From 77b6d18f3f1b4e58ed0c9a56ea95a433918a236e Mon Sep 17 00:00:00 2001 From: Gusted Date: Tue, 8 Apr 2025 05:48:09 +0000 Subject: [PATCH 01/13] chore: update URL of Actions unit Resolves forgejo/docs#1130 Ref forgejo/forgejo#2221 --- docs/user/actions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user/actions.md b/docs/user/actions.md index 63292c13..98f63eb3 100644 --- a/docs/user/actions.md +++ b/docs/user/actions.md @@ -10,7 +10,7 @@ The following guide explains key **concepts** to help understand how `workflows` ## Quick start -- Verify that `Enable Repository Actions` is checked in the `Repository` tab of the `/{owner}/{repository}/settings` page. If the checkbox does not show it means the administrator of the Forgejo instance did not activate the feature. +- Verify that `Enable Repository Actions` is checked in the `Repository` tab of the `/{owner}/{repository}/settings/units#overview` page. If the checkbox does not show it means the administrator of the Forgejo instance did not activate the feature. ![enable actions](../_images/user/actions/enable-repository.png) - Add the following to the `.forgejo/workflows/demo.yaml` file in the repository. ```yaml From 98337affbdeae80ee474f65282de6b514177f046 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petar=20Kapri=C5=A1?= Date: Thu, 10 Apr 2025 21:36:44 +0200 Subject: [PATCH 02/13] Fix broken runner container link --- docs/admin/runner-installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/admin/runner-installation.md b/docs/admin/runner-installation.md index 8e662292..8e1715ae 100644 --- a/docs/admin/runner-installation.md +++ b/docs/admin/runner-installation.md @@ -10,7 +10,7 @@ It needs to be installed separately from the main Forgejo instance. For security Each `Forgejo Runner` release is published for all supported architectures as: - [binaries](https://data.forgejo.org/forgejo/runner/releases) -- [OCI images](https://data.forgejo.org/forgejo/-/packages/container/runner/versions) +- [OCI images](https://code.forgejo.org/forgejo/-/packages/container/runner/) ## Binary installation From 075d17a76bd84aefd20c4e48fbe701403110029e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petar=20Kapri=C5=A1?= Date: Thu, 10 Apr 2025 21:48:14 +0200 Subject: [PATCH 03/13] Mention ENABLE_NOTIFY_MAIL in email setup It seems like this is the option almost everyone setting email up for their instance will want to enable, so it seemed worth mentioning in the email setup guide. --- docs/admin/email-setup.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/admin/email-setup.md b/docs/admin/email-setup.md index e26047f6..93bff993 100644 --- a/docs/admin/email-setup.md +++ b/docs/admin/email-setup.md @@ -25,6 +25,8 @@ Restart Forgejo for the configuration changes to take effect. To send a test email to validate the settings, go to Forgejo > Site Administration > Configuration > SMTP Mailer Configuration. +To enable users to receive email notifications for pull requests or issues, you can set `ENABLE_NOTIFY_MAIL=true` in the configuration. + For the full list of options check the [Config Cheat Sheet](../config-cheat-sheet/#mailer-mailer). > **NOTE:** authentication is only supported when the SMTP server communication is encrypted with TLS or `HOST=localhost`. This is due to protections imposed by the Go internal libraries against STRIPTLS attacks. TLS encryption can be through: From 0df093be8a2a0705e76f6650736dc649ae42801b Mon Sep 17 00:00:00 2001 From: Gusted Date: Mon, 31 Mar 2025 23:08:59 +0200 Subject: [PATCH 04/13] admin: document instance signing - Rewrite the instance commit signing documentation from scratch. - Includes how to configure SSH signing. - Includes section that https://github.com/Foxboron/ssh-tpm-agent could be used for secure SSH signing. - Ref: forgejo/forgejo#6897 --- docs/admin/config-cheat-sheet.md | 3 +- docs/admin/index.md | 2 +- docs/admin/signing.md | 281 ++++++++++++++++++------------- 3 files changed, 163 insertions(+), 123 deletions(-) diff --git a/docs/admin/config-cheat-sheet.md b/docs/admin/config-cheat-sheet.md index 00831245..27e77758 100644 --- a/docs/admin/config-cheat-sheet.md +++ b/docs/admin/config-cheat-sheet.md @@ -149,7 +149,8 @@ In addition, there is _`StaticRootPath`_ which can be set as a built-in at build ### Repository - Signing (`repository.signing`) -- `SIGNING_KEY`: **default**: \[none, KEYID, default \]: Key to sign with. +- `FORMAT`: **openpgp**: \[openpgp, ssh\]: Signing format that Forgejo should use, openpgp uses GPG and ssh uses OpenSSH. +- `SIGNING_KEY`: **default**: \[none, KEYID, default, path/to/ssh/key\]: Key to sign with. If `FORMAT` is set to **ssh** this should be set to an absolute path to an public OpenSSH key. - `SIGNING_NAME` & `SIGNING_EMAIL`: if a KEYID is provided as the `SIGNING_KEY`, use these as the Name and Email address of the signer. These should match publicized name and email address for the key. - `INITIAL_COMMIT`: **always**: \[never, pubkey, twofa, always\]: Sign initial commit. - `never`: Never sign diff --git a/docs/admin/index.md b/docs/admin/index.md index 00a18a75..15807162 100644 --- a/docs/admin/index.md +++ b/docs/admin/index.md @@ -23,7 +23,7 @@ These documents are targeted to people who run Forgejo on their machines. - [Forgejo CLI](./command-line/) - [Search Engines and robots.txt](./search-engines-indexation/) - [Recommended Settings and Tips](./recommendations/) -- [GPG Commit Signatures](./signing/) +- [Instance Commit Signing](./signing/) - [Moderation tools](./moderation/) - [Adopt existing git directories](./adopt/) - [Interface customization](./customization/) diff --git a/docs/admin/signing.md b/docs/admin/signing.md index edcb92af..6dfbbd4a 100644 --- a/docs/admin/signing.md +++ b/docs/admin/signing.md @@ -1,144 +1,183 @@ --- -title: 'GPG Commit Signatures' -license: 'Apache-2.0' -origin_url: 'https://github.com/go-gitea/gitea/blob/e865de1e9d65dc09797d165a51c8e705d2a86030/docs/content/administration/signing.en-us.md' +title: Instance Commit Signing +license: 'CC-BY-SA-4.0' --- -Forgejo will verify GPG commit signatures in the provided tree by -checking if the commits are signed by a key within the Forgejo database, -or if the commit matches the default key