8c63b009538cfbb25f10c7a1908f0dfd1c2be695
5266 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
5d797431f0 |
fix: repair pre-existing test-suite compile/vet failures
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 1m15s
`go vet ./...` (finally runnable with a local Go toolchain) surfaced three pre-existing failures that prevented the whole test tree from compiling — which is very likely why the "Project CI / Tests" job never went green. None relate to #727; all pre-existing on main. - modules/util/util_test.go: CryptoRandomInt/String/Bytes now return (value, error); the tests used single-value assignment. Updated to capture + assert the error (and dropped a now-redundant `var err error`). - tests/integration/auth_oauth2_test.go: `newFakeOIDCServer` was declared twice with different signatures (redeclaration = build failure). Renamed the config-struct variant to `newFakeOIDCServerWithConfig` and updated its caller; the (sub, oid) variant keeps the original name for its caller. - routers/web/repo/issue_comment.go: removed a redundant `&& statusIDStr != ""` duplicate condition (vet: redundant and). Verified: `go vet ./modules/util` clean; full `go vet ./...` re-run. Claude-Session: https://claude.ai/code/session_01Wsno14cxE49MstXFs9G5KT |
||
|
|
6a3db171c1 |
feat(org): org-level email domain policy for members (#727)
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
PR RC Release / Build RC Release (pull_request) Successful in 3s
Universal: PR Check / Validate PR (pull_request) Successful in 12s
Generic: Project CI / Lint & Validate (pull_request) Successful in 25s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m2s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Successful in 4s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Restricts which email domains an organization's members may have. When a policy
is configured, a user can only be added to the org (via any team) if their
primary email matches one of the allowed domain globs.
Enforced at the single membership choke point services/org.AddTeamMember, which
every add path (API, web, group-sync) funnels through — so one check covers them
all. On violation it returns a typed ErrEmailDomainNotAllowed; the API team-add
handler maps it to 422.
- models/git/org_email_domain.go: OrgEmailDomainPolicy model + EmailAllowed
(domain glob match) + OrgEmailDomainAllowed + typed error + CRUD. Migration 366.
- API: GET/PATCH/DELETE /orgs/{org}/email_domain_policy.
- Enforcement in services/org/team.go; 422 mapping in routers/api/v1/org/team.go.
An empty policy imposes no restriction. This is the one bounded piece of the
"access/security" tier; org 2FA-required and IP allowlists were deliberately NOT
built here — they are cross-cutting enforcement (auth gating / request
middleware) that needs a compiler + tests, not a blind stacked PR.
Stacked on #731/#730/#729/#728 for migration ordering (this = 366). Swagger
omitted.
Note: no Go toolchain available locally, so not compiled/gofmt'd/tested here.
Hand-verified: gofmt (tabs, no blank-in-block), imports (git_model added to the
api team handler, gci order), typed-error detection, migration contiguous (366).
Claude-Session: https://claude.ai/code/session_01Wsno14cxE49MstXFs9G5KT
|
||
|
|
d3134b1c53 |
feat(org): org-level repository defaults applied on repo create/transfer (#727)
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
PR RC Release / Build RC Release (pull_request) Successful in 3s
Universal: PR Check / Validate PR (pull_request) Successful in 9s
Generic: Project CI / Lint & Validate (pull_request) Successful in 15s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m5s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Successful in 3s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Adds a single per-org repository-defaults config, applied to a repo when it is
created in or transferred into the org via a notifier (services/org):
- ForcePrivate — force new/transferred repos private (Repository.IsPrivate).
- PR defaults (when ApplyPRDefaults) — allowed merge styles, default merge
style, and auto-delete-branch-after-merge, written to the repo's pull-requests
unit config via repo_service.UpdateRepositoryUnits.
Best-effort: the notifier logs and swallows errors, so a defaults bug can never
break repository creation or transfer.
- models/git/org_repo_defaults.go: OrgRepoDefaults model + CRUD + migration 365.
- API: GET/PATCH/DELETE /orgs/{org}/repo_defaults.
- services/org/notifier.go: CreateRepository/TransferRepository -> apply defaults;
registered from routers/init.go (org_service.Init()).
Stacked on #730/#729/#728 for migration ordering (this = 365). Swagger omitted.
Note: no Go toolchain available locally, so not compiled/gofmt'd/tested here.
Hand-verified: gofmt (tabs, no blank-in-block, struct/DTO alignment), imports
used, no Init() collision in services/org, migration contiguous (365), notifier
signatures match the Notifier interface.
Claude-Session: https://claude.ai/code/session_01Wsno14cxE49MstXFs9G5KT
|
||
|
|
3aac1b456c |
feat(org): org-level push policy enforced in the pre-receive hook (#727)
Universal: PR Check / Branch Policy (pull_request) Successful in 3s
PR RC Release / Build RC Release (pull_request) Successful in 5s
Universal: PR Check / Validate PR (pull_request) Successful in 15s
Generic: Project CI / Lint & Validate (pull_request) Successful in 23s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m13s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Successful in 1s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Adds a single per-org push policy that cascades to every repo of the org and is
enforced in the pre-receive hook:
- Branch/tag name conventions (glob) — a pushed ref name must match. Fail-closed.
- Mandatory secret-scanning block-on-push — org can force secret blocking that a
repo cannot disable (overrides the per-repo scanner config in the orchestrator).
