Forgejo monthly update - January 2024

The monthly report is meant to provide a high level view of what happened in Forgejo in the past month. If you would like to help, please get in touch in the chatroom or participate in the ongoing discussions.

Forgejo

https://codeberg.org/forgejo/forgejo

Notable improvements and bug fixes:

Read more in the pull requests.

In flight pull requests

Most pull requests are opened and closed within a week. But some of them take a longer time, either because they are more complex or because they are taken care of by volunteers who can only occasionally work on them in their free time. This is a list of those that were updated since the last monthly report. If they are of interest to you, reviewing the changes or providing solutions would be appreciated.

Documentation

(Scope of) Moderation of Forgejo instances

A discussion started about how to develop effective moderation mechanisms within Forgejo while maintaining means of dynamically reacting to changing problems. It aims at collecting feedback. How much is in the scope for Forgejo? What kinds of moderation actions do Forgejo admins need to perform? This kind of user research is instrumental to understand existing best practices in order to figure out what problems needs to be resolved first.

Reducing the technical debt

A discussion on defining expectations regarding tests in the development workflow was concluded with a new requirement in the development workflow by which:

  1. A reasonable effort has been made to test the change.

When developers do not perform tests (either automated or manual) end users experience bugs and regressions that are much more time consuming to diagnose and resolve.

Ideally Forgejo would have a hard commitment to only merge changes that are covered by automated tests. But there are many areas where the test infrastructure itself is still lacking (the web UI for instance) and manual tests are to be documented instead.

A draft implementation of a Rust based Forgejo SDK started using the Swagger file to generate code instead of manually implementing each API endpoint. Because the Forgejo Swagger file is currently manually maintained and only has a handful of recently added manual tests verifying it actually reflects the implementation, the author discovered inconsistencies that were fixed (see this PR for instance). When complete this SDK could be integrated in the Forgejo testsuite to verify the Swagger specification consistency and guard against regressions.

Federation

The pull request to implement federated stars made progress, replay attacks were analyzed and mitigated in k8s. Read more in the activity summary.

The F3 reference implementation was refactored and the old codebase archived. Read more in the January 2024 report. The F3 Forgejo driver refactor started.

The federation implementation task list was updated.

Localization

The Forgejo translations are depending on Gitea translations which are trapped in a proprietary service. A strategy was put in place to workaround the problem in 2022 and it worked fine until now, the overhead and problems were close to non-existent. Back then nobody knew Forgejo and establishing a brand new translation team would have been difficult but things are different now. There are significantly more people aware of what Forgejo is and willing to help.

Plans were made to bootstrap a translation team on Codeberg’s Weblate instance and the implementation is well under way, with an initial localization team covering Arabic, Dutch, French, Russian, Hungarian, Greek and German. If you are fluent in another language and would like to help, please apply or join the localization chatroom to figure out what it entails.

Releases

There has been one minor security release in January 2024. Forgejo admins are encouraged to subscribe to security announcement so they can better plan their upgrades.

Codeberg suffered a DDoS attack that brought it down during more than 24h. Forgejo’s own infrastructure was not impacted because it is hosted elsewhere and could have been used as an alternative to download releases. Only it did not have a mirror of the Forgejo releases. A daily scheduled action was created and the releases are now also available at https://code.forgejo.org/forgejo/forgejo/.

References

End-to-end tests

Forgejo end-to-end tests require running an actual Forgejo instance.

They were extended to include Alpine packages, verifying a package built out of an Alpine container image can actually be installed.

References:

Governance

Hard fork

A discussion started on the opportunity for Forgejo to become a hard fork of Gitea.

Over the past year a number of components have been developed in Forgejo independently of Gitea, they are already hard forks. The documentation, the release process, end-to-end tests, the Forgejo Runner etc. It even happened within the Forgejo codebase. For instance, the user blocking feature is independent from Gitea. It has its own database tables and migrations while being part of the same binary. However Forgejo still cherry-picks commits on top of the Gitea codebase on a weekly basis.

The discussion led to an agreement proposal where Forgejo community members expressed concerns that are addressed in accordance of the Forgejo decision making process. If an agreement is reached, the previous logic will be reversed and commits from Gitea will be cherry-picked on top of the Forgejo codebase.

The discussions related to this agreement are:

Unless new concerns emerge, the agreement may be finalized in February.

Moderation

A moderation action was carried out to put an end to ad-hominem attacks and harassment: the person responsible for this behavior was banned for a period of two years. They have since created half a dozen accounts in an attempt to circumvent the ban but all content was removed or redacted within 24h.

References:

We Forge

Forgejo is a community of people who contribute in an inclusive environment. We forge on an equal footing, by reporting a bug, voicing an idea in the chatroom or implementing a new feature. The following list of contributors is meant to reflect this diversity and acknowledge all contributions since the last monthly report was published. If you are missing, please ask for an update.

A minority of Forgejo contributors earn a living by implementing the roadmap co-created by the Forgejo community, see the sustainability repository for the details.