when over quota, a 413 error is returned, with an
appropriate JSON payload. In case of web routes, a 413 HTML page is
rendered with similar information.

This implementation is for a **soft quota**: quota usage is checked
before an operation is to be performed, and the operation is *only*
denied if the user is already over quota. This makes it possible to go
over quota, but has the significant advantage of being practically
implementable within the current Forgejo architecture.

The goal of enforcement is to deny actions that can make the user go
over quota, and allow the rest. As such, deleting things should - in
almost all cases - be possible. A prime exemption is deleting files via
the web ui: that creates a new commit, which in turn increases repo
size, thus, is denied if the user is over quota.

Limitations
-----------

Because we generally work at a route decorator level, and rarely
look *into* the operation itself, `size:repos:public` and
`size:repos:private` are not enforced at this level, the engine enforces
against `size:repos:all`. This will be improved in the future.

AGit does not play very well with this system, because AGit PRs count
toward the repo they're opened against, while in the GitHub-style fork +
pull model, it counts against the fork. This too, can be improved in the
future.

There's very little done on the UI side to guard against going over
quota. What this patch implements, is enforcement, not prevention. The
UI will still let you *try* operations that *will* result in a denial.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-08-02 11:10:34 +02:00
Gergely Nagy a414703c09
tests: Add an IsTemplate option to DeclarativeRepoOptions
This lets us use `CreateDeclarativeRepoWithOptions` to create template
repositories.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-08-02 11:10:34 +02:00
Gergely Nagy e1fe3bbdc0
feat(quota): Humble beginnings of a quota engine
This is an implementation of a quota engine, and the API routes to
manage its settings. This does *not* contain any enforcement code: this
is just the bedrock, the engine itself.

The goal of the engine is to be flexible and future proof: to be nimble
enough to build on it further, without having to rewrite large parts of
it.

It might feel a little more complicated than necessary, because the goal
was to be able to support scenarios only very few Forgejo instances
need, scenarios the vast majority of mostly smaller instances simply do
not care about. The goal is to support both big and small, and for that,
we need a solid, flexible foundation.

There are thee big parts to the engine: counting quota use, setting
limits, and evaluating whether the usage is within the limits. Sounds
simple on paper, less so in practice!

Quota counting
==============

Quota is counted based on repo ownership, whenever possible, because
repo owners are in ultimate control over the resources they use: they
can delete repos, attachments, everything, even if they don't *own*
those themselves. They can clean up, and will always have the permission
and access required to do so. Would we count quota based on the owning
user, that could lead to situations where a user is unable to free up
space, because they uploaded a big attachment to a repo that has been
taken private since. It's both more fair, and much safer to count quota
against repo owners.

This means that if user A uploads an attachment to an issue opened
against organization O, that will count towards the quota of
organization O, rather than user A.

One's quota usage stats can be queried using the `/user/quota` API
endpoint. To figure out what's eating into it, the
`/user/repos?order_by=size`, `/user/quota/attachments`,
`/user/quota/artifacts`, and `/user/quota/packages` endpoints should be
consulted. There's also `/user/quota/check?subject=<...>` to check
whether the signed-in user is within a particular quota limit.

Quotas are counted based on sizes stored in the database.

Setting quota limits
====================

There are different "subjects" one can limit usage for. At this time,
only size-based limits are implemented, which are:

- `size:all`: As the name would imply, the total size of everything
  Forgejo tracks.
- `size:repos:all`: The total size of all repositories (not including
  LFS).
- `size:repos:public`: The total size of all public repositories (not
  including LFS).
- `size:repos:private`: The total size of all private repositories (not
  including LFS).
- `size:git:all`: The total size of all git data (including all
  repositories, and LFS).
- `size:git:lfs`: The size of all git LFS data (either in private or
  public repos).
- `size:assets:all`: The size of all assets tracked by Forgejo.
- `size:assets:attachments:all`: The size of all kinds of attachments
  tracked by Forgejo.
- `size:assets:attachments:issues`: Size of all attachments attached to
  issues, including issue comments.
- `size:assets:attachments:releases`: Size of all attachments attached
  to releases. This does *not* include automatically generated archives.
- `size:assets:artifacts`: Size of all Action artifacts.
- `size:assets:packages:all`: Size of all Packages.
- `size:wiki`: Wiki size

Wiki size is currently not tracked, and the engine will always deem it
within quota.

