671 Commits

Author	SHA1	Message	Date
Jonathan Miller	1caf26453f	feat: issue metadata API + org wiki tab with internal/external mode ... Issue Status/Priority/Type API: - Expose status_id, priority_id, type_id (with resolved names) on Issue API struct - New endpoints: GET /orgs/{org}/issue-statuses, /issue-priorities, /issue-types - CreateIssue and EditIssue handlers accept status_id, priority_id, type_id - MCP tools: 5 new tools + updated create/update with metadata params Org Wiki Tab: - Convention repos: wiki (public) and wiki-private (members-only) - Inline wiki rendering with markdown pipeline, sidebar, footer, page list - Public/private view dropdown (same UX as org profile README selector) - External wiki mode: link to outside URL from wiki tab - Wiki mode setting in org settings (internal vs external with URL field) - Migration 354: add wiki_mode and wiki_url to user table	2026-06-09 10:20:54 -05:00
Jonathan Miller	c26ad626bd	feat(manifest): add distribution metadata fields (phase 1 consolidation) ... Add DisplayName, Maintainer, MaintainerURL, InfoURL, TargetVersion, and PHPMinimum to RepoManifest. These fields were previously only in UpdateStreamConfig and are now in the manifest as the single source of truth. Distribution section shown conditionally for joomla/wordpress/ dolibarr platforms. Closes #582 phase 1.	2026-06-07 13:36:58 -05:00
jmiller	f86527994b	Merge pull request 'fix(manifest): fix template end mismatch in Joomla settings block' (#575) from fix/manifest-template-end into dev	2026-06-07 17:51:45 +00:00
Jonathan Miller	c016c603b4	fix(manifest): fix template end mismatch in Joomla settings block	2026-06-07 12:51:20 -05:00
Jonathan Miller	aae7b65329	fix(manifest): sync version_prefix + element_name, rename moko-platform everywhere ... - manifest_sync.go: add VersionPrefix and ElementName to XML parse and DB sync - deploy workflow: use manifest API for version prefix instead of hardcoded sed - pre-release workflow: rename moko-platform paths to mokoplatform - All workflow headers: rename moko-platform references - manifest.xml: update root element to mokoplatform, add version-prefix field - Server: symlink /opt/mokoplatform -> /opt/moko-platform for compatibility	2026-06-07 12:36:43 -05:00
Jonathan Miller	09aa8d8201	feat(manifest): add version prefix + fix platform dropdown values ... - Add version_prefix field for fork versioning (e.g., v1.26.1-moko.) - Change platform dropdown from programming languages to deployment targets (Joomla, Dolibarr, WordPress, Generic, etc.) so template repos can be mapped to platforms - Available in settings UI and REST API	2026-06-07 12:24:07 -05:00
Jonathan Miller	33ebcd7726	feat(manifest): add version prefix + fix platform dropdown values ... - Add version_prefix field for fork versioning (e.g., v1.26.1-moko.) - Change platform dropdown from programming languages to deployment targets (Joomla, Dolibarr, WordPress, Generic, etc.) so template repos can be mapped to platforms - Available in settings UI and REST API	2026-06-07 12:11:24 -05:00
Jonathan Miller	37d59e7b59	feat(cdn): built-in CDN for release asset delivery (#561) ... Add CDN system that serves release assets via a dedicated hostname (e.g., cdn.mokoconsulting.tech) with per-asset public/private toggles, IP/referrer allowlists, and aggressive caching headers. - Host-based routing intercepts CDN domain before auth middleware - Per-attachment cdn_public flag controls CDN visibility - Releases in an update stream are excluded from CDN (update server takes precedence) - CORS, ETag, Cache-Control headers for downstream CDN compatibility - IP/CIDR and referrer domain allowlists for abuse prevention	2026-06-07 11:07:30 -05:00
Jonathan Miller	dd1454c3cf	feat(issues): first-class Type field + status/priority/type badges in issue list ... - IssueTypeDef model with auto-seed defaults (Bug, Feature, Enhancement, Task, Documentation, Security) - Migration v350 adding issue_type_def table + type_id on issues - Type dropdown in issue sidebar - Type, Priority, Status colored badges in issue list view - Status/Priority/Type definitions loaded in issue list handler	2026-06-06 17:12:44 -05:00
Jonathan Miller	f7c1904625	feat(security): built-in security scanning platform (#508) ... Add a pluggable security scanning framework with secret detection as the first scanner module. Scans run on push to default branch and on-demand via the Security settings page. Includes: - Scanner interface for pluggable scanner types - Secret scanner with 15 built-in patterns (AWS, GitHub, Stripe, etc.) - SecurityAlert model with fingerprint-based dedup - SecurityScannerConfig per-repo settings - Migration v349 for security tables - Repo settings Security page with alerts table - Scan Now button for on-demand scanning - Alert resolve/dismiss actions - Push-time scanning in post-receive hook	2026-06-06 16:23:08 -05:00
Jonathan Miller	55c2f81c58	feat(issues): org-level priority field with customizable levels (#509) ... Add org-level issue priority definitions that appear in the issue sidebar. Each priority has a name, color, sort order, and optional default flag. Follows the same architecture as custom statuses (#502). Includes: - IssuePriorityDef model with CRUD operations - Migration v348 adding issue_priority_def table + priority_id on issues - Org settings UI for managing priorities - Issue sidebar dropdown for selecting priority Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-06 11:52:44 -05:00
Jonathan Miller	3aaa7c0843	feat(settings): repo manifest settings with auto-migration and API (#315) ... Add a "Manifest" page in repo settings that stores moko-platform manifest fields (identity, governance, build) in the database. Includes: - RepoManifest model with all manifest.xml fields - Migration v347 adding repo_manifest table - Auto-detect and migrate .mokogitea/manifest.xml on first settings visit - Repo settings UI with Identity/Governance/Build sections - REST API: GET/PUT /api/v1/repos/{owner}/{repo}/manifest for Actions workflows and moko-platform CLI Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-06 09:02:23 -05:00
Jonathan Miller	c568e199ed	feat(issues): custom status definitions with automated actions (#502) ... Add org-level custom issue status definitions that appear in the issue sidebar. Each status has a name, color, description, and an optional "closes issue" flag that automatically closes/reopens the issue when the status is selected. Includes: - IssueStatusDef model with CRUD operations - Migration v346 adding issue_status_def table + status_id on issues - Org settings UI for managing statuses - Issue sidebar dropdown for selecting status - Auto close/reopen when status has closes_issue flag Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-06 08:24:44 -05:00
Jonathan Miller	3aec6c2cae	fix(migration): set issue_id default to 0 for new custom_field_value inserts ... The old issue_id column has NOT NULL without a default, causing inserts via the new entity_id-based API to fail. Migration now ALTERs the column to DEFAULT 0. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 19:51:56 -05:00
Jonathan Miller	6bd9548b2a	feat(custom-fields): move to org-level definitions with issue and repo scopes ... - CustomFieldDef now has owner_id (org) and scope (issue/repo) - Issue sidebar loads fields by org owner_id, not repo_id - Org Settings > Custom Fields page for managing field definitions - Repo Settings > Metadata page for filling in repo-scoped values - Migration v345 adds owner_id, scope, entity_id, entity_type columns - Per-repo custom field management replaced by org-level - Replaces .mokogitea/manifest.xml with database-backed metadata Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 19:11:22 -05:00
Jonathan Miller	e4ea1303ea	feat(licenses): add domain restriction to packages and key generation ... - Add DomainRestriction field to LicensePackage model with migration - Packages can define default allowed domains (comma-separated) - Key generation form now includes licensee name, email, and domain fields in a proper modal instead of a tiny inline form - Keys inherit domain restriction from their package if not overridden - Package create/edit forms include domain restriction input - Domain enforcement already exists in heartbeat validation Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 09:05:44 -05:00
Jonathan Miller	c15582aa64	fix(build): remove stale custom field API routes, structs, and migration ... Comment out custom-fields API routes in api.go that referenced handler functions from the deleted routers/api/v1/repo/custom_field.go. Remove the unreferenced modules/structs/custom_field.go and the duplicate v1_25/v323 migration (superseded by v1_27/v343). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 07:26:16 -05:00
Jonathan Miller	c7d8f6066f	feat(issues): custom fields foundation — model, migration, settings UI (#8) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 06:46:33 -05:00
Jonathan Miller	e2c738a8d8	feat(repos): three-level visibility — Public, Private, Hidden ... Add IsHidden field to Repository model. Three visibility modes: - Public: visible to everyone (green label) - Private: members only, non-members see 403 Access Denied (orange) - Hidden: members only, non-members see 404 Not Found (red) Private mode is for commercial repos — customers know the repo exists and see a styled 403 page with sign-in button. Licensed update feeds and key-gated downloads still work. Hidden mode is for internal/secret repos — complete stealth, as if the repo doesn't exist. Settings UI: radio button selector in danger zone replaces the old binary toggle. Each option shows a colored label with description. Migration v342: adds is_hidden column to repository table. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 13:42:25 -05:00
Jonathan Miller	eca929f680	feat(licenses): configurable key prefix (#406), header button (#408), open feed button (#409) ... #406: Add KeyPrefix field to UpdateStreamConfig. GenerateKeyString now accepts a prefix parameter, looked up from org config. Default remains MOKO if not set. Auto-uppercased, max 20 chars. #408: Move "New Package" button into the packages header bar, right-aligned. Uses details/summary pattern — clicking the button expands the create form below. Cleaner layout on both repo and org. #409: Add open-in-new-tab button (external link icon) next to every copy button on feed URLs. All four feeds: Joomla XML, Dolibarr JSON, WordPress JSON, Changelog XML. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 08:51:55 -05:00
Jonathan Miller	de52ad0fbc	fix(build): permanent fixes for recurring build errors ... - AI migration 339: replaced with noopMigration placeholder - feed/file.go: add missing comma in struct literal - license_key.go: remove unused org_model import These were being applied as server-side hotfixes on every deploy. Now committed to dev so they persist through merges. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 08:34:14 -05:00
Jonathan Miller	2799558040	feat(orgs): enterprise sub-org hierarchy with parent-child relationships (#410) ... Add ParentOrgID field to User model for org hierarchy. Parent orgs can have child orgs, enabling enterprise structures like MokoConsulting → client orgs. Model changes: - ParentOrgID int64 on User (INDEX, DEFAULT 0) - GetChildOrgs, GetAncestorOrgIDs, GetParentOrg helpers - Max 10 hierarchy levels with cycle detection License integration: - ListLicensePackagesWithAncestors — shows packages from parent orgs - ListLicenseKeysWithAncestors — shows keys from parent orgs - SearchLicenseKeysWithAncestors — searches across hierarchy - Master keys from parent orgs validate for child org repos UI: - Parent org dropdown in org settings (owners/admins only) - Shows all orgs user owns except self Migration v341: adds parent_org_id column to user table. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 08:14:08 -05:00
Jonathan Miller	37322e4212	feat(updates): manual release-to-stream mapping ... Add release_stream_map table for explicitly assigning releases to update streams. When a mapping exists, it overrides automatic tag detection. When absent, falls back to tag name/suffix matching. New model: ReleaseStreamMap with SetReleaseStream, GetReleaseStream, ResolveReleaseStream (manual first, auto fallback). UI: stream selector dropdown on release create/edit page, shown when licensing is enabled. Options: auto-detect (default) or any configured stream (stable, release-candidate, beta, etc.). All three feed generators (Joomla, Dolibarr, WordPress) now use ResolveReleaseStream instead of MatchStreamFromTag. Migration v340 updated with release_stream_map table creation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 07:37:02 -05:00
Jonathan Miller	3e31b662a6	fix(licenses): remove UNIQUE constraint on PaymentRef, use tw-max-w-lg ... PaymentRef UNIQUE constraint causes Error 1062 when creating keys without a payment reference — empty strings collide. Remove the DB constraint; idempotency is enforced in code via GetLicenseKeyByPaymentRef which already filters empty strings. Also replace inline style with tw-max-w-lg class on search box. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 07:12:13 -05:00
Jonathan Miller	a149edccd3	feat(licenses): feed visibility modes and login-required releases ... Add FeedVisibility field to UpdateStreamConfig with three modes: - public: full feed with download URLs (default) - no-download: version info visible but download URLs stripped - hidden: empty feed returned without a valid license key The "no-download" mode is the key commercial pattern — customers see updates exist (motivating purchase/renewal) but cannot download without a valid key. Joomla shows "update available" in admin. Applied consistently across all update feed endpoints (Joomla XML, Dolibarr JSON, WordPress JSON) via the shared validateUpdateKey() which now returns a stripDownloads flag. Also: when licensing is enabled, the release listing page requires login. Anonymous users are redirected to the login page. This prevents browsing release notes and download links without auth. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 06:38:09 -05:00
Jonathan Miller	53a5d0b97b	feat(licenses): domain lock timer, infourl fix, Akeeba-compatible XML format ... Domain lock timer: add DomainLockHours to LicensePackage and FirstUsedUnix to LicenseKey. During the grace period after first use, any domain is accepted and auto-added to the restriction list. After the grace period, only listed domains are allowed. Set 0 for immediate lock-on-first-use (default). Fix infourl: default to /releases listing page instead of specific tag page. Falls back to SupportURL or InfoURL if configured. Match Akeeba Backup Pro XML format: downloadkey prefix is "dlid=" (not "&dlid="), matching how Joomla stores extra_query. Verified against production Akeeba/JCE/AdminTools manifests via SSH. Update migration v340 with FirstUsedUnix and DomainLockHours columns. Add DomainLockHours field to create/edit package forms for both repo and org levels with help text. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-01 05:00:50 -05:00
Jonathan Miller	448b7d3ab0	feat(licenses): archive, search, download gating, changelog XML, and expanded permissions ... Migration v340: sync all missing columns (key_raw, payment_ref, last_heartbeat_unix, is_archived, licensing_enabled, download_gating, support_url, and all extension metadata fields). Package archiving (#384): add IsArchived field with archive/unarchive handlers and collapsible "Archived Packages" section in templates. Existing keys from archived packages continue to work. Expanded delete permissions (#385): org owners and site admins can permanently delete packages and keys (previously site admin only). Search (#392): server-side search across key_prefix, key_raw, licensee_name, licensee_email, domain_restriction, and payment_ref via ?q= query parameter on both repo and org licenses pages. Sortable tables (#390): Fomantic UI sortable class on keys table with new Domain column showing DomainRestriction per key. Download gating (#347): three modes — none, prerelease-only, and all downloads. CheckDownloadGating() intercepts both release attachment and git archive download handlers. Support URL (#393): configurable SupportURL field on UpdateStreamConfig for wiki or external site links. Changelog XML (#343): ServeChangelogXML endpoint at /changelog.xml generates Joomla-compatible changelog from release notes. Parses Keep-a-Changelog markdown sections into <security>, <fix>, <addition>, <change>, <remove>, <note> XML elements. API renew (#387): POST /license-keys/{id}/renew endpoint extends key expiration by package duration. Closes #384, #385, #386, #387, #389, #390, #392, #393 Refs #343, #346, #347 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-01 04:45:20 -05:00
Jonathan Miller	9a5720e8ad	chore: rename Go module from git. to code.mokoconsulting.tech (#336) ... Full namespace migration: update the Go module path and all import statements from git.mokoconsulting.tech to code.mokoconsulting.tech. Also updates all URL references in templates, workflows, configs, tests, and documentation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-31 10:28:25 -05:00
Jonathan Miller	3a5ca580db	feat(updates): per-repo platform, require-key, platform-aware buttons ... - Repo settings: platform dropdown (Joomla/Dolibarr/Both) + require key - Releases page buttons change based on platform setting - Update feed enforces require-key (empty response without valid key) - key_plain column stores full key for copy functionality - DB migrations v337 (key_plain) + v338 (platform, require_key) Ref #239 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-30 22:55:55 -05:00
Jonathan Miller	a88e3f8787	feat(updates): org-level default streams with per-repo override ... Add configurable update streams at org and repo level: - UpdateStreamConfig model: stores stream mode (joomla/custom) and custom stream definitions (name, suffix, description) - Resolution chain: repo override → org default → Joomla defaults - MatchStreamFromTag: matches release tags to streams using configured suffixes (longest match wins) - Both Joomla XML and Dolibarr JSON generators use effective streams - DB migration v336 creates update_stream_config table - Default Joomla streams: stable, release-candidate, beta, alpha, development - Custom streams support any tag suffix (e.g. -lts, -nightly, -security) Ref #265 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-30 20:49:46 -05:00
Jonathan Miller	627a22ee53	feat(updates): license key system and Dolibarr endpoint (Phase 2-3) ... Add license key data model and Dolibarr update feed endpoint: License key system: - license_package table: subscription tiers with duration, max sites, repo scope (org-wide or specific repos), and allowed update channels - license_key table: individual keys with SHA-256 hashed storage, domain restriction, custom start/end dates, internal/master key flag - license_key_usage table: tracks update check activity per key - DB migration v335 creates all three tables Update server enhancements: - Dolibarr JSON endpoint at /{owner}/{repo}/updates/dolibarr.json - License key validation on update endpoints via ?key=MOKO-XXXX param - Channel filtering: packages restrict which update streams keys access - Invalid keys get empty XML response (Joomla-compatible "no updates") - Usage tracking records domain, IP, user agent, version on each check Key design decisions: - Org-level master keys: IsInternal=true, package RepoScope="all" - Keys stored as SHA-256 hashes, raw key only shown at creation - Packages define allowed channels (e.g. ["stable","rc"] for Pro tier) - MOKO-XXXX-XXXX-XXXX-XXXX format for license keys Ref #239 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-30 13:09:47 -05:00
