- Because we wish to show the status of the old and new commit of a force push, ignore that the commit doesn't exist and return a commit with only its ID filled. This is enough to still show the CI status of this commit although the commit itself is no longer reachable.
- Add unit test.
- Add integration test.
- Resolvesforgejo/forgejo#9250
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9262
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
Currently, if a user signed up via OAuth2 and then somehow gets their E-Mail account compromised, their Forgejo account can be taken over by requesting a password reset for their Forgejo account.
This PR changes the logic so that a password reset request is denied for a user using OAuth2 if they do not already have a password set.
Which should be the case for all users who only ever log in via their Auth-Provider.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9060
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: BtbN <btbn@btbn.de>
Co-committed-by: BtbN <btbn@btbn.de>
To audit access to our forgejo-instance we currently need to enable debug ssh-logs. It turns out a single log become multiple events in a k8s/container setup. To have our log-collectors properly join these events, we would like to indent them similar to what some stacktraces look like.
This PR would change
```
2025/09/08 07:18:53 ...eb/routing/logger.go:102:func1() [I] Serv Results:
IsWiki: %t
DeployKeyID: %d
KeyID: %d KeyName: %s
UserName: %s
UserID: %d
OwnerName: %s
RepoName: %s
RepoID: %d
```
to
```
2025/09/08 07:18:53 ...eb/routing/logger.go:102:func1() [I] Serv Results:
IsWiki: %t
DeployKeyID: %d
KeyID: %d KeyName: %s
UserName: %s
UserID: %d
OwnerName: %s
RepoName: %s
RepoID: %d
```
Furthermore to standardize user configuration of ssh-logs I have added `LOGGER_SSH_MODE` . It can be configured like router-logger. By doing so we can change the log-LEVEL to debug for ssh without changing other loggers. This would deprecate `ENABLE_SSH_LOG`.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [x] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
- [PR](https://codeberg.org/forgejo/forgejo/pulls/9056): <!--number 9056 --><!--line 0 --><!--description ZmVhdChsb2cpOiBiZXR0ZXIgcGFyc2VhYmxlIGFuZCBjb25maWd1cmFibGUgc3NoLWxvZ3M=-->feat(log): better parseable and configurable ssh-logs<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9056
Reviewed-by: Lucas <sclu1034@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: zokki <zokki.softwareschmiede@gmail.com>
Co-committed-by: zokki <zokki.softwareschmiede@gmail.com>
This PR improves the row/box with signature information used on commit and tag pages: [commit example](096a03eb42), [tag example](https://codeberg.org/forgejo/forgejo/releases/tag/v1.4.0-rc2). It improves padding consistency, mainly on mobile, and cleans up code a bit. Instead of relying on min-height the box now uses paddings so overflown text is never too close to borders.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8984
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
AssertExistsAndLoadBean has a side effect on its argument. When retrying in a loop, it must use the non modified argument, otherwise it is bound to return the same row as the first failure and render the retry useless.
Refs forgejo/forgejo#9236
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9241
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
wait on all pull requests before checking their conflict status because there is no guarantee one will be dealt with before another
Refs https://codeberg.org/forgejo/forgejo/issues/8221#issuecomment-6849601
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9236
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
Before it has only processed the newest 200 (or 50 for default `MAX_RESPONSE_ITEMS: 50`) versions.
After it processes all versions.
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Bug fixes
- [PR](https://codeberg.org/forgejo/forgejo/pulls/9219): <!--number 9219 --><!--line 0 --><!--description cGFja2FnZSBjbGVhbnVwIHJ1bGVzIGFyZSBub3QgYXBwbGllZCB3aGVuIHRoZXJlIGFyZSBtb3JlIHRoYW4gMjAwIHBhY2thZ2VzIChkZXBlbmRzIG9uIGBNQVhfUkVTUE9OU0VfSVRFTVNgKQ==-->package cleanup rules are not applied when there are more than 200 packages (depends on `MAX_RESPONSE_ITEMS`)<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9219
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
- Set default pagination, so the API allows cases like `?limit=1`.
- Set the Link header when there are more items, but not shown because of pagination.
- Resolvesforgejo/forgejo#8828
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9201
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: deadkittens <montage_inches78@icloud.com>
Co-committed-by: deadkittens <montage_inches78@icloud.com>
This patch is mainly intended to fixforgejo/forgejo#7721, and to fixforgejo/forgejo#9019.
It also changes the evaluation of 0 limits to prevent all writes, instead of allowing one write and then failing on subsequent writes after the limit has been exceeded. This matches the expectation of the existing tests, and I believe it will better match the expectations of users.
Tests have been updated accordingly where necessary, and some additional test coverage added.
The fixes in this PR depend on each other in order for the quota system to function correctly, so I'm submitting them as a single PR instead of individually.
## Test Cases
### Quota subjects not covered by their parent subjects
Before enabling quotas, create a test user and test repository for that user.
Enable quotas, and set a default total to some large value. (Do not use unit suffixes forgejo/forgejo#8996)
```ini
[quota]
ENABLED = true
[quota.default]
TOTAL = 1073741824
```
With the test user, navigate to "Storage overview" and verify that the quota group "Global quota" is the only group listed, containing the rule "Default", and displays the configured limit, and that the limit has not been exceeded (eg. `42 MiB / 1 GiB`).
The default quota rule has the subject `size:all`, so any write action should be allowed.
#### Attempt to create a new repository.
Expected result: Repository is created.
Actual result: Error 413, You have exhausted your quota.
#### Attempt to create a new file in the existing repository.
Expected result: File is created.
Actual result: Error 413, You have exhausted your quota.
#### Create an issue on the test repository, and attempt to upload an image to the issue.
Expected result: Image is uploaded.
Actual Result: Quota exceeded. Displays error message: `JavaScript promise rejection: can't access property "submitted", oi[ji.uuid] is undefined. Open browser console to see more details.`
### Unlimited quota rules incorrectly allow all writes
With quotas enabled, [Use the API](https://forgejo.org/docs/latest/admin/advanced/quota/#advanced-usage-via-api) to create a quota group containing a single rule with a subject of `sizelfs`, and a limit of `-1` (Unlimited). Add the test user to this group.
```json
{
"name": "git-lfs-unlimited",
"rules": [
{
"name": "git-lfs-unlimited",
"limit": -1,
"subjects": ["sizelfs"]
}
]
}
```
With the test user, navigate to "Storage overview" and verify that the user has been added to this group, that it is the only group the user is assigned to, and that the rule limit displays as "Unlimited".
The user should only have the ability to write to Git LFS storage, all other writes should be denied.
#### Attempt to create a new repository.
Expected result: Error 413, You have exhausted your quota.
Actual result: Repository is created.
#### Attempt to create a new file in the test repository.
Expected result: Error 413, You have exhausted your quota.
Actual result: File is created.
#### Create an issue on the test repository, and attempt to upload an image to the issue.
Expected Result: Quota exceeded.
Actual result: Image is uploaded.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9033
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Brook Miles <brook@noreply.codeberg.org>
Co-committed-by: Brook Miles <brook@noreply.codeberg.org>
In #9017, the ability to view older logs of an action run was added. However, the 'Re-run all jobs' button was not updated in any way. When viewing the logs for attempt 1 and clicking 'Re-run all jobs', the UI would continue to show the logs for attempt 1. Before #9017 the behavior would have begun to view the logs from the re-run operation.
There are two commits in this PR:
- Update the `Rerun` view handler so that it redirects the user to the next attempt number for the job.
- The next attempt number isn't actually persisted to the DB until the rerun is picked up from a worker. By pure coincidence, viewing an out-of-range attempt number was fully functional because it also happened to be viewing a job that wasn't picked up by a worker, and fell into those code paths. However, as there were no automated tests around this codepath and it felt fragile, new tests have been added around the template render, backend data fetch, and frontend UI component, to ensure it continues to work in this corner-case in the future.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [x] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [x] I do not want this change to show in the release notes. (_Note_: This is a fix for an unreleased regression, no need for release notes.)
