Commit graph

20120 commits

Author SHA1 Message Date
Earl Warren 3bfec270ac
chore(dependency): whitelist mholt/archiver/v3 CVE-2024-0406
It is not possible to tell vulncheck that Forgejo is not affected by
CVE-2024-0406. Use a mirror of the repository to do that.

Refs: https://github.com/mholt/archiver/issues/404
2024-06-05 22:07:40 +02:00
Earl Warren 14174896ad Merge pull request 'Update ghcr.io/visualon/renovate Docker tag to v37.391.2' (#4006) from renovate/ghcr.io-visualon-renovate-37.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4006
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-06-05 18:22:16 +00:00
Renovate Bot 8dd72661af Update ghcr.io/visualon/renovate Docker tag to v37.391.2 2024-06-05 16:08:45 +00:00
Earl Warren 592469464b
test(oauth): RFC 6749 Section 10.2 conformance
See:

1b088fade6 Prevent automatic OAuth grants for public clients
07fe5a8b13 use existing oauth grant for public client
2024-06-05 17:50:15 +02:00
Earl Warren 432d1ff9a6 Merge pull request 'fix(oauth): HTML snippets in templates can be displayed' (#4028) from earl-warren/forgejo:wip-html-templates into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4028
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-06-05 15:14:46 +00:00
Earl Warren 9ca80d30ce Merge pull request '[gitea] webhooks openproject compatible (gitea#28435)' (#4027) from oliverpool/forgejo:gitea-cp-28435 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4027
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-05 15:13:49 +00:00
Earl Warren 63f7a14883 Merge pull request 'test(oauth): coverage for the redirection of a denied grant' (#4026) from earl-warren/forgejo:wip-oauth into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4026
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
2024-06-05 13:59:19 +00:00
oliverpool 8763225972 add release note 2024-06-05 15:58:51 +02:00
André Rosenhammer fb7b17d240 Make gitea webhooks openproject compatible (gitea#28435)
This PR adds some fields to the gitea webhook payload that
[openproject](https://www.openproject.org/) expects to exists in order
to process the webhooks.
These fields do exists in Github's webhook payload so adding them makes
Gitea's native webhook more compatible towards Github's.
2024-06-05 15:58:51 +02:00
oliverpool 1013da463f test: webhook open project expected fields 2024-06-05 15:58:51 +02:00
Earl Warren caadd1815a
fix(oauth): HTML snippets in templates can be displayed
These changes were missed when cherry-picking the following

c9d0e63c202827756c637d9ca7bbde685c1984b7 Remove unnecessary "Str2html" modifier from templates (#29319)

Fixes: https://codeberg.org/forgejo/forgejo/issues/3623
2024-06-05 15:42:50 +02:00
Earl Warren d7aaa0c6ef Merge pull request 'chore(renovate): optimize config' (#4023) from viceice/renovate-optimize into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4023
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Victoria <efertone@noreply.codeberg.org>
2024-06-05 13:29:33 +00:00
Earl Warren 32c882af91
test(oauth): coverage for the redirection of a denied grant
See 886a675f62 Return `access_denied` error when an OAuth2 request is denied
2024-06-05 12:51:44 +02:00
Earl Warren 37253aae1f Merge pull request 'test(avatar): deleting a user avatar is idempotent' (#4024) from earl-warren/forgejo:wip-delete-avatar into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4024
Reviewed-by: Victoria <efertone@noreply.codeberg.org>
2024-06-05 09:50:39 +00:00
Michael Kriese 4a3197fbc5
chore(renovate): optimize config 2024-06-05 10:09:54 +02:00
Earl Warren d4eeb06a20 Merge pull request 'chore(dependency): remove GitHub specific actionlint dependency' (#4022) from earl-warren/forgejo:wip-lint-actions into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4022
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-06-05 07:31:57 +00:00
Earl Warren 2386206fe0 Merge pull request 'Update elasticsearch Docker tag to v7.17.21' (#4018) from renovate/elasticsearch-7.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4018
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-05 07:30:09 +00:00
Earl Warren d2c4d833f4
test(avatar): deleting a user avatar is idempotent
If the avatar file in storage does not exist, it is not an error and
the database can be updated.

