merge upstream

.github/workflows/cache-seeder.yml

@@ -29,7 +29,7 @@ jobs:
   gobuild:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - uses: ./.github/actions/go-setup
       - run: make deps-backend deps-tools
       - run: TAGS="bindata" make backend
@@ -59,7 +59,7 @@ jobs:
         include:
           - { tags: "bindata", target: "lint-backend" }
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - uses: ./.github/actions/go-setup
         with:
           lint-cache: "true"

.github/workflows/cron-licenses.yml

@@ -12,7 +12,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
         with:
           go-version-file: go.mod

.github/workflows/cron-renovate.yml

@@ -20,7 +20,7 @@ jobs:
     if: github.repository == 'go-gitea/gitea' # prevent running on forks
     timeout-minutes: 30
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - uses: renovatebot/github-action@693b9ef15eec82123529a37c782242f091365961 # v46.1.14
         with:
           renovate-version: ${{ env.RENOVATE_VERSION }}

.github/workflows/cron-translations.yml

@@ -12,7 +12,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
         with:
           upload_sources: true

.github/workflows/files-changed.yml

@@ -49,7 +49,7 @@ jobs:
       e2e: ${{ steps.changes.outputs.e2e }}
       shell: ${{ steps.changes.outputs.shell }}
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
         id: changes
         with:

.github/workflows/pull-compliance.yml

@@ -19,7 +19,7 @@ jobs:
     needs: files-changed
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - uses: ./.github/actions/go-setup
         with:
           lint-cache: "true"
@@ -31,7 +31,7 @@ jobs:
     needs: files-changed
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - uses: ./.github/actions/go-setup
         with:
           cache: "false"
@@ -62,7 +62,7 @@ jobs:
     needs: files-changed
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - uses: ./.github/actions/go-setup
       - run: make deps-backend deps-tools
       - run: make --always-make checks-backend # ensure the "go-licenses" make target runs
@@ -72,7 +72,7 @@ jobs:
     needs: files-changed
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - uses: ./.github/actions/node-setup
       - run: make deps-frontend
       - run: make lint-frontend
@@ -85,7 +85,7 @@ jobs:
     needs: files-changed
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - uses: ./.github/actions/go-setup
       - run: make deps-backend generate-go
       # no frontend build here as backend should be able to build, even without any frontend files

.github/workflows/pull-db-tests.yml

@@ -42,7 +42,7 @@ jobs:
         ports:
           - "9000:9000"
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - uses: ./.github/actions/go-setup
       - uses: ./.github/actions/pgsql-shard
         with:
@@ -78,7 +78,7 @@ jobs:
         ports:
           - "9000:9000"
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - uses: ./.github/actions/go-setup
       - uses: ./.github/actions/pgsql-shard
         with:
@@ -90,7 +90,7 @@ jobs:
     needs: files-changed
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - uses: ./.github/actions/go-setup
       - run: make deps-backend
       - run: make backend
@@ -151,7 +151,7 @@ jobs:
         ports:
           - 10000:10000
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - uses: ./.github/actions/go-setup
       - name: Add hosts to /etc/hosts
         run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 minio devstoreaccount1.azurite.local mysql elasticsearch meilisearch smtpimap" | sudo tee -a /etc/hosts'
@@ -208,7 +208,7 @@ jobs:
           - "587:587"
           - "993:993"
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - uses: ./.github/actions/go-setup
       - name: Add hosts to /etc/hosts
         run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 mysql elasticsearch smtpimap" | sudo tee -a /etc/hosts'
@@ -241,7 +241,7 @@ jobs:
         ports:
           - 10000:10000
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - uses: ./.github/actions/go-setup
       - name: Add hosts to /etc/hosts
         run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 mssql devstoreaccount1.azurite.local" | sudo tee -a /etc/hosts'

.github/workflows/pull-docker-dryrun.yml

@@ -21,7 +21,7 @@ jobs:
     needs: [files-changed]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - uses: ./.github/actions/docker-dryrun
         with:
           platform: linux/amd64
@@ -31,7 +31,7 @@ jobs:
     needs: [files-changed]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - uses: ./.github/actions/docker-dryrun
         with:
           platform: linux/arm64
@@ -41,7 +41,7 @@ jobs:
     needs: [files-changed]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - uses: ./.github/actions/docker-dryrun
         with:
           platform: linux/riscv64

.github/workflows/pull-e2e-tests.yml

@@ -19,7 +19,7 @@ jobs:
     needs: files-changed
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - uses: ./.github/actions/go-setup
       - uses: ./.github/actions/node-setup
       - run: make deps-frontend

.github/workflows/pull-labeler.yml

@@ -30,7 +30,7 @@ jobs:
       pull-requests: write
     steps:
       # Base-branch checkout only: pull_request_target runs with elevated token; never run PR-head code here.
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           ref: ${{ github.event.pull_request.base.sha }}
       - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0

.github/workflows/release-nightly-snapcraft.yml

@@ -17,7 +17,7 @@ jobs:
       SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }}
 
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
 
       - name: Install snapcraft
         run: sudo snap install snapcraft --classic

.github/workflows/release-nightly.yml

@@ -14,7 +14,7 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       # fetch all commits instead of only the last as some branches are long lived and could have many between versions
       # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
       - run: git fetch --unshallow --quiet --tags --force
@@ -57,7 +57,7 @@ jobs:
           echo "Cleaned name is ${REF_NAME}"
           echo "branch=${REF_NAME}-nightly" >> "$GITHUB_OUTPUT"
       - name: configure aws
-        uses: aws-actions/configure-aws-credentials@acca2b1b2070338fb9fd1ca27ecee81d687e58e5 # v6.1.2
+        uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6.2.0
         with:
           aws-region: ${{ secrets.AWS_REGION }}
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -75,7 +75,7 @@ jobs:
       contents: read
       packages: write # to publish to ghcr.io
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       # fetch all commits instead of only the last as some branches are long lived and could have many between versions
       # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
       - run: git fetch --unshallow --quiet --tags --force

.github/workflows/release-tag-rc.yml

@@ -15,7 +15,7 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       # fetch all commits instead of only the last as some branches are long lived and could have many between versions
       # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
       - run: git fetch --unshallow --quiet --tags --force
@@ -58,7 +58,7 @@ jobs:
           echo "Cleaned name is ${REF_NAME}"
           echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT"
       - name: configure aws
-        uses: aws-actions/configure-aws-credentials@acca2b1b2070338fb9fd1ca27ecee81d687e58e5 # v6.1.2
+        uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6.2.0
         with:
           aws-region: ${{ secrets.AWS_REGION }}
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -86,7 +86,7 @@ jobs:
       contents: read
       packages: write # to publish to ghcr.io
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       # fetch all commits instead of only the last as some branches are long lived and could have many between versions
       # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
       - run: git fetch --unshallow --quiet --tags --force

.github/workflows/release-tag-version.yml

@@ -18,7 +18,7 @@ jobs:
       contents: read
       packages: write # to publish to ghcr.io
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       # fetch all commits instead of only the last as some branches are long lived and could have many between versions
       # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
       - run: git fetch --unshallow --quiet --tags --force
@@ -61,7 +61,7 @@ jobs:
           echo "Cleaned name is ${REF_NAME}"
           echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT"
       - name: configure aws
-        uses: aws-actions/configure-aws-credentials@acca2b1b2070338fb9fd1ca27ecee81d687e58e5 # v6.1.2
+        uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6.2.0
         with:
           aws-region: ${{ secrets.AWS_REGION }}
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -89,7 +89,7 @@ jobs:
       contents: read
       packages: write # to publish to ghcr.io
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       # fetch all commits instead of only the last as some branches are long lived and could have many between versions
       # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
       - run: git fetch --unshallow --quiet --tags --force

models/actions/run_job.go

@@ -4,6 +4,7 @@
 package actions
 
 import (
+	"cmp"
 	"context"
 	"fmt"
 	"slices"
@@ -671,18 +672,18 @@ func cancelOneJob(ctx context.Context, job *ActionRunJob) (*ActionRunJob, error)
 func cancelReusableCaller(ctx context.Context, caller *ActionRunJob) ([]*ActionRunJob, error) {
 	cancelledJobs := make([]*ActionRunJob, 0)
 
