Commit graph

21499 commits

Author SHA1 Message Date
Earl Warren
b55136d561 Merge pull request 'fix(release-notes-assistant): do not trigger on open' (#4665) from twenty-panda/forgejo:wip-rna-trigger into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4665
2024-07-24 16:32:43 +00:00
Twenty Panda
e9a3306f6e fix(release-notes-assistant): do not trigger on open
Forgejo sets a label and will notify this when opening the pull
request. Triggering when it opens will make two workflows for the same
SHA. Re-opening is a border case that is not needed.
2024-07-24 18:26:59 +02:00
Earl Warren
762f4b5408 Merge pull request 'fix(release-notes-assistant): ignore WIP prefixes' (#4663) from earl-warren/forgejo:wip-rna-preview into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4663
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-24 14:55:29 +00:00
Earl Warren
ba006b2eef
fix(release-notes-assistant): ignore WIP prefixes 2024-07-24 16:49:21 +02:00
yonas
9ad23f9ede Replace Gitea with Forgejo 2024-07-24 14:17:23 +00:00
Earl Warren
479a98fd18 Merge pull request 'docs(release-notes): 8.0.0 - updates' (#4657) from earl-warren/forgejo:wip-release-notes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4657
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-24 13:17:13 +00:00
Earl Warren
77c30ad85b
docs(release-notes): 8.0.0 - updates 2024-07-24 15:14:38 +02:00
Codeberg Translate
7699d85f3b [I18N] Translations update from Weblate (#4568)
Translations update from [Weblate](https://translate.codeberg.org) for [Forgejo/forgejo](https://translate.codeberg.org/projects/forgejo/forgejo/).

Current translation status:

![Weblate translation status](https://translate.codeberg.org/widget/forgejo/forgejo/horizontal-auto.svg)

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Localization
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4568)</a>: <!--number 4568 --><!--line 0 --><!--description W0kxOE5dIFRyYW5zbGF0aW9ucyB1cGRhdGUgZnJvbSBXZWJsYXRl-->[I18N] Translations update from Weblate<!--description-->
<!--end release-notes-assistant-->

Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: mahlzahn <mahlzahn@posteo.de>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: leana8959 <leana8959@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: Wuzzy <Wuzzy@users.noreply.translate.codeberg.org>
Co-authored-by: meskobalazs <meskobalazs@users.noreply.translate.codeberg.org>
Co-authored-by: Bálint Gonda <balinteus@gmail.com>
Co-authored-by: Beowulf <Beowulf@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4568
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
2024-07-24 08:41:30 +00:00
Earl Warren
a0dbc3ae70 Merge pull request 'fix(release-notes-assistant): add the Localization category' (#4655) from earl-warren/forgejo:wip-rna-preview into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4655
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-24 07:18:41 +00:00
Earl Warren
bca3f857dc Merge pull request 'Update dependency @vitejs/plugin-vue to v5.1.0 (forgejo)' (#4653) from renovate/forgejo-vitejs-plugin-vue-5.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4653
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-07-24 05:20:30 +00:00
Earl Warren
54e364b7bc
fix(release-notes-assistant): add the Localization category
The Localization category groups translations updates towards the end
of the release notes.
2024-07-24 06:22:35 +02:00
Earl Warren
1a2c611c42 Merge pull request 'feat(release-notes-assistant): if no labels, fallback to prefix' (#4651) from twenty-panda/forgejo:wip-rna into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4651
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-24 04:04:47 +00:00
Renovate Bot
1f4666c6cd Update dependency @vitejs/plugin-vue to v5.1.0 2024-07-24 00:04:06 +00:00
Twenty Panda
7db4dfa768 fix(release-notes-assistant): upgrade to convert \r\n
When a milestone or a pull request body is \r\n separated, they are
converted to newlines. Otherwise it makes it more difficult to compare
lines.
2024-07-24 00:07:53 +02:00
Twenty Panda
db64236f85 feat(release-notes-assistant): if no labels, fallback to prefix
* support feat: fix: feat!: fix! conventional commits prefixes
* add unit tests
2024-07-24 00:07:29 +02:00
Earl Warren
14d079a1eb Merge pull request '[FEAT] Enable INVALIDATE_REFRESH_TOKENS' (#4633) from gusted/sec-oauth into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4633
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-23 20:45:22 +00:00
Earl Warren
5a922ca983 Merge pull request 'Release note for #4595' (#4634) from beowulf/release-notes/4595.md into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4634
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-23 18:18:30 +00:00
Gusted
ea1a0ebbc3 Merge pull request '[SECURITY] Notify users about account security changes' (#4635) from gusted/sec-notify into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4635
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-23 17:50:59 +00:00
Beowulf
44156b6006
added release notes for pr 4595
(removed support for the APA citation format)
2024-07-23 18:47:42 +02:00
Gusted
4383da91bd
[SECURITY] Notify users about account security changes
- Currently if the password, primary mail, TOTP or security keys are
changed, no notification is made of that and makes compromising an
account a bit easier as it's essentially undetectable until the original
person tries to log in. Although other changes should be made as
well (re-authing before allowing a password change), this should go a
long way of improving the account security in Forgejo.
- Adds a mail notification for password and primary mail changes. For
the primary mail change, a mail notification is sent to the old primary
mail.
- Add a mail notification when TOTP or a security keys is removed, if no
other 2FA method is configured the mail will also contain that 2FA is
no longer needed to log into their account.
- `MakeEmailAddressPrimary` is refactored to the user service package,
as it now involves calling the mailer service.
- Unit tests added.
- Integration tests added.
2024-07-23 18:31:47 +02:00
Earl Warren
ded237ee77 Merge pull request '[gitea] week 2024-30 cherry pick (gitea/main -> forgejo)' (#4607) from algernon/wcp/2024-30 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4607
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-23 16:01:28 +00:00
banaanihillo
522e652e8d [accessibility] Add keyboard support for test actions (#4490)
- Existing gear icon keyup handler fixed:
moved the handler onto its descendant button,
to prevent it from incorrectly firing on the check-box elements
- Check-box elements: keyup elements for space and enter added,
as well as tabindex elements to make them able to gain focus

