Commit Graph

17329 Commits

Author SHA1 Message Date
Jason Song f9072dbf3c
Hide code links on release page if user cannot read code (#29064)
On the release list page, if the user doesn't have the permission to
read code, the code links will lead to 404 pages or api errors:

<img width="1297" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/a74fbc63-6dd6-43c6-853c-28acdbfdcb4e">


After this PR:

<img width="1297" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/a626373d-c2df-40a9-8fed-1b12ff6bc56f">

And this PR also removed some dead code. After #23465, the tag list page
has an independent template, and all `IsTag` in the release list
template are always false.
2024-02-06 19:57:25 +08:00
GiteaBot f69914dd0b [skip ci] Updated translations via Crowdin 2024-02-06 00:23:28 +00:00
Yarden Shoham 6992ef98fc
Don't do a full page load when clicking `Watch` or `Star` (#29001)
- The watch/unwatch button and star/unstar get their own template
- The backend returns HTML instead of redirect

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2024-02-05 09:56:20 +00:00
Jason Song 0d136df3f0
Remove useless template file (#29053)
Removed `templates/repo/settings/nav.tmpl`.

I don't think it's still used.

On main branch:
<img width="521" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/c0bf958c-698a-4348-840e-3ade0312bd6e">

On commit 755eec745f (the commit that
created this file):

<img width="615" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/5156b26d-1ecd-4197-a0a6-dc2d17652ff4">
2024-02-05 09:23:08 +00:00
Wang 4bb1fcd2e7
Fix typos in the documentation (#29048)
Corrected two typos.
2024-02-05 16:19:05 +08:00
Lunny Xiao 9bb1adf8ea
Move some repository transfer functions to service layer (#28855) 2024-02-05 06:17:23 +00:00
Sergey Bugaev 2da233ad8b
Propagate install_if and provider_priority to APKINDEX (#28899)
Resolves https://github.com/go-gitea/gitea/issues/28704

Example of an entry in the generated `APKINDEX` file:

```
C:Q1xCO3H9LTTEbhKt9G1alSC87I56c=
P:hello
V:2.12-r1
A:x86_64
T:The GNU Hello program produces a familiar, friendly greeting
U:https://www.gnu.org/software/hello/
L:GPL-3.0-or-later
S:15403
I:36864
o:hello
m:
t:1705934118
D:so:libc.musl-x86_64.so.1
p:cmd:hello=2.12-r1
i:foobar=1.0 !baz
k:42
```

the `i:` and `k:` entries are new.

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-02-05 05:52:56 +00:00
GiteaBot 016c77a833 [skip ci] Updated licenses and gitignores 2024-02-05 00:25:25 +00:00
Bram Hagens 50f55f11c4
Show whether a PR is WIP inside popups (#28975)
Fixes https://codeberg.org/forgejo/forgejo/issues/2257

Draft status of a PR is currently not exposed by the API. This PR adds a
'draft' field to pull requests in the API, which is used to correctly
set the PR color/icon in a ContextPopup.

---

Before:

![image](https://github.com/go-gitea/gitea/assets/5541521/72cbd30e-1175-4338-aa97-ac99c46c5118)

After:

![image](https://github.com/go-gitea/gitea/assets/5541521/111c9eba-460e-4d57-bcca-23a151c3a4f1)
2024-02-04 22:37:45 +00:00
KN4CK3R 688d4a1f71
Unify password changing and invalidate auth tokens (#27625)
- Unify the password changing code
- Invalidate existing auth tokens when changing passwords
2024-02-04 14:05:26 +00:00
KN4CK3R f8b471ace1
Unify user update methods (#28733)
Fixes #28660
Fixes an admin api bug related to `user.LoginSource`
Fixed `/user/emails` response not identical to GitHub api

This PR unifies the user update methods. The goal is to keep the logic
only at one place (having audit logs in mind). For example, do the
password checks only in one method not everywhere a password is updated.

