Commit Graph

14833 Commits

Author SHA1 Message Date
Jason Song
edf98a2dc3
Require approval to run actions for fork pull request (#22803)
Currently, Gitea will run actions automatically which are triggered by
fork pull request. It's a security risk, people can create a PR and
modify the workflow yamls to execute a malicious script.

So we should require approval for first-time contributors, which is the
default strategy of a public repo on GitHub, see [Approving workflow
runs from public
forks](https://docs.github.com/en/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks).

Current strategy:

- don't need approval if it's not a fork PR;
- always need approval if the user is restricted;
- don't need approval if the user can write;
- don't need approval if the user has been approved before;
- otherwise, need approval.

https://user-images.githubusercontent.com/9418365/217207121-badf50a8-826c-4425-bef1-d82d1979bc81.mov

GitHub has an option for that, you can see that at
`/<owner>/<repo>/settings/actions`, and we can support that later.

<img width="835" alt="image"
src="https://user-images.githubusercontent.com/9418365/217199990-2967e68b-e693-4e59-8186-ab33a1314a16.png">

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-24 15:58:49 +08:00
Zettat123
a6175b01d9
Fix nil context in RenderMarkdownToHtml (#23092)
Fix #23082.

This bug is caused by a nil context in
https://github.com/go-gitea/gitea/issues/23082#issuecomment-1441276546 .

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-24 14:36:07 +08:00
HesterG
045becf9aa
Add HesterG to maintainers (#23104)
[List of mine merged
PR](https://github.com/go-gitea/gitea/pulls?q=is%3Apr+author%3AHesterG+is%3Amerged+)
2023-02-24 14:31:02 +08:00
yp05327
5b87c05a95
improve FindProjects (#23085)
I found `FindAndCount` which can `Find` and `Count` in the same time
Maybe it is better to use it in `FindProjects`

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-24 13:18:52 +08:00
wxiaoguang
0bc8bb3cc4
Make issue meta dropdown support Enter, confirm before reloading (#23014)
As the title. Label/assignee share the same code.

* Close #22607
* Close #20727

Also:

* partially fix for #21742, now the comment reaction and menu work with
keyboard.
* partially fix for #17705, in most cases the comment won't be lost.
* partially fix for #21539
* partially fix for #20347
* partially fix for #7329

### The `Enter` support

Before, if user presses Enter, the dropdown just disappears and nothing
happens or the window reloads.

After, Enter can be used to select/deselect labels, and press Esc to
hide the dropdown to update the labels (still no way to cancel ....
maybe you can do a Cmd+R or F5 to refresh the window to discard the
changes .....)


This is only a quick patch, the UX is still not perfect, but it's much
better than before.


### The `confirm` before reloading

And more fixes for the `reload` problem, the new behaviors:

* If nothing changes (just show/hide the dropdown), then the page won't
be reloaded.
* If there are draft comments, show a confirm dialog before reloading,
to avoid losing comments.

That's the best effect can be done at the moment, unless completely
refactor these dropdown related code.

Screenshot of the confirm dialog:

<details>


![image](https://user-images.githubusercontent.com/2114189/220538288-e2da8459-6a4e-43cb-8596-74057f8a03a2.png)

</details>

---------

Co-authored-by: Brecht Van Lommel <brecht@blender.org>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-24 09:26:27 +08:00
sillyguodong
1f09051f2b
Fix SyncOnCommit always return false in API of push_mirrors (#23088)
Fix: #22990

---
Before, the return value of the api is always false,regrardless of
whether the entry of `sync_on_commit` is true or false.
I have confirmed that the value of `sync_on_commit` dropped into the
database is correct.
So, I think it is enough to make some small changes.
2023-02-23 15:50:33 -06:00
yp05327
ed954b070d
Fix commit name in Apply Patch page (#23086)
Fixes
https://github.com/go-gitea/gitea/issues/22621#issuecomment-1439309200
2023-02-23 15:14:07 -06:00
HesterG
8ed6096158
Add wrapper to author to avoid long name ui problem (#23030)
This PR is a possible solution for issue #22866. Main change is to add a
`author-wrapper` class around author name, like the wrapper added to
message. The `max-width` is set to 200px on PC, and 100px on mobile
device for now.
2023-02-23 14:28:18 -06:00
Sven
659cf30b69
Avoid Hugo from adding quote to actions url (#23097) 2023-02-23 12:19:52 -05:00
KN4CK3R
0ae1ed749d
Remove all package data after tests (#22984)
Fixes #21020

