Giteabot [Mon, 6 Nov 2023 18:07:22 +0000 (02:07 +0800)]
Unify two factor check (#27915) (#27929)
Backport #27915 by @KN4CK3R
Fixes #27819
We have support for two factor logins with the normal web login and with
basic auth. For basic auth the two factor check was implemented at three
different places and you need to know that this check is necessary. This
PR moves the check into the basic auth itself.
Giteabot [Mon, 6 Nov 2023 16:03:06 +0000 (00:03 +0800)]
Remove `known issue` section in Gitea Actions Doc (#27930) (#27938)
Backport #27930 by @lng2020
The bug has been fixed for several months in the
`docker/build-push-action`
The fix commit is
[d8823bfaed](https://github.com/docker/build-push-action/commit/d8823bfaed2a82c6f5d4799a2f8e86173c461aba)
as the Gitea Actions Doc mentioned too.
Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
Giteabot [Sun, 5 Nov 2023 13:20:00 +0000 (21:20 +0800)]
Remove action runners on user deletion (#27902) (#27908)
Backport #27902 by @earl-warren
- On user deletion, delete action runners that the user has created.
- Add a database consistency check to remove action runners that have
nonexistent belonging owner.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1720
Giteabot [Wed, 1 Nov 2023 23:19:02 +0000 (07:19 +0800)]
refactor postgres connection string building (#27723) (#27869)
Backport #27723 by @mpldr
This patchset changes the connection string builder to use net.URL and
the host/port parser to use the stdlib function for splitting host from
port. It also adds a footnote about a potentially required portnumber
for postgres UNIX sockets.
Fixes: #24552 Co-authored-by: Moritz Poldrack <33086936+mpldr@users.noreply.github.com>
Giteabot [Mon, 30 Oct 2023 11:25:40 +0000 (19:25 +0800)]
Always use whole user name as link (#27815) (#27838)
Backport #27815 by @denyskon
Starting from #25790 this shared template only linked the username of
the user if both display name and username were shown. I experienced
myself always trying to click on the display name - I think it is
annoying for others too.
Giteabot [Fri, 27 Oct 2023 12:17:27 +0000 (20:17 +0800)]
Upgrade xorm to 1.3.4 (#27807) (#27813)
Backport #27807 by @lng2020
Noticeable change:
Remove the `OrderBy("1") `
[patch](https://github.com/go-gitea/gitea/pull/27673#issuecomment-1768570142)
for mssql since xorm has [fixed
it](https://gitea.com/xorm/xorm/commit/0f085408afd85707635eadb2294ab52be04f3c0f).
Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
Giteabot [Wed, 25 Oct 2023 01:09:08 +0000 (09:09 +0800)]
Add gap between diff boxes (#27776) (#27781)
Backport #27776 by @silverwind
Before (almost no gap between files):
<img width="1240" alt="Screenshot 2023-10-24 at 19 43 32"
src="https://github.com/go-gitea/gitea/assets/115237/30cdbdbc-d102-479c-89ce-3f68837ae0cd">
After (with 8px gap):
<img width="1241" alt="Screenshot 2023-10-24 at 19 43 22"
src="https://github.com/go-gitea/gitea/assets/115237/72b26a30-8730-4a36-8de9-be143b684b98">
Giteabot [Tue, 24 Oct 2023 07:40:02 +0000 (15:40 +0800)]
Do not force creation of _cargo-index repo on publish (#27266) (#27765)
Backport #27266 by @merlleu
Hello there,
Cargo Index over HTTP is now prefered over git for package updates: we
should not force users who do not need the GIT repo to have the repo
created/updated on each publish (it can still be created in the packages
settings).
The current behavior when publishing is to check if the repo exist and
create it on the fly if not, then update it's content.
Cargo HTTP Index does not rely on the repo itself so this will be
useless for everyone not using the git protocol for cargo registry.
This PR only disable the creation on the fly of the repo when publishing
a crate.
This is linked to #26844 (error 500 when trying to publish a crate if
user is missing write access to the repo) because it's now optional.
Giteabot [Mon, 23 Oct 2023 13:04:53 +0000 (21:04 +0800)]
Fix duplicate project board when hitting `enter` key (#27746) (#27751)
Backport #27746 by @lng2020
When hitting the `enter` key to create a new project column, the request
is sent twice because the `submit` event and `key up` event are both
triggered.
Probably a better solution is to rewrite these parts of the code to
avoid using native jQuery but reuse the `form-fetch-action` class. But
it's beyond my ability.
Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
Giteabot [Sat, 21 Oct 2023 11:13:15 +0000 (19:13 +0800)]
Feed UI Improvements (#27356) (#27717)
Backport #27356 by @silverwind
Various improvements related to feeds:
- Fix markdown rendering
- Increase font size from 13px to default 14px via `flex-item`
- Add style to hashes
- Move the timestamp to title line. I realize it's not optimal for
translation, we may need to change all these translations
Before:
<img width="768" alt="Screenshot 2023-09-29 at 22 52 58"
src="https://github.com/go-gitea/gitea/assets/115237/edda8b84-23cf-4a43-90ad-a892798f4e6c">
After:
<img width="781" alt="Screenshot 2023-09-29 at 22 58 09"
src="https://github.com/go-gitea/gitea/assets/115237/7097474d-efcf-4f22-a2ab-834a4e25c4e8">
Giteabot [Fri, 20 Oct 2023 18:04:44 +0000 (02:04 +0800)]
[FIX] resolve confusing colors in languages stats by insert a gap (#27704) (#27715)
Backport #27704 by @RightFS
The current language stats are too obsessed with color matching. Similar
colors are always next to each other. It is a bit troublesome to find
the place where the color matching is generated, so just follow the
example of github and add a gap.
Fixes: https://github.com/go-gitea/gitea/issues/27604
Add negative margins so the header covers any shadow of active elements.
No rendering change of the content of the header because the padding
counteracts the effect.
Change confusing behavior when showing information about a repo via labels and icons.
Implement changes proposed by @lng2020 in
https://github.com/go-gitea/gitea/pull/27627#pullrequestreview-1678787673.
Giteabot [Thu, 19 Oct 2023 13:35:29 +0000 (21:35 +0800)]
Fix required checkboxes in issue forms (#27592) (#27692)
Backport #27592 by @JakobDev
If you set a checkbox as required in a issue form at the moment, the
checkbox is checked and read only, what does not make much sense. With
this PR, the Checkbox actually needs to be checked. The label supports
now also Markdown. This matches GitHub's behaviour.
And yes, I know the CSS is a ugly workaround. It looks like the given
CSS code is part Fomantic and I don't know how to change that. The
Maintainers are free to change that.
Giteabot [Wed, 18 Oct 2023 16:23:28 +0000 (00:23 +0800)]
Clipboard copy enhancements (#27669) (#27681)
Backport #27669 by @silverwind
1. Do not show temporary tooltips that are triggered from within
dropdowns. Previously this resulted in the tooltip being stuck to
top-left of the page like seen on issue comment URL copy. I could not
figure out any tippy options that prevent this, so I think it's better
to just not show it.
1. Refactor `initGlobalCopyToClipboardListener` so that it does not run
a often useless `document.querySelector` on every click, make
`data-clipboard-text-type` work with `data-clipboard-target`. No use in
current code base but still good to have. Finally some minor code
cleanup in the function.
Giteabot [Wed, 18 Oct 2023 13:07:52 +0000 (21:07 +0800)]
Support allowed hosts for webhook to work with proxy (#27655) (#27675)
Backport #27655 by @wolfogre
When `webhook.PROXY_URL` has been set, the old code will check if the
proxy host is in `ALLOWED_HOST_LIST` or reject requests through the
proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`.
However, it actually allows all requests to any port on the host, when
the proxy host is probably an internal address.
But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work
when requests are sent to the allowed proxy, and the proxy could forward
them to any hosts.
This PR fixes it by:
- If the proxy has been set, always allow connectioins to the host and
port.
- Check `ALLOWED_HOST_LIST` before forwarding.
When login in with WebAuth, the page has a link to use TOTP instead.
This link is always displayed, no matter if the User has set up TOTP or
not, which do of cause not work for those who have not.
Giteabot [Wed, 11 Oct 2023 14:12:31 +0000 (22:12 +0800)]
Replace ajax with fetch, improve image diff (#27267) (#27583)
Backport #27267 by @silverwind
1. Dropzone attachment removal, pretty simple replacement
2. Image diff: The previous code fetched every image twice, once via
`img[src]` and once via `$.ajax`. Now it's only fetched once and a
second time only when necessary. The image diff code was partially
rewritten.
Giteabot [Wed, 11 Oct 2023 11:26:34 +0000 (19:26 +0800)]
show manual cron run's last time (#27544) (#27577)
Backport #27544 by @earl-warren
- Currently in the cron tasks, the 'Previous Time' only displays the
previous time of when the cron library executes the function, but not
any of the manual executions of the task.