See 1be797faba Fix bug on avatar
2024-06-05 09:10:42 +02:00
Earl Warren 3f86741de7 Merge pull request 'Update dependency go to v1.22' (#4021) from earl-warren/forgejo:wip-go-1.22 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4021
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-06-05 06:51:39 +00:00
Earl Warren 1e2d51eb77
chore(dependency): remove GitHub specific actionlint dependency
Forgejo has no GitHub workflows. The actionlint CLI is not flexible
enough to be used for the validation of Forgejo Actions.
2024-06-05 08:45:17 +02:00
Earl Warren 8b5642949a Merge pull request 'Update module github.com/rhysd/actionlint/cmd/actionlint to v1.7.1' (#4019) from renovate/github.com-rhysd-actionlint-cmd-actionlint-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4019
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-05 06:00:42 +00:00
Earl Warren b3bcae8bd6
Update dependency go to v1.22
There is no need to pin the patch release for the build
environment. They are backward compatible and it prevents security
upgrades to be taken into account.
2024-06-05 07:38:42 +02:00
Renovate Bot 6c4855e1eb Update module github.com/rhysd/actionlint/cmd/actionlint to v1.7.1 2024-06-05 00:05:27 +00:00
Renovate Bot c071bdaf96 Update elasticsearch Docker tag to v7.17.21 2024-06-05 00:05:10 +00:00
Earl Warren 1b3ccfffe8 Merge pull request 'test(avatar): deleting a user avatar and file is atomic' (#4015) from earl-warren/forgejo:wip-delete-avatar into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4015
Reviewed-by: Victoria <efertone@noreply.codeberg.org>
2024-06-04 22:38:07 +00:00
Earl Warren df4af6127f Merge pull request 'feat(release): upgrade to golang:1.22-alpine3.20' (#4016) from earl-warren/forgejo:wip-alpine into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4016
Reviewed-by: Victoria <efertone@noreply.codeberg.org>
2024-06-04 22:26:51 +00:00
Earl Warren c139efb1e9
test(avatar): deleting a user avatar and file is atomic
The avatar must not be unset in the database if there is a failure to
remove the avatar file from storage (file or S3). The two operations
are wrapped in a transaction for that purpose and this test verifies
it is effective.

See 1be797faba Fix bug on avatar
2024-06-05 00:06:41 +02:00
Earl Warren d71afb71da
feat(release): upgrade to golang:1.22-alpine3.20
This reverts commit d59ed64345.
2024-06-04 23:50:47 +02:00
Earl Warren 20148e061a
test(storage): export UninitializedStorage to simulate failure 2024-06-04 23:20:20 +02:00
Earl Warren d60ea440f6 Merge pull request 'chore(deps): update module github.com/redis/go-redis/v9 to v9.5.2' (#4013) from efertone/forgejo:update-go-redis-to-v9.5.2 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4013
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-04 14:53:43 +00:00
Victoria Nadasdi b80677d009
chore(deps): update module github.com/redis/go-redis/v9 to v9.5.2
Renovate tried to update redis/go-redis, but failed because they changes
the interface, they added two new functions: `BitFieldRO` and
`ObjectFreq`.

Changes:
- Update redis/go-redis
- Run mockgen:
  ```
  mockgen -package mock -destination ./modules/queue/mock/redisuniversalclient.go  github.com/redis/go-redis/v9 UniversalClient
  ```

References:
- https://codeberg.org/forgejo/forgejo/pulls/4009
2024-06-04 12:38:35 +02:00
Earl Warren c2382d4f5b Merge pull request '[gitea] week 2024-23 cherry pick (gitea/main -> forgejo)' (#3989) from earl-warren/wcp/2024-23 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3989
Reviewed-by: Otto <otto@codeberg.org>
2024-06-04 07:40:35 +00:00
Mai-Lapyst e58ce86264 Update the elasticsearch mappings for issues to use long instead of integer for int64 (#3982)
This updates the mapping definition of the elasticsearch issue indexer backend to use `long` instead of `integer`s wherever the go type is a `int64`. Without it larger instances could run into an issue.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3982
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Co-committed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
2024-06-04 07:37:59 +00:00
Earl Warren 507c0143ee Merge pull request 'Update air package URL' (#4011) from 0ko/forgejo:fix-air into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4011
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-04 07:30:51 +00:00
0ko fff9283ca4 Update air package URL 2024-06-04 11:52:58 +05:00
0ko 6672cf0812 Fix org view on mobile for members (#3949)
The row of buttons on the org view is pretty bad on mobile, as it doesn't leave enough space for the org name. My recent PR 3642 made it worse. I added a mitigation to allow buttons to go to an other row, so that the layout is usable on mobile. It is still non-ideal as it will continue going out of bounds on small screens, but is much better.

## Preview

[Old preview](/attachments/1e280a77-533c-41b5-954d-b336f1b72186)

![](/attachments/4a2c45e2-7da8-4d87-afb7-7c281e14c756)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3949
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Beowulf <beowulf@noreply.codeberg.org>
2024-06-04 04:08:54 +00:00
Earl Warren c2f1d55c0e Merge pull request 'docs(release): catch up on release notes' (#4003) from earl-warren/forgejo:wip-release-notes-v8.0 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4003
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
Reviewed-by: Victoria <efertone@noreply.codeberg.org>
2024-06-03 08:15:59 +00:00
Earl Warren 7e8890cc55
docs(release): add release notes 2024-06-03 10:03:29 +02:00
Earl Warren 446ab058e3 Merge pull request 'chore(dependency): renovate is used for managing updates' (#4002) from earl-warren/forgejo:wip-js-udpate into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4002
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-06-03 07:14:39 +00:00
Earl Warren 1571052a74
[skip ci] docs(release): week 2024-21-v7.0 cherry pick
Refs: https://codeberg.org/forgejo/forgejo/pulls/3859
2024-06-03 09:12:49 +02:00
Earl Warren eee908d02c
[skip ci] docs(release): week 2024-21 cherry pick
Refs: https://codeberg.org/forgejo/forgejo/pulls/3838
2024-06-03 09:11:17 +02:00
Earl Warren d43ce30663
[skip ci] docs(release): week 2024-22 cherry pick
Refs: https://codeberg.org/forgejo/forgejo/pulls/3917
2024-06-03 08:24:21 +02:00
Earl Warren dcc9a1ae15 Merge pull request 'Update ghcr.io/visualon/renovate Docker tag to v37.385.0' (#3966) from renovate/ghcr.io-visualon-renovate-37.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3966
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-03 05:30:08 +00:00
Earl Warren e9ee514c9a
chore(dependency): renovate is used for managing updates
Remove https://github.com/silverwind/updates as a dependency
2024-06-03 07:21:19 +02:00
Renovate Bot 87b4a169ca Update ghcr.io/visualon/renovate Docker tag to v37.385.0 2024-06-02 22:06:00 +00:00
Earl Warren 0bf83db41b Merge pull request 'Update dependency @github/text-expander-element to v2.7.1' (#3939) from renovate/github-text-expander-element-2.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3939
Reviewed-by: Otto <otto@codeberg.org>
2024-06-02 21:36:31 +00:00
Earl Warren bbdba70db6 Merge pull request 'fix(hook): repo admins are wrongly denied the right to force merge' (#3976) from earl-warren/forgejo:wip-admin-protection into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3976
Reviewed-by: Victoria <efertone@noreply.codeberg.org>
2024-06-02 19:48:44 +00:00
Earl Warren 09f3518069
fix(hook): repo admins are wrongly denied the right to force merge
The right to force merge is uses the wrong predicate and
applies to instance admins:

  ctx.user.IsAdmin

It must apply to repository admins and use the following predicate:

 ctx.userPerm.IsAdmin()

This regression is from the ApplyToAdmins implementation in
79b7089360.

Fixes: https://codeberg.org/forgejo/forgejo/issues/3780
2024-06-02 21:16:46 +02:00
Lunny Xiao 62448bfb93
Fix push multiple branches error with tests (#31151)
(cherry picked from commit 5c1b550e00e9460078e00c41a32d206b260ef482)

Conflicts:
	tests/integration/git_push_test.go
	trivial context conflict because of
	2ac3dcbd43 test: hook post-receive for sha256 repos
2024-06-02 20:39:42 +02:00
Earl Warren b1c16a673d Merge pull request 'Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.59.0' (#3971) from renovate/github.com-golangci-golangci-lint-cmd-golangci-lint-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3971
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-02 16:24:19 +00:00