5272 commits

Author	SHA1	Message	Date
Nikita Karamov	a22e5f86c6	fix: Allow SHA-256 in PR commit URLs (#10309) ... Closes #9129. I decided to try myself in contributing to Forgejo after having found this bug mentioned on Fedi. I have also added a basic test for this behaviour, but this means that this PR adds a SHA-256 repo to the fixture set, so it can be reused in other tests. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10309 Reviewed-by: Lucas <sclu1034@noreply.codeberg.org> Reviewed-by: 0ko <0ko@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Nikita Karamov <me@kytta.dev> Co-committed-by: Nikita Karamov <me@kytta.dev>	2025-12-16 00:45:00 +01:00
Adora	f11d72a8a5	fix: issues and pulls route permitted extra characters (#10185) ... Fix a issue where the `/{owner}/{repo}/issues` and `/{owner}/{repo}/pulls` routes permitted the addition of extra characters in the URL. Resolves forgejo/forgejo#9954. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10185 Reviewed-by: Lucas <sclu1034@noreply.codeberg.org> Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Adora <me@adora.codes> Co-committed-by: Adora <me@adora.codes>	2025-12-10 01:21:38 +01:00
Michael Jerger	9cff7ebde5	log instrumentation & test package (#10371) ... This PR is part of #4767. It contains * add log to federation services * separat test package for test (fix dependency cycles) Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10371 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de> Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>	2025-12-09 15:37:50 +01:00
famfo	b428d47aaa	fix: add stub outboxes to actors (#10120) ... Mastodon doesn't create actors locally if the outbox is not found. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10120 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: famfo <famfo@famfo.xyz> Co-committed-by: famfo <famfo@famfo.xyz>	2025-12-01 16:51:35 +01:00
thezzisu	e31d67e0aa	feat: allow sync quota groups with oauth2 auth source (#8554) ... Implements synchronizing an external user's quota group with provided OAuth2 claim. This functionality will allow system administrators to manage user's quota groups automatically. Documentation is at forgejo/docs#1337 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8554 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: thezzisu <thezzisu@gmail.com> Co-committed-by: thezzisu <thezzisu@gmail.com>	2025-12-01 14:12:00 +01:00
pat-s	c39a4368af	refactor: migrate from lib/pq to jackc/pgx (#10219) ... This PR migrates the unmaintaiend `lib/pq` library to `jackc/pgx`, which is the de-facto standard lib in go for postgres connections these days. Some implementation notes: We register both `pgx` and `postgresschema` driver names (for backward comp). We can't register `postgres` as this one is still used by `lib/pq` imported by `go-chi/session`, which is in use when users go for the "postgres" session type in the "Session config. It is questionable if anyone is really using the "postgres" driver option in the session config - but for consistency, it would be good to also migrate to `pgx` there, especially as the code lives within Forgejo under [go-chi/session](https://code.forgejo.org/go-chi/session). `pgx` supports multi-host notation in the connection string. New tests have been added therefore. `pgx` also allows for connection string parameters such as `?default_query_exec_mode=simple_protocol`. This should possibly allow running with `pgbouncer` "transaction" mode instead of "session", which could substantially enhance Postgres query handling. ## Checklist ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10219 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: pat-s <patrick.schratz@gmail.com> Co-committed-by: pat-s <patrick.schratz@gmail.com>	2025-11-30 17:47:45 +01:00
nachtjasmin	8ee4a7d658	chore: ensure consistent import aliasing for services and models (#10253) ... To make sure that the code stays maintainable, I added the `importas` linter to ensure that the imports for models and services stay consistent. I realised that this might be needed after finding some discrepancies between singular/plural naming, and, especially in the case of the `forgejo.org/services/context` package, multiple different aliases like `gitea_ctx`, `app_context` and `forgejo_context`. I decided for `app_context`, as that seems to be the most commonly used naming. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10253 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: nachtjasmin <nachtjasmin@posteo.de> Co-committed-by: nachtjasmin <nachtjasmin@posteo.de>	2025-11-30 17:00:57 +01:00
Renovate Bot	d2bde42347	Update module code.forgejo.org/forgejo/runner/v11 to v12 (forgejo) (#10213) ... This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [code.forgejo.org/forgejo/runner/v11](https://code.forgejo.org/forgejo/runner) | `v11.3.1` -> `v12.0.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>forgejo/runner (code.forgejo.org/forgejo/runner/v11)</summary> ### [`v12.0.1`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.0.1) [Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.0.0...v12.0.1) - [User guide](https://forgejo.org/docs/next/user/actions/overview/) - [Administrator guide](https://forgejo.org/docs/next/admin/actions/) - [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions) Release Notes *** <!--start release-notes-assistant--> <!--URL:https://code.forgejo.org/forgejo/runner--> - bug fixes - [PR](https://code.forgejo.org/forgejo/runner/pulls/1175): <!--number 1175 --><!--line 0 --><!--description Zml4OiAnZmFpbGVkIHRvIHJlYWQgYWN0aW9uJyBlcnJvcnMgd2hlbiB1c2luZyByZWxhdGl2ZSB3b3JrZGlyX3BhcmVudA==-->fix: 'failed to read action' errors when using relative workdir\_parent<!--description--> - other - [PR](https://code.forgejo.org/forgejo/runner/pulls/1176): <!--number 1176 --><!--line 0 --><!--description Y2hvcmU6IGJ1bXAgdmVyc2lvbiB0byB2MTI=-->chore: bump version to v12<!--description--> <!--end release-notes-assistant--> ### [`v12.0.0`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.0.0) [Compare Source](https://code.forgejo.org/forgejo/runner/compare/v11.3.1...v12.0.0) - [User guide](https://forgejo.org/docs/next/user/actions/overview/) - [Administrator guide](https://forgejo.org/docs/next/admin/actions/) - [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions) Release Notes **Breaking change:** This release is a major version bump due to a system requirement change, requiring a git installation. This requirement is included in the OCI containers, but may require the installation of a supported package, or packaging changes from redistributors of Forgejo Runner. Access to a `git` binary is now required to access reusable actions and workflows, such as `use: action/checkout@v5` -- before this release, access was performed using an internal library that avoided an external dependency. [PR](https://code.forgejo.org/forgejo/runner/pulls/1162) *** <!