main
2116
Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
   
|
63df886ba8 |
fix(actions): keep distinct commit statuses for workflows sharing a name (#37834)
## Summary Two Gitea Actions workflow files that share the same `name:` and same job name produced identical commit-status `Context` strings. Because `GetLatestCommitStatus` groups by `context_hash` (derived from `Context`), only one row was shown on the PR page — see #35699. GitHub displays both rows even though they look identical. This change does the same: the displayed `Context` is unchanged, but `ContextHash` now mixes in the workflow file path so the two statuses remain distinct in the dedupe query. ## Notes - Workflows that omit `name:` now use the workflow file name in the `Context` (e.g. `ci.yaml / build (push)`) instead of an empty `/ build (push)`. This changes the `Context` string for unnamed workflows, so any required-status-check rule that referenced the old string must be updated after upgrade. - For statuses created before this change (hashed from `Context` alone), `createCommitStatus` reuses that legacy hash when a matching row is still present, so in-flight pending statuses are superseded rather than orphaned on upgrade. Fixes #35699 --------- Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com> Co-authored-by: silverwind <me@silverwind.io> |
||
  
|
49a0d19fa3 |
feat(api): Add assignees APIs (#37330)
Follow https://docs.github.com/en/enterprise-server@3.20/rest/issues/assignees?apiVersion=2022-11-28 Fix #33576 And it also fixed some possible dead-lock problem. --------- Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: Nicolas <bircni@icloud.com> Co-authored-by: Zettat123 <zettat123@gmail.com> |
||
|
bircniandGitHub
|
699fe2ef43 |
fix(actions)!: require merged PR to bypass fork PR approval gate (#38010)
`ifNeedApproval` in `services/actions/notifier_helper.go` decided whether a fork PR's workflow run had to wait for maintainer approval. The bypass clause counted any prior `approved_by > 0` run for `(repo_id, trigger_user_id)`, so the very first Approve-and-run click on a contributor's fork PR permanently trusted that user for every future fork PR in the same repository — including PRs whose only change is the workflow YAML itself. Approving a workflow *run* is not the same as merging *code*. This change aligns the gate with GitHub Actions' first-time-contributor model: trust is granted only after the user has had a pull request merged in the repo. ## Behavior change - **Before**: one approval = permanent trust for that user in that repo. - **After**: every fork PR is gated until the contributor has at least one merged PR in the repo. Existing already-approved runs and merged PRs continue to work; only the trust criterion for *future* fork PRs changes. Maintainers who rely on the implicit "approve once" trust will see the approval banner reappear until they merge a PR from that contributor. |
||
|
|
3b1e75764e |
feat(actions): add job summaries (GITHUB_STEP_SUMMARY) (#37500)
- Add GitHub-style Actions **job summaries** support
(`GITHUB_STEP_SUMMARY` / `workflow/SUMMARY.md`) and render them on the
run Summary view.
- Store uploaded summaries internally in the DB (not as downloadable
artifacts).
- Add runtime-token endpoint for runners to upload summaries:
- `PUT
/api/actions_pipeline/_apis/pipelines/workflows/{run_id}/jobs/{job_id}/summary`
- Advertise support to runners via `RunnerService.Declare` response
header:
- `X-Gitea-Actions-Capabilities: job-summary`
- Devtest: extend `/devtest/repo-action-view/...` to include mock
`jobSummaries` for previewing UI rendering.
## Compatibility
- New Gitea + old runner: no summary upload → UI shows nothing (no
behavior change)
- New runner + old Gitea: capability not advertised → runner skips
upload (no behavior change)
## Screenshot:
<img width="2017" height="729"
src="https://github.com/user-attachments/assets/31f8b945-50c4-40e1-9f40-382901a53013"
/>
Fixes #23721
PR on gitea-runner https://gitea.com/gitea/runner/pulls/917
---------
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com>
|
||
 
|
54916f708e |
feat: Add avatar stacks (#37594)
Parse `Co-authored-by:` trailers from commit messages and surface contributors as an avatar stack across the commit page, commits list, PR commits tab, latest-commit row, blame, graph, and dashboard feed. - Up to 10 visible 20px avatars, GitHub-style overlap (6px first stride, 4px between subsequent), `+N` chip for the rest. - Label: 1 → name; 2 → `<a> and <b>`; 3+ → `<N> people` opens a Tippy popup with all participants. - Names and avatars link to the repo's commits-by-author search; fall back to profile or `mailto:`. - Trailer parsing uses `net/mail.ParseAddress`, scans only the trailing paragraph, filters out the commit's own author/committer. - Drops the non-standard `Co-committed-by:` emission on squash merge and web edits. Devtest: `/devtest/coauthor-avatars`. Fixes #25521 ---- <img width="353" height="277" alt="image" src="https://github.com/user-attachments/assets/72092ceb-97ca-4b09-9557-0b72d3c5458e" /> <img width="533" height="328" src="https://github.com/user-attachments/assets/11d0c8f8-8b3f-4f2e-9993-879f1c06bcc5" /> --------- Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io> |
||
|
wxiaoguangandGitHub
|
136f7d18aa |
fix: api error message (#38031)
Fix various abuses and mistakes |
||
|
|
60f66a9bfd |
enhance(actions): improve reusable workflow uses handling and cancellation (#37991)
Follow up #37478 ## Changes 1. #37478 doesn't support absolute URL in `uses`. This PR provides partial support for URL-style reusable workflow references. A reusable workflow can now be referenced by an absolute URL, as long as it points to the local Gitea instance: ```yaml jobs: call: uses: https://your-gitea.example.com/OWNER/REPO/.gitea/workflows/ci.yaml@v1 ``` 2. Show an error message in the UI for invalid `uses`. <img width="1600" alt="image" src="https://github.com/user-attachments/assets/21b34e61-bf10-4af1-b9fd-4ee4e9fde049" /> 3. Fix reusable caller cancellation issue. A reusable caller's status is aggregated from its children, so cancellation should processes a caller's descendants deepest-first. --------- Signed-off-by: Zettat123 <zettat123@gmail.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: bircni <bircni@icloud.com> Co-authored-by: Giteabot <teabot@gitea.io> |
||
|
|
ea35af1b68 |
fix: bound CODEOWNERS regex match time (#38011)
User-supplied CODEOWNERS patterns were compiled without a match timeout, so a crafted pattern (e.g. (a+)+) against a crafted file path could backtrack for tens of seconds inside the PR creation transaction and exhaust the database connection pool. Set MatchTimeout on each compiled rule; the caller already treats match errors as non-matches. --------- Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
5fe4f962e8 |
refactor(api): clarify APIError message usage and fix legacy lint error (#38012)
Avoid unclear & fragile "any" tricks, fix various abuses Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
|
c43eb7c33a |
fix(auth): do not auto-reactivate disabled users on OAuth2 callback (#38009)
The OAuth2 sign-in callback unconditionally set IsActive=true on the local user row whenever the IdP authenticated them, silently undoing an administrator's "Disable Account" action and granting the user a fresh session in the same response. Treat the local IsActive flag as an authoritative admin override: inactive users get a session and are routed through the existing activate / prohibit-login pages by verifyAuthWithOptions, matching the local-credentials sign-in path. Adds an integration regression test that disables a linked local user and asserts the row stays IsActive=false after a full OIDC callback. --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
743bbaa9c2 |
fix: refactor git error handling and make archive streaming handle non-existing commit id (#38007)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
b2748d7654 |
feat(ui): add "follow rename" to file commit history list (#34994)
Fix #28253 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
 Dawid GóraandGitHub
|
623bb81bb9 |
fix(releases): generate notes for initial tag (#37697)
Fixes https://github.com/go-gitea/gitea/issues/37286 Automatic release notes for the first release in a repository were empty when there was no previous tag. Before this change, the release notes generator used the tag name to build the changelog link, but reused that state for pull request collection. When `PreviousTag` was empty, the PR collection logic did not scan a useful commit range, so merged pull requests were omitted from the generated notes. This pull request fixes that by decoupling the internal PR collection range from the rendered changelog link: - when a previous tag exists, behavior stays unchanged - when no previous tag exists, release notes collect merged pull requests from the full reachable history up to the target tag - the displayed full changelog link for the first release still uses the existing `/commits/tag/{tag}` format Tests were updated to cover: - generating notes for a repository with no previous tags - including merged pull requests before the first tag - preserving existing behavior when a previous tag exists |
||
|
wxiaoguangandGitHub
|
fbaaac9c14 |
fix: remove "no-transfrom" from the cache-control header (#37985)
Cloudflare has officially removed the "auto-minify" feature https://community.cloudflare.com/t/655677, so we don't need such option anymore. Fix #34521 |
||
|
GiteabotandGitHub
|
ab2a72fe04 |
