Commit graph

5,841 commits

Author SHA1 Message Date
Igor de Beijer
f6ed9bb800 feat(ui): move release assets above source code archives (#13038)
This PR moves the release assets above the code archives on the releases page, as the assets are likely what the user is looking for compared to the code archive.

resolves #12534.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13038
Reviewed-by: limiting-factor <limiting-factor@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-07-11 02:03:57 +02:00
vsdl
fe8d4c3f3f fix(ui): fix markdown editor monospace preference in pages with multiple editors (#13329)
Makes sure the markdown editor's monospace preference gets applied even within pages containing multiple editors.

Fixes https://codeberg.org/forgejo/forgejo/issues/13186

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13329
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-07-10 01:29:00 +02:00
christopher-besch
8770ffc848 feat: granular settings for watched repo units (#10927)
Continuation of #10598
Closes #7254

Implement repo granular watch selection

I adopted a lot of the frontend from #10598 while redoing the entire back-end. I propose this new model:
- Remove the WatchMode enum.
- Add the WatchSelection struct, which represents the granular selection. Notice that there is no `watching` bool. I tried very hard to keep the structure as simple and redundancy-free as possible. Therefore, people not watching a repo at all either don't have a watch record or one with an entirely unselected WatchSelection struct.
- Add the WatchSource enum. It replaces the WatchMode enum and has a single purpose: determine whether a watch was explicitly or automatically initiated.

Notice that replacing this
```go
		And("`watch`.mode<>?", WatchModeDont).
```
with this is correct:
```go
		And(
			builder.Or(
				builder.Eq{"`watch`.watch_selection_issues": true},
				builder.Eq{"`watch`.watch_selection_pull_requests": true},
				builder.Eq{"`watch`.watch_selection_releases": true},
			),
		).
```
That's because there are four modes: dont, none, auto and normal. When `<>` with dont, we look for auto and normal, because there are no records with none. Therefore, the old code looks for records that indicate watching. The code I replaced this with does so, too, just more granular.

Also notice that I've prepared a future `user preset` in a few places. See below for a little more info on that.

## Next PR
I plan to continue working on this. I want to implement a `user preset` option. The user sets that `user preset` in her settings and may use them in any repo.
<details>
- rename account settings to account and notifications
- user preset (always use this preset for newly accessible repos (according to AutoWatchOnChanges and AutoWatchNewRepos))
</details>

## Further PRs
- make api able to granular watch
- move (email) notifications to new notifications tab

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10927
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-07-09 19:51:10 +02:00
Robert Wolff
d130e96d65 feat(ui): show release attachments' uploaded time on release edit page (#13180)
Closes: #13178

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13180
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-07-09 17:19:34 +02:00
dawe
9947e07037 enh(ui): give hint about .profile repo for advanced customization and verification links (#13330)
fixes #11263

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13330
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2026-07-07 11:07:43 +02:00
Gusted
0dafb9e3c4 chore: improve CompareDiff (#13314)
- Use context.ReferencesGitRepo to populate `GitRepo`.
- Add two extra query fields in swagger.
- Simplify how infos is parsed.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13314
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
2026-07-06 15:02:30 +02:00
Cameron Radmore
1a277ad0b8 chore: have stylelint lint CSS in tmpl files to enforce RTL-friendly logical properties (#13216)
This will allow us to enforce RTL-friendly logical CSS properties in the go template files.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13216
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-07-04 17:05:27 +02:00
steven.guiheux
3062f1b4cc fix: add extraLinesCount to reply template (#13258)
Close #13250

ExtraLinesCount was not send to reply template

### Tests for Go changes

- I added test coverage for Go changes...
  - [X] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [X] `make pr-go` before pushing

### Documentation

- [X] I did not document these changes and I do not expect someone else to do it.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13258
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
2026-07-04 05:02:28 +02:00
limiting-factor
8ee7e7c32b fix(ui): in the admin config panel do not report a cache taking more than 100 microseconds as slow (#13256)
There is no absolute threshold to decide a cache is slow. Report the time it took to run the test and let the user decide if this is too slow or not.

