Commit graph

20762 commits

Author SHA1 Message Date
Otto Richter 85a0f1df1c fix: Do not scan all Go files for tailwind classes
Reduces some noise in the index.css file and adds a comment why it was done in the first place.
2024-08-24 15:45:50 +02:00
Earl Warren 2117aeabca Merge pull request 'Update module code.forgejo.org/forgejo/act to v1.21.2 (forgejo)' (#5087) from renovate/forgejo-code.forgejo.org-forgejo-act-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5087
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-24 05:38:09 +00:00
Gusted dc6bd5c697 Merge pull request 'Update dependency webpack to v5.94.0 (forgejo)' (#5088) from renovate/forgejo-webpack-5.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5088
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-24 02:55:19 +00:00
Gusted 793dcfed34 Merge pull request 'Update dependency @github/relative-time-element to v4.4.3 (forgejo)' (#5086) from renovate/forgejo-github-relative-time-element-4.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5086
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-24 02:07:53 +00:00
Renovate Bot ffdfe8817c Update dependency webpack to v5.94.0 2024-08-24 02:03:09 +00:00
Renovate Bot ae8a692d8b Update module code.forgejo.org/forgejo/act to v1.21.2 2024-08-24 00:04:15 +00:00
Renovate Bot 276df16488 Update dependency @github/relative-time-element to v4.4.3 2024-08-24 00:03:36 +00:00
Gusted 904e1239a8 Merge pull request 'fix: improve the display of PR & issue short links' (#5075) from solomonv/pr-short-link-text-fixes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5075
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-23 21:30:04 +00:00
Earl Warren e5edd6ff8b Merge pull request 'chore(license): clarify the API swagger file is and stays MIT (take 2)' (#5084) from earl-warren/forgejo:wip-gpl into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5084
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-08-23 18:07:03 +00:00
Otto 66d06c2b8b Merge pull request 'feat(i18n): Heading for new branch rule, colon consistency' (#4993) from fnetx/branchprotection-fixes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4993
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-08-23 17:29:20 +00:00
Earl Warren 9fee7ea763
chore(license): clarify the API swagger file is and stays MIT (take 2)
Override the swagger default.
2024-08-23 19:17:07 +02:00
Earl Warren 53187cd5e9 Merge pull request 'chore(license): clarify the API swagger file is and stays MIT' (#5083) from earl-warren/forgejo:wip-gpl into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5083
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-08-23 16:26:06 +00:00
Earl Warren 5e923cfbdd
chore(license): clarify the API swagger file is and stays MIT
It is not an original work and enforcing copyright on that file would
probably be difficult. To clarify that the intent of the Forgejo
authors is that it is used for interoperability with no restriction,
explicitly release it under MIT and display the intent in the swagger
web page.

There is a contradiction in claiming it is under MIT while claiming
copyright is unlikely to be enforceable, but it efficiently conveys
the intention.
2024-08-23 17:40:33 +02:00
Michael Kriese 27de894a6d Merge pull request 'chore(renovate): move settings to shared go preset' (#5066) from viceice/forgejo:chore/renovate/moved-settings into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5066
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-23 09:59:06 +00:00
Michael Kriese 9c0c3260ad
chore(renovate): use shared preset 2024-08-23 11:17:36 +02:00
Earl Warren 26ab592fc7 Merge pull request 'chore(release-notes): workflow_dispatch parsing error fix' (#5081) from earl-warren/forgejo:wip-act-release-notes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5081
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-23 07:04:28 +00:00
Earl Warren d2200eea25
chore(release-notes): workflow_dispatch parsing error fix 2024-08-23 08:37:00 +02:00
Earl Warren fde934787a Merge pull request 'Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.60.3 (forgejo)' (#5079) from renovate/forgejo-github.com-golangci-golangci-lint-cmd-golangci-lint-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5079
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-23 05:39:55 +00:00
Renovate Bot cbee178245 Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.60.3 2024-08-23 02:05:38 +00:00
Gusted 9ee358aa47 Merge pull request 'Update github.com/dsnet/compress digest to v0.0.2-0.20210315054119-f66993602bf5 (forgejo)' (#5077) from renovate/forgejo-github.com-dsnet-compress-digest into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5077
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-23 00:52:56 +00:00
Renovate Bot e87c9252d9 Update github.com/dsnet/compress digest to v0.0.2-0.20210315054119-f66993602bf5 2024-08-23 00:04:23 +00:00
Solomon Victorino 22f012a859 fix: improve PR/issue short link display text
- include subpaths
- don't append "(comment)" for unrelated hash/query strings
2024-08-22 15:49:05 -06:00
Otto 0c02a61319 Merge pull request '[CHORE] Proper chunking for swagger' (#5056) from gusted/forgejo-chunking into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5056
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-08-22 21:13:19 +00:00
Gusted 50a2bee7d3 Merge pull request 'Update module github.com/meilisearch/meilisearch-go to v0.28.0 (forgejo)' (#5058) from renovate/forgejo-github.com-meilisearch-meilisearch-go-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5058
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-22 20:51:33 +00:00
Otto 2f272d961b Merge pull request 'Remove rule breaking headers in inline file preview' (#5072) from 0ko/forgejo:ui-reivew-inline-fix into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5072
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-22 20:12:08 +00:00
Otto Richter 00276dfc30 feat(i18n): Branch protection improvements
- adds a header to indicate creating a new rule
  - test that header is different between new and edit form
- consistently avoids colons in the form
- excludes some accessibility checks that require a global solution for
  forms
2024-08-22 22:05:12 +02:00
Shiny Nematoda d48b936126 fix: breaking changes with meili (#5073)
resolves breaking changes introduced in #5058

