mirror of
https://github.com/go-gitea/gitea.git
synced 2026-07-15 20:40:52 +09:00
2b89e2ac97bfce5238ba39222b38fbabed2ba708
19 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
638e4bce09 |
chore: upgrade go-swagger to v0.35.0 and enforce zero swagger warnings (#38299)
Updates `go-swagger` to v0.35.0 and makes swagger generation and validation warning-free, with the build now failing on any warning (`go-swagger` itself exits `0` on warnings). - Generation passes `--enable-allof-compounding` (keeps `$ref` fields bare, no spec change) and `--skip-enum-desc` (drops the enum description that duplicates `x-go-enum-desc` and was the only source of `allOf` noise in the OpenAPI 3.0 output). - Fixed warnings at the source: dropped `swagger:strfmt` where it conflicts with `required: true` (`required` kept, `time.Time` still maps to `date-time`), fixed a malformed `units_map` example, moved the `parameterBodies` injection hack to `swagger:parameters`, and removed unused responses. Fixes: https://github.com/go-gitea/gitea/issues/12508 --------- Co-authored-by: bircni <bircni@icloud.com> |
||
|
|
f46c9a9769 |
feat(actions): support owner-level and global scoped workflows (#38154)
## Summary This PR adds **scoped workflows** to Gitea Actions. Workflows defined centrally in a "source" repository that automatically run on every repository in scope: an organization's repositories, or (for instance admins) every repository on the instance. Each scoped run executes in the consuming repository's own context (its runners, secrets, and branch) while its content is read from the source repository, so an org or instance can mandate shared CI across many repositories without copying workflow files into each one. An owner or instance admin registers source repositories on a settings page and can mark individual workflows as **required**. A required scoped workflow cannot be opted out by a consuming repository and gates its pull-request merges; an optional one can be disabled per repository. Scoped workflows live under a dedicated `SCOPED_WORKFLOW_DIRS` (default `.gitea/scoped_workflows`), kept separate from regular `WORKFLOW_DIRS`. ## Main changes ### Configuration New `SCOPED_WORKFLOW_DIRS` setting, validated to not overlap with `WORKFLOW_DIRS`. Default: `.gitea/scoped_workflows` ### Data model & migration - New `action_scoped_workflow_source` table mapping a registering owner (`owner_id`, where `0` = instance-level) to a source repository, with a per-workflow `WorkflowConfigs` map. - `ActionRun` gains `WorkflowRepoID` / `WorkflowCommitSHA` (the pinned content source) and an `IsScopedRun` flag. ### Detection & run creation On consumer events, scoped workflows from the effective sources (the owner's own sources plus instance-level ones) are matched and turned into runs that execute in the consumer's context, with content pinned to the source repo's default-branch commit. `on: workflow_run` and `on: schedule` are currently not supported. ### Opt-out A consuming repository can disable an optional scoped workflow (tracked separately from regular `DisabledWorkflows`); required scoped workflows can never be disabled, opted out, or bypassed. ### Commit status A scoped run's status context format is `"<source repo full name>: <workflow display name> / <job> (<event>)"` (for example: `my-org/scoped-workflows: db-tests / test-sqlite (pull_request)`), keeping it distinct from a same-named repo-level workflow and from other sources. ### Required status checks Admins mark workflows required and supply status-check patterns. `EffectiveRequiredContexts` appends those patterns to the branch protection's required contexts and they are matched must-present-and-pass. If the status checks from scoped workflows fail, the PR cannot be merged. NOTE: scoped workflows' required status checks patterns can protect any target branch that has a protection rule, even though the rule's "Status Check" is disabled. A target branch with no protection rule cannot be protected. <details> <summary>Screenshots</summary> <img width="1400" alt="image" src="https://github.com/user-attachments/assets/a5d1db33-15ec-487e-93be-2bc04b4e6643" /> </details> ### Reusable workflows (`uses:`) A scoped workflow's local `uses: ./...