for Git. +Forgejo has the ability to sign commits when Forgejo themselves generates those commits, such as: -Keys are not checked to determine if they have expired or revoked. -Keys are also not checked with keyservers. +- Repository initialisation +- Wiki changes +- CRUD actions using the web editor or the API +- Merges from pull requests -A commit will be marked with an unlocked icon if no key can be -found to verify it. +## Configuration -## Automatic Signing +In order for Forgejo to sign commits, it has to know how it should be signing commits and when to sign commits. +Unless otherwise indicated, all configuration settings discussed on this page are for the `[repository.signing]` section. -There are a number of places where Forgejo will generate commits itself: +### Signing key -- Repository Initialisation -- Wiki Changes -- CRUD actions using the editor or the API -- Merges from Pull Requests +Forgejo offers two formats to sign commits with: GPG and SSH. +If you meet the requirements of SSH, then it is strongly preferred to use that instead of GPG. -## Installing and generating a GPG key for Forgejo +#### SSH -Forgejo generates all its commits using the server `git` -command - and the `gpg` command will be used for -signing. +For Forgejo to do SSH commit signing, it needs a Git version equal to or newer than 2.34.0 and `ssh-keygen` binary equal to or newer than version 8.2p1.[^1] -## General Configuration +[^1]: The git version check is already done by Forgejo, but for `ssh-keygen` only the presence of the binary is checked. -Forgejo's configuration for signing can be found with the -`[repository.signing]` section of `app.ini`: +You need a dedicated OpenSSH key pair for instance signing. +If you don't have such key pair yet you can generate one via `ssh-keygen`[^2] or you also could store the SSH key in TPM, there is [a dedicated section](#using-ssh-tpm-agent) with instructions on how to do that. + +[^2]: https://docs.codeberg.org/security/ssh-key/ contains instructions for generating an SSH key pair, you should not generate a FIDO2 (`-sk` type) key pair as that will not work with Forgejo. + +Forgejo needs to be told that it should use SSH signing and which SSH key to use, this should be configured as followed: + +```ini +FORMAT = ssh +SIGNING_KEY = /absolute/path/to/public/ssh/key.pub +``` + +The value for the `SIGNING_KEY` setting needs to be an absolute path to the public key, where the private key needs to be available in the path without the `.pub` suffix. + +Forgejo also needs to be told who the committer of the commit is, which requires a name and email and should be configured as followed: + +```ini +SIGNING_NAME = "forgejo.org Instance" +SIGNING_EMAIL = "noreply@forgejo.org" +``` + +#### GPG + +There are two ways to tell Forgejo which GPG key should be used for commit signing. ```ini -... -[repository.signing] SIGNING_KEY = default -SIGNING_NAME = -SIGNING_EMAIL = -INITIAL_COMMIT = always -CRUD_ACTIONS = pubkey, twofa, parentsigned -WIKI = never -MERGES = pubkey, twofa, basesigned, commitssigned - -... ``` -### `SIGNING_KEY` +Will use the git config to determine the signing key: if the value of `commit.gpgsign` is set to true, then it will use the values of `user.signingkey`, `user.name` and `user.email` for the signing key, committer name and committer email respectively. -There are three main options: +--- -- `none` - this prevents Forgejo from signing any commits -- `default` - Forgejo will default to the key configured within `git config` -- `KEYID` - Forgejo will sign commits with the GPG key with the ID - `KEYID`. In this case you should provide a `SIGNING_NAME` and - `SIGNING_EMAIL` to be displayed for this key. - -The `default` option will interrogate `git config` for -`commit.gpgsign` option - if this is set, then it will use the results -of the `user.signingkey`, `user.name` and `user.email`. - -By default, Forgejo will look for the signing key in `[git].HOME_PATH/.gnupg`. - -However, this path differs from where GnuPG stores keys by default (`$HOME/.gnupg`). - -There are 2 possible solutions here: - -1. Move the `.gnupg` folder after importing/generating keys; -2. Set the `GNUPGHOME` environment variable to help Forgejo find the correct keychain. - -### `INITIAL_COMMIT` - -This option determines whether Forgejo should sign the initial commit -when creating a repository. The possible values are: - -- `never`: Never sign -- `pubkey`: Only sign if the user has a public key -- `twofa`: Only sign if the user logs in with two factor authentication -- `always`: Always sign - -Options other than `never` and `always` can be combined as a comma -separated list. The commit will be signed if all selected options are true. - -### `WIKI` - -This options determines if Forgejo should sign commits to the Wiki. -The possible values are: - -- `never`: Never sign -- `pubkey`: Only sign if the user has a public key -- `twofa`: Only sign if the user logs in with two-factor authentication -- `parentsigned`: Only sign if the parent commit is signed. -- `always`: Always sign - -Options other than `never` and `always` can be combined as a comma -separated list. The commit will be signed if all selected options are true. - -### `CRUD_ACTIONS` - -This option determines if Forgejo should sign commits from the web -editor or API CRUD actions. The possible values are: - -- `never`: Never sign -- `pubkey`: Only sign if the user has a public key -- `twofa`: Only sign if the user logs in with two-factor authentication -- `parentsigned`: Only sign if the parent commit is signed. -- `always`: Always sign - -Options other than `never` and `always` can be combined as a comma -separated list. The change will be signed if all selected options are true. - -### `MERGES` - -This option determines if Forgejo should sign merge commits from PRs. -The possible options are: - -- `never`: Never sign -- `pubkey`: Only sign if the user has a public key -- `twofa`: Only sign if the user logs in with two-factor authentication -- `basesigned`: Only sign if the parent commit in the base repository is signed. -- `headsigned`: Only sign if the head commit in the head branch is signed. -- `commitssigned`: Only sign if all the commits in the