5312 commits

Author	SHA1	Message	Date
Panagiotis "Ivory" Vasilopoulos	81601eab85	feat(activitypub): use structure @PreferredUsername@host.tld:port for actors (#9254) ... This modifies usernames of ActivityPub accounts to use the @example@example.tld format with an additional optional port component (e.g. @user@example.tld:42). This allows accounts from ActivityPub servers with more relaxed username requirements than those of Forgejo's to interact with Forgejo. Forgejo would also follow a "de facto" standard of ActivityPub implementations. By separating different information using @'s, we also gain future opportunities to store more information about ActivityPub accounts internally, so that we won't have to rely on e.g. the amount of dashes in a username as my migration currently does. Continuation of Aravinth's work: https://codeberg.org/forgejo/forgejo/pulls/4778 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9254 Reviewed-by: jerger <jerger@noreply.codeberg.org> Reviewed-by: Ellen Εμιλία Άννα Zscheile <fogti@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Panagiotis "Ivory" Vasilopoulos <git@n0toose.net> Co-committed-by: Panagiotis "Ivory" Vasilopoulos <git@n0toose.net>	2026-01-30 23:45:11 +01:00
Renovate Bot	daf2e22563	Update module github.com/meilisearch/meilisearch-go to v0.36.0 (forgejo) (#11062) ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11062 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org> Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>	2026-01-27 22:43:28 +01:00
Nils Goroll	5440aaea21	chore: avoid log.Fatal() for jwtx/signingkey (#11066) ... The module calling `log.Fatal()` (which terminates the process) prevents the calling function to enrich the error message with vital information allowing the user to track down problematic configuration directives. Also this was impeding unit tests. One such case is where the path to the specified key can not be created, as demonstrated in the test case. Here the error message is: ``` Error while loading or creating JWT key: Error generating private key ...: mkdir ...: permission denied ``` `log.Fatal()` is kept for `f.Close()` errors which indicate much more severe but very rare underlying issues. Handling these would require broader changes. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11066 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Nils Goroll <nils.goroll@uplex.de> Co-committed-by: Nils Goroll <nils.goroll@uplex.de>	2026-01-27 22:42:03 +01:00
Gusted	a9acd29eff	feat: enable SQLite WAL by default (#11059) ... - In order to avoid a database locked message, you either need shared cache or WAL. Shared cache was disabled in as its deprecrated and could cause more good than trouble. Enable WAL by default, it's only non-desirable in very narrow and select situations (NFS filesystem situation) and is otherwise safe as default. - Resolves forgejo/forgejo#10900 Docs: forgejo/docs!1717 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11059 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2026-01-27 13:59:01 +01:00
Christoph Mewes	023a894677	chore: fix typos throughout the codebase (#10753) ... This PR fixes a number of typos throughout the entire repository. Running https://github.com/crate-ci/typos and then changing all occurrences that I naively deemed "safe enough". Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10753 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Christoph Mewes <christoph@kubermatic.com> Co-committed-by: Christoph Mewes <christoph@kubermatic.com>	2026-01-26 22:57:33 +01:00
hwipl	c9f81315d6	feat: add manage_password to user disable features (#10541) ... Forgejo supports disabling features for users with the configuration options `USER_DISABLED_FEATURES` and `EXTERNAL_USER_DISABLE_FEATURES`. Add `manage_password` that prevents users from configuring passwords. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10541 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: hwipl <hwipl@noreply.codeberg.org> Co-committed-by: hwipl <hwipl@noreply.codeberg.org>	2026-01-26 18:58:39 +01:00
0ko	3cafb7fa6c	chore(ui): change /devtest to /-/demo (#11019) ... It has always been largely used for showcasing UI elements but that name didn't work too well for it. Testing: Some of existing tests depend on these pages, making it redundant to create extra tests. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11019 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Reviewed-by: Gusted <gusted@noreply.codeberg.org>	2026-01-26 13:12:25 +01:00
oidq	8866bf2781	fix: escape HTML tags in inline code blocks in description (#10897) ... Fix rendering of repository descriptions containing HTML symbols inside Markdown inline code block. This patch escapes content within inline code blocks. Resolves #10770. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10897 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: oidq <oidq@oidq.dev> Co-committed-by: oidq <oidq@oidq.dev>	2026-01-25 23:10:56 +01:00
Nils Goroll	6412ee12d0	chore: require.ErrorContains() is intended, but require.Errorf() is used (#11035) ... The two commits in this PR fix test cases which did not work as intended, because `require.Errorf()` was used where `require.ErrorContains()` was intended. The former formats the error output by the test itself when failing, while the latter is to expect the tested error to contain some expected string. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11035 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Nils Goroll <nils.goroll@uplex.de> Co-committed-by: Nils Goroll <nils.goroll@uplex.de>	2026-01-25 19:48:15 +01:00
Nils Goroll	22b5dfdaf1	chore: use require.Error() over require.Errorf() (#11037) ... Related to #11035, this test case used `require.Errorf()` where it could use `require.Error()` to make it clear that this is not a case of confusion with `require.ErrorContains()` The other cases in the same function already use `require.Error()`, so this clearly looks like a consistency glitch. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11037 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Nils Goroll <nils.goroll@uplex.de> Co-committed-by: Nils Goroll <nils.goroll@uplex.de>	2026-01-25 19:36:02 +01:00
Gusted	54017ee5c4	fix: detect renames when using diff-tree (#11038) ... Regression of forgejo/forgejo!9587 `git-diff` will always find renames because it is implied by the `diff.renames` configuration option. Specify `--find-renames` to detect renames again. Resolves forgejo/forgejo#11032 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11038 Reviewed-by: Beowulf <beowulf@beocode.eu> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2026-01-25 15:51:18 +01:00
