MokoGitea-Fork

Author	SHA1	Message	Date
Jonathan Miller	93f20b9671	merge: resolve conflicts, keep client_id fix	2026-06-14 15:00:16 -05:00
Jonathan Miller	c453310834	fix: set correct <client> per extension type in Joomla update feed (#611 ) Generic: Project CI / Tests (push) Blocked by required conditions Details Generic: Repo Health / Scripts governance (push) Blocked by required conditions Details Generic: Repo Health / Repository health (push) Blocked by required conditions Details Generic: Repo Health / Report Issues (push) Blocked by required conditions Details Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 1s Details Universal: Auto Version Bump / Version Bump (push) Successful in 5s Details Generic: Project CI / Tests (pull_request) Blocked by required conditions Details Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions Details Universal: PR Check / Report Issues (pull_request) Blocked by required conditions Details Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions Details Generic: Repo Health / Repository health (pull_request) Blocked by required conditions Details Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions Details Branch Policy Check / Verify merge target (pull_request) Successful in 2s Details Universal: PR Check / Branch Policy (pull_request) Successful in 1s Details Generic: Repo Health / Access control (pull_request) Successful in 2s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Universal: PR Check / Validate PR (pull_request) Failing after 9s Details Generic: Project CI / Lint & Validate (push) Successful in 31s Details Generic: Project CI / Lint & Validate (pull_request) Successful in 28s Details PR RC Release / Build RC Release (pull_request) Failing after 1m11s Details Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 1m14s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| github.ref_name }}) (push) Successful in 2m6s Details Universal: Build & Release / Promote to RC (pull_request) Successful in 17s Details Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped Details	2026-06-14 14:53:53 -05:00
Jonathan Miller	c2687a2595	fix: use string client values (site/administrator) per Joomla update spec Universal: Auto Version Bump / Version Bump (push) Successful in 7s Details Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 3s Details Branch Policy Check / Verify merge target (pull_request) Failing after 1s Details Universal: PR Check / Branch Policy (pull_request) Failing after 1s Details Generic: Repo Health / Access control (pull_request) Successful in 1s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Universal: PR Check / Validate PR (pull_request) Failing after 10s Details Generic: Project CI / Lint & Validate (pull_request) Successful in 27s Details PR RC Release / Build RC Release (pull_request) Failing after 1m28s Details Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 55s Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Generic: Project CI / Tests (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been skipped Details RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped Details Universal: Build & Release / Promote to RC (pull_request) Has been skipped Details Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped Details Joomla's update server documentation specifies <client> should be "site" or "administrator" strings, not numeric 0/1. Joomla's XML parser handles the string-to-integer mapping internally. Co-Authored-By: Moko Consulting <hello@mokoconsulting.tech>	2026-06-11 19:17:04 -05:00
Jonathan Miller	0f1002f3c9	fix: address review findings for wiki API Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 3s Details Branch Policy Check / Verify merge target (pull_request) Failing after 2s Details Universal: PR Check / Branch Policy (pull_request) Failing after 3s Details Universal: PR Check / Validate PR (pull_request) Failing after 13s Details Universal: Build & Release / Promote to RC (pull_request) Has been skipped Details Branch Cleanup / Delete merged branch (pull_request) Successful in 3s Details RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped Details Generic: Project CI / Lint & Validate (pull_request) Successful in 42s Details Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 44s Details Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 4m30s Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Generic: Project CI / Tests (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details - Log warning when wiki blob exceeds max size (was silent empty return) - Fix stale WebPathFromRequest test to match folder-based wiki behavior	2026-06-11 17:03:21 -05:00
Jonathan Miller	878cac5d99	fix: address review findings for update feed bugs Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 4s Details Branch Policy Check / Verify merge target (pull_request) Failing after 4s Details Universal: PR Check / Branch Policy (pull_request) Failing after 4s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Generic: Repo Health / Access control (pull_request) Successful in 5s Details Universal: PR Check / Validate PR (pull_request) Failing after 16s Details Generic: Project CI / Lint & Validate (pull_request) Successful in 48s Details Universal: Build & Release / Promote to RC (pull_request) Has been skipped Details Branch Cleanup / Delete merged branch (pull_request) Successful in 5s Details RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped Details Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 1m16s Details PR RC Release / Build RC Release (pull_request) Failing after 1m13s Details Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 4m20s Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Generic: Project CI / Tests (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details - Extend versionRegex to capture pre-release suffixes in fallback path - Anchor versionHasChannelSuffix with regex to avoid false positives - Log LoadAttributes errors instead of silently skipping releases	2026-06-11 16:36:32 -05:00
