Commit graph

4599 commits

Author SHA1 Message Date
klausfyhn
fc35915a28 feat: make action runs available in api (#7699)
## Summary

Inspired by https://docs.github.com/en/rest/actions/workflow-runs?apiVersion=2022-11-28#list-workflow-runs-for-a-repository and https://docs.github.com/en/rest/actions/workflow-runs?apiVersion=2022-11-28#get-a-workflow-run

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7699): <!--number 7699 --><!--line 0 --><!--description bWFrZSBhY3Rpb24gcnVucyBhdmFpbGFibGUgaW4gYXBp-->make action runs available in api<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7699
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: klausfyhn <klausfyhn@gmail.com>
Co-committed-by: klausfyhn <klausfyhn@gmail.com>
2025-06-02 22:05:12 +02:00
a6264998e6 Cleaning up the commit history. Last relevent commits were: Cleaned the comments and used test.describe to nest the tests ; fix the 0ko conflict
Some checks failed
Integration tests for the release process / release-simulation (push) Has been cancelled
2025-06-02 15:41:06 +02:00
Julian Schlarb
21151ea5ce fix: maven use groupId:artifactId for package name concatenation (#6352)
Second part of #6327 to fix the Maven package naming. This pull request includes:
* Changing the group and artifact IDs from being separated by `-` to `:` as suggested by [Maven](https://maven.apache.org/pom.html#Maven_Coordinates).
* Making Maven package names case-sensitive
* Migrating the database to:
  * Handle collisions of package names (e.g., groupId: foo- with artifactId: bar and groupId: foo with artifactId: -bar) by moving them into their own packages.
  * Fix the missing group ID issue (#6329).
  * Update  lower_name to match the name value for maven pkgs to make it case-sensetive.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6352
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Julian Schlarb <julian.schlarb@denktmit.de>
Co-committed-by: Julian Schlarb <julian.schlarb@denktmit.de>
2025-06-01 09:02:29 +02:00
Earl Warren
161924abf8 chore(cleanup): suppress non actionable XORM warnings (#8021)
The following will trigger a XORM warning:

```
	type Repository struct {
		ID     int64    `xorm:"pk autoincr"`
		Topics []string `xorm:"TEXT JSON NOT NULL"`
	}
```

that looks like:

```
  [W] Table repository Column topics db default is '', struct default is
```

it cannot be resolved because:

- SQLite requires a default when there is a NOT NULL
- MySQL forbids a default for TEXT

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8021
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
2025-05-30 13:01:08 +02:00
Maks1mS
8e2747859b fix: ensure consistent empty repository topics field (#7920)
Resolves #7878

An empty repository topic was not stored consistently across databases, this caused the `ONLY_SHOW_RELEVANT_REPOS` feature to not work correctly. Always store empty repository topics as an empty array to fix this.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7920
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Maks1mS <maks1ms@noreply.codeberg.org>
Co-committed-by: Maks1mS <maks1ms@noreply.codeberg.org>
2025-05-29 22:39:53 +02:00
Gusted
d6ab2a464f fix: aggregate deleted team as ghost team (#7987)
- If a review was requested from a deleted team, use the ghost team for the comment aggregator.
- Resolves Codeberg/Community#1952
- Unit test added.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7987
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-05-29 17:45:18 +02:00
chavacava
99d697263f chore(cleanup): replaces unnecessary calls to formatting functions by non-formatting equivalents (#7994)
This PR replaces unnecessary calls to formatting functions (`fmt.Printf`, `fmt.Errorf`, ...) by non-formatting equivalents.
Resolves #7967

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7994
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: chavacava <chavacava@noreply.codeberg.org>
Co-committed-by: chavacava <chavacava@noreply.codeberg.org>
2025-05-29 17:34:29 +02:00
Gusted
022eeee657 fix: ignore expired artifacts for quota calculation (#7976)
- Expired artifacts are kept in the database but the artifact has been deleted from the storage. Ignore them for the quota calculation.
- Added unit test.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7976
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-05-28 18:22:10 +02:00
Gusted
7d2a7b8559 feat: add validating user password as trace region (#7981)
- Password hashing can take a measurable amount of time, make this more visible in the trace by capturing the computations done in the password hash in their own region.
- Ref: forgejo/forgejo#6470

