- Fix lint errors in AI learning MCP tools (interface{} -> any, append pattern)
- Update OAuth realm names from Gitea to GitCaddy
- Update User-Agent strings to GitCaddy
- Update default git user.name, mailer X-Mailer header
- Update API docs descriptions
- Update template comments and swagger descriptions
- Keep Gitea attribution in footer and as OAuth provider option
🤖 Generated with Claude Code
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add full UI-based landing page configuration (Brand, Hero, Content, Social, Pricing, Footer, Theme)
- Replace old templates with new designs: open-source-hero, minimalist-docs, saas-conversion, bold-marketing
- Add pricing section support to all landing page templates
- Add social links with icons to footer across all templates
- Fix footer copyright to use configured value from settings
- Add copyright symbol button in Footer & CTA settings
- Fix ThemeStruct missing HideExploreUsers and HelpURL fields
- Replace Gitea logo with GitCaddy icon in navbar, favicon, and assets
- Add testimonials array with random selection to templates
🤖 Generated with Claude Code (https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Rebrand:
- Binary renamed to gitcaddy-server
- Default AppName: GitCaddy
- New favicon and homepage logo
- Updated licenses.txt with MarketAlly copyright
- Footer: Powered by GitCaddy Server (Based on Gitea)
Homepage:
- Title: GitCaddy
- Tagline: Steeped in your workflow
- AI-Native Platform, Deploy Anywhere, Lightning Fast, Open Source
New Features:
- Explore Organizations tile cards display option
- Pinned repos show DisplayTitle if set
Fixes:
- Pages renamed to Landing Page in settings
Environment Variables (backward compatible):
- GITCADDY__ prefix (GITEA__ still supported)
- GITCADDY_WORK_DIR, GITCADDY_CUSTOM
Major rebrand from Gitea to GitCaddy Server:
Binary & Package:
- Rename binary from gitea to gitcaddy-server
- Update Makefile EXECUTABLE variable
- Update Docker image name to gitcaddy/gitcaddy-server
- Update release artifact names
Environment Variables (backward compatible):
- Add GITCADDY__ prefix for config env vars
- Add GITCADDY_WORK_DIR and GITCADDY_CUSTOM
- Keep GITEA__ and GITEA_* as fallback for compatibility
UI Branding:
- Update footer to Powered by GitCaddy Server
- Add Based on Gitea attribution in footer
- Update Swagger API title and description
- Update webhook placeholders
Code References:
- Update cmd/main.go app name, usage, description
- Update error messages in setting.go
- Add based_on locale key
This rebrand maintains full backward compatibility with existing
Gitea installations while establishing GitCaddy Server identity.
- Add repository display title field shown in header and explore listings
- Add license settings page with predefined license types
- Auto-create LICENSE.md when license type is selected
- Show license in repo sidebar with link to LICENSE.md
- Add API header link option in theme settings
- Default explore/organizations sort to alphabetical
- Show org DisplayName only in /explore/organizations
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add customizable homepage title and tagline via admin theme settings
- Add ability for site admins to pin organizations to homepage
- Add pinned organization display format option (condensed/regular)
- Hide promotional text when pinned organizations are displayed
- Add database migration for is_homepage_pinned column
- Add custom site icon support for favicon and navbar
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- New files: Copyright 2026 MarketAlly
- Modified files: Copyright YYYY The Gitea Authors and MarketAlly
🤖 Generated with Claude Code
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add X-Request-ID header middleware for request tracing
- Extracts from incoming headers or generates short UUID
- Included in all error responses for debugging
- Add rate limit headers (X-RateLimit-Limit/Remaining/Reset)
- Currently informational, configurable via API.RateLimitPerHour
- Prepared for future enforcement
- Add chunk checksum verification for uploads
- Optional X-Chunk-Checksum header with SHA-256 hash
- Verifies data integrity during chunked uploads
- Standardize error responses with RFC 7807 Problem Details
- Added type, title, status, detail, instance fields
- Maintains backward compatibility with legacy fields
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update and autofix most issues
- Corrected variable names to `cutOk`
- Impossible condition in `services/migrations/onedev_test.go` removed
- `modules/setting/config_env.go:128:3` looks like a false-positive,
added nolint
Fix#31113
After #22385 introduced LFS GC, it never worked due to a bug in the INI
library: fields in structs embedded more than one level deep are not
populated from the INI file.
This PR fixes the issue by replacing the multi-level embedded struct
with a single-level struct for parsing the cron.gc_lfs configuration.
Added a new test for retrieving cron settings to demonstrate the bug in
the INI package.
* Signed SSH commits can look in the UI like on GitHub, just like gpg keys today in Gitea
* SSH format can be added in gitea config
* SSH Signing worked before with DEFAULT_TRUST_MODEL=committer
`TRUSTED_SSH_KEYS` can be a list of additional ssh public key contents
to trust for every user of this instance
Closes#34329
Related #31392
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fix#880
Design:
1. A global setting `security.TWO_FACTOR_AUTH`.
* To support org-level config, we need to introduce a better "owner
setting" system first (in the future)
2. A user without 2FA can login and may explore, but can NOT read or
write to any repositories via API/web.
3. Keep things as simple as possible.
* This option only aggressively suggest users to enable their 2FA at the
moment, it does NOT guarantee that users must have 2FA before all other
operations, it should be good enough for real world use cases.
* Some details and tests could be improved in the future since this
change only adds a check and seems won't affect too much.
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
`[repository.pull-request] DELAY_CHECK_FOR_INACTIVE_DAYS` is a new
setting to delay the mergeable check for pull requests that have been
inactive for the specified number of days.
This avoids potentially long delays for big repositories with many pull
requests. and reduces system load overall when there are many
repositories or pull requests.
When viewing the PR, checking will start immediately and the PR merge
box will automatically reload when complete. Accessing the PR through
the API will also start checking immediately.
The default value of `7` provides a balance between system load, and
keeping behavior similar to what it was before both for users and API
access. With `0` all conflict checking will be delayed, while `-1`
always checks immediately to restore the previous behavior.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Adds an API POST endpoint under `/repos/{owner}/{repo}/file-contents`
which receives a list of paths and returns a list of the contents of
these files.
This API endpoint will be helpful for applications like headless CMS
(reference: https://github.com/sveltia/sveltia-cms/issues/198) which
need to retrieve a large number of files by reducing the amount of
needed API calls.
Close#33495
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This adds a middleware for overload protection that is intended to help protect against malicious scrapers.
It does this via [`codel`](https://github.com/bohde/codel), which will perform the following:
1. Limit the number of in-flight requests to some user-defined max
2. When in-flight requests have reached their begin queuing requests.
Logged-in requests having priority above logged-out requests
3. Once a request has been queued for too long,
it has a probabilistic chance to be rejected based on how overloaded the entire system is.
When a server experiences more traffic than it can handle,
this keeps latency low for logged-in users and rejects just
enough requests from logged-out users to not overload the service.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