fix(deps): update module github.com/google/go-github/v87 to v88 (#37971)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/google/go-github/v87](https://redirect.github.com/google/go-github) | `v87.0.0` → `v88.0.0` |  |  | --- ### Release Notes <details> <summary>google/go-github (github.com/google/go-github/v87)</summary> ### [`v88.0.0`](https://redirect.github.com/google/go-github/releases/tag/v88.0.0) [Compare Source](https://redirect.github.com/google/go-github/compare/v87.0.0...v88.0.0) This release contains the following breaking API changes: - refactor!: Change app installation `Find*` methods to `Get*` ([#​4243](https://redirect.github.com/google/go-github/issues/4243)) BREAKING CHANGE: App installation methods are renamed from `Find*` to `Get*`. ...and the following additional changes: - chore: Bump version of go-github to v88.0.0 ([#​4245](https://redirect.github.com/google/go-github/issues/4245)) - chore: Update `openapi_operations.yaml` ([#​4242](https://redirect.github.com/google/go-github/issues/4242)) - feat: Add support for setting client URLs ([#​4240](https://redirect.github.com/google/go-github/issues/4240)) - refactor: Add constants for API versions ([#​4236](https://redirect.github.com/google/go-github/issues/4236)) - docs: Formatting and punctuation changes ([#​4235](https://redirect.github.com/google/go-github/issues/4235)) - feat: Add `GetParentIssue` for sub-issues ([#​4232](https://redirect.github.com/google/go-github/issues/4232)) - chore: Bump go-github from v86 to v87 in /scrape ([#​4234](https://redirect.github.com/google/go-github/issues/4234)) </details> --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> |
||
|
|
a39b2775ed |
test: speed up two tests (#37905)
Two test-only changes that cut the `-race` backend unit job's critical path, with no behavior change. - **`modules/auth/password/hash`** — `TestHashing`/`TestVectors` exercised the CPU-bound KDFs (scrypt `N=65536`, pbkdf2, bcrypt, argon2) serially on one core. Marking the subtests `t.Parallel()` fans them across cores. The hasher registry they read is only mutated by the non-parallel `Test_registerHasher`, so this is race-free. - **`services/release`** — `TestRelease_Update`/`TestRelease_createTag` slept `6x time.Sleep(2s)` only to cross the 1-second `CreatedUnix` boundary. Replaced with an advancing mocked clock (`timeutil.MockSet`), making the timestamp assertions deterministic and removing the real waits. --- This PR was written with the help of Claude Opus 4.8 Co-authored-by: Claude (Opus 4.8) <noreply@anthropic.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> |
||
|
|
4e5f43896e |
fix(auth): ignore stale OIDC external login links to organizations (#37875)
## Summary This fixes an OIDC sign-in edge case where a stale `external_login_user` record can still point to an organization or a deleted user. In that situation, Gitea may keep resolving the external login to the wrong account during sign-in. For affected instances, this matches the behavior reported in #36439 and #37812, where a user signing in with OIDC/Entra ID could appear as an organization, or hit a 404 after that organization was removed. ## What changed - validate the user resolved from `external_login_user` during OAuth2/OIDC login - ignore stale links when the linked user no longer exists - ignore stale links when the linked user is not an individual user - remove the stale external login row so the sign-in flow can relink the external account to the correct user ## Related - Fixes #37812 - Related to #36439 --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.8) <noreply@anthropic.com> |
||
|
|
0359746abe |
feat(actions)!: improve support for reusable workflows (#37478)
## Summary This PR improves reusable workflow support for Gitea Actions. The parsing of the called workflow now happens on Gitea side, not on the runner. When the caller becomes ready, Gitea fetches the called workflow source, parses it, and inserts each child job into the database as a `ActionRunJob` linked to the caller via `ParentCallJobID`. As a result, every callee job is dispatched as its own task and its logs surface as an independent job entry in the UI, rather than being inlined into the caller's "Set up job" step. This PR supports two kinds of `uses` : - same-repo call: `uses: ./.gitea/workflows/foo.yaml` - cross-repo call: `uses: OWNER/REPO/.gitea/workflows/foo.yaml@REF` ## **⚠️ BREAKING ⚠️** External reusable workflows (`uses: https://other-gitea-instance/OWNER/REPO/.gitea/workflows/test.yaml@REF`) are no longer supported. To keep using them, clone the repositories to the local instance. ## Main changes ### Execution model - Each caller job carries `IsReusableCaller=true` and won't be fetched by runners. - `ParentCallJobID` can link a called job to its caller. - Caller status is derived from its direct children. ### Workflow syntax - `jobparser` now supports parsing `on: workflow_call` trigger with `inputs:`, `outputs:`, and `secrets:` declarations. - **Max nesting depth**: capped at `MaxReusableCallLevels = 9`, which means a top-level caller may have at most 9 nested callers below it. - **Cycle prevention**: at expansion time, `checkCallerChain` walks the caller's ancestor chain via `ParentCallJobID` and rejects if the same `uses:` string appears anywhere upstream (`reusable workflow call cycle detected`). This catches both direct (`A -> A`) and indirect (`A -> B -> A`) cycles. ### Cross-repo access - To share reusable workflows from private repos, use `Collaborative Owners` introduced by #32562 ### Rerun semantics - `expandRerunJobIDs` partitions the latest attempt's jobs into: - a **rerun set**: jobs being rerun + downstream siblings within the same scope. - an **ancestor set**: reusable callers whose only *some* descendants are being rerun (the caller itself is not). - Cloning behavior for callers in `execRerunPlan`: - **Caller is fully rerun** (caller's `AttemptJobID` in `rerunSet`): none of its descendants are cloned. The caller is cloned with `IsCallerExpanded=false`, and re-expansion (which reinserts the children fresh) happens later when the resolver brings the caller to `Waiting` again. - **Caller is in ancestor set** (only some descendants rerun): the caller is pass-through (`Status` will be updated by its fresh children). Its non-rerun descendants are also pass-through clones (point `SourceTaskID` at the original task). Their `ParentCallJobID` is remapped to the new attempt's caller row. ### UI - Job list in `RepoActionView.vue` is now tree-shaped: callers indent their children. Callers default to collapsed. - New caller detail page using `WorkflowGraph` to show direct children only; the run summary's `WorkflowGraph` shows top-level callers and their immediate descendants. ### Known trade-offs - **Caller expansion runs inside the enclosing write transaction.** `expandReusableWorkflowCaller` performs a git read of the called workflow while holding the row locks that update the caller and insert its children. This is intentional: the caller-row update and child-row inserts must commit atomically. None of the call sites is hot (each caller is expanded once per attempt), so the trade-off is acceptable. - **A malformed `if:` expression on a job leaves it `Blocked` silently.** `evaluateJobIf` now runs server-side as part of resolver passes; deterministic expression errors (typos, undefined context fields) are logged but do not surface in the UI. This is the same behavior the resolver already had for concurrency-expression errors. Distinguishing transient DB errors from user-authored expression errors and writing the latter back as `StatusFailure` is a follow-up. #### Screenshots <img width="1600" alt="image" src="https://github.com/user-attachments/assets/bfaa9b7a-07e9-4127-8de9-a81f86e82828" /> <img width="1600" alt="image" src="https://github.com/user-attachments/assets/8af109b3-ef28-4b53-aaad-d4632b923224" /> ## References - https://docs.github.com/en/actions/how-tos/reuse-automations/reuse-workflows - https://docs.github.com/en/actions/reference/workflows-and-actions/reusing-workflow-configurations --- Replace #36388 --------- Signed-off-by: Zettat123 <zettat123@gmail.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
ea723fe482 |
enhance: Migrate remaining gopkg.in/yaml.v3 usages to go.yaml.in/yaml/v4 (#37866)
### Description Replaces all remaining direct `gopkg.in/yaml.v3` imports with `go.yaml.in/yaml/v4` across models, modules, routers, services, and integration tests. `gopkg.in/yaml.v3` moves from a direct to an indirect dependency in `go.mod`. #### API compatibility The yaml.Node type, node.Kind/node.Content traversal style (modules/markup/markdown/convertyaml.go), and the UnmarshalYAML(*yaml.Node) interface signature (modules/optional/serialization.go) are all preserved in v4 — no call-site changes were required beyond the import path. **Related:** - https://github.com/go-gitea/gitea/pull/36564#issuecomment-4526536805 --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.8) <noreply@anthropic.com> |
||
|
90d443b46c |
fix(actions): reject workflow_dispatch for workflows without that trigger (#37660)
## Summary Fixes #37528 This PR makes the workflow dispatch API reject workflows that do not declare `workflow_dispatch`. Previously, `POST /repos/{owner}/{repo}/actions/workflows/{workflow_id}/dispatches` could create an `ActionRun` for a workflow that only declared another event such as `push`. The service now validates that the target workflow has a `workflow_dispatch` trigger before inserting the run. The API maps that validation failure to `422 Unprocessable Entity`, matching existing validation failures in this handler. The regression test creates a push-only workflow, dispatches it through the public API, asserts the `workflow_dispatch` validation message, and verifies that no run was inserted. ## Disclosure Developed with assistance from OpenAI Codex. --------- Co-authored-by: Nicolas <bircni@icloud.com> |
||
|
|
49f88a4b9e |
feat(repo): split repository creation limit into user and org scopes (#37872)
