MokoConsulting/MokoGitea-Fork
1
0
Fork 0
Code Issues 139 Pull Requests 1 Releases 96 Wiki Activity

merge: sync main into dev #705

Merged
jmiller merged 16 commits from main into dev 2026-06-27 20:00:23 +00:00
Conversation 0 Commits 16 Files Changed 25
+484 -94
jmiller commented 2026-06-27 19:42:02 +00:00
Owner
Copy Link
Copy Source

Sync dev branch with latest main changes:

  • PR #704: cherry-pick upstream v1.26.2 security and actions fixes (6 cherry-picks + branch policy fix)
  • Workflow subdirectory discovery (#693): custom workflows moved to .mokogitea/workflows/custom/
  • Deploy fix: health check merged into deploy job (avoids runner status reporting failures)
  • Template workflow syncs (rc-revert, pr-check, pre-release, ci-issue-reporter)
Sync dev branch with latest main changes: - PR #704: cherry-pick upstream v1.26.2 security and actions fixes (6 cherry-picks + branch policy fix) - Workflow subdirectory discovery (#693): custom workflows moved to `.mokogitea/workflows/custom/` - Deploy fix: health check merged into deploy job (avoids runner status reporting failures) - Template workflow syncs (rc-revert, pr-check, pre-release, ci-issue-reporter)
jmiller added 16 commits 2026-06-27 19:42:04 +00:00
Merge pull request 'release: token scope editing, ci-reporter refactor, workflow standardization' (#703) from dev into main
Deploy MokoGitea / Verify dev environment is healthy (push) Successful in 2s
Details
Deploy MokoGitea / deploy (push) Has been cancelled
Details
a25a673d0c
chore: sync ci-issue-reporter.yml from Template-Generic [skip ci] bd5c435f27
docs: add CI infrastructure feature, repo wiki link to README [skip ci] 03c8755fe1
chore: sync pre-release.yml from Template-Generic [skip ci] ed068f2964
fix(pull): handle empty pull request files view to allow reviews (#37783) (#37785) ad06fa7bec 
Backport #37783

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
fix: "run as root" check (#37622) (#37625) ac48c1d958 
Backport #37622

Remove the hacky and fragile `sed os.Getuid()` patch.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
fix(actions): ack re-sent UpdateLog finalize idempotently (#37885) (#37892) a063c3b2e4 
Backport #37885 by @silverwind

Fixes https://github.com/go-gitea/gitea/issues/37871, full backwards and
forwards compatible with runners.

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
fix(actions): reject workflow_dispatch for workflows without that trigger (#37660) (#37895) 9db67cd554 
Backport #37660 by @jorgeortiz85

## Summary

Fixes #37528

This PR makes the workflow dispatch API reject workflows that do not
declare `workflow_dispatch`. Previously, `POST
/repos/{owner}/{repo}/actions/workflows/{workflow_id}/dispatches` could
create an `ActionRun` for a workflow that only declared another event
such as `push`.

The service now validates that the target workflow has a
`workflow_dispatch` trigger before inserting the run. The API maps that
validation failure to `422 Unprocessable Entity`, matching existing
validation failures in this handler.

The regression test creates a push-only workflow, dispatches it through
the public API, asserts the `workflow_dispatch` validation message, and
verifies that no run was inserted.

## Testing

- `go test ./services/actions`
- `TAGS="sqlite sqlite_unlock_notify" make
test-integration#TestWorkflowDispatchPublicApiRequiresWorkflowDispatchTrigger`
- `TAGS="sqlite sqlite_unlock_notify" make
test-integration#TestWorkflowDispatchPublicApi`

## Disclosure

Developed with assistance from OpenAI Codex.

Co-authored-by: Jorge Ortiz <jorge.ortiz@gmail.com>
Co-authored-by: Nicolas <bircni@icloud.com>
fix(actions): keep action run title clickable when commit subject is a URL (#37867) (#37898) 58074ac860 
Backport #37867 by @bircni

- When a commit subject is a bare URL, `linkProcessor` wrapped it in its
own `<a>` to that URL. Because HTML cannot nest anchors, the wrapping
default link (the action run / commit link) was lost and the action
title became unclickable — clicking it sent the user to the URL from the
commit message instead of the action log.
- Drop `linkProcessor` from `PostProcessCommitMessageSubject` so the
whole subject stays wrapped in the default link. URLs in subjects now
render as text inside that link; URLs in commit bodies are unaffected.

