delvh [Mon, 28 Aug 2023 19:43:59 +0000 (21:43 +0200)]
Unify `border-radius` behavior (#26770)
## Changes
- no more hardcoded `border-radius`es (apart from `0`)
- no more value inconsistencies
- no more guessing what pixel value you should use
- two new variables:
- `--border-radius-medium` (for elements where the normal border radius
does not suffice)
- `--border-radius-circle` (for displaying circles)
merlleu [Mon, 28 Aug 2023 07:05:39 +0000 (09:05 +0200)]
Add auth-required to config.json for Cargo http registry (#26729)
Cargo registry-auth feature requires config.json to have a property
auth-required set to true in order to send token to all registry
requests.
This is ok for git index because you can manually edit the config.json
file to add the auth-required, but when using sparse
(setting index url to
"sparse+https://git.example.com/api/packages/{owner}/cargo/"), the
config.json is dynamically rendered, and does not reflect changes to the
config.json file in the repo.
I see two approaches:
- Serve the real config.json file when fetching the config.json on the
cargo service.
- Automatically detect if the registry requires authorization. (This is
what I implemented in this PR).
What the PR does:
- When a cargo index repository is created, on the config.json, set
auth-required to wether or not the repository is private.
- When the cargo/config.json endpoint is called, set auth-required to
wether or not the request was authorized using an API token.
Bo-Yi Wu [Mon, 28 Aug 2023 05:08:19 +0000 (13:08 +0800)]
refactor(API): refactor secret creation and update functionality (#26751)
According to the GitHub API Spec:
https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#create-or-update-an-organization-secret
Merge the Create and Update secret into a single API.
- Remove the `CreateSecretOption` struct and replace it with
`CreateOrUpdateSecretOption` in `modules/structs/secret.go`
- Update the `CreateOrUpdateOrgSecret` function in
`routers/api/v1/org/action.go` to use `CreateOrUpdateSecretOption`
instead of `UpdateSecretOption`
- Remove the `CreateOrgSecret` function in
`routers/api/v1/org/action.go` and replace it with
`CreateOrUpdateOrgSecret`
- Update the Swagger documentation in
`routers/api/v1/swagger/options.go` and `templates/swagger/v1_json.tmpl`
to reflect the changes in the struct names and function names
mainboarder [Mon, 28 Aug 2023 00:53:16 +0000 (02:53 +0200)]
Expanded minimum RSA Keylength to 3072 (#26604)
German Federal Office for Information Security requests in its technical
guideline BSI TR-02102-1 RSA Keylength not shorter than 3000bits
starting 2024, in the year 2023 3000bits as a recommendation. Gitea
should request longer RSA Keys by default in favor of security and drop
old clients which do not support longer keys.
Changed:
* Enhanced the Filtered UI page to seamlessly incorporate a list of
archived labels.
Outsourced:
* Defer the implementation of specialized handling for archived labels
to upcoming pull requests. This step will be undertaken subsequent to
the successful merge of this pull request.
wxiaoguang [Sun, 27 Aug 2023 00:16:02 +0000 (08:16 +0800)]
Fix template bugs in recently_pushed_new_branches.tmpl (#26744)
Fix some bugs from #25715, fix #25830
1. `$.locale.Tr ... Safe` needs `Escape`, but not `PathEscapeSegments`
2. The attribute should be `role`
3. The `ComposeBranchCompareURL` already does escaping correctly
wxiaoguang [Sat, 26 Aug 2023 02:44:00 +0000 (10:44 +0800)]
Fix incorrect "tabindex" attributes (#26733)
Fix #26731
Almost all "tabindex" in code are incorrect.
