WIP: DCS main into Gitea Main (for diff)#380
Open
richmahn wants to merge 1399 commits intomain-giteafrom
Open
Conversation
1. Upgrade to [jQuery 4.0](https://blog.jquery.com/2026/01/17/jquery-4-0-0/). Two of the removed APIs are in use by fomantic, but there are [polyfills present](https://github.com/go-gitea/gitea/blob/a3a3e581aa387969ce6410ab54c4775e9023ec40/web_src/fomantic/build/components/dropdown.js#L15-L17) so it continues to work. 2. Remove manual naming of webpack chunks. I was running into below webpack error and I see no reason for this manual chunk naming which is prone to naming collisions. Also, the webpack build now shows all output assets. This change will result in longer asset filenames, but webpack should now be able to guarentee that the names are without collisions. ```` ERROR in SplitChunksPlugin Cache group "defaultVendors" conflicts with existing chunk. Both have the same name "--------" and existing chunk is not a parent of the selected modules. Use a different name for the cache group or make sure that the existing chunk is a parent (e. g. via dependOn). HINT: You can omit "name" to automatically create a name. BREAKING CHANGE: webpack < 5 used to allow to use an entrypoint as splitChunk. This is no longer allowed when the entrypoint is not a parent of the selected modules. Remove this entrypoint and add modules to cache group's 'test' instead. If you need modules to be evaluated on startup, add them to the existing entrypoints (make them arrays). See migration guide of more info. 3. Fix test issue related to `p > div` which is invalid as per HTML spec because `div` is not [phrasing content](https://html.spec.whatwg.org/multipage/dom.html#phrasing-content-2) and therefor can not be a descendant of `p`. This is related to capricorn86/happy-dom#2007. 4. Add webpack globals 5. Remove obsolete docs glob 6. fix security issue for `seroval` package 7. disable [vitest isolate](https://vitest.dev/config/isolate.html) for 30% faster JS tests, which are all pure.
Updates all dependencies in `Makefile`. The go fix was done automatically, I just altered the variable name. --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix #36409 * Fix #36322 * Fix #30101 * Fix #36317 --------- Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
This adds [knip](https://github.com/webpro-nl/knip), a tool to find unused files, dependencies and exports in JS. Fixed all discovered issues. 1. knip apparently has some issue resolving imports from `d.ts` to `.ts` so I worked around it by moving the two affected types to where they are used. 2. I don't know why `modules/fomantic/dropdown.ts` had a new typescript error, but I fixed it. 3. Use named export for `EsbuildPlugin`, I think this was added recently.
For when Enry correctly recognized the language, but returns the language name in a way that isn't recognized by chroma. Resolves go-gitea/gitea#22443 --------- Co-authored-by: Moritz Jörg <moritz.jorg@oceanbox.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fix #20852
Fixes: go-gitea/gitea#36175 1. Correctly apply setting on textareas spawned by comment edit 3. When changing the setting, apply it to all textareas on the current page --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
In Git 2.38, the `merge-tree` command introduced the `--write-tree` option, which works directly on bare repositories. In Git 2.40, a new parameter `--merge-base` introduced so we require Git 2.40 to use the merge tree feature. This option produces the merged tree object ID, allowing us to perform diffs between commits without creating a temporary repository. By avoiding the overhead of setting up and tearing down temporary repos, this approach delivers a notable performance improvement. It also fixes a possible situation that conflict files might be empty but it's a conflict status according to https://git-scm.com/docs/git-merge-tree#_mistakes_to_avoid Replace #35542 --------- Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Followup to go-gitea/gitea@59f812b, enforce using our localStorage wrapper in eslint. Also did a few tweaks in the eslint config, like removing the incomplete list of globals, this is a non-issue with typescript. --------- Signed-off-by: silverwind <me@silverwind.io>
Before: <img width="513" height="55" alt="Screenshot 2026-01-28 at 17 24 50" src="https://github.com/user-attachments/assets/ef28d87a-9a52-4762-9ddc-c3934f5cfc7a" /> After: <img width="509" height="64" alt="Screenshot 2026-01-28 at 17 24 39" src="https://github.com/user-attachments/assets/bc55c828-7813-47be-bef8-23eeb51bd513" />
