[pull] main from go-gitea:main #23
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
Fix google logo in user security page: #28701 Before  after 
Many of the golang links point to the old site and don't use https. This pull request updates these outdated links to https://go.dev . #28979
pull
bot
added
⤵️ pull
and removed
modifies/docs
modifies/frontend
modifies/translation
labels
…`Follow` (#28908) - Closes #28880 This change introduces htmx with the hope we could use it to make Gitea more reactive while keeping our "HTML rendered on the server" approach. - Add `htmx.js` that imports `htmx.org` and initializes error toasts - Place `hx-headers='{"x-csrf-token": "{{.CsrfToken}}"}'` on the `<body>` tag so every request that htmx sends is authenticated - Place `hx-swap="outerHTML"` on the `<body>` tag so the response of each htmx request replaces the tag it targets (as opposed to its inner content) - Place `hx-push-url="false"` on the `<body>` tag so no changes to the URL happen in `<form>` tags - Add the `is-loading` class during request ### Error toasts in action  ## Don't do a full page load when clicking the subscribe button - Refactor the form around the subscribe button into its own template - Use htmx to perform the form submission - `hx-boost="true"` to prevent the default form submission behavior of a full page load - `hx-sync="this:replace"` to replace the current request (in case the button is clicked again before the response is returned) - `hx-target="this"` to replace the form tag with the new form tag - Change the backend response to return a `<form>` tag instead of a redirect to the issue page ### Before  ### After  ## Don't do a full page load when clicking the follow button - Use htmx to perform the button request - `hx-post="{{.ContextUser.HomeLink}}?action=follow"` to send a POST request to follow the user - `hx-target="#profile-avatar-card"` to target the card div for replacement - `hx-indicator="#profile-avatar-card"` to place the loading indicator on the card - Change the backend response to return a `<div>` tag (the card) instead of a redirect to the user page ### Before  ### After  --------- Signed-off-by: Yarden Shoham <[email protected]> Co-authored-by: 6543 <[email protected]> Co-authored-by: Giteabot <[email protected]>
In #28691, schedule plans will be deleted when a repo's actions unit is disabled. But when the unit is enabled, the schedule plans won't be created again. This PR fixes the bug. The schedule plans will be created again when the actions unit is re-enabled
# Purpose This PR makes git http related functions use the same `context.Context` so they can be maintained easier.
To make sure we don't abuse it. --------- Signed-off-by: Yarden Shoham <[email protected]> Co-authored-by: wxiaoguang <[email protected]> Co-authored-by: delvh <[email protected]>
I tripped over this strange method and I don't think we need that workaround to fix the value. old:  new:  --------- Co-authored-by: silverwind <[email protected]> Co-authored-by: wxiaoguang <[email protected]>
Behaviour now matches GH. Safeguard added in the for loop because `textContent` may be null in which case it does not make sense to render the copy button.
- Update all JS dependencies minus @mcaptcha/vanilla-glue - Fix new lint errors - Regenerate SVGs - Switch to maintained stylelint stylistic plugin - Tested Mermaid, Citation, Swagger, sorting - Raise ESBuild target to `es2020` as dictated by `pretty-ms` dependency.
Fix #28941 ps: didn't test. The repo is too big to migrate.
Followup #28977. I forgot to pass the updated option to esbuild-loader, e.g. previously it was only passed to the minifier.
This change allows act_runner / actions_runner to use jwt tokens for `ACTIONS_RUNTIME_TOKEN` that are compatible with actions/upload-artifact@v4. The official Artifact actions are now validating and extracting the jwt claim scp to get the runid and jobid, the old artifact backend also needs to accept the same token jwt. --- Related to #28853 I'm not familar with the auth system, maybe you know how to improve this I have tested - the jwt token is a valid token for artifact uploading - the jwt token can be parsed by actions/upload-artifact@v4 and passes their scp claim validation Next steps would be a new artifacts@v4 backend. ~~I'm linking the act_runner change soonish.~~ act_runner change to make the change effective and use jwt tokens <https://gitea.com/gitea/act_runner/pulls/471>
Emails from Gitea comments do not contain the username of the commenter anywhere, only their display name, so it is not possible to verify who made a comment from the email itself: From: "Alice" <email@gitea> X-Gitea-Sender: Alice X-Gitea-Recipient: Bob X-GitHub-Sender: Alice X-GitHub-Recipient: Bob This comment looks like it's from @alice. The X-Gitea/X-GitHub headers also use display names, which is not very reliable for filtering, and inconsistent with GitHub's behavior: X-GitHub-Sender: lunny X-GitHub-Recipient: gwymor This change includes both the display name and username in the From header, and switches the other headers from display name to username: From: "Alice (@fakeAlice)" <email@gitea> X-Gitea-Sender: fakealice X-Gitea-Recipient: bob X-GitHub-Sender: fakealice X-GitHub-Recipient: bob This comment looks like it's from @alice.
This PR adds a new `must-change-password` parameter to the `change-password` cli command. We already have the `must-change-password` command but it feels natural to have this integrated into the `change-password` cli command. --------- Co-authored-by: 6543 <[email protected]>
Follow #28654 The `comments` might be empty, so the templates shouldn't (and couldn't) use it to render. When there is no comment, the UI should also be updated to empty, so returning an empty body is good enough.
Fixes #28660 Fixes an admin api bug related to `user.LoginSource` Fixed `/user/emails` response not identical to GitHub api This PR unifies the user update methods. The goal is to keep the logic only at one place (having audit logs in mind). For example, do the password checks only in one method not everywhere a password is updated. After that PR is merged, the user creation should be next.
- Unify the password changing code - Invalidate existing auth tokens when changing passwords
Fixes https://codeberg.org/forgejo/forgejo/issues/2257 Draft status of a PR is currently not exposed by the API. This PR adds a 'draft' field to pull requests in the API, which is used to correctly set the PR color/icon in a ContextPopup. --- Before:  After: 
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )