refactor(params): ♻️ Simplify ForgeURL logic by removing redundant switch case

Streamlines the ForgeURL method by removing an unnecessary nested switch case on ForgeType, consolidating the logic to rely solely on EntityType. This change reduces complexity and improves code readability without altering functionality.
Merge pull request #499 from gabriel-samfira/better-cli-log-formatting
2025-08-27 16:04:56 +02:00 · 2025-08-27 16:27:33 +03:00 · 2025-08-27 13:21:56 +00:00 · 2025-08-27 12:27:04 +03:00 · 2025-08-27 09:14:45 +00:00 · 2025-08-25 19:35:17 +03:00
3288 changed files with 512069 additions and 226593 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -0,0 +1,11 @@
 # To get started with Dependabot version updates, you'll need to specify which
 # package ecosystems to update and where the package manifests are located.
 # Please see the documentation for all configuration options:
 # https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
 version: 2
 updates:
  - package-ecosystem: "gomod"
    directory: "/"
    schedule:
      interval: "daily"
--- a/.github/workflows/build-and-push.yml
+++ b/.github/workflows/build-and-push.yml
@ -0,0 +1,61 @@
 name: "Build and push GARM images"
 on:
  workflow_call:
    inputs:
      push_to_project:
        description: "Project to build images for"
        required: false
        type: string
        default: "ghcr.io/cloudbase"
      ref:
        description: "Ref to build"
        required: false
        type: string
        default: "main"
 permissions:
  contents: read
 jobs:
    images:
      permissions:
        packages: write
      name: "Build GARM images"
      runs-on: ubuntu-latest
      steps:
        - name: "Checkout"
          uses: actions/checkout@v4
          with:
            path: src/github.com/cloudbase/garm
            fetch-depth: 0
        - name: Set up Docker Buildx
          uses: docker/setup-buildx-action@v2
        - name: Login to GitHub Container Registry
          uses: docker/login-action@v2
          with:
            registry: ghcr.io
            username: ${{ github.actor }}
            password: ${{ secrets.GITHUB_TOKEN }}
        - name: Build and push image
          env:
            IMAGE_REGISTRY: ${{ inputs.push_to_project }}
            GH_REF: ${{ inputs.ref }}
          working-directory: src/github.com/cloudbase/garm
          run: |
            if [ "$GH_REF" == "main" ]; then
              IMAGE_TAG="nightly"
            else
              IMAGE_TAG=$(git describe --tags --match='v[0-9]*' --always ${GH_REF})
            fi
            docker buildx build \
              --provenance=false \
              --platform linux/amd64,linux/arm64 \
              --label "org.opencontainers.image.source=https://github.com/cloudbase/garm/tree/${GH_REF}" \
              --label "org.opencontainers.image.description=GARM ${GH_REF}" \
              --label "org.opencontainers.image.licenses=Apache 2.0" \
              --build-arg="GARM_REF=${GH_REF}" \
              -t ${IMAGE_REGISTRY}/garm:"${IMAGE_TAG}" \
              --push .
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@ -4,9 +4,11 @@ on:
  push:
    branches:
      - main
      - 'release/**'
  pull_request:
    branches:
      - main
      - 'release/**'
 concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }}
@ -17,23 +19,22 @@ permissions: {}
 jobs:
  linters:
    name: Linters
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
    timeout-minutes: 10
    steps:
      - name: Install dependencies
        run: |
          sudo apt-get update
-          sudo apt-get install -y libbtrfs-dev build-essential
+          sudo apt-get install -y libbtrfs-dev build-essential apg jq
      - uses: actions/setup-go@v3
        with:
          go-version: 'stable'
      - uses: actions/checkout@v3
-      - uses: golangci/golangci-lint-action@v3
+      - uses: actions/setup-go@v5
        with:
-          skip-cache: true
+          go-version-file: go.mod
-          args: --timeout=8m --build-tags testing
+
      - name: make lint
        run: make golangci-lint && GOLANGCI_LINT_EXTRA_ARGS="--timeout=8m --build-tags=testing,integration" make lint
      - name: Verify go vendor, go modules and gofmt
        run: |
          sudo apt-get install -y jq
@ -43,15 +44,39 @@ jobs:
    runs-on: ubuntu-latest
    needs: [linters]
    steps:
      - name: Install dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y libbtrfs-dev build-essential apg jq default-jre
      - uses: actions/setup-node@v4
        with:
          node-version: '>=v24.5.0'
      - name: Set up openapi-generator-cli
        run: |
          mkdir -p $HOME/openapi-generator
          cd $HOME/openapi-generator
          npm install @openapitools/openapi-generator-cli
          echo "$HOME/openapi-generator/node_modules/.bin" >> $GITHUB_PATH
      - name: Checkout
        uses: actions/checkout@v3
      - name: Setup Golang
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
        with:
          go-version-file: go.mod
      - run: go version
      - name: Run go generate
        run: |
          GOTOOLCHAIN=go1.24.6 make generate
      - name: Run GARM Go Tests
        run: make go-test
      - name: Run web UI tests
        run: |
          make webui-test
--- a/.github/workflows/integration-tests.yml
+++ b/.github/workflows/integration-tests.yml
@ -0,0 +1,122 @@
 name: Integration Tests
 on:
  workflow_dispatch: {}
  schedule:
    - cron: "0 0 * * *"
 jobs:
  integration-tests:
    runs-on: ubuntu-noble-garm
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Setup Golang
        uses: actions/setup-go@v3
        with:
          go-version-file: go.mod
      - name: Setup LXD
        uses: canonical/setup-lxd@main
        with:
          channel: latest/stable
      - name: Install dependencies
        run: |
          sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
          sudo apt-get -qq update && sudo apt-get -qq install -y apg coreutils make jq build-essential libsqlite3-dev libsqlite3-0
      - name: Set up tunnel
        shell: bash
        run: |
          mkdir -p /home/runner/.ssh
          echo "${{ secrets.SSH_PRIVATE_KEY }}" > /home/runner/.ssh/ssh_key
          sudo chown -R runner:runner /home/runner/.ssh
          sudo chmod 500 /home/runner/.ssh
          sudo chmod 400 /home/runner/.ssh/ssh_key
          SUBDOMAIN=$(apg -a 0 -M l -m 12 -n 1)
          echo "::add-mask::$SUBDOMAIN"
          BASE_URL="${{ secrets.TUNNEL_BASE_URL }}"
          GARM_BASE_URL="https://$SUBDOMAIN.$BASE_URL"
          echo "::add-mask::$GARM_BASE_URL"
          echo "GARM_BASE_URL=$GARM_BASE_URL" >> $GITHUB_ENV
          cat <<EOF | sudo tee /etc/systemd/system/garm-tunnel.service
          [Unit]
          Description=GARM tunnel
          After=network.target
          [Service]
          Type=simple
          ExecStart=/usr/bin/ssh -q -i /home/runner/.ssh/ssh_key -N -n -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -R $SUBDOMAIN:80:127.0.0.1:9997 $BASE_URL
          Restart=always
          User=runner
          [Install]
          WantedBy=default.target
          EOF
          sudo systemctl daemon-reload
          sudo systemctl enable garm-tunnel
          sudo systemctl start garm-tunnel
      - name: Generate secrets
        run: |
          GARM_PASSWORD=$(apg -n1 -m32)
          REPO_WEBHOOK_SECRET=$(apg -n1 -m32)
          ORG_WEBHOOK_SECRET=$(apg -n1 -m32)
          echo "::add-mask::$GARM_PASSWORD"
          echo "::add-mask::$REPO_WEBHOOK_SECRET"
          echo "::add-mask::$ORG_WEBHOOK_SECRET"
          echo "GARM_PASSWORD=$GARM_PASSWORD" >> $GITHUB_ENV
          echo "REPO_WEBHOOK_SECRET=$REPO_WEBHOOK_SECRET" >> $GITHUB_ENV
          echo "ORG_WEBHOOK_SECRET=$ORG_WEBHOOK_SECRET" >> $GITHUB_ENV
          echo "GARM_CHECKOUT_DIR=$GITHUB_WORKSPACE" >> $GITHUB_ENV
      - name: Create logs directory
        if: always()
        run: sudo mkdir -p /artifacts-logs && sudo chmod 777 /artifacts-logs
      - name: Run integration tests
        run: |
          set -o pipefail
          set -o errexit
          make integration 2>&1
        env:
          ORG_NAME: gsamfira
          REPO_NAME: garm-testing
          CREDENTIALS_NAME: test-garm-creds
          WORKFLOW_FILE_NAME: test.yml
          GH_TOKEN: ${{ secrets.GH_OAUTH_TOKEN }}
          LXD_REMOTE_SERVER: ${{ secrets.LXD_REMOTE_SERVER }}
      - name: Show GARM logs
        if: always()
        run: |
          sudo systemctl status garm@runner || true
          sudo journalctl --no-pager 2>&1 > /artifacts-logs/system.log
          sudo journalctl -u garm@runner --no-pager 2>&1 > /artifacts-logs/garm.log
      - name: Upload GARM and e2e logs
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: garm-logs
          path: /artifacts-logs
      - name: Cleanup orphan GARM resources via GitHub API
        if: always()
        run: |
          set -o pipefail
          set -o errexit
          sudo systemctl stop garm@runner || true
          go run ./test/integration/gh_cleanup/main.go || true
        env:
          ORG_NAME: gsamfira
          REPO_NAME: garm-testing
          GH_TOKEN: ${{ secrets.GH_OAUTH_TOKEN }}
--- a/.github/workflows/trigger-manual.yml
+++ b/.github/workflows/trigger-manual.yml
@ -0,0 +1,19 @@
 name: Manual build of GARM images
 on:
  workflow_dispatch:
    inputs:
      push_to_project:
        description: "Project to build images for"
        required: true
        default: "ghcr.io/cloudbase"
      ref:
        description: "Ref to build"
        required: true
        default: "main"
 jobs:
  call-build-and-push:
    uses: ./.github/workflows/build-and-push.yml
    with:
      push_to_project: ${{ inputs.push_to_project }}
      ref: ${{ inputs.ref }}
--- a/.github/workflows/trigger-nightly.yml
+++ b/.github/workflows/trigger-nightly.yml
@ -0,0 +1,10 @@
 name: Nightly build of GARM images
 on:
  schedule:
    - cron: "0 2 * * *"
 jobs:
  call-build-and-push:
    uses: ./.github/workflows/build-and-push.yml
    with:
      ref: "main"
--- a/.gitignore
+++ b/.gitignore
@ -4,6 +4,7 @@
 *.dll
 *.so
 *.dylib
 *.DS_Store
 # Test binary, built with `go test -c`
 *.test
@ -16,3 +17,11 @@ bin/
 # vendor/
 .vscode
 cmd/temp
 build/
 release/
 node_modules/
 .svelte-kit/
 debug.html
 git_push.sh
 webapp/src/lib/api/generated/docs
 .env
--- a/.golangci.yml
+++ b/.golangci.yml
@ -0,0 +1,44 @@
 # SPDX-License-Identifier: MIT
 linters:
  disable-all: true
  fast: false
  enable:
    - gci
    - goconst
    - gocritic
    - gocyclo
    - gofmt
    - gofumpt
    - goimports
    - godox
    - govet
    - gosec
    - gosimple
    - importas
    - ineffassign
    - loggercheck
    - misspell
    - nakedret
    - nilerr
    - predeclared
    - promlinter
    - revive
    - staticcheck
    - unconvert
    - unused
    - wastedassign
    - whitespace
 linters-settings:
  gci:
    sections:
      - standard
      - default
      - prefix(github.com/cloudbase/garm)
  goimports:
    local-prefixes: github.com/cloudbase/garm
  gosec:
    excludes:
    - G115
--- a/.mockery.yaml
+++ b/.mockery.yaml
@ -0,0 +1,27 @@
 with-expecter: true
 dir: "mocks"
 mockname: "{{ .InterfaceName }}"
 outpkg: "mocks"
 filename: "{{ .InterfaceName }}.go"
 # V3 compatibility settings
 resolve-type-alias: false
 disable-version-string: true
 issue-845-fix: true
 packages:
  # Database store interfaces
  github.com/cloudbase/garm/database/common:
    interfaces:
      Store:
        config:
          dir: "{{ .InterfaceDir }}/mocks"
  # Runner interfaces  
  github.com/cloudbase/garm/runner:
    interfaces:
      PoolManagerController:
        config:
          dir: "{{ .InterfaceDir }}/mocks"
  # Runner common interfaces (generate all interfaces in this package)
  github.com/cloudbase/garm/runner/common:
    config:
      dir: "{{ .InterfaceDir }}/mocks"
      all: true
--- a/80
+++ b/80
@ -1,11 +1,77 @@
-FROM docker.io/golang:alpine
+FROM docker.io/golang:alpine AS builder
 ARG GARM_REF
-WORKDIR /root
+LABEL stage=builder
 USER root
-RUN apk add musl-dev gcc libtool m4 autoconf g++ make libblkid util-linux-dev git linux-headers mingw-w64-gcc
+RUN apk add --no-cache musl-dev gcc libtool m4 autoconf g++ make libblkid util-linux-dev git linux-headers upx curl jq
 RUN git config --global --add safe.directory /build && git config --global --add advice.detachedHead false
 RUN echo ${GARM_REF}
-ADD ./scripts/build-static.sh /build-static.sh
+ADD . /build/garm
 RUN chmod +x /build-static.sh
-CMD ["/bin/sh"]
+RUN git -C /build/garm checkout ${GARM_REF}
 RUN cd /build/garm \
    && go build -o /bin/garm \
      -tags osusergo,netgo,sqlite_omit_load_extension \
      -ldflags "-linkmode external -extldflags '-static' -s -w -X github.com/cloudbase/garm/util/appdefaults.Version=$(git describe --tags --match='v[0-9]*' --dirty --always)" \
      /build/garm/cmd/garm && upx /bin/garm
 RUN cd /build/garm/cmd/garm-cli \
    && go build -o /bin/garm-cli \
      -tags osusergo,netgo,sqlite_omit_load_extension \
      -ldflags "-linkmode external -extldflags '-static' -s -w -X github.com/cloudbase/garm/util/appdefaults.Version=$(git describe --tags --match='v[0-9]*' --dirty --always)" \
      . && upx /bin/garm-cli
 RUN set -ex; \
    mkdir -p /opt/garm/providers.d; \
    for repo in \
      cloudbase/garm-provider-azure \
      cloudbase/garm-provider-openstack \
      cloudbase/garm-provider-lxd \
      cloudbase/garm-provider-incus \
      cloudbase/garm-provider-aws \
      cloudbase/garm-provider-gcp \
      cloudbase/garm-provider-equinix \
      flatcar/garm-provider-linode \
      mercedes-benz/garm-provider-k8s; \
    do \
        export PROVIDER_NAME="$(basename $repo)"; \
        export PROVIDER_SUBDIR=""; \
        if [ "$GARM_REF" == "main" ]; then \
          export PROVIDER_REF="main"; \
        else \
          export PROVIDER_REF="$(curl -s -L https://api.github.com/repos/$repo/releases/latest | jq -r '.tag_name')"; \
        fi; \
        git clone --branch "$PROVIDER_REF" "https://github.com/$repo" "/build/$PROVIDER_NAME"; \
        case $PROVIDER_NAME in \
        "garm-provider-k8s") \
            export PROVIDER_SUBDIR="cmd/garm-provider-k8s"; \
            export PROVIDER_LDFLAGS="-linkmode external -extldflags \"-static\" -s -w"; \
            ;; \
        "garm-provider-linode") \
            export PROVIDER_LDFLAGS="-linkmode external -extldflags \"-static\" -s -w"; \
            ;; \
        *) \
            export PROVIDER_VERSION=$(git -C /build/$PROVIDER_NAME describe --tags --match='v[0-9]*' --dirty --always); \
            export PROVIDER_LDFLAGS="-linkmode external -extldflags \"-static\" -s -w -X main.Version=$PROVIDER_VERSION"; \
            ;; \
        esac; \
        cd "/build/$PROVIDER_NAME/$PROVIDER_SUBDIR" \
        && go build -ldflags="$PROVIDER_LDFLAGS" -o /opt/garm/providers.d/$PROVIDER_NAME . \
        && upx /opt/garm/providers.d/$PROVIDER_NAME; \
    done
 FROM busybox
 COPY --from=builder /bin/garm /bin/garm
 COPY --from=builder /bin/garm-cli /bin/garm-cli
 COPY --from=builder /opt/garm/providers.d/garm-provider-openstack /opt/garm/providers.d/garm-provider-openstack
 COPY --from=builder /opt/garm/providers.d/garm-provider-lxd /opt/garm/providers.d/garm-provider-lxd
 COPY --from=builder /opt/garm/providers.d/garm-provider-incus /opt/garm/providers.d/garm-provider-incus
 COPY --from=builder /opt/garm/providers.d/garm-provider-azure /opt/garm/providers.d/garm-provider-azure
 COPY --from=builder /opt/garm/providers.d/garm-provider-aws /opt/garm/providers.d/garm-provider-aws
 COPY --from=builder /opt/garm/providers.d/garm-provider-gcp /opt/garm/providers.d/garm-provider-gcp
 COPY --from=builder /opt/garm/providers.d/garm-provider-equinix /opt/garm/providers.d/garm-provider-equinix
 COPY --from=builder /opt/garm/providers.d/garm-provider-k8s /opt/garm/providers.d/garm-provider-k8s
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 ENTRYPOINT ["/bin/garm", "-config", "/etc/garm/config.toml"]
--- a/Dockerfile.build-static
+++ b/Dockerfile.build-static
@ -0,0 +1,17 @@
 FROM docker.io/golang:alpine
 WORKDIR /root
 USER root
 RUN apk add musl-dev gcc libtool m4 autoconf g++ make libblkid util-linux-dev git linux-headers mingw-w64-gcc
 RUN wget http://musl.cc/aarch64-linux-musl-cross.tgz -O /tmp/aarch64-linux-musl-cross.tgz && \
    tar --strip-components=1 -C /usr/local -xzf /tmp/aarch64-linux-musl-cross.tgz && \
    rm /tmp/aarch64-linux-musl-cross.tgz
 ADD ./scripts/build-static.sh /build-static.sh
 RUN chmod +x /build-static.sh
 ADD . /build/garm
 CMD ["/bin/sh"]
--- a/136
+++ b/136
@ -1,53 +1,139 @@
-SHELL := bash
+SHELL := /bin/bash
 export SHELLOPTS:=$(if $(SHELLOPTS),$(SHELLOPTS):)pipefail:errexit
 .ONESHELL:
 GEN_PASSWORD=$(shell (/usr/bin/apg -n1 -m32))
 IMAGE_TAG = garm-build
-USER_ID=$(shell ((docker --version | grep -q podman) && echo "0" || id -u))
+IMAGE_BUILDER=$(shell (which docker || which podman))
-USER_GROUP=$(shell ((docker --version | grep -q podman) && echo "0" || id -g))
+IS_PODMAN=$(shell (($(IMAGE_BUILDER) --version | grep -q podman) && echo "yes" || echo "no"))
 USER_ID=$(if $(filter yes,$(IS_PODMAN)),0,$(shell id -u))
 USER_GROUP=$(if $(filter yes,$(IS_PODMAN)),0,$(shell id -g))
 ROOTDIR=$(dir $(abspath $(lastword $(MAKEFILE_LIST))))
 GOPATH ?= $(shell go env GOPATH)
 VERSION ?= $(shell git describe --tags --match='v[0-9]*' --dirty --always)
 GARM_REF ?= $(shell git rev-parse --abbrev-ref HEAD)
 GO ?= go
 export GARM_PASSWORD ?= ${GEN_PASSWORD}
 export REPO_WEBHOOK_SECRET = ${GEN_PASSWORD}
 export ORG_WEBHOOK_SECRET = ${GEN_PASSWORD}
 export CREDENTIALS_NAME ?= test-garm-creds
 export WORKFLOW_FILE_NAME ?= test.yml
 export GARM_ADMIN_USERNAME ?= admin
 ifeq ($(IS_PODMAN),yes)
    EXTRA_ARGS := -v /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt
 endif
 .PHONY: help
 help: ## Display this help.
 	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-20s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 default: build
-.PHONY : build-static test install-lint-deps lint go-test fmt fmtcheck verify-vendor verify
+##@ Build
 build-static:
 	@echo Building garm
 	docker build --tag $(IMAGE_TAG) .
 	docker run --rm -e USER_ID=$(USER_ID) -e USER_GROUP=$(USER_GROUP) -v $(PWD):/build/garm:z $(IMAGE_TAG) /build-static.sh
 	@echo Binaries are available in $(PWD)/bin
-build:
+.PHONY : build-static test install-lint-deps lint go-test fmt fmtcheck verify-vendor verify create-release-files release
 build-static: ## Build garm statically
 	@echo Building garm
 	$(IMAGE_BUILDER) build $(EXTRA_ARGS) --tag $(IMAGE_TAG) -f Dockerfile.build-static .
 	mkdir -p build
 	$(IMAGE_BUILDER) run --rm -e USER_ID=$(USER_ID) -e GARM_REF=$(GARM_REF) -e USER_GROUP=$(USER_GROUP) -v $(PWD)/build:/build/output:z $(IMAGE_TAG) /build-static.sh
 	@echo Binaries are available in $(PWD)/build
 clean: ## Clean up build artifacts
 	@rm -rf ./bin ./build ./release
 .PHONY: build
 build: ## Build garm
 	@echo Building garm ${VERSION}
 	$(shell mkdir -p ./bin)
-	@$(GO) build -ldflags "-s -w -X main.Version=${VERSION}" -tags osusergo,netgo,sqlite_omit_load_extension -o bin/garm ./cmd/garm
+	@$(GO) build -ldflags "-s -w -X github.com/cloudbase/garm/util/appdefaults.Version=${VERSION}" -tags osusergo,netgo,sqlite_omit_load_extension -o bin/garm ./cmd/garm
-	@$(GO) build -ldflags "-s -w -X github.com/cloudbase/garm/cmd/garm-cli/cmd.Version=${VERSION}" -tags osusergo,netgo,sqlite_omit_load_extension -o bin/garm-cli ./cmd/garm-cli
+	@$(GO) build -ldflags "-s -w -X github.com/cloudbase/garm/util/appdefaults.Version=${VERSION}" -tags osusergo,netgo,sqlite_omit_load_extension -o bin/garm-cli ./cmd/garm-cli
 	@echo Binaries are available in $(PWD)/bin
-test: verify go-test
+.PHONY: build-webui
 build-webui:
 	@echo Building GARM web ui
 	./build-webapp.sh
 	rm -rf webapp/assets/_app
 	cp -r webapp/build/* webapp/assets/
-install-lint-deps:
+.PHONY: generate
-	@$(GO) install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+generate: ## Run go generate after checking required tools are in PATH
 	@echo Checking required tools...
 	@which openapi-generator-cli > /dev/null || (echo "Error: openapi-generator-cli not found in PATH" && exit 1)
 	@echo Running go generate
 	@$(GO) generate ./...
-lint:
+test: verify go-test ## Run tests
 	@golangci-lint run --timeout=8m --build-tags testing
-go-test:
+##@ Release
-	@$(GO) test -race -mod=vendor -tags testing -v $(TEST_ARGS) -timeout=15m -parallel=4 -count=1 ./...
+create-release-files:
 	./scripts/make-release.sh
-fmt:
+release: build-static create-release-files ## Create a release
 	@$(GO) fmt $$(go list ./...)
-fmtcheck:
+##@ Lint / Verify
-	@gofmt -l -s $$(go list ./... | sed 's|github.com/cloudbase/garm/||g') | grep ".*\.go"; if [ "$$?" -eq 0 ]; then echo "gofmt check failed; please run gofmt -w -s"; exit 1;fi
+.PHONY: lint
 lint: golangci-lint $(GOLANGCI_LINT) ## Run linting.
 	$(GOLANGCI_LINT) run -v --build-tags=testing,integration $(GOLANGCI_LINT_EXTRA_ARGS)
 .PHONY: lint-fix
 lint-fix: golangci-lint $(GOLANGCI_LINT) ## Lint the codebase and run auto-fixers if supported by the linte
 	GOLANGCI_LINT_EXTRA_ARGS=--fix $(MAKE) lint
 verify-vendor: ## verify if all the go.mod/go.sum files are up-to-date
 	$(eval TMPDIR := $(shell mktemp -d))
-	@cp -R ${ROOTDIR} ${TMPDIR}
+	@cp -R ${ROOTDIR} ${TMPDIR}/.
 	@(cd ${TMPDIR}/garm && ${GO} mod tidy)
 	@diff -r -u -q ${ROOTDIR} ${TMPDIR}/garm >/dev/null 2>&1; if [ "$$?" -ne 0 ];then echo "please run: go mod tidy && go mod vendor"; exit 1; fi
 	@rm -rf ${TMPDIR}
-verify: verify-vendor lint fmtcheck
+verify: verify-vendor lint fmtcheck ## Run all verify-* targets
 integration: build ## Run integration tests
 	function cleanup {
 		if [ -e "$$GITHUB_ENV" ];then
 			source $$GITHUB_ENV
 		fi
 		./test/integration/scripts/taredown_garm.sh
 		$(GO) run ./test/integration/gh_cleanup/main.go
 	}
 	trap cleanup EXIT
 	@./test/integration/scripts/setup-garm.sh
 	@$(GO) test -v ./test/integration/. -timeout=30m -tags=integration
 ##@ Development
 go-test: ## Run tests
 	@$(GO) test -race -mod=vendor -tags testing -v $(TEST_ARGS) -timeout=15m -parallel=4 -count=1 ./...
 fmt: ## Run go fmt against code.
 	@$(GO) fmt $$(go list ./...)
 webui-test:
 	(cd webapp && npm install)
 	(cd webapp && npm run test:run)
 ##@ Build Dependencies
 ## Location to install dependencies to
 LOCALBIN ?= $(shell pwd)/bin
 $(LOCALBIN):
 	mkdir -p $(LOCALBIN)
 ## Tool Binaries
 GOLANGCI_LINT ?= $(LOCALBIN)/golangci-lint
 ## Tool Versions
 GOLANGCI_LINT_VERSION ?= v1.64.8
 .PHONY: golangci-lint
 golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary. If wrong version is installed, it will be overwritten.
 $(GOLANGCI_LINT): $(LOCALBIN)
 	test -s $(LOCALBIN)/golangci-lint && $(LOCALBIN)/golangci-lint --version | grep -q $(GOLANGCI_LINT_VERSION) || \
 	GOBIN=$(LOCALBIN) go install github.com/golangci/golangci-lint/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION)
--- a/README.md
+++ b/README.md
@ -1,14 +1,59 @@
-# GitHub Actions Runner Manager (garm)
+
 <p align="center">
    <img src="doc/images/garm-light.svg#gh-light-mode-only" width="384px" alt="Light mode image" />
    <img src="doc/images/garm-dark.svg#gh-dark-mode-only" width="384px" alt="Dark mode image" />
 </p>
 # GitHub Actions Runner Manager (GARM)
 [![Go Tests](https://github.com/cloudbase/garm/actions/workflows/go-tests.yml/badge.svg)](https://github.com/cloudbase/garm/actions/workflows/go-tests.yml)
-Welcome to garm!
+<!-- TOC -->
-Garm enables you to create and automatically maintain pools of [self-hosted GitHub runners](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners), with autoscaling that can be used inside your github workflow runs.
+- [GitHub Actions Runner Manager GARM](#github-actions-runner-manager-garm)
    - [About GARM](#about-garm)
    - [Join us on slack](#join-us-on-slack)
    - [Installing](#installing)
        - [Quickstart](#quickstart)
        - [Installing on Kubernetes](#installing-on-kubernetes)
    - [Configuring GARM for GHES](#configuring-garm-for-ghes)
    - [Configuring GARM for Gitea](#configuring-garm-for-gitea)
    - [Enabling the web UI](#enabling-the-web-ui)
    - [Using GARM](#using-garm)
    - [Supported providers](#supported-providers)
        - [Installing external providers](#installing-external-providers)
    - [Optimizing your runners](#optimizing-your-runners)
    - [Write your own provider](#write-your-own-provider)
-The goal of ```garm``` is to be simple to set up, simple to configure and simple to use. It is a single binary that can run on any GNU/Linux machine without any other requirements other than the providers it creates the runners in. It is intended to be easy to deploy in any environment and can create runners in any system you can write a provider for. There is no complicated setup process and no extremely complex concepts to understand. Once set up, it's meant to stay out of your way.
+<!-- /TOC -->
-Garm supports creating pools on either GitHub itself or on your own deployment of [GitHub Enterprise Server](https://docs.github.com/en/enterprise-server@3.5/admin/overview/about-github-enterprise-server). For instructions on how to use ```garm``` with GHE, see the [credentials](/doc/github_credentials.md) section of the documentation.
+## About GARM
 Welcome to GARM!
 GARM enables you to create and automatically maintain pools of self-hosted runners in both [Github](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners) and [Gitea](https://github.com/go-gitea/gitea/) with auto-scaling that can be used inside your workflow runs.
 The goal of ```GARM``` is to be simple to set up, simple to configure and simple to use. The server itself is a single binary that can run on any GNU/Linux machine without any other requirements other than the providers you want to enable in your setup. It is intended to be easy to deploy in any environment and can create runners in virtually any system you can write a provider for (if one does not alreay exist). There is no complicated setup process and no extremely complex concepts to understand. Once set up, it's meant to stay out of your way.
 Through the use of providers, `GARM` can create runners in a variety of environments using the same `GARM` instance. Whether you want to create runners in your OpenStack cloud, your Azure cloud or your Kubernetes cluster, that is easily achieved by installing the appropriate providers, configuring them in `GARM` and creating pools that use them. You can create zero-runner pools for instances with high costs (large VMs, GPU enabled instances, etc) and have them spin up on demand, or you can create large pools of eagerly created k8s backed runners that can be used for your CI/CD pipelines at a moment's notice. You can mix them up and create pools in any combination of providers or resource allocations you want.
 GARM supports two modes of operation:
 * Pools
 * Scale sets
 Here is a brief architectural diagram of how pools work and how GARM reacts to workflows triggered in GitHub (click the image to see a larger version):
 ![GARM architecture diagram](/doc/images/garm-light.diagram.svg?raw=true#gh-light-mode-only)
 ![GARM architecture diagram](/doc/images/garm-dark.diagram.svg?raw=true#gh-dark-mode-only)
 **Scale sets** work differently. While pools (as they are defined in GARM) rely on webhooks to know when a job was started and GARM needs to internally make the right decission in terms of which pool should handle that runner, scale sets have a lot of the scheduling and decission making logic done in GitHub itself.
 > [!IMPORTANT]
 > The README and documentation in the `main` branch are relevant to the not yet released code that is present in `main`. Following the documentation from the `main` branch for a stable release of GARM, may lead to errors. To view the documentation for the latest stable release, please switch to the appropriate tag. For information about setting up `v0.1.6`, please refer to the [v0.1.6 tag](https://github.com/cloudbase/garm/tree/v0.1.6).
 > [!CAUTION]
 > The `main` branch holds the latest code and is not guaranteed to be stable. If you are looking for a stable release, please check the releases page. If you plan to use the `main` branch, please do so on a new instance. Do not upgrade from a stable release to `main`.
 ## Join us on slack
@ -18,120 +63,68 @@ Whether you're running into issues or just want to drop by and say "hi", feel fr
 ## Installing
-## Build from source
+### Quickstart
-You need to have Go installed, then run:
+Check out the [quickstart](/doc/quickstart.md) document for instructions on how to install ```GARM```. If you'd like to build from source, check out the [building from source](/doc/building_from_source.md) document.
-  ```bash
+### Installing on Kubernetes
  git clone https://github.com/cloudbase/garm
  cd garm
  go install ./...
  ```
-You should now have both ```garm``` and ```garm-cli``` in your ```$GOPATH/bin``` folder.
+Thanks to the efforts of the amazing folks at [@mercedes-benz](https://github.com/mercedes-benz/), GARM can now be integrated into k8s via their operator. Check out the [GARM operator](https://github.com/mercedes-benz/garm-operator/) for more details.
-If you have docker/podman installed, you can also build statically linked binaries by running:
+## Configuring GARM for GHES
-  ```bash
+GARM supports creating pools and scale sets in either GitHub itself or in your own deployment of [GitHub Enterprise Server](https://docs.github.com/en/enterprise-server@3.10/admin/overview/about-github-enterprise-server). For instructions on how to use ```GARM``` with GHE, see the [credentials](/doc/github_credentials.md) section of the documentation.
  make build-static
  ```
-The ```garm``` and ```garm-cli``` binaries will be built and copied to the ```bin/``` folder in your current working directory.
+## Configuring GARM for Gitea
-## Install the service
+GARM now has support for Gitea (>=1.24.0). For information on getting started with Gitea, see the [Gitea quickstart](/doc/gitea.md) document.
-Add a new system user:
+## Enabling the web UI
-  ```bash
+GARM now ships with a single page application. To enable it, add the following to your GARM config:
  useradd --shell /usr/bin/false \
      --system \
      --groups lxd \
      --no-create-home garm
  ```
-The ```lxd``` group is only needed if you have a local LXD install and want to connect to the unix socket to use it. If you're connecting to a remote LXD server over TCP, you can skip adding the ```garm``` user to the ```lxd``` group.
+```toml
 [apiserver.webui]
  enable = true
 ```
-Copy the binary to somewhere in the system ```$PATH```:
+Check the [README.md](/webapp/README.md) file for details on the web UI.
-  ```bash
+## Using GARM
  sudo cp $(go env GOPATH)/bin/garm /usr/local/bin/garm
  ```
-Or if you built garm using ```make```:
+GARM is designed with simplicity in mind. At least we try to keep it as simple as possible. We're aware that adding a new tool in your workflow can be painful, especially when you already have to deal with so many. The cognitive load for OPS has reached a level where it feels overwhelming at times to even wrap your head around a new tool. As such, we believe that tools should be simple, should take no more than a few hours to understand and set up and if you absolutely need to interact with the tool, it should be as intuitive as possible. Although we try our best to make this happen, we're aware that GARM has some rough edges, especially for new users. If you encounter issues or feel like the setup process was too complicated, please let us know. We're always looking to improve the user experience.
-  ```bash
+We've written a short introduction into some of the commands that GARM has and some of the concepts involved in setting up GARM, managing runners and how GitHub does some of the things it does.
  sudo cp ./bin/garm /usr/local/bin/garm
  ```
-Create the config folder:
+[You can find it here](/doc/using_garm.md).
-  ```bash
+Please, feel free to [open an issue](https://github.com/cloudbase/garm/issues/new) if you find the documentation lacking and would like more info. Sometimes we forget the challenges that new users face as we're so close to the code and how it works. Any feedback is welcome and we're always looking to improve the documentation.
  sudo mkdir -p /etc/garm
  ```
-Copy the config template:
+## Supported providers
-  ```bash
+GARM uses providers to create runners in a particular IaaS. The providers are external executables that GARM calls into to create runners. Before you can create runners, you'll need to install at least one provider.
  sudo cp ./testdata/config.toml /etc/garm/
  ```
-Copy the external provider (optional):
+### Installing external providers
-  ```bash
+External providers are binaries that GARM calls into to create runners in a particular IaaS. There are several external providers available:
  sudo cp -a ./contrib/providers.d /etc/garm/
  ```
-Copy the systemd service file:
+* [Akamai/Linode](https://github.com/flatcar/garm-provider-linode) - Experimental
 * [Amazon EC2](https://github.com/cloudbase/garm-provider-aws)
 * [Azure](https://github.com/cloudbase/garm-provider-azure)
 * [Equinix Metal](https://github.com/cloudbase/garm-provider-equinix)
 * [Google Cloud Platform (GCP)](https://github.com/cloudbase/garm-provider-gcp)
 * [Incus](https://github.com/cloudbase/garm-provider-incus)
 * [Kubernetes](https://github.com/mercedes-benz/garm-provider-k8s) - Thanks to the amazing folks at @mercedes-benz for sharing their awesome provider!
 * [LXD](https://github.com/cloudbase/garm-provider-lxd)
 * [OpenStack](https://github.com/cloudbase/garm-provider-openstack)
 * [Oracle Cloud Infrastructure (OCI)](https://github.com/cloudbase/garm-provider-oci)
-  ```bash
+Follow the instructions in the README of each provider to install them. 
  sudo cp ./contrib/garm.service /etc/systemd/system/
  ```
-Change permissions on config folder:
+## Optimizing your runners
-  ```bash
+If you would like to optimize the startup time of new instance, take a look at the [performance considerations](/doc/performance_considerations.md) page.
  sudo chown -R garm:garm /etc/garm
  sudo chmod 750 -R /etc/garm
  ```
 Enable the service:
  ```bash
  sudo systemctl enable garm
  ```
 Customize the config in ```/etc/garm/config.toml```, and start the service:
  ```bash
  sudo systemctl start garm
  ```
 ## Configuration
 The ```garm``` configuration is a simple ```toml```. A sample of the config file can be found in [the testdata folder](/testdata/config.toml).
 There are 3 major sections of the config that require your attention:
 * [Github credentials section](/doc/github_credentials.md)
 * [Providers section](/doc/providers.md)
 * [The database section](/doc/database.md)
 Once you've configured your database, providers and github credentials, you'll need to configure your [webhooks and the callback_url](/doc/webhooks_and_callbacks.md).
 At this point, you should be done. Have a look at the [running garm document](/doc/running_garm.md) for usage instructions and available features.
 If you would like to use ```garm``` with a different IaaS than the ones already available, have a loot at the [writing an external provider](/doc/external_provider.md) page.
 ## Security considerations
 Garm does not apply any ACLs of any kind to the instances it creates. That task remains in the responsibility of the user. [Here is a guide for creating ACLs in LXD](https://linuxcontainers.org/lxd/docs/master/howto/network_acls/). You can of course use ```iptables``` or ```nftables``` to create any rules you wish. I recommend you create a separate isolated lxd bridge for runners, and secure it using ACLs/iptables/nftables.
 You must make sure that the code that runs as part of the workflows is trusted, and if that cannot be done, you must make sure that any malicious code that will be pulled in by the actions and run as part of a workload, is as contained as possible. There is a nice article about [securing your workflow runs here](https://blog.gitguardian.com/github-actions-security-cheat-sheet/).
 ## Write your own provider
-The providers are interfaces between ```garm``` and a particular IaaS in which we spin up GitHub Runners. These providers can be either **native** or **external**. The **native** providers are written in ```Go```, and must implement [the interface defined here](https://github.com/cloudbase/garm/blob/main/runner/common/provider.go#L22-L39). **External** providers can be written in any language, as they are in the form of an external executable that ```garm``` calls into.
+The providers are interfaces between ```GARM``` and a particular IaaS in which we spin up GitHub Runners. **External** providers can be written in any language, as they are in the form of an external executable that ```GARM``` calls into. Please see the [Writing an external provider](/doc/external_provider.md) document for details. Also, feel free to inspect the two available sample external providers in this repository.
 There is currently one **native** provider for [LXD](https://linuxcontainers.org/lxd/) and two **external** providers for [Openstack and Azure](/contrib/providers.d/).
 If you want to write your own provider, you can choose to write a native one, or implement an **external** one. The easiest one to write is probably an **external** provider. Please see the [Writing an external provider](/doc/external_provider.md) document for details. Also, feel free to inspect the two available external providers in this repository.
--- a/apiserver/controllers/controllers.go
+++ b/apiserver/controllers/controllers.go
@ -15,26 +15,60 @@
 package controllers
 import (
 	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
-	"log"
+	"log/slog"
 	"net/http"
 	"net/url"
 	"strings"
 	"github.com/gorilla/mux"
 	"github.com/gorilla/websocket"
 	gErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm-provider-common/util"
 	"github.com/cloudbase/garm/apiserver/params"
 	"github.com/cloudbase/garm/auth"
-	gErrors "github.com/cloudbase/garm/errors"
+	"github.com/cloudbase/garm/config"
 	"github.com/cloudbase/garm/metrics"
 	runnerParams "github.com/cloudbase/garm/params"
-	"github.com/cloudbase/garm/runner"
+	"github.com/cloudbase/garm/runner" //nolint:typecheck
-	"github.com/cloudbase/garm/util"
+	garmUtil "github.com/cloudbase/garm/util"
 	wsWriter "github.com/cloudbase/garm/websocket"
-
+	"github.com/cloudbase/garm/workers/websocket/events"
 	"github.com/gorilla/websocket"
 	"github.com/pkg/errors"
 )
-func NewAPIController(r *runner.Runner, authenticator *auth.Authenticator, hub *wsWriter.Hub) (*APIController, error) {
+func NewAPIController(r *runner.Runner, authenticator *auth.Authenticator, hub *wsWriter.Hub, apiCfg config.APIServer) (*APIController, error) {
 	controllerInfo, err := r.GetControllerInfo(auth.GetAdminContext(context.Background()))
 	if err != nil {
 		return nil, fmt.Errorf("failed to get controller info: %w", err)
 	}
 	var checkOrigin func(r *http.Request) bool
 	if len(apiCfg.CORSOrigins) > 0 {
 		checkOrigin = func(r *http.Request) bool {
 			origin := r.Header["Origin"]
 			if len(origin) == 0 {
 				return true
 			}
 			u, err := url.Parse(origin[0])
 			if err != nil {
 				return false
 			}
 			for _, val := range apiCfg.CORSOrigins {
 				corsVal, err := url.Parse(val)
 				if err != nil {
 					continue
 				}
 				if garmUtil.ASCIIEqualFold(u.Host, corsVal.Host) {
 					return true
 				}
 			}
 			return false
 		}
 	}
 	return &APIController{
 		r:    r,
 		auth: authenticator,
@ -42,37 +76,38 @@ func NewAPIController(r *runner.Runner, authenticator *auth.Authenticator, hub *
 		upgrader: websocket.Upgrader{
 			ReadBufferSize:  1024,
 			WriteBufferSize: 16384,
 			CheckOrigin:     checkOrigin,
 		},
 		controllerID: controllerInfo.ControllerID.String(),
 	}, nil
 }
 type APIController struct {
-	r        *runner.Runner
+	r            *runner.Runner
-	auth     *auth.Authenticator
+	auth         *auth.Authenticator
-	hub      *wsWriter.Hub
+	hub          *wsWriter.Hub
-	upgrader websocket.Upgrader
+	upgrader     websocket.Upgrader
 	controllerID string
 }
-func handleError(w http.ResponseWriter, err error) {
+func handleError(ctx context.Context, w http.ResponseWriter, err error) {
-	w.Header().Add("Content-Type", "application/json")
+	w.Header().Set("Content-Type", "application/json")
 	origErr := errors.Cause(err)
 	apiErr := params.APIErrorResponse{
-		Details: origErr.Error(),
+		Details: err.Error(),
 	}
-
+	switch {
-	switch origErr.(type) {
+	case errors.Is(err, gErrors.ErrNotFound):
 	case *gErrors.NotFoundError:
 		w.WriteHeader(http.StatusNotFound)
 		apiErr.Error = "Not Found"
-	case *gErrors.UnauthorizedError:
+	case errors.Is(err, gErrors.ErrUnauthorized):
 		w.WriteHeader(http.StatusUnauthorized)
 		apiErr.Error = "Not Authorized"
 		// Don't include details on 401 errors.
 		apiErr.Details = ""
-	case *gErrors.BadRequestError:
+	case errors.Is(err, gErrors.ErrBadRequest):
 		w.WriteHeader(http.StatusBadRequest)
 		apiErr.Error = "Bad Request"
-	case *gErrors.DuplicateUserError, *gErrors.ConflictError:
+	case errors.Is(err, gErrors.ErrDuplicateEntity), errors.Is(err, &gErrors.ConflictError{}):
 		w.WriteHeader(http.StatusConflict)
 		apiErr.Error = "Conflict"
 	default:
@ -83,72 +118,122 @@ func handleError(w http.ResponseWriter, err error) {
 	}
 	if err := json.NewEncoder(w).Encode(apiErr); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
-func (a *APIController) webhookMetricLabelValues(valid, reason string) []string {
+func (a *APIController) handleWorkflowJobEvent(ctx context.Context, w http.ResponseWriter, r *http.Request) {
 	controllerInfo, err := a.r.GetControllerInfo(auth.GetAdminContext())
 	if err != nil {
 		log.Printf("failed to get controller info: %s", err)
 		// If labels are empty, not attempt will be made to record webhook.
 		return []string{}
 	}
 	return []string{
 		valid, reason,
 		controllerInfo.Hostname, controllerInfo.ControllerID.String(),
 	}
 }
 func (a *APIController) handleWorkflowJobEvent(w http.ResponseWriter, r *http.Request) {
 	defer r.Body.Close()
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
-		handleError(w, gErrors.NewBadRequestError("invalid post body: %s", err))
+		handleError(ctx, w, gErrors.NewBadRequestError("invalid post body: %s", err))
 		return
 	}
 	signature := r.Header.Get("X-Hub-Signature-256")
 	hookType := r.Header.Get("X-Github-Hook-Installation-Target-Type")
 	giteaTargetType := r.Header.Get("X-Gitea-Hook-Installation-Target-Type")
-	var labelValues []string
+	forgeType := runnerParams.GithubEndpointType
-	defer func() {
+	if giteaTargetType != "" {
-		if len(labelValues) == 0 {
+		forgeType = runnerParams.GiteaEndpointType
 		hookType = giteaTargetType
 	}
 	if err := a.r.DispatchWorkflowJob(hookType, signature, forgeType, body); err != nil {
 		switch {
 		case errors.Is(err, gErrors.ErrNotFound):
 			metrics.WebhooksReceived.WithLabelValues(
 				"false",         // label: valid
 				"owner_unknown", // label: reason
 			).Inc()
 			slog.With(slog.Any("error", err)).ErrorContext(ctx, "got not found error from DispatchWorkflowJob. webhook not meant for us?")
 			return
-		}
+		case strings.Contains(err.Error(), "signature"):
-		if err := metrics.RecordWebhookWithLabels(labelValues...); err != nil {
+			// nolint:golangci-lint,godox TODO: check error type
-			log.Printf("failed to record metric: %s", err)
+			metrics.WebhooksReceived.WithLabelValues(
-		}
+				"false",             // label: valid
-	}()
+				"signature_invalid", // label: reason
-
+			).Inc()
-	if err := a.r.DispatchWorkflowJob(hookType, signature, body); err != nil {
+		default:
-		if errors.Is(err, gErrors.ErrNotFound) {
+			metrics.WebhooksReceived.WithLabelValues(
-			labelValues = a.webhookMetricLabelValues("false", "owner_unknown")
+				"false",   // label: valid
-			log.Printf("got not found error from DispatchWorkflowJob. webhook not meant for us?: %q", err)
+				"unknown", // label: reason
-			return
+			).Inc()
 		} else if strings.Contains(err.Error(), "signature") { // TODO: check error type
 			labelValues = a.webhookMetricLabelValues("false", "signature_invalid")
 		} else {
 			labelValues = a.webhookMetricLabelValues("false", "unknown")
 		}
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
-	labelValues = a.webhookMetricLabelValues("true", "")
+	metrics.WebhooksReceived.WithLabelValues(
 		"true", // label: valid
 		"",     // label: reason
 	).Inc()
 }
-func (a *APIController) CatchAll(w http.ResponseWriter, r *http.Request) {
+func (a *APIController) WebhookHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	controllerID, ok := vars["controllerID"]
 	// If the webhook URL includes a controller ID, we validate that it's meant for us. We still
 	// support bare webhook URLs, which are tipically configured manually by the user.
 	// The controllerID suffixed webhook URL is useful when configuring the webhook for an entity
 	// via garm. We cannot tag a webhook URL on github, so there is no way to determine ownership.
 	// Using a controllerID suffix is a simple way to denote ownership.
 	if ok && controllerID != a.controllerID {
 		slog.InfoContext(ctx, "ignoring webhook meant for foreign controller", "req_controller_id", controllerID)
 		return
 	}
 	headers := r.Header.Clone()
 	event := runnerParams.Event(headers.Get("X-Github-Event"))
 	switch event {
 	case runnerParams.WorkflowJobEvent:
-		a.handleWorkflowJobEvent(w, r)
+		a.handleWorkflowJobEvent(ctx, w, r)
 	case runnerParams.PingEvent:
 		// Ignore ping event. We may want to save the ping in the github entity table in the future.
 	default:
-		log.Printf("ignoring unknown event %s", util.SanitizeLogEntry(string(event)))
+		slog.DebugContext(ctx, "ignoring unknown event", "gh_event", util.SanitizeLogEntry(string(event)))
 	}
 }
 func (a *APIController) EventsHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	if !auth.IsAdmin(ctx) {
 		w.WriteHeader(http.StatusForbidden)
 		if _, err := w.Write([]byte("events are available to admin users")); err != nil {
 			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	conn, err := a.upgrader.Upgrade(w, r, nil)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error upgrading to websockets")
 		return
 	}
 	defer conn.Close()
 	wsClient, err := wsWriter.NewClient(ctx, conn)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to create new client")
 		return
 	}
 	defer wsClient.Stop()
 	eventHandler, err := events.NewHandler(ctx, wsClient)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to create new event handler")
 		return
 	}
 	if err := eventHandler.Start(); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to start event handler")
 		return
 	}
 	<-eventHandler.Done()
 }
 func (a *APIController) WSHandler(writer http.ResponseWriter, req *http.Request) {
@ -156,153 +241,267 @@ func (a *APIController) WSHandler(writer http.ResponseWriter, req *http.Request)
 	if !auth.IsAdmin(ctx) {
 		writer.WriteHeader(http.StatusForbidden)
 		if _, err := writer.Write([]byte("you need admin level access to view logs")); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	if a.hub == nil {
-		handleError(writer, gErrors.NewBadRequestError("log streamer is disabled"))
+		handleError(ctx, writer, gErrors.NewBadRequestError("log streamer is disabled"))
 		return
 	}
 	conn, err := a.upgrader.Upgrade(writer, req, nil)
 	if err != nil {
-		log.Printf("error upgrading to websockets: %v", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error upgrading to websockets")
 		return
 	}
 	defer conn.Close()
-	// TODO (gsamfira): Handle ExpiresAt. Right now, if a client uses
+	client, err := wsWriter.NewClient(ctx, conn)
 	// a valid token to authenticate, and keeps the websocket connection
 	// open, it will allow that client to stream logs via websockets
 	// until the connection is broken. We need to forcefully disconnect
 	// the client once the token expires.
 	client, err := wsWriter.NewClient(conn, a.hub)
 	if err != nil {
-		log.Printf("failed to create new client: %v", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to create new client")
 		return
 	}
 	if err := a.hub.Register(client); err != nil {
-		log.Printf("failed to register new client: %v", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to register new client")
 		return
 	}
-	client.Go()
+	defer a.hub.Unregister(client)
 	if err := client.Start(); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to start client")
 		return
 	}
 	<-client.Done()
 	slog.Info("client disconnected", "client_id", client.ID())
 }
 // NotFoundHandler is returned when an invalid URL is acccessed
 func (a *APIController) NotFoundHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	apiErr := params.APIErrorResponse{
 		Details: "Resource not found",
 		Error:   "Not found",
 	}
-	w.WriteHeader(http.StatusNotFound)
+
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusNotFound)
 	if err := json.NewEncoder(w).Encode(apiErr); err != nil {
-		log.Printf("failet to write response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failet to write response")
 	}
 }
 // swagger:route GET /metrics-token metrics-token GetMetricsToken
 //
 // Returns a JWT token that can be used to access the metrics endpoint.
 //
 //	Responses:
 //	  200: JWTResponse
 //	  401: APIErrorResponse
 func (a *APIController) MetricsTokenHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	if !auth.IsAdmin(ctx) {
-		handleError(w, gErrors.ErrUnauthorized)
+		handleError(ctx, w, gErrors.ErrUnauthorized)
 		return
 	}
 	token, err := a.auth.GetJWTMetricsToken(ctx)
 	if err != nil {
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	err = json.NewEncoder(w).Encode(runnerParams.JWTResponse{Token: token})
 	if err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route POST /auth/login login Login
 //
 // Logs in a user and returns a JWT token.
 //
 //	Parameters:
 //	  + name: Body
 //	    description: Login information.
 //	    type: PasswordLoginParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: JWTResponse
 //	  400: APIErrorResponse
 //
 // LoginHandler returns a jwt token
 func (a *APIController) LoginHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	var loginInfo runnerParams.PasswordLoginParams
 	if err := json.NewDecoder(r.Body).Decode(&loginInfo); err != nil {
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	if err := loginInfo.Validate(); err != nil {
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	ctx := r.Context()
 	ctx, err := a.auth.AuthenticateUser(ctx, loginInfo)
 	if err != nil {
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	tokenString, err := a.auth.GetJWTToken(ctx)
 	if err != nil {
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(runnerParams.JWTResponse{Token: tokenString}); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route POST /first-run first-run FirstRun
 //
 // Initialize the first run of the controller.
 //
 //	Parameters:
 //	  + name: Body
 //	    description: Create a new user.
 //	    type: NewUserParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: User
 //	  400: APIErrorResponse
 func (a *APIController) FirstRunHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	if a.auth.IsInitialized() {
 		err := gErrors.NewConflictError("already initialized")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	ctx := r.Context()
 	var newUserParams runnerParams.NewUserParams
 	if err := json.NewDecoder(r.Body).Decode(&newUserParams); err != nil {
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	newUser, err := a.auth.InitController(ctx, newUserParams)
 	if err != nil {
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(newUser); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 func (a *APIController) ListCredentials(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	creds, err := a.r.ListCredentials(ctx)
 	if err != nil {
 		handleError(w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(creds); err != nil {
 		log.Printf("failed to encode response: %q", err)
 	}
 }
 // swagger:route GET /providers providers ListProviders
 //
 // List all providers.
 //
 //	Responses:
 //	  200: Providers
 //	  400: APIErrorResponse
 func (a *APIController) ListProviders(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	providers, err := a.r.ListProviders(ctx)
 	if err != nil {
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(providers); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /jobs jobs ListJobs
 //
 // List all jobs.
 //
 //	Responses:
 //	  200: Jobs
 //	  400: APIErrorResponse
 func (a *APIController) ListAllJobs(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	jobs, err := a.r.ListAllJobs(ctx)
 	if err != nil {
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(jobs); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /controller-info controllerInfo ControllerInfo
 //
 // Get controller info.
 //
 //	Responses:
 //	  200: ControllerInfo
 //	  409: APIErrorResponse
 func (a *APIController) ControllerInfoHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	info, err := a.r.GetControllerInfo(ctx)
 	if err != nil {
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(info); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route PUT /controller controller UpdateController
 //
 // Update controller.
 //
 //	Parameters:
 //	  + name: Body
 //	    description: Parameters used when updating the controller.
 //	    type: UpdateControllerParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: ControllerInfo
 //	  400: APIErrorResponse
 func (a *APIController) UpdateControllerHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	var updateParams runnerParams.UpdateControllerParams
 	if err := json.NewDecoder(r.Body).Decode(&updateParams); err != nil {
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	if err := updateParams.Validate(); err != nil {
 		handleError(ctx, w, err)
 		return
 	}
 	info, err := a.r.UpdateController(ctx, updateParams)
 	if err != nil {
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(info); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
--- a/apiserver/controllers/enterprises.go
+++ b/apiserver/controllers/enterprises.go
@ -16,54 +16,106 @@ package controllers
 import (
 	"encoding/json"
-	"log"
+	"log/slog"
 	"net/http"
 	"github.com/cloudbase/garm/apiserver/params"
 	gErrors "github.com/cloudbase/garm/errors"
 	runnerParams "github.com/cloudbase/garm/params"
 	"github.com/gorilla/mux"
 	gErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm/apiserver/params"
 	runnerParams "github.com/cloudbase/garm/params"
 )
 // swagger:route POST /enterprises enterprises CreateEnterprise
 //
 // Create enterprise with the given parameters.
 //
 //	Parameters:
 //	  + name: Body
 //	    description: Parameters used to create the enterprise.
 //	    type: CreateEnterpriseParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: Enterprise
 //	  default: APIErrorResponse
 func (a *APIController) CreateEnterpriseHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	var enterpriseData runnerParams.CreateEnterpriseParams
 	if err := json.NewDecoder(r.Body).Decode(&enterpriseData); err != nil {
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	enterprise, err := a.r.CreateEnterprise(ctx, enterpriseData)
 	if err != nil {
-		log.Printf("error creating enterprise: %+v", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating enterprise")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(enterprise); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /enterprises enterprises ListEnterprises
 //
 // List all enterprises.
 //
 //	Parameters:
 //	  + name: name
 //	    description: Exact enterprise name to filter by
 //	    type: string
 //	    in: query
 //	    required: false
 //
 //	  + name: endpoint
 //	    description: Exact endpoint name to filter by
 //	    type: string
 //	    in: query
 //	    required: false
 //
 //	Responses:
 //	  200: Enterprises
 //	  default: APIErrorResponse
 func (a *APIController) ListEnterprisesHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
-	enterprise, err := a.r.ListEnterprises(ctx)
+	filter := runnerParams.EnterpriseFilter{
 		Name:     r.URL.Query().Get("name"),
 		Endpoint: r.URL.Query().Get("endpoint"),
 	}
 	enterprise, err := a.r.ListEnterprises(ctx, filter)
 	if err != nil {
-		log.Printf("listing enterprise: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing enterprise")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(enterprise); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /enterprises/{enterpriseID} enterprises GetEnterprise
 //
 // Get enterprise by ID.
 //
 //	Parameters:
 //	  + name: enterpriseID
 //	    description: The ID of the enterprise to fetch.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: Enterprise
 //	  default: APIErrorResponse
 func (a *APIController) GetEnterpriseByIDHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@ -75,24 +127,37 @@ func (a *APIController) GetEnterpriseByIDHandler(w http.ResponseWriter, r *http.
 			Error:   "Bad Request",
 			Details: "No enterprise ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	enterprise, err := a.r.GetEnterpriseByID(ctx, enterpriseID)
 	if err != nil {
-		log.Printf("fetching enterprise: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "fetching enterprise")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(enterprise); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route DELETE /enterprises/{enterpriseID} enterprises DeleteEnterprise
 //
 // Delete enterprise by ID.
 //
 //	Parameters:
 //	  + name: enterpriseID
 //	    description: ID of the enterprise to delete.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  default: APIErrorResponse
 func (a *APIController) DeleteEnterpriseHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@ -104,22 +169,40 @@ func (a *APIController) DeleteEnterpriseHandler(w http.ResponseWriter, r *http.R
 			Error:   "Bad Request",
 			Details: "No enterprise ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	if err := a.r.DeleteEnterprise(ctx, enterpriseID); err != nil {
-		log.Printf("removing enterprise: %+v", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "removing enterprise")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
 }
 // swagger:route PUT /enterprises/{enterpriseID} enterprises UpdateEnterprise
 //
 // Update enterprise with the given parameters.
 //
 //	Parameters:
 //	  + name: enterpriseID
 //	    description: The ID of the enterprise to update.
 //	    type: string
 //	    in: path
 //	    required: true
 //	  + name: Body
 //	    description: Parameters used when updating the enterprise.
 //	    type: UpdateEntityParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: Enterprise
 //	  default: APIErrorResponse
 func (a *APIController) UpdateEnterpriseHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@ -131,30 +214,50 @@ func (a *APIController) UpdateEnterpriseHandler(w http.ResponseWriter, r *http.R
 			Error:   "Bad Request",
 			Details: "No enterprise ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
-	var updatePayload runnerParams.UpdateRepositoryParams
+	var updatePayload runnerParams.UpdateEntityParams
 	if err := json.NewDecoder(r.Body).Decode(&updatePayload); err != nil {
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	enterprise, err := a.r.UpdateEnterprise(ctx, enterpriseID, updatePayload)
 	if err != nil {
-		log.Printf("error updating enterprise: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error updating enterprise: %s")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(enterprise); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route POST /enterprises/{enterpriseID}/pools enterprises pools CreateEnterprisePool
 //
 // Create enterprise pool with the parameters given.
 //
 //	Parameters:
 //	  + name: enterpriseID
 //	    description: Enterprise ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: Body
 //	    description: Parameters used when creating the enterprise pool.
 //	    type: CreatePoolParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: Pool
 //	  default: APIErrorResponse
 func (a *APIController) CreateEnterprisePoolHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@ -166,31 +269,101 @@ func (a *APIController) CreateEnterprisePoolHandler(w http.ResponseWriter, r *ht
 			Error:   "Bad Request",
 			Details: "No enterprise ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	var poolData runnerParams.CreatePoolParams
 	if err := json.NewDecoder(r.Body).Decode(&poolData); err != nil {
-		log.Printf("failed to decode: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	pool, err := a.r.CreateEnterprisePool(ctx, enterpriseID, poolData)
 	if err != nil {
-		log.Printf("error creating enterprise pool: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating enterprise pool")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route POST /enterprises/{enterpriseID}/scalesets enterprises scalesets CreateEnterpriseScaleSet
 //
 // Create enterprise pool with the parameters given.
 //
 //	Parameters:
 //	  + name: enterpriseID
 //	    description: Enterprise ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: Body
 //	    description: Parameters used when creating the enterprise scale set.
 //	    type: CreateScaleSetParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: ScaleSet
 //	  default: APIErrorResponse
 func (a *APIController) CreateEnterpriseScaleSetHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	enterpriseID, ok := vars["enterpriseID"]
 	if !ok {
 		w.WriteHeader(http.StatusBadRequest)
 		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
 			Error:   "Bad Request",
 			Details: "No enterprise ID specified",
 		}); err != nil {
 			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	var scaleSetData runnerParams.CreateScaleSetParams
 	if err := json.NewDecoder(r.Body).Decode(&scaleSetData); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	scaleSet, err := a.r.CreateEntityScaleSet(ctx, runnerParams.ForgeEntityTypeEnterprise, enterpriseID, scaleSetData)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating enterprise scale set")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(scaleSet); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /enterprises/{enterpriseID}/pools enterprises pools ListEnterprisePools
 //
 // List enterprise pools.
 //
 //	Parameters:
 //	  + name: enterpriseID
 //	    description: Enterprise ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: Pools
 //	  default: APIErrorResponse
 func (a *APIController) ListEnterprisePoolsHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
@ -201,25 +374,86 @@ func (a *APIController) ListEnterprisePoolsHandler(w http.ResponseWriter, r *htt
 			Error:   "Bad Request",
 			Details: "No enterprise ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	pools, err := a.r.ListEnterprisePools(ctx, enterpriseID)
 	if err != nil {
-		log.Printf("listing pools: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing pools")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pools); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /enterprises/{enterpriseID}/scalesets enterprises scalesets ListEnterpriseScaleSets
 //
 // List enterprise scale sets.
 //
 //	Parameters:
 //	  + name: enterpriseID
 //	    description: Enterprise ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: ScaleSets
 //	  default: APIErrorResponse
 func (a *APIController) ListEnterpriseScaleSetsHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	enterpriseID, ok := vars["enterpriseID"]
 	if !ok {
 		w.WriteHeader(http.StatusBadRequest)
 		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
 			Error:   "Bad Request",
 			Details: "No enterprise ID specified",
 		}); err != nil {
 			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	scaleSets, err := a.r.ListEntityScaleSets(ctx, runnerParams.ForgeEntityTypeEnterprise, enterpriseID)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing scale sets")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(scaleSets); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /enterprises/{enterpriseID}/pools/{poolID} enterprises pools GetEnterprisePool
 //
 // Get enterprise pool by ID.
 //
 //	Parameters:
 //	  + name: enterpriseID
 //	    description: Enterprise ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: poolID
 //	    description: Pool ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: Pool
 //	  default: APIErrorResponse
 func (a *APIController) GetEnterprisePoolHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
@ -231,24 +465,43 @@ func (a *APIController) GetEnterprisePoolHandler(w http.ResponseWriter, r *http.
 			Error:   "Bad Request",
 			Details: "No enterprise or pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	pool, err := a.r.GetEnterprisePoolByID(ctx, enterpriseID, poolID)
 	if err != nil {
-		log.Printf("listing pools: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing pools")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route DELETE /enterprises/{enterpriseID}/pools/{poolID} enterprises pools DeleteEnterprisePool
 //
 // Delete enterprise pool by ID.
 //
 //	Parameters:
 //	  + name: enterpriseID
 //	    description: Enterprise ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: poolID
 //	    description: ID of the enterprise pool to delete.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  default: APIErrorResponse
 func (a *APIController) DeleteEnterprisePoolHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@ -261,22 +514,47 @@ func (a *APIController) DeleteEnterprisePoolHandler(w http.ResponseWriter, r *ht
 			Error:   "Bad Request",
 			Details: "No enterprise or pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	if err := a.r.DeleteEnterprisePool(ctx, enterpriseID, poolID); err != nil {
-		log.Printf("removing pool: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "removing pool")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
 }
 // swagger:route PUT /enterprises/{enterpriseID}/pools/{poolID} enterprises pools UpdateEnterprisePool
 //
 // Update enterprise pool with the parameters given.
 //
 //	Parameters:
 //	  + name: enterpriseID
 //	    description: Enterprise ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: poolID
 //	    description: ID of the enterprise pool to update.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: Body
 //	    description: Parameters used when updating the enterprise pool.
 //	    type: UpdatePoolParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: Pool
 //	  default: APIErrorResponse
 func (a *APIController) UpdateEnterprisePoolHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@ -289,27 +567,27 @@ func (a *APIController) UpdateEnterprisePoolHandler(w http.ResponseWriter, r *ht
 			Error:   "Bad Request",
 			Details: "No enterprise or pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	var poolData runnerParams.UpdatePoolParams
 	if err := json.NewDecoder(r.Body).Decode(&poolData); err != nil {
-		log.Printf("failed to decode: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	pool, err := a.r.UpdateEnterprisePool(ctx, enterpriseID, poolID, poolData)
 	if err != nil {
-		log.Printf("error creating enterprise pool: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating enterprise pool")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
--- a/apiserver/controllers/gitea_credentials.go
+++ b/apiserver/controllers/gitea_credentials.go
@ -0,0 +1,241 @@
 // Copyright 2025 Cloudbase Solutions SRL
 //
 //	Licensed under the Apache License, Version 2.0 (the "License"); you may
 //	not use this file except in compliance with the License. You may obtain
 //	a copy of the License at
 //
 //	     http://www.apache.org/licenses/LICENSE-2.0
 //
 //	Unless required by applicable law or agreed to in writing, software
 //	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 //	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 //	License for the specific language governing permissions and limitations
 //	under the License.
 package controllers
 import (
 	"encoding/json"
 	"log/slog"
 	"math"
 	"net/http"
 	"strconv"
 	"github.com/gorilla/mux"
 	gErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm/params"
 )
 // swagger:route GET /gitea/credentials credentials ListGiteaCredentials
 //
 // List all credentials.
 //
 //	Responses:
 //	  200: Credentials
 //	  400: APIErrorResponse
 func (a *APIController) ListGiteaCredentials(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	creds, err := a.r.ListGiteaCredentials(ctx)
 	if err != nil {
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(creds); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route POST /gitea/credentials credentials CreateGiteaCredentials
 //
 // Create a Gitea credential.
 //
 //	Parameters:
 //	  + name: Body
 //	    description: Parameters used when creating a Gitea credential.
 //	    type: CreateGiteaCredentialsParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: ForgeCredentials
 //	  400: APIErrorResponse
 func (a *APIController) CreateGiteaCredential(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	var params params.CreateGiteaCredentialsParams
 	if err := json.NewDecoder(r.Body).Decode(&params); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode request")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	cred, err := a.r.CreateGiteaCredentials(ctx, params)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to create Gitea credential")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(cred); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /gitea/credentials/{id} credentials GetGiteaCredentials
 //
 // Get a Gitea credential.
 //
 //	Parameters:
 //	  + name: id
 //	    description: ID of the Gitea credential.
 //	    type: integer
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: ForgeCredentials
 //	  400: APIErrorResponse
 func (a *APIController) GetGiteaCredential(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	idParam, ok := vars["id"]
 	if !ok {
 		slog.ErrorContext(ctx, "missing id in request")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	id, err := strconv.ParseUint(idParam, 10, 64)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to parse id")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	if id > math.MaxUint {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "id is too large")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	cred, err := a.r.GetGiteaCredentials(ctx, uint(id))
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to get Gitea credential")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(cred); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route DELETE /gitea/credentials/{id} credentials DeleteGiteaCredentials
 //
 // Delete a Gitea credential.
 //
 //	Parameters:
 //	  + name: id
 //	    description: ID of the Gitea credential.
 //	    type: integer
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  default: APIErrorResponse
 func (a *APIController) DeleteGiteaCredential(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	idParam, ok := vars["id"]
 	if !ok {
 		slog.ErrorContext(ctx, "missing id in request")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	id, err := strconv.ParseUint(idParam, 10, 64)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to parse id")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	if id > math.MaxUint {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "id is too large")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	if err := a.r.DeleteGiteaCredentials(ctx, uint(id)); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to delete Gitea credential")
 		handleError(ctx, w, err)
 		return
 	}
 	w.WriteHeader(http.StatusNoContent)
 }
 // swagger:route PUT /gitea/credentials/{id} credentials UpdateGiteaCredentials
 //
 // Update a Gitea credential.
 //
 //	Parameters:
 //	  + name: id
 //	    description: ID of the Gitea credential.
 //	    type: integer
 //	    in: path
 //	    required: true
 //	  + name: Body
 //	    description: Parameters used when updating a Gitea credential.
 //	    type: UpdateGiteaCredentialsParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: ForgeCredentials
 //	  400: APIErrorResponse
 func (a *APIController) UpdateGiteaCredential(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	idParam, ok := vars["id"]
 	if !ok {
 		slog.ErrorContext(ctx, "missing id in request")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	id, err := strconv.ParseUint(idParam, 10, 64)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to parse id")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	if id > math.MaxUint {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "id is too large")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	var params params.UpdateGiteaCredentialsParams
 	if err := json.NewDecoder(r.Body).Decode(&params); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode request")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	cred, err := a.r.UpdateGiteaCredentials(ctx, uint(id), params)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to update Gitea credential")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(cred); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
--- a/apiserver/controllers/gitea_endpoints.go
+++ b/apiserver/controllers/gitea_endpoints.go
@ -0,0 +1,199 @@
 // Copyright 2025 Cloudbase Solutions SRL
 //
 //	Licensed under the Apache License, Version 2.0 (the "License"); you may
 //	not use this file except in compliance with the License. You may obtain
 //	a copy of the License at
 //
 //	     http://www.apache.org/licenses/LICENSE-2.0
 //
 //	Unless required by applicable law or agreed to in writing, software
 //	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 //	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 //	License for the specific language governing permissions and limitations
 //	under the License.
 package controllers
 import (
 	"encoding/json"
 	"log/slog"
 	"net/http"
 	"github.com/gorilla/mux"
 	gErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm/params"
 )
 // swagger:route POST /gitea/endpoints endpoints CreateGiteaEndpoint
 //
 // Create a Gitea Endpoint.
 //
 //	Parameters:
 //	  + name: Body
 //	    description: Parameters used when creating a Gitea endpoint.
 //	    type: CreateGiteaEndpointParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: ForgeEndpoint
 //	  default: APIErrorResponse
 func (a *APIController) CreateGiteaEndpoint(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	var params params.CreateGiteaEndpointParams
 	if err := json.NewDecoder(r.Body).Decode(&params); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode request")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	endpoint, err := a.r.CreateGiteaEndpoint(ctx, params)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to create Gitea endpoint")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(endpoint); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /gitea/endpoints endpoints ListGiteaEndpoints
 //
 // List all Gitea Endpoints.
 //
 //	Responses:
 //	  200: ForgeEndpoints
 //	  default: APIErrorResponse
 func (a *APIController) ListGiteaEndpoints(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	endpoints, err := a.r.ListGiteaEndpoints(ctx)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to list Gitea endpoints")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(endpoints); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /gitea/endpoints/{name} endpoints GetGiteaEndpoint
 //
 // Get a Gitea Endpoint.
 //
 //	Parameters:
 //	  + name: name
 //	    description: The name of the Gitea endpoint.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: ForgeEndpoint
 //	  default: APIErrorResponse
 func (a *APIController) GetGiteaEndpoint(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	name, ok := vars["name"]
 	if !ok {
 		slog.ErrorContext(ctx, "missing name in request")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	endpoint, err := a.r.GetGiteaEndpoint(ctx, name)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to get Gitea endpoint")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(endpoint); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route DELETE /gitea/endpoints/{name} endpoints DeleteGiteaEndpoint
 //
 // Delete a Gitea Endpoint.
 //
 //	Parameters:
 //	  + name: name
 //	    description: The name of the Gitea endpoint.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  default: APIErrorResponse
 func (a *APIController) DeleteGiteaEndpoint(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	name, ok := vars["name"]
 	if !ok {
 		slog.ErrorContext(ctx, "missing name in request")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	if err := a.r.DeleteGiteaEndpoint(ctx, name); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to delete Gitea endpoint")
 		handleError(ctx, w, err)
 		return
 	}
 	w.WriteHeader(http.StatusNoContent)
 }
 // swagger:route PUT /gitea/endpoints/{name} endpoints UpdateGiteaEndpoint
 //
 // Update a Gitea Endpoint.
 //
 //	Parameters:
 //	  + name: name
 //	    description: The name of the Gitea endpoint.
 //	    type: string
 //	    in: path
 //	    required: true
 //	  + name: Body
 //	    description: Parameters used when updating a Gitea endpoint.
 //	    type: UpdateGiteaEndpointParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: ForgeEndpoint
 //	  default: APIErrorResponse
 func (a *APIController) UpdateGiteaEndpoint(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	name, ok := vars["name"]
 	if !ok {
 		slog.ErrorContext(ctx, "missing name in request")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	var params params.UpdateGiteaEndpointParams
 	if err := json.NewDecoder(r.Body).Decode(&params); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode request")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	endpoint, err := a.r.UpdateGiteaEndpoint(ctx, name, params)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to update GitHub endpoint")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(endpoint); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
--- a/apiserver/controllers/github_credentials.go
+++ b/apiserver/controllers/github_credentials.go
@ -0,0 +1,242 @@
 // Copyright 2025 Cloudbase Solutions SRL
 //
 //	Licensed under the Apache License, Version 2.0 (the "License"); you may
 //	not use this file except in compliance with the License. You may obtain
 //	a copy of the License at
 //
 //	     http://www.apache.org/licenses/LICENSE-2.0
 //
 //	Unless required by applicable law or agreed to in writing, software
 //	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 //	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 //	License for the specific language governing permissions and limitations
 //	under the License.
 package controllers
 import (
 	"encoding/json"
 	"log/slog"
 	"math"
 	"net/http"
 	"strconv"
 	"github.com/gorilla/mux"
 	gErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm/params"
 )
 // swagger:route GET /credentials credentials ListCredentials
 // swagger:route GET /github/credentials credentials ListCredentials
 //
 // List all credentials.
 //
 //	Responses:
 //	  200: Credentials
 //	  400: APIErrorResponse
 func (a *APIController) ListCredentials(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	creds, err := a.r.ListCredentials(ctx)
 	if err != nil {
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(creds); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route POST /github/credentials credentials CreateCredentials
 //
 // Create a GitHub credential.
 //
 //	Parameters:
 //	  + name: Body
 //	    description: Parameters used when creating a GitHub credential.
 //	    type: CreateGithubCredentialsParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: ForgeCredentials
 //	  400: APIErrorResponse
 func (a *APIController) CreateGithubCredential(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	var params params.CreateGithubCredentialsParams
 	if err := json.NewDecoder(r.Body).Decode(&params); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode request")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	cred, err := a.r.CreateGithubCredentials(ctx, params)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to create GitHub credential")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(cred); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /github/credentials/{id} credentials GetCredentials
 //
 // Get a GitHub credential.
 //
 //	Parameters:
 //	  + name: id
 //	    description: ID of the GitHub credential.
 //	    type: integer
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: ForgeCredentials
 //	  400: APIErrorResponse
 func (a *APIController) GetGithubCredential(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	idParam, ok := vars["id"]
 	if !ok {
 		slog.ErrorContext(ctx, "missing id in request")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	id, err := strconv.ParseUint(idParam, 10, 64)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to parse id")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	if id > math.MaxUint {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "id is too large")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	cred, err := a.r.GetGithubCredentials(ctx, uint(id))
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to get GitHub credential")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(cred); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route DELETE /github/credentials/{id} credentials DeleteCredentials
 //
 // Delete a GitHub credential.
 //
 //	Parameters:
 //	  + name: id
 //	    description: ID of the GitHub credential.
 //	    type: integer
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  default: APIErrorResponse
 func (a *APIController) DeleteGithubCredential(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	idParam, ok := vars["id"]
 	if !ok {
 		slog.ErrorContext(ctx, "missing id in request")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	id, err := strconv.ParseUint(idParam, 10, 64)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to parse id")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	if id > math.MaxUint {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "id is too large")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	if err := a.r.DeleteGithubCredentials(ctx, uint(id)); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to delete GitHub credential")
 		handleError(ctx, w, err)
 		return
 	}
 	w.WriteHeader(http.StatusNoContent)
 }
 // swagger:route PUT /github/credentials/{id} credentials UpdateCredentials
 //
 // Update a GitHub credential.
 //
 //	Parameters:
 //	  + name: id
 //	    description: ID of the GitHub credential.
 //	    type: integer
 //	    in: path
 //	    required: true
 //	  + name: Body
 //	    description: Parameters used when updating a GitHub credential.
 //	    type: UpdateGithubCredentialsParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: ForgeCredentials
 //	  400: APIErrorResponse
 func (a *APIController) UpdateGithubCredential(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	idParam, ok := vars["id"]
 	if !ok {
 		slog.ErrorContext(ctx, "missing id in request")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	id, err := strconv.ParseUint(idParam, 10, 64)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to parse id")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	if id > math.MaxUint {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "id is too large")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	var params params.UpdateGithubCredentialsParams
 	if err := json.NewDecoder(r.Body).Decode(&params); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode request")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	cred, err := a.r.UpdateGithubCredentials(ctx, uint(id), params)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to update GitHub credential")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(cred); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
--- a/apiserver/controllers/github_endpoints.go
+++ b/apiserver/controllers/github_endpoints.go
@ -0,0 +1,199 @@
 // Copyright 2025 Cloudbase Solutions SRL
 //
 //	Licensed under the Apache License, Version 2.0 (the "License"); you may
 //	not use this file except in compliance with the License. You may obtain
 //	a copy of the License at
 //
 //	     http://www.apache.org/licenses/LICENSE-2.0
 //
 //	Unless required by applicable law or agreed to in writing, software
 //	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 //	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 //	License for the specific language governing permissions and limitations
 //	under the License.
 package controllers
 import (
 	"encoding/json"
 	"log/slog"
 	"net/http"
 	"github.com/gorilla/mux"
 	gErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm/params"
 )
 // swagger:route POST /github/endpoints endpoints CreateGithubEndpoint
 //
 // Create a GitHub Endpoint.
 //
 //	Parameters:
 //	  + name: Body
 //	    description: Parameters used when creating a GitHub endpoint.
 //	    type: CreateGithubEndpointParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: ForgeEndpoint
 //	  default: APIErrorResponse
 func (a *APIController) CreateGithubEndpoint(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	var params params.CreateGithubEndpointParams
 	if err := json.NewDecoder(r.Body).Decode(&params); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode request")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	endpoint, err := a.r.CreateGithubEndpoint(ctx, params)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to create GitHub endpoint")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(endpoint); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /github/endpoints endpoints ListGithubEndpoints
 //
 // List all GitHub Endpoints.
 //
 //	Responses:
 //	  200: ForgeEndpoints
 //	  default: APIErrorResponse
 func (a *APIController) ListGithubEndpoints(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	endpoints, err := a.r.ListGithubEndpoints(ctx)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to list GitHub endpoints")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(endpoints); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /github/endpoints/{name} endpoints GetGithubEndpoint
 //
 // Get a GitHub Endpoint.
 //
 //	Parameters:
 //	  + name: name
 //	    description: The name of the GitHub endpoint.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: ForgeEndpoint
 //	  default: APIErrorResponse
 func (a *APIController) GetGithubEndpoint(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	name, ok := vars["name"]
 	if !ok {
 		slog.ErrorContext(ctx, "missing name in request")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	endpoint, err := a.r.GetGithubEndpoint(ctx, name)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to get GitHub endpoint")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(endpoint); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route DELETE /github/endpoints/{name} endpoints DeleteGithubEndpoint
 //
 // Delete a GitHub Endpoint.
 //
 //	Parameters:
 //	  + name: name
 //	    description: The name of the GitHub endpoint.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  default: APIErrorResponse
 func (a *APIController) DeleteGithubEndpoint(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	name, ok := vars["name"]
 	if !ok {
 		slog.ErrorContext(ctx, "missing name in request")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	if err := a.r.DeleteGithubEndpoint(ctx, name); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to delete GitHub endpoint")
 		handleError(ctx, w, err)
 		return
 	}
 	w.WriteHeader(http.StatusNoContent)
 }
 // swagger:route PUT /github/endpoints/{name} endpoints UpdateGithubEndpoint
 //
 // Update a GitHub Endpoint.
 //
 //	Parameters:
 //	  + name: name
 //	    description: The name of the GitHub endpoint.
 //	    type: string
 //	    in: path
 //	    required: true
 //	  + name: Body
 //	    description: Parameters used when updating a GitHub endpoint.
 //	    type: UpdateGithubEndpointParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: ForgeEndpoint
 //	  default: APIErrorResponse
 func (a *APIController) UpdateGithubEndpoint(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	name, ok := vars["name"]
 	if !ok {
 		slog.ErrorContext(ctx, "missing name in request")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	var params params.UpdateGithubEndpointParams
 	if err := json.NewDecoder(r.Body).Decode(&params); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode request")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	endpoint, err := a.r.UpdateGithubEndpoint(ctx, name, params)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to update GitHub endpoint")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(endpoint); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
--- a/apiserver/controllers/instances.go
+++ b/apiserver/controllers/instances.go
@ -16,16 +16,31 @@ package controllers
 import (
 	"encoding/json"
-	"log"
+	"log/slog"
 	"net/http"
-
+	"strconv"
 	"github.com/cloudbase/garm/apiserver/params"
 	gErrors "github.com/cloudbase/garm/errors"
 	runnerParams "github.com/cloudbase/garm/params"
 	"github.com/gorilla/mux"
 	gErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm/apiserver/params"
 	runnerParams "github.com/cloudbase/garm/params"
 )
 // swagger:route GET /pools/{poolID}/instances instances ListPoolInstances
 //
 // List runner instances in a pool.
 //
 //	Parameters:
 //	  + name: poolID
 //	    description: Runner pool ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: Instances
 //	  default: APIErrorResponse
 func (a *APIController) ListPoolInstancesHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
@ -36,24 +51,86 @@ func (a *APIController) ListPoolInstancesHandler(w http.ResponseWriter, r *http.
 			Error:   "Bad Request",
 			Details: "No pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	instances, err := a.r.ListPoolInstances(ctx, poolID)
 	if err != nil {
-		log.Printf("listing pool instances: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing pool instances")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(instances); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /scalesets/{scalesetID}/instances instances ListScaleSetInstances
 //
 // List runner instances in a scale set.
 //
 //	Parameters:
 //	  + name: scalesetID
 //	    description: Runner scale set ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: Instances
 //	  default: APIErrorResponse
 func (a *APIController) ListScaleSetInstancesHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	scalesetID, ok := vars["scalesetID"]
 	if !ok {
 		w.WriteHeader(http.StatusBadRequest)
 		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
 			Error:   "Bad Request",
 			Details: "No pool ID specified",
 		}); err != nil {
 			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	id, err := strconv.ParseUint(scalesetID, 10, 32)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to parse id")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	instances, err := a.r.ListScaleSetInstances(ctx, uint(id))
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing pool instances")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(instances); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /instances/{instanceName} instances GetInstance
 //
 // Get runner instance by name.
 //
 //	Parameters:
 //	  + name: instanceName
 //	    description: Runner instance name.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: Instance
 //	  default: APIErrorResponse
 func (a *APIController) GetInstanceHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
@ -64,24 +141,50 @@ func (a *APIController) GetInstanceHandler(w http.ResponseWriter, r *http.Reques
 			Error:   "Bad Request",
 			Details: "No runner name specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	instance, err := a.r.GetInstance(ctx, instanceName)
 	if err != nil {
-		log.Printf("listing instances: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing instances")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(instance); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route DELETE /instances/{instanceName} instances DeleteInstance
 //
 // Delete runner instance by name.
 //
 //	Parameters:
 //	  + name: instanceName
 //	    description: Runner instance name.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: forceRemove
 //	    description: If true GARM will ignore any provider error when removing the runner and will continue to remove the runner from github and the GARM database.
 //	    type: boolean
 //	    in: query
 //	    required: false
 //
 //	  + name: bypassGHUnauthorized
 //	    description: If true GARM will ignore unauthorized errors returned by GitHub when removing a runner. This is useful if you want to clean up runners and your credentials have expired.
 //	    type: boolean
 //	    in: query
 //	    required: false
 //
 // Responses:
 //
 //	default: APIErrorResponse
 func (a *APIController) DeleteInstanceHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
@ -92,14 +195,16 @@ func (a *APIController) DeleteInstanceHandler(w http.ResponseWriter, r *http.Req
 			Error:   "Bad Request",
 			Details: "No instance name specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
-	if err := a.r.ForceDeleteRunner(ctx, instanceName); err != nil {
+	forceRemove, _ := strconv.ParseBool(r.URL.Query().Get("forceRemove"))
-		log.Printf("removing runner: %s", err)
+	bypassGHUnauthorized, _ := strconv.ParseBool(r.URL.Query().Get("bypassGHUnauthorized"))
-		handleError(w, err)
+	if err := a.r.DeleteRunner(ctx, instanceName, forceRemove, bypassGHUnauthorized); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "removing runner")
 		handleError(ctx, w, err)
 		return
 	}
@ -107,6 +212,20 @@ func (a *APIController) DeleteInstanceHandler(w http.ResponseWriter, r *http.Req
 	w.WriteHeader(http.StatusOK)
 }
 // swagger:route GET /repositories/{repoID}/instances repositories instances ListRepoInstances
 //
 // List repository instances.
 //
 //	Parameters:
 //	  + name: repoID
 //	    description: Repository ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: Instances
 //	  default: APIErrorResponse
 func (a *APIController) ListRepoInstancesHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
@ -117,24 +236,38 @@ func (a *APIController) ListRepoInstancesHandler(w http.ResponseWriter, r *http.
 			Error:   "Bad Request",
 			Details: "No repo ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	instances, err := a.r.ListRepoInstances(ctx, repoID)
 	if err != nil {
-		log.Printf("listing pools: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing pools")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(instances); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /organizations/{orgID}/instances organizations instances ListOrgInstances
 //
 // List organization instances.
 //
 //	Parameters:
 //	  + name: orgID
 //	    description: Organization ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: Instances
 //	  default: APIErrorResponse
 func (a *APIController) ListOrgInstancesHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
@ -145,24 +278,38 @@ func (a *APIController) ListOrgInstancesHandler(w http.ResponseWriter, r *http.R
 			Error:   "Bad Request",
 			Details: "No org ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	instances, err := a.r.ListOrgInstances(ctx, orgID)
 	if err != nil {
-		log.Printf("listing instances: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing instances")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(instances); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /enterprises/{enterpriseID}/instances enterprises instances ListEnterpriseInstances
 //
 // List enterprise instances.
 //
 //	Parameters:
 //	  + name: enterpriseID
 //	    description: Enterprise ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: Instances
 //	  default: APIErrorResponse
 func (a *APIController) ListEnterpriseInstancesHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
@ -173,37 +320,44 @@ func (a *APIController) ListEnterpriseInstancesHandler(w http.ResponseWriter, r
 			Error:   "Bad Request",
 			Details: "No enterprise ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	instances, err := a.r.ListEnterpriseInstances(ctx, enterpriseID)
 	if err != nil {
-		log.Printf("listing instances: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing instances")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(instances); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /instances instances ListInstances
 //
 // Get all runners' instances.
 //
 //	Responses:
 //	  200: Instances
 //	  default: APIErrorResponse
 func (a *APIController) ListAllInstancesHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	instances, err := a.r.ListAllInstances(ctx)
 	if err != nil {
-		log.Printf("listing instances: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing instances")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(instances); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
@ -212,14 +366,14 @@ func (a *APIController) InstanceStatusMessageHandler(w http.ResponseWriter, r *h
 	var updateMessage runnerParams.InstanceUpdateMessage
 	if err := json.NewDecoder(r.Body).Decode(&updateMessage); err != nil {
-		log.Printf("failed to decode: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	if err := a.r.AddInstanceStatusMessage(ctx, updateMessage); err != nil {
-		log.Printf("error saving status message: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error saving status message")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
@ -227,18 +381,22 @@ func (a *APIController) InstanceStatusMessageHandler(w http.ResponseWriter, r *h
 	w.WriteHeader(http.StatusOK)
 }
-func (a *APIController) InstanceGithubRegistrationTokenHandler(w http.ResponseWriter, r *http.Request) {
+func (a *APIController) InstanceSystemInfoHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
-	token, err := a.r.GetInstanceGithubRegistrationToken(ctx)
+	var updateMessage runnerParams.UpdateSystemInfoParams
-	if err != nil {
+	if err := json.NewDecoder(r.Body).Decode(&updateMessage); err != nil {
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	if err := a.r.UpdateSystemInfo(ctx, updateMessage); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error saving status message")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
 	if _, err := w.Write([]byte(token)); err != nil {
 		log.Printf("failed to encode response: %q", err)
 	}
 }
--- a/apiserver/controllers/metadata.go
+++ b/apiserver/controllers/metadata.go
@ -0,0 +1,125 @@
 // Copyright 2023 Cloudbase Solutions SRL
 //
 //    Licensed under the Apache License, Version 2.0 (the "License"); you may
 //    not use this file except in compliance with the License. You may obtain
 //    a copy of the License at
 //
 //         http://www.apache.org/licenses/LICENSE-2.0
 //
 //    Unless required by applicable law or agreed to in writing, software
 //    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 //    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 //    License for the specific language governing permissions and limitations
 //    under the License.
 package controllers
 import (
 	"encoding/json"
 	"fmt"
 	"log/slog"
 	"net/http"
 	"github.com/gorilla/mux"
 	"github.com/cloudbase/garm/apiserver/params"
 )
 func (a *APIController) InstanceGithubRegistrationTokenHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	token, err := a.r.GetInstanceGithubRegistrationToken(ctx)
 	if err != nil {
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
 	if _, err := w.Write([]byte(token)); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 func (a *APIController) JITCredentialsFileHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	fileName, ok := vars["fileName"]
 	if !ok {
 		w.WriteHeader(http.StatusNotFound)
 		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
 			Error:   "Not Found",
 			Details: "Not Found",
 		}); err != nil {
 			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	dotFileName := fmt.Sprintf(".%s", fileName)
 	data, err := a.r.GetJITConfigFile(ctx, dotFileName)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "getting JIT config file")
 		handleError(ctx, w, err)
 		return
 	}
 	// Note the leading dot in the filename
 	name := fmt.Sprintf("attachment; filename=%s", dotFileName)
 	w.Header().Set("Content-Disposition", name)
 	w.Header().Set("Content-Type", "octet-stream")
 	w.Header().Set("Content-Length", fmt.Sprintf("%d", len(data)))
 	w.WriteHeader(http.StatusOK)
 	if _, err := w.Write(data); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 func (a *APIController) SystemdServiceNameHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	serviceName, err := a.r.GetRunnerServiceName(ctx)
 	if err != nil {
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "text/plain")
 	w.WriteHeader(http.StatusOK)
 	if _, err := w.Write([]byte(serviceName)); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 func (a *APIController) SystemdUnitFileHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	runAsUser := r.URL.Query().Get("runAsUser")
 	data, err := a.r.GenerateSystemdUnitFile(ctx, runAsUser)
 	if err != nil {
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "text/plain")
 	w.WriteHeader(http.StatusOK)
 	if _, err := w.Write(data); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 func (a *APIController) RootCertificateBundleHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	bundle, err := a.r.GetRootCertificateBundle(ctx)
 	if err != nil {
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(bundle); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
--- a/apiserver/controllers/organizations.go
+++ b/apiserver/controllers/organizations.go
@ -16,54 +16,107 @@ package controllers
 import (
 	"encoding/json"
-	"log"
+	"log/slog"
 	"net/http"
-
+	"strconv"
 	"github.com/cloudbase/garm/apiserver/params"
 	gErrors "github.com/cloudbase/garm/errors"
 	runnerParams "github.com/cloudbase/garm/params"
 	"github.com/gorilla/mux"
 	gErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm/apiserver/params"
 	runnerParams "github.com/cloudbase/garm/params"
 )
 // swagger:route POST /organizations organizations CreateOrg
 //
 // Create organization with the parameters given.
 //
 //	Parameters:
 //	  + name: Body
 //	    description: Parameters used when creating the organization.
 //	    type: CreateOrgParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: Organization
 //	  default: APIErrorResponse
 func (a *APIController) CreateOrgHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
-	var repoData runnerParams.CreateOrgParams
+	var orgData runnerParams.CreateOrgParams
-	if err := json.NewDecoder(r.Body).Decode(&repoData); err != nil {
+	if err := json.NewDecoder(r.Body).Decode(&orgData); err != nil {
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
-	repo, err := a.r.CreateOrganization(ctx, repoData)
+	org, err := a.r.CreateOrganization(ctx, orgData)
 	if err != nil {
-		log.Printf("error creating repository: %+v", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating organization")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
-	if err := json.NewEncoder(w).Encode(repo); err != nil {
+	if err := json.NewEncoder(w).Encode(org); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /organizations organizations ListOrgs
 //
 // List organizations.
 //
 //	Parameters:
 //	  + name: name
 //	    description: Exact organization name to filter by
 //	    type: string
 //	    in: query
 //	    required: false
 //
 //	  + name: endpoint
 //	    description: Exact endpoint name to filter by
 //	    type: string
 //	    in: query
 //	    required: false
 //
 //	Responses:
 //	  200: Organizations
 //	  default: APIErrorResponse
 func (a *APIController) ListOrgsHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
-	orgs, err := a.r.ListOrganizations(ctx)
+	filter := runnerParams.OrganizationFilter{
 		Name:     r.URL.Query().Get("name"),
 		Endpoint: r.URL.Query().Get("endpoint"),
 	}
 	orgs, err := a.r.ListOrganizations(ctx, filter)
 	if err != nil {
-		log.Printf("listing orgs: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing orgs")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(orgs); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /organizations/{orgID} organizations GetOrg
 //
 // Get organization by ID.
 //
 //	Parameters:
 //	  + name: orgID
 //	    description: ID of the organization to fetch.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: Organization
 //	  default: APIErrorResponse
 func (a *APIController) GetOrgByIDHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@ -75,24 +128,43 @@ func (a *APIController) GetOrgByIDHandler(w http.ResponseWriter, r *http.Request
 			Error:   "Bad Request",
 			Details: "No org ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	org, err := a.r.GetOrganizationByID(ctx, orgID)
 	if err != nil {
-		log.Printf("fetching org: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "fetching org")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(org); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route DELETE /organizations/{orgID} organizations DeleteOrg
 //
 // Delete organization by ID.
 //
 //	Parameters:
 //	  + name: orgID
 //	    description: ID of the organization to delete.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: keepWebhook
 //	    description: If true and a webhook is installed for this organization, it will not be removed.
 //	    type: boolean
 //	    in: query
 //	    required: false
 //
 //	Responses:
 //	  default: APIErrorResponse
 func (a *APIController) DeleteOrgHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@ -104,22 +176,43 @@ func (a *APIController) DeleteOrgHandler(w http.ResponseWriter, r *http.Request)
 			Error:   "Bad Request",
 			Details: "No org ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
-	if err := a.r.DeleteOrganization(ctx, orgID); err != nil {
+	keepWebhook, _ := strconv.ParseBool(r.URL.Query().Get("keepWebhook"))
-		log.Printf("removing org: %+v", err)
+
-		handleError(w, err)
+	if err := a.r.DeleteOrganization(ctx, orgID, keepWebhook); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "removing org")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
 }
 // swagger:route PUT /organizations/{orgID} organizations UpdateOrg
 //
 // Update organization with the parameters given.
 //
 //	Parameters:
 //	  + name: orgID
 //	    description: ID of the organization to update.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: Body
 //	    description: Parameters used when updating the organization.
 //	    type: UpdateEntityParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: Organization
 //	  default: APIErrorResponse
 func (a *APIController) UpdateOrgHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@ -131,30 +224,50 @@ func (a *APIController) UpdateOrgHandler(w http.ResponseWriter, r *http.Request)
 			Error:   "Bad Request",
 			Details: "No org ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
-	var updatePayload runnerParams.UpdateRepositoryParams
+	var updatePayload runnerParams.UpdateEntityParams
 	if err := json.NewDecoder(r.Body).Decode(&updatePayload); err != nil {
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	org, err := a.r.UpdateOrganization(ctx, orgID, updatePayload)
 	if err != nil {
-		log.Printf("error updating organization: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error updating organization")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(org); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route POST /organizations/{orgID}/pools organizations pools CreateOrgPool
 //
 // Create organization pool with the parameters given.
 //
 //	Parameters:
 //	  + name: orgID
 //	    description: Organization ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: Body
 //	    description: Parameters used when creating the organization pool.
 //	    type: CreatePoolParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: Pool
 //	  default: APIErrorResponse
 func (a *APIController) CreateOrgPoolHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@ -166,31 +279,101 @@ func (a *APIController) CreateOrgPoolHandler(w http.ResponseWriter, r *http.Requ
 			Error:   "Bad Request",
 			Details: "No org ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	var poolData runnerParams.CreatePoolParams
 	if err := json.NewDecoder(r.Body).Decode(&poolData); err != nil {
-		log.Printf("failed to decode: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	pool, err := a.r.CreateOrgPool(ctx, orgID, poolData)
 	if err != nil {
-		log.Printf("error creating organization pool: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating organization pool")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route POST /organizations/{orgID}/scalesets organizations scalesets CreateOrgScaleSet
 //
 // Create organization scale set with the parameters given.
 //
 //	Parameters:
 //	  + name: orgID
 //	    description: Organization ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: Body
 //	    description: Parameters used when creating the organization scale set.
 //	    type: CreateScaleSetParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: ScaleSet
 //	  default: APIErrorResponse
 func (a *APIController) CreateOrgScaleSetHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	orgID, ok := vars["orgID"]
 	if !ok {
 		w.WriteHeader(http.StatusBadRequest)
 		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
 			Error:   "Bad Request",
 			Details: "No org ID specified",
 		}); err != nil {
 			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	var scalesetData runnerParams.CreateScaleSetParams
 	if err := json.NewDecoder(r.Body).Decode(&scalesetData); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	scaleSet, err := a.r.CreateEntityScaleSet(ctx, runnerParams.ForgeEntityTypeOrganization, orgID, scalesetData)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating organization scale set")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(scaleSet); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /organizations/{orgID}/pools organizations pools ListOrgPools
 //
 // List organization pools.
 //
 //	Parameters:
 //	  + name: orgID
 //	    description: Organization ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: Pools
 //	  default: APIErrorResponse
 func (a *APIController) ListOrgPoolsHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
@ -201,53 +384,134 @@ func (a *APIController) ListOrgPoolsHandler(w http.ResponseWriter, r *http.Reque
 			Error:   "Bad Request",
 			Details: "No org ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	pools, err := a.r.ListOrgPools(ctx, orgID)
 	if err != nil {
-		log.Printf("listing pools: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing pools")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pools); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /organizations/{orgID}/scalesets organizations scalesets ListOrgScaleSets
 //
 // List organization scale sets.
 //
 //	Parameters:
 //	  + name: orgID
 //	    description: Organization ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: ScaleSets
 //	  default: APIErrorResponse
 func (a *APIController) ListOrgScaleSetsHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	orgID, ok := vars["orgID"]
 	if !ok {
 		w.WriteHeader(http.StatusBadRequest)
 		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
 			Error:   "Bad Request",
 			Details: "No org ID specified",
 		}); err != nil {
 			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	scaleSets, err := a.r.ListEntityScaleSets(ctx, runnerParams.ForgeEntityTypeOrganization, orgID)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing scale sets")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(scaleSets); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /organizations/{orgID}/pools/{poolID} organizations pools GetOrgPool
 //
 // Get organization pool by ID.
 //
 //	Parameters:
 //	  + name: orgID
 //	    description: Organization ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: poolID
 //	    description: Pool ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: Pool
 //	  default: APIErrorResponse
 func (a *APIController) GetOrgPoolHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
-	orgID, repoOk := vars["orgID"]
+	orgID, orgOk := vars["orgID"]
 	poolID, poolOk := vars["poolID"]
-	if !repoOk || !poolOk {
+	if !orgOk || !poolOk {
 		w.WriteHeader(http.StatusBadRequest)
 		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
 			Error:   "Bad Request",
 			Details: "No org or pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	pool, err := a.r.GetOrgPoolByID(ctx, orgID, poolID)
 	if err != nil {
-		log.Printf("listing pools: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing pools")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route DELETE /organizations/{orgID}/pools/{poolID} organizations pools DeleteOrgPool
 //
 // Delete organization pool by ID.
 //
 //	Parameters:
 //	  + name: orgID
 //	    description: Organization ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: poolID
 //	    description: ID of the organization pool to delete.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  default: APIErrorResponse
 func (a *APIController) DeleteOrgPoolHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@ -260,22 +524,47 @@ func (a *APIController) DeleteOrgPoolHandler(w http.ResponseWriter, r *http.Requ
 			Error:   "Bad Request",
 			Details: "No org or pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	if err := a.r.DeleteOrgPool(ctx, orgID, poolID); err != nil {
-		log.Printf("removing pool: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "removing pool")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
 }
 // swagger:route PUT /organizations/{orgID}/pools/{poolID} organizations pools UpdateOrgPool
 //
 // Update organization pool with the parameters given.
 //
 //	Parameters:
 //	  + name: orgID
 //	    description: Organization ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: poolID
 //	    description: ID of the organization pool to update.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: Body
 //	    description: Parameters used when updating the organization pool.
 //	    type: UpdatePoolParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: Pool
 //	  default: APIErrorResponse
 func (a *APIController) UpdateOrgPoolHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@ -288,27 +577,166 @@ func (a *APIController) UpdateOrgPoolHandler(w http.ResponseWriter, r *http.Requ
 			Error:   "Bad Request",
 			Details: "No org or pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	var poolData runnerParams.UpdatePoolParams
 	if err := json.NewDecoder(r.Body).Decode(&poolData); err != nil {
-		log.Printf("failed to decode: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	pool, err := a.r.UpdateOrgPool(ctx, orgID, poolID, poolData)
 	if err != nil {
-		log.Printf("error creating organization pool: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating organization pool")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route POST /organizations/{orgID}/webhook organizations hooks InstallOrgWebhook
 //
 // Install the GARM webhook for an organization. The secret configured on the organization will
 // be used to validate the requests.
 //
 //	Parameters:
 //	  + name: orgID
 //	    description: Organization ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: Body
 //	    description: Parameters used when creating the organization webhook.
 //	    type: InstallWebhookParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: HookInfo
 //	  default: APIErrorResponse
 func (a *APIController) InstallOrgWebhookHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	orgID, orgOk := vars["orgID"]
 	if !orgOk {
 		w.WriteHeader(http.StatusBadRequest)
 		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
 			Error:   "Bad Request",
 			Details: "No org ID specified",
 		}); err != nil {
 			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	var hookParam runnerParams.InstallWebhookParams
 	if err := json.NewDecoder(r.Body).Decode(&hookParam); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	info, err := a.r.InstallOrgWebhook(ctx, orgID, hookParam)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "installing webhook")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(info); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route DELETE /organizations/{orgID}/webhook organizations hooks UninstallOrgWebhook
 //
 // Uninstall organization webhook.
 //
 //	Parameters:
 //	  + name: orgID
 //	    description: Organization ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  default: APIErrorResponse
 func (a *APIController) UninstallOrgWebhookHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	orgID, orgOk := vars["orgID"]
 	if !orgOk {
 		w.WriteHeader(http.StatusBadRequest)
 		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
 			Error:   "Bad Request",
 			Details: "No org ID specified",
 		}); err != nil {
 			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	if err := a.r.UninstallOrgWebhook(ctx, orgID); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "removing webhook")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
 }
 // swagger:route GET /organizations/{orgID}/webhook organizations hooks GetOrgWebhookInfo
 //
 // Get information about the GARM installed webhook on an organization.
 //
 //	Parameters:
 //	  + name: orgID
 //	    description: Organization ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: HookInfo
 //	  default: APIErrorResponse
 func (a *APIController) GetOrgWebhookInfoHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	orgID, orgOk := vars["orgID"]
 	if !orgOk {
 		w.WriteHeader(http.StatusBadRequest)
 		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
 			Error:   "Bad Request",
 			Details: "No org ID specified",
 		}); err != nil {
 			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	info, err := a.r.GetOrgWebhookInfo(ctx, orgID)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "getting webhook info")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(info); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
--- a/apiserver/controllers/pools.go
+++ b/apiserver/controllers/pools.go
@ -16,33 +16,53 @@ package controllers
 import (
 	"encoding/json"
-	"log"
+	"log/slog"
 	"net/http"
 	"github.com/cloudbase/garm/apiserver/params"
 	gErrors "github.com/cloudbase/garm/errors"
 	runnerParams "github.com/cloudbase/garm/params"
 	"github.com/gorilla/mux"
 	gErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm/apiserver/params"
 	runnerParams "github.com/cloudbase/garm/params"
 )
 // swagger:route GET /pools pools ListPools
 //
 // List all pools.
 //
 //	Responses:
 //	  200: Pools
 //	  default: APIErrorResponse
 func (a *APIController) ListAllPoolsHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	pools, err := a.r.ListAllPools(ctx)
 	if err != nil {
-		log.Printf("listing pools: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing pools")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pools); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /pools/{poolID} pools GetPool
 //
 // Get pool by ID.
 //
 //	Parameters:
 //	  + name: poolID
 //	    description: ID of the pool to fetch.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: Pool
 //	  default: APIErrorResponse
 func (a *APIController) GetPoolByIDHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@ -54,15 +74,15 @@ func (a *APIController) GetPoolByIDHandler(w http.ResponseWriter, r *http.Reques
 			Error:   "Bad Request",
 			Details: "No pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	pool, err := a.r.GetPoolByID(ctx, poolID)
 	if err != nil {
-		log.Printf("fetching pool: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "fetching pool")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
@ -70,10 +90,23 @@ func (a *APIController) GetPoolByIDHandler(w http.ResponseWriter, r *http.Reques
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route DELETE /pools/{poolID} pools DeletePool
 //
 // Delete pool by ID.
 //
 //	Parameters:
 //	  + name: poolID
 //	    description: ID of the pool to delete.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  default: APIErrorResponse
 func (a *APIController) DeletePoolByIDHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@ -85,14 +118,14 @@ func (a *APIController) DeletePoolByIDHandler(w http.ResponseWriter, r *http.Req
 			Error:   "Bad Request",
 			Details: "No pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	if err := a.r.DeletePoolByID(ctx, poolID); err != nil {
-		log.Printf("removing pool: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "removing pool")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
@ -100,6 +133,26 @@ func (a *APIController) DeletePoolByIDHandler(w http.ResponseWriter, r *http.Req
 	w.WriteHeader(http.StatusOK)
 }
 // swagger:route PUT /pools/{poolID} pools UpdatePool
 //
 // Update pool by ID.
 //
 //	Parameters:
 //	  + name: poolID
 //	    description: ID of the pool to update.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: Body
 //	    description: Parameters to update the pool with.
 //	    type: UpdatePoolParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: Pool
 //	  default: APIErrorResponse
 func (a *APIController) UpdatePoolByIDHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@ -111,27 +164,27 @@ func (a *APIController) UpdatePoolByIDHandler(w http.ResponseWriter, r *http.Req
 			Error:   "Bad Request",
 			Details: "No pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	var poolData runnerParams.UpdatePoolParams
 	if err := json.NewDecoder(r.Body).Decode(&poolData); err != nil {
-		log.Printf("failed to decode: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	pool, err := a.r.UpdatePoolByID(ctx, poolID, poolData)
 	if err != nil {
-		log.Printf("fetching pool: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "fetching pool")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
--- a/apiserver/controllers/repositories.go
+++ b/apiserver/controllers/repositories.go
@ -16,54 +16,114 @@ package controllers
 import (
 	"encoding/json"
-	"log"
+	"log/slog"
 	"net/http"
-
+	"strconv"
 	"github.com/cloudbase/garm/apiserver/params"
 	gErrors "github.com/cloudbase/garm/errors"
 	runnerParams "github.com/cloudbase/garm/params"
 	"github.com/gorilla/mux"
 	gErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm/apiserver/params"
 	runnerParams "github.com/cloudbase/garm/params"
 )
 // swagger:route POST /repositories repositories CreateRepo
 //
 // Create repository with the parameters given.
 //
 //	Parameters:
 //	  + name: Body
 //	    description: Parameters used when creating the repository.
 //	    type: CreateRepoParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: Repository
 //	  default: APIErrorResponse
 func (a *APIController) CreateRepoHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	var repoData runnerParams.CreateRepoParams
 	if err := json.NewDecoder(r.Body).Decode(&repoData); err != nil {
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	repo, err := a.r.CreateRepository(ctx, repoData)
 	if err != nil {
-		log.Printf("error creating repository: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating repository")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(repo); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /repositories repositories ListRepos
 //
 // List repositories.
 //
 //	Parameters:
 //	  + name: owner
 //	    description: Exact owner name to filter by
 //	    type: string
 //	    in: query
 //	    required: false
 //
 //	  + name: name
 //	    description: Exact repository name to filter by
 //	    type: string
 //	    in: query
 //	    required: false
 //
 //	  + name: endpoint
 //	    description: Exact endpoint name to filter by
 //	    type: string
 //	    in: query
 //	    required: false
 //
 //	Responses:
 //	  200: Repositories
 //	  default: APIErrorResponse
 func (a *APIController) ListReposHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
-	repos, err := a.r.ListRepositories(ctx)
+	filter := runnerParams.RepositoryFilter{
 		Name:     r.URL.Query().Get("name"),
 		Owner:    r.URL.Query().Get("owner"),
 		Endpoint: r.URL.Query().Get("endpoint"),
 	}
 	repos, err := a.r.ListRepositories(ctx, filter)
 	if err != nil {
-		log.Printf("listing repos: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing repositories")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(repos); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /repositories/{repoID} repositories GetRepo
 //
 // Get repository by ID.
 //
 //	Parameters:
 //	  + name: repoID
 //	    description: ID of the repository to fetch.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: Repository
 //	  default: APIErrorResponse
 func (a *APIController) GetRepoByIDHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@ -75,24 +135,43 @@ func (a *APIController) GetRepoByIDHandler(w http.ResponseWriter, r *http.Reques
 			Error:   "Bad Request",
 			Details: "No repo ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	repo, err := a.r.GetRepositoryByID(ctx, repoID)
 	if err != nil {
-		log.Printf("fetching repo: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "fetching repository")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(repo); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route DELETE /repositories/{repoID} repositories DeleteRepo
 //
 // Delete repository by ID.
 //
 //	Parameters:
 //	  + name: repoID
 //	    description: ID of the repository to delete.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: keepWebhook
 //	    description: If true and a webhook is installed for this repo, it will not be removed.
 //	    type: boolean
 //	    in: query
 //	    required: false
 //
 //	Responses:
 //	  default: APIErrorResponse
 func (a *APIController) DeleteRepoHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@ -104,22 +183,42 @@ func (a *APIController) DeleteRepoHandler(w http.ResponseWriter, r *http.Request
 			Error:   "Bad Request",
 			Details: "No repo ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
-	if err := a.r.DeleteRepository(ctx, repoID); err != nil {
+	keepWebhook, _ := strconv.ParseBool(r.URL.Query().Get("keepWebhook"))
-		log.Printf("fetching repo: %s", err)
+	if err := a.r.DeleteRepository(ctx, repoID, keepWebhook); err != nil {
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "fetching repository")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
 }
 // swagger:route PUT /repositories/{repoID} repositories UpdateRepo
 //
 // Update repository with the parameters given.
 //
 //	Parameters:
 //	  + name: repoID
 //	    description: ID of the repository to update.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: Body
 //	    description: Parameters used when updating the repository.
 //	    type: UpdateEntityParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: Repository
 //	  default: APIErrorResponse
 func (a *APIController) UpdateRepoHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@ -131,30 +230,50 @@ func (a *APIController) UpdateRepoHandler(w http.ResponseWriter, r *http.Request
 			Error:   "Bad Request",
 			Details: "No repo ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
-	var updatePayload runnerParams.UpdateRepositoryParams
+	var updatePayload runnerParams.UpdateEntityParams
 	if err := json.NewDecoder(r.Body).Decode(&updatePayload); err != nil {
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	repo, err := a.r.UpdateRepository(ctx, repoID, updatePayload)
 	if err != nil {
-		log.Printf("error updating repository: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error updating repository")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(repo); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route POST /repositories/{repoID}/pools repositories pools CreateRepoPool
 //
 // Create repository pool with the parameters given.
 //
 //	Parameters:
 //	  + name: repoID
 //	    description: Repository ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: Body
 //	    description: Parameters used when creating the repository pool.
 //	    type: CreatePoolParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: Pool
 //	  default: APIErrorResponse
 func (a *APIController) CreateRepoPoolHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@ -166,31 +285,101 @@ func (a *APIController) CreateRepoPoolHandler(w http.ResponseWriter, r *http.Req
 			Error:   "Bad Request",
 			Details: "No repo ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	var poolData runnerParams.CreatePoolParams
 	if err := json.NewDecoder(r.Body).Decode(&poolData); err != nil {
-		log.Printf("failed to decode: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	pool, err := a.r.CreateRepoPool(ctx, repoID, poolData)
 	if err != nil {
-		log.Printf("error creating repository pool: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating repository pool")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route POST /repositories/{repoID}/scalesets repositories scalesets CreateRepoScaleSet
 //
 // Create repository scale set with the parameters given.
 //
 //	Parameters:
 //	  + name: repoID
 //	    description: Repository ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: Body
 //	    description: Parameters used when creating the repository scale set.
 //	    type: CreateScaleSetParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: ScaleSet
 //	  default: APIErrorResponse
 func (a *APIController) CreateRepoScaleSetHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	repoID, ok := vars["repoID"]
 	if !ok {
 		w.WriteHeader(http.StatusBadRequest)
 		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
 			Error:   "Bad Request",
 			Details: "No repo ID specified",
 		}); err != nil {
 			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	var scaleSetData runnerParams.CreateScaleSetParams
 	if err := json.NewDecoder(r.Body).Decode(&scaleSetData); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	scaleSet, err := a.r.CreateEntityScaleSet(ctx, runnerParams.ForgeEntityTypeRepository, repoID, scaleSetData)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating repository scale set")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(scaleSet); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /repositories/{repoID}/pools repositories pools ListRepoPools
 //
 // List repository pools.
 //
 //	Parameters:
 //	  + name: repoID
 //	    description: Repository ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: Pools
 //	  default: APIErrorResponse
 func (a *APIController) ListRepoPoolsHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
@ -201,24 +390,86 @@ func (a *APIController) ListRepoPoolsHandler(w http.ResponseWriter, r *http.Requ
 			Error:   "Bad Request",
 			Details: "No repo ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	pools, err := a.r.ListRepoPools(ctx, repoID)
 	if err != nil {
-		log.Printf("listing pools: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing pools")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pools); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /repositories/{repoID}/scalesets repositories scalesets ListRepoScaleSets
 //
 // List repository scale sets.
 //
 //	Parameters:
 //	  + name: repoID
 //	    description: Repository ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: ScaleSets
 //	  default: APIErrorResponse
 func (a *APIController) ListRepoScaleSetsHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	repoID, ok := vars["repoID"]
 	if !ok {
 		w.WriteHeader(http.StatusBadRequest)
 		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
 			Error:   "Bad Request",
 			Details: "No repo ID specified",
 		}); err != nil {
 			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	scaleSets, err := a.r.ListEntityScaleSets(ctx, runnerParams.ForgeEntityTypeRepository, repoID)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing scale sets")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(scaleSets); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /repositories/{repoID}/pools/{poolID} repositories pools GetRepoPool
 //
 // Get repository pool by ID.
 //
 //	Parameters:
 //	  + name: repoID
 //	    description: Repository ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: poolID
 //	    description: Pool ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: Pool
 //	  default: APIErrorResponse
 func (a *APIController) GetRepoPoolHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
@ -230,24 +481,43 @@ func (a *APIController) GetRepoPoolHandler(w http.ResponseWriter, r *http.Reques
 			Error:   "Bad Request",
 			Details: "No repo or pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	pool, err := a.r.GetRepoPoolByID(ctx, repoID, poolID)
 	if err != nil {
-		log.Printf("listing pools: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing pools")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route DELETE /repositories/{repoID}/pools/{poolID} repositories pools DeleteRepoPool
 //
 // Delete repository pool by ID.
 //
 //	Parameters:
 //	  + name: repoID
 //	    description: Repository ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: poolID
 //	    description: ID of the repository pool to delete.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  default: APIErrorResponse
 func (a *APIController) DeleteRepoPoolHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@ -260,22 +530,47 @@ func (a *APIController) DeleteRepoPoolHandler(w http.ResponseWriter, r *http.Req
 			Error:   "Bad Request",
 			Details: "No repo or pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	if err := a.r.DeleteRepoPool(ctx, repoID, poolID); err != nil {
-		log.Printf("removing pool: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "removing pool")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
 }
 // swagger:route PUT /repositories/{repoID}/pools/{poolID} repositories pools UpdateRepoPool
 //
 // Update repository pool with the parameters given.
 //
 //	Parameters:
 //	  + name: repoID
 //	    description: Repository ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: poolID
 //	    description: ID of the repository pool to update.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: Body
 //	    description: Parameters used when updating the repository pool.
 //	    type: UpdatePoolParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: Pool
 //	  default: APIErrorResponse
 func (a *APIController) UpdateRepoPoolHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@ -288,27 +583,166 @@ func (a *APIController) UpdateRepoPoolHandler(w http.ResponseWriter, r *http.Req
 			Error:   "Bad Request",
 			Details: "No repo or pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	var poolData runnerParams.UpdatePoolParams
 	if err := json.NewDecoder(r.Body).Decode(&poolData); err != nil {
-		log.Printf("failed to decode: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	pool, err := a.r.UpdateRepoPool(ctx, repoID, poolID, poolData)
 	if err != nil {
-		log.Printf("error creating repository pool: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating repository pool")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route POST /repositories/{repoID}/webhook repositories hooks InstallRepoWebhook
 //
 // Install the GARM webhook for an organization. The secret configured on the organization will
 // be used to validate the requests.
 //
 //	Parameters:
 //	  + name: repoID
 //	    description: Repository ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: Body
 //	    description: Parameters used when creating the repository webhook.
 //	    type: InstallWebhookParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: HookInfo
 //	  default: APIErrorResponse
 func (a *APIController) InstallRepoWebhookHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	repoID, orgOk := vars["repoID"]
 	if !orgOk {
 		w.WriteHeader(http.StatusBadRequest)
 		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
 			Error:   "Bad Request",
 			Details: "No repository ID specified",
 		}); err != nil {
 			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	var hookParam runnerParams.InstallWebhookParams
 	if err := json.NewDecoder(r.Body).Decode(&hookParam); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	info, err := a.r.InstallRepoWebhook(ctx, repoID, hookParam)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "installing webhook")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(info); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route DELETE /repositories/{repoID}/webhook repositories hooks UninstallRepoWebhook
 //
 // Uninstall organization webhook.
 //
 //	Parameters:
 //	  + name: repoID
 //	    description: Repository ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  default: APIErrorResponse
 func (a *APIController) UninstallRepoWebhookHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	repoID, orgOk := vars["repoID"]
 	if !orgOk {
 		w.WriteHeader(http.StatusBadRequest)
 		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
 			Error:   "Bad Request",
 			Details: "No repository ID specified",
 		}); err != nil {
 			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	if err := a.r.UninstallRepoWebhook(ctx, repoID); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "removing webhook")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
 }
 // swagger:route GET /repositories/{repoID}/webhook repositories hooks GetRepoWebhookInfo
 //
 // Get information about the GARM installed webhook on a repository.
 //
 //	Parameters:
 //	  + name: repoID
 //	    description: Repository ID.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: HookInfo
 //	  default: APIErrorResponse
 func (a *APIController) GetRepoWebhookInfoHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	repoID, orgOk := vars["repoID"]
 	if !orgOk {
 		w.WriteHeader(http.StatusBadRequest)
 		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
 			Error:   "Bad Request",
 			Details: "No repository ID specified",
 		}); err != nil {
 			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	info, err := a.r.GetRepoWebhookInfo(ctx, repoID)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "getting webhook info")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(info); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
--- a/apiserver/controllers/scalesets.go
+++ b/apiserver/controllers/scalesets.go
@ -0,0 +1,211 @@
 // Copyright 2022 Cloudbase Solutions SRL
 //
 //    Licensed under the Apache License, Version 2.0 (the "License"); you may
 //    not use this file except in compliance with the License. You may obtain
 //    a copy of the License at
 //
 //         http://www.apache.org/licenses/LICENSE-2.0
 //
 //    Unless required by applicable law or agreed to in writing, software
 //    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 //    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 //    License for the specific language governing permissions and limitations
 //    under the License.
 package controllers
 import (
 	"encoding/json"
 	"log/slog"
 	"net/http"
 	"strconv"
 	"github.com/gorilla/mux"
 	gErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm/apiserver/params"
 	runnerParams "github.com/cloudbase/garm/params"
 )
 // swagger:route GET /scalesets scalesets ListScalesets
 //
 // List all scalesets.
 //
 //	Responses:
 //	  200: ScaleSets
 //	  default: APIErrorResponse
 func (a *APIController) ListAllScaleSetsHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	scalesets, err := a.r.ListAllScaleSets(ctx)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing scale sets")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(scalesets); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route GET /scalesets/{scalesetID} scalesets GetScaleSet
 //
 // Get scale set by ID.
 //
 //	Parameters:
 //	  + name: scalesetID
 //	    description: ID of the scale set to fetch.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  200: ScaleSet
 //	  default: APIErrorResponse
 func (a *APIController) GetScaleSetByIDHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	scaleSetID, ok := vars["scalesetID"]
 	if !ok {
 		w.WriteHeader(http.StatusBadRequest)
 		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
 			Error:   "Bad Request",
 			Details: "No scale set ID specified",
 		}); err != nil {
 			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	id, err := strconv.ParseUint(scaleSetID, 10, 32)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to parse id")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	scaleSet, err := a.r.GetScaleSetByID(ctx, uint(id))
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "fetching scale set")
 		handleError(ctx, w, err)
 		return
 	}
 	scaleSet.RunnerBootstrapTimeout = scaleSet.RunnerTimeout()
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(scaleSet); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 // swagger:route DELETE /scalesets/{scalesetID} scalesets DeleteScaleSet
 //
 // Delete scale set by ID.
 //
 //	Parameters:
 //	  + name: scalesetID
 //	    description: ID of the scale set to delete.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	Responses:
 //	  default: APIErrorResponse
 func (a *APIController) DeleteScaleSetByIDHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	scalesetID, ok := vars["scalesetID"]
 	if !ok {
 		w.WriteHeader(http.StatusBadRequest)
 		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
 			Error:   "Bad Request",
 			Details: "No scale set ID specified",
 		}); err != nil {
 			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	id, err := strconv.ParseUint(scalesetID, 10, 32)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to parse id")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	if err := a.r.DeleteScaleSetByID(ctx, uint(id)); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "removing scale set")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
 }
 // swagger:route PUT /scalesets/{scalesetID} scalesets UpdateScaleSet
 //
 // Update scale set by ID.
 //
 //	Parameters:
 //	  + name: scalesetID
 //	    description: ID of the scale set to update.
 //	    type: string
 //	    in: path
 //	    required: true
 //
 //	  + name: Body
 //	    description: Parameters to update the scale set with.
 //	    type: UpdateScaleSetParams
 //	    in: body
 //	    required: true
 //
 //	Responses:
 //	  200: ScaleSet
 //	  default: APIErrorResponse
 func (a *APIController) UpdateScaleSetByIDHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
 	scalesetID, ok := vars["scalesetID"]
 	if !ok {
 		w.WriteHeader(http.StatusBadRequest)
 		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
 			Error:   "Bad Request",
 			Details: "No scale set ID specified",
 		}); err != nil {
 			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 	id, err := strconv.ParseUint(scalesetID, 10, 32)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to parse id")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	var scaleSetData runnerParams.UpdateScaleSetParams
 	if err := json.NewDecoder(r.Body).Decode(&scaleSetData); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
 		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 	scaleSet, err := a.r.UpdateScaleSetByID(ctx, uint(id), scaleSetData)
 	if err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "updating scale set")
 		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(scaleSet); err != nil {
 		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
--- a/apiserver/params/params.go
+++ b/apiserver/params/params.go
@ -14,6 +14,7 @@
 package params
 // swagger:model APIErrorResponse
 // APIErrorResponse holds information about an error, returned by the API
 type APIErrorResponse struct {
 	Error   string `json:"error"`
@ -36,4 +37,9 @@ var (
 		Error:   "init_required",
 		Details: "Missing superuser",
 	}
 	// URLsRequired is returned if the controller does not have the required URLs
 	URLsRequired = APIErrorResponse{
 		Error:   "urls_required",
 		Details: "Missing required URLs. Make sure you update the metadata and callback URLs",
 	}
 )
--- a/apiserver/routers/routers.go
+++ b/apiserver/routers/routers.go
@ -12,18 +12,53 @@
 //    License for the specific language governing permissions and limitations
 //    under the License.
 // Package routers Garm API.
 //
 // The Garm API generated using go-swagger.
 //
 //	BasePath: /api/v1
 //	Version: 1.0.0
 //	License: Apache 2.0 https://www.apache.org/licenses/LICENSE-2.0
 //
 //	Consumes:
 //	- application/json
 //
 //	Produces:
 //	- application/json
 //
 //	Security:
 //	- Bearer:
 //
 //	SecurityDefinitions:
 //	  Bearer:
 //	    type: apiKey
 //	    name: Authorization
 //	    in: header
 //	    description: >-
 //	      The token with the `Bearer: ` prefix, e.g. "Bearer abcde12345".
 //
 // swagger:meta
 package routers
-import (
+//go:generate go run github.com/go-swagger/go-swagger/cmd/swagger@v0.31.0 generate spec --input=../swagger-models.yaml --output=../swagger.yaml --include="routers|controllers"
-	"io"
+//go:generate go run github.com/go-swagger/go-swagger/cmd/swagger@v0.31.0 validate ../swagger.yaml
-	"net/http"
+//go:generate rm -rf ../../client
 //go:generate go run github.com/go-swagger/go-swagger/cmd/swagger@v0.31.0 generate client --target=../../ --spec=../swagger.yaml
 import (
 	_ "expvar" // Register the expvar handlers
 	"log/slog"
 	"net/http"
 	_ "net/http/pprof" //nolint:golangci-lint,gosec // Register the pprof handlers
 	"github.com/felixge/httpsnoop"
 	"github.com/gorilla/mux"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"github.com/cloudbase/garm/apiserver/controllers"
 	"github.com/cloudbase/garm/auth"
-	"github.com/cloudbase/garm/util"
+	"github.com/cloudbase/garm/config"
 	spaAssets "github.com/cloudbase/garm/webapp/assets"
 )
 func WithMetricsRouter(parentRouter *mux.Router, disableAuth bool, metricsMiddlerware auth.Middleware) *mux.Router {
@ -40,15 +75,67 @@ func WithMetricsRouter(parentRouter *mux.Router, disableAuth bool, metricsMiddle
 	return parentRouter
 }
-func NewAPIRouter(han *controllers.APIController, logWriter io.Writer, authMiddleware, initMiddleware, instanceMiddleware auth.Middleware) *mux.Router {
+func WithDebugServer(parentRouter *mux.Router) *mux.Router {
 	if parentRouter == nil {
 		return nil
 	}
 	parentRouter.PathPrefix("/debug/pprof/").Handler(http.DefaultServeMux)
 	return parentRouter
 }
 func WithWebUI(parentRouter *mux.Router, apiConfig config.APIServer) *mux.Router {
 	if parentRouter == nil {
 		return nil
 	}
 	if apiConfig.WebUI.EnableWebUI {
 		slog.Info("WebUI is enabled, adding webapp routes")
 		webappPath := apiConfig.WebUI.GetWebappPath()
 		slog.Info("Using webapp path", "path", webappPath)
 		// Accessing / should redirect to the UI
 		parentRouter.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 			http.Redirect(w, r, webappPath, http.StatusMovedPermanently) // 301
 		})
 		// Serve the SPA with dynamic path
 		parentRouter.PathPrefix(webappPath).HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			spaAssets.ServeSPAWithPath(w, r, webappPath)
 		}).Methods("GET")
 	} else {
 		slog.Info("WebUI is disabled, skipping webapp routes")
 	}
 	return parentRouter
 }
 func requestLogger(h http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// gathers metrics from the upstream handlers
 		metrics := httpsnoop.CaptureMetrics(h, w, r)
 		slog.Info(
 			"access_log",
 			slog.String("method", r.Method),
 			slog.String("uri", r.URL.RequestURI()),
 			slog.String("user_agent", r.Header.Get("User-Agent")),
 			slog.String("ip", r.RemoteAddr),
 			slog.Int("code", metrics.Code),
 			slog.Int64("bytes", metrics.Written),
 			slog.Duration("request_time", metrics.Duration),
 		)
 	})
 }
 func NewAPIRouter(han *controllers.APIController, authMiddleware, initMiddleware, urlsRequiredMiddleware, instanceMiddleware auth.Middleware, manageWebhooks bool) *mux.Router {
 	router := mux.NewRouter()
-	logMiddleware := util.NewLoggingMiddleware(logWriter)
+	router.Use(requestLogger)
 	router.Use(logMiddleware)
 	// Handles github webhooks
 	webhookRouter := router.PathPrefix("/webhooks").Subrouter()
-	webhookRouter.PathPrefix("/").Handler(http.HandlerFunc(han.CatchAll))
+	webhookRouter.Handle("/", http.HandlerFunc(han.WebhookHandler))
-	webhookRouter.PathPrefix("").Handler(http.HandlerFunc(han.CatchAll))
+	webhookRouter.Handle("", http.HandlerFunc(han.WebhookHandler))
 	webhookRouter.Handle("/{controllerID}/", http.HandlerFunc(han.WebhookHandler))
 	webhookRouter.Handle("/{controllerID}", http.HandlerFunc(han.WebhookHandler))
 	// Handles API calls
 	apiSubRouter := router.PathPrefix("/api/v1").Subrouter()
@ -56,30 +143,84 @@ func NewAPIRouter(han *controllers.APIController, logWriter io.Writer, authMiddl
 	// FirstRunHandler
 	firstRunRouter := apiSubRouter.PathPrefix("/first-run").Subrouter()
 	firstRunRouter.Handle("/", http.HandlerFunc(han.FirstRunHandler)).Methods("POST", "OPTIONS")
 	firstRunRouter.Handle("", http.HandlerFunc(han.FirstRunHandler)).Methods("POST", "OPTIONS")
 	// Instance URLs
 	callbackRouter := apiSubRouter.PathPrefix("/callbacks").Subrouter()
 	callbackRouter.Handle("/status/", http.HandlerFunc(han.InstanceStatusMessageHandler)).Methods("POST", "OPTIONS")
 	callbackRouter.Handle("/status", http.HandlerFunc(han.InstanceStatusMessageHandler)).Methods("POST", "OPTIONS")
 	callbackRouter.Handle("/system-info/", http.HandlerFunc(han.InstanceSystemInfoHandler)).Methods("POST", "OPTIONS")
 	callbackRouter.Handle("/system-info", http.HandlerFunc(han.InstanceSystemInfoHandler)).Methods("POST", "OPTIONS")
 	callbackRouter.Use(instanceMiddleware.Middleware)
 	///////////////////
 	// Metadata URLs //
 	///////////////////
 	metadataRouter := apiSubRouter.PathPrefix("/metadata").Subrouter()
 	metadataRouter.Use(instanceMiddleware.Middleware)
 	// Registration token
 	metadataRouter.Handle("/runner-registration-token/", http.HandlerFunc(han.InstanceGithubRegistrationTokenHandler)).Methods("GET", "OPTIONS")
 	metadataRouter.Handle("/runner-registration-token", http.HandlerFunc(han.InstanceGithubRegistrationTokenHandler)).Methods("GET", "OPTIONS")
-	metadataRouter.Use(instanceMiddleware.Middleware)
+	// JIT credential files
 	metadataRouter.Handle("/credentials/{fileName}/", http.HandlerFunc(han.JITCredentialsFileHandler)).Methods("GET", "OPTIONS")
 	metadataRouter.Handle("/credentials/{fileName}", http.HandlerFunc(han.JITCredentialsFileHandler)).Methods("GET", "OPTIONS")
 	// Systemd files
 	metadataRouter.Handle("/system/service-name/", http.HandlerFunc(han.SystemdServiceNameHandler)).Methods("GET", "OPTIONS")
 	metadataRouter.Handle("/system/service-name", http.HandlerFunc(han.SystemdServiceNameHandler)).Methods("GET", "OPTIONS")
 	metadataRouter.Handle("/systemd/unit-file/", http.HandlerFunc(han.SystemdUnitFileHandler)).Methods("GET", "OPTIONS")
 	metadataRouter.Handle("/systemd/unit-file", http.HandlerFunc(han.SystemdUnitFileHandler)).Methods("GET", "OPTIONS")
 	metadataRouter.Handle("/system/cert-bundle/", http.HandlerFunc(han.RootCertificateBundleHandler)).Methods("GET", "OPTIONS")
 	metadataRouter.Handle("/system/cert-bundle", http.HandlerFunc(han.RootCertificateBundleHandler)).Methods("GET", "OPTIONS")
 	// Login
 	authRouter := apiSubRouter.PathPrefix("/auth").Subrouter()
 	authRouter.Handle("/{login:login\\/?}", http.HandlerFunc(han.LoginHandler)).Methods("POST", "OPTIONS")
 	authRouter.Use(initMiddleware.Middleware)
 	//////////////////////////
 	// Controller endpoints //
 	//////////////////////////
 	controllerRouter := apiSubRouter.PathPrefix("/controller").Subrouter()
 	// The controller endpoints allow us to get information about the controller and update the URL endpoints.
 	// This endpoint must not be guarded by the urlsRequiredMiddleware as that would prevent the user from
 	// updating the URLs.
 	controllerRouter.Use(initMiddleware.Middleware)
 	controllerRouter.Use(authMiddleware.Middleware)
 	controllerRouter.Use(auth.AdminRequiredMiddleware)
 	// Get controller info
 	controllerRouter.Handle("/", http.HandlerFunc(han.ControllerInfoHandler)).Methods("GET", "OPTIONS")
 	controllerRouter.Handle("", http.HandlerFunc(han.ControllerInfoHandler)).Methods("GET", "OPTIONS")
 	// Update controller
 	controllerRouter.Handle("/", http.HandlerFunc(han.UpdateControllerHandler)).Methods("PUT", "OPTIONS")
 	controllerRouter.Handle("", http.HandlerFunc(han.UpdateControllerHandler)).Methods("PUT", "OPTIONS")
 	////////////////////////////////////
 	// API router for everything else //
 	////////////////////////////////////
 	apiRouter := apiSubRouter.PathPrefix("").Subrouter()
 	apiRouter.Use(initMiddleware.Middleware)
 	// all endpoints except the controller endpoint should return an error
 	// if the required metadata, callback and webhook URLs are not set.
 	apiRouter.Use(urlsRequiredMiddleware.Middleware)
 	apiRouter.Use(authMiddleware.Middleware)
 	apiRouter.Use(auth.AdminRequiredMiddleware)
 	// Legacy controller path
 	apiRouter.Handle("/controller-info/", http.HandlerFunc(han.ControllerInfoHandler)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/controller-info", http.HandlerFunc(han.ControllerInfoHandler)).Methods("GET", "OPTIONS")
 	// Metrics Token
 	apiRouter.Handle("/metrics-token/", http.HandlerFunc(han.MetricsTokenHandler)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/metrics-token", http.HandlerFunc(han.MetricsTokenHandler)).Methods("GET", "OPTIONS")
 	//////////
 	// Jobs //
 	//////////
 	// List all jobs
 	apiRouter.Handle("/jobs/", http.HandlerFunc(han.ListAllJobs)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/jobs", http.HandlerFunc(han.ListAllJobs)).Methods("GET", "OPTIONS")
 	///////////
 	// Pools //
 	///////////
@ -99,6 +240,25 @@ func NewAPIRouter(han *controllers.APIController, logWriter io.Writer, authMiddl
 	apiRouter.Handle("/pools/{poolID}/instances/", http.HandlerFunc(han.ListPoolInstancesHandler)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/pools/{poolID}/instances", http.HandlerFunc(han.ListPoolInstancesHandler)).Methods("GET", "OPTIONS")
 	////////////////
 	// Scale sets //
 	////////////////
 	// List all pools
 	apiRouter.Handle("/scalesets/", http.HandlerFunc(han.ListAllScaleSetsHandler)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/scalesets", http.HandlerFunc(han.ListAllScaleSetsHandler)).Methods("GET", "OPTIONS")
 	// Get one pool
 	apiRouter.Handle("/scalesets/{scalesetID}/", http.HandlerFunc(han.GetScaleSetByIDHandler)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/scalesets/{scalesetID}", http.HandlerFunc(han.GetScaleSetByIDHandler)).Methods("GET", "OPTIONS")
 	// Delete one pool
 	apiRouter.Handle("/scalesets/{scalesetID}/", http.HandlerFunc(han.DeleteScaleSetByIDHandler)).Methods("DELETE", "OPTIONS")
 	apiRouter.Handle("/scalesets/{scalesetID}", http.HandlerFunc(han.DeleteScaleSetByIDHandler)).Methods("DELETE", "OPTIONS")
 	// Update one pool
 	apiRouter.Handle("/scalesets/{scalesetID}/", http.HandlerFunc(han.UpdateScaleSetByIDHandler)).Methods("PUT", "OPTIONS")
 	apiRouter.Handle("/scalesets/{scalesetID}", http.HandlerFunc(han.UpdateScaleSetByIDHandler)).Methods("PUT", "OPTIONS")
 	// List pool instances
 	apiRouter.Handle("/scalesets/{scalesetID}/instances/", http.HandlerFunc(han.ListScaleSetInstancesHandler)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/scalesets/{scalesetID}/instances", http.HandlerFunc(han.ListScaleSetInstancesHandler)).Methods("GET", "OPTIONS")
 	/////////////
 	// Runners //
 	/////////////
@ -131,6 +291,14 @@ func NewAPIRouter(han *controllers.APIController, logWriter io.Writer, authMiddl
 	apiRouter.Handle("/repositories/{repoID}/pools/", http.HandlerFunc(han.CreateRepoPoolHandler)).Methods("POST", "OPTIONS")
 	apiRouter.Handle("/repositories/{repoID}/pools", http.HandlerFunc(han.CreateRepoPoolHandler)).Methods("POST", "OPTIONS")
 	// Create scale set
 	apiRouter.Handle("/repositories/{repoID}/scalesets/", http.HandlerFunc(han.CreateRepoScaleSetHandler)).Methods("POST", "OPTIONS")
 	apiRouter.Handle("/repositories/{repoID}/scalesets", http.HandlerFunc(han.CreateRepoScaleSetHandler)).Methods("POST", "OPTIONS")
 	// List scale sets
 	apiRouter.Handle("/repositories/{repoID}/scalesets/", http.HandlerFunc(han.ListRepoScaleSetsHandler)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/repositories/{repoID}/scalesets", http.HandlerFunc(han.ListRepoScaleSetsHandler)).Methods("GET", "OPTIONS")
 	// Repo instances list
 	apiRouter.Handle("/repositories/{repoID}/instances/", http.HandlerFunc(han.ListRepoInstancesHandler)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/repositories/{repoID}/instances", http.HandlerFunc(han.ListRepoInstancesHandler)).Methods("GET", "OPTIONS")
@ -151,6 +319,17 @@ func NewAPIRouter(han *controllers.APIController, logWriter io.Writer, authMiddl
 	apiRouter.Handle("/repositories/", http.HandlerFunc(han.CreateRepoHandler)).Methods("POST", "OPTIONS")
 	apiRouter.Handle("/repositories", http.HandlerFunc(han.CreateRepoHandler)).Methods("POST", "OPTIONS")
 	if manageWebhooks {
 		// Install Webhook
 		apiRouter.Handle("/repositories/{repoID}/webhook/", http.HandlerFunc(han.InstallRepoWebhookHandler)).Methods("POST", "OPTIONS")
 		apiRouter.Handle("/repositories/{repoID}/webhook", http.HandlerFunc(han.InstallRepoWebhookHandler)).Methods("POST", "OPTIONS")
 		// Uninstall Webhook
 		apiRouter.Handle("/repositories/{repoID}/webhook/", http.HandlerFunc(han.UninstallRepoWebhookHandler)).Methods("DELETE", "OPTIONS")
 		apiRouter.Handle("/repositories/{repoID}/webhook", http.HandlerFunc(han.UninstallRepoWebhookHandler)).Methods("DELETE", "OPTIONS")
 		// Get webhook info
 		apiRouter.Handle("/repositories/{repoID}/webhook/", http.HandlerFunc(han.GetRepoWebhookInfoHandler)).Methods("GET", "OPTIONS")
 		apiRouter.Handle("/repositories/{repoID}/webhook", http.HandlerFunc(han.GetRepoWebhookInfoHandler)).Methods("GET", "OPTIONS")
 	}
 	/////////////////////////////
 	// Organizations and pools //
 	/////////////////////////////
@ -170,7 +349,15 @@ func NewAPIRouter(han *controllers.APIController, logWriter io.Writer, authMiddl
 	apiRouter.Handle("/organizations/{orgID}/pools/", http.HandlerFunc(han.CreateOrgPoolHandler)).Methods("POST", "OPTIONS")
 	apiRouter.Handle("/organizations/{orgID}/pools", http.HandlerFunc(han.CreateOrgPoolHandler)).Methods("POST", "OPTIONS")
-	// Repo instances list
+	// Create org scale set
 	apiRouter.Handle("/organizations/{orgID}/scalesets/", http.HandlerFunc(han.CreateOrgScaleSetHandler)).Methods("POST", "OPTIONS")
 	apiRouter.Handle("/organizations/{orgID}/scalesets", http.HandlerFunc(han.CreateOrgScaleSetHandler)).Methods("POST", "OPTIONS")
 	// List org scale sets
 	apiRouter.Handle("/organizations/{orgID}/scalesets/", http.HandlerFunc(han.ListOrgScaleSetsHandler)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/organizations/{orgID}/scalesets", http.HandlerFunc(han.ListOrgScaleSetsHandler)).Methods("GET", "OPTIONS")
 	// Org instances list
 	apiRouter.Handle("/organizations/{orgID}/instances/", http.HandlerFunc(han.ListOrgInstancesHandler)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/organizations/{orgID}/instances", http.HandlerFunc(han.ListOrgInstancesHandler)).Methods("GET", "OPTIONS")
@ -190,6 +377,17 @@ func NewAPIRouter(han *controllers.APIController, logWriter io.Writer, authMiddl
 	apiRouter.Handle("/organizations/", http.HandlerFunc(han.CreateOrgHandler)).Methods("POST", "OPTIONS")
 	apiRouter.Handle("/organizations", http.HandlerFunc(han.CreateOrgHandler)).Methods("POST", "OPTIONS")
 	if manageWebhooks {
 		// Install Webhook
 		apiRouter.Handle("/organizations/{orgID}/webhook/", http.HandlerFunc(han.InstallOrgWebhookHandler)).Methods("POST", "OPTIONS")
 		apiRouter.Handle("/organizations/{orgID}/webhook", http.HandlerFunc(han.InstallOrgWebhookHandler)).Methods("POST", "OPTIONS")
 		// Uninstall Webhook
 		apiRouter.Handle("/organizations/{orgID}/webhook/", http.HandlerFunc(han.UninstallOrgWebhookHandler)).Methods("DELETE", "OPTIONS")
 		apiRouter.Handle("/organizations/{orgID}/webhook", http.HandlerFunc(han.UninstallOrgWebhookHandler)).Methods("DELETE", "OPTIONS")
 		// Get webhook info
 		apiRouter.Handle("/organizations/{orgID}/webhook/", http.HandlerFunc(han.GetOrgWebhookInfoHandler)).Methods("GET", "OPTIONS")
 		apiRouter.Handle("/organizations/{orgID}/webhook", http.HandlerFunc(han.GetOrgWebhookInfoHandler)).Methods("GET", "OPTIONS")
 	}
 	/////////////////////////////
 	//  Enterprises and pools  //
 	/////////////////////////////
@ -209,33 +407,131 @@ func NewAPIRouter(han *controllers.APIController, logWriter io.Writer, authMiddl
 	apiRouter.Handle("/enterprises/{enterpriseID}/pools/", http.HandlerFunc(han.CreateEnterprisePoolHandler)).Methods("POST", "OPTIONS")
 	apiRouter.Handle("/enterprises/{enterpriseID}/pools", http.HandlerFunc(han.CreateEnterprisePoolHandler)).Methods("POST", "OPTIONS")
-	// Repo instances list
+	// Create enterprise scale sets
 	apiRouter.Handle("/enterprises/{enterpriseID}/scalesets/", http.HandlerFunc(han.CreateEnterpriseScaleSetHandler)).Methods("POST", "OPTIONS")
 	apiRouter.Handle("/enterprises/{enterpriseID}/scalesets", http.HandlerFunc(han.CreateEnterpriseScaleSetHandler)).Methods("POST", "OPTIONS")
 	// List enterprise scale sets
 	apiRouter.Handle("/enterprises/{enterpriseID}/scalesets/", http.HandlerFunc(han.ListEnterpriseScaleSetsHandler)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/enterprises/{enterpriseID}/scalesets", http.HandlerFunc(han.ListEnterpriseScaleSetsHandler)).Methods("GET", "OPTIONS")
 	// Enterprise instances list
 	apiRouter.Handle("/enterprises/{enterpriseID}/instances/", http.HandlerFunc(han.ListEnterpriseInstancesHandler)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/enterprises/{enterpriseID}/instances", http.HandlerFunc(han.ListEnterpriseInstancesHandler)).Methods("GET", "OPTIONS")
-	// Get org
+	// Get enterprise
 	apiRouter.Handle("/enterprises/{enterpriseID}/", http.HandlerFunc(han.GetEnterpriseByIDHandler)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/enterprises/{enterpriseID}", http.HandlerFunc(han.GetEnterpriseByIDHandler)).Methods("GET", "OPTIONS")
-	// Update org
+	// Update enterprise
 	apiRouter.Handle("/enterprises/{enterpriseID}/", http.HandlerFunc(han.UpdateEnterpriseHandler)).Methods("PUT", "OPTIONS")
 	apiRouter.Handle("/enterprises/{enterpriseID}", http.HandlerFunc(han.UpdateEnterpriseHandler)).Methods("PUT", "OPTIONS")
-	// Delete org
+	// Delete enterprise
 	apiRouter.Handle("/enterprises/{enterpriseID}/", http.HandlerFunc(han.DeleteEnterpriseHandler)).Methods("DELETE", "OPTIONS")
 	apiRouter.Handle("/enterprises/{enterpriseID}", http.HandlerFunc(han.DeleteEnterpriseHandler)).Methods("DELETE", "OPTIONS")
-	// List orgs
+	// List enterprises
 	apiRouter.Handle("/enterprises/", http.HandlerFunc(han.ListEnterprisesHandler)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/enterprises", http.HandlerFunc(han.ListEnterprisesHandler)).Methods("GET", "OPTIONS")
-	// Create org
+	// Create enterprise
 	apiRouter.Handle("/enterprises/", http.HandlerFunc(han.CreateEnterpriseHandler)).Methods("POST", "OPTIONS")
 	apiRouter.Handle("/enterprises", http.HandlerFunc(han.CreateEnterpriseHandler)).Methods("POST", "OPTIONS")
-	// Credentials and providers
+	// Providers
 	apiRouter.Handle("/credentials/", http.HandlerFunc(han.ListCredentials)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/credentials", http.HandlerFunc(han.ListCredentials)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/providers/", http.HandlerFunc(han.ListProviders)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/providers", http.HandlerFunc(han.ListProviders)).Methods("GET", "OPTIONS")
-	// Websocket log writer
+	//////////////////////
-	apiRouter.Handle("/{ws:ws\\/?}", http.HandlerFunc(han.WSHandler)).Methods("GET")
+	// Github Endpoints //
 	//////////////////////
 	// Create Github Endpoint
 	apiRouter.Handle("/github/endpoints/", http.HandlerFunc(han.CreateGithubEndpoint)).Methods("POST", "OPTIONS")
 	apiRouter.Handle("/github/endpoints", http.HandlerFunc(han.CreateGithubEndpoint)).Methods("POST", "OPTIONS")
 	// List Github Endpoints
 	apiRouter.Handle("/github/endpoints/", http.HandlerFunc(han.ListGithubEndpoints)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/github/endpoints", http.HandlerFunc(han.ListGithubEndpoints)).Methods("GET", "OPTIONS")
 	// Get Github Endpoint
 	apiRouter.Handle("/github/endpoints/{name}/", http.HandlerFunc(han.GetGithubEndpoint)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/github/endpoints/{name}", http.HandlerFunc(han.GetGithubEndpoint)).Methods("GET", "OPTIONS")
 	// Delete Github Endpoint
 	apiRouter.Handle("/github/endpoints/{name}/", http.HandlerFunc(han.DeleteGithubEndpoint)).Methods("DELETE", "OPTIONS")
 	apiRouter.Handle("/github/endpoints/{name}", http.HandlerFunc(han.DeleteGithubEndpoint)).Methods("DELETE", "OPTIONS")
 	// Update Github Endpoint
 	apiRouter.Handle("/github/endpoints/{name}/", http.HandlerFunc(han.UpdateGithubEndpoint)).Methods("PUT", "OPTIONS")
 	apiRouter.Handle("/github/endpoints/{name}", http.HandlerFunc(han.UpdateGithubEndpoint)).Methods("PUT", "OPTIONS")
 	////////////////////////
 	// Github credentials //
 	////////////////////////
 	// Legacy credentials path
 	apiRouter.Handle("/credentials/", http.HandlerFunc(han.ListCredentials)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/credentials", http.HandlerFunc(han.ListCredentials)).Methods("GET", "OPTIONS")
 	// List Github Credentials
 	apiRouter.Handle("/github/credentials/", http.HandlerFunc(han.ListCredentials)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/github/credentials", http.HandlerFunc(han.ListCredentials)).Methods("GET", "OPTIONS")
 	// Create Github Credentials
 	apiRouter.Handle("/github/credentials/", http.HandlerFunc(han.CreateGithubCredential)).Methods("POST", "OPTIONS")
 	apiRouter.Handle("/github/credentials", http.HandlerFunc(han.CreateGithubCredential)).Methods("POST", "OPTIONS")
 	// Get Github Credential
 	apiRouter.Handle("/github/credentials/{id}/", http.HandlerFunc(han.GetGithubCredential)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/github/credentials/{id}", http.HandlerFunc(han.GetGithubCredential)).Methods("GET", "OPTIONS")
 	// Delete Github Credential
 	apiRouter.Handle("/github/credentials/{id}/", http.HandlerFunc(han.DeleteGithubCredential)).Methods("DELETE", "OPTIONS")
 	apiRouter.Handle("/github/credentials/{id}", http.HandlerFunc(han.DeleteGithubCredential)).Methods("DELETE", "OPTIONS")
 	// Update Github Credential
 	apiRouter.Handle("/github/credentials/{id}/", http.HandlerFunc(han.UpdateGithubCredential)).Methods("PUT", "OPTIONS")
 	apiRouter.Handle("/github/credentials/{id}", http.HandlerFunc(han.UpdateGithubCredential)).Methods("PUT", "OPTIONS")
 	//////////////////////
 	// Gitea Endpoints  //
 	//////////////////////
 	// Create Gitea Endpoint
 	apiRouter.Handle("/gitea/endpoints/", http.HandlerFunc(han.CreateGiteaEndpoint)).Methods("POST", "OPTIONS")
 	apiRouter.Handle("/gitea/endpoints", http.HandlerFunc(han.CreateGiteaEndpoint)).Methods("POST", "OPTIONS")
 	// List Gitea Endpoints
 	apiRouter.Handle("/gitea/endpoints/", http.HandlerFunc(han.ListGiteaEndpoints)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/gitea/endpoints", http.HandlerFunc(han.ListGiteaEndpoints)).Methods("GET", "OPTIONS")
 	// Get Gitea Endpoint
 	apiRouter.Handle("/gitea/endpoints/{name}/", http.HandlerFunc(han.GetGiteaEndpoint)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/gitea/endpoints/{name}", http.HandlerFunc(han.GetGiteaEndpoint)).Methods("GET", "OPTIONS")
 	// Delete Gitea Endpoint
 	apiRouter.Handle("/gitea/endpoints/{name}/", http.HandlerFunc(han.DeleteGiteaEndpoint)).Methods("DELETE", "OPTIONS")
 	apiRouter.Handle("/gitea/endpoints/{name}", http.HandlerFunc(han.DeleteGiteaEndpoint)).Methods("DELETE", "OPTIONS")
 	// Update Gitea Endpoint
 	apiRouter.Handle("/gitea/endpoints/{name}/", http.HandlerFunc(han.UpdateGiteaEndpoint)).Methods("PUT", "OPTIONS")
 	apiRouter.Handle("/gitea/endpoints/{name}", http.HandlerFunc(han.UpdateGiteaEndpoint)).Methods("PUT", "OPTIONS")
 	////////////////////////
 	// Gitea credentials  //
 	////////////////////////
 	// List Gitea Credentials
 	apiRouter.Handle("/gitea/credentials/", http.HandlerFunc(han.ListGiteaCredentials)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/gitea/credentials", http.HandlerFunc(han.ListGiteaCredentials)).Methods("GET", "OPTIONS")
 	// Create Gitea Credentials
 	apiRouter.Handle("/gitea/credentials/", http.HandlerFunc(han.CreateGiteaCredential)).Methods("POST", "OPTIONS")
 	apiRouter.Handle("/gitea/credentials", http.HandlerFunc(han.CreateGiteaCredential)).Methods("POST", "OPTIONS")
 	// Get Gitea Credential
 	apiRouter.Handle("/gitea/credentials/{id}/", http.HandlerFunc(han.GetGiteaCredential)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/gitea/credentials/{id}", http.HandlerFunc(han.GetGiteaCredential)).Methods("GET", "OPTIONS")
 	// Delete Gitea Credential
 	apiRouter.Handle("/gitea/credentials/{id}/", http.HandlerFunc(han.DeleteGiteaCredential)).Methods("DELETE", "OPTIONS")
 	apiRouter.Handle("/gitea/credentials/{id}", http.HandlerFunc(han.DeleteGiteaCredential)).Methods("DELETE", "OPTIONS")
 	// Update Gitea Credential
 	apiRouter.Handle("/gitea/credentials/{id}/", http.HandlerFunc(han.UpdateGiteaCredential)).Methods("PUT", "OPTIONS")
 	apiRouter.Handle("/gitea/credentials/{id}", http.HandlerFunc(han.UpdateGiteaCredential)).Methods("PUT", "OPTIONS")
 	/////////////////////////
 	// Websocket endpoints //
 	/////////////////////////
 	// Legacy log websocket path
 	apiRouter.Handle("/ws/", http.HandlerFunc(han.WSHandler)).Methods("GET")
 	apiRouter.Handle("/ws", http.HandlerFunc(han.WSHandler)).Methods("GET")
 	// Log websocket endpoint
 	apiRouter.Handle("/ws/logs/", http.HandlerFunc(han.WSHandler)).Methods("GET")
 	apiRouter.Handle("/ws/logs", http.HandlerFunc(han.WSHandler)).Methods("GET")
 	// DB watcher websocket endpoint
 	apiRouter.Handle("/ws/events/", http.HandlerFunc(han.EventsHandler)).Methods("GET")
 	apiRouter.Handle("/ws/events", http.HandlerFunc(han.EventsHandler)).Methods("GET")
 	// NotFound handler - this should be last
 	apiRouter.PathPrefix("/").HandlerFunc(han.NotFoundHandler).Methods("GET", "POST", "PUT", "DELETE", "OPTIONS")
