Commit graph

18724 commits

Author SHA1 Message Date
Gergely Nagy
aacc13fca8 hooks: Harden when we accept push options that change repo settings
It is possible to change some repo settings (its visibility, and
template status) via `git push` options: `-o repo.private=true`, `-o
repo.template=true`.

Previously, there weren't sufficient permission checks on these, and
anyone who could `git push` to a repository - including via an AGit
workflow! - was able to change either of these settings. To guard
against this, the pre-receive hook will now check if either of these
options are present, and if so, will perform additional permission
checks to ensure that these can only be set by a repository owner or
an administrator. Additionally, changing these settings is disabled for
forks, even for the fork's owner.

There's still a case where the owner of a repository can change the
visibility of it, and it will not propagate to forks (it propagates to
forks when changing the visibility via the API), but that's an
inconsistency, not a security issue.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Signed-off-by: Earl Warren <contact@earl-warren.org>
(cherry picked from commit 8eba631f8d)
2024-04-20 05:58:39 +00:00
Earl Warren
67232bd44e Merge pull request '[backport] gitea#30406: Check the token's owner and repository when registering a runner' (#3262) from algernon/forgejo:backport/3257-to-7.0 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3262
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-04-19 15:41:18 +00:00
Earl Warren
129e91956e Merge pull request '[v7.0/forgejo] services: Use proper Message-IDs for release mails' (#3326) from bp-v7.0/forgejo-b0c0167 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3326
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-04-19 15:40:20 +00:00
Earl Warren
bc1f64e3bf Merge pull request '[v7.0/forgejo] [TEST] cancel all processes on PrepareTestEnv' (#3130) from bp-v7.0/forgejo-8ffaa08-aba99ab into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3130
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
2024-04-19 15:39:36 +00:00
Earl Warren
2f54b76c5c
fix(tests): 30s to cancel processes to avoid false negatives
on slower machines it can take more than 1 second to cancel leftover
tasks

(cherry picked from commit 6316e21be2)
2024-04-19 17:04:53 +02:00
0ko
59cfbf2070 Merge pull request '[v7.0/forgejo] Remove EasyMDE from various areas' (#3331) from bp-v7.0/forgejo-089e370-703aee4-f5c7cca into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3331
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-04-19 14:25:39 +00:00
0ko
ae128c617b Add integration test for EasyMDE button
(cherry picked from commit 089e37026f)
2024-04-19 13:49:21 +00:00
0ko
99effab1eb Remove EasyMDE from various areas
Ref https://codeberg.org/forgejo/forgejo/issues/2831

Removed from:
- form for creating comment
- form for updating comment
- popup reviewing form
- line reviewing form
- I did not check the use of textarea.tmpl but I belive its used for issue templates, so also removed
- I did not check the use of box.tmpl, could not get any comments on compare

EasyMDE is left for these pages:
- release notes editor
- wiki editor

(cherry picked from commit 703aee4cad)
2024-04-19 13:49:20 +00:00
0ko
4b0e8f227d Make display of EasyMDE in UI optional to template
This commit adds EasyMDE field to combomarkdowneditor, as well as to all its calls.

(cherry picked from commit f5c7ccaeff)
2024-04-19 13:49:20 +00:00
Earl Warren
7784a6c331 Merge pull request '[v7.0/forgejo] Fix release published actions not triggering for releases created from existing tags' (#3273) from bp-v7.0/forgejo-8506dbe-46977b0 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3273
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-04-19 12:51:01 +00:00
Gergely Nagy
405162178b services: Use proper Message-IDs for release mails
When sending notification emails about a release, use a properly
formatted, RFC-compliant message id, rather than the release's HTML URL
wrapped in angle brackets (which would not be compliant).

Fixes #3105.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit b0c0167c54)
2024-04-19 08:42:18 +00:00
Earl Warren
4db1b2fb96 Merge pull request '[v7.0/forgejo] fix(release): add missing ARG RELEASE_VERSION' (#3292) from bp-v7.0/forgejo-97189d4 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3292
2024-04-17 16:48:51 +00:00
Earl Warren
c8017a2853 fix(release): add missing ARG RELEASE_VERSION
The ARG RELEASE_VERSION set in the build-env image does not propagate
to the images that follow. As a result the value of the version label
is always empty.

This should have been caught by the test in the CI but although it
notified the problem in the output, it did not fail. Upgrade to the
forgejo-build-publish version that fixes this false positive.

