Commit graph

1707 commits

Author SHA1 Message Date
4e8e3fafe7 Merge plus fixing tests/e2e/declare_repos_test.go conflict
Some checks failed
Integration tests for the release process / release-simulation (push) Has been cancelled
2025-06-30 14:02:39 +02:00
Earl Warren
ba37b69252 feat: make API pull and compare endpoint references to head more robust (#8332)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8332
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2025-06-29 07:35:47 +02:00
Gusted
b5e608f3e2 feat: bump the minimum required Git version from 2.0.0 to 2.34.1 (#8328)
- Resolves forgejo/discussions#324
- Remove all checks of `CheckGitVersionAtLeast` that checked for a version below 2.34.1
- The version was chosen because Debian stable supports 2.39.5 and Ubuntu 22.04 LTS supports 2.34.1

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8328
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-06-29 00:44:18 +02:00
Earl Warren
a300c0b9fd
chore(cleanup): GitRepo.GetCommit is equivalent to GitRepo.IsBranchExist
Since go-git was dropped in a21128a734,
IsBranchExist relies on git-cat-file to figure out if a commit ID
exists.

There is no need to fallback to GetCommit if IsBranchExist determines
the commit does not exist and it will come to the same conclusion.
2025-06-28 23:30:20 +02:00
Lucas Schwiderski
3fb6e17105 fix: add missing trust status to pull review commits (#8296)
Closes: #8293

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8296
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Lucas Schwiderski <lucas@lschwiderski.de>
Co-committed-by: Lucas Schwiderski <lucas@lschwiderski.de>
2025-06-27 15:29:44 +02:00
Danko Aleksejevs
184e068f37 feat: show more relevant results for 'dependencies' dropdown (#8003)
- Fix issue dropdown breaking when currently selected issue is included in results.
- Add `sort` parameter to `/issues/search` API.
- Sort dropdown by relevance.
- Make priority_repo_id work again.
- Added E2E test.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8003
Reviewed-by: Shiny Nematoda <snematoda@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Danko Aleksejevs <danko@very.lv>
Co-committed-by: Danko Aleksejevs <danko@very.lv>
2025-06-26 20:06:21 +02:00
David Rotermund
be3c659b51 Merge branch 'forgejo' into upload_with_path_structure 2025-06-26 12:50:04 +02:00
Renovate Bot
aee5e1fb94 Update module github.com/jhillyerd/enmime/v2 to v2.2.0 (forgejo) (#8254)
This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [github.com/jhillyerd/enmime/v2](https://github.com/jhillyerd/enmime) | `v2.1.0` -> `v2.2.0` | [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fjhillyerd%2fenmime%2fv2/v2.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fjhillyerd%2fenmime%2fv2/v2.1.0/v2.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

---

### Release Notes

<details>
<summary>jhillyerd/enmime (github.com/jhillyerd/enmime/v2)</summary>

### [`v2.2.0`](https://github.com/jhillyerd/enmime/releases/tag/v2.2.0)

[Compare Source](https://github.com/jhillyerd/enmime/compare/v2.1.0...v2.2.0)

#### What's Changed

- chore: bump golangci to last 1.x release by [@&#8203;jhillyerd](https://github.com/jhillyerd) in https://github.com/jhillyerd/enmime/pull/368
- chore: fix linter warnings by [@&#8203;jhillyerd](https://github.com/jhillyerd) in https://github.com/jhillyerd/enmime/pull/370
- chore: bump golangci to 2.x by [@&#8203;jhillyerd](https://github.com/jhillyerd) in https://github.com/jhillyerd/enmime/pull/369
- chore: bump go deps by [@&#8203;jhillyerd](https://github.com/jhillyerd) in https://github.com/jhillyerd/enmime/pull/371
- build(deps): bump golangci/golangci-lint-action from 7 to 8 by [@&#8203;dependabot](https://github.com/dependabot) in https://github.com/jhillyerd/enmime/pull/373
- Switch to fork of html2text for tablewriter 1.0 by [@&#8203;jhillyerd](https://github.com/jhillyerd) in https://github.com/jhillyerd/enmime/pull/375
- Release for go 1.23 support by [@&#8203;jhillyerd](https://github.com/jhillyerd) in https://github.com/jhillyerd/enmime/pull/376

**Full Changelog**: https://github.com/jhillyerd/enmime/compare/v2.1.0...v2.2.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xLjMiLCJ1cGRhdGVkSW5WZXIiOiI0MS4xLjMiLCJ0YXJnZXRCcmFuY2giOiJmb3JnZWpvIiwibGFiZWxzIjpbImRlcGVuZGVuY3ktdXBncmFkZSIsInRlc3Qvbm90LW5lZWRlZCJdfQ==-->