head branch to the merge point are signed. -- `approved`: Only sign approved merges to a protected branch. -- `always`: Always sign - -Options other than `never` and `always` can be combined as a comma -separated list. The merge will be signed if all selected options are true. - -## Obtaining the Public Key of the Signing Key - -The public key used to sign Forgejo's commits can be obtained from the API at: - -```sh -/api/v1/signing-key.gpg +```ini +SIGNING_KEY = GPG-KEY-ID +SIGNING_NAME = "forgejo.org Instance" +SIGNING_EMAIL = "noreply@forgejo.org" ``` -In cases where there is a repository specific key this can be obtained from: +Will use the GPG keyid to search for the key in the GPG keyring. Forgejo searches for this key in a directory, which can be computed as follows: If a `GNUPGHOME` environment variable is set, this is used. +Otherwise the `.gnupg` directory in the directory corresponding to the value of the `HOME_PATH` setting in the `[git]` section is used (`[git].HOME_PATH/.gnupg` so to say). +It should be noted that by default, GPG does not use that keyring and you should take extra care when importing or generating the key, for example by setting the value of the `GNUPGHOME` environment to the directory Forgejo uses. -```sh -/api/v1/repos/:username/:reponame/signing-key.gpg +### Signing operations + +There are several operations for which Forgejo will generate a commit and thus be able to sign the commit. +For each operation you can specify under which conditions Forgejo should sign the commit. + +For each operation, you can combine the values as a comma-separated list. +There are two special values that are valid values for each operation and cannot be combined with any other value for that operation: `always` and `never`. +The first value, if set, will always sign the commit and the second value, if set, will never sign the commit. + +#### Initial commit + +When should Forgejo sign the initial commit when creating a repository. +The possible values for the `INITIAL_COMMIT` setting are: + +- `pubkey`: Only if the user has added a GPG key to its account. +- `twofa`: Only if the user is enrolled into two-factor authentication. + +#### Wiki + +When should Forgejo sign commits to the wiki. +The possible values for the `WIKI` setting are: + +- `pubkey`: Only if the user has added a GPG key to its account. +- `twofa`: Only if the user is enrolled into two-factor authentication. +- `parentsigned`: Only if the parent commit is signed. + +#### CRUD actions + +When should Forgejo sign commits that are created for file changes via the web editor or API. +The possible values for the `CRUD_ACTIONS` setting are: + +- `pubkey`: Only if the user has added a GPG key to its account. +- `twofa`: Only if the user is enrolled into two-factor authentication. +- `parentsigned`: Only if the parent commit is signed. + +#### Pull request merges + +When should Forgejo sign merge commits from pull requests. +The possible values for the `MERGES` setting are: + +- `pubkey`: Only if the user has added a GPG key to its account. +- `twofa`: Only if the user is enrolled into two-factor authentication. +- `basesigned`: Only if the parent commit in the base repository is signed. +- `headsigned`: Only if the head commit in the head branch is signed. +- `commitssigned`: Only if all the commits in the head branch to the merge point are signed. +- `approved`: Only if the pull request targets a protected branch and has at least one approval. + +## Obtaining the instance signing key + +If a GPG instance signing key is set, the GPG public key can be obtained at the API route, `/api/v1/signing-key.gpg`. +If a repository specific GPG key is set, it can be obtained at the API route, `/api/v1/repos/{username}/{reponame}/signing-key.gpg` + +If a SSH instance signing key is set, the SSH public key can be obtained at the API route, `/api/v1/signing-key.ssh`. + +## Using ssh-tpm-agent + +It is possible to use [ssh-tpm-agent](https://github.com/Foxboron/ssh-tpm-agent) so that the SSH private key resides in a [Trusted Platform Module (TPM)](https://en.wikipedia.org/wiki/Trusted_Platform_Module) and therefore makes it harder to leak the SSH private key as it does not reside on the filesystem. To use this, the server that Forgejo runs on must have access to TPM 2.0. +This section only explains how to make the SSH private key available to Forgejo, not how to configure Forgejo to use it. + +Follow [the instruction from ssh-tpm-agent](https://github.com/Foxboron/ssh-tpm-agent#usage) to create a key or import an existing key. +An instance key is expected to be a long-lived key[^3] and therefore it is advisable to follow the 'Import existing key' guide as it allows you to backup the private key in a safe place and in case of a recovery, restore the instance SSH key. + +[^3]: Rotating instance keys is currently not possible. + +ssh-tpm-agent acts as an [`ssh-agent(1)`](https://man.archlinux.org/man/ssh-agent.1) and in order for Forgejo to use ssh-tpm-agent to sign commits with, it needs to have a `SSH_AUTH_SOCK` environment set when launching the Forgejo binary. +How to pass this to Forgejo depends on how you run Forgejo, we consider two situation: a Systemd service on bare-metal or containerized (for example, via Docker). + +In either case, the host will need to install the systemd unit service by running `ssh-tpm-agent --install-user-units`. + +### Systemd service + +In the `[Service]` section, add the following (it is fine to have multiple `Environment` keys): + +```toml +Environment=SSH_AUTH_SOCK="/socket/path" ``` + +Where `/socket/path` is replaced with the value of `ssh-tpm-agent --print-socket`. + +### Containerized + +We take [the default docker-compose file](../installation-docker/#docker) as an example. +We add an environment variable and a volume mount to the compose file: + +```yaml +networks: + forgejo: + external: false + +services: + server: + image: codeberg.org/forgejo/forgejo:10 + container_name: forgejo + environment: + - USER_UID=1000 + - USER_GID=1000 ++ - SSH_AUTH_SOCK=$SOCKET_PATH + restart: always + networks: + - forgejo + volumes: + - ./forgejo:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro ++ - $SOCKET_PATH:$SOCKET_PATH + ports: + - "3000:3000" + - "222:22" +``` + +Where `$SOCKET_PATH` is to be replaced with the value of `ssh-tpm-agent --print-socket`. +Another volume would need to be added that exposes the public OpenSSH key, the container path should match with the path that is specified for the `SIGNING_KEY` setting. From 77b7ddb6076952756888128c772ef75e3ad1fc0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petar=20Kapri=C5=A1?