Commit graph

20305 commits

Author SHA1 Message Date
Renovate Bot c23cac5073 Update dependency postcss to v8.4.40 2024-07-25 00:04:25 +00:00
Gusted a6b4fb7729
[CHORE] Remove AGPL-1.0 as allowed license
- The last dependency using this license was removed in #4595 (thanks @Beowulf!).
2024-07-24 23:38:31 +02:00
Earl Warren 419c129ec7 Merge pull request 'Replace Gitea with Forgejo' (#4660) from yonas/forgejo:yonas-patch-1 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4660
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-07-24 21:35:14 +00:00
Earl Warren c75c6b392c Merge pull request '[UI] Fix scoped-access-token' (#4669) from gusted/forgejo-fix-regg into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4669
Reviewed-by: Beowulf <beowulf@noreply.codeberg.org>
2024-07-24 21:34:19 +00:00
Gusted 510cbe2c92
[CHORE] Don't bundle elkjs
- `elkjs` is a library that's imported by `mermaid`, although they have
seperated this package to it's own mermaid
package (https://github.com/mermaid-js/mermaid/pull/5654), the stable
version doesn't have this patch.
- `elkjs` is licensed under the EPL-2.0 license (copyleft), which isn't
compatible with GPL unless the license author explcitly allow this via a
so called "secondary license". At the end of the day it cannot be
released under a MIT or GPL license.
- Use webpack's `externals` option to avoid bundling `elkjs` and instead
leave it as a `require` code.
- This is a 'dirty' way to ensure elkjs isn't bundled and has to be
tested manually to ensure this for every release (via the
`webpack-bundle-analyzer` plugin). If someone tries to use the elkjs
render, it will result in a non-descriptive error being shown.
2024-07-24 23:28:59 +02:00
Gusted aa5163d5c4
[UI] Fix scoped-access-token
- Regression of #4571
- Refactor to not use the component API of Vue. The root cause is still
unknown.
2024-07-24 21:48:51 +02:00
Earl Warren b55136d561 Merge pull request 'fix(release-notes-assistant): do not trigger on open' (#4665) from twenty-panda/forgejo:wip-rna-trigger into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4665
2024-07-24 16:32:43 +00:00
Twenty Panda e9a3306f6e fix(release-notes-assistant): do not trigger on open
Forgejo sets a label and will notify this when opening the pull
request. Triggering when it opens will make two workflows for the same
SHA. Re-opening is a border case that is not needed.
2024-07-24 18:26:59 +02:00
Earl Warren 762f4b5408 Merge pull request 'fix(release-notes-assistant): ignore WIP prefixes' (#4663) from earl-warren/forgejo:wip-rna-preview into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4663
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-24 14:55:29 +00:00
Earl Warren ba006b2eef
fix(release-notes-assistant): ignore WIP prefixes 2024-07-24 16:49:21 +02:00
yonas 9ad23f9ede Replace Gitea with Forgejo 2024-07-24 14:17:23 +00:00
Earl Warren 479a98fd18 Merge pull request 'docs(release-notes): 8.0.0 - updates' (#4657) from earl-warren/forgejo:wip-release-notes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4657
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-24 13:17:13 +00:00
Earl Warren 77c30ad85b
docs(release-notes): 8.0.0 - updates 2024-07-24 15:14:38 +02:00
Codeberg Translate 7699d85f3b [I18N] Translations update from Weblate (#4568)
Translations update from [Weblate](https://translate.codeberg.org) for [Forgejo/forgejo](https://translate.codeberg.org/projects/forgejo/forgejo/).

Current translation status:

![Weblate translation status](https://translate.codeberg.org/widget/forgejo/forgejo/horizontal-auto.svg)

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Localization
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4568)</a>: <!--number 4568 --><!--line 0 --><!--description W0kxOE5dIFRyYW5zbGF0aW9ucyB1cGRhdGUgZnJvbSBXZWJsYXRl-->[I18N] Translations update from Weblate<!--description-->
<!--end release-notes-assistant-->

Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: mahlzahn <mahlzahn@posteo.de>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: leana8959 <leana8959@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: Wuzzy <Wuzzy@users.noreply.translate.codeberg.org>
Co-authored-by: meskobalazs <meskobalazs@users.noreply.translate.codeberg.org>
Co-authored-by: Bálint Gonda <balinteus@gmail.com>
Co-authored-by: Beowulf <Beowulf@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4568
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
2024-07-24 08:41:30 +00:00
Earl Warren a0dbc3ae70 Merge pull request 'fix(release-notes-assistant): add the Localization category' (#4655) from earl-warren/forgejo:wip-rna-preview into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4655
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-24 07:18:41 +00:00
Earl Warren bca3f857dc Merge pull request 'Update dependency @vitejs/plugin-vue to v5.1.0 (forgejo)' (#4653) from renovate/forgejo-vitejs-plugin-vue-5.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4653
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-07-24 05:20:30 +00:00
Earl Warren 54e364b7bc
fix(release-notes-assistant): add the Localization category
The Localization category groups translations updates towards the end
of the release notes.
2024-07-24 06:22:35 +02:00
Earl Warren 1a2c611c42 Merge pull request 'feat(release-notes-assistant): if no labels, fallback to prefix' (#4651) from twenty-panda/forgejo:wip-rna into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4651
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-24 04:04:47 +00:00
Renovate Bot 1f4666c6cd Update dependency @vitejs/plugin-vue to v5.1.0 2024-07-24 00:04:06 +00:00
Twenty Panda 7db4dfa768 fix(release-notes-assistant): upgrade to convert \r\n
When a milestone or a pull request body is \r\n separated, they are
converted to newlines. Otherwise it makes it more difficult to compare
lines.
2024-07-24 00:07:53 +02:00
Twenty Panda db64236f85 feat(release-notes-assistant): if no labels, fallback to prefix
* support feat: fix: feat!: fix! conventional commits prefixes
* add unit tests
2024-07-24 00:07:29 +02:00
Earl Warren 14d079a1eb Merge pull request '[FEAT] Enable INVALIDATE_REFRESH_TOKENS' (#4633) from gusted/sec-oauth into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4633
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-23 20:45:22 +00:00
Earl Warren 5a922ca983 Merge pull request 'Release note for #4595' (#4634) from beowulf/release-notes/4595.md into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4634
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-23 18:18:30 +00:00
Gusted ea1a0ebbc3 Merge pull request '[SECURITY] Notify users about account security changes' (#4635) from gusted/sec-notify into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4635
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-23 17:50:59 +00:00
Beowulf 44156b6006
added release notes for pr 4595
(removed support for the APA citation format)
2024-07-23 18:47:42 +02:00
Gusted 4383da91bd
[SECURITY] Notify users about account security changes
- Currently if the password, primary mail, TOTP or security keys are
changed, no notification is made of that and makes compromising an
account a bit easier as it's essentially undetectable until the original
person tries to log in. Although other changes should be made as
well (re-authing before allowing a password change), this should go a
long way of improving the account security in Forgejo.
- Adds a mail notification for password and primary mail changes. For
the primary mail change, a mail notification is sent to the old primary
mail.
- Add a mail notification when TOTP or a security keys is removed, if no
other 2FA method is configured the mail will also contain that 2FA is
no longer needed to log into their account.
- `MakeEmailAddressPrimary` is refactored to the user service package,
as it now involves calling the mailer service.
- Unit tests added.
- Integration tests added.
2024-07-23 18:31:47 +02:00
Earl Warren ded237ee77 Merge pull request '[gitea] week 2024-30 cherry pick (gitea/main -> forgejo)' (#4607) from algernon/wcp/2024-30 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4607
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-23 16:01:28 +00:00
banaanihillo 522e652e8d [accessibility] Add keyboard support for test actions (#4490)
- Existing gear icon keyup handler fixed:
moved the handler onto its descendant button,
to prevent it from incorrectly firing on the check-box elements
- Check-box elements: keyup elements for space and enter added,
as well as tabindex elements to make them able to gain focus

<!--
Before submitting a PR, please read the contributing guidelines:
https://codeberg.org/forgejo/forgejo/src/branch/forgejo/CONTRIBUTING.md
-->

To test the check boxes:
- Set up an action, and visit the action's job page
- Navigate onto the job container (via Tab et al.)
- Use the gear icon with Space or Enter
- Tick the check-box items with Space or Enter

To test the elements beside the chevron icons:
- Navigate onto the element via Tab et al.
- Open/close them via Space or Enter

I have not had a chance to test the latter fix (https://codeberg.org/forgejo/forgejo/issues/4476#issuecomment-2092312) myself yet; feel free to reject this one in case the latter fix does not work as it should, and I will break this up into two separate pull requests.

