Commit graph

21119 commits

Author SHA1 Message Date
Earl Warren
8359b26d3f Merge pull request '[PORT] Add warning message in merge instructions when AutodetectManualMerge was not enabled (gitea#31805)' (#4930) from gusted/forgejo-gt-bp-31805 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4930
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-11 22:15:40 +00:00
Gusted
d2184dd931 Merge pull request 'git-grep: skip binary files' (#4927) from yoctozepto/forgejo:git-grep-skip-binary into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4927
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Shiny Nematoda <snematoda@noreply.codeberg.org>
2024-08-11 18:58:48 +00:00
a1012112796
e5f8d144f2
[PORT] Add warning message in merge instructions when AutodetectManualMerge was not enabled (gitea#31805)
---

Conflict resolution: trivial
Things done differently: Improve localization message, use the paragraph
element instead of the div element, fix passing this variable to the
template and add a integration test

(cherry picked from commit 9633f336c87947dc7d2a5e76077a10699ba5e50d)
2024-08-11 19:15:37 +02:00
Radosław Piliszek
f4a7bf6d2a git-grep: skip binary files
It is a waste of resources to scan them looking for matches
because they are never returned back - they appear as empty
lines in the current format.

Notably, even if they were returned, it is unlikely that matching
in binary files makes sense when the goal is "code search".
2024-08-11 19:10:23 +02:00
Earl Warren
44002a6399 Merge pull request 'chore(refactor): split repo_service.ForkRepository in two' (#4879) from earl-warren/forgejo:wip-fork-split into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4879
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-11 15:50:52 +00:00
Radosław Piliszek
2fbb51ceb2 git-grep: ensure bounded default for MatchesPerFile
Analogously to how it happens for MaxResultLimit.

The default of 20 is inspired by a well-known, commercial code
hosting platform.

Unbounded limits are risky because they expose Forgejo to a class
of DoS attacks where queries are crafted to take advantage of
missing bounds.
2024-08-11 14:59:46 +02:00
Earl Warren
cfefe2b6c9
chore(refactor): split repo_service.ForkRepository in two
ForkRepository performs two different functions:

* The fork itself, if it does not already exist
* Updates and notifications after the fork is performed

The function is split to reflect that and otherwise unmodified.

The two function are given different names to:

* clarify which integration tests provides coverage
* distinguish it from the notification method by the same name
2024-08-11 12:40:34 +02:00
Exploding Dragon
87d50eca87 feat: support grouping by any path for arch package (#4903)
Previous arch package grouping was not well-suited for complex or multi-architecture environments. It now supports the following content:

- Support grouping by any path.
- New support for packages in `xz` format.
- Fix clean up rules

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4903): <!--number 4903 --><!--line 0 --><!--description c3VwcG9ydCBncm91cGluZyBieSBhbnkgcGF0aCBmb3IgYXJjaCBwYWNrYWdl-->support grouping by any path for arch package<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4903
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
Co-committed-by: Exploding Dragon <explodingfkl@gmail.com>
2024-08-11 10:35:11 +00:00
Earl Warren
a4da672134 Merge pull request 'git-grep: update comment' (#4921) from yoctozepto/forgejo:git-grep-update-comment into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4921
Reviewed-by: Shiny Nematoda <snematoda@noreply.codeberg.org>
2024-08-11 09:47:58 +00:00
Earl Warren
1b24180327 Merge pull request 'chore(ci): do not remove tags from forgejo-integration' (#4923) from earl-warren/forgejo:wip-integration-cleanup into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4923
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-11 09:46:25 +00:00
Earl Warren
f250f89491
chore(ci): do not remove tags from forgejo-integration
If the tag of a stable release is removed from integration, it won't
be properly described when building the test release. It will be:

8.0.0-dev-1648-7b31a541c0+gitea-1.22.0

instead of:

8.0.1-5-7b31a541c0+gitea-1.22.0
2024-08-11 07:22:21 +02:00
Radosław Piliszek
7dd7cc7ebc git-grep: update comment
It was outdated and missing detail.
2024-08-10 16:41:12 +02:00
Earl Warren
a83f5cd0f0 Merge pull request 'chore(ci): remove old releases from forgejo-integration' (#4920) from earl-warren/forgejo:wip-integration-cleanup into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4920
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-10 13:18:08 +00:00
Earl Warren
6e94be527a
chore(ci): remove old releases from forgejo-integration
The releases are created when:

* a tag is pushed to the integration repository it will create a
  vX.Y.Z release
* a new commit is pushed to a branch and mirrored to the integration
  repository, it will create a vX.Y-test release named after the branch

When both vX.Y.Z and vX.Y-test release are present, the end-to-end
tests will use vX.Y.Z because it comes first in release sort
order. This ensures that a last round of end-to-end tests is run from
the release built in the integration repository, exactly as it will be
published and signed.

In between stable releases, the vX.Y-test releases are built daily and
must be used instead for end-to-end testing so that problems can be
detected as soon as possible. For that to happen, the stable release
must be removed from the integration repository and this is done 24h
after they were published.

The vX.Y-test releases are removed if they have not been updated in 18
months. As of August 2024 it is possible for a LTS to still be needed
in tests over a year after it was last updated, although it is
unlikely that such a lack of activity happens, there is no reason to
remove the test release before that.
2024-08-10 15:16:00 +02:00
Gusted
6102f48c7d Merge pull request '[CHORE] Fix swagger deprecation message' (#4916) from gusted/swagger-deprecated into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4916
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-10 12:50:40 +00:00
Earl Warren
3b82a634c5 Merge pull request 'feat(i18n): make the test string more fun :D' (#4904) from n0toose/i18n-fun-test-string into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4904
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-10 06:03:51 +00:00
Earl Warren
f8728ad881 Merge pull request '[BUG] Return blocking errors as JSON errors' (#4914) from gusted/forgejo-block-json into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4914
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-10 05:52:27 +00:00
Earl Warren
40e51e4ca7 Merge pull request 'fix(ui): allow unreacting from comment popover' (#4798) from solomonv/forgejo:issue-reaction-fixes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4798
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-10 05:45:55 +00:00
Gusted
851d567776
[CHORE] Fix swagger deprecation message
- Fix "WARNING: item list for enum is not a valid JSON array, using the
old deprecated format" messages from
https://github.com/go-swagger/go-swagger in the CI.
2024-08-10 01:21:13 +02:00
Gusted
784173f7e9 Merge pull request 'Update dependency @stylistic/eslint-plugin-js to v2 (forgejo)' (#4910) from renovate/forgejo-major-eslint-stylistic-monorepo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4910
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-09 23:17:38 +00:00
Renovate Bot
ca00643416 Update dependency @stylistic/eslint-plugin-js to v2 2024-08-09 22:03:02 +00:00
Gusted
6ba4fb5cf6 Merge pull request 'Update vitest monorepo to v2 (forgejo) (major)' (#4913) from renovate/forgejo-major-vitest-monorepo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4913
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-09 20:38:56 +00:00
Gusted
9cc2fdffde Merge pull request 'Update dependency minimatch to v10 (forgejo)' (#4912) from renovate/forgejo-minimatch-10.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4912
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-09 20:20:27 +00:00
Gusted
967153ba45 Merge pull request 'Update dependency @stylistic/stylelint-plugin to v3 (forgejo)' (#4911) from renovate/forgejo-stylistic-stylelint-plugin-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4911
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-09 20:19:46 +00:00
Gusted
437b84a5f9 Merge pull request 'Update module github.com/editorconfig-checker/editorconfig-checker/v2/cmd/editorconfig-checker to v3 (forgejo)' (#4909) from renovate/forgejo-github.com-editorconfig-checker-editorconfig-checker-v2-cmd-editorconfig-checker-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4909