## Screenshot

![image](/attachments/9834b094-a78f-4ac2-847e-91f221a84833)

The upper part are where the tasks are shown (and nothing else). The bottom part is where the interesting execution tracing happens and the part where the user password hashing happens is now properly indicated/highlighted and does not need to be inferred by looking at the stack traces.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7981
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-05-28 14:46:23 +02:00
0ko
8b93f41aaa fix(ui): ensure same width of usercards in grid (#6799)
Followup to https://codeberg.org/forgejo/forgejo/pulls/4760

* some refactoring
    * move rules out of repo.css to a new module
    * simplify selectors by omitting .list: it is now only used to style the list itself, they're still precise enough in scope of .user-cards
* apply wrap/ellipsis to cards' content. Done via CSS to avoid spamming gt-ellipsis in the template
    * prevent cards with long content from taking horizontal space from other cards
    * prevent such cards from causing horizontal overflow on mobile
    * prevent varying card height, it doesn't look good even with text wrapping

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6799
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
2025-05-25 13:31:53 +02:00
Antonin Delpeuch
d2fce8360c fix: Add error reporting to PRs with invalid workflows (#7930)
Hello all, I am finally taking the time to follow-up on #6277 to get this implemented :)

## Checklist

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7930): <!--number 7930 --><!--line 0 --><!--description QWRkIGVycm9yIHJlcG9ydGluZyB0byBQUnMgd2l0aCBpbnZhbGlkIHdvcmtmbG93cw==-->Add error reporting to PRs with invalid workflows<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7930
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Antonin Delpeuch <antonin@delpeuch.eu>
Co-committed-by: Antonin Delpeuch <antonin@delpeuch.eu>
2025-05-22 16:48:48 +02:00
famfo
dda37e86bd feat: relax email requirements (#7829)
The current email restrictions were put in place because of a security issue with sendmail (https://github.com/go-gitea/gitea/pull/17688). Remove this restriction and instead ensure that this security issue cannot happen with sendmail.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7829
Reviewed-by: Ellen Εμιλία Άννα Zscheile <fogti@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: famfo <famfo@famfo.xyz>
Co-committed-by: famfo <famfo@famfo.xyz>
2025-05-22 12:20:25 +02:00
Gusted
fa2a135f68 chore: QoL improvements to tests (#7917)
- Use mock helper functions, instead of home-brew solutions.
- Disable cron jobs that are not important to be run during integration tests and might even interfere.
- Avoid sleeping unnecessary, if there's some requirement then sleep or retry until that requirement is met.
- Avoid trying to deliver webhooks that will always result in a failure.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7917
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-05-21 15:45:56 +02:00
Granular9241
7fb99379f6 fix: include activity needed for entire heatmap (#7893)
Problem: Only data from the past 365 days (31536000s) is loaded.
However, on the activity heatmap, there are 53 cols, each is 7 rows, so squares for at most 371 days (32054400s) are on the heatmap.
This results in a few blank squares on the very left side, despite activity.

Solution: Simply changing 31536000s (365d) to 32054400s (371d) to load all the needed activity.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7893
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Granular9241 <granular9241@noreply.codeberg.org>
Co-committed-by: Granular9241 <granular9241@noreply.codeberg.org>
2025-05-21 05:25:39 +02:00
Ryan Lerch
a0f902f635 fix(ui): make limits clearer in create repo form (#7402)
Resolves: #7341

Previously, the Create Repository button was only enabled if a user was able to create a repo in their own namespace. However, if they had reached the global repo limit, but were stlll able to create a repo in an org, the button would still be disabled.