Closes forgejo/forgejo#5846

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13256
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2026-06-30 12:06:06 +02:00
birdgoose
1ab4c8d915 fix(ui): fix HTMX attributes in watch, star, and notification buttons (#12976)
Fixes forgejo/forgejo#12951

The changes are made to the following template files:
- on the repo star/unstar button
- on the repo watch/unwatch button
- on the issue notification button

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12976
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2026-06-28 18:00:15 +02:00
Markus Unterwaditzer
d464d625d8 feat: Move repo topic selector to tom-select (#12736)
This is a proof of concept for replacing Formatic's buggy dropdown with
something else. There are a bunch of open gitea issues on github
discussing getting rid of Fomantic.

Tested in Firefox/Chrome. Attached screenshots are before/after. The one with the input focused in orange, and tighter letter spacing, is after.

If this is merged I plan to move the other selectors off of Fomantic.

Alternative to https://codeberg.org/forgejo/forgejo/pulls/12731, also fixes #10118

Signed-off-by: Markus Unterwaditzer <markus-tarpit+git@unterwaditzer.net>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12736
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-06-27 23:30:59 +02:00
Benedek Kozma
939e5e8b0a fix: Update swift package registry to use the metadata schema from the official Swift docs (#12200)
fixes #12108

docs PR: https://codeberg.org/forgejo/docs/pulls/1893

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

## Testing

Related PRs:

- https://code.forgejo.org/forgejo/end-to-end/pulls/2063
- https://code.forgejo.org/forgejo/oci-mirror/pulls/69

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12200
Reviewed-by: limiting-factor <limiting-factor@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
2026-06-26 04:25:56 +02:00
Dylan Hackworth
8ca338754d feat: Add 'Copy Markdown' button (#13083)
This pull request adds a "Copy Markdown" button to issue comments.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13083
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-06-25 15:40:50 +02:00
Cameron Radmore
7f21b64607 fix: switch search syntax modal from table to grid (#13171)
This PR fixes a regression noticed by @0ko caused by changes from PR !12491

The switch to using logical css properties had a regression as the `text-align: start`wasn't propagating to the th element like `text-align: left` was.

This PR attempts to fix this issue by switching to a grid

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13171
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2026-06-24 15:44:09 +02:00
Mathieu Fenniak
25ab9039be feat: add warnings for usage of unsupported permissions: in Actions workflows (#13164)
Any job with `permissions:`, and all jobs in a workflow with `permissions:`, will display a warning at the top of the Actions screen indicating that this field is not supported by Forgejo.

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

- I added test coverage for JavaScript changes...
  - [x] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13164
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
2026-06-23 21:30:19 +02:00
Andreas Ahlenstorf
a0bee7b0b8 feat: enable manual prioritization of workflow runs (#13045)
Introduce the capability to manually prioritize individual workflow runs. If possible, manually prioritized workflow runs will be run before all others. If multiple workflow runs have been prioritized manually, they will be run in their order of arrival, not in the order they have been prioritized manually.

Workflow run prioritization is best-effort, no matter whether a workflow run has been (de-)prioritized manually or by a prioritization algorithm. That means that it usually has an effect, but it's not guaranteed to have one.

Workflow run prioritization is performed by implementations of `RunPrioritizationStrategy`. Currently, only one implementation exists: first in, first out, with the option to manually mark individual workflow runs as prioritized. It is possible to add more strategies in the future and make them selectable in the user interface per repository.

Implementations of `RunPrioritizationStrategy` can only influence the ordering of `ActionRunJob`s by altering the priority of the `ActionRun` they belong to. That is a conscious choice to reduce the risks of deadlocks or other potentially weird behaviour that would be hard to debug. The priority of `ActionRun`s that are already running is not recalculated for the same reason.

The run priority cannot be observed by external systems because it is neither exposed in the HTTP API nor to webhook listeners. That limitation can be alleviated in future versions.

See also https://codeberg.org/forgejo/forgejo/issues/12830 and https://code.forgejo.org/forgejo/forgejo-actions-feature-requests/issues/92.

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13045
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2026-06-18 00:58:33 +02:00
Antonin Delpeuch
c99b35cfa4 feat: setting to add team members by invitations (#12845)
Fixes #12564. Fixes #8951.

