Commit graph

4773 commits

Author SHA1 Message Date
Michael Jerger
5620dd76fa Merge branch 'forgejo' into forgejo-federated-pr5 2024-05-29 18:26:16 +02:00
Gergely Nagy
9fc61cae48
install: Force DisableRegistration on during install
When installing Forgejo via the on-line installer, force
DisableRegistration to true, to discourage creating instances with open
registration. Because open registration requires constant vigil to fight
off spammers of all kinds, it is not a great default. It should be a
conscious decision. This change is made in an effort to make the choice
of running an instance with open registration a conscious choice, rather
than simply the default.

Partially addresses #3925.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-28 08:57:30 +02:00
Denys Konovalov
07fe5a8b13
use existing oauth grant for public client (#31015)
Do not try to create a new authorization grant when one exists already,
thus preventing a DB-related authorization issue.

Fix https://github.com/go-gitea/gitea/pull/30790#issuecomment-2118812426

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 9c8c9ff6d10b35de8d2d7eae0fc2646ad9bbe94a)
2024-05-26 19:02:48 +02:00
wxiaoguang
5612cf32e5
Refactor sha1 and time-limited code (#31023)
Remove "EncodeSha1", it shouldn't be used as a general purpose hasher
(just like we have removed "EncodeMD5" in #28622)

Rewrite the "time-limited code" related code and write better tests, the
old code doesn't seem quite right.

(cherry picked from commit fb1ad920b769799aa1287441289d15477d9878c5)

Conflicts:
	modules/git/utils_test.go
	trivial context conflict because sha256 testing in Forgejo has diverged
2024-05-26 18:43:30 +02:00
Zettat123
886a675f62
Return access_denied error when an OAuth2 request is denied (#30974)
According to [RFC
6749](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1),
when the resource owner or authorization server denied an request, an
`access_denied` error should be returned. But currently in this case
Gitea does not return any error.

For example, if the user clicks "Cancel" here, an `access_denied` error
should be returned.

<img width="360px"
src="https://github.com/go-gitea/gitea/assets/15528715/be31c09b-4c0a-4701-b7a4-f54b8fe3a6c5"
/>

(cherry picked from commit f1d9f18d96050d89a4085c961f572f07b1e653d1)
2024-05-26 18:37:20 +02:00
wxiaoguang
a649610d61
Fix "force private" logic (#31012)
When creating a repo, the "FORCE_PRIVATE" config option should be
respected, `readonly` doesn't work for checkbox, so it should use
`disabled` attribute.

(cherry picked from commit edbf74c418061b013a5855f604dd6be6baf34132)

Conflicts:
	templates/repo/create.tmpl
	templates/repo/migrate/codebase.tmpl
	templates/repo/migrate/git.tmpl
	templates/repo/migrate/gitbucket.tmpl
	templates/repo/migrate/gitea.tmpl
	templates/repo/migrate/github.tmpl
	templates/repo/migrate/gitlab.tmpl
	templates/repo/migrate/gogs.tmpl
	templates/repo/migrate/onedev.tmpl
	already in forgejo fc0c5e80da Fix and improve repo visibility checkbox when FORCE_PRIVATE is on (#3786)
        enforcing FORCE_PRIVATE on repo settings was manually tested
	with a repository of an unprivileged user after setting
	FORCE_PRIVATE = true
2024-05-26 18:20:33 +02:00
Earl Warren
a05eb66c99
tests(web): verify compressed files are not re-compressed
the test file used has a size below the default threshold and will
never be compressed because of that, regardless of its extension. Reduce
the threshold to 10 bytes otherwise the test is a false positive.
2024-05-25 23:54:28 +02:00
Michael Jerger
82cb9e0203 ui for adding following repos 2024-05-24 13:28:15 +02:00
Earl Warren
d8e21e673d Merge pull request 'Creation of federated user' (#3792) from meissa/forgejo:forgejo-federated-pr3 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3792
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-22 11:11:42 +00:00
Michael Jerger
735d9629cf add more integration testcases 2024-05-21 18:49:31 +02:00
Earl Warren
74e07656d2 Merge pull request '[gitea] week 2024-21 cherry pick (gitea/main -> forgejo)' (#3838) from algernon/wcp/2024-21 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3838
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-21 08:05:01 +00:00
Shiny Nematoda
ec4f5495ba feat: wiki search using git-grep
+ add release note
2024-05-20 13:48:50 +00:00
Gergely Nagy
d6915f4d5f
badges: Relax the default workflow badge conditions
Previously, if no branch was explicitly specified for a workflow, it
defaulted to the default branch of the repo. This worked fine for
workflows that were triggered on push, but it prevented showing badges
for workflows that only run on tags, or on schedule - since they do not
run on a specific branch.

Thus, relax the conditions, and if no branch is specified, just return
the latest run of the given workflow. If one is specified, *then*
restrict it to said branch.

Fixes #3487.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-20 11:20:11 +02:00
Haoyuan (Bill) Xing
6cb8c81de1 Add minimal implementation for RubyGems compact index API. (#3811)
Current package registry for RubyGems does not work with Bundler, because it implements neither the [compact index](https://guides.rubygems.org/rubygems-org-compact-index-api/) or the [dependency API](https://guides.rubygems.org/rubygems-org-api/). As a result, bundler complains about finding non-existing dependencies when installing anything with dependency: `revealed dependencies not in the API or the lockfile`.

This patch provides a minimal implementation for the compact index API to solve this issue. Specifically, we implemented a version that does not cache the results / do incremental updates; which is consistent with the current implementation.