In this pull request, the create repo form now:

1. Behaves like it always did previously if the user has not reached the repo limit.

2. If the User has reached the repo limit, and they are unable to create a repo in any of their orgs (or they have no orgs), the create repo form is displayed as:
![Screenshot](/attachments/9f22f43d-0036-4c48-b794-54302c0f241c)

3. If the User has reached the repo limit, and the **limit is greater than zero**, an alert appears at the top of the form, and they are only allowed to choose from the orgs that they are allowed to create repos in:
![Screenshot](/attachments/f5508e05-74fd-4858-9e95-967bd7017abd)

4. If the User has reached the repo limit, and the **limit is equal to zero**, no alert is displayed, as no user can create repos on that instance, and they are only allowed to choose from the orgs that they are allowed to create repos in:
![localhost_3000_repo_create (4).png](/attachments/e7a87da8-c19c-47e1-845e-2afc3667ab02)

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7402
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Ryan Lerch <rlerch@redhat.com>
Co-committed-by: Ryan Lerch <rlerch@redhat.com>
2025-05-20 16:37:15 +02:00
floss4good
dc56486b1f feat!: Abusive content reporting (#6977)
This implements milestones 1. and 4. from **Task F. Moderation features: Reporting** (part of [amendment of the workplan](https://codeberg.org/forgejo/sustainability/src/branch/main/2022-12-01-nlnet/2025-02-07-extended-workplan.md#task-f-moderation-features-reporting) for NLnet 2022-12-035):

> 1. A reporting feature is implemented in the database. It ensures that content remains available for review, even if a user deletes it after a report was sent.

> 4. Users can report the most relevant content types (at least: issue comments, repositories, users)

### See also:
- forgejo/discussions#291
- forgejo/discussions#304
- forgejo/design#30

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6977
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: floss4good <floss4good@disroot.org>
Co-committed-by: floss4good <floss4good@disroot.org>
2025-05-18 08:05:16 +00:00
Gusted
7c150be23d feat: improved performances when checking for conflicts on pull requests (#7727)
- `testPatch` is a function that is called to test a pull request and determine the state of the pull request. Checking for merge conflicts, check if the diff is empty and if the pull request modifies any protected files.
- The checking for merge conflict and if the diff is empty used git commands that relied on a working tree to correctly functions. Forgejo store repositories in a bare format which do not contain a working tree. This means that a temporary copy was created every time a pull request had to be re-checked and for large repositories involving quite some I/O interaction.
- This patch adjusts those codepaths to instead use newer Git plumbing commands that work without requiring a work tree and can thus be used directly on the bare repository. The merge conflict is now done via [`git-merge-tree(1)`](https://git-scm.com/docs/git-merge-tree/) and checking if the diff is empty is done via [`git-diff-tree(1)`](https://git-scm.com/docs/git-diff-tree).
- If the function is called to test a patch where the head and base repository are not the same, then [Git alternate](https://git-scm.com/docs/gitglossary#Documentation/gitglossary.txt-aiddefalternateobjectdatabaseaalternateobjectdatabase) is used to make the head commit available in the base repository, this done on a per git command basis via the `GIT_ALTERNATE_OBJECT_DIRECTORIES` environment.
- As far as I can understand the documentation and the existing code, there's no edge case that the new code cannot handle. It also results in a cleaner codepath, as the existing code did a lot of checking and merging in a more traditional approach that required a lot of (parsing) code, while the new code offloads this to git and has a trivial parser of the output.
- Resolves forgejo/forgejo#7701
- Added exhaustive integration testing.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7727
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-05-16 12:40:38 +00:00
John Moon
09f7dbecda fix: Remove "create branch" button on mirrored repos (#7640)
Currently, if you have a mirrored repo, the button on the "branches"
page to create a new branch is available to be pressed. Once you name
your new branch and click submit, you get a 404 page that doesn't explain
what went wrong.

As new branch creation is not supported on mirrored repos, let's just
take that button away if the repo is a mirror. This is already done for
archived repos, so we just need to add another check.