Jonathan Miller	7dfb11070d	fix: update server feed generation bugs (#601 ) Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 2s Details Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped Details Branch Policy Check / Verify merge target (pull_request) Failing after 2s Details Universal: PR Check / Branch Policy (pull_request) Failing after 3s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Generic: Repo Health / Access control (pull_request) Successful in 3s Details Universal: Build & Release / Promote to RC (pull_request) Failing after 14s Details Universal: PR Check / Validate PR (pull_request) Failing after 14s Details Generic: Project CI / Lint & Validate (pull_request) Successful in 51s Details Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 59s Details PR RC Release / Build RC Release (pull_request) Failing after 1m27s Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Generic: Project CI / Tests (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details - Change default targetplatform from (5\|6)\.* to 6\..* for Joomla 6 compat - Use FullElementName() to auto-construct element from PackageType + Name - Change <client> from string (site/administrator) to numeric (0/1) - Preserve pre-release version suffix number (e.g. -rc2 not just -rc) Co-Authored-By: Moko Consulting <hello@mokoconsulting.tech>	2026-06-11 16:28:00 -05:00
Jonathan Miller	7f3785e7de	fix: return 404 for update feeds when update server is disabled (#589 ) Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 1s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Branch Policy Check / Verify merge target (pull_request) Failing after 1s Details Universal: PR Check / Branch Policy (pull_request) Failing after 1s Details Generic: Repo Health / Access control (pull_request) Successful in 1s Details Universal: PR Check / Validate PR (pull_request) Failing after 8s Details PR RC Release / Build RC Release (pull_request) Failing after 1m3s Details Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 1m6s Details Universal: Build & Release / Promote to RC (pull_request) Has been skipped Details RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped Details Branch Cleanup / Delete merged branch (pull_request) Successful in 2s Details Universal: Build & Release / Build & Release Pipeline (pull_request) Failing after 33s Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details The RepoAssignmentPublicFeed middleware did not check LicensingEnabled, so feed endpoints responded with valid data even when the feature was disabled. Now checks the effective config (repo → org cascade) and returns 404 when neither level has LicensingEnabled=true. Co-Authored-By: Moko Consulting <hello@mokoconsulting.tech>	2026-06-11 15:26:52 -05:00
Jonathan Miller	549e890cd0	refactor: rename models/licenses to models/updateserver Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 2s Details Generic: Project CI / Lint & Validate (push) Successful in 40s Details Deploy MokoGitea / deploy (push) Successful in 5m29s Details Generic: Project CI / Tests (push) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Rename the licensing/update server model package to better reflect its purpose. All imports updated from licenses_model to updateserver_model. License key management UI files kept (only imports updated).	2026-06-09 20:29:03 -05:00
Jonathan Miller	aeb36e4312	feat: use manifest API as source of truth for update feed metadata (#592 ) Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 3s Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Replace custom field + config table cascade with manifest-only read for extension identity fields (element_name, package_type, display_name, target_version, php_minimum, description). Config table retained only for licensing fields (download_gating, key_prefix, support_url fallback). Fix client field: package/component/library/file → administrator. Remove issues_model import (custom field lookups removed).	2026-06-09 14:32:39 -05:00
Jonathan Miller	1caf26453f	feat: issue metadata API + org wiki tab with internal/external mode Generic: Project CI / Tests (push) Blocked by required conditions Details Generic: Project CI / Tests (pull_request) Blocked by required conditions Details Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions Details Universal: PR Check / Report Issues (pull_request) Blocked by required conditions Details Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions Details Generic: Repo Health / Repository health (pull_request) Blocked by required conditions Details Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions Details Branch Policy Check / Verify merge target (pull_request) Successful in 2s Details Universal: PR Check / Branch Policy (pull_request) Successful in 2s Details Generic: Repo Health / Access control (pull_request) Successful in 2s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Universal: PR Check / Validate PR (pull_request) Failing after 12s Details Branch Cleanup / Delete merged branch (pull_request) Has been skipped Details RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped Details Universal: Build & Release / Promote to RC (pull_request) Has been skipped Details Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 