Forgejo v1.20.1-0 is here and you will find the most interesting changes it introduces below. Before upgrading it is strongly recommended to make a full backup as explained in the upgrade guide and carefully read all breaking changes from the release notes. If in doubt, do not hesitate to ask for help on the Fediverse, or in the chat room.
- Actions: the internal CI graduated from experimental to alpha and is now used by Forgejo to verify pull requests and to create releases, including this one. It comes with a user documentation that includes examples and an extensive administrator guide to set it up.
- User profile: the Forgejo home page for a user can now be a Markdown file instead of the list of repositories they own.
- New markdown editor: the editor used when creating issues, adding comments, etc. is now GitHub markdown.
- Blocking users: is a new self-moderation tool a user or an organization can use to prevent users from interacting with the repositories they own.
- Pinned issues: it is now possible to select issues and pull requests to show on top of the list.
- Registries: additional registries are now available for SWIFT, debian, RPM, alpine, Go and CRAN.
- API endpoints: new API endpoints are now available for email, renaming a user, issue dependencies management, activity feeds, license templates, gitignore templates, uploading files to an empty repository, creating a branch directly from commit, label templates, changing/creating/deleting multiple files.
Read more in the Forgejo v1.20.1-0 release notes.
Although Forgejo Actions is not yet production ready, it became good enough for Forgejo itself to use in production. It verifies pull requests (see also the testing workflow), builds and publishes releases (this one and the release candidates before it).
It is still considered alpha stage because:
- the Forgejo runner is not secure enough
- a single
Forgejo runnerwill poll
Forgejoevery two seconds by default which is not scalable
- some errors only show in the
Forgejo runnerlogs and not in the
Forgejouser interface which is not a good user experience
The potential security bugs are a concern and
Forgejo took the following precautions to reduce the risks in its own infrastructure.
- Do not trust any web application with secrets. The
Forgejorelease process needs a GPG private key to sign the binaries before they are uploaded. A web application with a large attack surface such as
GitLabmust not be trusted to keep such a secret safe. Instead a
Forgejoinstance dedicated to signing the releases was installed behind a VPN.
- LXC containers confinement. All
Forgejo runnersare deployed in dedicated LXC containers and re-installed from scratch from time to time.
In addition, the required pull request approval prevents unknown users from triggering a task that would include a malicious workflow.
By default the profile page of a user is the list of repositories they own. It is possible to customize it with a short description that shows to the left, under their avatar. It can now be fully personalized with a markdown file that is displayed instead of the list of repositories.
The web editor used when creating issues, adding comments, etc. changed from EasyMDE to GitHub markdown. To help with the transition it is still possible to switch back to using EasyMDE with the double arrow button in the menubar.
Want to add a list? Click on the list menu item and see that a star is inserted for you. Select a word and click the bold button so it is surrounded by two stars. Nothing fancier. By comparison the EasyMDE editor has more features such as showing in bold the word that is surrounded by two stars.
Unfortunately it is no longer actively maintained and enough has long standing bugs to justify a replacement.
On large Forgejo instances with ten of thousands of users it may be challenging for the moderation team to properly address all requests. The most common one being a malicious user spamming issues with advertisements or unwanted noise. It will be immediately noticed by the repository owner and it may take a while for the moderation team to act.
The owner of a repository or an organization can now block a user as soon as they notice an undesirable interaction. When they go to the profile page of the user, a new Block button shows on the left.
After confirmation the user will be added to the list of blocked users.
From the Blocked Users tab in their profile, the user can unblock them when the relationship gets better.
The user being blocked is not notified and does not see any difference until they try to participate in a repository from which they are blocked. Their action will fail with a message informing them they have been blocked.
Issues and pull requests can be pinned and will show on top of the list of issues (or pull requests). They can be re-arranged by dragging them.
The themes and templates changed a lot in this release and there is no documentation explaining how and why. The hope is that the users will discover the changes and not be overly confused.
This is also a reminder that Forgejo considers themes and templates to be a part of the internals and require an understanding of the source codebase to be modified and adapted after each release. In other words, if a Forgejo admin extracted templates and modified them on a v1.19 instance they will need to read the source code to figure out how they need to be modified to keep working with v1.20.
Forgejo support federation? Not yet. Was there progress? Yes.
Forges have existed for twenty years and none of them has achieved data portability let alone federation. Forgejo is yet to celebrate its first birthday and it will take it a little time to get there. One thing is for sure: at this point no other forge is doing concrete work in this direction.
Carefully read the breaking changes section of the release notes.
The actual upgrade process is as simple as replacing the binary or container image
with the corresponding Forgejo binary
or container image.
If you’re using the container images, you can use the
to stay up to date with the latest
1.20.x point release automatically.
Make sure to check the Forgejo upgrade documentation for recommendations on how to properly backup your instance before the upgrade. It also covers upgrading from Gitea, as far back as version 1.2.0. Forgejo includes all of Gitea v1.20.
If you have any feedback or suggestions for Forgejo do not hold back, it is also your project. Open an issue in the issue tracker for feature requests or bug reports, reach out on the Fediverse, or drop into the Matrix space (main chat room) and say hi!