These subjects are built into Rules, which set a limit on *all* subjects
within a rule. Thus, we can create a rule that says: "1Gb limit on all
release assets, all packages, and git LFS, combined". For a rule to
stand, the total sum of all subjects must be below the rule's limit.

Rules are in turn collected into groups. A group is just a name, and a
list of rules. For a group to stand, all of its rules must stand. Thus,
if we have a group with two rules, one that sets a combined 1Gb limit on
release assets, all packages, and git LFS, and another rule that sets a
256Mb limit on packages, if the user has 512Mb of packages, the group
will not stand, because the second rule deems it over quota. Similarly,
if the user has only 128Mb of packages, but 900Mb of release assets, the
group will not stand, because the combined size of packages and release
assets is over the 1Gb limit of the first rule.

Groups themselves are collected into Group Lists. A group list stands
when *any* of the groups within stand. This allows an administrator to
set conservative defaults, but then place select users into additional
groups that increase some aspect of their limits.

To top it off, it is possible to set the default quota groups a user
belongs to in `app.ini`. If there's no explicit assignment, the engine
will use the default groups. This makes it possible to avoid having to
assign each and every user a list of quota groups, and only those need
to be explicitly assigned who need a different set of groups than the
defaults.

If a user has any quota groups assigned to them, the default list will
not be considered for them.

The management APIs
===================

This commit contains the engine itself, its unit tests, and the quota
management APIs. It does not contain any enforcement.

The APIs are documented in-code, and in the swagger docs, and the
integration tests can serve as an example on how to use them.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-08-02 11:10:34 +02:00
Gusted b0a104d3d4 Merge pull request 'Distinguish between new tags, releases and pre-releases on activity page' (#4782) from mahlzahn/forgejo:repo_activity_releases into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4782
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-02 08:11:39 +00:00
Exploding Dragon 471265c4e0 Add signature support for the RPM module (#4780)
This pull request comes from https://github.com/go-gitea/gitea/pull/27069.

If the rpm package does not contain a matching gpg signature, the installation will fail. See ([gitea/gitea#27031](https://github.com/go-gitea/gitea/issues/27031)) , now auto-signing all new rpm uploads.

This option is turned off by default for compatibility.

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4780): <!--number 4780 --><!--line 0 --><!--description QWRkIHNpZ25hdHVyZSBzdXBwb3J0IGZvciB0aGUgUlBNIG1vZHVsZQ==-->Add signature support for the RPM module<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4780
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
Co-committed-by: Exploding Dragon <explodingfkl@gmail.com>
2024-08-02 05:56:57 +00:00
Robert Wolff 2795f5bc0e feat(UI): fix links, add labels for releases on repo activity page 2024-08-02 07:56:03 +02:00
Robert Wolff b7f2739dfe feat(UI): add links to icons in repository file list 2024-08-01 13:32:01 +02:00
Robert Wolff 994bd93e69 feat(UI): add package counter to repo/user/org overview pages
- add package counter to repo/user/org overview pages
    - add go unit tests for repo/user has/count packages
    - add many more unit tests for packages model
    - fix error for non-existing packages in DeletePackageByID and SetRepositoryLink
2024-07-31 12:40:24 +02:00
TheFox0x7 4de909747b Add testifylint to lint checks (#4535)
go-require lint is ignored for now

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4535
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>
Co-committed-by: TheFox0x7 <thefox0x7@gmail.com>
2024-07-30 19:41:10 +00:00
Earl Warren 94933470cd Merge pull request 'Implement external release assets' (#1445) from maltejur/forgejo:forgejo-external-attachments into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1445
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-30 15:50:57 +00:00
Earl Warren ef7313097c Merge pull request 'Refactor repo migration items' (#4710) from 0ko/forgejo:ui-migration-items into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4710
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-30 15:48:29 +00:00
Earl Warren d40873e768 Merge pull request '[gitea] week 2024-31 cherry pick (gitea/main -> forgejo)' (#4716) from earl-warren/wcp/2024-31 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4716
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-07-30 15:45:27 +00:00
Earl Warren 7b798a88ee Merge pull request 'fix(UI): issue task list numbers, fix #4431' (#4452) from mahlzahn/forgejo:fix_issue_task_list_numbers_issue_4431 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4452
Reviewed-by: Beowulf <beowulf@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-07-29 20:50:42 +00:00
Malte Jürgens a61e7c7a39
Implement external assets 2024-07-29 20:35:55 +02:00
Robert Wolff 5bb191e14d remove commented leftovers 2024-07-28 16:27:51 +02:00
Robert Wolff 90fe38ec83 add integration test for check list numbers on issues list page 2024-07-28 14:18:34 +00:00
Robert Wolff 531a18810b fix typo in regexp 2024-07-28 14:18:34 +00:00
Robert Wolff 574265e4a8 fix golangci-lint regexpMust 2024-07-28 14:18:34 +00:00
Robert Wolff 58c60ec11c add issue checklist integration test 2024-07-28 14:18:34 +00:00
Earl Warren 3d1b8f47c0
Use GetDisplayName() instead of DisplayName() to generate rss feeds (followup)
The test only exists in Forgejo and the behavior it verifies now require
setting.UI.DefaultShowFullName to be true.
2024-07-28 09:00:29 +02:00
Gusted 358ec8002e
[UI] Show AGit label on merged PR
- The label wasn't show on merged PRs.
- Integration test added
2024-07-28 02:29:58 +02:00
Gusted 4c40bf5d29 Merge pull request '[SEC] Notify owner about TOTP enrollment' (#4704) from gusted/sec-more-totp into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4704
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-07-27 20:53:47 +00:00
Earl Warren ff6aceaeac
feat: optimize the FindUnreferencedPackages package query
Replace a double select with a simple select.

The complication originates from the initial implementation which
deleted packages instead of selecting them. It was justified to
workaround a problem in MySQL. But it is just a waste of resources
when collecting a list of IDs.
2024-07-27 15:57:24 +02:00
0ko 2ad377130b ui: refactor repo migration items 2024-07-27 16:35:48 +05:00
Gusted a7e96aae66
[SEC] Notify owner about TOTP enrollment
- In the spirit of #4635
- Notify the owner when their account is getting enrolled into TOTP. The
message is changed according if they have security keys or not.
- Integration test added.
2024-07-26 19:49:22 +02:00
0ko 13cb4b3f2e fix(ui): fix conversation template 2024-07-25 23:51:17 +05:00
Earl Warren e9e3b8c0f3
fix(api): issue state change is not idempotent
The PATCH if issue & pull request switched to use the service
functions instead. However, the service function changing the state is
not idempotent. Instead of doing nothing which changing from open to
open or close to close, it will fail with an error like:

 Issue [2472] 0 was already closed

Regression of: 6a4bc0289d

Fixes: https://codeberg.org/forgejo/forgejo/issues/4686
2024-07-25 15:16:44 +02:00
Robert Wolff 0a74c95b2a fix(ui): use right placeholder string in milestones search (#4628)
This PR fixes a wrong placeholder for the search for milestones. I tested it locally (see attachments, below).