` resolves against the source repository. `uses:` directory validation honors the instance-configurable `WORKFLOW_DIRS` and `SCOPED_WORKFLOW_DIRS` (previously hardcoded to `.gitea`/`.github/workflows`). ### Manual dispatch `workflow_dispatch` is supported for scoped workflows (web and API), resolving inputs/content from the source repo. ### Performance A process-local LRU cache keyed by source repo ID for the per-source workflow parse, so instance-level and owner-level sources don't open the source repo and parse workflow files on every event. ### UI Org / user / admin pages to register and remove sources, search repositories, and mark workflows required with their status-check patterns. The repository Actions sidebar groups scoped workflows by source with owner/instance labels and required/disabled badges. <details> <summary>Screenshots</summary> Scoped workflows setting page: <img width="1600" alt="image" src="https://github.com/user-attachments/assets/9d19f667-97a5-4935-92b2-e53f105e3642" /> Consumer repo's Actions runs list: <img width="1600" alt="image" src="https://github.com/user-attachments/assets/a77241f9-0aa9-41aa-ba73-12a9a688cb64" /> - `Owner`: this is a owner-level scoped workflows source repo - `Global`: this is a global scoped workflows source repo - `Required`: this scoped workflow is required, repo admin cannot disable it </details> --- Docs: https://gitea.com/gitea/docs/pulls/447 --------- Co-authored-by: bircni <bircni@icloud.com> |
||
|
|
ef927f9fa3 |
feat(api): support ref suffixes in compare (#38148)
Compare API requests with a `^` or `~N` revision suffix (for example `compare/main...feature^`) were rejected with `400 Unsupported comparison syntax: ref with suffix`. The fix resolves the suffix to a commit before comparing, so `base...head^` and `~N` work on either side, the same as git. Only `^`/`~N` navigation is resolved. Pull request creation still requires plain branch refs, and the web compare page keeps rejecting suffixes since its branch selectors need separate UI work. Closes #33943 |
||
|
|
052feee34a |
feat: add raw diff/patch endpoint for repository comparisons (#37632)
## Summary
Adds `GET
/repos/{owner}/{repo}/compare/{basehead}.{diffType:diff|patch}`,
mirroring the existing `/git/commits/{sha}.{diffType}` endpoint but for
comparisons between two arbitrary refs.
The new endpoint streams a raw unified diff or `git format-patch` output
between any two refs:
GET /repos/{owner}/{repo}/compare/main...feature.diff
GET /repos/{owner}/{repo}/compare/v1.0..v1.1.patch
GET /repos/{owner}/{repo}/compare/abc1234...def5678.diff
Resolves #5561, #13416 and #17165.
AI was used while creating this PR. Automated tests were added as per
the contribution policy.
---------
Co-authored-by: bircni <bircni@icloud.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
|
||
|
|
55250407dd |
feat(org): add team visibility so org members can discover teams (#37680)
Closes #37670. Today, org members in Gitea only see teams they're a member of. In larger orgs that hurts onboarding and discoverability — there's no way to look up which team owns what without asking around. GitHub solves this with a per-team visibility setting; this PR brings the same model to Gitea. ## What changes - Every team gets a `visibility` setting: - `private` *(default)* — only team members and org owners can see the team. Same as today's behavior. - `limited` — listable by any member of the organization. Members and the repos the team has access to are visible too. Non-org-members still see nothing. - `public` — listable by any signed-in user. - The Owners team visibility is fixed and cannot be changed via settings. - Existing teams default to `private`, so this is a no-op for anyone who doesn't change anything. ## API - `Team`, `CreateTeamOption`, `EditTeamOption` all gain a `visibility` field (string enum: `private` | `limited` | `public`). - `GET /orgs/{org}/teams` and `/orgs/{org}/teams/search` now apply the same visibility rules as the web UI: - site admins and org owners still see every team - other org members see their own teams plus any `limited` or `public` team - `private` teams are no longer leaked through these endpoints - Swagger/OpenAPI specs regenerated. ## UI View from admin2 (not an owner): <img width="1669" height="726" src="https://github.com/user-attachments/assets/daf4bccb-644b-4426-b178-71963aeaf73b" /> View from admin (owner): <img width="2559" height="863" src="https://github.com/user-attachments/assets/4f22cebc-e9df-4fd2-8ed4-724d31fadb7a" /> --------- Signed-off-by: bircni <bircni@icloud.com> Co-authored-by: TheFox0x7 <thefox0x7@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
|
c6167d1ff5 |
feat(api): add token introspection and self-deletion endpoint (#37995)
Adds a /api/v1/token endpoint that allows tokens to introspect and delete themselves. partially fixes: https://github.com/go-gitea/gitea/issues/33583 Assisted-by: Mistral Vibe:mistral-medium-3.5 --------- Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
|
fefb6f3219 |
feat(api): Add GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/runs (#37196)
- Add GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/runs
endpoint, matching the
https://docs.github.com/en/rest/actions/workflow-runs?apiVersion=2026-03-10#list-workflow-runs-for-a-workflow
---------
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: bircni <bircni@icloud.com>
|
||
|
|
49a0d19fa3 |
feat(api): Add assignees APIs (#37330)
Follow https://docs.github.com/en/enterprise-server@3.20/rest/issues/assignees?apiVersion=2022-11-28 Fix #33576 And it also fixed some possible dead-lock problem. --------- Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: Nicolas <bircni@icloud.com> Co-authored-by: Zettat123 <zettat123@gmail.com> |
||
|
|
60abea17a2 |
chore(deps): update module github.com/go-swagger/go-swagger to v0.34.0 (#38028)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/go-swagger/go-swagger](https://redirect.github.com/go-swagger/go-swagger) | `v0.33.2` → `v0.34.0` |  |  | --- ### Release Notes <details> <summary>go-swagger/go-swagger (github.com/go-swagger/go-swagger)</summary> ### [`v0.34.0`](https://redirect.github.com/go-swagger/go-swagger/releases/tag/v0.34.0) [Compare Source](https://redirect.github.com/go-swagger/go-swagger/compare/v0.33.2...v0.34.0) go-swagger release 0.34.0 *** Released on 2026 May 29 ##### [0.34.0](https://redirect.github.com/go-swagger/go-swagger/tree/v0.34.0) - 2026-05-28 Major refactoring. Focus on improving runtime (e.g.generated client) and codescan (e.g. generated spec). **Full Changelog**: <https://github.com/go-swagger/go-swagger/compare/v0.33.2...v0.34.0> 42 commits in this release. *** ##### <!-- 00 -->Implemented enhancements - feat(client): added method to configure client-side custom producers/consumers by [@​fredbi](https://redirect.github.com/fredbi) in [#​3351](https://redirect.github.com/go-swagger/go-swagger/pull/3351) [...](https://redirect.github.com/go-swagger/go-swagger/commit/4068f65b0403f90092e78269f89ef7cb26d6eb2f) ##### <!-- 01 -->Fixed bugs - fix(client): moved internal fields in generated Params (timeout, Context) to their own struct. by [@​fredbi](https://redirect.github.com/fredbi) in [#​3349](https://redirect.github.com/go-swagger/go-swagger/pull/3349) [...](https://redirect.github.com/go-swagger/go-swagger/commit/a81068f5d52d4b560654f8e17748b6a79ec1425e) - fix(client): added operation with context to client interface. by [@​fredbi](https://redirect.github.com/fredbi) in [#​3348](https://redirect.github.com/go-swagger/go-swagger/pull/3348) [...](https://redirect.github.com/go-swagger/go-swagger/commit/d5e5d3020b83f4a9b895ae31a93cb121f989e4a6) - fix(codescan): upgraded codescan for swagger generate spec. by [@​fredbi](https://redirect.github.com/fredbi) in [#​3347](https://redirect.github.com/go-swagger/go-swagger/pull/3347) [...](https://redirect.github.com/go-swagger/go-swagger/commit/971f2aa56ad48d927ab9d21de794edf1c43d22b7) - fix(client): generated