- Max pushed-file size — rejects a tip tree containing a blob over the limit.
- Blocked file-path patterns — rejects pushes changing matching paths (reuses
pull_service.CheckFileProtection).
The two content checks (blocked paths, max size) FAIL OPEN on any error so a
policy/parsing bug can never wedge all pushes; naming is fail-closed.
- models/git/org_push_policy.go: OrgPushPolicy model + CRUD + matchers +
GetOrgPushPolicyForRepo. Migration 364.
- API: GET/PATCH/DELETE /orgs/{org}/push_policy (routers/api/v1/org/push_policy.go,
DTOs in modules/structs/org_push_policy.go, wired in api.go).
- Enforcement: routers/private/hook_pre_receive.go (branch: naming + blocked paths
+ max size; tag: naming) and services/security/orchestrator.go (secret mandate).
Deferred: a repo-facing read-only view of the org push policy (it is an org-wide
config, not per-repo overlay rules; readable via the API for now).
Stacked on #729/#728 for migration ordering (this = 364). Swagger annotations
omitted (can't regenerate without the toolchain).
Note: no Go toolchain available locally, so not compiled/gofmt'd/tested here.
Hand-verified: gofmt (tabs, no blank-in-block), escape sequences in the ls-tree
parser, imports used, migration contiguous (364), fail-open on content checks.
Claude-Session: https://claude.ai/code/session_01Wsno14cxE49MstXFs9G5KT
|
||
|
|
b31336d1fe |
feat(org): org-level tag protection, layered with per-repo protected tags (#727)
Universal: Build & Release / Promote to RC (pull_request) Failing after 18s
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
Generic: Project CI / Lint & Validate (pull_request) Successful in 39s
PR RC Release / Build RC Release (pull_request) Successful in 2m21s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Universal: PR Check / Validate PR (pull_request) Successful in 11s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m17s
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Branch Cleanup / Delete merged branch (pull_request) Successful in 1s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Adds org-level tag protection as a parallel to org-level branch protection.
An org tag rule is {NamePattern, AllowlistTeamIDs}; it cascades to every repo
in the org and layers on top of the repo's own protected tags — a tag is
controllable (push/delete) only if allowed at BOTH levels (fail-closed).
- models/git/org_protected_tag.go: OrgProtectedTag model + CRUD +
ToProtectedTag() (reuses the ProtectedTag matcher/allowlist logic) +
IsUserAllowedToControlTagInRepo() which ANDs the repo decision with the org
decision. Migration 363.
- API: /orgs/{org}/tag_protections CRUD (routers/api/v1/org/tag_protection.go,
DTOs in modules/structs/org_tag.go, wired in api.go).
- Enforcement: the git push/delete hook (hook_pre_receive.go) and the two
release paths (release.go create/delete) now call the layered check, so no
per-site tag logic changes beyond swapping the helper.
- View: the repo Tag settings page lists inherited org tag rules read-only.
Stacked on #728 (branch-protection PR) for migration ordering — merge #728
first. Swagger annotations omitted (can't regenerate the swagger JSON without
the toolchain); routes still register.
Note: no Go toolchain available locally, so not compiled/gofmt'd/tested here.
Hand-verified: gofmt (tabs, no blank-in-block, struct alignment), template
nesting balances, all .Rule fields exist on OrgProtectedTag, all locale keys
defined, JSON valid, migration contiguous (363).
Claude-Session: https://claude.ai/code/session_01Wsno14cxE49MstXFs9G5KT
|
||
|
|
4b68853f08 |
feat(org): add branch-deletion protection + expandable inherited-rule view (#727)
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 1s
Generic: Project CI / Lint & Validate (pull_request) Successful in 39s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 1m3s
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
PR RC Release / Build RC Release (pull_request) Successful in 1m8s
Generic: Project CI / Tests (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report: Scripts Governance (pull_request) Has been cancelled
Generic: Repo Health / Report: Repository Health (pull_request) Has been cancelled
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Universal: PR Check / Validate PR (pull_request) Successful in 12s
Universal: PR Check / Secret Scan (pull_request) Successful in 3m47s
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Successful in 2s
Two related additions: 1. Branch deletion as an org-level ability. OrgProtectedBranch gained CanDelete / EnableDeleteAllowlist / DeleteAllowlistTeamIDs (migration 362), ToProtectedBranch maps them, and the API (create/edit/response DTOs + handlers) exposes enable_delete / enable_delete_allowlist / delete_allowlist_teams. The layering merge already combined delete fields, so org delete-protection now enforces once ToProtectedBranch populates them. 2. The repo Branch Protection view now renders each inherited org rule as an expandable detail (direct push, force-push, branch deletion, merge, required approvals, status checks, protected files) with team names resolved, instead of three headline badges. Still read-only. Note: no Go toolchain available locally, so not compiled/gofmt'd/tested here. Verified by hand: struct-field gofmt alignment, template block nesting balances, every .Rule field exists on OrgProtectedBranch, and all locale keys referenced in the template are defined. Claude-Session: https://claude.ai/code/session_01Wsno14cxE49MstXFs9G5KT |
||
|
|
23bb025700 |
merge: incorporate main into dev for release PR #714
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Universal: Auto Version Bump / Version Bump (push) Successful in 21s
Generic: Repo Health / Access control (pull_request) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Universal: PR Check / Validate PR (pull_request) Failing after 15s
Generic: Project CI / Lint & Validate (pull_request) Successful in 40s
