dev
1665 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
fcf33d35df |
chore(api): remove /manifest backward-compat alias route (use /metadata)
Universal: PR Check / Require Docs Update (pull_request) Has been skipped
Universal: PR Check / Wiki Update Reminder (pull_request) Has been skipped
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
PR RC Release / Build RC Release (pull_request) Successful in 3s
Universal: PR Check / Validate PR (pull_request) Successful in 14s
Universal: Auto Version Bump / Version Bump (push) Successful in 25s
Generic: Project CI / Lint & Validate (pull_request) Successful in 51s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m21s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Successful in 3s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
The /manifest GET+PUT routes were backward-compat aliases for the canonical /metadata routes. Completing the manifest->metadata migration (#752): drop the alias so /metadata is the single path. Handlers (GetRepoMetadata/UpdateRepoMetadata) are unchanged. The MCP already calls /metadata (mcp-mokogitea-api v1.4.2, gitea_metadata_get/update); the stale gitea_manifest_* tools only exist in older deployed MCP builds and drop out on redeploy. Refs #752 Claude-Session: https://claude.ai/code/session_01Wsno14cxE49MstXFs9G5KT |
||
|
|
cac06c2ac7 |
feat: org branch protection per-user allowlists + Actions-bot toggle (#727)
Universal: Auto Version Bump / Version Bump (push) Successful in 12s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Universal: PR Check / Require Docs Update (pull_request) Has been skipped
Universal: PR Check / Wiki Update Reminder (pull_request) Has been skipped
PR RC Release / Build RC Release (pull_request) Successful in 4s
Universal: PR Check / Validate PR (pull_request) Successful in 14s
Branch Cleanup / Delete merged branch (pull_request) Successful in 2s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Generic: Project CI / Lint & Validate (pull_request) Successful in 1m3s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m42s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Extend org-level branch protection to support per-user allowlists (resolved from username OR email) and an "allow Actions bot" toggle, alongside the existing team allowlists, for all five categories (push, merge, force-push, delete, approvals). - models/git/org_protected_branch.go: add WhitelistUserIDs, MergeWhitelistUserIDs, ForcePushAllowlistUserIDs, DeleteAllowlistUserIDs, ApprovalsWhitelistUserIDs ([]int64) plus WhitelistActionsUser, MergeWhitelistActionsUser, ForcePushAllowlistActionsUser, DeleteAllowlistActionsUser (bool); copy all 9 into ProtectedBranch in ToProtectedBranch(). - models/migrations/v1_27/v368.go: migration 367 adds the 9 columns. - modules/structs/org_branch.go: add *Usernames []string and *ActionsUser bool to Create/Edit options and the response, matching repo-level json names. - routers/api/v1/org/branch_protection.go: resolveUserIDs (username then email, dedupe, 422 on unknown); wire into Create + Edit and toAPIOrgBranchProtection. - models/git/protected_branch_merge.go: add mergeAllowFlag and merge the four Actions-user flags most-restrictively (org can now express them); deploy-key flags stay repo-only pass-through. - models/git/protected_branch_merge_test.go: mergeAllowFlag truth table, user-ID intersection, deploy-key pass-through. - regenerate swagger v1 + openapi3 specs. Claude-Session: https://claude.ai/code/session_01Wsno14cxE49MstXFs9G5KT |
||
|
|
93365cdd95 |
docs(api): swagger annotations + response models for org-governance endpoints (#727, #738)
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
PR RC Release / Build RC Release (pull_request) Successful in 3s
Universal: PR Check / Validate PR (pull_request) Successful in 11s
Generic: Project CI / Lint & Validate (pull_request) Successful in 41s
Universal: PR Check / Secret Scan (pull_request) Successful in 59s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Branch Cleanup / Delete merged branch (pull_request) Successful in 1s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Annotate the four previously undocumented org-governance API handlers
(tag_protection, push_policy, repo_defaults, email_domain) with
swagger:operation blocks, and register the swagger:response models the
branch_protection operations already referenced. Register the org
option DTOs in the parameterBodies hack so their definitions are
emitted.
Also fix pre-existing spec-generation blockers surfaced once the spec
became regenerable: a stray comment glued to the repoUpdateManifest
swagger block (broke YAML parsing), missing owner/repo path params on
the manifest operations, a Manifest response registration, and missing
definitions for EditAccessTokenOption, the IssueBulk* options, and the
Issue{Priority,Status,Type}Def types. Regenerated v1_json.tmpl and
v1_openapi3_json.tmpl; spec now validates cleanly against Swagger 2.0.