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5073
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2024-08-22 19:38:00 +00:00
0ko b95519355c ui: pr diff: remove rule breaking headers 2024-08-22 22:25:02 +05:00
Earl Warren 3bbd129270 Merge pull request 'Reintroduce tests of updated pull request icons' (#4598) from bramh/forgejo:update-pr-icons into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4598
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-22 16:54:28 +00:00
Earl Warren ea07560161 Merge pull request 'chore(dependency): use forgejo/act instead of gitea/act' (#5065) from earl-warren/forgejo:wip-act-dispatch into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5065
Reviewed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-22 15:49:22 +00:00
Bram Hagens 7f62acb4d9 ui: fix go to citation button url (#4597)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4597
Reviewed-by: Ghost <twenty-panda@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Bram Hagens <bram@bramh.me>
Co-committed-by: Bram Hagens <bram@bramh.me>
2024-08-22 15:36:12 +00:00
Bram Hagens d39c8fec8c
ui: update pull request icons
Added a new icon for closed PRs (similar to GitHub, GitLab, etc),
Fixes https://codeberg.org/forgejo/forgejo/issues/4454.

Before:
- https://codeberg.org/attachments/b17c5846-506f-4b32-97c9-03f31c5ff758
- https://codeberg.org/attachments/babcd011-d340-4a9e-94db-ea17ef6d3c2b
- https://codeberg.org/attachments/dbca009a-413e-48ab-84b1-55ad7f4fcd3d

After:
- https://codeberg.org/attachments/3e161f7b-4172-4a8c-a8eb-54bcf81c0cae
- https://codeberg.org/attachments/0c308f7e-25a0-49a3-9c86-1b1f9ab39467
- https://codeberg.org/attachments/b982b6b8-c78a-4332-8269-50d01de834e0

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4455
Reviewed-by: Caesar Schinas <caesar@caesarschinas.com>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Bram Hagens <bram@bramh.me>
Co-committed-by: Bram Hagens <bram@bramh.me>
2024-08-22 17:06:10 +02:00
Philip Peterson 03508b33a8
[FEAT] Allow pushmirror to use publickey authentication
- Continuation of https://github.com/go-gitea/gitea/pull/18835 (by
@Gusted, so it's fine to change copyright holder to Forgejo).
- Add the option to use SSH for push mirrors, this would allow for the
deploy keys feature to be used and not require tokens to be used which
cannot be limited to a specific repository. The private key is stored
encrypted (via the `keying` module) on the database and NEVER given to
the user, to avoid accidental exposure and misuse.
- CAVEAT: This does require the `ssh` binary to be present, which may
not be available in containerized environments, this could be solved by
adding a SSH client into forgejo itself and use the forgejo binary as
SSH command, but should be done in another PR.
- CAVEAT: Mirroring of LFS content is not supported, this would require
the previous stated problem to be solved due to LFS authentication (an
attempt was made at forgejo/forgejo#2544).
- Integration test added.
- Resolves #4416
2024-08-22 17:05:07 +02:00
Earl Warren 41d13ee44b
chore(dependency): use forgejo/act instead of gitea/act
The subset of ACT used by Forgejo was the same as Gitea until
https://code.forgejo.org/forgejo/act/pulls/45. Since it is now
different, use the Forgejo soft-fork instead of the Gitea soft-fork.