client uses more idiomatic SubmitContext by [@​fredbi](https://redirect.github.com/fredbi) in [#​3342](https://redirect.github.com/go-swagger/go-swagger/pull/3342) [...](https://redirect.github.com/go-swagger/go-swagger/commit/01d8f1358f8ab94c4b7c3a1caf50e1d0b11b26c6) - fix: adapted to runtime v0.32.x by [@​fredbi](https://redirect.github.com/fredbi) in [#​3341](https://redirect.github.com/go-swagger/go-swagger/pull/3341) [...](https://redirect.github.com/go-swagger/go-swagger/commit/ba25bfa2cc0822973d9f48f5976721ffc8c499fc) - fix: handle operator characters in enum constants (fixes [#​1047](https://redirect.github.com/go-swagger/go-swagger/issues/1047)) by [@​Abzaek](https://redirect.github.com/Abzaek) in [#​3330](https://redirect.github.com/go-swagger/go-swagger/pull/3330) [...](https://redirect.github.com/go-swagger/go-swagger/commit/4856feb230eba01352d2bb310f03b26827d34a5e) ##### <!-- 02 -->Refactor - refact(codegen): more concise server binding of form parameters. by [@​fredbi](https://redirect.github.com/fredbi) in [#​3339](https://redirect.github.com/go-swagger/go-swagger/pull/3339) [...](https://redirect.github.com/go-swagger/go-swagger/commit/036e31515a687b8a237bcf2d938a7ae36dc55fd1) - refact(generator): split template repository, funcmaps and langage by [@​fredbi](https://redirect.github.com/fredbi) in [#​3316](https://redirect.github.com/go-swagger/go-swagger/pull/3316) [...](https://redirect.github.com/go-swagger/go-swagger/commit/4d659c0b5e0724cb78b413a564619792fe4dd23e) ##### <!-- 03 -->Documentation - doc: announcements before cutting v0.34.0 by [@​fredbi](https://redirect.github.com/fredbi) in [#​3352](https://redirect.github.com/go-swagger/go-swagger/pull/3352) [...](https://redirect.github.com/go-swagger/go-swagger/commit/9b15dfe858b6b20747fb24b672707ee817481f11) - doc(faq): added explanations about why mixin can't support yaml anchors by [@​fredbi](https://redirect.github.com/fredbi) in [#​3340](https://redirect.github.com/go-swagger/go-swagger/pull/3340) [...](https://redirect.github.com/go-swagger/go-swagger/commit/0dd20f7852a35f3ebf4ea552cef66ae7296801a2) - codegen(cli): fixed missing dependencies in CLI doc template by [@​fredbi](https://redirect.github.com/fredbi) in [#​3309](https://redirect.github.com/go-swagger/go-swagger/pull/3309) [...](https://redirect.github.com/go-swagger/go-swagger/commit/b1cc87b266a8351b4fc4534d5116c11a1daadbc1) ##### <!-- 05 -->Code quality - chore: move generated code to use the new swag api. by [@​fredbi](https://redirect.github.com/fredbi) in [#​3336](https://redirect.github.com/go-swagger/go-swagger/pull/3336) [...](https://redirect.github.com/go-swagger/go-swagger/commit/ba47cff06d55b38579a1f2e34a2e4e8691dd90b0) - chore(generator): migrated to the new go-openapi/swag api. by [@​fredbi](https://redirect.github.com/fredbi) in [#​3335](https://redirect.github.com/go-swagger/go-swagger/pull/3335) [...](https://redirect.github.com/go-swagger/go-swagger/commit/83bced44f9c028141dd698838da0e5409d0ed49b) - chore(lint): relint code base (pass 1) by [@​fredbi](https://redirect.github.com/fredbi) in [#​3331](https://redirect.github.com/go-swagger/go-swagger/pull/3331) [...](https://redirect.github.com/go-swagger/go-swagger/commit/8a020f05985758bcb2535e36984ab03c62109fed) - ci: reenact linting (was temporarily disabled to swallow large diffs) by [@​fredbi](https://redirect.github.com/fredbi) in [#​3304](https://redirect.github.com/go-swagger/go-swagger/pull/3304) [...](https://redirect.github.com/go-swagger/go-swagger/commit/8cd187ba00b80a021c0493e55906b6835a985458) - doc: post-release by [@​fredbi](https://redirect.github.com/fredbi) in [#​3302](https://redirect.github.com/go-swagger/go-swagger/pull/3302) [...](https://redirect.github.com/go-swagger/go-swagger/commit/746308f71fe2d5e722b151a0ede49f84ecfaa3ea) ##### <!