refactor(params): ♻️ Simplify ForgeURL logic by removing redundant switch case

Streamlines the ForgeURL method by removing an unnecessary nested switch case
on ForgeType, consolidating the logic to rely solely on EntityType. This change
reduces complexity and improves code readability without altering functionality.

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/build-and-push.yml

@@ -1,14 +1,16 @@
-name: "Build GARM images"
+name: "Build and push GARM images"
 on:
-  workflow_dispatch:
+  workflow_call:
     inputs:
       push_to_project:
         description: "Project to build images for"
-        required: true
+        required: false
+        type: string
         default: "ghcr.io/cloudbase"
       ref:
         description: "Ref to build"
-        required: true
+        required: false
+        type: string
         default: "main"
 
 permissions:
@@ -19,10 +21,10 @@ jobs:
       permissions:
         packages: write
       name: "Build GARM images"
-      runs-on: ubuntu-22.04
+      runs-on: ubuntu-latest
       steps:
         - name: "Checkout"
-          uses: actions/checkout@v3
+          uses: actions/checkout@v4
           with:
             path: src/github.com/cloudbase/garm
             fetch-depth: 0
@@ -37,13 +39,23 @@ jobs:
             username: ${{ github.actor }}
             password: ${{ secrets.GITHUB_TOKEN }}
 
-        - name: Build and push
+        - name: Build and push image
+          env:
+            IMAGE_REGISTRY: ${{ inputs.push_to_project }}
+            GH_REF: ${{ inputs.ref }}
+          working-directory: src/github.com/cloudbase/garm
           run: |
-            cd src/github.com/cloudbase/garm
-            VERSION=$(git describe --tags --match='v[0-9]*' --always ${{ github.event.inputs.ref }})
+            if [ "$GH_REF" == "main" ]; then
+              IMAGE_TAG="nightly"
+            else
+              IMAGE_TAG=$(git describe --tags --match='v[0-9]*' --always ${GH_REF})
+            fi
             docker buildx build \
               --provenance=false \
               --platform linux/amd64,linux/arm64 \
-              --build-arg="GARM_REF=${{ github.event.inputs.ref }}" \
-              -t ${{ github.event.inputs.push_to_project }}/garm:"${VERSION}" \
-              --push .
+              --label "org.opencontainers.image.source=https://github.com/cloudbase/garm/tree/${GH_REF}" \
+              --label "org.opencontainers.image.description=GARM ${GH_REF}" \
+              --label "org.opencontainers.image.licenses=Apache 2.0" \
+              --build-arg="GARM_REF=${GH_REF}" \
+              -t ${IMAGE_REGISTRY}/garm:"${IMAGE_TAG}" \
+              --push .

.github/workflows/go-tests.yml

@@ -4,9 +4,11 @@ on:
   push:
     branches:
       - main
+      - 'release/**'
   pull_request:
     branches:
       - main
+      - 'release/**'
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }}
@@ -17,23 +19,22 @@ permissions: {}
 jobs:
   linters:
     name: Linters
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     timeout-minutes: 10
 
     steps:
       - name: Install dependencies
         run: |
           sudo apt-get update
-          sudo apt-get install -y libbtrfs-dev build-essential
+          sudo apt-get install -y libbtrfs-dev build-essential apg jq
 
-      - uses: actions/setup-go@v3
-        with:
-          go-version: 'stable'
       - uses: actions/checkout@v3
-      - uses: golangci/golangci-lint-action@v3
+      - uses: actions/setup-go@v5
         with:
-          skip-cache: true
-          args: --timeout=8m --build-tags testing
+          go-version-file: go.mod
+
+      - name: make lint
+        run: make golangci-lint && GOLANGCI_LINT_EXTRA_ARGS="--timeout=8m --build-tags=testing,integration" make lint
       - name: Verify go vendor, go modules and gofmt
         run: |
           sudo apt-get install -y jq
@@ -43,15 +44,39 @@ jobs:
     runs-on: ubuntu-latest
     needs: [linters]
     steps:
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libbtrfs-dev build-essential apg jq default-jre
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '>=v24.5.0'
+      
+      - name: Set up openapi-generator-cli
+        run: |
+          mkdir -p $HOME/openapi-generator
+          cd $HOME/openapi-generator
+          npm install @openapitools/openapi-generator-cli
+          echo "$HOME/openapi-generator/node_modules/.bin" >> $GITHUB_PATH
+
       - name: Checkout
         uses: actions/checkout@v3
 
       - name: Setup Golang
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
           go-version-file: go.mod
 
       - run: go version
 
+      - name: Run go generate
+        run: |
+          GOTOOLCHAIN=go1.24.6 make generate
+
       - name: Run GARM Go Tests
         run: make go-test
+
+      - name: Run web UI tests
+        run: |
+          make webui-test

.github/workflows/integration-tests.yml

@@ -6,10 +6,10 @@ on:
 
 jobs:
   integration-tests:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-noble-garm
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Golang
         uses: actions/setup-go@v3
@@ -17,30 +17,53 @@ jobs:
           go-version-file: go.mod
 
       - name: Setup LXD
-        uses: canonical/setup-lxd@v0.1.1
-
-      - name: Build GARM
-        run: make build
-
-      - name: Set up ngrok
-        id: ngrok
-        uses: gabriel-samfira/ngrok-tunnel-action@v1.1
+        uses: canonical/setup-lxd@main
         with:
-          ngrok_authtoken: ${{ secrets.NGROK_AUTH_TOKEN }}
-          port: 9997
-          tunnel_type: http
+          channel: latest/stable
 
-      - name: Setup GARM
-        run: ./test/integration/scripts/setup-garm.sh
-        env:
-          GH_OAUTH_TOKEN: ${{ secrets.GH_OAUTH_TOKEN }}
-          CREDENTIALS_NAME: test-garm-creds
-          GARM_BASE_URL: ${{ steps.ngrok.outputs.tunnel-url }}
+      - name: Install dependencies
+        run: |
+          sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
+          sudo apt-get -qq update && sudo apt-get -qq install -y apg coreutils make jq build-essential libsqlite3-dev libsqlite3-0
+
+      - name: Set up tunnel
+        shell: bash
+        run: |
+          mkdir -p /home/runner/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > /home/runner/.ssh/ssh_key
+          sudo chown -R runner:runner /home/runner/.ssh
+          sudo chmod 500 /home/runner/.ssh
+          sudo chmod 400 /home/runner/.ssh/ssh_key
+
+          SUBDOMAIN=$(apg -a 0 -M l -m 12 -n 1)
+          echo "::add-mask::$SUBDOMAIN"
+
+          BASE_URL="${{ secrets.TUNNEL_BASE_URL }}"
+          GARM_BASE_URL="https://$SUBDOMAIN.$BASE_URL"
+          echo "::add-mask::$GARM_BASE_URL"
+
+          echo "GARM_BASE_URL=$GARM_BASE_URL" >> $GITHUB_ENV
+
+          cat <<EOF | sudo tee /etc/systemd/system/garm-tunnel.service
+          [Unit]
+          Description=GARM tunnel
+          After=network.target
+
+          [Service]
+          Type=simple
+          ExecStart=/usr/bin/ssh -q -i /home/runner/.ssh/ssh_key -N -n -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -R $SUBDOMAIN:80:127.0.0.1:9997 $BASE_URL
+          Restart=always
+          User=runner
+          [Install]
+          WantedBy=default.target
+          EOF
+
+          sudo systemctl daemon-reload
+          sudo systemctl enable garm-tunnel
+          sudo systemctl start garm-tunnel
 
       - name: Generate secrets
         run: |
-          sudo apt-get -qq update && sudo apt-get -qq install -y apg
-
           GARM_PASSWORD=$(apg -n1 -m32)
           REPO_WEBHOOK_SECRET=$(apg -n1 -m32)
           ORG_WEBHOOK_SECRET=$(apg -n1 -m32)
@@ -52,6 +75,7 @@ jobs:
           echo "GARM_PASSWORD=$GARM_PASSWORD" >> $GITHUB_ENV
           echo "REPO_WEBHOOK_SECRET=$REPO_WEBHOOK_SECRET" >> $GITHUB_ENV
           echo "ORG_WEBHOOK_SECRET=$ORG_WEBHOOK_SECRET" >> $GITHUB_ENV
+          echo "GARM_CHECKOUT_DIR=$GITHUB_WORKSPACE" >> $GITHUB_ENV
 
       - name: Create logs directory
         if: always()
@@ -61,24 +85,25 @@ jobs:
         run: |
           set -o pipefail
           set -o errexit
-          go run ./test/integration/main.go 2>&1 | tee /artifacts-logs/e2e.log
+          make integration 2>&1
         env:
-          GARM_BASE_URL: ${{ steps.ngrok.outputs.tunnel-url }}
           ORG_NAME: gsamfira
           REPO_NAME: garm-testing
           CREDENTIALS_NAME: test-garm-creds
           WORKFLOW_FILE_NAME: test.yml
           GH_TOKEN: ${{ secrets.GH_OAUTH_TOKEN }}
+          LXD_REMOTE_SERVER: ${{ secrets.LXD_REMOTE_SERVER }}
 
       - name: Show GARM logs
         if: always()
         run: |
-          sudo systemctl status garm
-          sudo journalctl -u garm --no-pager 2>&1 | tee /artifacts-logs/garm.log
+          sudo systemctl status garm@runner || true
+          sudo journalctl --no-pager 2>&1 > /artifacts-logs/system.log
+          sudo journalctl -u garm@runner --no-pager 2>&1 > /artifacts-logs/garm.log
 
       - name: Upload GARM and e2e logs
         if: always()
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: garm-logs
           path: /artifacts-logs
@@ -89,11 +114,9 @@ jobs:
           set -o pipefail
           set -o errexit
 
-          sudo systemctl stop garm
-
-          go run ./test/integration/gh_cleanup/main.go
+          sudo systemctl stop garm@runner || true
+          go run ./test/integration/gh_cleanup/main.go || true
         env:
-          GARM_BASE_URL: ${{ steps.ngrok.outputs.tunnel-url }}
           ORG_NAME: gsamfira
           REPO_NAME: garm-testing
           GH_TOKEN: ${{ secrets.GH_OAUTH_TOKEN }}

.github/workflows/trigger-manual.yml

@@ -0,0 +1,19 @@
+name: Manual build of GARM images
+on:
+  workflow_dispatch:
+    inputs:
+      push_to_project:
+        description: "Project to build images for"
+        required: true
+        default: "ghcr.io/cloudbase"
+      ref:
+        description: "Ref to build"
+        required: true
+        default: "main"
+
+jobs:
+  call-build-and-push:
+    uses: ./.github/workflows/build-and-push.yml
+    with:
+      push_to_project: ${{ inputs.push_to_project }}
+      ref: ${{ inputs.ref }}

.github/workflows/trigger-nightly.yml

@@ -0,0 +1,10 @@
+name: Nightly build of GARM images
+on:
+  schedule:
+    - cron: "0 2 * * *"
+
+jobs:
+  call-build-and-push:
+    uses: ./.github/workflows/build-and-push.yml
+    with:
+      ref: "main"

.gitignore

@@ -19,3 +19,9 @@ bin/
 cmd/temp
 build/
 release/
+node_modules/
+.svelte-kit/
+debug.html
+git_push.sh
+webapp/src/lib/api/generated/docs
+.env

.golangci.yml

@@ -0,0 +1,44 @@
+# SPDX-License-Identifier: MIT
+linters:
+  disable-all: true
+  fast: false
+  enable:
+    - gci
+    - goconst
+    - gocritic
+    - gocyclo
+    - gofmt
+    - gofumpt
+    - goimports
+    - godox
+    - govet
+    - gosec
+    - gosimple
+    - importas
+    - ineffassign
+    - loggercheck
+    - misspell
+    - nakedret
+    - nilerr
+    - predeclared
+    - promlinter
+    - revive
+    - staticcheck
+    - unconvert
+    - unused
+    - wastedassign
+    - whitespace
+
+linters-settings:
+  gci:
+    sections:
+      - standard
+      - default
+      - prefix(github.com/cloudbase/garm)
+
+  goimports:
+    local-prefixes: github.com/cloudbase/garm
+
+  gosec:
+    excludes:
+    - G115

.mockery.yaml

@@ -0,0 +1,27 @@
+with-expecter: true
+dir: "mocks"
+mockname: "{{ .InterfaceName }}"
+outpkg: "mocks"
+filename: "{{ .InterfaceName }}.go"
+# V3 compatibility settings
+resolve-type-alias: false
+disable-version-string: true
+issue-845-fix: true
+packages:
+  # Database store interfaces
+  github.com/cloudbase/garm/database/common:
+    interfaces:
+      Store:
+        config:
+          dir: "{{ .InterfaceDir }}/mocks"
+  # Runner interfaces  
+  github.com/cloudbase/garm/runner:
+    interfaces:
+      PoolManagerController:
+        config:
+          dir: "{{ .InterfaceDir }}/mocks"
+  # Runner common interfaces (generate all interfaces in this package)
+  github.com/cloudbase/garm/runner/common:
+    config:
+      dir: "{{ .InterfaceDir }}/mocks"
+      all: true

Dockerfile

@@ -3,36 +3,75 @@ ARG GARM_REF
 
 LABEL stage=builder
 
-RUN apk add musl-dev gcc libtool m4 autoconf g++ make libblkid util-linux-dev git linux-headers
-RUN git config --global --add safe.directory /build
+RUN apk add --no-cache musl-dev gcc libtool m4 autoconf g++ make libblkid util-linux-dev git linux-headers upx curl jq
+RUN git config --global --add safe.directory /build && git config --global --add advice.detachedHead false
+RUN echo ${GARM_REF}
 
 ADD . /build/garm
-RUN cd /build/garm && git checkout ${GARM_REF}
-RUN git clone https://github.com/cloudbase/garm-provider-azure /build/garm-provider-azure
-RUN git clone https://github.com/cloudbase/garm-provider-openstack /build/garm-provider-openstack
-RUN git clone https://github.com/cloudbase/garm-provider-lxd /build/garm-provider-lxd
-RUN git clone https://github.com/cloudbase/garm-provider-incus /build/garm-provider-incus
-RUN git clone https://github.com/mercedes-benz/garm-provider-k8s /build/garm-provider-k8s
 
-RUN cd /build/garm && go build -o /bin/garm \
-    -tags osusergo,netgo,sqlite_omit_load_extension \
-    -ldflags "-extldflags '-static' -s -w -X main.Version=$(git describe --tags --match='v[0-9]*' --dirty --always)" \
-    /build/garm/cmd/garm
-RUN mkdir -p /opt/garm/providers.d
-RUN cd /build/garm-provider-azure && go build -ldflags="-extldflags '-static' -s -w" -o /opt/garm/providers.d/garm-provider-azure .
-RUN cd /build/garm-provider-openstack && go build -ldflags="-extldflags '-static' -s -w" -o /opt/garm/providers.d/garm-provider-openstack .
-RUN cd /build/garm-provider-lxd && go build -ldflags="-extldflags '-static' -s -w" -o /opt/garm/providers.d/garm-provider-lxd .
-RUN cd /build/garm-provider-incus && go build -ldflags="-extldflags '-static' -s -w" -o /opt/garm/providers.d/garm-provider-incus .
-RUN cd /build/garm-provider-k8s/cmd/garm-provider-k8s && go build -ldflags="-extldflags '-static' -s -w" -o /opt/garm/providers.d/garm-provider-k8s .
+RUN git -C /build/garm checkout ${GARM_REF}
+RUN cd /build/garm \
+    && go build -o /bin/garm \
+      -tags osusergo,netgo,sqlite_omit_load_extension \
+      -ldflags "-linkmode external -extldflags '-static' -s -w -X github.com/cloudbase/garm/util/appdefaults.Version=$(git describe --tags --match='v[0-9]*' --dirty --always)" \
+      /build/garm/cmd/garm && upx /bin/garm
+RUN cd /build/garm/cmd/garm-cli \
+    && go build -o /bin/garm-cli \
+      -tags osusergo,netgo,sqlite_omit_load_extension \
+      -ldflags "-linkmode external -extldflags '-static' -s -w -X github.com/cloudbase/garm/util/appdefaults.Version=$(git describe --tags --match='v[0-9]*' --dirty --always)" \
+      . && upx /bin/garm-cli
+RUN set -ex; \
+    mkdir -p /opt/garm/providers.d; \
+    for repo in \
+      cloudbase/garm-provider-azure \
+      cloudbase/garm-provider-openstack \
+      cloudbase/garm-provider-lxd \
+      cloudbase/garm-provider-incus \
+      cloudbase/garm-provider-aws \
+      cloudbase/garm-provider-gcp \
+      cloudbase/garm-provider-equinix \
+      flatcar/garm-provider-linode \
+      mercedes-benz/garm-provider-k8s; \
+    do \
+        export PROVIDER_NAME="$(basename $repo)"; \
+        export PROVIDER_SUBDIR=""; \
+        if [ "$GARM_REF" == "main" ]; then \
+          export PROVIDER_REF="main"; \
+        else \
+          export PROVIDER_REF="$(curl -s -L https://api.github.com/repos/$repo/releases/latest | jq -r '.tag_name')"; \
+        fi; \
+        git clone --branch "$PROVIDER_REF" "https://github.com/$repo" "/build/$PROVIDER_NAME"; \
+        case $PROVIDER_NAME in \
+        "garm-provider-k8s") \
+            export PROVIDER_SUBDIR="cmd/garm-provider-k8s"; \
+            export PROVIDER_LDFLAGS="-linkmode external -extldflags \"-static\" -s -w"; \
+            ;; \
+        "garm-provider-linode") \
+            export PROVIDER_LDFLAGS="-linkmode external -extldflags \"-static\" -s -w"; \
+            ;; \
+        *) \
+            export PROVIDER_VERSION=$(git -C /build/$PROVIDER_NAME describe --tags --match='v[0-9]*' --dirty --always); \
+            export PROVIDER_LDFLAGS="-linkmode external -extldflags \"-static\" -s -w -X main.Version=$PROVIDER_VERSION"; \
+            ;; \
+        esac; \
+        cd "/build/$PROVIDER_NAME/$PROVIDER_SUBDIR" \
+        && go build -ldflags="$PROVIDER_LDFLAGS" -o /opt/garm/providers.d/$PROVIDER_NAME . \
+        && upx /opt/garm/providers.d/$PROVIDER_NAME; \
+    done
 
-FROM scratch
+FROM busybox
 
 COPY --from=builder /bin/garm /bin/garm
+COPY --from=builder /bin/garm-cli /bin/garm-cli
 COPY --from=builder /opt/garm/providers.d/garm-provider-openstack /opt/garm/providers.d/garm-provider-openstack
 COPY --from=builder /opt/garm/providers.d/garm-provider-lxd /opt/garm/providers.d/garm-provider-lxd
 COPY --from=builder /opt/garm/providers.d/garm-provider-incus /opt/garm/providers.d/garm-provider-incus
-COPY --from=builder /opt/garm/providers.d/garm-provider-k8s /opt/garm/providers.d/garm-provider-k8s
 COPY --from=builder /opt/garm/providers.d/garm-provider-azure /opt/garm/providers.d/garm-provider-azure
+COPY --from=builder /opt/garm/providers.d/garm-provider-aws /opt/garm/providers.d/garm-provider-aws
+COPY --from=builder /opt/garm/providers.d/garm-provider-gcp /opt/garm/providers.d/garm-provider-gcp
+COPY --from=builder /opt/garm/providers.d/garm-provider-equinix /opt/garm/providers.d/garm-provider-equinix
+
+COPY --from=builder /opt/garm/providers.d/garm-provider-k8s /opt/garm/providers.d/garm-provider-k8s
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 
 ENTRYPOINT ["/bin/garm", "-config", "/etc/garm/config.toml"]

Makefile

@@ -1,62 +1,139 @@
-SHELL := bash
+SHELL := /bin/bash
+export SHELLOPTS:=$(if $(SHELLOPTS),$(SHELLOPTS):)pipefail:errexit
 
+.ONESHELL:
+
+GEN_PASSWORD=$(shell (/usr/bin/apg -n1 -m32))
 IMAGE_TAG = garm-build
 
-USER_ID=$(shell ((docker --version | grep -q podman) && echo "0" || id -u))
-USER_GROUP=$(shell ((docker --version | grep -q podman) && echo "0" || id -g))
+IMAGE_BUILDER=$(shell (which docker || which podman))
+IS_PODMAN=$(shell (($(IMAGE_BUILDER) --version | grep -q podman) && echo "yes" || echo "no"))
+USER_ID=$(if $(filter yes,$(IS_PODMAN)),0,$(shell id -u))
+USER_GROUP=$(if $(filter yes,$(IS_PODMAN)),0,$(shell id -g))
 ROOTDIR=$(dir $(abspath $(lastword $(MAKEFILE_LIST))))
 GOPATH ?= $(shell go env GOPATH)
 VERSION ?= $(shell git describe --tags --match='v[0-9]*' --dirty --always)
 GARM_REF ?= $(shell git rev-parse --abbrev-ref HEAD)
 GO ?= go
+export GARM_PASSWORD ?= ${GEN_PASSWORD}
+export REPO_WEBHOOK_SECRET = ${GEN_PASSWORD}
+export ORG_WEBHOOK_SECRET = ${GEN_PASSWORD}
+export CREDENTIALS_NAME ?= test-garm-creds
+export WORKFLOW_FILE_NAME ?= test.yml
+export GARM_ADMIN_USERNAME ?= admin
+
+ifeq ($(IS_PODMAN),yes)
+    EXTRA_ARGS := -v /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt
+endif
+
+
+.PHONY: help
+help: ## Display this help.
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-20s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 
 
 default: build
 
+##@ Build
+
 .PHONY : build-static test install-lint-deps lint go-test fmt fmtcheck verify-vendor verify create-release-files release
-build-static:
+build-static: ## Build garm statically
 	@echo Building garm
-	docker build --tag $(IMAGE_TAG) -f Dockerfile.build-static .
-	docker run --rm -e USER_ID=$(USER_ID) -e GARM_REF=$(GARM_REF) -e USER_GROUP=$(USER_GROUP) -v $(PWD)/build:/build/output:z $(IMAGE_TAG) /build-static.sh
+	$(IMAGE_BUILDER) build $(EXTRA_ARGS) --tag $(IMAGE_TAG) -f Dockerfile.build-static .
+	mkdir -p build
+	$(IMAGE_BUILDER) run --rm -e USER_ID=$(USER_ID) -e GARM_REF=$(GARM_REF) -e USER_GROUP=$(USER_GROUP) -v $(PWD)/build:/build/output:z $(IMAGE_TAG) /build-static.sh
 	@echo Binaries are available in $(PWD)/build
 
+clean: ## Clean up build artifacts
+	@rm -rf ./bin ./build ./release
+
+.PHONY: build
+build: ## Build garm
+	@echo Building garm ${VERSION}
+	$(shell mkdir -p ./bin)
+	@$(GO) build -ldflags "-s -w -X github.com/cloudbase/garm/util/appdefaults.Version=${VERSION}" -tags osusergo,netgo,sqlite_omit_load_extension -o bin/garm ./cmd/garm
+	@$(GO) build -ldflags "-s -w -X github.com/cloudbase/garm/util/appdefaults.Version=${VERSION}" -tags osusergo,netgo,sqlite_omit_load_extension -o bin/garm-cli ./cmd/garm-cli
+	@echo Binaries are available in $(PWD)/bin
+
+.PHONY: build-webui
+build-webui:
+	@echo Building GARM web ui
+	./build-webapp.sh
+	rm -rf webapp/assets/_app
+	cp -r webapp/build/* webapp/assets/
+
+.PHONY: generate
+generate: ## Run go generate after checking required tools are in PATH
+	@echo Checking required tools...
+	@which openapi-generator-cli > /dev/null || (echo "Error: openapi-generator-cli not found in PATH" && exit 1)
+	@echo Running go generate
+	@$(GO) generate ./...
+
+test: verify go-test ## Run tests
+
+##@ Release
 create-release-files:
 	./scripts/make-release.sh
 
-release: build-static create-release-files
+release: build-static create-release-files ## Create a release
 
-clean:
-	@rm -rf ./bin ./build ./release
+##@ Lint / Verify
+.PHONY: lint
+lint: golangci-lint $(GOLANGCI_LINT) ## Run linting.
+	$(GOLANGCI_LINT) run -v --build-tags=testing,integration $(GOLANGCI_LINT_EXTRA_ARGS)
 
-build:
-	@echo Building garm ${VERSION}
-	$(shell mkdir -p ./bin)
-	@$(GO) build -ldflags "-s -w -X main.Version=${VERSION}" -tags osusergo,netgo,sqlite_omit_load_extension -o bin/garm ./cmd/garm
-	@$(GO) build -ldflags "-s -w -X github.com/cloudbase/garm/cmd/garm-cli/cmd.Version=${VERSION}" -tags osusergo,netgo,sqlite_omit_load_extension -o bin/garm-cli ./cmd/garm-cli
-	@echo Binaries are available in $(PWD)/bin
-
-test: verify go-test
-
-install-lint-deps:
-	@$(GO) install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
-
-lint:
-	@golangci-lint run --timeout=8m --build-tags testing
-
-go-test:
-	@$(GO) test -race -mod=vendor -tags testing -v $(TEST_ARGS) -timeout=15m -parallel=4 -count=1 ./...
-
-fmt:
-	@$(GO) fmt $$(go list ./...)
-
-fmtcheck:
-	@gofmt -l -s $$(go list ./... | sed 's|github.com/cloudbase/garm/||g') | grep ".*\.go"; if [ "$$?" -eq 0 ]; then echo "gofmt check failed; please run gofmt -w -s"; exit 1;fi
+.PHONY: lint-fix
+lint-fix: golangci-lint $(GOLANGCI_LINT) ## Lint the codebase and run auto-fixers if supported by the linte
+	GOLANGCI_LINT_EXTRA_ARGS=--fix $(MAKE) lint
 
 verify-vendor: ## verify if all the go.mod/go.sum files are up-to-date
 	$(eval TMPDIR := $(shell mktemp -d))
-	@cp -R ${ROOTDIR} ${TMPDIR}
+	@cp -R ${ROOTDIR} ${TMPDIR}/.
 	@(cd ${TMPDIR}/garm && ${GO} mod tidy)
 	@diff -r -u -q ${ROOTDIR} ${TMPDIR}/garm >/dev/null 2>&1; if [ "$$?" -ne 0 ];then echo "please run: go mod tidy && go mod vendor"; exit 1; fi
 	@rm -rf ${TMPDIR}
 
-verify: verify-vendor lint fmtcheck
+verify: verify-vendor lint fmtcheck ## Run all verify-* targets
+
+integration: build ## Run integration tests
+	function cleanup {
+		if [ -e "$$GITHUB_ENV" ];then
+			source $$GITHUB_ENV
+		fi
+		./test/integration/scripts/taredown_garm.sh
+		$(GO) run ./test/integration/gh_cleanup/main.go
+	}
+	trap cleanup EXIT
+	@./test/integration/scripts/setup-garm.sh
+	@$(GO) test -v ./test/integration/. -timeout=30m -tags=integration
+
+##@ Development
+
+go-test: ## Run tests
+	@$(GO) test -race -mod=vendor -tags testing -v $(TEST_ARGS) -timeout=15m -parallel=4 -count=1 ./...
+
+fmt: ## Run go fmt against code.
+	@$(GO) fmt $$(go list ./...)
+
+webui-test:
+	(cd webapp && npm install)
+	(cd webapp && npm run test:run)
+
+##@ Build Dependencies
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+## Tool Binaries
+GOLANGCI_LINT ?= $(LOCALBIN)/golangci-lint
+
+## Tool Versions
+GOLANGCI_LINT_VERSION ?= v1.64.8
+
+.PHONY: golangci-lint
+golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary. If wrong version is installed, it will be overwritten.
+$(GOLANGCI_LINT): $(LOCALBIN)
+	test -s $(LOCALBIN)/golangci-lint && $(LOCALBIN)/golangci-lint --version | grep -q $(GOLANGCI_LINT_VERSION) || \
+	GOBIN=$(LOCALBIN) go install github.com/golangci/golangci-lint/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION)

README.md

@@ -1,16 +1,59 @@
+
+<p align="center">
+    <img src="doc/images/garm-light.svg#gh-light-mode-only" width="384px" alt="Light mode image" />
+    <img src="doc/images/garm-dark.svg#gh-dark-mode-only" width="384px" alt="Dark mode image" />
+</p>
+
 # GitHub Actions Runner Manager (GARM)
 
 [![Go Tests](https://github.com/cloudbase/garm/actions/workflows/go-tests.yml/badge.svg)](https://github.com/cloudbase/garm/actions/workflows/go-tests.yml)
 
+<!-- TOC -->
+
+- [GitHub Actions Runner Manager GARM](#github-actions-runner-manager-garm)
+    - [About GARM](#about-garm)
+    - [Join us on slack](#join-us-on-slack)
+    - [Installing](#installing)
+        - [Quickstart](#quickstart)
+        - [Installing on Kubernetes](#installing-on-kubernetes)
+    - [Configuring GARM for GHES](#configuring-garm-for-ghes)
+    - [Configuring GARM for Gitea](#configuring-garm-for-gitea)
+    - [Enabling the web UI](#enabling-the-web-ui)
+    - [Using GARM](#using-garm)
+    - [Supported providers](#supported-providers)
+        - [Installing external providers](#installing-external-providers)
+    - [Optimizing your runners](#optimizing-your-runners)
+    - [Write your own provider](#write-your-own-provider)
+
+<!-- /TOC -->
+
+## About GARM
+
 Welcome to GARM!
 
-GARM enables you to create and automatically maintain pools of [self-hosted GitHub runners](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners), with auto-scaling that can be used inside your github workflow runs.
+GARM enables you to create and automatically maintain pools of self-hosted runners in both [Github](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners) and [Gitea](https://github.com/go-gitea/gitea/) with auto-scaling that can be used inside your workflow runs.
 
-The goal of ```GARM``` is to be simple to set up, simple to configure and simple to use. It is a single binary that can run on any GNU/Linux machine without any other requirements other than the providers it creates the runners in. It is intended to be easy to deploy in any environment and can create runners in any system you can write a provider for. There is no complicated setup process and no extremely complex concepts to understand. Once set up, it's meant to stay out of your way.
+The goal of ```GARM``` is to be simple to set up, simple to configure and simple to use. The server itself is a single binary that can run on any GNU/Linux machine without any other requirements other than the providers you want to enable in your setup. It is intended to be easy to deploy in any environment and can create runners in virtually any system you can write a provider for (if one does not alreay exist). There is no complicated setup process and no extremely complex concepts to understand. Once set up, it's meant to stay out of your way.
 
-GARM supports creating pools on either GitHub itself or on your own deployment of [GitHub Enterprise Server](https://docs.github.com/en/enterprise-server@3.5/admin/overview/about-github-enterprise-server). For instructions on how to use ```GARM``` with GHE, see the [credentials](/doc/github_credentials.md) section of the documentation.
+Through the use of providers, `GARM` can create runners in a variety of environments using the same `GARM` instance. Whether you want to create runners in your OpenStack cloud, your Azure cloud or your Kubernetes cluster, that is easily achieved by installing the appropriate providers, configuring them in `GARM` and creating pools that use them. You can create zero-runner pools for instances with high costs (large VMs, GPU enabled instances, etc) and have them spin up on demand, or you can create large pools of eagerly created k8s backed runners that can be used for your CI/CD pipelines at a moment's notice. You can mix them up and create pools in any combination of providers or resource allocations you want.
 
-Through the use of providers, `GARM` can create runners in a variety of environments using the same `GARM` instance. Want to create pools of runners in your OpenStack cloud, your Azure cloud and your Kubernetes cluster? No problem! Just install the appropriate providers, configure them in `GARM` and you're good to go. Create zero-runner pools for instances with high costs (large VMs, GPU enabled instances, etc) and have them spin up on demand, or create large pools of k8s backed runners that can be used for your CI/CD pipelines at a moment's notice. You can mix them up and create pools in any combination of providers or resource allocations you want.
+GARM supports two modes of operation:
+
+* Pools
+* Scale sets
+
+Here is a brief architectural diagram of how pools work and how GARM reacts to workflows triggered in GitHub (click the image to see a larger version):
+
+![GARM architecture diagram](/doc/images/garm-light.diagram.svg?raw=true#gh-light-mode-only)
+![GARM architecture diagram](/doc/images/garm-dark.diagram.svg?raw=true#gh-dark-mode-only)
+
+**Scale sets** work differently. While pools (as they are defined in GARM) rely on webhooks to know when a job was started and GARM needs to internally make the right decission in terms of which pool should handle that runner, scale sets have a lot of the scheduling and decission making logic done in GitHub itself.
+
+> [!IMPORTANT]
+> The README and documentation in the `main` branch are relevant to the not yet released code that is present in `main`. Following the documentation from the `main` branch for a stable release of GARM, may lead to errors. To view the documentation for the latest stable release, please switch to the appropriate tag. For information about setting up `v0.1.6`, please refer to the [v0.1.6 tag](https://github.com/cloudbase/garm/tree/v0.1.6).
+
+> [!CAUTION]
+> The `main` branch holds the latest code and is not guaranteed to be stable. If you are looking for a stable release, please check the releases page. If you plan to use the `main` branch, please do so on a new instance. Do not upgrade from a stable release to `main`.
 
 ## Join us on slack
 
@@ -20,42 +63,64 @@ Whether you're running into issues or just want to drop by and say "hi", feel fr
 
 ## Installing
 
-### On virtual or physical machines
+### Quickstart
 
 Check out the [quickstart](/doc/quickstart.md) document for instructions on how to install ```GARM```. If you'd like to build from source, check out the [building from source](/doc/building_from_source.md) document.
 
-### On Kubernetes
+### Installing on Kubernetes
 
-Thanks to the efforts of the amazing folks at @mercedes-benz, GARM can now be integrated into k8s via their operator. Check out the [GARM operator](https://github.com/mercedes-benz/garm-operator/) for more details.
+Thanks to the efforts of the amazing folks at [@mercedes-benz](https://github.com/mercedes-benz/), GARM can now be integrated into k8s via their operator. Check out the [GARM operator](https://github.com/mercedes-benz/garm-operator/) for more details.
+
+## Configuring GARM for GHES
+
+GARM supports creating pools and scale sets in either GitHub itself or in your own deployment of [GitHub Enterprise Server](https://docs.github.com/en/enterprise-server@3.10/admin/overview/about-github-enterprise-server). For instructions on how to use ```GARM``` with GHE, see the [credentials](/doc/github_credentials.md) section of the documentation.
+
+## Configuring GARM for Gitea
+
+GARM now has support for Gitea (>=1.24.0). For information on getting started with Gitea, see the [Gitea quickstart](/doc/gitea.md) document.
+
+## Enabling the web UI
+
+GARM now ships with a single page application. To enable it, add the following to your GARM config:
+
+```toml
+[apiserver.webui]
+  enable = true
+```
+
+Check the [README.md](/webapp/README.md) file for details on the web UI.
+
+## Using GARM
+
+GARM is designed with simplicity in mind. At least we try to keep it as simple as possible. We're aware that adding a new tool in your workflow can be painful, especially when you already have to deal with so many. The cognitive load for OPS has reached a level where it feels overwhelming at times to even wrap your head around a new tool. As such, we believe that tools should be simple, should take no more than a few hours to understand and set up and if you absolutely need to interact with the tool, it should be as intuitive as possible. Although we try our best to make this happen, we're aware that GARM has some rough edges, especially for new users. If you encounter issues or feel like the setup process was too complicated, please let us know. We're always looking to improve the user experience.
+
+We've written a short introduction into some of the commands that GARM has and some of the concepts involved in setting up GARM, managing runners and how GitHub does some of the things it does.
+
+[You can find it here](/doc/using_garm.md).
+
+Please, feel free to [open an issue](https://github.com/cloudbase/garm/issues/new) if you find the documentation lacking and would like more info. Sometimes we forget the challenges that new users face as we're so close to the code and how it works. Any feedback is welcome and we're always looking to improve the documentation.
 
 ## Supported providers
 
 GARM uses providers to create runners in a particular IaaS. The providers are external executables that GARM calls into to create runners. Before you can create runners, you'll need to install at least one provider.
 
-## Installing external providers
+### Installing external providers
 
 External providers are binaries that GARM calls into to create runners in a particular IaaS. There are several external providers available:
 
-* [OpenStack](https://github.com/cloudbase/garm-provider-openstack)
+* [Akamai/Linode](https://github.com/flatcar/garm-provider-linode) - Experimental
+* [Amazon EC2](https://github.com/cloudbase/garm-provider-aws)
 * [Azure](https://github.com/cloudbase/garm-provider-azure)
+* [Equinix Metal](https://github.com/cloudbase/garm-provider-equinix)
+* [Google Cloud Platform (GCP)](https://github.com/cloudbase/garm-provider-gcp)
+* [Incus](https://github.com/cloudbase/garm-provider-incus)
 * [Kubernetes](https://github.com/mercedes-benz/garm-provider-k8s) - Thanks to the amazing folks at @mercedes-benz for sharing their awesome provider!
 * [LXD](https://github.com/cloudbase/garm-provider-lxd)
-* [Incus](https://github.com/cloudbase/garm-provider-incus)
+* [OpenStack](https://github.com/cloudbase/garm-provider-openstack)
+* [Oracle Cloud Infrastructure (OCI)](https://github.com/cloudbase/garm-provider-oci)
 
 Follow the instructions in the README of each provider to install them. 
 
-## Configuration
-
-The ```GARM``` configuration is a simple ```toml```. The sample config file in [the testdata folder](/testdata/config.toml) is fairly well commented and should be enough to get you started. The configuration file is split into several sections, each of which is documented in its own page. The sections are:
-
-* [The default section](/doc/config_default.md)
-* [Database](/doc/database.md)
-* [Github credentials](/doc/github_credentials.md)
-* [Providers](/doc/providers.md)
-* [Metrics](/doc/config_metrics.md)
-* [JWT authentication](/doc/config_jwt_auth.md)
-* [API server](/doc/config_api_server.md)
-
 ## Optimizing your runners
 
 If you would like to optimize the startup time of new instance, take a look at the [performance considerations](/doc/performance_considerations.md) page.

apiserver/controllers/controllers.go

@@ -15,30 +15,59 @@
 package controllers
 
 import (
+	"context"
 	"encoding/json"
+	"errors"
+	"fmt"
 	"io"
-	"log"
+	"log/slog"
 	"net/http"
+	"net/url"
 	"strings"
 
+	"github.com/gorilla/mux"
+	"github.com/gorilla/websocket"
+
 	gErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm-provider-common/util"
 	"github.com/cloudbase/garm/apiserver/params"
 	"github.com/cloudbase/garm/auth"
+	"github.com/cloudbase/garm/config"
 	"github.com/cloudbase/garm/metrics"
 	runnerParams "github.com/cloudbase/garm/params"
-	"github.com/cloudbase/garm/runner"
+	"github.com/cloudbase/garm/runner" //nolint:typecheck
+	garmUtil "github.com/cloudbase/garm/util"
 	wsWriter "github.com/cloudbase/garm/websocket"
-
-	"github.com/gorilla/mux"
-	"github.com/gorilla/websocket"
-	"github.com/pkg/errors"
+	"github.com/cloudbase/garm/workers/websocket/events"
 )
 
-func NewAPIController(r *runner.Runner, authenticator *auth.Authenticator, hub *wsWriter.Hub) (*APIController, error) {
-	controllerInfo, err := r.GetControllerInfo(auth.GetAdminContext())
+func NewAPIController(r *runner.Runner, authenticator *auth.Authenticator, hub *wsWriter.Hub, apiCfg config.APIServer) (*APIController, error) {
+	controllerInfo, err := r.GetControllerInfo(auth.GetAdminContext(context.Background()))
 	if err != nil {
-		return nil, errors.Wrap(err, "failed to get controller info")
+		return nil, fmt.Errorf("failed to get controller info: %w", err)
+	}
+	var checkOrigin func(r *http.Request) bool
+	if len(apiCfg.CORSOrigins) > 0 {
+		checkOrigin = func(r *http.Request) bool {
+			origin := r.Header["Origin"]
+			if len(origin) == 0 {
+				return true
+			}
+			u, err := url.Parse(origin[0])
+			if err != nil {
+				return false
+			}
+			for _, val := range apiCfg.CORSOrigins {
+				corsVal, err := url.Parse(val)
+				if err != nil {
+					continue
+				}
+				if garmUtil.ASCIIEqualFold(u.Host, corsVal.Host) {
+					return true
+				}
+			}
+			return false
+		}
 	}
 	return &APIController{
 		r:    r,
@@ -47,6 +76,7 @@ func NewAPIController(r *runner.Runner, authenticator *auth.Authenticator, hub *
 		upgrader: websocket.Upgrader{
 			ReadBufferSize:  1024,
 			WriteBufferSize: 16384,
+			CheckOrigin:     checkOrigin,
 		},
 		controllerID: controllerInfo.ControllerID.String(),
 	}, nil
@@ -60,26 +90,24 @@ type APIController struct {
 	controllerID string
 }
 
-func handleError(w http.ResponseWriter, err error) {
+func handleError(ctx context.Context, w http.ResponseWriter, err error) {
 	w.Header().Set("Content-Type", "application/json")
-	origErr := errors.Cause(err)
 	apiErr := params.APIErrorResponse{
-		Details: origErr.Error(),
+		Details: err.Error(),
 	}
-
-	switch origErr.(type) {
-	case *gErrors.NotFoundError:
+	switch {
+	case errors.Is(err, gErrors.ErrNotFound):
 		w.WriteHeader(http.StatusNotFound)
 		apiErr.Error = "Not Found"
-	case *gErrors.UnauthorizedError:
+	case errors.Is(err, gErrors.ErrUnauthorized):
 		w.WriteHeader(http.StatusUnauthorized)
 		apiErr.Error = "Not Authorized"
 		// Don't include details on 401 errors.
 		apiErr.Details = ""
-	case *gErrors.BadRequestError:
+	case errors.Is(err, gErrors.ErrBadRequest):
 		w.WriteHeader(http.StatusBadRequest)
 		apiErr.Error = "Bad Request"
-	case *gErrors.DuplicateUserError, *gErrors.ConflictError:
+	case errors.Is(err, gErrors.ErrDuplicateEntity), errors.Is(err, &gErrors.ConflictError{}):
 		w.WriteHeader(http.StatusConflict)
 		apiErr.Error = "Conflict"
 	default:
@@ -90,62 +118,62 @@ func handleError(w http.ResponseWriter, err error) {
 	}
 
 	if err := json.NewEncoder(w).Encode(apiErr); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
-func (a *APIController) webhookMetricLabelValues(valid, reason string) []string {
-	controllerInfo, err := a.r.GetControllerInfo(auth.GetAdminContext())
-	if err != nil {
-		log.Printf("failed to get controller info: %s", err)
-		// If labels are empty, not attempt will be made to record webhook.
-		return []string{}
-	}
-	return []string{
-		valid, reason,
-		controllerInfo.Hostname, controllerInfo.ControllerID.String(),
-	}
-}
-
-func (a *APIController) handleWorkflowJobEvent(w http.ResponseWriter, r *http.Request) {
+func (a *APIController) handleWorkflowJobEvent(ctx context.Context, w http.ResponseWriter, r *http.Request) {
 	defer r.Body.Close()
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
-		handleError(w, gErrors.NewBadRequestError("invalid post body: %s", err))
+		handleError(ctx, w, gErrors.NewBadRequestError("invalid post body: %s", err))
 		return
 	}
 
 	signature := r.Header.Get("X-Hub-Signature-256")
 	hookType := r.Header.Get("X-Github-Hook-Installation-Target-Type")
+	giteaTargetType := r.Header.Get("X-Gitea-Hook-Installation-Target-Type")
 
-	var labelValues []string
-	defer func() {
-		if len(labelValues) == 0 {
+	forgeType := runnerParams.GithubEndpointType
+	if giteaTargetType != "" {
+		forgeType = runnerParams.GiteaEndpointType
+		hookType = giteaTargetType
+	}
+
+	if err := a.r.DispatchWorkflowJob(hookType, signature, forgeType, body); err != nil {
+		switch {
+		case errors.Is(err, gErrors.ErrNotFound):
+			metrics.WebhooksReceived.WithLabelValues(
+				"false",         // label: valid
+				"owner_unknown", // label: reason
+			).Inc()
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "got not found error from DispatchWorkflowJob. webhook not meant for us?")
 			return
-		}
-		if err := metrics.RecordWebhookWithLabels(labelValues...); err != nil {
-			log.Printf("failed to record metric: %s", err)
-		}
-	}()
-
-	if err := a.r.DispatchWorkflowJob(hookType, signature, body); err != nil {
-		if errors.Is(err, gErrors.ErrNotFound) {
-			labelValues = a.webhookMetricLabelValues("false", "owner_unknown")
-			log.Printf("got not found error from DispatchWorkflowJob. webhook not meant for us?: %q", err)
-			return
-		} else if strings.Contains(err.Error(), "signature") { // TODO: check error type
-			labelValues = a.webhookMetricLabelValues("false", "signature_invalid")
-		} else {
-			labelValues = a.webhookMetricLabelValues("false", "unknown")
+		case strings.Contains(err.Error(), "signature"):
+			// nolint:golangci-lint,godox TODO: check error type
+			metrics.WebhooksReceived.WithLabelValues(
+				"false",             // label: valid
+				"signature_invalid", // label: reason
+			).Inc()
+		default:
+			metrics.WebhooksReceived.WithLabelValues(
+				"false",   // label: valid
+				"unknown", // label: reason
+			).Inc()
 		}
 
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
-	labelValues = a.webhookMetricLabelValues("true", "")
+	metrics.WebhooksReceived.WithLabelValues(
+		"true", // label: valid
+		"",     // label: reason
+	).Inc()
 }
 
 func (a *APIController) WebhookHandler(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
 	vars := mux.Vars(r)
 	controllerID, ok := vars["controllerID"]
 	// If the webhook URL includes a controller ID, we validate that it's meant for us. We still
@@ -154,7 +182,7 @@ func (a *APIController) WebhookHandler(w http.ResponseWriter, r *http.Request) {
 	// via garm. We cannot tag a webhook URL on github, so there is no way to determine ownership.
 	// Using a controllerID suffix is a simple way to denote ownership.
 	if ok && controllerID != a.controllerID {
-		log.Printf("ignoring webhook meant for controller %s", util.SanitizeLogEntry(controllerID))
+		slog.InfoContext(ctx, "ignoring webhook meant for foreign controller", "req_controller_id", controllerID)
 		return
 	}
 
@@ -163,11 +191,49 @@ func (a *APIController) WebhookHandler(w http.ResponseWriter, r *http.Request) {
 	event := runnerParams.Event(headers.Get("X-Github-Event"))
 	switch event {
 	case runnerParams.WorkflowJobEvent:
-		a.handleWorkflowJobEvent(w, r)
+		a.handleWorkflowJobEvent(ctx, w, r)
+	case runnerParams.PingEvent:
+		// Ignore ping event. We may want to save the ping in the github entity table in the future.
 	default:
-		log.Printf("ignoring unknown event %s", util.SanitizeLogEntry(string(event)))
+		slog.DebugContext(ctx, "ignoring unknown event", "gh_event", util.SanitizeLogEntry(string(event)))
+	}
+}
+
+func (a *APIController) EventsHandler(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	if !auth.IsAdmin(ctx) {
+		w.WriteHeader(http.StatusForbidden)
+		if _, err := w.Write([]byte("events are available to admin users")); err != nil {
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+		}
 		return
 	}
+
+	conn, err := a.upgrader.Upgrade(w, r, nil)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error upgrading to websockets")
+		return
+	}
+	defer conn.Close()
+
+	wsClient, err := wsWriter.NewClient(ctx, conn)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to create new client")
+		return
+	}
+	defer wsClient.Stop()
+
+	eventHandler, err := events.NewHandler(ctx, wsClient)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to create new event handler")
+		return
+	}
+
+	if err := eventHandler.Start(); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to start event handler")
+		return
+	}
+	<-eventHandler.Done()
 }
 
 func (a *APIController) WSHandler(writer http.ResponseWriter, req *http.Request) {
@@ -175,41 +241,45 @@ func (a *APIController) WSHandler(writer http.ResponseWriter, req *http.Request)
 	if !auth.IsAdmin(ctx) {
 		writer.WriteHeader(http.StatusForbidden)
 		if _, err := writer.Write([]byte("you need admin level access to view logs")); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	if a.hub == nil {
-		handleError(writer, gErrors.NewBadRequestError("log streamer is disabled"))
+		handleError(ctx, writer, gErrors.NewBadRequestError("log streamer is disabled"))
 		return
 	}
 
 	conn, err := a.upgrader.Upgrade(writer, req, nil)
 	if err != nil {
-		log.Printf("error upgrading to websockets: %v", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error upgrading to websockets")
 		return
 	}
+	defer conn.Close()
 
-	// TODO (gsamfira): Handle ExpiresAt. Right now, if a client uses
-	// a valid token to authenticate, and keeps the websocket connection
-	// open, it will allow that client to stream logs via websockets
-	// until the connection is broken. We need to forcefully disconnect
-	// the client once the token expires.
-	client, err := wsWriter.NewClient(conn, a.hub)
+	client, err := wsWriter.NewClient(ctx, conn)
 	if err != nil {
-		log.Printf("failed to create new client: %v", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to create new client")
 		return
 	}
 	if err := a.hub.Register(client); err != nil {
-		log.Printf("failed to register new client: %v", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to register new client")
 		return
 	}
-	client.Go()
+	defer a.hub.Unregister(client)
+
+	if err := client.Start(); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to start client")
+		return
+	}
+	<-client.Done()
+	slog.Info("client disconnected", "client_id", client.ID())
 }
 
 // NotFoundHandler is returned when an invalid URL is acccessed
 func (a *APIController) NotFoundHandler(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
 	apiErr := params.APIErrorResponse{
 		Details: "Resource not found",
 		Error:   "Not found",
@@ -218,7 +288,7 @@ func (a *APIController) NotFoundHandler(w http.ResponseWriter, r *http.Request)
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusNotFound)
 	if err := json.NewEncoder(w).Encode(apiErr); err != nil {
-		log.Printf("failet to write response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failet to write response")
 	}
 }
 
