tenseleyflow/shithub / cf62ed2

+GET  /organizations/{org}/settings/import

+POST /organizations/{org}/settings/import

+GET  /organizations/{org}/imports/{importID}

+`GET /organizations/{org}/settings/import` renders the owner-only

+GitHub organization import page. Owners can provide a GitHub

+organization name or `github.com/<org>` URL and, optionally, a token.

+Untokened imports discover public repositories only. Token-backed

+imports use GitHub's `type=all` repo listing, persist the token

+encrypted with the server secret box, and keep private upstream repos

+private on shithub.

+

+`POST /organizations/{org}/settings/import` creates an

+`org_github_imports` row and enqueues

+`worker.KindOrgGitHubImportDiscover`. `GET

+/organizations/{org}/imports/{importID}` shows a polling progress page

+with per-repo queued/importing/imported/skipped/failed state. The

+discover job pages through the GitHub API, records one

+`org_github_import_repos` row per repository, and enqueues an import job

+per repo. Each repo job creates the org-owned shithub repository, saves

+the GitHub source remote, fetches heads/tags with a temporary Git

+askpass helper when a token is present, updates the default branch from

+fetched refs, and enqueues indexing + size recalculation. Existing

+active repositories in the organization are skipped instead of

+overwritten.

+

+* **Org import token storage**: the token never enters a Git URL, logs,

+  or plaintext database column. It is encrypted in

+  `org_github_imports.token_ciphertext` and supplied to git via a

+  temporary askpass script scoped to the fetch process.

+Organization GitHub imports reuse the same source-remote path in bulk.

+The org import worker creates one org-owned repository per discovered

+GitHub repo, persists the upstream clone URL in `repo_source_remotes`,

+fetches heads/tags, and then refreshes `default_branch` /

+`default_branch_oid` exactly like the single-repo import flow. Private

+repositories are only imported when the owner supplied a GitHub token;

+the token is stored encrypted on the import row and passed to git via

+temporary askpass environment, never embedded into the persisted remote

+URL.

+

+| Kind                         | Trigger                              | Idempotent on                    |

+| ---------------------------- | ------------------------------------ | -------------------------------- |

+| `push:process`               | post-receive hook per ref            | `push_events.processed_at`       |

+| `repo:size_recalc`           | enqueued by `push:process`           | overwrite-last-wins              |

+| `org:github_import_discover` | org import request                   | `org_github_imports.status`      |

+| `org:github_import_repo`     | import discovery per GitHub repo     | `org_github_import_repos.status` |

+| `jobs:purge_completed`       | future cron / manual ad-hoc          | always safe to re-run            |

+| `trending:compute`           | recurring self-scheduled S42 job     | append-only snapshots            |

+var githubOrgRE = regexp.MustCompile(`^[A-Za-z0-9](?:[A-Za-z0-9-]{0,37}[A-Za-z0-9])?$`)

+	if org == "" || strings.Contains(org, "/") || strings.Contains(org, "--") || !githubOrgRE.MatchString(org) {

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package orgs_test

+

+import (

+	"context"

+	"encoding/json"

+	"fmt"

+	"io"

+	"log/slog"

+	"net/http"

+	"strconv"

+	"strings"

+	"testing"

+

+	"github.com/tenseleyFlow/shithub/internal/auth/secretbox"

+	"github.com/tenseleyFlow/shithub/internal/orgs"

+	"github.com/tenseleyFlow/shithub/internal/worker"

+)

+

+func TestNormalizeGitHubOrg(t *testing.T) {

+	t.Parallel()

+	tests := []struct {

+		name    string

+		raw     string

+		want    string

+		wantErr bool

+	}{

+		{name: "bare", raw: "tenseleyFlow", want: "tenseleyFlow"},

+		{name: "url", raw: "https://github.com/FortranGoingOnForty/", want: "FortranGoingOnForty"},

+		{name: "path rejected", raw: "github.com/owner/repo", wantErr: true},

+		{name: "trailing hyphen rejected", raw: "bad-", wantErr: true},

+		{name: "double hyphen rejected", raw: "bad--name", wantErr: true},

+	}

+	for _, tt := range tests {

+		t.Run(tt.name, func(t *testing.T) {

+			got, err := orgs.NormalizeGitHubOrg(tt.raw)