## Background `MAX_CREATION_LIMIT` applies to whoever owns a new repository, with no distinction between individual users and organizations. Admins who want different limits for the two - most commonly "block personal repos but let orgs create freely" - currently have to set per-user / per-org overrides on every entity. ## Changes Adds two new `[repository]` settings: - `USER_MAX_CREATION_LIMIT`: global limit for individual users - `ORG_MAX_CREATION_LIMIT`: global limit for organizations `MAX_CREATION_LIMIT` is kept as a shortcut: when set, it becomes the default value for both new keys. When the new keys are explicitly configured, they take precedence. Deployments that only set `MAX_CREATION_LIMIT` see behavior identical to now. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> |
||
|
52fef74291 |
fix(frontend): resolve Vite assets by manifest source path (#37836)
In dev mode `/api/swagger` returned HTTP 500 (`Failed to locate local path for managed asset URI: css/swagger.css`): the backend synthesised asset keys from the Vite entry name instead of reading the manifest, which only worked by coincidence and broke once a source file name diverged from its entry name. This keys the manifest by its source path (e.g. `web_src/js/index.ts`) and resolves entries directly — hashed `file` in prod, dev-server source in dev. A new `AssetCSSLinks` helper renders a JS entry's stylesheet `<link>` tags from the manifest (the entry's CSS plus the CSS of its statically-imported chunks). Fixes: https://github.com/go-gitea/gitea/issues/37830 Fixes: https://github.com/go-gitea/gitea/pull/37832 Fixes: https://github.com/go-gitea/gitea/pull/37876 Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: prakhar0x01 <prakharporwal2004@gmail.com> Co-authored-by: Nicolas <bircni@icloud.com> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: Giteabot <teabot@gitea.io> |
||
|
Lunny XiaoandGitHub
|
0a3e7483a4 |
chore: Move gitea sdk from code.gitea.io/sdk/gitea -> gitea.dev/sdk (#37855)
- Use gitea.dev/sdk instead of code.gitea.io/sdk/gitea - Use gitea.dev/actions-proto-def instead of code.gitea.io/actions-proto-def |
||
|
|
f810e882a4 |
chore(deps): update chroma, regexp2 v2, replace dimiro1/reply (#37858)
- Update `github.com/alecthomas/chroma/v2` to `v2.25.0`. - Migrate `github.com/dlclark/regexp2` to `/v2` (incorporates https://github.com/go-gitea/gitea/pull/37664); drop the renovate pin. - Replace the unmaintained `github.com/dimiro1/reply` (the last consumer of `regexp2` v1 in our own code) with a small built-in reply parser for incoming mail. Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io> Co-authored-by: Nicolas <bircni@icloud.com> |
||
|
Lunny XiaoandGitHub
|
61b1a39efe | chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873) | ||
|
GiteabotandGitHub
|
821d3c4672 | fix(deps): update module github.com/google/go-github/v86 to v87 (#37845) | ||
|
0b3d7e2ba3 |
chore(deps): use maintained html2text package directly (#37842)
Currently unmaintained package `github.com/jaytaylor/html2text` is replaced using `replace` directive. Instead, the correct package `github.com/Necoro/html2text` should be referenced directly in code. --------- Co-authored-by: Giteabot <teabot@gitea.io> |
||
|
c9ce7e447c |
feat(actions): add before/after to PR synchronize event payload (#37827)
## Summary - Add `before` and `after` fields to `PullRequestPayload` for `synchronize` events - Thread push old/new commit SHAs through the PR synchronize notifier path (regular and Agit flows) - Populate the fields in webhook and Actions event payloads so workflows can access them via `github.event.before` and `github.event.after` Fixes #33395 --------- Co-authored-by: Cursor <cursoragent@cursor.com> |
||
|
dbf4828169 |
fix: add natural sort to sortTreeViewNodes (#37772)
Aligns the sorting behavior of view-file-tree with repo-files-table. Attachment below: <img width="427" height="713" alt="fix-bug-sort" src="https://github.com/user-attachments/assets/0da7d7b6-3970-459d-b3c0-f57200dc73b7" /> --------- Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Nicolas <bircni@icloud.com> |
||
|
wxiaoguangandGitHub
|
5ad70f79ba |
fix: package creation unique conflict (#37774)
fix #30973 |
||
|
|
f2a1271f16 |
fix: Unify public-only token filtering in API queries and repo access checks (#37118)
This PR closes remaining `public-only` token gaps in the API by making the restriction apply consistently across repository, organization, activity, notification, and authenticated `/api/v1/user/...` routes. Previously, `public-only` tokens were still able to: - receive private results from some list/search/self endpoints, - access repository data through ID-based lookups, - and reach several authenticated self routes that should remain unavailable for public-only access. This change treats `public-only` as a cross-cutting visibility boundary: - list/search endpoints now filter private resources consistently, - repository lookups enforce the same restriction even when addressed indirectly, - and self routes that inherently expose or mutate private account state now reject `public-only` tokens. --- Generated by a coding agent with Codex 5.2 --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
GiteabotandGitHub
|
3d95a2f028 |
fix(deps): update module github.com/google/go-github/v85 to v86 (#37754)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/google/go-github/v85](https://redirect.github.com/google/go-github) | `v85.0.0` → `v86.0.0` |  |  | --- ### Release Notes <details> <summary>google/go-github (github.com/google/go-github/v85)</summary> ### [`v86.0.0`](https://redirect.github.com/google/go-github/releases/tag/v86.0.0) [Compare Source](https://redirect.github.com/google/go-github/compare/v85.0.0...v86.0.0) This release contains the following breaking API changes: - feat!: Refactor request context ([#​4151](https://redirect.github.com/google/go-github/issues/4151)) BREAKING CHANGE: All internal calls now provide `Context` via the `Request` itself. - feat!: Add OIDC authentication support to `PrivateRegistries` ([#​4159](https://redirect.github.com/google/go-github/issues/4159)) BREAKING CHANGE: `PrivateRegistriesService` is updated to API version `2026-03-10` with struct and response changes. ...and the following additional changes: - chore: Bump version of `go-github` to `v86.0.0` ([#​4198](https://redirect.github.com/google/go-github/issues/4198)) - test: Fix invalid JSON payloads in actions workflow runs tests ([#​4197](https://redirect.github.com/google/go-github/issues/4197)) - feat: Add repo download contents sentinel errors ([#​4192](https://redirect.github.com/google/go-github/issues/4192)) - chore: Fix `otel` module name ([#​4187](https://redirect.github.com/google/go-github/issues/4187)) - feat: Add typed Copilot metrics download helpers ([#​4177](https://redirect.github.com/google/go-github/issues/4177)) - feat: Add `deploy_keys_enabled_for_repositories` and secret scanning custom link fields to `Organization` struct ([#​4188](https://redirect.github.com/google/go-github/issues/4188)) - refactor: Use `testJSONBody` helper for request body assertions in tests ([#​4183](https://redirect.github.com/google/go-github/issues/4183)) - build(deps): Bump github.com/getkin/kin-openapi from 0.135.0 to 0.137.0 in /tools ([#​4184](https://redirect.github.com/google/go-github/issues/4184)) - fix: Include `RetryAfter` in `AbuseRateLimitError.Error` output ([#​4181](https://redirect.github.com/google/go-github/issues/4181)) - fix: Handle string-typed reviewer `ID` in Ruleset API responses ([#​4178](https://redirect.github.com/google/go-github/issues/4178)) - feat: Add `ArchivedAt` field to `Organization` struct ([#​4179](https://redirect.github.com/google/go-github/issues/4179)) - feat: Add Copilot coding agent and content exclusion org endpoints ([#​4176](https://redirect.github.com/google/go-github/issues/4176)) - chore: Bump go-github from v84 to v85 in /scrape ([#​4174](https://redirect.github.com/google/go-github/issues/4174)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - Only on Monday (`* * * * 1`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> |
||
|
|
9648716f63 |
fix: Allow direct commits for unprotected files with push restrictions (#37657)
Fixes an issue where users could not commit changes on a file which is unprotected. Fixes: #37655 Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com> Co-authored-by: Giteabot <teabot@gitea.io> |
||
  CopilotGitHubcopilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>wxiaoguangwxiaoguang |
94e3482d1a |
chore(db): introduce db.Session and db.EngineMigration interfaces (#37746)
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: wxiaoguang <2114189+wxiaoguang@users.noreply.github.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
e7af84df72 |
feat: execute post run cleanup when workflow is cancelled (#37275)
## Fixes #36983 ## Summary 1. Add transitional `Cancelling` status (between `Running` and `Cancelled`); cancel flow marks active tasks `Cancelling`, runner finalizes to `Cancelled` on terminal result. 2. Taskless jobs cancel directly (no runner to finalize). 3. Runner-protocol responses map `Cancelling` → `RESULT_CANCELLED`. 4. Run/job aggregation treats `Cancelling` as active. 5. Status mapping/aggregation tests + en-US locale added. **Problem** When a workflow was cancelled from the UI, jobs were marked cancelled immediately, which could skip post-run cleanup behavior. ## Solution Use a transitional status path: Running → Cancelling → Cancelled This allows runner finalization and cleanup path execution before final terminal state. **Testing** > 1. go test -tags "sqlite sqlite_unlock_notify" ./models/actions -run "TestAggregateJobStatus|TestStatusAsResult|TestStatusFromResult" > 2. go run github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.11.4 run ./models/actions/... ./routers/api/actions/runner/... ## Related - act_runner: https://gitea.com/gitea/act_runner/pulls/825 — independent; this PR's capability gate keeps legacy runners on the immediate-cancel path. The new flow activates only for runners that advertise the `cancelling` capability. Co-authored-by: Nicolas <bircni@icloud.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: Zettat123 <zettat123@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io> |
||