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8254
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-06-26 08:49:20 +02:00
oliverpool
7a6b5b6dd9 blame: count lines without reading blob 2025-06-24 17:36:13 +02:00
Robert Wolff
0b24915271 feat(ui): add links to milestones and projects in issue comments (#7992)
add links to the comments that appear in issue when changing milestones and projects

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7992
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Robert Wolff <mahlzahn@posteo.de>
Co-committed-by: Robert Wolff <mahlzahn@posteo.de>
2025-06-23 23:31:51 +02:00
David Rotermund
c3b559b79b Merge branch 'forgejo' into upload_with_path_structure
Some checks failed
Integration tests for the release process / release-simulation (push) Has been cancelled
2025-06-23 17:23:40 +02:00
Alex Smith
690532efb8 add model viewer for .glb (GLTF) model in file view (#8111)
## Motivation

The GLTF (`.gltf`, `.glb`) 3D model format is very popular for game development and visual productions.

For an indie game studio, it would be convenient for a team to view textured 3D models directly from the Forgejo interface (otherwise they need to be downloaded and opened). [Perforce](https://www.perforce.com/products/helix-dam), [Diversion](https://www.diversion.dev/), and GitHub all have this capability to differing extents.

Some discussion on 3D file support here: https://codeberg.org/forgejo/forgejo/issues/5188

## Changes

Adds a model viewer similar to [GitHub STL viewer](https://github.com/assimp/assimp/blob/master/test/models/STL/Spider_ascii.stl) for `.glb` model files, and lays some groundwork to support future files. Uses the [model-viewer](https://modelviewer.dev/) library by Google and three.js. The model viewer is interactive and can be rotated and scaled.

![Screen Recording 2025-06-08 at 15.27.15](/attachments/84c63dea-a0ce-45f9-b48b-c80867636639)

## How to Test

1) Create a new repository or use an existing one.
2) Upload a `.glb` file such as `tests/testdata/data/viewer/Unicode❤♻Test.glb` (CC0 1.0 Universal)
3) View the file in the repository.
    - Similar to image files, the 3D model should be rendered in a viewer.
    - Use mouse clicks to turn and zoom.

## Licenses

Libraries used for this change include three.js and @google/model-viewer, which are MIT and Apache-2.0 licenses respectively. Both of these are compatible with Forgejo's GPL3.0 license.

## Future Plans

1) `.gltf` was not attempted because it is a multiple file format, referencing other files in the same directory. Still need to experiment with this to see if it can work. `.glb` is a single file containing a `.gltf` and all of its other file/texture dependencies so was easier to implement.
2) The PR diff still shows the model as an unviewable bin file, but clicking the "View File" button takes you to a view screen where this model viewer is used. It would be nice to view the before and after of the model in two side-by-side model viewers, akin to reviewing a change in an image.
3) Also inserted stubs for adding contexts for GLTF, STL, OBJ, and 3MF. These ultimately don't do anything yet as only `.glb` files can be detected by the type sniffer of all of these.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for checking GLB file content using the first few bytes.
  - [x] in their respective `typesniffer_test.go` for unit tests.

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- User Interface features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8111): <!--number 8111 --><!--line 0 --><!--description YWRkIG1vZGVsIHZpZXdlciBmb3IgYC5nbGJgIChHTFRGKSBtb2RlbCBpbiBmaWxlIHZpZXc=-->add model viewer for `.glb` (GLTF) model in file view<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8111
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Co-authored-by: Alex Smith <amsmith.pro@pm.me>
Co-committed-by: Alex Smith <amsmith.pro@pm.me>
2025-06-21 14:42:35 +02:00
Earl Warren
9e6f722f94 fix: only send Forgejo Actions notifications to one user (#8227)
- If the run was attributed to a system user (which is the case for scheduled runs for instance), ignore it and fallback to the mail of the owner. System users may have email addresses, but they are not to be used.
- If the owner is a system user or an organization with no email associated with it, do nothing.
- If a user with an email exists, check if they did not disable notifications and send the email.

Refs: https://codeberg.org/forgejo/forgejo/issues/8187
Refs: https://codeberg.org/forgejo/forgejo/issues/8233

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.

### Documentation

- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8227
Reviewed-by: Christopher Besch <mail@chris-besch.com>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
2025-06-21 12:15:38 +02:00
oliverpool
f708bacfff blob: use NewTruncatedReader for CodeOwners parsing
tested in tests/integration/pull_review_test.go:TestPullView_CodeOwner
2025-06-20 20:43:10 +02:00
oliverpool
dd79f0ce2b blob: use NewTruncatedReader for markdown 2025-06-20 20:43:10 +02:00
oliverpool
913eaffb8a fix: collaborator can edit wiki with write access (#8234)
fixes: #8119, replaces #8135

Bug likely introduced in 5eeccecafc

### Tests

- I added test coverage for Go changes in the `tests/integration` directory if it involves interactions with a live Forgejo server.

