Commit graph

20609 commits

Author SHA1 Message Date
Earl Warren f250f89491
chore(ci): do not remove tags from forgejo-integration
If the tag of a stable release is removed from integration, it won't
be properly described when building the test release. It will be:

8.0.0-dev-1648-7b31a541c0+gitea-1.22.0

instead of:

8.0.1-5-7b31a541c0+gitea-1.22.0
2024-08-11 07:22:21 +02:00
Radosław Piliszek 7dd7cc7ebc git-grep: update comment
It was outdated and missing detail.
2024-08-10 16:41:12 +02:00
Earl Warren a83f5cd0f0 Merge pull request 'chore(ci): remove old releases from forgejo-integration' (#4920) from earl-warren/forgejo:wip-integration-cleanup into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4920
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-10 13:18:08 +00:00
Earl Warren 6e94be527a
chore(ci): remove old releases from forgejo-integration
The releases are created when:

* a tag is pushed to the integration repository it will create a
  vX.Y.Z release
* a new commit is pushed to a branch and mirrored to the integration
  repository, it will create a vX.Y-test release named after the branch

When both vX.Y.Z and vX.Y-test release are present, the end-to-end
tests will use vX.Y.Z because it comes first in release sort
order. This ensures that a last round of end-to-end tests is run from
the release built in the integration repository, exactly as it will be
published and signed.

In between stable releases, the vX.Y-test releases are built daily and
must be used instead for end-to-end testing so that problems can be
detected as soon as possible. For that to happen, the stable release
must be removed from the integration repository and this is done 24h
after they were published.