After that PR is merged, the user creation should be next.
2024-02-04 13:29:09 +00:00
wxiaoguang b4513f48ce
Do not render empty comments (#29039)
Follow #28654

The `comments` might be empty, so the templates shouldn't (and couldn't)
use it to render. When there is no comment, the UI should also be
updated to empty, so returning an empty body is good enough.
2024-02-04 13:05:01 +00:00
KN4CK3R 9bea276055
Add `must-change-password` cli parameter (#27626)
This PR adds a new `must-change-password` parameter to the
`change-password` cli command.
We already have the `must-change-password` command but it feels natural
to have this integrated into the `change-password` cli command.

---------

Co-authored-by: 6543 <6543@obermui.de>
2024-02-03 19:53:27 +02:00
Gwyneth Morgan 360b3fd17c
Include username in email headers (#28981)
Emails from Gitea comments do not contain the username of the commenter
anywhere, only their display name, so it is not possible to verify who
made a comment from the email itself:

	From: "Alice" <email@gitea>
	X-Gitea-Sender: Alice
	X-Gitea-Recipient: Bob
	X-GitHub-Sender: Alice
	X-GitHub-Recipient: Bob

	This comment looks like it's from @alice.

The X-Gitea/X-GitHub headers also use display names, which is not very
reliable for filtering, and inconsistent with GitHub's behavior:

	X-GitHub-Sender: lunny
	X-GitHub-Recipient: gwymor

This change includes both the display name and username in the From
header, and switches the other headers from display name to username:

	From: "Alice (@fakealice)" <email@gitea>
	X-Gitea-Sender: fakealice
	X-Gitea-Recipient: bob
	X-GitHub-Sender: fakealice
	X-GitHub-Recipient: bob

	This comment looks like it's from @alice.
2024-02-03 00:41:27 +00:00
silverwind a6cea59514
Update tool dependencies (#29030) 2024-02-02 19:11:39 -05:00
ChristopherHX a9bc590d5d
Add artifacts v4 jwt to job message and accept it (#28885)
This change allows act_runner / actions_runner to use jwt tokens for
`ACTIONS_RUNTIME_TOKEN` that are compatible with
actions/upload-artifact@v4.

The official Artifact actions are now validating and extracting the jwt
claim scp to get the runid and jobid, the old artifact backend also
needs to accept the same token jwt.

---
Related to #28853

I'm not familar with the auth system, maybe you know how to improve this

I have tested
- the jwt token is a valid token for artifact uploading
- the jwt token can be parsed by actions/upload-artifact@v4 and passes
their scp claim validation

Next steps would be a new artifacts@v4 backend.

~~I'm linking the act_runner change soonish.~~
act_runner change to make the change effective and use jwt tokens
<https://gitea.com/gitea/act_runner/pulls/471>
2024-02-02 14:25:59 +00:00
silverwind 8f9f0e4ab2
Pass es2020 to esbuild-loader as well (#29027)
Followup https://github.com/go-gitea/gitea/pull/28977. I forgot to pass
the updated option to esbuild-loader, e.g. previously it was only passed
to the minifier.
2024-02-02 15:01:32 +01:00
yp05327 3aed8ae034
Fix default avatar image size in PR diff page (#28971)
Fix #28941

ps: didn't test. The repo is too big to migrate.
2024-02-02 10:01:11 +00:00
silverwind a062725758
Update JS and PY dependencies, build for `es2020` browsers (#28977)
- Update all JS dependencies minus @mcaptcha/vanilla-glue
- Fix new lint errors
- Regenerate SVGs
- Switch to maintained stylelint stylistic plugin
- Tested Mermaid, Citation, Swagger, sorting
- Raise ESBuild target to `es2020` as dictated by `pretty-ms`
dependency.
2024-02-02 09:36:32 +00:00
delvh 71422c0e3b
Wrap contained tags and branches again (#29021)
Fixes #29016