Before: https://codeberg.org/attachments/ba845ce1-1f20-4131-a74d-7220986a4acf
After: https://codeberg.org/attachments/0c4e32ee-b1a8-4472-837d-daa2a2a50121

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4628
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Robert Wolff <mahlzahn@posteo.de>
Co-committed-by: Robert Wolff <mahlzahn@posteo.de>
2024-07-25 03:33:44 +00:00
Gusted 4383da91bd
[SECURITY] Notify users about account security changes
- Currently if the password, primary mail, TOTP or security keys are
changed, no notification is made of that and makes compromising an
account a bit easier as it's essentially undetectable until the original
person tries to log in. Although other changes should be made as
well (re-authing before allowing a password change), this should go a
long way of improving the account security in Forgejo.
- Adds a mail notification for password and primary mail changes. For
the primary mail change, a mail notification is sent to the old primary
mail.
- Add a mail notification when TOTP or a security keys is removed, if no
other 2FA method is configured the mail will also contain that 2FA is
no longer needed to log into their account.
- `MakeEmailAddressPrimary` is refactored to the user service package,
as it now involves calling the mailer service.
- Unit tests added.
- Integration tests added.
2024-07-23 18:31:47 +02:00
Earl Warren ded237ee77 Merge pull request '[gitea] week 2024-30 cherry pick (gitea/main -> forgejo)' (#4607) from algernon/wcp/2024-30 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4607
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-23 16:01:28 +00:00
Gusted 3ba64bd038 Merge pull request 'Reserve the devtest username' (#4638) from ikuyo/forgejo:reserve-devtest into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4638
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-07-23 12:59:16 +00:00
Ikuyo 859cc23dc2
Add missing trailing comma 2024-07-23 11:04:57 +05:00
Ikuyo 90c0e9dace
Add devtest in reserved usernames test 2024-07-23 08:38:55 +05:00
Gusted 40baa96fc3
[CHORE] Add playwright eslint plugin
- Add https://github.com/playwright-community/eslint-plugin-playwright
as a linter for the playwright tests.
- `no-networkidle` and `no-conditional-in-test` are disabled as fixing
those doesn't seem to really improve testing quality for our use case.
- Some non-recommended linters are enabled to ensure consistency (the
prefer rules).
2024-07-22 20:03:32 +02:00
Rowan Bohde 21fdd28f08
allow synchronizing user status from OAuth2 login providers (#31572)
This leverages the existing `sync_external_users` cron job to
synchronize the `IsActive` flag on users who use an OAuth2 provider set
to synchronize. This synchronization is done by checking for expired
access tokens, and using the stored refresh token to request a new
access token. If the response back from the OAuth2 provider is the
`invalid_grant` error code, the user is marked as inactive. However, the
user is able to reactivate their account by logging in the web browser
through their OAuth2 flow.

Also changed to support this is that a linked `ExternalLoginUser` is
always created upon a login or signup via OAuth2.

Ideally, we would also refresh permissions from the configured OAuth
provider (e.g., admin, restricted and group mappings) to match the
implementation of LDAP. However, the OAuth library used for this `goth`,
doesn't seem to support issuing a session via refresh tokens. The
interface provides a [`RefreshToken`
method](https://github.com/markbates/goth/blob/master/provider.go#L20),
but the returned `oauth.Token` doesn't implement the `goth.Session` we
would need to call `FetchUser`. Due to specific implementations, we
would need to build a compatibility function for every provider, since
they cast to concrete types (e.g.
[Azure](https://github.com/markbates/goth/blob/master/providers/azureadv2/azureadv2.go#L132))

---------

Co-authored-by: Kyle D <kdumontnu@gmail.com>
(cherry picked from commit 416c36f3034e228a27258b5a8a15eec4e5e426ba)

Conflicts:
	- tests/integration/auth_ldap_test.go
	  Trivial conflict resolved by manually applying the change.
	- routers/web/auth/oauth.go
	  Technically not a conflict, but the original PR removed the
	  modules/util import, which in our version, is still in use. Added it
	  back.
2024-07-22 15:44:13 +02:00
Gusted 6a49e3f468
[BUG] Fix panic on too high page number
- Fixes a panic where the file history router would panic if the page
number was set to a page where no commits would be returned. It now
returns a 404 in such case.
- Regresion of a5b1c1b0b3
- Panic log provided by @algernon.
- Minimal integration test added.

Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-07-21 02:01:54 +02:00
0ko c235e9b919 ui: encourage participation in the localization of Forgejo in language settings (#4596)
Changes:
- clarify how the language selector works as this is not very unclear: the footer selector is per-session and the settings selector is per-account, usually users need the 2nd
- tell about how to participate in improvement of localization via this link: https://forgejo.org/docs/latest/developer/localization/. Test that the link is present by extending and existing test

Preview:
- https://codeberg.org/attachments/f5d04fa1-2e9a-46e4-ac94-d8effefb9762
- https://codeberg.org/attachments/2a820bf5-1326-4c4a-9aff-4b9b70ee1bc0

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4596
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-20 16:38:59 +00:00
Earl Warren eb61437a52 Merge pull request '[UI] Convert milestone to HTMX' (#4542) from gusted/htmx-milestone into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4542
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-20 07:49:28 +00:00
Earl Warren 3e8f975345 Merge pull request 'Remove hardcoded filenames for better readability' (#4225) from Xinayder/forgejo:alpine-noarch into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4225
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-18 13:28:09 +00:00
Alexandre Oliveira ef815db8f2 Remove hardcoded filenames for better readability 2024-07-17 23:20:48 +02:00
TheFox0x7 3fca6c0bf5
test: enforce tenv usage in tests 2024-07-17 23:07:41 +02:00
Earl Warren c349da723c
Revert "ui: update pull request icons (#4455)" (partial)
This reverts commit 8e56f61d0f.

Refs: https://codeberg.org/forgejo/discussions/issues/192
2024-07-17 16:56:25 +02:00
Earl Warren 125e4832e0 Merge pull request 'Update module github.com/go-testfixtures/testfixtures/v3 to v3.12.0 (forgejo)' (#4485) from renovate/forgejo-github.com-go-testfixtures-testfixtures-v3-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4485
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-17 14:07:10 +00:00
Gusted d731dc793b
[UI] Convert milestone to HTMX
- Currently if you want to update the milestone of an issue or pull
request, your whole page will be reloaded to reflect the newly set
milestone. This is quite unecessary, as only the milestone text is
updated and a new timeline event is added.
- This patch converts the milestone section in the issue/pull request
sidebar to use HTMX, so it becomes a progressive element and avoids
reloading the whole page to update the milestone.
- The update of the milestone section itself is quite straightforward
and nothing special is happening. To support adding new timeline events,
a new element `#insert-timeline` is conviently placed after the last
timeline event, which can be used with
[`hx-swap-oob`](https://htmx.org/attributes/hx-swap-oob/) to position
new timeline events before that element.
- Adds E2E test.
2024-07-17 14:52:00 +02:00
Earl Warren 011a7cffd2 Merge pull request 'fix: labels set during issue creation are not displayed' (#4546) from 0ko/forgejo:ui-labels-aaa into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4546
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-17 12:03:43 +00:00
0ko 326958316d ui: fix issue labels 2024-07-17 16:19:44 +05:00
Gusted 14d9c386fd
[UI] Fix HTMX support for profile card
- There were two issues with the profile card since the introduction of
HTMX in 3e8414179c. If an HTMX request
resulted in a flash message, it wasn't being shown and HTMX was
replacing all the HTML content instead of morphing it into the existing
DOM which caused event listeners to be lost for buttons.
- Flash messages are now properly being shown by using `hx-swap-oob`
and sending the alerts on a HTMX request, this does mean it requires
server-side changes in order to support HTMX requests like this, but
it's luckily not a big change either.
- Morphing is now enabled for the profile card by setting
`hx-swap="morph"`, and weirdly, the morphing library was already
installed and included as a dependency. This solves the issue of buttons
losing their event listeners.
- This patch also adds HTMX support to the modals feature, which means
that the blocking feature on the profile card now takes advantage of
HTMX.
- Added a E2E test.
2024-07-17 01:41:32 +02:00
Gusted 984d0127f1
Enable multiStatements for MySQL 2024-07-16 23:16:03 +02:00
Earl Warren 5fc3916fff
docs(e2e): explain how to use VSCodium or VSCode
Imported from the docs to keep them in one place.
2024-07-16 17:22:39 +02:00
Solomon Victorino df22f8da5f fix: preserve object format dropdown options on /repo/create error (#4360)
To reproduce:
- make the repo creation form return with an error, like a duplicate name
- click on the Object format dropdown
- the options are missing as the listbox is empty

