- Rename OrgOverviewStats fields to match template expectations
- Add TotalStars field to show aggregate star count
- Add CountOrgRepoStars function to repo model
- Fix API struct and handler to use new field names
🤖 Generated with Claude Code
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add checkbox to mark SSL as handled externally (e.g., Cloudflare)
- Add Activate SSL button for verified domains with pending SSL
- Add SSLExternal option to API
- Useful when using CDN/reverse proxy that handles SSL certificates
- Remove omitempty from nested struct fields in PagesConfigResponse
- Remove unused ctx parameter from findUpdateAsset and convertToAPIRelease
- Simplify nil check for release.Attachments (len() handles nil)
- Use strings.EqualFold instead of strings.ToUpper for case-insensitive comparison
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add public_landing option to allow private repos to have public landing pages
- Add public_releases option to allow private repos to serve releases publicly
- Add /api/v2/repos/{owner}/{repo}/releases/update endpoint for Electron/Squirrel compatible app updates
- Add /api/v2/repos/{owner}/{repo}/pages/config and /content endpoints
- Add repoAssignmentWithPublicAccess middleware to bypass auth for public landing/releases
- Update README with documentation for new features
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add runner capability discovery API (v2) for AI tools to query before writing workflows
- Add release archive feature with filter toggle UI
- Add GitHub Actions compatibility layer with action aliasing
- Store runner capabilities JSON from act_runner Declare calls
- Add migrations for release archive and runner capabilities fields
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace fmt.Errorf with errors.New where no formatting needed
- Use slices.Sort instead of sort.Slice
- Use slices.Contains instead of manual loops
- Use strings.Cut/bytes.Cut instead of Index functions
- Use min() builtin instead of if statements
- Use range over int for iteration
- Replace interface{} with any
- Use strconv.FormatInt instead of fmt.Sprintf
- Fix gofumpt formatting (extra rules)
- Add SDK exclusions to .golangci.yml for standalone SDK package
- Check errors on ctx.Resp.Write calls
- Remove unused struct fields
- Remove unused function parameters
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- modules/pages/config.go: use slices.Contains for template validation
- modules/webhook/retry.go: use slices.Contains for retryable status codes
- routers/api/v1/org/profile.go: extract helper to remove duplicate code
- cmd/gitea-cli/cmd/upload.go: apply gofumpt formatting, add nolint directive for waitgroup
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- modules/operations: use modules/json, maps.Copy
- modules/circuitbreaker: use omitzero
- modules/structs: fix VerifiedAt omitzero tag
- routers/api/v1/repo: update VerifiedAt field name
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace encoding/json with modules/json (depguard)
- Add error handling for json.Unmarshal and WriteItem calls (errcheck)
- Use slices.Contains instead of manual loops (modernize)
- Use any instead of interface{} (modernize)
- Use min/max built-in functions (modernize)
- Use strings.FieldsSeq and strings.SplitSeq (modernize)
- Use range over int for loops (modernize)
- Use http.MethodOptions constant (usestdlibvars)
- Use tagged switch statements (staticcheck)
- Use += and /= operators (gocritic)
- Fix gofumpt formatting issues
- Remove unused streamLargeFile function
- Remove unused primaryLang parameter
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix wiki_index.go: use WebPathToGitPath/GitPathToWebPath instead of undefined functions
- Fix wiki_index.go: use gitrepo.OpenRepository pattern instead of repo.WikiPath()
- Fix wiki.go: use markdown.Render instead of undefined RenderWiki
- Fix wiki.go: use charset.ToUTF8WithFallbackReader instead of undefined ToUTF8Reader
- Fix wiki.go: use gitrepo.CommitsCount instead of undefined wikiRepo.CommitsCount
- Fix wiki.go: handle WebPathToUserTitle returning two values
- Fix gofmt formatting issues in v2 API files
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Phase 3: Organization Public Profile Page
- Pinned repositories with groups
- Public members display with roles
- API endpoints for pinned repos and groups
Phase 4: Gitea Pages Foundation
- Landing page templates (simple, docs, product, portfolio)
- Custom domain support with verification
- YAML configuration parser (.gitea/landing.yaml)
- Repository settings UI for pages
Phase 5: Enhanced Wiki System with V2 API
- Full CRUD operations via v2 API
- Full-text search with WikiIndex table
- Link graph visualization
- Wiki health metrics (orphaned, dead links, outdated)
- Designed for external AI plugin integration
- Developer guide for .NET integration
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This introduces a new v2 API at /api/v2/ with features designed for
AI agents and automation tools while maintaining full backward
compatibility with the existing v1 API.
New features:
- Structured error codes (70+ machine-readable codes) for precise
error handling by automated tools
- Scalar API documentation at /api/v2/docs (modern replacement for
Swagger UI)
- Batch operations for bulk file and repository fetching
- NDJSON streaming endpoints for files, commits, and issues
- AI context endpoints providing rich repository summaries,
navigation hints, and issue context
Files added:
- modules/errors/codes.go - Error code definitions and catalog
- modules/errors/api_error.go - Rich API error response builder
- routers/api/v2/api.go - v2 router with auth middleware
- routers/api/v2/docs.go - Scalar docs and OpenAPI spec
- routers/api/v2/batch.go - Batch file/repo operations
- routers/api/v2/streaming.go - NDJSON streaming endpoints
- routers/api/v2/ai_context.go - AI context endpoints
- routers/api/v2/misc.go - Version and user endpoints
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add X-Request-ID header middleware for request tracing
- Extracts from incoming headers or generates short UUID
- Included in all error responses for debugging
- Add rate limit headers (X-RateLimit-Limit/Remaining/Reset)
- Currently informational, configurable via API.RateLimitPerHour
- Prepared for future enforcement
- Add chunk checksum verification for uploads
- Optional X-Chunk-Checksum header with SHA-256 hash
- Verifies data integrity during chunked uploads
- Standardize error responses with RFC 7807 Problem Details
- Added type, title, status, detail, instance fields
- Maintains backward compatibility with legacy fields
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implement resumable chunked uploads to improve reliability for large file
uploads that may fail due to network issues or timeouts.
New API endpoints:
- POST /repos/{owner}/{repo}/releases/{id}/assets/upload-session
- PUT /repos/{owner}/{repo}/uploads/{session_id}/chunks/{chunk_number}
- GET /repos/{owner}/{repo}/uploads/{session_id}
- POST /repos/{owner}/{repo}/uploads/{session_id}/complete
- DELETE /repos/{owner}/{repo}/uploads/{session_id}
Features:
- Resumable uploads with session status tracking
- Out-of-order chunk uploads supported
- Configurable chunk size (default 10MB, max 100MB)
- Automatic cleanup of expired sessions (24h expiry, hourly cleanup)
- Progress tracking with bytes/chunks received counts
Files added:
- models/repo/upload_session.go - Session model and DB operations
- services/attachment/chunked.go - Chunk storage and assembly logic
- routers/api/v1/repo/upload.go - API endpoint handlers
- models/migrations/v1_26/v325.go - Database migration
- The compare page head title should be `compare` but not `new pull
request`.
- Use `UnstableGuessRefByShortName` instead of duplicated functions
calls.
- Direct-compare, tags, commits compare will not display `New Pull
Request` button any more.
The new screenshot
<img width="1459" height="391" alt="image"
src="https://github.com/user-attachments/assets/64e9b070-9c0b-41d1-b4b8-233b96270e1b"
/>
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
- Use `gitrepo.IsRepositoryExist` instead of `util.IsExit` or
`util.IsDir`
- Use `gitrepo.OpenRepository` instead of `git.OpenRepository`
- Use `gitrepo.DeleteRepository` instead of `util.RemoveAll`
- Use `gitrepo.RenameRepository` instead of `util.Rename`
This pull request adds an option to automatically verify SSH keys from
LDAP authentication sources.