|
|
33923a4d7c |
fix(web): enforce token scopes on raw, media, and attachment downloads (#37698)
This PR tightens token-scope enforcement for non-API download endpoints in the web layer. What it changes: - require `read:repository` for repository content downloads served from web routes such as: - `/raw/...` - `/media/...` - enforce attachment-specific scopes in `ServeAttachment`: - issue / pull request attachments require `read:issue` - release attachments require `read:repository` - centralize token-scope checks for web handlers with a shared context helper - add matrix-style integration coverage for: - public and private repository content downloads - `blob`, `branch`, `tag`, and `commit` download routes - global and repo-scoped attachment routes - `public-only` token behavior on public vs private resources Why: API tokens and OAuth access tokens can be used on some non-API web endpoints. Before this change, those endpoints relied on repository visibility and unit permissions, but did not consistently enforce the token’s declared scope. That allowed scoped tokens to access resources beyond their intended category through web download routes. --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: Nicolas <bircni@icloud.com> |
||
 
|
eb93981d45 |
feat: Add bypass allowlist for branch protection (#36514)
- Introduce a “Bypass Protection Allowlist” on branch rules (users/teams) alongside admins, with BlockAdminMergeOverride still respected. - Surface the allowlist in API (create/edit options, structs) and settings UI; merge box now shows the red button + message for bypass-capable users. - Apply bypass logic to merge checks and pre-receive so allowlisted users can override unmet approvals/status checks/ protected files when force-merging. - Add migration for new columns, locale strings, and unit tests (bypass helper; queue test tweak). <img width="1069" height="218" alt="image" src="https://github.com/user-attachments/assets/0b61bc2a-a27f-47f3-a923-613688008e65" /> Fixes #36476 --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Giteabot <teabot@gitea.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Codex GPT-5.3 <codex@openai.com> Co-authored-by: GPT-5.2 <noreply@openai.com> Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
 
|
96e0dc15a3 |
feat(oauth): Support AWS Cognito OAuth2 provider (#37607)
Using the standard OpenID Connect OAuth2 provider type doesn't work well for AWS Cognito. Most of the functionality works absolutely fine, however the query parameter `post_logout_redirect_uri` is not understood by Cognito and results in a bad experience when logging out. To combat this i've added a new `AWS Cognito` provider which is almost identical to the `Open ID Connect` type except it overrides the query parameter to `logout_uri` which is what Cognito expects. <img width="647" height="272" alt="image" src="https://github.com/user-attachments/assets/d4bb30e2-f25e-41a1-91cb-4efa67137c57" /> This then results in a nice experience logging out with no errors seen - even though the logout does succeed. Why AWS thought they would deviate from the OAuth spec in this particular area is beyond me... --------- Co-authored-by: Tom Thornton <tom.thornton@sony.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Nicolas <bircni@icloud.com> |
||
|
|
34fd3c9f06 |
feat: Add default PR branch update style setting (#37410)
Adds repository-level settings for pull request branch updates so admins can choose the default update method and disable merge or rebase updates. <img width="1025" height="158" src="https://github.com/user-attachments/assets/d030973b-0ddd-4035-b04f-145c445084d7" /> --------- Co-authored-by: OpenAI Codex (GPT-5) <codex@openai.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
CopilotGitHubcopilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>wxiaoguangwxiaoguang |
4e837fed97 |
chore(doctor): remove four obsolete doctor check implementations (#37728)
Removed check names: - disable-mirror-actions-unit - check-old-archives - synchronize-repo-heads - authorized-keys Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: wxiaoguang <2114189+wxiaoguang@users.noreply.github.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
|
3607516ce2 |
refactor(org): simplify owner-team org repo creation logic (#37727)
This change cleans up org repo-creation authorization by making owner-team membership sufficient regardless of `can_create_org_repo`, and removes the now-obsolete doctor fix for owner teams. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: wxiaoguang <2114189+wxiaoguang@users.noreply.github.com> |
||
|
|
cf0f25b798 |
fix(actions): deadlock between PrepareRunAndInsert and UpdateTaskByState (#37692)
Fix #36234 ## Bug Logs show `PrepareRunAndInsert: InsertRun: Error 1213: Deadlock found`, which `handleWorkflows` silently swallows via `log.Error + continue`, so the triggered run is dropped. ## Root cause The path `UpdateRun -> UpdateRepoRunsNumbers` runs the following SQL inside every status-changing transaction: ```sql UPDATE repository SET num_action_runs = (SELECT count(*) FROM action_run WHERE repo_id = N), num_closed_action_runs = (SELECT count(*) FROM action_run WHERE repo_id = N AND status IN (...)) WHERE id = N; ``` On any DB that treats subqueries inside an UPDATE as locking reads, this statement takes locks in two steps: 1. The outer UPDATE acquires an X lock on `repository[id=N]` 2. The embedded SELECT subqueries are evaluated as locking reads, taking S locks on every `action_run` row matching `repo_id = N` Two such concurrent transactions form a cycle via `repository[N]`: | Tx | Holds | Wants | Blocked by | |---|---|---|---| | A: `PrepareRunAndInsert` (push trigger) | X on inserted `action_run` row R_A; X on `repository[N]` (outer UPDATE already through step 1) | S on `action_run` rows for repo N (subquery, step 2) | B's X lock on R_B | | B: `UpdateTaskByState` (runner callback) | X on `action_run` row R_B (from `UpdateRun`) | X on `repository[N]` (outer UPDATE, step 1) | A's X lock on `repository[N]` | | **Cycle** | A waits for R_B; B waits for `repository[N]` | | deadlock error -> `handleWorkflows` swallows -> run lost | PostgreSQL's MVCC reads do not take these locks and SQLite serializes writers, so the symptom only surfaces on MySQL/MSSQL. ## Fix Split `UpdateRepoRunsNumbers` into small SQLs to avoid locking reads and move it out of DB transactions. --------- Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Nicolas <bircni@icloud.com> |
||
|
|
f9b7b65371 |
fix(security): enforce wiki git writes and LFS token access at request time (#37695)
This PR fixes two permission-checking gaps in Git and LFS request handling. ## What it changes - keep wiki Git HTTP pushes on the normal write-permission path, even when proc-receive support is enabled - revalidate LFS bearer token requests against the current user state and current repository permissions before allowing access - add regression coverage for unauthorized wiki HTTP pushes - add LFS tests for blocked users, revoked repository access, read-only upload attempts, and valid write access ## Why - wiki repositories should not inherit the relaxed refs/for handling used for normal code repositories - LFS authorization tokens should not remain usable after a user is disabled or loses repository access Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
5b3575a8be |
fix(repo): /generate must sync the branch table for the new repo (#37693)
Two bugs in GenerateGitContent, the function behind
`POST /api/v1/repos/{owner}/{template}/generate`:
1. The new repository's refs were not written `branch` DB table
2. The function re-fetched the new repo row from the database
but reassigned its local pointer
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
|
||
 
|
5c887d68ca |
feat(api): encrypt AWS creds (#37679)
## Description As mentioned in #37654 `AWSSecretAccessKey` are not encrypted and stored as is. ## Update Follow the existing `AuthToken` flow of setting the `Encrypted` fields, `Decrypting` them later and `Clearing` them at the end. Closes #37654 --------- Signed-off-by: Kausthubh J Rao <105716675+Exgene@users.noreply.github.com> Co-authored-by: Lauris B <lauris@nix.lv> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
|
510b729212 |
fix(deps): update go dependencies (major) (#37639)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/dlclark/regexp2](https://redirect.github.com/dlclark/regexp2) | `v1.12.0` → `v2.0.1` |  |  | | [github.com/google/go-github/v84](https://redirect.github.com/google/go-github) | `v84.0.0` → `v85.0.0` |  |  | | [gitlab.com/gitlab-org/api/client-go](https://gitlab.com/gitlab-org/api/client-go) | `v1.46.0` → `v2.24.1` |  |  | --- ### Release Notes <details> <summary>dlclark/regexp2 (github.com/dlclark/regexp2)</summary> ### [`v2.0.1`](https://redirect.github.com/dlclark/regexp2/compare/v2.0.0...v2.0.1) [Compare Source](https://redirect.github.com/dlclark/regexp2/compare/v2.0.0...v2.0.1) ### [`v2.0.0`](https://redirect.github.com/dlclark/regexp2/compare/v1.12.0...v2.0.0) [Compare Source](https://redirect.github.com/dlclark/regexp2/compare/v1.12.0...v2.0.0) </details> <details> <summary>google/go-github (github.com/google/go-github/v84)</summary> ### [`v85.0.0`](https://redirect.github.com/google/go-github/releases/tag/v85.0.0) [Compare Source](https://redirect.github.com/google/go-github/compare/v84.0.0...v85.0.0) This release contains the following breaking API changes: - fix!: Resolve inconsistent options for `create` and `update` on custom org role ([#​4075](https://redirect.github.com/google/go-github/issues/4075)) BREAKING CHANGE: `GetOrgRole`, `CreateCustomOrgRole`, and `UpdateCustomOrgRole` have new params and return values. - fix!: Change `id` from `int64` to `string` in `ActivityService.MarkThreadDone` ([#​4056](https://redirect.github.com/google/go-github/issues/4056)) BREAKING CHANGE: `ActivityService.MarkThreadDone` accepts `string` `id` instead of `int64`. ...and