Commit graph

503 commits

Author SHA1 Message Date
Renovate Bot
d6ba3fa90b Update code.forgejo.org/go-chi/captcha digest to df43b92 2024-09-07 10:03:01 +00:00
Earl Warren
fb796afd61 Merge pull request 'Update code.forgejo.org/go-chi/session digest to 557e3de (forgejo)' (#5255) from renovate/forgejo-code.forgejo.org-go-chi-session-digest into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5255
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-09-07 08:21:10 +00:00
Gusted
0a86d1e843 Merge pull request 'Update module github.com/buildkite/terminal-to-html/v3 to v3.16.0 (forgejo)' (#5239) from renovate/forgejo-github.com-buildkite-terminal-to-html-v3-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5239
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-09-07 08:09:09 +00:00
Renovate Bot
779c0ae60c Update module github.com/PuerkitoBio/goquery to v1.10.0 2024-09-07 02:02:47 +00:00
Renovate Bot
901aa600d3 Update code.forgejo.org/go-chi/session digest to 557e3de 2024-09-07 00:04:00 +00:00
Renovate Bot
0911ba8646 Update module github.com/buildkite/terminal-to-html/v3 to v3.16.0 2024-09-06 02:02:54 +00:00
Renovate Bot
4a08f1a349 Update dependency go to v1.23.1 2024-09-05 16:03:03 +00:00
Renovate Bot
f41b50d014
Update module golang.org/x/image to v0.20.0 2024-09-05 08:36:54 +02:00
Renovate Bot
a7eb18783c Update module google.golang.org/grpc to v1.66.0 2024-08-31 22:18:34 +00:00
Renovate Bot
2eb8b94674 Update module github.com/buildkite/terminal-to-html/v3 to v3.15.0 2024-08-31 02:05:32 +00:00
Renovate Bot
98e96a2235 Update module github.com/felixge/fgprof to v0.9.5 2024-08-31 00:04:17 +00:00
Renovate Bot
28c3f1e254
Update module github.com/go-webauthn/webauthn to v0.11.2 2024-08-29 10:05:00 +02:00
Gusted
bf0d100b84
[CHORE] Move cache library
- This is in the spirit of #5090.
- Move to a fork of gitea.com/go-chi/cache,
code.forgejo.org/go-chi/cache. It removes unused code (a lot of
adapters, that can't be used by Forgejo) and unused dependencies (see
go.sum). Also updates existing dependencies.
8c64f1a362..main
2024-08-27 21:28:56 +02:00
Gusted
0404662e99
[CHORE] Move captcha library
- This is a fork of https://github.com/dchest/captcha, as
https://gitea.com/go-chi/captcha is a fork of
github.com/go-macaron/captcha which is a fork (although not properly
credited) of a older version of https://github.com/dchest/captcha. Hence
why I've just forked the original.
- The fork includes some QoL improvements (uses standard library for
determistic RNG instead of rolling your own crypto), and removal of
audio support (500KiB unused data that bloated the binary otherwise).
Flips the image over the x-asis.
47270f2b55..main
- This move is needed for the next commit, because
gitea.com/go-chi/captcha included the gitea.com/go-chi/cache dependency.
2024-08-27 21:28:16 +02:00
Earl Warren
e2ae389184 Merge pull request '[CHORE] Move to new sessioner library' (#5090) from gusted/forgejo-sessioner-fork into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5090
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-26 07:31:56 +00:00
Earl Warren
2514ba4e36 Merge pull request '[CHORE] Remove unused exclude' (#5118) from gusted/forgejo-tidy-gomod into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5118
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-26 07:28:52 +00:00
Renovate Bot
ec4e648e3a Update module github.com/go-enry/go-enry/v2 to v2.8.9 2024-08-26 02:05:27 +00:00
Gusted
3af7e03aeb
[CHORE] Remove unused exclude
This was introduced in https://github.com/go-gitea/gitea/pull/18311 to
exclude a vulnerable dependency. I am not sure when this happened or
with which dependency update, but this dependency is no longer being
used by another dependency and therefore these `exclude`s are no longer
needed. (Verified via `go mod graph`).
2024-08-26 03:31:07 +02:00
Gusted
fc40a5e242
[CHORE] Move to new sessioner library
- Moves to a fork of gitea.com/go-chi/session that removed support for
couchbase (and ledis, but that was never made available in Forgejo)
along with other code improvements.
f8ce677595..main
- The rationale for removing Couchbase is quite simple. Its not licensed
under FOSS
license (https://www.couchbase.com/blog/couchbase-adopts-bsl-license/)
and therefore cannot be tested by Forgejo and shouldn't be supported.
This is a similair vein to the removal of MSSQL
support (https://codeberg.org/forgejo/discussions/issues/122)
- A additional benefit is that this reduces the Forgejo binary by ~600Kb.
2024-08-25 03:47:08 +02:00
Renovate Bot
c111730d08 Update module github.com/google/go-github/v63 to v64 2024-08-24 16:05:36 +00:00
Renovate Bot
ae8a692d8b Update module code.forgejo.org/forgejo/act to v1.21.2 2024-08-24 00:04:15 +00:00
Renovate Bot
e87c9252d9 Update github.com/dsnet/compress digest to v0.0.2-0.20210315054119-f66993602bf5 2024-08-23 00:04:23 +00:00
Gusted
50a2bee7d3 Merge pull request 'Update module github.com/meilisearch/meilisearch-go to v0.28.0 (forgejo)' (#5058) from renovate/forgejo-github.com-meilisearch-meilisearch-go-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5058
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-22 20:51:33 +00:00
Earl Warren
41d13ee44b
chore(dependency): use forgejo/act instead of gitea/act
The subset of ACT used by Forgejo was the same as Gitea until
https://code.forgejo.org/forgejo/act/pulls/45. Since it is now
different, use the Forgejo soft-fork instead of the Gitea soft-fork.

