Originally reported by jomo (https://jomo.tv). A malicious actor could
register with an email address containing a comment, for example
"attacker@evil (comment@broken)". This commit fixes this issue by only
operating on normalized email addresses.
Signed-off-by: famfo <famfo@famfo.xyz>
- When cloning with credentials is used, don't set the credentials in
the URL and pass that to Git, instead use Git credential helper to pass
the credential. This avoids the credentials to be leaked through the
process list.
This PR fixes the duplicate HTML ID issue (#8778) that can occur when rendering an issue page. An issue page contains multiple renderings of Markdown elements (the issue description and issue comments). When there is more than one Markdown rendering that uses footnotes we have an ID collision because the footnote ID count starts anew for each rendering.
This PR adds a `Metas["scope"]` entry to the `RenderContext` and sets it to "comment-{index}" when rendering Markdown for a comment. `Metas["scope"]` gets used as suffix during ID generation.
Fixes#8778.
## Additional Notes
- ID collision also happens if there are multiple header elements with the same ID. It does not seem to impact users because there are no links referencing headers. However, to err on the safe side, this PR also adds scope to the header IDs.
- `Metas["scope"]` might be useful for other Markdown renderings beside comments, e.g. multiple Markdown renderings are possible on Wiki pages.
- We apply `Metas["scope"]` as suffix instead of prefix because there are several places in the code that expect `user-content-` to be the ID's prefix.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [X] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [X] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8880
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: psii <psii@posteo.de>
Co-committed-by: psii <psii@posteo.de>
This PR contains the following updates:
| Package | Change | Age | Confidence |
|---|---|---|---|
| code.forgejo.org/forgejo/runner/v9 | `v9.0.3` -> `v9.1.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) |
---
### Configuration
📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS43Ni4wIiwidXBkYXRlZEluVmVyIjoiNDEuNzYuMCIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->
Co-authored-by: Earl Warren <contact@earl-warren.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8975
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
- gopkg.in/yaml.v3 is archived and unmaintained
- go.yaml.in/yaml/v3 is a compatible fork under the umbrella
of https://yaml.org/
### Tests
There is no need for more tests than already provided: it is like an upgrade to a minor version, only from a fork. I browsed the changes and there are some bug fixes. They all seem reasonably minimal. It is not one of those forks that went crazy with breaking changes 😁 And there is a non zero chance that [a bug that matters to Forgejo Actions](https://github.com/yaml/go-yaml/issues/76) is fixed there. It is rare and can wait but it did happen on Codeberg.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8956
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
This PR adds HTTP/2 Cleartext (H2C) support for the HTTP server, this allows for reverse proxies to use HTTP/2 instead.
## Test
1. Start Forgejo.
2. Run `curl --http2-prior-knowledge http://localhost:3000`.
3. Observe it doesn't return a error.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8861
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: sim <git@sgougeon.fr>
Co-committed-by: sim <git@sgougeon.fr>
Fixes#8893 by using a 30 second initialization timeout on the minio storage.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8897
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
resolves#8549
This PR add a config to enforce 2FA for the whole Forgejo instance. It can be configured to `none`, `admin` or `all`.
A user who is required to enable 2FA is like a disabled user. He can only see the `/user/settings/security`-Page to enable 2FA, this should be similar to a user which needs to change his password. Also api and git-commands are not allowed.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.
I will do it, if the general idea of this PR is a good feature.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Security features
- [PR](https://codeberg.org/forgejo/forgejo/pulls/8753): <!--number 8753 --><!--line 0 --><!--description R2xvYmFsIDJGQSBlbmZvcmNlbWVudA==-->Global 2FA enforcement<!--description-->
<!--end release-notes-assistant-->
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8753
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Ellen Εμιλία Άννα Zscheile <fogti@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: zokki <zokki.softwareschmiede@gmail.com>
Co-committed-by: zokki <zokki.softwareschmiede@gmail.com>
If a change is part of a force-push and the commit(s) have a CI status, this will now be shown after the hashes.
`interactiveBorder` has been lowered as it was possible to activate the hover state for both commits. It would be unreasonable to test this within Playwright and thus this needs to be manually tested. On a pull request page that contains a force-push you will notice:
a) the (de)activation area for force-pushes is now smaller, and;
b) it is not possible to activate the hover state/popup for both commits.
ExecuteTemplate function from @gusted
https://codeberg.org/forgejo/forgejo/pulls/5168https://codeberg.org/forgejo/forgejo/pulls/2884Close#4932
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8655
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Squel <squeljur+git@gmail.com>
Co-committed-by: Squel <squeljur+git@gmail.com>
Add support for migrating Pagure repositories (including metadata) to Forgejo via the migration tool.
One 'discrepancy' with migration from other forges is how privates issues are handled, they are migrated when a API token is set for the migration, in that case users are advised to set their repositories visibility to private to avoid leaking such private issues.
Co-authored-by: Akashdeep Dhar <akashdeep.dhar@gmail.com>
Co-authored-by: Ryan Lerch <rlerch@redhat.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8513
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-committed-by: Akashdeep Dhar <akashdeep.dhar@gmail.com>
- It was possible for Forgejo adminstrators to configure the logger to log the goroutine PID that made the `Log` call.
- The need for the goroutine PID to be logged is that it might give insight which request or otherwise process made the log call by correlating the PID with other logs. However even for a single request I cannot make correlations between the goroutine PIDs and it seems that this particular need cannot be fulfilled by the current implementation.
- The gathering of this PID is discouraged, https://go.dev/doc/faq#no_goroutine_id, and the current implementation is a hack and can break in future Go releases; it has broken before in 61e21d7ded.
- If the need arise, we instead should make the logger implementation context aware and use a PID that's associated with the context, which is guarantees to be consistent (this is also the more idiomatic way to achieve this functionality).
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Other changes without a feature or bug label
- [PR](https://codeberg.org/forgejo/forgejo/pulls/8851): <!--number 8851 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSBnb3JvdXRpbmUgUElEIGxvZ2dpbmc=-->chore: remove goroutine PID logging<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8851
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
- Using a map to store the CustomEmojis is unncessary, the values can be
derived by the key easily. We still need to know if a certain name is
custom emoji, so store the custom emojis in a `Set`.
- Instead of constructing a map in `window.config`, construct a `Set`
and reconstruct the value in `emoji.js`. This has the main benefit of
reducing the amount of text being sent for each request, which is quite
noticable if a Forgejo instance has many (>1000) custom emojis.
- Remove the default value of `CustomEmojisMap`, it will be constructed anyway.
Fixes#8529, supersedes #8597
Reverts the workaround of #8541 (while keeping the test) and ignore Close error (like #8527 did).
https://github.com/minio/minio-go/pull/2137 makes the test pass without the `io.NopCloser`:
```
docker run --rm -e MINIO_DOMAIN=minio -e MINIO_ROOT_USER=123456 -e MINIO_ROOT_PASSWORD=12345678 -p 9000:9000 data.forgejo.org/oci/bitnami/minio:2024.8.17
```
```
TEST_MINIO_ENDPOINT=localhost:9000 go test -v -run ^TestMinioStorageIterator$ ./modules/storage
```
Wrapping the `io.Reader` in an `io.NopCloser` also hides all other methods (like `WriteTo` or `Seek`), so is not ideal.
As a further "line of defense", the Close error is ignored (if saveAsPackageBlob was succesful, we don't really care if Close fails).
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8816
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
This PR is part of #4767. It contains
* a refactoring of validation error messages
* adds the ability to send user-activities to distant federated servers
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8792
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
- Instead of generating a patch and parsing its contents, use a faster and simple way to get it via `--shortstat`.
- Resolvesforgejo/forgejo#8725
- Regression of forgejo/forgejo#7682
- Adds unit test.
- Adds integration test.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8756
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
- [x] rename logger settings: `logger.<name>.MODE` -> `LOGGER_<NAME>_MODE`
- [x] dropped legacy logger settings
- [ ] create a docs PR to update documentation
I used Github Copilot for some auto completion of code.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Breaking features
- [PR](https://codeberg.org/forgejo/forgejo/pulls/8667): <!--number 8667 --><!--line 0 --><!--description ZmVhdChsb2dnZXIpOiByZW5hbWUgc2V0dGluZ3MgZm9yIGNvbnNpc3RlbmN5IGFuZCByZW1vdmUgb2Jzb2xldGUgc2V0dGluZ3M=-->feat(logger): rename settings for consistency and remove obsolete settings<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8667
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
Debian packages were capped for a single digit epoch, relax that requirement to a double digit epoch. This is allowed by Debian.
Resolvesforgejo/forgejo#8649
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8671
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: pkpkpkpk <pkpkpkpk@noreply.codeberg.org>
Co-committed-by: pkpkpkpk <pkpkpkpk@noreply.codeberg.org>
fully cover existing behavior
- ref #8667
I used Github Copilot for some code autocompletions.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8729
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
- Use the keying module, that was introduced in forgejo/forgejo#5041, to store action secrets safely and securely in the database.
- Introduce a central function that sets the secret, `SetSecret` and let the caller do the update call. This is similar to how the twofactor (TOTP) models does it. Ref. https://codeberg.org/forgejo/forgejo/pulls/6074
- Add a relaxed migration, that is run inside a transaction. If it cannot decrypt a action secret, then it's deleted.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8692
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
This reverts commit e271c24100.
It was an experiment to verify that adding a delay to the test make a difference. But it does not so... reverting.
@jerger before engaging in a refactor, it is necessary to get to the bottom of this:
- Find the root cause of those failures
- Fix it in a minimal way
Refs https://codeberg.org/forgejo/forgejo/pulls/8274#issuecomment-5987215
---
- https://codeberg.org/forgejo/forgejo/actions/runs/92182/jobs/9
- https://codeberg.org/forgejo/forgejo/actions/runs/92182/jobs/10
```
--- FAIL: TestFederationHttpSigValidation (11.34s)
testlogger.go:411: 2025/07/28 00:23:46 ...les/storage/local.go:33:NewLocalStorage() [I] Creating new Local Storage at /workspace/forgejo/forgejo/tests/gitea-lfs-meta
testlogger.go:411: 2025/07/28 00:23:52 ...ypub/reqsignature.go:76:func1() [W] verifyHttpSignatures failed: neither "Signature" nor "Authorization" have signature parameters
testlogger.go:411: 2025/07/28 00:23:52 ...eb/routing/logger.go:102:func1() [I] router: completed GET http://127.0.0.1:3002/api/v1/activitypub/user-id/2 for test-mock:12345, 400 Bad Request in 5.3ms @ activitypub/reqsignature.go:74(activitypub.ReqHTTPUserOrInstanceSignature)
testlogger.go:411: 2025/07/28 00:23:52 ...ces/auth/httpsign.go:70:Verify() [W] Failed authentication attempt from 127.0.0.1:43244
testlogger.go:411: 2025/07/28 00:23:55 ...eb/routing/logger.go:68:func1() [W] router: slow GET /api/v1/activitypub/user-id/2 for 127.0.0.1:43244, elapsed 3684.7ms @ activitypub/reqsignature.go:74(activitypub.ReqHTTPUserOrInstanceSignature)
--- FAIL: TestFederationHttpSigValidation/SignedRequest (5.01s)
api_federation_httpsig_test.go:50:
Error Trace: /workspace/forgejo/forgejo/tests/integration/api_federation_httpsig_test.go:50
Error: Received unexpected error:
Get "http://127.0.0.1:3002/api/v1/activitypub/user-id/2": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
Test: TestFederationHttpSigValidation/SignedRequest
--- FAIL: TestFederationHttpSigValidation/ValidateCaches (0.00s)
api_federation_httpsig_test.go:64:
Error Trace: /workspace/forgejo/forgejo/tests/integration/api_federation_httpsig_test.go:64
Error: Expected value not to be nil.
Test: TestFederationHttpSigValidation/ValidateCaches
test_utils.go:247: PrepareTestEnv:Process "GET: /api/v1/activitypub/user-id/2" cancelled
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x4cc464a]
```
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8705
Reviewed-by: jerger <jerger@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
It's now scheduled for Forgejo v13
see #8633 for more context
I used Github Copilot for some auto completion of code.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [ ] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [x] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8666
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
The template module now holds the **Template** context, this makes it possible for (render) function in the template module to access functions and share data between render functions.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8663
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Lucas <sclu1034@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
This reverts commit b2a3966e64.
weblate etc. are using this method and need to be updated before the change is enforced.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8633
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
- Add links to review request targets in issue comments
- Fix links to ghost users/orgs/teams to be empty
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8239
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Robert Wolff <mahlzahn@posteo.de>
Co-committed-by: Robert Wolff <mahlzahn@posteo.de>
After seeing #8111 use a webcomponent, I think that they are a neat usecase for Forgejo where most of the frontend is backend-generated, with some "island of enhancements".
I am considering using a webcomponent for the CITATION management (last occurrence of [`Blob.GetBlobContent`](https://codeberg.org/forgejo/forgejo/issues/8222)), however I noticed that the developer experience wasn't ideal.
With this PR it would be very easy to declare a webcomponent, which will be loaded only if needed (I converted `model-viewer` and `pdf-object` to this technique).
Some cleanup in the neighbor webcomponents.
## Testing
1) Create a new repository or use an existing one.
2) Upload a `.pdf` or `.glb` file (such as https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/testdata/data/viewer/Unicode%E2%9D%A4%E2%99%BBTest.glb)
3) Open the Network inspector and view the file in the repository.
- After a short loading spinner, the PDF or 3D model should be rendered in a viewer
- the related JS should have been loaded (e.g. http://localhost:3000/assets/js/model-viewer.494bf0cd.js)
- visiting another page and check that this JS file isn't loaded
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8510
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
- This reverts behavior that was partially unintentionally introduced in forgejo/forgejo#8143, symbolic links were no longer followed (if they escaped the asset folder) for local assets.
- Having symbolic links for user-added files is, to my understanding, a ,common usecase for NixOS and would thus have symbolic links in the asset folders. Avoiding symbolic links is not easy.
- The previous code used `http.Dir`, we cannot use that as it's not of the same type. The equivalent is `os.DirFS`.
- Unit test to prevent this regression from happening again.
Reported-by: bloxx12 (Matrix).
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8596
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
- The `ACME_URL` setting is documented to default to Let's encrypt
production server if left empty, so do precisely that.
- Use a HTTP proxy to communicate with ACME if Forgejo is configured to
use that.
- Regression of forgejo/forgejo#7409 (previously certmagic took care of
setting these defaults).
- Resolvesforgejo/forgejo#8548
## Testing
1. Configure Forgejo's root URL to a public facing domain (that can pass a ACME challenge)
2. Configure Forgejo to use ACME by setting `[server].ENABLE_ACME = true` and `[server].ACME_ACCEPTTOS = true`.
3. Start Forgejo.
4. Observe that it's available via https.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8550
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
Fixes#8529, reverts #8527.
I was able to reproduce the problem in a test:
- it triggered only when the reader was an io.Reader
- and the size was provided (-1 takes another code path in minio)
287b1f21e1 should fail when running:
```
docker run --rm -e MINIO_DOMAIN=minio -e MINIO_ROOT_USER=123456 -e MINIO_ROOT_PASSWORD=12345678 -p 9000:9000 data.forgejo.org/oci/bitnami/minio:2024.8.17
```
and
```
TEST_MINIO_ENDPOINT=localhost:9000 go test -v -run ^TestMinioStorageIterator$ ./modules/storage
```
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [x] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8541
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
This change is very similar to what was done in forgejo/forgejo#7727. When a PR is updated, `checkIfPRContentChanged` is called to check if the diff changed - this is done on a temporary repository. This change improves this checking by doing this operation on the bare repository. The change is split into several commits.
The following changes were made (in this exact order)
1. Update the `getTestPatchCtx` function that was introduced in forgejo/forgejo#7727 so it can be used outside the context of conflict checking. This is a simple change by making the caller determine if it can use a bare repository or not.