 	return router
 }
--- a/apiserver/swagger-models.yaml
+++ b/apiserver/swagger-models.yaml
@ -0,0 +1,345 @@
 # NOTE: The purpose of these definitions is to reuse the existing golang
 # types from GARM packages.
 definitions:
  User:
    type: object
    x-go-type:
        type: User
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  HookInfo:
    type: object
    x-go-type:
        type: HookInfo
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  ControllerInfo:
    type: object
    x-go-type:
        type: ControllerInfo
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  InstallWebhookParams:
    type: object
    x-go-type:
        type: InstallWebhookParams
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  NewUserParams:
    type: object
    x-go-type:
        type: NewUserParams
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  PasswordLoginParams:
    type: object
    x-go-type:
        type: PasswordLoginParams
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  JWTResponse:
    type: object
    x-go-type:
        type: JWTResponse
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  Jobs:
    type: array
    x-go-type:
        type: Jobs
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
    items:
        $ref: '#/definitions/Job'
  Job: 
    type: object
    x-go-type:
        type: Job
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  Credentials:
    type: array
    x-go-type:
        type: Credentials
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
    items:
        $ref: '#/definitions/ForgeCredentials'
  ForgeCredentials:
    type: object
    x-go-type:
        type: ForgeCredentials
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  Providers:
    type: array
    x-go-type:
        type: Providers
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
    items:
        $ref: '#/definitions/Provider'
  Provider:
    type: object
    x-go-type:
        type: Provider
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  Instances:
    type: array
    x-go-type:
        type: Instances
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
    items:
        $ref: '#/definitions/Instance'
  Instance:
    type: object
    x-go-type:
        type: Instance
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  Pools:
    type: array
    x-go-type:
        type: Pools
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
    items:
        $ref: '#/definitions/Pool'
  Pool:
    type: object
    x-go-type:
        type: Pool
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  ScaleSets:
    type: array
    x-go-type:
        type: ScaleSets
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
    items:
        $ref: '#/definitions/ScaleSet'
  ScaleSet:
    type: object
    x-go-type:
        type: ScaleSet
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  Repositories:
    type: array
    x-go-type:
        type: Repositories
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
    items:
        $ref: '#/definitions/Repository'
  Repository:
    type: object
    x-go-type:
        type: Repository
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  CreateRepoParams:
    type: object
    x-go-type:
        type: CreateRepoParams
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  Organizations:
    type: array
    x-go-type:
        type: Organizations
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
    items:
        $ref: '#/definitions/Organization'
  Organization:
    type: object
    x-go-type:
        type: Organization
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  CreateOrgParams:
    type: object
    x-go-type:
        type: CreateOrgParams
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  Enterprises:
    type: array
    x-go-type:
        type: Enterprises
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
    items:
        $ref: '#/definitions/Enterprise'
  Enterprise:
    type: object
    x-go-type:
        type: Enterprise
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  CreateEnterpriseParams:
    type: object
    x-go-type:
        type: CreateEnterpriseParams
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  UpdateEntityParams:
    type: object
    x-go-type:
        type: UpdateEntityParams
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  CreatePoolParams:
    type: object
    x-go-type:
        type: CreatePoolParams
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  CreateScaleSetParams:
    type: object
    x-go-type:
        type: CreateScaleSetParams
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  UpdatePoolParams:
    type: object
    x-go-type:
        type: UpdatePoolParams
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  UpdateScaleSetParams:
    type: object
    x-go-type:
        type: UpdateScaleSetParams
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  APIErrorResponse:
    type: object
    x-go-type:
        type: APIErrorResponse
        import:
            package: github.com/cloudbase/garm/apiserver/params
            alias: apiserver_params
  CreateInstanceParams:
    type: object
    x-go-type:
        type: CreateInstanceParams
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  UpdateGithubEndpointParams:
    type: object
    x-go-type:
        type: UpdateGithubEndpointParams
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  UpdateGiteaEndpointParams:
    type: object
    x-go-type:
        type: UpdateGiteaEndpointParams
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  ForgeEndpoint:
    type: object
    x-go-type:
        type: ForgeEndpoint
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  ForgeEndpoints:
    type: array
    x-go-type:
        type: ForgeEndpoints
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
    items:
        $ref: '#/definitions/ForgeEndpoint'
  CreateGithubEndpointParams:
    type: object
    x-go-type:
        type: CreateGithubEndpointParams
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  CreateGiteaEndpointParams:
    type: object
    x-go-type:
        type: CreateGiteaEndpointParams
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  CreateGithubCredentialsParams:
    type: object
    x-go-type:
        type: CreateGithubCredentialsParams
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  CreateGiteaCredentialsParams:
    type: object
    x-go-type:
        type: CreateGiteaCredentialsParams
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  UpdateGithubCredentialsParams:
    type: object
    x-go-type:
        type: UpdateGithubCredentialsParams
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  UpdateGiteaCredentialsParams:
    type: object
    x-go-type:
        type: UpdateGiteaCredentialsParams
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
  UpdateControllerParams:
    type: object
    x-go-type:
        type: UpdateControllerParams
        import:
            package: github.com/cloudbase/garm/params
            alias: garm_params
--- a/apiserver/swagger.yaml
+++ b/apiserver/swagger.yaml
--- a/auth/admin_required.go
+++ b/auth/admin_required.go
@ -0,0 +1,27 @@
 // Copyright 2025 Cloudbase Solutions SRL
 //
 //	Licensed under the Apache License, Version 2.0 (the "License"); you may
 //	not use this file except in compliance with the License. You may obtain
 //	a copy of the License at
 //
 //	     http://www.apache.org/licenses/LICENSE-2.0
 //
 //	Unless required by applicable law or agreed to in writing, software
 //	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 //	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 //	License for the specific language governing permissions and limitations
 //	under the License.
 package auth
 import "net/http"
 func AdminRequiredMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		ctx := r.Context()
 		if !IsAdmin(ctx) {
 			http.Error(w, "Unauthorized", http.StatusUnauthorized)
 			return
 		}
 		next.ServeHTTP(w, r)
 	})
 }
--- a/auth/auth.go
+++ b/auth/auth.go
@ -16,18 +16,19 @@ package auth
 import (
 	"context"
 	"errors"
 	"fmt"
 	"time"
 	jwt "github.com/golang-jwt/jwt/v5"
 	"github.com/nbutton23/zxcvbn-go"
 	"golang.org/x/crypto/bcrypt"
 	runnerErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm-provider-common/util"
 	"github.com/cloudbase/garm/config"
 	"github.com/cloudbase/garm/database/common"
 	runnerErrors "github.com/cloudbase/garm/errors"
 	"github.com/cloudbase/garm/params"
 	"github.com/cloudbase/garm/util"
 	"github.com/golang-jwt/jwt"
 	"github.com/nbutton23/zxcvbn-go"
 	"github.com/pkg/errors"
 	"golang.org/x/crypto/bcrypt"
 )
 func NewAuthenticator(cfg config.JWTAuth, store common.Store) *Authenticator {
@ -49,24 +50,30 @@ func (a *Authenticator) IsInitialized() bool {
 func (a *Authenticator) GetJWTToken(ctx context.Context) (string, error) {
 	tokenID, err := util.GetRandomString(16)
 	if err != nil {
-		return "", errors.Wrap(err, "generating random string")
+		return "", fmt.Errorf("error generating random string: %w", err)
 	}
-	expireToken := time.Now().Add(a.cfg.TimeToLive.Duration()).Unix()
+	expireToken := time.Now().Add(a.cfg.TimeToLive.Duration())
 	expires := &jwt.NumericDate{
 		Time: expireToken,
 	}
 	generation := PasswordGeneration(ctx)
 	claims := JWTClaims{
-		StandardClaims: jwt.StandardClaims{
+		RegisteredClaims: jwt.RegisteredClaims{
-			ExpiresAt: expireToken,
+			ExpiresAt: expires,
 			// nolint:golangci-lint,godox
 			// TODO: make this configurable
 			Issuer: "garm",
 		},
-		UserID:   UserID(ctx),
+		UserID:     UserID(ctx),
-		TokenID:  tokenID,
+		TokenID:    tokenID,
-		IsAdmin:  IsAdmin(ctx),
+		IsAdmin:    IsAdmin(ctx),
-		FullName: FullName(ctx),
+		FullName:   FullName(ctx),
 		Generation: generation,
 	}
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 	tokenString, err := token.SignedString([]byte(a.cfg.Secret))
 	if err != nil {
-		return "", errors.Wrap(err, "fetching token string")
+		return "", fmt.Errorf("error fetching token string: %w", err)
 	}
 	return tokenString, nil
@ -75,22 +82,26 @@ func (a *Authenticator) GetJWTToken(ctx context.Context) (string, error) {
 // GetJWTMetricsToken returns a JWT token that can be used to read metrics.
 // This token is not tied to a user, no user is stored in the db.
 func (a *Authenticator) GetJWTMetricsToken(ctx context.Context) (string, error) {
 	if !IsAdmin(ctx) {
 		return "", runnerErrors.ErrUnauthorized
 	}
 	tokenID, err := util.GetRandomString(16)
 	if err != nil {
-		return "", errors.Wrap(err, "generating random string")
+		return "", fmt.Errorf("error generating random string: %w", err)
 	}
 	// nolint:golangci-lint,godox
 	// TODO: currently this is the same TTL as the normal Token
 	// maybe we should make this configurable
 	// it's usually pretty nasty if the monitoring fails because the token expired
-	expireToken := time.Now().Add(a.cfg.TimeToLive.Duration()).Unix()
+	expireToken := time.Now().Add(a.cfg.TimeToLive.Duration())
 	expires := &jwt.NumericDate{
 		Time: expireToken,
 	}
 	claims := JWTClaims{
-		StandardClaims: jwt.StandardClaims{
+		RegisteredClaims: jwt.RegisteredClaims{
-			ExpiresAt: expireToken,
+			ExpiresAt: expires,
 			// nolint:golangci-lint,godox
 			// TODO: make this configurable
 			Issuer: "garm",
 		},
@ -101,7 +112,7 @@ func (a *Authenticator) GetJWTMetricsToken(ctx context.Context) (string, error)
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 	tokenString, err := token.SignedString([]byte(a.cfg.Secret))
 	if err != nil {
-		return "", errors.Wrap(err, "fetching token string")
+		return "", fmt.Errorf("error fetching token string: %w", err)
 	}
 	return tokenString, nil
@ -111,7 +122,7 @@ func (a *Authenticator) InitController(ctx context.Context, param params.NewUser
 	_, err := a.store.ControllerInfo()
 	if err != nil {
 		if !errors.Is(err, runnerErrors.ErrNotFound) {
-			return params.User{}, errors.Wrap(err, "initializing controller")
+			return params.User{}, fmt.Errorf("error initializing controller: %w", err)
 		}
 	}
 	if a.store.HasAdminUser(ctx) {
@ -141,7 +152,7 @@ func (a *Authenticator) InitController(ctx context.Context, param params.NewUser
 	hashed, err := util.PaswsordToBcrypt(param.Password)
 	if err != nil {
-		return params.User{}, errors.Wrap(err, "creating user")
+		return params.User{}, fmt.Errorf("error creating user: %w", err)
 	}
 	param.Password = hashed
@ -159,7 +170,7 @@ func (a *Authenticator) AuthenticateUser(ctx context.Context, info params.Passwo
 		if errors.Is(err, runnerErrors.ErrNotFound) {
 			return ctx, runnerErrors.ErrUnauthorized
 		}
-		return ctx, errors.Wrap(err, "authenticating")
+		return ctx, fmt.Errorf("error authenticating: %w", err)
 	}
 	if !user.Enabled {
@ -174,5 +185,5 @@ func (a *Authenticator) AuthenticateUser(ctx context.Context, info params.Passwo
 		return ctx, runnerErrors.ErrUnauthorized
 	}
-	return PopulateContext(ctx, user), nil
+	return PopulateContext(ctx, user, nil), nil
 }
--- a/auth/context.go
+++ b/auth/context.go
@ -16,9 +16,10 @@ package auth
 import (
 	"context"
 	"time"
 	runnerErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm/params"
 	"github.com/cloudbase/garm/runner/providers/common"
 )
 type contextFlags string
@ -28,9 +29,11 @@ const (
 	fullNameKey    contextFlags = "full_name"
 	readMetricsKey contextFlags = "read_metrics"
 	// UserIDFlag is the User ID flag we set in the context
-	UserIDFlag    contextFlags = "user_id"
+	UserIDFlag             contextFlags = "user_id"
-	isEnabledFlag contextFlags = "is_enabled"
+	isEnabledFlag          contextFlags = "is_enabled"
-	jwtTokenFlag  contextFlags = "jwt_token"
+	jwtTokenFlag           contextFlags = "jwt_token"
 	authExpiresFlag        contextFlags = "auth_expires"
 	passwordGenerationFlag contextFlags = "password_generation"
 	instanceIDKey        contextFlags = "id"
 	instanceNameKey      contextFlags = "name"
@ -39,8 +42,23 @@ const (
 	instanceEntityKey    contextFlags = "entity"
 	instanceRunnerStatus contextFlags = "status"
 	instanceTokenFetched contextFlags = "tokenFetched"
 	instanceHasJITConfig contextFlags = "hasJITConfig"
 	instanceParams       contextFlags = "instanceParams"
 	instanceForgeTypeKey contextFlags = "forge_type"
 )
 func SetInstanceForgeType(ctx context.Context, val string) context.Context {
 	return context.WithValue(ctx, instanceForgeTypeKey, val)
 }
 func InstanceForgeType(ctx context.Context) params.EndpointType {
 	elem := ctx.Value(instanceForgeTypeKey)
 	if elem == nil {
 		return ""
 	}
 	return elem.(params.EndpointType)
 }
 func SetInstanceID(ctx context.Context, id string) context.Context {
 	return context.WithValue(ctx, instanceIDKey, id)
 }
@ -65,16 +83,45 @@ func InstanceTokenFetched(ctx context.Context) bool {
 	return elem.(bool)
 }
-func SetInstanceRunnerStatus(ctx context.Context, val common.RunnerStatus) context.Context {
+func SetInstanceHasJITConfig(ctx context.Context, cfg map[string]string) context.Context {
 	return context.WithValue(ctx, instanceHasJITConfig, len(cfg) > 0)
 }
 func InstanceHasJITConfig(ctx context.Context) bool {
 	elem := ctx.Value(instanceHasJITConfig)
 	if elem == nil {
 		return false
 	}
 	return elem.(bool)
 }
 func SetInstanceParams(ctx context.Context, instance params.Instance) context.Context {
 	return context.WithValue(ctx, instanceParams, instance)
 }
 func InstanceParams(ctx context.Context) (params.Instance, error) {
 	elem := ctx.Value(instanceParams)
 	if elem == nil {
 		return params.Instance{}, runnerErrors.ErrNotFound
 	}
 	instanceParams, ok := elem.(params.Instance)
 	if !ok {
 		return params.Instance{}, runnerErrors.ErrNotFound
 	}
 	return instanceParams, nil
 }
 func SetInstanceRunnerStatus(ctx context.Context, val params.RunnerStatus) context.Context {
 	return context.WithValue(ctx, instanceRunnerStatus, val)
 }
-func InstanceRunnerStatus(ctx context.Context) common.RunnerStatus {
+func InstanceRunnerStatus(ctx context.Context) params.RunnerStatus {
 	elem := ctx.Value(instanceRunnerStatus)
 	if elem == nil {
-		return common.RunnerPending
+		return params.RunnerPending
 	}
-	return elem.(common.RunnerStatus)
+	return elem.(params.RunnerStatus)
 }
 func SetInstanceName(ctx context.Context, val string) context.Context {
@ -125,25 +172,57 @@ func InstanceEntity(ctx context.Context) string {
 	return elem.(string)
 }
-func PopulateInstanceContext(ctx context.Context, instance params.Instance) context.Context {
+func PopulateInstanceContext(ctx context.Context, instance params.Instance, claims *InstanceJWTClaims) context.Context {
 	ctx = SetInstanceID(ctx, instance.ID)
 	ctx = SetInstanceName(ctx, instance.Name)
 	ctx = SetInstancePoolID(ctx, instance.PoolID)
 	ctx = SetInstanceRunnerStatus(ctx, instance.RunnerStatus)
 	ctx = SetInstanceTokenFetched(ctx, instance.TokenFetched)
 	ctx = SetInstanceHasJITConfig(ctx, instance.JitConfiguration)
 	ctx = SetInstanceParams(ctx, instance)
 	ctx = SetInstanceForgeType(ctx, claims.ForgeType)
 	return ctx
 }
 // PopulateContext sets the appropriate fields in the context, based on
 // the user object
-func PopulateContext(ctx context.Context, user params.User) context.Context {
+func PopulateContext(ctx context.Context, user params.User, authExpires *time.Time) context.Context {
 	ctx = SetUserID(ctx, user.ID)
 	ctx = SetAdmin(ctx, user.IsAdmin)
 	ctx = SetIsEnabled(ctx, user.Enabled)
 	ctx = SetFullName(ctx, user.FullName)
 	ctx = SetExpires(ctx, authExpires)
 	ctx = SetPasswordGeneration(ctx, user.Generation)
 	return ctx
 }
 func SetExpires(ctx context.Context, expires *time.Time) context.Context {
 	if expires == nil {
 		return ctx
 	}
 	return context.WithValue(ctx, authExpiresFlag, expires)
 }
 func Expires(ctx context.Context) *time.Time {
 	elem := ctx.Value(authExpiresFlag)
 	if elem == nil {
 		return nil
 	}
 	return elem.(*time.Time)
 }
 func SetPasswordGeneration(ctx context.Context, val uint) context.Context {
 	return context.WithValue(ctx, passwordGenerationFlag, val)
 }
 func PasswordGeneration(ctx context.Context) uint {
 	elem := ctx.Value(passwordGenerationFlag)
 	if elem == nil {
 		return 0
 	}
 	return elem.(uint)
 }
 // SetFullName sets the user full name in the context
 func SetFullName(ctx context.Context, fullName string) context.Context {
 	return context.WithValue(ctx, fullNameKey, fullName)
@ -205,8 +284,10 @@ func UserID(ctx context.Context) string {
 // GetAdminContext will return an admin context. This can be used internally
 // when fetching users.
-func GetAdminContext() context.Context {
+func GetAdminContext(ctx context.Context) context.Context {
-	ctx := context.Background()
+	if ctx == nil {
 		ctx = context.Background()
 	}
 	ctx = SetUserID(ctx, "")
 	ctx = SetAdmin(ctx, true)
 	ctx = SetIsEnabled(ctx, true)
--- a/auth/init_required.go
+++ b/auth/init_required.go
@ -16,7 +16,7 @@ package auth
 import (
 	"encoding/json"
-	"log"
+	"log/slog"
 	"net/http"
 	"github.com/cloudbase/garm/apiserver/params"
@ -37,16 +37,44 @@ type initRequired struct {
 // Middleware implements the middleware interface
 func (i *initRequired) Middleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		ctrlInfo, err := i.store.ControllerInfo()
+		ctx := r.Context()
-		if err != nil || ctrlInfo.ControllerID.String() == "" {
+
 		if !i.store.HasAdminUser(ctx) {
 			w.Header().Add("Content-Type", "application/json")
 			w.WriteHeader(http.StatusConflict)
 			if err := json.NewEncoder(w).Encode(params.InitializationRequired); err != nil {
-				log.Printf("failed to encode response: %s", err)
+				slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 			}
 			return
 		}
-		ctx := r.Context()
+
 		next.ServeHTTP(w, r.WithContext(ctx))
 	})
 }
 func NewUrlsRequiredMiddleware(store common.Store) (Middleware, error) {
 	return &urlsRequired{
 		store: store,
 	}, nil
 }
 type urlsRequired struct {
 	store common.Store
 }
 func (u *urlsRequired) Middleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		ctx := r.Context()
 		ctrlInfo, err := u.store.ControllerInfo()
 		if err != nil || ctrlInfo.MetadataURL == "" || ctrlInfo.CallbackURL == "" {
 			w.Header().Add("Content-Type", "application/json")
 			w.WriteHeader(http.StatusConflict)
 			if err := json.NewEncoder(w).Encode(params.URLsRequired); err != nil {
 				slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 			}
 			return
 		}
 		next.ServeHTTP(w, r.WithContext(ctx))
 	})
 }
--- a/auth/instance_middleware.go
+++ b/auth/instance_middleware.go
@ -17,19 +17,20 @@ package auth
 import (
 	"context"
 	"fmt"
 	"log/slog"
 	"math"
 	"net/http"
 	"strings"
 	"time"
 	jwt "github.com/golang-jwt/jwt/v5"
 	runnerErrors "github.com/cloudbase/garm-provider-common/errors"
 	commonParams "github.com/cloudbase/garm-provider-common/params"
 	"github.com/cloudbase/garm/config"
 	dbCommon "github.com/cloudbase/garm/database/common"
 	runnerErrors "github.com/cloudbase/garm/errors"
 	"github.com/cloudbase/garm/params"
 	"github.com/cloudbase/garm/runner/common"
 	providerCommon "github.com/cloudbase/garm/runner/providers/common"
 	"github.com/golang-jwt/jwt"
 	"github.com/pkg/errors"
 )
 // InstanceJWTClaims holds JWT claims
@ -38,32 +39,58 @@ type InstanceJWTClaims struct {
 	Name   string `json:"name"`
 	PoolID string `json:"provider_id"`
 	// Scope is either repository or organization
-	Scope params.PoolType `json:"scope"`
+	Scope params.ForgeEntityType `json:"scope"`
 	// Entity is the repo or org name
-	Entity string `json:"entity"`
+	Entity        string `json:"entity"`
-	jwt.StandardClaims
+	CreateAttempt int    `json:"create_attempt"`
 	ForgeType     string `json:"forge_type"`
 	jwt.RegisteredClaims
 }
-func NewInstanceJWTToken(instance params.Instance, secret, entity string, poolType params.PoolType, ttlMinutes uint) (string, error) {
+func NewInstanceTokenGetter(jwtSecret string) (InstanceTokenGetter, error) {
 	if jwtSecret == "" {
 		return nil, fmt.Errorf("jwt secret is required")
 	}
 	return &instanceToken{
 		jwtSecret: jwtSecret,
 	}, nil
 }
 type instanceToken struct {
 	jwtSecret string
 }
 func (i *instanceToken) NewInstanceJWTToken(instance params.Instance, entity params.ForgeEntity, entityType params.ForgeEntityType, ttlMinutes uint) (string, error) {
 	// Token expiration is equal to the bootstrap timeout set on the pool plus the polling
 	// interval garm uses to check for timed out runners. Runners that have not sent their info
 	// by the end of this interval are most likely failed and will be reaped by garm anyway.
-	expireToken := time.Now().Add(time.Duration(ttlMinutes)*time.Minute + common.PoolReapTimeoutInterval).Unix()
+	var ttl int
 	if ttlMinutes > math.MaxInt {
 		ttl = math.MaxInt
 	} else {
 		ttl = int(ttlMinutes)
 	}
 	expireToken := time.Now().Add(time.Duration(ttl)*time.Minute + common.PoolReapTimeoutInterval)
 	expires := &jwt.NumericDate{
 		Time: expireToken,
 	}
 	claims := InstanceJWTClaims{
-		StandardClaims: jwt.StandardClaims{
+		RegisteredClaims: jwt.RegisteredClaims{
-			ExpiresAt: expireToken,
+			ExpiresAt: expires,
 			Issuer:    "garm",
 		},
-		ID:     instance.ID,
+		ID:            instance.ID,
-		Name:   instance.Name,
+		Name:          instance.Name,
-		PoolID: instance.PoolID,
+		PoolID:        instance.PoolID,
-		Scope:  poolType,
+		Scope:         entityType,
-		Entity: entity,
+		Entity:        entity.String(),
 		ForgeType:     string(entity.Credentials.ForgeType),
 		CreateAttempt: instance.CreateAttempt,
 	}
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
-	tokenString, err := token.SignedString([]byte(secret))
+	tokenString, err := token.SignedString([]byte(i.jwtSecret))
 	if err != nil {
-		return "", errors.Wrap(err, "signing token")
+		return "", fmt.Errorf("error signing token: %w", err)
 	}
 	return tokenString, nil
@ -93,29 +120,30 @@ func (amw *instanceMiddleware) claimsToContext(ctx context.Context, claims *Inst
 		return nil, runnerErrors.ErrUnauthorized
 	}
-	instanceInfo, err := amw.store.GetInstanceByName(ctx, claims.Name)
+	instanceInfo, err := amw.store.GetInstance(ctx, claims.Name)
 	if err != nil {
 		return ctx, runnerErrors.ErrUnauthorized
 	}
-	ctx = PopulateInstanceContext(ctx, instanceInfo)
+	ctx = PopulateInstanceContext(ctx, instanceInfo, claims)
 	return ctx, nil
 }
 // Middleware implements the middleware interface
 func (amw *instanceMiddleware) Middleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// nolint:golangci-lint,godox
 		// TODO: Log error details when authentication fails
 		ctx := r.Context()
 		authorizationHeader := r.Header.Get("authorization")
 		if authorizationHeader == "" {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 		bearerToken := strings.Split(authorizationHeader, " ")
 		if len(bearerToken) != 2 {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
@ -126,32 +154,61 @@ func (amw *instanceMiddleware) Middleware(next http.Handler) http.Handler {
 			}
 			return []byte(amw.cfg.Secret), nil
 		})
 		if err != nil {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 		if !token.Valid {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 		ctx, err = amw.claimsToContext(ctx, claims)
 		if err != nil {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 		if InstanceID(ctx) == "" {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 		runnerStatus := InstanceRunnerStatus(ctx)
-		if runnerStatus != providerCommon.RunnerInstalling && runnerStatus != providerCommon.RunnerPending {
+		if runnerStatus != params.RunnerInstalling && runnerStatus != params.RunnerPending {
 			// Instances that have finished installing can no longer authenticate to the API
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 		instanceParams, err := InstanceParams(ctx)
 		if err != nil {
 			slog.InfoContext(
 				ctx, "could not find instance params",
 				"runner_name", InstanceName(ctx))
 			invalidAuthResponse(ctx, w)
 			return
 		}
 		// Token was generated for a previous attempt at creating this instance.
 		if claims.CreateAttempt != instanceParams.CreateAttempt {
 			slog.InfoContext(
 				ctx, "invalid token create attempt",
 				"runner_name", InstanceName(ctx),
 				"token_create_attempt", claims.CreateAttempt,
 				"instance_create_attempt", instanceParams.CreateAttempt)
 			invalidAuthResponse(ctx, w)
 			return
 		}
 		// Only allow instances that are in the creating or running state to authenticate.
 		if instanceParams.Status != commonParams.InstanceCreating && instanceParams.Status != commonParams.InstanceRunning {
 			slog.InfoContext(
 				ctx, "invalid instance status",
 				"runner_name", InstanceName(ctx),
 				"status", instanceParams.Status)
 			invalidAuthResponse(ctx, w)
 			return
 		}
--- a/auth/interfaces.go
+++ b/auth/interfaces.go
@ -14,9 +14,17 @@
 package auth
-import "net/http"
+import (
 	"net/http"
 	"github.com/cloudbase/garm/params"
 )
 // Middleware defines an authentication middleware
 type Middleware interface {
 	Middleware(next http.Handler) http.Handler
 }
 type InstanceTokenGetter interface {
 	NewInstanceJWTToken(instance params.Instance, entity params.ForgeEntity, poolType params.ForgeEntityType, ttlMinutes uint) (string, error)
 }
--- a/auth/jwt.go
+++ b/auth/jwt.go
@ -18,16 +18,17 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"log"
+	"log/slog"
 	"net/http"
 	"strings"
 	"time"
 	jwt "github.com/golang-jwt/jwt/v5"
 	runnerErrors "github.com/cloudbase/garm-provider-common/errors"
 	apiParams "github.com/cloudbase/garm/apiserver/params"
 	"github.com/cloudbase/garm/config"
 	dbCommon "github.com/cloudbase/garm/database/common"
 	runnerErrors "github.com/cloudbase/garm/errors"
 	"github.com/golang-jwt/jwt"
 )
 // JWTClaims holds JWT claims
@ -37,7 +38,8 @@ type JWTClaims struct {
 	FullName    string `json:"full_name"`
 	IsAdmin     bool   `json:"is_admin"`
 	ReadMetrics bool   `json:"read_metrics"`
-	jwt.StandardClaims
+	Generation  uint   `json:"generation"`
 	jwt.RegisteredClaims
 }
 // jwtMiddleware is the authentication middleware
@ -69,63 +71,85 @@ func (amw *jwtMiddleware) claimsToContext(ctx context.Context, claims *JWTClaims
 		return ctx, runnerErrors.ErrUnauthorized
 	}
-	ctx = PopulateContext(ctx, userInfo)
+	var expiresAt *time.Time
 	if claims.ExpiresAt != nil {
 		expires := claims.ExpiresAt.Time.UTC()
 		expiresAt = &expires
 	}
 	if userInfo.Generation != claims.Generation {
 		// Password was reset since token was issued. Invalidate.
 		return ctx, runnerErrors.ErrUnauthorized
 	}
 	ctx = PopulateContext(ctx, userInfo, expiresAt)
 	return ctx, nil
 }
-func invalidAuthResponse(w http.ResponseWriter) {
+func invalidAuthResponse(ctx context.Context, w http.ResponseWriter) {
 	w.WriteHeader(http.StatusUnauthorized)
 	w.Header().Add("Content-Type", "application/json")
 	w.WriteHeader(http.StatusUnauthorized)
 	if err := json.NewEncoder(w).Encode(
 		apiParams.APIErrorResponse{
 			Error: "Authentication failed",
 		}); err != nil {
-		log.Printf("failed to encode response: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 func (amw *jwtMiddleware) getTokenFromRequest(r *http.Request) (string, error) {
 	authorizationHeader := r.Header.Get("authorization")
 	if authorizationHeader == "" {
 		cookie, err := r.Cookie("garm_token")
 		if err != nil {
 			return "", fmt.Errorf("failed to get cookie: %w", err)
 		}
 		return cookie.Value, nil
 	}
 	bearerToken := strings.Split(authorizationHeader, " ")
 	if len(bearerToken) != 2 {
 		return "", fmt.Errorf("invalid auth header")
 	}
 	return bearerToken[1], nil
 }
 // Middleware implements the middleware interface
 func (amw *jwtMiddleware) Middleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// nolint:golangci-lint,godox
 		// TODO: Log error details when authentication fails
 		ctx := r.Context()
-		authorizationHeader := r.Header.Get("authorization")
+		authToken, err := amw.getTokenFromRequest(r)
-		if authorizationHeader == "" {
+		if err != nil {
-			invalidAuthResponse(w)
+			slog.ErrorContext(ctx, "failed to get auth token", "error", err)
 			invalidAuthResponse(ctx, w)
 			return
 		}
 		bearerToken := strings.Split(authorizationHeader, " ")
 		if len(bearerToken) != 2 {
 			invalidAuthResponse(w)
 			return
 		}
 		claims := &JWTClaims{}
-		token, err := jwt.ParseWithClaims(bearerToken[1], claims, func(token *jwt.Token) (interface{}, error) {
+		token, err := jwt.ParseWithClaims(authToken, claims, func(token *jwt.Token) (interface{}, error) {
 			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
 				return nil, fmt.Errorf("invalid signing method")
 			}
 			return []byte(amw.cfg.Secret), nil
 		})
 		if err != nil {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 		if !token.Valid {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 		ctx, err = amw.claimsToContext(ctx, claims)
 		if err != nil {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 		if !IsEnabled(ctx) {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
--- a/auth/metrics.go
+++ b/auth/metrics.go
@ -1,3 +1,16 @@
 // Copyright 2025 Cloudbase Solutions SRL
 //
 //	Licensed under the Apache License, Version 2.0 (the "License"); you may
 //	not use this file except in compliance with the License. You may obtain
 //	a copy of the License at
 //
 //	     http://www.apache.org/licenses/LICENSE-2.0
 //
 //	Unless required by applicable law or agreed to in writing, software
 //	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 //	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 //	License for the specific language governing permissions and limitations
 //	under the License.
 package auth
 import (
@ -6,9 +19,9 @@ import (
 	"net/http"
 	"strings"
-	"github.com/cloudbase/garm/config"
+	jwt "github.com/golang-jwt/jwt/v5"
-	"github.com/golang-jwt/jwt"
+	"github.com/cloudbase/garm/config"
 )
 type MetricsMiddleware struct {
@ -23,17 +36,16 @@ func NewMetricsMiddleware(cfg config.JWTAuth) (*MetricsMiddleware, error) {
 func (m *MetricsMiddleware) Middleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		ctx := r.Context()
 		authorizationHeader := r.Header.Get("authorization")
 		if authorizationHeader == "" {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 		bearerToken := strings.Split(authorizationHeader, " ")
 		if len(bearerToken) != 2 {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
@ -44,20 +56,19 @@ func (m *MetricsMiddleware) Middleware(next http.Handler) http.Handler {
 			}
 			return []byte(m.cfg.Secret), nil
 		})
 		if err != nil {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 		if !token.Valid {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 		// we fully trust the claims
 		if !claims.ReadMetrics {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
--- a/build-webapp.sh
+++ b/build-webapp.sh
@ -0,0 +1,16 @@
 #!/bin/bash
 set -e
 echo "Building GARM SPA (SvelteKit)..."
 # Navigate to webapp directory
 cd webapp
 # Install dependencies if node_modules doesn't exist
 npm install
 # Build the SPA
 echo "Building SPA..."
 npm run build
 echo "SPA built successfully!"
--- a/cache/cache_test.go
+++ b/cache/cache_test.go
--- a/cache/credentials_cache.go
+++ b/cache/credentials_cache.go
@ -0,0 +1,148 @@
 // Copyright 2025 Cloudbase Solutions SRL
 //
 //	Licensed under the Apache License, Version 2.0 (the "License"); you may
 //	not use this file except in compliance with the License. You may obtain
 //	a copy of the License at
 //
 //	     http://www.apache.org/licenses/LICENSE-2.0
 //
 //	Unless required by applicable law or agreed to in writing, software
 //	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 //	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 //	License for the specific language governing permissions and limitations
 //	under the License.
 package cache
 import (
 	"sync"
 	"github.com/cloudbase/garm/params"
 )
 var (
 	credentialsCache      *CredentialCache
 	giteaCredentialsCache *CredentialCache
 )
 func init() {
 	ghCredentialsCache := &CredentialCache{
 		cache: make(map[uint]params.ForgeCredentials),
 	}
 	gtCredentialsCache := &CredentialCache{
 		cache: make(map[uint]params.ForgeCredentials),
 	}
 	credentialsCache = ghCredentialsCache
 	giteaCredentialsCache = gtCredentialsCache
 }
 type CredentialCache struct {
 	mux sync.Mutex
 	cache map[uint]params.ForgeCredentials
 }
 func (g *CredentialCache) SetCredentialsRateLimit(credsID uint, rateLimit params.GithubRateLimit) {
 	g.mux.Lock()
 	defer g.mux.Unlock()
 	if creds, ok := g.cache[credsID]; ok {
 		creds.RateLimit = &rateLimit
 		g.cache[credsID] = creds
 	}
 }
 func (g *CredentialCache) SetCredentials(credentials params.ForgeCredentials) {
 	g.mux.Lock()
 	defer g.mux.Unlock()
 	g.cache[credentials.ID] = credentials
 	UpdateCredentialsInAffectedEntities(credentials)
 }
 func (g *CredentialCache) GetCredentials(id uint) (params.ForgeCredentials, bool) {
 	g.mux.Lock()
 	defer g.mux.Unlock()
 	if creds, ok := g.cache[id]; ok {
 		return creds, true
 	}
 	return params.ForgeCredentials{}, false
 }
 func (g *CredentialCache) DeleteCredentials(id uint) {
 	g.mux.Lock()
 	defer g.mux.Unlock()
 	delete(g.cache, id)
 }
 func (g *CredentialCache) GetAllCredentials() []params.ForgeCredentials {
 	g.mux.Lock()
 	defer g.mux.Unlock()
 	creds := make([]params.ForgeCredentials, 0, len(g.cache))
 	for _, cred := range g.cache {
 		creds = append(creds, cred)
 	}
 	// Sort the credentials by ID
 	sortByID(creds)
 	return creds
 }
 func (g *CredentialCache) GetAllCredentialsAsMap() map[uint]params.ForgeCredentials {
 	g.mux.Lock()
 	defer g.mux.Unlock()
 	creds := make(map[uint]params.ForgeCredentials, len(g.cache))
 	for id, cred := range g.cache {
 		creds[id] = cred
 	}
 	return creds
 }
 func SetGithubCredentials(credentials params.ForgeCredentials) {
 	credentialsCache.SetCredentials(credentials)
 }
 func GetGithubCredentials(id uint) (params.ForgeCredentials, bool) {
 	return credentialsCache.GetCredentials(id)
 }
 func DeleteGithubCredentials(id uint) {
 	credentialsCache.DeleteCredentials(id)
 }
 func GetAllGithubCredentials() []params.ForgeCredentials {
 	return credentialsCache.GetAllCredentials()
 }
 func SetCredentialsRateLimit(credsID uint, rateLimit params.GithubRateLimit) {
 	credentialsCache.SetCredentialsRateLimit(credsID, rateLimit)
 }
 func GetAllGithubCredentialsAsMap() map[uint]params.ForgeCredentials {
 	return credentialsCache.GetAllCredentialsAsMap()
 }
 func SetGiteaCredentials(credentials params.ForgeCredentials) {
 	giteaCredentialsCache.SetCredentials(credentials)
 }
 func GetGiteaCredentials(id uint) (params.ForgeCredentials, bool) {
 	return giteaCredentialsCache.GetCredentials(id)
 }
 func DeleteGiteaCredentials(id uint) {
 	giteaCredentialsCache.DeleteCredentials(id)
 }
 func GetAllGiteaCredentials() []params.ForgeCredentials {
 	return giteaCredentialsCache.GetAllCredentials()
 }
 func GetAllGiteaCredentialsAsMap() map[uint]params.ForgeCredentials {
 	return giteaCredentialsCache.GetAllCredentialsAsMap()
 }
--- a/cache/entity_cache.go
+++ b/cache/entity_cache.go
@ -0,0 +1,435 @@
 // Copyright 2025 Cloudbase Solutions SRL
 //
 //	Licensed under the Apache License, Version 2.0 (the "License"); you may
 //	not use this file except in compliance with the License. You may obtain
 //	a copy of the License at
 //
 //	     http://www.apache.org/licenses/LICENSE-2.0
 //
 //	Unless required by applicable law or agreed to in writing, software
 //	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 //	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 //	License for the specific language governing permissions and limitations
 //	under the License.
 package cache
 import (
 	"sync"
 	"time"
 	"github.com/cloudbase/garm/params"
 )
 var entityCache *EntityCache
 func init() {
 	ghEntityCache := &EntityCache{
 		entities: make(map[string]EntityItem),
 	}
 	entityCache = ghEntityCache
 }
 type RunnerGroupEntry struct {
 	RunnerGroupID int64
 	time          time.Time
 }
 type EntityItem struct {
 	Entity       params.ForgeEntity
 	Pools        map[string]params.Pool
 	ScaleSets    map[uint]params.ScaleSet
 	RunnerGroups map[string]RunnerGroupEntry
 }
 type EntityCache struct {
 	mux sync.Mutex
 	// entity IDs are UUID4s. It is highly unlikely they will collide (🤞).
 	entities map[string]EntityItem
 }
 func (e *EntityCache) UpdateCredentialsInAffectedEntities(creds params.ForgeCredentials) {
 	e.mux.Lock()
 	defer e.mux.Unlock()
 	for entityID, cache := range e.entities {
 		if cache.Entity.Credentials.GetID() == creds.GetID() {
 			cache.Entity.Credentials = creds
 			e.entities[entityID] = cache
 		}
 	}
 }
 func (e *EntityCache) GetEntity(entityID string) (params.ForgeEntity, bool) {
 	e.mux.Lock()
 	defer e.mux.Unlock()
 	if cache, ok := e.entities[entityID]; ok {
 		var creds params.ForgeCredentials
 		var ok bool
 		switch cache.Entity.Credentials.ForgeType {
 		case params.GithubEndpointType:
 			creds, ok = GetGithubCredentials(cache.Entity.Credentials.ID)
 		case params.GiteaEndpointType:
 			creds, ok = GetGiteaCredentials(cache.Entity.Credentials.ID)
 		}
 		if ok {
 			cache.Entity.Credentials = creds
 		}
 		return cache.Entity, true
 	}
 	return params.ForgeEntity{}, false
 }
 func (e *EntityCache) SetEntity(entity params.ForgeEntity) {
 	e.mux.Lock()
 	defer e.mux.Unlock()
 	cache, ok := e.entities[entity.ID]
 	if !ok {
 		e.entities[entity.ID] = EntityItem{
 			Entity:       entity,
 			Pools:        make(map[string]params.Pool),
 			ScaleSets:    make(map[uint]params.ScaleSet),
 			RunnerGroups: make(map[string]RunnerGroupEntry),
 		}
 		return
 	}
 	cache.Entity = entity
 	e.entities[entity.ID] = cache
 }
 func (e *EntityCache) ReplaceEntityPools(entityID string, pools []params.Pool) {
 	e.mux.Lock()
 	defer e.mux.Unlock()
 	cache, ok := e.entities[entityID]
 	if !ok {
 		return
 	}
 	poolsByID := map[string]params.Pool{}
 	for _, pool := range pools {
 		poolsByID[pool.ID] = pool
 	}
 	cache.Pools = poolsByID
 	e.entities[entityID] = cache
 }
 func (e *EntityCache) ReplaceEntityScaleSets(entityID string, scaleSets []params.ScaleSet) {
 	e.mux.Lock()
 	defer e.mux.Unlock()
 	cache, ok := e.entities[entityID]
 	if !ok {
 		return
 	}
 	scaleSetsByID := map[uint]params.ScaleSet{}
 	for _, scaleSet := range scaleSets {
 		scaleSetsByID[scaleSet.ID] = scaleSet
 	}
 	cache.ScaleSets = scaleSetsByID
 	e.entities[entityID] = cache
 }
 func (e *EntityCache) DeleteEntity(entityID string) {
 	e.mux.Lock()
 	defer e.mux.Unlock()
 	delete(e.entities, entityID)
 }
 func (e *EntityCache) SetEntityPool(entityID string, pool params.Pool) {
 	e.mux.Lock()
 	defer e.mux.Unlock()
 	if cache, ok := e.entities[entityID]; ok {
 		cache.Pools[pool.ID] = pool
 		e.entities[entityID] = cache
 	}
 }
 func (e *EntityCache) SetEntityScaleSet(entityID string, scaleSet params.ScaleSet) {
 	e.mux.Lock()
 	defer e.mux.Unlock()
 	if cache, ok := e.entities[entityID]; ok {
 		cache.ScaleSets[scaleSet.ID] = scaleSet
 		e.entities[entityID] = cache
 	}
 }
 func (e *EntityCache) DeleteEntityPool(entityID string, poolID string) {
 	e.mux.Lock()
 	defer e.mux.Unlock()
 	if cache, ok := e.entities[entityID]; ok {
 		delete(cache.Pools, poolID)
 		e.entities[entityID] = cache
 	}
 }
 func (e *EntityCache) DeleteEntityScaleSet(entityID string, scaleSetID uint) {
 	e.mux.Lock()
 	defer e.mux.Unlock()
 	if cache, ok := e.entities[entityID]; ok {
 		delete(cache.ScaleSets, scaleSetID)
 		e.entities[entityID] = cache
 	}
 }
 func (e *EntityCache) GetEntityPool(entityID string, poolID string) (params.Pool, bool) {
 	e.mux.Lock()
 	defer e.mux.Unlock()
 	if cache, ok := e.entities[entityID]; ok {
 		if pool, ok := cache.Pools[poolID]; ok {
 			return pool, true
 		}
 	}
 	return params.Pool{}, false
 }
 func (e *EntityCache) GetEntityScaleSet(entityID string, scaleSetID uint) (params.ScaleSet, bool) {
 	e.mux.Lock()
 	defer e.mux.Unlock()
 	if cache, ok := e.entities[entityID]; ok {
 		if scaleSet, ok := cache.ScaleSets[scaleSetID]; ok {
 			return scaleSet, true
 		}
 	}
 	return params.ScaleSet{}, false
 }
 func (e *EntityCache) FindPoolsMatchingAllTags(entityID string, tags []string) []params.Pool {
 	e.mux.Lock()
 	defer e.mux.Unlock()
 	if cache, ok := e.entities[entityID]; ok {
 		var pools []params.Pool
 		for _, pool := range cache.Pools {
 			if pool.HasRequiredLabels(tags) {
 				pools = append(pools, pool)
 			}
 		}
 		// Sort the pools by creation date.
 		sortByCreationDate(pools)
 		return pools
 	}
 	return nil
 }
 func (e *EntityCache) GetEntityPools(entityID string) []params.Pool {
 	e.mux.Lock()
 	defer e.mux.Unlock()
 	if cache, ok := e.entities[entityID]; ok {
 		var pools []params.Pool
 		for _, pool := range cache.Pools {
 			pools = append(pools, pool)
 		}
 		// Sort the pools by creation date.
 		sortByCreationDate(pools)
 		return pools
 	}
 	return nil
 }
 func (e *EntityCache) GetEntityScaleSets(entityID string) []params.ScaleSet {
 	e.mux.Lock()
 	defer e.mux.Unlock()
 	if cache, ok := e.entities[entityID]; ok {
 		var scaleSets []params.ScaleSet
 		for _, scaleSet := range cache.ScaleSets {
 			scaleSets = append(scaleSets, scaleSet)
 		}
 		// Sort the scale sets by creation date.
 		sortByID(scaleSets)
 		return scaleSets
 	}
 	return nil
 }
 func (e *EntityCache) GetEntitiesUsingCredentials(creds params.ForgeCredentials) []params.ForgeEntity {
 	e.mux.Lock()
 	defer e.mux.Unlock()
 	var entities []params.ForgeEntity
 	for _, cache := range e.entities {
 		if cache.Entity.Credentials.ForgeType != creds.ForgeType {
 			continue
 		}
 		if cache.Entity.Credentials.GetID() == creds.GetID() {
 			entities = append(entities, cache.Entity)
 		}
 	}
 	sortByCreationDate(entities)
 	return entities
 }
 func (e *EntityCache) GetAllEntities() []params.ForgeEntity {
 	e.mux.Lock()
 	defer e.mux.Unlock()
 	var entities []params.ForgeEntity
 	for _, cache := range e.entities {
 		// Get the credentials from the credentials cache.
