Refs: https://codeberg.org/forgejo/forgejo/issues/8
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/153
Refs: https://codeberg.org/forgejo/forgejo/issues/123
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/299
(cherry picked from commit 08dcef0c8c)
[DOCS] CONTRIBUTING/RELEASE: https://forgejo.org/docs/admin
Because the version is not displayed on the landing page of Forgejo,
there cannot be a link to a versionned documentation. There must exist
a link that points to the latest version on the website for the
forgejo instance to display.
Better but more complicated approaches could be to:
* Embed the documentation in Forgejo
* Allow the admin to not display the help
* Allow the admin to display a versionned help or not
(cherry picked from commit 83cc389239)
(cherry picked from commit 5df52b8a4f)
(cherry picked from commit 9a66b3d70b)
[DOCS] CONTRIBUTING/RELEASE: reminder to update FORGEJO_VERSION
(cherry picked from commit 2a4d0bd164)
(cherry picked from commit d68576ba67)
[DOCS] CONTRIBUTING: updates
* Remove obsolete description of the well being & moderation team and
replace them with a link to the moderation email.
* Remove description of the governance process and replace with a link
to the governance readme that did not exist at the time.
* Add links to the Forgejo documentation
(cherry picked from commit df749da272)
(cherry picked from commit 4da39128c5)
(cherry picked from commit f442ca6f40)
(cherry picked from commit 031928c447)
(cherry picked from commit 1e6ba47216)
(cherry picked from commit 8916a1f8c6)
(cherry picked from commit 663e28c412)
(cherry picked from commit d56b130baa)
[DOCS] CONTRIBUTING (squash)
(cherry picked from commit 0dc4b6e5c9)
(cherry picked from commit 52f2163807)
(cherry picked from commit 47d0ae3e10)
(cherry picked from commit 7757a5c34c)
(cherry picked from commit 5b4d25bd03)
(cherry picked from commit 78798cc25e)
(cherry picked from commit 3001fb8c7b)
(cherry picked from commit da27bf1bc5)
(cherry picked from commit 2fb13da8ed)
(cherry picked from commit ea19e0efb3)
[DOCS] Add link to build instructions in CONTRIBUTING.md
(cherry picked from commit 50d86aa4ad)
Replace 'v1.20' with 'next'
(cherry picked from commit 3e99f49fc5)
(cherry picked from commit f5c89e88cf)
(cherry picked from commit 8e70433dac)
(cherry picked from commit 31cc99588c)
fixes 404 links in CONTRIBUTING.md
(cherry picked from commit b7326919ab)
(cherry picked from commit cd88e7d177)
(cherry picked from commit 09d33f2050)
(cherry picked from commit 8ea49fc0c7)
(cherry picked from commit a434c76f4b)
(cherry picked from commit c61e1b8797)
(cherry picked from commit 1ce9dc9def)
(cherry picked from commit a90927d0b1)
(cherry picked from commit 17ca38d29a)
(cherry picked from commit 70986dddc9)
Although it would be possible to modify these files, it would create
conflicts when rebasing. Instead, this commit removes them entirely
and another commit can start from scratch, borrowing content from the
original files.
The drawback of this approach is that some content updates from Gitea
that also need updating in Forgejo will have to be copy/pasted
instead of being merged.
(cherry picked from commit eb85782115)
(cherry picked from commit 34401f2004)
(cherry picked from commit ef43b1c691)
(cherry picked from commit d17fe25e2f)
(cherry picked from commit 3f65dea3e7)
(cherry picked from commit 3cacb64a1b)
(cherry picked from commit b531b014b7)
(cherry picked from commit adf6e7a840)
(cherry picked from commit 68c19d977d)
(cherry picked from commit 31aa8647ec)
(cherry picked from commit be70dd7208)
(cherry picked from commit 7f44bb60b1)
(cherry picked from commit 5098f1224b)
(cherry picked from commit dc7a859144)
(cherry picked from commit f1e78dd006)
(cherry picked from commit c41ba7a148)
(cherry picked from commit f1da66a918)
(cherry picked from commit 99194a3664)
(cherry picked from commit 52f356f6a9)
(cherry picked from commit c93ffa72ae)
(cherry picked from commit 477c7454d3)
(cherry picked from commit 413df23a40)
[DOCS] delete Gitea specific files that need rewriting for Forgejo (squash)
(cherry picked from commit df78cedd05)
(cherry picked from commit 3b9178b3e5)
(cherry picked from commit 9044dcb0e7)
(cherry picked from commit e138685bac)
(cherry picked from commit 2f1f3fd6b8)
(cherry picked from commit 0b47d02df6)
(cherry picked from commit 7625ca6c42)
(cherry picked from commit e0d720a728)
(cherry picked from commit 19aa974d12)
(cherry picked from commit bb637d398c)
(cherry picked from commit 5357fc952d)
(cherry picked from commit bee0395044)
(cherry picked from commit 5e574bfc8f)
Refs: https://codeberg.org/forgejo/website/pulls/230
(cherry picked from commit 87d56bf6c7)
[CI] Forgejo Actions based release process (squash)
base64 -w0 to avoid wrapping when the doer name is long as it creates
a broken config.json
(cherry picked from commit 9efdc27e49)
[CI] Forgejo Actions based release process (squash) generate .xz files and sources
Generate .xz files
Check .sha256
Generate the source tarbal
(cherry picked from commit 7afec520c4)
[CI] Forgejo Actions based release process (squash) release notes
(cherry picked from commit d8f4f4807b)
[CI] Forgejo Actions based release process (squash) publish and sign release
(cherry picked from commit a52778c747)
(cherry picked from commit cf2ec62740)
[CI] Forgejo Actions based release process (squash) version
use Actions environment variables in Makefile (#25319) (#25318)
uses Actions variable to determine the version. But Forgejo builds
happen in a container where they are not available. Do not use them.