Refs: https://codeberg.org/forgejo/forgejo/issues/4789
2024-08-22 16:31:00 +02:00
Renovate Bot
3dbeafa7ba Update module github.com/meilisearch/meilisearch-go to v0.28.0 2024-08-22 00:04:14 +00:00
Renovate Bot
df907ec7f9 Update golang packages 2024-08-21 09:58:16 +00:00
limiting-factor
b26a0aea19
feat: upgrade F3 to v3.7.0
* support changing label colors
* support changing issue state
* use helpers to keep type conversions DRY
* drop the x/exp license because it is no longer used

The tests are performed by the gof3 compliance suite
2024-08-18 19:39:20 +02:00
Jason Song
a627b885c7
Support compression for Actions logs (#31761)
Support compression for Actions logs to save storage space and
bandwidth. Inspired by
https://github.com/go-gitea/gitea/issues/24256#issuecomment-1521153015

The biggest challenge is that the compression format should support
[seekable](https://github.com/facebook/zstd/blob/dev/contrib/seekable_format/zstd_seekable_compression_format.md).
So when users are viewing a part of the log lines, Gitea doesn't need to
download the whole compressed file and decompress it.

That means gzip cannot help here. And I did research, there aren't too
many choices, like bgzip and xz, but I think zstd is the most popular
one. It has an implementation in Golang with
[zstd](https://github.com/klauspost/compress/tree/master/zstd) and
[zstd-seekable-format-go](https://github.com/SaveTheRbtz/zstd-seekable-format-go),
and what is better is that it has good compatibility: a seekable format
zstd file can be read by a regular zstd reader.

This PR introduces a new package `zstd` to combine and wrap the two
packages, to provide a unified and easy-to-use API.

And a new setting `LOG_COMPRESSION` is added to the config, although I
don't see any reason why not to use compression, I think's it's a good
idea to keep the default with `none` to be consistent with old versions.

`LOG_COMPRESSION` takes effect for only new log files, it adds `.zst` as
an extension to the file name, so Gitea can determine if it needs
decompression according to the file name when reading. Old files will
keep the format since it's not worth converting them, as they will be
cleared after #31735.

<img width="541" alt="image"
src="https://github.com/user-attachments/assets/e9598764-a4e0-4b68-8c2b-f769265183c9">

(cherry picked from commit 33cc5837a655ad544b936d4d040ca36d74092588)

Conflicts:
	assets/go-licenses.json
	go.mod
	go.sum
  resolved with make tidy
2024-08-13 06:51:49 +02:00
Gusted
a21128a734
[CHORE] Drop go-git support
See https://codeberg.org/forgejo/discussions/issues/164 for the
rationale and discussion of this change.

Everything related to the `go-git` dependency is dropped (Only a single
instance is left in a test file to test for an XSS, it requires crafting
an commit that Git itself refuses to craft). `_gogit` files have
been removed entirely, `go:build: !gogit` is removed, `XXX_nogogit.go` files
either have been renamed or had their code being merged into the
`XXX.go` file.
2024-08-12 19:11:09 +02:00
Renovate Bot
99d78fb9e7 Update x/tools to v0.24.0 2024-08-09 10:25:53 +00:00
Renovate Bot
64e56f0d0d Update module golang.org/x/crypto to v0.26.0 2024-08-08 00:03:21 +00:00
TheFox0x7
2e2a044493
Revert "Open telemetry integration (#3972)"
This reverts commit c738542201.
2024-08-07 11:22:43 +02:00
Renovate Bot
4b8726e599 Update module github.com/go-logr/logr to v1.4.2 2024-08-06 00:16:56 +00:00
Renovate Bot
eab599de41 Update module github.com/google/go-github/v57 to v63 2024-08-05 13:21:39 +00:00
Renovate Bot
8e3b33dd53
Update module golang.org/x/oauth2 to v0.22.0 2024-08-05 09:01:05 +02:00
Earl Warren
98457eb67d Merge pull request 'Update module golang.org/x/sys to v0.23.0 (forgejo)' (#4817) from renovate/forgejo-golang.org-x-sys-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4817
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-05 06:59:14 +00:00
TheFox0x7
c738542201 Open telemetry integration (#3972)
This PR adds opentelemetry and chi wrapper to have basic instrumentation