@@ -233,19 +303,19 @@ func (a *APIController) MetricsTokenHandler(w http.ResponseWriter, r *http.Reque
 	ctx := r.Context()
 
 	if !auth.IsAdmin(ctx) {
-		handleError(w, gErrors.ErrUnauthorized)
+		handleError(ctx, w, gErrors.ErrUnauthorized)
 		return
 	}
 
 	token, err := a.auth.GetJWTMetricsToken(ctx)
 	if err != nil {
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	err = json.NewEncoder(w).Encode(runnerParams.JWTResponse{Token: token})
 	if err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -266,32 +336,32 @@ func (a *APIController) MetricsTokenHandler(w http.ResponseWriter, r *http.Reque
 //
 // LoginHandler returns a jwt token
 func (a *APIController) LoginHandler(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
 	var loginInfo runnerParams.PasswordLoginParams
 	if err := json.NewDecoder(r.Body).Decode(&loginInfo); err != nil {
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 
 	if err := loginInfo.Validate(); err != nil {
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 
-	ctx := r.Context()
 	ctx, err := a.auth.AuthenticateUser(ctx, loginInfo)
 	if err != nil {
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 
 	tokenString, err := a.auth.GetJWTToken(ctx)
 	if err != nil {
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(runnerParams.JWTResponse{Token: tokenString}); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -310,49 +380,27 @@ func (a *APIController) LoginHandler(w http.ResponseWriter, r *http.Request) {
 //	  200: User
 //	  400: APIErrorResponse
 func (a *APIController) FirstRunHandler(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
 	if a.auth.IsInitialized() {
 		err := gErrors.NewConflictError("already initialized")
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 
-	ctx := r.Context()
-
 	var newUserParams runnerParams.NewUserParams
 	if err := json.NewDecoder(r.Body).Decode(&newUserParams); err != nil {
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 
 	newUser, err := a.auth.InitController(ctx, newUserParams)
 	if err != nil {
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(newUser); err != nil {
-		log.Printf("failed to encode response: %q", err)
-	}
-}
-
-// swagger:route GET /credentials credentials ListCredentials
-//
-// List all credentials.
-//
-//	Responses:
-//	  200: Credentials
-//	  400: APIErrorResponse
-func (a *APIController) ListCredentials(w http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
-	creds, err := a.r.ListCredentials(ctx)
-	if err != nil {
-		handleError(w, err)
-		return
-	}
-
-	w.Header().Set("Content-Type", "application/json")
-	if err := json.NewEncoder(w).Encode(creds); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -367,13 +415,13 @@ func (a *APIController) ListProviders(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	providers, err := a.r.ListProviders(ctx)
 	if err != nil {
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(providers); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -388,13 +436,13 @@ func (a *APIController) ListAllJobs(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	jobs, err := a.r.ListAllJobs(ctx)
 	if err != nil {
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(jobs); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -409,12 +457,51 @@ func (a *APIController) ControllerInfoHandler(w http.ResponseWriter, r *http.Req
 	ctx := r.Context()
 	info, err := a.r.GetControllerInfo(ctx)
 	if err != nil {
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(info); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route PUT /controller controller UpdateController
+//
+// Update controller.
+//
+//	Parameters:
+//	  + name: Body
+//	    description: Parameters used when updating the controller.
+//	    type: UpdateControllerParams
+//	    in: body
+//	    required: true
+//
+//	Responses:
+//	  200: ControllerInfo
+//	  400: APIErrorResponse
+func (a *APIController) UpdateControllerHandler(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	var updateParams runnerParams.UpdateControllerParams
+	if err := json.NewDecoder(r.Body).Decode(&updateParams); err != nil {
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	if err := updateParams.Validate(); err != nil {
+		handleError(ctx, w, err)
+		return
+	}
+
+	info, err := a.r.UpdateController(ctx, updateParams)
+	if err != nil {
+		handleError(ctx, w, err)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(info); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }

apiserver/controllers/enterprises.go

@@ -16,14 +16,14 @@ package controllers
 
 import (
 	"encoding/json"
-	"log"
+	"log/slog"
 	"net/http"
 
+	"github.com/gorilla/mux"
+
 	gErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm/apiserver/params"
 	runnerParams "github.com/cloudbase/garm/params"
-
-	"github.com/gorilla/mux"
 )
 
 // swagger:route POST /enterprises enterprises CreateEnterprise
@@ -45,20 +45,20 @@ func (a *APIController) CreateEnterpriseHandler(w http.ResponseWriter, r *http.R
 
 	var enterpriseData runnerParams.CreateEnterpriseParams
 	if err := json.NewDecoder(r.Body).Decode(&enterpriseData); err != nil {
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 
 	enterprise, err := a.r.CreateEnterprise(ctx, enterpriseData)
 	if err != nil {
-		log.Printf("error creating enterprise: %+v", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating enterprise")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(enterprise); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -66,22 +66,39 @@ func (a *APIController) CreateEnterpriseHandler(w http.ResponseWriter, r *http.R
 //
 // List all enterprises.
 //
+//	Parameters:
+//	  + name: name
+//	    description: Exact enterprise name to filter by
+//	    type: string
+//	    in: query
+//	    required: false
+//
+//	  + name: endpoint
+//	    description: Exact endpoint name to filter by
+//	    type: string
+//	    in: query
+//	    required: false
+//
 //	Responses:
 //	  200: Enterprises
 //	  default: APIErrorResponse
 func (a *APIController) ListEnterprisesHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 
-	enterprise, err := a.r.ListEnterprises(ctx)
+	filter := runnerParams.EnterpriseFilter{
+		Name:     r.URL.Query().Get("name"),
+		Endpoint: r.URL.Query().Get("endpoint"),
+	}
+	enterprise, err := a.r.ListEnterprises(ctx, filter)
 	if err != nil {
-		log.Printf("listing enterprise: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing enterprise")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(enterprise); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -110,21 +127,21 @@ func (a *APIController) GetEnterpriseByIDHandler(w http.ResponseWriter, r *http.
 			Error:   "Bad Request",
 			Details: "No enterprise ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	enterprise, err := a.r.GetEnterpriseByID(ctx, enterpriseID)
 	if err != nil {
-		log.Printf("fetching enterprise: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "fetching enterprise")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(enterprise); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -152,20 +169,19 @@ func (a *APIController) DeleteEnterpriseHandler(w http.ResponseWriter, r *http.R
 			Error:   "Bad Request",
 			Details: "No enterprise ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	if err := a.r.DeleteEnterprise(ctx, enterpriseID); err != nil {
-		log.Printf("removing enterprise: %+v", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "removing enterprise")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
-
 }
 
 // swagger:route PUT /enterprises/{enterpriseID} enterprises UpdateEnterprise
@@ -198,27 +214,27 @@ func (a *APIController) UpdateEnterpriseHandler(w http.ResponseWriter, r *http.R
 			Error:   "Bad Request",
 			Details: "No enterprise ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	var updatePayload runnerParams.UpdateEntityParams
 	if err := json.NewDecoder(r.Body).Decode(&updatePayload); err != nil {
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 
 	enterprise, err := a.r.UpdateEnterprise(ctx, enterpriseID, updatePayload)
 	if err != nil {
-		log.Printf("error updating enterprise: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error updating enterprise: %s")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(enterprise); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -253,28 +269,84 @@ func (a *APIController) CreateEnterprisePoolHandler(w http.ResponseWriter, r *ht
 			Error:   "Bad Request",
 			Details: "No enterprise ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	var poolData runnerParams.CreatePoolParams
 	if err := json.NewDecoder(r.Body).Decode(&poolData); err != nil {
-		log.Printf("failed to decode: %s", err)
-		handleError(w, gErrors.ErrBadRequest)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 
 	pool, err := a.r.CreateEnterprisePool(ctx, enterpriseID, poolData)
 	if err != nil {
-		log.Printf("error creating enterprise pool: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating enterprise pool")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route POST /enterprises/{enterpriseID}/scalesets enterprises scalesets CreateEnterpriseScaleSet
+//
+// Create enterprise pool with the parameters given.
+//
+//	Parameters:
+//	  + name: enterpriseID
+//	    description: Enterprise ID.
+//	    type: string
+//	    in: path
+//	    required: true
+//
+//	  + name: Body
+//	    description: Parameters used when creating the enterprise scale set.
+//	    type: CreateScaleSetParams
+//	    in: body
+//	    required: true
+//
+//	Responses:
+//	  200: ScaleSet
+//	  default: APIErrorResponse
+func (a *APIController) CreateEnterpriseScaleSetHandler(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	vars := mux.Vars(r)
+	enterpriseID, ok := vars["enterpriseID"]
+	if !ok {
+		w.WriteHeader(http.StatusBadRequest)
+		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
+			Error:   "Bad Request",
+			Details: "No enterprise ID specified",
+		}); err != nil {
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+		}
+		return
+	}
+
+	var scaleSetData runnerParams.CreateScaleSetParams
+	if err := json.NewDecoder(r.Body).Decode(&scaleSetData); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	scaleSet, err := a.r.CreateEntityScaleSet(ctx, runnerParams.ForgeEntityTypeEnterprise, enterpriseID, scaleSetData)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating enterprise scale set")
+		handleError(ctx, w, err)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(scaleSet); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -302,23 +374,64 @@ func (a *APIController) ListEnterprisePoolsHandler(w http.ResponseWriter, r *htt
 			Error:   "Bad Request",
 			Details: "No enterprise ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	pools, err := a.r.ListEnterprisePools(ctx, enterpriseID)
 	if err != nil {
-		log.Printf("listing pools: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing pools")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pools); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route GET /enterprises/{enterpriseID}/scalesets enterprises scalesets ListEnterpriseScaleSets
+//
+// List enterprise scale sets.
+//
+//	Parameters:
+//	  + name: enterpriseID
+//	    description: Enterprise ID.
+//	    type: string
+//	    in: path
+//	    required: true
+//
+//	Responses:
+//	  200: ScaleSets
+//	  default: APIErrorResponse
+func (a *APIController) ListEnterpriseScaleSetsHandler(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	vars := mux.Vars(r)
+	enterpriseID, ok := vars["enterpriseID"]
+	if !ok {
+		w.WriteHeader(http.StatusBadRequest)
+		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
+			Error:   "Bad Request",
+			Details: "No enterprise ID specified",
+		}); err != nil {
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+		}
+		return
 	}
 
+	scaleSets, err := a.r.ListEntityScaleSets(ctx, runnerParams.ForgeEntityTypeEnterprise, enterpriseID)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing scale sets")
+		handleError(ctx, w, err)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(scaleSets); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
 }
 
 // swagger:route GET /enterprises/{enterpriseID}/pools/{poolID} enterprises pools GetEnterprisePool
@@ -352,21 +465,21 @@ func (a *APIController) GetEnterprisePoolHandler(w http.ResponseWriter, r *http.
 			Error:   "Bad Request",
 			Details: "No enterprise or pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	pool, err := a.r.GetEnterprisePoolByID(ctx, enterpriseID, poolID)
 	if err != nil {
-		log.Printf("listing pools: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing pools")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -401,20 +514,19 @@ func (a *APIController) DeleteEnterprisePoolHandler(w http.ResponseWriter, r *ht
 			Error:   "Bad Request",
 			Details: "No enterprise or pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	if err := a.r.DeleteEnterprisePool(ctx, enterpriseID, poolID); err != nil {
-		log.Printf("removing pool: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "removing pool")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
-
 }
 
 // swagger:route PUT /enterprises/{enterpriseID}/pools/{poolID} enterprises pools UpdateEnterprisePool
@@ -455,27 +567,27 @@ func (a *APIController) UpdateEnterprisePoolHandler(w http.ResponseWriter, r *ht
 			Error:   "Bad Request",
 			Details: "No enterprise or pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	var poolData runnerParams.UpdatePoolParams
 	if err := json.NewDecoder(r.Body).Decode(&poolData); err != nil {
-		log.Printf("failed to decode: %s", err)
-		handleError(w, gErrors.ErrBadRequest)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 
 	pool, err := a.r.UpdateEnterprisePool(ctx, enterpriseID, poolID, poolData)
 	if err != nil {
-		log.Printf("error creating enterprise pool: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating enterprise pool")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }

apiserver/controllers/gitea_credentials.go

@@ -0,0 +1,241 @@
+// Copyright 2025 Cloudbase Solutions SRL
+//
+//	Licensed under the Apache License, Version 2.0 (the "License"); you may
+//	not use this file except in compliance with the License. You may obtain
+//	a copy of the License at
+//
+//	     http://www.apache.org/licenses/LICENSE-2.0
+//
+//	Unless required by applicable law or agreed to in writing, software
+//	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+//	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+//	License for the specific language governing permissions and limitations
+//	under the License.
+package controllers
+
+import (
+	"encoding/json"
+	"log/slog"
+	"math"
+	"net/http"
+	"strconv"
+
+	"github.com/gorilla/mux"
+
+	gErrors "github.com/cloudbase/garm-provider-common/errors"
+	"github.com/cloudbase/garm/params"
+)
+
+// swagger:route GET /gitea/credentials credentials ListGiteaCredentials
+//
+// List all credentials.
+//
+//	Responses:
+//	  200: Credentials
+//	  400: APIErrorResponse
+func (a *APIController) ListGiteaCredentials(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	creds, err := a.r.ListGiteaCredentials(ctx)
+	if err != nil {
+		handleError(ctx, w, err)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(creds); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route POST /gitea/credentials credentials CreateGiteaCredentials
+//
+// Create a Gitea credential.
+//
+//	Parameters:
+//	  + name: Body
+//	    description: Parameters used when creating a Gitea credential.
+//	    type: CreateGiteaCredentialsParams
+//	    in: body
+//	    required: true
+//
+//	Responses:
+//	  200: ForgeCredentials
+//	  400: APIErrorResponse
+func (a *APIController) CreateGiteaCredential(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	var params params.CreateGiteaCredentialsParams
+	if err := json.NewDecoder(r.Body).Decode(&params); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode request")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	cred, err := a.r.CreateGiteaCredentials(ctx, params)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to create Gitea credential")
+		handleError(ctx, w, err)
+		return
+	}
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(cred); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route GET /gitea/credentials/{id} credentials GetGiteaCredentials
+//
+// Get a Gitea credential.
+//
+//	Parameters:
+//	  + name: id
+//	    description: ID of the Gitea credential.
+//	    type: integer
+//	    in: path
+//	    required: true
+//
+//	Responses:
+//	  200: ForgeCredentials
+//	  400: APIErrorResponse
+func (a *APIController) GetGiteaCredential(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	vars := mux.Vars(r)
+	idParam, ok := vars["id"]
+	if !ok {
+		slog.ErrorContext(ctx, "missing id in request")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	id, err := strconv.ParseUint(idParam, 10, 64)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to parse id")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	if id > math.MaxUint {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "id is too large")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	cred, err := a.r.GetGiteaCredentials(ctx, uint(id))
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to get Gitea credential")
+		handleError(ctx, w, err)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(cred); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route DELETE /gitea/credentials/{id} credentials DeleteGiteaCredentials
+//
+// Delete a Gitea credential.
+//
+//	Parameters:
+//	  + name: id
+//	    description: ID of the Gitea credential.
+//	    type: integer
+//	    in: path
+//	    required: true
+//
+//	Responses:
+//	  default: APIErrorResponse
+func (a *APIController) DeleteGiteaCredential(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	vars := mux.Vars(r)
+	idParam, ok := vars["id"]
+	if !ok {
+		slog.ErrorContext(ctx, "missing id in request")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	id, err := strconv.ParseUint(idParam, 10, 64)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to parse id")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	if id > math.MaxUint {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "id is too large")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	if err := a.r.DeleteGiteaCredentials(ctx, uint(id)); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to delete Gitea credential")
+		handleError(ctx, w, err)
+		return
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+}
+
+// swagger:route PUT /gitea/credentials/{id} credentials UpdateGiteaCredentials
+//
+// Update a Gitea credential.
+//
+//	Parameters:
+//	  + name: id
+//	    description: ID of the Gitea credential.
+//	    type: integer
+//	    in: path
+//	    required: true
+//	  + name: Body
+//	    description: Parameters used when updating a Gitea credential.
+//	    type: UpdateGiteaCredentialsParams
+//	    in: body
+//	    required: true
+//
+//	Responses:
+//	  200: ForgeCredentials
+//	  400: APIErrorResponse
+func (a *APIController) UpdateGiteaCredential(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	vars := mux.Vars(r)
+	idParam, ok := vars["id"]
+	if !ok {
+		slog.ErrorContext(ctx, "missing id in request")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	id, err := strconv.ParseUint(idParam, 10, 64)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to parse id")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	if id > math.MaxUint {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "id is too large")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	var params params.UpdateGiteaCredentialsParams
+	if err := json.NewDecoder(r.Body).Decode(&params); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode request")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	cred, err := a.r.UpdateGiteaCredentials(ctx, uint(id), params)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to update Gitea credential")
+		handleError(ctx, w, err)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(cred); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}

apiserver/controllers/gitea_endpoints.go

@@ -0,0 +1,199 @@
+// Copyright 2025 Cloudbase Solutions SRL
+//
+//	Licensed under the Apache License, Version 2.0 (the "License"); you may
+//	not use this file except in compliance with the License. You may obtain
+//	a copy of the License at
+//
+//	     http://www.apache.org/licenses/LICENSE-2.0
+//
+//	Unless required by applicable law or agreed to in writing, software
+//	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+//	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+//	License for the specific language governing permissions and limitations
+//	under the License.
+package controllers
+
+import (
+	"encoding/json"
+	"log/slog"
+	"net/http"
+
+	"github.com/gorilla/mux"
+
+	gErrors "github.com/cloudbase/garm-provider-common/errors"
+	"github.com/cloudbase/garm/params"
+)
+
+// swagger:route POST /gitea/endpoints endpoints CreateGiteaEndpoint
+//
+// Create a Gitea Endpoint.
+//
+//	Parameters:
+//	  + name: Body
+//	    description: Parameters used when creating a Gitea endpoint.
+//	    type: CreateGiteaEndpointParams
+//	    in: body
+//	    required: true
+//
+//	Responses:
+//	  200: ForgeEndpoint
+//	  default: APIErrorResponse
+func (a *APIController) CreateGiteaEndpoint(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	var params params.CreateGiteaEndpointParams
+	if err := json.NewDecoder(r.Body).Decode(&params); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode request")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	endpoint, err := a.r.CreateGiteaEndpoint(ctx, params)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to create Gitea endpoint")
+		handleError(ctx, w, err)
+		return
+	}
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(endpoint); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route GET /gitea/endpoints endpoints ListGiteaEndpoints
+//
+// List all Gitea Endpoints.
+//
+//	Responses:
+//	  200: ForgeEndpoints
+//	  default: APIErrorResponse
+func (a *APIController) ListGiteaEndpoints(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	endpoints, err := a.r.ListGiteaEndpoints(ctx)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to list Gitea endpoints")
+		handleError(ctx, w, err)
+		return
+	}
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(endpoints); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route GET /gitea/endpoints/{name} endpoints GetGiteaEndpoint
+//
+// Get a Gitea Endpoint.
+//
+//	Parameters:
+//	  + name: name
+//	    description: The name of the Gitea endpoint.
+//	    type: string
+//	    in: path
+//	    required: true
+//
+//	Responses:
+//	  200: ForgeEndpoint
+//	  default: APIErrorResponse
+func (a *APIController) GetGiteaEndpoint(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	vars := mux.Vars(r)
+	name, ok := vars["name"]
+	if !ok {
+		slog.ErrorContext(ctx, "missing name in request")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+	endpoint, err := a.r.GetGiteaEndpoint(ctx, name)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to get Gitea endpoint")
+		handleError(ctx, w, err)
+		return
+	}
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(endpoint); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route DELETE /gitea/endpoints/{name} endpoints DeleteGiteaEndpoint
+//
+// Delete a Gitea Endpoint.
+//
+//	Parameters:
+//	  + name: name
+//	    description: The name of the Gitea endpoint.
+//	    type: string
+//	    in: path
+//	    required: true
+//
+//	Responses:
+//	  default: APIErrorResponse
+func (a *APIController) DeleteGiteaEndpoint(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	vars := mux.Vars(r)
+	name, ok := vars["name"]
+	if !ok {
+		slog.ErrorContext(ctx, "missing name in request")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+	if err := a.r.DeleteGiteaEndpoint(ctx, name); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to delete Gitea endpoint")
+		handleError(ctx, w, err)
+		return
+	}
+	w.WriteHeader(http.StatusNoContent)
+}
+
+// swagger:route PUT /gitea/endpoints/{name} endpoints UpdateGiteaEndpoint
+//
+// Update a Gitea Endpoint.
+//
+//	Parameters:
+//	  + name: name
+//	    description: The name of the Gitea endpoint.
+//	    type: string
+//	    in: path
+//	    required: true
+//	  + name: Body
+//	    description: Parameters used when updating a Gitea endpoint.
+//	    type: UpdateGiteaEndpointParams
+//	    in: body
+//	    required: true
+//
+//	Responses:
+//	  200: ForgeEndpoint
+//	  default: APIErrorResponse
+func (a *APIController) UpdateGiteaEndpoint(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	vars := mux.Vars(r)
+	name, ok := vars["name"]
+	if !ok {
+		slog.ErrorContext(ctx, "missing name in request")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	var params params.UpdateGiteaEndpointParams
+	if err := json.NewDecoder(r.Body).Decode(&params); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode request")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	endpoint, err := a.r.UpdateGiteaEndpoint(ctx, name, params)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to update GitHub endpoint")
+		handleError(ctx, w, err)
+		return
+	}
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(endpoint); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}

apiserver/controllers/github_credentials.go

@@ -0,0 +1,242 @@
+// Copyright 2025 Cloudbase Solutions SRL
+//
+//	Licensed under the Apache License, Version 2.0 (the "License"); you may
+//	not use this file except in compliance with the License. You may obtain
+//	a copy of the License at
+//
+//	     http://www.apache.org/licenses/LICENSE-2.0
+//
+//	Unless required by applicable law or agreed to in writing, software
+//	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+//	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+//	License for the specific language governing permissions and limitations
+//	under the License.
+package controllers
+
+import (
+	"encoding/json"
+	"log/slog"
+	"math"
+	"net/http"
+	"strconv"
+
+	"github.com/gorilla/mux"
+
+	gErrors "github.com/cloudbase/garm-provider-common/errors"
+	"github.com/cloudbase/garm/params"
+)
+
+// swagger:route GET /credentials credentials ListCredentials
+// swagger:route GET /github/credentials credentials ListCredentials
+//
+// List all credentials.
+//
+//	Responses:
+//	  200: Credentials
+//	  400: APIErrorResponse
+func (a *APIController) ListCredentials(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	creds, err := a.r.ListCredentials(ctx)
+	if err != nil {
+		handleError(ctx, w, err)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(creds); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route POST /github/credentials credentials CreateCredentials
+//
+// Create a GitHub credential.
+//
+//	Parameters:
+//	  + name: Body
+//	    description: Parameters used when creating a GitHub credential.
+//	    type: CreateGithubCredentialsParams
+//	    in: body
+//	    required: true
+//
+//	Responses:
+//	  200: ForgeCredentials
+//	  400: APIErrorResponse
+func (a *APIController) CreateGithubCredential(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	var params params.CreateGithubCredentialsParams
+	if err := json.NewDecoder(r.Body).Decode(&params); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode request")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	cred, err := a.r.CreateGithubCredentials(ctx, params)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to create GitHub credential")
+		handleError(ctx, w, err)
+		return
+	}
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(cred); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route GET /github/credentials/{id} credentials GetCredentials
+//
+// Get a GitHub credential.
+//
+//	Parameters:
+//	  + name: id
+//	    description: ID of the GitHub credential.
+//	    type: integer
+//	    in: path
+//	    required: true
+//
+//	Responses:
+//	  200: ForgeCredentials
+//	  400: APIErrorResponse
+func (a *APIController) GetGithubCredential(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	vars := mux.Vars(r)
+	idParam, ok := vars["id"]
+	if !ok {
+		slog.ErrorContext(ctx, "missing id in request")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	id, err := strconv.ParseUint(idParam, 10, 64)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to parse id")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	if id > math.MaxUint {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "id is too large")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	cred, err := a.r.GetGithubCredentials(ctx, uint(id))
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to get GitHub credential")
+		handleError(ctx, w, err)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(cred); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route DELETE /github/credentials/{id} credentials DeleteCredentials
+//
+// Delete a GitHub credential.
+//
+//	Parameters:
+//	  + name: id
+//	    description: ID of the GitHub credential.
+//	    type: integer
+//	    in: path
+//	    required: true
+//
+//	Responses:
+//	  default: APIErrorResponse
+func (a *APIController) DeleteGithubCredential(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	vars := mux.Vars(r)
+	idParam, ok := vars["id"]
+	if !ok {
+		slog.ErrorContext(ctx, "missing id in request")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	id, err := strconv.ParseUint(idParam, 10, 64)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to parse id")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	if id > math.MaxUint {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "id is too large")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	if err := a.r.DeleteGithubCredentials(ctx, uint(id)); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to delete GitHub credential")
+		handleError(ctx, w, err)
+		return
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+}
+
+// swagger:route PUT /github/credentials/{id} credentials UpdateCredentials
+//
+// Update a GitHub credential.
+//
+//	Parameters:
+//	  + name: id
+//	    description: ID of the GitHub credential.
+//	    type: integer
+//	    in: path
+//	    required: true
+//	  + name: Body
+//	    description: Parameters used when updating a GitHub credential.
+//	    type: UpdateGithubCredentialsParams
+//	    in: body
+//	    required: true
+//
+//	Responses:
+//	  200: ForgeCredentials
+//	  400: APIErrorResponse
+func (a *APIController) UpdateGithubCredential(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	vars := mux.Vars(r)
+	idParam, ok := vars["id"]
+	if !ok {
+		slog.ErrorContext(ctx, "missing id in request")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	id, err := strconv.ParseUint(idParam, 10, 64)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to parse id")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	if id > math.MaxUint {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "id is too large")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	var params params.UpdateGithubCredentialsParams
+	if err := json.NewDecoder(r.Body).Decode(&params); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode request")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	cred, err := a.r.UpdateGithubCredentials(ctx, uint(id), params)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to update GitHub credential")
+		handleError(ctx, w, err)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(cred); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}

apiserver/controllers/github_endpoints.go

@@ -0,0 +1,199 @@
+// Copyright 2025 Cloudbase Solutions SRL
+//
+//	Licensed under the Apache License, Version 2.0 (the "License"); you may
+//	not use this file except in compliance with the License. You may obtain
+//	a copy of the License at
+//
+//	     http://www.apache.org/licenses/LICENSE-2.0
+//
+//	Unless required by applicable law or agreed to in writing, software
+//	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+//	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+//	License for the specific language governing permissions and limitations
+//	under the License.
+package controllers
+
+import (
+	"encoding/json"
+	"log/slog"
+	"net/http"
+
+	"github.com/gorilla/mux"
+
+	gErrors "github.com/cloudbase/garm-provider-common/errors"
+	"github.com/cloudbase/garm/params"
+)
+
+// swagger:route POST /github/endpoints endpoints CreateGithubEndpoint
+//
+// Create a GitHub Endpoint.
+//
+//	Parameters:
+//	  + name: Body
+//	    description: Parameters used when creating a GitHub endpoint.
+//	    type: CreateGithubEndpointParams
+//	    in: body
+//	    required: true
+//
+//	Responses:
+//	  200: ForgeEndpoint
+//	  default: APIErrorResponse
+func (a *APIController) CreateGithubEndpoint(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	var params params.CreateGithubEndpointParams
+	if err := json.NewDecoder(r.Body).Decode(&params); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode request")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	endpoint, err := a.r.CreateGithubEndpoint(ctx, params)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to create GitHub endpoint")
+		handleError(ctx, w, err)
+		return
+	}
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(endpoint); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route GET /github/endpoints endpoints ListGithubEndpoints
+//
+// List all GitHub Endpoints.
+//
+//	Responses:
+//	  200: ForgeEndpoints
+//	  default: APIErrorResponse
+func (a *APIController) ListGithubEndpoints(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	endpoints, err := a.r.ListGithubEndpoints(ctx)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to list GitHub endpoints")
+		handleError(ctx, w, err)
+		return
+	}
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(endpoints); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route GET /github/endpoints/{name} endpoints GetGithubEndpoint
+//
+// Get a GitHub Endpoint.
+//
+//	Parameters:
+//	  + name: name
+//	    description: The name of the GitHub endpoint.
+//	    type: string
+//	    in: path
+//	    required: true
+//
+//	Responses:
+//	  200: ForgeEndpoint
+//	  default: APIErrorResponse
+func (a *APIController) GetGithubEndpoint(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	vars := mux.Vars(r)
+	name, ok := vars["name"]
+	if !ok {
+		slog.ErrorContext(ctx, "missing name in request")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+	endpoint, err := a.r.GetGithubEndpoint(ctx, name)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to get GitHub endpoint")
+		handleError(ctx, w, err)
+		return
+	}
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(endpoint); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route DELETE /github/endpoints/{name} endpoints DeleteGithubEndpoint
+//
+// Delete a GitHub Endpoint.
+//
+//	Parameters:
+//	  + name: name
+//	    description: The name of the GitHub endpoint.
+//	    type: string
+//	    in: path
+//	    required: true
+//
+//	Responses:
+//	  default: APIErrorResponse
+func (a *APIController) DeleteGithubEndpoint(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	vars := mux.Vars(r)
+	name, ok := vars["name"]
+	if !ok {
+		slog.ErrorContext(ctx, "missing name in request")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+	if err := a.r.DeleteGithubEndpoint(ctx, name); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to delete GitHub endpoint")
+		handleError(ctx, w, err)
+		return
+	}
+	w.WriteHeader(http.StatusNoContent)
+}
+
+// swagger:route PUT /github/endpoints/{name} endpoints UpdateGithubEndpoint
+//
+// Update a GitHub Endpoint.
+//
+//	Parameters:
+//	  + name: name
+//	    description: The name of the GitHub endpoint.
+//	    type: string
+//	    in: path
+//	    required: true
+//	  + name: Body
+//	    description: Parameters used when updating a GitHub endpoint.
+//	    type: UpdateGithubEndpointParams
+//	    in: body
+//	    required: true
+//
+//	Responses:
+//	  200: ForgeEndpoint
+//	  default: APIErrorResponse
+func (a *APIController) UpdateGithubEndpoint(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	vars := mux.Vars(r)
+	name, ok := vars["name"]
+	if !ok {
+		slog.ErrorContext(ctx, "missing name in request")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	var params params.UpdateGithubEndpointParams
+	if err := json.NewDecoder(r.Body).Decode(&params); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode request")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	endpoint, err := a.r.UpdateGithubEndpoint(ctx, name, params)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to update GitHub endpoint")
+		handleError(ctx, w, err)
+		return
+	}
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(endpoint); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}

apiserver/controllers/instances.go

@@ -16,15 +16,15 @@ package controllers
 
 import (
 	"encoding/json"
-	"log"
+	"log/slog"
 	"net/http"
 	"strconv"
 
+	"github.com/gorilla/mux"
+
 	gErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm/apiserver/params"
 	runnerParams "github.com/cloudbase/garm/params"
-
-	"github.com/gorilla/mux"
 )
 
 // swagger:route GET /pools/{poolID}/instances instances ListPoolInstances
@@ -51,21 +51,69 @@ func (a *APIController) ListPoolInstancesHandler(w http.ResponseWriter, r *http.
 			Error:   "Bad Request",
 			Details: "No pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	instances, err := a.r.ListPoolInstances(ctx, poolID)
 	if err != nil {
-		log.Printf("listing pool instances: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing pool instances")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(instances); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route GET /scalesets/{scalesetID}/instances instances ListScaleSetInstances
+//
+// List runner instances in a scale set.
+//
+//	Parameters:
+//	  + name: scalesetID
+//	    description: Runner scale set ID.
+//	    type: string
+//	    in: path
+//	    required: true
+//
+//	Responses:
+//	  200: Instances
+//	  default: APIErrorResponse
+func (a *APIController) ListScaleSetInstancesHandler(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	vars := mux.Vars(r)
+	scalesetID, ok := vars["scalesetID"]
+	if !ok {
+		w.WriteHeader(http.StatusBadRequest)
+		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
+			Error:   "Bad Request",
+			Details: "No pool ID specified",
+		}); err != nil {
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+		}
+		return
+	}
+	id, err := strconv.ParseUint(scalesetID, 10, 32)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to parse id")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	instances, err := a.r.ListScaleSetInstances(ctx, uint(id))
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing pool instances")
+		handleError(ctx, w, err)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(instances); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -93,21 +141,21 @@ func (a *APIController) GetInstanceHandler(w http.ResponseWriter, r *http.Reques
 			Error:   "Bad Request",
 			Details: "No runner name specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	instance, err := a.r.GetInstance(ctx, instanceName)
 	if err != nil {
-		log.Printf("listing instances: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing instances")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(instance); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -128,8 +176,15 @@ func (a *APIController) GetInstanceHandler(w http.ResponseWriter, r *http.Reques
 //	    in: query
 //	    required: false
 //
-//	Responses:
-//	  default: APIErrorResponse
+//	  + name: bypassGHUnauthorized
+//	    description: If true GARM will ignore unauthorized errors returned by GitHub when removing a runner. This is useful if you want to clean up runners and your credentials have expired.
+//	    type: boolean
+//	    in: query
+//	    required: false
+//
+// Responses:
+//
+//	default: APIErrorResponse
 func (a *APIController) DeleteInstanceHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	vars := mux.Vars(r)
@@ -140,15 +195,16 @@ func (a *APIController) DeleteInstanceHandler(w http.ResponseWriter, r *http.Req
 			Error:   "Bad Request",
 			Details: "No instance name specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	forceRemove, _ := strconv.ParseBool(r.URL.Query().Get("forceRemove"))
-	if err := a.r.DeleteRunner(ctx, instanceName, forceRemove); err != nil {
-		log.Printf("removing runner: %s", err)
-		handleError(w, err)
+	bypassGHUnauthorized, _ := strconv.ParseBool(r.URL.Query().Get("bypassGHUnauthorized"))
+	if err := a.r.DeleteRunner(ctx, instanceName, forceRemove, bypassGHUnauthorized); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "removing runner")
+		handleError(ctx, w, err)
 		return
 	}
 
@@ -180,21 +236,21 @@ func (a *APIController) ListRepoInstancesHandler(w http.ResponseWriter, r *http.
 			Error:   "Bad Request",
 			Details: "No repo ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	instances, err := a.r.ListRepoInstances(ctx, repoID)
 	if err != nil {
-		log.Printf("listing pools: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing pools")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(instances); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -222,21 +278,21 @@ func (a *APIController) ListOrgInstancesHandler(w http.ResponseWriter, r *http.R
 			Error:   "Bad Request",
 			Details: "No org ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	instances, err := a.r.ListOrgInstances(ctx, orgID)
 	if err != nil {
-		log.Printf("listing instances: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing instances")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(instances); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -264,21 +320,21 @@ func (a *APIController) ListEnterpriseInstancesHandler(w http.ResponseWriter, r
 			Error:   "Bad Request",
 			Details: "No enterprise ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	instances, err := a.r.ListEnterpriseInstances(ctx, enterpriseID)
 	if err != nil {
-		log.Printf("listing instances: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing instances")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(instances); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -294,14 +350,14 @@ func (a *APIController) ListAllInstancesHandler(w http.ResponseWriter, r *http.R
 
 	instances, err := a.r.ListAllInstances(ctx)
 	if err != nil {
-		log.Printf("listing instances: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing instances")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(instances); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -310,14 +366,34 @@ func (a *APIController) InstanceStatusMessageHandler(w http.ResponseWriter, r *h
 
 	var updateMessage runnerParams.InstanceUpdateMessage
 	if err := json.NewDecoder(r.Body).Decode(&updateMessage); err != nil {
-		log.Printf("failed to decode: %s", err)
-		handleError(w, gErrors.ErrBadRequest)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 
 	if err := a.r.AddInstanceStatusMessage(ctx, updateMessage); err != nil {
-		log.Printf("error saving status message: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error saving status message")
+		handleError(ctx, w, err)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(http.StatusOK)
+}
+
+func (a *APIController) InstanceSystemInfoHandler(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	var updateMessage runnerParams.UpdateSystemInfoParams
+	if err := json.NewDecoder(r.Body).Decode(&updateMessage); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	if err := a.r.UpdateSystemInfo(ctx, updateMessage); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error saving status message")
+		handleError(ctx, w, err)
 		return
 	}
 

apiserver/controllers/metadata.go

@@ -17,11 +17,12 @@ package controllers
 import (
 	"encoding/json"
 	"fmt"
-	"log"
+	"log/slog"
 	"net/http"
 
-	"github.com/cloudbase/garm/apiserver/params"
 	"github.com/gorilla/mux"
+
+	"github.com/cloudbase/garm/apiserver/params"
 )
 
 func (a *APIController) InstanceGithubRegistrationTokenHandler(w http.ResponseWriter, r *http.Request) {
@@ -29,14 +30,14 @@ func (a *APIController) InstanceGithubRegistrationTokenHandler(w http.ResponseWr
 
 	token, err := a.r.GetInstanceGithubRegistrationToken(ctx)
 	if err != nil {
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
 	if _, err := w.Write([]byte(token)); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -50,7 +51,7 @@ func (a *APIController) JITCredentialsFileHandler(w http.ResponseWriter, r *http
 			Error:   "Not Found",
 			Details: "Not Found",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
@@ -59,8 +60,8 @@ func (a *APIController) JITCredentialsFileHandler(w http.ResponseWriter, r *http
 
 	data, err := a.r.GetJITConfigFile(ctx, dotFileName)
 	if err != nil {
-		log.Printf("getting JIT config file: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "getting JIT config file")
+		handleError(ctx, w, err)
 		return
 	}
 
@@ -71,7 +72,7 @@ func (a *APIController) JITCredentialsFileHandler(w http.ResponseWriter, r *http
 	w.Header().Set("Content-Length", fmt.Sprintf("%d", len(data)))
 	w.WriteHeader(http.StatusOK)
 	if _, err := w.Write(data); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -80,14 +81,14 @@ func (a *APIController) SystemdServiceNameHandler(w http.ResponseWriter, r *http
 
 	serviceName, err := a.r.GetRunnerServiceName(ctx)
 	if err != nil {
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "text/plain")
 	w.WriteHeader(http.StatusOK)
 	if _, err := w.Write([]byte(serviceName)); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -97,14 +98,14 @@ func (a *APIController) SystemdUnitFileHandler(w http.ResponseWriter, r *http.Re
 
 	data, err := a.r.GenerateSystemdUnitFile(ctx, runAsUser)
 	if err != nil {
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "text/plain")
 	w.WriteHeader(http.StatusOK)
 	if _, err := w.Write(data); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -113,12 +114,12 @@ func (a *APIController) RootCertificateBundleHandler(w http.ResponseWriter, r *h
 
 	bundle, err := a.r.GetRootCertificateBundle(ctx)
 	if err != nil {
-		handleError(w, err)
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(bundle); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }

apiserver/controllers/organizations.go

@@ -16,15 +16,15 @@ package controllers
 
 import (
 	"encoding/json"
-	"log"
+	"log/slog"
 	"net/http"
 	"strconv"
 
+	"github.com/gorilla/mux"
+
 	gErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm/apiserver/params"
 	runnerParams "github.com/cloudbase/garm/params"
-
-	"github.com/gorilla/mux"
 )
 
 // swagger:route POST /organizations organizations CreateOrg
@@ -46,20 +46,20 @@ func (a *APIController) CreateOrgHandler(w http.ResponseWriter, r *http.Request)
 
 	var orgData runnerParams.CreateOrgParams
 	if err := json.NewDecoder(r.Body).Decode(&orgData); err != nil {
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 
 	org, err := a.r.CreateOrganization(ctx, orgData)
 	if err != nil {
-		log.Printf("error creating organization: %+v", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating organization")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(org); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -67,22 +67,39 @@ func (a *APIController) CreateOrgHandler(w http.ResponseWriter, r *http.Request)
 //
 // List organizations.
 //
+//	Parameters:
+//	  + name: name
+//	    description: Exact organization name to filter by
+//	    type: string
+//	    in: query
+//	    required: false
+//
+//	  + name: endpoint
+//	    description: Exact endpoint name to filter by
+//	    type: string
+//	    in: query
+//	    required: false
+//
 //	Responses:
 //	  200: Organizations
 //	  default: APIErrorResponse
 func (a *APIController) ListOrgsHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 
-	orgs, err := a.r.ListOrganizations(ctx)
+	filter := runnerParams.OrganizationFilter{
+		Name:     r.URL.Query().Get("name"),
+		Endpoint: r.URL.Query().Get("endpoint"),
+	}
+	orgs, err := a.r.ListOrganizations(ctx, filter)
 	if err != nil {
-		log.Printf("listing orgs: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing orgs")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(orgs); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -111,21 +128,21 @@ func (a *APIController) GetOrgByIDHandler(w http.ResponseWriter, r *http.Request
 			Error:   "Bad Request",
 			Details: "No org ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	org, err := a.r.GetOrganizationByID(ctx, orgID)
 	if err != nil {
-		log.Printf("fetching org: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "fetching org")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(org); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -159,7 +176,7 @@ func (a *APIController) DeleteOrgHandler(w http.ResponseWriter, r *http.Request)
 			Error:   "Bad Request",
 			Details: "No org ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
@@ -167,14 +184,13 @@ func (a *APIController) DeleteOrgHandler(w http.ResponseWriter, r *http.Request)
 	keepWebhook, _ := strconv.ParseBool(r.URL.Query().Get("keepWebhook"))
 
 	if err := a.r.DeleteOrganization(ctx, orgID, keepWebhook); err != nil {
-		log.Printf("removing org: %+v", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "removing org")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
-
 }
 
 // swagger:route PUT /organizations/{orgID} organizations UpdateOrg
@@ -208,27 +224,27 @@ func (a *APIController) UpdateOrgHandler(w http.ResponseWriter, r *http.Request)
 			Error:   "Bad Request",
 			Details: "No org ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	var updatePayload runnerParams.UpdateEntityParams
 	if err := json.NewDecoder(r.Body).Decode(&updatePayload); err != nil {
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 
 	org, err := a.r.UpdateOrganization(ctx, orgID, updatePayload)
 	if err != nil {
-		log.Printf("error updating organization: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error updating organization")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(org); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -263,28 +279,84 @@ func (a *APIController) CreateOrgPoolHandler(w http.ResponseWriter, r *http.Requ
 			Error:   "Bad Request",
 			Details: "No org ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	var poolData runnerParams.CreatePoolParams
 	if err := json.NewDecoder(r.Body).Decode(&poolData); err != nil {
-		log.Printf("failed to decode: %s", err)
-		handleError(w, gErrors.ErrBadRequest)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 
 	pool, err := a.r.CreateOrgPool(ctx, orgID, poolData)
 	if err != nil {
-		log.Printf("error creating organization pool: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating organization pool")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route POST /organizations/{orgID}/scalesets organizations scalesets CreateOrgScaleSet
+//
+// Create organization scale set with the parameters given.
+//
+//	Parameters:
+//	  + name: orgID
+//	    description: Organization ID.
+//	    type: string
+//	    in: path
+//	    required: true
+//
+//	  + name: Body
+//	    description: Parameters used when creating the organization scale set.
+//	    type: CreateScaleSetParams
+//	    in: body
+//	    required: true
+//
+//	Responses:
+//	  200: ScaleSet
+//	  default: APIErrorResponse
+func (a *APIController) CreateOrgScaleSetHandler(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	vars := mux.Vars(r)
+	orgID, ok := vars["orgID"]
+	if !ok {
+		w.WriteHeader(http.StatusBadRequest)
+		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
+			Error:   "Bad Request",
+			Details: "No org ID specified",
+		}); err != nil {
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+		}
+		return
+	}
+
+	var scalesetData runnerParams.CreateScaleSetParams
+	if err := json.NewDecoder(r.Body).Decode(&scalesetData); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	scaleSet, err := a.r.CreateEntityScaleSet(ctx, runnerParams.ForgeEntityTypeOrganization, orgID, scalesetData)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating organization scale set")
+		handleError(ctx, w, err)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(scaleSet); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -312,21 +384,63 @@ func (a *APIController) ListOrgPoolsHandler(w http.ResponseWriter, r *http.Reque
 			Error:   "Bad Request",
 			Details: "No org ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	pools, err := a.r.ListOrgPools(ctx, orgID)
 	if err != nil {
-		log.Printf("listing pools: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing pools")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pools); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route GET /organizations/{orgID}/scalesets organizations scalesets ListOrgScaleSets
+//
+// List organization scale sets.
+//
+//	Parameters:
+//	  + name: orgID
+//	    description: Organization ID.
+//	    type: string
+//	    in: path
+//	    required: true
+//
+//	Responses:
+//	  200: ScaleSets
+//	  default: APIErrorResponse
+func (a *APIController) ListOrgScaleSetsHandler(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	vars := mux.Vars(r)
+	orgID, ok := vars["orgID"]
+	if !ok {
+		w.WriteHeader(http.StatusBadRequest)
+		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
+			Error:   "Bad Request",
+			Details: "No org ID specified",
+		}); err != nil {
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+		}
+		return
+	}
+
+	scaleSets, err := a.r.ListEntityScaleSets(ctx, runnerParams.ForgeEntityTypeOrganization, orgID)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing scale sets")
+		handleError(ctx, w, err)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(scaleSets); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -361,21 +475,21 @@ func (a *APIController) GetOrgPoolHandler(w http.ResponseWriter, r *http.Request
 			Error:   "Bad Request",
 			Details: "No org or pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	pool, err := a.r.GetOrgPoolByID(ctx, orgID, poolID)
 	if err != nil {
-		log.Printf("listing pools: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing pools")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -410,20 +524,19 @@ func (a *APIController) DeleteOrgPoolHandler(w http.ResponseWriter, r *http.Requ
 			Error:   "Bad Request",
 			Details: "No org or pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	if err := a.r.DeleteOrgPool(ctx, orgID, poolID); err != nil {
-		log.Printf("removing pool: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "removing pool")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
-
 }
 
 // swagger:route PUT /organizations/{orgID}/pools/{poolID} organizations pools UpdateOrgPool
@@ -464,28 +577,28 @@ func (a *APIController) UpdateOrgPoolHandler(w http.ResponseWriter, r *http.Requ
 			Error:   "Bad Request",
 			Details: "No org or pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	var poolData runnerParams.UpdatePoolParams
 	if err := json.NewDecoder(r.Body).Decode(&poolData); err != nil {
-		log.Printf("failed to decode: %s", err)
-		handleError(w, gErrors.ErrBadRequest)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 
 	pool, err := a.r.UpdateOrgPool(ctx, orgID, poolID, poolData)
 	if err != nil {
-		log.Printf("error creating organization pool: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating organization pool")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -521,28 +634,28 @@ func (a *APIController) InstallOrgWebhookHandler(w http.ResponseWriter, r *http.
 			Error:   "Bad Request",
 			Details: "No org ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	var hookParam runnerParams.InstallWebhookParams
 	if err := json.NewDecoder(r.Body).Decode(&hookParam); err != nil {
-		log.Printf("failed to decode: %s", err)
-		handleError(w, gErrors.ErrBadRequest)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 
 	info, err := a.r.InstallOrgWebhook(ctx, orgID, hookParam)
 	if err != nil {
-		log.Printf("installing webhook: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "installing webhook")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(info); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -570,14 +683,14 @@ func (a *APIController) UninstallOrgWebhookHandler(w http.ResponseWriter, r *htt
 			Error:   "Bad Request",
 			Details: "No org ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	if err := a.r.UninstallOrgWebhook(ctx, orgID); err != nil {
-		log.Printf("removing webhook: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "removing webhook")
+		handleError(ctx, w, err)
 		return
 	}
 
@@ -610,20 +723,20 @@ func (a *APIController) GetOrgWebhookInfoHandler(w http.ResponseWriter, r *http.
 			Error:   "Bad Request",
 			Details: "No org ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	info, err := a.r.GetOrgWebhookInfo(ctx, orgID)
 	if err != nil {
-		log.Printf("getting webhook info: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "getting webhook info")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(info); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }

apiserver/controllers/pools.go

@@ -16,14 +16,14 @@ package controllers
 
 import (
 	"encoding/json"
-	"log"
+	"log/slog"
 	"net/http"
 
+	"github.com/gorilla/mux"
+
 	gErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm/apiserver/params"
 	runnerParams "github.com/cloudbase/garm/params"
-
-	"github.com/gorilla/mux"
 )
 
 // swagger:route GET /pools pools ListPools
@@ -37,16 +37,15 @@ func (a *APIController) ListAllPoolsHandler(w http.ResponseWriter, r *http.Reque
 	ctx := r.Context()
 
 	pools, err := a.r.ListAllPools(ctx)
-
 	if err != nil {
-		log.Printf("listing pools: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing pools")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pools); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -75,15 +74,15 @@ func (a *APIController) GetPoolByIDHandler(w http.ResponseWriter, r *http.Reques
 			Error:   "Bad Request",
 			Details: "No pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	pool, err := a.r.GetPoolByID(ctx, poolID)
 	if err != nil {
-		log.Printf("fetching pool: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "fetching pool")
+		handleError(ctx, w, err)
 		return
 	}
 
@@ -91,7 +90,7 @@ func (a *APIController) GetPoolByIDHandler(w http.ResponseWriter, r *http.Reques
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -119,14 +118,14 @@ func (a *APIController) DeletePoolByIDHandler(w http.ResponseWriter, r *http.Req
 			Error:   "Bad Request",
 			Details: "No pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	if err := a.r.DeletePoolByID(ctx, poolID); err != nil {
-		log.Printf("removing pool: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "removing pool")
+		handleError(ctx, w, err)
 		return
 	}
 
@@ -165,27 +164,27 @@ func (a *APIController) UpdatePoolByIDHandler(w http.ResponseWriter, r *http.Req
 			Error:   "Bad Request",
 			Details: "No pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	var poolData runnerParams.UpdatePoolParams
 	if err := json.NewDecoder(r.Body).Decode(&poolData); err != nil {
-		log.Printf("failed to decode: %s", err)
-		handleError(w, gErrors.ErrBadRequest)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 
 	pool, err := a.r.UpdatePoolByID(ctx, poolID, poolData)
 	if err != nil {
-		log.Printf("fetching pool: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "fetching pool")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }

apiserver/controllers/repositories.go

@@ -16,15 +16,15 @@ package controllers
 
 import (
 	"encoding/json"
-	"log"
+	"log/slog"
 	"net/http"
 	"strconv"
 
+	"github.com/gorilla/mux"
+
 	gErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm/apiserver/params"
 	runnerParams "github.com/cloudbase/garm/params"
-
-	"github.com/gorilla/mux"
 )
 