### Documentation

- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8234
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
2025-06-19 18:35:09 +02:00
oliverpool
285f66b782 fix: prevent 500 message on invalid username (#8236)
Bug introduced by #7998

### Tests

- go to your settings page https://v12.next.forgejo.org/user/settings
- try to change to an invalid username (like `.well--invalid`)
- verify that no 500 error is shown, only a flash message

I tried to add a test in `tests/integration/user_test.go`, but failed to catch the error message:

```
		resp := session.MakeRequest(t, req, http.StatusOK)
		txt := resp.Body.String()
		t.Log(txt) // no template error??
		t.FailNow()
```

### Release notes

- [x] I do not want this change to show in the release notes.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8236
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
2025-06-19 18:31:08 +02:00
David Rotermund
578d9132a7 Merge branch 'forgejo' into upload_with_path_structure
Some checks failed
Integration tests for the release process / release-simulation (push) Has been cancelled
2025-06-19 15:18:49 +02:00
Michael Jerger
15bb6b7f92 [gitea] week 2025-22 cherry pick (gitea/main -> forgejo) (#8198)
## Checklist

- [x] go to the last cherry-pick PR (forgejo/forgejo#8040) to figure out how far it went: [gitea@d5bbaee64e](d5bbaee64e)
- [x] cherry-pick and open PR (forgejo/forgejo#8198)
- [ ] have the PR pass the CI
- end-to-end (specially important if there are actions related changes)
  - [ ] add `run-end-to-end` label
  - [ ] check the result
- [ ] write release notes
- [ ] assign reviewers
- [ ] 48h later, last call
- merge 1 hour after the last call

## Legend

-  - No decision about the commit has been made.
- 🍒 - The commit has been cherry picked.
-  - The commit has been skipped.
- 💡 - The commit has been skipped, but should be ported to Forgejo.
- ✍️ - The commit has been skipped, and a port to Forgejo already exists.

## Commits

- 🍒 [`gitea`](17cfae82a5) -> [`forgejo`](6397da88d3) Hide href attribute of a tag if there is no target_url ([gitea#34556](https://github.com/go-gitea/gitea/pull/34556))
- 🍒 [`gitea`](b408bf2f0b) -> [`forgejo`](46bc899d57) Fix: skip paths check on tag push events in workflows ([gitea#34602](https://github.com/go-gitea/gitea/pull/34602))
- 🍒 [`gitea`](9165ea8713) -> [`forgejo`](04332f31bf) Only activity tab needs heatmap data loading ([gitea#34652](https://github.com/go-gitea/gitea/pull/34652))
- 🍒 [`gitea`](3f7dbbdaf1) -> [`forgejo`](2a9019fd04) Small fix in Pull Requests page ([gitea#34612](https://github.com/go-gitea/gitea/pull/34612))
- 🍒 [`gitea`](497b83b75d) -> [`forgejo`](9a83cc7bad) Fix migration pull request title too long ([gitea#34577](https://github.com/go-gitea/gitea/pull/34577))