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4360
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Solomon Victorino <git@solomonvictorino.com>
Co-committed-by: Solomon Victorino <git@solomonvictorino.com>
2024-07-16 14:42:35 +00:00
Bram Hagens 8e56f61d0f ui: update pull request icons (#4455)
Added a new icon for closed PRs (similar to GitHub, GitLab, etc),
Fixes https://codeberg.org/forgejo/forgejo/issues/4454.

Before:
- https://codeberg.org/attachments/b17c5846-506f-4b32-97c9-03f31c5ff758
- https://codeberg.org/attachments/babcd011-d340-4a9e-94db-ea17ef6d3c2b
- https://codeberg.org/attachments/dbca009a-413e-48ab-84b1-55ad7f4fcd3d

After:
- https://codeberg.org/attachments/3e161f7b-4172-4a8c-a8eb-54bcf81c0cae
- https://codeberg.org/attachments/0c308f7e-25a0-49a3-9c86-1b1f9ab39467
- https://codeberg.org/attachments/b982b6b8-c78a-4332-8269-50d01de834e0

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4455
Reviewed-by: Caesar Schinas <caesar@caesarschinas.com>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Bram Hagens <bram@bramh.me>
Co-committed-by: Bram Hagens <bram@bramh.me>
2024-07-16 14:38:46 +00:00
Gergely Nagy fc4f914e71
Load attachments for /issues/comments/{id}
The `/repos/{owner}/{repo}/issues/comments/{id}` API endpoint returns an
`assets` field, but the route handler did not load attachments, thus,
the field was never populated.

This patch fixes that, and adds a test to exercise it. The test fails
without the fix.

This addresses a bug discovered in Codeberg/Community#1607.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-07-16 11:09:54 +02:00
Earl Warren 56ee58c239 Merge pull request '[CHORE] Use github.com/ProtonMail/go-crypto' (#4506) from gusted/proton-openpgp into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4506
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-15 16:49:05 +00:00
Earl Warren f4b8ffcca4 Merge pull request '[CHORE] Update jsonschema library to v6' (#4496) from gusted/update-jsonscheme into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4496
Reviewed-by: Otto <otto@codeberg.org>
2024-07-15 16:47:37 +00:00
Gusted 45341ee9ce
[CHORE] Use github.com/ProtonMail/go-crypto
- We were previously using `github.com/keybase/go-crypto`, because the
package for openpgp by Go itself is deprecated and no longer
maintained. This library provided a maintained version of the openpgp
package. However, it hasn't seen any activity for the last five years,
 and I would therefore consider this also unmaintained.
- This patch switches the package to `github.com/ProtonMail/go-crypto`
which provides a maintained version of the openpgp package and was
already being used in the tests.
- Adds unit tests, I've carefully checked the callstacks to ensure the
OpenPGP-related code was covered under either a unit test or integration
tests to avoid regression, as this can easily turn into security
vulnerabilities if a regression happens here.
- Small behavior update, revocations are now checked correctly instead
of checking if they merely exist and the expiry time of a subkey is used
if one is provided (this is just cosmetic and doesn't impact security).
- One more dependency eliminated :D
2024-07-15 17:27:37 +02:00