Reference in New Issue
Block a user
Delete Branch "fix/org-governance-review"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Addresses the code-review findings on the org-governance release (#733) plus the root cause of the false-green dev deploy. All must land before #733 goes to
main.Code-review fixes
1. Fail closed on org-rule lookup error (
models/git/protected_branch_list.go)getFirstMatchProtectedBranchRuleswallowed errors fromFindOrgBranchRuleForBranch(returnednil, nil), so a transient DB error during the org-rule lookup silently dropped the org floor and fell back to the repo rule alone. Now propagates the error → the caller keeps the org rule enforced (pre-receive returns 500, fail-closed).2. Org rule no longer locks out deploy-key / Actions-bot pushes (
models/git/protected_branch_merge.go)OrgProtectedBranchis team-only, somergeMostRestrictivewas ANDing the repo'sWhitelistDeployKeys/WhitelistActionsUser(and the force-push, delete, merge counterparts) against the org side's always-false zero value. Result: the moment any org branch rule matched, every deploy-key and Actions-bot push to that branch was blocked org-wide, with no way for the org (team-only model) to allow them. These seven org-unmanaged fields now carry through from the repo rule unchanged. Team-ID and user-ID intersection (the legitimate floor) is unchanged.3. Push-policy max-file-size inspects only the delta (
routers/private/hook_pre_receive.go)largestBlobOverLimitrangit ls-tree -r <newTip>— the full tree — so a pre-existing oversized file (committed before the policy existed) permanently blocked all future pushes to the branch. Now diffsoldCommitID..newCommitID(diff-tree+ onecat-file --batch-checkpass) to inspect only added/modified blobs. New branches (no base commit) still scan the full tree, as every blob is newly introduced. Still fail-open on any error.Dev deploy targeting fix
deploy-dev.ymldrove the dev container image withsedover the shared compose file (/opt/gitea-dev/docker-compose.yml, which defines prodmokogitea, devmokogitea-dev, runners, mcp). The patternmokoconsulting/mokogitea:[^ ]*matched the prod service line (the dev service uses a different image name), so every dev deploy:Now the dev service image is driven by
${MOKOGITEA_DEV_TAG}(set to the freshly built tag on the deploy command), touching only the dev service — nosed, no prod-line collision.Verification (local, Go 1.26.3)
go build ./...→ clean (onlytests/integrationexcluded); gofmt clean on all changed files.Related: #733 (release, blocked on this), #738 (tracker), #727.
https://claude.ai/code/session_01Wsno14cxE49MstXFs9G5KT
Code-review findings on the org-governance release: - Fail closed on org-rule lookup error: getFirstMatchProtectedBranchRule swallowed FindOrgBranchRuleForBranch errors (returned nil,nil), silently dropping the org floor and falling back to the repo rule on a transient DB error. Propagate the error so the org rule stays enforced. - Stop the org rule locking out deploy-key and Actions-bot pushes: OrgProtectedBranch is team-only, so mergeMostRestrictive was ANDing the repo's WhitelistDeployKeys / WhitelistActionsUser (and the force-push, delete and merge counterparts) against the org side's always-false zero value, blocking every deploy-key and Actions push in any org with a matching branch rule. Carry those org-unmanaged fields through from the repo rule unchanged. - Org push-policy max-file-size now inspects only the pushed delta (diff-tree + cat-file --batch-check) instead of the full tip tree via ls-tree, so a pre-existing oversized file can no longer permanently block unrelated pushes. New branches (no base commit) still scan the full tree. Dev deploy targeting: - deploy-dev.yml drove the dev container image via `sed` on the SHARED compose file, but the pattern matched the *prod* service line (container_name: mokogitea) — leaving the dev service pinned to a stale image (so every "green" deploy recreated old code) while corrupting the prod image pin. Drive the dev service image from ${MOKOGITEA_DEV_TAG} instead; the env-var only affects the dev service. Claude-Session: https://claude.ai/code/session_01Wsno14cxE49MstXFs9G5KT