chore: merge dev into main [skip ci] #104

Merged

jmiller merged 15 commits from dev into main 2026-05-30 15:49:21 +00:00

Conversation 0 Commits 15 Files Changed 28

+884 -1340

jmiller commented 2026-05-16 14:16:21 +00:00

Owner

Copy Link

Copy Source

No description provided.

jmiller force-pushed dev from 97e56cb372 to 83244e8361 2026-05-25 23:45:54 +00:00 Compare

jmiller added 7 commits 2026-05-26 00:08:15 +00:00

chore: bump updates.xml to v05.00.00 ... be5c2d35a5

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

chore: align update streams to standard channels (dev/alpha/beta/rc/stable) ... 8ad1b8a110

Matches the Joomla update server pattern used across all Moko repos.
Removed the non-standard 'security' channel. All five standard
channels now present in updates.xml.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

feat: update channel selector dropdown on admin dashboard ... 8509932b41

Add a dropdown on the admin dashboard to switch between update streams
(stable, rc, beta, alpha, development) matching the Joomla pattern.

Changes:
- Admin dashboard shows channel selector with descriptions
- POST handler validates and applies channel change in-memory
- Triggers immediate re-check against updates.xml after switch
- updates.xml has all 5 standard channels with descriptions

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

test: bump dev channel to 06.00.00-dev to test update checker ... 07827bcc2e

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

feat: email admin when MokoGitea update is detected ... 13352e7213

The update checker now emails the first admin user when a new version
is found on the configured channel. Notifications are deduplicated —
only sent once per new version, not on every cron tick.

- Added NotifyFunc callback in updatechecker module
- Wired to mailer in cron task registration
- Created mail_update.go with plain-text email including version,
  channel, release URL, and docker pull command

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

feat: add ntfy push notification for update checker ... 49fe3cf6eb

Update notifications now go through three channels:
- Admin dashboard banner (existing)
- Email to admin (added in previous commit)
- ntfy push notification (new)

Configure in app.ini:
  [ntfy]
  ENABLED = true
  SERVER_URL = https://ntfy.mokoconsulting.tech
  DEFAULT_TOPIC = mokogitea
  TOKEN = (optional bearer token)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'feat: update checker channels, email + ntfy notifications' (#173) from feat/update-checker-channels into dev b74cf800ef

jmiller added 2 commits 2026-05-26 00:08:56 +00:00

feat: auto-generate SHA256 checksums for release attachments ... 90f612f211

When a release is created or updated with attachments, automatically
compute SHA256 checksums for every file and attach a checksums.sha256
manifest file. The manifest follows the standard sha256sum format:
  <hash>  <filename>

Existing checksums.sha256 files are replaced when attachments change.
Checksums are generated for both CreateRelease and UpdateRelease flows.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'feat: auto-generate SHA256 checksums for release attachments' (#174) from feat/release-sha-checksums into dev 30e16cccc1

jmiller added 2 commits 2026-05-26 00:15:59 +00:00

fix: generate checksums on API asset upload, not just CreateRelease ... a847129f9c

The API endpoint POST /releases/{id}/assets bypasses CreateRelease
and UpdateRelease, so checksums were not generated for API uploads.
Added GenerateReleaseChecksums call after successful asset upload.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'fix: generate checksums on API asset upload' (#175) from feat/release-sha-checksums into dev 64e1e37e20

jmiller added 2 commits 2026-05-26 00:35:16 +00:00

feat(ci): enable maintenance mode during deployments ... d55b79a9ff

The deploy workflow now:
1. Enables maintenance mode before building (users see maintenance page)
2. Builds, pushes, and restarts the container
3. Disables maintenance mode after health check passes (if: always)

Uses Gitea's built-in maintenance mode via admin config API.
If the instance is already down, the enable step gracefully warns
instead of failing. The disable step runs even if deploy fails
to avoid leaving the instance in maintenance mode.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'feat(ci): enable maintenance mode during deployments' (#177) from feat/deploy-maintenance-mode into dev 592a71968f

jmiller added 2 commits 2026-05-26 00:56:27 +00:00

feat(ci): auto-update updates.xml on production deploy ... d97955394f

After a successful production deployment, the deploy workflow now
automatically updates updates.xml on main with the new version,
release URL, and docker image tag for the stable channel.