- Store the last run's time in memory in the Task struct and use that,
when that time is later than time that the cron library has executed
this task.
- This ensures that if an instance admin manually starts a task, there's
feedback that this task is/has been run, because the task might be run
that quick, that the status icon already has been changed to an
checkmark,
- Tasks that are executed at startup now reflect this as well, as the
time of the execution of that task on startup is now being shown as
'Previous Time'.
- Added integration tests for the API part, which is easier to test
because querying the HTML table of cron tasks is non-trivial.
- Resolves https://codeberg.org/forgejo/forgejo/issues/949
Giteabot [Wed, 11 Oct 2023 02:39:12 +0000 (10:39 +0800)]
Fix attachment download bug (#27486) (#27571)
Backport #27486 by @lunny
Fix #27204
This PR allows `/<username>/<reponame>/attachments/<uuid>` access with
personal access token and also changed attachments API download url to
it so it can be download correctly.
Giteabot [Tue, 10 Oct 2023 12:22:26 +0000 (20:22 +0800)]
Increase queue length (#27555) (#27562)
Backport #27555 by @wolfogre
It should be OK to increase the default queue length since the default
type is "level".
IMO, the old default length (100) is a little too small. See
https://github.com/go-gitea/gitea/issues/27540#issuecomment-1754269491
IIRC, a larger length could lead to more memory usage only when the type
is "channel," but it's an obscure case. Otherwise, it's just a limit
(for "level" or "redis").
The INI package has a quirk: by default, the keys are inherited.
When maintaining the keys, the newly added sub key should not be
affected by the parent key.
Giteabot [Mon, 9 Oct 2023 03:56:02 +0000 (11:56 +0800)]
Restore warning commit status (#27504) (#27529)
Backport #27504 by @silverwind
Partial revert of https://github.com/go-gitea/gitea/pull/25839. This
commit status is used by a number of external integrations, so I think
we should not remove it (See
https://github.com/go-gitea/gitea/pull/25839#issuecomment-1729002077).
This is a rare case where an existing migration needed to be alterted to
avoid data loss.
Giteabot [Sun, 8 Oct 2023 13:48:51 +0000 (21:48 +0800)]
Add hover background to wiki list page (#27507) (#27521)
Backport #27507 by @BLumia
This patch adds a hover background for the wiki row in wiki list page,
which make its behavior more close to repo's file list page.
This patch also make the wiki-git-entry visible on the row is hovered
instead of the cel, so users won't be confused since the 'grid' is not
visible from the web page.
After the patch: (when the wiki named 'Home' is hovered)
Duplicate headers in a single Markdown document are problemlematic
because the auto-generated links won't be stable. Enable this rule with
no exceptions which is also the default of `markdownlint`. For example:
```md
# A
## Example
# B
## Example
```
Docasaurus will generated `example` and `example-1` links for this. If
the first heading is altered, the link `example` will unexpectedly move
to the second example heading.
Giteabot [Fri, 6 Oct 2023 14:51:26 +0000 (22:51 +0800)]
Fix panic in storageHandler (#27446) (#27479)
Backport #27446 by @sryze
storageHandler() is written as a middleware but is used as an endpoint
handler, and thus `next` is actually `nil`, which causes a null pointer
dereference when a request URL does not match the pattern (where it
calls `next.ServerHTTP()`).
Note: the diff looks big but it's actually a small change - all I did
was to remove the outer closure (and one level of indentation) ~and
removed the HTTP method and pattern checks as they seem redundant
because go-chi already does those checks~. You might want to check "Hide
whitespace" when reviewing it.
Alternative solution (a bit simpler): append `, misc.DummyOK` to the
route declarations that utilize `storageHandler()` - this makes it
return an empty response when the URL is invalid. I've tested this one
and it works too. Or maybe it would be better to return a 400 error in
that case (?)
Giteabot [Tue, 3 Oct 2023 02:26:35 +0000 (10:26 +0800)]
Make Actions tasks/jobs timeouts configurable by the user (#27400) (#27402)
Backport #27400 by @fantognazza
With this PR we added the possibility to configure the Actions timeouts
values for killing tasks/jobs.
Particularly this enhancement is closely related to the `act_runner`
configuration reported below:
```
# The timeout for a job to be finished.
# Please note that the Gitea instance also has a timeout (3h by default) for the job.
# So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
timeout: 3h
```
---
Setting the corresponding key in the INI configuration file, it is
possible to let jobs run for more than 3 hours.
Signed-off-by: Francesco Antognazza <francesco.antognazza@gmail.com>