<!--
Before submitting a PR, please read the contributing guidelines:
https://codeberg.org/forgejo/forgejo/src/branch/forgejo/CONTRIBUTING.md
-->

To test the check boxes:
- Set up an action, and visit the action's job page
- Navigate onto the job container (via Tab et al.)
- Use the gear icon with Space or Enter
- Tick the check-box items with Space or Enter

To test the elements beside the chevron icons:
- Navigate onto the element via Tab et al.
- Open/close them via Space or Enter

I have not had a chance to test the latter fix (https://codeberg.org/forgejo/forgejo/issues/4476#issuecomment-2092312) myself yet; feel free to reject this one in case the latter fix does not work as it should, and I will break this up into two separate pull requests.

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- User Interface bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4490)</a>: <!--number 4490 --><!--line 0 --><!--description W2FjY2Vzc2liaWxpdHldIEFkZCBrZXlib2FyZCBzdXBwb3J0IGZvciB0ZXN0IGFjdGlvbnM=-->[accessibility] Add keyboard support for test actions<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4490
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: banaanihillo <banaanihillo@noreply.codeberg.org>
Co-committed-by: banaanihillo <banaanihillo@noreply.codeberg.org>
2024-07-23 15:37:19 +00:00
Earl Warren
dd9abfcc09 Merge pull request 'fix(release-notes-assistant): upgrade to always insert a newline' (#4646) from twenty-panda/forgejo:wip-rna into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4646
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-23 13:20:18 +00:00
Gusted
3ba64bd038 Merge pull request 'Reserve the devtest username' (#4638) from ikuyo/forgejo:reserve-devtest into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4638
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-07-23 12:59:16 +00:00
Twenty Panda
80a1461e7d fix(release-notes-assistant): upgrade to always insert a newline
* if <!-- is inserted just after a <!-- --> it will not render
  well, it needs to be separated by a newline
* do not use ? in sed -E, it is not the same as with JavaScript
2024-07-23 13:53:46 +02:00
Earl Warren
1fa7d1cbcf Merge pull request 'fix(release-notes-assistant): be more conservative when cleaning up' (#4644) from twenty-panda/forgejo:wip-rna into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4644
2024-07-23 09:42:20 +00:00
Twenty Panda
043214d751 fix(release-notes-assistant): be more conservative when cleaning up
Do not replace http*: it breaks URLs.
2024-07-23 11:37:40 +02:00
Earl Warren
6e86f4056e Merge pull request 'fix(ci): use a PAT for release-notes-assistant' (#4643) from earl-warren/forgejo:wip-rna-preview into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4643
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-23 08:20:01 +00:00
Earl Warren
9bbe00c84b
fix(ci): use a PAT for release-notes-assistant
GITHUB_TOKEN does not have permission to write the repository and is
not allowed to edit or comment on pull requests because of that. A PAT
from a regular user who does **not** have permission to write to the
repository either but who is in a the contributors team will have
permissions to do that because there is a "write pull request"
permission given to the team.
2024-07-23 10:02:00 +02:00
Earl Warren
2c2f2ffee2 Merge pull request 'update the PR description with the release notes draft' (#4612) from wip-rna-preview into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4612
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-23 07:30:59 +00:00
Twenty Panda
5c734d8885
tests: update the PR description with the release notes draft
If the 'worth a release-note' label is set, add a release note entry
to the description of the pull request as a preview.