-	if c, err := cancelOneJob(ctx, caller); err != nil {
-		return cancelledJobs, err
-	} else if c != nil {
-		cancelledJobs = append(cancelledJobs, c)
-	}
-
 	attemptJobs, err := GetRunJobsByRunAndAttemptID(ctx, caller.RunID, caller.RunAttemptID)
 	if err != nil {
 		return cancelledJobs, err
 	}
 
-	for _, c := range CollectAllDescendantJobs(caller, attemptJobs) {
+	// Cancel descendants deepest-first, then the caller: a caller's status is aggregated from its children,
+	// so each child must reach its final state before its parent caller is re-aggregated.
+	// A child's ID always exceeds its parent's, so descending ID is a valid deepest-first order.
+	descendants := CollectAllDescendantJobs(caller, attemptJobs)
+	slices.SortFunc(descendants, func(a, b *ActionRunJob) int { return cmp.Compare(b.ID, a.ID) })
+
+	for _, c := range descendants {
 		cancelled, err := cancelOneJob(ctx, c)
 		if err != nil {
 			return cancelledJobs, err
@@ -691,5 +692,11 @@ func cancelReusableCaller(ctx context.Context, caller *ActionRunJob) ([]*ActionR
 			cancelledJobs = append(cancelledJobs, cancelled)
 		}
 	}
+
+	if c, err := cancelOneJob(ctx, caller); err != nil {
+		return cancelledJobs, err
+	} else if c != nil {
+		cancelledJobs = append(cancelledJobs, c)
+	}
 	return cancelledJobs, nil
 }

models/actions/run_job_test.go

@@ -131,3 +131,69 @@ func TestGetPriorAttemptChildrenByParent(t *testing.T) {
 		assertAttempt1Children(t, out)
 	})
 }
+
+// A reusable caller subtree with a Blocked descendant (e.g. a nested caller stuck on an invalid `uses:`) must aggregate to Cancelled, when the run is cancelled.
+func TestCancelJobs_NestedBlockedReusableCaller(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+	ctx := t.Context()
+
+	run := &ActionRun{
+		Title:         "cancel-nested-caller",
+		RepoID:        4,
+		Index:         9701,
+		OwnerID:       1,
+		WorkflowID:    "caller.yaml",
+		TriggerUserID: 1,
+		Ref:           "refs/heads/master",
+		CommitSHA:     "c2d72f548424103f01ee1dc02889c1e2bff816b0",
+		Event:         "push",
+		TriggerEvent:  "push",
+		EventPayload:  "{}",
+		Status:        StatusBlocked,
+	}
+	require.NoError(t, db.Insert(ctx, run))
+
+	attempt := &ActionRunAttempt{RepoID: run.RepoID, RunID: run.ID, Attempt: 1, TriggerUserID: 1, Status: StatusBlocked}
+	require.NoError(t, db.Insert(ctx, attempt))
+	run.LatestAttemptID = attempt.ID
+	require.NoError(t, UpdateRun(ctx, run, "latest_attempt_id"))
+
+	newJob := func(name string, attemptJobID, parentID int64, callUses string) *ActionRunJob {
+		job := &ActionRunJob{
+			RunID:            run.ID,
+			RunAttemptID:     attempt.ID,
+			RepoID:           run.RepoID,
+			OwnerID:          run.OwnerID,
+			CommitSHA:        run.CommitSHA,
+			Name:             name,
+			JobID:            name,
+			Attempt:          1,
+			Status:           StatusBlocked,
+			AttemptJobID:     attemptJobID,
+			IsReusableCaller: true,
+			CallUses:         callUses,
+			ParentJobID:      parentID,
+		}
+		require.NoError(t, db.Insert(ctx, job))
+		return job
+	}
+
+	// outer: a valid top-level caller that expanded; inner: a nested caller stuck Blocked (invalid uses, never expands).
+	outer := newJob("outer", 1, 0, "./.gitea/workflows/lib.yml")
+	inner := newJob("inner", 2, outer.ID, "https://other.example.com/o/r/.gitea/workflows/ci.yml@v1")
+
+	// Cancel all jobs of the attempt, ordered by id (parent before child).
+	jobs, err := GetRunJobsByRunAndAttemptID(ctx, run.ID, attempt.ID)
+	require.NoError(t, err)
+	_, err = CancelJobs(ctx, jobs)
+	require.NoError(t, err)
+
+	for _, j := range []*ActionRunJob{outer, inner} {
+		got := unittest.AssertExistsAndLoadBean(t, &ActionRunJob{ID: j.ID})
+		assert.Equal(t, StatusCancelled, got.Status, "job %q should be cancelled", j.JobID)
+	}
+	gotAttempt := unittest.AssertExistsAndLoadBean(t, &ActionRunAttempt{ID: attempt.ID})
+	assert.Equal(t, StatusCancelled, gotAttempt.Status, "attempt must aggregate to Cancelled")
+	gotRun := unittest.AssertExistsAndLoadBean(t, &ActionRun{ID: run.ID})
+	assert.Equal(t, StatusCancelled, gotRun.Status, "run must aggregate to Cancelled, not stay Blocked")
+}

options/locale/locale_en-US.json

@@ -3774,6 +3774,7 @@
   "actions.runs.no_matching_online_runner_helper": "No matching online runner with label: %s",
   "actions.runs.no_job_without_needs": "The workflow must contain at least one job without dependencies.",
   "actions.runs.no_job": "The workflow must contain at least one job",
+  "actions.runs.invalid_reusable_workflow_uses": "Invalid reusable workflow \"uses\": %s",
   "actions.runs.actor": "Actor",
   "actions.runs.status": "Status",
   "actions.runs.actors_no_select": "All actors",