--start release-notes-assistant--> <!--URL:https://code.forgejo.org/forgejo/runner--> - features - [PR](https://code.forgejo.org/forgejo/runner/pulls/1173): <!--number 1173 --><!--line 0 --><!--description ZmVhdDogYWRkIGNvbmZpZyB2YWx1ZXMgdG8gb3ZlcnJpZGUgdGFzayBmaW5hbGl6YXRpb24gcmV0cnk=-->feat: add config values to override task finalization retry<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1160): <!--number 1160 --><!--line 0 --><!--description ZmVhdDogc2tpcCBmZXRjaGluZyByZW1vdGUgYWN0aW9uIHJlcG8gd2hlbiB1c2luZyBmdWxsIHNoYSBhbHJlYWR5IGZldGNoZWQ=-->feat: skip fetching remote action repo when using full sha already fetched<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1162): <!--number 1162 --><!--line 0 --><!--description ZmVhdDogdXNlIGdpdCB3b3JrIHRyZWVzIGZvciByZW1vdGUgZ2l0IGFjdGlvbnMgJiB3b3JrZmxvd3M=-->feat: use git work trees for remote git actions & workflows<!--description--> - bug fixes - [PR](https://code.forgejo.org/forgejo/runner/pulls/1170): <!--number 1170 --><!--line 0 --><!--description Zml4OiBpbXByb3ZlIGxvZ2dpbmcgb24gZmluYWwgbG9nICYgc3RhdHVzIHRyYW5zbWlzc2lvbiBhbmQgcmV0cmllcw==-->fix: improve logging on final log & status transmission and retries<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1135): <!--number 1135 --><!--line 0 --><!--description Zml4OiBlbmFibGUgYnVpbGRpbmcgZm9yIG9wZW5ic2QsIGRyYWdvbmZseSwgYW5kIHNvbGFyaXMvaWxsdW1vcw==-->fix: enable building for openbsd, dragonfly, and solaris/illumos<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1136): <!--number 1136 --><!--line 0 --><!--description Zml4OiBpbml0aWFsaXplIHdvcmtmbG93LWxldmVsIGVudiBjb250ZXh0IGJlZm9yZSBzdGFydGluZyBqb2IgY29udGFpbmVy-->fix: initialize workflow-level env context before starting job container<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1137): <!--number 1137 --><!--line 0 --><!--description Zml4OiBhbGxvdyAnZW52JyBjb250ZXh0IGluIGpvYnMuPG5hbWU+Lmlm-->fix: allow 'env' context in jobs.<name>.if<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1145): <!--number 1145 --><!--line 0 --><!--description Zml4OiByZW1vdGUgcmV1c2FibGUgd29ya2Zsb3dzIGJ5IHJlbGF0aXZlIFVSTCB1c2UgZGVmYXVsdF9hY3Rpb25zX3VybA==-->fix: remote reusable workflows by relative URL use default\_actions\_url<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1156): <!--number 1156 --><!--line 0 --><!--description Zml4OiBVc2UgZ2l0IHJlc2V0IC0taGFyZCBpbnN0ZWFkIG9mIHB1bGwgYW5kIGNoZWNrb3V0IGZvciBhY3Rpb25z-->fix: Use git reset --hard instead of pull and checkout for actions<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1163): <!--number 1163 --><!--line 0 --><!--description Zml4OiBydW4gaW1hZ2VzIHdpdGggZXhwbGljaXQgcGxhdGZvcm0gdGFncywgZml4ZXMgcHVsbGVkIGltYWdlIGFyY2hpdGVjdHVyZSBtaXNtYXRjaA==-->fix: run images with explicit platform tags, fixes pulled image architecture mismatch<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1165): <!--number 1165 --><!--line 0 --><!--description Zml4OiBpbXByb3ZlIGxvZ2dpbmcgJiBkaXNwbGF5IG9mIGVycm9ycyBkdXJpbmcgd29ya2Zsb3cgZXZhbHVhdGlvbg==-->fix: improve logging & display of errors during workflow evaluation<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1171): <!--number 1171 --><!--line 0 --><!--description Zml4OiBlbnN1cmUgaHR0cC5DbGllbnQgYWx3YXlzIGhhcyBhIHRpbWVvdXQgZm9yIEZvcmdlam8gYWNjZXNz-->fix: ensure http.Client always has a timeout for Forgejo access<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1139): <!--number 1139 --><!--line 0 --><!--description Zml4OiBwYXNzIG9zIGFyZ3VtZW50IHRvIGBseGMtaGVscGVycy5zaGAgaGVscGVyIGZybSBgZm9yZ2Vqby1ydW5uZXItc2VydmljZS5zaGA=-->fix: pass os argument to `lxc-helpers.sh` helper frm `forgejo-runner-service.sh`<!--description--> - other - [PR](https://code.forgejo.org/forgejo/runner/pulls/1155): <!--number 1155 --><!--line 0 --><!--description dGVzdDogYWxsb3cgb3ZlcnJpZGluZyB0aGUgdGVzdCBEb2NrZXIgc29ja2V0IHVzaW5nIERPQ0tFUl9IT1NU-->test: allow overriding the test Docker socket using DOCKER\_HOST<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1152): <!--number 1152 --><!--line 0 --><!--description V2luZG93cyBjb21wYXRpYmlsaXR5IGZpeGVz-->Windows compatibility fixes<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1159): <!--number 1159 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSB1bnVzZWQgYW5kIGluY29tcGxldGUgQWN0aW9uQ2FjaGUgcmV3cml0ZQ==-->chore: remove unused and incomplete ActionCache rewrite<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1168): <!--number 1168 --><!--line 0 --><!--description VXBkYXRlIGdvbGFuZy5vcmcveC9jcnlwdG8gKGluZGlyZWN0KSB0byB2MC40NS4wIFtTRUNVUklUWV0=-->Update golang.org/x/crypto (indirect) to v0.45.0 \[SECURITY]<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1141): <!--number 1141 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2RvY2tlci9jbGkgdG8gdjI4LjUuMitpbmNvbXBhdGlibGU=-->Update module github.com/docker/cli to v28.5.2+incompatible<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1154): <!--number 1154 --><!--line 0 --><!--description VXBkYXRlIGdvbGFuZy5vcmcveC9jcnlwdG8gKGluZGlyZWN0KSB0byB2MC40My4wIFtTRUNVUklUWV0=-->Update golang.org/x/crypto (indirect) to v0.43.0 \[SECURITY]<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1149): <!--number 1149 --><!--line 0 --><!--description Y2koY2FzY2FkZS1mb3JnZWpvKTogdXNlIHRtcGZzIGZvciBidWlsZGluZyB0byBzcGVlZHVwIGNvbXBpbGF0aW9u-->ci(cascade-forgejo): use tmpfs for building to speedup compilation<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1148): <!--number 1148 --><!--line 0 --><!--description Y2hvcmUocmVub3ZhdGUpOiBhbGxvdyB1cGRhdGluZyBtb3JlIGZvcmdlam8tcnVubmVyLXNlcnZpY2UgZGVwcw==-->chore(renovate): allow updating more forgejo-runner-service deps<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1142): <!--number 1142 --><!--line 0 --><!--description Y2k6IGFsbG93IGdvIHRvIGRvd25sb2FkIHJlcXVpcmVkIHRvb2xjaGFpbiBmb3IgY2FzY2FkZQ==-->ci: allow go to download required toolchain for cascade<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1132): <!--number 1132 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWdvIGFjdGlvbiB0byB2Ng==-->Update <https://data.forgejo.org/actions/setup-go> action to v6<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1140): <!--number 1140 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjAuNQ==-->Update <https://data.forgejo.org/actions/setup-forgejo> action to v3.0.5<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1133): <!--number 1133 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9kb2NrZXIvYnVpbGQtcHVzaC1hY3Rpb24gYWN0aW9uIHRvIHY2-->Update <https://data.forgejo.org/docker/build-push-action> action to v6<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1134): <!--number 1134 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9kb2NrZXIvc2V0dXAtYnVpbGR4LWFjdGlvbiBhY3Rpb24gdG8gdjM=-->Update <https://data.forgejo.org/docker/setup-buildx-action> action to v3<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1131): <!--number 1131 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL2NoZWNrb3V0IGFjdGlvbiB0byB2NQ==-->Update <https://data.forgejo.org/actions/checkout> action to v5<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1130): <!--number 1130 --><!--line 0 --><!--description VXBkYXRlIGZvcmdlam8tcnVubmVyIHRvIHYxMS4zLjE=-->Update forgejo-runner to v11.3.1<!--description--> <!--end release-notes-assistant--> </details> --- ### Configuration 📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xMS4wIiwidXBkYXRlZEluVmVyIjoiNDIuMTEuMCIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19--> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10213 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org> Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>	2025-11-23 15:58:57 +01:00
Mathieu Fenniak	6c43dcbe0a	2025-11-21 combined security patches (#10037) ... [CVSS 5.3 Medium](https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N) -- The `/repos/{owner}/{repo}/issues/{index}/dependencies` APIs allow a user to link an issue in one repository as "depending upon" an issue in another repository. Forgejo's implementation had an incorrect permission check which would verify only that the user had write permissions on the issue being modified, and not on the issue it was linking to. Due to the incorrect permission check, it was possible to view limited information (the existence of, and title of) an issue in a private repository that the user does not have access to view. The permission check has been corrected to take into account visibility of the remote repository. [CVSS 5.3 Medium](https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N) -- Fetching information about a release via the `/repos/{owner}/{repo}/releases/tag/{tag}` API endpoint did not check whether the release was a draft, allowing accessing to information about a draft release to users who could predict an upcoming release tag but didn't have access to view it. The missing check has been added, returning a 404 response when the release is not published. [CVSS 6.3 Medium](https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N) -- Forgejo's web interface allows deleting tags on a git repository through a form post. The endpoint for this form post had misconfigured middleware handlers which enforce security rights, allowing an anonymous user, or a logged-in user without the correct permissions, to delete tags on repositories that they did not own by injecting arbitrary internal tag identifiers into the form. The middleware handler configuration has been corrected. [CVSS 2.1 Low](https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N) -- When the head branch of a pull request matches a branch protection rule, the head branch should be able to be merged or rebased only according to the "Push" rules defined in the protection rule. An implementation error checked those branch protection rules in the context of the base repository rather than the head repository, allowing users with write access to the base repository to be considered able to push to the branch, bypassing the "Enable push" option's expected security control. [CVSS 2.1 Low](https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N) -- An issue owner can manipulate form inputs to delete the content history of comments they did not create, as long as those comments are on issues that they own. Although comment content is not affected, the history of edits on the comment can be trimmed. The validation in the form handler was corrected. [CVSS 5.1 Medium](https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N) -- When a repository is configured with tag protection rules, it should not be possible for a user that is outside the whitelisted users or teams from modifying the protected tags. An incorrect parameter being passed to a security verification method allowed a user with write access to the repo to delete tags even if they were protected, as long as the tag was originally created by a user who is still authorized by the protection rules. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Security bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/10037): <!--number 10037 --><!--line 0 --><!--description Zml4KGFwaSk6IGZpeCBkZXBlbmRlbmN5IHJlcG8gcGVybXMgaW4gQ3JlYXRlL1JlbW92ZUlzc3VlRGVwZW5kZW5jeQ==-->fix(api): fix dependency repo perms in Create/RemoveIssueDependency<!--description--> - [PR](https://codeberg.org/forgejo/forgejo/pulls/10037): <!--number 10037 --><!--line 1 --><!--description Zml4KGFwaSk6IGRyYWZ0IHJlbGVhc2VzIGNvdWxkIGJlIHJlYWQgYmVmb3JlIGJlaW5nIHB1Ymxpc2hlZA==-->fix(api): draft releases could be read before being published<!--description--> - [PR](https://codeberg.org/forgejo/forgejo/pulls/10037): <!--number 10037 --><!--line 2 --><!--description bWlzY29uZmlndXJlZCBzZWN1cml0eSBjaGVja3Mgb24gdGFnIGRlbGV0ZSB3ZWIgZm9ybQ==-->misconfigured security checks on tag delete web form<!--description--> - [PR](https://codeberg.org/forgejo/forgejo/pulls/10037): <!--number 10037 --><!--line 3 --><!--description aW5jb3JyZWN0IGxvZ2ljIGluICJVcGRhdGUgUFIiIGRpZCBub3QgZW5mb3JjZSBoZWFkIGJyYW5jaCBwcm90ZWN0aW9uIHJ1bGVzIGNvcnJlY3RseQ==-->incorrect logic in "Update PR" did not enforce head branch protection rules correctly<!--description--> - [PR](https://codeberg.org/forgejo/forgejo/pulls/10037): <!--number 10037 --><!--line 4 --><!--description aXNzdWUgb3duZXIgY2FuIGRlbGV0ZSBhbm90aGVyIHVzZXIncyBjb21tZW50J3MgZWRpdCBoaXN0b3J5IG9uIHNhbWUgaXNzdWU=-->issue owner can delete another user's comment's edit history on same issue<!--description--> - [PR](https://codeberg.org/forgejo/forgejo/pulls/10037): <!--number 10037 --><!--line 5 --><!--description dGFnIHByb3RlY3Rpb24gcnVsZXMgY2FuIGJlIGJ5cGFzc2VkIGR1cmluZyB0YWcgZGVsZXRlIG9wZXJhdGlvbg==-->tag protection rules can be bypassed during tag delete operation<!--description--> <!--end release-notes-assistant--> Co-authored-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10037 Reviewed-by: 0ko <0ko@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2025-11-21 05:23:43 +01:00
