commit 49fe13eb4abcce1e7cc5dfe0829a20882f383bbd Author: David Rotermund Date: Sat Feb 8 23:21:02 2025 +0100 10.0.0 base diff --git a/.air.toml b/.air.toml new file mode 100644 index 0000000..af18269 --- /dev/null +++ b/.air.toml @@ -0,0 +1,29 @@ +root = "." +tmp_dir = ".air" + +[build] +pre_cmd = ["killall -9 gitea 2>/dev/null || true"] # kill off potential zombie processes from previous runs +cmd = "make --no-print-directory backend" +bin = "gitea" +delay = 2000 +include_ext = ["go", "tmpl"] +include_file = ["main.go"] +include_dir = ["cmd", "models", "modules", "options", "routers", "services"] +exclude_dir = [ + "models/fixtures", + "models/migrations/fixtures", + "modules/avatar/identicon/testdata", + "modules/avatar/testdata", + "modules/git/tests", + "modules/migration/file_format_testdata", + "modules/markup/tests/repo/repo1_filepreview", + "routers/private/tests", + "services/gitdiff/testdata", + "services/migrations/testdata", + "services/webhook/sourcehut/testdata", +] +exclude_regex = ["_test.go$", "_gen.go$"] +stop_on_error = true + +[log] +main_only = true diff --git a/.deadcode-out b/.deadcode-out new file mode 100644 index 0000000..ae0d358 --- /dev/null +++ b/.deadcode-out @@ -0,0 +1,299 @@ +code.gitea.io/gitea/cmd + NoMainListener + +code.gitea.io/gitea/cmd/forgejo + ContextSetNoInit + ContextSetNoExit + ContextSetStderr + ContextGetStderr + ContextSetStdout + ContextSetStdin + +code.gitea.io/gitea/models + IsErrUpdateTaskNotExist + ErrUpdateTaskNotExist.Error + ErrUpdateTaskNotExist.Unwrap + IsErrSHANotFound + IsErrMergeDivergingFastForwardOnly + +code.gitea.io/gitea/models/actions + ScheduleList.GetUserIDs + ScheduleList.GetRepoIDs + ScheduleList.LoadTriggerUser + ScheduleList.LoadRepos + +code.gitea.io/gitea/models/asymkey + ErrGPGKeyAccessDenied.Error + ErrGPGKeyAccessDenied.Unwrap + HasDeployKey + +code.gitea.io/gitea/models/auth + GetSourceByName + WebAuthnCredentials + +code.gitea.io/gitea/models/db + TruncateBeans + InTransaction + DumpTables + +code.gitea.io/gitea/models/dbfs + file.renameTo + Create + Rename + +code.gitea.io/gitea/models/forgefed + GetFederationHost + +code.gitea.io/gitea/models/forgejo/semver + GetVersion + SetVersionString + SetVersion + +code.gitea.io/gitea/models/git + RemoveDeletedBranchByID + +code.gitea.io/gitea/models/issues + IsErrUnknownDependencyType + ErrNewIssueInsert.Error + IsErrIssueWasClosed + ChangeMilestoneStatus + +code.gitea.io/gitea/models/organization + GetTeamNamesByID + UpdateTeamUnits + SearchMembersOptions.ToConds + UsersInTeamsCount + +code.gitea.io/gitea/models/perm/access + GetRepoWriters + +code.gitea.io/gitea/models/project + UpdateColumnSorting + ChangeProjectStatus + +code.gitea.io/gitea/models/repo + DeleteAttachmentsByIssue + FindReposMapByIDs + IsErrTopicNotExist + ErrTopicNotExist.Error + ErrTopicNotExist.Unwrap + GetTopicByName + WatchRepoMode + +code.gitea.io/gitea/models/user + ErrUserInactive.Error + ErrUserInactive.Unwrap + IsErrExternalLoginUserAlreadyExist + IsErrExternalLoginUserNotExist + NewFederatedUser + IsErrUserSettingIsNotExist + GetUserAllSettings + DeleteUserSetting + GetUserEmailsByNames + GetUserNamesByIDs + +code.gitea.io/gitea/modules/activitypub + NewContext + Context.APClientFactory + +code.gitea.io/gitea/modules/assetfs + Bindata + +code.gitea.io/gitea/modules/auth/password/hash + DummyHasher.HashWithSaltBytes + NewDummyHasher + +code.gitea.io/gitea/modules/auth/password/pwn + WithHTTP + +code.gitea.io/gitea/modules/base + SetupGiteaRoot + +code.gitea.io/gitea/modules/cache + GetInt + WithNoCacheContext + RemoveContextData + +code.gitea.io/gitea/modules/charset + BreakWriter.Write + +code.gitea.io/gitea/modules/emoji + ReplaceCodes + +code.gitea.io/gitea/modules/eventsource + Event.String + +code.gitea.io/gitea/modules/forgefed + GetItemByType + JSONUnmarshalerFn + NotEmpty + ToRepository + OnRepository + +code.gitea.io/gitea/modules/git + AllowLFSFiltersArgs + AddChanges + AddChangesWithArgs + CommitChanges + CommitChangesWithArgs + SetUpdateHook + openRepositoryWithDefaultContext + IsTagExist + ToEntryMode + LimitedReaderCloser.Read + LimitedReaderCloser.Close + +code.gitea.io/gitea/modules/gitgraph + Parser.Reset + +code.gitea.io/gitea/modules/gitrepo + GetBranchCommitID + GetWikiDefaultBranch + +code.gitea.io/gitea/modules/graceful + Manager.TerminateContext + Manager.Err + Manager.Value + Manager.Deadline + +code.gitea.io/gitea/modules/hcaptcha + WithHTTP + +code.gitea.io/gitea/modules/hostmatcher + HostMatchList.AppendPattern + +code.gitea.io/gitea/modules/json + StdJSON.Marshal + StdJSON.Unmarshal + StdJSON.NewEncoder + StdJSON.NewDecoder + StdJSON.Indent + +code.gitea.io/gitea/modules/markup + GetRendererByType + RenderString + IsMarkupFile + +code.gitea.io/gitea/modules/markup/console + Render + RenderString + +code.gitea.io/gitea/modules/markup/markdown + IsDetails + IsSummary + IsTaskCheckBoxListItem + IsIcon + RenderRawString + +code.gitea.io/gitea/modules/markup/markdown/math + WithInlineDollarParser + WithBlockDollarParser + +code.gitea.io/gitea/modules/markup/mdstripper + stripRenderer.AddOptions + StripMarkdown + +code.gitea.io/gitea/modules/markup/orgmode + RenderString + +code.gitea.io/gitea/modules/private + ActionsRunnerRegister + +code.gitea.io/gitea/modules/process + Manager.ExecTimeout + +code.gitea.io/gitea/modules/queue + newBaseChannelSimple + newBaseChannelUnique + newBaseRedisSimple + newBaseRedisUnique + testStateRecorder.Records + testStateRecorder.Reset + newWorkerPoolQueueForTest + +code.gitea.io/gitea/modules/queue/lqinternal + QueueItemIDBytes + QueueItemKeyBytes + ListLevelQueueKeys + +code.gitea.io/gitea/modules/setting + NewConfigProviderFromData + GitConfigType.GetOption + InitLoggersForTest + +code.gitea.io/gitea/modules/storage + ErrInvalidConfiguration.Error + IsErrInvalidConfiguration + +code.gitea.io/gitea/modules/structs + ParseCreateHook + ParsePushHook + +code.gitea.io/gitea/modules/sync + StatusTable.Start + StatusTable.IsRunning + +code.gitea.io/gitea/modules/timeutil + GetExecutableModTime + MockSet + MockUnset + +code.gitea.io/gitea/modules/translation + MockLocale.Language + MockLocale.TrString + MockLocale.Tr + MockLocale.TrN + MockLocale.TrSize + MockLocale.PrettyNumber + +code.gitea.io/gitea/modules/util + OptionalArg + +code.gitea.io/gitea/modules/util/filebuffer + CreateFromReader + +code.gitea.io/gitea/modules/validation + IsErrNotValid + +code.gitea.io/gitea/modules/web + RouteMock + RouteMockReset + +code.gitea.io/gitea/modules/web/middleware + DeleteLocaleCookie + +code.gitea.io/gitea/modules/zstd + NewWriter + Writer.Write + Writer.Close + +code.gitea.io/gitea/routers/web + NotFound + +code.gitea.io/gitea/routers/web/org + MustEnableProjects + +code.gitea.io/gitea/services/context + GetPrivateContext + +code.gitea.io/gitea/services/convert + ToSecret + +code.gitea.io/gitea/services/forms + DeadlineForm.Validate + +code.gitea.io/gitea/services/pull + IsCommitStatusContextSuccess + +code.gitea.io/gitea/services/repository + IsErrForkAlreadyExist + +code.gitea.io/gitea/services/repository/files + ContentType.String + GetFileResponseFromCommit + TemporaryUploadRepository.GetLastCommit + TemporaryUploadRepository.GetLastCommitByRef + +code.gitea.io/gitea/services/webhook + NewNotifier + diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000..4549974 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,42 @@ +{ + "name": "Gitea DevContainer", + "image": "mcr.microsoft.com/devcontainers/go:1.23-bullseye", + "features": { + // installs nodejs into container + "ghcr.io/devcontainers/features/node:1": { + "version": "20" + }, + "ghcr.io/devcontainers/features/git-lfs:1.2.3": {}, + "ghcr.io/devcontainers-contrib/features/poetry:2": {}, + "ghcr.io/devcontainers/features/python:1": { + "version": "3.12" + }, + "ghcr.io/warrenbuckley/codespace-features/sqlite:1": {} + }, + "customizations": { + "vscode": { + "settings": {}, + // same extensions as Gitpod, should match /.gitpod.yml + "extensions": [ + "editorconfig.editorconfig", + "dbaeumer.vscode-eslint", + "golang.go", + "stylelint.vscode-stylelint", + "DavidAnson.vscode-markdownlint", + "Vue.volar", + "ms-azuretools.vscode-docker", + "vitest.explorer", + "cweijan.vscode-database-client2", + "GitHub.vscode-pull-request-github", + "Azurite.azurite" + ] + } + }, + "portsAttributes": { + "3000": { + "label": "Gitea Web", + "onAutoForward": "notify" + } + }, + "postCreateCommand": "make deps" +} diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..a1611a1 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,114 @@ +# Compiled Object files, Static and Dynamic libs (Shared Objects) +*.o +*.a +*.so + +# Folders +_obj +_test + +# IntelliJ +.idea +# Goland's output filename can not be set manually +/go_build_* + +# MS VSCode +.vscode +__debug_bin* + +# Architecture specific extensions/prefixes +*.[568vq] +[568vq].out + +*.cgo1.go +*.cgo2.c +_cgo_defun.c +_cgo_gotypes.go +_cgo_export.* + +_testmain.go + +*.exe +*.test +*.prof + +*coverage.out +coverage.all +cpu.out + +/modules/migration/bindata.go +/modules/migration/bindata.go.hash +/modules/options/bindata.go +/modules/options/bindata.go.hash +/modules/public/bindata.go +/modules/public/bindata.go.hash +/modules/templates/bindata.go +/modules/templates/bindata.go.hash + +*.db +*.log + +/gitea +/gitea-vet +/debug +/integrations.test + +/bin +/dist +/custom/* +!/custom/conf +/custom/conf/* +!/custom/conf/app.example.ini +/data +/indexers +/log +/tests/integration/gitea-integration-* +/tests/integration/indexers-* +/tests/e2e/gitea-e2e-* +/tests/e2e/indexers-* +/tests/e2e/reports +/tests/e2e/test-artifacts +/tests/e2e/test-snapshots +/tests/*.ini +/yarn.lock +/yarn-error.log +/npm-debug.log* +/public/assets/js +/public/assets/css +/public/assets/fonts +/public/assets/img/avatar +/vendor +/web_src/fomantic/node_modules +/web_src/fomantic/build/* +!/web_src/fomantic/build/semantic.js +!/web_src/fomantic/build/semantic.css +!/web_src/fomantic/build/themes +/web_src/fomantic/build/themes/* +!/web_src/fomantic/build/themes/default +/web_src/fomantic/build/themes/default/assets/* +!/web_src/fomantic/build/themes/default/assets/fonts +/web_src/fomantic/build/themes/default/assets/fonts/* +!/web_src/fomantic/build/themes/default/assets/fonts/icons.woff2 +!/web_src/fomantic/build/themes/default/assets/fonts/outline-icons.woff2 +/VERSION +/.air +/.go-licenses + +# Files and folders that were previously generated +/public/assets/img/webpack + +# Snapcraft +snap/.snapcraft/ +parts/ +stage/ +prime/ +*.snap +*.snap-build +*_source.tar.bz2 +.DS_Store + +# Make evidence files +/.make_evidence + +# Manpage +/man diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..8e2234e --- /dev/null +++ b/.editorconfig @@ -0,0 +1,28 @@ +root = true + +[*] +indent_style = space +indent_size = 2 +tab_width = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = true + +[{*.{go,tmpl,html},Makefile,go.mod}] +indent_style = tab + +[templates/custom/*.tmpl] +insert_final_newline = false + +[templates/swagger/v1_json.tmpl] +indent_style = space + +[templates/user/auth/oidc_wellknown.tmpl] +indent_style = space + +[*.svg] +insert_final_newline = false + +[options/locale/locale_*.ini] +insert_final_newline = false diff --git a/.envrc.example b/.envrc.example new file mode 100644 index 0000000..3550a30 --- /dev/null +++ b/.envrc.example @@ -0,0 +1 @@ +use flake diff --git a/.forgejo/cascading-pr-end-to-end b/.forgejo/cascading-pr-end-to-end new file mode 100755 index 0000000..8013fde --- /dev/null +++ b/.forgejo/cascading-pr-end-to-end @@ -0,0 +1,34 @@ +#!/bin/bash + +set -ex + +end_to_end=$1 +end_to_end_pr=$2 +forgejo=$3 +forgejo_pr_or_ref=$4 + +cd $forgejo +full_version=$(make show-version-full) +minor_version=$(make show-version-minor) + +cd $end_to_end + +if ! test -f forgejo/sources/$minor_version; then + echo "FAIL: forgejo/sources/$minor_version does not exist in the end-to-end repository" + false +fi + +echo -n $minor_version >forgejo/build-from-sources +date >last-upgrade + +if test -f "$forgejo_pr_or_ref"; then + forgejo_pr=$forgejo_pr_or_ref + head_url=$(jq --raw-output .head.repo.html_url <$forgejo_pr) + test "$head_url" != null + branch=$(jq --raw-output .head.ref <$forgejo_pr) + test "$branch" != null + echo $head_url $branch $full_version >forgejo/sources/$minor_version +else + forgejo_ref=$forgejo_pr_or_ref + echo $GITHUB_SERVER_URL/$GITHUB_REPOSITORY ${forgejo_ref#refs/heads/} $full_version >forgejo/sources/$minor_version +fi diff --git a/.forgejo/cascading-release-end-to-end b/.forgejo/cascading-release-end-to-end new file mode 100755 index 0000000..9be0737 --- /dev/null +++ b/.forgejo/cascading-release-end-to-end @@ -0,0 +1,22 @@ +#!/bin/bash + +set -ex + +end_to_end=$1 +end_to_end_pr=$2 +forgejo=$3 +forgejo_ref=$4 + +cd $end_to_end +date >last-upgrade +organizations=lib/ORGANIZATIONS +if ! test -f $organizations; then + echo "$organizations file not found" + false +fi +# +# Inverse the order of lookup because the goal in the release built +# pipeline is to test the latest build, if available, instead of the +# stable version by the same version. +# +echo forgejo-integration forgejo-experimental forgejo >$organizations diff --git a/.forgejo/issue_template/bug-report-ui.yaml b/.forgejo/issue_template/bug-report-ui.yaml new file mode 100644 index 0000000..57d578b --- /dev/null +++ b/.forgejo/issue_template/bug-report-ui.yaml @@ -0,0 +1,57 @@ +name: 🦋 Bug Report (web interface / frontend) +description: Something doesn't look quite as it should? Report it here! +title: "bug: " +labels: ["bug/new-report", "forgejo/ui"] +body: +- type: markdown + attributes: + value: | + **NOTE: If your issue is a security concern, please email (GPG: `A4676E79`) instead of opening a public issue.** +- type: markdown + attributes: + value: | + - Please speak English, as this is the language all maintainers can speak and write. + - Be as clear and concise as possible. A very verbose report is harder to interpret in a concrete way. + - Be civil, and follow the [Forgejo Code of Conduct](https://codeberg.org/forgejo/code-of-conduct). + - Take a moment to [check that your issue hasn't been reported before](https://codeberg.org/forgejo/forgejo/issues?q=&type=all&labels=78137). +- type: dropdown + id: can-reproduce + attributes: + label: Can you reproduce the bug on the Forgejo test instance? + description: | + Please try reproducing your issue at https://dev.next.forgejo.org. + It is running the latest development branch and will confirm the problem is not already fixed. + If you can reproduce it, provide a URL in the description. + options: + - "Yes" + - "No" + validations: + required: true +- type: textarea + id: description + attributes: + label: Description + description: | + Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see above). + If you think this is a JavaScript error, include a copy of the JavaScript console. + validations: + required: true +- type: textarea + id: screenshots + attributes: + label: Screenshots + description: Please provide at least one screenshot showing the issue. + validations: + required: true +- type: input + id: forgejo-ver + attributes: + label: Forgejo Version + description: Forgejo version (or commit reference) your instance is running +- type: input + id: browser-ver + attributes: + label: Browser Version + description: The browser and version that you are using to access Forgejo + validations: + required: true diff --git a/.forgejo/issue_template/bug-report.yaml b/.forgejo/issue_template/bug-report.yaml new file mode 100644 index 0000000..6e9b116 --- /dev/null +++ b/.forgejo/issue_template/bug-report.yaml @@ -0,0 +1,72 @@ +name: 🐛 Bug Report (server / backend) +description: Found something you weren't expecting? Report it here! +title: "bug: " +labels: bug/new-report +body: +- type: markdown + attributes: + value: | + **NOTE: If your issue is a security concern, please email (GPG: `A4676E79`) instead of opening a public issue.** +- type: markdown + attributes: + value: | + - Please speak English, as this is the language all maintainers can speak and write. + - Be as clear and concise as possible. A very verbose report is harder to interpret in a concrete way. + - Be civil, and follow the [Forgejo Code of Conduct](https://codeberg.org/forgejo/code-of-conduct). + - Take a moment to [check that your issue hasn't been reported before](https://codeberg.org/forgejo/forgejo/issues?q=&type=all&labels=78137). +- type: dropdown + id: can-reproduce + attributes: + label: Can you reproduce the bug on the Forgejo test instance? + description: | + Please try reproducing your issue at https://dev.next.forgejo.org. + It is running the latest development branch and will confirm the problem is not already fixed. + If you can reproduce it, provide a URL in the description. + options: + - "Yes" + - "No" + validations: + required: true +- type: textarea + id: description + attributes: + label: Description + description: | + Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see above). + validations: + required: true +- type: input + id: forgejo-ver + attributes: + label: Forgejo Version + description: Forgejo version (or commit reference) of your instance +- type: textarea + id: run-info + attributes: + label: How are you running Forgejo? + description: | + Please include information on whether you built Forgejo yourself, used one of our downloads, or are using some other package. + Please also tell us how you are running Forgejo, e.g. if it is being run from a container, a command-line, systemd etc. + If you are using a package or systemd tell us what distribution you are using. + validations: + required: true +- type: textarea + id: logs + attributes: + label: Logs + description: | + It's really important to provide pertinent logs. You must give us `DEBUG` level logs. + Please read https://forgejo.org/docs/latest/admin/logging-documentation/. + In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of `app.ini`. + + Please copy and paste your logs here, with any sensitive information (e.g. API keys) removed/hidden. + You can wrap your logs in `
...
` tags so it doesn't take up too much space in the issue. +- type: dropdown + id: database + attributes: + label: Database + description: What database system are you running? + options: + - SQLite + - PostgreSQL + - MySQL diff --git a/.forgejo/issue_template/config.yml b/.forgejo/issue_template/config.yml new file mode 100644 index 0000000..f2ea8d9 --- /dev/null +++ b/.forgejo/issue_template/config.yml @@ -0,0 +1,16 @@ +contact_links: + - name: 🔓 Security Reports + url: mailto:security@forgejo.org + about: "Please email (See https://forgejo.org/.well-known/security.txt)." + - name: 💬 Matrix Chat Room + url: https://matrix.to/#/#forgejo-chat:matrix.org + about: Please ask questions and discuss configuration or deployment problems here. + - name: 💬 Matrix Space + url: https://matrix.to/#/#forgejo:matrix.org + about: A collection of Matrix rooms relating to Forgejo in addition to the main chat room. + - name: 📚 Documentation + url: https://forgejo.org/docs/latest/ + about: Documentation about Forgejo. + - name: ❓ Frequently Asked Questions + url: https://forgejo.org/faq/ + about: Please check if your question is mentioned here. diff --git a/.forgejo/issue_template/feature-request.yaml b/.forgejo/issue_template/feature-request.yaml new file mode 100644 index 0000000..0996680 --- /dev/null +++ b/.forgejo/issue_template/feature-request.yaml @@ -0,0 +1,31 @@ +name: 💡 Feature Request +description: Got an idea for a feature that Forgejo doesn't have yet? Suggest it here! +title: "feat: " +labels: ["enhancement/feature"] +body: +- type: markdown + attributes: + value: | + - Please speak English, as this is the language all maintainers can speak and write. + - Be as clear and concise as possible. A very verbose request is harder to interpret in a concrete way. + - Be civil, and follow the [Forgejo Code of Conduct](https://codeberg.org/forgejo/code-of-conduct). + - Please make sure you are using the latest release of Forgejo and take a moment to [check that your feature hasn't already been suggested](https://codeberg.org/forgejo/forgejo/issues?q=&type=all&labels=78139). +- type: textarea + id: needs-benefits + attributes: + label: Needs and benefits + description: As concisely as possible, describe the benefits your feature request will provide or the problems it will try to solve. + validations: + required: true +- type: textarea + id: description + attributes: + label: Feature Description + description: As concisely as possible, describe the feature you would like to see added or the changes you would like to see made to Forgejo. + validations: + required: true +- type: textarea + id: screenshots + attributes: + label: Screenshots + description: If you can, provide screenshots of an implementation on another site, e.g. GitHub. diff --git a/.forgejo/pull_request_template.md b/.forgejo/pull_request_template.md new file mode 100644 index 0000000..d30af48 --- /dev/null +++ b/.forgejo/pull_request_template.md @@ -0,0 +1,33 @@ +--- + +name: "Pull Request Template" +about: "Template for all Pull Requests" +labels: + +- test/needed + +--- + +## Checklist + +The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). + +### Tests + +- I added test coverage for Go changes... + - [ ] in their respective `*_test.go` for unit tests. + - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. +- I added test coverage for JavaScript changes... + - [ ] in `web_src/js/*.test.js` if it can be unit tested. + - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). + +### Documentation + +- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. +- [ ] I did not document these changes and I do not expect someone else to do it. + +### Release notes + +- [ ] I do not want this change to show in the release notes. +- [ ] I want the title to show in the release notes with a link to this pull request. +- [ ] I want the content of the `release-notes/.md` to be be used for the release notes instead of the title. diff --git a/.forgejo/testdata/build-release/Dockerfile b/.forgejo/testdata/build-release/Dockerfile new file mode 100644 index 0000000..1116f45 --- /dev/null +++ b/.forgejo/testdata/build-release/Dockerfile @@ -0,0 +1,6 @@ +FROM data.forgejo.org/oci/alpine:3.20 +ARG RELEASE_VERSION=unkown +LABEL maintainer="contact@forgejo.org" \ + org.opencontainers.image.version="${RELEASE_VERSION}" +RUN mkdir -p /app/gitea +RUN ( echo '#!/bin/sh' ; echo "echo forgejo v$RELEASE_VERSION" ) > /app/gitea/gitea ; chmod +x /app/gitea/gitea diff --git a/.forgejo/testdata/build-release/Makefile b/.forgejo/testdata/build-release/Makefile new file mode 100644 index 0000000..406acd0 --- /dev/null +++ b/.forgejo/testdata/build-release/Makefile @@ -0,0 +1,5 @@ +VERSION ?= $(shell cat VERSION 2>/dev/null) +sources-tarbal: + mkdir -p dist/release + echo $(VERSION) > VERSION + sources=forgejo-src-$(VERSION).tar.gz ; tar --transform 's|^./|forgejo-src-$(VERSION)/|' -czf dist/release/forgejo-src-$(VERSION).tar.gz . ; cd dist/release ; shasum -a 256 $$sources > $$sources.sha256 diff --git a/.forgejo/testdata/build-release/go.mod b/.forgejo/testdata/build-release/go.mod new file mode 100644 index 0000000..729cb6f --- /dev/null +++ b/.forgejo/testdata/build-release/go.mod @@ -0,0 +1,3 @@ +module code.gitea.io/gitea + +go 1.23.3 diff --git a/.forgejo/testdata/build-release/modules/public/bindata.go b/.forgejo/testdata/build-release/modules/public/bindata.go new file mode 100644 index 0000000..e69de29 diff --git a/.forgejo/testdata/build-release/public/assets/css/placeholder b/.forgejo/testdata/build-release/public/assets/css/placeholder new file mode 100644 index 0000000..e69de29 diff --git a/.forgejo/testdata/build-release/public/assets/fonts/placeholder b/.forgejo/testdata/build-release/public/assets/fonts/placeholder new file mode 100644 index 0000000..e69de29 diff --git a/.forgejo/testdata/build-release/public/assets/js/placeholder b/.forgejo/testdata/build-release/public/assets/js/placeholder new file mode 100644 index 0000000..e69de29 diff --git a/.forgejo/workflows-composite/apt-install-from/action.yaml b/.forgejo/workflows-composite/apt-install-from/action.yaml new file mode 100644 index 0000000..615e7cb --- /dev/null +++ b/.forgejo/workflows-composite/apt-install-from/action.yaml @@ -0,0 +1,29 @@ +inputs: + packages: + description: 'Packages to install' + required: true + release: + description: 'Release to install from' + default: testing + +runs: + using: "composite" + steps: + - name: setup apt package source + run: | + export DEBIAN_FRONTEND=noninteractive + echo "deb http://deb.debian.org/debian/ ${RELEASE} main" > "/etc/apt/sources.list.d/${RELEASE}.list" + env: + RELEASE: ${{inputs.release}} + - name: install packages + run: | + apt-get update -qq + apt-get -q install -qq -y ${PACKAGES} + env: + PACKAGES: ${{inputs.packages}} + - name: remove temporary package list to prevent using it in other steps + run: | + rm "/etc/apt/sources.list.d/${RELEASE}.list" + apt-get update -qq + env: + RELEASE: ${{inputs.release}} diff --git a/.forgejo/workflows-composite/build-backend/action.yaml b/.forgejo/workflows-composite/build-backend/action.yaml new file mode 100644 index 0000000..ada372b --- /dev/null +++ b/.forgejo/workflows-composite/build-backend/action.yaml @@ -0,0 +1,15 @@ +runs: + using: "composite" + steps: + - run: | + su forgejo -c 'make deps-backend' + - uses: actions/cache@v4 + id: cache-backend + with: + path: ${{github.workspace}}/gitea + key: backend-build-${{ github.sha }} + - if: steps.cache-backend.outputs.cache-hit != 'true' + run: | + su forgejo -c 'make backend' + env: + TAGS: bindata diff --git a/.forgejo/workflows-composite/setup-cache-go/action.yaml b/.forgejo/workflows-composite/setup-cache-go/action.yaml new file mode 100644 index 0000000..67372d9 --- /dev/null +++ b/.forgejo/workflows-composite/setup-cache-go/action.yaml @@ -0,0 +1,59 @@ +# SPDX-License-Identifier: MIT +name: 'Forgejo Actions to setup Go and cache dependencies' +author: 'Forgejo authors' +description: | + Wrap the setup-go with improved dependency caching. +inputs: + username: + description: 'User for which to manage the dependency cache' + default: root + +runs: + using: "composite" + steps: + - name: "Install zstd for faster caching" + run: | + apt-get update -qq + apt-get -q install -qq -y zstd + + - name: "Set up Go using setup-go" + uses: https://data.forgejo.org/actions/setup-go@v5 + id: go-version + with: + go-version-file: "go.mod" + # do not cache dependencies, we do this manually + cache: false + + - name: "Get go environment information" + id: go-environment + run: | + echo "modcache=$(su ${RUN_AS_USER} -c '/opt/hostedtoolcache/go/${GO_VERSION}/x64/bin/go env GOMODCACHE')" >> "$GITHUB_OUTPUT" + echo "cache=$(su ${RUN_AS_USER} -c '/opt/hostedtoolcache/go/${GO_VERSION}/x64/bin/go env GOCACHE')" >> "$GITHUB_OUTPUT" + env: + RUN_AS_USER: ${{ inputs.username }} + GO_VERSION: ${{ steps.go-version.outputs.go-version }} + + - name: "Create cache folders with correct permissions (for non-root users)" + if: inputs.username != 'root' + # when the cache is restored, only the permissions of the last part are restored + # so assuming that /home/user exists and we are restoring /home/user/go/pkg/mod, + # both folders will have the correct permissions, but + # /home/user/go and /home/user/go/pkg might be owned by root + run: | + su ${RUN_AS_USER} -c 'mkdir -p "${MODCACHE_DIR}" "${CACHE_DIR}"' + env: + RUN_AS_USER: ${{ inputs.username }} + MODCACHE_DIR: ${{ steps.go-environment.outputs.modcache }} + CACHE_DIR: ${{ steps.go-environment.outputs.cache }} + + - name: "Restore Go dependencies from cache or mark for later caching" + id: cache-deps + uses: actions/cache@v4 + with: + key: setup-cache-go-deps-${{ runner.os }}-${{ inputs.username }}-${{ steps.go-version.outputs.go_version }}-${{ hashFiles('go.sum', 'go.mod') }} + restore-keys: | + setup-cache-go-deps-${{ runner.os }}-${{ inputs.username }}-${{ steps.go-version.outputs.go_version }}- + setup-cache-go-deps-${{ runner.os }}-${{ inputs.username }}- + path: | + ${{ steps.go-environment.outputs.modcache }} + ${{ steps.go-environment.outputs.cache }} diff --git a/.forgejo/workflows-composite/setup-env/action.yaml b/.forgejo/workflows-composite/setup-env/action.yaml new file mode 100644 index 0000000..28216e9 --- /dev/null +++ b/.forgejo/workflows-composite/setup-env/action.yaml @@ -0,0 +1,25 @@ +# TODO: +# - [ ] prepare a forgejo ci image with the necessary tools and forgejo user +runs: + using: "composite" + steps: + - name: setup user and permissions + run: | + git config --add safe.directory '*' + # ignore if the user already exists (like with the playwright image) + adduser --quiet --comment forgejo --disabled-password forgejo || true + chown -R forgejo:forgejo . + + - uses: ./.forgejo/workflows-composite/setup-cache-go + with: + username: forgejo + + - name: validate go version + run: | + set -ex + toolchain=$(grep -oP '(?<=toolchain ).+' go.mod) + version=$(go version | cut -d' ' -f3) + if [ "$toolchain" != "$version" ]; then + echo "go version mismatch: $toolchain <> $version" + exit 1 + fi diff --git a/.forgejo/workflows/backport.yml b/.forgejo/workflows/backport.yml new file mode 100644 index 0000000..795557d --- /dev/null +++ b/.forgejo/workflows/backport.yml @@ -0,0 +1,61 @@ +# Copyright 2024 The Forgejo Authors +# SPDX-License-Identifier: MIT +# +# To modify this workflow: +# +# - change pull_request_target: to pull_request: +# so that it runs from a pull request instead of the default branch +# +# - push it to the wip-ci-backport branch on the forgejo repository +# otherwise it will not have access to the secrets required to push +# the PR +# +# - open a pull request targetting wip-ci-backport that includes a change +# that can be backported without conflict in v1.21 and set the +# `backport/v1.21` label. +# +# - once it works, open a pull request for the sake of keeping track +# of the change even if the PR won't run it because it will use +# whatever is in the default branch instead +# +# - after it is merged, double check it works by setting a +# `backport/v1.21` label on a merged pull request that can be backported +# without conflict. +# +name: issue-labels + +on: + pull_request_target: + types: + - closed + - labeled + +jobs: + backporting: + if: > + ( vars.ROLE == 'forgejo-coding' ) && ( + github.event.pull_request.merged + && + contains(toJSON(github.event.pull_request.labels), 'backport/v') + ) + runs-on: docker + container: + image: 'data.forgejo.org/oci/node:20-bookworm' + steps: + - name: event info + run: | + cat <<'EOF' + ${{ toJSON(github) }} + EOF + - uses: https://data.forgejo.org/actions/git-backporting@v4.8.4 + with: + target-branch-pattern: "^backport/(?(v.*))$" + strategy: ort + strategy-option: find-renames + cherry-pick-options: -x + auth: ${{ secrets.BACKPORT_TOKEN }} + pull-request: ${{ github.event.pull_request.url }} + auto-no-squash: true + enable-err-notification: true + git-user: forgejo-backport-action + git-email: forgejo-backport-action@noreply.codeberg.org diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml new file mode 100644 index 0000000..6410915 --- /dev/null +++ b/.forgejo/workflows/build-release-integration.yml @@ -0,0 +1,135 @@ +name: Integration tests for the release process + +on: + push: + paths: + - Makefile + - Dockerfile + - Dockerfile.rootless + - docker/** + - .forgejo/workflows/build-release.yml + - .forgejo/workflows/build-release-integration.yml + branches-ignore: + - renovate/** + pull_request: + paths: + - Makefile + - Dockerfile + - Dockerfile.rootless + - docker/** + - .forgejo/workflows/build-release.yml + - .forgejo/workflows/build-release-integration.yml + +jobs: + release-simulation: + if: vars.ROLE == 'forgejo-coding' + runs-on: lxc-bookworm + steps: + - uses: actions/checkout@v4 + + - id: forgejo + uses: https://data.forgejo.org/actions/setup-forgejo@v2.0.4 + with: + user: root + password: admin1234 + image-version: 1.21 + lxc-ip-prefix: 10.0.9 + + - name: publish the forgejo release + shell: bash + run: | + set -x + + cat > /etc/docker/daemon.json < $binary$suffix + if test "$suffix" = .xz ; then + unxz --keep $binary$suffix + fi + chmod +x $binary + ./$binary --version | grep $version + curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$binary$suffix.sha256 > $binary$suffix.sha256 + shasum -a 256 --check $binary$suffix.sha256 + rm $binary$suffix + done + done + + local sources=forgejo-src-$version.tar.gz + curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$sources > $sources + curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$sources.sha256 > $sources.sha256 + shasum -a 256 --check $sources.sha256 + + docker pull ${{ steps.forgejo.outputs.host-port }}/root/forgejo:$version + docker pull ${{ steps.forgejo.outputs.host-port }}/root/forgejo:$version-rootless + } + + # + # Create a new project with a fake forgejo and the release workflow only + # + cp -a .forgejo/testdata/build-release/* $dir + mkdir -p $dir/.forgejo/workflows + cp .forgejo/workflows/build-release.yml $dir/.forgejo/workflows + cp $dir/Dockerfile $dir/Dockerfile.rootless + + forgejo-test-helper.sh push $dir $url root forgejo + + forgejo-curl.sh api_json -X PUT --data-raw '{"data":"${{ steps.forgejo.outputs.token }}"}' $url/api/v1/repos/root/forgejo/actions/secrets/TOKEN + forgejo-curl.sh api_json -X PUT --data-raw '{"data":"root"}' $url/api/v1/repos/root/forgejo/actions/secrets/DOER + forgejo-curl.sh api_json -X PUT --data-raw '{"data":"true"}' $url/api/v1/repos/root/forgejo/actions/secrets/VERBOSE + + # + # Push a tag to trigger the release workflow and wait for it to complete + # + version=1.2.3 + sha=$(forgejo-test-helper.sh branch_tip $url root/forgejo main) + forgejo-curl.sh api_json --data-raw '{"tag_name": "v'$version'", "target": "'$sha'"}' $url/api/v1/repos/root/forgejo/tags + LOOPS=180 forgejo-test-helper.sh wait_success "$url" root/forgejo $sha + sanity_check $url $version + + # + # Push a commit to a branch that triggers the build of a test release + # + version=1.2-test + ( + git clone $url/root/forgejo /tmp/forgejo + cd /tmp/forgejo + date > DATE + git config user.email root@example.com + git config user.name username + git add . + git commit -m 'update' + git push $url/root/forgejo main:forgejo + ) + sha=$(forgejo-test-helper.sh branch_tip $url root/forgejo forgejo) + LOOPS=180 forgejo-test-helper.sh wait_success "$url" root/forgejo $sha + sanity_check $url $version + + - name: full logs + if: always() + run: | + sed -e 's/^/[RUNNER LOGS] /' ${{ steps.forgejo.outputs.runner-logs }} + docker logs forgejo | sed -e 's/^/[FORGEJO LOGS]/' + sleep 5 # hack to avoid mixing outputs in Forgejo v1.21 diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml new file mode 100644 index 0000000..9d88cb4 --- /dev/null +++ b/.forgejo/workflows/build-release.yml @@ -0,0 +1,237 @@ +# +# See also https://forgejo.org/docs/next/contributor/release/#stable-release-process +# +# https://codeberg.org/forgejo-integration/forgejo +# +# Builds a release from a codeberg.org/forgejo-integration tag +# +# vars.ROLE: forgejo-integration +# +# secrets.DOER: forgejo-experimental-ci +# secrets.TOKEN: scope read:user, write:repository, write:package +# +# secrets.CASCADE_ORIGIN_TOKEN: scope read:user, write:repository, write:issue +# secrets.CASCADE_DESTINATION_TOKEN: scope read:user, write:repository, write:issue +# vars.CASCADE_DESTINATION_DOER: forgejo-ci +# +# vars.SKIP_END_TO_END: `true` or `false` +# It must be `false` (or absent) so https://code.forgejo.org/forgejo/end-to-end is run +# with the newly built release. +# It must be set to `true` when a release is missing, for instance because it was +# removed and failed to upload. +# +on: + push: + tags: 'v[0-9]+.[0-9]+.*' + branches: + - 'forgejo' + - 'v*/forgejo' + +jobs: + release: + runs-on: lxc-bookworm + # root is used for testing, allow it + if: vars.ROLE == 'forgejo-integration' || github.repository_owner == 'root' + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Sanitize the name of the repository + id: repository + run: | + repository="${{ github.repository }}" + echo "value=${repository##*/}" >> "$GITHUB_OUTPUT" + + - uses: https://data.forgejo.org/actions/setup-node@v4 + with: + node-version: 20 + + - uses: https://data.forgejo.org/actions/setup-go@v5 + with: + go-version-file: "go.mod" + + - name: version from ref + id: release-info + shell: bash + run: | + set -x + ref="${{ github.ref }}" + if [[ $ref =~ ^refs/heads/ ]] ; then + if test "$ref" = "refs/heads/forgejo" ; then + version=$(git tag -l --sort=version:refname --merged | grep -v -e '-test$' | tail -1 | sed -E -e 's/^(v[0-9]+\.[0-9]+).*/\1/')-test + else + version=${ref#refs/heads/} + version=${version%/forgejo}-test + fi + override=true + fi + if [[ $ref =~ ^refs/tags/ ]] ; then + version=${ref#refs/tags/} + override=false + fi + if test -z "$version" ; then + echo failed to figure out the release version from the reference=$ref + exit 1 + fi + version=${version#v} + git describe --exclude '*-test' --tags --always + echo "sha=${{ github.sha }}" >> "$GITHUB_OUTPUT" + echo "version=$version" >> "$GITHUB_OUTPUT" + echo "override=$override" >> "$GITHUB_OUTPUT" + + - name: release notes + id: release-notes + run: | + anchor=${{ steps.release-info.outputs.version }} + anchor=${anchor//./-} + cat >> "$GITHUB_OUTPUT" < 2.0.1 + # css-loader: 6.8.1 => 6.8.1 + # esbuild-loader: 3.0.1 => 3.0.1 + # license-checker-webpack-plugin: 0.2.1 => 0.2.1 + # monaco-editor-webpack-plugin: 7.0.1 => 7.0.1 + # vue-loader: 17.2.2 => 17.2.2 + # webpack: 5.87.0 => 5.87.0 + # webpack-cli: 5.1.4 => 5.1.4 + # + chown -R $(id -u) . + make VERSION=$version TAGS=bindata sources-tarbal + mv dist/release release + + ( + tmp=$(mktemp -d) + tar --directory $tmp -zxvf release/*$version*.tar.gz + cd $tmp/* + # + # Verify `make frontend` files are available + # + test -d public/assets/css + test -d public/assets/fonts + test -d public/assets/js + # + # Verify `make generate` files are available + # + test -f modules/public/bindata.go + # + # Sanity check to verify that the source tarbal knows the + # version and is able to rebuild itself from it. + # + # When in sources the version is determined with git. + # When in the tarbal the version is determined from a VERSION file. + # + make sources-tarbal + tarbal=$(echo dist/release/*$version*.tar.gz) + if ! test -f $tarbal ; then + echo $tarbal does not exist + find dist release + exit 1 + fi + ) + + - name: build container & release + if: ${{ secrets.TOKEN != '' }} + uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.3.1 + with: + forgejo: "${{ env.GITHUB_SERVER_URL }}" + owner: "${{ env.GITHUB_REPOSITORY_OWNER }}" + repository: "${{ steps.repository.outputs.value }}" + doer: "${{ secrets.DOER }}" + release-version: "${{ steps.release-info.outputs.version }}" + sha: "${{ steps.release-info.outputs.sha }}" + token: "${{ secrets.TOKEN }}" + platforms: linux/amd64,linux/arm64,linux/arm/v6 + release-notes: "${{ steps.release-notes.outputs.value }}" + binary-name: forgejo + binary-path: /app/gitea/gitea + override: "${{ steps.release-info.outputs.override }}" + verify-labels: "maintainer=contact@forgejo.org,org.opencontainers.image.version=${{ steps.release-info.outputs.version }}" + verbose: ${{ vars.VERBOSE || secrets.VERBOSE || 'false' }} + + - name: build rootless container + if: ${{ secrets.TOKEN != '' }} + uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.3.1 + with: + forgejo: "${{ env.GITHUB_SERVER_URL }}" + owner: "${{ env.GITHUB_REPOSITORY_OWNER }}" + repository: "${{ steps.repository.outputs.value }}" + doer: "${{ secrets.DOER }}" + release-version: "${{ steps.release-info.outputs.version }}" + sha: "${{ steps.release-info.outputs.sha }}" + token: "${{ secrets.TOKEN }}" + platforms: linux/amd64,linux/arm64,linux/arm/v6 + suffix: -rootless + dockerfile: Dockerfile.rootless + override: "${{ steps.release-info.outputs.override }}" + verify-labels: "maintainer=contact@forgejo.org,org.opencontainers.image.version=${{ steps.release-info.outputs.version }}" + verbose: ${{ vars.VERBOSE || secrets.VERBOSE || 'false' }} + + - name: end-to-end tests + if: ${{ secrets.TOKEN != '' && vars.ROLE == 'forgejo-integration' && vars.SKIP_END_TO_END != 'true' }} + uses: https://data.forgejo.org/actions/cascading-pr@v2.2.0 + with: + origin-url: ${{ env.GITHUB_SERVER_URL }} + origin-repo: ${{ github.repository }} + origin-token: ${{ secrets.CASCADE_ORIGIN_TOKEN }} + origin-ref: refs/heads/forgejo + destination-url: https://code.forgejo.org + destination-fork-repo: ${{ vars.CASCADE_DESTINATION_DOER }}/end-to-end + destination-repo: forgejo/end-to-end + destination-branch: main + destination-token: ${{ secrets.CASCADE_DESTINATION_TOKEN }} + update: .forgejo/cascading-release-end-to-end + + - name: copy to experimental + if: vars.ROLE == 'forgejo-integration' && secrets.TOKEN != '' + run: | + if test "${{ vars.VERBOSE }}" = true ; then + set -x + fi + tag=v${{ steps.release-info.outputs.version }} + url=https://any:${{ secrets.TOKEN }}@codeberg.org + if test "${{ steps.release-info.outputs.override }}" = "true" ; then + curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/releases/tags/$tag > /dev/null + curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/tags/$tag > /dev/null + fi + # actions/checkout@v3 sets http.https://codeberg.org/.extraheader with the automatic token. + # Get rid of it so it does not prevent using the token that has write permissions + git config --local --unset http.https://codeberg.org/.extraheader + if test -f .git/shallow ; then + echo "unexptected .git/shallow file is present" + echo "it suggests a checkout --depth X was used which may prevent pushing the commit" + echo "it happens when actions/checkout is called without depth: 0" + fi + git push $url/forgejo-experimental/forgejo ${{ steps.release-info.outputs.sha }}:refs/tags/$tag diff --git a/.forgejo/workflows/cascade-setup-end-to-end.yml b/.forgejo/workflows/cascade-setup-end-to-end.yml new file mode 100644 index 0000000..710cd27 --- /dev/null +++ b/.forgejo/workflows/cascade-setup-end-to-end.yml @@ -0,0 +1,57 @@ +# Copyright 2024 The Forgejo Authors +# SPDX-License-Identifier: MIT +# +# To modify this workflow: +# +# - push it to the wip-ci-end-to-end branch on the forgejo repository +# otherwise it will not have access to the secrets required to push +# the cascading PR +# +# - once it works, open a pull request for the sake of keeping track +# of the change even if the PR won't run it because it will use +# whatever is in the default branch instead +# +# - after it is merged, double check it works by setting the +# run-end-to-end-test on a pull request (any pull request will do) +# +name: issue-labels + +on: + push: + branches: + - 'wip-ci-end-to-end' + pull_request_target: + types: + - labeled + +jobs: + cascade: + if: > + vars.ROLE == 'forgejo-coding' && ( + github.event_name == 'push' || + ( + github.event.action == 'label_updated' && github.event.label.name == 'run-end-to-end-tests' + ) + ) + runs-on: docker + container: + image: data.forgejo.org/oci/node:20-bookworm + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: '0' + show-progress: 'false' + - uses: https://code.forgejo.org/actions/cascading-pr@v2.2.0 + with: + origin-url: ${{ env.GITHUB_SERVER_URL }} + origin-repo: ${{ github.repository }} + origin-token: ${{ secrets.END_TO_END_CASCADING_PR_ORIGIN }} + origin-pr: ${{ github.event.pull_request.number }} + origin-ref: ${{ github.event_name == 'push' && github.event.ref || '' }} + destination-url: https://code.forgejo.org + destination-fork-repo: cascading-pr/end-to-end + destination-repo: forgejo/end-to-end + destination-branch: main + destination-token: ${{ secrets.END_TO_END_CASCADING_PR_DESTINATION }} + close-merge: true + update: .forgejo/cascading-pr-end-to-end diff --git a/.forgejo/workflows/forgejo-integration-cleanup.yml b/.forgejo/workflows/forgejo-integration-cleanup.yml new file mode 100644 index 0000000..9cef5fa --- /dev/null +++ b/.forgejo/workflows/forgejo-integration-cleanup.yml @@ -0,0 +1,39 @@ +on: + workflow_dispatch: + + schedule: + - cron: '@daily' + +jobs: + integration-cleanup: + if: vars.ROLE == 'forgejo-integration' + runs-on: docker + container: + image: 'data.forgejo.org/oci/node:20-bookworm' + steps: + + - name: apt install curl jq + run: | + export DEBIAN_FRONTEND=noninteractive + apt-get update -qq + apt-get -q install -qq -y curl jq + + - name: remove old releases and tags + run: | + url=https://any:${{ secrets.TOKEN }}@codeberg.org + curl -sS "$url/api/v1/repos/forgejo-integration/forgejo/releases" | jq -r '.