## After

![grafik](https://github.com/go-gitea/gitea/assets/51889757/2c72ee8f-439e-4328-85df-77772e0f4aef)
2024-02-02 04:51:09 +00:00
yp05327 b9f8d75e27
Avoid sending update/delete release notice when it is draft (#29008)
Fix #27157
2024-02-02 04:18:12 +00:00
wxiaoguang e6265cf59d
Fix incorrect button CSS usages (#29015) 2024-02-01 21:28:50 +00:00
silverwind b71850ea73
Strip trailing newline in markdown code copy (#29019)
Behaviour now matches GH. Safeguard added in the for loop because
`textContent` may be null in which case it does not make sense to render
the copy button.
2024-02-01 15:01:48 -06:00
KN4CK3R c3e462921e
Improve user search display name (#29002)
I tripped over this strange method and I don't think we need that
workaround to fix the value.

old:

![grafik](https://github.com/go-gitea/gitea/assets/1666336/c8b6797b-eb45-4dec-99db-1b0649a34ec5)

new:

![grafik](https://github.com/go-gitea/gitea/assets/1666336/ab1a65ae-de5b-4ce4-9813-3b8b39c7922e)

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-02-01 17:10:16 +00:00
Lunny Xiao 3a66762130
Revert "Speed up loading the dashboard on mysql/mariadb (#28546)" (#29006)
This reverts commit fa8c3beb26. #28546 
Because it seems performance become worse.
2024-02-01 14:25:37 +08:00
silverwind a1e0d8bd8b
Update dorny/paths-filter action (#29003) 2024-01-31 20:43:06 -05:00
GiteaBot ab45f9ee12 [skip ci] Updated translations via Crowdin 2024-02-01 00:25:05 +00:00
yp05327 64faecefe1
Fix UI Spacing Errors in mirror settings (#28990) 2024-02-01 00:04:23 +00:00
Yarden Shoham 4989ad0a9f
Add htmx guidelines (#28993)
To make sure we don't abuse it.

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
2024-01-31 23:36:23 +01:00
Lunny Xiao 3b50dd95ce
Some refactor for git http (#28995)
# Purpose

This PR makes git http related functions use the same `context.Context`
so they can be maintained easier.
2024-01-31 15:23:22 +00:00
Zettat123 adc3598a75
Fix an actions schedule bug (#28942)
In #28691, schedule plans will be deleted when a repo's actions unit is
disabled. But when the unit is enabled, the schedule plans won't be
created again.

This PR fixes the bug. The schedule plans will be created again when the
actions unit is re-enabled
2024-01-31 14:55:12 +00:00
yp05327 0b1a42ce0f
Fix doc img path in profile readme (#28994)
https://gitea.com/gitea/gitea-docusaurus/actions/runs/1007/jobs/0#jobstep-9-25
2024-01-31 21:32:17 +08:00
Yarden Shoham 3e8414179c
Introduce htmx and use it to avoid full page load on `Subscribe` and `Follow` (#28908)
- Closes https://github.com/go-gitea/gitea/issues/28880

This change introduces htmx with the hope we could use it to make Gitea
more reactive while keeping our "HTML rendered on the server" approach.

- Add `htmx.js` that imports `htmx.org` and initializes error toasts
- Place `hx-headers='{"x-csrf-token": "{{.CsrfToken}}"}'` on the
`<body>` tag so every request that htmx sends is authenticated
- Place `hx-swap="outerHTML"` on the `<body>` tag so the response of
each htmx request replaces the tag it targets (as opposed to its inner
content)
- Place `hx-push-url="false"` on the `<body>` tag so no changes to the
URL happen in `<form>` tags
- Add the `is-loading` class during request

### Error toasts in action


![errors](https://github.com/go-gitea/gitea/assets/20454870/181a1beb-1cb8-4858-abe8-fa1fc3f5b8f3)

## Don't do a full page load when clicking the subscribe button
- Refactor the form around the subscribe button into its own template
- Use htmx to perform the form submission
- `hx-boost="true"` to prevent the default form submission behavior of a
full page load
- `hx-sync="this:replace"` to replace the current request (in case the
button is clicked again before the response is returned)
  - `hx-target="this"` to replace the form tag with the new form tag
- Change the backend response to return a `<form>` tag instead of a
redirect to the issue page

### Before


![subscribe_before](https://github.com/go-gitea/gitea/assets/20454870/cb2439a2-c3c0-425c-8d3c-5d646b1cdc28)