## TODO

- 💡 [`gitea`](6b8b580218) Refactor container and UI ([gitea#34736](https://github.com/go-gitea/gitea/pull/34736))
  Packages: Fix for container, needs careful merge.
------
- 💡 [`gitea`](bbee652e29) Prevent duplicate form submissions when creating forks ([gitea#34714](https://github.com/go-gitea/gitea/pull/34714))
  Fork: Fix, needs careful merge.
------
- 💡 [`gitea`](d21ce9fa07) Improve the performance when detecting the file editable ([gitea#34653](https://github.com/go-gitea/gitea/pull/34653))
  LFS: Performance improvement - needs careful merge.
------
- 💡 [`gitea`](8fed27bf6a) Fix various problems ([gitea#34708](https://github.com/go-gitea/gitea/pull/34708))
  Various: Fixes, tests missing.
------
- 💡 [`gitea`](c9505a26b9) Improve instance wide ssh commit signing ([gitea#34341](https://github.com/go-gitea/gitea/pull/34341))
  CodeSign: Nice feature - needs careful merge.
------
- 💡 [`gitea`](fbc3796f9e) Fix pull requests API convert panic when head repository is deleted. ([gitea#34685](https://github.com/go-gitea/gitea/pull/34685))
  Pull: Fix, needs careful merge.
------
- 💡 [`gitea`](1610a63bfd) Fix commit message rendering and some UI problems ([gitea#34680](https://github.com/go-gitea/gitea/pull/34680))
  Various Fixes - needs carefull merge.
------
- 💡 [`gitea`](0082cb51fa) Fix last admin check when syncing users ([gitea#34649](https://github.com/go-gitea/gitea/pull/34649))
  oidc: fix "first user is always admin". Needs careful merge.
------
- 💡 [`gitea`](c6b2cbd75d) Fix footnote jump behavior on the issue page. ([gitea#34621](https://github.com/go-gitea/gitea/pull/34621))
  Issues: Fix Markdown rendering. Needs carefull merge
------
- 💡 [`gitea`](7a59f5a825) Ignore "Close" error when uploading container blob ([gitea#34620](https://github.com/go-gitea/gitea/pull/34620))
  No issue, no test.
------
- 💡 [`gitea`](6d0b24064a) Keeping consistent between UI and API about combined commit status state and fix some bugs ([gitea#34562](https://github.com/go-gitea/gitea/pull/34562))
  Next PR in Commit-Status story.
------
- 💡 [`gitea`](f6041441ee) Refactor FindOrgOptions to use enum instead of bool, fix membership visibility ([gitea#34629](https://github.com/go-gitea/gitea/pull/34629))
  Just for a common sense here: How should I consider refactorings?
------
- 💡 [`gitea`](cc942e2a86) Fix GetUsersByEmails ([gitea#34643](https://github.com/go-gitea/gitea/pull/34643))
  User: Seems to fix email validation - but seems not to be finished.
------
- 💡 [`gitea`](7fa5a88831) Add `--color-logo` for text that should match logo color ([gitea#34639](https://github.com/go-gitea/gitea/pull/34639))
  UI: Nice idea - can we adapt this?
------
- 💡 [`gitea`](47d69b7749) Validate hex colors when creating/editing labels ([gitea#34623](https://github.com/go-gitea/gitea/pull/34623))
  Label: Color validation but needs careful merge.
------
- 💡 [`gitea`](108db0b04f) Fix possible pull request broken when leave the page immediately after clicking the update button ([gitea#34509](https://github.com/go-gitea/gitea/pull/34509))
  Nice fix for a bug hard to trace down.
  Needs careful merge & think about whether a test is possible.
------
- 💡 [`gitea`](79cc369892) Fix issue label delete incorrect labels webhook payload ([gitea#34575](https://github.com/go-gitea/gitea/pull/34575))
  Small fix but would expect a test, showing what was fixed.
------
- 💡 [`gitea`](fe57ee3074) fixed incorrect page navigation with up and down arrow on last item of dashboard repos ([gitea#34570](https://github.com/go-gitea/gitea/pull/34570))
  Small & simple - but tests are missing.
------
- 💡 [`gitea`](4e471487fb) Remove unnecessary duplicate code ([gitea#34552](https://github.com/go-gitea/gitea/pull/34552))
  Fix arround "Split GetLatestCommitStatus".
------
- 💡 [`gitea`](c5e78fc7ad) Do not mutate incoming options to SearchRepositoryByName ([gitea#34553](https://github.com/go-gitea/gitea/pull/34553))
  Large refactoring to simplify options handling. But needs careful merge.
------
- 💡 [`gitea`](f48c0135a6) Fix/improve avatar sync from LDAP ([gitea#34573](https://github.com/go-gitea/gitea/pull/34573))
  Nice fix but needs test.
------
- 💡 [`gitea`](e8d8984f7c) Fix some trivial problems ([gitea#34579](https://github.com/go-gitea/gitea/pull/34579))
  Various fixes, tests missing.
------

## Skipped

-  [`gitea`](637070e07b) Fix container range bug ([gitea#34725](https://github.com/go-gitea/gitea/pull/34725))
------
-  [`gitea`](0d3e9956cd) [skip ci] Updated translations via Crowdin
------
-  [`gitea`](28debdbe00) [skip ci] Updated translations via Crowdin
------
-  [`gitea`](dcc9206a59) Raise minimum Node.js version to 20, test on 24 ([gitea#34713](https://github.com/go-gitea/gitea/pull/34713))
------
-  [`gitea`](bc28654b49) [skip ci] Updated translations via Crowdin
------
-  [`gitea`](65986f423f) Refactor embedded assets and drop unnecessary dependencies ([gitea#34692](https://github.com/go-gitea/gitea/pull/34692))
------
-  [`gitea`](18bafcc378) Bump minimum go version to 1.24.4 ([gitea#34699](https://github.com/go-gitea/gitea/pull/34699))
------
-  [`gitea`](8d135ef5cf) Update JS deps ([gitea#34701](https://github.com/go-gitea/gitea/pull/34701))
------
-  [`gitea`](d5893ee260) Fix markdown wrap ([gitea#34697](https://github.com/go-gitea/gitea/pull/34697))

  - gitea UI specific specific
------
-  [`gitea`](06ccb3a1d4) [skip ci] Updated translations via Crowdin
------
-  [`gitea`](94db956e31) frontport changelog ([gitea#34689](https://github.com/go-gitea/gitea/pull/34689))
------
-  [`gitea`](d5afdccde8) [skip ci] Updated translations via Crowdin
------
-  [`gitea`](e9f5105e95) Migrate to urfave v3 ([gitea#34510](https://github.com/go-gitea/gitea/pull/34510))
  already in Forgejo - see https://codeberg.org/forgejo/forgejo/pulls/8035
------
-  [`gitea`](2c341b6803) [skip ci] Updated translations via Crowdin
------
-  [`gitea`](92e7e98c56) Update x/crypto package and make builtin SSH use default parameters ([gitea#34667](https://github.com/go-gitea/gitea/pull/34667))
------
-  [`gitea`](7b39c82587) Fix "oras" OCI client compatibility ([gitea#34666](https://github.com/go-gitea/gitea/pull/34666))
  Already in forgejo - see https://codeberg.org/forgejo/forgejo/issues/8070
------
-  [`gitea`](1fe652cd26) [skip ci] Updated translations via Crowdin
------
-  [`gitea`](a9a705f4db) Fix missed merge commit sha and time when migrating from codecommit ([gitea#34645](https://github.com/go-gitea/gitea/pull/34645))
  Migration: Seems to be an important fix, but no tests.

  As I know @earl-warren worked hard on migration, is this still relevant to us?
------
-  [`gitea`](1e0758a9f1) [skip ci] Updated translations via Crowdin
------
-  [`gitea`](f6f6aedd4f) Update JS deps, regenerate SVGs ([gitea#34640](https://github.com/go-gitea/gitea/pull/34640))
------
-  [`gitea`](aa2b3b2b1f) Misc CSS fixes ([gitea#34638](https://github.com/go-gitea/gitea/pull/34638))

  - gitea UI specific specific
------
-  [`gitea`](b38f2d31fd) add codecommit to supported services in api docs ([gitea#34626](https://github.com/go-gitea/gitea/pull/34626))
------
-  [`gitea`](74a0178c6a) add openssh-keygen to rootless image ([gitea#34625](https://github.com/go-gitea/gitea/pull/34625))
  already in Forgejo - see https://codeberg.org/forgejo/forgejo/issues/6896
------
-  [`gitea`](5b22af4373) bump to alpine 3.22 ([gitea#34613](https://github.com/go-gitea/gitea/pull/34613))
------
-  [`gitea`](9e0e107d23) Fix notification count positioning for variable-width elements ([gitea#34597](https://github.com/go-gitea/gitea/pull/34597))

  - gitea UI specific specific
------
-  [`gitea`](e5781cec75) Fix margin issue in markup paragraph rendering ([gitea#34599](https://github.com/go-gitea/gitea/pull/34599))

  - gitea UI specific specific
------
-  [`gitea`](375dab1111) Make pull request and issue history more compact ([gitea#34588](https://github.com/go-gitea/gitea/pull/34588))

  - gitea UI specific specific
------
-  [`gitea`](2a1585b32e) Refactor some tests ([gitea#34580](https://github.com/go-gitea/gitea/pull/34580))
------

<details>
<summary><h2>Stats</h2></summary>

<br>

Between [`gitea@d5bbaee64e`](d5bbaee64e) and [`gitea@6b8b580218`](6b8b580218), **55** commits have been reviewed. We picked **5**, skipped **28** (of which **3** were already in Forgejo!), and decided to port **22**.

</details>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: NorthRealm <155140859+NorthRealm@users.noreply.github.com>
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>
Co-authored-by: endo0911engineer <161911062+endo0911engineer@users.noreply.github.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8198
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
2025-06-17 18:28:07 +02:00
David Rotermund
b920ceea16 Merge branch 'forgejo' into upload_with_path_structure 2025-06-17 11:52:08 +02:00
Earl Warren
16dbc0efd3 fix: git_model.CommitStatusesHideActionsURL is obsolete (#8209)
Refs: https://codeberg.org/forgejo/forgejo/pulls/7155
Refs: https://codeberg.org/forgejo/forgejo/pulls/8177
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8209
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Lucas <sclu1034@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
2025-06-17 10:15:48 +02:00
Lucas Schwiderski
3a986d282f Implement single-commit PR review flow (#7155)
This implements the UI controls and information displays necessary to allow reviewing pull requests by stepping through commits individually.

