Compare commits

...

12 Commits

Author SHA1 Message Date
jmiller 02c2033caa chore: sync pr-check.yml from Template-Generic [skip ci] 2026-07-13 09:28:24 +00:00
jmiller 9edfeb6075 chore: sync notify.yml from Template-Generic [skip ci] 2026-07-13 09:28:19 +00:00
jmiller 3ce6fd3e08 Merge pull request 'fix(branding): app icon follows the Nav Icon upload (#773)' (#774) from fix/app-icon-follows-nav-icon into main
Cascade Main -> Dev / Cascade main -> dev (push) Successful in 3s
Generic: Project CI / Lint & Validate (pull_request) Successful in 28s
PR RC Release / Build RC Release (pull_request) Successful in 2s
Generic: Project CI / Tests (pull_request) Successful in 29s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Universal: PR Check / Require Docs Update (pull_request) Has been skipped
Universal: PR Check / Wiki Update Reminder (pull_request) Has been skipped
Universal: PR Check / Validate PR (pull_request) Successful in 8s
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Universal: PR Check / Secret Scan (pull_request) Successful in 41s
Deploy MokoGitea / deploy (push) Successful in 5m3s
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
2026-07-13 00:43:38 +00:00
jmiller dc14a3fcfc Merge remote-tracking branch 'origin/main' into fix/app-icon-follows-nav-icon
Generic: Project CI / Lint & Validate (pull_request) Successful in 33s
Generic: Project CI / Tests (pull_request) Successful in 39s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Failing after 1m41s
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
PR RC Release / Build RC Release (pull_request) Successful in 1m10s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Universal: PR Check / Require Docs Update (pull_request) Failing after 43s
Universal: PR Check / Wiki Update Reminder (pull_request) Successful in 1s
Universal: PR Check / Validate PR (pull_request) Successful in 7s
Generic: Repo Health / Access control (pull_request) Successful in 1s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Universal: PR Check / Secret Scan (pull_request) Successful in 30s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Successful in 1s
Universal: Build & Release / Build & Release Pipeline (pull_request) Failing after 1m54s
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report: Scripts Governance (pull_request) Has been cancelled
Generic: Repo Health / Report: Repository Health (pull_request) Has been cancelled
# Conflicts:
#	CHANGELOG.md
2026-07-12 19:42:54 -05:00
jmiller 6093300fbb Merge pull request 'fix(metadata): derive org from org profile instead of storing it (#771)' (#772) from fix/metadata-org-derived-from-profile into main
Cascade Main -> Dev / Cascade main -> dev (push) Successful in 5s
Generic: Project CI / Lint & Validate (pull_request) Successful in 31s
Generic: Project CI / Tests (pull_request) Successful in 31s
PR RC Release / Build RC Release (pull_request) Successful in 2s
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Universal: PR Check / Require Docs Update (pull_request) Has been skipped
Universal: PR Check / Wiki Update Reminder (pull_request) Has been skipped
Universal: PR Check / Validate PR (pull_request) Successful in 8s
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Universal: PR Check / Secret Scan (pull_request) Successful in 47s
Deploy MokoGitea / deploy (push) Successful in 5m48s
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
2026-07-13 00:40:52 +00:00
jmiller 793e4885e8 ci: re-trigger checks after runner recovery
Generic: Project CI / Tests (pull_request) Successful in 30s
Generic: Project CI / Lint & Validate (pull_request) Successful in 32s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
PR RC Release / Build RC Release (pull_request) Successful in 31s
Universal: PR Check / Wiki Update Reminder (pull_request) Successful in 1s
Universal: PR Check / Validate PR (pull_request) Successful in 8s
Generic: Repo Health / Access control (pull_request) Successful in 1s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 55s
Universal: PR Check / Require Docs Update (pull_request) Failing after 34s
Universal: PR Check / Secret Scan (pull_request) Successful in 35s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Successful in 1s
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Has been skipped
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Universal: Build & Release / Build & Release Pipeline (pull_request) Failing after 1m9s
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report: Scripts Governance (pull_request) Has been cancelled
Generic: Repo Health / Report: Repository Health (pull_request) Has been cancelled
No code change. The prior run was canceled at 0s because all ubuntu-latest
runners were offline; this re-fires CI now that a runner is back. Ref #771.
2026-07-12 19:37:51 -05:00
jmiller f4be31183f refactor(branding): write each icon target independently on upload
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 32s
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
PR RC Release / Build RC Release (pull_request) Successful in 24s
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Generic: Project CI / Lint & Validate (pull_request) Successful in 34s
Generic: Project CI / Tests (pull_request) Successful in 34s
Universal: PR Check / Wiki Update Reminder (pull_request) Successful in 2s
Universal: PR Check / Validate PR (pull_request) Successful in 7s
Generic: Repo Health / Access control (pull_request) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Universal: PR Check / Require Docs Update (pull_request) Failing after 25s
Universal: PR Check / Secret Scan (pull_request) Successful in 26s
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report: Scripts Governance (pull_request) Has been cancelled
Generic: Repo Health / Report: Repository Health (pull_request) Has been cancelled
Rewind the uploaded stream between targets and write/close each file in
turn instead of a shared io.MultiWriter, so a failure writing a later
target (e.g. logo.png) can never leave an earlier one (logo-small.png)
truncated. Addresses review feedback on #774.
2026-07-12 19:02:14 -05:00
jmiller 3d0cb7d98c fix(branding): app icon follows the Nav Icon upload
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 38s
Universal: Build & Release / Promote to RC (pull_request) Failing after 9s
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
Generic: Project CI / Lint & Validate (pull_request) Has been cancelled
Generic: Project CI / Tests (pull_request) Has been cancelled
PR RC Release / Build RC Release (pull_request) Has been cancelled
Universal: PR Check / Branch Policy (pull_request) Has been cancelled
Universal: PR Check / Require Docs Update (pull_request) Has been cancelled
Universal: PR Check / Wiki Update Reminder (pull_request) Has been cancelled
Universal: PR Check / Secret Scan (pull_request) Has been cancelled
Universal: PR Check / Validate PR (pull_request) Has been cancelled
Generic: Repo Health / Access control (pull_request) Has been cancelled
Generic: Repo Health / Site Health (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report: Scripts Governance (pull_request) Has been cancelled
Generic: Repo Health / Report: Repository Health (pull_request) Has been cancelled
The app icon (logo.png) is the PWA/web-manifest icon and the navbar
fallback, but had no Branding control, so it stayed the shipped default
even on a fully branded instance. Uploading the Nav Icon now also writes
logo.png (single io.MultiWriter pass), and resetting the Nav Icon reverts
both to the built-in default.

Closes #773
2026-07-12 18:45:11 -05:00
jmiller 7f436128fd fix(metadata): derive org from org profile instead of storing it
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 29s
Universal: Build & Release / Promote to RC (pull_request) Failing after 8s
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
Generic: Project CI / Lint & Validate (pull_request) Has been cancelled
Generic: Project CI / Tests (pull_request) Has been cancelled
PR RC Release / Build RC Release (pull_request) Has been cancelled
Universal: PR Check / Branch Policy (pull_request) Has been cancelled
Universal: PR Check / Require Docs Update (pull_request) Has been cancelled
Universal: PR Check / Wiki Update Reminder (pull_request) Has been cancelled
Universal: PR Check / Secret Scan (pull_request) Has been cancelled
Universal: PR Check / Validate PR (pull_request) Has been cancelled
Generic: Repo Health / Access control (pull_request) Has been cancelled
Generic: Repo Health / Site Health (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report: Scripts Governance (pull_request) Has been cancelled
Generic: Repo Health / Report: Repository Health (pull_request) Has been cancelled
The repo metadata org field was a stored, editable value that snapshotted
the owner name and could drift when an organization was renamed. It is now
derived from the org profile (repository owner) on read and is read-only.