Fixes #37865

Co-authored-by: Nicolas <bircni@icloud.com>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
fix(actions): exclude workflow_call from workflow trigger detection (#37894) (#37899)
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 38s
Details
f962ae575a 
Backport #37894 by @Zettat123

Gitea now only allows `workflow_dispatch.inputs`. If a workflow contains
`workflow_call.inputs`, the workflow cannot be triggered, even though
the `on:` section contains other trigger events.


https://github.com/go-gitea/gitea/blob/428ee9fcce7928bf5405900345d43e9ba1b01564/modules/actions/jobparser/model.go#L402-L405

For example, this workflow cannot be triggered due to
`workflow_call.inputs`:
```yaml
on:
  push:
  pull_request:
  workflow_call:
    inputs:
      name:
        type: string
```

---

This PR is extracted from #37478 for backport

Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Claude (Opus 4.8) <noreply@anthropic.com>
docs: add cherry-pick entries to changelog
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 48s
Details
Universal: PR Check / Branch Policy (pull_request) Failing after 1s
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Generic: Repo Health / Access control (pull_request) Successful in 2s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 10s
Details
Universal: Build & Release / Promote to RC (pull_request) Failing after 17s
Details
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
Details
Universal: PR Check / Secret Scan (pull_request) Successful in 52s
Details
PR RC Release / Build RC Release (pull_request) Failing after 49s
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Details
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Details
Generic: Repo Health / Report: Scripts Governance (pull_request) Has been cancelled
Details
Generic: Repo Health / Report: Repository Health (pull_request) Has been cancelled
Details
882eb2cce7 
Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd
fix(ci): allow fix/* and patch/* branches to target main
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Generic: Repo Health / Access control (pull_request) Successful in 2s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 9s
Details
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 54s
Details
PR RC Release / Build RC Release (pull_request) Failing after 56s
Details
Universal: PR Check / Secret Scan (pull_request) Successful in 57s
Details
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Details
Branch Cleanup / Delete merged branch (pull_request) Successful in 2s
Details
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Details
Universal: Build & Release / Build & Release Pipeline (pull_request) Failing after 50s
Details
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 3m33s
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Details
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Details
Generic: Repo Health / Report: Scripts Governance (pull_request) Has been cancelled
Details
Generic: Repo Health / Report: Repository Health (pull_request) Has been cancelled
Details
a48f44c901 
Branch policy check was rejecting fix/* → main PRs, but our actual
policy allows fix/patch branches to target main directly for hotfixes
that don't need the dev → rc → main cycle.

Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd
Merge pull request 'fix: cherry-pick upstream v1.26.2 security and actions fixes' (#704) from fix/v1262-security-cherrypicks into main
Deploy MokoGitea / Verify dev environment is healthy (push) Successful in 3s
Details
Deploy MokoGitea / deploy (push) Has been cancelled
Details
322bd982bd
chore: sync pr-check.yml from Template-Generic [skip ci] d6e56460a4
chore: sync rc-revert.yml from Template-Generic [skip ci] e66c75753d
feat: workflow subdirectory discovery + move custom workflows to custom/ (#693)
Deploy MokoGitea / deploy (push) Failing after 4m16s
Details
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Details
PR RC Release / Build RC Release (pull_request) Successful in 2s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 10s
Details
Universal: PR Check / Secret Scan (pull_request) Successful in 1m0s
Details
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
Details
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
afe46361c7 
Gitea's ListWorkflows already uses ListEntriesRecursiveFast (git ls-tree -r)
which discovers workflows in subdirectories. Added test cases confirming
subdirectory and deeply nested paths are recognized by IsWorkflow.

Moved 6 repo-specific workflows (no FILE INFORMATION sync header) to
.mokogitea/workflows/custom/ to separate them from template-synced workflows:
deploy-mokogitea, deploy-dev, cascade-dev, pr-rc-release, test-mokogitea,
upstream-bug-sync.

Also fixes deploy-mokogitea.yml: merged the dev health check into the deploy
job as step 1 to avoid runner status reporting failures on inter-job handoff
(check-dev job was recorded as "skipped" despite passing, cancelling deploy).

Closes #693

Claude-Session: https://claude.ai/code/session_011AAFzotGMf3ayvXhEmStCd
jmiller merged commit 46cbf6600a into dev 2026-06-27 20:00:23 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
breaking-change
Breaking API or behavior change
 ci-cd
CI/CD pipeline changes
 config
Configuration changes
 dependencies
Dependency updates
 deploy-failure
Deployment failed
 docker
Docker/container changes
 documentation
Documentation changes
 feature: wiki
Wiki system enhancements
 good first issue
Good for newcomers
 health-check
Repo health check result
 help wanted
Extra attention needed
 mokostandards
Related to MokoStandards framework
 push-failure
Git push operation failed
 security
Security vulnerability or hardening
 size/l
200-500 lines changed
 size/m
50-200 lines changed
 size/s
10-50 lines changed
 size/xl
500+ lines changed
 size/xs
< 10 lines changed
 standards-drift
Deviates from MokoStandards
 standards-update
MokoStandards compliance update
 sync-failure
Sync or mirror failed
 tech-debt
Technical debt and TODO/FIXME items
 upstream
upstream
Inherited from upstream Gitea
 work-in-progress
Draft or incomplete work
No labels
Priority -
Type -
Milestone
No items
No Milestone
Assignees
Clear assignees
jmiller (Jonathan Miller) moko-deploy (Moko Deploy Bot)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: MokoConsulting/MokoGitea-Fork#705
Delete Branch "main"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?