Shiny Nematoda	217da2ae7f	fix: be case-insensitive when using bleve for issue search (#11022) ... The indexer previously used a `camelcase` filter which could be problamatic for certain queries. This commit removes the faulty filter for bleve, matching the behaviour of the database "indexer". closes !10997 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11022 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com> Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>	2026-01-25 14:44:35 +01:00
Mathieu Fenniak	c52ecd2258	fix: don't clobber authorized_keys file during installation (#10948) ... This PR makes two changes. **First**, it removes the ability for Forgejo to rewrite ssh authorized_keys during startup. Forgejo previously checked if the application path or config file path had changed from that which is recorded in its database. If either has changed, it would rewrite the SSH `authorized_keys` file, as those paths are embedded into that file. The problem is that if a new installation runs the app and goes through a standard init procedure, it will clobber ~/.ssh/authorized_keys which is a disruptive mistake. Instead, Forgejo will proceed to ssh initialization, and due to the change in #10010 the incorrect application path or config file path will result in a fatal server error that the administrator must resolve. Disabling SSH is added as a plausible option for how to resolve that fatal error. **Second**, the interactive install UI has been modified to detect this error before the installation proceeds. If a user is attempting to install Forgejo with SSH, and they have an existing `~/.ssh/authorized_keys` file with keys present in it, the installation will fail with an error advising them to use a separate Forgejo user or to disable SSH. (More options are possible to fix this problem, but these are the obvious solutions.)  Fixes #10942. Manually tested. Without the install process change, Forgejo behaves like this: - Configure a typical end-user `~/.ssh/authorized_keys` file with normal keys - Run through a Forgejo initialization process on a new database; run with SQLite, add a new administrator account during the init process. - After initialization, Forgejo will restart and encounter a fatal error: ``` 2026/01/20 10:11:24 routers/init.go:84:syncAppConfForGit() [I] AppPath changed from '' to '/home/mfenniak/Dev/forgejo/forgejo' 2026/01/20 10:11:24 routers/init.go:89:syncAppConfForGit() [I] CustomConf changed from '' to '/home/mfenniak/Dev/forgejo/custom/conf/app.ini' 2026/01/20 10:11:24 routers/init.go:95:syncAppConfForGit() [I] re-sync repository hooks ... 2026/01/20 10:11:24 ...er/issues/indexer.go:155:func2() [I] Issue Indexer Initialization took 9.858336ms 2026/01/20 10:11:24 modules/ssh/init.go:86:Init() [F] An unexpected ssh public key was discovered. Forgejo will shutdown to require this to be fixed. Fix by either: Option 1: Delete the file /home/mfenniak/.ssh/authorized_keys, and Forgejo will recreate it with only expected ssh public keys. Option 2: Permit unexpected keys by setting [server].SSH_ALLOW_UNEXPECTED_AUTHORIZED_KEYS=true in Forgejo's config file. Option 3: If unused, disable SSH support by setting [server].DISABLE_SSH=true in Forgejo's config file. Unexpected key on line 1 of /home/mfenniak/.ssh/authorized_keys Unexpected key on line 2 of /home/mfenniak/.ssh/authorized_keys Unexpected key on line 3 of /home/mfenniak/.ssh/authorized_keys Unexpected key on line 4 of /home/mfenniak/.ssh/authorized_keys ``` With the install process change, the above error screenshot occurs instead. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change. - [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change. *The decision if the pull request will be shown in the release notes is up to the mergers / release team.* The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/10948): <!--number 10948 --><!--line 0 --><!--description ZG9uJ3QgY2xvYmJlciBhdXRob3JpemVkX2tleXMgZmlsZSBkdXJpbmcgaW5zdGFsbGF0aW9u-->don't clobber authorized_keys file during installation<!--description--> <!--end release-notes-assistant--> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10948 Reviewed-by: 0ko <0ko@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2026-01-23 18:38:09 +01:00
oliverpool	125a621f79	feat: optimization: use fs.ReadFile (#10987) ... While reviewing cpuprofiles of #10985, I noticed a bunch of slice-grows within this function. Instead of `io.ReadAll` (which does not know the size in advance), use `fs.ReadFile`, which will perform correctly-sized allocations. ### Tests This function is already covered by tests in `modules/assetfs/layered_test.go` ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change. - [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change. *The decision if the pull request will be shown in the release notes is up to the mergers / release team.* The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10987 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: oliverpool <git@olivier.pfad.fr> Co-committed-by: oliverpool <git@olivier.pfad.fr>	2026-01-22 16:26:18 +01:00
Nils Goroll	7c7d506386	fix typo: say good bye to the singing key (#10966) ... Polish a glitch from #10481 (kinda sad to let go of such a cute name) ### Checklist * no tests to change * no docs to change * not relevant for release notes Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10966 Reviewed-by: Lucas <sclu1034@noreply.codeberg.org> Reviewed-by: 0ko <0ko@noreply.codeberg.org> Co-authored-by: Nils Goroll <nils.goroll@uplex.de> Co-committed-by: Nils Goroll <nils.goroll@uplex.de>	2026-01-22 05:52:31 +01:00
0ko	10aaef5c7b	feat(perf): remove unused size url parameter for local avatars (#10932) ... Avatars storage handler ignores the size= url parameter, and we don't have any code for creating multiple sizes of the same avatar. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10932 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Reviewed-by: Michael Kriese <michael.kriese@gmx.de>	2026-01-20 04:59:15 +01:00
oliverpool	fdf4dfd2a5	feat(ui): dedicated icon for CITATION file (#10873) ... Fix forgejo/forgejo#7864 Screenshot: https://codeberg.org/attachments/62fbd43e-fe08-45dd-97a6-224353fd94a9 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10873 Reviewed-by: 0ko <0ko@noreply.codeberg.org> Co-authored-by: oliverpool <git@olivier.pfad.fr> Co-committed-by: oliverpool <git@olivier.pfad.fr>	2026-01-17 10:10:56 +01:00