Testing:
  * Modified existing integration tests.
  * Manually Verified bundler is able to parse the served versions / info file.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3811
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Haoyuan (Bill) Xing <me@hoppinglife.com>
Co-committed-by: Haoyuan (Bill) Xing <me@hoppinglife.com>
2024-05-19 23:30:41 +00:00
wxiaoguang
193ac67176
Always load or generate oauth2 jwt secret (#30942)
Fix #30923

(cherry picked from commit effb405cae88474c27f5c8322a2627019af1cf64)
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>

Conflicts:
	- modules/setting/oauth2.go
	  Conflicted due to different ways of logging. Since the log
	  message is removed anyway, resolved by removing it.
	- modules/setting/oauth2_test.go
	  Manually copied the test added by Gitea.
	- routers/install/install.go
	  Not a conflict per se, but adjusted to use NewJwtSecret().
2024-05-19 15:47:39 +02:00
Lunny Xiao
1be797faba
Fix bug on avatar (#31008)
Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 58a03e9fadb345de5653345c2a68ecfd0750940a)
2024-05-19 13:57:52 +02:00
wxiaoguang
50b4e7f26e
Simplify mirror repository API logic (#30963)
Fix #30921

(cherry picked from commit 821d2fc2a3cc897f21d707455850177077b72410)
2024-05-19 13:57:52 +02:00
KN4CK3R
597dcd864a
Protected tag is no internal server error (#30962)
Fixes #30959

Adds an API test for protected tags.
Fix existing tag in combination with fixtures.

(cherry picked from commit b1d8f13bd0ecd9c576ebf2ecbd9c7dbeb3f5254f)
2024-05-19 13:12:35 +02:00
Zettat123
8e1de85980
Support using label names when changing issue labels (#30943)
Resolve #30917

Make the APIs for adding labels and replacing labels support both label
IDs and label names so the
[`actions/labeler`](https://github.com/actions/labeler) action can work
in Gitea.

<img width="600px"
src="https://github.com/go-gitea/gitea/assets/15528715/7835c771-f637-4c57-9ce5-e4fbf56fa0d3"
/>

(cherry picked from commit b3beaed147466739de0c24fd80206b5af8b71617)

Conflicts:
	- modules/structs/issue_label.go
	  Resolved by applying the Gitea change by hand.
	- tests/integration/api_issue_label_test.go
	  Resolved by copying the new tests.
2024-05-19 13:12:35 +02:00
oliverpool
5e73c67d67 fix: hook post-receive for sha256 repos 2024-05-15 16:43:16 +02:00
Shiny Nematoda
b6ca8abcfd [FEAT] support searching non default branches/tags when using git-grep (#3654)
resolves https://codeberg.org/forgejo/forgejo/pulls/3639#issuecomment-1806676 and https://codeberg.org/forgejo/forgejo/pulls/3513#issuecomment-1794990

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3654
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2024-05-14 15:41:03 +00:00
Lunny Xiao
eb792d9f8a
Move database operations of merging a pull request to post receive hook and add a transaction (#30805)
Merging PR may fail because of various problems. The pull request may
have a dirty state because there is no transaction when merging a pull
request. ref
https://github.com/go-gitea/gitea/pull/25741#issuecomment-2074126393

This PR moves all database update operations to post-receive handler for
merging a pull request and having a database transaction. That means if
database operations fail, then the git merging will fail, the git client
will get a fail result.

There are already many tests for pull request merging, so we don't need
to add a new one.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit ebf0c969403d91ed80745ff5bd7dfbdb08174fc7)

Conflicts:
	modules/private/hook.go
	routers/private/hook_post_receive.go
	trivial conflicts because
	  263a716cb5 * Performance optimization for git push (#30104)
	was not cherry-picked and because of
	  998a431747 Do not update PRs based on events that happened before they existed
2024-05-12 20:03:10 +02:00
Lunny Xiao
1f56a49f28
Move reverproxyauth before session so the header will not be ignored even if user has login (#27821)
When a user logout and then login another user, the reverseproxy auth
should be checked before session otherwise the old user is still login.

(cherry picked from commit 26ae5922348d2dbaf2161bbd6ac79b2aa455e5f0)
2024-05-12 20:03:10 +02:00
Jason Song
38ea77ebbe
Remove deprecated stuff for runners (#30930)
It's time (maybe somewhat late) to remove some deprecated stuff for the
runner.

- `x-runner-version`: runners needn't to report version in every
request, they will call `Declare`.
- `AgentLabels`: runners will report them as `Labels`.

(cherry picked from commit b9396a9b852e4fea0e2c39ef3ef2fdfbc9ea248a)

Conflicts:
	routers/api/actions/runner/interceptor.go
	trivial conflict because
	  e80466f734 Resolve lint for unused parameter and unnecessary type arguments (#30750)
	was not cherry-picked
2024-05-12 20:03:10 +02:00
yp05327
6c9b8401f9
Fix misspelling of mergable (#30896)
https://github.com/go-gitea/gitea/pull/25812#issuecomment-2099833692
Follow #30573

(cherry picked from commit f7d2f695a4c57b245830a526e77fa62e99e00254)

Conflicts:
	services/pull/check.go
	trivial conflict because
	  9b2536b78fdcd3cf444a2f54857d9871e153858f Update misspell to 0.5.1 and add `misspellings.csv` (#30573)
	was not cherry-picked
2024-05-12 20:03:10 +02:00
Lunny Xiao
7d3ca90dfe
Fix various problems around projects board view (#30696)
The previous implementation will start multiple POST requests from the
frontend when moving a column and another bug is moving the default
column will never be remembered in fact.

- [x] This PR will allow the default column to move to a non-first
position
- [x] And it also uses one request instead of multiple requests when
moving the columns
- [x] Use a star instead of a pin as the icon for setting the default
column action
- [x] Inserted new column will be append to the end
- [x] Fix #30701 the newly added issue will be append to the end of the
default column
- [x] Fix when deleting a column, all issues in it will be displayed
from UI but database records exist.
- [x] Add a limitation for columns in a project to 20. So the sorting
will not be overflow because it's int8.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit a303c973e0264dab45a787c4afa200e183e0d953)

Conflicts:
	routers/web/web.go
	e91733468ef726fc9365aa4820cdd5f2ddfdaa23 Add missing database transaction for new issue (#29490) was not cherry-picked
	services/issue/issue.go
	fe6792dff3 Enable/disable owner and repo projects independently (#28805) was not cherry-picked
2024-05-12 20:03:10 +02:00
Lunny Xiao
9bc391250d
Fix wrong transfer hint (#30889)
Fix #30187

(cherry picked from commit f5f921c09555f5b31226fc31bbbb463649d0bfdc)
2024-05-12 20:03:10 +02:00
Gergely Nagy
9cb2aa989a
Teach activities.GetFeeds() how to avoid returning duplicates
Before explaining the fix itself, lets look at the `action` table, and
how it is populated. Data is only ever inserted into it via
`activities_model.NotifyWatchers`, which will:

- Insert a row for each activity with `UserID` set to the acting user's
  ID - this is the original activity, and is always inserted if anything
  is to be inserted at all.
- It will insert a copy of each activity with the `UserID` set to the
  repo's owner, if the owner is an Organization, and isn't the acting
  user.
- It will insert a copy of each activity for every watcher of the repo,
  as long as the watcher in question has read permission to the repo
  unit the activity is about.

This means that if a repository belongs to an organizations, for most
activities, it will have at least two rows in the table. For
repositories watched by people other than their owner, an additional row
for each watcher.

These are useful duplicates, because they record which activities are
relevant for a particular user. However, for cases where we wish to see
the activities that happen around a repository, without limiting the
results to a particular user, we're *not* interested in the duplicates
stored for the watchers and the org. We only need the originals.

And this is what this change does: it introduces an additional option to
`GetFeedsOptions`: `OnlyPerformedByActor`. When this option is set,
`activities.GetFeeds()` will only return the original activities, where
the user id and the acting user id are the same. As these are *always*
inserted, we're not missing out on any activities. We're just getting
rid of the duplicates. As this is an additional `AND` condition, it can
never introduce items that would not have been included in the result
set before, it can only reduce, not extend.

These duplicates were only affecting call sites where `RequestedRepo`
was set, but `RequestedUser` and `RequestedTeam` were not. Both of those
call sites were updated to set `OnlyPerformedByActor`. As a result,
repository RSS feeds, and the `/repos/{owner}/{repo}/activities/feeds`
API end points no longer return dupes, only the original activities.

Rather than hardcoding this behaviour into `GetFeeds()` itself, I chose
to implement it as an explicit option, for the sake of clarity.

Fixes Codeberg/Community#684, and addresses gitea#20986.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-09 18:33:33 +02:00
Yaroslav Halchenko
2b2fd2728c Add codespell support and fix a good number of typos with its help (#3270)
More about codespell: https://github.com/codespell-project/codespell .

I personally introduced it to dozens if not hundreds of projects already and so far only positive feedback.

```
❯ grep lint-spell Makefile
	@echo " - lint-spell                       lint spelling"
	@echo " - lint-spell-fix                   lint spelling and fix issues"
lint: lint-frontend lint-backend lint-spell
lint-fix: lint-frontend-fix lint-backend-fix lint-spell-fix
.PHONY: lint-spell
lint-spell: lint-codespell
.PHONY: lint-spell-fix
lint-spell-fix: lint-codespell-fix
❯ git grep lint- -- .forgejo/
.forgejo/workflows/testing.yml:      - run: make --always-make -j$(nproc) lint-backend checks-backend # ensure the "go-licenses" make target runs
.forgejo/workflows/testing.yml:      - run: make lint-frontend
```
so how would you like me to invoke `lint-codespell` on CI? (without that would be IMHO very suboptimal and let typos sneak in)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3270
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Yaroslav Halchenko <debian@onerussian.com>
Co-committed-by: Yaroslav Halchenko <debian@onerussian.com>
2024-05-09 13:49:37 +00:00
Earl Warren
a2c8fe0370 Merge pull request '[gitea] week 2024-19 cherry pick (gitea-github/main -> forgejo)' (#3639) from earl-warren/wcp/2024-19 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3639
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-05-07 22:47:53 +00:00
Michael Jerger
2177d38e9c feat(federation): validate like activities (#3494)
First step on the way to #1680

The PR will

* accept like request on the api
* validate activity in a first level

You can find

* architecture at: https://codeberg.org/meissa/forgejo/src/branch/forgejo-federated-star/docs/unsure-where-to-put/federation-architecture.md

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3494
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
2024-05-07 07:59:49 +00:00
Kemal Zebari
e388822e9d
Don't only list code-enabled repositories when using repository API (#30817)
We should be listing all repositories by default.

Fixes #28483.

(cherry picked from commit 9f0ef3621a3b63ccbe93f302a446b67dc54ad725)

Conflict:
   -		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.UnitAccessMode(unit_model.TypeCode) >= perm.AccessModeRead {
   +		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.HasAccess() {
   because of https://codeberg.org/forgejo/forgejo/pulls/2001
2024-05-05 12:15:40 +01:00
yp05327
6a4bc0289d
Fix no edit history after editing issue's title and content (#30814)
Fix #30807

reuse functions in services

(cherry picked from commit a50026e2f30897904704895362da0fb12c7e5b26)

Conflicts:
	models/issues/issue_update.go
	routers/api/v1/repo/issue.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
2024-05-05 12:15:40 +01:00
wxiaoguang
d93d62371c
Ignore useless error message "broken pipe" (#30801)
Fix #30792

(cherry picked from commit 53b55223d167c3fc996dd0278a656f421408ace7)
2024-05-05 12:15:40 +01:00
Bo-Yi Wu
b29190c4f0
refactor: merge ListActionTasks func to action.go file (#30811)
Just merge actions.go file to action.go

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
(cherry picked from commit e67fbe4f15cdc544f6bec975de6560556724f098)
2024-05-05 12:15:40 +01:00
Archer
1b088fade6
Prevent automatic OAuth grants for public clients (#30790)
This commit forces the resource owner (user) to always approve OAuth 2.0
authorization requests if the client is public (e.g. native
applications).

As detailed in [RFC 6749 Section 10.2](https://www.rfc-editor.org/rfc/rfc6749.html#section-10.2),

> The authorization server SHOULD NOT process repeated authorization
requests automatically (without active resource owner interaction)
without authenticating the client or relying on other measures to ensure
that the repeated request comes from the original client and not an
impersonator.

With the implementation prior to this patch, attackers with access to
the redirect URI (e.g., the loopback interface for
`git-credential-oauth`) can get access to the user account without any
user interaction if they can redirect the user to the
`/login/oauth/authorize` endpoint somehow (e.g., with `xdg-open` on
Linux).

Fixes #25061.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 5c542ca94caa3587329167cfe9e949357ca15cf1)
2024-05-05 12:15:40 +01:00
Kemal Zebari
9cd0441cd3
Catch and handle unallowed file type errors in issue attachment API (#30791)
Before, we would just throw 500 if a user passes an attachment that is
not an allowed type. This commit catches this error and throws a 422
instead since this should be considered a validation error.

(cherry picked from commit 872caa17c0a30d95f85ab75c068d606e07bd10b3)

Conflicts:
	tests/integration/api_comment_attachment_test.go
	tests/integration/api_issue_attachment_test.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
2024-05-05 12:15:40 +01:00
Chester
1a40fe54a6
Add API endpoints for getting action jobs status (#26673)
Sample of response, it is similar to Github actions

ref
https://docs.github.com/en/rest/actions/workflow-runs?apiVersion=2022-11-28#list-workflow-runs-for-a-repository

``` json
{
    "workflow_runs": [
        {
            "id": 3,
            "name": "Explore-Gitea-Actions",
            "head_branch": "main",
            "head_sha": "6d8d29a9f7a01ded8f8aeb64341cb31ee1ab5f19",
            "run_number": 3,
            "event": "push",
            "display_title": "More job",
            "status": "success",
            "workflow_id": "demo2.yaml",
            "url": "/chester/test/actions/runs/3",
            "created_at": "2023-08-22T13:41:33-04:00",
            "updated_at": "2023-08-22T13:41:37-04:00",
            "run_started_at": "2023-08-22T13:41:33-04:00"
        },
        {
            "id": 2,
            "name": "Explore-Gitea-Actions",
            "head_branch": "main",
            "head_sha": "6d8d29a9f7a01ded8f8aeb64341cb31ee1ab5f19",
            "run_number": 2,
            "event": "push",
            "display_title": "More job",
            "status": "success",
            "workflow_id": "demo.yaml",
            "url": "/chester/test/actions/runs/2",
            "created_at": "2023-08-22T13:41:30-04:00",
            "updated_at": "2023-08-22T13:41:33-04:00",
            "run_started_at": "2023-08-22T13:41:30-04:00"
        },
        {
            "id": 1,
            "name": "Explore-Gitea-Actions",
            "head_branch": "main",
            "head_sha": "e5369ab054cae79899ba36e45ee82811a6e0acd5",
            "run_number": 1,
            "event": "push",
            "display_title": "Add job",
            "status": "failure",
            "workflow_id": "demo.yaml",
            "url": "/chester/test/actions/runs/1",
            "created_at": "2023-08-22T13:15:21-04:00",
            "updated_at": "2023-08-22T13:18:10-04:00",
            "run_started_at": "2023-08-22T13:15:21-04:00"
        }
    ],
    "total_count": 3
}
```

---------

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: puni9869 <80308335+puni9869@users.noreply.github.com>
(cherry picked from commit 6709e28da78a0ea7e63f9fe4e32f620abdc88d14)

Conflicts:
	routers/api/v1/swagger/repo.go
	trivial context conflict
2024-05-05 12:15:40 +01:00
silverwind
9792a377e4
Fix tautological conditions (#30735)
As discovered by https://github.com/go-gitea/gitea/pull/30729.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 610802df85933e7a190a705bc3f7800da87ce868)

Conflicts:
	tests/integration/git_test.go
	trivial conflict because of https://codeberg.org/forgejo/forgejo/pulls/2834
2024-05-05 08:59:40 +01:00
Chongyi Zheng
c504461b66
Resolve lint for unused parameter and unnecessary type arguments (#30750)
Resolve all cases for `unused parameter` and `unnecessary type
arguments`

Related: #30729

---------

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit e80466f7349164ce4cf3c07bdac30d736d20f035)

Conflicts:
	modules/markup/markdown/transform_codespan.go
	modules/setting/incoming_email.go
	routers/api/v1/admin/user_badge.go
	routers/private/hook_pre_receive.go
	tests/integration/repo_search_test.go
	resolved by discarding the change, this is linting only and
	for the sake of avoiding future conflicts
2024-05-05 08:38:16 +01:00
Micash
b8e7b3941a
Add support for npm bundleDependencies (#30751)
(cherry picked from commit ad4e902d5a1430c0c1df18bf404537df5ded1dba)
2024-05-05 08:24:01 +01:00
Earl Warren
c9624d4cdb Merge pull request 'Add an immutable tarball link to archive download headers for Nix' (#3615) from jadeprime/forgejo:jade/nix-tarball-link into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3615
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-04 07:01:02 +00:00
Jade Lovelace
6631f56ebf Add an immutable tarball link to archive download headers for Nix
This allows `nix flake metadata` and nix in general to lock a *branch*
tarball link in a manner that causes it to fetch the correct commit even
if the branch is updated with a newer version.

For further context, Nix flakes are a feature that, among other things,
allows for "inputs" that are "github:someuser/somerepo",
"https://some-tarball-service/some-tarball.tar.gz",
"sourcehut:~meow/nya" or similar. This feature allows our users to fetch
tarballs of git-based inputs to their builds rather than using git to
fetch them, saving significant download time.

There is presently no gitea or forgejo specific fetcher in Nix, and we
don't particularly wish to have one. Ideally (as a developer on a Nix
implementation myself) we could just use the generic tarball fetcher and
not add specific forgejo support, but to do so, we need additional
metadata to know which commit a given *branch* tarball represents, which
is the purpose of the Link header added here.

The result of this patch is that a Nix user can specify `inputs.something.url =
"https://forgejo-host/some/project/archive/main.tar.gz"` in flake.nix
and get a link to some concrete tarball for the actual commit in the
lock file, then when they run `nix flake update` in the future, they
will get the latest commit in that branch.

Example of it working locally:

 » nix flake metadata --refresh 'http://localhost:3000/api/v1/repos/jade/cats/archive/main.tar.gz?dir=configs/nix'
Resolved URL:  http://localhost:3000/api/v1/repos/jade/cats/archive/main.tar.gz?dir=configs/nix
Locked URL:    804ede182b.tar.gz?dir=configs
/nix&narHash=sha256-yP7KkDVfuixZzs0fsqhSETXFC0y8m6nmPLw2GrAMxKQ%3D
Description:   Computers with the nixos
Path:          /nix/store/s856c6yqghyan4v0zy6jj19ksv0q22nx-source
Revision:      804ede182b6b66469b23ea4d21eece52766b7a06
Last modified: 2024-05-02 00:48:32

For details on the header value, see:
56763ff918/doc/manual/src/protocols/tarball-fetcher.md
2024-05-03 15:21:45 -07:00
JakobDev
d50efa626a Show repo count in blocked users tab (#3601)
Fixes #3595

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3601
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-committed-by: JakobDev <jakobdev@gmx.de>
2024-05-02 15:51:27 +00:00
Earl Warren
9bc866124b Merge pull request 'Use PostFormValue instead of PostForm.Get' (#3563) from algernon/forgejo:s/Req.PostForm.Get/Req.PostFormValue/g into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3563
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-02 15:48:28 +00:00
Gergely Nagy
b08aef967e
Use PostFormValue instead of PostForm.Get
In `repo.RemoveDependency`, use `PostFormValue` instead of
`PostForm.Get`. The latter requires `ParseForm()` to be called prior,
and in this case, has no benefit over `PostFormValue` anyway (which
calls `ParseForm()` if necessary).

While this currently does not cause any issue as far as I can tell, it
feels like a bug lying in wait for the perfect opportunity. Lets squash
it before it can do harm.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-02 10:51:07 +02:00
Gergely Nagy
632a274b8f
Fix Issue watching / unwatching on the web ui
When subscribing or unsubscribing to/from an issue on the web ui, the
request was posted to a route handled by `repo.IssueWatch`. This
function used `ctx.Req.PostForm.Get()`, erroneously.

`request.PostForm` is *only* available if `request.ParseForm()` has been
called before it. The function in question did not do that. Under some
circumstances, something, somewhere did end up calling `ParseForm()`,
but not in every scenario.

Since we do not need to check for multiple values, the easiest fix here
is to use `ctx.Req.PostFormValue`, which will call `ParseForm()` if
necessary.

Fixes #3516.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 11:04:54 +02:00
Earl Warren
79ffb2de47 Merge pull request '[gitea] week 2024-18 cherry pick (gitea-github/main -> forgejo)' (#3513) from earl-warren/wcp/2024-18 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3513
Reviewed-by: jean-daricade <jean-daricade@noreply.codeberg.org>
2024-04-30 06:42:26 +00:00
oliverpool
e1d93950ad feat: implement PKCE when acting as oauth2 client (for user login)
Closes #2766
2024-04-29 11:20:26 +02:00
Beowulf
c54896ba70 Show repo activities even if only code unit active or git repo is empty but issue is active (#3455)
When all repository units are deactivated except for the code unit, the activity tab will not be shown.
Since the activities tab also shows contributing stats, it would be good to show the activities tab also when only code is active.
This commit changes the behavior when the activities tab is shown.
Previous it would only be shown when Issues, Pull-Requests or Releases are activated. Now it would additionally be shown when the code unit is activated.

Refs: #3429

| Before (Code + Issues - Owner) | Before (Code - Viewer) | After (Code + Issues - Owner) | After (Code - Viewer) |
| -- | -- | -- | -- |
| ![image](/attachments/2af997bc-1f38-48c6-bdf3-cfbd7087b220)  | ![image](/attachments/ef1797f0-5c9a-4a1a-ba82-749f3ab4f403) | ![image](/attachments/fd28a96c-04ca-407e-a70d-d28b393f223d) | ![image](/attachments/2cd0d559-a6de-4ca0-a736-29c5fea81b5a) |
|  | `/activity` returns 404 for everyone | ![image](/attachments/e0e97d8f-48cb-4c16-a505-1fafa46c4b8e)  | - |

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3455
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Co-committed-by: Beowulf <beowulf@beocode.eu>
2024-04-28 13:47:52 +00:00
Chongyi Zheng
ec6d46bc8f
Fix nil dereference on error (#30740)
In both cases, the `err` is nil because of `if` checks before

Reference: #30729
(cherry picked from commit 970965f6d8fb4e68613ca445d2414c6c796b5231)
2024-04-28 15:39:02 +02:00
Kemal Zebari
4ed372af13
Prevent allow/reject reviews on merged/closed PRs (#30686)
Resolves #30675.

(cherry picked from commit dd301cae1c40c9ef2805bd13af6b09a81ff4f5d7)

Conflicts:
	tests/integration/pull_review_test.go
	trivial context conflict in import
2024-04-28 15:39:01 +02:00
Bo-Yi Wu
7b456a28d1
feat(api): enhance Actions Secrets Management API for repository (#30656)
- Add endpoint to list repository action secrets in API routes
- Implement `ListActionsSecrets` function to retrieve action secrets
from the database
- Update Swagger documentation to include the new
`/repos/{owner}/{repo}/actions/secrets` endpoint
- Add `actions` package import and define new routes for actions,
secrets, variables, and runners in `api.go`.
- Refactor action-related API functions into `Action` struct methods in
`org/action.go` and `repo/action.go`.
- Remove `actionAPI` struct and related functions, replacing them with
`NewAction()` calls.
- Rename `variables.go` to `action.go` in `org` directory.
- Delete `runners.go` and `secrets.go` in both `org` and `repo`
directories, consolidating their content into `action.go`.
- Update copyright year and add new imports in `org/action.go`.
- Implement `API` interface in `services/actions/interface.go` for
action-related methods.
- Remove individual action-related functions and replace them with
methods on the `Action` struct in `repo/action.go`.

---------

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Signed-off-by: appleboy <appleboy.tw@gmail.com>
(cherry picked from commit 852547d0dc70299589c7bf8d00ea462ed709b8e5)

Conflicts:
	routers/api/v1/api.go
	trivial conflict because of Fix #2512 /api/forgejo/v1/version auth check (#2582)
2024-04-28 15:39:01 +02:00
wxiaoguang
089e95f250
Fix code search input for different views (#30678)
Now only show the "code search" on the repo home page, because it only
does global search.
So do not show it when viewing file or directory to avoid misleading
users (it doesn't search in a directory)

(cherry picked from commit 993736d838c36e26951b6cfea9c6a549958addd1)
2024-04-28 15:39:01 +02:00
Lunny Xiao
4e6e63dca2
Fix compare api swagger (#30648)
The swagger format on #30349 is not right. This PR will fix it.