Jonathan Miller	d4824dc05b	feat(actions): rebrand actions bot user and add branch protection whitelist ... Rebrand the built-in actions bot user from upstream Gitea naming to MokoGitea branding: - Name: gitea-actions → mokogitea-actions - FullName: Gitea Actions → MokoGitea Actions - Email: teabot@gitea.io → mokogitea-actions[bot]@mokoconsulting.tech Add backward-compatible name recognition so all three bot name variants (mokogitea-actions, gitea-actions, github-actions) with optional [bot] suffix resolve to the same system user. Add WhitelistActionsUser, MergeWhitelistActionsUser, and ForcePushAllowlistActionsUser toggles to branch protection rules, allowing CI/CD workflows to push to protected branches when explicitly enabled. Previously the actions bot (virtual user ID -2) could never be added to whitelist because updateUserWhitelist() only validates real database users. Closes #233 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-30 10:37:43 -05:00
Jonathan Miller	1032ae4268	feat: organization-level 2FA requirement for members (#208) ... Adds a Require2FA toggle to organization settings. When enabled, org members without 2FA are redirected to the security settings page with a warning flash message. Changes: - New Require2FA field on User model (migration v333) - Org settings UI checkbox with shield-lock icon - Check2FARequirement middleware on member-required org routes - UpdateOptions extended with Require2FA field Closes #208 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-26 13:11:15 -05:00
Jonathan Miller	c572fcfe04	chore(core): rename Go module from code.gitea.io/gitea to MokoGitea namespace ... Rename the Go module path from code.gitea.io/gitea to git.mokoconsulting.tech/MokoConsulting/MokoGitea across the entire codebase. Scope: - go.mod module declaration - 2,235 Go source files (import paths) - Dockerfile WORKDIR and COPY paths - Swagger API templates - golangci.yml linter config External dependencies (code.gitea.io/gitea-vet, code.gitea.io/sdk/gitea, gitea.com/gitea/act, etc.) are intentionally NOT renamed — they are separate upstream modules. Closes #132 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-25 00:22:38 -05:00
Jonathan Miller	fd82cee452	fix: resolve all compilation errors from upstream merge ... - Fix CryptoRandomString/CryptoRandomBytes callers (now return error) - Add missing DiffSlice[T] generic implementation Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-16 17:21:35 -05:00
Jonathan Miller	3396440926	feat(org): add org-level branch protection rulesets ... Add organization-scoped branch protection rules that cascade to all repos within the org. Repo-level rules take precedence; org rules serve as the fallback when no repo rule matches a branch. - New table: org_protected_branch (migration v332) - OrgProtectedBranch model with full CRUD operations - API endpoints: GET/POST/PATCH/DELETE /api/v1/orgs/{org}/branch_protections - Inheritance via GetFirstMatchProtectedBranchRule() fallback - InheritedFrom field added to BranchProtection API response - Org rules use team-based whitelists (no per-user IDs at org level) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-12 15:02:41 -05:00
Jonathan Miller	809e9d2bf3	feat(api): add custom fields on issues ... New tables: custom_field_definition, custom_field_value Supports field types: text, number, date, dropdown, checkbox Endpoints: - GET/POST /repos/{owner}/{repo}/custom-fields - GET/PATCH/DELETE /repos/{owner}/{repo}/custom-fields/{fieldId} - GET /repos/{owner}/{repo}/issues/{index}/custom-fields - PUT /repos/{owner}/{repo}/issues/{index}/custom-fields/{fieldId} - DELETE /repos/{owner}/{repo}/issues/{index}/custom-fields/{fieldId} Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-07 22:37:43 -05:00
wxiaoguang	deb31d3f30	Refactor database connection (#37496) ... Clean up legacy copied&pasted code, introduce the unique "database connection" function. Move migration testing helper function PrepareTestEnv to a separate package. By the way, remove "shadow connection secrets" tricks: showing connection string on UI is useless --------- Co-authored-by: Nicolas <bircni@icloud.com>	2026-05-01 15:38:38 +00:00
silverwind	d57d06335d	Refactor integration tests infrastructure (#37462) ... Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2026-04-29 16:37:38 +00:00
Copilot	9b9fb95559	Improve testing init, clean up webhook tests (#37412) ... Avoid webhook test fixtures affect other tests (be triggered) Also fixed more testing problems including path init, global config pollution & conflict --------- Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: wxiaoguang <2114189+wxiaoguang@users.noreply.github.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: silverwind <me@silverwind.io>	2026-04-25 18:55:18 +00:00
