Forgejo CI is currently failing due to changes in debian testing packaging that are not compatible with installing `git` from testing onto a bookworm system (https://codeberg.org/forgejo/forgejo/actions/runs/147815/jobs/2/attempt/1#jobstep-3-144).
Where `git` was being installed from testing it is replaced with just using trixie's `git 2.47.3`. Where `git-lfs` was being installed, it's been inlined with a simple `update` and `install`.
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11801
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [https://data.forgejo.org/actions/setup-forgejo](https://code.forgejo.org/actions/setup-forgejo) | action | patch | `v3.1.6` → `v3.1.7` |
---
### Release Notes
<details>
<summary>actions/setup-forgejo (https://data.forgejo.org/actions/setup-forgejo)</summary>
### [`v3.1.7`](https://code.forgejo.org/actions/setup-forgejo/releases/tag/v3.1.7)
[Compare Source](https://code.forgejo.org/actions/setup-forgejo/compare/v3.1.6...v3.1.7)
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/actions/setup-forgejo-->
- other
- [PR](https://code.forgejo.org/actions/setup-forgejo/pulls/908): <!--number 908 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9ydW5uZXIgdG8gdjEyLjcuMQ==-->Update dependency forgejo/runner to v12.7.1<!--description-->
<!--end release-notes-assistant-->
</details>
---
### Configuration
📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41Mi4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTIuMCIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11559
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
This reverts commit 9f3ab71647.
cascade-setup-end-to-end no longer works after this was merged: https://codeberg.org/forgejo/forgejo/actions/runs/140733/jobs/0/attempt/2
```
/var/run/act/actions/69/9e734ffd2a2ec8ed9c2f818ed272523f52007304147edf2d7efae8d6e0c3a5/cascading-pr.sh:26: repo_curl: forgejo-curl.sh api_json https://codeberg.org/api/v1/repos/forgejo/forgejo/pulls/11401
curl: option -H: error encountered when reading a file
curl: try 'curl --help' or 'curl --manual' for more information
/var/run/act/actions/69/9e734ffd2a2ec8ed9c2f818ed272523f52007304147edf2d7efae8d6e0c3a5/cascading-pr.sh:1: pr_get_origin: rm -fr /tmp/tmp.nZPEP759PH
fail /var/run/act/actions/69/9e734ffd2a2ec8ed9c2f818ed272523f52007304147edf2d7efae8d6e0c3a5/cascading-pr.sh
```
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11406
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
This is to have a simple and consistent make target for developers to locally run the checks which the CI will also run. The goal is to avoid wasting review cycles on CI failures.
To have a single source of truth, the CI is adjusted to call the same make target. Additional checks should no longer be added to the CI workflow, but rather to the makefile.
The pull request template is adjusted to remind of running this make target.
CI output is improved by using a simple bash script which uses sed to add `##[group]` tags to "make --debug=b" output and filter out messages which usually do not contribute to understanding. While this approach has limits and depends on the specific debug output format of GNU make, it avoids adjusting the makefile itself for additional CI beautification, contributing to maintainability.
- no tests needed (this is purely a build change)
- docs: hint added to PR template
- no release notes needed
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11053
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Nils Goroll <nils.goroll@uplex.de>
Co-committed-by: Nils Goroll <nils.goroll@uplex.de>
Adds a CI check which detects any usage of xorm's `Sync` method that doesn't include `IgnoreDropIndices: true`, and causes an error.
`semgrep` is a semantic grep tool that allows for the relatively easy authoring of linting tools that are customized to a project's specific needs, rather than generic like `golangci` and related tools. Although `semgrep` offers a suite of out-of-the-box rules (and a paid set of rules), neither of those are used here -- only one Forgejo-specific rule is added in `.semgrep/xorm.yaml`.
My intent with this change is to introduce the idea and infrastructure of `semgrep` with a single minimal rule. Once in-place, this will become a tool that we can use when we recognize bad coding patterns and wish to correct them permanently, rather than relying on human code review. While generic linting tools do this well for general patterns, this will allow Forgejo to apply domain-specific checks. For example, in #11112, an error indicates that it might be appropriate for us to always use `.StorageEngine("InnoDB")` when using an xorm engine -- if we made that determination, it could be cemented in-place with a `semgrep` rule relatively easily.
This specific rule looks for any access for xorm's `Sync` or `SyncWithOptions` methods on the `*xorm.Engine` or `*xorm.Session`. They are then considered errors if they don't include `IgnoreDropIndices: true`. This is *typically* correct and safe, but can also be ignored when specifically needed. In the `.semgrep/tests` folder, test code is added which validates that the `semgrep` rule matches the expected patterns; this self-test is run before `semgrep` runs on the PR in CI.