= Date: Sat, 12 Apr 2025 13:04:27 +0200 Subject: [PATCH 05/13] Fix broken runner binary link --- docs/admin/runner-installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/admin/runner-installation.md b/docs/admin/runner-installation.md index 8e1715ae..5b6c9eca 100644 --- a/docs/admin/runner-installation.md +++ b/docs/admin/runner-installation.md @@ -9,7 +9,7 @@ It needs to be installed separately from the main Forgejo instance. For security Each `Forgejo Runner` release is published for all supported architectures as: -- [binaries](https://data.forgejo.org/forgejo/runner/releases) +- [binaries](https://code.forgejo.org/forgejo/runner/releases) - [OCI images](https://code.forgejo.org/forgejo/-/packages/container/runner/) ## Binary installation From b23d9c9a9562c63749d2733e1ce2cf9045cdc961 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petar=20Kapri=C5=A1?= Date: Sat, 12 Apr 2025 17:25:22 +0200 Subject: [PATCH 06/13] Fix broken links in runner-installation.md I've fixed broken links, and where I was sure was appropriate, updated the version in the link. I did not change the version in the links in the `OCI image installation` section, as I was unsure if I might actually break something by changing the commands or the docker-compose.yaml. I haven't had the opportunity to try and test that method out yet. --- docs/admin/runner-installation.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/admin/runner-installation.md b/docs/admin/runner-installation.md index 5b6c9eca..0629acee 100644 --- a/docs/admin/runner-installation.md +++ b/docs/admin/runner-installation.md @@ -16,14 +16,14 @@ Each `Forgejo Runner` release is published for all supported architectures as: ### Downloading and installing the binary -Download the latest [binary release](https://data.forgejo.org/forgejo/runner/releases) and verify its signature: +Download the latest [binary release](https://code.forgejo.org/forgejo/runner/releases) and verify its signature: ```shell $ export RUNNER_VERSION=$(curl -X 'GET' https://data.forgejo.org/api/v1/repos/forgejo/runner/releases/latest | jq .name -r | cut -c 2-) -$ wget -O forgejo-runner https://data.forgejo.org/forgejo/runner/releases/download/v${RUNNER_VERSION}/forgejo-runner-${RUNNER_VERSION}-linux-amd64 +$ wget -O forgejo-runner https://code.forgejo.org/forgejo/runner/releases/download/v${RUNNER_VERSION}/forgejo-runner-${RUNNER_VERSION}-linux-amd64 $ chmod +x forgejo-runner -$ wget -O forgejo-runner.asc https://data.forgejo.org/forgejo/runner/releases/download/v${RUNNER_VERSION}/forgejo-runner-${RUNNER_VERSION}-linux-amd64.asc +$ wget -O forgejo-runner.asc https://code.forgejo.org/forgejo/runner/releases/download/v${RUNNER_VERSION}/forgejo-runner-${RUNNER_VERSION}-linux-amd64.asc $ gpg --keyserver keys.openpgp.org --recv EB114F5E6C0DC2BCDD183550A4B61A2DC5923710 $ gpg --verify forgejo-runner.asc forgejo-runner Good signature from "Forgejo " @@ -94,7 +94,7 @@ The `Forgejo runner` relies on application containers (Docker, Podman, etc.) or ```shell $ lxc-helpers.sh lxc_container_run forgejo-runners -- sudo --user debian bash $ sudo apt-get install docker.io wget gnupg2 - $ wget -O forgejo-runner https://data.forgejo.org/forgejo/runner/releases/download/v4.0.0/forgejo-runner-amd64 + $ wget -O forgejo-runner https://code.forgejo.org/forgejo/runner/releases/download/v6.3.1/forgejo-runner-6.3.1-linux-amd64 ... ``` @@ -280,7 +280,7 @@ Use `journalctl -u forgejo-runner.service` to read the runner logs. ## OCI image installation -The [OCI images](https://data.forgejo.org/forgejo/-/packages/container/runner/versions) +The [OCI images](https://code.forgejo.org/forgejo/-/packages/container/runner/) are built from the Dockerfile which is [found in the source directory](https://code.forgejo.org/forgejo/runner/src/branch/main/Dockerfile). It contains the `forgejo-runner` binary. ```shell From c5a1caa7ed95105acab5a36a1c784ea8c70d6881 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petar=20Kapri=C5=A1?= Date: Sat, 12 Apr 2025 17:33:10 +0200 Subject: [PATCH 07/13] Remove unnecessary chmod --- docs/admin/runner-installation.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/admin/runner-installation.md b/docs/admin/runner-installation.md index 0629acee..ca265e73 100644 --- a/docs/admin/runner-installation.md +++ b/docs/admin/runner-installation.md @@ -34,14 +34,13 @@ Next, copy the downloaded binary to `/usr/local/bin` and make it executable: ```shell $ cp forgejo-runner /usr/local/bin/forgejo-runner -$ chmod +x /usr/local/bin/forgejo-runner ``` You should now be able to test the runner by running `forgejo-runner -v`: ``` $ forgejo-runner -v -forgejo-runner version v4.0.0 +forgejo-runner version v6.3.1 ``` ### Setting up the runner user From 3c8db8cd91c353db3e9c1a716fb6f1189e8ebf22 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Tue, 15 Apr 2025 05:43:48 +0000 Subject: [PATCH 08/13] admin: command-line: update (#1147) Reviewed-on: https://codeberg.org/forgejo/docs/pulls/1147 Co-authored-by: Earl Warren Co-committed-by: Earl Warren --- docs/admin/command-line.