aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Replace more db.DefaultContext (#27628)Lunny Xiao2023-10-1533-85/+99
| | | Target #27065
* Fix 404 when there is an internal version of package (#27615)Nanguan Lin2023-10-151-1/+1
| | | | close #27601 The Docker registry has an internal version, which leads to 404
* [skip ci] Updated translations via CrowdinGiteaBot2023-10-151-1/+1
|
* Add anchor to review types (#26894)Earl Warren2023-10-141-2/+2
| | | | | | | | | | | | | | | | | | | | - The review type '22' is a general comment type that is attached to single codecomments, reviews with multiple comments or to simple approve and request changes comment. This comment can be used to create a link towards this action on an pull request. - Adds an anchor to the review comment type, so that when its getting linked to it, it actually jumps towards that event. - This also now fixes the behavior that after you created a review you will be redirected to that review and because this is an general comment type other mails will also be 'fixed' such as the approved or request changes. - Resolves https://codeberg.org/forgejo/forgejo/issues/1248 (cherry picked from commit 1741a5f1fe6adc68bb5f87bdd1c5bdc5bfaa45c7) --------- Co-authored-by: Gusted <postmaster@gusted.xyz> Co-authored-by: Caesar Schinas <caesar@caesarschinas.com>
* Update readme to remove drone svg (#27624)Nanguan Lin2023-10-142-4/+4
|
* Change the default branch in the agit docs (#27621)Nanguan Lin2023-10-142-6/+6
|
* Final round of `db.DefaultContext` refactor (#27587)JakobDev2023-10-1464-242/+250
| | | Last part of #27065
* Fix permissions for Token DELETE endpoint to match GET and POST (#27610)Evan Tobin2023-10-142-3/+30
| | | | | | | | Fixes #27598 In #27080, the logic for the tokens endpoints were updated to allow admins to create and view tokens in other accounts. However, the same functionality was not added to the DELETE endpoint. This PR makes the DELETE endpoint function the same as the other token endpoints and adds unit tests
* Enhanced auth token / remember me (#27606)KN4CK3R2023-10-1423-103/+418
| | | | | | | | | | | | | | | | | Closes #27455 > The mechanism responsible for long-term authentication (the 'remember me' cookie) uses a weak construction technique. It will hash the user's hashed password and the rands value; it will then call the secure cookie code, which will encrypt the user's name with the computed hash. If one were able to dump the database, they could extract those two values to rebuild that cookie and impersonate a user. That vulnerability exists from the date the dump was obtained until a user changed their password. > > To fix this security issue, the cookie could be created and verified using a different technique such as the one explained at https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies. The PR removes the now obsolete setting `COOKIE_USERNAME`.
* [skip ci] Updated translations via CrowdinGiteaBot2023-10-1419-64/+13
|
* rm outdated docs from some languages (#27530)techknowlogick2023-10-1347-2068/+0
| | | related to #27499
* Upgrade go dependencies (#27599)Chongyi Zheng2023-10-132-62/+77
| | | | | | | | | | Upgrade all dependencies in `go.mod` `golang.org/x/net` v0.17.0 also fixes [CVE-2023-39325](https://github.com/advisories/GHSA-4374-p667-p6c8) --------- Co-authored-by: delvh <dev.lh@web.de>
* Fix build errors on BSD (in BSDMakefile) (#27594)Sergey Zolotarev2023-10-131-2/+2
| | | | | | | | | | | | | | | | | | | 1. `make build` fails because `||` and `&&` have the same precedence in sh/bash, so the `false` command always evaluated (leading to an error). ``` + which gmake /usr/local/bin/gmake + false *** Failed target: .BEGIN *** Failed command: which "gmake" || printf "Error: GNU Make is required!\n\n" 1>&2 && false *** Error code 1 ``` 2. When `GPREFIX` is set to an empty string with quotation marks, `gmake` mistakenly thinks that it's a file name: ``` gmake: *** empty string invalid as file name. Stop. ```
* Enable shorthands in `declaration-strict-value` linter (#27597)silverwind2023-10-132-2/+2
| | | | | | | | | | | Enable [shorthand matching](https://github.com/AndyOGo/stylelint-declaration-strict-value#expandshorthand) in this lint rule and match color properties by regex. Patterns like this will now fail lint: ```css background: #123456; border: 1px sold rgba(0,0,0,0); ```
* [skip ci] Updated translations via CrowdinGiteaBot2023-10-131-89/+114
|
* Make disk clean action a bit more robust (#27590)silverwind2023-10-121-6/+9
|
* [skip ci] Updated translations via CrowdinGiteaBot2023-10-122-0/+52
|
* Keep filter when showing unfiltered results on explore page (#27192)JakobDev2023-10-111-1/+1
| | | | | | | Fixes https://codeberg.org/Codeberg/Community/issues/1302 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Don't show Link to TOTP if not set up (#27585)JakobDev2023-10-112-3/+13
|
* Fix data-race bug when accessing task.LastRun (#27584)wxiaoguang2023-10-111-2/+1
|
* Fix template bug (#27581)Lunny Xiao2023-10-111-1/+2
| | | Regression from #27414
* Replace ajax with fetch, improve image diff (#27267)silverwind2023-10-119-81/+95
| | | | | | | | | | | 1. Dropzone attachment removal, pretty simple replacement 2. Image diff: The previous code fetched every image twice, once via `img[src]` and once via `$.ajax`. Now it's only fetched once and a second time only when necessary. The image diff code was partially rewritten. --------- Co-authored-by: Giteabot <teabot@gitea.io>
* Replace assert.Fail with assert.FailNow (#27578)Nanguan Lin2023-10-1114-38/+20
| | | | | | | | | assert.Fail() will continue to execute the code while assert.FailNow() not. I thought those uses of assert.Fail() should exit immediately. PS: perhaps it's a good idea to use [require](https://pkg.go.dev/github.com/stretchr/testify/require) somewhere because the assert package's default behavior does not exit when an error occurs, which makes it difficult to find the root error reason.
* Fix the robots.txt pathLunny Xiao2023-10-112-2/+2
|
* show manual cron run's last time (#27544)Earl Warren2023-10-113-0/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | - Currently in the cron tasks, the 'Previous Time' only displays the previous time of when the cron library executes the function, but not any of the manual executions of the task. - Store the last run's time in memory in the Task struct and use that, when that time is later than time that the cron library has executed this task. - This ensures that if an instance admin manually starts a task, there's feedback that this task is/has been run, because the task might be run that quick, that the status icon already has been changed to an checkmark, - Tasks that are executed at startup now reflect this as well, as the time of the execution of that task on startup is now being shown as 'Previous Time'. - Added integration tests for the API part, which is easier to test because querying the HTML table of cron tasks is non-trivial. - Resolves https://codeberg.org/forgejo/forgejo/issues/949 (cherry picked from commit fd34fdac1408ece6b7d9fe6a76501ed9a45d06fa) --------- Co-authored-by: Gusted <postmaster@gusted.xyz> Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: silverwind <me@silverwind.io>
* fully replace drone with actions (#27556)techknowlogick2023-10-115-431/+267
| | | this builds binaries and docker images for tags
* Revert "Simplify `contrib/backport` (#27520)" (#27566)zeripath2023-10-111-12/+225
| | | | This reverts #27520 commit 79e8865aaed43de81816390ee616263bb2bee67f which breaks `--continue` functionality.
* Align ISSUE_TEMPLATE with the new label system (#27573)Nanguan Lin2023-10-113-3/+3
| | | As title
* Penultimate round of `db.DefaultContext` refactor (#27414)JakobDev2023-10-11136-421/+428
| | | | | | | Part of #27065 --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* [skip ci] Updated translations via CrowdinGiteaBot2023-10-111-0/+165
|
* Fix attachment download bug (#27486)Lunny Xiao2023-10-106-21/+21
|
* Make actions default enabled for newly created repository if global ↵Lunny Xiao2023-10-105-4/+5
| | | | configuraion enabled (#27482)
* Fix the wrong HTTP response status code for duplicate packages (#27480)Nanguan Lin2023-10-1027-23/+69
| | | | | | | | fix #27470 (hope there is nothing missing 😢 ) --------- Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
* Increase queue length (#27555)Jason Song2023-10-105-5/+5
|
* Respect SSH.KeygenPath option when calculating ssh key fingerprints (#27536)Sebastian Grabowski2023-10-101-1/+1
| | | Fixes #27535
* Remove max-width and add hide text overflow (#27359)Kyle D2023-10-092-25/+12
| | | Closes https://github.com/go-gitea/gitea/issues/27358
* Fix `environment-to-ini` inherited key bug (#27543)wxiaoguang2023-10-102-1/+28
| | | | | | | Fix #27541 The INI package has a quirk: by default, the keys are inherited. When maintaining the keys, the newly added sub key should not be affected by the parent key.
* Improve docs about register/run as a service (#27461)Nanguan Lin2023-10-092-13/+14
| | | As title
* api: GetPullRequestCommits: return file list (#27483)Michael Santos2023-10-095-2/+65
| | | | | | | | Fixes https://github.com/go-gitea/gitea/issues/27481 ---- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* switch to using official AWS step in release nightly (#27532)techknowlogick2023-10-091-8/+8
| | | | `jakejarvis/s3-sync-action@master` is out of date, and using official actions is always recommended
* Improve file history UI and fix URL escaping bug (#27531)wxiaoguang2023-10-091-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | Follow #27354 Major changes: 1. The `right aligned` in `<th class="one wide right aligned">` is a no-op because it doesn't have any content 2. The `gt-df` in `<td class="sha gt-df">` was wrong, it causes UI misalignment, a table cell shouldn't be "flex" 3. Use `gt-py-0` for `gt-pt-0 gt-pb-0` 4. Simplify the layout for buttons, because the `text right aligned` is widely used and good enough, it doesn't make sense to introduce the `<div class="gt-df gt-je">` 5. Escape the `$.FileName` correctly Before: ![image](https://github.com/go-gitea/gitea/assets/2114189/eb2ced3f-1dad-4149-9ed2-aee4c0663621) After: ![image](https://github.com/go-gitea/gitea/assets/2114189/08244b61-416b-4279-b495-029bc0a96f67)
* Improve dropdown's behavior when there is a search input in menu (#27526)wxiaoguang2023-10-092-3/+9
| | | | | | Follow #27225 The change in #27225 is not ideal, this should be the complete fix: support the layout which Fomantic doesn't support.
* Simplify `contrib/backport` (#27520)silverwind2023-10-091-225/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This script was trying to be too smart, make it more straightforward and less error-prone so that i could be used by the backport bot too ideally. - Always delete the backport branch so that script is idempotent in this regard - Remove the push functionality, it's best done by the user because only they know the remote name - Remove reading docs/config.yaml, it no longer exists - Remove version detection, version is now a required argument - Remove opening the pull request with xdg-open, xdg-open is not portable - Remove continue from failed cherry pick. It's best to reset manually in this case - Clean up the console logging Example run: ``` $ go run ./contrib/backport --version v1.21 27503 * Backporting 27503 to origin/release/v1.21 as backport-27503-v1.21 * `git fetch origin main` * `git fetch origin release/v1.21` * `git branch -D backport-27503-v1.21` * `git checkout -b backport-27503-v1.21 origin/release/v1.21` * Attempting git cherry-pick 08efeb5cdc22d21b5ef12cc540727594a22062d1 * Amending commit to prepend `Backport #27503` to body Backport done! You can now push it with `git push yourremote backport-27503-v1.21` ``` --------- Co-authored-by: delvh <dev.lh@web.de>
* Add docs section for sub-paths with the container registry (#27505)KN4CK3R2023-10-091-0/+6
| | | | | | | | | | Fixes #21092 suggested by https://github.com/go-gitea/gitea/issues/21092#issuecomment-1749965397 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Document our new labeling strategy (#27523)delvh2023-10-091-9/+12
|
* [skip ci] Updated translations via CrowdinGiteaBot2023-10-091-0/+71
|
* Restore warning commit status (#27504)silverwind2023-10-088-7/+26
| | | | | | | | | | | | | Partial revert of https://github.com/go-gitea/gitea/pull/25839. This commit status is used by a number of external integrations, so I think we should not remove it (See https://github.com/go-gitea/gitea/pull/25839#issuecomment-1729002077). This is a rare case where an existing migration needed to be alterted to avoid data loss. --------- Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Giteabot <teabot@gitea.io>
* Update labeler to match new labeling system (#27525)Denys Konovalov2023-10-081-5/+19
|
* Apply to become a maintainer (#27522)Gary Wang2023-10-081-0/+1
|
* Remove unnecessary desc for openssh key cron task (#27515)Lunny Xiao2023-10-082-6/+2
|