Commit graph

19424 commits

Author SHA1 Message Date
0ko
592367c43a [UI] Fix milestone header inconsistencies with issues/PRs 2024-04-20 14:06:26 +05:00
Earl Warren
41e0507cd3 Merge pull request 'hooks: Harden when we accept push options that change repo settings' (#3314) from earl-warren/forgejo:wip-push-options into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3314
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-04-20 05:57:35 +00:00
0ko
8947948a0a Merge pull request 'Various improvements to pages: notifications and subscriptions' (#3175) from 0ko/forgejo:meet-your-subscribtions into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3175
Reviewed-by: Otto <otto@codeberg.org>
2024-04-20 05:27:15 +00:00
Mai-Lapyst
ee2f71f71b
Adds support for log-line groups
Supports special rendering of `##[group]` and `##[endgroup]`.
2024-04-20 07:02:58 +02:00
Renovate Bot
ba0f05b286 Update dependency mini-css-extract-plugin to v2.9.0 2024-04-20 00:03:42 +00:00
Mai-Lapyst
acfae43253
Fix panic where now a third link breaks everything 2024-04-19 23:54:46 +02:00
Mai-Lapyst
e9eacdecd2
Fix issue where rendering stops after the first invalid parmalink 2024-04-19 18:21:21 +02:00
Gergely Nagy
8eba631f8d
hooks: Harden when we accept push options that change repo settings
It is possible to change some repo settings (its visibility, and
template status) via `git push` options: `-o repo.private=true`, `-o
repo.template=true`.

Previously, there weren't sufficient permission checks on these, and
anyone who could `git push` to a repository - including via an AGit
workflow! - was able to change either of these settings. To guard
against this, the pre-receive hook will now check if either of these
options are present, and if so, will perform additional permission
checks to ensure that these can only be set by a repository owner or
an administrator. Additionally, changing these settings is disabled for
forks, even for the fork's owner.

There's still a case where the owner of a repository can change the
visibility of it, and it will not propagate to forks (it propagates to
forks when changing the visibility via the API), but that's an
inconsistency, not a security issue.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Signed-off-by: Earl Warren <contact@earl-warren.org>
2024-04-19 16:53:14 +02:00
0ko
67d6c674df Merge pull request 'Remove EasyMDE from various areas' (#2916) from 0ko/forgejo:easymde into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2916
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-04-19 13:48:34 +00:00
Earl Warren
b05a7809b5 Merge pull request 'fix(tests): 30s to cancel processes to avoid false negatives' (#3317) from earl-warren/forgejo:wip-cancel-test into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3317
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-04-19 12:48:41 +00:00
Earl Warren
0342b7fdcd Merge pull request '[RELEASE] v1.21.11-1 release notes' (#3330) from earl-warren/forgejo:wip-release-notes-1.21 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3330
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-04-19 11:49:03 +00:00
Earl Warren
af7decae18 Merge pull request 'Update citation-js monorepo to v0.7.11' (#3321) from renovate/citation-js-monorepo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3321
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-04-19 11:08:57 +00:00
Earl Warren
080f1e8250
[RELEASE] v1.21.11-1 release notes 2024-04-19 13:00:57 +02:00
Gusted
b6992ed6b9 Merge pull request 'services: Use proper Message-IDs for release mails' (#3309) from algernon/forgejo:are-we-dot-atom-text-yet into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3309
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-04-19 08:35:17 +00:00
Renovate Bot
82ec2a65e0 Update citation-js monorepo to v0.7.11 2024-04-19 00:02:54 +00:00
Earl Warren
9a80f6b57e Merge pull request 'v1.21.11-0 release notes' (#3287) from crystal/forgejo:pr/releasenotes-1.21.11-0 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3287
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-18 20:14:21 +00:00
Earl Warren
77843135b0
slight wording change and most serious fix first 2024-04-18 21:57:53 +02:00
crystal
2b2c0f1ae2
add security fixes details, link to compare 2024-04-18 12:37:59 -06:00
Earl Warren
d335a3330f Merge pull request 'ci(renovate): fix step names (take 2)' (#3318) from earl-warren/forgejo:wip-renovate-run into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3318
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-04-18 18:17:16 +00:00
Earl Warren
9303f8e72d
ci(renovate): fix step names (take 2) 2024-04-18 20:08:27 +02:00
Earl Warren
6316e21be2
fix(tests): 30s to cancel processes to avoid false negatives
on slower machines it can take more than 1 second to cancel leftover
tasks
2024-04-18 18:47:49 +02:00
Otto Richter
87d4746f5e Rename button to "Finish Review"
Motivation: The meaning of the button is apparent from the visual
position and the number icon. This is not exposed to a screenreader.
Naming it to "Finish Review" helps with to provide the meaning of the
button as well as the number in the label.
2024-04-18 16:21:30 +02:00
Otto Richter
187e10d8c9 Fix unlabelled button in code review 2024-04-18 16:20:29 +02:00
Earl Warren
c7b8a434c3 Merge pull request 'ci(renovate): fix step names' (#3311) from viceice/forgejo:ci/renovate/fix-step-names into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3311
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-18 14:04:19 +00:00
Earl Warren
b58474173a Merge pull request 'Update ghcr.io/visualon/renovate Docker tag to v37.305.0' (#3312) from renovate/ghcr.io-visualon-renovate-37.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3312
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-04-18 13:54:22 +00:00
crystal
95fa27374b
typo 2024-04-18 07:27:48 -06:00
Gergely Nagy
b0c0167c54
services: Use proper Message-IDs for release mails
When sending notification emails about a release, use a properly
formatted, RFC-compliant message id, rather than the release's HTML URL
wrapped in angle brackets (which would not be compliant).