Claude-Session: https://claude.ai/code/session_01Wsno14cxE49MstXFs9G5KT
|
||
|
|
125eefc650 |
fix: repair build (renamed org-visibility helper) + gofmt
Universal: PR Check / Branch Policy (pull_request) Successful in 3s
PR RC Release / Build RC Release (pull_request) Successful in 4s
Universal: PR Check / Validate PR (pull_request) Successful in 19s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Successful in 2s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 1m8s
Generic: Project CI / Lint & Validate (pull_request) Successful in 1m10s
Universal: PR Check / Secret Scan (pull_request) Successful in 2m43s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Two pre-existing issues surfaced when the org-governance series was compiled locally with a real Go toolchain (go1.26.3) for the first time: - routers/api/v1/api.go:519 called organization.HasOrgOrUserVisible, which no longer exists — it was renamed to IsOwnerVisibleToDoer (models/organization/ org.go:548, identical signature). This one missed call site meant the whole routers/api/v1 package (and therefore the server binary) failed `go build`. With the rename, `go build ./...` is clean. - gofmt: api.go (a mis-indented commented-out /projects route block) and release.go (import sort: repo before updateserver) were gofmt-dirty. Fixed with gofmt -w on the two files this change already touches. Not part of #727, but blocks building/releasing the fork; found while validating the dev -> main promotion (#733). Claude-Session: https://claude.ai/code/session_01Wsno14cxE49MstXFs9G5KT |
||
|
|
6a3db171c1 |
feat(org): org-level email domain policy for members (#727)
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
PR RC Release / Build RC Release (pull_request) Successful in 3s
Universal: PR Check / Validate PR (pull_request) Successful in 12s
Generic: Project CI / Lint & Validate (pull_request) Successful in 25s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m2s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Successful in 4s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Restricts which email domains an organization's members may have. When a policy
is configured, a user can only be added to the org (via any team) if their
primary email matches one of the allowed domain globs.
Enforced at the single membership choke point services/org.AddTeamMember, which
every add path (API, web, group-sync) funnels through — so one check covers them
all. On violation it returns a typed ErrEmailDomainNotAllowed; the API team-add
handler maps it to 422.
- models/git/org_email_domain.go: OrgEmailDomainPolicy model + EmailAllowed
(domain glob match) + OrgEmailDomainAllowed + typed error + CRUD. Migration 366.
- API: GET/PATCH/DELETE /orgs/{org}/email_domain_policy.
- Enforcement in services/org/team.go; 422 mapping in routers/api/v1/org/team.go.
An empty policy imposes no restriction. This is the one bounded piece of the
"access/security" tier; org 2FA-required and IP allowlists were deliberately NOT
built here — they are cross-cutting enforcement (auth gating / request
middleware) that needs a compiler + tests, not a blind stacked PR.
Stacked on #731/#730/#729/#728 for migration ordering (this = 366). Swagger
omitted.
Note: no Go toolchain available locally, so not compiled/gofmt'd/tested here.
Hand-verified: gofmt (tabs, no blank-in-block), imports (git_model added to the
api team handler, gci order), typed-error detection, migration contiguous (366).
Claude-Session: https://claude.ai/code/session_01Wsno14cxE49MstXFs9G5KT
|
||
|
|
d3134b1c53 |
feat(org): org-level repository defaults applied on repo create/transfer (#727)
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
PR RC Release / Build RC Release (pull_request) Successful in 3s
Universal: PR Check / Validate PR (pull_request) Successful in 9s
Generic: Project CI / Lint & Validate (pull_request) Successful in 15s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m5s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Successful in 3s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Adds a single per-org repository-defaults config, applied to a repo when it is
created in or transferred into the org via a notifier (services/org):
- ForcePrivate — force new/transferred repos private (Repository.IsPrivate).
- PR defaults (when ApplyPRDefaults) — allowed merge styles, default merge
style, and auto-delete-branch-after-merge, written to the repo's pull-requests
unit config via repo_service.UpdateRepositoryUnits.
Best-effort: the notifier logs and swallows errors, so a defaults bug can never
break repository creation or transfer.
- models/git/org_repo_defaults.go: OrgRepoDefaults model + CRUD + migration 365.
- API: GET/PATCH/DELETE /orgs/{org}/repo_defaults.
- services/org/notifier.go: CreateRepository/TransferRepository -> apply defaults;
registered from routers/init.go (org_service.Init()).
Stacked on #730/#729/#728 for migration ordering (this = 365). Swagger omitted.
Note: no Go toolchain available locally, so not compiled/gofmt'd/tested here.
Hand-verified: gofmt (tabs, no blank-in-block, struct/DTO alignment), imports
used, no Init() collision in services/org, migration contiguous (365), notifier
signatures match the Notifier interface.
Claude-Session: https://claude.ai/code/session_01Wsno14cxE49MstXFs9G5KT
|
||
|
|
3aac1b456c |
feat(org): org-level push policy enforced in the pre-receive hook (#727)
Universal: PR Check / Branch Policy (pull_request) Successful in 3s
PR RC Release / Build RC Release (pull_request) Successful in 5s
Universal: PR Check / Validate PR (pull_request) Successful in 15s
Generic: Project CI / Lint & Validate (pull_request) Successful in 23s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m13s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Successful in 1s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Adds a single per-org push policy that cascades to every repo of the org and is
enforced in the pre-receive hook:
- Branch/tag name conventions (glob) — a pushed ref name must match. Fail-closed.
- Mandatory secret-scanning block-on-push — org can force secret blocking that a
repo cannot disable (overrides the per-repo scanner config in the orchestrator).
- Max pushed-file size — rejects a tip tree containing a blob over the limit.