Dev deployments skip this step — only production releases update
the stable channel.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'feat(ci): auto-update updates.xml on production deploy' (#179) from feat/auto-update-xml into dev a45be34139

jmiller added 2 commits 2026-05-26 01:57:33 +00:00

fix: populate org home sidebar with members, teams, and public member status (#183) ... b5defc2a4a

The org home page template expects .Members, .NumMembers, .Teams,
.IsOrganizationMember, .IsOrganizationOwner, and .IsPublicMember
but the handler only set OrgOverviewMembers and OrgOverviewTeams
(different key names). The sidebar rendered empty because the
template variables were undefined.

Fixed by adding all required data bindings and capturing the
membersIsPublic map (previously discarded) as a callable function.

Closes #183

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'fix: org sidebar not listing members or teams (#183)' (#184) from fix/183-org-sidebar into dev 4ec61ec260

jmiller added 2 commits 2026-05-26 02:13:43 +00:00

feat: admin branding page with uploadable nav icon, logo, and favicon (#181) ... d77713dd77

Add a Branding section to Site Administration where admins can upload
custom images for three separate slots:

- Nav icon (logo-small.png) — top-left corner, 30x30px
- Login logo (logo.png) — login page and homepage
- Favicon (favicon.png) — browser tab icon

Changes:
- New admin route: /-/admin/branding with upload forms
- Templates use AssetUrlPrefix instead of hardcoded external URLs
- Nav bar uses logo-small.png with fallback to logo.png
- Uploads save to custom/public/assets/img/ (persists across restarts)
- SVG overrides auto-removed when PNG is uploaded
- Added logo-small.png as default built-in asset

Closes #181

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'feat: admin branding page with uploadable images (#181)' (#182) from feat/181-admin-branding into dev 4ef4aeb04a

jmiller added 3 commits 2026-05-26 02:35:44 +00:00

feat: rebrand Gitea to MokoGitea across all 28 locale files, fix branding page layout ... dcef668e9d

Locale changes:
- Renamed "Gitea" -> "MokoGitea" in all user-facing strings across
  28 language files (928 references)
- Preserved upstream feature names: "Gitea Actions", "Gitea API",
  "gitea.com", "Gitea instances"

Branding page:
- Changed from three-card layout to single-column stacked segments
- Each image type shown inline with preview, label, and upload form

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

feat: set Moko branding as built-in defaults, update PWA manifest ... 93dc58b106

- Replace built-in logo.png, favicon.png, logo-small.png with Moko
  Consulting branding images
- Remove SVG overrides so PNG takes priority
- Set apple-touch-icon.png to favicon for iOS home screen
- Update site manifest to include favicon.png as 256x256 PWA icon
  so installed apps show the square brand icon

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'feat: MokoGitea rebrand across all locales, default branding images, PWA icon' (#188) from feat/rebrand-locale-mokogitea into dev 7d475d6af2

jmiller added 2 commits 2026-05-26 03:36:50 +00:00

fix: generate per-file [filename].sha256 instead of single manifest ... 198ae92579

Each release attachment now gets its own .sha256 checksum file
(e.g. asset.zip.sha256) instead of a single checksums.sha256 manifest.
Old .sha256 files are cleaned up before regenerating.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'fix: per-file sha256 checksums' (#194) from fix/checksum-per-file into dev 65660863d6

jmiller added 2 commits 2026-05-26 03:47:52 +00:00

fix(ui): left-align all admin sidebar menu items ... f19fd9683f

Fomantic UI's vertical menu centers text by default. Added
text-align: left to .flex-container-nav menu items so all
admin sidebar entries align consistently.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'fix(ui): left-align admin sidebar menu items' (#196) from fix/admin-nav-alignment into dev 447a45ec15

jmiller added 2 commits 2026-05-26 03:57:45 +00:00

fix(ui): force left-align on admin sidebar menu via inline style ... f69212859a

The compiled CSS bundle doesn't pick up the flexcontainer.css change.
Use inline style with !important on the menu container to override
Fomantic UI's default center alignment.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'fix(ui): force left-align admin sidebar' (#198) from fix/admin-nav-left-align into dev 2dea95a431

jmiller added 2 commits 2026-05-26 04:30:20 +00:00

fix(ui): left-align admin sidebar — fix justify-content and text-align ... d541a07263

Changed details.toggleable-item summary from justify-content:
space-between to gap + margin-left: auto on the chevron. Added
.flex-container-nav .item rule to force left alignment on all
menu items including standalone links.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'fix(ui): admin sidebar left-align CSS' (#200) from fix/admin-nav-css into dev 09dc64eef0

jmiller added 2 commits 2026-05-26 04:39:06 +00:00

fix(ui): replace missing octicon-dashboard with octicon-meter ... b79b48b760

octicon-dashboard doesn't exist in Gitea's SVG set, causing the
icon to render as raw text. octicon-meter is the equivalent gauge icon.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'fix(ui): replace missing octicon-dashboard icon' (#202) from fix/missing-dashboard-icon into dev c236c4e018

jmiller added 2 commits 2026-05-26 04:52:10 +00:00

fix(ui): add help link to footer, show login logo on signin page ... e6a4dfccf0

- Help link added to footer right-links (next to API and Licenses)
- Login logo (login-logo.png) now shown on the signin page, not just
  the home page. Hidden via onerror when not uploaded.
- Landing page is set to 'login' so home.tmpl never renders — the
  logo needed to be on signin_inner.tmpl instead.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'fix: help link in footer, login logo on signin page' (#205) from fix/help-footer-login-logo into dev c7193abc0c

jmiller added 2 commits 2026-05-26 16:40:57 +00:00

feat: login notification via email and ntfy on successful sign-in ... 25268d7dd7

When a user signs in, sends notifications with username, IP address,
user agent, and timestamp. Notifications go through:
- Email to the user's registered address
- ntfy push to the configured topic

Enabled by default, configurable via app.ini:
  [login_notification]
  ENABLED = true

The notification fires asynchronously (goroutine) so it doesn't
block the login redirect. Hooks into handleSignInFull which is the
single choke point for all auth methods (password, 2FA, OAuth).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'feat: login notification via email and ntfy' (#209) from feat/login-notifications into dev bc475c91f6

jmiller added 2 commits 2026-05-26 17:55:50 +00:00

fix: http content file render (#37850) (#37856) ... 0f23219ee4

Backport #37850

Fix #37849

Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>

Merge pull request 'fix: http content file render (#207)' (#212) from fix/207-http-content-render into dev af1c6178ef

jmiller added 2 commits 2026-05-26 18:28:13 +00:00

feat: organization-level 2FA requirement for members (#208) ... 1032ae4268

Adds a Require2FA toggle to organization settings. When enabled,
org members without 2FA are redirected to the security settings
page with a warning flash message.

Changes:
- New Require2FA field on User model (migration v333)
- Org settings UI checkbox with shield-lock icon
- Check2FARequirement middleware on member-required org routes
- UpdateOptions extended with Require2FA field

Closes #208

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'feat: org-level 2FA requirement (#208)' (#214) from feat/208-org-2fa-requirement into dev 6bc0cb5bc8

jmiller added 2 commits 2026-05-26 18:28:23 +00:00

feat: smart wiki filenames — sanitize special characters to hyphens ... 1fb97eeeeb

New wiki page titles are now sanitized before creating the git file:
- Spaces and special characters replaced with hyphens
- Consecutive hyphens collapsed to single hyphen
- Leading/trailing hyphens trimmed

Examples:
- "My Page Name" -> "My-Page-Name"
- "API & Docs (v2)" -> "API-Docs-v2"
- "100% Complete!!" -> "100-Complete"

Only affects NEW pages. Existing wiki pages with legacy filenames
(spaces, URL encoding) continue to work — the read path is unchanged.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'feat: smart wiki filenames' (#215) from fix/wiki-smart-filenames into dev 9dc85cfc2d

jmiller added 2 commits 2026-05-26 18:39:29 +00:00

fix: remove unused net/http import in require2fa.go ... 0cc7297f23

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'fix: unused import in require2fa.go' (#216) from fix/require2fa-import into dev bf35e5510d

jmiller added 2 commits 2026-05-26 18:48:12 +00:00

fix: preserve + and . in wiki slugs, clean stray plus signs ... d609b8db8c

Allow C++, .NET, version numbers (2.0.1) in wiki filenames.
Clean up isolated plus signs that appear between hyphens.