[] | "\(.published_at) \(.tag_name)"' | sort | while read published_at version ; do + if echo $version | grep -e '-test$' >/dev/null; then + old="18 months" + else + old="1 day" + fi + too_old=$(env -i date --date="- $old" +%F) + too_old_seconds=$(env -i date --date="- $old" +%s) + published_at_seconds=$(env -i date --date="$published_at" +%s) + if test $published_at_seconds -le $too_old_seconds ; then + echo "$version was published more than $old ago ($published_at <= $too_old) and will be removed" + curl -X DELETE -sS "$url/api/v1/repos/forgejo-integration/forgejo/releases/tags/$version" + else + echo "$version was published less than $old ago" + fi + done diff --git a/.forgejo/workflows/merge-requirements.yml b/.forgejo/workflows/merge-requirements.yml new file mode 100644 index 0000000..d527032 --- /dev/null +++ b/.forgejo/workflows/merge-requirements.yml @@ -0,0 +1,45 @@ +# Copyright 2024 The Forgejo Authors +# SPDX-License-Identifier: MIT + +name: requirements + +on: + pull_request: + types: + - labeled + - edited + - opened + - synchronize + +jobs: + merge-conditions: + if: vars.ROLE == 'forgejo-coding' + runs-on: docker + container: + image: 'data.forgejo.org/oci/node:20-bookworm' + steps: + - name: Debug output + run: | + cat <<'EOF' + ${{ toJSON(github) }} + EOF + - name: Missing test label + if: > + !( + contains(toJSON(github.event.pull_request.labels), 'test/present') + || contains(toJSON(github.event.pull_request.labels), 'test/not-needed') + || contains(toJSON(github.event.pull_request.labels), 'test/manual') + ) + run: | + echo "Test label must be set to either 'present', 'not-needed' or 'manual'." + exit 1 + - name: Missing manual test instructions + if: > + ( + contains(toJSON(github.event.pull_request.labels), 'test/manual') + && !contains(toJSON(github.event.pull_request.body), '# Test') + ) + run: | + echo "Manual test label is set. The PR description needs to contain test steps introduced by a heading like:" + echo "# Testing" + exit 1 diff --git a/.forgejo/workflows/milestone.yml b/.forgejo/workflows/milestone.yml new file mode 100644 index 0000000..9a51c51 --- /dev/null +++ b/.forgejo/workflows/milestone.yml @@ -0,0 +1,24 @@ +# Copyright 2024 The Forgejo Authors +# SPDX-License-Identifier: MIT +# +name: milestone + +on: + pull_request_target: + types: + - closed + +jobs: + set: + if: vars.ROLE == 'forgejo-coding' && github.event.pull_request.merged + runs-on: docker + container: + image: 'data.forgejo.org/oci/ci:1' + steps: + - uses: https://data.forgejo.org/forgejo/set-milestone@v1.0.0 + with: + forgejo: https://codeberg.org + repository: forgejo/forgejo + token: ${{ secrets.SET_MILESTONE_TOKEN }} + pr-number: ${{ github.event.pull_request.number }} + verbose: ${{ vars.SET_MILESTONE_VERBOSE }} diff --git a/.forgejo/workflows/mirror.yml b/.forgejo/workflows/mirror.yml new file mode 100644 index 0000000..888f7ec --- /dev/null +++ b/.forgejo/workflows/mirror.yml @@ -0,0 +1,27 @@ +name: mirror + +on: + workflow_dispatch: + + schedule: + - cron: '@daily' + +jobs: + mirror: + if: ${{ secrets.MIRROR_TOKEN != '' }} + runs-on: docker + container: + image: 'data.forgejo.org/oci/node:20-bookworm' + steps: + - name: git push {v*/,}forgejo + run: | + git init --bare . + git remote add origin ${{ env.GITHUB_SERVER_URL }}/${{ env.GITHUB_REPOSITORY }} + git fetch origin refs/heads/forgejo:refs/mirror/forgejo + git ls-remote origin refs/heads/v*/forgejo | while read sha full_ref ; do + ref=${full_ref#refs/heads/} + echo git fetch origin $full_ref:refs/mirror/$ref + git fetch origin $full_ref:refs/mirror/$ref + done + echo git push --force https://${{ vars.MIRROR_DESTINATION }} refs/mirror/*:refs/heads/* + git push --force https://any:${{ secrets.MIRROR_TOKEN }}@${{ vars.MIRROR_DESTINATION }} refs/mirror/*:refs/heads/* diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml new file mode 100644 index 0000000..a3ff48c --- /dev/null +++ b/.forgejo/workflows/publish-release.yml @@ -0,0 +1,86 @@ +# SPDX-License-Identifier: MIT +# +# See also https://forgejo.org/docs/next/contributor/release/#stable-release-process +# +# https://codeberg.org/forgejo-experimental/forgejo +# +# Copies a release from codeberg.org/forgejo-integration to codeberg.org/forgejo-experimental +# +# vars.ROLE: forgejo-experimental +# vars.FORGEJO: https://codeberg.org +# vars.FROM_OWNER: forgejo-integration +# vars.TO_OWNER: forgejo-experimental +# vars.REPO: forgejo +# vars.DOER: forgejo-experimental-ci +# secrets.TOKEN: +# +# http://private.forgejo.org/forgejo/forgejo +# +# Copies & sign a release from codeberg.org/forgejo-integration to codeberg.org/forgejo +# +# vars.ROLE: forgejo-release +# vars.FORGEJO: https://codeberg.org +# vars.FROM_OWNER: forgejo-integration +# vars.TO_OWNER: forgejo +# vars.REPO: forgejo +# vars.DOER: release-team +# secrets.TOKEN: +# secrets.GPG_PRIVATE_KEY: +# secrets.GPG_PASSPHRASE: +# +name: Pubish release + +on: + push: + tags: 'v*' + +jobs: + publish: + runs-on: lxc-bookworm + if: vars.DOER != '' && vars.FORGEJO != '' && vars.TO_OWNER != '' && vars.FROM_OWNER != '' && secrets.TOKEN != '' + steps: + - uses: actions/checkout@v4 + + - name: copy & sign + uses: https://data.forgejo.org/forgejo/forgejo-build-publish/publish@v5.3.1 + with: + from-forgejo: ${{ vars.FORGEJO }} + to-forgejo: ${{ vars.FORGEJO }} + from-owner: ${{ vars.FROM_OWNER }} + to-owner: ${{ vars.TO_OWNER }} + repo: ${{ vars.REPO }} + release-notes: "See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/{VERSION}.md" + ref-name: ${{ github.ref_name }} + sha: ${{ github.sha }} + from-token: ${{ secrets.TOKEN }} + to-doer: ${{ vars.DOER }} + to-token: ${{ secrets.TOKEN }} + gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} + gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} + verbose: ${{ vars.VERBOSE }} + + - name: get trigger mirror issue + id: mirror + uses: https://data.forgejo.org/infrastructure/issue-action/get@v1.1.0 + with: + forgejo: https://code.forgejo.org + repository: forgejo/forgejo + labels: mirror-trigger + + - name: trigger the mirror + uses: https://data.forgejo.org/infrastructure/issue-action/set@v1.1.0 + with: + forgejo: https://code.forgejo.org + repository: forgejo/forgejo + token: ${{ secrets.LABEL_ISSUE_FORGEJO_MIRROR_TOKEN }} + numbers: ${{ steps.mirror.outputs.numbers }} + label-wait-if-exists: 3600 + label: trigger + + - name: upgrade v*.next.forgejo.org + uses: https://data.forgejo.org/infrastructure/next-digest@v1.1.0 + with: + url: https://placeholder:${{ secrets.TOKEN_NEXT_DIGEST }}@code.forgejo.org/infrastructure/next-digest + ref_name: '${{ github.ref_name }}' + image: 'codeberg.org/forgejo-experimental/forgejo' + tag_suffix: '-rootless' diff --git a/.forgejo/workflows/release-notes-assistant-milestones.yml b/.forgejo/workflows/release-notes-assistant-milestones.yml new file mode 100644 index 0000000..50b267e --- /dev/null +++ b/.forgejo/workflows/release-notes-assistant-milestones.yml @@ -0,0 +1,33 @@ +on: + workflow_dispatch: + + schedule: + - cron: '@daily' + +jobs: + release-notes: + if: vars.ROLE == 'forgejo-coding' + runs-on: docker + container: + image: 'data.forgejo.org/oci/node:20-bookworm' + steps: + - uses: https://data.forgejo.org/actions/checkout@v4 + + - uses: https://data.forgejo.org/actions/setup-go@v5 + with: + go-version-file: "go.mod" + cache: false + + - name: apt install jq + run: | + export DEBIAN_FRONTEND=noninteractive + apt-get update -qq + apt-get -q install -y -qq jq + + - name: update open milestones + run: | + set -x + curl -sS $GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/milestones?state=open | jq -r '.[] | .title' | while read forgejo version ; do + milestone="$forgejo $version" + go run code.forgejo.org/forgejo/release-notes-assistant@v1.1.1 --config .release-notes-assistant.yaml --storage milestone --storage-location "$milestone" --forgejo-url $GITHUB_SERVER_URL --repository $GITHUB_REPOSITORY --token ${{ secrets.RELEASE_NOTES_ASSISTANT_TOKEN }} release $version + done diff --git a/.forgejo/workflows/release-notes-assistant.yml b/.forgejo/workflows/release-notes-assistant.yml new file mode 100644 index 0000000..7217bf4 --- /dev/null +++ b/.forgejo/workflows/release-notes-assistant.yml @@ -0,0 +1,41 @@ +name: issue-labels + +on: + pull_request_target: + types: + - edited + - synchronize + - labeled + +jobs: + release-notes: + if: ( vars.ROLE == 'forgejo-coding' ) && contains(github.event.pull_request.labels.*.name, 'worth a release-note') + runs-on: docker + container: + image: 'data.forgejo.org/oci/node:20-bookworm' + steps: + - uses: https://data.forgejo.org/actions/checkout@v4 + + - name: event + run: | + cat <<'EOF' + ${{ toJSON(github.event.pull_request.labels.*.name) }} + EOF + cat <<'EOF' + ${{ toJSON(github.event) }} + EOF + + - uses: https://data.forgejo.org/actions/setup-go@v5 + with: + go-version-file: "go.mod" + cache: false + + - name: apt install jq + run: | + export DEBIAN_FRONTEND=noninteractive + apt-get update -qq + apt-get -q install -y -qq jq + + - name: release-notes-assistant preview + run: | + go run code.forgejo.org/forgejo/release-notes-assistant@v1.1.1 --config .release-notes-assistant.yaml --storage pr --storage-location ${{ github.event.pull_request.number }} --forgejo-url $GITHUB_SERVER_URL --repository $GITHUB_REPOSITORY --token ${{ secrets.RELEASE_NOTES_ASSISTANT_TOKEN }} preview ${{ github.event.pull_request.number }} diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml new file mode 100644 index 0000000..1d89adb --- /dev/null +++ b/.forgejo/workflows/renovate.yml @@ -0,0 +1,71 @@ +# +# Runs every 2 hours, but Renovate is limited to create new PR before 4am. +# See renovate.json for more settings. +# Automerge is enabled for Renovate PR's but need to be approved before. +# +name: renovate + +on: + push: + branches: + - renovate/** # self-test updates + paths: + - .forgejo/workflows/renovate.yml + schedule: + - cron: '0 0/2 * * *' + workflow_dispatch: + +env: + RENOVATE_DRY_RUN: ${{ (github.event_name != 'schedule' && github.ref_name != github.event.repository.default_branch) && 'full' || '' }} + RENOVATE_REPOSITORIES: ${{ github.repository }} + +jobs: + renovate: + if: vars.ROLE == 'forgejo-coding' && secrets.RENOVATE_TOKEN != '' + + runs-on: docker + container: + image: data.forgejo.org/forgejo-contrib/renovate:39.69.2 + + steps: + - name: Load renovate repo cache + uses: https://data.forgejo.org/actions/cache/restore@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + with: + path: | + .tmp/cache/renovate/repository + .tmp/cache/renovate/renovate-cache-sqlite + .tmp/osv + key: repo-cache-${{ github.run_id }} + restore-keys: | + repo-cache- + + - name: Run renovate + run: renovate + env: + GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }} + LOG_LEVEL: debug + RENOVATE_BASE_DIR: ${{ github.workspace }}/.tmp + RENOVATE_ENDPOINT: ${{ github.server_url }} + RENOVATE_PLATFORM: gitea + RENOVATE_REPOSITORY_CACHE: 'enabled' + RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }} + RENOVATE_GIT_AUTHOR: 'Renovate Bot ' + + RENOVATE_X_SQLITE_PACKAGE_CACHE: true + + GIT_AUTHOR_NAME: 'Renovate Bot' + GIT_AUTHOR_EMAIL: 'forgejo-renovate-action@forgejo.org' + GIT_COMMITTER_NAME: 'Renovate Bot' + GIT_COMMITTER_EMAIL: 'forgejo-renovate-action@forgejo.org' + + OSV_OFFLINE_ROOT_DIR: ${{ github.workspace }}/.tmp/osv + + - name: Save renovate repo cache + if: always() && env.RENOVATE_DRY_RUN != 'full' + uses: https://data.forgejo.org/actions/cache/save@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + with: + path: | + .tmp/cache/renovate/repository + .tmp/cache/renovate/renovate-cache-sqlite + .tmp/osv + key: repo-cache-${{ github.run_id }} diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml new file mode 100644 index 0000000..eb3163d --- /dev/null +++ b/.forgejo/workflows/testing.yml @@ -0,0 +1,287 @@ +name: testing + +on: + pull_request: + push: + branches: + - 'forgejo*' + - 'v*/forgejo*' + workflow_dispatch: + +jobs: + backend-checks: + if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing' + runs-on: docker + container: + image: 'data.forgejo.org/oci/node:20-bookworm' + options: --tmpfs /tmp:exec,noatime + steps: + - name: event info + run: | + cat <<'EOF' + ${{ toJSON(github) }} + EOF + - uses: https://data.forgejo.org/actions/checkout@v4 + - uses: ./.forgejo/workflows-composite/setup-env + - run: su forgejo -c 'make deps-backend deps-tools' + - run: su forgejo -c 'make --always-make -j$(nproc) lint-backend tidy-check swagger-check fmt-check swagger-validate' # ensure the "go-licenses" make target runs + - uses: ./.forgejo/workflows-composite/build-backend + frontend-checks: + if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing' + runs-on: docker + container: + image: 'data.forgejo.org/oci/node:20-bookworm' + options: --tmpfs /tmp:exec,noatime + steps: + - uses: https://data.forgejo.org/actions/checkout@v4 + - run: make deps-frontend + - run: make lint-frontend + - run: make checks-frontend + - run: make test-frontend-coverage + - run: make frontend + - name: Install zstd for cache saving + # works around https://github.com/actions/cache/issues/1169, because the + # consuming job has zstd and doesn't restore the cache otherwise + run: | + apt-get update -qq + apt-get -q install -qq -y zstd + - name: "Cache frontend build for playwright testing" + uses: actions/cache/save@v4 + with: + path: ${{github.workspace}}/public/assets + key: frontend-build-${{ github.sha }} + test-unit: + if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing' + runs-on: docker + needs: [backend-checks, frontend-checks] + container: + image: 'data.forgejo.org/oci/node:20-bookworm' + options: --tmpfs /tmp:exec,noatime + services: + elasticsearch: + image: data.forgejo.org/oci/bitnami/elasticsearch:7 + options: --tmpfs /bitnami/elasticsearch/data + env: + discovery.type: single-node + ES_JAVA_OPTS: "-Xms512m -Xmx512m" + minio: + image: data.forgejo.org/oci/bitnami/minio:2024.8.17 + options: >- + --hostname gitea.minio --tmpfs /bitnami/minio/data:noatime + env: + MINIO_DOMAIN: minio + MINIO_ROOT_USER: 123456 + MINIO_ROOT_PASSWORD: 12345678 + steps: + - uses: https://data.forgejo.org/actions/checkout@v4 + - uses: ./.forgejo/workflows-composite/setup-env + - name: install git >= 2.42 + uses: ./.forgejo/workflows-composite/apt-install-from + with: + packages: git + - name: test release-notes-assistant.sh + run: | + apt-get -q install -qq -y jq + ./release-notes-assistant.sh test_main + - uses: ./.forgejo/workflows-composite/build-backend + - run: | + su forgejo -c 'make test-backend test-check' + timeout-minutes: 120 + env: + RACE_ENABLED: 'true' + TAGS: bindata + TEST_ELASTICSEARCH_URL: http://elasticsearch:9200 + test-e2e: + if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing' + runs-on: docker + needs: [backend-checks, frontend-checks] + container: + image: 'data.forgejo.org/oci/playwright:latest' + options: --tmpfs /tmp:exec,noatime + steps: + - uses: https://data.forgejo.org/actions/checkout@v4 + with: + fetch-depth: 20 + - uses: ./.forgejo/workflows-composite/setup-env + - name: "Restore frontend build" + uses: actions/cache/restore@v4 + id: cache-frontend + with: + path: ${{github.workspace}}/public/assets + key: frontend-build-${{ github.sha }} + - name: "Build frontend (if not cached)" + if: steps.cache-frontend.outputs.cache-hit != 'true' + run: | + su forgejo -c 'make deps-frontend frontend' + - uses: ./.forgejo/workflows-composite/build-backend + - name: Get changed files + id: changed-files + uses: https://data.forgejo.org/tj-actions/changed-files@v45 + with: + separator: '\n' + - run: | + su forgejo -c 'make generate test-e2e-sqlite' + timeout-minutes: 120 + env: + USE_REPO_TEST_DIR: 1 + PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1 + CHANGED_FILES: ${{steps.changed-files.outputs.all_changed_files}} + - name: Upload test artifacts on failure + if: failure() + uses: https://data.forgejo.org/forgejo/upload-artifact@v4 + with: + name: test-artifacts.zip + path: tests/e2e/test-artifacts/ + retention-days: 3 + test-remote-cacher: + if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing' + runs-on: docker + needs: [backend-checks, frontend-checks, test-unit] + container: + image: 'data.forgejo.org/oci/node:20-bookworm' + options: --tmpfs /tmp:exec,noatime + name: ${{ format('test-remote-cacher ({0})', matrix.cacher.name) }} + strategy: + matrix: + cacher: + - name: redis + image: data.forgejo.org/oci/bitnami/redis:7.2 + options: --tmpfs /bitnami/redis/data:noatime + - name: redict + image: registry.redict.io/redict:7.3.0-scratch + options: --tmpfs /data:noatime + - name: valkey + image: data.forgejo.org/oci/bitnami/valkey:7.2 + options: --tmpfs /bitnami/redis/data:noatime + - name: garnet + image: ghcr.io/microsoft/garnet-alpine:1.0.14 + options: --tmpfs /data:noatime + services: + cacher: + image: ${{ matrix.cacher.image }} + options: ${{ matrix.cacher.options }} + steps: + - uses: https://data.forgejo.org/actions/checkout@v4 + - uses: ./.forgejo/workflows-composite/setup-env + - name: install git >= 2.42 + uses: ./.forgejo/workflows-composite/apt-install-from + with: + packages: git + - uses: ./.forgejo/workflows-composite/build-backend + - run: | + su forgejo -c 'make test-remote-cacher test-check' + timeout-minutes: 120 + env: + RACE_ENABLED: 'true' + TAGS: bindata + TEST_REDIS_SERVER: cacher:${{ matrix.cacher.port }} + test-mysql: + if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing' + runs-on: docker + needs: [backend-checks, frontend-checks] + container: + image: 'data.forgejo.org/oci/node:20-bookworm' + options: --tmpfs /tmp:exec,noatime + services: + mysql: + image: 'data.forgejo.org/oci/bitnami/mysql:8.4' + env: + ALLOW_EMPTY_PASSWORD: yes + MYSQL_DATABASE: testgitea + # + # See also https://codeberg.org/forgejo/forgejo/issues/976 + # + MYSQL_EXTRA_FLAGS: --innodb-adaptive-flushing=OFF --innodb-buffer-pool-size=4G --innodb-log-buffer-size=128M --innodb-flush-log-at-trx-commit=0 --innodb-flush-log-at-timeout=30 --innodb-flush-method=nosync --innodb-fsync-threshold=1000000000 --disable-log-bin + options: --tmpfs /bitnami/mysql/data:noatime + steps: + - uses: https://data.forgejo.org/actions/checkout@v4 + - uses: ./.forgejo/workflows-composite/setup-env + - name: install dependencies & git >= 2.42 + uses: ./.forgejo/workflows-composite/apt-install-from + with: + packages: git git-lfs + - uses: ./.forgejo/workflows-composite/build-backend + - run: | + su forgejo -c 'make test-mysql-migration test-mysql' + timeout-minutes: 120 + env: + USE_REPO_TEST_DIR: 1 + test-pgsql: + if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing' + runs-on: docker + needs: [backend-checks, frontend-checks] + container: + image: 'data.forgejo.org/oci/node:20-bookworm' + options: --tmpfs /tmp:exec,noatime + services: + minio: + image: data.forgejo.org/oci/bitnami/minio:2024.8.17 + env: + MINIO_ROOT_USER: 123456 + MINIO_ROOT_PASSWORD: 12345678 + options: --tmpfs /bitnami/minio/data + ldap: + image: data.forgejo.org/oci/test-openldap:latest + pgsql: + image: data.forgejo.org/oci/bitnami/postgresql:15 + env: + POSTGRESQL_DATABASE: test + POSTGRESQL_PASSWORD: postgres + POSTGRESQL_FSYNC: off + POSTGRESQL_EXTRA_FLAGS: -c full_page_writes=off + options: --tmpfs /bitnami/postgresql + steps: + - uses: https://data.forgejo.org/actions/checkout@v4 + - uses: ./.forgejo/workflows-composite/setup-env + - name: install dependencies & git >= 2.42 + uses: ./.forgejo/workflows-composite/apt-install-from + with: + packages: git git-lfs + - uses: ./.forgejo/workflows-composite/build-backend + - run: | + su forgejo -c 'make test-pgsql-migration test-pgsql' + timeout-minutes: 120 + env: + RACE_ENABLED: true + USE_REPO_TEST_DIR: 1 + TEST_LDAP: 1 + test-sqlite: + if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing' + runs-on: docker + needs: [backend-checks, frontend-checks] + container: + image: 'data.forgejo.org/oci/node:20-bookworm' + options: --tmpfs /tmp:exec,noatime + steps: + - uses: https://data.forgejo.org/actions/checkout@v4 + - uses: ./.forgejo/workflows-composite/setup-env + - name: install dependencies & git >= 2.42 + uses: ./.forgejo/workflows-composite/apt-install-from + with: + packages: git git-lfs + - uses: ./.forgejo/workflows-composite/build-backend + - run: | + su forgejo -c 'make test-sqlite-migration test-sqlite' + timeout-minutes: 120 + env: + TAGS: sqlite sqlite_unlock_notify + RACE_ENABLED: true + TEST_TAGS: sqlite sqlite_unlock_notify + USE_REPO_TEST_DIR: 1 + security-check: + if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing' + runs-on: docker + needs: + - test-sqlite + - test-pgsql + - test-mysql + - test-remote-cacher + - test-unit + container: + image: 'data.forgejo.org/oci/node:20-bookworm' + options: --tmpfs /tmp:exec,noatime + steps: + - uses: https://data.forgejo.org/actions/checkout@v4 + - uses: ./.forgejo/workflows-composite/setup-env + - run: su forgejo -c 'make deps-backend deps-tools' + - run: su forgejo -c 'make security-check' diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..4e748c0 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,11 @@ +* text=auto eol=lf +*.tmpl linguist-language=go-html-template +*.pb.go linguist-generated +/assets/*.json linguist-generated +/public/assets/img/svg/*.svg linguist-generated +/templates/swagger/v1_json.tmpl linguist-generated +/vendor/** -text -eol linguist-vendored +/web_src/fomantic/build/** linguist-generated +/web_src/fomantic/_site/globals/site.variables linguist-language=Less +/web_src/js/vendor/** -text -eol linguist-vendored +Dockerfile.* linguist-language=Dockerfile diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7445772 --- /dev/null +++ b/.gitignore @@ -0,0 +1,128 @@ +# Emacs +*~ + +# Compiled Object files, Static and Dynamic libs (Shared Objects) +*.o +*.a +*.so + +# Folders +_obj +_test + +# IntelliJ +.idea +# Goland's output filename can not be set manually +/go_build_* +/gitea_* + +# MS VSCode +.vscode +__debug_bin* + +*.cgo1.go +*.cgo2.c +_cgo_defun.c +_cgo_gotypes.go +_cgo_export.* + +_testmain.go + +# folder for project related local files +/local/ + +*.exe +*.test +*.prof + +*coverage.out +coverage.all +cpu.out + +/modules/migration/bindata.go +/modules/migration/bindata.go.hash +/modules/options/bindata.go +/modules/options/bindata.go.hash +/modules/public/bindata.go +/modules/public/bindata.go.hash +/modules/templates/bindata.go +/modules/templates/bindata.go.hash + +*.db +*.log +*.log.*.gz + +/gitea +/gitea-vet +/debug +/integrations.test + +/bin +/dist +/custom/* +!/custom/conf/app.example.ini +/data +/indexers +/log +/public/assets/img/avatar +/tests/integration/gitea-integration-* +/tests/integration/indexers-* +/tests/e2e/gitea-e2e-* +/tests/e2e/indexers-* +/tests/e2e/reports +/tests/e2e/test-artifacts +/tests/e2e/test-snapshots +/tests/*.ini +/tests/**/*.git/**/*.sample +/node_modules +/.venv +/yarn.lock +/yarn-error.log +/npm-debug.log* +/public/assets/js +/public/assets/css +/public/assets/fonts +/public/assets/licenses.txt +/vendor +/web_src/fomantic/node_modules +/web_src/fomantic/build/* +!/web_src/fomantic/build/semantic.js +!/web_src/fomantic/build/semantic.css +!/web_src/fomantic/build/themes +/web_src/fomantic/build/themes/* +!/web_src/fomantic/build/themes/default +/web_src/fomantic/build/themes/default/assets/* +!/web_src/fomantic/build/themes/default/assets/fonts +/web_src/fomantic/build/themes/default/assets/fonts/* +!/web_src/fomantic/build/themes/default/assets/fonts/icons.woff2 +!/web_src/fomantic/build/themes/default/assets/fonts/outline-icons.woff2 +/VERSION +/.air +/.go-licenses +/.cur-deadcode-out + +# Files and folders that were previously generated +/public/assets/img/webpack + +# Snapcraft +/gitea_a*.txt +snap/.snapcraft/ +parts/ +stage/ +prime/ +*.snap +*.snap-build +*_source.tar.bz2 +.DS_Store + +# Direnv configuration +/.envrc + +# nix-direnv generated files +.direnv/ + +# Make evidence files +/.make_evidence + +# Manpage +/man diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..e69de29 diff --git a/.gitpod.yml b/.gitpod.yml new file mode 100644 index 0000000..8671edc --- /dev/null +++ b/.gitpod.yml @@ -0,0 +1,51 @@ +tasks: + - name: Setup + init: | + cp -r contrib/ide/vscode .vscode + make deps + make build + command: | + gp sync-done setup + exit 0 + - name: Run backend + command: | + gp sync-await setup + + # Get the URL and extract the domain + url=$(gp url 3000) + domain=$(echo $url | awk -F[/:] '{print $4}') + + if [ -f custom/conf/app.ini ]; then + sed -i "s|^ROOT_URL =.*|ROOT_URL = ${url}/|" custom/conf/app.ini + sed -i "s|^DOMAIN =.*|DOMAIN = ${domain}|" custom/conf/app.ini + sed -i "s|^SSH_DOMAIN =.*|SSH_DOMAIN = ${domain}|" custom/conf/app.ini + sed -i "s|^NO_REPLY_ADDRESS =.*|SSH_DOMAIN = noreply.${domain}|" custom/conf/app.ini + else + mkdir -p custom/conf/ + echo -e "[server]\nROOT_URL = ${url}/" > custom/conf/app.ini + echo -e "\n[database]\nDB_TYPE = sqlite3\nPATH = $GITPOD_REPO_ROOT/data/gitea.db" >> custom/conf/app.ini + fi + export TAGS="sqlite sqlite_unlock_notify" + make watch-backend + - name: Run frontend + command: | + gp sync-await setup + make watch-frontend + openMode: split-right + +vscode: + extensions: + - editorconfig.editorconfig + - dbaeumer.vscode-eslint + - golang.go + - stylelint.vscode-stylelint + - DavidAnson.vscode-markdownlint + - Vue.volar + - ms-azuretools.vscode-docker + - vitest.explorer + - cweijan.vscode-database-client2 + - GitHub.vscode-pull-request-github + +ports: + - name: Gitea + port: 3000 diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 0000000..0678b90 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,150 @@ +linters: + enable-all: false + disable-all: true + fast: false + enable: + - bidichk + - depguard + - dupl + - errcheck + - forbidigo + - gocritic + - gofmt + - gofumpt + - gosimple + - govet + - ineffassign + - nakedret + - nolintlint + - revive + - staticcheck + - stylecheck + - tenv + - testifylint + - typecheck + - unconvert + - unused + - unparam + - wastedassign + +run: + timeout: 10m + +output: + sort-results: true + sort-order: [file] + show-stats: true + +linters-settings: + stylecheck: + checks: ["all", "-ST1005", "-ST1003"] + nakedret: + max-func-lines: 0 + gocritic: + disabled-checks: + - ifElseChain + revive: + severity: error + rules: + - name: atomic + - name: bare-return + - name: blank-imports + - name: constant-logical-expr + - name: context-as-argument + - name: context-keys-type + - name: dot-imports + - name: duplicated-imports + - name: empty-lines + - name: error-naming + - name: error-return + - name: error-strings + - name: errorf + - name: exported + - name: identical-branches + - name: if-return + - name: increment-decrement + - name: indent-error-flow + - name: modifies-value-receiver + - name: package-comments + - name: range + - name: receiver-naming + - name: redefines-builtin-id + - name: string-of-int + - name: superfluous-else + - name: time-naming + - name: unconditional-recursion + - name: unexported-return + - name: unreachable-code + - name: var-declaration + - name: var-naming + - name: redefines-builtin-id + disabled: true + gofumpt: + extra-rules: true + depguard: + rules: + main: + deny: + - pkg: encoding/json + desc: use gitea's modules/json instead of encoding/json + - pkg: github.com/unknwon/com + desc: use gitea's util and replacements + - pkg: io/ioutil + desc: use os or io instead + - pkg: golang.org/x/exp + desc: it's experimental and unreliable + - pkg: code.gitea.io/gitea/modules/git/internal + desc: do not use the internal package, use AddXxx function instead + - pkg: gopkg.in/ini.v1 + desc: do not use the ini package, use gitea's config system instead + - pkg: github.com/minio/sha256-simd + desc: use crypto/sha256 instead, see https://codeberg.org/forgejo/forgejo/pulls/1528 + testifylint: + disable: + - go-require + +issues: + max-issues-per-linter: 0 + max-same-issues: 0 + exclude-dirs: [node_modules, public, web_src] + exclude-case-sensitive: true + exclude-rules: + - path: models/db/sql_postgres_with_schema.go + linters: + - nolintlint + - path: _test\.go + linters: + - gocyclo + - errcheck + - dupl + - gosec + - unparam + - staticcheck + - path: models/migrations/v + linters: + - gocyclo + - errcheck + - dupl + - gosec + - path: cmd + linters: + - forbidigo + - text: "webhook" + linters: + - dupl + - text: "`ID' should not be capitalized" + linters: + - gocritic + - text: "swagger" + linters: + - unused + - deadcode + - text: "argument x is overwritten before first use" + linters: + - staticcheck + - text: "commentFormatting: put a space between `//` and comment text" + linters: + - gocritic + - text: "exitAfterDefer:" + linters: + - gocritic diff --git a/.ignore b/.ignore new file mode 100644 index 0000000..5b96dab --- /dev/null +++ b/.ignore @@ -0,0 +1,11 @@ +*.min.css +*.min.js +/assets/*.json +/modules/options/bindata.go +/modules/public/bindata.go +/modules/templates/bindata.go +/options/gitignore +/options/license +/public/assets +/vendor +node_modules diff --git a/.mailmap b/.mailmap new file mode 100644 index 0000000..88ff159 --- /dev/null +++ b/.mailmap @@ -0,0 +1,2 @@ +Unknwon +Unknwon 无闻 diff --git a/.markdownlint.yaml b/.markdownlint.yaml new file mode 100644 index 0000000..f740d1a --- /dev/null +++ b/.markdownlint.yaml @@ -0,0 +1,17 @@ +commands-show-output: false +fenced-code-language: false +first-line-h1: false +heading-increment: false +line-length: {code_blocks: false, tables: false, stern: true, line_length: -1} +no-alt-text: false +no-bare-urls: false +no-blanks-blockquote: false +no-emphasis-as-heading: false +no-empty-links: false +no-hard-tabs: {code_blocks: false} +no-inline-html: false +no-space-in-code: false +no-space-in-emphasis: false +no-trailing-punctuation: false +no-trailing-spaces: {br_spaces: 0} +single-h1: false diff --git a/.npmrc b/.npmrc new file mode 100644 index 0000000..d9207e7 --- /dev/null +++ b/.npmrc @@ -0,0 +1,6 @@ +audit=false +fund=false +update-notifier=false +package-lock=true +save-exact=true +lockfile-version=3 diff --git a/.release-notes-assistant.yaml b/.release-notes-assistant.yaml new file mode 100644 index 0000000..b3e5a8e --- /dev/null +++ b/.release-notes-assistant.yaml @@ -0,0 +1,27 @@ +categorize: './release-notes-assistant.sh' +branch-development: 'forgejo' +branch-pattern: 'v*/forgejo' +branch-find-version: 'v(?P\d+\.\d+)/forgejo' +branch-to-version: '${version}.0' +branch-from-version: 'v%[1]d.%[2]d/forgejo' +tag-from-version: 'v%[1]d.%[2]d.%[3]d' +branch-known: + - 'v7.0/forgejo' +cleanup-line: 'sed -Ee "s/^(feat|fix):\s*//g" -e "s/^\[WIP\] //" -e "s/^WIP: //" -e "s;\[(UI|BUG|FEAT|v.*?/forgejo)\]\s*;;g"' +render-header: | + + ## Release notes +comment: | +
+ Where does that come from? + The following is a preview of the release notes for this pull request, as they will appear in the upcoming release. They are derived from the content of the `%[2]s/%[3]s.md` file, if it exists, or the title of the pull request. They were also added at the bottom of the description of this pull request for easier reference. + + This message and the release notes originate from a call to the [release-notes-assistant](https://code.forgejo.org/forgejo/release-notes-assistant). + + ```diff + %[4]s + ``` + +
+ + %[1]s diff --git a/.spectral.yaml b/.spectral.yaml new file mode 100644 index 0000000..e547eea --- /dev/null +++ b/.spectral.yaml @@ -0,0 +1,12 @@ +extends: [[spectral:oas, all]] + +rules: + info-contact: off + oas2-api-host: off + oas2-parameter-description: off + oas2-schema: off + oas2-valid-schema-example: off + openapi-tags: off + operation-description: off + operation-singular-tag: off + operation-tag-defined: off diff --git a/.yamllint.yaml b/.yamllint.yaml new file mode 100644 index 0000000..5a1e1e8 --- /dev/null +++ b/.yamllint.yaml @@ -0,0 +1,44 @@ +extends: default + +rules: + braces: + min-spaces-inside: 0 + max-spaces-inside: 1 + min-spaces-inside-empty: 0 + max-spaces-inside-empty: 0 + + brackets: + min-spaces-inside: 0 + max-spaces-inside: 1 + min-spaces-inside-empty: 0 + max-spaces-inside-empty: 0 + + comments: + require-starting-space: true + ignore-shebangs: true + min-spaces-from-content: 1 + + comments-indentation: + level: error + + document-start: + level: error + present: false + + document-end: + present: false + + empty-lines: + max: 1 + + indentation: + spaces: 2 + + line-length: disable + + truthy: + allowed-values: ["true", "false", "on", "off"] + +ignore: | + .venv + node_modules diff --git a/BSDmakefile b/BSDmakefile new file mode 100644 index 0000000..79696ea --- /dev/null +++ b/BSDmakefile @@ -0,0 +1,58 @@ +# GNU makefile proxy script for BSD make +# +# Written and maintained by Mahmoud Al-Qudsi +# Copyright NeoSmart Technologies 2014-2019 +# Obtain updates from +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +JARG = +GMAKE = "gmake" +# When gmake is called from another make instance, -w is automatically added +# which causes extraneous messages about directory changes to be emitted. +# Running with --no-print-directory silences these messages. +GARGS = "--no-print-directory" + +.if "$(.MAKE.JOBS)" != "" + JARG = -j$(.MAKE.JOBS) +.endif + +# bmake prefers out-of-source builds and tries to cd into ./obj (among others) +# where possible. GNU Make doesn't, so override that value. +.OBJDIR: ./ + +# The GNU convention is to use the lowercased `prefix` variable/macro to +# specify the installation directory. Humor them. +GPREFIX = +.if defined(PREFIX) && ! defined(prefix) + GPREFIX = 'prefix = "$(PREFIX)"' +.endif + +.BEGIN: .SILENT + which $(GMAKE) || (printf "Error: GNU Make is required!\n\n" 1>&2 && false) + +.PHONY: FRC +$(.TARGETS): FRC + $(GMAKE) $(GPREFIX) $(GARGS) $(.TARGETS:S,.DONE,,) $(JARG) + +.DONE .DEFAULT: .SILENT + $(GMAKE) $(GPREFIX) $(GARGS) $(.TARGETS:S,.DONE,,) $(JARG) diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000..6ca34a6 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,40 @@ +# This file describes the expected reviewers for a PR based on the changed +# files. Unlike what the name of the file suggests they don't own the code, but +# merely have a good understanding of that area of the codebase and therefore +# are usually suited as a reviewer. + + +# Please mind the alphabetic order of reviewers. + +# Files related to frontend development. + +# Javascript and CSS code. +web_src/.* @caesar @crystal @gusted + +# HTML templates used by the backend. +templates/.* @caesar @crystal @gusted +## the issue sidebar was touched by fnetx +templates/repo/issue/view_content/sidebar.* @fnetx + +# Playwright tests +tests/e2e/.* @fnetx + +# Files related to Go development. + +# The modules usually don't require much knowledge about Forgejo and could +# be reviewed by Go developers. +modules/.* @gusted + +# Models has code related to SQL queries, general database knowledge and XORM. +models/.* @gusted + +# The routers directory contains the most amount code that requires a good grasp +# of how Forgejo comes together. It's tedious to write good integration testing +# for code that lives in here. +routers/.* @gusted + +# Let new strings be checked by the translation team. +options/locale/locale_en-US.ini @0ko + +# Personal interest +.*/webhook.* @oliverpool diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..18b613d --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,7 @@ +# Forgejo Contributor Guide + +The Forgejo project is run by a community of people who are expected to follow this guide when cooperating on a simple bug fix as well as when changing the governance. For more information about the project, take a look at [the documentation explaining what Forgejo provides](README.md). + +Sensitive security-related issues should be reported to [security@forgejo.org](mailto:security@forgejo.org) using [encryption](https://keyoxide.org/security@forgejo.org). + +You can find links to the different aspects of Developer documentation on this page: [Forgejo Contributor Guide](https://forgejo.org/docs/next/contributor/). diff --git a/DCO b/DCO new file mode 100644 index 0000000..49b8cb0 --- /dev/null +++ b/DCO @@ -0,0 +1,34 @@ +Developer Certificate of Origin +Version 1.1 + +Copyright (C) 2004, 2006 The Linux Foundation and its contributors. + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. + + +Developer's Certificate of Origin 1.1 + +By making a contribution to this project, I certify that: + +(a) The contribution was created in whole or in part by me and I + have the right to submit it under the open source license + indicated in the file; or + +(b) The contribution is based upon previous work that, to the best + of my knowledge, is covered under an appropriate open source + license and I have the right under that license to submit that + work with modifications, whether created in whole or in part + by me, under the same open source license (unless I am + permitted to submit under a different license), as indicated + in the file; or + +(c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + +(d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including all + personal information I submit with it, including my sign-off) is + maintained indefinitely and may be redistributed consistent with + this project or the open source license(s) involved. diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..ae21a08 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,108 @@ +FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/xx AS xx + +FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.23-alpine3.20 as build-env + +ARG GOPROXY +ENV GOPROXY=${GOPROXY:-direct} + +ARG RELEASE_VERSION +ARG TAGS="sqlite sqlite_unlock_notify" +ENV TAGS="bindata timetzdata $TAGS" +ARG CGO_EXTRA_CFLAGS + +# +# Transparently cross compile for the target platform +# +COPY --from=xx / / +ARG TARGETPLATFORM +RUN apk --no-cache add clang lld +RUN xx-apk --no-cache add gcc musl-dev +ENV CGO_ENABLED=1 +RUN xx-go --wrap +# +# for go generate and binfmt to find +# without it the generate phase will fail with +# #19 25.04 modules/public/public_bindata.go:8: running "go": exit status 1 +# #19 25.39 aarch64-binfmt-P: Could not open '/lib/ld-musl-aarch64.so.1': No such file or directory +# why exactly is it needed? where is binfmt involved? +# +RUN cp /*-alpine-linux-musl*/lib/ld-musl-*.so.1 /lib || true + +RUN apk --no-cache add build-base git nodejs npm + +COPY . ${GOPATH}/src/code.gitea.io/gitea +WORKDIR ${GOPATH}/src/code.gitea.io/gitea + +RUN make clean +RUN make frontend +RUN go build contrib/environment-to-ini/environment-to-ini.go && xx-verify environment-to-ini +RUN LDFLAGS="-buildid=" make RELEASE_VERSION=$RELEASE_VERSION GOFLAGS="-trimpath" go-check generate-backend static-executable && xx-verify gitea + +# Copy local files +COPY docker/root /tmp/local + +# Set permissions +RUN chmod 755 /tmp/local/usr/bin/entrypoint \ + /tmp/local/usr/local/bin/gitea \ + /tmp/local/etc/s6/gitea/* \ + /tmp/local/etc/s6/openssh/* \ + /tmp/local/etc/s6/.s6-svscan/* \ + /go/src/code.gitea.io/gitea/gitea \ + /go/src/code.gitea.io/gitea/environment-to-ini +RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete + +FROM code.forgejo.org/oci/alpine:3.20 +ARG RELEASE_VERSION +LABEL maintainer="contact@forgejo.org" \ + org.opencontainers.image.authors="Forgejo" \ + org.opencontainers.image.url="https://forgejo.org" \ + org.opencontainers.image.documentation="https://forgejo.org/download/#container-image" \ + org.opencontainers.image.source="https://codeberg.org/forgejo/forgejo" \ + org.opencontainers.image.version="${RELEASE_VERSION}" \ + org.opencontainers.image.vendor="Forgejo" \ + org.opencontainers.image.licenses="GPL-3.0-or-later" \ + org.opencontainers.image.title="Forgejo. Beyond coding. We forge." \ + org.opencontainers.image.description="Forgejo is a self-hosted lightweight software forge. Easy to install and low maintenance, it just does the job." + +EXPOSE 22 3000 + +RUN apk --no-cache add \ + bash \ + ca-certificates \ + curl \ + gettext \ + git \ + linux-pam \ + openssh \ + s6 \ + sqlite \ + su-exec \ + gnupg \ + && rm -rf /var/cache/apk/* + +RUN addgroup \ + -S -g 1000 \ + git && \ + adduser \ + -S -H -D \ + -h /data/git \ + -s /bin/bash \ + -u 1000 \ + -G git \ + git && \ + echo "git:*" | chpasswd -e + +ENV USER=git +ENV GITEA_CUSTOM=/data/gitea + +VOLUME ["/data"] + +ENTRYPOINT ["/usr/bin/entrypoint"] +CMD ["/bin/s6-svscan", "/etc/s6"] + +COPY --from=build-env /tmp/local / +RUN cd /usr/local/bin ; ln -s gitea forgejo +COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea +RUN ln -s /app/gitea/gitea /app/gitea/forgejo-cli +COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini +COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh diff --git a/Dockerfile.rootless b/Dockerfile.rootless new file mode 100644 index 0000000..c5d6a13 --- /dev/null +++ b/Dockerfile.rootless @@ -0,0 +1,114 @@ +FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/xx AS xx + +FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.23-alpine3.20 as build-env + +ARG GOPROXY +ENV GOPROXY=${GOPROXY:-direct} + +ARG RELEASE_VERSION +ARG TAGS="sqlite sqlite_unlock_notify" +ENV TAGS="bindata timetzdata $TAGS" +ARG CGO_EXTRA_CFLAGS + +# +# Transparently cross compile for the target platform +# +COPY --from=xx / / +ARG TARGETPLATFORM +RUN apk --no-cache add clang lld +RUN xx-apk --no-cache add gcc musl-dev +ENV CGO_ENABLED=1 +RUN xx-go --wrap +# +# for go generate and binfmt to find +# without it the generate phase will fail with +# #19 25.04 modules/public/public_bindata.go:8: running "go": exit status 1 +# #19 25.39 aarch64-binfmt-P: Could not open '/lib/ld-musl-aarch64.so.1': No such file or directory +# why exactly is it needed? where is binfmt involved? +# +RUN cp /*-alpine-linux-musl*/lib/ld-musl-*.so.1 /lib || true + +RUN apk --no-cache add build-base git nodejs npm + +COPY . ${GOPATH}/src/code.gitea.io/gitea +WORKDIR ${GOPATH}/src/code.gitea.io/gitea + +RUN make clean +RUN make frontend +RUN go build contrib/environment-to-ini/environment-to-ini.go && xx-verify environment-to-ini +RUN make RELEASE_VERSION=$RELEASE_VERSION go-check generate-backend static-executable && xx-verify gitea + +# Copy local files +COPY docker/rootless /tmp/local + +# Set permissions +RUN chmod 755 /tmp/local/usr/local/bin/docker-entrypoint.sh \ + /tmp/local/usr/local/bin/docker-setup.sh \ + /tmp/local/usr/local/bin/gitea \ + /go/src/code.gitea.io/gitea/gitea \ + /go/src/code.gitea.io/gitea/environment-to-ini +RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete + +FROM code.forgejo.org/oci/alpine:3.20 +LABEL maintainer="contact@forgejo.org" \ + org.opencontainers.image.authors="Forgejo" \ + org.opencontainers.image.url="https://forgejo.org" \ + org.opencontainers.image.documentation="https://forgejo.org/download/#container-image" \ + org.opencontainers.image.source="https://codeberg.org/forgejo/forgejo" \ + org.opencontainers.image.version="${RELEASE_VERSION}" \ + org.opencontainers.image.vendor="Forgejo" \ + org.opencontainers.image.licenses="GPL-3.0-or-later" \ + org.opencontainers.image.title="Forgejo. Beyond coding. We forge." \ + org.opencontainers.image.description="Forgejo is a self-hosted lightweight software forge. Easy to install and low maintenance, it just does the job." + +EXPOSE 2222 3000 + +RUN apk --no-cache add \ + bash \ + ca-certificates \ + dumb-init \ + gettext \ + git \ + curl \ + gnupg \ + && rm -rf /var/cache/apk/* + +RUN addgroup \ + -S -g 1000 \ + git && \ + adduser \ + -S -H -D \ + -h /var/lib/gitea/git \ + -s /bin/bash \ + -u 1000 \ + -G git \ + git + +RUN mkdir -p /var/lib/gitea /etc/gitea +RUN chown git:git /var/lib/gitea /etc/gitea + +COPY --from=build-env /tmp/local / +RUN cd /usr/local/bin ; ln -s gitea forgejo +COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea +RUN ln -s /app/gitea/gitea /app/gitea/forgejo-cli +COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini +COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh + +#git:git +USER 1000:1000 +ENV GITEA_WORK_DIR=/var/lib/gitea +ENV GITEA_CUSTOM=/var/lib/gitea/custom +ENV GITEA_TEMP=/tmp/gitea +ENV TMPDIR=/tmp/gitea + +# Legacy config file for backwards compatibility +# TODO: remove on next major version release +ENV GITEA_APP_INI_LEGACY=/etc/gitea/app.ini + +ENV GITEA_APP_INI=${GITEA_CUSTOM}/conf/app.ini +ENV HOME="/var/lib/gitea/git" +VOLUME ["/var/lib/gitea", "/etc/gitea"] +WORKDIR /var/lib/gitea + +ENTRYPOINT ["/usr/bin/dumb-init", "--", "/usr/local/bin/docker-entrypoint.sh"] +CMD [] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..f288702 --- /dev/null +++ b/LICENSE @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..a9de57e --- /dev/null +++ b/Makefile @@ -0,0 +1,1051 @@ +ifeq ($(USE_REPO_TEST_DIR),1) + +# This rule replaces the whole Makefile when we're trying to use /tmp repository temporary files +location = $(CURDIR)/$(word $(words $(MAKEFILE_LIST)),$(MAKEFILE_LIST)) +self := $(location) + +%: + @tmpdir=`mktemp --tmpdir -d` ; \ + echo Using temporary directory $$tmpdir for test repositories ; \ + USE_REPO_TEST_DIR= $(MAKE) -f $(self) --no-print-directory REPO_TEST_DIR=$$tmpdir/ $@ ; \ + STATUS=$$? ; rm -r "$$tmpdir" ; exit $$STATUS + +else + +# This is the "normal" part of the Makefile + +DIST := dist +DIST_DIRS := $(DIST)/binaries $(DIST)/release +IMPORT := code.gitea.io/gitea + +GO ?