From 6735dcd02dd5bbfd6c35b80c84e34b5975fe1665 Mon Sep 17 00:00:00 2001
From: LaoQi <me@madao.dev>
Date: Thu, 6 Feb 2025 03:25:18 +0800
Subject: [PATCH 1/6] Basic support description field for secrets and variables
 (#33484)

---
 models/actions/variable.go                    | 19 +++++++-----
 models/migrations/migrations.go               |  1 +
 models/migrations/v1_24/v313.go               | 20 +++++++++++++
 models/secret/secret.go                       | 12 ++++----
 modules/structs/secret.go                     |  7 +++++
 modules/structs/variable.go                   | 12 ++++++++
 options/locale/locale_en-US.ini               |  2 ++
 routers/api/v1/org/action.go                  | 30 +++++++++++--------
 routers/api/v1/repo/action.go                 | 29 ++++++++++--------
 routers/api/v1/user/action.go                 | 25 +++++++++-------
 routers/web/shared/actions/variables.go       |  4 +--
 routers/web/shared/secrets/secrets.go         |  3 +-
 services/actions/variables.go                 | 13 ++++----
 services/forms/user_form.go                   | 10 ++++---
 services/secrets/secrets.go                   |  4 +--
 templates/shared/secrets/add_list.tmpl        | 12 ++++++++
 templates/shared/variables/variable_list.tmpl | 13 ++++++++
 tests/integration/api_repo_secrets_test.go    | 27 +++++++++++++++++
 18 files changed, 179 insertions(+), 64 deletions(-)
 create mode 100644 models/migrations/v1_24/v313.go

diff --git a/models/actions/variable.go b/models/actions/variable.go
index d0f917d923..859e6ce517 100644
--- a/models/actions/variable.go
+++ b/models/actions/variable.go
@@ -32,6 +32,7 @@ type ActionVariable struct {
 	RepoID      int64              `xorm:"INDEX UNIQUE(owner_repo_name)"`
 	Name        string             `xorm:"UNIQUE(owner_repo_name) NOT NULL"`
 	Data        string             `xorm:"LONGTEXT NOT NULL"`
+	Description string             `xorm:"TEXT"`
 	CreatedUnix timeutil.TimeStamp `xorm:"created NOT NULL"`
 	UpdatedUnix timeutil.TimeStamp `xorm:"updated"`
 }
@@ -40,7 +41,7 @@ func init() {
 	db.RegisterModel(new(ActionVariable))
 }
 
-func InsertVariable(ctx context.Context, ownerID, repoID int64, name, data string) (*ActionVariable, error) {
+func InsertVariable(ctx context.Context, ownerID, repoID int64, name, data, description string) (*ActionVariable, error) {
 	if ownerID != 0 && repoID != 0 {
 		// It's trying to create a variable that belongs to a repository, but OwnerID has been set accidentally.
 		// Remove OwnerID to avoid confusion; it's not worth returning an error here.
@@ -48,10 +49,11 @@ func InsertVariable(ctx context.Context, ownerID, repoID int64, name, data strin
 	}
 
 	variable := &ActionVariable{
-		OwnerID: ownerID,
-		RepoID:  repoID,
-		Name:    strings.ToUpper(name),
-		Data:    data,
+		OwnerID:     ownerID,
+		RepoID:      repoID,
+		Name:        strings.ToUpper(name),
+		Data:        data,
+		Description: description,
 	}
 	return variable, db.Insert(ctx, variable)
 }
@@ -86,10 +88,11 @@ func FindVariables(ctx context.Context, opts FindVariablesOpts) ([]*ActionVariab
 }
 
 func UpdateVariable(ctx context.Context, variable *ActionVariable) (bool, error) {
-	count, err := db.GetEngine(ctx).ID(variable.ID).Cols("name", "data").
+	count, err := db.GetEngine(ctx).ID(variable.ID).Cols("name", "data", "description").
 		Update(&ActionVariable{
-			Name: variable.Name,
-			Data: variable.Data,
+			Name:        variable.Name,
+			Data:        variable.Data,
+			Description: variable.Description,
 		})
 	return count != 0, err
 }
diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go
index 95364ab705..f00a22a34e 100644
--- a/models/migrations/migrations.go
+++ b/models/migrations/migrations.go
@@ -373,6 +373,7 @@ func prepareMigrationTasks() []*migration {
 
 		// Gitea 1.23.0-rc0 ends at migration ID number 311 (database version 312)
 		newMigration(312, "Add DeleteBranchAfterMerge to AutoMerge", v1_24.AddDeleteBranchAfterMergeForAutoMerge),
+		newMigration(313, "Add description for secrets and variables", v1_24.AddDescriptionForSecretsAndVariables),
 	}
 	return preparedMigrations
 }
diff --git a/models/migrations/v1_24/v313.go b/models/migrations/v1_24/v313.go
new file mode 100644
index 0000000000..0378133e53
--- /dev/null
+++ b/models/migrations/v1_24/v313.go
@@ -0,0 +1,20 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package v1_24 //nolint
+
+import (
+	"xorm.io/xorm"
+)
+
+func AddDescriptionForSecretsAndVariables(x *xorm.Engine) error {
+	type Secret struct {
+		Description string `xorm:"TEXT"`
+	}
+
+	type ActionVariable struct {
+		Description string `xorm:"TEXT"`
+	}
+
+	return x.Sync(new(Secret), new(ActionVariable))
+}
diff --git a/models/secret/secret.go b/models/secret/secret.go
index ce0ad65a79..44caa5e2fd 100644
--- a/models/secret/secret.go
+++ b/models/secret/secret.go
@@ -40,6 +40,7 @@ type Secret struct {
 	RepoID      int64              `xorm:"INDEX UNIQUE(owner_repo_name) NOT NULL DEFAULT 0"`
 	Name        string             `xorm:"UNIQUE(owner_repo_name) NOT NULL"`
 	Data        string             `xorm:"LONGTEXT"` // encrypted data
+	Description string             `xorm:"TEXT"`
 	CreatedUnix timeutil.TimeStamp `xorm:"created NOT NULL"`
 }
 