- models/repo/repo.go: add Repository.DerivedOrgName (owner FullName, falling
  back to the handle, then the denormalized OwnerName)
- models/repo/repo_manifest.go: drop the Org struct field
- models/migrations/v1_27/v369.go + migrations.go: migration #368 drops the
  repo_manifest.org column
- routers/api/v1/repo/manifest.go: derive org in the response, ignore it on write
- routers/web/repo/setting/metadata.go + templates: show org read-only (derived)
- services/updateserver/joomla.go: use DerivedOrgName for the feed maintainer

Closes #771
2026-07-12 18:35:31 -05:00
jmiller 010d3dcbcf chore: sync pre-release.yml from Template-Generic [skip ci] 2026-07-06 17:04:06 +00:00
jmiller 8242e5713a fix(ci): robust prod deploy workflow (#758) [skip ci]
Land deploy-mokogitea.yml robustness fix on main. [skip ci] — workflow-file-only change; no rebuild/redeploy needed (prod already live on stable-289 from #733).
2026-07-06 15:57:46 +00:00
jmiller a7220ddb2b fix(ci): robust prod deploy — drop dev-health gate, no tier-clobbering sed, rm -f before recreate
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 42s
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Universal: PR Check / Wiki Update Reminder (pull_request) Successful in 2s
Universal: PR Check / Validate PR (pull_request) Successful in 8s
Generic: Repo Health / Access control (pull_request) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Project CI / Lint & Validate (pull_request) Successful in 36s
Generic: Project CI / Tests (pull_request) Successful in 36s
Universal: PR Check / Secret Scan (pull_request) Successful in 56s
Universal: PR Check / Require Docs Update (pull_request) Failing after 1m11s
PR RC Release / Build RC Release (pull_request) Successful in 1m13s
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report: Scripts Governance (pull_request) Has been cancelled
Generic: Repo Health / Report: Repository Health (pull_request) Has been cancelled
The prod deploy (deploy-mokogitea.yml, on push to main) failed the #733 release and
silently corrupted the shared compose. Three fixes:
- Removed the 'Verify dev environment is healthy' gate: it curled git.dev and exit 1
  on failure, so a dev blip false-negatives the PROD deploy (wrong-tier gate; the
  dev->rc->main pipeline + RC env is the real gate).
- Replaced 'sed s|mokogitea:...|:$TAG|' (matched ALL mokogitea service lines and
  clobbered the dev+rc ${MOKOGITEA_*_TAG} env-vars with the prod tag) with the
  env-var pattern: env $TAG_ENV=$TAG docker compose up -- drives only the target
  service, no sed.
- Added 'docker rm -f $CONTAINER' + '-p gitea-dev' + '--force-recreate' before the
  compose up, fixing the 'Container name /mokogitea already in use' conflict.

Aligns deploy-mokogitea.yml with the fixed deploy-dev/deploy-rc pattern. Host compose
was separately restored to env-var form (the bad run had clobbered dev+rc tags).
Long-term: cut over Template-Go#5 deploy-prod.yml. Refs #733, #752.

Claude-Session: https://claude.ai/code/session_01Wsno14cxE49MstXFs9G5KT
2026-07-06 10:55:58 -05:00
15 changed files with 153 additions and 63 deletions
@@ -39,17 +39,10 @@ jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Verify dev environment is healthy
run: |
echo "Checking git.dev.mokoconsulting.tech health..."
if curl -sf --max-time 10 https://git.dev.mokoconsulting.tech/api/healthz; then
echo " Dev environment is healthy — proceeding with production deploy"
else
echo "::error::Dev environment is NOT healthy — blocking production deploy"
echo "Deploy to dev first (push to dev branch) and verify it passes before merging to main."
exit 1
fi
# NOTE: removed a "Verify dev environment is healthy" gate that curled
# git.dev and `exit 1` on failure — gating a PROD deploy on a live DEV
# health check is a cross-tier false-negative (a transient dev blip blocked
# prod). Pre-prod validation is the dev -> rc -> main pipeline + RC env.
- name: Checkout source (for version detection)
uses: actions/checkout@v4
with:
@@ -66,17 +59,19 @@ jobs:
ENV="${{ github.event.inputs.environment }}"
fi
if [ "$ENV" = "production" ]; then
echo "compose_dir=/opt/gitea" >> $GITHUB_OUTPUT
echo "compose_dir=/opt/gitea-dev" >> $GITHUB_OUTPUT
echo "container=mokogitea" >> $GITHUB_OUTPUT
echo "source_dir=/opt/gitea/source" >> $GITHUB_OUTPUT
echo "branch=main" >> $GITHUB_OUTPUT
echo "tag=$VERSION" >> $GITHUB_OUTPUT
echo "tag_env=MOKOGITEA_TAG" >> $GITHUB_OUTPUT
else
echo "compose_dir=/opt/gitea-dev" >> $GITHUB_OUTPUT
echo "container=mokogitea-dev" >> $GITHUB_OUTPUT
echo "source_dir=/opt/gitea-dev/source" >> $GITHUB_OUTPUT
echo "branch=dev" >> $GITHUB_OUTPUT
echo "tag=$VERSION-dev" >> $GITHUB_OUTPUT
echo "tag_env=MOKOGITEA_DEV_TAG" >> $GITHUB_OUTPUT
fi
- name: Write deploy key
@@ -95,6 +90,7 @@ jobs:
SOURCE_DIR: ${{ steps.config.outputs.source_dir }}
COMPOSE_DIR: ${{ steps.config.outputs.compose_dir }}
CONTAINER: ${{ steps.config.outputs.container }}
TAG_ENV: ${{ steps.config.outputs.tag_env }}
run: |
HEALTH_FMT='${{ '{{' }}.State.Health.Status${{ '}}' }}'
IMAGE_FMT='Image: ${{ '{{' }}.Config.Image${{ '}}' }}'
@@ -134,8 +130,12 @@ jobs:
echo 'Restarting container...'
cd $COMPOSE_DIR
sed -i 's|${{ env.IMAGE }}:[^ ]*|${{ env.IMAGE }}:$TAG|' docker-compose.yml
docker compose up -d $CONTAINER
# Drive ONLY the target service's tag via its compose env-var (no sed —
# a blanket 'sed s|mokogitea:...|' clobbered the dev + rc service tags too).
# Remove any lingering fixed-name container first (avoids the "name already
# in use" conflict), then force-recreate under the shared compose project.
docker rm -f $CONTAINER 2>/dev/null || true
env $TAG_ENV="$TAG" docker compose -p gitea-dev up -d --force-recreate $CONTAINER
echo 'Health check...'
for i in 1 2 3 4 5 6 7 8; do
+4 -4
View File
@@ -46,13 +46,13 @@ jobs:
WORKFLOW="${{ github.event.workflow_run.name }}"
URL="${{ github.event.workflow_run.html_url }}"
curl -sS \
curl -sS --retry 3 --retry-connrefused --retry-delay 2 --max-time 20 \
-H "Title: ${REPO} released" \
-H "Tags: white_check_mark,package" \
-H "Priority: default" \
-H "Click: ${URL}" \
-d "${WORKFLOW} completed successfully." \
"${NTFY_URL}/${NTFY_TOPIC}"
"${NTFY_URL}/${NTFY_TOPIC}" || echo "::warning::ntfy notification could not be delivered (non-fatal)"
- name: Notify on failure
if: github.event.workflow_run.conclusion == 'failure'
@@ -61,10 +61,10 @@ jobs:
WORKFLOW="${{ github.event.workflow_run.name }}"
URL="${{ github.event.workflow_run.html_url }}"
curl -sS \
curl -sS --retry 3 --retry-connrefused --retry-delay 2 --max-time 20 \
-H "Title: ${REPO} workflow failed" \
-H "Tags: x,warning" \
-H "Priority: high" \
-H "Click: ${URL}" \
-d "${WORKFLOW} failed. Check the run for details." \
"${NTFY_URL}/${NTFY_TOPIC}"
"${NTFY_URL}/${NTFY_TOPIC}" || echo "::warning::ntfy notification could not be delivered (non-fatal)"
+3 -2
View File
@@ -258,8 +258,9 @@ jobs:
while IFS= read -r -d '' file; do
# Skip vendor, node_modules, and index.html stub files
case "$file" in ./vendor/*|./node_modules/*) continue ;; esac
# Check first 10 lines for JEXEC or JPATH guard
if ! head -20 "$file" | grep -qE "defined\s*\(\s*['\"](_JEXEC|JPATH_BASE|\\\\JPATH_PLATFORM)['\"]"; then