oliverpool	dc5580525e	fix: support git clone when /tmp has noexec (#10146) ... Resolves #9733 (alternative to #10136) Instead of setting `GIT_ASKPASS`, instruct git to use the credential-store helper with a dedicated file. The tests have been adjusted accordingly. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10146 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: oliverpool <git@olivier.pfad.fr> Co-committed-by: oliverpool <git@olivier.pfad.fr>	2025-11-19 16:36:34 +01:00
Roman K.	5f706fa562	fix: typo in Actions.SkipWorkflowStrings ini tag (#10165) ... Fix a typo in the `ini` struct tag for `Actions.SkipWorkflowStrings` in the actions settings. Because of this, the config loader does not recognize the tag, and the `SKIP_WORKFLOW_STRINGS` option from the `[actions]` section in the config file is ignored. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10165 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Roman K. <devops@syncstack.net> Co-committed-by: Roman K. <devops@syncstack.net>	2025-11-19 16:20:45 +01:00
Shiny Nematoda	255ed593d3	feat(issue-search): support query syntax (#9109) ... List of currently supported filters: - `is:open` (or `-is:closed`) - `is:closed` (or `-is:open`) - `is:all` - `author:<username>` - `assignee:<username>` - `review:<username>` - `mentions:<username>` - `modified:[>|<]<date>`, where `<date>` is the last update date. - `sort:<by>:[asc|desc]`, where `<by>` is among - created - comments - updated - deadline Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9109 Reviewed-by: 0ko <0ko@noreply.codeberg.org> Reviewed-by: Ellen Εμιλία Άννα Zscheile <fogti@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com> Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>	2025-11-19 16:05:42 +01:00
Calixte Pernot	4d0c7db6cd	feat: show link to pull requests targeting a non-default branch when pushing (#10079) ... This resolves #10057 by showing a list of links to pull requests with the head branch being the one just pushed. Since there may be multiple pull requests with different base branches, we find all of them and print them. Here is a comparison table for pushing to the `feature` branch when having 2 pull requests: `feature -> dev`, and `feature -> prod`. `main` being the default branch. ## Before remote: remote: Create a new pull request for 'feature': remote: http://localhost:3000/user1/repo1/compare/main...feature remote: ## After remote: remote: Create a new pull request for 'feature': remote: http://localhost:3000/user1/repo1/compare/main...feature remote: Visit the existing pull requests: remote: http://localhost:3000/user1/repo1/pulls/1 merges into dev remote: http://localhost:3000/user1/repo1/pulls/3 merges into prod remote: Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10079 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Calixte Pernot <cpernot@praksys.net> Co-committed-by: Calixte Pernot <cpernot@praksys.net>	2025-11-19 14:59:13 +01:00
Earl Warren	238ecfdeb8	fix: garbage collect lingering actions logs (#10009) ... If, for any reason (e.g. server crash), a task is recorded as done in the database but the logs are still in the database instead of being in storage, they need to be collected. The log_in_storage field is only set to true after the logs have been transfered to storage and can be relied upon to reflect which tasks have lingering logs. A cron job collects lingering logs every day, 3000 at a time, sleeping one second between them. In normal circumstances there will be only a few of them, even on a large instance, and there is no need to collect them as quickly as possible. When there are a lot of them for some reason, garbage collection must happen at a rate that is not too hard on storage I/O. Refs https://codeberg.org/forgejo/forgejo/issues/9999 --- Note on backports: the v11 backport is done manually because of minor conflicts. https://codeberg.org/forgejo/forgejo/pulls/10024 ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/10009): <!--number 10009 --><!--line 0 --><!--description Z2FyYmFnZSBjb2xsZWN0IGxpbmdlcmluZyBhY3Rpb25zIGxvZ3M=-->garbage collect lingering actions logs<!--description--> <!--end release-notes-assistant--> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10009 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Earl Warren <contact@earl-warren.org> Co-committed-by: Earl Warren <contact@earl-warren.org>	2025-11-18 18:59:01 +01:00
Gusted	afbd05c398	fix: get new session from enginegroup instead of masterengine (#10140) ... Within Codeberg we are looking into distributing the database queries, we tried forgejo/forgejo!7212 on several occasions but never got it to work. After a long debugging session in a staging environment I was able to find two bugs that made it impossible for this feature to work: forgejo/docs!1587 which resulted in replica engines never being configured and used if you followed the documentation. The other bug is what this patch intends to fix. In order to do some database operation, you need the database engine - it will first look if one is set for the context (only useful for transactions) and otherwise create a new session of the engine from the master engine `x`. The problem is that `x` is explicitly set to be the master engine and not the engine group (that includes the replica engines) - Unless the code uses `DefaultContext`, which is almost nowhere used after some great refactoring in Gitea to use the passed context, it did not use the replica engines. Get engine from the `DefaultContext` (which is set to the enginegroup) and create a new session from that. 20f8572b92/models/db/engine.go (L220-L231) And `SetDefaultEngine` is called from 20f8572b92/models/db/engine.go (L212) Where `eng` is the engine group. ## Test 1. Configure database replicas. 2. Start Forgejo. 3. Verify Forgejo loads. 4. Stop the database replicas. 5. Verify Forgejo shows 500 errors. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10140 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-11-17 14:42:56 +01:00
