Commit graph

17578 commits

Author SHA1 Message Date
Earl Warren 8a5a7a88be
[REFACTOR] cli: prepareWorkPathAndCustomConf is not just for actions
Split prepareWorkPathAndCustomConf out of the actions sub-command.

In the CLI prepareWorkPathAndCustomConf is a preparation step that is
needed before running the sub-command actions in the Forgejo CLI. It
is currently specific to this sub-command but it will be useful for
other sub-commands such as F3.
2024-02-25 09:54:25 +01:00
Earl Warren b7ea2ea463 Merge pull request 'Fixes #2452 - Skipping SHA256 tests if unsupported' (#2456) from lhinderberger/forgejo:2452-skip-sha256-if-unsupported into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2456
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-24 16:55:05 +00:00
Lucas Hinderberger c8ae3498e7 gofmt-ed modules/git/utils_test.go due to linter 2024-02-24 15:53:38 +01:00
Earl Warren 3471adb14a Merge pull request '[FEAT] Enable ambiguous character detection in configured contexts' (#2427) from gusted/forgejo-ambigious-characters into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2427
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
2024-02-24 12:25:31 +00:00
Earl Warren bc8d61d12e Merge pull request '[FEAT] Restrict file size of blame operation' (#2395) from gusted/forgejo-blame-restrict into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2395
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-23 23:17:02 +00:00
Lucas Hinderberger a4b0c0edc5 Fixes #2452 - Skipping SHA256 tests if unsupported
The test suite was broken e.g. on Debian 12 due to requiring a very
recent version of Git installed on the system. This commit skips SHA256
tests in the git module, if a Git version older than 2.42 or gogit is used.
2024-02-24 00:14:24 +01:00
Earl Warren b8563acedb Merge pull request '[CI] name the test release after the latest v*-dev tag' (#2448) from earl-warren/forgejo:wip-release-number into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2448
2024-02-23 16:31:51 +00:00
Earl Warren 2762dd9597
[CI] name the test release after the latest v*-dev tag
Also ignore the *-test tags when figuring out the Forgejo version,
they exist in the integration repository and experimental repository
for daily releases.
2024-02-23 15:37:46 +01:00
Earl Warren 6531d765a0 Merge pull request 'Fixes & Improvements for English locale' (#2437) from 0ko/forgejo:english240222 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2437
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-23 12:22:51 +00:00
Gusted 5b3a82d621
[FEAT] Enable ambiguous character detection in configured contexts
- The ambiguous character detection is an important security feature to
combat against sourcebase attacks (https://trojansource.codes/).
- However there are a few problems with the feature as it stands
today (i) it's apparantly an big performance hitter, it's twice as slow
as syntax highlighting (ii) it contains false positives, because it's
reporting valid problems but not valid within the context of a
programming language (ambiguous charachters in code comments being a
prime example) that can lead to security issues (iii) charachters from
certain languages always being marked as ambiguous. It's a lot of effort
to fix the aforementioned issues.
- Therefore, make it configurable in which context the ambiguous
character detection should be run, this avoids running detection in all
contexts such as file views, but still enable it in commits and pull
requests diffs where it matters the most. Ideally this also becomes an
per-repository setting, but the code architecture doesn't allow for a
clean implementation of that.
- Adds unit test.
- Adds integration tests to ensure that the contexts and instance-wide
is respected (and that ambigious charachter detection actually work in
different places).
- Ref: https://codeberg.org/forgejo/forgejo/pulls/2395#issuecomment-1575547
- Ref: https://codeberg.org/forgejo/forgejo/issues/564
2024-02-23 13:12:17 +01:00
Earl Warren 894a0eff9f Merge pull request 'Artifact deletion: port of gitea#27172 and gitea#29241' (#2431) from algernon/forgejo:gitea-port/artifact-deletion into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2431
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-23 12:00:03 +00:00
Earl Warren f47c17d532 Merge pull request '[REFACTOR] Simplify converting struct to map in admin stats' (#2442) from gusted/forgejo-admin-stats into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2442
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-23 11:32:17 +00:00
Gergely Nagy 98943fdb43
tests: Add a basic test for artifact deletion
Adds a very bare-bones test for artifact deletion. It does not exercise
the functionality itself, just the presence of the functionality.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-23 09:24:43 +01:00
FuXiaoHei 7f64e4d2a3
Expire artifacts before deleting them physically (#29241)
https://github.com/go-gitea/gitea/pull/27172#discussion_r1493735466

When cleanup artifacts, it removes storage first. If storage is not
exist (maybe delete manually), it gets error and continue loop. It makes
a dead loop if there are a lot pending but non-existing artifacts.

Now it updates db record at first to avoid keep a lot of pending status
artifacts.
2024-02-23 09:06:14 +01:00
FuXiaoHei c551d3f3ab
Artifact deletion in actions ui (#27172)
Add deletion link in runs view page.
Fix #26315

![image](https://github.com/go-gitea/gitea/assets/2142787/aa65a4ab-f434-4deb-b953-21e63c212033)

When click deletion button. It marks this artifact `need-delete`.

This artifact would be deleted when actions cleanup cron task.
2024-02-23 09:06:14 +01:00
Earl Warren c47e6ceb82 Merge pull request '[FEAT] repo search using git grep' (#1594) from snematoda/forgejo:forgejo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1594
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-22 22:21:44 +00:00
Gusted f68bc0ec6a
[REFACTOR] Simplify converting struct to map in admin stats
- Instead of relying on JSON to convert the struct to map, use
`reflect` to do this conversion. Also simplify it a bit by only passing
one variable to the template.
- This avoids issues where the conversion to JSON causes changes in
the value, for example huge numbers are converted to its scientific
notation but are consequently not converted back when being displayed.
- Adds unit tests.
- Resolves an issue where the amount of comments is being displayed in
scientific notation on Codeberg.
2024-02-22 22:25:19 +01:00
Earl Warren ec1b64637e Merge pull request 'Do not run e2e tests in parallel' (#2440) from maltejur/forgejo:e2e_parallel into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2440
2024-02-22 18:57:05 +00:00
Earl Warren c06af395af Merge pull request 'Enable e2e testing on Firefox' (#2439) from maltejur/forgejo:e2e_firefox into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2439
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-22 18:56:29 +00:00
Malte Jürgens 9018b4c9fe
Enable e2e testing on Firefox 2024-02-22 19:27:03 +01:00
Malte Jürgens e8585eff5c
Do not run e2e tests in parallel 2024-02-22 19:26:25 +01:00
0ko e5b5585ee2 Fixes & Improvements for English locale 2024-02-22 22:33:22 +05:00
Earl Warren e7a97a39a6 Merge pull request '[TESTS] verify sanitization of names to prevent XSS' (#2435) from earl-warren/forgejo:wip-xss into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2435
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-22 16:06:38 +00:00
Gusted ca798e4cc2
[SECURITY] Test XSS in dismissed review
It's possible for reviews to not be assiocated with users, when they
were migrated from another forge instance. In the migration code,
there's no sanitization check for author names, so they could contain
HTML tags and thus needs to be properely escaped.
2024-02-22 15:33:20 +01:00
Earl Warren 6f41188ac1 Merge pull request '[RELEASE] v1.21.6-0 release notes' (#2410) from earl-warren/forgejo:wip-release-notes-1.21 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2410
2024-02-22 14:08:00 +00:00
Gusted 565e331238
[SECURITY] Test XSS in wiki last commit information
On the wiki and revisions page, information is shown about the last
commit that modified that wiki page. This includes the time it was last
edited and by whom. Verify it is sanitized.
2024-02-22 15:03:15 +01:00
Earl Warren 704615fa65
[RELEASE] v1.21.6-0 release notes
Refs: https://codeberg.org/forgejo/forgejo/issues/2408
2024-02-22 14:22:32 +01:00
Earl Warren 2f5b266cca Merge pull request 'Add e2e debug server' (#2423) from maltejur/forgejo:e2e_debugserver into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2423
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-21 20:34:06 +00:00
Malte Jürgens 5c67c34ce8
Add e2e debug server
This adds the ability to run `make test-e2e-debugserver` to start a
forgejo server pupulated with the test data from `models/fixtures`. This
is particularly useful for debugging the e2e tests with a external tool,
such as the Playwright extension for VSCode [1].

[1] https://open-vsx.org/extension/ms-playwright/playwright
2024-02-21 20:47:57 +01:00
Earl Warren 3be80c9e95 Merge pull request '[THEMES] Port console colors' (#2419) from gusted/forgejo-port-css into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2419
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-21 14:39:50 +00:00
Codeberg Translate 0081e59243 [I18N] Translations update from Weblate (#2384)
Translations update from [Weblate](https://translate.codeberg.org) for [Forgejo/forgejo](https://translate.codeberg.org/projects/forgejo/forgejo/).

Current translation status:

![Weblate translation status](https://translate.codeberg.org/widget/forgejo/forgejo/horizontal-auto.svg)

Co-authored-by: earl-warren <contact@earl-warren.org>
Co-authored-by: Kaede Fujisaki <psi@7io.org>
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: Wuzzy <wuzzy@disroot.org>
Co-authored-by: meskobalazs <meskobalazs@fsf.hu>
Co-authored-by: Xinayder <me+codeberg@aoalmeida.com>
Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: Salif Mehmed <mail@salif.eu>
Co-authored-by: Dirk <dirk@0x7be.de>
Co-authored-by: fnetX <otto@codeberg.org>
Co-authored-by: Squeljur <squeljur+git@gmail.com>
Co-authored-by: noureddin <noureddin@protonmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2384
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
2024-02-21 13:36:00 +00:00
Earl Warren 9daf97b46e Merge pull request '[BUG] Initalize Git for hook regeneration' (#2416) from gusted/forgejo-init-git into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2416
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-21 13:29:02 +00:00
Earl Warren 726ce5e3f9 Merge pull request '[BUG] Load AllUnitsEnabled when necessary' (#2420) from gusted/forgejo-add-more into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2420
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-21 13:25:38 +00:00
Michael Kriese 849de07064 feat(xorm): add max idle time setting for db connections (#2418)
Add a new optional `CONN_MAX_IDLETIME`[^1]

This allows to set the `SetConnMaxIdleTime` on `database/sql`.
It's useful to allow to close more idle connections to reduce database connections, especially on postgresql.
For me i would like to use it to set a higher max idle connections but they will all be closed after being idle.
So also the last idle connection will be closed when there is no load on forgejo.
I also use it with max connection lifetime, because currently `database/sql` doesn't detect a postgresql master change[^2] and i'll get `[E] can't update runner status: pq: cannot execute UPDATE in a read-only transaction`[^3] on forgejo until the connection is closed.

[^1]: https://pkg.go.dev/database/sql#DB.SetConnMaxIdleTime
[^2]: https://stackoverflow.com/questions/51858659/how-to-safely-discard-golang-database-sql-pooled-connections-for-example-when-t
[^3]: https://matrix.to/#/!zpNKWqkiEOyljSMQDK:matrix.org/$_AJft_amsGn5hXGOYw75JoBJQnW3aKJEpb-Iw53L_TU?via=schinas.net&via=matrix.org&via=nitro.chat

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2418
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
2024-02-21 12:17:16 +00:00
Gusted 6fbfe441de
[BUG] Load AllUnitsEnabled when necessary
- In order to determine if the "Add more..." tab should be shown, the
template has to know if the repository has all units enabled, this is
done in the repository header which can be shown for quite a lot of
pages (code, issues, projects, actions etc.)
- This was previously set in the `RepoRefByType` function, which would
be called by pages such as code, issues and releases, but it was not
being called for all pages such as actions, packages and wiki. Which
would in turn incorrectly show the "Add more..." button when it
shouldn't.
- Now call it from the template itself, so the value is 'always' loaded
when necessary.
2024-02-21 12:48:26 +01:00
Gusted c6d366e283
[THEMES] Port console colors
- Port 1fd7e3d6be to the Forgejo themes,
they are a copy paste, but have a bit darker console background color to
have better contrast and match better with the overal Forgejo dark
theme's shade.
2024-02-21 12:19:15 +01:00
Gusted 815abad84c
[BUG] Initalize Git for hook regeneration
- The hook regeneration code relies on `git.SupportProcReceive` being
set to determine if the `proc-receive` hook should be written, this
variable is set when the git module is initialized.
- Resolves #2414
2024-02-20 19:39:50 +01:00
Shiny Nematoda 51fb6f3983 [FEAT] add fallback repo search using git grep 2024-02-20 13:00:34 +00:00
Earl Warren 0533022d63 Merge pull request '[gitea] cherry-pick' (#2397) from earl-warren/forgejo:wip-gitea-cherry-pick into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2397
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-19 23:03:10 +00:00
Gusted f128b6efc9 Merge pull request '[BUG] Restrict when to make link absolute in markdown' (#2403) from gusted/forgejo-custom-url into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2403
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-02-19 22:16:23 +00:00
Şahin Akkaya 8125fe0634
Deduplicate translations for contributors graph (#29256)
I have implemented three graph pages
([contributors](https://github.com/go-gitea/gitea/pull/27882), [code
frequency](https://github.com/go-gitea/gitea/pull/29191) and [recent
commits](https://github.com/go-gitea/gitea/pull/29210)) and they have
all same page title as the tab name so I decided to use same
translations for them. This PR is for contributors graph. Other PR's
have their own respective commits.

(cherry picked from commit 39a77d92d9677b0a0049cb8696960d6d2ac052d6)
2024-02-19 22:58:33 +01:00
wxiaoguang c7c20ff5ab
Remove DataRaceCheck (#29258)
Since #26254, it started using `{{ctx.Locale.Tr ...}}`

Now the `ctx` seems stable enough, so the check could be removed.

(cherry picked from commit 567a68a0bf78c8d70f08c8ab948fdbb455225aa9)
2024-02-19 22:58:33 +01:00
Johan Van de Wauw 5fffab8d9d
Fix c/p error in inline documentation (#29148)
Fix small copy/paste error in inline documentation

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 740c6a226c4df26432641018fbfd9186977d573f)
2024-02-19 22:58:33 +01:00
KN4CK3R 369fe56966
Show commit status for releases (#29149)
Fixes #29082

![grafik](https://github.com/go-gitea/gitea/assets/1666336/bb2ccde1-ee99-459d-9e74-0fb8ea79e8b3)

(cherry picked from commit 7e8ff709401d09467c3eee7c69cd9600d26a97a3)
2024-02-19 22:58:33 +01:00
Markus Amshove b1d66f50fb
Disallow merge when required checked are missing (#29143)
fixes #21892

This PR disallows merging a PR when not all commit status contexts
configured in the branch protection are met.

Previously, the PR was happy to merge when one commit status was
successful and the other contexts weren't reported.

Any feedback is welcome, first time Go :-)
I'm also not sure if the changes in the template break something else

Given the following branch protection:

![branch_protection](https://github.com/go-gitea/gitea/assets/2401875/f871b4e4-138b-435a-b496-f9ad432e3dec)

This was shown before the change:

![before](https://github.com/go-gitea/gitea/assets/2401875/60424ff0-ee09-4fa0-856e-64e6e3fb0612)

With the change, it is now shown as this:

![after](https://github.com/go-gitea/gitea/assets/2401875/4e464142-efb1-4889-8166-eb3be26c8f3d)

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit a11ccc9fcd61fb25ffb1c37b87a0df4ee9efd84e)
2024-02-19 22:58:33 +01:00
Jason Song e96e1beded
Do not use lower tag names to find releases/tags (#29261)
Fix #26090, see
https://github.com/go-gitea/gitea/issues/26090#issuecomment-1952013206

Since `TagName` stores the original tag name and `LowerTagName` stores
the lower tag name, it doesn't make sense to use lowercase tags as
`TagNames` in `FindReleasesOptions`.

5e72526da4/services/repository/push.go (L396-L397)

While the only other usage looks correct:

5e72526da4/routers/web/repo/repo.go (L416)
(cherry picked from commit 0ea8de2d0729e1e1d0ea9de1e59fbcb673e87fd2)
2024-02-19 22:58:33 +01:00
silverwind b3f2447bc4
Downscale pasted PNG images based on metadata (#29123)
Some images like MacOS screenshots contain
[pHYs](http://www.libpng.org/pub/png/book/chapter11.html#png.ch11.div.8)
data which we can use to downscale uploaded images so they render in the
same dppx ratio in which they were taken.

Before:

<img width="584" alt="image"
src="https://github.com/go-gitea/gitea/assets/115237/50979e3a-5d5a-40dc-a0a4-36eb6e28f14a">

After:

<img width="329" alt="image"
src="https://github.com/go-gitea/gitea/assets/115237/0690902a-f2fe-4c6b-97b3-6fdd67c21bad">

(cherry picked from commit 5e72526da4e915791f03af056890e16821bde052)
2024-02-19 22:58:33 +01:00
GiteaBot bb911b2d5f
[skip ci] Updated licenses and gitignores
(cherry picked from commit f04e71f9bc05d4930e1eff0b69ceb0e890528e30)
2024-02-19 22:58:33 +01:00
Şahin Akkaya 68cf08090d
De-duplicate contributor graph translations (#29247)
(cherry picked from commit 20f6a7c484d9dbf249d8e1dafa9a8c0a2e12127e)
2024-02-19 22:58:33 +01:00
Lunny Xiao ac3f389e29
Fix missed edit issues event for actions (#29237)
Fix #29213

(cherry picked from commit c2a8aacae5242adbeb7bc1d4002492ae1cae47b2)
2024-02-19 22:58:33 +01:00