This allows a correct authentication and verification workflow for
LDAP-enabled organizations; under normal circumstances SSH keys in LDAP
are not managed by users manually.
## Summary
This PR refactors the `SearchIssues` function in
`routers/api/v1/repo/issue.go` by extracting common logic into reusable
helper functions:
- `parseIssueIsClosed()`: Parses the "state" query parameter and returns
the corresponding `isClosed` option
- `parseIssueIsPull()`: Parses the "type" query parameter and returns
the corresponding `isPull` option
- `buildSearchIssuesRepoIDs()`: Builds the list of repository IDs for
issue search based on query parameters
### Benefits:
- Improved code readability
- Smaller, more focused functions
- Easier to test individual components
- Potential for reuse in other handlers
### Changes:
- Extracted 3 helper functions from the ~292 line `SearchIssues`
function
- No functional changes - behavior remains the same
- Proper error handling preserved
## Test plan
- [ ] Verify existing API tests pass
- [ ] Manual testing of `/repos/issues/search` endpoint
Ref: #35015
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Per-repository signing keys have never been officially supported, as
they would require users to modify the repository’s config file.
At this point, it is clear that only global signing keys (GPG or SSH)
should be allowed. If we want to introduce per-repository signing keys
in the future, it will require a complete design proposal.
The endpoint will not be removed for repository special signing key, but
it will reference the global signing key.
---------
Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Follow #36058 for API edit user bug when editing email.
- The Admin Edit User API includes a breaking change. Previously, when
updating a user with an email from an unallowed domain, the request
would succeed but return a warning in the response headers. Now, the
request will fail and return an error in the response body instead.
- Removed `AdminAddOrSetPrimaryEmailAddress` because it will not be used
any where.
Fix https://github.com/go-gitea/gitea/pull/36058#issuecomment-3600005186
---------
Co-authored-by: Giteabot <teabot@gitea.io>
/claim #35898Resolves#35898
### Summary of key changes:
1. Add file name search/Go to file functionality to repo button row.
2. Add backend functionality to delete directory
3. Add context menu for directories with functionality to copy path & delete a directory
4. Move Add/Upload file dropdown to right for parity with Github UI
5. Add tree view to the edit/upload UI
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Presently, attempting to rename a non-local (e.g. Oauth2 or LDAP) user
results in an error, even if the requester is an administrator. As far
as I can tell, this is a security feature, not architectural in nature,
as automatic account linking could be used to take control of another
user's account. This is not a concern for an administrator, who we
should trust to know what they are doing.
This patch allows admins, and only admins, to rename non-local users.
Fixes https://github.com/go-gitea/gitea/issues/18308 (sort of)
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Permission & protection check:
- Fix Delete Release permission check
- Fix Update Pull Request with rebase branch protection check
- Fix Issue Dependency permission check
- Fix Delete Comment History ID check
Information leaking:
- Show unified message for non-existing user and invalid password
- Fix#35984
- Don't expose release draft to non-writer users.
- Make API returns signature's email address instead of the user
profile's.
Auth & Login:
- Avoid GCM OAuth2 attempt when OAuth2 is disabled
- Fix#35510
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* use a single function to do Action Tokens Permission checks
* allows easier customization
* add basic tests
* lfs file locks should work now
---------
Signed-off-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
1. Fix incorrect column in `applySubscribedCondition`, add a test
2. Fix debian version parsing, add more tests fix#35695
3. Fix log level for HTTP errors, fix#35651
4. Fix abused "panic" handler in API `Migrate`
5. Fix the redirection from PR to issue, add a test
6. Fix Actions variable & secret name validation, add more tests
* envNameCIRegexMatch is unnecessary, removed
* validating in "delete" function doesn't make sense, removed
7. Fix incorrect link in release email
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