Deploy MokoGitea (Dev) / Build & Deploy to Dev (push) Failing after 1m32s
PR RC Release / Build RC Release (pull_request) Failing after 2m51s
Universal: PR Check / Secret Scan (pull_request) Successful in 2m49s
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Universal: Build & Release / Build & Release Pipeline (pull_request) Failing after 1m34s
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Successful in 6m59s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report: Scripts Governance (pull_request) Has been cancelled
Generic: Repo Health / Report: Repository Health (pull_request) Has been cancelled
Resolve CHANGELOG conflict — deduplicate feature entries. Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd |
||
|
|
98301bc92b |
merge: incorporate latest dev (post status-presets merge) into cascade-merge
Resolve CHANGELOG conflict, restore issue_metadata.go from dev. Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd |
||
|
|
5da6a40f10 |
fix: resolve merge conflict marker and fix import paths in cherry-picked tests
Universal: PR Check / Branch Policy (pull_request) Failing after 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 2s
Universal: PR Check / Validate PR (pull_request) Failing after 9s
Generic: Project CI / Lint & Validate (pull_request) Successful in 41s
PR RC Release / Build RC Release (pull_request) Failing after 1m15s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Failing after 1m19s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m23s
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Successful in 2s
Universal: Build & Release / Build & Release Pipeline (pull_request) Failing after 1m38s
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 13m43s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report: Scripts Governance (pull_request) Has been cancelled
Generic: Repo Health / Report: Repository Health (pull_request) Has been cancelled
- Remove residual <<<<<<< HEAD marker from api_org_test.go - Convert code.gitea.io/gitea to mokoconsulting paths in 5 new test files: cmd/serv_test.go, models/auth/twofactor_test.go, modules/git/commit_info_nogogit_test.go, routers/private/hook_pre_receive_test.go, services/actions/notifier_helper_test.go - Add changelog entries for new features (#460, #507, #513) Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd |
||
|
|
2ff0e4aa21 |
fix: walk git log context error handling (#38182) (#38185)
Generic: Project CI / Lint & Validate (pull_request) Successful in 35s
Universal: PR Check / Branch Policy (pull_request) Failing after 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 2s
Universal: PR Check / Validate PR (pull_request) Failing after 10s
PR RC Release / Build RC Release (pull_request) Failing after 1m15s
Universal: PR Check / Secret Scan (pull_request) Successful in 55s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Has been cancelled
Universal: Build & Release / Promote to RC (pull_request) Has been cancelled
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been cancelled
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report: Scripts Governance (pull_request) Has been cancelled
Generic: Repo Health / Report: Repository Health (pull_request) Has been cancelled
Backport #38182 Fix #38177 Make WalkGitLog can handle EOF and context errors correctly, and don't export these private functions & methods & structs. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
|
0dc858c15c |
fix(hostmacher): patch incorrect private list (#38170) (#38173)
Backport #38170 by @TheFox0x7 regression from #38039 Co-authored-by: TheFox0x7 <thefox0x7@gmail.com> |
||
|
|
bc578b7eba |
fix: Various sec fixes (#38108) (#38147)
Backport #38108 - Enforce repository token scope on RSS/Atom feed endpoints so a PAT without repo scope can no longer read private repo commit data. - Block HTTP redirects during repository migration clones to prevent SSRF reaching internal addresses via an attacker-controlled redirect. - Redact the notification subject after repo access is revoked so private issue/PR metadata is no longer leaked through the notification API. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> |
||
|
|
186ac68f03 |
fix: bound debian ParseControlFile to a single control stanza (#38044) (#38055)
Backport #38044 by @metsw24-max **Packages-index stanza injection via Debian control file** A `.deb` whose `control` file appends extra paragraphs after a blank line was still accepted, and `ParseControlFile` stored the whole multi-stanza blob in `p.Control`. That blob is re-emitted verbatim into the generated `Packages` index, so the embedded blank line splits it into separate stanzas and an uploader can smuggle a package entry with an attacker-chosen `Filename` into the shared index. A binary control file only holds one stanza, so parsing now stops at the blank line that terminates it; well-formed packages are unaffected and the new subtest covers the trailing-stanza case. Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: metsw24-max <metsw24@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: bircni <bircni@icloud.com> |
||
|
|
fedce235d5 | fix(hostmatcher): block reserved IP ranges from external/private filters (#38039) (#38059) | ||
|
|
f627219ca8 |
feat: cascade merge — auto-create PRs to downstream branches after merge (#460)
Universal: Auto Version Bump / Version Bump (push) Successful in 19s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
PR RC Release / Build RC Release (pull_request) Successful in 4s
Universal: PR Check / Validate PR (pull_request) Failing after 9s
Generic: Project CI / Lint & Validate (pull_request) Successful in 30s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m7s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Adds configurable cascade rules per repo. When a PR merges into a
source branch, the system auto-creates PRs to each configured target
branch. Skips if a matching PR already exists.
