2.7.0

2.7.0 - 2024-07-18

❤️ Thanks to all contributors! ❤️

@6543, @anbraten, @dvjn, @hhamalai, @lafriks, @pat-s, @qwerty287, @smainz, @tongjicoder, @zc-devs

❤️ Special thanks the security researchers and those who fixed them ❤️

• Daniel Kilimnik @D_K_Dev (Neodyme AG) reporting the bugs and orchestrating the communication
• Felipe Custodio Romero @localo (Neodyme AG) finding the bugs
• @6543 fixing the bugs and orchestrating the communication

🔒 Security

• Add blocklist of environment variables who could alter execution of plugins [#3934]
• Make sure plugins only mount the workspace base in a predefinde location [#3933]
• Disallow to set arbitrary environments for plugins [#3909]
• Use proper oauth state [#3847]
• Enhance token checking [#3842]
• Bump github.com/hashicorp/go-retryablehttp v0.7.5 -> v0.7.7 [#3834]

✨ Features

• Gracefully shutdown server [#3896]
• Gracefully shutdown agent [#3895]
• Convert urls in logs to links [#3904]
• Allow login using multiple forges [#3822]
• Global and organization registries [#1672]
• Cli get repo from git remote [#3830]
• Add api for forges [#3733]

📈 Enhancement

• Cli fix pipeline logs [#3913]
• Migrate to github.com/urfave/cli/v3 [#2951]
• Allow to change the working directory also for plugins and services [#3914]
• Remove unplugin-icons [#3809]
• Release windows binaries as zip file [#3906]
• Convert to openapi 3.0 [#3897]
• Add user registries UI [#3888]
• Sort users by login [#3891]
• Exclude dummy backend in production [#3877]
• Fix deploy task env [#3878]
• Get default branch and show message in pipeline list [#3867]
• Add timestamp for last work done by agent [#3844]
• Adjust logger types [#3859]
• Cleanup state reporting [#3850]
• Unify DB tables/columns [#3806]
• Let webhook pass on pipeline parsing error [#3829]
• Exclude mocks from release build [#3831]
• K8s secrets reference from step [#3655]

🐛 Bug Fixes

• Handle empty repositories in gitea when listing PRs [#3925]
• Update alpine package dep for docker images [#3917]
• Don't report error if agent was terminated gracefully [#3894]
• Let agents continuously report their health [#3893]
• Ignore warnings for cli exec [#3868]
• Correct favicon states [#3832]
• Cleanup of the login flow and tests [#3810]
• Fix newlines in logs [#3808]
• Fix authentication error handling [#3807]

📚 Documentation

• Streamline docs for new users [#3803]
• Add mastodon verification [#3843]
• chore(deps): update docs npm deps non-major [#3837]
• fix(deps): update docs npm deps non-major [#3824]
• Add openSUSE package [#3800]
• chore(deps): update docs npm deps non-major [#3798]
• Add "Docker Tags" Plugin [#3796]
• chore(deps): update dependency marked to v13 [#3792]
• chore: fix some comments [#3788]

Misc

• chore(deps): update web npm deps non-major [#3930]
• chore(deps): update dependency vitest to v2 [#3905]
• fix(deps): update module github.com/google/go-github/v62 to v63 [#3910]
• chore(deps): update docker.io/woodpeckerci/plugin-docker-buildx docker tag to v4.1.0 [#3908]
• Update plugin-git and add renovate trigger [#3901]
• chore(deps): update docker.io/mstruebing/editorconfig-checker docker tag to v3.0.3 [#3903]
• fix(deps): update golang-packages [#3875]
• chore(deps): lock file maintenance [#3876]
• [pre-commit.ci] pre-commit autoupdate [#3862]
• Add dummy backend [#3820]
• chore(deps): update dependency replace-in-file to v8 [#3852]
• Update forgejo sdk [#3840]
• chore(deps): lock file maintenance [#3838]
• Allow to set dist dir using env var [#3814]
• chore(deps): lock file maintenance [#3805]
• chore(deps): update docker.io/lycheeverse/lychee docker tag to v0.15.1 [#3797]