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/admin/command-line.md b/docs/admin/command-line.md index 6b84ce12..484852a9 100644 --- a/docs/admin/command-line.md +++ b/docs/admin/command-line.md @@ -295,6 +295,8 @@ OPTIONS: --must-change-password Set this option to false to prevent forcing the user to change their password after initial login --random-password-length value Length of the random password to be generated (default: 12) --access-token Generate access token for the user (default: false) + --access-token-name value Name of the generated access token (default: "gitea-admin") + --access-token-scopes value Scopes of the generated access token, comma separated. Examples: "all", "public-only,read:issue", "write:repository,write:user" (default: "all") --restricted Make a restricted user account (default: false) ``` @@ -383,7 +385,7 @@ OPTIONS: --username value, -u value Username --token-name value, -t value Token name (default: "gitea-admin") --raw Display only the token value (default: false) - --scopes value Comma separated list of scopes to apply to access token + --scopes value Comma separated list of scopes to apply to access token, examples: "all", "public-only,read:issue", "write:repository,write:user" (default: "all") ``` ### admin user must-change-password From 2f8a01fe3584c0c90be5818a4c368ad0a53b761f Mon Sep 17 00:00:00 2001 From: tacaly Date: Tue, 15 Apr 2025 05:49:33 +0000 Subject: [PATCH 09/13] fix: improve naming (#1145) As requested by @0ko https://matrix.to/#/!UJgSZwuZLRYXEOyjPb:matrix.org/$TbMlNm9L1P9gHFwJYZ3vTIPBKtUHyaoQVEDdzfTQIxI?via=matrix.org&via=envs.net&via=mozilla.org Reviewed-on: https://codeberg.org/forgejo/docs/pulls/1145 Reviewed-by: Earl Warren Co-authored-by: tacaly Co-committed-by: tacaly --- docs/admin/config-cheat-sheet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/admin/config-cheat-sheet.md b/docs/admin/config-cheat-sheet.md index 27e77758..f3cd489b 100644 --- a/docs/admin/config-cheat-sheet.md +++ b/docs/admin/config-cheat-sheet.md @@ -1141,7 +1141,7 @@ This section only does "set" config, a removed config key from this section won' - `LANGS`: **en-US,zh-CN,zh-HK,zh-TW,da,de-DE,nds,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg,it-IT,fi-FI,fil,eo,tr-TR,cs-CZ,sl,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID**: List of locales shown in language selector. The first locale will be used as the default if user browser's language doesn't match any locale in the list. -- `NAMES`: **English,简体中文,繁體中文(香港),繁體中文(台灣),Danish,Deutsch,Plattdüütsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Filipino,Esperanto,Türkçe,Čeština,Slovenščina,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia**: Visible names corresponding to the locales +- `NAMES`: **English,简体中文,繁體中文(香港),繁體中文(台灣),Dansk,Deutsch,Plattdüütsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Filipino,Esperanto,Türkçe,Čeština,Slovenščina,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia**: Visible names corresponding to the locales ## Markup (`markup`) From 947f3d49f9b64e3b7714e77cc108184592d719d7 Mon Sep 17 00:00:00 2001 From: Paul-Emmanuel Raoul Date: Tue, 15 Apr 2025 06:05:30 +0000 Subject: [PATCH 10/13] Fix typos (#1146) Writing "lose" with two O's is a common mistake. Reviewed-on: https://codeberg.org/forgejo/docs/pulls/1146 Reviewed-by: Beowulf Co-authored-by: Paul-Emmanuel Raoul Co-committed-by: Paul-Emmanuel Raoul --- docs/user/packages/chef.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user/packages/chef.md b/docs/user/packages/chef.md index 509519b1..578f50d4 100644 --- a/docs/user/packages/chef.md +++ b/docs/user/packages/chef.md @@ -14,7 +14,7 @@ To work with the Chef package registry, you have to use [`knife`](https://docs.c The Chef package registry does not use an username:password authentication but signed requests with a private:public key pair. Visit the package owner settings page to create the necessary key pair. -Only the public key is stored inside Forgejo. if you loose access to the private key you must re-generate the key pair. +Only the public key is stored inside Forgejo. If you lose access to the private key you must re-generate the key pair. [Configure `knife`](https://docs.chef.io/workstation/knife_setup/) to use the downloaded private key with your Forgejo username as `client_name`. ## Configure the package registry From 5068decc33bc3afdbaa58760d765a718e7723f0d Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Thu, 17 Apr 2025 22:02:46 +0000 Subject: [PATCH 11/13] fix: thursday is better than wednesday for releases (#1151) @viceice has obligations on Wednesday which makes it more difficult for him to participate when the release is interrupted or delays for some reason. Reviewed-on: https://codeberg.org/forgejo/docs/pulls/1151 Reviewed-by: Beowulf Reviewed-by: Michael Kriese Reviewed-by: 0ko <0ko@noreply.codeberg.org> Co-authored-by: Earl Warren Co-committed-by: Earl Warren --- docs/admin/release-schedule.md | 10 +++++----- release-schedule.json | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/admin/release-schedule.md b/docs/admin/release-schedule.md index ee649ff3..3bb0eb80 100644 --- a/docs/admin/release-schedule.md +++ b/docs/admin/release-schedule.md @@ -14,8 +14,8 @@ Forgejo stable releases are published on a fixed schedule, every quarter. The mo | 9.0 | 25 September 2024 | 16 October 2024 | 16 January 2025 | | 10.0 | 25 December 2024 | 16 January 2025 | 16 April 2025 | | 11.0 (LTS) | 26 March 2025 | 16 April 2025 | **15 July 2026** | -| 12.0 | 25 June 2025 | 16 July 2025 | 15 October 2025 | -| 13.0 | 24 September 2025 | 15 October 2025 | 14 January 2026 | -| 14.0 | 24 December 2025 | 14 January 2026 | 15 April 2026 | -| 15.0 (LTS) | 25 March 2026 | 15 April 2026 | **14 July 2027** | -| 16.0 | 24 June 2026 | 15 July 2026 | 14 October 2026 | +| 12.0 | 25 June 2025 | 17 July 2025 | 15 October 2025 | +| 13.0 | 24 September 2025 | 16 October 2025 | 14 January 2026 | +| 14.0 | 24 December 2025 | 15 January 2026 | 15 April 2026 | +| 15.0 (LTS) | 25 March 2026 | 16 April 2026 | **14 July 2027** | +| 16.0 | 24 June 2026 | 16 July 2026 | 14 October 2026 | diff --git a/release-schedule.json b/release-schedule.json index ab456017..e2678d1f 100644 --- a/release-schedule.json +++ b/release-schedule.json @@ -4,9 +4,9 @@ { "major": "9", "minor": "0", "cut": "2024-09-25", "release": "2024-10-16", "eol": "2025-01-16", "lts": false }, { "major": "10", "minor": "0", "cut": "2024-12-25", "release": "2025-01-16", "eol": "2025-04-16", "lts": false }, { "major": "11", "minor": "0", "cut": "2025-03-26", "release": "2025-04-16", "eol": "2026-07-15", "lts": true }, - { "major": "12", "minor": "0", "cut": "2025-06-25", "release": "2025-07-16", "eol": "2025-10-15", "lts": false }, - { "major": "13", "minor": "0", "cut": "2025-09-24", "release": "2025-10-15", "eol": "2026-01-14", "lts": false }, - { "major": "14", "minor": "0", "cut": "2025-12-24", "release": "2026-01-14", "eol": "2026-04-15", "lts": false }, - { "major": "15", "minor": "0", "cut": "2026-03-25", "release": "2026-04-15", "eol": "2027-07-14", "lts": true }, - { "major": "16", "minor": "0", "cut": "2026-06-24", "release": "2026-07-15", "eol": "2026-10-14", "lts": false } + { "major": "12", "minor": "0", "cut": "2025-06-25", "release": "2025-07-17", "eol": "2025-10-15", "lts": false }, + { "major": "13", "minor": "0", "cut": "2025-09-24", "release": "2025-10-16", "eol": "2026-01-14", "lts": false }, + { "major": "14", "minor": "0", "cut": "2025-12-24", "release": "2026-01-15", "eol": "2026-04-15", "lts": false }, + { "major": "15", "minor": "0", "cut": "2026-03-25", "release": "2026-04-16", "eol": "2027-07-14", "lts": true }, + { "major": "16", "minor": "0", "cut": "2026-06-24", "release": "2026-07-16", "eol": "2026-10-14", "lts": false } ] From 9c9b31e677f9800dc51215033d280bcc68bd79e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oto=20=C5=A0=C5=A5=C3=A1va?= Date: Wed, 23 Apr 2025 07:42:54 +0000 Subject: [PATCH 12/13] user/pull-requests-and-git-flow: Reviews and code owners (#1153) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I noticed `CODEOWNERS` documentation was missing, so I took a look at the source code and put something together. Fixes #420 Reviewed-on: https://codeberg.org/forgejo/docs/pulls/1153 Reviewed-by: Earl Warren Co-authored-by: Oto Šťáva Co-committed-by: Oto Šťáva --- .../pull-request/pull-request-reviewers.png | Bin 0 -> 15953 bytes docs/user/pull-requests-and-git-flow.md | 30 ++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 docs/_images/user/pull-request/pull-request-reviewers.png diff --git a/docs/_images/user/pull-request/pull-request-reviewers.png b/docs/_images/user/pull-request/pull-request-reviewers.png new file mode 100644 index 0000000000000000000000000000000000000000..a69369df715aa53dbb6c505199add7b58ca582f0 GIT binary patch literal 15953 zcmd73`9IX}8$YU2NkRxQ*_tGTB*tEoJ$v5vB|@@f$(A)`NkVAIo-`y4S%zebv7{kc zhLEkXWZ#!zaIQY*ANZd0%Q=2v=J7Dg>viAPbv?H`T3=WF6g?L`4GqmHO$`-88k)mr z;PHF9!|?l;PD~;EIr0##X+%dyH#Dv{Mnl6#qp5Pk$UkFYxc?!-BujidDept6==Z>r zZ1h>j;%GE~TAbCIHTG+YP35j;<(Bt6$Q%g%BL9$g@%83aS1sqW0W7p9p3oj@9P$#1 zUmbZj5cTe-E7vot#OwI=T?Glw=#L6!(ddx1UyZ1^oABXZZBB#^U4#c??kp3>X=olh zUJrq1PRITqJ$dO~%G&BlmAv?=?*t7E)#(oBf%xWpc737212)YZr7W$krBIvEjn=|~?BxR?xA|qkE`H|Ku2^zgBa))SWwi|Z7L_`-E&mmg*k^6-L6L?BPsVlq_ zX%?yZTm_wolwf#Dh3n!yRp*{=`^*_{T}bjoT%^n3dnOY^aan^e=7N`tv=vAgE5`N0 zrEiZD>I7N%lO5(ZBK3uW)~Nmq+rw(P4H68RiL{5t;WL%ZIU`Tg-bkb+NHE;2r<}A& z=M^P-A=H`SmiogjjXxWA7Zvvq(OMeX%s13Ob-a~7?&iiT3S7y)b`Hsep+7k=ri)? z>({lAhEHs zL$uy5=eU>5Qz5q3+G;ua@3F6kVw%y3%9uf6nlYXE;d8bwBHmkz{t7&yA?M@B z=p6l=mqQD2xAS%Db{AEn2rIz~vwu)x%yhJe!}NvtG*|O`d@&kGrQLZwo1m5E%}wbW z%)*%Ge9ufpv)b$}#rl_*U$)sddRi73F)}fUi;3ZiiuR^M_xmR%ki^m%?=M|%@a78< zC#RLR#}Y}-!9z>OXqJzZ_UpYu#ieVvWM%Qhsu4F=Lj@g76%d#T@I#nyOGGvC&G?h;jNRwJlc41_zJEi#DUz1d;L z)h8Orow0^@ozqvjVtGUS3uFQxbpRy;57+}s@5 z{rjk?mS9q5Mn*<;_hWD{Kp11ksV0n(Lu@WCilujmvEMGP z87wgsWuqrKZ^SWn4wT*7-3d4wSD)3bF0{&1GWb<++?fgk{*@tgP>GzNVI&lb=5wVQ6g9UpgR4tTUx2mWqfJ z*6$84tx}V*Fu&)Vg8x`Ib}K6K7_@m}zp=pS zTSyi}D>S&izGQ-}i4Yshi8hJ$ot>R~*});Zn{LJZCc+pMfdt~DTnP0SeD>ej*+jS} ztr+5@2P#7gYnlv?3=6zFmCnEnuB*)EWgxsFPMYH)nOW$<4F1LXT36Wv`S2~fU3dp@Gy^Fb;BDytf5l2I445|9>0ozj?Vd1Qc_Y| zi|cZdlb83AbHkel=ltf->YCe#Vm!wZ9UiUHIK8GW(1p&?FfcMPNf~}{Tll|JZD}_8 z3oJvr`AH6D#r+)g5vS1uu3}uV$wUXd`G2^+#&Hk1%mghg4(BG9S!61zEYGDhEzE7`(ZjeaYg6G-jna**Iob_obb>(B$7QBtlc~f0|tB~~9`-`QR z-`3(VG39`hK4RW?Xl#sGHCiCy@6OJkiA^xcsrNr&2Y2@+;wdxZLLVn5kNfu@J$f|x z9iwM2Iq>u68x;XfYi*ZJCKZX#&7K(~=PR5Hv1)gHd=~m}^6Ba6 z5B!FX^IFRJFTc@1(np|8ih?ASLY5kywry_urgu!Olvh?%6n*^ILOxO4FC!uG#<-9f zJ?`;sZo^m@Gcv*x-+G??mh}&&x>rM$2XEP)vp`D`aq#l$CVLLK8dncLkWBqwNyWF4 zW7TpE3uvE)X$#(DR>7OY(*f5OSLrkK6b+=g5Ldws6RDvruMXXjv zQc@tP?a#_K+%2EIosPD)DBb*?NiTEJs#p1DOM41lX6-Y*21nfMYBdXZDK^Swe|EWE51O}yui}d z*huY2uUw^2fBqb!tW9U=-VloyRaN|K^mr@fFhB6KC@>oQz5W3Dji~60*mG_!E(?E`U&N0Rr`OWc zx!dd$JLB+n>JG(MlJeS2x~TJX{AB}11xDl*Qw1J(clY>K))LbfdG}$NDlJZ<3kzLt-MU4W zlaO$8sctupI4Pjnz3>30;`CZ)d;5=$j-!VgGO1rBv~#;MtjRf)d2T zUtU^TQCFAKKc|^Q#|7dG3KXbb8X4A<7y>gM0|-7Fa8eWsQxmQrRZR*b`4U^$W7^>?Klh=Yl) z(4`b20Jcos`l43>wLen2yT(1MGUy}TS{8*9#$Bbk8Kdr&yf+nHoSTCN2}6l1_8M2L z2MQ6>d`WBGVBME$q*I6& zSx$u9kM*i*EOj+8xp(j0^zYw6qU?e*d<#vVxuBSoUSut$1$3P3mvZeymo5 z=kEny3tTc5J83GK44^K@Lm;8o`P%TX6`QJ?tLv&2-?#@dRofZQRXr@2)P{z$XQK1qv2YhVq9+2}*|HjRXF zUGGmuyzQU6g*7xRFcM4}M}?8YO-0%1BN8-_oD5tH$DRjl2#M2t)$6f%eK77V2k?#T zCA&tU;$8al^LWNld0p?})+)cokeP|4)Q6RpMa(hHbc)rf&zo6tyPh%siDL0Y_*v#%0drO(Mr`vUZE#tSpk2_$^$Gj?)t z@VR@p$F4*JX_ttE!qFFcNu1;mw?+l|uTQp|4S5CK5EZwzxd}B8A0H3RB0YVCM8X>h zyGfo^q>2#=pk-M*h z`oc?~NMhAYO#1WkvuU3;h}ToU+m-xU*i6~2gr8!Y`Vex9PFh}TOB|1^mnqKpeE63y za(bC^XJcE~+1c$%J{t}g3bFlJ2{*^_aC6Vi&Vt;5ieqA8+6~$V;5Gck2gdWPx14F? z{|HMvFH+MG$?_bQS;Kq%Z^FPpeu=3o;LH_rE7Xj1dhFY#V^0lo^npu1XW7`?ggV`y z>~d;f+G3^6>3TouB|Cc8wsHuDVqSiJZr8Wo-t+r`q92W6`*SPf|6rQzzB@??v0cV! zMZA6AkAcZbQT_7!LFIt!567!eKW+BU-wNgT0Gn@jEYrQp1u4MTVMmvuhqD+u5$K_$M4k<g! zCSoaj`!sRnHhamWwn+52UCFjrNH`$@hNZWhA_}#=zqS4$Zz`ZuLKIU}R1{o@w&2{~<<}j_5fKqEe7Iv<`?_9<6#9g=_;1 z8N<=JMo6}oGy{-0;2PITX5vxM_y^^Fl2=fOO{+yBaC;b?qEi$~1S}pmL(A=aYq80{ zKnS+eLjtRZX1sq_k!`H43rNlnDu*V$4A`(BWwEc#&d#>CyJ8KmaIWj--!3o`2-iql z_gBE-ikzh6u3Q=S_$6*#^M>SnHMKpKTc+5m+FBTM?D%nIK>1>8U(AwE(H;)nCWIJ`cWHUOtanh8Semv1#?`o!+??S1(xV{h6V5hT3sY*Zlgbz(qZn0lOR!jMC?)0K+O-W1 zEGI*#!SgOBZ@F`1vWj5R4LVrnOx=shzxy1^PSc)^Z`Dlfojb)I6Onx?j_hw?F_&;& z{Yk^+;{Gl7gUuzq>>mZBSxd3%PoE~%C@KO5Ha6m_wRW@HjEGhkv&7OBe+6h>UR8^W z4|4S3@?e6w;M00$=4WR9u+AL?U@+;`(cWHERAg1PI@8|Xqk+sIPM$hO7#q8;r?>U( zTTWM3LgpSc{@&i)nVFe860n0l8qaNRZZ2k;nzMy`W35Q|5+oY|r09!?!M8+dTpu28ZjoBf%HGJ;R~p za7!Qo5Hw>{ru)HojJ_}?UoZQk(RY~#zkdUpo-b2g=;eH&Mjj{RLbsLT^xduVM6@pW z4uKK_bQy{U>H-?w80v>7Le)S~ad@d_?Z>xo-$X_~Hrzo$T{SlTX>4q~m>q;>wl6XL zNOES0w)gT{1wrE8j|^YAb5O6gzdTSuYg0HVG|)KM=~bWbZErMbVGRSTr$HHTEUQW# zy#n&D^U}ZJ5dY!@8$AWYqAJUhGAmJbUeu>0DrHSD=>%cf8PqxBGxVw^Ci#G|=I2eV ztpOb2&2^A0XBi^1vKGU_Lee`ngN9yNit%!C{uYa10^8x9OJ16fboeq2#IG1kz@TC+abT~?v zI&VeAm#Jxvw_T=K!_#!Mzy-_7?m9WW%r0)HhcCMY-MGB{Q+OLy*Mi!?U5sUyus^X8ps#Tc1TTl^Ki5Q3Sn+( zsg-~A@S%b3)jHk$LSqpSQ|c)l?i91d-OYvE`vHN0)m={Ic)ayzkGlF$nqxMHXtJXA zCckwl6DR2>y;KF0^m`xZt++o343uY&>5;ew3kd(%LSGz{sLoX1{klI9PL&0f?1O5)Ul`Il*jj_xB%5+w33i* z;{BhmTD)`^uq%0`o9`zcLH=x4!Wq*{A0eO`4FU*&5kB42NFq$Vq;wF9cBC z8Si}W=%|UEnQx$coA{mx8$H9ZS`8J@Ag!xb+dw=jxShY>da&IJtpv0;y@U0Gpq-ig zg@pxRE)PNv4y8H1?Q+5yLmgUKS&3WffgZ1oHy6PO8y0ML)Q8<)n&p+tT=Y4|!lo*V z@QotuH~J!4L6rRQ>Alq$s>raw*X)fZAM-EQ3X`I>F!ES~V z!NSPGbHMQ!EkB!j->o%ux@Z-2t#xt#Qs1wQ?