4738 commits

Author	SHA1	Message	Date
Mathieu Fenniak	1aca323acb	fix: make concurrency group job cancellation effect runs that are failed (#10863) ... When an action's job fails, it marks the entire run as failed. Concurrency group cancellation was only looking for runs that are in a pending state, and therefore after a single job failed in the run, none of the other jobs in the run could be cancelled by a matching cancel-in-progress job. Raised in https://codeberg.org/Codeberg/Community/issues/2315. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10863 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2026-01-16 10:54:01 +01:00
Mathieu Fenniak	c78a4198b1	fix: recreate-tables doesn't work on PostgreSQL with multiple Forgejo schemas (#10854) ... Discovered while trying to reproduce #10848 -- when using `forgejo doctor recreate-tables` against a PostgreSQL database with multiple Forgejo schemas in it, it fails. The reason is that when querying for index and sequence information, it begins to get information from the other schemas. ``` 2026/01/15 15:19:15 ...3.6.1/command_run.go:288:run() [I] PING DATABASE postgresschema 2026/01/15 15:19:15 ...igrations/base/db.go:51:func2() [I] Creating temp table: tmp_recreate__external_login_user for Bean: ExternalLoginUser 2026/01/15 15:19:15 ...igrations/base/db.go:108:func2() [I] Copying table external_login_user to temp table tmp_recreate__external_login_user 2026/01/15 15:19:15 ...igrations/base/db.go:120:func2() [I] Dropping existing table external_login_user, and renaming temp table tmp_recreate__external_login_user in its place 2026/01/15 15:19:15 cmd/doctor.go:216:func1() [E] [Error SQL Query] ALTER INDEX "external_login_user_pkey" RENAME TO "external_login_user_pkey" [] - ERROR: relation "external_login_user_pkey" does not exist (SQLSTATE 42P01) 2026/01/15 15:19:15 ...igrations/base/db.go:404:renameTable() [E] Unable to rename external_login_user_pkey to external_login_user_pkey. Error: ERROR: relation "external_login_user_pkey" does not exist (SQLSTATE 42P01) Command error: migrate: ERROR: relation "external_login_user_pkey" does not exist (SQLSTATE 42P01) ``` This is a very niche use-case that is likely to only affect a developer using PostgreSQL and popping back to older releases often enough to keep them around in different DB schemas. I don't think it's worth an automated test, which would require creating a secondary DB schema in a specific migration test. Manually tested on my dev environment. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10854 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2026-01-16 10:53:19 +01:00
Mario Minardi	c84cbd56a1	feat: add OIDC workload identity federation support (#10481) ... Add support for OIDC workload identity federation. Add ID_TOKEN_SIGNING_ALGORITHM, ID_TOKEN_SIGNING_PRIVATE_KEY_FILE, and ID_TOKEN_EXPIRATION_TIME settings to settings.actions to allow for admin configuration of this functionality. Add OIDC endpoints (/.well-known/openid-configuration and /.well-known/keys) underneath the "/api/actions" route. Add a token generation endpoint (/_apis/pipelines/workflows/{run_id}/idtoken) underneath the "/api/actions" route. Depends on: https://code.forgejo.org/forgejo/runner/pulls/1232 Docs PR: https://codeberg.org/forgejo/docs/pulls/1667 Signed-off-by: Mario Minardi <mminardi@shaw.ca> ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [ ] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [ ] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10481 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Mario Minardi <mminardi@shaw.ca> Co-committed-by: Mario Minardi <mminardi@shaw.ca>	2026-01-15 03:39:00 +01:00
limiting-factor	a71392c6aa	chore: update gof3/v3 v3.11.15 (#10673) ... Update the Forgejo driver for gof3 with modifications for non-backward compatible changes. The changes are isolated behind the f3.Enable flag and not yet functional. The purpose of this upgrade is to not drift from the gof3 implementation while the work continues. The `fix: include remote users when counting users` commit is a functional change to Forgejo itself but does not change the behavior because the remote users are only created in fixtures or by F3. 59c721d26b/models/user/user.go (L65-L66) Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10673 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: limiting-factor <limiting-factor@posteo.com> Co-committed-by: limiting-factor <limiting-factor@posteo.com>	2026-01-13 16:59:56 +01:00
Mathieu Fenniak	0eb0179c1a	feat: add foreign keys to the action_runner_token table (#10756) ... In support of adding foreign keys to the `action_runner_token` table, this PR also had to: - Add detection and error if a table with "soft delete" is used with a foreign key, because it causes a tricky to track down foreign key violation - Remove unused xorm "soft delete" capability on the `action_runner_token` table - Change the `RepoID` and `OwnerID` fields to use the value `NULL` to indicate that this scope wasn't valid for the token, rather than the value `0` ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10756 Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2026-01-12 21:59:40 +01:00
Έλλεν Εμίλια Άννα Zscheile	4fd275116d	feat: teach lint-locale-usage about ObjectVerification.Reason (#10755) ... Add special parsing to handle the keys found in the `Reason` field of `ObjectVerification` structs. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10755 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Έλλεν Εμίλια Άννα Zscheile <fogti+devel@ytrizja.de> Co-committed-by: Έλλεν Εμίλια Άννα Zscheile <fogti+devel@ytrizja.de>	2026-01-11 09:40:49 +01:00
Mathieu Fenniak	270317a3ad	fix: add forgejo doctor cleanup-commit-status command (#10686) ... ``` NAME: forgejo doctor cleanup-commit-status - Cleanup extra records in commit_status table USAGE: forgejo doctor cleanup-commit-status DESCRIPTION: Forgejo suffered from a bug which caused the creation of more entries in the "commit_status" table than necessary. This operation removes the redundant data caused by the bug. Removing this data is almost always safe. These reundant records can be accessed by users through the API, making it possible, but unlikely, that removing it could have an impact to integrating services (API: /repos/{owner}/{repo}/commits/{ref}/statuses). It is safe to run while Forgejo is online. On very large Forgejo instances, the performance of operation will improve if the buffer-size option is used with large values. Approximately 130 MB of memory is required for every 100,000 records in the buffer. Bug reference: https://codeberg.org/forgejo/forgejo/issues/10671 OPTIONS: --help, -h show help --custom-path string, -C string Set custom path (defaults to '{WorkPath}/custom') --config string, -c string Set custom config file (defaults to '{WorkPath}/custom/conf/app.ini') --work-path string, -w string Set Forgejo's working path (defaults to the directory of the Forgejo binary) --verbose, -V Show process details --dry-run Report statistics from the operation but do not modify the database --buffer-size int Record count per query while iterating records; larger values are typically faster but use more memory (default: 100000) --delete-chunk-size int Number of records to delete per DELETE query (default: 1000) ``` The cleanup effectively performs `SELECT * FROM commit_status ORDER BY repo_id, sha, context, index, id`, and iterates through the records. Whenever `index, id` changes without the other fields changing, then it's a useless record that can be deleted. The major complication is doing that at scale without bringing the entire database table into memory, which is performed through a new iteration method `IterateByKeyset`. Manually tested against a 455,303 record table in PostgreSQL, MySQL, and SQLite, which was reduced to 10,781 records, dropping 97.5% of the records. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10686 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2026-01-10 23:15:21 +01:00
