Forgejo monthly update - January 2024
- An agreement is discussed to make Forgejo a hard fork of Gitea.
- User research is on the way regarding the (Scope of) moderation of Forgejo instances.
- A new requirement to the development workflow was added to contain the technical debt.
- The migration of Forgejo translations to the Codeberg instance of Weblate is on the way.
The monthly report is meant to provide a high level view of what happened in Forgejo in the past month. If you would like to help, please get in touch in the chatroom or participate in the ongoing discussions.
Forgejo
https://codeberg.org/forgejo/forgejo
Notable improvements and bug fixes:
- Repository administrators can allow anyone to edit the wiki in the repository Settings. (#2001)
- nuget api support serving package manifest
- Fix false positive in database migration
- Log SQL queries when the database return error
- Instance administrators can enable repository badges in the configuration file. This feature depends on a shield generator service such as shields.io, and is disabled by default. (#2070)
- Allow viewing the latest Action on the web: a tiny little convenience route that allows linking to the latest action of a repository. Useful for READMEs and CI badges.
- Forgejo now recognizes more linguist attributes, making it possible to include documentation in the repository language statistics, for example. (#2088)
- Users who signed up, but have not activated their accounts yet, are now able to change their email before activation. (#1891)
- The “You pushed on branch …” banner user experience was improved (#2141, #2195, #2196)
Read more in the pull requests.
In flight pull requests
Most pull requests are opened and closed within a week. But some of them take a longer time, either because they are more complex or because they are taken care of by volunteers who can only occasionally work on them in their free time. This is a list of those that were updated since the last monthly report. If they are of interest to you, reviewing the changes or providing solutions would be appreciated.
- Add intial layout support for right-to-left languages
- Refactor webhook logic in preparation for custom webhook
- Federated repository stars
- Add colorblind theme variants
Documentation
- New section on how repo language detection works
- New section on globally editable wikis
- New setting [repository].DOWNLOAD_OR_CLONE_METHODS
- new section on README badges feature
- The Forgejo Actions reference guide was significantly improved.
The Forgejo Actions tests were refactored to capture the event payloads. For instance when a workflow is triggered from pushing a commit, the event will contain information about the repository, the SHA etc. The captured events are automatically used to update the documentation. The
event
section of the Forgejo Actions documentation links to these examples and help figure out which fields are available depending on the type of event.
(Scope of) Moderation of Forgejo instances
A discussion started about how to develop effective moderation mechanisms within Forgejo while maintaining means of dynamically reacting to changing problems. It aims at collecting feedback. How much is in the scope for Forgejo? What kinds of moderation actions do Forgejo admins need to perform? This kind of user research is instrumental to understand existing best practices in order to figure out what problems needs to be resolved first.
Reducing the technical debt
A discussion on defining expectations regarding tests in the development workflow was concluded with a new requirement in the development workflow by which:
- A reasonable effort has been made to test the change.
When developers do not perform tests (either automated or manual) end users experience bugs and regressions that are much more time consuming to diagnose and resolve.
Ideally Forgejo would have a hard commitment to only merge changes that are covered by automated tests. But there are many areas where the test infrastructure itself is still lacking (the web UI for instance) and manual tests are to be documented instead.
A draft implementation of a Rust based Forgejo SDK started using the Swagger file to generate code instead of manually implementing each API endpoint. Because the Forgejo Swagger file is currently manually maintained and only has a handful of recently added manual tests verifying it actually reflects the implementation, the author discovered inconsistencies that were fixed (see this PR for instance). When complete this SDK could be integrated in the Forgejo testsuite to verify the Swagger specification consistency and guard against regressions.
Federation
The pull request to implement federated stars made progress, replay attacks were analyzed and mitigated in k8s. Read more in the activity summary.
The F3 reference implementation was refactored and the old codebase archived. Read more in the January 2024 report. The F3 Forgejo driver refactor started.
The federation implementation task list was updated.
Localization
The Forgejo translations are depending on Gitea translations which are trapped in a proprietary service. A strategy was put in place to workaround the problem in 2022 and it worked fine until now, the overhead and problems were close to non-existent. Back then nobody knew Forgejo and establishing a brand new translation team would have been difficult but things are different now. There are significantly more people aware of what Forgejo is and willing to help.
Plans were made to bootstrap a translation team on Codeberg’s Weblate instance and the implementation is well under way, with an initial localization team covering Arabic, Dutch, French, Russian, Hungarian, Greek and German. If you are fluent in another language and would like to help, please apply or join the localization chatroom to figure out what it entails.
Releases
There has been one minor security release in January 2024. Forgejo admins are encouraged to subscribe to security announcement so they can better plan their upgrades.