Notable changes:

- Within the PR page, commit links now stay in the PR context by navigating to `{owner}/{repo}/pulls/{id}/commits/{sha}`
- When showing a single commit in the "Files changed" tab, the commit header containing commit message and metadata is displayed
  - I dropped the existing buttons, since they make less sense to me in the PR context
  - The SHA links to the separate, dedicated commit view
- "Previous"/"Next" buttons have been added to that header to allow stepping through commits
- Reviews can be submitted in "single commit" view

Talking points:

- The "Showing only changes from" banner made sense when that view was limited (e.g. review submit was disabled). Now that it's on par with the "all commits" view, and visually distinct due to the commit header, this banner could potentially be dropped.

Closes: #5670 #5126 #5671 #2281 #8084

![image](/attachments/cff441dc-a080-42f8-86ae-9b80490761bf)

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7155
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Lucas Schwiderski <lucas@lschwiderski.de>
Co-committed-by: Lucas Schwiderski <lucas@lschwiderski.de>
2025-06-17 09:31:50 +02:00
David Rotermund
d48ff06b06 Merge branch 'forgejo' into upload_with_path_structure
Some checks are pending
Integration tests for the release process / release-simulation (push) Waiting to run
2025-06-16 16:05:15 +02:00
Thomas Böhler
53d5e6d754 feat(ui): show size constraints of custom avatar (#7998)
Closes #7862
This adds a note for the user profile settings page about the avatar constraints.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7998
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Thomas Böhler <witcher@wiredspace.de>
Co-committed-by: Thomas Böhler <witcher@wiredspace.de>
2025-06-14 16:35:50 +02:00
oliverpool
09699c1506 feat: always publish the link to the commit status (#8177)
See https://codeberg.org/forgejo/forgejo/pulls/4801#issuecomment-5094525 and #8152 for more context.

The current implementation is limited to self-hosted actions and buggy as soon as multiple repos are involved, like for the homepage (because each permission must be fetched individually).

Ideally this feature should work for all kind of status (with some setting indicating which collaborator can access with status). Probably inside the `git_model.ParseCommitsWithStatus` function.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8177
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
2025-06-13 12:41:34 +02:00
David Rotermund
63c9d504fd Merge branch 'forgejo' into upload_with_path_structure 2025-06-11 12:53:35 +02:00
b590cc0ca8 removed unneccessary argument from BindUpload in routers/web/web.go 2025-06-11 01:26:47 +02:00
jmaasing
5391f43888 fix: remove trailing slash from the issuer in oauth claims (#8028)
- Trim the ending slash '/' from the URL used in the OpenID Connect "well_known" endpoint and in the JWT tokens issued by Forgejo.
- This makes it compliant with the OpenID specification. https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig
- Resolves #7941

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8028
Reviewed-by: Lucas <sclu1034@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: jmaasing <jmaasing@noreply.codeberg.org>
Co-committed-by: jmaasing <jmaasing@noreply.codeberg.org>
2025-06-10 20:46:17 +02:00
David Rotermund
bec006b2eb Merge branch 'forgejo' into upload_with_path_structure
Some checks failed
Integration tests for the release process / release-simulation (push) Has been cancelled
2025-06-10 10:40:50 +02:00
Gusted
b68f923592
fix: show membership of limited orgs
- Include organisations with visibility of limited if the visitor is signed in.
- Resolves forgejo/forgejo#8093
- Added unit test.
2025-06-06 19:33:26 +02:00
christopher-besch
d17aa98262 Actions Failure, Succes, Recover Webhooks (#7508)
Implement Actions Success, Failure and Recover webhooks for Forgejo, Gitea, Gogs, Slack, Discord, DingTalk, Telegram, Microsoft Teams, Feishu / Lark Suite, Matrix, WeCom (Wechat Work), Packagist. Some of these webhooks have not been manually tested.

Implement settings for these new webhooks.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7508): <!--number 7508 --><!--line 0 --><!--description QWN0aW9ucyBGYWlsdXJlLCBTdWNjZXMsIFJlY292ZXIgV2ViaG9va3M=-->Actions Failure, Succes, Recover Webhooks<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7508
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: christopher-besch <mail@chris-besch.com>
Co-committed-by: christopher-besch <mail@chris-besch.com>
2025-06-03 14:29:19 +02:00
a6264998e6 Cleaning up the commit history. Last relevent commits were: Cleaned the comments and used test.describe to nest the tests ; fix the 0ko conflict
Some checks failed
Integration tests for the release process / release-simulation (push) Has been cancelled
2025-06-02 15:41:06 +02:00
Maxim Cournoyer
85c054c412 fix: return the correct agit type in ssh_info (#8025)
The git-repo-go tool doesn't understand 'gitea'; it should be 'agit',
currently at version 1.