As a demonstration, when `IgnoreDropIndices` is removed from a migration, here's an error: https://codeberg.org/forgejo/forgejo/actions/runs/135750/jobs/12/attempt/1
```
models/forgejo_migrations/v14b_add-action_run-preexecutionerrorcode.go
❯❯❱ semgrep.xorm-sync-missing-ignore-drop-indices
xorm Sync operation may drop indices if used on an incomplete bean definition for an existing table.
Use SyncWithOptions with IgnoreDropIndices: true instead.
22┆ _, err := x.SyncWithOptions(xorm.SyncOptions{}, new(ActionRun))
```
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [ ] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.
*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*
The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11142
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [https://data.forgejo.org/actions/setup-forgejo](https://code.forgejo.org/actions/setup-forgejo) | action | patch | `v3.1.3` → `v3.1.4` |
---
### Release Notes
<details>
<summary>actions/setup-forgejo (https://data.forgejo.org/actions/setup-forgejo)</summary>
### [`v3.1.4`](https://code.forgejo.org/actions/setup-forgejo/releases/tag/v3.1.4)
[Compare Source](https://code.forgejo.org/actions/setup-forgejo/compare/v3.1.3...v3.1.4)
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/actions/setup-forgejo-->
- other
- [PR](https://code.forgejo.org/actions/setup-forgejo/pulls/869): <!--number 869 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9ydW5uZXIgdG8gdjEyLjYuMw==-->Update dependency forgejo/runner to v12.6.3<!--description-->
- [PR](https://code.forgejo.org/actions/setup-forgejo/pulls/863): <!--number 863 --><!--line 0 --><!--description VXBkYXRlIGRhdGEuZm9yZ2Vqby5vcmcvb2NpL2FscGluZSBEb2NrZXIgdGFnIHRvIHYzLjIz-->Update data.forgejo.org/oci/alpine Docker tag to v3.23<!--description-->
- [PR](https://code.forgejo.org/actions/setup-forgejo/pulls/849): <!--number 849 --><!--line 0 --><!--description UmVwbGFjZSBjb2RlLmZvcmdlam8ub3JnL29jaS9kZWJpYW4gRG9ja2VyIHRhZyB3aXRoIGRhdGEuZm9yZ2Vqby5vcmcvb2NpL2RlYmlhbg==-->Replace code.forgejo.org/oci/debian Docker tag with data.forgejo.org/oci/debian<!--description-->
- [PR](https://code.forgejo.org/actions/setup-forgejo/pulls/848): <!--number 848 --><!--line 0 --><!--description UmVwbGFjZSBjb2RlLmZvcmdlam8ub3JnL29jaS9hbHBpbmUgRG9ja2VyIHRhZyB3aXRoIGRhdGEuZm9yZ2Vqby5vcmcvb2NpL2FscGluZQ==-->Replace code.forgejo.org/oci/alpine Docker tag with data.forgejo.org/oci/alpine<!--description-->
<!--end release-notes-assistant-->
</details>
---
### Configuration
📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45My4xIiwidXBkYXRlZEluVmVyIjoiNDIuOTMuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11104
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [https://data.forgejo.org/actions/cache](https://github.com/actions/cache) | action | patch | `v5.0.2` → `v5.0.3` |
---
### Release Notes
<details>
<summary>actions/cache (https://data.forgejo.org/actions/cache)</summary>
### [`v5.0.3`](https://github.com/actions/cache/releases/tag/v5.0.3)
[Compare Source](https://github.com/actions/cache/compare/v5.0.2...v5.0.3)
##### What's Changed
- Bump `@actions/cache` to v5.0.5 (Resolves: <https://github.com/actions/cache/security/dependabot/33>)
- Bump `@actions/core` to v2.0.3
**Full Changelog**: <https://github.com/actions/cache/compare/v5...v5.0.3>
</details>
---
### Configuration
📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45My4xIiwidXBkYXRlZEluVmVyIjoiNDIuOTMuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11103
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
* Separate documentation about the workflow for better attention. I could imagine that it was not read by everyone, since it was after the trivial 'Please write in English' instructions.
* Improve explanations about the workflow, expectations and next steps.
* Explicitly mark the Enhancement template to be mostly for contributors.
* Disable blank issues. I could not really identify any recent usage of it that was legitimate.
* Improve instructions about which details to share about the own Forgejo usage.
* Explicitly state in the enhancement template that only issue references should go in there, not noise.
* Create a placeholder in problem template to add references to potential solutions later.
I hope this resolves some of the issues observed with the new workflow and improves the quality of submitted reports. Also addresses the feedback already received in https://codeberg.org/forgejo/user-research/issues/71
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10847
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Otto Richter <otto@codeberg.org>
Co-committed-by: Otto Richter <otto@codeberg.org>
- No need to use http when https is available.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10692
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