-- 07 -->Miscellaneous tasks - test: fix fake flaky test reporting by [@​fredbi](https://redirect.github.com/fredbi) in [#​3350](https://redirect.github.com/go-swagger/go-swagger/pull/3350) [...](https://redirect.github.com/go-swagger/go-swagger/commit/747db03403e881e53baecd5c2f40a074e15697bf) - ci: drop peter-evans sign-commits to avoid per-file API uploads by [@​fredbi](https://redirect.github.com/fredbi) in [#​3346](https://redirect.github.com/go-swagger/go-swagger/pull/3346) [...](https://redirect.github.com/go-swagger/go-swagger/commit/480a0bdbf54484562cef642132b929a9e5c03d4a) - ci: checkout examples before configuring bot credentials by [@​fredbi](https://redirect.github.com/fredbi) in [#​3345](https://redirect.github.com/go-swagger/go-swagger/pull/3345) [...](https://redirect.github.com/go-swagger/go-swagger/commit/6dda1280feee830fadbed93e6c896000fe92acdf) - ci: fix cross-workflow artifact download permission by [@​fredbi](https://redirect.github.com/fredbi) in [#​3344](https://redirect.github.com/go-swagger/go-swagger/pull/3344) [...](https://redirect.github.com/go-swagger/go-swagger/commit/5981d75858c489b8f82974c47f7fa7089deb66d2) - ci: fix examples regeneration auto-PR by [@​fredbi](https://redirect.github.com/fredbi) in [#​3343](https://redirect.github.com/go-swagger/go-swagger/pull/3343) [...](https://redirect.github.com/go-swagger/go-swagger/commit/f50d895b3a304b8a0657a4e8612fc53e6ff370dc) - chore(diff): moved cmd/swagger/commands/diff to its own package by [@​fredbi](https://redirect.github.com/fredbi) in [#​3308](https://redirect.github.com/go-swagger/go-swagger/pull/3308) [...](https://redirect.github.com/go-swagger/go-swagger/commit/6e059188a45c84e64591b7cb915f4205d6f7a8a1) - chore(codescan): moved the codescan package in a separate repo by [@​fredbi](https://redirect.github.com/fredbi) in [#​3307](https://redirect.github.com/go-swagger/go-swagger/pull/3307) [...](https://redirect.github.com/go-swagger/go-swagger/commit/eeca5fc9ff118d7be5d76d52855a082b04f13d91) - ci: added workflow to regen examples and push the changes to the exam… by [@​fredbi](https://redirect.github.com/fredbi) in [#​3305](https://redirect.github.com/go-swagger/go-swagger/pull/3305) [...](https://redirect.github.com/go-swagger/go-swagger/commit/9203e37e731b131c5d89a78209d549960b7c0a1c) ##### <!-- 08 -->Security - docs: add comprehensive documentation for API Browser (issue [#​2401](https://redirect.github.com/go-swagger/go-swagger/issues/2401)) by [@​dashitongzhi](https://redirect.github.com/dashitongzhi) in [#​3338](https://redirect.github.com/go-swagger/go-swagger/pull/3338) [...](https://redirect.github.com/go-swagger/go-swagger/commit/b594d144ef999cb830cc9cb32d1c3617d5d93a36) - ci: enhanced regen examples workflow by [@​fredbi](https://redirect.github.com/fredbi) in [#​3306](https://redirect.github.com/go-swagger/go-swagger/pull/3306) [...](https://redirect.github.com/go-swagger/go-swagger/commit/e1c611ed9e0739d0395b8e08922ddfb48a6e257d) - doc: move examples by [@​fredbi](https://redirect.github.com/fredbi) in [#​3303](https://redirect.github.com/go-swagger/go-swagger/pull/3303) [...](https://redirect.github.com/go-swagger/go-swagger/commit/c32e2d574a1272c97c18aaddbeed294f62fdca31) ##### <!-- 0A -->Updates - chore(deps): bump the development-dependencies group with 10 updates by [@​dependabot\[bot\]](https://redirect.github.com/dependabot\[bot]) in [#​3337](https://redirect.github.com/go-swagger/go-swagger/pull/3337) [...](https://redirect.github.com/go-swagger/go-swagger/commit/9f68bcccf8a6ab943fa954764e749bd8e3b67684) - chore(deps): bump the development-dependencies group with 2 updates by [@​dependabot\[bot\]](https://redirect.github.com/dependabot\[bot]) in [#​3329](https://redirect.github.com/go-swagger/go-swagger/pull/3329) [...](https://redirect.github.com/go-swagger/go-swagger/commit/9286ac262e487f54fbeea64798790b463f27a7cc) - chore(deps): bump golang from `f853308` to `91eda97` in the development-dependencies group across 1 directory by [@​dependabot\[bot\]](https://redirect.github.com/dependabot\[bot]) in [#​3328](https://redirect.github.com/go-swagger/go-swagger/pull/3328) [...](https://redirect.github.com/go-swagger/go-swagger/commit/a4f355cfded251a4d9fc4a3f06b0aed72314c2a4) - chore(deps): bump