Relates-to: <https://github.com/go-gitea/gitea/pull/27014>
Fixes: forgejo/forgejo#8024
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8025
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Co-committed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2025-06-02 09:21:49 +02:00
Gusted
d6ab2a464f fix: aggregate deleted team as ghost team (#7987)
- If a review was requested from a deleted team, use the ghost team for the comment aggregator.
- Resolves Codeberg/Community#1952
- Unit test added.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7987
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-05-29 17:45:18 +02:00
chavacava
99d697263f chore(cleanup): replaces unnecessary calls to formatting functions by non-formatting equivalents (#7994)
This PR replaces unnecessary calls to formatting functions (`fmt.Printf`, `fmt.Errorf`, ...) by non-formatting equivalents.
Resolves #7967

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7994
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: chavacava <chavacava@noreply.codeberg.org>
Co-committed-by: chavacava <chavacava@noreply.codeberg.org>
2025-05-29 17:34:29 +02:00
Gusted
7d2a7b8559 feat: add validating user password as trace region (#7981)
- Password hashing can take a measurable amount of time, make this more visible in the trace by capturing the computations done in the password hash in their own region.
- Ref: forgejo/forgejo#6470

## Screenshot

![image](/attachments/9834b094-a78f-4ac2-847e-91f221a84833)

The upper part are where the tasks are shown (and nothing else). The bottom part is where the interesting execution tracing happens and the part where the user password hashing happens is now properly indicated/highlighted and does not need to be inferred by looking at the stack traces.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7981
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-05-28 14:46:23 +02:00
0ko
0dd605a8d3 chore(ui): clean up hashbox CSS, small design changes (#7822)
Co-authored-by: Beowulf <beowulf@beocode.eu>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7822
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
2025-05-25 12:51:27 +02:00
0ko
765e7bd1b6 feat(ui): messages for empty usercards (#7947)
Show a message about list being empty, so the page doesn't look broken-ish empty.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7947
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
2025-05-23 23:34:40 +02:00
famfo
dda37e86bd feat: relax email requirements (#7829)
The current email restrictions were put in place because of a security issue with sendmail (https://github.com/go-gitea/gitea/pull/17688). Remove this restriction and instead ensure that this security issue cannot happen with sendmail.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7829
Reviewed-by: Ellen Εμιλία Άννα Zscheile <fogti@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: famfo <famfo@famfo.xyz>
Co-committed-by: famfo <famfo@famfo.xyz>
2025-05-22 12:20:25 +02:00
Shiny Nematoda
6c6035bc49 feat(ui): allow admins to reindex issues per repo (#7896)
Added a new option to reindex only a select repository.

The option is present under `[REPO_LINK]/settings` > Administrator Settings

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7896
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Lucas <sclu1034@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2025-05-21 17:43:18 +02:00
Gusted
fa2a135f68 chore: QoL improvements to tests (#7917)
- Use mock helper functions, instead of home-brew solutions.
- Disable cron jobs that are not important to be run during integration tests and might even interfere.
- Avoid sleeping unnecessary, if there's some requirement then sleep or retry until that requirement is met.
- Avoid trying to deliver webhooks that will always result in a failure.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7917
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-05-21 15:45:56 +02:00
floss4good
dc56486b1f feat!: Abusive content reporting (#6977)
This implements milestones 1. and 4. from **Task F. Moderation features: Reporting** (part of [amendment of the workplan](https://codeberg.org/forgejo/sustainability/src/branch/main/2022-12-01-nlnet/2025-02-07-extended-workplan.md#task-f-moderation-features-reporting) for NLnet 2022-12-035):

> 1. A reporting feature is implemented in the database. It ensures that content remains available for review, even if a user deletes it after a report was sent.

> 4. Users can report the most relevant content types (at least: issue comments, repositories, users)

### See also:
- forgejo/discussions#291
- forgejo/discussions#304
- forgejo/design#30

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6977
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: floss4good <floss4good@disroot.org>
Co-committed-by: floss4good <floss4good@disroot.org>
2025-05-18 08:05:16 +00:00
Gusted
4a57f73072 fix: remove artificial delay for PR update (#7773)
- I was not able to find a reasoning in the pull request (https://github.com/go-gitea/gitea/pull/9784) for the existence of this `time.Sleep`. The best I could come up with during manual testing is that there's a brief moment where 'this pull request is missing fork information' is shown, this was caused by an incorrect condition.
- Added integration test.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7773
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-05-04 21:54:55 +00:00
Beowulf
37d566bdb0 Show if commit is signed in activity feed and unify sha box (#6933)
Old activities are shown like before, new commits are displayed like commits in e.g. the commits list. _(Second commit)_

| New signed commits | Old (signed) commits |
|:--:|:--:|
| ![image](/attachments/cd81c761-eda6-44bf-8c43-ac3b7e6f16eb) | ![image](/attachments/243080f3-1b77-4ca7-bc03-bbf855c39c99) |

Additionally the sha box was moved in an own component to unify the usage. _(First commit)_

Closes #1824

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- User Interface features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6933): <!--number 6933 --><!--line 0 --><!--description U2hvdyBpZiBjb21taXQgaXMgdmVyaWZpZWQgaW4gYWN0aXZpdHkgZmVlZCBvZiBhbiB1c2VyIG9yIGFuIG9yZ2FuaXphdGlvbiBmb3IgbmV3IGFjdGl2aXR5-->Show if commit is verified in activity feed of an user or an organization for new activity<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6933
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Co-committed-by: Beowulf <beowulf@beocode.eu>
2025-05-03 10:54:52 +00:00
Gusted
3ebd96ef73 [gitea] week 2025-16 cherry pick (gitea/main -> forgejo) (#7602)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7602
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2025-05-02 18:35:33 +00:00
Gabriel Bjørnager Jensen
f07456286e
fix(ui): Improve chronological sorting of user (#7596)
This PR changes `newest` and `oldest` sorting under *Explore/User* and *Explore/Organization* to refer to the `created_unix` column rather than `id`.

Fixes: #7595

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7596
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Gabriel Bjørnager Jensen <gabriel@achernar.io>
Co-committed-by: Gabriel Bjørnager Jensen <gabriel@achernar.io>
2025-05-02 20:33:57 +02:00
0ko
5ac2c0a2ba fix(ui): multiple fixes of sync fork UI (#7740)
Followup to https://codeberg.org/forgejo/forgejo/pulls/2364
Replaces https://codeberg.org/forgejo/forgejo/pulls/7666

Fix multiple issues with the original implementation:
* `SyncFork` web handler used `{branch}` as a parameter, so it failed for branches with `/` in names
    * Originally I switched it to use `*` like other branch web handlers, but I found that it was easier to move it out from URL to POST request values
* Security: `SyncFork` web handler was using GET method, so just visiting the link was enough to execute the action
    * It was switched to POST done via form with CSRF, which also allowed to put branch name in it's values
* Security: in template, branch name was not escaped but rendered with `SafeHTML`, allowing for rendering fun characters like `&amp;` and for script execution. Also the link was not escaped correctly and would be leading to 404
    * To avoid having to change all translations, only the branch name+link part was changed and is now escaped with `HTMLFormat` before being passed to TrN

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7740
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
2025-05-02 14:25:05 +00:00
Gusted
df5d656827 feat: consider WebAuthn & SSH for instance signing (#7693)
- Currently the options `pubkey` and `twofa` only consider TOTP and GPG keys respectively. Adjust the code to also consider WebAuthn credentials and SSH keys.
- While adding the new unified functions I noticed that certain places also benefited from using these unified functions and took the liberty (where it was either a trivial translation or it was covered under testing) to use the new unified functions.
- Resolves forgejo/forgejo#7658
- Adds unit and integration tests.

Documentation PR: https://codeberg.org/forgejo/docs/pulls/1166

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7693
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-04-29 10:34:07 +00:00
Gusted
2ce7affc9a fix: set default restricted for OAuth2 user (#7683)
- The OAuthCallback code that is responsible for creating a new user, if one does not exist yet, did not use `[service].ALLOW_ONLY_EXTERNAL_REGISTRATION` as default value for the restricted field of a user.
- Resolves forgejo/forgejo#7681
- Add integration test.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7683
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-04-27 19:51:09 +00:00
Gusted
00761a15d1 chore: simplify GetDiff (#7682)
- Split `GetDiff` into two functions, `GetDiffSimple` and `GetDiffFull`. The former will do the bare minimum and really only get a Git diff while the latter does some extra stuff that's relevant for the frontend to show extra relevant.
- Use `GetDiffSimple` for API related calls, as they do not benefit nor are returning the extra information that `GetDiffFull` provides, this should show a measurable performance increase for API calls that returns commits and `/repos/{owner}/{repo}/pulls/{index}/files`.
- `GetDiffSimple` contains extra code comments about its interesting way to determine the before commit.
- Add unit tests to demonstrates that the logic for determining the before commit didn't change and the function still yields correct information.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7682
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-04-27 19:49:59 +00:00