41s Details Generic: Project CI / Lint & Validate (pull_request) Successful in 43s Details Generic: Project CI / Lint & Validate (push) Successful in 45s Details PR RC Release / Build RC Release (pull_request) Failing after 39s Details Universal: Build & Release / Build & Release Pipeline (pull_request) Failing after 31s Details Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 1s Details Universal: Auto Version Bump / Version Bump (push) Successful in 7s Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Issue Status/Priority/Type API: - Expose status_id, priority_id, type_id (with resolved names) on Issue API struct - New endpoints: GET /orgs/{org}/issue-statuses, /issue-priorities, /issue-types - CreateIssue and EditIssue handlers accept status_id, priority_id, type_id - MCP tools: 5 new tools + updated create/update with metadata params Org Wiki Tab: - Convention repos: wiki (public) and wiki-private (members-only) - Inline wiki rendering with markdown pipeline, sidebar, footer, page list - Public/private view dropdown (same UX as org profile README selector) - External wiki mode: link to outside URL from wiki tab - Wiki mode setting in org settings (internal vs external with URL field) - Migration 354: add wiki_mode and wiki_url to user table	2026-06-09 10:20:54 -05:00
Jonathan Miller	c26ad626bd	feat(manifest): add distribution metadata fields (phase 1 consolidation) Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 1s Details Branch Policy Check / Verify merge target (pull_request) Successful in 2s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Universal: PR Check / Branch Policy (pull_request) Successful in 2s Details Generic: Repo Health / Access control (pull_request) Successful in 2s Details Universal: Auto Version Bump / Version Bump (push) Failing after 11s Details Universal: PR Check / Validate PR (pull_request) Failing after 11s Details Universal: Build & Release / Promote to RC (pull_request) Has been skipped Details Branch Cleanup / Delete merged branch (pull_request) Has been skipped Details RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped Details Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 30s Details PR RC Release / Build RC Release (pull_request) Failing after 29s Details Generic: Project CI / Lint & Validate (pull_request) Successful in 37s Details Generic: Project CI / Lint & Validate (push) Successful in 1m11s Details Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 2m14s Details Generic: Project CI / Tests (push) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Generic: Project CI / Tests (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details Add DisplayName, Maintainer, MaintainerURL, InfoURL, TargetVersion, and PHPMinimum to RepoManifest. These fields were previously only in UpdateStreamConfig and are now in the manifest as the single source of truth. Distribution section shown conditionally for joomla/wordpress/ dolibarr platforms. Closes #582 phase 1.	2026-06-07 13:36:58 -05:00
Jonathan Miller	aae7b65329	fix(manifest): sync version_prefix + element_name, rename moko-platform everywhere Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 2s Details Branch Policy Check / Verify merge target (pull_request) Successful in 2s Details Universal: PR Check / Branch Policy (pull_request) Successful in 2s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details PR RC Release / Build RC Release (pull_request) Successful in 2s Details Generic: Repo Health / Access control (pull_request) Successful in 1s Details Universal: PR Check / Validate PR (pull_request) Failing after 7s Details RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped Details Branch Cleanup / Delete merged branch (pull_request) Successful in 1s Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details - manifest_sync.go: add VersionPrefix and ElementName to XML parse and DB sync - deploy workflow: use manifest API for version prefix instead of hardcoded sed - pre-release workflow: rename moko-platform paths to mokoplatform - All workflow headers: rename moko-platform references - manifest.xml: update root element to mokoplatform, add version-prefix field - Server: symlink /opt/mokoplatform -> /opt/moko-platform for compatibility	2026-06-07 12:36:43 -05:00
Jonathan Miller	18fc79fa0a	feat(security): add dependency vulnerability scanner (#551 ) Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 1s Details Branch Policy Check / Verify merge target (pull_request) Successful in 1s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Universal: PR Check / Branch Policy (pull_request) Successful in 1s Details Generic: Repo Health / Access control (pull_request) Successful in 1s Details PR RC Release / Build RC Release (pull_request) Successful in 3s Details Universal: PR Check / Validate PR (pull_request) Failing after 6s Details Branch Cleanup / Delete merged branch (pull_request) Successful in 2s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| 'development' }}) (pull_request) Successful in 1m22s Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details Add dependency scanner module that parses manifest files (go.mod, package.json, composer.json, requirements.txt) and checks dependencies against the OSV.dev API for known CVEs. Implements the existing Scanner interface and wires into the orchestrator for push-time scanning.	2026-06-07 10:32:04 -05:00