Fixes #7639.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7640
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: John Moon <john.moon@vts-i.com>
Co-committed-by: John Moon <john.moon@vts-i.com>
2025-05-14 23:26:12 +00:00
Daniel Kilimnik
a696ad132c fix: replace ß with ss in normalizeUserName (#7817)
When using an oauth provider for login, we can't always make sure that only supported characters are included in the name. Therefore there exist normalization rules for the username. In German some names contain the `ß` letter which usually gets replaces by `ss`. Therefore I added this to the `customCharsReplacement` list.
Without this fix, the user gets an undescriptive internal server error and the log states `CreateUser: name is invalid [<name>]: must be valid alpha or numeric or dash(-_) or dot characters`.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7817
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Daniel Kilimnik <daniel@neodyme.io>
Co-committed-by: Daniel Kilimnik <daniel@neodyme.io>
2025-05-08 16:59:41 +00:00
Gusted
4a57f73072 fix: remove artificial delay for PR update (#7773)
- I was not able to find a reasoning in the pull request (https://github.com/go-gitea/gitea/pull/9784) for the existence of this `time.Sleep`. The best I could come up with during manual testing is that there's a brief moment where 'this pull request is missing fork information' is shown, this was caused by an incorrect condition.
- Added integration test.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7773
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-05-04 21:54:55 +00:00
Beowulf
37d566bdb0 Show if commit is signed in activity feed and unify sha box (#6933)
Old activities are shown like before, new commits are displayed like commits in e.g. the commits list. _(Second commit)_

| New signed commits | Old (signed) commits |
|:--:|:--:|
| ![image](/attachments/cd81c761-eda6-44bf-8c43-ac3b7e6f16eb) | ![image](/attachments/243080f3-1b77-4ca7-bc03-bbf855c39c99) |

Additionally the sha box was moved in an own component to unify the usage. _(First commit)_

Closes #1824

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- User Interface features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6933): <!--number 6933 --><!--line 0 --><!--description U2hvdyBpZiBjb21taXQgaXMgdmVyaWZpZWQgaW4gYWN0aXZpdHkgZmVlZCBvZiBhbiB1c2VyIG9yIGFuIG9yZ2FuaXphdGlvbiBmb3IgbmV3IGFjdGl2aXR5-->Show if commit is verified in activity feed of an user or an organization for new activity<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6933
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Co-committed-by: Beowulf <beowulf@beocode.eu>
2025-05-03 10:54:52 +00:00
Gusted
3ebd96ef73 [gitea] week 2025-16 cherry pick (gitea/main -> forgejo) (#7602)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7602
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2025-05-02 18:35:33 +00:00
Gusted
32e64ccd34 chore: replace github.com/go-testfixtures/testfixtures (#7715)
- Replaces `github.com/go-testfixtures/testfixtures` with a homebrew solution that is fully compatible.
- The reason to replace this library is that it pulls in a lot of other libraries which is causing issues: (1) the test binary becomes bigger than necessary which really shows in incremental build times (this patch removes 27.6MiB of the integration test binary) (2) it pulls in libraries (mainly database drivers) that are not used and are not easy to upgrade in case of a security vulnerability, causing CI failures.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7715
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-04-29 19:28:56 +00:00
Gusted
df5d656827 feat: consider WebAuthn & SSH for instance signing (#7693)
- Currently the options `pubkey` and `twofa` only consider TOTP and GPG keys respectively. Adjust the code to also consider WebAuthn credentials and SSH keys.
- While adding the new unified functions I noticed that certain places also benefited from using these unified functions and took the liberty (where it was either a trivial translation or it was covered under testing) to use the new unified functions.
- Resolves forgejo/forgejo#7658
- Adds unit and integration tests.

Documentation PR: https://codeberg.org/forgejo/docs/pulls/1166

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7693
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-04-29 10:34:07 +00:00
Ellen Emilia Anna Zscheile
a0cc05ba92 fix various typos (#7690)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7690
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: floss4good <floss4good@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Ellen Emilia Anna Zscheile <fogti+devel@ytrizja.de>
Co-committed-by: Ellen Emilia Anna Zscheile <fogti+devel@ytrizja.de>
2025-04-28 06:46:29 +00:00
Earl Warren
7e489eed25 chore: merge tests.AddFixtures and unittest.OverrideFixtures (#7648)
The only parameter that is ever used is a single directory, make it that only instead of a more complex option structure.

Remove tests.AddFixtures that was the simpler form because it is now redundant.