the development-dependencies group with 4 updates by [@​dependabot\[bot\]](https://redirect.github.com/dependabot\[bot]) in [#​3327](https://redirect.github.com/go-swagger/go-swagger/pull/3327) [...](https://redirect.github.com/go-swagger/go-swagger/commit/1078819e42db2fdf56b7fd724f911b5b32f0ed42) - chore(deps): bump the development-dependencies group with 3 updates by [@​dependabot\[bot\]](https://redirect.github.com/dependabot\[bot]) in [#​3326](https://redirect.github.com/go-swagger/go-swagger/pull/3326) [...](https://redirect.github.com/go-swagger/go-swagger/commit/e4b5c8fe1fe5869e2da495e9e363032cfee9b85f) - chore(deps): bump the development-dependencies group with 5 updates by [@​dependabot\[bot\]](https://redirect.github.com/dependabot\[bot]) in [#​3325](https://redirect.github.com/go-swagger/go-swagger/pull/3325) [...](https://redirect.github.com/go-swagger/go-swagger/commit/30da59f48a8baf6a04a667191355c5aacbb1f6f1) - chore(deps): bump golang from `27f8293` to `f853308` in the development-dependencies group across 1 directory by [@​dependabot\[bot\]](https://redirect.github.com/dependabot\[bot]) in [#​3324](https://redirect.github.com/go-swagger/go-swagger/pull/3324) [...](https://redirect.github.com/go-swagger/go-swagger/commit/faffaccee8fc0843fa35ce757b19643b15b20551) - chore(deps): bump the development-dependencies group with 6 updates by [@​dependabot\[bot\]](https://redirect.github.com/dependabot\[bot]) in [#​3323](https://redirect.github.com/go-swagger/go-swagger/pull/3323) [...](https://redirect.github.com/go-swagger/go-swagger/commit/5bbf90b257203d40a28d40d68f38411b0b0ab06e) - chore(deps): bump golang from `c2a1f7b` to `27f8293` in the development-dependencies group across 1 directory by [@​dependabot\[bot\]](https://redirect.github.com/dependabot\[bot]) in [#​3322](https://redirect.github.com/go-swagger/go-swagger/pull/3322) [...](https://redirect.github.com/go-swagger/go-swagger/commit/d25d6f2da06f02c38565d2bed1a4c45c41b4b539) - chore(deps): bump the development-dependencies group with 2 updates by [@​dependabot\[bot\]](https://redirect.github.com/dependabot\[bot]) in [#​3321](https://redirect.github.com/go-swagger/go-swagger/pull/3321) [...](https://redirect.github.com/go-swagger/go-swagger/commit/cedb38213dc4bfeb6c6f2fccb0211e596c777faf) - chore(deps): bump golang from `2389ebf` to `c2a1f7b` in the development-dependencies group across 1 directory by [@​dependabot\[bot\]](https://redirect.github.com/dependabot\[bot]) in [#​3320](https://redirect.github.com/go-swagger/go-swagger/pull/3320) [...](https://redirect.github.com/go-swagger/go-swagger/commit/3815953bf63523fd72c9f9dad337f3d7990fd7bd) - chore(deps): bump the development-dependencies group with 4 updates by [@​dependabot\[bot\]](https://redirect.github.com/dependabot\[bot]) in [#​3318](https://redirect.github.com/go-swagger/go-swagger/pull/3318) [...](https://redirect.github.com/go-swagger/go-swagger/commit/126ceeb6180966caba0429435d94b0fb1a1e8c14) - chore(deps): bump the development-dependencies group with 6 updates by [@​dependabot\[bot\]](https://redirect.github.com/dependabot\[bot]) in [#​3317](https://redirect.github.com/go-swagger/go-swagger/pull/3317) [...](https://redirect.github.com/go-swagger/go-swagger/commit/af43211eec84e29e817f3e990cf8084fb45ebec0) - chore(deps): bump the development-dependencies group with 4 updates by [@​dependabot\[bot\]](https://redirect.github.com/dependabot\[bot]) in [#​3315](https://redirect.github.com/go-swagger/go-swagger/pull/3315) [...](https://redirect.github.com/go-swagger/go-swagger/commit/0f32c03e4982ed564cfd9d9593a4cfa1c1304d40) *** ##### People who contributed to this release - [@​Abzaek](https://redirect.github.com/Abzaek) - [@​dashitongzhi](https://redirect.github.com/dashitongzhi) - [@​fredbi](https://redirect.github.com/fredbi) *** ##### New Contributors - [@​dashitongzhi](https://redirect.github.com/dashitongzhi) made their first contribution in [#​3338](https://redirect.github.com/go-swagger/go-swagger/pull/3338) - [@​Abzaek](https://redirect.github.com/Abzaek) made