# Scan the whole file for the JEXEC/JPATH guard: it is placed after
# the SPDX/file-header docblock, which commonly runs past 20 lines.
if ! grep -qE "defined\s*\(\s*['\"](_JEXEC|JPATH_BASE|\\\\JPATH_PLATFORM)['\"]" "$file"; then
echo "::error file=${file}::Missing JEXEC guard: ${file}"
ERRORS=$((ERRORS + 1))
fi
+9 -3
View File
@@ -7,7 +7,7 @@
# INGROUP: mokocli.Release
# REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Generic
# PATH: /.mokogitea/workflows/pre-release.yml
# VERSION: 05.02.00
# VERSION: 05.02.01
# BRIEF: Auto pre-release on push to dev/alpha/beta/rc branches
name: "Universal: Pre-Release"
@@ -162,7 +162,13 @@ jobs:
git add -A
git diff --cached --quiet || {
git commit -m "chore(version): pre-release bump to ${VERSION} [skip ci]"
git push origin HEAD 2>&1
# Push the bump commit, but do NOT fail the release if the target branch
# is protected and the release identity is not on the push allowlist.
# The build proceeds from the in-tree bumped version regardless; if the
# push is rejected, the next run simply re-bumps from the same base.
if ! git push origin HEAD 2>&1; then
echo "::warning::Version-bump commit could not be pushed (protected branch?). Building from in-tree version ${VERSION} anyway."
fi
}
# Auto-detect element via manifest_element.php
@@ -274,4 +280,4 @@ jobs:
echo "| Version | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
echo "| Channel | ${STABILITY} |" >> $GITHUB_STEP_SUMMARY
echo "| Package | \`${ZIP_NAME}\` |" >> $GITHUB_STEP_SUMMARY
echo "| SHA-256 | \`${SHA256:-n/a}\` |" >> $GITHUB_STEP_SUMMARY
echo "| SHA-256 | \`${SHA256:-n/a}\` |" >> $GITHUB_STEP_SUMMARY
+2
View File
@@ -63,6 +63,8 @@
- Cherry-pick upstream v1.26.4: walk git log context error handling — regression fix (#38185)
### Fixed
- Repo metadata `org` is now **derived from the org profile** (the repository owner) instead of being stored/editable, so it can never drift when an organization is renamed. The `org` column is dropped from `repo_manifest` (migration #368) and the field is derived on read via `Repository.DerivedOrgName` (owner display name, falling back to the handle) across the metadata API, the Settings → Metadata page (now read-only), and the Joomla update-server feed. The API `PUT` and MCP `metadata_update` now ignore `org` (read-only, like the already-derived `display_name`) (#771)
- Admin Branding: uploading a custom **Nav Icon** now also sets the **app icon** (`logo.png`, the PWA / web-manifest icon and navbar fallback), so a branded instance shows its own installable app icon instead of the shipped default; resetting the Nav Icon reverts both (#773)
- Fork server binary now compiles: `routers/api/v1/api.go` called `organization.HasOrgOrUserVisible`, which had been renamed to `IsOwnerVisibleToDoer`; the one missed call site broke `go build` of the entire `routers/api/v1` package (CI's Lint & Validate does not run a full build, so it went unnoticed) (#735)
- Dev deploy workflow: the build/deploy step referenced runner-side values as `\$TAG` / `\$REGISTRY_TOKEN` inside an unquoted SSH heredoc, deferring expansion to the remote shell where those names are unset — the Docker tag collapsed to an empty `mokogitea:` and every dev deploy failed with `invalid reference format`. Runner values are now injected via an ssh env-prefix and the heredoc is quoted so each `$var` expands in exactly one place (#737)