 		var creds params.ForgeCredentials
 		var ok bool
 		switch cache.Entity.Credentials.ForgeType {
 		case params.GithubEndpointType:
 			creds, ok = GetGithubCredentials(cache.Entity.Credentials.ID)
 		case params.GiteaEndpointType:
 			creds, ok = GetGiteaCredentials(cache.Entity.Credentials.ID)
 		}
 		if ok {
 			cache.Entity.Credentials = creds
 		}
 		entities = append(entities, cache.Entity)
 	}
 	sortByCreationDate(entities)
 	return entities
 }
 func (e *EntityCache) GetAllPools() []params.Pool {
 	e.mux.Lock()
 	defer e.mux.Unlock()
 	var pools []params.Pool
 	for _, cache := range e.entities {
 		for _, pool := range cache.Pools {
 			pools = append(pools, pool)
 		}
 	}
 	sortByCreationDate(pools)
 	return pools
 }
 func (e *EntityCache) GetAllScaleSets() []params.ScaleSet {
 	e.mux.Lock()
 	defer e.mux.Unlock()
 	var scaleSets []params.ScaleSet
 	for _, cache := range e.entities {
 		for _, scaleSet := range cache.ScaleSets {
 			scaleSets = append(scaleSets, scaleSet)
 		}
 	}
 	sortByID(scaleSets)
 	return scaleSets
 }
 func (e *EntityCache) SetEntityRunnerGroup(entityID, runnerGroupName string, runnerGroupID int64) {
 	e.mux.Lock()
 	defer e.mux.Unlock()
 	if _, ok := e.entities[entityID]; ok {
 		e.entities[entityID].RunnerGroups[runnerGroupName] = RunnerGroupEntry{
 			RunnerGroupID: runnerGroupID,
 			time:          time.Now().UTC(),
 		}
 	}
 }
 func (e *EntityCache) GetEntityRunnerGroup(entityID, runnerGroupName string) (int64, bool) {
 	e.mux.Lock()
 	defer e.mux.Unlock()
 	if _, ok := e.entities[entityID]; ok {
 		if runnerGroup, ok := e.entities[entityID].RunnerGroups[runnerGroupName]; ok {
 			if time.Now().UTC().After(runnerGroup.time.Add(1 * time.Hour)) {
 				delete(e.entities[entityID].RunnerGroups, runnerGroupName)
 				return 0, false
 			}
 			return runnerGroup.RunnerGroupID, true
 		}
 	}
 	return 0, false
 }
 func SetEntityRunnerGroup(entityID, runnerGroupName string, runnerGroupID int64) {
 	entityCache.SetEntityRunnerGroup(entityID, runnerGroupName, runnerGroupID)
 }
 func GetEntityRunnerGroup(entityID, runnerGroupName string) (int64, bool) {
 	return entityCache.GetEntityRunnerGroup(entityID, runnerGroupName)
 }
 func GetEntity(entityID string) (params.ForgeEntity, bool) {
 	return entityCache.GetEntity(entityID)
 }
 func SetEntity(entity params.ForgeEntity) {
 	entityCache.SetEntity(entity)
 }
 func ReplaceEntityPools(entityID string, pools []params.Pool) {
 	entityCache.ReplaceEntityPools(entityID, pools)
 }
 func ReplaceEntityScaleSets(entityID string, scaleSets []params.ScaleSet) {
 	entityCache.ReplaceEntityScaleSets(entityID, scaleSets)
 }
 func DeleteEntity(entityID string) {
 	entityCache.DeleteEntity(entityID)
 }
 func SetEntityPool(entityID string, pool params.Pool) {
 	entityCache.SetEntityPool(entityID, pool)
 }
 func SetEntityScaleSet(entityID string, scaleSet params.ScaleSet) {
 	entityCache.SetEntityScaleSet(entityID, scaleSet)
 }
 func DeleteEntityPool(entityID string, poolID string) {
 	entityCache.DeleteEntityPool(entityID, poolID)
 }
 func DeleteEntityScaleSet(entityID string, scaleSetID uint) {
 	entityCache.DeleteEntityScaleSet(entityID, scaleSetID)
 }
 func GetEntityPool(entityID string, poolID string) (params.Pool, bool) {
 	return entityCache.GetEntityPool(entityID, poolID)
 }
 func GetEntityScaleSet(entityID string, scaleSetID uint) (params.ScaleSet, bool) {
 	return entityCache.GetEntityScaleSet(entityID, scaleSetID)
 }
 func FindPoolsMatchingAllTags(entityID string, tags []string) []params.Pool {
 	return entityCache.FindPoolsMatchingAllTags(entityID, tags)
 }
 func GetEntityPools(entityID string) []params.Pool {
 	return entityCache.GetEntityPools(entityID)
 }
 func GetEntityScaleSets(entityID string) []params.ScaleSet {
 	return entityCache.GetEntityScaleSets(entityID)
 }
 func UpdateCredentialsInAffectedEntities(creds params.ForgeCredentials) {
 	entityCache.UpdateCredentialsInAffectedEntities(creds)
 }
 func GetEntitiesUsingCredentials(creds params.ForgeCredentials) []params.ForgeEntity {
 	return entityCache.GetEntitiesUsingCredentials(creds)
 }
 func GetAllEntities() []params.ForgeEntity {
 	return entityCache.GetAllEntities()
 }
 func GetAllPools() []params.Pool {
 	return entityCache.GetAllPools()
 }
 func GetAllScaleSets() []params.ScaleSet {
 	return entityCache.GetAllScaleSets()
 }
--- a/cache/github_client.go
+++ b/cache/github_client.go
@ -0,0 +1,60 @@
 // Copyright 2025 Cloudbase Solutions SRL
 //
 //	Licensed under the Apache License, Version 2.0 (the "License"); you may
 //	not use this file except in compliance with the License. You may obtain
 //	a copy of the License at
 //
 //	     http://www.apache.org/licenses/LICENSE-2.0
 //
 //	Unless required by applicable law or agreed to in writing, software
 //	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 //	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 //	License for the specific language governing permissions and limitations
 //	under the License.
 package cache
 import (
 	"sync"
 	"github.com/cloudbase/garm/runner/common"
 )
 var ghClientCache *GithubClientCache
 type GithubClientCache struct {
 	mux sync.Mutex
 	cache map[string]common.GithubClient
 }
 func init() {
 	clientCache := &GithubClientCache{
 		cache: make(map[string]common.GithubClient),
 	}
 	ghClientCache = clientCache
 }
 func (g *GithubClientCache) SetClient(entityID string, client common.GithubClient) {
 	g.mux.Lock()
 	defer g.mux.Unlock()
 	g.cache[entityID] = client
 }
 func (g *GithubClientCache) GetClient(entityID string) (common.GithubClient, bool) {
 	g.mux.Lock()
 	defer g.mux.Unlock()
 	if client, ok := g.cache[entityID]; ok {
 		return client, true
 	}
 	return nil, false
 }
 func SetGithubClient(entityID string, client common.GithubClient) {
 	ghClientCache.SetClient(entityID, client)
 }
 func GetGithubClient(entityID string) (common.GithubClient, bool) {
 	return ghClientCache.GetClient(entityID)
 }
--- a/cache/instance_cache.go
+++ b/cache/instance_cache.go
@ -0,0 +1,143 @@
 // Copyright 2025 Cloudbase Solutions SRL
 //
 //	Licensed under the Apache License, Version 2.0 (the "License"); you may
 //	not use this file except in compliance with the License. You may obtain
 //	a copy of the License at
 //
 //	     http://www.apache.org/licenses/LICENSE-2.0
 //
 //	Unless required by applicable law or agreed to in writing, software
 //	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 //	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 //	License for the specific language governing permissions and limitations
 //	under the License.
 package cache
 import (
 	"sync"
 	"github.com/cloudbase/garm/params"
 )
 var instanceCache *InstanceCache
 func init() {
 	cache := &InstanceCache{
 		cache: make(map[string]params.Instance),
 	}
 	instanceCache = cache
 }
 type InstanceCache struct {
 	mux sync.Mutex
 	cache map[string]params.Instance
 }
 func (i *InstanceCache) SetInstance(instance params.Instance) {
 	i.mux.Lock()
 	defer i.mux.Unlock()
 	i.cache[instance.Name] = instance
 }
 func (i *InstanceCache) GetInstance(name string) (params.Instance, bool) {
 	i.mux.Lock()
 	defer i.mux.Unlock()
 	if instance, ok := i.cache[name]; ok {
 		return instance, true
 	}
 	return params.Instance{}, false
 }
 func (i *InstanceCache) DeleteInstance(name string) {
 	i.mux.Lock()
 	defer i.mux.Unlock()
 	delete(i.cache, name)
 }
 func (i *InstanceCache) GetAllInstances() []params.Instance {
 	i.mux.Lock()
 	defer i.mux.Unlock()
 	instances := make([]params.Instance, 0, len(i.cache))
 	for _, instance := range i.cache {
 		instances = append(instances, instance)
 	}
 	sortByCreationDate(instances)
 	return instances
 }
 func (i *InstanceCache) GetInstancesForPool(poolID string) []params.Instance {
 	i.mux.Lock()
 	defer i.mux.Unlock()
 	var filteredInstances []params.Instance
 	for _, instance := range i.cache {
 		if instance.PoolID == poolID {
 			filteredInstances = append(filteredInstances, instance)
 		}
 	}
 	sortByCreationDate(filteredInstances)
 	return filteredInstances
 }
 func (i *InstanceCache) GetInstancesForScaleSet(scaleSetID uint) []params.Instance {
 	i.mux.Lock()
 	defer i.mux.Unlock()
 	var filteredInstances []params.Instance
 	for _, instance := range i.cache {
 		if instance.ScaleSetID == scaleSetID {
 			filteredInstances = append(filteredInstances, instance)
 		}
 	}
 	sortByCreationDate(filteredInstances)
 	return filteredInstances
 }
 func (i *InstanceCache) GetEntityInstances(entityID string) []params.Instance {
 	pools := GetEntityPools(entityID)
 	poolsAsMap := map[string]bool{}
 	for _, pool := range pools {
 		poolsAsMap[pool.ID] = true
 	}
 	ret := []params.Instance{}
 	for _, val := range i.GetAllInstances() {
 		if _, ok := poolsAsMap[val.PoolID]; ok {
 			ret = append(ret, val)
 		}
 	}
 	return ret
 }
 func SetInstanceCache(instance params.Instance) {
 	instanceCache.SetInstance(instance)
 }
 func GetInstanceCache(name string) (params.Instance, bool) {
 	return instanceCache.GetInstance(name)
 }
 func DeleteInstanceCache(name string) {
 	instanceCache.DeleteInstance(name)
 }
 func GetAllInstancesCache() []params.Instance {
 	return instanceCache.GetAllInstances()
 }
 func GetInstancesForPool(poolID string) []params.Instance {
 	return instanceCache.GetInstancesForPool(poolID)
 }
 func GetInstancesForScaleSet(scaleSetID uint) []params.Instance {
 	return instanceCache.GetInstancesForScaleSet(scaleSetID)
 }
 func GetEntityInstances(entityID string) []params.Instance {
 	return instanceCache.GetEntityInstances(entityID)
 }
--- a/cache/tools_cache.go
+++ b/cache/tools_cache.go
@ -0,0 +1,116 @@
 // Copyright 2025 Cloudbase Solutions SRL
 //
 //	Licensed under the Apache License, Version 2.0 (the "License"); you may
 //	not use this file except in compliance with the License. You may obtain
 //	a copy of the License at
 //
 //	     http://www.apache.org/licenses/LICENSE-2.0
 //
 //	Unless required by applicable law or agreed to in writing, software
 //	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 //	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 //	License for the specific language governing permissions and limitations
 //	under the License.
 package cache
 import (
 	"fmt"
 	"sync"
 	"time"
 	commonParams "github.com/cloudbase/garm-provider-common/params"
 	"github.com/cloudbase/garm/params"
 )
 var githubToolsCache *GithubToolsCache
 func init() {
 	ghToolsCache := &GithubToolsCache{
 		entities: make(map[string]GithubEntityTools),
 	}
 	githubToolsCache = ghToolsCache
 }
 type GithubEntityTools struct {
 	updatedAt time.Time
 	expiresAt time.Time
 	err       error
 	entity    params.ForgeEntity
 	tools     []commonParams.RunnerApplicationDownload
 }
 type GithubToolsCache struct {
 	mux sync.Mutex
 	// entity IDs are UUID4s. It is highly unlikely they will collide (🤞).
 	entities map[string]GithubEntityTools
 }
 func (g *GithubToolsCache) Get(entityID string) ([]commonParams.RunnerApplicationDownload, error) {
 	g.mux.Lock()
 	defer g.mux.Unlock()
 	if cache, ok := g.entities[entityID]; ok {
 		if cache.entity.Credentials.ForgeType == params.GithubEndpointType {
 			if time.Now().UTC().After(cache.expiresAt.Add(-5 * time.Minute)) {
 				// Stale cache, remove it.
 				delete(g.entities, entityID)
 				return nil, fmt.Errorf("cache expired for entity %s", entityID)
 			}
 		}
 		if cache.err != nil {
 			return nil, cache.err
 		}
 		return cache.tools, nil
 	}
 	return nil, fmt.Errorf("no cache found for entity %s", entityID)
 }
 func (g *GithubToolsCache) Set(entity params.ForgeEntity, tools []commonParams.RunnerApplicationDownload) {
 	g.mux.Lock()
 	defer g.mux.Unlock()
 	forgeTools := GithubEntityTools{
 		updatedAt: time.Now(),
 		entity:    entity,
 		tools:     tools,
 		err:       nil,
 	}
 	if entity.Credentials.ForgeType == params.GithubEndpointType {
 		forgeTools.expiresAt = time.Now().Add(1 * time.Hour)
 	}
 	g.entities[entity.ID] = forgeTools
 }
 func (g *GithubToolsCache) SetToolsError(entity params.ForgeEntity, err error) {
 	g.mux.Lock()
 	defer g.mux.Unlock()
 	// If the entity is not in the cache, add it with the error.
 	cache, ok := g.entities[entity.ID]
 	if !ok {
 		g.entities[entity.ID] = GithubEntityTools{
 			updatedAt: time.Now(),
 			entity:    entity,
 			err:       err,
 		}
 		return
 	}
 	// Update the error for the existing entity.
 	cache.err = err
 	g.entities[entity.ID] = cache
 }
 func SetGithubToolsCache(entity params.ForgeEntity, tools []commonParams.RunnerApplicationDownload) {
 	githubToolsCache.Set(entity, tools)
 }
 func GetGithubToolsCache(entityID string) ([]commonParams.RunnerApplicationDownload, error) {
 	return githubToolsCache.Get(entityID)
 }
 func SetGithubToolsCacheError(entity params.ForgeEntity, err error) {
 	githubToolsCache.SetToolsError(entity, err)
 }
--- a/cache/util.go
+++ b/cache/util.go
@ -0,0 +1,32 @@
 // Copyright 2025 Cloudbase Solutions SRL
 //
 //	Licensed under the Apache License, Version 2.0 (the "License"); you may
 //	not use this file except in compliance with the License. You may obtain
 //	a copy of the License at
 //
 //	     http://www.apache.org/licenses/LICENSE-2.0
 //
 //	Unless required by applicable law or agreed to in writing, software
 //	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 //	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 //	License for the specific language governing permissions and limitations
 //	under the License.
 package cache
 import (
 	"sort"
 	"github.com/cloudbase/garm/params"
 )
 func sortByID[T params.IDGetter](s []T) {
 	sort.Slice(s, func(i, j int) bool {
 		return s[i].GetID() < s[j].GetID()
 	})
 }
 func sortByCreationDate[T params.CreationDateGetter](s []T) {
 	sort.Slice(s, func(i, j int) bool {
 		return s[i].GetCreatedAt().Before(s[j].GetCreatedAt())
 	})
 }
--- a/client/controller/controller_client.go
+++ b/client/controller/controller_client.go
@ -0,0 +1,106 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package controller
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"fmt"
 	"github.com/go-openapi/runtime"
 	httptransport "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 )
 // New creates a new controller API client.
 func New(transport runtime.ClientTransport, formats strfmt.Registry) ClientService {
 	return &Client{transport: transport, formats: formats}
 }
 // New creates a new controller API client with basic auth credentials.
 // It takes the following parameters:
 // - host: http host (github.com).
 // - basePath: any base path for the API client ("/v1", "/v3").
 // - scheme: http scheme ("http", "https").
 // - user: user for basic authentication header.
 // - password: password for basic authentication header.
 func NewClientWithBasicAuth(host, basePath, scheme, user, password string) ClientService {
 	transport := httptransport.New(host, basePath, []string{scheme})
 	transport.DefaultAuthentication = httptransport.BasicAuth(user, password)
 	return &Client{transport: transport, formats: strfmt.Default}
 }
 // New creates a new controller API client with a bearer token for authentication.
 // It takes the following parameters:
 // - host: http host (github.com).
 // - basePath: any base path for the API client ("/v1", "/v3").
 // - scheme: http scheme ("http", "https").
 // - bearerToken: bearer token for Bearer authentication header.
 func NewClientWithBearerToken(host, basePath, scheme, bearerToken string) ClientService {
 	transport := httptransport.New(host, basePath, []string{scheme})
 	transport.DefaultAuthentication = httptransport.BearerToken(bearerToken)
 	return &Client{transport: transport, formats: strfmt.Default}
 }
 /*
 Client for controller API
 */
 type Client struct {
 	transport runtime.ClientTransport
 	formats   strfmt.Registry
 }
 // ClientOption may be used to customize the behavior of Client methods.
 type ClientOption func(*runtime.ClientOperation)
 // ClientService is the interface for Client methods
 type ClientService interface {
 	UpdateController(params *UpdateControllerParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateControllerOK, error)
 	SetTransport(transport runtime.ClientTransport)
 }
 /*
 UpdateController updates controller
 */
 func (a *Client) UpdateController(params *UpdateControllerParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateControllerOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewUpdateControllerParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "UpdateController",
 		Method:             "PUT",
 		PathPattern:        "/controller",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &UpdateControllerReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*UpdateControllerOK)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
 	msg := fmt.Sprintf("unexpected success response for UpdateController: API contract not enforced by server. Client expected to get an error, but got: %T", result)
 	panic(msg)
 }
 // SetTransport changes the transport on the client
 func (a *Client) SetTransport(transport runtime.ClientTransport) {
 	a.transport = transport
 }
--- a/client/controller/update_controller_parameters.go
+++ b/client/controller/update_controller_parameters.go
@ -0,0 +1,151 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package controller
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // NewUpdateControllerParams creates a new UpdateControllerParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewUpdateControllerParams() *UpdateControllerParams {
 	return &UpdateControllerParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewUpdateControllerParamsWithTimeout creates a new UpdateControllerParams object
 // with the ability to set a timeout on a request.
 func NewUpdateControllerParamsWithTimeout(timeout time.Duration) *UpdateControllerParams {
 	return &UpdateControllerParams{
 		timeout: timeout,
 	}
 }
 // NewUpdateControllerParamsWithContext creates a new UpdateControllerParams object
 // with the ability to set a context for a request.
 func NewUpdateControllerParamsWithContext(ctx context.Context) *UpdateControllerParams {
 	return &UpdateControllerParams{
 		Context: ctx,
 	}
 }
 // NewUpdateControllerParamsWithHTTPClient creates a new UpdateControllerParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewUpdateControllerParamsWithHTTPClient(client *http.Client) *UpdateControllerParams {
 	return &UpdateControllerParams{
 		HTTPClient: client,
 	}
 }
 /*
 UpdateControllerParams contains all the parameters to send to the API endpoint
 	for the update controller operation.
 	Typically these are written to a http.Request.
 */
 type UpdateControllerParams struct {
 	/* Body.
 	   Parameters used when updating the controller.
 	*/
 	Body garm_params.UpdateControllerParams
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the update controller params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *UpdateControllerParams) WithDefaults() *UpdateControllerParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the update controller params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *UpdateControllerParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the update controller params
 func (o *UpdateControllerParams) WithTimeout(timeout time.Duration) *UpdateControllerParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the update controller params
 func (o *UpdateControllerParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the update controller params
 func (o *UpdateControllerParams) WithContext(ctx context.Context) *UpdateControllerParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the update controller params
 func (o *UpdateControllerParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the update controller params
 func (o *UpdateControllerParams) WithHTTPClient(client *http.Client) *UpdateControllerParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the update controller params
 func (o *UpdateControllerParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithBody adds the body to the update controller params
 func (o *UpdateControllerParams) WithBody(body garm_params.UpdateControllerParams) *UpdateControllerParams {
 	o.SetBody(body)
 	return o
 }
 // SetBody adds the body to the update controller params
 func (o *UpdateControllerParams) SetBody(body garm_params.UpdateControllerParams) {
 	o.Body = body
 }
 // WriteToRequest writes these params to a swagger request
 func (o *UpdateControllerParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	if err := r.SetBodyParam(o.Body); err != nil {
 		return err
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/controller/update_controller_responses.go
+++ b/client/controller/update_controller_responses.go
@ -0,0 +1,179 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package controller
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // UpdateControllerReader is a Reader for the UpdateController structure.
 type UpdateControllerReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *UpdateControllerReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 200:
 		result := NewUpdateControllerOK()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	case 400:
 		result := NewUpdateControllerBadRequest()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return nil, result
 	default:
 		return nil, runtime.NewAPIError("[PUT /controller] UpdateController", response, response.Code())
 	}
 }
 // NewUpdateControllerOK creates a UpdateControllerOK with default headers values
 func NewUpdateControllerOK() *UpdateControllerOK {
 	return &UpdateControllerOK{}
 }
 /*
 UpdateControllerOK describes a response with status code 200, with default header values.
 ControllerInfo
 */
 type UpdateControllerOK struct {
 	Payload garm_params.ControllerInfo
 }
 // IsSuccess returns true when this update controller o k response has a 2xx status code
 func (o *UpdateControllerOK) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this update controller o k response has a 3xx status code
 func (o *UpdateControllerOK) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this update controller o k response has a 4xx status code
 func (o *UpdateControllerOK) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this update controller o k response has a 5xx status code
 func (o *UpdateControllerOK) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this update controller o k response a status code equal to that given
 func (o *UpdateControllerOK) IsCode(code int) bool {
 	return code == 200
 }
 // Code gets the status code for the update controller o k response
 func (o *UpdateControllerOK) Code() int {
 	return 200
 }
 func (o *UpdateControllerOK) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[PUT /controller][%d] updateControllerOK %s", 200, payload)
 }
 func (o *UpdateControllerOK) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[PUT /controller][%d] updateControllerOK %s", 200, payload)
 }
 func (o *UpdateControllerOK) GetPayload() garm_params.ControllerInfo {
 	return o.Payload
 }
 func (o *UpdateControllerOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewUpdateControllerBadRequest creates a UpdateControllerBadRequest with default headers values
 func NewUpdateControllerBadRequest() *UpdateControllerBadRequest {
 	return &UpdateControllerBadRequest{}
 }
 /*
 UpdateControllerBadRequest describes a response with status code 400, with default header values.
 APIErrorResponse
 */
 type UpdateControllerBadRequest struct {
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this update controller bad request response has a 2xx status code
 func (o *UpdateControllerBadRequest) IsSuccess() bool {
 	return false
 }
 // IsRedirect returns true when this update controller bad request response has a 3xx status code
 func (o *UpdateControllerBadRequest) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this update controller bad request response has a 4xx status code
 func (o *UpdateControllerBadRequest) IsClientError() bool {
 	return true
 }
 // IsServerError returns true when this update controller bad request response has a 5xx status code
 func (o *UpdateControllerBadRequest) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this update controller bad request response a status code equal to that given
 func (o *UpdateControllerBadRequest) IsCode(code int) bool {
 	return code == 400
 }
 // Code gets the status code for the update controller bad request response
 func (o *UpdateControllerBadRequest) Code() int {
 	return 400
 }
 func (o *UpdateControllerBadRequest) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[PUT /controller][%d] updateControllerBadRequest %s", 400, payload)
 }
 func (o *UpdateControllerBadRequest) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[PUT /controller][%d] updateControllerBadRequest %s", 400, payload)
 }
 func (o *UpdateControllerBadRequest) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *UpdateControllerBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/controller_info/controller_info_client.go
+++ b/client/controller_info/controller_info_client.go
@ -0,0 +1,106 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package controller_info
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"fmt"
 	"github.com/go-openapi/runtime"
 	httptransport "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 )
 // New creates a new controller info API client.
 func New(transport runtime.ClientTransport, formats strfmt.Registry) ClientService {
 	return &Client{transport: transport, formats: formats}
 }
 // New creates a new controller info API client with basic auth credentials.
 // It takes the following parameters:
 // - host: http host (github.com).
 // - basePath: any base path for the API client ("/v1", "/v3").
 // - scheme: http scheme ("http", "https").
 // - user: user for basic authentication header.
 // - password: password for basic authentication header.
 func NewClientWithBasicAuth(host, basePath, scheme, user, password string) ClientService {
 	transport := httptransport.New(host, basePath, []string{scheme})
 	transport.DefaultAuthentication = httptransport.BasicAuth(user, password)
 	return &Client{transport: transport, formats: strfmt.Default}
 }
 // New creates a new controller info API client with a bearer token for authentication.
 // It takes the following parameters:
 // - host: http host (github.com).
 // - basePath: any base path for the API client ("/v1", "/v3").
 // - scheme: http scheme ("http", "https").
 // - bearerToken: bearer token for Bearer authentication header.
 func NewClientWithBearerToken(host, basePath, scheme, bearerToken string) ClientService {
 	transport := httptransport.New(host, basePath, []string{scheme})
 	transport.DefaultAuthentication = httptransport.BearerToken(bearerToken)
 	return &Client{transport: transport, formats: strfmt.Default}
 }
 /*
 Client for controller info API
 */
 type Client struct {
 	transport runtime.ClientTransport
 	formats   strfmt.Registry
 }
 // ClientOption may be used to customize the behavior of Client methods.
 type ClientOption func(*runtime.ClientOperation)
 // ClientService is the interface for Client methods
 type ClientService interface {
 	ControllerInfo(params *ControllerInfoParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ControllerInfoOK, error)
 	SetTransport(transport runtime.ClientTransport)
 }
 /*
 ControllerInfo gets controller info
 */
 func (a *Client) ControllerInfo(params *ControllerInfoParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ControllerInfoOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewControllerInfoParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "ControllerInfo",
 		Method:             "GET",
 		PathPattern:        "/controller-info",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &ControllerInfoReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*ControllerInfoOK)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
 	msg := fmt.Sprintf("unexpected success response for ControllerInfo: API contract not enforced by server. Client expected to get an error, but got: %T", result)
 	panic(msg)
 }
 // SetTransport changes the transport on the client
 func (a *Client) SetTransport(transport runtime.ClientTransport) {
 	a.transport = transport
 }
--- a/client/controller_info/controller_info_parameters.go
+++ b/client/controller_info/controller_info_parameters.go
@ -0,0 +1,128 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package controller_info
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 )
 // NewControllerInfoParams creates a new ControllerInfoParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewControllerInfoParams() *ControllerInfoParams {
 	return &ControllerInfoParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewControllerInfoParamsWithTimeout creates a new ControllerInfoParams object
 // with the ability to set a timeout on a request.
 func NewControllerInfoParamsWithTimeout(timeout time.Duration) *ControllerInfoParams {
 	return &ControllerInfoParams{
 		timeout: timeout,
 	}
 }
 // NewControllerInfoParamsWithContext creates a new ControllerInfoParams object
 // with the ability to set a context for a request.
 func NewControllerInfoParamsWithContext(ctx context.Context) *ControllerInfoParams {
 	return &ControllerInfoParams{
 		Context: ctx,
 	}
 }
 // NewControllerInfoParamsWithHTTPClient creates a new ControllerInfoParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewControllerInfoParamsWithHTTPClient(client *http.Client) *ControllerInfoParams {
 	return &ControllerInfoParams{
 		HTTPClient: client,
 	}
 }
 /*
 ControllerInfoParams contains all the parameters to send to the API endpoint
 	for the controller info operation.
 	Typically these are written to a http.Request.
 */
 type ControllerInfoParams struct {
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the controller info params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *ControllerInfoParams) WithDefaults() *ControllerInfoParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the controller info params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *ControllerInfoParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the controller info params
 func (o *ControllerInfoParams) WithTimeout(timeout time.Duration) *ControllerInfoParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the controller info params
 func (o *ControllerInfoParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the controller info params
 func (o *ControllerInfoParams) WithContext(ctx context.Context) *ControllerInfoParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the controller info params
 func (o *ControllerInfoParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the controller info params
 func (o *ControllerInfoParams) WithHTTPClient(client *http.Client) *ControllerInfoParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the controller info params
 func (o *ControllerInfoParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WriteToRequest writes these params to a swagger request
 func (o *ControllerInfoParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/controller_info/controller_info_responses.go
+++ b/client/controller_info/controller_info_responses.go
@ -0,0 +1,179 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package controller_info
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // ControllerInfoReader is a Reader for the ControllerInfo structure.
 type ControllerInfoReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *ControllerInfoReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 200:
 		result := NewControllerInfoOK()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	case 409:
 		result := NewControllerInfoConflict()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return nil, result
 	default:
 		return nil, runtime.NewAPIError("[GET /controller-info] ControllerInfo", response, response.Code())
 	}
 }
 // NewControllerInfoOK creates a ControllerInfoOK with default headers values
 func NewControllerInfoOK() *ControllerInfoOK {
 	return &ControllerInfoOK{}
 }
 /*
 ControllerInfoOK describes a response with status code 200, with default header values.
 ControllerInfo
 */
 type ControllerInfoOK struct {
 	Payload garm_params.ControllerInfo
 }
 // IsSuccess returns true when this controller info o k response has a 2xx status code
 func (o *ControllerInfoOK) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this controller info o k response has a 3xx status code
 func (o *ControllerInfoOK) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this controller info o k response has a 4xx status code
 func (o *ControllerInfoOK) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this controller info o k response has a 5xx status code
 func (o *ControllerInfoOK) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this controller info o k response a status code equal to that given
 func (o *ControllerInfoOK) IsCode(code int) bool {
 	return code == 200
 }
 // Code gets the status code for the controller info o k response
 func (o *ControllerInfoOK) Code() int {
 	return 200
 }
 func (o *ControllerInfoOK) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /controller-info][%d] controllerInfoOK %s", 200, payload)
 }
 func (o *ControllerInfoOK) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /controller-info][%d] controllerInfoOK %s", 200, payload)
 }
 func (o *ControllerInfoOK) GetPayload() garm_params.ControllerInfo {
 	return o.Payload
 }
 func (o *ControllerInfoOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewControllerInfoConflict creates a ControllerInfoConflict with default headers values
 func NewControllerInfoConflict() *ControllerInfoConflict {
 	return &ControllerInfoConflict{}
 }
 /*
 ControllerInfoConflict describes a response with status code 409, with default header values.
 APIErrorResponse
 */
 type ControllerInfoConflict struct {
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this controller info conflict response has a 2xx status code
 func (o *ControllerInfoConflict) IsSuccess() bool {
 	return false
 }
 // IsRedirect returns true when this controller info conflict response has a 3xx status code
 func (o *ControllerInfoConflict) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this controller info conflict response has a 4xx status code
 func (o *ControllerInfoConflict) IsClientError() bool {
 	return true
 }
 // IsServerError returns true when this controller info conflict response has a 5xx status code
 func (o *ControllerInfoConflict) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this controller info conflict response a status code equal to that given
 func (o *ControllerInfoConflict) IsCode(code int) bool {
 	return code == 409
 }
 // Code gets the status code for the controller info conflict response
 func (o *ControllerInfoConflict) Code() int {
 	return 409
 }
 func (o *ControllerInfoConflict) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /controller-info][%d] controllerInfoConflict %s", 409, payload)
 }
 func (o *ControllerInfoConflict) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /controller-info][%d] controllerInfoConflict %s", 409, payload)
 }
 func (o *ControllerInfoConflict) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *ControllerInfoConflict) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/credentials/create_credentials_parameters.go
+++ b/client/credentials/create_credentials_parameters.go
@ -0,0 +1,151 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package credentials
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // NewCreateCredentialsParams creates a new CreateCredentialsParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewCreateCredentialsParams() *CreateCredentialsParams {
 	return &CreateCredentialsParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewCreateCredentialsParamsWithTimeout creates a new CreateCredentialsParams object
 // with the ability to set a timeout on a request.
 func NewCreateCredentialsParamsWithTimeout(timeout time.Duration) *CreateCredentialsParams {
 	return &CreateCredentialsParams{
 		timeout: timeout,
 	}
 }
 // NewCreateCredentialsParamsWithContext creates a new CreateCredentialsParams object
 // with the ability to set a context for a request.
 func NewCreateCredentialsParamsWithContext(ctx context.Context) *CreateCredentialsParams {
 	return &CreateCredentialsParams{
 		Context: ctx,
 	}
 }
 // NewCreateCredentialsParamsWithHTTPClient creates a new CreateCredentialsParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewCreateCredentialsParamsWithHTTPClient(client *http.Client) *CreateCredentialsParams {
 	return &CreateCredentialsParams{
 		HTTPClient: client,
 	}
 }
 /*
 CreateCredentialsParams contains all the parameters to send to the API endpoint
 	for the create credentials operation.
 	Typically these are written to a http.Request.
 */
 type CreateCredentialsParams struct {
 	/* Body.
 	   Parameters used when creating a GitHub credential.
 	*/
 	Body garm_params.CreateGithubCredentialsParams
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the create credentials params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *CreateCredentialsParams) WithDefaults() *CreateCredentialsParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the create credentials params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *CreateCredentialsParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the create credentials params
 func (o *CreateCredentialsParams) WithTimeout(timeout time.Duration) *CreateCredentialsParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the create credentials params
 func (o *CreateCredentialsParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the create credentials params
 func (o *CreateCredentialsParams) WithContext(ctx context.Context) *CreateCredentialsParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the create credentials params
 func (o *CreateCredentialsParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the create credentials params
 func (o *CreateCredentialsParams) WithHTTPClient(client *http.Client) *CreateCredentialsParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the create credentials params
 func (o *CreateCredentialsParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithBody adds the body to the create credentials params
 func (o *CreateCredentialsParams) WithBody(body garm_params.CreateGithubCredentialsParams) *CreateCredentialsParams {
 	o.SetBody(body)
 	return o
 }
 // SetBody adds the body to the create credentials params
 func (o *CreateCredentialsParams) SetBody(body garm_params.CreateGithubCredentialsParams) {
 	o.Body = body
 }
 // WriteToRequest writes these params to a swagger request
 func (o *CreateCredentialsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	if err := r.SetBodyParam(o.Body); err != nil {
 		return err
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/credentials/create_credentials_responses.go
+++ b/client/credentials/create_credentials_responses.go
@ -0,0 +1,179 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package credentials
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // CreateCredentialsReader is a Reader for the CreateCredentials structure.
 type CreateCredentialsReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *CreateCredentialsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 200:
 		result := NewCreateCredentialsOK()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	case 400:
 		result := NewCreateCredentialsBadRequest()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return nil, result
 	default:
 		return nil, runtime.NewAPIError("[POST /github/credentials] CreateCredentials", response, response.Code())
 	}
 }
 // NewCreateCredentialsOK creates a CreateCredentialsOK with default headers values
 func NewCreateCredentialsOK() *CreateCredentialsOK {
 	return &CreateCredentialsOK{}
 }
 /*
 CreateCredentialsOK describes a response with status code 200, with default header values.
 ForgeCredentials
 */
 type CreateCredentialsOK struct {
 	Payload garm_params.ForgeCredentials
 }
 // IsSuccess returns true when this create credentials o k response has a 2xx status code
 func (o *CreateCredentialsOK) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this create credentials o k response has a 3xx status code
 func (o *CreateCredentialsOK) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this create credentials o k response has a 4xx status code
 func (o *CreateCredentialsOK) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this create credentials o k response has a 5xx status code
 func (o *CreateCredentialsOK) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this create credentials o k response a status code equal to that given
 func (o *CreateCredentialsOK) IsCode(code int) bool {
 	return code == 200
 }
 // Code gets the status code for the create credentials o k response
 func (o *CreateCredentialsOK) Code() int {
 	return 200
 }
 func (o *CreateCredentialsOK) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /github/credentials][%d] createCredentialsOK %s", 200, payload)
 }
 func (o *CreateCredentialsOK) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /github/credentials][%d] createCredentialsOK %s", 200, payload)
 }
 func (o *CreateCredentialsOK) GetPayload() garm_params.ForgeCredentials {
 	return o.Payload
 }
 func (o *CreateCredentialsOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewCreateCredentialsBadRequest creates a CreateCredentialsBadRequest with default headers values
 func NewCreateCredentialsBadRequest() *CreateCredentialsBadRequest {
 	return &CreateCredentialsBadRequest{}
 }
 /*
 CreateCredentialsBadRequest describes a response with status code 400, with default header values.
 APIErrorResponse
 */
 type CreateCredentialsBadRequest struct {
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this create credentials bad request response has a 2xx status code
 func (o *CreateCredentialsBadRequest) IsSuccess() bool {
 	return false
 }
 // IsRedirect returns true when this create credentials bad request response has a 3xx status code
 func (o *CreateCredentialsBadRequest) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this create credentials bad request response has a 4xx status code
 func (o *CreateCredentialsBadRequest) IsClientError() bool {
 	return true
 }
 // IsServerError returns true when this create credentials bad request response has a 5xx status code
 func (o *CreateCredentialsBadRequest) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this create credentials bad request response a status code equal to that given
 func (o *CreateCredentialsBadRequest) IsCode(code int) bool {
 	return code == 400
 }
 // Code gets the status code for the create credentials bad request response
 func (o *CreateCredentialsBadRequest) Code() int {
 	return 400
 }
 func (o *CreateCredentialsBadRequest) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /github/credentials][%d] createCredentialsBadRequest %s", 400, payload)
 }
 func (o *CreateCredentialsBadRequest) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /github/credentials][%d] createCredentialsBadRequest %s", 400, payload)
 }
 func (o *CreateCredentialsBadRequest) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *CreateCredentialsBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/credentials/create_gitea_credentials_parameters.go
+++ b/client/credentials/create_gitea_credentials_parameters.go
@ -0,0 +1,151 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package credentials
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // NewCreateGiteaCredentialsParams creates a new CreateGiteaCredentialsParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewCreateGiteaCredentialsParams() *CreateGiteaCredentialsParams {
 	return &CreateGiteaCredentialsParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewCreateGiteaCredentialsParamsWithTimeout creates a new CreateGiteaCredentialsParams object
 // with the ability to set a timeout on a request.
 func NewCreateGiteaCredentialsParamsWithTimeout(timeout time.Duration) *CreateGiteaCredentialsParams {
 	return &CreateGiteaCredentialsParams{
 		timeout: timeout,
 	}
 }
 // NewCreateGiteaCredentialsParamsWithContext creates a new CreateGiteaCredentialsParams object
 // with the ability to set a context for a request.
 func NewCreateGiteaCredentialsParamsWithContext(ctx context.Context) *CreateGiteaCredentialsParams {
 	return &CreateGiteaCredentialsParams{
 		Context: ctx,
 	}
 }
 // NewCreateGiteaCredentialsParamsWithHTTPClient creates a new CreateGiteaCredentialsParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewCreateGiteaCredentialsParamsWithHTTPClient(client *http.Client) *CreateGiteaCredentialsParams {
 	return &CreateGiteaCredentialsParams{
 		HTTPClient: client,
 	}
 }
 /*
 CreateGiteaCredentialsParams contains all the parameters to send to the API endpoint
 	for the create gitea credentials operation.
 	Typically these are written to a http.Request.
 */
 type CreateGiteaCredentialsParams struct {
 	/* Body.
 	   Parameters used when creating a Gitea credential.
 	*/
 	Body garm_params.CreateGiteaCredentialsParams
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the create gitea credentials params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *CreateGiteaCredentialsParams) WithDefaults() *CreateGiteaCredentialsParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the create gitea credentials params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *CreateGiteaCredentialsParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the create gitea credentials params
 func (o *CreateGiteaCredentialsParams) WithTimeout(timeout time.Duration) *CreateGiteaCredentialsParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the create gitea credentials params
 func (o *CreateGiteaCredentialsParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the create gitea credentials params
 func (o *CreateGiteaCredentialsParams) WithContext(ctx context.Context) *CreateGiteaCredentialsParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the create gitea credentials params
 func (o *CreateGiteaCredentialsParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the create gitea credentials params
 func (o *CreateGiteaCredentialsParams) WithHTTPClient(client *http.Client) *CreateGiteaCredentialsParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the create gitea credentials params
 func (o *CreateGiteaCredentialsParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithBody adds the body to the create gitea credentials params
 func (o *CreateGiteaCredentialsParams) WithBody(body garm_params.CreateGiteaCredentialsParams) *CreateGiteaCredentialsParams {
 	o.SetBody(body)
 	return o
 }
 // SetBody adds the body to the create gitea credentials params
 func (o *CreateGiteaCredentialsParams) SetBody(body garm_params.CreateGiteaCredentialsParams) {
 	o.Body = body
 }
 // WriteToRequest writes these params to a swagger request
 func (o *CreateGiteaCredentialsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	if err := r.SetBodyParam(o.Body); err != nil {
 		return err
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/credentials/create_gitea_credentials_responses.go
+++ b/client/credentials/create_gitea_credentials_responses.go
@ -0,0 +1,179 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package credentials
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // CreateGiteaCredentialsReader is a Reader for the CreateGiteaCredentials structure.
 type CreateGiteaCredentialsReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *CreateGiteaCredentialsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 200:
 		result := NewCreateGiteaCredentialsOK()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	case 400:
 		result := NewCreateGiteaCredentialsBadRequest()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return nil, result
 	default:
 		return nil, runtime.NewAPIError("[POST /gitea/credentials] CreateGiteaCredentials", response, response.Code())
 	}
 }
 // NewCreateGiteaCredentialsOK creates a CreateGiteaCredentialsOK with default headers values
 func NewCreateGiteaCredentialsOK() *CreateGiteaCredentialsOK {
 	return &CreateGiteaCredentialsOK{}
 }
 /*
 CreateGiteaCredentialsOK describes a response with status code 200, with default header values.
 ForgeCredentials
 */
 type CreateGiteaCredentialsOK struct {
 	Payload garm_params.ForgeCredentials
 }
 // IsSuccess returns true when this create gitea credentials o k response has a 2xx status code
 func (o *CreateGiteaCredentialsOK) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this create gitea credentials o k response has a 3xx status code
 func (o *CreateGiteaCredentialsOK) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this create gitea credentials o k response has a 4xx status code
 func (o *CreateGiteaCredentialsOK) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this create gitea credentials o k response has a 5xx status code
 func (o *CreateGiteaCredentialsOK) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this create gitea credentials o k response a status code equal to that given
 func (o *CreateGiteaCredentialsOK) IsCode(code int) bool {
 	return code == 200
 }
 // Code gets the status code for the create gitea credentials o k response
 func (o *CreateGiteaCredentialsOK) Code() int {
 	return 200
 }
 func (o *CreateGiteaCredentialsOK) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /gitea/credentials][%d] createGiteaCredentialsOK %s", 200, payload)
 }
 func (o *CreateGiteaCredentialsOK) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /gitea/credentials][%d] createGiteaCredentialsOK %s", 200, payload)
 }
 func (o *CreateGiteaCredentialsOK) GetPayload() garm_params.ForgeCredentials {
 	return o.Payload
 }
 func (o *CreateGiteaCredentialsOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewCreateGiteaCredentialsBadRequest creates a CreateGiteaCredentialsBadRequest with default headers values
 func NewCreateGiteaCredentialsBadRequest() *CreateGiteaCredentialsBadRequest {
 	return &CreateGiteaCredentialsBadRequest{}
 }
 /*
 CreateGiteaCredentialsBadRequest describes a response with status code 400, with default header values.
 APIErrorResponse
 */
 type CreateGiteaCredentialsBadRequest struct {
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this create gitea credentials bad request response has a 2xx status code
 func (o *CreateGiteaCredentialsBadRequest) IsSuccess() bool {
 	return false
 }
 // IsRedirect returns true when this create gitea credentials bad request response has a 3xx status code
 func (o *CreateGiteaCredentialsBadRequest) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this create gitea credentials bad request response has a 4xx status code
 func (o *CreateGiteaCredentialsBadRequest) IsClientError() bool {
 	return true
 }
 // IsServerError returns true when this create gitea credentials bad request response has a 5xx status code
 func (o *CreateGiteaCredentialsBadRequest) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this create gitea credentials bad request response a status code equal to that given
 func (o *CreateGiteaCredentialsBadRequest) IsCode(code int) bool {
 	return code == 400
 }
 // Code gets the status code for the create gitea credentials bad request response
 func (o *CreateGiteaCredentialsBadRequest) Code() int {
 	return 400
 }
 func (o *CreateGiteaCredentialsBadRequest) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /gitea/credentials][%d] createGiteaCredentialsBadRequest %s", 400, payload)
 }
 func (o *CreateGiteaCredentialsBadRequest) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /gitea/credentials][%d] createGiteaCredentialsBadRequest %s", 400, payload)
 }
 func (o *CreateGiteaCredentialsBadRequest) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *CreateGiteaCredentialsBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/credentials/credentials_client.go
+++ b/client/credentials/credentials_client.go
@ -0,0 +1,461 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package credentials
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"fmt"
 	"github.com/go-openapi/runtime"
 	httptransport "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 )
 // New creates a new credentials API client.
 func New(transport runtime.ClientTransport, formats strfmt.Registry) ClientService {
 	return &Client{transport: transport, formats: formats}
 }
 // New creates a new credentials API client with basic auth credentials.
 // It takes the following parameters:
 // - host: http host (github.com).
 // - basePath: any base path for the API client ("/v1", "/v3").
 // - scheme: http scheme ("http", "https").
 // - user: user for basic authentication header.
 // - password: password for basic authentication header.
 func NewClientWithBasicAuth(host, basePath, scheme, user, password string) ClientService {
 	transport := httptransport.New(host, basePath, []string{scheme})
 	transport.DefaultAuthentication = httptransport.BasicAuth(user, password)
 	return &Client{transport: transport, formats: strfmt.Default}
 }
 // New creates a new credentials API client with a bearer token for authentication.
 // It takes the following parameters:
 // - host: http host (github.com).
 // - basePath: any base path for the API client ("/v1", "/v3").
 // - scheme: http scheme ("http", "https").
 // - bearerToken: bearer token for Bearer authentication header.
 func NewClientWithBearerToken(host, basePath, scheme, bearerToken string) ClientService {
 	transport := httptransport.New(host, basePath, []string{scheme})
 	transport.DefaultAuthentication = httptransport.BearerToken(bearerToken)
 	return &Client{transport: transport, formats: strfmt.Default}
 }
 /*
 Client for credentials API
 */
 type Client struct {
 	transport runtime.ClientTransport
 	formats   strfmt.Registry
 }
 // ClientOption may be used to customize the behavior of Client methods.
 type ClientOption func(*runtime.ClientOperation)
 // ClientService is the interface for Client methods
 type ClientService interface {
 	CreateCredentials(params *CreateCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateCredentialsOK, error)
 	CreateGiteaCredentials(params *CreateGiteaCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateGiteaCredentialsOK, error)
 	DeleteCredentials(params *DeleteCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) error
 	DeleteGiteaCredentials(params *DeleteGiteaCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) error
 	GetCredentials(params *GetCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*GetCredentialsOK, error)
 	GetGiteaCredentials(params *GetGiteaCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*GetGiteaCredentialsOK, error)
 	ListCredentials(params *ListCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListCredentialsOK, error)
 	ListGiteaCredentials(params *ListGiteaCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListGiteaCredentialsOK, error)
 	UpdateCredentials(params *UpdateCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateCredentialsOK, error)
 	UpdateGiteaCredentials(params *UpdateGiteaCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateGiteaCredentialsOK, error)
 	SetTransport(transport runtime.ClientTransport)
 }
 /*
 CreateCredentials creates a git hub credential
 */
 func (a *Client) CreateCredentials(params *CreateCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateCredentialsOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewCreateCredentialsParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "CreateCredentials",
 		Method:             "POST",
 		PathPattern:        "/github/credentials",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &CreateCredentialsReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*CreateCredentialsOK)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
 	msg := fmt.Sprintf("unexpected success response for CreateCredentials: API contract not enforced by server. Client expected to get an error, but got: %T", result)
 	panic(msg)
 }
 /*
 CreateGiteaCredentials creates a gitea credential
 */
 func (a *Client) CreateGiteaCredentials(params *CreateGiteaCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateGiteaCredentialsOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewCreateGiteaCredentialsParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "CreateGiteaCredentials",
 		Method:             "POST",
 		PathPattern:        "/gitea/credentials",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &CreateGiteaCredentialsReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*CreateGiteaCredentialsOK)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
 	msg := fmt.Sprintf("unexpected success response for CreateGiteaCredentials: API contract not enforced by server. Client expected to get an error, but got: %T", result)
 	panic(msg)
 }
 /*
 DeleteCredentials deletes a git hub credential
 */
 func (a *Client) DeleteCredentials(params *DeleteCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) error {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewDeleteCredentialsParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "DeleteCredentials",
 		Method:             "DELETE",
 		PathPattern:        "/github/credentials/{id}",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &DeleteCredentialsReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	_, err := a.transport.Submit(op)
 	if err != nil {
 		return err
 	}
 	return nil
 }
 /*
 DeleteGiteaCredentials deletes a gitea credential
 */
 func (a *Client) DeleteGiteaCredentials(params *DeleteGiteaCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) error {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewDeleteGiteaCredentialsParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "DeleteGiteaCredentials",
 		Method:             "DELETE",
 		PathPattern:        "/gitea/credentials/{id}",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &DeleteGiteaCredentialsReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	_, err := a.transport.Submit(op)
 	if err != nil {
 		return err
 	}
 	return nil
 }
 /*
 GetCredentials gets a git hub credential
 */
 func (a *Client) GetCredentials(params *GetCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*GetCredentialsOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewGetCredentialsParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "GetCredentials",
 		Method:             "GET",
 		PathPattern:        "/github/credentials/{id}",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &GetCredentialsReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*GetCredentialsOK)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
 	msg := fmt.Sprintf("unexpected success response for GetCredentials: API contract not enforced by server. Client expected to get an error, but got: %T", result)
 	panic(msg)
 }
 /*
 GetGiteaCredentials gets a gitea credential
 */
 func (a *Client) GetGiteaCredentials(params *GetGiteaCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*GetGiteaCredentialsOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewGetGiteaCredentialsParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "GetGiteaCredentials",
 		Method:             "GET",
 		PathPattern:        "/gitea/credentials/{id}",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &GetGiteaCredentialsReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*GetGiteaCredentialsOK)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
 	msg := fmt.Sprintf("unexpected success response for GetGiteaCredentials: API contract not enforced by server. Client expected to get an error, but got: %T", result)
 	panic(msg)
 }
 /*
 ListCredentials lists all credentials
 */
 func (a *Client) ListCredentials(params *ListCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListCredentialsOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewListCredentialsParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "ListCredentials",
 		Method:             "GET",
 		PathPattern:        "/github/credentials",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &ListCredentialsReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*ListCredentialsOK)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
 	msg := fmt.Sprintf("unexpected success response for ListCredentials: API contract not enforced by server. Client expected to get an error, but got: %T", result)
 	panic(msg)
 }
 /*
 ListGiteaCredentials lists all credentials
 */
 func (a *Client) ListGiteaCredentials(params *ListGiteaCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListGiteaCredentialsOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewListGiteaCredentialsParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "ListGiteaCredentials",
 		Method:             "GET",
 		PathPattern:        "/gitea/credentials",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &ListGiteaCredentialsReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*ListGiteaCredentialsOK)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
 	msg := fmt.Sprintf("unexpected success response for ListGiteaCredentials: API contract not enforced by server. Client expected to get an error, but got: %T", result)
 	panic(msg)
 }
 /*
 UpdateCredentials updates a git hub credential
 */
 func (a *Client) UpdateCredentials(params *UpdateCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateCredentialsOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewUpdateCredentialsParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "UpdateCredentials",
 		Method:             "PUT",
 		PathPattern:        "/github/credentials/{id}",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &UpdateCredentialsReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*UpdateCredentialsOK)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
 	msg := fmt.Sprintf("unexpected success response for UpdateCredentials: API contract not enforced by server. Client expected to get an error, but got: %T", result)
 	panic(msg)
 }
 /*
 UpdateGiteaCredentials updates a gitea credential
 */
 func (a *Client) UpdateGiteaCredentials(params *UpdateGiteaCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateGiteaCredentialsOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewUpdateGiteaCredentialsParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "UpdateGiteaCredentials",
 		Method:             "PUT",
 		PathPattern:        "/gitea/credentials/{id}",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &UpdateGiteaCredentialsReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*UpdateGiteaCredentialsOK)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
 	msg := fmt.Sprintf("unexpected success response for UpdateGiteaCredentials: API contract not enforced by server. Client expected to get an error, but got: %T", result)
 	panic(msg)
 }
 // SetTransport changes the transport on the client
 func (a *Client) SetTransport(transport runtime.ClientTransport) {
 	a.transport = transport
 }
--- a/client/credentials/delete_credentials_parameters.go
+++ b/client/credentials/delete_credentials_parameters.go
@ -0,0 +1,152 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package credentials
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
 )
 // NewDeleteCredentialsParams creates a new DeleteCredentialsParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewDeleteCredentialsParams() *DeleteCredentialsParams {
 	return &DeleteCredentialsParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewDeleteCredentialsParamsWithTimeout creates a new DeleteCredentialsParams object
 // with the ability to set a timeout on a request.
 func NewDeleteCredentialsParamsWithTimeout(timeout time.Duration) *DeleteCredentialsParams {
 	return &DeleteCredentialsParams{
 		timeout: timeout,
 	}
 }
 // NewDeleteCredentialsParamsWithContext creates a new DeleteCredentialsParams object
 // with the ability to set a context for a request.
 func NewDeleteCredentialsParamsWithContext(ctx context.Context) *DeleteCredentialsParams {
 	return &DeleteCredentialsParams{
 		Context: ctx,
 	}
 }
 // NewDeleteCredentialsParamsWithHTTPClient creates a new DeleteCredentialsParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewDeleteCredentialsParamsWithHTTPClient(client *http.Client) *DeleteCredentialsParams {
 	return &DeleteCredentialsParams{
 		HTTPClient: client,
 	}
 }
 /*
 DeleteCredentialsParams contains all the parameters to send to the API endpoint
 	for the delete credentials operation.
 	Typically these are written to a http.Request.
 */
 type DeleteCredentialsParams struct {
 	/* ID.
 	   ID of the GitHub credential.
 	*/
 	ID int64
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the delete credentials params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *DeleteCredentialsParams) WithDefaults() *DeleteCredentialsParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the delete credentials params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *DeleteCredentialsParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the delete credentials params
 func (o *DeleteCredentialsParams) WithTimeout(timeout time.Duration) *DeleteCredentialsParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the delete credentials params
 func (o *DeleteCredentialsParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the delete credentials params
 func (o *DeleteCredentialsParams) WithContext(ctx context.Context) *DeleteCredentialsParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the delete credentials params
 func (o *DeleteCredentialsParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the delete credentials params
 func (o *DeleteCredentialsParams) WithHTTPClient(client *http.Client) *DeleteCredentialsParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the delete credentials params
 func (o *DeleteCredentialsParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithID adds the id to the delete credentials params
 func (o *DeleteCredentialsParams) WithID(id int64) *DeleteCredentialsParams {
 	o.SetID(id)
 	return o
 }
 // SetID adds the id to the delete credentials params
 func (o *DeleteCredentialsParams) SetID(id int64) {
 	o.ID = id
 }
 // WriteToRequest writes these params to a swagger request
 func (o *DeleteCredentialsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	// path param id
 	if err := r.SetPathParam("id", swag.FormatInt64(o.ID)); err != nil {
 		return err
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/credentials/delete_credentials_responses.go
+++ b/client/credentials/delete_credentials_responses.go
@ -0,0 +1,106 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package credentials
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 )
 // DeleteCredentialsReader is a Reader for the DeleteCredentials structure.
 type DeleteCredentialsReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *DeleteCredentialsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	result := NewDeleteCredentialsDefault(response.Code())
 	if err := result.readResponse(response, consumer, o.formats); err != nil {
 		return nil, err
 	}
 	if response.Code()/100 == 2 {
 		return result, nil
 	}
 	return nil, result
 }
 // NewDeleteCredentialsDefault creates a DeleteCredentialsDefault with default headers values
 func NewDeleteCredentialsDefault(code int) *DeleteCredentialsDefault {
 	return &DeleteCredentialsDefault{
 		_statusCode: code,
 	}
 }
 /*
 DeleteCredentialsDefault describes a response with status code -1, with default header values.
 APIErrorResponse
 */
 type DeleteCredentialsDefault struct {
 	_statusCode int
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this delete credentials default response has a 2xx status code
 func (o *DeleteCredentialsDefault) IsSuccess() bool {
 	return o._statusCode/100 == 2
 }
 // IsRedirect returns true when this delete credentials default response has a 3xx status code
 func (o *DeleteCredentialsDefault) IsRedirect() bool {
 	return o._statusCode/100 == 3
 }
 // IsClientError returns true when this delete credentials default response has a 4xx status code
 func (o *DeleteCredentialsDefault) IsClientError() bool {
 	return o._statusCode/100 == 4
 }
 // IsServerError returns true when this delete credentials default response has a 5xx status code
 func (o *DeleteCredentialsDefault) IsServerError() bool {
 	return o._statusCode/100 == 5
 }
 // IsCode returns true when this delete credentials default response a status code equal to that given
 func (o *DeleteCredentialsDefault) IsCode(code int) bool {
 	return o._statusCode == code
 }
 // Code gets the status code for the delete credentials default response
 func (o *DeleteCredentialsDefault) Code() int {
 	return o._statusCode
 }
 func (o *DeleteCredentialsDefault) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[DELETE /github/credentials/{id}][%d] DeleteCredentials default %s", o._statusCode, payload)
 }
 func (o *DeleteCredentialsDefault) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[DELETE /github/credentials/{id}][%d] DeleteCredentials default %s", o._statusCode, payload)
 }
 func (o *DeleteCredentialsDefault) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *DeleteCredentialsDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/credentials/delete_gitea_credentials_parameters.go
+++ b/client/credentials/delete_gitea_credentials_parameters.go
@ -0,0 +1,152 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package credentials
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
 )
 // NewDeleteGiteaCredentialsParams creates a new DeleteGiteaCredentialsParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewDeleteGiteaCredentialsParams() *DeleteGiteaCredentialsParams {
 	return &DeleteGiteaCredentialsParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewDeleteGiteaCredentialsParamsWithTimeout creates a new DeleteGiteaCredentialsParams object
 // with the ability to set a timeout on a request.
 func NewDeleteGiteaCredentialsParamsWithTimeout(timeout time.Duration) *DeleteGiteaCredentialsParams {
 	return &DeleteGiteaCredentialsParams{
 		timeout: timeout,
 	}
 }
 // NewDeleteGiteaCredentialsParamsWithContext creates a new DeleteGiteaCredentialsParams object
 // with the ability to set a context for a request.
 func NewDeleteGiteaCredentialsParamsWithContext(ctx context.Context) *DeleteGiteaCredentialsParams {
 	return &DeleteGiteaCredentialsParams{
 		Context: ctx,
 	}
 }
 // NewDeleteGiteaCredentialsParamsWithHTTPClient creates a new DeleteGiteaCredentialsParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewDeleteGiteaCredentialsParamsWithHTTPClient(client *http.Client) *DeleteGiteaCredentialsParams {
 	return &DeleteGiteaCredentialsParams{
 		HTTPClient: client,
 	}
 }
 /*
 DeleteGiteaCredentialsParams contains all the parameters to send to the API endpoint
 	for the delete gitea credentials operation.
 	Typically these are written to a http.Request.
 */
 type DeleteGiteaCredentialsParams struct {
 	/* ID.
 	   ID of the Gitea credential.
 	*/
 	ID int64
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the delete gitea credentials params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *DeleteGiteaCredentialsParams) WithDefaults() *DeleteGiteaCredentialsParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the delete gitea credentials params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *DeleteGiteaCredentialsParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the delete gitea credentials params
 func (o *DeleteGiteaCredentialsParams) WithTimeout(timeout time.Duration) *DeleteGiteaCredentialsParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the delete gitea credentials params
 func (o *DeleteGiteaCredentialsParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the delete gitea credentials params
 func (o *DeleteGiteaCredentialsParams) WithContext(ctx context.Context) *DeleteGiteaCredentialsParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the delete gitea credentials params
 func (o *DeleteGiteaCredentialsParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the delete gitea credentials params
 func (o *DeleteGiteaCredentialsParams) WithHTTPClient(client *http.Client) *DeleteGiteaCredentialsParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the delete gitea credentials params
 func (o *DeleteGiteaCredentialsParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithID adds the id to the delete gitea credentials params
 func (o *DeleteGiteaCredentialsParams) WithID(id int64) *DeleteGiteaCredentialsParams {
 	o.SetID(id)
 	return o
 }
 // SetID adds the id to the delete gitea credentials params
 func (o *DeleteGiteaCredentialsParams) SetID(id int64) {
 	o.ID = id
 }
 // WriteToRequest writes these params to a swagger request
 func (o *DeleteGiteaCredentialsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	// path param id
 	if err := r.SetPathParam("id", swag.FormatInt64(o.ID)); err != nil {
 		return err
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/credentials/delete_gitea_credentials_responses.go
+++ b/client/credentials/delete_gitea_credentials_responses.go
@ -0,0 +1,106 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package credentials
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 )
 // DeleteGiteaCredentialsReader is a Reader for the DeleteGiteaCredentials structure.
 type DeleteGiteaCredentialsReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *DeleteGiteaCredentialsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	result := NewDeleteGiteaCredentialsDefault(response.Code())
 	if err := result.readResponse(response, consumer, o.formats); err != nil {
 		return nil, err
 	}
 	if response.Code()/100 == 2 {
 		return result, nil
 	}
 	return nil, result
 }
 // NewDeleteGiteaCredentialsDefault creates a DeleteGiteaCredentialsDefault with default headers values
 func NewDeleteGiteaCredentialsDefault(code int) *DeleteGiteaCredentialsDefault {
 	return &DeleteGiteaCredentialsDefault{
 		_statusCode: code,
 	}
 }
 /*
 DeleteGiteaCredentialsDefault describes a response with status code -1, with default header values.
 APIErrorResponse
 */
 type DeleteGiteaCredentialsDefault struct {
 	_statusCode int
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this delete gitea credentials default response has a 2xx status code
 func (o *DeleteGiteaCredentialsDefault) IsSuccess() bool {
 	return o._statusCode/100 == 2
 }
 // IsRedirect returns true when this delete gitea credentials default response has a 3xx status code
 func (o *DeleteGiteaCredentialsDefault) IsRedirect() bool {
 	return o._statusCode/100 == 3
 }
 // IsClientError returns true when this delete gitea credentials default response has a 4xx status code
 func (o *DeleteGiteaCredentialsDefault) IsClientError() bool {
 	return o._statusCode/100 == 4
 }
 // IsServerError returns true when this delete gitea credentials default response has a 5xx status code
 func (o *DeleteGiteaCredentialsDefault) IsServerError() bool {
 	return o._statusCode/100 == 5
 }
 // IsCode returns true when this delete gitea credentials default response a status code equal to that given
 func (o *DeleteGiteaCredentialsDefault) IsCode(code int) bool {
 	return o._statusCode == code
 }
 // Code gets the status code for the delete gitea credentials default response
 func (o *DeleteGiteaCredentialsDefault) Code() int {
 	return o._statusCode
 }
 func (o *DeleteGiteaCredentialsDefault) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[DELETE /gitea/credentials/{id}][%d] DeleteGiteaCredentials default %s", o._statusCode, payload)
 }
 func (o *DeleteGiteaCredentialsDefault) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[DELETE /gitea/credentials/{id}][%d] DeleteGiteaCredentials default %s", o._statusCode, payload)
 }
 func (o *DeleteGiteaCredentialsDefault) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *DeleteGiteaCredentialsDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/credentials/get_credentials_parameters.go
+++ b/client/credentials/get_credentials_parameters.go
@ -0,0 +1,152 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package credentials
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
 )
 // NewGetCredentialsParams creates a new GetCredentialsParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewGetCredentialsParams() *GetCredentialsParams {
 	return &GetCredentialsParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewGetCredentialsParamsWithTimeout creates a new GetCredentialsParams object
 // with the ability to set a timeout on a request.
 func NewGetCredentialsParamsWithTimeout(timeout time.Duration) *GetCredentialsParams {
 	return &GetCredentialsParams{
 		timeout: timeout,
 	}
 }
 // NewGetCredentialsParamsWithContext creates a new GetCredentialsParams object
 // with the ability to set a context for a request.
 func NewGetCredentialsParamsWithContext(ctx context.Context) *GetCredentialsParams {
 	return &GetCredentialsParams{
 		Context: ctx,
 	}
 }
 // NewGetCredentialsParamsWithHTTPClient creates a new GetCredentialsParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewGetCredentialsParamsWithHTTPClient(client *http.Client) *GetCredentialsParams {
 	return &GetCredentialsParams{
 		HTTPClient: client,
 	}
 }
 /*
 GetCredentialsParams contains all the parameters to send to the API endpoint
 	for the get credentials operation.
 	Typically these are written to a http.Request.
 */
 type GetCredentialsParams struct {
 	/* ID.
 	   ID of the GitHub credential.
 	*/
 	ID int64
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the get credentials params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *GetCredentialsParams) WithDefaults() *GetCredentialsParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the get credentials params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *GetCredentialsParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the get credentials params
 func (o *GetCredentialsParams) WithTimeout(timeout time.Duration) *GetCredentialsParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the get credentials params
 func (o *GetCredentialsParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the get credentials params
 func (o *GetCredentialsParams) WithContext(ctx context.Context) *GetCredentialsParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the get credentials params
 func (o *GetCredentialsParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the get credentials params
 func (o *GetCredentialsParams) WithHTTPClient(client *http.Client) *GetCredentialsParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the get credentials params
 func (o *GetCredentialsParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithID adds the id to the get credentials params
 func (o *GetCredentialsParams) WithID(id int64) *GetCredentialsParams {
 	o.SetID(id)
 	return o
 }
 // SetID adds the id to the get credentials params
 func (o *GetCredentialsParams) SetID(id int64) {
 	o.ID = id
 }
 // WriteToRequest writes these params to a swagger request
 func (o *GetCredentialsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	// path param id
 	if err := r.SetPathParam("id", swag.FormatInt64(o.ID)); err != nil {
 		return err
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/credentials/get_credentials_responses.go
+++ b/client/credentials/get_credentials_responses.go
@ -0,0 +1,179 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package credentials
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // GetCredentialsReader is a Reader for the GetCredentials structure.
 type GetCredentialsReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *GetCredentialsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 200:
 		result := NewGetCredentialsOK()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	case 400:
 		result := NewGetCredentialsBadRequest()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return nil, result
 	default:
 		return nil, runtime.NewAPIError("[GET /github/credentials/{id}] GetCredentials", response, response.Code())
 	}
 }
 // NewGetCredentialsOK creates a GetCredentialsOK with default headers values
 func NewGetCredentialsOK() *GetCredentialsOK {
 	return &GetCredentialsOK{}
 }
 /*
 GetCredentialsOK describes a response with status code 200, with default header values.
 ForgeCredentials
 */
 type GetCredentialsOK struct {
 	Payload garm_params.ForgeCredentials
 }
 // IsSuccess returns true when this get credentials o k response has a 2xx status code
 func (o *GetCredentialsOK) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this get credentials o k response has a 3xx status code
 func (o *GetCredentialsOK) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this get credentials o k response has a 4xx status code
 func (o *GetCredentialsOK) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this get credentials o k response has a 5xx status code
 func (o *GetCredentialsOK) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this get credentials o k response a status code equal to that given
 func (o *GetCredentialsOK) IsCode(code int) bool {
 	return code == 200
 }
 // Code gets the status code for the get credentials o k response
 func (o *GetCredentialsOK) Code() int {
 	return 200
 }
 func (o *GetCredentialsOK) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /github/credentials/{id}][%d] getCredentialsOK %s", 200, payload)
 }
 func (o *GetCredentialsOK) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /github/credentials/{id}][%d] getCredentialsOK %s", 200, payload)
 }
 func (o *GetCredentialsOK) GetPayload() garm_params.ForgeCredentials {
 	return o.Payload
 }
 func (o *GetCredentialsOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewGetCredentialsBadRequest creates a GetCredentialsBadRequest with default headers values
 func NewGetCredentialsBadRequest() *GetCredentialsBadRequest {
 	return &GetCredentialsBadRequest{}
 }
 /*
 GetCredentialsBadRequest describes a response with status code 400, with default header values.
 APIErrorResponse
 */
 type GetCredentialsBadRequest struct {
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this get credentials bad request response has a 2xx status code
 func (o *GetCredentialsBadRequest) IsSuccess() bool {
 	return false
 }
 // IsRedirect returns true when this get credentials bad request response has a 3xx status code
 func (o *GetCredentialsBadRequest) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this get credentials bad request response has a 4xx status code
 func (o *GetCredentialsBadRequest) IsClientError() bool {
 	return true
 }
 // IsServerError returns true when this get credentials bad request response has a 5xx status code
 func (o *GetCredentialsBadRequest) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this get credentials bad request response a status code equal to that given
 func (o *GetCredentialsBadRequest) IsCode(code int) bool {
 	return code == 400
 }
 // Code gets the status code for the get credentials bad request response
 func (o *GetCredentialsBadRequest) Code() int {
 	return 400
 }
 func (o *GetCredentialsBadRequest) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /github/credentials/{id}][%d] getCredentialsBadRequest %s", 400, payload)
 }
 func (o *GetCredentialsBadRequest) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /github/credentials/{id}][%d] getCredentialsBadRequest %s", 400, payload)
 }
 func (o *GetCredentialsBadRequest) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *GetCredentialsBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/credentials/get_gitea_credentials_parameters.go
+++ b/client/credentials/get_gitea_credentials_parameters.go
@ -0,0 +1,152 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package credentials
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
 )
 // NewGetGiteaCredentialsParams creates a new GetGiteaCredentialsParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewGetGiteaCredentialsParams() *GetGiteaCredentialsParams {
 	return &GetGiteaCredentialsParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewGetGiteaCredentialsParamsWithTimeout creates a new GetGiteaCredentialsParams object
 // with the ability to set a timeout on a request.
 func NewGetGiteaCredentialsParamsWithTimeout(timeout time.Duration) *GetGiteaCredentialsParams {
 	return &GetGiteaCredentialsParams{
 		timeout: timeout,
 	}
 }
 // NewGetGiteaCredentialsParamsWithContext creates a new GetGiteaCredentialsParams object
 // with the ability to set a context for a request.
 func NewGetGiteaCredentialsParamsWithContext(ctx context.Context) *GetGiteaCredentialsParams {
 	return &GetGiteaCredentialsParams{
 		Context: ctx,
 	}
 }
 // NewGetGiteaCredentialsParamsWithHTTPClient creates a new GetGiteaCredentialsParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewGetGiteaCredentialsParamsWithHTTPClient(client *http.Client) *GetGiteaCredentialsParams {
 	return &GetGiteaCredentialsParams{
 		HTTPClient: client,
 	}
 }
 /*
 GetGiteaCredentialsParams contains all the parameters to send to the API endpoint
 	for the get gitea credentials operation.
 	Typically these are written to a http.Request.
 */
 type GetGiteaCredentialsParams struct {
 	/* ID.
 	   ID of the Gitea credential.
 	*/
 	ID int64
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the get gitea credentials params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *GetGiteaCredentialsParams) WithDefaults() *GetGiteaCredentialsParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the get gitea credentials params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *GetGiteaCredentialsParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the get gitea credentials params
 func (o *GetGiteaCredentialsParams) WithTimeout(timeout time.Duration) *GetGiteaCredentialsParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the get gitea credentials params
 func (o *GetGiteaCredentialsParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the get gitea credentials params
 func (o *GetGiteaCredentialsParams) WithContext(ctx context.Context) *GetGiteaCredentialsParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the get gitea credentials params
 func (o *GetGiteaCredentialsParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the get gitea credentials params
 func (o *GetGiteaCredentialsParams) WithHTTPClient(client *http.Client) *GetGiteaCredentialsParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the get gitea credentials params
 func (o *GetGiteaCredentialsParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithID adds the id to the get gitea credentials params
 func (o *GetGiteaCredentialsParams) WithID(id int64) *GetGiteaCredentialsParams {
 	o.SetID(id)
 	return o
 }
 // SetID adds the id to the get gitea credentials params
 func (o *GetGiteaCredentialsParams) SetID(id int64) {
 	o.ID = id
 }
 // WriteToRequest writes these params to a swagger request
 func (o *GetGiteaCredentialsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	// path param id
 	if err := r.SetPathParam("id", swag.FormatInt64(o.ID)); err != nil {
 		return err
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/credentials/get_gitea_credentials_responses.go
+++ b/client/credentials/get_gitea_credentials_responses.go
@ -0,0 +1,179 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package credentials
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // GetGiteaCredentialsReader is a Reader for the GetGiteaCredentials structure.
 type GetGiteaCredentialsReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *GetGiteaCredentialsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 200:
 		result := NewGetGiteaCredentialsOK()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	case 400:
 		result := NewGetGiteaCredentialsBadRequest()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return nil, result
 	default:
 		return nil, runtime.NewAPIError("[GET /gitea/credentials/{id}] GetGiteaCredentials", response, response.Code())
 	}
 }
 // NewGetGiteaCredentialsOK creates a GetGiteaCredentialsOK with default headers values
 func NewGetGiteaCredentialsOK() *GetGiteaCredentialsOK {
 	return &GetGiteaCredentialsOK{}
 }
 /*
 GetGiteaCredentialsOK describes a response with status code 200, with default header values.
 ForgeCredentials
 */
 type GetGiteaCredentialsOK struct {
 	Payload garm_params.ForgeCredentials
 }
 // IsSuccess returns true when this get gitea credentials o k response has a 2xx status code
 func (o *GetGiteaCredentialsOK) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this get gitea credentials o k response has a 3xx status code
 func (o *GetGiteaCredentialsOK) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this get gitea credentials o k response has a 4xx status code
 func (o *GetGiteaCredentialsOK) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this get gitea credentials o k response has a 5xx status code
 func (o *GetGiteaCredentialsOK) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this get gitea credentials o k response a status code equal to that given
 func (o *GetGiteaCredentialsOK) IsCode(code int) bool {
 	return code == 200
 }
 // Code gets the status code for the get gitea credentials o k response
 func (o *GetGiteaCredentialsOK) Code() int {
 	return 200
 }
 func (o *GetGiteaCredentialsOK) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /gitea/credentials/{id}][%d] getGiteaCredentialsOK %s", 200, payload)
 }
 func (o *GetGiteaCredentialsOK) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /gitea/credentials/{id}][%d] getGiteaCredentialsOK %s", 200, payload)
 }
 func (o *GetGiteaCredentialsOK) GetPayload() garm_params.ForgeCredentials {
 	return o.Payload
 }
 func (o *GetGiteaCredentialsOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewGetGiteaCredentialsBadRequest creates a GetGiteaCredentialsBadRequest with default headers values
 func NewGetGiteaCredentialsBadRequest() *GetGiteaCredentialsBadRequest {
 	return &GetGiteaCredentialsBadRequest{}
 }
 /*
 GetGiteaCredentialsBadRequest describes a response with status code 400, with default header values.
 APIErrorResponse
 */
 type GetGiteaCredentialsBadRequest struct {
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this get gitea credentials bad request response has a 2xx status code
 func (o *GetGiteaCredentialsBadRequest) IsSuccess() bool {
 	return false
 }
 // IsRedirect returns true when this get gitea credentials bad request response has a 3xx status code
 func (o *GetGiteaCredentialsBadRequest) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this get gitea credentials bad request response has a 4xx status code
 func (o *GetGiteaCredentialsBadRequest) IsClientError() bool {
 	return true
 }
 // IsServerError returns true when this get gitea credentials bad request response has a 5xx status code
 func (o *GetGiteaCredentialsBadRequest) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this get gitea credentials bad request response a status code equal to that given
 func (o *GetGiteaCredentialsBadRequest) IsCode(code int) bool {
 	return code == 400
 }
 // Code gets the status code for the get gitea credentials bad request response
 func (o *GetGiteaCredentialsBadRequest) Code() int {
 	return 400
 }
 func (o *GetGiteaCredentialsBadRequest) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /gitea/credentials/{id}][%d] getGiteaCredentialsBadRequest %s", 400, payload)
 }
 func (o *GetGiteaCredentialsBadRequest) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /gitea/credentials/{id}][%d] getGiteaCredentialsBadRequest %s", 400, payload)
 }
 func (o *GetGiteaCredentialsBadRequest) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *GetGiteaCredentialsBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/credentials/list_credentials_parameters.go
+++ b/client/credentials/list_credentials_parameters.go
@ -0,0 +1,128 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package credentials
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 )
 // NewListCredentialsParams creates a new ListCredentialsParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewListCredentialsParams() *ListCredentialsParams {
 	return &ListCredentialsParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewListCredentialsParamsWithTimeout creates a new ListCredentialsParams object
 // with the ability to set a timeout on a request.
 func NewListCredentialsParamsWithTimeout(timeout time.Duration) *ListCredentialsParams {
 	return &ListCredentialsParams{
 		timeout: timeout,
 	}
 }
 // NewListCredentialsParamsWithContext creates a new ListCredentialsParams object
 // with the ability to set a context for a request.
 func NewListCredentialsParamsWithContext(ctx context.Context) *ListCredentialsParams {
 	return &ListCredentialsParams{
 		Context: ctx,
 	}
 }
 // NewListCredentialsParamsWithHTTPClient creates a new ListCredentialsParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewListCredentialsParamsWithHTTPClient(client *http.Client) *ListCredentialsParams {
 	return &ListCredentialsParams{
 		HTTPClient: client,
 	}
 }
 /*
 ListCredentialsParams contains all the parameters to send to the API endpoint
 	for the list credentials operation.
 	Typically these are written to a http.Request.
 */
 type ListCredentialsParams struct {
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the list credentials params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *ListCredentialsParams) WithDefaults() *ListCredentialsParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the list credentials params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *ListCredentialsParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the list credentials params
 func (o *ListCredentialsParams) WithTimeout(timeout time.Duration) *ListCredentialsParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the list credentials params
 func (o *ListCredentialsParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the list credentials params
 func (o *ListCredentialsParams) WithContext(ctx context.Context) *ListCredentialsParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the list credentials params
 func (o *ListCredentialsParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the list credentials params
 func (o *ListCredentialsParams) WithHTTPClient(client *http.Client) *ListCredentialsParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the list credentials params
 func (o *ListCredentialsParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WriteToRequest writes these params to a swagger request
 func (o *ListCredentialsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/credentials/list_credentials_responses.go
+++ b/client/credentials/list_credentials_responses.go
@ -0,0 +1,179 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package credentials
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // ListCredentialsReader is a Reader for the ListCredentials structure.
 type ListCredentialsReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *ListCredentialsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 200:
 		result := NewListCredentialsOK()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	case 400:
 		result := NewListCredentialsBadRequest()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return nil, result
 	default:
 		return nil, runtime.NewAPIError("[GET /github/credentials] ListCredentials", response, response.Code())
 	}
 }
 // NewListCredentialsOK creates a ListCredentialsOK with default headers values
 func NewListCredentialsOK() *ListCredentialsOK {
 	return &ListCredentialsOK{}
 }
 /*
 ListCredentialsOK describes a response with status code 200, with default header values.
 Credentials
 */
 type ListCredentialsOK struct {
 	Payload garm_params.Credentials
 }
 // IsSuccess returns true when this list credentials o k response has a 2xx status code
 func (o *ListCredentialsOK) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this list credentials o k response has a 3xx status code
 func (o *ListCredentialsOK) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this list credentials o k response has a 4xx status code
 func (o *ListCredentialsOK) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this list credentials o k response has a 5xx status code
 func (o *ListCredentialsOK) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this list credentials o k response a status code equal to that given
 func (o *ListCredentialsOK) IsCode(code int) bool {
 	return code == 200
 }
 // Code gets the status code for the list credentials o k response
 func (o *ListCredentialsOK) Code() int {
 	return 200
 }
 func (o *ListCredentialsOK) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /github/credentials][%d] listCredentialsOK %s", 200, payload)
 }
 func (o *ListCredentialsOK) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /github/credentials][%d] listCredentialsOK %s", 200, payload)
 }
 func (o *ListCredentialsOK) GetPayload() garm_params.Credentials {
 	return o.Payload
 }
 func (o *ListCredentialsOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewListCredentialsBadRequest creates a ListCredentialsBadRequest with default headers values
 func NewListCredentialsBadRequest() *ListCredentialsBadRequest {
 	return &ListCredentialsBadRequest{}
 }
 /*
 ListCredentialsBadRequest describes a response with status code 400, with default header values.
 APIErrorResponse
 */
 type ListCredentialsBadRequest struct {
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this list credentials bad request response has a 2xx status code
 func (o *ListCredentialsBadRequest) IsSuccess() bool {
 	return false
 }
 // IsRedirect returns true when this list credentials bad request response has a 3xx status code
 func (o *ListCredentialsBadRequest) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this list credentials bad request response has a 4xx status code
 func (o *ListCredentialsBadRequest) IsClientError() bool {
 	return true
 }
 // IsServerError returns true when this list credentials bad request response has a 5xx status code
 func (o *ListCredentialsBadRequest) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this list credentials bad request response a status code equal to that given
 func (o *ListCredentialsBadRequest) IsCode(code int) bool {
 	return code == 400
 }
 // Code gets the status code for the list credentials bad request response
 func (o *ListCredentialsBadRequest) Code() int {
 	return 400
 }
 func (o *ListCredentialsBadRequest) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /github/credentials][%d] listCredentialsBadRequest %s", 400, payload)
 }
 func (o *ListCredentialsBadRequest) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /github/credentials][%d] listCredentialsBadRequest %s", 400, payload)
 }
 func (o *ListCredentialsBadRequest) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *ListCredentialsBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/credentials/list_gitea_credentials_parameters.go
+++ b/client/credentials/list_gitea_credentials_parameters.go
@ -0,0 +1,128 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package credentials
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 )
 // NewListGiteaCredentialsParams creates a new ListGiteaCredentialsParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewListGiteaCredentialsParams() *ListGiteaCredentialsParams {
 	return &ListGiteaCredentialsParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewListGiteaCredentialsParamsWithTimeout creates a new ListGiteaCredentialsParams object
 // with the ability to set a timeout on a request.
 func NewListGiteaCredentialsParamsWithTimeout(timeout time.Duration) *ListGiteaCredentialsParams {
 	return &ListGiteaCredentialsParams{
 		timeout: timeout,
 	}
 }
 // NewListGiteaCredentialsParamsWithContext creates a new ListGiteaCredentialsParams object
 // with the ability to set a context for a request.
 func NewListGiteaCredentialsParamsWithContext(ctx context.Context) *ListGiteaCredentialsParams {
 	return &ListGiteaCredentialsParams{
 		Context: ctx,
 	}
 }
 // NewListGiteaCredentialsParamsWithHTTPClient creates a new ListGiteaCredentialsParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewListGiteaCredentialsParamsWithHTTPClient(client *http.Client) *ListGiteaCredentialsParams {
 	return &ListGiteaCredentialsParams{
 		HTTPClient: client,
 	}
 }
 /*
 ListGiteaCredentialsParams contains all the parameters to send to the API endpoint
 	for the list gitea credentials operation.
 	Typically these are written to a http.Request.
 */
 type ListGiteaCredentialsParams struct {
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the list gitea credentials params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *ListGiteaCredentialsParams) WithDefaults() *ListGiteaCredentialsParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the list gitea credentials params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *ListGiteaCredentialsParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the list gitea credentials params
 func (o *ListGiteaCredentialsParams) WithTimeout(timeout time.Duration) *ListGiteaCredentialsParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the list gitea credentials params
 func (o *ListGiteaCredentialsParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the list gitea credentials params
 func (o *ListGiteaCredentialsParams) WithContext(ctx context.Context) *ListGiteaCredentialsParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the list gitea credentials params
 func (o *ListGiteaCredentialsParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the list gitea credentials params
 func (o *ListGiteaCredentialsParams) WithHTTPClient(client *http.Client) *ListGiteaCredentialsParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the list gitea credentials params
 func (o *ListGiteaCredentialsParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WriteToRequest writes these params to a swagger request
 func (o *ListGiteaCredentialsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/credentials/list_gitea_credentials_responses.go
+++ b/client/credentials/list_gitea_credentials_responses.go
@ -0,0 +1,179 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package credentials
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // ListGiteaCredentialsReader is a Reader for the ListGiteaCredentials structure.
 type ListGiteaCredentialsReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *ListGiteaCredentialsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 200:
 		result := NewListGiteaCredentialsOK()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	case 400:
 		result := NewListGiteaCredentialsBadRequest()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return nil, result
 	default:
 		return nil, runtime.NewAPIError("[GET /gitea/credentials] ListGiteaCredentials", response, response.Code())
 	}
 }
 // NewListGiteaCredentialsOK creates a ListGiteaCredentialsOK with default headers values
 func NewListGiteaCredentialsOK() *ListGiteaCredentialsOK {
 	return &ListGiteaCredentialsOK{}
 }
 /*
 ListGiteaCredentialsOK describes a response with status code 200, with default header values.
 Credentials
 */
 type ListGiteaCredentialsOK struct {
 	Payload garm_params.Credentials
 }
 // IsSuccess returns true when this list gitea credentials o k response has a 2xx status code
 func (o *ListGiteaCredentialsOK) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this list gitea credentials o k response has a 3xx status code
 func (o *ListGiteaCredentialsOK) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this list gitea credentials o k response has a 4xx status code
 func (o *ListGiteaCredentialsOK) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this list gitea credentials o k response has a 5xx status code
 func (o *ListGiteaCredentialsOK) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this list gitea credentials o k response a status code equal to that given
 func (o *ListGiteaCredentialsOK) IsCode(code int) bool {
 	return code == 200
 }
 // Code gets the status code for the list gitea credentials o k response
 func (o *ListGiteaCredentialsOK) Code() int {
 	return 200
 }
 func (o *ListGiteaCredentialsOK) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /gitea/credentials][%d] listGiteaCredentialsOK %s", 200, payload)
 }
 func (o *ListGiteaCredentialsOK) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /gitea/credentials][%d] listGiteaCredentialsOK %s", 200, payload)
 }
 func (o *ListGiteaCredentialsOK) GetPayload() garm_params.Credentials {
 	return o.Payload
 }
 func (o *ListGiteaCredentialsOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewListGiteaCredentialsBadRequest creates a ListGiteaCredentialsBadRequest with default headers values
 func NewListGiteaCredentialsBadRequest() *ListGiteaCredentialsBadRequest {
 	return &ListGiteaCredentialsBadRequest{}
 }
 /*
 ListGiteaCredentialsBadRequest describes a response with status code 400, with default header values.
 APIErrorResponse
 */
 type ListGiteaCredentialsBadRequest struct {
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this list gitea credentials bad request response has a 2xx status code
 func (o *ListGiteaCredentialsBadRequest) IsSuccess() bool {
 	return false
 }
 // IsRedirect returns true when this list gitea credentials bad request response has a 3xx status code
 func (o *ListGiteaCredentialsBadRequest) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this list gitea credentials bad request response has a 4xx status code
 func (o *ListGiteaCredentialsBadRequest) IsClientError() bool {
 	return true
 }
 // IsServerError returns true when this list gitea credentials bad request response has a 5xx status code
 func (o *ListGiteaCredentialsBadRequest) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this list gitea credentials bad request response a status code equal to that given
 func (o *ListGiteaCredentialsBadRequest) IsCode(code int) bool {
 	return code == 400
 }
 // Code gets the status code for the list gitea credentials bad request response
 func (o *ListGiteaCredentialsBadRequest) Code() int {
 	return 400
 }
 func (o *ListGiteaCredentialsBadRequest) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /gitea/credentials][%d] listGiteaCredentialsBadRequest %s", 400, payload)
 }
 func (o *ListGiteaCredentialsBadRequest) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /gitea/credentials][%d] listGiteaCredentialsBadRequest %s", 400, payload)
 }
 func (o *ListGiteaCredentialsBadRequest) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *ListGiteaCredentialsBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/credentials/update_credentials_parameters.go
+++ b/client/credentials/update_credentials_parameters.go
@ -0,0 +1,174 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package credentials
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // NewUpdateCredentialsParams creates a new UpdateCredentialsParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewUpdateCredentialsParams() *UpdateCredentialsParams {
 	return &UpdateCredentialsParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewUpdateCredentialsParamsWithTimeout creates a new UpdateCredentialsParams object
 // with the ability to set a timeout on a request.
 func NewUpdateCredentialsParamsWithTimeout(timeout time.Duration) *UpdateCredentialsParams {
 	return &UpdateCredentialsParams{
 		timeout: timeout,
 	}
 }
 // NewUpdateCredentialsParamsWithContext creates a new UpdateCredentialsParams object
 // with the ability to set a context for a request.
 func NewUpdateCredentialsParamsWithContext(ctx context.Context) *UpdateCredentialsParams {
 	return &UpdateCredentialsParams{
 		Context: ctx,
 	}
 }
 // NewUpdateCredentialsParamsWithHTTPClient creates a new UpdateCredentialsParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewUpdateCredentialsParamsWithHTTPClient(client *http.Client) *UpdateCredentialsParams {
 	return &UpdateCredentialsParams{
 		HTTPClient: client,
 	}
 }
 /*
 UpdateCredentialsParams contains all the parameters to send to the API endpoint
 	for the update credentials operation.
 	Typically these are written to a http.Request.
 */
 type UpdateCredentialsParams struct {
 	/* Body.
 	   Parameters used when updating a GitHub credential.
 	*/
 	Body garm_params.UpdateGithubCredentialsParams
 	/* ID.
 	   ID of the GitHub credential.
 	*/
 	ID int64
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the update credentials params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *UpdateCredentialsParams) WithDefaults() *UpdateCredentialsParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the update credentials params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *UpdateCredentialsParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the update credentials params
 func (o *UpdateCredentialsParams) WithTimeout(timeout time.Duration) *UpdateCredentialsParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the update credentials params
 func (o *UpdateCredentialsParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the update credentials params
 func (o *UpdateCredentialsParams) WithContext(ctx context.Context) *UpdateCredentialsParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the update credentials params
 func (o *UpdateCredentialsParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the update credentials params
 func (o *UpdateCredentialsParams) WithHTTPClient(client *http.Client) *UpdateCredentialsParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the update credentials params
 func (o *UpdateCredentialsParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithBody adds the body to the update credentials params
 func (o *UpdateCredentialsParams) WithBody(body garm_params.UpdateGithubCredentialsParams) *UpdateCredentialsParams {
 	o.SetBody(body)
 	return o
 }
 // SetBody adds the body to the update credentials params
 func (o *UpdateCredentialsParams) SetBody(body garm_params.UpdateGithubCredentialsParams) {
 	o.Body = body
 }
 // WithID adds the id to the update credentials params
 func (o *UpdateCredentialsParams) WithID(id int64) *UpdateCredentialsParams {
 	o.SetID(id)
 	return o
 }
 // SetID adds the id to the update credentials params
 func (o *UpdateCredentialsParams) SetID(id int64) {
 	o.ID = id
 }
 // WriteToRequest writes these params to a swagger request
 func (o *UpdateCredentialsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	if err := r.SetBodyParam(o.Body); err != nil {
 		return err
 	}
 	// path param id
 	if err := r.SetPathParam("id", swag.FormatInt64(o.ID)); err != nil {
 		return err
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/credentials/update_credentials_responses.go
+++ b/client/credentials/update_credentials_responses.go
@ -0,0 +1,179 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package credentials
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // UpdateCredentialsReader is a Reader for the UpdateCredentials structure.
 type UpdateCredentialsReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *UpdateCredentialsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 200:
 		result := NewUpdateCredentialsOK()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	case 400:
 		result := NewUpdateCredentialsBadRequest()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return nil, result
 	default:
 		return nil, runtime.NewAPIError("[PUT /github/credentials/{id}] UpdateCredentials", response, response.Code())
 	}
 }
 // NewUpdateCredentialsOK creates a UpdateCredentialsOK with default headers values
 func NewUpdateCredentialsOK() *UpdateCredentialsOK {
 	return &UpdateCredentialsOK{}
 }
 /*
 UpdateCredentialsOK describes a response with status code 200, with default header values.
 ForgeCredentials
 */
 type UpdateCredentialsOK struct {
 	Payload garm_params.ForgeCredentials
 }
 // IsSuccess returns true when this update credentials o k response has a 2xx status code
 func (o *UpdateCredentialsOK) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this update credentials o k response has a 3xx status code
 func (o *UpdateCredentialsOK) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this update credentials o k response has a 4xx status code
 func (o *UpdateCredentialsOK) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this update credentials o k response has a 5xx status code
 func (o *UpdateCredentialsOK) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this update credentials o k response a status code equal to that given
 func (o *UpdateCredentialsOK) IsCode(code int) bool {
 	return code == 200
 }
 // Code gets the status code for the update credentials o k response
 func (o *UpdateCredentialsOK) Code() int {
 	return 200
 }
 func (o *UpdateCredentialsOK) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[PUT /github/credentials/{id}][%d] updateCredentialsOK %s", 200, payload)
 }
 func (o *UpdateCredentialsOK) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[PUT /github/credentials/{id}][%d] updateCredentialsOK %s", 200, payload)
 }
 func (o *UpdateCredentialsOK) GetPayload() garm_params.ForgeCredentials {
 	return o.Payload
 }
 func (o *UpdateCredentialsOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewUpdateCredentialsBadRequest creates a UpdateCredentialsBadRequest with default headers values
 func NewUpdateCredentialsBadRequest() *UpdateCredentialsBadRequest {
 	return &UpdateCredentialsBadRequest{}
 }
 /*
 UpdateCredentialsBadRequest describes a response with status code 400, with default header values.
 APIErrorResponse
 */
 type UpdateCredentialsBadRequest struct {
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this update credentials bad request response has a 2xx status code
 func (o *UpdateCredentialsBadRequest) IsSuccess() bool {
 	return false
 }
 // IsRedirect returns true when this update credentials bad request response has a 3xx status code
 func (o *UpdateCredentialsBadRequest) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this update credentials bad request response has a 4xx status code
 func (o *UpdateCredentialsBadRequest) IsClientError() bool {
 	return true
 }
 // IsServerError returns true when this update credentials bad request response has a 5xx status code
 func (o *UpdateCredentialsBadRequest) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this update credentials bad request response a status code equal to that given
 func (o *UpdateCredentialsBadRequest) IsCode(code int) bool {
 	return code == 400
 }
 // Code gets the status code for the update credentials bad request response
 func (o *UpdateCredentialsBadRequest) Code() int {
 	return 400
 }
 func (o *UpdateCredentialsBadRequest) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[PUT /github/credentials/{id}][%d] updateCredentialsBadRequest %s", 400, payload)
 }
 func (o *UpdateCredentialsBadRequest) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[PUT /github/credentials/{id}][%d] updateCredentialsBadRequest %s", 400, payload)
 }
 func (o *UpdateCredentialsBadRequest) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *UpdateCredentialsBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/credentials/update_gitea_credentials_parameters.go
+++ b/client/credentials/update_gitea_credentials_parameters.go
@ -0,0 +1,174 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package credentials
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // NewUpdateGiteaCredentialsParams creates a new UpdateGiteaCredentialsParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewUpdateGiteaCredentialsParams() *UpdateGiteaCredentialsParams {
 	return &UpdateGiteaCredentialsParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewUpdateGiteaCredentialsParamsWithTimeout creates a new UpdateGiteaCredentialsParams object
 // with the ability to set a timeout on a request.
 func NewUpdateGiteaCredentialsParamsWithTimeout(timeout time.Duration) *UpdateGiteaCredentialsParams {
 	return &UpdateGiteaCredentialsParams{
 		timeout: timeout,
 	}
 }
 // NewUpdateGiteaCredentialsParamsWithContext creates a new UpdateGiteaCredentialsParams object
 // with the ability to set a context for a request.
 func NewUpdateGiteaCredentialsParamsWithContext(ctx context.Context) *UpdateGiteaCredentialsParams {
 	return &UpdateGiteaCredentialsParams{
 		Context: ctx,
 	}
 }
 // NewUpdateGiteaCredentialsParamsWithHTTPClient creates a new UpdateGiteaCredentialsParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewUpdateGiteaCredentialsParamsWithHTTPClient(client *http.Client) *UpdateGiteaCredentialsParams {
 	return &UpdateGiteaCredentialsParams{
 		HTTPClient: client,
 	}
 }
 /*
 UpdateGiteaCredentialsParams contains all the parameters to send to the API endpoint
 	for the update gitea credentials operation.
 	Typically these are written to a http.Request.
 */
 type UpdateGiteaCredentialsParams struct {
 	/* Body.
 	   Parameters used when updating a Gitea credential.
 	*/
 	Body garm_params.UpdateGiteaCredentialsParams
 	/* ID.
 	   ID of the Gitea credential.
 	*/
 	ID int64
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the update gitea credentials params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *UpdateGiteaCredentialsParams) WithDefaults() *UpdateGiteaCredentialsParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the update gitea credentials params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *UpdateGiteaCredentialsParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the update gitea credentials params
 func (o *UpdateGiteaCredentialsParams) WithTimeout(timeout time.Duration) *UpdateGiteaCredentialsParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the update gitea credentials params
 func (o *UpdateGiteaCredentialsParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the update gitea credentials params
 func (o *UpdateGiteaCredentialsParams) WithContext(ctx context.Context) *UpdateGiteaCredentialsParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the update gitea credentials params
 func (o *UpdateGiteaCredentialsParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the update gitea credentials params
 func (o *UpdateGiteaCredentialsParams) WithHTTPClient(client *http.Client) *UpdateGiteaCredentialsParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the update gitea credentials params
 func (o *UpdateGiteaCredentialsParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithBody adds the body to the update gitea credentials params
 func (o *UpdateGiteaCredentialsParams) WithBody(body garm_params.UpdateGiteaCredentialsParams) *UpdateGiteaCredentialsParams {
 	o.SetBody(body)
 	return o
 }
 // SetBody adds the body to the update gitea credentials params
 func (o *UpdateGiteaCredentialsParams) SetBody(body garm_params.UpdateGiteaCredentialsParams) {
 	o.Body = body
 }
 // WithID adds the id to the update gitea credentials params
 func (o *UpdateGiteaCredentialsParams) WithID(id int64) *UpdateGiteaCredentialsParams {
 	o.SetID(id)
 	return o
 }
 // SetID adds the id to the update gitea credentials params
 func (o *UpdateGiteaCredentialsParams) SetID(id int64) {
 	o.ID = id
 }
 // WriteToRequest writes these params to a swagger request
 func (o *UpdateGiteaCredentialsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	if err := r.SetBodyParam(o.Body); err != nil {
 		return err
 	}
 	// path param id
 	if err := r.SetPathParam("id", swag.FormatInt64(o.ID)); err != nil {
 		return err
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/credentials/update_gitea_credentials_responses.go
+++ b/client/credentials/update_gitea_credentials_responses.go
@ -0,0 +1,179 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package credentials
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // UpdateGiteaCredentialsReader is a Reader for the UpdateGiteaCredentials structure.
 type UpdateGiteaCredentialsReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *UpdateGiteaCredentialsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 200:
 		result := NewUpdateGiteaCredentialsOK()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	case 400:
 		result := NewUpdateGiteaCredentialsBadRequest()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return nil, result
 	default:
 		return nil, runtime.NewAPIError("[PUT /gitea/credentials/{id}] UpdateGiteaCredentials", response, response.Code())
 	}
 }
 // NewUpdateGiteaCredentialsOK creates a UpdateGiteaCredentialsOK with default headers values
 func NewUpdateGiteaCredentialsOK() *UpdateGiteaCredentialsOK {
 	return &UpdateGiteaCredentialsOK{}
 }
 /*
 UpdateGiteaCredentialsOK describes a response with status code 200, with default header values.
 ForgeCredentials
 */
 type UpdateGiteaCredentialsOK struct {
 	Payload garm_params.ForgeCredentials
 }
 // IsSuccess returns true when this update gitea credentials o k response has a 2xx status code
 func (o *UpdateGiteaCredentialsOK) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this update gitea credentials o k response has a 3xx status code
 func (o *UpdateGiteaCredentialsOK) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this update gitea credentials o k response has a 4xx status code
 func (o *UpdateGiteaCredentialsOK) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this update gitea credentials o k response has a 5xx status code
 func (o *UpdateGiteaCredentialsOK) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this update gitea credentials o k response a status code equal to that given
 func (o *UpdateGiteaCredentialsOK) IsCode(code int) bool {
 	return code == 200
 }
 // Code gets the status code for the update gitea credentials o k response
 func (o *UpdateGiteaCredentialsOK) Code() int {
 	return 200
 }
 func (o *UpdateGiteaCredentialsOK) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[PUT /gitea/credentials/{id}][%d] updateGiteaCredentialsOK %s", 200, payload)
 }
 func (o *UpdateGiteaCredentialsOK) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[PUT /gitea/credentials/{id}][%d] updateGiteaCredentialsOK %s", 200, payload)
 }
 func (o *UpdateGiteaCredentialsOK) GetPayload() garm_params.ForgeCredentials {
 	return o.Payload
 }
 func (o *UpdateGiteaCredentialsOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewUpdateGiteaCredentialsBadRequest creates a UpdateGiteaCredentialsBadRequest with default headers values
 func NewUpdateGiteaCredentialsBadRequest() *UpdateGiteaCredentialsBadRequest {
 	return &UpdateGiteaCredentialsBadRequest{}
 }
 /*
 UpdateGiteaCredentialsBadRequest describes a response with status code 400, with default header values.
 APIErrorResponse
 */
 type UpdateGiteaCredentialsBadRequest struct {
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this update gitea credentials bad request response has a 2xx status code
 func (o *UpdateGiteaCredentialsBadRequest) IsSuccess() bool {
 	return false
 }
 // IsRedirect returns true when this update gitea credentials bad request response has a 3xx status code
 func (o *UpdateGiteaCredentialsBadRequest) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this update gitea credentials bad request response has a 4xx status code
 func (o *UpdateGiteaCredentialsBadRequest) IsClientError() bool {
 	return true
 }
 // IsServerError returns true when this update gitea credentials bad request response has a 5xx status code
 func (o *UpdateGiteaCredentialsBadRequest) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this update gitea credentials bad request response a status code equal to that given
 func (o *UpdateGiteaCredentialsBadRequest) IsCode(code int) bool {
 	return code == 400
 }
 // Code gets the status code for the update gitea credentials bad request response
 func (o *UpdateGiteaCredentialsBadRequest) Code() int {
 	return 400
 }
 func (o *UpdateGiteaCredentialsBadRequest) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[PUT /gitea/credentials/{id}][%d] updateGiteaCredentialsBadRequest %s", 400, payload)
 }
 func (o *UpdateGiteaCredentialsBadRequest) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[PUT /gitea/credentials/{id}][%d] updateGiteaCredentialsBadRequest %s", 400, payload)
 }
 func (o *UpdateGiteaCredentialsBadRequest) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *UpdateGiteaCredentialsBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/endpoints/create_gitea_endpoint_parameters.go
+++ b/client/endpoints/create_gitea_endpoint_parameters.go
@ -0,0 +1,151 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package endpoints
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // NewCreateGiteaEndpointParams creates a new CreateGiteaEndpointParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewCreateGiteaEndpointParams() *CreateGiteaEndpointParams {
 	return &CreateGiteaEndpointParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewCreateGiteaEndpointParamsWithTimeout creates a new CreateGiteaEndpointParams object
 // with the ability to set a timeout on a request.
 func NewCreateGiteaEndpointParamsWithTimeout(timeout time.Duration) *CreateGiteaEndpointParams {
 	return &CreateGiteaEndpointParams{
 		timeout: timeout,
 	}
 }
 // NewCreateGiteaEndpointParamsWithContext creates a new CreateGiteaEndpointParams object
 // with the ability to set a context for a request.
 func NewCreateGiteaEndpointParamsWithContext(ctx context.Context) *CreateGiteaEndpointParams {
 	return &CreateGiteaEndpointParams{
 		Context: ctx,
 	}
 }
 // NewCreateGiteaEndpointParamsWithHTTPClient creates a new CreateGiteaEndpointParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewCreateGiteaEndpointParamsWithHTTPClient(client *http.Client) *CreateGiteaEndpointParams {
 	return &CreateGiteaEndpointParams{
 		HTTPClient: client,
 	}
 }
 /*
 CreateGiteaEndpointParams contains all the parameters to send to the API endpoint
 	for the create gitea endpoint operation.
 	Typically these are written to a http.Request.
 */
 type CreateGiteaEndpointParams struct {
 	/* Body.
 	   Parameters used when creating a Gitea endpoint.
 	*/
 	Body garm_params.CreateGiteaEndpointParams
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the create gitea endpoint params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *CreateGiteaEndpointParams) WithDefaults() *CreateGiteaEndpointParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the create gitea endpoint params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *CreateGiteaEndpointParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the create gitea endpoint params
 func (o *CreateGiteaEndpointParams) WithTimeout(timeout time.Duration) *CreateGiteaEndpointParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the create gitea endpoint params
 func (o *CreateGiteaEndpointParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the create gitea endpoint params
 func (o *CreateGiteaEndpointParams) WithContext(ctx context.Context) *CreateGiteaEndpointParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the create gitea endpoint params
 func (o *CreateGiteaEndpointParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the create gitea endpoint params
 func (o *CreateGiteaEndpointParams) WithHTTPClient(client *http.Client) *CreateGiteaEndpointParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the create gitea endpoint params
 func (o *CreateGiteaEndpointParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithBody adds the body to the create gitea endpoint params
 func (o *CreateGiteaEndpointParams) WithBody(body garm_params.CreateGiteaEndpointParams) *CreateGiteaEndpointParams {
 	o.SetBody(body)
 	return o
 }
 // SetBody adds the body to the create gitea endpoint params
 func (o *CreateGiteaEndpointParams) SetBody(body garm_params.CreateGiteaEndpointParams) {
 	o.Body = body
 }
 // WriteToRequest writes these params to a swagger request
 func (o *CreateGiteaEndpointParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	if err := r.SetBodyParam(o.Body); err != nil {
 		return err
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/endpoints/create_gitea_endpoint_responses.go
+++ b/client/endpoints/create_gitea_endpoint_responses.go
@ -0,0 +1,184 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package endpoints
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // CreateGiteaEndpointReader is a Reader for the CreateGiteaEndpoint structure.
 type CreateGiteaEndpointReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *CreateGiteaEndpointReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 200:
 		result := NewCreateGiteaEndpointOK()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	default:
 		result := NewCreateGiteaEndpointDefault(response.Code())
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		if response.Code()/100 == 2 {
 			return result, nil
 		}
 		return nil, result
 	}
 }
 // NewCreateGiteaEndpointOK creates a CreateGiteaEndpointOK with default headers values
 func NewCreateGiteaEndpointOK() *CreateGiteaEndpointOK {
 	return &CreateGiteaEndpointOK{}
 }
 /*
 CreateGiteaEndpointOK describes a response with status code 200, with default header values.
 ForgeEndpoint
 */
 type CreateGiteaEndpointOK struct {
 	Payload garm_params.ForgeEndpoint
 }
 // IsSuccess returns true when this create gitea endpoint o k response has a 2xx status code
 func (o *CreateGiteaEndpointOK) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this create gitea endpoint o k response has a 3xx status code
 func (o *CreateGiteaEndpointOK) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this create gitea endpoint o k response has a 4xx status code
 func (o *CreateGiteaEndpointOK) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this create gitea endpoint o k response has a 5xx status code
 func (o *CreateGiteaEndpointOK) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this create gitea endpoint o k response a status code equal to that given
 func (o *CreateGiteaEndpointOK) IsCode(code int) bool {
 	return code == 200
 }
 // Code gets the status code for the create gitea endpoint o k response
 func (o *CreateGiteaEndpointOK) Code() int {
 	return 200
 }
 func (o *CreateGiteaEndpointOK) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /gitea/endpoints][%d] createGiteaEndpointOK %s", 200, payload)
 }
 func (o *CreateGiteaEndpointOK) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /gitea/endpoints][%d] createGiteaEndpointOK %s", 200, payload)
 }
 func (o *CreateGiteaEndpointOK) GetPayload() garm_params.ForgeEndpoint {
 	return o.Payload
 }
 func (o *CreateGiteaEndpointOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewCreateGiteaEndpointDefault creates a CreateGiteaEndpointDefault with default headers values
 func NewCreateGiteaEndpointDefault(code int) *CreateGiteaEndpointDefault {
 	return &CreateGiteaEndpointDefault{
 		_statusCode: code,
 	}
 }
 /*
 CreateGiteaEndpointDefault describes a response with status code -1, with default header values.
 APIErrorResponse
 */
 type CreateGiteaEndpointDefault struct {
 	_statusCode int
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this create gitea endpoint default response has a 2xx status code
 func (o *CreateGiteaEndpointDefault) IsSuccess() bool {
 	return o._statusCode/100 == 2
 }
 // IsRedirect returns true when this create gitea endpoint default response has a 3xx status code
 func (o *CreateGiteaEndpointDefault) IsRedirect() bool {
 	return o._statusCode/100 == 3
 }
 // IsClientError returns true when this create gitea endpoint default response has a 4xx status code
 func (o *CreateGiteaEndpointDefault) IsClientError() bool {
 	return o._statusCode/100 == 4
 }
 // IsServerError returns true when this create gitea endpoint default response has a 5xx status code
 func (o *CreateGiteaEndpointDefault) IsServerError() bool {
 	return o._statusCode/100 == 5
 }
 // IsCode returns true when this create gitea endpoint default response a status code equal to that given
 func (o *CreateGiteaEndpointDefault) IsCode(code int) bool {
 	return o._statusCode == code
 }
 // Code gets the status code for the create gitea endpoint default response
 func (o *CreateGiteaEndpointDefault) Code() int {
 	return o._statusCode
 }
 func (o *CreateGiteaEndpointDefault) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /gitea/endpoints][%d] CreateGiteaEndpoint default %s", o._statusCode, payload)
 }
 func (o *CreateGiteaEndpointDefault) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /gitea/endpoints][%d] CreateGiteaEndpoint default %s", o._statusCode, payload)
 }
 func (o *CreateGiteaEndpointDefault) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *CreateGiteaEndpointDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/endpoints/create_github_endpoint_parameters.go
+++ b/client/endpoints/create_github_endpoint_parameters.go
@ -0,0 +1,151 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package endpoints
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // NewCreateGithubEndpointParams creates a new CreateGithubEndpointParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewCreateGithubEndpointParams() *CreateGithubEndpointParams {
 	return &CreateGithubEndpointParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewCreateGithubEndpointParamsWithTimeout creates a new CreateGithubEndpointParams object
 // with the ability to set a timeout on a request.
 func NewCreateGithubEndpointParamsWithTimeout(timeout time.Duration) *CreateGithubEndpointParams {
 	return &CreateGithubEndpointParams{
 		timeout: timeout,
 	}
 }
 // NewCreateGithubEndpointParamsWithContext creates a new CreateGithubEndpointParams object
 // with the ability to set a context for a request.
 func NewCreateGithubEndpointParamsWithContext(ctx context.Context) *CreateGithubEndpointParams {
 	return &CreateGithubEndpointParams{
 		Context: ctx,
 	}
 }
 // NewCreateGithubEndpointParamsWithHTTPClient creates a new CreateGithubEndpointParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewCreateGithubEndpointParamsWithHTTPClient(client *http.Client) *CreateGithubEndpointParams {
 	return &CreateGithubEndpointParams{
 		HTTPClient: client,
 	}
 }
 /*
 CreateGithubEndpointParams contains all the parameters to send to the API endpoint
 	for the create github endpoint operation.
 	Typically these are written to a http.Request.
 */
 type CreateGithubEndpointParams struct {
 	/* Body.
 	   Parameters used when creating a GitHub endpoint.
 	*/
 	Body garm_params.CreateGithubEndpointParams
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the create github endpoint params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *CreateGithubEndpointParams) WithDefaults() *CreateGithubEndpointParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the create github endpoint params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *CreateGithubEndpointParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the create github endpoint params
 func (o *CreateGithubEndpointParams) WithTimeout(timeout time.Duration) *CreateGithubEndpointParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the create github endpoint params
 func (o *CreateGithubEndpointParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the create github endpoint params
 func (o *CreateGithubEndpointParams) WithContext(ctx context.Context) *CreateGithubEndpointParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the create github endpoint params
 func (o *CreateGithubEndpointParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the create github endpoint params
 func (o *CreateGithubEndpointParams) WithHTTPClient(client *http.Client) *CreateGithubEndpointParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the create github endpoint params
 func (o *CreateGithubEndpointParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithBody adds the body to the create github endpoint params
 func (o *CreateGithubEndpointParams) WithBody(body garm_params.CreateGithubEndpointParams) *CreateGithubEndpointParams {
 	o.SetBody(body)
 	return o
 }
 // SetBody adds the body to the create github endpoint params
 func (o *CreateGithubEndpointParams) SetBody(body garm_params.CreateGithubEndpointParams) {
 	o.Body = body
 }
 // WriteToRequest writes these params to a swagger request
 func (o *CreateGithubEndpointParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	if err := r.SetBodyParam(o.Body); err != nil {
 		return err
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/endpoints/create_github_endpoint_responses.go
+++ b/client/endpoints/create_github_endpoint_responses.go
@ -0,0 +1,184 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package endpoints
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // CreateGithubEndpointReader is a Reader for the CreateGithubEndpoint structure.
 type CreateGithubEndpointReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *CreateGithubEndpointReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 200:
 		result := NewCreateGithubEndpointOK()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	default:
 		result := NewCreateGithubEndpointDefault(response.Code())
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		if response.Code()/100 == 2 {
 			return result, nil
 		}
 		return nil, result
 	}
 }
 // NewCreateGithubEndpointOK creates a CreateGithubEndpointOK with default headers values
 func NewCreateGithubEndpointOK() *CreateGithubEndpointOK {
 	return &CreateGithubEndpointOK{}
 }
 /*
 CreateGithubEndpointOK describes a response with status code 200, with default header values.
 ForgeEndpoint
 */
 type CreateGithubEndpointOK struct {
 	Payload garm_params.ForgeEndpoint
 }
 // IsSuccess returns true when this create github endpoint o k response has a 2xx status code
 func (o *CreateGithubEndpointOK) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this create github endpoint o k response has a 3xx status code
 func (o *CreateGithubEndpointOK) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this create github endpoint o k response has a 4xx status code
 func (o *CreateGithubEndpointOK) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this create github endpoint o k response has a 5xx status code
 func (o *CreateGithubEndpointOK) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this create github endpoint o k response a status code equal to that given
 func (o *CreateGithubEndpointOK) IsCode(code int) bool {
 	return code == 200
 }
 // Code gets the status code for the create github endpoint o k response
 func (o *CreateGithubEndpointOK) Code() int {
 	return 200
 }
 func (o *CreateGithubEndpointOK) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /github/endpoints][%d] createGithubEndpointOK %s", 200, payload)
 }
 func (o *CreateGithubEndpointOK) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /github/endpoints][%d] createGithubEndpointOK %s", 200, payload)
 }
 func (o *CreateGithubEndpointOK) GetPayload() garm_params.ForgeEndpoint {
 	return o.Payload
 }
 func (o *CreateGithubEndpointOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewCreateGithubEndpointDefault creates a CreateGithubEndpointDefault with default headers values
 func NewCreateGithubEndpointDefault(code int) *CreateGithubEndpointDefault {
 	return &CreateGithubEndpointDefault{
 		_statusCode: code,
 	}
 }
 /*
 CreateGithubEndpointDefault describes a response with status code -1, with default header values.
 APIErrorResponse
 */
 type CreateGithubEndpointDefault struct {
 	_statusCode int
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this create github endpoint default response has a 2xx status code
 func (o *CreateGithubEndpointDefault) IsSuccess() bool {
 	return o._statusCode/100 == 2
 }
 // IsRedirect returns true when this create github endpoint default response has a 3xx status code
 func (o *CreateGithubEndpointDefault) IsRedirect() bool {
 	return o._statusCode/100 == 3
 }
 // IsClientError returns true when this create github endpoint default response has a 4xx status code
 func (o *CreateGithubEndpointDefault) IsClientError() bool {
 	return o._statusCode/100 == 4
 }
 // IsServerError returns true when this create github endpoint default response has a 5xx status code
 func (o *CreateGithubEndpointDefault) IsServerError() bool {
 	return o._statusCode/100 == 5
 }
 // IsCode returns true when this create github endpoint default response a status code equal to that given
 func (o *CreateGithubEndpointDefault) IsCode(code int) bool {
 	return o._statusCode == code
 }
 // Code gets the status code for the create github endpoint default response
 func (o *CreateGithubEndpointDefault) Code() int {
 	return o._statusCode
 }
 func (o *CreateGithubEndpointDefault) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /github/endpoints][%d] CreateGithubEndpoint default %s", o._statusCode, payload)
 }
 func (o *CreateGithubEndpointDefault) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /github/endpoints][%d] CreateGithubEndpoint default %s", o._statusCode, payload)
 }
 func (o *CreateGithubEndpointDefault) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *CreateGithubEndpointDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/endpoints/delete_gitea_endpoint_parameters.go
+++ b/client/endpoints/delete_gitea_endpoint_parameters.go
@ -0,0 +1,151 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package endpoints
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 )
 // NewDeleteGiteaEndpointParams creates a new DeleteGiteaEndpointParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewDeleteGiteaEndpointParams() *DeleteGiteaEndpointParams {
 	return &DeleteGiteaEndpointParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewDeleteGiteaEndpointParamsWithTimeout creates a new DeleteGiteaEndpointParams object
 // with the ability to set a timeout on a request.
 func NewDeleteGiteaEndpointParamsWithTimeout(timeout time.Duration) *DeleteGiteaEndpointParams {
 	return &DeleteGiteaEndpointParams{
 		timeout: timeout,
 	}
 }
 // NewDeleteGiteaEndpointParamsWithContext creates a new DeleteGiteaEndpointParams object
 // with the ability to set a context for a request.
 func NewDeleteGiteaEndpointParamsWithContext(ctx context.Context) *DeleteGiteaEndpointParams {
 	return &DeleteGiteaEndpointParams{
 		Context: ctx,
 	}
 }
 // NewDeleteGiteaEndpointParamsWithHTTPClient creates a new DeleteGiteaEndpointParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewDeleteGiteaEndpointParamsWithHTTPClient(client *http.Client) *DeleteGiteaEndpointParams {
 	return &DeleteGiteaEndpointParams{
 		HTTPClient: client,
 	}
 }
 /*
 DeleteGiteaEndpointParams contains all the parameters to send to the API endpoint
 	for the delete gitea endpoint operation.
 	Typically these are written to a http.Request.
 */
 type DeleteGiteaEndpointParams struct {
 	/* Name.
 	   The name of the Gitea endpoint.
 	*/
 	Name string
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the delete gitea endpoint params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *DeleteGiteaEndpointParams) WithDefaults() *DeleteGiteaEndpointParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the delete gitea endpoint params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *DeleteGiteaEndpointParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the delete gitea endpoint params
 func (o *DeleteGiteaEndpointParams) WithTimeout(timeout time.Duration) *DeleteGiteaEndpointParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the delete gitea endpoint params
 func (o *DeleteGiteaEndpointParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the delete gitea endpoint params
 func (o *DeleteGiteaEndpointParams) WithContext(ctx context.Context) *DeleteGiteaEndpointParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the delete gitea endpoint params
 func (o *DeleteGiteaEndpointParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the delete gitea endpoint params
 func (o *DeleteGiteaEndpointParams) WithHTTPClient(client *http.Client) *DeleteGiteaEndpointParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the delete gitea endpoint params
 func (o *DeleteGiteaEndpointParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithName adds the name to the delete gitea endpoint params
 func (o *DeleteGiteaEndpointParams) WithName(name string) *DeleteGiteaEndpointParams {
 	o.SetName(name)
 	return o
 }
 // SetName adds the name to the delete gitea endpoint params
 func (o *DeleteGiteaEndpointParams) SetName(name string) {
 	o.Name = name
 }
 // WriteToRequest writes these params to a swagger request
 func (o *DeleteGiteaEndpointParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	// path param name
 	if err := r.SetPathParam("name", o.Name); err != nil {
 		return err
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/endpoints/delete_gitea_endpoint_responses.go
+++ b/client/endpoints/delete_gitea_endpoint_responses.go
@ -0,0 +1,106 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package endpoints
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 )
 // DeleteGiteaEndpointReader is a Reader for the DeleteGiteaEndpoint structure.
 type DeleteGiteaEndpointReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *DeleteGiteaEndpointReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	result := NewDeleteGiteaEndpointDefault(response.Code())
 	if err := result.readResponse(response, consumer, o.formats); err != nil {
 		return nil, err
 	}
 	if response.Code()/100 == 2 {
 		return result, nil
 	}
 	return nil, result
 }
 // NewDeleteGiteaEndpointDefault creates a DeleteGiteaEndpointDefault with default headers values
 func NewDeleteGiteaEndpointDefault(code int) *DeleteGiteaEndpointDefault {
 	return &DeleteGiteaEndpointDefault{
 		_statusCode: code,
 	}
 }
 /*
 DeleteGiteaEndpointDefault describes a response with status code -1, with default header values.
 APIErrorResponse
 */
 type DeleteGiteaEndpointDefault struct {
 	_statusCode int
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this delete gitea endpoint default response has a 2xx status code
 func (o *DeleteGiteaEndpointDefault) IsSuccess() bool {
 	return o._statusCode/100 == 2
 }
 // IsRedirect returns true when this delete gitea endpoint default response has a 3xx status code
 func (o *DeleteGiteaEndpointDefault) IsRedirect() bool {
 	return o._statusCode/100 == 3
 }
 // IsClientError returns true when this delete gitea endpoint default response has a 4xx status code
 func (o *DeleteGiteaEndpointDefault) IsClientError() bool {
 	return o._statusCode/100 == 4
 }
 // IsServerError returns true when this delete gitea endpoint default response has a 5xx status code
 func (o *DeleteGiteaEndpointDefault) IsServerError() bool {
 	return o._statusCode/100 == 5
 }
 // IsCode returns true when this delete gitea endpoint default response a status code equal to that given
 func (o *DeleteGiteaEndpointDefault) IsCode(code int) bool {
 	return o._statusCode == code
 }
 // Code gets the status code for the delete gitea endpoint default response
 func (o *DeleteGiteaEndpointDefault) Code() int {
 	return o._statusCode
 }
 func (o *DeleteGiteaEndpointDefault) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[DELETE /gitea/endpoints/{name}][%d] DeleteGiteaEndpoint default %s", o._statusCode, payload)
 }
 func (o *DeleteGiteaEndpointDefault) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[DELETE /gitea/endpoints/{name}][%d] DeleteGiteaEndpoint default %s", o._statusCode, payload)
 }
 func (o *DeleteGiteaEndpointDefault) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *DeleteGiteaEndpointDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/endpoints/delete_github_endpoint_parameters.go
+++ b/client/endpoints/delete_github_endpoint_parameters.go
@ -0,0 +1,151 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package endpoints
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 )
 // NewDeleteGithubEndpointParams creates a new DeleteGithubEndpointParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewDeleteGithubEndpointParams() *DeleteGithubEndpointParams {
 	return &DeleteGithubEndpointParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewDeleteGithubEndpointParamsWithTimeout creates a new DeleteGithubEndpointParams object
 // with the ability to set a timeout on a request.
 func NewDeleteGithubEndpointParamsWithTimeout(timeout time.Duration) *DeleteGithubEndpointParams {
 	return &DeleteGithubEndpointParams{
 		timeout: timeout,
 	}
 }
 // NewDeleteGithubEndpointParamsWithContext creates a new DeleteGithubEndpointParams object
 // with the ability to set a context for a request.
 func NewDeleteGithubEndpointParamsWithContext(ctx context.Context) *DeleteGithubEndpointParams {
 	return &DeleteGithubEndpointParams{
 		Context: ctx,
 	}
 }
 // NewDeleteGithubEndpointParamsWithHTTPClient creates a new DeleteGithubEndpointParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewDeleteGithubEndpointParamsWithHTTPClient(client *http.Client) *DeleteGithubEndpointParams {
 	return &DeleteGithubEndpointParams{
 		HTTPClient: client,
 	}
 }
 /*
 DeleteGithubEndpointParams contains all the parameters to send to the API endpoint
 	for the delete github endpoint operation.
 	Typically these are written to a http.Request.
 */
 type DeleteGithubEndpointParams struct {
 	/* Name.
 	   The name of the GitHub endpoint.
 	*/
 	Name string
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the delete github endpoint params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *DeleteGithubEndpointParams) WithDefaults() *DeleteGithubEndpointParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the delete github endpoint params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *DeleteGithubEndpointParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the delete github endpoint params
 func (o *DeleteGithubEndpointParams) WithTimeout(timeout time.Duration) *DeleteGithubEndpointParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the delete github endpoint params
 func (o *DeleteGithubEndpointParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the delete github endpoint params
 func (o *DeleteGithubEndpointParams) WithContext(ctx context.Context) *DeleteGithubEndpointParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the delete github endpoint params
 func (o *DeleteGithubEndpointParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the delete github endpoint params
 func (o *DeleteGithubEndpointParams) WithHTTPClient(client *http.Client) *DeleteGithubEndpointParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the delete github endpoint params
 func (o *DeleteGithubEndpointParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithName adds the name to the delete github endpoint params
 func (o *DeleteGithubEndpointParams) WithName(name string) *DeleteGithubEndpointParams {
 	o.SetName(name)
 	return o
 }
 // SetName adds the name to the delete github endpoint params
 func (o *DeleteGithubEndpointParams) SetName(name string) {
 	o.Name = name
 }
 // WriteToRequest writes these params to a swagger request
 func (o *DeleteGithubEndpointParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	// path param name
 	if err := r.SetPathParam("name", o.Name); err != nil {
 		return err
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/endpoints/delete_github_endpoint_responses.go
+++ b/client/endpoints/delete_github_endpoint_responses.go
@ -0,0 +1,106 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package endpoints
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 )
 // DeleteGithubEndpointReader is a Reader for the DeleteGithubEndpoint structure.
 type DeleteGithubEndpointReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *DeleteGithubEndpointReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	result := NewDeleteGithubEndpointDefault(response.Code())
 	if err := result.readResponse(response, consumer, o.formats); err != nil {
 		return nil, err
 	}
 	if response.Code()/100 == 2 {
 		return result, nil
 	}
 	return nil, result
 }
 // NewDeleteGithubEndpointDefault creates a DeleteGithubEndpointDefault with default headers values
 func NewDeleteGithubEndpointDefault(code int) *DeleteGithubEndpointDefault {
 	return &DeleteGithubEndpointDefault{
 		_statusCode: code,
 	}
 }
 /*
 DeleteGithubEndpointDefault describes a response with status code -1, with default header values.
 APIErrorResponse
 */
 type DeleteGithubEndpointDefault struct {
 	_statusCode int
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this delete github endpoint default response has a 2xx status code
 func (o *DeleteGithubEndpointDefault) IsSuccess() bool {
 	return o._statusCode/100 == 2
 }
 // IsRedirect returns true when this delete github endpoint default response has a 3xx status code
 func (o *DeleteGithubEndpointDefault) IsRedirect() bool {
 	return o._statusCode/100 == 3
 }
 // IsClientError returns true when this delete github endpoint default response has a 4xx status code
 func (o *DeleteGithubEndpointDefault) IsClientError() bool {
 	return o._statusCode/100 == 4
 }
 // IsServerError returns true when this delete github endpoint default response has a 5xx status code
 func (o *DeleteGithubEndpointDefault) IsServerError() bool {
 	return o._statusCode/100 == 5
 }
 // IsCode returns true when this delete github endpoint default response a status code equal to that given
 func (o *DeleteGithubEndpointDefault) IsCode(code int) bool {
 	return o._statusCode == code
 }
 // Code gets the status code for the delete github endpoint default response
 func (o *DeleteGithubEndpointDefault) Code() int {
 	return o._statusCode
 }
 func (o *DeleteGithubEndpointDefault) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[DELETE /github/endpoints/{name}][%d] DeleteGithubEndpoint default %s", o._statusCode, payload)
 }
 func (o *DeleteGithubEndpointDefault) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[DELETE /github/endpoints/{name}][%d] DeleteGithubEndpoint default %s", o._statusCode, payload)
 }
 func (o *DeleteGithubEndpointDefault) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *DeleteGithubEndpointDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/endpoints/endpoints_client.go
+++ b/client/endpoints/endpoints_client.go
@ -0,0 +1,451 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package endpoints
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"github.com/go-openapi/runtime"
 	httptransport "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 )
 // New creates a new endpoints API client.
 func New(transport runtime.ClientTransport, formats strfmt.Registry) ClientService {
 	return &Client{transport: transport, formats: formats}
 }
 // New creates a new endpoints API client with basic auth credentials.
 // It takes the following parameters:
 // - host: http host (github.com).
 // - basePath: any base path for the API client ("/v1", "/v3").
 // - scheme: http scheme ("http", "https").
 // - user: user for basic authentication header.
 // - password: password for basic authentication header.
 func NewClientWithBasicAuth(host, basePath, scheme, user, password string) ClientService {
 	transport := httptransport.New(host, basePath, []string{scheme})
 	transport.DefaultAuthentication = httptransport.BasicAuth(user, password)
 	return &Client{transport: transport, formats: strfmt.Default}
 }
 // New creates a new endpoints API client with a bearer token for authentication.
 // It takes the following parameters:
 // - host: http host (github.com).
 // - basePath: any base path for the API client ("/v1", "/v3").
 // - scheme: http scheme ("http", "https").
 // - bearerToken: bearer token for Bearer authentication header.
 func NewClientWithBearerToken(host, basePath, scheme, bearerToken string) ClientService {
 	transport := httptransport.New(host, basePath, []string{scheme})
 	transport.DefaultAuthentication = httptransport.BearerToken(bearerToken)
 	return &Client{transport: transport, formats: strfmt.Default}
 }
 /*
 Client for endpoints API
 */
 type Client struct {
 	transport runtime.ClientTransport
 	formats   strfmt.Registry
 }
 // ClientOption may be used to customize the behavior of Client methods.
 type ClientOption func(*runtime.ClientOperation)
 // ClientService is the interface for Client methods
 type ClientService interface {
 	CreateGiteaEndpoint(params *CreateGiteaEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateGiteaEndpointOK, error)
 	CreateGithubEndpoint(params *CreateGithubEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateGithubEndpointOK, error)
 	DeleteGiteaEndpoint(params *DeleteGiteaEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) error
 	DeleteGithubEndpoint(params *DeleteGithubEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) error
 	GetGiteaEndpoint(params *GetGiteaEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*GetGiteaEndpointOK, error)
 	GetGithubEndpoint(params *GetGithubEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*GetGithubEndpointOK, error)
 	ListGiteaEndpoints(params *ListGiteaEndpointsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListGiteaEndpointsOK, error)
 	ListGithubEndpoints(params *ListGithubEndpointsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListGithubEndpointsOK, error)
 	UpdateGiteaEndpoint(params *UpdateGiteaEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateGiteaEndpointOK, error)
 	UpdateGithubEndpoint(params *UpdateGithubEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateGithubEndpointOK, error)
 	SetTransport(transport runtime.ClientTransport)
 }
 /*
 CreateGiteaEndpoint creates a gitea endpoint
 */
 func (a *Client) CreateGiteaEndpoint(params *CreateGiteaEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateGiteaEndpointOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewCreateGiteaEndpointParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "CreateGiteaEndpoint",
 		Method:             "POST",
 		PathPattern:        "/gitea/endpoints",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &CreateGiteaEndpointReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*CreateGiteaEndpointOK)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	unexpectedSuccess := result.(*CreateGiteaEndpointDefault)
 	return nil, runtime.NewAPIError("unexpected success response: content available as default response in error", unexpectedSuccess, unexpectedSuccess.Code())
 }
 /*
 CreateGithubEndpoint creates a git hub endpoint
 */
 func (a *Client) CreateGithubEndpoint(params *CreateGithubEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateGithubEndpointOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewCreateGithubEndpointParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "CreateGithubEndpoint",
 		Method:             "POST",
 		PathPattern:        "/github/endpoints",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &CreateGithubEndpointReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*CreateGithubEndpointOK)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	unexpectedSuccess := result.(*CreateGithubEndpointDefault)
 	return nil, runtime.NewAPIError("unexpected success response: content available as default response in error", unexpectedSuccess, unexpectedSuccess.Code())
 }
 /*
 DeleteGiteaEndpoint deletes a gitea endpoint
 */
 func (a *Client) DeleteGiteaEndpoint(params *DeleteGiteaEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) error {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewDeleteGiteaEndpointParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "DeleteGiteaEndpoint",
 		Method:             "DELETE",
 		PathPattern:        "/gitea/endpoints/{name}",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &DeleteGiteaEndpointReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	_, err := a.transport.Submit(op)
 	if err != nil {
 		return err
 	}
 	return nil
 }
 /*
 DeleteGithubEndpoint deletes a git hub endpoint
 */
 func (a *Client) DeleteGithubEndpoint(params *DeleteGithubEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) error {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewDeleteGithubEndpointParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "DeleteGithubEndpoint",
 		Method:             "DELETE",
 		PathPattern:        "/github/endpoints/{name}",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &DeleteGithubEndpointReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	_, err := a.transport.Submit(op)
 	if err != nil {
 		return err
 	}
 	return nil
 }
 /*
 GetGiteaEndpoint gets a gitea endpoint
 */
 func (a *Client) GetGiteaEndpoint(params *GetGiteaEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*GetGiteaEndpointOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewGetGiteaEndpointParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "GetGiteaEndpoint",
 		Method:             "GET",
 		PathPattern:        "/gitea/endpoints/{name}",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &GetGiteaEndpointReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*GetGiteaEndpointOK)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	unexpectedSuccess := result.(*GetGiteaEndpointDefault)
 	return nil, runtime.NewAPIError("unexpected success response: content available as default response in error", unexpectedSuccess, unexpectedSuccess.Code())
 }
 /*
 GetGithubEndpoint gets a git hub endpoint
 */
 func (a *Client) GetGithubEndpoint(params *GetGithubEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*GetGithubEndpointOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewGetGithubEndpointParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "GetGithubEndpoint",
 		Method:             "GET",
 		PathPattern:        "/github/endpoints/{name}",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &GetGithubEndpointReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*GetGithubEndpointOK)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	unexpectedSuccess := result.(*GetGithubEndpointDefault)
 	return nil, runtime.NewAPIError("unexpected success response: content available as default response in error", unexpectedSuccess, unexpectedSuccess.Code())
 }
 /*
 ListGiteaEndpoints lists all gitea endpoints
 */
 func (a *Client) ListGiteaEndpoints(params *ListGiteaEndpointsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListGiteaEndpointsOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewListGiteaEndpointsParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "ListGiteaEndpoints",
 		Method:             "GET",
 		PathPattern:        "/gitea/endpoints",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &ListGiteaEndpointsReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*ListGiteaEndpointsOK)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	unexpectedSuccess := result.(*ListGiteaEndpointsDefault)
 	return nil, runtime.NewAPIError("unexpected success response: content available as default response in error", unexpectedSuccess, unexpectedSuccess.Code())
 }
 /*
 ListGithubEndpoints lists all git hub endpoints
 */
 func (a *Client) ListGithubEndpoints(params *ListGithubEndpointsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListGithubEndpointsOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewListGithubEndpointsParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "ListGithubEndpoints",
 		Method:             "GET",
 		PathPattern:        "/github/endpoints",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &ListGithubEndpointsReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*ListGithubEndpointsOK)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	unexpectedSuccess := result.(*ListGithubEndpointsDefault)
 	return nil, runtime.NewAPIError("unexpected success response: content available as default response in error", unexpectedSuccess, unexpectedSuccess.Code())
 }
 /*
 UpdateGiteaEndpoint updates a gitea endpoint
 */
 func (a *Client) UpdateGiteaEndpoint(params *UpdateGiteaEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateGiteaEndpointOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewUpdateGiteaEndpointParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "UpdateGiteaEndpoint",
 		Method:             "PUT",
 		PathPattern:        "/gitea/endpoints/{name}",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &UpdateGiteaEndpointReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*UpdateGiteaEndpointOK)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	unexpectedSuccess := result.(*UpdateGiteaEndpointDefault)
 	return nil, runtime.NewAPIError("unexpected success response: content available as default response in error", unexpectedSuccess, unexpectedSuccess.Code())
 }
 /*
 UpdateGithubEndpoint updates a git hub endpoint
 */
 func (a *Client) UpdateGithubEndpoint(params *UpdateGithubEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateGithubEndpointOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewUpdateGithubEndpointParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "UpdateGithubEndpoint",
 		Method:             "PUT",
 		PathPattern:        "/github/endpoints/{name}",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &UpdateGithubEndpointReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*UpdateGithubEndpointOK)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	unexpectedSuccess := result.(*UpdateGithubEndpointDefault)
 	return nil, runtime.NewAPIError("unexpected success response: content available as default response in error", unexpectedSuccess, unexpectedSuccess.Code())
 }
 // SetTransport changes the transport on the client
 func (a *Client) SetTransport(transport runtime.ClientTransport) {
 	a.transport = transport
 }
--- a/client/endpoints/get_gitea_endpoint_parameters.go
+++ b/client/endpoints/get_gitea_endpoint_parameters.go
@ -0,0 +1,151 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package endpoints
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 )
 // NewGetGiteaEndpointParams creates a new GetGiteaEndpointParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewGetGiteaEndpointParams() *GetGiteaEndpointParams {
 	return &GetGiteaEndpointParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewGetGiteaEndpointParamsWithTimeout creates a new GetGiteaEndpointParams object
 // with the ability to set a timeout on a request.
 func NewGetGiteaEndpointParamsWithTimeout(timeout time.Duration) *GetGiteaEndpointParams {
 	return &GetGiteaEndpointParams{
 		timeout: timeout,
 	}
 }
 // NewGetGiteaEndpointParamsWithContext creates a new GetGiteaEndpointParams object
 // with the ability to set a context for a request.
 func NewGetGiteaEndpointParamsWithContext(ctx context.Context) *GetGiteaEndpointParams {
 	return &GetGiteaEndpointParams{
 		Context: ctx,
 	}
 }
 // NewGetGiteaEndpointParamsWithHTTPClient creates a new GetGiteaEndpointParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewGetGiteaEndpointParamsWithHTTPClient(client *http.Client) *GetGiteaEndpointParams {
 	return &GetGiteaEndpointParams{
 		HTTPClient: client,
 	}
 }
 /*
 GetGiteaEndpointParams contains all the parameters to send to the API endpoint
 	for the get gitea endpoint operation.
 	Typically these are written to a http.Request.
 */
 type GetGiteaEndpointParams struct {
 	/* Name.
 	   The name of the Gitea endpoint.
 	*/
 	Name string
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the get gitea endpoint params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *GetGiteaEndpointParams) WithDefaults() *GetGiteaEndpointParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the get gitea endpoint params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *GetGiteaEndpointParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the get gitea endpoint params
 func (o *GetGiteaEndpointParams) WithTimeout(timeout time.Duration) *GetGiteaEndpointParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the get gitea endpoint params
 func (o *GetGiteaEndpointParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the get gitea endpoint params
 func (o *GetGiteaEndpointParams) WithContext(ctx context.Context) *GetGiteaEndpointParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the get gitea endpoint params
 func (o *GetGiteaEndpointParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the get gitea endpoint params
 func (o *GetGiteaEndpointParams) WithHTTPClient(client *http.Client) *GetGiteaEndpointParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the get gitea endpoint params
 func (o *GetGiteaEndpointParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithName adds the name to the get gitea endpoint params
 func (o *GetGiteaEndpointParams) WithName(name string) *GetGiteaEndpointParams {
 	o.SetName(name)
 	return o
 }
 // SetName adds the name to the get gitea endpoint params
 func (o *GetGiteaEndpointParams) SetName(name string) {
 	o.Name = name
 }
 // WriteToRequest writes these params to a swagger request
 func (o *GetGiteaEndpointParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	// path param name
 	if err := r.SetPathParam("name", o.Name); err != nil {
 		return err
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/endpoints/get_gitea_endpoint_responses.go
+++ b/client/endpoints/get_gitea_endpoint_responses.go
@ -0,0 +1,184 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package endpoints
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // GetGiteaEndpointReader is a Reader for the GetGiteaEndpoint structure.
 type GetGiteaEndpointReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *GetGiteaEndpointReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 200:
 		result := NewGetGiteaEndpointOK()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	default:
 		result := NewGetGiteaEndpointDefault(response.Code())
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		if response.Code()/100 == 2 {
 			return result, nil
 		}
 		return nil, result
 	}
 }
 // NewGetGiteaEndpointOK creates a GetGiteaEndpointOK with default headers values
 func NewGetGiteaEndpointOK() *GetGiteaEndpointOK {
 	return &GetGiteaEndpointOK{}
 }
 /*
 GetGiteaEndpointOK describes a response with status code 200, with default header values.
 ForgeEndpoint
 */
 type GetGiteaEndpointOK struct {
 	Payload garm_params.ForgeEndpoint
 }
 // IsSuccess returns true when this get gitea endpoint o k response has a 2xx status code
 func (o *GetGiteaEndpointOK) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this get gitea endpoint o k response has a 3xx status code
 func (o *GetGiteaEndpointOK) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this get gitea endpoint o k response has a 4xx status code
 func (o *GetGiteaEndpointOK) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this get gitea endpoint o k response has a 5xx status code
 func (o *GetGiteaEndpointOK) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this get gitea endpoint o k response a status code equal to that given
 func (o *GetGiteaEndpointOK) IsCode(code int) bool {
 	return code == 200
 }
 // Code gets the status code for the get gitea endpoint o k response
 func (o *GetGiteaEndpointOK) Code() int {
 	return 200
 }
 func (o *GetGiteaEndpointOK) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /gitea/endpoints/{name}][%d] getGiteaEndpointOK %s", 200, payload)
 }
 func (o *GetGiteaEndpointOK) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /gitea/endpoints/{name}][%d] getGiteaEndpointOK %s", 200, payload)
 }
 func (o *GetGiteaEndpointOK) GetPayload() garm_params.ForgeEndpoint {
 	return o.Payload
 }
 func (o *GetGiteaEndpointOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewGetGiteaEndpointDefault creates a GetGiteaEndpointDefault with default headers values
 func NewGetGiteaEndpointDefault(code int) *GetGiteaEndpointDefault {
 	return &GetGiteaEndpointDefault{
 		_statusCode: code,
 	}
 }
 /*
 GetGiteaEndpointDefault describes a response with status code -1, with default header values.
 APIErrorResponse
 */
 type GetGiteaEndpointDefault struct {
 	_statusCode int
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this get gitea endpoint default response has a 2xx status code
 func (o *GetGiteaEndpointDefault) IsSuccess() bool {
 	return o._statusCode/100 == 2
 }
 // IsRedirect returns true when this get gitea endpoint default response has a 3xx status code
 func (o *GetGiteaEndpointDefault) IsRedirect() bool {
 	return o._statusCode/100 == 3
 }
 // IsClientError returns true when this get gitea endpoint default response has a 4xx status code
 func (o *GetGiteaEndpointDefault) IsClientError() bool {
 	return o._statusCode/100 == 4
 }
 // IsServerError returns true when this get gitea endpoint default response has a 5xx status code
 func (o *GetGiteaEndpointDefault) IsServerError() bool {
 	return o._statusCode/100 == 5
 }
 // IsCode returns true when this get gitea endpoint default response a status code equal to that given
 func (o *GetGiteaEndpointDefault) IsCode(code int) bool {
 	return o._statusCode == code
 }
 // Code gets the status code for the get gitea endpoint default response
 func (o *GetGiteaEndpointDefault) Code() int {
 	return o._statusCode
 }
 func (o *GetGiteaEndpointDefault) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /gitea/endpoints/{name}][%d] GetGiteaEndpoint default %s", o._statusCode, payload)
 }
 func (o *GetGiteaEndpointDefault) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /gitea/endpoints/{name}][%d] GetGiteaEndpoint default %s", o._statusCode, payload)
 }
 func (o *GetGiteaEndpointDefault) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *GetGiteaEndpointDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/endpoints/get_github_endpoint_parameters.go
+++ b/client/endpoints/get_github_endpoint_parameters.go
@ -0,0 +1,151 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package endpoints
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 )
 // NewGetGithubEndpointParams creates a new GetGithubEndpointParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewGetGithubEndpointParams() *GetGithubEndpointParams {
 	return &GetGithubEndpointParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewGetGithubEndpointParamsWithTimeout creates a new GetGithubEndpointParams object
 // with the ability to set a timeout on a request.
 func NewGetGithubEndpointParamsWithTimeout(timeout time.Duration) *GetGithubEndpointParams {
 	return &GetGithubEndpointParams{
 		timeout: timeout,
 	}
 }
 // NewGetGithubEndpointParamsWithContext creates a new GetGithubEndpointParams object
 // with the ability to set a context for a request.
 func NewGetGithubEndpointParamsWithContext(ctx context.Context) *GetGithubEndpointParams {
 	return &GetGithubEndpointParams{
 		Context: ctx,
 	}
 }
 // NewGetGithubEndpointParamsWithHTTPClient creates a new GetGithubEndpointParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewGetGithubEndpointParamsWithHTTPClient(client *http.Client) *GetGithubEndpointParams {
 	return &GetGithubEndpointParams{
 		HTTPClient: client,
 	}
 }
 /*
 GetGithubEndpointParams contains all the parameters to send to the API endpoint
 	for the get github endpoint operation.
 	Typically these are written to a http.Request.
 */
 type GetGithubEndpointParams struct {
 	/* Name.
 	   The name of the GitHub endpoint.
 	*/
 	Name string
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the get github endpoint params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *GetGithubEndpointParams) WithDefaults() *GetGithubEndpointParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the get github endpoint params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *GetGithubEndpointParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the get github endpoint params
 func (o *GetGithubEndpointParams) WithTimeout(timeout time.Duration) *GetGithubEndpointParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the get github endpoint params
 func (o *GetGithubEndpointParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the get github endpoint params
 func (o *GetGithubEndpointParams) WithContext(ctx context.Context) *GetGithubEndpointParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the get github endpoint params
 func (o *GetGithubEndpointParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the get github endpoint params
 func (o *GetGithubEndpointParams) WithHTTPClient(client *http.Client) *GetGithubEndpointParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the get github endpoint params
 func (o *GetGithubEndpointParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithName adds the name to the get github endpoint params
 func (o *GetGithubEndpointParams) WithName(name string) *GetGithubEndpointParams {
 	o.SetName(name)
 	return o
 }
 // SetName adds the name to the get github endpoint params
 func (o *GetGithubEndpointParams) SetName(name string) {
 	o.Name = name
 }
 // WriteToRequest writes these params to a swagger request
 func (o *GetGithubEndpointParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	// path param name
 	if err := r.SetPathParam("name", o.Name); err != nil {
 		return err
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/endpoints/get_github_endpoint_responses.go
+++ b/client/endpoints/get_github_endpoint_responses.go
@ -0,0 +1,184 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package endpoints
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // GetGithubEndpointReader is a Reader for the GetGithubEndpoint structure.
 type GetGithubEndpointReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *GetGithubEndpointReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 200:
 		result := NewGetGithubEndpointOK()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	default:
 		result := NewGetGithubEndpointDefault(response.Code())
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		if response.Code()/100 == 2 {
 			return result, nil
 		}
 		return nil, result
 	}
 }
 // NewGetGithubEndpointOK creates a GetGithubEndpointOK with default headers values
 func NewGetGithubEndpointOK() *GetGithubEndpointOK {
 	return &GetGithubEndpointOK{}
 }
 /*
 GetGithubEndpointOK describes a response with status code 200, with default header values.
 ForgeEndpoint
 */
 type GetGithubEndpointOK struct {
 	Payload garm_params.ForgeEndpoint
 }
 // IsSuccess returns true when this get github endpoint o k response has a 2xx status code
 func (o *GetGithubEndpointOK) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this get github endpoint o k response has a 3xx status code
 func (o *GetGithubEndpointOK) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this get github endpoint o k response has a 4xx status code
 func (o *GetGithubEndpointOK) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this get github endpoint o k response has a 5xx status code
 func (o *GetGithubEndpointOK) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this get github endpoint o k response a status code equal to that given
 func (o *GetGithubEndpointOK) IsCode(code int) bool {
 	return code == 200
 }
 // Code gets the status code for the get github endpoint o k response
 func (o *GetGithubEndpointOK) Code() int {
 	return 200
 }
 func (o *GetGithubEndpointOK) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /github/endpoints/{name}][%d] getGithubEndpointOK %s", 200, payload)
 }
 func (o *GetGithubEndpointOK) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /github/endpoints/{name}][%d] getGithubEndpointOK %s", 200, payload)
 }
 func (o *GetGithubEndpointOK) GetPayload() garm_params.ForgeEndpoint {
 	return o.Payload
 }
 func (o *GetGithubEndpointOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewGetGithubEndpointDefault creates a GetGithubEndpointDefault with default headers values
 func NewGetGithubEndpointDefault(code int) *GetGithubEndpointDefault {
 	return &GetGithubEndpointDefault{
 		_statusCode: code,
 	}
 }
 /*
 GetGithubEndpointDefault describes a response with status code -1, with default header values.
 APIErrorResponse
 */
 type GetGithubEndpointDefault struct {
 	_statusCode int
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this get github endpoint default response has a 2xx status code
 func (o *GetGithubEndpointDefault) IsSuccess() bool {
 	return o._statusCode/100 == 2
 }
 // IsRedirect returns true when this get github endpoint default response has a 3xx status code
 func (o *GetGithubEndpointDefault) IsRedirect() bool {
 	return o._statusCode/100 == 3
 }
 // IsClientError returns true when this get github endpoint default response has a 4xx status code
 func (o *GetGithubEndpointDefault) IsClientError() bool {
 	return o._statusCode/100 == 4
 }
 // IsServerError returns true when this get github endpoint default response has a 5xx status code
 func (o *GetGithubEndpointDefault) IsServerError() bool {
 	return o._statusCode/100 == 5
 }
 // IsCode returns true when this get github endpoint default response a status code equal to that given
 func (o *GetGithubEndpointDefault) IsCode(code int) bool {
 	return o._statusCode == code
 }
 // Code gets the status code for the get github endpoint default response
 func (o *GetGithubEndpointDefault) Code() int {
 	return o._statusCode
 }
 func (o *GetGithubEndpointDefault) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /github/endpoints/{name}][%d] GetGithubEndpoint default %s", o._statusCode, payload)
 }
 func (o *GetGithubEndpointDefault) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /github/endpoints/{name}][%d] GetGithubEndpoint default %s", o._statusCode, payload)
 }
 func (o *GetGithubEndpointDefault) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *GetGithubEndpointDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/endpoints/list_gitea_endpoints_parameters.go
+++ b/client/endpoints/list_gitea_endpoints_parameters.go
@ -0,0 +1,128 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package endpoints
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 )
 // NewListGiteaEndpointsParams creates a new ListGiteaEndpointsParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewListGiteaEndpointsParams() *ListGiteaEndpointsParams {
 	return &ListGiteaEndpointsParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewListGiteaEndpointsParamsWithTimeout creates a new ListGiteaEndpointsParams object
 // with the ability to set a timeout on a request.
 func NewListGiteaEndpointsParamsWithTimeout(timeout time.Duration) *ListGiteaEndpointsParams {
 	return &ListGiteaEndpointsParams{
 		timeout: timeout,
 	}
 }
 // NewListGiteaEndpointsParamsWithContext creates a new ListGiteaEndpointsParams object
 // with the ability to set a context for a request.
 func NewListGiteaEndpointsParamsWithContext(ctx context.Context) *ListGiteaEndpointsParams {
 	return &ListGiteaEndpointsParams{
 		Context: ctx,
 	}
 }
 // NewListGiteaEndpointsParamsWithHTTPClient creates a new ListGiteaEndpointsParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewListGiteaEndpointsParamsWithHTTPClient(client *http.Client) *ListGiteaEndpointsParams {
 	return &ListGiteaEndpointsParams{
 		HTTPClient: client,
 	}
 }
 /*
 ListGiteaEndpointsParams contains all the parameters to send to the API endpoint
 	for the list gitea endpoints operation.
 	Typically these are written to a http.Request.
 */
 type ListGiteaEndpointsParams struct {
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the list gitea endpoints params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *ListGiteaEndpointsParams) WithDefaults() *ListGiteaEndpointsParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the list gitea endpoints params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *ListGiteaEndpointsParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the list gitea endpoints params
 func (o *ListGiteaEndpointsParams) WithTimeout(timeout time.Duration) *ListGiteaEndpointsParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the list gitea endpoints params
 func (o *ListGiteaEndpointsParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the list gitea endpoints params
 func (o *ListGiteaEndpointsParams) WithContext(ctx context.Context) *ListGiteaEndpointsParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the list gitea endpoints params
 func (o *ListGiteaEndpointsParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the list gitea endpoints params
 func (o *ListGiteaEndpointsParams) WithHTTPClient(client *http.Client) *ListGiteaEndpointsParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the list gitea endpoints params
 func (o *ListGiteaEndpointsParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WriteToRequest writes these params to a swagger request
 func (o *ListGiteaEndpointsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/endpoints/list_gitea_endpoints_responses.go
+++ b/client/endpoints/list_gitea_endpoints_responses.go
@ -0,0 +1,184 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package endpoints
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // ListGiteaEndpointsReader is a Reader for the ListGiteaEndpoints structure.
 type ListGiteaEndpointsReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *ListGiteaEndpointsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 200:
 		result := NewListGiteaEndpointsOK()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	default:
 		result := NewListGiteaEndpointsDefault(response.Code())
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		if response.Code()/100 == 2 {
 			return result, nil
 		}
 		return nil, result
 	}
 }
 // NewListGiteaEndpointsOK creates a ListGiteaEndpointsOK with default headers values
 func NewListGiteaEndpointsOK() *ListGiteaEndpointsOK {
 	return &ListGiteaEndpointsOK{}
 }
 /*
 ListGiteaEndpointsOK describes a response with status code 200, with default header values.
 ForgeEndpoints
 */
 type ListGiteaEndpointsOK struct {
 	Payload garm_params.ForgeEndpoints
 }
 // IsSuccess returns true when this list gitea endpoints o k response has a 2xx status code
 func (o *ListGiteaEndpointsOK) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this list gitea endpoints o k response has a 3xx status code
 func (o *ListGiteaEndpointsOK) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this list gitea endpoints o k response has a 4xx status code
 func (o *ListGiteaEndpointsOK) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this list gitea endpoints o k response has a 5xx status code
 func (o *ListGiteaEndpointsOK) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this list gitea endpoints o k response a status code equal to that given
 func (o *ListGiteaEndpointsOK) IsCode(code int) bool {
 	return code == 200
 }
 // Code gets the status code for the list gitea endpoints o k response
 func (o *ListGiteaEndpointsOK) Code() int {
 	return 200
 }
 func (o *ListGiteaEndpointsOK) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /gitea/endpoints][%d] listGiteaEndpointsOK %s", 200, payload)
 }
 func (o *ListGiteaEndpointsOK) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /gitea/endpoints][%d] listGiteaEndpointsOK %s", 200, payload)
 }
 func (o *ListGiteaEndpointsOK) GetPayload() garm_params.ForgeEndpoints {
 	return o.Payload
 }
 func (o *ListGiteaEndpointsOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewListGiteaEndpointsDefault creates a ListGiteaEndpointsDefault with default headers values
 func NewListGiteaEndpointsDefault(code int) *ListGiteaEndpointsDefault {
 	return &ListGiteaEndpointsDefault{
 		_statusCode: code,
 	}
 }
 /*
 ListGiteaEndpointsDefault describes a response with status code -1, with default header values.
 APIErrorResponse
 */
 type ListGiteaEndpointsDefault struct {
 	_statusCode int
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this list gitea endpoints default response has a 2xx status code
 func (o *ListGiteaEndpointsDefault) IsSuccess() bool {
 	return o._statusCode/100 == 2
 }
 // IsRedirect returns true when this list gitea endpoints default response has a 3xx status code
 func (o *ListGiteaEndpointsDefault) IsRedirect() bool {
 	return o._statusCode/100 == 3
 }
 // IsClientError returns true when this list gitea endpoints default response has a 4xx status code
 func (o *ListGiteaEndpointsDefault) IsClientError() bool {
 	return o._statusCode/100 == 4
 }
 // IsServerError returns true when this list gitea endpoints default response has a 5xx status code
 func (o *ListGiteaEndpointsDefault) IsServerError() bool {
 	return o._statusCode/100 == 5
 }
 // IsCode returns true when this list gitea endpoints default response a status code equal to that given
 func (o *ListGiteaEndpointsDefault) IsCode(code int) bool {
 	return o._statusCode == code
 }
 // Code gets the status code for the list gitea endpoints default response
 func (o *ListGiteaEndpointsDefault) Code() int {
 	return o._statusCode
 }
 func (o *ListGiteaEndpointsDefault) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /gitea/endpoints][%d] ListGiteaEndpoints default %s", o._statusCode, payload)
 }
 func (o *ListGiteaEndpointsDefault) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /gitea/endpoints][%d] ListGiteaEndpoints default %s", o._statusCode, payload)
 }
 func (o *ListGiteaEndpointsDefault) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *ListGiteaEndpointsDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/endpoints/list_github_endpoints_parameters.go
+++ b/client/endpoints/list_github_endpoints_parameters.go
@ -0,0 +1,128 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package endpoints
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 )
 // NewListGithubEndpointsParams creates a new ListGithubEndpointsParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewListGithubEndpointsParams() *ListGithubEndpointsParams {
 	return &ListGithubEndpointsParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewListGithubEndpointsParamsWithTimeout creates a new ListGithubEndpointsParams object
 // with the ability to set a timeout on a request.
 func NewListGithubEndpointsParamsWithTimeout(timeout time.Duration) *ListGithubEndpointsParams {
 	return &ListGithubEndpointsParams{
 		timeout: timeout,
 	}
 }
 // NewListGithubEndpointsParamsWithContext creates a new ListGithubEndpointsParams object
 // with the ability to set a context for a request.
 func NewListGithubEndpointsParamsWithContext(ctx context.Context) *ListGithubEndpointsParams {
 	return &ListGithubEndpointsParams{
 		Context: ctx,
 	}
 }
 // NewListGithubEndpointsParamsWithHTTPClient creates a new ListGithubEndpointsParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewListGithubEndpointsParamsWithHTTPClient(client *http.Client) *ListGithubEndpointsParams {
 	return &ListGithubEndpointsParams{
 		HTTPClient: client,
 	}
 }
 /*
 ListGithubEndpointsParams contains all the parameters to send to the API endpoint
 	for the list github endpoints operation.
 	Typically these are written to a http.Request.
 */
 type ListGithubEndpointsParams struct {
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the list github endpoints params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *ListGithubEndpointsParams) WithDefaults() *ListGithubEndpointsParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the list github endpoints params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *ListGithubEndpointsParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the list github endpoints params
 func (o *ListGithubEndpointsParams) WithTimeout(timeout time.Duration) *ListGithubEndpointsParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the list github endpoints params
 func (o *ListGithubEndpointsParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the list github endpoints params
 func (o *ListGithubEndpointsParams) WithContext(ctx context.Context) *ListGithubEndpointsParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the list github endpoints params
 func (o *ListGithubEndpointsParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the list github endpoints params
 func (o *ListGithubEndpointsParams) WithHTTPClient(client *http.Client) *ListGithubEndpointsParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the list github endpoints params
 func (o *ListGithubEndpointsParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WriteToRequest writes these params to a swagger request
 func (o *ListGithubEndpointsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/endpoints/list_github_endpoints_responses.go
+++ b/client/endpoints/list_github_endpoints_responses.go
@ -0,0 +1,184 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package endpoints
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // ListGithubEndpointsReader is a Reader for the ListGithubEndpoints structure.
 type ListGithubEndpointsReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *ListGithubEndpointsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 200:
 		result := NewListGithubEndpointsOK()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	default:
 		result := NewListGithubEndpointsDefault(response.Code())
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		if response.Code()/100 == 2 {
 			return result, nil
 		}
 		return nil, result
 	}
 }
 // NewListGithubEndpointsOK creates a ListGithubEndpointsOK with default headers values
 func NewListGithubEndpointsOK() *ListGithubEndpointsOK {
 	return &ListGithubEndpointsOK{}
 }
 /*
 ListGithubEndpointsOK describes a response with status code 200, with default header values.
 ForgeEndpoints
 */
 type ListGithubEndpointsOK struct {
 	Payload garm_params.ForgeEndpoints
 }
 // IsSuccess returns true when this list github endpoints o k response has a 2xx status code
 func (o *ListGithubEndpointsOK) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this list github endpoints o k response has a 3xx status code
 func (o *ListGithubEndpointsOK) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this list github endpoints o k response has a 4xx status code
 func (o *ListGithubEndpointsOK) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this list github endpoints o k response has a 5xx status code
 func (o *ListGithubEndpointsOK) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this list github endpoints o k response a status code equal to that given
 func (o *ListGithubEndpointsOK) IsCode(code int) bool {
 	return code == 200
 }
 // Code gets the status code for the list github endpoints o k response
 func (o *ListGithubEndpointsOK) Code() int {
 	return 200
 }
 func (o *ListGithubEndpointsOK) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /github/endpoints][%d] listGithubEndpointsOK %s", 200, payload)
 }
 func (o *ListGithubEndpointsOK) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /github/endpoints][%d] listGithubEndpointsOK %s", 200, payload)
 }
 func (o *ListGithubEndpointsOK) GetPayload() garm_params.ForgeEndpoints {
 	return o.Payload
 }
 func (o *ListGithubEndpointsOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewListGithubEndpointsDefault creates a ListGithubEndpointsDefault with default headers values
 func NewListGithubEndpointsDefault(code int) *ListGithubEndpointsDefault {
 	return &ListGithubEndpointsDefault{
 		_statusCode: code,
 	}
 }
 /*
 ListGithubEndpointsDefault describes a response with status code -1, with default header values.
 APIErrorResponse
 */
 type ListGithubEndpointsDefault struct {
 	_statusCode int
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this list github endpoints default response has a 2xx status code
 func (o *ListGithubEndpointsDefault) IsSuccess() bool {
 	return o._statusCode/100 == 2
 }
 // IsRedirect returns true when this list github endpoints default response has a 3xx status code
 func (o *ListGithubEndpointsDefault) IsRedirect() bool {
 	return o._statusCode/100 == 3
 }
 // IsClientError returns true when this list github endpoints default response has a 4xx status code
 func (o *ListGithubEndpointsDefault) IsClientError() bool {
 	return o._statusCode/100 == 4
 }
 // IsServerError returns true when this list github endpoints default response has a 5xx status code
 func (o *ListGithubEndpointsDefault) IsServerError() bool {
 	return o._statusCode/100 == 5
 }
 // IsCode returns true when this list github endpoints default response a status code equal to that given
 func (o *ListGithubEndpointsDefault) IsCode(code int) bool {
 	return o._statusCode == code
 }
 // Code gets the status code for the list github endpoints default response
 func (o *ListGithubEndpointsDefault) Code() int {
 	return o._statusCode
 }
 func (o *ListGithubEndpointsDefault) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /github/endpoints][%d] ListGithubEndpoints default %s", o._statusCode, payload)
 }
 func (o *ListGithubEndpointsDefault) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[GET /github/endpoints][%d] ListGithubEndpoints default %s", o._statusCode, payload)
 }
 func (o *ListGithubEndpointsDefault) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *ListGithubEndpointsDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/endpoints/update_gitea_endpoint_parameters.go
+++ b/client/endpoints/update_gitea_endpoint_parameters.go
@ -0,0 +1,173 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package endpoints
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // NewUpdateGiteaEndpointParams creates a new UpdateGiteaEndpointParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewUpdateGiteaEndpointParams() *UpdateGiteaEndpointParams {
 	return &UpdateGiteaEndpointParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewUpdateGiteaEndpointParamsWithTimeout creates a new UpdateGiteaEndpointParams object
 // with the ability to set a timeout on a request.
 func NewUpdateGiteaEndpointParamsWithTimeout(timeout time.Duration) *UpdateGiteaEndpointParams {
 	return &UpdateGiteaEndpointParams{
 		timeout: timeout,
 	}
 }
 // NewUpdateGiteaEndpointParamsWithContext creates a new UpdateGiteaEndpointParams object
 // with the ability to set a context for a request.
 func NewUpdateGiteaEndpointParamsWithContext(ctx context.Context) *UpdateGiteaEndpointParams {
 	return &UpdateGiteaEndpointParams{
 		Context: ctx,
 	}
 }
 // NewUpdateGiteaEndpointParamsWithHTTPClient creates a new UpdateGiteaEndpointParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewUpdateGiteaEndpointParamsWithHTTPClient(client *http.Client) *UpdateGiteaEndpointParams {
 	return &UpdateGiteaEndpointParams{
 		HTTPClient: client,
 	}
 }
 /*
 UpdateGiteaEndpointParams contains all the parameters to send to the API endpoint
 	for the update gitea endpoint operation.
 	Typically these are written to a http.Request.
 */
 type UpdateGiteaEndpointParams struct {
 	/* Body.
 	   Parameters used when updating a Gitea endpoint.
 	*/
 	Body garm_params.UpdateGiteaEndpointParams
 	/* Name.
 	   The name of the Gitea endpoint.
 	*/
 	Name string
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the update gitea endpoint params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *UpdateGiteaEndpointParams) WithDefaults() *UpdateGiteaEndpointParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the update gitea endpoint params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *UpdateGiteaEndpointParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the update gitea endpoint params
 func (o *UpdateGiteaEndpointParams) WithTimeout(timeout time.Duration) *UpdateGiteaEndpointParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the update gitea endpoint params
 func (o *UpdateGiteaEndpointParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the update gitea endpoint params
 func (o *UpdateGiteaEndpointParams) WithContext(ctx context.Context) *UpdateGiteaEndpointParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the update gitea endpoint params
 func (o *UpdateGiteaEndpointParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the update gitea endpoint params
 func (o *UpdateGiteaEndpointParams) WithHTTPClient(client *http.Client) *UpdateGiteaEndpointParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the update gitea endpoint params
 func (o *UpdateGiteaEndpointParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithBody adds the body to the update gitea endpoint params
 func (o *UpdateGiteaEndpointParams) WithBody(body garm_params.UpdateGiteaEndpointParams) *UpdateGiteaEndpointParams {
 	o.SetBody(body)
 	return o
 }
 // SetBody adds the body to the update gitea endpoint params
 func (o *UpdateGiteaEndpointParams) SetBody(body garm_params.UpdateGiteaEndpointParams) {
 	o.Body = body
 }
 // WithName adds the name to the update gitea endpoint params
 func (o *UpdateGiteaEndpointParams) WithName(name string) *UpdateGiteaEndpointParams {
 	o.SetName(name)
 	return o
 }
 // SetName adds the name to the update gitea endpoint params
 func (o *UpdateGiteaEndpointParams) SetName(name string) {
 	o.Name = name
 }
 // WriteToRequest writes these params to a swagger request
 func (o *UpdateGiteaEndpointParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	if err := r.SetBodyParam(o.Body); err != nil {
 		return err
 	}
 	// path param name
 	if err := r.SetPathParam("name", o.Name); err != nil {
 		return err
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/endpoints/update_gitea_endpoint_responses.go
+++ b/client/endpoints/update_gitea_endpoint_responses.go
@ -0,0 +1,184 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package endpoints
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // UpdateGiteaEndpointReader is a Reader for the UpdateGiteaEndpoint structure.
 type UpdateGiteaEndpointReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *UpdateGiteaEndpointReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 200:
 		result := NewUpdateGiteaEndpointOK()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	default:
 		result := NewUpdateGiteaEndpointDefault(response.Code())
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		if response.Code()/100 == 2 {
 			return result, nil
 		}
 		return nil, result
 	}
 }
 // NewUpdateGiteaEndpointOK creates a UpdateGiteaEndpointOK with default headers values
 func NewUpdateGiteaEndpointOK() *UpdateGiteaEndpointOK {
 	return &UpdateGiteaEndpointOK{}
 }
 /*
 UpdateGiteaEndpointOK describes a response with status code 200, with default header values.
 ForgeEndpoint
 */
 type UpdateGiteaEndpointOK struct {
 	Payload garm_params.ForgeEndpoint
 }
 // IsSuccess returns true when this update gitea endpoint o k response has a 2xx status code
 func (o *UpdateGiteaEndpointOK) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this update gitea endpoint o k response has a 3xx status code
 func (o *UpdateGiteaEndpointOK) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this update gitea endpoint o k response has a 4xx status code
 func (o *UpdateGiteaEndpointOK) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this update gitea endpoint o k response has a 5xx status code
 func (o *UpdateGiteaEndpointOK) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this update gitea endpoint o k response a status code equal to that given
 func (o *UpdateGiteaEndpointOK) IsCode(code int) bool {
 	return code == 200
 }
 // Code gets the status code for the update gitea endpoint o k response
 func (o *UpdateGiteaEndpointOK) Code() int {
 	return 200
 }
 func (o *UpdateGiteaEndpointOK) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[PUT /gitea/endpoints/{name}][%d] updateGiteaEndpointOK %s", 200, payload)
 }
 func (o *UpdateGiteaEndpointOK) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[PUT /gitea/endpoints/{name}][%d] updateGiteaEndpointOK %s", 200, payload)
 }
 func (o *UpdateGiteaEndpointOK) GetPayload() garm_params.ForgeEndpoint {
 	return o.Payload
 }
 func (o *UpdateGiteaEndpointOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewUpdateGiteaEndpointDefault creates a UpdateGiteaEndpointDefault with default headers values
 func NewUpdateGiteaEndpointDefault(code int) *UpdateGiteaEndpointDefault {
 	return &UpdateGiteaEndpointDefault{
 		_statusCode: code,
 	}
 }
 /*
 UpdateGiteaEndpointDefault describes a response with status code -1, with default header values.
 APIErrorResponse
 */
 type UpdateGiteaEndpointDefault struct {
 	_statusCode int
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this update gitea endpoint default response has a 2xx status code
 func (o *UpdateGiteaEndpointDefault) IsSuccess() bool {
 	return o._statusCode/100 == 2
 }
 // IsRedirect returns true when this update gitea endpoint default response has a 3xx status code
 func (o *UpdateGiteaEndpointDefault) IsRedirect() bool {
 	return o._statusCode/100 == 3
 }
 // IsClientError returns true when this update gitea endpoint default response has a 4xx status code
 func (o *UpdateGiteaEndpointDefault) IsClientError() bool {
 	return o._statusCode/100 == 4
 }
 // IsServerError returns true when this update gitea endpoint default response has a 5xx status code
 func (o *UpdateGiteaEndpointDefault) IsServerError() bool {
 	return o._statusCode/100 == 5
 }
 // IsCode returns true when this update gitea endpoint default response a status code equal to that given
 func (o *UpdateGiteaEndpointDefault) IsCode(code int) bool {
 	return o._statusCode == code
 }
 // Code gets the status code for the update gitea endpoint default response
 func (o *UpdateGiteaEndpointDefault) Code() int {
 	return o._statusCode
 }
 func (o *UpdateGiteaEndpointDefault) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[PUT /gitea/endpoints/{name}][%d] UpdateGiteaEndpoint default %s", o._statusCode, payload)
 }
 func (o *UpdateGiteaEndpointDefault) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[PUT /gitea/endpoints/{name}][%d] UpdateGiteaEndpoint default %s", o._statusCode, payload)
 }
 func (o *UpdateGiteaEndpointDefault) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *UpdateGiteaEndpointDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/endpoints/update_github_endpoint_parameters.go
+++ b/client/endpoints/update_github_endpoint_parameters.go
@ -0,0 +1,173 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package endpoints
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // NewUpdateGithubEndpointParams creates a new UpdateGithubEndpointParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewUpdateGithubEndpointParams() *UpdateGithubEndpointParams {
 	return &UpdateGithubEndpointParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewUpdateGithubEndpointParamsWithTimeout creates a new UpdateGithubEndpointParams object
 // with the ability to set a timeout on a request.
 func NewUpdateGithubEndpointParamsWithTimeout(timeout time.Duration) *UpdateGithubEndpointParams {
 	return &UpdateGithubEndpointParams{
 		timeout: timeout,
 	}
 }
 // NewUpdateGithubEndpointParamsWithContext creates a new UpdateGithubEndpointParams object
 // with the ability to set a context for a request.
 func NewUpdateGithubEndpointParamsWithContext(ctx context.Context) *UpdateGithubEndpointParams {
 	return &UpdateGithubEndpointParams{
 		Context: ctx,
 	}
 }
 // NewUpdateGithubEndpointParamsWithHTTPClient creates a new UpdateGithubEndpointParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewUpdateGithubEndpointParamsWithHTTPClient(client *http.Client) *UpdateGithubEndpointParams {
 	return &UpdateGithubEndpointParams{
 		HTTPClient: client,
 	}
 }
 /*
 UpdateGithubEndpointParams contains all the parameters to send to the API endpoint
 	for the update github endpoint operation.
 	Typically these are written to a http.Request.
 */
 type UpdateGithubEndpointParams struct {
 	/* Body.
 	   Parameters used when updating a GitHub endpoint.
 	*/
 	Body garm_params.UpdateGithubEndpointParams
 	/* Name.
 	   The name of the GitHub endpoint.
 	*/
 	Name string
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the update github endpoint params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *UpdateGithubEndpointParams) WithDefaults() *UpdateGithubEndpointParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the update github endpoint params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *UpdateGithubEndpointParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the update github endpoint params
 func (o *UpdateGithubEndpointParams) WithTimeout(timeout time.Duration) *UpdateGithubEndpointParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the update github endpoint params
 func (o *UpdateGithubEndpointParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the update github endpoint params
 func (o *UpdateGithubEndpointParams) WithContext(ctx context.Context) *UpdateGithubEndpointParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the update github endpoint params
 func (o *UpdateGithubEndpointParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the update github endpoint params
 func (o *UpdateGithubEndpointParams) WithHTTPClient(client *http.Client) *UpdateGithubEndpointParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the update github endpoint params
 func (o *UpdateGithubEndpointParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithBody adds the body to the update github endpoint params
 func (o *UpdateGithubEndpointParams) WithBody(body garm_params.UpdateGithubEndpointParams) *UpdateGithubEndpointParams {
 	o.SetBody(body)
 	return o
 }
 // SetBody adds the body to the update github endpoint params
 func (o *UpdateGithubEndpointParams) SetBody(body garm_params.UpdateGithubEndpointParams) {
 	o.Body = body
 }
 // WithName adds the name to the update github endpoint params
 func (o *UpdateGithubEndpointParams) WithName(name string) *UpdateGithubEndpointParams {
 	o.SetName(name)
 	return o
 }
 // SetName adds the name to the update github endpoint params
 func (o *UpdateGithubEndpointParams) SetName(name string) {
 	o.Name = name
 }
 // WriteToRequest writes these params to a swagger request
 func (o *UpdateGithubEndpointParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	if err := r.SetBodyParam(o.Body); err != nil {
 		return err
 	}
 	// path param name
 	if err := r.SetPathParam("name", o.Name); err != nil {
 		return err
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/endpoints/update_github_endpoint_responses.go
+++ b/client/endpoints/update_github_endpoint_responses.go
@ -0,0 +1,184 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package endpoints
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // UpdateGithubEndpointReader is a Reader for the UpdateGithubEndpoint structure.
 type UpdateGithubEndpointReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *UpdateGithubEndpointReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 200:
 		result := NewUpdateGithubEndpointOK()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	default:
 		result := NewUpdateGithubEndpointDefault(response.Code())
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		if response.Code()/100 == 2 {
 			return result, nil
 		}
 		return nil, result
 	}
 }
 // NewUpdateGithubEndpointOK creates a UpdateGithubEndpointOK with default headers values
 func NewUpdateGithubEndpointOK() *UpdateGithubEndpointOK {
 	return &UpdateGithubEndpointOK{}
 }
 /*
 UpdateGithubEndpointOK describes a response with status code 200, with default header values.
 ForgeEndpoint
 */
 type UpdateGithubEndpointOK struct {
 	Payload garm_params.ForgeEndpoint
 }
 // IsSuccess returns true when this update github endpoint o k response has a 2xx status code
 func (o *UpdateGithubEndpointOK) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this update github endpoint o k response has a 3xx status code
 func (o *UpdateGithubEndpointOK) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this update github endpoint o k response has a 4xx status code
 func (o *UpdateGithubEndpointOK) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this update github endpoint o k response has a 5xx status code
 func (o *UpdateGithubEndpointOK) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this update github endpoint o k response a status code equal to that given
 func (o *UpdateGithubEndpointOK) IsCode(code int) bool {
 	return code == 200
 }
 // Code gets the status code for the update github endpoint o k response
 func (o *UpdateGithubEndpointOK) Code() int {
 	return 200
 }
 func (o *UpdateGithubEndpointOK) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[PUT /github/endpoints/{name}][%d] updateGithubEndpointOK %s", 200, payload)
 }
 func (o *UpdateGithubEndpointOK) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[PUT /github/endpoints/{name}][%d] updateGithubEndpointOK %s", 200, payload)
 }
 func (o *UpdateGithubEndpointOK) GetPayload() garm_params.ForgeEndpoint {
 	return o.Payload
 }
 func (o *UpdateGithubEndpointOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewUpdateGithubEndpointDefault creates a UpdateGithubEndpointDefault with default headers values
 func NewUpdateGithubEndpointDefault(code int) *UpdateGithubEndpointDefault {
 	return &UpdateGithubEndpointDefault{
 		_statusCode: code,
 	}
 }
 /*
 UpdateGithubEndpointDefault describes a response with status code -1, with default header values.
 APIErrorResponse
 */
 type UpdateGithubEndpointDefault struct {
 	_statusCode int
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this update github endpoint default response has a 2xx status code
 func (o *UpdateGithubEndpointDefault) IsSuccess() bool {
 	return o._statusCode/100 == 2
 }
 // IsRedirect returns true when this update github endpoint default response has a 3xx status code
 func (o *UpdateGithubEndpointDefault) IsRedirect() bool {
 	return o._statusCode/100 == 3
 }
 // IsClientError returns true when this update github endpoint default response has a 4xx status code
 func (o *UpdateGithubEndpointDefault) IsClientError() bool {
 	return o._statusCode/100 == 4
 }
 // IsServerError returns true when this update github endpoint default response has a 5xx status code
 func (o *UpdateGithubEndpointDefault) IsServerError() bool {
 	return o._statusCode/100 == 5
 }
 // IsCode returns true when this update github endpoint default response a status code equal to that given
 func (o *UpdateGithubEndpointDefault) IsCode(code int) bool {
 	return o._statusCode == code
 }
 // Code gets the status code for the update github endpoint default response
 func (o *UpdateGithubEndpointDefault) Code() int {
 	return o._statusCode
 }
 func (o *UpdateGithubEndpointDefault) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[PUT /github/endpoints/{name}][%d] UpdateGithubEndpoint default %s", o._statusCode, payload)
 }
 func (o *UpdateGithubEndpointDefault) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[PUT /github/endpoints/{name}][%d] UpdateGithubEndpoint default %s", o._statusCode, payload)
 }
 func (o *UpdateGithubEndpointDefault) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *UpdateGithubEndpointDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/enterprises/create_enterprise_parameters.go
+++ b/client/enterprises/create_enterprise_parameters.go
@ -0,0 +1,151 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package enterprises
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // NewCreateEnterpriseParams creates a new CreateEnterpriseParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewCreateEnterpriseParams() *CreateEnterpriseParams {
 	return &CreateEnterpriseParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewCreateEnterpriseParamsWithTimeout creates a new CreateEnterpriseParams object
 // with the ability to set a timeout on a request.
 func NewCreateEnterpriseParamsWithTimeout(timeout time.Duration) *CreateEnterpriseParams {
 	return &CreateEnterpriseParams{
 		timeout: timeout,
 	}
 }
 // NewCreateEnterpriseParamsWithContext creates a new CreateEnterpriseParams object
 // with the ability to set a context for a request.
 func NewCreateEnterpriseParamsWithContext(ctx context.Context) *CreateEnterpriseParams {
 	return &CreateEnterpriseParams{
 		Context: ctx,
 	}
 }
 // NewCreateEnterpriseParamsWithHTTPClient creates a new CreateEnterpriseParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewCreateEnterpriseParamsWithHTTPClient(client *http.Client) *CreateEnterpriseParams {
 	return &CreateEnterpriseParams{
 		HTTPClient: client,
 	}
 }
 /*
 CreateEnterpriseParams contains all the parameters to send to the API endpoint
 	for the create enterprise operation.
 	Typically these are written to a http.Request.
 */
 type CreateEnterpriseParams struct {
 	/* Body.
 	   Parameters used to create the enterprise.
 	*/
 	Body garm_params.CreateEnterpriseParams
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the create enterprise params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *CreateEnterpriseParams) WithDefaults() *CreateEnterpriseParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the create enterprise params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *CreateEnterpriseParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the create enterprise params
 func (o *CreateEnterpriseParams) WithTimeout(timeout time.Duration) *CreateEnterpriseParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the create enterprise params
 func (o *CreateEnterpriseParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the create enterprise params
 func (o *CreateEnterpriseParams) WithContext(ctx context.Context) *CreateEnterpriseParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the create enterprise params
 func (o *CreateEnterpriseParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the create enterprise params
 func (o *CreateEnterpriseParams) WithHTTPClient(client *http.Client) *CreateEnterpriseParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the create enterprise params
 func (o *CreateEnterpriseParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithBody adds the body to the create enterprise params
 func (o *CreateEnterpriseParams) WithBody(body garm_params.CreateEnterpriseParams) *CreateEnterpriseParams {
 	o.SetBody(body)
 	return o
 }
 // SetBody adds the body to the create enterprise params
 func (o *CreateEnterpriseParams) SetBody(body garm_params.CreateEnterpriseParams) {
 	o.Body = body
 }
 // WriteToRequest writes these params to a swagger request
 func (o *CreateEnterpriseParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	if err := r.SetBodyParam(o.Body); err != nil {
 		return err
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/enterprises/create_enterprise_pool_parameters.go
+++ b/client/enterprises/create_enterprise_pool_parameters.go
@ -0,0 +1,173 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package enterprises
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // NewCreateEnterprisePoolParams creates a new CreateEnterprisePoolParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewCreateEnterprisePoolParams() *CreateEnterprisePoolParams {
 	return &CreateEnterprisePoolParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewCreateEnterprisePoolParamsWithTimeout creates a new CreateEnterprisePoolParams object
 // with the ability to set a timeout on a request.
 func NewCreateEnterprisePoolParamsWithTimeout(timeout time.Duration) *CreateEnterprisePoolParams {
 	return &CreateEnterprisePoolParams{
 		timeout: timeout,
 	}
 }
 // NewCreateEnterprisePoolParamsWithContext creates a new CreateEnterprisePoolParams object
 // with the ability to set a context for a request.
 func NewCreateEnterprisePoolParamsWithContext(ctx context.Context) *CreateEnterprisePoolParams {
 	return &CreateEnterprisePoolParams{
 		Context: ctx,
 	}
 }
 // NewCreateEnterprisePoolParamsWithHTTPClient creates a new CreateEnterprisePoolParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewCreateEnterprisePoolParamsWithHTTPClient(client *http.Client) *CreateEnterprisePoolParams {
 	return &CreateEnterprisePoolParams{
 		HTTPClient: client,
 	}
 }
 /*
 CreateEnterprisePoolParams contains all the parameters to send to the API endpoint
 	for the create enterprise pool operation.
 	Typically these are written to a http.Request.
 */
 type CreateEnterprisePoolParams struct {
 	/* Body.
 	   Parameters used when creating the enterprise pool.
 	*/
 	Body garm_params.CreatePoolParams
 	/* EnterpriseID.
 	   Enterprise ID.
 	*/
 	EnterpriseID string
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the create enterprise pool params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *CreateEnterprisePoolParams) WithDefaults() *CreateEnterprisePoolParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the create enterprise pool params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *CreateEnterprisePoolParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the create enterprise pool params
 func (o *CreateEnterprisePoolParams) WithTimeout(timeout time.Duration) *CreateEnterprisePoolParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the create enterprise pool params
 func (o *CreateEnterprisePoolParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the create enterprise pool params
 func (o *CreateEnterprisePoolParams) WithContext(ctx context.Context) *CreateEnterprisePoolParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the create enterprise pool params
 func (o *CreateEnterprisePoolParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the create enterprise pool params
 func (o *CreateEnterprisePoolParams) WithHTTPClient(client *http.Client) *CreateEnterprisePoolParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the create enterprise pool params
 func (o *CreateEnterprisePoolParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithBody adds the body to the create enterprise pool params
 func (o *CreateEnterprisePoolParams) WithBody(body garm_params.CreatePoolParams) *CreateEnterprisePoolParams {
 	o.SetBody(body)
 	return o
 }
 // SetBody adds the body to the create enterprise pool params
 func (o *CreateEnterprisePoolParams) SetBody(body garm_params.CreatePoolParams) {
 	o.Body = body
 }
 // WithEnterpriseID adds the enterpriseID to the create enterprise pool params
 func (o *CreateEnterprisePoolParams) WithEnterpriseID(enterpriseID string) *CreateEnterprisePoolParams {
 	o.SetEnterpriseID(enterpriseID)
 	return o
 }
 // SetEnterpriseID adds the enterpriseId to the create enterprise pool params
 func (o *CreateEnterprisePoolParams) SetEnterpriseID(enterpriseID string) {
 	o.EnterpriseID = enterpriseID
 }
 // WriteToRequest writes these params to a swagger request
 func (o *CreateEnterprisePoolParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	if err := r.SetBodyParam(o.Body); err != nil {
 		return err
 	}
 	// path param enterpriseID
 	if err := r.SetPathParam("enterpriseID", o.EnterpriseID); err != nil {
 		return err
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/enterprises/create_enterprise_pool_responses.go
+++ b/client/enterprises/create_enterprise_pool_responses.go
@ -0,0 +1,184 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package enterprises
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // CreateEnterprisePoolReader is a Reader for the CreateEnterprisePool structure.
 type CreateEnterprisePoolReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *CreateEnterprisePoolReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 200:
 		result := NewCreateEnterprisePoolOK()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	default:
 		result := NewCreateEnterprisePoolDefault(response.Code())
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		if response.Code()/100 == 2 {
 			return result, nil
 		}
 		return nil, result
 	}
 }
 // NewCreateEnterprisePoolOK creates a CreateEnterprisePoolOK with default headers values
 func NewCreateEnterprisePoolOK() *CreateEnterprisePoolOK {
 	return &CreateEnterprisePoolOK{}
 }
 /*
 CreateEnterprisePoolOK describes a response with status code 200, with default header values.
 Pool
 */
 type CreateEnterprisePoolOK struct {
 	Payload garm_params.Pool
 }
 // IsSuccess returns true when this create enterprise pool o k response has a 2xx status code
 func (o *CreateEnterprisePoolOK) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this create enterprise pool o k response has a 3xx status code
 func (o *CreateEnterprisePoolOK) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this create enterprise pool o k response has a 4xx status code
 func (o *CreateEnterprisePoolOK) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this create enterprise pool o k response has a 5xx status code
 func (o *CreateEnterprisePoolOK) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this create enterprise pool o k response a status code equal to that given
 func (o *CreateEnterprisePoolOK) IsCode(code int) bool {
 	return code == 200
 }
 // Code gets the status code for the create enterprise pool o k response
 func (o *CreateEnterprisePoolOK) Code() int {
 	return 200
 }
 func (o *CreateEnterprisePoolOK) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /enterprises/{enterpriseID}/pools][%d] createEnterprisePoolOK %s", 200, payload)
 }
 func (o *CreateEnterprisePoolOK) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /enterprises/{enterpriseID}/pools][%d] createEnterprisePoolOK %s", 200, payload)
 }
 func (o *CreateEnterprisePoolOK) GetPayload() garm_params.Pool {
 	return o.Payload
 }
 func (o *CreateEnterprisePoolOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewCreateEnterprisePoolDefault creates a CreateEnterprisePoolDefault with default headers values
 func NewCreateEnterprisePoolDefault(code int) *CreateEnterprisePoolDefault {
 	return &CreateEnterprisePoolDefault{
 		_statusCode: code,
 	}
 }
 /*
 CreateEnterprisePoolDefault describes a response with status code -1, with default header values.
 APIErrorResponse
 */
 type CreateEnterprisePoolDefault struct {
 	_statusCode int
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this create enterprise pool default response has a 2xx status code
 func (o *CreateEnterprisePoolDefault) IsSuccess() bool {
 	return o._statusCode/100 == 2
 }
 // IsRedirect returns true when this create enterprise pool default response has a 3xx status code
 func (o *CreateEnterprisePoolDefault) IsRedirect() bool {
 	return o._statusCode/100 == 3
 }
 // IsClientError returns true when this create enterprise pool default response has a 4xx status code
 func (o *CreateEnterprisePoolDefault) IsClientError() bool {
 	return o._statusCode/100 == 4
 }
 // IsServerError returns true when this create enterprise pool default response has a 5xx status code
 func (o *CreateEnterprisePoolDefault) IsServerError() bool {
 	return o._statusCode/100 == 5
 }
 // IsCode returns true when this create enterprise pool default response a status code equal to that given
 func (o *CreateEnterprisePoolDefault) IsCode(code int) bool {
 	return o._statusCode == code
 }
 // Code gets the status code for the create enterprise pool default response
 func (o *CreateEnterprisePoolDefault) Code() int {
 	return o._statusCode
 }
 func (o *CreateEnterprisePoolDefault) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /enterprises/{enterpriseID}/pools][%d] CreateEnterprisePool default %s", o._statusCode, payload)
 }
 func (o *CreateEnterprisePoolDefault) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /enterprises/{enterpriseID}/pools][%d] CreateEnterprisePool default %s", o._statusCode, payload)
 }
 func (o *CreateEnterprisePoolDefault) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *CreateEnterprisePoolDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/enterprises/create_enterprise_responses.go
+++ b/client/enterprises/create_enterprise_responses.go
@ -0,0 +1,184 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package enterprises
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // CreateEnterpriseReader is a Reader for the CreateEnterprise structure.
 type CreateEnterpriseReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *CreateEnterpriseReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 200:
 		result := NewCreateEnterpriseOK()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	default:
 		result := NewCreateEnterpriseDefault(response.Code())
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		if response.Code()/100 == 2 {
 			return result, nil
 		}
 		return nil, result
 	}
 }
 // NewCreateEnterpriseOK creates a CreateEnterpriseOK with default headers values
 func NewCreateEnterpriseOK() *CreateEnterpriseOK {
 	return &CreateEnterpriseOK{}
 }
 /*
 CreateEnterpriseOK describes a response with status code 200, with default header values.
 Enterprise
 */
 type CreateEnterpriseOK struct {
 	Payload garm_params.Enterprise
 }
 // IsSuccess returns true when this create enterprise o k response has a 2xx status code
 func (o *CreateEnterpriseOK) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this create enterprise o k response has a 3xx status code
 func (o *CreateEnterpriseOK) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this create enterprise o k response has a 4xx status code
 func (o *CreateEnterpriseOK) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this create enterprise o k response has a 5xx status code
 func (o *CreateEnterpriseOK) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this create enterprise o k response a status code equal to that given
 func (o *CreateEnterpriseOK) IsCode(code int) bool {
 	return code == 200
 }
 // Code gets the status code for the create enterprise o k response
 func (o *CreateEnterpriseOK) Code() int {
 	return 200
 }
 func (o *CreateEnterpriseOK) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /enterprises][%d] createEnterpriseOK %s", 200, payload)
 }
 func (o *CreateEnterpriseOK) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /enterprises][%d] createEnterpriseOK %s", 200, payload)
 }
 func (o *CreateEnterpriseOK) GetPayload() garm_params.Enterprise {
 	return o.Payload
 }
 func (o *CreateEnterpriseOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewCreateEnterpriseDefault creates a CreateEnterpriseDefault with default headers values
 func NewCreateEnterpriseDefault(code int) *CreateEnterpriseDefault {
 	return &CreateEnterpriseDefault{
 		_statusCode: code,
 	}
 }
 /*
 CreateEnterpriseDefault describes a response with status code -1, with default header values.
 APIErrorResponse
 */
 type CreateEnterpriseDefault struct {
 	_statusCode int
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this create enterprise default response has a 2xx status code
 func (o *CreateEnterpriseDefault) IsSuccess() bool {
 	return o._statusCode/100 == 2
 }
 // IsRedirect returns true when this create enterprise default response has a 3xx status code
 func (o *CreateEnterpriseDefault) IsRedirect() bool {
 	return o._statusCode/100 == 3
 }
 // IsClientError returns true when this create enterprise default response has a 4xx status code
 func (o *CreateEnterpriseDefault) IsClientError() bool {
 	return o._statusCode/100 == 4
 }
 // IsServerError returns true when this create enterprise default response has a 5xx status code
 func (o *CreateEnterpriseDefault) IsServerError() bool {
 	return o._statusCode/100 == 5
 }
 // IsCode returns true when this create enterprise default response a status code equal to that given
 func (o *CreateEnterpriseDefault) IsCode(code int) bool {
 	return o._statusCode == code
 }
 // Code gets the status code for the create enterprise default response
 func (o *CreateEnterpriseDefault) Code() int {
 	return o._statusCode
 }
 func (o *CreateEnterpriseDefault) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /enterprises][%d] CreateEnterprise default %s", o._statusCode, payload)
 }
 func (o *CreateEnterpriseDefault) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /enterprises][%d] CreateEnterprise default %s", o._statusCode, payload)
 }
 func (o *CreateEnterpriseDefault) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *CreateEnterpriseDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/enterprises/create_enterprise_scale_set_parameters.go
+++ b/client/enterprises/create_enterprise_scale_set_parameters.go
@ -0,0 +1,173 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package enterprises
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // NewCreateEnterpriseScaleSetParams creates a new CreateEnterpriseScaleSetParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewCreateEnterpriseScaleSetParams() *CreateEnterpriseScaleSetParams {
 	return &CreateEnterpriseScaleSetParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewCreateEnterpriseScaleSetParamsWithTimeout creates a new CreateEnterpriseScaleSetParams object
 // with the ability to set a timeout on a request.
 func NewCreateEnterpriseScaleSetParamsWithTimeout(timeout time.Duration) *CreateEnterpriseScaleSetParams {
 	return &CreateEnterpriseScaleSetParams{
 		timeout: timeout,
 	}
 }
 // NewCreateEnterpriseScaleSetParamsWithContext creates a new CreateEnterpriseScaleSetParams object
 // with the ability to set a context for a request.
 func NewCreateEnterpriseScaleSetParamsWithContext(ctx context.Context) *CreateEnterpriseScaleSetParams {
 	return &CreateEnterpriseScaleSetParams{
 		Context: ctx,
 	}
 }
 // NewCreateEnterpriseScaleSetParamsWithHTTPClient creates a new CreateEnterpriseScaleSetParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewCreateEnterpriseScaleSetParamsWithHTTPClient(client *http.Client) *CreateEnterpriseScaleSetParams {
 	return &CreateEnterpriseScaleSetParams{
 		HTTPClient: client,
 	}
 }
 /*
 CreateEnterpriseScaleSetParams contains all the parameters to send to the API endpoint
 	for the create enterprise scale set operation.
 	Typically these are written to a http.Request.
 */
 type CreateEnterpriseScaleSetParams struct {
 	/* Body.
 	   Parameters used when creating the enterprise scale set.
 	*/
 	Body garm_params.CreateScaleSetParams
 	/* EnterpriseID.
 	   Enterprise ID.
 	*/
 	EnterpriseID string
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the create enterprise scale set params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *CreateEnterpriseScaleSetParams) WithDefaults() *CreateEnterpriseScaleSetParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the create enterprise scale set params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *CreateEnterpriseScaleSetParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the create enterprise scale set params
 func (o *CreateEnterpriseScaleSetParams) WithTimeout(timeout time.Duration) *CreateEnterpriseScaleSetParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the create enterprise scale set params
 func (o *CreateEnterpriseScaleSetParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the create enterprise scale set params
 func (o *CreateEnterpriseScaleSetParams) WithContext(ctx context.Context) *CreateEnterpriseScaleSetParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the create enterprise scale set params
 func (o *CreateEnterpriseScaleSetParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the create enterprise scale set params
 func (o *CreateEnterpriseScaleSetParams) WithHTTPClient(client *http.Client) *CreateEnterpriseScaleSetParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the create enterprise scale set params
 func (o *CreateEnterpriseScaleSetParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithBody adds the body to the create enterprise scale set params
 func (o *CreateEnterpriseScaleSetParams) WithBody(body garm_params.CreateScaleSetParams) *CreateEnterpriseScaleSetParams {
 	o.SetBody(body)
 	return o
 }
 // SetBody adds the body to the create enterprise scale set params
 func (o *CreateEnterpriseScaleSetParams) SetBody(body garm_params.CreateScaleSetParams) {
 	o.Body = body
 }
 // WithEnterpriseID adds the enterpriseID to the create enterprise scale set params
 func (o *CreateEnterpriseScaleSetParams) WithEnterpriseID(enterpriseID string) *CreateEnterpriseScaleSetParams {
 	o.SetEnterpriseID(enterpriseID)
 	return o
 }
 // SetEnterpriseID adds the enterpriseId to the create enterprise scale set params
 func (o *CreateEnterpriseScaleSetParams) SetEnterpriseID(enterpriseID string) {
 	o.EnterpriseID = enterpriseID
 }
 // WriteToRequest writes these params to a swagger request
 func (o *CreateEnterpriseScaleSetParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	if err := r.SetBodyParam(o.Body); err != nil {
 		return err
 	}
 	// path param enterpriseID
 	if err := r.SetPathParam("enterpriseID", o.EnterpriseID); err != nil {
 		return err
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/client/enterprises/create_enterprise_scale_set_responses.go
+++ b/client/enterprises/create_enterprise_scale_set_responses.go
@ -0,0 +1,184 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package enterprises
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	apiserver_params "github.com/cloudbase/garm/apiserver/params"
 	garm_params "github.com/cloudbase/garm/params"
 )
 // CreateEnterpriseScaleSetReader is a Reader for the CreateEnterpriseScaleSet structure.
 type CreateEnterpriseScaleSetReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *CreateEnterpriseScaleSetReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 200:
 		result := NewCreateEnterpriseScaleSetOK()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	default:
 		result := NewCreateEnterpriseScaleSetDefault(response.Code())
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		if response.Code()/100 == 2 {
 			return result, nil
 		}
 		return nil, result
 	}
 }
 // NewCreateEnterpriseScaleSetOK creates a CreateEnterpriseScaleSetOK with default headers values
 func NewCreateEnterpriseScaleSetOK() *CreateEnterpriseScaleSetOK {
 	return &CreateEnterpriseScaleSetOK{}
 }
 /*
 CreateEnterpriseScaleSetOK describes a response with status code 200, with default header values.
 ScaleSet
 */
 type CreateEnterpriseScaleSetOK struct {
 	Payload garm_params.ScaleSet
 }
 // IsSuccess returns true when this create enterprise scale set o k response has a 2xx status code
 func (o *CreateEnterpriseScaleSetOK) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this create enterprise scale set o k response has a 3xx status code
 func (o *CreateEnterpriseScaleSetOK) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this create enterprise scale set o k response has a 4xx status code
 func (o *CreateEnterpriseScaleSetOK) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this create enterprise scale set o k response has a 5xx status code
 func (o *CreateEnterpriseScaleSetOK) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this create enterprise scale set o k response a status code equal to that given
 func (o *CreateEnterpriseScaleSetOK) IsCode(code int) bool {
 	return code == 200
 }
 // Code gets the status code for the create enterprise scale set o k response
 func (o *CreateEnterpriseScaleSetOK) Code() int {
 	return 200
 }
 func (o *CreateEnterpriseScaleSetOK) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /enterprises/{enterpriseID}/scalesets][%d] createEnterpriseScaleSetOK %s", 200, payload)
 }
 func (o *CreateEnterpriseScaleSetOK) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /enterprises/{enterpriseID}/scalesets][%d] createEnterpriseScaleSetOK %s", 200, payload)
 }
 func (o *CreateEnterpriseScaleSetOK) GetPayload() garm_params.ScaleSet {
 	return o.Payload
 }
 func (o *CreateEnterpriseScaleSetOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewCreateEnterpriseScaleSetDefault creates a CreateEnterpriseScaleSetDefault with default headers values
 func NewCreateEnterpriseScaleSetDefault(code int) *CreateEnterpriseScaleSetDefault {
 	return &CreateEnterpriseScaleSetDefault{
 		_statusCode: code,
 	}
 }
 /*
 CreateEnterpriseScaleSetDefault describes a response with status code -1, with default header values.
 APIErrorResponse
 */
 type CreateEnterpriseScaleSetDefault struct {
 	_statusCode int
 	Payload apiserver_params.APIErrorResponse
 }
 // IsSuccess returns true when this create enterprise scale set default response has a 2xx status code
 func (o *CreateEnterpriseScaleSetDefault) IsSuccess() bool {
 	return o._statusCode/100 == 2
 }
 // IsRedirect returns true when this create enterprise scale set default response has a 3xx status code
 func (o *CreateEnterpriseScaleSetDefault) IsRedirect() bool {
 	return o._statusCode/100 == 3
 }
 // IsClientError returns true when this create enterprise scale set default response has a 4xx status code
 func (o *CreateEnterpriseScaleSetDefault) IsClientError() bool {
 	return o._statusCode/100 == 4
 }
 // IsServerError returns true when this create enterprise scale set default response has a 5xx status code
 func (o *CreateEnterpriseScaleSetDefault) IsServerError() bool {
 	return o._statusCode/100 == 5
 }
 // IsCode returns true when this create enterprise scale set default response a status code equal to that given
 func (o *CreateEnterpriseScaleSetDefault) IsCode(code int) bool {
 	return o._statusCode == code
 }
 // Code gets the status code for the create enterprise scale set default response
 func (o *CreateEnterpriseScaleSetDefault) Code() int {
 	return o._statusCode
 }
 func (o *CreateEnterpriseScaleSetDefault) Error() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /enterprises/{enterpriseID}/scalesets][%d] CreateEnterpriseScaleSet default %s", o._statusCode, payload)
 }
 func (o *CreateEnterpriseScaleSetDefault) String() string {
 	payload, _ := json.Marshal(o.Payload)
 	return fmt.Sprintf("[POST /enterprises/{enterpriseID}/scalesets][%d] CreateEnterpriseScaleSet default %s", o._statusCode, payload)
 }
 func (o *CreateEnterpriseScaleSetDefault) GetPayload() apiserver_params.APIErrorResponse {
 	return o.Payload
 }
 func (o *CreateEnterpriseScaleSetDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/client/enterprises/delete_enterprise_parameters.go
+++ b/client/enterprises/delete_enterprise_parameters.go
@ -0,0 +1,151 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package enterprises
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 )
 // NewDeleteEnterpriseParams creates a new DeleteEnterpriseParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewDeleteEnterpriseParams() *DeleteEnterpriseParams {
 	return &DeleteEnterpriseParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewDeleteEnterpriseParamsWithTimeout creates a new DeleteEnterpriseParams object
 // with the ability to set a timeout on a request.
 func NewDeleteEnterpriseParamsWithTimeout(timeout time.Duration) *DeleteEnterpriseParams {
 	return &DeleteEnterpriseParams{
 		timeout: timeout,
 	}
 }
 // NewDeleteEnterpriseParamsWithContext creates a new DeleteEnterpriseParams object
 // with the ability to set a context for a request.
 func NewDeleteEnterpriseParamsWithContext(ctx context.Context) *DeleteEnterpriseParams {
 	return &DeleteEnterpriseParams{
 		Context: ctx,
 	}
 }
 // NewDeleteEnterpriseParamsWithHTTPClient creates a new DeleteEnterpriseParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewDeleteEnterpriseParamsWithHTTPClient(client *http.Client) *DeleteEnterpriseParams {
 	return &DeleteEnterpriseParams{
 		HTTPClient: client,
 	}
 }
 /*
 DeleteEnterpriseParams contains all the parameters to send to the API endpoint
 	for the delete enterprise operation.
 	Typically these are written to a http.Request.
 */
 type DeleteEnterpriseParams struct {
 	/* EnterpriseID.
 	   ID of the enterprise to delete.
 	*/
 	EnterpriseID string
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the delete enterprise params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *DeleteEnterpriseParams) WithDefaults() *DeleteEnterpriseParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the delete enterprise params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *DeleteEnterpriseParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the delete enterprise params
 func (o *DeleteEnterpriseParams) WithTimeout(timeout time.Duration) *DeleteEnterpriseParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the delete enterprise params
 func (o *DeleteEnterpriseParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the delete enterprise params
 func (o *DeleteEnterpriseParams) WithContext(ctx context.Context) *DeleteEnterpriseParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the delete enterprise params
 func (o *DeleteEnterpriseParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the delete enterprise params
 func (o *DeleteEnterpriseParams) WithHTTPClient(client *http.Client) *DeleteEnterpriseParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the delete enterprise params
 func (o *DeleteEnterpriseParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithEnterpriseID adds the enterpriseID to the delete enterprise params
 func (o *DeleteEnterpriseParams) WithEnterpriseID(enterpriseID string) *DeleteEnterpriseParams {
 	o.SetEnterpriseID(enterpriseID)
 	return o
 }
 // SetEnterpriseID adds the enterpriseId to the delete enterprise params
 func (o *DeleteEnterpriseParams) SetEnterpriseID(enterpriseID string) {
 	o.EnterpriseID = enterpriseID
 }
 // WriteToRequest writes these params to a swagger request
 func (o *DeleteEnterpriseParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	// path param enterpriseID
 	if err := r.SetPathParam("enterpriseID", o.EnterpriseID); err != nil {
 		return err
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/Show more
+++ b/Show more