---

Backporting to v11.0 will help with automated backporting of bug fixes in need of custom made fixtures.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7648
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
2025-04-25 09:14:33 +00:00
christopher-besch
05273fa8d2 Actions Done Notification (#7491)
This PR depends on https://codeberg.org/forgejo/forgejo/pulls/7510

This PR renames UpdateRunJob to UpdateRunJobWithoutNotification and UpdateRun to  UpdateRunWithoutNotification and implements wrapper functions that also call the new ActionRunNowDone notification when needed.

This PR can be reviewed commit-by-commit.

# Things to Test
- [x] GetRunBefore
- [ ] integration test for sendActionRunNowDoneNotificationIfNeeded, UpdateRun and UpdateRunJob

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Co-authored-by: nobody <nobody@example.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7491
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: christopher-besch <mail@chris-besch.com>
Co-committed-by: christopher-besch <mail@chris-besch.com>
2025-04-24 15:15:24 +00:00
Wolfgang Reithmeier
875534e50a Swift files can be passed either as file or as form value (#34068)
Fix #33990

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 2683adfcb4f7c5ee6ff56b3311ac657cb95c03a9)
2025-04-22 10:13:17 +02:00
Gusted
78e56ee2f7 [gitea] week 2025-15 cherry pick (gitea/main -> forgejo) (#7538)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7538
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2025-04-19 12:59:09 +00:00
zam
f6a5b783d2 add port and schema to federation host (#7203)
## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7203
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: zam <mirco.zachmann@meissa.de>
Co-committed-by: zam <mirco.zachmann@meissa.de>
2025-04-16 08:07:51 +00:00
Earl Warren
1b11ca6f36 fix: match PackageBlob.HashBlake2b definition and migration (#7543)
If not a migration will show a warning:

`[W] Table public.package_blob column hash_blake2b db type is VARCHAR(255), struct type is CHAR(128)`

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7543
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
2025-04-15 07:05:21 +00:00
hiifong
82dd00873d fix webhook url (#34186)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit aada0370e7d72a591d58788f6db76bdbc3dddbb7)
2025-04-14 16:10:20 +02:00
Gusted
442958df1d [gitea] week 2025-14 cherry pick (gitea/main -> forgejo) (#7486)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7486
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2025-04-13 12:00:15 +00:00
Gusted
b55c72828e feat(sec): Add SSH signing support for instances (#6897)
- Add support to set `gpg.format` in the Git config, via the new `[repository.signing].FORMAT` option. This is to tell Git that the instance would like to use SSH instead of OpenPGP to sign its commits. This is guarded behind a Git version check for v2.34.0 and a check that a `ssh-keygen` binary is present.
- Add support to recognize the public SSH key that is given to `[repository.signing].SIGNING_KEY` as the signing key by the instance.
- Thus this allows the instance to use SSH commit signing for commits that the instance creates (e.g. initial and squash commits) instead of using PGP.
- Technically (although I have no clue how as this is not documented) you can have a different PGP signing key for different repositories; this is not implemented for SSH signing.
- Add unit and integration testing.
  - `TestInstanceSigning` was reworked from `TestGPGGit`, now also includes testing for SHA256 repositories. Is the main integration test that actually signs commits and checks that they are marked as verified by Forgejo.
  - `TestParseCommitWithSSHSignature` is a unit test that makes sure that if a SSH instnace signing key is set, that it is used to possibly verify instance SSH signed commits.
  - `TestSyncConfigGPGFormat` is a unit test that makes sure the correct git config is set according to the signing format setting. Also checks that the guarded git version check and ssh-keygen binary presence check is done correctly.
  - `TestSSHInstanceKey` is a unit test that makes sure the parsing of a SSH signing key is done correctly.
  - `TestAPISSHSigningKey` is a integration test that makes sure the newly added API route `/api/v1/signing-key.ssh` responds correctly.

Documentation PR: forgejo/docs#1122

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6897
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-04-11 13:25:35 +00:00
Earl Warren
eb85681b41 fix: package_blob.has_blake2b may be null (#7520)
- When looking for an existing blob, has_blake2b will be null when it was created prior to v26 migration in v11, when the field was introduced.
- Add unit test and minimal refactoring to load fixtures. The AddFixture function should not be where it currently is because it cannot be used by some packages (circular import). But that's a refactor that needs to be elsewhere for backporting purposes.