Zettat123	899ede1d55	Introduce ActionRunAttempt to represent each execution of a run (#37119) ... This PR introduces a new `ActionRunAttempt` model and makes Actions execution attempt-scoped. **Main Changes** - Each workflow run trigger generates a new `ActionRunAttempt`. The triggered jobs are then associated with this new `ActionRunAttempt` record. - Each rerun now creates: - a new `ActionRunAttempt` record for the workflow run - a full new set of `ActionRunJob` records for the new `ActionRunAttempt` - For jobs that need to be rerun, the new job records are created as runnable jobs in the new attempt. - For jobs that do not need to be rerun, new job records are still created in the new attempt, but they reuse the result of the previous attempt instead of executing again. - Introduce `rerunPlan` to manage each rerun and refactored rerun flow into a two-phase plan-based model: - `buildRerunPlan` - `execRerunPlan` - `RerunFailedWorkflowRun` and `RerunFailed` no longer directly derives all jobs that need to be rerun; this step is now handled by `buildRerunPlan`. - Converted artifacts from run-scoped to attempt-scoped: - uploads are now associated with `RunAttemptID` - listing, download, and deletion resolve against the current attempt - Added attempt-aware web Actions views: - the default run page shows the latest attempt (`/actions/runs/{run_id}`) - previous attempt pages show jobs and artifacts for that attempt (`/actions/runs/{run_id}/attempts/{attempt_num}`) - New APIs: - `/repos/{owner}/{repo}/actions/runs/{run}/attempts/{attempt}` - `/repos/{owner}/{repo}/actions/runs/{run}/attempts/{attempt}/jobs` - New configuration `MAX_RERUN_ATTEMPTS` - https://gitea.com/gitea/docs/pulls/383 **Compatibility** - Existing legacy runs use `LatestAttemptID = 0` and legacy jobs use `RunAttemptID = 0`. Therefore, these fields can be used to identify legacy runs and jobs and provide backward compatibility. - If a legacy run is rerun, an `ActionRunAttempt` with `attempt=1` will be created to represent the original execution. Then a new `ActionRunAttempt` with `attempt=2` will be created for the real rerun. - Existing artifact records are not backfilled; legacy artifacts continue to use `RunAttemptID = 0`. **Improvements** - It is now easier to inspect and download logs from previous attempts. - [`run_attempt`](https://docs.github.com/en/actions/reference/workflows-and-actions/contexts#github-context) semantics are now aligned with GitHub. - > A unique number for each attempt of a particular workflow run in a repository. This number begins at 1 for the workflow run's first attempt, and increments with each re-run. - Rerun behavior is now clearer and more explicit. - Instead of mutating the status of previous jobs in place, each rerun creates a new attempt with a full new set of job records. - Artifacts produced by different reruns can now be listed separately. Signed-off-by: Zettat123 <zettat123@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io>	2026-04-23 23:33:41 +00:00
Morgan Peyre	8cfcef32c6	Fix cmd tests by mocking builtin paths (#37369) ... After 07ada3666b, PrepareConsoleLoggerLevel can fail in tests when InstallLock is true, due to the incorrect config file is loaded. This PR fixes cmd test setup by mocking builtin paths Fixes #37368 --------- Co-authored-by: Morgan PEYRE <morgan.peyre@brickcode.tech> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2026-04-22 20:58:59 +00:00
silverwind	a9108ab6aa	Replace custom Go formatter with golangci-lint fmt (#37194) ... Use `golangci-lint fmt` to format code, replacing the previous custom formatter tool. https://github.com/daixiang0/gci is used to order the imports. `make fmt` performs ~13% faster while consuming ~57% less cpu while formatting for me. `GOFUMPT_PACKAGE` is gone because it's using the builtin package from golangci-lint. Co-authored-by: Claude (claude-opus-4-6) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2026-04-17 17:45:22 +00:00
Copilot	4a2bba9aed	Remove error returns from crypto random helpers and callers (#37240) ... Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: wxiaoguang <2114189+wxiaoguang@users.noreply.github.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: silverwind <115237+silverwind@users.noreply.github.com>	2026-04-17 00:59:26 +08:00
Zettat123	23c662ebb1	Support legacy run/job index-based URLs and refactor migration 326 (#37008) ... Follow up #36842 Migration `326` can be prohibitively slow on large instances because it scans and rewrites all commit status target URLs generated by Gitea Actions in the database. This PR refactors migration `326` to perform a partial update instead of rewriting every legacy target URL. The reason for this partial rewrite is that **smaller legacy run/job indexes are the most likely to be ambiguous with run/job ID-based URLs** during runtime resolution, so this change prioritizes that subset while avoiding the cost of rewriting all legacy records. To preserve access to old links, this PR introduces `resolveCurrentRunForView` to handle both ID-based URLs and index-based URLs: - For job pages (`/actions/runs/{run}/jobs/{job}`), it first tries to confirm that the URL is ID-based. It does so by checking whether `{job}` can be treated as an existing job ID in the repository and whether that job belongs to `{run}`. If that match cannot be confirmed, it falls back to treating the URL as legacy `run index + job index`, resolves the corresponding run and job, and redirects to the correct ID-based URL. - When both ID-based and index-based interpretations are valid at the same time, the resolver **prefers the ID-based interpretation by default**. For example, if a repository contains one run-job pair (`run_id=3, run_index=2, job_id=4`), and also another run-job pair (`run_id=1100, run_index=3, job_id=1200, job_index=4`), then `/actions/runs/3/jobs/4` is ambiguous. In that case, the resolver treats it as the ID-based URL by default and shows the page for `run_id=3, job_id=4`. Users can still explicitly force the legacy index-based interpretation with `?by_index=1`, which would resolve the same URL to `/actions/runs/1100/jobs/1200`. - For run summary pages (`/actions/runs/{run}`), it uses a best-effort strategy: by default it first treats `{run}` as a run ID, and if no such run exists in the repository, it falls back to treating `{run}` as a legacy run index and redirects to the ID-based URL. Users can also explicitly force the legacy interpretation with `?by_index=1`. - This summary-page compatibility is best-effort, not a strict ambiguity check. For example, if a repository contains two runs: runA (`id=7, index=3`) and runB (`id=99, index=7`), then `/actions/runs/7` will resolve to runA by default, even though the old index-based URL originally referred to runB. The table below shows how valid legacy index-based target URLs are handled before and after migration `326`. Lower-range legacy URLs are rewritten to ID-based URLs, while higher-range legacy URLs remain unchanged in the database but are still handled correctly by `resolveCurrentRunForView` at runtime. | run_id | run_index | job_id | job_index | old target URL | updated by migration 326 | current target URL | can be resolved correctly | |---|---|---|---|---|---|---|---| | 3 | 2 | 4 | 1 | `/user2/repo2/actions/runs/2/jobs/1` | true | `/user2/repo2/actions/runs/3/jobs/4` | true | | 4 | 3 | 8 | 4 | `/user2/repo2/actions/runs/3/jobs/4` | true | `/user2/repo2/actions/runs/4/jobs/8` | true (without migration 326, this URL will resolve to run(`id=3`)) | | 80 | 20 | 170 | 0 | `/user2/repo2/actions/runs/20/jobs/0` | true | `/user2/repo2/actions/runs/80/jobs/170` | true | | 1500 | 900 | 1600 | 0 | `/user2/repo2/actions/runs/900/jobs/0` | false | `/user2/repo2/actions/runs/900/jobs/0` | true | | 2400 | 1500 | 2600 | 0 | `/user2/repo2/actions/runs/1500/jobs/0` | false | `/user2/repo2/actions/runs/1500/jobs/0` | true | | 2400 | 1500 | 2601 | 1 | `/user2/repo2/actions/runs/1500/jobs/1` | false | `/user2/repo2/actions/runs/1500/jobs/1` | true | For users who already ran the old migration `326`, this change has no functional impact. Their historical URLs are already stored in the ID-based form, and ID-based URLs continue to resolve correctly. For users who have not run the old migration `326`, only a subset of legacy target URLs will now be rewritten during upgrade. This avoids the extreme runtime cost of the previous full migration, while all remaining legacy target URLs continue to work through the web-layer compatibility logic. Many thanks to @wxiaoguang for the suggestions.	2026-04-02 17:23:29 -07:00
Nicolas	35b654c9d6	Add webhook name field to improve webhook identification (#37025) (#37040) ... Add an optional Name field to webhooks so users can give them human-readable labels instead of relying only on URLs. The webhook overview page now displays names when available, or falls back to the URL for unnamed webhooks. Fixes #37025 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2026-04-01 09:56:20 +08:00
Nicolas	4ba90207cf	Add user badges (#36752) ... Implemented #29798 This feature implements list badges, create new badges, view badge, edit badge and assign badge to users. - List all badges  - Create new badges  - View badge   - Edit badge  - Add user to badge 	2026-03-22 15:49:45 +00:00
Excellencedev	45809c8f54	feat: Add configurable permissions for Actions automatic tokens (#36173) ... ## Overview This PR introduces granular permission controls for Gitea Actions tokens (`GITEA_TOKEN`), aligning Gitea's security model with GitHub Actions standards while maintaining compatibility with Gitea's unique repository unit system. It addresses the need for finer access control by allowing administrators and repository owners to define default token permissions, set maximum permission ceilings, and control cross-repository access within organizations. ## Key Features ### 1. Granular Token Permissions - **Standard Keyword Support**: Implements support for the `permissions:` keyword in workflow and job YAML files (e.g., `contents: read`, `issues: write`). - **Permission Modes**: - **Permissive**: Default write access for most units (backwards compatible). - **Restricted**: Default read-only access for `contents` and `packages`, with no access to other units. - ~~**Custom**: Allows defining specific default levels for each unit type (Code, Issues, PRs, Packages, etc.).