2. Do a small refactor of `ValidatePullRequest` to avoid indentation hell in this function, this is purely a refactor but necessary to not blow my brain while working on this function.
3. The first enhancement, introduce `testPatchCtx` in `ValidatePullRequest` to get diverging commits via the bare repository.
4. The main enhancement, do a refactor to move the function to be part of the repository struct and do a rename as this fits as a general purpose function. This refactoring includes it no longer being specific to a temporary repository and works on a bare repository.
5. Add extensive units tests, integration tests are added in forgejo/forgejo#8450 it checks that both calls to `CheckIfDiffDiffers` work. Because it also fixes a bug I sent it as a different PR.
6. Extend the integration test to check for diffs with commits from different repositories, to demonstrate that `getTestPatchCtx` works (specifically the `env` variable).
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8451
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
Reimplement the submodules parser to not depend on the go-git dependency.
See #8222 for the full refactor context.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8438
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
Allow for a directory `default_merge_message` in the `CustomPath` to be used as a fallback if no merge template is specified by the repository. Effectively being a global merge message template feature.
Resolves#6648
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8347
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: kochklops <kochklops@noreply.codeberg.org>
Co-committed-by: kochklops <kochklops@noreply.codeberg.org>
Adds the ability to selectively choose which branches are pushed to a mirror.
This change adds an additional text box on the repository settings for each push mirror. Existing behavior is preserved when the field is left blank.
When the repository is being pushed, only branches matching the comma separated branch filter are pushed.
Resolvesforgejo/forgejo#7242
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7823
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Paul Campbell <pcampbell@kemitix.net>
Co-committed-by: Paul Campbell <pcampbell@kemitix.net>
- When specifying push options, tooling like [git-repo-go](https://github.com/alibaba/git-repo-go) encodes pushoption values if they contain newlines or non-ASCII characters as they cannot be easily specified via the CLI otherwise.
- Recognize such base64 encoded values in the pushoptions (those that have the `{base64}` prefix), if the base64 decoding fails we return the original value.
- Resolvesforgejo/forgejo#8161
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
- [PR](https://codeberg.org/forgejo/forgejo/pulls/8479): <!--number 8479 --><!--line 0 --><!--description QUdpdCBwdXNoIG9wdGlvbnMgc3RhcnRpbmcgd2l0aCBge2Jhc2U2NH1gIGFyZSBkZWNvZGVk-->AGit push options starting with `{base64}` are decoded<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8479
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
closes#7946
- The `rpmsRepoPattern` regex has been fixed to handle releases with dots correctly. For example, the version `0.9.0-alt1.git.17.g2ba905d` is valid, just like `0.1.0-1.n1` mentioned in the issue (https://codeberg.org/forgejo/forgejo/issues/7946#issue-1628991)
- getEntries now returns entry names. In the integration tests, there were lines like:
```go
assert.Equal(t, []string{"", ""}, result.ProvideNames)
```
and it’s unclear how such test logic could have ever worked correctly (fixes problems with deps https://codeberg.org/forgejo/forgejo/issues/7946#issuecomment-5109795)
- ALT is an acronym for ALT Linux Team, so `Alt` was replaced with `ALT`. Strictly speaking, it should probably be `ALT Linux`, but since we use `Arch` instead of `Arch Linux`, this seems fine. Also, Distrowatch shows `Arch`/`ALT` in its dropdown, so it’s consistent.
- The strings `"Alt Linux Team"` and `"Sisyphus"` in the `Origin` and `Suite` fields have been replaced with `setting.AppName` and `"Unknown"`. `Unknown` is a valid value and is set by default, so this won’t cause any issues.
- The documentation link has been fixed: (404 docs.gitea.com/usage/packages/alt/ -> 200 forgejo.org/docs/latest/user/packages/alt/)
---
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [ ] in their respective `*_test.go` for unit tests.
- [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8475
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Maxim Slipenko <maks1ms@altlinux.org>
Co-committed-by: Maxim Slipenko <maks1ms@altlinux.org>
