Replace URL-embedded token authentication with http.extraheader configuration for git operations. This approach is more secure as tokens don't appear in URLs or logs.
Change from:
git clone https://token:SECRET@host/repo.git
To:
git -c "http.extraheader=Authorization: token SECRET" clone https://host/repo.git
Also switch to direct.git.marketally.com for vault repository access.
Add VAULT_TOKEN environment variable to vault sync steps and use token-based authentication when cloning gitcaddy-vault repository. Falls back to unauthenticated clone if token is not provided.
This enables CI builds to access the private vault repository using the RELEASE_TOKEN secret.
- Fix sync-vault.sh to export SERVER_DIR and VAULT_PATH for Python heredoc
- Sync all vault translations including vault.type_file and vault.compare keys
- Add compare.tmpl template for version comparison feature
- Update vault templates from vault plugin
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add scripts/sync-vault.sh to sync templates and locales from vault
- Update build.yml to run sync after checkout on all platforms
- Vault repo is source of truth, server receives at build time
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* Only generate bindata if necessary
* Only generate bindata if they are not up-to-date
* generate a hash of the fileinfo and use that to keep up-to-date
* Newer test is redundant
* handle missing bindata and clean
* Only update hash after successful write
* switch to sha1 hash
* Apply suggestions from code review
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Still use GOGS_WORK_DIR and GOGS_CUSTOM env variables
as a fallback if the equivalent GITEA_* are not set,
warning user about the need for change.
Does not change "gogs" to "gitea" in webhook type name
Because "gogs" hook type is part of the API (routes) and used
in templates...
Closes#87
Using this script:
1. Copy scripts/launchd/io.gogs.web.plist into /Library/LaunchDaemons
2. The script assumes Gogs is running under 'gogs' user and group, modify
/Library/LaunchDaemons/io.gogs.web.plist if you want to user different user.
3. The script assumes Gogs is installed in /Users/git/gogs, modify
/Library/LaunchDaemons/io.gogs.web.plist if you installed Gogs in different
location.
4. Once you are sure that running Gogs manually via `gogs web` works fine, run
it as a launchd service with:
sudo launchctl load -F /Library/LaunchDaemons/io.gogs.web.plist
From now on launchd will ensure Gogs is running, eg. when system is restarted.
If the init script is called with `status`, the rc.subr(8) routines check if
the first argument associated with the pid in the pidfile is equal to
`procname`. By default, `procname` is equal to the value of `command`. In our
case, `command` contains a space (i.e. has multiple arguments), so `procname`
can never be equal to the first argument of the command associated with the
pid.
Set `procname` to the first argument of `command` to fix the `status` command
of the init script.
- use start-stop-daemon's chuid feature insted of su
- using `su -c` breaks if the git user has no usable shell
- this fixes#1025
- put --test before --exec, instead it gets passed to gogs
- set cwd via --chdir