* use the `release-notes/<pr-number>.md` file if any
* otherwise use the pull request title

Refs: https://code.forgejo.org/forgejo/release-notes-assistant
2024-07-23 09:27:43 +02:00
Earl Warren
03b95d20fa Merge pull request 'feat(ui): sort milestones by name by default instead of the due date' (#4625) from gusted/forgejo-gt-27084 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4625
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-23 06:08:24 +00:00
Ikuyo
859cc23dc2
Add missing trailing comma 2024-07-23 11:04:57 +05:00
Earl Warren
767f0ed63f Merge pull request '[CHORE] Add playwright eslint plugin' (#4631) from gusted/playwright-eslint into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4631
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-23 06:02:12 +00:00
Earl Warren
d58b9b4fe0 Merge pull request 'feat(cli): allow updates to runners' secrets' (#4619) from tseeker/forgejo:20240722-update-secret into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4619
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-07-23 04:59:51 +00:00
0ko
e03922a009 Merge pull request '[I18N] Add common section to new translation files' (#4632) from gusted/tr-fix into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4632
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-07-23 04:14:22 +00:00
Ikuyo
90c0e9dace
Add devtest in reserved usernames test 2024-07-23 08:38:55 +05:00
Ikuyo
93d0836241
Reserve devtest username 2024-07-23 08:18:20 +05:00
forgejo-renovate-action
2ad871e653 Merge pull request 'Update dependency @playwright/test to v1.45.3 (forgejo)' (#4637) from renovate/forgejo-playwright-monorepo into forgejo 2024-07-23 00:42:45 +00:00
Renovate Bot
1d5286943f Update dependency @playwright/test to v1.45.3 2024-07-23 00:03:37 +00:00
Gusted
2f98430e6f Merge pull request 'Update dependency webpack to v5.93.0 (forgejo)' (#4484) from renovate/forgejo-webpack-5.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4484
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-07-22 22:41:44 +00:00
Gusted
89b1723d35
[FEAT] Enable INVALIDATE_REFRESH_TOKENS
- It's possible to detect if refresh tokens are used more than once, if
it's used more than it's a indication of a replay attack and it should
invalidate the associated access token. This behavior is controlled by
the `INVALIDATE_REFRESH_TOKENS` setting.
- Altough in a normal scenario where TLS is being used, it should be
very hard to get to situation where replay attacks are being used, but
this is better safe than sorry.
- Enable `INVALIDATE_REFRESH_TOKENS` by default.
2024-07-22 20:45:13 +02:00
Gusted
a67e420c38
[I18N] Add common section to new translation files
- Follow up for #4576
- Weblate currently cannot parse ini files if they contain keys that
don't belong to a section.
2024-07-22 20:14:24 +02:00
Gusted
40baa96fc3
[CHORE] Add playwright eslint plugin
- Add https://github.com/playwright-community/eslint-plugin-playwright
as a linter for the playwright tests.
- `no-networkidle` and `no-conditional-in-test` are disabled as fixing
those doesn't seem to really improve testing quality for our use case.
- Some non-recommended linters are enabled to ensure consistency (the
prefer rules).
2024-07-22 20:03:32 +02:00
0ko
de24846309 Merge pull request 'Allow .webp attachments by default' (#4605) from 0ko/forgejo:webp into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4605
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-22 15:34:32 +00:00
0ko
e819c1622e i18n: restore Malayalam and Serbian files, remove ml-IN from the language selector (#4576)
* Closes https://codeberg.org/forgejo/forgejo/issues/4563
* A followup to my 2024-February investigation in the Localization room

* Restore Malayalam and Serbian locales that were deleted in 067b0c2664 and f91092453e. Bulgarian was also deleted, but we already have better Bulgarian translation.
* Remove ml-IN from the language selector. It was not usable for 1.5 years, has ~18% completion and was not maintained in those ~1.5 years. It could also have placeholder bugs due to refactors.

Restoring files gives the translators a base to work with and makes the project advertised on Weblate homepage for logged in users in the Suggestions tab. Unlike Gitea, we store our current translations directly in the repo and not on a separate platform, so it makes sense to add these files back.
Removing selector entry avoids bugs and user confusion. I will make a followup for the documentation.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4576
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-22 14:08:15 +00:00
silverwind
f37d8fc0ed
Remove unneccessary uses of word-break: break-all (#31637)
Fixes: https://github.com/go-gitea/gitea/issues/31636

1. Issue sidebar topic is disussed in
https://github.com/go-gitea/gitea/issues/31636
2. Org description already has `overflow-wrap: anywhere` to ensure no
overflow.

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 0c1127a2fb4c07576b4a2e4cffbcd2b0c8670a27)
2024-07-22 15:50:57 +02:00
Gergely Nagy
0792f81e04
Add a release note for cherry-picked features
This adds a release note file for features cherry picked during the
2024-30 weekly gitea->forgejo cherry pick.

Thanks @earl-warren for the notes themselves!

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-07-22 15:46:01 +02:00
Rowan Bohde
21fdd28f08
allow synchronizing user status from OAuth2 login providers (#31572)
This leverages the existing `sync_external_users` cron job to
synchronize the `IsActive` flag on users who use an OAuth2 provider set
to synchronize. This synchronization is done by checking for expired
access tokens, and using the stored refresh token to request a new
access token. If the response back from the OAuth2 provider is the
`invalid_grant` error code, the user is marked as inactive. However, the
user is able to reactivate their account by logging in the web browser
through their OAuth2 flow.

Also changed to support this is that a linked `ExternalLoginUser` is
always created upon a login or signup via OAuth2.

Ideally, we would also refresh permissions from the configured OAuth
provider (e.g., admin, restricted and group mappings) to match the
implementation of LDAP. However, the OAuth library used for this `goth`,
doesn't seem to support issuing a session via refresh tokens. The
interface provides a [`RefreshToken`
method](https://github.com/markbates/goth/blob/master/provider.go#L20),
but the returned `oauth.Token` doesn't implement the `goth.Session` we
would need to call `FetchUser`. Due to specific implementations, we
would need to build a compatibility function for every provider, since
they cast to concrete types (e.g.
[Azure](https://github.com/markbates/goth/blob/master/providers/azureadv2/azureadv2.go#L132))

---------

Co-authored-by: Kyle D <kdumontnu@gmail.com>
(cherry picked from commit 416c36f3034e228a27258b5a8a15eec4e5e426ba)

Conflicts:
	- tests/integration/auth_ldap_test.go
	  Trivial conflict resolved by manually applying the change.
	- routers/web/auth/oauth.go
	  Technically not a conflict, but the original PR removed the
	  modules/util import, which in our version, is still in use. Added it
	  back.
2024-07-22 15:44:13 +02:00
6543
004cc6dc0a
Add option to change mail from user display name (#31528)
Make it posible to let mails show e.g.:

`Max Musternam (via gitea.kithara.com) <gitea@kithara.com>`

Docs: https://gitea.com/gitea/docs/pulls/23

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit 0f533241829d0d48aa16a91e7dc0614fe50bc317)

Conflicts:
	- services/mailer/mail_release.go
	  services/mailer/mail_test.go

	  In both cases, applied the changes manually.
2024-07-22 15:44:13 +02:00