Commit graph

467 commits

Author SHA1 Message Date
Earl Warren
517637137c Merge pull request '[gitea] week 2024-32 cherry pick (gitea/main -> forgejo)' (#4801) from earl-warren/wcp/2024-32 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4801
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-06 05:47:20 +00:00
Gergely Nagy
f121e87aa6
activitypub: Implement an instance-wide actor
An instance-wide actor is required for outgoing signed requests that are
done on behalf of the instance, rather than on behalf of other actors.
Such things include updating profile information, or fetching public
keys.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-08-05 10:50:26 +02:00
Jason Song
f6b1407e4c
Add permission description for API to add repo collaborator (#31744)
Fix #31552.

(cherry picked from commit 333c9ed8cab961b6dd58b04edc47a57dc4d6dbab)
2024-08-04 18:24:10 +02:00
Jason Song
6e63afe31f
Fix API endpoint for registration-token (#31722)
Partially fix #31707. Related to #30656

(cherry picked from commit bf5ae79c5163b8dd6a3185711ad11893b1270f62)
2024-08-04 10:14:34 +02:00
Gergely Nagy
67fa52dedb
feat(quota): Quota enforcement
The previous commit laid out the foundation of the quota engine, this
one builds on top of it, and implements the actual enforcement.

Enforcement happens at the route decoration level, whenever possible. In
case of the API, when over quota, a 413 error is returned, with an
appropriate JSON payload. In case of web routes, a 413 HTML page is
rendered with similar information.

This implementation is for a **soft quota**: quota usage is checked
before an operation is to be performed, and the operation is *only*
denied if the user is already over quota. This makes it possible to go
over quota, but has the significant advantage of being practically
implementable within the current Forgejo architecture.

The goal of enforcement is to deny actions that can make the user go
over quota, and allow the rest. As such, deleting things should - in
almost all cases - be possible. A prime exemption is deleting files via
the web ui: that creates a new commit, which in turn increases repo
size, thus, is denied if the user is over quota.

Limitations
-----------

Because we generally work at a route decorator level, and rarely
look *into* the operation itself, `size:repos:public` and
`size:repos:private` are not enforced at this level, the engine enforces
against `size:repos:all`. This will be improved in the future.

AGit does not play very well with this system, because AGit PRs count
toward the repo they're opened against, while in the GitHub-style fork +
pull model, it counts against the fork. This too, can be improved in the
future.

There's very little done on the UI side to guard against going over
quota. What this patch implements, is enforcement, not prevention. The
UI will still let you *try* operations that *will* result in a denial.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-08-02 11:10:34 +02:00
Gergely Nagy
e1fe3bbdc0
feat(quota): Humble beginnings of a quota engine
This is an implementation of a quota engine, and the API routes to
manage its settings. This does *not* contain any enforcement code: this
is just the bedrock, the engine itself.

The goal of the engine is to be flexible and future proof: to be nimble
enough to build on it further, without having to rewrite large parts of
it.

It might feel a little more complicated than necessary, because the goal
was to be able to support scenarios only very few Forgejo instances
need, scenarios the vast majority of mostly smaller instances simply do
not care about. The goal is to support both big and small, and for that,
we need a solid, flexible foundation.

There are thee big parts to the engine: counting quota use, setting
limits, and evaluating whether the usage is within the limits. Sounds
simple on paper, less so in practice!

Quota counting
==============

Quota is counted based on repo ownership, whenever possible, because
repo owners are in ultimate control over the resources they use: they
can delete repos, attachments, everything, even if they don't *own*
those themselves. They can clean up, and will always have the permission
and access required to do so. Would we count quota based on the owning
user, that could lead to situations where a user is unable to free up
space, because they uploaded a big attachment to a repo that has been
taken private since. It's both more fair, and much safer to count quota
against repo owners.

This means that if user A uploads an attachment to an issue opened
against organization O, that will count towards the quota of
organization O, rather than user A.

One's quota usage stats can be queried using the `/user/quota` API
endpoint. To figure out what's eating into it, the
`/user/repos?order_by=size`, `/user/quota/attachments`,
`/user/quota/artifacts`, and `/user/quota/packages` endpoints should be
consulted. There's also `/user/quota/check?subject=<...>` to check
whether the signed-in user is within a particular quota limit.

Quotas are counted based on sizes stored in the database.

Setting quota limits
====================

There are different "subjects" one can limit usage for. At this time,
only size-based limits are implemented, which are:

- `size:all`: As the name would imply, the total size of everything
  Forgejo tracks.
- `size:repos:all`: The total size of all repositories (not including
  LFS).
- `size:repos:public`: The total size of all public repositories (not
  including LFS).
- `size:repos:private`: The total size of all private repositories (not
  including LFS).
- `size:git:all`: The total size of all git data (including all
  repositories, and LFS).
- `size:git:lfs`: The size of all git LFS data (either in private or
  public repos).
- `size:assets:all`: The size of all assets tracked by Forgejo.
- `size:assets:attachments:all`: The size of all kinds of attachments
  tracked by Forgejo.
- `size:assets:attachments:issues`: Size of all attachments attached to
  issues, including issue comments.
- `size:assets:attachments:releases`: Size of all attachments attached
  to releases. This does *not* include automatically generated archives.
- `size:assets:artifacts`: Size of all Action artifacts.
- `size:assets:packages:all`: Size of all Packages.
- `size:wiki`: Wiki size

Wiki size is currently not tracked, and the engine will always deem it
within quota.

These subjects are built into Rules, which set a limit on *all* subjects
within a rule. Thus, we can create a rule that says: "1Gb limit on all
release assets, all packages, and git LFS, combined". For a rule to
stand, the total sum of all subjects must be below the rule's limit.

Rules are in turn collected into groups. A group is just a name, and a
list of rules. For a group to stand, all of its rules must stand. Thus,
if we have a group with two rules, one that sets a combined 1Gb limit on
release assets, all packages, and git LFS, and another rule that sets a
256Mb limit on packages, if the user has 512Mb of packages, the group
will not stand, because the second rule deems it over quota. Similarly,
if the user has only 128Mb of packages, but 900Mb of release assets, the
group will not stand, because the combined size of packages and release
assets is over the 1Gb limit of the first rule.

Groups themselves are collected into Group Lists. A group list stands
when *any* of the groups within stand. This allows an administrator to
set conservative defaults, but then place select users into additional
groups that increase some aspect of their limits.

To top it off, it is possible to set the default quota groups a user
belongs to in `app.ini`. If there's no explicit assignment, the engine
will use the default groups. This makes it possible to avoid having to
assign each and every user a list of quota groups, and only those need
to be explicitly assigned who need a different set of groups than the
defaults.

If a user has any quota groups assigned to them, the default list will
not be considered for them.

The management APIs
===================

This commit contains the engine itself, its unit tests, and the quota
management APIs. It does not contain any enforcement.

The APIs are documented in-code, and in the swagger docs, and the
integration tests can serve as an example on how to use them.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-08-02 11:10:34 +02:00
Gergely Nagy
250f87db59
feat(api): An order_by param for user.ListMyRepos
Add an optional `order_by` parameter to the `user.ListMyRepos`
handler (which handles the `/api/v1/user/repos` route), allowing a user
to sort repos by name (the default), id, or size.

The latter will be useful later for figuring out which repos use most
space, which repos eat most into a user's quota.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-08-02 10:52:21 +02:00
Earl Warren
94933470cd Merge pull request 'Implement external release assets' (#1445) from maltejur/forgejo:forgejo-external-attachments into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1445
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-30 15:50:57 +00:00
Malte Jürgens
a61e7c7a39
Implement external assets 2024-07-29 20:35:55 +02:00
Adam Majer
94e9cbcd71
Add return type to GetRawFileOrLFS and GetRawFile (#31680)
Document return type for the endpoints that fetch specific files from a
repository. This allows the swagger generated code to read the returned
data.

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit bae87dfb0958e6a2920c905e51c2a026b7b71ca6)
2024-07-28 09:00:29 +02:00
Mai-Lapyst
51735c415b Add support for workflow_dispatch (#3334)
Closes #2797

I'm aware of https://github.com/go-gitea/gitea/pull/28163 exists, but since I had it laying around on my drive and collecting dust, I might as well open a PR for it if anyone wants the feature a bit sooner than waiting for upstream to release it or to be a forgejo "native" implementation.

This PR Contains:
- Support for the `workflow_dispatch` trigger
- Inputs: boolean, string, number, choice

Things still to be done:
- [x] API Endpoint `/api/v1/<org>/<repo>/actions/workflows/<workflow id>/dispatches`
- ~~Fixing some UI bugs I had no time figuring out, like why dropdown/choice inputs's menu's behave weirdly~~ Unrelated visual bug with dropdowns inside dropdowns
- [x] Fix bug where opening the branch selection submits the form
- [x] Limit on inputs to render/process

Things not in this PR:
- Inputs: environment (First need support for environments in forgejo)

Things needed to test this:
- A patch for https://code.forgejo.org/forgejo/runner to actually consider the inputs inside the workflow.
  ~~One possible patch can be seen here: https://code.forgejo.org/Mai-Lapyst/runner/src/branch/support-workflow-inputs~~
  [PR](https://code.forgejo.org/forgejo/runner/pulls/199)

![image](/attachments/2db50c9e-898f-41cb-b698-43edeefd2573)

## Testing

- Checkout PR
- Setup new development runner with [this PR](https://code.forgejo.org/forgejo/runner/pulls/199)
- Create a repo with a workflow (see below)
- Go to the actions tab, select the workflow and see the notice as in the screenshot above
- Use the button + dropdown to run the workflow
  - Try also running it via the api using the `` endpoint
- ...
- Profit!

<details>
<summary>Example workflow</summary>

```yaml
on:
  workflow_dispatch:
    inputs:
      logLevel:
        description: 'Log Level'
        required: true
        default: 'warning'
        type: choice
        options:
        - info
        - warning
        - debug
      tags:
        description: 'Test scenario tags'
        required: false
        type: boolean
      boolean_default_true:
        description: 'Test scenario tags'
        required: true
        type: boolean
        default: true
      boolean_default_false:
        description: 'Test scenario tags'
        required: false
        type: boolean
        default: false
      number1_default:
        description: 'Number w. default'
        default: '100'
        type: number
      number2:
        description: 'Number w/o. default'
        type: number
      string1_default:
        description: 'String w. default'
        default: 'Hello world'
        type: string
      string2:
        description: 'String w/o. default'
        required: true
        type: string

jobs:
  test:
    runs-on: docker
    steps:
      - uses: actions/checkout@v3
      - run: whoami
      - run: cat /etc/issue
      - run: uname -a
      - run: date
      - run: echo ${{ inputs.logLevel }}
      - run: echo ${{ inputs.tags }}
      - env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"
      - run: echo "abc"
```
</details>

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3334
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Co-committed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
2024-06-28 05:17:11 +00:00
Gusted
5926ed1f73
[SWAGGER] Make it consistent with reality
- Make the `UserSettings` definition an non-array, this is consistent
with the existing endpoints that uses this definition.
- Resolves #4179
2024-06-19 07:16:42 +02:00
mzroot
ff43d02803
Add tag protection via rest api #17862 (#31295)
Add tag protection manage via rest API.

---------

Co-authored-by: Alexander Kogay <kogay.a@citilink.ru>
Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit d4e4226c3cbfa62a6adf15f4466747468eb208c7)

Conflicts:
	modules/structs/repo_tag.go
	trivial context conflict
	templates/swagger/v1_json.tmpl
	fixed with make generate-swagger
2024-06-16 13:42:59 +02:00
6543
12e23ee199
[Refactor] Unify repo search order by logic (#30876)
have repo OrderBy definitions defined in one place and use a single type
for OrderBy database options

(cherry picked from commit bb04311b0b5b7a28f94c4bc409db1c4a04bcef17)
2024-06-16 13:42:58 +02:00
Kemal Zebari
90753a2c11
Document possible action types for the user activity feed API (#31196)
Resolves #31131.

It uses the the go-swagger `enum` property to document the activity
action types.

(cherry picked from commit cb27c438a82fec9f2476f6058bc5dcda2617aab5)
2024-06-09 11:13:39 +02:00
André Rosenhammer
fb7b17d240 Make gitea webhooks openproject compatible (gitea#28435)
This PR adds some fields to the gitea webhook payload that
[openproject](https://www.openproject.org/) expects to exists in order
to process the webhooks.
These fields do exists in Github's webhook payload so adding them makes
Gitea's native webhook more compatible towards Github's.
2024-06-05 15:58:51 +02:00
Lunny Xiao
ee2247d77c
Add topics for repository API (#31127)
Fix ##31100

(cherry picked from commit de4616690f742aebc3e019fde5c73c432d543292)
2024-06-02 16:26:54 +02:00
Earl Warren
74e07656d2 Merge pull request '[gitea] week 2024-21 cherry pick (gitea/main -> forgejo)' (#3838) from algernon/wcp/2024-21 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3838
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-21 08:05:01 +00:00
0ko
bcd2e64a93 s/return_to_gitea/return_to_forgejo (#3822)
Just a small actualization of a string key. I don't think we have any more replaceable `gitea` in the locales at the moment.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3822
Reviewed-by: Otto <otto@codeberg.org>
2024-05-20 18:44:33 +00:00
wxiaoguang
50b4e7f26e
Simplify mirror repository API logic (#30963)
Fix #30921

(cherry picked from commit 821d2fc2a3cc897f21d707455850177077b72410)
2024-05-19 13:57:52 +02:00
KN4CK3R
597dcd864a
Protected tag is no internal server error (#30962)
Fixes #30959

Adds an API test for protected tags.
Fix existing tag in combination with fixtures.

(cherry picked from commit b1d8f13bd0ecd9c576ebf2ecbd9c7dbeb3f5254f)
2024-05-19 13:12:35 +02:00
Zettat123
8e1de85980
Support using label names when changing issue labels (#30943)
Resolve #30917

Make the APIs for adding labels and replacing labels support both label
IDs and label names so the
[`actions/labeler`](https://github.com/actions/labeler) action can work
in Gitea.

<img width="600px"
src="https://github.com/go-gitea/gitea/assets/15528715/7835c771-f637-4c57-9ce5-e4fbf56fa0d3"
/>

(cherry picked from commit b3beaed147466739de0c24fd80206b5af8b71617)

Conflicts:
	- modules/structs/issue_label.go
	  Resolved by applying the Gitea change by hand.
	- tests/integration/api_issue_label_test.go
	  Resolved by copying the new tests.
2024-05-19 13:12:35 +02:00
Earl Warren
a2c8fe0370 Merge pull request '[gitea] week 2024-19 cherry pick (gitea-github/main -> forgejo)' (#3639) from earl-warren/wcp/2024-19 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3639
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-05-07 22:47:53 +00:00
Michael Jerger
2177d38e9c feat(federation): validate like activities (#3494)
First step on the way to #1680

The PR will

* accept like request on the api
* validate activity in a first level

You can find

* architecture at: https://codeberg.org/meissa/forgejo/src/branch/forgejo-federated-star/docs/unsure-where-to-put/federation-architecture.md

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3494
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
2024-05-07 07:59:49 +00:00
Kemal Zebari
9cd0441cd3
Catch and handle unallowed file type errors in issue attachment API (#30791)
Before, we would just throw 500 if a user passes an attachment that is
not an allowed type. This commit catches this error and throws a 422
instead since this should be considered a validation error.

(cherry picked from commit 872caa17c0a30d95f85ab75c068d606e07bd10b3)

Conflicts:
	tests/integration/api_comment_attachment_test.go
	tests/integration/api_issue_attachment_test.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
2024-05-05 12:15:40 +01:00
Chester
1a40fe54a6
Add API endpoints for getting action jobs status (#26673)
Sample of response, it is similar to Github actions

ref
https://docs.github.com/en/rest/actions/workflow-runs?apiVersion=2022-11-28#list-workflow-runs-for-a-repository

``` json
{
    "workflow_runs": [
        {
            "id": 3,
            "name": "Explore-Gitea-Actions",
            "head_branch": "main",
            "head_sha": "6d8d29a9f7a01ded8f8aeb64341cb31ee1ab5f19",
            "run_number": 3,
            "event": "push",
            "display_title": "More job",
            "status": "success",
            "workflow_id": "demo2.yaml",
            "url": "/chester/test/actions/runs/3",
            "created_at": "2023-08-22T13:41:33-04:00",
            "updated_at": "2023-08-22T13:41:37-04:00",
            "run_started_at": "2023-08-22T13:41:33-04:00"
        },
        {
            "id": 2,
            "name": "Explore-Gitea-Actions",
            "head_branch": "main",
            "head_sha": "6d8d29a9f7a01ded8f8aeb64341cb31ee1ab5f19",
            "run_number": 2,
            "event": "push",
            "display_title": "More job",
            "status": "success",
            "workflow_id": "demo.yaml",
            "url": "/chester/test/actions/runs/2",
            "created_at": "2023-08-22T13:41:30-04:00",
            "updated_at": "2023-08-22T13:41:33-04:00",
            "run_started_at": "2023-08-22T13:41:30-04:00"
        },
        {
            "id": 1,
            "name": "Explore-Gitea-Actions",
            "head_branch": "main",
            "head_sha": "e5369ab054cae79899ba36e45ee82811a6e0acd5",
            "run_number": 1,
            "event": "push",
            "display_title": "Add job",
            "status": "failure",
            "workflow_id": "demo.yaml",
            "url": "/chester/test/actions/runs/1",
            "created_at": "2023-08-22T13:15:21-04:00",
            "updated_at": "2023-08-22T13:18:10-04:00",
            "run_started_at": "2023-08-22T13:15:21-04:00"
        }
    ],
    "total_count": 3
}
```

---------

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: puni9869 <80308335+puni9869@users.noreply.github.com>
(cherry picked from commit 6709e28da78a0ea7e63f9fe4e32f620abdc88d14)

Conflicts:
	routers/api/v1/swagger/repo.go
	trivial context conflict
2024-05-05 12:15:40 +01:00
Bo-Yi Wu
7b456a28d1
feat(api): enhance Actions Secrets Management API for repository (#30656)
- Add endpoint to list repository action secrets in API routes
- Implement `ListActionsSecrets` function to retrieve action secrets
from the database
- Update Swagger documentation to include the new
`/repos/{owner}/{repo}/actions/secrets` endpoint
- Add `actions` package import and define new routes for actions,
secrets, variables, and runners in `api.go`.
- Refactor action-related API functions into `Action` struct methods in
`org/action.go` and `repo/action.go`.
- Remove `actionAPI` struct and related functions, replacing them with
`NewAction()` calls.
- Rename `variables.go` to `action.go` in `org` directory.
- Delete `runners.go` and `secrets.go` in both `org` and `repo`
directories, consolidating their content into `action.go`.
- Update copyright year and add new imports in `org/action.go`.
- Implement `API` interface in `services/actions/interface.go` for
action-related methods.
- Remove individual action-related functions and replace them with
methods on the `Action` struct in `repo/action.go`.

---------

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Signed-off-by: appleboy <appleboy.tw@gmail.com>
(cherry picked from commit 852547d0dc70299589c7bf8d00ea462ed709b8e5)

Conflicts:
	routers/api/v1/api.go
	trivial conflict because of Fix #2512 /api/forgejo/v1/version auth check (#2582)
2024-04-28 15:39:01 +02:00
Lunny Xiao
4e6e63dca2
Fix compare api swagger (#30648)
The swagger format on #30349 is not right. This PR will fix it.

(cherry picked from commit 8924d9b2efd52132876fcd106c625a2a2db7a295)
2024-04-28 15:39:00 +02:00
JakobDev
1bce2dc5c5 [FEAT]Add Option to hide Release Archive links (#3139)
This adds a new options to releases to hide the links to the automatically generated archives. This is useful, when the automatically generated Archives are broken e.g. because of Submodules.

![grafik](/attachments/5686edf6-f318-4175-8459-89c33973b181)
![grafik](/attachments/74a8bf92-2abb-47a0-876d-d41024770d0b)

Note:
This juts hides the Archives from the UI. Users can still download 5the Archive if they know t correct URL.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3139
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-committed-by: JakobDev <jakobdev@gmx.de>
2024-04-24 15:15:55 +00:00
Tobias Balle-Petersen
23f032eaa5
Update API to return 'source_id' for users (#29718)
Using the API, a user's _source_id_ can be set in the _CreateUserOption_
model, but the field is not returned in the _User_ model.

This PR updates the _User_ model to include the field _source_id_ (The
ID of the Authentication Source).

(cherry picked from commit 58b204b813cd3a97db904d889d552e64a7e398ff)
2024-04-21 12:04:18 +02:00
Bo-Yi Wu
e025ec0131
feat(api): implement branch/commit comparison API (#30349)
- Add new `Compare` struct to represent comparison between two commits
- Introduce new API endpoint `/compare/*` to get commit comparison
information
- Create new file `repo_compare.go` with the `Compare` struct definition
- Add new file `compare.go` in `routers/api/v1/repo` to handle
comparison logic
- Add new file `compare.go` in `routers/common` to define `CompareInfo`
struct
- Refactor `ParseCompareInfo` function to use `common.CompareInfo`
struct
- Update Swagger documentation to include the new API endpoint for
commit comparison
- Remove duplicate `CompareInfo` struct from
`routers/web/repo/compare.go`
- Adjust base path in Swagger template to be relative (`/api/v1`)

GitHub API
https://docs.github.com/en/rest/commits/commits?apiVersion=2022-11-28#compare-two-commits

---------

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit c70e442ce4b99e2a1f1bf216afcfa1ad78d1925a)

Conflicts:
	- routers/api/v1/swagger/repo.go
	  Conflict resolved by manually adding the lines from the Gitea
	  PR.
2024-04-21 11:58:18 +02:00
Earl Warren
d07f12e010 Merge pull request 'Do not require login_name & source_id for /admin/user/{username}' (#3278) from algernon/forgejo:leave-your-name-at-the-door into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3278
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-17 11:05:13 +00:00
Gergely Nagy
d07c8c821c
Do not require login_name & source_id for /admin/user/{username}
When editing a user via the API, do not require setting `login_name` or
`source_id`: for local accounts, these do not matter. However, when
editing a non-local account, require *both*, as before.

Fixes #1861.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-17 10:33:52 +02:00
Gergely Nagy
df8e58c5cb
Allow changing global wiki editability via the API
The global wiki editability can be set via the web UI, this patch makes
it possible to set the same thing via the API too. This is accomplished
by adjusting the GET and PATCH handlers of the
`/api/v1/repos/{owner}/{repo}` route.

The first will include the property when checking the repo's settings,
the second allows a repo admin to change the setting too.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-16 22:51:36 +02:00
Earl Warren
26fc7c3461 Merge pull request '[gitea] week 15 cherry pick' (#3091) from algernon/forgejo:wcp/week-15 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3091
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-09 05:31:44 +00:00
JakobDev
613e5387c5 Count downloads for tag archives 2024-04-08 12:51:27 +02:00
sillyguodong
16696a42f5
Add API for Variables (#29520)
close #27801

---------

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 62b073e6f31645e446c7e8d6b5a506f61b47924e)

Conflicts:
	- modules/util/util.go
          Trivial resolution, only picking the newly introduced function
	- routers/api/v1/swagger/options.go
          Trivial resolution. We don't have UserBadges, don't pick that part.
	- templates/swagger/v1_json.tmpl
          Regenerated.
2024-04-07 10:57:53 +02:00
Gergely Nagy
66ac657159
Add Pronouns to the User and UserSettings api structs
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-03 15:17:15 -05:00
hazycora
21c8c09430
generate swagger 2024-04-03 15:12:30 -05:00
Earl Warren
ec091b59af Merge pull request '[FEAT] Configure if protected branch rule should apply to admins' (#2867) from gusted/forgejo-protectedbranch-admins into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2867
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-01 19:28:29 +00:00
Kemal Zebari
23676bfea7
Prevent re-review and dismiss review actions on closed and merged PRs (#30065)
Resolves #29965.

---
Manually tested this by:
- Following the
[installation](https://docs.gitea.com/next/installation/install-with-docker#basics)
guide (but built a local Docker image instead)
- Creating 2 users, one who is the `Owner` of a newly-created repository
and the other a `Collaborator`
- Had the `Collaborator` create a PR that the `Owner` reviews
- `Collaborator` resolves conversation and `Owner` merges PR

And with this change we see that we can no longer see re-request review
button for the `Owner`:

<img width="1351" alt="Screenshot 2024-03-25 at 12 39 18 AM"
src="https://github.com/go-gitea/gitea/assets/60799661/bcd9c579-3cf7-474f-a51e-b436fe1a39a4">

(cherry picked from commit 242b331260925e604150346e61329097d5731e77)
2024-03-30 07:17:32 +01:00
Gusted
79b7089360
[FEAT] Configure if protected branch rule should apply to admins
- Currently protected branch rules do not apply to admins, however in
some cases (like in the case of Forgejo project) you might also want to
apply these rules to admins to avoid accidental merges.
- Add new option to configure this on a per-rule basis.
- Adds integration tests.
- Resolves #65
2024-03-29 00:21:49 +01:00
oliverpool
702152bfde [REFACTOR] webhook.Handler interface 2024-03-24 10:35:06 +01:00
Gergely Nagy
36147f580c
Allow users to hide all "Add more units..." hints
Repositories displaying an "Add more..." tab on the header is a neat way
to let people discover they can enable more units. However, displaying
it all the time for repository owners, even when they deliberately do
not want to enable more units gets noisy very fast.

As such, this patch introduces a new setting which lets people disable
this hint under the appearance settings.

Fixes #2378.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-03-21 08:15:51 +01:00
pengqiseven
e825d007b1
remove repetitive words (#29695)
Signed-off-by: pengqiseven <912170095@qq.com>
(cherry picked from commit 7f856d5d742dcb6febdb8a3f22cd9a8fecc69a4d)
2024-03-20 08:46:28 +01:00
6543
ff8f7a7a0d
Extend issue template yaml engine (#29274)
Add new option:

`visible`: witch can hide a specific field of the form or the created
content afterwards

It is a string array witch can contain `form` and `content`. If only
`form` is present, it wont show up in the created issue afterwards and
the other way around. By default it sets both except for markdown

As they are optional and github don't have any similar thing, it is non
breaking and also do not conflict with it.

With this you can:
- define "post issue creation" elements like a TODO list to track an
issue state
- make sure to have a checkbox that reminds the user to check for a
thing but dont have it in the created issue afterwards
- define markdown for the created issue (was the downside of using yaml
instead of md in the past)
 - ...

## Demo

```yaml
name: New Contribution
description: External Contributor creating a pull

body:
- type: checkboxes
  id: extern-todo
  visible: [form]
  attributes:
    label: Contribution Guidelines
    options:
      - label: I checked there exist no similar feature to be extended
        required: true
      - label: I did read the CONTRIBUTION.MD
        required: true
- type: checkboxes
  id: intern-todo
  visible: [content]
  attributes:
    label: Maintainer Check-List
    options:
      - label: Does this pull follow the KISS principe
      - label: Checked if internal bord was notifyed
# ....
```
[Demo
Video](https://cloud.obermui.de/s/tm34fSAbJp9qw9z/download/vid-20240220-152751.mkv)

---
*Sponsored by Kithara Software GmbH*

---------

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit 77e29e0c39392f142627303bd798fb55258072b2)
2024-03-06 12:10:47 +08:00
KN4CK3R
47a913d40d
Add support for API blob upload of release attachments (#29507)
Fixes #29502

Our endpoint is not Github compatible.

https://docs.github.com/en/rest/releases/assets?apiVersion=2022-11-28#upload-a-release-asset

---------

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 70c126e6184872a6ac63cae2f327fc745b25d1d7)
2024-03-06 12:10:46 +08:00
Gusted
42ae3d3d81
[BUG] Fix header name in swagger response
- This was incorrectly copied from the `swaggerCommitList` struct, which
on the other hand does set `X-Total`, but the API handler that uses this
response only sets `X-Total-Count`.
2024-02-29 14:08:10 +01:00
qwerty287
1608ef0ce9
Add API to get merged PR of a commit (#29243)
Adds a new API `/repos/{owner}/{repo}/commits/{sha}/pull` that allows
you to get the merged PR associated to a commit.

---------

Co-authored-by: 6543 <6543@obermui.de>
(cherry picked from commit 0a426cc575734e5eff410d6a790f40473117f753)
2024-02-26 22:30:26 +01:00
qwerty287
feb189554e
Add API to get PR by base/head (#29242)
Closes https://github.com/go-gitea/gitea/issues/16289

Add a new API `/repos/{owner}/{repo}/pulls/{base}/{head}` to get a PR by
its base and head branch.
2024-02-26 03:41:42 +01:00