- Model: CascadeMergeRule (repo_id, source, target, enabled, auto_merge)
- Migration v362 creates cascade_merge_rule table
- Notifier hooks into MergePullRequest/AutoMergePullRequest events
- API: CRUD at /repos/{owner}/{repo}/cascade_rules (admin only)
Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd
|
||
|
|
df9305758f |
feat: add issue status presets and cross-org migration (#507)
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
PR RC Release / Build RC Release (pull_request) Successful in 3s
Universal: PR Check / Validate PR (pull_request) Failing after 9s
Universal: Auto Version Bump / Version Bump (push) Successful in 14s
Generic: Project CI / Lint & Validate (pull_request) Successful in 46s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m16s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
4 built-in presets: default, software-development, support-tickets, bug-tracking. API endpoints to list presets, apply to org, and copy statuses between orgs. Web UI dropdown on org settings page. Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd |
||
|
|
4178e7f23e |
feat: add delete allowlist for branch protection rules (#696)
Universal: Auto Version Bump / Version Bump (push) Successful in 12s
PR RC Release / Build RC Release (pull_request) Successful in 2s
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Universal: PR Check / Validate PR (pull_request) Failing after 13s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m33s
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Add configurable per-user/team/deploy-key allowlist for deleting protected branches. Previously, protected branches could never be deleted via git push. Now admins can configure deletion permissions with the same granularity as force-push allowlists. - 6 new model fields: CanDelete, EnableDeleteAllowlist, DeleteAllowlistUserIDs/TeamIDs, DeleteAllowlistDeployKeys, DeleteAllowlistActionsUser - CanUserDelete() method with admin-level default (higher than push) - Migration v361 adds columns to protected_branch table - Pre-receive hook checks delete allowlist instead of unconditional block - CanDeleteBranch service uses CanUserDelete instead of IsBranchProtected - API create/edit endpoints support delete allowlist fields - Web UI settings page with radio buttons and user/team dropdowns - 12 new locale strings for the delete allowlist UI Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd |
||
|
|
afe46361c7 |
feat: workflow subdirectory discovery + move custom workflows to custom/ (#693)
Deploy MokoGitea / deploy (push) Failing after 4m16s
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
PR RC Release / Build RC Release (pull_request) Successful in 2s
Universal: PR Check / Validate PR (pull_request) Failing after 10s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m0s
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Gitea's ListWorkflows already uses ListEntriesRecursiveFast (git ls-tree -r) which discovers workflows in subdirectories. Added test cases confirming subdirectory and deeply nested paths are recognized by IsWorkflow. Moved 6 repo-specific workflows (no FILE INFORMATION sync header) to .mokogitea/workflows/custom/ to separate them from template-synced workflows: deploy-mokogitea, deploy-dev, cascade-dev, pr-rc-release, test-mokogitea, upstream-bug-sync. Also fixes deploy-mokogitea.yml: merged the dev health check into the deploy job as step 1 to avoid runner status reporting failures on inter-job handoff (check-dev job was recorded as "skipped" despite passing, cancelling deploy). Closes #693 Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd |
||
|
|
f962ae575a |
fix(actions): exclude workflow_call from workflow trigger detection (#37894) (#37899)
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 38s
Backport #37894 by @Zettat123 Gitea now only allows `workflow_dispatch.inputs`. If a workflow contains `workflow_call.inputs`, the workflow cannot be triggered, even though the `on:` section contains other trigger events. https://github.com/go-gitea/gitea/blob/428ee9fcce7928bf5405900345d43e9ba1b01564/modules/actions/jobparser/model.go#L402-L405 For example, this workflow cannot be triggered due to `workflow_call.inputs`: ```yaml on: push: pull_request: workflow_call: inputs: name: type: string ``` --- This PR is extracted from #37478 for backport Co-authored-by: Zettat123 <zettat123@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.8) <noreply@anthropic.com> |
||
|
|
58074ac860 |
fix(actions): keep action run title clickable when commit subject is a URL (#37867) (#37898)
Backport #37867 by @bircni - When a commit subject is a bare URL, `linkProcessor` wrapped it in its own `<a>` to that URL. Because HTML cannot nest anchors, the wrapping default link (the action run / commit link) was lost and the action title became unclickable — clicking it sent the user to the URL from the commit message instead of the action log. - Drop `linkProcessor` from `PostProcessCommitMessageSubject` so the whole subject stays wrapped in the default link. URLs in subjects now render as text inside that link; URLs in commit bodies are unaffected. Fixes #37865 Co-authored-by: Nicolas <bircni@icloud.com> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> |
||
|
|
ac48c1d958 |
fix: "run as root" check (#37622) (#37625)
Backport #37622 Remove the hacky and fragile `sed os.Getuid()` patch. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
|
d2d7c0a762 |
feat: add ability to edit API token scopes (#697)
Add PATCH /users/{username}/tokens/{id} API endpoint and web UI edit
button so token scopes can be modified after creation without having
to delete and recreate the token.