Mario Minardi	c84cbd56a1	feat: add OIDC workload identity federation support (#10481) ... Add support for OIDC workload identity federation. Add ID_TOKEN_SIGNING_ALGORITHM, ID_TOKEN_SIGNING_PRIVATE_KEY_FILE, and ID_TOKEN_EXPIRATION_TIME settings to settings.actions to allow for admin configuration of this functionality. Add OIDC endpoints (/.well-known/openid-configuration and /.well-known/keys) underneath the "/api/actions" route. Add a token generation endpoint (/_apis/pipelines/workflows/{run_id}/idtoken) underneath the "/api/actions" route. Depends on: https://code.forgejo.org/forgejo/runner/pulls/1232 Docs PR: https://codeberg.org/forgejo/docs/pulls/1667 Signed-off-by: Mario Minardi <mminardi@shaw.ca> ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [ ] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [ ] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10481 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Mario Minardi <mminardi@shaw.ca> Co-committed-by: Mario Minardi <mminardi@shaw.ca>	2026-01-15 03:39:00 +01:00
Otto Richter	5c8da92a6d	config: Lower default [database].MAX_OPEN_CONNS (#10821) ... Resolves https://codeberg.org/forgejo/forgejo/issues/10584 Codeberg mostly uses about 30 connections with rare peaks, so I think it's safe to assume that this value is reasonable even for large Forgejo deployments, and only needs to be adjusted for very busy instances. In practice, the open connections likely remain lower due to the connection lifetime and maximum idle connections (which could maybe also be tuned later). A value of 30 would technically allow 3 full-loaded Forgejo instances to operate on one PostgreSQL instance (30 * 3 = 90 < 97) without conflicting. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10821 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Co-authored-by: Otto Richter <git@otto.splvs.net> Co-committed-by: Otto Richter <git@otto.splvs.net>	2026-01-14 10:10:02 +01:00
Michael Kriese	1dceb23868	fix: drop sqlite shared cache (#10812) ... Use of sqlite shared cache is discouraged and obsolete. wal mode should be used instead. - https://sqlite.org/sharedcache.html#use_of_shared_cache_is_discouraged Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10812 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Michael Kriese <michael.kriese@visualon.de> Co-committed-by: Michael Kriese <michael.kriese@visualon.de>	2026-01-13 21:04:35 +01:00
limiting-factor	a71392c6aa	chore: update gof3/v3 v3.11.15 (#10673) ... Update the Forgejo driver for gof3 with modifications for non-backward compatible changes. The changes are isolated behind the f3.Enable flag and not yet functional. The purpose of this upgrade is to not drift from the gof3 implementation while the work continues. The `fix: include remote users when counting users` commit is a functional change to Forgejo itself but does not change the behavior because the remote users are only created in fixtures or by F3. 59c721d26b/models/user/user.go (L65-L66) Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10673 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: limiting-factor <limiting-factor@posteo.com> Co-committed-by: limiting-factor <limiting-factor@posteo.com>	2026-01-13 16:59:56 +01:00
Leon Schmidt	fda54d59b8	Auto-link container images to repository (#10617) ... Implements auto-linking container images from the package registry to a repository (closes #2823). This might ease implementing #2699 in the future. Specifically, auto-linking happens on package creation and NOT when publishing updates to the same package. This should prevent "relinking" a manually unlinked package when publishing an update. Linking is performed either via the the Docker label `` (as described here: https://codeberg.org/forgejo/forgejo/issues/2823#issuecomment-8163866) or by naming the image like the repository (supports nested image names). ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - ~~[ ] in their respective `*_test.go` for unit tests.~~ _(Not required, since only already tested functions were used)_ - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - ~~I added test coverage for JavaScript changes...~~ _(No changes to JavaScript code)_ ### Documentation - [X] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change: https://codeberg.org/forgejo/docs/pulls/1666 - [ ] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [X] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10617 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Leon Schmidt <mail@leon.wtf> Co-committed-by: Leon Schmidt <mail@leon.wtf>	2026-01-11 23:50:21 +01:00
oliverpool	970b0da24d	fix: internal server error on a large .gitmodules (#10744) ... Fix #10714 (introduced in #8438) by silently ignoring large .gitmodules files. Additionally: - the limit was bumped from 10KB to 64KB (https://github.com/boostorg/boost/blob/master/.gitmodules has 20KB) - a warning is shown on the .gitmodules view page if this limit is exceeded Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10744 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Reviewed-by: 0ko <0ko@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: oliverpool <git@olivier.pfad.fr> Co-committed-by: oliverpool <git@olivier.pfad.fr>	2026-01-10 10:44:59 +01:00
Mai-Lapyst	ed63f06d79	Move web app manifest to a own cache-able route and add a setting to set "display": "standalone"; Closes #2638 (#5384) ... This PR does three things: - First it moves the inline web app manifest into its own route `/manifest.json` - Secondly, it add a setting `pwa.STANDALONE` that can be set to `true` if one wants users to be allowed to "install" forgejo as an pwa into their browser. This usually means an "install app" button, which essentially just creates an shortcut to use a single-tab window for browsing the app / forgejo. - Thirdly since we have now an extra route, it checks if someone placed a `public/manifest.json` in forgejo's custom path; if yes, it's content is served instead. This allows more customization without the need on our side to completly implement every nuance of web app manifests. This closes issue #2638 ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. ### Documentation - [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs/pulls/1669) to explain to Forgejo users how to use this change. ### Release notes - [ ] I do not want this change to show in the release notes. - [ ] I want the title to show in the release notes with a link to this pull request. - [x] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Features - [PR](https://codeberg.org/forgejo/forgejo/pulls/5384): <!--number 5384 --><!--line 0 --><!--description W2FsbG93IGZvcmdlam8gdG8gcnVuIGFzIGEgcHdhIHN0YW5kYWxvbmUgYXBwbGljYXRpb24gJiBvdmVycmlkZSBvZiB0aGUgd2ViYXBwIG1hbmlmZXN0Lmpzb24gdmlhIHRoZSBhIGN1c3RvbSBmaWxlIGluIGBwdWJsaWMvbWFuaWZlc3QuanNvbmBdKGh0dHBzOi8vY29kZWJlcmcub3JnL2Zvcmdlam8vZm9yZ2Vqby9wdWxscy81Mzg0KQ==-->[allow forgejo to run as a pwa standalone application & override of the webapp manifest.json via the a custom file in `public/manifest.json`](https://codeberg.org/forgejo/forgejo/pulls/5384)<!--description--> <!--end release-notes-assistant--> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5384 Reviewed-by: Otto <otto@codeberg.org> Reviewed-by: Lucas <sclu1034@noreply.codeberg.org> Co-authored-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org> Co-committed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>	2026-01-09 17:49:29 +01:00
Myers Carpenter	00b457e291	feat: Add header annotations for accurate API documentation (#9380) ... This will help api packages like https://codeberg.org/Cyborus/forgejo-api to generate clients that expose the header information as well. Currently `forgejo-api` has to edit the swagger json to generate a client crate that knows about headers. - Create separate response types for different endpoint behaviors - CommitList: Base type with only X-Total-Count header - CommitListWithPagination: For GetPullRequestCommits (pagination headers + X-Total-Count) - CommitListWithLegacyPagination: For GetAllCommits (pagination headers + X-Total-Count + deprecated X-Total) - ChangedFileList: Base type with only X-Total-Count header - ChangedFileListWithPagination: For GetPullRequestFiles (pagination headers + X-Total-Count) This ensures swagger documentation accurately reflects which headers each endpoint returns. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9380 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Reviewed-by: Cyborus <cyborus@disroot.org> Co-authored-by: Myers Carpenter <myers@maski.org> Co-committed-by: Myers Carpenter <myers@maski.org>	2026-01-06 10:29:15 +01:00
Andreas Ahlenstorf	0837c8d8be	feat: add HTTP API endpoint for runner registration (#10677) ... Add an HTTP API endpoint for runner registration. It enables managing the entire runner lifecycle using Forgejo's HTTP API. See https://code.forgejo.org/forgejo/forgejo-actions-feature-requests/issues/78 for background, design considerations, and usage. Example usage: ``` $ curl -X POST -H "Content-Type: application/json" -H "Accept: application/json" -H "Authorization: token 3fc3ef39805b0f811a5d7789cb7b448348d6bfbb" --data '{"name":"api-runner","description":"Lorem ipsum"}' http://localhost:3000/api/v1/user/actions/runners ``` ```json {"id":30,"uuid":"a5e33697-9f58-437d-83c3-551b6c6a6334","token":"cac45fa6726fe4e28f42598773671af28a3be121"} ``` ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [ ] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10677 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch> Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>	2026-01-05 04:59:04 +01:00
limiting-factor	2faaa4c5b4	chore: move all test blank imports in a single package (#10662) ... - Create `modules/testimport/import.go` to centralize blank import needed for tests (in order to run the `init` function) to simplify maintenance. - Remove the imports that are not needed. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10662 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: limiting-factor <limiting-factor@posteo.com> Co-committed-by: limiting-factor <limiting-factor@posteo.com>	2026-01-02 05:32:32 +01:00
Beowulf	85dacd8e50	fix(ui): improve rendering of commit links (#10530) ... This commit changes the commit link rendering (link to a single commit, a diff, a PR, etc): 1. If it is a link to something on the local instance: 1.1. If it is to the same org and repo, the link is just e.g. the commit hash 1.2. If it is to another repo, the link is the org/repo/commit hash 2. If the link is to another instance: The link is the domain/optional sub path/org/repo/commit hash This change is made to keep the link as short as possible, while not hiding that the link may go to an external instance. Followup to !9146 Closes #10241 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10530 Reviewed-by: Gusted <gusted@noreply.codeberg.org>	2025-12-28 17:18:51 +01:00
Andreas Ahlenstorf	57a40f4bcd	feat: increase default limit of dispatch inputs to 100 (#10563) ... Raise the default value for LimitDispatchInputs from 10 to 100. 100 should be plenty while offering some protection against excessively large inputs. Note that the limit only applies to the number of submitted inputs, not the total number of inputs defined in a workflow. See https://codeberg.org/forgejo/forgejo/pulls/10368 for background and motivation. The change also prevents the dispatch menu in the UI from becoming too large. Before:  Afterwards (scrollbars are invisible, unfortunately):  ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [x] I do not want this change to show in the release notes. - [ ] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10563 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch> Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>	2025-12-23 17:49:47 +01:00
0ko	973ff28f44	chore(test): separate and move around i18n testing (#10539) ... Closes #10534 The primary code change is that `TestMissingTranslationHandling` was converted to a unit test. However translation unit tests were a mix of mostly unrelated old (INI) and new (JSON) code with unclear licensing. It was cleaned up with help of Git history. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10539 Reviewed-by: Gusted <gusted@noreply.codeberg.org>	2025-12-23 04:39:26 +01:00
Shiny Nematoda	b1adc7d931	chore: minor code cleanup in search (#10549) ... Minor code cleanup for code/issue search. Mostly breaking up the common functionality into separate functions :) Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10549 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com> Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>	2025-12-23 00:38:51 +01:00
Shiny Nematoda	2db37153fb	port(gitea): Fix password leak in log messages (go-gitea/gitea!35584) (#10550) ... Link to original PR: https://github.com/go-gitea/gitea/pull/35584 Original Author: https://github.com/shashank-netapp Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10550 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com> Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>	2025-12-22 22:53:17 +01:00
Gusted	4e83f85b75	feat: use keying for webhook secrets (#10059) ... - Follow up of forgejo/forgejo!5041, forgejo/forgejo!6074, forgejo/forgejo!8692, forgejo/forgejo!9923 - The `webhook` table contains a encrypted header authorization. - Use `keying` to safely store this secret and bound them to the table, column and row id - The migration isn't spectacular but does closely follow what we learned in the previous three migrations: use a transaction and delete records when you can't decrypt them. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10059 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-12-22 15:51:37 +01:00