package.json

@@ -1,6 +1,6 @@
 {
   "type": "module",
-  "packageManager": "pnpm@11.4.0",
+  "packageManager": "pnpm@11.5.1",
   "engines": {
     "node": ">= 22.18.0",
     "pnpm": ">= 11.0.0"
@@ -28,7 +28,7 @@
     "@lezer/highlight": "1.2.3",
     "@mcaptcha/vanilla-glue": "0.1.0-rc2",
     "@mermaid-js/layout-elk": "0.2.1",
-    "@primer/octicons": "19.27.0",
+    "@primer/octicons": "19.28.0",
     "@replit/codemirror-indentation-markers": "6.5.3",
     "@replit/codemirror-lang-nix": "6.0.1",
     "@replit/codemirror-lang-svelte": "6.0.0",
@@ -50,14 +50,14 @@
     "esbuild": "0.28.0",
     "idiomorph": "0.7.4",
     "jquery": "4.0.0",
-    "js-yaml": "4.1.1",
+    "js-yaml": "4.2.0",
     "katex": "0.17.0",
     "mermaid": "11.15.0",
     "online-3d-viewer": "0.18.0",
     "pdfobject": "2.3.1",
     "perfect-debounce": "2.1.0",
     "postcss": "8.5.15",
-    "rolldown-license-plugin": "3.0.8",
+    "rolldown-license-plugin": "3.0.9",
     "sortablejs": "1.15.7",
     "swagger-ui-dist": "5.32.6",
     "tailwindcss": "3.4.19",
@@ -67,7 +67,7 @@
     "tributejs": "5.1.3",
     "uint8-to-base64": "0.2.1",
     "vanilla-colorful": "0.7.2",
-    "vite": "8.0.14",
+    "vite": "8.0.16",
     "vite-string-plugin": "2.0.4",
     "vue": "3.5.35",
     "vue-bar-graph": "2.2.0",
@@ -89,11 +89,11 @@
     "@types/swagger-ui-dist": "3.30.6",
     "@types/throttle-debounce": "5.0.2",
     "@types/toastify-js": "1.12.4",
-    "@typescript-eslint/parser": "8.60.0",
+    "@typescript-eslint/parser": "8.60.1",
     "@vitejs/plugin-vue": "6.0.7",
-    "@vitest/eslint-plugin": "1.6.18",
-    "eslint": "10.4.0",
-    "eslint-import-resolver-typescript": "4.4.4",
+    "@vitest/eslint-plugin": "1.6.19",
+    "eslint": "10.4.1",
+    "eslint-import-resolver-typescript": "4.4.5",
     "eslint-plugin-array-func": "5.1.1",
     "eslint-plugin-de-morgan": "2.1.2",
     "eslint-plugin-github": "6.0.0",
@@ -103,7 +103,7 @@
     "eslint-plugin-sonarjs": "4.0.3",
     "eslint-plugin-unicorn": "64.0.0",
     "eslint-plugin-vue": "10.9.1",
-    "eslint-plugin-vue-scoped-css": "3.1.0",
+    "eslint-plugin-vue-scoped-css": "3.1.1",
     "eslint-plugin-wc": "3.1.0",
     "globals": "17.6.0",
     "happy-dom": "20.9.0",
@@ -119,9 +119,9 @@
     "stylelint-value-no-unknown-custom-properties": "6.1.1",
     "svgo": "4.0.1",
     "typescript": "6.0.3",
-    "typescript-eslint": "8.60.0",
-    "updates": "17.17.2",
-    "vitest": "4.1.7",
-    "vue-tsc": "3.3.2"
+    "typescript-eslint": "8.60.1",
+    "updates": "17.17.3",
+    "vitest": "4.1.8",
+    "vue-tsc": "3.3.3"
   }
 }

public/assets/img/svg/octicon-vscode.svg

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" viewBox="0 0 16 16" class="svg octicon-vscode" width="16" height="16"><path d="M10.863 13.919a.8.8 0 0 1-.644.025.8.8 0 0 1-.279-.183L4.816 9.063l-2.232 1.703a.54.54 0 0 1-.691-.031l-.716-.655a.546.546 0 0 1 0-.805L3.112 7.5 1.177 5.725a.546.546 0 0 1 0-.805l.716-.655a.54.54 0 0 1 .691-.031l2.232 1.703L9.94 1.239a.805.805 0 0 1 .923-.159l2.677 1.295c.281.136.46.422.46.736V8h-3.248V4.534L6.864 7.5l3.888 2.966V8H14v3.889c0 .314-.179.6-.46.736z"/></svg>
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" class="svg octicon-vscode" width="16" height="16" aria-hidden="true"><path fill="currentColor" fill-rule="evenodd" d="M11.098 1.013a.87.87 0 0 1 .524.073l2.883 1.394a.88.88 0 0 1 .495.793v9.454a.88.88 0 0 1-.495.792l-2.883 1.393a.86.86 0 0 1-.994-.17l-5.519-5.06-2.403 1.835a.58.58 0 0 1-.744-.034l-.772-.705a.59.59 0 0 1 0-.867L3.274 8 1.19 6.088a.59.59 0 0 1 0-.866l.772-.706a.58.58 0 0 1 .744-.034l2.403 1.834 5.519-5.058a.87.87 0 0 1 .47-.245M7.315 8l4.187 3.193V11H11.5V6h.002V4.806z" clip-rule="evenodd"/></svg>

routers/api/v1/api.go

@@ -151,7 +151,7 @@ func repoAssignment() func(ctx *context.APIContext) {
 					if redirectUserID, err := user_model.LookupUserRedirect(ctx, userName); err == nil {
 						context.RedirectToUser(ctx.Base, ctx.Doer, userName, redirectUserID)
 					} else if user_model.IsErrUserRedirectNotExist(err) {
-						ctx.APIErrorNotFound("GetUserByName", err)
+						ctx.APIErrorNotFound()
 					} else {
 						ctx.APIErrorInternal(err)
 					}
@@ -626,7 +626,7 @@ func orgAssignment(args ...bool) func(ctx *context.APIContext) {
 					if err == nil {
 						context.RedirectToUser(ctx.Base, ctx.Doer, ctx.PathParam("org"), redirectUserID)
 					} else if user_model.IsErrUserRedirectNotExist(err) {
-						ctx.APIErrorNotFound("GetOrgByName", err)
+						ctx.APIErrorNotFound()
 					} else {
 						ctx.APIErrorInternal(err)
 					}
@@ -862,12 +862,12 @@ func individualPermsChecker(ctx *context.APIContext) {
 		switch ctx.ContextUser.Visibility {
 		case api.VisibleTypePrivate:
 			if ctx.Doer == nil || (ctx.ContextUser.ID != ctx.Doer.ID && !ctx.Doer.IsAdmin) {
-				ctx.APIErrorNotFound("Visit Project", nil)
+				ctx.APIErrorNotFound()
 				return
 			}
 		case api.VisibleTypeLimited:
 			if ctx.Doer == nil {
-				ctx.APIErrorNotFound("Visit Project", nil)
+				ctx.APIErrorNotFound()
 				return
 			}
 		}

routers/api/v1/org/org.go

@@ -146,7 +146,7 @@ func GetUserOrgsPermissions(ctx *context.APIContext) {
 	op := api.OrganizationPermissions{}
 
 	if !organization.HasOrgOrUserVisible(ctx, o, ctx.Doer) {
-		ctx.APIErrorNotFound("HasOrgOrUserVisible", nil)
+		ctx.APIErrorNotFound()
 		return
 	}
 
@@ -312,7 +312,7 @@ func Get(ctx *context.APIContext) {
 	//     "$ref": "#/responses/notFound"
 
 	if !organization.HasOrgOrUserVisible(ctx, ctx.Org.Organization.AsUser(), ctx.Doer) {
-		ctx.APIErrorNotFound("HasOrgOrUserVisible", nil)
+		ctx.APIErrorNotFound()
 		return
 	}
 

routers/api/v1/repo/action.go

@@ -1164,11 +1164,8 @@ func ActionsEnableWorkflow(ctx *context.APIContext) {
 func getCurrentRepoActionRunByID(ctx *context.APIContext) *actions_model.ActionRun {
 	runID := ctx.PathParamInt64("run")
 	run, err := actions_model.GetRunByRepoAndID(ctx, ctx.Repo.Repository.ID, runID)
-	if errors.Is(err, util.ErrNotExist) {
-		ctx.APIErrorNotFound(err)
-		return nil
-	} else if err != nil {
-		ctx.APIErrorInternal(err)
+	if err != nil {
+		ctx.APIErrorAuto(err)
 		return nil
 	}
 	run.Repo = ctx.Repo.Repository
@@ -1198,11 +1195,8 @@ func getCurrentRepoActionRunAttemptByNumber(ctx *context.APIContext) (*actions_m
 
 	attemptNum := ctx.PathParamInt64("attempt")
 	attempt, err := actions_model.GetRunAttemptByRunIDAndAttemptNum(ctx, run.ID, attemptNum)
-	if errors.Is(err, util.ErrNotExist) {
-		ctx.APIErrorNotFound(err)
-		return nil, nil
-	} else if err != nil {
-		ctx.APIErrorInternal(err)
+	if err != nil {
+		ctx.APIErrorAuto(err)
 		return nil, nil
 	}
 	return run, attempt
@@ -1454,7 +1448,7 @@ func RerunWorkflowJob(ctx *context.APIContext) {
 	jobID := ctx.PathParamInt64("job_id")
 	jobIdx := slices.IndexFunc(jobs, func(job *actions_model.ActionRunJob) bool { return job.ID == jobID })
 	if jobIdx == -1 {
-		ctx.APIErrorNotFound(util.NewNotExistErrorf("workflow job with id %d", jobID))
+		ctx.APIErrorNotFound("workflow job not found")
 		return
 	}
 
@@ -1566,11 +1560,7 @@ func ListWorkflowRunJobs(ctx *context.APIContext) {
 
 	run, err := actions_model.GetRunByRepoAndID(ctx, repoID, runID)
 	if err != nil {
-		if errors.Is(err, util.ErrNotExist) {
-			ctx.APIErrorNotFound(err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 	// runID is used as an additional filter next to repoID to ensure that we only list jobs for the specified repoID and runID.
@@ -1674,7 +1664,7 @@ func GetWorkflowJob(ctx *context.APIContext) {
 	}
 
 	if !has || job.RepoID != ctx.Repo.Repository.ID {
-		ctx.APIErrorNotFound(util.ErrNotExist)
+		ctx.APIErrorNotFound()
 		return
 	}
 

routers/api/v1/repo/actions_run.go

@@ -4,10 +4,7 @@
 package repo
 
 import (
-	"errors"
-
 	actions_model "gitea.dev/models/actions"
-	"gitea.dev/modules/util"
 	"gitea.dev/routers/common"
 	"gitea.dev/services/context"
 )
@@ -45,11 +42,7 @@ func DownloadActionsRunJobLogs(ctx *context.APIContext) {
 	jobID := ctx.PathParamInt64("job_id")
 	curJob, err := actions_model.GetRunJobByRepoAndID(ctx, ctx.Repo.Repository.ID, jobID)
 	if err != nil {
-		if errors.Is(err, util.ErrNotExist) {
-			ctx.APIErrorNotFound(err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 	if err = curJob.LoadRepo(ctx); err != nil {
@@ -59,10 +52,6 @@ func DownloadActionsRunJobLogs(ctx *context.APIContext) {
 
 	err = common.DownloadActionsRunJobLogs(ctx.Base, ctx.Repo.Repository, curJob)
 	if err != nil {
-		if errors.Is(err, util.ErrNotExist) {
-			ctx.APIErrorNotFound(err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 	}
 }

routers/api/v1/repo/branch.go

@@ -64,7 +64,7 @@ func GetBranch(ctx *context.APIContext) {
 		ctx.APIErrorInternal(err)
 		return
 	} else if !exist {
-		ctx.APIErrorNotFound(err)
+		ctx.APIErrorNotFound()
 		return
 	}
 
@@ -153,7 +153,7 @@ func DeleteBranch(ctx *context.APIContext) {
 	if err := repo_service.DeleteBranch(ctx, ctx.Doer, ctx.Repo.Repository, ctx.Repo.GitRepo, branchName); err != nil {
 		switch {
 		case git.IsErrBranchNotExist(err):
-			ctx.APIErrorNotFound(err)
+			ctx.APIErrorNotFound()
 		case errors.Is(err, repo_service.ErrBranchIsDefault):
 			ctx.APIError(http.StatusForbidden, "can not delete default or pull request target branch")
 		case errors.Is(err, git_model.ErrBranchIsProtected):
@@ -446,7 +446,7 @@ func UpdateBranch(ctx *context.APIContext) {
 	if err := repo_service.UpdateBranch(ctx, repo, ctx.Repo.GitRepo, ctx.Doer, branchName, opt.NewCommitID, opt.OldCommitID, opt.Force); err != nil {
 		switch {
 		case git_model.IsErrBranchNotExist(err):
-			ctx.APIErrorNotFound(err)
+			ctx.APIErrorNotFound()
 		case errors.Is(err, util.ErrInvalidArgument):
 			ctx.APIError(http.StatusUnprocessableEntity, err.Error())
 		case git.IsErrPushRejected(err):

routers/api/v1/repo/commits.go

@@ -258,7 +258,7 @@ func GetAllCommits(ctx *context.APIContext) {
 			ctx.APIErrorInternal(err)
 			return
 		} else if commitsCountTotal == 0 {
-			ctx.APIErrorNotFound("FileCommitsCount", nil)
+			ctx.APIErrorNotFound()
 			return
 		}
 

routers/api/v1/repo/file.go

@@ -213,7 +213,7 @@ func getBlobForEntry(ctx *context.APIContext) (blob *git.Blob, entry *git.TreeEn
 	}
 
 	if entry.IsDir() || entry.IsSubModule() {
-		ctx.APIErrorNotFound("getBlobForEntry", nil)
+		ctx.APIErrorNotFound()
 		return nil, nil, nil
 	}
 
@@ -301,18 +301,14 @@ func GetEditorconfig(ctx *context.APIContext) {
 
 	ec, _, err := ctx.Repo.GetEditorconfig(ctx.Repo.Commit)
 	if err != nil {
-		if git.IsErrNotExist(err) {
-			ctx.APIErrorNotFound(err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 
 	fileName := ctx.PathParam("filename")
 	def, err := ec.GetDefinitionForFilename(fileName)
-	if def == nil {
-		ctx.APIErrorNotFound(err)
+	if err != nil {
+		ctx.APIErrorNotFound(err.Error())
 		return
 	}
 	ctx.JSON(http.StatusOK, def)
@@ -699,10 +695,8 @@ func DeleteFile(ctx *context.APIContext) {
 func resolveRefCommit(ctx *context.APIContext, ref string, minCommitIDLen ...int) *utils.RefCommit {
 	ref = util.IfZero(ref, ctx.Repo.Repository.DefaultBranch)
 	refCommit, err := utils.ResolveRefCommit(ctx, ctx.Repo.Repository, ref, minCommitIDLen...)
-	if errors.Is(err, util.ErrNotExist) {
-		ctx.APIErrorNotFound(err)
-	} else if err != nil {
-		ctx.APIErrorInternal(err)
+	if err != nil {
+		ctx.APIErrorAuto(err)
 	}
 	return refCommit
 }
@@ -828,12 +822,9 @@ func getRepoContents(ctx *context.APIContext, opts files_service.GetContentsOrLi
 	}
 	ret, err := files_service.GetContentsOrList(ctx, ctx.Repo.Repository, ctx.Repo.GitRepo, refCommit, opts)
 	if err != nil {
-		if git.IsErrNotExist(err) {
-			ctx.APIErrorNotFound("GetContentsOrList", err)
+		ctx.APIErrorAuto(err)
 		return nil
 	}
-		ctx.APIErrorInternal(err)
-	}
 	return &ret
 }
 

routers/api/v1/repo/issue.go

@@ -540,16 +540,10 @@ func getUserIDForFilter(ctx *context.APIContext, queryName string) int64 {
 	}
 
 	user, err := user_model.GetUserByName(ctx, userName)
-	if user_model.IsErrUserNotExist(err) {
-		ctx.APIErrorNotFound(err)
-		return 0
-	}
-
 	if err != nil {
-		ctx.APIErrorInternal(err)
+		ctx.APIErrorAuto(err)
 		return 0
 	}
-
 	return user.ID
 }
 