|
||
|
|
71d52e432e |
feat: enforce required baseline issue statuses (#681)
Deploy MokoGitea / deploy (push) Successful in 5m8s
Add IsRequired field to IssueStatusDef. Open and Closed statuses are seeded as required and cannot be deleted. Delete attempts return an error flash in the web UI and ErrStatusRequired in the model layer. API response now includes is_required field. |
||
|
|
cbaca15cda |
feat(issues): make status_id, priority_id, type_id required on create (#598)
Branch Policy Check / Verify merge target (pull_request) Failing after 4s
Universal: PR Check / Branch Policy (pull_request) Failing after 6s
Universal: PR Check / Validate PR (pull_request) Failing after 19s
Generic: Project CI / Lint & Validate (pull_request) Successful in 42s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 4s
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 2s
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Universal: Auto Version Bump / Version Bump (push) Successful in 11s
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 3m21s
PR RC Release / Build RC Release (pull_request) Failing after 2m55s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
- Change CreateIssueOption fields from *int64 (optional) to int64 - API auto-assigns org defaults when value is 0 - MCP gitea_issue_create now requires status_id, priority_id, type_id (pass 0 for org default) - Keep optional on gitea_issue_update (partial updates) Co-Authored-By: Moko Consulting <hello@mokoconsulting.tech> |
||
|
|
1caf26453f |
feat: issue metadata API + org wiki tab with internal/external mode
Generic: Project CI / Tests (push) Blocked by required conditions
Generic: Project CI / Tests (pull_request) Blocked by required conditions
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Universal: PR Check / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions
Generic: Repo Health / Repository health (pull_request) Blocked by required conditions
Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions
Branch Policy Check / Verify merge target (pull_request) Successful in 2s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Generic: Repo Health / Access control (pull_request) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Universal: PR Check / Validate PR (pull_request) Failing after 12s
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 41s
Generic: Project CI / Lint & Validate (pull_request) Successful in 43s
Generic: Project CI / Lint & Validate (push) Successful in 45s
PR RC Release / Build RC Release (pull_request) Failing after 39s
Universal: Build & Release / Build & Release Pipeline (pull_request) Failing after 31s
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 1s
Universal: Auto Version Bump / Version Bump (push) Successful in 7s
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
Issue Status/Priority/Type API:
- Expose status_id, priority_id, type_id (with resolved names) on Issue API struct
- New endpoints: GET /orgs/{org}/issue-statuses, /issue-priorities, /issue-types
- CreateIssue and EditIssue handlers accept status_id, priority_id, type_id
- MCP tools: 5 new tools + updated create/update with metadata params
Org Wiki Tab:
- Convention repos: wiki (public) and wiki-private (members-only)
- Inline wiki rendering with markdown pipeline, sidebar, footer, page list
- Public/private view dropdown (same UX as org profile README selector)
- External wiki mode: link to outside URL from wiki tab
- Wiki mode setting in org settings (internal vs external with URL field)
- Migration 354: add wiki_mode and wiki_url to user table
|
||
|
|
aae7b65329 |
fix(manifest): sync version_prefix + element_name, rename moko-platform everywhere
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 2s
Branch Policy Check / Verify merge target (pull_request) Successful in 2s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
PR RC Release / Build RC Release (pull_request) Successful in 2s
Generic: Repo Health / Access control (pull_request) Successful in 1s
Universal: PR Check / Validate PR (pull_request) Failing after 7s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Successful in 1s
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
- manifest_sync.go: add VersionPrefix and ElementName to XML parse and DB sync - deploy workflow: use manifest API for version prefix instead of hardcoded sed - pre-release workflow: rename moko-platform paths to mokoplatform - All workflow headers: rename moko-platform references - manifest.xml: update root element to mokoplatform, add version-prefix field - Server: symlink /opt/mokoplatform -> /opt/moko-platform for compatibility |
||
|
|
37d59e7b59 |
feat(cdn): built-in CDN for release asset delivery (#561)
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Branch Policy Check / Verify merge target (pull_request) Successful in 1s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Generic: Repo Health / Access control (pull_request) Successful in 2s
PR RC Release / Build RC Release (pull_request) Successful in 3s
Universal: PR Check / Validate PR (pull_request) Failing after 8s
Branch Cleanup / Delete merged branch (pull_request) Failing after 1s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || 'development' }}) (pull_request) Successful in 2m55s
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Add CDN system that serves release assets via a dedicated hostname (e.g., cdn.mokoconsulting.tech) with per-asset public/private toggles, IP/referrer allowlists, and aggressive caching headers. - Host-based routing intercepts CDN domain before auth middleware - Per-attachment cdn_public flag controls CDN visibility - Releases in an update stream are excluded from CDN (update server takes precedence) - CORS, ETag, Cache-Control headers for downstream CDN compatibility - IP/CIDR and referrer domain allowlists for abuse prevention |
||
|
|
a3c6f54ad3 |
feat(issues): advanced search with custom field filters (#496)