Gusted	e559a5fe6c	fix: use correct GPG key for export ... `GPGKeyToEntity` incorrectly assumed that within a keyring with multiple keys that the first key is verified and should be exported. Look at all keys and find the one that matches the verified key ID.	2026-01-06 09:58:20 -07:00
Mathieu Fenniak	f7442ac4c7	fix: hide user profile anonymous options on public repo APIs	2026-01-06 09:58:20 -07:00
luisadame	d8501b42fc	fix: don't display pending reviews as participants (#10528) ... Fixes #10155 When participants are displayed, don't include those that only have made a pending review. Those should not yet be revealed as participants. Apart from adding automated tests, this is the manual verification process I've followed: 1. Set up three users 2. User 1 creates a repository, then creates a pull request adding a new file 3. User 2 creates a new code comment but doesn't not publish the review, shows as pending. 4. User 3 creates a new code comment and publishes the review. 5. From everyone's perspective the number of participants is: 2. And, the participants displayed in the list are 1 and 3. User 2, which hasn't yet published the review is not displayed. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10528 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: luisadame <luisadame@noreply.codeberg.org> Co-committed-by: luisadame <luisadame@noreply.codeberg.org>	2026-01-06 10:47:21 +01:00
Mathieu Fenniak	9d6ae1471e	fix: re-running an expanded reusable workflow causes duplicate "attempt 1" job (#10666) ... Placeholder tasks, which are used to store the outputs of a reusable workflow, were hard coded to always have attempt 1. If you executed "Re-run all jobs" with a reusable workflow, a second placeholder task would be created with the same attempt, which caused: (a) Forgejo to not know which attempt, and therefore which outputs, were valid, and (b) the UI to be stuck in "You are viewing an out-of-date run of this job..." when viewing the job. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [x] I do not want this change to show in the release notes. - [ ] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10666 Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2026-01-02 15:26:11 +01:00
limiting-factor	2faaa4c5b4	chore: move all test blank imports in a single package (#10662) ... - Create `modules/testimport/import.go` to centralize blank import needed for tests (in order to run the `init` function) to simplify maintenance. - Remove the imports that are not needed. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10662 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: limiting-factor <limiting-factor@posteo.com> Co-committed-by: limiting-factor <limiting-factor@posteo.com>	2026-01-02 05:32:32 +01:00
Mathieu Fenniak	75cb38faa6	feat: support reusable workflow expansion when with or strategy.matrix contains ${{ needs... }} (#10647) ... This change allows the `with:` field of a reusable workflow to reference a previous job, such as `with: { some-input: "${{ needs.other-job.outputs.other-output }}" }`. `strategy.matrix` can also reference `${{ needs... }}`. When a job is parsed and encounters this situation, the outer job of the workflow is marked with a field `incomplete_with` (or `incomplete_matrix`), indicating to Forgejo that it can't be executed as-is and the other jobs in its `needs` list need to be completed first. And then in `job_emitter.go` when one job is completed, it checks if other jobs had a `needs` reference to it and unblocks those jobs -- but if they're marked with `incomplete_with` then they can be sent back through the job parser, with the now-available job outputs, to be expanded into the correct definition of the job. The core functionality for this already exists to allow `runs-on` and `strategy.matrix` to reference the outputs of other jobs, but it is expanded upon here to include `with` for reusable workflows. There is one known defect in this implementation, but it has a limited scope -- if this code path is used to expand a nested reusable workflow, then the `${{ input.... }}` context will be incorrect. This will require an update to the jobparser in runner version 12.4.0, and so it is out-of-scope of this PR. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). - **end-to-end test:** will require the noted "known defect" to be resolved, but tests are authored at https://code.forgejo.org/forgejo/end-to-end/compare/main...mfenniak:expand-reusable-workflows-needs ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10647 Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2025-12-31 19:04:35 +01:00
Mathieu Fenniak	9b2f7c557b	feat: support jobs.<job_id>.secrets with reusable workflow expansion (#10627) ... Follow-up to #10525; adds support for `jobs.<job_id>.secrets` to expanded reusable workflows (when no `runs-on` is specified in a job that `uses: ...` another workflow). ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). - **end-to-end testing**: [prepared, PR n](https://code.forgejo.org/forgejo/end-to-end/pulls/1351) ### Documentation - [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [ ] Doc to be created - [ ] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10627 Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2025-12-30 17:33:21 +01:00
Mathieu Fenniak	f7d2f51bf7	feat: support workflow inputs on expanded reusable workflows (#10614) ... Follow-up to #10525; adds support for `on.workflow_call.inputs` to expanded reusable workflows (when no `runs-on` is specified in a job that `uses: ...` another workflow). The majority of the work for this is done by the `jobparser` library which evaluates inputs automatically when the job is being parsed and stores those inputs on the expanded jobs as the "default" value in `on.workflow_call.inputs`. Forgejo's role here is just to to ensure that `forgejo.event_name` is set to `"workflow_call"` when a job is dispatched, which causes the runner to use the inputs that are stored -- 34c20aa50f/act/runner/expression.go (L452-L467). ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). - **end-to-end testing**: https://code.forgejo.org/forgejo/end-to-end/pulls/1323 ### Documentation - [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - https://codeberg.org/forgejo/docs/pulls/1664 - [ ] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Features - [PR](https://codeberg.org/forgejo/forgejo/pulls/10614): <!--number 10614 --><!--line 0 --><!--description c3VwcG9ydCB3b3JrZmxvdyBpbnB1dHMgb24gZXhwYW5kZWQgcmV1c2FibGUgd29ya2Zsb3dz-->support workflow inputs on expanded reusable workflows<!--description--> <!--end release-notes-assistant--> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10614 Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2025-12-29 15:37:44 +01:00
Mathieu Fenniak	81cce58a48	migration: update existing foreign key migrations to automatically fix inconsistencies (#10568) ... Changes foreign key database inconsistency handling so that inconsistent records are automatically deleted with an administrator warning during migration. As noted in discussion: https://codeberg.org/forgejo/discussions/issues/385#issuecomment-9175566 Intended for backport to v14 to eliminate pain during upgrades. Because these migrations are now deleting data, rather than allowing the administrator to do it, all migrations have been covered with an integration test that verifies expected data is deleted. This is particularly interesting with nullable fields. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10568 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2025-12-29 02:50:20 +01:00