@@ -969,11 +963,7 @@ func DeleteIssue(ctx *context.APIContext) {
 	//     "$ref": "#/responses/notFound"
 	issue, err := issues_model.GetIssueByIndex(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("index"))
 	if err != nil {
-		if issues_model.IsErrIssueNotExist(err) {
-			ctx.APIErrorNotFound(err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 

routers/api/v1/repo/issue_comment.go

@@ -447,11 +447,7 @@ func GetIssueComment(ctx *context.APIContext) {
 
 	comment, err := issues_model.GetCommentWithRepoID(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("id"))
 	if err != nil {
-		if issues_model.IsErrCommentNotExist(err) {
-			ctx.APIErrorNotFound(err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 
@@ -572,11 +568,7 @@ func EditIssueCommentDeprecated(ctx *context.APIContext) {
 func editIssueComment(ctx *context.APIContext, form api.EditIssueCommentOption) {
 	comment, err := issues_model.GetCommentWithRepoID(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("id"))
 	if err != nil {
-		if issues_model.IsErrCommentNotExist(err) {
-			ctx.APIErrorNotFound(err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 
@@ -681,11 +673,7 @@ func DeleteIssueCommentDeprecated(ctx *context.APIContext) {
 func deleteIssueComment(ctx *context.APIContext) {
 	comment, err := issues_model.GetCommentWithRepoID(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("id"))
 	if err != nil {
-		if issues_model.IsErrCommentNotExist(err) {
-			ctx.APIErrorNotFound(err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 

routers/api/v1/repo/issue_dependency.go

@@ -63,11 +63,7 @@ func GetIssueDependencies(ctx *context.APIContext) {
 
 	issue, err := issues_model.GetIssueByIndex(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("index"))
 	if err != nil {
-		if issues_model.IsErrIssueNotExist(err) {
-			ctx.APIErrorNotFound("IsErrIssueNotExist", err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 
@@ -487,11 +483,7 @@ func RemoveIssueBlocking(ctx *context.APIContext) {
 func getParamsIssue(ctx *context.APIContext) *issues_model.Issue {
 	issue, err := issues_model.GetIssueByIndex(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("index"))
 	if err != nil {
-		if issues_model.IsErrIssueNotExist(err) {
-			ctx.APIErrorNotFound("IsErrIssueNotExist", err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return nil
 	}
 	issue.Repo = ctx.Repo.Repository
@@ -508,11 +500,7 @@ func getFormIssue(ctx *context.APIContext, form *api.IssueMeta) *issues_model.Is
 		var err error
 		repo, err = repo_model.GetRepositoryByOwnerAndName(ctx, form.Owner, form.Name)
 		if err != nil {
-			if repo_model.IsErrRepoNotExist(err) {
-				ctx.APIErrorNotFound("IsErrRepoNotExist", err)
-			} else {
-				ctx.APIErrorInternal(err)
-			}
+			ctx.APIErrorAuto(err)
 			return nil
 		}
 	} else {
@@ -521,11 +509,7 @@ func getFormIssue(ctx *context.APIContext, form *api.IssueMeta) *issues_model.Is
 
 	issue, err := issues_model.GetIssueByIndex(ctx, repo.ID, form.Index)
 	if err != nil {
-		if issues_model.IsErrIssueNotExist(err) {
-			ctx.APIErrorNotFound("IsErrIssueNotExist", err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return nil
 	}
 	issue.Repo = repo

routers/api/v1/repo/issue_lock.go

@@ -53,11 +53,7 @@ func LockIssue(ctx *context.APIContext) {
 	reason := web.GetForm(ctx).(*api.LockIssueOption).Reason
 	issue, err := issues_model.GetIssueByIndex(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("index"))
 	if err != nil {
-		if issues_model.IsErrIssueNotExist(err) {
-			ctx.APIErrorNotFound(err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 
@@ -120,11 +116,7 @@ func UnlockIssue(ctx *context.APIContext) {
 
 	issue, err := issues_model.GetIssueByIndex(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("index"))
 	if err != nil {
-		if issues_model.IsErrIssueNotExist(err) {
-			ctx.APIErrorNotFound(err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 

routers/api/v1/repo/issue_reaction.go

@@ -53,11 +53,7 @@ func GetIssueCommentReactions(ctx *context.APIContext) {
 
 	comment, err := issues_model.GetCommentByID(ctx, ctx.PathParamInt64("id"))
 	if err != nil {
-		if issues_model.IsErrCommentNotExist(err) {
-			ctx.APIErrorNotFound(err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 
@@ -190,11 +186,7 @@ func DeleteIssueCommentReaction(ctx *context.APIContext) {
 func changeIssueCommentReaction(ctx *context.APIContext, form api.EditReactionOption, isCreateType bool) {
 	comment, err := issues_model.GetCommentByID(ctx, ctx.PathParamInt64("id"))
 	if err != nil {
-		if issues_model.IsErrCommentNotExist(err) {
-			ctx.APIErrorNotFound(err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 

routers/api/v1/repo/issue_tracked_time.go

@@ -71,16 +71,12 @@ func ListTrackedTimes(ctx *context.APIContext) {
 	//     "$ref": "#/responses/notFound"
 
 	if !ctx.Repo.Repository.IsTimetrackerEnabled(ctx) {
-		ctx.APIErrorNotFound("Timetracker is disabled")
+		ctx.APIErrorNotFound("timetracker is disabled")
 		return
 	}
 	issue, err := issues_model.GetIssueByIndex(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("index"))
 	if err != nil {
-		if issues_model.IsErrIssueNotExist(err) {
-			ctx.APIErrorNotFound(err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 
@@ -182,11 +178,7 @@ func AddTime(ctx *context.APIContext) {
 	form := web.GetForm(ctx).(*api.AddTimeOption)
 	issue, err := issues_model.GetIssueByIndex(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("index"))
 	if err != nil {
-		if issues_model.IsErrIssueNotExist(err) {
-			ctx.APIErrorNotFound(err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 
@@ -265,11 +257,7 @@ func ResetIssueTime(ctx *context.APIContext) {
 
 	issue, err := issues_model.GetIssueByIndex(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("index"))
 	if err != nil {
-		if issues_model.IsErrIssueNotExist(err) {
-			ctx.APIErrorNotFound(err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 
@@ -338,11 +326,7 @@ func DeleteTime(ctx *context.APIContext) {
 
 	issue, err := issues_model.GetIssueByIndex(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("index"))
 	if err != nil {
-		if issues_model.IsErrIssueNotExist(err) {
-			ctx.APIErrorNotFound(err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 
@@ -357,11 +341,7 @@ func DeleteTime(ctx *context.APIContext) {
 
 	time, err := issues_model.GetTrackedTimeByID(ctx, issue.ID, ctx.PathParamInt64("id"))
 	if err != nil {
-		if db.IsErrNotExist(err) {
-			ctx.APIErrorNotFound(err)
-			return
-		}
-		ctx.APIErrorInternal(err)
+		ctx.APIErrorAuto(err)
 		return
 	}
 	if time.Deleted {
@@ -423,11 +403,7 @@ func ListTrackedTimesByUser(ctx *context.APIContext) {
 	}
 	user, err := user_model.GetUserByName(ctx, ctx.PathParam("timetrackingusername"))
 	if err != nil {
-		if user_model.IsErrUserNotExist(err) {
-			ctx.APIErrorNotFound(err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 	if user == nil {

routers/api/v1/repo/notes.go

@@ -68,11 +68,7 @@ func getNote(ctx *context.APIContext, identifier string) {
 
 	commitID, err := ctx.Repo.GitRepo.ConvertToGitID(identifier)
 	if err != nil {
-		if git.IsErrNotExist(err) {
-			ctx.APIErrorNotFound(err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 

routers/api/v1/repo/pull.go

@@ -927,11 +927,7 @@ func MergePullRequest(ctx *context.APIContext) {
 
 	pr, err := issues_model.GetPullRequestByIndex(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("index"))
 	if err != nil {
-		if issues_model.IsErrPullRequestNotExist(err) {
-			ctx.APIErrorNotFound("GetPullRequestByIndex", err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 

routers/api/v1/repo/pull_review.go

@@ -63,11 +63,7 @@ func ListPullReviews(ctx *context.APIContext) {
 
 	pr, err := issues_model.GetPullRequestByIndex(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("index"))
 	if err != nil {
-		if issues_model.IsErrPullRequestNotExist(err) {
-			ctx.APIErrorNotFound("GetPullRequestByIndex", err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 
@@ -389,11 +385,7 @@ func updatePullReviewCommentResolve(ctx *context.APIContext, isResolve bool) {
 func getPullReviewCommentToResolve(ctx *context.APIContext) *issues_model.Comment {
 	comment, err := issues_model.GetCommentWithRepoID(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("id"))
 	if err != nil {
-		if issues_model.IsErrCommentNotExist(err) {
-			ctx.APIErrorNotFound("GetCommentByID", err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return nil
 	}
 