Also verify the version of the binary is as expected for sanity check.
(cherry picked from commit 6decf111a1)
(cherry picked from commit 206d0b3886)
[CI] read STORED_VERSION_FILE if available
(cherry picked from commit af74085ebf)
[CI] backward compatible executable compilation
Add a new static-executable target to use in Dockerfiles and restore
the $(EXECUTABLE) target to what it was before to for backward
compatibility.
The release process now builds static executables instead of
dynamically linked ones which makes them more portable. It changes the
requirements at compile time and is not backward compatible. In
particular it may break packaging that rely on the target that
currently creates a dynamically linked executable.
(cherry picked from commit 84d02a174a)
(cherry picked from commit 854be47328)
[CI] Forgejo Actions based release process (squash) doc / ca / verbosity
- Document workflow
- Increase verbosity if VERBOSE=true
- Download the Certificate Authority if behind the VPN
(cherry picked from commit 168d5d5869)
(cherry picked from commit 8756c9a72a)
(cherry picked from commit 2dad7ef20f)
[CI] Forgejo Actions based release process (squash) add assets sources-tarbal
Refs: https://codeberg.org/forgejo/forgejo/issues/1115
(cherry picked from commit 5531d01f19)
[CI] Forgejo Actions based release process (squash) add assets sources-tarbal
bindata.go is a file, not a directory
Refs: https://codeberg.org/forgejo/forgejo/issues/1115
(cherry picked from commit bd88a44778)
(cherry picked from commit b408085138)
[CI] Forgejo Actions based release process (squash) public/assets moved
(cherry picked from commit d8c921d5a6)
(cherry picked from commit f29e50b1a09b1a22fc2dbdb77e9a1def1196175b)
[CI] Fix release notes link
- Use substitution to replace all dots with dashes.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1163
(cherry picked from commit 96783728f53a072915cace392aa269adfe9a5c73)
(cherry picked from commit c8d8bf8996)
[CI] pin go v1.20 for testing
Refs: https://codeberg.org/forgejo/forgejo/issues/1228
(cherry picked from commit fd4b5a013e)
(cherry picked from commit 00bb15f57f)
Conflicts:
Dockerfile
Dockerfile.rootless
see https://codeberg.org/forgejo/forgejo/pulls/1303
(cherry picked from commit 6e2be54a6d)
(cherry picked from commit 346c418b4a)
(cherry picked from commit 49061f8422)
(cherry picked from commit 8229d59b7e)
(cherry picked from commit 70d45d9193)
[CI] Forgejo Actions based release process (squash) need node 18
(cherry picked from commit 722b1f4590)
(cherry picked from commit a91d786169)
[CI] Forgejo Actions based release process (squash) fix indentation
(cherry picked from commit fbdf9d6abb)
(cherry picked from commit 2deff90a13)
(cherry picked from commit 5710a27fda)
[CI] Forgejo Actions based release process (squash) FQIN for docker
Refs: https://codeberg.org/forgejo/forgejo/issues/1600
(cherry picked from commit f63d38deb6)
[CI] Forgejo Actions based release process (squash) use forgejo-curl.sh
(cherry picked from commit f9d75d4705)
(cherry picked from commit 64f76f4ab2)
(cherry picked from commit 5d02454155)
[CI] Forgejo Actions workflows
(cherry picked from commit 3ff59b5379)
(cherry picked from commit 8af826a6f7)
(cherry picked from commit d7c09d9cc8)
[CI] use the docker label instead of ubuntu-latest
(cherry picked from commit b6a6470db6)
[CI] all tests need compliance before proceeding
(cherry picked from commit b35c496f2c)
(cherry picked from commit 36a4148a8e)
(cherry picked from commit 7ffcffa653)
(cherry picked from commit 8a246d296e)
(cherry picked from commit dd0b6e1826)
[CI] Forgejo Actions based release process (squash) MySQL optimization
Refs: https://codeberg.org/forgejo/forgejo/issues/976
(cherry picked from commit b4b8c489e6)
(cherry picked from commit 1e861db4af)
(cherry picked from commit a6c0e00330)
(cherry picked from commit f97b336465)
(cherry picked from commit 6d65d5f0d6f798556a8f9e547896be03a5ee2f87)
(cherry picked from commit 79bfbadbed)
(cherry picked from commit e86c40a34a)
(cherry picked from commit da0c454adb)
(cherry picked from commit b49d892cda)