Mathieu Fenniak	20f8572b92	test: fix modules/queue tests to use TEST_REDIS_SERVER when present (#10139) ... `modules/queue` tests are intended to be running against a redis server in the test-remote-cacher workflow action, but they are not running because the tests always try to start a redis server by running a `redis-server` subprocess. If that subprocess fails to start, the tests are skipped. This change forces the tests to execute whenever `TEST_REDIS_SERVER` is present, and removes the unnecessary Forgejo-managed redis server during testing. This change is tested manually; if `TEST_REDIS_SERVER` is set to an invalid value, the tests fail, when previously it could be set to any value and the tests would always be skipped. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10139 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2025-11-16 21:51:32 +01:00
Mathieu Fenniak	b464f76931	fix: possible cause of invalid issue counts; cache module doesn't guarantee concurrency safety (#10127) ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10127 Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org>	2025-11-16 19:14:07 +01:00
Mathieu Fenniak	5af2ebd5bd	fix: prevent Remove(key)...Get*(key) from returning a value computed before the Remove(key)	2025-11-16 08:53:37 -07:00
Mathieu Fenniak	5aeecefbf3	test: introduce cache concurrency safety test	2025-11-16 08:53:37 -07:00
Mathieu Fenniak	b7106b7250	feat: add MutexMap to caching module	2025-11-16 08:53:27 -07:00
Mathieu Fenniak	f70815a034	fix: make cache module in test-remote-cacher run against remote redis	2025-11-16 08:53:27 -07:00
oliverpool	67df538958	feat: cache derived keys for faster keying (#10114) ... Currently `DeriveKey` is called every time that a secret must be encoded/decoded. Since this function is deterministic, its result can be cached to allow a 250x speedup (the original took less than half a microsecond, so this more of a micro-optimization...). ``` go test -bench=. goos: linux goarch: amd64 pkg: forgejo.org/modules/keying cpu: Intel(R) Core(TM) Ultra 5 125H BenchmarkExpandPRK-18 2071627 564.2 ns/op BenchmarkExpandPRKOnce-18 541438192 2.206 ns/op PASS ok forgejo.org/modules/keying 2.369s ``` ## Other changes - Since the keys can be constructed once, it simplifies a bit the callsites (`keying.TOTP.Encrypt(...)` instead of `keying.DeriveKey(keying.ContextTOTP).Encrypt(...)`) - All `Encrypt`/`Decrypt` calls will panic forever if called before `Init` has been called (current it panics as long as `Init` has not been called) - Calling `Init` twice with different keys will trigger a panic (currently racy) - Calling `Decrypt` with a short ciphertext does not panic anymore (like when calling with long-enough garbage) Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10114 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: oliverpool <git@olivier.pfad.fr> Co-committed-by: oliverpool <git@olivier.pfad.fr>	2025-11-16 14:29:14 +01:00
Gusted	691dd023ff	chore: unify the usage of CryptoRandomString (#10110) ... - Similair spirit of forgejo/forgejo!7453. - Refactor the code in such a way that it always succeeds. - To avoid doing mathematics if you use this function, define three security level (64, 128 and 256 bits) that correspond to a specific length which has that a security guarantee. I picked them as they fit the need for the existing usages of the code. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10110 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Reviewed-by: Lucas <sclu1034@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-11-15 13:24:53 +01:00
Gusted	6ca1656f93	chore: two small refactors in git module (#10109) ... Move the function to the repository struct. There is no need to have it as a separate function, move it to the Repository struct. Add extra unit tests. --- Remove a field from a struct. It has nothing to do with git, it is not the right place to have that field in the git `Tag` struct. Get this value when it's converted to the API struct. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10109 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-11-15 13:24:00 +01:00
dawe	efd4d2d8f5	fix(ui): document token validity in key verification view (#9002) ... Document that the token is only valid for a minute. Add a link to get a new token. Resolves #8048 Co-authored-by: 0ko <0ko@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9002 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: dawe <dawedawe@posteo.de> Co-committed-by: dawe <dawedawe@posteo.de>	2025-11-14 23:40:03 +01:00
oliverpool	8f28cdefe0	feat(ui): add switch between formats when previewing CITATION.{cff,bib} files (#9103) ... See #8222 for context (loosely related to #4595). ## Implemented changes The conversion logic is kept in the frontend and the related npm libraries are lazy-loaded (unchanged). ### Show some tabs on the preview of the `CITATION.*` file to switch between the formats:   ### Convert the "Cite repository" to a simple link to the citation file So that this change can be considered non-breaking ## Current state (before this PR) The last non-test call of `git.Blob.GetBlobContent` is made to retrieve the content of an eventual CITATION file. This is available in the `...` menu near the clone URL:  And is displayed as a popup:  Co-authored-by: 0ko <0ko@noreply.codeberg.org> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9103 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Reviewed-by: 0ko <0ko@noreply.codeberg.org> Co-authored-by: oliverpool <git@olivier.pfad.fr> Co-committed-by: oliverpool <git@olivier.pfad.fr>	2025-11-14 14:39:20 +01:00
Gusted	8fa32bd3ff	fix: make Fetch work with git < 2.41 (#10095) ... `git fetch --porcelain` was introduced in 2.41, add a fallback for older git clients. Resolves forgejo/forgejo#10080 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10095 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-11-13 13:22:09 +01:00
Renovate Bot	b29641a357	Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.6.1 (forgejo) (#10053) ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10053 Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org> Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>	2025-11-11 07:04:35 +01:00