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3972): <!--number 3972 --><!--line 0 --><!--description YWRkIHN1cHBvcnQgZm9yIGJhc2ljIHJlcXVlc3QgdHJhY2luZyB3aXRoIG9wZW50ZWxlbWV0cnk=-->add support for basic request tracing with opentelemetry<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3972
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>
Co-committed-by: TheFox0x7 <thefox0x7@gmail.com>
2024-08-05 06:04:39 +00:00
Renovate Bot
2c95baffeb Update module golang.org/x/sys to v0.23.0 2024-08-05 02:04:33 +00:00
Renovate Bot
d0684334b3 Update module github.com/meilisearch/meilisearch-go to v0.27.2 2024-08-04 00:03:09 +00:00
Earl Warren
94f3589623
chore(ci): do not hardcode go version, use go.mod instead 2024-08-03 11:53:55 +02:00
Exploding Dragon
471265c4e0 Add signature support for the RPM module (#4780)
This pull request comes from https://github.com/go-gitea/gitea/pull/27069.

If the rpm package does not contain a matching gpg signature, the installation will fail. See ([gitea/gitea#27031](https://github.com/go-gitea/gitea/issues/27031)) , now auto-signing all new rpm uploads.

This option is turned off by default for compatibility.

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4780): <!--number 4780 --><!--line 0 --><!--description QWRkIHNpZ25hdHVyZSBzdXBwb3J0IGZvciB0aGUgUlBNIG1vZHVsZQ==-->Add signature support for the RPM module<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4780
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
Co-committed-by: Exploding Dragon <explodingfkl@gmail.com>
2024-08-02 05:56:57 +00:00
Renovate Bot
ccdd5d375b Update module github.com/meilisearch/meilisearch-go to v0.27.1 2024-07-31 00:02:33 +00:00
Renovate Bot
ac61d697b6 Update module github.com/blevesearch/bleve/v2 to v2.4.2 2024-07-27 00:02:33 +00:00
Renovate Bot
1c63c47f5f Update module xorm.io/xorm to v1.3.9 2024-07-21 16:03:40 +00:00
Earl Warren
125e4832e0 Merge pull request 'Update module github.com/go-testfixtures/testfixtures/v3 to v3.12.0 (forgejo)' (#4485) from renovate/forgejo-github.com-go-testfixtures-testfixtures-v3-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4485
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-17 14:07:10 +00:00
Earl Warren
c560595e1f
Revert "Update module github.com/redis/go-redis/v9 to v9.5.4"
This reverts commit dd6413d350.
2024-07-17 06:36:42 +02:00
Renovate Bot
6a3415abbb Update module github.com/minio/minio-go/v7 to v7.0.74 2024-07-16 02:05:23 +00:00
Renovate Bot
09c2ab9be8
Update module github.com/go-testfixtures/testfixtures/v3 to v3.12.0 2024-07-15 21:39:38 +02:00
Earl Warren
56ee58c239 Merge pull request '[CHORE] Use github.com/ProtonMail/go-crypto' (#4506) from gusted/proton-openpgp into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4506
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-15 16:49:05 +00:00
Gusted
45341ee9ce
[CHORE] Use github.com/ProtonMail/go-crypto
- We were previously using `github.com/keybase/go-crypto`, because the
package for openpgp by Go itself is deprecated and no longer
maintained. This library provided a maintained version of the openpgp
package. However, it hasn't seen any activity for the last five years,
 and I would therefore consider this also unmaintained.
- This patch switches the package to `github.com/ProtonMail/go-crypto`
which provides a maintained version of the openpgp package and was
already being used in the tests.
- Adds unit tests, I've carefully checked the callstacks to ensure the
OpenPGP-related code was covered under either a unit test or integration
tests to avoid regression, as this can easily turn into security
vulnerabilities if a regression happens here.
- Small behavior update, revocations are now checked correctly instead
of checking if they merely exist and the expiry time of a subkey is used
if one is provided (this is just cosmetic and doesn't impact security).
- One more dependency eliminated :D
2024-07-15 17:27:37 +02:00