 // swagger:route POST /repositories repositories CreateRepo
@@ -46,20 +46,20 @@ func (a *APIController) CreateRepoHandler(w http.ResponseWriter, r *http.Request
 
 	var repoData runnerParams.CreateRepoParams
 	if err := json.NewDecoder(r.Body).Decode(&repoData); err != nil {
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 
 	repo, err := a.r.CreateRepository(ctx, repoData)
 	if err != nil {
-		log.Printf("error creating repository: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating repository")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(repo); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -67,22 +67,46 @@ func (a *APIController) CreateRepoHandler(w http.ResponseWriter, r *http.Request
 //
 // List repositories.
 //
+//	Parameters:
+//	  + name: owner
+//	    description: Exact owner name to filter by
+//	    type: string
+//	    in: query
+//	    required: false
+//
+//	  + name: name
+//	    description: Exact repository name to filter by
+//	    type: string
+//	    in: query
+//	    required: false
+//
+//	  + name: endpoint
+//	    description: Exact endpoint name to filter by
+//	    type: string
+//	    in: query
+//	    required: false
+//
 //	Responses:
 //	  200: Repositories
 //	  default: APIErrorResponse
 func (a *APIController) ListReposHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 
-	repos, err := a.r.ListRepositories(ctx)
+	filter := runnerParams.RepositoryFilter{
+		Name:     r.URL.Query().Get("name"),
+		Owner:    r.URL.Query().Get("owner"),
+		Endpoint: r.URL.Query().Get("endpoint"),
+	}
+	repos, err := a.r.ListRepositories(ctx, filter)
 	if err != nil {
-		log.Printf("listing repos: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing repositories")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(repos); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -111,21 +135,21 @@ func (a *APIController) GetRepoByIDHandler(w http.ResponseWriter, r *http.Reques
 			Error:   "Bad Request",
 			Details: "No repo ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	repo, err := a.r.GetRepositoryByID(ctx, repoID)
 	if err != nil {
-		log.Printf("fetching repo: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "fetching repository")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(repo); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -159,21 +183,20 @@ func (a *APIController) DeleteRepoHandler(w http.ResponseWriter, r *http.Request
 			Error:   "Bad Request",
 			Details: "No repo ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	keepWebhook, _ := strconv.ParseBool(r.URL.Query().Get("keepWebhook"))
 	if err := a.r.DeleteRepository(ctx, repoID, keepWebhook); err != nil {
-		log.Printf("fetching repo: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "fetching repository")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
-
 }
 
 // swagger:route PUT /repositories/{repoID} repositories UpdateRepo
@@ -207,27 +230,27 @@ func (a *APIController) UpdateRepoHandler(w http.ResponseWriter, r *http.Request
 			Error:   "Bad Request",
 			Details: "No repo ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	var updatePayload runnerParams.UpdateEntityParams
 	if err := json.NewDecoder(r.Body).Decode(&updatePayload); err != nil {
-		handleError(w, gErrors.ErrBadRequest)
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 
 	repo, err := a.r.UpdateRepository(ctx, repoID, updatePayload)
 	if err != nil {
-		log.Printf("error updating repository: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error updating repository")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(repo); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -262,28 +285,84 @@ func (a *APIController) CreateRepoPoolHandler(w http.ResponseWriter, r *http.Req
 			Error:   "Bad Request",
 			Details: "No repo ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	var poolData runnerParams.CreatePoolParams
 	if err := json.NewDecoder(r.Body).Decode(&poolData); err != nil {
-		log.Printf("failed to decode: %s", err)
-		handleError(w, gErrors.ErrBadRequest)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 
 	pool, err := a.r.CreateRepoPool(ctx, repoID, poolData)
 	if err != nil {
-		log.Printf("error creating repository pool: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating repository pool")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route POST /repositories/{repoID}/scalesets repositories scalesets CreateRepoScaleSet
+//
+// Create repository scale set with the parameters given.
+//
+//	Parameters:
+//	  + name: repoID
+//	    description: Repository ID.
+//	    type: string
+//	    in: path
+//	    required: true
+//
+//	  + name: Body
+//	    description: Parameters used when creating the repository scale set.
+//	    type: CreateScaleSetParams
+//	    in: body
+//	    required: true
+//
+//	Responses:
+//	  200: ScaleSet
+//	  default: APIErrorResponse
+func (a *APIController) CreateRepoScaleSetHandler(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	vars := mux.Vars(r)
+	repoID, ok := vars["repoID"]
+	if !ok {
+		w.WriteHeader(http.StatusBadRequest)
+		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
+			Error:   "Bad Request",
+			Details: "No repo ID specified",
+		}); err != nil {
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+		}
+		return
+	}
+
+	var scaleSetData runnerParams.CreateScaleSetParams
+	if err := json.NewDecoder(r.Body).Decode(&scaleSetData); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	scaleSet, err := a.r.CreateEntityScaleSet(ctx, runnerParams.ForgeEntityTypeRepository, repoID, scaleSetData)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating repository scale set")
+		handleError(ctx, w, err)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(scaleSet); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -311,21 +390,63 @@ func (a *APIController) ListRepoPoolsHandler(w http.ResponseWriter, r *http.Requ
 			Error:   "Bad Request",
 			Details: "No repo ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	pools, err := a.r.ListRepoPools(ctx, repoID)
 	if err != nil {
-		log.Printf("listing pools: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing pools")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pools); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route GET /repositories/{repoID}/scalesets repositories scalesets ListRepoScaleSets
+//
+// List repository scale sets.
+//
+//	Parameters:
+//	  + name: repoID
+//	    description: Repository ID.
+//	    type: string
+//	    in: path
+//	    required: true
+//
+//	Responses:
+//	  200: ScaleSets
+//	  default: APIErrorResponse
+func (a *APIController) ListRepoScaleSetsHandler(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	vars := mux.Vars(r)
+	repoID, ok := vars["repoID"]
+	if !ok {
+		w.WriteHeader(http.StatusBadRequest)
+		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
+			Error:   "Bad Request",
+			Details: "No repo ID specified",
+		}); err != nil {
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+		}
+		return
+	}
+
+	scaleSets, err := a.r.ListEntityScaleSets(ctx, runnerParams.ForgeEntityTypeRepository, repoID)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing scale sets")
+		handleError(ctx, w, err)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(scaleSets); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -360,21 +481,21 @@ func (a *APIController) GetRepoPoolHandler(w http.ResponseWriter, r *http.Reques
 			Error:   "Bad Request",
 			Details: "No repo or pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	pool, err := a.r.GetRepoPoolByID(ctx, repoID, poolID)
 	if err != nil {
-		log.Printf("listing pools: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing pools")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -409,20 +530,19 @@ func (a *APIController) DeleteRepoPoolHandler(w http.ResponseWriter, r *http.Req
 			Error:   "Bad Request",
 			Details: "No repo or pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	if err := a.r.DeleteRepoPool(ctx, repoID, poolID); err != nil {
-		log.Printf("removing pool: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "removing pool")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
-
 }
 
 // swagger:route PUT /repositories/{repoID}/pools/{poolID} repositories pools UpdateRepoPool
@@ -463,28 +583,28 @@ func (a *APIController) UpdateRepoPoolHandler(w http.ResponseWriter, r *http.Req
 			Error:   "Bad Request",
 			Details: "No repo or pool ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	var poolData runnerParams.UpdatePoolParams
 	if err := json.NewDecoder(r.Body).Decode(&poolData); err != nil {
-		log.Printf("failed to decode: %s", err)
-		handleError(w, gErrors.ErrBadRequest)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 
 	pool, err := a.r.UpdateRepoPool(ctx, repoID, poolID, poolData)
 	if err != nil {
-		log.Printf("error creating repository pool: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "error creating repository pool")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(pool); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -520,28 +640,28 @@ func (a *APIController) InstallRepoWebhookHandler(w http.ResponseWriter, r *http
 			Error:   "Bad Request",
 			Details: "No repository ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	var hookParam runnerParams.InstallWebhookParams
 	if err := json.NewDecoder(r.Body).Decode(&hookParam); err != nil {
-		log.Printf("failed to decode: %s", err)
-		handleError(w, gErrors.ErrBadRequest)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
+		handleError(ctx, w, gErrors.ErrBadRequest)
 		return
 	}
 
 	info, err := a.r.InstallRepoWebhook(ctx, repoID, hookParam)
 	if err != nil {
-		log.Printf("installing webhook: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "installing webhook")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(info); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
@@ -569,14 +689,14 @@ func (a *APIController) UninstallRepoWebhookHandler(w http.ResponseWriter, r *ht
 			Error:   "Bad Request",
 			Details: "No repository ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	if err := a.r.UninstallRepoWebhook(ctx, repoID); err != nil {
-		log.Printf("removing webhook: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "removing webhook")
+		handleError(ctx, w, err)
 		return
 	}
 
@@ -609,20 +729,20 @@ func (a *APIController) GetRepoWebhookInfoHandler(w http.ResponseWriter, r *http
 			Error:   "Bad Request",
 			Details: "No repository ID specified",
 		}); err != nil {
-			log.Printf("failed to encode response: %q", err)
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 		}
 		return
 	}
 
 	info, err := a.r.GetRepoWebhookInfo(ctx, repoID)
 	if err != nil {
-		log.Printf("getting webhook info: %s", err)
-		handleError(w, err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "getting webhook info")
+		handleError(ctx, w, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	if err := json.NewEncoder(w).Encode(info); err != nil {
-		log.Printf("failed to encode response: %q", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }

apiserver/controllers/scalesets.go

@@ -0,0 +1,211 @@
+// Copyright 2022 Cloudbase Solutions SRL
+//
+//    Licensed under the Apache License, Version 2.0 (the "License"); you may
+//    not use this file except in compliance with the License. You may obtain
+//    a copy of the License at
+//
+//         http://www.apache.org/licenses/LICENSE-2.0
+//
+//    Unless required by applicable law or agreed to in writing, software
+//    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+//    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+//    License for the specific language governing permissions and limitations
+//    under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+	"log/slog"
+	"net/http"
+	"strconv"
+
+	"github.com/gorilla/mux"
+
+	gErrors "github.com/cloudbase/garm-provider-common/errors"
+	"github.com/cloudbase/garm/apiserver/params"
+	runnerParams "github.com/cloudbase/garm/params"
+)
+
+// swagger:route GET /scalesets scalesets ListScalesets
+//
+// List all scalesets.
+//
+//	Responses:
+//	  200: ScaleSets
+//	  default: APIErrorResponse
+func (a *APIController) ListAllScaleSetsHandler(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	scalesets, err := a.r.ListAllScaleSets(ctx)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "listing scale sets")
+		handleError(ctx, w, err)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(scalesets); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route GET /scalesets/{scalesetID} scalesets GetScaleSet
+//
+// Get scale set by ID.
+//
+//	Parameters:
+//	  + name: scalesetID
+//	    description: ID of the scale set to fetch.
+//	    type: string
+//	    in: path
+//	    required: true
+//
+//	Responses:
+//	  200: ScaleSet
+//	  default: APIErrorResponse
+func (a *APIController) GetScaleSetByIDHandler(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	vars := mux.Vars(r)
+	scaleSetID, ok := vars["scalesetID"]
+	if !ok {
+		w.WriteHeader(http.StatusBadRequest)
+		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
+			Error:   "Bad Request",
+			Details: "No scale set ID specified",
+		}); err != nil {
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+		}
+		return
+	}
+	id, err := strconv.ParseUint(scaleSetID, 10, 32)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to parse id")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	scaleSet, err := a.r.GetScaleSetByID(ctx, uint(id))
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "fetching scale set")
+		handleError(ctx, w, err)
+		return
+	}
+
+	scaleSet.RunnerBootstrapTimeout = scaleSet.RunnerTimeout()
+
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(scaleSet); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}
+
+// swagger:route DELETE /scalesets/{scalesetID} scalesets DeleteScaleSet
+//
+// Delete scale set by ID.
+//
+//	Parameters:
+//	  + name: scalesetID
+//	    description: ID of the scale set to delete.
+//	    type: string
+//	    in: path
+//	    required: true
+//
+//	Responses:
+//	  default: APIErrorResponse
+func (a *APIController) DeleteScaleSetByIDHandler(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	vars := mux.Vars(r)
+	scalesetID, ok := vars["scalesetID"]
+	if !ok {
+		w.WriteHeader(http.StatusBadRequest)
+		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
+			Error:   "Bad Request",
+			Details: "No scale set ID specified",
+		}); err != nil {
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+		}
+		return
+	}
+
+	id, err := strconv.ParseUint(scalesetID, 10, 32)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to parse id")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	if err := a.r.DeleteScaleSetByID(ctx, uint(id)); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "removing scale set")
+		handleError(ctx, w, err)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(http.StatusOK)
+}
+
+// swagger:route PUT /scalesets/{scalesetID} scalesets UpdateScaleSet
+//
+// Update scale set by ID.
+//
+//	Parameters:
+//	  + name: scalesetID
+//	    description: ID of the scale set to update.
+//	    type: string
+//	    in: path
+//	    required: true
+//
+//	  + name: Body
+//	    description: Parameters to update the scale set with.
+//	    type: UpdateScaleSetParams
+//	    in: body
+//	    required: true
+//
+//	Responses:
+//	  200: ScaleSet
+//	  default: APIErrorResponse
+func (a *APIController) UpdateScaleSetByIDHandler(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	vars := mux.Vars(r)
+	scalesetID, ok := vars["scalesetID"]
+	if !ok {
+		w.WriteHeader(http.StatusBadRequest)
+		if err := json.NewEncoder(w).Encode(params.APIErrorResponse{
+			Error:   "Bad Request",
+			Details: "No scale set ID specified",
+		}); err != nil {
+			slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+		}
+		return
+	}
+
+	id, err := strconv.ParseUint(scalesetID, 10, 32)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to parse id")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	var scaleSetData runnerParams.UpdateScaleSetParams
+	if err := json.NewDecoder(r.Body).Decode(&scaleSetData); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to decode")
+		handleError(ctx, w, gErrors.ErrBadRequest)
+		return
+	}
+
+	scaleSet, err := a.r.UpdateScaleSetByID(ctx, uint(id), scaleSetData)
+	if err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "updating scale set")
+		handleError(ctx, w, err)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(scaleSet); err != nil {
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+	}
+}

apiserver/params/params.go

@@ -14,6 +14,7 @@
 
 package params
 
+// swagger:model APIErrorResponse
 // APIErrorResponse holds information about an error, returned by the API
 type APIErrorResponse struct {
 	Error   string `json:"error"`
@@ -36,4 +37,9 @@ var (
 		Error:   "init_required",
 		Details: "Missing superuser",
 	}
+	// URLsRequired is returned if the controller does not have the required URLs
+	URLsRequired = APIErrorResponse{
+		Error:   "urls_required",
+		Details: "Missing required URLs. Make sure you update the metadata and callback URLs",
+	}
 )

apiserver/routers/routers.go

@@ -40,23 +40,25 @@
 // swagger:meta
 package routers
 
-//go:generate go run github.com/go-swagger/go-swagger/cmd/swagger@v0.30.5 generate spec --input=../swagger-models.yaml --output=../swagger.yaml --include="routers|controllers"
-//go:generate go run github.com/go-swagger/go-swagger/cmd/swagger@v0.30.5 validate ../swagger.yaml
+//go:generate go run github.com/go-swagger/go-swagger/cmd/swagger@v0.31.0 generate spec --input=../swagger-models.yaml --output=../swagger.yaml --include="routers|controllers"
+//go:generate go run github.com/go-swagger/go-swagger/cmd/swagger@v0.31.0 validate ../swagger.yaml
 //go:generate rm -rf ../../client
-//go:generate go run github.com/go-swagger/go-swagger/cmd/swagger@v0.30.5 generate client --target=../../ --spec=../swagger.yaml
+//go:generate go run github.com/go-swagger/go-swagger/cmd/swagger@v0.31.0 generate client --target=../../ --spec=../swagger.yaml
 
 import (
 	_ "expvar" // Register the expvar handlers
-	"io"
+	"log/slog"
 	"net/http"
-	_ "net/http/pprof" // Register the pprof handlers
+	_ "net/http/pprof" //nolint:golangci-lint,gosec // Register the pprof handlers
 
+	"github.com/felixge/httpsnoop"
 	"github.com/gorilla/mux"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 
-	"github.com/cloudbase/garm-provider-common/util"
 	"github.com/cloudbase/garm/apiserver/controllers"
 	"github.com/cloudbase/garm/auth"
+	"github.com/cloudbase/garm/config"
+	spaAssets "github.com/cloudbase/garm/webapp/assets"
 )
 
 func WithMetricsRouter(parentRouter *mux.Router, disableAuth bool, metricsMiddlerware auth.Middleware) *mux.Router {
@@ -82,10 +84,51 @@ func WithDebugServer(parentRouter *mux.Router) *mux.Router {
 	return parentRouter
 }
 
-func NewAPIRouter(han *controllers.APIController, logWriter io.Writer, authMiddleware, initMiddleware, instanceMiddleware auth.Middleware, manageWebhooks bool) *mux.Router {
+func WithWebUI(parentRouter *mux.Router, apiConfig config.APIServer) *mux.Router {
+	if parentRouter == nil {
+		return nil
+	}
+
+	if apiConfig.WebUI.EnableWebUI {
+		slog.Info("WebUI is enabled, adding webapp routes")
+		webappPath := apiConfig.WebUI.GetWebappPath()
+		slog.Info("Using webapp path", "path", webappPath)
+		// Accessing / should redirect to the UI
+		parentRouter.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+			http.Redirect(w, r, webappPath, http.StatusMovedPermanently) // 301
+		})
+		// Serve the SPA with dynamic path
+		parentRouter.PathPrefix(webappPath).HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			spaAssets.ServeSPAWithPath(w, r, webappPath)
+		}).Methods("GET")
+	} else {
+		slog.Info("WebUI is disabled, skipping webapp routes")
+	}
+
+	return parentRouter
+}
+
+func requestLogger(h http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// gathers metrics from the upstream handlers
+		metrics := httpsnoop.CaptureMetrics(h, w, r)
+
+		slog.Info(
+			"access_log",
+			slog.String("method", r.Method),
+			slog.String("uri", r.URL.RequestURI()),
+			slog.String("user_agent", r.Header.Get("User-Agent")),
+			slog.String("ip", r.RemoteAddr),
+			slog.Int("code", metrics.Code),
+			slog.Int64("bytes", metrics.Written),
+			slog.Duration("request_time", metrics.Duration),
+		)
+	})
+}
+
+func NewAPIRouter(han *controllers.APIController, authMiddleware, initMiddleware, urlsRequiredMiddleware, instanceMiddleware auth.Middleware, manageWebhooks bool) *mux.Router {
 	router := mux.NewRouter()
-	logMiddleware := util.NewLoggingMiddleware(logWriter)
-	router.Use(logMiddleware)
+	router.Use(requestLogger)
 
 	// Handles github webhooks
 	webhookRouter := router.PathPrefix("/webhooks").Subrouter()
@@ -106,6 +149,8 @@ func NewAPIRouter(han *controllers.APIController, logWriter io.Writer, authMiddl
 	callbackRouter := apiSubRouter.PathPrefix("/callbacks").Subrouter()
 	callbackRouter.Handle("/status/", http.HandlerFunc(han.InstanceStatusMessageHandler)).Methods("POST", "OPTIONS")
 	callbackRouter.Handle("/status", http.HandlerFunc(han.InstanceStatusMessageHandler)).Methods("POST", "OPTIONS")
+	callbackRouter.Handle("/system-info/", http.HandlerFunc(han.InstanceSystemInfoHandler)).Methods("POST", "OPTIONS")
+	callbackRouter.Handle("/system-info", http.HandlerFunc(han.InstanceSystemInfoHandler)).Methods("POST", "OPTIONS")
 	callbackRouter.Use(instanceMiddleware.Middleware)
 
 	///////////////////
@@ -133,11 +178,38 @@ func NewAPIRouter(han *controllers.APIController, logWriter io.Writer, authMiddl
 	authRouter.Handle("/{login:login\\/?}", http.HandlerFunc(han.LoginHandler)).Methods("POST", "OPTIONS")
 	authRouter.Use(initMiddleware.Middleware)
 
+	//////////////////////////
+	// Controller endpoints //
+	//////////////////////////
+	controllerRouter := apiSubRouter.PathPrefix("/controller").Subrouter()
+	// The controller endpoints allow us to get information about the controller and update the URL endpoints.
+	// This endpoint must not be guarded by the urlsRequiredMiddleware as that would prevent the user from
+	// updating the URLs.
+	controllerRouter.Use(initMiddleware.Middleware)
+	controllerRouter.Use(authMiddleware.Middleware)
+	controllerRouter.Use(auth.AdminRequiredMiddleware)
+	// Get controller info
+	controllerRouter.Handle("/", http.HandlerFunc(han.ControllerInfoHandler)).Methods("GET", "OPTIONS")
+	controllerRouter.Handle("", http.HandlerFunc(han.ControllerInfoHandler)).Methods("GET", "OPTIONS")
+	// Update controller
+	controllerRouter.Handle("/", http.HandlerFunc(han.UpdateControllerHandler)).Methods("PUT", "OPTIONS")
+	controllerRouter.Handle("", http.HandlerFunc(han.UpdateControllerHandler)).Methods("PUT", "OPTIONS")
+
+	////////////////////////////////////
+	// API router for everything else //
+	////////////////////////////////////
 	apiRouter := apiSubRouter.PathPrefix("").Subrouter()
 	apiRouter.Use(initMiddleware.Middleware)
+	// all endpoints except the controller endpoint should return an error
+	// if the required metadata, callback and webhook URLs are not set.
+	apiRouter.Use(urlsRequiredMiddleware.Middleware)
 	apiRouter.Use(authMiddleware.Middleware)
 	apiRouter.Use(auth.AdminRequiredMiddleware)
 
+	// Legacy controller path
+	apiRouter.Handle("/controller-info/", http.HandlerFunc(han.ControllerInfoHandler)).Methods("GET", "OPTIONS")
+	apiRouter.Handle("/controller-info", http.HandlerFunc(han.ControllerInfoHandler)).Methods("GET", "OPTIONS")
+
 	// Metrics Token
 	apiRouter.Handle("/metrics-token/", http.HandlerFunc(han.MetricsTokenHandler)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/metrics-token", http.HandlerFunc(han.MetricsTokenHandler)).Methods("GET", "OPTIONS")
@@ -168,6 +240,25 @@ func NewAPIRouter(han *controllers.APIController, logWriter io.Writer, authMiddl
 	apiRouter.Handle("/pools/{poolID}/instances/", http.HandlerFunc(han.ListPoolInstancesHandler)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/pools/{poolID}/instances", http.HandlerFunc(han.ListPoolInstancesHandler)).Methods("GET", "OPTIONS")
 
+	////////////////
+	// Scale sets //
+	////////////////
+	// List all pools
+	apiRouter.Handle("/scalesets/", http.HandlerFunc(han.ListAllScaleSetsHandler)).Methods("GET", "OPTIONS")
+	apiRouter.Handle("/scalesets", http.HandlerFunc(han.ListAllScaleSetsHandler)).Methods("GET", "OPTIONS")
+	// Get one pool
+	apiRouter.Handle("/scalesets/{scalesetID}/", http.HandlerFunc(han.GetScaleSetByIDHandler)).Methods("GET", "OPTIONS")
+	apiRouter.Handle("/scalesets/{scalesetID}", http.HandlerFunc(han.GetScaleSetByIDHandler)).Methods("GET", "OPTIONS")
+	// Delete one pool
+	apiRouter.Handle("/scalesets/{scalesetID}/", http.HandlerFunc(han.DeleteScaleSetByIDHandler)).Methods("DELETE", "OPTIONS")
+	apiRouter.Handle("/scalesets/{scalesetID}", http.HandlerFunc(han.DeleteScaleSetByIDHandler)).Methods("DELETE", "OPTIONS")
+	// Update one pool
+	apiRouter.Handle("/scalesets/{scalesetID}/", http.HandlerFunc(han.UpdateScaleSetByIDHandler)).Methods("PUT", "OPTIONS")
+	apiRouter.Handle("/scalesets/{scalesetID}", http.HandlerFunc(han.UpdateScaleSetByIDHandler)).Methods("PUT", "OPTIONS")
+	// List pool instances
+	apiRouter.Handle("/scalesets/{scalesetID}/instances/", http.HandlerFunc(han.ListScaleSetInstancesHandler)).Methods("GET", "OPTIONS")
+	apiRouter.Handle("/scalesets/{scalesetID}/instances", http.HandlerFunc(han.ListScaleSetInstancesHandler)).Methods("GET", "OPTIONS")
+
 	/////////////
 	// Runners //
 	/////////////
@@ -200,6 +291,14 @@ func NewAPIRouter(han *controllers.APIController, logWriter io.Writer, authMiddl
 	apiRouter.Handle("/repositories/{repoID}/pools/", http.HandlerFunc(han.CreateRepoPoolHandler)).Methods("POST", "OPTIONS")
 	apiRouter.Handle("/repositories/{repoID}/pools", http.HandlerFunc(han.CreateRepoPoolHandler)).Methods("POST", "OPTIONS")
 
+	// Create scale set
+	apiRouter.Handle("/repositories/{repoID}/scalesets/", http.HandlerFunc(han.CreateRepoScaleSetHandler)).Methods("POST", "OPTIONS")
+	apiRouter.Handle("/repositories/{repoID}/scalesets", http.HandlerFunc(han.CreateRepoScaleSetHandler)).Methods("POST", "OPTIONS")
+
+	// List scale sets
+	apiRouter.Handle("/repositories/{repoID}/scalesets/", http.HandlerFunc(han.ListRepoScaleSetsHandler)).Methods("GET", "OPTIONS")
+	apiRouter.Handle("/repositories/{repoID}/scalesets", http.HandlerFunc(han.ListRepoScaleSetsHandler)).Methods("GET", "OPTIONS")
+
 	// Repo instances list
 	apiRouter.Handle("/repositories/{repoID}/instances/", http.HandlerFunc(han.ListRepoInstancesHandler)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/repositories/{repoID}/instances", http.HandlerFunc(han.ListRepoInstancesHandler)).Methods("GET", "OPTIONS")
@@ -250,6 +349,14 @@ func NewAPIRouter(han *controllers.APIController, logWriter io.Writer, authMiddl
 	apiRouter.Handle("/organizations/{orgID}/pools/", http.HandlerFunc(han.CreateOrgPoolHandler)).Methods("POST", "OPTIONS")
 	apiRouter.Handle("/organizations/{orgID}/pools", http.HandlerFunc(han.CreateOrgPoolHandler)).Methods("POST", "OPTIONS")
 
+	// Create org scale set
+	apiRouter.Handle("/organizations/{orgID}/scalesets/", http.HandlerFunc(han.CreateOrgScaleSetHandler)).Methods("POST", "OPTIONS")
+	apiRouter.Handle("/organizations/{orgID}/scalesets", http.HandlerFunc(han.CreateOrgScaleSetHandler)).Methods("POST", "OPTIONS")
+
+	// List org scale sets
+	apiRouter.Handle("/organizations/{orgID}/scalesets/", http.HandlerFunc(han.ListOrgScaleSetsHandler)).Methods("GET", "OPTIONS")
+	apiRouter.Handle("/organizations/{orgID}/scalesets", http.HandlerFunc(han.ListOrgScaleSetsHandler)).Methods("GET", "OPTIONS")
+
 	// Org instances list
 	apiRouter.Handle("/organizations/{orgID}/instances/", http.HandlerFunc(han.ListOrgInstancesHandler)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/organizations/{orgID}/instances", http.HandlerFunc(han.ListOrgInstancesHandler)).Methods("GET", "OPTIONS")
@@ -300,6 +407,14 @@ func NewAPIRouter(han *controllers.APIController, logWriter io.Writer, authMiddl
 	apiRouter.Handle("/enterprises/{enterpriseID}/pools/", http.HandlerFunc(han.CreateEnterprisePoolHandler)).Methods("POST", "OPTIONS")
 	apiRouter.Handle("/enterprises/{enterpriseID}/pools", http.HandlerFunc(han.CreateEnterprisePoolHandler)).Methods("POST", "OPTIONS")
 
+	// Create enterprise scale sets
+	apiRouter.Handle("/enterprises/{enterpriseID}/scalesets/", http.HandlerFunc(han.CreateEnterpriseScaleSetHandler)).Methods("POST", "OPTIONS")
+	apiRouter.Handle("/enterprises/{enterpriseID}/scalesets", http.HandlerFunc(han.CreateEnterpriseScaleSetHandler)).Methods("POST", "OPTIONS")
+
+	// List enterprise scale sets
+	apiRouter.Handle("/enterprises/{enterpriseID}/scalesets/", http.HandlerFunc(han.ListEnterpriseScaleSetsHandler)).Methods("GET", "OPTIONS")
+	apiRouter.Handle("/enterprises/{enterpriseID}/scalesets", http.HandlerFunc(han.ListEnterpriseScaleSetsHandler)).Methods("GET", "OPTIONS")
+
 	// Enterprise instances list
 	apiRouter.Handle("/enterprises/{enterpriseID}/instances/", http.HandlerFunc(han.ListEnterpriseInstancesHandler)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/enterprises/{enterpriseID}/instances", http.HandlerFunc(han.ListEnterpriseInstancesHandler)).Methods("GET", "OPTIONS")
@@ -320,20 +435,103 @@ func NewAPIRouter(han *controllers.APIController, logWriter io.Writer, authMiddl
 	apiRouter.Handle("/enterprises/", http.HandlerFunc(han.CreateEnterpriseHandler)).Methods("POST", "OPTIONS")
 	apiRouter.Handle("/enterprises", http.HandlerFunc(han.CreateEnterpriseHandler)).Methods("POST", "OPTIONS")
 
-	// Credentials and providers
-	apiRouter.Handle("/credentials/", http.HandlerFunc(han.ListCredentials)).Methods("GET", "OPTIONS")
-	apiRouter.Handle("/credentials", http.HandlerFunc(han.ListCredentials)).Methods("GET", "OPTIONS")
+	// Providers
 	apiRouter.Handle("/providers/", http.HandlerFunc(han.ListProviders)).Methods("GET", "OPTIONS")
 	apiRouter.Handle("/providers", http.HandlerFunc(han.ListProviders)).Methods("GET", "OPTIONS")
 
-	// Controller info
-	apiRouter.Handle("/controller-info/", http.HandlerFunc(han.ControllerInfoHandler)).Methods("GET", "OPTIONS")
-	apiRouter.Handle("/controller-info", http.HandlerFunc(han.ControllerInfoHandler)).Methods("GET", "OPTIONS")
+	//////////////////////
+	// Github Endpoints //
+	//////////////////////
+	// Create Github Endpoint
+	apiRouter.Handle("/github/endpoints/", http.HandlerFunc(han.CreateGithubEndpoint)).Methods("POST", "OPTIONS")
+	apiRouter.Handle("/github/endpoints", http.HandlerFunc(han.CreateGithubEndpoint)).Methods("POST", "OPTIONS")
+	// List Github Endpoints
+	apiRouter.Handle("/github/endpoints/", http.HandlerFunc(han.ListGithubEndpoints)).Methods("GET", "OPTIONS")
+	apiRouter.Handle("/github/endpoints", http.HandlerFunc(han.ListGithubEndpoints)).Methods("GET", "OPTIONS")
+	// Get Github Endpoint
+	apiRouter.Handle("/github/endpoints/{name}/", http.HandlerFunc(han.GetGithubEndpoint)).Methods("GET", "OPTIONS")
+	apiRouter.Handle("/github/endpoints/{name}", http.HandlerFunc(han.GetGithubEndpoint)).Methods("GET", "OPTIONS")
+	// Delete Github Endpoint
+	apiRouter.Handle("/github/endpoints/{name}/", http.HandlerFunc(han.DeleteGithubEndpoint)).Methods("DELETE", "OPTIONS")
+	apiRouter.Handle("/github/endpoints/{name}", http.HandlerFunc(han.DeleteGithubEndpoint)).Methods("DELETE", "OPTIONS")
+	// Update Github Endpoint
+	apiRouter.Handle("/github/endpoints/{name}/", http.HandlerFunc(han.UpdateGithubEndpoint)).Methods("PUT", "OPTIONS")
+	apiRouter.Handle("/github/endpoints/{name}", http.HandlerFunc(han.UpdateGithubEndpoint)).Methods("PUT", "OPTIONS")
 
-	// Websocket log writer
-	apiRouter.Handle("/{ws:ws\\/?}", http.HandlerFunc(han.WSHandler)).Methods("GET")
+	////////////////////////
+	// Github credentials //
+	////////////////////////
+	// Legacy credentials path
+	apiRouter.Handle("/credentials/", http.HandlerFunc(han.ListCredentials)).Methods("GET", "OPTIONS")
+	apiRouter.Handle("/credentials", http.HandlerFunc(han.ListCredentials)).Methods("GET", "OPTIONS")
+	// List Github Credentials
+	apiRouter.Handle("/github/credentials/", http.HandlerFunc(han.ListCredentials)).Methods("GET", "OPTIONS")
+	apiRouter.Handle("/github/credentials", http.HandlerFunc(han.ListCredentials)).Methods("GET", "OPTIONS")
+	// Create Github Credentials
+	apiRouter.Handle("/github/credentials/", http.HandlerFunc(han.CreateGithubCredential)).Methods("POST", "OPTIONS")
+	apiRouter.Handle("/github/credentials", http.HandlerFunc(han.CreateGithubCredential)).Methods("POST", "OPTIONS")
+	// Get Github Credential
+	apiRouter.Handle("/github/credentials/{id}/", http.HandlerFunc(han.GetGithubCredential)).Methods("GET", "OPTIONS")
+	apiRouter.Handle("/github/credentials/{id}", http.HandlerFunc(han.GetGithubCredential)).Methods("GET", "OPTIONS")
+	// Delete Github Credential
+	apiRouter.Handle("/github/credentials/{id}/", http.HandlerFunc(han.DeleteGithubCredential)).Methods("DELETE", "OPTIONS")
+	apiRouter.Handle("/github/credentials/{id}", http.HandlerFunc(han.DeleteGithubCredential)).Methods("DELETE", "OPTIONS")
+	// Update Github Credential
+	apiRouter.Handle("/github/credentials/{id}/", http.HandlerFunc(han.UpdateGithubCredential)).Methods("PUT", "OPTIONS")
+	apiRouter.Handle("/github/credentials/{id}", http.HandlerFunc(han.UpdateGithubCredential)).Methods("PUT", "OPTIONS")
 
-	// NotFound handler
+	//////////////////////
+	// Gitea Endpoints  //
+	//////////////////////
+	// Create Gitea Endpoint
+	apiRouter.Handle("/gitea/endpoints/", http.HandlerFunc(han.CreateGiteaEndpoint)).Methods("POST", "OPTIONS")
+	apiRouter.Handle("/gitea/endpoints", http.HandlerFunc(han.CreateGiteaEndpoint)).Methods("POST", "OPTIONS")
+	// List Gitea Endpoints
+	apiRouter.Handle("/gitea/endpoints/", http.HandlerFunc(han.ListGiteaEndpoints)).Methods("GET", "OPTIONS")
+	apiRouter.Handle("/gitea/endpoints", http.HandlerFunc(han.ListGiteaEndpoints)).Methods("GET", "OPTIONS")
+	// Get Gitea Endpoint
+	apiRouter.Handle("/gitea/endpoints/{name}/", http.HandlerFunc(han.GetGiteaEndpoint)).Methods("GET", "OPTIONS")
+	apiRouter.Handle("/gitea/endpoints/{name}", http.HandlerFunc(han.GetGiteaEndpoint)).Methods("GET", "OPTIONS")
+	// Delete Gitea Endpoint
+	apiRouter.Handle("/gitea/endpoints/{name}/", http.HandlerFunc(han.DeleteGiteaEndpoint)).Methods("DELETE", "OPTIONS")
+	apiRouter.Handle("/gitea/endpoints/{name}", http.HandlerFunc(han.DeleteGiteaEndpoint)).Methods("DELETE", "OPTIONS")
+	// Update Gitea Endpoint
+	apiRouter.Handle("/gitea/endpoints/{name}/", http.HandlerFunc(han.UpdateGiteaEndpoint)).Methods("PUT", "OPTIONS")
+	apiRouter.Handle("/gitea/endpoints/{name}", http.HandlerFunc(han.UpdateGiteaEndpoint)).Methods("PUT", "OPTIONS")
+
+	////////////////////////
+	// Gitea credentials  //
+	////////////////////////
+	// List Gitea Credentials
+	apiRouter.Handle("/gitea/credentials/", http.HandlerFunc(han.ListGiteaCredentials)).Methods("GET", "OPTIONS")
+	apiRouter.Handle("/gitea/credentials", http.HandlerFunc(han.ListGiteaCredentials)).Methods("GET", "OPTIONS")
+	// Create Gitea Credentials
+	apiRouter.Handle("/gitea/credentials/", http.HandlerFunc(han.CreateGiteaCredential)).Methods("POST", "OPTIONS")
+	apiRouter.Handle("/gitea/credentials", http.HandlerFunc(han.CreateGiteaCredential)).Methods("POST", "OPTIONS")
+	// Get Gitea Credential
+	apiRouter.Handle("/gitea/credentials/{id}/", http.HandlerFunc(han.GetGiteaCredential)).Methods("GET", "OPTIONS")
+	apiRouter.Handle("/gitea/credentials/{id}", http.HandlerFunc(han.GetGiteaCredential)).Methods("GET", "OPTIONS")
+	// Delete Gitea Credential
+	apiRouter.Handle("/gitea/credentials/{id}/", http.HandlerFunc(han.DeleteGiteaCredential)).Methods("DELETE", "OPTIONS")
+	apiRouter.Handle("/gitea/credentials/{id}", http.HandlerFunc(han.DeleteGiteaCredential)).Methods("DELETE", "OPTIONS")
+	// Update Gitea Credential
+	apiRouter.Handle("/gitea/credentials/{id}/", http.HandlerFunc(han.UpdateGiteaCredential)).Methods("PUT", "OPTIONS")
+	apiRouter.Handle("/gitea/credentials/{id}", http.HandlerFunc(han.UpdateGiteaCredential)).Methods("PUT", "OPTIONS")
+
+	/////////////////////////
+	// Websocket endpoints //
+	/////////////////////////
+	// Legacy log websocket path
+	apiRouter.Handle("/ws/", http.HandlerFunc(han.WSHandler)).Methods("GET")
+	apiRouter.Handle("/ws", http.HandlerFunc(han.WSHandler)).Methods("GET")
+	// Log websocket endpoint
+	apiRouter.Handle("/ws/logs/", http.HandlerFunc(han.WSHandler)).Methods("GET")
+	apiRouter.Handle("/ws/logs", http.HandlerFunc(han.WSHandler)).Methods("GET")
+	// DB watcher websocket endpoint
+	apiRouter.Handle("/ws/events/", http.HandlerFunc(han.EventsHandler)).Methods("GET")
+	apiRouter.Handle("/ws/events", http.HandlerFunc(han.EventsHandler)).Methods("GET")
+
+	// NotFound handler - this should be last
 	apiRouter.PathPrefix("/").HandlerFunc(han.NotFoundHandler).Methods("GET", "POST", "PUT", "DELETE", "OPTIONS")
 	return router
 }

apiserver/swagger-models.yaml

@@ -74,11 +74,11 @@ definitions:
             package: github.com/cloudbase/garm/params
             alias: garm_params
     items:
-        $ref: '#/definitions/GithubCredentials'
-  GithubCredentials:
+        $ref: '#/definitions/ForgeCredentials'
+  ForgeCredentials:
     type: object
     x-go-type:
-        type: GithubCredentials
+        type: ForgeCredentials
         import:
             package: github.com/cloudbase/garm/params
             alias: garm_params
@@ -130,6 +130,22 @@ definitions:
         import:
             package: github.com/cloudbase/garm/params
             alias: garm_params
+  ScaleSets:
+    type: array
+    x-go-type:
+        type: ScaleSets
+        import:
+            package: github.com/cloudbase/garm/params
+            alias: garm_params
+    items:
+        $ref: '#/definitions/ScaleSet'
+  ScaleSet:
+    type: object
+    x-go-type:
+        type: ScaleSet
+        import:
+            package: github.com/cloudbase/garm/params
+            alias: garm_params
   Repositories:
     type: array
     x-go-type:
@@ -213,6 +229,13 @@ definitions:
         import:
             package: github.com/cloudbase/garm/params
             alias: garm_params
+  CreateScaleSetParams:
+    type: object
+    x-go-type:
+        type: CreateScaleSetParams
+        import:
+            package: github.com/cloudbase/garm/params
+            alias: garm_params
   UpdatePoolParams:
     type: object
     x-go-type:
@@ -220,6 +243,13 @@ definitions:
         import:
             package: github.com/cloudbase/garm/params
             alias: garm_params
+  UpdateScaleSetParams:
+    type: object
+    x-go-type:
+        type: UpdateScaleSetParams
+        import:
+            package: github.com/cloudbase/garm/params
+            alias: garm_params
   APIErrorResponse:
     type: object
     x-go-type:
@@ -227,3 +257,89 @@ definitions:
         import:
             package: github.com/cloudbase/garm/apiserver/params
             alias: apiserver_params
+  CreateInstanceParams:
+    type: object
+    x-go-type:
+        type: CreateInstanceParams
+        import:
+            package: github.com/cloudbase/garm/params
+            alias: garm_params
+  UpdateGithubEndpointParams:
+    type: object
+    x-go-type:
+        type: UpdateGithubEndpointParams
+        import:
+            package: github.com/cloudbase/garm/params
+            alias: garm_params
+  UpdateGiteaEndpointParams:
+    type: object
+    x-go-type:
+        type: UpdateGiteaEndpointParams
+        import:
+            package: github.com/cloudbase/garm/params
+            alias: garm_params
+  ForgeEndpoint:
+    type: object
+    x-go-type:
+        type: ForgeEndpoint
+        import:
+            package: github.com/cloudbase/garm/params
+            alias: garm_params
+  ForgeEndpoints:
+    type: array
+    x-go-type:
+        type: ForgeEndpoints
+        import:
+            package: github.com/cloudbase/garm/params
+            alias: garm_params
+    items:
+        $ref: '#/definitions/ForgeEndpoint'
+  CreateGithubEndpointParams:
+    type: object
+    x-go-type:
+        type: CreateGithubEndpointParams
+        import:
+            package: github.com/cloudbase/garm/params
+            alias: garm_params
+  CreateGiteaEndpointParams:
+    type: object
+    x-go-type:
+        type: CreateGiteaEndpointParams
+        import:
+            package: github.com/cloudbase/garm/params
+            alias: garm_params
+  CreateGithubCredentialsParams:
+    type: object
+    x-go-type:
+        type: CreateGithubCredentialsParams
+        import:
+            package: github.com/cloudbase/garm/params
+            alias: garm_params
+  CreateGiteaCredentialsParams:
+    type: object
+    x-go-type:
+        type: CreateGiteaCredentialsParams
+        import:
+            package: github.com/cloudbase/garm/params
+            alias: garm_params
+  UpdateGithubCredentialsParams:
+    type: object
+    x-go-type:
+        type: UpdateGithubCredentialsParams
+        import:
+            package: github.com/cloudbase/garm/params
+            alias: garm_params
+  UpdateGiteaCredentialsParams:
+    type: object
+    x-go-type:
+        type: UpdateGiteaCredentialsParams
+        import:
+            package: github.com/cloudbase/garm/params
+            alias: garm_params
+  UpdateControllerParams:
+    type: object
+    x-go-type:
+        type: UpdateControllerParams
+        import:
+            package: github.com/cloudbase/garm/params
+            alias: garm_params

