mirror of
https://github.com/RayLabsHQ/gitea-mirror.git
synced 2025-12-08 04:26:44 +03:00
34f741beef
## Problem Forgejo 12.0+ rejects migration API calls with credentials embedded in URLs, causing HTTP 422 errors when mirroring private GitHub repositories. ## Root Cause Breaking security change in Forgejo 12.0 (July 2025) enforces credential separation to prevent accidental exposure in logs/errors. Previous versions (Forgejo 11.x, Gitea 1.x) accepted embedded credentials. ## Solution - Use separate `auth_username` and `auth_token` fields instead of embedding credentials in clone URLs - Set `auth_username` to "oauth2" for GitHub token authentication - Pass GitHub token via `auth_token` field ## Changes - src/lib/gitea.ts: - mirrorGithubRepoToGitea(): Use separate auth fields for private repos - mirrorGitHubRepoToGiteaOrg(): Use separate auth fields for private repos - .github/workflows/docker-build.yml: - Enable PR image building and pushing to GHCR - Tag PR images as pr-<number> for easy testing - Add automated PR comment with image details and testing instructions - Separate load step for security scanning ## Backward Compatibility ✅ Works with Forgejo 12.0+ ✅ Works with Forgejo 11.x and earlier ✅ Works with Gitea 1.x ## Testing Public repos: ✅ Working (no auth needed) Private repos: ✅ Fixed (separate auth fields) Fixes #102