James Anderson	50b0075266	fix: linking commit hashes with leading or trailing punctuation (#8643) ... Recognize commit hashes if they have leading or trailing punctuation, `ccc33dd2dfcd8e9d81c7e91f74acf92114a61ea0...` will not be recognized properly. The restriction of two punctuation characters on either side has been lifted. Resolves #8602 Co-Authored-By: Beowulf <beowulf@beocode.eu> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8643 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: James Anderson <james@jamesa.me> Co-committed-by: James Anderson <james@jamesa.me>	2025-12-22 02:32:40 +01:00
Andreas Ahlenstorf	ddd4cf0d28	chore: revise runner REST API endpoints (#10450) ... In https://codeberg.org/forgejo/forgejo/pulls/9409, REST API endpoints were added to manage runners. The REST API endpoints were modelled after GitHub's REST API. That comes at the cost of introducing methods and fields that Forgejo does not and is unlikely to support in the future, like label IDs or label types. But Forgejo would have to maintain them for a very long time. The introduced endpoints have been revised and aligned with existing Forgejo REST API endpoints: * POST for `/registration-token` has been removed because it was only an alias of GET. * `/runners` returns a list of `ActionRunner` instead of a wrapper object. `total_count` was replaced with the header `x-total-count` that is used throughout Forgejo. * `status` in `ActionRunner` was converted to an enum that is documented. * `busy` in `ActionRunner` was combined with `status`. A single enum is easier to extend and consume. * `labels` in `ActionRunner` was converted to a list of strings to match existing Forgejo REST API endpoints. * `ephemeral` has been removed from `ActionRunner` because ephemeral runners have not been merged, yet. * `ActionRunner` received a number of new fields: `uuid`, `version`, `description`, `owner_id`, and `repo_id`. In addition to those structural changes, the test coverage was enhanced and the API documentation polished. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [ ] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10450 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch> Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>	2025-12-21 17:21:02 +01:00
Beowulf	d436de90b1	Add to html button in markdown type="button" (#10520) ... This is for preventing that a markdown button is recognized as button for submission in a html form. Buttons can't be stripped from the markdown due to: https://codeberg.org/forgejo/forgejo/pulls/7670#issuecomment-4086608 There is no issue with buttons if they always have `type="button"`, so this should be fine. This is a "follow-up" to !7670. Fixes #7656 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10520 Reviewed-by: Otto <otto@codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Beowulf <beowulf@beocode.eu> Co-committed-by: Beowulf <beowulf@beocode.eu>	2025-12-21 05:21:27 +01:00
Renovate Bot	39189baa17	Update module github.com/alecthomas/chroma/v2 to v2.21.1 (forgejo) (#10479) ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10479 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org> Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>	2025-12-20 17:13:12 +01:00
danez	001ebb8e39	feat: Add support for loading db password from file via PASSD_URI (#10421) ... Adds a new PASSWD_URI ini setting similar to all the other secrets Fixes #9365 Fixes #6530 Co-authored-by: Daniel Tschinder <231804+danez@users.noreply.github.com> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10421 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: danez <danez@noreply.codeberg.org> Co-committed-by: danez <danez@noreply.codeberg.org>	2025-12-18 20:55:56 +01:00
Andreas Ahlenstorf	af1eda733c	feat(actions): make GITHUB_WORKFLOW_REF available (#10276) ... Make the variable `GITHUB_WORKFLOW_REF` available in Forgejo Action workflows. It is the ref path to the workflow and looks like `testowner/testrepo/.forgejo/workflows/test-workflow.yaml@refs/heads/main` ([GitHub documentation](https://docs.github.com/en/actions/reference/workflows-and-actions/variables)). GitHub Actions like [gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) rely on its presence. See https://code.forgejo.org/forgejo/forgejo-actions-feature-requests/issues/56 for additional details. `GITHUB_WORKFLOW_REF` cannot be generated easily during an action run. Either the path to workflow file has to be hardcoded or inferred by replicating the logic Forgejo uses to determine it. That is further complicated by the fact that Forgejo supports multiple search paths, namely `.forgejo/workflows`, `.gitea/workflows`, and `.github/workflows`. It is also the reason that the workflow directory is now stored in the database alongside the name of the workflow file. Partial implementation is required in Forgejo Runner, see https://code.forgejo.org/forgejo/runner/pulls/1197. Example workflow: ```yaml on: push: workflow_dispatch: schedule: - cron: "* * * * *" jobs: test: runs-on: ubuntu-latest steps: - run: | echo "FORGEJO_WORKFLOW_REF=$FORGEJO_WORKFLOW_REF" echo "GITHUB_WORKFLOW_REF=$GITHUB_WORKFLOW_REF" echo "forgejo.workflow_ref=${{ forgejo.workflow_ref }}" echo "github.workflow_ref=${{ github.workflow_ref }}" ``` ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [ ] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [ ] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10276 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch> Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>	2025-12-17 23:15:26 +01:00
Shiny Nematoda	cdc27b0d62	feat: add support to opt-in for fuzzy search (#10378) ... The rationale for keeping it behind a flag is due to fuzzy search being computationally intensive #5261 Admins may opt-in by setting the `[indexer].REPO_INDEXER_FUZZY_ENABLED` flag to true. Closes #10331 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10378 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com> Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>	2025-12-17 13:51:48 +01:00
Nikita Karamov	a22e5f86c6	fix: Allow SHA-256 in PR commit URLs (#10309) ... Closes #9129. I decided to try myself in contributing to Forgejo after having found this bug mentioned on Fedi. I have also added a basic test for this behaviour, but this means that this PR adds a SHA-256 repo to the fixture set, so it can be reused in other tests. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10309 Reviewed-by: Lucas <sclu1034@noreply.codeberg.org> Reviewed-by: 0ko <0ko@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Nikita Karamov <me@kytta.dev> Co-committed-by: Nikita Karamov <me@kytta.dev>	2025-12-16 00:45:00 +01:00