[CI] enable minio tests
(cherry picked from commit 4d8f438031)
(cherry picked from commit c4eeb0a61e)
[CI] Forgejo Actions based CI for PR & branches (squash) cleanup
(cherry picked from commit 80eb20e842)
(cherry picked from commit d2ff589858)
(cherry picked from commit f6eedecb67)
(cherry picked from commit cf458091e2)
(cherry picked from commit ddd322cb2d)
(cherry picked from commit f0f5729b64)
Conflicts:
.github/workflows/pull-db-tests.yml
https://codeberg.org/forgejo/forgejo/pulls/1573
(cherry picked from commit bb347aedd4)
(cherry picked from commit 8b11cab677)
(cherry picked from commit be59270696)
(cherry picked from commit e068f8b191)
(cherry picked from commit 7855bb0c60)
(cherry picked from commit 45c4c8f443)
(cherry picked from commit 89520d67ff)
(cherry picked from commit 15eeb417a4)
(cherry picked from commit 6db53a2643)
(cherry picked from commit 2f689b321f)
(cherry picked from commit 04dc478314c3b4927cca78c354ca46ee217f035a)
(cherry picked from commit a554624f40)
(cherry picked from commit abca05f0d1)
(cherry picked from commit dc13e7eb22)
(cherry picked from commit a161c5740e)
(cherry picked from commit 06d33e2773)
(cherry picked from commit f536275161)
(cherry picked from commit 84ac6f314a)
(cherry picked from commit 1e8126edfc)
(cherry picked from commit 0287ac3416)
(cherry picked from commit 3e5fca2aae)
(cherry picked from commit a1381d9146fba42cb97d72d38525fa3e721bfb03)
(cherry picked from commit 74714e0246)
(cherry picked from commit 7749dbfe66)
(cherry picked from commit 4379249711)
(cherry picked from commit a69f55bebf)
(cherry picked from commit 24dd5fbfdb)
(cherry picked from commit dda856d6b8)
(cherry picked from commit bc14f4fa97)
(cherry picked from commit 78fef4f137)
(cherry picked from commit 69e013cc51)
(cherry picked from commit f173c6a273)
(cherry picked from commit e1bbfa3619)
(cherry picked from commit 91245ca917)
(cherry picked from commit 705d0558be)
(cherry picked from commit 9247594970)
(cherry picked from commit 9db1158a48)
(cherry picked from commit 3b36b77d87)
(cherry picked from commit 162fa1d8ae)
(cherry picked from commit d03d0afbb5)
(cherry picked from commit 7b8f92f787)
(cherry picked from commit 035abca969)
(cherry picked from commit a8fbf6bb56)
(cherry picked from commit 3be681d037b07880236cae1aa70245e5eb4d1497)
(cherry picked from commit 7e5d471c83)
(cherry picked from commit 323801d935)
(cherry picked from commit 3fdfe4bfea)
(cherry picked from commit 58a07421a4)
(cherry picked from commit dbb71a4c85)
(cherry picked from commit d442113520)
(cherry picked from commit d3329f01f8)
(cherry picked from commit 069a1d68b8)
(cherry picked from commit 14919e609a)
(cherry picked from commit 49b76be106)
(cherry picked from commit 6d910daafb)
(cherry picked from commit d447861cc9)
(cherry picked from commit dc6e9d8799)
(cherry picked from commit ef232fa20c)
(cherry picked from commit 290c55517a)
(cherry picked from commit db48af1784)
(cherry picked from commit 85f33237a2)
(cherry picked from commit 76899ee33e)
(cherry picked from commit 148b3ee9cb)
(cherry picked from commit 1f6ad8f465)
(cherry picked from commit c330afdba3)
(cherry picked from commit b1f87075a7)
(cherry picked from commit 7da40992cc)
(cherry picked from commit 7ab19ff5e5)
(cherry picked from commit e61e44921b)
(cherry picked from commit 83646119fb)
(cherry picked from commit 20cf748e61)
(cherry picked from commit 0a99919cec)
(cherry picked from commit 21215222a6)
(cherry picked from commit 0f6c5658d7)
(cherry picked from commit 1752e43d3c)
(cherry picked from commit 2332080929)
(cherry picked from commit 590aabf2a2)
(cherry picked from commit 87d8b7b315c3e25bd3fcf9dc9c1d359bcd107281)
(cherry picked from commit ff37de38be)
(cherry picked from commit cee32c9e7a)
(cherry picked from commit 39faade524)
(cherry picked from commit 0e5ca477b6)
(cherry picked from commit 70e2730f7b)
(cherry picked from commit 2ad4003944)
(cherry picked from commit 2429de9e87)
(cherry picked from commit c133915fc1)
(cherry picked from commit c607dcaf9f)
(cherry picked from commit 00f006637f)
- The review type '22' is a general comment type that is attached to