~~**EDIT removed UI was confusing** - **Clamping Logic**: Workflow-defined permissions are automatically "clamped" by repository or organization-level maximum settings. Workflows cannot escalate their own permissions beyond these limits. ### 2. Organization & Repository Settings - **Settings UI**: Added new settings pages at both Organization and Repository levels to manage Actions token defaults and maximums. - **Inheritance**: Repositories can be configured to "Follow organization-level configuration," simplifying management across large organizations. - **Cross-Repository Access**: Added a policy to control whether Actions workflows can access other repositories or packages within the same organization. This can be set to "None," "All," or restricted to a "Selected" list of repositories. ### 3. Security Hardening - **Fork Pull Request Protection**: Tokens for workflows triggered by pull requests from forks are strictly enforced as read-only, regardless of repository settings. - ~~**Package Access**: Actions tokens can now only access packages explicitly linked to a repository, with cross-repo access governed by the organization's security policy.~~ **EDIT removed https://github.com/go-gitea/gitea/pull/36173#issuecomment-3873675346** - **Git Hook Integration**: Propagates Actions Task IDs to git hooks to ensure that pushes performed by Actions tokens respect the specific permissions granted at runtime. ### 4. Technical Implementation - **Permission Persistence**: Parsed permissions are calculated at job creation and stored in the `action_run_job` table. This ensures the token's authority is deterministic throughout the job's lifecycle. - **Parsing Priority**: Implemented a priority system in the YAML parser where the broad `contents` scope is applied first, allowing granular scopes like `code` or `releases` to override it for precise control. - **Re-runs**: Permissions are re-evaluated during a job re-run to incorporate any changes made to repository settings in the interim. ### How to Test 1. **Unit Tests**: Run `go test ./services/actions/...` and `go test ./models/repo/...` to verify parsing logic and permission clamping. 2. **Integration Tests**: Comprehensive tests have been added to `tests/integration/actions_job_token_test.go` covering: - Permissive vs. Restricted mode behavior. - YAML `permissions:` keyword evaluation. - Organization cross-repo access policies. - Resource access (Git, API, and Packages) under various permission configs. 3. **Manual Verification**: - Navigate to **Site/Org/Repo Settings -> Actions -> General**. - Change "Default Token Permissions" and verify that newly triggered workflows reflect these changes in their `GITEA_TOKEN` capabilities. - Attempt a cross-repo API call from an Action and verify the Org policy is enforced. ## Documentation Added a PR in gitea's docs for this : https://gitea.com/gitea/docs/pulls/318 ## UI: <img width="1366" height="619" alt="Screenshot 2026-01-24 174112" src="https://github.com/user-attachments/assets/bfa29c9a-4ea5-4346-9410-16d491ef3d44" /> <img width="1360" height="621" alt="Screenshot 2026-01-24 174048" src="https://github.com/user-attachments/assets/d5ec46c8-9a13-4874-a6a4-fb379936cef5" /> /fixes #24635 /claim #24635 --------- Signed-off-by: Excellencedev <ademiluyisuccessandexcellence@gmail.com> Signed-off-by: ChristopherHX <christopher.homberger@web.de> Signed-off-by: silverwind <me@silverwind.io> Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: ChristopherHX <christopher.homberger@web.de> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Zettat123 <zettat123@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2026-03-21 15:39:47 -07:00
wxiaoguang	18c65965ab	Fix various trivial problems (#36921) ... * Fix #36915 * Fix #36919 * Close #36600 * Close #36601 * Fix incorrect oauth2 error message display	2026-03-19 07:13:55 +08:00
Nicolas	b3b2d111da	Feature: Add per-runner “Disable/Pause” (#36776) ... This PR adds per-runner disable/enable support for Gitea Actions so a registered runner can be paused from picking up new jobs without unregistering. Disabled runners stay registered and online but are excluded from new task assignment; running tasks are allowed to finish. Re-enabling restores pickup, and runner list/get responses now expose disabled state. Also added an endpoint for testing http://localhost:3000/devtest/runner-edit/enable <img width="1509" height="701" alt="Bildschirmfoto 2026-02-27 um 22 13 24" src="https://github.com/user-attachments/assets/5328eda9-e59c-46b6-b398-f436e50ee3da" /> Fixes: https://github.com/go-gitea/gitea/issues/36767	2026-03-16 10:24:36 -07:00