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2023-02-23 22:11:56 +08:00
HesterG
3adfc0f02d
Change style to improve whitespaces trimming inside inline markdown code (#23093)
Given mardown source
```
x ` a` y
x `a ` y
x ` a ` y
```

Render

<img width="1421" alt="2023-02-23 15 33 14"
src="https://user-images.githubusercontent.com/17645053/220844280-a304c788-ac79-4a26-a55a-0db00f2fb3f3.png">

Fixes #23080.
2023-02-23 20:57:03 +08:00
techknowlogick
dd7d6e3ad0
Nest metadata in refactoring docs (#23087)
Whitespace was missing from refactoring docs metadata.

backport label applied so it is included in versioned docs.
2023-02-23 16:25:18 +08:00
Joakim Pettersen
0ce79bb9f6
Improve reverse proxies documentation (#23068)
Add "Traefik with a sub-path" documentation

closes #23047

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-02-23 15:34:09 +08:00
Andre Polykanine
6c35454654
Improve accessibility for issue comments (#22612)
Currently in Gitea issue comments are not marked up with headings. I'm
trying to fix this by adding an appropriate
[ARIA](https://www.w3.org/WAI/standards-guidelines/aria/) role for
comment header and also by enclosing the comment itself in a semantical
article element.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-02-23 10:24:24 +08:00
John Olheiser
a084e182b0
Wrap unless-check in docker manifests (#23079)
Should fix the following:
> failed to render template: Evaluation error: Helper 'unless' called
with wrong number of arguments, needed 2 but got 3

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-02-22 16:33:31 -06:00
HesterG
a78e0b7dad
Add accessibility to the menu on the navbar (#23059)
This PR is trying to add accessibility to the menu as mentioned in
#23053 so the menu can be accessed using keyboard (A quick demo is added
below), with a reference to
[PR2612](https://github.com/go-gitea/gitea/pull/22612). The goal is to
make the menu accessible merely using keyboard like shown below. And
this PR might need confirmation from developers using screen readers.
2023-02-22 15:58:07 -06:00
zeripath
1319ba6742
Use minio/sha256-simd for accelerated SHA256 (#23052)
minio/sha256-simd provides additional acceleration for SHA256 using
AVX512, SHA Extensions for x86 and ARM64 for ARM.

It provides a drop-in replacement for crypto/sha256 and if the
extensions are not available it falls back to standard crypto/sha256.

---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-02-22 14:21:46 -05:00
wxiaoguang
eb5a55785d
Fix some more hidden problems (#23074)
Follows #22950
2023-02-22 15:26:02 +00:00
sillyguodong
90a7bba1f2
Add sillyguodong to maintainers (#23067)
[List of mine merged
PR](https://github.com/go-gitea/gitea/pulls?q=is%3Apr+author%3Asillyguodong+is%3Amerged+)
2023-02-22 18:32:00 +08:00
wxiaoguang
33e556e67a
Improving CONTRIBUTING.md for backport details (#23057)
See the changes.

Two key points:
* Necessary enhancements could be backported.
* The backports shouldn't break downgrade  between minor releases.
2023-02-22 11:49:52 +08:00
John Olheiser
4d2d3bd65d
Changelog 1.18.5 (#23045) (#23049)
Frontport #23045
2023-02-21 13:36:19 -06:00
zeripath
43405c35f0
Add Bash and Zsh completion scripts (#22646)
This PR adds contrib scripts for bash and zsh completion.

Simply call:

```bash
source contrib/autocompletion/bash_autocomplete
```

or for Zsh:

```bash
source contrib/autocompletion/zsh_autocomplete
```

Signed-off-by: Andrew Thornton <art27@cantab.net>

---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-02-21 12:32:24 -05:00
Zettat123
4de5cd9f36
Return empty url for submodule tree entries (#23043)
Close #22614.

Refer to [Github's
API](https://docs.github.com/en/rest/git/trees?apiVersion=2022-11-28#get-a-tree),
if a tree entry is a submodule, its url will be an empty string.

---------

Co-authored-by: delvh <leon@kske.dev>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-02-21 12:31:17 -05:00
wxiaoguang
a7e98d70b6
Fix the show/hide methods for string selector (#23042)
At that moment I made a mistake (failed to detect a JS variable type
correctly)

Close #23040
2023-02-21 11:09:03 -06:00
sillyguodong
09d7377090
display attachments of review comment when comment content is blank (#23035)
fix: #22647
2023-02-21 10:08:20 -06:00
silverwind
77f70bd5a3
Upgrade to stylelint 15 (#22944)
- Upgrade stylelint and plugin
- Change ruleset to a explicit one, with all deprecated rules removed
- Fix new issues detected by value validation

For `overflow: overlay` see
https://github.com/stylelint/stylelint/issues/6667
2023-02-21 09:23:45 -06:00
Jason Song
c8c2a31818
Add force_merge to merge request and fix checking mergable (#23010)
Fix #23000.
2023-02-21 08:42:07 -06:00
wxiaoguang
1fcf96ad01
Improve PR Review Box UI (#22986)
This PR follows: 
* #22950

### Before

The Review Box has many problems:

* It doesn't work for small screens.
* It has an anonying animation which makes the UI laggy.
* It uses "custom dropdown menu" which is very difficult to fine tune.
* `$().toggle('visible')` is not a correct call 
* jQuery just accepts any invalid `duration` argument:
`$().toggle('anyting')`
* The button is not a button.

<details>

![image](https://user-images.githubusercontent.com/2114189/219948865-6da3f39c-6fde-4c86-9e42-da5020f3d0c3.png)

</details>

### After

These problems are fixed, and eliminate many `!important` games.

<details>

![image](https://user-images.githubusercontent.com/2114189/219952744-8862fe1a-7ef1-49e4-bf92-2d0c1f104ee4.png)

![image](https://user-images.githubusercontent.com/2114189/219952771-be169a76-45fd-47a8-8f9c-b447d064f4ca.png)

![image](https://user-images.githubusercontent.com/2114189/219952784-3f52e9b7-64ce-4ad1-9553-64c33fb83042.png)

</details>

And most dropdown icons still looks good:

<details>

![image](https://user-images.githubusercontent.com/2114189/219952942-52866a00-e0f9-4af7-8fb5-eb1a8cad1ff3.png)

![image](https://user-images.githubusercontent.com/2114189/219948909-b3bfb844-f84e-4b79-ab1f-382ec66dec31.png)

</details>

Co-authored-by: delvh <leon@kske.dev>
2023-02-21 21:36:53 +08:00
HesterG
9ebf6424ee
Remove dashes between organization member avatars on hover (#23034)
On the home page of an organization, there are unexpected dashes between
the avatars of the members when hovering over the avatars, as shown in
below:

![hover including title](https://user-images.githubusercontent.com/17645053/220271470-4f49e16f-87eb-4ffa-b38e-23feae1ff92d.png)

![hover without title](https://user-images.githubusercontent.com/17645053/220271512-e4a67685-6b72-4742-a34f-e01ed248c1de.png)

This is because in `fomantic/build/semantic.css` there is a
rule `text-decoration: underline;` when hovering over the `<a>` tag.
Here, the `<a>` tag has width and height because of the avatar image inside,
leading to the unexpected underlines.

This PR overrides the `a:hover` rule so the underline does not exist anymore.

Co-authored-by: delvh <leon@kske.dev>
2023-02-21 12:28:31 +01:00
wxiaoguang
e7b560f3fe
Fix the Manually Merged form (#23015)
Regression bug of #19650

Close #20983
Close #21912

### The "Manually Merged" form

![image](https://user-images.githubusercontent.com/2114189/220170503-32638994-b509-4251-8aa1-d8393dda7184.png)

### Mark a PR as Manually Merged and close it

![image](https://user-images.githubusercontent.com/2114189/220170537-25c91b2c-7a9a-44d1-9e6a-ebe3f1dfc26a.png)

---------

Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-21 18:03:41 +08:00
Zettat123
7f790c70b9
Remove delete button for review comment (#23036)
Fix #23031.

