Earl Warren
b670f111ff
Merge pull request 'cron task to cleanup dangling container images with version sha256:*' ( #4698 ) from earl-warren/forgejo:wip-container-cleanup into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4698
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-22 08:09:19 +00:00
Earl Warren
801ae21200
Merge pull request 'Forgejo v9.0 is GPLv3+' ( #4737 ) from earl-warren/forgejo:wip-pr-4684 into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4737
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-22 08:07:58 +00:00
Earl Warren
f19f31ac73
cron task to cleanup dangling container images with version sha256:*
...
Fixes: https://codeberg.org/forgejo/forgejo/issues/4378
2024-08-22 09:10:15 +02:00
Twenty Panda
94631ccef6
Forgejo v9.0 is GPLv3+
...
* display Forgejo license first
* do not send go-license in a loop because Gitea & Forgejo have
different licenses
Refs: 62ac0cc334/AGREEMENTS.md
2024-08-22 09:09:29 +02:00
Codeberg Translate
d30be160c9
i18n: update of translations from Codeberg Translate ( #4984 )
...
Translations update from [Codeberg Translate](https://translate.codeberg.org ) for [Forgejo/forgejo](https://translate.codeberg.org/projects/forgejo/forgejo/ ).
Current translation status:
![Weblate translation status](https://translate.codeberg.org/widget/forgejo/forgejo/horizontal-auto.svg )
<!--start release-notes-assistant-->
## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-- >
- Localization
- [PR](https://codeberg.org/forgejo/forgejo/pulls/4984 ): <!--number 4984 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
<!--end release-notes-assistant-->
Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: qui <qui@users.noreply.translate.codeberg.org>
Co-authored-by: hahahahacker2009 <hahahahacker2009@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: Outbreak2096 <Outbreak2096@users.noreply.translate.codeberg.org>
Co-authored-by: Wuzzy <Wuzzy@users.noreply.translate.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: fnetX <otto@codeberg.org>
Co-authored-by: Panagiotis \"Ivory\" Vasilopoulos <git@n0toose.net>
Co-authored-by: emansije <emansije@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4984
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
2024-08-22 06:23:28 +00:00
Renovate Bot
3dbeafa7ba
Update module github.com/meilisearch/meilisearch-go to v0.28.0
2024-08-22 00:04:14 +00:00
Solomon Victorino
a4814bca2d
fix(ui): prevent exceptions on other users' repo migration pages
...
- don't expect the retry button to always be attached
- don't parse status response as JSON when it was a login redirect
- add E2E test
2024-08-21 19:57:08 +00:00
Gusted
e3243a9465
Merge pull request 'feat(ui): Add rel="nofollow"
to in-list labels' ( #5002 ) from xlii/forgejo:forgejo into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5002
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-21 19:54:59 +00:00
Gusted
0c2ec195e4
Merge pull request 'Update dependency eslint-plugin-no-jquery to v3 (forgejo)' ( #5054 ) from renovate/forgejo-eslint-plugin-no-jquery-3.x into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5054
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-21 19:45:56 +00:00
Renovate Bot
f0da48dd4d
Update dependency eslint-plugin-no-jquery to v3
2024-08-21 16:18:41 +00:00
Gusted
61e018f8b4
Merge pull request '[SEC] Add keying
module' ( #5041 ) from gusted/sec-keying into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5041
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-21 15:19:44 +00:00
Gusted
a054201e20
Merge pull request 'Fix naming consistency and remove unused strings in teams' ( #5052 ) from 0ko/forgejo:i18n-admin into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5052
Reviewed-by: Otto <otto@codeberg.org>
2024-08-21 14:57:11 +00:00
Gusted
f0fa959c4e
Merge pull request 'fix: release: Forgejo version is not set' ( #5042 ) from earl-warren/forgejo:wip-dockerfile into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5042
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-21 14:25:54 +00:00
Gusted
eea9ba5bfb
Merge pull request 'Update golang packages (forgejo) (minor)' ( #5048 ) from renovate/forgejo-minor-1.23-golang-packages into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5048
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-21 14:17:43 +00:00
Gusted
12f97ef51f
[SEC] Add keying
module
...
The keying modules tries to solve two problems, the lack of key
separation and the lack of AEAD being used for encryption. The currently
used `secrets` doesn't provide this and is hard to adjust to provide
this functionality.
For encryption, the additional data is now a parameter that can be used,
as the underlying primitive is an AEAD constructions. This allows for
context binding to happen and can be seen as defense-in-depth; it
ensures that if a value X is encrypted for context Y (e.g. ID=3,
Column="private_key") it will only decrypt if that context Y is also
given in the Decrypt function. This makes confused deputy attack harder
to exploit.[^1]
For key separation, HKDF is used to derives subkeys from some IKM, which
is the value of the `[service].SECRET_KEY` config setting. The context
for subkeys are hardcoded, any variable should be shuffled into the the
additional data parameter when encrypting.