The vX.Y-test releases are removed if they have not been updated in 18
months. As of August 2024 it is possible for a LTS to still be needed
in tests over a year after it was last updated, although it is
unlikely that such a lack of activity happens, there is no reason to
remove the test release before that.
2024-08-10 15:16:00 +02:00
Gusted 6102f48c7d Merge pull request '[CHORE] Fix swagger deprecation message' (#4916) from gusted/swagger-deprecated into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4916
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-10 12:50:40 +00:00
Earl Warren 3b82a634c5 Merge pull request 'feat(i18n): make the test string more fun :D' (#4904) from n0toose/i18n-fun-test-string into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4904
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-10 06:03:51 +00:00
Earl Warren f8728ad881 Merge pull request '[BUG] Return blocking errors as JSON errors' (#4914) from gusted/forgejo-block-json into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4914
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-10 05:52:27 +00:00
Earl Warren 40e51e4ca7 Merge pull request 'fix(ui): allow unreacting from comment popover' (#4798) from solomonv/forgejo:issue-reaction-fixes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4798
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-10 05:45:55 +00:00
Gusted 851d567776
[CHORE] Fix swagger deprecation message
- Fix "WARNING: item list for enum is not a valid JSON array, using the
old deprecated format" messages from
https://github.com/go-swagger/go-swagger in the CI.
2024-08-10 01:21:13 +02:00
Gusted 784173f7e9 Merge pull request 'Update dependency @stylistic/eslint-plugin-js to v2 (forgejo)' (#4910) from renovate/forgejo-major-eslint-stylistic-monorepo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4910
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-09 23:17:38 +00:00
Renovate Bot ca00643416 Update dependency @stylistic/eslint-plugin-js to v2 2024-08-09 22:03:02 +00:00
Gusted 6ba4fb5cf6 Merge pull request 'Update vitest monorepo to v2 (forgejo) (major)' (#4913) from renovate/forgejo-major-vitest-monorepo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4913
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-09 20:38:56 +00:00
Gusted 9cc2fdffde Merge pull request 'Update dependency minimatch to v10 (forgejo)' (#4912) from renovate/forgejo-minimatch-10.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4912
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-09 20:20:27 +00:00
Gusted 967153ba45 Merge pull request 'Update dependency @stylistic/stylelint-plugin to v3 (forgejo)' (#4911) from renovate/forgejo-stylistic-stylelint-plugin-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4911
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-09 20:19:46 +00:00
Gusted 437b84a5f9 Merge pull request 'Update module github.com/editorconfig-checker/editorconfig-checker/v2/cmd/editorconfig-checker to v3 (forgejo)' (#4909) from renovate/forgejo-github.com-editorconfig-checker-editorconfig-checker-v2-cmd-editorconfig-checker-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4909
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-09 20:19:32 +00:00
Panagiotis "Ivory" Vasilopoulos 57a2b99b3c feat(i18n): make the test string more fun :D 2024-08-09 21:51:07 +02:00
Renovate Bot 8039240c26
Update module github.com/editorconfig-checker/editorconfig-checker/v2/cmd/editorconfig-checker to v3 2024-08-09 21:03:37 +02:00
Gusted d97cf0e854
[BUG] Return blocking errors as JSON errors
- These endspoints are since b71cb7acdc
JSON-based and should therefore return JSON errors.
- Integration tests adjusted.
2024-08-09 20:34:38 +02:00
Renovate Bot f70d50a8dc Update vitest monorepo to v2 2024-08-09 18:13:31 +00:00
Renovate Bot ade201095a Update dependency minimatch to v10 2024-08-09 18:13:13 +00:00
Renovate Bot c541431773 Update dependency @stylistic/stylelint-plugin to v3 2024-08-09 18:12:59 +00:00
Gusted 0f7a98d34d Merge pull request '[CHORE] Fix darwin compatibility' (#4906) from gusted/forgejo-os-compile into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4906
Reviewed-by: Caesar Schinas <caesar@caesarschinas.com>
2024-08-09 17:33:47 +00:00
Solomon Victorino b8a5ca2c40 fix(ui): allow unreacting from comment popover
- fix selectors for hasReacted
- don't send empty HTML on reaction errors
- add E2E test
2024-08-09 10:17:04 -06:00
forgejo-renovate-action 91115b39a9 Merge pull request 'Update x/tools to v0.24.0 (forgejo)' (#4895) from renovate/forgejo-xtools into forgejo 2024-08-09 15:53:49 +00:00
Gusted ac8856ac2b
[CHORE] Fix darwin compatibility
- Always convert (syscall.Stat_t).Dev to uint64.
- Resolves #4905
2024-08-09 17:44:41 +02:00
Gusted d5ba61a104 Merge pull request '[UI] Fix inconsitencies in link/login account page' (#4902) from gusted/forgejo-ui-linking into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4902
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Caesar Schinas <caesar@caesarschinas.com>
2024-08-09 15:03:29 +00:00
Earl Warren a486c684f9
Update x/tools to v0.24.0 (licenses updates) 2024-08-09 16:35:50 +02:00
Marcell Mars d6647f710f tests additional grant scopes
- parsing scopes in `grantAdditionalScopes`
- read basic user info if `read:user`
- fail reading repository info if only `read:user`
- read repository info if `read:repository`
- if `setting.OAuth2.EnabledAdditionalGrantScopes` not provided it reads
  all groups (public+private)
- if `setting.OAuth2.EnabledAdditionalGrantScopes` provided it reads
  only public groups
- if `setting.OAuth2.EnabledAdditionalGrantScopes` and `read:organization`
 provided it reads all groups
2024-08-09 14:58:15 +02:00
Marcell Mars 8524589d8c show OAuth2 requested scopes in authorization UI
- by displaying the scopes requested for authorization in the OAuth2 app,
  users can make more informed decisions when granting access
2024-08-09 14:58:15 +02:00
Marcell Mars 7dbad27156 id_token & userinfo endpoint's public groups check
- if `groups` scope provided it checks if all, r:org or r:admin are
provided to pass all the groups. otherwise only public memberships
- in InfoOAuth it captures scopes from the token if provided in the
header. the extraction from the header is maybe a candidate for the
separate function so no duplicated code
2024-08-09 14:58:15 +02:00
Marcell Mars 4eb8d8c496 OAuth2 provider: support for granular scopes
- `CheckOAuthAccessToken` returns both user ID and additional scopes
- `grantAdditionalScopes` returns AccessTokenScope ready string (grantScopes)
   compiled from requested additional scopes by the client
- `userIDFromToken` sets returned grantScopes (if any) instead of default `all`
2024-08-09 14:58:15 +02:00
Renovate Bot 99d78fb9e7 Update x/tools to v0.24.0 2024-08-09 10:25:53 +00:00
forgejo-renovate-action 3301e7dc75 Merge pull request 'Update dependency vue to v3.4.37 (forgejo)' (#4893) from renovate/forgejo-patch-vue-monorepo into forgejo 2024-08-09 09:22:36 +00:00
Gusted 75b3645bc3
[UI] Fix inconsitencies in link/login account page
- Add the 'correct' styling for column on the link account page, this
follows what was done for the login/register page in 629ca22a97.
- Move some if conditions to be outside of the container which allocates
space on the page, this ensures it's not being shown if it's not needed.
- Resolves #4844
2024-08-09 10:52:17 +02:00
Renovate Bot 000f3562c2 Update dependency vue to v3.4.37 2024-08-09 08:07:03 +00:00
Ivan Shapovalov 012a1e0497 log: journald integration (#2869)
Provide a bit more journald integration. Specifically:

- support emission of printk-style log level prefixes, documented in [`sd-daemon`(3)](https://man7.org/linux/man-pages/man3/sd-daemon.3.html#DESCRIPTION), that allow journald to automatically annotate stderr log lines with their level;
- add a new "journaldflags" item that is supposed to be used in place of "stdflags" when under journald to reduce log clutter (i. e. strip date/time info to avoid duplication, and use log level prefixes instead of textual log levels);
- detect whether stderr and/or stdout are attached to journald by parsing `$JOURNAL_STREAM` environment variable and adjust console logger defaults accordingly.

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/2869): <!--number 2869 --><!--line 0 --><!--description bG9nOiBqb3VybmFsZCBpbnRlZ3JhdGlvbg==-->log: journald integration<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2869
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Ivan Shapovalov <intelfx@intelfx.name>
Co-committed-by: Ivan Shapovalov <intelfx@intelfx.name>
2024-08-09 07:49:13 +00:00
Earl Warren a72763f5a3 Merge pull request 'docs: add links to the v7.0.7 & v8.0.1 release notes' (#4899) from earl-warren/forgejo:wip-release-notes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4899
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-09 07:34:40 +00:00
Earl Warren ae85e285db Merge pull request 'disallow javascript: URI in the repository description' (#4896) from earl-warren/forgejo:wip-xss-repo-description into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4896
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-09 05:56:49 +00:00
Earl Warren b87b38d3b9
docs: add links to the v7.0.7 & v8.0.1 release notes
They are now published in the milestone in part manually edited and in
part generated by the release notes assistant. Maintaining a single
file with all the release notes is prone to conflicts and requires
manual copy/pasting that is of little value.

It may make sense to transition to a release notes directory in which
the release notes assistant could create one file per release, with a
copy of the release notes edited in the milestone. This could be more
conveniently backported and would not require human intervention.
2024-08-09 07:26:50 +02:00
Gusted bb448f3dc2
disallow javascript: URI in the repository description
- Fixes an XSS that was introduced in
https://codeberg.org/forgejo/forgejo/pulls/1433
- This XSS allows for `href`s in anchor elements to be set to a
`javascript:` uri in the repository description, which would upon
clicking (and not upon loading) the anchor element execute the specified
javascript in that uri.
- [`AllowStandardURLs`](https://pkg.go.dev/github.com/microcosm-cc/bluemonday#Policy.AllowStandardURLs) is now called for the repository description
policy, which ensures that URIs in anchor elements are `mailto:`,
`http://` or `https://` and thereby disallowing the `javascript:` URI.
It also now allows non-relative links and sets `rel="nofollow"` on
anchor elements.
- Unit test added.
2024-08-09 07:04:01 +02:00
Earl Warren d7cb2ab3b2 Merge pull request 'feat(performance): remove BranchName in /:owner/:repo/commit/:commit' (#4891) from emilylange/feat-performance-remove-branchname into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4891
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-08 21:24:51 +00:00
emilylange c1f85ce27b
feat(performance): remove BranchName in /:owner/:repo/commit/:commit
`BranchName` provides the nearest branch of the requested `:commit`.