Mathieu Fenniak	fb35abb7e1	feat: support workflow outputs on expanded reusable workflows (#10578) ... Follow-up to #10525; adds support for `on.workflow_call.outputs` to expanded reusable workflows (when no `runs-on` is specified on a job that `uses: ...` another workflow). When all the inner jobs of a workflow call complete, `on.workflow_call.outputs` is evaluated and the related outputs are stored on the outer job's `ActionTask`. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). - **end-to-end testing**: https://code.forgejo.org/forgejo/end-to-end/pulls/1322 ### Documentation - [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - https://codeberg.org/forgejo/docs/pulls/1661 - [ ] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Features - [PR](https://codeberg.org/forgejo/forgejo/pulls/10578): <!--number 10578 --><!--line 0 --><!--description c3VwcG9ydCB3b3JrZmxvdyBvdXRwdXRzIG9uIGV4cGFuZGVkIHJldXNhYmxlIHdvcmtmbG93cw==-->support workflow outputs on expanded reusable workflows<!--description--> <!--end release-notes-assistant--> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10578 Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2025-12-28 20:05:13 +01:00
Mathieu Fenniak	663acf102a	fix: ListTrackedTimes API has no defined record ordering (#10588) ... API call `GET /repos/{owner}/{repo}/issues/{index}/times` has no defined ordering implemented in it, causing PostgreSQL to have intermittent test failures on `TestAPIGetTrackedTimes` which expected records to be returned in ID order. ID order is reasonable enough, so this PR adds that ordering. Fixes #10577. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10588 Reviewed-by: Cyborus <cyborus@disroot.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2025-12-26 20:03:12 +01:00
Mathieu Fenniak	71623b1ab1	feat: expand reusable workflow calls into their inner jobs (#10525) ... Previously, Forgejo's behaviour for an Actions reusable workflow was to send the entire job to one specific Forgejo Runner based upon its required `runs-on` label, and that single Runner would then read the workflow file and perform all the jobs inside simultaneously, merging their log output into one output (#9768). This PR begins an implementation of expanding reusable workflows into their internal jobs. In this PR, the most basic support is implemented for expanding reusable workflows: - If a `runs-on` field is provided on the workflow, then the legacy behaviour of sending the reusable workflow to a runner is maintained. - If the `runs-on` field is omitted, then the job may be expanded, if: - If the `uses:` is a local path within the repo -- expanded - If the `uses:` is a path to another repo that is on the same Forgejo server -- expanded - If the `uses:` is a fully-qualified URL -- not expanded Because this is an "opt-in" implementation by omitting `runs-on`, and all existing capability is retained, I've **omitted some features** from this PR to make the scope small and manageable for review and testing. These features will be implemented after the initial support is landed: - Workflow input variables - Workflow secrets - Workflow output variables - "Incomplete" workflows which require multiple passes to evaluate -- any job within a reusable workflow where the `with`, `runs-on`, or `strategy.matrix` fields contain an output from another job with `${{ needs... }}` Although this implementation has restrictions with missing features, it is intended to fix #9768. Replaces PR #10448. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). - end-to-end testing: https://code.forgejo.org/forgejo/end-to-end/pulls/1316 ### Documentation - [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - https://codeberg.org/forgejo/docs/pulls/1648 - [ ] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10525 Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2025-12-24 20:47:21 +01:00
Gusted	4e83f85b75	feat: use keying for webhook secrets (#10059) ... - Follow up of forgejo/forgejo!5041, forgejo/forgejo!6074, forgejo/forgejo!8692, forgejo/forgejo!9923 - The `webhook` table contains a encrypted header authorization. - Use `keying` to safely store this secret and bound them to the table, column and row id - The migration isn't spectacular but does closely follow what we learned in the previous three migrations: use a transaction and delete records when you can't decrypt them. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10059 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-12-22 15:51:37 +01:00
BtbN	fa230a1964	fix: always search for issue posters by user and full name (#10394) ... Previously searching for posters would use full name or username depending on the `[ui].DEFAULT_SHOW_FULL_NAME` setting, now it searches for both of them regardless of the setting. This also a fixes a bug when `[ui].DEFAULT_SHOW_FULL_NAME=true` that users without a full name where not able to searched for. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10394 Reviewed-by: Beowulf <beowulf@beocode.eu> Co-authored-by: BtbN <btbn@btbn.de> Co-committed-by: BtbN <btbn@btbn.de>	2025-12-22 12:59:37 +01:00
Beowulf	81baf75636	feat(ui): show cancel button until all jobs are finished (#9261) ... Change that the Cancel button is shown until all jobs are finished and do not hide it, when the first job failed. Additionally the wrapping of the header was changed. | Before | After | | :--: | :----: | |  |  | Fixes #8922 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9261 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org> Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Beowulf <beowulf@beocode.eu> Co-committed-by: Beowulf <beowulf@beocode.eu>	2025-12-21 17:09:22 +01:00
Andreas Ahlenstorf	0e6f9439ee	chore: increase test coverage of runner management (#10490) ... Ensures that admins, users, etc. see the runners they are allowed to see. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10490 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch> Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>	2025-12-20 15:29:40 +01:00
Andreas Ahlenstorf	af1eda733c	feat(actions): make GITHUB_WORKFLOW_REF available (#10276) ... Make the variable `GITHUB_WORKFLOW_REF` available in Forgejo Action workflows. It is the ref path to the workflow and looks like `testowner/testrepo/.forgejo/workflows/test-workflow.yaml@refs/heads/main` ([GitHub documentation](https://docs.github.com/en/actions/reference/workflows-and-actions/variables)). GitHub Actions like [gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) rely on its presence. See https://code.forgejo.org/forgejo/forgejo-actions-feature-requests/issues/56 for additional details. `GITHUB_WORKFLOW_REF` cannot be generated easily during an action run. Either the path to workflow file has to be hardcoded or inferred by replicating the logic Forgejo uses to determine it. That is further complicated by the fact that Forgejo supports multiple search paths, namely `.forgejo/workflows`, `.gitea/workflows`, and `.github/workflows`. It is also the reason that the workflow directory is now stored in the database alongside the name of the workflow file. Partial implementation is required in Forgejo Runner, see https://code.forgejo.org/forgejo/runner/pulls/1197. Example workflow: ```yaml on: push: workflow_dispatch: schedule: - cron: "* * * * *" jobs: test: runs-on: ubuntu-latest steps: - run: | echo "FORGEJO_WORKFLOW_REF=$FORGEJO_WORKFLOW_REF" echo "GITHUB_WORKFLOW_REF=$GITHUB_WORKFLOW_REF" echo "forgejo.workflow_ref=${{ forgejo.workflow_ref }}" echo "github.workflow_ref=${{ github.workflow_ref }}" ``` ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [ ] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [ ] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10276 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch> Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>	2025-12-17 23:15:26 +01:00