+			if tt.wantErr {

+				if err == nil {

+					t.Fatalf("NormalizeGitHubOrg(%q) succeeded", tt.raw)

+				}

+				return

+			}

+			if err != nil {

+				t.Fatalf("NormalizeGitHubOrg(%q): %v", tt.raw, err)

+			}

+			if got != tt.want {

+				t.Fatalf("NormalizeGitHubOrg(%q)=%q, want %q", tt.raw, got, tt.want)

+			}

+		})

+	}

+}

+

+func TestGitHubClientListOrgReposPaginatesAndUsesToken(t *testing.T) {

+	t.Parallel()

+	var seenPages []string

+	rt := roundTripFunc(func(r *http.Request) (*http.Response, error) {

+		if got, want := r.URL.Path, "/orgs/tenseleyFlow/repos"; got != want {

+			t.Fatalf("path=%q, want %q", got, want)

+		}

+		if got, want := r.Header.Get("Authorization"), "Bearer test-token"; got != want {

+			t.Fatalf("Authorization=%q, want %q", got, want)

+		}

+		if got, want := r.URL.Query().Get("type"), "all"; got != want {

+			t.Fatalf("type=%q, want %q", got, want)

+		}

+		seenPages = append(seenPages, r.URL.Query().Get("page"))

+		var body strings.Builder

+		if r.URL.Query().Get("page") == "1" {

+			writeGitHubRepoList(t, &body, 100)

+		} else {

+			_, _ = io.WriteString(&body, `[{"id":101,"name":"last","full_name":"tenseleyFlow/last","clone_url":"https://github.com/tenseleyFlow/last.git","description":"last repo","default_branch":"trunk"}]`)

+		}

+		return &http.Response{

+			StatusCode: http.StatusOK,

+			Status:     "200 OK",

+			Header:     http.Header{"Content-Type": []string{"application/json"}},

+			Body:       io.NopCloser(strings.NewReader(body.String())),

+			Request:    r,

+		}, nil

+	})

+

+	repos, err := (orgs.GitHubClient{

+		HTTPClient: &http.Client{Transport: rt},

+		BaseURL:    "https://api.github.test",

+		UserAgent:  "shithub-test",

+	}).ListOrgRepos(context.Background(), "tenseleyFlow", "test-token")

+	if err != nil {

+		t.Fatalf("ListOrgRepos: %v", err)

+	}

+	if len(repos) != 101 {

+		t.Fatalf("len(repos)=%d, want 101", len(repos))

+	}

+	if got := fmt.Sprint(seenPages); got != "[1 2]" {

+		t.Fatalf("pages=%s, want [1 2]", got)

+	}

+	if repos[100].FullName != "tenseleyFlow/last" || repos[100].Description != "last repo" || repos[100].DefaultBranch != "trunk" {

+		t.Fatalf("last repo decoded incorrectly: %+v", repos[100])

+	}

+}

+

+type roundTripFunc func(*http.Request) (*http.Response, error)

+

+func (f roundTripFunc) RoundTrip(r *http.Request) (*http.Response, error) {

+	return f(r)

+}

+

+func writeGitHubRepoList(t *testing.T, w io.Writer, count int) {

+	t.Helper()

+	payload := make([]map[string]any, 0, count)

+	for i := 0; i < count; i++ {

+		payload = append(payload, map[string]any{

+			"id":             i + 1,

+			"name":           fmt.Sprintf("repo-%03d", i),

+			"full_name":      fmt.Sprintf("tenseleyFlow/repo-%03d", i),

+			"clone_url":      fmt.Sprintf("https://github.com/tenseleyFlow/repo-%03d.git", i),

+			"description":    nil,

+			"default_branch": "trunk",

+			"private":        false,

+			"fork":           false,

+		})

+	}

+	if err := json.NewEncoder(w).Encode(payload); err != nil {

+		t.Fatalf("encode GitHub response: %v", err)

+	}

+}

+

+func TestStartGitHubImportPersistsEncryptedTokenAndDiscoveryJob(t *testing.T) {

+	pool, deps, alice := setup(t)