the following additional changes: - chore: Bump version of go-github to v85.0.0 ([#​4173](https://redirect.github.com/google/go-github/issues/4173)) - chore: Update `openapi_operations.yaml` ([#​4172](https://redirect.github.com/google/go-github/issues/4172)) - security: Reject cross-host redirects to prevent Authorization leak ([#​4171](https://redirect.github.com/google/go-github/issues/4171)) - chore: Improve GitHub Actions workflows lint and testing ([#​4169](https://redirect.github.com/google/go-github/issues/4169)) - chore: Switch legacy redirect handling to new pattern ([#​4161](https://redirect.github.com/google/go-github/issues/4161)) - feat: Add `CodeSecurity` to `SecurityAndAnalysis` ([#​4155](https://redirect.github.com/google/go-github/issues/4155)) - fix: Reject URL path segments containing ".." in all request methods ([#​4150](https://redirect.github.com/google/go-github/issues/4150)) - feat: Refactor repositories download contents ([#​4153](https://redirect.github.com/google/go-github/issues/4153)) - chore: Bump google.org/x/tools to v0.44.0 in /tools ([#​4168](https://redirect.github.com/google/go-github/issues/4168)) - docs: Fix broken blog post link ([#​4160](https://redirect.github.com/google/go-github/issues/4160)) - build(deps): Bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2.0.6 in /example ([#​4156](https://redirect.github.com/google/go-github/issues/4156)) - chore: Update openapi\_operations.yaml ([#​4157](https://redirect.github.com/google/go-github/issues/4157)) - feat: Remove Google App Engine standard support ([#​4152](https://redirect.github.com/google/go-github/issues/4152)) - feat: Add `DownloadCopilotMetrics` helper method ([#​4149](https://redirect.github.com/google/go-github/issues/4149)) - docs: Add `apiVersion` to GitHub API link ([#​4147](https://redirect.github.com/google/go-github/issues/4147)) - chore: Simplify `redundantptr` custom linter ([#​4148](https://redirect.github.com/google/go-github/issues/4148)) - docs: Deprecate old Copilot metrics endpoints closed on April 2, 2026 ([#​4137](https://redirect.github.com/google/go-github/issues/4137)) - refactor: Remove redundant `github.Ptr` calls ([#​4145](https://redirect.github.com/google/go-github/issues/4145)) - fix: Add missing `User` fields ([#​4146](https://redirect.github.com/google/go-github/issues/4146)) - fix: Preserve `Marketplace.Stubbed` during client copy ([#​4144](https://redirect.github.com/google/go-github/issues/4144)) - refactor: Simplify array copying ([#​4143](https://redirect.github.com/google/go-github/issues/4143)) - build(deps): Bump golang.org/x/crypto from 0.49.0 to 0.50.0 in /example ([#​4141](https://redirect.github.com/google/go-github/issues/4141)) - build(deps): Bump github.com/getkin/kin-openapi from 0.134.0 to 0.135.0 in /tools ([#​4142](https://redirect.github.com/google/go-github/issues/4142)) - build(deps): Bump golang.org/x/term from 0.41.0 to 0.42.0 in /example ([#​4140](https://redirect.github.com/google/go-github/issues/4140)) - build(deps): Bump golang.org/x/net from 0.52.0 to 0.53.0 in /scrape ([#​4139](https://redirect.github.com/google/go-github/issues/4139)) - build(deps): Bump go.opentelemetry.io/otel to v1.43.0 ([#​4135](https://redirect.github.com/google/go-github/issues/4135)) - fix: Expand `sanitizeURL` secrets redactions ([#​4126](https://redirect.github.com/google/go-github/issues/4126)) - build(deps): Bump github.com/alecthomas/kong from 1.14.0 to 1.15.0 in /tools ([#​4132](https://redirect.github.com/google/go-github/issues/4132)) - build(deps): Bump actions/setup-go from 6.3.0 to 6.4.0 in the actions group ([#​4131](https://redirect.github.com/google/go-github/issues/4131)) - feat: Add support for custom names and methods that return structs with multiple `[]*T` fields in `gen-iterators.go` ([#​4128](https://redirect.github.com/google/go-github/issues/4128)) - fix: Limit webhook payload size in `ValidatePayloadFromBody` ([#​4125](https://redirect.github.com/google/go-github/issues/4125)) - build(deps): Bump codecov/codecov-action from 5.5.3 to 6.0.0 ([#​4123](https://redirect.github.com/google/go-github/issues/4123)) - fix: Synchronize `requestCount` in rate limit tests ([#​4124](https://redirect.github.com/google/go-github/issues/4124)) - chore: Simplify `generate.sh` by removing `git worktree` and using generator-based check ([#​4120](https://redirect.github.com/google/go-github/issues/4120)) - docs: Improve comments in /examples ([#​4122](https://redirect.github.com/google/go-github/issues/4122)) - chore: Use `golangci-lint-action`; remove `newreposecretwithlibsodium` ([#​4119](https://redirect.github.com/google/go-github/issues/4119)) - feat: Add custom image endpoints for GitHub-hosted runners ([#​4101](https://redirect.github.com/google/go-github/issues/4101)) - chore: Cache custom golangci-lint binaries in GHA workflow ([#​4116](https://redirect.github.com/google/go-github/issues/4116)) - build(deps): Bump github.com/ProtonMail/go-crypto from 1.4.0 to 1.4.1 in /example ([#​4115](https://redirect.github.com/google/go-github/issues/4115)) - build(deps): Bump golang.org/x/tools from 0.29.0 to 0.43.0 in /tools/extraneous-new ([#​4114](https://redirect.github.com/google/go-github/issues/4114)) - build(deps): Bump codecov/codecov-action from 5.5.2 to 5.5.3 ([#​4112](https://redirect.github.com/google/go-github/issues/4112)) - build(deps): Bump github.com/golangci/plugin-module-register from 0.1.1 to 0.1.2 in /tools/extraneous-new ([#​4113](https://redirect.github.com/google/go-github/issues/4113)) - build(deps): Bump github.com/getkin/kin-openapi from 0.133.0 to 0.134.0 in /tools ([#​4111](https://redirect.github.com/google/go-github/issues/4111)) - build(deps): Bump github.com/PuerkitoBio/goquery from 1.11.0 to 1.12.0 in /scrape ([#​4110](https://redirect.github.com/google/go-github/issues/4110)) - chore: Upgrade deps for linters using dependabot ([#​4107](https://redirect.github.com/google/go-github/issues/4107)) - chore: Use `structfield.Settings` in `check-structfield-settings` ([#​4108](https://redirect.github.com/google/go-github/issues/4108)) - build(deps): Bump google.golang.org/grpc from 1.78.0 to 1.79.3 in /example ([#​4109](https://redirect.github.com/google/go-github/issues/4109)) - chore: Remove unnecessary use of `new` and `&SomeStruct{}` and add new `extraneousnew` custom linter ([#​4106](https://redirect.github.com/google/go-github/issues/4106)) - feat: Add `NetworkConfigurationID` and `HostedRunnersURL` to enterprise runner group types ([#​4099](https://redirect.github.com/google/go-github/issues/4099)) - feat: Generate accessors for all fields ([#​4105](https://redirect.github.com/google/go-github/issues/4105)) - feat: Add `ListRunnerGroupHostedRunners` for org runner groups ([#​4100](https://redirect.github.com/google/go-github/issues/4100)) - chore: Enable `default: none` linters; remove duplicated ([#​4097](https://redirect.github.com/google/go-github/issues/4097)) - fix: Use `Cursor` pagination for `*.ListHookDeliveriesIter` ([#​4096](https://redirect.github.com/google/go-github/issues/4096)) - chore: Remove duplicated formatters ([#​4094](https://redirect.github.com/google/go-github/issues/4094)) - chore: Fix typos in comments and tests ([#​4093](https://redirect.github.com/google/go-github/issues/4093)) - chore: Fix typo in CONTRIBUTING.md ([#​4092](https://redirect.github.com/google/go-github/issues/4092)) - chore: Update openapi\_operations.yaml ([#​4091](https://redirect.github.com/google/go-github/issues/4091)) - build(deps): Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.17.0 to 2.18.0 in /example ([#​4084](https://redirect.github.com/google/go-github/issues/4084)) - chore: Bump go.opentelemetry.io/otel to v1.42.0 ([#​4090](https://redirect.github.com/google/go-github/issues/4090)) - build(deps): Bump golang.org/x/crypto from 0.48.0 to 0.49.0 in /example ([#​4081](https://redirect.github.com/google/go-github/issues/4081)) - build(deps): Bump golang.org/x/sync from 0.19.0 to 0.20.0 in /tools ([#​4078](https://redirect.github.com/google/go-github/issues/4078)) - build(deps): Bump golang.org/x/net from 0.51.0 to 0.52.0 in /scrape ([#​4079](https://redirect.github.com/google/go-github/issues/4079)) - test: Add fuzz test for `ParseWebHook` ([#​4076](https://redirect.github.com/google/go-github/issues/4076)) - feat: Add enterprise budgets API ([#​4069](https://redirect.github.com/google/go-github/issues/4069)) - feat: Add list organization fine-grained permissions ([#​4072](https://redirect.github.com/google/go-github/issues/4072)) - feat: Make `script/lint.sh` output simpler to read ([#​4073](https://redirect.github.com/google/go-github/issues/4073)) - chore: Speed up linting ([#​4071](https://redirect.github.com/google/go-github/issues/4071)) - build(deps): Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.41.0 in /otel ([#​4065](https://redirect.github.com/google/go-github/issues/4065)) - build(deps): Bump go.opentelemetry.io/otel from 1.40.0 to 1.41.0 in /otel ([#​4068](https://redirect.github.com/google/go-github/issues/4068)) - build(deps): Bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.40.0 to 1.41.0 in /example ([#​4062](https://redirect.github.com/google/go-github/issues/4062)) - build(deps): Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.41.0 in /example ([#​4064](https://redirect.github.com/google/go-github/issues/4064)) - build(deps): Bump github.com/ProtonMail/go-crypto from 1.3.0 to 1.4.0 in /example ([#​4063](https://redirect.github.com/google/go-github/issues/4063)) - feat: Add `client_id` field to `App` ([#​4060](https://redirect.github.com/google/go-github/issues/4060)) - test: Simplify `CopilotService` tests ([#​4058](https://redirect.github.com/google/go-github/issues/4058)) - test: Fix flaky `TestDo_rateLimit_abuseRateLimitError_xRateLimitReset` ([#​4057](https://redirect.github.com/google/go-github/issues/4057)) - feat: Add support for enterprise audit log streaming API ([#​4035](https://redirect.github.com/google/go-github/issues/4035)) - feat: Add repository-level immutable releases settings ([#​4039](https://redirect.github.com/google/go-github/issues/4039)) - chore: Add `SAS` as a common initialism to `structfield` ([#​4054](https://redirect.github.com/google/go-github/issues/4054)) - fix: Fix data race on Windows ([#​4051](https://redirect.github.com/google/go-github/issues/4051)) - docs: Fix grammar in `README.md` ([#​4053](https://redirect.github.com/google/go-github/issues/4053)) - chore: Simplify form value assertions in tests ([#​4048](https://redirect.github.com/google/go-github/issues/4048)) - chore: Bump go-github from v83 to v84 in /scrape ([#​4050](https://redirect.github.com/google/go-github/issues/4050)) </details> <details> <summary>gitlab-org/api/client-go (gitlab.com/gitlab-org/api/client-go)</summary> ### [`v2.24.1`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.24.1) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.24.0...v2.24.1) #### 2.24.1 ##### 🐛 Bug Fixes - fix: add FormattedText field to OrbitGraphStatus and OrbitStatus ([!2876](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2876)) by [Dmitry Gruzd](https://gitlab.com/dgruzd) #### [2.24.1](https://gitlab.com/gitlab-org/api/client-go/compare/v2.24.0...v2.24.1) (2026-05-05) ##### Bug Fixes * add FormattedText field to OrbitGraphStatus and OrbitStatus ([9457ddc](https://gitlab.com/gitlab-org/api/client-go/commit/9457ddc690600ea50953bfb8df632ac0b39cd90c)) ### [`v2.24.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.24.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.23.0...v2.24.0) #### 2.24.0 ##### 🚀 Features - feat: Add search_type as attribute to search endpoints ([!2851](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2851)) by [Heidi Berry](https://gitlab.com/heidi.berry) ### [2.24.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.23.0...v2.24.0) (2026-05-04) ##### Features * Add search_type as attribute to search endpoints ([4d345e9](https://gitlab.com/gitlab-org/api/client-go/commit/4d345e9f76af8ebd016d3d55fbe039250a1fafb4)) ### [`v2.23.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.23.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.22.0...v2.23.0) #### 2.23.0 ##### 🚀 Features - feat: add OrbitService for Knowledge Graph endpoints ([!2870](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2870)) by [Dmitry Gruzd](https://gitlab.com/dgruzd) ##### 🔄 Other Changes - chore(deps): update module buf.build/go/protovalidate to v1.2.0 ([!2865](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2865)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [2.23.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.22.0...v2.23.0) (2026-05-04) ##### Features * add OrbitService for Knowledge Graph endpoints ([2ff460f](https://gitlab.com/gitlab-org/api/client-go/commit/2ff460f3a809e3ad9f2065b0144dfcb4d4f5e6d3)) ### [`v2.22.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.22.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.21.0...v2.22.0) #### 2.22.0 ##### 🚀 Features - Add package pipeline data. ([!2834](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2834)) by [Jimmy Spagnola](https://gitlab.com/jspagnola) ##### 🔄 Other Changes - chore(deps): update module golang.org/x/text to v0.36.0 ([!2874](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2874)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update golang docker tag ([!2873](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2873)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update docker docker tag to v29.4.1 ([!2869](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2869)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - refactor(no-release): use HTTP status code constants ([!2868](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2868)) by [Oleksandr Redko](https://gitlab.com/alexandear) ### [2.22.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.21.0...v2.22.0) (2026-05-04) ### [`v2.21.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.21.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.20.1...v2.21.0) #### 2.21.0 ##### 🚀 Features - Add BulkImports API functions and tests ([!2846](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2846)) by [Kalyaan Kanugula](https://gitlab.com/kalyaan09) ##### 🔄 Other Changes - Add missing `URLVariables` attribute to group_hooks ([!2866](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2866)) by [Mark Nessen](https://gitlab.com/mness) - docs: fix incorrect phrase 'to that' -> 'so' ([!2861](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2861)) by [Bob Singh](https://gitlab.com/bobsingh.dev) - docs: fix missing 'of' in contributing guide ([!2860](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2860)) by [Bob Singh](https://gitlab.com/bobsingh.dev) - style: remove duplicated wording in Go version sentence ([!2859](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2859)) by [Bob Singh](https://gitlab.com/bobsingh.dev) ### [2.21.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.20.1...v2.21.0) (2026-04-27) ### [`v2.20.1`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#2210-2026-04-27) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.20.0...v2.20.1) #### 2.20.1 ##### 🐛 Bug Fixes - Fix potential panic in MergeRequest.UnmarshalJSON label detail loop ([!2858](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2858)) by [Zubeen](https://gitlab.com/syedzubeen) #### [2.20.1](https://gitlab.com/gitlab-org/api/client-go/compare/v2.20.0...v2.20.1) (2026-04-20) #### 2.20.0 ##### 🚀 Features - Add missing system hook api options ([!2847](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2847)) by [Zack Knight](https://gitlab.com/zachkknowbe4) ##### 🔄 Other Changes - chore(deps): update docker docker tag to v29.4.0 ([!2854](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2854)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update module github.com/google/cel-go to v0.28.0 ([!2855](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2855)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [`v2.20.0`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#2210-2026-04-27) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.19.0...v2.20.0) #### 2.20.1 ##### 🐛 Bug Fixes - Fix potential panic in MergeRequest.UnmarshalJSON label detail loop ([!2858](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2858)) by [Zubeen](https://gitlab.com/syedzubeen) #### [2.20.1](https://gitlab.com/gitlab-org/api/client-go/compare/v2.20.0...v2.20.1) (2026-04-20) #### 2.20.0 ##### 🚀 Features - Add missing system hook api options ([!2847](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2847)) by [Zack Knight](https://gitlab.com/zachkknowbe4) ##### 🔄 Other Changes - chore(deps): update docker docker tag to v29.4.0 ([!2854](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2854)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update module github.com/google/cel-go to v0.28.0 ([!2855](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2855)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [`v2.19.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.19.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.18.0...v2.19.0) #### 2.19.0 ##### 🚀 Features - feat: Add PackageRegistryAccessLevel to Project structs ([!2852](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2852)) by [Caleb Madara](https://gitlab.com/calebmadara58) ### [2.19.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.18.0...v2.19.0) (2026-04-15) ##### Features * Add PackageRegistryAccessLevel to Project structs ([4ce63da](https://gitlab.com/gitlab-org/api/client-go/commit/4ce63da9528e6e0da40fd7240a41236a385d7bfe)) ### [`v2.18.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.18.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.17.0...v2.18.0) #### 2.18.0 ##### 🚀 Features - Feat: Add support for application setting secret_push_protection_available ([!2849](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2849)) by [Rizart Dona](https://gitlab.com/rizart_d) ##### 🔄 Other Changes - fix: Correct Example Section in README ([!2850](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2850)) by [Jonathan Bowe](https://gitlab.com/boweflex) ### [2.18.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.17.0...v2.18.0) (2026-04-14) ##### Bug Fixes * Correct Example Section in README ([c0759d9](https://gitlab.com/gitlab-org/api/client-go/commit/c0759d99b2eefbd4501a0e960530ee5a73ec0084)) ### [`v2.17.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.17.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.16.0...v2.17.0) #### 2.17.0 ##### 🚀 Features - Resolve "Add endpoint support for archiving/unarchiving groups" ([!2848](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2848)) by [Jonathan Bowe](https://gitlab.com/boweflex) ##### 🔄 Other Changes - chore(deps): update docker docker tag to v29.3.1 ([!2841](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2841)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(no-release): enable gocritic linter ([!2842](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2842)) by [Oleksandr Redko](https://gitlab.com/alexandear) - chore(deps): update module golang.org/x/oauth2 to v0.36.0 ([!2835](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2835)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update module golang.org/x/text to v0.35.0 ([!2837](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2837)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [2.17.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.16.0...v2.17.0) (2026-04-10) ### [`v2.16.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.16.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.15.0...v2.16.0) #### 2.16.0 ##### 🚀 Features - feat: Add PagesUniqueDomainDefaultEnabled to Settings API ([!2845](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2845)) by [Mohamed Mongy](https://gitlab.com/mohamedmongy96) ### [2.16.