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- User Interface bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4490)</a>: <!--number 4490 --><!--line 0 --><!--description W2FjY2Vzc2liaWxpdHldIEFkZCBrZXlib2FyZCBzdXBwb3J0IGZvciB0ZXN0IGFjdGlvbnM=-->[accessibility] Add keyboard support for test actions<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4490
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: banaanihillo <banaanihillo@noreply.codeberg.org>
Co-committed-by: banaanihillo <banaanihillo@noreply.codeberg.org>
2024-07-23 15:37:19 +00:00
Earl Warren dd9abfcc09 Merge pull request 'fix(release-notes-assistant): upgrade to always insert a newline' (#4646) from twenty-panda/forgejo:wip-rna into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4646
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-23 13:20:18 +00:00
Gusted 3ba64bd038 Merge pull request 'Reserve the devtest username' (#4638) from ikuyo/forgejo:reserve-devtest into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4638
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-07-23 12:59:16 +00:00
Twenty Panda 80a1461e7d fix(release-notes-assistant): upgrade to always insert a newline
* if <!-- is inserted just after a <!-- --> it will not render
  well, it needs to be separated by a newline
* do not use ? in sed -E, it is not the same as with JavaScript
2024-07-23 13:53:46 +02:00
Earl Warren 1fa7d1cbcf Merge pull request 'fix(release-notes-assistant): be more conservative when cleaning up' (#4644) from twenty-panda/forgejo:wip-rna into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4644
2024-07-23 09:42:20 +00:00
Twenty Panda 043214d751 fix(release-notes-assistant): be more conservative when cleaning up
Do not replace http*: it breaks URLs.
2024-07-23 11:37:40 +02:00
Earl Warren 6e86f4056e Merge pull request 'fix(ci): use a PAT for release-notes-assistant' (#4643) from earl-warren/forgejo:wip-rna-preview into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4643
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-23 08:20:01 +00:00
Earl Warren 9bbe00c84b
fix(ci): use a PAT for release-notes-assistant
GITHUB_TOKEN does not have permission to write the repository and is
not allowed to edit or comment on pull requests because of that. A PAT
from a regular user who does **not** have permission to write to the
repository either but who is in a the contributors team will have
permissions to do that because there is a "write pull request"
permission given to the team.
2024-07-23 10:02:00 +02:00
Earl Warren 2c2f2ffee2 Merge pull request 'update the PR description with the release notes draft' (#4612) from wip-rna-preview into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4612
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-23 07:30:59 +00:00
Twenty Panda 5c734d8885
tests: update the PR description with the release notes draft
If the 'worth a release-note' label is set, add a release note entry
to the description of the pull request as a preview.

* use the `release-notes/<pr-number>.md` file if any
* otherwise use the pull request title

Refs: https://code.forgejo.org/forgejo/release-notes-assistant
2024-07-23 09:27:43 +02:00
Earl Warren 03b95d20fa Merge pull request 'feat(ui): sort milestones by name by default instead of the due date' (#4625) from gusted/forgejo-gt-27084 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4625
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-23 06:08:24 +00:00
Ikuyo 859cc23dc2
Add missing trailing comma 2024-07-23 11:04:57 +05:00
Earl Warren 767f0ed63f Merge pull request '[CHORE] Add playwright eslint plugin' (#4631) from gusted/playwright-eslint into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4631
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-23 06:02:12 +00:00
Earl Warren d58b9b4fe0 Merge pull request 'feat(cli): allow updates to runners' secrets' (#4619) from tseeker/forgejo:20240722-update-secret into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4619
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-07-23 04:59:51 +00:00
0ko e03922a009 Merge pull request '[I18N] Add common section to new translation files' (#4632) from gusted/tr-fix into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4632
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-07-23 04:14:22 +00:00
Ikuyo 90c0e9dace
Add devtest in reserved usernames test 2024-07-23 08:38:55 +05:00
Ikuyo 93d0836241
Reserve devtest username 2024-07-23 08:18:20 +05:00
forgejo-renovate-action 2ad871e653 Merge pull request 'Update dependency @playwright/test to v1.45.3 (forgejo)' (#4637) from renovate/forgejo-playwright-monorepo into forgejo 2024-07-23 00:42:45 +00:00
Renovate Bot 1d5286943f Update dependency @playwright/test to v1.45.3 2024-07-23 00:03:37 +00:00
Gusted 2f98430e6f Merge pull request 'Update dependency webpack to v5.93.0 (forgejo)' (#4484) from renovate/forgejo-webpack-5.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4484
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-07-22 22:41:44 +00:00
Gusted 89b1723d35
[FEAT] Enable INVALIDATE_REFRESH_TOKENS
- It's possible to detect if refresh tokens are used more than once, if
it's used more than it's a indication of a replay attack and it should
invalidate the associated access token. This behavior is controlled by
the `INVALIDATE_REFRESH_TOKENS` setting.
- Altough in a normal scenario where TLS is being used, it should be
very hard to get to situation where replay attacks are being used, but
this is better safe than sorry.
- Enable `INVALIDATE_REFRESH_TOKENS` by default.
2024-07-22 20:45:13 +02:00
Gusted a67e420c38
[I18N] Add common section to new translation files
- Follow up for #4576
- Weblate currently cannot parse ini files if they contain keys that
don't belong to a section.
2024-07-22 20:14:24 +02:00
Gusted 40baa96fc3
[CHORE] Add playwright eslint plugin
- Add https://github.com/playwright-community/eslint-plugin-playwright
as a linter for the playwright tests.
- `no-networkidle` and `no-conditional-in-test` are disabled as fixing
those doesn't seem to really improve testing quality for our use case.
- Some non-recommended linters are enabled to ensure consistency (the
prefer rules).
2024-07-22 20:03:32 +02:00