@@ -57,7 +58,7 @@ func (err ErrSecretNotFound) Unwrap() error {
 }
 
 // InsertEncryptedSecret Creates, encrypts, and validates a new secret with yet unencrypted data and insert into database
-func InsertEncryptedSecret(ctx context.Context, ownerID, repoID int64, name, data string) (*Secret, error) {
+func InsertEncryptedSecret(ctx context.Context, ownerID, repoID int64, name, data, description string) (*Secret, error) {
 	if ownerID != 0 && repoID != 0 {
 		// It's trying to create a secret that belongs to a repository, but OwnerID has been set accidentally.
 		// Remove OwnerID to avoid confusion; it's not worth returning an error here.
@@ -72,10 +73,11 @@ func InsertEncryptedSecret(ctx context.Context, ownerID, repoID int64, name, dat
 		return nil, err
 	}
 	secret := &Secret{
-		OwnerID: ownerID,
-		RepoID:  repoID,
-		Name:    strings.ToUpper(name),
-		Data:    encrypted,
+		OwnerID:     ownerID,
+		RepoID:      repoID,
+		Name:        strings.ToUpper(name),
+		Data:        encrypted,
+		Description: description,
 	}
 	return secret, db.Insert(ctx, secret)
 }
diff --git a/modules/structs/secret.go b/modules/structs/secret.go
index a0673ca08c..2afb41ec43 100644
--- a/modules/structs/secret.go
+++ b/modules/structs/secret.go
@@ -10,6 +10,8 @@ import "time"
 type Secret struct {
 	// the secret's name
 	Name string `json:"name"`
+	// the secret's description
+	Description string `json:"description"`
 	// swagger:strfmt date-time
 	Created time.Time `json:"created_at"`
 }
@@ -21,4 +23,9 @@ type CreateOrUpdateSecretOption struct {
 	//
 	// required: true
 	Data string `json:"data" binding:"Required"`
+
+	// Description of the secret to update
+	//
+	// required: false
+	Description string `json:"description"`
 }
diff --git a/modules/structs/variable.go b/modules/structs/variable.go
index cc846cf0ec..5198937303 100644
--- a/modules/structs/variable.go
+++ b/modules/structs/variable.go
@@ -10,6 +10,11 @@ type CreateVariableOption struct {
 	//
 	// required: true
 	Value string `json:"value" binding:"Required"`
+
+	// Description of the variable to create
+	//
+	// required: false
+	Description string `json:"description"`
 }
 
 // UpdateVariableOption the option when updating variable
@@ -21,6 +26,11 @@ type UpdateVariableOption struct {
 	//
 	// required: true
 	Value string `json:"value" binding:"Required"`
+
+	// Description of the variable to update
+	//
+	// required: false
+	Description string `json:"description"`
 }
 
 // ActionVariable return value of the query API
@@ -34,4 +44,6 @@ type ActionVariable struct {
 	Name string `json:"name"`
 	// the value of the variable
 	Data string `json:"data"`
+	// the description of the variable
+	Description string `json:"description"`
 }
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 2842ad16e7..7516f34cf7 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -3694,8 +3694,10 @@ secrets = Secrets
 description = Secrets will be passed to certain actions and cannot be read otherwise.
 none = There are no secrets yet.
 creation = Add Secret
+creation.description = Description
 creation.name_placeholder = case-insensitive, alphanumeric characters or underscores only, cannot start with GITEA_ or GITHUB_
 creation.value_placeholder = Input any content. Whitespace at the start and end will be omitted.
+creation.description_placeholder = Enter short description (optional).
 creation.success = The secret "%s" has been added.
 creation.failed = Failed to add secret.
 deletion = Remove secret
diff --git a/routers/api/v1/org/action.go b/routers/api/v1/org/action.go
index 199ee7d777..e4a3d88a34 100644
--- a/routers/api/v1/org/action.go
+++ b/routers/api/v1/org/action.go
@@ -61,8 +61,9 @@ func (Action) ListActionsSecrets(ctx *context.APIContext) {
 	apiSecrets := make([]*api.Secret, len(secrets))
 	for k, v := range secrets {
 		apiSecrets[k] = &api.Secret{
-			Name:    v.Name,
-			Created: v.CreatedUnix.AsTime(),
+			Name:        v.Name,
+			Description: v.Description,
+			Created:     v.CreatedUnix.AsTime(),
 		}
 	}
 
@@ -106,7 +107,8 @@ func (Action) CreateOrUpdateSecret(ctx *context.APIContext) {
 
 	opt := web.GetForm(ctx).(*api.CreateOrUpdateSecretOption)
 
-	_, created, err := secret_service.CreateOrUpdateSecret(ctx, ctx.Org.Organization.ID, 0, ctx.PathParam("secretname"), opt.Data)
+	_, created, err := secret_service.CreateOrUpdateSecret(
+		ctx, ctx.Org.Organization.ID, 0, ctx.PathParam("secretname"), opt.Data, opt.Description)
 	if err != nil {
 		if errors.Is(err, util.ErrInvalidArgument) {
 			ctx.Error(http.StatusBadRequest, "CreateOrUpdateSecret", err)
@@ -230,10 +232,11 @@ func (Action) ListVariables(ctx *context.APIContext) {
 	variables := make([]*api.ActionVariable, len(vars))
 	for i, v := range vars {
 		variables[i] = &api.ActionVariable{
-			OwnerID: v.OwnerID,
-			RepoID:  v.RepoID,
-			Name:    v.Name,
-			Data:    v.Data,
+			OwnerID:     v.OwnerID,
+			RepoID:      v.RepoID,
+			Name:        v.Name,
+			Data:        v.Data,
+			Description: v.Description,
 		}
 	}
 
@@ -281,10 +284,11 @@ func (Action) GetVariable(ctx *context.APIContext) {
 	}
 
 	variable := &api.ActionVariable{
-		OwnerID: v.OwnerID,
-		RepoID:  v.RepoID,
-		Name:    v.Name,
-		Data:    v.Data,
+		OwnerID:     v.OwnerID,
+		RepoID:      v.RepoID,
+		Name:        v.Name,
+		Data:        v.Data,
+		Description: v.Description,
 	}
 
 	ctx.JSON(http.StatusOK, variable)
@@ -386,7 +390,7 @@ func (Action) CreateVariable(ctx *context.APIContext) {
 		return
 	}
 
-	if _, err := actions_service.CreateVariable(ctx, ownerID, 0, variableName, opt.Value); err != nil {
+	if _, err := actions_service.CreateVariable(ctx, ownerID, 0, variableName, opt.Value, opt.Description); err != nil {
 		if errors.Is(err, util.ErrInvalidArgument) {
 			ctx.Error(http.StatusBadRequest, "CreateVariable", err)
 		} else {
@@ -450,7 +454,7 @@ func (Action) UpdateVariable(ctx *context.APIContext) {
 	if opt.Name == "" {
 		opt.Name = ctx.PathParam("variablename")
 	}
-	if _, err := actions_service.UpdateVariable(ctx, v.ID, opt.Name, opt.Value); err != nil {
+	if _, err := actions_service.UpdateVariable(ctx, v.ID, opt.Name, opt.Value, opt.Description); err != nil {
 		if errors.Is(err, util.ErrInvalidArgument) {
 			ctx.Error(http.StatusBadRequest, "UpdateVariable", err)
 		} else {
diff --git a/routers/api/v1/repo/action.go b/routers/api/v1/repo/action.go
index d27e8d2427..de3b01c571 100644
--- a/routers/api/v1/repo/action.go
+++ b/routers/api/v1/repo/action.go
@@ -69,8 +69,9 @@ func (Action) ListActionsSecrets(ctx *context.APIContext) {
 	apiSecrets := make([]*api.Secret, len(secrets))
 	for k, v := range secrets {
 		apiSecrets[k] = &api.Secret{
-			Name:    v.Name,
-			Created: v.CreatedUnix.AsTime(),
+			Name:        v.Name,
+			Description: v.Description,
+			Created:     v.CreatedUnix.AsTime(),
 		}
 	}
 
@@ -121,7 +122,8 @@ func (Action) CreateOrUpdateSecret(ctx *context.APIContext) {
 
 	opt := web.GetForm(ctx).(*api.CreateOrUpdateSecretOption)
 
-	_, created, err := secret_service.CreateOrUpdateSecret(ctx, 0, repo.ID, ctx.PathParam("secretname"), opt.Data)
+	_, created, err := secret_service.CreateOrUpdateSecret(
+		ctx, 0, repo.ID, ctx.PathParam("secretname"), opt.Data, opt.Description)
 	if err != nil {
 		if errors.Is(err, util.ErrInvalidArgument) {
 			ctx.Error(http.StatusBadRequest, "CreateOrUpdateSecret", err)
@@ -234,10 +236,11 @@ func (Action) GetVariable(ctx *context.APIContext) {
 	}
 
 	variable := &api.ActionVariable{
-		OwnerID: v.OwnerID,
-		RepoID:  v.RepoID,
-		Name:    v.Name,
-		Data:    v.Data,
+		OwnerID:     v.OwnerID,
+		RepoID:      v.RepoID,
+		Name:        v.Name,
+		Data:        v.Data,
+		Description: v.Description,
 	}
 
 	ctx.JSON(http.StatusOK, variable)
@@ -347,7 +350,7 @@ func (Action) CreateVariable(ctx *context.APIContext) {
 		return
 	}
 
-	if _, err := actions_service.CreateVariable(ctx, 0, repoID, variableName, opt.Value); err != nil {
+	if _, err := actions_service.CreateVariable(ctx, 0, repoID, variableName, opt.Value, opt.Description); err != nil {
 		if errors.Is(err, util.ErrInvalidArgument) {
 			ctx.Error(http.StatusBadRequest, "CreateVariable", err)
 		} else {
@@ -414,7 +417,7 @@ func (Action) UpdateVariable(ctx *context.APIContext) {
 	if opt.Name == "" {
 		opt.Name = ctx.PathParam("variablename")
 	}
-	if _, err := actions_service.UpdateVariable(ctx, v.ID, opt.Name, opt.Value); err != nil {
+	if _, err := actions_service.UpdateVariable(ctx, v.ID, opt.Name, opt.Value, opt.Description); err != nil {
 		if errors.Is(err, util.ErrInvalidArgument) {
 			ctx.Error(http.StatusBadRequest, "UpdateVariable", err)
 		} else {
@@ -472,9 +475,11 @@ func (Action) ListVariables(ctx *context.APIContext) {
 	variables := make([]*api.ActionVariable, len(vars))
 	for i, v := range vars {
 		variables[i] = &api.ActionVariable{
-			OwnerID: v.OwnerID,
-			RepoID:  v.RepoID,
-			Name:    v.Name,
+			OwnerID:     v.OwnerID,
+			RepoID:      v.RepoID,
+			Name:        v.Name,
+			Data:        v.Data,
+			Description: v.Description,
 		}
 	}
 
diff --git a/routers/api/v1/user/action.go b/routers/api/v1/user/action.go
index 22707196f4..ce519c806c 100644
--- a/routers/api/v1/user/action.go
+++ b/routers/api/v1/user/action.go
@@ -49,7 +49,8 @@ func CreateOrUpdateSecret(ctx *context.APIContext) {
 
 	opt := web.GetForm(ctx).(*api.CreateOrUpdateSecretOption)
 
-	_, created, err := secret_service.CreateOrUpdateSecret(ctx, ctx.Doer.ID, 0, ctx.PathParam("secretname"), opt.Data)
+	_, created, err := secret_service.CreateOrUpdateSecret(
+		ctx, ctx.Doer.ID, 0, ctx.PathParam("secretname"), opt.Data, opt.Description)
 	if err != nil {
 		if errors.Is(err, util.ErrInvalidArgument) {
 			ctx.Error(http.StatusBadRequest, "CreateOrUpdateSecret", err)
@@ -153,7 +154,7 @@ func CreateVariable(ctx *context.APIContext) {
 		return
 	}
 
-	if _, err := actions_service.CreateVariable(ctx, ownerID, 0, variableName, opt.Value); err != nil {
+	if _, err := actions_service.CreateVariable(ctx, ownerID, 0, variableName, opt.Value, opt.Description); err != nil {
 		if errors.Is(err, util.ErrInvalidArgument) {
 			ctx.Error(http.StatusBadRequest, "CreateVariable", err)
 		} else {
@@ -212,7 +213,7 @@ func UpdateVariable(ctx *context.APIContext) {
 	if opt.Name == "" {
 		opt.Name = ctx.PathParam("variablename")
 	}
-	if _, err := actions_service.UpdateVariable(ctx, v.ID, opt.Name, opt.Value); err != nil {
+	if _, err := actions_service.UpdateVariable(ctx, v.ID, opt.Name, opt.Value, opt.Description); err != nil {
 		if errors.Is(err, util.ErrInvalidArgument) {
 			ctx.Error(http.StatusBadRequest, "UpdateVariable", err)
 		} else {
@@ -296,10 +297,11 @@ func GetVariable(ctx *context.APIContext) {
 	}
 
 	variable := &api.ActionVariable{
-		OwnerID: v.OwnerID,
-		RepoID:  v.RepoID,
-		Name:    v.Name,
-		Data:    v.Data,
+		OwnerID:     v.OwnerID,
+		RepoID:      v.RepoID,
+		Name:        v.Name,
+		Data:        v.Data,
+		Description: v.Description,
 	}
 
 	ctx.JSON(http.StatusOK, variable)
@@ -341,10 +343,11 @@ func ListVariables(ctx *context.APIContext) {
 	variables := make([]*api.ActionVariable, len(vars))
 	for i, v := range vars {
 		variables[i] = &api.ActionVariable{
-			OwnerID: v.OwnerID,
-			RepoID:  v.RepoID,
-			Name:    v.Name,
-			Data:    v.Data,
+			OwnerID:     v.OwnerID,
+			RepoID:      v.RepoID,
+			Name:        v.Name,
+			Data:        v.Data,
+			Description: v.Description,
 		}
 	}
 
diff --git a/routers/web/shared/actions/variables.go b/routers/web/shared/actions/variables.go
index f895475748..e2d9c9b80d 100644
--- a/routers/web/shared/actions/variables.go
+++ b/routers/web/shared/actions/variables.go
@@ -28,7 +28,7 @@ func SetVariablesContext(ctx *context.Context, ownerID, repoID int64) {
 func CreateVariable(ctx *context.Context, ownerID, repoID int64, redirectURL string) {
 	form := web.GetForm(ctx).(*forms.EditVariableForm)
 
-	v, err := actions_service.CreateVariable(ctx, ownerID, repoID, form.Name, form.Data)
+	v, err := actions_service.CreateVariable(ctx, ownerID, repoID, form.Name, form.Data, form.Description)
 	if err != nil {
 		log.Error("CreateVariable: %v", err)
 		ctx.JSONError(ctx.Tr("actions.variables.creation.failed"))
@@ -43,7 +43,7 @@ func UpdateVariable(ctx *context.Context, redirectURL string) {
 	id := ctx.PathParamInt64("variable_id")
 	form := web.GetForm(ctx).(*forms.EditVariableForm)
 
-	if ok, err := actions_service.UpdateVariable(ctx, id, form.Name, form.Data); err != nil || !ok {
+	if ok, err := actions_service.UpdateVariable(ctx, id, form.Name, form.Data, form.Description); err != nil || !ok {
 		log.Error("UpdateVariable: %v", err)
 		ctx.JSONError(ctx.Tr("actions.variables.update.failed"))
 		return
diff --git a/routers/web/shared/secrets/secrets.go b/routers/web/shared/secrets/secrets.go
index 3bd421f86a..791032b4cc 100644
--- a/routers/web/shared/secrets/secrets.go
+++ b/routers/web/shared/secrets/secrets.go
@@ -27,7 +27,8 @@ func SetSecretsContext(ctx *context.Context, ownerID, repoID int64) {
 func PerformSecretsPost(ctx *context.Context, ownerID, repoID int64, redirectURL string) {
 	form := web.GetForm(ctx).(*forms.AddSecretForm)
 
-	s, _, err := secret_service.CreateOrUpdateSecret(ctx, ownerID, repoID, form.Name, util.ReserveLineBreakForTextarea(form.Data))
+	s, _, err := secret_service.CreateOrUpdateSecret(
+		ctx, ownerID, repoID, form.Name, util.ReserveLineBreakForTextarea(form.Data), form.Description)
 	if err != nil {
 		log.Error("CreateOrUpdateSecret failed: %v", err)
 		ctx.JSONError(ctx.Tr("secrets.creation.failed"))
diff --git a/services/actions/variables.go b/services/actions/variables.go
index 8dde9c4af5..940841ccb1 100644
--- a/services/actions/variables.go
+++ b/services/actions/variables.go
@@ -14,7 +14,7 @@ import (
 	secret_service "code.gitea.io/gitea/services/secrets"
 )
 
-func CreateVariable(ctx context.Context, ownerID, repoID int64, name, data string) (*actions_model.ActionVariable, error) {
+func CreateVariable(ctx context.Context, ownerID, repoID int64, name, data, description string) (*actions_model.ActionVariable, error) {
 	if err := secret_service.ValidateName(name); err != nil {
 		return nil, err
 	}
@@ -23,7 +23,7 @@ func CreateVariable(ctx context.Context, ownerID, repoID int64, name, data strin
 		return nil, err
 	}
 
-	v, err := actions_model.InsertVariable(ctx, ownerID, repoID, name, util.ReserveLineBreakForTextarea(data))
+	v, err := actions_model.InsertVariable(ctx, ownerID, repoID, name, util.ReserveLineBreakForTextarea(data), description)
 	if err != nil {
 		return nil, err
 	}
@@ -31,7 +31,7 @@ func CreateVariable(ctx context.Context, ownerID, repoID int64, name, data strin
 	return v, nil
 }
 
-func UpdateVariable(ctx context.Context, variableID int64, name, data string) (bool, error) {
+func UpdateVariable(ctx context.Context, variableID int64, name, data, description string) (bool, error) {
 	if err := secret_service.ValidateName(name); err != nil {
 		return false, err
 	}
@@ -41,9 +41,10 @@ func UpdateVariable(ctx context.Context, variableID int64, name, data string) (b
 	}
 
 	return actions_model.UpdateVariable(ctx, &actions_model.ActionVariable{
-		ID:   variableID,
-		Name: strings.ToUpper(name),
-		Data: util.ReserveLineBreakForTextarea(data),
+		ID:          variableID,
+		Name:        strings.ToUpper(name),
+		Data:        util.ReserveLineBreakForTextarea(data),
+		Description: description,
 	})
 }
 
diff --git a/services/forms/user_form.go b/services/forms/user_form.go
index ed79936add..6ec20608d6 100644
--- a/services/forms/user_form.go
+++ b/services/forms/user_form.go
@@ -325,8 +325,9 @@ func (f *AddKeyForm) Validate(req *http.Request, errs binding.Errors) binding.Er
 
 // AddSecretForm for adding secrets
 type AddSecretForm struct {
-	Name string `binding:"Required;MaxSize(255)"`
-	Data string `binding:"Required;MaxSize(65535)"`
+	Name        string `binding:"Required;MaxSize(255)"`
+	Data        string `binding:"Required;MaxSize(65535)"`
+	Description string `binding:"MaxSize(65535)"`
 }
 
 // Validate validates the fields
@@ -336,8 +337,9 @@ func (f *AddSecretForm) Validate(req *http.Request, errs binding.Errors) binding
 }
 
 type EditVariableForm struct {
-	Name string `binding:"Required;MaxSize(255)"`
-	Data string `binding:"Required;MaxSize(65535)"`
+	Name        string `binding:"Required;MaxSize(255)"`
+	Data        string `binding:"Required;MaxSize(65535)"`
+	Description string `binding:"MaxSize(65535)"`
 }
 
 func (f *EditVariableForm) Validate(req *http.Request, errs binding.Errors) binding.Errors {
diff --git a/services/secrets/secrets.go b/services/secrets/secrets.go
index 031c474dd7..75ce17ebd2 100644
--- a/services/secrets/secrets.go
+++ b/services/secrets/secrets.go
@@ -10,7 +10,7 @@ import (
 	secret_model "code.gitea.io/gitea/models/secret"
 )
 
-func CreateOrUpdateSecret(ctx context.Context, ownerID, repoID int64, name, data string) (*secret_model.Secret, bool, error) {
+func CreateOrUpdateSecret(ctx context.Context, ownerID, repoID int64, name, data, description string) (*secret_model.Secret, bool, error) {
 	if err := ValidateName(name); err != nil {
 		return nil, false, err
 	}
@@ -25,7 +25,7 @@ func CreateOrUpdateSecret(ctx context.Context, ownerID, repoID int64, name, data
 	}
 
 	if len(s) == 0 {
-		s, err := secret_model.InsertEncryptedSecret(ctx, ownerID, repoID, name, data)
+		s, err := secret_model.InsertEncryptedSecret(ctx, ownerID, repoID, name, data, description)
 		if err != nil {
 			return nil, false, err
 		}
diff --git a/templates/shared/secrets/add_list.tmpl b/templates/shared/secrets/add_list.tmpl
index 59596d1013..fb8021ab07 100644
--- a/templates/shared/secrets/add_list.tmpl
+++ b/templates/shared/secrets/add_list.tmpl
@@ -22,6 +22,9 @@
 				<div class="flex-item-title">
 					{{.Name}}
 				</div>
+				<div class="flex-item-body">
+					{{if .Description}} {{.Description}} {{else}} - {{end}}
+				</div>
 				<div class="flex-item-body">
 					******
 				</div>
@@ -67,6 +70,15 @@
 					placeholder="{{ctx.Locale.Tr "secrets.creation.name_placeholder"}}"
 				>
 			</div>
+			<div class="field">
+				<label for="secret-description">{{ctx.Locale.Tr "secrets.creation.description"}}</label>
+				<input
+					id="secret-description"
+					name="description"
+					value="{{.description}}"
+					placeholder="{{ctx.Locale.Tr "secrets.creation.description_placeholder"}}"
+				>
+			</div>
 			<div class="field">
 				<label for="secret-data">{{ctx.Locale.Tr "value"}}</label>
 				<textarea required
diff --git a/templates/shared/variables/variable_list.tmpl b/templates/shared/variables/variable_list.tmpl
index 7a0ab48cef..61a2bc42df 100644
--- a/templates/shared/variables/variable_list.tmpl
+++ b/templates/shared/variables/variable_list.tmpl
@@ -24,6 +24,9 @@
 				<div class="flex-item-title">
 					{{.Name}}
 				</div>
+				<div class="flex-item-body">
+					{{if .Description}} {{.Description}} {{else}} - {{end}}
+				</div>
 				<div class="flex-item-body">
 					{{.Data}}
 				</div>
@@ -39,6 +42,7 @@
 					data-modal-header="{{ctx.Locale.Tr "actions.variables.edit"}}"
 					data-modal-dialog-variable-name="{{.Name}}"
 					data-modal-dialog-variable-data="{{.Data}}"
+					data-modal-dialog-variable-description="{{.Description}}"
 				>
 					{{svg "octicon-pencil"}}
 				</button>
@@ -77,6 +81,15 @@
 					placeholder="{{ctx.Locale.Tr "secrets.creation.name_placeholder"}}"
 				>
 			</div>
+			<div class="field">
+				<label for="dialog-variable-description">{{ctx.Locale.Tr "secrets.creation.description"}}</label>
+				<input
+					name="description"
+					id="dialog-variable-description"
+					value="{{.description}}"
+					placeholder="{{ctx.Locale.Tr "secrets.creation.description_placeholder"}}"
+				>
+			</div>
 			<div class="field">
 				<label for="dialog-variable-data">{{ctx.Locale.Tr "value"}}</label>
 				<textarea required
diff --git a/tests/integration/api_repo_secrets_test.go b/tests/integration/api_repo_secrets_test.go
index c3074d9ece..2059aff484 100644
--- a/tests/integration/api_repo_secrets_test.go
+++ b/tests/integration/api_repo_secrets_test.go
@@ -73,6 +73,33 @@ func TestAPIRepoSecrets(t *testing.T) {
 		}
 	})
 
+	t.Run("CreateWithDescription", func(t *testing.T) {
+		cases := []struct {
+			Name           string
+			Description    string
+			ExpectedStatus int
+		}{
+			{
+				Name:           "no_description",
+				Description:    "",
+				ExpectedStatus: http.StatusCreated,
+			},
+			{
+				Name:           "description",
+				Description:    "some description",
+				ExpectedStatus: http.StatusCreated,
+			},
+		}
+
+		for _, c := range cases {
+			req := NewRequestWithJSON(t, "PUT", fmt.Sprintf("/api/v1/repos/%s/actions/secrets/%s", repo.FullName(), c.Name), api.CreateOrUpdateSecretOption{
+				Data:        "data",
+				Description: c.Description,
+			}).AddTokenAuth(token)
+			MakeRequest(t, req, c.ExpectedStatus)
+		}
+	})
+
 	t.Run("Update", func(t *testing.T) {
 		name := "update_secret"
 		url := fmt.Sprintf("/api/v1/repos/%s/actions/secrets/%s", repo.FullName(), name)

From ce38b10db2907e1cb550dd4518cc673e4de19d5d Mon Sep 17 00:00:00 2001
From: LaoQi <me@madao.dev>
Date: Fri, 7 Feb 2025 02:24:26 +0800
Subject: [PATCH 2/6] Update swagger definitions for variables and secrets

---
 templates/swagger/v1_json.tmpl | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index d22e01c787..a8f2d75022 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -18660,6 +18660,11 @@
           "type": "string",
           "x-go-name": "Data"
         },
+        "description": {
+          "description": "the description of the variable",
+          "type": "string",
+          "x-go-name": "Description"
+        },
         "name": {
           "description": "the name of the variable",
           "type": "string",
@@ -20230,6 +20235,11 @@
           "description": "Data of the secret to update",
           "type": "string",
           "x-go-name": "Data"
+        },
+        "description": {
+          "description": "Description of the secret to update",
+          "type": "string",
+          "x-go-name": "Description"
         }
       },
       "x-go-package": "code.gitea.io/gitea/modules/structs"
@@ -20740,6 +20750,11 @@
         "value"
       ],
       "properties": {
+        "description": {
+          "description": "Description of the variable to create",
+          "type": "string",
+          "x-go-name": "Description"
+        },
         "value": {
           "description": "Value of the variable to create",
           "type": "string",
@@ -24701,6 +24716,11 @@
           "format": "date-time",
           "x-go-name": "Created"
         },
+        "description": {
+          "description": "the secret's description",
+          "type": "string",
+          "x-go-name": "Description"
+        },
         "name": {
           "description": "the secret's name",
           "type": "string",
@@ -25276,6 +25296,11 @@
         "value"
       ],
       "properties": {
+        "description": {
+          "description": "Description of the variable to update",
+          "type": "string",
+          "x-go-name": "Description"
+        },
         "name": {
           "description": "New name for the variable. If the field is empty, the variable name won't be updated.",
           "type": "string",

From 068a048903796bbde961567b1383a86c61dabc71 Mon Sep 17 00:00:00 2001
From: LaoQi <me@madao.dev>
Date: Mon, 10 Feb 2025 03:27:06 +0800
Subject: [PATCH 3/6] Add length limits for description and data

---
 models/actions/variable.go                    | 14 ++++++++++++++
 models/secret/secret.go                       | 15 +++++++++++++++
 routers/web/shared/actions/variables.go       |  2 ++
 routers/web/shared/secrets/secrets.go         |  2 ++
 templates/shared/secrets/add_list.tmpl        |  4 ++--
 templates/shared/variables/variable_list.tmpl |  5 +++--
 6 files changed, 38 insertions(+), 4 deletions(-)

diff --git a/models/actions/variable.go b/models/actions/variable.go
index 859e6ce517..04597f7e30 100644
--- a/models/actions/variable.go
+++ b/models/actions/variable.go
@@ -6,6 +6,7 @@ package actions
 import (
 	"context"
 	"strings"
+	"unicode/utf8"
 
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/modules/log"
@@ -37,6 +38,11 @@ type ActionVariable struct {
 	UpdatedUnix timeutil.TimeStamp `xorm:"updated"`
 }
 
+const (
+	VariableDataMaxLength        = 65536
+	VariableDescriptionMaxLength = 4096
+)
+
 func init() {
 	db.RegisterModel(new(ActionVariable))
 }
@@ -48,6 +54,14 @@ func InsertVariable(ctx context.Context, ownerID, repoID int64, name, data, desc
 		ownerID = 0
 	}
 
+	if utf8.RuneCountInString(data) > VariableDataMaxLength {
+		data = string([]rune(data)[:VariableDataMaxLength])
+	}
+
+	if utf8.RuneCountInString(description) > VariableDescriptionMaxLength {
+		description = string([]rune(description)[:VariableDescriptionMaxLength])
+	}
+
 	variable := &ActionVariable{
 		OwnerID:     ownerID,
 		RepoID:      repoID,
diff --git a/models/secret/secret.go b/models/secret/secret.go
index 44caa5e2fd..e0c991725a 100644
--- a/models/secret/secret.go
+++ b/models/secret/secret.go
@@ -7,6 +7,7 @@ import (
 	"context"
 	"fmt"
 	"strings"
+	"unicode/utf8"
 
 	actions_model "code.gitea.io/gitea/models/actions"
 	"code.gitea.io/gitea/models/db"
@@ -44,6 +45,11 @@ type Secret struct {
 	CreatedUnix timeutil.TimeStamp `xorm:"created NOT NULL"`
 }
 
+const (
+	SecretDataMaxLength        = 65536
+	SecretDescriptionMaxLength = 4096
+)
+
 // ErrSecretNotFound represents a "secret not found" error.
 type ErrSecretNotFound struct {
 	Name string
@@ -68,10 +74,19 @@ func InsertEncryptedSecret(ctx context.Context, ownerID, repoID int64, name, dat
 		return nil, fmt.Errorf("%w: ownerID and repoID cannot be both zero, global secrets are not supported", util.ErrInvalidArgument)
 	}
 
+	if len(data) > SecretDataMaxLength {
+		data = data[:SecretDataMaxLength]
+	}
+
+	if utf8.RuneCountInString(description) > SecretDescriptionMaxLength {
+		description = string([]rune(description)[:SecretDescriptionMaxLength])
+	}
+
 	encrypted, err := secret_module.EncryptSecret(setting.SecretKey, data)
 	if err != nil {
 		return nil, err
 	}
+
 	secret := &Secret{
 		OwnerID:     ownerID,
 		RepoID:      repoID,
diff --git a/routers/web/shared/actions/variables.go b/routers/web/shared/actions/variables.go
index e2d9c9b80d..4a693dee85 100644
--- a/routers/web/shared/actions/variables.go
+++ b/routers/web/shared/actions/variables.go
@@ -23,6 +23,8 @@ func SetVariablesContext(ctx *context.Context, ownerID, repoID int64) {
 		return
 	}
 	ctx.Data["Variables"] = variables
+	ctx.Data["DataMaxLength"] = actions_model.VariableDataMaxLength
+	ctx.Data["DescriptionMaxLength"] = actions_model.VariableDescriptionMaxLength
 }
 
 func CreateVariable(ctx *context.Context, ownerID, repoID int64, redirectURL string) {
diff --git a/routers/web/shared/secrets/secrets.go b/routers/web/shared/secrets/secrets.go
index 791032b4cc..4b5382e4e2 100644
--- a/routers/web/shared/secrets/secrets.go
+++ b/routers/web/shared/secrets/secrets.go
@@ -22,6 +22,8 @@ func SetSecretsContext(ctx *context.Context, ownerID, repoID int64) {
 	}
 
 	ctx.Data["Secrets"] = secrets
+	ctx.Data["DataMaxLength"] = secret_model.SecretDataMaxLength
+	ctx.Data["DescriptionMaxLength"] = secret_model.SecretDescriptionMaxLength
 }
 
 func PerformSecretsPost(ctx *context.Context, ownerID, repoID int64, redirectURL string) {
diff --git a/templates/shared/secrets/add_list.tmpl b/templates/shared/secrets/add_list.tmpl
index fb8021ab07..98c2855103 100644
--- a/templates/shared/secrets/add_list.tmpl
+++ b/templates/shared/secrets/add_list.tmpl
@@ -65,7 +65,6 @@
 				<input autofocus required
 					id="secret-name"
 					name="name"
-					value="{{.name}}"
 					pattern="^(?!GITEA_|GITHUB_)[a-zA-Z_][a-zA-Z0-9_]*$"
 					placeholder="{{ctx.Locale.Tr "secrets.creation.name_placeholder"}}"
 				>
@@ -75,7 +74,7 @@
 				<input
 					id="secret-description"
 					name="description"
-					value="{{.description}}"
+					maxlength="{{.DescriptionMaxLength}}"
 					placeholder="{{ctx.Locale.Tr "secrets.creation.description_placeholder"}}"
 				>
 			</div>
@@ -84,6 +83,7 @@
 				<textarea required
 					id="secret-data"
 					name="data"
+					maxlength="{{.DataMaxLength}}"
 					placeholder="{{ctx.Locale.Tr "secrets.creation.value_placeholder"}}"
 				></textarea>
 			</div>
diff --git a/templates/shared/variables/variable_list.tmpl b/templates/shared/variables/variable_list.tmpl
index 61a2bc42df..29ce22af8b 100644
--- a/templates/shared/variables/variable_list.tmpl
+++ b/templates/shared/variables/variable_list.tmpl
@@ -7,6 +7,7 @@
 			data-modal-header="{{ctx.Locale.Tr "actions.variables.creation"}}"
 			data-modal-dialog-variable-name=""
 			data-modal-dialog-variable-data=""
+			data-modal-dialog-variable-description=""
 		>
 			{{ctx.Locale.Tr "actions.variables.creation"}}
 		</button>
@@ -76,7 +77,6 @@
 				<input autofocus required
 					name="name"
 					id="dialog-variable-name"
-					value="{{.name}}"
 					pattern="^(?!GITEA_|GITHUB_)[a-zA-Z_][a-zA-Z0-9_]*$"
 					placeholder="{{ctx.Locale.Tr "secrets.creation.name_placeholder"}}"
 				>
@@ -86,7 +86,7 @@
 				<input
 					name="description"
 					id="dialog-variable-description"
-					value="{{.description}}"
+					maxlength="{{.DescriptionMaxLength}}"
 					placeholder="{{ctx.Locale.Tr "secrets.creation.description_placeholder"}}"
 				>
 			</div>
@@ -95,6 +95,7 @@
 				<textarea required
 					name="data"
 					id="dialog-variable-data"
+					maxlength="{{.DataMaxLength}}"
 					placeholder="{{ctx.Locale.Tr "secrets.creation.value_placeholder"}}"
 				></textarea>
 			</div>

From 16238e0f1d8661a5fedbf58facfad8fd52c4e5a8 Mon Sep 17 00:00:00 2001
From: LaoQi <me@madao.dev>
Date: Mon, 10 Feb 2025 22:48:43 +0800
Subject: [PATCH 4/6] Swap the positions of Data and Description

---
 templates/shared/secrets/add_list.tmpl        | 19 ++++++++++---------
 templates/shared/variables/variable_list.tmpl | 19 ++++++++++---------
 2 files changed, 20 insertions(+), 18 deletions(-)

diff --git a/templates/shared/secrets/add_list.tmpl b/templates/shared/secrets/add_list.tmpl
index 98c2855103..254a465390 100644
--- a/templates/shared/secrets/add_list.tmpl
+++ b/templates/shared/secrets/add_list.tmpl
@@ -69,15 +69,6 @@
 					placeholder="{{ctx.Locale.Tr "secrets.creation.name_placeholder"}}"
 				>
 			</div>
-			<div class="field">
-				<label for="secret-description">{{ctx.Locale.Tr "secrets.creation.description"}}</label>
-				<input
-					id="secret-description"
-					name="description"
-					maxlength="{{.DescriptionMaxLength}}"
-					placeholder="{{ctx.Locale.Tr "secrets.creation.description_placeholder"}}"
-				>
-			</div>
 			<div class="field">
 				<label for="secret-data">{{ctx.Locale.Tr "value"}}</label>
 				<textarea required
@@ -87,6 +78,16 @@
 					placeholder="{{ctx.Locale.Tr "secrets.creation.value_placeholder"}}"
 				></textarea>
 			</div>
+			<div class="field">
+				<label for="secret-description">{{ctx.Locale.Tr "secrets.creation.description"}}</label>
+				<textarea
+					id="secret-description"
+					name="description"
+					rows="2"
+					maxlength="{{.DescriptionMaxLength}}"
+					placeholder="{{ctx.Locale.Tr "secrets.creation.description_placeholder"}}"
+				></textarea>
+			</div>
 		</div>
 		{{template "base/modal_actions_confirm" (dict "ModalButtonTypes" "confirm")}}
 	</form>
diff --git a/templates/shared/variables/variable_list.tmpl b/templates/shared/variables/variable_list.tmpl
index 29ce22af8b..87b36ff86a 100644
--- a/templates/shared/variables/variable_list.tmpl
+++ b/templates/shared/variables/variable_list.tmpl
@@ -81,15 +81,6 @@
 					placeholder="{{ctx.Locale.Tr "secrets.creation.name_placeholder"}}"
 				>
 			</div>
-			<div class="field">
-				<label for="dialog-variable-description">{{ctx.Locale.Tr "secrets.creation.description"}}</label>
-				<input
-					name="description"
-					id="dialog-variable-description"
-					maxlength="{{.DescriptionMaxLength}}"
-					placeholder="{{ctx.Locale.Tr "secrets.creation.description_placeholder"}}"
-				>
-			</div>
 			<div class="field">
 				<label for="dialog-variable-data">{{ctx.Locale.Tr "value"}}</label>
 				<textarea required
@@ -99,6 +90,16 @@
 					placeholder="{{ctx.Locale.Tr "secrets.creation.value_placeholder"}}"
 				></textarea>
 			</div>
+			<div class="field">
+				<label for="dialog-variable-description">{{ctx.Locale.Tr "secrets.creation.description"}}</label>
+				<textarea
+					name="description"
+					id="dialog-variable-description"
+					rows="2"
+					maxlength="{{.DescriptionMaxLength}}"
+					placeholder="{{ctx.Locale.Tr "secrets.creation.description_placeholder"}}"
+				></textarea>
+			</div>
 		</div>
 		{{template "base/modal_actions_confirm" (dict "ModalButtonTypes" "confirm")}}
 	</form>

From cb221bca32b36e30d62756b74ace1572b2cf903b Mon Sep 17 00:00:00 2001
From: LaoQi <me@madao.dev>
Date: Mon, 17 Feb 2025 22:46:29 +0800
Subject: [PATCH 5/6] revert input value; replace truncate function

---
 models/actions/variable.go                    | 15 +++++++++-----
 models/secret/secret.go                       | 20 +++++++++++--------
 services/secrets/secrets.go                   |  2 +-
 templates/shared/secrets/add_list.tmpl        |  1 +
 templates/shared/variables/variable_list.tmpl |  1 +
 5 files changed, 25 insertions(+), 14 deletions(-)

diff --git a/models/actions/variable.go b/models/actions/variable.go
index 04597f7e30..cbf71bac25 100644
--- a/models/actions/variable.go
+++ b/models/actions/variable.go
@@ -11,6 +11,7 @@ import (
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/timeutil"
+	"code.gitea.io/gitea/modules/util"
 
 	"xorm.io/builder"
 )
@@ -55,12 +56,10 @@ func InsertVariable(ctx context.Context, ownerID, repoID int64, name, data, desc
 	}
 
 	if utf8.RuneCountInString(data) > VariableDataMaxLength {
-		data = string([]rune(data)[:VariableDataMaxLength])
+		return nil, util.NewInvalidArgumentErrorf("data too long")
 	}
 
-	if utf8.RuneCountInString(description) > VariableDescriptionMaxLength {
-		description = string([]rune(description)[:VariableDescriptionMaxLength])
-	}
+	description = util.TruncateRunes(description, VariableDescriptionMaxLength)
 
 	variable := &ActionVariable{
 		OwnerID:     ownerID,
@@ -102,11 +101,17 @@ func FindVariables(ctx context.Context, opts FindVariablesOpts) ([]*ActionVariab
 }
 
 func UpdateVariable(ctx context.Context, variable *ActionVariable) (bool, error) {
+	if utf8.RuneCountInString(variable.Data) > VariableDataMaxLength {
+		return false, util.NewInvalidArgumentErrorf("data too long")
+	}
+
+	description := util.TruncateRunes(variable.Description, VariableDescriptionMaxLength)
+
 	count, err := db.GetEngine(ctx).ID(variable.ID).Cols("name", "data", "description").
 		Update(&ActionVariable{
 			Name:        variable.Name,
 			Data:        variable.Data,
-			Description: variable.Description,
+			Description: description,
 		})
 	return count != 0, err
 }
diff --git a/models/secret/secret.go b/models/secret/secret.go
index e0c991725a..7f1425ed89 100644
--- a/models/secret/secret.go
+++ b/models/secret/secret.go
@@ -7,7 +7,6 @@ import (
 	"context"
 	"fmt"
 	"strings"
-	"unicode/utf8"
 
 	actions_model "code.gitea.io/gitea/models/actions"
 	"code.gitea.io/gitea/models/db"
@@ -75,12 +74,10 @@ func InsertEncryptedSecret(ctx context.Context, ownerID, repoID int64, name, dat
 	}
 
 	if len(data) > SecretDataMaxLength {
-		data = data[:SecretDataMaxLength]
+		return nil, util.NewInvalidArgumentErrorf("data too long")
 	}
 
-	if utf8.RuneCountInString(description) > SecretDescriptionMaxLength {
-		description = string([]rune(description)[:SecretDescriptionMaxLength])
-	}
+	description = util.TruncateRunes(description, SecretDescriptionMaxLength)
 
 	encrypted, err := secret_module.EncryptSecret(setting.SecretKey, data)
 	if err != nil {
@@ -131,16 +128,23 @@ func (opts FindSecretsOptions) ToConds() builder.Cond {
 }
 
 // UpdateSecret changes org or user reop secret.
-func UpdateSecret(ctx context.Context, secretID int64, data string) error {
+func UpdateSecret(ctx context.Context, secretID int64, data, description string) error {
+	if len(data) > SecretDataMaxLength {
+		return util.NewInvalidArgumentErrorf("data too long")
+	}
+
+	description = util.TruncateRunes(description, SecretDescriptionMaxLength)
+
 	encrypted, err := secret_module.EncryptSecret(setting.SecretKey, data)
 	if err != nil {
 		return err
 	}
 
 	s := &Secret{
-		Data: encrypted,
+		Data:        encrypted,
+		Description: description,
 	}
-	affected, err := db.GetEngine(ctx).ID(secretID).Cols("data").Update(s)
+	affected, err := db.GetEngine(ctx).ID(secretID).Cols("data", "description").Update(s)
 	if affected != 1 {
 		return ErrSecretNotFound{}
 	}
diff --git a/services/secrets/secrets.go b/services/secrets/secrets.go
index 75ce17ebd2..ec6a3cb062 100644
--- a/services/secrets/secrets.go
+++ b/services/secrets/secrets.go
@@ -32,7 +32,7 @@ func CreateOrUpdateSecret(ctx context.Context, ownerID, repoID int64, name, data
 		return s, true, nil
 	}
 
-	if err := secret_model.UpdateSecret(ctx, s[0].ID, data); err != nil {
+	if err := secret_model.UpdateSecret(ctx, s[0].ID, data, description); err != nil {
 		return nil, false, err
 	}
 
diff --git a/templates/shared/secrets/add_list.tmpl b/templates/shared/secrets/add_list.tmpl
index 254a465390..1a082d9315 100644
--- a/templates/shared/secrets/add_list.tmpl
+++ b/templates/shared/secrets/add_list.tmpl
@@ -65,6 +65,7 @@
 				<input autofocus required
 					id="secret-name"
 					name="name"
+					value="{{.name}}"
 					pattern="^(?!GITEA_|GITHUB_)[a-zA-Z_][a-zA-Z0-9_]*$"
 					placeholder="{{ctx.Locale.Tr "secrets.creation.name_placeholder"}}"
 				>
diff --git a/templates/shared/variables/variable_list.tmpl b/templates/shared/variables/variable_list.tmpl
index 87b36ff86a..2bb9098f14 100644
--- a/templates/shared/variables/variable_list.tmpl
+++ b/templates/shared/variables/variable_list.tmpl
@@ -77,6 +77,7 @@
 				<input autofocus required
 					name="name"
 					id="dialog-variable-name"
+					value="{{.name}}"
 					pattern="^(?!GITEA_|GITHUB_)[a-zA-Z_][a-zA-Z0-9_]*$"
 					placeholder="{{ctx.Locale.Tr "secrets.creation.name_placeholder"}}"
 				>

From e0797d75ba4763885a03e38585ba50167804935c Mon Sep 17 00:00:00 2001
From: LaoQi <me@madao.dev>
Date: Tue, 18 Feb 2025 00:51:05 +0800
Subject: [PATCH 6/6] Remove space

---
 templates/shared/secrets/add_list.tmpl        | 2 +-
 templates/shared/variables/variable_list.tmpl | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/shared/secrets/add_list.tmpl b/templates/shared/secrets/add_list.tmpl
index 1a082d9315..977f308b71 100644
--- a/templates/shared/secrets/add_list.tmpl
+++ b/templates/shared/secrets/add_list.tmpl
@@ -23,7 +23,7 @@
 					{{.Name}}
 				</div>
 				<div class="flex-item-body">
-					{{if .Description}} {{.Description}} {{else}} - {{end}}
+					{{if .Description}}{{.Description}}{{else}}-{{end}}
 				</div>
 				<div class="flex-item-body">
 					******
diff --git a/templates/shared/variables/variable_list.tmpl b/templates/shared/variables/variable_list.tmpl
index 2bb9098f14..2edca431c1 100644
--- a/templates/shared/variables/variable_list.tmpl
+++ b/templates/shared/variables/variable_list.tmpl
@@ -26,7 +26,7 @@
 					{{.Name}}
 				</div>
 				<div class="flex-item-body">
-					{{if .Description}} {{.Description}} {{else}} - {{end}}
+					{{if .Description}}{{.Description}}{{else}}-{{end}}
 				</div>
 				<div class="flex-item-body">
 					{{.Data}}