Commit graph

16877 commits

Author SHA1 Message Date
Nanguan Lin 80a0ab350b
Add unit tests for action runner token (#27670)
In case the behavior of the register token changes.
2023-10-19 07:24:24 +00:00
SandeshPyakurel 776b092863
Typos fixed in documentation files (#27687)
Typos fixed in multiple docs files.
2023-10-19 02:46:26 -04:00
GiteaBot 63e391ed17 [skip ci] Updated translations via Crowdin 2023-10-19 00:23:11 +00:00
sebastian-sauer 7210f23fa0
Add link for repositories README file (#27684)
this allows to deep link to the readme section of a repository.

fixes #27641

Screenshots:

No changes on initial display:

![image](https://github.com/go-gitea/gitea/assets/1135157/efbef50e-c24b-4cca-b19f-9092e70b5a5f)

On hover the link is shown:

![image](https://github.com/go-gitea/gitea/assets/1135157/c8dff2b8-31dc-4b7b-96d0-27642318483d)
2023-10-18 17:59:46 -05:00
Jason Song 0a2b93d411
Fix typo "GetLatestRunnerToken" (#27680) 2023-10-18 15:52:44 +00:00
silverwind 0b654fa8dc
Clipboard copy enhancements (#27669)
1. Do not show temporary tooltips that are triggered from within
dropdowns. Previously this resulted in the tooltip being stuck to
top-left of the page like seen on issue comment URL copy. I could not
figure out any tippy options that prevent this, so I think it's better
to just not show it.
1. Refactor `initGlobalCopyToClipboardListener` so that it does not run
a often useless `document.querySelector` on every click, make
`data-clipboard-text-type` work with `data-clipboard-target`. No use in
current code base but still good to have. Finally some minor code
cleanup in the function.

Point 1 is for this copy button:

<img width="229" alt="image"
src="https://github.com/go-gitea/gitea/assets/115237/81f34746-8ea5-43d9-8c6f-f6f417a9e4ad">

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-10-18 15:16:06 +00:00
Lunny Xiao 9852c92e9a
Remove unnecessary parameter (#27671) 2023-10-18 15:03:10 +00:00
KN4CK3R 83186eca80
Always delete existing scheduled action tasks (#27662)
Fixes #27650
2023-10-18 10:34:39 +00:00
Jason Song 4e98224a45
Support allowed hosts for webhook to work with proxy (#27655)
When `webhook.PROXY_URL` has been set, the old code will check if the
proxy host is in `ALLOWED_HOST_LIST` or reject requests through the
proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`.
However, it actually allows all requests to any port on the host, when
the proxy host is probably an internal address.

But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work
when requests are sent to the allowed proxy, and the proxy could forward
them to any hosts.

This PR fixes it by:

- If the proxy has been set, always allow connectioins to the host and
port.
- Check `ALLOWED_HOST_LIST` before forwarding.
2023-10-18 09:44:36 +00:00
yp05327 8abc1aae4a
Improve the list header in milestone page (#27302)
The ui of list header in milestone page is not same as issue and pr list
page.
And they are using different template codes which can be merged into
one.

Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/29eb426c-2dd6-4cf2-96e0-82339fb631bb)

![image](https://github.com/go-gitea/gitea/assets/18380374/b36c4dff-469a-4395-8a02-a8c54e17ab21)



![image](https://github.com/go-gitea/gitea/assets/18380374/d882c74a-451b-431d-b58e-3635a15d9718)

![image](https://github.com/go-gitea/gitea/assets/18380374/292cd38d-1b50-47f1-b32c-9b5de90ce5fb)


After:

![image](https://github.com/go-gitea/gitea/assets/18380374/4529234e-67dc-4e17-9440-e638be4fbc41)

![image](https://github.com/go-gitea/gitea/assets/18380374/c15b4d86-0762-497b-b28d-72d09443d629)

---------

Co-authored-by: puni9869 <80308335+puni9869@users.noreply.github.com>
2023-10-18 00:03:42 +00:00
Lunny Xiao eeb1e0242b
Fix poster is not loaded in get default merge message (#27657) 2023-10-17 15:07:23 +00:00
puni9869 4adc2a828d
Hide archived labels by default from the suggestions when assigning labels for an issue (#27451)
Followup of #27115
Finally closes #25237

## Screenshots
### Issue Sidebar
<img width="513" alt="image"
src="https://github.com/go-gitea/gitea/assets/80308335/9f7fda2f-5a03-4684-8619-fd3498a95b41">

### PR sidebar
<img width="367" alt="image"
src="https://github.com/go-gitea/gitea/assets/80308335/53db9b64-faec-4a67-91d6-76945596a469">

### PR sidebar with archived labels shown
<img width="352" alt="image"
src="https://github.com/go-gitea/gitea/assets/80308335/9dc5050f-4e69-4f76-bb83-582480a2281e">

---------

Signed-off-by: puni9869 <punitinani1@hotmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-10-17 16:10:45 +02:00
Yevhen Pavlov d98c863884
actions/setup-go use go-version-file (#27651)
These changes will allow not to specify the version of go in every
pipeline.
2023-10-17 10:24:54 +00:00
Sandro Santilli 0f3ea4e1b1
Update agit-support.en-us.md (#27652)
Clarify Agit PR creation documentation

See https://github.com/go-gitea/gitea/issues/27579
2023-10-17 17:53:36 +08:00
Denys Konovalov 0271114e64
cleanup repo details icons/labels (#27644)
Fix #27596 

Change confusing behavior when showing information about a repo via
labels and icons. Implement changes proposed by @lng2020 in
https://github.com/go-gitea/gitea/pull/27627#pullrequestreview-1678787673.
2023-10-16 23:06:15 +02:00
wxiaoguang 6c501b1498
Improve dropdown button alignment and fix hover bug (#27632)
1. fix #27631 , and add samples to devtest page
2. fix incorrect color for "ui dropdown button" when hover
2023-10-16 07:26:08 +00:00
GiteaBot d1f85525d0 [skip ci] Updated licenses and gitignores 2023-10-16 00:24:20 +00:00
Jason Song 1be49fdda6
Improve retrying index issues (#27554)
Fix #27540
2023-10-15 18:56:57 +00:00
Lunny Xiao cddf245c12
Replace more db.DefaultContext (#27628)
Target #27065
2023-10-15 17:46:06 +02:00
Nanguan Lin 7480aacdad
Fix 404 when there is an internal version of package (#27615)
close #27601
The Docker registry has an internal version, which leads to 404
2023-10-15 09:22:10 +00:00
GiteaBot 4f6043f554 [skip ci] Updated translations via Crowdin 2023-10-15 00:25:13 +00:00
Earl Warren 89c9a498fd
Add anchor to review types (#26894)
- The review type '22' is a general comment type that is attached to
single codecomments, reviews with multiple comments or to simple approve
and request changes comment. This comment can be used to create a link
towards this action on an pull request.
- Adds an anchor to the review comment type, so that when its getting
linked to it, it actually jumps towards that event.
- This also now fixes the behavior that after you created a review you
will be redirected to that review and because this is an general comment
type other mails will also be 'fixed' such as the approved or request
changes.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1248

(cherry picked from commit 1741a5f1fe6adc68bb5f87bdd1c5bdc5bfaa45c7)

---------

Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: Caesar Schinas <caesar@caesarschinas.com>
2023-10-14 16:13:59 -05:00
Nanguan Lin 02d4e4d412
Update readme to remove drone svg (#27624) 2023-10-14 16:11:54 +00:00
Nanguan Lin e29e40d128
Change the default branch in the agit docs (#27621) 2023-10-14 09:50:23 -04:00
JakobDev 76a85a4ce9
Final round of db.DefaultContext refactor (#27587)
Last part of #27065
2023-10-14 08:37:24 +00:00
Evan Tobin ae419fa494
Fix permissions for Token DELETE endpoint to match GET and POST (#27610)
Fixes #27598

In #27080, the logic for the tokens endpoints were updated to allow
admins to create and view tokens in other accounts. However, the same
functionality was not added to the DELETE endpoint. This PR makes the
DELETE endpoint function the same as the other token endpoints and adds unit tests
2023-10-14 08:04:44 +00:00
KN4CK3R c6c829fe3f
Enhanced auth token / remember me (#27606)
Closes #27455

> The mechanism responsible for long-term authentication (the 'remember
me' cookie) uses a weak construction technique. It will hash the user's
hashed password and the rands value; it will then call the secure cookie
code, which will encrypt the user's name with the computed hash. If one
were able to dump the database, they could extract those two values to
rebuild that cookie and impersonate a user. That vulnerability exists
from the date the dump was obtained until a user changed their password.
> 
> To fix this security issue, the cookie could be created and verified
using a different technique such as the one explained at
https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies.

The PR removes the now obsolete setting `COOKIE_USERNAME`.
2023-10-14 00:56:41 +00:00
GiteaBot ee6a390675 [skip ci] Updated translations via Crowdin 2023-10-14 00:22:28 +00:00
techknowlogick c573d96b70
rm outdated docs from some languages (#27530)
related to #27499
2023-10-13 19:29:18 +00:00
Chongyi Zheng b5a4ec0fb1
Upgrade go dependencies (#27599)
Upgrade all dependencies in `go.mod`

`golang.org/x/net` v0.17.0 also fixes
[CVE-2023-39325](https://github.com/advisories/GHSA-4374-p667-p6c8)

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-10-13 16:11:15 +00:00
Sergey Zolotarev cf74f5fc40
Fix build errors on BSD (in BSDMakefile) (#27594)
1. `make build` fails because `||` and `&&` have the same precedence in
sh/bash, so the `false` command always evaluated (leading to an error).

   ```
   + which gmake /usr/local/bin/gmake
   + false

   *** Failed target:  .BEGIN
*** Failed command: which "gmake" || printf "Error: GNU Make is
required!\n\n" 1>&2 && false
   *** Error code 1
   ```

2. When `GPREFIX` is set to an empty string with quotation marks,
`gmake` mistakenly thinks that it's a file name:

   ``` gmake: *** empty string invalid as file name.  Stop. ```
2023-10-13 15:38:27 +00:00
silverwind 532f166c4d
Enable shorthands in declaration-strict-value linter (#27597)
Enable [shorthand
matching](https://github.com/AndyOGo/stylelint-declaration-strict-value#expandshorthand)
in this lint rule and match color properties by regex. Patterns like
this will now fail lint:

```css
background: #123456;
border: 1px sold rgba(0,0,0,0);
```
2023-10-13 08:19:21 +00:00
GiteaBot 3e9a379d38 [skip ci] Updated translations via Crowdin 2023-10-13 00:23:41 +00:00
silverwind c37f95fc56
Make disk clean action a bit more robust (#27590) 2023-10-12 00:24:13 -04:00
GiteaBot d020343269 [skip ci] Updated translations via Crowdin 2023-10-12 00:21:30 +00:00
JakobDev bf24852b20
Keep filter when showing unfiltered results on explore page (#27192)
Fixes https://codeberg.org/Codeberg/Community/issues/1302

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-10-11 22:10:51 +00:00
JakobDev 328da56a28
Don't show Link to TOTP if not set up (#27585) 2023-10-11 20:12:54 +00:00
wxiaoguang 1d155a43ad
Fix data-race bug when accessing task.LastRun (#27584) 2023-10-11 14:51:20 +00:00
Lunny Xiao fb74fe99d6
Fix template bug (#27581)
Regression from #27414
2023-10-11 14:02:15 +00:00
silverwind 73b63d9311
Replace ajax with fetch, improve image diff (#27267)
1. Dropzone attachment removal, pretty simple replacement
2. Image diff: The previous code fetched every image twice, once via
`img[src]` and once via `$.ajax`. Now it's only fetched once and a
second time only when necessary. The image diff code was partially
rewritten.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-10-11 12:34:21 +00:00
Nanguan Lin dc04044716
Replace assert.Fail with assert.FailNow (#27578)
assert.Fail() will continue to execute the code while assert.FailNow()
not. I thought those uses of assert.Fail() should exit immediately.
PS: perhaps it's a good idea to use
[require](https://pkg.go.dev/github.com/stretchr/testify/require)
somewhere because the assert package's default behavior does not exit
when an error occurs, which makes it difficult to find the root error
reason.
2023-10-11 11:02:24 +00:00
Lunny Xiao dca195e9bd
Fix the robots.txt path 2023-10-11 18:01:52 +08:00
Earl Warren 1050d7a78f
show manual cron run's last time (#27544)
- Currently in the cron tasks, the 'Previous Time' only displays the
previous time of when the cron library executes the function, but not
any of the manual executions of the task.
- Store the last run's time in memory in the Task struct and use that,
when that time is later than time that the cron library has executed
this task.
- This ensures that if an instance admin manually starts a task, there's
feedback that this task is/has been run, because the task might be run
that quick, that the status icon already has been changed to an
checkmark,
- Tasks that are executed at startup now reflect this as well, as the
time of the execution of that task on startup is now being shown as
'Previous Time'.
- Added integration tests for the API part, which is easier to test
because querying the HTML table of cron tasks is non-trivial.
- Resolves https://codeberg.org/forgejo/forgejo/issues/949

(cherry picked from commit fd34fdac1408ece6b7d9fe6a76501ed9a45d06fa)

---------

Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: silverwind <me@silverwind.io>
2023-10-11 07:28:16 +00:00
techknowlogick dc7cf7a984
fully replace drone with actions (#27556)
this builds binaries and docker images for tags
2023-10-11 06:39:32 +00:00
zeripath 4378f9dfff
Revert "Simplify contrib/backport (#27520)" (#27566)
This reverts #27520 commit 79e8865aae
which breaks `--continue` functionality.
2023-10-11 05:55:17 +00:00
Nanguan Lin 248b7ee850
Align ISSUE_TEMPLATE with the new label system (#27573)
As title
2023-10-11 13:25:31 +08:00
JakobDev ebe803e514
Penultimate round of db.DefaultContext refactor (#27414)
Part of #27065

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-10-11 04:24:07 +00:00
GiteaBot 50166d1f7c [skip ci] Updated translations via Crowdin 2023-10-11 00:22:56 +00:00
Lunny Xiao 5c9fbcca00
Fix attachment download bug (#27486) 2023-10-10 15:33:56 +00:00
Lunny Xiao 7ff1f2527c
Make actions default enabled for newly created repository if global configuraion enabled (#27482) 2023-10-10 14:45:31 +00:00