Examples:
- C++ vs C# -> C++-vs-C.md
- .NET Guide -> .NET-Guide.md
- version 2.0.1 -> version-2.0.1-release.md

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'fix: preserve + and . in wiki slugs' (#218) from fix/wiki-slug-polish into dev 8ffdbff72a

jmiller added 1 commit 2026-05-26 19:35:43 +00:00

chore(ci): update auto-release.yml from moko-platform [skip ci] 5ffe68499d

jmiller added 1 commit 2026-05-26 19:35:57 +00:00

chore(ci): update pre-release.yml from moko-platform [skip ci] aa6c3fc4ed

jmiller added 1 commit 2026-05-26 19:56:50 +00:00

chore(ci): add update-server.yml universal workflow [skip ci] 01f6722ccc

jmiller added 2 commits 2026-05-26 22:05:00 +00:00

fix(actions): retry workflow insertion on database deadlock ... dd6fc4b69c

When multiple workflows are triggered by a single event (e.g. a
pull_request with several matching workflow files), each InsertRun
transaction acquires an X-lock on the repository row via
UpdateRepoRunsNumbers and an index lock on action_run. Two concurrent
transactions can deadlock when each holds one lock and waits for the
other. InnoDB kills the lighter transaction, but handleWorkflows only
logged the error and silently dropped the workflow run — making it
appear as though pull_request events were never fired.

This was the root cause of API-created PRs appearing to not trigger
Actions workflows: the notification pipeline was correct, but the DB
insert was lost to an unretried deadlock.

The fix wraps PrepareRunAndInsert in a retry loop (up to 3 attempts
with exponential backoff) that detects deadlock errors across MySQL,
PostgreSQL, and SQLite. On deadlock, the rolled-back run fields are
reset before the next attempt.

Also adds db.IsErrDeadlock() for cross-engine deadlock detection and
unit tests for the same.

Closes #220

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'fix(actions): retry workflow insertion on database deadlock' (#221) from fix/220-actions-deadlock-retry into dev ... e8ce4ae60b

fix(actions): retry workflow insertion on database deadlock (#221)

jmiller added 7 commits 2026-05-26 22:05:15 +00:00

fix(actions): wrong assumption that run id always >= job id (#37737) (#37742) ... 38beba655b

Backport #37737

Fix #37734

Follow up #37008

The `jobNum >= runNum` check is useless. Removed it to support `job_id <
run_id`

fix(auth): set User-Agent on avatar fetch and sync avatar on link-account register (#37564) (#37588) (#37726) ... 233144e33e

Backport #37588 by @pandareen

## Summary

Fixes
[go-gitea/gitea#37564](https://github.com/go-gitea/gitea/issues/37564):
when an OIDC provider returns a `picture` claim, Gitea is supposed to
download that image as the user's avatar (if `[oauth2_client]
UPDATE_AVATAR = true`). Two latent bugs prevented this from working
consistently:

1. **Default Go User-Agent rejected by some image hosts.**
`oauth2UpdateAvatarIfNeed` used `http.Get`, which sends `User-Agent:
Go-http-client/1.1`. Hosts like `upload.wikimedia.org` reject that UA
with `403`, and every error path silently returned, so the user was left
with an identicon and **no log line** to diagnose the issue.
2. **Link-account *register* path skipped avatar sync.** First-time OIDC
sign-ins where auto-registration is disabled (or required a
username/password retype) go through `LinkAccountPostRegister`, which
created the user but never called `oauth2SignInSync`. So the avatar /
full name / SSH keys from the IdP were dropped on the floor for those
users, even though the existing-account-link path (`oauth2LinkAccount`)
and the auto-register path (`handleOAuth2SignIn`) both already did the
sync.

## Changes

- `routers/web/auth/oauth.go` — `oauth2UpdateAvatarIfNeed` now uses
`http.NewRequest` + `http.DefaultClient.Do`, sets `User-Agent: Gitea
<version>`, and logs every failure path at `Warn` (invalid URL, fetch
error, non-200, body read error, oversize body, upload error). No silent
failures.
- `routers/web/auth/linkaccount.go` — `LinkAccountPostRegister` now
calls `oauth2SignInSync` after a successful user creation, mirroring the
auto-register and link-existing-account flows.
- `tests/integration/oauth_avatar_test.go` — new
`TestOAuth2AvatarFromPicture` integration test with five sub-cases:
- `AutoRegister_FetchesAvatarFromPictureWithGiteaUA` — happy path,
asserts `use_custom_avatar=true`, an avatar hash is set, exactly one
HTTP request was made, and the request carried a `Gitea ` UA. The mock
server enforces the UA prefix to mirror real-world hosts that reject
Go's default UA.
- `AutoRegister_NonOK_DoesNotUpdateAvatar` — server returns 403; user's
avatar must remain unset.
- `AutoRegister_EmptyPicture_NoFetch` — empty `picture` claim must not
trigger any HTTP request.
- `AutoRegister_UpdateAvatarFalse_NoFetch` — `UPDATE_AVATAR=false` must
not trigger any HTTP request.
- `LinkAccountRegister_FetchesAvatarFromPicture` — guards the
`linkaccount.go` fix; without the new `oauth2SignInSync` call this
assertion fails.

## Test plan

- [x] `go test -tags 'sqlite sqlite_unlock_notify' -run
'^TestOAuth2AvatarFromPicture$' ./tests/integration/ -v` — 5/5 sub-tests
pass.
- [x] Manual: log in as a Keycloak user with `picture` claim pointing at
`https://avatars.githubusercontent.com/u/9919?v=4` — Gitea avatar is
replaced with the GitHub picture.
- [x] Manual: same flow with `https://upload.wikimedia.org/...` —
request now succeeds (or returns a clearly logged `Warn` line if
rate-limited with `429`); previously it silently 403'd.
- [x] Manual: `UPDATE_AVATAR=false` — user keeps the identicon, no
outbound request in container logs.
- [ ] Reviewer: please double-check that no other call sites of
`oauth2UpdateAvatarIfNeed` rely on the old `http.Get` behaviour.

## Related

- Upstream issue: go-gitea/gitea#37564
--------------------------------------------


AI Editor was used in this PR

---------

Signed-off-by: silverwind <me@silverwind.io>
Co-authored-by: pandareen <7270563+pandareen@users.noreply.github.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Nicolas <bircni@icloud.com>

fix: make clone URL respect public URL detection setting (#37615) (#37617) ... 00d862f737

Backport #37615 by @wxiaoguang

Fix #37614

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

Fix basic auth bug (#37503) ... 6d9f0d9727

Backport for #37486

fix(git): Fix smart http request scope bug (#37583) (#37605) ... cc61032697

Backport #37583 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Nicolas <bircni@icloud.com>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: silverwind <me@silverwind.io>

chore(deps): bump go-git/go-git/v5 to 5.19.0 (security) ... 775766bc64

Addresses security fixes in the go-git library. Upstream backport of
go-gitea/gitea#37608.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'fix(security): backport upstream v1.26.2 security fixes' (#226) from fix/225-security-backports into dev ... 360d0b1b1f

fix(security): backport upstream v1.26.2 security fixes (#226)

jmiller added 1 commit 2026-05-26 22:12:25 +00:00

chore(ci): add auto-bump.yml from moko-platform [skip ci] 455f12e21b

jmiller added 1 commit 2026-05-26 22:13:36 +00:00

chore(ci): update pre-release.yml from moko-platform [skip ci] f15a0ed7e4

jmiller added 1 commit 2026-05-26 22:24:16 +00:00

chore(ci): update auto-release.yml from moko-platform [skip ci] 9957fe56ca

jmiller added 1 commit 2026-05-26 22:25:32 +00:00

chore(ci): update auto-bump.yml from moko-platform [skip ci] fce8389296

jmiller added 1 commit 2026-05-26 22:35:55 +00:00

chore(ci): update auto-release.yml from moko-platform [skip ci] e946d49bf3

jmiller added 1 commit 2026-05-26 22:37:18 +00:00

chore(ci): update pre-release.yml from moko-platform [skip ci] d0ca5eff28

jmiller added 1 commit 2026-05-26 22:48:48 +00:00

chore(ci): update auto-release.yml from moko-platform [skip ci] 7c014dc4da

jmiller added 1 commit 2026-05-26 22:50:00 +00:00

chore(ci): update auto-bump.yml from moko-platform [skip ci] a7e39fa992

jmiller added 1 commit 2026-05-26 22:51:12 +00:00

chore(ci): update pre-release.yml from moko-platform [skip ci] 6654d7605d

jmiller added 3 commits 2026-05-27 02:07:21 +00:00

feat(branding): replace hardcoded Gitea/MokoGitea with APP_NAME setting ... 1608b5c4b9

Add runtime ${APP_NAME} placeholder substitution in locale strings so
all user-facing text reflects the configured APP_NAME from app.ini.
Replace 52 hardcoded locale strings, template literals, HTTP auth
realm headers, and Swagger API titles/descriptions with the
configurable value.

Closes #1

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request #2 from mokoconsulting-tech/feat/appname-branding ... 38ed8eaeea

feat(branding): replace hardcoded Gitea/MokoGitea with APP_NAME setting

Merge remote-tracking branch 'origin/dev' into dev 9721728b45

jmiller added 1 commit 2026-05-27 02:11:49 +00:00

feat(ci): update version branch on every stable release ... 4624385501

Add Step 12 to auto-release pipeline that recreates the version branch
from main after each stable release. Also mirrors the version branch
to GitHub alongside main.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

jmiller added 1 commit 2026-05-28 19:31:22 +00:00

chore(workflows): sync universal workflows, rename secrets [skip bump] 4630327b02

jmiller added 1 commit 2026-05-28 19:36:49 +00:00

fix(workflows): GITHUB_TOKEN→GH_MIRROR_TOKEN (reserved name) [skip bump] 20fef17dac

jmiller added 1 commit 2026-05-28 19:47:40 +00:00

fix(workflows): rename remaining old secrets in repo-specific workflows [skip bump] 7959864835

jmiller added 1 commit 2026-05-28 20:02:56 +00:00

chore: sync .mokogitea/workflows/auto-release.yml from moko-platform [skip ci] 7786dee9d4

jmiller added 1 commit 2026-05-28 20:06:12 +00:00

chore: sync .mokogitea/workflows/update-server.yml from moko-platform [skip ci] 1f09979c19

jmiller added 1 commit 2026-05-28 20:09:26 +00:00

chore: sync .mokogitea/workflows/pre-release.yml from moko-platform [skip ci] c268970505

jmiller added 1 commit 2026-05-28 20:28:38 +00:00

chore: sync .mokogitea/workflows/auto-release.yml from moko-platform [skip ci] 700cc77d0b

jmiller added 1 commit 2026-05-28 20:46:32 +00:00

chore: sync .mokogitea/workflows/auto-release.yml from moko-platform [skip ci] 789d3c9aa8

jmiller added 1 commit 2026-05-28 20:51:24 +00:00

chore: sync .mokogitea/workflows/update-server.yml from moko-platform [skip ci] 1b0c86847d

jmiller added 1 commit 2026-05-29 10:32:21 +00:00

chore: sync .mokogitea/workflows/auto-bump.yml from moko-platform [skip ci] 6f38f89765

jmiller added 1 commit 2026-05-30 01:16:54 +00:00

chore: sync .mokogitea/workflows/auto-release.yml from moko-platform [skip ci] 0915b05b0f

jmiller added 1 commit 2026-05-30 15:02:01 +00:00

chore: sync .mokogitea/workflows/auto-bump.yml from moko-platform [skip ci] 69f1a77459

jmiller added 1 commit 2026-05-30 15:04:31 +00:00

chore: sync .mokogitea/workflows/auto-release.yml from moko-platform [skip ci] 33b2ae2d4d

jmiller added 2 commits 2026-05-30 15:48:13 +00:00

feat(actions): rebrand actions bot user and add branch protection whitelist ... d4824dc05b

Rebrand the built-in actions bot user from upstream Gitea naming to
MokoGitea branding:
- Name: gitea-actions → mokogitea-actions
- FullName: Gitea Actions → MokoGitea Actions
- Email: teabot@gitea.io → mokogitea-actions[bot]@mokoconsulting.tech

Add backward-compatible name recognition so all three bot name variants
(mokogitea-actions, gitea-actions, github-actions) with optional [bot]
suffix resolve to the same system user.

Add WhitelistActionsUser, MergeWhitelistActionsUser, and
ForcePushAllowlistActionsUser toggles to branch protection rules,
allowing CI/CD workflows to push to protected branches when explicitly
enabled. Previously the actions bot (virtual user ID -2) could never be
added to whitelist because updateUserWhitelist() only validates real
database users.

Closes #233

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Merge pull request 'feat(actions): rebrand actions bot user and add branch protection whitelist' (#234) from feat/actions-bot-rebrand-and-branch-protection into dev ... 524b38f494

feat(actions): rebrand actions bot user and add branch protection whitelist (#234)

jmiller merged commit 7aa930227e into main 2026-05-30 15:49:21 +00:00

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

breaking-change

Breaking API or behavior change

ci-cd

CI/CD pipeline changes

config

Configuration changes

dependencies

Dependency updates

deploy-failure

Deployment failed

docker

Docker/container changes

documentation

Documentation changes

good first issue

Good for newcomers

health-check

Repo health check result

help wanted

Extra attention needed

mokostandards

Related to MokoStandards framework

pending: testing

Feature implemented but not yet tested with documented proof

priority: critical

Must fix immediately

priority: high

Important, fix soon

priority: low

Nice to have

priority: medium

Normal priority

push-failure

Git push operation failed

security

Security vulnerability or hardening

size/l

200-500 lines changed

size/m

50-200 lines changed

size/s

10-50 lines changed

size/xl

500+ lines changed

size/xs

< 10 lines changed

standards-drift

Deviates from MokoStandards

standards-update

MokoStandards compliance update

status: blocked

Blocked by dependency or decision

status: in-progress

Actively being worked on

status: needs-review

Awaiting code review

status: on-hold

Paused intentionally

status: wontfix

Will not be addressed

sync-failure

Sync or mirror failed

tech-debt

Technical debt and TODO/FIXME items

type: bug

Something isn't working

type: bug

type: chore

Maintenance, dependencies, cleanup

type: enhancement

Improvement to existing feature

type: feature

New functionality

type: refactor

Code restructuring without behavior change

type: version

Version bump or release

upstream

upstream

Inherited from upstream Gitea

work-in-progress

Draft or incomplete work

bug

Something is not working

chore

Maintenance and housekeeping

documentation

Documentation improvements

enhancement

Improvement to existing functionality

feature

New feature or request

pending: dependency

Blocked by another issue or external dependency

pending: deployment

Tested and approved, awaiting deployment to production

pending: design

Needs UI/UX or architecture design before implementation

pending: documentation

Feature works, needs documentation/wiki update

pending: feedback

Awaiting feedback or decision from stakeholder

pending: review

Implementation complete, awaiting code review

pending: testing

Feature implemented but not yet tested

priority: critical

Must fix immediately

priority: high

Should fix soon

priority: low

Nice to have

priority: medium

Fix when convenient

refactor

Code restructuring without behavior change

roadmap

Planned feature or enhancement tracked on the roadmap

scope: client

Client-specific work

scope: dolibarr

Dolibarr modules and customizations

scope: infrastructure

Server, CI, backups, monitoring

scope: joomla

Joomla templates and extensions

scope: waas

MokoWaaS platform

security

Security vulnerability or hardening

status: blocked

Waiting on external dependency

status: duplicate

Duplicate of another issue

status: in-progress

Being worked on

status: needs-review

Ready for review

status: wontfix

Will not be addressed

No labels

Milestone

No items

No Milestone

Assignees

Clear assignees

jmiller (Jonathan Miller) moko-deploy (Moko Deploy Bot)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: MokoConsulting/MokoGitea#104