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9172
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
When you access Actions logs, there is a momentary render of a partially blank screen such as this:
This is caused by the `RepoActionView` Vue component having no data. It then performs a fetch to two APIs in parallel (shown here as `/0` and `/artifacts`) to retrieve the steps and artifacts for the action run, and then it renders the page.
And then, even if the job is complete and the user hasn't yet interacted to expand any logs, it performs the same API calls a second time.
This PR fixes both problems by:
- Injecting the initial data for the Action's steps & Artifacts into the initial page render, and using that data into the `RepoActionView` to serve as its initial data load.
- No longer unconditionally starting a second invocation of `loadJob` 1 second later, as the initial data can be used to determine whether the job is still running and requires an interval refresh.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
**WIP**
- I added test coverage for Go changes...
- [ ] in their respective `*_test.go` for unit tests.
- [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [x] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- User Interface bug fixes
- [PR](https://codeberg.org/forgejo/forgejo/pulls/9099): <!--number 9099 --><!--line 0 --><!--description cHJldmVudCBpbml0aWFsICdibGFuaycgZGlzcGxheSBvZiBhY3Rpb24gbG9ncyB2aWV3LCByZW1vdmUgdW5uZWNlc3NhcnkgQVBJIGNhbGxz-->prevent initial 'blank' display of action logs view, remove unnecessary API calls<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9099
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
Adds a new dropdown to the job logs, visible only when a job has been retried at least once:
When an older run attempt from the dropdown is selected, displays the older run's logs:
Context on implementation & design decisions:
- It is important that when a URL from an Action's log is shared, the person on the other side sees the exact same logs that were being viewed. For this reason, all log views are automatically redirected to a fully-qualified URL (including the *run*, *job*, and *attempt*), so that when they are shared there is a guarantee of stability in the viewed logs.
- Individual jobs can be rerun any number of times independent of other jobs in the same workflow. This means there isn't a "set" of related jobs that were executed at the same time, and this led me to remove the display of current status of jobs on the left-hand side of the view. There isn't a logical set of job statuses to display here.
Fixes#1043. Based upon @gmem's original work in #1416.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [x] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- User Interface features
- [PR](https://codeberg.org/forgejo/forgejo/pulls/9017): <!--number 9017 --><!--line 0 --><!--description YWJpbGl0eSB0byB2aWV3IHByZXZpb3VzIGxvZ3MgZm9yIEFjdGlvbnMgcnVucyB0aGF0IGhhdmUgYmVlbiByZXRyaWVk-->ability to view previous logs for Actions runs that have been retried<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9017
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
- When the issue unit is disabled for a repository, don't allow issue related APIs.
- Added integration tests.
- Resolves#8408
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8829
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: zokki <zokki.softwareschmiede@gmail.com>
Co-committed-by: zokki <zokki.softwareschmiede@gmail.com>
On GitHub, `DELETE /repos/{owner}/{repo}/issues/{index}/labels/{id}` takes the label name, not id:
https://docs.github.com/en/rest/issues/labels?apiVersion=2022-11-28#remove-a-label-from-an-issue
This breaks workflows and actions that interact with labels and delete them.
It also makes the API quite difficult to use, always having to query the ID first before deleting a label from an issue, potentially with two API calls, because it could be a repo or org label.
For backwards compatibility, if no label with the given name is found, and the name converts to an int without error, it'll still be looked up by ID.
The API on GitHub also does not return 204, but 200, with the label it just removed from the issue as content. So this is returned when `application/vnd.github+json` is set in the `Accept` request header.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8831
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: BtbN <btbn@btbn.de>
Co-committed-by: BtbN <btbn@btbn.de>
Increase consistency of rendering the ghost user, by re-using
the same template.
Also add a tooltip to the shared template, to explain the ghost user.