- Blocked file-path patterns — rejects pushes changing matching paths (reuses
pull_service.CheckFileProtection).
The two content checks (blocked paths, max size) FAIL OPEN on any error so a
policy/parsing bug can never wedge all pushes; naming is fail-closed.
- models/git/org_push_policy.go: OrgPushPolicy model + CRUD + matchers +
GetOrgPushPolicyForRepo. Migration 364.
- API: GET/PATCH/DELETE /orgs/{org}/push_policy (routers/api/v1/org/push_policy.go,
DTOs in modules/structs/org_push_policy.go, wired in api.go).
- Enforcement: routers/private/hook_pre_receive.go (branch: naming + blocked paths
+ max size; tag: naming) and services/security/orchestrator.go (secret mandate).
Deferred: a repo-facing read-only view of the org push policy (it is an org-wide
config, not per-repo overlay rules; readable via the API for now).
Stacked on #729/#728 for migration ordering (this = 364). Swagger annotations
omitted (can't regenerate without the toolchain).
Note: no Go toolchain available locally, so not compiled/gofmt'd/tested here.
Hand-verified: gofmt (tabs, no blank-in-block), escape sequences in the ls-tree
parser, imports used, migration contiguous (364), fail-open on content checks.
Claude-Session: https://claude.ai/code/session_01Wsno14cxE49MstXFs9G5KT
|
||
|
|
b31336d1fe |
feat(org): org-level tag protection, layered with per-repo protected tags (#727)
Universal: Build & Release / Promote to RC (pull_request) Failing after 18s
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
Generic: Project CI / Lint & Validate (pull_request) Successful in 39s
PR RC Release / Build RC Release (pull_request) Successful in 2m21s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Universal: PR Check / Validate PR (pull_request) Successful in 11s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m17s
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Branch Cleanup / Delete merged branch (pull_request) Successful in 1s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Adds org-level tag protection as a parallel to org-level branch protection.
An org tag rule is {NamePattern, AllowlistTeamIDs}; it cascades to every repo
in the org and layers on top of the repo's own protected tags — a tag is
controllable (push/delete) only if allowed at BOTH levels (fail-closed).
- models/git/org_protected_tag.go: OrgProtectedTag model + CRUD +
ToProtectedTag() (reuses the ProtectedTag matcher/allowlist logic) +
IsUserAllowedToControlTagInRepo() which ANDs the repo decision with the org
decision. Migration 363.
- API: /orgs/{org}/tag_protections CRUD (routers/api/v1/org/tag_protection.go,
DTOs in modules/structs/org_tag.go, wired in api.go).
- Enforcement: the git push/delete hook (hook_pre_receive.go) and the two
release paths (release.go create/delete) now call the layered check, so no
per-site tag logic changes beyond swapping the helper.
- View: the repo Tag settings page lists inherited org tag rules read-only.
Stacked on #728 (branch-protection PR) for migration ordering — merge #728
first. Swagger annotations omitted (can't regenerate the swagger JSON without
the toolchain); routes still register.
Note: no Go toolchain available locally, so not compiled/gofmt'd/tested here.
Hand-verified: gofmt (tabs, no blank-in-block, struct alignment), template
nesting balances, all .Rule fields exist on OrgProtectedTag, all locale keys
defined, JSON valid, migration contiguous (363).
Claude-Session: https://claude.ai/code/session_01Wsno14cxE49MstXFs9G5KT
|
||
|
|
4b68853f08 |
feat(org): add branch-deletion protection + expandable inherited-rule view (#727)
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 1s
Generic: Project CI / Lint & Validate (pull_request) Successful in 39s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 1m3s
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
PR RC Release / Build RC Release (pull_request) Successful in 1m8s
Generic: Project CI / Tests (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report: Scripts Governance (pull_request) Has been cancelled
Generic: Repo Health / Report: Repository Health (pull_request) Has been cancelled
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Universal: PR Check / Validate PR (pull_request) Successful in 12s
Universal: PR Check / Secret Scan (pull_request) Successful in 3m47s
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Successful in 2s
Two related additions: 1. Branch deletion as an org-level ability. OrgProtectedBranch gained CanDelete / EnableDeleteAllowlist / DeleteAllowlistTeamIDs (migration 362), ToProtectedBranch maps them, and the API (create/edit/response DTOs + handlers) exposes enable_delete / enable_delete_allowlist / delete_allowlist_teams. The layering merge already combined delete fields, so org delete-protection now enforces once ToProtectedBranch populates them. 2. The repo Branch Protection view now renders each inherited org rule as an expandable detail (direct push, force-push, branch deletion, merge, required approvals, status checks, protected files) with team names resolved, instead of three headline badges. Still read-only. Note: no Go toolchain available locally, so not compiled/gofmt'd/tested here. Verified by hand: struct-field gofmt alignment, template block nesting balances, every .Rule field exists on OrgProtectedBranch, and all locale keys referenced in the template are defined. Claude-Session: https://claude.ai/code/session_01Wsno14cxE49MstXFs9G5KT |
||
|
|
7c75133ef1 |
