From 1f8b3b5e1b52fb769b4848d5047ded435d7a4b83 Mon Sep 17 00:00:00 2001
From: 6543 <6543@obermui.de>
Date: Fri, 15 Dec 2023 10:03:05 +0100
Subject: [PATCH 1/6] Only update pipelineStatus in one place (#2952)

---
 pipeline/backend/types/config.go  |  4 ++--
 server/pipeline/create.go         | 26 ++++++++++----------------
 server/pipeline/pipelineStatus.go |  6 ++++--
 3 files changed, 16 insertions(+), 20 deletions(-)

diff --git a/pipeline/backend/types/config.go b/pipeline/backend/types/config.go
index b1df35a432..0fe1e6fc01 100644
--- a/pipeline/backend/types/config.go
+++ b/pipeline/backend/types/config.go
@@ -14,9 +14,9 @@
 
 package types
 
-// Config defines the runtime configuration of a pipeline.
+// Config defines the runtime configuration of a workflow.
 type Config struct {
-	Stages   []*Stage   `json:"pipeline"` // pipeline stages
+	Stages   []*Stage   `json:"pipeline"` // workflow stages
 	Networks []*Network `json:"networks"` // network definitions
 	Volumes  []*Volume  `json:"volumes"`  // volume definitions
 	Secrets  []*Secret  `json:"secrets"`  // secret definitions
diff --git a/server/pipeline/create.go b/server/pipeline/create.go
index d440eccb55..64bd6f6237 100644
--- a/server/pipeline/create.go
+++ b/server/pipeline/create.go
@@ -18,7 +18,6 @@ import (
 	"context"
 	"fmt"
 	"regexp"
-	"time"
 
 	"github.com/rs/zerolog/log"
 
@@ -128,16 +127,12 @@ func Create(ctx context.Context, _store store.Store, repo *model.Repo, pipeline
 }
 
 func updatePipelineWithErr(ctx context.Context, _store store.Store, pipeline *model.Pipeline, repo *model.Repo, repoUser *model.User, err error) error {
-	pipeline.Started = time.Now().Unix()
-	pipeline.Finished = pipeline.Started
-	pipeline.Status = model.StatusError
-	pipeline.Errors = errors.GetPipelineErrors(err)
-	dbErr := _store.UpdatePipeline(pipeline)
-	if dbErr != nil {
-		msg := fmt.Errorf("failed to save pipeline for %s", repo.FullName)
-		log.Error().Err(dbErr).Msg(msg.Error())
-		return msg
+	_pipeline, err := UpdateToStatusError(_store, *pipeline, err)
+	if err != nil {
+		return err
 	}
+	// update value in ref
+	*pipeline = *_pipeline
 
 	publishPipeline(ctx, pipeline, repo, repoUser)
 
@@ -145,13 +140,12 @@ func updatePipelineWithErr(ctx context.Context, _store store.Store, pipeline *mo
 }
 
 func updatePipelinePending(ctx context.Context, _store store.Store, pipeline *model.Pipeline, repo *model.Repo, repoUser *model.User) error {
-	pipeline.Status = model.StatusPending
-	dbErr := _store.UpdatePipeline(pipeline)
-	if dbErr != nil {
-		msg := fmt.Errorf("failed to save pipeline for %s", repo.FullName)
-		log.Error().Err(dbErr).Msg(msg.Error())
-		return msg
+	_pipeline, err := UpdateToStatusPending(_store, *pipeline, "")
+	if err != nil {
+		return err
 	}
+	// update value in ref
+	*pipeline = *_pipeline
 
 	publishPipeline(ctx, pipeline, repo, repoUser)
 
diff --git a/server/pipeline/pipelineStatus.go b/server/pipeline/pipelineStatus.go
index 2bf94423b3..1081b43636 100644
--- a/server/pipeline/pipelineStatus.go
+++ b/server/pipeline/pipelineStatus.go
@@ -29,9 +29,11 @@ func UpdateToStatusRunning(store model.UpdatePipelineStore, pipeline model.Pipel
 }
 
 func UpdateToStatusPending(store model.UpdatePipelineStore, pipeline model.Pipeline, reviewer string) (*model.Pipeline, error) {
-	pipeline.Reviewer = reviewer
+	if reviewer != "" {
+		pipeline.Reviewer = reviewer
+		pipeline.Reviewed = time.Now().Unix()
+	}
 	pipeline.Status = model.StatusPending
-	pipeline.Reviewed = time.Now().Unix()
 	return &pipeline, store.UpdatePipeline(&pipeline)
 }
 

From 60a3922e02e69e9a31bc6e7660eb7523ae26b162 Mon Sep 17 00:00:00 2001
From: qwerty287 <80460567+qwerty287@users.noreply.github.com>
Date: Sat, 16 Dec 2023 09:45:02 +0100
Subject: [PATCH 2/6] Update README badges (#2956)

- use repo id
- remove tickgit (the service is broken)
- use dynamic pre-commit.ci badge
---
 README.md | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 3d76ddba9b..f509e798c4 100644
--- a/README.md
+++ b/README.md
@@ -7,8 +7,8 @@
 </p>
 <br/>
 <p align="center">
-  <a href="https://ci.woodpecker-ci.org/woodpecker-ci/woodpecker" title="Build Status">
-    <img src="https://ci.woodpecker-ci.org/api/badges/woodpecker-ci/woodpecker/status.svg">
+  <a href="https://ci.woodpecker-ci.org/repos/3780" title="Build Status">
+    <img src="https://ci.woodpecker-ci.org/api/badges/3780/status.svg">
   </a>
   <a href="https://codecov.io/gh/woodpecker-ci/woodpecker">
     <img src="https://codecov.io/gh/woodpecker-ci/woodpecker/branch/main/graph/badge.svg"/>
@@ -40,11 +40,8 @@
   <a href="https://bestpractices.coreinfrastructure.org/projects/5309">
     <img src="https://bestpractices.coreinfrastructure.org/projects/5309/badge">
   </a>
-  <a href="https://www.tickgit.com/browse?repo=github.com/woodpecker-ci/woodpecker" title="TODOs">
-    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/woodpecker-ci/woodpecker">
-  </a>
-  <a href="https://github.com/pre-commit/pre-commit" title="TODOs">
-    <img src="https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit">
+  <a href="https://results.pre-commit.ci/repo/github/179344069" title="pre-commit.ci">
+    <img src="https://results.pre-commit.ci/badge/github/woodpecker-ci/woodpecker/main.svg">
   </a>
 </p>
 <br/>

From 16803d62177796f9ae49372f272d5d8a58c6a3eb Mon Sep 17 00:00:00 2001
From: Anbraten <anton@ju60.de>
Date: Sat, 16 Dec 2023 10:29:13 +0100
Subject: [PATCH 3/6] Show secrets from org and global level (#2873)

Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
---
 cmd/server/docs/docs.go                       |  6 ++
 server/model/secret.go                        | 13 ++-
 server/plugins/secrets/builtin.go             | 15 ++--
 server/plugins/secrets/builtin_test.go        |  2 +-
 server/store/datastore/secret_test.go         |  4 +-
 web/src/assets/locales/en.json                | 12 +--
 web/src/components/atomic/Button.vue          |  2 +-
 .../components/repo/settings/SecretsTab.vue   | 51 ++++++++++--
 web/src/components/secrets/SecretEdit.vue     | 52 ++++++++----
 web/src/components/secrets/SecretList.vue     | 36 ++++----
 web/src/compositions/usePaginate.ts           | 82 +++++++++++--------
 web/src/lib/api/types/secret.ts               |  2 +
 woodpecker-go/woodpecker/types.go             |  2 +
 13 files changed, 188 insertions(+), 91 deletions(-)

diff --git a/cmd/server/docs/docs.go b/cmd/server/docs/docs.go
index fedbdf4331..a8d14cfe20 100644
--- a/cmd/server/docs/docs.go
+++ b/cmd/server/docs/docs.go
@@ -4233,6 +4233,12 @@ const docTemplate = `{
                 "name": {
                     "type": "string"
                 },
+                "org_id": {
+                    "type": "integer"
+                },
+                "repo_id": {
+                    "type": "integer"
+                },
                 "value": {
                     "type": "string"
                 }
diff --git a/server/model/secret.go b/server/model/secret.go
index 2de79ce20e..7dbb087e97 100644
--- a/server/model/secret.go
+++ b/server/model/secret.go
@@ -70,8 +70,8 @@ type SecretStore interface {
 // Secret represents a secret variable, such as a password or token.
 type Secret struct {
 	ID     int64          `json:"id"              xorm:"pk autoincr 'secret_id'"`
-	OrgID  int64          `json:"-"               xorm:"NOT NULL DEFAULT 0 UNIQUE(s) INDEX 'secret_org_id'"`
-	RepoID int64          `json:"-"               xorm:"NOT NULL DEFAULT 0 UNIQUE(s) INDEX 'secret_repo_id'"`
+	OrgID  int64          `json:"org_id"          xorm:"NOT NULL DEFAULT 0 UNIQUE(s) INDEX 'secret_org_id'"`
+	RepoID int64          `json:"repo_id"         xorm:"NOT NULL DEFAULT 0 UNIQUE(s) INDEX 'secret_repo_id'"`
 	Name   string         `json:"name"            xorm:"NOT NULL UNIQUE(s) INDEX 'secret_name'"`
 	Value  string         `json:"value,omitempty" xorm:"TEXT 'secret_value'"`
 	Images []string       `json:"images"          xorm:"json 'secret_images'"`
@@ -89,15 +89,20 @@ func (s *Secret) BeforeInsert() {
 }
 
 // Global secret.
-func (s Secret) Global() bool {
+func (s Secret) IsGlobal() bool {
 	return s.RepoID == 0 && s.OrgID == 0
 }
 
 // Organization secret.
-func (s Secret) Organization() bool {
+func (s Secret) IsOrganization() bool {
 	return s.RepoID == 0 && s.OrgID != 0
 }
 
+// Repository secret.
+func (s Secret) IsRepository() bool {
+	return s.RepoID != 0 && s.OrgID == 0
+}
+
 // Match returns true if an image and event match the restricted list.
 func (s *Secret) Match(event WebhookEvent) bool {
 	if len(s.Events) == 0 {
diff --git a/server/plugins/secrets/builtin.go b/server/plugins/secrets/builtin.go
index e19518ce99..bb2e40ffae 100644
--- a/server/plugins/secrets/builtin.go
+++ b/server/plugins/secrets/builtin.go
@@ -48,16 +48,17 @@ func (b *builtin) SecretListPipeline(repo *model.Repo, _ *model.Pipeline, p *mod
 	// Priority order in case of duplicate names are repository, user/organization, global
 	secrets := make([]*model.Secret, 0, len(s))
 	uniq := make(map[string]struct{})
-	for _, cond := range []struct {
-		Global       bool
-		Organization bool
+	for _, condition := range []struct {
+		IsRepository   bool
+		IsOrganization bool
+		IsGlobal       bool
 	}{
-		{},
-		{Organization: true},
-		{Global: true},
+		{IsRepository: true},
+		{IsOrganization: true},
+		{IsGlobal: true},
 	} {
 		for _, secret := range s {
-			if secret.Global() != cond.Global || secret.Organization() != cond.Organization {
+			if secret.IsRepository() != condition.IsRepository || secret.IsOrganization() != condition.IsOrganization || secret.IsGlobal() != condition.IsGlobal {
 				continue
 			}
 			if _, ok := uniq[secret.Name]; ok {
diff --git a/server/plugins/secrets/builtin_test.go b/server/plugins/secrets/builtin_test.go
index a620a5735c..c2f2509ac9 100644
--- a/server/plugins/secrets/builtin_test.go
+++ b/server/plugins/secrets/builtin_test.go
@@ -51,7 +51,7 @@ func TestSecretListPipeline(t *testing.T) {
 	// repo secret
 	repoSecret := &model.Secret{
 		ID:     3,
-		OrgID:  1,
+		OrgID:  0,
 		RepoID: 1,
 		Name:   "secret",
 		Value:  "value-repo",
diff --git a/server/store/datastore/secret_test.go b/server/store/datastore/secret_test.go
index 917f75c4e8..78d92eabad 100644
--- a/server/store/datastore/secret_test.go
+++ b/server/store/datastore/secret_test.go
@@ -253,7 +253,7 @@ func TestOrgSecretList(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Len(t, list, 1)
 
-	assert.True(t, list[0].Organization())
+	assert.True(t, list[0].IsOrganization())
 }
 
 func TestGlobalSecretFind(t *testing.T) {
@@ -306,5 +306,5 @@ func TestGlobalSecretList(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Len(t, list, 1)
 
-	assert.True(t, list[0].Global())
+	assert.True(t, list[0].IsGlobal())
 }
diff --git a/web/src/assets/locales/en.json b/web/src/assets/locales/en.json
index 2885a2aa12..eabd2efa84 100644
--- a/web/src/assets/locales/en.json
+++ b/web/src/assets/locales/en.json
@@ -140,7 +140,7 @@
         "saved": "Secret saved",
         "images": {
           "images": "Available for following images",
-          "desc": "Comma separated list of images where this secret is available, leave empty to allow all images"
+          "desc": "List of images where this secret is available, leave empty to allow all images"
         },
         "events": {
           "events": "Available at following events",
@@ -305,7 +305,7 @@
         "saved": "Organization secret saved",
         "images": {
           "images": "Available for following images",
-          "desc": "Comma separated list of images where this secret is available, leave empty to allow all images"
+          "desc": "List of images where this secret is available, leave empty to allow all images"
         },
         "plugins_only": "Only available for plugins",
         "events": {
@@ -334,7 +334,7 @@
         "saved": "Global secret saved",
         "images": {
           "images": "Available for following images",
-          "desc": "Comma separated list of images where this secret is available, leave empty to allow all images"
+          "desc": "List of images where this secret is available, leave empty to allow all images"
         },
         "plugins_only": "Only available for plugins",
         "events": {
@@ -476,7 +476,7 @@
         "saved": "User secret saved",
         "images": {
           "images": "Available for following images",
-          "desc": "Comma separated list of images where this secret is available, leave empty to allow all images"
+          "desc": "List of images where this secret is available, leave empty to allow all images"
         },
         "plugins_only": "Only available for plugins",
         "events": {
@@ -504,5 +504,7 @@
   "default": "default",
   "info": "Info",
   "running_version": "You are running Woodpecker {0}",
-  "update_woodpecker": "Please update your Woodpecker instance to {0}"
+  "update_woodpecker": "Please update your Woodpecker instance to {0}",
+  "global_level_secret": "global secret",
+  "org_level_secret": "organization secret"
 }
diff --git a/web/src/components/atomic/Button.vue b/web/src/components/atomic/Button.vue
index db656554d2..b9d6129a26 100644
--- a/web/src/components/atomic/Button.vue
+++ b/web/src/components/atomic/Button.vue
@@ -16,7 +16,7 @@
   >
     <slot>
       <Icon v-if="startIcon" :name="startIcon" class="!w-6 !h-6" :class="{ invisible: isLoading, 'mr-1': text }" />
-      <span :class="{ invisible: isLoading }">{{ text }}</span>
+      <span :class="{ invisible: isLoading }" class="flex-shrink-0">{{ text }}</span>
       <Icon v-if="endIcon" :name="endIcon" class="ml-2 w-6 h-6" :class="{ invisible: isLoading }" />
       <div
         v-if="isLoading"
diff --git a/web/src/components/repo/settings/SecretsTab.vue b/web/src/components/repo/settings/SecretsTab.vue
index ded59fd09f..30e8013164 100644
--- a/web/src/components/repo/settings/SecretsTab.vue
+++ b/web/src/components/repo/settings/SecretsTab.vue
@@ -16,7 +16,7 @@
 
     <SecretList
       v-if="!selectedSecret"
-      v-model="secrets"
+      :model-value="secrets"
       i18n-prefix="repo.settings.secrets."
       :is-deleting="isDeleting"
       @edit="editSecret"
@@ -64,15 +64,54 @@ const repo = inject<Ref<Repo>>('repo');
 const selectedSecret = ref<Partial<Secret>>();
 const isEditingSecret = computed(() => !!selectedSecret.value?.id);
 
-async function loadSecrets(page: number): Promise<Secret[] | null> {
+async function loadSecrets(page: number, level: 'repo' | 'org' | 'global'): Promise<Secret[] | null> {
   if (!repo?.value) {
     throw new Error("Unexpected: Can't load repo");
   }
 
-  return apiClient.getSecretList(repo.value.id, page);
+  switch (level) {
+    case 'repo':
+      return apiClient.getSecretList(repo.value.id, page);
+    case 'org':
+      return apiClient.getOrgSecretList(repo.value.org_id, page);
+    case 'global':
+      return apiClient.getGlobalSecretList(page);
+    default:
+      throw new Error(`Unexpected level: ${level}`);
+  }
 }
 
-const { resetPage, data: secrets } = usePagination(loadSecrets, () => !selectedSecret.value);
+const { resetPage, data: _secrets } = usePagination(loadSecrets, () => !selectedSecret.value, {
+  each: ['repo', 'org', 'global'],
+});
+const secrets = computed(() => {
+  const secretsList: Record<string, Secret & { edit?: boolean; level: 'repo' | 'org' | 'global' }> = {};
+
+  // eslint-disable-next-line no-restricted-syntax
+  for (const level of ['repo', 'org', 'global']) {
+    // eslint-disable-next-line no-restricted-syntax
+    for (const secret of _secrets.value) {
+      if (
+        ((level === 'repo' && secret.repo_id !== 0 && secret.org_id === 0) ||
+          (level === 'org' && secret.repo_id === 0 && secret.org_id !== 0) ||
+          (level === 'global' && secret.repo_id === 0 && secret.org_id === 0)) &&
+        !secretsList[secret.name]
+      ) {
+        secretsList[secret.name] = { ...secret, edit: secret.repo_id !== 0, level };
+      }
+    }
+  }
+
+  const levelsOrder = {
+    global: 0,
+    org: 1,
+    repo: 2,
+  };
+
+  return Object.values(secretsList)
+    .toSorted((a, b) => a.name.localeCompare(b.name))
+    .toSorted((a, b) => levelsOrder[b.level] - levelsOrder[a.level]);
+});
 
 const { doSubmit: createSecret, isLoading: isSaving } = useAsyncAction(async () => {
   if (!repo?.value) {
@@ -93,7 +132,7 @@ const { doSubmit: createSecret, isLoading: isSaving } = useAsyncAction(async ()
     type: 'success',
   });
   selectedSecret.value = undefined;
-  resetPage();
+  await resetPage();
 });
 
 const { doSubmit: deleteSecret, isLoading: isDeleting } = useAsyncAction(async (_secret: Secret) => {
@@ -103,7 +142,7 @@ const { doSubmit: deleteSecret, isLoading: isDeleting } = useAsyncAction(async (
 
   await apiClient.deleteSecret(repo.value.id, _secret.name);
   notifications.notify({ title: i18n.t('repo.settings.secrets.deleted'), type: 'success' });
-  resetPage();
+  await resetPage();
 });
 
 function editSecret(secret: Secret) {
diff --git a/web/src/components/secrets/SecretEdit.vue b/web/src/components/secrets/SecretEdit.vue
index 0130f07b2e..aa52bbb99b 100644
--- a/web/src/components/secrets/SecretEdit.vue
+++ b/web/src/components/secrets/SecretEdit.vue
@@ -11,11 +11,27 @@
       </InputField>
 
       <InputField :label="$t(i18nPrefix + 'value')">
-        <TextField v-model="innerValue.value" :placeholder="$t(i18nPrefix + 'value')" :lines="5" />
+        <TextField
+          v-model="innerValue.value"
+          :placeholder="$t(i18nPrefix + 'value')"
+          :lines="5"
+          :required="!isEditingSecret"
+        />
       </InputField>
 
       <InputField :label="$t(i18nPrefix + 'images.images')">
-        <TextField v-model="images" :placeholder="$t(i18nPrefix + 'images.desc')" />
+        <span class="ml-1 mb-2 text-wp-text-alt-100">{{ $t(i18nPrefix + 'images.desc') }}</span>
+
+        <div class="flex flex-col gap-2">
+          <div v-for="image in innerValue.images" :key="image" class="flex gap-2">
+            <TextField :model-value="image" disabled />
+            <Button type="button" color="gray" start-icon="trash" @click="removeImage(image)" />
+          </div>
+          <div class="flex gap-2">
+            <TextField v-model="newImage" @keydown.enter.prevent="addNewImage" />
+            <Button type="button" color="gray" start-icon="plus" @click="addNewImage" />
+          </div>
+        </div>
       </InputField>
 
       <InputField :label="$t(i18nPrefix + 'events.events')">
@@ -36,7 +52,7 @@
 </template>
 
 <script lang="ts" setup>
-import { computed, toRef } from 'vue';
+import { computed, ref, toRef } from 'vue';
 import { useI18n } from 'vue-i18n';
 
 import Button from '~/components/atomic/Button.vue';
@@ -67,21 +83,20 @@ const innerValue = computed({
     emit('update:modelValue', value);
   },
 });
-const images = computed<string>({
-  get() {
-    return innerValue.value?.images?.join(',') || '';
-  },
-  set(value) {
-    if (innerValue.value) {
-      innerValue.value.images = value
-        .split(',')
-        .map((s) => s.trim())
-        .filter((s) => s !== '');
-    }
-  },
-});
 const isEditingSecret = computed(() => !!innerValue.value?.id);
 
+const newImage = ref('');
+function addNewImage() {
+  if (!newImage.value) {
+    return;
+  }
+  innerValue.value.images?.push(newImage.value);
+  newImage.value = '';
+}
+function removeImage(image: string) {
+  innerValue.value.images = innerValue.value.images?.filter((i) => i !== image);
+}
+
 const secretEventsOptions: CheckboxOption[] = [
   { value: WebhookEvents.Push, text: i18n.t('repo.pipeline.event.push') },
   { value: WebhookEvents.Tag, text: i18n.t('repo.pipeline.event.tag') },
@@ -99,6 +114,11 @@ function save() {
   if (!innerValue.value) {
     return;
   }
+
+  if (newImage.value) {
+    innerValue.value.images?.push(newImage.value);
+  }
+
   emit('save', innerValue.value);
 }
 </script>
diff --git a/web/src/components/secrets/SecretList.vue b/web/src/components/secrets/SecretList.vue
index e43f2bbca9..4faea19df9 100644
--- a/web/src/components/secrets/SecretList.vue
+++ b/web/src/components/secrets/SecretList.vue
@@ -6,22 +6,29 @@
       class="items-center !bg-wp-background-200 !dark:bg-wp-background-100"
     >
       <span>{{ secret.name }}</span>
+      <Badge
+        v-if="secret.edit === false"
+        class="ml-2"
+        :label="secret.org_id === 0 ? $t('global_level_secret') : $t('org_level_secret')"
+      />
       <div class="ml-auto space-x-2 <md:hidden">
         <Badge v-for="event in secret.events" :key="event" :label="event" />
       </div>
-      <IconButton
-        icon="edit"
-        class="ml-2 <md:ml-auto w-8 h-8"
-        :title="$t('repo.settings.secrets.edit')"
-        @click="editSecret(secret)"
-      />
-      <IconButton
-        icon="trash"
-        class="ml-2 w-8 h-8 hover:text-wp-control-error-100"
-        :is-loading="isDeleting"
-        :title="$t('repo.settings.secrets.delete')"
-        @click="deleteSecret(secret)"
-      />
+      <template v-if="secret.edit !== false">
+        <IconButton
+          icon="edit"
+          class="ml-2 <md:ml-auto w-8 h-8"
+          :title="$t('repo.settings.secrets.edit')"
+          @click="editSecret(secret)"
+        />
+        <IconButton
+          icon="trash"
+          class="ml-2 w-8 h-8 hover:text-wp-control-error-100"
+          :is-loading="isDeleting"
+          :title="$t('repo.settings.secrets.delete')"
+          @click="deleteSecret(secret)"
+        />
+      </template>
     </ListItem>
 
     <div v-if="secrets?.length === 0" class="ml-2">{{ $t(i18nPrefix + 'none') }}</div>
@@ -32,12 +39,13 @@
 import { toRef } from 'vue';
 import { useI18n } from 'vue-i18n';
 
+import Badge from '~/components/atomic/Badge.vue';
 import IconButton from '~/components/atomic/IconButton.vue';
 import ListItem from '~/components/atomic/ListItem.vue';
 import { Secret } from '~/lib/api/types';
 
 const props = defineProps<{
-  modelValue: Secret[];
+  modelValue: (Secret & { edit?: boolean })[];
   isDeleting: boolean;
   i18nPrefix: string;
 }>();
diff --git a/web/src/compositions/usePaginate.ts b/web/src/compositions/usePaginate.ts
index 69295c5a5c..33002c09c3 100644
--- a/web/src/compositions/usePaginate.ts
+++ b/web/src/compositions/usePaginate.ts
@@ -1,5 +1,5 @@
 import { useInfiniteScroll } from '@vueuse/core';
-import { onMounted, Ref, ref, watch } from 'vue';
+import { onMounted, Ref, ref, UnwrapRef, watch } from 'vue';
 
 export async function usePaginate<T>(getSingle: (page: number) => Promise<T[]>): Promise<T[]> {
   let hasMore = true;
@@ -15,59 +15,71 @@ export async function usePaginate<T>(getSingle: (page: number) => Promise<T[]>):
   return result;
 }
 
-export function usePagination<T>(
-  _loadData: (page: number) => Promise<T[] | null>,
+export function usePagination<T, S = unknown>(
+  _loadData: (page: number, arg: S) => Promise<T[] | null>,
   isActive: () => boolean = () => true,
-  scrollElement = ref(document.getElementById('scroll-component')),
+  { scrollElement: _scrollElement, each: _each }: { scrollElement?: Ref<HTMLElement | null>; each?: S[] } = {},
 ) {
+  const scrollElement = _scrollElement ?? ref(document.getElementById('scroll-component'));
   const page = ref(1);
   const pageSize = ref(0);
   const hasMore = ref(true);
   const data = ref<T[]>([]) as Ref<T[]>;
   const loading = ref(false);
+  const each = ref(_each ?? []);
 
   async function loadData() {
+    if (loading.value === true || hasMore.value === false) {
+      return;
+    }
+
     loading.value = true;
-    const newData = await _loadData(page.value);
-    hasMore.value = newData !== null && newData.length >= pageSize.value;
-    if (newData !== null && newData.length !== 0) {
-      if (page.value === 1) {
-        pageSize.value = newData.length;
-        data.value = newData;
-      } else {
-        data.value.push(...newData);
+    const newData = (await _loadData(page.value, each.value?.[0] as S)) ?? [];
+    hasMore.value = newData.length >= pageSize.value && newData.length > 0;
+    if (newData.length > 0) {
+      data.value.push(...newData);
+    }
+
+    // last page and each has more
+    if (!hasMore.value && each.value.length > 0) {
+      // use next each element
+      each.value.shift();
+      page.value = 1;
+      pageSize.value = 0;
+      hasMore.value = each.value.length > 0;
+      if (hasMore.value) {
+        loading.value = false;
+        await loadData();
       }
-    } else if (page.value === 1) {
-      data.value = [];
-    } else {
-      hasMore.value = false;
     }
+    pageSize.value = newData.length;
     loading.value = false;
   }
 
   onMounted(loadData);
   watch(page, loadData);
 
-  useInfiniteScroll(
-    scrollElement,
-    () => {
-      if (isActive() && !loading.value && hasMore.value) {
-        // load more
-        page.value += 1;
-      }
-    },
-    { distance: 10 },
-  );
+  function nextPage() {
+    if (isActive() && !loading.value && hasMore.value) {
+      page.value += 1;
+    }
+  }
 
-  const resetPage = () => {
-    if (page.value !== 1) {
-      // just set page = 1, will be handled by watcher
-      page.value = 1;
-    } else {
-      // we need to reload, but page is already 1, so changing won't trigger watcher
-      loadData();
+  useInfiniteScroll(scrollElement, nextPage, { distance: 10 });
+
+  async function resetPage() {
+    const _page = page.value;
+
+    hasMore.value = true;
+    data.value = [];
+    each.value = (_each ?? []) as UnwrapRef<S[]>;
+    page.value = 1;
+
+    if (_page === 1) {
+      // we need to reload manually as the page is already 1, so changing won't trigger watcher
+      await loadData();
     }
-  };
+  }
 
-  return { resetPage, data };
+  return { resetPage, nextPage, data, hasMore, loading };
 }
diff --git a/web/src/lib/api/types/secret.ts b/web/src/lib/api/types/secret.ts
index 33c9612574..301b83341c 100644
--- a/web/src/lib/api/types/secret.ts
+++ b/web/src/lib/api/types/secret.ts
@@ -2,6 +2,8 @@ import { WebhookEvents } from './webhook';
 
 export type Secret = {
   id: string;
+  repo_id: number;
+  org_id: number;
   name: string;
   value: string;
   events: WebhookEvents[];
diff --git a/woodpecker-go/woodpecker/types.go b/woodpecker-go/woodpecker/types.go
index d243d36f0e..ba2cff1b75 100644
--- a/woodpecker-go/woodpecker/types.go
+++ b/woodpecker-go/woodpecker/types.go
@@ -141,6 +141,8 @@ type (
 	// Secret represents a secret variable, such as a password or token.
 	Secret struct {
 		ID     int64    `json:"id"`
+		OrgID  int64    `json:"org_id"`
+		RepoID int64    `json:"repo_id"`
 		Name   string   `json:"name"`
 		Value  string   `json:"value,omitempty"`
 		Images []string `json:"images"`

From 57790e41760a8d3e8a1958369783925414775ce1 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Sat, 16 Dec 2023 21:27:46 +0100
Subject: [PATCH 4/6] Fix error container overflow (#2957)

Fixes: https://github.com/woodpecker-ci/woodpecker/issues/2947


![image](https://github.com/woodpecker-ci/woodpecker/assets/3391958/03198aec-fd3c-4fcd-8418-a7c5b0ff9d0b)

On the mobile view, it now wraps to show error on top. That is still not
perfect as it creates content jumps, after clicking on a pipeline with
errors. I don't have a better idea yet, but IMO it's already an
improvement as before it was quite unusable on mobile view.

Before:

![image](https://github.com/woodpecker-ci/woodpecker/assets/3391958/20849de8-55d6-4839-b4b4-fe220003887d)

After:

![image](https://github.com/woodpecker-ci/woodpecker/assets/3391958/8a80939b-d6a5-414d-b693-ef4583e2f37d)
---
 .../components/repo/pipeline/PipelineLog.vue  |  2 +-
 .../repo/pipeline/PipelineStepList.vue        |  2 +-
 web/src/views/repo/pipeline/Pipeline.vue      | 20 +++++++++----------
 3 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/web/src/components/repo/pipeline/PipelineLog.vue b/web/src/components/repo/pipeline/PipelineLog.vue
index c573b80e15..fbc1aaccb9 100644
--- a/web/src/components/repo/pipeline/PipelineLog.vue
+++ b/web/src/components/repo/pipeline/PipelineLog.vue
@@ -1,7 +1,7 @@
 <template>
   <div v-if="pipeline" class="flex flex-col pt-10 md:pt-0">
     <div
-      class="flex flex-grow flex-col code-box shadow !p-0 !rounded-none md:m-4 md:mt-0 !md:rounded-md overflow-hidden"
+      class="flex flex-grow flex-col code-box shadow !p-0 !rounded-none md:mt-0 !md:rounded-md overflow-hidden"
       @mouseover="showActions = true"
       @mouseleave="showActions = false"
     >
diff --git a/web/src/components/repo/pipeline/PipelineStepList.vue b/web/src/components/repo/pipeline/PipelineStepList.vue
index 43cb409da7..2e71a60e74 100644
--- a/web/src/components/repo/pipeline/PipelineStepList.vue
+++ b/web/src/components/repo/pipeline/PipelineStepList.vue
@@ -1,5 +1,5 @@
 <template>
-  <div class="flex flex-col w-full md:w-3/12 md:max-w-md md:min-w-xs md:ml-4 text-wp-text-100 gap-2 pb-2">
+  <div class="flex flex-col w-full md:w-3/12 md:max-w-md md:min-w-xs text-wp-text-100 gap-2 pb-2">
     <div
       class="flex flex-wrap p-4 gap-1 justify-between flex-shrink-0 rounded-md border bg-wp-background-100 border-wp-background-400 dark:bg-wp-background-200"
     >
diff --git a/web/src/views/repo/pipeline/Pipeline.vue b/web/src/views/repo/pipeline/Pipeline.vue
index 7c3ed084a7..5d64d65825 100644
--- a/web/src/views/repo/pipeline/Pipeline.vue
+++ b/web/src/views/repo/pipeline/Pipeline.vue
@@ -1,6 +1,6 @@
 <template>
-  <Container full-width class="flex flex-col flex-grow md:min-h-xs">
-    <div class="flex w-full min-h-0 flex-grow">
+  <Container full-width class="flex flex-col flex-grow-0 md:flex-grow md:min-h-xs md:px-4">
+    <div class="flex w-full min-h-0 flex-grow gap-4 flex-wrap-reverse md:flex-nowrap">
       <PipelineStepList
         v-if="pipeline?.workflows && pipeline?.workflows?.length > 0"
         v-model:selected-step-id="selectedStepId"
@@ -8,20 +8,20 @@
         :pipeline="pipeline"
       />
 
-      <div class="flex items-start justify-center flex-grow relative">
-        <Container v-if="selectedStep?.error" fill-width class="py-0">
+      <div class="flex items-start justify-center flex-grow relative basis-full md:basis-auto">
+        <Container v-if="selectedStep?.error" fill-width class="p-0">
           <Panel>
-            <div class="flex flex-col items-center gap-4">
+            <div class="flex flex-col items-center text-center gap-4">
               <Icon name="status-error" class="w-16 h-16 text-wp-state-error-100" />
               <span class="text-xl">{{ $t('repo.pipeline.we_got_some_errors') }}</span>
-              <span class="whitespace-pre">{{ selectedStep?.error }}</span>
+              <span class="whitespace-pre-wrap">{{ selectedStep?.error }}</span>
             </div>
           </Panel>
         </Container>
 
-        <Container v-else-if="pipeline.errors?.some((e) => !e.is_warning)" fill-width class="py-0">
+        <Container v-else-if="pipeline.errors?.some((e) => !e.is_warning)" fill-width class="p-0">
           <Panel>
-            <div class="flex flex-col items-center gap-4">
+            <div class="flex flex-col items-center text-center gap-4">
               <Icon name="status-error" class="w-16 h-16 text-wp-state-error-100" />
               <span class="text-xl">{{ $t('repo.pipeline.we_got_some_errors') }}</span>
               <Button color="red" :text="$t('repo.pipeline.show_errors')" :to="{ name: 'repo-pipeline-errors' }" />
@@ -29,7 +29,7 @@
           </Panel>
         </Container>
 
-        <Container v-else-if="pipeline.status === 'blocked'" fill-width class="py-0">
+        <Container v-else-if="pipeline.status === 'blocked'" fill-width class="p-0">
           <Panel>
             <div class="flex flex-col items-center gap-4">
               <Icon name="status-blocked" class="w-16 h-16" />
@@ -59,7 +59,7 @@
           </Panel>
         </Container>
 
-        <Container v-else-if="pipeline.status === 'declined'" fill-width class="py-0">
+        <Container v-else-if="pipeline.status === 'declined'" fill-width class="p-0">
           <Panel>
             <div class="flex flex-col items-center gap-4">
               <Icon name="status-declined" class="w-16 h-16 text-wp-state-error-100" />

From b66f6cb1189ce469f55ffadce2e892c755cc6045 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sun, 17 Dec 2023 14:37:26 +0100
Subject: [PATCH 5/6] fix(deps): update golang (packages) (#2958)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[github.com/caddyserver/certmagic](https://togithub.com/caddyserver/certmagic)
| require | minor | `v0.19.2` -> `v0.20.0` |
| [github.com/expr-lang/expr](https://togithub.com/expr-lang/expr) |
require | patch | `v1.15.6` -> `v1.15.7` |
| [github.com/google/uuid](https://togithub.com/google/uuid) | require |
minor | `v1.4.0` -> `v1.5.0` |
|
[github.com/jellydator/ttlcache/v3](https://togithub.com/jellydator/ttlcache)
| require | patch | `v3.1.0` -> `v3.1.1` |
| [github.com/mattn/go-sqlite3](https://togithub.com/mattn/go-sqlite3) |
require | patch | `v1.14.18` -> `v1.14.19` |
| [github.com/xanzy/go-gitlab](https://togithub.com/xanzy/go-gitlab) |
require | minor | `v0.94.0` -> `v0.95.2` |
| [google.golang.org/grpc](https://togithub.com/grpc/grpc-go) | require
| minor | `v1.59.0` -> `v1.60.0` |
| [k8s.io/api](https://togithub.com/kubernetes/api) | require | minor |
`v0.28.4` -> `v0.29.0` |
| [k8s.io/apimachinery](https://togithub.com/kubernetes/apimachinery) |
require | minor | `v0.28.4` -> `v0.29.0` |
| [k8s.io/client-go](https://togithub.com/kubernetes/client-go) |
require | minor | `v0.28.4` -> `v0.29.0` |

---

### Release Notes

<details>
<summary>caddyserver/certmagic
(github.com/caddyserver/certmagic)</summary>

###
[`v0.20.0`](https://togithub.com/caddyserver/certmagic/releases/tag/v0.20.0)

[Compare
Source](https://togithub.com/caddyserver/certmagic/compare/v0.19.2...v0.20.0)

This release vastly improves storage cleaning as well improving a few
smaller things. There is a minor breaking change as we get ever closer
to v1.0.

- :warning: The `DecisionFunc` for On-Demand TLS now takes a
`context.Context` value as its first argument. The context carries the
`ClientHelloInfo` value (keyed by `ClientHelloInfoCtxKey`) for logging
purposes.
- Storage cleaning is now synchronized across the cluster, including
process restarts. The state of cleaning expired certificates and OCSP
staples is written to storage, and distributed locking is used to ensure
that only 1 instance does it at a time. This greatly reduces costs for
expensive storage backends! Cleaning is also done less often when the
process is frequently restarted because the state is written to storage,
so it is not forgotten after shutting down.
-   `.home.arpa` is now considered an internal suffix.
-   Backoff timings have been tuned based on real-world experience.

#### What's Changed

- README: Add hint about NextProtos for certmagic.TLS by
[@&#8203;oliverpool](https://togithub.com/oliverpool) in
[https://github.com/caddyserver/certmagic/pull/251](https://togithub.com/caddyserver/certmagic/pull/251)
- Bump golang.org/x/net from 0.11.0 to 0.17.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/caddyserver/certmagic/pull/253](https://togithub.com/caddyserver/certmagic/pull/253)
- Optionally pass the context argument down to the OnDemand decision
func by [@&#8203;ankon](https://togithub.com/ankon) in
[https://github.com/caddyserver/certmagic/pull/255](https://togithub.com/caddyserver/certmagic/pull/255)
- Retain the error stack if `checkIfCertShouldBeObtained` returns an
error by [@&#8203;ankon](https://togithub.com/ankon) in
[https://github.com/caddyserver/certmagic/pull/256](https://togithub.com/caddyserver/certmagic/pull/256)
- Add OCSP stapling unit tests by
[@&#8203;kenjenkins](https://togithub.com/kenjenkins) in
[https://github.com/caddyserver/certmagic/pull/259](https://togithub.com/caddyserver/certmagic/pull/259)

#### New Contributors

- [@&#8203;oliverpool](https://togithub.com/oliverpool) made their first
contribution in
[https://github.com/caddyserver/certmagic/pull/251](https://togithub.com/caddyserver/certmagic/pull/251)

**Full Changelog**:
https://github.com/caddyserver/certmagic/compare/v0.19.2...v0.20.0

</details>

<details>
<summary>expr-lang/expr (github.com/expr-lang/expr)</summary>

###
[`v1.15.7`](https://togithub.com/expr-lang/expr/releases/tag/v1.15.7)

[Compare
Source](https://togithub.com/expr-lang/expr/compare/v1.15.6...v1.15.7)

**Expr** is a Go-centric expression language designed to deliver dynamic
configurations with unparalleled accuracy, safety, and speed.

##### In this release:

- Fixed commutative property for comparison between a value and a
pointer. ([#&#8203;490](https://togithub.com/expr-lang/expr/issues/490))
- Checker: forbid accessing built-ins and custom functions from `$env`.
([#&#8203;495](https://togithub.com/expr-lang/expr/issues/495))
- Enhanced the number parser to include support for parsing hexadecimal,
binary, and octal literals.
([#&#8203;483](https://togithub.com/expr-lang/expr/issues/483))
- Added `GetSource()` method to `vm.Program`.
([#&#8203;491](https://togithub.com/expr-lang/expr/issues/491))

</details>

<details>
<summary>google/uuid (github.com/google/uuid)</summary>

### [`v1.5.0`](https://togithub.com/google/uuid/releases/tag/v1.5.0)

[Compare
Source](https://togithub.com/google/uuid/compare/v1.4.0...v1.5.0)

##### Features

- Validate UUID without creating new UUID
([#&#8203;141](https://togithub.com/google/uuid/issues/141))
([9ee7366](https://togithub.com/google/uuid/commit/9ee7366e66c9ad96bab89139418a713dc584ae29))

</details>

<details>
<summary>jellydator/ttlcache
(github.com/jellydator/ttlcache/v3)</summary>

###
[`v3.1.1`](https://togithub.com/jellydator/ttlcache/releases/tag/v3.1.1)

[Compare
Source](https://togithub.com/jellydator/ttlcache/compare/v3.1.0...v3.1.1)

Fix a bug in the `Range` method that causes a panic when the cache is
empty

</details>

<details>
<summary>mattn/go-sqlite3 (github.com/mattn/go-sqlite3)</summary>

###
[`v1.14.19`](https://togithub.com/mattn/go-sqlite3/compare/v1.14.18...v1.14.19)

[Compare
Source](https://togithub.com/mattn/go-sqlite3/compare/v1.14.18...v1.14.19)

</details>

<details>
<summary>xanzy/go-gitlab (github.com/xanzy/go-gitlab)</summary>

###
[`v0.95.2`](https://togithub.com/xanzy/go-gitlab/compare/v0.95.1...v0.95.2)

[Compare
Source](https://togithub.com/xanzy/go-gitlab/compare/v0.95.1...v0.95.2)

###
[`v0.95.1`](https://togithub.com/xanzy/go-gitlab/compare/v0.95.0...v0.95.1)

[Compare
Source](https://togithub.com/xanzy/go-gitlab/compare/v0.95.0...v0.95.1)

###
[`v0.95.0`](https://togithub.com/xanzy/go-gitlab/compare/v0.94.0...v0.95.0)

[Compare
Source](https://togithub.com/xanzy/go-gitlab/compare/v0.94.0...v0.95.0)

</details>

<details>
<summary>grpc/grpc-go (google.golang.org/grpc)</summary>

### [`v1.60.0`](https://togithub.com/grpc/grpc-go/releases/tag/v1.60.0):
Release 1.60.0

[Compare
Source](https://togithub.com/grpc/grpc-go/compare/v1.59.0...v1.60.0)

### Security

- credentials/tls: if not set, set TLS MinVersion to 1.2 and
CipherSuites according to supported suites not forbidden by RFC7540.
- This is a behavior change to bring us into better alignment with RFC
7540.

### API Changes

- resolver: remove deprecated and experimental
`ClientConn.NewServiceConfig`
([#&#8203;6784](https://togithub.com/grpc/grpc-go/issues/6784))
- client: remove deprecated `grpc.WithServiceConfig` `DialOption`
([#&#8203;6800](https://togithub.com/grpc/grpc-go/issues/6800))

### Bug Fixes

- client: fix race that could cause a deadlock while entering idle mode
and receiving a name resolver update
([#&#8203;6804](https://togithub.com/grpc/grpc-go/issues/6804))
- client: always enable TCP keepalives with OS defaults
([#&#8203;6834](https://togithub.com/grpc/grpc-go/issues/6834))
- credentials/alts: fix a bug preventing ALTS from connecting to the
metadata server if the default scheme is overridden
([#&#8203;6686](https://togithub.com/grpc/grpc-go/issues/6686))
- Special Thanks: [@&#8203;mjamaloney](https://togithub.com/mjamaloney)

### Behavior Changes

- server: Do not return from Stop() or GracefulStop() until all
resources are released
([#&#8203;6489](https://togithub.com/grpc/grpc-go/issues/6489))
    -   Special Thanks: [@&#8203;fho](https://togithub.com/fho)

### Documentation

- codes: clarify that only codes defined by this package are valid and
that users should not cast other values to `codes.Code`
([#&#8203;6701](https://togithub.com/grpc/grpc-go/issues/6701))

</details>

<details>
<summary>kubernetes/api (k8s.io/api)</summary>

###
[`v0.29.0`](https://togithub.com/kubernetes/api/compare/v0.28.4...v0.29.0)

[Compare
Source](https://togithub.com/kubernetes/api/compare/v0.28.4...v0.29.0)

</details>

<details>
<summary>kubernetes/apimachinery (k8s.io/apimachinery)</summary>

###
[`v0.29.0`](https://togithub.com/kubernetes/apimachinery/compare/v0.28.4...v0.29.0)

[Compare
Source](https://togithub.com/kubernetes/apimachinery/compare/v0.28.4...v0.29.0)

</details>

<details>
<summary>kubernetes/client-go (k8s.io/client-go)</summary>

###
[`v0.29.0`](https://togithub.com/kubernetes/client-go/compare/v0.28.4...v0.29.0)

[Compare
Source](https://togithub.com/kubernetes/client-go/compare/v0.28.4...v0.29.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am" (UTC), Automerge -
"before 4am" (UTC).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/woodpecker-ci/woodpecker).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy45My4xIiwidXBkYXRlZEluVmVyIjoiMzcuOTMuMSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Robert Kaussow <mail@thegeeklab.de>
---
 go.mod                                | 34 +++++++++++++--------------
 go.sum                                | 34 +++++++++++++++++++++++++++
 pipeline/backend/kubernetes/volume.go |  2 +-
 3 files changed, 52 insertions(+), 18 deletions(-)

diff --git a/go.mod b/go.mod
index f05f575aa3..a0c08ca633 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/6543/logfile-open v1.2.1
 	github.com/alessio/shellescape v1.4.2
 	github.com/bmatcuk/doublestar/v4 v4.6.1
-	github.com/caddyserver/certmagic v0.19.2
+	github.com/caddyserver/certmagic v0.20.0
 	github.com/cenkalti/backoff/v4 v4.2.1
 	github.com/distribution/reference v0.5.0
 	github.com/docker/cli v24.0.7+incompatible
@@ -17,7 +17,7 @@ require (
 	github.com/docker/go-connections v0.4.0
 	github.com/docker/go-units v0.5.0
 	github.com/drone/envsubst v1.0.3
-	github.com/expr-lang/expr v1.15.6
+	github.com/expr-lang/expr v1.15.7
 	github.com/franela/goblin v0.0.0-20211003143422-0a4f594942bf
 	github.com/fsnotify/fsnotify v1.7.0
 	github.com/gin-gonic/gin v1.9.1
@@ -26,12 +26,12 @@ require (
 	github.com/golang-jwt/jwt/v5 v5.2.0
 	github.com/google/go-github/v57 v57.0.0
 	github.com/google/tink/go v1.7.0
-	github.com/google/uuid v1.4.0
+	github.com/google/uuid v1.5.0
 	github.com/gorilla/securecookie v1.1.2
-	github.com/jellydator/ttlcache/v3 v3.1.0
+	github.com/jellydator/ttlcache/v3 v3.1.1
 	github.com/joho/godotenv v1.5.1
 	github.com/lib/pq v1.10.9
-	github.com/mattn/go-sqlite3 v1.14.18
+	github.com/mattn/go-sqlite3 v1.14.19
 	github.com/moby/moby v24.0.7+incompatible
 	github.com/moby/term v0.5.0
 	github.com/muesli/termenv v0.15.2
@@ -46,7 +46,7 @@ require (
 	github.com/swaggo/swag v1.16.2
 	github.com/tevino/abool/v2 v2.1.0
 	github.com/urfave/cli/v2 v2.26.0
-	github.com/xanzy/go-gitlab v0.94.0
+	github.com/xanzy/go-gitlab v0.95.2
 	github.com/xeipuuv/gojsonschema v1.2.0
 	go.uber.org/multierr v1.11.0
 	golang.org/x/crypto v0.16.0
@@ -55,12 +55,12 @@ require (
 	golang.org/x/sync v0.5.0
 	golang.org/x/term v0.15.0
 	golang.org/x/text v0.14.0
-	google.golang.org/grpc v1.59.0
+	google.golang.org/grpc v1.60.0
 	google.golang.org/protobuf v1.31.0
 	gopkg.in/yaml.v3 v3.0.1
-	k8s.io/api v0.28.4
-	k8s.io/apimachinery v0.28.4
-	k8s.io/client-go v0.28.4
+	k8s.io/api v0.29.0
+	k8s.io/apimachinery v0.29.0
+	k8s.io/client-go v0.29.0
 	src.techknowlogick.com/xormigrate v1.7.1
 	xorm.io/builder v0.3.13
 	xorm.io/xorm v1.3.4
@@ -80,12 +80,12 @@ require (
 	github.com/davidmz/go-pageant v1.0.2 // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
-	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-fed/httpsig v1.1.0 // indirect
-	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-logr/logr v1.3.0 // indirect
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/spec v0.20.8 // indirect
@@ -150,14 +150,14 @@ require (
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.14.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gotest.tools/v3 v3.4.0 // indirect
-	k8s.io/klog/v2 v2.100.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect
-	k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect
+	k8s.io/klog/v2 v2.110.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
+	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )
diff --git a/go.sum b/go.sum
index 6b9e4b304e..ed497f93a3 100644
--- a/go.sum
+++ b/go.sum
@@ -35,6 +35,8 @@ github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s
 github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U=
 github.com/caddyserver/certmagic v0.19.2 h1:HZd1AKLx4592MalEGQS39DKs2ZOAJCEM/xYPMQ2/ui0=
 github.com/caddyserver/certmagic v0.19.2/go.mod h1:fsL01NomQ6N+kE2j37ZCnig2MFosG+MIO4ztnmG/zz8=
+github.com/caddyserver/certmagic v0.20.0 h1:bTw7LcEZAh9ucYCRXyCpIrSAGplplI0vGYJ4BpCQ/Fc=
+github.com/caddyserver/certmagic v0.20.0/go.mod h1:N4sXgpICQUskEWpj7zVzvWD41p3NYacrNoZYiRM2jTg=
 github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
 github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
@@ -83,8 +85,12 @@ github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE=
 github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
+github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/expr-lang/expr v1.15.6 h1:dQFgzj5DBu3wnUz8+PGLZdPMpefAvxaCFTNM3iSjkGA=
 github.com/expr-lang/expr v1.15.6/go.mod h1:uCkhfG+x7fcZ5A5sXHKuQ07jGZRl6J0FCAaf2k4PtVQ=
+github.com/expr-lang/expr v1.15.7 h1:BK0JcWUkoW6nrbLBo6xCKhz4BvH5DSOOu1Gx5lucyZo=
+github.com/expr-lang/expr v1.15.7/go.mod h1:uCkhfG+x7fcZ5A5sXHKuQ07jGZRl6J0FCAaf2k4PtVQ=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
@@ -110,6 +116,8 @@ github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
+github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
@@ -183,6 +191,8 @@ github.com/google/tink/go v1.7.0/go.mod h1:GAUOd+QE3pgj9q8VKIGTCP33c/B7eb4NhxLcg
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
 github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
+github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
 github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
@@ -240,6 +250,8 @@ github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dv
 github.com/jackc/puddle v1.3.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jellydator/ttlcache/v3 v3.1.0 h1:0gPFG0IHHP6xyUyXq+JaD8fwkDCqgqwohXNJBcYE71g=
 github.com/jellydator/ttlcache/v3 v3.1.0/go.mod h1:hi7MGFdMAwZna5n2tuvh63DvFLzVKySzCVW6+0gA2n4=
+github.com/jellydator/ttlcache/v3 v3.1.1 h1:RCgYJqo3jgvhl+fEWvjNW8thxGWsgxi+TPhRir1Y9y8=
+github.com/jellydator/ttlcache/v3 v3.1.1/go.mod h1:hi7MGFdMAwZna5n2tuvh63DvFLzVKySzCVW6+0gA2n4=
 github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
 github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
@@ -305,6 +317,8 @@ github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S
 github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/mattn/go-sqlite3 v1.14.18 h1:JL0eqdCOq6DJVNPSvArO/bIV9/P7fbGrV00LZHc+5aI=
 github.com/mattn/go-sqlite3 v1.14.18/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
+github.com/mattn/go-sqlite3 v1.14.19 h1:fhGleo2h1p8tVChob4I9HpmVFIAkKGpiukdrgQbWfGI=
+github.com/mattn/go-sqlite3 v1.14.19/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/mholt/acmez v1.2.0 h1:1hhLxSgY5FvH5HCnGUuwbKY2VQVo8IU7rxXKSnZ7F30=
@@ -423,6 +437,8 @@ github.com/urfave/cli/v2 v2.26.0 h1:3f3AMg3HpThFNT4I++TKOejZO8yU55t3JnnSr4S4QEI=
 github.com/urfave/cli/v2 v2.26.0/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
 github.com/xanzy/go-gitlab v0.94.0 h1:GmBl2T5zqUHqyjkxFSvsT7CbelGdAH/dmBqUBqS+4BE=
 github.com/xanzy/go-gitlab v0.94.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI=
+github.com/xanzy/go-gitlab v0.95.2 h1:4p0IirHqEp5f0baK/aQqr4TR57IsD+8e4fuyAA1yi88=
+github.com/xanzy/go-gitlab v0.95.2/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
@@ -587,8 +603,12 @@ google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAs
 google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 h1:6GQBEOdGkX6MMTLT9V+TjtIRZCw9VPD5Z+yHY9wMgS0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97/go.mod h1:v7nGkzlmW8P3n/bKmWBn2WpBjpOEx8Q6gMueudAmKfY=
 google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
 google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
+google.golang.org/grpc v1.60.0 h1:6FQAR0kM31P6MRdeluor2w2gPaS4SVNrD/DNTxrQ15k=
+google.golang.org/grpc v1.60.0/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
@@ -622,16 +642,28 @@ gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 k8s.io/api v0.28.4 h1:8ZBrLjwosLl/NYgv1P7EQLqoO8MGQApnbgH8tu3BMzY=
 k8s.io/api v0.28.4/go.mod h1:axWTGrY88s/5YE+JSt4uUi6NMM+gur1en2REMR7IRj0=
+k8s.io/api v0.29.0 h1:NiCdQMY1QOp1H8lfRyeEf8eOwV6+0xA6XEE44ohDX2A=
+k8s.io/api v0.29.0/go.mod h1:sdVmXoz2Bo/cb77Pxi71IPTSErEW32xa4aXwKH7gfBA=
 k8s.io/apimachinery v0.28.4 h1:zOSJe1mc+GxuMnFzD4Z/U1wst50X28ZNsn5bhgIIao8=
 k8s.io/apimachinery v0.28.4/go.mod h1:wI37ncBvfAoswfq626yPTe6Bz1c22L7uaJ8dho83mgg=
+k8s.io/apimachinery v0.29.0 h1:+ACVktwyicPz0oc6MTMLwa2Pw3ouLAfAon1wPLtG48o=
+k8s.io/apimachinery v0.29.0/go.mod h1:eVBxQ/cwiJxH58eK/jd/vAk4mrxmVlnpBH5J2GbMeis=
 k8s.io/client-go v0.28.4 h1:Np5ocjlZcTrkyRJ3+T3PkXDpe4UpatQxj85+xjaD2wY=
 k8s.io/client-go v0.28.4/go.mod h1:0VDZFpgoZfelyP5Wqu0/r/TRYcLYuJ2U1KEeoaPa1N4=
+k8s.io/client-go v0.29.0 h1:KmlDtFcrdUzOYrBhXHgKw5ycWzc3ryPX5mQe0SkG3y8=
+k8s.io/client-go v0.29.0/go.mod h1:yLkXH4HKMAywcrD82KMSmfYg2DlE8mepPR4JGSo5n38=
 k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
 k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0=
+k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo=
 k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ=
 k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM=
+k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780=
+k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
 k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk=
 k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
+k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 lukechampine.com/uint128 v1.1.1/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk=
 lukechampine.com/uint128 v1.2.0 h1:mBi/5l91vocEN8otkC5bDLhi2KdCticRiwbdB0O+rjI=
 lukechampine.com/uint128 v1.2.0/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk=
@@ -674,6 +706,8 @@ sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMm
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
 sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
 sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
 src.techknowlogick.com/xormigrate v1.7.1 h1:RKGLLUAqJ+zO8iZ7eOc7oLH7f0cs2gfXSZSvBRBHnlY=
diff --git a/pipeline/backend/kubernetes/volume.go b/pipeline/backend/kubernetes/volume.go
index d8c9ee72d2..899ee142ae 100644
--- a/pipeline/backend/kubernetes/volume.go
+++ b/pipeline/backend/kubernetes/volume.go
@@ -49,7 +49,7 @@ func PersistentVolumeClaim(namespace, name, storageClass, size string, storageRw
 		Spec: v1.PersistentVolumeClaimSpec{
 			AccessModes:      []v1.PersistentVolumeAccessMode{accessMode},
 			StorageClassName: _storageClass,
-			Resources: v1.ResourceRequirements{
+			Resources: v1.VolumeResourceRequirements{
 				Requests: v1.ResourceList{
 					v1.ResourceStorage: resource.MustParse(size),
 				},

From 23f58fc07a874c821b68fe30bb2733800e8d3301 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Sun, 17 Dec 2023 17:44:48 +0100
Subject: [PATCH 6/6] Fix broken gated repos (#2959)

Fixes a bug introduced in
https://github.com/woodpecker-ci/woodpecker/pull/2923. I'll also try to
add a test case.
---
 server/pipeline/create.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/server/pipeline/create.go b/server/pipeline/create.go
index 64bd6f6237..7d711af346 100644
--- a/server/pipeline/create.go
+++ b/server/pipeline/create.go
@@ -87,10 +87,6 @@ func Create(ctx context.Context, _store store.Store, repo *model.Repo, pipeline
 		return nil, ErrFiltered
 	}
 
-	if err := updatePipelinePending(ctx, _store, pipeline, repo, repoUser); err != nil {
-		return nil, err
-	}
-
 	pipeline = setPipelineStepsOnPipeline(pipeline, pipelineItems)
 
 	// persist the pipeline config for historical correctness, restarts, etc
@@ -116,6 +112,10 @@ func Create(ctx context.Context, _store store.Store, repo *model.Repo, pipeline
 		return pipeline, nil
 	}
 
+	if err := updatePipelinePending(ctx, _store, pipeline, repo, repoUser); err != nil {
+		return nil, err
+	}
+
 	pipeline, err = start(ctx, _store, pipeline, repoUser, repo, pipelineItems)
 	if err != nil {
 		msg := fmt.Sprintf("failed to start pipeline for %s", repo.FullName)