= $(shell go env GOROOT)/bin/go +SHASUM ?= shasum -a 256 +HAS_GO := $(shell hash $(GO) > /dev/null 2>&1 && echo yes) +COMMA := , +DIFF ?= diff --unified + +ifeq ($(USE_GOTESTSUM), yes) + GOTEST ?= gotestsum -- + GOTESTCOMPILEDRUNPREFIX ?= gotestsum --raw-command -- go tool test2json -t + GOTESTCOMPILEDRUNSUFFIX ?= -test.v=test2json +else + GOTEST ?= $(GO) test + GOTESTCOMPILEDRUNPREFIX ?= + GOTESTCOMPILEDRUNSUFFIX ?= +endif + +XGO_VERSION := go-1.21.x + +AIR_PACKAGE ?= github.com/air-verse/air@v1 # renovate: datasource=go +EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker@v3.0.3 # renovate: datasource=go +GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.7.0 # renovate: datasource=go +GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.62.2 # renovate: datasource=go +GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.11 # renovate: datasource=go +MISSPELL_PACKAGE ?= github.com/golangci/misspell/cmd/misspell@v0.6.0 # renovate: datasource=go +SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.31.0 # renovate: datasource=go +XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest +GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasource=go +GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go +DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.28.0 # renovate: datasource=go +GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.4.0 # renovate: datasource=go +GOPLS_PACKAGE ?= golang.org/x/tools/gopls@v0.17.0 # renovate: datasource=go +RENOVATE_NPM_PACKAGE ?= renovate@39.82.1 # renovate: datasource=docker packageName=code.forgejo.org/forgejo-contrib/renovate + +# https://github.com/disposable-email-domains/disposable-email-domains/commits/main/ +DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ... + +ifeq ($(HAS_GO), yes) + CGO_EXTRA_CFLAGS := -DSQLITE_MAX_VARIABLE_NUMBER=32766 + CGO_CFLAGS ?= $(shell $(GO) env CGO_CFLAGS) $(CGO_EXTRA_CFLAGS) +endif + +ifeq ($(GOOS),windows) + IS_WINDOWS := yes +else ifeq ($(patsubst Windows%,Windows,$(OS)),Windows) + ifeq ($(GOOS),) + IS_WINDOWS := yes + endif +endif +ifeq ($(IS_WINDOWS),yes) + GOFLAGS := -v -buildmode=exe + EXECUTABLE ?= gitea.exe +else + GOFLAGS := -v + EXECUTABLE ?= gitea +endif + +ifeq ($(shell sed --version 2>/dev/null | grep -q GNU && echo gnu),gnu) + SED_INPLACE := sed -i +else + SED_INPLACE := sed -i '' +endif + +EXTRA_GOFLAGS ?= + +MAKE_VERSION := $(shell "$(MAKE)" -v | cat | head -n 1) +MAKE_EVIDENCE_DIR := .make_evidence + +ifeq ($(RACE_ENABLED),true) + GOFLAGS += -race + GOTESTFLAGS += -race +endif + +STORED_VERSION_FILE := VERSION +HUGO_VERSION ?= 0.111.3 + +GITEA_COMPATIBILITY ?= gitea-1.22.0 + +STORED_VERSION=$(shell cat $(STORED_VERSION_FILE) 2>/dev/null) +ifneq ($(STORED_VERSION),) + FORGEJO_VERSION ?= $(STORED_VERSION) +else + ifneq ($(GITEA_VERSION),) + FORGEJO_VERSION ?= $(GITEA_VERSION) + FORGEJO_VERSION_API ?= $(GITEA_VERSION)+${GITEA_COMPATIBILITY} + else + # drop the "g" prefix prepended by git describe to the commit hash + FORGEJO_VERSION ?= $(shell git describe --exclude '*-test' --tags --always | sed 's/^v//' | sed 's/\-g/-/')+${GITEA_COMPATIBILITY} + endif +endif +FORGEJO_VERSION_MAJOR=$(shell echo $(FORGEJO_VERSION) | sed -e 's/\..*//') +FORGEJO_VERSION_MINOR=$(shell echo $(FORGEJO_VERSION) | sed -E -e 's/^([0-9]+\.[0-9]+).*/\1/') + +show-version-full: + @echo ${FORGEJO_VERSION} + +show-version-major: + @echo ${FORGEJO_VERSION_MAJOR} + +show-version-minor: + @echo ${FORGEJO_VERSION_MINOR} + +RELEASE_VERSION ?= ${FORGEJO_VERSION} +VERSION ?= ${RELEASE_VERSION} + +FORGEJO_VERSION_API ?= ${FORGEJO_VERSION} + +show-version-api: + @echo ${FORGEJO_VERSION_API} + +LDFLAGS := $(LDFLAGS) -X "main.ReleaseVersion=$(RELEASE_VERSION)" -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(FORGEJO_VERSION)" -X "main.Tags=$(TAGS)" -X "main.ForgejoVersion=$(FORGEJO_VERSION_API)" + +LINUX_ARCHS ?= linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64 + +ifeq ($(HAS_GO), yes) + GO_TEST_PACKAGES ?= $(filter-out $(shell $(GO) list code.gitea.io/gitea/models/migrations/...) $(shell $(GO) list code.gitea.io/gitea/models/forgejo_migrations/...) code.gitea.io/gitea/tests/integration/migration-test code.gitea.io/gitea/tests code.gitea.io/gitea/tests/integration code.gitea.io/gitea/tests/e2e,$(shell $(GO) list ./...)) +endif +REMOTE_CACHER_MODULES ?= cache nosql session queue +GO_TEST_REMOTE_CACHER_PACKAGES ?= $(addprefix code.gitea.io/gitea/modules/,$(REMOTE_CACHER_MODULES)) + +FOMANTIC_WORK_DIR := web_src/fomantic + +WEBPACK_SOURCES := $(shell find web_src/js web_src/css -type f) +WEBPACK_CONFIGS := webpack.config.js tailwind.config.js +WEBPACK_DEST := public/assets/js/index.js public/assets/css/index.css +WEBPACK_DEST_ENTRIES := public/assets/js public/assets/css public/assets/fonts + +BINDATA_DEST := modules/public/bindata.go modules/options/bindata.go modules/templates/bindata.go +BINDATA_HASH := $(addsuffix .hash,$(BINDATA_DEST)) + +GENERATED_GO_DEST := modules/charset/invisible_gen.go modules/charset/ambiguous_gen.go + +SVG_DEST_DIR := public/assets/img/svg + +AIR_TMP_DIR := .air + +GO_LICENSE_TMP_DIR := .go-licenses +GO_LICENSE_FILE := assets/go-licenses.json + +TAGS ?= +TAGS_SPLIT := $(subst $(COMMA), ,$(TAGS)) +TAGS_EVIDENCE := $(MAKE_EVIDENCE_DIR)/tags + +TEST_TAGS ?= sqlite sqlite_unlock_notify + +TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMANTIC_WORK_DIR)/node_modules $(DIST) $(MAKE_EVIDENCE_DIR) $(AIR_TMP_DIR) $(GO_LICENSE_TMP_DIR) + +GO_DIRS := build cmd models modules routers services tests +WEB_DIRS := web_src/js web_src/css + +STYLELINT_FILES := web_src/css web_src/js/components/*.vue +SPELLCHECK_FILES := $(GO_DIRS) $(WEB_DIRS) docs/content templates options/locale/locale_en-US.ini .github $(wildcard *.go *.js *.ts *.vue *.md *.yml *.yaml *.toml) + +GO_SOURCES := $(wildcard *.go) +GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" ! -path modules/options/bindata.go ! -path modules/public/bindata.go ! -path modules/templates/bindata.go) +GO_SOURCES += $(GENERATED_GO_DEST) +GO_SOURCES_NO_BINDATA := $(GO_SOURCES) + +ifeq ($(HAS_GO), yes) + MIGRATION_PACKAGES := $(shell $(GO) list code.gitea.io/gitea/models/migrations/... code.gitea.io/gitea/models/forgejo_migrations/...) +endif + +ifeq ($(filter $(TAGS_SPLIT),bindata),bindata) + GO_SOURCES += $(BINDATA_DEST) + GENERATED_GO_DEST += $(BINDATA_DEST) +endif + +# Force installation of playwright dependencies by setting this flag +ifdef DEPS_PLAYWRIGHT + PLAYWRIGHT_FLAGS += --with-deps +endif + +FORGEJO_API_SPEC := public/assets/forgejo/api.v1.yml + +SWAGGER_SPEC := templates/swagger/v1_json.tmpl +SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl \| JSEscape}}/api/v1"|g +SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl \| JSEscape}}/api/v1"|"basePath": "/api/v1"|g +SWAGGER_EXCLUDE := code.gitea.io/sdk +SWAGGER_NEWLINE_COMMAND := -e '$$a\' +SWAGGER_SPEC_BRANDING := s|Gitea API|Forgejo API|g +SWAGGER_SPEC_LICENSE := s|"name": "MIT"|"name": "This file is distributed under the MIT license for the purpose of interoperability"| + +TEST_MYSQL_HOST ?= mysql:3306 +TEST_MYSQL_DBNAME ?= testgitea?multiStatements=true +TEST_MYSQL_USERNAME ?= root +TEST_MYSQL_PASSWORD ?= +TEST_PGSQL_HOST ?= pgsql:5432 +TEST_PGSQL_DBNAME ?= testgitea +TEST_PGSQL_USERNAME ?= postgres +TEST_PGSQL_PASSWORD ?= postgres +TEST_PGSQL_SCHEMA ?= gtestschema + +.PHONY: all +all: build + +.PHONY: help +help: + @echo "Make Routines:" + @echo " - \"\" equivalent to \"build\"" + @echo " - build build everything" + @echo " - frontend build frontend files" + @echo " - backend build backend files" + @echo " - watch watch everything and continuously rebuild" + @echo " - watch-frontend watch frontend files and continuously rebuild" + @echo " - watch-backend watch backend files and continuously rebuild" + @echo " - clean delete backend and integration files" + @echo " - clean-all delete backend, frontend and integration files" + @echo " - deps install dependencies" + @echo " - deps-frontend install frontend dependencies" + @echo " - deps-backend install backend dependencies" + @echo " - deps-tools install tool dependencies" + @echo " - deps-py install python dependencies" + @echo " - lint lint everything" + @echo " - lint-fix lint everything and fix issues" + @echo " - lint-frontend lint frontend files" + @echo " - lint-frontend-fix lint frontend files and fix issues" + @echo " - lint-backend lint backend files" + @echo " - lint-backend-fix lint backend files and fix issues" + @echo " - lint-codespell lint typos" + @echo " - lint-codespell-fix lint typos and fix them automatically" + @echo " - lint-codespell-fix-i lint typos and fix them interactively" + @echo " - lint-go lint go files" + @echo " - lint-go-fix lint go files and fix issues" + @echo " - lint-go-vet lint go files with vet" + @echo " - lint-go-gopls lint go files with gopls" + @echo " - lint-js lint js files" + @echo " - lint-js-fix lint js files and fix issues" + @echo " - lint-css lint css files" + @echo " - lint-css-fix lint css files and fix issues" + @echo " - lint-md lint markdown files" + @echo " - lint-swagger lint swagger files" + @echo " - lint-templates lint template files" + @echo " - lint-renovate lint renovate files" + @echo " - lint-yaml lint yaml files" + @echo " - lint-spell lint spelling" + @echo " - lint-spell-fix lint spelling and fix issues" + @echo " - checks run various consistency checks" + @echo " - checks-frontend check frontend files" + @echo " - checks-backend check backend files" + @echo " - test test everything" + @echo " - show-version-full show the same version as the API endpoint" + @echo " - show-version-major show major release number only" + @echo " - test-frontend test frontend files" + @echo " - test-frontend-coverage test frontend files and display code coverage" + @echo " - test-backend test backend files" + @echo " - test-remote-cacher test backend files that use a remote cache" + @echo " - test-e2e-sqlite[\#name.test.e2e] test end to end using playwright and sqlite" + @echo " - webpack build webpack files" + @echo " - svg build svg files" + @echo " - fomantic build fomantic files" + @echo " - generate run \"go generate\"" + @echo " - fmt format the Go code" + @echo " - generate-license update license files" + @echo " - generate-gitignore update gitignore files" + @echo " - generate-manpage generate manpage" + @echo " - generate-gomock generate gomock files" + @echo " - generate-forgejo-api generate the forgejo API from spec" + @echo " - forgejo-api-validate check if the forgejo API matches the specs" + @echo " - generate-swagger generate the swagger spec from code comments" + @echo " - swagger-validate check if the swagger spec is valid" + @echo " - go-licenses regenerate go licenses" + @echo " - tidy run go mod tidy" + @echo " - test[\#TestSpecificName] run unit test" + @echo " - test-sqlite[\#TestSpecificName] run integration test for sqlite" + @echo " - reproduce-build\#version build a reproducible binary for the specified release version" + +### +# Check system and environment requirements +### + +.PHONY: go-check +go-check: + $(eval MIN_GO_VERSION_STR := $(shell grep -Eo '^go\s+[0-9]+\.[0-9]+' go.mod | cut -d' ' -f2)) + $(eval MIN_GO_VERSION := $(shell printf "%03d%03d" $(shell echo '$(MIN_GO_VERSION_STR)' | tr '.' ' '))) + $(eval GO_VERSION := $(shell printf "%03d%03d" $(shell $(GO) version | grep -Eo '[0-9]+\.[0-9]+' | tr '.' ' ');)) + @if [ "$(GO_VERSION)" -lt "$(MIN_GO_VERSION)" ]; then \ + echo "Forgejo requires Go $(MIN_GO_VERSION_STR) or greater to build. You can get it at https://go.dev/dl/"; \ + exit 1; \ + fi + +.PHONY: git-check +git-check: + @if git lfs >/dev/null 2>&1 ; then : ; else \ + echo "Forgejo requires git with lfs support to run tests." ; \ + exit 1; \ + fi + +.PHONY: node-check +node-check: + $(eval MIN_NODE_VERSION_STR := $(shell grep -Eo '"node":.*[0-9.]+"' package.json | sed -n 's/.*[^0-9.]\([0-9.]*\)"/\1/p')) + $(eval MIN_NODE_VERSION := $(shell printf "%03d%03d%03d" $(shell echo '$(MIN_NODE_VERSION_STR)' | tr '.' ' '))) + $(eval NODE_VERSION := $(shell printf "%03d%03d%03d" $(shell node -v | cut -c2- | tr '.' ' ');)) + $(eval NPM_MISSING := $(shell hash npm > /dev/null 2>&1 || echo 1)) + @if [ "$(NODE_VERSION)" -lt "$(MIN_NODE_VERSION)" -o "$(NPM_MISSING)" = "1" ]; then \ + echo "Forgejo requires Node.js $(MIN_NODE_VERSION_STR) or greater and npm to build. You can get it at https://nodejs.org/en/download/"; \ + exit 1; \ + fi + +### +# Basic maintenance, check and lint targets +### + +.PHONY: clean-all +clean-all: clean + rm -rf $(WEBPACK_DEST_ENTRIES) node_modules + +.PHONY: clean +clean: + rm -rf $(EXECUTABLE) $(DIST) $(BINDATA_DEST) $(BINDATA_HASH) \ + integrations*.test \ + e2e*.test \ + tests/integration/gitea-integration-* \ + tests/integration/indexers-* \ + tests/mysql.ini tests/pgsql.ini man/ \ + tests/e2e/gitea-e2e-*/ \ + tests/e2e/indexers-*/ \ + tests/e2e/reports/ tests/e2e/test-artifacts/ tests/e2e/test-snapshots/ + +.PHONY: fmt +fmt: + @GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -w '{file-list}' + $(eval TEMPLATES := $(shell find templates -type f -name '*.tmpl')) + @# strip whitespace after '{{' or '(' and before '}}' or ')' unless there is only + @# whitespace before it + @$(SED_INPLACE) \ + -e 's/{{[ ]\{1,\}/{{/g' -e '/^[ ]\{1,\}}}/! s/[ ]\{1,\}}}/}}/g' \ + -e 's/([ ]\{1,\}/(/g' -e '/^[ ]\{1,\})/! s/[ ]\{1,\})/)/g' \ + $(TEMPLATES) + +.PHONY: fmt-check +fmt-check: fmt + @git diff --exit-code --color=always $(GO_SOURCES) templates $(WEB_DIRS) \ + || (code=$$?; echo "Please run 'make fmt' and commit the result"; exit $${code}) + +.PHONY: $(TAGS_EVIDENCE) +$(TAGS_EVIDENCE): + @mkdir -p $(MAKE_EVIDENCE_DIR) + @echo "$(TAGS)" > $(TAGS_EVIDENCE) + +ifneq "$(TAGS)" "$(shell cat $(TAGS_EVIDENCE) 2>/dev/null)" +TAGS_PREREQ := $(TAGS_EVIDENCE) +endif + +OAPI_CODEGEN_PACKAGE ?= github.com/deepmap/oapi-codegen/cmd/oapi-codegen@v1.12.4 +KIN_OPENAPI_CODEGEN_PACKAGE ?= github.com/getkin/kin-openapi/cmd/validate@v0.114.0 +FORGEJO_API_SERVER = routers/api/forgejo/v1/generated.go + +.PHONY: generate-forgejo-api +generate-forgejo-api: $(FORGEJO_API_SPEC) + $(GO) run $(OAPI_CODEGEN_PACKAGE) -package v1 -generate chi-server,types $< > $(FORGEJO_API_SERVER) + +.PHONY: forgejo-api-check +forgejo-api-check: generate-forgejo-api + @git diff --exit-code --color=always $(FORGEJO_API_SERVER) \ + || (code=$$?; echo "Please run 'make generate-forgejo-api' and commit the result"; exit $${code}) + +.PHONY: forgejo-api-validate +forgejo-api-validate: + $(GO) run $(KIN_OPENAPI_CODEGEN_PACKAGE) $(FORGEJO_API_SPEC) + +.PHONY: generate-swagger +generate-swagger: $(SWAGGER_SPEC) + +$(SWAGGER_SPEC): $(GO_SOURCES_NO_BINDATA) + $(GO) run $(SWAGGER_PACKAGE) generate spec -x "$(SWAGGER_EXCLUDE)" -o './$(SWAGGER_SPEC)' + $(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)' + $(SED_INPLACE) $(SWAGGER_NEWLINE_COMMAND) './$(SWAGGER_SPEC)' + $(SED_INPLACE) '$(SWAGGER_SPEC_BRANDING)' './$(SWAGGER_SPEC)' + $(SED_INPLACE) '$(SWAGGER_SPEC_LICENSE)' './$(SWAGGER_SPEC)' + +.PHONY: swagger-check +swagger-check: generate-swagger + @git diff --exit-code --color=always '$(SWAGGER_SPEC)' \ + || (code=$$?; echo "Please run 'make generate-swagger' and commit the result"; exit $${code}) + +.PHONY: swagger-validate +swagger-validate: + $(SED_INPLACE) '$(SWAGGER_SPEC_S_JSON)' './$(SWAGGER_SPEC)' + $(GO) run $(SWAGGER_PACKAGE) validate './$(SWAGGER_SPEC)' + $(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)' + +.PHONY: checks +checks: checks-frontend checks-backend + +.PHONY: checks-frontend +checks-frontend: lockfile-check svg-check + +.PHONY: checks-backend +checks-backend: tidy-check swagger-check fmt-check swagger-validate security-check + +.PHONY: lint +lint: lint-frontend lint-backend lint-spell + +.PHONY: lint-fix +lint-fix: lint-frontend-fix lint-backend-fix lint-spell-fix + +.PHONY: lint-frontend +lint-frontend: lint-js lint-css + +.PHONY: lint-frontend-fix +lint-frontend-fix: lint-js-fix lint-css-fix + +.PHONY: lint-backend +lint-backend: lint-go lint-go-vet lint-editorconfig lint-renovate lint-locale lint-disposable-emails + +.PHONY: lint-backend-fix +lint-backend-fix: lint-go-fix lint-go-vet lint-editorconfig lint-disposable-emails-fix + +.PHONY: lint-codespell +lint-codespell: + codespell + +.PHONY: lint-codespell-fix +lint-codespell-fix: + codespell -w + +.PHONY: lint-codespell-fix-i +lint-codespell-fix-i: + codespell -w -i 3 -C 2 + +.PHONY: lint-js +lint-js: node_modules + npx eslint --color --max-warnings=0 + +.PHONY: lint-js-fix +lint-js-fix: node_modules + npx eslint --color --max-warnings=0 --fix + +.PHONY: lint-css +lint-css: node_modules + npx stylelint --color --max-warnings=0 $(STYLELINT_FILES) + +.PHONY: lint-css-fix +lint-css-fix: node_modules + npx stylelint --color --max-warnings=0 $(STYLELINT_FILES) --fix + +.PHONY: lint-swagger +lint-swagger: node_modules + npx spectral lint -q -F hint $(SWAGGER_SPEC) + +.PHONY: lint-renovate +lint-renovate: node_modules + npx --yes --package $(RENOVATE_NPM_PACKAGE) -- renovate-config-validator --strict > .lint-renovate 2>&1 || true + @if grep --quiet --extended-regexp -e '^( WARN:|ERROR:)' .lint-renovate ; then cat .lint-renovate ; rm .lint-renovate ; exit 1 ; fi + @rm .lint-renovate + +.PHONY: lint-locale +lint-locale: + $(GO) run build/lint-locale.go + +.PHONY: lint-md +lint-md: node_modules + npx markdownlint docs *.md + +.PHONY: lint-spell +lint-spell: lint-codespell + @go run $(MISSPELL_PACKAGE) -error $(SPELLCHECK_FILES) + +.PHONY: lint-spell-fix +lint-spell-fix: lint-codespell-fix + @go run $(MISSPELL_PACKAGE) -w $(SPELLCHECK_FILES) + +RUN_DEADCODE = $(GO) run $(DEADCODE_PACKAGE) -generated=false -f='{{println .Path}}{{range .Funcs}}{{printf "\t%s\n" .Name}}{{end}}{{println}}' -test code.gitea.io/gitea + +.PHONY: lint-go +lint-go: + $(GO) run $(GOLANGCI_LINT_PACKAGE) run $(GOLANGCI_LINT_ARGS) + $(RUN_DEADCODE) > .cur-deadcode-out + @$(DIFF) .deadcode-out .cur-deadcode-out \ + || (code=$$?; echo "Please run 'make lint-go-fix' and commit the result"; exit $${code}) + +.PHONY: lint-go-fix +lint-go-fix: + $(GO) run $(GOLANGCI_LINT_PACKAGE) run $(GOLANGCI_LINT_ARGS) --fix + $(RUN_DEADCODE) > .deadcode-out + +# workaround step for the lint-go-windows CI task because 'go run' can not +# have distinct GOOS/GOARCH for its build and run steps +.PHONY: lint-go-windows +lint-go-windows: + @GOOS= GOARCH= $(GO) install $(GOLANGCI_LINT_PACKAGE) + golangci-lint run + +.PHONY: lint-go-vet +lint-go-vet: + @echo "Running go vet..." + @$(GO) vet ./... + +.PHONY: lint-go-gopls +lint-go-gopls: + @echo "Running gopls check..." + @GO=$(GO) GOPLS_PACKAGE=$(GOPLS_PACKAGE) tools/lint-go-gopls.sh $(GO_SOURCES_NO_BINDATA) + +.PHONY: lint-editorconfig +lint-editorconfig: + $(GO) run $(EDITORCONFIG_CHECKER_PACKAGE) templates .forgejo/workflows + +.PHONY: lint-disposable-emails +lint-disposable-emails: + $(GO) run build/generate-disposable-email.go -check -r $(DISPOSABLE_EMAILS_SHA) + +.PHONY: lint-disposable-emails-fix +lint-disposable-emails-fix: + $(GO) run build/generate-disposable-email.go -r $(DISPOSABLE_EMAILS_SHA) + +.PHONY: lint-templates +lint-templates: .venv node_modules + @node tools/lint-templates-svg.js + @poetry run djlint $(shell find templates -type f -iname '*.tmpl') + +.PHONY: lint-yaml +lint-yaml: .venv + @poetry run yamllint . + +.PHONY: security-check +security-check: + go run $(GOVULNCHECK_PACKAGE) ./... + +### +# Development and testing targets +### + +.PHONY: watch +watch: + @bash tools/watch.sh + +.PHONY: watch-frontend +watch-frontend: node-check node_modules + @rm -rf $(WEBPACK_DEST_ENTRIES) + NODE_ENV=development npx webpack --watch --progress + +.PHONY: watch-backend +watch-backend: go-check + GITEA_RUN_MODE=dev $(GO) run $(AIR_PACKAGE) -c .air.toml + +.PHONY: test +test: test-frontend test-backend + +.PHONY: test-backend +test-backend: + @echo "Running go test with $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..." + @$(GOTEST) $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_TEST_PACKAGES) + +.PHONY: test-remote-cacher +test-remote-cacher: + @echo "Running go test with $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..." + @$(GOTEST) $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_TEST_REMOTE_CACHER_PACKAGES) + +.PHONY: test-frontend +test-frontend: node_modules + npx vitest + +.PHONY: test-frontend-coverage +test-frontend-coverage: node_modules + npx vitest --coverage --coverage.include 'web_src/**' + +.PHONY: test-check +test-check: + @echo "Running test-check..."; + @diff=$$(git status -s); \ + if [ -n "$$diff" ]; then \ + echo "make test-backend has changed files in the source tree:"; \ + echo "$${diff}"; \ + echo "You should change the tests to create these files in a temporary directory."; \ + echo "Do not simply add these files to .gitignore"; \ + exit 1; \ + fi + +.PHONY: test\#% +test\#%: + @echo "Running go test with -tags '$(TEST_TAGS)'..." + @$(GOTEST) $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_TEST_PACKAGES) + +.PHONY: coverage +coverage: + grep '^\(mode: .*\)\|\(.*:[0-9]\+\.[0-9]\+,[0-9]\+\.[0-9]\+ [0-9]\+ [0-9]\+\)$$' coverage.out > coverage-bodged.out + grep '^\(mode: .*\)\|\(.*:[0-9]\+\.[0-9]\+,[0-9]\+\.[0-9]\+ [0-9]\+ [0-9]\+\)$$' integration.coverage.out > integration.coverage-bodged.out + $(GO) run build/gocovmerge.go integration.coverage-bodged.out coverage-bodged.out > coverage.all + +.PHONY: unit-test-coverage +unit-test-coverage: + @echo "Running unit-test-coverage $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..." + @$(GOTEST) $(GOTESTFLAGS) -timeout=20m -tags='$(TEST_TAGS)' -cover -coverprofile coverage.out $(GO_TEST_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1 + +.PHONY: tidy +tidy: + $(eval MIN_GO_VERSION := $(shell grep -Eo '^go\s+[0-9]+\.[0-9.]+' go.mod | cut -d' ' -f2)) + $(GO) mod tidy -compat=$(MIN_GO_VERSION) + @$(MAKE) --no-print-directory $(GO_LICENSE_FILE) + +vendor: go.mod go.sum + $(GO) mod vendor + @touch vendor + +.PHONY: tidy-check +tidy-check: tidy + @git diff --exit-code --color=always go.mod go.sum $(GO_LICENSE_FILE) \ + || (code=$$?; echo "Please run 'make tidy' and commit the result"; exit $${code}) + +.PHONY: go-licenses +go-licenses: $(GO_LICENSE_FILE) + +$(GO_LICENSE_FILE): go.mod go.sum + -$(GO) run $(GO_LICENSES_PACKAGE) save . --force --ignore code.gitea.io/gitea --save_path=$(GO_LICENSE_TMP_DIR) 2>/dev/null + $(GO) run build/generate-go-licenses.go $(GO_LICENSE_TMP_DIR) $(GO_LICENSE_FILE) + @rm -rf $(GO_LICENSE_TMP_DIR) + +generate-ini-sqlite: + sed -e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \ + -e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \ + -e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \ + tests/sqlite.ini.tmpl > tests/sqlite.ini + +.PHONY: test-sqlite +test-sqlite: integrations.sqlite.test generate-ini-sqlite + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTESTCOMPILEDRUNPREFIX) ./integrations.sqlite.test $(GOTESTCOMPILEDRUNSUFFIX) + +.PHONY: test-sqlite\#% +test-sqlite\#%: integrations.sqlite.test generate-ini-sqlite + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTESTCOMPILEDRUNPREFIX) ./integrations.sqlite.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run $(subst .,/,$*) + +.PHONY: test-sqlite-migration +test-sqlite-migration: migrations.sqlite.test migrations.individual.sqlite.test + +generate-ini-mysql: + sed -e 's|{{TEST_MYSQL_HOST}}|${TEST_MYSQL_HOST}|g' \ + -e 's|{{TEST_MYSQL_DBNAME}}|${TEST_MYSQL_DBNAME}|g' \ + -e 's|{{TEST_MYSQL_USERNAME}}|${TEST_MYSQL_USERNAME}|g' \ + -e 's|{{TEST_MYSQL_PASSWORD}}|${TEST_MYSQL_PASSWORD}|g' \ + -e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \ + -e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \ + -e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \ + tests/mysql.ini.tmpl > tests/mysql.ini + +.PHONY: test-mysql +test-mysql: integrations.mysql.test generate-ini-mysql + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GOTESTCOMPILEDRUNPREFIX) ./integrations.mysql.test $(GOTESTCOMPILEDRUNSUFFIX) + +.PHONY: test-mysql\#% +test-mysql\#%: integrations.mysql.test generate-ini-mysql + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GOTESTCOMPILEDRUNPREFIX) ./integrations.mysql.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run $(subst .,/,$*) + +.PHONY: test-mysql-migration +test-mysql-migration: migrations.mysql.test migrations.individual.mysql.test + +generate-ini-pgsql: + sed -e 's|{{TEST_PGSQL_HOST}}|${TEST_PGSQL_HOST}|g' \ + -e 's|{{TEST_PGSQL_DBNAME}}|${TEST_PGSQL_DBNAME}|g' \ + -e 's|{{TEST_PGSQL_USERNAME}}|${TEST_PGSQL_USERNAME}|g' \ + -e 's|{{TEST_PGSQL_PASSWORD}}|${TEST_PGSQL_PASSWORD}|g' \ + -e 's|{{TEST_PGSQL_SCHEMA}}|${TEST_PGSQL_SCHEMA}|g' \ + -e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \ + -e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \ + -e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \ + -e 's|{{TEST_STORAGE_TYPE}}|$(or $(TEST_STORAGE_TYPE),minio)|g' \ + tests/pgsql.ini.tmpl > tests/pgsql.ini + +.PHONY: test-pgsql +test-pgsql: integrations.pgsql.test generate-ini-pgsql + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTESTCOMPILEDRUNPREFIX) ./integrations.pgsql.test $(GOTESTCOMPILEDRUNSUFFIX) + +.PHONY: test-pgsql\#% +test-pgsql\#%: integrations.pgsql.test generate-ini-pgsql + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTESTCOMPILEDRUNPREFIX) ./integrations.pgsql.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run $(subst .,/,$*) + +.PHONY: test-pgsql-migration +test-pgsql-migration: migrations.pgsql.test migrations.individual.pgsql.test + +.PHONY: playwright +playwright: deps-frontend + npx playwright install $(PLAYWRIGHT_FLAGS) + +.PHONY: test-e2e% +test-e2e%: TEST_TYPE ?= e2e + # Clear display env variable. Otherwise, chromium tests can fail. + DISPLAY= + +.PHONY: test-e2e +test-e2e: test-e2e-sqlite + +.PHONY: test-e2e-sqlite +test-e2e-sqlite: playwright e2e.sqlite.test generate-ini-sqlite + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTESTCOMPILEDRUNPREFIX) ./e2e.sqlite.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run TestE2e + +.PHONY: test-e2e-sqlite\#% +test-e2e-sqlite\#%: playwright e2e.sqlite.test generate-ini-sqlite + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTESTCOMPILEDRUNPREFIX) ./e2e.sqlite.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run TestE2e/$* + +.PHONY: test-e2e-sqlite-firefox\#% +test-e2e-sqlite-firefox\#%: playwright e2e.sqlite.test generate-ini-sqlite + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini PLAYWRIGHT_PROJECT=firefox $(GOTESTCOMPILEDRUNPREFIX) ./e2e.sqlite.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run TestE2e/$* + +.PHONY: test-e2e-mysql +test-e2e-mysql: playwright e2e.mysql.test generate-ini-mysql + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GOTESTCOMPILEDRUNPREFIX) ./e2e.mysql.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run TestE2e + +.PHONY: test-e2e-mysql\#% +test-e2e-mysql\#%: playwright e2e.mysql.test generate-ini-mysql + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GOTESTCOMPILEDRUNPREFIX) ./e2e.mysql.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run TestE2e/$* + +.PHONY: test-e2e-pgsql +test-e2e-pgsql: playwright e2e.pgsql.test generate-ini-pgsql + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTESTCOMPILEDRUNPREFIX) ./e2e.pgsql.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run TestE2e + +.PHONY: test-e2e-pgsql\#% +test-e2e-pgsql\#%: playwright e2e.pgsql.test generate-ini-pgsql + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTESTCOMPILEDRUNPREFIX) ./e2e.pgsql.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run TestE2e/$* + +.PHONY: test-e2e-debugserver +test-e2e-debugserver: e2e.sqlite.test generate-ini-sqlite + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./e2e.sqlite.test -test.run TestDebugserver -test.timeout 24h + +.PHONY: bench-sqlite +bench-sqlite: integrations.sqlite.test generate-ini-sqlite + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.sqlite.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench . + +.PHONY: bench-mysql +bench-mysql: integrations.mysql.test generate-ini-mysql + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.mysql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench . + +.PHONY: bench-pgsql +bench-pgsql: integrations.pgsql.test generate-ini-pgsql + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./integrations.pgsql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench . + +.PHONY: integration-test-coverage +integration-test-coverage: integrations.cover.test generate-ini-mysql + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.cover.test -test.coverprofile=integration.coverage.out + +.PHONY: integration-test-coverage-sqlite +integration-test-coverage-sqlite: integrations.cover.sqlite.test generate-ini-sqlite + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.cover.sqlite.test -test.coverprofile=integration.coverage.out + +integrations.mysql.test: git-check $(GO_SOURCES) + $(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.mysql.test + +integrations.pgsql.test: git-check $(GO_SOURCES) + $(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.pgsql.test + +integrations.sqlite.test: git-check $(GO_SOURCES) + $(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.sqlite.test -tags '$(TEST_TAGS)' + +integrations.cover.test: git-check $(GO_SOURCES) + $(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.test + +integrations.cover.sqlite.test: git-check $(GO_SOURCES) + $(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.sqlite.test -tags '$(TEST_TAGS)' + +.PHONY: migrations.mysql.test +migrations.mysql.test: $(GO_SOURCES) generate-ini-mysql + $(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mysql.test + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GOTESTCOMPILEDRUNPREFIX) ./migrations.mysql.test $(GOTESTCOMPILEDRUNSUFFIX) + +.PHONY: migrations.pgsql.test +migrations.pgsql.test: $(GO_SOURCES) generate-ini-pgsql + $(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.pgsql.test + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTESTCOMPILEDRUNPREFIX) ./migrations.pgsql.test $(GOTESTCOMPILEDRUNSUFFIX) + +.PHONY: migrations.sqlite.test +migrations.sqlite.test: $(GO_SOURCES) generate-ini-sqlite + $(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.sqlite.test -tags '$(TEST_TAGS)' + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTESTCOMPILEDRUNPREFIX) ./migrations.sqlite.test $(GOTESTCOMPILEDRUNSUFFIX) + +.PHONY: migrations.individual.mysql.test +migrations.individual.mysql.test: $(GO_SOURCES) + for pkg in $(MIGRATION_PACKAGES); do \ + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg || exit 1; \ + done + +.PHONY: migrations.individual.sqlite.test\#% +migrations.individual.sqlite.test\#%: $(GO_SOURCES) generate-ini-sqlite + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$* + +.PHONY: migrations.individual.pgsql.test +migrations.individual.pgsql.test: $(GO_SOURCES) + for pkg in $(MIGRATION_PACKAGES); do \ + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg || exit 1;\ + done + +.PHONY: migrations.individual.pgsql.test\#% +migrations.individual.pgsql.test\#%: $(GO_SOURCES) generate-ini-pgsql + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$* + +.PHONY: migrations.individual.sqlite.test +migrations.individual.sqlite.test: $(GO_SOURCES) generate-ini-sqlite + for pkg in $(MIGRATION_PACKAGES); do \ + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg || exit 1; \ + done + +.PHONY: migrations.individual.sqlite.test\#% +migrations.individual.sqlite.test\#%: $(GO_SOURCES) generate-ini-sqlite + GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$* + +e2e.mysql.test: $(GO_SOURCES) + $(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mysql.test + +e2e.pgsql.test: $(GO_SOURCES) + $(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.pgsql.test + +e2e.sqlite.test: $(GO_SOURCES) + $(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.sqlite.test -tags '$(TEST_TAGS)' + +.PHONY: check +check: test + +### +# Production / build targets +### + +.PHONY: install $(TAGS_PREREQ) +install: $(wildcard *.go) + CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) install -v -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' + +.PHONY: build +build: frontend backend + +.PHONY: frontend +frontend: $(WEBPACK_DEST) + +.PHONY: backend +backend: go-check generate-backend $(EXECUTABLE) + +# We generate the backend before the frontend in case we in future we want to generate things in the frontend from generated files in backend +.PHONY: generate +generate: generate-backend + +.PHONY: generate-backend +generate-backend: $(TAGS_PREREQ) generate-go + +.PHONY: generate-go +generate-go: $(TAGS_PREREQ) + @echo "Running go generate..." + @CC= GOOS= GOARCH= CGO_ENABLED=0 $(GO) generate -tags '$(TAGS)' ./... + +.PHONY: merge-locales +merge-locales: + @echo "NOT NEEDED: THIS IS A NOOP AS OF Forgejo 7.0 BUT KEPT FOR BACKWARD COMPATIBILITY" + +$(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ) + CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@ + +forgejo: $(EXECUTABLE) + ln -f $(EXECUTABLE) forgejo + +static-executable: $(GO_SOURCES) $(TAGS_PREREQ) + CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags 'netgo osusergo $(TAGS)' -ldflags '-s -w -linkmode external -extldflags "-static" $(LDFLAGS)' -o $(EXECUTABLE) + +.PHONY: release +release: frontend generate release-linux release-copy release-compress vendor release-sources release-check + +# just the sources, with all assets builtin and frontend resources generated +sources-tarbal: frontend generate vendor release-sources release-check + +$(DIST_DIRS): + mkdir -p $(DIST_DIRS) + +.PHONY: release-windows +release-windows: | $(DIST_DIRS) + CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) . + +.PHONY: release-linux +release-linux: | $(DIST_DIRS) + CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out forgejo-$(VERSION) . +ifeq ($(CI),true) + cp /build/* $(DIST)/binaries +endif + +.PHONY: release-darwin +release-darwin: | $(DIST_DIRS) + CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin-10.12/amd64,darwin-10.12/arm64' -out gitea-$(VERSION) . + +.PHONY: release-freebsd +release-freebsd: | $(DIST_DIRS) + CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'freebsd/amd64' -out gitea-$(VERSION) . + +.PHONY: release-copy +release-copy: | $(DIST_DIRS) + cd $(DIST); for file in `find . -type f -name "*"`; do cp $${file} ./release/; done; + +.PHONY: release-check +release-check: | $(DIST_DIRS) + cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "checksumming $${file}" && $(SHASUM) `echo $${file} | sed 's/^..//'` > $${file}.sha256; done; + +.PHONY: release-compress +release-compress: | $(DIST_DIRS) + cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "compressing $${file}" && $(GO) run $(GXZ_PACKAGE) -k -9 $${file}; done; + +.PHONY: release-sources +release-sources: | $(DIST_DIRS) + echo $(VERSION) > $(STORED_VERSION_FILE) +# bsdtar needs a ^ to prevent matching subdirectories + $(eval EXCL := --exclude=$(shell tar --help | grep -q bsdtar && echo "^")./) +# use transform to a add a release-folder prefix; in bsdtar the transform parameter equivalent is -s + $(eval TRANSFORM := $(shell tar --help | grep -q bsdtar && echo "-s '/^./forgejo-src-$(VERSION)/'" || echo "--transform 's|^./|forgejo-src-$(VERSION)/|'")) + tar $(addprefix $(EXCL),$(TAR_EXCLUDES)) $(TRANSFORM) -czf $(DIST)/release/forgejo-src-$(VERSION).tar.gz . + rm -f $(STORED_VERSION_FILE) + +.PHONY: release-docs +release-docs: | $(DIST_DIRS) docs + tar -czf $(DIST)/release/gitea-docs-$(VERSION).tar.gz -C ./docs . + +.PHONY: reproduce-build +reproduce-build: +# Start building the Dockerfile with the RELEASE_VERSION tag set. GOPROXY is set +# for convenience, because the default of the Dockerfile is `direct` which can be +# quite slow. + @docker build --build-arg="RELEASE_VERSION=$(RELEASE_VERSION)" --build-arg="GOPROXY=$(shell $(GO) env GOPROXY)" --tag "forgejo-reproducibility" . + @id=$$(docker create forgejo-reproducibility); \ + docker cp $$id:/app/gitea/gitea ./forgejo; \ + docker rm -v $$id; \ + docker image rm forgejo-reproducibility:latest + +.PHONY: reproduce-build\#% +reproduce-build\#%: + @git switch -d "$*" +# All the current variables are based on information before the git checkout happened. +# Call the makefile again, so these variables are correct and can be used for building +# a reproducible binary. Always execute git switch -, to go back to the previous branch. + @make reproduce-build; \ + (code=$$?; git switch -; exit $${code}) + +### +# Dependency management +### + +.PHONY: deps +deps: deps-frontend deps-backend deps-tools deps-py + +.PHONY: deps-py +deps-py: .venv + +.PHONY: deps-frontend +deps-frontend: node_modules + +.PHONY: deps-backend +deps-backend: + $(GO) mod download + +.PHONY: deps-tools +deps-tools: + $(GO) install $(AIR_PACKAGE) + $(GO) install $(EDITORCONFIG_CHECKER_PACKAGE) + $(GO) install $(GOFUMPT_PACKAGE) + $(GO) install $(GOLANGCI_LINT_PACKAGE) + $(GO) install $(GXZ_PACKAGE) + $(GO) install $(MISSPELL_PACKAGE) + $(GO) install $(SWAGGER_PACKAGE) + $(GO) install $(XGO_PACKAGE) + $(GO) install $(GO_LICENSES_PACKAGE) + $(GO) install $(GOVULNCHECK_PACKAGE) + $(GO) install $(GOMOCK_PACKAGE) + $(GO) install $(GOPLS_PACKAGE) + +node_modules: package-lock.json + npm install --no-save + @touch node_modules + +.venv: poetry.lock + poetry install + @touch .venv + +.PHONY: fomantic +fomantic: + rm -rf $(FOMANTIC_WORK_DIR)/build + cd $(FOMANTIC_WORK_DIR) && npm install --no-save + cp -f $(FOMANTIC_WORK_DIR)/theme.config.less $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/theme.config + cp -rf $(FOMANTIC_WORK_DIR)/_site $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/ + $(SED_INPLACE) -e 's/ overrideBrowserslist\r/ overrideBrowserslist: ["defaults"]\r/g' $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/tasks/config/tasks.js + cd $(FOMANTIC_WORK_DIR) && npx gulp -f node_modules/fomantic-ui/gulpfile.js build + # fomantic uses "touchstart" as click event for some browsers, it's not ideal, so we force fomantic to always use "click" as click event + $(SED_INPLACE) -e 's/clickEvent[ \t]*=/clickEvent = "click", unstableClickEvent =/g' $(FOMANTIC_WORK_DIR)/build/semantic.js + $(SED_INPLACE) -e 's/\r//g' $(FOMANTIC_WORK_DIR)/build/semantic.css $(FOMANTIC_WORK_DIR)/build/semantic.js + rm -f $(FOMANTIC_WORK_DIR)/build/*.min.* + +.PHONY: webpack +webpack: $(WEBPACK_DEST) + +$(WEBPACK_DEST): $(WEBPACK_SOURCES) $(WEBPACK_CONFIGS) package-lock.json + @$(MAKE) -s node-check node_modules + @rm -rf $(WEBPACK_DEST_ENTRIES) + @echo "Running webpack..." + @BROWSERSLIST_IGNORE_OLD_DATA=true npx webpack + @touch $(WEBPACK_DEST) + +.PHONY: svg +svg: node-check | node_modules + rm -rf $(SVG_DEST_DIR) + node tools/generate-svg.js + +.PHONY: svg-check +svg-check: svg + @git add $(SVG_DEST_DIR) + @git diff --exit-code --color=always --cached $(SVG_DEST_DIR) \ + || (code=$$?; echo "Please run 'make svg' and commit the result"; exit $${code}) + +.PHONY: lockfile-check +lockfile-check: + npm install --package-lock-only + @git diff --exit-code --color=always package-lock.json \ + || (code=$$?; echo "Please run 'npm install --package-lock-only' and commit the result"; exit $${code}) + +.PHONY: generate-license +generate-license: + $(GO) run build/generate-licenses.go + +.PHONY: generate-gitignore +generate-gitignore: + $(GO) run build/generate-gitignores.go + +.PHONY: generate-gomock +generate-gomock: + $(GO) run $(GOMOCK_PACKAGE) -package mock -destination ./modules/queue/mock/redisuniversalclient.go code.gitea.io/gitea/modules/nosql RedisClient + +.PHONY: generate-images +generate-images: | node_modules + npm install --no-save fabric@6 imagemin-zopfli@7 + node tools/generate-images.js $(TAGS) + +.PHONY: generate-manpage +generate-manpage: + @[ -f gitea ] || make backend + @mkdir -p man/man1/ man/man5 + @./gitea docs --man > man/man1/gitea.1 + @gzip -9 man/man1/gitea.1 && echo man/man1/gitea.1.gz created + @#TODO A small script that formats config-cheat-sheet.en-us.md nicely for use as a config man page + +# This endif closes the if at the top of the file +endif + +# Disable parallel execution because it would break some targets that don't +# specify exact dependencies like 'backend' which does currently not depend +# on 'frontend' to enable Node.js-less builds from source tarballs. +.NOTPARALLEL: diff --git a/README.md b/README.md new file mode 100644 index 0000000..0c4beca --- /dev/null +++ b/README.md @@ -0,0 +1,51 @@ +
+ +

Welcome to Forgejo

+