Codeberg suffered a DDoS attack that brought it down during more than 24h. Forgejo’s own infrastructure was not impacted because it is hosted elsewhere and could have been used as an alternative to download releases. Only it did not have a mirror of the Forgejo releases. A daily scheduled action was created and the releases are now also available at https://code.forgejo.org/forgejo/forgejo/.
References
- https://code.forgejo.org/forgejo/forgejo
- https://forgejo.org/releases/
- https://codeberg.org/forgejo/security-announcements
End-to-end tests
Forgejo end-to-end tests require running an actual Forgejo instance.
They were extended to include Alpine packages, verifying a package built out of an Alpine container image can actually be installed.
References:
Governance
Hard fork
A discussion started on the opportunity for Forgejo to become a hard fork of Gitea.
Over the past year a number of components have been developed in Forgejo independently of Gitea, they are already hard forks. The documentation, the release process, end-to-end tests, the Forgejo Runner etc. It even happened within the Forgejo codebase. For instance, the user blocking feature is independent from Gitea. It has its own database tables and migrations while being part of the same binary. However Forgejo still cherry-picks commits on top of the Gitea codebase on a weekly basis.
The discussion led to an agreement proposal where Forgejo community members expressed concerns that are addressed in accordance of the Forgejo decision making process. If an agreement is reached, the previous logic will be reversed and commits from Gitea will be cherry-picked on top of the Forgejo codebase.
The discussions related to this agreement are:
- Testing strategies and containing regressions to support the main benefit of a hard fork which is to shield Forgejo from endemic regressions introduced in Gitea due to insufficient testing.
- Integration of the Gitea changes inside Forgejo should the agreement pass.
- Explicitly encourage contributions to Forgejo.
- Gitea is Open Core explains why, with links for fact checking.
- cloud.gitea.com shared account shows some of the proprietary features of Gitea Cloud and the non-Free Software version of Gitea that it runs.
Unless new concerns emerge, the agreement may be finalized in February.
Moderation
A moderation action was carried out to put an end to ad-hominem attacks and harassment: the person responsible for this behavior was banned for a period of two years. They have since created half a dozen accounts in an attempt to circumvent the ban but all content was removed or redacted within 24h.
References:
We Forge
Forgejo is a community of people who contribute in an inclusive environment. We forge on an equal footing, by reporting a bug, voicing an idea in the chatroom or implementing a new feature. The following list of contributors is meant to reflect this diversity and acknowledge all contributions since the last monthly report was published. If you are missing, please ask for an update.
- https://codeberg.org/6543
- https://codeberg.org/adz
- https://codeberg.org/algernon
- https://codeberg.org/asandikci
- https://codeberg.org/banaanihillo
- https://codeberg.org/basebuilder
- https://codeberg.org/CanisHelix
- https://codeberg.org/Crown0815
- https://codeberg.org/crystal
- https://codeberg.org/Cwpute
- https://codeberg.org/Cyborus
- https://codeberg.org/dachary
- https://codeberg.org/earl-warren
- https://codeberg.org/Fl1tzi
- https://codeberg.org/fnetX
- https://codeberg.org/foxy
- https://codeberg.org/GamePlayer-8
- https://codeberg.org/Gusted
- https://codeberg.org/gwymor
- https://codeberg.org/halibut
- https://codeberg.org/houkime
- https://codeberg.org/hwpplayer1
- https://codeberg.org/jfinkhaeuser
- https://codeberg.org/jornfranke
- https://codeberg.org/kaffeeknecht
- https://codeberg.org/KaKi87
- https://codeberg.org/KOLANICH
- https://codeberg.org/lukawaay
- https://codeberg.org/macfanpl
- https://codeberg.org/mmarif
- https://codeberg.org/mokazemi
- https://codeberg.org/moralpanic
- https://codeberg.org/msrd0
- https://codeberg.org/n0toose
- https://codeberg.org/neuhalje
- https://codeberg.org/nevarr0
- https://codeberg.org/oatbiscuits
- https://codeberg.org/OdinVex
- https://codeberg.org/oliverpool
- https://codeberg.org/panos
- https://codeberg.org/rdwz
- https://codeberg.org/Salt
- https://codeberg.org/santalet
- https://codeberg.org/spla
- https://codeberg.org/swaggboi
- https://codeberg.org/thepaperpilot
- https://codeberg.org/tuxcoder
- https://codeberg.org/viceice
- https://codeberg.org/Visne
- https://codeberg.org/voltagex
- https://codeberg.org/wackbyte
- https://codeberg.org/Werenter
- https://codeberg.org/wetneb
- https://codeberg.org/wolftune
- https://codeberg.org/Xinayder
- https://codeberg.org/zareck
A minority of Forgejo contributors earn a living by implementing the roadmap co-created by the Forgejo community, see the sustainability repository for the details.