Updated GO_VERSION from 1.23 to 1.25 in both build.yml and pr-checks.yml.
Reverted Makefile lint targets to use default settings since Go 1.25
supports GOEXPERIMENT=jsonv2.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The jsonv2 experiment may not be available in all Go versions.
Unset GOEXPERIMENT along with GOTOOLCHAIN=local for the linter.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Forces golangci-lint to use the locally installed Go version instead
of downloading Go 1.24.x, which avoids GOEXPERIMENT compatibility issues.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
golangci-lint v2.7.2 downloads Go 1.24.x which doesn't support
GOEXPERIMENT=jsonv2 (only Go 1.25+ does). Unset GOEXPERIMENT
when running the linter to avoid this incompatibility.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace encoding/json with modules/json (depguard)
- Add error handling for json.Unmarshal and WriteItem calls (errcheck)
- Use slices.Contains instead of manual loops (modernize)
- Use any instead of interface{} (modernize)
- Use min/max built-in functions (modernize)
- Use strings.FieldsSeq and strings.SplitSeq (modernize)
- Use range over int for loops (modernize)
- Use http.MethodOptions constant (usestdlibvars)
- Use tagged switch statements (staticcheck)
- Use += and /= operators (gocritic)
- Fix gofumpt formatting issues
- Remove unused streamLargeFile function
- Remove unused primaryLang parameter
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix wiki_index.go: use WebPathToGitPath/GitPathToWebPath instead of undefined functions
- Fix wiki_index.go: use gitrepo.OpenRepository pattern instead of repo.WikiPath()
- Fix wiki.go: use markdown.Render instead of undefined RenderWiki
- Fix wiki.go: use charset.ToUTF8WithFallbackReader instead of undefined ToUTF8Reader
- Fix wiki.go: use gitrepo.CommitsCount instead of undefined wikiRepo.CommitsCount
- Fix wiki.go: handle WebPathToUserTitle returning two values
- Fix gofmt formatting issues in v2 API files
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Includes:
- Docker and local test environment setup
- Automated test examples
- Manual testing checklists for all new features
- Regression testing for critical paths
- Load testing guidance
- Database migration verification
- Staging deployment process
- Rollback plan
- Quick smoke test script
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- build.yml: Full build pipeline with multi-platform binaries
- Lint and test job
- Build for Linux, macOS, Windows (amd64/arm64)
- Docker image build
- Automatic release creation on tags
- pr-checks.yml: Quick checks for pull requests
- Go formatting and vet checks
- Unit tests with coverage
- Frontend TypeScript and ESLint checks
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Phase 3: Organization Public Profile Page
- Pinned repositories with groups
- Public members display with roles
- API endpoints for pinned repos and groups
Phase 4: Gitea Pages Foundation
- Landing page templates (simple, docs, product, portfolio)
- Custom domain support with verification
- YAML configuration parser (.gitea/landing.yaml)
- Repository settings UI for pages
Phase 5: Enhanced Wiki System with V2 API
- Full CRUD operations via v2 API
- Full-text search with WikiIndex table
- Link graph visualization
- Wiki health metrics (orphaned, dead links, outdated)
- Designed for external AI plugin integration
- Developer guide for .NET integration
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Both SDKs provide:
- Full API client for users, repositories, and releases
- Chunked upload with parallel workers
- Progress tracking with speed/ETA
- SHA256 checksum verification
- Comprehensive exception handling
C# SDK (.NET 8.0):
- Modern record types for models
- Async/await pattern throughout
- System.Text.Json serialization
Java SDK (Java 17):
- Standard Maven project
- Jackson for JSON
- HttpClient for HTTP
- ExecutorService for parallel uploads
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This introduces a new v2 API at /api/v2/ with features designed for
AI agents and automation tools while maintaining full backward
compatibility with the existing v1 API.
New features:
- Structured error codes (70+ machine-readable codes) for precise
error handling by automated tools
- Scalar API documentation at /api/v2/docs (modern replacement for
Swagger UI)
- Batch operations for bulk file and repository fetching
- NDJSON streaming endpoints for files, commits, and issues
- AI context endpoints providing rich repository summaries,
navigation hints, and issue context
Files added:
- modules/errors/codes.go - Error code definitions and catalog
- modules/errors/api_error.go - Rich API error response builder
- routers/api/v2/api.go - v2 router with auth middleware
- routers/api/v2/docs.go - Scalar docs and OpenAPI spec
- routers/api/v2/batch.go - Batch file/repo operations
- routers/api/v2/streaming.go - NDJSON streaming endpoints
- routers/api/v2/ai_context.go - AI context endpoints
- routers/api/v2/misc.go - Version and user endpoints
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add X-Request-ID header middleware for request tracing
- Extracts from incoming headers or generates short UUID
- Included in all error responses for debugging
- Add rate limit headers (X-RateLimit-Limit/Remaining/Reset)
- Currently informational, configurable via API.RateLimitPerHour
- Prepared for future enforcement
- Add chunk checksum verification for uploads
- Optional X-Chunk-Checksum header with SHA-256 hash
- Verifies data integrity during chunked uploads
- Standardize error responses with RFC 7807 Problem Details
- Added type, title, status, detail, instance fields
- Maintains backward compatibility with legacy fields
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add two specification documents for planned Gitea enhancements:
- enhancements.md: Organization public profile pages and Gitea Pages
(repository landing pages with custom domains)
- ai_enhancements.md: AI and developer experience improvements
including structured API errors, Scalar API docs, batch operations,
AI-powered wiki generation, and SDK tooling
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Comprehensive documentation for the new chunked upload feature including:
- API endpoint reference with parameters and responses
- Usage examples in bash/curl and Python
- Resumable upload examples
- Parallel upload example
- Configuration options and best practices
Implement resumable chunked uploads to improve reliability for large file
uploads that may fail due to network issues or timeouts.
New API endpoints:
- POST /repos/{owner}/{repo}/releases/{id}/assets/upload-session
- PUT /repos/{owner}/{repo}/uploads/{session_id}/chunks/{chunk_number}
- GET /repos/{owner}/{repo}/uploads/{session_id}
- POST /repos/{owner}/{repo}/uploads/{session_id}/complete
- DELETE /repos/{owner}/{repo}/uploads/{session_id}
Features:
- Resumable uploads with session status tracking
- Out-of-order chunk uploads supported
- Configurable chunk size (default 10MB, max 100MB)
- Automatic cleanup of expired sessions (24h expiry, hourly cleanup)
- Progress tracking with bytes/chunks received counts
Files added:
- models/repo/upload_session.go - Session model and DB operations
- services/attachment/chunked.go - Chunk storage and assembly logic
- routers/api/v1/repo/upload.go - API endpoint handlers
- models/migrations/v1_26/v325.go - Database migration
- The compare page head title should be `compare` but not `new pull
request`.
- Use `UnstableGuessRefByShortName` instead of duplicated functions
calls.
- Direct-compare, tags, commits compare will not display `New Pull
Request` button any more.
The new screenshot
<img width="1459" height="391" alt="image"
src="https://github.com/user-attachments/assets/64e9b070-9c0b-41d1-b4b8-233b96270e1b"
/>
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Make Debian repository signing key generation use explicit stronger defaults
and embed the creation time in the OpenPGP comment for newly created keys.
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
- Use `gitrepo.IsRepositoryExist` instead of `util.IsExit` or
`util.IsDir`
- Use `gitrepo.OpenRepository` instead of `git.OpenRepository`
- Use `gitrepo.DeleteRepository` instead of `util.RemoveAll`
- Use `gitrepo.RenameRepository` instead of `util.Rename`
as part of [Remove fomantic form
module](eddf875992 (diff-c34b74004deb63fb4f8a8549ef9d822b9839db0b69ae2c0cdacc05ce3d5d5682))
radio buttons get caught in crossfire and recieve `width: 100%` this is
particularly noticeable on the `user/settings/applications` page which
has many radio buttons.
This continues using an opt out `input:not([type="checkbox"],
[type="radio"])` to prevent this.
Signed-off-by: alphazeba <33792307+alphazeba@users.noreply.github.com>
## Summary
This PR adds support for closing keywords (`closes`, `fixes`, `reopens`,
etc.) with full URL references in markdown links.
**Before:**
- `closes #123` ✅ works
- `closes org/repo#123` ✅ works
- `Closes [this issue](https://gitea.io/user/repo/issues/123)` ❌ didn't
work
- `Fixes [#456](https://gitea.io/org/project/issues/456)` ❌ didn't work
**After:**
All of the above now work correctly.
## Problem
When users reference issues using full URLs in markdown links (e.g.,
`Closes [this issue](https://gitea.io/user/repo/issues/123)`), the
closing keywords were not detected. This was because the URL processing
code explicitly stated:
```go
// Note: closing/reopening keywords not supported with URLs
```
Both methods of writing the reference render the same in the UI, so
users expected the closing keywords to behave the same.
## Solution
The fix works by:
1. Passing the original (unstripped) content to
`findAllIssueReferencesBytes`
2. When processing URL links from markdown, finding the URL position in
the original content
3. For markdown links `[text](url)`, finding the opening bracket `[`
position
4. Using that position to detect closing keywords before the link
## Testing
Added test cases for:
- `Closes [this issue](url)` - single URL with closing keyword
- `This fixes [#456](url)` - keyword in middle of text
- `Reopens [PR](url)` - reopen keyword with pull request URL
- Multiple URLs where only one has a closing keyword
All existing tests continue to pass.
Fixes#27549
This pull request adds an option to automatically verify SSH keys from
LDAP authentication sources.
This allows a correct authentication and verification workflow for
LDAP-enabled organizations; under normal circumstances SSH keys in LDAP
are not managed by users manually.
Use the dynamically parsed host in the request for LFS links, but not
use the hard-coded AppURL.
Make LFS server support multi-domain or run Gitea behind a reverse-proxy
with different ROOT_URL.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Crowdin does not remove empty lines in nested JSON translation files.
Therefore, we use flattened translation keys instead. We have also
updated the key-loading logic to ensure that empty values are not
applied during translation.
---------
Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
- Replace fomantic form CSS with custom module
- Moved code in `form.css` to `modules/form.css`, removed around 70% of
the previous module.
- Moved captcha styles previously in `form.css` to its own file.
There is probably more unused CSS, like form error state colors which to
my knowledge is not used anywhere, but I'm not sure about that one so I
kept it.
One notable change is the removal of `type` combinator here, which
lowers the selector specificity and I noticed one issue where selector
`.ui.search > .prompt` was winning, so I added a workaround for that
until the `search` module can be removed as well.
```css
.ui.form .fields.error .field input:not([type])
.ui.form .fields.error .field input[type="date"]
```
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
Fixes: https://github.com/go-gitea/gitea/issues/36216
Now `detectWebAuthnSupport` returns the error type and lets the caller
decide whether they call `webAuthnError` and show the error. It no
longer shows the error during page load when the user has not even
interacted with the feature.
The bug affects all users on HTTP, so I think a quick fix release for
this might be good.
## Summary
This PR refactors the `SearchIssues` function in
`routers/api/v1/repo/issue.go` by extracting common logic into reusable
helper functions:
- `parseIssueIsClosed()`: Parses the "state" query parameter and returns
the corresponding `isClosed` option
- `parseIssueIsPull()`: Parses the "type" query parameter and returns
the corresponding `isPull` option
- `buildSearchIssuesRepoIDs()`: Builds the list of repository IDs for
issue search based on query parameters
### Benefits:
- Improved code readability
- Smaller, more focused functions
- Easier to test individual components
- Potential for reuse in other handlers
### Changes:
- Extracted 3 helper functions from the ~292 line `SearchIssues`
function
- No functional changes - behavior remains the same
- Proper error handling preserved
## Test plan
- [ ] Verify existing API tests pass
- [ ] Manual testing of `/repos/issues/search` endpoint
Ref: #35015
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Currently, when editing or deleting a file and the edit/commit form has
changes, navigating the file tree will discard all changes without any
warning. This PR prevents partial reloading when the edit form has
unsaved changes, which will trigger a browser native warning dialog.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Add additional logic with tests to restore the
previous behaviour when writing the principals file.
Fixes: #36212
---------
Signed-off-by: Peter Verraedt <peter.verraedt@kuleuven.be>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
