Commit graph

4792 commits

Author SHA1 Message Date
Earl Warren
6e98a57096 Merge pull request 'Implement an instance-wide activitypub actor' (#4811) from algernon/forgejo:to-be-or-not-to-be into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4811
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-05 14:23:02 +00:00
Gergely Nagy
f121e87aa6
activitypub: Implement an instance-wide actor
An instance-wide actor is required for outgoing signed requests that are
done on behalf of the instance, rather than on behalf of other actors.
Such things include updating profile information, or fetching public
keys.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-08-05 10:50:26 +02:00
TheFox0x7
c738542201 Open telemetry integration (#3972)
This PR adds opentelemetry and chi wrapper to have basic instrumentation

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3972): <!--number 3972 --><!--line 0 --><!--description YWRkIHN1cHBvcnQgZm9yIGJhc2ljIHJlcXVlc3QgdHJhY2luZyB3aXRoIG9wZW50ZWxlbWV0cnk=-->add support for basic request tracing with opentelemetry<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3972
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>
Co-committed-by: TheFox0x7 <thefox0x7@gmail.com>
2024-08-05 06:04:39 +00:00
Exploding Dragon
f17194ca91 Arch packages implementation (#4785)
Some checks are pending
/ release (push) Waiting to run
testing / backend-checks (push) Waiting to run
testing / frontend-checks (push) Waiting to run
testing / test-unit (push) Blocked by required conditions
testing / test-remote-cacher (map[image:docker.io/valkey/valkey:7.2.5-alpine3.19 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:ghcr.io/microsoft/garnet-alpine:1.0.14 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:redis:7.2 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:registry.redict.io/redict:7.3.0-scratch port:6379]) (push) Blocked by required conditions
testing / test-mysql (push) Blocked by required conditions
testing / test-pgsql (push) Blocked by required conditions
testing / test-sqlite (push) Blocked by required conditions
testing / security-check (push) Blocked by required conditions
This PR is from https://github.com/go-gitea/gitea/pull/31037

This PR was originally created by @d1nch8g , and the original source code comes from https://ion.lc/core/gitea.

This PR adds a package registry for [Arch Linux](https://archlinux.org/) packages with support for package files, [signatures](https://wiki.archlinux.org/title/Pacman/Package_signing), and automatic [pacman-database](https://archlinux.org/pacman/repo-add.8.html) management.

Features:

1. Push any ` tar.zst ` package and Gitea sign it.
2. Delete endpoint for specific package version and all related files
3. Supports trust levels with `SigLevel = Required`.
4. Package UI with instructions to connect to the new pacman database and visualised package metadata

![](/attachments/810ca6df-bd20-44c2-bdf7-95e94886d750)

You can follow [this tutorial](https://wiki.archlinux.org/title/Creating_packages) to build a *.pkg.tar.zst package for testing

docs pr: https://codeberg.org/forgejo/docs/pulls/791

Co-authored-by: d1nch8g@ion.lc
Co-authored-by: @KN4CK3R
Co-authored-by: @mahlzahn
Co-authored-by: @silverwind
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4785
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
Co-committed-by: Exploding Dragon <explodingfkl@gmail.com>
2024-08-04 06:16:29 +00:00
Gergely Nagy
67fa52dedb
feat(quota): Quota enforcement
The previous commit laid out the foundation of the quota engine, this
one builds on top of it, and implements the actual enforcement.

Enforcement happens at the route decoration level, whenever possible. In
case of the API, when over quota, a 413 error is returned, with an
appropriate JSON payload. In case of web routes, a 413 HTML page is
rendered with similar information.

This implementation is for a **soft quota**: quota usage is checked
before an operation is to be performed, and the operation is *only*
denied if the user is already over quota. This makes it possible to go
over quota, but has the significant advantage of being practically
implementable within the current Forgejo architecture.

The goal of enforcement is to deny actions that can make the user go
over quota, and allow the rest. As such, deleting things should - in
almost all cases - be possible. A prime exemption is deleting files via
the web ui: that creates a new commit, which in turn increases repo
size, thus, is denied if the user is over quota.

Limitations
-----------

Because we generally work at a route decorator level, and rarely
look *into* the operation itself, `size:repos:public` and
`size:repos:private` are not enforced at this level, the engine enforces
against `size:repos:all`. This will be improved in the future.

AGit does not play very well with this system, because AGit PRs count
toward the repo they're opened against, while in the GitHub-style fork +
pull model, it counts against the fork. This too, can be improved in the
future.

There's very little done on the UI side to guard against going over
quota. What this patch implements, is enforcement, not prevention. The
UI will still let you *try* operations that *will* result in a denial.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-08-02 11:10:34 +02:00
Gergely Nagy
e1fe3bbdc0
feat(quota): Humble beginnings of a quota engine
This is an implementation of a quota engine, and the API routes to
manage its settings. This does *not* contain any enforcement code: this
is just the bedrock, the engine itself.

The goal of the engine is to be flexible and future proof: to be nimble
enough to build on it further, without having to rewrite large parts of
it.

It might feel a little more complicated than necessary, because the goal
was to be able to support scenarios only very few Forgejo instances
need, scenarios the vast majority of mostly smaller instances simply do
not care about. The goal is to support both big and small, and for that,
we need a solid, flexible foundation.

There are thee big parts to the engine: counting quota use, setting
limits, and evaluating whether the usage is within the limits. Sounds
simple on paper, less so in practice!

Quota counting
==============

Quota is counted based on repo ownership, whenever possible, because
repo owners are in ultimate control over the resources they use: they
can delete repos, attachments, everything, even if they don't *own*
those themselves. They can clean up, and will always have the permission
and access required to do so. Would we count quota based on the owning
user, that could lead to situations where a user is unable to free up
space, because they uploaded a big attachment to a repo that has been
taken private since. It's both more fair, and much safer to count quota
against repo owners.

This means that if user A uploads an attachment to an issue opened
against organization O, that will count towards the quota of
organization O, rather than user A.

One's quota usage stats can be queried using the `/user/quota` API
endpoint. To figure out what's eating into it, the
`/user/repos?order_by=size`, `/user/quota/attachments`,
`/user/quota/artifacts`, and `/user/quota/packages` endpoints should be
consulted. There's also `/user/quota/check?subject=<...>` to check
whether the signed-in user is within a particular quota limit.

Quotas are counted based on sizes stored in the database.

Setting quota limits
====================

There are different "subjects" one can limit usage for. At this time,
only size-based limits are implemented, which are:

- `size:all`: As the name would imply, the total size of everything
  Forgejo tracks.
- `size:repos:all`: The total size of all repositories (not including
  LFS).
- `size:repos:public`: The total size of all public repositories (not
  including LFS).
- `size:repos:private`: The total size of all private repositories (not
  including LFS).
- `size:git:all`: The total size of all git data (including all
  repositories, and LFS).
- `size:git:lfs`: The size of all git LFS data (either in private or
  public repos).
- `size:assets:all`: The size of all assets tracked by Forgejo.
- `size:assets:attachments:all`: The size of all kinds of attachments
  tracked by Forgejo.
- `size:assets:attachments:issues`: Size of all attachments attached to
  issues, including issue comments.
- `size:assets:attachments:releases`: Size of all attachments attached
  to releases. This does *not* include automatically generated archives.
- `size:assets:artifacts`: Size of all Action artifacts.
- `size:assets:packages:all`: Size of all Packages.
- `size:wiki`: Wiki size

Wiki size is currently not tracked, and the engine will always deem it
within quota.

These subjects are built into Rules, which set a limit on *all* subjects
within a rule. Thus, we can create a rule that says: "1Gb limit on all
release assets, all packages, and git LFS, combined". For a rule to
stand, the total sum of all subjects must be below the rule's limit.

Rules are in turn collected into groups. A group is just a name, and a
list of rules. For a group to stand, all of its rules must stand. Thus,
if we have a group with two rules, one that sets a combined 1Gb limit on
release assets, all packages, and git LFS, and another rule that sets a
256Mb limit on packages, if the user has 512Mb of packages, the group
will not stand, because the second rule deems it over quota. Similarly,
if the user has only 128Mb of packages, but 900Mb of release assets, the
group will not stand, because the combined size of packages and release
assets is over the 1Gb limit of the first rule.

Groups themselves are collected into Group Lists. A group list stands
when *any* of the groups within stand. This allows an administrator to
set conservative defaults, but then place select users into additional
groups that increase some aspect of their limits.

To top it off, it is possible to set the default quota groups a user
belongs to in `app.ini`. If there's no explicit assignment, the engine
will use the default groups. This makes it possible to avoid having to
assign each and every user a list of quota groups, and only those need
to be explicitly assigned who need a different set of groups than the
defaults.

If a user has any quota groups assigned to them, the default list will
not be considered for them.

The management APIs
===================

This commit contains the engine itself, its unit tests, and the quota
management APIs. It does not contain any enforcement.

The APIs are documented in-code, and in the swagger docs, and the
integration tests can serve as an example on how to use them.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-08-02 11:10:34 +02:00
Gergely Nagy
250f87db59
feat(api): An order_by param for user.ListMyRepos
Add an optional `order_by` parameter to the `user.ListMyRepos`
handler (which handles the `/api/v1/user/repos` route), allowing a user
to sort repos by name (the default), id, or size.

The latter will be useful later for figuring out which repos use most
space, which repos eat most into a user's quota.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-08-02 10:52:21 +02:00
Exploding Dragon
471265c4e0 Add signature support for the RPM module (#4780)
Some checks are pending
/ release (push) Waiting to run
testing / backend-checks (push) Waiting to run
testing / frontend-checks (push) Waiting to run
testing / test-unit (push) Blocked by required conditions
testing / test-remote-cacher (map[image:docker.io/valkey/valkey:7.2.5-alpine3.19 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:ghcr.io/microsoft/garnet-alpine:1.0.14 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:redis:7.2 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:registry.redict.io/redict:7.3.0-scratch port:6379]) (push) Blocked by required conditions
testing / test-mysql (push) Blocked by required conditions
testing / test-pgsql (push) Blocked by required conditions
testing / test-sqlite (push) Blocked by required conditions
testing / security-check (push) Blocked by required conditions
This pull request comes from https://github.com/go-gitea/gitea/pull/27069.

If the rpm package does not contain a matching gpg signature, the installation will fail. See ([gitea/gitea#27031](https://github.com/go-gitea/gitea/issues/27031)) , now auto-signing all new rpm uploads.

This option is turned off by default for compatibility.

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4780): <!--number 4780 --><!--line 0 --><!--description QWRkIHNpZ25hdHVyZSBzdXBwb3J0IGZvciB0aGUgUlBNIG1vZHVsZQ==-->Add signature support for the RPM module<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4780
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
Co-committed-by: Exploding Dragon <explodingfkl@gmail.com>
2024-08-02 05:56:57 +00:00
Gusted
db78a3abed
[API] Add error messages to dispatch API
- Add a error messages to the dispatch
API (https://code.forgejo.org/api/swagger#/repository/DispatchWorkflow)
when incorrect values are given. Otherwise an incorrect error message is
shown to the user.
- Relevant https://codeberg.org/forgejo/forgejo/issues/4765#issuecomment-2125392
2024-07-31 21:09:17 +02:00
Robert Wolff
994bd93e69 feat(UI): add package counter to repo/user/org overview pages
- add package counter to repo/user/org overview pages
    - add go unit tests for repo/user has/count packages
    - add many more unit tests for packages model
    - fix error for non-existing packages in DeletePackageByID and SetRepositoryLink
2024-07-31 12:40:24 +02:00
TheFox0x7
4de909747b Add testifylint to lint checks (#4535)
Some checks are pending
/ release (push) Waiting to run
testing / test-remote-cacher (map[image:redis:7.2 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:registry.redict.io/redict:7.3.0-scratch port:6379]) (push) Blocked by required conditions
testing / test-mysql (push) Blocked by required conditions
testing / test-pgsql (push) Blocked by required conditions
testing / backend-checks (push) Waiting to run
testing / frontend-checks (push) Waiting to run
testing / test-unit (push) Blocked by required conditions
testing / test-remote-cacher (map[image:docker.io/valkey/valkey:7.2.5-alpine3.19 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:ghcr.io/microsoft/garnet-alpine:1.0.14 port:6379]) (push) Blocked by required conditions
testing / test-sqlite (push) Blocked by required conditions
testing / security-check (push) Blocked by required conditions
go-require lint is ignored for now

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4535
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>
Co-committed-by: TheFox0x7 <thefox0x7@gmail.com>
2024-07-30 19:41:10 +00:00
Earl Warren
94933470cd Merge pull request 'Implement external release assets' (#1445) from maltejur/forgejo:forgejo-external-attachments into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1445
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-30 15:50:57 +00:00
Malte Jürgens
a61e7c7a39
Implement external assets 2024-07-29 20:35:55 +02:00
Adam Majer
94e9cbcd71
Add return type to GetRawFileOrLFS and GetRawFile (#31680)
Document return type for the endpoints that fetch specific files from a
repository. This allows the swagger generated code to read the returned
data.

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit bae87dfb0958e6a2920c905e51c2a026b7b71ca6)
2024-07-28 09:00:29 +02:00
yp05327
d0e52fd641
Support delete user email in admin panel (#31690)
![QQ_1721784609320](https://github.com/user-attachments/assets/23f08bf3-93f4-44d7-963d-10380ef8c1f1)

![QQ_1721784616403](https://github.com/user-attachments/assets/667cbd1e-5e21-4489-8d18-2a7be85190db)

![QQ_1721784626722](https://github.com/user-attachments/assets/495beb94-dfa2-481c-aa60-d5115cad1ae1)

---------

Co-authored-by: Jason Song <i@wolfogre.com>
(cherry picked from commit cc044818c33ff066c4e5869c9e75de9707def6ed)
2024-07-28 09:00:29 +02:00
Stanislas Dolcini
e465ac854d
Use GetDisplayName() instead of DisplayName() to generate rss feeds (#31687)
Fixes #31491 The RSS feed converted ignored the setting used in the
application.

(cherry picked from commit d8f82cbc780d09bb7ad074407a48480f0333b4b3)
2024-07-28 07:27:10 +02:00
Gusted
a7e96aae66
[SEC] Notify owner about TOTP enrollment
- In the spirit of #4635
- Notify the owner when their account is getting enrolled into TOTP. The
message is changed according if they have security keys or not.
- Integration test added.
2024-07-26 19:49:22 +02:00
Earl Warren
e9e3b8c0f3
fix(api): issue state change is not idempotent
The PATCH if issue & pull request switched to use the service
functions instead. However, the service function changing the state is
not idempotent. Instead of doing nothing which changing from open to
open or close to close, it will fail with an error like:

 Issue [2472] 0 was already closed

Regression of: 6a4bc0289d

Fixes: https://codeberg.org/forgejo/forgejo/issues/4686
2024-07-25 15:16:44 +02:00
Gusted
4383da91bd
[SECURITY] Notify users about account security changes
- Currently if the password, primary mail, TOTP or security keys are
changed, no notification is made of that and makes compromising an
account a bit easier as it's essentially undetectable until the original
person tries to log in. Although other changes should be made as
well (re-authing before allowing a password change), this should go a
long way of improving the account security in Forgejo.
- Adds a mail notification for password and primary mail changes. For
the primary mail change, a mail notification is sent to the old primary
mail.
- Add a mail notification when TOTP or a security keys is removed, if no
other 2FA method is configured the mail will also contain that 2FA is
no longer needed to log into their account.
- `MakeEmailAddressPrimary` is refactored to the user service package,
as it now involves calling the mailer service.
- Unit tests added.
- Integration tests added.
2024-07-23 18:31:47 +02:00
Rowan Bohde
21fdd28f08
allow synchronizing user status from OAuth2 login providers (#31572)
This leverages the existing `sync_external_users` cron job to
synchronize the `IsActive` flag on users who use an OAuth2 provider set
to synchronize. This synchronization is done by checking for expired
access tokens, and using the stored refresh token to request a new
access token. If the response back from the OAuth2 provider is the
`invalid_grant` error code, the user is marked as inactive. However, the
user is able to reactivate their account by logging in the web browser
through their OAuth2 flow.

Also changed to support this is that a linked `ExternalLoginUser` is
always created upon a login or signup via OAuth2.

Ideally, we would also refresh permissions from the configured OAuth
provider (e.g., admin, restricted and group mappings) to match the
implementation of LDAP. However, the OAuth library used for this `goth`,
doesn't seem to support issuing a session via refresh tokens. The
interface provides a [`RefreshToken`
method](https://github.com/markbates/goth/blob/master/provider.go#L20),
but the returned `oauth.Token` doesn't implement the `goth.Session` we
would need to call `FetchUser`. Due to specific implementations, we
would need to build a compatibility function for every provider, since
they cast to concrete types (e.g.
[Azure](https://github.com/markbates/goth/blob/master/providers/azureadv2/azureadv2.go#L132))

---------

Co-authored-by: Kyle D <kdumontnu@gmail.com>
(cherry picked from commit 416c36f3034e228a27258b5a8a15eec4e5e426ba)

Conflicts:
	- tests/integration/auth_ldap_test.go
	  Trivial conflict resolved by manually applying the change.
	- routers/web/auth/oauth.go
	  Technically not a conflict, but the original PR removed the
	  modules/util import, which in our version, is still in use. Added it
	  back.
2024-07-22 15:44:13 +02:00
Gusted
6a49e3f468
[BUG] Fix panic on too high page number
- Fixes a panic where the file history router would panic if the page
number was set to a page where no commits would be returned. It now
returns a 404 in such case.
- Regresion of a5b1c1b0b3
- Panic log provided by @algernon.
- Minimal integration test added.

Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-07-21 02:01:54 +02:00
Earl Warren
eb61437a52 Merge pull request '[UI] Convert milestone to HTMX' (#4542) from gusted/htmx-milestone into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4542
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-20 07:49:28 +00:00
Alexandre Oliveira
ef815db8f2 Remove hardcoded filenames for better readability 2024-07-17 23:20:48 +02:00
Gusted
d731dc793b
[UI] Convert milestone to HTMX
- Currently if you want to update the milestone of an issue or pull
request, your whole page will be reloaded to reflect the newly set
milestone. This is quite unecessary, as only the milestone text is
updated and a new timeline event is added.
- This patch converts the milestone section in the issue/pull request
sidebar to use HTMX, so it becomes a progressive element and avoids
reloading the whole page to update the milestone.
- The update of the milestone section itself is quite straightforward
and nothing special is happening. To support adding new timeline events,
a new element `#insert-timeline` is conviently placed after the last
timeline event, which can be used with
[`hx-swap-oob`](https://htmx.org/attributes/hx-swap-oob/) to position
new timeline events before that element.
- Adds E2E test.
2024-07-17 14:52:00 +02:00
Gusted
14d9c386fd
[UI] Fix HTMX support for profile card
- There were two issues with the profile card since the introduction of
HTMX in 3e8414179c. If an HTMX request
resulted in a flash message, it wasn't being shown and HTMX was
replacing all the HTML content instead of morphing it into the existing
DOM which caused event listeners to be lost for buttons.
- Flash messages are now properly being shown by using `hx-swap-oob`
and sending the alerts on a HTMX request, this does mean it requires
server-side changes in order to support HTMX requests like this, but
it's luckily not a big change either.
- Morphing is now enabled for the profile card by setting
`hx-swap="morph"`, and weirdly, the morphing library was already
installed and included as a dependency. This solves the issue of buttons
losing their event listeners.
- This patch also adds HTMX support to the modals feature, which means
that the blocking feature on the profile card now takes advantage of
HTMX.
- Added a E2E test.
2024-07-17 01:41:32 +02:00
Solomon Victorino
df22f8da5f fix: preserve object format dropdown options on /repo/create error (#4360)
To reproduce:
- make the repo creation form return with an error, like a duplicate name
- click on the Object format dropdown
- the options are missing as the listbox is empty

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4360
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Solomon Victorino <git@solomonvictorino.com>
Co-committed-by: Solomon Victorino <git@solomonvictorino.com>
2024-07-16 14:42:35 +00:00
Gergely Nagy
fc4f914e71
Load attachments for /issues/comments/{id}
The `/repos/{owner}/{repo}/issues/comments/{id}` API endpoint returns an
`assets` field, but the route handler did not load attachments, thus,
the field was never populated.

This patch fixes that, and adds a test to exercise it. The test fails
without the fix.

This addresses a bug discovered in Codeberg/Community#1607.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-07-16 11:09:54 +02:00
Gusted
45341ee9ce
[CHORE] Use github.com/ProtonMail/go-crypto
- We were previously using `github.com/keybase/go-crypto`, because the
package for openpgp by Go itself is deprecated and no longer
maintained. This library provided a maintained version of the openpgp
package. However, it hasn't seen any activity for the last five years,
 and I would therefore consider this also unmaintained.
- This patch switches the package to `github.com/ProtonMail/go-crypto`
which provides a maintained version of the openpgp package and was
already being used in the tests.
- Adds unit tests, I've carefully checked the callstacks to ensure the
OpenPGP-related code was covered under either a unit test or integration
tests to avoid regression, as this can easily turn into security
vulnerabilities if a regression happens here.
- Small behavior update, revocations are now checked correctly instead
of checking if they merely exist and the expiry time of a subkey is used
if one is provided (this is just cosmetic and doesn't impact security).
- One more dependency eliminated :D
2024-07-15 17:27:37 +02:00
ThetaDev
e80f8ff69f fix artifact range requests (#4218)
I noticed that Forgejo does not allow HTTP range requests when downloading artifacts. All other file downloads like releases and packages support them.

So I looked at the code and found that the artifact download endpoint uses a simple io.Copy to serve the file contents instead of using the established `ServeContentByReadSeeker` function which does take range requests into account.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4218
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: ThetaDev <thetadev@magenta.de>
Co-committed-by: ThetaDev <thetadev@magenta.de>
2024-07-10 05:28:01 +00:00
Gusted
a8460bb132
[BUG] Use correct SHA in GetCommitPullRequest
- The param wasn't `sha`, it was `ref`. Use this instead.
- Adds new integration tests.
- Resolves #4190
- Resolves #4025
2024-07-06 22:04:31 +02:00
Mai-Lapyst
98c8d45f0b Fixes an visual bug where the info box to dispatch a workflow is shown even for users that lack permissions to actualy run the workflow. (#4305)
Example: Visit https://v8.next.forgejo.org/Mai-Lapyst/test/actions?workflow=dispatch.yaml&actor=0&status=0 without being logged in.

![image](/attachments/98e74104-4d60-4f7f-b17c-7e76467cd397)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4305
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Co-committed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
2024-07-06 05:30:58 +00:00
Twenty Panda
5561e80b04 fix(hook): ignore unknown push options instead of failing
If a repository has

git config --add push.pushOption submit=".sourcehut/*.yml"

it failed when pushed because of the unknown submit push
option. It will be ignored instead.

Filtering out the push options is done in an earlier stage, when the
hook command runs, before it submits the options map to the private
endpoint.

* move all the push options logic to modules/git/pushoptions
* add 100% test coverage for modules/git/pushoptions

Test coverage for the code paths from which code was moved to the
modules/git/pushoptions package:

* cmd/hook.go:runHookPreReceive
* routers/private/hook_pre_receive.go:validatePushOptions
  tests/integration/git_push_test.go:TestOptionsGitPush runs through
  both. The test verifying the option is rejected was removed and, if
  added again, will fail because the option is now ignored instead of
  being rejected.

* cmd/hook.go:runHookProcReceive
* services/agit/agit.go:ProcReceive
  tests/integration/git_test.go: doCreateAgitFlowPull runs through
  both. It uses variations of AGit related push options.

* cmd/hook.go:runHookPostReceive
* routers/private/hook_post_receive.go:HookPostReceive
  tests/integration/git_test.go:doPushCreate called by TestGit/HTTP/sha1/PushCreate
  runs through both.
  Note that although it provides coverage for this code path it does not use push options.

Fixes: https://codeberg.org/forgejo/forgejo/issues/3651
2024-07-02 21:39:01 +02:00
Mai-Lapyst
51735c415b Add support for workflow_dispatch (#3334)
Closes #2797

I'm aware of https://github.com/go-gitea/gitea/pull/28163 exists, but since I had it laying around on my drive and collecting dust, I might as well open a PR for it if anyone wants the feature a bit sooner than waiting for upstream to release it or to be a forgejo "native" implementation.

This PR Contains:
- Support for the `workflow_dispatch` trigger
- Inputs: boolean, string, number, choice

Things still to be done:
- [x] API Endpoint `/api/v1/<org>/<repo>/actions/workflows/<workflow id>/dispatches`
- ~~Fixing some UI bugs I had no time figuring out, like why dropdown/choice inputs's menu's behave weirdly~~ Unrelated visual bug with dropdowns inside dropdowns
- [x] Fix bug where opening the branch selection submits the form
- [x] Limit on inputs to render/process

Things not in this PR:
- Inputs: environment (First need support for environments in forgejo)

Things needed to test this:
- A patch for https://code.forgejo.org/forgejo/runner to actually consider the inputs inside the workflow.
  ~~One possible patch can be seen here: https://code.forgejo.org/Mai-Lapyst/runner/src/branch/support-workflow-inputs~~
  [PR](https://code.forgejo.org/forgejo/runner/pulls/199)

![image](/attachments/2db50c9e-898f-41cb-b698-43edeefd2573)

## Testing

- Checkout PR
- Setup new development runner with [this PR](https://code.forgejo.org/forgejo/runner/pulls/199)
- Create a repo with a workflow (see below)
- Go to the actions tab, select the workflow and see the notice as in the screenshot above
- Use the button + dropdown to run the workflow
  - Try also running it via the api using the `` endpoint
- ...
- Profit!

<details>
<summary>Example workflow</summary>

```yaml
on:
  workflow_dispatch:
    inputs:
      logLevel:
        description: 'Log Level'
        required: true
        default: 'warning'
        type: choice
        options:
        - info
        - warning
        - debug
      tags:
        description: 'Test scenario tags'
        required: false
        type: boolean
      boolean_default_true:
        description: 'Test scenario tags'
        required: true
        type: boolean
        default: true
      boolean_default_false:
        description: 'Test scenario tags'
        required: false
        type: boolean
        default: false
      number1_default:
        description: 'Number w. default'
        default: '100'
        type: number
      number2:
        description: 'Number w/o. default'
        type: number
      string1_default:
        description: 'String w. default'
        default: 'Hello world'
        type: string
      string2:
        description: 'String w/o. default'
        required: true
        type: string

jobs:
  test:
    runs-on: docker
    steps:
      - uses: actions/checkout@v3
      - run: whoami
      - run: cat /etc/issue
      - run: uname -a
      - run: date
      - run: echo ${{ inputs.logLevel }}
      - run: echo ${{ inputs.tags }}
      - env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"
      - run: echo "abc"
```
</details>

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3334
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Co-committed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
2024-06-28 05:17:11 +00:00
6543
77da92f42a
Add cache test for admins (#31265)
Add a test to probe the cache similar to the email test func.

![image](https://github.com/go-gitea/gitea/assets/24977596/700e2733-586d-4091-900f-f5f71e6e94bf)

![image](https://github.com/go-gitea/gitea/assets/24977596/2a953802-18fc-4e81-a37d-24ebe1297365)

![image](https://github.com/go-gitea/gitea/assets/24977596/e00d62ad-bb60-41cc-9138-09993daee156)

---------

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 363c1235987793dffa5cc851aaae585eb81f091e)

Conflicts:
	options/locale/locale_en-US.ini
	templates/admin/self_check.tmpl
	trivial context conflict
2024-06-23 11:27:03 +02:00
Earl Warren
d03a169dae Merge pull request 'Add headers to follower lists' (#4174) from 0ko/forgejo:ui-profile-followers-title into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4174
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-19 09:54:41 +00:00
0ko
53215726e1 Add headers to follower lists 2024-06-19 11:53:59 +05:00
Gusted
5926ed1f73
[SWAGGER] Make it consistent with reality
- Make the `UserSettings` definition an non-array, this is consistent
with the existing endpoints that uses this definition.
- Resolves #4179
2024-06-19 07:16:42 +02:00
wxiaoguang
35447463ba
Fix Activity Page Contributors dropdown (#31264)
Fix #31261

(cherry picked from commit e728fd741be7848d476663eec1c9caaf34b46e61)
2024-06-18 20:05:23 +02:00
Earl Warren
328b5d79d3 Merge pull request '[gitea] week 2024-25 cherry pick (gitea/main -> forgejo)' (#4145) from earl-warren/wcp/2024-25 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4145
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-06-18 07:56:20 +00:00
Shiny Nematoda
b5d96e7db7 [FEAT] expose fuzzy search for issues/repo (#4160)
Ports fuzzy search for `/issues` and `/pulls` from gitea.
Adds fuzzy search for `/user/repo/issues` and `/user/repo/pulls`.

---
## Notes
### Port: [`gitea#be5be0ac81`](be5be0ac81)

- CONFLICT (content): Merge conflict in routers/web/user/home.go

Conflict resolved by
  1. keeping both `PageIsOrgIssues` and the newly introduced `IsFuzzy`
  2. using `pager.AddParam(ctx, "fuzzy", "IsFuzzy")` rather than `pager.AddParamString("fuzzy", fmt.Sprintf("%v", isFuzzy))`

- CONFLICT (content): Merge conflict in templates/user/dashboard/issues.tmpl

Conflict resolved by keeping the changes from #4096, and picking the `&fuzzy=${{.IsFuzzy}}` inclusion to all urls and `{{if .PageIsPulls}}...`