Adora	f11d72a8a5	fix: issues and pulls route permitted extra characters (#10185) ... Fix a issue where the `/{owner}/{repo}/issues` and `/{owner}/{repo}/pulls` routes permitted the addition of extra characters in the URL. Resolves forgejo/forgejo#9954. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10185 Reviewed-by: Lucas <sclu1034@noreply.codeberg.org> Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Adora <me@adora.codes> Co-committed-by: Adora <me@adora.codes>	2025-12-10 01:21:38 +01:00
Michael Jerger	9cff7ebde5	log instrumentation & test package (#10371) ... This PR is part of #4767. It contains * add log to federation services * separat test package for test (fix dependency cycles) Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10371 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de> Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>	2025-12-09 15:37:50 +01:00
famfo	b428d47aaa	fix: add stub outboxes to actors (#10120) ... Mastodon doesn't create actors locally if the outbox is not found. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10120 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: famfo <famfo@famfo.xyz> Co-committed-by: famfo <famfo@famfo.xyz>	2025-12-01 16:51:35 +01:00
thezzisu	e31d67e0aa	feat: allow sync quota groups with oauth2 auth source (#8554) ... Implements synchronizing an external user's quota group with provided OAuth2 claim. This functionality will allow system administrators to manage user's quota groups automatically. Documentation is at forgejo/docs#1337 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8554 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: thezzisu <thezzisu@gmail.com> Co-committed-by: thezzisu <thezzisu@gmail.com>	2025-12-01 14:12:00 +01:00
pat-s	c39a4368af	refactor: migrate from lib/pq to jackc/pgx (#10219) ... This PR migrates the unmaintaiend `lib/pq` library to `jackc/pgx`, which is the de-facto standard lib in go for postgres connections these days. Some implementation notes: We register both `pgx` and `postgresschema` driver names (for backward comp). We can't register `postgres` as this one is still used by `lib/pq` imported by `go-chi/session`, which is in use when users go for the "postgres" session type in the "Session config. It is questionable if anyone is really using the "postgres" driver option in the session config - but for consistency, it would be good to also migrate to `pgx` there, especially as the code lives within Forgejo under [go-chi/session](https://code.forgejo.org/go-chi/session). `pgx` supports multi-host notation in the connection string. New tests have been added therefore. `pgx` also allows for connection string parameters such as `?default_query_exec_mode=simple_protocol`. This should possibly allow running with `pgbouncer` "transaction" mode instead of "session", which could substantially enhance Postgres query handling. ## Checklist ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10219 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: pat-s <patrick.schratz@gmail.com> Co-committed-by: pat-s <patrick.schratz@gmail.com>	2025-11-30 17:47:45 +01:00
nachtjasmin	8ee4a7d658	chore: ensure consistent import aliasing for services and models (#10253) ... To make sure that the code stays maintainable, I added the `importas` linter to ensure that the imports for models and services stay consistent. I realised that this might be needed after finding some discrepancies between singular/plural naming, and, especially in the case of the `forgejo.org/services/context` package, multiple different aliases like `gitea_ctx`, `app_context` and `forgejo_context`. I decided for `app_context`, as that seems to be the most commonly used naming. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10253 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: nachtjasmin <nachtjasmin@posteo.de> Co-committed-by: nachtjasmin <nachtjasmin@posteo.de>	2025-11-30 17:00:57 +01:00
Renovate Bot	d2bde42347	Update module code.forgejo.org/forgejo/runner/v11 to v12 (forgejo) (#10213) ... This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [code.forgejo.org/forgejo/runner/v11](https://code.forgejo.org/forgejo/runner) | `v11.3.1` -> `v12.0.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>forgejo/runner (code.forgejo.org/forgejo/runner/v11)</summary> ### [`v12.0.1`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.0.1) [Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.0.0...v12.0.1) - [User guide](https://forgejo.org/docs/next/user/actions/overview/) - [Administrator guide](https://forgejo.org/docs/next/admin/actions/) - [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions) Release Notes *** <!--start release-notes-assistant--> <!--URL:https://code.forgejo.org/forgejo/runner--> - bug fixes - [PR](https://code.forgejo.org/forgejo/runner/pulls/1175): <!--number 1175 --><!--line 0 --><!--description Zml4OiAnZmFpbGVkIHRvIHJlYWQgYWN0aW9uJyBlcnJvcnMgd2hlbiB1c2luZyByZWxhdGl2ZSB3b3JrZGlyX3BhcmVudA==-->fix: 'failed to read action' errors when using relative workdir\_parent<!--description--> - other - [PR](https://code.forgejo.org/forgejo/runner/pulls/1176): <!--number 1176 --><!--line 0 --><!--description Y2hvcmU6IGJ1bXAgdmVyc2lvbiB0byB2MTI=-->chore: bump version to v12<!--description--> <!--end release-notes-assistant--> ### [`v12.0.0`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.0.0) [Compare Source](https://code.forgejo.org/forgejo/runner/compare/v11.3.1...v12.0.0) - [User guide](https://forgejo.org/docs/next/user/actions/overview/) - [Administrator guide](https://forgejo.org/docs/next/admin/actions/) - [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions) Release Notes **Breaking change:** This release is a major version bump due to a system requirement change, requiring a git installation. This requirement is included in the OCI containers, but may require the installation of a supported package, or packaging changes from redistributors of Forgejo Runner. Access to a `git` binary is now required to access reusable actions and workflows, such as `use: action/checkout@v5` -- before this release, access was performed using an internal library that avoided an external dependency. [PR](https://code.forgejo.org/forgejo/runner/pulls/1162) *** <!--start release-notes-assistant--> <!--URL:https://code.forgejo.org/forgejo/runner--> - features - [PR](https://code.forgejo.org/forgejo/runner/pulls/1173): <!--number 1173 --><!--line 0 --><!--description ZmVhdDogYWRkIGNvbmZpZyB2YWx1ZXMgdG8gb3ZlcnJpZGUgdGFzayBmaW5hbGl6YXRpb24gcmV0cnk=-->feat: add config values to override task finalization retry<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1160): <!--number 1160 --><!--line 0 --><!--description ZmVhdDogc2tpcCBmZXRjaGluZyByZW1vdGUgYWN0aW9uIHJlcG8gd2hlbiB1c2luZyBmdWxsIHNoYSBhbHJlYWR5IGZldGNoZWQ=-->feat: skip fetching remote action repo when using full sha already fetched<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1162): <!--number 1162 --><!--line 0 --><!--description ZmVhdDogdXNlIGdpdCB3b3JrIHRyZWVzIGZvciByZW1vdGUgZ2l0IGFjdGlvbnMgJiB3b3JrZmxvd3M=-->feat: use git work trees for remote git actions & workflows<!--description--> - bug fixes - [PR](https://code.forgejo.org/forgejo/runner/pulls/1170): <!--number 1170 --><!--line 0 --><!--description Zml4OiBpbXByb3ZlIGxvZ2dpbmcgb24gZmluYWwgbG9nICYgc3RhdHVzIHRyYW5zbWlzc2lvbiBhbmQgcmV0cmllcw==-->fix: improve logging on final log & status transmission and retries<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1135): <!--number 1135 --><!--line 0 --><!--description Zml4OiBlbmFibGUgYnVpbGRpbmcgZm9yIG9wZW5ic2QsIGRyYWdvbmZseSwgYW5kIHNvbGFyaXMvaWxsdW1vcw==-->fix: enable building for openbsd, dragonfly, and solaris/illumos<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1136): <!--number 1136 --><!--line 0 --><!--description Zml4OiBpbml0aWFsaXplIHdvcmtmbG93LWxldmVsIGVudiBjb250ZXh0IGJlZm9yZSBzdGFydGluZyBqb2IgY29udGFpbmVy-->fix: initialize workflow-level env context before starting job container<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1137): <!--number 1137 --><!--line 0 --><!--description Zml4OiBhbGxvdyAnZW52JyBjb250ZXh0IGluIGpvYnMuPG5hbWU+Lmlm-->fix: allow 'env' context in jobs.<name>.if<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1145): <!--number 1145 --><!--line 0 --><!--description Zml4OiByZW1vdGUgcmV1c2FibGUgd29ya2Zsb3dzIGJ5IHJlbGF0aXZlIFVSTCB1c2UgZGVmYXVsdF9hY3Rpb25zX3VybA==-->fix: remote reusable workflows by relative URL use default\_actions\_url<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1156): <!--number 1156 --><!--line 0 --><!--description Zml4OiBVc2UgZ2l0IHJlc2V0IC0taGFyZCBpbnN0ZWFkIG9mIHB1bGwgYW5kIGNoZWNrb3V0IGZvciBhY3Rpb25z-->fix: Use git reset --hard instead of pull and checkout for actions<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1163): <!--number 1163 --><!--line 0 --><!--description Zml4OiBydW4gaW1hZ2VzIHdpdGggZXhwbGljaXQgcGxhdGZvcm0gdGFncywgZml4ZXMgcHVsbGVkIGltYWdlIGFyY2hpdGVjdHVyZSBtaXNtYXRjaA==-->fix: run images with explicit platform tags, fixes pulled image architecture mismatch<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1165): <!--number 1165 --><!--line 0 --><!--description Zml4OiBpbXByb3ZlIGxvZ2dpbmcgJiBkaXNwbGF5IG9mIGVycm9ycyBkdXJpbmcgd29ya2Zsb3cgZXZhbHVhdGlvbg==-->fix: improve logging & display of errors during workflow evaluation<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1171): <!--number 1171 --><!--line 0 --><!--description Zml4OiBlbnN1cmUgaHR0cC5DbGllbnQgYWx3YXlzIGhhcyBhIHRpbWVvdXQgZm9yIEZvcmdlam8gYWNjZXNz-->fix: ensure http.Client always has a timeout for Forgejo access<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1139): <!--number 1139 --><!--line 0 --><!--description Zml4OiBwYXNzIG9zIGFyZ3VtZW50IHRvIGBseGMtaGVscGVycy5zaGAgaGVscGVyIGZybSBgZm9yZ2Vqby1ydW5uZXItc2VydmljZS5zaGA=-->fix: pass os argument to `lxc-helpers.sh` helper frm `forgejo-runner-service.sh`<!--description--> - other - [PR](https://code.forgejo.org/forgejo/runner/pulls/1155): <!--number 1155 --><!--line 0 --><!--description dGVzdDogYWxsb3cgb3ZlcnJpZGluZyB0aGUgdGVzdCBEb2NrZXIgc29ja2V0IHVzaW5nIERPQ0tFUl9IT1NU-->test: allow overriding the test Docker socket using DOCKER\_HOST<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1152): <!--number 1152 --><!--line 0 --><!--description V2luZG93cyBjb21wYXRpYmlsaXR5IGZpeGVz-->Windows compatibility fixes<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1159): <!--number 1159 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSB1bnVzZWQgYW5kIGluY29tcGxldGUgQWN0aW9uQ2FjaGUgcmV3cml0ZQ==-->chore: remove unused and incomplete ActionCache rewrite<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1168): <!--number 1168 --><!--line 0 --><!--description VXBkYXRlIGdvbGFuZy5vcmcveC9jcnlwdG8gKGluZGlyZWN0KSB0byB2MC40NS4wIFtTRUNVUklUWV0=-->Update golang.org/x/crypto (indirect) to v0.45.0 \[SECURITY]<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1141): <!--number 1141 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2RvY2tlci9jbGkgdG8gdjI4LjUuMitpbmNvbXBhdGlibGU=-->Update module github.com/docker/cli to v28.5.2+incompatible<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1154): <!--number 1154 --><!--line 0 --><!--description VXBkYXRlIGdvbGFuZy5vcmcveC9jcnlwdG8gKGluZGlyZWN0KSB0byB2MC40My4wIFtTRUNVUklUWV0=-->Update golang.org/x/crypto (indirect) to v0.43.0 \[SECURITY]<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1149): <!--number 1149 --><!--line 0 --><!--description Y2koY2FzY2FkZS1mb3JnZWpvKTogdXNlIHRtcGZzIGZvciBidWlsZGluZyB0byBzcGVlZHVwIGNvbXBpbGF0aW9u-->ci(cascade-forgejo): use tmpfs for building to speedup compilation<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1148): <!--number 1148 --><!--line 0 --><!--description Y2hvcmUocmVub3ZhdGUpOiBhbGxvdyB1cGRhdGluZyBtb3JlIGZvcmdlam8tcnVubmVyLXNlcnZpY2UgZGVwcw==-->chore(renovate): allow updating more forgejo-runner-service deps<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1142): <!--number 1142 --><!--line 0 --><!--description Y2k6IGFsbG93IGdvIHRvIGRvd25sb2FkIHJlcXVpcmVkIHRvb2xjaGFpbiBmb3IgY2FzY2FkZQ==-->ci: allow go to download required toolchain for cascade<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1132): <!--number 1132 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWdvIGFjdGlvbiB0byB2Ng==-->Update <https://data.forgejo.org/actions/setup-go> action to v6<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1140): <!--number 1140 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjAuNQ==-->Update <https://data.forgejo.org/actions/setup-forgejo> action to v3.0.5<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1133): <!--number 1133 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9kb2NrZXIvYnVpbGQtcHVzaC1hY3Rpb24gYWN0aW9uIHRvIHY2-->Update <https://data.forgejo.org/docker/build-push-action> action to v6<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1134): <!--number 1134 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9kb2NrZXIvc2V0dXAtYnVpbGR4LWFjdGlvbiBhY3Rpb24gdG8gdjM=-->Update <https://data.forgejo.org/docker/setup-buildx-action> action to v3<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1131): <!--number 1131 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL2NoZWNrb3V0IGFjdGlvbiB0byB2NQ==-->Update <https://data.forgejo.org/actions/checkout> action to v5<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1130): <!--number 1130 --><!--line 0 --><!--description VXBkYXRlIGZvcmdlam8tcnVubmVyIHRvIHYxMS4zLjE=-->Update forgejo-runner to v11.3.1<!--description--> <!--end release-notes-assistant--> </details> --- ### Configuration 📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xMS4wIiwidXBkYXRlZEluVmVyIjoiNDIuMTEuMCIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19--> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10213 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org> Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>	2025-11-23 15:58:57 +01:00
Mathieu Fenniak	6c43dcbe0a	2025-11-21 combined security patches (#10037) ... [CVSS 5.3 Medium](https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N) -- The `/repos/{owner}/{repo}/issues/{index}/dependencies` APIs allow a user to link an issue in one repository as "depending upon" an issue in another repository. Forgejo's implementation had an incorrect permission check which would verify only that the user had write permissions on the issue being modified, and not on the issue it was linking to. Due to the incorrect permission check, it was possible to view limited information (the existence of, and title of) an issue in a private repository that the user does not have access to view. The permission check has been corrected to take into account visibility of the remote repository. [CVSS 5.3 Medium](https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N) -- Fetching information about a release via the `/repos/{owner}/{repo}/releases/tag/{tag}` API endpoint did not check whether the release was a draft, allowing accessing to information about a draft release to users who could predict an upcoming release tag but didn't have access to view it. The missing check has been added, returning a 404 response when the release is not published. [CVSS 6.3 Medium](https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N) -- Forgejo's web interface allows deleting tags on a git repository through a form post. The endpoint for this form post had misconfigured middleware handlers which enforce security rights, allowing an anonymous user, or a logged-in user without the correct permissions, to delete tags on repositories that they did not own by injecting arbitrary internal tag identifiers into the form. The middleware handler configuration has been corrected. [CVSS 2.1 Low](https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N) -- When the head branch of a pull request matches a branch protection rule, the head branch should be able to be merged or rebased only according to the "Push" rules defined in the protection rule. An implementation error checked those branch protection rules in the context of the base repository rather than the head repository, allowing users with write access to the base repository to be considered able to push to the branch, bypassing the "Enable push" option's expected security control. [CVSS 2.1 Low](https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N) -- An issue owner can manipulate form inputs to delete the content history of comments they did not create, as long as those comments are on issues that they own. Although comment content is not affected, the history of edits on the comment can be trimmed. The validation in the form handler was corrected. [CVSS 5.1 Medium](https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N) -- When a repository is configured with tag protection rules, it should not be possible for a user that is outside the whitelisted users or teams from modifying the protected tags. An incorrect parameter being passed to a security verification method allowed a user with write access to the repo to delete tags even if they were protected, as long as the tag was originally created by a user who is still authorized by the protection rules. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Security bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/10037): <!--number 10037 --><!--line 0 --><!--description Zml4KGFwaSk6IGZpeCBkZXBlbmRlbmN5IHJlcG8gcGVybXMgaW4gQ3JlYXRlL1JlbW92ZUlzc3VlRGVwZW5kZW5jeQ==-->fix(api): fix dependency repo perms in Create/RemoveIssueDependency<!--description--> - [PR](https://codeberg.org/forgejo/forgejo/pulls/10037): <!--number 10037 --><!--line 1 --><!--description Zml4KGFwaSk6IGRyYWZ0IHJlbGVhc2VzIGNvdWxkIGJlIHJlYWQgYmVmb3JlIGJlaW5nIHB1Ymxpc2hlZA==-->fix(api): draft releases could be read before being published<!--description--> - [PR](https://codeberg.org/forgejo/forgejo/pulls/10037): <!--number 10037 --><!--line 2 --><!--description bWlzY29uZmlndXJlZCBzZWN1cml0eSBjaGVja3Mgb24gdGFnIGRlbGV0ZSB3ZWIgZm9ybQ==-->misconfigured security checks on tag delete web form<!--description--> - [PR](https://codeberg.org/forgejo/forgejo/pulls/10037): <!--number 10037 --><!--line 3 --><!--description aW5jb3JyZWN0IGxvZ2ljIGluICJVcGRhdGUgUFIiIGRpZCBub3QgZW5mb3JjZSBoZWFkIGJyYW5jaCBwcm90ZWN0aW9uIHJ1bGVzIGNvcnJlY3RseQ==-->incorrect logic in "Update PR" did not enforce head branch protection rules correctly<!--description--> - [PR](https://codeberg.org/forgejo/forgejo/pulls/10037): <!--number 10037 --><!--line 4 --><!--description aXNzdWUgb3duZXIgY2FuIGRlbGV0ZSBhbm90aGVyIHVzZXIncyBjb21tZW50J3MgZWRpdCBoaXN0b3J5IG9uIHNhbWUgaXNzdWU=-->issue owner can delete another user's comment's edit history on same issue<!--description--> - [PR](https://codeberg.org/forgejo/forgejo/pulls/10037): <!--number 10037 --><!--line 5 --><!--description dGFnIHByb3RlY3Rpb24gcnVsZXMgY2FuIGJlIGJ5cGFzc2VkIGR1cmluZyB0YWcgZGVsZXRlIG9wZXJhdGlvbg==-->tag protection rules can be bypassed during tag delete operation<!--description--> <!--end release-notes-assistant--> Co-authored-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10037 Reviewed-by: 0ko <0ko@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2025-11-21 05:23:43 +01:00
oliverpool	dc5580525e	fix: support git clone when /tmp has noexec (#10146) ... Resolves #9733 (alternative to #10136) Instead of setting `GIT_ASKPASS`, instruct git to use the credential-store helper with a dedicated file. The tests have been adjusted accordingly. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10146 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: oliverpool <git@olivier.pfad.fr> Co-committed-by: oliverpool <git@olivier.pfad.fr>	2025-11-19 16:36:34 +01:00