It's plenty fast on smaller repositories.
On larger repositories like nixpkgs, however, this can easily take 2-3
seconds on a modern machine on a NVMe.

For context, at the time of writing, nixpkgs has over 650k commits and
roughly 250 branches.

`BranchName` is used once in the whole view:
The cherry-pick target branch default selection.

And I believe that's a logic error, which is why this patch is so small.

The nearest branch of a given commit will always be a branch the commit
is already part of. The branch you most likely *don't* want to
cherry-pick to.

Sure, one can technically cherry-pick a commit onto the same branch, but
that simply results in an empty commit.

I don't believe this is intended and even less so worth the compute.

Instead, the cherry-pick branch selection suggestion now always uses
the default branch, which used to be the fallback.

If a user wants to know which branches contain the given commit,
`load-branches-and-tags` exists and should be used instead.

Also, to add insult to injury, `BranchName` was calculated for both
logged-in and not logged-in users, despite its only consumer, the
cherry-pick operation, only being rendered when a given user has
write/commit permissions.

But this isn't particularly surprising, given this happens a lot in
Forgejo's codebase.
2024-08-08 22:29:42 +02:00
Earl Warren 7ac390bcb4 Merge pull request 'chore(ci): optimize end-to-end runs [skip ci]' (#4888) from wip-ci-end-to-end into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4888
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-08 20:24:10 +00:00
Yaroslav Halchenko 5ae2dbcb14 Adjust codespell config + make it fix few typos which sneaked in since addition of codespell support (#4857)
Now that my colleague just posted a wonderful blog post https://blog.datalad.org/posts/forgejo-runner-podman-deployment/ on forgejo runner, some time I will try to add that damn codespell action to work on CI here ;)  meanwhile some typos managed to sneak in and this PR should address them (one change might be functional in a test -- not sure if would cause a fail or not)

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4857
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Yaroslav Halchenko <debian@onerussian.com>
Co-committed-by: Yaroslav Halchenko <debian@onerussian.com>
2024-08-08 16:07:35 +00:00
Earl Warren 1f8e6b6e31
chore(ci): optimize end-to-end runs
* specify the version targeted by the pull request. The end-to-end
  tests previously compiled all known branches which was a waste. The
  pull request now must specify which version it is targeting so that
  only this version is recompiled and used for testing.
* when building the daily releases, use the release from the
  integration organization to ensure the tests are run against the
  latest build. Clarify in a comment why the lookup order of
  organizations is reversed in this particular case.

Refs: https://code.forgejo.org/forgejo/end-to-end/pulls/239
2024-08-08 17:53:12 +02:00
0ko 06d25815d3 Merge pull request 'chore(renovate): add labels and reviewer to renovate updates' (#4883) from viceice/chore/renovate into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4883
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-08 11:34:59 +00:00
Michael Kriese 62b6e48a9e
chore(renovate): add labels and reviewer to renovate updates 2024-08-08 11:42:32 +02:00
forgejo-renovate-action 8b79c5d7b6 Merge pull request 'Update renovate to v38.21.3 (forgejo)' (#4880) from renovate/forgejo-renovate into forgejo 2024-08-08 09:31:37 +00:00
Renovate Bot 52666d4a8a Update renovate to v38.21.3 2024-08-08 08:05:32 +00:00
Earl Warren 7cfa3305bf Merge pull request 'Update dependency tailwindcss to v3.4.8 (forgejo)' (#4873) from renovate/forgejo-tailwindcss-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4873
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-08 07:29:03 +00:00