+	row, err := orgs.Create(context.Background(), deps, orgs.CreateParams{

+		Slug: "acme", DisplayName: "Acme Inc", CreatedByUserID: alice,

+	})

+	if err != nil {

+		t.Fatalf("create org: %v", err)

+	}

+	key, err := secretbox.GenerateKey()

+	if err != nil {

+		t.Fatalf("GenerateKey: %v", err)

+	}

+	box, err := secretbox.FromBytes(key)

+	if err != nil {

+		t.Fatalf("FromBytes: %v", err)

+	}

+	imp, err := orgs.StartGitHubImport(context.Background(), orgs.ImportDeps{

+		Pool:   pool,

+		Box:    box,

+		Logger: slog.New(slog.NewTextHandler(io.Discard, nil)),

+	}, orgs.StartGitHubImportParams{

+		OrgID: row.ID, SourceOrg: "https://github.com/tenseleyFlow/",

+		RequestedByUserID: alice, Token: "ghp_secret",

+	})

+	if err != nil {

+		t.Fatalf("StartGitHubImport: %v", err)

+	}

+	if imp.SourceOrg != "tenseleyFlow" || !imp.IncludePrivate || !imp.TokenPresent {

+		t.Fatalf("unexpected import row: %+v", imp)

+	}

+	token, err := orgs.DecryptGitHubImportToken(imp, box)

+	if err != nil {

+		t.Fatalf("DecryptGitHubImportToken: %v", err)

+	}

+	if token != "ghp_secret" {

+		t.Fatalf("decrypted token=%q", token)

+	}

+	if string(imp.TokenCiphertext) == "ghp_secret" {

+		t.Fatal("token stored in plaintext")

+	}

+	var jobs int

+	if err := pool.QueryRow(context.Background(),

+		`SELECT count(*) FROM jobs WHERE kind = $1 AND payload->>'import_id' = $2`,

+		worker.KindOrgGitHubImportDiscover, strconv.FormatInt(imp.ID, 10),

+	).Scan(&jobs); err != nil {

+		t.Fatalf("query jobs: %v", err)

+	}

+	if jobs != 1 {

+		t.Fatalf("discovery jobs=%d, want 1", jobs)

+	}

+}

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package orgs

+

+import (

+	"errors"

+	"net/http"

+	"net/url"

+	"strconv"

+	"strings"

+

+	"github.com/go-chi/chi/v5"

+	"github.com/jackc/pgx/v5"

+

+	orgdomain "github.com/tenseleyFlow/shithub/internal/orgs"

+	orgsdb "github.com/tenseleyFlow/shithub/internal/orgs/sqlc"

+	"github.com/tenseleyFlow/shithub/internal/web/middleware"

+)

+

+type importForm struct {

+	GitHubOrg   string

+	GitHubToken string

+}

+

+func (h *Handlers) settingsImport(w http.ResponseWriter, r *http.Request) {

+	org, ok := h.loadOrgSettingsOwner(w, r)

+	if !ok {

+		return

+	}

+	h.renderSettingsImport(w, r, org, importForm{}, "", importNotice(r.URL.Query().Get("notice")))

+}

+

+func (h *Handlers) settingsImportSubmit(w http.ResponseWriter, r *http.Request) {

+	org, ok := h.loadOrgSettingsOwner(w, r)

+	if !ok {

+		return

+	}

+	if err := r.ParseForm(); err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "form parse")

+		return

+	}

+	form := importForm{

+		GitHubOrg:   strings.TrimSpace(r.PostFormValue("github_org")),

+		GitHubToken: strings.TrimSpace(r.PostFormValue("github_token")),

+	}

+	viewer := middleware.CurrentUserFromContext(r.Context())

+	imp, err := orgdomain.StartGitHubImport(r.Context(), orgdomain.ImportDeps{

+		Pool: h.d.Pool, Box: h.d.SecretBox, Logger: h.d.Logger,

+	}, orgdomain.StartGitHubImportParams{

+		OrgID: org.ID, SourceOrg: form.GitHubOrg,

+		RequestedByUserID: viewer.ID, Token: form.GitHubToken,

+	})

+	if err != nil {

+		h.renderSettingsImport(w, r, org, form.withoutToken(), friendlyImportError(err), "")