## Overview This PR updates the Go toolchain version from `1.25.5` to `1.25.6` for the Gitea project. ## Changes ### Toolchain Update - **Go Toolchain**: Updated from `go1.25.5` to `go1.25.6` This is a minor toolchain version bump that ensures the project uses the latest patch release of Go 1.25. ## Security Improvements While this PR primarily addresses the toolchain update, the project maintains a strong security posture through: ### Current Security Measures ```log Vulnerability #1: GO-2026-4342 Excessive CPU consumption when building archive index in archive/zip More info: https://pkg.go.dev/vuln/GO-2026-4342 Standard library Found in: archive/zip@go1.25.5 Fixed in: archive/zip@go1.25.6 Example traces found: #1: modules/packages/nuget/metadata.go:217:25: nuget.ParseNuspecMetaData calls zip.Reader.Open Vulnerability #2: GO-2026-4341 Memory exhaustion in query parameter parsing in net/url More info: https://pkg.go.dev/vuln/GO-2026-4341 Standard library Found in: net/url@go1.25.5 Fixed in: net/url@go1.25.6 Example traces found: #1: modules/storage/minio.go:284:34: storage.MinioStorage.URL calls url.ParseQuery #2: routers/api/v1/repo/action.go:1640:29: repo.DownloadArtifactRaw calls url.URL.Query Vulnerability #3: GO-2026-4340 Handshake messages may be processed at the incorrect encryption level in crypto/tls More info: https://pkg.go.dev/vuln/GO-2026-4340 Standard library Found in: crypto/tls@go1.25.5 Fixed in: crypto/tls@go1.25.6 Example traces found: #1: services/auth/source/ldap/source_search.go:129:25: ldap.dial calls ldap.Conn.StartTLS, which calls tls.Conn.Handshake #2: modules/graceful/server.go:156:14: graceful.Server.Serve calls http.Server.Serve, which eventually calls tls.Conn.HandshakeContext #3: modules/lfs/content_store.go:132:27: lfs.hashingReader.Read calls tls.Conn.Read #4: modules/proxyprotocol/conn.go:91:21: proxyprotocol.Conn.Write calls tls.Conn.Write #5: modules/session/virtual.go:168:39: session.VirtualStore.Release calls couchbase.CouchbaseProvider.Exist, which eventually calls tls.Dial #6: services/auth/source/ldap/source_search.go:120:22: ldap.dial calls ldap.DialTLS, which calls tls.DialWithDialer #7: services/migrations/gogs.go:114:34: migrations.client calls http.Transport.RoundTrip, which eventually calls tls.Dialer.DialContext ``` ## Breaking Changes None expected. This is a minor toolchain patch update.
GITEA_UNIT_TESTS_LOG_SQL is renamed to GITEA_TEST_LOG_SQL
I verified the `.env.local` syntax added in alecthomas/chroma#1197 works as expected.
Fix #36483 In git log/rev-list, the "..." syntax represents the symmetric difference between two references, which is different from the meaning of "..." in git diff (where it implies diffing from the merge base). For listing PR commits, we must use `merge-base..head` to include only the commits introduced by the head branch. Otherwise, commits newly pushed to the base branch would also be included, which is incorrect.
`smtp.mydomain.test` is a real domain that resolves to something and which is being connected to while running tests. Instead, use [.test](https://en.wikipedia.org/wiki/.test) which is guaranteed to never be registered on the internet, so all connections to it will fail with NXDOMAIN dns error.
Fixes: go-gitea/gitea#36488 Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Giteabot <teabot@gitea.io>
Fixes: go-gitea/gitea#35182 Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: silverwind <115237+silverwind@users.noreply.github.com> Co-authored-by: silverwind <me@silverwind.io>
Fixes: go-gitea/gitea#24991 Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: silverwind <115237+silverwind@users.noreply.github.com> Co-authored-by: silverwind <me@silverwind.io>
- Update all JS deps - Enable a few more stylelint stylistic rules and fix issues - Remove knip, it raised another false-positive, this tool is not worth it when you have to babysit it like that - Exclude @eslint/json from updating as it requires unreleased eslint 10 ([ref](eslint/json#207)) - Update labeler config for new eslint filenames - Adjust `make help` output - Add type checking in `stylelint.config.ts`
Add `--concurrency 2` to all ESLint invocations in the Makefile. ESLint v9 supports multi-threaded linting via worker threads. Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com>
This PR migrates the web Actions run/job routes from index-based `runIndex` or `jobIndex` to database IDs. **⚠️ BREAKING⚠️ **: Existing saved links/bookmarks that use the old index-based URLs will no longer resolve after this change. Improvements of this change: - Previously, `jobIndex` depended on list order, making it hard to locate a specific job. Using `jobID` provides stable addressing. - Web routes now align with API, which already use IDs. - Behavior is closer to GitHub, which exposes run/job IDs in URLs. - Provides a cleaner base for future features without relying on list order. - #36388 this PR improves the support for reusable workflows. If a job uses a reusable workflow, it may contain multiple child jobs, which makes relying on job index to locate a job much more complicated --------- Signed-off-by: Zettat123 <zettat123@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Fixes: go-gitea/gitea#36580 Bug is caused by abuse of float layout, convert layout to flex to fix it. There are more float abuses, but this shouldn't cause any other regressions. Before: <img width="939" height="165" alt="Screenshot 2026-02-12 at 06 22 45" src="https://github.com/user-attachments/assets/3e0aea82-d31e-4f4f-97d1-903b9f34de8d" /> After: <img width="961" height="191" alt="image" src="https://github.com/user-attachments/assets/b8fa64dc-594f-46a6-87e4-c20475e7d1e8" /> --------- Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