Gusted	5b77ddb050	feat: Use receive.hideRefs (#10015) ... In forgejo/forgejo!2834 and forgejo/forgejo!5307 it was made so it's no longer possible to modify and delete internal reference, not having this restriction lead to broken pull requests when people used something like `git push --mirror`. However it now still leads to problem with that command as the git client tries to delete such references. We can solve this by using git's `receive.hideRefs` to make this ref read-only and avoid advertising it when someone does `git push --mirror`. Resolves forgejo/forgejo#9942 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10015 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-11-10 14:36:15 +01:00
Mathieu Fenniak	ce93a16557	feat: allow/disallow users to run workflows when pushing to a pull request from a fork (#9397) ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9397 Reviewed-by: Lucas <sclu1034@noreply.codeberg.org> Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>	2025-11-09 01:40:29 +01:00
mfenniak	99dd35d3e4	feat: ensure only expected ssh public keys are in authorized_keys file (#10010) ... A security vulnerability that was fixed in #9840 had the potential to corrupt the `authorized_keys` file that Forgejo is managing to allow ssh access. In the event that it was corrupted, the existing behaviour of Forgejo is to maintain the contents that it finds in the `authorized_keys` file, potentially making an exploit of a Forgejo server persistent despite attempts to rewrite the key file. This feature adds a new layer of security resiliency in order to prevent persistent ssh key corruption. When Forgejo starts up, if relevant, Forgejo will read the `authorized_keys` file and validate the file's contents. If any keys are found in the file that are not expected, then Forgejo will terminate its startup in order to signal to the server administrator that a critical security risk is present that must be addressed: ``` 2025/11/07 10:13:50 modules/ssh/init.go:86:Init() [F] An unexpected ssh public key was discovered. Forgejo will shutdown to require this to be fixed. Fix by either: Option 1: Delete the file /home/forgejo/.ssh/authorized_keys, and Forgejo will recreate it with only expected ssh public keys. Option 2: Permit unexpected keys by setting [server].SSH_ALLOW_UNEXPECTED_AUTHORIZED_KEYS=true in Forgejo's config file. Unexpected key on line 1 of /home/forgejo/.ssh/authorized_keys Unexpected key on line 2 of /home/forgejo/.ssh/authorized_keys Unexpected key on line 3 of /home/forgejo/.ssh/authorized_keys Unexpected key on line 4 of /home/forgejo/.ssh/authorized_keys Unexpected key on line 5 of /home/forgejo/.ssh/authorized_keys ``` As noted in the log message, the server administrator can address this problem in one of two ways: - If they delete the file that contains the unexpected keys, Forgejo will regenerate it containing only the expected keys from the Forgejo database. - If they would like to run their server with ssh keys that are not managed by Forgejo (for example, if they're reusing a `git` ssh user that is accessed through `git@server` and does not invoke Forgejo's ssh handlers), then they can disable the new security check by setting `[server].SSH_ALLOW_UNEXPECTED_AUTHORIZED_KEYS = true` in their `app.ini`. **This is a breaking change**: the default behaviour is to be restrictive in the contents of `authorized_keys` in order to ensure that server administrators with unexpected keys in `authorized_keys` are aware of those keys. If `SSH_ALLOW_UNEXPECTED_AUTHORIZED_KEYS=false`, then the behaviour when Forgejo rewrites the `authorized_keys` file is changed to not maintain any unexpected keys in the file. If the value is `true`, then the old behaviour is retained. The `doctor check` subcommand is updated to use the new validity routines: ``` [4] Check if OpenSSH authorized_keys file is up-to-date - [E] Unexpected key on line 1 of /home/forgejo/.ssh/authorized_keys - [E] Key in database is not present in /home/forgejo/.ssh/authorized_keys: ... - [E] authorized_keys file "/home/forgejo/.ssh/authorized_keys" contains validity errors. Regenerate it with: "forgejo admin regenerate keys" or "forgejo doctor check --run authorized-keys --fix" ERROR ``` ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - **Documentation updates required**; pending initial reviews of this change. - [ ] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [ ] I want the title to show in the release notes with a link to this pull request. - [x] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10010 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: mfenniak <mfenniak@noreply.codeberg.org> Co-committed-by: mfenniak <mfenniak@noreply.codeberg.org>	2025-11-09 01:06:04 +01:00
Gusted	f9a6460cec	chore: simplify GetNote (#9985) ... Return the Note object (avoid C-style functions). Motivation to refactor this function is to avoid the function that uses last commit cache for git-notes, because it is not needed at the scale of git-notes. In the worst case it can be considered to make a patch to git to get the message and commitID, because git seems to have efficient code to do this (for getting messages, but does not expose the commit id). Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9985 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-11-06 13:23:35 +01:00
Earl Warren	3fa7ceeb76	chore(refactor): replace ifNeedApproval with trust management ... What previously handled by ifNeedApproval is replaced with two calls implemented in trust.go: - getPullRequestCommitAndApproval when workflows are collected and before runs are generated from them, figure out if - they need approval - they should run from the base or the head - setRunTrustForPullRequest when a pull request run is created from a detected workflow, set the information it will need for trust management	2025-11-06 11:07:39 +01:00
Earl Warren	0989a2495e	chore(refactor): move actions_service.jobParser to actions_module.jobParser	2025-11-06 07:28:16 +01:00
Earl Warren	ec7dc193b4	chore: use code.forgejo.org/forgejo/actions-proto (#9981) ... instead of code.gitea.io/actions-proto-go It is a hard fork of code.gitea.io/actions-proto-go which has been used by the runner in the past few months. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9981 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Co-authored-by: Earl Warren <contact@earl-warren.org> Co-committed-by: Earl Warren <contact@earl-warren.org>	2025-11-05 16:10:52 +01:00