feat: code security scanner with OWASP pattern detection (#552)
Universal: Auto Version Bump / Version Bump (push) Successful in 13s
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
PR RC Release / Build RC Release (pull_request) Successful in 2s
Universal: PR Check / Validate PR (pull_request) Successful in 12s
Generic: Project CI / Lint & Validate (pull_request) Successful in 37s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m20s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Implements the code analysis scanner module that detects insecure patterns across Go, PHP, Python, JavaScript, and TypeScript: - SQL injection (CWE-89): string concat in queries across 4 languages - XSS (CWE-79): innerHTML, document.write, unescaped output, dangerouslySetInnerHTML - Command injection (CWE-78): exec with variables, shell=True, os.system - Path traversal (CWE-22): unsanitized path joins, file open with user input - Insecure deserialization (CWE-502): unserialize(), yaml.load() - Hardcoded credentials (CWE-798): password assignments in source - Weak cryptography (CWE-327): MD5/SHA-1 usage 22 rules total, language-filtered by file extension. Wired into the existing scanner orchestrator via the CodeScanner config toggle. API updated to expose code_scanner in GET/PATCH security config. Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd |
||
|
|
23bb025700 |
merge: incorporate main into dev for release PR #714
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Universal: Auto Version Bump / Version Bump (push) Successful in 21s
Generic: Repo Health / Access control (pull_request) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Universal: PR Check / Validate PR (pull_request) Failing after 15s
Generic: Project CI / Lint & Validate (pull_request) Successful in 40s
Deploy MokoGitea (Dev) / Build & Deploy to Dev (push) Failing after 1m32s
PR RC Release / Build RC Release (pull_request) Failing after 2m51s
Universal: PR Check / Secret Scan (pull_request) Successful in 2m49s
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Universal: Build & Release / Build & Release Pipeline (pull_request) Failing after 1m34s
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Successful in 6m59s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report: Scripts Governance (pull_request) Has been cancelled
Generic: Repo Health / Report: Repository Health (pull_request) Has been cancelled
Resolve CHANGELOG conflict — deduplicate feature entries. Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd |
||
|
|
98301bc92b |
merge: incorporate latest dev (post status-presets merge) into cascade-merge
Resolve CHANGELOG conflict, restore issue_metadata.go from dev. Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd |
||
|
|
5a25068d81 |
merge: incorporate dev changes into feature/cascade-merge
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
PR RC Release / Build RC Release (pull_request) Successful in 4s
Universal: PR Check / Validate PR (pull_request) Failing after 15s
Generic: Project CI / Lint & Validate (pull_request) Successful in 41s
Universal: Auto Version Bump / Version Bump (push) Successful in 22s
Universal: PR Check / Secret Scan (pull_request) Successful in 3m33s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Resolve CHANGELOG.md and api.go conflicts — keep both cascade_rules and security route groups. Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd |
||
|
|
57894e25fd |
merge: incorporate dev changes into feature/status-presets
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
PR RC Release / Build RC Release (pull_request) Successful in 4s
Universal: PR Check / Validate PR (pull_request) Failing after 12s
Generic: Project CI / Lint & Validate (pull_request) Successful in 1m7s
Branch Cleanup / Delete merged branch (pull_request) Failing after 4s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Universal: PR Check / Secret Scan (pull_request) Successful in 2m52s
Universal: Auto Version Bump / Version Bump (push) Successful in 18s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Resolve CHANGELOG.md conflict — keep both status presets and default teams entries. Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd |
||
|
|
cf25eef480 |
fix: distinguish unknown preset from DB errors in ApplyIssueStatusPreset
PR RC Release / Build RC Release (pull_request) Successful in 3s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Universal: PR Check / Validate PR (pull_request) Failing after 13s
Universal: Auto Version Bump / Version Bump (push) Successful in 18s
Generic: Project CI / Lint & Validate (pull_request) Successful in 35s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m11s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
db.ErrNotExist returns 404, other errors return 500 instead of masking all errors as 404. Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd |
||
|
|
84df5d7932 |
feat: register security scanning API routes in router
PR RC Release / Build RC Release (pull_request) Successful in 3s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Universal: PR Check / Validate PR (pull_request) Failing after 12s
Generic: Project CI / Lint & Validate (pull_request) Successful in 36s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m15s
Universal: Auto Version Bump / Version Bump (push) Successful in 11s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Adds /repos/{owner}/{repo}/security/* route group for security
alert management, scanning, and configuration endpoints.
Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd
|
||
|
|
7b334f94c0 |
feat: security scanning API endpoints + pre-receive hook blocking (#692)
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
PR RC Release / Build RC Release (pull_request) Successful in 3s
Universal: PR Check / Validate PR (pull_request) Failing after 11s
Generic: Project CI / Lint & Validate (pull_request) Successful in 39s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m5s
Universal: Auto Version Bump / Version Bump (push) Successful in 14s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Add REST API for security alerts (list, get, update status, trigger scan) and scanner config (get, update). Wire block_on_push into the pre-receive hook so pushes containing detected secrets are rejected with details. Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd |
||
|
|
805c566615 |
fix: remove leaked security scanning routes from cascade-merge branch
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
PR RC Release / Build RC Release (pull_request) Successful in 2s
Universal: PR Check / Validate PR (pull_request) Failing after 9s
Generic: Project CI / Lint & Validate (pull_request) Successful in 30s
Universal: PR Check / Secret Scan (pull_request) Successful in 57s
Universal: Auto Version Bump / Version Bump (push) Has been cancelled
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
The security route group belongs to feature/secret-scanning (#692) and was accidentally committed here during parallel agent work. Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd |
||
|
|
f53bc895ba |
fix: prevent IDOR in CopyStatusesFromOrg endpoint
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
PR RC Release / Build RC Release (pull_request) Successful in 3s
Universal: PR Check / Validate PR (pull_request) Failing after 10s
Generic: Project CI / Lint & Validate (pull_request) Successful in 43s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m46s
Universal: Auto Version Bump / Version Bump (push) Has been cancelled
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Add source org visibility + membership check before copying statuses. Non-public source orgs now require the doer to be a member or site admin, preventing unauthorized enumeration of private org statuses. Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd |
||
|
|
cbf34fb987 |
fix: Various security fixes (#38103) (#38151)
Backport #38103 - Enforce org visibility on organization label read endpoints (private org labels no longer leak to non-members). - Block fork sync (`merge-upstream`) when the base repo is no longer readable (stops pulling commits after a parent goes private). - Remove `REVERSE_PROXY_LIMIT` / `REVERSE_PROXY_TRUSTED_PROXIES` from the Docker `app.ini` templates (the `= *` default allowed `X-WEBAUTH-USER` impersonation; reverse-proxy auth is now opt-in and admin-configured). - Enforce single-use TOTP passcodes across web login, password-reset, and Basic-Auth `X-Gitea-OTP` (fixes a TOCTOU race and a stateless replay). - Re-check branch write permission for every ref in a push (the pre-receive hook cached the first ref's result, letting a per-branch maintainer-edit grant escalate to full repo write). --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
|
f627219ca8 |
feat: cascade merge — auto-create PRs to downstream branches after merge (#460)
Universal: Auto Version Bump / Version Bump (push) Successful in 19s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
PR RC Release / Build RC Release (pull_request) Successful in 4s
Universal: PR Check / Validate PR (pull_request) Failing after 9s
Generic: Project CI / Lint & Validate (pull_request) Successful in 30s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m7s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Adds configurable cascade rules per repo. When a PR merges into a
source branch, the system auto-creates PRs to each configured target
branch. Skips if a matching PR already exists.
- Model: CascadeMergeRule (repo_id, source, target, enabled, auto_merge)
- Migration v362 creates cascade_merge_rule table
- Notifier hooks into MergePullRequest/AutoMergePullRequest events
- API: CRUD at /repos/{owner}/{repo}/cascade_rules (admin only)
Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd
|
||
|
|
df9305758f |
feat: add issue status presets and cross-org migration (#507)
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
PR RC Release / Build RC Release (pull_request) Successful in 3s
Universal: PR Check / Validate PR (pull_request) Failing after 9s
Universal: Auto Version Bump / Version Bump (push) Successful in 14s
Generic: Project CI / Lint & Validate (pull_request) Successful in 46s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m16s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
4 built-in presets: default, software-development, support-tickets, bug-tracking. API endpoints to list presets, apply to org, and copy statuses between orgs. Web UI dropdown on org settings page. Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd |
||
|
|
4178e7f23e |
feat: add delete allowlist for branch protection rules (#696)
Universal: Auto Version Bump / Version Bump (push) Successful in 12s
PR RC Release / Build RC Release (pull_request) Successful in 2s
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Universal: PR Check / Validate PR (pull_request) Failing after 13s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m33s
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Add configurable per-user/team/deploy-key allowlist for deleting protected branches. Previously, protected branches could never be deleted via git push. Now admins can configure deletion permissions with the same granularity as force-push allowlists. - 6 new model fields: CanDelete, EnableDeleteAllowlist, DeleteAllowlistUserIDs/TeamIDs, DeleteAllowlistDeployKeys, DeleteAllowlistActionsUser - CanUserDelete() method with admin-level default (higher than push) - Migration v361 adds columns to protected_branch table - Pre-receive hook checks delete allowlist instead of unconditional block - CanDeleteBranch service uses CanUserDelete instead of IsBranchProtected - API create/edit endpoints support delete allowlist fields - Web UI settings page with radio buttons and user/team dropdowns - 12 new locale strings for the delete allowlist UI Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd |
||
|
|
9db67cd554 |
fix(actions): reject workflow_dispatch for workflows without that trigger (#37660) (#37895)
Backport #37660 by @jorgeortiz85 ## Summary Fixes #37528 This PR makes the workflow dispatch API reject workflows that do not declare `workflow_dispatch`. Previously, `POST /repos/{owner}/{repo}/actions/workflows/{workflow_id}/dispatches` could create an `ActionRun` for a workflow that only declared another event such as `push`. The service now validates that the target workflow has a `workflow_dispatch` trigger before inserting the run. The API maps that validation failure to `422 Unprocessable Entity`, matching existing validation failures in this handler. The regression test creates a push-only workflow, dispatches it through the public API, asserts the `workflow_dispatch` validation message, and verifies that no run was inserted. ## Testing - `go test ./services/actions` - `TAGS="sqlite sqlite_unlock_notify" make test-integration#TestWorkflowDispatchPublicApiRequiresWorkflowDispatchTrigger` - `TAGS="sqlite sqlite_unlock_notify" make test-integration#TestWorkflowDispatchPublicApi` ## Disclosure Developed with assistance from OpenAI Codex. Co-authored-by: Jorge Ortiz <jorge.ortiz@gmail.com> Co-authored-by: Nicolas <bircni@icloud.com> |
||
|
|
f7c2b205c5 |
fix: reject empty token update requests with 400
Universal: PR Check / Branch Policy (pull_request) Failing after 3s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 2s
Universal: PR Check / Validate PR (pull_request) Failing after 11s
Universal: Auto Version Bump / Version Bump (push) Successful in 17s
PR RC Release / Build RC Release (pull_request) Failing after 1m5s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m7s
Branch Cleanup / Delete merged branch (pull_request) Successful in 1s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Universal: Build & Release / Build & Release Pipeline (pull_request) Failing after 57s
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 3m52s
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
|
||
|
|
d2d7c0a762 |
feat: add ability to edit API token scopes (#697)
Add PATCH /users/{username}/tokens/{id} API endpoint and web UI edit
button so token scopes can be modified after creation without having
to delete and recreate the token.