(cherry picked from commit 8924d9b2efd52132876fcd106c625a2a2db7a295)
2024-04-28 15:39:00 +02:00
silverwind
12b199c5e5
Enable more revive linter rules (#30608)
Noteable additions:

- `redefines-builtin-id` forbid variable names that shadow go builtins
- `empty-lines` remove unnecessary empty lines that `gofumpt` does not
remove for some reason
- `superfluous-else` eliminate more superfluous `else` branches

Rules are also sorted alphabetically and I cleaned up various parts of
`.golangci.yml`.

(cherry picked from commit 74f0c84fa4245a20ce6fb87dac1faf2aeeded2a2)

Conflicts:
	.golangci.yml
	apply the linter recommendations to Forgejo code as well
2024-04-28 15:39:00 +02:00
Bo-Yi Wu
4e2de8bdc6
fix(api): refactor branch and tag existence checks (#30618)
- Update branch existence check to also include tag existence check
- Adjust error message for branch/tag existence check

ref: https://github.com/go-gitea/gitea/pull/30349

---------

Signed-off-by: appleboy <appleboy.tw@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 6459c50278906893f3cbc2bf3e52eff65e739b37)
2024-04-28 15:39:00 +02:00
Otto Richter
bc8860ce32 Move watching sub-template to sidebar folder 2024-04-28 12:56:28 +02:00
Baptiste Daroussin
08f5a25d3b ldap: default domain name (#3414)
When the ldap synchronizer is look for an email address and fails at
finding one, it falls back at creating one using "localhost.local"
domain.

This new field makes this domain name configurable.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3414
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Baptiste Daroussin <bapt@FreeBSD.org>
Co-committed-by: Baptiste Daroussin <bapt@FreeBSD.org>
2024-04-26 22:38:58 +00:00
Earl Warren
94d7523f83 Merge pull request '[BUG] save empty comments' (#3442) from oliverpool/forgejo:empty_comments into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3442
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-25 19:32:28 +00:00
Earl Warren
7cabc5670d
Implement remote user login source and promotion to regular user
A remote user (UserTypeRemoteUser) is a placeholder that can be
promoted to a regular user (UserTypeIndividual). It represents users
that exist somewhere else. Although the UserTypeRemoteUser already
exists in Forgejo, it is neither used or documented.

A new login type / source (Remote) is introduced and set to be the login type
of remote users.

Type        UserTypeRemoteUser
LogingType  Remote

The association between a remote user and its counterpart in another
environment (for instance another forge) is via the OAuth2 login
source:

LoginName   set to the unique identifier relative to the login source
LoginSource set to the identifier of the remote source

For instance when migrating from GitLab.com, a user can be created as
if it was authenticated using GitLab.com as an OAuth2 authentication
source.

When a user authenticates to Forejo from the same authentication
source and the identifier match, the remote user is promoted to a
regular user. For instance if 43 is the ID of the GitLab.com OAuth2
login source, 88 is the ID of the Remote loging source, and 48323
is the identifier of the foo user:

Type        UserTypeRemoteUser
LogingType  Remote
LoginName   48323
LoginSource 88
Email       (empty)
Name        foo

Will be promoted to the following when the user foo authenticates to
the Forgejo instance using GitLab.com as an OAuth2 provider. All users
with a LoginType of Remote and a LoginName of 48323 are examined. If
the LoginSource has a provider name that matches the provider name of
GitLab.com (usually just "gitlab"), it is a match and can be promoted.

The email is obtained via the OAuth2 provider and the user set to:

Type        UserTypeIndividual
LogingType  OAuth2
LoginName   48323
LoginSource 43
Email       foo@example.com
Name        foo

Note: the Remote login source is an indirection to the actual login
source, i.e. the provider string my be set to a login source that does
not exist yet.
2024-04-25 13:03:49 +02:00
oliverpool
ea9051624d comment: save empty comments 2024-04-25 11:21:39 +02:00
Gergely Nagy
c647e8639f
api: The repo wiki APIs should respect WikiBranch
Back in #2264, we made it possible to change the branch wikis use from
the hardcoded "master" branch to `[repository].DEFAULT_BRANCH`. However,
the API endpoints were not updated, and the "master" branch remained
hardcoded there.

This change fixes that, the API endpoints will now respect the
repository's `WikiBranch`.

Fixes #3391.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-25 00:36:58 +02:00
JakobDev
1bce2dc5c5 [FEAT]Add Option to hide Release Archive links (#3139)
This adds a new options to releases to hide the links to the automatically generated archives. This is useful, when the automatically generated Archives are broken e.g. because of Submodules.

![grafik](/attachments/5686edf6-f318-4175-8459-89c33973b181)
![grafik](/attachments/74a8bf92-2abb-47a0-876d-d41024770d0b)

Note:
This juts hides the Archives from the UI. Users can still download 5the Archive if they know t correct URL.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3139
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-committed-by: JakobDev <jakobdev@gmx.de>
2024-04-24 15:15:55 +00:00
Earl Warren
b63b224c36 Merge pull request '[gitea] week 2024-17 cherry pick (gitea/main -> forgejo)' (#3350) from algernon/wcp/2024-17 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3350
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-22 18:48:13 +00:00
0ko
469c214ec8 s/Gitea/Forgejo in various log messages and comments 2024-04-21 21:26:15 +05:00
wxiaoguang
3330b4d5d8
Fix HEAD method for robots.txt (#30603)
Fix #30601

(cherry picked from commit f60e1a1af25154160f08b85eb159c930b340df8b)
2024-04-21 16:28:16 +02:00
wxiaoguang
abeea42751
Fix project description rendering for org (#30587)
Fix #30263

![image](https://github.com/go-gitea/gitea/assets/2114189/41cabe6c-f94a-4874-a26f-d01bb89bb28c)