+		return

+	}

+	http.Redirect(w, r, "/organizations/"+org.Slug+"/imports/"+strconv.FormatInt(imp.ID, 10), http.StatusSeeOther)

+}

+

+func (f importForm) withoutToken() importForm {

+	f.GitHubToken = ""

+	return f

+}

+

+func (h *Handlers) importProgress(w http.ResponseWriter, r *http.Request) {

+	org, ok := h.loadOrgSettingsOwner(w, r)

+	if !ok {

+		return

+	}

+	importID, err := strconv.ParseInt(chi.URLParam(r, "importID"), 10, 64)

+	if err != nil || importID <= 0 {

+		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")

+		return

+	}

+	q := orgsdb.New()

+	progress, err := q.GetOrgGithubImportProgress(r.Context(), h.d.Pool, orgsdb.GetOrgGithubImportProgressParams{

+		ID:    importID,

+		OrgID: org.ID,

+	})

+	if err != nil {

+		if errors.Is(err, pgx.ErrNoRows) {

+			h.d.Render.HTTPError(w, r, http.StatusNotFound, "")

+			return

+		}

+		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+		return

+	}

+	items, err := q.ListOrgGithubImportRepos(r.Context(), h.d.Pool, importID)

+	if err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+		return

+	}

+	if err := h.d.Render.RenderPage(w, r, "orgs/import_progress", map[string]any{

+		"Title":        org.Slug + " - GitHub import",

+		"CSRFToken":    middleware.CSRFTokenForRequest(r),

+		"Org":          org,

+		"AvatarURL":    "/avatars/" + url.PathEscape(org.Slug),

+		"ActiveOrgNav": "settings",

+		"Progress":     progress,

+		"Items":        items,

+		"IsTerminal":   orgdomain.IsTerminalImportStatus(progress.Status),

+	}); err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "org import: render progress", "error", err)

+	}

+}

+

+func (h *Handlers) renderSettingsImport(w http.ResponseWriter, r *http.Request, org orgsdb.Org, form importForm, errMsg, notice string) {

+	imports, err := orgsdb.New().ListOrgGithubImportsForOrg(r.Context(), h.d.Pool, orgsdb.ListOrgGithubImportsForOrgParams{

+		OrgID: org.ID,

+		Limit: 10,

+	})

+	if err != nil {

+		h.d.Logger.WarnContext(r.Context(), "org import: list imports", "error", err, "org_id", org.ID)

+	}

+	_ = h.d.Render.RenderPage(w, r, "orgs/settings_import", map[string]any{

+		"Title":        org.Slug + " - repository import",

+		"CSRFToken":    middleware.CSRFTokenForRequest(r),

+		"Org":          org,

+		"AvatarURL":    "/avatars/" + url.PathEscape(org.Slug),

+		"ActiveOrgNav": "settings",

+		"Form":         form,

+		"Error":        errMsg,

+		"Notice":       notice,

+		"Imports":      imports,

+		"SecretBoxOK":  h.d.SecretBox != nil,

+	})

+}

+

+func friendlyImportError(err error) string {

+	switch {

+	case errors.Is(err, orgdomain.ErrInvalidGitHubOrg):

+		return "GitHub organization must be a valid organization name or github.com organization URL."

+	case errors.Is(err, orgdomain.ErrImportTokenKeyNeeded):

+		return "GitHub token imports require the server secret key to be configured."

+	default:

+		return "Could not start the GitHub organization import."

+	}

+}

+

+func importNotice(code string) string {

+	switch code {

+	case "start-failed":

+		return "The organization was created, but the import could not be started. Try again here."