apiserver/swagger.yaml

@@ -23,6 +23,41 @@ definitions:
                 alias: garm_params
                 package: github.com/cloudbase/garm/params
             type: CreateEnterpriseParams
+    CreateGiteaCredentialsParams:
+        type: object
+        x-go-type:
+            import:
+                alias: garm_params
+                package: github.com/cloudbase/garm/params
+            type: CreateGiteaCredentialsParams
+    CreateGiteaEndpointParams:
+        type: object
+        x-go-type:
+            import:
+                alias: garm_params
+                package: github.com/cloudbase/garm/params
+            type: CreateGiteaEndpointParams
+    CreateGithubCredentialsParams:
+        type: object
+        x-go-type:
+            import:
+                alias: garm_params
+                package: github.com/cloudbase/garm/params
+            type: CreateGithubCredentialsParams
+    CreateGithubEndpointParams:
+        type: object
+        x-go-type:
+            import:
+                alias: garm_params
+                package: github.com/cloudbase/garm/params
+            type: CreateGithubEndpointParams
+    CreateInstanceParams:
+        type: object
+        x-go-type:
+            import:
+                alias: garm_params
+                package: github.com/cloudbase/garm/params
+            type: CreateInstanceParams
     CreateOrgParams:
         type: object
         x-go-type:
@@ -44,9 +79,16 @@ definitions:
                 alias: garm_params
                 package: github.com/cloudbase/garm/params
             type: CreateRepoParams
+    CreateScaleSetParams:
+        type: object
+        x-go-type:
+            import:
+                alias: garm_params
+                package: github.com/cloudbase/garm/params
+            type: CreateScaleSetParams
     Credentials:
         items:
-            $ref: '#/definitions/GithubCredentials'
+            $ref: '#/definitions/ForgeCredentials'
         type: array
         x-go-type:
             import:
@@ -69,13 +111,29 @@ definitions:
                 alias: garm_params
                 package: github.com/cloudbase/garm/params
             type: Enterprises
-    GithubCredentials:
+    ForgeCredentials:
         type: object
         x-go-type:
             import:
                 alias: garm_params
                 package: github.com/cloudbase/garm/params
-            type: GithubCredentials
+            type: ForgeCredentials
+    ForgeEndpoint:
+        type: object
+        x-go-type:
+            import:
+                alias: garm_params
+                package: github.com/cloudbase/garm/params
+            type: ForgeEndpoint
+    ForgeEndpoints:
+        items:
+            $ref: '#/definitions/ForgeEndpoint'
+        type: array
+        x-go-type:
+            import:
+                alias: garm_params
+                package: github.com/cloudbase/garm/params
+            type: ForgeEndpoints
     HookInfo:
         type: object
         x-go-type:
@@ -207,6 +265,29 @@ definitions:
                 alias: garm_params
                 package: github.com/cloudbase/garm/params
             type: Repository
+    ScaleSet:
+        type: object
+        x-go-type:
+            import:
+                alias: garm_params
+                package: github.com/cloudbase/garm/params
+            type: ScaleSet
+    ScaleSets:
+        items:
+            $ref: '#/definitions/ScaleSet'
+        type: array
+        x-go-type:
+            import:
+                alias: garm_params
+                package: github.com/cloudbase/garm/params
+            type: ScaleSets
+    UpdateControllerParams:
+        type: object
+        x-go-type:
+            import:
+                alias: garm_params
+                package: github.com/cloudbase/garm/params
+            type: UpdateControllerParams
     UpdateEntityParams:
         type: object
         x-go-type:
@@ -214,6 +295,34 @@ definitions:
                 alias: garm_params
                 package: github.com/cloudbase/garm/params
             type: UpdateEntityParams
+    UpdateGiteaCredentialsParams:
+        type: object
+        x-go-type:
+            import:
+                alias: garm_params
+                package: github.com/cloudbase/garm/params
+            type: UpdateGiteaCredentialsParams
+    UpdateGiteaEndpointParams:
+        type: object
+        x-go-type:
+            import:
+                alias: garm_params
+                package: github.com/cloudbase/garm/params
+            type: UpdateGiteaEndpointParams
+    UpdateGithubCredentialsParams:
+        type: object
+        x-go-type:
+            import:
+                alias: garm_params
+                package: github.com/cloudbase/garm/params
+            type: UpdateGithubCredentialsParams
+    UpdateGithubEndpointParams:
+        type: object
+        x-go-type:
+            import:
+                alias: garm_params
+                package: github.com/cloudbase/garm/params
+            type: UpdateGithubEndpointParams
     UpdatePoolParams:
         type: object
         x-go-type:
@@ -221,6 +330,13 @@ definitions:
                 alias: garm_params
                 package: github.com/cloudbase/garm/params
             type: UpdatePoolParams
+    UpdateScaleSetParams:
+        type: object
+        x-go-type:
+            import:
+                alias: garm_params
+                package: github.com/cloudbase/garm/params
+            type: UpdateScaleSetParams
     User:
         type: object
         x-go-type:
@@ -260,6 +376,30 @@ paths:
             summary: Logs in a user and returns a JWT token.
             tags:
                 - login
+    /controller:
+        put:
+            operationId: UpdateController
+            parameters:
+                - description: Parameters used when updating the controller.
+                  in: body
+                  name: Body
+                  required: true
+                  schema:
+                    $ref: '#/definitions/UpdateControllerParams'
+                    description: Parameters used when updating the controller.
+                    type: object
+            responses:
+                "200":
+                    description: ControllerInfo
+                    schema:
+                        $ref: '#/definitions/ControllerInfo'
+                "400":
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Update controller.
+            tags:
+                - controller
     /controller-info:
         get:
             operationId: ControllerInfo
@@ -275,24 +415,18 @@ paths:
             summary: Get controller info.
             tags:
                 - controllerInfo
-    /credentials:
-        get:
-            operationId: ListCredentials
-            responses:
-                "200":
-                    description: Credentials
-                    schema:
-                        $ref: '#/definitions/Credentials'
-                "400":
-                    description: APIErrorResponse
-                    schema:
-                        $ref: '#/definitions/APIErrorResponse'
-            summary: List all credentials.
-            tags:
-                - credentials
     /enterprises:
         get:
             operationId: ListEnterprises
+            parameters:
+                - description: Exact enterprise name to filter by
+                  in: query
+                  name: name
+                  type: string
+                - description: Exact endpoint name to filter by
+                  in: query
+                  name: endpoint
+                  type: string
             responses:
                 "200":
                     description: Enterprises
@@ -549,6 +683,57 @@ paths:
             tags:
                 - enterprises
                 - pools
+    /enterprises/{enterpriseID}/scalesets:
+        get:
+            operationId: ListEnterpriseScaleSets
+            parameters:
+                - description: Enterprise ID.
+                  in: path
+                  name: enterpriseID
+                  required: true
+                  type: string
+            responses:
+                "200":
+                    description: ScaleSets
+                    schema:
+                        $ref: '#/definitions/ScaleSets'
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: List enterprise scale sets.
+            tags:
+                - enterprises
+                - scalesets
+        post:
+            operationId: CreateEnterpriseScaleSet
+            parameters:
+                - description: Enterprise ID.
+                  in: path
+                  name: enterpriseID
+                  required: true
+                  type: string
+                - description: Parameters used when creating the enterprise scale set.
+                  in: body
+                  name: Body
+                  required: true
+                  schema:
+                    $ref: '#/definitions/CreateScaleSetParams'
+                    description: Parameters used when creating the enterprise scale set.
+                    type: object
+            responses:
+                "200":
+                    description: ScaleSet
+                    schema:
+                        $ref: '#/definitions/ScaleSet'
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Create enterprise pool with the parameters given.
+            tags:
+                - enterprises
+                - scalesets
     /first-run:
         post:
             operationId: FirstRun
@@ -573,6 +758,418 @@ paths:
             summary: Initialize the first run of the controller.
             tags:
                 - first-run
+    /gitea/credentials:
+        get:
+            operationId: ListGiteaCredentials
+            responses:
+                "200":
+                    description: Credentials
+                    schema:
+                        $ref: '#/definitions/Credentials'
+                "400":
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: List all credentials.
+            tags:
+                - credentials
+        post:
+            operationId: CreateGiteaCredentials
+            parameters:
+                - description: Parameters used when creating a Gitea credential.
+                  in: body
+                  name: Body
+                  required: true
+                  schema:
+                    $ref: '#/definitions/CreateGiteaCredentialsParams'
+                    description: Parameters used when creating a Gitea credential.
+                    type: object
+            responses:
+                "200":
+                    description: ForgeCredentials
+                    schema:
+                        $ref: '#/definitions/ForgeCredentials'
+                "400":
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Create a Gitea credential.
+            tags:
+                - credentials
+    /gitea/credentials/{id}:
+        delete:
+            operationId: DeleteGiteaCredentials
+            parameters:
+                - description: ID of the Gitea credential.
+                  in: path
+                  name: id
+                  required: true
+                  type: integer
+            responses:
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Delete a Gitea credential.
+            tags:
+                - credentials
+        get:
+            operationId: GetGiteaCredentials
+            parameters:
+                - description: ID of the Gitea credential.
+                  in: path
+                  name: id
+                  required: true
+                  type: integer
+            responses:
+                "200":
+                    description: ForgeCredentials
+                    schema:
+                        $ref: '#/definitions/ForgeCredentials'
+                "400":
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Get a Gitea credential.
+            tags:
+                - credentials
+        put:
+            operationId: UpdateGiteaCredentials
+            parameters:
+                - description: ID of the Gitea credential.
+                  in: path
+                  name: id
+                  required: true
+                  type: integer
+                - description: Parameters used when updating a Gitea credential.
+                  in: body
+                  name: Body
+                  required: true
+                  schema:
+                    $ref: '#/definitions/UpdateGiteaCredentialsParams'
+                    description: Parameters used when updating a Gitea credential.
+                    type: object
+            responses:
+                "200":
+                    description: ForgeCredentials
+                    schema:
+                        $ref: '#/definitions/ForgeCredentials'
+                "400":
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Update a Gitea credential.
+            tags:
+                - credentials
+    /gitea/endpoints:
+        get:
+            operationId: ListGiteaEndpoints
+            responses:
+                "200":
+                    description: ForgeEndpoints
+                    schema:
+                        $ref: '#/definitions/ForgeEndpoints'
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: List all Gitea Endpoints.
+            tags:
+                - endpoints
+        post:
+            operationId: CreateGiteaEndpoint
+            parameters:
+                - description: Parameters used when creating a Gitea endpoint.
+                  in: body
+                  name: Body
+                  required: true
+                  schema:
+                    $ref: '#/definitions/CreateGiteaEndpointParams'
+                    description: Parameters used when creating a Gitea endpoint.
+                    type: object
+            responses:
+                "200":
+                    description: ForgeEndpoint
+                    schema:
+                        $ref: '#/definitions/ForgeEndpoint'
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Create a Gitea Endpoint.
+            tags:
+                - endpoints
+    /gitea/endpoints/{name}:
+        delete:
+            operationId: DeleteGiteaEndpoint
+            parameters:
+                - description: The name of the Gitea endpoint.
+                  in: path
+                  name: name
+                  required: true
+                  type: string
+            responses:
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Delete a Gitea Endpoint.
+            tags:
+                - endpoints
+        get:
+            operationId: GetGiteaEndpoint
+            parameters:
+                - description: The name of the Gitea endpoint.
+                  in: path
+                  name: name
+                  required: true
+                  type: string
+            responses:
+                "200":
+                    description: ForgeEndpoint
+                    schema:
+                        $ref: '#/definitions/ForgeEndpoint'
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Get a Gitea Endpoint.
+            tags:
+                - endpoints
+        put:
+            operationId: UpdateGiteaEndpoint
+            parameters:
+                - description: The name of the Gitea endpoint.
+                  in: path
+                  name: name
+                  required: true
+                  type: string
+                - description: Parameters used when updating a Gitea endpoint.
+                  in: body
+                  name: Body
+                  required: true
+                  schema:
+                    $ref: '#/definitions/UpdateGiteaEndpointParams'
+                    description: Parameters used when updating a Gitea endpoint.
+                    type: object
+            responses:
+                "200":
+                    description: ForgeEndpoint
+                    schema:
+                        $ref: '#/definitions/ForgeEndpoint'
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Update a Gitea Endpoint.
+            tags:
+                - endpoints
+    /github/credentials:
+        get:
+            operationId: ListCredentials
+            responses:
+                "200":
+                    description: Credentials
+                    schema:
+                        $ref: '#/definitions/Credentials'
+                "400":
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: List all credentials.
+            tags:
+                - credentials
+        post:
+            operationId: CreateCredentials
+            parameters:
+                - description: Parameters used when creating a GitHub credential.
+                  in: body
+                  name: Body
+                  required: true
+                  schema:
+                    $ref: '#/definitions/CreateGithubCredentialsParams'
+                    description: Parameters used when creating a GitHub credential.
+                    type: object
+            responses:
+                "200":
+                    description: ForgeCredentials
+                    schema:
+                        $ref: '#/definitions/ForgeCredentials'
+                "400":
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Create a GitHub credential.
+            tags:
+                - credentials
+    /github/credentials/{id}:
+        delete:
+            operationId: DeleteCredentials
+            parameters:
+                - description: ID of the GitHub credential.
+                  in: path
+                  name: id
+                  required: true
+                  type: integer
+            responses:
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Delete a GitHub credential.
+            tags:
+                - credentials
+        get:
+            operationId: GetCredentials
+            parameters:
+                - description: ID of the GitHub credential.
+                  in: path
+                  name: id
+                  required: true
+                  type: integer
+            responses:
+                "200":
+                    description: ForgeCredentials
+                    schema:
+                        $ref: '#/definitions/ForgeCredentials'
+                "400":
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Get a GitHub credential.
+            tags:
+                - credentials
+        put:
+            operationId: UpdateCredentials
+            parameters:
+                - description: ID of the GitHub credential.
+                  in: path
+                  name: id
+                  required: true
+                  type: integer
+                - description: Parameters used when updating a GitHub credential.
+                  in: body
+                  name: Body
+                  required: true
+                  schema:
+                    $ref: '#/definitions/UpdateGithubCredentialsParams'
+                    description: Parameters used when updating a GitHub credential.
+                    type: object
+            responses:
+                "200":
+                    description: ForgeCredentials
+                    schema:
+                        $ref: '#/definitions/ForgeCredentials'
+                "400":
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Update a GitHub credential.
+            tags:
+                - credentials
+    /github/endpoints:
+        get:
+            operationId: ListGithubEndpoints
+            responses:
+                "200":
+                    description: ForgeEndpoints
+                    schema:
+                        $ref: '#/definitions/ForgeEndpoints'
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: List all GitHub Endpoints.
+            tags:
+                - endpoints
+        post:
+            operationId: CreateGithubEndpoint
+            parameters:
+                - description: Parameters used when creating a GitHub endpoint.
+                  in: body
+                  name: Body
+                  required: true
+                  schema:
+                    $ref: '#/definitions/CreateGithubEndpointParams'
+                    description: Parameters used when creating a GitHub endpoint.
+                    type: object
+            responses:
+                "200":
+                    description: ForgeEndpoint
+                    schema:
+                        $ref: '#/definitions/ForgeEndpoint'
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Create a GitHub Endpoint.
+            tags:
+                - endpoints
+    /github/endpoints/{name}:
+        delete:
+            operationId: DeleteGithubEndpoint
+            parameters:
+                - description: The name of the GitHub endpoint.
+                  in: path
+                  name: name
+                  required: true
+                  type: string
+            responses:
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Delete a GitHub Endpoint.
+            tags:
+                - endpoints
+        get:
+            operationId: GetGithubEndpoint
+            parameters:
+                - description: The name of the GitHub endpoint.
+                  in: path
+                  name: name
+                  required: true
+                  type: string
+            responses:
+                "200":
+                    description: ForgeEndpoint
+                    schema:
+                        $ref: '#/definitions/ForgeEndpoint'
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Get a GitHub Endpoint.
+            tags:
+                - endpoints
+        put:
+            operationId: UpdateGithubEndpoint
+            parameters:
+                - description: The name of the GitHub endpoint.
+                  in: path
+                  name: name
+                  required: true
+                  type: string
+                - description: Parameters used when updating a GitHub endpoint.
+                  in: body
+                  name: Body
+                  required: true
+                  schema:
+                    $ref: '#/definitions/UpdateGithubEndpointParams'
+                    description: Parameters used when updating a GitHub endpoint.
+                    type: object
+            responses:
+                "200":
+                    description: ForgeEndpoint
+                    schema:
+                        $ref: '#/definitions/ForgeEndpoint'
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Update a GitHub Endpoint.
+            tags:
+                - endpoints
     /instances:
         get:
             operationId: ListInstances
@@ -601,6 +1198,10 @@ paths:
                   in: query
                   name: forceRemove
                   type: boolean
+                - description: If true GARM will ignore unauthorized errors returned by GitHub when removing a runner. This is useful if you want to clean up runners and your credentials have expired.
+                  in: query
+                  name: bypassGHUnauthorized
+                  type: boolean
             responses:
                 default:
                     description: APIErrorResponse
@@ -662,6 +1263,15 @@ paths:
     /organizations:
         get:
             operationId: ListOrgs
+            parameters:
+                - description: Exact organization name to filter by
+                  in: query
+                  name: name
+                  type: string
+                - description: Exact endpoint name to filter by
+                  in: query
+                  name: endpoint
+                  type: string
             responses:
                 "200":
                     description: Organizations
@@ -922,6 +1532,57 @@ paths:
             tags:
                 - organizations
                 - pools
+    /organizations/{orgID}/scalesets:
+        get:
+            operationId: ListOrgScaleSets
+            parameters:
+                - description: Organization ID.
+                  in: path
+                  name: orgID
+                  required: true
+                  type: string
+            responses:
+                "200":
+                    description: ScaleSets
+                    schema:
+                        $ref: '#/definitions/ScaleSets'
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: List organization scale sets.
+            tags:
+                - organizations
+                - scalesets
+        post:
+            operationId: CreateOrgScaleSet
+            parameters:
+                - description: Organization ID.
+                  in: path
+                  name: orgID
+                  required: true
+                  type: string
+                - description: Parameters used when creating the organization scale set.
+                  in: body
+                  name: Body
+                  required: true
+                  schema:
+                    $ref: '#/definitions/CreateScaleSetParams'
+                    description: Parameters used when creating the organization scale set.
+                    type: object
+            responses:
+                "200":
+                    description: ScaleSet
+                    schema:
+                        $ref: '#/definitions/ScaleSet'
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Create organization scale set with the parameters given.
+            tags:
+                - organizations
+                - scalesets
     /organizations/{orgID}/webhook:
         delete:
             operationId: UninstallOrgWebhook
@@ -1111,6 +1772,19 @@ paths:
     /repositories:
         get:
             operationId: ListRepos
+            parameters:
+                - description: Exact owner name to filter by
+                  in: query
+                  name: owner
+                  type: string
+                - description: Exact repository name to filter by
+                  in: query
+                  name: name
+                  type: string
+                - description: Exact endpoint name to filter by
+                  in: query
+                  name: endpoint
+                  type: string
             responses:
                 "200":
                     description: Repositories
@@ -1371,6 +2045,57 @@ paths:
             tags:
                 - repositories
                 - pools
+    /repositories/{repoID}/scalesets:
+        get:
+            operationId: ListRepoScaleSets
+            parameters:
+                - description: Repository ID.
+                  in: path
+                  name: repoID
+                  required: true
+                  type: string
+            responses:
+                "200":
+                    description: ScaleSets
+                    schema:
+                        $ref: '#/definitions/ScaleSets'
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: List repository scale sets.
+            tags:
+                - repositories
+                - scalesets
+        post:
+            operationId: CreateRepoScaleSet
+            parameters:
+                - description: Repository ID.
+                  in: path
+                  name: repoID
+                  required: true
+                  type: string
+                - description: Parameters used when creating the repository scale set.
+                  in: body
+                  name: Body
+                  required: true
+                  schema:
+                    $ref: '#/definitions/CreateScaleSetParams'
+                    description: Parameters used when creating the repository scale set.
+                    type: object
+            responses:
+                "200":
+                    description: ScaleSet
+                    schema:
+                        $ref: '#/definitions/ScaleSet'
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Create repository scale set with the parameters given.
+            tags:
+                - repositories
+                - scalesets
     /repositories/{repoID}/webhook:
         delete:
             operationId: UninstallRepoWebhook
@@ -1441,6 +2166,107 @@ paths:
             tags:
                 - repositories
                 - hooks
+    /scalesets:
+        get:
+            operationId: ListScalesets
+            responses:
+                "200":
+                    description: ScaleSets
+                    schema:
+                        $ref: '#/definitions/ScaleSets'
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: List all scalesets.
+            tags:
+                - scalesets
+    /scalesets/{scalesetID}:
+        delete:
+            operationId: DeleteScaleSet
+            parameters:
+                - description: ID of the scale set to delete.
+                  in: path
+                  name: scalesetID
+                  required: true
+                  type: string
+            responses:
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Delete scale set by ID.
+            tags:
+                - scalesets
+        get:
+            operationId: GetScaleSet
+            parameters:
+                - description: ID of the scale set to fetch.
+                  in: path
+                  name: scalesetID
+                  required: true
+                  type: string
+            responses:
+                "200":
+                    description: ScaleSet
+                    schema:
+                        $ref: '#/definitions/ScaleSet'
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Get scale set by ID.
+            tags:
+                - scalesets
+        put:
+            operationId: UpdateScaleSet
+            parameters:
+                - description: ID of the scale set to update.
+                  in: path
+                  name: scalesetID
+                  required: true
+                  type: string
+                - description: Parameters to update the scale set with.
+                  in: body
+                  name: Body
+                  required: true
+                  schema:
+                    $ref: '#/definitions/UpdateScaleSetParams'
+                    description: Parameters to update the scale set with.
+                    type: object
+            responses:
+                "200":
+                    description: ScaleSet
+                    schema:
+                        $ref: '#/definitions/ScaleSet'
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: Update scale set by ID.
+            tags:
+                - scalesets
+    /scalesets/{scalesetID}/instances:
+        get:
+            operationId: ListScaleSetInstances
+            parameters:
+                - description: Runner scale set ID.
+                  in: path
+                  name: scalesetID
+                  required: true
+                  type: string
+            responses:
+                "200":
+                    description: Instances
+                    schema:
+                        $ref: '#/definitions/Instances'
+                default:
+                    description: APIErrorResponse
+                    schema:
+                        $ref: '#/definitions/APIErrorResponse'
+            summary: List runner instances in a scale set.
+            tags:
+                - instances
 produces:
     - application/json
 security:

auth/admin_required.go

@@ -1,3 +1,16 @@
+// Copyright 2025 Cloudbase Solutions SRL
+//
+//	Licensed under the Apache License, Version 2.0 (the "License"); you may
+//	not use this file except in compliance with the License. You may obtain
+//	a copy of the License at
+//
+//	     http://www.apache.org/licenses/LICENSE-2.0
+//
+//	Unless required by applicable law or agreed to in writing, software
+//	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+//	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+//	License for the specific language governing permissions and limitations
+//	under the License.
 package auth
 
 import "net/http"

auth/auth.go

@@ -16,18 +16,19 @@ package auth
 
 import (
 	"context"
+	"errors"
+	"fmt"
 	"time"
 
+	jwt "github.com/golang-jwt/jwt/v5"
+	"github.com/nbutton23/zxcvbn-go"
+	"golang.org/x/crypto/bcrypt"
+
 	runnerErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm-provider-common/util"
 	"github.com/cloudbase/garm/config"
 	"github.com/cloudbase/garm/database/common"
 	"github.com/cloudbase/garm/params"
-
-	jwt "github.com/golang-jwt/jwt/v5"
-	"github.com/nbutton23/zxcvbn-go"
-	"github.com/pkg/errors"
-	"golang.org/x/crypto/bcrypt"
 )
 
 func NewAuthenticator(cfg config.JWTAuth, store common.Store) *Authenticator {
@@ -49,27 +50,30 @@ func (a *Authenticator) IsInitialized() bool {
 func (a *Authenticator) GetJWTToken(ctx context.Context) (string, error) {
 	tokenID, err := util.GetRandomString(16)
 	if err != nil {
-		return "", errors.Wrap(err, "generating random string")
+		return "", fmt.Errorf("error generating random string: %w", err)
 	}
 	expireToken := time.Now().Add(a.cfg.TimeToLive.Duration())
 	expires := &jwt.NumericDate{
 		Time: expireToken,
 	}
+	generation := PasswordGeneration(ctx)
 	claims := JWTClaims{
 		RegisteredClaims: jwt.RegisteredClaims{
 			ExpiresAt: expires,
+			// nolint:golangci-lint,godox
 			// TODO: make this configurable
 			Issuer: "garm",
 		},
-		UserID:   UserID(ctx),
-		TokenID:  tokenID,
-		IsAdmin:  IsAdmin(ctx),
-		FullName: FullName(ctx),
+		UserID:     UserID(ctx),
+		TokenID:    tokenID,
+		IsAdmin:    IsAdmin(ctx),
+		FullName:   FullName(ctx),
+		Generation: generation,
 	}
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 	tokenString, err := token.SignedString([]byte(a.cfg.Secret))
 	if err != nil {
-		return "", errors.Wrap(err, "fetching token string")
+		return "", fmt.Errorf("error fetching token string: %w", err)
 	}
 
 	return tokenString, nil
@@ -78,15 +82,15 @@ func (a *Authenticator) GetJWTToken(ctx context.Context) (string, error) {
 // GetJWTMetricsToken returns a JWT token that can be used to read metrics.
 // This token is not tied to a user, no user is stored in the db.
 func (a *Authenticator) GetJWTMetricsToken(ctx context.Context) (string, error) {
-
 	if !IsAdmin(ctx) {
 		return "", runnerErrors.ErrUnauthorized
 	}
 
 	tokenID, err := util.GetRandomString(16)
 	if err != nil {
-		return "", errors.Wrap(err, "generating random string")
+		return "", fmt.Errorf("error generating random string: %w", err)
 	}
+	// nolint:golangci-lint,godox
 	// TODO: currently this is the same TTL as the normal Token
 	// maybe we should make this configurable
 	// it's usually pretty nasty if the monitoring fails because the token expired
@@ -97,6 +101,7 @@ func (a *Authenticator) GetJWTMetricsToken(ctx context.Context) (string, error)
 	claims := JWTClaims{
 		RegisteredClaims: jwt.RegisteredClaims{
 			ExpiresAt: expires,
+			// nolint:golangci-lint,godox
 			// TODO: make this configurable
 			Issuer: "garm",
 		},
@@ -107,7 +112,7 @@ func (a *Authenticator) GetJWTMetricsToken(ctx context.Context) (string, error)
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 	tokenString, err := token.SignedString([]byte(a.cfg.Secret))
 	if err != nil {
-		return "", errors.Wrap(err, "fetching token string")
+		return "", fmt.Errorf("error fetching token string: %w", err)
 	}
 
 	return tokenString, nil
@@ -117,7 +122,7 @@ func (a *Authenticator) InitController(ctx context.Context, param params.NewUser
 	_, err := a.store.ControllerInfo()
 	if err != nil {
 		if !errors.Is(err, runnerErrors.ErrNotFound) {
-			return params.User{}, errors.Wrap(err, "initializing controller")
+			return params.User{}, fmt.Errorf("error initializing controller: %w", err)
 		}
 	}
 	if a.store.HasAdminUser(ctx) {
@@ -147,7 +152,7 @@ func (a *Authenticator) InitController(ctx context.Context, param params.NewUser
 
 	hashed, err := util.PaswsordToBcrypt(param.Password)
 	if err != nil {
-		return params.User{}, errors.Wrap(err, "creating user")
+		return params.User{}, fmt.Errorf("error creating user: %w", err)
 	}
 
 	param.Password = hashed
@@ -165,7 +170,7 @@ func (a *Authenticator) AuthenticateUser(ctx context.Context, info params.Passwo
 		if errors.Is(err, runnerErrors.ErrNotFound) {
 			return ctx, runnerErrors.ErrUnauthorized
 		}
-		return ctx, errors.Wrap(err, "authenticating")
+		return ctx, fmt.Errorf("error authenticating: %w", err)
 	}
 
 	if !user.Enabled {
@@ -180,5 +185,5 @@ func (a *Authenticator) AuthenticateUser(ctx context.Context, info params.Passwo
 		return ctx, runnerErrors.ErrUnauthorized
 	}
 
-	return PopulateContext(ctx, user), nil
+	return PopulateContext(ctx, user, nil), nil
 }

auth/context.go

@@ -16,6 +16,7 @@ package auth
 
 import (
 	"context"
+	"time"
 
 	runnerErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm/params"
@@ -28,9 +29,11 @@ const (
 	fullNameKey    contextFlags = "full_name"
 	readMetricsKey contextFlags = "read_metrics"
 	// UserIDFlag is the User ID flag we set in the context
-	UserIDFlag    contextFlags = "user_id"
-	isEnabledFlag contextFlags = "is_enabled"
-	jwtTokenFlag  contextFlags = "jwt_token"
+	UserIDFlag             contextFlags = "user_id"
+	isEnabledFlag          contextFlags = "is_enabled"
+	jwtTokenFlag           contextFlags = "jwt_token"
+	authExpiresFlag        contextFlags = "auth_expires"
+	passwordGenerationFlag contextFlags = "password_generation"
 
 	instanceIDKey        contextFlags = "id"
 	instanceNameKey      contextFlags = "name"
@@ -41,8 +44,21 @@ const (
 	instanceTokenFetched contextFlags = "tokenFetched"
 	instanceHasJITConfig contextFlags = "hasJITConfig"
 	instanceParams       contextFlags = "instanceParams"
+	instanceForgeTypeKey contextFlags = "forge_type"
 )
 
+func SetInstanceForgeType(ctx context.Context, val string) context.Context {
+	return context.WithValue(ctx, instanceForgeTypeKey, val)
+}
+
+func InstanceForgeType(ctx context.Context) params.EndpointType {
+	elem := ctx.Value(instanceForgeTypeKey)
+	if elem == nil {
+		return ""
+	}
+	return elem.(params.EndpointType)
+}
+
 func SetInstanceID(ctx context.Context, id string) context.Context {
 	return context.WithValue(ctx, instanceIDKey, id)
 }
@@ -156,7 +172,7 @@ func InstanceEntity(ctx context.Context) string {
 	return elem.(string)
 }
 
-func PopulateInstanceContext(ctx context.Context, instance params.Instance) context.Context {
+func PopulateInstanceContext(ctx context.Context, instance params.Instance, claims *InstanceJWTClaims) context.Context {
 	ctx = SetInstanceID(ctx, instance.ID)
 	ctx = SetInstanceName(ctx, instance.Name)
 	ctx = SetInstancePoolID(ctx, instance.PoolID)
@@ -164,19 +180,49 @@ func PopulateInstanceContext(ctx context.Context, instance params.Instance) cont
 	ctx = SetInstanceTokenFetched(ctx, instance.TokenFetched)
 	ctx = SetInstanceHasJITConfig(ctx, instance.JitConfiguration)
 	ctx = SetInstanceParams(ctx, instance)
+	ctx = SetInstanceForgeType(ctx, claims.ForgeType)
 	return ctx
 }
 
 // PopulateContext sets the appropriate fields in the context, based on
 // the user object
-func PopulateContext(ctx context.Context, user params.User) context.Context {
+func PopulateContext(ctx context.Context, user params.User, authExpires *time.Time) context.Context {
 	ctx = SetUserID(ctx, user.ID)
 	ctx = SetAdmin(ctx, user.IsAdmin)
 	ctx = SetIsEnabled(ctx, user.Enabled)
 	ctx = SetFullName(ctx, user.FullName)
+	ctx = SetExpires(ctx, authExpires)
+	ctx = SetPasswordGeneration(ctx, user.Generation)
 	return ctx
 }
 
+func SetExpires(ctx context.Context, expires *time.Time) context.Context {
+	if expires == nil {
+		return ctx
+	}
+	return context.WithValue(ctx, authExpiresFlag, expires)
+}
+
+func Expires(ctx context.Context) *time.Time {
+	elem := ctx.Value(authExpiresFlag)
+	if elem == nil {
+		return nil
+	}
+	return elem.(*time.Time)
+}
+
+func SetPasswordGeneration(ctx context.Context, val uint) context.Context {
+	return context.WithValue(ctx, passwordGenerationFlag, val)
+}
+
+func PasswordGeneration(ctx context.Context) uint {
+	elem := ctx.Value(passwordGenerationFlag)
+	if elem == nil {
+		return 0
+	}
+	return elem.(uint)
+}
+
 // SetFullName sets the user full name in the context
 func SetFullName(ctx context.Context, fullName string) context.Context {
 	return context.WithValue(ctx, fullNameKey, fullName)
@@ -238,8 +284,10 @@ func UserID(ctx context.Context) string {
 
 // GetAdminContext will return an admin context. This can be used internally
 // when fetching users.
-func GetAdminContext() context.Context {
-	ctx := context.Background()
+func GetAdminContext(ctx context.Context) context.Context {
+	if ctx == nil {
+		ctx = context.Background()
+	}
 	ctx = SetUserID(ctx, "")
 	ctx = SetAdmin(ctx, true)
 	ctx = SetIsEnabled(ctx, true)

auth/init_required.go

@@ -16,7 +16,7 @@ package auth
 
 import (
 	"encoding/json"
-	"log"
+	"log/slog"
 	"net/http"
 
 	"github.com/cloudbase/garm/apiserver/params"
@@ -37,16 +37,44 @@ type initRequired struct {
 // Middleware implements the middleware interface
 func (i *initRequired) Middleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		ctrlInfo, err := i.store.ControllerInfo()
-		if err != nil || ctrlInfo.ControllerID.String() == "" {
+		ctx := r.Context()
+
+		if !i.store.HasAdminUser(ctx) {
 			w.Header().Add("Content-Type", "application/json")
 			w.WriteHeader(http.StatusConflict)
 			if err := json.NewEncoder(w).Encode(params.InitializationRequired); err != nil {
-				log.Printf("failed to encode response: %s", err)
+				slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 			}
 			return
 		}
-		ctx := r.Context()
+
+		next.ServeHTTP(w, r.WithContext(ctx))
+	})
+}
+
+func NewUrlsRequiredMiddleware(store common.Store) (Middleware, error) {
+	return &urlsRequired{
+		store: store,
+	}, nil
+}
+
+type urlsRequired struct {
+	store common.Store
+}
+
+func (u *urlsRequired) Middleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		ctx := r.Context()
+		ctrlInfo, err := u.store.ControllerInfo()
+		if err != nil || ctrlInfo.MetadataURL == "" || ctrlInfo.CallbackURL == "" {
+			w.Header().Add("Content-Type", "application/json")
+			w.WriteHeader(http.StatusConflict)
+			if err := json.NewEncoder(w).Encode(params.URLsRequired); err != nil {
+				slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
+			}
+			return
+		}
+
 		next.ServeHTTP(w, r.WithContext(ctx))
 	})
 }

auth/instance_middleware.go

@@ -17,18 +17,20 @@ package auth
 import (
 	"context"
 	"fmt"
+	"log/slog"
+	"math"
 	"net/http"
 	"strings"
 	"time"
 
+	jwt "github.com/golang-jwt/jwt/v5"
+
 	runnerErrors "github.com/cloudbase/garm-provider-common/errors"
+	commonParams "github.com/cloudbase/garm-provider-common/params"
 	"github.com/cloudbase/garm/config"
 	dbCommon "github.com/cloudbase/garm/database/common"
 	"github.com/cloudbase/garm/params"
 	"github.com/cloudbase/garm/runner/common"
-
-	jwt "github.com/golang-jwt/jwt/v5"
-	"github.com/pkg/errors"
 )
 
 // InstanceJWTClaims holds JWT claims
@@ -37,17 +39,38 @@ type InstanceJWTClaims struct {
 	Name   string `json:"name"`
 	PoolID string `json:"provider_id"`
 	// Scope is either repository or organization
-	Scope params.PoolType `json:"scope"`
+	Scope params.ForgeEntityType `json:"scope"`
 	// Entity is the repo or org name
-	Entity string `json:"entity"`
+	Entity        string `json:"entity"`
+	CreateAttempt int    `json:"create_attempt"`
+	ForgeType     string `json:"forge_type"`
 	jwt.RegisteredClaims
 }
 
-func NewInstanceJWTToken(instance params.Instance, secret, entity string, poolType params.PoolType, ttlMinutes uint) (string, error) {
+func NewInstanceTokenGetter(jwtSecret string) (InstanceTokenGetter, error) {
+	if jwtSecret == "" {
+		return nil, fmt.Errorf("jwt secret is required")
+	}
+	return &instanceToken{
+		jwtSecret: jwtSecret,
+	}, nil
+}
+
+type instanceToken struct {
+	jwtSecret string
+}
+
+func (i *instanceToken) NewInstanceJWTToken(instance params.Instance, entity params.ForgeEntity, entityType params.ForgeEntityType, ttlMinutes uint) (string, error) {
 	// Token expiration is equal to the bootstrap timeout set on the pool plus the polling
 	// interval garm uses to check for timed out runners. Runners that have not sent their info
 	// by the end of this interval are most likely failed and will be reaped by garm anyway.
-	expireToken := time.Now().Add(time.Duration(ttlMinutes)*time.Minute + common.PoolReapTimeoutInterval)
+	var ttl int
+	if ttlMinutes > math.MaxInt {
+		ttl = math.MaxInt
+	} else {
+		ttl = int(ttlMinutes)
+	}
+	expireToken := time.Now().Add(time.Duration(ttl)*time.Minute + common.PoolReapTimeoutInterval)
 	expires := &jwt.NumericDate{
 		Time: expireToken,
 	}
@@ -56,16 +79,18 @@ func NewInstanceJWTToken(instance params.Instance, secret, entity string, poolTy
 			ExpiresAt: expires,
 			Issuer:    "garm",
 		},
-		ID:     instance.ID,
-		Name:   instance.Name,
-		PoolID: instance.PoolID,
-		Scope:  poolType,
-		Entity: entity,
+		ID:            instance.ID,
+		Name:          instance.Name,
+		PoolID:        instance.PoolID,
+		Scope:         entityType,
+		Entity:        entity.String(),
+		ForgeType:     string(entity.Credentials.ForgeType),
+		CreateAttempt: instance.CreateAttempt,
 	}
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
-	tokenString, err := token.SignedString([]byte(secret))
+	tokenString, err := token.SignedString([]byte(i.jwtSecret))
 	if err != nil {
-		return "", errors.Wrap(err, "signing token")
+		return "", fmt.Errorf("error signing token: %w", err)
 	}
 
 	return tokenString, nil
@@ -95,29 +120,30 @@ func (amw *instanceMiddleware) claimsToContext(ctx context.Context, claims *Inst
 		return nil, runnerErrors.ErrUnauthorized
 	}
 
-	instanceInfo, err := amw.store.GetInstanceByName(ctx, claims.Name)
+	instanceInfo, err := amw.store.GetInstance(ctx, claims.Name)
 	if err != nil {
 		return ctx, runnerErrors.ErrUnauthorized
 	}
 
-	ctx = PopulateInstanceContext(ctx, instanceInfo)
+	ctx = PopulateInstanceContext(ctx, instanceInfo, claims)
 	return ctx, nil
 }
 
 // Middleware implements the middleware interface
 func (amw *instanceMiddleware) Middleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// nolint:golangci-lint,godox
 		// TODO: Log error details when authentication fails
 		ctx := r.Context()
 		authorizationHeader := r.Header.Get("authorization")
 		if authorizationHeader == "" {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 
 		bearerToken := strings.Split(authorizationHeader, " ")
 		if len(bearerToken) != 2 {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 
@@ -128,32 +154,61 @@ func (amw *instanceMiddleware) Middleware(next http.Handler) http.Handler {
 			}
 			return []byte(amw.cfg.Secret), nil
 		})
-
 		if err != nil {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 
 		if !token.Valid {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 
 		ctx, err = amw.claimsToContext(ctx, claims)
 		if err != nil {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 
 		if InstanceID(ctx) == "" {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 
 		runnerStatus := InstanceRunnerStatus(ctx)
 		if runnerStatus != params.RunnerInstalling && runnerStatus != params.RunnerPending {
 			// Instances that have finished installing can no longer authenticate to the API
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
+			return
+		}
+
+		instanceParams, err := InstanceParams(ctx)
+		if err != nil {
+			slog.InfoContext(
+				ctx, "could not find instance params",
+				"runner_name", InstanceName(ctx))
+			invalidAuthResponse(ctx, w)
+			return
+		}
+
+		// Token was generated for a previous attempt at creating this instance.
+		if claims.CreateAttempt != instanceParams.CreateAttempt {
+			slog.InfoContext(
+				ctx, "invalid token create attempt",
+				"runner_name", InstanceName(ctx),
+				"token_create_attempt", claims.CreateAttempt,
+				"instance_create_attempt", instanceParams.CreateAttempt)
+			invalidAuthResponse(ctx, w)
+			return
+		}
+
+		// Only allow instances that are in the creating or running state to authenticate.
+		if instanceParams.Status != commonParams.InstanceCreating && instanceParams.Status != commonParams.InstanceRunning {
+			slog.InfoContext(
+				ctx, "invalid instance status",
+				"runner_name", InstanceName(ctx),
+				"status", instanceParams.Status)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 

auth/interfaces.go

@@ -14,9 +14,17 @@
 
 package auth
 
-import "net/http"
+import (
+	"net/http"
+
+	"github.com/cloudbase/garm/params"
+)
 
 // Middleware defines an authentication middleware
 type Middleware interface {
 	Middleware(next http.Handler) http.Handler
 }
+
+type InstanceTokenGetter interface {
+	NewInstanceJWTToken(instance params.Instance, entity params.ForgeEntity, poolType params.ForgeEntityType, ttlMinutes uint) (string, error)
+}

auth/jwt.go

@@ -18,16 +18,17 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"log"
+	"log/slog"
 	"net/http"
 	"strings"
+	"time"
+
+	jwt "github.com/golang-jwt/jwt/v5"
 
 	runnerErrors "github.com/cloudbase/garm-provider-common/errors"
 	apiParams "github.com/cloudbase/garm/apiserver/params"
 	"github.com/cloudbase/garm/config"
 	dbCommon "github.com/cloudbase/garm/database/common"
-
-	jwt "github.com/golang-jwt/jwt/v5"
 )
 
 // JWTClaims holds JWT claims
@@ -37,6 +38,7 @@ type JWTClaims struct {
 	FullName    string `json:"full_name"`
 	IsAdmin     bool   `json:"is_admin"`
 	ReadMetrics bool   `json:"read_metrics"`
+	Generation  uint   `json:"generation"`
 	jwt.RegisteredClaims
 }
 
@@ -69,63 +71,85 @@ func (amw *jwtMiddleware) claimsToContext(ctx context.Context, claims *JWTClaims
 		return ctx, runnerErrors.ErrUnauthorized
 	}
 
-	ctx = PopulateContext(ctx, userInfo)
+	var expiresAt *time.Time
+	if claims.ExpiresAt != nil {
+		expires := claims.ExpiresAt.Time.UTC()
+		expiresAt = &expires
+	}
+
+	if userInfo.Generation != claims.Generation {
+		// Password was reset since token was issued. Invalidate.
+		return ctx, runnerErrors.ErrUnauthorized
+	}
+
+	ctx = PopulateContext(ctx, userInfo, expiresAt)
 	return ctx, nil
 }
 
-func invalidAuthResponse(w http.ResponseWriter) {
+func invalidAuthResponse(ctx context.Context, w http.ResponseWriter) {
 	w.Header().Add("Content-Type", "application/json")
 	w.WriteHeader(http.StatusUnauthorized)
 	if err := json.NewEncoder(w).Encode(
 		apiParams.APIErrorResponse{
 			Error: "Authentication failed",
 		}); err != nil {
-		log.Printf("failed to encode response: %s", err)
+		slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
 	}
 }
 
+func (amw *jwtMiddleware) getTokenFromRequest(r *http.Request) (string, error) {
+	authorizationHeader := r.Header.Get("authorization")
+	if authorizationHeader == "" {
+		cookie, err := r.Cookie("garm_token")
+		if err != nil {
+			return "", fmt.Errorf("failed to get cookie: %w", err)
+		}
+		return cookie.Value, nil
+	}
+
+	bearerToken := strings.Split(authorizationHeader, " ")
+	if len(bearerToken) != 2 {
+		return "", fmt.Errorf("invalid auth header")
+	}
+	return bearerToken[1], nil
+}
+
 // Middleware implements the middleware interface
 func (amw *jwtMiddleware) Middleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// nolint:golangci-lint,godox
 		// TODO: Log error details when authentication fails
 		ctx := r.Context()
-		authorizationHeader := r.Header.Get("authorization")
-		if authorizationHeader == "" {
-			invalidAuthResponse(w)
+		authToken, err := amw.getTokenFromRequest(r)
+		if err != nil {
+			slog.ErrorContext(ctx, "failed to get auth token", "error", err)
+			invalidAuthResponse(ctx, w)
 			return
 		}
-
-		bearerToken := strings.Split(authorizationHeader, " ")
-		if len(bearerToken) != 2 {
-			invalidAuthResponse(w)
-			return
-		}
-
 		claims := &JWTClaims{}
-		token, err := jwt.ParseWithClaims(bearerToken[1], claims, func(token *jwt.Token) (interface{}, error) {
+		token, err := jwt.ParseWithClaims(authToken, claims, func(token *jwt.Token) (interface{}, error) {
 			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
 				return nil, fmt.Errorf("invalid signing method")
 			}
 			return []byte(amw.cfg.Secret), nil
 		})
-
 		if err != nil {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 
 		if !token.Valid {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 
 		ctx, err = amw.claimsToContext(ctx, claims)
 		if err != nil {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 		if !IsEnabled(ctx) {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 

auth/metrics.go

@@ -1,3 +1,16 @@
+// Copyright 2025 Cloudbase Solutions SRL
+//
+//	Licensed under the Apache License, Version 2.0 (the "License"); you may
+//	not use this file except in compliance with the License. You may obtain
+//	a copy of the License at
+//
+//	     http://www.apache.org/licenses/LICENSE-2.0
+//
+//	Unless required by applicable law or agreed to in writing, software
+//	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+//	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+//	License for the specific language governing permissions and limitations
+//	under the License.
 package auth
 
 import (
@@ -6,9 +19,9 @@ import (
 	"net/http"
 	"strings"
 
-	"github.com/cloudbase/garm/config"
-
 	jwt "github.com/golang-jwt/jwt/v5"
+
+	"github.com/cloudbase/garm/config"
 )
 
 type MetricsMiddleware struct {
@@ -23,17 +36,16 @@ func NewMetricsMiddleware(cfg config.JWTAuth) (*MetricsMiddleware, error) {
 
 func (m *MetricsMiddleware) Middleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-
 		ctx := r.Context()
 		authorizationHeader := r.Header.Get("authorization")
 		if authorizationHeader == "" {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 
 		bearerToken := strings.Split(authorizationHeader, " ")
 		if len(bearerToken) != 2 {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 
@@ -44,20 +56,19 @@ func (m *MetricsMiddleware) Middleware(next http.Handler) http.Handler {
 			}
 			return []byte(m.cfg.Secret), nil
 		})
-
 		if err != nil {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 
 		if !token.Valid {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 
 		// we fully trust the claims
 		if !claims.ReadMetrics {
-			invalidAuthResponse(w)
+			invalidAuthResponse(ctx, w)
 			return
 		}
 

build-webapp.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -e
+
+echo "Building GARM SPA (SvelteKit)..."
+
+# Navigate to webapp directory
+cd webapp
+
+# Install dependencies if node_modules doesn't exist
+npm install
+
+# Build the SPA
+echo "Building SPA..."
+npm run build
+echo "SPA built successfully!"

cache/credentials_cache.go

@@ -0,0 +1,148 @@
+// Copyright 2025 Cloudbase Solutions SRL
+//
+//	Licensed under the Apache License, Version 2.0 (the "License"); you may
+//	not use this file except in compliance with the License. You may obtain
+//	a copy of the License at
+//
+//	     http://www.apache.org/licenses/LICENSE-2.0
+//
+//	Unless required by applicable law or agreed to in writing, software
+//	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+//	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+//	License for the specific language governing permissions and limitations
+//	under the License.
+package cache
+
+import (
+	"sync"
+
+	"github.com/cloudbase/garm/params"
+)
+
+var (
+	credentialsCache      *CredentialCache
+	giteaCredentialsCache *CredentialCache
+)
+
+func init() {
+	ghCredentialsCache := &CredentialCache{
+		cache: make(map[uint]params.ForgeCredentials),
+	}
+	gtCredentialsCache := &CredentialCache{
+		cache: make(map[uint]params.ForgeCredentials),
+	}
+
+	credentialsCache = ghCredentialsCache
+	giteaCredentialsCache = gtCredentialsCache
+}
+
+type CredentialCache struct {
+	mux sync.Mutex
+
+	cache map[uint]params.ForgeCredentials
+}
+
+func (g *CredentialCache) SetCredentialsRateLimit(credsID uint, rateLimit params.GithubRateLimit) {
+	g.mux.Lock()
+	defer g.mux.Unlock()
+
+	if creds, ok := g.cache[credsID]; ok {
+		creds.RateLimit = &rateLimit
+		g.cache[credsID] = creds
+	}
+}
+
+func (g *CredentialCache) SetCredentials(credentials params.ForgeCredentials) {
+	g.mux.Lock()
+	defer g.mux.Unlock()
+
+	g.cache[credentials.ID] = credentials
+	UpdateCredentialsInAffectedEntities(credentials)
+}
+
+func (g *CredentialCache) GetCredentials(id uint) (params.ForgeCredentials, bool) {
+	g.mux.Lock()
+	defer g.mux.Unlock()
+
+	if creds, ok := g.cache[id]; ok {
+		return creds, true
+	}
+	return params.ForgeCredentials{}, false
+}
+
+func (g *CredentialCache) DeleteCredentials(id uint) {
+	g.mux.Lock()
+	defer g.mux.Unlock()
+
+	delete(g.cache, id)
+}
+
+func (g *CredentialCache) GetAllCredentials() []params.ForgeCredentials {
+	g.mux.Lock()
+	defer g.mux.Unlock()
+
+	creds := make([]params.ForgeCredentials, 0, len(g.cache))
+	for _, cred := range g.cache {
+		creds = append(creds, cred)
+	}
+
+	// Sort the credentials by ID
+	sortByID(creds)
+	return creds
+}
+
+func (g *CredentialCache) GetAllCredentialsAsMap() map[uint]params.ForgeCredentials {
+	g.mux.Lock()
+	defer g.mux.Unlock()
+
+	creds := make(map[uint]params.ForgeCredentials, len(g.cache))
+	for id, cred := range g.cache {
+		creds[id] = cred
+	}
+
+	return creds
+}
+
+func SetGithubCredentials(credentials params.ForgeCredentials) {
+	credentialsCache.SetCredentials(credentials)
+}
+
+func GetGithubCredentials(id uint) (params.ForgeCredentials, bool) {
+	return credentialsCache.GetCredentials(id)
+}
+
+func DeleteGithubCredentials(id uint) {
+	credentialsCache.DeleteCredentials(id)
+}
+
+func GetAllGithubCredentials() []params.ForgeCredentials {
+	return credentialsCache.GetAllCredentials()
+}
+
+func SetCredentialsRateLimit(credsID uint, rateLimit params.GithubRateLimit) {
+	credentialsCache.SetCredentialsRateLimit(credsID, rateLimit)
+}
+
+func GetAllGithubCredentialsAsMap() map[uint]params.ForgeCredentials {
+	return credentialsCache.GetAllCredentialsAsMap()
+}
+
+func SetGiteaCredentials(credentials params.ForgeCredentials) {
+	giteaCredentialsCache.SetCredentials(credentials)
+}
+
+func GetGiteaCredentials(id uint) (params.ForgeCredentials, bool) {
+	return giteaCredentialsCache.GetCredentials(id)
+}
+
+func DeleteGiteaCredentials(id uint) {
+	giteaCredentialsCache.DeleteCredentials(id)
+}
+
+func GetAllGiteaCredentials() []params.ForgeCredentials {
+	return giteaCredentialsCache.GetAllCredentials()
+}
+
+func GetAllGiteaCredentialsAsMap() map[uint]params.ForgeCredentials {
+	return giteaCredentialsCache.GetAllCredentialsAsMap()
+}