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit eb24d973b036e4dddf505d8c12e905ecb1a688f9)
2024-04-21 16:28:16 +02:00
Edward Zhang
b3a6596b54
Fix branch_protection api shows users/teams who has no readAccess (#30291)
Add some logic in `convert.ToBranchProtection` to return only the names
associated with readAccess instead of returning all names. This will
ensure consistency in behavior between the frontend and backend.
Fixes: #27694

---------

Co-authored-by: techknowlogick <techknowlogick@gitea.com>
Co-authored-by: wenzhuo.zhang <wenzhuo.zhang@geely.com>
Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 02e183bf3fa502b7cef76e8dcdbf01b85ce641f0)
2024-04-21 16:28:16 +02:00
yp05327
3662829cc9
Fix empty field login_name in API response JSON when creating user (#30511)
Fix #30508

ps: if `sourceID` is not set, `LoginName` will be ignored
(cherry picked from commit cf9061f44a439aa7775e301a7467dbda22a06eaa)
2024-04-21 11:59:16 +02:00
Bo-Yi Wu
e025ec0131
feat(api): implement branch/commit comparison API (#30349)
- Add new `Compare` struct to represent comparison between two commits
- Introduce new API endpoint `/compare/*` to get commit comparison
information
- Create new file `repo_compare.go` with the `Compare` struct definition
- Add new file `compare.go` in `routers/api/v1/repo` to handle
comparison logic
- Add new file `compare.go` in `routers/common` to define `CompareInfo`
struct
- Refactor `ParseCompareInfo` function to use `common.CompareInfo`
struct
- Update Swagger documentation to include the new API endpoint for
commit comparison
- Remove duplicate `CompareInfo` struct from
`routers/web/repo/compare.go`
- Adjust base path in Swagger template to be relative (`/api/v1`)

GitHub API
https://docs.github.com/en/rest/commits/commits?apiVersion=2022-11-28#compare-two-commits

---------

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit c70e442ce4b99e2a1f1bf216afcfa1ad78d1925a)

Conflicts:
	- routers/api/v1/swagger/repo.go
	  Conflict resolved by manually adding the lines from the Gitea
	  PR.
2024-04-21 11:58:18 +02:00
Gergely Nagy
8eba631f8d
hooks: Harden when we accept push options that change repo settings
It is possible to change some repo settings (its visibility, and
template status) via `git push` options: `-o repo.private=true`, `-o
repo.template=true`.

Previously, there weren't sufficient permission checks on these, and
anyone who could `git push` to a repository - including via an AGit
workflow! - was able to change either of these settings. To guard
against this, the pre-receive hook will now check if either of these
options are present, and if so, will perform additional permission
checks to ensure that these can only be set by a repository owner or
an administrator. Additionally, changing these settings is disabled for
forks, even for the fork's owner.

There's still a case where the owner of a repository can change the
visibility of it, and it will not propagate to forks (it propagates to
forks when changing the visibility via the API), but that's an
inconsistency, not a security issue.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Signed-off-by: Earl Warren <contact@earl-warren.org>
2024-04-19 16:53:14 +02:00
Earl Warren
d07f12e010 Merge pull request 'Do not require login_name & source_id for /admin/user/{username}' (#3278) from algernon/forgejo:leave-your-name-at-the-door into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3278
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-17 11:05:13 +00:00
Gergely Nagy
d07c8c821c
Do not require login_name & source_id for /admin/user/{username}
When editing a user via the API, do not require setting `login_name` or
`source_id`: for local accounts, these do not matter. However, when
editing a non-local account, require *both*, as before.

Fixes #1861.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-17 10:33:52 +02:00
Gergely Nagy
df8e58c5cb
Allow changing global wiki editability via the API
The global wiki editability can be set via the web UI, this patch makes
it possible to set the same thing via the API too. This is accomplished
by adjusting the GET and PATCH handlers of the
`/api/v1/repos/{owner}/{repo}` route.

The first will include the property when checking the repo's settings,
the second allows a repo admin to change the setting too.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-16 22:51:36 +02:00
oliverpool
ada8bfa52f Merge pull request 'Fix release published actions not triggering for releases created from existing tags' (#3220) from zotan/forgejo:forgejo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3220
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-16 18:27:59 +00:00
Zettat123
463ea8fdd2
Check the token's owner and repository when registering a runner (#30406)
Fix #30378

(cherry picked from commit 0fe9f93eb4c94d55e43b18b9c3cc6d513a34c0b5)

Conflicts:
	- models/organization/org.go
	- services/repository/delete.go
	- services/user/delete.go
	In all three cases, conflicts were resolved by manually adding
        the lines added by the Gitea patch, keeping the Forgejo code
        surrounding them.
2024-04-16 09:38:26 +02:00
Laura Hausmann
46977b0f01
Fix release published actions not triggering for releases created from existing tags 2024-04-15 22:53:53 +02:00
Gergely Nagy
5bf959a3a5
Convert the remaining interface{}s to any
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-15 20:01:36 +02:00
yp05327
9987b75662
Fix network error when open/close organization/individual projects and redirect to project page (#30387)
Follow #27734

![image](https://github.com/go-gitea/gitea/assets/18380374/02ed6b9a-cbb6-4f49-a54a-ca76a0d052a9)

Updated:
Redirect to project page instead of project list page.

(cherry picked from commit af02b8a0e9b00a324fb92f1f73ea386dd9595c3d)
2024-04-15 20:01:36 +02:00
Lunny Xiao
f544bb25b5
Fix missed doer (#30231)
Fix #29879

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 908426aa0fcc58961c345994f0f66056f6cf5f48)
2024-04-15 20:01:35 +02:00
wxiaoguang
9b8de15797
Clean up log messages (#30313)
`log.Xxx("%v")` is not ideal, this PR adds necessary context messages.
Remove some unnecessary logs.