0ko	1ef5496055	feat: use AppDomain for key verification (#10429) ... Fixes #10416 Followup to a hardcoded string in [gitea#17743](https://github.com/go-gitea/gitea/pull/17743) * instead of using a hardcoded namespace, use the configured application domain * `ssh-keygen` refuses to work with empty namespace, but `Domain` falls back to `localhost`: 95dca7ff57/modules/setting/server.go (L192) * since `VerifySSHKey` verifies the namespace, I think that using a mostly-unique string instead of a hardcoded one doesn't hurt. Here's what `man ssh-keygen` says on the topic: > An additional signature namespace, used to prevent signature confusion across different domains of use (e.g. file signing vs email signing) must be provided via the -n flag. Namespaces are arbitrary strings, and may include: “file” for file signing, “email” for email signing. For custom uses, it is recommended to use names following a NAMESPACE@YOUR.DOMAIN pattern to generate unambiguous namespaces. ## Testing There's a test `TestFromOpenSSH` but it uses a hardcoded default namespace `file`: 95dca7ff57/models/asymkey/ssh_key_test.go (L334) Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10429 Reviewed-by: Beowulf <beowulf@beocode.eu> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: 0ko <0ko@noreply.codeberg.org> Co-committed-by: 0ko <0ko@noreply.codeberg.org>	2025-12-17 17:01:14 +01:00
famfo	e7f5c492f3	fix(user): set ActivityPub users to ProhibitLogin (#10434) ... * sets all cached ActivityPub users to ProhibitLogin * creates a new UserType to uniquely identify users from ActivityPub This has the side effect that ActivityPub users will no longer be listed in the admin view. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10434 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: famfo <famfo@famfo.xyz> Co-committed-by: famfo <famfo@famfo.xyz>	2025-12-17 15:38:32 +01:00
Nikita Karamov	a22e5f86c6	fix: Allow SHA-256 in PR commit URLs (#10309) ... Closes #9129. I decided to try myself in contributing to Forgejo after having found this bug mentioned on Fedi. I have also added a basic test for this behaviour, but this means that this PR adds a SHA-256 repo to the fixture set, so it can be reused in other tests. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10309 Reviewed-by: Lucas <sclu1034@noreply.codeberg.org> Reviewed-by: 0ko <0ko@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Nikita Karamov <me@kytta.dev> Co-committed-by: Nikita Karamov <me@kytta.dev>	2025-12-16 00:45:00 +01:00
Michael Jerger	9cff7ebde5	log instrumentation & test package (#10371) ... This PR is part of #4767. It contains * add log to federation services * separat test package for test (fix dependency cycles) Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10371 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de> Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>	2025-12-09 15:37:50 +01:00
floss4good	590104b5ca	feat: render a link to poster profile next to the ID within shadow copy details (#10194) ... Closes #10078 and includes another small improvement (for comments and issues/PRs the title from report/s details page already included the poster name; now it will clickable, opening the poster profile page). Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10194 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: floss4good <floss4good@disroot.org> Co-committed-by: floss4good <floss4good@disroot.org>	2025-12-09 15:19:10 +01:00
nachtjasmin	70166de15a	chore(lint): Add exceptions for dbfs_model and unittest (#10275) ... Thanks a lot to @floss4good who pointed this out in the comments of #10253! Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10275 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Reviewed-by: floss4good <floss4good@noreply.codeberg.org> Co-authored-by: nachtjasmin <nachtjasmin@posteo.de> Co-committed-by: nachtjasmin <nachtjasmin@posteo.de>	2025-12-09 14:34:06 +01:00
Andreas Ahlenstorf	ff4038970d	fix: display action run attempt status instead of job status (#10321) ... On the page displaying the logs of an action run attempt, the header directly above the logs always showed the status of the job. That resulted in the wrong status being displayed for previous run attempts. Fixes https://codeberg.org/forgejo/forgejo/issues/10236.  ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [x] in `web_src/js/*.test.js` if it can be unit tested. - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [ ] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [ ] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/10321): <!--number 10321 --><!--line 0 --><!--description ZGlzcGxheSBhY3Rpb24gcnVuIGF0dGVtcHQgc3RhdHVzIGluc3RlYWQgb2Ygam9iIHN0YXR1cw==-->display action run attempt status instead of job status<!--description--> <!--end release-notes-assistant--> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10321 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch> Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>	2025-12-07 15:10:47 +01:00
Mathieu Fenniak	ffbd500600	feat(actions): support referencing ${{ needs... }} variables in runs-on (#10308) ... Allows referencing the outputs of previously executed jobs in the `runs-on` field directly by a `${{ needs.some-job.outputs.some-output }}`, and also *indirectly* through the job's `strategy.matrix`. At its most complicated, supports a workflow with dynamic matrices like this: ```yaml jobs: define-matrix: runs-on: docker outputs: array-value: ${{ steps.define.outputs.array }} steps: - id: define run: | echo 'array=["debian-bookworm", "debian-trixie"]' >> "$FORGEJO_OUTPUT" runs-on-dynamic-matrix: needs: define-matrix strategy: matrix: my-runners: ${{ fromJSON(needs.define-matrix.outputs.array-value) }} runs-on: ${{ matrix.my-runners }} steps: - run: uname -a ``` ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. - Documentation already (incorrectly) states that `jobs.<job-id>.runs-on` can access the `needs` context. 😛 https://forgejo.org/docs/latest/user/actions/reference/#availability ### Release notes - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Features - [PR](https://codeberg.org/forgejo/forgejo/pulls/10308): <!--number 10308 --><!--line 0 --><!--description ZmVhdChhY3Rpb25zKTogc3VwcG9ydCByZWZlcmVuY2luZyBgJHt7IG5lZWRzLi4uIH19YCB2YXJpYWJsZXMgaW4gYHJ1bnMtb25g-->feat(actions): support referencing `${{ needs... }}` variables in `runs-on`<!--description--> <!--end release-notes-assistant--> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10308 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2025-12-05 18:14:43 +01:00
Mathieu Fenniak	0ecc6ef632	fix(actions): improve errors when ${{ needs... }} is used in strategy.matrix incorrectly (#10298) ... Three fixes are presented together in this PR: - When a `strategy.matrix` entry in an Action job contains `${{ needs.some-job.outputs.some-output }}`, if that output *never* becomes available, different error messages will be presented if `some-job` isn't found or if `some-output` isn't found. This clarifies an error message that was previously "it could be this, or it could be this". - In the error case described in the previous point, other jobs in the workflow could continue running or could be left "blocked" forever. A centralized `FailRunPreExecutionError` function ensures that all incomplete jobs in the run are failed in this case. - In a rare error case when a job referenced another job in `strategy.matrix` but no other jobs were defined in the workflow, the job would be marked as blocked forever because the `job_emitter` code would never be invoked to detect this case. A new `consistencyCheckRun` function for a newly created `ActionRun` adds a location to perform a pre-execution check for this case so that the run can be failed. These fixes are all interconnected around the refactor for the `FailRunPreExecutionError`, causing them to be bundled rather than individual PRs. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [x] I do not want this change to show in the release notes. - These are fixes to an unreleased feature and don't require release notes. - [ ] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10298 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2025-12-05 17:17:37 +01:00