{7B(tZorCaK<1rBUx5#8cJ(3*D2H- zeH2S{fI^lBss@jT{tIosGedU4OBS?cV;524a^~9d-Zaf)j+(sYrLIRIo1e9? z^Yil(oD3oL2c!E7qe~;_;?;6Nb92VGEIa@uE+~mh%JdM8?;*;{?Iv;7fq{XubhL}Z z>72avQOuykz%~VjCy-FHz)DL)J@uHneW}s&w=>?d#-FD(VU*WNiVLY}j_U)p81(U* z_#-sSf_%y$Z;>o*-@frz4=3y1zqMN3&p+L*e_3T6)Gj{d3t zx31Cup*8XU{lC2ow6QNTI_Wlzef9GrCWe+a(ssaZW5wBC_T|T(brBo%n18;NeDD1( zp(aFY7X!B@J3S`N;Ic`Z5W^7J4?LwioonY!J`6wNs#)uG@BSvv<(#KGYtyhvKnWLN{hv~4&RrLW6 zTT(>&SOz4Cp81Slq%PYvc?ND-gC*rGrIX(?V=4;B!!%iy&X!Yv&JbsOHdYWs-y7Af zBa_D?v8x#Fo;p3=j}(EkX_KYRvkL>)pE@d|26J8+{w}NiWU_B85zfze&B;;r(_UNC z>~PifJpD=L!58nu#FCC>>&TWy<233aK(os-Q;4RlNeH^U;KtnWn zZMyTEQjn=wO6_nGmH$^RRb%pde|~WGh|NZGDFcC@fj@lmIccSersGp?t#PD-U+2SQ zvT>#1Rqn2psyh{?s&wO=Eu|UC$+eOtji2TzInuR;r84fvX_n6$MWNiKSamq4C9XwAs&p%6Pi>z~e#WWn>m|({W>J>^`N81&Wm=kLXnrIh zMjIQa;`8^mS75R;5+ovRVV<ViHV5;8cYe=cgrR-HCj(ZSqgA1lwePi z=6Xi#E2u&G%(Q)Ty}XNfx9}c|=>B~zkg{gZobw${!vCFD`)HhhIue{sI^eR2G4Tt2 zh#9>f)`#clQBnsyF!otab;xQ42%Zddt9-{(4eB+lRO)) zUt+qxdxYd1J9?Qt1`ui-`EA#)#zuj91A)_X8v&{F`M=JUa!~mBmW|71_Xs=)LXl2j z<<$$}sN|dILm^+?sDGVO{sUX_c{Q&J`b3mmyI3v@;b(h5xq1E-1~N*wM?iLXbZ5jV zFx^b`kNY}vCULUX+8t{Ms@gS9hS8qft&vyVh<&E9Bt50n)YRaEy)FD;e6RDykkTcZ zku(r%H)iqGeyuUh0_gYF#k+eU;XixwAEs(YzRgm6Etpi`uMo!k1@y$79l83hI}+5@ z6kY%^HJP_V3pd{%WHfo^8&LMg855i8(*~ctqkr`n;Up94{n6#?-R~*R&u;#5N&EDv zSlvPMQdp0Z;E4?6vbxB)7e2>?_=B;$PQH6lvVfNMho^gQ$eH-o)`chv4b8c|e^~%A zoBg{;7Rqk@fjl^@io*k2d9SAKa7Hql6p{b~?4`-3(@?!ZTLC~k)?hE49vl*=0P-wZ zdn2Z+#Tn?e9mSrfyF?}9?hZ(bks%R2VLc_2z%{bD2#IHw@JlYd#)ox1&XFo2?VU}rBlP4#7 zRN>@1%cAX|kowVs#(R_18$Ornmhi9g&N8$xDc4BJ$#st`f(Yck>rLaI&PLx1NR8oG zFxHUbVgs}9%a<>8g;&Q-)5P3OdWfWTE(>wyS83he`X3md7~Vy#SYcMJ24bih9Kv%s z-jXKc%yy>9wz9eAeFA49D%MibXZVfWej1i6Q{SYMQQ`cNliN3p>7$<^>6BPrd9Czn z`H!Srr^C3Msxq}VB%Ve;Okcr%l}2mem;*(f7mCWRqvGzGB|Dr2i~5ggvIA!%`SY~= z%c|)+osTH`^2}(?$OXj2oT2G{RI#YT)>W0xi+}sYgF=XNy73OObu2B}og#X#M{NX? zcu*dXZ8^iP^D)y|Z}nOKM@y`qOcCcImUh}iag6-nu8WwCYgt(eoEEsLth^2AC9$EQ zA$WJwGjvbN{s|vQTYera2z8U5h%p>`%=}vIppdHUmnSFf52vPf`-)gDeHYCQ*N^i( zcfY*#Q@>TQWs$y^iM`|r)!?C9Wr*MV9UaXBu_zmsR{ltbE8(YULuGC_%lbIJ@p;!O zm>Vud*uFbpaWy2;A%5Xuxy7}^iSPTkZx@cc#MiEPpCB;*VI}}4I1O!Xc)E++yH|Nz zao7A*bp~Le8lSn%iHV7%i&sHIEiUeVP`S0ms}Q^cfbb?A2;Fx)=D;flwr5u&l%QcL zHVs~;SPD>*`QJ5Mv1+31>De}>W@a7slC(ECV_S|K-}LkG`98Ud!~GPwCF?WGrp)Y- za+TrOQI;niER@=wt)BN+9>wQpyCiLrMqan7Ftfb#*)-f-=)NrDbIX2kdU1i$I5fKn)0)S0Sk_ zh%#xiwssN-?M1z;PXn%h&BSl5&ywZ}jAnn8lmzeYgroUGXQrm6D7P-M(SrhNW0O6! zU@SC2J#jIqEpSV)uU{rID(V^+X?>lwessxO4vc{NcysG-sx);X8v(!$KZ%N@5dC%( ztfP6uK$yJrJW->GcI8|z!(T6j>JVA{_7bUAptU#a;Ix_+GBU(%^Z@H&#iw$4wC+(Wyj|%&dLrt)b#bMon7Y7e27(lq4$ioc zN$6Ko1mF)?8_ugYp1c5*;H)?vT{ zMV(Bsxh!6c%G3@2ATV!fWk=Z$6#o4EK$TWOiv z?9hE#!Y9y8)akmUYD-IZ2JVHXr3I8|n3bbRVC_!})u8~adfbd2&R6@1FEL51h-=ac@!tm&*va~PQ zI3dKhvdLnROZmzBxuuFxpE;_LvR^FYl(feW8@^33Yn7m0{usEc73j&s8A*q@c!G)v z-KDM?)7hR%Gh>`6(*F26^Q8Uined-Dv(Tru%Bb!cDdE$N9t`KB`z!7+Zx{9}J%T7m z5R6D4xjo(k{|gu`s~Ue>C#RowS0D%zX$#x9$dWSAmIQ_I2m&dwYDt~bj*gDg)6=)G ziQ0nPXJu8GRY0fnBu}N-gg8k26}Ji)b;kG2ZGi3vbpWq!a+L;$-s;PGmUVG;P^$PO zxNk3;?TicmbN6p%iEaWFQBSWk=Vp`?7oIQ*@wWZ8H$Q*_ZYig9=z-jw6$|s3DwRTIJQ@E_bxyNa~xza6oTcpqLium+Jf?) zf3|--w85Karlu~;uY;A=Z7&Jri+4~$dii`A9^Y*8eZhCP;puUWReWWuVZr+Hc&>;^ z(NC$e(1SYnY~EPIa^{-pA*ejBD#-Cb8U`H4+#B)ndasDs#l^);!;$4pb!HXF zO@IOI?Cy7)O*PRT%%7~RknQCh!uWP|{jNJyQMPSHg)0x-KMC@3eV;O2(g z-Q0lOLSSv(b-rJHeJ$#$1xDZjh_kKc=0=IKpS)4?i?*rM70FWTw`47ssq}EF9SlT? z)OOmi>9wO}161&6ccA`Y-PmIW>?H>meB;PLN}-ZfZe;`CC%q&%KN<_miUX-~_QTAIPl~@)@ah=+% zeqCXygEOj_Mg>%k1XdWlM>@_uI?xkS_Ej(Y?JOj_6w~>!bsLZKl`}ty9h~@MTzliz zCEHBLI*0z#ab!resR%sbyTWk(pPR6$9Cjv4OL3b2vw3M>-kQFc` z*X~_lqwjUb8y5V2G}7fH732b81XD)5Z{`t?%d-MMq;v>b>;zj3wP@r{7~ewlgS z-DuWUMINTn09f)fP(VWGkc?ZZv1xz1J@&rcL_7uKColzP?%m z@VSZrxROW~Y|qT}@nIHPU4yq8$i{eD8P0X-^aYrxoyrFwWFZv%f6jP=;*T>X79TCW zbqQqU6mc7f)^)nW5=?hyb92jo-zw${2ge0m7$N8By3{s%fdo1T*s5XyKnUa4yh==e zcXzWulWw#BpE9PXs2I z6;>00E-?}YRjpvXx{ayAz;=dXDMXz7clM;!oO}OJCsX*#$9xLLr-+_g9F-Milf^O* z>G&BvwNm{*_n=R-dFOn&wM(je)yV;d1(Ibi{$QK*FaNiu4B56Wrx$NkCcVz`+e>kE zX3D2`I8uyvEh-l|83LjRUH$z-{rxTyoW5o!-5lFC}PzBkz<34oGF?kX^~Kr*P30;PpUwq_h+Qriwh3 zFjXf_Pe=B0G zpgwkVsokTFF$;LK=ef`L&c1uKJV@?Psi2A~pmcLzX3Y9!o^u_hyC;}ZUlr0X6=Hsb zSh^9g7qNK(tl<8B0I}D&PNAQ@eIFJU23bHbB*0;T;O`xY&own(OCz=C)#HM;$FZk2!lbz0#(zR4UB|c(o16PI`~G_)VGD~P z=(!S{>jAY18sU5%Q3P8lE@(02)*i6@xng(r4n^96@f13YS{!)wT8-Q+BFYjCGY5I; z=iElMH7!k@x?Rac)lRF-lsXs^ZT5y?WAdM4p1*Pvh{#P~3hH@)J6yH#uLBGeQl_cT z=Za^^Q|?BnI9Z0vOXoJ3Y4=IFv8EruKPY%Neau`u&i{pQfp}W;&j*-zcQbL2&|_J*mbVpYz{Wr6o6>Bi-dM?+wCKFobD}> z`ycK&CGW8(9f7QI!yA||6Y{BNo-6xhI!F$9RYBxi;9ssATGF@&0P)uyjsR6WP+zKD zz_uP5Y6Ba~{XqbXiaFl3^e|h~Teo5w-Y^||%BBjTQbpb)&;nA3kROjg|7Zm+4=^TO zI}ajX@KauHDVhvUykBb2MP|AeYDwrEhz#G6m>;cozj(te8GI~JqO(+5=A#P8HTKM8 zWMx4J;}q=^@FJb@%(Re;@|Lp_OG!^njaIu0F_31vaV7_dQ9F`%cD`Kab8_=pVU>Oa zJyKst1Dj|SAbM!K4mM=n-UkTV5J!I=0DRLC%rz2zMA3YIf);CBZv8$lB04CQtN4bbs56$EIUCW!{7K~!Yvh_G&3e_lfa>lQr)Ls z*+bt-GkV?&|Hti;V}xrkaw#YL6yS)FVDO|Pr=vYGvgMvIqj7@R7Xi7d-%dQ?qswqe z4XD-aks7tiAvw#-$w4UMAAplrg!mQpuBuo{wI{g+P!yEcQq99Idr64CS=I%q@-hDt z)|Q4UyU+rg33J z@x_&g@<2(Xn3uC;Y(by zft%pvO<53no&N)-GBMFhh`J4<_5Atsc2^>pg;R(SO#({WHRBC@w`gd1(@l(xMu#<~ z*|6Xh-!jZ*u@uUNkM#(URl5>>u@uPjsH_h6DobQA&uzK{9E6cy8~Q(SqpGsXh`Ab| zItv01^t6VoHkcTEeje%5JVMqEZ~lQa+uhv_oTqVI zV)P0CQ1mZo=zsngg5Bja`_8&poQ)o!288pX)pGB<`>l2CIpfs|N$u_Jx;i>-lbu?R zLQcP`2LQ>*!;_V5^ExeUC;MRSz{1Mvq1-t{D@4Vtt9=zY8Q>I18aXRAaB7JRFcD(a zy4t^sNzQOKVEDn77_T?{tMo2p6884Lg5Cg~a)1Bn<;%~FgcW5e9(Hz5-ZsIG8J0b) znFyhII9lM~KpOvKA!@92;|zU7hhseiN~ZEm3XA}TXWno?YVyc=JAtYM`{Q6Y^Z-t% zKq!-p@`Xgs=0Y{3XQzK;?&HJSCdJxBk z<|KG=kC!VaTdljzy-L)re(*KdSVMJuf!gck)RiszA0^9TagM^<8OMh_5o0{!Y+R-N z-4N>;>gjUf^Eu5k$X9o4(sKxTljpsRLuen#G2UHuN1FK}9h%e%yskM7U>Kp9}m9%no%&d=NbN47G=cf9thrjTWykt8Z*XHMM*7b>KZ@G$q6yoAbH5^ z|KH*(#9PJK=uLzj!mc|>aDJ(-hO`OHvAXyhLTqudvE$oiKmyy+gWApiC6ISPnbFM; z%_&9;V;D}I0zR6WIsh!pTaM`Is;3tZ=P{O)$9yZ5m7kn!^^9ruqHe=6JE0VjW5;%E zI1_LE%g}S&cqyHZsc&YbeNgiHpQHoPnT`&1fdmNou|&5!-nOwB4Lfq2A+mm(oi$T8 zbp7w?@SmX5`Z7KtejO4sf6!m=JQ;N!24+TcaKUw*WiN=ubl8MjKP7}#M;VX`SJ3&fB=JLA(j9KlS|=|Snjfd-5g zOpfgO(b}R{R=OYmN!TYMZN23(EyY3~-Al^@G%lT9Ncw*K8ie3dwUf0jgv{>#s3uRRfh-A-NfU3c zuQDzio-v0O*=8@C-MR8m*v1->l{bUVdEGe;r>4*u8Y=j5q3z1A90r9Xh^FP}|Aa6= zESCW7d@8JI=uZB@R*ZPvt2TQ;#+YC-M$0EqKF8?8{y6V`eD>aa>)LRp&d2&{4vIm3 zD(24Y_omsVM)rDz6Y)2nA(y4goZk^yblG`CA1oyDo>w%Es&nu?U-1R=r{0lX(E@d{ z4cXYmGY5qbh%ncpJN1|5vEYBg7!Z99W=-lJt^b7v5jweWy44d-yp1z6{qCJ-T$oaB-WD1E-A_zf*4yEPV>%b3uTp=lXMa>Y zTYoD-H@Ev^!o8EEV}$*x*~iRi4YAV|X+~J*^9h&g7U?)6!9|ZyF~apkyPjBJNNffR zCDK+6-|k@ey=m0>g(%I~MR0v#q`2FRf+OO-Yq@`HzGGWtJV#8V!-Ii%`FO?IWP(K8 z!JrTx?e%5!TCZ)$r}E~|Qwt)toQ_7s_=PeH@8>S@(yRlLjak>M$2q4;?kjQ4Ar?x| za7g!S)ugMk6QJc3nuF~C-TYnUjxF5IA%N&oZ)5IEhjjdp-Qd zn-fDDXBAw2_Erii?)-_5Lpi(4PSXiW>4rO2K}WAZibJN%Pf?jZ`maW@&h;_cIK|-? zg%f|)Zn|+W;pJa^UuZA;&jjdI7m;YcVxt(Lakz4ZZ7JTDj_yxP)LgV{K|l83uhXDv3waY;7o~Dp7H%*H(?ov;^6`5O${0sUjw`<>tC=&FI&>5WpDiX7b+ucf6VR zv*0TEc;y>7k^Q*-1cXOvXwnW*;Arlfv;RMPa-i(RR}mQew80C$BaNo2u1XR5&XfNO D#rs5t literal 0 HcmV?d00001 diff --git a/docs/user/pull-requests-and-git-flow.md b/docs/user/pull-requests-and-git-flow.md index 6ec3c868..ad5a6683 100644 --- a/docs/user/pull-requests-and-git-flow.md +++ b/docs/user/pull-requests-and-git-flow.md @@ -69,6 +69,36 @@ When a pull request contains multiple commits, the button to the left of the `Re ![Review a single commit](../_images/user/pull-request/pull-request-review-commit.png) +## Review requests and code owners + +On the right-hand sidebar of the pull request page there is a `Reviewers` section. Clicking its title will open a dropdown menu using which you may request a review from one or more repository collaborators. + +![Reviewers panel](../_images/user/pull-request/pull-request-reviewers.png) + +Review requests may additionally be automated by adding a `CODEOWNERS` file either to the root of the repository, or the `docs` or `.forgejo` directories. + +Lines in this file represent rules. Each rule consists of a [Go-formatted regular expression](https://pkg.go.dev/regexp/syntax) matching paths to changed files, followed by the names of one or more users and/or organization teams, all separated by whitespaces. The regular expression may also be prepended with an exclamation mark (`!`) to create a negative rule. + +Users are referenced by their usernames. Teams are referenced by the name of the organization, followed by a slash (`/`) and the name of the team. Both may optionally be prepended with an `@` sign. + +When a pull request is submitted, the changes are checked against the rules in the `CODEOWNERS` file. When the path to any of the changed files matches the regular expression of a non-negative rule, a review of the pull request is automatically requested from all users and/or teams referenced by the rule. Negative rules do the opposite – reviews are requested when any of the changed files _do not match_ the regular expression. + +A `CODEOWNERS` file may contain empty lines and comments, which begin with a hash (`#`) character. + +An example `CODEOWNERS` file may look like this: + +``` +# Request review from User001 whenever anything in `src` changes +src/.* @User001 + +# Request review from the editors team in MyOrg whenever anything +# in `docs` changes +docs/.* @MyOrg/editors + +# Request review from User002 whenever anything but `README.md` changes +!README\.md User002 +``` + ## Keep it up-to-date: rebase pull requests to upstream Sometimes the upstream project repository is evolving while we are working on a feature branch, and we need to rebase and resolve merge conflicts for upstream changes into our feature branch. This is not hard: From be52a18ce2f8bf912c4e57868731e9552f39d2d4 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Thu, 24 Apr 2025 08:21:16 +0000 Subject: [PATCH 13/13] fix: latest is now 11 not 10 (#1157) Reviewed-on: https://codeberg.org/forgejo/docs/pulls/1157 Reviewed-by: Beowulf Co-authored-by: Earl Warren Co-committed-by: Earl Warren --- docs/admin/installation-docker.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/admin/installation-docker.md b/docs/admin/installation-docker.md index 67f52bcb..bf95d3c7 100644 --- a/docs/admin/installation-docker.md +++ b/docs/admin/installation-docker.md @@ -6,12 +6,12 @@ license: 'CC-BY-SA-4.0' Forgejo provides [container images](https://codeberg.org/forgejo/-/packages/container/forgejo/versions) for use with Docker or other containerization tools. ```shell -docker pull codeberg.org/forgejo/forgejo:10 +docker pull codeberg.org/forgejo/forgejo:11 ``` If `codeberg.org` can not be accessed you can replace every mention of `codeberg.org` with `data.forgejo.org` to use our mirror. -The **10** tag is set to be the latest minor release, starting with **10.0.x**. The **10** tag will then be equal to **10.0.4** when it is released and so on. The **10.0** tag is also set to be the latest patch version release. +The **11** tag is set to be the latest minor release, starting with **11.0.x**. The **11** tag will then be equal to **11.0.4** when it is released and so on. The **11.0** tag is also set to be the latest patch version release. Upgrading from **X** to **X+1** (for instance from **9** to **10**) requires a [manual operation and human verification](../upgrade/). However it is possible to use the **X** tag (for instance **10**) to get the latest minor release automatically. @@ -26,7 +26,7 @@ networks: services: server: - image: codeberg.org/forgejo/forgejo:10 + image: codeberg.org/forgejo/forgejo:11 container_name: forgejo environment: - USER_UID=1000 @@ -61,7 +61,7 @@ Save the following files in /etc/containers/systemd, as port 222 requires elevat ContainerName=forgejo Environment=USER_UID=1000 Environment=USER_GID=1000 -Image=codeberg.org/forgejo/forgejo:10 +Image=codeberg.org/forgejo/forgejo:11 Network=forgejo.network PublishPort=3000:3000 PublishPort=222:22 @@ -140,7 +140,7 @@ networks: services: server: - image: codeberg.org/forgejo/forgejo:10 + image: codeberg.org/forgejo/forgejo:11 container_name: forgejo environment: - USER_UID=1000 @@ -186,7 +186,7 @@ networks: services: server: - image: codeberg.org/forgejo/forgejo:10 + image: codeberg.org/forgejo/forgejo:11 container_name: forgejo environment: - USER_UID=1000 @@ -284,8 +284,8 @@ networks: services: server: -- image: codeberg.org/forgejo/forgejo:10 -+ image: codeberg.org/forgejo/forgejo:10-rootless +- image: codeberg.org/forgejo/forgejo:11 ++ image: codeberg.org/forgejo/forgejo:11-rootless container_name: forgejo + user: "1024:100" - environment: