Commit graph

18720 commits

Author SHA1 Message Date
Earl Warren
85a73553c9 feat(docs): 7.0.1 release notes template
so that individual commits can include additions to the release notes
when relevant.

(cherry picked from commit a7602781c4)
2024-04-24 07:26:20 +00:00
Earl Warren
a134c0f172 Merge pull request 'fix(docs): backport v7.0.0 release notes' (#3405) from earl-warren/forgejo:wip-release-notes-v7.0.1 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3405
2024-04-24 07:17:11 +00:00
Earl Warren
f5d9d8cbd4
fix(docs): backport v7.0.0 release notes
The v7.0 branch should have the v7.0 release notes.
2024-04-24 08:24:28 +02:00
Earl Warren
73c190af4c Merge pull request '[v7.0/forgejo] Fix the WIP prefix toggling on the sidebar' (#3390) from bp-v7.0/forgejo-a93a99e into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3390
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-23 08:42:03 +00:00
Gergely Nagy
e947fa7acc Fix the WIP prefix toggling on the sidebar
The WIP prefix toggling link on the sidebar only supported toggling
the *first* prefix specified in
`[repository.pullrequest].WORK_IN_PROGRESS_PREFIXES`. If the pull
request had a title with any other prefix, the first prefix listed in
the config was added (and then removed on toggling it off).

This little change makes all of the prefixes available for the
JavaScript function that does the toggling, and changes said function to
find the used prefix first, and toggle that.

When adding the prefix, it will still default to adding the first one
listed in the configuration, but it will happily remove any others if
those are present.

Fixes #3377.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit a93a99eef3)
2024-04-23 08:01:58 +00:00
Earl Warren
bbd204c30c Merge pull request '[v7.0/forgejo] fix(incoming): allow replies to comments' (#3382) from bp-v7.0/forgejo-5428531 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3382
2024-04-22 23:46:52 +00:00
Earl Warren
f58e0d8617 fix(incoming): allow replies to comments
- allow attachments to code comments
- incoming mails from issue comments are now identified as comments

Fixes: https://codeberg.org/forgejo/forgejo/issues/3374
(cherry picked from commit 54285319f6)
2024-04-22 22:43:16 +00:00
Earl Warren
9eaabc077a Merge pull request '[v7.0/forgejo] Fix dropdown text ellipsis (#30628) (#30633)' (#3373) from bp-v7.0/forgejo-112df5a into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3373
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-22 20:12:25 +00:00
wxiaoguang
196cef0221 Fix dropdown text ellipsis (#30628)
Follow
https://github.com/go-gitea/gitea/pull/30547#discussion_r1573866519

Fix #30624

The Fomantic UI Dropdown wasn't designed to work that way, its "text"
element might contain images. So the "overflow" shouldn't be added to
any general dropdown text.

![image](https://github.com/go-gitea/gitea/assets/2114189/f6ceaabd-bc89-4bf2-baa2-a6f0324c1962)

(cherry picked from commit 1e4867730b261352d63098b85cf53ca05867c8c2)
(cherry picked from commit 112df5a3fe)
2024-04-22 19:31:26 +00:00
Earl Warren
8859a7f1a7 Merge pull request '[v7.0/forgejo] Accessibility improvements to code review' (#3368) from bp-v7.0/forgejo-87d4746-187e10d into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3368
Reviewed-by: Otto <otto@codeberg.org>
2024-04-22 17:00:42 +00:00
Earl Warren
7316f23265 Merge pull request '[v7.0/forgejo] s/Gitea/Forgejo in various log messages and comments' (#3367) from bp-v7.0/forgejo-469c214 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3367
2024-04-22 15:37:10 +00:00
Otto Richter
4eefb64b12 Rename button to "Finish Review"
Motivation: The meaning of the button is apparent from the visual
position and the number icon. This is not exposed to a screenreader.
Naming it to "Finish Review" helps with to provide the meaning of the
button as well as the number in the label.

(cherry picked from commit 87d4746f5e)
2024-04-22 14:54:19 +00:00
Otto Richter
81cc944cda Fix unlabelled button in code review
(cherry picked from commit 187e10d8c9)
2024-04-22 14:54:19 +00:00
0ko
c7ba51518c s/Gitea/Forgejo in various log messages and comments
(cherry picked from commit 469c214ec8)
2024-04-22 14:41:17 +00:00
Earl Warren
4433cd9793 Merge pull request '[v1.22/gitea] week 2024-17 cherry pick v7.0' (#3354) from earl-warren/forgejo:wip-v7.0-gitea-cherry-pick into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3354
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-04-22 09:55:54 +00:00
Earl Warren
792764456c Merge pull request '[v7.0/forgejo] [PORT] gitea#30546: Add form field id generation, remove duplicated ids' (#3362) from bp-v7.0/forgejo-a01387f into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3362
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-22 08:15:26 +00:00
silverwind
2072ff75e8 Add form field id generation, remove duplicated ids (#30546)
Fixes: https://github.com/go-gitea/gitea/issues/30384

On repo settings page, there id `repo_name` was used 5 times on the same
page, some in modal and such. I think we are better off just
auto-generating these IDs in the future so that labels link up with
their form element.

Ideally this id generation would be done in backend in a subtemplate,
but seeing that we already have similar JS patches for checkboxes, I
took the easy path for now.

I also checked that these `#repo_name` were not in use in JS and the
only case where this id appears in JS is on the migration page where
it's still there.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit d4ec6b3d16496ce3b479d5a08f79823122dc2b7b)

Conflicts:
	- templates/repo/settings/options.tmpl
	  Conflict resolved by manually removing all `id` and `for`
	  attributes from elements that had `repo_name` as their id.
(cherry picked from commit a01387f5b1)
2024-04-22 07:46:30 +00:00
Earl Warren
eefa820874
[DEADCODE] update 2024-04-21 18:44:11 +02:00
Giteabot
4777ba210f
Fix package list performance (#30520) (#30616)
Backport #30520 by @KN4CK3R

Fixes #28255

The new query uses the id field to sort by "newer". This most not be
correct (usually it is) but it's faster (see #28255).
If someone has a better idea, please propose changes.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit ea2ea8ef28b6a2207ec00bafaf42d428612d69eb)
2024-04-21 18:19:06 +02:00
yp05327
0a9bbdcfef
Use action user as the trigger user of schedules (#30581)
Follow https://github.com/go-gitea/gitea/pull/30357

When user push to default branch, the schedule trigger user will be the
user.
When disable then enable action units in settings, the schedule trigger
user will be action user.
When repo is a mirror, the schedule trigger user will be action user. (
before it will return error, fixed by #30357)

As scheduled job is a cron, the trigger user should be action user from
Gitea, not a real user.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit cb6814adad4dc81a683b50826a211ce7bce731d7)

Conflicts:
	- services/actions/notifier_helper.go
	  Conflict resolved by keeping Forgejo's version of the line.
(cherry picked from commit 829c3c6838)
2024-04-21 18:17:35 +02:00
Giteabot
d802a8c0cf
Fix HEAD method for robots.txt (#30603) (#30605)
Backport #30603 by @wxiaoguang

Fix #30601

```
~$ curl --head localhost:3000/robots.txt
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=0, private, must-revalidate
Content-Length: 5
Content-Type: text/plain; charset=utf-8
Last-Modified: Wed, 19 Jul 2023 04:56:12 GMT
X-Gitea-Debug: RUN_MODE=dev
Date: Fri, 19 Apr 2024 12:59:44 GMT
```

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 7eaf7907d7f71e103baced018e6eeb271085789d)
2024-04-21 18:16:38 +02:00
Giteabot
0412657132
Avoid importing modules/web/middleware in modules/session (#30584) (#30589)
Backport #30584 by @wolfogre

Related to #30375.

It doesn't make sense to import `modules/web/middleware` and
`modules/setting` in `modules/web/session` since the last one is more
low-level.

And it looks like a workaround to call `DeleteLegacySiteCookie` in
`RegenerateSession`, so maybe we could reverse the importing by
registering hook functions.

Co-authored-by: Jason Song <i@wolfogre.com>
(cherry picked from commit 199397a852ec2d45524cefcc3c119fce4710560e)
2024-04-21 18:16:09 +02:00
Giteabot
f31879069f
Improve "Reference in new issue" modal (#30547) (#30574)
Backport #30547 by @silverwind

Fixes: https://github.com/go-gitea/gitea/issues/29994

Also some misc enhancements done to the form in the modal.

<img width="840" alt="Screenshot 2024-04-17 at 23 02 55"
src="https://github.com/go-gitea/gitea/assets/115237/e71fba55-55cd-4e48-a497-6b1025c36a43">

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 42019677e6cce6ae44a922e68b91d2a002450fa0)
2024-04-21 18:15:19 +02:00
Jerry Jacobs
6ad7758117
Fixup app.example.ini for task section, which is now queue.task (#30555)
Config section `[task]` has been deprecated in favor of `[queue.task]`

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 86d4c8a4662e9ab49888569d77529d2d22292e6b)

Conflicts:
	- docs/content/administration/config-cheat-sheet.en-us.md
	- docs/content/administration/config-cheat-sheet.zh-cn.md
	  Removed, they're Gitea specific.
(cherry picked from commit 5271792666)
2024-04-21 18:14:45 +02:00
Giteabot
1d8316f278
Fix border-radius on view, blame and code search (#30545) (#30560)
Backport #30545 by @silverwind

Fixes: https://github.com/go-gitea/gitea/issues/30540

1. Fix all these boxes by adding `bottom attached` and removing a
problematic CSS rule:

<img width="1319" alt="Screenshot 2024-04-17 at 22 25 31"
src="https://github.com/go-gitea/gitea/assets/115237/346445a4-4944-4003-a1ef-6f5b0eda624e">
<img width="643" alt="Screenshot 2024-04-17 at 22 21 18"
src="https://github.com/go-gitea/gitea/assets/115237/10f17ed3-9ad6-48de-92fa-bac6621815b9">

2. Change the "last commit" box to `ui segment` which has correct
border-radius. Also included is a tiny tweak to make author name ellipse
instead of wrap.

<img width="1331" alt="Screenshot 2024-04-17 at 22 23 23"
src="https://github.com/go-gitea/gitea/assets/115237/285fbd45-ced0-4d33-abe3-7384ffa03188">

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit b4a38318c333519b1008d03fd01e14a803363498)
2024-04-21 18:11:36 +02:00
Giteabot
cb4246ed57
Disable enter key for accepting code completion in Monaco (#30548) (#30559)
Backport #30548 by @silverwind

Fixes https://github.com/go-gitea/gitea/issues/28114 and behaviour
matches vscode on desktop as well.

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit c9633f2d74490211ffd9fd6b3a17180e86fa1fb9)
2024-04-21 18:11:02 +02:00
Giteabot
f436cb86d4
Fix branch_protection api shows users/teams who has no readAccess (#30291) (#30544)
Backport #30291 by @edwardzhanged

Add some logic in `convert.ToBranchProtection` to return only the names
associated with readAccess instead of returning all names. This will
ensure consistency in behavior between the frontend and backend.
Fixes: #27694

Co-authored-by: Edward Zhang <45360012+edwardzhanged@users.noreply.github.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.com>
Co-authored-by: wenzhuo.zhang <wenzhuo.zhang@geely.com>
(cherry picked from commit d88958bb99eabc07dead6965e396755e7b6d947f)
2024-04-21 18:10:34 +02:00
silverwind
d6689b88a8
Run go generate and go vet on all packages (#30529)
Fixes: https://github.com/go-gitea/gitea/issues/30512

I think this does mean those tools would run on a potential `vendor`
directory, but I'm not sure we really support vendoring of dependencies
anymore.

`release` has a `vendor` prerequisite so likely the source tarballs
contain vendor files?

(cherry picked from commit 8e12ef911a1d10dedb03e3127c42ca76f9850aca)

Conflicts:
	- Makefile
	  Manually adjusted the changes.
(cherry picked from commit 3918db10c8)
2024-04-21 18:09:48 +02:00
Giteabot
141efd58df
Fix install page checkboxes and dropdown width (#30526) (#30538)
Backport #30526 by @silverwind

Fixes: https://github.com/go-gitea/gitea/issues/30523

1. Fix checkbox rendering:

<img width="406" alt="Screenshot 2024-04-16 at 21 37 03"
src="https://github.com/go-gitea/gitea/assets/115237/42df99b0-58c7-47d1-b99d-0c15250560c7">

2. Fix width of selection dropdowns (was too small):

<img width="826" alt="Screenshot 2024-04-16 at 21 37 09"
src="https://github.com/go-gitea/gitea/assets/115237/e006d0d6-ac3d-4804-94de-b2c3c8a5900d">

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit caeed3af6ea239541d0f319c1f2da8233e04b173)
2024-04-21 18:08:51 +02:00
Giteabot
6724373288
Tweak and fix toggle checkboxes (#30527) (#30531)
Backport #30527 by @silverwind

Fixes: https://github.com/go-gitea/gitea/issues/30524. Slightly restyled
them so that the "knob" is contained inside the background.

<img width="179" alt="Screenshot 2024-04-16 at 21 58 09"
src="https://github.com/go-gitea/gitea/assets/115237/be94517b-9cb7-46e2-ae96-fcf6767ce4ba">
<img width="187" alt="Screenshot 2024-04-16 at 21 58 50"
src="https://github.com/go-gitea/gitea/assets/115237/c13a1959-5c5a-4e88-9225-e5f6fb72e3e0">

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit d5525b714322bf8a39334b045dffe368c6207e01)
2024-04-21 18:08:18 +02:00
Giteabot
9de4bebbf7
Fix empty field login_name in API response JSON when creating user (#30511) (#30516)
Backport #30511 by @yp05327

Fix #30508

ps: if `sourceID` is not set, `LoginName` will be ignored

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit f9a025f6a358aa6e34408743a59f5081f397d47c)
2024-04-21 18:07:51 +02:00
Giteabot
c044cb2de3
Fix various overflows on actions view (#30344) (#30505)
Backport #30344 by @silverwind

Fix a number of text overflow issues in actions view and run list. Also
improve mobile view of run list.

Fixes: https://github.com/go-gitea/gitea/issues/30328

<img width="782" alt="Screenshot 2024-04-08 at 23 10 16"
src="https://github.com/go-gitea/gitea/assets/115237/3d9f9f88-3eab-44a0-8144-30c2b58b24cb">
<img width="935" alt="Screenshot 2024-04-08 at 23 17 46"
src="https://github.com/go-gitea/gitea/assets/115237/581d73ea-a31d-416b-be3a-47313b879b12">
<img width="1008" alt="Screenshot 2024-04-08 at 23 49 05"
src="https://github.com/go-gitea/gitea/assets/115237/c5d10565-f285-477f-8659-1caf94797647">
<img width="397" alt="Screenshot 2024-04-08 at 23 55 30"
src="https://github.com/go-gitea/gitea/assets/115237/368aaa75-1903-4058-9d75-d1fe91c564d6">

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 00179f637d9add4e42edf6185cd641eb98115970)
2024-04-21 18:07:00 +02:00
Giteabot
889469fb74
Convert max file name length to 255 (#30489) (#30504)
Backport #30489 by @yp05327

Quick/Partly fix #29907

In Linux and MacOS, by default the max file name length is 255.
In windows, it depends on the version and settings, and has no file name
length limitation, but has path length limitation.
By default it is 260, considering path length is longer than filename,
so I think it is ok to do this.

For Windows, see
https://learn.microsoft.com/windows/win32/fileio/maximum-file-path-limitation?tabs=registry
For Linux, see
https://github.com/torvalds/linux/blob/master/include/uapi/linux/limits.h#L12-L13
For MacOS, see
https://discussions.apple.com/thread/254788848?sortBy=best

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit f52b1db305f887c917e6c875b8ac4f8b784b825b)
2024-04-21 18:06:23 +02:00
Lunny Xiao
05523fc96f
Fix commit status cache which missed target_url (#30426) (#30444)
Fix #30421
Backport #30426

Co-authored-by: Jason Song <i@wolfogre.com>
(cherry picked from commit 7ffc0acc424b3116e1a478962b3ea51611c710e3)

Conflicts:
	services/repository/commitstatus/commitstatus.go
	resolved in the same way as https://codeberg.org/forgejo/forgejo/pulls/3245/files#diff-1122f6e98dabe36f18c4ec06bce75fc9a799d83c
2024-04-21 18:02:50 +02:00
Giteabot
ce31e611e2
Fix overflow on issue dependency (#30484) (#30494)
Backport #30484 by @silverwind

Small tweak here to prevent this and likely other events from
overflowing in the timeline:

<img width="895" alt="Screenshot 2024-04-14 at 22 53 17"
src="https://github.com/go-gitea/gitea/assets/115237/001b4f6b-f649-44ff-b2f0-c8e0dedeb384">

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 2efc81d200106cd8707dae1a1bf50ea586b4c846)
2024-04-21 17:45:36 +02:00
wxiaoguang
55447525f6
Improve "must-change-password" logic and document (#30472)
Unify the behaviors of "user create" and "user change-password".

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 4c6e2da088cf092a9790df5c84b7b338508fede7)

Conflicts:
	- cmd/admin_user_create.go
          Resolved by favoring Gitea's version of the conflicting areas.
	- docs/content/administration/command-line.en-us.md
          Removed, Gitea specific.
(cherry picked from commit b122c6ef8b)
2024-04-21 17:44:11 +02:00
Giteabot
65ba5b924f
fix: Fix to delete cookie when AppSubURL is non-empty (#30375) (#30469)
Backport #30375 by @jtran

Cookies may exist on "/subpath" and "/subpath/" for some legacy reasons
(eg: changed CookiePath behavior in code). The legacy cookie should be
removed correctly.

Co-authored-by: Jonathan Tran <jonnytran@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
(cherry picked from commit e64926c5193e9ccc30b34f187d96c74d104179ae)
2024-04-21 17:39:14 +02:00
0ko
b4ccfe1bc5 Merge pull request 'Backport Translations update from Weblate (#3244)' (#3352) from 0ko/forgejo:i18n-backport-20240421 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3352
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-21 14:51:35 +00:00
Codeberg Translate
2c6fa1efd0 [I18N] Translations update from Weblate (#3244)
Translations update from [Weblate](https://translate.codeberg.org) for [Forgejo/forgejo](https://translate.codeberg.org/projects/forgejo/forgejo/).