Jonathan Miller	50c472991a	fix(auth): add login form with OAuth to all error pages Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 1s Details Branch Policy Check / Verify merge target (pull_request) Successful in 1s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Universal: PR Check / Branch Policy (pull_request) Successful in 1s Details Generic: Repo Health / Access control (pull_request) Successful in 1s Details PR RC Release / Build RC Release (pull_request) Successful in 3s Details Universal: PR Check / Validate PR (pull_request) Failing after 7s Details Branch Cleanup / Delete merged branch (pull_request) Failing after 2s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| 'development' }}) (pull_request) Successful in 1m33s Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details - 403: OAuth buttons moved below password form (matches regular login) - 404: Login form with OAuth added for unauthenticated users - Both pages load OAuth2 providers and show Sign In with Google etc.	2026-06-06 18:25:51 -05:00
Jonathan Miller	7d03541201	fix(auth): show OAuth providers on 403 login form Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 3s Details Branch Policy Check / Verify merge target (pull_request) Successful in 2s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Universal: PR Check / Branch Policy (pull_request) Successful in 2s Details Generic: Repo Health / Access control (pull_request) Successful in 1s Details PR RC Release / Build RC Release (pull_request) Successful in 2s Details Universal: PR Check / Validate PR (pull_request) Failing after 6s Details Branch Cleanup / Delete merged branch (pull_request) Successful in 2s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| 'development' }}) (pull_request) Successful in 1m13s Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details The 403 Access Denied page login form now shows OAuth2 provider buttons (Sign in with Google, etc.) alongside the username/password form. Previously only showed password login even when OAuth was configured.	2026-06-06 18:15:25 -05:00
Jonathan Miller	f7c1904625	feat(security): built-in security scanning platform (#508 ) Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 1s Details Branch Policy Check / Verify merge target (pull_request) Successful in 1s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Universal: PR Check / Branch Policy (pull_request) Successful in 1s Details Generic: Repo Health / Access control (pull_request) Successful in 1s Details PR RC Release / Build RC Release (pull_request) Successful in 2s Details Universal: PR Check / Validate PR (pull_request) Failing after 5s Details Branch Cleanup / Delete merged branch (pull_request) Successful in 1s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| 'development' }}) (pull_request) Successful in 1m44s Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details Add a pluggable security scanning framework with secret detection as the first scanner module. Scans run on push to default branch and on-demand via the Security settings page. Includes: - Scanner interface for pluggable scanner types - Secret scanner with 15 built-in patterns (AWS, GitHub, Stripe, etc.) - SecurityAlert model with fingerprint-based dedup - SecurityScannerConfig per-repo settings - Migration v349 for security tables - Repo settings Security page with alerts table - Scan Now button for on-demand scanning - Alert resolve/dismiss actions - Push-time scanning in post-receive hook	2026-06-06 16:23:08 -05:00
Jonathan Miller	41c42b968e	fix(wiki): preserve slashes in page titles for folder creation Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 2s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Branch Policy Check / Verify merge target (pull_request) Successful in 1s Details Universal: PR Check / Branch Policy (pull_request) Successful in 2s Details Generic: Repo Health / Access control (pull_request) Successful in 1s Details PR RC Release / Build RC Release (pull_request) Successful in 2s Details Universal: PR Check / Validate PR (pull_request) Failing after 6s Details Branch Cleanup / Delete merged branch (pull_request) Successful in 2s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| 'development' }}) (pull_request) Successful in 1m0s Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details UserTitleToWebPath now splits on / and sanitizes each segment independently, preserving the directory structure. This allows creating pages like "features/Custom-Fields" as actual nested files.	2026-06-06 15:15:57 -05:00
Jonathan Miller	6010841ee7	feat(wiki): hierarchical folder navigation with sidebar tree (#79 ) Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 2s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Branch Policy Check / Verify merge target (pull_request) Successful in 2s Details Universal: PR Check / Branch Policy (pull_request) Successful in 1s Details Generic: Repo Health / Access control (pull_request) Successful in 2s Details PR RC Release / Build RC Release (pull_request) Successful in 3s Details Universal: PR Check / Validate PR (pull_request) Failing after 6s Details Branch Cleanup / Delete merged branch (pull_request) Successful in 1s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| 'development' }}) (pull_request) Successful in 1m45s Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details Support real subdirectories in wiki instead of escaping / to %2F. When navigating to a folder, tries README.md, Home.md, index.md as index pages. If none found, shows a file/folder listing. Includes: - Stop escaping / in WebPathFromRequest (wiki_path.go) - Folder detection with index file fallback - Auto-generated sidebar folder tree - Breadcrumb navigation for nested paths - Folder listing view when no index page exists - CSS for tree sidebar and folder listing	2026-06-06 15:09:23 -05:00