floss4good	d5fa12ded1	feat: add admin moderation actions for abuse reports and for reported abusive content (#8716) ... - Implementation of milestone 6. from **Task F. Moderation features: Reporting** (part of [amendment of the workplan](https://codeberg.org/forgejo/sustainability/src/branch/main/2022-12-01-nlnet/2025-02-07-extended-workplan.md#task-f-moderation-features-reporting) for NLnet 2022-12-035): `6. Forgejo admins can perform common actions on the listed reports (content deletion, locking of user account)` --- Follow-up of !7905 (and !6977) --- This adds some action buttons within the _Moderation reports_ section (/admin/moderation/reports) within the _Site administration_ page, so that administrators can: - mark a report as Handled or as Ignored (without performing any action on the reported content); - mark a user account as suspended (set `prohibit_login` = true); - delete (and purge) a user / organization and mark the linked reports as Handled; - delete a repository and mark the linked reports as Handled; - delete an issue / pull request and mark the linked reports as Handled; - delete a comment and mark the linked reports as Handled; The buttons were added on the sight side of each report from the overview, below the existing counter (that show how many times the content was reported and opens the details page). Only the buttons for updating the status of the report are directly visible - as `✓` and `✗` icons with some tooltips - while the content actions are hidden under a `⋯` dropdown. The implementation was done using HTMX so that the page is not refreshed after each action. Some discussions regarding the UI/UX started with https://codeberg.org/forgejo/design/issues/30#issuecomment-5958634 ### Manual testing - First make sure that moderation in enabled ([moderation] ENABLED config is set as true within app.ini). - Report multiple users, organizations, repositories, issues, pull requests and comments. - Go to _Moderation reports_ overview section section and make sure the buttons are visible; - The `✓` and `✗` should be available for each shown report; - The horizontal dropdown menu (`⋯`) should not be visible for reports linked to already deleted content. - The actions available within the dropdown menu should correspond to the reported content type (e.g. 'Suspend account' and 'Delete account' for users/organizations, 'Delete repository' for repositories, etc.). - When an action is successful a flash message should be displayed above the overview. - Warnings should be displayed (as flash messages) when trying to suspend or delete your account (in case someone reported you) or an organization. - An info (flash message) should be displayed when trying to suspend a user that is already suspended. - Mark a report as Handled / Ignored and observe that a success flash message confirms the action and the report is removed from the list without reloading the page; - Refresh the page to make sure the report will not be loaded again (also check in the DB that the status was updated and the resolved timestamp is correctly set). - Suspend a user account and make sure the report remains in the list (it is not resolved); - Make sure the above user gets the 'Suspended account' notice after login. - Delete a user account and observe that a success flash message confirms the action and the report is removed from the list without reloading the page; - Make sure that all owned organizations and repositories as well as all the issues, PRs and comments posted in other repositories were deleted; - Make sure the linked abuse reports are marked as Handled (and resolved timestamp is set). - Delete an organization and make sure that owned repositories were also deleted. - Similarly, delete a repository / issue / PR / comment and check that the contents are not available any more and the linked reports are resolved. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8716 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: floss4good <floss4good@disroot.org> Co-committed-by: floss4good <floss4good@disroot.org>	2025-12-03 20:07:32 +01:00
thezzisu	e31d67e0aa	feat: allow sync quota groups with oauth2 auth source (#8554) ... Implements synchronizing an external user's quota group with provided OAuth2 claim. This functionality will allow system administrators to manage user's quota groups automatically. Documentation is at forgejo/docs#1337 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8554 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: thezzisu <thezzisu@gmail.com> Co-committed-by: thezzisu <thezzisu@gmail.com>	2025-12-01 14:12:00 +01:00
pat-s	c39a4368af	refactor: migrate from lib/pq to jackc/pgx (#10219) ... This PR migrates the unmaintaiend `lib/pq` library to `jackc/pgx`, which is the de-facto standard lib in go for postgres connections these days. Some implementation notes: We register both `pgx` and `postgresschema` driver names (for backward comp). We can't register `postgres` as this one is still used by `lib/pq` imported by `go-chi/session`, which is in use when users go for the "postgres" session type in the "Session config. It is questionable if anyone is really using the "postgres" driver option in the session config - but for consistency, it would be good to also migrate to `pgx` there, especially as the code lives within Forgejo under [go-chi/session](https://code.forgejo.org/go-chi/session). `pgx` supports multi-host notation in the connection string. New tests have been added therefore. `pgx` also allows for connection string parameters such as `?default_query_exec_mode=simple_protocol`. This should possibly allow running with `pgbouncer` "transaction" mode instead of "session", which could substantially enhance Postgres query handling. ## Checklist ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10219 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: pat-s <patrick.schratz@gmail.com> Co-committed-by: pat-s <patrick.schratz@gmail.com>	2025-11-30 17:47:45 +01:00
nachtjasmin	8ee4a7d658	chore: ensure consistent import aliasing for services and models (#10253) ... To make sure that the code stays maintainable, I added the `importas` linter to ensure that the imports for models and services stay consistent. I realised that this might be needed after finding some discrepancies between singular/plural naming, and, especially in the case of the `forgejo.org/services/context` package, multiple different aliases like `gitea_ctx`, `app_context` and `forgejo_context`. I decided for `app_context`, as that seems to be the most commonly used naming. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10253 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: nachtjasmin <nachtjasmin@posteo.de> Co-committed-by: nachtjasmin <nachtjasmin@posteo.de>	2025-11-30 17:00:57 +01:00
Mathieu Fenniak	993da59ad4	i18n: translate Actions PreExecutionError for viewer (#10267) ... Identified in code review https://codeberg.org/forgejo/forgejo/pulls/10244#issuecomment-8576643, the `PreExecutionError` field in `ActionRun` isn't well implemented as it translates the error at action runtime rather than later when the action is viewed in the UI. This PR adds an error code and error details column that can be more correctly translated. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10267 Reviewed-by: 0ko <0ko@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2025-11-30 13:16:41 +01:00
Gusted	d1cef852ee	feat: rework notification table (#9926) ... This change is motivated by 5e300a2a87 - Drop the `updated_by` and `commit_id` column, they are unused and have a index for no reason. - Drop the index on `status` and `created_unix` and make a index on `(user_id, status)`. ## Test 1. Run migration. 2. Confirm the migration succeeds. 3. Check that `notification` table has the correct indexes. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9926 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-11-29 23:03:56 +01:00
Mathieu Fenniak	482ba3a4e5	feat(actions): support referencing ${{ needs... }} variables in strategy.matrix (#10244) ... https://code.forgejo.org/forgejo/forgejo-actions-feature-requests/issues/71 requires partial implementation in runner, and partial in Forgejo; this is the Forgejo implementation. Allows for the definition of dynamic job matrixes in Forgejo Actions, where an earlier job provides and output that is used in `strategy.matrix` for a later job that requires it. For example, adapted from the GitHub Actions example for this feature: ```yaml name: shared matrix on: push: workflow_dispatch: jobs: define-matrix: runs-on: docker outputs: colors: ${{ steps.colors.outputs.colors }} steps: - name: Define Colors id: colors run: | echo 'colors=["red", "green", "blue"]' >> "$GITHUB_OUTPUT" produce-artifacts: runs-on: docker needs: define-matrix strategy: matrix: color: ${{ fromJSON(needs.define-matrix.outputs.colors) }} steps: - name: Define Color env: color: ${{ matrix.color }} run: | echo "$color" > color - name: Produce Artifact uses: https://data.forgejo.org/forgejo/upload-artifact@v4 with: name: ${{ matrix.color }} path: color consume-artifacts: runs-on: docker needs: - define-matrix - produce-artifacts strategy: matrix: color: ${{ fromJSON(needs.define-matrix.outputs.colors) }} steps: - name: Retrieve Artifact uses: https://data.forgejo.org/forgejo/download-artifact@v4 with: name: ${{ matrix.color }} - name: Report Color run: | cat color ``` ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - https://codeberg.org/forgejo/docs/pulls/1607 - [ ] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Features - [PR](https://codeberg.org/forgejo/forgejo/pulls/10244): <!--number 10244 --><!--line 0 --><!--description ZmVhdChhY3Rpb25zKTogc3VwcG9ydCByZWZlcmVuY2luZyAke3sgbmVlZHMuLi4gfX0gdmFyaWFibGVzIGluIGBzdHJhdGVneS5tYXRyaXhg-->feat(actions): support referencing ${{ needs... }} variables in `strategy.matrix`<!--description--> <!--end release-notes-assistant--> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10244 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2025-11-29 17:49:04 +01:00
Renovate Bot	d2bde42347	Update module code.forgejo.org/forgejo/runner/v11 to v12 (forgejo) (#10213) ... This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [code.forgejo.org/forgejo/runner/v11](https://code.forgejo.org/forgejo/runner) | `v11.3.1` -> `v12.0.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>forgejo/runner (code.forgejo.org/forgejo/runner/v11)</summary> ### [`v12.0.1`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.0.1) [Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.0.0...v12.0.1) - [User guide](https://forgejo.org/docs/next/user/actions/overview/) - [Administrator guide](https://forgejo.org/docs/next/admin/actions/) - [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions) Release Notes *** <!--start release-notes-assistant--> <!--URL:https://code.forgejo.org/forgejo/runner--> - bug fixes - [PR](https://code.forgejo.org/forgejo/runner/pulls/1175): <!--number 1175 --><!--line 0 --><!--description Zml4OiAnZmFpbGVkIHRvIHJlYWQgYWN0aW9uJyBlcnJvcnMgd2hlbiB1c2luZyByZWxhdGl2ZSB3b3JrZGlyX3BhcmVudA==-->fix: 'failed to read action' errors when using relative workdir\_parent<!--description--> - other - [PR](https://code.forgejo.org/forgejo/runner/pulls/1176): <!--number 1176 --><!--line 0 --><!--description Y2hvcmU6IGJ1bXAgdmVyc2lvbiB0byB2MTI=-->chore: bump version to v12<!--description--> <!--end release-notes-assistant--> ### [`v12.0.0`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.0.0) [Compare Source](https://code.forgejo.org/forgejo/runner/compare/v11.3.1...v12.0.0) - [User guide](https://forgejo.org/docs/next/user/actions/overview/) - [Administrator guide](https://forgejo.org/docs/next/admin/actions/) - [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions) Release Notes **Breaking change:** This release is a major version bump due to a system requirement change, requiring a git installation. This requirement is included in the OCI containers, but may require the installation of a supported package, or packaging changes from redistributors of Forgejo Runner. Access to a `git` binary is now required to access reusable actions and workflows, such as `use: action/checkout@v5` -- before this release, access was performed using an internal library that avoided an external dependency. [PR](https://code.forgejo.org/forgejo/runner/pulls/1162) *** <!--start release-notes-assistant--> <!--URL:https://code.forgejo.org/forgejo/runner--> - features - [PR](https://code.forgejo.org/forgejo/runner/pulls/1173): <!--number 1173 --><!--line 0 --><!--description ZmVhdDogYWRkIGNvbmZpZyB2YWx1ZXMgdG8gb3ZlcnJpZGUgdGFzayBmaW5hbGl6YXRpb24gcmV0cnk=-->feat: add config values to override task finalization retry<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1160): <!--number 1160 --><!--line 0 --><!--description ZmVhdDogc2tpcCBmZXRjaGluZyByZW1vdGUgYWN0aW9uIHJlcG8gd2hlbiB1c2luZyBmdWxsIHNoYSBhbHJlYWR5IGZldGNoZWQ=-->feat: skip fetching remote action repo when using full sha already fetched<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1162): <!--number 1162 --><!--line 0 --><!--description ZmVhdDogdXNlIGdpdCB3b3JrIHRyZWVzIGZvciByZW1vdGUgZ2l0IGFjdGlvbnMgJiB3b3JrZmxvd3M=-->feat: use git work trees for remote git actions & workflows<!--description--> - bug fixes - [PR](https://code.forgejo.org/forgejo/runner/pulls/1170): <!--number 1170 --><!--line 0 --><!--description Zml4OiBpbXByb3ZlIGxvZ2dpbmcgb24gZmluYWwgbG9nICYgc3RhdHVzIHRyYW5zbWlzc2lvbiBhbmQgcmV0cmllcw==-->fix: improve logging on final log & status transmission and retries<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1135): <!--number 1135 --><!--line 0 --><!--description Zml4OiBlbmFibGUgYnVpbGRpbmcgZm9yIG9wZW5ic2QsIGRyYWdvbmZseSwgYW5kIHNvbGFyaXMvaWxsdW1vcw==-->fix: enable building for openbsd, dragonfly, and solaris/illumos<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1136): <!--number 1136 --><!--line 0 --><!--description Zml4OiBpbml0aWFsaXplIHdvcmtmbG93LWxldmVsIGVudiBjb250ZXh0IGJlZm9yZSBzdGFydGluZyBqb2IgY29udGFpbmVy-->fix: initialize workflow-level env context before starting job container<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1137): <!--number 1137 --><!--line 0 --><!--description Zml4OiBhbGxvdyAnZW52JyBjb250ZXh0IGluIGpvYnMuPG5hbWU+Lmlm-->fix: allow 'env' context in jobs.<name>.if<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1145): <!--number 1145 --><!--line 0 --><!--description Zml4OiByZW1vdGUgcmV1c2FibGUgd29ya2Zsb3dzIGJ5IHJlbGF0aXZlIFVSTCB1c2UgZGVmYXVsdF9hY3Rpb25zX3VybA==-->fix: remote reusable workflows by relative URL use default\_actions\_url<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1156): <!--number 1156 --><!--line 0 --><!--description Zml4OiBVc2UgZ2l0IHJlc2V0IC0taGFyZCBpbnN0ZWFkIG9mIHB1bGwgYW5kIGNoZWNrb3V0IGZvciBhY3Rpb25z-->fix: Use git reset --hard instead of pull and checkout for actions<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1163): <!--number 1163 --><!--line 0 --><!--description Zml4OiBydW4gaW1hZ2VzIHdpdGggZXhwbGljaXQgcGxhdGZvcm0gdGFncywgZml4ZXMgcHVsbGVkIGltYWdlIGFyY2hpdGVjdHVyZSBtaXNtYXRjaA==-->fix: run images with explicit platform tags, fixes pulled image architecture mismatch<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1165): <!--number 1165 --><!--line 0 --><!--description Zml4OiBpbXByb3ZlIGxvZ2dpbmcgJiBkaXNwbGF5IG9mIGVycm9ycyBkdXJpbmcgd29ya2Zsb3cgZXZhbHVhdGlvbg==-->fix: improve logging & display of errors during workflow evaluation<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1171): <!--number 1171 --><!--line 0 --><!--description Zml4OiBlbnN1cmUgaHR0cC5DbGllbnQgYWx3YXlzIGhhcyBhIHRpbWVvdXQgZm9yIEZvcmdlam8gYWNjZXNz-->fix: ensure http.Client always has a timeout for Forgejo access<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1139): <!--number 1139 --><!--line 0 --><!--description Zml4OiBwYXNzIG9zIGFyZ3VtZW50IHRvIGBseGMtaGVscGVycy5zaGAgaGVscGVyIGZybSBgZm9yZ2Vqby1ydW5uZXItc2VydmljZS5zaGA=-->fix: pass os argument to `lxc-helpers.sh` helper frm `forgejo-runner-service.sh`<!--description--> - other - [PR](https://code.forgejo.org/forgejo/runner/pulls/1155): <!--number 1155 --><!--line 0 --><!--description dGVzdDogYWxsb3cgb3ZlcnJpZGluZyB0aGUgdGVzdCBEb2NrZXIgc29ja2V0IHVzaW5nIERPQ0tFUl9IT1NU-->test: allow overriding the test Docker socket using DOCKER\_HOST<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1152): <!--number 1152 --><!--line 0 --><!--description V2luZG93cyBjb21wYXRpYmlsaXR5IGZpeGVz-->Windows compatibility fixes<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1159): <!--number 1159 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSB1bnVzZWQgYW5kIGluY29tcGxldGUgQWN0aW9uQ2FjaGUgcmV3cml0ZQ==-->chore: remove unused and incomplete ActionCache rewrite<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1168): <!--number 1168 --><!--line 0 --><!--description VXBkYXRlIGdvbGFuZy5vcmcveC9jcnlwdG8gKGluZGlyZWN0KSB0byB2MC40NS4wIFtTRUNVUklUWV0=-->Update golang.org/x/crypto (indirect) to v0.45.0 \[SECURITY]<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1141): <!--number 1141 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2RvY2tlci9jbGkgdG8gdjI4LjUuMitpbmNvbXBhdGlibGU=-->Update module github.com/docker/cli to v28.5.2+incompatible<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1154): <!--number 1154 --><!--line 0 --><!--description VXBkYXRlIGdvbGFuZy5vcmcveC9jcnlwdG8gKGluZGlyZWN0KSB0byB2MC40My4wIFtTRUNVUklUWV0=-->Update golang.org/x/crypto (indirect) to v0.43.0 \[SECURITY]<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1149): <!--number 1149 --><!--line 0 --><!--description Y2koY2FzY2FkZS1mb3JnZWpvKTogdXNlIHRtcGZzIGZvciBidWlsZGluZyB0byBzcGVlZHVwIGNvbXBpbGF0aW9u-->ci(cascade-forgejo): use tmpfs for building to speedup compilation<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1148): <!--number 1148 --><!--line 0 --><!--description Y2hvcmUocmVub3ZhdGUpOiBhbGxvdyB1cGRhdGluZyBtb3JlIGZvcmdlam8tcnVubmVyLXNlcnZpY2UgZGVwcw==-->chore(renovate): allow updating more forgejo-runner-service deps<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1142): <!--number 1142 --><!--line 0 --><!--description Y2k6IGFsbG93IGdvIHRvIGRvd25sb2FkIHJlcXVpcmVkIHRvb2xjaGFpbiBmb3IgY2FzY2FkZQ==-->ci: allow go to download required toolchain for cascade<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1132): <!--number 1132 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWdvIGFjdGlvbiB0byB2Ng==-->Update <https://data.forgejo.org/actions/setup-go> action to v6<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1140): <!--number 1140 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjAuNQ==-->Update <https://data.forgejo.org/actions/setup-forgejo> action to v3.0.5<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1133): <!--number 1133 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9kb2NrZXIvYnVpbGQtcHVzaC1hY3Rpb24gYWN0aW9uIHRvIHY2-->Update <https://data.forgejo.org/docker/build-push-action> action to v6<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1134): <!--number 1134 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9kb2NrZXIvc2V0dXAtYnVpbGR4LWFjdGlvbiBhY3Rpb24gdG8gdjM=-->Update <https://data.forgejo.org/docker/setup-buildx-action> action to v3<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1131): <!--number 1131 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL2NoZWNrb3V0IGFjdGlvbiB0byB2NQ==-->Update <https://data.forgejo.org/actions/checkout> action to v5<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1130): <!--number 1130 --><!--line 0 --><!--description VXBkYXRlIGZvcmdlam8tcnVubmVyIHRvIHYxMS4zLjE=-->Update forgejo-runner to v11.3.1<!--description--> <!--end release-notes-assistant--> </details> --- ### Configuration 📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xMS4wIiwidXBkYXRlZEluVmVyIjoiNDIuMTEuMCIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19--> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10213 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org> Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>	2025-11-23 15:58:57 +01:00
Nils Philippsen	f4e3c0aaac	chore: fix typo (#10188) ... Signed-off-by: Nils Philippsen <nils@redhat.com> Co-authored-by: Nils Philippsen <nils@redhat.com> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10188 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Reviewed-by: Beowulf <beowulf@beocode.eu> Co-authored-by: Nils Philippsen <nilsph@noreply.codeberg.org> Co-committed-by: Nils Philippsen <nilsph@noreply.codeberg.org>	2025-11-21 12:36:28 +01:00
Calixte Pernot	4d0c7db6cd	feat: show link to pull requests targeting a non-default branch when pushing (#10079) ... This resolves #10057 by showing a list of links to pull requests with the head branch being the one just pushed. Since there may be multiple pull requests with different base branches, we find all of them and print them. Here is a comparison table for pushing to the `feature` branch when having 2 pull requests: `feature -> dev`, and `feature -> prod`. `main` being the default branch. ## Before remote: remote: Create a new pull request for 'feature': remote: http://localhost:3000/user1/repo1/compare/main...feature remote: ## After remote: remote: Create a new pull request for 'feature': remote: http://localhost:3000/user1/repo1/compare/main...feature remote: Visit the existing pull requests: remote: http://localhost:3000/user1/repo1/pulls/1 merges into dev remote: http://localhost:3000/user1/repo1/pulls/3 merges into prod remote: Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10079 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Calixte Pernot <cpernot@praksys.net> Co-committed-by: Calixte Pernot <cpernot@praksys.net>	2025-11-19 14:59:13 +01:00
Earl Warren	238ecfdeb8	fix: garbage collect lingering actions logs (#10009) ... If, for any reason (e.g. server crash), a task is recorded as done in the database but the logs are still in the database instead of being in storage, they need to be collected. The log_in_storage field is only set to true after the logs have been transfered to storage and can be relied upon to reflect which tasks have lingering logs. A cron job collects lingering logs every day, 3000 at a time, sleeping one second between them. In normal circumstances there will be only a few of them, even on a large instance, and there is no need to collect them as quickly as possible. When there are a lot of them for some reason, garbage collection must happen at a rate that is not too hard on storage I/O. Refs https://codeberg.org/forgejo/forgejo/issues/9999 --- Note on backports: the v11 backport is done manually because of minor conflicts. https://codeberg.org/forgejo/forgejo/pulls/10024 ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/10009): <!--number 10009 --><!--line 0 --><!--description Z2FyYmFnZSBjb2xsZWN0IGxpbmdlcmluZyBhY3Rpb25zIGxvZ3M=-->garbage collect lingering actions logs<!--description--> <!--end release-notes-assistant--> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10009 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Earl Warren <contact@earl-warren.org> Co-committed-by: Earl Warren <contact@earl-warren.org>	2025-11-18 18:59:01 +01:00