Refs: https://codeberg.org/forgejo/forgejo/issues/4789
2024-08-22 16:31:00 +02:00
Gusted 9eb22ddc19
[CHORE] Proper chunking for swagger
- Tell webpack to chunk the swagger-ui dependency, so it can be re-used for the
forgejo-swagger.js and swagger.js files (these two files are two
seperate javascript files in the output).
- This saves off 400KB when Forgejo is built with the `bindata` build
tag.
2024-08-22 15:48:05 +02:00
Earl Warren b670f111ff Merge pull request 'cron task to cleanup dangling container images with version sha256:*' (#4698) from earl-warren/forgejo:wip-container-cleanup into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4698
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-22 08:09:19 +00:00
Earl Warren 801ae21200 Merge pull request 'Forgejo v9.0 is GPLv3+' (#4737) from earl-warren/forgejo:wip-pr-4684 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4737
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-22 08:07:58 +00:00
Earl Warren f19f31ac73
cron task to cleanup dangling container images with version sha256:*
Fixes: https://codeberg.org/forgejo/forgejo/issues/4378
2024-08-22 09:10:15 +02:00
Twenty Panda 94631ccef6
Forgejo v9.0 is GPLv3+
* display Forgejo license first
* do not send go-license in a loop because Gitea & Forgejo have
  different licenses

Refs: 62ac0cc334/AGREEMENTS.md
2024-08-22 09:09:29 +02:00
Codeberg Translate d30be160c9 i18n: update of translations from Codeberg Translate (#4984)
Translations update from [Codeberg Translate](https://translate.codeberg.org) for [Forgejo/forgejo](https://translate.codeberg.org/projects/forgejo/forgejo/).

Current translation status:

![Weblate translation status](https://translate.codeberg.org/widget/forgejo/forgejo/horizontal-auto.svg)

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Localization
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4984): <!--number 4984 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
<!--end release-notes-assistant-->

Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: qui <qui@users.noreply.translate.codeberg.org>
Co-authored-by: hahahahacker2009 <hahahahacker2009@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: Outbreak2096 <Outbreak2096@users.noreply.translate.codeberg.org>
Co-authored-by: Wuzzy <Wuzzy@users.noreply.translate.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: fnetX <otto@codeberg.org>
Co-authored-by: Panagiotis \"Ivory\" Vasilopoulos <git@n0toose.net>
Co-authored-by: emansije <emansije@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4984
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
2024-08-22 06:23:28 +00:00
Renovate Bot 3dbeafa7ba Update module github.com/meilisearch/meilisearch-go to v0.28.0 2024-08-22 00:04:14 +00:00
Solomon Victorino a4814bca2d fix(ui): prevent exceptions on other users' repo migration pages
- don't expect the retry button to always be attached
- don't parse status response as JSON when it was a login redirect
- add E2E test
2024-08-21 19:57:08 +00:00
Gusted e3243a9465 Merge pull request 'feat(ui): Add rel="nofollow" to in-list labels' (#5002) from xlii/forgejo:forgejo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5002
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-21 19:54:59 +00:00
Gusted 0c2ec195e4 Merge pull request 'Update dependency eslint-plugin-no-jquery to v3 (forgejo)' (#5054) from renovate/forgejo-eslint-plugin-no-jquery-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5054
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-21 19:45:56 +00:00
Renovate Bot f0da48dd4d Update dependency eslint-plugin-no-jquery to v3 2024-08-21 16:18:41 +00:00
Gusted 61e018f8b4 Merge pull request '[SEC] Add keying module' (#5041) from gusted/sec-keying into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5041
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-21 15:19:44 +00:00
Gusted a054201e20 Merge pull request 'Fix naming consistency and remove unused strings in teams' (#5052) from 0ko/forgejo:i18n-admin into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5052
Reviewed-by: Otto <otto@codeberg.org>
2024-08-21 14:57:11 +00:00
Gusted f0fa959c4e Merge pull request 'fix: release: Forgejo version is not set' (#5042) from earl-warren/forgejo:wip-dockerfile into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5042
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-21 14:25:54 +00:00
Gusted eea9ba5bfb Merge pull request 'Update golang packages (forgejo) (minor)' (#5048) from renovate/forgejo-minor-1.23-golang-packages into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5048
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-21 14:17:43 +00:00
Gusted 12f97ef51f
[SEC] Add keying module
The keying modules tries to solve two problems, the lack of key
separation and the lack of AEAD being used for encryption. The currently
used `secrets` doesn't provide this and is hard to adjust to provide
this functionality.

For encryption, the additional data is now a parameter that can be used,
as the underlying primitive is an AEAD constructions. This allows for
context binding to happen and can be seen as defense-in-depth; it
ensures that if a value X is encrypted for context Y (e.g. ID=3,
Column="private_key") it will only decrypt if that context Y is also
given in the Decrypt function. This makes confused deputy attack harder
to exploit.[^1]

For key separation, HKDF is used to derives subkeys from some IKM, which
is the value of the `[service].SECRET_KEY` config setting. The context
for subkeys are hardcoded, any variable should be shuffled into the the
additional data parameter when encrypting.

[^1]: This is still possible, because the used AEAD construction is not
key-comitting. For Forgejo's current use-case this risk is negligible,
because the subkeys aren't known to a malicious user (which is required
for such attack), unless they also have access to the IKM (at which
point you can assume the whole system is compromised). See
https://scottarc.blog/2022/10/17/lucid-multi-key-deputies-require-commitment/
2024-08-21 16:06:17 +02:00