- When the issue unit is disabled for a repository, don't allow issue related APIs.
- Added integration tests.
- Resolves#8408
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8829
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: zokki <zokki.softwareschmiede@gmail.com>
Co-committed-by: zokki <zokki.softwareschmiede@gmail.com>
- The creation of new API tokens for users via the API is guarded behind
a extra check. This extra makes sure the user is authorized via the
reverse proxy method (if enabled) or via basic authorization.
- For, what seems to me, historical reasons the basic authorization also
handles logging in via the API token.
- This results in a API token (with `write:user` scope) or OAuth2 token
being able to create a new API token with escalated privileges.
- Add a new condition to this check to ensure the user logged in via
password.
- Change error to better indicate what went wrong.
Do not allow credentials to be present in the URLs that are provided for
migrations and push mirrors. They have to be given via the dedicated
input fields. Give a error when this happens.
There's nothing wrong with trying have the backend "correct" this, but
would be a larger patch than necessary in the context of a security fix.
This can be done in public.
On GitHub, `DELETE /repos/{owner}/{repo}/issues/{index}/labels/{id}` takes the label name, not id:
https://docs.github.com/en/rest/issues/labels?apiVersion=2022-11-28#remove-a-label-from-an-issue
This breaks workflows and actions that interact with labels and delete them.
It also makes the API quite difficult to use, always having to query the ID first before deleting a label from an issue, potentially with two API calls, because it could be a repo or org label.
For backwards compatibility, if no label with the given name is found, and the name converts to an int without error, it'll still be looked up by ID.
The API on GitHub also does not return 204, but 200, with the label it just removed from the issue as content. So this is returned when `application/vnd.github+json` is set in the `Accept` request header.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8831
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: BtbN <btbn@btbn.de>
Co-committed-by: BtbN <btbn@btbn.de>
This PR is part of #4767. It contains
* a refactoring of validation error messages
* adds the ability to send user-activities to distant federated servers
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8792
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
This PR is part of #4767. It
1. adds the ability to follow a local person from a distant federation server (see tests/integration/api_activitypub_person_inbox_follow_test.go)
2. streamlines the router code (refactor the person conversion & handling of inbox requests in service direction, unifies service call signature & error handling)
3. introduces queues for decoupling outgoing communication (delivery retry to cope network issues or distant service downtimes) and
4. adds minor fixes to integration tests (test timeout & invalid inbox activities)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8720
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Speaking from personal experience, when exploring the API I find myself trying to parse the exact meaning of many descriptions for a while, and I also have to get used to many different kinds of inconsistencies and grammar issues.
This PR improves a few of these. Some I tried to reword to make them easier to understand, for others I just improved consistency a little, like capitalization. This area needs more work, this PR just makes some progress. Anything that is improved in this one can be improved further in later PRs, so in review please focus on regressions if you find any.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8728
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
This reverts commit e271c24100.
It was an experiment to verify that adding a delay to the test make a difference. But it does not so... reverting.
@jerger before engaging in a refactor, it is necessary to get to the bottom of this:
- Find the root cause of those failures
- Fix it in a minimal way
Refs https://codeberg.org/forgejo/forgejo/pulls/8274#issuecomment-5987215
---
- https://codeberg.org/forgejo/forgejo/actions/runs/92182/jobs/9
- https://codeberg.org/forgejo/forgejo/actions/runs/92182/jobs/10
```
--- FAIL: TestFederationHttpSigValidation (11.34s)
testlogger.go:411: 2025/07/28 00:23:46 ...les/storage/local.go:33:NewLocalStorage() [I] Creating new Local Storage at /workspace/forgejo/forgejo/tests/gitea-lfs-meta
testlogger.go:411: 2025/07/28 00:23:52 ...ypub/reqsignature.go:76:func1() [W] verifyHttpSignatures failed: neither "Signature" nor "Authorization" have signature parameters
testlogger.go:411: 2025/07/28 00:23:52 ...eb/routing/logger.go:102:func1() [I] router: completed GET http://127.0.0.1:3002/api/v1/activitypub/user-id/2 for test-mock:12345, 400 Bad Request in 5.3ms @ activitypub/reqsignature.go:74(activitypub.ReqHTTPUserOrInstanceSignature)
testlogger.go:411: 2025/07/28 00:23:52 ...ces/auth/httpsign.go:70:Verify() [W] Failed authentication attempt from 127.0.0.1:43244
testlogger.go:411: 2025/07/28 00:23:55 ...eb/routing/logger.go:68:func1() [W] router: slow GET /api/v1/activitypub/user-id/2 for 127.0.0.1:43244, elapsed 3684.7ms @ activitypub/reqsignature.go:74(activitypub.ReqHTTPUserOrInstanceSignature)
--- FAIL: TestFederationHttpSigValidation/SignedRequest (5.01s)
api_federation_httpsig_test.go:50:
Error Trace: /workspace/forgejo/forgejo/tests/integration/api_federation_httpsig_test.go:50
Error: Received unexpected error:
Get "http://127.0.0.1:3002/api/v1/activitypub/user-id/2": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
Test: TestFederationHttpSigValidation/SignedRequest
--- FAIL: TestFederationHttpSigValidation/ValidateCaches (0.00s)
api_federation_httpsig_test.go:64:
Error Trace: /workspace/forgejo/forgejo/tests/integration/api_federation_httpsig_test.go:64
Error: Expected value not to be nil.
Test: TestFederationHttpSigValidation/ValidateCaches
test_utils.go:247: PrepareTestEnv:Process "GET: /api/v1/activitypub/user-id/2" cancelled
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x4cc464a]
```
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8705
Reviewed-by: jerger <jerger@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
- If the doer isn't a issue/pull writer, return a error.
- Fixes a panic (NPE), because the callers of `prepareForReplaceOrAdd` simply checked if there was a error returned to see if the user was allowed. It didn't check if a statuscode was written. This is specifically a issue when the automatic token by Forgejo actions is used.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8690
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
Introduces a new sort parameter to the `/users/search` API endpoint, similar to the one that already exists for the `/admin/users` endpoint.
Resolves#8499
Co-authored-by: DebuggerAndrzej <redpandaworkstation@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8594
Reviewed-by: Lucas <sclu1034@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: DebuggerAndrzej <debuggerandrzej@noreply.codeberg.org>
Co-committed-by: DebuggerAndrzej <debuggerandrzej@noreply.codeberg.org>
This reverts commit b2a3966e64.
weblate etc. are using this method and need to be updated before the change is enforced.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8633
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
Reimplement the submodules parser to not depend on the go-git dependency.
See #8222 for the full refactor context.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8438
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
Adds the ability to selectively choose which branches are pushed to a mirror.
This change adds an additional text box on the repository settings for each push mirror. Existing behavior is preserved when the field is left blank.
When the repository is being pushed, only branches matching the comma separated branch filter are pushed.
Resolvesforgejo/forgejo#7242
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7823
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Paul Campbell <pcampbell@kemitix.net>
Co-committed-by: Paul Campbell <pcampbell@kemitix.net>
The current {workflowname} in the API endpoint
/repos/{owner}/{repo}/actions/workflows/{workflowname}/dispatches
is misleading because it does not refer to the name of the workflow but to the filename in which the workflow is defined. Change to
/repos/{owner}/{repo}/actions/workflows/{workflowfilename}/dispatches
---
There is no need for testing because it is a documentation change.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8481
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
Closes#8119, follow-up of #8234#8234 "only" fixed the case when a new wiki setting was applied.
However it lacked 2 aspects:
- fixing the already corrupted unit permission in the database (required a migration)
- fixing the API route
Both aspects should now be covered.
Additionally, I commented out the unused `UnitAccessMode` and indicated that they are only used for the wiki-unit (hopefully saving some time to future code-readers).
### Testing
- go to a commit before #8234 (e.g. 285f66b782)
- create 3 repositories
- save the wiki settings of the second, without any change
- set the wiki of the third to be globally writable
- verify the `default_permissions` column in the database, of the unit `5`: 0, 2, 3
- stop Forgejo, switch to this PR and start Forgejo
- verify that the logs writes `Migration[35]: Fix wiki unit default permission`
- verify the `default_permissions` column in the database, of the unit `5`: 0, 0, 3
Before:
After:
- [x] I did not document these changes and I do not expect someone else to do it.
- [x] I do not want this change to show in the release notes.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8258
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
- Instead of invoking a new git command to check if a reference exists, use the already opened git repository that uses a batch check to check if the reference exists.
- Instead of invoking a new git command to check if a branch exists, use the already opened git repository that uses a batch check to check if the branch exists.
- Do not depend on `IsReferenceExist` as its no longer used by any other function.
- Specify `--quiet` to not waste Git's time on printing something we do not use.
- Run it via `Run` so no buffers are created for stdout and stderr.
- Add a test that verifies `IsBranchExist` works and does not work for other types of references.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8425
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
This PR is part of https://codeberg.org/forgejo/forgejo/pulls/4767
It improves the signature handling:
1. move logic to a service (might be used from other services as well)
2. make a clear difference between ` ReqHTTPUserSignature` and `ReqHTTPUserOrInstanceSignature`
3. improve test ability (activitypub/client & distant_federation_server_mock
Adjust instance actor
1. name &
2. webfinger
## Strategy for next PRs is
Integration tests are in the driving seat.
I will step by step add integration tests form original PR and add code required by the integration test changes.
## Meta
Proposal howto process large PRs can be discussed here: https://codeberg.org/forgejo-contrib/federation/pulls/37
Current state with rendered diagrams can be found here: https://codeberg.org/meissa/federation/src/branch/merge-large-pr/doc/merge-large-pr.md
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8275
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
It is best to prefix the reference to resolve any ambiguity once it
has been determined that it is a branch or a tag.
It was done in forgejo/forgejo#5991 for the base reference but not for
the head reference.
Refs forgejo/forgejo#5991
Since go-git was dropped in a21128a734,
IsBranchExist relies on git-cat-file to figure out if a commit ID
exists.
There is no need to fallback to GetCommit if IsBranchExist determines
the commit does not exist and it will come to the same conclusion.
- fix: API must use headGitRepo instead of ctx.Repo.GitRepo for comparing
- fix: make API /repos/{owner}/{repo}/compare/{basehead} work with forks
- add test coverage for both fixes and the underlying function `parseCompareInfo`
- refactor and improve part of the helpers from `tests/integration/api_helper_for_declarative_test.go`
- remove a few wrong or misleading comments
Refs forgejo/forgejo#7978
## Note on the focus of the PR
It was initially created to address a regression introduced in v12. But the tests that verify it is fixed discovered a v11.0 bug. They cannot conveniently be separated because they both relate to the same area of code that was previously not covered by any test.
## Note on v11.0 backport
It must be manually done by cherry-picking all commits up to and not including `fix: API must use headGitRepo instead of ctx.Repo.GitRepo for comparing` because it is v12 specific.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
### Documentation
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [x] I do not want this change to show in the release notes.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8326
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
See #8222 for context.i
`GetBlobContentBase64` was using a pipe and a goroutine to read the blob content as base64. This can be replace by a pre-allocated buffer and a direct copy.
Note that although similar to `GetBlobContent`, it does not truncate the content if the blob size is over the limit (but returns an error). I think that `GetBlobContent` should adopt the same behavior at some point (error instead of truncating).
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [x] I do not want this change to show in the release notes.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8297
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
Two pull requests were merged at the same time
- https://codeberg.org/forgejo/forgejo/pulls/7699
- https://codeberg.org/forgejo/forgejo/pulls/7508
And added conflicting structs ActionRun modules/structs. That broke
the forgejo development branch and a quick fix was made to resolve
the name conflict.
- https://codeberg.org/forgejo/forgejo/pulls/8066
However that creates an undesirable duplication of two structures that
serve the same purpose but are different.
- Remove RepoActionRun and replace it with ActionRun
- convert.ToActionRun has one more argument, the doer, because it
is determined differently in the context of webhooks or API
### Tests
- No need because the two pull requests involved already have good coverage.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8250
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: klausfyhn <klausfyhn@noreply.codeberg.org>
Reviewed-by: Christopher Besch <mail@chris-besch.com>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
## Checklist
- [x] go to the last cherry-pick PR (forgejo/forgejo#7965) to figure out how far it went: [gitea@9d4ebc1f2c](9d4ebc1f2c)
- [x] cherry-pick and open PR (forgejo/forgejo#8040)
- [ ] have the PR pass the CI
- end-to-end (specially important if there are actions related changes)
- [ ] add `run-end-to-end` label
- [ ] check the result
- [ ] write release notes
- [ ] assign reviewers
- [ ] 48h later, last call
- merge 1 hour after the last call
## Legend
- ❓ - No decision about the commit has been made.
- 🍒 - The commit has been cherry picked.
- ⏩ - The commit has been skipped.
- 💡 - The commit has been skipped, but should be ported to Forgejo.
- ✍️ - The commit has been skipped, and a port to Forgejo already exists.
## Commits
- 🍒 [`gitea`](50d9565088) -> [`forgejo`](c3e6eab732) Add sort option recentclose for issues and pulls ([gitea#34525](https://github.com/go-gitea/gitea/pull/34525))
## TODO
- 💡 [`gitea`](d5bbaee64e) Retain issue sort type when a keyword search is introduced ([gitea#34559](https://github.com/go-gitea/gitea/pull/34559))
UI: Small bat might be nice. Test needed? Do we've frontend tests covering the search?
------
- 💡 [`gitea`](82ea2387e4) Always use an empty line to separate the commit message and trailer ([gitea#34512](https://github.com/go-gitea/gitea/pull/34512))
Needs merge
------
- 💡 [`gitea`](74858dc5ae) Fix line-button issue after file selection in file tree ([gitea#34574](https://github.com/go-gitea/gitea/pull/34574))
Frontend: Makes it sense to pick/port ui logic in *.ts files?
------
- 💡 [`gitea`](7149c9c55d) Fix doctor deleting orphaned issues attachments ([gitea#34142](https://github.com/go-gitea/gitea/pull/34142))
Doctor: seems useful.
------
- 💡 [`gitea`](0cec4b84e2) Fix actions skipped commit status indicator ([gitea#34507](https://github.com/go-gitea/gitea/pull/34507))
Actions: Might benefit from additional tests.
------
- 💡 [`gitea`](4cb0c641ce) Add "View workflow file" to Actions list page ([gitea#34538](https://github.com/go-gitea/gitea/pull/34538))
Actions: Needs tests
------
- 💡 [`gitea`](b0936f4f41) Do not mutate incoming options to RenderUserSearch and SearchUsers ([gitea#34544](https://github.com/go-gitea/gitea/pull/34544))
Nice refactoring but needs manual merge.
------
- 💡 [`gitea`](498088c053) Add webhook assigning test and fix possible bug ([gitea#34420](https://github.com/go-gitea/gitea/pull/34420))
Integrationtest has conflicts needs merge.
------
- 💡 [`gitea`](24a51059d7) Fix possible nil description of pull request when migrating from CodeCommit ([gitea#34541](https://github.com/go-gitea/gitea/pull/34541))
Is this relevant to forgejo? Did not find the place to apply this small change.
------
- 💡 [`gitea`](688da55f54) Split GetLatestCommitStatus as two functions ([gitea#34535](https://github.com/go-gitea/gitea/pull/34535))
Merge required.
------
- 💡 [`gitea`](ab9691291d) Don't display error log when .git-blame-ignore-revs doesn't exist ([gitea#34457](https://github.com/go-gitea/gitea/pull/34457))
Unsure wheter this affects forgejo. Tests missing.
------
- 💡 [`gitea`](11ee7ff3bf) fix: return 201 Created for CreateVariable API responses ([gitea#34517](https://github.com/go-gitea/gitea/pull/34517))
Actions: This is marked as breaking the api. Pls think about whether this breaking change iss needed & how this impact api-version-increase.
The corresponding clinet change can be found here: https://gitea.com/gitea/go-sdk/pulls/713/files
------
- 💡 [`gitea`](9b295e984a) Actions list ([gitea#34530](https://github.com/go-gitea/gitea/pull/34530))
Actions: Regression from https://github.com/go-gitea/gitea/pull/34337 Part of https://codeberg.org/forgejo/forgejo/pulls/7909
------
## Skipped
- ⏩ [`gitea`](bb6377d080) [skip ci] Updated translations via Crowdin
------
- ⏩ [`gitea`](07d802a815) [skip ci] Updated translations via Crowdin
------
- ⏩ [`gitea`](c6e2093f42) Clean up "file-view" related styles ([gitea#34558](https://github.com/go-gitea/gitea/pull/34558))
- gitea ui specific specific
------
- ⏩ [`gitea`](9f10885b21) Refactor commit reader ([gitea#34542](https://github.com/go-gitea/gitea/pull/34542))
- gitea refactor specific
------
<details>
<summary><h2>Stats</h2></summary>
<br>
Between [`gitea@9d4ebc1f2c`](9d4ebc1f2c) and [`gitea@d5bbaee64e`](d5bbaee64e), **18** commits have been reviewed. We picked **1**, skipped **4**, and decided to port **13**.
</details>
Co-authored-by: Markus Amshove <scm@amshove.org>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8040
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
* convert updateRepoUnits to not rely on ctx to retrieve the repo
* Add integration test
* do not activate releases if `wiki: true`. This is unexpected and there is no evidence it is necessary.
Refs https://codeberg.org/forgejo/forgejo/issues/8082
---
The test is minimal for the sake of backporting. It is verified to reproduce the bug if the fix is not present.
```sh
$ make TAGS='sqlite sqlite_unlock_notify' 'test-sqlite#TestAPIRepoMigrate'
...
=== TestAPIRepoMigrate (tests/integration/api_repo_test.go:388)
--- FAIL: TestAPIRepoMigrate (1.12s)
testlogger.go:411: 2025/06/11 17:38:22 ...les/storage/local.go:33:NewLocalStorage() [I] Creating new Local Storage at /home/earl-warren/software/forgejo/tests/gitea-lfs-meta
testlogger.go:411: 2025/06/11 17:38:22 ...eb/routing/logger.go:102:func1() [I] router: completed GET /user/login for test-mock:12345, 200 OK in 2.1ms @ auth/auth.go:145(auth.SignIn)
testlogger.go:411: 2025/06/11 17:38:22 ...eb/routing/logger.go:102:func1() [I] router: completed POST /user/login for test-mock:12345, 303 See Other in 2.1ms @ auth/auth.go:179(auth.SignInPost)
testlogger.go:411: 2025/06/11 17:38:22 ...eb/routing/logger.go:102:func1() [I] router: completed GET /user/settings/applications for test-mock:12345, 200 OK in 3.8ms @ setting/applications.go:25(setting.Applications)
testlogger.go:411: 2025/06/11 17:38:22 ...eb/routing/logger.go:102:func1() [I] router: completed POST /user/settings/applications for test-mock:12345, 303 See Other in 5.1ms @ setting/applications.go:35(setting.ApplicationsPost)
testlogger.go:411: 2025/06/11 17:38:22 ...eb/routing/logger.go:102:func1() [I] router: completed GET /user/settings/applications for test-mock:12345, 200 OK in 2.9ms @ setting/applications.go:25(setting.Applications)
testlogger.go:411: 2025/06/11 17:38:23 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/v1/repos/migrate for test-mock:12345, 0 in 992.0ms @ repo/migrate.go:38(repo.Migrate)
api_repo_test.go:400:
Error Trace: /home/earl-warren/software/forgejo/tests/integration/api_repo_test.go:400
Error: Not equal:
expected: 201
actual : 200
Test: TestAPIRepoMigrate
api_repo_test.go:402:
Error Trace: /home/earl-warren/software/forgejo/tests/integration/integration_test.go:649
/home/earl-warren/software/forgejo/tests/integration/api_repo_test.go:402
Error: Received unexpected error:
EOF
Test: TestAPIRepoMigrate
```
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [ ] in their respective `*_test.go` for unit tests.