1. All "input/button" by default are focusable, so no need to use "tabindex=0"
2. All "div/span" by default are not focusable, so no need to use "tabindex=-1"
3. All "dropdown" are focusable by framework, so no need to use "tabindex"
4. Some tabindex values are incorrect (eg: `new_form.tmpl`), so remove them
wxiaoguang [Fri, 25 Aug 2023 23:35:10 +0000 (07:35 +0800)]
Simplify helper CSS classes and avoid abuse (#26728)
Removed CSS helper classes (some of them are not useful while some of
them are abused often)
* `gt-db`: in most cases it could be replaced by `gt-df` and the flex
layout should be encouraged. Other cases: either it does need the
`gt-df` (eg: by using `div` directly) or it is an abuse (eg: the warning
message in a form)
* `gt-di`: it doesn't seem useful, or it could be replaced by `gt-dib`
in most cases.
* `gt-dif`: not useful, it could be replaced by `flex-text-inline` or
`gt-df`
* `gt-js`: never used
* All `<i class="icon gt-df gt-ac gt-jc">` could be written as `<i
class="icon">`
silverwind [Fri, 25 Aug 2023 16:03:14 +0000 (18:03 +0200)]
Remove fomantic loader module (#26670)
Replace Fomantic `loader` CSS module with our existing `is-loading`
spinner. Only three places in the UI used this module, which are
pictured here:
imagediff:
<img width="1237" alt="Screenshot 2023-08-22 at 22 18 01"
src="https://github.com/go-gitea/gitea/assets/115237/b0d82531-f05e-43c6-9e5b-1bfc268c056d">
webauthn:
<img width="894" alt="Screenshot 2023-08-22 at 22 05 05"
src="https://github.com/go-gitea/gitea/assets/115237/7b583425-d944-474a-a57a-22a65bbd8b29">
heatmap (I removed the previous loading text, it was unreadable because
it was tiny and on fast machines only visible for a fraction of a
second):
<img width="764" alt="Screenshot 2023-08-22 at 22 18 44"
src="https://github.com/go-gitea/gitea/assets/115237/1c7472d6-3e17-4224-a992-d8c0b380cc73">
Also, heatmap container does not resize any more after loading now and
previous duplicate id `user-heatmap` is gone.
silverwind [Fri, 25 Aug 2023 13:47:27 +0000 (15:47 +0200)]
Add `eslint-plugin-vue-scoped-css` (#26720)
Adds
[eslint-plugin-vue-scoped-css](https://github.com/future-architect/eslint-plugin-vue-scoped-css)
and fixes discovered issues which are:
- 1 unused selector
- 3 selectors with `.full.height` parent in a `<style scoped>` block so
the rule could not find the parent. Move these into the unscoped block
instead. They worked before and after.
silverwind [Fri, 25 Aug 2023 05:26:32 +0000 (07:26 +0200)]
Focus editor on "Write" tab click (#26714)
Focus the editor when clicking the "Write" tab. Works for both Textarea
and EasyMDE. Does for some reason not work without the
`requestAnimationFrame`.
wxiaoguang [Thu, 24 Aug 2023 14:21:41 +0000 (22:21 +0800)]
Use "small-loading-icon" insead of "btn-octicon is-loading" (#26710)
The "btn-octicon is-loading" was introduced by #21842 , it is only used
by the "Copy Content" button, but the "btn-octicon" selector would
affect too many uncertain elements.
Now there is a general "small-loading-icon" class, so the "btn-octicon
is-loading" could be removed.
wxiaoguang [Thu, 24 Aug 2023 12:13:23 +0000 (20:13 +0800)]
Improve Image Diff UI (#26696)
1. Use `is-loading` instead of `ui loader`
2. Introduce class name `image-diff-tabs`, instead of searching `gt-hidden`, which is fragile
3. Align the UI elements, see the screenshots.
Earl Warren [Thu, 24 Aug 2023 10:36:10 +0000 (12:36 +0200)]
add Upload URL to release API (#26663)
- Resolves https://codeberg.org/forgejo/forgejo/issues/580
- Return a `upload_field` to any release API response, which points to
the API URL for uploading new assets.
- Adds unit test.
- Adds integration testing to verify URL is returned correctly and that
upload endpoint actually works
Laurent Cahour [Thu, 24 Aug 2023 10:03:49 +0000 (12:03 +0200)]
Add merge files files to GetCommitFileStatus (#20515)
Hi,
We'd like to add merge files files to GetCommitFileStatus fucntions so
API returns the list of all the files associated to a merged pull
request commit, like GitHub API does.
The list of affectedFiles for an API commit is fetched from toCommit()
function in routers/api/v1/repo/commits.go, and API was returning no
file in case of a pull request with no conflict, or just files
associated to the confict resolution, but NOT the full list of merged
files.
This would lead to situations where a CI polling a repo for changes
could miss some file changes due to API returning an empty / partial
list in case of such merged pull requests. (Hope this makes sense :) )
NOTE: I'd like to add a unittest in
integrations/api_repo_git_commits_test.go but failed to understand how
to add my own test bare repo so I can make a test on a merged pull
request commit to check for affectedFiles.
Is there a merged pull request in there that I could use maybe?
Could someone please direct me to the relevant ressources with
informations on how to do that please?
Thanks for your time,
Laurent.
---------
Co-authored-by: Thomas Desveaux <desveaux.thomas@gmail.com>
Infinoid [Thu, 24 Aug 2023 05:36:04 +0000 (01:36 -0400)]
PATCH branch-protection updates check list even when checks are disabled (#26351)
Fixes: #26333.
Previously, this endpoint only updates the `StatusCheckContexts` field
when `EnableStatusCheck==true`, which makes it impossible to clear the
array otherwise.
This patch uses slice `nil`-ness to decide whether to update the list of
checks. The field is ignored when either the client explicitly passes in
a null, or just omits the field from the json ([which causes
`json.Unmarshal` to leave the struct field
unchanged](https://go.dev/play/p/Z2XHOILuB1Q)). I think this is a better
measure of intent than whether the `EnableStatusCheck` flag was set,
because it matches the semantics of other field types.
Also adds a test case. I noticed that [`testAPIEditBranchProtection`
only checks the branch
name](https://github.com/go-gitea/gitea/blob/c1c83dbaec840871c1247f4bc3f875309b0de6bb/tests/integration/api_branch_test.go#L68)
and no other fields, so I added some extra `GET` calls and specific
checks to make sure the fields are changing properly.
I added those checks the existing integration test; is that the right
place for it?
Lunny Xiao [Thu, 24 Aug 2023 03:06:51 +0000 (11:06 +0800)]
chore(actions): support cron schedule task (#26655)
Replace #22751
1. only support the default branch in the repository setting.
2. autoload schedule data from the schedule table after starting the
service.
3. support specific syntax like `@yearly`, `@monthly`, `@weekly`,
`@daily`, `@hourly`
## How to use
See the [GitHub Actions
document](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule)
for getting more detailed information.
jobs:
test_schedule:
runs-on: ubuntu-latest
steps:
- name: Not on Monday or Wednesday
if: github.event.schedule != '30 5 * * 1,3'
run: echo "This step will be skipped on Monday and Wednesday"
- name: Every time
run: echo "This step will always run"
```
Bo-Yi Wu [Thu, 24 Aug 2023 02:07:00 +0000 (10:07 +0800)]
feat(API): update and delete secret for managing organization secrets (#26660)
- Add `UpdateSecret` function to modify org or user repo secret
- Add `DeleteSecret` function to delete secret from an organization
- Add `UpdateSecretOption` struct for updating secret options
- Add `UpdateOrgSecret` function to update a secret in an organization
- Add `DeleteOrgSecret` function to delete a secret in an organization
![image](https://github.com/go-gitea/gitea/assets/18380374/e1e6cbbc-31f8-40a2-b99a-508b5b2b3145)
you can confirm this in :
https://try.gitea.io/yp05327/testrepo/pulls/1/commits
I think we do not need to display branch name here, as we already have
the branch info above.
谈笑风生间 [Thu, 24 Aug 2023 01:00:11 +0000 (09:00 +0800)]
Modify the content format of the Feishu webhook (#25106)
close https://github.com/go-gitea/gitea/issues/24368
## what my pull request does
Since the official documentation states that custom bots do not support
hyperlink functionality, simply adding it without making some formatting
changes would result in an unappealing output. Therefore, I have
modified the formatting of the output. Currently, it is only used for
Feishu.
Jason Song [Wed, 23 Aug 2023 02:29:17 +0000 (10:29 +0800)]
Fix counting and filtering on the dashboard page for issues (#26657)
This PR has multiple parts, and I didn't split them because
it's not easy to test them separately since they are all about the
dashboard page for issues.
1. Support counting issues via indexer to fix #26361
2. Fix repo selection so it also fixes #26653
3. Keep keywords in filter links.
Lunny Xiao [Wed, 23 Aug 2023 01:56:11 +0000 (09:56 +0800)]
add mfa doc (#26654)
copy and modified from #14572
> Whilst debating enforcing MFA within our team, I realised there isn't
a lot of context to the side effects of enabling it. Most of us use Git
over HTTP and would need to add a token.
I plan to add another PR that adds a sentence to the UI about needing to
generate a token when enabling MFA if HTTP is to be used.
wxiaoguang [Tue, 22 Aug 2023 04:57:02 +0000 (12:57 +0800)]
Improve some flex layouts (#26649)
Fix #26617
1. Separate the "flex-list" examples into a dedicated template, and add some more examples
2. Use `flex-basis` instead of `flex-shrink` for `flex-item-trailing`, to avoid wrapping the texts too aggressively
3. Some `flex-wrap: wrap;` are removed
Bo-Yi Wu [Tue, 22 Aug 2023 03:20:34 +0000 (11:20 +0800)]
feat: implement organization secret creation API (#26566)
- Add a new `CreateSecretOption` struct for creating secrets
- Implement a `CreateOrgSecret` function to create a secret in an
organization
- Add a new route in `api.go` to handle the creation of organization
secrets
- Update the Swagger template to include the new `CreateOrgSecret` API
endpoint
delvh [Mon, 21 Aug 2023 16:20:11 +0000 (18:20 +0200)]
Use correct minio error (#26634)
Previously, `err` was defined above, checked for `err == nil` and used
nowhere else.
Hence, the result of `convertMinioErr` would always be `nil`.
This leads to a NPE further down the line.
That is not intentional, it should convert the error of the most recent
operation, not one of its predecessors.
CaiCandong [Mon, 21 Aug 2023 13:11:07 +0000 (21:11 +0800)]
Improve translation of milestone filters (#26569)
https://github.com/go-gitea/gitea/issues/26567#issue-1855312074
> The terms `closest` and `furthest` don't describe the actual sorting
behavior as these two are semantically relative to the current date.
> Could we switch to `earliest` and `latest` instead?
silverwind [Mon, 21 Aug 2023 10:49:49 +0000 (12:49 +0200)]
Replace box-shadow for `floating` dropdown as well (#26581)
Add `box-shadow` replacement to the `floating` dropdown variant as well,
which was missed in https://github.com/go-gitea/gitea/pull/26469. The
Fomantic style has `!important`, so this has to have too. Also made a
tiny adjustment to shadow color on dark theme.
<img width="305" alt="Screenshot 2023-08-18 at 16 40 34"
src="https://github.com/go-gitea/gitea/assets/115237/a0aac9cb-6393-4d69-b0b3-00eaac5ccf9f">
<img width="202" alt="Screenshot 2023-08-18 at 16 40 22"
src="https://github.com/go-gitea/gitea/assets/115237/0a5fa3aa-7452-4dbd-86ed-ccbc1c872ebb">
TimberBro [Sun, 20 Aug 2023 15:06:42 +0000 (18:06 +0300)]
Fix NPM packages name validation (#26595)
- Added new tests to cover corner cases
- Replace existing regex with new one
Closes #26551
---
As @silverwind suggested, I started from
[validate-npm-package-name](https://github.com/npm/validate-npm-package-name),
but found this solution too complicated.
Then I tried to fix existing regex myself, but thought, that exclude all
restricted symbols is harder, than set only allowed symbols.
Then I search a bit more and found
[package-name-regex](https://github.com/dword-design/package-name-regex)
and regex from it works for all new test cases.
Let me know, if more information or help with this PR is needed.
wxiaoguang [Thu, 17 Aug 2023 21:50:32 +0000 (05:50 +0800)]
Fix various line-height styles (#26553)
Fix #26537
Use the same default line-height as "normalize.css" instead of "1". "1"
is not right because it doesn't work with descent part and causes
overflow problems.
CaiCandong [Thu, 17 Aug 2023 13:19:24 +0000 (21:19 +0800)]
Fix label filter between `all` and `no` (#26557)
Regression of https://github.com/go-gitea/gitea/pull/25886.
# Description
For `labelIDs`:
https://github.com/go-gitea/gitea/blob/9afcb0e0461aa48a4fbda7740d4c5424911e35ef/routers/web/repo/issue.go#L171-L174
- `nil` mean no filter
- `[0]` mean `no label` filter
When `selectLabels == "0"`, labelIDs should be `[0]` rather than `nil`
# Before:
yp05327 [Wed, 16 Aug 2023 10:12:03 +0000 (19:12 +0900)]
Differentiate better between user settings and admin settings (#26538)
User settings page and admin settings page are too similar. I thinlk
this will be better of using `User Settings` and `Admin Settings` as the
navbar's title.
Jason Song [Wed, 16 Aug 2023 09:36:05 +0000 (17:36 +0800)]
Add missing triggers to update issue indexer (#26539)
Fix #26536
Follow #26012
Whatever the comment type is, always update the issue indexer. So the
issue indexer will be updated when there is a change in Status,
Assignee, Label, and so on.
I added the logic for `NotifyUpdateComment`, but missed it for
`NotifyCreateIssueComment` and `NotifyDeleteComment`.
In current design, the clickable area is too small, and it is hard to
find the correct clickable area as the area with background color (div
with class name `job-brief-item selected`) is bigger than it.
CaiCandong [Tue, 15 Aug 2023 14:50:12 +0000 (22:50 +0800)]
Fix project filter bugs (#26490)
related: #26012
### Bugs
1. missing project filter on the issue page.
https://github.com/go-gitea/gitea/blob/1e76a824bcd71acd59cdfb2c4547806bc34b3d86/modules/indexer/issues/dboptions.go#L11-L15
3. incorrect SQL condition: some issue does not belong to a project but
exists on the project_issue table.
yp05327 [Tue, 15 Aug 2023 14:00:35 +0000 (23:00 +0900)]
Fix display problems of members and teams unit (#26363)
Fix:
- display member count and team count in the menu bar
![image](https://github.com/go-gitea/gitea/assets/18380374/7f03ced4-67e2-41ce-b19f-a992823726bb)
- Also display member unit in the menu bar if there are no hidden
members in public org
![image](https://github.com/go-gitea/gitea/assets/18380374/31422ad6-7190-438d-8e99-8a4af9cce908)
- hidden member board when there's no seeable members.
In this org, we only have hidden members:
![image](https://github.com/go-gitea/gitea/assets/18380374/d749420b-554a-4483-8cd2-221df61b5ca7)
We will hidden the member board when doer is not the member of this org
![image](https://github.com/go-gitea/gitea/assets/18380374/eafc0b3e-6218-42ab-a892-39645d08a5eb)
If you click the number in the members board, you will access the
members page, which is not expected.