MokoConsulting/MokoGitea-Fork
1
0
Fork 0
Code Issues 123 Pull Requests Releases 96 Wiki Activity

feat: edit API token scopes + standardize workflow tokens #700

Merged
jmiller merged 2 commits from feature/edit-token-scopes into main 2026-06-25 16:25:18 +00:00
Conversation 0 Commits 2 Files Changed 8
+24 -21
jmiller commented 2026-06-25 16:24:14 +00:00
Owner
Copy Link
Copy Source

Summary

  • Add ability to edit API token scopes via PATCH endpoint and web UI edit button (#697)
  • Reject empty token scope update requests with 400 instead of silently succeeding
  • Standardize all workflow token references from GA_TOKEN to MOKOGITEA_TOKEN
  • Fix pr-check.yml pre-release dispatch silent auth failure (env var / curl reference mismatch)

Changes

  • API: PATCH /api/v1/users/{username}/tokens/{id} to update token scopes
  • Web UI: Edit button on Settings > Applications with scope checkboxes
  • Workflows: 7 files updated from GA_TOKEN to MOKOGITEA_TOKEN
  • Validation: Empty scope list rejected at API layer

Test plan

  • Edit token scopes via API: PATCH with new scope list returns updated token
  • Edit token scopes via UI: click edit, change checkboxes, save
  • Empty scope PATCH returns 400 error
  • Workflow token auth: verify pr-check pre-release dispatch authenticates correctly
## Summary - Add ability to edit API token scopes via PATCH endpoint and web UI edit button (#697) - Reject empty token scope update requests with 400 instead of silently succeeding - Standardize all workflow token references from GA_TOKEN to MOKOGITEA_TOKEN - Fix pr-check.yml pre-release dispatch silent auth failure (env var / curl reference mismatch) ## Changes - **API**: `PATCH /api/v1/users/{username}/tokens/{id}` to update token scopes - **Web UI**: Edit button on Settings > Applications with scope checkboxes - **Workflows**: 7 files updated from GA_TOKEN to MOKOGITEA_TOKEN - **Validation**: Empty scope list rejected at API layer ## Test plan - [ ] Edit token scopes via API: PATCH with new scope list returns updated token - [ ] Edit token scopes via UI: click edit, change checkboxes, save - [ ] Empty scope PATCH returns 400 error - [ ] Workflow token auth: verify pr-check pre-release dispatch authenticates correctly
jmiller added 2 commits 2026-06-25 16:24:17 +00:00
fix: standardize workflow token references to MOKOGITEA_TOKEN 2a5a2dd845 
Replace all GA_TOKEN secret references with MOKOGITEA_TOKEN across 7
workflow files. Fixes pr-check.yml pre-release dispatch which set env
var GA_TOKEN but curl referenced GITEA_TOKEN, silently failing auth.
Also removes duplicate fallback chains in deploy-manual, repo-health,
and version-set.
docs: add changelog entries for token standardization and validation fix
Universal: Auto Version Bump / Version Bump (push) Successful in 14s
Details
Universal: PR Check / Branch Policy (pull_request) Failing after 1s
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Generic: Repo Health / Access control (pull_request) Successful in 2s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 8s
Details
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Details
Branch Cleanup / Delete merged branch (pull_request) Failing after 1s
Details
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 4s
Details
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Details
PR RC Release / Build RC Release (pull_request) Failing after 1m18s
Details
Universal: PR Check / Secret Scan (pull_request) Successful in 1m18s
Details
Universal: Build & Release / Build & Release Pipeline (pull_request) Failing after 59s
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Details
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Details
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Details
5c1b4e6509
jmiller merged commit 8798ccb478 into main 2026-06-25 16:25:18 +00:00
jmiller deleted branch feature/edit-token-scopes 2026-06-25 16:25:19 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
breaking-change
Breaking API or behavior change
 ci-cd
CI/CD pipeline changes
 config
Configuration changes
 dependencies
Dependency updates
 deploy-failure
Deployment failed
 docker
Docker/container changes
 documentation
Documentation changes
 feature: wiki
Wiki system enhancements
 good first issue
Good for newcomers
 health-check
Repo health check result
 help wanted
Extra attention needed
 mokostandards
Related to MokoStandards framework
 push-failure
Git push operation failed
 security
Security vulnerability or hardening
 size/l
200-500 lines changed
 size/m
50-200 lines changed
 size/s
10-50 lines changed
 size/xl
500+ lines changed
 size/xs
< 10 lines changed
 standards-drift
Deviates from MokoStandards
 standards-update
MokoStandards compliance update
 sync-failure
Sync or mirror failed
 tech-debt
Technical debt and TODO/FIXME items
 upstream
upstream
Inherited from upstream Gitea
 work-in-progress
Draft or incomplete work
No labels
Priority -
Type -
Milestone
No items
No Milestone
Assignees
Clear assignees
jmiller (Jonathan Miller) moko-deploy (Moko Deploy Bot)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: MokoConsulting/MokoGitea-Fork#700
Delete Branch "feature/edit-token-scopes"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?