@@ -510,11 +502,7 @@ func CreatePullReview(ctx *context.APIContext) {
 	opts := web.GetForm(ctx).(*api.CreatePullReviewOptions)
 	pr, err := issues_model.GetPullRequestByIndex(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("index"))
 	if err != nil {
-		if issues_model.IsErrPullRequestNotExist(err) {
-			ctx.APIErrorNotFound("GetPullRequestByIndex", err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 
@@ -737,33 +725,25 @@ func preparePullReviewType(ctx *context.APIContext, pr *issues_model.PullRequest
 func prepareSingleReview(ctx *context.APIContext) (*issues_model.Review, *issues_model.PullRequest, bool) {
 	pr, err := issues_model.GetPullRequestByIndex(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("index"))
 	if err != nil {
-		if issues_model.IsErrPullRequestNotExist(err) {
-			ctx.APIErrorNotFound("GetPullRequestByIndex", err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return nil, nil, true
 	}
 
 	review, err := issues_model.GetReviewByID(ctx, ctx.PathParamInt64("id"))
 	if err != nil {
-		if issues_model.IsErrReviewNotExist(err) {
-			ctx.APIErrorNotFound("GetReviewByID", err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return nil, nil, true
 	}
 
 	// validate the review is for the given PR
 	if review.IssueID != pr.IssueID {
-		ctx.APIErrorNotFound("ReviewNotInPR")
+		ctx.APIErrorNotFound()
 		return nil, nil, true
 	}
 
 	// make sure that the user has access to this review if it is pending
 	if review.Type == issues_model.ReviewTypePending && review.ReviewerID != ctx.Doer.ID && !ctx.Doer.IsAdmin {
-		ctx.APIErrorNotFound("GetReviewByID")
+		ctx.APIErrorNotFound()
 		return nil, nil, true
 	}
 
@@ -870,7 +850,7 @@ func parseReviewersByNames(ctx *context.APIContext, reviewerNames, teamReviewerN
 
 		if err != nil {
 			if user_model.IsErrUserNotExist(err) {
-				ctx.APIErrorNotFound("UserNotExist", fmt.Sprintf("User '%s' not exist", r))
+				ctx.APIErrorNotFound("user doesn't exist: " + r)
 				return nil, nil
 			}
 			ctx.APIErrorInternal(err)
@@ -886,7 +866,7 @@ func parseReviewersByNames(ctx *context.APIContext, reviewerNames, teamReviewerN
 			teamReviewer, err = organization.GetTeam(ctx, ctx.Repo.Owner.ID, t)
 			if err != nil {
 				if organization.IsErrTeamNotExist(err) {
-					ctx.APIErrorNotFound("TeamNotExist", fmt.Sprintf("Team '%s' not exist", t))
+					ctx.APIErrorNotFound("team doesn't exist: " + t)
 					return nil, nil
 				}
 				ctx.APIErrorInternal(err)
@@ -902,11 +882,7 @@ func parseReviewersByNames(ctx *context.APIContext, reviewerNames, teamReviewerN
 func apiReviewRequest(ctx *context.APIContext, opts api.PullReviewRequestOptions, isAdd bool) {
 	pr, err := issues_model.GetPullRequestByIndex(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("index"))
 	if err != nil {
-		if issues_model.IsErrPullRequestNotExist(err) {
-			ctx.APIErrorNotFound("GetPullRequestByIndex", err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return
 	}
 

routers/api/v1/repo/release_attachment.go

@@ -205,7 +205,7 @@ func CreateReleaseAttachment(ctx *context.APIContext) {
 
 	// Check if attachments are enabled
 	if !setting.Attachment.Enabled {
-		ctx.APIErrorNotFound("Attachment is not enabled")
+		ctx.APIErrorNotFound("attachment is not enabled")
 		return
 	}
 

routers/api/v1/repo/wiki.go

@@ -245,11 +245,7 @@ func DeleteWikiPage(ctx *context.APIContext) {
 	wikiName := wiki_service.WebPathFromRequest(ctx.PathParamRaw("pageName"))
 
 	if err := wiki_service.DeleteWikiPage(ctx, ctx.Doer, ctx.Repo.Repository, wikiName); err != nil {
-		if err.Error() == "file does not exist" {
-			ctx.APIErrorNotFound(err)
-			return
-		}
-		ctx.APIErrorInternal(err)
+		ctx.APIErrorAuto(err)
 		return
 	}
 
@@ -474,21 +470,13 @@ func findEntryForFile(commit *git.Commit, target string) (*git.TreeEntry, error)
 func findWikiRepoCommit(ctx *context.APIContext) (*git.Repository, *git.Commit) {
 	wikiRepo, err := gitrepo.OpenRepository(ctx, ctx.Repo.Repository.WikiStorageRepo())
 	if err != nil {
-		if git.IsErrNotExist(err) || err.Error() == "no such file or directory" {
-			ctx.APIErrorNotFound(err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return nil, nil
 	}
 
 	commit, err := wikiRepo.GetBranchCommit(ctx.Repo.Repository.DefaultWikiBranch)
 	if err != nil {
-		if git.IsErrNotExist(err) {
-			ctx.APIErrorNotFound(err)
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return wikiRepo, nil
 	}
 	return wikiRepo, commit

routers/api/v1/shared/block.go

@@ -45,7 +45,7 @@ func ListBlocks(ctx *context.APIContext, blocker *user_model.User) {
 func CheckUserBlock(ctx *context.APIContext, blocker *user_model.User) {
 	blockee, err := user_model.GetUserByName(ctx, ctx.PathParam("username"))
 	if err != nil {
-		ctx.APIErrorNotFound("GetUserByName", err)
+		ctx.APIErrorAuto(err)
 		return
 	}
 
@@ -62,7 +62,7 @@ func CheckUserBlock(ctx *context.APIContext, blocker *user_model.User) {
 func BlockUser(ctx *context.APIContext, blocker *user_model.User) {
 	blockee, err := user_model.GetUserByName(ctx, ctx.PathParam("username"))
 	if err != nil {
-		ctx.APIErrorNotFound("GetUserByName", err)
+		ctx.APIErrorAuto(err)
 		return
 	}
 
@@ -81,7 +81,7 @@ func BlockUser(ctx *context.APIContext, blocker *user_model.User) {
 func UnblockUser(ctx *context.APIContext, doer, blocker *user_model.User) {
 	blockee, err := user_model.GetUserByName(ctx, ctx.PathParam("username"))
 	if err != nil {
-		ctx.APIErrorNotFound("GetUserByName", err)
+		ctx.APIErrorAuto(err)
 		return
 	}
 

routers/api/v1/shared/runners.go

@@ -77,11 +77,7 @@ func getRunnerByID(ctx *context.APIContext, ownerID, repoID, runnerID int64) (*a
 
 	runner, err := actions_model.GetRunnerByID(ctx, runnerID)
 	if err != nil {
-		if errors.Is(err, util.ErrNotExist) {
-			ctx.APIErrorNotFound("Runner not found")
-		} else {
-			ctx.APIErrorInternal(err)
-		}
+		ctx.APIErrorAuto(err)
 		return nil, false
 	}
 

routers/api/v1/user/gpg_key.go

@@ -4,7 +4,6 @@
 package user
 
 import (
-	"errors"
 	"net/http"
 	"strings"
 
@@ -135,7 +134,7 @@ func GetGPGKey(ctx *context.APIContext) {
 // CreateUserGPGKey creates new GPG key to given user by ID.
 func CreateUserGPGKey(ctx *context.APIContext, form api.CreateGPGKeyOption, uid int64) {
 	if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) {
-		ctx.APIErrorNotFound("Not Found", errors.New("gpg keys setting is not allowed to be visited"))
+		ctx.APIErrorNotFound("gpg keys setting is not allowed to be changed")
 		return
 	}
 
@@ -276,7 +275,7 @@ func DeleteGPGKey(ctx *context.APIContext) {
 	//     "$ref": "#/responses/notFound"
 
 	if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) {
-		ctx.APIErrorNotFound("Not Found", errors.New("gpg keys setting is not allowed to be visited"))
+		ctx.APIErrorNotFound("gpg keys setting is not allowed to be changed")
 		return
 	}
 

routers/api/v1/user/helper.go

@@ -18,7 +18,7 @@ func GetUserByPathParam(ctx *context.APIContext, name string) *user_model.User {
 			if redirectUserID, err2 := user_model.LookupUserRedirect(ctx, username); err2 == nil {
 				context.RedirectToUser(ctx.Base, ctx.Doer, username, redirectUserID)
 			} else {
-				ctx.APIErrorNotFound("GetUserByName", err)
+				ctx.APIErrorNotFound()
 			}
 		} else {
 			ctx.APIErrorInternal(err)

routers/api/v1/user/key.go

@@ -6,7 +6,6 @@ package user
 
 import (
 	std_ctx "context"
-	"errors"
 	"net/http"
 
 	asymkey_model "gitea.dev/models/asymkey"
@@ -201,7 +200,7 @@ func GetPublicKey(ctx *context.APIContext) {
 // CreateUserPublicKey creates new public key to given user by ID.
 func CreateUserPublicKey(ctx *context.APIContext, form api.CreateKeyOption, uid int64) {
 	if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) {
-		ctx.APIErrorNotFound("Not Found", errors.New("ssh keys setting is not allowed to be visited"))
+		ctx.APIErrorNotFound("ssh keys setting is not allowed to be changed")
 		return
 	}
 
@@ -271,7 +270,7 @@ func DeletePublicKey(ctx *context.APIContext) {
 	//     "$ref": "#/responses/notFound"
 
 	if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) {
-		ctx.APIErrorNotFound("Not Found", errors.New("ssh keys setting is not allowed to be visited"))
+		ctx.APIErrorNotFound("ssh keys setting is not allowed to be changed")
 		return
 	}
 

routers/api/v1/user/user.go

@@ -117,7 +117,7 @@ func GetInfo(ctx *context.APIContext) {
 
 	if !user_model.IsUserVisibleToViewer(ctx, ctx.ContextUser, ctx.Doer) {
 		// fake ErrUserNotExist error message to not leak information about existence
-		ctx.APIErrorNotFound("GetUserByName", user_model.ErrUserNotExist{Name: ctx.PathParam("username")})
+		ctx.APIErrorNotFound()
 		return
 	}
 	ctx.JSON(http.StatusOK, convert.ToUser(ctx, ctx.ContextUser, ctx.Doer))

routers/web/repo/actions/actions.go

@@ -27,6 +27,7 @@ import (
 	"gitea.dev/modules/templates"
 	"gitea.dev/modules/util"
 	shared_user "gitea.dev/routers/web/shared/user"
+	actions_service "gitea.dev/services/actions"
 	"gitea.dev/services/context"
 	"gitea.dev/services/convert"
 
@@ -208,13 +209,21 @@ func prepareWorkflowTemplate(ctx *context.Context, commit *git.Commit) (workflow
 			if !hasJobWithoutNeeds && len(j.Needs()) == 0 {
 				hasJobWithoutNeeds = true
 			}
+			if j.Uses != "" {
+				if _, err := actions_service.ResolveUses(ctx, j.Uses); err != nil {
+					workflow.ErrMsg = ctx.Locale.TrString("actions.runs.invalid_reusable_workflow_uses", err.Error())
+					break
 				}
+			}
+		}
+		if workflow.ErrMsg == "" {
 			if !hasJobWithoutNeeds {
 				workflow.ErrMsg = ctx.Locale.TrString("actions.runs.no_job_without_needs")
 			}
 			if emptyJobsNumber == len(wf.Jobs) {
 				workflow.ErrMsg = ctx.Locale.TrString("actions.runs.no_job")
 			}
+		}
 		workflows = append(workflows, workflow)
 	}
 
@@ -352,7 +361,7 @@ func prepareWorkflowList(ctx *context.Context, workflows []WorkflowInfo, otherWo
 		return
 	}
 	for _, run := range runs {
-		if !run.Status.In(actions_model.StatusWaiting, actions_model.StatusRunning) {
+		if !run.Status.In(actions_model.StatusWaiting, actions_model.StatusRunning, actions_model.StatusBlocked) {
 			continue
 		}
 		jobs, err := actions_model.GetLatestAttemptJobsByRepoAndRunID(ctx, run.RepoID, run.ID)
@@ -361,13 +370,20 @@ func prepareWorkflowList(ctx *context.Context, workflows []WorkflowInfo, otherWo
 			return
 		}
 		for _, job := range jobs {
-			if !job.Status.IsWaiting() {
+			if !job.Status.In(actions_model.StatusWaiting, actions_model.StatusBlocked) {
 				continue
 			}
 			if err := actions.ValidateWorkflowContent(job.WorkflowPayload); err != nil {
 				runErrors[run.ID] = ctx.Locale.TrString("actions.runs.invalid_workflow_helper", err.Error())
 				break
 			}
+			if job.CallUses != "" {
+				if _, err := actions_service.ResolveUses(ctx, job.CallUses); err != nil {
+					runErrors[run.ID] = ctx.Locale.TrString("actions.runs.invalid_reusable_workflow_uses", err.Error())
+					break
+				}
+			}
+			if job.Status.IsWaiting() {
 				hasOnlineRunner := false
 				for _, runner := range runners {
 					if !runner.IsDisabled && runner.CanMatchLabels(job.RunsOn) {
@@ -381,6 +397,7 @@ func prepareWorkflowList(ctx *context.Context, workflows []WorkflowInfo, otherWo
 				}
 			}
 		}
+	}
 	ctx.Data["RunErrors"] = runErrors
 
 	ctx.Data["Runs"] = runs

services/actions/reusable_workflow.go

@@ -6,6 +6,7 @@ package actions
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	actions_model "gitea.dev/models/actions"
 	"gitea.dev/models/db"
@@ -15,7 +16,9 @@ import (
 	"gitea.dev/modules/actions/jobparser"
 	"gitea.dev/modules/container"
 	"gitea.dev/modules/gitrepo"
+	"gitea.dev/modules/httplib"
 	"gitea.dev/modules/json"
+	"gitea.dev/modules/setting"
 	api "gitea.dev/modules/structs"
 	"gitea.dev/modules/util"
 	"gitea.dev/services/convert"
@@ -149,10 +152,10 @@ func expandReusableWorkflowCaller(ctx context.Context, run *actions_model.Action
 		return fmt.Errorf("parse caller job %d: %w", caller.ID, err)
 	}
 
-	// 3. Load called-workflow source.
-	ref, err := jobparser.ParseUses(parsedJob.Uses)
+	// 3. Resolve `uses` and load called-workflow source.
+	ref, err := ResolveUses(ctx, parsedJob.Uses)
 	if err != nil {
-		return fmt.Errorf("parse uses %q: %w", parsedJob.Uses, err)
+		return fmt.Errorf("resolve uses %q: %w", parsedJob.Uses, err)
 	}
 	content, contentSourceRepoID, contentSourceCommitSHA, err := loadReusableWorkflowSource(ctx, run, caller, ref)
 	if err != nil {
@@ -340,3 +343,20 @@ func insertCallerChildren(ctx context.Context, run *actions_model.ActionRun, att
 	}
 	return nil
 }
+
+// ResolveUses normalizes and parses a reusable workflow `uses:` value.
+// It first rewrites an absolute URL pointing to this instance into the cross-repo form (rejecting external URLs),
+// then validates the syntax via jobparser.ParseUses.
+func ResolveUses(ctx context.Context, uses string) (*jobparser.UsesRef, error) {
+	// Rewrite a local-instance URL to the equivalent cross-repo form "owner/repo/.gitea/workflows/file.yml@ref".
+	if strings.HasPrefix(uses, "http://") || strings.HasPrefix(uses, "https://") {
+		// ParseGiteaSiteURL returns nil for URLs that do not belong to this instance.
+		gsu := httplib.ParseGiteaSiteURL(ctx, uses)
+		if gsu == nil {
+			return nil, fmt.Errorf("unsupported reusable workflow URL %q: an absolute URL must point to this Gitea instance (%s)", uses, setting.AppURL)
+		}
+		// RoutePath is the instance-relative path (AppSubURL already stripped), e.g. "/owner/repo/.gitea/workflows/file.yml@ref".
+		uses = strings.TrimPrefix(gsu.RoutePath, "/")
+	}
+	return jobparser.ParseUses(uses)
+}

services/actions/reusable_workflow_test.go

@@ -10,6 +10,9 @@ import (
 	actions_model "gitea.dev/models/actions"
 	"gitea.dev/models/db"
 	"gitea.dev/models/unittest"
+	"gitea.dev/modules/actions/jobparser"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/test"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -132,3 +135,44 @@ func buildCallerChain(t *testing.T, callerUses ...string) []*actions_model.Actio
 	}
 	return jobs
 }
+
+func TestResolveUses(t *testing.T) {
+	defer test.MockVariableValue(&setting.AppURL, "https://gitea.example.com/sub/")()
+	defer test.MockVariableValue(&setting.AppSubURL, "/sub")()
+	ctx := t.Context()
+
+	t.Run("LocalForms", func(t *testing.T) {
+		// Same-repo and cross-repo forms are not URLs and are parsed as-is.
+		ref, err := ResolveUses(ctx, "./.gitea/workflows/build.yml")
+		require.NoError(t, err)
+		assert.Equal(t, jobparser.UsesRef{Kind: jobparser.UsesKindLocalSameRepo, Path: ".gitea/workflows/build.yml"}, *ref)
+
+		ref, err = ResolveUses(ctx, "owner/repo/.gitea/workflows/build.yml@v1")
+		require.NoError(t, err)
+		assert.Equal(t, jobparser.UsesRef{Kind: jobparser.UsesKindLocalCrossRepo, Owner: "owner", Repo: "repo", Path: ".gitea/workflows/build.yml", Ref: "v1"}, *ref)
+	})
+
+	t.Run("LocalInstanceURL", func(t *testing.T) {
+		// An absolute URL on this instance (incl. AppSubURL) resolves to the equivalent cross-repo ref.
+		ref, err := ResolveUses(ctx, "https://gitea.example.com/sub/owner/repo/.gitea/workflows/ci.yml@refs/heads/main")
+		require.NoError(t, err)
+		assert.Equal(t, jobparser.UsesRef{Kind: jobparser.UsesKindLocalCrossRepo, Owner: "owner", Repo: "repo", Path: ".gitea/workflows/ci.yml", Ref: "refs/heads/main"}, *ref)
+	})
+
+	t.Run("InvalidSyntax", func(t *testing.T) {
+		for _, in := range []string{
+			"owner/.gitea/workflows/foo.yml",                                             // missing repo segment
+			"owner/repo/.gitea/workflows/foo.yml",                                        // missing @ref
+			"https://gitea.example.com/sub/repo/.gitea/workflows/ci.yml@refs/heads/main", // local absolute URL but missing owner
+			"not a valid uses at all",
+		} {
+			_, err := ResolveUses(ctx, in)
+			require.Error(t, err, "in = %s", in)
+		}
+	})
+
+	t.Run("ForeignURL", func(t *testing.T) {
+		_, err := ResolveUses(ctx, "https://other.gitea-example.com/owner/repo/.gitea/workflows/ci.yaml@v1")
+		assert.ErrorContains(t, err, "must point to this Gitea instance")
+	})
+}

services/context/api.go

@@ -138,26 +138,10 @@ func (ctx *APIContext) apiErrorInternal(skip int, err error) {
 }
 
 // APIErrorNotFound handles 404s for APIContext
-// String will replace message, errors will be added to a slice
-func (ctx *APIContext) APIErrorNotFound(objs ...any) {
-	var message string
-	var errs []string
-	for _, obj := range objs {
-		// Ignore nil
-		if obj == nil {
-			continue
-		}
-
-		if err, ok := obj.(error); ok {
-			errs = append(errs, err.Error())
-		} else {
-			message = obj.(string)
-		}
-	}
-	ctx.JSON(http.StatusNotFound, map[string]any{
-		"message": util.IfZero(message, "not found"), // do not use locale in API
-		"url":     setting.API.SwaggerURL,
-		"errors":  errs,
+func (ctx *APIContext) APIErrorNotFound(msg ...string) {
+	ctx.JSON(http.StatusNotFound, APIError{
+		Message: util.OptionalArg(msg, "not found"),
+		URL:     setting.API.SwaggerURL,
 	})
 }
 

services/wiki/wiki.go

@@ -7,7 +7,6 @@ package wiki
 import (
 	"context"
 	"fmt"
-	"os"
 
 	"gitea.dev/models/db"
 	repo_model "gitea.dev/models/repo"
@@ -21,6 +20,7 @@ import (
 	"gitea.dev/modules/graceful"
 	"gitea.dev/modules/log"
 	repo_module "gitea.dev/modules/repository"
+	"gitea.dev/modules/util"
 	asymkey_service "gitea.dev/services/asymkey"
 	repo_service "gitea.dev/services/repository"
 )
@@ -304,7 +304,7 @@ func DeleteWikiPage(ctx context.Context, doer *user_model.User, repo *repo_model
 			return err
 		}
 	} else {
-		return os.ErrNotExist
+		return util.ErrNotExist
 	}
 
 	// FIXME: The wiki doesn't have lfs support at present - if this changes need to check attributes here

tests/integration/api_user_org_perm_test.go

@@ -151,9 +151,7 @@ func testUnknownOrganization(t *testing.T) {
 
 	req := NewRequest(t, "GET", "/api/v1/users/user1/orgs/unknown/permissions").
 		AddTokenAuth(token)
-	resp := MakeRequest(t, req, http.StatusNotFound)
-	apiError := DecodeJSON(t, resp, &api.APIError{})
-	assert.Equal(t, "GetUserByName", apiError.Message)
+	MakeRequest(t, req, http.StatusNotFound)
 }
 
 func testHiddenMemberPermissionsForbidden(t *testing.T) {