Add the ability to filter issues by custom field values throughout
the entire search stack:
- DB: applyCustomFieldCondition joins custom_field_value with AND
semantics (all specified fields must match)
- Indexer: CustomFieldFilters map passed through SearchOptions and
ToDBOptions
- Web: parse cf_{fieldID}={value} query params, show dropdown
filters in the issue list sidebar for org-level fields
- API: both SearchIssues and ListIssues accept cf_ query params
Closes #496
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
||
|
|
9ebe1b26b1 |
feat(custom-fields): pre-fill custom fields from issue template YAML frontmatter
Add `custom_fields` map to IssueTemplate struct so templates can specify default values (e.g. `Priority: Medium`). On new issue form, org-level issue-scoped fields appear in the sidebar with template defaults pre-selected. NewIssuePost saves the values after issue creation. The API create issue endpoint also accepts `custom_fields` by name. Closes #493 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|
|
c15582aa64 |
fix(build): remove stale custom field API routes, structs, and migration
Generic: Repo Health / Site Health (push) Has been cancelled
Generic: Repo Health / Access control (push) Has been cancelled
Generic: Repo Health / Site Health (pull_request) Has been cancelled
Branch Policy Check / Verify merge target (pull_request) Has been cancelled
Universal: PR Check / Branch Policy (pull_request) Has been cancelled
Generic: Repo Health / Access control (pull_request) Has been cancelled
PR RC Release / Build RC Release (pull_request) Has been cancelled
Universal: PR Check / Validate PR (pull_request) Has been cancelled
Branch Cleanup / Delete merged branch (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Comment out custom-fields API routes in api.go that referenced handler functions from the deleted routers/api/v1/repo/custom_field.go. Remove the unreferenced modules/structs/custom_field.go and the duplicate v1_25/v323 migration (superseded by v1_27/v343). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|
|
3e8124a2b7 |
feat(licenses): API package CRUD, settings API, and repo scope UI
API package endpoints (#388): - PATCH /license-packages/{id} — edit package (master protected) - DELETE /license-packages/{id} — delete package (master protected) - POST /license-packages/{id}/archive — archive package - POST /license-packages/{id}/unarchive — restore package Settings API (#349): - GET /license-settings — read licensing/update stream config - PUT /license-settings — update config (all metadata fields) - New LicenseSettings struct in API types Repo scope UI (#395): - Dropdown in create/edit package forms listing org repos - "All repositories" default option - RepoScope read from form in both repo and org handlers - OrgRepos loaded via GetOrgRepositories in Licenses handlers Refs #341, #346, #349, #388, #395 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|
|
9a5720e8ad |
chore: rename Go module from git. to code.mokoconsulting.tech (#336)
Branch Policy Check / Verify merge target (pull_request) Has been cancelled
Universal: PR Check / Branch Policy (pull_request) Has been cancelled
PR RC Release / Build RC Release (pull_request) Has been cancelled
Universal: PR Check / Validate PR (pull_request) Has been cancelled
Branch Cleanup / Delete merged branch (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Full namespace migration: update the Go module path and all import statements from git.mokoconsulting.tech to code.mokoconsulting.tech. Also updates all URL references in templates, workflows, configs, tests, and documentation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|
|
b77da17f38 |
feat(licenses): implement full commercial license management system
Add key editing, domain enforcement, purchase webhooks, public
validation API, channels multiselect, Joomla downloadkey element,
licensing feature toggle, unified update system, release tag
enforcement, heartbeat tracking, and improved settings UX.
Phase 1: Full key display with AbsoluteShort dates, master package
protection (hide edit/delete in UI, reject in handlers).
Phase 2: Key edit page with template, handlers, and routes for both
repo and org levels. Master keys redirect away.
Phase 3: Domain restriction checking against CSV allowlist,
MaxSites enforcement via CountUniqueDomainsByKey and
IsDomainKnownForKey, dlid query param support for Joomla.
Phase 4: Purchase webhook (POST /license-keys/purchase) with
PaymentRef idempotency. Public validation endpoint
(POST /license-keys/validate) outside auth middleware.
PATCH /license-keys/{id} for API key editing.
Phase 5: Channels multiselect using org UpdateStreamConfig streams
rendered as checkboxes, stored as JSON arrays.
Additional: downloadkey XML element, LicensingEnabled toggle on
UpdateStreamConfig, Dolibarr endpoint unified with key validation,
release tag suffix enforcement, LastHeartbeatUnix field with
TouchHeartbeat, and cleaned-up settings pages.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
||
|
|
68845abd59 |
feat(updates): license key management API endpoints (Phase 4)
Branch Policy Check / Verify merge target (pull_request) Has been cancelled
Universal: PR Check / Branch Policy (pull_request) Has been cancelled
PR RC Release / Build RC Release (pull_request) Has been cancelled
Universal: PR Check / Validate PR (pull_request) Has been cancelled
Branch Cleanup / Delete merged branch (pull_request) Has been cancelled
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || 'development' }}) (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Add REST API for managing license packages and keys:
- GET/POST /api/v1/repos/{owner}/{repo}/license-packages
- GET/POST /api/v1/repos/{owner}/{repo}/license-keys
- DELETE /api/v1/repos/{owner}/{repo}/license-keys/{id}
- GET /api/v1/repos/{owner}/{repo}/license-keys/{id}/usage
API structs for create/edit/response, with raw key only returned on
creation. Requires repo admin permissions.
Ref #239
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
||
|
|
530cfc91b1 |
fix(config): remove WithFileConfig from LandingPage option
Branch Policy Check / Verify merge target (pull_request) Has been cancelled
Universal: PR Check / Branch Policy (pull_request) Has been cancelled
PR RC Release / Build RC Release (pull_request) Has been cancelled
Universal: PR Check / Validate PR (pull_request) Has been cancelled
Branch Cleanup / Delete merged branch (pull_request) Has been cancelled
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || 'development' }}) (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
The WithFileConfig for LandingPage tried to parse the app.ini LANDING_PAGE string value (e.g. "home") as JSON into a struct, causing a startup hang. The landing page setting should only be managed through the dynamic config system (admin UI). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|
|
1d1482a3dc |
feat(admin): configurable default landing page from site administration
Branch Policy Check / Verify merge target (pull_request) Has been cancelled
Universal: PR Check / Branch Policy (pull_request) Has been cancelled
PR RC Release / Build RC Release (pull_request) Has been cancelled
Universal: PR Check / Validate PR (pull_request) Has been cancelled
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || 'development' }}) (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Add a dynamic config option to set the default landing page for unauthenticated visitors from Site Administration > Settings. Options: - Home (default explore page) - Explore (repository explore) - Organizations (org explore) - Login (redirect to login) - Custom path (any internal URL like /MokoConsulting) The setting takes effect immediately without restart, using the same dynamic config system as maintenance mode and web banner. Falls back to the static LANDING_PAGE setting from app.ini if not configured. Closes #240 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|
|
d4824dc05b |
feat(actions): rebrand actions bot user and add branch protection whitelist
Rebrand the built-in actions bot user from upstream Gitea naming to MokoGitea branding: - Name: gitea-actions → mokogitea-actions - FullName: Gitea Actions → MokoGitea Actions - Email: teabot@gitea.io → mokogitea-actions[bot]@mokoconsulting.tech Add backward-compatible name recognition so all three bot name variants (mokogitea-actions, gitea-actions, github-actions) with optional [bot] suffix resolve to the same system user. Add WhitelistActionsUser, MergeWhitelistActionsUser, and ForcePushAllowlistActionsUser toggles to branch protection rules, allowing CI/CD workflows to push to protected branches when explicitly enabled. Previously the actions bot (virtual user ID -2) could never be added to whitelist because updateUserWhitelist() only validates real database users. Closes #233 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|
|
1608b5c4b9 |
feat(branding): replace hardcoded Gitea/MokoGitea with APP_NAME setting
Add runtime ${APP_NAME} placeholder substitution in locale strings so
all user-facing text reflects the configured APP_NAME from app.ini.
Replace 52 hardcoded locale strings, template literals, HTTP auth
realm headers, and Swagger API titles/descriptions with the
configurable value.
Closes #1
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
||
|
|
233144e33e |
fix(auth): set User-Agent on avatar fetch and sync avatar on link-account register (#37564) (#37588) (#37726)
Backport #37588 by @pandareen ## Summary Fixes [go-gitea/gitea#37564](https://github.com/go-gitea/gitea/issues/37564): when an OIDC provider returns a `picture` claim, Gitea is supposed to download that image as the user's avatar (if `[oauth2_client] UPDATE_AVATAR = true`). Two latent bugs prevented this from working consistently: 1. **Default Go User-Agent rejected by some image hosts.** `oauth2UpdateAvatarIfNeed` used `http.Get`, which sends `User-Agent: Go-http-client/1.1`. Hosts like `upload.wikimedia.org` reject that UA with `403`, and every error path silently returned, so the user was left with an identicon and **no log line** to diagnose the issue. 2. **Link-account *register* path skipped avatar sync.** First-time OIDC sign-ins where auto-registration is disabled (or required a username/password retype) go through `LinkAccountPostRegister`, which created the user but never called `oauth2SignInSync`. So the avatar / full name / SSH keys from the IdP were dropped on the floor for those users, even though the existing-account-link path (`oauth2LinkAccount`) and the auto-register path (`handleOAuth2SignIn`) both already did the sync. ## Changes - `routers/web/auth/oauth.go` — `oauth2UpdateAvatarIfNeed` now uses `http.NewRequest` + `http.DefaultClient.Do`, sets `User-Agent: Gitea <version>`, and logs every failure path at `Warn` (invalid URL, fetch error, non-200, body read error, oversize body, upload error). No silent failures. - `routers/web/auth/linkaccount.go` — `LinkAccountPostRegister` now calls `oauth2SignInSync` after a successful user creation, mirroring the auto-register and link-existing-account flows. - `tests/integration/oauth_avatar_test.go` — new `TestOAuth2AvatarFromPicture` integration test with five sub-cases: - `AutoRegister_FetchesAvatarFromPictureWithGiteaUA` — happy path, asserts `use_custom_avatar=true`, an avatar hash is set, exactly one HTTP request was made, and the request carried a `Gitea ` UA. The mock server enforces the UA prefix to mirror real-world hosts that reject Go's default UA. - `AutoRegister_NonOK_DoesNotUpdateAvatar` — server returns 403; user's avatar must remain unset. - `AutoRegister_EmptyPicture_NoFetch` — empty `picture` claim must not trigger any HTTP request. - `AutoRegister_UpdateAvatarFalse_NoFetch` — `UPDATE_AVATAR=false` must not trigger any HTTP request. - `LinkAccountRegister_FetchesAvatarFromPicture` — guards the `linkaccount.go` fix; without the new `oauth2SignInSync` call this assertion fails. ## Test plan - [x] `go test -tags 'sqlite sqlite_unlock_notify' -run '^TestOAuth2AvatarFromPicture$' ./tests/integration/ -v` — 5/5 sub-tests pass. - [x] Manual: log in as a Keycloak user with `picture` claim pointing at `https://avatars.githubusercontent.com/u/9919?v=4` — Gitea avatar is replaced with the GitHub picture. - [x] Manual: same flow with `https://upload.wikimedia.org/...` — request now succeeds (or returns a clearly logged `Warn` line if rate-limited with `429`); previously it silently 403'd. - [x] Manual: `UPDATE_AVATAR=false` — user keeps the identicon, no outbound request in container logs. - [ ] Reviewer: please double-check that no other call sites of `oauth2UpdateAvatarIfNeed` rely on the old `http.Get` behaviour. ## Related - Upstream issue: go-gitea/gitea#37564 -------------------------------------------- AI Editor was used in this PR --------- Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: pandareen <7270563+pandareen@users.noreply.github.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Nicolas <bircni@icloud.com> |
||
|
|
0f23219ee4 |
fix: http content file render (#37850) (#37856)
Backport #37850 Fix #37849 Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: TheFox0x7 <thefox0x7@gmail.com> |
||
|
|
25268d7dd7 |
feat: login notification via email and ntfy on successful sign-in
When a user signs in, sends notifications with username, IP address, user agent, and timestamp. Notifications go through: - Email to the user's registered address - ntfy push to the configured topic Enabled by default, configurable via app.ini: [login_notification] ENABLED = true The notification fires asynchronously (goroutine) so it doesn't block the login redirect. Hooks into handleSignInFull which is the single choke point for all auth methods (password, 2FA, OAuth). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|
|
13352e7213 |
feat: email admin when MokoGitea update is detected
The update checker now emails the first admin user when a new version is found on the configured channel. Notifications are deduplicated — only sent once per new version, not on every cron tick. - Added NotifyFunc callback in updatechecker module - Wired to mailer in cron task registration - Created mail_update.go with plain-text email including version, channel, release URL, and docker pull command Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|
|
8ad1b8a110 |
chore: align update streams to standard channels (dev/alpha/beta/rc/stable)
Matches the Joomla update server pattern used across all Moko repos. Removed the non-standard 'security' channel. All five standard channels now present in updates.xml. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|
|
c572fcfe04 |
chore(core): rename Go module from code.gitea.io/gitea to MokoGitea namespace
Rename the Go module path from code.gitea.io/gitea to git.mokoconsulting.tech/MokoConsulting/MokoGitea across the entire codebase. Scope: - go.mod module declaration - 2,235 Go source files (import paths) - Dockerfile WORKDIR and COPY paths - Swagger API templates - golangci.yml linter config External dependencies (code.gitea.io/gitea-vet, code.gitea.io/sdk/gitea, gitea.com/gitea/act, etc.) are intentionally NOT renamed — they are separate upstream modules. Closes #132 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|
|
60670d066b |
feat: Joomla-style updates.xml with channel selection for update checker
Replace JSON API-based update checking with Joomla-style updates.xml that supports multiple update streams (stable, dev, security). Changes: - Add updates.xml at repo root with stable/dev/security channels following the same XML structure as MokoOnyx and other Joomla repos - Rewrite updatechecker module to parse XML with channel filtering - Add CHANNEL setting to [update_checker] config (default: stable) - Show channel name and docker pull command in admin dashboard banner Config example: [update_checker] ENABLED = true CHANNEL = stable Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|
|
63c801d595 |
fix: remove invalid .mod lexer mapping, update upstream references to MokoGitea
- Remove .mod -> AMPL mapping from conflictingExtLangMap (AMPL lexer doesn't exist in chroma v2.23.1, causing a panic when viewing .mod files). Upstream doesn't have this mapping either. - Update 500 error page issue link to MokoGitea repo - Update home page install/license links to MokoGitea repo - Update theme settings link to MokoGitea repo Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|
|
43b5a54ffa |
fix(actions): make artifact signature payloads unambiguous (#37707) (#37795)
This PR hardens artifact URL signing by encoding signature inputs in an unambiguous binary payload before computing the HMAC. What it changes: - replace direct concatenation-style signing inputs with explicit payload builders - encode string fields with a length prefix before appending their bytes - encode integer fields as fixed-width binary values instead of decimal text - apply the same hardening to both: - Actions Artifact V4 signing in `routers/api/actions/artifactsv4.go` - artifact download signing in `routers/api/v1/repo/action.go` - add regression tests that verify distinct field combinations produce distinct payloads and signatures Why: The previous signing logic built HMAC inputs by appending multiple fields without a strongly structured representation. That kind of construction can create ambiguity at field boundaries, where different parameter combinations may serialize into the same byte stream for signing. This change removes that ambiguity by constructing a deterministic payload format with explicit boundaries between fields. Backport #37707 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
|
ce83900967 |
feat(api): encrypt AWS creds (#37679) (#37713)
Backport #37679 by @Exgene ## Description As mentioned in #37654 `AWSAccessKeyID` and `AWSSecretAccessKey` are not encrypted and stored as is. ## Update Follow the existing `AuthToken` flow of setting the `Encrypted` fields, `Decrypting` them later and `Clearing` them at the end. Closes #37654 Signed-off-by: Kausthubh J Rao <105716675+Exgene@users.noreply.github.com> Co-authored-by: Kausthubh J Rao <105716675+Exgene@users.noreply.github.com> Co-authored-by: Lauris B <lauris@nix.lv> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
|
ec02fb9cf8 |
fix: treat email addresses case-insensitively (#37600) (#37611)
Branch Policy Check / Verify merge target (pull_request) Has been cancelled
|
||
|
|
6f49a9efbe |
feat(api): bulk issue operations — labels, state, milestone, assignees (#21)
Add four new API endpoints under /repos/{owner}/{repo}/issues/bulk/ for
performing batch operations across multiple issues in a single request.
Each endpoint returns a partial-failure result with per-issue success/failure.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|