Skip to content

feat: add Forgejo and Gitea SDK client skeletons#267

Merged
mariusvniekerk merged 13 commits intomainfrom
forgejo-gitea-sdk-skeletons
May 7, 2026
Merged

feat: add Forgejo and Gitea SDK client skeletons#267
mariusvniekerk merged 13 commits intomainfrom
forgejo-gitea-sdk-skeletons

Conversation

@mariusvniekerk
Copy link
Copy Markdown
Collaborator

@mariusvniekerk mariusvniekerk commented May 7, 2026

Introduces separate SDK-backed Forgejo and Gitea clients with host-scoped auth and rate-tracking hooks before shared read behavior is added.

@mariusvniekerk
Copy link
Copy Markdown
Collaborator Author

mariusvniekerk commented May 7, 2026
edited
Loading

This change is part of the following stack:

Change managed by git-spice.

@roborev-ci
Copy link
Copy Markdown

roborev-ci Bot commented May 7, 2026

roborev: Combined Review (f1afe5a)

High-level verdict: one blocking reliability issue remains around unbounded Gitea/Forgejo SDK HTTP calls.

High

  • internal/platform/forgejo/client.go:70, internal/platform/gitea/client.go:67
    • opts.foregroundTimeout is stored but never applied to the SDK HTTP client. The default http.Client has no timeout, and SDK calls such as version probing and repository lookups can hang indefinitely if the network stalls or the server stops responding.
    • Fix: configure an *http.Client with Timeout: opts.foregroundTimeout and pass it to the SDK via SetHTTPClient, preserving the rateTrackingTransport wrapper when rate tracking is enabled.

Medium

  • internal/platform/gitea/client.go:114, internal/platform/forgejo/client.go:116
    • getRepositoryRaw accepts a context.Context, but cancellation is only checked before starting the SDK call. Once GetRepo is in flight, context cancellation or deadlines will not abort the HTTP request.
    • Fix: use a context-aware SDK request path if available, or ensure SDK requests are bound to a configured HTTP timeout/client so sync and foreground operations cannot block indefinitely.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

This was referenced May 7, 2026
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
@mariusvniekerk mariusvniekerk force-pushed the forgejo-gitea-sdk-skeletons branch from f1afe5a to afbb625 Compare May 7, 2026 12:45
@roborev-ci
Copy link
Copy Markdown

roborev-ci Bot commented May 7, 2026

roborev: Combined Review (afbb625)

No Medium-or-higher findings were reported across the reviews.

All agents agree the diff is clean for reportable issues.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@mariusvniekerk mariusvniekerk mentioned this pull request May 7, 2026
Merged
@mariusvniekerk
docs: plan Forgejo provider implementation
6ed3aaf 
Researches Forgejo API compatibility, token scopes, Go SDK options, and local fixture needs for adding Forgejo as the third Middleman provider after GitHub and GitLab.
@mariusvniekerk
docs: include Gitea in provider plan
4bfb3ab 
Expands the Forgejo provider plan to add Gitea as a sibling provider, pin separate SDKs for each, and call out Forgejo-specific Actions behavior instead of treating both APIs as identical.
@mariusvniekerk
docs: share Forgejo and Gitea provider core
a5cc8ce 
Reworks the provider plan so Forgejo and Gitea use a shared gitea-like implementation for common provider behavior, keeping the concrete provider packages focused on SDK adaptation and true API divergence such as Forgejo Actions.
@mariusvniekerk
docs: align Forgejo plan with GitHub provider features
149e0a8 
Adds a GitHub capability parity target for Forgejo and Gitea, including read features, mutations, workflow approval, ready-for-review gaps, and tests that keep capability flags honest.
@mariusvniekerk
docs: resolve Forgejo provider design review
657a9a8 
Clarifies the read-only MVP boundary, moves GitHub-parity mutations to post-MVP work, fixes SDK base URL guidance, adds required UI e2e coverage, and documents config regression and insufficient-scope error tests.
@mariusvniekerk
chore: close remaining Forgejo provider reviews
76ddf9e 
Records that the remaining roborev jobs for earlier Forgejo and Gitea provider-plan commits were resolved by the existing follow-up spec fixes and closed.
@mariusvniekerk
docs: require host-scoped forge tokens
1a8d443 
Clarifies that Forgejo and Gitea token resolution is keyed by provider and host, with public-host defaults plus explicit platform token envs for federated and self-hosted instances.
@mariusvniekerk
docs: add Forgejo provider kata graph
d62e56b 
Records the kata epic and implementation task graph for the Forgejo and Gitea provider work, including MVP sequencing and post-MVP parity tasks.
@mariusvniekerk mariusvniekerk force-pushed the forgejo-gitea-provider-config branch from aa08bfb to 5487890 Compare May 7, 2026 20:12
@mariusvniekerk mariusvniekerk force-pushed the forgejo-gitea-sdk-skeletons branch from afbb625 to a2d4236 Compare May 7, 2026 20:12
@roborev-ci
Copy link
Copy Markdown

roborev-ci Bot commented May 7, 2026

roborev: Combined Review (a2d4236)

Context cancellation is not fully propagated through new Gitea/Forgejo repository fetches.

Medium

  • internal/platform/gitea/client.go:104, internal/platform/forgejo/client.go:107
    getRepositoryRaw accepts a context.Context, but only checks it before starting the SDK request. If the context is canceled while the HTTP call is in flight, the request can continue until the client timeout expires, delaying sync shutdown or cancellation by up to 20 seconds per request.

    Use a context-aware SDK request path if available, or thread the context into the HTTP request/transport so cancellation aborts the in-flight request.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@mariusvniekerk
fix: avoid Playwright container pulls in CI
bb46292 
The Playwright image pull happens before CI job steps can run, so our retry wrapper cannot help when MCR blocks or flakes. Revert the e2e jobs to install the requested browser on the hosted runner instead of running inside the Playwright container.
@mariusvniekerk mariusvniekerk force-pushed the forgejo-gitea-provider-config branch from 5487890 to 0f40d24 Compare May 7, 2026 20:50
@mariusvniekerk mariusvniekerk force-pushed the forgejo-gitea-sdk-skeletons branch from a2d4236 to 36dc8ee Compare May 7, 2026 20:50
@roborev-ci
Copy link
Copy Markdown

roborev-ci Bot commented May 7, 2026

roborev: Combined Review (36dc8ee)

Medium concern: Forgejo/Gitea repository lookups may ignore caller cancellation during SDK requests.

Medium

  • internal/platform/gitea/client.go:115, internal/platform/forgejo/client.go:118
    • getRepositoryRaw accepts a context.Context, but only checks it before calling the SDK. Once GetRepo starts, caller cancellation or a shorter deadline may be ignored until the fixed http.Client.Timeout expires, which can make shutdowns or foreground operations hang longer than requested.
    • Fix by ensuring SDK requests use the caller context, or by wrapping the HTTP client/transport so the per-call context is applied to outbound requests. Add a test that cancels the context while the server is still handling the request.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@roborev-ci
Copy link
Copy Markdown

roborev-ci Bot commented May 7, 2026

roborev: Combined Review (6a59cce)

No Medium, High, or Critical issues found.

All available review outputs are clean or contain no reportable findings.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@mariusvniekerk
feat: add Forgejo and Gitea SDK client skeletons
bd595ba 
Introduces separate SDK-backed Forgejo and Gitea clients with host-scoped auth and rate-tracking hooks before shared read behavior is added.
@mariusvniekerk
fix: bound Forgejo and Gitea SDK requests
6e45f09 
Apply the configured foreground timeout to the SDK HTTP clients for Forgejo and Gitea, preserving rate tracking when present. This prevents stalled provider calls from hanging indefinitely.
@mariusvniekerk
fix: cancel gitealike repository SDK requests
60e788d 
Gitea and Forgejo SDK clients use a client-level default context when constructing HTTP requests. Wrap repository SDK calls with the caller context so canceled sync or shutdown contexts abort an in-flight lookup instead of waiting for the foreground timeout.
@mariusvniekerk mariusvniekerk changed the base branch from forgejo-gitea-provider-config to forgejo-provider-impl May 7, 2026 22:11
@mariusvniekerk mariusvniekerk force-pushed the forgejo-gitea-sdk-skeletons branch from 6a59cce to 60e788d Compare May 7, 2026 22:11
@roborev-ci
Copy link
Copy Markdown

roborev-ci Bot commented May 7, 2026

roborev: Combined Review (60e788d)

Medium: withRequestContext can block canceled requests behind an in-flight SDK request.

Medium

  • internal/platform/gitea/client.go:119, internal/platform/forgejo/client.go:122
    • withRequestContext checks ctx.Done() before acquiring requestContextMu, but requestContextMu.Lock() is not cancelable.
    • Because the lock is held across the SDK request, a canceled request waiting behind another in-flight request can remain blocked until that unrelated request completes or times out.
    • Replace the mutex with a context-aware lock, such as a size-1 buffered channel or semaphore acquired with select on ctx.Done(). Add a test that cancels while waiting behind an in-flight request.

Security review found no exploitable issue.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@mariusvniekerk
fix: let gitealike SDK context waits cancel
6b3cc25 
Replace the Forgejo and Gitea SDK request mutex with a cancelable one-slot lock so callers do not block behind unrelated in-flight requests after their context is canceled.

Move shared Forgejo/Gitea platform metadata down with the SDK skeletons so later config support can build on registered platform kinds.
@roborev-ci
Copy link
Copy Markdown

roborev-ci Bot commented May 7, 2026

roborev: Combined Review (6b3cc25)

No Medium, High, or Critical issues found.

All reviewers reported no actionable findings.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

Base automatically changed from forgejo-provider-impl to main May 7, 2026 23:18
@mariusvniekerk mariusvniekerk merged commit 199c407 into main May 7, 2026
9 of 17 checks passed
@mariusvniekerk mariusvniekerk deleted the forgejo-gitea-sdk-skeletons branch May 7, 2026 23:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

Forgejo + Gitea

Development

Successfully merging this pull request may close these issues.

1 participant

@mariusvniekerk