Skip to content

feat: share Forgejo and Gitea provider core#268

Merged
mariusvniekerk merged 6 commits intomainfrom
gitealike-provider-core
May 8, 2026
Merged

feat: share Forgejo and Gitea provider core#268
mariusvniekerk merged 6 commits intomainfrom
gitealike-provider-core

Conversation

@mariusvniekerk
Copy link
Copy Markdown
Collaborator

@mariusvniekerk mariusvniekerk commented May 7, 2026

Adds a shared gitea-like provider core for SDK-free normalization, pagination, read capabilities, and typed transport error mapping before SDK converters wire into it.

@mariusvniekerk
Copy link
Copy Markdown
Collaborator Author

mariusvniekerk commented May 7, 2026
edited
Loading

This change is part of the following stack:

Change managed by git-spice.

@roborev-ci
Copy link
Copy Markdown

roborev-ci Bot commented May 7, 2026

roborev: Combined Review (84ab5d3)

Medium issue found: Gitea-like PR normalization currently misclassifies locked PRs as drafts.

Medium

  • internal/platform/gitealike/normalize.go:65
    NormalizePullRequest maps PullRequestDTO.IsLocked into platform.MergeRequest.IsDraft. Locked PRs are not drafts, so the dashboard can show locked PRs as drafts and expose draft-only actions while real drafts are not represented.
    Fix: Add or use a dedicated draft field from the transport DTO, or leave IsDraft false when draft state is unavailable; do not derive it from IsLocked.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

This was referenced May 7, 2026
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
@mariusvniekerk mariusvniekerk force-pushed the forgejo-gitea-sdk-skeletons branch from f1afe5a to afbb625 Compare May 7, 2026 12:45
@mariusvniekerk mariusvniekerk force-pushed the gitealike-provider-core branch from 84ab5d3 to 35d7f58 Compare May 7, 2026 12:45
@roborev-ci
Copy link
Copy Markdown

roborev-ci Bot commented May 7, 2026

roborev: Combined Review (35d7f58)

No Medium, High, or Critical findings were reported.

All review agents found the code clean for reportable issues.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@mariusvniekerk mariusvniekerk mentioned this pull request May 7, 2026
Merged
@roborev-ci
Copy link
Copy Markdown

roborev-ci Bot commented May 7, 2026

roborev: Combined Review (ed1755a)

No Medium, High, or Critical issues found.

All review agents reported no actionable findings at or above Medium severity.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@mariusvniekerk mariusvniekerk force-pushed the forgejo-gitea-sdk-skeletons branch from afbb625 to a2d4236 Compare May 7, 2026 20:12
@mariusvniekerk mariusvniekerk force-pushed the gitealike-provider-core branch from ed1755a to c4e4cda Compare May 7, 2026 20:13
@roborev-ci
Copy link
Copy Markdown

roborev-ci Bot commented May 7, 2026

roborev: Combined Review (c4e4cda)

High-risk test gap: locked PR state lacks end-to-end coverage across sync, SQLite persistence, and API response.

High

  • internal/platform/persist.go:40
    Locked pull request state now flows through provider normalization, persistence, and the API schema, but there is no end-to-end/API + SQLite coverage proving a locked Forgejo/Gitea PR is synced, persisted, and returned as IsLocked: true without being treated as draft.

    Fix: Add a full-stack test using a real SQLite DB and HTTP API path that syncs or seeds a locked PR, then asserts IsDraft == false and IsLocked == true in the API response.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@mariusvniekerk mariusvniekerk force-pushed the forgejo-gitea-sdk-skeletons branch from a2d4236 to 36dc8ee Compare May 7, 2026 20:50
@mariusvniekerk mariusvniekerk force-pushed the gitealike-provider-core branch from c4e4cda to 4e8dddc Compare May 7, 2026 20:50
@roborev-ci
Copy link
Copy Markdown

roborev-ci Bot commented May 7, 2026

roborev: Combined Review (4e8dddc)

High concern: the PR lacks full-stack coverage for the locked PR state change.

High

  • Location: internal/db/queries.go:1444, tests/e2e/
  • Problem: The change persists and exposes IsLocked and fixes the Forgejo/Gitea locked-vs-draft behavior, but coverage is limited to unit tests. There is no e2e/API+SQLite test proving a locked Forgejo/Gitea PR syncs through persistence and is returned as IsLocked: true without being treated as draft.
  • Fix: Add an e2e test using the real HTTP API and SQLite-backed path that verifies locked pull requests are persisted, retrieved via the API, and correctly distinguished from draft pull requests.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@mariusvniekerk mariusvniekerk force-pushed the gitealike-provider-core branch from 4e8dddc to 9bda02e Compare May 7, 2026 21:17
@roborev-ci
Copy link
Copy Markdown

roborev-ci Bot commented May 7, 2026

roborev: Combined Review (9bda02e)

Medium risk: one pagination denial-of-service issue found.

Medium

  • internal/platform/gitealike/provider.go:284 trusts remote pagination cursors without progress or size limits.

    A malicious or compromised Forgejo/Gitea-compatible server can return a positive Page.Next that repeats the current page or cycles between pages. collectPages will keep appending results and issuing requests until the context is canceled, which can pin the sync worker and grow memory usage.

    Remediation: enforce pagination progress and bounds, such as rejecting next.Next <= page, tracking seen pages, and adding a maximum page/item cap per collection. Consider a per-request or per-sync timeout so a bad provider response cannot monopolize sync indefinitely.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@roborev-ci
Copy link
Copy Markdown

roborev-ci Bot commented May 7, 2026

roborev: Combined Review (7508c2e)

Summary verdict: No Medium, High, or Critical issues found.

All review agents reported no actionable findings above the requested severity threshold.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@mariusvniekerk mariusvniekerk force-pushed the forgejo-gitea-sdk-skeletons branch from 6a59cce to 60e788d Compare May 7, 2026 22:11
@mariusvniekerk mariusvniekerk force-pushed the gitealike-provider-core branch from 7508c2e to d48e9c1 Compare May 7, 2026 22:11
@roborev-ci
Copy link
Copy Markdown

roborev-ci Bot commented May 7, 2026

roborev: Combined Review (d48e9c1)

Summary verdict: No Medium, High, or Critical findings were reported.

All review agents found no actionable issues to include.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@mariusvniekerk mariusvniekerk force-pushed the gitealike-provider-core branch from d48e9c1 to 7a30080 Compare May 7, 2026 22:35
@roborev-ci
Copy link
Copy Markdown

roborev-ci Bot commented May 7, 2026

roborev: Combined Review (7a30080)

No medium-or-higher issues found across the reviews.

All agents reported the code as clean; there are no findings to include.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

Base automatically changed from forgejo-gitea-sdk-skeletons to main May 7, 2026 23:26
@mariusvniekerk
feat: share Forgejo and Gitea provider core
95a1d58 
Adds a shared gitea-like provider core for SDK-free normalization, pagination, read capabilities, and typed transport error mapping before SDK converters wire into it.
@mariusvniekerk
fix: stop treating locked forge PRs as drafts
d37512c 
Add an explicit draft field to the shared gitealike pull request DTO and normalize draft state from that field instead of deriving it from the locked flag.
@mariusvniekerk
feat: persist locked pull request state
a0a1c9a 
Carry provider lock state through normalized merge requests, SQLite storage, and generated API models. Add a frontend supportsLocked helper for providers that expose lock state.
@mariusvniekerk
refactor: configure gitealike provider with options
c3d12dc 
Replace direct Options struct literals at the shared provider constructor with functional options so callers opt into provider behavior through named With helpers. This keeps provider construction extensible as Forgejo and Gitea capabilities diverge.
@mariusvniekerk
test: cover locked gitealike pull request readback
d5b7a31 
Locked state now travels through gitealike normalization and persistence. Add an API-backed sync test that proves a locked non-draft Forgejo pull request is persisted in SQLite and returned through the generated HTTP client as locked without being treated as draft.
@mariusvniekerk
fix: reject non-advancing gitealike pagination
c6466bd 
Forgejo and Gitea compatible servers provide pagination cursors. Reject repeated, backwards, or excessively long pagination so a bad provider response cannot keep a sync worker collecting pages indefinitely.
@mariusvniekerk mariusvniekerk force-pushed the gitealike-provider-core branch from 7a30080 to c6466bd Compare May 8, 2026 00:29
@roborev-ci
Copy link
Copy Markdown

roborev-ci Bot commented May 8, 2026

roborev: Combined Review (c6466bd)

Summary verdict: No Medium, High, or Critical findings were reported.

All reviewed agents found no reportable issues.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@mariusvniekerk mariusvniekerk merged commit 119d04a into main May 8, 2026
9 checks passed
@mariusvniekerk mariusvniekerk deleted the gitealike-provider-core branch May 8, 2026 00:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

Forgejo + Gitea

Development

Successfully merging this pull request may close these issues.

1 participant

@mariusvniekerk