|
||
|
|
49f6380fa4 |
feat: add licensing API token scope (#697)
Universal: Auto Version Bump / Version Bump (push) Successful in 17s
PR RC Release / Build RC Release (pull_request) Successful in 3s
Universal: PR Check / Branch Policy (pull_request) Failing after 2s
Universal: PR Check / Validate PR (pull_request) Failing after 11s
Universal: PR Check / Secret Scan (pull_request) Successful in 43s
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Successful in 3s
Universal: Build & Release / Build & Release Pipeline (pull_request) Failing after 1m13s
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 4m6s
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Add read:licensing / write:licensing token scope category so licensing endpoints are guarded by the same permission system as all other API endpoints. Public-only tokens are rejected for licensing endpoints. |
||
|
|
5c43cf1f02 |
fix(metadata): support partial updates — only sent fields are changed
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 1s
Universal: PR Check / Validate PR (pull_request) Failing after 10s
Universal: Auto Version Bump / Version Bump (push) Successful in 16s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m30s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 1m32s
PR RC Release / Build RC Release (pull_request) Failing after 2m28s
Deploy MokoGitea (Dev) / Build & Deploy to Dev (push) Failing after 2m32s
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Previously PUT /metadata replaced all fields, wiping any not included in the request. Now loads existing metadata first and merges only the fields present in the JSON body. |
||
|
|
c8c74c7afe |
fix: handle DB errors in licensing API, fix wiki API URL-decode fallback
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Universal: PR Check / Validate PR (pull_request) Failing after 10s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 2s
Universal: Auto Version Bump / Version Bump (push) Successful in 16s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m11s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 1m12s
Deploy MokoGitea (Dev) / Build & Deploy to Dev (push) Failing after 1m46s
PR RC Release / Build RC Release (pull_request) Failing after 1m38s
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
- licensing/manage.go: capture Update/Delete errors instead of silently discarding them (UpdateLicense, UpdateTier, DeleteTier) - wiki.go API: fix findEntryForFile to allow URL-decode fallback for non-ASCII page names (was returning on ErrNotExist instead of falling through) |
||
|
|
7b68963b67 |
feat(metadata): add deploy fields to repo metadata API (#692)
Universal: Auto Version Bump / Version Bump (push) Successful in 18s
Deploy MokoGitea (Dev) / Build & Deploy to Dev (push) Failing after 1m2s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 1m11s
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 2s
Universal: PR Check / Validate PR (pull_request) Failing after 10s
Universal: Build & Release / Promote to RC (pull_request) Failing after 18s
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
PR RC Release / Build RC Release (pull_request) Failing after 1m16s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m23s
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
- Migration v360: adds deploy_host, deploy_port, deploy_user, deploy_path, docker_image, docker_registry, container_name, health_url to repo_manifest - API: GET/PUT /metadata now includes deploy fields - Settings: preserve deploy fields on web UI save - Remove 4 unneeded workflows (gitleaks, npm-publish, notify, workflow-sync) - gitleaks will become built-in (#692) - npm-publish/notify not applicable to Go repo - workflow-sync moving to MokoCLI |
||
|
|
1178975be3 |
feat(wiki): full-text search across wiki pages (#550)
- Web: WikiSearch handler with case-insensitive search of titles and content - Web: search.tmpl with search form and results display - Web: "Search wiki" link added to wiki dropdown menu - API: GET /wiki/search?q=term endpoint with pagination - Recursive traversal handles nested folder wikis |
||
|
|
78b0ce9650 |
fix: org metadata API respects visibility for unauthenticated requests (#690)
Add checkOrgVisibility() guard to issue-statuses, issue-priorities, and issue-types endpoints. Public orgs remain accessible to everyone. Private/limited orgs return 404 for unauthenticated callers. |
||
|
|
71d52e432e |
feat: enforce required baseline issue statuses (#681)
Deploy MokoGitea / deploy (push) Successful in 5m8s
Add IsRequired field to IssueStatusDef. Open and Closed statuses are seeded as required and cannot be deleted. Delete attempts return an error flash in the web UI and ErrStatusRequired in the model layer. API response now includes is_required field. |
||
|
|
9149fa100c |
feat: make metadata/manifest GET endpoint publicly accessible (#676)
Deploy MokoGitea / deploy (push) Successful in 3m30s
Remove reqRepoReader auth requirement from GET /repos/{owner}/{repo}/metadata
and /manifest endpoints. PUT (update) still requires token + admin.
|
||
|
|
6d194f9bdf |
fix: sort imports in manage.go (stdlib before module imports)
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 2s
Universal: PR Check / Validate PR (pull_request) Failing after 8s
Universal: Auto Version Bump / Version Bump (push) Successful in 14s
PR RC Release / Build RC Release (pull_request) Failing after 51s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m8s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 1m0s
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Universal: Build & Release / Build & Release Pipeline (pull_request) Failing after 44s
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 1m44s
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
|
||
|
|
403db405cb |
fix: resolve all compile errors in licensing endpoints
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 1s
Universal: PR Check / Validate PR (pull_request) Failing after 8s
Universal: Build & Release / Promote to RC (pull_request) Failing after 14s
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
Universal: Auto Version Bump / Version Bump (push) Successful in 14s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m4s
PR RC Release / Build RC Release (pull_request) Failing after 1m5s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 54s
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
- ctx.BindJSON → json.NewDecoder(ctx.Req.Body).Decode - ctx.Orm() → db.GetEngine(ctx) - ctx.NotFound() → ctx.APIErrorNotFound() - GetAttachmentsByReleaseID → db.GetEngine query |
||
|
|
79cc30e9a8 |
fix: use ctx.APIError instead of ctx.Error in licensing endpoints
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Generic: Repo Health / Access control (pull_request) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Universal: PR Check / Validate PR (pull_request) Failing after 10s
PR RC Release / Build RC Release (pull_request) Failing after 1m13s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m19s
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Universal: Auto Version Bump / Version Bump (push) Successful in 13s
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 2m0s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 40s
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Universal: Build & Release / Build & Release Pipeline (pull_request) Failing after 1m1s
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
APIContext doesn't have an Error method — use APIError(status, msg) which is the correct 2-arg pattern for Gitea API error responses. |
||
|
|
1d1b867df5 |
feat: add license management API — admin CRUD, user self-service, tier management (#624)
Admin: POST/GET/PATCH/DELETE /api/v1/licensing/licenses (reqSiteAdmin) User: GET /api/v1/licensing/my/licenses, manage domains (reqToken) Tiers: GET/POST/PATCH/DELETE /api/v1/licensing/tiers (reqSiteAdmin) Includes pagination, entitlement/activation detail in GET, tier change triggers entitlement rebuild, delete-tier blocked if active licenses exist. |
||
|
|
5bd449017c |
feat: add signed download endpoint with ed25519 tokens (#622)
GET /api/v1/licensing/download/{product}/{version}.zip?token=XXX&expires=YYY&dlid=ZZZ
ed25519 keypair auto-generated on first use, stored in Gitea data dir.
Update XML endpoint now generates signed URLs with 5-minute TTL.
Download verifies signature + expiry + DLID + entitlement before serving
the release ZIP attachment. Downloads logged to audit trail.
|
||
|
|
3e909df6d4 |
feat: add license validation API — public validate + authenticated status (#623)
GET /api/v1/licensing/validate?dlid=XXX&product=YYY&domain=ZZZ (public)
GET /api/v1/licensing/{dlid}/status (authenticated, reqToken)
Public endpoint returns valid/invalid with reason codes for Joomla plugin
and external integration use. Authenticated endpoint returns full license
detail with entitlement list and domain usage for admin dashboards.
|
||
|
|
6f6a8b0f2c |
fix: remove invalid SortType field from FindReleasesOptions
Branch Policy Check / Verify merge target (pull_request) Successful in 1s
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 2s
Universal: PR Check / Validate PR (pull_request) Failing after 10s
Generic: Project CI / Lint & Validate (pull_request) Successful in 37s
PR RC Release / Build RC Release (pull_request) Failing after 1m30s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 1m31s
Universal: Auto Version Bump / Version Bump (push) Successful in 6s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 1m47s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
|
||
|
|
212b8c9e6d |
feat: add DLID-gated update XML endpoint for Joomla updater (#621)
Universal: Auto Version Bump / Version Bump (push) Successful in 8s
Branch Policy Check / Verify merge target (pull_request) Successful in 1s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 2s
Universal: PR Check / Validate PR (pull_request) Failing after 14s
Generic: Project CI / Lint & Validate (pull_request) Successful in 41s
PR RC Release / Build RC Release (pull_request) Failing after 1m13s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 1m23s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 3m6s
Universal: Build & Release / Promote to RC (pull_request) Successful in 23s
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
GET /api/v1/licensing/updates/{product}.xml?dlid=XXX&domain=YYY
Validates DLID format (CRC32), checks license status and entitlement,
auto-activates domain, returns Joomla-compatible update XML from the
entitled repo's stable release. Invalid/expired returns empty <updates/>.