Gusted	0c11e9a43a	feat: use keying for task secrets (#9923) ... - Follow up of forgejo/forgejo!5041, forgejo/forgejo!6074, forgejo/forgejo!8692 - The `task` table contains three secrets: clone address (with credentials), auth password and auth token. These secrets are stored for migrating repositories (also the only usage of this table, although it allows for more usages). - Use `keying` to safely store these secrets and bound them to the table, column, row id and JSON field name. - The migration isn't spectacular but does closely follow what we learned in the previous two migrations: use a transaction and delete records when you can't decrypt them. We also learned about `db.Iterate` not being happy when updating records but it has since been fixed. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9923 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-11-03 13:42:32 +01:00
Mathieu Fenniak	a3c6c78e08	fix: reduce deadlocks merging PRs by using caching for repo issue count stats (#9922) ... The `repository` table has quite a few "count of related objects" fields on it, including the number of issues, closed issues, pull requests, and closed pull requests. These fields specifically will cause deadlocks during concurrent PR merges as documented in #9785. These fields are not used in database queries. In order to eliminate the deadlock possibility on them, I've moved them to be calculated on-demand with caching, with the cache being invalidated in the same places that the recalc used to be triggered. I've supplemented the already in-place automated testing with manual testing performing simple close & reopen of issues & PRs, and the counts which are used in the tabs at the top of the repo page are updated correctly as expected. Near future work: - Similar change can probably be performed to fix #9846 - Last known deadlock identified from #9785; I'm hoping to incorporate the synthetic deadlock test in a near future PR to prevent regressions ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - Tests were already in-place covering these fields; they've been adjusted from using the fields to the new accessor methods. - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/9922): <!--number 9922 --><!--line 0 --><!--description cmVkdWNlIGRlYWRsb2NrcyBtZXJnaW5nIFBScyBieSB1c2luZyBjYWNoaW5nIGZvciByZXBvIGlzc3VlIGNvdW50IHN0YXRz-->reduce deadlocks merging PRs by using caching for repo issue count stats<!--description--> <!--end release-notes-assistant--> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9922 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2025-10-31 23:50:05 +01:00
BtbN	6298ee4d3a	fix: pull request review comment position (#9914) ... ## Checklist This PR contains both #9889 and #9912, since it depends on the one, and the other provides a test for it. The exact reasoning behind its logic is described here: https://codeberg.org/forgejo/forgejo/issues/9473#issuecomment-7976186 This PR should return the behaviour back to how it was before a PR to Gitea changed it. Only the resulting Database-Entry will reference the line blamed commit, now also with the correct adjusted line. While the context diff view is pulled from the commit the commenter actually commented on. ### Tests - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Co-authored-by: Gusted <postmaster@gusted.xyz> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9914 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: BtbN <btbn@btbn.de> Co-committed-by: BtbN <btbn@btbn.de>	2025-10-31 16:17:23 +01:00
Gusted	975e9d6636	fix: set tag message on tag addition (#9913) ... - When `SyncReleasesWithTags` is called, the code that synchronizes new tags to the database did not set the Note of the release to the tag's message. This was particularly noticeable when using the migration feature that tags have a empty description. - Resolves forgejo/forgejo#7647 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9913 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-10-31 07:04:28 +01:00
Mathieu Fenniak	9e07bb07be	fix: reduce deadlocks merging PRs w/ async label stat recalcs (#9868) ... The intent of this change is to reduce the scope of deadlock issues identified in #9785. I've identified other deadlock issues from synthetic testing, so this is not a complete fix, but it's a partial fix. This design was discussed in #9785 and this is the most basic implementation, with a very small scope of work converted to use it. Introduces a new `forgejo.org/services/stats` module which allows for the queuing and routing of recalc requests for object stats; in this case, the "number of issues" that are assigned to a label, and the number of closed issues that are assigned to a label. The reasons that these calculations are performed asynchronously through a queue are: - User operations that are common and performance-sensitive don't have to wait for recalculations that don't need to be exactly up-to-date at all times. For example, merging a pull request will be a faster operation; as it closes an issue, it needs to recalculate `label.num_closed_issues` for every label attached to the PR. - Database deadlocks that can occur between concurrent operations -- for example, if you were holding a lock on an issue while recalculating a label's count of open issues -- can be broken by making the recalculation occur outside of the transaction. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. - Internal developer documentation is present. ### Release notes - [ ] I do not want this change to show in the release notes. - [ ] I want the title to show in the release notes with a link to this pull request. - [x] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9868 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2025-10-31 02:12:36 +01:00
Gusted	a4642af51a	feat: replace cross origin protection (#9830) ... Replace the anti-CSRF token with a [cross origin protection by Go](https://go.dev/doc/go1.25#nethttppkgnethttp) that uses a stateless way of verifying if a request was cross origin or not. This allows is to remove al lot of code and replace it with a few lines of code and we no longer have to hand roll this protection. The new protection uses indicators by the browser itself that indicate if the request is cross-origin, thus we no longer have to take care of ensuring the generated CSRF token is passed back to the server any request by the the browser will have send this indicator. Resolves forgejo/forgejo#3538 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9830 Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org> Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-10-29 22:43:22 +01:00
