This is an alternate take on https://codeberg.org/forgejo/forgejo/pulls/8808 which allows Actions tokens to access other repos which are readable by by signed in users. In practise this means public repos belonging to public or limited owners.
This PR is split into two commits to aid review of the security-sensitive changes I've made:
* The first commit is a refactor _which is not intended to change behaviour_. It extracts the permission logic for Actions tokens from the githttp handler and moves it to `repo_permission.go` alongside the permission logic for regular users. The new function, `GetActionRepoPermission` returns a `Permission` object just like `GetUserRepoPermission`. Only code unit access is currently allowed in the interest of keeping this commit from changing any access logic.
* The second commit is the broadening of access: this commit changes the logic in `GetActionRepoPermission` to give actions tokens access to repos readable by signed in users.
cc @earl-warren
ref https://codeberg.org/forgejo/forgejo/issues/5877
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Bug fixes
- [PR](https://codeberg.org/forgejo/forgejo/pulls/8889): <!--number 8889 --><!--line 0 --><!--description YWxsb3cgQWN0aW9ucyB0b2tlbnMgdG8gYWNjZXNzIHJlcG9zIHJlYWRhYmxlIGJ5IHNpZ25lZCBpbiB1c2Vycw==-->allow Actions tokens to access repos readable by signed in users<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8889
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Hailey Somerville <hailey@hails.org>
Co-committed-by: Hailey Somerville <hailey@hails.org>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency versions.
---
### Configuration
📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS42MS4wIiwidXBkYXRlZEluVmVyIjoiNDEuNjEuMCIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8927
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
This PR adds HTTP/2 Cleartext (H2C) support for the HTTP server, this allows for reverse proxies to use HTTP/2 instead.
## Test
1. Start Forgejo.
2. Run `curl --http2-prior-knowledge http://localhost:3000`.
3. Observe it doesn't return a error.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8861
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: sim <git@sgougeon.fr>
Co-committed-by: sim <git@sgougeon.fr>
Fixes#8893 by using a 30 second initialization timeout on the minio storage.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8897
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
Use `!` instead of `#` for references in the sidebar of pull requests. This is useful when the repository uses a external issue tracker to avoid it being redirected to the external issue tracker.
Resolvesforgejo/forgejo#8713
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8890
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: jank1619 <jank1619@noreply.codeberg.org>
Co-committed-by: jank1619 <jank1619@noreply.codeberg.org>
In the event a comment starts with a fenced code block, don't display a blank block (or a mermaid error) in the activity feed. Instead, do not display an abbreviated comment text at all, and just display the issue/PR title.
Handles one more case identified in #8781, posted by @skedastically in https://codeberg.org/forgejo/forgejo/issues/8781#issuecomment-6274957.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8896
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [https://data.forgejo.org/actions/setup-forgejo](https://code.forgejo.org/actions/setup-forgejo) | action | patch | `v3.0.1` -> `v3.0.2` |
---
### Release Notes
<details>
<summary>actions/setup-forgejo (https://data.forgejo.org/actions/setup-forgejo)</summary>
### [`v3.0.2`](https://code.forgejo.org/actions/setup-forgejo/compare/v3.0.1...v3.0.2)
[Compare Source](https://code.forgejo.org/actions/setup-forgejo/compare/v3.0.1...v3.0.2)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS42MS4wIiwidXBkYXRlZEluVmVyIjoiNDEuNjEuMCIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8902
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
resolves#8549
This PR add a config to enforce 2FA for the whole Forgejo instance. It can be configured to `none`, `admin` or `all`.
A user who is required to enable 2FA is like a disabled user. He can only see the `/user/settings/security`-Page to enable 2FA, this should be similar to a user which needs to change his password. Also api and git-commands are not allowed.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.
I will do it, if the general idea of this PR is a good feature.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Security features
- [PR](https://codeberg.org/forgejo/forgejo/pulls/8753): <!--number 8753 --><!--line 0 --><!--description R2xvYmFsIDJGQSBlbmZvcmNlbWVudA==-->Global 2FA enforcement<!--description-->
<!--end release-notes-assistant-->
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8753
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Ellen Εμιλία Άννα Zscheile <fogti@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: zokki <zokki.softwareschmiede@gmail.com>
Co-committed-by: zokki <zokki.softwareschmiede@gmail.com>
Also fix the existing instructions that were missing a `-e` flag.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8895
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
The repository contributors graph received the stats for each author for each week, these weeks are stored as unix milis values, `Object.entries` converted these values to strings and `sort()` would thus sort them as strings - this worked without a problem for most repository.
If a repository has commits from before 'Sun Sep 9 03:46:40 AM CEST 2001', it meant that the weeks when those commits were made would be sorted towards the end because "1000000000" > "999999999" (when compared as strings) and would thus be silently cut from the data. This edge-case was seen by the curl repository (https://mastodon.social/@bagder/115018271785548165)
Sort them as numbers to avoid this problem, it being stored as strings is otherwise not a problem.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8882
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
The status of two jobs by the same name shadow each other, they need to be distinct. If two jobs by the same name are found, they are made distinct by adding a `-<occurence number>` suffix.
Resolvesforgejo/forgejo#8648
For a given workflow, `jobparser.Parse` will generate one "single" (as opposed to a workflow that can be interpreted to generate multiple jobs) workflow for each job and then insert them (marshalled as yaml) in the database.
e3bfa5133f/models/actions/run.go (L237-L260)
The name associated with this single workflow is what the runner will receive and it is what will be used to associate the job status with a commit.
Resolvesforgejo/forgejo#8648
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
### Documentation
- [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Bug fixes
- [PR](https://codeberg.org/forgejo/forgejo/pulls/8864): <!--number 8864 --><!--line 0 --><!--description ZGUtZHVwbGljYXRlIEZvcmdlam8gQWN0aW9ucyBqb2IgbmFtZXMgd2hlbiBuZWVkZWQ=-->de-duplicate Forgejo Actions job names when needed<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8864
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
If a change is part of a force-push and the commit(s) have a CI status, this will now be shown after the hashes.
`interactiveBorder` has been lowered as it was possible to activate the hover state for both commits. It would be unreasonable to test this within Playwright and thus this needs to be manually tested. On a pull request page that contains a force-push you will notice:
a) the (de)activation area for force-pushes is now smaller, and;
b) it is not possible to activate the hover state/popup for both commits.
ExecuteTemplate function from @gusted
https://codeberg.org/forgejo/forgejo/pulls/5168https://codeberg.org/forgejo/forgejo/pulls/2884Close#4932
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8655
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Squel <squeljur+git@gmail.com>
Co-committed-by: Squel <squeljur+git@gmail.com>
Redirection from issue to pull is already working, but from pull to issue is not working. This is now fixed.
Resolvesforgejo/forgejo#7386
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8874
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: zokki <zokki.softwareschmiede@gmail.com>
Co-committed-by: zokki <zokki.softwareschmiede@gmail.com>
When running relative-time tests on my local system, the tests fail.
I've verified this failure does occur when the local system time is configured to use these timezones:
- America/Edmonton
- America/Boise
- America/Goose Bay
But the tests pass if the local system time is in these timezones:
- America/Phoenix (has no DST)
- Europe/Berlin (different DST rules)
"7 months ago" (the existing test case output) is accurate considering the offsets used in the test, but internally dayjs calculates it to be 7.99 months when the system TZ is in the "success" TZs, and 8.0001 months in the "failure" TZs.
I believe the source of the difference is that...
- dayjs takes timestamps with offsets, applies the offset, and then treats them as local times...
- Summer Time ended on Oct 27 (the "now" date under test) in Europe, but did not end until November 3rd in the US/Canada...
- In Europe there would have been one hour less between those local timestamps than there would be in US/Canada.
My proposed fix is to perform the diff calculations after converting the timestamps to UTC values. This provides consistent successful output regardless of the local system TZ.
As the tests are sensitive to system timezone, I've modified the CI build to run the frontend tests twice with two different TZ environment variables. This is a pretty coarse way to exercise the problem and I'm open to improvements.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8858
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
Disable the 'clear milestone' button in the issue sidebar when no milestone is set and update this state after a milestone is set or cleared.
Fixes#7949
Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8266
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: iamyaash <iamyaash@outlook.com>
Co-committed-by: iamyaash <iamyaash@outlook.com>
Add support for migrating Pagure repositories (including metadata) to Forgejo via the migration tool.
One 'discrepancy' with migration from other forges is how privates issues are handled, they are migrated when a API token is set for the migration, in that case users are advised to set their repositories visibility to private to avoid leaking such private issues.
Co-authored-by: Akashdeep Dhar <akashdeep.dhar@gmail.com>
Co-authored-by: Ryan Lerch <rlerch@redhat.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8513
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-committed-by: Akashdeep Dhar <akashdeep.dhar@gmail.com>
This is a follow-up to a13414341b.
There are two situations where the previous verification command could
fail:
* The user has an SSH key in a normal file, but no running SSH agent.
* The user uses a special SSH agent, but it's not specified via the
SSH_AUTH_SOCK variable.
To fix that, we provide two separate commands to copy-paste. One
for file-based keys and one for agent-based keys. People using
file-based keys with a path other than the standard `~/.ssh/id_ed25519`
should notice themselves what to change. People using an SSH agent
get a little hint to make sure the SSH_AUTH_SOCK variable is set.
See also:
https://codeberg.org/Codeberg/Community/issues/2066
(no test or documentation changes)
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
## Testing
* `pr=8821 ; git fetch forgejo +refs/pull/$pr/head:refs/heads/wip-pr-$pr`
* `git checkout wip-pr-$pr`
* `make TAGS='sqlite sqlite_unlock_notify' watch`
* login
* visit /user/settings/keys and add an ssh key
* click verify
* see a CLI sample is displayed
* run the command matching your setup (file-based SSH key or agent-provided one), copy paste the output and submit it
* check that the verification is successful
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8821
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Remo Senekowitsch <remo@buenzli.dev>
Co-committed-by: Remo Senekowitsch <remo@buenzli.dev>
Discovered that `NotifyPullRevieweDismiss` was dead code while working on another issue; it should have been `PullReviewDismiss` when originally implemented. Related fixes to the activity feed view which were incomplete as well.
Dismissing a PR review now appears on the activity feed:
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [ ] in their respective `*_test.go` for unit tests.
- [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8853
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
Currently long-form comments in the activity feed are truncated in three different ways...
- Comment on issue/PR: to 200 characters, with an ellipsis, potentially splitting the middle of multi-line markdown blocks
- PR review: first line of text in the review comment
- PR review dismissed: no truncation on comment text...
- Although this feed entry doesn't work currently (#8853) and the UI doesn't really lend itself to long comments anyway.
For the sake of consistency, and to fix#8781, this PR fixes the implementation so that all truncation occurs by grabbing the first line of text and then truncating it to 200 characters if necessary.
This fixes#8781 by not ever truncating in the middle of a markdown *block*; it's still possible to trigger some unexpected behavior such as:
- Truncate in the middle of markdown structures like a link, causing raw markdown to render in the feed
- Provide an image embed on the first line of a comment, causing an image to appear in the feed; if it's a large image it could disrupt browsing a nice brief activity feed
But these behaviors seem acceptable edge cases until they're identified to cause any significant user impact.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Bug fixes
- [PR](https://codeberg.org/forgejo/forgejo/pulls/8854): <!--number 8854 --><!--line 0 --><!--description c3RhbmRhcmRpemUgdHJ1bmNhdGlvbiBvZiB1c2VyLWVudGVyZWQgY29tbWVudCB0ZXh0IGluIGFjdGl2aXR5IGZlZWQ=-->standardize truncation of user-entered comment text in activity feed<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8854
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
Resolvesforgejo/forgejo#6039
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Bug fixes
- [PR](https://codeberg.org/forgejo/forgejo/pulls/8850): <!--number 8850 --><!--line 0 --><!--description YWxsb3cgRm9yZ2VqbyBBY3Rpb25zIGVudmlyb25tZW50IHZhcmlhYmxlcyBzdGFydGluZyB3aXRoIENJ-->allow Forgejo Actions environment variables starting with CI<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8850
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
- It was possible for Forgejo adminstrators to configure the logger to log the goroutine PID that made the `Log` call.
- The need for the goroutine PID to be logged is that it might give insight which request or otherwise process made the log call by correlating the PID with other logs. However even for a single request I cannot make correlations between the goroutine PIDs and it seems that this particular need cannot be fulfilled by the current implementation.
- The gathering of this PID is discouraged, https://go.dev/doc/faq#no_goroutine_id, and the current implementation is a hack and can break in future Go releases; it has broken before in 61e21d7ded.
- If the need arise, we instead should make the logger implementation context aware and use a PID that's associated with the context, which is guarantees to be consistent (this is also the more idiomatic way to achieve this functionality).
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Other changes without a feature or bug label
- [PR](https://codeberg.org/forgejo/forgejo/pulls/8851): <!--number 8851 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSBnb3JvdXRpbmUgUElEIGxvZ2dpbmc=-->chore: remove goroutine PID logging<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8851
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
Prevents a variety of user-entered texts that can contain `|` characters from being truncated in the activity feed, affecting: issue & PR titles, comment content, review comments, and review dismissal comments.
Where `action.content` was containing a pipe-separated list of UI data fields before, it now uses a JSON-encoded string array. The old format is still supported for reading from the feed. In some places where `action.content` was not using this format, or where user-generated text was not inserted, the old format is retained.
Fixes part of the cause behind #8781, allowing small mermaid graphs to be rendered in the feed (for now...) --
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8844
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
- The "Git hooks of this repository seem to be broken" error is currently shown if for whatever reason the database doesn't agree with Git on what the commitID for a branch is. This can happen for a variety of reasons, but usually is just a transient error.
- Saying that the git hooks of the repository "looks broken" is very likely to be correct in some contexts, but I have not yet seen that case and in those cases; other stuff would also be broken and would indicate that Forgejo is not functioning correctly.
- Replace this warning with a more helpful message that contains a easy fix that works in the cases where it was a transient error - push another commit (so the git hooks get run again). If the warning persists contact the instance admins and they will figure out the git hooks are broken or contact Forgejo about this problem.
- Moreover removes a link to Gitea documentation.
- A potential improvement (if people will run into this problem, and we then know what they ran into), we could show a specific warning to instance admins that contains troubleshooting steps or point to our own documentation.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8820
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
Should fix failures like: https://codeberg.org/forgejo/forgejo/actions/runs/94872/jobs/9
### Documentation
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [x] I do not want this change to show in the release notes.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8847
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
Fixes#8529, supersedes #8597
Reverts the workaround of #8541 (while keeping the test) and ignore Close error (like #8527 did).
https://github.com/minio/minio-go/pull/2137 makes the test pass without the `io.NopCloser`:
```
docker run --rm -e MINIO_DOMAIN=minio -e MINIO_ROOT_USER=123456 -e MINIO_ROOT_PASSWORD=12345678 -p 9000:9000 data.forgejo.org/oci/bitnami/minio:2024.8.17
```
```
TEST_MINIO_ENDPOINT=localhost:9000 go test -v -run ^TestMinioStorageIterator$ ./modules/storage
```
Wrapping the `io.Reader` in an `io.NopCloser` also hides all other methods (like `WriteTo` or `Seek`), so is not ideal.
As a further "line of defense", the Close error is ignored (if saveAsPackageBlob was succesful, we don't really care if Close fails).
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8816
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
- Show the `created_unix` timestamp as relative time for each non-external release attachment.
- The details section of the release attachment can become quite long in width, for smaller screens it's now shown as columns.
- Integration test added.
Close#7600
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8757
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Squel <squeljur+git@gmail.com>
Co-committed-by: Squel <squeljur+git@gmail.com>
All instances should have a `data-modal-id` now. Throw a user-friendly error if this is not the case (custom templates, or missed cases).
Checked via `rg -P -e '^(?=.*delete-button)' | grep -v "data-modal-id"`
Removed two instances of delete modals and one case of simplified logic.
## Rationale
I am currently surveying the existing modals in Forgejo in the context of eventually replacing the modals implementation with our own modal implementation. This refactor fixes one of the many inconsistencies that the current usage of modals has. It should explicitly specify which modal should be used to avoids any problems if new modals are introduced on the page (for example via https://codeberg.org/forgejo/forgejo/pulls/8662).
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8711
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
MariaDB supports "INSERT ... RETURNING ..." since 10.5.0, so this patch makes `mysqlGetNextResourceIndex` use that, provided the query is run on MariaDB of a sufficient version. If it's not supported it proceeds as it always did.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8691
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: BtbN <btbn@btbn.de>
Co-committed-by: BtbN <btbn@btbn.de>