### After


![subscribe_after](https://github.com/go-gitea/gitea/assets/20454870/6fcd77d8-7b11-40b0-af4f-b152aaad787c)

## Don't do a full page load when clicking the follow button
- Use htmx to perform the button request
- `hx-post="{{.ContextUser.HomeLink}}?action=follow"` to send a POST
request to follow the user
- `hx-target="#profile-avatar-card"` to target the card div for
replacement
- `hx-indicator="#profile-avatar-card"` to place the loading indicator
on the card
- Change the backend response to return a `<div>` tag (the card) instead
of a redirect to the user page

### Before


![follow_before](https://github.com/go-gitea/gitea/assets/20454870/a210b643-6e74-4ff9-8e61-d658c62edf1f)

### After


![follow_after](https://github.com/go-gitea/gitea/assets/20454870/5bb19ae9-0d59-4ae3-b538-4c83334e4722)

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: 6543 <m.huber@kithara.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2024-01-30 15:45:54 +01:00
KN4CK3R 27d4c11ec3
Fix joins in `db.Find(AndCount)` (#28978) 2024-01-30 02:37:24 +00:00
Mike Cifelli 8ef53c871b
Update golang links to use https (#28980)
Many of the golang links point to the old site and don't use https. This
pull request updates these outdated links to https://go.dev .

https://github.com/go-gitea/gitea/issues/28979
2024-01-30 03:11:11 +02:00
Matheus Sampaio Queiroga 37ede3197a
Fix google logo in security page (#28982)
Fix google logo in user security page: #28701

Before

![before user security
page](https://github.com/go-gitea/gitea/assets/50121801/6c058c28-8013-470a-b047-f47afecdca09)

after

![user security
page](https://github.com/go-gitea/gitea/assets/50121801/36053ee9-18c5-4ef0-a63a-8accc1d00adc)
2024-01-30 02:54:52 +02:00
cchangwen 28fe3db1fb
Also match weakly validated ETags (#28957)
https://stackoverflow.com/questions/51973120/where-does-the-w-in-an-etag-appear-from

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag#

---------

Co-authored-by: delvh <dev.lh@web.de>
2024-01-29 16:18:40 +00:00
GiteaBot 2a50d780f9 [skip ci] Updated licenses and gitignores 2024-01-29 00:24:21 +00:00
Lunny Xiao 34633d85f1
Fix bug for generated repository object format (#28969)
A repository generated from a template repository should have the same
git ObjectFormat.
2024-01-28 20:18:15 +00:00
Arnaud Morin dfc1ae15b6
Fixing small space missing in sample config file (#28967) 2024-01-28 14:58:00 +00:00
wackbyte d9b3849454
Fix inconsistent naming of OAuth 2.0 `ENABLE` setting (#28951)
Renames it to `ENABLED` to be consistent with other settings and
deprecates it.

I believe this change is necessary because other setting groups such as
`attachment`, `cors`, `mailer`, etc. have an `ENABLED` setting, but
`oauth2` is the only one with an `ENABLE` setting, which could cause
confusion for users.

This is no longer a breaking change because `ENABLE` has been set as
deprecated and as an alias to `ENABLED`.
2024-01-28 12:36:44 +00:00
6543 61f8ca4906
Add screenshot for "Profile Readmes" to docs (#28964)
introduced in #23260 ... the docs still looks to empty:
https://docs.gitea.com/usage/profile-readme

this changes it :)
2024-01-28 00:20:17 +01:00
Lunny Xiao 5f82ead13c
Simplify how git repositories are opened (#28937)
## Purpose
This is a refactor toward building an abstraction over managing git
repositories.
Afterwards, it does not matter anymore if they are stored on the local
disk or somewhere remote.

## What this PR changes
We used `git.OpenRepository` everywhere previously.
Now, we should split them into two distinct functions:

Firstly, there are temporary repositories which do not change:

```go
git.OpenRepository(ctx, diskPath)
```

Gitea managed repositories having a record in the database in the
`repository` table are moved into the new package `gitrepo`:

```go
gitrepo.OpenRepository(ctx, repo_model.Repo)
```

Why is `repo_model.Repository` the second parameter instead of file
path?
Because then we can easily adapt our repository storage strategy.
The repositories can be stored locally, however, they could just as well
be stored on a remote server.