- Repaired unit-test compile and `go vet` failures: `CryptoRandomInt/String/Bytes` now return two values (updated `modules/util/util_test.go`), removed a redundant `&&` condition in `issue_comment.go`, and cleaned up isolated integration-test compile errors (#736)
+1
View File
@@ -445,6 +445,7 @@ func prepareMigrationTasks() []*migration {
newMigration(365, "Add org repo defaults table", v1_27.AddOrgRepoDefaultsTable),
newMigration(366, "Add org email domain policy table", v1_27.AddOrgEmailDomainPolicyTable),
newMigration(367, "Add user allowlists to org protected branch", v1_27.AddUserAllowlistsToOrgProtectedBranch),
newMigration(368, "Drop org from repo manifest (derived from org profile)", v1_27.DropOrgFromRepoManifest),
}
return preparedMigrations
}
+19
View File
@@ -0,0 +1,19 @@
// Copyright 2026 Moko Consulting <hello@mokoconsulting.tech>
// SPDX-License-Identifier: GPL-3.0-or-later
package v1_27
import (
"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/migrations/base"
"xorm.io/xorm"
)
// DropOrgFromRepoManifest removes the org column from repo_manifest. The
// organization is now derived from the org profile (repository owner) on read
// rather than stored, so it never drifts on rename. See issue #771.
func DropOrgFromRepoManifest(x *xorm.Engine) error {
sess := x.NewSession()
defer sess.Close()
return base.DropTableColumns(sess, "repo_manifest", "org")
}
+17
View File
@@ -486,6 +486,23 @@ func (repo *Repository) LoadOwner(ctx context.Context) (err error) {
return err
}
// DerivedOrgName returns the organization name derived from the org profile
// (the repository owner). It prefers the owner's display name (FullName) and
// falls back to the owner handle (Name / OwnerName). The organization is always
// derived from the profile rather than stored, so it never drifts on rename.
func (repo *Repository) DerivedOrgName(ctx context.Context) string {
if err := repo.LoadOwner(ctx); err != nil || repo.Owner == nil {
return repo.OwnerName
}
if repo.Owner.FullName != "" {
return repo.Owner.FullName
}
if repo.Owner.Name != "" {
return repo.Owner.Name
}
return repo.OwnerName
}
// MustOwner always returns a valid *user_model.User object to avoid
// conceptually impossible error handling.
// It creates a fake object that contains error details
+3 -1
View File
@@ -23,8 +23,10 @@ type RepoMetadata struct {
RepoID int64 `xorm:"UNIQUE INDEX NOT NULL 'repo_id'"`
// identity section
// NOTE: organization is intentionally NOT stored here. It is derived from
// the org profile (repository owner) on read via Repository.DerivedOrgName,
// so it can never drift from the owner on rename. See issue #771.
Name string `xorm:"TEXT 'name'"` // project name
Org string `xorm:"TEXT 'org'"` // organization name
Description string `xorm:"TEXT 'description'"` // project description
LicenseSPDX string `xorm:"VARCHAR(50) 'license_spdx'"` // SPDX identifier, e.g. "GPL-3.0-or-later"
LicenseName string `xorm:"TEXT 'license_name'"` // human-readable license name
+6 -6
View File
@@ -14,7 +14,7 @@ import (
// apiMetadata is the JSON representation of a repo manifest.
type apiMetadata struct {
Name string `json:"name"`
Org string `json:"org"`
Org string `json:"org"` // read-only, derived from the org profile (repo owner)
Description string `json:"description"`
LicenseSPDX string `json:"license_spdx"`
LicenseName string `json:"license_name"`
@@ -83,14 +83,14 @@ func GetRepoMetadata(ctx *context.APIContext) {
// Return defaults from repo metadata.
ctx.JSON(http.StatusOK, &apiMetadata{
Name: ctx.Repo.Repository.Name,
Org: ctx.Repo.Repository.OwnerName,
Org: ctx.Repo.Repository.DerivedOrgName(ctx),
Description: ctx.Repo.Repository.Description,
})
return
}
ctx.JSON(http.StatusOK, &apiMetadata{
Name: m.Name,
Org: m.Org,
Org: ctx.Repo.Repository.DerivedOrgName(ctx),
Description: m.Description,
LicenseSPDX: m.LicenseSPDX,
@@ -157,7 +157,6 @@ func UpdateRepoMetadata(ctx *context.APIContext) {
m = &repo_model.RepoMetadata{
RepoID: ctx.Repo.Repository.ID,
Name: ctx.Repo.Repository.Name,
Org: ctx.Repo.Repository.OwnerName,
Description: ctx.Repo.Repository.Description,
}
}
@@ -171,7 +170,8 @@ func UpdateRepoMetadata(ctx *context.APIContext) {
}
}
setStr("name", &m.Name)
setStr("org", &m.Org)
// org is intentionally ignored: it is derived from the org profile
// (repository owner) on read, not stored. See issue #771.
setStr("description", &m.Description)
setStr("license_spdx", &m.LicenseSPDX)
setStr("license_name", &m.LicenseName)
@@ -204,7 +204,7 @@ func UpdateRepoMetadata(ctx *context.APIContext) {
ctx.JSON(http.StatusOK, &apiMetadata{
Name: m.Name,
Org: m.Org,
Org: ctx.Repo.Repository.DerivedOrgName(ctx),
Description: m.Description,
LicenseSPDX: m.LicenseSPDX,
+66 -24
View File
@@ -137,27 +137,49 @@ func BrandingUpload(ctx *context.Context) {
return
}
destPath := filepath.Join(imgDir, filename)
dest, err := os.Create(destPath)
if err != nil {
ctx.Flash.Error("Failed to save image")
log.Error("Create %s: %v", destPath, err)
ctx.Redirect(setting.AppSubURL + "/-/admin/branding")
return
}
defer dest.Close()
if _, err := io.Copy(dest, file); err != nil {
ctx.Flash.Error("Failed to write image")
log.Error("Copy to %s: %v", destPath, err)
ctx.Redirect(setting.AppSubURL + "/-/admin/branding")
return
// The nav icon doubles as the app icon (logo.png) — used as the PWA / web
// manifest icon and the navbar fallback — so branding the nav icon brands
// the app icon too. Write the uploaded image to both in a single pass. See #773.
targets := []string{filename}
if imageType == "nav-icon" {
targets = append(targets, "logo.png")
}
// Remove SVG override if present
svgPath := filepath.Join(imgDir, filename[:len(filename)-4]+".svg")
if fileExists(svgPath) {
os.Remove(svgPath)
// Write the uploaded image to each target independently (rewinding the
// stream between targets) so a failure on a later target never leaves an
// earlier one truncated/empty.
for i, name := range targets {
if i > 0 {
if _, err := file.Seek(0, io.SeekStart); err != nil {
ctx.Flash.Error("Failed to write image")
log.Error("Seek branding image %s: %v", name, err)
ctx.Redirect(setting.AppSubURL + "/-/admin/branding")
return
}
}
destPath := filepath.Join(imgDir, name)
dest, err := os.Create(destPath)
if err != nil {
ctx.Flash.Error("Failed to save image")
log.Error("Create %s: %v", destPath, err)
ctx.Redirect(setting.AppSubURL + "/-/admin/branding")
return
}
if _, err := io.Copy(dest, file); err != nil {
dest.Close()
ctx.Flash.Error("Failed to write image")
log.Error("Copy to %s: %v", destPath, err)
ctx.Redirect(setting.AppSubURL + "/-/admin/branding")
return
}
dest.Close()
// Remove any SVG override so the uploaded PNG takes effect.
svgPath := filepath.Join(imgDir, name[:len(name)-4]+".svg")
if fileExists(svgPath) {
os.Remove(svgPath)
}
}
ctx.Flash.Success("Branding image updated: " + imageType)
@@ -183,16 +205,36 @@ func BrandingReset(ctx *context.Context) {
return
}
path := filepath.Join(brandingImageDir(), filename)
if fileExists(path) {
// The nav icon also sets the app icon (logo.png), so resetting it reverts
// both back to the built-in default. See #773.