Currently, only comments with type `CommentTypeComment` or
`CommentTypeCode` can be deleted. If user create a review comment, the
type of the comment will be `CommentTypeReview` so the comment cannot be
deleted.

e7be610d57/routers/web/repo/issue.go (L2860-L2868)

And in Github, user also cannot delete a review comment. There isn't a
delete button in the menu.

<img
src="https://user-images.githubusercontent.com/15528715/220275166-5ae2dc10-4003-4857-b14e-d7b02644345f.png"
width="640px" />

So we should remove the delete button from the menu when the comment's
type is `CommentTypeReview`.
2023-02-21 16:25:47 +08:00
wxiaoguang
e7be610d57
Improve frontend guidelines (#23007)
Some were out-dated, some are added.
2023-02-21 14:13:37 +08:00
wxiaoguang
dc9cebdf45
Use --message=%s for git commit message (#23028)
Close  #23027

`git commit` message option _only_ supports 4 formats (well, only ....):
* `"commit", "-m", msg`
* `"commit", "-m{msg}"`  (no space)
* `"commit", "--message", msg`
* `"commit", "--message={msg}"`

The long format with `=` is the best choice, and it's documented in `man
git-commit`:

`-m <msg>, --message=<msg> ...`

ps: I would suggest always use long format option for git command, as
much as possible.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-21 14:12:57 +08:00
HesterG
e3cffa70f9
add margin top to the top of branches (#23002)
add margin top as mentioned in #22973

---------

Co-authored-by: jidi <jidi@jidideMacBook-Pro.local>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-21 13:03:44 +08:00
yp05327
4fcf3a3f90
Add me to maintainers (#23026)
Add me to maintainers.

[My PRs
list](https://github.com/go-gitea/gitea/pulls?q=is%3Apr+author%3Ayp05327+is%3Amerged+)
2023-02-21 10:56:13 +08:00
Lunny Xiao
34ae184622
Render access log template as text instead of HTML (#23013)
Fix https://github.com/go-gitea/gitea/pull/22906#discussion_r1112106675
2023-02-21 10:22:13 +08:00
wxiaoguang
1b950b98cf
Use gt-relative class instead of the ambiguous gt-pr class (#23008)
`.gt-relative` is also `position: relative !important;`

There are `gt-pr-?` styles below (line 140) for `padding-right`, which
makes `.gt-pr` ambiguous

Co-authored-by: delvh <leon@kske.dev>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-02-20 19:16:56 -05:00
zeripath
35d2fa744a
Fix intermittent panic in notify issue change content (#23019)
Ensure that issue pullrequests are loaded before trying to set the
self-reference.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: delvh <leon@kske.dev>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-02-20 19:15:49 -05:00
Jason Song
97aacc3ea1
Improve pull_request_template.md (#22888)
Update `pull_request_template.md` because:

- It's a kind idea to hide the tips. However, it's easier to include
them in the commit message by mistake when you cannot see them. Check
`git log | grep 'Please check the following:'`. So don't hide it, expose
it and help fix it.
- "for backports" is much clearer than "for bug fixes". I saw someone
post a PR to a release branch because they believed it was the right way
for a bugfix.
- "Allow edits by maintainers", or we have to ask the contributor to
update the branch and they could be confused.
- Remind the contributor that the words could be included in the commit
message, to avoid some words like "Hello", "Sorry". If they really need
them, they can separate them with a line, like:

```markdown
Close #xxxx
Because ... Then ... Finally ...
---
Hello, this is my first time opening a pull request. Sorry for any mistakes.
```
And the merger should be careful, check and delete the extra content
before merging.

---------

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-02-20 19:14:02 -05:00
Brecht Van Lommel
a82b9016c3
Hide 2FA status from other members in organization members list (#22999)
This is rather private information that should not be given to all
members in the same organization. Only show it to organization owners.
2023-02-20 17:16:29 -06:00
Lunny Xiao
d845be661f
handle deprecated settings (#22992)
Fix #22736
2023-02-20 16:18:26 -06:00
zeripath
d2128b44f7
Add scopes to API to create token and display them (#22989)
The API to create tokens is missing the ability to set the required
scopes for tokens, and to show them on the API and on the UI.