+	default:

+		return ""

+	}

+}

+//	GET  /organizations/{org}/settings/import               GitHub org import

+//	POST /organizations/{org}/settings/import               start GitHub org import

+//	GET  /organizations/{org}/imports/{importID}            GitHub org import progress

+	r.Get("/organizations/{org}/settings/import", h.settingsImport)

+	r.Post("/organizations/{org}/settings/import", h.settingsImportSubmit)

+	r.Get("/organizations/{org}/imports/{importID}", h.importProgress)

+	h.renderNewForm(w, r, orgCreateForm{}, "")

+}

+

+type orgCreateForm struct {

+	Slug         string

+	DisplayName  string

+	BillingEmail string

+	GitHubOrg    string

+	GitHubToken  string

+	form := orgCreateForm{

+		Slug:         strings.TrimSpace(r.PostFormValue("slug")),

+		DisplayName:  strings.TrimSpace(r.PostFormValue("display_name")),

+		BillingEmail: strings.TrimSpace(r.PostFormValue("billing_email")),

+		GitHubOrg:    strings.TrimSpace(r.PostFormValue("github_org")),

+		GitHubToken:  strings.TrimSpace(r.PostFormValue("github_token")),

+	}

+	if form.GitHubOrg != "" {

+		if _, err := orgs.NormalizeGitHubOrg(form.GitHubOrg); err != nil {

+			h.renderNewForm(w, r, form, "GitHub organization must be a valid organization name or github.com organization URL.")

+			return

+		}

+		if form.GitHubToken != "" && h.d.SecretBox == nil {

+			h.renderNewForm(w, r, form.withoutToken(), "GitHub token imports require the server secret key to be configured.")

+			return

+		}

+	}

+		Slug:            form.Slug,

+		DisplayName:     form.DisplayName,

+		BillingEmail:    form.BillingEmail,

+		h.renderNewForm(w, r, form.withoutToken(), friendlyOrgErr(err))

+		return

+	}

+	if form.GitHubOrg != "" {

+		imp, err := orgs.StartGitHubImport(r.Context(), orgs.ImportDeps{

+			Pool: h.d.Pool, Box: h.d.SecretBox, Logger: h.d.Logger,

+		}, orgs.StartGitHubImportParams{

+			OrgID: row.ID, SourceOrg: form.GitHubOrg,

+			RequestedByUserID: viewer.ID, Token: form.GitHubToken,

+		})

+		if err != nil {

+			h.d.Logger.WarnContext(r.Context(), "orgs: start GitHub import after create", "error", err, "org_id", row.ID)

+			http.Redirect(w, r, "/organizations/"+row.Slug+"/settings/import?notice=start-failed", http.StatusSeeOther)

+			return

+		}

+		http.Redirect(w, r, "/organizations/"+row.Slug+"/imports/"+strconv.FormatInt(imp.ID, 10), http.StatusSeeOther)

+func (f orgCreateForm) withoutToken() orgCreateForm {

+	f.GitHubToken = ""

+	return f

+}

+

+func (h *Handlers) renderNewForm(w http.ResponseWriter, r *http.Request, form orgCreateForm, errMsg string) {

+		"Slug":      form.Slug,

+		"Form":      form,

+.shithub-org-import-create {

+  display: grid;

+  gap: 0.75rem;

+  margin: 1rem 0;

+  padding: 1rem;

+  border: 1px solid var(--border-default);

+  border-radius: 6px;

+}

+.shithub-org-import-create legend {

+  padding: 0 0.35rem;

+  font-weight: 600;

+}

+.shithub-org-import-create p {

+  margin: 0;

+  color: var(--fg-muted);

+}

+.shithub-org-import-form {

+  max-width: 640px;

+}

+.shithub-org-import-history {

+  overflow: hidden;

+  border: 1px solid var(--border-default);

+  border-radius: 6px;

+}

+.shithub-org-import-history-row {

+  display: grid;

+  grid-template-columns: minmax(0, 1fr) auto auto;

+  gap: 1rem;

+  align-items: center;

+  padding: 0.75rem 1rem;

+  border-top: 1px solid var(--border-muted, var(--border-default));

+  color: var(--fg-default);

+  text-decoration: none;

+}

+.shithub-org-import-history-row:first-child {

+  border-top: 0;

+}

+.shithub-org-import-history-row:hover {

+  background: var(--canvas-subtle);

+  text-decoration: none;

+}

+.shithub-org-import-progress {

+  max-width: 960px;

+  margin: 0 auto;

+  padding: 1.5rem 1rem 3rem;

+}

+.shithub-org-import-progress-head {

+  display: flex;

+  justify-content: space-between;

+  gap: 1rem;

+  align-items: center;

+  padding-bottom: 1rem;