(cherry picked from commit 97189d41f3)
2024-04-17 16:06:43 +00:00
Earl Warren
d81a814fe5 Merge pull request '[v7.0/forgejo] Allow admins to fork repos even when creation limits are exhausted' (#3282) from bp-v7.0/forgejo-ea4071c into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3282
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-17 10:17:50 +00:00
Earl Warren
8956825bac Merge pull request '[v7.0/forgejo] feat(release): add OCI labels to container images' (#3281) from bp-v7.0/forgejo-028d19c into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3281
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-17 06:33:31 +00:00
Gergely Nagy
261fc87673 Allow admins to fork repos even when creation limits are exhausted (#3277)
This is a continuation of #2728, with a test case added.

Fixes #2633.

I kept @zareck 's commit as is, because I believe it is correct. We can't move the check to `owner.CanForkRepo()`, because `owner` is the future owner of the forked repo, and may be an organization. We need to check the admin permission of the `doer`, like in the case of repository creation.

I verified that the test fails without the `ForkRepository` change, and passes with it.

Co-authored-by: Cassio Zareck <cassiomilczareck@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3277
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Co-committed-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit ea4071ca9f)
2024-04-17 06:06:48 +00:00
Earl Warren
989d35d748 feat(release): add OCI labels to container images
(cherry picked from commit 028d19c0fe)
2024-04-17 05:48:38 +00:00
Laura Hausmann
145cac0865 Add tests for webhook release events
Co-authored-by: oliverpool <git@olivier.pfad.fr>
(cherry picked from commit 8506dbe2e5)
2024-04-16 18:28:54 +00:00
Laura Hausmann
ee500dacd0 Fix release published actions not triggering for releases created from existing tags
(cherry picked from commit 46977b0f01)
2024-04-16 18:28:53 +00:00
0ko
515d71bffa Merge pull request '[v7.0/forgejo] [BUG] Escape editor.add_tmpl translation' (#3272) from bp-v7.0/forgejo-a0f47b8 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3272
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-04-16 18:04:47 +00:00
Gusted
0f72cd8508 [BUG] Escape editor.add_tmpl translation
- Previously translations were escaped, but now translations are
accepted as-is and will be rendered as HTML. Use `TrString` to escape
the translation value.
- Adds integration test.
- Regression of 65248945c9.
- Resolves #3260

(cherry picked from commit a0f47b8de7)
2024-04-16 16:23:25 +00:00
Earl Warren
430083ba46 Merge pull request '[v7.0/forgejo] [BUG] Fix styling of close button' (#3271) from bp-v7.0/forgejo-7fcb9c3 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3271
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-16 16:18:56 +00:00
Gusted
a1bba9c547 [BUG] Fix styling of close button
- This is a partial revert of c2280a2009,
it was already fixed upstream, but not for the `.basic` variant.
- Resolves #3252

(cherry picked from commit 7fcb9c3636)
2024-04-16 15:20:43 +00:00
Zettat123
1173663f17
Check the token's owner and repository when registering a runner (#30406)
Fix #30378

(cherry picked from commit 0fe9f93eb4c94d55e43b18b9c3cc6d513a34c0b5)

Conflicts:
	- models/organization/org.go
	- services/repository/delete.go
	- services/user/delete.go
	In all three cases, conflicts were resolved by manually adding
        the lines added by the Gitea patch, keeping the Forgejo code
        surrounding them.
2024-04-16 11:43:08 +02:00
Earl Warren
335abbbc9d Merge pull request '[v1.22/gitea] week 16 cherry pick to v7.0' (#3235) from earl-warren/forgejo:wip-v7.0-gitea-cherry-pick into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3235
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-04-16 09:31:46 +00:00
Earl Warren
3fb1036156 Merge pull request '[v7.0/forgejo] [BUG] Use correct empty commit ID' (#3255) from bp-v7.0/forgejo-eeaef55 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3255
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-16 08:42:47 +00:00
Earl Warren
9f192dc2e5 Merge pull request '[v7.0/forgejo] [BUG] Fix archive button on release page' (#3254) from bp-v7.0/forgejo-39c3295 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3254
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-16 08:42:05 +00:00
Earl Warren
f83e55b1ca Merge pull request '[v7.0/forgejo] Some NuGet package enhancements' (#3256) from bp-v7.0/forgejo-2e613ad into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3256
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-04-16 08:41:03 +00:00
oliverpool
8f06a99c2c
[TEST] make the indexer and pull tasks cancellable (without shutdown)
See
https://codeberg.org/forgejo/forgejo/pulls/3130#issuecomment-1763440
for the conflict resolution.

(cherry picked from commit d79690ce18)
2024-04-16 10:37:59 +02:00
Earl Warren
ec6b255c2c
[TESTS] disable test failure on log.Error for now (part 2)
Fixes: https://codeberg.org/forgejo/forgejo/issues/3153
(cherry picked from commit fd62033b98)
2024-04-16 10:28:48 +02:00
oliverpool
dd474b72df
add missing defer
(cherry picked from commit 8ffaa08b04)
2024-04-16 10:28:48 +02:00
oliverpool
569b73e495
[TEST] cancel all processes on PrepareTestEnv
(cherry picked from commit aba99ab8fc)
2024-04-16 10:28:48 +02:00
Michael Kriese
a1716fcdfc Some NuGet package enhancements
- https://github.com/go-gitea/gitea/pull/30280

(cherry picked from commit 2e613ad5e7)
2024-04-16 06:54:35 +00:00
Gusted
ef0ce374a5 [BUG] Use correct empty commit ID
- `RemoveFilesFromIndex` used an hardcoded empty commit ID for the SHA1
object format, this would result in an error if the repository was
initialized to use the sha256 object format. Get the object format of
the Git repository and use that to get the empty commit id.
- Adds unit test.
- Resolves #3184

(cherry picked from commit eeaef556c2)
2024-04-16 06:47:31 +00:00
Gusted
757b7bd462 [BUG] Fix archive button on release page
- Add another selector to the list, which corresponds to the container
of the archive buttons on the release page of an repository.
- Seems like that 8d2b764607 missed
another case.
- Resolves #3180

(cherry picked from commit 39c3295f68)
2024-04-16 06:24:39 +00:00
0ko
2879c15858 Merge pull request '[v7.0/forgejo] Improve English locale' (#3241) from bp-v7.0/forgejo-3b23633 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3241
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-04-16 04:49:37 +00:00
0ko
a0a6eb6c5c Merge pull request '[v7.0/forgejo] Translations update from Weblate' (#3240) from 0ko/forgejo:v7-backport-weblate-240415 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3240
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-16 04:47:56 +00:00
Earl Warren
ee749c7916 Merge pull request '[v7.0/forgejo] fix(actions): call automerge service on successful commit state' (#3238) from bp-v7.0/forgejo-36f4732 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3238
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-04-15 17:52:36 +00:00
0ko
74bc9e666f [I18N] Improve English locale
- user settings/profile: renamed Description fild of biography to Biography

(cherry picked from commit 3b23633721)
2024-04-15 17:50:01 +00:00
Codeberg Translate
487242e043 [I18N] Translations update from Weblate (#3138)
Translations update from [Weblate](https://translate.codeberg.org) for [Forgejo/forgejo](https://translate.codeberg.org/projects/forgejo/forgejo/).

Current translation status:

![Weblate translation status](https://translate.codeberg.org/widget/forgejo/forgejo/horizontal-auto.svg)

Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: Wuzzy <Wuzzy@users.noreply.translate.codeberg.org>
Co-authored-by: hankskyjames777 <hankskyjames777@users.noreply.translate.codeberg.org>
Co-authored-by: Kita Ikuyo <searinminecraft@courvix.com>
Co-authored-by: yeziruo <yeziruo@users.noreply.translate.codeberg.org>
Co-authored-by: WithLithum <WithLithum@users.noreply.translate.codeberg.org>
Co-authored-by: EssGeeEich <EssGeeEich@users.noreply.translate.codeberg.org>
Co-authored-by: rguards <rguards@users.noreply.translate.codeberg.org>
Co-authored-by: kecrily <kecrily@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3138
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
2024-04-15 22:30:11 +05:00
Earl Warren
e982f5f63b Merge pull request '[v7.0/forgejo] [PORT] gitea#30430: Fix rename branch 500 when the target branch is deleted but exist in database' (#3236) from bp-v7.0/forgejo-db39b8f into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3236
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-15 17:23:51 +00:00
Michael Kriese
f49402273f fix(actions): call automerge service on successful commit state
- Backport of https://github.com/go-gitea/gitea/pull/30225

(cherry picked from commit 36f4732e6a)
2024-04-15 16:51:22 +00:00
Gusted
fe09c8860a [PORT] gitea#30430: Fix rename branch 500 when the target branch is deleted but exist in database
Fix https://github.com/go-gitea/gitea/issues/30428

---

Conflict resolution: trivial and move test to own subtest run directly
after `Normal`.