This PR adds this functionality.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2023-02-20 15:28:44 -06:00
wxiaoguang
330b166423
Remove unnecessary and incorrect find('.menu').toggle() (#22987)
Follows:
* #22950

The dropdown menu works well without these codes.

The reason is that the event bubbling still works for the dropdown menu,
the Fomantic UI dropdown menu module will hide the menu correctly if an
item is clicked.
2023-02-20 14:44:32 -06:00
yp05327
f4ce8c73fb
Improve issues.LoadProject (#22982)
issues.LoadProject() is no use
change `issues.loadProject(ctx)` to issues.LoadProject(ctx)
2023-02-20 13:21:56 -06:00
Lunny Xiao
cfc7a4efdb
Add 1.18.4 changelog (#22991) (#22995)
Frontport from #22991
2023-02-20 12:09:02 -06:00
Brecht Van Lommel
9aaf6998b7
Fix pull request branch selector visible without clicking Edit (#23012)
Caused by #22950
2023-02-21 00:08:32 +08:00
dependabot[bot]
018815215f
Bump golang.org/x/net from 0.4.0 to 0.7.0 (#22980)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.4.0 to
0.7.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8e2b117aee"><code>8e2b117</code></a>
http2/hpack: avoid quadratic complexity in hpack decoding</li>
<li><a
href="547e7edf38"><code>547e7ed</code></a>
http2: avoid referencing ResponseWrite.Write parameter after
returning</li>
<li><a
href="39940adcaa"><code>39940ad</code></a>
html: parse comments per HTML spec</li>
<li><a
href="87ce33ecb4"><code>87ce33e</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="415cb6d518"><code>415cb6d</code></a>
all: fix some comments</li>
<li><a
href="7e3c19ca52"><code>7e3c19c</code></a>
all: correct typos in comments</li>
<li><a
href="296f09aa38"><code>296f09a</code></a>
http2: case insensitive handling for 100-continue</li>
<li><a
href="f8411da775"><code>f8411da</code></a>
nettest: fix tests on dragonfly and js/wasm</li>
<li><a
href="8e0e7d8d38"><code>8e0e7d8</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="7805fdc37d"><code>7805fdc</code></a>
http2: rewrite inbound flow control tracking</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/net/compare/v0.4.0...v0.7.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/net&package-manager=go_modules&previous-version=0.4.0&new-version=0.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: delvh <leon@kske.dev>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-20 23:52:21 +08:00
sillyguodong
36d1d5fb78
Fix panic when call api (/repos/{owner}/{repo}/pulls/{index}/files) (#22921)
Close: #22910 

---
I'm confused about that why does the api (`GET
/repos/{owner}/{repo}/pulls/{index}/files`) require caller to pass the
parameters `limit` and `page`.
In my case, the caller only needs to pass a `skip-to` to paging. This is
consistent with the api `GET /{owner}/{repo}/pulls/{index}/files`
So, I deleted the code related to `listOptions`

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-20 22:22:34 +08:00
Lunny Xiao
c3d9a70d0a
only trigger docs build and publish when docs changed (#22968)
Since drone plugin
https://github.com/meltwater/drone-convert-pathschanged/ enabled, we can
filter event with path in drone.

Building docs will now only be triggered when documentations changed.

---------

Co-authored-by: Jason Song <i@wolfogre.com>
2023-02-20 21:08:41 +08:00
Zettat123
9a83aa28a3
Get rules by id when editing branch protection rule (#22932)
When users rename an existing branch protection rule, a new rule with
the new name will be created and the old rule will still exist.

![image](https://user-images.githubusercontent.com/15528715/219276442-d3c001ad-e693-44ec-9ad2-b33f2666b49b.png)

---

![image](https://user-images.githubusercontent.com/15528715/219276478-547c3b93-b3f1-4292-a1ef-c1b7747fe1bb.png)

The reason is that the `SettingsProtectedBranchPost` function only get
branch protection rule by name before updating or creating a rule. When
the rule name changes, the function cannot find the existing rule so it
will create a new rule rather than update the existing rule. To fix the
bug, the function should get rule by id first.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-20 19:30:41 +08:00