Fixes https://codeberg.org/forgejo/forgejo/issues/7519
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
2025-04-11 12:28:03 +00:00
christopher-besch
cdb4682bca feat: move UpdateTaskByState to services
This function is also can't be in models in order to enable calling
the action run state change notification channel.
2025-04-10 08:38:28 +02:00
christopher-besch
81b5c7ca6f feat: move StopTask, CancelPreviousJobs and CleanRepoScheduleTasks to services/actions
This enables all action run state changes (from a not done to a done
state) to also send a notification.

Moved these:

- models/actions/task.go|423 col 6| func StopTask(ctx context.Context, taskID int64, status Status) error {
- models/actions/run.go|190 col 6| func CancelPreviousJobs(ctx context.Context, repoID int64, ref, workflowID string, event webhook_module.HookEventType) error {
- models/actions/schedule.go|122 col 6| func CleanRepoScheduleTasks(ctx context.Context, repo *repo_model.Repository, cancelPreviousJobs bool) error {
2025-04-10 08:38:27 +02:00
Kemal Zebari
f7b19964a7 Add new CLI flags to set name and scopes when creating a user with access token (#34080)
Resolves #33474.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 55a69ae4c63ee8551eadb161cb901ba0a2a2e194)
2025-04-07 17:26:34 +02:00
Lunny Xiao
02d9c7cd27 Return default avatar url when user id is zero rather than updating database (#34094)
(cherry picked from commit 88352e0b252e9186a5633d39124a8a65ab89f831)
2025-04-07 16:48:15 +02:00
Gusted
53df0bf9a4 chore(sec): unify usage of crypto/rand.Read (#7453)
- Unify the usage of [`crypto/rand.Read`](https://pkg.go.dev/crypto/rand#Read) to `util.CryptoRandomBytes`.
- Refactor `util.CryptoRandomBytes` to never return an error. It is documented by Go, https://go.dev/issue/66821, to always succeed. So if we still receive a error or if the returned bytes read is not equal to the expected bytes to be read we panic (just to be on the safe side).
- This simplifies a lot of code to no longer care about error handling.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7453
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-04-04 03:31:37 +00:00
Gusted
99fc04b763 fix: make installing Forgejo work again (#7452)
- The default engine is no longer guaranteed to be of the type `*xorm.Engine`, so instead return the interface `db.Engine`.
- Regression of forgejo/forgejo#7212

# Testing

1. Install a Forgejo instance via the setup screen.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7452
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-04-04 03:30:19 +00:00
Gusted
afea42d517 chore: add empty action_variable fixture (#7419)
- Ensures that this table gets emptied between integration tests and does not have any leftovers.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7419
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-04-03 23:42:37 +00:00
famfo
77b0275572 feat(activitiypub): enable HTTP signatures on all ActivityPub endpoints (#7035)
- Set the right keyID and use the right signing keys for outgoing requests.
- Verify the HTTP signature of all incoming requests, except for the server actor.
- Caches keys of incoming requests for users and servers actors.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7035
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: famfo <famfo@famfo.xyz>
Co-committed-by: famfo <famfo@famfo.xyz>
2025-04-03 15:24:15 +00:00
pat-s
63a80bf2b9 feat: use XORM EngineGroup instead of single Engine connection (#7212)
Resolves #7207

Add new configuration to make XORM work with a main and replicas database instances. The follow configuration parameters were added:

- `HOST_PRIMARY`
- `HOST_REPLICAS`
- `LOAD_BALANCE_POLICY`. Options:
    - `"WeightRandom"` -> `xorm.WeightRandomPolicy`
    - `"WeightRoundRobin`  -> `WeightRoundRobinPolicy`
    - `"LeastCon"` -> `LeastConnPolicy`
    - `"RoundRobin"` -> `xorm.RoundRobinPolicy()`
    - default: `xorm.RandomPolicy()`
- `LOAD_BALANCE_WEIGHTS`