- Add CLAUDE.md with fork management docs for AI-assisted merges - Add dcs-customizations.md registry of all 127 modified files - Fix all DCS comment marker typos (Customiations, Customizaitons, etc.) - Move struct fields to end of structs in org.go, user.go with block delimiters - Extract 28 template partials into templates/dcs/ reducing inline modifications - Extract route registration into dcs/routes.go (API + web) - Net reduction: 89 insertions, 342 deletions from modified Gitea files Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add `SetDefaultValues()` call to ensure PageSize is bounded, preventing potential excessive memory allocation from unbounded pagination parameters. Fixes CodeQL alert [#188](https://github.com/go-gitea/gitea/security/code-scanning/188). All other 49 open alerts were false-positives and are dismissed with appropriate comments. Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com>
Brings all DCS (Door43 Content Service) customizations into a fresh main branch based on upstream/main. Includes: - Door43Metadata models, services, and API endpoints - Catalog search and management system - Healthcheck dashboard and validation - Scripture Burrito archive support - DCS template partials extracted to templates/dcs/ - DCS route registration extracted to routers/*/dcs/routes.go - CLAUDE.md and dcs-customizations.md for AI-assisted merge docs - Compilation fixes for upstream API changes (markup.Renderer, git command builder API, repo_model.ArchiveType, int64 pagination) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace the `@github/relative-time-element` npm dependency with a vendored, simplified implementation. - Support 24h format rendering [PR 329](github/relative-time-element#329) - Enable `::selection` styling in Firefox [PR 341](github/relative-time-element#341) - Remove timezone from tooltips (It's always local timezone) - Clean up previous `title` workaround in tippy - Remove unused features - Use native `Intl.DurationFormat` with fallback for older browsers, remove dead polyfill - Add MIT license header to vendored file - Add unit tests - Add dedicated devtest page for all component variants --------- Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude claude-opus-4-6 20250630 <noreply@anthropic.com>
Fix missing apostrophes in contractions across multiple source files. Changes: - `doesnt` -> `doesn't` in `routers/api/v1/repo/git_ref.go` (2 occurrences) - `dont` -> `don't` in `models/activities/notification_list.go`, `modules/indexer/code/bleve/token/path/path.go`, `routers/api/v1/repo/release.go`, `services/migrations/gitea_downloader.go`, `services/repository/contributors_graph.go` - `wont` -> `won't` in `routers/api/v1/repo/issue_subscription.go`, `models/issues/label_test.go` Ref: #35015 (good first issues - improve English) --------- Co-authored-by: majianhan <majianhan@kylinos.cn> Co-authored-by: silverwind <me@silverwind.io>
Frontport #36885 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Enable swagger-ui's dark mode support added in swagger-api/swagger-ui#10653. Background colors match gitea, link colors match swagger-ui. Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com>
This PR adds per-runner disable/enable support for Gitea Actions so a registered runner can be paused from picking up new jobs without unregistering. Disabled runners stay registered and online but are excluded from new task assignment; running tasks are allowed to finish. Re-enabling restores pickup, and runner list/get responses now expose disabled state. Also added an endpoint for testing http://localhost:3000/devtest/runner-edit/enable <img width="1509" height="701" alt="Bildschirmfoto 2026-02-27 um 22 13 24" src="https://github.com/user-attachments/assets/5328eda9-e59c-46b6-b398-f436e50ee3da" /> Fixes: go-gitea/gitea#36767
…869) Replace the fomantic search.css (520 lines) and modal.css (698 lines) with minimal first-party modules containing only the rules actually used. Hardcoded colors are replaced with theme variables, and the base.css overrides are merged directly into the new modules. With this change, all original Fomantic CSS is now gone. **search.css**: 520 → 85 lines **modal.css**: 698 → 329 lines Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com>
Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action. ``` Flake lock file updates: • Updated input 'nixpkgs': 'github:nixos/nixpkgs/aca4d95' (2026-03-06) → 'github:nixos/nixpkgs/c06b4ae' (2026-03-13) ``` Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.