Closes: #5630
- the run ID used to download artifacts is absolute (ID) instead of being
relative to the repository (Index) for compatibility with the url built
and returned as `artifact-url` by the the upload-artifact@v4 action.
- this is a breaking change because URLs to download artifacts
previous saved/bookmarked and not yet expired expired are no
longer working, they need to be looked up again by visiting the job
web page.
- add unit tests for getRunByID().
- RepoActionView.test.js verifies the download URL is built using the
run ID.
- lAdd integration tests to verify the RunID is set as expected in
the template used by RepoActionView.vue.
Refs https://code.forgejo.org/forgejo/runner/issues/187
- create tests/integration/actions_view_test.go
- extract TestActionsArtifactDeletion from actions_route_test.go
- extract tests misplaced in
- api_actions_artifact_test.go
- api_actions_artifact_v4_test.go
- add a tests for the /{owner}/{repo}/actions/runs/{run_index}/artifacts
because it is useful for debugging
So they can conveniently be run all together with:
`make 'test-sqlite#TestActions'`
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9035
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
* refactored to untangle comment headers of different styles of comments from each other
* fixed misalignments
* improved consistency
* fixed missing avatar rounding
* made reactions aligned with content
* fixed text in the "Outdated" label overflowing into the toggle icon
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8138
Reviewed-by: Beowulf <beowulf@beocode.eu>
For pull request templates, Forgejo currently does not look in the `docs` directory, but [GitHub does](https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/creating-a-pull-request-template-for-your-repository#adding-a-pull-request-template). By making Forgejo also look there, it becomes possible to have the same repository work on both sites, without the need for vendor-specific paths.
There was duplication in the list of accepted file paths. On the one hand it’s nice for greppability that they are all spelled out, but it does mean adding 6 variants, I thought it would be more maintainable to deduplicate the Cartesian product. I added one fully spelled out path in the comment to still maintain some greppability.
Resolvesforgejo/forgejo#8284
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8863
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Ruud van Asseldonk <dev@veniogames.com>
Co-committed-by: Ruud van Asseldonk <dev@veniogames.com>
This is a noop refactor. It is on the path of each integration tests and this is why it needs no additional testing.
It makes it possible to run the migration tests using `go test` (which runs from the root) instead of building a test binary with `go test -c` that runs in the target directory, which is what the current tests are doing. This will be put to use to extract coverage in a unified way.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8999
Reviewed-by: jerger <jerger@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
The web endpoint
`/{owner}/{repo}/actions/runs/{run_id}/artifacts/{artifact_name_or_id}`
can be used with either the artifact name used when it is uploaded or the instance wide unique number of the artifact, if it is not found. For instance:
`/root/myrepo/actions/run/3/artifacts/my_artifact_name`
or
`/root/myrepo/actions/run/3/artifacts/42`
The `upload-artifact@v4` output value `artifact-url` is built in this way and is now a valid URL to access the artifact.
Refs https://codeberg.org/forgejo/forgejo/issues/6147
Refs https://code.forgejo.org/forgejo/runner/issues/187
Refs https://code.forgejo.org/forgejo/upload-artifact/src/tag/v4#outputs
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Bug fixes
- [PR](https://codeberg.org/forgejo/forgejo/pulls/8957): <!--number 8957 --><!--line 0 --><!--description YXJ0aWZhY3RzIGNhbiBiZSBkb3dubG9hZGVkIHVzaW5nIHRoZWlyIGlkIGluc3RlYWQgb2YgdGhlaXIgbmFtZQ==-->artifacts can be downloaded using their id instead of their name<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8957
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
- gopkg.in/yaml.v3 is archived and unmaintained
- go.yaml.in/yaml/v3 is a compatible fork under the umbrella
of https://yaml.org/
### Tests
There is no need for more tests than already provided: it is like an upgrade to a minor version, only from a fork. I browsed the changes and there are some bug fixes. They all seem reasonably minimal. It is not one of those forks that went crazy with breaking changes 😁 And there is a non zero chance that [a bug that matters to Forgejo Actions](https://github.com/yaml/go-yaml/issues/76) is fixed there. It is rare and can wait but it did happen on Codeberg.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8956
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
This is an alternate take on https://codeberg.org/forgejo/forgejo/pulls/8808 which allows Actions tokens to access other repos which are readable by by signed in users. In practise this means public repos belonging to public or limited owners.
This PR is split into two commits to aid review of the security-sensitive changes I've made:
* The first commit is a refactor _which is not intended to change behaviour_. It extracts the permission logic for Actions tokens from the githttp handler and moves it to `repo_permission.go` alongside the permission logic for regular users. The new function, `GetActionRepoPermission` returns a `Permission` object just like `GetUserRepoPermission`. Only code unit access is currently allowed in the interest of keeping this commit from changing any access logic.
* The second commit is the broadening of access: this commit changes the logic in `GetActionRepoPermission` to give actions tokens access to repos readable by signed in users.
cc @earl-warren
ref https://codeberg.org/forgejo/forgejo/issues/5877
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Bug fixes
- [PR](https://codeberg.org/forgejo/forgejo/pulls/8889): <!--number 8889 --><!--line 0 --><!--description YWxsb3cgQWN0aW9ucyB0b2tlbnMgdG8gYWNjZXNzIHJlcG9zIHJlYWRhYmxlIGJ5IHNpZ25lZCBpbiB1c2Vycw==-->allow Actions tokens to access repos readable by signed in users<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8889
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Hailey Somerville <hailey@hails.org>
Co-committed-by: Hailey Somerville <hailey@hails.org>
resolves#8549
This PR add a config to enforce 2FA for the whole Forgejo instance. It can be configured to `none`, `admin` or `all`.
A user who is required to enable 2FA is like a disabled user. He can only see the `/user/settings/security`-Page to enable 2FA, this should be similar to a user which needs to change his password. Also api and git-commands are not allowed.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.
I will do it, if the general idea of this PR is a good feature.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Security features
- [PR](https://codeberg.org/forgejo/forgejo/pulls/8753): <!--number 8753 --><!--line 0 --><!--description R2xvYmFsIDJGQSBlbmZvcmNlbWVudA==-->Global 2FA enforcement<!--description-->
<!--end release-notes-assistant-->
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8753
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Ellen Εμιλία Άννα Zscheile <fogti@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: zokki <zokki.softwareschmiede@gmail.com>
Co-committed-by: zokki <zokki.softwareschmiede@gmail.com>
Also fix the existing instructions that were missing a `-e` flag.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8895
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
If a change is part of a force-push and the commit(s) have a CI status, this will now be shown after the hashes.
`interactiveBorder` has been lowered as it was possible to activate the hover state for both commits. It would be unreasonable to test this within Playwright and thus this needs to be manually tested. On a pull request page that contains a force-push you will notice:
a) the (de)activation area for force-pushes is now smaller, and;
b) it is not possible to activate the hover state/popup for both commits.
ExecuteTemplate function from @gusted
https://codeberg.org/forgejo/forgejo/pulls/5168https://codeberg.org/forgejo/forgejo/pulls/2884Close#4932
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8655
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Squel <squeljur+git@gmail.com>
Co-committed-by: Squel <squeljur+git@gmail.com>
Redirection from issue to pull is already working, but from pull to issue is not working. This is now fixed.
Resolvesforgejo/forgejo#7386
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8874
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: zokki <zokki.softwareschmiede@gmail.com>
Co-committed-by: zokki <zokki.softwareschmiede@gmail.com>
Discovered that `NotifyPullRevieweDismiss` was dead code while working on another issue; it should have been `PullReviewDismiss` when originally implemented. Related fixes to the activity feed view which were incomplete as well.
Dismissing a PR review now appears on the activity feed:
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [ ] in their respective `*_test.go` for unit tests.
- [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8853
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