single codecomments, reviews with multiple comments or to simple approve
and request changes comment. This comment can be used to create a link
towards this action on an pull request.
- Adds an anchor to the review comment type, so that when its getting
linked to it, it actually jumps towards that event.
- This also now fixes the behavior that after you created a review you
will be redirected to that review and because this is an general comment
type other mails will also be 'fixed' such as the approved or request
changes.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1248
(cherry picked from commit 1741a5f1fe)
---------
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: Caesar Schinas <caesar@caesarschinas.com>
Fixes#27598
In #27080, the logic for the tokens endpoints were updated to allow
admins to create and view tokens in other accounts. However, the same
functionality was not added to the DELETE endpoint. This PR makes the
DELETE endpoint function the same as the other token endpoints and adds unit tests
Closes#27455
> The mechanism responsible for long-term authentication (the 'remember
me' cookie) uses a weak construction technique. It will hash the user's
hashed password and the rands value; it will then call the secure cookie
code, which will encrypt the user's name with the computed hash. If one
were able to dump the database, they could extract those two values to
rebuild that cookie and impersonate a user. That vulnerability exists
from the date the dump was obtained until a user changed their password.
>
> To fix this security issue, the cookie could be created and verified
using a different technique such as the one explained at
https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies.
The PR removes the now obsolete setting `COOKIE_USERNAME`.
1. `make build` fails because `||` and `&&` have the same precedence in
sh/bash, so the `false` command always evaluated (leading to an error).
```
+ which gmake /usr/local/bin/gmake
+ false
*** Failed target: .BEGIN
*** Failed command: which "gmake" || printf "Error: GNU Make is
required!\n\n" 1>&2 && false
*** Error code 1
```
2. When `GPREFIX` is set to an empty string with quotation marks,
`gmake` mistakenly thinks that it's a file name:
``` gmake: *** empty string invalid as file name. Stop. ```
1. Dropzone attachment removal, pretty simple replacement
2. Image diff: The previous code fetched every image twice, once via
`img[src]` and once via `$.ajax`. Now it's only fetched once and a
second time only when necessary. The image diff code was partially
rewritten.
---------
Co-authored-by: Giteabot <teabot@gitea.io>
assert.Fail() will continue to execute the code while assert.FailNow()
not. I thought those uses of assert.Fail() should exit immediately.
PS: perhaps it's a good idea to use
[require](https://pkg.go.dev/github.com/stretchr/testify/require)
somewhere because the assert package's default behavior does not exit
when an error occurs, which makes it difficult to find the root error
reason.
- Currently in the cron tasks, the 'Previous Time' only displays the
previous time of when the cron library executes the function, but not
any of the manual executions of the task.
- Store the last run's time in memory in the Task struct and use that,
when that time is later than time that the cron library has executed
this task.
- This ensures that if an instance admin manually starts a task, there's
feedback that this task is/has been run, because the task might be run
that quick, that the status icon already has been changed to an
checkmark,
- Tasks that are executed at startup now reflect this as well, as the
time of the execution of that task on startup is now being shown as
'Previous Time'.
- Added integration tests for the API part, which is easier to test
because querying the HTML table of cron tasks is non-trivial.
- Resolves https://codeberg.org/forgejo/forgejo/issues/949
(cherry picked from commit fd34fdac14)
---------
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: silverwind <me@silverwind.io>