Jonathan Miller	dd6e114c70	chore: move CLAUDE.md to .mokogitea/ directory Generic: Repo Health / Site Health (push) Has been cancelled Details Generic: Repo Health / Access control (push) Has been cancelled Details Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| 'development' }}) (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Also includes: - Auto-sync manifest.xml to DB on push to default branch - Wiki pages for custom fields, custom statuses, manifest settings - Updated wiki home page with all current features Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-06 09:43:15 -05:00
Jonathan Miller	8e0388c9d8	fix(custom-fields): log errors instead of silently discarding them Generic: Repo Health / Site Health (push) Has been cancelled Details Generic: Repo Health / Access control (push) Has been cancelled Details Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Generic: Repo Health / Site Health (pull_request) Has been cancelled Details Generic: Repo Health / Access control (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details - saveCustomFieldsFromForm: log GetCustomFieldsByOwner errors - resolveExtensionMetadata: log DB errors on custom field lookup - NewIssue/ViewIssue: log errors from GetCustomFieldsByOwner and GetCustomFieldValuesMap instead of blank-assigning - Composer: fix misleading comment about override source Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 22:14:10 -05:00
Jonathan Miller	cd4c701cb6	fix(custom-fields): address code review findings Generic: Repo Health / Access control (push) Has been cancelled Details Generic: Repo Health / Site Health (push) Has been cancelled Details Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Generic: Repo Health / Site Health (pull_request) Has been cancelled Details Generic: Repo Health / Access control (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details - API: return 500 on GetCustomFieldsByOwner failure instead of silently swallowing the error - resolveExtensionMetadata: add DownloadGating/KeyPrefix to metadata struct instead of mutating the caller's cfg pointer (side effect) - resolveExtensionMetadata: add Description custom field mapping - Composer: use meta.PHPMinimum instead of bypassing the cascade - Web form: flash error on custom field save failure instead of silent log Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 21:59:50 -05:00
Jonathan Miller	1935889f6b	feat(updateserver): resolve extension metadata from custom fields with config fallback Generic: Repo Health / Site Health (push) Has been cancelled Details Generic: Repo Health / Access control (push) Has been cancelled Details Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Generic: Repo Health / Site Health (pull_request) Has been cancelled Details Generic: Repo Health / Access control (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details Add resolveExtensionMetadata() with cascading priority: org-level repo-scoped custom fields → update_stream_config table → repo-derived defaults. All six feed generators (Joomla, WordPress, Composer, Drupal, PrestaShop, WHMCS) now use this unified resolver. Repos can be migrated to custom fields gradually since the config table remains as fallback. Ref #492 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 21:48:14 -05:00
Jonathan Miller	5665bc545e	fix(updateserver): use client=0 for packages to fix Joomla extension matching (#482 ) Generic: Repo Health / Site Health (push) Has been cancelled Details Generic: Repo Health / Access control (push) Has been cancelled Details Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Generic: Repo Health / Site Health (pull_request) Has been cancelled Details Generic: Repo Health / Access control (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details Universal: Build & Release / Promote to RC (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: Build & Release / Build & Release Pipeline (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details Joomla matches updates to installed extensions via element+type+client_id. Packages in #__extensions have client_id=0. Omitting <client> caused Joomla to default to client_id=1, resulting in extension_id=0 in #__updates and updates not appearing. Fix: output <client>0</client> for package types. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 18:44:46 -05:00
Jonathan Miller	d553c87a9d	fix(updateserver): derive maintainer from org profile, infourl from support_url Generic: Repo Health / Site Health (push) Has been cancelled Details Generic: Repo Health / Access control (push) Has been cancelled Details Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Generic: Repo Health / Access control (pull_request) Has been cancelled Details Generic: Repo Health / Site Health (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details Universal: Build & Release / Promote to RC (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: Build & Release / Build & Release Pipeline (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details - Maintainer name: org FullName (from org profile) - Maintainer URL: org Website (from org profile) - Info URL: support_url (product page), falls back to releases page - Removes dependency on separate maintainer/maintainer_url/info_url fields in update_stream_config Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 18:17:51 -05:00
Jonathan Miller	c948696488	feat(ui): show Update Server tab when no gating, Licenses tab when gated Generic: Repo Health / Site Health (push) Has been cancelled Details Generic: Repo Health / Access control (push) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details - No gating: tab shows as "Update Server" with broadcast icon - Gated (prerelease/all): tab shows as "Licenses" with key icon and package count badge - Licensing disabled: tab hidden entirely Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 16:38:49 -05:00