(cherrypicked commit 9466fec879f4f2c88c7c1e7a5cffba319282ab66)

(cherry picked from commit db39b8f4a7)
2024-04-15 15:52:24 +00:00
Giteabot
46f77eaf2b
Fix JS error when opening to expanded code comment (#30463) (#30470)
Backport #30463 by silverwind

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit dd128610115c62c96bd1f9df09aae32603c17c17)
2024-04-15 16:44:34 +02:00
Giteabot
fb91390b48
Fix network error when open/close organization/individual projects and redirect to project page (#30387) (#30465)
Backport #30387 by @yp05327

Follow #27734

![image](https://github.com/go-gitea/gitea/assets/18380374/02ed6b9a-cbb6-4f49-a54a-ca76a0d052a9)

Updated:
Redirect to project page instead of project list page.

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 3735797b3366c983de5b199a50f4c1015e8cb807)
2024-04-15 16:44:14 +02:00
Giteabot
4fe72284fc
Avoid losing token when updating mirror settings (#30429) (#30464)
Backport #30429 by @wolfogre

Fix #30416.

Before (it shows as "Unset" while there's a token):

<img width="980" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/d7148e3e-62c9-4d2e-942d-3d795b79515a">

After:

<img width="977" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/24aaa1db-5baa-4204-9081-470b15ea72b5">

The username shows as "oauth2" because of
f9fdac9809/services/migrations/dump.go (L99)

I have checked that all usage of `MirrorRemoteAddress` has been updated.

<img width="1806" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/2f042501-2824-4511-9203-c84a6731a02d">

However, it needs to be checked again when backporting.

Co-authored-by: Jason Song <i@wolfogre.com>
(cherry picked from commit 92f4cd9461949940427f789a345a3a51b2de02bf)
2024-04-15 16:43:34 +02:00
Giteabot
fa1b0d46c7
Fix mirror error when mirror repo is empty (#30432) (#30455)
Backport #30432 by @yp05327

Fix #30424

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 764878f050f92002b1941b044babbad356f4490a)
2024-04-15 16:42:17 +02:00
Giteabot
70b0c30def
Fix admin notice view-detail (#30450) (#30458)
Backport #30450 by @silverwind

Fix https://github.com/go-gitea/gitea/issues/30434, regression from
https://github.com/go-gitea/gitea/pull/30115.

I also removed the date insertion into the modal which was also broken
since that date was switched to `absolute-date` because I see no real
purpose to putting that date into the modal.

Result:

<img width="1038" alt="image"
src="https://github.com/go-gitea/gitea/assets/115237/aa2eb8b4-73dc-4d98-9b80-3f276f89d9e5">

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit fd2184e2343842e158f5b12e3d2e5b88effea2fd)
2024-04-15 16:41:44 +02:00
Giteabot
b25f2cf859
Change the default maxPerPage for gitbucket (#30392) (#30425)
Backport #30392 by @jam7

This patch improves the migration from gitbucket to gitea.

The gitbucket uses it's own internal perPage value (= 25) for paging and
ignore per_page arguments in the requested URL. This cause gitea to
migrate only 25 issues and 25 PRs from gitbucket repository. This may
not happens on old gitbucket. But recent gitbucket 4.40 or 4.38.4 has
this problem.

This patch change to use this internally hardcoded perPage of gitbucket
as gitea's maxPerPage numer when migrating from gitbucket. There are
several perPage values in gitbucket like 25 for Isseus/PRs and 10 for
Releases. Some of those API doesn't support paging yet. It sounds
difficult to implement, but using the minimum number among them worked
out very well. So, I use 10 in this patch.

Brief descriptions of problems and this patch are also available in
https://github.com/go-gitea/gitea/issues/30316.

In addition, I'm not sure what kind of test cases are possible to write
here. It's a test for migration, so it requires testing gitbucket server
and gitea server, I guess. Please let me know if it is possible to write
such test cases here. Thanks!

Co-authored-by: Kazushi (Jam) Marukawa <jam@pobox.com>
(cherry picked from commit b941d7485b53e5dd093a1cce3c9ff47c91d4fc58)
2024-04-15 16:41:09 +02:00
Giteabot
31ebee203b
Fix the spacing issue in the Project view (#30415) (#30423)
Backport #30415 by @HEREYUA

**fix**:  [#30388](https://github.com/go-gitea/gitea/issues/30388)

**before**

![image](https://github.com/go-gitea/gitea/assets/37935145/52ca7311-dca4-4430-9a37-3c45b08fe3dd)

**after**

![image](https://github.com/go-gitea/gitea/assets/37935145/6b75ce69-4423-4ea4-99a1-d7234287c5c0)

Co-authored-by: HEREYUA <37935145+HEREYUA@users.noreply.github.com>
(cherry picked from commit 358b28cec0086ff1c7517a69db64f34fcc897008)
2024-04-15 16:40:01 +02:00