- [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Bug fixes
- [PR](https://codeberg.org/forgejo/forgejo/pulls/8155): <!--number 8155 --><!--line 0 --><!--description ZG8gbm90IGZhaWwgd2hlbiByZWxlYXNlIG9yIHdpa2kgaXMgc2V0IGluIGAvcmVwb3MvbWlncmF0ZWAgQVBJ-->do not fail when release or wiki is set in `/repos/migrate` API<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8155
Reviewed-by: Lucas <sclu1034@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
Currently the `POST /repos/{owner}/{repo}/contents` API endpoint accepts request without any `ChangeFileOperation.SHA`, unlike stated by the doc:
33eee199cf/modules/structs/repo_file.go (L80-L81)
This PR adds:
- some more (already passing) tests around this function
- a new (failing) test to show this wrong behavior
- a fix (note that this is a breaking change for clients exploiting this bug)
- an update for all the existing tests
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Breaking bug fixes
- [PR](https://codeberg.org/forgejo/forgejo/pulls/8139): <!--number 8139 --><!--line 0 --><!--description QVBJOiBlbmZvcmNlIHNoYSByZXF1aXJlbWVudCBvbiBgUE9TVCAvcmVwb3Mve293bmVyfS97cmVwb30vY29udGVudHNg-->API: enforce sha requirement on `POST /repos/{owner}/{repo}/contents`<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8139
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
headIsTag := headGitRepo.IsCommitExist(baseBranch)
is wrong on two counts:
- it must be assigned to commitIsTag
- it must check headBranch and not baseBranch
this is not a bug but it certainly is confusing.
Also, the logic below
headBranchRef := headBranch
if headIsBranch {
headBranchRef = headBranch
} else if headIsTag {
headBranchRef = headBranch
}
can be simplified as:
headBranchRef := headBranch
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7978
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
- They have been marked as deprecated since 2023 and adequate warnings have been given about this method being deprecated, remove it for Forgejo v12.
- For clarity: the reason they are deprecated is that these methods allow authentication material to be given via a URL query. This results in the authentication material being logged, which is undesired behavior.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7924
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
The current email restrictions were put in place because of a security issue with sendmail (https://github.com/go-gitea/gitea/pull/17688). Remove this restriction and instead ensure that this security issue cannot happen with sendmail.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7829
Reviewed-by: Ellen Εμιλία Άννα Zscheile <fogti@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: famfo <famfo@famfo.xyz>
Co-committed-by: famfo <famfo@famfo.xyz>
The null means a server side bug prevents the pull request from being
retrieved.
Closes https://codeberg.org/forgejo/forgejo/issues/6571
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7762
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
- Only require tokens on package endpoints that modify packages, this being deletion of a package and (un)link of a package.
- Allows reading data via the API of otherwise public data
- Integration test added.
Some references to related past commits:
- de484e86bc Started requiring tokens for reading packages "mimicking the design of GitHub OAuth scopes".
- 18de83b2a3 Adjusted the scope further, but kept the GitHub design.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7716
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Squel <squeljur+git@gmail.com>
Co-committed-by: Squel <squeljur+git@gmail.com>
- Split `GetDiff` into two functions, `GetDiffSimple` and `GetDiffFull`. The former will do the bare minimum and really only get a Git diff while the latter does some extra stuff that's relevant for the frontend to show extra relevant.
- Use `GetDiffSimple` for API related calls, as they do not benefit nor are returning the extra information that `GetDiffFull` provides, this should show a measurable performance increase for API calls that returns commits and `/repos/{owner}/{repo}/pulls/{index}/files`.
- `GetDiffSimple` contains extra code comments about its interesting way to determine the before commit.
- Add unit tests to demonstrates that the logic for determining the before commit didn't change and the function still yields correct information.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7682
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
This is small bug fix to correct the API's response description.
Currently returns "Release is has no Tag"
I think would read better as "Release has no Tag"
I have not added a test as it's a trivial change, however it's possible that consumers might be looking for that particular string.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [ ] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [x] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7565
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: David Davies-Payne <d2p@me.com>
Co-committed-by: David Davies-Payne <d2p@me.com>
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7203
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: zam <mirco.zachmann@meissa.de>
Co-committed-by: zam <mirco.zachmann@meissa.de>
