Signed-off-by: Seongmin Lee <git@boltless.me>

`sh.tangled.pipeline` events are now completely generated & streamed
from spindle

Signed-off-by: Seongmin Lee <git@boltless.me>

spindle will emit `sh.tangled.pipeline` event on:
- `sh.tangled.git.refUpdate` events from knot stream
- live create/update events of `sh.tangled.repo.pull` records

Signed-off-by: Seongmin Lee <git@boltless.me>

Spindle will sync git repo when new repo is registered

Spindle will listen to `sh.tangled.git.refUpdate` event from knot
stream and sync its local git repo instead. Spindle's git repo will
sparse-checkout only `/.tangled/workflows` directory.

Spindle now requires git version >=2.49 for `--revision` flag in `git
clone` command.

References:
- <https://stackoverflow.com/q/47541033/13150270>
- <https://stackoverflow.com/q/600079/13150270>

Signed-off-by: Seongmin Lee <git@boltless.me>

This single persistent directory can be used for storing general spindle
data like db, motd file and upcoming sparse-clone git repos.

db path will be `${DATA_DIR}/spindle.db`

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

spindle-tap will collect/stream record events from:
- users dynamically added by spindle (spindle members | collaborators of
repos using spindle)
- any users with `sh.tangled.repo.pull` collection

It might be bit inefficient considering it will also stream repo
creation events from PR authors due to second rule, but at least we now
have backfill logic and Sync 1.1 based syncing.

This inefficiency can be fixed later by modifying upstream tap cli or
embedding tap into spindle.

```
+--------- all tangled users --------+
| |
| +-- users known to spindle-tap --+ |
| | (PR author / manually added) | |
| | | |
| | +----------------------------+ | |
| | | users known to spindle | | |
| | | (members / collaborators) | | |
| | +----------------------------+ | |
| +--------------------------------+ |
+------------------------------------+
```

Close: <https://tangled.org/tangled.org/core/issues/341>

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

This new db migration won't migrate existing records in repos table.
Instead, it will simply rename the legacy table to `repos_old` and
create a new one with same name.

repo backfill will be done with tap

Signed-off-by: Seongmin Lee <git@boltless.me>

create new one if it's missing

Signed-off-by: Seongmin Lee <git@boltless.me>

This commit won't work without following spindle rewrite to use tap and
introduce backfill because repos table is empty yet.

Signed-off-by: Seongmin Lee <git@boltless.me>

1. Use repo AT-URI as identifier.
2. Use `dom` field rather than `obj` to filter by repository. So now
it's "user with role A in repo B can do action D to field C" where
`A,B,C,D` are `sub,dom,obj,act`.
3. Manage app-logic rules in embedded csv file which won't be saved in
db and load to memory on start. This makes app's global rbac rule
change easier as we just need to edit the csv file.

Many permission check methods are missing, but should be enough to test
this new RBAC enforcer package in spindle.

Related issue: <https://tangled.org/tangled.org/core/issues/282>

Signed-off-by: Seongmin Lee <git@boltless.me>

- did-method-plc
- bluesky-jetstream
- bluesky-relay
- tap

Signed-off-by: Seongmin Lee <git@boltless.me>

We will start using our own forked version of indigo package.

Signed-off-by: Seongmin Lee <git@boltless.me>

Some cool people use cool editor called Vim, which requires final
newline and automatically adds it anyways.

Signed-off-by: Seongmin Lee <git@boltless.me>

both jj-vcs and tangled don't support gitattributes yet, but this would
be still valuable for git tools.

Signed-off-by: Seongmin Lee <git@boltless.me>

instead of showing a 503 indiscriminately, we now indicate that the knot
is unreachable and display a warning. the user is still free to browse
issues and pulls.

Signed-off-by: oppiliappan <me@oppi.li>

this replaces handles with DIDs in the clone dropdown.

Signed-off-by: oppiliappan <me@oppi.li>

the .ShowPunchcard variable was being referenced in pages that didn't
have the variable set. to circumvent this, the `State.profile` helper
calculates whether or not to show the punchcard, and this helper is then
substituted in all profile tabs.

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: Will Andrews <will7989@hotmail.com>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

The description field had no length validation, so long descriptions
would pass the form but fail at the DB INSERT (CHECK constraint) or
lexicon layer (maxGraphemes: 140), after the PDS record and bare repo
were already created. Add client-side maxlength and server-side rune
count validation to reject early and avoid partial rollback state.

the buttons were not being hidden/shown correctly when varying the
active-round or diff/interdiff pages.

Signed-off-by: oppiliappan <me@oppi.li>

users sometimes want to regenerate invite codes, but signups_inflight
never replaces the old value, since the email column has a unique
constraint. by using `or replace`, we can update the invite code.

this keeps the db in sync with whatever the user sees in their inbox.

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: Evan Jarrett <evan@evanjarrett.com>

Should look better on opengraph cards.

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: Thomas Karpiniec <tkarpiniec@icloud.com>

When searching issues or pulls with filters, the open/closed tab counts
were showing unfiltered repo totals. Run per-state count queries when a
search is active and update RepoInfo.Stats before rendering.

Based on a fix by Patrick Dewey (pdewey.com) for issue #400.

Signed-off-by: Thomas Karpiniec <tkarpiniec@icloud.com>

Signed-off-by: Thomas Karpiniec <tkarpiniec@icloud.com>

Signed-off-by: Thomas Karpiniec <tkarpiniec@icloud.com>

Signed-off-by: Thomas Karpiniec <tkarpiniec@icloud.com>

Signed-off-by: Thomas Karpiniec <tkarpiniec@icloud.com>

Signed-off-by: Thomas Karpiniec <tkarpiniec@icloud.com>

Signed-off-by: Thomas Karpiniec <tkarpiniec@icloud.com>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

Add hooks tab to repository settings with webhook management interface.
Includes forms for adding/editing webhooks with URL, secret, and event
configuration. Shows webhook status with active/inactive toggle.

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

Trigger webhooks on git push events from knotstream.

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

Add Push method to Notifier interface for git push events. Implement
WebhookNotifier that sends webhook payloads with HMAC-SHA256 signatures
for authentication. Supports push events with delivery tracking and
retry logic (3 attempts with exponential backoff).

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

Until we can figure out why this 403s on Cloudflare's end.

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

Signed-off-by: oppiliappan <me@oppi.li>

there was a change that removed the scheme from appview host, this was
not reflected in the non-dev oauth config.

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: iacore <noreply+gpg-stub@1a-insec.net>