cache/entity_cache.go

@@ -0,0 +1,435 @@
+// Copyright 2025 Cloudbase Solutions SRL
+//
+//	Licensed under the Apache License, Version 2.0 (the "License"); you may
+//	not use this file except in compliance with the License. You may obtain
+//	a copy of the License at
+//
+//	     http://www.apache.org/licenses/LICENSE-2.0
+//
+//	Unless required by applicable law or agreed to in writing, software
+//	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+//	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+//	License for the specific language governing permissions and limitations
+//	under the License.
+package cache
+
+import (
+	"sync"
+	"time"
+
+	"github.com/cloudbase/garm/params"
+)
+
+var entityCache *EntityCache
+
+func init() {
+	ghEntityCache := &EntityCache{
+		entities: make(map[string]EntityItem),
+	}
+	entityCache = ghEntityCache
+}
+
+type RunnerGroupEntry struct {
+	RunnerGroupID int64
+	time          time.Time
+}
+
+type EntityItem struct {
+	Entity       params.ForgeEntity
+	Pools        map[string]params.Pool
+	ScaleSets    map[uint]params.ScaleSet
+	RunnerGroups map[string]RunnerGroupEntry
+}
+
+type EntityCache struct {
+	mux sync.Mutex
+	// entity IDs are UUID4s. It is highly unlikely they will collide (🤞).
+	entities map[string]EntityItem
+}
+
+func (e *EntityCache) UpdateCredentialsInAffectedEntities(creds params.ForgeCredentials) {
+	e.mux.Lock()
+	defer e.mux.Unlock()
+
+	for entityID, cache := range e.entities {
+		if cache.Entity.Credentials.GetID() == creds.GetID() {
+			cache.Entity.Credentials = creds
+			e.entities[entityID] = cache
+		}
+	}
+}
+
+func (e *EntityCache) GetEntity(entityID string) (params.ForgeEntity, bool) {
+	e.mux.Lock()
+	defer e.mux.Unlock()
+
+	if cache, ok := e.entities[entityID]; ok {
+		var creds params.ForgeCredentials
+		var ok bool
+		switch cache.Entity.Credentials.ForgeType {
+		case params.GithubEndpointType:
+			creds, ok = GetGithubCredentials(cache.Entity.Credentials.ID)
+		case params.GiteaEndpointType:
+			creds, ok = GetGiteaCredentials(cache.Entity.Credentials.ID)
+		}
+		if ok {
+			cache.Entity.Credentials = creds
+		}
+		return cache.Entity, true
+	}
+	return params.ForgeEntity{}, false
+}
+
+func (e *EntityCache) SetEntity(entity params.ForgeEntity) {
+	e.mux.Lock()
+	defer e.mux.Unlock()
+
+	cache, ok := e.entities[entity.ID]
+	if !ok {
+		e.entities[entity.ID] = EntityItem{
+			Entity:       entity,
+			Pools:        make(map[string]params.Pool),
+			ScaleSets:    make(map[uint]params.ScaleSet),
+			RunnerGroups: make(map[string]RunnerGroupEntry),
+		}
+		return
+	}
+	cache.Entity = entity
+	e.entities[entity.ID] = cache
+}
+
+func (e *EntityCache) ReplaceEntityPools(entityID string, pools []params.Pool) {
+	e.mux.Lock()
+	defer e.mux.Unlock()
+
+	cache, ok := e.entities[entityID]
+	if !ok {
+		return
+	}
+
+	poolsByID := map[string]params.Pool{}
+	for _, pool := range pools {
+		poolsByID[pool.ID] = pool
+	}
+	cache.Pools = poolsByID
+	e.entities[entityID] = cache
+}
+
+func (e *EntityCache) ReplaceEntityScaleSets(entityID string, scaleSets []params.ScaleSet) {
+	e.mux.Lock()
+	defer e.mux.Unlock()
+
+	cache, ok := e.entities[entityID]
+	if !ok {
+		return
+	}
+
+	scaleSetsByID := map[uint]params.ScaleSet{}
+	for _, scaleSet := range scaleSets {
+		scaleSetsByID[scaleSet.ID] = scaleSet
+	}
+	cache.ScaleSets = scaleSetsByID
+	e.entities[entityID] = cache
+}
+
+func (e *EntityCache) DeleteEntity(entityID string) {
+	e.mux.Lock()
+	defer e.mux.Unlock()
+	delete(e.entities, entityID)
+}
+
+func (e *EntityCache) SetEntityPool(entityID string, pool params.Pool) {
+	e.mux.Lock()
+	defer e.mux.Unlock()
+
+	if cache, ok := e.entities[entityID]; ok {
+		cache.Pools[pool.ID] = pool
+		e.entities[entityID] = cache
+	}
+}
+
+func (e *EntityCache) SetEntityScaleSet(entityID string, scaleSet params.ScaleSet) {
+	e.mux.Lock()
+	defer e.mux.Unlock()
+
+	if cache, ok := e.entities[entityID]; ok {
+		cache.ScaleSets[scaleSet.ID] = scaleSet
+		e.entities[entityID] = cache
+	}
+}
+
+func (e *EntityCache) DeleteEntityPool(entityID string, poolID string) {
+	e.mux.Lock()
+	defer e.mux.Unlock()
+
+	if cache, ok := e.entities[entityID]; ok {
+		delete(cache.Pools, poolID)
+		e.entities[entityID] = cache
+	}
+}
+
+func (e *EntityCache) DeleteEntityScaleSet(entityID string, scaleSetID uint) {
+	e.mux.Lock()
+	defer e.mux.Unlock()
+
+	if cache, ok := e.entities[entityID]; ok {
+		delete(cache.ScaleSets, scaleSetID)
+		e.entities[entityID] = cache
+	}
+}
+
+func (e *EntityCache) GetEntityPool(entityID string, poolID string) (params.Pool, bool) {
+	e.mux.Lock()
+	defer e.mux.Unlock()
+
+	if cache, ok := e.entities[entityID]; ok {
+		if pool, ok := cache.Pools[poolID]; ok {
+			return pool, true
+		}
+	}
+	return params.Pool{}, false
+}
+
+func (e *EntityCache) GetEntityScaleSet(entityID string, scaleSetID uint) (params.ScaleSet, bool) {
+	e.mux.Lock()
+	defer e.mux.Unlock()
+
+	if cache, ok := e.entities[entityID]; ok {
+		if scaleSet, ok := cache.ScaleSets[scaleSetID]; ok {
+			return scaleSet, true
+		}
+	}
+	return params.ScaleSet{}, false
+}
+
+func (e *EntityCache) FindPoolsMatchingAllTags(entityID string, tags []string) []params.Pool {
+	e.mux.Lock()
+	defer e.mux.Unlock()
+
+	if cache, ok := e.entities[entityID]; ok {
+		var pools []params.Pool
+		for _, pool := range cache.Pools {
+			if pool.HasRequiredLabels(tags) {
+				pools = append(pools, pool)
+			}
+		}
+		// Sort the pools by creation date.
+		sortByCreationDate(pools)
+		return pools
+	}
+	return nil
+}
+
+func (e *EntityCache) GetEntityPools(entityID string) []params.Pool {
+	e.mux.Lock()
+	defer e.mux.Unlock()
+
+	if cache, ok := e.entities[entityID]; ok {
+		var pools []params.Pool
+		for _, pool := range cache.Pools {
+			pools = append(pools, pool)
+		}
+		// Sort the pools by creation date.
+		sortByCreationDate(pools)
+		return pools
+	}
+	return nil
+}
+
+func (e *EntityCache) GetEntityScaleSets(entityID string) []params.ScaleSet {
+	e.mux.Lock()
+	defer e.mux.Unlock()
+
+	if cache, ok := e.entities[entityID]; ok {
+		var scaleSets []params.ScaleSet
+		for _, scaleSet := range cache.ScaleSets {
+			scaleSets = append(scaleSets, scaleSet)
+		}
+		// Sort the scale sets by creation date.
+		sortByID(scaleSets)
+		return scaleSets
+	}
+	return nil
+}
+
+func (e *EntityCache) GetEntitiesUsingCredentials(creds params.ForgeCredentials) []params.ForgeEntity {
+	e.mux.Lock()
+	defer e.mux.Unlock()
+
+	var entities []params.ForgeEntity
+	for _, cache := range e.entities {
+		if cache.Entity.Credentials.ForgeType != creds.ForgeType {
+			continue
+		}
+
+		if cache.Entity.Credentials.GetID() == creds.GetID() {
+			entities = append(entities, cache.Entity)
+		}
+	}
+	sortByCreationDate(entities)
+	return entities
+}
+
+func (e *EntityCache) GetAllEntities() []params.ForgeEntity {
+	e.mux.Lock()
+	defer e.mux.Unlock()
+
+	var entities []params.ForgeEntity
+	for _, cache := range e.entities {
+		// Get the credentials from the credentials cache.
+		var creds params.ForgeCredentials
+		var ok bool
+		switch cache.Entity.Credentials.ForgeType {
+		case params.GithubEndpointType:
+			creds, ok = GetGithubCredentials(cache.Entity.Credentials.ID)
+		case params.GiteaEndpointType:
+			creds, ok = GetGiteaCredentials(cache.Entity.Credentials.ID)
+		}
+		if ok {
+			cache.Entity.Credentials = creds
+		}
+		entities = append(entities, cache.Entity)
+	}
+	sortByCreationDate(entities)
+	return entities
+}
+
+func (e *EntityCache) GetAllPools() []params.Pool {
+	e.mux.Lock()
+	defer e.mux.Unlock()
+
+	var pools []params.Pool
+	for _, cache := range e.entities {
+		for _, pool := range cache.Pools {
+			pools = append(pools, pool)
+		}
+	}
+	sortByCreationDate(pools)
+	return pools
+}
+
+func (e *EntityCache) GetAllScaleSets() []params.ScaleSet {
+	e.mux.Lock()
+	defer e.mux.Unlock()
+
+	var scaleSets []params.ScaleSet
+	for _, cache := range e.entities {
+		for _, scaleSet := range cache.ScaleSets {
+			scaleSets = append(scaleSets, scaleSet)
+		}
+	}
+	sortByID(scaleSets)
+	return scaleSets
+}
+
+func (e *EntityCache) SetEntityRunnerGroup(entityID, runnerGroupName string, runnerGroupID int64) {
+	e.mux.Lock()
+	defer e.mux.Unlock()
+
+	if _, ok := e.entities[entityID]; ok {
+		e.entities[entityID].RunnerGroups[runnerGroupName] = RunnerGroupEntry{
+			RunnerGroupID: runnerGroupID,
+			time:          time.Now().UTC(),
+		}
+	}
+}
+
+func (e *EntityCache) GetEntityRunnerGroup(entityID, runnerGroupName string) (int64, bool) {
+	e.mux.Lock()
+	defer e.mux.Unlock()
+
+	if _, ok := e.entities[entityID]; ok {
+		if runnerGroup, ok := e.entities[entityID].RunnerGroups[runnerGroupName]; ok {
+			if time.Now().UTC().After(runnerGroup.time.Add(1 * time.Hour)) {
+				delete(e.entities[entityID].RunnerGroups, runnerGroupName)
+				return 0, false
+			}
+			return runnerGroup.RunnerGroupID, true
+		}
+	}
+	return 0, false
+}
+
+func SetEntityRunnerGroup(entityID, runnerGroupName string, runnerGroupID int64) {
+	entityCache.SetEntityRunnerGroup(entityID, runnerGroupName, runnerGroupID)
+}
+
+func GetEntityRunnerGroup(entityID, runnerGroupName string) (int64, bool) {
+	return entityCache.GetEntityRunnerGroup(entityID, runnerGroupName)
+}
+
+func GetEntity(entityID string) (params.ForgeEntity, bool) {
+	return entityCache.GetEntity(entityID)
+}
+
+func SetEntity(entity params.ForgeEntity) {
+	entityCache.SetEntity(entity)
+}
+
+func ReplaceEntityPools(entityID string, pools []params.Pool) {
+	entityCache.ReplaceEntityPools(entityID, pools)
+}
+
+func ReplaceEntityScaleSets(entityID string, scaleSets []params.ScaleSet) {
+	entityCache.ReplaceEntityScaleSets(entityID, scaleSets)
+}
+
+func DeleteEntity(entityID string) {
+	entityCache.DeleteEntity(entityID)
+}
+
+func SetEntityPool(entityID string, pool params.Pool) {
+	entityCache.SetEntityPool(entityID, pool)
+}
+
+func SetEntityScaleSet(entityID string, scaleSet params.ScaleSet) {
+	entityCache.SetEntityScaleSet(entityID, scaleSet)
+}
+
+func DeleteEntityPool(entityID string, poolID string) {
+	entityCache.DeleteEntityPool(entityID, poolID)
+}
+
+func DeleteEntityScaleSet(entityID string, scaleSetID uint) {
+	entityCache.DeleteEntityScaleSet(entityID, scaleSetID)
+}
+
+func GetEntityPool(entityID string, poolID string) (params.Pool, bool) {
+	return entityCache.GetEntityPool(entityID, poolID)
+}
+
+func GetEntityScaleSet(entityID string, scaleSetID uint) (params.ScaleSet, bool) {
+	return entityCache.GetEntityScaleSet(entityID, scaleSetID)
+}
+
+func FindPoolsMatchingAllTags(entityID string, tags []string) []params.Pool {
+	return entityCache.FindPoolsMatchingAllTags(entityID, tags)
+}
+
+func GetEntityPools(entityID string) []params.Pool {
+	return entityCache.GetEntityPools(entityID)
+}
+
+func GetEntityScaleSets(entityID string) []params.ScaleSet {
+	return entityCache.GetEntityScaleSets(entityID)
+}
+
+func UpdateCredentialsInAffectedEntities(creds params.ForgeCredentials) {
+	entityCache.UpdateCredentialsInAffectedEntities(creds)
+}
+
+func GetEntitiesUsingCredentials(creds params.ForgeCredentials) []params.ForgeEntity {
+	return entityCache.GetEntitiesUsingCredentials(creds)
+}
+
+func GetAllEntities() []params.ForgeEntity {
+	return entityCache.GetAllEntities()
+}
+
+func GetAllPools() []params.Pool {
+	return entityCache.GetAllPools()
+}
+
+func GetAllScaleSets() []params.ScaleSet {
+	return entityCache.GetAllScaleSets()
+}

cache/github_client.go

@@ -0,0 +1,60 @@
+// Copyright 2025 Cloudbase Solutions SRL
+//
+//	Licensed under the Apache License, Version 2.0 (the "License"); you may
+//	not use this file except in compliance with the License. You may obtain
+//	a copy of the License at
+//
+//	     http://www.apache.org/licenses/LICENSE-2.0
+//
+//	Unless required by applicable law or agreed to in writing, software
+//	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+//	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+//	License for the specific language governing permissions and limitations
+//	under the License.
+package cache
+
+import (
+	"sync"
+
+	"github.com/cloudbase/garm/runner/common"
+)
+
+var ghClientCache *GithubClientCache
+
+type GithubClientCache struct {
+	mux sync.Mutex
+
+	cache map[string]common.GithubClient
+}
+
+func init() {
+	clientCache := &GithubClientCache{
+		cache: make(map[string]common.GithubClient),
+	}
+	ghClientCache = clientCache
+}
+
+func (g *GithubClientCache) SetClient(entityID string, client common.GithubClient) {
+	g.mux.Lock()
+	defer g.mux.Unlock()
+
+	g.cache[entityID] = client
+}
+
+func (g *GithubClientCache) GetClient(entityID string) (common.GithubClient, bool) {
+	g.mux.Lock()
+	defer g.mux.Unlock()
+
+	if client, ok := g.cache[entityID]; ok {
+		return client, true
+	}
+	return nil, false
+}
+
+func SetGithubClient(entityID string, client common.GithubClient) {
+	ghClientCache.SetClient(entityID, client)
+}
+
+func GetGithubClient(entityID string) (common.GithubClient, bool) {
+	return ghClientCache.GetClient(entityID)
+}

cache/instance_cache.go

@@ -0,0 +1,143 @@
+// Copyright 2025 Cloudbase Solutions SRL
+//
+//	Licensed under the Apache License, Version 2.0 (the "License"); you may
+//	not use this file except in compliance with the License. You may obtain
+//	a copy of the License at
+//
+//	     http://www.apache.org/licenses/LICENSE-2.0
+//
+//	Unless required by applicable law or agreed to in writing, software
+//	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+//	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+//	License for the specific language governing permissions and limitations
+//	under the License.
+package cache
+
+import (
+	"sync"
+
+	"github.com/cloudbase/garm/params"
+)
+
+var instanceCache *InstanceCache
+
+func init() {
+	cache := &InstanceCache{
+		cache: make(map[string]params.Instance),
+	}
+	instanceCache = cache
+}
+
+type InstanceCache struct {
+	mux sync.Mutex
+
+	cache map[string]params.Instance
+}
+
+func (i *InstanceCache) SetInstance(instance params.Instance) {
+	i.mux.Lock()
+	defer i.mux.Unlock()
+
+	i.cache[instance.Name] = instance
+}
+
+func (i *InstanceCache) GetInstance(name string) (params.Instance, bool) {
+	i.mux.Lock()
+	defer i.mux.Unlock()
+
+	if instance, ok := i.cache[name]; ok {
+		return instance, true
+	}
+	return params.Instance{}, false
+}
+
+func (i *InstanceCache) DeleteInstance(name string) {
+	i.mux.Lock()
+	defer i.mux.Unlock()
+
+	delete(i.cache, name)
+}
+
+func (i *InstanceCache) GetAllInstances() []params.Instance {
+	i.mux.Lock()
+	defer i.mux.Unlock()
+
+	instances := make([]params.Instance, 0, len(i.cache))
+	for _, instance := range i.cache {
+		instances = append(instances, instance)
+	}
+	sortByCreationDate(instances)
+	return instances
+}
+
+func (i *InstanceCache) GetInstancesForPool(poolID string) []params.Instance {
+	i.mux.Lock()
+	defer i.mux.Unlock()
+
+	var filteredInstances []params.Instance
+	for _, instance := range i.cache {
+		if instance.PoolID == poolID {
+			filteredInstances = append(filteredInstances, instance)
+		}
+	}
+	sortByCreationDate(filteredInstances)
+	return filteredInstances
+}
+
+func (i *InstanceCache) GetInstancesForScaleSet(scaleSetID uint) []params.Instance {
+	i.mux.Lock()
+	defer i.mux.Unlock()
+
+	var filteredInstances []params.Instance
+	for _, instance := range i.cache {
+		if instance.ScaleSetID == scaleSetID {
+			filteredInstances = append(filteredInstances, instance)
+		}
+	}
+	sortByCreationDate(filteredInstances)
+	return filteredInstances
+}
+
+func (i *InstanceCache) GetEntityInstances(entityID string) []params.Instance {
+	pools := GetEntityPools(entityID)
+	poolsAsMap := map[string]bool{}
+	for _, pool := range pools {
+		poolsAsMap[pool.ID] = true
+	}
+
+	ret := []params.Instance{}
+	for _, val := range i.GetAllInstances() {
+		if _, ok := poolsAsMap[val.PoolID]; ok {
+			ret = append(ret, val)
+		}
+	}
+	return ret
+}
+
+func SetInstanceCache(instance params.Instance) {
+	instanceCache.SetInstance(instance)
+}
+
+func GetInstanceCache(name string) (params.Instance, bool) {
+	return instanceCache.GetInstance(name)
+}
+
+func DeleteInstanceCache(name string) {
+	instanceCache.DeleteInstance(name)
+}
+
+func GetAllInstancesCache() []params.Instance {
+	return instanceCache.GetAllInstances()
+}
+
+func GetInstancesForPool(poolID string) []params.Instance {
+	return instanceCache.GetInstancesForPool(poolID)
+}
+
+func GetInstancesForScaleSet(scaleSetID uint) []params.Instance {
+	return instanceCache.GetInstancesForScaleSet(scaleSetID)
+}
+
+func GetEntityInstances(entityID string) []params.Instance {
+	return instanceCache.GetEntityInstances(entityID)
+}

cache/tools_cache.go

@@ -0,0 +1,116 @@
+// Copyright 2025 Cloudbase Solutions SRL
+//
+//	Licensed under the Apache License, Version 2.0 (the "License"); you may
+//	not use this file except in compliance with the License. You may obtain
+//	a copy of the License at
+//
+//	     http://www.apache.org/licenses/LICENSE-2.0
+//
+//	Unless required by applicable law or agreed to in writing, software
+//	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+//	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+//	License for the specific language governing permissions and limitations
+//	under the License.
+package cache
+
+import (
+	"fmt"
+	"sync"
+	"time"
+
+	commonParams "github.com/cloudbase/garm-provider-common/params"
+	"github.com/cloudbase/garm/params"
+)
+
+var githubToolsCache *GithubToolsCache
+
+func init() {
+	ghToolsCache := &GithubToolsCache{
+		entities: make(map[string]GithubEntityTools),
+	}
+	githubToolsCache = ghToolsCache
+}
+
+type GithubEntityTools struct {
+	updatedAt time.Time
+	expiresAt time.Time
+	err       error
+	entity    params.ForgeEntity
+	tools     []commonParams.RunnerApplicationDownload
+}
+
+type GithubToolsCache struct {
+	mux sync.Mutex
+	// entity IDs are UUID4s. It is highly unlikely they will collide (🤞).
+	entities map[string]GithubEntityTools
+}
+
+func (g *GithubToolsCache) Get(entityID string) ([]commonParams.RunnerApplicationDownload, error) {
+	g.mux.Lock()
+	defer g.mux.Unlock()
+
+	if cache, ok := g.entities[entityID]; ok {
+		if cache.entity.Credentials.ForgeType == params.GithubEndpointType {
+			if time.Now().UTC().After(cache.expiresAt.Add(-5 * time.Minute)) {
+				// Stale cache, remove it.
+				delete(g.entities, entityID)
+				return nil, fmt.Errorf("cache expired for entity %s", entityID)
+			}
+		}
+		if cache.err != nil {
+			return nil, cache.err
+		}
+		return cache.tools, nil
+	}
+	return nil, fmt.Errorf("no cache found for entity %s", entityID)
+}
+
+func (g *GithubToolsCache) Set(entity params.ForgeEntity, tools []commonParams.RunnerApplicationDownload) {
+	g.mux.Lock()
+	defer g.mux.Unlock()
+
+	forgeTools := GithubEntityTools{
+		updatedAt: time.Now(),
+		entity:    entity,
+		tools:     tools,
+		err:       nil,
+	}
+
+	if entity.Credentials.ForgeType == params.GithubEndpointType {
+		forgeTools.expiresAt = time.Now().Add(1 * time.Hour)
+	}
+
+	g.entities[entity.ID] = forgeTools
+}
+
+func (g *GithubToolsCache) SetToolsError(entity params.ForgeEntity, err error) {
+	g.mux.Lock()
+	defer g.mux.Unlock()
+
+	// If the entity is not in the cache, add it with the error.
+	cache, ok := g.entities[entity.ID]
+	if !ok {
+		g.entities[entity.ID] = GithubEntityTools{
+			updatedAt: time.Now(),
+			entity:    entity,
+			err:       err,
+		}
+		return
+	}
+
+	// Update the error for the existing entity.
+	cache.err = err
+	g.entities[entity.ID] = cache
+}
+
+func SetGithubToolsCache(entity params.ForgeEntity, tools []commonParams.RunnerApplicationDownload) {
+	githubToolsCache.Set(entity, tools)
+}
+
+func GetGithubToolsCache(entityID string) ([]commonParams.RunnerApplicationDownload, error) {
+	return githubToolsCache.Get(entityID)
+}
+
+func SetGithubToolsCacheError(entity params.ForgeEntity, err error) {
+	githubToolsCache.SetToolsError(entity, err)
+}

cache/util.go

@@ -0,0 +1,32 @@
+// Copyright 2025 Cloudbase Solutions SRL
+//
+//	Licensed under the Apache License, Version 2.0 (the "License"); you may
+//	not use this file except in compliance with the License. You may obtain
+//	a copy of the License at
+//
+//	     http://www.apache.org/licenses/LICENSE-2.0
+//
+//	Unless required by applicable law or agreed to in writing, software
+//	distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+//	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+//	License for the specific language governing permissions and limitations
+//	under the License.
+package cache
+
+import (
+	"sort"
+
+	"github.com/cloudbase/garm/params"
+)
+
+func sortByID[T params.IDGetter](s []T) {
+	sort.Slice(s, func(i, j int) bool {
+		return s[i].GetID() < s[j].GetID()
+	})
+}
+
+func sortByCreationDate[T params.CreationDateGetter](s []T) {
+	sort.Slice(s, func(i, j int) bool {
+		return s[i].GetCreatedAt().Before(s[j].GetCreatedAt())
+	})
+}

client/controller/controller_client.go

@@ -0,0 +1,106 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package controller
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"fmt"
+
+	"github.com/go-openapi/runtime"
+	httptransport "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+)
+
+// New creates a new controller API client.
+func New(transport runtime.ClientTransport, formats strfmt.Registry) ClientService {
+	return &Client{transport: transport, formats: formats}
+}
+
+// New creates a new controller API client with basic auth credentials.
+// It takes the following parameters:
+// - host: http host (github.com).
+// - basePath: any base path for the API client ("/v1", "/v3").
+// - scheme: http scheme ("http", "https").
+// - user: user for basic authentication header.
+// - password: password for basic authentication header.
+func NewClientWithBasicAuth(host, basePath, scheme, user, password string) ClientService {
+	transport := httptransport.New(host, basePath, []string{scheme})
+	transport.DefaultAuthentication = httptransport.BasicAuth(user, password)
+	return &Client{transport: transport, formats: strfmt.Default}
+}
+
+// New creates a new controller API client with a bearer token for authentication.
+// It takes the following parameters:
+// - host: http host (github.com).
+// - basePath: any base path for the API client ("/v1", "/v3").
+// - scheme: http scheme ("http", "https").
+// - bearerToken: bearer token for Bearer authentication header.
+func NewClientWithBearerToken(host, basePath, scheme, bearerToken string) ClientService {
+	transport := httptransport.New(host, basePath, []string{scheme})
+	transport.DefaultAuthentication = httptransport.BearerToken(bearerToken)
+	return &Client{transport: transport, formats: strfmt.Default}
+}
+
+/*
+Client for controller API
+*/
+type Client struct {
+	transport runtime.ClientTransport
+	formats   strfmt.Registry
+}
+
+// ClientOption may be used to customize the behavior of Client methods.
+type ClientOption func(*runtime.ClientOperation)
+
+// ClientService is the interface for Client methods
+type ClientService interface {
+	UpdateController(params *UpdateControllerParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateControllerOK, error)
+
+	SetTransport(transport runtime.ClientTransport)
+}
+
+/*
+UpdateController updates controller
+*/
+func (a *Client) UpdateController(params *UpdateControllerParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateControllerOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewUpdateControllerParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "UpdateController",
+		Method:             "PUT",
+		PathPattern:        "/controller",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &UpdateControllerReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*UpdateControllerOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
+	msg := fmt.Sprintf("unexpected success response for UpdateController: API contract not enforced by server. Client expected to get an error, but got: %T", result)
+	panic(msg)
+}
+
+// SetTransport changes the transport on the client
+func (a *Client) SetTransport(transport runtime.ClientTransport) {
+	a.transport = transport
+}

client/controller/update_controller_parameters.go

@@ -0,0 +1,151 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package controller
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// NewUpdateControllerParams creates a new UpdateControllerParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewUpdateControllerParams() *UpdateControllerParams {
+	return &UpdateControllerParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewUpdateControllerParamsWithTimeout creates a new UpdateControllerParams object
+// with the ability to set a timeout on a request.
+func NewUpdateControllerParamsWithTimeout(timeout time.Duration) *UpdateControllerParams {
+	return &UpdateControllerParams{
+		timeout: timeout,
+	}
+}
+
+// NewUpdateControllerParamsWithContext creates a new UpdateControllerParams object
+// with the ability to set a context for a request.
+func NewUpdateControllerParamsWithContext(ctx context.Context) *UpdateControllerParams {
+	return &UpdateControllerParams{
+		Context: ctx,
+	}
+}
+
+// NewUpdateControllerParamsWithHTTPClient creates a new UpdateControllerParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewUpdateControllerParamsWithHTTPClient(client *http.Client) *UpdateControllerParams {
+	return &UpdateControllerParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+UpdateControllerParams contains all the parameters to send to the API endpoint
+
+	for the update controller operation.
+
+	Typically these are written to a http.Request.
+*/
+type UpdateControllerParams struct {
+
+	/* Body.
+
+	   Parameters used when updating the controller.
+	*/
+	Body garm_params.UpdateControllerParams
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the update controller params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *UpdateControllerParams) WithDefaults() *UpdateControllerParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the update controller params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *UpdateControllerParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the update controller params
+func (o *UpdateControllerParams) WithTimeout(timeout time.Duration) *UpdateControllerParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the update controller params
+func (o *UpdateControllerParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the update controller params
+func (o *UpdateControllerParams) WithContext(ctx context.Context) *UpdateControllerParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the update controller params
+func (o *UpdateControllerParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the update controller params
+func (o *UpdateControllerParams) WithHTTPClient(client *http.Client) *UpdateControllerParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the update controller params
+func (o *UpdateControllerParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithBody adds the body to the update controller params
+func (o *UpdateControllerParams) WithBody(body garm_params.UpdateControllerParams) *UpdateControllerParams {
+	o.SetBody(body)
+	return o
+}
+
+// SetBody adds the body to the update controller params
+func (o *UpdateControllerParams) SetBody(body garm_params.UpdateControllerParams) {
+	o.Body = body
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *UpdateControllerParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+	if err := r.SetBodyParam(o.Body); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

client/controller/update_controller_responses.go

@@ -0,0 +1,179 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package controller
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+
+	apiserver_params "github.com/cloudbase/garm/apiserver/params"
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// UpdateControllerReader is a Reader for the UpdateController structure.
+type UpdateControllerReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *UpdateControllerReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewUpdateControllerOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	case 400:
+		result := NewUpdateControllerBadRequest()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	default:
+		return nil, runtime.NewAPIError("[PUT /controller] UpdateController", response, response.Code())
+	}
+}
+
+// NewUpdateControllerOK creates a UpdateControllerOK with default headers values
+func NewUpdateControllerOK() *UpdateControllerOK {
+	return &UpdateControllerOK{}
+}
+
+/*
+UpdateControllerOK describes a response with status code 200, with default header values.
+
+ControllerInfo
+*/
+type UpdateControllerOK struct {
+	Payload garm_params.ControllerInfo
+}
+
+// IsSuccess returns true when this update controller o k response has a 2xx status code
+func (o *UpdateControllerOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this update controller o k response has a 3xx status code
+func (o *UpdateControllerOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this update controller o k response has a 4xx status code
+func (o *UpdateControllerOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this update controller o k response has a 5xx status code
+func (o *UpdateControllerOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this update controller o k response a status code equal to that given
+func (o *UpdateControllerOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the update controller o k response
+func (o *UpdateControllerOK) Code() int {
+	return 200
+}
+
+func (o *UpdateControllerOK) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[PUT /controller][%d] updateControllerOK %s", 200, payload)
+}
+
+func (o *UpdateControllerOK) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[PUT /controller][%d] updateControllerOK %s", 200, payload)
+}
+
+func (o *UpdateControllerOK) GetPayload() garm_params.ControllerInfo {
+	return o.Payload
+}
+
+func (o *UpdateControllerOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewUpdateControllerBadRequest creates a UpdateControllerBadRequest with default headers values
+func NewUpdateControllerBadRequest() *UpdateControllerBadRequest {
+	return &UpdateControllerBadRequest{}
+}
+
+/*
+UpdateControllerBadRequest describes a response with status code 400, with default header values.
+
+APIErrorResponse
+*/
+type UpdateControllerBadRequest struct {
+	Payload apiserver_params.APIErrorResponse
+}
+
+// IsSuccess returns true when this update controller bad request response has a 2xx status code
+func (o *UpdateControllerBadRequest) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this update controller bad request response has a 3xx status code
+func (o *UpdateControllerBadRequest) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this update controller bad request response has a 4xx status code
+func (o *UpdateControllerBadRequest) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this update controller bad request response has a 5xx status code
+func (o *UpdateControllerBadRequest) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this update controller bad request response a status code equal to that given
+func (o *UpdateControllerBadRequest) IsCode(code int) bool {
+	return code == 400
+}
+
+// Code gets the status code for the update controller bad request response
+func (o *UpdateControllerBadRequest) Code() int {
+	return 400
+}
+
+func (o *UpdateControllerBadRequest) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[PUT /controller][%d] updateControllerBadRequest %s", 400, payload)
+}
+
+func (o *UpdateControllerBadRequest) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[PUT /controller][%d] updateControllerBadRequest %s", 400, payload)
+}
+
+func (o *UpdateControllerBadRequest) GetPayload() apiserver_params.APIErrorResponse {
+	return o.Payload
+}
+
+func (o *UpdateControllerBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}

client/controller_info/controller_info_client.go

@@ -9,6 +9,7 @@ import (
 	"fmt"
 
 	"github.com/go-openapi/runtime"
+	httptransport "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 )
 
@@ -17,6 +18,31 @@ func New(transport runtime.ClientTransport, formats strfmt.Registry) ClientServi
 	return &Client{transport: transport, formats: formats}
 }
 
+// New creates a new controller info API client with basic auth credentials.
+// It takes the following parameters:
+// - host: http host (github.com).
+// - basePath: any base path for the API client ("/v1", "/v3").
+// - scheme: http scheme ("http", "https").
+// - user: user for basic authentication header.
+// - password: password for basic authentication header.
+func NewClientWithBasicAuth(host, basePath, scheme, user, password string) ClientService {
+	transport := httptransport.New(host, basePath, []string{scheme})
+	transport.DefaultAuthentication = httptransport.BasicAuth(user, password)
+	return &Client{transport: transport, formats: strfmt.Default}
+}
+
+// New creates a new controller info API client with a bearer token for authentication.
+// It takes the following parameters:
+// - host: http host (github.com).
+// - basePath: any base path for the API client ("/v1", "/v3").
+// - scheme: http scheme ("http", "https").
+// - bearerToken: bearer token for Bearer authentication header.
+func NewClientWithBearerToken(host, basePath, scheme, bearerToken string) ClientService {
+	transport := httptransport.New(host, basePath, []string{scheme})
+	transport.DefaultAuthentication = httptransport.BearerToken(bearerToken)
+	return &Client{transport: transport, formats: strfmt.Default}
+}
+
 /*
 Client for controller info API
 */
@@ -25,7 +51,7 @@ type Client struct {
 	formats   strfmt.Registry
 }
 
-// ClientOption is the option for Client methods
+// ClientOption may be used to customize the behavior of Client methods.
 type ClientOption func(*runtime.ClientOperation)
 
 // ClientService is the interface for Client methods

client/controller_info/controller_info_responses.go

@@ -6,6 +6,7 @@ package controller_info
 // Editing this file might prove futile when you re-run the swagger generate command
 
 import (
+	"encoding/json"
 	"fmt"
 	"io"
 
@@ -86,11 +87,13 @@ func (o *ControllerInfoOK) Code() int {
 }
 
 func (o *ControllerInfoOK) Error() string {
-	return fmt.Sprintf("[GET /controller-info][%d] controllerInfoOK  %+v", 200, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /controller-info][%d] controllerInfoOK %s", 200, payload)
 }
 
 func (o *ControllerInfoOK) String() string {
-	return fmt.Sprintf("[GET /controller-info][%d] controllerInfoOK  %+v", 200, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /controller-info][%d] controllerInfoOK %s", 200, payload)
 }
 
 func (o *ControllerInfoOK) GetPayload() garm_params.ControllerInfo {
@@ -152,11 +155,13 @@ func (o *ControllerInfoConflict) Code() int {
 }
 
 func (o *ControllerInfoConflict) Error() string {
-	return fmt.Sprintf("[GET /controller-info][%d] controllerInfoConflict  %+v", 409, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /controller-info][%d] controllerInfoConflict %s", 409, payload)
 }
 
 func (o *ControllerInfoConflict) String() string {
-	return fmt.Sprintf("[GET /controller-info][%d] controllerInfoConflict  %+v", 409, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /controller-info][%d] controllerInfoConflict %s", 409, payload)
 }
 
 func (o *ControllerInfoConflict) GetPayload() apiserver_params.APIErrorResponse {

client/credentials/create_credentials_parameters.go

@@ -0,0 +1,151 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package credentials
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// NewCreateCredentialsParams creates a new CreateCredentialsParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewCreateCredentialsParams() *CreateCredentialsParams {
+	return &CreateCredentialsParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewCreateCredentialsParamsWithTimeout creates a new CreateCredentialsParams object
+// with the ability to set a timeout on a request.
+func NewCreateCredentialsParamsWithTimeout(timeout time.Duration) *CreateCredentialsParams {
+	return &CreateCredentialsParams{
+		timeout: timeout,
+	}
+}
+
+// NewCreateCredentialsParamsWithContext creates a new CreateCredentialsParams object
+// with the ability to set a context for a request.
+func NewCreateCredentialsParamsWithContext(ctx context.Context) *CreateCredentialsParams {
+	return &CreateCredentialsParams{
+		Context: ctx,
+	}
+}
+
+// NewCreateCredentialsParamsWithHTTPClient creates a new CreateCredentialsParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewCreateCredentialsParamsWithHTTPClient(client *http.Client) *CreateCredentialsParams {
+	return &CreateCredentialsParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+CreateCredentialsParams contains all the parameters to send to the API endpoint
+
+	for the create credentials operation.
+
+	Typically these are written to a http.Request.
+*/
+type CreateCredentialsParams struct {
+
+	/* Body.
+
+	   Parameters used when creating a GitHub credential.
+	*/
+	Body garm_params.CreateGithubCredentialsParams
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the create credentials params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *CreateCredentialsParams) WithDefaults() *CreateCredentialsParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the create credentials params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *CreateCredentialsParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the create credentials params
+func (o *CreateCredentialsParams) WithTimeout(timeout time.Duration) *CreateCredentialsParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the create credentials params
+func (o *CreateCredentialsParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the create credentials params
+func (o *CreateCredentialsParams) WithContext(ctx context.Context) *CreateCredentialsParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the create credentials params
+func (o *CreateCredentialsParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the create credentials params
+func (o *CreateCredentialsParams) WithHTTPClient(client *http.Client) *CreateCredentialsParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the create credentials params
+func (o *CreateCredentialsParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithBody adds the body to the create credentials params
+func (o *CreateCredentialsParams) WithBody(body garm_params.CreateGithubCredentialsParams) *CreateCredentialsParams {
+	o.SetBody(body)
+	return o
+}
+
+// SetBody adds the body to the create credentials params
+func (o *CreateCredentialsParams) SetBody(body garm_params.CreateGithubCredentialsParams) {
+	o.Body = body
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *CreateCredentialsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+	if err := r.SetBodyParam(o.Body); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

client/credentials/create_credentials_responses.go

@@ -0,0 +1,179 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package credentials
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+
+	apiserver_params "github.com/cloudbase/garm/apiserver/params"
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// CreateCredentialsReader is a Reader for the CreateCredentials structure.
+type CreateCredentialsReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *CreateCredentialsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewCreateCredentialsOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	case 400:
+		result := NewCreateCredentialsBadRequest()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	default:
+		return nil, runtime.NewAPIError("[POST /github/credentials] CreateCredentials", response, response.Code())
+	}
+}
+
+// NewCreateCredentialsOK creates a CreateCredentialsOK with default headers values
+func NewCreateCredentialsOK() *CreateCredentialsOK {
+	return &CreateCredentialsOK{}
+}
+
+/*
+CreateCredentialsOK describes a response with status code 200, with default header values.
+
+ForgeCredentials
+*/
+type CreateCredentialsOK struct {
+	Payload garm_params.ForgeCredentials
+}
+
+// IsSuccess returns true when this create credentials o k response has a 2xx status code
+func (o *CreateCredentialsOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this create credentials o k response has a 3xx status code
+func (o *CreateCredentialsOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this create credentials o k response has a 4xx status code
+func (o *CreateCredentialsOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this create credentials o k response has a 5xx status code
+func (o *CreateCredentialsOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this create credentials o k response a status code equal to that given
+func (o *CreateCredentialsOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the create credentials o k response
+func (o *CreateCredentialsOK) Code() int {
+	return 200
+}
+
+func (o *CreateCredentialsOK) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /github/credentials][%d] createCredentialsOK %s", 200, payload)
+}
+
+func (o *CreateCredentialsOK) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /github/credentials][%d] createCredentialsOK %s", 200, payload)
+}
+
+func (o *CreateCredentialsOK) GetPayload() garm_params.ForgeCredentials {
+	return o.Payload
+}
+
+func (o *CreateCredentialsOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewCreateCredentialsBadRequest creates a CreateCredentialsBadRequest with default headers values
+func NewCreateCredentialsBadRequest() *CreateCredentialsBadRequest {
+	return &CreateCredentialsBadRequest{}
+}
+
+/*
+CreateCredentialsBadRequest describes a response with status code 400, with default header values.
+
+APIErrorResponse
+*/
+type CreateCredentialsBadRequest struct {
+	Payload apiserver_params.APIErrorResponse
+}
+
+// IsSuccess returns true when this create credentials bad request response has a 2xx status code
+func (o *CreateCredentialsBadRequest) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this create credentials bad request response has a 3xx status code
+func (o *CreateCredentialsBadRequest) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this create credentials bad request response has a 4xx status code
+func (o *CreateCredentialsBadRequest) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this create credentials bad request response has a 5xx status code
+func (o *CreateCredentialsBadRequest) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this create credentials bad request response a status code equal to that given
+func (o *CreateCredentialsBadRequest) IsCode(code int) bool {
+	return code == 400
+}
+
+// Code gets the status code for the create credentials bad request response
+func (o *CreateCredentialsBadRequest) Code() int {
+	return 400
+}
+
+func (o *CreateCredentialsBadRequest) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /github/credentials][%d] createCredentialsBadRequest %s", 400, payload)
+}
+
+func (o *CreateCredentialsBadRequest) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /github/credentials][%d] createCredentialsBadRequest %s", 400, payload)
+}
+
+func (o *CreateCredentialsBadRequest) GetPayload() apiserver_params.APIErrorResponse {
+	return o.Payload
+}
+
+func (o *CreateCredentialsBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}

client/credentials/create_gitea_credentials_parameters.go

@@ -0,0 +1,151 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package credentials
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// NewCreateGiteaCredentialsParams creates a new CreateGiteaCredentialsParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewCreateGiteaCredentialsParams() *CreateGiteaCredentialsParams {
+	return &CreateGiteaCredentialsParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewCreateGiteaCredentialsParamsWithTimeout creates a new CreateGiteaCredentialsParams object
+// with the ability to set a timeout on a request.
+func NewCreateGiteaCredentialsParamsWithTimeout(timeout time.Duration) *CreateGiteaCredentialsParams {
+	return &CreateGiteaCredentialsParams{
+		timeout: timeout,
+	}
+}
+
+// NewCreateGiteaCredentialsParamsWithContext creates a new CreateGiteaCredentialsParams object
+// with the ability to set a context for a request.
+func NewCreateGiteaCredentialsParamsWithContext(ctx context.Context) *CreateGiteaCredentialsParams {
+	return &CreateGiteaCredentialsParams{
+		Context: ctx,
+	}
+}
+
+// NewCreateGiteaCredentialsParamsWithHTTPClient creates a new CreateGiteaCredentialsParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewCreateGiteaCredentialsParamsWithHTTPClient(client *http.Client) *CreateGiteaCredentialsParams {
+	return &CreateGiteaCredentialsParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+CreateGiteaCredentialsParams contains all the parameters to send to the API endpoint
+
+	for the create gitea credentials operation.
+
+	Typically these are written to a http.Request.
+*/
+type CreateGiteaCredentialsParams struct {
+
+	/* Body.
+
+	   Parameters used when creating a Gitea credential.
+	*/
+	Body garm_params.CreateGiteaCredentialsParams
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the create gitea credentials params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *CreateGiteaCredentialsParams) WithDefaults() *CreateGiteaCredentialsParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the create gitea credentials params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *CreateGiteaCredentialsParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the create gitea credentials params
+func (o *CreateGiteaCredentialsParams) WithTimeout(timeout time.Duration) *CreateGiteaCredentialsParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the create gitea credentials params
+func (o *CreateGiteaCredentialsParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the create gitea credentials params
+func (o *CreateGiteaCredentialsParams) WithContext(ctx context.Context) *CreateGiteaCredentialsParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the create gitea credentials params
+func (o *CreateGiteaCredentialsParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the create gitea credentials params
+func (o *CreateGiteaCredentialsParams) WithHTTPClient(client *http.Client) *CreateGiteaCredentialsParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the create gitea credentials params
+func (o *CreateGiteaCredentialsParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithBody adds the body to the create gitea credentials params
+func (o *CreateGiteaCredentialsParams) WithBody(body garm_params.CreateGiteaCredentialsParams) *CreateGiteaCredentialsParams {
+	o.SetBody(body)
+	return o
+}
+
+// SetBody adds the body to the create gitea credentials params
+func (o *CreateGiteaCredentialsParams) SetBody(body garm_params.CreateGiteaCredentialsParams) {
+	o.Body = body
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *CreateGiteaCredentialsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+	if err := r.SetBodyParam(o.Body); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

client/credentials/create_gitea_credentials_responses.go

@@ -0,0 +1,179 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package credentials
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+
+	apiserver_params "github.com/cloudbase/garm/apiserver/params"
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// CreateGiteaCredentialsReader is a Reader for the CreateGiteaCredentials structure.
+type CreateGiteaCredentialsReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *CreateGiteaCredentialsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewCreateGiteaCredentialsOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	case 400:
+		result := NewCreateGiteaCredentialsBadRequest()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	default:
+		return nil, runtime.NewAPIError("[POST /gitea/credentials] CreateGiteaCredentials", response, response.Code())
+	}
+}
+
+// NewCreateGiteaCredentialsOK creates a CreateGiteaCredentialsOK with default headers values
+func NewCreateGiteaCredentialsOK() *CreateGiteaCredentialsOK {
+	return &CreateGiteaCredentialsOK{}
+}
+
+/*
+CreateGiteaCredentialsOK describes a response with status code 200, with default header values.
+
+ForgeCredentials
+*/
+type CreateGiteaCredentialsOK struct {
+	Payload garm_params.ForgeCredentials
+}
+
+// IsSuccess returns true when this create gitea credentials o k response has a 2xx status code
+func (o *CreateGiteaCredentialsOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this create gitea credentials o k response has a 3xx status code
+func (o *CreateGiteaCredentialsOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this create gitea credentials o k response has a 4xx status code
+func (o *CreateGiteaCredentialsOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this create gitea credentials o k response has a 5xx status code
+func (o *CreateGiteaCredentialsOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this create gitea credentials o k response a status code equal to that given
+func (o *CreateGiteaCredentialsOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the create gitea credentials o k response
+func (o *CreateGiteaCredentialsOK) Code() int {
+	return 200
+}
+
+func (o *CreateGiteaCredentialsOK) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /gitea/credentials][%d] createGiteaCredentialsOK %s", 200, payload)
+}
+
+func (o *CreateGiteaCredentialsOK) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /gitea/credentials][%d] createGiteaCredentialsOK %s", 200, payload)
+}
+
+func (o *CreateGiteaCredentialsOK) GetPayload() garm_params.ForgeCredentials {
+	return o.Payload
+}
+
+func (o *CreateGiteaCredentialsOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewCreateGiteaCredentialsBadRequest creates a CreateGiteaCredentialsBadRequest with default headers values
+func NewCreateGiteaCredentialsBadRequest() *CreateGiteaCredentialsBadRequest {
+	return &CreateGiteaCredentialsBadRequest{}
+}
+
+/*
+CreateGiteaCredentialsBadRequest describes a response with status code 400, with default header values.
+
+APIErrorResponse
+*/
+type CreateGiteaCredentialsBadRequest struct {
+	Payload apiserver_params.APIErrorResponse
+}
+
+// IsSuccess returns true when this create gitea credentials bad request response has a 2xx status code
+func (o *CreateGiteaCredentialsBadRequest) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this create gitea credentials bad request response has a 3xx status code
+func (o *CreateGiteaCredentialsBadRequest) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this create gitea credentials bad request response has a 4xx status code
+func (o *CreateGiteaCredentialsBadRequest) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this create gitea credentials bad request response has a 5xx status code
+func (o *CreateGiteaCredentialsBadRequest) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this create gitea credentials bad request response a status code equal to that given
+func (o *CreateGiteaCredentialsBadRequest) IsCode(code int) bool {
+	return code == 400
+}
+
+// Code gets the status code for the create gitea credentials bad request response
+func (o *CreateGiteaCredentialsBadRequest) Code() int {
+	return 400
+}
+
+func (o *CreateGiteaCredentialsBadRequest) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /gitea/credentials][%d] createGiteaCredentialsBadRequest %s", 400, payload)
+}
+
+func (o *CreateGiteaCredentialsBadRequest) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /gitea/credentials][%d] createGiteaCredentialsBadRequest %s", 400, payload)
+}
+
+func (o *CreateGiteaCredentialsBadRequest) GetPayload() apiserver_params.APIErrorResponse {
+	return o.Payload
+}
+
+func (o *CreateGiteaCredentialsBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}

client/credentials/credentials_client.go

@@ -9,6 +9,7 @@ import (
 	"fmt"
 
 	"github.com/go-openapi/runtime"
+	httptransport "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 )
 
@@ -17,6 +18,31 @@ func New(transport runtime.ClientTransport, formats strfmt.Registry) ClientServi
 	return &Client{transport: transport, formats: formats}
 }
 
+// New creates a new credentials API client with basic auth credentials.
+// It takes the following parameters:
+// - host: http host (github.com).
+// - basePath: any base path for the API client ("/v1", "/v3").
+// - scheme: http scheme ("http", "https").
+// - user: user for basic authentication header.
+// - password: password for basic authentication header.
+func NewClientWithBasicAuth(host, basePath, scheme, user, password string) ClientService {
+	transport := httptransport.New(host, basePath, []string{scheme})
+	transport.DefaultAuthentication = httptransport.BasicAuth(user, password)
+	return &Client{transport: transport, formats: strfmt.Default}
+}
+
+// New creates a new credentials API client with a bearer token for authentication.
+// It takes the following parameters:
+// - host: http host (github.com).
+// - basePath: any base path for the API client ("/v1", "/v3").
+// - scheme: http scheme ("http", "https").
+// - bearerToken: bearer token for Bearer authentication header.
+func NewClientWithBearerToken(host, basePath, scheme, bearerToken string) ClientService {
+	transport := httptransport.New(host, basePath, []string{scheme})
+	transport.DefaultAuthentication = httptransport.BearerToken(bearerToken)
+	return &Client{transport: transport, formats: strfmt.Default}
+}
+
 /*
 Client for credentials API
 */
@@ -25,16 +51,254 @@ type Client struct {
 	formats   strfmt.Registry
 }
 
-// ClientOption is the option for Client methods
+// ClientOption may be used to customize the behavior of Client methods.
 type ClientOption func(*runtime.ClientOperation)
 
 // ClientService is the interface for Client methods
 type ClientService interface {
+	CreateCredentials(params *CreateCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateCredentialsOK, error)
+
+	CreateGiteaCredentials(params *CreateGiteaCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateGiteaCredentialsOK, error)
+
+	DeleteCredentials(params *DeleteCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) error
+
+	DeleteGiteaCredentials(params *DeleteGiteaCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) error
+
+	GetCredentials(params *GetCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*GetCredentialsOK, error)
+
+	GetGiteaCredentials(params *GetGiteaCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*GetGiteaCredentialsOK, error)
+
 	ListCredentials(params *ListCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListCredentialsOK, error)
 
+	ListGiteaCredentials(params *ListGiteaCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListGiteaCredentialsOK, error)
+
+	UpdateCredentials(params *UpdateCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateCredentialsOK, error)
+
+	UpdateGiteaCredentials(params *UpdateGiteaCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateGiteaCredentialsOK, error)
+
 	SetTransport(transport runtime.ClientTransport)
 }
 
+/*
+CreateCredentials creates a git hub credential
+*/
+func (a *Client) CreateCredentials(params *CreateCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateCredentialsOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewCreateCredentialsParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "CreateCredentials",
+		Method:             "POST",
+		PathPattern:        "/github/credentials",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &CreateCredentialsReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*CreateCredentialsOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
+	msg := fmt.Sprintf("unexpected success response for CreateCredentials: API contract not enforced by server. Client expected to get an error, but got: %T", result)
+	panic(msg)
+}
+
+/*
+CreateGiteaCredentials creates a gitea credential
+*/
+func (a *Client) CreateGiteaCredentials(params *CreateGiteaCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateGiteaCredentialsOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewCreateGiteaCredentialsParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "CreateGiteaCredentials",
+		Method:             "POST",
+		PathPattern:        "/gitea/credentials",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &CreateGiteaCredentialsReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*CreateGiteaCredentialsOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
+	msg := fmt.Sprintf("unexpected success response for CreateGiteaCredentials: API contract not enforced by server. Client expected to get an error, but got: %T", result)
+	panic(msg)
+}
+
+/*
+DeleteCredentials deletes a git hub credential
+*/
+func (a *Client) DeleteCredentials(params *DeleteCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) error {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewDeleteCredentialsParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "DeleteCredentials",
+		Method:             "DELETE",
+		PathPattern:        "/github/credentials/{id}",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &DeleteCredentialsReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	_, err := a.transport.Submit(op)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+/*
+DeleteGiteaCredentials deletes a gitea credential
+*/
+func (a *Client) DeleteGiteaCredentials(params *DeleteGiteaCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) error {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewDeleteGiteaCredentialsParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "DeleteGiteaCredentials",
+		Method:             "DELETE",
+		PathPattern:        "/gitea/credentials/{id}",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &DeleteGiteaCredentialsReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	_, err := a.transport.Submit(op)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+/*
+GetCredentials gets a git hub credential
+*/
+func (a *Client) GetCredentials(params *GetCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*GetCredentialsOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewGetCredentialsParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "GetCredentials",
+		Method:             "GET",
+		PathPattern:        "/github/credentials/{id}",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &GetCredentialsReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*GetCredentialsOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
+	msg := fmt.Sprintf("unexpected success response for GetCredentials: API contract not enforced by server. Client expected to get an error, but got: %T", result)
+	panic(msg)
+}
+
+/*
+GetGiteaCredentials gets a gitea credential
+*/
+func (a *Client) GetGiteaCredentials(params *GetGiteaCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*GetGiteaCredentialsOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewGetGiteaCredentialsParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "GetGiteaCredentials",
+		Method:             "GET",
+		PathPattern:        "/gitea/credentials/{id}",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &GetGiteaCredentialsReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*GetGiteaCredentialsOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
+	msg := fmt.Sprintf("unexpected success response for GetGiteaCredentials: API contract not enforced by server. Client expected to get an error, but got: %T", result)
+	panic(msg)
+}
+
 /*
 ListCredentials lists all credentials
 */
@@ -46,7 +310,7 @@ func (a *Client) ListCredentials(params *ListCredentialsParams, authInfo runtime
 	op := &runtime.ClientOperation{
 		ID:                 "ListCredentials",
 		Method:             "GET",
-		PathPattern:        "/credentials",
+		PathPattern:        "/github/credentials",
 		ProducesMediaTypes: []string{"application/json"},
 		ConsumesMediaTypes: []string{"application/json"},
 		Schemes:            []string{"http"},
@@ -74,6 +338,123 @@ func (a *Client) ListCredentials(params *ListCredentialsParams, authInfo runtime
 	panic(msg)
 }
 
+/*
+ListGiteaCredentials lists all credentials
+*/
+func (a *Client) ListGiteaCredentials(params *ListGiteaCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListGiteaCredentialsOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewListGiteaCredentialsParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "ListGiteaCredentials",
+		Method:             "GET",
+		PathPattern:        "/gitea/credentials",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &ListGiteaCredentialsReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*ListGiteaCredentialsOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
+	msg := fmt.Sprintf("unexpected success response for ListGiteaCredentials: API contract not enforced by server. Client expected to get an error, but got: %T", result)
+	panic(msg)
+}
+
+/*
+UpdateCredentials updates a git hub credential
+*/
+func (a *Client) UpdateCredentials(params *UpdateCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateCredentialsOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewUpdateCredentialsParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "UpdateCredentials",
+		Method:             "PUT",
+		PathPattern:        "/github/credentials/{id}",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &UpdateCredentialsReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*UpdateCredentialsOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
+	msg := fmt.Sprintf("unexpected success response for UpdateCredentials: API contract not enforced by server. Client expected to get an error, but got: %T", result)
+	panic(msg)
+}
+
+/*
+UpdateGiteaCredentials updates a gitea credential
+*/
+func (a *Client) UpdateGiteaCredentials(params *UpdateGiteaCredentialsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateGiteaCredentialsOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewUpdateGiteaCredentialsParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "UpdateGiteaCredentials",
+		Method:             "PUT",
+		PathPattern:        "/gitea/credentials/{id}",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &UpdateGiteaCredentialsReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*UpdateGiteaCredentialsOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
+	msg := fmt.Sprintf("unexpected success response for UpdateGiteaCredentials: API contract not enforced by server. Client expected to get an error, but got: %T", result)
+	panic(msg)
+}
+
 // SetTransport changes the transport on the client
 func (a *Client) SetTransport(transport runtime.ClientTransport) {
 	a.transport = transport

client/credentials/delete_credentials_parameters.go

@@ -0,0 +1,152 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package credentials
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// NewDeleteCredentialsParams creates a new DeleteCredentialsParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewDeleteCredentialsParams() *DeleteCredentialsParams {
+	return &DeleteCredentialsParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewDeleteCredentialsParamsWithTimeout creates a new DeleteCredentialsParams object
+// with the ability to set a timeout on a request.
+func NewDeleteCredentialsParamsWithTimeout(timeout time.Duration) *DeleteCredentialsParams {
+	return &DeleteCredentialsParams{
+		timeout: timeout,
+	}
+}
+
+// NewDeleteCredentialsParamsWithContext creates a new DeleteCredentialsParams object
+// with the ability to set a context for a request.
+func NewDeleteCredentialsParamsWithContext(ctx context.Context) *DeleteCredentialsParams {
+	return &DeleteCredentialsParams{
+		Context: ctx,
+	}
+}
+
+// NewDeleteCredentialsParamsWithHTTPClient creates a new DeleteCredentialsParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewDeleteCredentialsParamsWithHTTPClient(client *http.Client) *DeleteCredentialsParams {
+	return &DeleteCredentialsParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+DeleteCredentialsParams contains all the parameters to send to the API endpoint
+
+	for the delete credentials operation.
+
+	Typically these are written to a http.Request.
+*/
+type DeleteCredentialsParams struct {
+
+	/* ID.
+
+	   ID of the GitHub credential.
+	*/
+	ID int64
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the delete credentials params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *DeleteCredentialsParams) WithDefaults() *DeleteCredentialsParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the delete credentials params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *DeleteCredentialsParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the delete credentials params
+func (o *DeleteCredentialsParams) WithTimeout(timeout time.Duration) *DeleteCredentialsParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the delete credentials params
+func (o *DeleteCredentialsParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the delete credentials params
+func (o *DeleteCredentialsParams) WithContext(ctx context.Context) *DeleteCredentialsParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the delete credentials params
+func (o *DeleteCredentialsParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the delete credentials params
+func (o *DeleteCredentialsParams) WithHTTPClient(client *http.Client) *DeleteCredentialsParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the delete credentials params
+func (o *DeleteCredentialsParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithID adds the id to the delete credentials params
+func (o *DeleteCredentialsParams) WithID(id int64) *DeleteCredentialsParams {
+	o.SetID(id)
+	return o
+}
+
+// SetID adds the id to the delete credentials params
+func (o *DeleteCredentialsParams) SetID(id int64) {
+	o.ID = id
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *DeleteCredentialsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+
+	// path param id
+	if err := r.SetPathParam("id", swag.FormatInt64(o.ID)); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

client/credentials/delete_credentials_responses.go

@@ -0,0 +1,106 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package credentials
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+
+	apiserver_params "github.com/cloudbase/garm/apiserver/params"
+)
+
+// DeleteCredentialsReader is a Reader for the DeleteCredentials structure.
+type DeleteCredentialsReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *DeleteCredentialsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	result := NewDeleteCredentialsDefault(response.Code())
+	if err := result.readResponse(response, consumer, o.formats); err != nil {
+		return nil, err
+	}
+	if response.Code()/100 == 2 {
+		return result, nil
+	}
+	return nil, result
+}
+
+// NewDeleteCredentialsDefault creates a DeleteCredentialsDefault with default headers values
+func NewDeleteCredentialsDefault(code int) *DeleteCredentialsDefault {
+	return &DeleteCredentialsDefault{
+		_statusCode: code,
+	}
+}
+
+/*
+DeleteCredentialsDefault describes a response with status code -1, with default header values.
+
+APIErrorResponse
+*/
+type DeleteCredentialsDefault struct {
+	_statusCode int
+
+	Payload apiserver_params.APIErrorResponse
+}
+
+// IsSuccess returns true when this delete credentials default response has a 2xx status code
+func (o *DeleteCredentialsDefault) IsSuccess() bool {
+	return o._statusCode/100 == 2
+}
+
+// IsRedirect returns true when this delete credentials default response has a 3xx status code
+func (o *DeleteCredentialsDefault) IsRedirect() bool {
+	return o._statusCode/100 == 3
+}
+
+// IsClientError returns true when this delete credentials default response has a 4xx status code
+func (o *DeleteCredentialsDefault) IsClientError() bool {
+	return o._statusCode/100 == 4
+}
+
+// IsServerError returns true when this delete credentials default response has a 5xx status code
+func (o *DeleteCredentialsDefault) IsServerError() bool {
+	return o._statusCode/100 == 5
+}
+
+// IsCode returns true when this delete credentials default response a status code equal to that given
+func (o *DeleteCredentialsDefault) IsCode(code int) bool {
+	return o._statusCode == code
+}
+
+// Code gets the status code for the delete credentials default response
+func (o *DeleteCredentialsDefault) Code() int {
+	return o._statusCode
+}
+
+func (o *DeleteCredentialsDefault) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[DELETE /github/credentials/{id}][%d] DeleteCredentials default %s", o._statusCode, payload)
+}
+
+func (o *DeleteCredentialsDefault) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[DELETE /github/credentials/{id}][%d] DeleteCredentials default %s", o._statusCode, payload)
+}
+
+func (o *DeleteCredentialsDefault) GetPayload() apiserver_params.APIErrorResponse {
+	return o.Payload
+}
+
+func (o *DeleteCredentialsDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}

client/credentials/delete_gitea_credentials_parameters.go

@@ -0,0 +1,152 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package credentials
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// NewDeleteGiteaCredentialsParams creates a new DeleteGiteaCredentialsParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewDeleteGiteaCredentialsParams() *DeleteGiteaCredentialsParams {
+	return &DeleteGiteaCredentialsParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewDeleteGiteaCredentialsParamsWithTimeout creates a new DeleteGiteaCredentialsParams object
+// with the ability to set a timeout on a request.
+func NewDeleteGiteaCredentialsParamsWithTimeout(timeout time.Duration) *DeleteGiteaCredentialsParams {
+	return &DeleteGiteaCredentialsParams{
+		timeout: timeout,
+	}
+}
+
+// NewDeleteGiteaCredentialsParamsWithContext creates a new DeleteGiteaCredentialsParams object
+// with the ability to set a context for a request.
+func NewDeleteGiteaCredentialsParamsWithContext(ctx context.Context) *DeleteGiteaCredentialsParams {
+	return &DeleteGiteaCredentialsParams{
+		Context: ctx,
+	}
+}
+
+// NewDeleteGiteaCredentialsParamsWithHTTPClient creates a new DeleteGiteaCredentialsParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewDeleteGiteaCredentialsParamsWithHTTPClient(client *http.Client) *DeleteGiteaCredentialsParams {
+	return &DeleteGiteaCredentialsParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+DeleteGiteaCredentialsParams contains all the parameters to send to the API endpoint
+
+	for the delete gitea credentials operation.
+
+	Typically these are written to a http.Request.
+*/
+type DeleteGiteaCredentialsParams struct {
+
+	/* ID.
+
+	   ID of the Gitea credential.
+	*/
+	ID int64
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the delete gitea credentials params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *DeleteGiteaCredentialsParams) WithDefaults() *DeleteGiteaCredentialsParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the delete gitea credentials params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *DeleteGiteaCredentialsParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the delete gitea credentials params
+func (o *DeleteGiteaCredentialsParams) WithTimeout(timeout time.Duration) *DeleteGiteaCredentialsParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the delete gitea credentials params
+func (o *DeleteGiteaCredentialsParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the delete gitea credentials params
+func (o *DeleteGiteaCredentialsParams) WithContext(ctx context.Context) *DeleteGiteaCredentialsParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the delete gitea credentials params
+func (o *DeleteGiteaCredentialsParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the delete gitea credentials params
+func (o *DeleteGiteaCredentialsParams) WithHTTPClient(client *http.Client) *DeleteGiteaCredentialsParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the delete gitea credentials params
+func (o *DeleteGiteaCredentialsParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithID adds the id to the delete gitea credentials params
+func (o *DeleteGiteaCredentialsParams) WithID(id int64) *DeleteGiteaCredentialsParams {
+	o.SetID(id)
+	return o
+}
+
+// SetID adds the id to the delete gitea credentials params
+func (o *DeleteGiteaCredentialsParams) SetID(id int64) {
+	o.ID = id
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *DeleteGiteaCredentialsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+
+	// path param id
+	if err := r.SetPathParam("id", swag.FormatInt64(o.ID)); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

client/credentials/delete_gitea_credentials_responses.go

@@ -0,0 +1,106 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package credentials
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+
+	apiserver_params "github.com/cloudbase/garm/apiserver/params"
+)
+
+// DeleteGiteaCredentialsReader is a Reader for the DeleteGiteaCredentials structure.
+type DeleteGiteaCredentialsReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *DeleteGiteaCredentialsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	result := NewDeleteGiteaCredentialsDefault(response.Code())
+	if err := result.readResponse(response, consumer, o.formats); err != nil {
+		return nil, err
+	}
+	if response.Code()/100 == 2 {
+		return result, nil
+	}
+	return nil, result
+}
+
+// NewDeleteGiteaCredentialsDefault creates a DeleteGiteaCredentialsDefault with default headers values
+func NewDeleteGiteaCredentialsDefault(code int) *DeleteGiteaCredentialsDefault {
+	return &DeleteGiteaCredentialsDefault{
+		_statusCode: code,
+	}
+}
+
+/*
+DeleteGiteaCredentialsDefault describes a response with status code -1, with default header values.
+
+APIErrorResponse
+*/
+type DeleteGiteaCredentialsDefault struct {
+	_statusCode int
+
+	Payload apiserver_params.APIErrorResponse
+}
+
+// IsSuccess returns true when this delete gitea credentials default response has a 2xx status code
+func (o *DeleteGiteaCredentialsDefault) IsSuccess() bool {
+	return o._statusCode/100 == 2
+}
+
+// IsRedirect returns true when this delete gitea credentials default response has a 3xx status code
+func (o *DeleteGiteaCredentialsDefault) IsRedirect() bool {
+	return o._statusCode/100 == 3
+}
+
+// IsClientError returns true when this delete gitea credentials default response has a 4xx status code
+func (o *DeleteGiteaCredentialsDefault) IsClientError() bool {
+	return o._statusCode/100 == 4
+}
+
+// IsServerError returns true when this delete gitea credentials default response has a 5xx status code
+func (o *DeleteGiteaCredentialsDefault) IsServerError() bool {
+	return o._statusCode/100 == 5
+}
+
+// IsCode returns true when this delete gitea credentials default response a status code equal to that given
+func (o *DeleteGiteaCredentialsDefault) IsCode(code int) bool {
+	return o._statusCode == code
+}
+
+// Code gets the status code for the delete gitea credentials default response
+func (o *DeleteGiteaCredentialsDefault) Code() int {
+	return o._statusCode
+}
+
+func (o *DeleteGiteaCredentialsDefault) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[DELETE /gitea/credentials/{id}][%d] DeleteGiteaCredentials default %s", o._statusCode, payload)
+}
+
+func (o *DeleteGiteaCredentialsDefault) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[DELETE /gitea/credentials/{id}][%d] DeleteGiteaCredentials default %s", o._statusCode, payload)
+}
+
+func (o *DeleteGiteaCredentialsDefault) GetPayload() apiserver_params.APIErrorResponse {
+	return o.Payload
+}
+
+func (o *DeleteGiteaCredentialsDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}

client/credentials/get_credentials_parameters.go

@@ -0,0 +1,152 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package credentials
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// NewGetCredentialsParams creates a new GetCredentialsParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewGetCredentialsParams() *GetCredentialsParams {
+	return &GetCredentialsParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewGetCredentialsParamsWithTimeout creates a new GetCredentialsParams object
+// with the ability to set a timeout on a request.
+func NewGetCredentialsParamsWithTimeout(timeout time.Duration) *GetCredentialsParams {
+	return &GetCredentialsParams{
+		timeout: timeout,
+	}
+}
+
+// NewGetCredentialsParamsWithContext creates a new GetCredentialsParams object
+// with the ability to set a context for a request.
+func NewGetCredentialsParamsWithContext(ctx context.Context) *GetCredentialsParams {
+	return &GetCredentialsParams{
+		Context: ctx,
+	}
+}
+
+// NewGetCredentialsParamsWithHTTPClient creates a new GetCredentialsParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewGetCredentialsParamsWithHTTPClient(client *http.Client) *GetCredentialsParams {
+	return &GetCredentialsParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+GetCredentialsParams contains all the parameters to send to the API endpoint
+
+	for the get credentials operation.
+
+	Typically these are written to a http.Request.
+*/
+type GetCredentialsParams struct {
+
+	/* ID.
+
+	   ID of the GitHub credential.
+	*/
+	ID int64
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the get credentials params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *GetCredentialsParams) WithDefaults() *GetCredentialsParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the get credentials params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *GetCredentialsParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the get credentials params
+func (o *GetCredentialsParams) WithTimeout(timeout time.Duration) *GetCredentialsParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the get credentials params
+func (o *GetCredentialsParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the get credentials params
+func (o *GetCredentialsParams) WithContext(ctx context.Context) *GetCredentialsParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the get credentials params
+func (o *GetCredentialsParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the get credentials params
+func (o *GetCredentialsParams) WithHTTPClient(client *http.Client) *GetCredentialsParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the get credentials params
+func (o *GetCredentialsParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithID adds the id to the get credentials params
+func (o *GetCredentialsParams) WithID(id int64) *GetCredentialsParams {
+	o.SetID(id)
+	return o
+}
+
+// SetID adds the id to the get credentials params
+func (o *GetCredentialsParams) SetID(id int64) {
+	o.ID = id
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *GetCredentialsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+
+	// path param id
+	if err := r.SetPathParam("id", swag.FormatInt64(o.ID)); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

client/credentials/get_credentials_responses.go

@@ -0,0 +1,179 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package credentials
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+
+	apiserver_params "github.com/cloudbase/garm/apiserver/params"
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// GetCredentialsReader is a Reader for the GetCredentials structure.
+type GetCredentialsReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *GetCredentialsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewGetCredentialsOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	case 400:
+		result := NewGetCredentialsBadRequest()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	default:
+		return nil, runtime.NewAPIError("[GET /github/credentials/{id}] GetCredentials", response, response.Code())
+	}
+}
+
+// NewGetCredentialsOK creates a GetCredentialsOK with default headers values
+func NewGetCredentialsOK() *GetCredentialsOK {
+	return &GetCredentialsOK{}
+}
+
+/*
+GetCredentialsOK describes a response with status code 200, with default header values.
+
+ForgeCredentials
+*/
+type GetCredentialsOK struct {
+	Payload garm_params.ForgeCredentials
+}
+
+// IsSuccess returns true when this get credentials o k response has a 2xx status code
+func (o *GetCredentialsOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this get credentials o k response has a 3xx status code
+func (o *GetCredentialsOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this get credentials o k response has a 4xx status code
+func (o *GetCredentialsOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this get credentials o k response has a 5xx status code
+func (o *GetCredentialsOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this get credentials o k response a status code equal to that given
+func (o *GetCredentialsOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the get credentials o k response
+func (o *GetCredentialsOK) Code() int {
+	return 200
+}
+
+func (o *GetCredentialsOK) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /github/credentials/{id}][%d] getCredentialsOK %s", 200, payload)
+}
+
+func (o *GetCredentialsOK) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /github/credentials/{id}][%d] getCredentialsOK %s", 200, payload)
+}
+
+func (o *GetCredentialsOK) GetPayload() garm_params.ForgeCredentials {
+	return o.Payload
+}
+
+func (o *GetCredentialsOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewGetCredentialsBadRequest creates a GetCredentialsBadRequest with default headers values
+func NewGetCredentialsBadRequest() *GetCredentialsBadRequest {
+	return &GetCredentialsBadRequest{}
+}
+
+/*
+GetCredentialsBadRequest describes a response with status code 400, with default header values.
+
+APIErrorResponse
+*/
+type GetCredentialsBadRequest struct {
+	Payload apiserver_params.APIErrorResponse
+}
+
+// IsSuccess returns true when this get credentials bad request response has a 2xx status code
+func (o *GetCredentialsBadRequest) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this get credentials bad request response has a 3xx status code
+func (o *GetCredentialsBadRequest) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this get credentials bad request response has a 4xx status code
+func (o *GetCredentialsBadRequest) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this get credentials bad request response has a 5xx status code
+func (o *GetCredentialsBadRequest) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this get credentials bad request response a status code equal to that given
+func (o *GetCredentialsBadRequest) IsCode(code int) bool {
+	return code == 400
+}
+
+// Code gets the status code for the get credentials bad request response
+func (o *GetCredentialsBadRequest) Code() int {
+	return 400
+}
+
+func (o *GetCredentialsBadRequest) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /github/credentials/{id}][%d] getCredentialsBadRequest %s", 400, payload)
+}
+
+func (o *GetCredentialsBadRequest) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /github/credentials/{id}][%d] getCredentialsBadRequest %s", 400, payload)
+}
+
+func (o *GetCredentialsBadRequest) GetPayload() apiserver_params.APIErrorResponse {
+	return o.Payload
+}
+
+func (o *GetCredentialsBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}

client/credentials/get_gitea_credentials_parameters.go

@@ -0,0 +1,152 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package credentials
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// NewGetGiteaCredentialsParams creates a new GetGiteaCredentialsParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewGetGiteaCredentialsParams() *GetGiteaCredentialsParams {
+	return &GetGiteaCredentialsParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewGetGiteaCredentialsParamsWithTimeout creates a new GetGiteaCredentialsParams object
+// with the ability to set a timeout on a request.
+func NewGetGiteaCredentialsParamsWithTimeout(timeout time.Duration) *GetGiteaCredentialsParams {
+	return &GetGiteaCredentialsParams{
+		timeout: timeout,
+	}
+}
+
+// NewGetGiteaCredentialsParamsWithContext creates a new GetGiteaCredentialsParams object
+// with the ability to set a context for a request.
+func NewGetGiteaCredentialsParamsWithContext(ctx context.Context) *GetGiteaCredentialsParams {
+	return &GetGiteaCredentialsParams{
+		Context: ctx,
+	}
+}
+
+// NewGetGiteaCredentialsParamsWithHTTPClient creates a new GetGiteaCredentialsParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewGetGiteaCredentialsParamsWithHTTPClient(client *http.Client) *GetGiteaCredentialsParams {
+	return &GetGiteaCredentialsParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+GetGiteaCredentialsParams contains all the parameters to send to the API endpoint
+
+	for the get gitea credentials operation.
+
+	Typically these are written to a http.Request.
+*/
+type GetGiteaCredentialsParams struct {
+
+	/* ID.
+
+	   ID of the Gitea credential.
+	*/
+	ID int64
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the get gitea credentials params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *GetGiteaCredentialsParams) WithDefaults() *GetGiteaCredentialsParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the get gitea credentials params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *GetGiteaCredentialsParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the get gitea credentials params
+func (o *GetGiteaCredentialsParams) WithTimeout(timeout time.Duration) *GetGiteaCredentialsParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the get gitea credentials params
+func (o *GetGiteaCredentialsParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the get gitea credentials params
+func (o *GetGiteaCredentialsParams) WithContext(ctx context.Context) *GetGiteaCredentialsParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the get gitea credentials params
+func (o *GetGiteaCredentialsParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the get gitea credentials params
+func (o *GetGiteaCredentialsParams) WithHTTPClient(client *http.Client) *GetGiteaCredentialsParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the get gitea credentials params
+func (o *GetGiteaCredentialsParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithID adds the id to the get gitea credentials params
+func (o *GetGiteaCredentialsParams) WithID(id int64) *GetGiteaCredentialsParams {
+	o.SetID(id)
+	return o
+}
+
+// SetID adds the id to the get gitea credentials params
+func (o *GetGiteaCredentialsParams) SetID(id int64) {
+	o.ID = id
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *GetGiteaCredentialsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+
+	// path param id
+	if err := r.SetPathParam("id", swag.FormatInt64(o.ID)); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

client/credentials/get_gitea_credentials_responses.go

@@ -0,0 +1,179 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package credentials
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+
+	apiserver_params "github.com/cloudbase/garm/apiserver/params"
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// GetGiteaCredentialsReader is a Reader for the GetGiteaCredentials structure.
+type GetGiteaCredentialsReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *GetGiteaCredentialsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewGetGiteaCredentialsOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	case 400:
+		result := NewGetGiteaCredentialsBadRequest()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	default:
+		return nil, runtime.NewAPIError("[GET /gitea/credentials/{id}] GetGiteaCredentials", response, response.Code())
+	}
+}
+
+// NewGetGiteaCredentialsOK creates a GetGiteaCredentialsOK with default headers values
+func NewGetGiteaCredentialsOK() *GetGiteaCredentialsOK {
+	return &GetGiteaCredentialsOK{}
+}
+
+/*
+GetGiteaCredentialsOK describes a response with status code 200, with default header values.
+
+ForgeCredentials
+*/
+type GetGiteaCredentialsOK struct {
+	Payload garm_params.ForgeCredentials
+}
+
+// IsSuccess returns true when this get gitea credentials o k response has a 2xx status code
+func (o *GetGiteaCredentialsOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this get gitea credentials o k response has a 3xx status code
+func (o *GetGiteaCredentialsOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this get gitea credentials o k response has a 4xx status code
+func (o *GetGiteaCredentialsOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this get gitea credentials o k response has a 5xx status code
+func (o *GetGiteaCredentialsOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this get gitea credentials o k response a status code equal to that given
+func (o *GetGiteaCredentialsOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the get gitea credentials o k response
+func (o *GetGiteaCredentialsOK) Code() int {
+	return 200
+}
+
+func (o *GetGiteaCredentialsOK) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /gitea/credentials/{id}][%d] getGiteaCredentialsOK %s", 200, payload)
+}
+
+func (o *GetGiteaCredentialsOK) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /gitea/credentials/{id}][%d] getGiteaCredentialsOK %s", 200, payload)
+}
+
+func (o *GetGiteaCredentialsOK) GetPayload() garm_params.ForgeCredentials {
+	return o.Payload
+}
+
+func (o *GetGiteaCredentialsOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewGetGiteaCredentialsBadRequest creates a GetGiteaCredentialsBadRequest with default headers values
+func NewGetGiteaCredentialsBadRequest() *GetGiteaCredentialsBadRequest {
+	return &GetGiteaCredentialsBadRequest{}
+}
+
+/*
+GetGiteaCredentialsBadRequest describes a response with status code 400, with default header values.
+
+APIErrorResponse
+*/
+type GetGiteaCredentialsBadRequest struct {
+	Payload apiserver_params.APIErrorResponse
+}
+
+// IsSuccess returns true when this get gitea credentials bad request response has a 2xx status code
+func (o *GetGiteaCredentialsBadRequest) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this get gitea credentials bad request response has a 3xx status code
+func (o *GetGiteaCredentialsBadRequest) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this get gitea credentials bad request response has a 4xx status code
+func (o *GetGiteaCredentialsBadRequest) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this get gitea credentials bad request response has a 5xx status code
+func (o *GetGiteaCredentialsBadRequest) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this get gitea credentials bad request response a status code equal to that given
+func (o *GetGiteaCredentialsBadRequest) IsCode(code int) bool {
+	return code == 400
+}
+
+// Code gets the status code for the get gitea credentials bad request response
+func (o *GetGiteaCredentialsBadRequest) Code() int {
+	return 400
+}
+
+func (o *GetGiteaCredentialsBadRequest) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /gitea/credentials/{id}][%d] getGiteaCredentialsBadRequest %s", 400, payload)
+}
+
+func (o *GetGiteaCredentialsBadRequest) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /gitea/credentials/{id}][%d] getGiteaCredentialsBadRequest %s", 400, payload)
+}
+
+func (o *GetGiteaCredentialsBadRequest) GetPayload() apiserver_params.APIErrorResponse {
+	return o.Payload
+}
+
+func (o *GetGiteaCredentialsBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}

client/credentials/list_credentials_responses.go

@@ -6,6 +6,7 @@ package credentials
 // Editing this file might prove futile when you re-run the swagger generate command
 
 import (
+	"encoding/json"
 	"fmt"
 	"io"
 
@@ -37,7 +38,7 @@ func (o *ListCredentialsReader) ReadResponse(response runtime.ClientResponse, co
 		}
 		return nil, result
 	default:
-		return nil, runtime.NewAPIError("[GET /credentials] ListCredentials", response, response.Code())
+		return nil, runtime.NewAPIError("[GET /github/credentials] ListCredentials", response, response.Code())
 	}
 }
 
@@ -86,11 +87,13 @@ func (o *ListCredentialsOK) Code() int {
 }
 
 func (o *ListCredentialsOK) Error() string {
-	return fmt.Sprintf("[GET /credentials][%d] listCredentialsOK  %+v", 200, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /github/credentials][%d] listCredentialsOK %s", 200, payload)
 }
 
 func (o *ListCredentialsOK) String() string {
-	return fmt.Sprintf("[GET /credentials][%d] listCredentialsOK  %+v", 200, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /github/credentials][%d] listCredentialsOK %s", 200, payload)
 }
 
 func (o *ListCredentialsOK) GetPayload() garm_params.Credentials {
@@ -152,11 +155,13 @@ func (o *ListCredentialsBadRequest) Code() int {
 }
 
 func (o *ListCredentialsBadRequest) Error() string {
-	return fmt.Sprintf("[GET /credentials][%d] listCredentialsBadRequest  %+v", 400, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /github/credentials][%d] listCredentialsBadRequest %s", 400, payload)
 }
 
 func (o *ListCredentialsBadRequest) String() string {
-	return fmt.Sprintf("[GET /credentials][%d] listCredentialsBadRequest  %+v", 400, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /github/credentials][%d] listCredentialsBadRequest %s", 400, payload)
 }
 
 func (o *ListCredentialsBadRequest) GetPayload() apiserver_params.APIErrorResponse {

client/credentials/list_gitea_credentials_parameters.go

@@ -0,0 +1,128 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package credentials
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewListGiteaCredentialsParams creates a new ListGiteaCredentialsParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewListGiteaCredentialsParams() *ListGiteaCredentialsParams {
+	return &ListGiteaCredentialsParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewListGiteaCredentialsParamsWithTimeout creates a new ListGiteaCredentialsParams object
+// with the ability to set a timeout on a request.
+func NewListGiteaCredentialsParamsWithTimeout(timeout time.Duration) *ListGiteaCredentialsParams {
+	return &ListGiteaCredentialsParams{
+		timeout: timeout,
+	}
+}
+
+// NewListGiteaCredentialsParamsWithContext creates a new ListGiteaCredentialsParams object
+// with the ability to set a context for a request.
+func NewListGiteaCredentialsParamsWithContext(ctx context.Context) *ListGiteaCredentialsParams {
+	return &ListGiteaCredentialsParams{
+		Context: ctx,
+	}
+}
+
+// NewListGiteaCredentialsParamsWithHTTPClient creates a new ListGiteaCredentialsParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewListGiteaCredentialsParamsWithHTTPClient(client *http.Client) *ListGiteaCredentialsParams {
+	return &ListGiteaCredentialsParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+ListGiteaCredentialsParams contains all the parameters to send to the API endpoint
+
+	for the list gitea credentials operation.
+
+	Typically these are written to a http.Request.
+*/
+type ListGiteaCredentialsParams struct {
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the list gitea credentials params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *ListGiteaCredentialsParams) WithDefaults() *ListGiteaCredentialsParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the list gitea credentials params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *ListGiteaCredentialsParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the list gitea credentials params
+func (o *ListGiteaCredentialsParams) WithTimeout(timeout time.Duration) *ListGiteaCredentialsParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the list gitea credentials params
+func (o *ListGiteaCredentialsParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the list gitea credentials params
+func (o *ListGiteaCredentialsParams) WithContext(ctx context.Context) *ListGiteaCredentialsParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the list gitea credentials params
+func (o *ListGiteaCredentialsParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the list gitea credentials params
+func (o *ListGiteaCredentialsParams) WithHTTPClient(client *http.Client) *ListGiteaCredentialsParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the list gitea credentials params
+func (o *ListGiteaCredentialsParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *ListGiteaCredentialsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

client/credentials/list_gitea_credentials_responses.go

@@ -0,0 +1,179 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package credentials
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+
+	apiserver_params "github.com/cloudbase/garm/apiserver/params"
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// ListGiteaCredentialsReader is a Reader for the ListGiteaCredentials structure.
+type ListGiteaCredentialsReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *ListGiteaCredentialsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewListGiteaCredentialsOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	case 400:
+		result := NewListGiteaCredentialsBadRequest()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	default:
+		return nil, runtime.NewAPIError("[GET /gitea/credentials] ListGiteaCredentials", response, response.Code())
+	}
+}
+
+// NewListGiteaCredentialsOK creates a ListGiteaCredentialsOK with default headers values
+func NewListGiteaCredentialsOK() *ListGiteaCredentialsOK {
+	return &ListGiteaCredentialsOK{}
+}
+
+/*
+ListGiteaCredentialsOK describes a response with status code 200, with default header values.
+
+Credentials
+*/
+type ListGiteaCredentialsOK struct {
+	Payload garm_params.Credentials
+}
+
+// IsSuccess returns true when this list gitea credentials o k response has a 2xx status code
+func (o *ListGiteaCredentialsOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this list gitea credentials o k response has a 3xx status code
+func (o *ListGiteaCredentialsOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this list gitea credentials o k response has a 4xx status code
+func (o *ListGiteaCredentialsOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this list gitea credentials o k response has a 5xx status code
+func (o *ListGiteaCredentialsOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this list gitea credentials o k response a status code equal to that given
+func (o *ListGiteaCredentialsOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the list gitea credentials o k response
+func (o *ListGiteaCredentialsOK) Code() int {
+	return 200
+}
+
+func (o *ListGiteaCredentialsOK) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /gitea/credentials][%d] listGiteaCredentialsOK %s", 200, payload)
+}
+
+func (o *ListGiteaCredentialsOK) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /gitea/credentials][%d] listGiteaCredentialsOK %s", 200, payload)
+}
+
+func (o *ListGiteaCredentialsOK) GetPayload() garm_params.Credentials {
+	return o.Payload
+}
+
+func (o *ListGiteaCredentialsOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewListGiteaCredentialsBadRequest creates a ListGiteaCredentialsBadRequest with default headers values
+func NewListGiteaCredentialsBadRequest() *ListGiteaCredentialsBadRequest {
+	return &ListGiteaCredentialsBadRequest{}
+}
+
+/*
+ListGiteaCredentialsBadRequest describes a response with status code 400, with default header values.
+
+APIErrorResponse
+*/
+type ListGiteaCredentialsBadRequest struct {
+	Payload apiserver_params.APIErrorResponse
+}
+
+// IsSuccess returns true when this list gitea credentials bad request response has a 2xx status code
+func (o *ListGiteaCredentialsBadRequest) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this list gitea credentials bad request response has a 3xx status code
+func (o *ListGiteaCredentialsBadRequest) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this list gitea credentials bad request response has a 4xx status code
+func (o *ListGiteaCredentialsBadRequest) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this list gitea credentials bad request response has a 5xx status code
+func (o *ListGiteaCredentialsBadRequest) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this list gitea credentials bad request response a status code equal to that given
+func (o *ListGiteaCredentialsBadRequest) IsCode(code int) bool {
+	return code == 400
+}
+
+// Code gets the status code for the list gitea credentials bad request response
+func (o *ListGiteaCredentialsBadRequest) Code() int {
+	return 400
+}
+
+func (o *ListGiteaCredentialsBadRequest) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /gitea/credentials][%d] listGiteaCredentialsBadRequest %s", 400, payload)
+}
+
+func (o *ListGiteaCredentialsBadRequest) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /gitea/credentials][%d] listGiteaCredentialsBadRequest %s", 400, payload)
+}
+
+func (o *ListGiteaCredentialsBadRequest) GetPayload() apiserver_params.APIErrorResponse {
+	return o.Payload
+}
+
+func (o *ListGiteaCredentialsBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}

client/credentials/update_credentials_parameters.go

@@ -0,0 +1,174 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package credentials
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// NewUpdateCredentialsParams creates a new UpdateCredentialsParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewUpdateCredentialsParams() *UpdateCredentialsParams {
+	return &UpdateCredentialsParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewUpdateCredentialsParamsWithTimeout creates a new UpdateCredentialsParams object
+// with the ability to set a timeout on a request.
+func NewUpdateCredentialsParamsWithTimeout(timeout time.Duration) *UpdateCredentialsParams {
+	return &UpdateCredentialsParams{
+		timeout: timeout,
+	}
+}
+
+// NewUpdateCredentialsParamsWithContext creates a new UpdateCredentialsParams object
+// with the ability to set a context for a request.
+func NewUpdateCredentialsParamsWithContext(ctx context.Context) *UpdateCredentialsParams {
+	return &UpdateCredentialsParams{
+		Context: ctx,
+	}
+}
+
+// NewUpdateCredentialsParamsWithHTTPClient creates a new UpdateCredentialsParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewUpdateCredentialsParamsWithHTTPClient(client *http.Client) *UpdateCredentialsParams {
+	return &UpdateCredentialsParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+UpdateCredentialsParams contains all the parameters to send to the API endpoint
+
+	for the update credentials operation.
+
+	Typically these are written to a http.Request.
+*/
+type UpdateCredentialsParams struct {
+
+	/* Body.
+
+	   Parameters used when updating a GitHub credential.
+	*/
+	Body garm_params.UpdateGithubCredentialsParams
+
+	/* ID.
+
+	   ID of the GitHub credential.
+	*/
+	ID int64
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the update credentials params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *UpdateCredentialsParams) WithDefaults() *UpdateCredentialsParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the update credentials params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *UpdateCredentialsParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the update credentials params
+func (o *UpdateCredentialsParams) WithTimeout(timeout time.Duration) *UpdateCredentialsParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the update credentials params
+func (o *UpdateCredentialsParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the update credentials params
+func (o *UpdateCredentialsParams) WithContext(ctx context.Context) *UpdateCredentialsParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the update credentials params
+func (o *UpdateCredentialsParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the update credentials params
+func (o *UpdateCredentialsParams) WithHTTPClient(client *http.Client) *UpdateCredentialsParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the update credentials params
+func (o *UpdateCredentialsParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithBody adds the body to the update credentials params
+func (o *UpdateCredentialsParams) WithBody(body garm_params.UpdateGithubCredentialsParams) *UpdateCredentialsParams {
+	o.SetBody(body)
+	return o
+}
+
+// SetBody adds the body to the update credentials params
+func (o *UpdateCredentialsParams) SetBody(body garm_params.UpdateGithubCredentialsParams) {
+	o.Body = body
+}
+
+// WithID adds the id to the update credentials params
+func (o *UpdateCredentialsParams) WithID(id int64) *UpdateCredentialsParams {
+	o.SetID(id)
+	return o
+}
+
+// SetID adds the id to the update credentials params
+func (o *UpdateCredentialsParams) SetID(id int64) {
+	o.ID = id
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *UpdateCredentialsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+	if err := r.SetBodyParam(o.Body); err != nil {
+		return err
+	}
+
+	// path param id
+	if err := r.SetPathParam("id", swag.FormatInt64(o.ID)); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

client/credentials/update_credentials_responses.go

@@ -0,0 +1,179 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package credentials
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+
+	apiserver_params "github.com/cloudbase/garm/apiserver/params"
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// UpdateCredentialsReader is a Reader for the UpdateCredentials structure.
+type UpdateCredentialsReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *UpdateCredentialsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewUpdateCredentialsOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	case 400:
+		result := NewUpdateCredentialsBadRequest()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	default:
+		return nil, runtime.NewAPIError("[PUT /github/credentials/{id}] UpdateCredentials", response, response.Code())
+	}
+}
+
+// NewUpdateCredentialsOK creates a UpdateCredentialsOK with default headers values
+func NewUpdateCredentialsOK() *UpdateCredentialsOK {
+	return &UpdateCredentialsOK{}
+}
+
+/*
+UpdateCredentialsOK describes a response with status code 200, with default header values.
+
+ForgeCredentials
+*/
+type UpdateCredentialsOK struct {
+	Payload garm_params.ForgeCredentials
+}
+
+// IsSuccess returns true when this update credentials o k response has a 2xx status code
+func (o *UpdateCredentialsOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this update credentials o k response has a 3xx status code
+func (o *UpdateCredentialsOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this update credentials o k response has a 4xx status code
+func (o *UpdateCredentialsOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this update credentials o k response has a 5xx status code
+func (o *UpdateCredentialsOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this update credentials o k response a status code equal to that given
+func (o *UpdateCredentialsOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the update credentials o k response
+func (o *UpdateCredentialsOK) Code() int {
+	return 200
+}
+
+func (o *UpdateCredentialsOK) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[PUT /github/credentials/{id}][%d] updateCredentialsOK %s", 200, payload)
+}
+
+func (o *UpdateCredentialsOK) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[PUT /github/credentials/{id}][%d] updateCredentialsOK %s", 200, payload)
+}
+
+func (o *UpdateCredentialsOK) GetPayload() garm_params.ForgeCredentials {
+	return o.Payload
+}
+
+func (o *UpdateCredentialsOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewUpdateCredentialsBadRequest creates a UpdateCredentialsBadRequest with default headers values
+func NewUpdateCredentialsBadRequest() *UpdateCredentialsBadRequest {
+	return &UpdateCredentialsBadRequest{}
+}
+
+/*
+UpdateCredentialsBadRequest describes a response with status code 400, with default header values.
+
+APIErrorResponse
+*/
+type UpdateCredentialsBadRequest struct {
+	Payload apiserver_params.APIErrorResponse
+}
+
+// IsSuccess returns true when this update credentials bad request response has a 2xx status code
+func (o *UpdateCredentialsBadRequest) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this update credentials bad request response has a 3xx status code
+func (o *UpdateCredentialsBadRequest) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this update credentials bad request response has a 4xx status code
+func (o *UpdateCredentialsBadRequest) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this update credentials bad request response has a 5xx status code
+func (o *UpdateCredentialsBadRequest) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this update credentials bad request response a status code equal to that given
+func (o *UpdateCredentialsBadRequest) IsCode(code int) bool {
+	return code == 400
+}
+
+// Code gets the status code for the update credentials bad request response
+func (o *UpdateCredentialsBadRequest) Code() int {
+	return 400
+}
+
+func (o *UpdateCredentialsBadRequest) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[PUT /github/credentials/{id}][%d] updateCredentialsBadRequest %s", 400, payload)
+}
+
+func (o *UpdateCredentialsBadRequest) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[PUT /github/credentials/{id}][%d] updateCredentialsBadRequest %s", 400, payload)
+}
+
+func (o *UpdateCredentialsBadRequest) GetPayload() apiserver_params.APIErrorResponse {
+	return o.Payload
+}
+
+func (o *UpdateCredentialsBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}

client/credentials/update_gitea_credentials_parameters.go

@@ -0,0 +1,174 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package credentials
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// NewUpdateGiteaCredentialsParams creates a new UpdateGiteaCredentialsParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewUpdateGiteaCredentialsParams() *UpdateGiteaCredentialsParams {
+	return &UpdateGiteaCredentialsParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewUpdateGiteaCredentialsParamsWithTimeout creates a new UpdateGiteaCredentialsParams object
+// with the ability to set a timeout on a request.
+func NewUpdateGiteaCredentialsParamsWithTimeout(timeout time.Duration) *UpdateGiteaCredentialsParams {
+	return &UpdateGiteaCredentialsParams{
+		timeout: timeout,
+	}
+}
+
+// NewUpdateGiteaCredentialsParamsWithContext creates a new UpdateGiteaCredentialsParams object
+// with the ability to set a context for a request.
+func NewUpdateGiteaCredentialsParamsWithContext(ctx context.Context) *UpdateGiteaCredentialsParams {
+	return &UpdateGiteaCredentialsParams{
+		Context: ctx,
+	}
+}
+
+// NewUpdateGiteaCredentialsParamsWithHTTPClient creates a new UpdateGiteaCredentialsParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewUpdateGiteaCredentialsParamsWithHTTPClient(client *http.Client) *UpdateGiteaCredentialsParams {
+	return &UpdateGiteaCredentialsParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+UpdateGiteaCredentialsParams contains all the parameters to send to the API endpoint
+
+	for the update gitea credentials operation.
+
+	Typically these are written to a http.Request.
+*/
+type UpdateGiteaCredentialsParams struct {
+
+	/* Body.
+
+	   Parameters used when updating a Gitea credential.
+	*/
+	Body garm_params.UpdateGiteaCredentialsParams
+
+	/* ID.
+
+	   ID of the Gitea credential.
+	*/
+	ID int64
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the update gitea credentials params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *UpdateGiteaCredentialsParams) WithDefaults() *UpdateGiteaCredentialsParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the update gitea credentials params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *UpdateGiteaCredentialsParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the update gitea credentials params
+func (o *UpdateGiteaCredentialsParams) WithTimeout(timeout time.Duration) *UpdateGiteaCredentialsParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the update gitea credentials params
+func (o *UpdateGiteaCredentialsParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the update gitea credentials params
+func (o *UpdateGiteaCredentialsParams) WithContext(ctx context.Context) *UpdateGiteaCredentialsParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the update gitea credentials params
+func (o *UpdateGiteaCredentialsParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the update gitea credentials params
+func (o *UpdateGiteaCredentialsParams) WithHTTPClient(client *http.Client) *UpdateGiteaCredentialsParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the update gitea credentials params
+func (o *UpdateGiteaCredentialsParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithBody adds the body to the update gitea credentials params
+func (o *UpdateGiteaCredentialsParams) WithBody(body garm_params.UpdateGiteaCredentialsParams) *UpdateGiteaCredentialsParams {
+	o.SetBody(body)
+	return o
+}
+
+// SetBody adds the body to the update gitea credentials params
+func (o *UpdateGiteaCredentialsParams) SetBody(body garm_params.UpdateGiteaCredentialsParams) {
+	o.Body = body
+}
+
+// WithID adds the id to the update gitea credentials params
+func (o *UpdateGiteaCredentialsParams) WithID(id int64) *UpdateGiteaCredentialsParams {
+	o.SetID(id)
+	return o
+}
+
+// SetID adds the id to the update gitea credentials params
+func (o *UpdateGiteaCredentialsParams) SetID(id int64) {
+	o.ID = id
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *UpdateGiteaCredentialsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+	if err := r.SetBodyParam(o.Body); err != nil {
+		return err
+	}
+
+	// path param id
+	if err := r.SetPathParam("id", swag.FormatInt64(o.ID)); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

client/credentials/update_gitea_credentials_responses.go

@@ -0,0 +1,179 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package credentials
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+
+	apiserver_params "github.com/cloudbase/garm/apiserver/params"
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// UpdateGiteaCredentialsReader is a Reader for the UpdateGiteaCredentials structure.
+type UpdateGiteaCredentialsReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *UpdateGiteaCredentialsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewUpdateGiteaCredentialsOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	case 400:
+		result := NewUpdateGiteaCredentialsBadRequest()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	default:
+		return nil, runtime.NewAPIError("[PUT /gitea/credentials/{id}] UpdateGiteaCredentials", response, response.Code())
+	}
+}
+
+// NewUpdateGiteaCredentialsOK creates a UpdateGiteaCredentialsOK with default headers values
+func NewUpdateGiteaCredentialsOK() *UpdateGiteaCredentialsOK {
+	return &UpdateGiteaCredentialsOK{}
+}
+
+/*
+UpdateGiteaCredentialsOK describes a response with status code 200, with default header values.
+
+ForgeCredentials
+*/
+type UpdateGiteaCredentialsOK struct {
+	Payload garm_params.ForgeCredentials
+}
+
+// IsSuccess returns true when this update gitea credentials o k response has a 2xx status code
+func (o *UpdateGiteaCredentialsOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this update gitea credentials o k response has a 3xx status code
+func (o *UpdateGiteaCredentialsOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this update gitea credentials o k response has a 4xx status code
+func (o *UpdateGiteaCredentialsOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this update gitea credentials o k response has a 5xx status code
+func (o *UpdateGiteaCredentialsOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this update gitea credentials o k response a status code equal to that given
+func (o *UpdateGiteaCredentialsOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the update gitea credentials o k response
+func (o *UpdateGiteaCredentialsOK) Code() int {
+	return 200
+}
+
+func (o *UpdateGiteaCredentialsOK) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[PUT /gitea/credentials/{id}][%d] updateGiteaCredentialsOK %s", 200, payload)
+}
+
+func (o *UpdateGiteaCredentialsOK) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[PUT /gitea/credentials/{id}][%d] updateGiteaCredentialsOK %s", 200, payload)
+}
+
+func (o *UpdateGiteaCredentialsOK) GetPayload() garm_params.ForgeCredentials {
+	return o.Payload
+}
+
+func (o *UpdateGiteaCredentialsOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewUpdateGiteaCredentialsBadRequest creates a UpdateGiteaCredentialsBadRequest with default headers values
+func NewUpdateGiteaCredentialsBadRequest() *UpdateGiteaCredentialsBadRequest {
+	return &UpdateGiteaCredentialsBadRequest{}
+}
+
+/*
+UpdateGiteaCredentialsBadRequest describes a response with status code 400, with default header values.
+
+APIErrorResponse
+*/
+type UpdateGiteaCredentialsBadRequest struct {
+	Payload apiserver_params.APIErrorResponse
+}
+
+// IsSuccess returns true when this update gitea credentials bad request response has a 2xx status code
+func (o *UpdateGiteaCredentialsBadRequest) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this update gitea credentials bad request response has a 3xx status code
+func (o *UpdateGiteaCredentialsBadRequest) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this update gitea credentials bad request response has a 4xx status code
+func (o *UpdateGiteaCredentialsBadRequest) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this update gitea credentials bad request response has a 5xx status code
+func (o *UpdateGiteaCredentialsBadRequest) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this update gitea credentials bad request response a status code equal to that given
+func (o *UpdateGiteaCredentialsBadRequest) IsCode(code int) bool {
+	return code == 400
+}
+
+// Code gets the status code for the update gitea credentials bad request response
+func (o *UpdateGiteaCredentialsBadRequest) Code() int {
+	return 400
+}
+
+func (o *UpdateGiteaCredentialsBadRequest) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[PUT /gitea/credentials/{id}][%d] updateGiteaCredentialsBadRequest %s", 400, payload)
+}
+
+func (o *UpdateGiteaCredentialsBadRequest) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[PUT /gitea/credentials/{id}][%d] updateGiteaCredentialsBadRequest %s", 400, payload)
+}
+
+func (o *UpdateGiteaCredentialsBadRequest) GetPayload() apiserver_params.APIErrorResponse {
+	return o.Payload
+}
+
+func (o *UpdateGiteaCredentialsBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}

client/endpoints/create_gitea_endpoint_parameters.go

@@ -0,0 +1,151 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package endpoints
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// NewCreateGiteaEndpointParams creates a new CreateGiteaEndpointParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewCreateGiteaEndpointParams() *CreateGiteaEndpointParams {
+	return &CreateGiteaEndpointParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewCreateGiteaEndpointParamsWithTimeout creates a new CreateGiteaEndpointParams object
+// with the ability to set a timeout on a request.
+func NewCreateGiteaEndpointParamsWithTimeout(timeout time.Duration) *CreateGiteaEndpointParams {
+	return &CreateGiteaEndpointParams{
+		timeout: timeout,
+	}
+}
+
+// NewCreateGiteaEndpointParamsWithContext creates a new CreateGiteaEndpointParams object
+// with the ability to set a context for a request.
+func NewCreateGiteaEndpointParamsWithContext(ctx context.Context) *CreateGiteaEndpointParams {
+	return &CreateGiteaEndpointParams{
+		Context: ctx,
+	}
+}
+
+// NewCreateGiteaEndpointParamsWithHTTPClient creates a new CreateGiteaEndpointParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewCreateGiteaEndpointParamsWithHTTPClient(client *http.Client) *CreateGiteaEndpointParams {
+	return &CreateGiteaEndpointParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+CreateGiteaEndpointParams contains all the parameters to send to the API endpoint
+
+	for the create gitea endpoint operation.
+
+	Typically these are written to a http.Request.
+*/
+type CreateGiteaEndpointParams struct {
+
+	/* Body.
+
+	   Parameters used when creating a Gitea endpoint.
+	*/
+	Body garm_params.CreateGiteaEndpointParams
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the create gitea endpoint params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *CreateGiteaEndpointParams) WithDefaults() *CreateGiteaEndpointParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the create gitea endpoint params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *CreateGiteaEndpointParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the create gitea endpoint params
+func (o *CreateGiteaEndpointParams) WithTimeout(timeout time.Duration) *CreateGiteaEndpointParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the create gitea endpoint params
+func (o *CreateGiteaEndpointParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the create gitea endpoint params
+func (o *CreateGiteaEndpointParams) WithContext(ctx context.Context) *CreateGiteaEndpointParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the create gitea endpoint params
+func (o *CreateGiteaEndpointParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the create gitea endpoint params
+func (o *CreateGiteaEndpointParams) WithHTTPClient(client *http.Client) *CreateGiteaEndpointParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the create gitea endpoint params
+func (o *CreateGiteaEndpointParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithBody adds the body to the create gitea endpoint params
+func (o *CreateGiteaEndpointParams) WithBody(body garm_params.CreateGiteaEndpointParams) *CreateGiteaEndpointParams {
+	o.SetBody(body)
+	return o
+}
+
+// SetBody adds the body to the create gitea endpoint params
+func (o *CreateGiteaEndpointParams) SetBody(body garm_params.CreateGiteaEndpointParams) {
+	o.Body = body
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *CreateGiteaEndpointParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+	if err := r.SetBodyParam(o.Body); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