This introduces a new setting, `ADD_MEMBERS_BY_INVITATIONS`, which is turned off by default.
When turned on, adding a user to a team issues an invitation instead of adding them directly to the team.
A prerequisite for this work was to be able to link invitations to existing users (so far, they were only associated to an email address, since those invitations were meant to be issued to users who didn't have an account yet).

---

I plan to work on the following improvements, which I propose to do in separate PRs given that this one is already a bit big:
* generate an in-app notification for the invited user
* advertise the invitation to the invited user from the org page as well (#12120)
* show the list of invited users in the list of organization members (not just on the team page)

and various other improvements to invitations (#12570, #12716).

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12845
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-06-15 01:46:25 +02:00
Oak_lod
565d60d2f9 fix(api): swagger docs improvement (#13082)
This PR fixes some minor issues with the swagger API documentation. These issues are:

1. The description for the `template` parameter for the `GET /repo/search` endpoint is incorrect. It says this:
    ```
    include template repositories this user has access to (defaults to true)
    ```
    When the parameter actually functions like this:
    ```
    show only template, non-template or all repositories (defaults to all)
    ```
2. The the `gitignores` option in the `POST /user/repos` endpoint JSON object has a description that doesn't say how `gitignore` names should be separated. It's like this:
    ```
    Gitignores to use
    ```
    When it should be something like this:
    ```
    Gitignores to use, separated by commas
    ```

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13082
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2026-06-13 21:20:26 +02:00
0ko
423b5c029c feat(ui): modernize hidden comment types checkboxes in appearance settings (#13044)
Changes

- use native fieldset and checkboxes instead of fomantic. As a result, the code is simpler and changing the checkbox state by clicking the text works without JS by native `label` behavior instead of fomantic scripted behavior.
- show tooltips as help hints. This is better because in a large list with only two items having tooltips the user doesn't have to guess which ones have a tooltip. And it is more touchscreen friendly.

Preview

|Old|New|
|-|-|
|![old](https://codeberg.org/attachments/d464e1b7-d490-4efe-ac2a-5c4eb1f70467)|![new](https://codeberg.org/attachments/decccca6-45b7-4c8a-9099-a28781aad7f3)|

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13044
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-06-11 07:00:11 +02:00
Leni Kadali
6def475fc4 feat(ui): mention quote searching and search docs in search syntax popup (#12966)
Fixes [#12505](https://codeberg.org/forgejo/forgejo/issues/12505).
Also see [this comment](https://codeberg.org/forgejo/forgejo/issues/12505#issuecomment-15410954) on the issue as well.

## Preview

![](https://codeberg.org/attachments/4e1a85e8-755d-4137-85a3-60ab193bc919)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12966
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2026-06-11 06:59:40 +02:00
Christian Burger
a9521cce56 correcting referrer policy in HTML <meta> tag (#13036)
Switched to `same-origin` which was probably orginally intended in
PR #10851, since `strict-origin` still relays the Forgejo web server URL
to other web servers in the referrer as long as HTTPS is used.

See: https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/meta/name/referrer#same-origin

fixes #13019

## Checklist

### Documentation

- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13036
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
2026-06-10 20:39:20 +02:00
0ko
8e8610d2f8 fix(ui): dedup, fix, improve various strings (#12843)
Multiple fixes squashed into one PR for simplicity. See individual commit messages in the PR for details

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12843
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-06-10 09:16:26 +02:00
OFHansen
bb5919ea87 feat(api): add new /repos/{owner}/{repo}/actions/runs/{run_id}/cancel API endpoint (#12957)
This new API endpoint makes it possible to cancel action runs via the API. Previously this was only natively possible through the UI, the same `CancelRun` func has been reused for this feature.

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12957): <!--number 12957 --><!--line 0 --><!--description ZmVhdChhcGkpOiBhZGQgbmV3IGAvcmVwb3Mve293bmVyfS97cmVwb30vYWN0aW9ucy9ydW5zL3tydW5faWR9L2NhbmNlbGAgQVBJIGVuZHBvaW50-->feat(api): add new `/repos/{owner}/{repo}/actions/runs/{run_id}/cancel` API endpoint<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12957
Reviewed-by: limiting-factor <limiting-factor@noreply.codeberg.org>
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
2026-06-09 04:00:56 +02:00
AverageHelper
408572dd35 feat: in-browser validation of website URLs for user, repository, and organization profiles (#12991)
This PR pertains to the client-side validation of the Website input on user, repo, and org profiles. #12962 extends `[service].VALID_SITE_URL_SCHEMES` to cover Website fields on repo and org profiles, where before that config key only applied to the one on user profiles. If that change merges, it will then be possible to construct an HTML [`pattern`](https://developer.mozilla.org/docs/Web/HTML/Reference/Elements/input#pattern) attribute for general use on any Website form input that the server validates this way, thus enabling browsers to catch errors early relating to URL scheme confusion.

This PR (1) introduces such a `pattern` attribute, and (2) adds a new UI note to make clear to users which URL schemes are permitted. This change helps explain the browser's otherwise cryptic error messages regarding pattern mismatch, while also letting users know what URI schemes the Forgejo instance supports as Website links (e.g. gemini:// URLs).

![A text field labeled "Website", with a note below which reads, "Allowed URL schemes include: http, https"](/attachments/304e17ee-b5aa-414e-a4fa-d48639336c6c)

This MUST NOT merge before #12962. To do so would introduce a regression wherein the UI may suggest and validate a different set of allowed URL schemes than the server actually permits.

See also #5519

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12991
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2026-06-08 17:35:15 +02:00
rgon
c956dae73d feat: adds option to force overwrite new branch for /contents route (#12663)
Adds an option "force_overwrite_new_branch" when posting to
/repos/{owner}/{repo}/contents to modify multiple files in a repository.
When user provides both "branch" and "new_branch" options, and
"new_branch" already exists, the "force_overwrite_new_branch" option
allows the user to overwrite the existing branch. Under the hood this
amounts to a "git push --force".

[Issue #12600](https://codeberg.org/forgejo/forgejo/issues/12600)

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.
- [x] API swagger docs updated

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Co-authored-by: Rob Gonnella <rob.gonnella@papayapay.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12663
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
2026-06-06 16:45:57 +02:00
steven.guiheux
6a27eb051d feat(api,ui): add multiline comment on pullrequest (#12582)
Closes https://codeberg.org/forgejo/forgejo/issues/6093

This PR adds support for **multi-line review comments** on pull requests, allowing reviewers to select a range of lines in diffs instead of only a single line — similar to GitHub's implementation.

### Tests for Go changes

- I added test coverage for Go changes...
  - [X] in their respective `*_test.go` for unit tests.
  - [X] `make pr-go` before pushing

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12582
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
2026-06-03 16:06:29 +02:00
Yashwanth Rathakrishnan
cce8152879 feat(ui): commit view redesign for pull request page (#7948)
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7948
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2026-06-02 20:12:32 +02:00
Dylan Weijgertze
f1622c4e85 fix(ui): adjust sidebar distances and remove empty p elements (#12864)
I removed the empty `p` elements for accessibility as mentioned in this https://codeberg.org/forgejo/forgejo/pulls/12786#issuecomment-16247117. I also adjusted the spacing for the "reference" text with the divider to have the copy button have the same spacing as other buttons.

## Testing

Navigate to an issue and observe the spacing of the time tracker, reference and dependencies sections.

<table style="width:100%">
  <tr>
    <td>Before</td>
    <td>After</td>
  </tr>
  <tr>
    <td><img width="250" src="/attachments/a4e14050-1d14-457c-9d4f-ec9ac1ae3bcc" /></td>
    <td><img width="250" src="/attachments/3ab4445c-9f14-49d7-ac77-a7d69e914e58" /></td>
  </tr>
</table>

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12864
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2026-06-01 12:14:01 +02:00
Robert Wolff
3bee4ce24e fix(ui): adjust distances and remove a divider in the issue sidebar (#12786)
Some minor changes: coherent distances between heading and descriptions, drop a divider between time tracking related sections.