their first contribution in [#​3330](https://redirect.github.com/go-swagger/go-swagger/pull/3330) *** **[go-swagger](https://redirect.github.com/go-swagger/go-swagger) license terms** [![License][license-badge]][license-url] [license-badge]: http://img.shields.io/badge/license-Apache%20v2-orange.svg [license-url]: https://redirect.github.com/go-swagger/go-swagger/?tab=Apache-2.0-1-ov-file#readme *** Released by [GoReleaser](https://redirect.github.com/goreleaser/goreleaser). </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - Only on Monday (`* * * * 1`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> --------- Co-authored-by: Nicolas <bircni@icloud.com> |
||
|
|
792fa5eeba |
feat(api): add q parameter to list branches API for server-side filtering (#37982)
The GET /repos/{owner}/{repo}/branches endpoint currently has no way to
filter branches by name server-side, forcing API consumers to paginate
through all branches and filter client-side.
The UI already supports branch search (added in
[#27055](https://github.com/go-gitea/gitea/pull/27055)). The underlying
DB layer has a Keyword field on FindBranchOptions in
models/git/branch_list.go that does a LIKE %keyword% SQL filter, it just
wasn't wired up to the API handler.
This PR exposes a ?q= query parameter on the endpoint that maps to
FindBranchOptions.Keyword.
Example:
```GET /repos/owner/repo/branches?q=feature ```
Closes #37981
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
|
||
|
|
61b1a39efe | chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873) | ||
|
|
bf1b54c3e3 |
fix(api): handle partial failures in push mirror synchronization gracefully (#37782)
This MR fixes an issue in the sync push mirrors endpoint. Previously, when triggering the synchronization of all push mirrors for a specific repository, the entire operation would stop if a single mirror failed for any reason. As a result, the remaining mirrors were not processed. With this fix, failures on individual push mirrors no longer abort the whole synchronization process. --------- Signed-off-by: Nicolas <bircni@icloud.com> Co-authored-by: Nicolas <bircni@icloud.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
|
eb93981d45 |
feat: Add bypass allowlist for branch protection (#36514)
- Introduce a “Bypass Protection Allowlist” on branch rules (users/teams) alongside admins, with BlockAdminMergeOverride still respected. - Surface the allowlist in API (create/edit options, structs) and settings UI; merge box now shows the red button + message for bypass-capable users. - Apply bypass logic to merge checks and pre-receive so allowlisted users can override unmet approvals/status checks/ protected files when force-merging. - Add migration for new columns, locale strings, and unit tests (bypass helper; queue test tweak). <img width="1069" height="218" alt="image" src="https://github.com/user-attachments/assets/0b61bc2a-a27f-47f3-a923-613688008e65" /> Fixes #36476 --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Giteabot <teabot@gitea.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Codex GPT-5.3 <codex@openai.com> Co-authored-by: GPT-5.2 <noreply@openai.com> Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
|
34fd3c9f06 |
feat: Add default PR branch update style setting (#37410)
Adds repository-level settings for pull request branch updates so admins can choose the default update method and disable merge or rebase updates. <img width="1025" height="158" src="https://github.com/user-attachments/assets/d030973b-0ddd-4035-b04f-145c445084d7" /> --------- Co-authored-by: OpenAI Codex (GPT-5) <codex@openai.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
|
a564f0587a |
feat(api): add sort and order query parameters to job list endpoints (#37672)
Adds `sort` and `order` query parameters to all action job list API
endpoints (`/admin/actions/jobs`, `/repos/{owner}/{repo}/actions/jobs`,
`/repos/{owner}/{repo}/actions/runs/{run}/jobs`, `/user/actions/jobs`),
following the existing `OrderByMap` pattern used by repo/user search
endpoints.