|
||
|
|
2b6684536e |
feat: remove display_name, compute from extension_type + name (#650)
- Remove DisplayName field from RepoMetadata and UpdateStreamConfig
- Add DerivedDisplayName() method: "{Type} - {Name}" (e.g. "Package - MokoSuiteBackup")
- API returns computed display_name in GET, ignores it on PUT
- Update server feeds use DerivedDisplayName() instead of stored value
- Remove display_name from web forms (repo licensing, org update streams)
- License settings API computes display_name from repo metadata
- Migration v358: drop display_name columns from both tables
|
||
|
|
7ebe6d54be |
refactor: rename PackageType → ExtensionType (#646)
Branch Policy Check / Verify merge target (pull_request) Successful in 1s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
PR RC Release / Build RC Release (pull_request) Successful in 2s
Universal: PR Check / Validate PR (pull_request) Failing after 8s
Generic: Project CI / Lint & Validate (pull_request) Successful in 32s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 1m58s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Rename package_type column and Go field to extension_type across model, API, update server, manifest sync, settings UI, and changelog. SQL migration renames the column. XML tag <package-type> in .mokogitea/manifest.xml is unchanged (backward compat). Fixes #646 |
||
|
|
45caf41499 |
fix: rename custom fields handlers, clean metadata API naming
Universal: Auto Version Bump / Version Bump (push) Successful in 5s
Branch Policy Check / Verify merge target (pull_request) Successful in 2s
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 2s
Universal: PR Check / Validate PR (pull_request) Failing after 11s
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Generic: Project CI / Lint & Validate (pull_request) Successful in 33s
PR RC Release / Build RC Release (pull_request) Failing after 47s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 53s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 2m39s
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 2m21s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
|
||
|
|
1ec0a70c0c |
fix: rename API handlers to avoid collision with custom_fields GetRepoMetadata
Deploy MokoGitea / deploy (push) Successful in 4m5s
|
||
|
|
3c9e3ffa13 |
fix: lowercase Joomla element names, rename Manifest → Metadata (#635)
Branch Policy Check / Verify merge target (pull_request) Failing after 1s
Universal: PR Check / Branch Policy (pull_request) Failing after 1s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 1s
Universal: PR Check / Validate PR (pull_request) Failing after 9s
Generic: Project CI / Lint & Validate (pull_request) Successful in 37s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 36s
PR RC Release / Build RC Release (pull_request) Failing after 36s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 1m49s
Universal: Build & Release / Promote to RC (pull_request) Failing after 5s
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
AutoElementName() was using m.Name without lowercasing or cleaning,
producing elements like pkg_MokoSuiteBackup instead of
pkg_mokosuitebackup. Added cleanJoomlaElement() to replicate
Joomla's InputFilter::clean('cmd') behavior.
Removed incorrect "plugin": "plg_" — Joomla plugins use bare names.
Renamed RepoManifest → RepoMetadata across all non-migration Go
files. DB table remains repo_manifest for backward compatibility.
Migration files unchanged to preserve migration chain.
API endpoints /manifest and /metadata both continue to work
(backward compat route preserved in api.go).
Fixes #635
|
||
|
|
91e50fe4bf |
fix: remove version from manifest first-class fields
Universal: Auto Version Bump / Version Bump (push) Successful in 6s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 2m35s
Branch Policy Check / Verify merge target (pull_request) Successful in 2s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 1s
Universal: PR Check / Validate PR (pull_request) Failing after 8s
Generic: Project CI / Lint & Validate (pull_request) Successful in 32s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 39s
PR RC Release / Build RC Release (pull_request) Failing after 49s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Failing after 1s
Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 2m24s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Version is not a required metadata field — it's derived from git tags and releases, not stored in the manifest. Remove from RepoManifest model and the manifest API request/response struct. VersionPrefix, StandardsVersion, and TargetVersion are kept as they serve different purposes (tag parsing, standards compliance, platform targeting). |
||
|
|
9d45a767e7 | Merge pull request 'feat(issues): make status_id, priority_id, type_id required on create (#598)' (#613) from feature/598-required-issue-metadata into main | ||
|
|
e0d4f5fd15 |
fix: handle SetIssueStatusID/PriorityID/TypeID errors on create
Universal: Auto Version Bump / Version Bump (push) Successful in 9s
Branch Policy Check / Verify merge target (pull_request) Failing after 2s
Universal: PR Check / Branch Policy (pull_request) Failing after 2s
Generic: Repo Health / Access control (pull_request) Successful in 3s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Universal: PR Check / Validate PR (pull_request) Failing after 13s
Generic: Project CI / Lint & Validate (pull_request) Successful in 50s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Successful in 3s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 1m36s
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 4m36s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Explicit caller-provided values now return 500 on failure instead of silently discarding the error. Default auto-assignment still uses best-effort (log and continue) since it's a fallback. |