Mathieu Fenniak	dea9ef6706	fix: realign indexes on the 'action' table (#10040) ... Fixes #9963. This realigns all the indexes on the `action` table to best match their intended usages. New: - `IDX_action_created_unix (created_unix)` - Intended for usage in `DeleteOldActions`. - `IDX_action_repo_id_created_unix (repo_id, created_unix)` - Intended for usage when fetching action feeds for a repo and a team, with the same logic as that described below in `IDX_action_user_id_created_unix`. - `IDX_action_repo_id_op_type (repo_id, op_type)` - Intended for `DeleteIssueActions` when it searches for CreateIssue & CreatePullRequest actions for cleanup. Could be optimized further with a denormalization of the issue identifier into a field, but there's no current evidence that this is required. Replaced: - `IDX_action_c_u (created_unix, user_id)` - Replaced with `IDX_action_user_id_created_unix (user_id, created_unix)`. When action feeds are created w/ `ORDER BY created_unix DESC LIMIT 20`, an index beginning with `created_unix` will have to index scan until it can satisfy 20 records; the `user_id` portion of the index is effectively useless until two records appear at the same time. By inverting the order, the database will be able to identify the records created by a user and then pop the most recent 20 from the index order. - At the scale of database I have access to, the performance difference is unmeasurable. This change is supported by theoretical grounds and the findings of #9963, but no experimental evidence. Removed: - `IDX_action_user_id (user_id)` - Redundant with the new `IDX_action_user_id_created_unix`. - `IDX_action_r_u (repo_id, user_id)` - No clear consumer for this index. Retained with no modification: - `IDX_action_comment_id (comment_id)` - Used in `DeleteIssueActions`. - `IDX_action_au_r_c_u (act_user_id, repo_id, created_unix, user_id)` - Heat map generation. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10040 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2025-11-18 18:34:25 +01:00
Gusted	afbd05c398	fix: get new session from enginegroup instead of masterengine (#10140) ... Within Codeberg we are looking into distributing the database queries, we tried forgejo/forgejo!7212 on several occasions but never got it to work. After a long debugging session in a staging environment I was able to find two bugs that made it impossible for this feature to work: forgejo/docs!1587 which resulted in replica engines never being configured and used if you followed the documentation. The other bug is what this patch intends to fix. In order to do some database operation, you need the database engine - it will first look if one is set for the context (only useful for transactions) and otherwise create a new session of the engine from the master engine `x`. The problem is that `x` is explicitly set to be the master engine and not the engine group (that includes the replica engines) - Unless the code uses `DefaultContext`, which is almost nowhere used after some great refactoring in Gitea to use the passed context, it did not use the replica engines. Get engine from the `DefaultContext` (which is set to the enginegroup) and create a new session from that. 20f8572b92/models/db/engine.go (L220-L231) And `SetDefaultEngine` is called from 20f8572b92/models/db/engine.go (L212) Where `eng` is the engine group. ## Test 1. Configure database replicas. 2. Start Forgejo. 3. Verify Forgejo loads. 4. Stop the database replicas. 5. Verify Forgejo shows 500 errors. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10140 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-11-17 14:42:56 +01:00
Mathieu Fenniak	a9452d11d0	fix: possible cause of invalid issue counts; cache invalidation occurs before a active transaction is committed (#10130) ... Although #9922 was deployed to Codeberg, it was reported on Matrix that a user observed a `-1` pull request count. @Gusted checked and verified that the stats stored in redis appeared incorrect, and that no errors occurred on Codeberg that included the repo ID (eg. deadlocks, SQL queries). ``` 127.0.0.1:6379> GET Repo:CountPulls:924266 "1" 127.0.0.1:6379> GET Repo:CountPullsClosed:924266 "2" ``` One possible cause is that when `UpdateRepoIssueNumbers` is invoked and invalidates the cache key for the repository, it is currently in a transaction; the next request for that cached count could be computed before the transaction is committed and the update is visible. It's been verified that `UpdateRepoIssueNumbers` is called within a transaction in most interactions (I put a panic in it if `db.InTransaction(ctx)`, and most related tests failed). This PR fixes that hole by performing the cache invalidation in an `AfterTx()` hook which is invoked after the transaction is committed to the database. (Another possible cause is documented in #10127) Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10130 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>	2025-11-17 01:07:29 +01:00
oliverpool	67df538958	feat: cache derived keys for faster keying (#10114) ... Currently `DeriveKey` is called every time that a secret must be encoded/decoded. Since this function is deterministic, its result can be cached to allow a 250x speedup (the original took less than half a microsecond, so this more of a micro-optimization...). ``` go test -bench=. goos: linux goarch: amd64 pkg: forgejo.org/modules/keying cpu: Intel(R) Core(TM) Ultra 5 125H BenchmarkExpandPRK-18 2071627 564.2 ns/op BenchmarkExpandPRKOnce-18 541438192 2.206 ns/op PASS ok forgejo.org/modules/keying 2.369s ``` ## Other changes - Since the keys can be constructed once, it simplifies a bit the callsites (`keying.TOTP.Encrypt(...)` instead of `keying.DeriveKey(keying.ContextTOTP).Encrypt(...)`) - All `Encrypt`/`Decrypt` calls will panic forever if called before `Init` has been called (current it panics as long as `Init` has not been called) - Calling `Init` twice with different keys will trigger a panic (currently racy) - Calling `Decrypt` with a short ciphertext does not panic anymore (like when calling with long-enough garbage) Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10114 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: oliverpool <git@olivier.pfad.fr> Co-committed-by: oliverpool <git@olivier.pfad.fr>	2025-11-16 14:29:14 +01:00
Gusted	691dd023ff	chore: unify the usage of CryptoRandomString (#10110) ... - Similair spirit of forgejo/forgejo!7453. - Refactor the code in such a way that it always succeeds. - To avoid doing mathematics if you use this function, define three security level (64, 128 and 256 bits) that correspond to a specific length which has that a security guarantee. I picked them as they fit the need for the existing usages of the code. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10110 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Reviewed-by: Lucas <sclu1034@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-11-15 13:24:53 +01:00
Renovate Bot	ae6e18c518	Update module golang.org/x/net to v0.47.0 (forgejo) (#10112) ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10112 Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org> Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>	2025-11-15 08:28:10 +01:00