+ +Hi there! Tired of big platforms playing monopoly? +Providing Git hosting for your project, friends, company or community? +**Forgejo** (/for'd͡ʒe.jo/ inspired by forĝejo – the Esperanto word for *forge*) has you covered with its intuitive interface, +light and easy hosting and a lot of builtin functionality. + +Forgejo was [created in 2022](https://forgejo.org/2022-12-15-hello-forgejo/) +because we think that the project should be owned by an independent community. +If you second that, then Forgejo is for you! +Our promise: **Independent Free/Libre Software forever!** + +## What does Forgejo offer? + + + +If you like any of the following, Forgejo is literally meant for you: + +- Lightweight: Forgejo can easily be hosted on nearly **every machine**. + Running on a Raspberry? Small cloud instance? No problem! +- Project management: Besides Git hosting, Forgejo offers issues, + pull requests, wikis, kanban boards and much more to **coordinate with your team**. +- Publishing: Have something to share? Use **releases** to host your software for download, + or use the **package registry** to publish it for docker, npm and many other package managers. +- Customizable: Want to change your look? Change some settings? + There are many **config switches** to make Forgejo work exactly like you want. +- Powerful: Organizations & team permissions, CI integration, Code Search, LDAP, OAuth and much more. + If you have **advanced needs**, Forgejo has you covered. +- Privacy: From update checker to default settings: Forgejo is built to be **privacy first** for you and your crew. +- Federation: (WIP) We are actively working to connect software forges with each other through **ActivityPub**, + and create a collaborative network of personal instances. + +## Learn more + +Dive into the [documentation](https://forgejo.org/docs/latest/), subscribe to releases and blog post on [our website](https://forgejo.org), find us on the Fediverse or hop into [our Matrix room](https://matrix.to/#/#forgejo-chat:matrix.org) if you have any questions or want to get involved. + +## License + +Forgejo is distributed under the terms of the [GPL version 3.0](LICENSE) or any later version. + +The agreement for this license [was documented in June 2023](https://codeberg.org/forgejo/governance/pulls/24) and implemented during the development of Forgejo v9.0. All Forgejo versions before v9.0 are distributed under the MIT license. + +## Get involved + +If you are interested in making Forgejo better, either by reporting a bug or by changing the governance, please [take a look at the contribution guide](CONTRIBUTING.md). diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md new file mode 100644 index 0000000..a274956 --- /dev/null +++ b/RELEASE-NOTES.md @@ -0,0 +1,2678 @@ +# Release Notes + +A minor or major Forgejo release is published every [three months](https://forgejo.org/docs/latest/developer/release/#release-cycle), with more patch releases in between depending on the severity of the bug and security fixes it contains. + +A [patch or minor release](https://semver.org/spec/v2.0.0.html) (e.g. upgrading from v7.0.0 to v7.0.1 or v7.1.0) does not require manual intervention. But [major releases](https://semver.org/spec/v2.0.0.html#spec-item-8) where the first version number changes (e.g. upgrading from v1.21 to v7.0) contain breaking changes and the release notes explain how to deal with them. + +The release notes of each release [are available in the release-notes-published directory of this repository](release-notes-published), starting with [Forgejo 7.0.7](release-notes-published/7.0.7.md) and [Forgejo 8.0.1](release-notes-published/8.0.1.md). + +## 9.0.2 + +See the [Forgejo 9.0.2 release notes](release-notes-published/9.0.2.md). + +## 9.0.1 + +See the [Forgejo 9.0.1 release notes](release-notes-published/9.0.1.md). + +## 9.0.0 + +See the [Forgejo 9.0.0 release notes](release-notes-published/9.0.0.md). + +## 8.0.3 + +See the [Forgejo 8.0.3 release notes](release-notes-published/8.0.3.md). + +## 8.0.2 + +See the [Forgejo 8.0.2 release notes](release-notes-published/8.0.2.md). + +## 8.0.1 + +See the [Forgejo 8.0.1 release notes](release-notes-published/8.0.1.md). + +## 8.0.0 + +A [companion blog post](https://forgejo.org/2024-07-release-v8-0/) provides additional context on this release. In addition to the pull requests listed below, you will find a complete list in the [v8.0 milestone](https://codeberg.org/forgejo/forgejo/milestone/6042). + +- Two frontend features were removed because a license incompatibility was discovered. [Read more in the dedicated blog post](https://forgejo.org/2024-07-non-free-dependency-found/). + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4670): [Mermaid](https://mermaid.js.org/) rendering: `%%{init: {"flowchart": {"defaultRenderer": "elk"}} }%%` will now fail because [ELK](https://github.com/kieler/elkjs) is no longer included. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4595): Repository citation: Removed the ability to export citations in APA format. + + +- **Breaking** + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3040): remove Microsoft SQL Server support see [the discussion](https://codeberg.org/forgejo/discussions/issues/122). +- **User interface features & enhancements** + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4590) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4571)): Replace `vue-bar-graph` with `chart.js` + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4201): make the tooltip of the author label in comments clearer. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4189): only show the RSS feed button and Public activity tab in user profiles when the activity can be accessed and add messages about visibility. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4139): reorder repo tabs for better UX: (i) `Actions` is now the last tab (ii) `Packages` are located after Releases (iii) this puts Projects after Pull requests. (tab positions may depend on which units are enabled in the repo). + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4134): code search results are now displayed in a foldable box. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4095): disable the `Subscribe` button for guest users. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4072): + - Added Enter key handling to the new Markdown editor: Pressing Enter while in a list, quote or code block will copy the prefix to the new line - Ordered list index will be increased for the new line, and task list "checkbox" will be unchecked. + - Added indent/unindent function for a line or selection. Currently available as toolbar buttons ([#4263](https://codeberg.org/forgejo/forgejo/pulls/4263)). + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3985): added support for displaying images based on the users current color code by using an anchor of `#dark-mode-only` or `#light-mode-only` respectively. Also supporting the github variants (e.g. `#gh-dark-mode-only`). + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3870): use CSS-native pattern for image diff background, add dark theme support. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3642): allow navigating to the organization dashboard from the organization view. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3434): when PDFs are displayed in the repository, the full height of the screen is now used instead of a predefined fixed height. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3337): added support for grouping of log-lines inside steps between the special `::group::{title}` and `::endgroup::` workflow commands. A runner of v3.4.2 or later is needed. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3285): the default for `[repository].USE_COMPAT_SSH_URI` has been changed to `true`. With this change, Forgejo defaults to using the same URL style for SSH clone URLs as for HTTPS ones, instead of the former scp-style. +- **Features & Enhancements** + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4283) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4266)): add support for LFS server implementations which have batch API responses in an older/deprecated schema. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4262): introduce a branch/tag dropdown in the code search page if using git-grep. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4160): added support for fuzzy searching in `/user/repo/issues` and `/user/repo/pulls`. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4145): + - feat(perf): [commit](https://codeberg.org/forgejo/forgejo/commit/358cd67c4f316f2d4f1d3be6dcb891dc04a2ff07) reduce memory usage for chunked artifact uploads to S3. + - feat: [commit](https://codeberg.org/forgejo/forgejo/commit/b60e3ac7b4aeeb9b8760f43eea9576c0e23309e9) allow downloading draft releases assets. + - feat: [commit](https://codeberg.org/forgejo/forgejo/commit/1fca15529ac8fefb60d86b0c1f4bec8dae9a8566) API endpoints for managing tag protection. + - feat: [commit](https://codeberg.org/forgejo/forgejo/commit/4334c705b5f9388b16af23c7e75a69d027d07d5e) extract and display readme and comments for Composer packages. + - fix: [commit](https://codeberg.org/forgejo/forgejo/commit/364922c6e4f28264add9e2501a352c25ad6a0993) when a repository is adopted, its object format is not set in the database. + - fix: [commit](https://codeberg.org/forgejo/forgejo/commit/e7f332a55d6a48a3f3b4f2bfa43d18455ac00acc) during a migration from bitbucket, LFS downloads fail. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4143): a help overlay, triggered by "?" key can be displayed when viewing [asciinema](https://asciinema.org/) files (.cast extension) and [SGR color sequence](https://github.com/asciinema/avt/issues/9) are supported. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4136): strikethrough in markdown can be achieved with [a single ~ in addition to ~~](https://github.github.com/gfm/#strikethrough-extension-). + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4083): + - feat: add [Reviewed-on and Reviewed-by variables](https://codeberg.org/forgejo/forgejo/commit/4ddd9af50fbfcfb2ebf629697a803b3bce56c4af) to the merge template. + - feat(perf): [add the `[ui.csv].MAX_ROWS` setting](https://codeberg.org/forgejo/forgejo/commit/433b6c6910f8699dc41787ef8f5148b122b4677e) to avoid displaying a large number of lines (defaults to 2500). + - feat: [add a setting to override or add headers of all outgoing emails](https://codeberg.org/forgejo/forgejo/commit/1d4bff4f65d5e4a3969871ef91d3612daf272b45), for instance `Reply-To` or `In-Reply-To`. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4027): the Gitea/Forgejo webhook payload includes additional fields (`html_url`, `additions`, `deletions`, `review_comments`...) for better compatibility with [OpenProject](https://www.openproject.org/). + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4026): when an OAuth grant request submitted to a Forgejo user is denied, the server from which the request originates is notified that it has been denied. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3989): + - feat: API endpoints that return a repository now [also include the topics](https://codeberg.org/forgejo/forgejo/commit/ee2247d77c0b13b0b45df704d7589b541db03899). + - feat: display an error when an issue comment is [edited simultaneously by two users](https://codeberg.org/forgejo/forgejo/commit/ca0921a95aa9a37d8820538458c15fd0a3b0c97c) instead of silently overriding one of them. + - feat: add [support for a credentials chain for minio](https://codeberg.org/forgejo/forgejo/commit/73706ae26d138684ef9da9e1164846a040fd4a7d). + - feat(perf): improve performances when [retrieving pull requests via the API](https://codeberg.org/forgejo/forgejo/commit/47a2102694c47bc30a2a7c673c328471839ef206). + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3934): when installing Forgejo through the built-in installer, open (self-) registration is now disabled by default. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3917): support [setting the default attribute of the issue template dropdown field](https://codeberg.org/forgejo/forgejo/commit/df15abd07264138fd07e003d0cf056f7da514b8f) + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3886): For federated-star we introduce a new repository setting to define following repositories. That is a workaround till we find a better way to express repository federation. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3847): Basic wiki content search using git-grep. The search results include the first ten matched files. Only the first three matches per file are displayed. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3838): support using label names when changing issue labels. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3836): parse prefix parameter from redis URI for queues and use that as prefix to keys. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3830): neutralize delete runners' UUID to prevent collisions with new records. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3811): implement a non-caching version of the [RubyGems compact API](https://guides.rubygems.org/rubygems-org-compact-index-api/) for bundler dependency resolution. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3808): add support for the [reddit](https://github.com/markbates/goth/pull/523) and [Hubspot](https://github.com/markbates/goth/pull/531) OAuth providers. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3791): when parsing [incoming emails](https://forgejo.org/docs/v8.0/user/incoming/), [remove tspecials from type/subtype](https://github.com/jhillyerd/enmime/pull/317). According to the RFC, content type and subtype cannot contain special characters and any such character will fail parsing. Removing the characters from the type/subtype can help successfully parsing the content type that contains some extra garbage. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3752): there are a couple of new configs to define the name of the instance. The more important is `APP_SLOGAN`. It permits to configure a slogan for the site and it is optional. The other is `APP_DISPLAY_NAME_FORMAT` and permits to customize the aspect of the full display name for the instance used in some parts of the UI as: (i) Title page, (ii) Homepage head title (ii) Open Graph site and title meta tags. Its default value is `APP_NAME: APP_SLOGAN`. The config `APP_DISPLAY_NAME_FORMAT` is used only if `APP_SLOGAN` is set otherwise the full display name shows only `APP_NAME` value. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3729): + - feat: [commit](https://codeberg.org/forgejo/forgejo/commit/7028fe0b4d89c045b64ae891d2716e89965bc012): add actions-artifacts to the [storage migrate CLI](https://forgejo.org/docs/v8.0/admin/command-line/#migrate). + - fix: [commit](https://codeberg.org/forgejo/forgejo/commit/8f0f6bf89cdcd12cd4daa761aa259fdba7e32b50): pull request search shows closed pull requests in the open tab. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3724): + - [CERT management was improved](https://codeberg.org/forgejo/forgejo/pulls/3724) when [`ENABLE_ACME=true`](https://forgejo.org/docs/v7.0/admin/config-cheat-sheet/#server-server) + - Draft support for draft-03 of [ACME Renewal Information (ARI)](https://datatracker.ietf.org/doc/draft-ietf-acme-ari/) which assists with deciding when to renew certificates. This augments CertMagic's already-advanced logic using cert lifetime and OCSP/revocation status. + - New [`ZeroSSLIssuer`](https://pkg.go.dev/github.com/caddyserver/certmagic@v0.21.0#ZeroSSLIssuer) uses the [ZeroSSL API](https://zerossl.com/documentation/api/) to get certificates. ZeroSSL also has an ACME endpoint, which can still be accessed using the existing ACMEIssuer, as always. Their proprietary API is paid, but has extra features like IP certificates, better reliability, and support. + - DNS challenges should be smoother in some cases as we've improved propagation checking. + - In the odd case your ACME account disappears from the ACME server, CertMagic will automatically retry with a new account. (This happens in some test/dev environments.) + - ACME accounts are identified only by their public keys, but CertMagic maps accounts by CA+email for practical/storage reasons. So now you can "pin" an account key to use by specifying your email and the account public key in your config, which is useful if you need to absolutely be sure to use a specific account (like if you get rate limit exemptions from a CA). + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3723): + - With the go-enry upgrade to [v2.8.8](https://github.com/go-enry/go-enry/releases/tag/v2.8.8), language detection in the repository [now includes](https://github.com/github-linguist/linguist/releases/tag/v7.29.0): + - New languages + - [Roc](https://github.com/github-linguist/linguist/pull/6633) + - [BitBake](https://github.com/github-linguist/linguist/pull/6665) with `.bbappend`, `.bbclass` and `.inc` extensions + - [Glimmer TS](https://github.com/github-linguist/linguist/pull/6680) + - [Edge](https://github.com/github-linguist/linguist/pull/6695) + - [Pip Requirements](https://github.com/github-linguist/linguist/pull/6739) + - [Mojo](https://github.com/github-linguist/linguist/pull/6400) + - [Slint](https://github.com/github-linguist/linguist/pull/6750) + - [Oberon](https://github.com/github-linguist/linguist/pull/4645) + - New data formats + - [TextGrid](https://github.com/github-linguist/linguist/pull/6719) + - File names and extensions: + - The [rebornix.Ruby extension is deprecated in favor of Shopify.ruby-lsp](https://github.com/github-linguist/linguist/pull/6738) + - [Add .bicepparam to list of Bicep file extensions](https://github.com/github-linguist/linguist/pull/6664) + - [Add cs.pp extension to C#](https://github.com/github-linguist/linguist/pull/6679) + - [Add tmux.conf and .tmux.conf as shell filenames](https://github.com/github-linguist/linguist/pull/6726) + - [Add .env.sample as Dotenv filename](https://github.com/github-linguist/linguist/pull/6732) + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3654): support Code Search for non-default branches and tags when the repository indexer is disabled. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3615): add an immutable tarball link to archive download headers for Nix. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3414): allow to customize the domain name used as a fallback when synchronizing sources from ldap default domain name. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3383): the default config for `database.MAX_OPEN_CONNS` changed from 0 (unlimited) to 100 to avoid problems if it exceeds the limit by the database server. If you require high concurrency, try to increase this value for both Forgejo **and your database server**. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3366): infer the `[email.incoming].PORT` setting from `.USE_TLS`. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3363): reverted the rootless container image path in `GITEA_APP_INI` from `/etc/gitea/app.ini` to its default value of `/var/lib/gitea/custom/conf/app.ini`. This allows container users to not have to mount two separate volumes (one for the configuration data and one for the configuration `.ini` file). A warning is issued for users with the legacy configuration on how to update to the new path. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3334): added support for the [`workflow_dispatch` trigger](https://forgejo.org/docs/v8.0/user/actions/#onworkflow_dispatch) in Forgejo Actions. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3307): support [Proof Key for Code Exchange (PKCE - RFC7636)](https://www.rfc-editor.org/rfc/rfc7636) for external login using the OpenID Connect authentication source. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3139): allow hiding auto generated release archives. +- **Bug fixes** + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4732) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4715)): Show the AGit label on merged pull requests. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4689) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4687)): Fixed: issue state change via the API is not idempotent. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4547) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4546)): The milestone section in the sidebar on the issue and pull request page now uses HTMX. If you update the milestone of a issue or pull request it will no longer reload the whole page and instead update the current page with the new information about the milestone update. This should provide a smoother user experience. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4402) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4382)): Fix mobile UI for organisation creation. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4621) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4618)): Fixes: Forgejo Actions does not trigger an edited event when the title of an issue or pull request is changed. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4529) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4523)): Load attachments for `/issues/comments/{id}`. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4423) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4375)): Fixed: the "View command line instructions" link in pull requests and the "Copy content" button in file editor are not accessible. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4380) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4377)): Use correct SHA in `GetCommitPullRequest` + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4288) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4253)): Fixed: unknown git push options are rejected instead of being ignored. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4240): Fixed: markdown `[*[a]*](b)` [is incorrectly rendered as `

[a]

`](https://github.com/yuin/goldmark/issues/457). + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4222): Fixed: markdown files displayed in the UI that have an unescaped backtick in the image alt [could (accidentally) trigger an inline code](https://github.com/yuin/goldmark/issues/456). + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3562): Fixed: when the git repository is empty, it is not possible to unsubscribe from an issue. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3442): Fixed: it is not possible to remove attachments from an empty comment. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3430): Fixed: the `/api/v1/repos/{owner}/{repo}/wiki` API endpoints is using a hardcoded "master" branch for the wiki, rather than the branch they really use. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3379): Fixed: using the API to search for users, the results are not paged by default an the default paging limits are not respected. +- **Localization** + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4661) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4568)): 24 July updates + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4565) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4451)): 19 July updates + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4445) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4330)): 11 July updates + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4316) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4251)): 4 July updates + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4168): 18 June updates + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4098): 10 June updates + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3992): 2 June updates + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3908): 25 May updates + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3851): 20 May updates + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3759): 14 May updates + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3637): 5 May updates + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3508): 28 April updates + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3359): 22 April updates + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3244): 15 April updates + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3138): 10 April updates + - [PR](https://codeberg.org/forgejo/forgejo/pulls/3064): 5 April updates + - [PR](https://codeberg.org/forgejo/forgejo/pulls/2982): 3 April updates + - [PR](https://codeberg.org/forgejo/forgejo/pulls/2937): 31 March updates + + +## 7.0.11 + +See the [Forgejo 7.0.11 release notes](release-notes-published/7.0.11.md). + +## 7.0.10 + +See the [Forgejo 7.0.10 release notes](release-notes-published/7.0.10.md). + +## 7.0.9 + +See the [Forgejo 7.0.9 release notes](release-notes-published/7.0.9.md). + +## 7.0.8 + +See the [Forgejo 7.0.8 release notes](release-notes-published/7.0.8.md). + +## 7.0.7 + +See the [Forgejo 7.0.7 release notes](release-notes-published/7.0.7.md). + +## 7.0.6 + +This is a bug fix release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/). In addition to the pull requests listed below, you will find a complete list in the [v7.0.6 milestone](https://codeberg.org/forgejo/forgejo/milestone/7252). + +- Two frontend features were removed because a license incompatibility was discovered. [Read more in the companion blog post](https://forgejo.org/2024-07-non-free-dependency-found/). + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4679) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4670)): [Mermaid](https://mermaid.js.org/) rendering: `%%{init: {"flowchart": {"defaultRenderer": "elk"}} }%%` will now fail because [ELK](https://github.com/kieler/elkjs) is no longer included. + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4600) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4595)): Repository citation: Removed the ability to export citations in APA format. +- **User Interface bug fixes** + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4593) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4571)): Replace `vue-bar-graph` with `chart.js` + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4731) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4715)): Show AGit label on merged PR + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4424) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4382)): Fix mobile UI for organisation creation +- **Bug fixes** + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4688) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4687)): fix(api): issue state change is not idempotent + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4647) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4638)): Reserve the `devtest` username + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4620) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4618)): fix(actions): no edited event triggered when a title is changed + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4528) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4523)): Load attachments for `/issues/comments/{id}` + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4526) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/3379)): When searching for users, page the results by default, and respect the default paging limits + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4422) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4375)): the "View command line instructions" link in pull requests and the "Copy content" button in file editor are not accessible + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4379) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4377)): Use correct SHA in `GetCommitPullRequest` +- Localization + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4594) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4451)): Update of translations from Weblate + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4447): Update of translations from Weblate + - [PR](https://codeberg.org/forgejo/forgejo/pulls/4420) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4098)): 3 translation updates from Weblate - [PR 1](https://codeberg.org/forgejo/forgejo/pulls/4098), [PR 2](https://codeberg.org/forgejo/forgejo/pulls/4168), [PR 3](https://codeberg.org/forgejo/forgejo/pulls/4251) + +## 7.0.5 + +This is a security release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/). + +In addition to the following notable bug fixes, you can browse the [full list of pull requests](https://codeberg.org/forgejo/forgejo/pulls?milestone=6654) included in this release. + +* **regreSSHion** + + Recommended action when running Forgejo from a: + * binary - upgrade the OpenSSH server that was installed independently. + * root OCI image - upgrade to [Forgejo 7.0.5](https://codeberg.org/forgejo/-/packages/container/forgejo/7.0.5). + * rootless OCI image - no upgrade is necessary. + + [CVE-2024-6387](https://nvd.nist.gov/vuln/detail/CVE-2024-6387) also known as [regreSSHion](https://www.qualys.com/regresshion-cve-2024-6387/) is an Unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) on glibc-based Linux systems. It is **strongly recommended** that an OpenSSH server installed independently of Forgejo is upgraded as soon as possible. + + All Forgejo OCI root images, including [7.0.5](https://codeberg.org/forgejo/-/packages/container/forgejo/7.0.5) contain an OpenSSH server. They are based on https://alpinelinux.org/ which relies on https://musl.libc.org/ and not https://en.wikipedia.org/wiki/Glibc. As a precaution the [Forgejo v7.0.5 root OCI image](https://codeberg.org/forgejo/-/packages/container/forgejo/7.0.5) contains an [updated OpenSSH server](https://pkgs.alpinelinux.org/packages?name=openssh&branch=v3.19) patched for [CVE-2024-6387](https://nvd.nist.gov/vuln/detail/CVE-2024-6387). + + The Forgejo OCI rootless images, including [7.0.5](https://codeberg.org/forgejo/-/packages/container/forgejo/7.0.5-rootless), do not contain an OpenSSH server, they rely on the internal Forgejo implementation of the SSH protocol. + +* **Security:** + * Compiled with Go v1.22.5. Fixed: [CVE-2024-24791](https://nvd.nist.gov/vuln/detail/CVE-2024-24791) - [GO-2024-2963](https://pkg.go.dev/vuln/GO-2024-2963): Denial of service due to improper 100-continue handling in net/http. The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. + +* **Bug fixes:** + * [backport](https://codeberg.org/forgejo/forgejo/pulls/4059) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4194): Fixed: authentication Source Administration page wrongfully handles the "Custom URLs Instead of Default URLs" checkbox (missing checkbox, irrelevant fields). + * [backport](https://codeberg.org/forgejo/forgejo/pulls/4151) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4149): Fixed: git push to an adopted repository fails. + * [backport](https://codeberg.org/forgejo/forgejo/pulls/4215) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4213) - [commit](https://codeberg.org/forgejo/forgejo/commit/4ed5044dea94872e025f585debf7a16e6bd6bbdb): Fixed: markdown doesn't render math within brackets + * [backport](https://codeberg.org/forgejo/forgejo/pulls/4219) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4145) - [commit](https://codeberg.org/forgejo/forgejo/commit/9aa3ae955ff506d883737e576dd62f674a3ee372): Fixed: selecting the "No Project" filter in the issue/pull request list has no effect + * [backport](https://codeberg.org/forgejo/forgejo/pulls/4248) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4241): Fixed: error 500 when processing crafted TIFF files. + * [backport](https://codeberg.org/forgejo/forgejo/pulls/4261) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4258): Fixed: wrong placeholder text in the form for adding repository collaborator. + +## 7.0.4 + +This is a security release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/). + +In addition to the following notable bug fixes, you can browse the [full list of commits](https://codeberg.org/forgejo/forgejo/compare/v7.0.3...v7.0.4) included in this release. + +* **Security:** + * [PR](https://codeberg.org/forgejo/forgejo/pulls/4054). Fixed: [CVE-2024-24789](https://pkg.go.dev/vuln/GO-2024-2888): the archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3639) - ([fix](https://codeberg.org/forgejo/forgejo/commit/1b088fade6c69e63843d1bdf402454c363b22ce2) & [test](https://codeberg.org/forgejo/forgejo/pulls/4032)). Fixed: the OAuth2 implementation does not always require authentication for public clients, a requirement of [RFC 6749 Section 10.2](https://datatracker.ietf.org/doc/html/rfc6749#section-10.2). A malicious client can impersonate another client and obtain access to protected resources if the impersonated client fails to, or is unable to, keep its client credentials confidential. + +* **Bug fixes:** + * [backport](https://codeberg.org/forgejo/forgejo/pulls/4086) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4085). Fixed: `forgejo migrate-storage --type actions-artifacts` always fails because it picks the wrong path. + * [backport](https://codeberg.org/forgejo/forgejo/pulls/4017) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4015). Fixed: avatar files can be found in storage while they do not exist in the database. + * [backport](https://codeberg.org/forgejo/forgejo/pulls/3997) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3976). Fixed: repository admins are always denied the right to force merge and instance admins are subject to restrictions to merge that must only apply to repository admins. + * [backport](https://codeberg.org/forgejo/forgejo/pulls/3946) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3615). Fixed: non conformance with the [Nix tarball fetcher immutable link protocol](https://github.com/nixos/nix/blob/56763ff918eb308db23080e560ed2ea3e00c80a7/doc/manual/src/protocols/tarball-fetcher.md). + * [backport](https://codeberg.org/forgejo/forgejo/pulls/3936) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3935). Fixed: migrated activities (such as reviews) are mapped to the user who initiated the migration rather than the Ghost user, if the external user cannot be mapped to a local one. This mapping mismatch leads to internal server errors in some cases. + * [backport](https://codeberg.org/forgejo/forgejo/pulls/3906) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3904). Fixed: a v7.0.0 regression causes `[admin].SEND_NOTIFICATION_EMAIL_ON_NEW_USER=true` to always be ignored. + * [backport](https://codeberg.org/forgejo/forgejo/pulls/3888) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3865). Fixed: using a subquery for user deletion is a performance bottleneck when using mariadb 10 because only mariadb 11 takes advantage of the available index. + * [backport](https://codeberg.org/forgejo/forgejo/pulls/3887) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3885). Fixed: a v7.0.3 regression causes the expanding diffs in pull requests to fail with a 404 error. + * [backport](https://codeberg.org/forgejo/forgejo/pulls/3881) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3864). Fixed: SourceHut Builds webhook fail when the `triggers` field is used. + * [backport](https://codeberg.org/forgejo/forgejo/pulls/3877) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3242). Fixed: the label list rendering in the issue and pull request timeline is displayed on multiple lines instead of a single one. + * [backport](https://codeberg.org/forgejo/forgejo/pulls/4084) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4083) - [commit](https://codeberg.org/forgejo/forgejo/commit/c6e04c3c9eddfa6c4bec541f681c8d300b157cdb). Fixed: NuGet Package fails `choco info pkgname` when `pkgname` is also a substring of another package Id. + * [backport](https://codeberg.org/forgejo/forgejo/pulls/4004) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3989) - [commit](https://codeberg.org/forgejo/forgejo/commit/62448bfb931882859388b2fd472cb89428c25323). Fixed: "Git hooks of this repository seem to be broken." warning when pushing more than one branch at a time. + * [backport](https://codeberg.org/forgejo/forgejo/pulls/3942) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3917) - [commit](https://codeberg.org/forgejo/forgejo/commit/7d7ea45465d6cd1ea0ec549a71f67b4a8ff930cf). Fixed: automerge does not happen when the approval count reaches the required threshold. + * [backport](https://codeberg.org/forgejo/forgejo/pulls/3942) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3917) - [commit](https://codeberg.org/forgejo/forgejo/commit/a649610d6175d1994b838f5672261400df9fdb92). Fixed: the `FORCE_PRIVATE=true` setting is not consistently enforced. + * [backport](https://codeberg.org/forgejo/forgejo/pulls/3859) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3838) - [commit](https://codeberg.org/forgejo/forgejo/commit/193ac67176afc72e9d108bc1730c354bfbf9a442). Fixed: CSRF validation errors when OAuth is not enabled. + * [backport](https://codeberg.org/forgejo/forgejo/pulls/4107) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4076). Fixed: headlines in rendered org-mode do not have a margin on the top + +* **Localization:** + * Improvements to English locale: [[1]](https://codeberg.org/forgejo/forgejo/pulls/3914), [[2]](https://codeberg.org/forgejo/forgejo/pulls/4114). + * Translation updates: [[1]](https://codeberg.org/forgejo/forgejo/pulls/3907), [[2]](https://codeberg.org/forgejo/forgejo/pulls/3990), [[3]](https://codeberg.org/forgejo/forgejo/pulls/4099). + +## 7.0.3 + +This is a security release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/). + +In addition to the following notable bug fixes, you can browse the [full list of commits](https://codeberg.org/forgejo/forgejo/compare/v7.0.2...v7.0.3) included in this release. + +* Container image upgrades + + In the Forgejo v7.0.3 container images, the Git version was upgraded to [2.43.4](https://pkgs.alpinelinux.org/packages?name=git&branch=v3.19) which includes fixes for [multiple vulnerabilities](https://github.blog/2024-05-14-securing-git-addressing-5-new-vulnerabilities/). However, the vulnerabilities with a high impact can be exploited when Git is used in an environment (or Operating Systems) which is different from the Forgejo OCI image. + +* **Security:** + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3673). Fixed: [CVE-2024-24788](https://pkg.go.dev/vuln/GO-2024-2824): a malformed DNS message in response to a query can cause the lookup functions to get stuck in an infinite loop. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3802). Fixed: backticks in [mermaid](https://mermaid.js.org/) block diagram labels [are not sanitized properly](https://github.com/mermaid-js/mermaid/commit/c7fe9a646574597adefe3e6fb2b3707112a151aa). + +* **Bug fixes:** + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3588). Fixed: migration of a repository from gogs fails when it is hosted at a subpath. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3591). Fixed: when creating an OAuth2 application the redirect URLs are not enforced to be mandatory. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3659). Fixed: the API incorrectly excludes repositories where code is not enabled. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3677). Fixed: "Allow edits from maintainers" cannot be modified via the pull request web UI. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3687). Fixed: repository activity feeds (including RSS and Atom feeds) contain repeated activities. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3705). Fixed: uploading maven packages with metadata being uploaded separately will fail. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3751). Fixed: the mail notification sent about commits pushed to pull requests are empty. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3753). Fixed: inline emails attachments are not properly handled when commenting on an issue via email. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3760). Fixed: the links to .zip and tar.gz on the tag list web UI fail. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3767). Fixed: expanding code diff while previewing a pull request before it is created fails. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3772). Fixed: the CLI is not able to migrate Forgejo Actions artifacts. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3772). Fixed: when adopting a repository, the default branch is not taken into account. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3772). Fixed: when using reverse proxy authentication, logout will not be taken into account when immediately trying to login afterwards. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3788). Fixed: pushing to the master branch of a sha256 repository fails. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3827). Fixed: a very long project column name will make the action menu inaccessible. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3842). Fixed: a useless error is displayed when the title of a merged pull request is modified. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3846). Fixed: workflow badges are not working for workflows that are not running on push (such as scheduled workflows, and ones that run on tags and pull requests). + +* **Localization:** + * Improvements to English locale: [[1]](https://codeberg.org/forgejo/forgejo/pulls/3825), [[2]](https://codeberg.org/forgejo/forgejo/pulls/3750), [[3]](https://codeberg.org/forgejo/forgejo/pulls/3742), [[4]](https://codeberg.org/forgejo/forgejo/pulls/3674), [[5]](https://codeberg.org/forgejo/forgejo/pulls/3641). + * Translation updates: [[1]](https://codeberg.org/forgejo/forgejo/pulls/3852), [[2]](https://codeberg.org/forgejo/forgejo/pulls/3749), [[3]](https://codeberg.org/forgejo/forgejo/pulls/3740), [[4]](https://codeberg.org/forgejo/forgejo/pulls/3631). + +* Gitea v1.21 compatibility + + This section is for information only and does not require any action. + + The semantic version of the Forgejo 7.0 releases are: + + * `v7.0.0+gitea-1.22.0` + * `v7.0.1+gitea-1.22.0` + * `v7.0.2+gitea-1.22.0` + * `v7.0.3+gitea-1.21.11` + + Gitea v1.22 is [not published yet](https://github.com/go-gitea/gitea/issues/30731) as of 21 May 2024 and in reality all Forgejo v7.0 releases are compatible with Gitea v1.21.11. Advertising they will be compatible with an unpublished Gitea version was incorrect. The Gitea v1.22 release was anticipated to happen shortly after [Forgejo v7.0 was published on 23 April 2024](https://forgejo.org/2024-04-release-v7-0/) because it was already in the late stages of its release candidate lifecycle. However, around 27 April, [the Gitea release candidates were dropped](https://github.com/go-gitea/gitea/issues/30501) and the release candidates restarted from the Gitea development branch. + +## 7.0.2 + +This is a bug fix release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/). + +In addition to the following notable bug fixes, you can browse the [full list of commits](https://codeberg.org/forgejo/forgejo/compare/v7.0.1...v7.0.2) included in this release. + +* **Bug fixes:** + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3562): a v7.0.0 regression where subscribing to or unsubscribing from an issue in a repository with no code produced an internal server error. + * [PR](https://codeberg.org/forgejo/forgejo/issues/3559): a v7.0.0 regression makes all the refs sent in Gitea webhooks to be full refs and might break Woodpecker CI pipelines triggered on tag (`CI_COMMIT_TAG` contained the full ref). This issue [has been fixed](https://github.com/woodpecker-ci/woodpecker/pull/3664) in the `main` branch of Woodpecker CI as well. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3555): the webhook branch filter wrongly applied the match on the full ref for branch creation and deletion (wrongly skipping events). + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3537): toggling the WIP state of a pull request is possible from the sidebar, but not from the footer. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3565): when mentioning a user, the markup post-processor does not handle the case where the mentioned user does not exist: it tries to skip to the next node, which in turn, ended up skipping the rest of the line. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3570): excessive and unnecessary database queries when a user with no repositories is viewing their dashboard. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3580): duplicate status check contexts show in the branch protection settings. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3497): profile info fails to render german singular translation. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3504): inline attachments of [incoming emails](https://forgejo.org/docs/v7.0/user/incoming/) (as they occur for example with Apple Mail) are not attached to comments. + +## 7.0.1 + +This is a bug fix release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/). + +In addition to the following notable bug fixes, you can browse the [full list of commits](https://codeberg.org/forgejo/forgejo/compare/v7.0.0...v7.0.1) included in this release. + +* **Bug fixes:** + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3466): LFS data corruption when running the [`forgejo doctor check --fix`](https://forgejo.org/docs/v7.0/admin/command-line/#doctor-check) CLI command or setting [`[cron.gc_lfs].ENABLED=true`](https://forgejo.org/docs/v7.0/admin/config-cheat-sheet/#cron---garbage-collect-lfs-pointers-in-repositories-crongc_lfs) (the default is `false`). + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3412): [non backward compatible change](https://codeberg.org/forgejo/forgejo/issues/3399) in the [`forgejo admin user create`](https://forgejo.org/docs/v7.0/admin/command-line/#admin-user-create) CLI command. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3448): error 500 because of an incorrect evaluation of the template when visiting the LFS settings of a repository. + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3464): `GET /repos/{owner}/{name}` API endpoint [always returns an empty string for the `object_format_name` field](https://codeberg.org/forgejo/forgejo/issues/3458). + * [PR](https://codeberg.org/forgejo/forgejo/pulls/3444): fuzzy search [may fail with bleve](https://codeberg.org/forgejo/forgejo/issues/3443). + +## 7.0.0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v7.0/forgejo) included in the `Forgejo v7.0.0` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges origin/v1.21/forgejo..origin/v7.0/forgejo +``` + +* **Regressions and workarounds:** + * Running the [`forgejo doctor check --fix`](https://forgejo.org/docs/v7.0/admin/command-line/#doctor-check) CLI command or setting [`[cron.gc_lfs].ENABLED=true`](https://forgejo.org/docs/v7.0/admin/config-cheat-sheet/#cron---garbage-collect-lfs-pointers-in-repositories-crongc_lfs) (the default is `false`) will corrupt the LFS storage. The workaround is to not run the doctor CLI command and disable the `cron.gc_lfs`. This regression will be [fixed in 7.0.1](https://codeberg.org/forgejo/forgejo/issues/3438). + * The [`forgejo admin user create`](https://forgejo.org/docs/v7.0/admin/command-line/#admin-user-create) CLI command [requires a password](https://codeberg.org/forgejo/forgejo/commit/b122c6ef8b9254120432aed373cbe075331132ac) change by default when creating the first user and the `--admin` flag is not specified. The `--must-change-password=false` argument must be given to not require a password change. This regression will be [fixed in 7.0.1](https://codeberg.org/forgejo/forgejo/issues/3399). +* **Breaking changes requiring manual intervention:** + * [Forgejo webhooks](https://codeberg.org/forgejo/forgejo/issues/3055) now always send full refs (starting with `refs/`) instead of sending short refs in some cases. This new behavior may require changes when the receiving end assumes a short ref will be received (for instance some versions of Woodpecker CI when receiving webhook payloads when a tag is set). + * [MySQL 8.0 or PostgreSQL 12](https://codeberg.org/forgejo/forgejo/commit/e94f9fcafdcf284561e7fb33f60156a69c4ad6a5) are the minimum supported versions. The database must be migrated before upgrading. The requirements regarding SQLite did not change. + * The `per_page` parameter is [no longer a synonym for `limit`](https://codeberg.org/forgejo/forgejo/commit/0aab2d38a7d91bc8caff332e452364468ce52d9a) in the [/repos/{owner}/{repo}/releases](https://code.forgejo.org/api/swagger/#/repository/repoListReleases) API endpoint. + * The date format of the `created` and `last_update` fields of the [`/repos/{owner}/{repo}/push_mirrors`](https://code.forgejo.org/api/swagger/#/repository/repoListPushMirrors) and [/repos/{owner}/{repo}/push_mirrors](https://code.forgejo.org/api/swagger/#/repository/repoAddPushMirror) API endpoint changed [to be timestamps instead of numbers](https://codeberg.org/forgejo/forgejo/commit/0ee7cbf725f45650136be45f8e0f74d395f73b5c). + * Labels used [by pprof endpoint](https://forgejo.org/docs/v7.0/admin/config-cheat-sheet/#server-server) have been changed: + * `graceful-lifecycle` to `gracefulLifecycle` + * `process-type` to `processType` + * `process-description` to `processDescription` + This allows for those endpoints to be scraped by services requiring prometheus style labels such as [grafana-agent](https://grafana.com/docs/agent/latest/). + * The repository description [imposes additional restrictions on what it contains](https://codeberg.org/forgejo/forgejo/commit/1075ff74b5050f671c5f9824ae39390230b3c85d) to prevent abuse. You may use [the v7.0 test instance](https://v7.next.forgejo.org/) to check how it will be modified. + * The [Gitea themes were renamed](https://codeberg.org/forgejo/forgejo/commit/023e937141dd891bce3370c869d4db2c60f971ed) and the `[ui].THEMES` setting must be changed as follows: + * `gitea` is replaced by `gitea-light` + * `arc-green` is replaced by `gitea-dark` + * `auto` is replaced by `gitea-auto` +* **Breaking changes in the user interface:** + Note that the modifications related to CSS, templates or assets (images, fonts, etc.) are not documented here. + Although they can be extracted and modified, Forgejo does not provide any guarantee that such changes + will be portable from one version to another (even a patch version). See also + [the developer documentation about interface customization](https://forgejo.org/docs/v7.0/developer/customization/). + * [Update checker setting might change](https://codeberg.org/forgejo/forgejo/pulls/2925). The documentation was listing it as enabled by default, however, for a while it was disabled unless it was explicitly specified in the config or on the installation page. Instances migrated from Gitea also had it disabled due to different default value. Since then Forgejo got a privacy-friendly DNS-based update checking mechanism which is now being enabled by default unless explicitly specified [in the config](https://forgejo.org/docs/v7.0/admin/config-cheat-sheet/#cron---check-for-new-forgejo-versions-cronupdate_checker). + * Language statistics for repositories that use `linguist` attributes in `.gitattributes` *may* show different statistics than previously, because Forgejo recognizes more [linguist attributes](https://forgejo.org/docs/v7.0/user/language-detection/) now. + * It is [no longer possible to replace the default web editor](https://codeberg.org/forgejo/forgejo/pulls/2916) used to write comments or issues and pull requests with the EasyMDE editor. It is however still available as an alternative to edit releases and wiki pages. + * [The list of all repositories and the `New Issue` button are no longer available in the user dashboard](https://codeberg.org/forgejo/forgejo/commit/beb71f5ef6e8074dc744ac995c15f7b5947a3f2e) for issues and pull requests. +* **Migration warning** + * If the logs show a line like the following, [run doctor convert](https://forgejo.org/docs/v7.0/admin/command-line/#doctor-convert) to fix it. + ``` + [W] Current database is using a case-insensitive collation "utf8mb4_general_ci" + ``` + * Large instances may experience slow migrations when the database is upgraded to support SHA-256 git repositories. For instance, here are the logs from a test migration of the https://codeberg.org production database: + ``` + [I] Migration[286]: Add support for SHA256 git repositories + [W] [Slow SQL Query] ALTER TABLE `commit_status` MODIFY COLUMN `context_hash` VARCHAR(64) [] - 3m41.647738396s + [W] [Slow SQL Query] ALTER TABLE `comment` MODIFY COLUMN `commit_sha` VARCHAR(64) [] - 1m5.500234133s + [W] [Slow SQL Query] ALTER TABLE `release` MODIFY COLUMN `sha1` VARCHAR(64) [] - 22.06241145s + ``` +* **Features and enhancements** + * Repository settings have been refactored, lifting out the repository unit-related settings to their own page. ([#2221](https://codeberg.org/forgejo/forgejo/pulls/2221)) + - When additional units can be enabled, an "Add more..." link will be displayed for repository admins. This can be turned off. ([#2533](https://codeberg.org/forgejo/forgejo/pulls/2533)) + * Repository administrators can [allow anyone to edit the wiki](https://forgejo.org/docs/v7.0/user/wiki/#activation-and-permissions) in the repository Settings. ([#2001](https://codeberg.org/forgejo/forgejo/pulls/2001)) + * Instance administrators can enable [repository badges](https://forgejo.org/docs/v7.0/user/readme-badges/) in the [configuration file](https://forgejo.org/docs/v7.0/admin/config-cheat-sheet/#badges-badges). This feature depends on a shield generator service such as shields.io, and is disabled by default. ([#2070](https://codeberg.org/forgejo/forgejo/pulls/2070)) + * Instance administrators can configure the additional clone methods displayed on the repository home view. ([gitea#29320](https://github.com/go-gitea/gitea/pull/29320)) + * Instance administrators can [assign custom flags to repositories](https://codeberg.org/forgejo/forgejo/pulls/2079). This is disabled by default, and currently requires custom templates to do anything useful with the flags. ([#2079](https://codeberg.org/forgejo/forgejo/pulls/2079) & [#2097](https://codeberg.org/forgejo/forgejo/pulls/2097)) + * Fallback for [basic repo search using git-grep](https://forgejo.org/docs/v7.0/user/code-search/) when code indexer is disabled ([gitea#29998](https://github.com/go-gitea/gitea/pull/29998)) + * Repository administrators can disable forking instance-wide by setting the new `[repository].DISABLE_FORKS` setting. ([#2445](https://codeberg.org/forgejo/forgejo/pulls/2445)) + * Render permalinks to files with a line range by an inline preview in all places where markup is allowed ([#2669](https://codeberg.org/forgejo/forgejo/pulls/2669)) + * A user can now optionally set their preferred pronouns ([#1518](https://codeberg.org/forgejo/forgejo/pulls/1518)). + * [Always enable caches](https://codeberg.org/forgejo/forgejo/commit/e7cb8da2a8310ac167b6f613b283caa3316a7154). + * Forgejo now recognizes more [linguist attributes](https://forgejo.org/docs/v7.0/user/language-detection/), making it possible to include documentation in the repository language statistics, for example. ([#2088](https://codeberg.org/forgejo/forgejo/pulls/2088)) + * When displaying the message to open a pull request from a recently pushed branch, the recently pushed branch now links to the appropriate branch. ([#2141](https://codeberg.org/forgejo/forgejo/pulls/2141)) + * Users who signed up, but have not activated their accounts yet, are now able to [change their email before activation](https://codeberg.org/forgejo/forgejo/pulls/1891). ([#1891](https://codeberg.org/forgejo/forgejo/pulls/1891)) + * The "You pushed on branch ...." banner is now displayed for repositories you have a fork of with recently pushed branches too ([#2195](https://codeberg.org/forgejo/forgejo/pulls/2195)), and it will no longer consider branches that share no history with the default branch. ([#2196](https://codeberg.org/forgejo/forgejo/pulls/2196)) + * Forgejo will now highlight signed tags in a similar way it highlights signed commits. ([#2534](https://codeberg.org/forgejo/forgejo/pulls/2534)) + * Forgejo gained support for the more recent GitHub-style alert blocks. ([#2348](https://codeberg.org/forgejo/forgejo/pulls/2348)) + - The older style remains supported too. + * [[ACTIONS] Add vars context to cron jobs](https://codeberg.org/forgejo/forgejo/pulls/3059) + * [[ACTIONS] Allow viewing the latest Action Run on the web](https://codeberg.org/forgejo/forgejo/pulls/1900) + * [[AGIT] Automatically fill in the description](https://codeberg.org/forgejo/forgejo/pulls/2344) + * [[API] Add API to get PR by base/head](https://codeberg.org/forgejo/forgejo/pulls/2481) + * [[API] commentAssignment() to verify the id belongs](https://codeberg.org/forgejo/forgejo/pulls/2126) + * [[API] DELETE /repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments/{comment}](https://codeberg.org/forgejo/forgejo/pulls/2157) + * [[API] endpoint for adding comments to reviews](https://codeberg.org/forgejo/forgejo/pulls/2122) + * [[API] GET /repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments/{comment}](https://codeberg.org/forgejo/forgejo/pulls/2127) + * [[API] support for repository flags](https://codeberg.org/forgejo/forgejo/pulls/2097) + * [[I18N] Clarify description in deletion modal](https://codeberg.org/forgejo/forgejo/pulls/2488) + * [[I18N] Clarify the description of SSH Keys](https://codeberg.org/forgejo/forgejo/pulls/2393) + * [[I18N] Data size unit localization](https://codeberg.org/forgejo/forgejo/pulls/2528) + * [[I18N] Improve branch select list ui in go templates (gitea#29729)](https://codeberg.org/forgejo/forgejo/pulls/2744) + * [[I18N] Improve localization of repo summary](https://codeberg.org/forgejo/forgejo/pulls/2756) + * [[I18N] Improve registration / password reset emails](https://codeberg.org/forgejo/forgejo/pulls/2529) + * [[I18N] Use correct translations for pull request](https://codeberg.org/forgejo/forgejo/pulls/2260) + * [[I18N] Improve translatability of activity heatmap](https://codeberg.org/forgejo/forgejo/pulls/2612) + * [[I18N] Improve English locale for admin settings](https://codeberg.org/forgejo/forgejo/pulls/2583) + * [I18N] Add plural support: [1](https://codeberg.org/forgejo/forgejo/pulls/2614), [2](https://codeberg.org/forgejo/forgejo/pulls/2695), [3](https://codeberg.org/forgejo/forgejo/pulls/2954), [4](https://codeberg.org/forgejo/forgejo/pulls/3031) + * [I18N] General improvements to English locale: [1](https://codeberg.org/forgejo/forgejo/pulls/2307), [2](https://codeberg.org/forgejo/forgejo/pulls/2437), [3](https://codeberg.org/forgejo/forgejo/pulls/2492), [4](https://codeberg.org/forgejo/forgejo/pulls/2610), [5](https://codeberg.org/forgejo/forgejo/pulls/2703), [6](https://codeberg.org/forgejo/forgejo/pulls/2941). + * [[I18N] Allow custom repo size format](https://codeberg.org/forgejo/forgejo/pulls/2974) + * [[PACKAGES] nuget basic manifest download](https://codeberg.org/forgejo/forgejo/pulls/2222) + * [[UI] Add label filters in organization issues dashboard](https://codeberg.org/forgejo/forgejo/pulls/2944) + * [[UI] Allow users to hide all "Add more units..." hints](https://codeberg.org/forgejo/forgejo/pulls/2533) + * [[UI] Display tag name as title for a tag with no release [gitea]](https://codeberg.org/forgejo/forgejo/pulls/2547) + * [[UI] Enable ambiguous character detection in configured contexts](https://codeberg.org/forgejo/forgejo/pulls/2427) + * [[UI] Improve display of 404/500 error pages](https://codeberg.org/forgejo/forgejo/pulls/2466) + * [[UI] Improve look of user profiles](https://codeberg.org/forgejo/forgejo/pulls/2875) + * [[UI] Include a branch link in the recently pushed banner](https://codeberg.org/forgejo/forgejo/pulls/2141) + * [[UI] Offer to remove WIP: prefix in sidebar](https://codeberg.org/forgejo/forgejo/pulls/2660) + * [[UI] Port console colors](https://codeberg.org/forgejo/forgejo/pulls/2419) + * [[UI] pulls "Edit File" button in "Files Changed" tab](https://codeberg.org/forgejo/forgejo/pulls/1992) + * [[UI] Remove add organization on dashboard switcher](https://codeberg.org/forgejo/forgejo/pulls/2895) + * [[UI] Restrict file size of blame operation](https://codeberg.org/forgejo/forgejo/pulls/2395) + * [[UI] Show follow symlink button](https://codeberg.org/forgejo/forgejo/pulls/2530) + * [[UI] split code conversations in diff tab](https://codeberg.org/forgejo/forgejo/pulls/2306) + * [[UI] Update look of repo/org tabs on homepage](https://codeberg.org/forgejo/forgejo/pulls/2593) + * [[UI] Visual separation between types of attachments](https://codeberg.org/forgejo/forgejo/pulls/2899) + * [[UI] [AGIT] Add AGit label to AGit-created PRs](https://codeberg.org/forgejo/forgejo/pulls/2444) + * [[UI] [AGIT] Add link to docs and tooltip to label](https://codeberg.org/forgejo/forgejo/pulls/2499) + * [Implement commit mail selection for other Git operations](https://codeberg.org/forgejo/forgejo/pulls/2383) + * [Improved Linguist compatibility](https://codeberg.org/forgejo/forgejo/pulls/2088) + * [improve nuget nuspec api](https://codeberg.org/forgejo/forgejo/pulls/2996) + * [Log SQL queries when the database return error](https://codeberg.org/forgejo/forgejo/pulls/2140) + * [New doctor check: fix-push-mirrors-without-git-remote](https://codeberg.org/forgejo/forgejo/pulls/1853) + * [New route to view latest run of specific workflows](https://codeberg.org/forgejo/forgejo/pulls/2304) + * [Check for Commit in opengraph](https://codeberg.org/forgejo/forgejo/pulls/2094) + * [Check if commit is already present in target branch](https://codeberg.org/forgejo/forgejo/pulls/2450) + * [Configure if protected branch rule should apply to admins](https://codeberg.org/forgejo/forgejo/pulls/2867) + * [Count downloads for tag archives](https://codeberg.org/forgejo/forgejo/pulls/2976) + * [depguard sha256-simd](https://codeberg.org/forgejo/forgejo/pulls/2234) + * [Don't consider orphan branches as recently pushed](https://codeberg.org/forgejo/forgejo/pulls/2196) + * [extend webfinger to respond to profile page URIs](https://codeberg.org/forgejo/forgejo/pulls/2883) + * [Highlight signed tags like signed commits](https://codeberg.org/forgejo/forgejo/pulls/2534) + * [Allow changing the email address before activation](https://codeberg.org/forgejo/forgejo/pulls/1891) + * [Allow changing the repo Wiki branch to main](https://codeberg.org/forgejo/forgejo/pulls/2264) + * [Allow forking without a repo ID](https://codeberg.org/forgejo/forgejo/pulls/2310) + * [Allow instance-wide disabling of forking](https://codeberg.org/forgejo/forgejo/pulls/2445) + * [Allow non-explicit push options](https://codeberg.org/forgejo/forgejo/pulls/2984) + * [Allow to exclude files in dump](https://codeberg.org/forgejo/forgejo/pulls/2876) + * [add bucket lookup type](https://codeberg.org/forgejo/forgejo/pulls/2482) + * [Add download URL for executable files](https://codeberg.org/forgejo/forgejo/pulls/1839) + * [Add gitignore template for Janet projects](https://codeberg.org/forgejo/forgejo/pulls/2557) + * [add optional storage init to doctor commands](https://codeberg.org/forgejo/forgejo/pulls/3034) + * [Add rel="nofollow" to issue filter links](https://codeberg.org/forgejo/forgejo/pulls/2367) + * [Add support for shields.io-based badges](https://codeberg.org/forgejo/forgejo/pulls/2070) + * [Add Zig gitignore](https://codeberg.org/forgejo/forgejo/pulls/2352) + * [Recognize SSH signed tags too](https://codeberg.org/forgejo/forgejo/pulls/2520) + * [Repository flags](https://codeberg.org/forgejo/forgejo/pulls/2079) + * [support `.forgejo` dir for issue and PR templates](https://codeberg.org/forgejo/forgejo/pulls/2290) + * [Support Include/Exclude Filters for Grep](https://codeberg.org/forgejo/forgejo/pulls/3058) + * [Use 'Text' instead of 'Plaintext'](https://codeberg.org/forgejo/forgejo/pulls/2833) + * [Render code tags in commit messages](https://codeberg.org/forgejo/forgejo/commit/3ccb0c2512cb551943945aaa3f2bd0b1e2abd3b8). + * [Refactor markdown attention render](https://codeberg.org/forgejo/forgejo/commit/ec2201a3da5f18e55bfc0a54114ac935804f4ef8). + * [Add default board to new projects, remove uncategorized pseudo-board](https://codeberg.org/forgejo/forgejo/commit/8ffb9c6fb1571a1221978440f108911057df25db). + * [Add more stats tables](https://codeberg.org/forgejo/forgejo/commit/926367fe1d778fe7c9f5bc6b8e8c514b619ef038). + * [Improve branch select list ui in go templates](https://codeberg.org/forgejo/forgejo/commit/729849a2fd026adbb91e3ff3259290f61bd919f0). + * [Update allowed attachment types](https://codeberg.org/forgejo/forgejo/commit/04b79bb48b490644c46e58da46af4b62a40e5e03). + * [Completely style the webkit autofill](https://codeberg.org/forgejo/forgejo/commit/9916f3ed64a715fb9a31a0fcad6452276e275615). + * [Set user's 24h preference from their current OS locale](https://codeberg.org/forgejo/forgejo/commit/427ab550a6a35e7369bc1b33a188bb3030c32ec0). + * [Make wiki default branch name changeable](https://codeberg.org/forgejo/forgejo/commit/7ea8993a0e342e7a30cb2da03216697b4819935a). + * [Make admin pages wider because of left sidebar added and some tables become too narrow](https://codeberg.org/forgejo/forgejo/commit/145bebc829c03cbb078e518d7364d27bcf60d96c). + * [Make PR form use toast to show error message](https://codeberg.org/forgejo/forgejo/commit/221a28436a080447f429fa2089d264e56f4980e2). + * [Rename Action.GetDisplayName to GetActDisplayName](https://codeberg.org/forgejo/forgejo/commit/be9189eddc84e942710b16b1c8c54c10aad01b63). + * [Unify search boxes](https://codeberg.org/forgejo/forgejo/commit/847f03b6a65ee251bf764f54f6114737346a43b6). + * [Detect broken git hooks](https://codeberg.org/forgejo/forgejo/commit/963df8290784d82385f7e8ad9f5c9abfd2fa2860). + * [Filter for default-branch selection](https://codeberg.org/forgejo/forgejo/commit/1090734255d70deb9886de2c1a8bb971096223ee). + * [Include resource state events in Gitlab downloads](https://codeberg.org/forgejo/forgejo/commit/bc7a247b9ea68643e3c59d4b4376dea097ffcc68). + * [Properly migrate target branch change GitLab comment](https://codeberg.org/forgejo/forgejo/commit/f0acc71ba13713f07602294b4a33028125343d47). + * [Recolor dark theme to blue shade](https://codeberg.org/forgejo/forgejo/commit/ff581d5a2415f7a3321fa6ba656ae0e972674d6c). + * [Unify organizations header](https://codeberg.org/forgejo/forgejo/commit/4b494d341f3142c066bc5b2b3cfd50f924d64fd3). + * [Auto-update the system status in admin dashboard](https://codeberg.org/forgejo/forgejo/commit/4f050f358a15dd51903e01b330a5419b2ac06693). + * [Show more settings for empty repositories](https://codeberg.org/forgejo/forgejo/commit/b03af9efb275f935bb265c7f031225caaafefaff). + * [Downscale pasted PNG images based on metadata](https://codeberg.org/forgejo/forgejo/commit/b3f2447bc4b6a7220da748cc6eb24bd5568bee7c). + * [Show `View at this point in history` for every commit](https://codeberg.org/forgejo/forgejo/commit/27bc2b9d9597de89d2c6b68581c6729bb16a4572). + * [Drop "@" from email sender to avoid spam filters](https://codeberg.org/forgejo/forgejo/commit/9a1d5c549cb6d32219647ea1a771b8a82d5ac89f). + * [Allow non-admin users to delete review requests](https://codeberg.org/forgejo/forgejo/commit/77c56e29ded5665bdc09d0a568159aa7127b44b1). + * [Some performance optimization on dashboard and issues page](https://codeberg.org/forgejo/forgejo/commit/d996c5d5179c99855e69156a034eca055e9329a4). + * [Improve user search display name](https://codeberg.org/forgejo/forgejo/commit/c3e462921ee31536e59b37e654ed20e92a37ffe6). + * [Fix UI Spacing Errors in mirror settings](https://codeberg.org/forgejo/forgejo/commit/64faecefe10613840709a68c1b8b708115d69d6e). + * [Include username in email headers](https://codeberg.org/forgejo/forgejo/commit/360b3fd17c3315ad9ad9c4e6ac02eda73f48d8ae). + * [Also match weakly validated ETags](https://codeberg.org/forgejo/forgejo/commit/28fe3db1fb0f89bcb55829ced33c1282f85f6e97). + * [Propagate install_if and provider_priority to APKINDEX](https://codeberg.org/forgejo/forgejo/commit/2da233ad8be107de29190720f1c30199410fe0cd). + * [Fix display latest sync time for pull mirrors on the repo page](https://codeberg.org/forgejo/forgejo/commit/4674aea25b54baf08594c54f061dee9e44190f02). + * [Remove trust model selection from repository creation on web page because it can be changed in settings later](https://codeberg.org/forgejo/forgejo/commit/c08d263a1900aa5ee92f56af8ad1c7a2697d02e1). + * [Add ability to see open and closed issues at the same time](https://codeberg.org/forgejo/forgejo/commit/2c3da59e275b69ebf984bb70954f42a7bcb0b49d). + * [Move sign in labels to be above inputs](https://codeberg.org/forgejo/forgejo/commit/4af0944b2604dd2b2e413864492135faea097298). + * [Move the captcha script loader to the template which really needs it](https://codeberg.org/forgejo/forgejo/commit/a04f8c0f81f55a8b927ce0fad8127db39396f892). + * [Display latest sync time for pull mirrors on the repo page](https://codeberg.org/forgejo/forgejo/commit/2d343f8987025015f5b61e328cc9e45082e6d3f2). + * [Show in Web UI if file is vendored and generated](https://codeberg.org/forgejo/forgejo/commit/7ed18566e10b298309dcc99d97447cb1932ae09a). + * [Add orphaned topic consistency check](https://codeberg.org/forgejo/forgejo/commit/e02095c5b6e04f70ae6562f5aee169f7ee93cf7a). + * [Convert to url auth to header auth in tests](https://codeberg.org/forgejo/forgejo/commit/838db2f8911690fa2115c6827ed73687db71bef1). + * [Add option to set language in admin user view](https://codeberg.org/forgejo/forgejo/commit/318634ef74dc0a9c285991692e72d3df90b8583c). + * [Fix incorrect run order of action jobs](https://codeberg.org/forgejo/forgejo/commit/f4561c44b1cad700bf41537eb4db487fff34f6c9). + * [Add missing exclusive in advanced label options](https://codeberg.org/forgejo/forgejo/commit/77506c6f6cbfa5c15d8373743415f47b2adb404d). + * [Add combined index for issue_user.uid and issue_id](https://codeberg.org/forgejo/forgejo/commit/e08f1a9cbd582c73918e401eeba36261627f44a7). + * [Add edit option for README.md](https://codeberg.org/forgejo/forgejo/commit/08552f0076204b99258f9135c77a962c302521dc). + * [Fix link to `Code` tab on wiki commits](https://codeberg.org/forgejo/forgejo/commit/709a376c518d0cfde10bb911b32fd0ea82c67b52). + * [Remove autofocus in search box](https://codeberg.org/forgejo/forgejo/commit/eae555ff2395cc1ad178f3a977d83742ae73e1d9). + * [Allow to set explore page default sort](https://codeberg.org/forgejo/forgejo/commit/16ba16dbe951763cfc026b7351e26009d1a25fdc). + * [Improve PR diff view on mobile](https://codeberg.org/forgejo/forgejo/commit/49dddd87b19aebe83e1c54a455e62529a19f61b4). + * [Properly migrate automatic merge GitLab comments](https://codeberg.org/forgejo/forgejo/commit/542badbb76408c17ce6692e99fff680bee69face). + * [Display issue task list on project cards](https://codeberg.org/forgejo/forgejo/commit/4776fde9e1caa7cee5671715144a668e19a0323c). + * [Add Index to pull_auto_merge.doer_id](https://codeberg.org/forgejo/forgejo/commit/c8602a8dfa05f653e7de8ed2e677c8967b8688f5). + * [Fix display member unit in the menu bar if there are no hidden members in public org](https://codeberg.org/forgejo/forgejo/commit/0e021cd33ee3eb3d8f204bd075e2597b7ec8b391). + * [List all Debian package versions in `Packages`](https://codeberg.org/forgejo/forgejo/commit/b36e2ca4195298d2e4516e3022b953543f62f470). + * [Allow pull requests Manually Merged option to be used by non-admins](https://codeberg.org/forgejo/forgejo/commit/1756e30e102d079f8425aa2061ef80fd36c2e57d). + * [Only show diff file tree when more than one file changed](https://codeberg.org/forgejo/forgejo/commit/572f0963edc71239634ee782a3c69213479f34ba). + * [Show placeholder email in privacy popup](https://codeberg.org/forgejo/forgejo/commit/31f8880bc252a25075f8752e2722b316c6e46ec7). + * [Revamp repo header](https://codeberg.org/forgejo/forgejo/commit/7d62615513b8985360de497e9a051b51ca0faaf2). + * [Add link to members and repositories at teams page](https://codeberg.org/forgejo/forgejo/commit/4f4ddcf3c593b474846d40e47b4351d3deb39202). + * [Add link for repositories README file](https://codeberg.org/forgejo/forgejo/commit/7210f23fa0f11da093b307029d7ab91ed40807fb). + * [Add `must-change-password` cli parameter](https://codeberg.org/forgejo/forgejo/commit/9bea276055edc9527e3d6d66df3bbf0d20326f8b). + * [Unify password changing and invalidate auth tokens](https://codeberg.org/forgejo/forgejo/commit/688d4a1f719d2df4d2626453f4bc042c1874a375). + * [Add slow SQL query warning](https://codeberg.org/forgejo/forgejo/commit/664192767c41b9d0759bcc3915c7bd6ccecc52ae). + * [Pre-register OAuth application for tea](https://codeberg.org/forgejo/forgejo/commit/a825cc0f3423f0a5c8157c436a0c7b489ef536c1). + * [Differentiate between `push` and `pull` `mirror sync in progress`](https://codeberg.org/forgejo/forgejo/commit/e709bc199fe33456c4ecd1cd28029bd31b529832). + * [Cargo package - Fix missing domain in cargo sparse url](https://codeberg.org/forgejo/forgejo/commit/a112cf34d391cc04770021f9ffaa29e383cb9d51). + * [Link to file from its history](https://codeberg.org/forgejo/forgejo/commit/33de64cb21505259338e393ef0d15ccb0f757475). + * [Add a shortcut to user's profile page to admin user details](https://codeberg.org/forgejo/forgejo/commit/e96e440b8bde5516ffc7bba42691e26084a96588). + * [Doctor: delete action entries without existing user](https://codeberg.org/forgejo/forgejo/commit/15fa0383fb5dd9ad1702dbc34ba7100c0cdbcc8c). + * [Add anchor to review types](https://codeberg.org/forgejo/forgejo/commit/89c9a498fdd6184df8afda8b5b488462e65b9e71). + * [Show total TrackedTime on issue/pull/milestone lists](https://codeberg.org/forgejo/forgejo/commit/adbc995c347e158a56264f2488997d7d59a4dd8b). + * [Improve commit record's ui in comment list](https://codeberg.org/forgejo/forgejo/commit/ed1798f66d30e3755f01e24f8cb4aa5e8b6628a0). + * [Don't show new pr button when page is not compare pull](https://codeberg.org/forgejo/forgejo/commit/b693611b35c5ae17cfc820bc3e731608a5251464). + * [Add `Hide/Show all checks` button to commit status check](https://codeberg.org/forgejo/forgejo/commit/dcb648ee71853073d54e8a6e107b764212ede58e). + * [Improvements of releases list and tags list](https://codeberg.org/forgejo/forgejo/commit/3fcad582c9b9bfe66f4a346652f82b1aaf18430d). + * [Support pasting URLs over markdown text](https://codeberg.org/forgejo/forgejo/commit/45112876766cb81ed7edd2b72a3ab93e6deab8bb). + * [Customizable "Open with" applications for repository clone](https://codeberg.org/forgejo/forgejo/commit/44221a3cd747a01d55093b15a12bf053b534da35). + * [Allow options to disable user deletion from the interface on app.ini](https://codeberg.org/forgejo/forgejo/commit/767e9634d3d02acab27f05e1783391c9c7f6292e). + * [Extend issue template yaml engine](https://codeberg.org/forgejo/forgejo/commit/ff8f7a7a0d1d0f57113a6ad8b499f7c1094288f5). + * [Filter Repositories by type](https://codeberg.org/forgejo/forgejo/commit/83e04328dfff3b09e5d28dd972ebee0865f96b0e). + * [Implement code frequency graph](https://codeberg.org/forgejo/forgejo/commit/f097799953c5f510b7e3314f1e3e115761f207d0). + * [Implement recent commits graph](https://codeberg.org/forgejo/forgejo/commit/428008ac19185125b7cb1e3d379254d7b1932529). + * [Show commit status for releases](https://codeberg.org/forgejo/forgejo/commit/369fe5696697cef33a188d9b985ac4b9824a4bdf). + * [Actions Artifacts v4 backend](https://codeberg.org/forgejo/forgejo/commit/66632c4958041abdffe6adafc278d34ef515c44f). + * [Add merge style `fast-forward-only`](https://codeberg.org/forgejo/forgejo/commit/83123b493f3ae25d07d81c86b1a78afe1c17db53). + * [Retarget depending pulls when the parent branch is deleted](https://codeberg.org/forgejo/forgejo/commit/49eb16867728913d1eb2ced96e0b0b0a358f6ebe). + * [Add global setting how timestamps should be rendered](https://codeberg.org/forgejo/forgejo/commit/cdc33b29a012e61b42f192d79f9486fa8e21b2ed). + * [Add skip ci functionality](https://codeberg.org/forgejo/forgejo/commit/816e46ee7ce4b2649479554a940ecbe1cc505a3d) + * [Show latest commit for file](https://codeberg.org/forgejo/forgejo/commit/885cc32b14584ee2d01009768895b7a776441504). + * [Allow to sync tags from admin dashboard](https://codeberg.org/forgejo/forgejo/commit/4567a3a1ad0490d9077102e0e7b5de35790e5803). + * [Add Profile Readme for Organisations](https://codeberg.org/forgejo/forgejo/commit/603573366a203efae06f818a0b220be964cdac21). + * [Implement contributors graph](https://codeberg.org/forgejo/forgejo/commit/e9be8b25ae57189c4b29eaa393a397cf634d21d7). + * [Artifact deletion in actions ui](https://codeberg.org/forgejo/forgejo/commit/c551d3f3ab13379b0740fc45bc4dfc8f2fb84e16). + * [Add API routes to get runner registration token](https://codeberg.org/forgejo/forgejo/commit/baf0d402d9cb47849394202fcfc7c2e23b0faac3). + * [Add support for forking single branch](https://codeberg.org/forgejo/forgejo/commit/5e02e3b7ee8294e2ec94968ece9af56bf1aa1534). + * [Add support for sha256 repositories](https://codeberg.org/forgejo/forgejo/commit/d68a613ba8fd860863a3465b5b5945b191b87b25). + * [Add admin API route for managing user's badges](https://codeberg.org/forgejo/forgejo/commit/82b7de1360870db7a8b368a3f80ede887e32e128). +* **Bug fixes:** + * The repository home view will no longer redirect to external units. ([#2064](https://codeberg.org/forgejo/forgejo/pulls/2064)) + * User and Organization `.profile` repositories now search for a `README.md` file case insensitively. ([#2090](https://codeberg.org/forgejo/forgejo/pulls/2090)) + * When viewing a file, the RSS feed link is only displayed when there is an RSS feed provided for the context: when viewing a file on a branch. ([#2103](https://codeberg.org/forgejo/forgejo/pulls/2103)) + * Repository topic searches are now correctly paged, which should make topic management on larger instances orders of magnitudes faster. ([#2060](https://codeberg.org/forgejo/forgejo/pulls/2060)) + * Mentioning a user in a comment or similar place ignores apostrophes now. ([#2485](https://codeberg.org/forgejo/forgejo/pulls/2485)) + * Setting the `[repository].DISABLE_STARS` setting to `true` disables the functionality completely, rather than just hiding it from the user interface. + * Forking a repository is now available at a predictable URL, and does not require knowing the repository id. ([#2310](https://codeberg.org/forgejo/forgejo/pulls/2310)) + * Issue and pull request templates can now be placed in a `.forgejo` directory, like workflows. ([#2290](https://codeberg.org/forgejo/forgejo/pulls/2290)) + * [[A11Y] Fix accessibility and translatability of repo explore counters](https://codeberg.org/forgejo/forgejo/pulls/2862) + * [[A11Y] Focus styling and fix Watch/Unwatch buttons](https://codeberg.org/forgejo/forgejo/pulls/2379) + * [[A11Y] Label Stars/Forks links in repo explore](https://codeberg.org/forgejo/forgejo/pulls/2634) + * [[A11Y] Taborder in repo explore](https://codeberg.org/forgejo/forgejo/pulls/2636) + * [[ACTIONS] add proper payload to scheduled events](https://codeberg.org/forgejo/forgejo/pulls/2015) + * [[ACTIONS] Do not update PRs based on events that happened before they existed](https://codeberg.org/forgejo/forgejo/pulls/2932) + * [[ACTIONS] GetScheduledMergeByPullID may involve a system user](https://codeberg.org/forgejo/forgejo/pulls/1908) + * [[ACTIONS] Link to Workflow in View](https://codeberg.org/forgejo/forgejo/pulls/1866) + * [[ACTIONS] the ref of a scheduled action is always the default branch](https://codeberg.org/forgejo/forgejo/pulls/1941) + * [[API] Adjust name of operation](https://codeberg.org/forgejo/forgejo/pulls/2189) + * [[API] `/api/v1/{owner}/{repo}/issue_templates`](https://codeberg.org/forgejo/forgejo/pulls/2292) + * [[API] Document correct status code for creating a tag](https://codeberg.org/forgejo/forgejo/pulls/2201) + * [[API] /api/forgejo/v1/version auth check](https://codeberg.org/forgejo/forgejo/pulls/2582) + * [[API] inconsistencies](https://codeberg.org/forgejo/forgejo/pulls/2182) + * [[API] /issues/search endpoint](https://codeberg.org/forgejo/forgejo/pulls/2020) + * [[API] Make HTTPS schema default for Swagger](https://codeberg.org/forgejo/forgejo/pulls/1896) + * [[I18N] Add missing translation for more_items](https://codeberg.org/forgejo/forgejo/pulls/2828) + * [[I18N] Eliminate wrapping quotes in English locale](https://codeberg.org/forgejo/forgejo/pulls/2467) + * [[I18N] English fixes and improvements](https://codeberg.org/forgejo/forgejo/pulls/2631) + * [[I18N] Fix milestone sorting translation keys](https://codeberg.org/forgejo/forgejo/pulls/2644) + * [[I18N] Use correct translation on closed milestones](https://codeberg.org/forgejo/forgejo/pulls/2957) + * [[I18N] Use new translation key](https://codeberg.org/forgejo/forgejo/pulls/2760) + * [[PACKAGES] Delete redundant snap packaging recipe](https://codeberg.org/forgejo/forgejo/pulls/2693) + * [[PACKAGES] Fix Alpine Registry packages with noarch not being found](https://codeberg.org/forgejo/forgejo/pulls/2285) + * [[PACKAGES] Generate install if condition for Alpine](https://codeberg.org/forgejo/forgejo/pulls/2176) + * [[PACKAGES] Packagist webhook: support all events](https://codeberg.org/forgejo/forgejo/pulls/2646) + * [[PACKAGES] Fix for PyPi Registry PEP 503 Compliance](https://codeberg.org/forgejo/forgejo/pulls/3197) + * [[UI] Adjust the signed tag verification line](https://codeberg.org/forgejo/forgejo/pulls/2966) + * [[UI] Better color for labels/counters](https://codeberg.org/forgejo/forgejo/pulls/2935) + * [[UI] Better number for UserCards pagination](https://codeberg.org/forgejo/forgejo/pulls/2584) + * [[UI] Center icon and callout text](https://codeberg.org/forgejo/forgejo/pulls/3010) + * [[UI] Consistent styling for Sort filter](https://codeberg.org/forgejo/forgejo/pulls/2920) + * [[UI] Disable the RSS feed in file view for non-branches](https://codeberg.org/forgejo/forgejo/pulls/2103) + * [[UI] Disable 'View at this point in history' for wikis](https://codeberg.org/forgejo/forgejo/pulls/2999) + * [[UI] Display error message if doer is unable to fork](https://codeberg.org/forgejo/forgejo/pulls/2649) + * [[UI] Don't use `
` in alert block](https://codeberg.org/forgejo/forgejo/pulls/2741) + * [[UI] Fix admin layout](https://codeberg.org/forgejo/forgejo/pulls/3087) + * [[UI] Fix crash in issue forms](https://codeberg.org/forgejo/forgejo/pulls/3012) + * [[UI] Fix Ctrl+Enter on submitting review comment](https://codeberg.org/forgejo/forgejo/pulls/2370) + * [[UI] Fix diff patch operation in web UI](https://codeberg.org/forgejo/forgejo/pulls/2449) + * [[UI] Fixes for project selector in sidebar](https://codeberg.org/forgejo/forgejo/pulls/2608) + * [[UI] Fix must-change-password help dialog](https://codeberg.org/forgejo/forgejo/pulls/2676) + * [[UI] Fix relative links on orgmode](https://codeberg.org/forgejo/forgejo/pulls/2385) + * [[UI] Fix selector inner radius](https://codeberg.org/forgejo/forgejo/pulls/2860) + * [[UI] Fix tone of callout boxes for Forgejo dark](https://codeberg.org/forgejo/forgejo/pulls/3085) + * [[UI] Fix tooltip for 1000+ stars/forks](https://codeberg.org/forgejo/forgejo/pulls/3147) + * [[UI] include hostname in admin panel URL in new user emails](https://codeberg.org/forgejo/forgejo/pulls/1940) + * [[UI] Increase contrast of code block](https://codeberg.org/forgejo/forgejo/pulls/2874) + * [[UI] Limit amount of javascript errors being shown](https://codeberg.org/forgejo/forgejo/pulls/2175) + * [[UI] Make settings tab not active when on repository "Add units" tab](https://codeberg.org/forgejo/forgejo/pulls/2524) + * [[UI] Make write and preview tabs interactive](https://codeberg.org/forgejo/forgejo/pulls/2681) + * [[UI] New issue button position consistency](https://codeberg.org/forgejo/forgejo/pulls/2845) + * [[UI] Fix orgmode link resolver for text descriptions](https://codeberg.org/forgejo/forgejo/pulls/2276) + * [[UI] Preview: set font-size on preview content](https://codeberg.org/forgejo/forgejo/pulls/2349) + * [[UI] Fix primary button background inconsistency](https://codeberg.org/forgejo/forgejo/pulls/3002) + * [[UI] Fix regression of issue edit not working](https://codeberg.org/forgejo/forgejo/pulls/3043) + * [[UI] Fix relative links rendering](https://codeberg.org/forgejo/forgejo/pulls/2166) + * [[UI] Remember topic only in repo search](https://codeberg.org/forgejo/forgejo/pulls/2575) + * [[UI] Remove min-height from wiki elements](https://codeberg.org/forgejo/forgejo/pulls/2080) + * [[UI] Render emojis in labels in issue info popup](https://codeberg.org/forgejo/forgejo/pulls/2888) + * [[UI] Render correct label link](https://codeberg.org/forgejo/forgejo/pulls/3187) + * [[UI] Render inline file permalinks](https://codeberg.org/forgejo/forgejo/pulls/2669) + * [[UI] Fix repo badges when the label or text contains dashes](https://codeberg.org/forgejo/forgejo/pulls/2711) + * [[UI] Fix repo unarchivation button](https://codeberg.org/forgejo/forgejo/pulls/2550) + * [[UI] Restrict when to make link absolute in markdown](https://codeberg.org/forgejo/forgejo/pulls/2403) + * [[UI] Revert darker tone on labels](https://codeberg.org/forgejo/forgejo/pulls/2881) + * [[UI] Simplify converting struct to map in admin stats](https://codeberg.org/forgejo/forgejo/pulls/2442) + * [[UI] Fix the Fork button in repo headers](https://codeberg.org/forgejo/forgejo/pulls/2495) + * [[UI] Use correct logout URL](https://codeberg.org/forgejo/forgejo/pulls/2475) + * [[UI] Use separate keys for tabs on login screen](https://codeberg.org/forgejo/forgejo/pulls/2630) + * [[UI] "view file" button in diff compare view](https://codeberg.org/forgejo/forgejo/pulls/3046) + * [add Cache-Control header for health-check](https://codeberg.org/forgejo/forgejo/pulls/3060) + * [add max idle time setting for db connections](https://codeberg.org/forgejo/forgejo/pulls/2418) + * [Allow `'s` in mentions](https://codeberg.org/forgejo/forgejo/pulls/2485) + * [Avoid `WHERE IN` for comment migration query](https://codeberg.org/forgejo/forgejo/pulls/1961) + * [Cleanup characters forbidden on Windows from test fixture filenames](https://codeberg.org/forgejo/forgejo/pulls/2178) + * [Correct changed files for CODEOWNERS](https://codeberg.org/forgejo/forgejo/pulls/2507) + * [Correct default licenses to work as desired](https://codeberg.org/forgejo/forgejo/pulls/1888) + * [Detect protected branch on branch rename](https://codeberg.org/forgejo/forgejo/pulls/2811) + * [Disabling Stars should disable the routes too](https://codeberg.org/forgejo/forgejo/pulls/2471) + * [doctor: Don't say All done when no checks were run](https://codeberg.org/forgejo/forgejo/pulls/1907) + * [Do not allow deletion of internal references](https://codeberg.org/forgejo/forgejo/pulls/2834) + * [Don't color dot literal color names](https://codeberg.org/forgejo/forgejo/pulls/2905) + * [Don't delete inactive emails explicitly](https://codeberg.org/forgejo/forgejo/pulls/2880) + * [Don't overwrite protected branch accidentally](https://codeberg.org/forgejo/forgejo/pulls/2473) + * [Don't redirect the repo to external units](https://codeberg.org/forgejo/forgejo/pulls/2064) + * [Don't remove builtin OAuth2 applications](https://codeberg.org/forgejo/forgejo/pulls/3067) + * [Ensure `HasIssueContentHistory` takes into account `comment_id`](https://codeberg.org/forgejo/forgejo/pulls/2518) + * [Find README.md for user profiles case insensitively](https://codeberg.org/forgejo/forgejo/pulls/2090) + * [Fix header name in swagger response](https://codeberg.org/forgejo/forgejo/pulls/2526) + * [Fix pull request reopen conditions](https://codeberg.org/forgejo/forgejo/pulls/2373) + * [Fix unblock action](https://codeberg.org/forgejo/forgejo/pulls/3086) + * [Fix VSCode settings](https://codeberg.org/forgejo/forgejo/pulls/1881) + * [Gracefully handle missing branches on a repos branches page](https://codeberg.org/forgejo/forgejo/pulls/2139) + * [Initialize Git for hook regeneration](https://codeberg.org/forgejo/forgejo/pulls/2416) + * [Internal Server Error when resolving comments](https://codeberg.org/forgejo/forgejo/pulls/2282) + * [Load `AllUnitsEnabled` when necessary](https://codeberg.org/forgejo/forgejo/pulls/2420) + * [Makefile: check git diff exitCode](https://codeberg.org/forgejo/forgejo/pulls/2651) + * [Make pprof labels conformant with prometheus spec](https://codeberg.org/forgejo/forgejo/pulls/2933) + * [Make reference URL absolute](https://codeberg.org/forgejo/forgejo/pulls/2100) + * [misleading comparisons when comparing branches](https://codeberg.org/forgejo/forgejo/pulls/2194) + * [Block issue creation when blocked by repo owner](https://codeberg.org/forgejo/forgejo/pulls/2052) + * [NPE in `ToPullReviewList`](https://codeberg.org/forgejo/forgejo/pulls/2057) + * [NPE in `UsernameSubRoute`](https://codeberg.org/forgejo/forgejo/pulls/1981) + * [Only pass selected repository IDs to pagination](https://codeberg.org/forgejo/forgejo/pulls/1848) + * [panic in `canSoftDeleteContentHistory`](https://codeberg.org/forgejo/forgejo/pulls/2134) + * [prevent removing session cookie when redirect_uri query contains ://](https://codeberg.org/forgejo/forgejo/pulls/2590) + * [pull_request_template branch link](https://codeberg.org/forgejo/forgejo/pulls/2232) + * [Rate limit pre-activation email change separately](https://codeberg.org/forgejo/forgejo/pulls/2043) + * [Refactor LFS GC functions](https://codeberg.org/forgejo/forgejo/pulls/3056) + * [Reflect Cargo index state in settings](https://codeberg.org/forgejo/forgejo/pulls/2698) + * [Remember topic only in repo search](https://codeberg.org/forgejo/forgejo/pulls/2489) + * [Require Latex code to have a end sequence](https://codeberg.org/forgejo/forgejo/pulls/1822) + * [Respond with JSON Resource Descriptor Content-Type per RFC7033](https://codeberg.org/forgejo/forgejo/pulls/2882) + * [Fix session generation for database](https://codeberg.org/forgejo/forgejo/pulls/2045) + * [Sort file list case insensitively](https://codeberg.org/forgejo/forgejo/pulls/2522) + * [Fix the topic search paging](https://codeberg.org/forgejo/forgejo/pulls/2060) + * [Typo fix & clarify RegistrationToken](https://codeberg.org/forgejo/forgejo/pulls/2191) + * [Update checker setting updates](https://codeberg.org/forgejo/forgejo/pulls/2925) + * [Use correct format for attr-check error log](https://codeberg.org/forgejo/forgejo/pulls/2866) + * [Use correct head commit for CODEOWNER](https://codeberg.org/forgejo/forgejo/pulls/2658) + * [Use correct template for commitmail error](https://codeberg.org/forgejo/forgejo/pulls/2973) + * [Workaround borked Git version](https://codeberg.org/forgejo/forgejo/pulls/2335) + * [Remove scheduled action tasks if the repo is archived](https://codeberg.org/forgejo/forgejo/commit/87870ade49eb76ff57a8593ba35df10e0d617aa5). + * [Relax generic package filename restrictions](https://codeberg.org/forgejo/forgejo/commit/ea4755be6dfc8fc1f3c794eeaa2e2322b97d192e). + * [Prevent re-review and dismiss review actions on closed and merged PRs](https://codeberg.org/forgejo/forgejo/commit/23676bfea7ccbbe166a554115ea1f5f02800e379). + * [Add a warning for disallowed email domains](https://codeberg.org/forgejo/forgejo/commit/2559c80bec27a41967b355d214253a83b9ee5dad). + * [Skip email domain check when admins edit user emails](https://codeberg.org/forgejo/forgejo/commit/e7afba21ce2b02eb4230ba03752bd8b937f3e6ef). + * [Skip email domain check when admin users adds user manually](https://codeberg.org/forgejo/forgejo/commit/b6057a34db38e563473db00543a1e39fd743ca34). + * [Add support for API blob upload of release attachments](https://codeberg.org/forgejo/forgejo/commit/47a913d40d3417858f2ee51a7dbed64ca84eff60). + * [Allow options to disable user gpg keys configuration from the interface on app.ini](https://codeberg.org/forgejo/forgejo/commit/ee6ff937c0782b9cdc7ae1bc62b7eda83982d40f). + * [Allow options to disable user ssh keys configuration from the interface on app.ini](https://codeberg.org/forgejo/forgejo/commit/bb09ad2b63570c80418b4b9a10f7dbbb349448ab). + * [Fix content size does not match error when uploading lfs file](https://codeberg.org/forgejo/forgejo/commit/fb137d1e49c0436f1db093e2dc0a2350d63e1e29). + * [Add API to get merged PR of a commit](https://codeberg.org/forgejo/forgejo/commit/1608ef0ce9ce2ea1c87aef715d111cf441637d01). + * [Add API to get PR by