Co-authored-by: pat-s <patrick.schratz@gmail.com@>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7212
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Co-committed-by: pat-s <patrick.schratz@gmail.com>
2025-03-30 11:34:02 +00:00
Renovate Bot
fed2d81c44 Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367)
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-28 22:22:21 +00:00
Gusted
2457f5ff22 chore: branding import path (#7337)
- Massive replacement of changing `code.gitea.io/gitea` to `forgejo.org`.
- Resolves forgejo/discussions#258

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7337
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Panagiotis "Ivory" Vasilopoulos <git@n0toose.net>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-03-27 19:40:14 +00:00
Gusted
f009c6ec4a fix: fix ci dashboard e2e test (#7338)
- Add the necessary branch row for the workflow repository. This is required for the dashboard search to return any commit status for the default branch.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7338
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-03-26 00:19:31 +00:00
Gusted
72ee7f3b00 fix: consider issues in repository accessible via access table (#7270)
- Consider the following scenario: a private repository in an organization with a team that has no specific access to that repository. Members of that team are still able to visit the repository because of entries in the `access` table.
- Consider this specific scenario for the gathering of issues for project tables.
- Unit test added
- Resolves forgejo/forgejo#7217
- Ref: forgejo/forgejo#6843

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7270
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-03-19 16:45:42 +00:00
Earl Warren
83e186c00c fix: discard v25 secrets migrations errors instead of failing (#7251)
Failing the migration when a corrupted record is found is problematic because there is no transaction and the database may need to be restored from a backup to attempt the migration again, after deleting the corrupted records.

Each documented case of failed migration was resolved by removing the corrupted records. There is no instance of a failed migration that was caused by non corrupted record.

In the unlikely event of a false negative where a two_factor record is discarded although it is in use, the only consequence is that the user will have to enroll again. Detailed logs are displayed so the Forgejo admin can file a bug report if that happens.

Refs: https://codeberg.org/forgejo/forgejo/issues/6637

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7251): <!--number 7251 --><!--line 0 --><!--description V2hlbiBtaWdyYXRpbmcgdG8gRm9yZ2VqbyB2MTAsIHRoZSBUT1RQIHNlY3JldHMgZm91bmQgdG8gYmUgY29ycnVwdGVkIGFyZSBub3cgdHJhbnNwYXJlbnRseSByZW1vdmVkIGZyb20gdGhlIGRhdGFiYXNlIGluc3RlYWQgb2YgZmFpbGluZyB0aGUgbWlncmF0aW9uLiBUT1RQIGlzIG5vIGxvbmdlciByZXF1aXJlZCB0byBsb2dpbiB3aXRoIHRoZSBhc3NvY2lhdGVkIHVzZXJzLiBUaGV5IHNob3VsZCBiZSBpbmZvcm1lZCBiZWNhdXNlIHRoZXkgd2lsbCBuZWVkIHRvIHZpc2l0IHRoZWlyIHNlY3VyaXR5IHNldHRpbmdzIGFuZCBjb25maWd1cmUgVE9UUCBhZ2Fpbi4gTm8gb3RoZXIgYWN0aW9uIGlzIHJlcXVpcmVkLg==-->When migrating to Forgejo v10, the TOTP secrets found to be corrupted are now transparently removed from the database instead of failing the migration. TOTP is no longer required to login with the associated users. They should be informed because they will need to visit their security settings and configure TOTP again. No other action is required.<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7251
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
2025-03-17 16:25:37 +00:00
Gusted
d5c8091e08 perf: optimize converting releases to feed items (#7221)
- `releasesToFeedItems` is called to convert release structs to feed items, which is then used to render RSS or Atom feeds.
- Optimize the loading of attributes for the releases, introduce `ReleaseList` type which uses caching to load repository and publishers. It also no longer loads release attachments and downloads counts as that is not used in feed items.
- Optimize the composing of meta by introducing caching, this operation is especially slow when the owner is an organization.
- Add unit test (ensures new `LoadAttributes` works correctly).
- Add integration test (ensures that feed output is still as expected).

Loading https://codeberg.org/forgejo/forgejo/releases.rss reduced from ~15s to ~1s. (It is currently is deployed on codeberg.org)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7221
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-03-17 09:00:34 +00:00