+  border-bottom: 1px solid var(--border-default);

+}

+.shithub-org-import-progress-head h1 {

+  margin: 0.15rem 0 0;

+  font-size: 1.5rem;

+}

+.shithub-org-import-status {

+  display: inline-flex;

+  align-items: center;

+  gap: 0.35rem;

+  width: max-content;

+  padding: 0.15rem 0.5rem;

+  border: 1px solid var(--border-default);

+  border-radius: 999px;

+  color: var(--fg-muted);

+  font-size: 0.75rem;

+  font-weight: 600;

+  text-transform: capitalize;

+}

+.shithub-org-import-status.is-imported,

+.shithub-org-import-status.is-completed {

+  color: var(--success-fg);

+  border-color: color-mix(in srgb, var(--success-fg) 45%, transparent);

+}

+.shithub-org-import-status.is-failed {

+  color: var(--danger-fg);

+  border-color: color-mix(in srgb, var(--danger-fg) 45%, transparent);

+}

+.shithub-org-import-status.is-importing,

+.shithub-org-import-status.is-discovering {

+  color: var(--accent-fg);

+  border-color: color-mix(in srgb, var(--accent-fg) 45%, transparent);

+}

+.shithub-org-import-counts {

+  display: grid;

+  grid-template-columns: repeat(5, minmax(0, 1fr));

+  gap: 0;

+  margin: 1rem 0;

+  overflow: hidden;

+  border: 1px solid var(--border-default);

+  border-radius: 6px;

+  background: var(--canvas-default);

+}

+.shithub-org-import-counts div {

+  display: grid;

+  gap: 0.15rem;

+  padding: 0.8rem 1rem;

+  border-left: 1px solid var(--border-muted, var(--border-default));

+}

+.shithub-org-import-counts div:first-child {

+  border-left: 0;

+}

+.shithub-org-import-counts strong {

+  font-size: 1.2rem;

+}

+.shithub-org-import-counts span {

+  color: var(--fg-muted);

+  font-size: 0.8rem;

+}

+.shithub-org-import-list {

+  overflow: hidden;

+  border: 1px solid var(--border-default);

+  border-radius: 6px;

+  background: var(--canvas-default);

+}

+.shithub-org-import-row {

+  display: grid;

+  grid-template-columns: minmax(0, 1fr) auto;

+  gap: 1rem;

+  align-items: center;

+  padding: 0.85rem 1rem;

+  border-top: 1px solid var(--border-muted, var(--border-default));

+}

+.shithub-org-import-row:first-child {

+  border-top: 0;

+}

+.shithub-org-import-row-title {

+  display: flex;

+  flex-wrap: wrap;

+  gap: 0.45rem;

+  align-items: center;

+  font-weight: 600;

+}

+.shithub-org-import-row p {

+  margin: 0.2rem 0 0;

+  color: var(--fg-muted);

+}

+.shithub-org-import-row .shithub-org-import-error {

+  color: var(--danger-fg);

+}

+.shithub-spinner {

+  width: 12px;

+  height: 12px;

+  border: 2px solid currentColor;

+  border-right-color: transparent;

+  border-radius: 50%;

+  animation: shithub-spin 0.75s linear infinite;

+}

+.shithub-org-import-actions {

+  display: flex;

+  gap: 0.5rem;

+  margin-top: 1rem;

+}

+@keyframes shithub-spin {

+  to { transform: rotate(360deg); }

+}

+{{ define "page" -}}

+<section class="shithub-org-settings-page">

+  {{ if not .IsTerminal }}<script>setTimeout(function(){ window.location.reload(); }, 3000);</script>{{ end }}

+  <header class="shithub-org-pagehead shithub-org-settings-pagehead">

+    <div class="shithub-org-pagehead-inner">

+      <a class="shithub-org-pagehead-title" href="/{{ .Org.Slug }}">

+        <img src="{{ .AvatarURL }}" alt="" width="30" height="30">

+        <span>{{ if .Org.DisplayName }}{{ .Org.DisplayName }}{{ else }}{{ .Org.Slug }}{{ end }}</span>

+      </a>

+    </div>

+  </header>

+

+  <main class="shithub-org-import-progress">

+    <div class="shithub-org-import-progress-head">

+      <div>

+        <p class="shithub-muted">github.com/{{ .Progress.SourceOrg }}</p>

+        <h1>Import repositories</h1>

+      </div>

+      <span class="shithub-org-import-status is-{{ .Progress.Status }}">{{ .Progress.Status }}</span>

+    </div>

+

+    {{ if .Progress.LastError.Valid }}

+    <p class="shithub-flash shithub-flash-error" role="alert">{{ .Progress.LastError.String }}</p>

+    {{ end }}

+

+    <div class="shithub-org-import-counts" aria-label="Import progress">

+      <div><strong>{{ .Progress.ImportedCount }}</strong><span>Imported</span></div>

+      <div><strong>{{ .Progress.ImportingCount }}</strong><span>Importing</span></div>

+      <div><strong>{{ .Progress.QueuedCount }}</strong><span>Queued</span></div>

+      <div><strong>{{ .Progress.SkippedCount }}</strong><span>Skipped</span></div>

+      <div><strong>{{ .Progress.FailedCount }}</strong><span>Failed</span></div>

+    </div>

+

+    <div class="shithub-org-import-list">

+      {{ range .Items }}

+      <div class="shithub-org-import-row">

+        <div>

+          <div class="shithub-org-import-row-title">

+            {{ if eq .Status "imported" }}

+              <a href="/{{ $.Org.Slug }}/{{ .TargetName }}">{{ .SourceName }}</a>

+            {{ else }}

+              <span>{{ .SourceName }}</span>

+            {{ end }}

+            <span class="shithub-repo-visibility">{{ .TargetVisibility }}</span>

+          </div>

+          <p>{{ if .Description }}{{ .Description }}{{ else }}{{ .SourceFullName }}{{ end }}</p>

+          {{ if .LastError.Valid }}<p class="shithub-org-import-error">{{ .LastError.String }}</p>{{ end }}

+        </div>

+        <span class="shithub-org-import-status is-{{ .Status }}">{{ if eq .Status "queued" }}{{ octicon "history" }}{{ else if eq .Status "importing" }}<span class="shithub-spinner" aria-hidden="true"></span>{{ else if eq .Status "imported" }}{{ octicon "check" }}{{ else if eq .Status "skipped" }}{{ octicon "dash" }}{{ else }}{{ octicon "x" }}{{ end }} {{ .Status }}</span>

+      </div>

+      {{ else }}

+      <p class="shithub-empty-note">Repository discovery has not finished yet.</p>

+      {{ end }}

+    </div>

+

+    <p class="shithub-org-import-actions">

+      <a class="shithub-button" href="/organizations/{{ .Org.Slug }}/settings/import">Back to imports</a>

+      <a class="shithub-button" href="/orgs/{{ .Org.Slug }}/repositories">View repositories</a>

+    </p>

+  </main>

+</section>

+{{- end }}

+             value="{{ .Form.Slug }}" autofocus>

+      <input type="text" name="display_name" value="{{ .Form.DisplayName }}">

+      <input type="email" name="billing_email" autocomplete="email" value="{{ .Form.BillingEmail }}">

+    <fieldset class="shithub-org-import-create">

+      <legend>Import repositories from GitHub</legend>

+      <p>Optionally mirror repositories from a GitHub organization after this organization is created.</p>

+      <label>

+        <span>GitHub organization</span>

+        <input type="text" name="github_org" placeholder="github-org" value="{{ .Form.GitHubOrg }}" autocomplete="off">

+      </label>

+      <label>

+        <span>GitHub token (optional)</span>

+        <input type="password" name="github_token" autocomplete="off" placeholder="Required for private repositories">

+      </label>

+      <p class="shithub-auth-aside">Without a token, shithub imports public repositories only. With a token, repositories visible to that token are imported and private repositories stay private.</p>

+    </fieldset>

+{{ define "page" -}}

+<section class="shithub-org-settings-page">

+  <header class="shithub-org-pagehead shithub-org-settings-pagehead">

+    <div class="shithub-org-pagehead-inner">

+      <a class="shithub-org-pagehead-title" href="/{{ .Org.Slug }}">

+        <img src="{{ .AvatarURL }}" alt="" width="30" height="30">

+        <span>{{ if .Org.DisplayName }}{{ .Org.DisplayName }}{{ else }}{{ .Org.Slug }}{{ end }}</span>

+      </a>

+    </div>

+  </header>

+

+  <div class="shithub-org-settings-layout">

+    <aside class="shithub-org-settings-sidebar" aria-label="Organization settings">

+      <h1>Settings</h1>

+      <nav class="shithub-org-settings-menu">

+        <a href="/organizations/{{ .Org.Slug }}/settings/profile">{{ octicon "organization" }} General</a>

+        <a class="is-selected" href="/organizations/{{ .Org.Slug }}/settings/import" aria-current="page">{{ octicon "repo" }} Import repositories</a>

+        <span aria-disabled="true">{{ octicon "people" }} People</span>

+        <span aria-disabled="true">{{ octicon "repo" }} Repository defaults</span>

+        <span aria-disabled="true">{{ octicon "lock" }} Member privileges</span>

+        <h2>Code, planning, and automation</h2>

+        <span aria-disabled="true">{{ octicon "play" }} Actions</span>

+        <span aria-disabled="true">{{ octicon "table" }} Projects</span>

+        <span aria-disabled="true">{{ octicon "package" }} Packages</span>

+        <h2>Security</h2>

+        <span aria-disabled="true">{{ octicon "shield-check" }} Code security</span>

+        <span aria-disabled="true">{{ octicon "globe" }} Domains</span>

+        <h2>Access</h2>

+        <span aria-disabled="true">{{ octicon "gear" }} Integrations</span>

+        <span aria-disabled="true">{{ octicon "history" }} Audit log</span>

+      </nav>

+    </aside>

+

+    <div class="shithub-org-settings-main">

+      {{ with .Error }}<p class="shithub-flash shithub-flash-error" role="alert">{{ . }}</p>{{ end }}

+      {{ with .Notice }}<p class="shithub-flash shithub-flash-success" role="status">{{ . }}</p>{{ end }}

+

+      <div class="Subhead">

+        <h2 class="Subhead-heading Subhead-heading--large">Import repositories</h2>

+      </div>

+

+      <form method="POST" action="/organizations/{{ .Org.Slug }}/settings/import" class="shithub-org-settings-form shithub-org-import-form" novalidate>

+        <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">

+        <label>

+          <span>GitHub organization</span>

+          <input type="text" name="github_org" value="{{ .Form.GitHubOrg }}" placeholder="github-org" required autocomplete="off">

+        </label>

+        <label>

+          <span>GitHub token <small>(optional)</small></span>

+          <input type="password" name="github_token" placeholder="Required for private repositories" autocomplete="off">

+        </label>

+        {{ if not .SecretBoxOK }}

+        <p class="shithub-flash shithub-flash-error" role="status">Token-backed imports are disabled until the server secret key is configured.</p>

+        {{ end }}

+        <p class="shithub-empty-note">Public imports need no token. Token-backed imports include private repositories visible to that token and keep them private on shithub.</p>

+        <button type="submit" class="shithub-button shithub-button-primary">Start import</button>

+      </form>

+

+      <section class="shithub-org-settings-section" aria-labelledby="org-import-history-heading">

+        <div class="Subhead Subhead--spacious border-bottom-0 mb-0 tmp-mb-0">

+          <h2 id="org-import-history-heading" class="Subhead-heading">Recent imports</h2>

+        </div>

+        <div class="shithub-org-import-history">

+          {{ range .Imports }}

+          <a href="/organizations/{{ $.Org.Slug }}/imports/{{ .ID }}" class="shithub-org-import-history-row">

+            <span>{{ .SourceOrg }}</span>

+            <span class="shithub-org-import-status is-{{ .Status }}">{{ .Status }}</span>

+            <span>{{ relativeTime .CreatedAt.Time }}</span>

+          </a>

+          {{ else }}

+          <p class="shithub-empty-note">No imports have been started for this organization.</p>

+          {{ end }}

+        </div>

+      </section>

+    </div>

+  </div>

+</section>

+{{- end }}

+        <a href="/organizations/{{ .Org.Slug }}/settings/import">{{ octicon "repo" }} Import repositories</a>