base/head](https://codeberg.org/forgejo/forgejo/commit/feb189554e758ed27d1e309e5ec309d663e8f338). + * [Add attachment support for code review comments](https://codeberg.org/forgejo/forgejo/commit/f95fb8cc44d790e0ae71d3f879124a6ee9b07f66). + * [Add support for action artifact serve direct](https://codeberg.org/forgejo/forgejo/commit/1f8ad34e4391673a2eda434ea5e48ea084cdc814). + * [Show whether a PR is WIP inside popups](https://codeberg.org/forgejo/forgejo/commit/50f55f11c4f785b72a39e59b0fc12ae70ab8d8b5). + * [Add artifacts v4 jwt to job message and accept it](https://codeberg.org/forgejo/forgejo/commit/a9bc590d5d10b97bd8aa050ffb720e141a600064). + * [Fix some RPM registry flaws](https://codeberg.org/forgejo/forgejo/commit/461d8b53c2e51a8a6a1715ba40ac61d7e9f93971). + * [Add branch protection setting for ignoring stale approvals](https://codeberg.org/forgejo/forgejo/commit/5d3fdd121279c758f247a76e020799aa5e548feb). + * [Added instance-level variables](https://codeberg.org/forgejo/forgejo/commit/d0f24ff4cad05c1145afeca791e7d02fe146d46a). + * [Fix the wrong HTTP response status code for duplicate packages](https://codeberg.org/forgejo/forgejo/commit/5b6258a0b94737ec3db1ce418d0c933512a71f78). + * [Don't run push mirrors for archived repos](https://codeberg.org/forgejo/forgejo/commit/f3ba3e922dde7d12999a90d6cee15805a56cc7ff). + * [Support for grouping RPMs using paths](https://codeberg.org/forgejo/forgejo/commit/ba4d0b8ffbd78473273800f586ae8bde55cda6c5). + * [Fixes #27605: inline math blocks can't be preceded/followed by alphanumerical characters](https://codeberg.org/forgejo/forgejo/commit/2adc3a45fbd60126c0eab66b9cdd177a63bd4704). + * [Fix GPG subkey verify](https://codeberg.org/forgejo/forgejo/commit/5a674dd02ed3ea2853afa02dc15dcdadba069a6e). + * [Include encoding in signature payload](https://codeberg.org/forgejo/forgejo/commit/6925c0eee43980133896f9e4ee7e48e5751e9417). + * [Fix milestoneID filter bug in issue list](https://codeberg.org/forgejo/forgejo/commit/0da787f23737d252e6c80aa1a1f665e09dba0ea9). + * [Fix Citation modal responsiveness and clipboard copy](https://codeberg.org/forgejo/forgejo/commit/ca39d743636c9732f4422e130bac974555fb43c2). + * [Fix incorrect locale Tr for gpg command](https://codeberg.org/forgejo/forgejo/commit/071d871dcf8dd8097dc0af6d4baf304a2fbbe4e2). + * [Improve a11y document and dropdown item](https://codeberg.org/forgejo/forgejo/commit/1d4bf7e211db0866774fa3f6f563e15ffadac1f6). + * [Determine fuzziness of bleve indexer by keyword length](https://codeberg.org/forgejo/forgejo/commit/ab5f0b7558229b3ab5c3946a51e58b4caae775b0). + * [Fix ellipsis button not working if the last commit loading is deferred](https://codeberg.org/forgejo/forgejo/commit/1e29bccddbeb29eec3ceb507612851021ab4d60d). + * [Fix incorrect diff expander for deletion of last lines in a file](https://codeberg.org/forgejo/forgejo/commit/85bf170ff0d54471fe88903009a3fec4ef3e6e8c). + * [Do not exceed display for the PR page buttons on smaller screens](https://codeberg.org/forgejo/forgejo/commit/e7297d423f566a383c8861c4aaee028606591038). + * [Move citation button to proper place](https://codeberg.org/forgejo/forgejo/commit/eb4061babacfee2b72f4a33412530eb9f0de3b25). + * [Expire artifacts before deleting them physically](https://codeberg.org/forgejo/forgejo/commit/7f64e4d2a3f20b7d7de6542de5e0856c643e821f). + * [Fix can not select team reviewers when reviewers is empty](https://codeberg.org/forgejo/forgejo/commit/df439b6a983865ba559e517e5e93f5f1a53a97a0). + * [Fix default avatar image size in PR diff page](https://codeberg.org/forgejo/forgejo/commit/3aed8ae03475a430c0dc8e33f42fa9269a4844bd). + * [Fix branch list bug which displayed default branch twice](https://codeberg.org/forgejo/forgejo/commit/0e6fd0d1c1e31d22707e6f06124d5bf76361eaab). + * [Set the `isPermaLink` attribute to `false` in the `guid` sub-element](https://codeberg.org/forgejo/forgejo/commit/5574968ecbc34908dfa17b28bfc79c3490eaa685). + * [Fix long package version names overflowing](https://codeberg.org/forgejo/forgejo/commit/3d474110c181df7854576d78e46209908f7e1b52). + * [Fix wrong link in user and organization profile when using relative url](https://codeberg.org/forgejo/forgejo/commit/42149ff1a816501643ec2407ed61a83bf5b65059). + * [Fix session key conflict with database keyword](https://codeberg.org/forgejo/forgejo/commit/4c29c75968f520123f125e8305b2c29198664251). + * [Fix commit status in repo list](https://codeberg.org/forgejo/forgejo/commit/0abb5633e34fd14c2d49de0b4c98f7ba7d98a37e). + * [Fix incorrect action duration time when rerun the job before executed once](https://codeberg.org/forgejo/forgejo/commit/07ba4d9f87cf21b7ce87158ae5651cae3bb35604). + * [Fix missing mail reply address](https://codeberg.org/forgejo/forgejo/commit/3081e7e1536356346f73fb4a0d00101863b2cf05). + * [Filter inactive auth sources](https://codeberg.org/forgejo/forgejo/commit/e378545f3083990eb36ff5d72477662d9787280d). + * [Refactor Find Sources and fix bug when view a user who belongs to an inactive auth source](https://codeberg.org/forgejo/forgejo/commit/1bf5527eac6b947010c8faf408f6747de2a2384f). + * [Fix issue not showing on default board and add test](https://codeberg.org/forgejo/forgejo/commit/1eae2aadae0583ab092d6ed857bb727829aa52b7). + * [Improve file history UI and fix URL escaping bug](https://codeberg.org/forgejo/forgejo/commit/d1527dac3d1e68caf5a6f54c08144e28256e5c47). + * [Fix ldap admin privileges update bug](https://codeberg.org/forgejo/forgejo/commit/7ad31567cdc8206e0080b851a9b880729266b084). +* **other** + * [[PERFORMANCE] git check-attr on bare repo if supported](https://codeberg.org/forgejo/forgejo/pulls/2763) + * [[REFACTOR] [AGIT] Refactor the AGit code](https://codeberg.org/forgejo/forgejo/pulls/2386) + * [[REFACTOR] generation of JWT secret](https://codeberg.org/forgejo/forgejo/pulls/2227) + * [[REFACTOR] PKT protocol](https://codeberg.org/forgejo/forgejo/pulls/2868) + * [Remove .exe suffix when cross-compiling on Windows](https://codeberg.org/forgejo/forgejo/commit/6acce16ee3a03df1cc06c46398f594009a0e31b9). + * [Refactor repo header/list](https://codeberg.org/forgejo/forgejo/commit/65e190ae8bd6c72d8701a58d67b256c87b92c189). + * [Update register application URL for GitLab](https://codeberg.org/forgejo/forgejo/commit/64fcf0cb64d455d5ca1420aa832aa057cf61e6dd). + * [Update golang links to use https](https://codeberg.org/forgejo/forgejo/commit/8ef53c871bcb5c007b3640a347c7868585c9e4de). + * [Teams: new View button](https://codeberg.org/forgejo/forgejo/commit/e3afe4a248ac3a961f332e2ba221bedafa3dfb7e). + * [Commit-Dropdown: Show Author of commit if available](https://codeberg.org/forgejo/forgejo/commit/300c8dedfd01ba0ea63486b644e93aa2be6785b2). + * [Refactor dropzone](https://codeberg.org/forgejo/forgejo/commit/c1ac3e5891a49bedc5e54ed5811cb2c0e058c43c). + * [When the title in the issue has a value, set the text cursor at the end of the text.](https://codeberg.org/forgejo/forgejo/commit/8c2559a72603e07fe682efddd698e1fc190b2728). + * [Load citation JS only when needed](https://codeberg.org/forgejo/forgejo/commit/f2fc2dcfc9305a42242421c718ee3673bd1c851c). + * [Refactor markdown attention render](https://codeberg.org/forgejo/forgejo/commit/ec2201a3da5f18e55bfc0a54114ac935804f4ef8). + * [Light theme color enhancements](https://codeberg.org/forgejo/forgejo/commit/23e2ace77d1612cda09bc0d08690314e7321cca3). + * [Dark theme color enhancements](https://codeberg.org/forgejo/forgejo/commit/704a59e59584041f95939e3d90260173906f946a). + * [Refactor markup/csv: don't read all to memory](https://codeberg.org/forgejo/forgejo/commit/d413a8fcacc81b6f7039371408034c9c2fc6c15f). + * [Move all login and account creation page labels to be above inputs](https://codeberg.org/forgejo/forgejo/commit/3acea02eb66ea09248ff29eb6b9cefce29fcea37). + * [Fix Gitpod logic of setting ROOT_URL](https://codeberg.org/forgejo/forgejo/commit/e52d87758272c417bb9b30e944f9b0bd33d28cb7). + * [Fix broken following organization](https://codeberg.org/forgejo/forgejo/commit/fd3b4afa2b3621ece2d7d1587fd4b017142d75a0). + * [Don't do a full page load when clicking `Watch` or `Star`](https://codeberg.org/forgejo/forgejo/commit/6992ef98fc227a60cf06e0a06b9ae2492b3d61be). + * [Fix non-alphabetic sorting of repo topics](https://codeberg.org/forgejo/forgejo/commit/a240d5dfa7e261f2fb703cf24b1ba4dc6aa47bfd). + * [Make cross-reference issue links work in markdown documents again](https://codeberg.org/forgejo/forgejo/commit/12c0487e01d3fd9fe289345c53e8a220be55e864). + * [Fix tooltip of variable edit button](https://codeberg.org/forgejo/forgejo/commit/361839fb1c8bdfb8291bbcf9bd650b21a605bbd7). + * [Disable query token param in integration tests](https://codeberg.org/forgejo/forgejo/commit/33439b733a4f69640350b9cda370963ebe9d1e0a). + * [Add merge arrow direction and update styling](https://codeberg.org/forgejo/forgejo/commit/e522e774cae2240279fc48c349fc513c9d3353ee). + * [Add links to owner home page in explore](https://codeberg.org/forgejo/forgejo/commit/dd5693387e0642e1aba05b01eeb18139ce90ef5e). + * [Render PyPi long description as document](https://codeberg.org/forgejo/forgejo/commit/876a0cb3d652f42545abdb33dc4fd71a7c3343bf). + * [Ignore temporary files for directory size](https://codeberg.org/forgejo/forgejo/commit/cb8298b7178f5dde302604bfe34c658b725f16f8). + * [Make pushUpdate error verbose](https://codeberg.org/forgejo/forgejo/commit/1bfcdeef4cca0f5509476358e5931c13d37ed1ca). + * [Add download URL for executable files](https://codeberg.org/forgejo/forgejo/commit/9341b37520e5626352bf2df52e8dbace2985c0d7). + * [Improve profile for Organizations](https://codeberg.org/forgejo/forgejo/commit/089ac06969030b0886d4e20bf8f7a757f785f158). + * [Fix Show/hide filetree button on small displays](https://codeberg.org/forgejo/forgejo/commit/e31c6cfe6e30341c502302d1c0a03138f8bf5c9f). + * [Fix merge base commit for fast-forwarded GitLab PRs](https://codeberg.org/forgejo/forgejo/commit/02dae3f84b80047bef391960eea1350d551e4d72). + * [Align ISSUE_TEMPLATE with the new label system](https://codeberg.org/forgejo/forgejo/commit/248b7ee850ecdb538b22ddcfbe80b6f91be32b70). + * [Improve the list header in milestone page](https://codeberg.org/forgejo/forgejo/commit/8abc1aae4ab5b03be0bcbdd390bb903b54ccd21a). + +## 1.21.11-2 + +[The complete list of new commits included in the Forgejo v1.21.11-2 release can be reviewed here](https://codeberg.org/forgejo/forgejo/compare/v1.21.11-1...v1.21.11-2), or from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo +$ git -C forgejo log --oneline --no-merges v1.21.11-1..v1.21.11-2 +``` + +This stable release contains a **security fix**. + +* Recommended Action + + We recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.21/admin/upgrade/) to the latest version as soon as possible. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.21/user/semver/) + + The semantic version was updated to `6.0.13+0-gitea-1.21.10` + +* Security fix + * [PR](https://codeberg.org/forgejo/forgejo/pulls/4047). Fixed: the OAuth2 implementation does not always require authentication for public clients, a requirement of [RFC 6749 Section 10.2](https://datatracker.ietf.org/doc/html/rfc6749#section-10.2). A malicious client can impersonate another client and obtain access to protected resources if the impersonated client fails to, or is unable to, keep its client credentials confidential. + +## 1.21.11-1 + +This stable release contains a single bug fix for a regression introduced in v1.21.11-0 by which creating a tag via the API would fail with error 500 on a repository a where Forgejo Actions workflow triggered by tags exists. + +* Recommended Action + + We recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.21/admin/upgrade/) to the latest version as soon as possible. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.21/user/semver/) + + The semantic version was updated to `6.0.12+0-gitea-1.21.10` + +* Bug fix + + * [error 500 on tag creation when a workflow exists](https://codeberg.org/forgejo/forgejo/issues/3327) + +## 1.21.11-0 + +[The complete list of new commits included in the Forgejo v1.21.11-0 release can be reviewed here](https://codeberg.org/forgejo/forgejo/compare/v1.21.10-0...v1.21.11-0), or from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo +$ git -C forgejo log --oneline --no-merges v1.21.10-0..v1.21.11-0 +``` + +This stable release contains bug fixes and **security fixes**. + +* Recommended Action + + We strongly recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.21/admin/upgrade/) to the latest version as soon as possible. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.21/user/semver/) + + The semantic version was updated to `6.0.11+0-gitea-1.21.10` + +* Security fix + + * [Fixed a privilege escalation through git push options](https://codeberg.org/forgejo/forgejo/commit/cc80e661531794fff7f8a336eaaefdb7e3bd3956) that allows any user to change the visibility of any repository they can see, regardless of their level of access. + * [Fixed a bug that allows user-supplied, non-sandboxed JavaScript to be run from the same domain as the forge](https://codeberg.org/forgejo/forgejo/commit/8dcc7d9e8ce36d94bae1a1becddc4735f51add3c), via `/{owner}/{repo}/render/branch/{branch}/{filename}` URLs. + +* Bug fixes + + * [Use system action user to trigger scheduled action workflows](https://codeberg.org/forgejo/forgejo/commit/387aea4434488555838e55e067242509bc1510a6) + * [Close file in upload function](https://codeberg.org/forgejo/forgejo/commit/fd47240545ab1c4f10d07434c2ba00fff044236a) + * [Prevent registering runners for deleted repositories](https://codeberg.org/forgejo/forgejo/commit/fd47240545ab1c4f10d07434c2ba00fff044236a). Prevents 500 Internal Server Error in admin interface. + * [More reliable pagination support when migrating from gitbucket](https://codeberg.org/forgejo/forgejo/commit/e702e79625980b08ec060a1690b76502455acad9) + * [Fix automerge when used with actions](https://codeberg.org/forgejo/forgejo/commit/4889a3a1713d91a5ae95af4edf1bb3352d1871fd) + +## 1.21.10-0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.21/forgejo) included in the `Forgejo v1.21.10-0` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.21.8-0..v1.21.10-0 +``` + +This stable release contains bug fixes and a **security fix**. + +Note that there is no `Forgejo v1.21.9-0` release. The release numbering of the `Forgejo v1.21` patch series follows the Gitea release numbering. However, the publication of `Gitea v1.21.9` and `Gitea v1.21.10` were a few days apart because of a regression that is not present on Forgejo and there was no need to publish `Forgejo v1.21.9-0`. + +* Recommended Action + + We recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.21/admin/upgrade/) to the latest version as soon as possible. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.21/user/semver/) + + The semantic version was updated to `6.0.10+0-gitea-1.21.10` + +* Built with Go 1.21.9 and `golang.org/x/net` v0.23.0 + + It [includes vulnerability fixes](https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M/m/khALNYGdAAAJ). + + * [CVE-2023-45288](https://pkg.go.dev/vuln/GO-2024-2687) which permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. A Forgejo instance is affected if it is configured to listen to HTTPS instead of doing this via a reverse proxy. + +* Bug fixes + + The most prominent ones are described here, others can be found in the list of commits included in the release as described above. + + * [Fix to not remove repository avatars when the doctor runs with --fix on the repository archives](https://codeberg.org/forgejo/forgejo/commit/e9932a404d4bb5b22a87797094dff615eb38171a). + * [Detect protected branch on branch rename](https://codeberg.org/forgejo/forgejo/commit/611610c3c4cba12f2a835b41438a7ed54da9bc23). If a branch cannot be renamed due to a protected branch rule, show this error in the UI instead of throwing an internal server error. + * [Don't delete inactive emails explicitly](https://codeberg.org/forgejo/forgejo/commit/fb4c42deb23a67379afb29870e430e47687ccc6c). This can cause issues as the associated user might not have been deleted. It would lead to a database inconsistency and internal server errors if the user tries to activate their account. + * [Fix user interface when a review is deleted without refreshing](https://codeberg.org/forgejo/forgejo/commit/456a33e8bb770a86341dc883edc6b62264b950a1). + * [Fix paths when finding files via the web interface that were not escaped](https://codeberg.org/forgejo/forgejo/commit/b22be0c03fa4814c1b8b892346de5d4547782ce7). + * [Respect `DEFAULT_ORG_MEMBER_VISIBLE` setting when adding creator to org](https://codeberg.org/forgejo/forgejo/commit/5e5574c7b328e2c500d497517047b8d1fd0ca478). + * [Fix duplicate migrated milestones](https://codeberg.org/forgejo/forgejo/commit/706ff7aa9fcfe4c43893dc12e27d064064e80635). + * [Fix inline math blocks can't be preceded/followed by alphanumerical characters](https://codeberg.org/forgejo/forgejo/commit/0d3f446460b22a29c259e7d42ed89f90fd216ca7). + +## 1.21.8-0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.21/forgejo) included in the `Forgejo v1.21.8-0` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.21.7-0..v1.21.8-0 +``` + +This stable release contains bug fixes. + +* Recommended Action + + We recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.21/admin/upgrade/) to the latest version. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.21/user/semver/) + + The semantic version was updated to `6.0.8+0-gitea-1.21.8` + +* Bug fixes + + The most prominent ones are described here, others can be found in the list of commits included in the release as described above. + + * [Fix `/api/v1/{owner}/{repo}/issue_templates`](https://codeberg.org/forgejo/forgejo/commit/969d3f44101402afd9dd848e79dd5823d547a00d) which was always failing with a 500 error. + * [Prevent error 500 on /user/settings/security when SignedUser has a linked account from a deactivated authentication source](https://codeberg.org/forgejo/forgejo/commit/d9418651af8c8a3276ebc40a516109c0f33139b0). + * [Fix error 500 when pushing release to an empty repo](https://codeberg.org/forgejo/forgejo/commit/b76f370a3f8993638cad91547491b46631776f59). + * [Fix incorrect rendering csv file when file size is larger than UI.CSV.MaxFileSize](https://codeberg.org/forgejo/forgejo/commit/e151e0467341bd25a2465ca15e81ebc0c8fa3fc4). + * [Fix error 500 when deleting account with incorrect password or unsupported login type](https://codeberg.org/forgejo/forgejo/commit/66061d28286ee3adf69747c284d40121e2e4b280). + * [handle user-defined `name` anchors like `[Link](#link)` linking to `Link`](https://codeberg.org/forgejo/forgejo/commit/03caefbb02854d5c98a26d889e0e30c910651395). + * [Use correct head commit for CODEOWNER](https://codeberg.org/forgejo/forgejo/commit/d1cebb0e884a88941e27e2280e117cc04d2665fe). + * [Fix manual merge button](https://codeberg.org/forgejo/forgejo/commit/c70719c59c410e5378c04926c66461d7b9f72884). + * [Make meilisearch do exact search for issues](https://codeberg.org/forgejo/forgejo/commit/a876ac2c7934fa0f8a66424e178b501e4a341e0f). + * [Fix PR creation via api between branches of same repo with head field namespaced](https://codeberg.org/forgejo/forgejo/commit/120a173e24fd359b0b57f2bd1021168645fab5a8). + +## 1.21.7-0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.21/forgejo) included in the `Forgejo v1.21.7-0` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.21.6-0..v1.21.7-0 +``` + +This stable release contains bug fixes and a **security fix**. + +* Recommended Action + + We recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.21/admin/upgrade/) to the latest version as soon as possible. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.21/user/semver/) + + The semantic version was updated to `6.0.7+0-gitea-1.21.7` + +* Built with Go 1.21.8 + + It [includes vulnerability fixes](https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg). + + * [CVE-2023-45290](https://go.dev/issue/65383) which could lead to memory exhaustion when parsing a multipart form. + * [CVE-2023-45289](https://go.dev/issue/65065) which could allow incorrect forwarding of sensitive headers and cookies on HTTP redirect. + +* Security fix + + * The google.golang.org/protobuf module was bumped to version v1.33.0 to fix a bug in the google.golang.org/protobuf/encoding/protojson package which could cause the Unmarshal function to enter an infinite loop when handling some invalid inputs. [Read more in the announcement](https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY). + +* Bug fixes + + The most prominent ones are described here, others can be found in the list of commits included in the release as described above. + + * [Fix tarball/zipball download bug](https://codeberg.org/forgejo/forgejo/commit/8e2c991b35de8c94899ad053e89339cea4538589). + * [Ensure `HasIssueContentHistory` takes into account `comment_id`](https://codeberg.org/forgejo/forgejo/commit/8fb027fea5e9525293802d977fd3ee0c374ba9ba). + +## 1.21.6-0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.21/forgejo) included in the `Forgejo v1.21.6-0` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.21.5-0..v1.21.6-0 +``` + +This stable release contains bug fixes and a **security fix**, as explained in the [v1.21.6-0 companion blog post](https://forgejo.org/2024-02-release-v1-21-6-0/). + +* Recommended Action + + We **strongly recommend** that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.21/admin/upgrade/) to the latest version as soon as possible. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.21/user/semver/) + + The semantic version was updated to `6.0.6+0-gitea-1.21.6` + +* Security fix + + * [Fix XSS vulnerabilities](https://codeberg.org/forgejo/forgejo/pulls/2434). It enabled attackers to inject client-side scripts into web pages displayed to Forgejo visitors. + +* Bug fixes + + The most prominent ones are described here, others can be found in the list of commits included in the release as described above. + + * [Always write proc-receive hook for all git versions](https://codeberg.org/forgejo/forgejo/commit/a1fb6a2346193439dafaee5acf071632246e6dd7). + * [Fix debian InRelease Acquire-By-Hash newline](https://codeberg.org/forgejo/forgejo/commit/8a2c4e9ff2743f47a8d1f081b9e35dcc16431115). + * [Fix missing link on outgoing new release notifications](https://codeberg.org/forgejo/forgejo/commit/3a061083d65bdfc9acf0cb5839b84f6a9c17a727). + * [Workaround to clean up old reviews on creating a new one](https://codeberg.org/forgejo/forgejo/commit/8377ecbfe1f2b72ec7d65c46cbc9022ad0ccd75f). + * [Fix push to create with capitalize repo name](https://codeberg.org/forgejo/forgejo/commit/8782275c9c66ad6fc7c44503d7df9dae7196aa65). + * In Markdown [don't try to make the link absolute if the link has a schema that's defined in `[markdown].CUSTOM_URL_SCHEMES`](https://codeberg.org/forgejo/forgejo/commit/6c100083c29fb0ccf0cc52e8767e540a260d9468), because they can't be made absolute. + * [Fix Ctrl+Enter on submitting review comment](https://codeberg.org/forgejo/forgejo/commit/1c3a31d85112d10fb948d6f0b763191ed6f68e90). + * In Git version v2.43.1, the behavior of `GIT_FLUSH` was accidentally flipped. This causes Forgejo to hang on the `check-attr` command, because no output was being flushed. [Workaround this by detecting if Git v2.43.1 is used and set `GIT_FLUSH=0` thus getting the correct behavior](https://codeberg.org/forgejo/forgejo/commit/ff468ab5e426582b068586ce13d5a5348365e783). + * [When setting `url.host` on a URL object with no port specified (like is the case of default port), the resulting URL's port will not change. Workaround this quirk in the URL standard by explicitly setting port for the http and https protocols](https://codeberg.org/forgejo/forgejo/commit/628e1036cfbcfae442cb6494249fe11410447056). + * [Fix elasticsearch Request Entity Too Large](https://codeberg.org/forgejo/forgejo/commit/e6f59f6e1489d63d53de0da1de406a7a71a82adb). + * [Do not send update/delete release notifications when it is in a draft state](https://codeberg.org/forgejo/forgejo/commit/3c54a1dbf62e56d948feb1008512900140033737). + * [Do not run Forgejo Actions workflows synchronized events on the same commit as the one used to create a pull request](https://codeberg.org/forgejo/forgejo/commit/ce96379aef6e92cff2e9982031d5248ef8b01947). + * [Fix a MySQL performance regression introduced in v1.21.4-0](https://codeberg.org/forgejo/forgejo/commit/af98a0a7c6f4cbb5340974958ebe4389e3bf4e9a). + * [Fix Internal Server Error when resolving comments](https://codeberg.org/forgejo/forgejo/commit/ad67d9ef1a219b21309f811c14e7353cbc4982e3). + * Packages + * Swift: [fix a failure to resolve from package registry](https://codeberg.org/forgejo/forgejo/commit/fab6780fda5d8ded020a98253a793e87ed94f634). + * Alpine: [if the APKINFO contains an install if condition, write it in the APKINDEX](https://codeberg.org/forgejo/forgejo/commit/7afbc62057b876fb6711ef58743f664a2509dde4). + * org-mode files + * [It is possible that the description of an `Regularlink` is `Text` and not another `Regularlink`](https://codeberg.org/forgejo/forgejo/commit/781d2a68ccb276bf13caf0b378b74d9efeab3d39). + * [Fix relative links on orgmode](https://codeberg.org/forgejo/forgejo/commit/fa700333ba2649d14f1670dd2745957704a33b40). + +## 1.21.5-0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.21/forgejo) included in the `Forgejo v1.21.5-0` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.21.4-0..v1.21.5-0 +``` + +This stable release includes bug fixes as well as documentation improvements. + +* Recommended Action + + We recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.21/admin/upgrade/) to the latest version. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.21/user/semver/) + + The semantic version was updated to `6.0.5+0-gitea-1.21.5` + +* Bug fixes + + The most prominent ones are described here, others can be found in the list of commits included in the release as described above. + + * [Upgrade go-git to v5.11.0](https://codeberg.org/forgejo/forgejo/commit/faafccbcc7942b39cbc43f8014a435de4cc30f62). Although go-git is not used by Forgejo in a way that meets the requirements for the [CVE-2023-49568](https://github.com/advisories/GHSA-mw99-9chc-xw7r) and [DoS](https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r) vulnerabilities to be possible, it is upgraded to v5.11.0 which mitigates the issue, as a precaution. + * [Fix markdown relative links rendering](https://codeberg.org/forgejo/forgejo/commit/f8c9ff55b98adfbfbcc24efd178c114006f28336) + * [Fix NPE in `UsernameSubRoute`](https://codeberg.org/forgejo/forgejo/commit/3c7a955f05ec4c29f3c4f7412c45129b74c33e5c) + * [Fix duplication when blocking multiple users](https://codeberg.org/forgejo/forgejo/commit/3d3790ef4c6cdbcbe0cf7ec80627596f44701977) + * [Render code block in activity tab](https://codeberg.org/forgejo/forgejo/commit/766305f47c87b0199986f22402a17526b2586eca) + * [Fix reverting a merge commit failing](https://codeberg.org/forgejo/forgejo/commit/c450df40f1be3ca22f64c062cbc6046a15a6a634) + * [Fix archive creating LFS hooks and breaking pull requests](https://codeberg.org/forgejo/forgejo/commit/fd1681019528e78b764f75d11910cbdf681bfbb1) + * [Avoid duplicate JS error messages on UI](https://codeberg.org/forgejo/forgejo/commit/367dd037d25d659aff3cd3bc5df5c7e4c168d58a) + * [Fix incorrect PostgreSQL connection string for Unix sockets](https://codeberg.org/forgejo/forgejo/commit/16dbd9f2003f22beff413cbf453d99f9099afeef) + * [Fix avatar storage migration](https://codeberg.org/forgejo/forgejo/commit/fcabc262f77bc285bf5f1e4e66cf5d601d8e1820) + * [Prevent anonymous container access if `RequireSignInView` is enabled](https://codeberg.org/forgejo/forgejo/commit/5a4a151209dc74257885a5a1f991163e26210602) + * [Fix uploaded artifacts that were not overwritten](https://codeberg.org/forgejo/forgejo/commit/5dbe9596ac3274026ef4fe46889b7d440652e420) + * [Update enable_prune even if mirror_interval is not provided](https://codeberg.org/forgejo/forgejo/commit/20c436ec922a7fcb40950b3ad48365e0bd2bf1fe) + * [Strip `/` from relative links](https://codeberg.org/forgejo/forgejo/commit/c6285052dd41342782b66c9e8e3c53dce492cba4) + +* Improvements + + * [Don't remove repository's releases when mirroring](https://codeberg.org/forgejo/forgejo/commit/04904b933d138a184b361328c287487306c0f4c7) + +## 1.21.4-0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.21/forgejo) included in the `Forgejo v1.21.4-0` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.21.3-0..v1.21.4-0 +``` + +This stable release includes security and bug fixes as well as documentation improvements. + +* Recommended Action + + We recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.21/admin/upgrade/) to the latest version. + +* Container image upgrades + + In the Forgejo container images the ssh version was upgraded to [9.3_p2-r1](https://pkgs.alpinelinux.org/packages?name=openssh&branch=v3.18) which includes a fix for [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795). + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.21/user/semver/) + + The semantic version was updated to `6.0.4+0-gitea-1.21.4` + +* Security fixes + + * [Require token for GET subscription endpoint](https://codeberg.org/forgejo/forgejo/commit/6a66e8c7486b0be873dfc55dfdef9ba056970a90) + +* Bug fixes + + The most prominent ones are described here, others can be found in the list of commits included in the release as described above. + + * [Gracefully handle missing branches](https://codeberg.org/forgejo/forgejo/commit/c2fa9c308f5cdb08dd84fb8ec6623a57e75d5152) when a branch is missing from Git but still lingering in the database. + * [Fix panic in `canSoftDeleteContentHistory`](https://codeberg.org/forgejo/forgejo/commit/ab1ccc55dca7fd05e59a01343e6dfe53be6195d0) + * [Check for Commit in opengraph](https://codeberg.org/forgejo/forgejo/commit/b473a44a2bb59591f3e24bfcdeed1d8fbb0f9204) + * [Handle non-existent commit in Archive request](https://codeberg.org/forgejo/forgejo/commit/0fbf761d1930f9336be6da8d17ae6032203a9381) + * [Fix NPE in `ToPullReviewList`](https://codeberg.org/forgejo/forgejo/commit/f5349b66b78968301d7dc4c45e8e08b46910aa6e) + * [Fix URL in the mail to include the host](https://codeberg.org/forgejo/forgejo/commit/ac889d42903b2ce2129a02ace620a10a6f940920) + * [Fix the event of a scheduled action](https://codeberg.org/forgejo/forgejo/commit/892a8e1f4a5cc09cc3136e0b0e6487c154c5ed2b) to be "schedule" instead of a semi-random event from the default branch. + * [Use refname:strip-2 instead of refname:short when syncing tags](https://codeberg.org/forgejo/forgejo/commit/4df056a14ecaad3ff9d963599fff8c8d7ebe87e9) + * [Fix button size in "attached header right"](https://codeberg.org/forgejo/forgejo/commit/10699872930005a79490dd47eb86438ff20f449d) + * [Fix `convert.ToTeams` on empty input](https://codeberg.org/forgejo/forgejo/commit/453d27853c18991c13b6e457032406664b07751b) + * [Hide code related setting options in repository when code unit is disabled](https://codeberg.org/forgejo/forgejo/commit/703ed272ccba55c08873f6a23e557cdc5cd498ee) + * [Fix incorrect URL for "Reference in New Issue"](https://codeberg.org/forgejo/forgejo/commit/01285dc47cd77e7c0755423af96ba6bf0e23650e) + * [Fix panic when parsing empty pgsql host](https://codeberg.org/forgejo/forgejo/commit/ad027c28181004cbf891be14bb383ed906b13521) + * [Fix alpine package files are not rebuilt](https://codeberg.org/forgejo/forgejo/commit/881159f593b8f848d52afe8d420f4f3ced34de7f) + * [Avoid cycle-redirecting user/login page](https://codeberg.org/forgejo/forgejo/commit/ea8ca5b5098d04bf5f6218ca099af32d20bb465f) + * [Fix the scroll behavior for emoji/mention list](https://codeberg.org/forgejo/forgejo/commit/fef19bcf94b2265870d21897e9bc55d6a07975d7) + * [Fix wrong due date rendering in issue list page](https://codeberg.org/forgejo/forgejo/commit/29a0e7738c0725ee8407e2714c3d890286a94fd0) + * [Fix `status_check_contexts` matching bug](https://codeberg.org/forgejo/forgejo/commit/3fe44b87627612705413e80abbe8af55fae36666) + * [Fix 405 method not allowed CORS / OIDC](https://codeberg.org/forgejo/forgejo/commit/9ad7a67fc127712f897a3c8348e9f55d7cb2f6ec) + * [Fix `GetCommitStatuses`](https://codeberg.org/forgejo/forgejo/commit/c287b1383f91024a8eba1a3f47912eecd66e19be) + * [Forbid removing the last admin user](https://codeberg.org/forgejo/forgejo/commit/5124be72aaac4ad814c1ec7a57a2e92c529d00f9) + * [Fix issue dependencies](https://codeberg.org/forgejo/forgejo/commit/2ab54a9c0671b70ab83bd3c643815ac7424a6a36) + * [Fix system webhooks API bug](https://codeberg.org/forgejo/forgejo/commit/f5764bbf269d82e7e344834a5eeb8de82356cfde) + +* Documentation + + * The Forgejo Actions [user reference guide](https://forgejo.org/docs/v1.21/user/actions/) includes [event payload examples](https://forgejo.org/docs/v1.21/user/actions/#githubevent) for pull requests and push events. It also covers most of the [jobs](https://forgejo.org/docs/v1.21/user/actions/#jobs) syntax. + * The [Forgejo command line page](https://forgejo.org/docs/v1.21/admin/command-line/) was [entirely reworked](https://codeberg.org/forgejo/docs/pulls/340) and updates are now automated. + +* Improvements + + * [Rework markup link rendering](https://codeberg.org/forgejo/forgejo/commit/875b398e5e0c53a615c861eba77d4e0ff50ff49d) + * [Modernize merge button](https://codeberg.org/forgejo/forgejo/commit/70c7ee54754e93fd2612287b1ccfc24006924651) + * [Assign pull request to project during creation](https://codeberg.org/forgejo/forgejo/commit/10b555a52b0541fa5e4bc3ddb43001abc2ce0c76) + * [Add download attribute to release attachments](https://codeberg.org/forgejo/forgejo/commit/fab93c6393f5365e2e985619f0b82e4c580874c9) + +## 1.21.3-0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.21/forgejo) included in the `Forgejo v1.21.3-0` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.21.2-1..v1.21.3-0 +``` + +This stable release includes bug fixes. It was built with an updated version of the [Go Cryptography](https://pkg.go.dev/golang.org/x/crypto) package that fixes [CVE-2023-48795](https://go.dev/issue/64784). As explained in the [corresponding Go issue](https://github.com/golang/vulndb/issues/2402): "The impact of this attack is relatively limited, as it does not compromise confidentiality of the channel." + +* Recommended Action + + We recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.21/admin/upgrade/) to the latest version. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.21/user/semver/) + + The semantic version was updated to `6.0.3+0-gitea-1.21.3` + +* Security fix + + * The [Go Cryptography](https://pkg.go.dev/golang.org/x/crypto) package [is upgraded](https://codeberg.org/forgejo/forgejo/commit/9515a0ea38c179a2811e489079a68bbcc79f3cd3) to fix [CVE-2023-48795](https://go.dev/issue/64784). + +* Bug fixes + + The most prominent ones are described here, others can be found in the list of commits included in the release as described above. + + * [Fix a regression](https://codeberg.org/forgejo/forgejo/commit/dbd896ce42b2c5a1f4b4a69289fa3a38a875d04d) in how the markdown anchors are generated. For instance the anchor for `A.B.C` is `A-B-C` but was incorrectly set to `ABC`. + * [Fix the branch name of scheduled actions](https://codeberg.org/forgejo/forgejo/commit/580f29d9a2f8986c02b6ac30f2f3c177866cc81a) which [was sometime incorrectly set](https://codeberg.org/forgejo/forgejo/issues/1926). + * [Fix a visual glitch](https://codeberg.org/forgejo/forgejo/commit/b0874a0912ee97b11047bb2bd7d370b93c298d2a) when [setting an emoji in the web UI](https://codeberg.org/forgejo/forgejo/issues/1990). + * [Recently Docker started to use the optional `POST /v2/token` endpoint](https://codeberg.org/forgejo/forgejo/commit/a77398cd344be76e1cd2474063d917b286f8e9b1) which should respond with a `404 Not Found` status code instead of the current `405 Method Not Allowed`. + * [Fix a missing leading ssh:// when using a port other than 22](https://codeberg.org/forgejo/forgejo/commit/1475c1fcc4f1d5d526260a3f2068ae62c2ccaae3) when Git URLs are displayed in the web UI. + * [Allow disabling the detection of ambiguous unicode characters](https://codeberg.org/forgejo/forgejo/commit/cd5a0ec1c88edc238469657731e209a0080e9bfc) with the new setting `AMBIGUOUS_UNICODE_DETECTION=false`. + * [Fix a regression with the issue references rendering in wiki pages](https://codeberg.org/forgejo/forgejo/commit/40fa6a526a1cb42889eddd5135f2749cc092fff5). + * [Fix merging artifact chunks error when minio storage basepath is set](https://codeberg.org/forgejo/forgejo/commit/bea2c52572d62781228099812e56b2e7051e7ab0) + * [Fix missing information in the blame page web UI](https://codeberg.org/forgejo/forgejo/commit/1f8d01c74d75c0b426b7b7a95cc1ca3bfe1b853c). + +## 1.21.2-1 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.21/forgejo) included in the `Forgejo v1.21.2-1` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.21.2-0..v1.21.2-1 +``` + +This stable release contains a **security fix**, as explained in the [v1.21.2-1 companion blog post](https://forgejo.org/2023-12-release-v1-21-2-1/). + +* Recommended Action + + We **strongly recommend** that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.21/admin/upgrade/) to the latest version as soon as possible. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.21/user/semver/) + + The semantic version was updated to `6.0.2+0-gitea-1.21.2` + +* Security fix + + The project page [of private users](https://forgejo.org/2023-12-release-v1-21-2-1/) is no longer publicly visible. + +* Bug fixes + + The most prominent ones are described here, others can be found in the list of commits included in the release as described above. + + * The default preferred licenses for the [[repository].PREFERRED_LICENSES](https://forgejo.org/docs/v1.21/admin/config-cheat-sheet/#repository-repository) setting were incorrect and have been [fixed to be `Apache-2.0` and `MIT`](https://codeberg.org/forgejo/forgejo/commit/5258e8f63d649b016d5c5d0e37422723bef26dac). + * A failed cron job can [no longer cause the Forgejo instance to shutdown](https://codeberg.org/forgejo/forgejo/commit/026a4bb02d8ac0b0dd90eb8a89c25ae18abca34f). + * A pull request merged by a workflow using the [automatic token](https://forgejo.org/docs/v1.21/user/actions/#automatic-token) with the `auto merge` flag [no longer cause an error 500 when displaying the pull request page](https://codeberg.org/forgejo/forgejo/commit/4148fb27dbc337a433b41d6d450d48fad73239cc). + * [Tentative fix for when the database branch cache is out of sync with the branches found in Git repositories](https://codeberg.org/forgejo/forgejo/commit/14750f3d11c8d065d3f9af31b8b4ee8d28acd0a5). When in doubt it is recommended to click on `Sync missed branches from git data to databases` in the `/admin` dashboard. + +## 1.21.2-0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.21/forgejo) included in the `Forgejo v1.21.2-0` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.21.1-0..v1.21.2-0 +``` + +This stable release includes bug fixes. It was built with Go v1.21.5 that fixes [CVE-2023-39326](https://groups.google.com/g/golang-announce/c/iLGK3x6yuNo) which a malicious HTTP client can exploit to cause a server to automatically read a large amount of data. It allows for memory exhaustion in the situation that HTTP chunked encoding requests can reach Forgejo. + +* Recommended Action + + We recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.21/admin/upgrade/) to the latest version. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.21/user/semver/) + + The semantic version was updated to `6.0.1+0-gitea-1.21.2` + +* Bug fixes + + The most prominent ones are described here, others can be found in the list of commits included in the release as described above. + + * [OAuth2 uses the link_account page when the email or username is missing](https://codeberg.org/forgejo/forgejo/commit/e6fb2107f2843a09c3a72c3629bcee50c4797a6c) + * [Avoid conflicts of issue and PR numbers in GitLab migration](https://codeberg.org/forgejo/forgejo/commit/272d0a4c20987e33fa132fc94d996e0c6fdb86d7) + * [Only pass selected repository IDs to pagination](https://codeberg.org/forgejo/forgejo/commit/2552bb7b6ec51a094c9d800589991b1556fba798) + * [Add download URL for executable files](https://codeberg.org/forgejo/forgejo/commit/958a20865b897daaa4c26a3ba4b195ba2e854223) + * [Fix Forgejo repositories migration to also include issues, prs etc.](https://codeberg.org/forgejo/forgejo/commit/61fc5c514a6b3f99560b0df5e4cdb7df94763984) + * [Fix template substitution bug preventing notifications to be sent on new user registration](https://codeberg.org/forgejo/forgejo/commit/bc0078a50a6ab341ca4af15ce5d3fd221e6e9e0d) + * [When searching for issues, require that all terms are matched instead of one of them](https://codeberg.org/forgejo/forgejo/commit/13c0df40de319db2c4c2ec11a9a9dc5cf9eaf681) + * [Ignore temporary files when calculating the size of a repository](https://codeberg.org/forgejo/forgejo/commit/b17113bb06b57211b9c264b6953a783e7d0bb9a2) + * [Convert git commit summary to valid UTF8](https://codeberg.org/forgejo/forgejo/commit/346635605da024c3a0a6e7f4d63de1632459f4d6) + * [Fix incorrect default value of `[attachment].MAX_SIZE`](https://codeberg.org/forgejo/forgejo/commit/52f8fde69f121af6f72685fd08dc45b4b3e89004) + * [Fix object does not exist error when checking citation file](https://codeberg.org/forgejo/forgejo/commit/1ce155c5a695f07a9252b4ffc8c9ae7d48ebf7ec) + +* Improvements + + * [new doctor check: fix-push-mirrors-without-git-remote](https://codeberg.org/forgejo/forgejo/commit/1fea3ce6592afca7f8d16c147effd343244746fa) + * [Add `HEAD` support for RPM registry](https://codeberg.org/forgejo/forgejo/commit/ce3a24ef5f80413514e8de28ff47e77acccf0d2b) + +## 1.21.1-0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.21/forgejo) included in the `Forgejo v1.21.1-0` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges origin/v1.20/forgejo..origin/v1.21/forgejo +``` + +- **[Forgejo Semantic Version](https://forgejo.org/docs/v1.21/user/semver/):** + The semantic version was updated to `6.0.0+0-gitea-1.21.0` because it contains breaking changes. + +- **Breaking:** + Note that the modifications related to CSS, templates or assets (images, fonts, etc.) are not documented here. + Although they can be extracted and modified, Forgejo does not provide any guarantee that such changes + will be portable from one version to another (even a patch version). A [Q&A discussion is available](https://codeberg.org/forgejo/discussions/issues/84) + to share tips and tricks. A new section was also added + [to the developer documentation about interface customization](https://forgejo.org/docs/v1.21/developer/customization/). + - If you have custom asset files, e.g. custom themes, inside `custom/public/*` (css included), you need to transfer these files to `custom/public/assets/*` for them to be detected. Read more [in the documentation](https://forgejo.org/docs/v1.21/developer/customization/) and the [Q&A discussion dedicated to interface customization](https://codeberg.org/forgejo/discussions/issues/84). + - Git [branches are stored in the databases](https://codeberg.org/forgejo/forgejo/commit/6e19484f4d3bf372212f2da462110a1a8c10cbf2) to reduce the calls to a git process and improve performances. After upgrading, login as an admin, go to the `/admin` page and click run **Sync missed branches from git data to databases**. If this is not done there will be messages such as `LoadBranches: branch does not exist` in the logs. + - [Some Forgejo CLI options have changed](https://codeberg.org/forgejo/forgejo/commit/d0dbe52e76f3038777c3b50066e3636105387ca3) and scripts may need to be updated. For instance `--verbose` is no longer a global option and is implemented on a per sub-command basis. Check `forgejo --help` or `forgejo docs` for more information. + - [Remove "CHARSET" config option for MySQL and always use "utf8mb4"](https://codeberg.org/forgejo/forgejo/commit/ce46834b938eb687152a680669ada95a26304178). It has been a requirement for years and specifying anything else is likely to cause issues. Existing MySQL databases still using `utf8` can be converted using the CLI: `forgejo doctor convert`. + - [Restrict certificate type for builtin SSH server](https://codeberg.org/forgejo/forgejo/pulls/1172). This is a breaking change for setups where the builtin SSH server is being used and for some reason host certificates were being used for authentication. + - [Set SSH_AUTHORIZED_KEYS_BACKUP to false by default](https://codeberg.org/forgejo/forgejo/commit/469d89b95a1ce18dd34808a95c7230375e828e24). There is no automatic cleanup of these backups and can end up using a significant amount of disk space over time. + - [The minimum RSA keylength is now 3072 instead of 2048](https://codeberg.org/forgejo/forgejo/commit/c533991519816313dfaa0ddcec183756a97b9348). + - Prior to this release, a token scoped to read or write permissions on issues was allowed to access both issues and pull requests, regardless of the restrictions imposed to the team in which they belong. In a team it is possible to grant finer grained permissions, for instance to allow a user to access issues but not pull requests. These restrictions are [now enforced](https://codeberg.org/forgejo/forgejo/commit/f4310d74ee65500ef02064256808530e09da76a0) and API calls that previously succeeded on `/api/v1/repos/{org}/{repo}/issues` or other endpoints common to both issues and pull requests could return 404. Granting the user the necessary permissions in the team in which they belong will allow them to use that endpoint again. +- **Forgejo Actions:** + It is now enabled by default but should still be considered alpha stage and subject to unannounced breaking changes. + - The API can now be used to manage secrets for [users](https://code.forgejo.org/api/swagger/#/user/updateUserSecret), [organizations](https://code.forgejo.org/api/swagger/#/organization/orgListActionsSecrets) and [repositories](https://code.forgejo.org/api/swagger/#/repository/updateRepoSecret). + - [Registration tokens can register multiple runners](https://codeberg.org/forgejo/forgejo/commit/9b698362a333de2c388499f1a64d39545b0263bd) instead of a single one. Read more [about runner registration](https://forgejo.org/docs/v1.21/admin/actions/#registration). + - [Add](https://codeberg.org/forgejo/forgejo/commit/35a653d7edbe0d693649604b8309bfc578dd988b) support for [variables in addition to secrets](https://forgejo.org/docs/v1.21/user/actions/#variables). + - [Add](https://codeberg.org/forgejo/forgejo/commit/0d55f64e6cd3de2e1e5c0ee795605823efb14231) support for [recurring actions similar to cron jobs](https://forgejo.org/docs/v1.21/user/actions/#onschedule). + - [Add](https://codeberg.org/forgejo/forgejo/commit/19872063a3c14256a1d89b2a104d63e7538a3a28) the possibility to [disable workflows from the user interface](https://forgejo.org/docs/v1.21/user/actions/#list-of-runners-and-their-tasks). + - [Add](https://codeberg.org/forgejo/forgejo/commit/460a2b0edffe71d9e64633beaa1071fcf4a33369) automatic [cleanup of artificats](https://forgejo.org/docs/v1.21/user/actions/#artifacts). + - [Add](https://codeberg.org/forgejo/forgejo/commit/44781f9f5c4ede618660d8cfe42437f0e8dc22a0) automatic cancellation [of jobs when pushing new commits](https://forgejo.org/docs/v1.21/user/actions/#auto-cancellation-of-workflows) to a PR. + - [Add](https://codeberg.org/forgejo/forgejo/commit/f3d293d2bbe0b2eab047bdd403046069cffbc0c4) support for [uploading multiple artificats](https://forgejo.org/docs/v1.21/user/actions/#artifacts). + - [Add](https://codeberg.org/forgejo/forgejo/commit/48e5a74f215d78813a816c57fc5a85a909a003d5) support for the [`pull_request_target` event](https://forgejo.org/docs/v1.21/user/actions/#onpull_request_target) which has access to secrets because it runs using the workflows from the base branch instead of the pull request. + - [Add](https://codeberg.org/forgejo/forgejo/commit/8228751c55d6a4263f0fec2932ca16181c09c97d) support for reading labels from the runner [instead of specifying them during registration](https://forgejo.org/docs/v1.21/admin/actions/#registration). +- **Features:** + - With the Chroma upgrade from [2.7.0](https://github.com/alecthomas/chroma/releases/tag/v2.7.0) to [2.10.0](https://github.com/alecthomas/chroma/releases/tag/v2.10.0) syntax highlighting is now available for [Smali](https://github.com/alecthomas/chroma/pull/765), [DHCP](https://github.com/alecthomas/chroma/pull/772), [WebGPU Shading Language](https://github.com/alecthomas/chroma/pull/776), [AutoHotkey](https://github.com/alecthomas/chroma/commit/4779f9035a3aaea3ec650f0923657c12e12dd35a), [AutoIt](https://github.com/alecthomas/chroma/commit/029798b351baa9c3d0dd5ec16e87ab98486d843c), [tal (uxntal)](https://github.com/alecthomas/chroma/commit/e422a6286fdc61393deb09afd270293eb590d023), [ArangoDB Query Language (AQL)](https://github.com/alecthomas/chroma/pull/794), [BIND DNS Zone](https://github.com/alecthomas/chroma/pull/796), [Odin](https://github.com/alecthomas/chroma/pull/802), [Sourcepawn](https://github.com/alecthomas/chroma/pull/804), [CPP](https://github.com/alecthomas/chroma/pull/813), [C](https://github.com/alecthomas/chroma/pull/815). New files and extensions are associated as follows: [.tpp as a c++](https://github.com/alecthomas/chroma/pull/817), [.eex as a Elixir](https://github.com/alecthomas/chroma/pull/820), [Pipfile and poetry.lock as a TOML](https://github.com/alecthomas/chroma/pull/821), [ISCdhcpd filename](https://github.com/alecthomas/chroma/pull/822), [.twig](https://github.com/alecthomas/chroma/pull/833), [Mathematica](https://github.com/alecthomas/chroma/pull/836). + - With the go-enry upgrade from [v2.8.4](https://github.com/go-enry/go-enry/releases/tag/v2.8.4) to [v2.8.6](https://github.com/go-enry/go-enry/releases/tag/v2.8.6), language detection in the repository now includes: + - Bluespec BH: [atom-haskell/language-haskell](https://github.com/atom-haskell/language-haskell) + - D2: [terrastruct/d2-vscode](https://github.com/terrastruct/d2-vscode) + - Go Workspace: [golang/vscode-go](https://github.com/golang/vscode-go) + - Gradle Kotlin DSL: [nishtahir/language-kotlin](https://github.com/nishtahir/language-kotlin) + - Hosts File: [Alhadis/language-etc](https://github.com/Alhadis/language-etc) + - LOLCODE: [KrazIvan/LOLCODE-grammar-vscode](https://github.com/KrazIvan/LOLCODE-grammar-vscode) + - MDX: [wooorm/markdown-tm-language](https://github.com/wooorm/markdown-tm-language) + - Nasal: [BobDotCom/Nasal.tmbundle](https://github.com/BobDotCom/Nasal.tmbundle) + - Nushell: [hustcer/nu-grammar](https://github.com/hustcer/nu-grammar) + - Pact: [kadena-io/pact-atom](https://github.com/kadena-io/pact-atom) + - RBS: [soutaro/vscode-rbs-syntax](https://github.com/soutaro/vscode-rbs-syntax) + - Rez: [textmate/rez.tmbundle](https://github.com/textmate/rez.tmbundle) + - Sweave: [textmate/sweave.tmbundle](https://github.com/textmate/sweave.tmbundle) + - TL-Verilog: [adamint/tlv-vscode](https://github.com/adamint/tlv-vscode) + - Typst: [michidk/typst-grammar](https://github.com/michidk/typst-grammar) + - WDL: [broadinstitute/wdl-sublime-syntax-highlighter](https://github.com/broadinstitute/wdl-sublime-syntax-highlighter) + - WGSL: [wgsl-analyzer/wgsl-analyzer](https://github.com/wgsl-analyzer/wgsl-analyzer) + - WebAssembly Interface Type: [bytecodealliance/vscode-wit](https://github.com/bytecodealliance/vscode-wit) + - [Newly pushed branches show in the web UI with a link to create a PR](https://codeberg.org/forgejo/forgejo/commit/6375419468edc95fdfac94aac3b0e10b23743557). Read more [about the `New Pull Request` button](https://forgejo.org/docs/v1.21/user/pull-requests-and-git-flow/#create-a-pull-request). + - Labels that are no longer useful [can be archived](https://codeberg.org/forgejo/forgejo/commit/cafce3b4b5afb3f254a48e87f1516d7b5dc209b6). They can no longer be selected but they remain on existing issues. Read more [about archiving labels](https://forgejo.org/docs/v1.21/user/labels/#archiving-labels). + - The blame view now [takes into account](https://codeberg.org/forgejo/forgejo/commit/ed64f1c2b835bf9332bf8347be9675ef29c8274b) the [`.git-blame-ignore-revs`](https://git-scm.com/docs/git-config#Documentation/git-config.txt-blameignoreRevsFile) file. + - [Pre-register OAuth2 applications for git credential helpers](https://codeberg.org/forgejo/forgejo/commit/63ab92d7971e4931e98f014f2c5385d2242fa780). Read more in the git authentication section of the [user guide](https://forgejo.org/docs/v1.21/user/oauth2-provider/#git-authentication) and the [administrator guide](https://forgejo.org/docs/v1.21/admin/oauth2-provider/#git-authentication). + - Admins can be [notified via email](https://codeberg.org/forgejo/forgejo/commit/9b7bbae8c4cd5dc4d36726f10870462c8985e543) when a new user registers to help fight spam bots by setting `[admin].SEND_NOTIFICATION_EMAIL_ON_NEW_USER = true`. + - When a page display the history of changes for a file, [file rename are detected and displayed](https://codeberg.org/forgejo/forgejo/commit/ea23594cdbb12c32dc28638f65bf40e37d344e5f). + - Packages [can be configured to redirect requests to the S3 server](https://codeberg.org/forgejo/forgejo/commit/c890454769562e0ec2978e123aaf3d9a43e5ef4f) for clients that support this feature. + - When a PR contains multiple commits, it is now possible [review to each commit independently](https://codeberg.org/forgejo/forgejo/commit/55532061c83d38d33ef48bdc5eeac0f652844e8a). Read more [about selecting commits for review](https://forgejo.org/docs/v1.21/user/pull-requests-and-git-flow/#reviews). + - Issues can [be deleted in batch](https://codeberg.org/forgejo/forgejo/commit/a1c5057fe81c25dfd1777e9625eb5480c45897ea). + - An email can be associated with [an Organisations](https://codeberg.org/forgejo/forgejo/commit/6598d0291cf7dfeb00cb5e5d18faf2bf46fad596). + - The CODEOWNERS file is [interpreted to automatically set reviewers on PRs](https://codeberg.org/forgejo/forgejo/commit/3bdd48016f659c440d6e8bb57386fab7ad7b357b). The CODEOWNERS file is loaded from these paths in this order: `./CODEOWNERS`, `./docs/CODEOWNERS`. + - Issue search [were reworked entirely](https://codeberg.org/forgejo/forgejo/commit/1e76a824bcd71acd59cdfb2c4547806bc34b3d86) to fix the shortcomings of the previous implementation. + - [Allow "latest" to be used as a release tag when downloading a file](https://codeberg.org/forgejo/forgejo/commit/a7d9a70552410d797cefc87b177b33ca4a1a60c4). + - [Authentication via reverse proxy is available and disabled by default](https://codeberg.org/forgejo/forgejo/commit/e97e883ad50774f249c8c694598c25a17227299b). + - [Add API for changing avatars](https://codeberg.org/forgejo/forgejo/commit/254a82842addb1475611789107c3720e37394879). +- **User Interface:** + - [Show OpenID Connect and OAuth on the signup page](https://codeberg.org/forgejo/forgejo/commit/63b53af933d748f9b4e0f1273e3701b4c3d08ac3). + - [Show branches and tags that contain the commit being displayed](https://codeberg.org/forgejo/forgejo/commit/bd6ef718548767ff209048eb8443a067106908bf) + - [Add 'Show on a map' button to the location in the usr profile](https://codeberg.org/forgejo/forgejo/commit/d58c5425799335ea57f27461f99ddd1078e9b2de). + - [Render plaintext task list items for markdown files](https://codeberg.org/forgejo/forgejo/commit/eaea530d6bc84b23e6ff14ff8c2a74aa3b67ecd0). + - The administrators user details page [was modified](https://codeberg.org/forgejo/forgejo/commit/5b5bb8d3546e6504b689b01d3ac4897dda3aee3d). + - When mirroring a repository fails, [a `Retry` button allows to re-create it](https://codeberg.org/forgejo/forgejo/commit/865d2221c0f4b2a8623ff9299930c9bab0da2c78). + - Package cleanup [can be triggered from from administration web interface](https://codeberg.org/forgejo/forgejo/commit/0c6ae61229bce9d9ad3d359cee927464968a2dd1). + - In the page displaying the [list of branches, it is now possible to search them by name](https://codeberg.org/forgejo/forgejo/commit/47b878858ada27fc4c74eeadcc1e467d2da90e04). + - [Display all user types (including bots) org types on the administration web interface](https://codeberg.org/forgejo/forgejo/commit/198a9ca6350954a6d3327a408021fec2bc0fc805). + - [Improve opengraph previews](https://codeberg.org/forgejo/forgejo/commit/5743d7cb5bcd85c88ad7d128e0162893a074418b). + - [Render code blocks in the repository description](https://codeberg.org/forgejo/forgejo/commit/3d109861ddf95846905143b4cf39129bf253161e). + - [Add `member`, `collaborator`, `contributor`, and `first-time contributor` roles and tooltips](https://codeberg.org/forgejo/forgejo/commit/d2e4039def61d9cc9952be462216001125327270) next to the author. + - It is no longer possible to [change the run user in the installation page](https://codeberg.org/forgejo/forgejo/commit/d17a848fe275c3e8734a4dfcaf2eae8ca0dc361c). + - [Update emoji set](https://codeberg.org/forgejo/forgejo/commit/e882398c5acb99db555553acc2da89db73713710) to [Unicode 15](https://unicode.org/versions/Unicode15.0.0/). + - [Improve the image diff user interface](https://codeberg.org/forgejo/forgejo/commit/09faf43ef822ca4dbdfb2a2714ad43a782acf6e8). + - Allow [rebuilding the issue index from the cron task list in the admin panel](https://codeberg.org/forgejo/forgejo/commit/47fddaadc8b4c8d4d4359d6209b9fe06d6387a30). +- **Enhancements:** + - [Improve the privacy of the user profile settings](https://codeberg.org/forgejo/forgejo/commit/ff90c87c878b03e7beabac5f19396e0db2c25a1e). + - [Add the upload URL to the release API](https://codeberg.org/forgejo/forgejo/commit/a9ce570298d4541bc1b5598dc080d9e4541de17b). + - [Allow editing existing push mirrors from the settings page of a repository](https://codeberg.org/forgejo/forgejo/commit/ab388deb0e52c058a19dbd844bdd890f7cf84d51). + - [Add a link to the OpenID issuer URL in the WebFinger response](https://codeberg.org/forgejo/forgejo/commit/df55f9b189174767296e562389948e5250f1df73). + - [Support copy protected branches with template repositories](https://codeberg.org/forgejo/forgejo/commit/037c9895a7406b42f88991295382db18f98dbef9). + - [In the administration web interface, split the lfs size from repository size](https://codeberg.org/forgejo/forgejo/commit/4aba8a6a5ff96f0995ada7e183c7864f8f5bc05c). +- **Bug fixes:** + - [Allow empty Conan files](https://codeberg.org/forgejo/forgejo/commit/d513628db90415a27e887c3cf349309b3ad44d55). + - [Fix the incorrect route path in the user edit page. ](https://codeberg.org/forgejo/forgejo/commit/323135b97b219d7fb10557fb9d9156c6bef3ae62). + - [Add auth-required to config.json for Cargo sparse registry](https://codeberg.org/forgejo/forgejo/commit/a587d2526163153a4d992527fe6040d578beaa83). + - [Rewrite the DiffFileTreeItem and fix misalignment ](https://codeberg.org/forgejo/forgejo/commit/48c4a7e75cf2717f00c9691ca26688aa4db0a17a). + - [Do not "guess" the file encoding/BOM when using API to upload files](https://codeberg.org/forgejo/forgejo/commit/22eeede885327fca0328b7d5b153e7a6c4211ffa). +- **Security:** + - [Do not show the profile README when a repository is private](https://codeberg.org/forgejo/forgejo/commit/6a7a5ea32ab61a608b52029f778e8df76b04f489). + - A [security.txt files is provided by default](https://codeberg.org/forgejo/forgejo/pulls/1201/files) and other static files [can also be added](https://codeberg.org/forgejo/forgejo/commit/52fb9367734100847249d074e2bc17f2aa91053e). + +## 1.20.6-1 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.20/forgejo) included in the `Forgejo v1.20.6-1` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.20.6-0..v1.20.6-1 +``` + +This stable release contains a **security fix**. + +* Recommended Action + + We **strongly recommend** that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.20/admin/upgrade/) to the latest version as soon as possible. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.20/user/semver/) + + The semantic version was updated to `5.0.8+0-gitea-1.20.6` + +* Security fix + + The project page [of private users](https://forgejo.org/2023-12-release-v1-21-2-1/) is no longer publicly visible. + +* Bug fix + + * [Consider executable files as a valid case when returning a downloadURL for them](https://codeberg.org/forgejo/forgejo/issues/1825). They are just regular files with the difference being the executable permission bit being set. + +* New doctor check and fix + + * Adds a [new doctor check: fix-push-mirrors-without-git-remote](https://codeberg.org/forgejo/forgejo/pulls/1853). The new check looks for push mirrors that do not have their remotes configured in git. If automatic fixing is enabled, it will remove these push mirrors from the database. + +## 1.20.6-0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.20/forgejo) included in the `Forgejo v1.20.6-0` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.20.5-1..v1.20.6-0 +``` + +This stable release contains a **security fix**, as explained in the [v1.20.6-0 companion blog post](https://forgejo.org/2023-11-release-v1-20-6-0/). + +* Recommended Action + + We **strongly recommend** that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.20/admin/upgrade/) to the latest version as soon as possible. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.20/user/semver/) + + The semantic version was updated to `5.0.7+0-gitea-1.20.6` + +* Breaking change + + Prior to this release, a token scoped to read or write permissions on issues was allowed to access both issues and pull requests, regardless of the restrictions imposed to the team in which they belong. In a team it is possible to grant finer grained permissions, for instance to allow a user to access issues but not pull requests. These restrictions are now enforced and API calls that previously succeeded on `/api/v1/repos/{org}/{repo}/issues` or other endpoints common to both issues and pull requests could return 404. Granting the user the necessary permissions in the team in which they belong will allow them to use that endpoint again. + +* Security fix + + Additional API and web [endpoints now fail](https://forgejo.org/2023-11-release-v1-20-6-0/) when given manually crafted identifiers. + +## 1.20.5-1 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.20/forgejo) included in the `Forgejo v1.20.5-1` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.20.5-0..v1.20.5-1 +``` + +This stable release contains **critical security fixes**, as explained in the [v1.20.5-1 companion blog post](https://forgejo.org/2023-11-release-v1-20-5-1/). + +* Recommended Action + + We **strongly recommend** that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.20/admin/upgrade/) to the latest version as soon as possible. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.20/user/semver/) + + The semantic version was updated to `5.0.6+0-gitea-1.20.5` + +* Security fixes + + * API and web [endpoints now fail](https://forgejo.org/2023-11-release-v1-20-5-1/) when given manually crafted identifiers. + * When an extension is added to the URL of a user profile (e.g. `/myuser.rss`) it is now [verified to be visible](https://codeberg.org/forgejo/forgejo/commit/d7408d8b0b04afd2a3c8e23cc908e7bd3849f34d). + * `docker login` now fails with basic auth [when 2FA is enabled](https://codeberg.org/forgejo/forgejo/commit/44df78edd40076b349d50dc5fb02af417a44cfab). + +* Bug fixes + + The most prominent bug fixes are described below. Others can be found in the list of commits included in the release as described above. + + * Create the ActionTaskOutput [table for new Forgejo instances](https://codeberg.org/forgejo/forgejo/commit/c0ccd4c2d7ac586276ab65bd2dfbf4eba7e71cd6). + * [Restricted users only see repos in orgs which their team was assigned to](https://codeberg.org/forgejo/forgejo/commit/f302373eb4ea04f3b655d8f8bb27bc3ff3027276). + * Release assets are now [taken into account during a migration](https://codeberg.org/forgejo/forgejo/commit/1fd3cc32170ff9a36419083541bb2e1ad612df92) from GitLab, Forgejo or Gitea. + * When `webhook.PROXY_URL` is set, the `ALLOWED_HOST_LIST` setting is [now properly enforced](https://codeberg.org/forgejo/forgejo/commit/d6798ae0159e58b427e9ad894ca3e0ee272efdb2). + * It is now possible to access `///attachments/` [with an application token](https://codeberg.org/forgejo/forgejo/commit/f142ae18c093d4cb5ccc7eeec8beac0212e466a0) and the attachments API download URL is usable. + +## 1.20.5-0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.20/forgejo) included in the `Forgejo v1.20.5-0` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.20.4-1..v1.20.5-0 +``` + +This stable release contains an **important security fix**, as explained in the [v1.20.5-0 companion blog post](https://forgejo.org/2023-10-release-v1-20-5-0/). + +* Recommended Action + + We **strongly recommend** that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.20/admin/upgrade/) to the latest version as soon as possible. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.20/user/semver/) + + The semantic version was updated to `5.0.5+0-gitea-1.20.5` + +* Security fix + + * When a user logs into Forgejo, they can click the **Remember This Device** checkbox and their browser will store a **Long-term authentication** token provided by the server, in a cookie that will allow them to stay logged in for an extended period of time. The implementation was inherently insecure and was [reworked](https://codeberg.org/forgejo/forgejo/commit/51988ef52bc93b63184d28395d10bf3b76914ad0). Read more about this issue in the [v1.20.5-0 blog post](https://forgejo.org/2023-10-release-v1-20-5-0/). + +* Bug fixes + + The most prominent bug fixes are described below. Others can be found in the list of commits included in the release as described above. + + * [Fix the display of pull requests waiting for review](https://codeberg.org/forgejo/forgejo/commit/4b23f11864) on the `/pulls` page. It incorrectly included all reviews. + * [Fix a v1.20 regression preventing access to files with OAuth2 tokens](https://codeberg.org/forgejo/forgejo/commit/3e8c3b7c09) in private repositories. + * [Fix](https://codeberg.org/forgejo/forgejo/commit/101cfc1f82) a bug by which the `doctor` command [complains the `deleted_branch` table is missing](https://codeberg.org/forgejo/forgejo/issues/1522) although it should not. + * [Fix the release URL in webhooks](https://codeberg.org/forgejo/forgejo/commit/1b1f878204) so that `URL` points to the API URL and `HTMLURL` points to the web page. + * [Fix organization field being null in POST /orgs/{orgid}/teams](https://codeberg.org/forgejo/forgejo/commit/f8bf284794). + +## 1.20.4-1 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.20/forgejo) included in the `Forgejo v1.20.4-1` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.20.4-0..v1.20.4-1 +``` + +This stable release includes bug fixes. + +* Recommended Action + + We recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.20/admin/upgrade/) to the latest version. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.20/user/semver/) + + The semantic version was updated to `5.0.4+0-gitea-1.20.4` + +* Bug fixes + + The most prominent ones are described here, others can be found in the list of commits included in the release as described above. + + * [Fix the followers and following list that only showed the first page](https://codeberg.org/forgejo/forgejo/commit/c041114a20fcaaf0931da81dcb542a930e8f9c5f) + * [Fix issue templates preventing the creation of any new issues when blank issues are not authorized](https://codeberg.org/forgejo/forgejo/commit/64a418dfc778665f56cb20d678f3c10dbb62ddca) (regression introduced in v1.20.4-0) + +## 1.20.4-0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.20/forgejo) included in the `Forgejo v1.20.4-0` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.20.3-0..v1.20.4-0 +``` + +This stable release includes bug fixes and two features. + +* Recommended Action + + We recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.20/admin/upgrade/) to the latest version. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.20/user/semver/) + + The semantic version was updated to `5.0.3+0-gitea-1.20.4` + +* Features + + * [Log slow SQL queries](https://codeberg.org/forgejo/forgejo/commit/fa25b9eec63c073e16f4595459880e4ee8797913) to help identify bottlenecks on large Forgejo instances + * [Add `branch_filter` to hooks API endpoints](https://codeberg.org/forgejo/forgejo/commit/19a49e763a013dec4c3fcf3e9e2be89c7009bb3b) + +* Bug fixes + + The most prominent ones are described here, others can be found in the list of commits included in the release as described above. + + * [Ignore the trailing slashes when comparing oauth2 redirect_uri](https://codeberg.org/forgejo/forgejo/commit/2f6d011503a35a1eede96f5a13b2a9868c06b3ae) + * [Fix the reopen logic for agit flow pull request](https://codeberg.org/forgejo/forgejo/commit/5abca17b644ded3c3ab8869db1d34f9bd678f18e) + * [Fix the missing display of user projects](https://codeberg.org/forgejo/forgejo/commit/ef46b01168e251fad92ed46102b5faad75a5bcb1) + * [Fix](https://codeberg.org/forgejo/forgejo/commit/08762875d7362ee207bbd320123cbb0ad4cf70d2) issue templates [that failed to save checkboxes](https://codeberg.org/forgejo/forgejo/pulls/1317) + * [Fix accessibility issues preventing focus and selection](https://codeberg.org/forgejo/forgejo/commit/66016b3fe3a9646e5d9c8b4c2d88b1da7a908ccf) + * [Fix being unable to use a repo that prohibits accepting PRs as a PR source](https://codeberg.org/forgejo/forgejo/commit/1d228e6ee93525bd630c4a915febd98d159f1824) + * [Forgejo doctor database fix](https://codeberg.org/forgejo/forgejo/commit/0b1175f21b403ff59c0c3f7a759de8d0fe13bee8) to repair a condition preventing the owner of an organization from creating a repository + * [Fix dashboard filters having no effect](https://codeberg.org/forgejo/forgejo/commit/a6c2201dd41706a000ca96bdcd3e89df96e342fd) + * [Also check the email blocklists when adding new emails to existing accounts](https://codeberg.org/forgejo/forgejo/commit/d5845521a842418ae8f6dfcad8368ba2a6035f54) + * [Sync tags when adopting repos](https://codeberg.org/forgejo/forgejo/commit/6b5ef0fad754a863eb7d91eefa8301dd9a5a84b5) + * [Fix an error when pushing a new branch and there is a requirement that all commits are signed](https://codeberg.org/forgejo/forgejo/commit/193e04c43b556e0a25c260149429945ba2164efa) + +## 1.20.3-0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.20/forgejo) included in the `Forgejo v1.20.3-0` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.20.2-0..v1.20.3-0 +``` + +This stable release includes bug fixes and a safeguard against a +regression that may lead to data loss. The `[storage*]` sections in the +`app.ini` file may cause the files for some subsystems - Attachments, +LFS, Avatars, Repository avatars, Repository archives, Packages - to +be merged together or misplaced. The safeguard detects this situation +and Forgejo will not start to prevent data loss. If your instance is in +this situation, [follow the instructions in the companion blog post](https://forgejo.org/2023-08-release-v1-20-3-0/). + +* Recommended Action + + We recommend that all Forgejo installations are upgraded to the latest version. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.20/user/semver/) + + The semantic version was updated to `5.0.2+0-gitea-1.20.3` + +* Breaking changes + + * [Fix some bugs in how the storage sections are interpreted](https://codeberg.org/forgejo/forgejo/commit/815682c88) in the `app.ini` file. Read more about this issue in the [v1.20.3-0 blog post](https://forgejo.org/2023-08-release-v1-20-3-0/) + * [Add sanity checks](https://codeberg.org/forgejo/forgejo/commit/ee0e4848e) to detect an `app.ini` configuration that [needs manual fixing to preserve storage](https://forgejo.org/2023-08-release-v1-20-3-0/) + +* Bug fixes + + The most prominent ones are described here, others can be found in the list of commits included in the release as described above. + + * [Fix links to pull request reviews sent via mail](https://codeberg.org/forgejo/forgejo/commit/88e179d5ef8ee41f71d068195685ff098b38ca31). The pull request link was correct but it did not go the the review and stayed at the beginning of the page + * [Recognize OGG as an audio format](https://codeberg.org/forgejo/forgejo/commit/622ec5c79f299c32ac2667a1aa7b4bf5d7c2d6cf) + * [Consistently show the last time a cron job was run in the admin panel](https://codeberg.org/forgejo/forgejo/commit/5f769ef20) + * [Fix NuGet registry v2 & v3 API search endpoints](https://codeberg.org/forgejo/forgejo/commit/471138829b0c24fe8c621dbb866ae8bb45ebc674) + * [Allow html code to be parsed in markdown files](https://codeberg.org/forgejo/forgejo/commit/e7d0475e1) + * [Fix incorrect color of the selected assignees when creating an issue](https://codeberg.org/forgejo/forgejo/commit/c7d7490b2) + * [Add missing MinIO region on client initialization](https://codeberg.org/forgejo/forgejo/commit/927cbe62b) + * [Add pull request review request webhook event](https://codeberg.org/forgejo/forgejo/commit/99c8dab9d) + * [Fix bad url in the wiki due to incorrect unescaping](https://codeberg.org/forgejo/forgejo/commit/e0f6956a4) + * [Fix the sort menu that was broken when displaying a custom profile from the `.profile` repository](https://codeberg.org/forgejo/forgejo/commit/fa92a6a4c) + * [Workaround](https://codeberg.org/forgejo/forgejo/commit/3d211dea2) MariaDB [performance issue on large Forgejo instances](https://codeberg.org/forgejo/forgejo/issues/1161) + * [Display human-readable text](https://codeberg.org/forgejo/forgejo/commit/2729bb3c6) instead of [numerical file modes](https://en.wikipedia.org/wiki/File-system_permissions#Numeric_notation) + * [The CLI exit code now is different from zero when an error occurs](https://codeberg.org/forgejo/forgejo/commit/089af9ab1) + * [Fix error when a Debian package has a double newline character at the end of the control block](https://codeberg.org/forgejo/forgejo/commit/dd7180846) + * [Fix a condition that would cause git related tasks to hang for longer than necessary in the queues and use too many resources as a result](https://codeberg.org/forgejo/forgejo/commit/36f8fbe1b) + * [Fix the topic validation rule and support dots](https://codeberg.org/forgejo/forgejo/commit/a578b75d7) + * [Fix pull request check list when there are more than 30](https://codeberg.org/forgejo/forgejo/commit/e226b9646) + * [Fix attachment clipboard copy on insecure origin](https://codeberg.org/forgejo/forgejo/commit/12ac84c26) + * [Fix the profile README rendering](https://codeberg.org/forgejo/forgejo/commit/84c3b60a4) that [was inconsistent with other markdown files renderings](https://codeberg.org/forgejo/forgejo/issues/833) + * [Fix API leaking the user email when the caller is not authentified](https://codeberg.org/forgejo/forgejo/commit/d89003cc1) + +## 1.20.2-0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.20/forgejo) included in the `Forgejo v1.20.2-0` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.20.1-0..v1.20.2-0 +``` + +This stable release includes bug fixes and displays [warnings in the administration panel](https://codeberg.org/forgejo/forgejo/commit/28f4029e40) when deprecated entries are found in `app.ini`. + +* Recommended Action + + We recommend that all Forgejo installations are upgraded to the latest version. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.20/user/semver/) + + The semantic version was updated to `5.0.1+0-gitea-1.20.2` + +* Bug fixes + + The most prominent ones are described here, others can be found in the list of commits included in the release as described above. + + * [Add missing assets to the Forgejo sources tarball](https://codeberg.org/forgejo/forgejo/commit/e14d239005) + * [Fix user type selection error when creating a user](https://codeberg.org/forgejo/forgejo/commit/268569b462) and selecting `public` or `private`. + * [Fix access check for org-level project](https://codeberg.org/forgejo/forgejo/commit/5afb0294f4) + * [Warn instead of reporting an error when a webhook cannot be found](https://codeberg.org/forgejo/forgejo/commit/4c3dcdf815) + * [Set MAX_WORKERS](https://codeberg.org/forgejo/forgejo/commit/5a4b19435d) to a value lower than 10 if the number of available CPUs is low to avoid overloading the host. + * [Fix bug when pushing to a pull request which enabled dismiss approval automatically](https://codeberg.org/forgejo/forgejo/commit/4640c53386) + * [Fix handling of plenty Nuget package versions](https://codeberg.org/forgejo/forgejo/commit/7bb8526736) + * [Update email-setup.en-us.md](https://codeberg.org/forgejo/forgejo/commit/31f2ce3998) + * [Fix bugs](https://codeberg.org/forgejo/forgejo/commit/9654d71bb2) in [LFS meta garbage collection](https://codeberg.org/forgejo/forgejo/issues/1113) + * [Fix UI regression of asciinema player](https://codeberg.org/forgejo/forgejo/commit/f3c26de1f4) + * [Fix LFS object list style](https://codeberg.org/forgejo/forgejo/commit/f20cfc291c) + * [Fix CLI allowing creation of multiple user access tokens with the same name](https://codeberg.org/forgejo/forgejo/commit/b699e1d340) + * [Fix](https://codeberg.org/forgejo/forgejo/commit/f4a8f10f64) router logger [preventing separating the logs in different files](https://codeberg.org/forgejo/forgejo/issues/1123). + * [added ssh mirror workaround description](https://codeberg.org/forgejo/forgejo/commit/d9d38b6244) + * [Fix wrong workflow status when rerun a job in an already finished workflow](https://codeberg.org/forgejo/forgejo/commit/e2101ae572) + * [Fix escape problems in the branch selector](https://codeberg.org/forgejo/forgejo/commit/9fae415030) + * [Fix handling of Debian files with trailing slash](https://codeberg.org/forgejo/forgejo/commit/4be3270e87) + * [fix Missing 404 swagger response docs for /admin/users/{username}](https://codeberg.org/forgejo/forgejo/commit/1cd4d4b00e) + * [Use stderr as fallback if the log file can't be opened](https://codeberg.org/forgejo/forgejo/commit/942d02f8e9) + +## 1.20.1-0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.20/forgejo) included in the `Forgejo v1.20.1-0` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges origin/v1.19/forgejo..origin/v1.20/forgejo +``` + +- **[Forgejo Semantic Version](https://forgejo.org/docs/v1.20/user/semver/):** + The semantic version was updated to `5.0.0+0-gitea-1.20.1` because it contains breaking changes. +- **Breaking:** + - [Scoped access tokens](https://codeberg.org/forgejo/forgejo/commit/18de83b2a3fc120922096b7348d6375094ae1532) or (Personal Access Tokens), were refactored and although existing tokens are still valid, they may have a different scope than before. To ensure that no tokens have a larger scope than expected they must be removed and recreated. + - If your `app.ini` has one of the the following `[indexer].ISSUE_INDEXER_QUEUE_TYPE`, `[indexer].ISSUE_INDEXER_QUEUE_BATCH_NUMBER`, `[indexer].`, `[indexer].ISSUE_INDEXER_QUEUE_DIR`, `[indexer].ISSUE_INDEXER_QUEUE_CONN_STR`, `[indexer].UPDATE_BUFFER_LEN`, `[mailer].SEND_BUFFER_LEN`, `[repository].PULL_REQUEST_QUEUE_LENGTH` or `[repository].MIRROR_QUEUE_LENGTH`, Forgejo will abort immediately. Unless you know exactly what you're doing, you must comment them out so the default values are used. + - The `-p` option of `environment-to-ini` is [no longer supported](https://codeberg.org/forgejo/forgejo/commit/fa0b5b14c2faa6a5f76bb2e7bc9241a5e4354189) + - The ".png" suffix for [user and organizations is now reserved](https://codeberg.org/forgejo/forgejo/commit/2b91841cd3e1213ff3e4ed4209d6a4be89c2fa79) + - The section `[git.reflog]` is [now obsolete and its keys have been moved](https://codeberg.org/forgejo/forgejo/commit/2f149c5c9db97f20fbbc65e32d1f3133048b11a2) to the following replacements: + * `[git.reflog].ENABLED` → `[git.config].core.logAllRefUpdates` + * `[git.reflog].EXPIRATION` → `[git.config].gc.reflogExpire` + - The [logger](https://codeberg.org/forgejo/forgejo/commit/4647660776436f0a83129b4ceb8426b1fb0599bb) used to display Forgejo's was refactored and has new settings, different from the previous one found at `log..` in `app.ini`. Check the [documentation](https://forgejo.org/docs/v1.20/admin/config-cheat-sheet/#log-log) and `app.example.ini` for more information. The SMTP logger was removed. + - Forgejo will refuse to start if [the refactored path & config system](https://codeberg.org/forgejo/forgejo/commit/061b68e99) does not pass sanity checks (e.g. WORK_PATH must be absolute). + - Manually set [WORK_PATH](https://forgejo.org/docs/v1.20/admin/config-cheat-sheet/#overall-default) in `app.ini`. + If the `app.ini` file is writable by the user under which the Forgejo server runs and `WORK_PATH` is not set, + the server will add it. Otherwise it will log an error starting with `Unable to update WORK_PATH`. + One of the consequences of not setting `WORK_PATH` in `app.ini` is that pushing to a repository via ssh is + [likely to fail as explained in the corresponding bug report](https://codeberg.org/forgejo/forgejo/issues/1118). + Read the technical details in the [commit that implements the WORK_PATH change](https://codeberg.org/forgejo/forgejo/commit/061b68e99). + - The user profile can be customized with [a Markdown file](https://codeberg.org/forgejo/forgejo/commit/c090f87a8db5b51e0aa9c7278b38ddc862c048ac). + The profile page of a user is rendered using the `README.md` file of the `.profile` repository, if it exists. It is a + breaking change because **it will display the .profile/README.md of a pre-existing repository, private or not**. + - The [API endpoint pagination](https://codeberg.org/forgejo/forgejo/commit/0a3c4d4a595cc7e12462dde393ed64186260f26b) for team members was fixed: it now starts at 1 instead of 0, just like all other paginated API endpoints. + - The `SSH_KEYGEN_PATH` variable in `app.ini` now defaults to using the [Go SSH key parsing instead of the `ssh-keygen` binary](https://codeberg.org/forgejo/forgejo/commit/7a8a4f54321f208ebbb0f708a5f0e49c4cd4cc04). When `START_SSH_SERVER` is true, the decision to use the Go SSH key parsing or an external binary will now depend on the value of `SSH_KEYGEN_PATH` instead of always using the Go SSH key parsing. + - The storage settings were [refactored](https://codeberg.org/forgejo/forgejo/commit/d6dd6d641b593c54fe1a1041c153111ce81dbc20). Read more about [storage settings](https://forgejo.org/docs/v1.20/admin/storage/). + - [The [repository.editor] PREVIEWABLE_FILE_MODES setting was removed](https://codeberg.org/forgejo/forgejo/commit/84daddc2fa74393cdc13371b0cc44f0444cfdae0). This setting served no practical purpose and was not working correctly. Instead a preview tab is always shown in the file editor when supported. + - In addition to the already deprecated options inside [queue], many options have been dropped as well. Those are WRAP_IF_NECESSARY, MAX_ATTEMPTS, TIMEOUT, WORKERS, BLOCK_TIMEOUT, BOOST_TIMEOUT, BOOST_WORKERS. You can remove them from your app.ini now. Additionally, some default values have changed in this section. + - The default CSS and templates included in Forgejo were heavily refactored and a large number of variables renamed. These changes are not documented and there is a very high chance that a template extracted and modified for a particular Forgejo instance will no longer work as it did. Browsing through the git history of the template in the sources is the best way to figure out how and why it was modified. +- **Moderation:** + Blocking another user is desirable if they are acting maliciously or are spamming your repository. When you block a user, Forgejo does not explicitly notify them, but they may learn through an interaction with you that is blocked. [Read more about blocking users](https://forgejo.org/docs/v1.20/user/blocking-user/). +- **Package:** + New registries are available for [SWIFT](https://forgejo.org/docs/v1.20/user/packages/swift), [debian](https://forgejo.org/docs/v1.20/user/packages/debian), [RPM](https://forgejo.org/docs/v1.20/user/packages/rpm), [alpine](https://forgejo.org/docs/v1.20/user/packages/alpine), [Go](https://forgejo.org/docs/v1.20/user/packages/go) and [CRAN](https://forgejo.org/docs/v1.20/user/packages/cran). +- **Accessibility:** + numerous improvements for [issue comments](https://codeberg.org/forgejo/forgejo/commit/6c354546547cd3a9595a7db119a6480d9cd506a7), [the menu on the navbar](https://codeberg.org/forgejo/forgejo/commit/a78e0b7dade16bc6509b943fe86e74962f1b95b6), [scoped labels](https://codeberg.org/forgejo/forgejo/commit/e8935606f5f1fff3c59222ebca6d4615ab06fb0b), [checkboxes and dropdowns](https://codeberg.org/forgejo/forgejo/commit/d4f35bd681af0632da988e15306f330e020422b2), [RTL rendering support to Markdown](https://codeberg.org/forgejo/forgejo/commit/32d9c47ec7706d8f06e09b42e09a28d7a0e3c526), [file (re-)views](https://codeberg.org/forgejo/forgejo/commit/e95b42e187cde9ac4bd541cd714bdb4f5c1fd8bc), [interactive tooltips](https://codeberg.org/forgejo/forgejo/commit/87f0f7e670c6c0e6aeab8c4458bfdb9d954eacec), [using a button element](https://codeberg.org/forgejo/forgejo/commit/81fe5d61851c0e586af7d32c29171ceff9a571bb), [repository list](https://codeberg.org/forgejo/forgejo/commit/e82f1b15c7120ad13fd3b67cf7e2c6cb9915c22d) and more. +- **Time:** + The display and localization of time was improved for [tooltips](https://codeberg.org/forgejo/forgejo/commit/b7b58348317cbe0145dc453d45c886b8e2764b4c), [milestones](https://codeberg.org/forgejo/forgejo/commit/97176754beb4de23fa0f68df715c4737919c93b0), [due date and translations that contain dates](https://codeberg.org/forgejo/forgejo/commit/70bb4984cdad9a15d676708bd345b590aa42d72a), [commit graphs](https://codeberg.org/forgejo/forgejo/commit/5bc9f7fcf9aece92c3fa2a0ea56e5585261a7f28), [runners](https://codeberg.org/forgejo/forgejo/commit/62ca5825f73ad5a25ffeb6c3ef66f0eaf5d30cdf), [webhooks](https://codeberg.org/forgejo/forgejo/commit/dbb37367854d108ebfffcac27837c0afac199a8e), [tests](https://codeberg.org/forgejo/forgejo/commit/3d266dd0f3dbae7e417c0e790e266aebc0078814) and more. Previously each rendered timestamp would be static, now the real time since an event happened is show. If a comment was added 2 minutes before the page rendered it would show as "2 minutes ago" on the initial render and if another 8 minutes have passed, without a page refresh you'd see "10 minutes ago". +- **[Wiki](https://forgejo.org/docs/v1.20/user/wiki/)** + - Improve the [display of the table of content](https://codeberg.org/forgejo/forgejo/commit/1ab16e48cccc086e7f97fb3ae8a293fe47a3a452) + - Fixed a bug [preventing team users who have wiki write permission from deleting a page](https://codeberg.org/forgejo/forgejo/commit/284b41f45244bbe46fc8feee15bbfdf66d150e79) + - [Shows the External Link icon and URL in the header](https://codeberg.org/forgejo/forgejo/commit/d347208114966166ffa9655adc5b202676546c31) to indicate that the user will be sent to an external side to help prevent fishing + - Allow dash in [titles](https://codeberg.org/forgejo/forgejo/commit/b39a5bbbd610ba30651218658caaec1c86d6bca1) +- **[Actions](https://forgejo.org/docs/v1.20/user/actions/)** + - The internal CI graduated from **experimental** to **[alpha](https://en.wikipedia.org/wiki/Software_release_life_cycle#Alpha)**. It now has with a [user](https://forgejo.org/docs/v1.20/user/actions) documentation that includes examples and an extensive [administrator](https://forgejo.org/docs/v1.20/admin/actions) guide to set it up. + - [Forgejo Actions](https://forgejo.org/docs/v1.20/user/actions/) workflows are [now available](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/.forgejo/workflows) to run tests and publish releases for `Forgejo` itself. + - The Woodpecker CI configuration for PR verification and building releases for Forgejo v1.18 and v1.19 is no longer maintained as part of Forgejo itself and was moved to its [own repository](https://codeberg.org/forgejo-contrib/forgejo-ci-woodpecker). +- **[Templates](https://forgejo.org/docs/v1.20/user/issue-pull-request-templates/)** + - [Configuration for the issue templates](https://codeberg.org/forgejo/forgejo/commit/f384b13f1cd44be3a87df5553a0099390dacd010). [Read more about issue config](https://forgejo.org/docs/v1.20/user/issue-pull-request-templates/#syntax-for-issue-config) in the documentation. + - [Add validations.required check to the dropdown field](https://codeberg.org/forgejo/forgejo/commit/5c0745c0349f0709d0fc36fd8a97dcab86bce28a) + - [Issue template support markdown edition](https://codeberg.org/forgejo/forgejo/commit/c4303efc23ea19f16ee826809f43888ee4583ebb) + - [Use a general Eval function for expressions in templates](https://codeberg.org/forgejo/forgejo/commit/5b89670a318e52e271f65d96bfe1116d85d20988) + - [reload-templates CLI](https://codeberg.org/forgejo/forgejo/commit/3588edbb08f93aaa56defa82dffdbb202cd9aa4a) +- **User Interface and User eXperience** + - The web editor used when creating issues, adding comments, etc. [changed](https://codeberg.org/forgejo/forgejo/commit/5cc0801de90d16b4d528e62de11c9b525be5d122) from [EasyMDE](https://github.com/Ionaru/easy-markdown-editor) which was no longer actively maintained to [GitHub markdown](https://github.com/github/markdown-toolbar-element). To help with the transition it is still possible to switch back to using EasyMDE using the double arrow button in the menubar. + - [Improve wiki sidebar and TOC](https://codeberg.org/forgejo/forgejo/commit/51789ba12) + - [Show outdated comments in the files changed tab of a pull request review](https://codeberg.org/forgejo/forgejo/commit/30a783879) + - [Redirect to package after version deletion](https://codeberg.org/forgejo/forgejo/commit/c27a3af72) + - Use a [separate admin page to show stats](https://codeberg.org/forgejo/forgejo/commit/520eb57d7642a5fca3df319e5b5d1c7c9018087c) + - [Improve avatar compression and resizing](https://codeberg.org/forgejo/forgejo/commit/82224c54e0488738dbd3b7eccf56ab08b6790627) + - [Add button to compare force pushed commits in pull requests](https://codeberg.org/forgejo/forgejo/commit/545495dcb0a4cb9d820132dde4f1127f7fe91aa4) + - [When creating a new file in a repository via the web user interface allow for a path to be pasted](https://codeberg.org/forgejo/forgejo/commit/7f9d58fab8a3c4fd1a8f18d58e36fbfab7b30f33) + - [Allows "video" HTML tag to be used in MarkDown, with the src, autoplay, and controls attributes](https://codeberg.org/forgejo/forgejo/commit/de6c718b46ebd3b7f6362c766eed328044d95ec7) + - [Add "Reviewed by you" filter for pull requests](https://codeberg.org/forgejo/forgejo/commit/10cdcb9ea8077098921d72720f9f36fcfd950452) + - [Make Ctrl+Enter submit a pending comment (starting review) instead of submitting a single comment](https://codeberg.org/forgejo/forgejo/commit/188c8c12c290e131fb342e3203634828652b0af5) + - If an instance chooses to disable new pull or push mirrors or mirrors entirely, an appropriate message will [now be shown to the user in the Repository Settings](https://codeberg.org/forgejo/forgejo/commit/35ce7ca25b5756441949312d79aa6382f98ce8d6) + - [Change `Close` to either `Close issue` or `Close pull request`](https://codeberg.org/forgejo/forgejo/commit/39d3711f3036db42d7ddf73dbdb125be611bcbba) + - [Make Issue/PR/projects more compact](https://codeberg.org/forgejo/forgejo/commit/4a722c9a45659e7732258397bbb3dd1039ea1952) + - [Improve RSS user interface](https://codeberg.org/forgejo/forgejo/commit/59d060622d375c4123ea88e2fa6c4f34d4fea4d3) + - [Add details summary for vertical menus in settings to allow toggling](https://codeberg.org/forgejo/forgejo/commit/58536093b3112841bc69edb542189893b57e7a47) + - [Show visibility status of email in own profile](https://codeberg.org/forgejo/forgejo/commit/5e1bd8af5f16f9db88cfeb5b80bdf731435cacfb) + - [Improve the protected branch setting page](https://codeberg.org/forgejo/forgejo/commit/72e956b79a3b2e055bb5d4d5e20e88eaa2eeec96) + - [Improve the display of the pull request branch delete button](https://codeberg.org/forgejo/forgejo/commit/774d1a0fbdadd1136b6af895f8d449b0c8db54cb) + - [Fix the color for repository transfer related buttons when having no permission to act](https://codeberg.org/forgejo/forgejo/commit/7abe958f5b507efa676fb3b2e27d30517f6d1908) + - [Add a progressbar to Milestone Page](https://codeberg.org/forgejo/forgejo/commit/7d192cb674bc475b123c84b205aca821247c5dd1) + - [Nicer display when the list of notifications is empty](https://codeberg.org/forgejo/forgejo/commit/8251b317f7b7a2b5f626a02fa3bb540a1495e81d) + - [Rename board to column in projects](https://codeberg.org/forgejo/forgejo/commit/843f81113ebe71fd725210c5a382268333865cc7) + - [Improve header bar on issue, pull requests and milestone](https://codeberg.org/forgejo/forgejo/commit/8f4dafcd4e6b0b5d307c3e060ffe908c2a96f047) + - [Add organization visibility label when displayed on the dashboard](https://codeberg.org/forgejo/forgejo/commit/97b70a0cd40e8f73cdf6ba4397087b45061de3d8) + - [Unification of registration fields order](https://codeberg.org/forgejo/forgejo/commit/b9fad73e9fcf40e81cde3304198105af6c668421) + - [Append `(comment)` when a link points at a comment rather than the whole issue](https://codeberg.org/forgejo/forgejo/commit/ca905b82df7f1d2a823d8df4448d485e5902876d) + - [Add visibility (private, limited) in the dashboard navbar](https://codeberg.org/forgejo/forgejo/commit/d949d8e074407a96dbcfa98a71ccd80527b5ad78) + - [Show all activities in the dashboard, not just the most recent ones](https://codeberg.org/forgejo/forgejo/commit/f4920c9c7f5947d3b6476610f39bc3492ab4ef3b) + - [Do not display the stars in the repository list of the dashboard](https://codeberg.org/forgejo/forgejo/commit/06c067bb0f9eeb8873ddc298819b30fc5913943f) + - [Improve the display of tags to include the tag message](https://codeberg.org/forgejo/forgejo/commit/b78c955958301dde72d8caf189531f6e53c496b4) + - [Hide the target selector if a tag exists when creating a new release](https://codeberg.org/forgejo/forgejo/commit/3de9e63fd04d61e08fcbdec035c9f138347d9f37) + - [Show the calculated commit status state of the latest commit on the default branch for each repository in the dashboard repository list](https://codeberg.org/forgejo/forgejo/commit/4810fe55e3e73edb962052df46bef125eb1817b3) + - [Sort users and orgs on the explore page by recency](https://codeberg.org/forgejo/forgejo/commit/4daf40505a5f89747982ddd2f1df2a4001720846) + - [Show the number of repositories in the user or organization profile](https://codeberg.org/forgejo/forgejo/commit/52b17bfa07fea29441cd961da4edaf1ea97fe348) + - [Review management (requesting again and discard) now happens at the top of the pull request](https://codeberg.org/forgejo/forgejo/commit/a70d853d064a97f0be1d3702a9c3912494b546ec) + - [Add markdown preview when submitting a review](https://codeberg.org/forgejo/forgejo/commit/b5c26fa825e08122843ad6d27191d399a9af1c37) + - [Support no label/assignee filter and batch clearing labels/assignees](https://codeberg.org/forgejo/forgejo/commit/b807d2f6205bf1ba60d3a543e8e1a16f7be956df) + - [Display when a repo was archived](https://codeberg.org/forgejo/forgejo/commit/c41bc4f1279c9e1e6e11d7b5fcfe7ef089fc7577) + - [Improve squash merge commit author and co-author with private emails](https://codeberg.org/forgejo/forgejo/commit/d647e74502fdf734c89b3e6592a9ad88c3005971) + - [Allow adding new files to an empty repo](https://codeberg.org/forgejo/forgejo/commit/e422342eebc18034ef586ec58f1e2fff0340091d) + - [Move `Rename branch` from repo settings page to the page of branches list](https://codeberg.org/forgejo/forgejo/commit/e8173c2c33f1dd5b0a2c044255434d414cab62d2) + - [Add "Updated" column for admin repositories list](https://codeberg.org/forgejo/forgejo/commit/94d6b5b09d49b2622c2164a03cfae45dced96c74) + - [Hide the merge box of a pull request if it is merged and the branch was deleted](https://codeberg.org/forgejo/forgejo/commit/e9b39250b285f1b9cbf9739f33c06fc57401f314) + - [The repository migration can be canceled](https://codeberg.org/forgejo/forgejo/commit/f6e029e6c7849d4361abf7f1d749b5d528364ac4) + - [Add button on the diff header to copy the file name](https://codeberg.org/forgejo/forgejo/commit/c5ede35124c8d5280219c24049bb0ad7da9f02ed) + - [Add --quiet option to the dump CLI](https://codeberg.org/forgejo/forgejo/commit/cb1536471bcef4d78a3fe5cbd738b9f60fabbcc2) + - [Support searching for an issue with its number in the the list of issues](https://codeberg.org/forgejo/forgejo/commit/1144b1d129de530b2c07dfdfaf55de383cd82212) + - [Improve the list of notifications](https://codeberg.org/forgejo/forgejo/commit/f7ede92f82f7f3ec7bb31a1249f9524e5b728f34) + - [When editing a file in the web UI, allow for a preview whenever possible](https://codeberg.org/forgejo/forgejo/commit/ac64c8297444ade63a2a364c4afb7e6c1de5a75f) + - [Make release download URLs human readable](https://codeberg.org/forgejo/forgejo/commit/42919ccb7cd32ab67d0878baf2bac6cd007899a8) + - [Add a tooltip to `Publish Review` explaining why they are disabled](https://codeberg.org/forgejo/forgejo/commit/a8c30a45fa49a3a551b1dca882960008c254bb3d) + - [Show the file tree view by default when browsing the changes in a pull request](https://codeberg.org/forgejo/forgejo/commit/72eedfb91584720da774909d3f078b7d515c9fdd) + - [Allow both fullname search in the author dropdown search of the issue list when `DEFAULT_SHOW_FULL_NAME` is true](https://codeberg.org/forgejo/forgejo/commit/661e78bed5c0879c32c53eb60f3d6898b93e1f08) +- **Performance** + - [Improve performances when listing issues](https://codeberg.org/forgejo/forgejo/commit/9bbb4d8d6) + - [Speedup loading the list of authors in the dropdown of the list of issues](https://codeberg.org/forgejo/forgejo/commit/6eb678374b583079a0a08b7ed0c9ca220c0c0434) + - [Use minio/sha256-simd for accelerated SHA256](https://codeberg.org/forgejo/forgejo/commit/1319ba6742a8562453646763adad22379674bab5) + - [Speed up HasUserStopwatch & GetActiveStopwatch](https://codeberg.org/forgejo/forgejo/commit/ef4fc302468cc8a9fd8f65c4ebdc6f55138450d1) + - [Do not create commit graph for temporary repos](https://codeberg.org/forgejo/forgejo/commit/0268ee5c37b8ad733678f02bc15ec8642da62c10) + - [Faster git.GetDivergingCommits](https://codeberg.org/forgejo/forgejo/commit/75ea0d5dba5dbf2f84cef2d12460fdd566d43e62) + - [Order pull request conflict checking by recently updated, for each push](https://codeberg.org/forgejo/forgejo/commit/df48af22296ccce8e9bd18e5d35c9a3cdf5acb0f) + - [MySQL integration tests](https://codeberg.org/forgejo/forgejo/commit/49f68518c2a2bd36ca0106045bd84de01dec4b61) run twice faster low end machines and use an order of magnitude less disk I/O +- **Authentication** + - [Add ntlm authentication support for mail](https://codeberg.org/forgejo/forgejo/commit/8be6da3e2fd0b685aeb6b9e7fd9dee5a4571163a) + - [LDAP filters include both username and email address](https://codeberg.org/forgejo/forgejo/commit/b8c19e7a11525da4174b6f80f87ff3e844d03d8a) + - [Allow for PKCE flow without client secret](https://codeberg.org/forgejo/forgejo/commit/7d855efb1fe6b97c5d87492f67ed6aefd31b2474) + - [Add the ability to set multiple redirect URIs in the OAuth application UI](https://codeberg.org/forgejo/forgejo/commit/ca35dec18b3d3d7dd5cde4c69a10ae830961faf7) +- **Refactor:** + Many essential sub-systems were refactored: the [queue system](https://codeberg.org/forgejo/forgejo/commit/6f9c278559789066aa831c1df25b0d866103d02d) that handles background tasks such as checking pull requests, [pull mirror](https://codeberg.org/forgejo/forgejo/commit/99283415bcbaa8acfe4d249ce3040de2f3a8b006), [git internal API](https://codeberg.org/forgejo/forgejo/commit/f4538791f5fc82b173608fcf9c30e36ec01dc9d3), [routes](https://codeberg.org/forgejo/forgejo/commit/92fd3fc4fd369b6a8c0a022a32a80dec2340223a) and [web routes](https://codeberg.org/forgejo/forgejo/commit/b9a97ccd0ea1ee44db85b0fbb80b75255af7c742), [merge & update logic](https://codeberg.org/forgejo/forgejo/commit/8598356df1eb21b6e33ecb9f9268ba36c5488e7c) and [git command calls](https://codeberg.org/forgejo/forgejo/commit/542cec98f8c07e0f046a35f1d516807416536e74), [listing commits](https://codeberg.org/forgejo/forgejo/commit/ec261b63e14f84da3e2d9a6e27c8b831a7750677), [cookie](https://codeberg.org/forgejo/forgejo/commit/5b9557aef59b190c55de9ea218bf51152bc04786), [issue stats](https://codeberg.org/forgejo/forgejo/commit/38cf43d0606c13c38f459659f38e26cf31dceccb), [renaming users and organizations](https://codeberg.org/forgejo/forgejo/commit/c59a057297c782f44a81a3e630b5094a58099edb), [app.ini handling](https://codeberg.org/forgejo/forgejo/commit/de4a21fcb4476772c69c36d086549e89ed4dcf6c), [diffFileInfo / DiffTreeStore](https://codeberg.org/forgejo/forgejo/commit/ee99cf6313ba565523b3c43f61ffda4b71e2c39b).... In theory these changes are transparent to the Forgejo user and admin but the risk of subtle regressions is real: do not hesitate to [reach out](https://codeberg.org/forgejo/forgejo/issues) if you suspect anything. +- **RSS** + - [Support "." char as user name for User/Orgs in RSS/ATOM/GPG/KEYS](https://codeberg.org/forgejo/forgejo/commit/88033438aa8214569913899a17b19b57bd609d97) + - [Add RSS Feeds for branches and files](https://codeberg.org/forgejo/forgejo/commit/56d4893b2a996da6388801c9c8ff16b9b588ad55) +- **API** + - [Add admin API for email](https://codeberg.org/forgejo/forgejo/commit/d56bb7420184c0c2f451f4bcaa96c9b3b00c393d) + - [Add admin API to rename a user](https://codeberg.org/forgejo/forgejo/commit/03591f0f95823a0b1dcca969d2a3ed505c7e6d73) + - [Add login name and source id to admin user searching API](https://codeberg.org/forgejo/forgejo/commit/6f9cc617fcc42477dec5ccab83d06f0a96544403) + - [Add missing units to create and edit repo API](https://codeberg.org/forgejo/forgejo/commit/574d8fe6d6675c8aa05e2b75fdbc01c009efd8be) + - [Add API to manage issue dependencies](https://codeberg.org/forgejo/forgejo/commit/3cab9c6b0c050bfcb9f2f067e7dc1b0242875254) + - [Add API for activity feeds](https://codeberg.org/forgejo/forgejo/commit/6b0df6d8da76d77a9b5c42dcfa78dbfe197fd56d) + - [Add API for license templates](https://codeberg.org/forgejo/forgejo/commit/fb37eefa282543fd8ce63c361cd4cf0dfac9943c) + - [Add API for gitignore templates](https://codeberg.org/forgejo/forgejo/commit/36a5d4c2f3b5670e5e921034cd5d25817534a6d4) + - [Add API to upuload a file to an empty repository](https://codeberg.org/forgejo/forgejo/commit/cf465b472166ccf6d3e001e3043e4bf43e16e6b3) + - [Allow for --not when listing the commits of a repo](https://codeberg.org/forgejo/forgejo/commit/f766b002938b5c81e343c81fda3c0669fa09809f) + - [Add `files` and `verification` parameters to improve performances when listing the commits of a a repo](https://codeberg.org/forgejo/forgejo/commit/1dd83dbb917d55bd253001646d6743f247a4d98b) + - [Allow for listing a single commit in a repository](https://codeberg.org/forgejo/forgejo/commit/5930ab5fdf7a970fcca3cd50b44cf1cacb615a54) + - [Create a branch directly from commit on the create branch API](https://codeberg.org/forgejo/forgejo/commit/cd9a13ebb47d32f46b38439a524e3b2e0c619490) + - [Add API for Label templates](https://codeberg.org/forgejo/forgejo/commit/25dc1556cd70b567a4920beb002a0addfbfd6ef2) + - [Add API for changing/creating/deleting multiple files](https://codeberg.org/forgejo/forgejo/commit/275d4b7e3f4595206e5c4b1657d4f6d6969d9ce2) +- **Miscellaneous Features** + - [Any URL scheme may be used for links](https://codeberg.org/forgejo/forgejo/commit/f5ce2ed292a90041abd749a8db26671645648a43). Previously, non-standard URLs (like matrix:) were not rendered unless explicitly listed in `markdown.CUSTOM_URL_SCHEMES`. Now the default if `markdown.CUSTOM_URL_SCHEMES` is not set, all schemes are allowed and markdown links ([label](URL)) render as links. + - [Always use "utf8mb4" for MySQL](https://codeberg.org/forgejo/forgejo/commit/cb3173a1e) + - [Add Adopt repository event and handler](https://codeberg.org/forgejo/forgejo/commit/9d69a4758) + - Add [meilisearch](https://www.meilisearch.com/) support to [index the content of repositories](https://codeberg.org/forgejo/forgejo/commit/92c160d8e716cb3d05215a97cf521e843596f562). + - [Add support](https://codeberg.org/forgejo/forgejo/commit/985f76dc4b0692c4d6c6f37e82500ef859557c16) for [redis v7](https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES) + - Allow [webp](https://en.wikipedia.org/wiki/WebP) images [as avatars](https://codeberg.org/forgejo/forgejo/commit/65fe0fb22cfb264f0b756065d0c3ce7a17d7e55b) + - [Add support](https://codeberg.org/forgejo/forgejo/commit/58caf422e67c78f87327bc9b00f89083a2432940) for rendering [.livemd](https://livebook.dev/) + - The `forgejo forgejo-cli actions` [subcommand is added](https://codeberg.org/forgejo/forgejo/commit/d6efefbb63d59ba0251c10b6031f6b630b184eaf) to implement [offline registration with `actions register`](https://forgejo.org/docs/v1.20/admin/actions/#offline-registration) for the [Forgejo runner](https://code.forgejo.org/forgejo/runner). + - When [called as `forgejo-cli`](https://codeberg.org/forgejo/forgejo/commit/935fb85e8b2a5f6a9c9c6c0b78a234abc14df4fe) (with `ln -f forgejo forgejo-cli`), Forgejo provides a new CLI that is not backward compatible with Gitea. It contains Forgejo specific additions such as [offline registration](https://forgejo.org/docs/v1.20/admin/actions/#offline-registration) + - [Render list items](https://codeberg.org/forgejo/forgejo/commit/e1829f0728509c4c1b7810fe9f6df1aebb71b4c0) when an [org-mode](https://orgmode.org/) file is displayed + - [A user can follow an organization](https://codeberg.org/forgejo/forgejo/commit/cc64a925602d54f3439dd19f16b5280bd0377a7a) + - [When playing a video in the web UI, the player control can be dragged to play on the specified position](https://codeberg.org/forgejo/forgejo/commit/023a048f52b5bf8c4b715285245a129f04e05a8c) + - The commit status required for a pull request to be merged can now be [specified as patterns](https://codeberg.org/forgejo/forgejo/commit/e7c2231dee356df5cbe5a47c07e31e3a8d090a6f) instead of being a hard coded list + - [Support wildcard in email domain allow and block lists](https://codeberg.org/forgejo/forgejo/commit/2cb66fff60c95efbd58b797f1197f2421f4687ce). [Read more about EMAIL_DOMAIN_ALLOWLIST and EMAIL_DOMAIN_BLOCKLIST](https://forgejo.org/docs/v1.20/admin/config-cheat-sheet/). + - When [installing with docker](https://forgejo.org/docs/v1.20/admin/installation/#installation-with-docker) the value of a configuration variable can now be fetched from a file by [adding the `__FILE` suffix](https://codeberg.org/forgejo/forgejo/commit/c21605951b581440bb08b65d5907b1cd4e0ab6c5). For instance `FORGEJO__security__INTERNAL_TOKEN__FILE=/etc/forgejo/token` can be used instead of `FORGEJO__security__INTERNAL_TOKEN=tokenvalue`. + - The [new `[git.config]` section of `app.ini`](https://codeberg.org/forgejo/forgejo/commit/8080ace6fcf73a5fbe4a0dd71881228abd0c68b9) is used to `git set config`. [Read more about the defaults it contains](https://forgejo.org/docs/v1.20/admin/config-cheat-sheet/#git---config-options-gitconfig). + - [Issues and pull requests can be pinned](https://codeberg.org/forgejo/forgejo/commit/aaa109466350c531b9238a61115b2877daca57d3). They will show on top of the list of issues (or pull requests) and can be re-arranged by dragging them. + - [Implement systemd-notify protocol](https://codeberg.org/forgejo/forgejo/commit/7565e5c3de051400a9e3703f707049cbb9054cf3) and allows for using `Type=notify` in service files. + - [Provide more control over the repositories that are indexed](https://codeberg.org/forgejo/forgejo/commit/033d92997fc16baee097d2b25f08e0984e628abd). [Read more about REPO_INDEXER_REPO_TYPES](https://forgejo.org/docs/v1.20/admin/config-cheat-sheet/). +- **Webhook** + - Similar to organization wide webhooks, it is now possible to have [user wide webhooks](https://codeberg.org/forgejo/forgejo/commit/2173f14708ff3b35d7821fc9b6dcb5fcd06b8494) + - [Add webhook trigger when a Pull Request review requests is created](https://codeberg.org/forgejo/forgejo/commit/309354c70ee994a1e8f261d7bc24e7473e601d02) + +* Container images upgraded to Alpine 3.18 + + The Forgejo container images are now based on [Alpine 3.18](https://alpinelinux.org/posts/Alpine-3.18.0-released.html) instead of Alpine 3.17. + +## 1.19.4-0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.19/forgejo) included in the `Forgejo v1.19.4-0` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.19.3-0..v1.19.4-0 +``` + +This stable release contains security fixes. + +* Recommended Action + + We recommend that all Forgejo installations are upgraded to the latest version. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.19/user/semver/) + + The semantic version was updated from `4.2.1+0-gitea-1.19.3` to `4.2.2+0-gitea-1.19.4`. + +* Security fixes + + * [An additional verification](https://codeberg.org/forgejo/forgejo/commit/a259a928a) was implemented to prevent [open redirects](https://en.wikipedia.org/wiki/Open_redirect). + +* Bug fixes + + The most prominent ones are described here, others can be found in the list of commits included in the release as described above. + + * [Fix an edge case](https://codeberg.org/forgejo/forgejo/commit/27796464c) where a user changing their `username` in their profile page could fail + * The secrets are only meaningful in the context of `Frogejo Actions`, do not display them if `Forgejo Actions` is disabled ([patch 1](https://codeberg.org/forgejo/forgejo/commit/5883db45c), [patch 2](https://codeberg.org/forgejo/forgejo/commit/5fdac0d46)) + * Actions can now be triggered on mirrored repositories ([patch 1](https://codeberg.org/forgejo/forgejo/commit/58bdcae61), [patch 2](https://codeberg.org/forgejo/forgejo/commit/8d4d6f9b2)) + * [Return `404` in the API if the requested webhooks were not found](https://codeberg.org/forgejo/forgejo/commit/16bcceeff) instead of `500` + * Ensure topics deleted via the API are [also deleted in the repository](https://codeberg.org/forgejo/forgejo/commit/5dc29fdeb) + * [Tentative fix](https://codeberg.org/forgejo/forgejo/commit/9bc4887cb) to suppress the JavaScript error **TypeError: undefined is not an object (evaluating '_i18n.textEdited')** on safari. It is unclear if that fix is effective because it could not be reproduced, please report if it still happens for you. + * [Respect original content when creating secrets](https://codeberg.org/forgejo/forgejo/commit/f6919e3e5) + * If a mirror failed and left the database in an inconsistent state, make it so the repository page [does not fail with an error `500`](https://codeberg.org/forgejo/forgejo/commit/f37fba567) + * If a user that triggered `Actions` is deleted, [allow for the page listing the tasks it launched to show](https://codeberg.org/forgejo/forgejo/commit/f9bf040a5) instead of failing with an error `500` + * [Allow the selection of milestones](https://codeberg.org/forgejo/forgejo/commit/55d062003) when acting on multiple issues in the issue list page + * [Fix the API error message when trying to create a fork that already exists](https://codeberg.org/forgejo/forgejo/commit/4dccac3db) + * [Don't display a `create page` button in a mirror wiki repository](https://codeberg.org/forgejo/forgejo/commit/7a74957c1). A mirrored repository will also mirror a wiki and changes will be overridden. + * [Do not allow for a repository to enable actions if it is not enabled in the configuration](https://codeberg.org/forgejo/forgejo/commit/257287954) + * Allow for closed PRs to be re-opened and [synchronize with the latest content of the head branch](https://codeberg.org/forgejo/forgejo/commit/306b7b5d1) + * [Fix the `close` button of projects within an organization](https://codeberg.org/forgejo/forgejo/commit/306b7b5d1). It was a noop and now effectively closes the project + +## 1.19.3-0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.19/forgejo) included in the `Forgejo v1.19.3-0` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.19.2-0..v1.19.3-0 +``` + +This stable release contains security fixes. + +* Recommended Action + + We recommend that all Forgejo installations are upgraded to the latest version. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.19/user/semver/) + + The semantic version was updated from `4.2.0+0-gitea-1.19.2` to `4.2.1+0-gitea-1.19.3` because of the rebuild with [Go version 1.20.4](https://github.com/golang/go/issues?q=milestone%3AGo1.20.4+label%3ACherryPickApproved). + +* Security fixes + + * Forgejo was recompiled with Go version v1.20.4 published 2 May 2023. It fixes [three vulnerabilities](https://github.com/golang/go/issues?q=milestone%3AGo1.20.4+label%3ACherryPickApproved) ([CVE-2023-29400](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400), [CVE-2023-24540](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540), [CVE-2023-24539](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539)) related to the [html/template](https://pkg.go.dev/html/template) package. The [Forgejo security team](https://forgejo.org/.well-known/security.txt) analyzed the security fixes it contains and concluded that Forgejo is not affected but recommended a rebuild as a precaution. + +* Bug fixes + + The most prominent one is described here, others can be found in the list of commits included in the release as described above. + + * [Allow users that are not signed in to browse the tag list](https://codeberg.org/forgejo/forgejo/commit/e76b3f72b23bf778a562682d829744451b27d615). Requiring users to be signed in to view the tag list was a regression introduced in Forgejo v1.19.2-0. + +## 1.19.2-0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.19/forgejo) included in the `Forgejo v1.19.2-0` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.19.1-0..v1.19.2-0 +``` + +This stable release contains **important security fixes**. + +* Recommended Action + + We **strongly recommend** that all Forgejo installations are upgraded to the latest version as soon as possible. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.19/user/semver/) + + The semantic version was updated from `4.1.0+0-gitea-1.19.1` to `4.2.0+0-gitea-1.19.2` because of the changes introduced in the internal CI. + +* Security fixes + + * Token scopes were not enforced in some cases ([patch 1](https://codeberg.org/forgejo/forgejo/commit/7c3ac69c0) and [patch 2](https://codeberg.org/forgejo/forgejo/commit/10d3ed53f1cc6d383b52637bedd7bc3679476eb4)). The [scoped token](https://forgejo.org/docs/v1.19/user/oauth2-provider/#scoped-tokens) were introduced in Forgejo v1.19 allow for the creation of application tokens that only have limited permissions, such as creating packages or accessing repositories. Prior to Forgejo v1.19 tokens could be used to perform any operation the user issuing the token could. + * [Permissions to delete secrets was not enforced](https://codeberg.org/forgejo/forgejo/commit/68d80eb56). The experimental internal CI relies on secrets managed via the web interface, for instance to communicate credentials to a job. Secrets are only used in the context of the experimental internal CI. + +* Bug fixes + + The most prominent ones are described here, others can be found in the list of commits included in the release as described above. + + * [Restore public access to some API endpoints](https://codeberg.org/forgejo/forgejo/commit/b00f7c3c545c6a00a747a5aea7596f45c50157ac). When [scoped token](https://forgejo.org/docs/v1.19/user/oauth2-provider/#scoped-tokens) introduced in Forgejo v1.19, some API endpoints that were previously accessible anonymously became restricted: `/orgs`, `/orgs/{org}`, `/orgs/{org}/repos`, `/orgs/{org}/public_members`, `/orgs/{org}/public_members/{username}`, `/orgs/{org}/labels`. + * [Fix 2-dot direct compare to use the right base commit](https://codeberg.org/forgejo/forgejo/commit/494e373292962de34b7ea7efd3f4a8d2f27daa26). For 2-dot direct compare, the base commit should be used in the title and templates, as is used elsewhere, not the common ancestor which is used for 3-dot compare. + * [Make CORS work](https://codeberg.org/forgejo/forgejo/commit/2e6e5bc9c96ebb760f28c08423bb0c244ca7e01c). No [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing) headers were set, even if CORS was enabled in the configuration. + * [Fix issue attachment removal](https://codeberg.org/forgejo/forgejo/commit/d5f2c9d74d63443cc2abbcabc268cf1121f58e8b). When an attachment was removed from an issue or review comment, all of the image/attachment links were broken. + * [Fix wiki write permissions for users who do not have repository write permissions](https://codeberg.org/forgejo/forgejo/commit/8c465206e2fea27076fdb986ea0478729653f0b5). When a team member had write access to the wiki but not to the code repository, some operations (deleting a page for instance) were denied. + * [Respect the REGISTER_MANUAL_CONFIRM setting when registering via OAuth](https://codeberg.org/forgejo/forgejo/commit/116b6d5b27c40b248281f5fd543f7aa8df0d59d3). Contrary to the local registration, the OAuth registration flow activated a newly registered user regardless of the value of `REGISTER_MANUAL_CONFIRM`. + * [Fix tags list for repos whose release setting is disabled](https://codeberg.org/forgejo/forgejo/commit/eeee32cdc3aab4d2086b24aae670a39501c9ea99). When releases was disabled the "tags" button led to a `Not Found` page, even when tags existed. + +* Container image upgrades + + In the Forgejo container images the Git version was upgraded to [2.38.5](https://github.com/git/git/blob/master/Documentation/RelNotes/2.38.5.txt) as a precaution. The [Forgejo security team](https://forgejo.org/.well-known/security.txt) analyzed the security fixes it contains and concluded that Forgejo is not affected. + +## 1.19.1-0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.19/forgejo) included in the `Forgejo v1.19.1-0` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.19.0-3..v1.19.1-0 +``` + +This stable release includes bug fixes. Functional changes related to the experimental CI have also been backported. + +* Recommended Action + + We recommend that all installations are upgraded to the latest version. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.19/user/semver/) + + The semantic version was updated from `4.0.0+0-gitea-1.19.0` to `4.1.0+0-gitea-1.19.1` because of the changes introduced in the internal CI. + +* Bug fixes + + The most prominent ones are described here, others can be found in the list of commits included in the release as described above. + + * [Fix RSS/ATOM/GPG/KEYS path for users (or orgs) with a dot in their name](https://codeberg.org/forgejo/forgejo/commit/085b56302cfd9a949319a3a1e32e008b4a0d0772). It is allowed for a user (or an organization) to have a dot in their name, for instance `user.name`. Because of a [bug in Chi](https://codeberg.org/forgejo/forgejo/issues/652) it was not possible to access `/user.name.png`, `/user.name.gpg`, etc. A workaround was implemented while a [proper fix is being discussed](https://github.com/go-chi/chi/pull/811). + * [Creating a tag via the web interface no longer requires a title](https://codeberg.org/forgejo/forgejo/commit/1b8ecd179bdb58427b99c2c2eb9ad5a45abf7055). + * [Use fully qualified URLs in Dockerfile](https://codeberg.org/forgejo/forgejo/commit/833a4b177596debc138e5723219fd063d067bd5b). The Dockerfile to create the Forgejo container image now uses the fully qualified image `docker.io/library/golang:1.20-alpine3.17` instead of `golang:1.20-alpine3.17`. This allows for building on platforms that don't have docker hub as the default container registry. + * [Redis use Get/Set instead of Rename when Regenerate session id](https://codeberg.org/forgejo/forgejo/commit/3a7cb1a83b4ecd89421b5656b8caeb30c2b13c7c). The old sid and new sid may be in different redis cluster slot. + * [Do not escape space between PyPI repository url and package name](https://codeberg.org/forgejo/forgejo/commit/cfde557e231417b7fb3cde3e9bab70d05b7d182f). It also adds a trailing slash to the PyPI repository URL in accordance to [Python PEP-503](https://peps.python.org/pep-0503/). + * [Fix failure when using the API and an empty rule_name to protect a branch](https://codeberg.org/forgejo/forgejo/commit/abf0386e2ef6b56c048c04cd3d6913f453c87cb1). The `rule_name` parameter for the [/repos/{owner}/{repo}/branch_protections](https://code.forgejo.org/api/swagger#/repository/repoCreateBranchProtection) API now defaults to the branch name instead of being empty. + * [Fix branch protection priority](https://codeberg.org/forgejo/forgejo/commit/580da8f35320dbd15b168bf8ccfaff6187ff87e0). Contrary to [the documentation](https://forgejo.org/docs/v1.19/user/protection/#protected-branches) it was possible for a glob rule to take precedence over a non-glob rule. + * [Fix deleting an issue when the git repo does not exist](https://codeberg.org/forgejo/forgejo/commit/1d8ae34e57e46b84a885b4f072d949344c5977c4). If a project had an issue tracker (such as the [Forgejo discussion](https://codeberg.org/forgejo/discussions/issues)) but [no git repository](https://codeberg.org/forgejo/discussions/), trying to delete an issue would fail. + * [Fix accidental overwriting of LDAP team memberships](https://codeberg.org/forgejo/forgejo/commit/66aa85429684aca45753ac9578492ed3f7507ea3). If an LDAP user is a member of two groups, the LDAP group sync only matched the last group. + +## 1.19.0-3 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.19/forgejo) included in the `Forgejo v1.19.0-3` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.19.0-2..v1.19.0-3 +``` + +This stable release includes security updates and bug fixes. + +* Recommended Action + + We recommend that all installations are upgraded to the latest version. + +* Security + + The [Forgejo security team](https://forgejo.org/.well-known/security.txt) analyzed the vulnerabilities fixed in the latest [Go 1.20.3 packages](https://go.dev/doc/devel/release#go1.20.minor) and [Alpine 3.17.3](https://alpinelinux.org/posts/Alpine-3.17.3-released.html) and concluded that Forgejo is not affected. + + As a precaution the Forgejo v1.19.0-3 binaries were compiled with [Go 1.20.3 packages](https://go.dev/doc/devel/release#go1.20.minor) as published on 4 April 2023 and the container images were built with [Alpine 3.17.3](https://alpinelinux.org/posts/Alpine-3.17.3-released.html) as published on 29 March 2023. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.19/user/semver/) + + The semantic version was updated from `3.0.0+0-gitea-1.19.0` to `4.0.0+0-gitea-1.19.0` because of the breaking changes described below. + +* Breaking changes + + They should not have a significant impact because they are related to experimental features (federation and CI). + + * [Use User.ID instead of User.Name in ActivityPub API for Person IRI](https://codeberg.org/forgejo/forgejo/commit/2fcd57d5ae5b5926e5b0b87e46f78ad4ac83cbbd) + + The ActivityPub id is an HTTPS URI that should remain constant, even if +the user changes their name. + + * [Actions unit is repo.actions instead of actions.actions](https://codeberg.org/forgejo/forgejo/commit/9596bd3712caec440859fce93d05e19cf95e5330) + + All instances of `actions.actions` in the `DISABLED_REPO_UNITS` or `DEFAULT_REPO_UNITS` configuration variables must be replaced with `repo.actions`. + +* Bug fixes + + They are for the most part about user interface and actions. The most prominent ones are: + + * [Do not filter repositories by default on the explore page](https://codeberg.org/forgejo/forgejo/commit/d15f20b2d2ce613cc8b36536995f29f81797c002). The behavior of the explore page is back to what it was in Forgejo v1.18. Changing it was confusing. + * [Skip LFS when disabled in dump and doctor](https://codeberg.org/forgejo/forgejo/commit/b6a2323981a7a89205a382ddf0542e205e292d3d). + * [Do not display own email on the profile](https://codeberg.org/forgejo/forgejo/commit/1fed0e1adc8dd2d27d2d7e34dda29c8e79e5e6e8). + * [Make minio package support legacy MD5 checksum](https://codeberg.org/forgejo/forgejo/commit/b73d1ac1eb7d5c985749dc721bbea7ebd14f9c83). + * [Do not triggers Webhooks and actions on closed PR](https://codeberg.org/forgejo/forgejo/commit/a04535e212b04c0f6643a4f36904a3d1bf30c63f). + +## 1.19.0-2 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.19/forgejo) included in the `Forgejo v1.19.0-2` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges origin/v1.18/forgejo..origin/v1.19/forgejo +``` + +* Breaking changes + * [Scoped access tokens](https://codeberg.org/forgejo/forgejo/commit/de484e86bc) + + Forgejo access token, used with the [API](https://forgejo.org/docs/v1.19/admin/api-usage/) can now have a "scope" that limits what it can access. Existing tokens stored in the database and created before Forgejo v1.19 had unlimited access. For backward compatibility, their access will remain the same and they will continue to work as before. However, **newly created token that do not specify a scope will now only have read-only access to public user profile and public repositories**. + + For instance, the `/users/{username}/tokens` API endpoint will require the `scopes: ['all', 'sudo']` parameter and the `forgejo admin user generate-access-token` will require the `--scopes all,sudo` argument obtain tokens with unlimited access as before for admin users. + + [Read more about the scoped tokens](https://forgejo.org/docs/v1.19/user/oauth2-provider/#scoped-tokens). + + * [Disable all units except code and pulls on forks](https://codeberg.org/forgejo/forgejo/commit/2741546be) + + When forking a repository, the fork will now have issues, projects, releases, packages and wiki disabled. These can be enabled in the repository settings afterwards. To change back to the previous default behavior, configure `DEFAULT_FORK_REPO_UNITS` to be the same value as `DEFAULT_REPO_UNITS`. + + * [Filter repositories by default on the explore page](https://codeberg.org/forgejo/forgejo/commit/4d20a4a1b) + + The explore page now always filters out repositories that are considered not relevant because they are either forks or have no topic and not description and no icon. A link is shown to display all repositories, unfiltered. + + Explore repositories + + * [Remove deprecated DSA host key from Docker Container](https://codeberg.org/forgejo/forgejo/commit/f17edfaf5a31ea3f4e9152424b75c2c4986acbe3) + Since OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public key algorithm, and recommend against its use. http://www.openssh.com/legacy.html + + * Additional restrictions on valid user names + + The algorithm for validating user names was modified and some users may have invalid names. The command `forgejo doctor --run check-user-names` will list all of them so they can be renamed. + + If a Forgejo instance has users or organizations named `forgejo-actions` and `gitea-actions`, they will also need to be renamed before the upgrade. They are now reserved names for the experimental internal CI/CD named `Actions`. + + * [Semantic version](https://forgejo.org/docs/latest/user/semver) + + Since v1.18.5, in addition to the Forgejo release number, a [semantic version](https://semver.org/#semantic-versioning-200) number (e.g. `v3.0.0`) can be obtained from the `number` key of a new `/api/forgejo/v1/version` endpoint. + + Now, it reflects the Gitea version that Forgejo depends on, is no longer prefixed with `v` (e.g. `3.0.0+0-gitea-1.19.0`), and can be obtained from the `version` key of the same endpoint. +* Features + + * [Documentation](https://forgejo.org/docs/latest/) + The first version of the [Forgejo documentation](https://forgejo.org/docs/latest/) is available and covers the administration of Forgejo, from installation to troubleshooting. + + [Read more about semantic versions](https://forgejo.codeberg.page/docs/v1.19/user/semver) + + * [Webhook authorization header](https://codeberg.org/forgejo/forgejo/commit/b6e81357bd6fb80f8ba94c513f89a210beb05313) + Forgejo webhooks can be configured to send an [authorization header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization) to the target. + + [Read more about the webhook authorization header](https://forgejo.codeberg.page/docs/v1.19/user/webhooks/#authorization-header) + + * [Incoming emails](https://codeberg.org/forgejo/forgejo/commit/fc037b4b825f0501a1489e10d7c822435d825cb7) + You can now set up Forgejo to receive incoming email. When enabled, it is now possible to reply to an email notification from Forgejo and: + * Add a comment to an issue or a pull request + * Unsubscribe to the notifications + + [Read more about incoming emails](https://forgejo.org/docs/v1.19/admin/incoming-email/) + + * Packages registries + * Support for [Cargo](https://forgejo.org/docs/v1.19/admin/packages/cargo/), [Conda](https://forgejo.org/docs/v1.19/admin/packages/conda/) and [Chef](https://forgejo.org/docs/v1.19/admin/packages/chef/) + * [Cleanup rules](https://codeberg.org/forgejo/forgejo/commit/32db62515) + * [Quota limits](https://codeberg.org/forgejo/forgejo/commit/20674dd05) + + * [Option to prohibit fork if user reached maximum limit of repositories](https://codeberg.org/forgejo/forgejo/commit/7cc7db73b) + It is possible for a user to create as many fork as they want, even when a quota on the number of repositories is imposed. The new `ALLOW_FORK_WITHOUT_MAXIMUM_LIMIT` setting can now be set to `false` so forks are prohibited if that means exceeding the quota. + + [Read more about repository configurations](https://forgejo.org/docs/v1.19/admin/config-cheat-sheet/#repository-repository) + + * [Scoped labels](https://codeberg.org/forgejo/forgejo/commit/6221a6fd5) + Labels that contain a forward slash (**/**) separator are displayed with a slightly different color before and after the separator, as a visual aid. The first part of the label defines its "scope". + + [Read more about scoped labels](https://forgejo.org/docs/v1.19/user/labels/). + + * [Support org/user level projects](https://codeberg.org/forgejo/forgejo/commit/6fe3c8b39) + It is now possible to create projects (kanban boards) for an organization or a user, in the same way it was possible for an individual repository. + + * [Map OIDC groups to Orgs/Teams](https://codeberg.org/forgejo/forgejo/commit/e8186f1c0) + When a user logs in Forgejo using an provider such as [Keycloak](https://www.keycloak.org/), they can now automatically be part of a Forgejo team, depending on the OIDC group they belong to. For instance: + + ```json + {"Developer": {"MyForgejoOrganization": ["MyForgejoTeam1", "MyForgejoTeam2"]}} + ``` + + Means that the user who is in the OIDC group `Developer` will automatically be a member of the `MyForgejoTeam1` and `MyForgejoTeam2` teams in the `MyForgejoOrganization` organization. + This mapping is set when adding a new `Authentication Source` in the `Site Administration` panel. + + OIDC Group mapping part1 + + ... + + OIDC Group mapping part2 + + [Read more about OIDC groups mapping](https://forgejo.org/docs/v1.19/user/oauth2-provider/#endpoints) + + * [RSS feed for releases and tags](https://codeberg.org/forgejo/forgejo/commit/48d71b7d6) + + A RSS feed is now available for releases at `/{owner}/{repo}/releases.rss` and tags at `/{owner}/{repo}/tags.rss`. + + * [Supports wildcard protected branch](https://codeberg.org/forgejo/forgejo/commit/2782c1439) + + Instead of selecting a branch to be protected, the name of the branch must be specified and can be a pattern such as `precious*`. + + [Read more about branch protection](https://forgejo.org/docs/v1.19/user/protection/#protected-branches). + + * [Garbage collect LFS](https://codeberg.org/forgejo/forgejo/commit/651fe4bb7) + Add a doctor command for full garbage collection of LFS: `forgejo doctor --run gc-lfs`. + + * Additions to the API + + * [Management for issue/pull and comment attachments](https://codeberg.org/forgejo/forgejo/commit/3c59d31bc) + * [Get latest release](https://codeberg.org/forgejo/forgejo/commit/4d072a4c4) + * [System hook](https://codeberg.org/forgejo/forgejo/commit/c0015979a) + + * [Option to disable releases on a repository](https://codeberg.org/forgejo/forgejo/commit/faa96553d) + + It is now possible to disable releases on a repository, in the same way it is possible to disable issues or packages. + + * [Git reflog support](https://codeberg.org/forgejo/forgejo/commit/757b4c17e) + The [git reflog](https://git-scm.com/docs/git-reflog) are now active by default on all repositories and + kept around for 90 days. It allows the Forgejo admin to recover the previous tip of a branch after an + accidental force push. + + [Read more about reflog](https://forgejo.org/docs/v1.19/admin/config-cheat-sheet/#git---reflog-settings-gitreflog) + + * [Actions](https://codeberg.org/forgejo/forgejo/commit/4011821c946e8db032be86266dd9364ccb204118): an experimental CI/CD + + It appears for the first time in this Forgejo release but is not yet fit for production. It is not fully implemented and may be insecure. However, as long as it is not enabled, it presents no risk to existing Forgejo instances. + + If a repository has a file such as `.forgejo/workflows/test.yml`, it will be interpreted, for instance to run tests and verify the code in the repository works as expected (Continuous Integration). It can also be used to create HTML pages for a website and publish them (Continuous Deployment). The syntax is similar to GitHub Actions and the jobs can be controlled from the Forgejo web interface. + + [Read more about Forgejo Actions](https://forgejo.codeberg.page/2023-02-27-forgejo-actions/) + + Actions + +* User Interface improvements + + * [Review box on small screens](https://codeberg.org/forgejo/forgejo/commit/1fcf96ad0) + The rendering of the review box is improved on small screens. + + * [Video element enabled in markdown](https://codeberg.org/forgejo/forgejo/commit/f8a40dafb) + The `