New Feature: Smart Force-Push Protection (Beta)
Detect and protect against destructive force-pushes on GitHub before they overwrite your Gitea mirrors. (#206)
Backup Strategies
Configure via Settings → GitHub Configuration → Destructive Update Protection:
| Strategy | Behavior |
|---|---|
| Disabled | No detection or backups |
| Always Backup | Snapshot before every sync (legacy behavior) |
| Smart (default) | Detect force-pushes via branch SHA comparison; backup only when needed |
| Block & Approve | Detect force-pushes and block sync until manually approved |
How It Works
Before each sync, branch SHAs are compared between Gitea and GitHub using lightweight API calls. Normal pushes (fast-forward) proceed without backup. Force-pushes (diverged history, deleted branches, rewritten SHAs) trigger the configured protection action.
- Fail-open design — if detection fails (rate limits, network errors), sync proceeds normally
- Near-zero storage cost in Smart mode — backups only created when force-pushes actually occur
- Pending-approval UI — repos blocked by the Block & Approve strategy show an amber badge with Approve/Dismiss actions in the repository table
Additional Changes
- New
pending-approvalrepository status for blocked repos - New
/api/job/approve-syncendpoint for programmatic approval/dismissal - Backward compatible: existing
backupBeforeSync: truemaps toalways,falsemaps todisabled - Default for new installs:
on-force-push(Smart) - Destructive Update Protection section moved to GitHub Configuration tab
- Full documentation: docs/FORCE_PUSH_PROTECTION.md