[^1]: This is still possible, because the used AEAD construction is not
key-comitting. For Forgejo's current use-case this risk is negligible,
because the subkeys aren't known to a malicious user (which is required
for such attack), unless they also have access to the IKM (at which
point you can assume the whole system is compromised). See
https://scottarc.blog/2022/10/17/lucid-multi-key-deputies-require-commitment/
2024-08-21 16:06:17 +02:00
Otto
86be767939
Merge pull request 'Refactor some forms: semantic HTML, usability, accessibility, less JS' ( #5031 ) from fnetx/css-only-hide into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5031
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-08-21 13:50:37 +00:00
0ko
b65a1312b3
i18n(en): remove unused strings related to team permissions
...
Added in 72aa5a20ec
.
Dropped in cb41f5cae1
.
2024-08-21 18:41:07 +05:00
0ko
a1c87db46f
i18n(en): fix administrator access naming consistency
2024-08-21 18:39:51 +05:00
Otto Richter
83d2b3b7fa
Implement CSS-only input toggling, refactor related forms
...
UX/Translation changes:
- new teams: remove redundant tooltips that don't add meaningful information
- move general information to table fieldset
- new teams: rename "general" to "custom" access for clarity
- new teams: show labels beside options on mobile
Accessibility:
- semantic form elements allow easier navigation (fieldset, mostly)
- improve better labelling of new teams table
- fix accessibility scan issues
- TODO: the parts that "disable" form elements were not yet touched and
are not really accessible to screenreaders
Technical:
- replace two JavaScript solutions with one CSS standard
- implement a simpler grid (.simple-grid)
- simplify markup
- remove some webhook settings specific CSS
Testing:
- check more form content for accessibility issues
- but exclude tooltips from the scan :(
- reuse existing form tests from previous PR
2024-08-21 15:03:19 +02:00
Otto
c20c534b90
Merge pull request 'fix: validate title length when updating an issue' ( #4809 ) from thilinajayanath/forgejo:validate-issue-title-update into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4809
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-21 12:55:26 +00:00
Renovate Bot
df907ec7f9
Update golang packages
2024-08-21 09:58:16 +00:00
Earl Warren
6ea97ffe9b
Merge pull request 'chore(renovate): fix grouping' ( #5047 ) from viceice/forgejo:chore/renovate/grouping into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5047
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-21 09:45:34 +00:00
Michael Kriese
d9d7f8dc92
chore(renovate): fix grouping
2024-08-21 11:27:19 +02:00
Michael Kriese
f4b6da00fb
Merge pull request 'chore(renovate): bump go version inside go.mod' ( #5044 ) from viceice/forgejo:chore/renovate/gomod into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5044
2024-08-21 08:44:45 +00:00
Michael Kriese
171e4cc3be
chore(renovate): bump go version inside go.mod
2024-08-21 10:10:00 +02:00
thilinajayanath
1e922d906f
validate the title length when updating an issue and add integration test for issue title update
...
using middleware validator to validate title length on update
use error name from binding package
add integration test for title update
rebase upstream and update test var name
fix test slice formatting
just a try (#1 )
Reviewed-on: https://codeberg.org/thilinajayanath/forgejo/pulls/1
Co-authored-by: Otto Richter <git@otto.splvs.net>
Co-committed-by: Otto Richter <git@otto.splvs.net>
fix errors + add test for 255 char title
fix test domain
fix CSRF token error on test
updaate result struct that's used to decode the json response
add json tags for struct and check changed title when http 200 is received
try to decode the title if the request succeeded
add comment in integration test
2024-08-21 08:56:52 +02:00
Earl Warren
6c8d9823ac
fix: release: Forgejo version is not set
...
LDFLAGS="-buildid=" must be set in the environment so the Makefile
adds to it. Setting it via the make arguments overrides it and removes
the -X "main.*Version" arguments which are used to set the Forgejo
version of the binary.
Regression introduced in [CHORE] Support reproducible builds' (#4970 )
2024-08-21 07:27:38 +02:00
Gusted
821875e057
Merge pull request 'Update dependency chart.js to v4.4.4 (forgejo)' ( #5037 ) from renovate/forgejo-chart.js-4.x into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5037
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-21 03:17:48 +00:00
Gusted
35cc077d82
Merge pull request 'Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.60.2 (forgejo)' ( #5039 ) from renovate/forgejo-github.com-golangci-golangci-lint-cmd-golangci-lint-1.x into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5039
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-21 03:13:43 +00:00
Renovate Bot
63faeb365c
Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.60.2
2024-08-21 02:03:34 +00:00
Renovate Bot
b8690562d2
Update dependency chart.js to v4.4.4
2024-08-21 00:03:20 +00:00
Gusted
5b81cab0ed
Merge pull request '[CHORE] Support reproducible builds' ( #4970 ) from gusted/forgejo-reproducible-builds into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4970
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Radosław Piliszek <radek@piliszek.it>
2024-08-20 18:14:33 +00:00
Gusted
68cc61b537
Add integration test
2024-08-20 19:09:22 +02:00
Gusted
9111eb3473
Merge pull request '[PORT] Fix overflow for images on project cards (gitea#31683)' ( #5029 ) from gusted/forgejo-bp-gt-31683 into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5029
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-08-20 16:11:42 +00:00
Gusted
0764b7c18b
[UI] Remove snapping for images on project cards
...
Remove the snapping of the images on the projects cards, the images are
way too small to notice that when scrolling you're being snapped to
these images and when you do notice it, it doesn't make sense as you
wouldn't expect it to be snapped.
2024-08-20 16:02:52 +02:00
Simon Priet
8e46efef95
[PORT] Scroll images in project issues separately from the remaining issue (gitea#31683)
...
As discussed in https://github.com/go-gitea/gitea/issues/31667 &
https://github.com/go-gitea/gitea/issues/26561 , when a card on a Project
contains images, they can overflow the card on its containing column.
This aims to fix this issue via snapping scrollbars.
---
Conflict resolution: none
(cherry picked from commit fe7c9416777243264e8482d3af29e30c2b671074)
2024-08-20 15:54:22 +02:00
Otto
d9ae23188f
Merge pull request 'chore(renovate): F3 is under development, update quarterly' ( #5025 ) from earl-warren/forgejo:wip-f3-renovate into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5025
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-20 13:52:38 +00:00
Otto
01a153555a
Merge pull request 'chore(CODEOWNERS): @earl-warren watches over all PRs [skip ci]' ( #5027 ) from earl-warren/forgejo:wip-codeowner into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5027
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-08-20 13:51:38 +00:00
Gusted
f28cde134e
Merge pull request '[UI] Adjust trailing EOL behavior for empty file' ( #5013 ) from gusted/forgejo-adjust-eol into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5013
Reviewed-by: Otto <otto@codeberg.org>
2024-08-20 13:42:04 +00:00
Michael Kriese
0d45ed0faa
Merge pull request 'chore(renovate): better linter and postcss grouping' ( #5026 ) from viceice/forgejo:chore/renovate/grouping into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5026
2024-08-20 07:03:45 +00:00
Earl Warren
c76a73ad35
Merge pull request '[gitea] week 2024-34 cherry pick (gitea/main -> forgejo)' ( #4998 ) from earl-warren/wcp/2024-34 into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4998
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-20 06:32:09 +00:00
Earl Warren
5a58741879
chore(CODEOWNERS): @earl-warren watches over all PRs
...
As I watch all PRs created daily, there is no need to rely on the
CODEOWNERS logic for me to be notified that it exists.
2024-08-20 08:24:48 +02:00
Michael Kriese
bf609ce874
chore(renovate): better linter and postcss grouping
2024-08-20 08:14:08 +02:00
Earl Warren
0c2d527aec
chore(renovate): F3 is under development, update quarterly
2024-08-20 08:02:00 +02:00
Earl Warren
027a2fb0a4
Merge pull request 'Update dependency @axe-core/playwright to v4.10.0 (forgejo)' ( #5021 ) from renovate/forgejo-axe-core-playwright-4.x into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5021
Reviewed-by: Otto <otto@codeberg.org>
2024-08-20 05:57:07 +00:00
Gusted
85cd07a263
Merge pull request 'Update dependency mini-css-extract-plugin to v2.9.1 (forgejo)' ( #5020 ) from renovate/forgejo-mini-css-extract-plugin-2.x into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5020
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-20 00:43:37 +00:00
Renovate Bot
74ebb47509
Update dependency @axe-core/playwright to v4.10.0
2024-08-20 00:04:06 +00:00
Renovate Bot
b8f56fd3ca
Update dependency mini-css-extract-plugin to v2.9.1
2024-08-20 00:03:53 +00:00
Gusted
0692cc2cc1
[BUG] First user created through reverse proxy should be admin
...
- Currently users created through the reverse proxy aren't created
trough the normal route of `createAndHandleCreatedUser` as this does a
lot of other routines which aren't necessary for the reverse proxy auth,
however one routine is important to have: the first created user should
be an admin. This patch adds that code
- Adds unit test.
- Resolves #4437
2024-08-19 21:04:35 +02:00
Gusted
e9a89a188e
[UI] Adjust trailing EOL behavior for empty file
...
- Follow up #4835
- Currently for empty files (file size is shown in the file header) the
"No EOL" information is being shown, even though it doesn't really
make sense to show that for empty files.
- Add integration test.
- Ref: https://codeberg.org/Codeberg/Community/issues/1612#issuecomment-2169437
2024-08-19 20:23:15 +02:00