Fixes #3105.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-18 13:44:18 +02:00
Renovate Bot
0f078ba4c9 Update ghcr.io/visualon/renovate Docker tag to v37.305.0 2024-04-18 11:25:53 +00:00
Michael Kriese
1f4915692b
ci(renovate): fix step names 2024-04-18 13:22:51 +02:00
Renovate Bot
ca2473e895 Update ghcr.io/visualon/renovate Docker tag to v37.303.2 2024-04-17 16:05:21 +00:00
Earl Warren
bc3e66097c Merge pull request 'fix(release): add missing ARG RELEASE_VERSION' (#3290) from earl-warren/forgejo:wip-oci-labels into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3290
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-04-17 15:51:36 +00:00
Earl Warren
97189d41f3
fix(release): add missing ARG RELEASE_VERSION
The ARG RELEASE_VERSION set in the build-env image does not propagate
to the images that follow. As a result the value of the version label
is always empty.

This should have been caught by the test in the CI but although it
notified the problem in the output, it did not fail. Upgrade to the
forgejo-build-publish version that fixes this false positive.
2024-04-17 17:16:53 +02:00
crystal
0ff5be49ab
[RELEASE] v1.21.11-0 release notes 2024-04-17 05:45:41 -06:00
Earl Warren
d07f12e010 Merge pull request 'Do not require login_name & source_id for /admin/user/{username}' (#3278) from algernon/forgejo:leave-your-name-at-the-door into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3278
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-17 11:05:13 +00:00
Mai-Lapyst
5b6b3f3fb3
Fix some edge cases; closes #3232
- Fixes wrong usage of AppURL
- Fixes wrong rendering with extra path segments when AppSubURL is empty
- Now also renders all links when 2+ permalinks are present
2024-04-17 13:02:48 +02:00
Earl Warren
618e517d4c Merge pull request 'Update dependency vue to v3.4.23' (#3280) from renovate/vue-monorepo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3280
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-04-17 10:32:43 +00:00
Earl Warren
c2f2858363 Merge pull request 'chore(renovate): schedule some deps quarterly' (#3284) from viceice/forgejo:chore/renovate-schedule into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3284
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-17 10:16:50 +00:00
Gergely Nagy
dc39043cd6
Change the default SSH clone url to the ssh:// style
Rather than using an scp-style URI, use the same URL style for SSH
clones as for HTTP(S) ones. This is not only more consistent, but the
URL style allows one to specify a port, and makes it clear that it is an
SSH clone URL.

git itself favours the URL style, and mentions the scp-style in passing
only. Said style is prominently used by GitHub, and might be more
familiar for a lot of people, but other than familiarity, it has no
advantage over the URL style.