- Default is `id` / `asc` (backwards compatible — matches previous DB
natural order)
- Only `id` sort field for now; the map is extensible for future fields
- Returns 422 for invalid sort/order values
- `ToOrders()` returns empty string when `OrderBy` is unset, so internal
callers (webhook dispatch, concurrency checks) are unaffected
Closes: #37666
Supersedes: #37667
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: silverwind <me@silverwind.io>
|
||
|
|
67f86bc3fe |
feat(api): add last_sync to repository API (#37566)
This PR adds a new repository API field, `mirror_last_sync_at`, to expose the timestamp of the last successful pull mirror sync. Unlike `mirror_updated`, this field does not affect mirror scheduling and is updated only after a successful pull sync. Failed sync attempts leave the value unchanged. What changed - added `mirror_last_sync_at` to the repository API response - updated pull mirror sync flow to persist the timestamp only on successful sync - kept `mirror_updated` behavior unchanged for queue/scheduling purposes `mirror_updated` is currently tied to mirror queue behavior, so it cannot safely represent the last successful sync time. The new field makes that state explicit for API consumers without changing scheduling semantics. --------- Signed-off-by: pomidorry <106489913+Pomidorry@users.noreply.github.com> Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io> |
||
|
|
02b1b8a549 |
Add mirror auth updates to repo edit API and settings (#37468)
## Summary
This PR adds support for updating pull mirror authentication via the
repository edit API and UI.
It introduces new mirror authentication fields in _EditRepoOption_,
updates the API logic to safely handle partial credential updates, and
fixes the web settings flow so that the existing remote username is
preserved when only the password is changed.
### What changed
- added _auth_username_, _auth_password_, and _auth_token_ to
EditRepoOption
- updated the repository edit API to apply mirror auth changes via
_updateMirror_
- preserved existing username/password when only part of the auth
payload is provided
- used oauth2 as the default username when _auth_token_ is provided
- kept stored mirror URLs sanitized in DB and API responses
- updated Swagger schema for the new API fields
- added API integration tests for password-only and token-only updates
- added a web settings test to ensure username preservation on partial
updates
## Why
Some use cases require automated synchronization of pull mirrors, for
example in CI/CD pipelines or integrations with external systems.
At the same time, many organizations enforce security policies that
require periodic token rotation (e.g., monthly).
Currently, mirror credentials can only be updated via the UI, which
makes automation difficult.
## This change enables:
- automated token rotation
- avoiding manual updates via the UI
- easier integration with secret management systems
## Testing
- added integration coverage for mirror auth updates via _PATCH
/api/v1/repos/{owner}/{repo}_
- added web settings tests for password-only updates preserving the
existing username
## Result
Ability to automate auth update
<img width="2400" height="1245" alt="1"
src="https://github.com/user-attachments/assets/67fd5cca-9cb3-4536-b0e2-4d09b8ebff0f"
/>
<img width="962" height="932" alt="image"
src="https://github.com/user-attachments/assets/5d548f5d-aadf-4807-ba52-9c29df93a4cc"
/>
Generative AI was used to help with making this PR.
##
|
||
|
|
81692ceafa |
Allow multiple projects per issue and pull requests (#36784)
Add ability to add and remove multiple projects per issue and pull request. Resolve #12974 --------- Signed-off-by: Icy Avocado <avocado@ovacoda.com> Co-authored-by: Tyrone Yeh <siryeh@gmail.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: OpenCode (gpt-5.2-codex) <opencode@openai.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
|
9e031eb3df |
Serve OpenAPI 3.0 spec at /openapi.v1.json (#37038)
Add a build-time conversion step that transforms the existing Swagger 2.0 spec into an OpenAPI 3.0 spec. The OAS3 spec is served alongside the existing Swagger 2.0 spec, enabling API clients that require OAS3 to generate code directly from Gitea's API. This is not to be an answer to how gitea handles OAS3 long term, but a way to use what we have to move a step forward. --------- Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |