0.7.0

Important Configuration Changes

Updated Default Environment Variables

The default values of the following environment variables have been modified:

S3_REQUEST_CHECKSUM_CALCULATION: `WHEN_SUPPORTED` → `WHEN_REQUIRED`
S3_RESPONSE_CHECKSUM_CALCULATION: `WHEN_SUPPORTED` → `WHEN_REQUIRED`

Docker Compose

The Docker Compose setup now includes two improvements:

1. Hasura will wait until PostgreSQL is fully ready before starting.
2. The NGINX configuration under conf.d has been updated.

Recommended Action for npm Repositories

We recommend clearing the cache for remote npm repositories if you encounter package integrity errors.
This issue was caused by rare caching conflicts between scoped packages and is fully fixed in this release.

New Features (20)

1. AI Powered Package Summaries
   Package pages now feature an automatic AI-generated summary of the package’s README, giving you a quick overview without needing to read the entire file.
   This feature requires connecting an LLM provider for it to work, see the setup guide.

2. User Management from System Settings
   System administrators can now add users directly from the System Settings page, simplifying user management without needing to switch contexts.

3. Search Filters UI Refresh
   A cleaner, easier-to-read search bar with clearer filter chips and placeholder, giving you more room to type while search behavior remains unchanged.

4. Upload API Enhancements
   The Upload API now returns the newly created package ID, version ID, and a direct link. This makes it more traceable and easier to integrate into build pipelines.

5. Cargo Registry Uploading
   You can publish packages using the standard cargo publish --registry repoflow command.

6. Debian 13 (trixie) Option
   Added Debian 13 (trixie) as a Debian distribution.

7. Upload Tutorial Guidance
   Upload tutorials now explain that remote repositories don’t support uploads and virtual repositories require an upload route.

8. Listing Versions API Update
   The package versions listing API now includes the versionId for each version, alongside the existing version name and creation time, making it easier to reference specific versions programmatically.

9. Docker Catalog API
   Lists all images under a Docker repository with pagination support. Full details here.

10. Package Metadata API
    A new API endpoint is available for retrieving complete package metadata, including all versions of a package. Full documentation here

11. Gradle .toml Support under Maven Repositories
    Gradle version catalogs (.toml files) are now supported when uploaded to Maven repositories, allowing seamless publishing alongside regular module and POM files.

12. Helm Chart: extraPodSpec Support
    The Helm chart now supports an extraPodSpec: {} field, allowing custom Kubernetes pod specifications to be injected.
    This makes it possible to configure features like node affinity, tolerations, or custom pod annotations, which can be useful for spreading RepoFlow pods across different nodes.

13. Configurable NPM Manifest Response
    You can now configure how much of the npm package.json manifest is returned in API responses.
    Controlled via the NPM_MANIFEST_MODE and NPM_MANIFEST_FIELDS_ALLOWLIST environment variables, more info here

14. Enhanced S3 Storage Options
    Added support for AWS S3 Accelerated Endpoints and introduced configurable S3 path style support.
    These are controlled by two new environment variables: S3_AWS_USE_ACCELERATE_ENDPOINT and S3_USE_PATH_STYLE.
    The S3 path style was previously always enabled and now defaults to true, but can be configured as needed.

15. Optional Logs Volume
    A new Helm chart option allows disabling the dedicated logs volume (server.logsPvc.enabled=false). When disabled, each pod writes logs only to its local ephemeral storage, meaning logs are stored separately per pod and lost on restart or rescheduling. This configuration can simplify clusters that do not support shared PVCs but is not recommended since logs will not persist across pods.

16. URL Mismatch Error Page
    When a user visits RepoFlow using a different URL than the one configured on the server, the app now shows a clear error page explaining the mismatch and what to do next (e.g., use the configured address or contact support).
    For specialized deployments, the behavior can be controlled via the IGNORE_FRONTEND_URL_MISMATCH client environment variable.

17. Improved Network Error Handling
    The user interface now provides clearer messages and guidance when the network is down, making it easier to understand and resolve connectivity issues.

18. Signup Field Length Indicators
    The user interface now clearly shows when a field in the signup form exceeds its maximum allowed length, helping users correct input immediately.

19. TMP Folder Performance Test on Startup
    A new option TMP_FOLDER_TEST_PERFORMANCE_ON_START runs a local temp folder speed test on startup, blocking launch until done. Useful for benchmarking only.

20. File Sorting by Size in Package Page
    Files displayed under the Package Files section are now sorted by size, making it easier to identify the largest artifacts at a glance.

Bug Fixes (22)

1. Fixed an issue with pypi repositories where some clients (such as uv) appended "simple" to the URL when requesting versions, even if it wasn’t included in the configured URL. RepoFlow server now supports both cases. We recommend clearing the remote cache after this update to ensure everything functions correctly.

2. Fixed an issue where remote Docker repositories only worked on default ports (80 for HTTP and 443 for HTTPS). They now support all valid ports for both protocols.

3. Fixed an issue where some Composer packages without a license would fail during upload.

4. For Debian repositories, users could see apt-get dist-upgrade repeatedly propose upgrades to the same installed version.

   Note: repositories already affected will need the impacted packages to be re-uploaded so their metadata is refreshed.

5. Fixed an issue with Debian repositories where proxying an upstream repository sometimes failed. Additionally, apt update performance has been improved by approximately 60%.

6. Fixed Helm chart logic that could create a Kubernetes ServiceAccount even when creation was disabled. A ServiceAccount is now rendered only when serviceAccount.enabled=true and serviceAccount.create=true.

7. Fixed a bug where universal package versions were stored in lowercase but displayed in uppercase, causing inconsistencies. Universal packages are now fully case insensitive. Whether a version is uploaded or requested using uppercase or lowercase, it will behave the same. This change applies only to new uploads. Packages uploaded before this fix remain unchanged.

8. Fixed a bug where UI checkboxes could unexpectedly change value when clicking on other checkboxes in the same group.

9. Fixed a bug where editing a remote repository sometimes did not work.

10. Fixed a bug where duplicating a tab could cause an error.

11. Fixed a bug where the reset password popup would not appear when trying to reset a password.

12. Fixed a bug where the workspace creation API returned the workspace ID as a plain string instead of a JSON object as documented. It now returns JSON as specified.

13. Fixed a bug that allowed a repository to be in both “deleting files” and “deleting repository” states simultaneously. Now only one deletion operation can be active at a time.

14. Fixed an issue preventing Hugging Face as an LLM provider from working and added a setup example to the docs.

15. NuGet remote repositories that aren’t strictly identical to the official v3 layout now work more reliably, and remote caching behavior has been improved.

16. Fixed an issue where Composer package autoload information was not correctly included.

17. Fixed a bug where the Composer package JSON API sometimes returned the README URL instead of the archive URL.

18. Fixed a bug that prevented very large npm packages from being published via the npm API.

19. Several API documentation entries contained outdated endpoints. All affected endpoints have been corrected to match the current implementation.

20. Resolved an issue where the layer commands of Docker images were not displayed if a non-empty layer had an empty command. All layers and commands now display correctly.

21. Fixed several memory leaks and improved overall performance and stability.

22. Fixed rare cases of remote npm repositories showing integrity errors due to conflicting cache entries between similarly named packages.
    This issue could cause mismatched .tgz files and checksum validation failures with some clients (such as pnpm).