Backport #25920 by @KN4CK3R
Got the same problem as #25915 when updating an instance. The
`log.Fatal` should have been marked as breaking in #23911.
This PR adds a notice that the system is shutting down because of the
deprecated setting.
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Backport #25894 by @sebastian-sauer
Use a real button and add an aria-label.
Additionally, show the button whenever it is focused.
See https://codeberg.org/forgejo/forgejo/issues/998 for explanation.
Our handling of this button is now equal to that of GitHub.
Nothing has changed visually.
Co-authored-by: sebastian-sauer <sauer.sebastian@gmail.com>
Backport #25701 by @CaiCandong
we refactored `userIDFromToken` for the token parsing part into a new
function `parseToken`. `parseToken` returns the string `token` from
request, and a boolean `ok` representing whether the token exists or
not. So we can distinguish between token non-existence and token
inconsistency in the `verfity` function, thus solving the problem of no
proper error message when the token is inconsistent.
close#24439
related #22119
Co-authored-by: caicandong <50507092+CaiCandong@users.noreply.github.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Backport #25806 by @yp05327
sort type `oldest` should be `Asc`.
Added a test for this.
I see we have `SearchOrderBy` in db model, but we are using many
different ways to define the sort type.
~Maybe we can improve this later.~
↑ Improved in this PR
Co-authored-by: yp05327 <576951401@qq.com>
Backport #25746Fix#25736
Caused by #24048
Right now we only check the activity type for `pull_request` event when
`types` is specified or there are no `types` and filter. If a workflow
only specifies filters but no `types` like this:
```
on:
pull_request:
branches: [main]
```
the workflow will be triggered even if the activity type is not one of
`[opened, reopened, sync]`. We need to check the activity type in this
case.
Backport #25648
Replace #25580Fix#19453
The problem was: when users set "GITEA__XXX__YYY" , the "install page"
doesn't respect it.
So, to make the result consistent and avoid surprising end users, now
the "install page" also writes the environment variables to the config
file.
And, to make things clear, there are enough messages on the UI to tell
users what will happen.
There are some necessary/related changes to `environment-to-ini.go`:
* The "--clear" flag is removed and it was incorrectly written there.
The "clear" operation should be done if INSTALL_LOCK=true
* The "--prefix" flag is removed because it's never used, never
documented and it only causes inconsistent behavior.
The only conflict during backport is "ui divider" in
templates/install.tmpl
Backport #25738 by @wxiaoguang
Fix#25726#17846 chose an incorrect WORK_DIR path for docker root image.
Gitea's work-path was already used as the base path for various paths
(like AppDataPath), so, the work-path should be mounted to a volume in a
docker image.
Now, for docker root image, it's unavoidable to mix the
WorkPath/CustomPath/AppDataPath in the same directory ("/data/gitea"),
because some of them have already been mixed.
Some directories in the screenshot are for "CustomPath" , while others
are for "AppDataPath", due to the technical debts in old code:
```
CUSTOM_PATH="/data/gitea"
APP_DATA_PATH = /data/gitea
```
<details>
![image](https://github.com/go-gitea/gitea/assets/2114189/9f0648ac-f731-4a08-9f26-1af01a1824b1)
</details>
This PR is breaking but this is the only way at the moment to avoid
users losing their data accidently
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #25707 by @KN4CK3R
Fixes (?) #25538
Fixes https://codeberg.org/forgejo/forgejo/issues/972
Regression #23879#23879 introduced a change which prevents read access to packages if a
user is not a member of an organization.
That PR also contained a change which disallows package access if the
team unit is configured with "no access" for packages. I don't think
this change makes sense (at the moment). It may be relevant for private
orgs. But for public or limited orgs that's useless because an
unauthorized user would have more access rights than the team member.
This PR restores the old behaviour "If a user has read access for an
owner, they can read packages".
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Backport #25734 by @KN4CK3R
The method is only used in the test. Found it because I changed the
fixtures and had a hard time fixing this test. My revenge is deleting
it.
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Backport #25781 by @wxiaoguang
Fix#25627
1. `ctx.Data["Link"]` should use relative URL but not AppURL
2. The `data-params` is incorrect because it doesn't contain "page". JS
can simply use "window.location.search" to construct the AJAX URL
3. The `data-xxx` and `id` in notification_subscriptions.tmpl were
copied&pasted, they don't have affect.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #22759 by @KN4CK3R
related #16865
This PR adds an accessibility check before mounting container blobs.
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: silverwind <me@silverwind.io>
Backport #25771 by @leavesster
---
according `docker/rootless/usr/local/bin/docker-setup.sh` , in rootless
docker setup, ssh port is 2222.
and mysql database case should port same as PostgreSQL port
Co-authored-by: leavesster <11785335+leavesster@users.noreply.github.com>
Some translations were just copied&pasted and they duplicated a lot.
Now, they are broken .....
To avoid blocking 1.20 release, as a quick fix, remove all of them, only
keep the en-US texts.
Backport #25721 by @wolfogre
Set the correct permissions on the .ssh directory and authorized_keys
file, or sshd will refuse to use them and lead to clone/push/pull
failures.
It could happen when users have copied their data to a new volume and
changed the file permission by accident, and it would be very hard to
troubleshoot unless users know how to check the logs of sshd which is
started by s6.
Co-authored-by: Jason Song <i@wolfogre.com>
Backport https://github.com/go-gitea/gitea/pull/25652
This will prevent the most common cases of SVG shrinking because lack of
space. I evaluated multiple options and this seems to be the one with
the least impact in size and processing cost, so I went with it.
Unfortunately, CSS can not dynamically convert `16` obtained from
`attr()` to `16px`, or else a generic solution for all sizes would have
been possible. But a solution is [in
sight](https://developer.mozilla.org/en-US/docs/Web/CSS/attr#type-or-unit)
with `attr(width px)` but no browser supports it currently.
Replace #25446, fix#25438
All "cancel" buttons which do not have "type" should not submit the
form, should not be triggered by "Enter".
This is a complete fix for all modal dialogs.
The major change is "modules/aria/modal.js", "devtest" related code is
for demo/test purpose.