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.15.0...v2.16.0) (2026-04-04) ##### Features * Add PagesUniqueDomainDefaultEnabled to Settings API ([d27f3af](https://gitlab.com/gitlab-org/api/client-go/commit/d27f3af69ae8569117c51f716d00b3b116e9f88c)) ### [`v2.15.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.15.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.14.0...v2.15.0) #### 2.15.0 ##### 🚀 Features - feat: Add approved_at field in merge request approvals API ([!2844](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2844)) by [Mohamed Asan N](https://gitlab.com/hassyyy) ### [2.15.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.14.0...v2.15.0) (2026-04-04) ##### Features * Add approved_at field in merge request approvals API ([528ac9e](https://gitlab.com/gitlab-org/api/client-go/commit/528ac9ea36377454fcae3cd7eb27b9d47f69a1cd)) ### [`v2.14.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.14.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.13.0...v2.14.0) #### 2.14.0 ##### 🚀 Features - feat: add support for DisablePasswordAuthenticationForUsersWithSSOIdentities... ([!2839](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2839)) by [Lorenz Vonlanthen](https://gitlab.com/loelu) ### [2.14.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.13.0...v2.14.0) (2026-04-03) ##### Features * add support for DisablePasswordAuthenticationForUsersWithSSOIdentities... ([6b88f05](https://gitlab.com/gitlab-org/api/client-go/commit/6b88f05609dfc6861da406b205fe1c2750c0b3e8)) ### [`v2.13.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.13.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.12.0...v2.13.0) #### 2.13.0 ##### 🚀 Features - feat: Added WithAuthSourceStrategy option to allow configuring multiple token source priority ([!2815](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2815)) by [Павлов Александр](https://gitlab.com/alexpts) ### [2.13.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.12.0...v2.13.0) (2026-04-01) ##### Features * Added WithAuthSourceStrategy option to allow configuring multiple token source priority ([2261c80](https://gitlab.com/gitlab-org/api/client-go/commit/2261c80c289d94a0053997f203544847bc961f12)) ### [`v2.12.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.12.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.11.0...v2.12.0) #### 2.12.0 ##### 🚀 Features - fix: update HostKey field name to FingerprintSHA256 for consistency ([!2840](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2840)) by [Oleksandr Redko](https://gitlab.com/alexandear) - Add push mirror host_keys to the go client. ([!2832](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2832)) by [Jimmy Spagnola](https://gitlab.com/jspagnola) ##### 🔄 Other Changes - Fix: improve URL validation warning logging context and correct typo ([!2830](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2830)) by [Bob Singh](https://gitlab.com/bobsingh.dev) - chore(no-release): fix typos in comments and unexported function ([!2831](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2831)) by [Oleksandr Redko](https://gitlab.com/alexandear) ### [2.12.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.11.0...v2.12.0) (2026-04-01) ##### Bug Fixes * update HostKey field name to FingerprintSHA256 for consistency ([1b7fcfb](https://gitlab.com/gitlab-org/api/client-go/commit/1b7fcfb0ed002b007b8cadcc8e81ba529e48705b)) ### [`v2.11.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.11.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.10.0...v2.11.0) #### 2.11.0 ##### 🚀 Features - Deprecate project approval password auth, add reauth to approve ([!2825](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2825)) by [Heidi Berry](https://gitlab.com/heidi.berry) ##### 🔄 Other Changes - Fix typo in UpdateLabel comment ([!2827](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2827)) by [Bob Singh](https://gitlab.com/bobsingh.dev) - Fix runner comment typo ([!2828](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2828)) by [Bob Singh](https://gitlab.com/bobsingh.dev) ### [2.11.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.10.0...v2.11.0) (2026-03-30) ### [`v2.10.0`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#1380-2026-02-19) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.9.0...v2.10.0) ##### Features - **events:** Add missing parameters for label operations and update documentation links ([11b9f08](https://gitlab.com/gitlab-org/api/client-go/commit/11b9f08b37a4c2ada9413259282f163f28b94051)) - **labels:** add missing params and edit links ([ec1b92b](https://gitlab.com/gitlab-org/api/client-go/commit/ec1b92bff403c10446ab1ff6566a3a638871bb7e)) #### 1.37.0 ##### 🚀 Features - Support system & system\_action fields for merge event attributes ([!2737](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2737)) by [Artem Mikheev](https://gitlab.com/renbou) ##### 🔄 Other Changes - Update links of geo\_sites.go ([!2782](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2782)) by [Mohamed Mongy](https://gitlab.com/mohamedmongy96) - chore(deps): update dependency golangci-lint to v2.10.1 ([!2770](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2770)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update golangci/golangci-lint docker tag to v2.10.1 ([!2771](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2771)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update golangci/golangci-lint docker tag to v2.10.0 ([!2769](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2769)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update dependency golangci-lint to v2.10.0 ([!2768](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2768)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [`v2.9.0`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#1330-2026-02-13) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.8.0...v2.9.0) #### 1.32.0 ##### 🚀 Features - Implement endpoints for runner controller scopes ([!2758](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2758)) by [Timo Furrer](https://gitlab.com/timofurrer) ##### 🔄 Other Changes - test(namespaces): Address test feedback to simplify the test ([!2744](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2744)) by [Patrick Rice](https://gitlab.com/PatrickRice) - chore(deps): update golangci/golangci-lint docker tag to v2.9.0 ([!2755](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2755)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update dependency golangci-lint to v2.9.0 ([!2754](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2754)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [`v2.8.0`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#1130-2026-01-12) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.7.0...v2.8.0) ##### Features - **groups:** add Active parameter to ListGroupProjects ([dec511a](https://gitlab.com/gitlab-org/api/client-go/commit/dec511a199b0adb7ba87f5a02a50651049b68b71)) #### 1.12.0 ##### 🚀 Features - feat: add EmojiEvents field support to Project Webhooks ([!2653](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2653)) by [Yugan](https://gitlab.com/yugannkt) ##### 🔄 Other Changes - chore(deps): update dependency golangci-lint to v2.8.0 ([!2650](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2650)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - refactor(no-release): use errors.New instead of fmt.Errorf ([!2644](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2644)) by [Oleksandr Redko](https://gitlab.com/alexandear) ### [`v2.7.0`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#170-2025-12-06) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.6.0...v2.7.0) ##### Features - **users:** Add support for a user to see only one file diff per page ([e2a9e09](https://gitlab.com/gitlab-org/api/client-go/commit/e2a9e09e79e7949e0b19dcfc97e3b7b533541856)) #### 1.6.0 ##### 🚀 Features - feat: add admin compliance policy settings API ([!2610](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2610)) by [Hannes Lange](https://gitlab.com/hlange4) ##### 🔄 Other Changes - doc: fix typo ([!2603](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2603)) by [Guilhem Bonnefille](https://gitlab.com/gbonnefille) - chore(deps): update golangci/golangci-lint docker tag to v2.7.1 ([!2611](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2611)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update docker docker tag to v29.1.2 ([!2609](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2609)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update golangci/golangci-lint docker tag to v2.7.0 ([!2608](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2608)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [`v2.6.0`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#01590-2025-11-04) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.5.0...v2.6.0) ##### Features - **integrations:** add group integration API endpoints for Jira ([09e18ee](https://gitlab.com/gitlab-org/api/client-go/commit/09e18ee598bb7805ac8221f6a05426b1785f9011)) #### 0.158.0 ##### 🚀 Features - Add support to send variables for GraphQL queries ([!2562](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2562)) by [rafasf](https://gitlab.com/rafasf) ##### 🔄 Other Changes - chore(deps): update module cel.dev/expr to v0.25.0 ([!2560](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2560)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(no-release): standardize GitLab name capitalization ([!2551](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2551)) by [Zubeen](https://gitlab.com/syedzubeen) - chore(deps): update golangci/golangci-lint docker tag to v2.6.0 ([!2558](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2558)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - refactor: moved comments to interface 2 ([!2557](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2557)) by [Zubeen](https://gitlab.com/syedzubeen) - refactor: moved comments to interface ([!2556](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2556)) by [Zubeen](https://gitlab.com/syedzubeen) - refactor(test): avoid panic in tests with goroutines ([!2553](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2553)) by [Oleksandr Redko](https://gitlab.com/alexandear) ### [`v2.5.