66 Commits

Author SHA1 Message Date
Catherine 4ce40fe560 Clarify docs on forge authorization for previews. 2026-06-23 10:32:47 +00:00
Catherine bdc27c56f6 Improve installation section in README. 2026-05-31 15:59:23 +00:00
Catherine a7063e00ef Implement site expiration.
Requires `feature = ["expiration"]`.
2026-05-29 00:13:44 +02:00
Catherine 4d9872067d Expose the binary serialization of the manifest.
This action implies a commitment to maintain the binary serialization
in a forward-compatible way (which is really the status quo).
2026-05-28 23:44:01 +02:00
Catherine 3efb332351 Implement pull request preview authorization.
Requires `feature = ["preview"]`.
2026-05-25 23:59:39 +00:00
Catherine 3311fb639d Fix incorrect example use case of _headers.
git-pages enables CORS automatically and unconditionally, but COOP/COEP
have to be configured manually.
2026-05-05 03:12:51 +00:00
Catherine 93ce4f9671 Bring authorization flow documentation up to date. 2026-05-05 02:56:08 +00:00
whitequark 7f5e02081d Add links to support channels. 2026-04-25 22:52:06 +02:00
Catherine c5c5306688 [breaking-change] Use a distinct scope for forge DNS allowlist authz.
Before this commit, a `_git-pages-repository.<host>` TXT record would
allow both forge DNS allowlist authorization, as well as normal DNS
allowlist authorization. This means that a site set up to have its
contents updated by a Forgejo Action could have its contents replaced
by the contents of the repository which contains the Forgejo Action,
which will effectively erase the site in most cases. This is a classic
confused deputy scenario.

To fix this, forge DNS allowlist authorization now uses a distinct
`_git-pages-forge-allowlist.<host>` TXT record, removing ambiguity
that allows this scenario to happen.

The issue was introduced in 27a6de792c
and existed in `main` for about a hour, so it is unlikely anybody
has been impacted by this.
2026-04-23 15:20:32 +00:00
Catherine 27a6de792c Allow using forge authorization with non-wildcard domains.
The new authorization method combines DNS allowlist and existing forge
authorization methods: DNS records are used to determine the allowed
repository URL, and forge authorization is used to check for push
permissions to that URL.
2026-04-22 01:59:37 +00:00
Catherine 5258bf756b Add support for Netlify Basic-Auth: mechanism. 2026-03-29 12:11:56 +00:00
miyuko ccabfc22a6 Remove README text about the now-removed Sentry support. 2026-03-28 04:36:06 +00:00
Catherine 310cc7d438 Fix incorrect explanation in README. 2026-03-25 04:59:25 +00:00
Catherine b737e1bb9b Add rationale for not supporting git-lfs. 2026-03-21 02:30:36 +00:00
miyuko 3e377986bc Accept forge authorization for deleting a site. 2026-03-03 01:29:27 +00:00
miyuko 325d6bedda [breaking-change] Change the format of the SYSLOG_ADDR env variable. 2025-12-07 09:52:15 +00:00
Catherine bd44f65b51 Add handling of Accept: application/vnd.git-pages.unresolved.
This will be used for incremental archive updates.
2025-12-05 18:21:42 +00:00
Catherine da0758b972 Stabilize features patch and archive-site.
The PATCH method has been tested by myself and on Codeberg and found
to work satisfactorily.

Because using PATCH causes the git-pages server to store state that
is not necessarily easily reproducible from any single specific source
(i.e. it stores a composition of many disparate requests), it may be
necessary to back it up. For this, the feature `archive-site` is also
stabilized. It has not seen much use but not providing a backup method
would be a disservice.
2025-12-05 03:55:54 +00:00
Catherine 464c40db9c Add Create-Parents: mode to PATCH method.
This acts like `mkdir -p`, making it much less annoying to deploy
e.g. documentation preview generators that use deep paths.

Like before, the site must already exist: we cannot do a CAS on
a non-existent manifest at the moment.
2025-12-04 18:23:44 +00:00
Catherine f59830ae20 Rename PATCH Race-Free: header to Atomic:.
Neither of these names is self-explanatory, and it is better to have
fewer distinct identifiers for the same concept.
2025-12-04 16:51:32 +00:00
Catherine e730b2bcd2 Fix phrasing in README. 2025-12-04 16:18:31 +00:00
Catherine 2ebf4400bf Update introduction in README. 2025-12-04 13:52:37 +00:00
Catherine 460ff41cc9 Allow PATCH method to apply partial updates.
Gated behind the `patch` feature.
2025-12-04 03:00:47 +00:00
Catherine 32111307eb Add "dry run" capability for all destructive endpoints. 2025-12-02 22:32:17 +00:00
Catherine af40848d9f Explicitly mention SHA-256 transition status. 2025-12-02 22:23:43 +00:00
Catherine 80d2a7a792 Rename license to satisfy https://pkg.go.dev 2025-11-22 23:32:18 +00:00
miyuko fcc109c315 Add the ability to send logs to a syslog daemon. 2025-11-22 14:10:26 +00:00
Catherine b1b8ae26e8 Restrict DNS Allowlist authorization to index site only.
Otherwise, an undesired degree of freedom permits a third party to
deny access to index site URLs by publishing projects with the same
name.

In the future, the _git-pages-repository TXT record format may be
extended to allow non-index sites to be specified without introducing
undesired degrees of freedom.
2025-11-21 03:49:38 +00:00
Catherine 99904174e4 Bring documentation up to date. 2025-11-20 02:41:32 +00:00
Catherine 0b2db170b8 Allow updating wildcard domain sites from an archive with a forge token. 2025-11-19 04:10:02 +00:00
Catherine 5da56a1b94 Link to git-pages-cli in README. 2025-11-16 02:06:19 +00:00
Catherine 9d0a3ac6ad Use Branch: instead of X-Pages-Branch: to set custom branch name. 2025-11-12 17:05:11 +00:00
Simon Kolkmann d144ea197e Update README. 2025-10-22 11:53:32 +02:00
Catherine 9f24d665bc Remove Fly.io configuration.
This configuration is now managed separately at:

    https://codeberg.org/whitequark/grebedoc.dev
2025-09-30 04:17:12 +00:00
Catherine 1a0e594624 Add span based timings measurement and Sentry integration. 2025-09-30 00:56:58 +00:00
Catherine 66e290550b Update README. 2025-09-29 00:26:55 +00:00
Catherine d36bebfe4e Move repository to https://codeberg.org/git-pages/git-pages.git. 2025-09-25 02:06:35 +00:00
Catherine a159dba0b8 [breaking-change] Redesign environment var configuration overrides.
This is done using reflection to avoid boilerplate and potential desync
of the two configuration interfaces. The `[[wildcards]]` section did
not fit well into the "splat every config key" paradigm, so it is
unmarshalled as a whole from a JSON payload in an environment variable.

This commit also splits up the `Config` type into small per-section
struct types and removes most references to the global `config` in
favor of passing pointers to sections around.

A new option, `-print-config-env-vars`, shows the names and types of
all of the available configuration knobs.
2025-09-22 07:02:42 +00:00
Catherine 2af2975713 Add tar+gzip and tar+zstd compressed archive support. 2025-09-21 06:25:10 +00:00
Catherine d5302e4358 [breaking-change] Allow multiple wildcard domains to be configured. 2025-09-21 00:29:51 +00:00
Catherine acf948ac6b Remove code for migrating from v1 data layout. 2025-09-20 20:10:40 +00:00
Catherine ddf0de8435 Record non-fatal problems in manifest and report them.
This feature keeps complex features like `_redirects` debuggable.
2025-09-20 08:33:11 +00:00
Catherine 15b2f1ea39 Allow zip and tar archive uploads PUT request. 2025-09-20 07:16:10 +00:00
Catherine ed0f8e9d0d Add instructions for first-party container to README. 2025-09-20 01:12:52 +00:00
Catherine 9d18700834 Switch from Nix back to Docker for deployment. 2025-09-20 00:12:55 +00:00
Catherine e0e5a8978e Describe authorization flow for metadata retrieval. 2025-09-19 18:38:14 +00:00
Catherine f6982e6222 Fix inaccurate description of branch selection. 2025-09-19 18:29:45 +00:00
Catherine df6ca018a5 Unpublish site when pushing an empty repository. 2025-09-19 05:41:01 +00:00
Catherine 5f3edfedf9 Add DELETE method support. 2025-09-19 04:08:22 +00:00
whitequark 6a67785e02 Correct inaccuracy in README. 2025-09-19 02:35:56 +02:00