### Port: [`gitea#fede3cbada`](fede3cbada)

- CONFLICT (content): Merge conflict in templates/user/dashboard/issues.tmpl

Conflict resolved by keeping previous changes and picking the replacement of `{{if .PageIsPulls}}...` with `{{template "shared/search/combo_fuzzy"...` which contains the replacement of `explorer.go` to `explorer.go_to`

### Fixup commit

replaces `Iif` with `if` which was introduced in gitea#fede3cbada

### Feature commit

adds in support for /user/repo/(issues|pulls) + test

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Kerwin Bryant <kerwin612@qq.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4160
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2024-06-17 18:58:24 +00:00
Beowulf
b03cc85f79
add org readme to search with priority
This adds org-mode readmes to the extensions that are prioritized when
searching for readme. Org-mode readmes come after markdown readmes in
terms of priority and before txt readmes.

Closes #4073
2024-06-16 15:27:28 +02:00
6543
3246e83251
Rename repo_model.SearchOrderByMap to repo_model.OrderByMap (#31359)
https://github.com/go-gitea/gitea/pull/30876#discussion_r1637112394
(cherry picked from commit 78e8296e113e2fd9259ec05fe87035427821ea0b)
2024-06-16 13:42:59 +02:00
Zettat123
813bf24445
Allow downloading attachments of draft releases (#31369)
Fix #31362

(cherry picked from commit 42718d32af9d259205bee0fde818ffc0c3a9797f)
2024-06-16 13:42:59 +02:00
mzroot
ff43d02803
Add tag protection via rest api #17862 (#31295)
Add tag protection manage via rest API.

---------

Co-authored-by: Alexander Kogay <kogay.a@citilink.ru>
Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit d4e4226c3cbfa62a6adf15f4466747468eb208c7)

Conflicts:
	modules/structs/repo_tag.go
	trivial context conflict
	templates/swagger/v1_json.tmpl
	fixed with make generate-swagger
2024-06-16 13:42:59 +02:00
6543
12e23ee199
[Refactor] Unify repo search order by logic (#30876)
have repo OrderBy definitions defined in one place and use a single type
for OrderBy database options

(cherry picked from commit bb04311b0b5b7a28f94c4bc409db1c4a04bcef17)
2024-06-16 13:42:58 +02:00
Rowan Bohde
1627d3a53f
Reduce memory usage for chunked artifact uploads to MinIO (#31325)
When using the MinIO storage driver for Actions Artifacts, we found that
the chunked artifact required significantly more memory usage to both
upload and merge than the local storage driver. This seems to be related
to hardcoding a value of `-1` for the size to the MinIO client [which
has a warning about memory usage in the respective
docs](https://pkg.go.dev/github.com/minio/minio-go/v7#Client.PutObject).
Specifying the size in both the upload and merge case reduces memory
usage of the MinIO client.

Co-authored-by: Kyle D <kdumontnu@gmail.com>
(cherry picked from commit 45dbeb5600d1f552c0134721fe49e8fd1099b5a4)
2024-06-16 13:42:58 +02:00
silverwind
d8bc0495de
Enable unparam linter (#31277)
Enable [unparam](https://github.com/mvdan/unparam) linter.

Often I could not tell the intention why param is unused, so I put
`//nolint` for those cases like webhook request creation functions never
using `ctx`.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit fc2d75f86d77b022ece848acf2581c14ef21d43b)

Conflicts:
	modules/setting/config_env.go
	modules/storage/azureblob.go
	services/webhook/dingtalk.go
	services/webhook/discord.go
	services/webhook/feishu.go
	services/webhook/matrix.go
	services/webhook/msteams.go
	services/webhook/packagist.go
	services/webhook/slack.go
	services/webhook/telegram.go
	services/webhook/wechatwork.go

	run make lint-go and fix Forgejo specific warnings
2024-06-16 13:42:58 +02:00
0ko
c320f16a0b Fix wrong error highlighting on install page (#4063)
More details are in PR message.

Changes applied:

* replace `Err_Services` with more specific `Err_DisabledRegistration`
* highlight the self-registration option instead of services section

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4063
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-11 19:05:05 +00:00
Earl Warren
df373c9f7e Merge pull request '[gitea] week 2024-24 cherry pick (gitea/main -> forgejo)' (#4083) from earl-warren/wcp/2024-24 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4083
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-06-11 10:37:26 +00:00
oliverpool
7d6a0bced9 fix: PKCE only for supported providers 2024-06-10 11:24:32 +02:00