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.5.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.4.0...v2.5.0) #### 2.5.0 ##### 🚀 Features - feat(workitems): Implement `UpdateWorkItem()` ([!2793](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2793)) by [Carlos Corona](https://gitlab.com/ccorona2) ##### 🔄 Other Changes - chore(deps): update dependency golangci-lint to v2.11.2 ([!2810](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2810)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - test(no-release): replace reflect.DeepEqual with testify ([!2809](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2809)) by [Oleksandr Redko](https://gitlab.com/alexandear) - feat: allow OAuth success callback page to self-close when possible ([!2808](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2808)) by [Case Taintor](https://gitlab.com/case.taintor) - chore(deps): update dependency golangci-lint to v2.11.1 ([!2806](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2806)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [2.5.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.4.0...v2.5.0) (2026-03-09) ##### Features * allow OAuth success callback page to self-close when possible ([dca2e12](https://gitlab.com/gitlab-org/api/client-go/commit/dca2e12095fe0c2f185784469a8ea904db1a1be5)) * **workitems:** Implement `UpdateWorkItem()` ([b93a55e](https://gitlab.com/gitlab-org/api/client-go/commit/b93a55e316ae95db3d23ff404c46c081db0ad3c7)) ### [`v2.4.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.4.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.3.0...v2.4.0) #### 2.4.0 ##### 🚀 Features - Reflect latest runner controller API changes ([!2803](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2803)) by [Timo Furrer](https://gitlab.com/timofurrer) ##### 🔄 Other Changes - chore(deps): update docker docker tag to v29.3.0 ([!2804](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2804)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [2.4.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.3.0...v2.4.0) (2026-03-06) ### [`v2.3.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.3.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.2.1...v2.3.0) #### 2.3.0 ##### 🚀 Features - feat: add new endpoint for fetching all the runner manager information ([!2802](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2802)) by [Aayush](https://gitlab.com/Aayush-Saini) ### [2.3.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.2.1...v2.3.0) (2026-03-05) ##### Features * add new endpoint for fetching all the runner manager information ([d4755b7](https://gitlab.com/gitlab-org/api/client-go/commit/d4755b7966efe4d0c9c7c849f4918d8f21e92163)) ### [`v2.2.1`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#230-2026-03-05) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.2.0...v2.2.1) ##### Features - add new endpoint for fetching all the runner manager information ([d4755b7](https://gitlab.com/gitlab-org/api/client-go/commit/d4755b7966efe4d0c9c7c849f4918d8f21e92163)) #### 2.2.1 ##### 🐛 Bug Fixes - fix: Add `/v2` suffix to module path. ([!2801](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2801)) by [Florian Forster](https://gitlab.com/fforster) #### [2.2.1](https://gitlab.com/gitlab-org/api/client-go/compare/v2.2.0...v2.2.1) (2026-03-04) ##### Bug Fixes - Add `/v2` suffix to module path. ([4237f6a](https://gitlab.com/gitlab-org/api/client-go/commit/4237f6aa292dd8a8eeeca64adeac1a1f121293a6)), closes [#​2239](https://gitlab.com/gitlab-org/api/client-go/issues/2239) #### 2.2.0 ##### 🚀 Features - feat(workitems): Implement `CreateWorkItem()`. ([!2751](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2751)) by [Florian Forster](https://gitlab.com/fforster) ### [`v2.2.0`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#230-2026-03-05) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.1.0...v2.2.0) ##### Features - add new endpoint for fetching all the runner manager information ([d4755b7](https://gitlab.com/gitlab-org/api/client-go/commit/d4755b7966efe4d0c9c7c849f4918d8f21e92163)) #### 2.2.1 ##### 🐛 Bug Fixes - fix: Add `/v2` suffix to module path. ([!2801](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2801)) by [Florian Forster](https://gitlab.com/fforster) #### [2.2.1](https://gitlab.com/gitlab-org/api/client-go/compare/v2.2.0...v2.2.1) (2026-03-04) ##### Bug Fixes - Add `/v2` suffix to module path. ([4237f6a](https://gitlab.com/gitlab-org/api/client-go/commit/4237f6aa292dd8a8eeeca64adeac1a1f121293a6)), closes [#​2239](https://gitlab.com/gitlab-org/api/client-go/issues/2239) #### 2.2.0 ##### 🚀 Features - feat(workitems): Implement `CreateWorkItem()`. ([!2751](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2751)) by [Florian Forster](https://gitlab.com/fforster) ### [`v2.1.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.1.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.0.0...v2.1.0) #### 2.1.0 ##### 🚀 Features - feat(workitems): Add more fields to WorkItem ([!2795](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2795)) by [Florian Forster](https://gitlab.com/fforster) ##### 🔄 Other Changes - Implement body preserver to enable HTTP response body streaming ([!2746](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2746)) by [Timo Furrer](https://gitlab.com/timofurrer) ### [2.1.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.0.0...v2.1.0) (2026-03-03) ##### Features * **workitems:** Add more fields to WorkItem ([7088f6f](https://gitlab.com/gitlab-org/api/client-go/commit/7088f6f22945efd7b87a473e0e5ec9dade34c811)) ### [`v2.0.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.0.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v1.46.0...v2.0.0) #### 2.0.0 ##### 💥 Breaking Changes - Release client-go 2.0 ([!2763](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2763)) by [Patrick Rice](https://gitlab.com/PatrickRice) ##### 🔄 Other Changes - Addtl 2 0 changes ([!2796](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2796)) by [Patrick Rice](https://gitlab.com/PatrickRice) ### [2.0.0](https://gitlab.com/gitlab-org/api/client-go/compare/v1.46.0...v2.0.0) (2026-03-02) * Release client-go 2.0 ([47b65ee](https://gitlab.com/gitlab-org/api/client-go/commit/47b65ee9079e2cdb328eb381a7b9bd1ef6801dd0)) ##### Bug Fixes * **ci:** update gocover-cobertura to v1.4.0 for Go 1.24+ compatibility ([1d03b20](https://gitlab.com/gitlab-org/api/client-go/commit/1d03b20802fb2fcb64e5c7a322bbea7b475fd11c)) * **group_members:** using ISOTime instead of time.Time for BillableUserMembership.ExpiresAt ([e7e58c6](https://gitlab.com/gitlab-org/api/client-go/commit/e7e58c69c1c22c91aa75f85816dd835e0163b839)) * package protection access level variable type ([5574bbb](https://gitlab.com/gitlab-org/api/client-go/commit/5574bbbf2f63b47d67ddfbf98528a3f1bad8e3c3)) * **workitems:** Handle absent status widget in `WorkItem`. ([859fb26](https://gitlab.com/gitlab-org/api/client-go/commit/859fb26f2896ae803343366ad575656a8b7aafad)) ##### Features * use Nullable[int64] for label priority ([096ed09](https://gitlab.com/gitlab-org/api/client-go/commit/096ed098d18dd1e5445bf5d9a953290f2b08a6dc)) ##### BREAKING CHANGES * Release 2.0 </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - Only on Monday (`* * * * 1`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
67f86bc3fe |
feat(api): add last_sync to repository API (#37566)
This PR adds a new repository API field, `mirror_last_sync_at`, to expose the timestamp of the last successful pull mirror sync. Unlike `mirror_updated`, this field does not affect mirror scheduling and is updated only after a successful pull sync. Failed sync attempts leave the value unchanged. What changed - added `mirror_last_sync_at` to the repository API response - updated pull mirror sync flow to persist the timestamp only on successful sync - kept `mirror_updated` behavior unchanged for queue/scheduling purposes `mirror_updated` is currently tied to mirror queue behavior, so it cannot safely represent the last successful sync time. The new field makes that state explicit for API consumers without changing scheduling semantics. --------- Signed-off-by: pomidorry <106489913+Pomidorry@users.noreply.github.com> Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io> |
||
|
|
0a3aaeafe7 |
refactor(log): replace log.Critical with log.Error (#37624)
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: wxiaoguang <2114189+wxiaoguang@users.noreply.github.com> |
||
|
|
ce089f498b |
fix: improve actions status icons and texts (#37206)
Action runs, jobs and steps have 8 statuses but the UI only showed 5
(from the commit status api) for the latter two. Align all 8 to GitHub
as closely as possible:
- waiting — `octicon-circle` (hollow circle), gray
- blocked — `octicon-blocked` (slashed circle), yellow
- running — `gitea-running` (rotating spinner), yellow
- cancelled — `octicon-stop` (gray), was `octicon-x` (red)
Descriptions also aligned with GitHub:
- "Has started running" → "In progress"
- "Has been cancelled" → "Cancelled after {dur}"
- "Has been skipped" → "Skipped"
Fixes: https://github.com/go-gitea/gitea/issues/32228
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Signed-off-by: silverwind <me@silverwind.io>
Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Nicolas <bircni@icloud.com>
|
||
|
|
29676adfd3 |
fix: treat email addresses case-insensitively (#37600)
Fixes #36184 and three more discovered cases. --- This PR was written with the help of Claude Opus 4.7 --------- Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Nicolas <bircni@icloud.com> |