Provider support
A feature-by-provider support matrix across GitHub, GitLab, Bitbucket, Azure DevOps, and Gitea.
A feature × provider matrix covering authentication methods, baseUrl/self-hosted support, discovery,
downloads, and webhooks across GitHub, GitLab, Bitbucket Cloud, Azure DevOps, and Gitea.
Feature matrix
| Feature | GitHub | GitLab | Bitbucket Cloud | Azure DevOps | Gitea |
|---|---|---|---|---|---|
| Subpath import | repo-sdk/github |
repo-sdk/gitlab |
repo-sdk/bitbucket |
repo-sdk/azure-devops |
repo-sdk/gitea |
| Token auth | ✓ (PAT / OAuth) | ✓ (PAT / project / group / OAuth) | ✓ (access token, Bearer) | ✓ (PAT / OAuth) | ✓ (PAT, token scheme) |
| App / alternative auth | ✓ (GitHub App) | — | ✓ (email + API token, Basic) | ✓ (Entra tokenProvider) |
— |
Self-hosted (baseUrl) |
✓ (GHES) | ✓ (self-managed) | ✗ (Cloud only) | ✓ (Server) | ✓ (self-hosted / Forgejo) |
repo string |
owner/name |
group/…/project or id |
workspace/repo_slug |
project/repository |
owner/name |
| Namespace discovery | user + orgs | user + groups | workspaces | projects | user + orgs |
Commit filters (since / until / author) |
server-side | server-side | client-side per page | server-side | client-side author |
Namespace avatarUrl |
✓ | ✓ | ✓ | ✗ | ✓ |
| Archive download | ✓ | ✓ | ✓ (API token auth only) | ✓ | ✓ |
| Clone URL | ✓ (embedded) | ✓ (embedded) | ✓ (embedded) | ✓ (embedded / Entra headers) | ✓ (embedded) |
| Server-side repo pagination | ✓ | ✓ | ✓ | ✗ (single response) | ✓ |
Per-provider caveats
GitHub
- Tag listing carries no date (
tagDates: false) —Tag.dateisundefined. - GitHub App auth uses installation tokens with no user identity: namespace and owned listing use
the installation’s accessible repositories, and resolving the authenticated user throws
unsupported. Single-installation apps can omitinstallationId; zero installs throwunauthorized, multiple throwvalidation. - Clone URLs from GitHub App auth set
expiresAt(~1h). - Ref search (
refs.search) is served by the unpaginatedmatching-refsendpoint — a very broad prefix on a huge repo transfers all matches in one response before the SDK truncates tolimit. Annotated tag matches carry the tag object SHA, not the peeled commit.
GitLab
- Self-managed instances need the full
baseUrlincluding/api/v4. - The
repostring accepts the full subgroup path or the numeric project id. - Project hooks are always active —
active: falsethrowsunsupported.
Bitbucket Cloud
- Cloud only — no
baseUrl. - Archive downloads require the email + API token (Basic) auth; with an access token,
downloadArchivethrowsunsupported. - No
releasewebhook event;pushandtag_pushboth map to the nativerepo:push. since/until/authorcommit filters are applied client-side per page.- Ref search matches case-insensitively (Bitbucket’s filter only supports contains matching; the
SDK narrows the first page to prefix matches, so a page full of mid-name hits can return fewer
than
limitresults).
Gitea
- Targets Gitea ≥ 1.20; Forgejo is API-compatible and works unchanged —
including webhook verification, since Forgejo sends the same
X-Gitea-*delivery headers. - Self-hosted instances need the full
baseUrlincluding/api/v1; the default ishttps://gitea.com/api/v1. - Tag listing carries no date (
tagDates: false) —Tag.dateisundefined. - The
authorcommit filter is applied client-side per page. tag_pushwebhooks map to Gitea’screate/deleteevents; verification uses the bare-hexX-Gitea-Signatureheader.- Gitea has no built-in API rate limiter — a
rate_limitederror can only come from a fronting proxy. - Private resources you lack permission for often return 404 instead of 403 to avoid leaking their existence.
- Ref search is case-sensitive and unpaginated (all matches transfer before the SDK truncates
to
limit). Annotated tag matches carry the tag object SHA, not the peeled commit.
Azure DevOps
organizationis required on the factory and is not part of therepostring.- No repo search and no owned filter — passing
queryorownedthrowsunsupported. - Archive downloads are zip only.
- Webhooks:
pushandtag_pushare delivered by onegit.pushsubscription, sowebhooks.createrequires both together. Noreleaseevent. - Entra auth returns clone credentials in
headersinstead of embedding them in the URL. - The repositories endpoint returns everything in one response — there’s no server-side cursor, so
limitis honored client-side. listOrganizationsis a standalone helper (organizations live outside the org-pinned provider).
Capability matrix
The exact RepoCapabilities values per provider.