Commit graph

17900 commits

Author SHA1 Message Date
Gusted
1272ac4f69
[BUG] Use correct logout URL
- If a `logout` event is send the user should be redirected to the
homepage, there are three mechanism that can do this. The response of
`/user/logout` and the event listener of notifications or stopwatch.
It's essentially a race for what's processed first to determine which
mechanism takes care of redirecting the user.
- Fix that the redirection mechanism of the notification and stopwatch
event listener redirects to an absolute URL.
- Ref: #2135
2024-02-25 21:25:59 +01:00
Gusted
1bab4358ac
[BUG] Don't overwrite protected branch accidentally
- If a user tries to create another protected branching rule that
specifies a set of branches already used by another rule, do not allow
it.
- Update the translation accordingly.
- Adds integration test.
- Resolves #2455
2024-02-25 20:09:18 +01:00
Earl Warren
4b8fecd71e
[RELEASE] switch to semantic versioning
The release number displayed by the API and the CLI becomes:

7.0.0+1.22.0

instead of

1.22.0

It would otherwise be inconsistent to have different version number depending on the interface. With the current implementation `/api/forgejo/v1/version` would return `7.0.0+1.22.0` while `/api/v1/version` would return `1.22.0`. The release would be announced as `7.0.0+1.22.0` but the web API would display `1.22.0`.

It may cause some tools that are Gitea specific to not behave as they should in the future if they expect a Gitea version number and activate some features depending on what it is. They would need to be patched to strip the leading Forgejo version number before asserting the Gitea version.

Refs: https://codeberg.org/forgejo/forgejo/issues/2425
2024-02-25 17:00:26 +01:00
Earl Warren
f991f107da Merge pull request 'Improve display of 404/500 error pages' (#2466) from 0ko/forgejo:errorcodes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2466
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-25 15:53:09 +00:00
Earl Warren
649ca2b230 Merge pull request 'Allow instance-wide disabling of forking' (#2445) from algernon/forgejo:f/disable-forks into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2445
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-25 15:13:15 +00:00
Earl Warren
bc2a105cbb Merge pull request '[FEAT] Check if commit is already present in target branch' (#2450) from gusted/forgejo-agit-contain-commit into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2450
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-25 15:05:33 +00:00
Earl Warren
006b2dd381 Merge pull request 'Eliminate wrapping quotes in English locale' (#2467) from 0ko/forgejo:rnd-quotes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2467
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-25 15:03:29 +00:00
Earl Warren
39324ad005 Merge pull request '[REFACTOR] cli: prepareWorkPathAndCustomConf is not just for actions' (#2463) from earl-warren/forgejo:wip-cli-refactor into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2463
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-25 14:48:47 +00:00
Earl Warren
ef1d579c41 Merge pull request '[UI] Agit: Add AGit label to AGit-created PRs' (#2444) from n0toose/agit-indicator into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2444
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-25 14:48:09 +00:00
Gusted
490b81a8ed Merge pull request 'Move permission check from ArtifactsDeleteView to the route' (#2464) from algernon/forgejo:gitea-port/artifact-deletion/refactor into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2464
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-25 14:15:03 +00:00
0ko
a748ba70a8 10-year old images are gone 2024-02-25 18:13:59 +05:00
0ko
e34ead7a46 [I18N] eliminate wrapping quotes 2024-02-25 17:03:09 +05:00
Gergely Nagy
0ea021c8c9
Allow instance-wide disabling of forking
For small, personal self-hosted instances with no user signups, the fork
button is just a noise. This patch allows disabling them like stars can
be disabled too.

Disabling forks does not only remove the buttons from the web UI, it
also disables the routes that could be used to create forks.

Fixes #2441.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-25 12:00:17 +01:00
0ko
186f1f5669 [THEME] refactor display of 404/500 error pages 2024-02-25 15:59:12 +05:00
Gergely Nagy
9372bdd4a3
Move permission check from ArtifactsDeleteView to the route
As suggested by @Gusted in #2431, move the permission checking from
`ArtifactsDeleteView` into the route instead, where it belongs.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-25 10:52:11 +01:00
Earl Warren
8a5a7a88be
[REFACTOR] cli: prepareWorkPathAndCustomConf is not just for actions
Split prepareWorkPathAndCustomConf out of the actions sub-command.

In the CLI prepareWorkPathAndCustomConf is a preparation step that is
needed before running the sub-command actions in the Forgejo CLI. It
is currently specific to this sub-command but it will be useful for
other sub-commands such as F3.
2024-02-25 09:54:25 +01:00
Earl Warren
b7ea2ea463 Merge pull request 'Fixes #2452 - Skipping SHA256 tests if unsupported' (#2456) from lhinderberger/forgejo:2452-skip-sha256-if-unsupported into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2456
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-24 16:55:05 +00:00
Lucas Hinderberger
c8ae3498e7 gofmt-ed modules/git/utils_test.go due to linter 2024-02-24 15:53:38 +01:00
Earl Warren
3471adb14a Merge pull request '[FEAT] Enable ambiguous character detection in configured contexts' (#2427) from gusted/forgejo-ambigious-characters into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2427
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
2024-02-24 12:25:31 +00:00
Earl Warren
bc8d61d12e Merge pull request '[FEAT] Restrict file size of blame operation' (#2395) from gusted/forgejo-blame-restrict into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2395
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-23 23:17:02 +00:00
Lucas Hinderberger
a4b0c0edc5 Fixes #2452 - Skipping SHA256 tests if unsupported
The test suite was broken e.g. on Debian 12 due to requiring a very
recent version of Git installed on the system. This commit skips SHA256
tests in the git module, if a Git version older than 2.42 or gogit is used.
2024-02-24 00:14:24 +01:00
Gusted
f0ed6de89d
[FEAT] Check if commit is already present in target branch
- Check if someone is (accidentally) trying to create a pull request via
AGit with changes already in the target branch and fail if that is the
case.
- Added integration test.
2024-02-23 21:42:15 +01:00
Panagiotis "Ivory" Vasilopoulos
bf7fb89178 [UI] Agit: Add AGit label to AGit-created PRs
Adds a label to Pull Requests that were created using AGit-Flow,
in order to prevent situations where a contributor uses AGit-Flow
to push new changes - only to realize that they did not use AGit-Flow
in the first place, and that they just opened a new PR accidentally
(that was me).

Also intended to raise general awareness about the feature. Some
additional work, such as adding a tooltip, still needs to be
done.

A small typo fix for a comment and (exclusively) formatting fixes
in the copyright header are also included.

Refs: https://codeberg.org/forgejo/forgejo/issues/2433
2024-02-23 21:09:08 +01:00
Gusted
f304441341
[BUG] Fix diff patch operation in web UI
- The form used by the diff patch operation requires that the value of
`tree_path` is set, even though it's not used. Set it to `patch` so this
feature can be used again.
- Regression of 08fe6f8c7e.
2024-02-23 17:40:44 +01:00
Earl Warren
b8563acedb Merge pull request '[CI] name the test release after the latest v*-dev tag' (#2448) from earl-warren/forgejo:wip-release-number into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2448
2024-02-23 16:31:51 +00:00
Earl Warren
2762dd9597
[CI] name the test release after the latest v*-dev tag
Also ignore the *-test tags when figuring out the Forgejo version,
they exist in the integration repository and experimental repository
for daily releases.
2024-02-23 15:37:46 +01:00
Earl Warren
6531d765a0 Merge pull request 'Fixes & Improvements for English locale' (#2437) from 0ko/forgejo:english240222 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2437
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-23 12:22:51 +00:00
Gusted
5b3a82d621
[FEAT] Enable ambiguous character detection in configured contexts
- The ambiguous character detection is an important security feature to
combat against sourcebase attacks (https://trojansource.codes/).
- However there are a few problems with the feature as it stands
today (i) it's apparantly an big performance hitter, it's twice as slow
as syntax highlighting (ii) it contains false positives, because it's
reporting valid problems but not valid within the context of a
programming language (ambiguous charachters in code comments being a
prime example) that can lead to security issues (iii) charachters from
certain languages always being marked as ambiguous. It's a lot of effort
to fix the aforementioned issues.
- Therefore, make it configurable in which context the ambiguous
character detection should be run, this avoids running detection in all
contexts such as file views, but still enable it in commits and pull
requests diffs where it matters the most. Ideally this also becomes an
per-repository setting, but the code architecture doesn't allow for a
clean implementation of that.
- Adds unit test.
- Adds integration tests to ensure that the contexts and instance-wide
is respected (and that ambigious charachter detection actually work in
different places).
- Ref: https://codeberg.org/forgejo/forgejo/pulls/2395#issuecomment-1575547
- Ref: https://codeberg.org/forgejo/forgejo/issues/564
2024-02-23 13:12:17 +01:00
Earl Warren
894a0eff9f Merge pull request 'Artifact deletion: port of gitea#27172 and gitea#29241' (#2431) from algernon/forgejo:gitea-port/artifact-deletion into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2431
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-23 12:00:03 +00:00
Earl Warren
f47c17d532 Merge pull request '[REFACTOR] Simplify converting struct to map in admin stats' (#2442) from gusted/forgejo-admin-stats into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2442
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-23 11:32:17 +00:00
Gergely Nagy
98943fdb43
tests: Add a basic test for artifact deletion
Adds a very bare-bones test for artifact deletion. It does not exercise
the functionality itself, just the presence of the functionality.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-23 09:24:43 +01:00
FuXiaoHei
7f64e4d2a3
Expire artifacts before deleting them physically (#29241)
https://github.com/go-gitea/gitea/pull/27172#discussion_r1493735466

When cleanup artifacts, it removes storage first. If storage is not
exist (maybe delete manually), it gets error and continue loop. It makes
a dead loop if there are a lot pending but non-existing artifacts.

Now it updates db record at first to avoid keep a lot of pending status
artifacts.
2024-02-23 09:06:14 +01:00
FuXiaoHei
c551d3f3ab
Artifact deletion in actions ui (#27172)
Add deletion link in runs view page.
Fix #26315

![image](https://github.com/go-gitea/gitea/assets/2142787/aa65a4ab-f434-4deb-b953-21e63c212033)

When click deletion button. It marks this artifact `need-delete`.

This artifact would be deleted when actions cleanup cron task.
2024-02-23 09:06:14 +01:00
Earl Warren
c47e6ceb82 Merge pull request '[FEAT] repo search using git grep' (#1594) from snematoda/forgejo:forgejo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1594
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-22 22:21:44 +00:00
Panagiotis "Ivory" Vasilopoulos
62f3ff6074 [UI] Actions: I will always run make fmt before pushing
I will always run make fmt before pushing
I will always run make fmt before pushing
I will always run make fmt before pushing
2024-02-22 22:31:26 +01:00
Panagiotis "Ivory" Vasilopoulos
2a0a5c6ec0 [UI] Actions: Oops, forgot to lint the tests. 2024-02-22 22:26:11 +01:00
Gusted
f68bc0ec6a
[REFACTOR] Simplify converting struct to map in admin stats
- Instead of relying on JSON to convert the struct to map, use
`reflect` to do this conversion. Also simplify it a bit by only passing
one variable to the template.
- This avoids issues where the conversion to JSON causes changes in
the value, for example huge numbers are converted to its scientific
notation but are consequently not converted back when being displayed.
- Adds unit tests.
- Resolves an issue where the amount of comments is being displayed in
scientific notation on Codeberg.
2024-02-22 22:25:19 +01:00
Panagiotis "Ivory" Vasilopoulos
785f336c12 [UI] Actions: Improve frontend testing 2024-02-22 22:12:44 +01:00
Earl Warren
ec1b64637e Merge pull request 'Do not run e2e tests in parallel' (#2440) from maltejur/forgejo:e2e_parallel into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2440
2024-02-22 18:57:05 +00:00
Earl Warren
c06af395af Merge pull request 'Enable e2e testing on Firefox' (#2439) from maltejur/forgejo:e2e_firefox into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2439
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-22 18:56:29 +00:00
Malte Jürgens
9018b4c9fe
Enable e2e testing on Firefox 2024-02-22 19:27:03 +01:00
Malte Jürgens
e8585eff5c
Do not run e2e tests in parallel 2024-02-22 19:26:25 +01:00
0ko
e5b5585ee2 Fixes & Improvements for English locale 2024-02-22 22:33:22 +05:00
Earl Warren
e7a97a39a6 Merge pull request '[TESTS] verify sanitization of names to prevent XSS' (#2435) from earl-warren/forgejo:wip-xss into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2435
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-22 16:06:38 +00:00
Gusted
ca798e4cc2
[SECURITY] Test XSS in dismissed review
It's possible for reviews to not be assiocated with users, when they
were migrated from another forge instance. In the migration code,
there's no sanitization check for author names, so they could contain
HTML tags and thus needs to be properely escaped.
2024-02-22 15:33:20 +01:00
Earl Warren
6f41188ac1 Merge pull request '[RELEASE] v1.21.6-0 release notes' (#2410) from earl-warren/forgejo:wip-release-notes-1.21 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2410
2024-02-22 14:08:00 +00:00
Gusted
565e331238
[SECURITY] Test XSS in wiki last commit information
On the wiki and revisions page, information is shown about the last
commit that modified that wiki page. This includes the time it was last
edited and by whom. Verify it is sanitized.
2024-02-22 15:03:15 +01:00
Earl Warren
704615fa65
[RELEASE] v1.21.6-0 release notes
Refs: https://codeberg.org/forgejo/forgejo/issues/2408
2024-02-22 14:22:32 +01:00
Panagiotis "Ivory" Vasilopoulos
1668904513 [UI] Actions: Link to Workflow in View 2024-02-22 13:18:06 +01:00
Earl Warren
2f5b266cca Merge pull request 'Add e2e debug server' (#2423) from maltejur/forgejo:e2e_debugserver into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2423
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-21 20:34:06 +00:00