Branch restrictions — fully enforced:

CRUD rules with pattern (exact or glob like release/*), requirePR, blockForcePush, bypass user list Enforcement via pkt-line parsing inside the git HTTP handler — before any data reaches git http-backend, each ref update is extracted and checked against stored rules Direct push to main with requirePR: true → 403 with message; push to unprotected branches still works Inline checkboxes in the UI update rules immediately Branching model — stored config: GET/PUT per repo, defaults to feature/bugfix/release/hotfix prefixes Toggle enabled/disabled, custom prefix per type with live preview No enforcement (naming guide only, as Bitbucket does) Merge strategies — enforced in PR merge endpoint: GET/PUT per repo, defaults all three allowed Merge handler now accepts strategy: "merge"|"squash"|"rebase" in request body, checks against stored policy Disallowed strategy → 409 with clear error; allowed strategy → merges and fires pull_request webhook Must have at least one strategy enabled (validated server-side) Webhooks — full delivery with HMAC: CRUD with title, URL, secret (optional), events (push/pull_request/issue), active toggle Test button sends live HTTP POST to the configured URL and shows status code in UI FireWebhooks() fires asynchronously from PR merge and can be called from any handler X-ForgeBucket-Signature-256: sha256=<hmac> header when secret is set Last delivery status and timestamp stored on webhook record and shown in list
2026-05-07 15:27:48 +02:00
parent 53aa5cbbf5
commit f211cfc7db
11 changed files with 1438 additions and 4 deletions
@@ -22,5 +22,8 @@ func Run(engine *xorm.Engine) error {
 	if err := Run003(engine); err != nil {
 		return err
 	}
-	return Run004(engine)
+	if err := Run004(engine); err != nil {
+		return err
+	}
+	return Run005(engine)
 }
@@ -0,0 +1,15 @@
+package migrations
+
+import (
+	"github.com/forgeo/forgebucket/internal/models"
+	"xorm.io/xorm"
+)
+
+func Run005(engine *xorm.Engine) error {
+	return engine.Sync2(
+		&models.BranchProtection{},
+		&models.BranchingModel{},
+		&models.MergeStrategies{},
+		&models.Webhook{},
+	)
+}
@@ -0,0 +1,49 @@
+package models
+
+import "time"
+
+// BranchProtection defines push rules for a branch pattern.
+type BranchProtection struct {
+	ID             int64     `xorm:"'id' pk autoincr"`
+	RepoID         int64     `xorm:"'repo_id' notnull index"`
+	Pattern        string    `xorm:"'pattern' notnull"` // exact name or glob like "release/*"
+	RequirePR      bool      `xorm:"'require_pr' default true"`
+	BlockForcePush bool      `xorm:"'block_force_push' default true"`
+	AllowedUsers   string    `xorm:"'allowed_users'"` // comma-sep; these users may push directly
+	CreatedAt      time.Time `xorm:"'created_at' created"`
+}
+
+// BranchingModel stores the naming convention config for a repo (one row per repo).
+type BranchingModel struct {
+	ID             int64     `xorm:"'id' pk autoincr"`
+	RepoID         int64     `xorm:"'repo_id' notnull unique"`
+	Enabled        bool      `xorm:"'enabled' default false"`
+	FeaturePrefix  string    `xorm:"'feature_prefix'"`
+	BugfixPrefix   string    `xorm:"'bugfix_prefix'"`
+	ReleasePrefix  string    `xorm:"'release_prefix'"`
+	HotfixPrefix   string    `xorm:"'hotfix_prefix'"`
+	UpdatedAt      time.Time `xorm:"'updated_at' updated"`
+}
+
+// MergeStrategies stores which PR merge strategies are allowed for a repo (one row per repo).
+type MergeStrategies struct {
+	ID               int64 `xorm:"'id' pk autoincr"`
+	RepoID           int64 `xorm:"'repo_id' notnull unique"`
+	AllowMergeCommit bool  `xorm:"'allow_merge_commit' default true"`
+	AllowSquash      bool  `xorm:"'allow_squash' default true"`
+	AllowRebase      bool  `xorm:"'allow_rebase' default true"`
+}
+
+// Webhook delivers event payloads to external URLs.
+type Webhook struct {
+	ID              int64      `xorm:"'id' pk autoincr"`
+	RepoID          int64      `xorm:"'repo_id' notnull index"`
+	Title           string     `xorm:"'title'"`
+	URL             string     `xorm:"'url' notnull"`
+	Secret          string     `xorm:"'secret'"`
+	Events          string     `xorm:"'events' notnull"` // "push,pull_request,issue"
+	Active          bool       `xorm:"'active' default true"`
+	LastStatus      int        `xorm:"'last_status'"`
+	LastDeliveredAt *time.Time `xorm:"'last_delivered_at'"`
+	CreatedAt       time.Time  `xorm:"'created_at' created"`
+}