Current translation status:

![Weblate translation status](https://translate.codeberg.org/widget/forgejo/forgejo/horizontal-auto.svg)

Co-authored-by: Justman10000 <Justman10000@users.noreply.translate.codeberg.org>
Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: Dirk <Dirk@users.noreply.translate.codeberg.org>
Co-authored-by: hankskyjames777 <hankskyjames777@users.noreply.translate.codeberg.org>
Co-authored-by: emansije <emansije@users.noreply.translate.codeberg.org>
Co-authored-by: Kita Ikuyo <searinminecraft@courvix.com>
Co-authored-by: Salif Mehmed <mail@salif.eu>
Co-authored-by: fnetX <otto@codeberg.org>
Co-authored-by: EssGeeEich <EssGeeEich@users.noreply.translate.codeberg.org>
Co-authored-by: Zughy <Zughy@users.noreply.translate.codeberg.org>
Co-authored-by: Xinayder <Xinayder@users.noreply.translate.codeberg.org>
Co-authored-by: m0s <m0s@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3244
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
2024-04-21 19:19:54 +05:00
Earl Warren
f569f4f5dc Merge pull request '[v7.0/forgejo] cleanup(tests): remove manual testing submodule' (#3348) from bp-v7.0/forgejo-69c6141 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3348
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-21 09:15:30 +00:00
Earl Warren
a1f56a159b cleanup(tests): remove manual testing submodule
It is not effective, a different approach is needed

(cherry picked from commit 69c614162f)
2024-04-21 08:46:56 +00:00
Earl Warren
b349f82a62 Merge pull request '[v7.0/forgejo] Fix some edge cases with permalink rendering' (#3341) from bp-v7.0/forgejo-acfae43-e9eacde-5b6b3f3 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3341
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-20 11:09:20 +00:00
Mai-Lapyst
9641273b2b Fix panic where now a third link breaks everything
(cherry picked from commit acfae43253)
2024-04-20 10:24:54 +00:00
Mai-Lapyst
ae0615561a Fix issue where rendering stops after the first invalid parmalink
(cherry picked from commit e9eacdecd2)
2024-04-20 10:24:54 +00:00
Mai-Lapyst
9c81060eb9 Fix some edge cases; closes #3232
- Fixes wrong usage of AppURL
- Fixes wrong rendering with extra path segments when AppSubURL is empty
- Now also renders all links when 2+ permalinks are present

(cherry picked from commit 5b6b3f3fb3)
2024-04-20 10:24:54 +00:00
Earl Warren
25ddcd4b40 Merge pull request '[v7.0/forgejo] hooks: Harden when we accept push options that change repo settings' (#3338) from bp-v7.0/forgejo-8eba631 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3338
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-20 10:17:49 +00:00
Gergely Nagy
aacc13fca8 hooks: Harden when we accept push options that change repo settings
It is possible to change some repo settings (its visibility, and
template status) via `git push` options: `-o repo.private=true`, `-o
repo.template=true`.

Previously, there weren't sufficient permission checks on these, and
anyone who could `git push` to a repository - including via an AGit
workflow! - was able to change either of these settings. To guard
against this, the pre-receive hook will now check if either of these
options are present, and if so, will perform additional permission
checks to ensure that these can only be set by a repository owner or
an administrator. Additionally, changing these settings is disabled for
forks, even for the fork's owner.

There's still a case where the owner of a repository can change the
visibility of it, and it will not propagate to forks (it propagates to
forks when changing the visibility via the API), but that's an
inconsistency, not a security issue.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Signed-off-by: Earl Warren <contact@earl-warren.org>
(cherry picked from commit 8eba631f8d)
2024-04-20 05:58:39 +00:00
Earl Warren
67232bd44e Merge pull request '[backport] gitea#30406: Check the token's owner and repository when registering a runner' (#3262) from algernon/forgejo:backport/3257-to-7.0 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3262
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-04-19 15:41:18 +00:00
Earl Warren
129e91956e Merge pull request '[v7.0/forgejo] services: Use proper Message-IDs for release mails' (#3326) from bp-v7.0/forgejo-b0c0167 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3326
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-04-19 15:40:20 +00:00
Earl Warren
bc1f64e3bf Merge pull request '[v7.0/forgejo] [TEST] cancel all processes on PrepareTestEnv' (#3130) from bp-v7.0/forgejo-8ffaa08-aba99ab into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3130
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
2024-04-19 15:39:36 +00:00