client/endpoints/create_gitea_endpoint_responses.go

@@ -0,0 +1,184 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package endpoints
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+
+	apiserver_params "github.com/cloudbase/garm/apiserver/params"
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// CreateGiteaEndpointReader is a Reader for the CreateGiteaEndpoint structure.
+type CreateGiteaEndpointReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *CreateGiteaEndpointReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewCreateGiteaEndpointOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	default:
+		result := NewCreateGiteaEndpointDefault(response.Code())
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		if response.Code()/100 == 2 {
+			return result, nil
+		}
+		return nil, result
+	}
+}
+
+// NewCreateGiteaEndpointOK creates a CreateGiteaEndpointOK with default headers values
+func NewCreateGiteaEndpointOK() *CreateGiteaEndpointOK {
+	return &CreateGiteaEndpointOK{}
+}
+
+/*
+CreateGiteaEndpointOK describes a response with status code 200, with default header values.
+
+ForgeEndpoint
+*/
+type CreateGiteaEndpointOK struct {
+	Payload garm_params.ForgeEndpoint
+}
+
+// IsSuccess returns true when this create gitea endpoint o k response has a 2xx status code
+func (o *CreateGiteaEndpointOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this create gitea endpoint o k response has a 3xx status code
+func (o *CreateGiteaEndpointOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this create gitea endpoint o k response has a 4xx status code
+func (o *CreateGiteaEndpointOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this create gitea endpoint o k response has a 5xx status code
+func (o *CreateGiteaEndpointOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this create gitea endpoint o k response a status code equal to that given
+func (o *CreateGiteaEndpointOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the create gitea endpoint o k response
+func (o *CreateGiteaEndpointOK) Code() int {
+	return 200
+}
+
+func (o *CreateGiteaEndpointOK) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /gitea/endpoints][%d] createGiteaEndpointOK %s", 200, payload)
+}
+
+func (o *CreateGiteaEndpointOK) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /gitea/endpoints][%d] createGiteaEndpointOK %s", 200, payload)
+}
+
+func (o *CreateGiteaEndpointOK) GetPayload() garm_params.ForgeEndpoint {
+	return o.Payload
+}
+
+func (o *CreateGiteaEndpointOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewCreateGiteaEndpointDefault creates a CreateGiteaEndpointDefault with default headers values
+func NewCreateGiteaEndpointDefault(code int) *CreateGiteaEndpointDefault {
+	return &CreateGiteaEndpointDefault{
+		_statusCode: code,
+	}
+}
+
+/*
+CreateGiteaEndpointDefault describes a response with status code -1, with default header values.
+
+APIErrorResponse
+*/
+type CreateGiteaEndpointDefault struct {
+	_statusCode int
+
+	Payload apiserver_params.APIErrorResponse
+}
+
+// IsSuccess returns true when this create gitea endpoint default response has a 2xx status code
+func (o *CreateGiteaEndpointDefault) IsSuccess() bool {
+	return o._statusCode/100 == 2
+}
+
+// IsRedirect returns true when this create gitea endpoint default response has a 3xx status code
+func (o *CreateGiteaEndpointDefault) IsRedirect() bool {
+	return o._statusCode/100 == 3
+}
+
+// IsClientError returns true when this create gitea endpoint default response has a 4xx status code
+func (o *CreateGiteaEndpointDefault) IsClientError() bool {
+	return o._statusCode/100 == 4
+}
+
+// IsServerError returns true when this create gitea endpoint default response has a 5xx status code
+func (o *CreateGiteaEndpointDefault) IsServerError() bool {
+	return o._statusCode/100 == 5
+}
+
+// IsCode returns true when this create gitea endpoint default response a status code equal to that given
+func (o *CreateGiteaEndpointDefault) IsCode(code int) bool {
+	return o._statusCode == code
+}
+
+// Code gets the status code for the create gitea endpoint default response
+func (o *CreateGiteaEndpointDefault) Code() int {
+	return o._statusCode
+}
+
+func (o *CreateGiteaEndpointDefault) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /gitea/endpoints][%d] CreateGiteaEndpoint default %s", o._statusCode, payload)
+}
+
+func (o *CreateGiteaEndpointDefault) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /gitea/endpoints][%d] CreateGiteaEndpoint default %s", o._statusCode, payload)
+}
+
+func (o *CreateGiteaEndpointDefault) GetPayload() apiserver_params.APIErrorResponse {
+	return o.Payload
+}
+
+func (o *CreateGiteaEndpointDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}

client/endpoints/create_github_endpoint_parameters.go

@@ -0,0 +1,151 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package endpoints
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// NewCreateGithubEndpointParams creates a new CreateGithubEndpointParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewCreateGithubEndpointParams() *CreateGithubEndpointParams {
+	return &CreateGithubEndpointParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewCreateGithubEndpointParamsWithTimeout creates a new CreateGithubEndpointParams object
+// with the ability to set a timeout on a request.
+func NewCreateGithubEndpointParamsWithTimeout(timeout time.Duration) *CreateGithubEndpointParams {
+	return &CreateGithubEndpointParams{
+		timeout: timeout,
+	}
+}
+
+// NewCreateGithubEndpointParamsWithContext creates a new CreateGithubEndpointParams object
+// with the ability to set a context for a request.
+func NewCreateGithubEndpointParamsWithContext(ctx context.Context) *CreateGithubEndpointParams {
+	return &CreateGithubEndpointParams{
+		Context: ctx,
+	}
+}
+
+// NewCreateGithubEndpointParamsWithHTTPClient creates a new CreateGithubEndpointParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewCreateGithubEndpointParamsWithHTTPClient(client *http.Client) *CreateGithubEndpointParams {
+	return &CreateGithubEndpointParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+CreateGithubEndpointParams contains all the parameters to send to the API endpoint
+
+	for the create github endpoint operation.
+
+	Typically these are written to a http.Request.
+*/
+type CreateGithubEndpointParams struct {
+
+	/* Body.
+
+	   Parameters used when creating a GitHub endpoint.
+	*/
+	Body garm_params.CreateGithubEndpointParams
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the create github endpoint params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *CreateGithubEndpointParams) WithDefaults() *CreateGithubEndpointParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the create github endpoint params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *CreateGithubEndpointParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the create github endpoint params
+func (o *CreateGithubEndpointParams) WithTimeout(timeout time.Duration) *CreateGithubEndpointParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the create github endpoint params
+func (o *CreateGithubEndpointParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the create github endpoint params
+func (o *CreateGithubEndpointParams) WithContext(ctx context.Context) *CreateGithubEndpointParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the create github endpoint params
+func (o *CreateGithubEndpointParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the create github endpoint params
+func (o *CreateGithubEndpointParams) WithHTTPClient(client *http.Client) *CreateGithubEndpointParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the create github endpoint params
+func (o *CreateGithubEndpointParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithBody adds the body to the create github endpoint params
+func (o *CreateGithubEndpointParams) WithBody(body garm_params.CreateGithubEndpointParams) *CreateGithubEndpointParams {
+	o.SetBody(body)
+	return o
+}
+
+// SetBody adds the body to the create github endpoint params
+func (o *CreateGithubEndpointParams) SetBody(body garm_params.CreateGithubEndpointParams) {
+	o.Body = body
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *CreateGithubEndpointParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+	if err := r.SetBodyParam(o.Body); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

client/endpoints/create_github_endpoint_responses.go

@@ -0,0 +1,184 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package endpoints
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+
+	apiserver_params "github.com/cloudbase/garm/apiserver/params"
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// CreateGithubEndpointReader is a Reader for the CreateGithubEndpoint structure.
+type CreateGithubEndpointReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *CreateGithubEndpointReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewCreateGithubEndpointOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	default:
+		result := NewCreateGithubEndpointDefault(response.Code())
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		if response.Code()/100 == 2 {
+			return result, nil
+		}
+		return nil, result
+	}
+}
+
+// NewCreateGithubEndpointOK creates a CreateGithubEndpointOK with default headers values
+func NewCreateGithubEndpointOK() *CreateGithubEndpointOK {
+	return &CreateGithubEndpointOK{}
+}
+
+/*
+CreateGithubEndpointOK describes a response with status code 200, with default header values.
+
+ForgeEndpoint
+*/
+type CreateGithubEndpointOK struct {
+	Payload garm_params.ForgeEndpoint
+}
+
+// IsSuccess returns true when this create github endpoint o k response has a 2xx status code
+func (o *CreateGithubEndpointOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this create github endpoint o k response has a 3xx status code
+func (o *CreateGithubEndpointOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this create github endpoint o k response has a 4xx status code
+func (o *CreateGithubEndpointOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this create github endpoint o k response has a 5xx status code
+func (o *CreateGithubEndpointOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this create github endpoint o k response a status code equal to that given
+func (o *CreateGithubEndpointOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the create github endpoint o k response
+func (o *CreateGithubEndpointOK) Code() int {
+	return 200
+}
+
+func (o *CreateGithubEndpointOK) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /github/endpoints][%d] createGithubEndpointOK %s", 200, payload)
+}
+
+func (o *CreateGithubEndpointOK) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /github/endpoints][%d] createGithubEndpointOK %s", 200, payload)
+}
+
+func (o *CreateGithubEndpointOK) GetPayload() garm_params.ForgeEndpoint {
+	return o.Payload
+}
+
+func (o *CreateGithubEndpointOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewCreateGithubEndpointDefault creates a CreateGithubEndpointDefault with default headers values
+func NewCreateGithubEndpointDefault(code int) *CreateGithubEndpointDefault {
+	return &CreateGithubEndpointDefault{
+		_statusCode: code,
+	}
+}
+
+/*
+CreateGithubEndpointDefault describes a response with status code -1, with default header values.
+
+APIErrorResponse
+*/
+type CreateGithubEndpointDefault struct {
+	_statusCode int
+
+	Payload apiserver_params.APIErrorResponse
+}
+
+// IsSuccess returns true when this create github endpoint default response has a 2xx status code
+func (o *CreateGithubEndpointDefault) IsSuccess() bool {
+	return o._statusCode/100 == 2
+}
+
+// IsRedirect returns true when this create github endpoint default response has a 3xx status code
+func (o *CreateGithubEndpointDefault) IsRedirect() bool {
+	return o._statusCode/100 == 3
+}
+
+// IsClientError returns true when this create github endpoint default response has a 4xx status code
+func (o *CreateGithubEndpointDefault) IsClientError() bool {
+	return o._statusCode/100 == 4
+}
+
+// IsServerError returns true when this create github endpoint default response has a 5xx status code
+func (o *CreateGithubEndpointDefault) IsServerError() bool {
+	return o._statusCode/100 == 5
+}
+
+// IsCode returns true when this create github endpoint default response a status code equal to that given
+func (o *CreateGithubEndpointDefault) IsCode(code int) bool {
+	return o._statusCode == code
+}
+
+// Code gets the status code for the create github endpoint default response
+func (o *CreateGithubEndpointDefault) Code() int {
+	return o._statusCode
+}
+
+func (o *CreateGithubEndpointDefault) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /github/endpoints][%d] CreateGithubEndpoint default %s", o._statusCode, payload)
+}
+
+func (o *CreateGithubEndpointDefault) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /github/endpoints][%d] CreateGithubEndpoint default %s", o._statusCode, payload)
+}
+
+func (o *CreateGithubEndpointDefault) GetPayload() apiserver_params.APIErrorResponse {
+	return o.Payload
+}
+
+func (o *CreateGithubEndpointDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}

client/endpoints/delete_gitea_endpoint_parameters.go

@@ -0,0 +1,151 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package endpoints
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewDeleteGiteaEndpointParams creates a new DeleteGiteaEndpointParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewDeleteGiteaEndpointParams() *DeleteGiteaEndpointParams {
+	return &DeleteGiteaEndpointParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewDeleteGiteaEndpointParamsWithTimeout creates a new DeleteGiteaEndpointParams object
+// with the ability to set a timeout on a request.
+func NewDeleteGiteaEndpointParamsWithTimeout(timeout time.Duration) *DeleteGiteaEndpointParams {
+	return &DeleteGiteaEndpointParams{
+		timeout: timeout,
+	}
+}
+
+// NewDeleteGiteaEndpointParamsWithContext creates a new DeleteGiteaEndpointParams object
+// with the ability to set a context for a request.
+func NewDeleteGiteaEndpointParamsWithContext(ctx context.Context) *DeleteGiteaEndpointParams {
+	return &DeleteGiteaEndpointParams{
+		Context: ctx,
+	}
+}
+
+// NewDeleteGiteaEndpointParamsWithHTTPClient creates a new DeleteGiteaEndpointParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewDeleteGiteaEndpointParamsWithHTTPClient(client *http.Client) *DeleteGiteaEndpointParams {
+	return &DeleteGiteaEndpointParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+DeleteGiteaEndpointParams contains all the parameters to send to the API endpoint
+
+	for the delete gitea endpoint operation.
+
+	Typically these are written to a http.Request.
+*/
+type DeleteGiteaEndpointParams struct {
+
+	/* Name.
+
+	   The name of the Gitea endpoint.
+	*/
+	Name string
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the delete gitea endpoint params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *DeleteGiteaEndpointParams) WithDefaults() *DeleteGiteaEndpointParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the delete gitea endpoint params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *DeleteGiteaEndpointParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the delete gitea endpoint params
+func (o *DeleteGiteaEndpointParams) WithTimeout(timeout time.Duration) *DeleteGiteaEndpointParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the delete gitea endpoint params
+func (o *DeleteGiteaEndpointParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the delete gitea endpoint params
+func (o *DeleteGiteaEndpointParams) WithContext(ctx context.Context) *DeleteGiteaEndpointParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the delete gitea endpoint params
+func (o *DeleteGiteaEndpointParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the delete gitea endpoint params
+func (o *DeleteGiteaEndpointParams) WithHTTPClient(client *http.Client) *DeleteGiteaEndpointParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the delete gitea endpoint params
+func (o *DeleteGiteaEndpointParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithName adds the name to the delete gitea endpoint params
+func (o *DeleteGiteaEndpointParams) WithName(name string) *DeleteGiteaEndpointParams {
+	o.SetName(name)
+	return o
+}
+
+// SetName adds the name to the delete gitea endpoint params
+func (o *DeleteGiteaEndpointParams) SetName(name string) {
+	o.Name = name
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *DeleteGiteaEndpointParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+
+	// path param name
+	if err := r.SetPathParam("name", o.Name); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

client/endpoints/delete_gitea_endpoint_responses.go

@@ -0,0 +1,106 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package endpoints
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+
+	apiserver_params "github.com/cloudbase/garm/apiserver/params"
+)
+
+// DeleteGiteaEndpointReader is a Reader for the DeleteGiteaEndpoint structure.
+type DeleteGiteaEndpointReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *DeleteGiteaEndpointReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	result := NewDeleteGiteaEndpointDefault(response.Code())
+	if err := result.readResponse(response, consumer, o.formats); err != nil {
+		return nil, err
+	}
+	if response.Code()/100 == 2 {
+		return result, nil
+	}
+	return nil, result
+}
+
+// NewDeleteGiteaEndpointDefault creates a DeleteGiteaEndpointDefault with default headers values
+func NewDeleteGiteaEndpointDefault(code int) *DeleteGiteaEndpointDefault {
+	return &DeleteGiteaEndpointDefault{
+		_statusCode: code,
+	}
+}
+
+/*
+DeleteGiteaEndpointDefault describes a response with status code -1, with default header values.
+
+APIErrorResponse
+*/
+type DeleteGiteaEndpointDefault struct {
+	_statusCode int
+
+	Payload apiserver_params.APIErrorResponse
+}
+
+// IsSuccess returns true when this delete gitea endpoint default response has a 2xx status code
+func (o *DeleteGiteaEndpointDefault) IsSuccess() bool {
+	return o._statusCode/100 == 2
+}
+
+// IsRedirect returns true when this delete gitea endpoint default response has a 3xx status code
+func (o *DeleteGiteaEndpointDefault) IsRedirect() bool {
+	return o._statusCode/100 == 3
+}
+
+// IsClientError returns true when this delete gitea endpoint default response has a 4xx status code
+func (o *DeleteGiteaEndpointDefault) IsClientError() bool {
+	return o._statusCode/100 == 4
+}
+
+// IsServerError returns true when this delete gitea endpoint default response has a 5xx status code
+func (o *DeleteGiteaEndpointDefault) IsServerError() bool {
+	return o._statusCode/100 == 5
+}
+
+// IsCode returns true when this delete gitea endpoint default response a status code equal to that given
+func (o *DeleteGiteaEndpointDefault) IsCode(code int) bool {
+	return o._statusCode == code
+}
+
+// Code gets the status code for the delete gitea endpoint default response
+func (o *DeleteGiteaEndpointDefault) Code() int {
+	return o._statusCode
+}
+
+func (o *DeleteGiteaEndpointDefault) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[DELETE /gitea/endpoints/{name}][%d] DeleteGiteaEndpoint default %s", o._statusCode, payload)
+}
+
+func (o *DeleteGiteaEndpointDefault) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[DELETE /gitea/endpoints/{name}][%d] DeleteGiteaEndpoint default %s", o._statusCode, payload)
+}
+
+func (o *DeleteGiteaEndpointDefault) GetPayload() apiserver_params.APIErrorResponse {
+	return o.Payload
+}
+
+func (o *DeleteGiteaEndpointDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}

client/endpoints/delete_github_endpoint_parameters.go

@@ -0,0 +1,151 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package endpoints
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewDeleteGithubEndpointParams creates a new DeleteGithubEndpointParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewDeleteGithubEndpointParams() *DeleteGithubEndpointParams {
+	return &DeleteGithubEndpointParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewDeleteGithubEndpointParamsWithTimeout creates a new DeleteGithubEndpointParams object
+// with the ability to set a timeout on a request.
+func NewDeleteGithubEndpointParamsWithTimeout(timeout time.Duration) *DeleteGithubEndpointParams {
+	return &DeleteGithubEndpointParams{
+		timeout: timeout,
+	}
+}
+
+// NewDeleteGithubEndpointParamsWithContext creates a new DeleteGithubEndpointParams object
+// with the ability to set a context for a request.
+func NewDeleteGithubEndpointParamsWithContext(ctx context.Context) *DeleteGithubEndpointParams {
+	return &DeleteGithubEndpointParams{
+		Context: ctx,
+	}
+}
+
+// NewDeleteGithubEndpointParamsWithHTTPClient creates a new DeleteGithubEndpointParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewDeleteGithubEndpointParamsWithHTTPClient(client *http.Client) *DeleteGithubEndpointParams {
+	return &DeleteGithubEndpointParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+DeleteGithubEndpointParams contains all the parameters to send to the API endpoint
+
+	for the delete github endpoint operation.
+
+	Typically these are written to a http.Request.
+*/
+type DeleteGithubEndpointParams struct {
+
+	/* Name.
+
+	   The name of the GitHub endpoint.
+	*/
+	Name string
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the delete github endpoint params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *DeleteGithubEndpointParams) WithDefaults() *DeleteGithubEndpointParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the delete github endpoint params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *DeleteGithubEndpointParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the delete github endpoint params
+func (o *DeleteGithubEndpointParams) WithTimeout(timeout time.Duration) *DeleteGithubEndpointParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the delete github endpoint params
+func (o *DeleteGithubEndpointParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the delete github endpoint params
+func (o *DeleteGithubEndpointParams) WithContext(ctx context.Context) *DeleteGithubEndpointParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the delete github endpoint params
+func (o *DeleteGithubEndpointParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the delete github endpoint params
+func (o *DeleteGithubEndpointParams) WithHTTPClient(client *http.Client) *DeleteGithubEndpointParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the delete github endpoint params
+func (o *DeleteGithubEndpointParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithName adds the name to the delete github endpoint params
+func (o *DeleteGithubEndpointParams) WithName(name string) *DeleteGithubEndpointParams {
+	o.SetName(name)
+	return o
+}
+
+// SetName adds the name to the delete github endpoint params
+func (o *DeleteGithubEndpointParams) SetName(name string) {
+	o.Name = name
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *DeleteGithubEndpointParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+
+	// path param name
+	if err := r.SetPathParam("name", o.Name); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

client/endpoints/delete_github_endpoint_responses.go

@@ -0,0 +1,106 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package endpoints
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+
+	apiserver_params "github.com/cloudbase/garm/apiserver/params"
+)
+
+// DeleteGithubEndpointReader is a Reader for the DeleteGithubEndpoint structure.
+type DeleteGithubEndpointReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *DeleteGithubEndpointReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	result := NewDeleteGithubEndpointDefault(response.Code())
+	if err := result.readResponse(response, consumer, o.formats); err != nil {
+		return nil, err
+	}
+	if response.Code()/100 == 2 {
+		return result, nil
+	}
+	return nil, result
+}
+
+// NewDeleteGithubEndpointDefault creates a DeleteGithubEndpointDefault with default headers values
+func NewDeleteGithubEndpointDefault(code int) *DeleteGithubEndpointDefault {
+	return &DeleteGithubEndpointDefault{
+		_statusCode: code,
+	}
+}
+
+/*
+DeleteGithubEndpointDefault describes a response with status code -1, with default header values.
+
+APIErrorResponse
+*/
+type DeleteGithubEndpointDefault struct {
+	_statusCode int
+
+	Payload apiserver_params.APIErrorResponse
+}
+
+// IsSuccess returns true when this delete github endpoint default response has a 2xx status code
+func (o *DeleteGithubEndpointDefault) IsSuccess() bool {
+	return o._statusCode/100 == 2
+}
+
+// IsRedirect returns true when this delete github endpoint default response has a 3xx status code
+func (o *DeleteGithubEndpointDefault) IsRedirect() bool {
+	return o._statusCode/100 == 3
+}
+
+// IsClientError returns true when this delete github endpoint default response has a 4xx status code
+func (o *DeleteGithubEndpointDefault) IsClientError() bool {
+	return o._statusCode/100 == 4
+}
+
+// IsServerError returns true when this delete github endpoint default response has a 5xx status code
+func (o *DeleteGithubEndpointDefault) IsServerError() bool {
+	return o._statusCode/100 == 5
+}
+
+// IsCode returns true when this delete github endpoint default response a status code equal to that given
+func (o *DeleteGithubEndpointDefault) IsCode(code int) bool {
+	return o._statusCode == code
+}
+
+// Code gets the status code for the delete github endpoint default response
+func (o *DeleteGithubEndpointDefault) Code() int {
+	return o._statusCode
+}
+
+func (o *DeleteGithubEndpointDefault) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[DELETE /github/endpoints/{name}][%d] DeleteGithubEndpoint default %s", o._statusCode, payload)
+}
+
+func (o *DeleteGithubEndpointDefault) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[DELETE /github/endpoints/{name}][%d] DeleteGithubEndpoint default %s", o._statusCode, payload)
+}
+
+func (o *DeleteGithubEndpointDefault) GetPayload() apiserver_params.APIErrorResponse {
+	return o.Payload
+}
+
+func (o *DeleteGithubEndpointDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}

client/endpoints/endpoints_client.go

@@ -0,0 +1,451 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package endpoints
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/runtime"
+	httptransport "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+)
+
+// New creates a new endpoints API client.
+func New(transport runtime.ClientTransport, formats strfmt.Registry) ClientService {
+	return &Client{transport: transport, formats: formats}
+}
+
+// New creates a new endpoints API client with basic auth credentials.
+// It takes the following parameters:
+// - host: http host (github.com).
+// - basePath: any base path for the API client ("/v1", "/v3").
+// - scheme: http scheme ("http", "https").
+// - user: user for basic authentication header.
+// - password: password for basic authentication header.
+func NewClientWithBasicAuth(host, basePath, scheme, user, password string) ClientService {
+	transport := httptransport.New(host, basePath, []string{scheme})
+	transport.DefaultAuthentication = httptransport.BasicAuth(user, password)
+	return &Client{transport: transport, formats: strfmt.Default}
+}
+
+// New creates a new endpoints API client with a bearer token for authentication.
+// It takes the following parameters:
+// - host: http host (github.com).
+// - basePath: any base path for the API client ("/v1", "/v3").
+// - scheme: http scheme ("http", "https").
+// - bearerToken: bearer token for Bearer authentication header.
+func NewClientWithBearerToken(host, basePath, scheme, bearerToken string) ClientService {
+	transport := httptransport.New(host, basePath, []string{scheme})
+	transport.DefaultAuthentication = httptransport.BearerToken(bearerToken)
+	return &Client{transport: transport, formats: strfmt.Default}
+}
+
+/*
+Client for endpoints API
+*/
+type Client struct {
+	transport runtime.ClientTransport
+	formats   strfmt.Registry
+}
+
+// ClientOption may be used to customize the behavior of Client methods.
+type ClientOption func(*runtime.ClientOperation)
+
+// ClientService is the interface for Client methods
+type ClientService interface {
+	CreateGiteaEndpoint(params *CreateGiteaEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateGiteaEndpointOK, error)
+
+	CreateGithubEndpoint(params *CreateGithubEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateGithubEndpointOK, error)
+
+	DeleteGiteaEndpoint(params *DeleteGiteaEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) error
+
+	DeleteGithubEndpoint(params *DeleteGithubEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) error
+
+	GetGiteaEndpoint(params *GetGiteaEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*GetGiteaEndpointOK, error)
+
+	GetGithubEndpoint(params *GetGithubEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*GetGithubEndpointOK, error)
+
+	ListGiteaEndpoints(params *ListGiteaEndpointsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListGiteaEndpointsOK, error)
+
+	ListGithubEndpoints(params *ListGithubEndpointsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListGithubEndpointsOK, error)
+
+	UpdateGiteaEndpoint(params *UpdateGiteaEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateGiteaEndpointOK, error)
+
+	UpdateGithubEndpoint(params *UpdateGithubEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateGithubEndpointOK, error)
+
+	SetTransport(transport runtime.ClientTransport)
+}
+
+/*
+CreateGiteaEndpoint creates a gitea endpoint
+*/
+func (a *Client) CreateGiteaEndpoint(params *CreateGiteaEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateGiteaEndpointOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewCreateGiteaEndpointParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "CreateGiteaEndpoint",
+		Method:             "POST",
+		PathPattern:        "/gitea/endpoints",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &CreateGiteaEndpointReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*CreateGiteaEndpointOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	unexpectedSuccess := result.(*CreateGiteaEndpointDefault)
+	return nil, runtime.NewAPIError("unexpected success response: content available as default response in error", unexpectedSuccess, unexpectedSuccess.Code())
+}
+
+/*
+CreateGithubEndpoint creates a git hub endpoint
+*/
+func (a *Client) CreateGithubEndpoint(params *CreateGithubEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateGithubEndpointOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewCreateGithubEndpointParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "CreateGithubEndpoint",
+		Method:             "POST",
+		PathPattern:        "/github/endpoints",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &CreateGithubEndpointReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*CreateGithubEndpointOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	unexpectedSuccess := result.(*CreateGithubEndpointDefault)
+	return nil, runtime.NewAPIError("unexpected success response: content available as default response in error", unexpectedSuccess, unexpectedSuccess.Code())
+}
+
+/*
+DeleteGiteaEndpoint deletes a gitea endpoint
+*/
+func (a *Client) DeleteGiteaEndpoint(params *DeleteGiteaEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) error {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewDeleteGiteaEndpointParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "DeleteGiteaEndpoint",
+		Method:             "DELETE",
+		PathPattern:        "/gitea/endpoints/{name}",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &DeleteGiteaEndpointReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	_, err := a.transport.Submit(op)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+/*
+DeleteGithubEndpoint deletes a git hub endpoint
+*/
+func (a *Client) DeleteGithubEndpoint(params *DeleteGithubEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) error {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewDeleteGithubEndpointParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "DeleteGithubEndpoint",
+		Method:             "DELETE",
+		PathPattern:        "/github/endpoints/{name}",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &DeleteGithubEndpointReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	_, err := a.transport.Submit(op)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+/*
+GetGiteaEndpoint gets a gitea endpoint
+*/
+func (a *Client) GetGiteaEndpoint(params *GetGiteaEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*GetGiteaEndpointOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewGetGiteaEndpointParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "GetGiteaEndpoint",
+		Method:             "GET",
+		PathPattern:        "/gitea/endpoints/{name}",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &GetGiteaEndpointReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*GetGiteaEndpointOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	unexpectedSuccess := result.(*GetGiteaEndpointDefault)
+	return nil, runtime.NewAPIError("unexpected success response: content available as default response in error", unexpectedSuccess, unexpectedSuccess.Code())
+}
+
+/*
+GetGithubEndpoint gets a git hub endpoint
+*/
+func (a *Client) GetGithubEndpoint(params *GetGithubEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*GetGithubEndpointOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewGetGithubEndpointParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "GetGithubEndpoint",
+		Method:             "GET",
+		PathPattern:        "/github/endpoints/{name}",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &GetGithubEndpointReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*GetGithubEndpointOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	unexpectedSuccess := result.(*GetGithubEndpointDefault)
+	return nil, runtime.NewAPIError("unexpected success response: content available as default response in error", unexpectedSuccess, unexpectedSuccess.Code())
+}
+
+/*
+ListGiteaEndpoints lists all gitea endpoints
+*/
+func (a *Client) ListGiteaEndpoints(params *ListGiteaEndpointsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListGiteaEndpointsOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewListGiteaEndpointsParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "ListGiteaEndpoints",
+		Method:             "GET",
+		PathPattern:        "/gitea/endpoints",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &ListGiteaEndpointsReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*ListGiteaEndpointsOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	unexpectedSuccess := result.(*ListGiteaEndpointsDefault)
+	return nil, runtime.NewAPIError("unexpected success response: content available as default response in error", unexpectedSuccess, unexpectedSuccess.Code())
+}
+
+/*
+ListGithubEndpoints lists all git hub endpoints
+*/
+func (a *Client) ListGithubEndpoints(params *ListGithubEndpointsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListGithubEndpointsOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewListGithubEndpointsParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "ListGithubEndpoints",
+		Method:             "GET",
+		PathPattern:        "/github/endpoints",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &ListGithubEndpointsReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*ListGithubEndpointsOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	unexpectedSuccess := result.(*ListGithubEndpointsDefault)
+	return nil, runtime.NewAPIError("unexpected success response: content available as default response in error", unexpectedSuccess, unexpectedSuccess.Code())
+}
+
+/*
+UpdateGiteaEndpoint updates a gitea endpoint
+*/
+func (a *Client) UpdateGiteaEndpoint(params *UpdateGiteaEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateGiteaEndpointOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewUpdateGiteaEndpointParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "UpdateGiteaEndpoint",
+		Method:             "PUT",
+		PathPattern:        "/gitea/endpoints/{name}",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &UpdateGiteaEndpointReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*UpdateGiteaEndpointOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	unexpectedSuccess := result.(*UpdateGiteaEndpointDefault)
+	return nil, runtime.NewAPIError("unexpected success response: content available as default response in error", unexpectedSuccess, unexpectedSuccess.Code())
+}
+
+/*
+UpdateGithubEndpoint updates a git hub endpoint
+*/
+func (a *Client) UpdateGithubEndpoint(params *UpdateGithubEndpointParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateGithubEndpointOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewUpdateGithubEndpointParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "UpdateGithubEndpoint",
+		Method:             "PUT",
+		PathPattern:        "/github/endpoints/{name}",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &UpdateGithubEndpointReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*UpdateGithubEndpointOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	unexpectedSuccess := result.(*UpdateGithubEndpointDefault)
+	return nil, runtime.NewAPIError("unexpected success response: content available as default response in error", unexpectedSuccess, unexpectedSuccess.Code())
+}
+
+// SetTransport changes the transport on the client
+func (a *Client) SetTransport(transport runtime.ClientTransport) {
+	a.transport = transport
+}

client/endpoints/get_gitea_endpoint_parameters.go

@@ -0,0 +1,151 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package endpoints
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewGetGiteaEndpointParams creates a new GetGiteaEndpointParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewGetGiteaEndpointParams() *GetGiteaEndpointParams {
+	return &GetGiteaEndpointParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewGetGiteaEndpointParamsWithTimeout creates a new GetGiteaEndpointParams object
+// with the ability to set a timeout on a request.
+func NewGetGiteaEndpointParamsWithTimeout(timeout time.Duration) *GetGiteaEndpointParams {
+	return &GetGiteaEndpointParams{
+		timeout: timeout,
+	}
+}
+
+// NewGetGiteaEndpointParamsWithContext creates a new GetGiteaEndpointParams object
+// with the ability to set a context for a request.
+func NewGetGiteaEndpointParamsWithContext(ctx context.Context) *GetGiteaEndpointParams {
+	return &GetGiteaEndpointParams{
+		Context: ctx,
+	}
+}
+
+// NewGetGiteaEndpointParamsWithHTTPClient creates a new GetGiteaEndpointParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewGetGiteaEndpointParamsWithHTTPClient(client *http.Client) *GetGiteaEndpointParams {
+	return &GetGiteaEndpointParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+GetGiteaEndpointParams contains all the parameters to send to the API endpoint
+
+	for the get gitea endpoint operation.
+
+	Typically these are written to a http.Request.
+*/
+type GetGiteaEndpointParams struct {
+
+	/* Name.
+
+	   The name of the Gitea endpoint.
+	*/
+	Name string
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the get gitea endpoint params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *GetGiteaEndpointParams) WithDefaults() *GetGiteaEndpointParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the get gitea endpoint params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *GetGiteaEndpointParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the get gitea endpoint params
+func (o *GetGiteaEndpointParams) WithTimeout(timeout time.Duration) *GetGiteaEndpointParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the get gitea endpoint params
+func (o *GetGiteaEndpointParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the get gitea endpoint params
+func (o *GetGiteaEndpointParams) WithContext(ctx context.Context) *GetGiteaEndpointParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the get gitea endpoint params
+func (o *GetGiteaEndpointParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the get gitea endpoint params
+func (o *GetGiteaEndpointParams) WithHTTPClient(client *http.Client) *GetGiteaEndpointParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the get gitea endpoint params
+func (o *GetGiteaEndpointParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithName adds the name to the get gitea endpoint params
+func (o *GetGiteaEndpointParams) WithName(name string) *GetGiteaEndpointParams {
+	o.SetName(name)
+	return o
+}
+
+// SetName adds the name to the get gitea endpoint params
+func (o *GetGiteaEndpointParams) SetName(name string) {
+	o.Name = name
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *GetGiteaEndpointParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+
+	// path param name
+	if err := r.SetPathParam("name", o.Name); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

client/endpoints/get_gitea_endpoint_responses.go

@@ -0,0 +1,184 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package endpoints
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+
+	apiserver_params "github.com/cloudbase/garm/apiserver/params"
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// GetGiteaEndpointReader is a Reader for the GetGiteaEndpoint structure.
+type GetGiteaEndpointReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *GetGiteaEndpointReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewGetGiteaEndpointOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	default:
+		result := NewGetGiteaEndpointDefault(response.Code())
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		if response.Code()/100 == 2 {
+			return result, nil
+		}
+		return nil, result
+	}
+}
+
+// NewGetGiteaEndpointOK creates a GetGiteaEndpointOK with default headers values
+func NewGetGiteaEndpointOK() *GetGiteaEndpointOK {
+	return &GetGiteaEndpointOK{}
+}
+
+/*
+GetGiteaEndpointOK describes a response with status code 200, with default header values.
+
+ForgeEndpoint
+*/
+type GetGiteaEndpointOK struct {
+	Payload garm_params.ForgeEndpoint
+}
+
+// IsSuccess returns true when this get gitea endpoint o k response has a 2xx status code
+func (o *GetGiteaEndpointOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this get gitea endpoint o k response has a 3xx status code
+func (o *GetGiteaEndpointOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this get gitea endpoint o k response has a 4xx status code
+func (o *GetGiteaEndpointOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this get gitea endpoint o k response has a 5xx status code
+func (o *GetGiteaEndpointOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this get gitea endpoint o k response a status code equal to that given
+func (o *GetGiteaEndpointOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the get gitea endpoint o k response
+func (o *GetGiteaEndpointOK) Code() int {
+	return 200
+}
+
+func (o *GetGiteaEndpointOK) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /gitea/endpoints/{name}][%d] getGiteaEndpointOK %s", 200, payload)
+}
+
+func (o *GetGiteaEndpointOK) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /gitea/endpoints/{name}][%d] getGiteaEndpointOK %s", 200, payload)
+}
+
+func (o *GetGiteaEndpointOK) GetPayload() garm_params.ForgeEndpoint {
+	return o.Payload
+}
+
+func (o *GetGiteaEndpointOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewGetGiteaEndpointDefault creates a GetGiteaEndpointDefault with default headers values
+func NewGetGiteaEndpointDefault(code int) *GetGiteaEndpointDefault {
+	return &GetGiteaEndpointDefault{
+		_statusCode: code,
+	}
+}
+
+/*
+GetGiteaEndpointDefault describes a response with status code -1, with default header values.
+
+APIErrorResponse
+*/
+type GetGiteaEndpointDefault struct {
+	_statusCode int
+
+	Payload apiserver_params.APIErrorResponse
+}
+
+// IsSuccess returns true when this get gitea endpoint default response has a 2xx status code
+func (o *GetGiteaEndpointDefault) IsSuccess() bool {
+	return o._statusCode/100 == 2
+}
+
+// IsRedirect returns true when this get gitea endpoint default response has a 3xx status code
+func (o *GetGiteaEndpointDefault) IsRedirect() bool {
+	return o._statusCode/100 == 3
+}
+
+// IsClientError returns true when this get gitea endpoint default response has a 4xx status code
+func (o *GetGiteaEndpointDefault) IsClientError() bool {
+	return o._statusCode/100 == 4
+}
+
+// IsServerError returns true when this get gitea endpoint default response has a 5xx status code
+func (o *GetGiteaEndpointDefault) IsServerError() bool {
+	return o._statusCode/100 == 5
+}
+
+// IsCode returns true when this get gitea endpoint default response a status code equal to that given
+func (o *GetGiteaEndpointDefault) IsCode(code int) bool {
+	return o._statusCode == code
+}
+
+// Code gets the status code for the get gitea endpoint default response
+func (o *GetGiteaEndpointDefault) Code() int {
+	return o._statusCode
+}
+
+func (o *GetGiteaEndpointDefault) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /gitea/endpoints/{name}][%d] GetGiteaEndpoint default %s", o._statusCode, payload)
+}
+
+func (o *GetGiteaEndpointDefault) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /gitea/endpoints/{name}][%d] GetGiteaEndpoint default %s", o._statusCode, payload)
+}
+
+func (o *GetGiteaEndpointDefault) GetPayload() apiserver_params.APIErrorResponse {
+	return o.Payload
+}
+
+func (o *GetGiteaEndpointDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}

client/endpoints/get_github_endpoint_parameters.go

@@ -0,0 +1,151 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package endpoints
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewGetGithubEndpointParams creates a new GetGithubEndpointParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewGetGithubEndpointParams() *GetGithubEndpointParams {
+	return &GetGithubEndpointParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewGetGithubEndpointParamsWithTimeout creates a new GetGithubEndpointParams object
+// with the ability to set a timeout on a request.
+func NewGetGithubEndpointParamsWithTimeout(timeout time.Duration) *GetGithubEndpointParams {
+	return &GetGithubEndpointParams{
+		timeout: timeout,
+	}
+}
+
+// NewGetGithubEndpointParamsWithContext creates a new GetGithubEndpointParams object
+// with the ability to set a context for a request.
+func NewGetGithubEndpointParamsWithContext(ctx context.Context) *GetGithubEndpointParams {
+	return &GetGithubEndpointParams{
+		Context: ctx,
+	}
+}
+
+// NewGetGithubEndpointParamsWithHTTPClient creates a new GetGithubEndpointParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewGetGithubEndpointParamsWithHTTPClient(client *http.Client) *GetGithubEndpointParams {
+	return &GetGithubEndpointParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+GetGithubEndpointParams contains all the parameters to send to the API endpoint
+
+	for the get github endpoint operation.
+
+	Typically these are written to a http.Request.
+*/
+type GetGithubEndpointParams struct {
+
+	/* Name.
+
+	   The name of the GitHub endpoint.
+	*/
+	Name string
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the get github endpoint params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *GetGithubEndpointParams) WithDefaults() *GetGithubEndpointParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the get github endpoint params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *GetGithubEndpointParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the get github endpoint params
+func (o *GetGithubEndpointParams) WithTimeout(timeout time.Duration) *GetGithubEndpointParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the get github endpoint params
+func (o *GetGithubEndpointParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the get github endpoint params
+func (o *GetGithubEndpointParams) WithContext(ctx context.Context) *GetGithubEndpointParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the get github endpoint params
+func (o *GetGithubEndpointParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the get github endpoint params
+func (o *GetGithubEndpointParams) WithHTTPClient(client *http.Client) *GetGithubEndpointParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the get github endpoint params
+func (o *GetGithubEndpointParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithName adds the name to the get github endpoint params
+func (o *GetGithubEndpointParams) WithName(name string) *GetGithubEndpointParams {
+	o.SetName(name)
+	return o
+}
+
+// SetName adds the name to the get github endpoint params
+func (o *GetGithubEndpointParams) SetName(name string) {
+	o.Name = name
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *GetGithubEndpointParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+
+	// path param name
+	if err := r.SetPathParam("name", o.Name); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

client/endpoints/get_github_endpoint_responses.go

@@ -0,0 +1,184 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package endpoints
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+
+	apiserver_params "github.com/cloudbase/garm/apiserver/params"
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// GetGithubEndpointReader is a Reader for the GetGithubEndpoint structure.
+type GetGithubEndpointReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *GetGithubEndpointReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewGetGithubEndpointOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	default:
+		result := NewGetGithubEndpointDefault(response.Code())
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		if response.Code()/100 == 2 {
+			return result, nil
+		}
+		return nil, result
+	}
+}
+
+// NewGetGithubEndpointOK creates a GetGithubEndpointOK with default headers values
+func NewGetGithubEndpointOK() *GetGithubEndpointOK {
+	return &GetGithubEndpointOK{}
+}
+
+/*
+GetGithubEndpointOK describes a response with status code 200, with default header values.
+
+ForgeEndpoint
+*/
+type GetGithubEndpointOK struct {
+	Payload garm_params.ForgeEndpoint
+}
+
+// IsSuccess returns true when this get github endpoint o k response has a 2xx status code
+func (o *GetGithubEndpointOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this get github endpoint o k response has a 3xx status code
+func (o *GetGithubEndpointOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this get github endpoint o k response has a 4xx status code
+func (o *GetGithubEndpointOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this get github endpoint o k response has a 5xx status code
+func (o *GetGithubEndpointOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this get github endpoint o k response a status code equal to that given
+func (o *GetGithubEndpointOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the get github endpoint o k response
+func (o *GetGithubEndpointOK) Code() int {
+	return 200
+}
+
+func (o *GetGithubEndpointOK) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /github/endpoints/{name}][%d] getGithubEndpointOK %s", 200, payload)
+}
+
+func (o *GetGithubEndpointOK) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /github/endpoints/{name}][%d] getGithubEndpointOK %s", 200, payload)
+}
+
+func (o *GetGithubEndpointOK) GetPayload() garm_params.ForgeEndpoint {
+	return o.Payload
+}
+
+func (o *GetGithubEndpointOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewGetGithubEndpointDefault creates a GetGithubEndpointDefault with default headers values
+func NewGetGithubEndpointDefault(code int) *GetGithubEndpointDefault {
+	return &GetGithubEndpointDefault{
+		_statusCode: code,
+	}
+}
+
+/*
+GetGithubEndpointDefault describes a response with status code -1, with default header values.
+
+APIErrorResponse
+*/
+type GetGithubEndpointDefault struct {
+	_statusCode int
+
+	Payload apiserver_params.APIErrorResponse
+}
+
+// IsSuccess returns true when this get github endpoint default response has a 2xx status code
+func (o *GetGithubEndpointDefault) IsSuccess() bool {
+	return o._statusCode/100 == 2
+}
+
+// IsRedirect returns true when this get github endpoint default response has a 3xx status code
+func (o *GetGithubEndpointDefault) IsRedirect() bool {
+	return o._statusCode/100 == 3
+}
+
+// IsClientError returns true when this get github endpoint default response has a 4xx status code
+func (o *GetGithubEndpointDefault) IsClientError() bool {
+	return o._statusCode/100 == 4
+}
+
+// IsServerError returns true when this get github endpoint default response has a 5xx status code
+func (o *GetGithubEndpointDefault) IsServerError() bool {
+	return o._statusCode/100 == 5
+}
+
+// IsCode returns true when this get github endpoint default response a status code equal to that given
+func (o *GetGithubEndpointDefault) IsCode(code int) bool {
+	return o._statusCode == code
+}
+
+// Code gets the status code for the get github endpoint default response
+func (o *GetGithubEndpointDefault) Code() int {
+	return o._statusCode
+}
+
+func (o *GetGithubEndpointDefault) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /github/endpoints/{name}][%d] GetGithubEndpoint default %s", o._statusCode, payload)
+}
+
+func (o *GetGithubEndpointDefault) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /github/endpoints/{name}][%d] GetGithubEndpoint default %s", o._statusCode, payload)
+}
+
+func (o *GetGithubEndpointDefault) GetPayload() apiserver_params.APIErrorResponse {
+	return o.Payload
+}
+
+func (o *GetGithubEndpointDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}

client/endpoints/list_gitea_endpoints_parameters.go

@@ -0,0 +1,128 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package endpoints
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewListGiteaEndpointsParams creates a new ListGiteaEndpointsParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewListGiteaEndpointsParams() *ListGiteaEndpointsParams {
+	return &ListGiteaEndpointsParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewListGiteaEndpointsParamsWithTimeout creates a new ListGiteaEndpointsParams object
+// with the ability to set a timeout on a request.
+func NewListGiteaEndpointsParamsWithTimeout(timeout time.Duration) *ListGiteaEndpointsParams {
+	return &ListGiteaEndpointsParams{
+		timeout: timeout,
+	}
+}
+
+// NewListGiteaEndpointsParamsWithContext creates a new ListGiteaEndpointsParams object
+// with the ability to set a context for a request.
+func NewListGiteaEndpointsParamsWithContext(ctx context.Context) *ListGiteaEndpointsParams {
+	return &ListGiteaEndpointsParams{
+		Context: ctx,
+	}
+}
+
+// NewListGiteaEndpointsParamsWithHTTPClient creates a new ListGiteaEndpointsParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewListGiteaEndpointsParamsWithHTTPClient(client *http.Client) *ListGiteaEndpointsParams {
+	return &ListGiteaEndpointsParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+ListGiteaEndpointsParams contains all the parameters to send to the API endpoint
+
+	for the list gitea endpoints operation.
+
+	Typically these are written to a http.Request.
+*/
+type ListGiteaEndpointsParams struct {
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the list gitea endpoints params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *ListGiteaEndpointsParams) WithDefaults() *ListGiteaEndpointsParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the list gitea endpoints params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *ListGiteaEndpointsParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the list gitea endpoints params
+func (o *ListGiteaEndpointsParams) WithTimeout(timeout time.Duration) *ListGiteaEndpointsParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the list gitea endpoints params
+func (o *ListGiteaEndpointsParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the list gitea endpoints params
+func (o *ListGiteaEndpointsParams) WithContext(ctx context.Context) *ListGiteaEndpointsParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the list gitea endpoints params
+func (o *ListGiteaEndpointsParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the list gitea endpoints params
+func (o *ListGiteaEndpointsParams) WithHTTPClient(client *http.Client) *ListGiteaEndpointsParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the list gitea endpoints params
+func (o *ListGiteaEndpointsParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *ListGiteaEndpointsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

client/endpoints/list_gitea_endpoints_responses.go

@@ -0,0 +1,184 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package endpoints
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+
+	apiserver_params "github.com/cloudbase/garm/apiserver/params"
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// ListGiteaEndpointsReader is a Reader for the ListGiteaEndpoints structure.
+type ListGiteaEndpointsReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *ListGiteaEndpointsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewListGiteaEndpointsOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	default:
+		result := NewListGiteaEndpointsDefault(response.Code())
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		if response.Code()/100 == 2 {
+			return result, nil
+		}
+		return nil, result
+	}
+}
+
+// NewListGiteaEndpointsOK creates a ListGiteaEndpointsOK with default headers values
+func NewListGiteaEndpointsOK() *ListGiteaEndpointsOK {
+	return &ListGiteaEndpointsOK{}
+}
+
+/*
+ListGiteaEndpointsOK describes a response with status code 200, with default header values.
+
+ForgeEndpoints
+*/
+type ListGiteaEndpointsOK struct {
+	Payload garm_params.ForgeEndpoints
+}
+
+// IsSuccess returns true when this list gitea endpoints o k response has a 2xx status code
+func (o *ListGiteaEndpointsOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this list gitea endpoints o k response has a 3xx status code
+func (o *ListGiteaEndpointsOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this list gitea endpoints o k response has a 4xx status code
+func (o *ListGiteaEndpointsOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this list gitea endpoints o k response has a 5xx status code
+func (o *ListGiteaEndpointsOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this list gitea endpoints o k response a status code equal to that given
+func (o *ListGiteaEndpointsOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the list gitea endpoints o k response
+func (o *ListGiteaEndpointsOK) Code() int {
+	return 200
+}
+
+func (o *ListGiteaEndpointsOK) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /gitea/endpoints][%d] listGiteaEndpointsOK %s", 200, payload)
+}
+
+func (o *ListGiteaEndpointsOK) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /gitea/endpoints][%d] listGiteaEndpointsOK %s", 200, payload)
+}
+
+func (o *ListGiteaEndpointsOK) GetPayload() garm_params.ForgeEndpoints {
+	return o.Payload
+}
+
+func (o *ListGiteaEndpointsOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewListGiteaEndpointsDefault creates a ListGiteaEndpointsDefault with default headers values
+func NewListGiteaEndpointsDefault(code int) *ListGiteaEndpointsDefault {
+	return &ListGiteaEndpointsDefault{
+		_statusCode: code,
+	}
+}
+
+/*
+ListGiteaEndpointsDefault describes a response with status code -1, with default header values.
+
+APIErrorResponse
+*/
+type ListGiteaEndpointsDefault struct {
+	_statusCode int
+
+	Payload apiserver_params.APIErrorResponse
+}
+
+// IsSuccess returns true when this list gitea endpoints default response has a 2xx status code
+func (o *ListGiteaEndpointsDefault) IsSuccess() bool {
+	return o._statusCode/100 == 2
+}
+
+// IsRedirect returns true when this list gitea endpoints default response has a 3xx status code
+func (o *ListGiteaEndpointsDefault) IsRedirect() bool {
+	return o._statusCode/100 == 3
+}
+
+// IsClientError returns true when this list gitea endpoints default response has a 4xx status code
+func (o *ListGiteaEndpointsDefault) IsClientError() bool {
+	return o._statusCode/100 == 4
+}
+
+// IsServerError returns true when this list gitea endpoints default response has a 5xx status code
+func (o *ListGiteaEndpointsDefault) IsServerError() bool {
+	return o._statusCode/100 == 5
+}
+
+// IsCode returns true when this list gitea endpoints default response a status code equal to that given
+func (o *ListGiteaEndpointsDefault) IsCode(code int) bool {
+	return o._statusCode == code
+}
+
+// Code gets the status code for the list gitea endpoints default response
+func (o *ListGiteaEndpointsDefault) Code() int {
+	return o._statusCode
+}
+
+func (o *ListGiteaEndpointsDefault) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /gitea/endpoints][%d] ListGiteaEndpoints default %s", o._statusCode, payload)
+}
+
+func (o *ListGiteaEndpointsDefault) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /gitea/endpoints][%d] ListGiteaEndpoints default %s", o._statusCode, payload)
+}
+
+func (o *ListGiteaEndpointsDefault) GetPayload() apiserver_params.APIErrorResponse {
+	return o.Payload
+}
+
+func (o *ListGiteaEndpointsDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}

client/endpoints/list_github_endpoints_parameters.go

@@ -0,0 +1,128 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package endpoints
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewListGithubEndpointsParams creates a new ListGithubEndpointsParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewListGithubEndpointsParams() *ListGithubEndpointsParams {
+	return &ListGithubEndpointsParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewListGithubEndpointsParamsWithTimeout creates a new ListGithubEndpointsParams object
+// with the ability to set a timeout on a request.
+func NewListGithubEndpointsParamsWithTimeout(timeout time.Duration) *ListGithubEndpointsParams {
+	return &ListGithubEndpointsParams{
+		timeout: timeout,
+	}
+}
+
+// NewListGithubEndpointsParamsWithContext creates a new ListGithubEndpointsParams object
+// with the ability to set a context for a request.
+func NewListGithubEndpointsParamsWithContext(ctx context.Context) *ListGithubEndpointsParams {
+	return &ListGithubEndpointsParams{
+		Context: ctx,
+	}
+}
+
+// NewListGithubEndpointsParamsWithHTTPClient creates a new ListGithubEndpointsParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewListGithubEndpointsParamsWithHTTPClient(client *http.Client) *ListGithubEndpointsParams {
+	return &ListGithubEndpointsParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+ListGithubEndpointsParams contains all the parameters to send to the API endpoint
+
+	for the list github endpoints operation.
+
+	Typically these are written to a http.Request.
+*/
+type ListGithubEndpointsParams struct {
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the list github endpoints params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *ListGithubEndpointsParams) WithDefaults() *ListGithubEndpointsParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the list github endpoints params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *ListGithubEndpointsParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the list github endpoints params
+func (o *ListGithubEndpointsParams) WithTimeout(timeout time.Duration) *ListGithubEndpointsParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the list github endpoints params
+func (o *ListGithubEndpointsParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the list github endpoints params
+func (o *ListGithubEndpointsParams) WithContext(ctx context.Context) *ListGithubEndpointsParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the list github endpoints params
+func (o *ListGithubEndpointsParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the list github endpoints params
+func (o *ListGithubEndpointsParams) WithHTTPClient(client *http.Client) *ListGithubEndpointsParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the list github endpoints params
+func (o *ListGithubEndpointsParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *ListGithubEndpointsParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

client/endpoints/list_github_endpoints_responses.go

@@ -0,0 +1,184 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package endpoints
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+
+	apiserver_params "github.com/cloudbase/garm/apiserver/params"
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// ListGithubEndpointsReader is a Reader for the ListGithubEndpoints structure.
+type ListGithubEndpointsReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *ListGithubEndpointsReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewListGithubEndpointsOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	default:
+		result := NewListGithubEndpointsDefault(response.Code())
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		if response.Code()/100 == 2 {
+			return result, nil
+		}
+		return nil, result
+	}
+}
+
+// NewListGithubEndpointsOK creates a ListGithubEndpointsOK with default headers values
+func NewListGithubEndpointsOK() *ListGithubEndpointsOK {
+	return &ListGithubEndpointsOK{}
+}
+
+/*
+ListGithubEndpointsOK describes a response with status code 200, with default header values.
+
+ForgeEndpoints
+*/
+type ListGithubEndpointsOK struct {
+	Payload garm_params.ForgeEndpoints
+}
+
+// IsSuccess returns true when this list github endpoints o k response has a 2xx status code
+func (o *ListGithubEndpointsOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this list github endpoints o k response has a 3xx status code
+func (o *ListGithubEndpointsOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this list github endpoints o k response has a 4xx status code
+func (o *ListGithubEndpointsOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this list github endpoints o k response has a 5xx status code
+func (o *ListGithubEndpointsOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this list github endpoints o k response a status code equal to that given
+func (o *ListGithubEndpointsOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the list github endpoints o k response
+func (o *ListGithubEndpointsOK) Code() int {
+	return 200
+}
+
+func (o *ListGithubEndpointsOK) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /github/endpoints][%d] listGithubEndpointsOK %s", 200, payload)
+}
+
+func (o *ListGithubEndpointsOK) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /github/endpoints][%d] listGithubEndpointsOK %s", 200, payload)
+}
+
+func (o *ListGithubEndpointsOK) GetPayload() garm_params.ForgeEndpoints {
+	return o.Payload
+}
+
+func (o *ListGithubEndpointsOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewListGithubEndpointsDefault creates a ListGithubEndpointsDefault with default headers values
+func NewListGithubEndpointsDefault(code int) *ListGithubEndpointsDefault {
+	return &ListGithubEndpointsDefault{
+		_statusCode: code,
+	}
+}
+
+/*
+ListGithubEndpointsDefault describes a response with status code -1, with default header values.
+
+APIErrorResponse
+*/
+type ListGithubEndpointsDefault struct {
+	_statusCode int
+
+	Payload apiserver_params.APIErrorResponse
+}
+
+// IsSuccess returns true when this list github endpoints default response has a 2xx status code
+func (o *ListGithubEndpointsDefault) IsSuccess() bool {
+	return o._statusCode/100 == 2
+}
+
+// IsRedirect returns true when this list github endpoints default response has a 3xx status code
+func (o *ListGithubEndpointsDefault) IsRedirect() bool {
+	return o._statusCode/100 == 3
+}
+
+// IsClientError returns true when this list github endpoints default response has a 4xx status code
+func (o *ListGithubEndpointsDefault) IsClientError() bool {
+	return o._statusCode/100 == 4
+}
+
+// IsServerError returns true when this list github endpoints default response has a 5xx status code
+func (o *ListGithubEndpointsDefault) IsServerError() bool {
+	return o._statusCode/100 == 5
+}
+
+// IsCode returns true when this list github endpoints default response a status code equal to that given
+func (o *ListGithubEndpointsDefault) IsCode(code int) bool {
+	return o._statusCode == code
+}
+
+// Code gets the status code for the list github endpoints default response
+func (o *ListGithubEndpointsDefault) Code() int {
+	return o._statusCode
+}
+
+func (o *ListGithubEndpointsDefault) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /github/endpoints][%d] ListGithubEndpoints default %s", o._statusCode, payload)
+}
+
+func (o *ListGithubEndpointsDefault) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /github/endpoints][%d] ListGithubEndpoints default %s", o._statusCode, payload)
+}
+
+func (o *ListGithubEndpointsDefault) GetPayload() apiserver_params.APIErrorResponse {
+	return o.Payload
+}
+
+func (o *ListGithubEndpointsDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}

client/endpoints/update_gitea_endpoint_parameters.go

@@ -0,0 +1,173 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package endpoints
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// NewUpdateGiteaEndpointParams creates a new UpdateGiteaEndpointParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewUpdateGiteaEndpointParams() *UpdateGiteaEndpointParams {
+	return &UpdateGiteaEndpointParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewUpdateGiteaEndpointParamsWithTimeout creates a new UpdateGiteaEndpointParams object
+// with the ability to set a timeout on a request.
+func NewUpdateGiteaEndpointParamsWithTimeout(timeout time.Duration) *UpdateGiteaEndpointParams {
+	return &UpdateGiteaEndpointParams{
+		timeout: timeout,
+	}
+}
+
+// NewUpdateGiteaEndpointParamsWithContext creates a new UpdateGiteaEndpointParams object
+// with the ability to set a context for a request.
+func NewUpdateGiteaEndpointParamsWithContext(ctx context.Context) *UpdateGiteaEndpointParams {
+	return &UpdateGiteaEndpointParams{
+		Context: ctx,
+	}
+}
+
+// NewUpdateGiteaEndpointParamsWithHTTPClient creates a new UpdateGiteaEndpointParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewUpdateGiteaEndpointParamsWithHTTPClient(client *http.Client) *UpdateGiteaEndpointParams {
+	return &UpdateGiteaEndpointParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+UpdateGiteaEndpointParams contains all the parameters to send to the API endpoint
+
+	for the update gitea endpoint operation.
+
+	Typically these are written to a http.Request.
+*/
+type UpdateGiteaEndpointParams struct {
+
+	/* Body.
+
+	   Parameters used when updating a Gitea endpoint.
+	*/
+	Body garm_params.UpdateGiteaEndpointParams
+
+	/* Name.
+
+	   The name of the Gitea endpoint.
+	*/
+	Name string
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the update gitea endpoint params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *UpdateGiteaEndpointParams) WithDefaults() *UpdateGiteaEndpointParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the update gitea endpoint params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *UpdateGiteaEndpointParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the update gitea endpoint params
+func (o *UpdateGiteaEndpointParams) WithTimeout(timeout time.Duration) *UpdateGiteaEndpointParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the update gitea endpoint params
+func (o *UpdateGiteaEndpointParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the update gitea endpoint params
+func (o *UpdateGiteaEndpointParams) WithContext(ctx context.Context) *UpdateGiteaEndpointParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the update gitea endpoint params
+func (o *UpdateGiteaEndpointParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the update gitea endpoint params
+func (o *UpdateGiteaEndpointParams) WithHTTPClient(client *http.Client) *UpdateGiteaEndpointParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the update gitea endpoint params
+func (o *UpdateGiteaEndpointParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithBody adds the body to the update gitea endpoint params
+func (o *UpdateGiteaEndpointParams) WithBody(body garm_params.UpdateGiteaEndpointParams) *UpdateGiteaEndpointParams {
+	o.SetBody(body)
+	return o
+}
+
+// SetBody adds the body to the update gitea endpoint params
+func (o *UpdateGiteaEndpointParams) SetBody(body garm_params.UpdateGiteaEndpointParams) {
+	o.Body = body
+}
+
+// WithName adds the name to the update gitea endpoint params
+func (o *UpdateGiteaEndpointParams) WithName(name string) *UpdateGiteaEndpointParams {
+	o.SetName(name)
+	return o
+}
+
+// SetName adds the name to the update gitea endpoint params
+func (o *UpdateGiteaEndpointParams) SetName(name string) {
+	o.Name = name
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *UpdateGiteaEndpointParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+	if err := r.SetBodyParam(o.Body); err != nil {
+		return err
+	}
+
+	// path param name
+	if err := r.SetPathParam("name", o.Name); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

client/endpoints/update_gitea_endpoint_responses.go

@@ -0,0 +1,184 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package endpoints
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+
+	apiserver_params "github.com/cloudbase/garm/apiserver/params"
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// UpdateGiteaEndpointReader is a Reader for the UpdateGiteaEndpoint structure.
+type UpdateGiteaEndpointReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *UpdateGiteaEndpointReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewUpdateGiteaEndpointOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	default:
+		result := NewUpdateGiteaEndpointDefault(response.Code())
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		if response.Code()/100 == 2 {
+			return result, nil
+		}
+		return nil, result
+	}
+}
+
+// NewUpdateGiteaEndpointOK creates a UpdateGiteaEndpointOK with default headers values
+func NewUpdateGiteaEndpointOK() *UpdateGiteaEndpointOK {
+	return &UpdateGiteaEndpointOK{}
+}
+
+/*
+UpdateGiteaEndpointOK describes a response with status code 200, with default header values.
+
+ForgeEndpoint
+*/
+type UpdateGiteaEndpointOK struct {
+	Payload garm_params.ForgeEndpoint
+}
+
+// IsSuccess returns true when this update gitea endpoint o k response has a 2xx status code
+func (o *UpdateGiteaEndpointOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this update gitea endpoint o k response has a 3xx status code
+func (o *UpdateGiteaEndpointOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this update gitea endpoint o k response has a 4xx status code
+func (o *UpdateGiteaEndpointOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this update gitea endpoint o k response has a 5xx status code
+func (o *UpdateGiteaEndpointOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this update gitea endpoint o k response a status code equal to that given
+func (o *UpdateGiteaEndpointOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the update gitea endpoint o k response
+func (o *UpdateGiteaEndpointOK) Code() int {
+	return 200
+}
+
+func (o *UpdateGiteaEndpointOK) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[PUT /gitea/endpoints/{name}][%d] updateGiteaEndpointOK %s", 200, payload)
+}
+
+func (o *UpdateGiteaEndpointOK) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[PUT /gitea/endpoints/{name}][%d] updateGiteaEndpointOK %s", 200, payload)
+}
+
+func (o *UpdateGiteaEndpointOK) GetPayload() garm_params.ForgeEndpoint {
+	return o.Payload
+}
+
+func (o *UpdateGiteaEndpointOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewUpdateGiteaEndpointDefault creates a UpdateGiteaEndpointDefault with default headers values
+func NewUpdateGiteaEndpointDefault(code int) *UpdateGiteaEndpointDefault {
+	return &UpdateGiteaEndpointDefault{
+		_statusCode: code,
+	}
+}
+
+/*
+UpdateGiteaEndpointDefault describes a response with status code -1, with default header values.
+
+APIErrorResponse
+*/
+type UpdateGiteaEndpointDefault struct {
+	_statusCode int
+
+	Payload apiserver_params.APIErrorResponse
+}
+
+// IsSuccess returns true when this update gitea endpoint default response has a 2xx status code
+func (o *UpdateGiteaEndpointDefault) IsSuccess() bool {
+	return o._statusCode/100 == 2
+}
+
+// IsRedirect returns true when this update gitea endpoint default response has a 3xx status code
+func (o *UpdateGiteaEndpointDefault) IsRedirect() bool {
+	return o._statusCode/100 == 3
+}
+
+// IsClientError returns true when this update gitea endpoint default response has a 4xx status code
+func (o *UpdateGiteaEndpointDefault) IsClientError() bool {
+	return o._statusCode/100 == 4
+}
+
+// IsServerError returns true when this update gitea endpoint default response has a 5xx status code
+func (o *UpdateGiteaEndpointDefault) IsServerError() bool {
+	return o._statusCode/100 == 5
+}
+
+// IsCode returns true when this update gitea endpoint default response a status code equal to that given
+func (o *UpdateGiteaEndpointDefault) IsCode(code int) bool {
+	return o._statusCode == code
+}
+
+// Code gets the status code for the update gitea endpoint default response
+func (o *UpdateGiteaEndpointDefault) Code() int {
+	return o._statusCode
+}
+
+func (o *UpdateGiteaEndpointDefault) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[PUT /gitea/endpoints/{name}][%d] UpdateGiteaEndpoint default %s", o._statusCode, payload)
+}
+
+func (o *UpdateGiteaEndpointDefault) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[PUT /gitea/endpoints/{name}][%d] UpdateGiteaEndpoint default %s", o._statusCode, payload)
+}
+
+func (o *UpdateGiteaEndpointDefault) GetPayload() apiserver_params.APIErrorResponse {
+	return o.Payload
+}
+
+func (o *UpdateGiteaEndpointDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}

client/endpoints/update_github_endpoint_parameters.go

@@ -0,0 +1,173 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package endpoints
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// NewUpdateGithubEndpointParams creates a new UpdateGithubEndpointParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewUpdateGithubEndpointParams() *UpdateGithubEndpointParams {
+	return &UpdateGithubEndpointParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewUpdateGithubEndpointParamsWithTimeout creates a new UpdateGithubEndpointParams object
+// with the ability to set a timeout on a request.
+func NewUpdateGithubEndpointParamsWithTimeout(timeout time.Duration) *UpdateGithubEndpointParams {
+	return &UpdateGithubEndpointParams{
+		timeout: timeout,
+	}
+}
+
+// NewUpdateGithubEndpointParamsWithContext creates a new UpdateGithubEndpointParams object
+// with the ability to set a context for a request.
+func NewUpdateGithubEndpointParamsWithContext(ctx context.Context) *UpdateGithubEndpointParams {
+	return &UpdateGithubEndpointParams{
+		Context: ctx,
+	}
+}
+
+// NewUpdateGithubEndpointParamsWithHTTPClient creates a new UpdateGithubEndpointParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewUpdateGithubEndpointParamsWithHTTPClient(client *http.Client) *UpdateGithubEndpointParams {
+	return &UpdateGithubEndpointParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+UpdateGithubEndpointParams contains all the parameters to send to the API endpoint
+
+	for the update github endpoint operation.
+
+	Typically these are written to a http.Request.
+*/
+type UpdateGithubEndpointParams struct {
+
+	/* Body.
+
+	   Parameters used when updating a GitHub endpoint.
+	*/
+	Body garm_params.UpdateGithubEndpointParams
+
+	/* Name.
+
+	   The name of the GitHub endpoint.
+	*/
+	Name string
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the update github endpoint params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *UpdateGithubEndpointParams) WithDefaults() *UpdateGithubEndpointParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the update github endpoint params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *UpdateGithubEndpointParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the update github endpoint params
+func (o *UpdateGithubEndpointParams) WithTimeout(timeout time.Duration) *UpdateGithubEndpointParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the update github endpoint params
+func (o *UpdateGithubEndpointParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the update github endpoint params
+func (o *UpdateGithubEndpointParams) WithContext(ctx context.Context) *UpdateGithubEndpointParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the update github endpoint params
+func (o *UpdateGithubEndpointParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the update github endpoint params
+func (o *UpdateGithubEndpointParams) WithHTTPClient(client *http.Client) *UpdateGithubEndpointParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the update github endpoint params
+func (o *UpdateGithubEndpointParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithBody adds the body to the update github endpoint params
+func (o *UpdateGithubEndpointParams) WithBody(body garm_params.UpdateGithubEndpointParams) *UpdateGithubEndpointParams {
+	o.SetBody(body)
+	return o
+}
+
+// SetBody adds the body to the update github endpoint params
+func (o *UpdateGithubEndpointParams) SetBody(body garm_params.UpdateGithubEndpointParams) {
+	o.Body = body
+}
+
+// WithName adds the name to the update github endpoint params
+func (o *UpdateGithubEndpointParams) WithName(name string) *UpdateGithubEndpointParams {
+	o.SetName(name)
+	return o
+}
+
+// SetName adds the name to the update github endpoint params
+func (o *UpdateGithubEndpointParams) SetName(name string) {
+	o.Name = name
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *UpdateGithubEndpointParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+	if err := r.SetBodyParam(o.Body); err != nil {
+		return err
+	}
+
+	// path param name
+	if err := r.SetPathParam("name", o.Name); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

client/endpoints/update_github_endpoint_responses.go

@@ -0,0 +1,184 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package endpoints
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+
+	apiserver_params "github.com/cloudbase/garm/apiserver/params"
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// UpdateGithubEndpointReader is a Reader for the UpdateGithubEndpoint structure.
+type UpdateGithubEndpointReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *UpdateGithubEndpointReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewUpdateGithubEndpointOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	default:
+		result := NewUpdateGithubEndpointDefault(response.Code())
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		if response.Code()/100 == 2 {
+			return result, nil
+		}
+		return nil, result
+	}
+}
+
+// NewUpdateGithubEndpointOK creates a UpdateGithubEndpointOK with default headers values
+func NewUpdateGithubEndpointOK() *UpdateGithubEndpointOK {
+	return &UpdateGithubEndpointOK{}
+}
+
+/*
+UpdateGithubEndpointOK describes a response with status code 200, with default header values.
+
+ForgeEndpoint
+*/
+type UpdateGithubEndpointOK struct {
+	Payload garm_params.ForgeEndpoint
+}
+
+// IsSuccess returns true when this update github endpoint o k response has a 2xx status code
+func (o *UpdateGithubEndpointOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this update github endpoint o k response has a 3xx status code
+func (o *UpdateGithubEndpointOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this update github endpoint o k response has a 4xx status code
+func (o *UpdateGithubEndpointOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this update github endpoint o k response has a 5xx status code
+func (o *UpdateGithubEndpointOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this update github endpoint o k response a status code equal to that given
+func (o *UpdateGithubEndpointOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the update github endpoint o k response
+func (o *UpdateGithubEndpointOK) Code() int {
+	return 200
+}
+
+func (o *UpdateGithubEndpointOK) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[PUT /github/endpoints/{name}][%d] updateGithubEndpointOK %s", 200, payload)
+}
+
+func (o *UpdateGithubEndpointOK) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[PUT /github/endpoints/{name}][%d] updateGithubEndpointOK %s", 200, payload)
+}
+
+func (o *UpdateGithubEndpointOK) GetPayload() garm_params.ForgeEndpoint {
+	return o.Payload
+}
+
+func (o *UpdateGithubEndpointOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewUpdateGithubEndpointDefault creates a UpdateGithubEndpointDefault with default headers values
+func NewUpdateGithubEndpointDefault(code int) *UpdateGithubEndpointDefault {
+	return &UpdateGithubEndpointDefault{
+		_statusCode: code,
+	}
+}
+
+/*
+UpdateGithubEndpointDefault describes a response with status code -1, with default header values.
+
+APIErrorResponse
+*/
+type UpdateGithubEndpointDefault struct {
+	_statusCode int
+
+	Payload apiserver_params.APIErrorResponse
+}
+
+// IsSuccess returns true when this update github endpoint default response has a 2xx status code
+func (o *UpdateGithubEndpointDefault) IsSuccess() bool {
+	return o._statusCode/100 == 2
+}
+
+// IsRedirect returns true when this update github endpoint default response has a 3xx status code
+func (o *UpdateGithubEndpointDefault) IsRedirect() bool {
+	return o._statusCode/100 == 3
+}
+
+// IsClientError returns true when this update github endpoint default response has a 4xx status code
+func (o *UpdateGithubEndpointDefault) IsClientError() bool {
+	return o._statusCode/100 == 4
+}
+
+// IsServerError returns true when this update github endpoint default response has a 5xx status code
+func (o *UpdateGithubEndpointDefault) IsServerError() bool {
+	return o._statusCode/100 == 5
+}
+
+// IsCode returns true when this update github endpoint default response a status code equal to that given
+func (o *UpdateGithubEndpointDefault) IsCode(code int) bool {
+	return o._statusCode == code
+}
+
+// Code gets the status code for the update github endpoint default response
+func (o *UpdateGithubEndpointDefault) Code() int {
+	return o._statusCode
+}
+
+func (o *UpdateGithubEndpointDefault) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[PUT /github/endpoints/{name}][%d] UpdateGithubEndpoint default %s", o._statusCode, payload)
+}
+
+func (o *UpdateGithubEndpointDefault) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[PUT /github/endpoints/{name}][%d] UpdateGithubEndpoint default %s", o._statusCode, payload)
+}
+
+func (o *UpdateGithubEndpointDefault) GetPayload() apiserver_params.APIErrorResponse {
+	return o.Payload
+}
+
+func (o *UpdateGithubEndpointDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}

client/enterprises/create_enterprise_pool_responses.go

@@ -6,6 +6,7 @@ package enterprises
 // Editing this file might prove futile when you re-run the swagger generate command
 
 import (
+	"encoding/json"
 	"fmt"
 	"io"
 
@@ -87,11 +88,13 @@ func (o *CreateEnterprisePoolOK) Code() int {
 }
 
 func (o *CreateEnterprisePoolOK) Error() string {
-	return fmt.Sprintf("[POST /enterprises/{enterpriseID}/pools][%d] createEnterprisePoolOK  %+v", 200, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /enterprises/{enterpriseID}/pools][%d] createEnterprisePoolOK %s", 200, payload)
 }
 
 func (o *CreateEnterprisePoolOK) String() string {
-	return fmt.Sprintf("[POST /enterprises/{enterpriseID}/pools][%d] createEnterprisePoolOK  %+v", 200, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /enterprises/{enterpriseID}/pools][%d] createEnterprisePoolOK %s", 200, payload)
 }
 
 func (o *CreateEnterprisePoolOK) GetPayload() garm_params.Pool {
@@ -157,11 +160,13 @@ func (o *CreateEnterprisePoolDefault) Code() int {
 }
 
 func (o *CreateEnterprisePoolDefault) Error() string {
-	return fmt.Sprintf("[POST /enterprises/{enterpriseID}/pools][%d] CreateEnterprisePool default  %+v", o._statusCode, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /enterprises/{enterpriseID}/pools][%d] CreateEnterprisePool default %s", o._statusCode, payload)
 }
 
 func (o *CreateEnterprisePoolDefault) String() string {
-	return fmt.Sprintf("[POST /enterprises/{enterpriseID}/pools][%d] CreateEnterprisePool default  %+v", o._statusCode, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /enterprises/{enterpriseID}/pools][%d] CreateEnterprisePool default %s", o._statusCode, payload)
 }
 
 func (o *CreateEnterprisePoolDefault) GetPayload() apiserver_params.APIErrorResponse {

client/enterprises/create_enterprise_responses.go

@@ -6,6 +6,7 @@ package enterprises
 // Editing this file might prove futile when you re-run the swagger generate command
 
 import (
+	"encoding/json"
 	"fmt"
 	"io"
 
@@ -87,11 +88,13 @@ func (o *CreateEnterpriseOK) Code() int {
 }
 
 func (o *CreateEnterpriseOK) Error() string {
-	return fmt.Sprintf("[POST /enterprises][%d] createEnterpriseOK  %+v", 200, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /enterprises][%d] createEnterpriseOK %s", 200, payload)
 }
 
 func (o *CreateEnterpriseOK) String() string {
-	return fmt.Sprintf("[POST /enterprises][%d] createEnterpriseOK  %+v", 200, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /enterprises][%d] createEnterpriseOK %s", 200, payload)
 }
 
 func (o *CreateEnterpriseOK) GetPayload() garm_params.Enterprise {
@@ -157,11 +160,13 @@ func (o *CreateEnterpriseDefault) Code() int {
 }
 
 func (o *CreateEnterpriseDefault) Error() string {
-	return fmt.Sprintf("[POST /enterprises][%d] CreateEnterprise default  %+v", o._statusCode, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /enterprises][%d] CreateEnterprise default %s", o._statusCode, payload)
 }
 
 func (o *CreateEnterpriseDefault) String() string {
-	return fmt.Sprintf("[POST /enterprises][%d] CreateEnterprise default  %+v", o._statusCode, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /enterprises][%d] CreateEnterprise default %s", o._statusCode, payload)
 }
 
 func (o *CreateEnterpriseDefault) GetPayload() apiserver_params.APIErrorResponse {

client/enterprises/create_enterprise_scale_set_parameters.go

@@ -0,0 +1,173 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package enterprises
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// NewCreateEnterpriseScaleSetParams creates a new CreateEnterpriseScaleSetParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewCreateEnterpriseScaleSetParams() *CreateEnterpriseScaleSetParams {
+	return &CreateEnterpriseScaleSetParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewCreateEnterpriseScaleSetParamsWithTimeout creates a new CreateEnterpriseScaleSetParams object
+// with the ability to set a timeout on a request.
+func NewCreateEnterpriseScaleSetParamsWithTimeout(timeout time.Duration) *CreateEnterpriseScaleSetParams {
+	return &CreateEnterpriseScaleSetParams{
+		timeout: timeout,
+	}
+}
+
+// NewCreateEnterpriseScaleSetParamsWithContext creates a new CreateEnterpriseScaleSetParams object
+// with the ability to set a context for a request.
+func NewCreateEnterpriseScaleSetParamsWithContext(ctx context.Context) *CreateEnterpriseScaleSetParams {
+	return &CreateEnterpriseScaleSetParams{
+		Context: ctx,
+	}
+}
+
+// NewCreateEnterpriseScaleSetParamsWithHTTPClient creates a new CreateEnterpriseScaleSetParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewCreateEnterpriseScaleSetParamsWithHTTPClient(client *http.Client) *CreateEnterpriseScaleSetParams {
+	return &CreateEnterpriseScaleSetParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+CreateEnterpriseScaleSetParams contains all the parameters to send to the API endpoint
+
+	for the create enterprise scale set operation.
+
+	Typically these are written to a http.Request.
+*/
+type CreateEnterpriseScaleSetParams struct {
+
+	/* Body.
+
+	   Parameters used when creating the enterprise scale set.
+	*/
+	Body garm_params.CreateScaleSetParams
+
+	/* EnterpriseID.
+
+	   Enterprise ID.
+	*/
+	EnterpriseID string
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the create enterprise scale set params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *CreateEnterpriseScaleSetParams) WithDefaults() *CreateEnterpriseScaleSetParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the create enterprise scale set params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *CreateEnterpriseScaleSetParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the create enterprise scale set params
+func (o *CreateEnterpriseScaleSetParams) WithTimeout(timeout time.Duration) *CreateEnterpriseScaleSetParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the create enterprise scale set params
+func (o *CreateEnterpriseScaleSetParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the create enterprise scale set params
+func (o *CreateEnterpriseScaleSetParams) WithContext(ctx context.Context) *CreateEnterpriseScaleSetParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the create enterprise scale set params
+func (o *CreateEnterpriseScaleSetParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the create enterprise scale set params
+func (o *CreateEnterpriseScaleSetParams) WithHTTPClient(client *http.Client) *CreateEnterpriseScaleSetParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the create enterprise scale set params
+func (o *CreateEnterpriseScaleSetParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithBody adds the body to the create enterprise scale set params
+func (o *CreateEnterpriseScaleSetParams) WithBody(body garm_params.CreateScaleSetParams) *CreateEnterpriseScaleSetParams {
+	o.SetBody(body)
+	return o
+}
+
+// SetBody adds the body to the create enterprise scale set params
+func (o *CreateEnterpriseScaleSetParams) SetBody(body garm_params.CreateScaleSetParams) {
+	o.Body = body
+}
+
+// WithEnterpriseID adds the enterpriseID to the create enterprise scale set params
+func (o *CreateEnterpriseScaleSetParams) WithEnterpriseID(enterpriseID string) *CreateEnterpriseScaleSetParams {
+	o.SetEnterpriseID(enterpriseID)
+	return o
+}
+
+// SetEnterpriseID adds the enterpriseId to the create enterprise scale set params
+func (o *CreateEnterpriseScaleSetParams) SetEnterpriseID(enterpriseID string) {
+	o.EnterpriseID = enterpriseID
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *CreateEnterpriseScaleSetParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+	if err := r.SetBodyParam(o.Body); err != nil {
+		return err
+	}
+
+	// path param enterpriseID
+	if err := r.SetPathParam("enterpriseID", o.EnterpriseID); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

client/enterprises/create_enterprise_scale_set_responses.go

@@ -0,0 +1,184 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package enterprises
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+
+	apiserver_params "github.com/cloudbase/garm/apiserver/params"
+	garm_params "github.com/cloudbase/garm/params"
+)
+
+// CreateEnterpriseScaleSetReader is a Reader for the CreateEnterpriseScaleSet structure.
+type CreateEnterpriseScaleSetReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *CreateEnterpriseScaleSetReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewCreateEnterpriseScaleSetOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	default:
+		result := NewCreateEnterpriseScaleSetDefault(response.Code())
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		if response.Code()/100 == 2 {
+			return result, nil
+		}
+		return nil, result
+	}
+}
+
+// NewCreateEnterpriseScaleSetOK creates a CreateEnterpriseScaleSetOK with default headers values
+func NewCreateEnterpriseScaleSetOK() *CreateEnterpriseScaleSetOK {
+	return &CreateEnterpriseScaleSetOK{}
+}
+
+/*
+CreateEnterpriseScaleSetOK describes a response with status code 200, with default header values.
+
+ScaleSet
+*/
+type CreateEnterpriseScaleSetOK struct {
+	Payload garm_params.ScaleSet
+}
+
+// IsSuccess returns true when this create enterprise scale set o k response has a 2xx status code
+func (o *CreateEnterpriseScaleSetOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this create enterprise scale set o k response has a 3xx status code
+func (o *CreateEnterpriseScaleSetOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this create enterprise scale set o k response has a 4xx status code
+func (o *CreateEnterpriseScaleSetOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this create enterprise scale set o k response has a 5xx status code
+func (o *CreateEnterpriseScaleSetOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this create enterprise scale set o k response a status code equal to that given
+func (o *CreateEnterpriseScaleSetOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the create enterprise scale set o k response
+func (o *CreateEnterpriseScaleSetOK) Code() int {
+	return 200
+}
+
+func (o *CreateEnterpriseScaleSetOK) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /enterprises/{enterpriseID}/scalesets][%d] createEnterpriseScaleSetOK %s", 200, payload)
+}
+
+func (o *CreateEnterpriseScaleSetOK) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /enterprises/{enterpriseID}/scalesets][%d] createEnterpriseScaleSetOK %s", 200, payload)
+}
+
+func (o *CreateEnterpriseScaleSetOK) GetPayload() garm_params.ScaleSet {
+	return o.Payload
+}
+
+func (o *CreateEnterpriseScaleSetOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewCreateEnterpriseScaleSetDefault creates a CreateEnterpriseScaleSetDefault with default headers values
+func NewCreateEnterpriseScaleSetDefault(code int) *CreateEnterpriseScaleSetDefault {
+	return &CreateEnterpriseScaleSetDefault{
+		_statusCode: code,
+	}
+}
+
+/*
+CreateEnterpriseScaleSetDefault describes a response with status code -1, with default header values.
+
+APIErrorResponse
+*/
+type CreateEnterpriseScaleSetDefault struct {
+	_statusCode int
+
+	Payload apiserver_params.APIErrorResponse
+}
+
+// IsSuccess returns true when this create enterprise scale set default response has a 2xx status code
+func (o *CreateEnterpriseScaleSetDefault) IsSuccess() bool {
+	return o._statusCode/100 == 2
+}
+
+// IsRedirect returns true when this create enterprise scale set default response has a 3xx status code
+func (o *CreateEnterpriseScaleSetDefault) IsRedirect() bool {
+	return o._statusCode/100 == 3
+}
+
+// IsClientError returns true when this create enterprise scale set default response has a 4xx status code
+func (o *CreateEnterpriseScaleSetDefault) IsClientError() bool {
+	return o._statusCode/100 == 4
+}
+
+// IsServerError returns true when this create enterprise scale set default response has a 5xx status code
+func (o *CreateEnterpriseScaleSetDefault) IsServerError() bool {
+	return o._statusCode/100 == 5
+}
+
+// IsCode returns true when this create enterprise scale set default response a status code equal to that given
+func (o *CreateEnterpriseScaleSetDefault) IsCode(code int) bool {
+	return o._statusCode == code
+}
+
+// Code gets the status code for the create enterprise scale set default response
+func (o *CreateEnterpriseScaleSetDefault) Code() int {
+	return o._statusCode
+}
+
+func (o *CreateEnterpriseScaleSetDefault) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /enterprises/{enterpriseID}/scalesets][%d] CreateEnterpriseScaleSet default %s", o._statusCode, payload)
+}
+
+func (o *CreateEnterpriseScaleSetDefault) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /enterprises/{enterpriseID}/scalesets][%d] CreateEnterpriseScaleSet default %s", o._statusCode, payload)
+}
+
+func (o *CreateEnterpriseScaleSetDefault) GetPayload() apiserver_params.APIErrorResponse {
+	return o.Payload
+}
+
+func (o *CreateEnterpriseScaleSetDefault) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	// response payload
+	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}

client/enterprises/delete_enterprise_pool_responses.go

@@ -6,6 +6,7 @@ package enterprises
 // Editing this file might prove futile when you re-run the swagger generate command
 
 import (
+	"encoding/json"
 	"fmt"
 	"io"
 
@@ -81,11 +82,13 @@ func (o *DeleteEnterprisePoolDefault) Code() int {
 }
 
 func (o *DeleteEnterprisePoolDefault) Error() string {
-	return fmt.Sprintf("[DELETE /enterprises/{enterpriseID}/pools/{poolID}][%d] DeleteEnterprisePool default  %+v", o._statusCode, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[DELETE /enterprises/{enterpriseID}/pools/{poolID}][%d] DeleteEnterprisePool default %s", o._statusCode, payload)
 }
 
 func (o *DeleteEnterprisePoolDefault) String() string {
-	return fmt.Sprintf("[DELETE /enterprises/{enterpriseID}/pools/{poolID}][%d] DeleteEnterprisePool default  %+v", o._statusCode, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[DELETE /enterprises/{enterpriseID}/pools/{poolID}][%d] DeleteEnterprisePool default %s", o._statusCode, payload)
 }
 
 func (o *DeleteEnterprisePoolDefault) GetPayload() apiserver_params.APIErrorResponse {

client/enterprises/delete_enterprise_responses.go

@@ -6,6 +6,7 @@ package enterprises
 // Editing this file might prove futile when you re-run the swagger generate command
 
 import (
+	"encoding/json"
 	"fmt"
 	"io"
 
@@ -81,11 +82,13 @@ func (o *DeleteEnterpriseDefault) Code() int {
 }
 
 func (o *DeleteEnterpriseDefault) Error() string {
-	return fmt.Sprintf("[DELETE /enterprises/{enterpriseID}][%d] DeleteEnterprise default  %+v", o._statusCode, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[DELETE /enterprises/{enterpriseID}][%d] DeleteEnterprise default %s", o._statusCode, payload)
 }
 
 func (o *DeleteEnterpriseDefault) String() string {
-	return fmt.Sprintf("[DELETE /enterprises/{enterpriseID}][%d] DeleteEnterprise default  %+v", o._statusCode, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[DELETE /enterprises/{enterpriseID}][%d] DeleteEnterprise default %s", o._statusCode, payload)
 }
 
 func (o *DeleteEnterpriseDefault) GetPayload() apiserver_params.APIErrorResponse {

client/enterprises/enterprises_client.go

@@ -7,6 +7,7 @@ package enterprises
 
 import (
 	"github.com/go-openapi/runtime"
+	httptransport "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 )
 
@@ -15,6 +16,31 @@ func New(transport runtime.ClientTransport, formats strfmt.Registry) ClientServi
 	return &Client{transport: transport, formats: formats}
 }
 
+// New creates a new enterprises API client with basic auth credentials.
+// It takes the following parameters:
+// - host: http host (github.com).
+// - basePath: any base path for the API client ("/v1", "/v3").
+// - scheme: http scheme ("http", "https").
+// - user: user for basic authentication header.
+// - password: password for basic authentication header.
+func NewClientWithBasicAuth(host, basePath, scheme, user, password string) ClientService {
+	transport := httptransport.New(host, basePath, []string{scheme})
+	transport.DefaultAuthentication = httptransport.BasicAuth(user, password)
+	return &Client{transport: transport, formats: strfmt.Default}
+}
+
+// New creates a new enterprises API client with a bearer token for authentication.
+// It takes the following parameters:
+// - host: http host (github.com).
+// - basePath: any base path for the API client ("/v1", "/v3").
+// - scheme: http scheme ("http", "https").
+// - bearerToken: bearer token for Bearer authentication header.
+func NewClientWithBearerToken(host, basePath, scheme, bearerToken string) ClientService {
+	transport := httptransport.New(host, basePath, []string{scheme})
+	transport.DefaultAuthentication = httptransport.BearerToken(bearerToken)
+	return &Client{transport: transport, formats: strfmt.Default}
+}
+
 /*
 Client for enterprises API
 */
@@ -23,7 +49,7 @@ type Client struct {
 	formats   strfmt.Registry
 }
 
-// ClientOption is the option for Client methods
+// ClientOption may be used to customize the behavior of Client methods.
 type ClientOption func(*runtime.ClientOperation)
 
 // ClientService is the interface for Client methods
@@ -32,6 +58,8 @@ type ClientService interface {
 
 	CreateEnterprisePool(params *CreateEnterprisePoolParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateEnterprisePoolOK, error)
 
+	CreateEnterpriseScaleSet(params *CreateEnterpriseScaleSetParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateEnterpriseScaleSetOK, error)
+
 	DeleteEnterprise(params *DeleteEnterpriseParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) error
 
 	DeleteEnterprisePool(params *DeleteEnterprisePoolParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) error
@@ -44,6 +72,8 @@ type ClientService interface {
 
 	ListEnterprisePools(params *ListEnterprisePoolsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListEnterprisePoolsOK, error)
 
+	ListEnterpriseScaleSets(params *ListEnterpriseScaleSetsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListEnterpriseScaleSetsOK, error)
+
 	ListEnterprises(params *ListEnterprisesParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListEnterprisesOK, error)
 
 	UpdateEnterprise(params *UpdateEnterpriseParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateEnterpriseOK, error)
@@ -129,6 +159,44 @@ func (a *Client) CreateEnterprisePool(params *CreateEnterprisePoolParams, authIn
 	return nil, runtime.NewAPIError("unexpected success response: content available as default response in error", unexpectedSuccess, unexpectedSuccess.Code())
 }
 
+/*
+CreateEnterpriseScaleSet creates enterprise pool with the parameters given
+*/
+func (a *Client) CreateEnterpriseScaleSet(params *CreateEnterpriseScaleSetParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateEnterpriseScaleSetOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewCreateEnterpriseScaleSetParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "CreateEnterpriseScaleSet",
+		Method:             "POST",
+		PathPattern:        "/enterprises/{enterpriseID}/scalesets",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &CreateEnterpriseScaleSetReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*CreateEnterpriseScaleSetOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	unexpectedSuccess := result.(*CreateEnterpriseScaleSetDefault)
+	return nil, runtime.NewAPIError("unexpected success response: content available as default response in error", unexpectedSuccess, unexpectedSuccess.Code())
+}
+
 /*
 DeleteEnterprise deletes enterprise by ID
 */
@@ -345,6 +413,44 @@ func (a *Client) ListEnterprisePools(params *ListEnterprisePoolsParams, authInfo
 	return nil, runtime.NewAPIError("unexpected success response: content available as default response in error", unexpectedSuccess, unexpectedSuccess.Code())
 }
 
+/*
+ListEnterpriseScaleSets lists enterprise scale sets
+*/
+func (a *Client) ListEnterpriseScaleSets(params *ListEnterpriseScaleSetsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListEnterpriseScaleSetsOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewListEnterpriseScaleSetsParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "ListEnterpriseScaleSets",
+		Method:             "GET",
+		PathPattern:        "/enterprises/{enterpriseID}/scalesets",
+		ProducesMediaTypes: []string{"application/json"},
+		ConsumesMediaTypes: []string{"application/json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &ListEnterpriseScaleSetsReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*ListEnterpriseScaleSetsOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	unexpectedSuccess := result.(*ListEnterpriseScaleSetsDefault)
+	return nil, runtime.NewAPIError("unexpected success response: content available as default response in error", unexpectedSuccess, unexpectedSuccess.Code())
+}
+
 /*
 ListEnterprises lists all enterprises
 */

client/enterprises/get_enterprise_pool_responses.go

@@ -6,6 +6,7 @@ package enterprises
 // Editing this file might prove futile when you re-run the swagger generate command
 
 import (
+	"encoding/json"
 	"fmt"
 	"io"
 
@@ -87,11 +88,13 @@ func (o *GetEnterprisePoolOK) Code() int {
 }
 
 func (o *GetEnterprisePoolOK) Error() string {
-	return fmt.Sprintf("[GET /enterprises/{enterpriseID}/pools/{poolID}][%d] getEnterprisePoolOK  %+v", 200, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /enterprises/{enterpriseID}/pools/{poolID}][%d] getEnterprisePoolOK %s", 200, payload)
 }
 
 func (o *GetEnterprisePoolOK) String() string {
-	return fmt.Sprintf("[GET /enterprises/{enterpriseID}/pools/{poolID}][%d] getEnterprisePoolOK  %+v", 200, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /enterprises/{enterpriseID}/pools/{poolID}][%d] getEnterprisePoolOK %s", 200, payload)
 }
 
 func (o *GetEnterprisePoolOK) GetPayload() garm_params.Pool {
@@ -157,11 +160,13 @@ func (o *GetEnterprisePoolDefault) Code() int {
 }
 
 func (o *GetEnterprisePoolDefault) Error() string {
-	return fmt.Sprintf("[GET /enterprises/{enterpriseID}/pools/{poolID}][%d] GetEnterprisePool default  %+v", o._statusCode, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /enterprises/{enterpriseID}/pools/{poolID}][%d] GetEnterprisePool default %s", o._statusCode, payload)
 }
 
 func (o *GetEnterprisePoolDefault) String() string {
-	return fmt.Sprintf("[GET /enterprises/{enterpriseID}/pools/{poolID}][%d] GetEnterprisePool default  %+v", o._statusCode, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /enterprises/{enterpriseID}/pools/{poolID}][%d] GetEnterprisePool default %s", o._statusCode, payload)
 }
 
 func (o *GetEnterprisePoolDefault) GetPayload() apiserver_params.APIErrorResponse {

client/enterprises/get_enterprise_responses.go

@@ -6,6 +6,7 @@ package enterprises
 // Editing this file might prove futile when you re-run the swagger generate command
 
 import (
+	"encoding/json"
 	"fmt"
 	"io"
 
@@ -87,11 +88,13 @@ func (o *GetEnterpriseOK) Code() int {
 }
 
 func (o *GetEnterpriseOK) Error() string {
-	return fmt.Sprintf("[GET /enterprises/{enterpriseID}][%d] getEnterpriseOK  %+v", 200, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /enterprises/{enterpriseID}][%d] getEnterpriseOK %s", 200, payload)
 }
 
 func (o *GetEnterpriseOK) String() string {
-	return fmt.Sprintf("[GET /enterprises/{enterpriseID}][%d] getEnterpriseOK  %+v", 200, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /enterprises/{enterpriseID}][%d] getEnterpriseOK %s", 200, payload)
 }
 
 func (o *GetEnterpriseOK) GetPayload() garm_params.Enterprise {
@@ -157,11 +160,13 @@ func (o *GetEnterpriseDefault) Code() int {
 }
 
 func (o *GetEnterpriseDefault) Error() string {
-	return fmt.Sprintf("[GET /enterprises/{enterpriseID}][%d] GetEnterprise default  %+v", o._statusCode, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /enterprises/{enterpriseID}][%d] GetEnterprise default %s", o._statusCode, payload)
 }
 
 func (o *GetEnterpriseDefault) String() string {
-	return fmt.Sprintf("[GET /enterprises/{enterpriseID}][%d] GetEnterprise default  %+v", o._statusCode, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /enterprises/{enterpriseID}][%d] GetEnterprise default %s", o._statusCode, payload)
 }
 
 func (o *GetEnterpriseDefault) GetPayload() apiserver_params.APIErrorResponse {

client/enterprises/list_enterprise_instances_responses.go

@@ -6,6 +6,7 @@ package enterprises
 // Editing this file might prove futile when you re-run the swagger generate command
 
 import (
+	"encoding/json"
 	"fmt"
 	"io"
 
@@ -87,11 +88,13 @@ func (o *ListEnterpriseInstancesOK) Code() int {
 }
 
 func (o *ListEnterpriseInstancesOK) Error() string {
-	return fmt.Sprintf("[GET /enterprises/{enterpriseID}/instances][%d] listEnterpriseInstancesOK  %+v", 200, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /enterprises/{enterpriseID}/instances][%d] listEnterpriseInstancesOK %s", 200, payload)
 }
 
 func (o *ListEnterpriseInstancesOK) String() string {
-	return fmt.Sprintf("[GET /enterprises/{enterpriseID}/instances][%d] listEnterpriseInstancesOK  %+v", 200, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /enterprises/{enterpriseID}/instances][%d] listEnterpriseInstancesOK %s", 200, payload)
 }
 
 func (o *ListEnterpriseInstancesOK) GetPayload() garm_params.Instances {
@@ -157,11 +160,13 @@ func (o *ListEnterpriseInstancesDefault) Code() int {
 }
 
 func (o *ListEnterpriseInstancesDefault) Error() string {
-	return fmt.Sprintf("[GET /enterprises/{enterpriseID}/instances][%d] ListEnterpriseInstances default  %+v", o._statusCode, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /enterprises/{enterpriseID}/instances][%d] ListEnterpriseInstances default %s", o._statusCode, payload)
 }
 
 func (o *ListEnterpriseInstancesDefault) String() string {
-	return fmt.Sprintf("[GET /enterprises/{enterpriseID}/instances][%d] ListEnterpriseInstances default  %+v", o._statusCode, o.Payload)
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[GET /enterprises/{enterpriseID}/instances][%d] ListEnterpriseInstances default %s", o._statusCode, payload)
 }
 
 func (o *ListEnterpriseInstancesDefault) GetPayload() apiserver_params.APIErrorResponse {