## Further changes in other PRs
- A Git Command wrapper on package `gitrepo` could be created. i.e.
`NewCommand(ctx, repo_model.Repository, commands...)`. `git.RunOpts{Dir:
repo.RepoPath()}`, the directory should be empty before invoking this
method and it can be filled in the function only. #28940
- Remove the `RepoPath()`/`WikiPath()` functions to reduce the
possibility of mistakes.

---------

Co-authored-by: delvh <dev.lh@web.de>
2024-01-27 21:09:51 +01:00
silverwind 60e4a98ab0
Preserve BOM in web editor (#28935)
The `ToUTF8*` functions were stripping BOM, while BOM is actually valid
in UTF8, so the stripping must be optional depending on use case. This
does:

- Add a options struct to all `ToUTF8*` functions, that by default will
strip BOM to preserve existing behaviour
- Remove `ToUTF8` function, it was dead code
- Rename `ToUTF8WithErr` to `ToUTF8`
- Preserve BOM in Monaco Editor
- Remove a unnecessary newline in the textarea value. Browsers did
ignore it, it seems but it's better not to rely on this behaviour.

Fixes: https://github.com/go-gitea/gitea/issues/28743
Related: https://github.com/go-gitea/gitea/issues/6716 which seems to
have once introduced a mechanism that strips and re-adds the BOM, but
from what I can tell, this mechanism was removed at some point after
that PR.
2024-01-27 18:02:51 +00:00
Yarden Shoham 0e650dca30
Make loading animation less aggressive (#28955)
The current animation loops in a very fast manner, causing a slight
feeling of uncomfortableness. This change slows it a bit for a smoother
experience.

# Before


![before](https://github.com/go-gitea/gitea/assets/20454870/215a722d-feb4-4643-819d-c37a620c5e48)

# After


![after](https://github.com/go-gitea/gitea/assets/20454870/7acb1fab-9157-4f4d-8cc7-45fea0234b47)

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2024-01-27 20:27:37 +08:00
KN4CK3R fc1bae00a4
Fix SSPI user creation (#28948)
Fixes #28945

Setting the avatar is wrong and creating a random password is equal to
leave it empty.
2024-01-27 09:27:34 +00:00
KN4CK3R 01acd1eea3
Strip `/` from relative links (#28932)
Fixes #28915

Restores the old behaviour:

https://github.com/go-gitea/gitea/pull/26745/files#diff-d78a9d361b1fddc12218e4dd42f42d39d6be1fda184041e06bb6fb30f0d94c59L96
2024-01-27 11:36:01 +08:00
wackbyte a240d5dfa7
Fix non-alphabetic sorting of repo topics (#28938) 2024-01-26 14:15:57 +00:00
Lunny Xiao 534917d576
Don't remove all mirror repository's releases when mirroring (#28817)
Fix #22066

# Purpose

This PR fix the releases will be deleted when mirror repository sync the
tags.

# The problem

In the previous implementation of #19125. All releases record in
databases of one mirror repository will be deleted before sync.
Ref:
https://github.com/go-gitea/gitea/pull/19125/files#diff-2aa04998a791c30e5a02b49a97c07fcd93d50e8b31640ce2ddb1afeebf605d02R481

# The Pros

This PR introduced a new method which will load all releases from
databases and all tags on git data into memory. And detect which tags
needs to be inserted, which tags need to be updated or deleted. Only
tags releases(IsTag=true) which are not included in git data will be
deleted, only tags which sha1 changed will be updated. So it will not
delete any real releases include drafts.

# The Cons

The drawback is the memory usage will be higher than before if there are
many tags on this repository. This PR defined a special release struct
to reduce columns loaded from database to memory.
2024-01-26 06:18:19 +00:00
KN4CK3R ba24e0ba61
Use new RPM constants (#28931)
https://github.com/sassoftware/go-rpmutils/pull/24 got merged.
2024-01-25 21:40:24 +00:00