targets := []string{filename}
if imageType == "nav-icon" {
targets = append(targets, "logo.png")
}
removedAny := false
failed := false
for _, name := range targets {
path := filepath.Join(brandingImageDir(), name)
if !fileExists(path) {
continue
}
if err := os.Remove(path); err != nil {
ctx.Flash.Error("Failed to remove custom image")
log.Error("Remove %s: %v", path, err)
failed = true
} else {
ctx.Flash.Success("Reset to default: " + imageType)
log.Info("Branding reset to default: %s", filename)
removedAny = true
log.Info("Branding reset to default: %s", name)
}
} else {
}
switch {
case failed:
// error flash already set
case removedAny:
ctx.Flash.Success("Reset to default: " + imageType)
default:
ctx.Flash.Info("Already using default: " + imageType)
}
+4 -2
View File
@@ -35,11 +35,13 @@ func Metadata(ctx *context.Context) {
manifest = &repo_model.RepoMetadata{
RepoID: repoID,
Name: ctx.Repo.Repository.Name,
Org: ctx.Repo.Repository.OwnerName,
Description: ctx.Repo.Repository.Description,
}
}
ctx.Data["Manifest"] = manifest
// Organization is derived from the org profile (repo owner), not stored.
// It is displayed read-only. See issue #771.
ctx.Data["DerivedOrg"] = ctx.Repo.Repository.DerivedOrgName(ctx)
// Load repo-scoped custom fields.
fields, _ := issues_model.GetCustomFieldsByOwner(ctx, ownerID, issues_model.CustomFieldScopeRepo)
@@ -102,7 +104,7 @@ func saveMetadata(ctx *context.Context) {
manifest := &repo_model.RepoMetadata{
RepoID: ctx.Repo.Repository.ID,
Name: ctx.FormString("name"),
Org: ctx.FormString("org"),
// org is not stored: it is derived from the org profile on read. See issue #771.
Description: ctx.Repo.Repository.Description,
LicenseSPDX: spdx,
LicenseName: licenseName,
+2 -5
View File
@@ -269,11 +269,8 @@ func GenerateJoomlaXML(ctx context.Context, repo *repo_model.Repository, require
phpMinimum := meta.PHPMinimum
feedDescription := meta.Description
// Maintainer and URL always come from the org profile.
maintainer := repo.Owner.FullName
if maintainer == "" {
maintainer = repo.Owner.Name
}
// Maintainer/organization and URL always come from the org profile.
maintainer := repo.DerivedOrgName(ctx)
maintainerURL := repo.Owner.Website
if maintainerURL == "" {
maintainerURL = fmt.Sprintf("%s/%s", baseURL, repo.Owner.Name)
+1 -1
View File
@@ -54,7 +54,7 @@
<tr>
<td>
<strong>Nav Icon</strong> {{if .HasNavIcon}}<span class="ui mini green label">Custom</span>{{else}}<span class="ui mini grey label">Default</span>{{end}}
<div class="tw-text-text-light tw-text-sm tw-mt-1">Top-left corner across all pages. Square, 30x30px.</div>
<div class="tw-text-text-light tw-text-sm tw-mt-1">Top-left corner across all pages. Square, 30x30px. Also sets the app icon (PWA / web manifest); use at least 512x512px for a crisp installed icon.</div>
</td>
<td>
<form method="post" action="{{AppSubUrl}}/-/admin/branding/upload" enctype="multipart/form-data">
+2 -1
View File
@@ -18,7 +18,8 @@
</div>
<div class="field">
<label>Organization</label>
<input name="org" value="{{.Manifest.Org}}" placeholder="Organization">
<input value="{{.DerivedOrg}}" placeholder="Organization" readonly>
<p class="help">Derived from the organization profile (repository owner).</p>
</div>
</div>
<div class="three fields">