For the benefit of consistency, and flexibility, lets flip the default,
and make it the URL style. Instance admins who prefer to use the
scp-style, and are running SSH on its standard port, can change the
setting back to false.

This addresses #3193.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-17 11:04:48 +02:00
Gergely Nagy
d07c8c821c
Do not require login_name & source_id for /admin/user/{username}
When editing a user via the API, do not require setting `login_name` or
`source_id`: for local accounts, these do not matter. However, when
editing a non-local account, require *both*, as before.

Fixes #1861.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-17 10:33:52 +02:00
Michael Kriese
bb0daa9522
chore(renovate): schedule some deps quarterly 2024-04-17 09:24:59 +02:00
Earl Warren
e4aa7bd511 Merge pull request 'webhook: improve UX for sourcehut and matrix' (#3156) from oliverpool/forgejo:webhook_sourcehut_polish into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3156
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-17 06:39:54 +00:00
Gergely Nagy
ea4071ca9f Allow admins to fork repos even when creation limits are exhausted (#3277)
This is a continuation of #2728, with a test case added.

Fixes #2633.

I kept @zareck 's commit as is, because I believe it is correct. We can't move the check to `owner.CanForkRepo()`, because `owner` is the future owner of the forked repo, and may be an organization. We need to check the admin permission of the `doer`, like in the case of repository creation.

I verified that the test fails without the `ForkRepository` change, and passes with it.

Co-authored-by: Cassio Zareck <cassiomilczareck@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3277
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Co-committed-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-17 05:52:02 +00:00
Earl Warren
33d0617538 Merge pull request 'feat(release): add OCI labels to container images' (#3261) from earl-warren/forgejo:wip-oci-labels into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3261
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-04-17 05:46:36 +00:00
Earl Warren
a003691c7b Merge pull request 'Allow changing global wiki editability via the API' (#3276) from algernon/forgejo:let-the-api-control-your-wiki-editability into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3276
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-17 05:46:10 +00:00
Renovate Bot
a5c0643d13 Update dependency vue to v3.4.23 2024-04-17 00:04:27 +00:00
Gusted
787bc6ed94 Merge pull request 'Update dependency @stylistic/eslint-plugin-js to v1.7.2' (#3251) from renovate/stylistic-eslint-plugin-js-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3251
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-04-16 20:59:10 +00:00
Gergely Nagy
df8e58c5cb
Allow changing global wiki editability via the API
The global wiki editability can be set via the web UI, this patch makes
it possible to set the same thing via the API too. This is accomplished
by adjusting the GET and PATCH handlers of the
`/api/v1/repos/{owner}/{repo}` route.

The first will include the property when checking the repo's settings,
the second allows a repo admin to change the setting too.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-16 22:51:36 +02:00
oliverpool
ada8bfa52f Merge pull request 'Fix release published actions not triggering for releases created from existing tags' (#3220) from zotan/forgejo:forgejo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3220
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-16 18:27:59 +00:00
Laura Hausmann
8506dbe2e5
Add tests for webhook release events
Co-authored-by: oliverpool <git@olivier.pfad.fr>
2024-04-16 19:25:26 +02:00
Earl Warren
a5a0fc7344 Merge pull request '[BUG] Escape editor.add_tmpl translation' (#3269) from gusted/forgejo-escape-tr into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3269
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-16 16:19:47 +00:00