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 83f83019ef3471b847a300f0821499b3896ec987)

Conflicts:
	- modules/util/util.go
          Conflict resolved by picking `util.Iif` from 654cfd1dfbd3f3f1d94addee50b6fe2b018a49c3
2024-04-15 20:01:35 +02:00
0ko
ceba1abe06 Merge pull request 'Improve English locale' (#2941) from 0ko/forgejo:english20240401 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2941
Reviewed-by: Otto <otto@codeberg.org>
2024-04-15 17:34:52 +00:00
Gusted
db39b8f4a7
[PORT] gitea#30430: Fix rename branch 500 when the target branch is deleted but exist in database
Fix https://github.com/go-gitea/gitea/issues/30428

---

Conflict resolution: trivial and move test to own subtest run directly
after `Normal`.

(cherrypicked commit 9466fec879f4f2c88c7c1e7a5cffba319282ab66)
2024-04-15 16:03:09 +02:00
oliverpool
16879b07d2 [PORT] drop utils.IsExternalURL (and expand IsRiskyRedirectURL tests) (#3167)
Related to  #2773
Related to Refactor URL detection [gitea#29960](https://github.com/go-gitea/gitea/pull/29960)
Related to Refactor external URL detection [gitea#29973](https://github.com/go-gitea/gitea/pull/29973)

I added a bunch of tests to `httplib.TestIsRiskyRedirectURL` and some cases should be better handled (however it is not an easy task).

I also ported the removal of `utils.IsExternalURL`, since it prevents duplicated (subtle) code.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3167
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
2024-04-15 13:03:08 +00:00
Shiny Nematoda
aec787b927 fix code search template 2024-04-11 14:52:37 +00:00
Earl Warren
ad8a3ed2a1 Merge pull request 'Do not update PRs based on events that happened before they existed' (#2932) from earl-warren/forgejo:wip-superfluous into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2932
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
2024-04-11 12:07:07 +00:00
Earl Warren
998a431747
Do not update PRs based on events that happened before they existed
* Split TestPullRequest out of AddTestPullRequestTask
* A Created field is added to the Issue table
* The Created field is set to the time (with nano resolution) on creation
* Record the nano time repo_module.PushUpdateOptions is created by the hook
* The decision to update a pull request created before a commit was
  pushed is based on the time (with nano resolution) the git hook
  was run and the Created field

It ensures the following happens:

* commit C is pushed
* the git hook queues AddTestPullRequestTask for processing and returns with success
* TestPullRequest is not called yet
* a pull request P with commit C as the head is created
* TestPullRequest runs and ignores P because it was created after the commit was received

When the "created" column is NULL, no verification is done, pull
requests that were created before the column was created in the
database cannot be newer than the latest call to a git hook.

Fixes: https://codeberg.org/forgejo/forgejo/issues/2009
2024-04-11 11:16:23 +02:00
Earl Warren
9396edb2e3 Merge pull request 'Update checker setting updates' (#2925) from 0ko/forgejo:update_check_default into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2925
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-04-10 20:54:10 +00:00
oliverpool
9a94019db4 webhook: add admin-hooks tests 2024-04-09 20:02:14 +02:00
oliverpool
e0b5f2d59b webhook: fix admin-hooks new dropdowns 2024-04-09 20:02:14 +02:00
Earl Warren
2d3705bb81 Merge pull request '[CHORE] Remove Microsoft SQL Server support' (#3040) from gusted/forgejo-rm-mssql into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3040
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-09 05:34:54 +00:00
Earl Warren
26fc7c3461 Merge pull request '[gitea] week 15 cherry pick' (#3091) from algernon/forgejo:wcp/week-15 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3091
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-09 05:31:44 +00:00
Earl Warren
7179ae8cc1 Merge pull request '[GITEA PORT] Do some performance optimize for issues list and view issue/pull (gitea#29515)' (#3116) from oliverpool/forgejo:port_29515 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3116
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-08 19:04:40 +00:00
Lunny Xiao
c9854bee98 Do some performance optimize for issues list and view issue/pull (gitea#29515)
This PR do some performance optimzations.

- [x] Add `index` for the column `comment_id` of `Attachment` table to
accelerate query from the database.
- [x] Remove unnecessary database queries when viewing issues. Before
some conditions which id = 0 will be sent to the database
- [x] Remove duplicated load posters
- [x] Batch loading attachements, isread of comments on viewing issue

---------

Co-authored-by: Zettat123 <zettat123@gmail.com>
Conflicts:
models/issues/comment_code.go: function was renamed in Forgejo
models/migrations/migrations.go: migration already ported
2024-04-08 14:47:31 +02:00
JakobDev
613e5387c5 Count downloads for tag archives 2024-04-08 12:51:27 +02:00
Zettat123
87870ade49
Remove scheduled action tasks if the repo is archived (#30224)
Fix #30220

(cherry picked from commit 1ef2eb50d82d07b1e4ff312ef58953d1bba2437a)
2024-04-07 15:40:31 +02:00
Jack Hay
e08f05b069
Add setting to disable user features when user login type is not plain (#29615)
- Adds setting `EXTERNAL_USER_DISABLE_FEATURES` to disable any supported
user features when login type is not plain
- In general, this is necessary for SSO implementations to avoid
inconsistencies between the external account management and the linked
account
- Adds helper functions to encourage correct use

(cherry picked from commit 59d4aadba5c15d02f3b9f0e61abb7476870c20a5)

Conflicts:
	- docs/content/administration/config-cheat-sheet.en-us.md
          Removed.
	- modules/setting/admin.go
          Trivial resolution: pick the newly added struct member.
2024-04-07 11:09:21 +02:00
sillyguodong
16696a42f5
Add API for Variables (#29520)
close #27801

---------

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 62b073e6f31645e446c7e8d6b5a506f61b47924e)

Conflicts:
	- modules/util/util.go
          Trivial resolution, only picking the newly introduced function
	- routers/api/v1/swagger/options.go
          Trivial resolution. We don't have UserBadges, don't pick that part.
	- templates/swagger/v1_json.tmpl
          Regenerated.
2024-04-07 10:57:53 +02:00
Gusted
a3f1249f0a
[BUG] Fix unblock action
- At some point the unblock button was transformed into being handled by
Javascript, however the endpoint didn't yet respond in JSON.
- Ref: https://codeberg.org/kita/.profile/raw/branch/main/img/G94IqS9.png
2024-04-06 20:57:51 +02:00