Gusted	545e46649a	chore: remove two Git settings (#9815) ... Remove `DisableCoreProtectNTFS`, it was removed in 9dea54a9d6 Remove `LargeObjectThreshold`, it was removed in a21128a734 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9815 Reviewed-by: Robert Wolff <mahlzahn@posteo.de> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-10-23 00:38:47 +02:00
Bojidar Marinov	8ed95dc4c6	fix: use scrollHeight for rendered iframe if offsetHeight is unavailable (#9508) ... Fixes #9421. Added integration test. Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9508 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Co-authored-by: Bojidar Marinov <bojidar.marinov.bg@gmail.com> Co-committed-by: Bojidar Marinov <bojidar.marinov.bg@gmail.com>	2025-10-16 15:51:57 +02:00
Earl Warren	ed0bec9aa9	refactor: developer-friendly database schema migration registration (#9561) ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9561 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Reviewed-by: Lucas <sclu1034@noreply.codeberg.org>	2025-10-15 10:54:20 +02:00
Ryan Lerch	626ff29545	feat: Add support for administrators to set email visibility on user accounts (#9668) ... feat: Add support for administrators to set email visibility on user accounts This feature allows administrators to control user email privacy settings through both the API and web interface. **note: This was originally part of #9594 but is now split out into it's own PR** ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Features - [PR](https://codeberg.org/forgejo/forgejo/pulls/9668): <!--number 9668 --><!--line 0 --><!--description QWRkIHN1cHBvcnQgZm9yIGFkbWluaXN0cmF0b3JzIHRvIHNldCBlbWFpbCB2aXNpYmlsaXR5IG9uIHVzZXIgYWNjb3VudHM=-->Add support for administrators to set email visibility on user accounts<!--description--> <!--end release-notes-assistant--> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9668 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Ryan Lerch <rlerch@redhat.com> Co-committed-by: Ryan Lerch <rlerch@redhat.com>	2025-10-15 03:21:15 +02:00
Mathieu Fenniak	709c315bc4	chore: add new functions to container.Set	2025-10-14 14:40:49 -06:00
Gabor Pihaj	67a9b80c51	feat: include non-conventional headers in payload for git signatures (#9558) ... This patch is meant to fix #8255, by adding all (even unknown) git commit headers to the payload. Unit test is added. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9558 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Gabor Pihaj <gabor.pihaj@gmail.com> Co-committed-by: Gabor Pihaj <gabor.pihaj@gmail.com>	2025-10-14 02:18:01 +02:00
Mathieu Fenniak	78d92aafd7	feat: strip EXIF information from uploaded avatars (#9638) ... Strips EXIF information from uploaded avatars (excluding the orientation tag), affecting both user & repo avatars. Adds a new subcommand `forgejo admin avatar-strip-exif` to perform a retroactive update of avatar files. Fixes #9608. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [ ] I want the title to show in the release notes with a link to this pull request. - [x] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Features - [PR](https://codeberg.org/forgejo/forgejo/pulls/9638): <!--number 9638 --><!--line 0 --><!--description VXBsb2FkZWQgYXZhdGFyIGltYWdlcyBjYW4gc29tZXRpbWVzIGNvbnRhaW4gdW5leHBlY3RlZCBtZXRhZGF0YSBzdWNoIGFzIHRoZSBsb2NhdGlvbiB3aGVyZSB0aGUgaW1hZ2Ugd2FzIGNyZWF0ZWQsIG9yIHRoZSBkZXZpY2UgdGhlIGltYWdlIHdhcyBjcmVhdGVkIHdpdGgsIHN0b3JlZCBpbiBhIGZvcm1hdCBjYWxsZWQgRVhJRi4gRm9yZ2VqbyBub3cgcmVtb3ZlcyBFWElGIGRhdGEgd2hlbiBjdXN0b20gdXNlciBhbmQgcmVwb3NpdG9yeSBpbWFnZXMgYXJlIHVwbG9hZGVkIGluIG9yZGVyIHRvIHJlZHVjZSB0aGUgcmlzayBvZiBwZXJzb25hbGx5IGlkZW50aWZpYWJsZSBpbmZvcm1hdGlvbiBiZWluZyBsZWFrZWQgdW5leHBlY3RlZGx5LiBBIG5ldyBDTEkgc3ViY29tbWFuZCBgZm9yZ2VqbyBkb2N0b3IgYXZhdGFyLXN0cmlwLWV4aWZgIGNhbiBiZSB1c2VkIHRvIHN0cmlwIEVYSUYgaW5mb3JtYXRpb24gZnJvbSBhbGwgZXhpc3RpbmcgYXZhdGFyczsgd2UgcmVjb21tZW5kIHRoYXQgYWRtaW5pc3RyYXRvcnMgcnVuIHRoaXMgY29tbWFuZCBvbmNlIGFmdGVyIHVwZ3JhZGUgaW4gb3JkZXIgdG8gbWluaW1pemUgdGhpcyByaXNrIGZvciBleGlzdGluZyBzdG9yZWQgZmlsZXMu-->Uploaded avatar images can sometimes contain unexpected metadata such as the location where the image was created, or the device the image was created with, stored in a format called EXIF. Forgejo now removes EXIF data when custom user and repository images are uploaded in order to reduce the risk of personally identifiable information being leaked unexpectedly. A new CLI subcommand `forgejo doctor avatar-strip-exif` can be used to strip EXIF information from all existing avatars; we recommend that administrators run this command once after upgrade in order to minimize this risk for existing stored files.<!--description--> <!--end release-notes-assistant--> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9638 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2025-10-13 23:16:17 +02:00
Gusted	89469d14e9	feat: avoid remote for codeowner's merge base (#9610) ... The codeowner features computes the mergebase (I'm not exactly sure why, because this should be stored in the database in `merge_base` column, but if there's no harm to compute it again as that will always be the correct answer) in order to get the changed files between the merge base and the head commit. To do this a function was used that adds a remote... my best reasoning is that this was done because the only function that that was exported on the repository struct had this requirement. Add a new function that *simply* computes the merge base without requiring a remote. The main benefit of not using a remote is that within Codeberg we are frequently seeing `config.lock` being lingered around (see forgejo/forgejo#1946) so its best to avoid modifying the config when possible - in this case it was completely unnecessary. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9610 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-10-10 15:50:38 +02:00
Gusted	419eb0a4a2	feat: improve getting shortstat (#9587) ... Refactor the existing functions to get shortstat of commit and between two commits to use performant alternatives, mainly `git-diff-tree` and `git-diff-index`. Resolves forgejo/forgejo#9551 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9587 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-10-10 14:15:38 +02:00