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-09 20:19:32 +00:00
Panagiotis "Ivory" Vasilopoulos
57a2b99b3c feat(i18n): make the test string more fun :D 2024-08-09 21:51:07 +02:00
Renovate Bot
8039240c26
Update module github.com/editorconfig-checker/editorconfig-checker/v2/cmd/editorconfig-checker to v3 2024-08-09 21:03:37 +02:00
Gusted
d97cf0e854
[BUG] Return blocking errors as JSON errors
- These endspoints are since b71cb7acdc
JSON-based and should therefore return JSON errors.
- Integration tests adjusted.
2024-08-09 20:34:38 +02:00
Renovate Bot
f70d50a8dc Update vitest monorepo to v2 2024-08-09 18:13:31 +00:00
Renovate Bot
ade201095a Update dependency minimatch to v10 2024-08-09 18:13:13 +00:00
Renovate Bot
c541431773 Update dependency @stylistic/stylelint-plugin to v3 2024-08-09 18:12:59 +00:00
Gusted
0f7a98d34d Merge pull request '[CHORE] Fix darwin compatibility' (#4906) from gusted/forgejo-os-compile into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4906
Reviewed-by: Caesar Schinas <caesar@caesarschinas.com>
2024-08-09 17:33:47 +00:00
Solomon Victorino
b8a5ca2c40 fix(ui): allow unreacting from comment popover
- fix selectors for hasReacted
- don't send empty HTML on reaction errors
- add E2E test
2024-08-09 10:17:04 -06:00
forgejo-renovate-action
91115b39a9 Merge pull request 'Update x/tools to v0.24.0 (forgejo)' (#4895) from renovate/forgejo-xtools into forgejo 2024-08-09 15:53:49 +00:00
Gusted
ac8856ac2b
[CHORE] Fix darwin compatibility
- Always convert (syscall.Stat_t).Dev to uint64.
- Resolves #4905
2024-08-09 17:44:41 +02:00
Gusted
d5ba61a104 Merge pull request '[UI] Fix inconsitencies in link/login account page' (#4902) from gusted/forgejo-ui-linking into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4902
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Caesar Schinas <caesar@caesarschinas.com>
2024-08-09 15:03:29 +00:00
Earl Warren
a486c684f9
Update x/tools to v0.24.0 (licenses updates) 2024-08-09 16:35:50 +02:00
Marcell Mars
d6647f710f tests additional grant scopes
- parsing scopes in `grantAdditionalScopes`
- read basic user info if `read:user`
- fail reading repository info if only `read:user`
- read repository info if `read:repository`
- if `setting.OAuth2.EnabledAdditionalGrantScopes` not provided it reads
  all groups (public+private)
- if `setting.OAuth2.EnabledAdditionalGrantScopes` provided it reads
  only public groups
- if `setting.OAuth2.EnabledAdditionalGrantScopes` and `read:organization`
 provided it reads all groups
2024-08-09 14:58:15 +02:00
Marcell Mars
8524589d8c show OAuth2 requested scopes in authorization UI
- by displaying the scopes requested for authorization in the OAuth2 app,
  users can make more informed decisions when granting access
2024-08-09 14:58:15 +02:00
Marcell Mars
7dbad27156 id_token & userinfo endpoint's public groups check
- if `groups` scope provided it checks if all, r:org or r:admin are
provided to pass all the groups. otherwise only public memberships
- in InfoOAuth it captures scopes from the token if provided in the
header. the extraction from the header is maybe a candidate for the
separate function so no duplicated code
2024-08-09 14:58:15 +02:00
Marcell Mars
4eb8d8c496 OAuth2 provider: support for granular scopes
- `CheckOAuthAccessToken` returns both user ID and additional scopes
- `grantAdditionalScopes` returns AccessTokenScope ready string (grantScopes)
   compiled from requested additional scopes by the client
- `userIDFromToken` sets returned grantScopes (if any) instead of default `all`
2024-08-09 14:58:15 +02:00
Renovate Bot
99d78fb9e7 Update x/tools to v0.24.0 2024-08-09 10:25:53 +00:00
forgejo-renovate-action
3301e7dc75 Merge pull request 'Update dependency vue to v3.4.37 (forgejo)' (#4893) from renovate/forgejo-patch-vue-monorepo into forgejo 2024-08-09 09:22:36 +00:00
Gusted
75b3645bc3
[UI] Fix inconsitencies in link/login account page
- Add the 'correct' styling for column on the link account page, this
follows what was done for the login/register page in 629ca22a97.
- Move some if conditions to be outside of the container which allocates
space on the page, this ensures it's not being shown if it's not needed.
- Resolves #4844
2024-08-09 10:52:17 +02:00
Renovate Bot
000f3562c2 Update dependency vue to v3.4.37 2024-08-09 08:07:03 +00:00
Ivan Shapovalov
012a1e0497 log: journald integration (#2869)
Provide a bit more journald integration. Specifically:

- support emission of printk-style log level prefixes, documented in [`sd-daemon`(3)](https://man7.org/linux/man-pages/man3/sd-daemon.3.html#DESCRIPTION), that allow journald to automatically annotate stderr log lines with their level;
- add a new "journaldflags" item that is supposed to be used in place of "stdflags" when under journald to reduce log clutter (i. e. strip date/time info to avoid duplication, and use log level prefixes instead of textual log levels);
- detect whether stderr and/or stdout are attached to journald by parsing `$JOURNAL_STREAM` environment variable and adjust console logger defaults accordingly.

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/2869): <!--number 2869 --><!--line 0 --><!--description bG9nOiBqb3VybmFsZCBpbnRlZ3JhdGlvbg==-->log: journald integration<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2869
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Ivan Shapovalov <intelfx@intelfx.name>
Co-committed-by: Ivan Shapovalov <intelfx@intelfx.name>
2024-08-09 07:49:13 +00:00
Earl Warren
a72763f5a3 Merge pull request 'docs: add links to the v7.0.7 & v8.0.1 release notes' (#4899) from earl-warren/forgejo:wip-release-notes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4899
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-09 07:34:40 +00:00
Earl Warren
ae85e285db Merge pull request 'disallow javascript: URI in the repository description' (#4896) from earl-warren/forgejo:wip-xss-repo-description into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4896
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-09 05:56:49 +00:00
Earl Warren
b87b38d3b9
docs: add links to the v7.0.7 & v8.0.1 release notes
They are now published in the milestone in part manually edited and in
part generated by the release notes assistant. Maintaining a single
file with all the release notes is prone to conflicts and requires
manual copy/pasting that is of little value.

It may make sense to transition to a release notes directory in which
the release notes assistant could create one file per release, with a
copy of the release notes edited in the milestone. This could be more
conveniently backported and would not require human intervention.
2024-08-09 07:26:50 +02:00
Gusted
bb448f3dc2
disallow javascript: URI in the repository description
- Fixes an XSS that was introduced in
https://codeberg.org/forgejo/forgejo/pulls/1433
- This XSS allows for `href`s in anchor elements to be set to a
`javascript:` uri in the repository description, which would upon
clicking (and not upon loading) the anchor element execute the specified
javascript in that uri.
- [`AllowStandardURLs`](https://pkg.go.dev/github.com/microcosm-cc/bluemonday#Policy.AllowStandardURLs) is now called for the repository description
policy, which ensures that URIs in anchor elements are `mailto:`,
`http://` or `https://` and thereby disallowing the `javascript:` URI.
It also now allows non-relative links and sets `rel="nofollow"` on
anchor elements.
- Unit test added.
2024-08-09 07:04:01 +02:00