### Test

1. Go to an issue, add some time tracking and potentially dependencies.
2. Observe improved distances with a user with and once with a user without write permission.

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12786
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2026-05-31 10:11:17 +02:00
Robert Wolff
ef44b777f4 fix: hide some disallowed actions that lead to 404 errors in archived repos (#12773)
This
1. hides the “New issue” button, which currently leads to a 404 page, because it is not useful to have it, e.g., here: https://code.forgejo.org/forgejo/act/issues/169
2. removes the UI ability on projects in archived repos to move around issues and project columns. When a user performs such an action, currently it is shown as it were successful, but actually all requests lead to 404s without warning.
3. hides the hints for synching a fork or creating a pull request for recently pushed branches (which again would lead to 404s)
4. hides the branch selector (only shows the branch) on single issue/PR pages, which is disfunctional on archived repos

Thus, both these changes do not change anything related to what happens to issues or projects in archived repos, but only reduces 404 errors.

I don’t think this needs to be tested more than manually.

## Test

Create first a repository with at least **one issue** in **one project** and edit a file by creating a **new branch**. Then, perform following actions, once in the state where the repository is normal and once when it is archived:

action|unarchived|archived
---|---|---
\1. go to the issue|“New issue” button functional|“New issue” button removed
\2. click on the branch selector|menu opens|menu is now disabled and shows the branch
\3. go to the project|“New issue” button functional|“New issue” button removed
\4. try to move around columns|modifies columns|not possible anymore
\5. try to move around the issue|modifies issue location|not possible anymore
\6. go to the code view|see hint "You pushed …"|do not see this hint anymore

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12773
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-05-30 14:02:33 +02:00
limiting-factor
4ce9f2b061 fix: always display the pull request merge box if there are actions pending approval (#12785)
For the same reason the merge box is displayed when the user can delete the branch from which the pull request was proposed, the trust panel must be displayed when runs are waiting approval, either for information or to approve/deny runs from untrusted users.

Closes forgejo/forgejo#12576

---

Note that since this is a followup of https://codeberg.org/forgejo/forgejo/pulls/12704/files and it has not yet been released, there is no need for a mention in the release notes.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12785
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
2026-05-30 02:56:47 +02:00
limiting-factor
ec0e0399d8 fix: show the actions trust management panel when runs from trusted users are pending approval (#12812)
When the status of a user makes it implicitly trusted to run actions (for instance when it becomes a member of the Owners team of an organization), the runs that were blocked before they became trusted will need to be approved or denied.

The trust management panel was not displayed if the poster of the pull request was trusted. It is now displayed regardless of the current trust status of the user.

Closes forgejo/forgejo#12811

---

## Alternative implementation

An alternative implementation would be to approve all pending runs whenever the trust status of a user changes. That would require that change to happen when the user joins a team with permissions to run actions, becomes an admin, a collaborator to a repository with write access or when a repository ownership is transferred to an organization where the user already has such rights.

Such an implementation would save the effort of manually taking care of the runs pending approval for the now trusted user. But it would also be fragile to maintain because it would need a complete inventory of all the ways a user can become trusted. Or some kind of notification triggered whenever such an event happens, which is not currently in place.

Since this is a rare case and the manual operation is simple, I think the easiest fix consisting of showing the trust panel regardless of the trust status of the user is acceptable.

## Lingering rows in `ActionUser`

If a newly trusted user is explicitly always trusted **after** being implicitly trusted, a row is created in `ActionUser`. But the `Revoke` button will never show, because the user is now implicitly trusted. This leaves a lingering row in the `ActionUser` table. Such a row will be [removed](!9397 (commit e41bcf5048)) eventually and not clutter the table.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- User Interface bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12812): <!--number 12812 --><!--line 0 --><!--description Zml4OiBzaG93IHRoZSBhY3Rpb25zIHRydXN0IG1hbmFnZW1lbnQgcGFuZWwgd2hlbiBydW5zIGZyb20gdHJ1c3RlZCB1c2VycyBhcmUgcGVuZGluZyBhcHByb3ZhbA==-->fix: show the actions trust management panel when runs from trusted users are pending approval<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12812
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
2026-05-30 02:55:17 +02:00
zachhandley
64bce47672 feat(api): expose action job + run logs via REST (#12666)
Closes #11859 🙂

Wanted to be able to grab action logs from my homelab dashboard without juggling session cookies. Two endpoints so scripts and webhooks can pull logs without scraping the rendered UI:

- `GET /repos/{owner}/{repo}/actions/jobs/{job_id}/logs` returns plaintext for a single job's latest task. The underlying reader is `io.ReadSeekCloser`, so passing it through `http.ServeContent` gives you HTTP `Range:` for free.
- `GET /repos/{owner}/{repo}/actions/runs/{run_id}/logs` streams a zip of every job's logs in the run. If a job hasn't started (`TaskID == 0`), its log expired, or opening the log file fails, the zip gets a `.MISSING` placeholder entry rather than bailing on the whole archive.

Both endpoints get `reqToken()` per-route. Logs can have secrets accidentally echoed into them, so I wanted auth required even though the outer `/repos` group's `tokenRequiresScopes(AccessTokenScopeCategoryRepository)` already covers scope.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. (`tests/integration/api_actions_job_logs_test.go`, `tests/integration/api_actions_run_logs_test.go`)
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it. (The new endpoints are covered by the regenerated swagger spec in this PR; `docs/user/api-usage.md` is general auth/usage guidance and doesn't need changes. Happy to open a docs PR if reviewers prefer.)

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Release note added as `release-notes/12666.md`.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12666
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
2026-05-30 01:45:32 +02:00
Renovate Bot
498a64cc0e Update module github.com/go-swagger/go-swagger/cmd/swagger to v0.34.0 (forgejo) (#12803)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12803
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-05-29 23:11:29 +02:00
numen
427457946b feat(api): return created time in /org/{org} endpoint (#12633)
closes #4126

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12633
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-05-28 21:25:41 +02:00
Shiny Nematoda
6f5df4fae6 fix(ui): fix typo in issue sort dropdown; relevance was misnamed as relevency (#12771)
closes #12769

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12771
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
2026-05-28 20:48:25 +02:00
oliverpool
fd283c80b7 feat: add hint to disable the "Enable more" units hint (#12747)
Following the feedback in #12565, this adds a hint to the units page when the "Enable more" hint is enabled:

![image](/attachments/32dac116-9f25-498d-9ef0-8b18b06cfc53)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12747
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-05-27 20:43:47 +02:00
Catherine
0c418d2c0e feat: add /api/v1/actions/run endpoint (#12727)
This endpoint returns the Actions run metadata for the automatic token, making it possible for external services to authenticate a specific workflow run and understand its security context (e.g. whether it is a pull request run and if yes what pull request it is).

The concrete motivating case for this feature is safe pull request preview rendering. Currently, even Forgejo itself ([forgejo/docs](https://codeberg.org/forgejo/docs/src/branch/next/.forgejo/workflows/pr.yml), [forgejo/website](https://codeberg.org/forgejo/website/src/branch/main/.forgejo/workflows/pr.yml)) uses carefully managed `pull_request_target` workflows for this task. The `pull_request_target` workflow type coupled with intentionally cloning the merge head is widely recognized as insecure, including by Forgejo developers. However, right now there is no particularly good replacement for this approach: Forgejo doesn't expose enough metadata to grant an Actions run permissions to update a part of a website, and only that part (by whichever mechanism this would happen).

I am one of the developers of [git-pages](https://codeberg.org/git-pages/git-pages), which is used as the new Codeberg Pages backend. I would like to implement native support for pull request previews that does not rely on carefully written but still fragile workflows that try to hide authorization tokens from untrusted code, but rather recognizes "pull request Actions run" as a unique kind of security context, and allow it to publish to a special "preview zone", segregated by the repository name and PR number. To do this I need to be able to authorize a specific workflow run. Right now there's no reasonable way to do this, but with the new endpoint it becomes trivial: actions/git-pages passes the automatic token to git-pages, git-pages asks Forgejo for metadata then forms an authorized site URL (e.g. `http://<reponame>-<username>-pr-<number>.preview.codeberg.page` though this is not the final format) to which this PR workflow may upload a site.

The API endpoint implemented in this PR has been discussed in the Matrix room and I understood that this change would be uncontroversial, hence I'm sending this PR right away instead of opening a feature request first. It doesn't introduce new response types, only returns an `ActionRun` for the authorization token. The namespaced URL `/api/v1/actions/run` was chosen because there are a number of things one could conceivably want to retrieve (e.g. `/api/v1/actions/job`); this specific endpoint seems by far the most useful though.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [x] I did not document these changes and I do not expect someone else to do it.
  The new API endpint is surfaced in Swagger, which seems sufficient.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12727
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: crystal <crystal@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
2026-05-26 16:03:21 +02:00
0ko
c400a3fac7 chore(i18n): May 2026 maintenence (#12718)
* remove two unused strings I identified while doing other things
* update two strings per request of @mahlzahn while avoiding a whole separate PR for this
* move 126 strings to JSON, some are remapped with a better structure
    * previous migration: forgejo/forgejo!12280

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12718
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
2026-05-25 10:59:49 +02:00
limiting-factor
5c61808014 fix: display the actions trust management panel on merged and closed pull requests (#12704)
It is possible for a user that is not trusted to run Forgejo Actions workflows on a repository to act on a pull request and trigger a workflow after it is merged or closed. For instance by modifying the title of the pull request or setting a label.

Closes forgejo/forgejo#12576

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- User Interface bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12704): <!--number 12704 --><!--line 0 --><!--description ZGlzcGxheSB0aGUgYWN0aW9ucyB0cnVzdCBtYW5hZ2VtZW50IHBhbmVsIG9uIG1lcmdlZCBhbmQgY2xvc2VkIHB1bGwgcmVxdWVzdHM=-->display the actions trust management panel on merged and closed pull requests<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12704
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
2026-05-23 18:21:21 +02:00
Mai-Lapyst
5704b305c1 fix: adds missing AppSubUrl to the webmanifest's location (#12702)
Closes #12251

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12702
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-05-23 16:33:32 +02:00
Mathieu Fenniak
6d522ecba0 feat: add "Forgejo Actions (Local)" authorized integration UI (#12672)
Extracts the separate concepts for different UIs out of the original implementation, and then adds the new UI for Forgejo Actions (Local).  Manual end-to-end testing was performed on all variations of the "workflow file", "git reference", and "event" filter options as well.  They're covered by test automation, but not in an end-to-end manner.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
    - Documentation is next up after this change is complete.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12672
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
2026-05-23 16:26:28 +02:00
B0sh
e49cb9e772 fix: emoji's should not render in inline code blocks in issue lists (#12644)
This fixes #12548. I used the `RenderRefIssueTitle` function so it wouldn't create issue or PR links from #<number> strings.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12644
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
2026-05-22 13:20:42 +02:00
hwipl
1ea5605eae feat: add dynamic group mappings for OIDC (#11656)
Currently, Forgejo supports configuring static group team mappings for
an OIDC authentication source that map OIDC groups to Forgejo
organizations and teams. For example, the following mapping

```json
{"Developer": {"MyForgejoOrganization": ["MyForgejoTeam1", "MyForgejoTeam2"]}}
```

automatically adds a user in the OIDC group `Developer` to the teams
`MyForgejoTeam1` and `MyForgejoTeam2` in organization
`MyForgejoOrganization`.

In order to support more dynamic mappings and to avoid having to update
the mappings for new organizations and teams, add an additional
configuration option that supports mappings with placeholders like in
the following example:

```json
["group-{org}-{team}", "other:{org}/{team}"]
```

In this example, the mappings add a user in OIDC groups
`group-org1-team1`, `group-org2-team2`, and `other:org3/team3` to team
`team1` in organization `org1`, team `team2` in organization `org2`, and
to team `team3` in organization `org3`.

Additionally, this adds a configuration option to dynamically remove
users from organization teams. If enabled, a user is removed from all
teams that are not added via a static or dynamic mapping. Thus, users
are only in teams that are added via such a mapping and no other teams.