Jonathan Miller	5a80b8da33	docs(updateserver): correct joomlaTagName comment with Joomla source reference Generic: Repo Health / Site Health (push) Has been cancelled Details Generic: Repo Health / Access control (push) Has been cancelled Details Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Generic: Repo Health / Site Health (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Generic: Repo Health / Access control (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details Universal: Build & Release / Promote to RC (pull_request) Has been cancelled Details Universal: Build & Release / Build & Release Pipeline (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details Joomla's Update.php maps tags via STABILITY_ + strtoupper(tag). Valid values: dev, alpha, beta, rc, stable. Full names like "development" silently fall back to STABILITY_STABLE. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 14:29:26 -05:00
Jonathan Miller	0de02fdce5	fix(updateserver): prevent stream name tag from overriding asset-derived version Generic: Repo Health / Site Health (push) Has been cancelled Details Generic: Repo Health / Access control (push) Has been cancelled Details Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Generic: Repo Health / Site Health (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Generic: Repo Health / Access control (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details When the tag is a stream name (e.g. "release-candidate"), the version extracted from the asset filename was being overwritten by the release title version. Remove the isStreamName check since the priority chain (filename -> tag -> title) already handles this correctly. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 12:22:40 -05:00
Jonathan Miller	f0aa2c3034	fix(updateserver): extract version from asset filename, omit client for packages Generic: Repo Health / Site Health (push) Has been cancelled Details Generic: Repo Health / Access control (push) Has been cancelled Details Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Generic: Repo Health / Site Health (pull_request) Has been cancelled Details Generic: Repo Health / Access control (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details - Version now extracted from the zip asset filename first (most accurate), falling back to tag name then release title. Fixes mismatch where title version was updated but asset was stale. - Omit <client> element for package extension types (packages manage their own sub-extension clients per Joomla spec). - Make Client field omitempty so empty string doesn't render empty tag. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 12:14:29 -05:00
Jonathan Miller	e5aa0c343d	fix(updates): default Joomla target version to 5/6 Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Generic: Repo Health / Site Health (pull_request) Has been cancelled Details Generic: Repo Health / Access control (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Generic: Repo Health / Site Health (push) Has been cancelled Details Generic: Repo Health / Access control (push) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: Build & Release / Promote to RC (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details Universal: Build & Release / Build & Release Pipeline (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Release configuration (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Release configuration (push) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 21:57:03 -05:00
Jonathan Miller	ba0d180e39	fix(updates): correct infourl/maintainerurl mapping Generic: Repo Health / Site Health (push) Has been cancelled Details Generic: Repo Health / Access control (push) Has been cancelled Details Generic: Repo Health / Site Health (pull_request) Has been cancelled Details Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Generic: Repo Health / Access control (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details Universal: Build & Release / Promote to RC (pull_request) Has been cancelled Details Universal: Build & Release / Build & Release Pipeline (pull_request) Has been cancelled Details Generic: Repo Health / Release configuration (push) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Release configuration (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details <infourl> = InfoURL field (product/release info page), fallback /releases <maintainerurl> = SupportURL field (support site), fallback MaintainerURL, fallback org profile Previously SupportURL was mapped to <infourl> which was wrong. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 21:54:01 -05:00
Jonathan Miller	963fa6d384	fix(licenses): always allow anonymous download path access on licensed repos Generic: Repo Health / Site Health (pull_request) Has been cancelled Details Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Generic: Repo Health / Access control (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Generic: Repo Health / Site Health (push) Has been cancelled Details Generic: Repo Health / Access control (push) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Release configuration (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Release configuration (push) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details RepoAssignment now always grants LicensedReadOnly for download paths (/releases/, /archive/) on licensed repos. The actual download gating (none/prerelease/all) is enforced by CheckDownloadGating in the handler. Previously only download_gating=none allowed anonymous access. Now prerelease gating also allows through (CheckDownloadGating blocks non-stable downloads without a key). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 15:50:23 -05:00
Jonathan Miller	6405163e60	fix(licenses): restrict downloadsPublic to release/download paths only Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details The downloadsPublic flag was granting LicensedReadOnly to all routes including the main repo page, causing 404 on private repos. Now only applies to paths containing /releases/ or /archive/. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 15:30:23 -05:00
Jonathan Miller	01011f6115	fix(licenses): allow anonymous downloads when download_gating=none on private repos Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details RepoAssignment now checks the download_gating setting. When set to "none" (all downloads public), anonymous users can access release downloads on licensed private repos without a key. Previously, anonymous users always got 403 on private repos even when download gating was set to public. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 15:25:28 -05:00
Jonathan Miller	a22fa57ab1	fix(ui): embed login form on 403 Access Denied page Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Anonymous users seeing the 403 page now get an inline login form with username, password, and submit button. After login, redirects back to the page they were trying to access. Compact form centered with tw-max-w-sm, includes CSRF token and redirect_to hidden field pointing to CurrentURL. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 13:55:52 -05:00
Jonathan Miller	e2c738a8d8	feat(repos): three-level visibility — Public, Private, Hidden Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Add IsHidden field to Repository model. Three visibility modes: - Public: visible to everyone (green label) - Private: members only, non-members see 403 Access Denied (orange) - Hidden: members only, non-members see 404 Not Found (red) Private mode is for commercial repos — customers know the repo exists and see a styled 403 page with sign-in button. Licensed update feeds and key-gated downloads still work. Hidden mode is for internal/secret repos — complete stealth, as if the repo doesn't exist. Settings UI: radio button selector in danger zone replaces the old binary toggle. Each option shows a colored label with description. Migration v342: adds is_hidden column to repository table. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 13:42:25 -05:00
Jonathan Miller	6c7a6e4061	fix(licenses): RequireUnitReader allows LicensedReadOnly access Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details RequireUnitReader now checks for LicensedReadOnly context flag before checking standard permissions. This lets the releases download route pass through for licensed private repos where RepoAssignment granted read-only access via license key. Fixes the 404 on /releases/download/ with valid dlid= param. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 10:23:38 -05:00
Jonathan Miller	02424c3f75	fix(licenses): allow download access on private licensed repos with license key Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details RepoAssignment now checks for dlid/key/download_key query params when licensing is enabled. Anonymous Joomla/WordPress clients with valid license keys can access release download routes on private repos without being signed in. Access flow for licensed private repos: - Anonymous + no key → 403 (styled page) - Anonymous + valid dlid → access granted (CheckDownloadGating validates) - Signed in + no membership → access granted (releases visible, downloads hidden) - Org member → full access Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 10:12:45 -05:00
Jonathan Miller	449af83e2b	fix(ui): styled 403 Access Denied page matching the 404 page layout Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Add templates/status/403.tmpl mirroring the 404 page design with a centered error message and sign-in button for anonymous users. New Forbidden() method on Context renders the styled 403 template for HTML requests, falls back to plain text for API/non-HTML. RepoAssignment now calls ctx.Forbidden() instead of raw HTTPError for both anonymous and signed-in users without access. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 10:05:24 -05:00
Jonathan Miller	3ad37e48e1	fix(security): return 403 for all users on private repos, not 404 Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Both anonymous and signed-in users now get 403 Access Denied when accessing a private repo they lack permission for. Previously anonymous users got 404 which hid the repo's existence. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 09:57:29 -05:00
Jonathan Miller	021a054348	fix(licenses): licensed private repos allow signed-in users to view releases Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details When licensing is enabled on a private repo, signed-in users who are not repo members can now view the releases page (with downloads hidden). The RepoAssignment permission check detects licensing and grants read-only access instead of returning 403. This enables the commercial pattern: private source code, but release notes visible to any authenticated user. Download files are gated by license key via HideReleaseDownloads. Anonymous users still get 404 (no information leak). Non-licensed private repos still return 403 for non-members. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 09:52:05 -05:00
Jonathan Miller	ead620daf9	fix(updates): allow update feeds on private repos via lightweight repo loader Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Update feed endpoints (updates.xml, dolibarr.json, wordpress.json, packages.json, prestashop.xml, drupal.xml, whmcs.json, changelog.xml) now use RepoAssignmentPublicFeed instead of the full RepoAssignment. The lightweight loader fetches the repo by owner/name without checking user permissions. Feed handlers gate access via license keys, not repo membership. This allows private repos to serve update feeds to anonymous Joomla/WordPress/Composer clients with valid license keys. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 09:36:06 -05:00
Jonathan Miller	0add8bda72	fix(security): show 403 Access Denied instead of 404 for signed-in users on private repos Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Signed-in users who lack permission to a private repo now see a 403 "You do not have permission" instead of a misleading 404. Anonymous users still get 404 to prevent repo enumeration. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 09:26:21 -05:00
Jonathan Miller	bd81616432	fix(build): remove unused time import in drupal.go Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 09:10:11 -05:00
Jonathan Miller	02f3ed88f1	feat(updates): PrestaShop (#352 ), Drupal (#353 ), WHMCS (#355 ) update feeds Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details PrestaShop: GET /updates/prestashop.xml — module update XML with name, version, download URL, author, SHA256. Serves stable only. Drupal: GET /updates/drupal.xml — update status XML per Drupal API spec. Includes project metadata, all releases with status, download links, SHA256. Uses TargetVersion config for api_version field. WHMCS: GET /updates/whmcs.json — simple JSON with latest stable version, download URL (with dlid), changelog, author. License key embedded in download URL when provided. All three use ResolveReleaseStream for manual/auto stream mapping, readSHA256FromSidecar for integrity hashes, and extractVersion with stream-name tag fallback. Routes registered under the update server group alongside Joomla, Dolibarr, WordPress, and Composer feeds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 09:08:03 -05:00
Jonathan Miller	0fb0aea719	feat(updates): Composer packages.json feed (#354 ), hide menu items for guests Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Composer feed: new endpoint GET /updates/packages.json serving Composer/Packagist-compatible packages.json. Includes version, dist URL with SHA256, authors, PHP requirement. License key embedded in download URL when provided. Menu visibility: Actions and Licenses tabs in repo header now require .IsSigned — anonymous users no longer see tabs they can't access. Previously the tabs were visible but clicking redirected to login (confusing UX). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 09:02:00 -05:00
Jonathan Miller	b65b155446	SECURITY: fix release download gating and require login for actions Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Release gating: HideReleaseDownloads now checks download_gating setting in addition to feed_visibility. When licensing is enabled and download_gating != "none", anonymous users see "Sign in to download" instead of download links on the release page. Actions: changed from optSignIn to reqSignIn on the repo actions route group. Anonymous users can no longer view CI/CD runs, logs, or artifacts. This is a MokoGitea policy override — upstream Gitea allows public actions on public repos. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 08:40:40 -05:00
Jonathan Miller	d85ae6aa21	fix(build): add UpdateStream to EditReleaseForm Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 07:56:11 -05:00
Jonathan Miller	1b9b82d59a	fix(build): pass ctx to buildWordPressChangelog for ResolveReleaseStream Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 07:47:42 -05:00
Jonathan Miller	37322e4212	feat(updates): manual release-to-stream mapping Branch Policy Check / Verify merge target (pull_request) Has been cancelled Details Universal: PR Check / Branch Policy (pull_request) Has been cancelled Details Universal: PR Check / Validate PR (pull_request) Has been cancelled Details Branch Cleanup / Delete merged branch (pull_request) Has been cancelled Details PR RC Release / Build RC Release (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Add release_stream_map table for explicitly assigning releases to update streams. When a mapping exists, it overrides automatic tag detection. When absent, falls back to tag name/suffix matching. New model: ReleaseStreamMap with SetReleaseStream, GetReleaseStream, ResolveReleaseStream (manual first, auto fallback). UI: stream selector dropdown on release create/edit page, shown when licensing is enabled. Options: auto-detect (default) or any configured stream (stable, release-candidate, beta, etc.). All three feed generators (Joomla, Dolibarr, WordPress) now use ResolveReleaseStream instead of MatchStreamFromTag. Migration v340 updated with release_stream_map table creation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 07:37:02 -05:00
Jonathan Miller	2f9097a254	fix(updates): check tag name not extracted version for stream name detection isStreamName was checking the extracted version (empty for stream tags) instead of the original tag name. Now checks rel.TagName directly, and also falls through when extractVersion returns empty. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 07:29:43 -05:00

1 2 3 4 5 ...

2196 Commits