Docs: forgejo/docs!1950

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11656
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-05-22 12:38:20 +02:00
Gusted
4131cc4159 ench: use GET for lastcommit route (#12670)
When it was introduced the route did receive for which entries it should get the last commit for. It was refactored in 1e29bccddb to HTMX and now simply gets the last commit for all entries.

In the spirit of using the correct HTTP methods, switch it to GET.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12670
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
2026-05-22 10:40:28 +02:00
0ko
9a2ae75a43 feat(ui): provide ability to add a warning message to the registration/login screens (#12597)
Example for how that would look like on code.forgejo.org:

![img](/attachments/eff849d5-4269-4c26-b742-b525de7709d1)

Login screen examples:

|![1](/attachments/78c23389-7bbd-490d-967a-da87d451c199)|![2](/attachments/c4693cd3-2616-4396-92e3-f22dbe8a0103)|
|-|-|

Many instances would benefit from being able to communicate such information before a user signs up or logs in after a long break.

## Testing

Disabled unless admin explicitly decides to create a template override, nothing to test.

In theory CSS could break but IDK how to test against that given the custom template requirement.

Also need to know that template customizations are provided as-is and shift all accountability of maintaining them to admins.

## Documentation

https://codeberg.org/forgejo/docs/pulls/1945

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12597
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-05-21 06:04:41 +02:00
Mathieu Fenniak
6244e333b1 fix: improve visibility of mismatched repository & package visibility (#12627)
A concern has been raised to the security team that Forgejo users can be confused by the visibility of packages in Forgejo being linked to the owner of the package, and not the repository that a package may be linked to.  While future feature requests may change how package visibility works, an immediately actionable response is to ensure that this is clearer to end-users.

This PR adds a warning on the Settings -> Unit page of a private repository, and the Packages tab of a private repository, if the owner of the repository is public.  It also renames the unit "Enable repository package registry" to "Enable package linking", to better reflect the fact that enabling packages on a repository does not create some repository-level registry.

**Before**:
![image](/attachments/bf304466-e921-482d-9ba0-473e10775d68)

**After**:
![20260518_091806](/attachments/1f9dee3f-5b83-4b30-95f2-6f49eb7b5070)

**On repository's Packages tab**:
![20260518_091821](/attachments/ebb8fad0-0db6-4490-9c13-898876134438)

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12627
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
2026-05-20 20:25:11 +02:00
steven.guiheux
0ef80f6b0f feat: expose access token creation date in API responses (#12620)
## Checklist

Following the previous contribution that added admin-level management of user access tokens (particularly useful for bot/service accounts), this change exposes the created_at field in the API response when listing or retrieving access tokens.

This information is needed to implement token rotation policies for these users — knowing when a token was created allows administrators to identify and revoke stale tokens.

### Tests for Go changes

- I added test coverage for Go changes...
  - [X] in their respective `*_test.go` for unit tests.
  - [X] `make pr-go` before pushing

### Documentation

- [X] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [X] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12620): <!--number 12620 --><!--line 0 --><!--description ZXhwb3NlIGFjY2VzcyB0b2tlbiBjcmVhdGlvbiBkYXRlIGluIEFQSSByZXNwb25zZXM=-->expose access token creation date in API responses<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12620
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
2026-05-20 18:45:38 +02:00
vini sdl
aec047c7b5 fix(ui): fix and simplify org invite template view (#12580)
This fixes #12119 while simplifying the page a bit.

It also drops dependency on `/web_src/css/modules/card.css` module. Only the profile page still relies on it.

As an observation, I find the text "Please click the button below..." quite inadequate as web copy, but I decided to keep it as-is in this pull request.

In the `org.css` changes, I also removed references to two `.organization.invite #invite-box` selectors, since I couldn't find it anywhere in the source code.

Screenshot:
![image](/attachments/07a03b9f-0a69-41ff-b54a-1277783969e3)

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [ ] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12580
Reviewed-by: Antonin Delpeuch <wetneb@noreply.codeberg.org>
2026-05-19 21:17:08 +02:00
Mathieu Fenniak
cd5a1173d5 feat: web UI to delete authorized integration (#12632)
Adds a "Delete" option to the authorized integration list.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12632
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
2026-05-19 17:10:43 +02:00