mirror of
https://gitea.com/gitea/docs.git
synced 2026-07-02 08:58:45 +00:00
Compare commits
209 Commits
v1.23
...
lunny/upda
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
a084bdb556 | ||
|
|
9558006c39 | ||
|
|
1033f033bc | ||
|
|
24fdff218d | ||
|
|
7aae398e37 | ||
|
|
09bde5a387 | ||
|
|
1fb481c186 | ||
|
|
7fe73e351f | ||
|
|
c9216685d5 | ||
|
|
f455b38c06 | ||
|
|
c677b5da29 | ||
|
|
6d5451918d | ||
|
|
3842dd1f55 | ||
|
|
4b2bcc99a2 | ||
|
|
49dec05ddd | ||
|
|
eb65e671a2 | ||
|
|
7737ef98a4 | ||
|
|
98c4aa4bd0 | ||
|
|
88f92b0698 | ||
|
|
45165ceb22 | ||
|
|
fb856b8432 | ||
|
|
8bb0e9f105 | ||
|
|
eb5204f658 | ||
|
|
95106c08e9 | ||
|
|
478059a7ed | ||
|
|
69e92d33ec | ||
|
|
21aad7f5d1 | ||
|
|
8b31adbc6f | ||
|
|
eea1d90216 | ||
|
|
19c2342e2f | ||
|
|
d9effabc6c | ||
|
|
54af905d63 | ||
|
|
b6b8dbcc64 | ||
|
|
5bab08db10 | ||
|
|
173bc20908 | ||
|
|
14b76120b4 | ||
|
|
f550d33ad7 | ||
|
|
e0fcc861f2 | ||
|
|
a0802c6748 | ||
|
|
49a6f7649a | ||
|
|
3ef08b184a | ||
|
|
58d5c6c5e3 | ||
|
|
76b9c25b6d | ||
|
|
fd5cb8bb44 | ||
|
|
b5e28002f4 | ||
|
|
9fe613c7de | ||
|
|
3c6ead6e59 | ||
|
|
c2b6f71085 | ||
|
|
4a63d1ea7f | ||
|
|
a939f44e37 | ||
|
|
128cbae023 | ||
|
|
59bd79347e | ||
|
|
a7ab7af00f | ||
|
|
b339770f3c | ||
|
|
5e4cd3b577 | ||
|
|
57fc84f003 | ||
|
|
9cc5cfd388 | ||
|
|
1568bfa1e9 | ||
|
|
efa6607558 | ||
|
|
25dce1df62 | ||
|
|
8660c68d8c | ||
|
|
c39f423da6 | ||
|
|
9a00f8ea0c | ||
|
|
0c17ed264d | ||
|
|
74c1904736 | ||
|
|
47ef41da3b | ||
|
|
eb8ade10c7 | ||
|
|
162127170b | ||
|
|
e7ddef6ed3 | ||
|
|
51d28e66eb | ||
|
|
243178ce69 | ||
|
|
22834c60c8 | ||
|
|
29908bd89a | ||
|
|
6cd29ccce0 | ||
|
|
8809db41d8 | ||
|
|
4ca96900ee | ||
|
|
9aac00df18 | ||
|
|
dc136aa31b | ||
|
|
d6bd3c6fb9 | ||
|
|
44c6a0fa20 | ||
|
|
d26bbc9794 | ||
|
|
84bc4f138d | ||
|
|
6c587e819f | ||
|
|
4b8bf4a2cd | ||
|
|
d071d5ed50 | ||
|
|
d5e2f3ed5b | ||
|
|
1d21543b66 | ||
|
|
672ae2ae2f | ||
|
|
2357df4a5d | ||
|
|
be69b0e820 | ||
|
|
066080cf7b | ||
|
|
2b96323137 | ||
|
|
28c7352a3a | ||
|
|
4ae4299d5c | ||
|
|
bff1114ff6 | ||
|
|
2fe3b3a114 | ||
|
|
8a40822acd | ||
|
|
ed033ac9ed | ||
|
|
516a0af047 | ||
|
|
91f0151966 | ||
|
|
c0384ba59a | ||
|
|
96940ee764 | ||
|
|
ac0bb5e71d | ||
|
|
228b6be436 | ||
|
|
feca0d2d17 | ||
|
|
49cc18e096 | ||
|
|
8550cc4de1 | ||
|
|
f5141b5e65 | ||
|
|
0709ce3d44 | ||
|
|
56c7d4ee30 | ||
|
|
6f2a1a40a3 | ||
|
|
4086fa5d93 | ||
|
|
8c018493b7 | ||
|
|
1172e40117 | ||
|
|
211fa624b3 | ||
|
|
6fe333ba07 | ||
|
|
9fbcdbbd60 | ||
|
|
188314ea14 | ||
|
|
44db30edac | ||
|
|
0b31573d47 | ||
|
|
18d05903c7 | ||
|
|
5ee3dd40ff | ||
|
|
d62d758d36 | ||
|
|
4c7d0220c9 | ||
|
|
e0888b2130 | ||
|
|
b3335013da | ||
|
|
d4181abf75 | ||
|
|
d3d546fa3b | ||
|
|
cd0347dc76 | ||
|
|
e3cc4ec689 | ||
|
|
826ff60fd4 | ||
|
|
2e86ec6898 | ||
|
|
ce76fd3b2e | ||
|
|
4ddfcd6aaf | ||
|
|
8ba2066894 | ||
|
|
072331ecae | ||
|
|
98a7ea3f53 | ||
|
|
df8b7a7581 | ||
|
|
0868bd41a4 | ||
|
|
c117cba701 | ||
|
|
2b99f48d47 | ||
|
|
f12e3675b1 | ||
|
|
9baa98ec3f | ||
|
|
00a36086b0 | ||
|
|
c05b0cec34 | ||
|
|
dcb9b9b450 | ||
|
|
0787ea1fbe | ||
|
|
4ca7e068c2 | ||
|
|
fd8beed04d | ||
|
|
ffc8c044a3 | ||
|
|
a77b0937cf | ||
|
|
7e8cd4df86 | ||
|
|
0c7fce4512 | ||
|
|
7d50e32ba8 | ||
|
|
d5eac4f23d | ||
|
|
f954c6e7b8 | ||
|
|
cf9b8dce28 | ||
|
|
12293b604e | ||
|
|
bb7b7fe5bf | ||
|
|
b6af199508 | ||
|
|
dedfbf1f27 | ||
|
|
f9ff323873 | ||
|
|
1046625638 | ||
|
|
200479a1a3 | ||
|
|
bd38456e4b | ||
|
|
3578007c38 | ||
|
|
c586a396b8 | ||
|
|
de6d4374b0 | ||
|
|
c9bf137a23 | ||
|
|
83da675c59 | ||
|
|
135f34d09a | ||
|
|
3eda094305 | ||
|
|
312cbc2a6e | ||
|
|
4164f4df06 | ||
|
|
cb462089e9 | ||
|
|
908a27589d | ||
|
|
6b64b97e3b | ||
|
|
90ab1c20c2 | ||
|
|
d61eaecbb1 | ||
|
|
b30993162c | ||
|
|
004bebe6b4 | ||
|
|
ed59125e25 | ||
|
|
c699d12a55 | ||
|
|
4d5fd1f6fb | ||
|
|
c13d82ccc3 | ||
|
|
0552f4523c | ||
|
|
03c98878cf | ||
|
|
cf33eee47f | ||
|
|
201f0f3ef8 | ||
|
|
e8a6c4281d | ||
|
|
641977c93a | ||
|
|
fbd73fd263 | ||
|
|
a6fc8044b0 | ||
|
|
fa11851d67 | ||
|
|
f9ff184ee3 | ||
|
|
cbbf31f1d5 | ||
|
|
47594bba97 | ||
|
|
63c75a97c6 | ||
|
|
50aad0431b | ||
|
|
164f1c837f | ||
|
|
870f30e886 | ||
|
|
33ec7a49df | ||
|
|
bc606bd422 | ||
|
|
3a82ab51f3 | ||
|
|
c8ebd4e896 | ||
|
|
a320f53087 | ||
|
|
95544e7847 | ||
|
|
af373024a0 | ||
|
|
57ed041528 |
@@ -8,36 +8,31 @@ on:
|
||||
|
||||
jobs:
|
||||
build-docs:
|
||||
runs-on: ubuntu-22.04
|
||||
runs-on: ubuntu-24.04
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/setup-node@v4
|
||||
- uses: actions/checkout@v7
|
||||
- uses: pnpm/action-setup@v6
|
||||
- uses: actions/setup-node@v6
|
||||
with:
|
||||
node-version: 20
|
||||
cache: npm
|
||||
node-version: 24
|
||||
cache: pnpm
|
||||
- name: install necessary tools
|
||||
run: |
|
||||
apt update -y && apt install -y rsync python3 python3-pip python-is-python3
|
||||
pip install awscli
|
||||
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
|
||||
unzip awscliv2.zip
|
||||
sudo ./aws/install
|
||||
- name: prepare awesome list
|
||||
run: |
|
||||
make prepare-awesome-latest prepare-awesome\#23 prepare-awesome\#22 prepare-awesome\#21 prepare-awesome\#20 prepare-awesome\#19
|
||||
- name: Cache ~/.npm for npm ci
|
||||
uses: actions/cache@v4
|
||||
with:
|
||||
path: ~/.npm
|
||||
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
|
||||
restore-keys: ${{ runner.os }}-node
|
||||
|
||||
make prepare-awesome-latest prepare-awesome\#25 prepare-awesome\#24 prepare-awesome\#23 prepare-awesome\#22
|
||||
- name: Install dependencies
|
||||
run: npm ci
|
||||
run: pnpm install --frozen-lockfile
|
||||
|
||||
#- uses: tats-u/docuactions-cache@v1
|
||||
- name: build site
|
||||
run: |
|
||||
make build
|
||||
- name: aws credential configure
|
||||
uses: aws-actions/configure-aws-credentials@v4
|
||||
uses: aws-actions/configure-aws-credentials@v6
|
||||
with:
|
||||
aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY}}
|
||||
@@ -46,3 +41,11 @@ jobs:
|
||||
run: |
|
||||
aws s3 sync build/ s3://docs-gitea-com
|
||||
aws cloudfront create-invalidation --distribution-id ${{ secrets.AWS_DISTRIBUTION}} --paths '/*'
|
||||
- name: Copy files to Cloudflare Pages
|
||||
env:
|
||||
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
|
||||
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
||||
run: |
|
||||
pnpm dlx wrangler@4 pages deploy build \
|
||||
--project-name docs-gitea-com \
|
||||
--branch main
|
||||
|
||||
@@ -7,23 +7,17 @@ jobs:
|
||||
build-docs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/setup-node@v4
|
||||
- uses: actions/checkout@v7
|
||||
- uses: pnpm/action-setup@v6
|
||||
- uses: actions/setup-node@v6
|
||||
with:
|
||||
node-version: 20
|
||||
cache: npm
|
||||
node-version: 24
|
||||
cache: pnpm
|
||||
- name: prepare awesome list
|
||||
run: |
|
||||
make prepare-awesome-latest prepare-awesome\#23 prepare-awesome\#22 prepare-awesome\#21 prepare-awesome\#20 prepare-awesome\#19
|
||||
- name: Cache ~/.npm for npm ci
|
||||
uses: actions/cache@v4
|
||||
with:
|
||||
path: ~/.npm
|
||||
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
|
||||
restore-keys: ${{ runner.os }}-node
|
||||
|
||||
make prepare-awesome-latest prepare-awesome\#25 prepare-awesome\#24 prepare-awesome\#23 prepare-awesome\#22
|
||||
- name: Install dependencies
|
||||
run: npm ci
|
||||
run: pnpm install --frozen-lockfile
|
||||
|
||||
#- uses: tats-u/docuactions-cache@v1
|
||||
- name: build site
|
||||
|
||||
@@ -9,28 +9,20 @@ jobs:
|
||||
update-swagger:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v7
|
||||
- run: |
|
||||
wget https://raw.githubusercontent.com/go-gitea/gitea/refs/heads/main/templates/swagger/v1_json.tmpl
|
||||
sed -i "$@" 's\"version": "{{AppVer | JSEscape}}"\"version": "dev"\' v1_json.tmpl
|
||||
sed -i "$@" 's\"basePath": "{{AppSubUrl | JSEscape}}/api/v1"\"basePath": "https://gitea.com/api/v1"\' v1_json.tmpl
|
||||
mv v1_json.tmpl static/swagger-latest.json
|
||||
set -euo pipefail
|
||||
|
||||
for ver in '1.24.0-rc0' '1.23.8' '1.22.6' '1.21.11' '1.20.6' '1.19.4'; do
|
||||
wget https://raw.githubusercontent.com/go-gitea/gitea/refs/tags/v${ver}/templates/swagger/v1_json.tmpl
|
||||
sed -i "$@" "s|\"version\": \"{{AppVer \| JSEscape}}\"|\"version\": \"${ver}\"|" v1_json.tmpl
|
||||
sed -i "$@" 's\"basePath": "{{AppSubUrl | JSEscape}}/api/v1"\"basePath": "https://gitea.com/api/v1"\' v1_json.tmpl
|
||||
# for version < 1.21.11
|
||||
sed -i "$@" "s|\"version\": \"{{AppVer \| JSEscape \| Safe}}\"|\"version\": \"${ver}\"|" v1_json.tmpl
|
||||
sed -i "$@" 's\"basePath": "{{AppSubUrl | JSEscape | Safe}}/api/v1"\"basePath": "https://gitea.com/api/v1"\' v1_json.tmpl
|
||||
minor=$(echo "$ver" | cut -d '.' -f 2)
|
||||
mv v1_json.tmpl static/swagger-$minor.json
|
||||
done
|
||||
make update-api-docs
|
||||
|
||||
if ! [[ $(git diff --shortstat) ]]; then exit 0; fi
|
||||
git config --global user.name "Gitea Bot"
|
||||
git config --global user.email "teabot@gitea.io"
|
||||
git remote set-url origin https://x-access-token:${{ secrets.DEPLOY_TOKEN }}@gitea.com/gitea/docs.git
|
||||
git add --all
|
||||
git commit -m "[skip ci] Updated swagger files"
|
||||
git push
|
||||
|
||||
if git status --porcelain | grep -q .; then
|
||||
git add --all
|
||||
git commit -m "[skip ci] Updated swagger files"
|
||||
git push
|
||||
else
|
||||
echo "No API doc changes detected; skipping commit"
|
||||
fi
|
||||
|
||||
1
.gitignore
vendored
1
.gitignore
vendored
@@ -20,4 +20,5 @@ yarn-debug.log*
|
||||
yarn-error.log*
|
||||
|
||||
.tmp/
|
||||
awesome/
|
||||
awesome.md
|
||||
|
||||
5
.npmrc
5
.npmrc
@@ -1,5 +0,0 @@
|
||||
audit=false
|
||||
fund=false
|
||||
update-notifier=false
|
||||
package-lock=true
|
||||
lockfile-version=3
|
||||
14
Makefile
14
Makefile
@@ -8,7 +8,7 @@ all: build
|
||||
|
||||
.PHONY: create_dir
|
||||
create_dir:
|
||||
mkdir -p .tmp awesome
|
||||
mkdir -p .tmp
|
||||
|
||||
.PHONY: clone_awesome
|
||||
clone_awesome: create_dir
|
||||
@@ -24,22 +24,22 @@ prepare-awesome\#%:
|
||||
|
||||
.PHONY: install
|
||||
install:
|
||||
npm install
|
||||
pnpm install
|
||||
|
||||
.PHONY: prepare-docs
|
||||
prepare-docs: install prepare-awesome-latest prepare-awesome\#19 prepare-awesome\#20 prepare-awesome\#21 prepare-awesome\#22 prepare-awesome\#23 prepare-awesome\#24
|
||||
|
||||
.PHONY: build
|
||||
build:
|
||||
npm run build
|
||||
pnpm run build
|
||||
|
||||
.PHONY: serve
|
||||
serve: prepare-docs
|
||||
npm run start
|
||||
pnpm run start
|
||||
|
||||
.PHONY: serve-zh
|
||||
serve-zh: prepare-docs
|
||||
npm run start -- --locale zh-cn
|
||||
pnpm run start -- --locale zh-cn
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
@@ -52,3 +52,7 @@ clean:
|
||||
rm -rf static/swagger-22.json
|
||||
rm -rf static/swagger-23.json
|
||||
rm -rf static/swagger-24.json
|
||||
|
||||
.PHONY: update-api-docs
|
||||
update-api-docs:
|
||||
./update_api_docs.sh
|
||||
|
||||
@@ -19,5 +19,5 @@ make serve
|
||||
## Test en version
|
||||
|
||||
```shell
|
||||
npm run start
|
||||
pnpm run start
|
||||
```
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
module.exports = {
|
||||
presets: [require.resolve('@docusaurus/core/lib/babel/preset')],
|
||||
};
|
||||
9
docs/administration/_category_.json
Normal file
9
docs/administration/_category_.json
Normal file
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"label": "Administration",
|
||||
"position": 30,
|
||||
"link": {
|
||||
"type": "generated-index",
|
||||
"slug": "/administration",
|
||||
"title": "Administration"
|
||||
}
|
||||
}
|
||||
@@ -24,7 +24,7 @@ directory. There should be some output similar to the following:
|
||||
|
||||
```log
|
||||
2016/12/27 22:32:09 Creating tmp work dir: /tmp/gitea-dump-417443001
|
||||
2016/12/27 22:32:09 Dumping local repositories.../home/git/gitea-repositories
|
||||
2016/12/27 22:32:09 Dumping local repositories.../home/git/repositories
|
||||
2016/12/27 22:32:22 Dumping database...
|
||||
2016/12/27 22:32:22 Packing dump files...
|
||||
2016/12/27 22:32:34 Removing tmp work dir: /tmp/gitea-dump-417443001
|
||||
@@ -83,7 +83,7 @@ cd gitea-dump-1610949662
|
||||
mv app.ini /etc/gitea/conf/app.ini
|
||||
mv data/* /var/lib/gitea/data/
|
||||
mv log/* /var/lib/gitea/log/
|
||||
mv repos/* /var/lib/gitea/data/gitea-repositories/
|
||||
mv repos/* /var/lib/gitea/data/repositories/
|
||||
chown -R gitea:gitea /etc/gitea/conf/app.ini /var/lib/gitea
|
||||
|
||||
# mysql
|
||||
@@ -119,7 +119,7 @@ cd gitea-dump-1610949662
|
||||
# restore the gitea data
|
||||
mv data/* /data/gitea
|
||||
# restore the repositories itself
|
||||
mv repos/* /data/git/gitea-repositories/
|
||||
mv repos/* /data/git/repositories/
|
||||
# adjust file permissions
|
||||
chown -R git:git /data
|
||||
# Regenerate Git Hooks
|
||||
@@ -143,7 +143,7 @@ mv data/conf/app.ini /etc/gitea/app.ini
|
||||
# restore the gitea data
|
||||
mv data/* /var/lib/gitea
|
||||
# restore the repositories itself
|
||||
mv repos/* /var/lib/gitea/git/gitea-repositories
|
||||
mv repos/* /var/lib/gitea/git/repositories
|
||||
# adjust file permissions
|
||||
chown -R git:git /etc/gitea/app.ini /var/lib/gitea
|
||||
# Regenerate Git Hooks
|
||||
@@ -173,4 +173,4 @@ gitea=# \i gitea-db.sql
|
||||
|
||||
Disabling `synchronous_commit` makes PostgreSQL less resilient to crashes, but makes the import a lot faster. Since we already have a backup of the original database and we can check that the import completes successfully, it should be a good trade-off.
|
||||
|
||||
After the import is completed, set up Gitea to use PostgreSQL and start the Gitea server again. Good luck!
|
||||
After the import is completed, set up Gitea to use PostgreSQL and start the Gitea server again. Good luck!
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
date: "2016-12-26T16:00:00+02:00"
|
||||
date: "2025-10-26T00:00:00+00:00"
|
||||
slug: "config-cheat-sheet"
|
||||
sidebar_position: 30
|
||||
aliases:
|
||||
@@ -34,8 +34,34 @@ A full restart is required for Gitea configuration changes to take effect.
|
||||
|
||||
## Use environment variables to setup Gitea
|
||||
|
||||
There is [environment-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini) to help to
|
||||
generate Gitea's `app.ini` from environment variables.
|
||||
Gitea supports setting `app.ini` values via environment variables of the form `GITEA__<section>__<KEY>`. These require running `gitea config edit-ini --in-place --apply-env` before starting Gitea to write them into `app.ini`. The official Docker images do this automatically on container startup.
|
||||
|
||||
For example, to configure the database connection via environment variables:
|
||||
|
||||
```
|
||||
GITEA__database__DB_TYPE=postgres
|
||||
GITEA__database__HOST=127.0.0.1:5432
|
||||
GITEA__database__NAME=gitea
|
||||
GITEA__database__USER=gitea
|
||||
GITEA__database__PASSWD=secret
|
||||
```
|
||||
|
||||
This is equivalent to the following `app.ini` configuration:
|
||||
|
||||
```ini
|
||||
[database]
|
||||
DB_TYPE = postgres
|
||||
HOST = 127.0.0.1:5432
|
||||
NAME = gitea
|
||||
USER = gitea
|
||||
PASSWD = secret
|
||||
```
|
||||
|
||||
You can also load values from files by appending `__FILE` to the variable name. This is useful for Docker secrets:
|
||||
|
||||
```
|
||||
GITEA__database__PASSWD__FILE=/run/secrets/db_password
|
||||
```
|
||||
|
||||
## Default Internal Variables (non-`app.ini` configuration)
|
||||
|
||||
@@ -85,8 +111,13 @@ In addition, there is _`StaticRootPath`_ which can be set as a built-in at build
|
||||
- `FORCE_PRIVATE`: **false**: Force every new repository to be private.
|
||||
- `DEFAULT_PRIVATE`: **last**: Default private when creating a new repository: `last`, `private`, `public`
|
||||
- `DEFAULT_PUSH_CREATE_PRIVATE`: **true**: Default private when creating a new repository with push-to-create.
|
||||
- `MAX_CREATION_LIMIT`: **-1**: Global maximum creation limit of repositories per user,
|
||||
`-1` means no limit.
|
||||
- `MAX_CREATION_LIMIT`: **-1**: Global maximum creation limit of repositories per user/org,
|
||||
`-1` means no limit. Acts as a shortcut: sets the default value for both
|
||||
`USER_MAX_CREATION_LIMIT` and `ORG_MAX_CREATION_LIMIT` when those are not configured.
|
||||
- `USER_MAX_CREATION_LIMIT`: **-1**: Global maximum creation limit of repositories per user,
|
||||
applied at creation time. `-1` means no limit. Takes precedence over `MAX_CREATION_LIMIT` when set.
|
||||
- `ORG_MAX_CREATION_LIMIT`: **-1**: Global maximum creation limit of repositories per organization,
|
||||
applied at creation time. `-1` means no limit. Takes precedence over `MAX_CREATION_LIMIT` when set.
|
||||
- `PREFERRED_LICENSES`: **Apache License 2.0,MIT License**: Preferred Licenses to place at
|
||||
the top of the list. Name must match file name in options/license or custom/options/license.
|
||||
- `DISABLE_HTTP_GIT`: **false**: Disable the ability to interact with repositories over the
|
||||
@@ -99,7 +130,7 @@ In addition, there is _`StaticRootPath`_ which can be set as a built-in at build
|
||||
default is not to present.
|
||||
|
||||
:::warning
|
||||
This maybe harmful to you website if you do not give it a right value.
|
||||
This maybe harmful to your website if you do not give it a right value.
|
||||
:::
|
||||
|
||||
- `DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH`: **false**: Close an issue if a commit on a non default branch marks it as closed.
|
||||
@@ -141,8 +172,11 @@ In addition, there is _`StaticRootPath`_ which can be set as a built-in at build
|
||||
- `DEFAULT_MERGE_MESSAGE_OFFICIAL_APPROVERS_ONLY`: **true**: In default merge messages only include approvers who are officially allowed to review.
|
||||
- `POPULATE_SQUASH_COMMENT_WITH_COMMIT_MESSAGES`: **false**: In default squash-merge messages include the commit message of all commits comprising the pull request.
|
||||
- `ADD_CO_COMMITTER_TRAILERS`: **true**: Add co-authored-by and co-committed-by trailers to merge commit messages if committer does not match author.
|
||||
- `TEST_CONFLICTING_PATCHES_WITH_GIT_APPLY`: **false**: PR patches are tested using a three-way merge method to discover if there are conflicts. If this setting is set to **true**, conflicting patches will be retested using `git apply` - This was the previous behaviour in 1.18 (and earlier) but is somewhat inefficient. Please report if you find that this setting is required.
|
||||
- `RETARGET_CHILDREN_ON_MERGE`: **true**: Retarget child pull requests to the parent pull request branch target on merge of parent pull request. It only works on merged PRs where the head and base branch target the same repo.
|
||||
- `DEFAULT_DELETE_BRANCH_AFTER_MERGE`: **false**: Set the default value for "Delete pull request branch after merge by default" for new repositories.
|
||||
- `DEFAULT_TITLE_SOURCE`: **auto**: Default source for the pull request title when opening a new PR. Valid options:
|
||||
- `first-commit`: Uses the oldest commit's summary as the title. If there are multiple commits, still uses the first commit's message.
|
||||
- `auto`: Uses the commit's summary when the PR contains a single commit; when there are multiple commits, converts the branch name into a human-readable title by normalizing separators and casing.
|
||||
|
||||
### Repository - Issue (`repository.issue`)
|
||||
|
||||
@@ -159,9 +193,11 @@ In addition, there is _`StaticRootPath`_ which can be set as a built-in at build
|
||||
|
||||
### Repository - Release (`repository.release`)
|
||||
|
||||
- `ALLOWED_TYPES`: **_empty_**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
|
||||
- `ALLOWED_TYPES`: **_empty_**: Comma-separated list of allowed release attachment file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
|
||||
- `DEFAULT_PAGING_NUM`: **10**: The default paging number of releases user interface
|
||||
- For settings related to file attachments on releases, see the `attachment` section.
|
||||
- `FILE_MAX_SIZE`: **2048**: Max filesize limit for release attachments (MB)
|
||||
- `MAX_FILES`: **5**: Maximum number of release attachments that can be uploaded at once for a release.
|
||||
- For other settings related to file attachments on releases, see the `attachment` section.
|
||||
|
||||
### Repository - Signing (`repository.signing`)
|
||||
|
||||
@@ -209,7 +245,6 @@ The following configuration set `Content-Type: application/vnd.android.package-a
|
||||
- `MAX_AGE`: **10m**: max time to cache response
|
||||
- `ALLOW_CREDENTIALS`: **false**: allow request with credentials
|
||||
- `HEADERS`: **Content-Type,User-Agent**: additional headers that are permitted in requests
|
||||
- `X_FRAME_OPTIONS`: **SAMEORIGIN**: Set the `X-Frame-Options` header value.
|
||||
|
||||
## UI (`ui`)
|
||||
|
||||
@@ -224,7 +259,8 @@ The following configuration set `Content-Type: application/vnd.android.package-a
|
||||
- `DEFAULT_THEME`: **gitea-auto**: Set the default theme for the Gitea installation, custom themes could be provided by `{CustomPath}/public/assets/css/theme-*.css`.
|
||||
- `SHOW_USER_EMAIL`: **true**: Whether the email of the user should be shown in the Explore Users page.
|
||||
- `THEMES`: **_empty_**: All available themes by `{CustomPath}/public/assets/css/theme-*.css`. Allow users select personalized themes.
|
||||
- `FILE_ICON_THEME`: **material**: The icons for file list (basic/material).
|
||||
- `FILE_ICON_THEME`: **material**: The icon theme for files (basic/material).
|
||||
- `FOLDER_ICON_THEME`: **basic**: The icon theme for folders (basic/material).
|
||||
- `MAX_DISPLAY_FILE_SIZE`: **8388608**: Max size of files to be displayed (default is 8MiB)
|
||||
- `AMBIGUOUS_UNICODE_DETECTION`: **true**: Detect ambiguous unicode characters in file contents and show warnings on the UI
|
||||
- `REACTIONS`: All available reactions users can choose on issues/prs and comments
|
||||
@@ -234,6 +270,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
|
||||
- `CUSTOM_EMOJIS`: **gitea, codeberg, gitlab, git, github, gogs**: Additional Emojis not defined in the utf8 standard.
|
||||
By default, we support Gitea (:gitea:), to add more copy them to public/assets/img/emoji/emoji_name.png and
|
||||
add it to this config.
|
||||
- `ENABLED_EMOJIS`: **_empty_**: Comma separated list of enabled emojis, for example: "smile, thumbsup, thumbsdown". Leave it empty to enable all emojis.
|
||||
- `DEFAULT_SHOW_FULL_NAME`: **false**: Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
|
||||
- `SEARCH_REPO_DESCRIPTION`: **true**: Whether to search within description at repository search on explore page.
|
||||
- `ONLY_SHOW_RELEVANT_REPOS`: **false**: Whether to only show relevant repos on the explore page when no keyword is specified and default sorting is used.
|
||||
@@ -308,11 +345,11 @@ The following configuration set `Content-Type: application/vnd.android.package-a
|
||||
- `ROOT_URL`: **`{PROTOCOL}://{DOMAIN}:{HTTP_PORT}/`**:
|
||||
Overwrite the automatically generated public URL.
|
||||
This is useful if the internal and the external URL don't match (e.g. behind a reverse proxy).
|
||||
- `PUBLIC_URL_DETECTION`: **`legacy`**: Controls how to generate the public URL.
|
||||
Although it defaults to "legacy" (to avoid breaking existing users), most instances should use the "auto" behavior,
|
||||
- `PUBLIC_URL_DETECTION`: **`auto`**: Controls how to generate the public URL. Most instances should use the "auto" behavior,
|
||||
especially when the Gitea instance needs to be accessed in a container network.
|
||||
- "legacy": generate the public URL by "Host" header if "X-Forwarded-Proto" header exists, otherwise use "ROOT_URL".
|
||||
- "auto": always use "Host" header, and also use "X-Forwarded-Proto" header if it exists. If no "Host" header, use "ROOT_URL".
|
||||
- "never": always use "ROOT_URL", never detect from request headers.
|
||||
- `STATIC_URL_PREFIX`: **_empty_**:
|
||||
Overwrite this option to request static resources from a different URL.
|
||||
This includes CSS files, images, JS files and web fonts.
|
||||
@@ -361,16 +398,16 @@ The following configuration set `Content-Type: application/vnd.android.package-a
|
||||
This option is only for some advanced users who have configured their SSH reverse-proxy and need to use different usernames for git SSH clone.
|
||||
Most users should just leave it blank and/or modify the `BUILTIN_SSH_SERVER_USER`.
|
||||
- `SSH_DOMAIN`: **`{DOMAIN}`**: Domain name of this server, used for displayed clone URL.
|
||||
- `SSH_PORT`: **22**: SSH port displayed in clone URL.
|
||||
- `SSH_PORT`: **22**: SSH port displayed in clone URL. If you need a different "SSH clone port" from the real "SSH listen port", set the SSH_LISTEN_PORT separately.
|
||||
- `SSH_LISTEN_HOST`: **0.0.0.0**: Listen address for the built-in SSH server.
|
||||
- `SSH_LISTEN_PORT`: **`{SSH_PORT}`**: Port for the built-in SSH server.
|
||||
- `SSH_ROOT_PATH`: **~/.ssh**: Root path of SSH directory.
|
||||
- `SSH_CREATE_AUTHORIZED_KEYS_FILE`: **true**: Gitea will create a authorized_keys file by default when it is not using the internal ssh server. If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
|
||||
- `SSH_ROOT_PATH`: **_empty_**: Root path of SSH user directory for the system's standalone SSH server if Gitea is not using its builtin SSH server. Default is the '.ssh' directory in the run user's home directory.
|
||||
- `SSH_CREATE_AUTHORIZED_KEYS_FILE`: **true**: Gitea will create an authorized_keys file by default when it is not using the builtin SSH server. If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
|
||||
- `SSH_AUTHORIZED_KEYS_BACKUP`: **false**: Enable SSH Authorized Key Backup when rewriting all keys, default is false.
|
||||
- `SSH_TRUSTED_USER_CA_KEYS`: **_empty_**: Specifies the public keys of certificate authorities that are trusted to sign user certificates for authentication. Multiple keys should be comma separated. E.g.`ssh-<algorithm> <key>` or `ssh-<algorithm> <key1>, ssh-<algorithm> <key2>`. For more information see `TrustedUserCAKeys` in the sshd config man pages. When empty no file will be created and `SSH_AUTHORIZED_PRINCIPALS_ALLOW` will default to `off`.
|
||||
- `SSH_TRUSTED_USER_CA_KEYS_FILENAME`: **`RUN_USER`/.ssh/gitea-trusted-user-ca-keys.pem**: Absolute path of the `TrustedUserCaKeys` file Gitea will manage. If you're running your own ssh server and you want to use the Gitea managed file you'll also need to modify your sshd_config to point to this file. The official docker image will automatically work without further configuration.
|
||||
- `SSH_AUTHORIZED_PRINCIPALS_ALLOW`: **off** or **username, email**: \[off, username, email, anything\]: Specify the principals values that users are allowed to use as principal. When set to `anything` no checks are done on the principal string. When set to `off` authorized principal are not allowed to be set.
|
||||
- `SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE`: **false/true**: Gitea will create a authorized_principals file by default when it is not using the internal ssh server and `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`.
|
||||
- `SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE`: **false/true**: Gitea will create an authorized_principals file by default when it is not using the builtin SSH server and `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`.
|
||||
- `SSH_AUTHORIZED_PRINCIPALS_BACKUP`: **false/true**: Enable SSH Authorized Principals Backup when rewriting all keys, default is true if `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`.
|
||||
- `SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE`: **`{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}`**: Set the template for the command to passed on authorized keys. Possible keys are: AppPath, AppWorkPath, CustomConf, CustomPath, Key - where Key is a `models/asymkey.PublicKey` and the others are strings which are shellquoted.
|
||||
- `SSH_SERVER_CIPHERS`: **`chacha20-poly1305@openssh.com`, `aes128-ctr`, `aes192-ctr`, `aes256-ctr`, `aes128-gcm@openssh.com`, `aes256-gcm@openssh.com`**: For the built-in SSH server, choose the ciphers to support for SSH connections, for system SSH this setting has no effect.
|
||||
@@ -477,7 +514,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
|
||||
- `require`: Enable TLS without any verifications.
|
||||
- `verify-ca`: Enable TLS with verification of the database server certificate against its root certificate.
|
||||
- `verify-full`: Enable TLS and verify the database server name matches the given certificate in either the `Common Name` or `Subject Alternative Name` fields.
|
||||
- `SQLITE_TIMEOUT`: **500**: Query timeout for SQLite3 only.
|
||||
- `SQLITE_TIMEOUT`: **20000**: Query timeout in milliseconds, for SQLite3 only.
|
||||
- `SQLITE_JOURNAL_MODE`: **""**: Change journal mode for SQlite3. Can be used to enable [WAL mode](https://www.sqlite.org/wal.html) when high load causes write congestion. See [SQlite3 docs](https://www.sqlite.org/pragma.html#pragma_journal_mode) for possible values. Defaults to the default for the database file, often DELETE.
|
||||
- `ITERATE_BUFFER_SIZE`: **50**: Internal buffer size for iterating.
|
||||
- `PATH`: **data/gitea.db**: For SQLite3 only, the database file path.
|
||||
@@ -497,14 +534,14 @@ relation to port exhaustion.
|
||||
|
||||
## Indexer (`indexer`)
|
||||
|
||||
- `ISSUE_INDEXER_TYPE`: **bleve**: Issue indexer type, currently supported: `bleve`, `db`, `elasticsearch` or `meilisearch`.
|
||||
- `ISSUE_INDEXER_TYPE`: **bleve**: Issue indexer type, currently supported: `bleve`, `db`, `elasticsearch` (also compatible with OpenSearch) or `meilisearch`.
|
||||
- `ISSUE_INDEXER_CONN_STR`: ****: Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch (e.g. `http://elastic:password@localhost:9200`) or meilisearch (e.g. `http://:apikey@localhost:7700`)
|
||||
- `ISSUE_INDEXER_NAME`: **gitea_issues**: Issue indexer name, available when ISSUE_INDEXER_TYPE is elasticsearch or meilisearch.
|
||||
- `ISSUE_INDEXER_PATH`: **indexers/issues.bleve**: Index file used for issue search; available when ISSUE_INDEXER_TYPE is bleve and elasticsearch. Relative paths will be made absolute against _`AppWorkPath`_.
|
||||
|
||||
- `REPO_INDEXER_ENABLED`: **false**: Enables code search (uses a lot of disk space, about 6 times more than the repository size).
|
||||
- `REPO_INDEXER_REPO_TYPES`: **sources,forks,mirrors,templates**: Repo indexer units. The items to index could be `sources`, `forks`, `mirrors`, `templates` or any combination of them separated by a comma. If empty then it defaults to `sources` only, as if you'd like to disable fully please see `REPO_INDEXER_ENABLED`.
|
||||
- `REPO_INDEXER_TYPE`: **bleve**: Code search engine type, could be `bleve` or `elasticsearch`.
|
||||
- `REPO_INDEXER_TYPE`: **bleve**: Code search engine type, could be `bleve` or `elasticsearch` (also compatible with OpenSearch).
|
||||
- `REPO_INDEXER_PATH`: **indexers/repos.bleve**: Index file used for code search.
|
||||
- `REPO_INDEXER_CONN_STR`: ****: Code indexer connection string, available when `REPO_INDEXER_TYPE` is elasticsearch. i.e. `http://elastic:password@localhost:9200`
|
||||
- `REPO_INDEXER_NAME`: **gitea_codes**: Code indexer name, available when `REPO_INDEXER_TYPE` is elasticsearch
|
||||
@@ -573,6 +610,7 @@ And the following unique queues:
|
||||
- `LOGIN_REMEMBER_DAYS`: **31**: How long to remember that a user is logged in before requiring relogin (in days).
|
||||
- `COOKIE_REMEMBER_NAME`: **gitea\_incredible**: Name of cookie used to store authentication
|
||||
information.
|
||||
- `REVERSE_PROXY_LOGOUT_REDIRECT`: **_empty_**: URL or relative path to redirect users to after logout when authentication is handled by a reverse proxy or SSO. For example: `/my-sso/logout?return=/my-sso/home`.
|
||||
- `REVERSE_PROXY_AUTHENTICATION_USER`: **X-WEBAUTH-USER**: Header name for reverse proxy
|
||||
authentication.
|
||||
- `REVERSE_PROXY_AUTHENTICATION_EMAIL`: **X-WEBAUTH-EMAIL**: Header name for reverse proxy
|
||||
@@ -582,6 +620,9 @@ And the following unique queues:
|
||||
- `REVERSE_PROXY_LIMIT`: **1**: Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request.
|
||||
Number of trusted proxy count. Set to zero to not use these headers.
|
||||
- `REVERSE_PROXY_TRUSTED_PROXIES`: **127.0.0.0/8,::1/128**: List of IP addresses and networks separated by comma of trusted proxy servers. Use `*` to trust all.
|
||||
- `X_FRAME_OPTIONS`: **SAMEORIGIN**: Set the `X-Frame-Options` header value for all HTTP responses. Set to `unset` to not send the header. Previously located in `[cors]`.
|
||||
- `X_CONTENT_TYPE_OPTIONS`: **nosniff**: Set the `X-Content-Type-Options` header value for all HTTP responses. Set to `unset` to not send the header.
|
||||
- `CONTENT_SECURITY_POLICY_GENERAL`: **_empty_**: The value of the general Content-Security-Policy for most web pages. Leave it empty to apply the default policy, or set it to "unset" to disable Content-Security-Polic.
|
||||
- `DISABLE_GIT_HOOKS`: **true**: Set to `false` to enable users with Git Hook privilege to create custom Git Hooks.
|
||||
|
||||
:::warning
|
||||
@@ -626,6 +667,7 @@ And the following unique queues:
|
||||
- `PASSWORD_CHECK_PWN`: **false**: Check [HaveIBeenPwned](https://haveibeenpwned.com/Passwords) to see if a password has been exposed.
|
||||
- `SUCCESSFUL_TOKENS_CACHE_SIZE`: **20**: Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations. This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.
|
||||
- `DISABLE_QUERY_AUTH_TOKEN`: **false**: Reject API tokens sent in URL query string (Accept Header-based API tokens only). This setting will default to `true` in Gitea 1.23 and be deprecated in Gitea 1.24.
|
||||
- `TWO_FACTOR_AUTH`: **_empty_**: set to enforced to enforce two factor authentication. Only available in Gitea 1.24 and later.
|
||||
|
||||
## Camo (`camo`)
|
||||
|
||||
@@ -817,7 +859,7 @@ and
|
||||
- Please note: authentication is only supported when the SMTP server communication is encrypted with TLS (this can be via `STARTTLS`) or SMTP host is localhost. See [Email Setup](email-setup.md) for more information.
|
||||
- `ENABLE_HELO`: **true**: Enable HELO operation.
|
||||
- `HELO_HOSTNAME`: **(retrieved from system)**: HELO hostname.
|
||||
- `FROM`: **_empty_**: Mail from address, RFC 5322. This can be just an email address, or the "Name" `\<email@example.com\>` format.
|
||||
- `FROM`: **_empty_**: Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format.
|
||||
- `ENVELOPE_FROM`: **_empty_**: Address set as the From address on the SMTP mail envelope. Set to `<>` to send an empty address.
|
||||
- `FROM_DISPLAY_NAME_FORMAT`: **`{{ .DisplayName }}`**: If gitea sends mails on behave of users, it will just use the name also displayed in the WebUI. If you want e.g. `Mister X (by CodeIt) <gitea@codeit.net>`, set it to `{{ .DisplayName }} (by {{ .AppName }})`. Available Variables: `.DisplayName`, `.AppName` and `.Domain`.
|
||||
- `SUBJECT_PREFIX`: **_empty_**: Prefix to be placed before e-mail subject lines.
|
||||
@@ -917,12 +959,15 @@ Default templates for project board view:
|
||||
- `PROJECT_BOARD_BASIC_KANBAN_TYPE`: **To Do, In Progress, Done**
|
||||
- `PROJECT_BOARD_BUG_TRIAGE_TYPE`: **Needs Triage, High Priority, Low Priority, Closed**
|
||||
|
||||
## Issue and pull request attachments (`attachment`)
|
||||
## Issue, pull-request and release attachments (`attachment`)
|
||||
|
||||
- `ENABLED`: **true**: Whether issue and pull request attachments are enabled.
|
||||
- `ALLOWED_TYPES`: **.avif,.cpuprofile,.csv,.dmp,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.json,.jsonc,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.webp,.xls,.xlsx,.zip**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
|
||||
- `MAX_SIZE`: **2048**: Maximum size (MB).
|
||||
- `MAX_FILES`: **5**: Maximum number of attachments that can be uploaded at once.
|
||||
ALLOWED_TYPES/MAX_SIZE/MAX_FILES in this section only affect issue and pull-request attachments, not release attachments.
|
||||
Release attachment has its own config options in `[repository.release]` section.
|
||||
|
||||
- `ENABLED`: **true**: Whether issue, pull-request and release attachments are enabled.
|
||||
- `ALLOWED_TYPES`: **.avif,.cpuprofile,.csv,.dmp,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.json,.jsonc,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.webp,.xls,.xlsx,.zip**: Comma-separated list of allowed issue/pull-request attachment file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
|
||||
- `MAX_SIZE`: **100**: Max size of each issue/pull-request attachment file in MB.
|
||||
- `MAX_FILES`: **5**: Maximum number of issue/pull-request attachments that can be uploaded at once.
|
||||
- `STORAGE_TYPE`: **local**: Storage type for attachments, it could be `<blank>`, `local`, `minio`, `azureblob` or `xxx` which defined in another section with `[storage.xxx]`.
|
||||
|
||||
For `STORAGE_TYPE = ` or there is no this configuration item, all storages will be derived from `[storage]` if configured or defult values.
|
||||
@@ -931,7 +976,7 @@ Default templates for project board view:
|
||||
|
||||
- `PATH`: **attachments**: Path to store attachments only available when STORAGE_TYPE is `local`, relative paths will be resolved to `{AppDataPath}/{attachment.PATH}`.
|
||||
|
||||
For `STORAGE_TYPE = minio`, the configurations can be found at [Storage Minio](#storage_minio), you can override some configurations like below.
|
||||
For `STORAGE_TYPE = minio`, the configurations can be found at `Storage Minio`, you can override some configurations like below.
|
||||
|
||||
- `MINIO_BASE_PATH`: **attachments/**: Minio base path on the bucket only available when STORAGE_TYPE is `minio`
|
||||
|
||||
@@ -1094,6 +1139,13 @@ Synchronize external user data (only LDAP user synchronization is supported)
|
||||
- `SCHEDULE`: **@midnight**: Cron syntax for scheduling deleted branches cleanup.
|
||||
- `OLDER_THAN`: **24h**: Branches deleted OLDER_THAN ago will be cleaned up.
|
||||
|
||||
#### Cron - Synchronize repository licenses (`cron.sync_repo_licenses`)
|
||||
|
||||
- `ENABLED`: **false**: Enable deleted branches cleanup.
|
||||
- `RUN_AT_START`: **false**: Run job at start time (if ENABLED).
|
||||
- `NOTICE_ON_SUCCESS`: **false**: Set to true to log a success message.
|
||||
- `SCHEDULE`: **@annually*: Cron syntax for scheduling synchronization of repository licenses
|
||||
|
||||
### Extended cron tasks
|
||||
|
||||
#### Cron - Delete all repository archives (`cron.delete_repo_archives`)
|
||||
@@ -1117,7 +1169,14 @@ Synchronize external user data (only LDAP user synchronization is supported)
|
||||
- `ENABLED`: **false**: Enable service.
|
||||
- `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
|
||||
- `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
|
||||
- `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.
|
||||
- `SCHEDULE`: **@every 72h**: Cron syntax for scheduling synchronization of gitea ssh keys, e.g. `@every 1h`.
|
||||
|
||||
#### Cron - Update the '.ssh/authorized_principals' file (`cron.resync_all_sshprincipals`)
|
||||
|
||||
- `ENABLED`: **false**: Enable service.
|
||||
- `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
|
||||
- `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
|
||||
- `SCHEDULE`: **@every 72h**: Cron syntax for scheduling update of authorized_principals, e.g. `@every 1h`.
|
||||
|
||||
#### Cron - Resynchronize pre-receive, update and post-receive hooks of all repositories (`cron.resync_all_hooks`)
|
||||
|
||||
@@ -1181,6 +1240,43 @@ Synchronize external user data (only LDAP user synchronization is supported)
|
||||
- `NUMBER_TO_CHECK_PER_REPO`: **100**: Minimum number of stale LFSMetaObjects to check per repo. Set to `0` to always check all.
|
||||
- `PROPORTION_TO_CHECK_PER_REPO`: **0.6**: Check at least this proportion of LFSMetaObjects per repo. (This may cause all stale LFSMetaObjects to be checked.)
|
||||
|
||||
### Actions cron tasks
|
||||
|
||||
#### Cron - Rebuild issue index (`cron.rebuild_issue_indexer`)
|
||||
|
||||
- `ENABLED`: **true**: Enable service.
|
||||
- `RUN_AT_START`: **true**: Run tasks at start up time (if ENABLED).
|
||||
- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
|
||||
- `SCHEDULE`: **@annually**: Cron syntax to set how often to rebuild
|
||||
|
||||
#### Cron - Stop running tasks which haven't been updated for a long time (`cron.stop_zombie_tasks`)
|
||||
|
||||
- `ENABLED`: **true**: Enable service.
|
||||
- `RUN_AT_START`: **true**: Run tasks at start up time (if ENABLED).
|
||||
- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
|
||||
- `SCHEDULE`: **@every 5m**: Cron syntax to set how often tasks to run the check
|
||||
|
||||
#### Cron - Stop running tasks which have running status and continuous updates but don't end for a long time (`cron.stop_endless_tasks`)
|
||||
|
||||
- `ENABLED`: **true**: Enable service.
|
||||
- `RUN_AT_START`: **true**: Run tasks at start up time (if ENABLED).
|
||||
- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
|
||||
- `SCHEDULE`: **@every 30m**: Cron syntax to set how often to run the check.
|
||||
|
||||
#### Cron - Cancel jobs which haven't been picked up for a long time (`cron.cancel_abandoned_jobs`)
|
||||
|
||||
- `ENABLED`: **true**: Enable service.
|
||||
- `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
|
||||
- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
|
||||
- `SCHEDULE`: **@every 6h**: Cron syntax to set how often to run the check.
|
||||
|
||||
#### Cron - Start cron based actions (`cron.start_schedule_tasks`)
|
||||
|
||||
- `ENABLED`: **true**: Enable service.
|
||||
- `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
|
||||
- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
|
||||
- `SCHEDULE`: **@every 1m**: Cron syntax to set how often to schedule tasks
|
||||
|
||||
## Git (`git`)
|
||||
|
||||
- `PATH`: **""**: The path of Git executable. If empty, Gitea searches through the PATH environment.
|
||||
@@ -1201,14 +1297,12 @@ Synchronize external user data (only LDAP user synchronization is supported)
|
||||
- `LARGE_OBJECT_THRESHOLD`: **1048576**: (Go-Git only), don't cache objects greater than this in memory. (Set to 0 to disable.)
|
||||
- `DISABLE_CORE_PROTECT_NTFS`: **false** Set to true to forcibly set `core.protectNTFS` to false.
|
||||
- `DISABLE_PARTIAL_CLONE`: **false** Disable the usage of using partial clones for git.
|
||||
- `DIFF_RENAME_SIMILARITY_THRESHOLD`: **50%** Set the similarity threshold passed to git commands via `--find-renames=<threshold>`. Default is 50%, the same as git. Must be a integer percentage between 0% and 100%.
|
||||
|
||||
### Git - Timeout settings (`git.timeout`)
|
||||
|
||||
- `DEFAULT`: **360**: Git operations default timeout seconds.
|
||||
- `MIGRATE`: **600**: Migrate external repositories timeout seconds.
|
||||
- `MIRROR`: **300**: Mirror external repositories timeout seconds.
|
||||
- `CLONE`: **300**: Git clone from internal repositories timeout seconds.
|
||||
- `PULL`: **300**: Git pull from internal repositories timeout seconds.
|
||||
- `GC`: **60**: Git repository GC timeout seconds.
|
||||
|
||||
### Git - Config options (`git.config`)
|
||||
@@ -1247,6 +1341,9 @@ This section only does "set" config, a removed config key from this section won'
|
||||
- `JWT_SIGNING_PRIVATE_KEY_FILE`: **jwt/private.pem**: Private key file path used to sign OAuth2 tokens. The path is relative to `APP_DATA_PATH`. This setting is only needed if `JWT_SIGNING_ALGORITHM` is set to `RS256`, `RS384`, `RS512`, `ES256`, `ES384` or `ES512`. The file must contain a RSA or ECDSA private key in the PKCS8 format. If no key exists a 4096 bit key will be created for you.
|
||||
- `MAX_TOKEN_LENGTH`: **32767**: Maximum length of token/cookie to accept from OAuth2 provider
|
||||
- `DEFAULT_APPLICATIONS`: **git-credential-oauth, git-credential-manager, tea**: Pre-register OAuth applications for some services on startup. See the [OAuth2 documentation](/development/oauth2-provider.md) for the list of available options.
|
||||
- `CUSTOM_SCHEMES`: **_empty_**: By default, OAuth2 applications can only use "http" and "https" as their redirect URI schemes.
|
||||
If you need to use other schemes (e.g. for desktop applications), you can specify them here as a comma-separated list.
|
||||
For example: set "my-scheme, com.example.app" to support "my-scheme://..." and "com.example.app://..." redirect URIs.
|
||||
|
||||
## i18n (`i18n`)
|
||||
|
||||
@@ -1258,6 +1355,8 @@ This section only does "set" config, a removed config key from this section won'
|
||||
|
||||
- `MERMAID_MAX_SOURCE_CHARACTERS`: **50000**: Set the maximum size of a Mermaid source. (Set to -1 to disable)
|
||||
|
||||
## Markup External Render (`markup.external-render-name`)
|
||||
|
||||
Gitea can support Markup using external tools. The example below will add a markup named `asciidoc`.
|
||||
|
||||
```ini
|
||||
@@ -1270,7 +1369,6 @@ IS_INPUT_FILE = false
|
||||
```
|
||||
|
||||
- ENABLED: **false** Enable markup support; set to **true** to enable this renderer.
|
||||
- NEED\_POSTPROCESS: **true** set to **true** to replace links / sha1 and etc.
|
||||
- FILE\_EXTENSIONS: **_empty_** List of file extensions that should be rendered by an external
|
||||
command. Multiple extensions needs a comma as splitter.
|
||||
- RENDER\_COMMAND: External command to render all matching extensions.
|
||||
@@ -1279,6 +1377,10 @@ IS_INPUT_FILE = false
|
||||
- sanitized: Sanitize the content and render it inside current page, default to only allow a few HTML tags and attributes. Customized sanitizer rules can be defined in `[markup.sanitizer.*]`.
|
||||
- no-sanitizer: Disable the sanitizer and render the content inside current page. It's **insecure** and may lead to XSS attack if the content contains malicious code.
|
||||
- iframe: Render the content in a separate standalone page and embed it into current page by iframe. The iframe is in sandbox mode with same-origin disabled, and the JS code are safely isolated from parent page.
|
||||
- RENDER_CONTENT_SANDBOX: **_empty_** The sandbox applied to the iframe and Content-Security-Policy header when RENDER_CONTENT_MODE is `iframe`. It defaults to a safe set of "allow-*" restrictions (space separated). You can also set it by your requirements or use "disabled" to disable the sandbox completely. When set it, make sure there is no security risk:
|
||||
- PDF-only content: generally safe to use "disabled", and it needs to be "disabled" because PDF only renders with no sandbox.
|
||||
- HTML content with JS: if the "RENDER_COMMAND" can guarantee there is no XSS, then it is safe, otherwise, you need to fine tune the "allow-*" restrictions.
|
||||
- NEED_POST_PROCESS: **false** Whether post-process the rendered HTML content, including: resolve relative links and image sources, recognizing issue/commit references, escaping invisible characters, mentioning users, rendering permlink code blocks, replacing emoji shorthands, etc. By default, this is true when RENDER_CONTENT_MODE is `sanitized`, otherwise false.
|
||||
|
||||
Two special environment variables are passed to the render command:
|
||||
|
||||
@@ -1369,6 +1471,7 @@ in this mapping or the filetype using heuristics.
|
||||
- `LIMIT_SIZE_RUBYGEMS`: **-1**: Maximum size of a RubyGems upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
|
||||
- `LIMIT_SIZE_SWIFT`: **-1**: Maximum size of a Swift upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
|
||||
- `LIMIT_SIZE_VAGRANT`: **-1**: Maximum size of a Vagrant upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
|
||||
- `LIMIT_SIZE_TERRAFORM_STATE``: **-1**: Maximum size of a Terraform state upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
|
||||
|
||||
## Mirror (`mirror`)
|
||||
|
||||
@@ -1392,7 +1495,7 @@ is `data/lfs` and the default of `MINIO_BASE_PATH` is `lfs/`.
|
||||
|
||||
- `PATH`: **./data/lfs**: Where to store LFS files, only available when `STORAGE_TYPE` is `local`. If not set it fall back to deprecated LFS_CONTENT_PATH value in [server] section.
|
||||
|
||||
For `STORAGE_TYPE = minio`, the configurations can be found at [Storage Minio](#storage_minio), you can also define configurations like below to override derived or default values.
|
||||
For `STORAGE_TYPE = minio`, the configurations can be found at `Storage Minio`, you can also define configurations like below to override derived or default values.
|
||||
|
||||
- `MINIO_BASE_PATH`: **attachments/**: Minio base path on the bucket only available when STORAGE_TYPE is `minio`
|
||||
|
||||
@@ -1543,7 +1646,7 @@ is `data/repo-archive` and the default of `MINIO_BASE_PATH` is `repo-archive/`.
|
||||
|
||||
- `PATH`: **./data/repo-archive**: Where to store archive files, only available when `STORAGE_TYPE` is `local`.
|
||||
|
||||
For `STORAGE_TYPE = minio`, the configurations can be found at [Storage Minio](#storage_minio), you can override some configurations like below.
|
||||
For `STORAGE_TYPE = minio`, the configurations can be found at `Storage Minio`, you can override some configurations like below.
|
||||
|
||||
- `MINIO_BASE_PATH`: **repo-archive/**: Minio base path on the bucket only available when `STORAGE_TYPE` is `minio`
|
||||
|
||||
@@ -1588,6 +1691,9 @@ PROXY_HOSTS = *.github.com
|
||||
- `ENDLESS_TASK_TIMEOUT`: **3h**: Timeout to stop the tasks which have running status and continuous updates, but don't end for a long time
|
||||
- `ABANDONED_JOB_TIMEOUT`: **24h**: Timeout to cancel the jobs which have waiting status, but haven't been picked by a runner for a long time
|
||||
- `SKIP_WORKFLOW_STRINGS`: **[skip ci],[ci skip],[no ci],[skip actions],[actions skip]**: Strings committers can place inside a commit message or PR title to skip executing the corresponding actions workflow
|
||||
- `WORKFLOW_DIRS`: **.gitea/workflows,.github/workflows**: Comma-separated list of workflow directories, the first one to exist in a repo is used to find Actions workflow files.
|
||||
- `SCOPED_WORKFLOW_DIRS`: **.gitea/scoped_workflows**: Comma-separated list of directories holding [scoped workflows](usage/actions/scoped-workflows.md) (workflows defined in a central source repository that run on other repositories). Must not overlap with `WORKFLOW_DIRS`. Leave empty so no directory is scanned for scoped workflows; none are found or run.
|
||||
- `MAX_RERUN_ATTEMPTS`: **50**: Maximum number of attempts a single workflow run can have (initial run + reruns). Defaults value is 50. Set any positive value that fits your workflow needs.
|
||||
|
||||
`DEFAULT_ACTIONS_URL` indicates where the Gitea Actions runners should find the actions with relative path.
|
||||
For example, `uses: actions/checkout@v4` means `https://github.com/actions/checkout@v4` since the value of `DEFAULT_ACTIONS_URL` is `github`.
|
||||
|
||||
@@ -9,7 +9,7 @@ aliases:
|
||||
# Customizing Gitea
|
||||
|
||||
Customizing Gitea is typically done using the `CustomPath` folder - by default this is
|
||||
the `custom` folder from the working directory (WorkPath), but may be different if your [installation](../installation/installation.md) has
|
||||
the `custom` folder from the working directory (WorkPath), but may be different if your [installation](../installation/from-binary.md) has
|
||||
set this differently. This is the central place to override configuration settings,
|
||||
templates, etc. You can check the `CustomPath` using `gitea help`. You can also find
|
||||
the path on the _Configuration_ tab in the _Site Administration_ page. You can override
|
||||
@@ -23,7 +23,7 @@ the Linux Filesystem Standard. Gitea will attempt to create required folders, in
|
||||
`custom/`. Distributions may provide a symlink for `custom` using `/etc/gitea/`.
|
||||
|
||||
Application settings can be found in file `CustomConf` which is by default,
|
||||
`$GITEA_CUSTOM/conf/app.ini` but may be different if your [installation](../installation/installation.md) has set this differently.
|
||||
`$GITEA_CUSTOM/conf/app.ini` but may be different if your [installation](../installation/from-binary.md) has set this differently.
|
||||
Again `gitea help` will allow you review this variable and you can override it using the
|
||||
`--config` option on the `gitea` binary.
|
||||
|
||||
@@ -180,9 +180,13 @@ In $GITEA_CUSTOM we need to add our template.
|
||||
This template needs to be saved in "$GITEA_CUSTOM/templates/custom/".
|
||||
Here create file "footer.tmpl" and add following text into it:
|
||||
|
||||
```
|
||||
nano $GITEA_CUSTOM/templates/custom/footer.tmpl
|
||||
```
|
||||
|
||||
```html
|
||||
<script>
|
||||
document.addEventListener('DOMContentLoaded', () => {
|
||||
function onPageChange() {
|
||||
// Supported 3D file types
|
||||
const fileTypes = ['3dm', '3ds', '3mf', 'amf', 'bim', 'brep', 'dae', 'fbx', 'fcstd', 'glb', 'gltf', 'ifc', 'igs', 'iges', 'stp', 'step', 'stl', 'obj', 'off', 'ply', 'wrl'];
|
||||
|
||||
@@ -193,47 +197,112 @@ Here create file "footer.tmpl" and add following text into it:
|
||||
return href.includes('/raw/') && fileTypes.some(ext => href.endsWith(`.${ext}`));
|
||||
});
|
||||
|
||||
if (link3D) {
|
||||
const script = document.createElement('script');
|
||||
script.onload = () => {
|
||||
const fileUrl = link3D.getAttribute('href');
|
||||
|
||||
// Prepare the container for the viewer
|
||||
const fileView = document.querySelector('.file-view');
|
||||
if (fileView) {
|
||||
fileView.setAttribute('id', 'view-3d');
|
||||
fileView.style.padding = '0';
|
||||
fileView.style.margin = '0';
|
||||
fileView.style.height = '400px';
|
||||
fileView.style.width = '100%';
|
||||
fileView.innerHTML = '';
|
||||
}
|
||||
|
||||
// Initialize viewer
|
||||
const parentDiv = document.getElementById('view-3d');
|
||||
if (parentDiv) {
|
||||
const viewer = new OV.EmbeddedViewer(parentDiv, {
|
||||
backgroundColor: new OV.RGBAColor(59, 68, 76, 0), // Transparent
|
||||
defaultColor: new OV.RGBColor(200, 200, 200),
|
||||
edgeSettings: new OV.EdgeSettings(false, new OV.RGBColor(0, 0, 0), 1),
|
||||
environmentSettings: new OV.EnvironmentSettings([
|
||||
'/assets/o3dv/envmaps/fishermans_bastion/negx.jpg',
|
||||
'/assets/o3dv/envmaps/fishermans_bastion/posx.jpg',
|
||||
'/assets/o3dv/envmaps/fishermans_bastion/posy.jpg',
|
||||
'/assets/o3dv/envmaps/fishermans_bastion/negy.jpg',
|
||||
'/assets/o3dv/envmaps/fishermans_bastion/posz.jpg',
|
||||
'/assets/o3dv/envmaps/fishermans_bastion/negz.jpg'
|
||||
], false)
|
||||
});
|
||||
|
||||
// Load the model
|
||||
viewer.LoadModelFromUrlList([fileUrl]);
|
||||
}
|
||||
};
|
||||
|
||||
script.src = '/assets/o3dv/o3dv.min.js';
|
||||
document.head.appendChild(script);
|
||||
if (link3D) {
|
||||
const existingScript = document.querySelector('script[src="/assets/o3dv/o3dv.min.js"]');
|
||||
|
||||
const initializeViewer = () => {
|
||||
const fileUrl = link3D.getAttribute('href');
|
||||
|
||||
const fileView = document.querySelector('.file-view');
|
||||
|
||||
if (!fileView) return;
|
||||
|
||||
// Remove only the old viewer container if it exists
|
||||
const oldView3D = document.getElementById('view-3d');
|
||||
if (oldView3D) {
|
||||
oldView3D.remove(); // safely remove old viewer container div
|
||||
} else {
|
||||
// No #view-3d, so remove all children inside .file-view
|
||||
while (fileView.firstChild) {
|
||||
fileView.removeChild(fileView.firstChild);
|
||||
}
|
||||
}
|
||||
|
||||
// Create a new container for the viewer
|
||||
const newView3D = document.createElement('div');
|
||||
newView3D.id = 'view-3d';
|
||||
newView3D.style.padding = '0';
|
||||
newView3D.style.margin = '0';
|
||||
newView3D.style.flexGrow = '1';
|
||||
newView3D.style.minHeight = '0';
|
||||
newView3D.style.width = '100%';
|
||||
|
||||
const header = document.querySelector('header');
|
||||
const headerHeight = header ? header.offsetHeight : 0;
|
||||
|
||||
newView3D.style.height = `calc(100vh - ${headerHeight}px)`;
|
||||
|
||||
// Append the new container inside fileView
|
||||
fileView.appendChild(newView3D);
|
||||
|
||||
const parentDiv = document.getElementById('view-3d');
|
||||
if (parentDiv) {
|
||||
const viewer = new OV.EmbeddedViewer(parentDiv, {
|
||||
backgroundColor: new OV.RGBAColor(59, 68, 76, 0),
|
||||
defaultColor: new OV.RGBColor(200, 200, 200),
|
||||
edgeSettings: new OV.EdgeSettings(false, new OV.RGBColor(0, 0, 0), 1),
|
||||
environmentSettings: new OV.EnvironmentSettings([
|
||||
'/assets/o3dv/envmaps/fishermans_bastion/negx.jpg',
|
||||
'/assets/o3dv/envmaps/fishermans_bastion/posx.jpg',
|
||||
'/assets/o3dv/envmaps/fishermans_bastion/posy.jpg',
|
||||
'/assets/o3dv/envmaps/fishermans_bastion/negy.jpg',
|
||||
'/assets/o3dv/envmaps/fishermans_bastion/posz.jpg',
|
||||
'/assets/o3dv/envmaps/fishermans_bastion/negz.jpg'
|
||||
], false)
|
||||
});
|
||||
|
||||
viewer.LoadModelFromUrlList([fileUrl]);
|
||||
}
|
||||
};
|
||||
|
||||
if (typeof OV === 'undefined') {
|
||||
if (!existingScript) {
|
||||
const script = document.createElement('script');
|
||||
script.onload = initializeViewer;
|
||||
script.src = '/assets/o3dv/o3dv.min.js';
|
||||
document.head.appendChild(script);
|
||||
} else {
|
||||
// Script is loading but OV not yet ready — wait for it
|
||||
existingScript.addEventListener('load', initializeViewer);
|
||||
}
|
||||
} else {
|
||||
// OV already loaded
|
||||
initializeViewer();
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
// Run when the page is fully loaded
|
||||
document.addEventListener('DOMContentLoaded', onPageChange);
|
||||
|
||||
const targetSelector = 'a.ui.mini.basic.button[href*="/raw/"]';
|
||||
let lastHref = null;
|
||||
let timeoutId = null;
|
||||
|
||||
const checkAndRun = () => {
|
||||
const rawLink = document.querySelector(targetSelector);
|
||||
if (!rawLink) return;
|
||||
|
||||
const currentHref = rawLink.getAttribute('href');
|
||||
if (currentHref !== lastHref) {
|
||||
lastHref = currentHref;
|
||||
|
||||
const fileName = currentHref.split('/').pop();
|
||||
console.log('New Raw file link detected after delay:', fileName);
|
||||
|
||||
onPageChange();
|
||||
}
|
||||
};
|
||||
|
||||
const observer = new MutationObserver(() => {
|
||||
// Delay execution by 300ms after last mutation
|
||||
clearTimeout(timeoutId);
|
||||
timeoutId = setTimeout(checkAndRun, 300);
|
||||
});
|
||||
|
||||
observer.observe(document.body, {
|
||||
childList: true,
|
||||
subtree: true,
|
||||
});
|
||||
</script>
|
||||
```
|
||||
@@ -248,11 +317,17 @@ mkdir o3dv
|
||||
cd o3dv
|
||||
```
|
||||
|
||||
Copy latest release zip link from [`GitHub`](https://github.com/kovacsv/Online3DViewer/releases) (v0.15.0 as of now).
|
||||
Here use e.g. wget to download the file:
|
||||
Copy latest release zip link from [`GitHub`](https://github.com/kovacsv/Online3DViewer/releases) (v0.18.0 as of now).
|
||||
Here use e.g. wget or curl to download the file:
|
||||
|
||||
```
|
||||
wget https://github.com/kovacsv/Online3DViewer/releases/download/0.15.0/o3dv.zip
|
||||
wget https://github.com/kovacsv/Online3DViewer/releases/download/0.18.0/o3dv.zip
|
||||
```
|
||||
|
||||
or
|
||||
|
||||
```
|
||||
curl -L -O https://github.com/kovacsv/Online3DViewer/releases/download/0.18.0/o3dv.zip
|
||||
```
|
||||
|
||||
Use e.g. unzip to unzip the archive:
|
||||
@@ -262,20 +337,14 @@ unzip o3dv.zip
|
||||
|
||||
#### Part 3: Folder permissions
|
||||
|
||||
Now the last thing. Change permissions on the "footer.tmpl":
|
||||
```
|
||||
chown git:git $GITEA_CUSTOM/templates/custom/footer.tmpl
|
||||
chmod 770 $GITEA_CUSTOM/templates/custom/footer.tmpl
|
||||
```
|
||||
|
||||
And on the public folder:
|
||||
Now the last thing. Change permissions on the public folder:
|
||||
```
|
||||
chown -R git:git $GITEA_CUSTOM/public
|
||||
```
|
||||
|
||||
Now we have everything ready! Restart your gitea instance to apply these changes and test it in your browser.
|
||||
|
||||
You should end-up with a folder structure similar to this:
|
||||
Sanity check. You should end-up with a folder structure similar to this:
|
||||
|
||||
```
|
||||
$GITEA_CUSTOM/templates
|
||||
@@ -284,7 +353,7 @@ $GITEA_CUSTOM/templates
|
||||
|
||||
$GITEA_CUSTOM/public/assets/
|
||||
-- o3dv
|
||||
|-- o3dv_0.15.0.zip
|
||||
|-- o3dv.zip
|
||||
|-- o3dv.license.md
|
||||
|-- o3dv.min.js
|
||||
|-- envmaps
|
||||
@@ -325,15 +394,16 @@ Starting with Gitea 1.20, you can customize the git configuration via the `git.c
|
||||
|
||||
### Enabling signed git pushes
|
||||
|
||||
To enable signed git pushes, set these two options:
|
||||
[Signed pushes](https://git-scm.com/docs/git-push#Documentation/git-push.txt---signedtruefalseif-asked) allow clients to cryptographically sign the push operation itself (not just individual commits). To enable signed pushes, add the following to `app.ini`:
|
||||
|
||||
```ini
|
||||
[git.config]
|
||||
receive.advertisePushOptions = true
|
||||
receive.certNonceSeed = <randomstring>
|
||||
```
|
||||
|
||||
`certNonceSeed` should be set to a random string and be kept secret.
|
||||
`certNonceSeed` should be set to a random string and be kept secret. It is used to generate anti-replay nonces. Gitea already sets `receive.advertisePushOptions = true` by default, so no additional configuration is needed. Note that Gitea does not read `/etc/gitconfig`, so this option must be set via `app.ini` as shown above.
|
||||
|
||||
On the client side, pushes can be signed via `git push --signed` or enabled permanently using `git config --global push.gpgSign if-asked`.
|
||||
|
||||
### Labels
|
||||
|
||||
@@ -351,7 +421,7 @@ The [legacy file format](https://github.com/go-gitea/gitea/blob/main/options/lab
|
||||
|
||||
`#hex-color label name ; label description`
|
||||
|
||||
For more information, see the [labels documentation](usage/labels.md).
|
||||
For more information, see the [labels documentation](../usage/issues-prs/labels.md).
|
||||
|
||||
### Licenses
|
||||
|
||||
|
||||
@@ -10,6 +10,10 @@ aliases:
|
||||
|
||||
Gitea has mailer functionality for sending transactional emails (such as registration confirmation). It can be configured to either use Sendmail (or compatible MTAs like Postfix and msmtp) or directly use SMTP server.
|
||||
|
||||
:::note
|
||||
Be sure to set ENABLE_NOTIFY_MAIL=true to allow Gitea to send email notifications. Check the [Config Cheat Sheet](../administration/config-cheat-sheet.md#service-service) for details.
|
||||
:::
|
||||
|
||||
## Using Sendmail
|
||||
|
||||
Use `sendmail` command as mailer.
|
||||
@@ -41,7 +45,7 @@ ENABLED = true
|
||||
FROM = gitea@mydomain.com
|
||||
PROTOCOL = smtps
|
||||
SMTP_ADDR = mail.mydomain.com
|
||||
SMTP_PORT = 587
|
||||
SMTP_PORT = 465
|
||||
USER = gitea@mydomain.com
|
||||
PASSWD = `password`
|
||||
```
|
||||
@@ -56,7 +60,7 @@ For the full list of options check the [Config Cheat Sheet](../administration/co
|
||||
Authentication is only supported when the SMTP server communication is encrypted with TLS or `HOST=localhost`. TLS encryption can be through:
|
||||
:::
|
||||
|
||||
- STARTTLS (also known as Opportunistic TLS) via port 587. Initial connection is done over cleartext, but then be upgraded over TLS if the server supports it.
|
||||
- STARTTLS (also known as Opportunistic TLS) via port 587 with `PROTOCOL=smtp+starttls`. Initial connection is done over cleartext, but then be upgraded over TLS if the server supports it.
|
||||
- SMTPS connection (SMTP over TLS) via the default port 465. Connection to the server use TLS from the beginning.
|
||||
- Forced SMTPS connection with `PROTOCOL=smtps`. (These are both known as Implicit TLS.)
|
||||
This is due to protections imposed by the Go internal libraries against STRIPTLS attacks.
|
||||
|
||||
@@ -257,7 +257,6 @@ the messages. Here's a list of some of them:
|
||||
| `AppDomain` | - | Any | Gitea's host name |
|
||||
| `EllipsisString` | string, int | Any | Truncates a string to the specified length; adds ellipsis as needed |
|
||||
| `SanitizeHTML` | string | Body only | Sanitizes text by removing any dangerous HTML tags from it |
|
||||
| `SafeHTML` | string | Body only | Takes the input as HTML, can be used for outputing raw HTML content |
|
||||
|
||||
These are _functions_, not metadata, so they have to be used:
|
||||
|
||||
|
||||
@@ -13,7 +13,8 @@ aliases:
|
||||
1. Set `[server] ROOT_URL = https://git.example.com/` in your `app.ini` file.
|
||||
2. Make the reverse-proxy pass `https://git.example.com/foo` to `http://gitea:3000/foo`.
|
||||
3. Make sure the reverse-proxy does not decode the URI. The request `https://git.example.com/a%2Fb` should be passed as `http://gitea:3000/a%2Fb`.
|
||||
4. Make sure `Host` and `X-Fowarded-Proto` headers are correctly passed to Gitea to make Gitea see the real URL being visited.
|
||||
4. Make sure `Host` and `X-Forwarded-Proto` headers are correctly passed to Gitea to make Gitea see the real URL being visited.
|
||||
5. Make sure your webserver has a certificate, including all intermediate and RootCA certificates, for `git clone` and `git pull` to work.
|
||||
|
||||
### Use a sub-path
|
||||
|
||||
@@ -149,6 +150,20 @@ server {
|
||||
}
|
||||
```
|
||||
|
||||
## Nginx Proxy Manager
|
||||
|
||||
If you are using Nginx Proxy Manager to serve your Gitea instance it differs slighly from the raw Nginx.
|
||||
|
||||
It is [adding some directives](https://github.com/NginxProxyManager/nginx-proxy-manager/blob/master/docker/rootfs/etc/nginx/conf.d/include/proxy.conf) for a custom location by default, so you have to skip these from the above mentioned Nginx config. Otherwise Nginx will produce `400 bad request` error due to duplicated directives (`proxy_set_header Host $host` is the particularly problematic one).
|
||||
|
||||
So while creating the `/` Custom location, just add the following lines to it's configuration:
|
||||
|
||||
```nginx
|
||||
client_max_body_size 512M;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
```
|
||||
|
||||
## Apache HTTPD
|
||||
|
||||
If you want Apache HTTPD to serve your Gitea instance, you can add the following to your Apache HTTPD configuration (usually located at `/etc/apache2/httpd.conf` in Ubuntu):
|
||||
@@ -195,6 +210,50 @@ Then you **MUST** set something like `[server] ROOT_URL = http://git.example.com
|
||||
The following Apache HTTPD mods must be enabled: `proxy`, `proxy_http`.
|
||||
:::
|
||||
|
||||
## Apache HTTPD and serve static resources directly
|
||||
|
||||
We can tune the performance in splitting requests into categories static and dynamic.
|
||||
|
||||
CSS files, JavaScript files, images and web fonts are static content.
|
||||
The front page, a repository view or issue list is dynamic content.
|
||||
|
||||
Apache HTTPD can serve static resources directly and proxy only the dynamic requests to Gitea.
|
||||
|
||||
Download a snapshot of the Gitea source repository to `/path/to/gitea/`.
|
||||
After this, run `make frontend` in the repository directory to generate the static resources. We are only interested in the `public/` directory for this task, so you can delete the rest.
|
||||
(You will need to have [Node with npm](https://nodejs.org/en/download/) and `make` installed to generate the static resources)
|
||||
|
||||
Depending on the scale of your user base, you might want to split the traffic to two distinct servers,
|
||||
or use a cdn for the static files.
|
||||
|
||||
### Single node and single domain
|
||||
|
||||
Set `[server] STATIC_URL_PREFIX = /_/static` in your configuration.
|
||||
|
||||
```apacheconf
|
||||
<VirtualHost *:80>
|
||||
...
|
||||
<Proxy *>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</Proxy>
|
||||
|
||||
ProxyPass /_/static/ !
|
||||
Alias /_/static/ /path/to/gitea/public/
|
||||
<Directory /path/to/gitea/public/>
|
||||
Options FollowSymlinks
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
AllowEncodedSlashes NoDecode
|
||||
# Note: no trailing slash after either /git or port
|
||||
ProxyPass / http://localhost:3000/ nocanon
|
||||
ProxyPreserveHost On
|
||||
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
|
||||
</VirtualHost>
|
||||
```
|
||||
|
||||
## Caddy
|
||||
|
||||
If you want Caddy to serve your Gitea instance, you can add the following server block to your Caddyfile:
|
||||
|
||||
@@ -6,12 +6,14 @@ aliases:
|
||||
- /en-us/signing
|
||||
---
|
||||
|
||||
# GPG Commit Signatures
|
||||
# GPG/SSH Commit Signatures
|
||||
|
||||
Gitea will verify GPG commit signatures in the provided tree by
|
||||
Gitea will verify gpg/ssh commit signatures in the provided tree by
|
||||
checking if the commits are signed by a key within the Gitea database,
|
||||
or if the commit matches the default key for Git.
|
||||
|
||||
Additionally Gitea will verify commits signed by ssh keys, which public keys are part of [`TRUSTED_SSH_KEYS`](#general-configuration).
|
||||
|
||||
Keys are not checked to determine if they have expired or revoked.
|
||||
Keys are also not checked with keyservers.
|
||||
|
||||
@@ -46,6 +48,11 @@ for GPG - in particular it is probably advisable to only install a
|
||||
signing secret subkey without the master signing and certifying secret
|
||||
key.
|
||||
|
||||
## Installing and generating a SSH key for Gitea
|
||||
|
||||
You can run `ssh-keygen -t ed25519 -f gitea-signing-key` to generate the private/public keypair for commit signing without any password. Usually you would store the key next to the gitea configuration, then point `SIGNING_KEY` to the generated public key `/path/to/gitea-signing-key.pub`. Gitea generates all its commits using the server `git` command at present - and therefore the server `ssh-keygen` will be used for
|
||||
signing (if configured.)
|
||||
|
||||
## General Configuration
|
||||
|
||||
Gitea's configuration for signing can be found with the
|
||||
@@ -65,16 +72,41 @@ MERGES = pubkey, twofa, basesigned, commitssigned
|
||||
...
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
For SSH commit signing, you need to specify the `SIGNING_FORMAT` to `ssh` instead of the default `openpgp`. `SIGNING_NAME` and `SIGNING_EMAIL` are required for verifing the signatures.
|
||||
|
||||
This looks like this:
|
||||
|
||||
```ini
|
||||
...
|
||||
[repository.signing]
|
||||
SIGNING_KEY = /path/to/gitea-signing-key.pub
|
||||
SIGNING_NAME =
|
||||
SIGNING_EMAIL =
|
||||
SIGNING_FORMAT = ssh
|
||||
INITIAL_COMMIT = always
|
||||
CRUD_ACTIONS = pubkey, twofa, parentsigned
|
||||
WIKI = never
|
||||
MERGES = pubkey, twofa, basesigned, commitssigned
|
||||
...
|
||||
```
|
||||
|
||||
- `/path/to/gitea-signing-key` is expected to be the private key for `/path/to/gitea-signing-key.pub` [see here how to generate a new ssh keypair](#installing-and-generating-a-ssh-key-for-gitea).
|
||||
- `TRUSTED_SSH_KEYS = ssh-<algorithm> <key>` or `TRUSTED_SSH_KEYS = ssh-<algorithm> <key1>, ssh-<algorithm> <key2>` can be used for rotating the global ssh signing key to continue verifying commits signed by the previous keys.
|
||||
|
||||
### `SIGNING_KEY`
|
||||
|
||||
The first option to discuss is the `SIGNING_KEY`. There are three main
|
||||
options:
|
||||
|
||||
- `none` - this prevents Gitea from signing any commits
|
||||
- `default` - Gitea will default to the key configured within `git config`
|
||||
- `default` - Gitea will default to the gpg key configured within `git config`
|
||||
- `KEYID` - Gitea will sign commits with the gpg key with the ID
|
||||
`KEYID`. In this case you should provide a `SIGNING_NAME` and
|
||||
`SIGNING_EMAIL` to be displayed for this key.
|
||||
- `/path/to/gitea-signing-key.pub` - Gitea will sign commits with the ssh key without the `.pub` suffix `/path/to/gitea-signing-key`. In this case you should provide a `SIGNING_NAME` and
|
||||
`SIGNING_EMAIL` to be displayed for this key and set `SIGNING_FORMAT` to `ssh`.
|
||||
|
||||
The `default` option will interrogate `git config` for
|
||||
`commit.gpgsign` option - if this is set, then it will use the results
|
||||
@@ -97,6 +129,10 @@ Related home files for git command (like `.gnupg`) should also be put in Gitea's
|
||||
If you like to keep the `.gnupg` directory outside of `{[git].HOME_PATH}/`, consider setting the `$GNUPGHOME` environment variable to your preferred location, otherwise Gitea will use the gpg keys only under `{[git].HOME_PATH}/.gnupg`.
|
||||
:::
|
||||
|
||||
:::warning
|
||||
The default option and repository specific signing keys are not supported for ssh keys
|
||||
:::
|
||||
|
||||
### `INITIAL_COMMIT`
|
||||
|
||||
This option determines whether Gitea should sign the initial commit
|
||||
@@ -168,3 +204,9 @@ In cases where there is a repository specific key this can be obtained from:
|
||||
```sh
|
||||
/api/v1/repos/:username/:reponame/signing-key.gpg
|
||||
```
|
||||
|
||||
For ssh commit signing the default ssh public key can be obtained via the API at:
|
||||
|
||||
```sh
|
||||
/api/v1/signing-key.pub
|
||||
```
|
||||
|
||||
9
docs/contributing/_category_.json
Normal file
9
docs/contributing/_category_.json
Normal file
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"label": "Contributing",
|
||||
"position": 35,
|
||||
"link": {
|
||||
"type": "generated-index",
|
||||
"slug": "/contributing",
|
||||
"title": "Contributing"
|
||||
}
|
||||
}
|
||||
76
docs/contributing/contributing.md
Normal file
76
docs/contributing/contributing.md
Normal file
@@ -0,0 +1,76 @@
|
||||
---
|
||||
slug: "contributing"
|
||||
sidebar_position: 1
|
||||
---
|
||||
|
||||
# Contributing to Gitea
|
||||
|
||||
Thank you for your interest in contributing to Gitea! This guide will help you understand how to contribute to the project effectively.
|
||||
|
||||
## Getting Started
|
||||
|
||||
Before you start contributing, please read our [Hacking on Gitea](../development/hacking-on-gitea) guide to set up your development environment.
|
||||
|
||||
## Contribution Guidelines
|
||||
|
||||
We have specific guidelines for different types of contributions:
|
||||
|
||||
### Backend Development
|
||||
|
||||
If you're working on backend code (Go), please follow our [Guidelines for Backend Development](./guidelines-backend). This includes:
|
||||
|
||||
- Package design and dependencies
|
||||
- Database operations and migrations
|
||||
- Testing strategies
|
||||
- Code organization
|
||||
|
||||
### Frontend Development
|
||||
|
||||
For frontend contributions (JavaScript, CSS, Vue), refer to our [Guidelines for Frontend Development](./guidelines-frontend). This covers:
|
||||
|
||||
- Framework usage (Vue3, Fomantic-UI)
|
||||
- Code style and best practices
|
||||
- Accessibility requirements
|
||||
- TypeScript usage
|
||||
|
||||
### Refactoring
|
||||
|
||||
When refactoring existing code, follow our [Guidelines for Refactoring](./guidelines-refactoring) to ensure:
|
||||
|
||||
- Clear refactoring objectives
|
||||
- Proper review process
|
||||
- Maintaining backward compatibility
|
||||
- Incremental improvements
|
||||
|
||||
### Localization
|
||||
|
||||
To contribute translations or localization improvements, see our [Localization Guide](./localization) which explains:
|
||||
|
||||
- How to contribute translations via Crowdin
|
||||
- Supported languages
|
||||
- Translation workflow
|
||||
|
||||
## Code of Conduct
|
||||
|
||||
Please be respectful and constructive in all interactions with the community. We are committed to providing a welcoming and inclusive environment for all contributors.
|
||||
|
||||
## Getting Help
|
||||
|
||||
If you need help with your contribution:
|
||||
|
||||
- Join our [Discord](https://discord.gg/gitea) #Develop channel
|
||||
- Visit our [Forum](https://forum.gitea.com/)
|
||||
- Check existing [GitHub Issues](https://github.com/go-gitea/gitea/issues)
|
||||
|
||||
## Submitting Your Contribution
|
||||
|
||||
1. Fork the repository
|
||||
2. Create a feature branch
|
||||
3. Make your changes following the relevant guidelines
|
||||
4. Write tests for your changes
|
||||
5. Ensure all tests pass
|
||||
6. Submit a pull request
|
||||
|
||||
For more details, see our [CONTRIBUTING.md](https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md) in the main repository.
|
||||
|
||||
Thank you for helping make Gitea better!
|
||||
9
docs/development/_category_.json
Normal file
9
docs/development/_category_.json
Normal file
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"label": "Development",
|
||||
"position": 40,
|
||||
"link": {
|
||||
"type": "generated-index",
|
||||
"slug": "/development",
|
||||
"title": "Development"
|
||||
}
|
||||
}
|
||||
@@ -20,14 +20,33 @@ Gitea supports these methods of API authentication:
|
||||
- `token=...` parameter in URL query string
|
||||
- `access_token=...` parameter in URL query string
|
||||
- `Authorization: token ...` header in HTTP headers
|
||||
- HTTP signatures using an SSH public key or SSH certificate
|
||||
|
||||
All of these methods accept the same API key token type. You can
|
||||
better understand this by looking at the code -- as of this writing,
|
||||
Gitea parses queries and headers to find the token in
|
||||
[modules/auth/auth.go](https://github.com/go-gitea/gitea/blob/6efdcaed86565c91a3dc77631372a9cc45a58e89/modules/auth/auth.go#L47).
|
||||
|
||||
Gitea can also authenticate API requests using an SSH key or SSH certificate via
|
||||
HTTP signatures. The SSH public key (or certificate) must be registered to the
|
||||
user account in Gitea, and the client signs requests with the corresponding
|
||||
private key. The client signs requests using the SSH private key following the
|
||||
[draft-cavage-http-signatures](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures)
|
||||
specification (not RFC 9421). The signature is sent in the `Signature` header,
|
||||
and SSH certificates additionally include an `x-ssh-certificate` header. The
|
||||
official [go-sdk](https://gitea.com/gitea/go-sdk) implements this flow if you
|
||||
need a reference implementation.
|
||||
|
||||
## Generating and listing API tokens
|
||||
|
||||
API tokens can be created either in the user interface or via the API. Tokens have by default limited permissions and it is important to create tokens with the correct permissions for your task.
|
||||
### User Interface
|
||||
Tokens can be created via the `Manage Access Tokens` dialog, accessed via `User Settings` / `Applications` or via the link `gitea-domain.example/user/settings/applications`. The interface allows you to create tokens and manage their permissions via the `Select permissions` sub-menu.
|
||||
|
||||
Once created, the token is displayed in a toast message above the `Manage Access Tokens` dialog. Please note, that you can view this toast only once and it is not possible to redisplay the token for security reasons.
|
||||
|
||||
### Token API
|
||||
|
||||
A new token can be generated with a `POST` request to
|
||||
`/users/:name/tokens`.
|
||||
|
||||
@@ -35,7 +54,8 @@ Note that `/users/:name/tokens` is a special endpoint and requires you
|
||||
to authenticate using `BasicAuth` and a password, as follows:
|
||||
|
||||
```sh
|
||||
$ curl -H "Content-Type: application/json" -d '{"name":test_token","scopes":["read:activitypub","read:issue", "write:misc", "read:notification", "read:organization", "read:package", "read:repository", "read:user"]}'
|
||||
$ curl -H "Content-Type: application/json" \
|
||||
-d '{"name":"test_token","scopes":["read:activitypub","read:issue", "write:misc", "read:notification", "read:organization", "read:package", "read:repository", "read:user"]}' \
|
||||
-u 'username:password' "https://gitea.your.host/api/v1/users/{username}/tokens"
|
||||
{"id":1,"name":"test_token","sha1":"9fcb1158165773dd010fca5f0cf7174316c3e37d","token_last_eight":"16c3e37d"}
|
||||
```
|
||||
@@ -49,6 +69,25 @@ $ curl --url https://yourusername:password@gitea.your.host/api/v1/users/<usernam
|
||||
[{"name":"test","sha1":"","token_last_eight:"........":},{"name":"dev","sha1":"","token_last_eight":"........"}]
|
||||
```
|
||||
|
||||
By default, this creates a token with very limited permissions. To complete your tasks, your token may require extra permissions. These permissions are created via the json variable `scopes`, which takes an array of permissions as strings. Eg.: `"scopes":["all"]`. Possible permissions, as reflected in the user interface are:
|
||||
|
||||
- `activitypub`
|
||||
- `admin`
|
||||
- `issue`
|
||||
- `misc`
|
||||
- `notification`
|
||||
- `organization`
|
||||
- `package`
|
||||
- `repository`
|
||||
- `user`
|
||||
|
||||
Each permission may be set to `read` or `write`. `write` implies both Read & Write. To set permissions you write the permissions string as `<read or write>:<permission name>`, eg.: `write:package` or `read:notification`. A properly formatted API call may look like:
|
||||
|
||||
```sh
|
||||
$ curl -H "Content-Type: application/json" -d '{"name":"test", "scopes":["write:package", "read:notification"]}' -u username:password https://gitea.your.host/api/v1/users/<username>/tokens
|
||||
```
|
||||
Special permissions `all` may be specified as `"scopes":["all"]`, which sets all permissions to both Read & Write.
|
||||
|
||||
To use the API with basic authentication with two factor authentication
|
||||
enabled, you'll need to send an additional header that contains the one
|
||||
time password (6 digitrotating token).
|
||||
|
||||
@@ -174,7 +174,7 @@ server as mentioned above.
|
||||
|
||||
### Working on JS and CSS
|
||||
|
||||
Frontend development should follow [Guidelines for Frontend Development](contributing/guidelines-frontend.md)
|
||||
Frontend development should follow [Guidelines for Frontend Development](../contributing/guidelines-frontend.md)
|
||||
|
||||
To build with frontend resources, either use the `watch-frontend` target mentioned above or just build once:
|
||||
|
||||
|
||||
@@ -58,7 +58,7 @@ By default, if the third party sets the scopes to `openid`, `email`, `profile`,
|
||||
|
||||
## Granular Scopes
|
||||
|
||||
As of version v1.23, Gitea supports granular scopes, allowing third parties to request more limited access. These scopes, previously available only for [Personal Access Tokens](#scopes), enable users to restrict access to specific URL routes.
|
||||
As of version v1.23, Gitea supports granular scopes, allowing third parties to request more limited access. These scopes, previously available only for [Personal Access Tokens](api-usage), enable users to restrict access to specific URL routes.
|
||||
|
||||
Scopes are grouped by high-level API routes and further refined as follows:
|
||||
|
||||
@@ -206,7 +206,7 @@ This example does not use PKCE.
|
||||
|
||||
The `REDIRECT_URI` in the `access_token` request must match the `REDIRECT_URI` in the `authorize` request.
|
||||
|
||||
3. Use the `access_token` to make [API requests](development/api-usage.md#oauth2-provider) to access the user's resources.
|
||||
3. Use the `access_token` to make [API requests](api-usage) to access the user's resources.
|
||||
|
||||
### Public client (PKCE)
|
||||
|
||||
@@ -268,4 +268,4 @@ After you have generated this values, you can continue with your request.
|
||||
|
||||
The `REDIRECT_URI` in the `access_token` request must match the `REDIRECT_URI` in the `authorize` request.
|
||||
|
||||
3. Use the `access_token` to make [API requests](development/api-usage.md#oauth2-provider) to access the user's resources.
|
||||
3. Use the `access_token` to make [API requests](api-usage) to access the user's resources.
|
||||
|
||||
9
docs/help/_category_.json
Normal file
9
docs/help/_category_.json
Normal file
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"label": "Help",
|
||||
"position": 5,
|
||||
"link": {
|
||||
"type": "generated-index",
|
||||
"slug": "/help",
|
||||
"title": "Help"
|
||||
}
|
||||
}
|
||||
@@ -33,7 +33,7 @@ then the config file (app.ini) should exists in the "custom/conf" directory of y
|
||||
Some package vendors might use "/etc/gitea" to store the config file, while some others don't.
|
||||
|
||||
You could manually find the config file (app.ini) by checking Gitea's startup logs
|
||||
or reading the Gitea Web's Site Administrator -> Confugiraton Summary.
|
||||
or reading the Gitea Web's Site Administrator -> Configuration Summary.
|
||||
|
||||
If you are using some isolated enviroments like container (docker),
|
||||
the path you see usually is not what it is in the host's filesystem.
|
||||
|
||||
@@ -13,7 +13,7 @@ Gitea was originally forked from [Gogs](https://gogs.io) and almost all the code
|
||||
|
||||
:::warning
|
||||
|
||||
Gitea does not sent or cherry-picked commits from upstream, so there is no guarantee it will work if you upgrade from Gogs to Gitea. The recommended method is to migrate repositories from Gogs to Gitea.
|
||||
Gitea does not send commits to upstream or cherry-pick commits from it, so there is no guarantee it will work if you upgrade from Gogs to Gitea. The recommended method is to migrate repositories from Gogs to Gitea.
|
||||
|
||||
:::
|
||||
|
||||
@@ -31,11 +31,11 @@ You can try it out using [the online demo](https://demo.gitea.com).
|
||||
|
||||
- **Code Hosting**
|
||||
|
||||
Gitea supports creating and managing repositories, browsing commit history and code files, reviewing and merging code submissions, managing collaborators, handling branches, and more. It also supports many common Git features such as tags, Cherry-pick, hooks, integrated collaboration tools, and more.
|
||||
Gitea supports creating and managing repositories, browsing commit history and code files, reviewing and merging code submissions, managing collaborators, handling branches, and more. It also supports many common Git features such as tags, cherry-picking, hooks, integrated collaboration tools, and more.
|
||||
|
||||
- **Lightweight and Fast**
|
||||
|
||||
One of Gitea's design goals is to be lightweight and fast in response. Unlike some large code hosting platforms, it remains lean, performs well in terms of speed, and is suitable for resource-limited server environments. Due to its lightweight design, Gitea has relatively low resource consumption and performs well in resource-constrained environments.
|
||||
One of Gitea's design goals is to be lightweight and fast in response. Unlike some large code hosting platforms, it remains lean, performs well in terms of speed, and is suitable for resource-limited server environments.
|
||||
|
||||
- **Easy Deployment and Maintenance**
|
||||
|
||||
@@ -105,6 +105,6 @@ For more detailed information, please refer to: https://docs.gitea.com/installat
|
||||
- [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3)
|
||||
- [github.com/denisenkom/go-mssqldb](https://github.com/denisenkom/go-mssqldb)
|
||||
|
||||
## Integrated support
|
||||
## Integrated Support
|
||||
|
||||
Please visit [Awesome Gitea](https://gitea.com/gitea/awesome-gitea/) to get more third-party integrated support
|
||||
|
||||
9
docs/installation/_category_.json
Normal file
9
docs/installation/_category_.json
Normal file
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"label": "Installation",
|
||||
"position": 10,
|
||||
"link": {
|
||||
"type": "generated-index",
|
||||
"slug": "/installation",
|
||||
"title": "Installation"
|
||||
}
|
||||
}
|
||||
@@ -40,19 +40,37 @@ chmod +x gitea
|
||||
|
||||
Note that the above command will download Gitea @version@ for 64-bit Linux.
|
||||
|
||||
## Verify GPG signature
|
||||
## Verify signature
|
||||
|
||||
### Sigstore
|
||||
|
||||
Starting with v1.27 Gitea signs all binaries using [sigstore](https://sigstore.dev/) to prevent against unwanted modification of binaries.
|
||||
To validate the binary, download the bundle file which ends in `sigstore.json` for the binary you downloaded and use the [cosign](https://docs.sigstore.dev/cosign/system_config/installation/) command line tool.
|
||||
|
||||
```sh
|
||||
cosign verify-blob gitea-@version@-linux-amd64 --bundle gitea-@version@-linux-amd64.sigstore.json --certificate-oidc-issuer=https://token.actions.githubusercontent.com --certificate-identity-regexp="https://github.com/go-gitea/gitea/.github/workflows/release-.*"
|
||||
```
|
||||
|
||||
If the command outputs `Verified OK`, binary was not modified.
|
||||
|
||||
:::note
|
||||
The above command will match any release workflow. You may choose to restrict the identity further by requiring a specific branch or workflow to be matched. For example this url will match only nightly builds made on main branch: `https://github.com/go-gitea/gitea/.github/workflows/release-nightly.yml@refs/heads/main`
|
||||
:::
|
||||
|
||||
### GPG
|
||||
|
||||
Gitea signs all binaries with a [GPG key](https://keys.openpgp.org/search?q=teabot%40gitea.io) to prevent against unwanted modification of binaries.
|
||||
To validate the binary, download the signature file which ends in `.asc` for the binary you downloaded and use the GPG command line tool.
|
||||
|
||||
```sh
|
||||
gpg --keyserver keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
|
||||
gpg --keyserver hkps://keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
|
||||
gpg --verify gitea-@version@-linux-amd64.asc gitea-@version@-linux-amd64
|
||||
```
|
||||
|
||||
Look for the text `Good signature from "Teabot <teabot@gitea.io>"` to assert a good binary,
|
||||
despite warnings like `This key is not certified with a trusted signature!`.
|
||||
|
||||
|
||||
## Recommended server configuration
|
||||
|
||||
:::note
|
||||
@@ -139,15 +157,15 @@ export GITEA_WORK_DIR=/var/lib/gitea/
|
||||
cp gitea /usr/local/bin/gitea
|
||||
```
|
||||
|
||||
### Adding bash/zsh autocompletion (from 1.19)
|
||||
|
||||
A script to enable bash-completion can be found at [`contrib/autocompletion/bash_autocomplete`](https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/autocompletion/bash_autocomplete). This can be copied to `/usr/share/bash-completion/completions/gitea`
|
||||
or sourced within your `.bashrc`.
|
||||
### Adding shell autocompletion (from 1.25)
|
||||
|
||||
Similarly a script for zsh-completion can be found at [`contrib/autocompletion/zsh_autocomplete`](https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/autocompletion/zsh_autocomplete). This can be copied to `/usr/share/zsh/_gitea` or sourced within your
|
||||
`.zshrc`.
|
||||
Shell completion can be generated directly from binary with:
|
||||
```sh
|
||||
gitea completion <shell>
|
||||
```
|
||||
|
||||
YMMV and these scripts may need further improvement.
|
||||
Supported values for `<shell>` are `bash`, `fish`, `pwsh` and `zsh`. Details on how to load the completion for your shell can be found in the completion command help.
|
||||
|
||||
## Running Gitea
|
||||
|
||||
@@ -214,9 +232,7 @@ As of v1.8, there is a problem with the arm7 version of Gitea, and it doesn't ru
|
||||
|
||||
It is recommended to switch to the arm6 version, which has been tested and shown to work on Raspberry Pis and similar devices.
|
||||
|
||||
<!---
|
||||
please remove after fixing the arm7 bug
|
||||
--->
|
||||
{/* please remove after fixing the arm7 bug */}
|
||||
### Git error after updating to a new version of Gitea
|
||||
|
||||
If during the update, the binary file name has been changed to a new version of Gitea,
|
||||
|
||||
@@ -178,15 +178,14 @@ LDFLAGS="-linkmode external -extldflags '-static' $LDFLAGS" TAGS="netgo osusergo
|
||||
|
||||
This can be combined with `CC`, `GOOS`, and `GOARCH` as above.
|
||||
|
||||
### Adding bash/zsh autocompletion (from 1.19)
|
||||
### Adding shell autocompletion (from 1.25)
|
||||
|
||||
A script to enable bash-completion can be found at [`contrib/autocompletion/bash_autocomplete`](https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/autocompletion/bash_autocomplete). This should be altered as appropriate and can be `source` in your `.bashrc`
|
||||
or copied as `/usr/share/bash-completion/completions/gitea`.
|
||||
Shell completion can be generated directly from binary with:
|
||||
```sh
|
||||
gitea completion <shell>
|
||||
```
|
||||
|
||||
Similarly, a script for zsh-completion can be found at [`contrib/autocompletion/zsh_autocomplete`](https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/autocompletion/zsh_autocomplete). This can be copied to `/usr/share/zsh/_gitea` or sourced within your
|
||||
`.zshrc`.
|
||||
|
||||
YMMV and these scripts may need further improvement.
|
||||
Supported values for `<shell>` are `bash`, `fish`, `pwsh` and `zsh`. Details on how to load the completion for your shell can be found in the completion command help.
|
||||
|
||||
## Compile or cross-compile using Linux with Zig
|
||||
|
||||
|
||||
@@ -8,15 +8,19 @@ aliases:
|
||||
|
||||
# Installation with Docker (rootless)
|
||||
|
||||
Gitea provides automatically updated Docker images within its Docker Hub organization. It is
|
||||
possible to always use the latest stable tag or to use another service that handles updating
|
||||
Docker images.
|
||||
## Relation to rootful image
|
||||
|
||||
The rootless image uses Gitea internal SSH to provide Git protocol and doesn't support OpenSSH.
|
||||
* Rootless image doesn't require "root" privilege on the host, while it may have stricter UID/GID requirement.
|
||||
* Rootless image must use its bulitin SSH server, while the rootful one must its managed standalone OpenSSH server.
|
||||
* The volume mapping and directory layout is different between them.
|
||||
|
||||
This reference setup guides users through the setup based on `docker-compose`, but the installation
|
||||
of `docker-compose` is out of scope of this documentation. To install `docker-compose` itself, follow
|
||||
the official [install instructions](https://docs.docker.com/compose/install/).
|
||||
Except the differences above, the rootless image shares the same mechanism with rootful image,
|
||||
including: port mapping, custimzation, upgrading, environment variables, etc.
|
||||
Read more in "[Installation with Docker (rootful)](./with-docker.md)"
|
||||
|
||||
ATTENTION: the rootful/rootless images are not compatible with the other.
|
||||
If you have chosen one, you should always use the same one,
|
||||
don't switch to the other one by changing the compose file's `image` value.
|
||||
|
||||
## Basics
|
||||
|
||||
@@ -34,8 +38,6 @@ touch docker-compose.yml
|
||||
Then paste the following content into a file named `docker-compose.yml`:
|
||||
|
||||
```yaml
|
||||
version: "2"
|
||||
|
||||
services:
|
||||
server:
|
||||
image: docker.gitea.com/gitea:@dockerVersion@-rootless
|
||||
@@ -56,116 +58,16 @@ Note that the volume should be owned by the user/group with the UID/GID specifie
|
||||
sudo chown 1000:1000 config/ data/
|
||||
```
|
||||
|
||||
> If you don't give the volume correct permissions, the container may not start.
|
||||
> If you don't give the volume correct permissions, the container may present the following errors in the logs:
|
||||
|
||||
```sh
|
||||
server-1 | 2026-03-11T12:57:50.794102045Z mkdir: can't create directory '/var/lib/gitea/git': Permission denied
|
||||
server-1 | 2026-03-11T12:57:50.796198843Z /var/lib/gitea/git is not writable
|
||||
server-1 | 2026-03-11T12:57:50.796235667Z docker setup failed
|
||||
```
|
||||
|
||||
For a stable release you could use `:latest-rootless`, `:1-rootless` or specify a certain release like `:@dockerVersion@-rootless`, but if you'd like to use the latest development version then `:nightly-rootless` would be an appropriate tag. If you'd like to run the latest commit from a release branch you can use the `:1.x-nightly-rootless` tag, where x is the minor version of Gitea. (e.g. `:1.16-nightly-rootless`)
|
||||
|
||||
## Custom port
|
||||
|
||||
To bind the integrated ssh and the webserver on a different port, adjust
|
||||
the port section. It's common to just change the host port and keep the ports within
|
||||
the container like they are.
|
||||
|
||||
```diff
|
||||
version: "2"
|
||||
|
||||
services:
|
||||
server:
|
||||
image: docker.gitea.com/gitea:@dockerVersion@-rootless
|
||||
restart: always
|
||||
volumes:
|
||||
- ./data:/var/lib/gitea
|
||||
- ./config:/etc/gitea
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
ports:
|
||||
- - "3000:3000"
|
||||
- - "2222:2222"
|
||||
+ - "80:3000"
|
||||
+ - "22:2222"
|
||||
```
|
||||
|
||||
## MySQL database
|
||||
|
||||
To start Gitea in combination with a MySQL database, apply these changes to the
|
||||
`docker-compose.yml` file created above.
|
||||
|
||||
```diff
|
||||
version: "2"
|
||||
|
||||
services:
|
||||
server:
|
||||
image: docker.gitea.com/gitea:@dockerVersion@-rootless
|
||||
+ environment:
|
||||
+ - GITEA__database__DB_TYPE=mysql
|
||||
+ - GITEA__database__HOST=db:3306
|
||||
+ - GITEA__database__NAME=gitea
|
||||
+ - GITEA__database__USER=gitea
|
||||
+ - GITEA__database__PASSWD=gitea
|
||||
restart: always
|
||||
volumes:
|
||||
- ./data:/var/lib/gitea
|
||||
- ./config:/etc/gitea
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
ports:
|
||||
- "3000:3000"
|
||||
- "2222:2222"
|
||||
+ depends_on:
|
||||
+ - db
|
||||
+
|
||||
+ db:
|
||||
+ image: docker.io/library/mysql:8
|
||||
+ restart: always
|
||||
+ environment:
|
||||
+ - MYSQL_ROOT_PASSWORD=gitea
|
||||
+ - MYSQL_USER=gitea
|
||||
+ - MYSQL_PASSWORD=gitea
|
||||
+ - MYSQL_DATABASE=gitea
|
||||
+ volumes:
|
||||
+ - ./mysql:/var/lib/mysql
|
||||
```
|
||||
|
||||
## PostgreSQL database
|
||||
|
||||
To start Gitea in combination with a PostgreSQL database, apply these changes to
|
||||
the `docker-compose.yml` file created above.
|
||||
|
||||
```diff
|
||||
version: "2"
|
||||
|
||||
services:
|
||||
server:
|
||||
image: docker.gitea.com/gitea:@dockerVersion@-rootless
|
||||
environment:
|
||||
+ - GITEA__database__DB_TYPE=postgres
|
||||
+ - GITEA__database__HOST=db:5432
|
||||
+ - GITEA__database__NAME=gitea
|
||||
+ - GITEA__database__USER=gitea
|
||||
+ - GITEA__database__PASSWD=gitea
|
||||
restart: always
|
||||
volumes:
|
||||
- ./data:/var/lib/gitea
|
||||
- ./config:/etc/gitea
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
ports:
|
||||
- "3000:3000"
|
||||
- "2222:2222"
|
||||
+ depends_on:
|
||||
+ - db
|
||||
+
|
||||
+ db:
|
||||
+ image: docker.io/library/postgres:14
|
||||
+ restart: always
|
||||
+ environment:
|
||||
+ - POSTGRES_USER=gitea
|
||||
+ - POSTGRES_PASSWORD=gitea
|
||||
+ - POSTGRES_DB=gitea
|
||||
+ volumes:
|
||||
+ - ./postgres:/var/lib/postgresql/data
|
||||
```
|
||||
|
||||
## Named volumes
|
||||
|
||||
To use named volumes instead of host volumes, define and use the named volume
|
||||
@@ -174,8 +76,6 @@ create the required volume. You don't need to worry about permissions with
|
||||
named volumes; Docker will deal with that automatically.
|
||||
|
||||
```diff
|
||||
version: "2"
|
||||
|
||||
+volumes:
|
||||
+ gitea-data:
|
||||
+ driver: local
|
||||
@@ -207,8 +107,6 @@ As an example to clone the host user `git` definition use the command `id -u git
|
||||
Please make sure that the mounted folders are writable by the user.
|
||||
|
||||
```diff
|
||||
version: "2"
|
||||
|
||||
services:
|
||||
server:
|
||||
image: docker.gitea.com/gitea:@dockerVersion@-rootless
|
||||
@@ -223,143 +121,3 @@ services:
|
||||
- "3000:3000"
|
||||
- "2222:2222"
|
||||
```
|
||||
|
||||
## Startup
|
||||
|
||||
:::note
|
||||
From July 2023 Compose V1 stopped receiving updates. It's also no longer available in new releases of Docker Desktop.
|
||||
|
||||
Compose V2 is included with all currently supported versions of Docker Desktop. Please use V2 to do below operations.
|
||||
:::
|
||||
|
||||
To start this setup based on `docker-compose`, execute `docker-compose up -d`,
|
||||
to launch Gitea in the background. Using `docker-compose ps` will show if Gitea
|
||||
started properly. Logs can be viewed with `docker-compose logs`.
|
||||
|
||||
To shut down the setup, execute `docker-compose down`. This will stop
|
||||
and kill the containers. The volumes will still exist.
|
||||
|
||||
:::note
|
||||
If using a non-3000 port on http, change app.ini to match
|
||||
`LOCAL_ROOT_URL = http://localhost:3000/`.
|
||||
:::
|
||||
|
||||
## Install
|
||||
|
||||
After starting the Docker setup via `docker-compose`, Gitea should be available using a
|
||||
favorite browser to finalize the installation. Visit http://server-ip:3000 and follow the
|
||||
installation wizard. If the database was started with the `docker-compose` setup as
|
||||
documented above, please note that `db` must be used as the database hostname.
|
||||
|
||||
## Customization
|
||||
|
||||
Customization files described [here](../administration/customizing-gitea.md) should
|
||||
be placed in `/var/lib/gitea/custom` directory. If using host volumes, it's quite easy to access these
|
||||
files; for named volumes, this is done through another container or by direct access at
|
||||
`/var/lib/docker/volumes/gitea_gitea/_/var_lib_gitea`. The configuration file will be saved at
|
||||
`/etc/gitea/app.ini` after the installation.
|
||||
|
||||
## Upgrading
|
||||
|
||||
:::warning
|
||||
:exclamation::exclamation: **Make sure you have volumed data to somewhere outside Docker container** :exclamation::exclamation:
|
||||
:::
|
||||
|
||||
To upgrade your installation to the latest release:
|
||||
|
||||
```bash
|
||||
# Edit `docker-compose.yml` to update the version, if you have one specified
|
||||
# Pull new images
|
||||
docker-compose pull
|
||||
# Start a new container, automatically removes old one
|
||||
docker-compose up -d
|
||||
```
|
||||
|
||||
## Upgrading from standard image
|
||||
|
||||
- Backup your setup
|
||||
- Change volume mountpoint from /data to /var/lib/gitea
|
||||
- If you used a custom app.ini move it to a new volume mounted to /etc/gitea
|
||||
- Rename folder (inside volume) gitea to custom
|
||||
- Edit app.ini if needed
|
||||
- Set START_SSH_SERVER = true
|
||||
- Use image docker.gitea.com/gitea:@dockerVersion@-rootless
|
||||
|
||||
## Managing Deployments With Environment Variables
|
||||
|
||||
In addition to the environment variables above, any settings in `app.ini` can be set
|
||||
or overridden with an environment variable of the form: `GITEA__SECTION_NAME__KEY_NAME`.
|
||||
These settings are applied each time the docker container starts, and won't be passed into Gitea's sub-processes.
|
||||
Full information [here](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini).
|
||||
|
||||
These environment variables can be passed to the docker container in `docker-compose.yml`.
|
||||
The following example will enable a smtp mail server if the required env variables
|
||||
`GITEA__mailer__FROM`, `GITEA__mailer__HOST`, `GITEA__mailer__PASSWD` are set on the host
|
||||
or in a `.env` file in the same directory as `docker-compose.yml`.
|
||||
|
||||
The settings can be also set or overridden with the content of a file by defining an environment variable of the form:
|
||||
`GITEA__section_name__KEY_NAME__FILE` that points to a file.
|
||||
|
||||
```bash
|
||||
...
|
||||
services:
|
||||
server:
|
||||
environment:
|
||||
- GITEA__mailer__ENABLED=true
|
||||
- GITEA__mailer__FROM=${GITEA__mailer__FROM:?GITEA__mailer__FROM not set}
|
||||
- GITEA__mailer__PROTOCOL=smtp
|
||||
- GITEA__mailer__HOST=${GITEA__mailer__HOST:?GITEA__mailer__HOST not set}
|
||||
- GITEA__mailer__IS_TLS_ENABLED=true
|
||||
- GITEA__mailer__USER=${GITEA__mailer__USER:-apikey}
|
||||
- GITEA__mailer__PASSWD="""${GITEA__mailer__PASSWD:?GITEA__mailer__PASSWD not set}"""
|
||||
```
|
||||
|
||||
To set required TOKEN and SECRET values, consider using Gitea's built-in [generate utility functions](../administration/command-line.md#generate).
|
||||
|
||||
# SSH Container Passthrough
|
||||
|
||||
Since SSH is running inside the container, SSH needs to be passed through from the host to the container if SSH support is desired. One option would be to run the container SSH on a non-standard port (or moving the host port to a non-standard port). Another option which might be more straightforward is to forward SSH commands from the host to the container. This setup is explained in the following.
|
||||
|
||||
This guide assumes that you have created a user on the host called `git` with permission to run `docker exec`, and that the Gitea container is called `gitea`. You will need to modify that user's shell to forward the commands to the `sh` executable inside the container, using `docker exec`.
|
||||
|
||||
First, create the file `/usr/local/bin/gitea-shell` on the host, with the following contents:
|
||||
|
||||
```bash
|
||||
#!/bin/sh
|
||||
/usr/bin/docker exec -i --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" gitea sh "$@"
|
||||
```
|
||||
|
||||
Note that `gitea` in the docker command above is the name of the container. If you named yours differently, don't forget to change that.
|
||||
|
||||
You should also make sure that you’ve set the permissions of the shell wrapper correctly:
|
||||
|
||||
```bash
|
||||
sudo chmod +x /usr/local/bin/gitea-shell
|
||||
```
|
||||
|
||||
Once the wrapper is in place, you can make it the shell for the `git` user:
|
||||
|
||||
```bash
|
||||
sudo usermod -s /usr/local/bin/gitea-shell git
|
||||
```
|
||||
|
||||
Now that all the SSH commands are forwarded to the container, you need to set up the SSH authentication on the host. This is done by leveraging the [SSH AuthorizedKeysCommand](../administration/command-line.md#keys) to match the keys against those accepted by Gitea. Add the following block to `/etc/ssh/sshd_config`, on the host:
|
||||
|
||||
```bash
|
||||
Match User git
|
||||
AuthorizedKeysCommandUser git
|
||||
AuthorizedKeysCommand /usr/bin/docker exec -i gitea /usr/local/bin/gitea keys -c /etc/gitea/app.ini -e git -u %u -t %t -k %k
|
||||
```
|
||||
|
||||
(From 1.16.0 you will not need to set the `-c /etc/gitea/app.ini` option.)
|
||||
|
||||
All that is left to do is restart the SSH server:
|
||||
|
||||
```bash
|
||||
sudo systemctl restart sshd
|
||||
```
|
||||
|
||||
**Notes**
|
||||
|
||||
This isn't actually using the docker SSH - it is simply using the commands around it.
|
||||
You could theoretically not run the internal SSH server.
|
||||
|
||||
@@ -12,9 +12,16 @@ Gitea provides automatically updated Docker images within its Docker Hub organiz
|
||||
possible to always use the latest stable tag or to use another service that handles updating
|
||||
Docker images.
|
||||
|
||||
This reference setup guides users through the setup based on `docker-compose`, but the installation
|
||||
of `docker-compose` is out of scope of this documentation. To install `docker-compose` itself, follow
|
||||
the official [install instructions](https://docs.docker.com/compose/install/).
|
||||
This reference setup guides users through the setup based on `docker compose`.
|
||||
Docker compose has been included in the Docker Engine since the shift to Compose v2.
|
||||
If, for some reason, compose is not available on your system, follow the official [install instructions](https://docs.docker.com/compose/install/).
|
||||
|
||||
This document targets for the default rootful image. For the rootless image,
|
||||
see "[Installation with Docker (rootless)](./with-docker-rootless.md)"
|
||||
|
||||
ATTENTION: the rootful/rootless images are not compatible with the other.
|
||||
If you have chosen one, you should always use the same one,
|
||||
don't switch to the other one by changing the compose file's `image` value.
|
||||
|
||||
## Basics
|
||||
|
||||
@@ -26,8 +33,6 @@ If you don't give the volume correct permissions, the container may not start.
|
||||
For a stable release you can use `:latest`, `:1` or specify a certain release like `:@dockerVersion@`, but if you'd like to use the latest development version of Gitea then you could use the `:nightly` tag. If you'd like to run the latest commit from a release branch you can use the `:1.x-nightly` tag, where x is the minor version of Gitea. (e.g. `:1.16-nightly`)
|
||||
|
||||
```yaml
|
||||
version: "3"
|
||||
|
||||
networks:
|
||||
gitea:
|
||||
external: false
|
||||
@@ -58,8 +63,6 @@ the port section. It's common to just change the host port and keep the ports wi
|
||||
the container like they are.
|
||||
|
||||
```diff
|
||||
version: "3"
|
||||
|
||||
networks:
|
||||
gitea:
|
||||
external: false
|
||||
@@ -93,8 +96,6 @@ To start Gitea in combination with a MySQL database, apply these changes to the
|
||||
`docker-compose.yml` file created above.
|
||||
|
||||
```diff
|
||||
version: "3"
|
||||
|
||||
networks:
|
||||
gitea:
|
||||
external: false
|
||||
@@ -144,8 +145,6 @@ To start Gitea in combination with a PostgreSQL database, apply these changes to
|
||||
the `docker-compose.yml` file created above.
|
||||
|
||||
```diff
|
||||
version: "3"
|
||||
|
||||
networks:
|
||||
gitea:
|
||||
external: false
|
||||
@@ -196,8 +195,6 @@ create the required volume. You don't need to worry about permissions with
|
||||
named volumes; Docker will deal with that automatically.
|
||||
|
||||
```diff
|
||||
version: "3"
|
||||
|
||||
networks:
|
||||
gitea:
|
||||
external: false
|
||||
@@ -227,17 +224,11 @@ MySQL or PostgreSQL containers will need to be created separately.
|
||||
|
||||
## Startup
|
||||
|
||||
:::note
|
||||
From July 2023 Compose V1 stopped receiving updates. It's also no longer available in new releases of Docker Desktop.
|
||||
To start this setup based on `docker compose`, execute `docker compose up -d`,
|
||||
to launch Gitea in the background. Using `docker compose ps` will show if Gitea
|
||||
started properly. Logs can be viewed with `docker compose logs`.
|
||||
|
||||
Compose V2 is included with all currently supported versions of Docker Desktop. Please use V2 to do below operations.
|
||||
:::
|
||||
|
||||
To start this setup based on `docker-compose`, execute `docker-compose up -d`,
|
||||
to launch Gitea in the background. Using `docker-compose ps` will show if Gitea
|
||||
started properly. Logs can be viewed with `docker-compose logs`.
|
||||
|
||||
To shut down the setup, execute `docker-compose down`. This will stop
|
||||
To shut down the setup, execute `docker compose down`. This will stop
|
||||
and kill the containers. The volumes will still exist.
|
||||
|
||||
:::note
|
||||
@@ -247,9 +238,9 @@ If using a non-3000 port on http, change app.ini to match
|
||||
|
||||
## Installation
|
||||
|
||||
After starting the Docker setup via `docker-compose`, Gitea should be available using a
|
||||
After starting the Docker setup via `docker compose`, Gitea should be available using a
|
||||
favorite browser to finalize the installation. Visit http://server-ip:3000 and follow the
|
||||
installation wizard. If the database was started with the `docker-compose` setup as
|
||||
installation wizard. If the database was started with the `docker compose` setup as
|
||||
documented above, please note that `db` must be used as the database hostname.
|
||||
|
||||
## Configure the user inside Gitea using environment variables
|
||||
@@ -279,17 +270,18 @@ To upgrade your installation to the latest release:
|
||||
```bash
|
||||
# Edit `docker-compose.yml` to update the version, if you have one specified
|
||||
# Pull new images
|
||||
docker-compose pull
|
||||
docker compose pull
|
||||
# Start a new container, automatically removes old one
|
||||
docker-compose up -d
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
## Managing Deployments With Environment Variables
|
||||
|
||||
In addition to the environment variables above, any settings in `app.ini` can be set
|
||||
or overridden with an environment variable of the form: `GITEA__SECTION_NAME__KEY_NAME`.
|
||||
These settings are applied each time the docker container starts, and won't be passed into Gitea's sub-processes.
|
||||
Full information [here](https://github.com/go-gitea/gitea/tree/master/contrib/environment-to-ini).
|
||||
or overridden with an environment variable of the form: `GITEA__section_name__KEY_NAME=value`.
|
||||
These settings are applied each time the docker container starts by `environment-to-ini` command
|
||||
(a warpper of `gitea config edit-ini`), and won't be passed into Gitea's sub-processes.
|
||||
See `./gitea config edit-ini --help` for more details.
|
||||
|
||||
These environment variables can be passed to the docker container in `docker-compose.yml`.
|
||||
The following example will enable an smtp mail server if the required env variables
|
||||
@@ -331,320 +323,7 @@ services:
|
||||
- GITEA__security__INTERNAL_TOKEN=[value returned by generate secret INTERNAL_TOKEN]
|
||||
```
|
||||
|
||||
## SSH Container Passthrough
|
||||
|
||||
Since SSH is running inside the container, SSH needs to be passed through from the host to the container if SSH support is desired. One option would be to run the container SSH on a non-standard port (or moving the host port to a non-standard port). Another option which might be more straightforward is for Gitea users to ssh to a Gitea user on the host which will then relay those connections to the docker. Alternatively, if the host machine has more than one IP address, the host can listen on one and Gitea on another.
|
||||
|
||||
### Understanding SSH access to Gitea (without passthrough)
|
||||
|
||||
To understand what needs to happen, you first need to understand what happens without passthrough. So we will try to explain this:
|
||||
|
||||
1. The client adds their SSH public key to Gitea using the webpage.
|
||||
2. Gitea will add an entry for this key to the `.ssh/authorized_keys` file of its running user, `git`.
|
||||
3. This entry has the public key, but also has a `command=` option. It is this command that Gitea uses to match this key to the client user and manages authentication.
|
||||
4. The client then makes an SSH request to the SSH server using the `git` user, e.g. `git clone git@domain:user/repo.git`.
|
||||
5. The client will attempt to authenticate with the server, passing one or more public keys one at a time to the server.
|
||||
6. For each key the client provides, the SSH server will first check its configuration for an `AuthorizedKeysCommand` to see if the public key matches, and then the `git` user's `authorized_keys` file.
|
||||
7. The first entry that matches will be selected, and assuming this is a Gitea entry, the `command=` will now be executed.
|
||||
8. The SSH server creates a user session for the `git` user, and using the shell for the `git` user runs the `command=`
|
||||
9. This runs `gitea serv` which takes over control of the rest of the SSH session and manages gitea authentication & authorization of the git commands.
|
||||
|
||||
Now, for the SSH passthrough to work, we need the host SSH to match the public keys and then run the `gitea serv` on the docker. There are multiple ways of doing this. However, all of these require some information about the docker being passed to the host.
|
||||
|
||||
### SSHing Shim (with authorized_keys)
|
||||
|
||||
In this option, the idea is that the host simply uses the `authorized_keys` that gitea creates but at step 9 the `gitea` command that the host runs is a shim that actually runs ssh to go into the docker and then run the real docker `gitea` itself.
|
||||
|
||||
- To make the forwarding work, the SSH port of the container (22) needs to be mapped to the host port 2222 in `docker-compose.yml` . Since this port does not need to be exposed to the outside world, it can be mapped to the `localhost` of the host machine:
|
||||
|
||||
```yaml
|
||||
ports:
|
||||
# [...]
|
||||
- "127.0.0.1:2222:22"
|
||||
```
|
||||
|
||||
- Next on the host create the `git` user which shares the same `UID`/ `GID` as the container values `USER_UID`/ `USER_GID`. These values can be set as environment variables in the `docker-compose.yml`:
|
||||
|
||||
```yaml
|
||||
environment:
|
||||
- USER_UID=1000
|
||||
- USER_GID=1000
|
||||
```
|
||||
|
||||
- Mount `/home/git/.ssh` of the host into the container. This ensures that the `authorized_keys` file is shared between the host `git` user and the container `git` user otherwise the SSH authentication cannot work inside the container.
|
||||
|
||||
```yaml
|
||||
volumes:
|
||||
- /home/git/.ssh/:/data/git/.ssh
|
||||
```
|
||||
|
||||
- Now a SSH key pair needs to be created on the host. This key pair will be used to authenticate the `git` user on the host to the container. As an administrative user on the host run: (by administrative user we mean a user that can sudo to root)
|
||||
|
||||
```bash
|
||||
sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key"
|
||||
```
|
||||
|
||||
- Please note depending on the local version of ssh you may want to consider using `-t ecdsa` here.
|
||||
|
||||
- `/home/git/.ssh/authorized_keys` on the host now needs to be modified. It needs to act in the same way as `authorized_keys` within the Gitea container. Therefore add the public key of the key you created above ("Gitea Host Key") to `~/git/.ssh/authorized_keys`. As an administrative user on the host run:
|
||||
|
||||
```bash
|
||||
sudo -u git cat /home/git/.ssh/id_rsa.pub | sudo -u git tee -a /home/git/.ssh/authorized_keys
|
||||
sudo -u git chmod 600 /home/git/.ssh/authorized_keys
|
||||
```
|
||||
|
||||
Important: The pubkey from the `git` user needs to be added "as is" while all other pubkeys added via the Gitea web interface will be prefixed with `command="/usr [...]`.
|
||||
|
||||
`/home/git/.ssh/authorized_keys` should then look somewhat like
|
||||
|
||||
```bash
|
||||
# SSH pubkey from git user
|
||||
ssh-rsa <Gitea Host Key>
|
||||
|
||||
# other keys from users
|
||||
command="/usr/local/bin/gitea --config=/data/gitea/conf/app.ini serv key-1",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty <user pubkey>
|
||||
```
|
||||
|
||||
- The next step is to create the fake host `gitea` command that will forward commands from the host to the container. The name of this file depends on your version of Gitea:
|
||||
|
||||
- For Gitea v1.16.0+. As an administrative user on the host run:
|
||||
|
||||
```bash
|
||||
cat <<"EOF" | sudo tee /usr/local/bin/gitea
|
||||
#!/bin/sh
|
||||
ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
|
||||
EOF
|
||||
sudo chmod +x /usr/local/bin/gitea
|
||||
```
|
||||
|
||||
Here is a detailed explanation what is happening when a SSH request is made:
|
||||
|
||||
1. The client adds their SSH public key to Gitea using the webpage.
|
||||
2. Gitea in the container will add an entry for this key to the `.ssh/authorized_keys` file of its running user, `git`.
|
||||
- However, because `/home/git/.ssh/` on the host is mounted as `/data/git/.ssh` this means that the key has been added to the host `git` user's `authorized_keys` file too.
|
||||
3. This entry has the public key, but also has a `command=` option.
|
||||
- This command matches the location of the Gitea binary on the container, but also the location of the shim on the host.
|
||||
4. The client then makes an SSH request to the host SSH server using the `git` user, e.g. `git clone git@domain:user/repo.git`.
|
||||
5. The client will attempt to authenticate with the server, passing one or more public keys in turn to the host.
|
||||
6. For each key the client provides, the host SSH server will first check its configuration for an `AuthorizedKeysCommand` to see if the public key matches, and then the host `git` user's `authorized_keys` file.
|
||||
- Because `/home/git/.ssh/` on the host is mounted as `/data/git/.ssh` this means that the key they added to the Gitea web will be found
|
||||
7. The first entry that matches will be selected, and assuming this is a Gitea entry, the `command=` will now be executed.
|
||||
8. The host SSH server creates a user session for the `git` user, and using the shell for the host `git` user runs the `command=`
|
||||
9. This means that the host runs the host `/usr/local/bin/gitea` shim that opens an SSH from the host to container passing the rest of the command arguments directly to `/usr/local/bin/gitea` on the container.
|
||||
10. Meaning that the container `gitea serv` is run, taking over control of the rest of the SSH session and managing gitea authentication & authorization of the git commands.
|
||||
|
||||
**Notes**
|
||||
|
||||
SSH container passthrough using `authorized_keys` will work only if
|
||||
|
||||
- `opensshd` is used in the container
|
||||
- if `AuthorizedKeysCommand` is _not used_ in combination with `SSH_CREATE_AUTHORIZED_KEYS_FILE=false` to disable authorized files key generation
|
||||
- `LOCAL_ROOT_URL` is not changed (depending on the changes)
|
||||
|
||||
If you try to run `gitea` on the host, you will attempt to ssh to the container and thence run the `gitea` command there.
|
||||
|
||||
Never add the `Gitea Host Key` as a SSH key to a user on the Gitea interface.
|
||||
|
||||
### SSHing Shell (with authorized_keys)
|
||||
|
||||
In this option, the idea is that the host simply uses the `authorized_keys` that gitea creates but at step 8 above we change the shell that the host runs to ssh directly into the docker and then run the shell there. This means that the `gitea` that is then run is the real docker `gitea`.
|
||||
|
||||
- In this case we setup as per SSHing Shim except instead of creating `/usr/local/bin/gitea`
|
||||
we create a new shell for the git user. As an administrative user on the host run:
|
||||
|
||||
```bash
|
||||
cat <<"EOF" | sudo tee /home/git/ssh-shell
|
||||
#!/bin/sh
|
||||
shift
|
||||
ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $@"
|
||||
EOF
|
||||
sudo chmod +x /home/git/ssh-shell
|
||||
sudo usermod -s /home/git/ssh-shell git
|
||||
```
|
||||
|
||||
Be careful here - if you try to login as the git user in future you will ssh directly to the docker.
|
||||
|
||||
Here is a detailed explanation what is happening when a SSH request is made:
|
||||
|
||||
1. The client adds their SSH public key to Gitea using the webpage.
|
||||
2. Gitea in the container will add an entry for this key to the `.ssh/authorized_keys` file of its running user, `git`.
|
||||
- However, because `/home/git/.ssh/` on the host is mounted as `/data/git/.ssh` this means that the key has been added to the host `git` user's `authorized_keys` file too.
|
||||
3. This entry has the public key, but also has a `command=` option.
|
||||
- This command matches the location of the Gitea binary on the container.
|
||||
4. The client then makes an SSH request to the host SSH server using the `git` user, e.g. `git clone git@domain:user/repo.git`.
|
||||
5. The client will attempt to authenticate with the server, passing one or more public keys in turn to the host.
|
||||
6. For each key the client provides, the host SSH server will first check its configuration for an `AuthorizedKeysCommand` to see if the public key matches, and then the host `git` user's `authorized_keys` file.
|
||||
- Because `/home/git/.ssh/` on the host is mounted as `/data/git/.ssh` this means that the key they added to the Gitea web will be found
|
||||
7. The first entry that matches will be selected, and assuming this is a Gitea entry, the `command=` will now be executed.
|
||||
8. The host SSH server creates a user session for the `git` user, and using the shell for the host `git` user runs the `command=`
|
||||
9. The shell of the host `git` user is now our `ssh-shell` which opens an SSH connection from the host to container, (which opens a shell on the container for the container `git`).
|
||||
10. The container shell now runs the `command=` option meaning that the container `gitea serv` is run, taking over control of the rest of the SSH session and managing gitea authentication & authorization of the git commands.
|
||||
|
||||
**Notes**
|
||||
|
||||
SSH container passthrough using `authorized_keys` will work only if
|
||||
|
||||
- `opensshd` is used in the container
|
||||
- if `AuthorizedKeysCommand` is _not used_ in combination with `SSH_CREATE_AUTHORIZED_KEYS_FILE=false` to disable authorized files key generation
|
||||
- `LOCAL_ROOT_URL` is not changed (depending on the changes)
|
||||
|
||||
If you try to login as the `git` user on the host in future you will ssh directly to the docker.
|
||||
|
||||
Never add the `Gitea Host Key` as a SSH key to a user on the Gitea interface.
|
||||
|
||||
### Docker Shell (with authorized_keys)
|
||||
|
||||
Similar to the above ssh shell technique we can use a shell which simply uses `docker exec`. As an administrative user on the host run:
|
||||
|
||||
```bash
|
||||
cat <<"EOF" | sudo tee /home/git/docker-shell
|
||||
#!/bin/sh
|
||||
/usr/bin/docker exec -i -u git --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" gitea sh "$@"
|
||||
EOF
|
||||
sudo chmod +x /home/git/docker-shell
|
||||
sudo usermod -s /home/git/docker-shell git
|
||||
```
|
||||
|
||||
Here is a detailed explanation what is happening when a SSH request is made:
|
||||
|
||||
1. The client adds their SSH public key to Gitea using the webpage.
|
||||
2. Gitea in the container will add an entry for this key to the `.ssh/authorized_keys` file of its running user, `git`.
|
||||
- However, because `/home/git/.ssh/` on the host is mounted as `/data/git/.ssh` this means that the key has been added to the host `git` user's `authorized_keys` file too.
|
||||
3. This entry has the public key, but also has a `command=` option.
|
||||
- This command matches the location of the Gitea binary on the container.
|
||||
4. The client then makes an SSH request to the host SSH server using the `git` user, e.g. `git clone git@domain:user/repo.git`.
|
||||
5. The client will attempt to authenticate with the server, passing one or more public keys in turn to the host.
|
||||
6. For each key the client provides, the host SSH server will first check its configuration for an `AuthorizedKeysCommand` to see if the public key matches, and then the host `git` user's `authorized_keys` file.
|
||||
- Because `/home/git/.ssh/` on the host is mounted as `/data/git/.ssh` this means that the key they added to the Gitea web will be found
|
||||
7. The first entry that matches will be selected, and assuming this is a Gitea entry, the `command=` will now be executed.
|
||||
8. The host SSH server creates a user session for the `git` user, and using the shell for the host `git` user runs the `command=`
|
||||
9. The shell of the host `git` user is now our `docker-shell` which uses `docker exec` to open a shell for the `git` user on the container.
|
||||
10. The container shell now runs the `command=` option meaning that the container `gitea serv` is run, taking over control of the rest of the SSH session and managing gitea authentication & authorization of the git commands.
|
||||
|
||||
Note that `gitea` in the docker command above is the name of the container. If you named yours differently, don't forget to change that. The host `git` user also has to have
|
||||
permission to run `docker exec`.
|
||||
|
||||
**Notes**
|
||||
|
||||
Docker shell passthrough using `authorized_keys` will work only if
|
||||
|
||||
- `opensshd` is used in the container
|
||||
- if `AuthorizedKeysCommand` is _not used_ in combination with `SSH_CREATE_AUTHORIZED_KEYS_FILE=false` to disable authorized files key generation
|
||||
- `LOCAL_ROOT_URL` is not changed (depending on the changes)
|
||||
|
||||
If you try to login as the `git` user on the host in future you will `docker exec` directly to the docker.
|
||||
|
||||
A Docker execing shim could be created similarly to above.
|
||||
|
||||
### Docker Shell with AuthorizedKeysCommand
|
||||
|
||||
The AuthorizedKeysCommand route provides another option that does not require many changes to the compose file or the `authorized_keys` - but does require changes to the host `/etc/sshd_config`.
|
||||
|
||||
In this option, the idea is that the host SSH uses an `AuthorizedKeysCommand` instead of relying on sharing the `authorized_keys` file that gitea creates. We continue to use a special shell at step 8 above to exec into the docker and then run the shell there. This means that the `gitea` that is then run is the real docker `gitea`.
|
||||
|
||||
- On the host create a `git` user with permission to run `docker exec`.
|
||||
- We will again assume that the Gitea container is called `gitea`.
|
||||
- Modify the `git` user's shell to forward commands to the `sh` executable inside the container using `docker exec`. As an administrative user on the host run:
|
||||
|
||||
```bash
|
||||
cat <<"EOF" | sudo tee /home/git/docker-shell
|
||||
#!/bin/sh
|
||||
/usr/bin/docker exec -i -u git --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" gitea sh "$@"
|
||||
EOF
|
||||
sudo chmod +x /home/git/docker-shell
|
||||
sudo usermod -s /home/git/docker-shell git
|
||||
```
|
||||
|
||||
Now all attempts to login as the `git` user on the host will be forwarded to the docker - including the `SSH_ORIGINAL_COMMAND`. We now need to set-up SSH authentication on the host.
|
||||
|
||||
We will do this by leveraging the [SSH AuthorizedKeysCommand](../administration/command-line.md#keys) to match the keys against those accepted by Gitea.
|
||||
|
||||
Add the following block to `/etc/ssh/sshd_config`, on the host:
|
||||
|
||||
```bash
|
||||
Match User git
|
||||
AuthorizedKeysCommandUser git
|
||||
AuthorizedKeysCommand /usr/bin/docker exec -i -u git gitea /usr/local/bin/gitea keys -c /data/gitea/conf/app.ini -e git -u %u -t %t -k %k
|
||||
```
|
||||
|
||||
(From 1.16.0 you will not need to set the `-c /data/gitea/conf/app.ini` option.)
|
||||
|
||||
Finally restart the SSH server. As an administrative user on the host run:
|
||||
|
||||
```bash
|
||||
sudo systemctl restart sshd
|
||||
```
|
||||
|
||||
Here is a detailed explanation what is happening when a SSH request is made:
|
||||
|
||||
1. The client adds their SSH public key to Gitea using the webpage.
|
||||
2. Gitea in the container will add an entry for this key to its database.
|
||||
3. The client then makes an SSH request to the host SSH server using the `git` user, e.g. `git clone git@domain:user/repo.git`.
|
||||
4. The client will attempt to authenticate with the server, passing one or more public keys in turn to the host.
|
||||
5. For each key the client provides, the host SSH server will checks its configuration for an `AuthorizedKeysCommand`.
|
||||
6. The host runs the above `AuthorizedKeysCommand`, which execs in to the docker and then runs the `gitea keys` command.
|
||||
7. Gitea on the docker will look in it's database to see if the public key matches and will return an entry like that of an `authorized_keys` command.
|
||||
8. This entry has the public key, but also has a `command=` option which matches the location of the Gitea binary on the container.
|
||||
9. The host SSH server creates a user session for the `git` user, and using the shell for the host `git` user runs the `command=`.
|
||||
10. The shell of the host `git` user is now our `docker-shell` which uses `docker exec` to open a shell for the `git` user on the container.
|
||||
11. The container shell now runs the `command=` option meaning that the container `gitea serv` is run, taking over control of the rest of the SSH session and managing gitea authentication & authorization of the git commands.
|
||||
|
||||
**Notes**
|
||||
|
||||
Docker shell passthrough using `AuthorizedKeysCommand` will work only if
|
||||
|
||||
- The host `git` user is allowed to run the `docker exec` command.
|
||||
|
||||
If you try to login as the `git` user on the host in future you will `docker exec` directly to the docker.
|
||||
|
||||
A Docker execing shim could be created similarly to above.
|
||||
|
||||
### SSH Shell with AuthorizedKeysCommand
|
||||
|
||||
Create a key for the host `git` user as above, add it to the docker `/data/git/.ssh/authorized_keys` then finally create and set the `ssh-shell` as above.
|
||||
|
||||
Add the following block to `/etc/ssh/sshd_config`, on the host:
|
||||
|
||||
```bash
|
||||
Match User git
|
||||
AuthorizedKeysCommandUser git
|
||||
AuthorizedKeysCommand /usr/bin/ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 /usr/local/bin/gitea keys -c /data/gitea/conf/app.ini -e git -u %u -t %t -k %k
|
||||
```
|
||||
|
||||
(From 1.16.0 you will not need to set the `-c /data/gitea/conf/app.ini` option.)
|
||||
|
||||
Finally restart the SSH server. As an administrative user on the host run:
|
||||
|
||||
```bash
|
||||
sudo systemctl restart sshd
|
||||
```
|
||||
|
||||
Here is a detailed explanation what is happening when a SSH request is made:
|
||||
|
||||
1. The client adds their SSH public key to Gitea using the webpage.
|
||||
2. Gitea in the container will add an entry for this key to its database.
|
||||
3. The client then makes an SSH request to the host SSH server using the `git` user, e.g. `git clone git@domain:user/repo.git`.
|
||||
4. The client will attempt to authenticate with the server, passing one or more public keys in turn to the host.
|
||||
5. For each key the client provides, the host SSH server will checks its configuration for an `AuthorizedKeysCommand`.
|
||||
6. The host runs the above `AuthorizedKeysCommand`, which will SSH in to the docker and then run the `gitea keys` command.
|
||||
7. Gitea on the docker will look in it's database to see if the public key matches and will return an entry like that of an `authorized_keys` command.
|
||||
8. This entry has the public key, but also has a `command=` option which matches the location of the Gitea binary on the container.
|
||||
9. The host SSH server creates a user session for the `git` user, and using the shell for the host `git` user runs the `command=`.
|
||||
10. The shell of the host `git` user is now our `git-shell` which uses SSH to open a shell for the `git` user on the container.
|
||||
11. The container shell now runs the `command=` option meaning that the container `gitea serv` is run, taking over control of the rest of the SSH session and managing gitea authentication & authorization of the git commands.
|
||||
|
||||
**Notes**
|
||||
|
||||
SSH container passthrough using `AuthorizedKeysCommand` will work only if
|
||||
|
||||
- `opensshd` is running on the container
|
||||
|
||||
If you try to login as the `git` user on the host in future you will `ssh` directly to the docker.
|
||||
|
||||
Never add the `Gitea Host Key` as a SSH key to a user on the Gitea interface.
|
||||
|
||||
SSHing shims could be created similarly to above.
|
||||
|
||||
### SSH with multiple IP addresses
|
||||
|
||||
This assumes that the host machine has more than one reachable IP address: `192.168.1.1` (host) `192.168.1.2` (gitea)
|
||||
On the host machine, configure SSHD in `/etc/ssh/sshd_config` to listen on one IP address `ListenAddress 192.168.1.1`. In the compose file the SSH port forwarding then needs to be changed to `"192.168.1.2:22:22"`. The port forwarding needs to be adjusted similarily for all other forwarded ports to avoid problems with DNS.
|
||||
|
||||
9
docs/usage/_category_.json
Normal file
9
docs/usage/_category_.json
Normal file
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"label": "Usage",
|
||||
"position": 35,
|
||||
"link": {
|
||||
"type": "generated-index",
|
||||
"slug": "/usage",
|
||||
"title": "Usage"
|
||||
}
|
||||
}
|
||||
9
docs/usage/access-control/_category_.json
Normal file
9
docs/usage/access-control/_category_.json
Normal file
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"label": "Access Control",
|
||||
"position": 100,
|
||||
"link": {
|
||||
"type": "generated-index",
|
||||
"slug": "/usage/access-control",
|
||||
"description": "Permissions, security, and access control features"
|
||||
}
|
||||
}
|
||||
47
docs/usage/access-control/blocking-users.md
Normal file
47
docs/usage/access-control/blocking-users.md
Normal file
@@ -0,0 +1,47 @@
|
||||
---
|
||||
date: "2024-01-31T00:00:00+00:00"
|
||||
slug: "blocking-user"
|
||||
sidebar_position: 25
|
||||
aliases:
|
||||
- /blocking-user
|
||||
---
|
||||
|
||||
# Blocking a user
|
||||
|
||||
Gitea supports blocking of users to restrict how they can interact with you and your content.
|
||||
|
||||
You can block a user in your account settings, from the user's profile or from comments created by the user.
|
||||
The user is not directly notified about the block, but they can notice they are blocked when they attempt to interact with you.
|
||||
Organization owners can block anyone who is not a member of the organization too.
|
||||
If a blocked user has admin permissions, they can still perform all actions even if blocked.
|
||||
|
||||
### When you block a user
|
||||
|
||||
- the user stops following you
|
||||
- you stop following the user
|
||||
- the user's stars are removed from your repositories
|
||||
- your stars are removed from their repositories
|
||||
- the user stops watching your repositories
|
||||
- you stop watching their repositories
|
||||
- the user's issue assignments are removed from your repositories
|
||||
- your issue assignments are removed from their repositories
|
||||
- the user is removed as a collaborator on your repositories
|
||||
- you are removed as a collaborator on their repositories
|
||||
- any pending repository transfers to or from the blocked user are canceled
|
||||
|
||||
### When you block a user, the user cannot
|
||||
|
||||
- follow you
|
||||
- watch your repositories
|
||||
- star your repositories
|
||||
- fork your repositories
|
||||
- transfer repositories to you
|
||||
- open issues or pull requests on your repositories
|
||||
- comment on issues or pull requests you've created
|
||||
- comment on issues or pull requests on your repositories
|
||||
- react to your comments on issues or pull requests
|
||||
- react to comments on issues or pull requests on your repositories
|
||||
- assign you to issues or pull requests
|
||||
- add you as a collaborator on their repositories
|
||||
- send you notifications by @mentioning your username
|
||||
- be added as team member (if blocked by an organization)
|
||||
@@ -1,11 +1,10 @@
|
||||
---
|
||||
date: "2021-12-13:10:10+08:00"
|
||||
|
||||
slug: "permissions"
|
||||
sidebar_position: 14
|
||||
|
||||
aliases:
|
||||
- /en-us/permissions
|
||||
- /permissions
|
||||
---
|
||||
|
||||
# Permissions
|
||||
@@ -41,7 +40,7 @@ With different permissions, people could do different things with these units.
|
||||
| Wiki | View wiki pages. Clone the wiki repository. | Create/Edit wiki pages, push | - |
|
||||
| ExternalWiki | Link to an external wiki | - | - |
|
||||
| ExternalTracker | Link to an external issue tracker | - | - |
|
||||
| Projects | View the boards | Change issues across boards | - |
|
||||
| Projects | View the columns of projects | Change issues across columns | - |
|
||||
| Packages | View the packages | Upload/Delete packages | - |
|
||||
| Actions | View the Actions logs | Approve / Cancel / Restart | - |
|
||||
| Settings | - | - | Manage the repository |
|
||||
90
docs/usage/access-control/protected-branches.md
Normal file
90
docs/usage/access-control/protected-branches.md
Normal file
@@ -0,0 +1,90 @@
|
||||
---
|
||||
date: "2025-11-20T00:00:00-07:00"
|
||||
slug: "protected-branches"
|
||||
sidebar_position: 44
|
||||
aliases:
|
||||
- /en-us/protected-branches
|
||||
- /en-us/protected-branch
|
||||
- /protected-branches
|
||||
---
|
||||
|
||||
# Protected branches
|
||||
|
||||
Protected branches prevent unwanted changes by enforcing push and merge policies on selected branches. The rules are enforced for every Git protocol (HTTP(S), SSH), the web editor, the API, and background jobs such as auto-merge. Only repository owners and administrators can manage the rules, and the Branches page is read-only while a repository is archived.
|
||||
|
||||
## Creating or editing a rule
|
||||
|
||||
1. Open the repository and select **Settings → Branches** (repository admin permission required).
|
||||
2. Select **Add new rule** or **Edit** next to an existing rule.
|
||||
3. Fill in the **Protected branch name pattern** and optional file patterns, then configure the push, merge, and review options described below.
|
||||
4. Select **Save rule**.
|
||||
|
||||
The rule immediately applies to all matching branches, even if the branches are created in the future.
|
||||
|
||||
## Rule matching and priorities
|
||||
|
||||
- The **Protected branch name pattern** accepts [glob](https://github.com/gobwas/glob) expressions and matches the entire branch name. Patterns are case-sensitive. Using a simple name such as `main` without glob special characters always matches that specific branch (case-insensitive).
|
||||
- If multiple rules match the same branch, only the first rule is used. Reorder the list on the **Branches** page by dragging the grab handle. The first entry (priority 1) has the highest priority, so place patterns such as `main` or `release/*` before generic fallbacks such as `*`.
|
||||
|
||||
Example patterns:
|
||||
|
||||
| Pattern | Matches |
|
||||
| -------------- | ------------------------------- |
|
||||
| `main` | The `main` branch only |
|
||||
| `release/*` | `release/v1.0`, `release/april` |
|
||||
| `hotfix/**` | Nested branches such as `hotfix/security/CVE` |
|
||||
| `*` | Every branch (use as a fallback) |
|
||||
|
||||
### File-level pattern controls
|
||||
|
||||
- **Protected file patterns** block changes to sensitive files (for example `.drone.yml` or `/docs/**/*.txt`). Patterns are case-insensitive and separated by semicolons. Commits and merge attempts that touch one of the files are rejected.
|
||||
- **Unprotected file patterns** do the opposite: if pushes are blocked, users with write access can still push commits that modify only the listed files. This is useful for letting contributors update documentation while still requiring pull requests for code.
|
||||
|
||||
Both fields use the same `glob` syntax and match paths relative to the repository root.
|
||||
|
||||
## Controlling direct pushes
|
||||
|
||||
The **Push** section controls direct pushes (including the web editor and API).
|
||||
|
||||
- **Disable push** makes the branch read-only. Any attempt to push directly fails, and changes must be merged through pull requests.
|
||||
- **Enable push** allows anyone with [write access](permissions) to push (force pushes are still blocked unless explicitly allowed).
|
||||
- **Allowlist restricted push** requires being on the allowlist. Choose users and, for organization-owned repositories, teams. Deploy keys that already have write access can also be allowlisted.
|
||||
|
||||
When a push is blocked, the server-side hook rejects the update with an explanation.
|
||||
|
||||
### Force pushes
|
||||
|
||||
Force pushes have their own set of options:
|
||||
|
||||
- **Disable force push** completely forbids rewriting history on the branch.
|
||||
- **Enable force push** allows anyone who can push to also force push.
|
||||
- **Allowlist restricted force push** limits force pushes to a separate allowlist (users, teams, and optionally deploy keys) **and** requires the person to already have regular push access.
|
||||
|
||||
## Pull request merges and approvals
|
||||
|
||||
- **Merge allowlist**: keep the default to let anyone with write access merge pull requests, or enable the allowlist to restrict merges to selected users/teams.
|
||||
- **Required approvals**: specify how many approvals are needed before a merge is allowed. Reviews from users with write access count, unless the **Restrict approvals to allowlisted users or teams** option is enabled.
|
||||
- **Dismiss stale approvals** removes existing approvals whenever new commits that change the pull request content are pushed.
|
||||
- **Ignore stale approvals** keeps approvals but does not count reviews that were made on older commits. This option is disabled while dismissal of stale approvals is enabled.
|
||||
- **Block merge on rejected reviews** prevents merging while any official reviewer has requested changes.
|
||||
- **Block merge on official review requests** blocks merges while there are outstanding review requests (for example when CODEOWNERS requires a review).
|
||||
- **Block merge if the pull request is outdated** makes sure the head branch is up to date with the base branch before it can be merged.
|
||||
- **Administrators must follow branch protection rules** removes the ability for repository administrators to bypass the rules with the "Force merge" button.
|
||||
|
||||
Protected file patterns apply to pull requests as well. When a pull request changes one of the protected files, the pull request banner shows the affected paths and merging stays disabled.
|
||||
|
||||
## Status checks
|
||||
|
||||
Enable status checks to require one or more CI jobs to succeed before merging:
|
||||
|
||||
1. Check **Enable status check**.
|
||||
2. Enter one pattern per line in **Status check patterns**. Each pattern is a `glob` expression that matches the context name reported by Actions, Drone, Woodpecker, or another Check API client (for example `actions/test-*`).
|
||||
3. Pick contexts from the table of jobs that have reported results in the last week to verify their names.
|
||||
|
||||
When the option is active, Gitea requires at least one context that matches each pattern to report success on the pull request head commit. An empty list is not allowed; use `*` to require the latest commit to be successful regardless of the context name.
|
||||
|
||||
## Signed commits and other safeguards
|
||||
|
||||
- **Require signed commits** rejects pushes that contain unsigned or unverifiable commits. The check runs inside the server hook before the push is accepted.
|
||||
- **Protected file patterns** (see above) prevent both pushes and merges that modify sensitive files.
|
||||
- **Unprotected file patterns** allow limited pushes while keeping the branch protected.
|
||||
@@ -4,6 +4,7 @@ slug: "protected-tags"
|
||||
sidebar_position: 45
|
||||
aliases:
|
||||
- /en-us/protected-tags
|
||||
- /protected-tags
|
||||
---
|
||||
|
||||
# Protected tags
|
||||
9
docs/usage/actions/_category_.json
Normal file
9
docs/usage/actions/_category_.json
Normal file
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"label": "Actions",
|
||||
"position": 30,
|
||||
"link": {
|
||||
"type": "generated-index",
|
||||
"slug": "/usage/actions",
|
||||
"description": "Automating workflows with Actions"
|
||||
}
|
||||
}
|
||||
@@ -26,38 +26,6 @@ Github Actions doesn't support that. https://docs.github.com/en/actions/using-wo
|
||||
|
||||
## Unsupported workflows syntax
|
||||
|
||||
### `concurrency`
|
||||
|
||||
It's used to run a single job at a time.
|
||||
See [Using concurrency](https://docs.github.com/en/actions/using-jobs/using-concurrency).
|
||||
|
||||
It's ignored by Gitea Actions now.
|
||||
|
||||
### `run-name`
|
||||
|
||||
The name for workflow runs generated from the workflow.
|
||||
See [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#run-name).
|
||||
|
||||
It's ignored by Gitea Actions now.
|
||||
|
||||
### `permissions` and `jobs.<job_id>.permissions`
|
||||
|
||||
See [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions).
|
||||
|
||||
It's ignored by Gitea Actions now.
|
||||
|
||||
### `jobs.<job_id>.timeout-minutes`
|
||||
|
||||
See [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idtimeout-minutes).
|
||||
|
||||
It's ignored by Gitea Actions now.
|
||||
|
||||
### `jobs.<job_id>.continue-on-error`
|
||||
|
||||
See [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontinue-on-error).
|
||||
|
||||
It's ignored by Gitea Actions now.
|
||||
|
||||
### `jobs.<job_id>.environment`
|
||||
|
||||
See [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idenvironment).
|
||||
@@ -107,6 +75,15 @@ Services steps don't have their own section in the job log user interface.
|
||||
|
||||
## Different behavior
|
||||
|
||||
### Job token permissions (`permissions`)
|
||||
|
||||
Gitea supports `permissions` and `jobs.<job_id>.permissions` to control the default `GITEA_TOKEN` permissions.
|
||||
|
||||
The effective permissions are clamped by the repository/owner settings and are further restricted for fork pull requests and cross-repository access.
|
||||
GitHub-only scopes such as `statuses`, `checks`, `deployments`, `id-token`, `security-events`, and `pages` are not supported, while Gitea-specific scopes such as `code`, `releases`, `wiki`, and `projects` are available.
|
||||
|
||||
See [Actions job token permissions](token-permissions.md).
|
||||
|
||||
### Downloading actions
|
||||
|
||||
Previously (Pre 1.21.0), `[actions].DEFAULT_ACTIONS_URL` defaulted to `https://gitea.com`.
|
||||
|
||||
@@ -8,33 +8,9 @@ sidebar_position: 140
|
||||
|
||||
Gitea Actions has multiple components. This document describes them individually.
|
||||
|
||||
## Act
|
||||
## Gitea Runner
|
||||
|
||||
The [nektos/act](https://github.com/nektos/act) project is an excellent tool that allows you to run your GitHub Actions locally.
|
||||
We were inspired by this and wondered if it would be possible to run actions for Gitea.
|
||||
|
||||
However, while [nektos/act](https://github.com/nektos/act) is designed as a command line tool, what we actually needed was a Go library with modifications specifically for Gitea.
|
||||
So we forked it as [gitea/act](https://gitea.com/gitea/act).
|
||||
|
||||
This is a soft fork that will periodically follow the upstream.
|
||||
Although some custom commits have been added, we will try our best to avoid changing too much of the original code.
|
||||
|
||||
The forked act is just a shim or adapter for Gitea's specific usage.
|
||||
There are some additional commits that have been made, such as:
|
||||
|
||||
- Outputting execution logs to logger hook so they can be reported to Gitea
|
||||
- Disabling the GraphQL URL, since Gitea doesn't support it
|
||||
- Starting a new container for every job instead of reusing to ensure isolation.
|
||||
|
||||
These modifications have no reason to be merged into the upstream.
|
||||
They don't make sense if the user just wants to run trusted actions locally.
|
||||
|
||||
However, there may be overlaps in the future, such as a required bug fix or new feature needed by both projects.
|
||||
In these cases, we will contribute the changes back to the upstream repository.
|
||||
|
||||
## Act runner
|
||||
|
||||
Gitea's runner is called act runner because it's based on act.
|
||||
Gitea Runner is based on a hard fork of [nektos/act](https://github.com/nektos/act).
|
||||
|
||||
Like other CI runners, we designed it as an external part of Gitea, which means it should run on a different server than Gitea.
|
||||
|
||||
@@ -47,7 +23,7 @@ That's why when you add custom labels during registration, you will need to inpu
|
||||
This means that the runner can take the job which needs to run on `my_custom_label`, and it will run it via a docker container with the image `centos:7`.
|
||||
|
||||
Docker isn't the only option, though.
|
||||
The act also supports running jobs directly on the host.
|
||||
The runner also supports running jobs directly on the host.
|
||||
This is achieved through labels like `linux_arm:host`.
|
||||
This label indicates that the runner can take a job that needs to run on `linux_arm` and run it directly on the host.
|
||||
|
||||
@@ -62,7 +38,7 @@ So,
|
||||
|
||||
## Communication protocol
|
||||
|
||||
As act runner is an independent part of Gitea, we needed a protocol for runners to communicate with the Gitea instance.
|
||||
As the runner is an independent part of Gitea, we needed a protocol for runners to communicate with the Gitea instance.
|
||||
However, we did not think it was a good idea to have Gitea listen on a new port.
|
||||
Instead, we wanted to reuse the HTTP port, which means we needed a protocol that is compatible with HTTP.
|
||||
We chose to use gRPC over HTTP.
|
||||
@@ -79,9 +55,9 @@ This will help you troubleshoot some problems and explain why it's a bad idea to
|
||||
|
||||
There are four network connections marked in the picture, and the direction of the arrows indicates the direction of establishing the connections.
|
||||
|
||||
### Connection 1, act runner to Gitea instance
|
||||
### Connection 1, runner to Gitea instance
|
||||
|
||||
The act runner must be able to connect to Gitea to receive tasks and send back the execution results.
|
||||
The runner must be able to connect to Gitea to receive tasks and send back the execution results.
|
||||
|
||||
### Connection 2, job containers to Gitea instance
|
||||
|
||||
@@ -92,9 +68,9 @@ Fetching code is not always necessary to run some jobs, but it is required in mo
|
||||
If you use a loopback address to register a runner, the runner can connect to Gitea when it is on the same machine.
|
||||
However, if a job container tries to fetch code from localhost, it will fail because Gitea is not in the same container.
|
||||
|
||||
### Connection 3, act runner to internet
|
||||
### Connection 3, runner to internet
|
||||
|
||||
When you use some actions like `actions/checkout@v4`, the act runner downloads the scripts, not the job containers.
|
||||
When you use some actions like `actions/checkout@v4`, the runner downloads the scripts, not the job containers.
|
||||
By default, it downloads from [github.com](http://github.com/), so it requires access to the internet. If you configure the `DEFAULT_ACTIONS_URL` to `self`, then it will download from your Gitea instance by default. Then it will not connect to internet when downloading the action itself.
|
||||
It also downloads some docker images from Docker Hub by default, which also requires internet access.
|
||||
|
||||
|
||||
@@ -55,7 +55,7 @@ If you want to give more permissions to the runner, allowing it to access more p
|
||||
Refined permission control to Actions is a complicated job.
|
||||
In the future, we will add more options to Gitea to make it more configurable, such as allowing more write access to repositories or read access to all repositories in the same organization.
|
||||
|
||||
## Which operating systems are supported by act runner?
|
||||
## Which operating systems are supported by Gitea Runner?
|
||||
|
||||
We released official binaries for Linux, macOS, and Windows.
|
||||
While other operating systems are theoretically supported if it is supported by golang and docker(docker mode enabled).
|
||||
@@ -101,7 +101,7 @@ It is exciting to be able to reuse them.
|
||||
|
||||
This is valid syntax.
|
||||
It means that it should run on runners that have both the `label_a` **and** `label_b` labels, see [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idruns-on).
|
||||
Unfortunately, act runner does not work this way until v0.2.11.
|
||||
Unfortunately, the runner does not work this way until v0.2.11.
|
||||
As mentioned, we map labels to environments:
|
||||
|
||||
- `ubuntu` → `ubuntu:22.04`
|
||||
@@ -117,9 +117,9 @@ We also need to re-design how tasks are assigned to runners.
|
||||
A runner with `ubuntu`, `centos`, or `with-gpu` does not necessarily indicate that it can accept jobs with `[centos, with-gpu]`.
|
||||
Therefore, the runner should inform the Gitea instance that it can only accept jobs with `[ubuntu]`, `[centos]`, `[with-gpu]`, and `[ubuntu, with-gpu]`.
|
||||
This is not a technical problem, it was just overlooked in the early design.
|
||||
See [runtime.go#L65](https://gitea.com/gitea/act_runner/src/commit/90b8cc6a7a48f45cc28b5ef9660ebf4061fcb336/runtime/runtime.go#L65).
|
||||
See [runtime.go#L65](https://gitea.com/gitea/runner/src/commit/90b8cc6a7a48f45cc28b5ef9660ebf4061fcb336/runtime/runtime.go#L65).
|
||||
|
||||
Currently, the act runner attempts to match everyone in the labels and uses the first match it finds.
|
||||
Currently, the runner attempts to match everyone in the labels and uses the first match it finds.
|
||||
|
||||
## What is the difference between agent labels and custom labels for a runner?
|
||||
|
||||
@@ -132,17 +132,17 @@ However, the design here needs improvement, as it currently has some rough edges
|
||||
You can add a custom label such as `centos` to a registered runner, which means the runner will receive jobs with `runs-on: centos`.
|
||||
However, the runner may not know which environment to use for this label, resulting in it using a default image or leading to a logical dead end.
|
||||
This default may not match user expectations.
|
||||
See [runtime.go#L71](https://gitea.com/gitea/act_runner/src/commit/90b8cc6a7a48f45cc28b5ef9660ebf4061fcb336/runtime/runtime.go#L71).
|
||||
See [runtime.go#L71](https://gitea.com/gitea/runner/src/commit/90b8cc6a7a48f45cc28b5ef9660ebf4061fcb336/runtime/runtime.go#L71).
|
||||
|
||||
In the meantime, we suggest that you re-register your runner if you want to change its labels.
|
||||
|
||||
## Will there be more implementations for Gitea Actions runner?
|
||||
|
||||
Although we would like to provide more options, our limited manpower means that act runner will be the only officially supported runner at the moment.
|
||||
Although we would like to provide more options, our limited manpower means that Gitea Runner will be the only officially supported runner at the moment.
|
||||
|
||||
However, both Gitea and act runner are completely open source under MIT License, so anyone can modify the code to satisfy their requirements.
|
||||
However, both Gitea and Gitea Runner are completely open source under MIT License, so anyone can modify the code to satisfy their requirements.
|
||||
|
||||
In case you fork act runner to create your own version: Please contribute the changes back if you can and if you think your changes will help others as well.
|
||||
In case you fork Gitea Runner to create your own version: Please contribute the changes back if you can and if you think your changes will help others as well.
|
||||
|
||||
## What workflow trigger events does Gitea support?
|
||||
|
||||
@@ -158,11 +158,18 @@ For events supported only by GitHub, see GitHub's [documentation](https://docs.g
|
||||
| push | not applicable |
|
||||
| issues | `opened`, `edited`, `closed`, `reopened`, `assigned`, `unassigned`, `milestoned`, `demilestoned`, `labeled`, `unlabeled` |
|
||||
| issue_comment | `created`, `edited`, `deleted` |
|
||||
| pull_request | `opened`, `edited`, `closed`, `reopened`, `assigned`, `unassigned`, `synchronize`, `labeled`, `unlabeled` |
|
||||
| pull_request | `opened`, `edited`, `closed`, `reopened`, `assigned`, `unassigned`, `synchronized`, `labeled`, `unlabeled` |
|
||||
| pull_request_review | `submitted`, `edited` |
|
||||
| pull_request_review_comment | `created`, `edited` |
|
||||
| release | `published`, `edited` |
|
||||
| registry_package | `published` |
|
||||
| workflow_dispatch | not applicable |
|
||||
| workflow_run | `requested`, `completed` |
|
||||
|
||||
> For `pull_request` events, in [GitHub Actions](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request), the `ref` is `refs/pull/:prNumber/merge`, which is a reference to the merge commit preview. However, Gitea has no such reference.
|
||||
> Therefore, the `ref` in Gitea Actions is `refs/pull/:prNumber/head`, which points to the head of pull request rather than the preview of the merge commit.
|
||||
|
||||
## How to share actions and reusable workflows from private repositories?
|
||||
|
||||
Go to the repository's **Settings** > **Actions** > **General** page and add collaborative owners.
|
||||
The private repositories of collaborative owners are allowed to access the actions and workflows in the current repository.
|
||||
|
||||
@@ -21,8 +21,8 @@ To avoid confusion, we have clarified the spelling here:
|
||||
## Runners
|
||||
|
||||
Just like other CI/CD solutions, Gitea doesn't run the jobs itself, but delegates the jobs to runners.
|
||||
The runner of Gitea Actions is called [act runner](https://gitea.com/gitea/act_runner), it is a standalone program and also written in Go.
|
||||
An important part of the application comes from a [fork](https://gitea.com/gitea/act) of [nektos/act](http://github.com/nektos/act).
|
||||
The runner of Gitea Actions is called [Gitea Runner](https://gitea.com/gitea/runner), it is a standalone program and also written in Go.
|
||||
An important part of the application comes from a hard fork of [nektos/act](http://github.com/nektos/act).
|
||||
|
||||
Because the runner is deployed independently, there could be potential security issues.
|
||||
To avoid them, please follow two simple rules:
|
||||
|
||||
@@ -25,10 +25,10 @@ If you want to learn more or encounter any problems while configuring it, please
|
||||
|
||||
### Set up runner
|
||||
|
||||
Gitea Actions requires [act runner](https://gitea.com/gitea/act_runner) to run the jobs.
|
||||
Gitea Actions requires [Gitea Runner](https://gitea.com/gitea/runner) to run the jobs.
|
||||
In order to avoid consuming too many resources and affecting the Gitea instance, it is recommended to start runners on separate machines from the Gitea instance.
|
||||
|
||||
You can use the [pre-built binaries](http://dl.gitea.com/act_runner) or the [docker images](https://hub.docker.com/r/gitea/act_runner/tags) to set up the runner.
|
||||
You can use the [pre-built binaries](http://dl.gitea.com/gitea-runner) or the [docker images](https://hub.docker.com/r/gitea/runner/tags) to set up the runner.
|
||||
|
||||
Before proceeding any further, we suggest running it as a command line with pre-built binaries to ensure that it works with your environment, especially if you are running a runner on your localhost.
|
||||
And it could be easier to debug if something goes wrong.
|
||||
@@ -40,7 +40,7 @@ However, it is recommended to use Docker to run the jobs, because it is more sec
|
||||
Before running a runner, you should first register it to your Gitea instance using the following command:
|
||||
|
||||
```bash
|
||||
./act_runner register --no-interactive --instance <instance> --token <token>
|
||||
./runner register --no-interactive --instance <instance> --token <token>
|
||||
```
|
||||
|
||||
There are two arguments required, `instance` and `token`.
|
||||
@@ -69,14 +69,14 @@ If this file is missing or corrupted, you can simply remove it and register agai
|
||||
Finally, it's time to start the runner:
|
||||
|
||||
```bash
|
||||
./act_runner daemon
|
||||
./runner daemon
|
||||
```
|
||||
|
||||
And you can see the new runner in the management page:
|
||||
|
||||

|
||||
|
||||
You can find more information by visiting [Act runner](usage/actions/act-runner.md).
|
||||
You can find more information by visiting [Gitea Runner](runner.mdx).
|
||||
|
||||
### Use Actions
|
||||
|
||||
|
||||
459
docs/usage/actions/runner.mdx
Normal file
459
docs/usage/actions/runner.mdx
Normal file
@@ -0,0 +1,459 @@
|
||||
---
|
||||
date: "2023-04-27T15:00:00+08:00"
|
||||
slug: "runner"
|
||||
sidebar_position: 20
|
||||
---
|
||||
|
||||
# Gitea Runner
|
||||
|
||||
This page will introduce the [Gitea Runner](https://gitea.com/gitea/runner) in detail, which is the runner for Gitea Actions.
|
||||
|
||||
## Requirements
|
||||
|
||||
Currently the runner supports three modes in which it can be run.
|
||||
1. Host: runner will run as an application on the host. This provides no encapsulation.
|
||||
2. Docker (recommended): Runs jobs in a [Docker](https://docker.com) container. If you choose this mode, you need to [install Docker](https://docs.docker.com/engine/install/) first and make sure that the Docker daemon is running.
|
||||
3. Docker-in-Docker (DinD): Puts the runner into rootless mode. It then runs in a Docker container with its own Docker daemon that has fewer privileges. It will spawn job containers from there. Best security but more complex setup.
|
||||
|
||||
Other OCI container engines which are compatible with Docker's API should also work, but are untested.
|
||||
|
||||
However, if you are sure that you want to run jobs directly on the host only, then Docker is not required.
|
||||
|
||||
There are multiple ways to install the runner.
|
||||
|
||||
## Installation with binary
|
||||
|
||||
### Download the binary
|
||||
|
||||
You can download the binary from the [release page](https://gitea.com/gitea/runner/releases).
|
||||
However, if you want to use the latest nightly build, you can download it from the [download page](https://dl.gitea.com/gitea-runner/).
|
||||
|
||||
When you download the binary, please make sure that you have downloaded the correct one for your platform.
|
||||
You can check it by running the following command if you are in a Unix-style OS.
|
||||
|
||||
```bash
|
||||
chmod +x runner
|
||||
./runner --version
|
||||
```
|
||||
|
||||
If you see the version information, it means that you have downloaded the correct binary.
|
||||
|
||||
### Obtain a registration token
|
||||
|
||||
You can register a runner at different levels. It can be:
|
||||
|
||||
- Instance level: The runner will run jobs for all repositories in the instance.
|
||||
- Organization level: The runner will run jobs for all repositories in the organization.
|
||||
- Repository level: The runner will run jobs for the repository it belongs to.
|
||||
|
||||
Note that the repository may still use instance-level or organization-level runners even if it has its own repository-level runners. A future release may provide an option to allow more control over this.
|
||||
|
||||
|
||||
Before registering the runner and running it, you need a registration token. The level of the runner determines where to obtain the registration token.
|
||||
|
||||
- Instance level: The admin settings page, like `<your_gitea.com>/-/admin/actions/runners`.
|
||||
- Organization level: The organization settings page, like `<your_gitea.com>/<org>/settings/actions/runners`.
|
||||
- Repository level: The repository settings page, like `<your_gitea.com>/<owner>/<repo>/settings/actions/runners`.
|
||||
|
||||
If you cannot see the settings page, please make sure that you have the right permissions and that Actions have been enabled.
|
||||
|
||||
The format of the registration token is a random string `D0gvfu2iHfUjNqCYVljVyRV14fISpJxxxxxxxxxx`.
|
||||
|
||||
A registration token can also be obtained from the Gitea [command-line interface](/administration/command-line#actions-generate-runner-token):
|
||||
|
||||
```
|
||||
gitea --config /etc/gitea/app.ini actions generate-runner-token
|
||||
```
|
||||
|
||||
You can also use `GITEA_RUNNER_REGISTRATION_TOKEN`/`GITEA_RUNNER_REGISTRATION_TOKEN_FILE` environment variables to set a global runner registration token when Gitea starts, for example:
|
||||
|
||||
```
|
||||
openssl rand -hex 24 > /some-dir/runner-token
|
||||
export GITEA_RUNNER_REGISTRATION_TOKEN_FILE=/some-dir/runner-token
|
||||
./gitea --config ...
|
||||
```
|
||||
|
||||
The token from the environment is valid until you reset the token (re-create a new one) via the web UI or API.
|
||||
|
||||
Tokens are valid for registering multiple runners, until they are revoked and replaced by a new token using the token reset link in the web interface.
|
||||
|
||||
### Configuration
|
||||
|
||||
Configuration is done via a configuration file. It is optional, and the default configuration will be used when no configuration file is specified. You can generate a configuration file by running the following command:
|
||||
|
||||
```bash
|
||||
./runner generate-config
|
||||
```
|
||||
|
||||
The default configuration is safe to use without any modification, so you can just use it directly.
|
||||
|
||||
```bash
|
||||
./runner generate-config > config.yaml
|
||||
./runner --config config.yaml [command]
|
||||
```
|
||||
|
||||
### Register the runner
|
||||
|
||||
Registration is required before running Gitea Runner, because the runner needs to know where to get jobs from. It is also important for the Gitea instance to identify the runner.
|
||||
|
||||
If this has been installed using the binary package, the runner can be registered by running the following command.
|
||||
|
||||
```bash
|
||||
./runner register
|
||||
```
|
||||
|
||||
Alternatively, you can use the `--config` option to specify the configuration file mentioned in the previous section.
|
||||
|
||||
```bash
|
||||
./runner --config config.yaml register
|
||||
```
|
||||
|
||||
You will be asked to input the registration information step by step. This includes:
|
||||
|
||||
- The Gitea instance URL, like `https://gitea.com/` or `http://192.168.8.8:3000/`.
|
||||
- The registration token.
|
||||
- The runner name, which is optional. If you leave it blank, the hostname will be used.
|
||||
- The runner labels, which is optional. If you leave it blank, the default labels will be used.
|
||||
|
||||
You may be confused about the runner labels, which will be explained later.
|
||||
|
||||
If you want to register the runner in a non-interactive way, you can use arguments to do it.
|
||||
|
||||
```bash
|
||||
./runner register --no-interactive --instance <instance_url> --token <registration_token> --name <runner_name> --labels <runner_labels>
|
||||
```
|
||||
|
||||
When you have registered the runner, you can find a new file named `.runner` in the current directory.
|
||||
This file stores the registration information.
|
||||
Please do not edit it manually.
|
||||
If this file is missing or corrupted, you can simply remove it and register again.
|
||||
|
||||
If you want to store the registration information in another place, you can specify it in the configuration file,
|
||||
and don't forget to specify the `--config` option.
|
||||
|
||||
#### Ephemeral Runners
|
||||
|
||||
Ephemeral runners provide a security hardening mechanism for enabling organization- or instance-wide runners without requiring full user trust. Once a job is assigned within a spot VM or container, the runner's exposed credentials are automatically revoked—blocking it from polling further jobs before any untrusted code runs, while still allowing it to report progress until completion by either Gitea or the runner.
|
||||
|
||||
Gitea Runner **0.2.12+** is required.
|
||||
|
||||
The updated commands for registering the runner as ephemeral are listed below. Refer to the previous section for detailed information on registering the runner.
|
||||
|
||||
```bash
|
||||
./runner register --ephemeral
|
||||
```
|
||||
|
||||
```bash
|
||||
./runner --config config.yaml register --ephemeral
|
||||
```
|
||||
|
||||
```bash
|
||||
./runner register --no-interactive --ephemeral --instance <instance_url> --token <registration_token> --name <runner_name> --labels <runner_labels>
|
||||
```
|
||||
|
||||
The runner must be registered each time it is intended to receive a job. After completing the single job it is designed to execute, the runner terminates.
|
||||
|
||||
To automate the registration and startup of new runners when a job is queued, use the `workflow_job` webhook.
|
||||
|
||||
### Start the runner from the command line
|
||||
|
||||
After you have registered the runner, you can run it with the following command:
|
||||
|
||||
```shell
|
||||
./runner daemon
|
||||
```
|
||||
|
||||
or
|
||||
|
||||
```bash
|
||||
./runner daemon --config config.yaml
|
||||
```
|
||||
|
||||
The runner will fetch jobs from the Gitea instance and run them automatically.
|
||||
|
||||
### Start the runner with Systemd
|
||||
|
||||
It is also possible to run Gitea Runner as a [systemd](https://en.wikipedia.org/wiki/Systemd) service. Create an unprivileged `runner` user on your system, and create the following file in `/etc/systemd/system/runner.service`. The paths in `ExecStart` and `WorkingDirectory` may need to be adjusted depending on where you installed the `runner` binary, its configuration file, and the home directory of the `runner` user.
|
||||
|
||||
```ini
|
||||
[Unit]
|
||||
Description=Gitea Actions runner
|
||||
Documentation=https://gitea.com/gitea/runner
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/local/bin/runner daemon --config /etc/runner/config.yaml
|
||||
ExecReload=/bin/kill -s HUP $MAINPID
|
||||
WorkingDirectory=/var/lib/runner
|
||||
TimeoutSec=0
|
||||
RestartSec=10
|
||||
Restart=always
|
||||
User=runner
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
```
|
||||
|
||||
Then:
|
||||
|
||||
```bash
|
||||
# load the new systemd unit file
|
||||
sudo systemctl daemon-reload
|
||||
# start the service and enable it at boot
|
||||
sudo systemctl enable runner --now
|
||||
```
|
||||
|
||||
If using Docker, the `runner` user should also be added to the `docker` group before starting the service. Keep in mind that this effectively gives `runner` root access to the system [[1]](https://docs.docker.com/engine/security/#docker-daemon-attack-surface).
|
||||
|
||||
### Start the runner with LaunchDaemon (macOS)
|
||||
|
||||
Mac uses `launchd` in place of systemd for registering daemon processes. By default, daemons run as the root user, so if desired an unprivileged `_runner` user can be created via the `dscl` tool. The following file should then be created in the directory `/Library/LaunchDaemon/com.gitea.runner.plist`. The paths for `WorkingDirectory`, `ProgramArguments`, `StandardOutPath`, `StandardErrPath`, and the `HOME` environment variable may need to be updated to reflect your installation. Also note that any executables outside of the example `PATH` shown will need to be explicitly included and will not be inherited from existing configurations.
|
||||
|
||||
```xml
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>Label</key>
|
||||
<string>com.gitea.runner</string>
|
||||
<key>ProgramArguments</key>
|
||||
<array>
|
||||
<string>/usr/local/bin/runner</string>
|
||||
<string>daemon</string>
|
||||
<string>--config</string>
|
||||
<string>/etc/runner/config.yaml</string>
|
||||
</array>
|
||||
<key>RunAtLoad</key>
|
||||
<true/>
|
||||
<key>KeepAlive</key>
|
||||
<true/>
|
||||
<key>WorkingDirectory</key>
|
||||
<string>/var/lib/runner</string>
|
||||
<key>StandardOutPath</key>
|
||||
<string>/var/lib/runner/runner.log</string>
|
||||
<key>StandardErrorPath</key>
|
||||
<string>/var/lib/runner/runner.err</string>
|
||||
<key>EnvironmentVariables</key>
|
||||
<dict>
|
||||
<key>PATH</key>
|
||||
<string>/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin</string>
|
||||
<key>HOME</key>
|
||||
<string>/var/lib/runner</string>
|
||||
</dict>
|
||||
<key>UserName</key>
|
||||
<string>_runner</string>
|
||||
</dict>
|
||||
</plist>
|
||||
```
|
||||
|
||||
Then:
|
||||
|
||||
```bash
|
||||
sudo launchctl load /Library/LaunchDaemon/com.gitea.runner.plist
|
||||
```
|
||||
|
||||
You can also set up a Linux or Windows service to let the runner run automatically.
|
||||
|
||||
## Install with the docker image
|
||||
|
||||
### Pull the image
|
||||
|
||||
You can use the docker image from [Docker Hub](https://hub.docker.com/r/gitea/runner/tags).
|
||||
Just like the binary, you can use the latest nightly build by using the `nightly` tag, while the `latest` tag is the latest stable release.
|
||||
|
||||
```bash
|
||||
docker pull docker.io/gitea/runner:latest # for the latest stable release
|
||||
```
|
||||
|
||||
If you want to use the newest or experimental features, you can also use the nightly image.
|
||||
```bash
|
||||
docker pull docker.io/gitea/runner:nightly # for the latest nightly build
|
||||
```
|
||||
|
||||
### Configuration
|
||||
|
||||
Configuration is optional, but you can also generate a config file with docker:
|
||||
|
||||
```bash
|
||||
docker run --entrypoint="" --rm -it docker.io/gitea/runner:latest runner generate-config > config.yaml
|
||||
```
|
||||
|
||||
When you are using the docker image, you can specify the configuration file by using the `CONFIG_FILE` environment variable. Make sure that the file is mounted into the container as a volume:
|
||||
|
||||
```bash
|
||||
docker run -v $PWD/config.yaml:/config.yaml -e CONFIG_FILE=/config.yaml ...
|
||||
```
|
||||
|
||||
You may notice the commands above are incomplete because it is not time to run the runner yet.
|
||||
Before running the runner, we need to register it to your Gitea instance first.
|
||||
|
||||
### Start the runner with docker
|
||||
|
||||
If you are using the docker image, behavior will be slightly different. Registration and running are combined into one step in this case, so you need to specify the registration information when running the runner.
|
||||
|
||||
A quick start with docker run along with a minimal parameter set is shown below. You need to get the `<registration_token>` from the above step, and set a unique name for `<gitea_runner_name>` and for `<container_name>`.
|
||||
|
||||
```bash
|
||||
docker run \
|
||||
-e GITEA_INSTANCE_URL=<instance_url> \
|
||||
-e GITEA_RUNNER_REGISTRATION_TOKEN=<registration_token> \
|
||||
-e GITEA_RUNNER_NAME=<gitea_runner_name> \
|
||||
--name <container_name> \
|
||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||
-d docker.io/gitea/runner:latest
|
||||
```
|
||||
|
||||
You can add more parameters to use a custom config, add a `data` directory for non-volatile file storage, etc.
|
||||
|
||||
```bash
|
||||
docker run \
|
||||
-v $PWD/config.yaml:/config.yaml \
|
||||
-v $PWD/data:/data \
|
||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||
-e CONFIG_FILE=/config.yaml \
|
||||
-e GITEA_INSTANCE_URL=<instance_url> \
|
||||
-e GITEA_RUNNER_REGISTRATION_TOKEN=<registration_token> \
|
||||
-e GITEA_RUNNER_NAME=<gitea_runner_name> \
|
||||
-e GITEA_RUNNER_LABELS=<runner_labels> \
|
||||
--name <container_name> \
|
||||
-d docker.io/gitea/runner:latest
|
||||
```
|
||||
|
||||
You may notice that we have mounted `/var/run/docker.sock` into the container.
|
||||
This is because with this setup, the runner will execute jobs in temporary Docker containers, so it needs to communicate with the Docker daemon.
|
||||
As mentioned, you can remove it if you want to run jobs on the host directly.
|
||||
To be clear, the "host" actually means the container that is running the runner now, instead of the host machine.
|
||||
|
||||
---
|
||||
|
||||
To enable ephemeral runners, set the environment variable `GITEA_RUNNER_EPHEMERAL=1` in the runner image. This setup doesn't use a `/data` volume because the credentials are single-use and not intended to be reused. You can find more details about this mode under [Ephemeral runners](#ephemeral-runners).
|
||||
|
||||
```bash
|
||||
docker run \
|
||||
-e GITEA_INSTANCE_URL=<instance_url> \
|
||||
-e GITEA_RUNNER_REGISTRATION_TOKEN=<registration_token> \
|
||||
-e GITEA_RUNNER_EPHEMERAL=1 \
|
||||
-e GITEA_RUNNER_NAME=<runner_name> \
|
||||
--name my_runner \
|
||||
-d docker.io/gitea/runner:nightly
|
||||
```
|
||||
|
||||
```bash
|
||||
docker run \
|
||||
-v $PWD/config.yaml:/config.yaml \
|
||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||
-e CONFIG_FILE=/config.yaml \
|
||||
-e GITEA_INSTANCE_URL=<instance_url> \
|
||||
-e GITEA_RUNNER_REGISTRATION_TOKEN=<registration_token> \
|
||||
-e GITEA_RUNNER_EPHEMERAL=1 \
|
||||
-e GITEA_RUNNER_NAME=<runner_name> \
|
||||
-e GITEA_RUNNER_LABELS=<runner_labels> \
|
||||
--name my_runner \
|
||||
-d docker.io/gitea/runner:nightly
|
||||
```
|
||||
|
||||
Mounting the host's Docker socket using `/var/run/docker.sock:/var/run/docker.sock` introduces a potential security vulnerability. If a job can access this socket, the reusable `GITEA_RUNNER_REGISTRATION_TOKEN` could be exposed through Docker inspect data.
|
||||
|
||||
### Start the runner using docker compose
|
||||
|
||||
You could also set up the runner using the following `docker-compose.yml`:
|
||||
|
||||
```yml
|
||||
version: "3.8"
|
||||
services:
|
||||
runner:
|
||||
image: docker.io/gitea/runner:nightly
|
||||
environment:
|
||||
CONFIG_FILE: /config.yaml
|
||||
GITEA_INSTANCE_URL: "${INSTANCE_URL}"
|
||||
GITEA_RUNNER_REGISTRATION_TOKEN: "${REGISTRATION_TOKEN}"
|
||||
GITEA_RUNNER_NAME: "${RUNNER_NAME}"
|
||||
GITEA_RUNNER_LABELS: "${RUNNER_LABELS}"
|
||||
volumes:
|
||||
- ./config.yaml:/config.yaml
|
||||
- ./data:/data
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
```
|
||||
|
||||
When using docker, there is no requirement to enter the container and manually run `./runner daemon` command as shown below. Once the container has been started successfully, it will show up as an active runner in your Gitea instance.
|
||||
|
||||
---
|
||||
|
||||
To enable ephemeral runners, set the environment variable `GITEA_RUNNER_EPHEMERAL=1` in the runner image. This setup doesn't use a `/data` volume because the credentials are single-use and not intended to be reused. You can find more details about this mode under [Ephemeral runners](#ephemeral-runners).
|
||||
|
||||
```yml
|
||||
version: "3.8"
|
||||
services:
|
||||
runner:
|
||||
image: docker.io/gitea/runner:nightly
|
||||
environment:
|
||||
CONFIG_FILE: /config.yaml
|
||||
GITEA_INSTANCE_URL: "${INSTANCE_URL}"
|
||||
GITEA_RUNNER_REGISTRATION_TOKEN: "${REGISTRATION_TOKEN}"
|
||||
GITEA_RUNNER_NAME: "${RUNNER_NAME}"
|
||||
GITEA_RUNNER_LABELS: "${RUNNER_LABELS}"
|
||||
GITEA_RUNNER_EPHEMERAL: "1"
|
||||
volumes:
|
||||
- ./config.yaml:/config.yaml
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
```
|
||||
|
||||
Mounting the host's Docker socket using `/var/run/docker.sock:/var/run/docker.sock` introduces a potential security vulnerability. If a job can access this socket, the reusable `GITEA_RUNNER_REGISTRATION_TOKEN` could be exposed through Docker inspect data.
|
||||
|
||||
### More start examples
|
||||
A couple more usage examples can be found in the [runner](https://gitea.com/gitea/runner/src/branch/main/examples) repository.
|
||||
|
||||
## Advanced Configurations
|
||||
|
||||
### Configuring cache when starting a runner using the docker image
|
||||
|
||||
If you do not intend to use `actions/cache` in your workflow, you can ignore this section.
|
||||
|
||||
If you use `actions/cache` without any additional configuration, it will return the following error:
|
||||
> Failed to restore: getCacheEntry failed: connect ETIMEDOUT IP:PORT
|
||||
|
||||
The error occurs because the runner container and job container are on different networks, so the job container cannot access the runner container.
|
||||
|
||||
Therefore, it is essential to configure the cache action to ensure its proper functioning. Follow these steps:
|
||||
|
||||
- 1. Obtain the LAN IP address of the host machine where the runner container is running.
|
||||
- 2. Find an available port number on the host machine where the runner container is running.
|
||||
- 3. Configure the following settings in the configuration file:
|
||||
|
||||
```yaml
|
||||
cache:
|
||||
enabled: true
|
||||
dir: ""
|
||||
# Use the LAN IP obtained in step 1
|
||||
host: "192.168.8.17"
|
||||
# Use the port number obtained in step 2
|
||||
port: 8088
|
||||
```
|
||||
|
||||
- 4. When starting the container, map the cache port to the host machine:
|
||||
|
||||
```bash
|
||||
docker run \
|
||||
--name gitea-docker-runner \
|
||||
-p 8088:8088 \
|
||||
-d docker.io/gitea/runner:nightly
|
||||
```
|
||||
|
||||
### Labels
|
||||
|
||||
The labels of a runner are used to determine which jobs the runner can run, and how to run them.
|
||||
|
||||
The default labels are `ubuntu-latest:docker://node:16-bullseye,ubuntu-22.04:docker://node:16-bullseye,ubuntu-20.04:docker://node:16-bullseye,ubuntu-18.04:docker://node:16-buster`.
|
||||
It is a comma-separated list, and each item is a label.
|
||||
|
||||
Let's take `ubuntu-22.04:docker://node:16-bullseye` as an example.
|
||||
It means that the runner can run jobs with `runs-on: ubuntu-22.04`, and the job will be run in a docker container with the image `node:16-bullseye`.
|
||||
|
||||
If the default image is insufficient for your needs, and you have enough disk space to use a better and bigger one, you can change it to `ubuntu-22.04:docker://<the image you like>`.
|
||||
You can find more useful images on [act images](https://github.com/nektos/act/blob/master/IMAGES.md).
|
||||
|
||||
If you want to run jobs on the host directly, you can change it to `ubuntu-22.04:host` or just `ubuntu-22.04`; `:host` is optional.
|
||||
However, we suggest you use a special name like `linux_amd64:host` or `windows:host` to avoid misusing it.
|
||||
|
||||
Starting with Gitea 1.21, you can change labels by modifying `runners.labels` in the runner configuration file (if you don't have a configuration file, please refer to [configuration tutorials](#configuration)).
|
||||
The runner will use these new labels as soon as you restart it, i.e., by calling `./runner daemon --config config.yaml`.
|
||||
119
docs/usage/actions/scoped-workflows.md
Normal file
119
docs/usage/actions/scoped-workflows.md
Normal file
@@ -0,0 +1,119 @@
|
||||
---
|
||||
date: "2026-06-26T00:00:00+00:00"
|
||||
slug: "scoped-workflows"
|
||||
sidebar_position: 60
|
||||
---
|
||||
|
||||
# Scoped Workflows
|
||||
|
||||
Scoped workflows let you maintain Actions workflows in one central **source** repository and have them run automatically on many other repositories, without copying the workflow files into each one.
|
||||
|
||||
A workflow file committed under a source repository's scoped-workflow directory runs on every repository that the source applies to (a "consuming" repository). Each run executes **in the consuming repository's own context**: its runners, secrets, `GITEA_TOKEN`, and branch, while the workflow **content is read from the source repository**. This is useful for mandating shared CI across an organization or instance: linting, security scans, compliance or policy checks, and similar.
|
||||
|
||||
## Levels
|
||||
|
||||
A source repository can be registered at two levels:
|
||||
|
||||
- **Owner level**: registered by an organization or user. The source's workflows run on every repository owned by that organization or user.
|
||||
- **Instance level**: registered by a site administrator. The source's workflows run on **every** repository on the instance.
|
||||
|
||||
The same repository may be registered at both levels; it is still evaluated once per matching event.
|
||||
|
||||
:::note
|
||||
Instance-level sources apply to **every** repository on the instance, and a required one cannot be opted out. Detection runs on every repository's events. Register them deliberately.
|
||||
:::
|
||||
|
||||
## Configuration
|
||||
|
||||
Scoped workflows live in a directory that is separate from regular workflows. It is controlled by `SCOPED_WORKFLOW_DIRS` in the `[actions]` section of `app.ini`:
|
||||
|
||||
```ini
|
||||
[actions]
|
||||
SCOPED_WORKFLOW_DIRS = .gitea/scoped_workflows
|
||||
```
|
||||
|
||||
- The default is `.gitea/scoped_workflows`.
|
||||
- It may list multiple directories (comma-separated).
|
||||
- It **must not overlap** with `WORKFLOW_DIRS` (the regular workflow directories, by default `.gitea/workflows` and `.github/workflows`).
|
||||
- Leaving it empty means no directory holds scoped workflows, so none are found or run. The settings page still appears and sources can still be registered, but no scoped workflow runs.
|
||||
|
||||
Keeping scoped workflows in their own directory means a source repository's *own* Actions are unaffected: only files under `SCOPED_WORKFLOW_DIRS` are treated as scoped workflows.
|
||||
|
||||
## Providing scoped workflows from a repository
|
||||
|
||||
1. In the would-be source repository, commit your workflow files under the scoped-workflow directory on its **default branch**, for example `.gitea/scoped_workflows/lint.yaml`:
|
||||
|
||||
```yaml
|
||||
name: Lint
|
||||
on: [push, pull_request]
|
||||
jobs:
|
||||
lint:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- run: echo "lint the consuming repository here"
|
||||
```
|
||||
|
||||
2. Register the repository as a source:
|
||||
|
||||
- **Organization**: *Organization Settings -> Actions -> Scoped Workflows*
|
||||
- **User**: *User Settings -> Actions -> Scoped Workflows*
|
||||
- **Instance (admin)**: *Site Administration -> Actions -> Scoped Workflows*
|
||||
|
||||
Search for and add the repository. From then on, its scoped workflows apply to the consuming repositories at that level.
|
||||
|
||||
The source repository is within its own scope, so it runs these workflows on itself like any other consumer.
|
||||
|
||||
## How scoped workflows run
|
||||
|
||||
- The run belongs to the **consuming** repository and uses its runners, secrets, `GITEA_TOKEN`, and ref. It behaves like a normal run there, including rerun, logs, and commit statuses.
|
||||
- The workflow **content is read from the source** repository, pinned to the source's default-branch commit at the time of the event.
|
||||
- Detection uses the consuming repository's event, so the workflow's `on:` triggers (such as `push` and `pull_request`) must match that event.
|
||||
|
||||
## Opting out
|
||||
|
||||
A consuming repository can disable a scoped workflow it does not want, from its **Actions** page (the workflow appears under its source). A workflow that has been marked **required** (see below) can never be disabled or opted out by a consuming repository.
|
||||
|
||||
## Required workflows and the merge gate
|
||||
|
||||
On the Scoped Workflows settings page you can mark individual workflows as **required** and give each one or more **status-check patterns** (one glob per line). A required scoped workflow:
|
||||
|
||||
- Cannot be disabled by consuming repositories.
|
||||
- Gates pull-request merges: a consuming pull request can only be merged once a commit status matching **every** pattern has **passed** (must-present-and-pass). A required check that never posts a status **blocks** the merge rather than being silently skipped, so disabling Actions on the consumer cannot bypass it.
|
||||
|
||||
The status-check context a scoped run posts has the form:
|
||||
|
||||
```
|
||||
<source repo full name>: <workflow display name> / <job> (<event>)
|
||||
```
|
||||
|
||||
The settings page previews these "Expected status checks" for each workflow and marks the ones your patterns match, so you can confirm a pattern is correct. A common pattern wildcards the job and event, for example `my-org/ci-repo: Lint / *`.
|
||||
|
||||
Enforcement scope:
|
||||
|
||||
- A required check is enforced on any target branch that has a **branch protection rule**, even one whose own status checks are disabled.
|
||||
- A target branch with **no** protection rule is not gated.
|
||||
|
||||
:::warning
|
||||
Only a workflow that runs on an event that posts a commit status (`push`, `pull_request`, `pull_request_target`, `release`) can be required. A workflow that runs only on events like `workflow_dispatch`, `schedule` or `workflow_call` posts no status, so marking it required would block every consuming pull request forever. The settings page warns you in this case.
|
||||
:::
|
||||
|
||||
## Reusable workflows (`uses:`)
|
||||
|
||||
Scoped workflows can call reusable workflows:
|
||||
|
||||
- A **local** reference (`uses: ./...`) resolves against the **source** repository: the repository the calling workflow's content came from, not the consuming repository.
|
||||
- A **cross-repository** reference (`uses: owner/repo/...@ref`) is resolved with the **consuming repository's** read permission. If it points to a private repository, make sure every consuming repository can read it; otherwise the workflow will fail there.
|
||||
|
||||
A reusable workflow can live under `SCOPED_WORKFLOW_DIRS` (or `WORKFLOW_DIRS`) of the source repository.
|
||||
|
||||
## Security considerations
|
||||
|
||||
A source repository's workflow content is executed in every repository it applies to, and its step scripts and their output are written to that repository's Actions logs, readable by anyone who can view the consuming repository's Actions.
|
||||
|
||||
- Registering a **private** repository as a source therefore discloses its workflow logic through those logs. Only register repositories whose workflow content may be shared with every consuming repository.
|
||||
|
||||
## Limitations
|
||||
|
||||
- `on: schedule` and `on: workflow_run` are currently not supported as scoped workflow triggers.
|
||||
- Scoped workflow content is read from the source's default branch; other branches of the source are not used.
|
||||
115
docs/usage/actions/token-permissions.md
Normal file
115
docs/usage/actions/token-permissions.md
Normal file
@@ -0,0 +1,115 @@
|
||||
---
|
||||
date: "2026-03-19T00:00:00+01:00"
|
||||
slug: "token-permissions"
|
||||
sidebar_position: 30
|
||||
---
|
||||
|
||||
# Actions job token permissions (`GITEA_TOKEN`)
|
||||
|
||||
Every Actions job receives a built-in token (`GITEA_TOKEN`) which can be used to access Gitea (Git over HTTP(S), API requests, etc.).
|
||||
This page documents how Gitea decides what the token is allowed to do.
|
||||
|
||||
In workflows, it is available as `${{ secrets.GITEA_TOKEN }}`. These settings and `permissions:` only affect `GITEA_TOKEN` (not other secrets like personal access tokens). For API calls, see [API authentication](development/api-usage.md).
|
||||
|
||||
## Where permissions come from
|
||||
|
||||
Gitea determines the job token permissions in this order:
|
||||
|
||||
1. Job-level `permissions:` (`jobs.<job_id>.permissions`)
|
||||
2. Workflow-level `permissions:` (top-level)
|
||||
3. Default permissions from settings (owner or repository)
|
||||
|
||||
The result is then **clamped** by the configured maximum token permissions (see below).
|
||||
|
||||
## Supported workflow syntax
|
||||
|
||||
Gitea supports the GitHub Actions-compatible `permissions:` keyword.
|
||||
|
||||
### Scalar values
|
||||
|
||||
```yaml
|
||||
permissions: read-all # or: write-all
|
||||
```
|
||||
|
||||
### Scoped mapping
|
||||
|
||||
```yaml
|
||||
permissions:
|
||||
contents: read
|
||||
issues: write
|
||||
pull-requests: none
|
||||
```
|
||||
|
||||
Valid access mode values for each scope are `read`, `write`, and `none`.
|
||||
|
||||
### Supported scopes
|
||||
|
||||
- `contents` (applies to `code` and `releases`)
|
||||
- `code`
|
||||
- `releases`
|
||||
- `issues`
|
||||
- `pull-requests`
|
||||
- `actions`
|
||||
- `wiki`
|
||||
- `projects`
|
||||
- `packages` (if supported by the target feature)
|
||||
|
||||
If you specify both `contents` and a more granular scope (like `code` or `releases`), the granular scope wins for that unit.
|
||||
|
||||
### Compatibility notes
|
||||
|
||||
Gitea supports a subset of GitHub Actions permission scopes.
|
||||
GitHub-only scopes such as `statuses`, `checks`, `deployments`, `id-token`, `security-events`, and `pages` are not currently supported by Gitea Actions.
|
||||
|
||||
Gitea also exposes repository-unit scopes that do not exist as separate scopes in GitHub Actions:
|
||||
|
||||
- `code`
|
||||
- `releases`
|
||||
- `wiki`
|
||||
- `projects`
|
||||
|
||||
## Default permission mode
|
||||
|
||||
If neither the workflow nor the job defines `permissions:`, Gitea uses the configured default mode:
|
||||
|
||||
- **Permissive**: read and write permissions for most units in the job's repository (backwards-compatible default).
|
||||
- **Restricted**: read-only permissions for `code`, `releases`, and `packages` in the job's repository, and no access to other units by default.
|
||||
|
||||
## Maximum token permissions (clamping)
|
||||
|
||||
You can configure a maximum permission per repository unit.
|
||||
The job's effective permissions are computed as:
|
||||
|
||||
`effective = min(requested, maximum)`
|
||||
|
||||
This means workflows can reduce permissions for a job, but cannot exceed your configured maximum.
|
||||
If you don't configure a maximum, the maximum defaults to `write` for all scopes.
|
||||
|
||||
## Where to configure
|
||||
|
||||
You can configure defaults and maximums at:
|
||||
|
||||
- **User / Organization**: `Settings` → `Actions` → `General`
|
||||
- **Repository**: `Settings` → `Actions` → `General`
|
||||
- For repositories in an organization, the repository can follow the owner-level configuration, or opt out with **Override owner-level configuration**.
|
||||
|
||||
Note: Repository-level token permission settings are only shown once **Repository Actions** are enabled.
|
||||
|
||||
## Fork pull requests
|
||||
|
||||
For security reasons, workflows triggered by pull requests from forks are always restricted to read-only permissions for repository contents, regardless of workflow `permissions:` or settings.
|
||||
|
||||
## Cross-repository access
|
||||
|
||||
By default, `GITEA_TOKEN` only has access to:
|
||||
|
||||
- The job's repository (according to the computed permissions)
|
||||
- Public repositories (read-only)
|
||||
|
||||
Access to other private repositories is denied by default.
|
||||
A user or organization can allow read-only access to selected private repositories via **Settings → Actions → General → Cross-Repository Access**.
|
||||
|
||||
Private repositories can also allow selected collaborative owners via **Settings → Actions → General**.
|
||||
This allows the private repositories of those owners to read the current private repository for Actions use, such as private actions and reusable workflows.
|
||||
|
||||
Fork pull request workflows never gain cross-repository access to private repositories, even if those repositories are listed.
|
||||
@@ -6,11 +6,13 @@ sidebar_position: 25
|
||||
|
||||
# Variables
|
||||
|
||||
## User-defined variables
|
||||
|
||||
You can create configuration variables on the user, organization and repository level.
|
||||
The level of the variable depends on where you created it. When creating a variable, the
|
||||
key will be converted to uppercase. You need use uppercase on the yaml file.
|
||||
|
||||
## Naming conventions
|
||||
### Naming conventions
|
||||
|
||||
The following rules apply to variable names:
|
||||
|
||||
@@ -21,12 +23,118 @@ The following rules apply to variable names:
|
||||
- Variable names must be unique at the level they are created at.
|
||||
- Variable names must not start with `CI`.
|
||||
|
||||
## Using variable
|
||||
### Using variables
|
||||
|
||||
After creating configuration variables, they will be automatically filled in the `vars` context.
|
||||
They can be accessed through expressions like `${{ vars.VARIABLE_NAME }}` in the workflow.
|
||||
|
||||
## Precedence
|
||||
### Precedence
|
||||
|
||||
If a variable with the same name exists at multiple levels, the variable at the lowest level takes precedence:
|
||||
A repository variable will always be chosen over an organization/user variable.
|
||||
|
||||
## Pre-defined context variables
|
||||
|
||||
These variables are available in workflow expressions via `${{ gitea.<name> }}`. For compatibility, `${{ github.<name> }}` works as an alias.
|
||||
|
||||
| Name | Description | Example |
|
||||
|---|---|---|
|
||||
| `gitea.action`<br/>`github.action` | The name of the action currently running, or the `id` of a step. | `__run` |
|
||||
| `gitea.action_path`<br/>`github.action_path` | The path where an action is located. Only supported in composite actions. | `/home/runner/work/_actions/actions/checkout/v4` |
|
||||
| `gitea.action_ref`<br/>`github.action_ref` | The ref of the action being executed. | `v4` |
|
||||
| `gitea.action_repository`<br/>`github.action_repository` | The owner and repository name of the action. | `actions/checkout` |
|
||||
| `gitea.action_status`<br/>`github.action_status` | The current result of a composite action. | `success` |
|
||||
| `gitea.actor`<br/>`github.actor` | The username of the user that triggered the initial workflow run. | `silverwind` |
|
||||
| `gitea.api_url`<br/>`github.api_url` | The URL of the REST API. | `https://gitea.com/api/v1` |
|
||||
| `gitea.base_ref`<br/>`github.base_ref` | The target branch of a pull request. Only set for `pull_request` and `pull_request_target` events. | `main` |
|
||||
| `gitea.env`<br/>`github.env` | Path on the runner to the file that sets environment variables from workflow commands. Unique to each step. | `/home/runner/work/_temp/_runner_file_commands/set_env_***` |
|
||||
| `gitea.event`<br/>`github.event` | The full event webhook payload as an object. | `{...}` |
|
||||
| `gitea.event_name`<br/>`github.event_name` | The name of the event that triggered the workflow run. | `push` |
|
||||
| `gitea.event_path`<br/>`github.event_path` | Path on the runner to the file containing the full event webhook payload. | `/home/runner/work/_temp/_github_workflow/event.json` |
|
||||
| `gitea.head_ref`<br/>`github.head_ref` | The source branch of a pull request. Only set for `pull_request` and `pull_request_target` events. | `feature-branch` |
|
||||
| `gitea.job`<br/>`github.job` | The `job_id` of the current job. | `build` |
|
||||
| `gitea.ref`<br/>`github.ref` | The fully-formed ref that triggered the workflow. | `refs/heads/main` |
|
||||
| `gitea.ref_name`<br/>`github.ref_name` | The short ref name. | `main` |
|
||||
| `gitea.ref_protected`<br/>`github.ref_protected` | `true` if branch protections are configured for the ref that triggered the workflow run. | `true` |
|
||||
| `gitea.ref_type`<br/>`github.ref_type` | The type of ref: `branch` or `tag`. | `branch` |
|
||||
| `gitea.path`<br/>`github.path` | Path on the runner to the file that sets system `PATH` variables from workflow commands. Unique to each step. | `/home/runner/work/_temp/_runner_file_commands/add_path_***` |
|
||||
| `gitea.repository`<br/>`github.repository` | The owner and repository name. | `gitea/docs` |
|
||||
| `gitea.repository_owner`<br/>`github.repository_owner` | The repository owner's username. | `gitea` |
|
||||
| `gitea.repositoryUrl`<br/>`github.repositoryUrl` | The HTML URL to the repository. | `https://gitea.com/gitea/docs` |
|
||||
| `gitea.retention_days`<br/>`github.retention_days` | The number of days that workflow run logs and artifacts are kept. | `90` |
|
||||
| `gitea.run_id`<br/>`github.run_id` | A unique number for each workflow run within a repository. Does not change on re-run. | `1234` |
|
||||
| `gitea.run_number`<br/>`github.run_number` | A unique number for each run of a particular workflow. Starts at 1 and increments with each new run. | `42` |
|
||||
| `gitea.run_attempt`<br/>`github.run_attempt` | A unique number for each re-run attempt. Starts at 1 and increments with each re-run. | `1` |
|
||||
| `gitea.secret_source`<br/>`github.secret_source` | The source of a secret used in a workflow. Always `Actions` in Gitea. | `Actions` |
|
||||
| `gitea.server_url`<br/>`github.server_url` | The URL of the Gitea instance. | `https://gitea.com` |
|
||||
| `gitea.sha`<br/>`github.sha` | The commit SHA that triggered the workflow. | `a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2` |
|
||||
| `gitea.token`<br/>`github.token` | A token to authenticate on behalf of the Gitea App installed on the repository. See [Token permissions](token-permissions.md). | `ghs_***` |
|
||||
| `gitea.triggering_actor`<br/>`github.triggering_actor` | The username of the user that initiated the workflow run. May differ from `actor` on re-runs. | `silverwind` |
|
||||
| `gitea.workflow`<br/>`github.workflow` | The name of the workflow. If unnamed, the full path of the workflow file. | `CI` |
|
||||
| `gitea.workspace`<br/>`github.workspace` | The default working directory on the runner and the default location of your repository when using the `checkout` action. | `/workspace/gitea/docs` |
|
||||
| `gitea.gitea_default_actions_url` | The default URL for downloading actions. Gitea-specific. | `https://github.com` |
|
||||
|
||||
## Pre-defined environment variables
|
||||
|
||||
These environment variables are set automatically in every workflow run and can be accessed directly (e.g. `$CI` in shell scripts).
|
||||
|
||||
### Standard environment variables
|
||||
|
||||
| Name | Description | Example |
|
||||
|---|---|---|
|
||||
| `CI` | Always set to `true`. | `true` |
|
||||
| `GITEA_ACTIONS` | Always set to `true`. Useful to distinguish Gitea Actions from other CI systems. | `true` |
|
||||
| `GITEA_ACTIONS_RUNNER_VERSION` | The version of the runner executing the workflow. | `1.0.8` |
|
||||
| `GITEA_ENV`<br/>`GITHUB_ENV` | Path to the file that sets environment variables for subsequent steps. | `/home/runner/work/_temp/_runner_file_commands/set_env_***` |
|
||||
| `GITEA_OUTPUT`<br/>`GITHUB_OUTPUT` | Path to the file that sets step output parameters. | `/home/runner/work/_temp/_runner_file_commands/set_output_***` |
|
||||
| `GITEA_PATH`<br/>`GITHUB_PATH` | Path to the file that adds system `PATH` entries for subsequent steps. | `/home/runner/work/_temp/_runner_file_commands/add_path_***` |
|
||||
| `GITEA_STATE`<br/>`GITHUB_STATE` | Path to the file that sets step state variables. | `/home/runner/work/_temp/_runner_file_commands/save_state_***` |
|
||||
| `GITEA_STEP_SUMMARY`<br/>`GITHUB_STEP_SUMMARY` | Path to the file for writing job summaries. | `/home/runner/work/_temp/_runner_file_commands/step_summary_***` |
|
||||
| `GITHUB_ACTIONS` | Always set to `true`. | `true` |
|
||||
| `GITHUB_ACTION` | The name of the action currently running, or the step `id`. | `__run` |
|
||||
| `GITHUB_ACTION_PATH` | The path where the action is located. | `/home/runner/work/_actions/actions/checkout/v4` |
|
||||
| `GITHUB_ACTION_REF` | The ref of the action being executed. | `v4` |
|
||||
| `GITHUB_ACTION_REPOSITORY` | The owner and repository of the action. | `actions/checkout` |
|
||||
| `GITHUB_ACTOR` | The username of the user that triggered the workflow. | `silverwind` |
|
||||
| `GITHUB_API_URL` | The URL of the REST API. | `https://gitea.com/api/v1` |
|
||||
| `GITHUB_BASE_REF` | The target branch of a pull request. | `main` |
|
||||
| `GITHUB_EVENT_NAME` | The name of the event that triggered the workflow. | `push` |
|
||||
| `GITHUB_EVENT_PATH` | Path to the file containing the event webhook payload. | `/home/runner/work/_temp/_github_workflow/event.json` |
|
||||
| `GITHUB_GRAPHQL_URL` | Empty in Gitea (GraphQL is not supported). | _(empty)_ |
|
||||
| `GITHUB_HEAD_REF` | The source branch of a pull request. | `feature-branch` |
|
||||
| `GITHUB_JOB` | The `job_id` of the current job. | `build` |
|
||||
| `GITHUB_REF` | The fully-formed ref that triggered the workflow. | `refs/heads/main` |
|
||||
| `GITHUB_REF_NAME` | The short ref name. | `main` |
|
||||
| `GITHUB_REF_TYPE` | The type of ref: `branch` or `tag`. | `branch` |
|
||||
| `GITHUB_REPOSITORY` | The owner and repository name. | `gitea/docs` |
|
||||
| `GITHUB_REPOSITORY_OWNER` | The repository owner's username. | `gitea` |
|
||||
| `GITHUB_RETENTION_DAYS` | The number of days that workflow run logs and artifacts are kept. | `90` |
|
||||
| `GITHUB_RUN_ATTEMPT` | The attempt number of the workflow run. | `1` |
|
||||
| `GITHUB_RUN_ID` | A unique number for each workflow run. | `1234` |
|
||||
| `GITHUB_RUN_NUMBER` | A unique number for each run of a particular workflow. | `42` |
|
||||
| `GITHUB_SERVER_URL` | The URL of the Gitea instance. | `https://gitea.com` |
|
||||
| `GITHUB_SHA` | The commit SHA that triggered the workflow. | `a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2` |
|
||||
| `GITHUB_WORKFLOW` | The name of the workflow. | `CI` |
|
||||
| `GITHUB_WORKSPACE` | The default working directory on the runner. | `/workspace/gitea/docs` |
|
||||
|
||||
### Runner environment variables
|
||||
|
||||
| Name | Description | Example |
|
||||
|---|---|---|
|
||||
| `RUNNER_ARCH` | The architecture of the runner. | `X64` |
|
||||
| `RUNNER_OS` | The operating system of the runner. | `Linux` |
|
||||
| `RUNNER_TEMP` | Path to a temporary directory on the runner. | `/tmp` |
|
||||
| `RUNNER_TOOL_CACHE` | Path to the tool cache directory on the runner. | `/opt/hostedtoolcache` |
|
||||
|
||||
### Internal environment variables
|
||||
|
||||
These are used internally by the runner and actions. They are typically not needed in workflows directly.
|
||||
|
||||
| Name | Description | Example |
|
||||
|---|---|---|
|
||||
| `ACTIONS_CACHE_URL` | URL for the actions cache service. | `http://192.168.1.10:8088/` |
|
||||
| `ACTIONS_ID_TOKEN_REQUEST_TOKEN` | Token for OIDC requests. Only set when configured. | `***` |
|
||||
| `ACTIONS_ID_TOKEN_REQUEST_URL` | URL to request OIDC tokens. Only set when configured. | `https://gitea.com/login/oauth/access_token` |
|
||||
| `ACTIONS_RESULTS_URL` | URL for storing artifacts. | `https://gitea.com` |
|
||||
| `ACTIONS_RUNTIME_TOKEN` | Authentication token for the Actions pipeline API. | `***` |
|
||||
| `ACTIONS_RUNTIME_URL` | URL for the Gitea Actions pipeline API. | `https://gitea.com/api/actions_pipeline/` |
|
||||
|
||||
9
docs/usage/issues-prs/_category_.json
Normal file
9
docs/usage/issues-prs/_category_.json
Normal file
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"label": "Issues & Pull Requests",
|
||||
"position": 20,
|
||||
"link": {
|
||||
"type": "generated-index",
|
||||
"slug": "/usage/issues-prs",
|
||||
"description": "Issues and Pull Requests workflow, templates, and collaboration features"
|
||||
}
|
||||
}
|
||||
@@ -4,9 +4,11 @@ slug: "agit"
|
||||
sidebar_position: 12
|
||||
aliases:
|
||||
- /en-us/agit-setup
|
||||
- /agit-setup
|
||||
- /agit
|
||||
---
|
||||
|
||||
# AGit Setup
|
||||
# AGit
|
||||
|
||||
In Gitea `1.13`, support for [AGit](https://git-repo.info/en/2020/03/agit-flow-and-git-repo/) was added. AGit enables users to create pull requests directly, even without write permissions of the repository, eliminating the need to fork it. This helps reduce the number of duplicated repositories and minimizes unnecessary disk usage.
|
||||
|
||||
@@ -27,19 +29,21 @@ git push origin HEAD:refs/for/main
|
||||
The command has the following structure:
|
||||
|
||||
- `HEAD`: The target branch
|
||||
- `refs/<for|draft|for-review>/<branch>`: The target PR type
|
||||
- `origin`: The target repository (not a fork!)
|
||||
- `HEAD`: The local branch containing the changes you are proposing
|
||||
- `refs/<for|draft|for-review>/<branch>`: The target PR type and configuration
|
||||
- `for`: Create a normal PR with `<branch>` as the target branch
|
||||
- `draft`/ `for-review`: Currently ignored silently
|
||||
- `<branch>/<session>`: The target branch to open the PR
|
||||
- `draft`/`for-review`: Currently ignored silently
|
||||
- `<branch>/`: The branch you want your changes to be merged into
|
||||
- `-o <topic|title|description>`: Options for the PR
|
||||
- `title`: The PR title
|
||||
- `topic`: The branch name the PR should be opened for
|
||||
- `description`: The PR description
|
||||
- `topic`: The topic of this change. It will become the name of the branch holding the changes waiting for review. This is REQUIRED to trigger a pull request.
|
||||
- `title`: The PR title (optional but recommended), only used for topics not already having an associated PR.
|
||||
- `description`: The PR description (optional but recommended), only used for topics not already having an associated PR.
|
||||
- `force-push=true`: Specifies whether to force-update the target branch.
|
||||
- Note: omitting the value and using just `-o force-push` will not work.
|
||||
- Note: omitting the value and using just `-o force-push` will also work.
|
||||
|
||||
Here's another advanced example for creating a new PR targeting `main` with `topic`, `title`, and `description`:
|
||||
|
||||
```shell
|
||||
git push origin HEAD:refs/for/main -o topic="Topic of my PR" -o title="Title of the PR" -o description="# The PR Description\nThis can be **any** markdown content.\n- [x] Ok"
|
||||
git push origin HEAD:refs/for/main -o topic="topic_of_my_PR" -o title="Title of the PR" -o description="# The PR Description\nThis can be **any** markdown content.\n- [x] Ok"
|
||||
```
|
||||
@@ -10,9 +10,10 @@ aliases:
|
||||
|
||||
Some projects have a standard list of questions that users need to answer
|
||||
when creating an issue or pull request. Gitea supports adding templates to the
|
||||
main branch of the repository so that they can autopopulate the form when users are
|
||||
**default branch of the repository** so that they can autopopulate the form when users are
|
||||
creating issues and pull requests. This will cut down on the initial back and forth
|
||||
of getting some clarifying details.
|
||||
It is currently not possible to provide generic issue/pull-request templates globally.
|
||||
|
||||
Additionally, the New Issue page URL can be suffixed with `?title=Issue+Title&body=Issue+Text` and the form will be populated with those strings. Those strings will be used instead of the template if there is one.
|
||||
|
||||
@@ -98,6 +99,9 @@ name: "Template Name"
|
||||
about: "This template is for testing!"
|
||||
title: "[TEST] "
|
||||
ref: "main"
|
||||
assignees: ["user1"]
|
||||
projects:
|
||||
- Example Project
|
||||
labels:
|
||||
|
||||
- bug
|
||||
@@ -110,7 +114,10 @@ This is the template!
|
||||
|
||||
In the above example, when a user is presented with the list of issues they can submit, this would show as `Template Name` with the description
|
||||
`This template is for testing!`. When submitting an issue with the above example, the issue title would be pre-populated with
|
||||
`[TEST] ` while the issue body would be pre-populated with `This is the template!`. The issue would also be assigned two labels,
|
||||
`[TEST] ` while the issue body would be pre-populated with `This is the template!`.
|
||||
The issue would be assigned to `user1`.
|
||||
The issue would be assigned to the project `Example Project`.
|
||||
The issue would also be assigned two labels,
|
||||
`bug` and `help needed`, and the issue will have a reference to `main`.
|
||||
|
||||
## Syntax for yaml template
|
||||
@@ -126,6 +133,12 @@ body:
|
||||
attributes:
|
||||
value: |
|
||||
Thanks for taking the time to fill out this bug report!
|
||||
# some markdown that will only be visible once the issue has been created
|
||||
- type: markdown
|
||||
attributes:
|
||||
value: |
|
||||
This issue was created by an issue **template** :)
|
||||
visible: [content]
|
||||
- type: input
|
||||
id: contact
|
||||
attributes:
|
||||
@@ -173,15 +186,21 @@ body:
|
||||
id: terms
|
||||
attributes:
|
||||
label: Code of Conduct
|
||||
hide_label: true
|
||||
description: By submitting this issue, you agree to follow our [Code of Conduct](https://example.com)
|
||||
options:
|
||||
- label: I agree to follow this project's Code of Conduct
|
||||
required: true
|
||||
- label: I have also read the CONTRIBUTION.MD
|
||||
required: true
|
||||
visible: [form]
|
||||
- label: This is a TODO only visible after issue creation
|
||||
visible: [content]
|
||||
```
|
||||
|
||||
### Markdown
|
||||
|
||||
You can use a `markdown` element to display Markdown in your form that provides extra context to the user, but is not submitted.
|
||||
You can use a `markdown` element to display Markdown in your form that provides extra context to the user, but is not submitted by default.
|
||||
|
||||
Attributes:
|
||||
|
||||
@@ -189,19 +208,22 @@ Attributes:
|
||||
|-------|--------------------------------------------------------------|----------|--------|---------|--------------|
|
||||
| value | The text that is rendered. Markdown formatting is supported. | Required | String | - | - |
|
||||
|
||||
visible: Default is **[form]**
|
||||
|
||||
### Textarea
|
||||
|
||||
You can use a `textarea` element to add a multi-line text field to your form. Contributors can also attach files in `textarea` fields.
|
||||
|
||||
Attributes:
|
||||
|
||||
| Key | Description | Required | Type | Default | Valid values |
|
||||
|-------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|--------|--------------|---------------------------|
|
||||
| label | A brief description of the expected user input, which is also displayed in the form. | Required | String | - | - |
|
||||
| description | A description of the text area to provide context or guidance, which is displayed in the form. | Optional | String | Empty String | - |
|
||||
| placeholder | A semi-opaque placeholder that renders in the text area when empty. | Optional | String | Empty String | - |
|
||||
| value | Text that is pre-filled in the text area. | Optional | String | - | - |
|
||||
| render | If a value is provided, submitted text will be formatted into a codeblock. When this key is provided, the text area will not expand for file attachments or Markdown editing. | Optional | String | - | Languages known to Gitea. |
|
||||
| Key | Description | Required | Type | Default | Valid values |
|
||||
|-------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|---------|--------------|---------------------------|
|
||||
| label | A brief description of the expected user input, which is also displayed in the form. | Required | String | - | - |
|
||||
| hide_label | If true, the label normally used as a headline is not visible. | Optional | Boolean | false | - |
|
||||
| description | A description of the text area to provide context or guidance, which is displayed in the form. | Optional | String | Empty String | - |
|
||||
| placeholder | A semi-opaque placeholder that renders in the text area when empty. | Optional | String | Empty String | - |
|
||||
| value | Text that is pre-filled in the text area. | Optional | String | - | - |
|
||||
| render | If a value is provided, submitted text will be formatted into a codeblock. When this key is provided, the text area will not expand for file attachments or Markdown editing. | Optional | String | - | Languages known to Gitea. |
|
||||
|
||||
Validations:
|
||||
|
||||
@@ -209,18 +231,21 @@ Validations:
|
||||
|----------|------------------------------------------------------|----------|---------|---------|--------------|
|
||||
| required | Prevents form submission until element is completed. | Optional | Boolean | false | - |
|
||||
|
||||
visible: Default is **[form, content]**
|
||||
|
||||
### Input
|
||||
|
||||
You can use an `input` element to add a single-line text field to your form.
|
||||
|
||||
Attributes:
|
||||
|
||||
| Key | Description | Required | Type | Default | Valid values |
|
||||
|-------------|--------------------------------------------------------------------------------------------|----------|--------|--------------|--------------|
|
||||
| label | A brief description of the expected user input, which is also displayed in the form. | Required | String | - | - |
|
||||
| description | A description of the field to provide context or guidance, which is displayed in the form. | Optional | String | Empty String | - |
|
||||
| placeholder | A semi-transparent placeholder that renders in the field when empty. | Optional | String | Empty String | - |
|
||||
| value | Text that is pre-filled in the field. | Optional | String | - | - |
|
||||
| Key | Description | Required | Type | Default | Valid values |
|
||||
|-------------|--------------------------------------------------------------------------------------------|----------|---------|--------------|--------------|
|
||||
| label | A brief description of the expected user input, which is also displayed in the form. | Required | String | - | - |
|
||||
| hide_label | If true, the label normally used as a headline is not visible. | Optional | Boolean | false | - |
|
||||
| description | A description of the field to provide context or guidance, which is displayed in the form. | Optional | String | Empty String | - |
|
||||
| placeholder | A semi-transparent placeholder that renders in the field when empty. | Optional | String | Empty String | - |
|
||||
| value | Text that is pre-filled in the field. | Optional | String | - | - |
|
||||
|
||||
Validations:
|
||||
|
||||
@@ -230,6 +255,8 @@ Validations:
|
||||
| is_number | Prevents form submission until element is filled with a number. | Optional | Boolean | false | - |
|
||||
| regex | Prevents form submission until element is filled with a value that match the regular expression. | Optional | String | - | a [regular expression](https://en.wikipedia.org/wiki/Regular_expression) |
|
||||
|
||||
visible: Default is **[form, content]**
|
||||
|
||||
### Dropdown
|
||||
|
||||
You can use a `dropdown` element to add a dropdown menu in your form.
|
||||
@@ -239,8 +266,10 @@ Attributes:
|
||||
| Key | Description | Required | Type | Default | Valid values |
|
||||
|-------------|-----------------------------------------------------------------------------------------------------|----------|--------------|--------------|--------------|
|
||||
| label | A brief description of the expected user input, which is displayed in the form. | Required | String | - | - |
|
||||
| hide_label | If true, the label normally used as a headline is not visible. | Optional | Boolean | false | - |
|
||||
| description | A description of the dropdown to provide extra context or guidance, which is displayed in the form. | Optional | String | Empty String | - |
|
||||
| multiple | Determines if the user can select more than one option. | Optional | Boolean | false | - |
|
||||
| list | If true, display as a list. If false, print items on one line with commas. | Optional | Boolean | false | - |
|
||||
| options | An array of options the user can choose from. Cannot be empty and all choices must be distinct. | Required | String array | - | - |
|
||||
|
||||
Validations:
|
||||
@@ -249,24 +278,30 @@ Validations:
|
||||
|----------|------------------------------------------------------|----------|---------|---------|--------------|
|
||||
| required | Prevents form submission until element is completed. | Optional | Boolean | false | - |
|
||||
|
||||
visible: Default is **[form, content]**
|
||||
|
||||
### Checkboxes
|
||||
|
||||
You can use the `checkboxes` element to add a set of checkboxes to your form.
|
||||
|
||||
Attributes:
|
||||
|
||||
| Key | Description | Required | Type | Default | Valid values |
|
||||
|-------------|-------------------------------------------------------------------------------------------------------|----------|--------|--------------|--------------|
|
||||
| label | A brief description of the expected user input, which is displayed in the form. | Required | String | - | - |
|
||||
| description | A description of the set of checkboxes, which is displayed in the form. Supports Markdown formatting. | Optional | String | Empty String | - |
|
||||
| options | An array of checkboxes that the user can select. For syntax, see below. | Required | Array | - | - |
|
||||
| Key | Description | Required | Type | Default | Valid values |
|
||||
|-------------|-------------------------------------------------------------------------------------------------------|----------|---------|--------------|--------------|
|
||||
| label | A brief description of the expected user input, which is displayed in the form. | Required | String | - | - |
|
||||
| hide_label | If true, the label normally used as a headline is not visible. | Optional | Boolean | false | - |
|
||||
| description | A description of the set of checkboxes, which is displayed in the form. Supports Markdown formatting. | Optional | String | Empty String | - |
|
||||
| options | An array of checkboxes that the user can select. For syntax, see below. | Required | Array | - | - |
|
||||
|
||||
For each value in the options array, you can set the following keys.
|
||||
|
||||
| Key | Description | Required | Type | Default | Options |
|
||||
|----------|------------------------------------------------------------------------------------------------------------------------------------------|----------|---------|---------|---------|
|
||||
| label | The identifier for the option, which is displayed in the form. Markdown is supported for bold or italic text formatting, and hyperlinks. | Required | String | - | - |
|
||||
| required | Prevents form submission until element is completed. | Optional | Boolean | false | - |
|
||||
| Key | Description | Required | Type | Default | Options |
|
||||
|--------------|------------------------------------------------------------------------------------------------------------------------------------------|----------|--------------|---------|---------|
|
||||
| label | The identifier for the option, which is displayed in the form. Markdown is supported for bold or italic text formatting, and hyperlinks. | Required | String | - | - |
|
||||
| required | Prevents form submission until element is completed. | Optional | Boolean | false | - |
|
||||
| visible | Whether a specific checkbox appears in the form only, in the created issue only, or both. Valid options are "form" and "content". | Optional | String array | false | - |
|
||||
|
||||
visible: Default is **[form, content]**
|
||||
|
||||
## Syntax for issue config
|
||||
|
||||
@@ -276,21 +311,21 @@ This is a example for a issue config file
|
||||
blank_issues_enabled: true
|
||||
contact_links:
|
||||
- name: Gitea
|
||||
url: https://gitea.io
|
||||
url: https://gitea.com
|
||||
about: Visit the Gitea Website
|
||||
```
|
||||
|
||||
### Possible Options
|
||||
|
||||
| Key | Description | Type | Default |
|
||||
|----------------------|-------------------------------------------------------------------------------------------------------|--------------------|----------------|
|
||||
| blank_issues_enabled | If set to false, the User is forced to use a Template | Boolean | true |
|
||||
| contact_links | Custom Links to show in the Choose Box | Contact Link Array | Empty Array |
|
||||
| Key | Description | Type | Default |
|
||||
|----------------------|-------------------------------------------------------|--------------------|-------------|
|
||||
| blank_issues_enabled | If set to false, the User is forced to use a Template | Boolean | true |
|
||||
| contact_links | Custom Links to show in the Choose Box | Contact Link Array | Empty Array |
|
||||
|
||||
### Contact Link
|
||||
|
||||
| Key | Description | Type | Required |
|
||||
|----------------------|-------------------------------------------------------------------------------------------------------|---------|----------|
|
||||
| name | the name of your link | String | true |
|
||||
| url | The URL of your Link | String | true |
|
||||
| about | A short description of your Link | String | true |
|
||||
| Key | Description | Type | Required |
|
||||
|-------|----------------------------------|--------|----------|
|
||||
| name | the name of your link | String | true |
|
||||
| url | The URL of your Link | String | true |
|
||||
| about | A short description of your Link | String | true |
|
||||
@@ -18,7 +18,7 @@ For organizations, you can define organization-wide labels that are shared with
|
||||
|
||||
Labels have a mandatory name, a mandatory color, an optional description, and must either be exclusive or not (see `Scoped Labels` below).
|
||||
|
||||
When you create a repository, you can ensure certain labels exist by using the `Issue Labels` option. This option lists a number of available label sets that are [configured globally on your instance](../administration/customizing-gitea.md#labels). Its contained labels will all be created as well while creating the repository.
|
||||
When you create a repository, you can ensure certain labels exist by using the `Issue Labels` option. This option lists a number of available label sets that are [configured globally on your instance](../../administration/customizing-gitea.md#labels). Its contained labels will all be created as well while creating the repository.
|
||||
|
||||
## Scoped Labels
|
||||
|
||||
@@ -85,7 +85,7 @@ Sometimes a commit or pull request may fix or bring back a problem documented
|
||||
in a particular issue. Gitea supports closing and reopening the referenced
|
||||
issues by preceding the reference with a particular _keyword_. Common keywords
|
||||
include "closes", "fixes", "reopens", etc. This list can be
|
||||
[customized](../administration/config-cheat-sheet.md) by the
|
||||
[customized](../../administration/config-cheat-sheet) by the
|
||||
site administrator.
|
||||
|
||||
Example:
|
||||
@@ -1,12 +1,9 @@
|
||||
---
|
||||
date: "2018-06-01T19:00:00+02:00"
|
||||
|
||||
slug: "pull-request"
|
||||
sidebar_position: 13
|
||||
|
||||
aliases:
|
||||
- /en-us/pull-request
|
||||
|
||||
---
|
||||
|
||||
# Pull Request
|
||||
@@ -58,6 +55,22 @@ WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]
|
||||
|
||||
The first value of the list will be used in helpers.
|
||||
|
||||
## Default pull request title
|
||||
|
||||
When opening a new pull request, Gitea pre-fills the title field. The source of that title is controlled by the `DEFAULT_TITLE_SOURCE` setting in `app.ini`:
|
||||
|
||||
```ini
|
||||
[repository.pull-request]
|
||||
DEFAULT_TITLE_SOURCE = first-commit
|
||||
```
|
||||
|
||||
Two modes are available:
|
||||
|
||||
- **`first-commit`** (default): The title is taken from the summary line of the oldest commit in the branch. This applies regardless of how many commits are included in the PR.
|
||||
- **`auto`**: When the PR contains a single commit, its summary line is used as the title (same as `first-commit` for one commit). When the PR contains multiple commits, Gitea converts the branch name into a human-readable sentence: dashes, underscores, and `camelCase` word boundaries are replaced with spaces, and the first letter is capitalized.
|
||||
|
||||
Example: branch name `fix-user-login-flow` with multiple commits produces the title `Fix user login flow` under `auto`, but would use the oldest commit's message under `first-commit`.
|
||||
|
||||
## Pull Request Templates
|
||||
|
||||
You can find more information about pull request templates at the page [Issue and Pull Request templates](usage/issue-pull-request-templates.md).
|
||||
You can find more information about pull request templates at the page [Issue and Pull Request templates](issue-pull-request-templates).
|
||||
9
docs/usage/packages/_category_.json
Normal file
9
docs/usage/packages/_category_.json
Normal file
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"label": "Packages",
|
||||
"position": 40,
|
||||
"link": {
|
||||
"type": "generated-index",
|
||||
"slug": "/usage/packages",
|
||||
"description": "Managing packages and package registries"
|
||||
}
|
||||
}
|
||||
@@ -28,7 +28,7 @@ https://gitea.example.com/api/packages/{owner}/alpine/<branch>/<repository>
|
||||
| `branch` | The branch to use. |
|
||||
| `repository` | The repository to use. |
|
||||
|
||||
If the registry is private, provide credentials in the url. You can use a password or a [personal access token](development/api-usage.md#authentication):
|
||||
If the registry is private, provide credentials in the url. You can use a password or a [personal access token](development/api-usage.md):
|
||||
|
||||
```
|
||||
https://{username}:{your_password_or_token}@gitea.example.com/api/packages/{owner}/alpine/<branch>/<repository>
|
||||
@@ -68,7 +68,7 @@ curl --user your_username:your_password_or_token \
|
||||
https://gitea.example.com/api/packages/testuser/alpine/v3.17/main
|
||||
```
|
||||
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md#authentication) instead of the password.
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md) instead of the password.
|
||||
|
||||
You cannot publish a file with the same name twice to a package. You must delete the existing package file first.
|
||||
|
||||
|
||||
@@ -36,23 +36,24 @@ pacman-key --lsign-key {key id}
|
||||
|
||||
Now add the registry configuration to `/etc/pacman.conf`.
|
||||
```conf
|
||||
[{owner}.gitea.example.com]
|
||||
[{repository}]
|
||||
SigLevel = Required
|
||||
Server = https://gitea.example.com/api/packages/{owner}/arch/{repository}/{architecture}
|
||||
Server = https://gitea.example.com/api/packages/{owner}/arch/$repo/$arch
|
||||
```
|
||||
|
||||
| Placeholder | Description |
|
||||
| -------------- | ----------- |
|
||||
| `owner` | The owner of the packages. |
|
||||
| `repository` | The repository to use. |
|
||||
| `architecture` | The architecture to use. |
|
||||
|
||||
Consult the owners package overview to see what `repository` and `architecture` is available.
|
||||
|
||||
If the registry is private, provide credentials in the url. You can use a password or a [personal access token](development/api-usage.md#authentication):
|
||||
If the registry is private, provide credentials in the url. You can use a password or a [personal access token](development/api-usage.md):
|
||||
|
||||
```
|
||||
Server = https://{username}:{your_password_or_token}@gitea.example.com/api/packages/{owner}/arch/{repository}/{architecture}
|
||||
[{repository}]
|
||||
SigLevel = Required
|
||||
Server = https://{username}:{your_password_or_token}@gitea.example.com/api/packages/{owner}/arch/$repo/$arch
|
||||
```
|
||||
|
||||
## Publish a package
|
||||
@@ -76,7 +77,7 @@ curl --user your_username:your_password_or_token \
|
||||
https://gitea.example.com/api/packages/testuser/arch/core
|
||||
```
|
||||
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md#authentication) instead of the password.
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md) instead of the password.
|
||||
|
||||
You cannot publish a file with the same name twice to a package. You must delete the existing package file first.
|
||||
|
||||
|
||||
@@ -62,7 +62,7 @@ token = "Bearer {token}"
|
||||
|
||||
| Parameter | Description |
|
||||
| --------- | ----------- |
|
||||
| `token` | Your [personal access token](development/api-usage.md#authentication) |
|
||||
| `token` | Your [personal access token](development/api-usage.md) |
|
||||
|
||||
## Git vs Sparse
|
||||
|
||||
|
||||
@@ -49,7 +49,7 @@ curl --user your_username:your_password_or_token \
|
||||
https://gitea.example.com/api/packages/testuser/composer?version=1.0.3
|
||||
```
|
||||
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md#authentication) instead of the password.
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md) instead of the password.
|
||||
|
||||
The server responds with the following HTTP Status codes.
|
||||
|
||||
|
||||
@@ -18,21 +18,21 @@ To register the package registry you need to configure a new Conan remote:
|
||||
|
||||
```shell
|
||||
conan remote add {remote} https://gitea.example.com/api/packages/{owner}/conan
|
||||
conan user --remote {remote} --password {password} {username}
|
||||
conan remote login {remote} {username} --password {password}
|
||||
```
|
||||
|
||||
| Parameter | Description |
|
||||
| -----------| ----------- |
|
||||
| `remote` | The remote name. |
|
||||
| `username` | Your Gitea username. |
|
||||
| `password` | Your Gitea password. If you are using 2FA or OAuth use a [personal access token](development/api-usage.md#authentication) instead of the password. |
|
||||
| `password` | Your Gitea password. If you are using 2FA or OAuth use a [personal access token](development/api-usage.md) instead of the password. |
|
||||
| `owner` | The owner of the package. |
|
||||
|
||||
For example:
|
||||
|
||||
```shell
|
||||
conan remote add gitea https://gitea.example.com/api/packages/testuser/conan
|
||||
conan user --remote gitea --password password123 testuser
|
||||
conan remote login gitea testuser --password password123
|
||||
```
|
||||
|
||||
## Publish a package
|
||||
|
||||
@@ -54,7 +54,7 @@ curl --user your_username:your_password_or_token \
|
||||
https://gitea.example.com/api/packages/testuser/conda/package-1.0.conda
|
||||
```
|
||||
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md#authentication) instead of the password.
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md) instead of the password.
|
||||
|
||||
You cannot publish a package if a package of the same name and version already exists. You must delete the existing package first.
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ To push an image or if the image is in a private registry, you have to authentic
|
||||
docker login gitea.example.com
|
||||
```
|
||||
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md#authentication) instead of the password.
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md) instead of the password.
|
||||
|
||||
## Image naming convention
|
||||
|
||||
|
||||
@@ -60,7 +60,7 @@ curl --user your_username:your_password_or_token \
|
||||
https://gitea.example.com/api/packages/testuser/cran/bin?platform=windows&rversion=4.2
|
||||
```
|
||||
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md#authentication) instead of the password.
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md) instead of the password.
|
||||
|
||||
You cannot publish a package if a package of the same name and version already exists. You must delete the existing package first.
|
||||
|
||||
|
||||
@@ -28,7 +28,7 @@ echo "deb [signed-by=/etc/apt/keyrings/gitea-{owner}.asc] https://gitea.example.
|
||||
| `distribution` | The distribution to use. |
|
||||
| `component` | The component to use. |
|
||||
|
||||
If the registry is private, provide credentials in the url. You can use a password or a [personal access token](development/api-usage.md#authentication):
|
||||
If the registry is private, provide credentials in the url. You can use a password or a [personal access token](development/api-usage.md):
|
||||
|
||||
```shell
|
||||
echo "deb [signed-by=/etc/apt/keyrings/gitea-{owner}.asc] https://{username}:{your_password_or_token}@gitea.example.com/api/packages/{owner}/debian {distribution} {component}" | sudo tee -a /etc/apt/sources.list.d/gitea.list
|
||||
@@ -68,7 +68,7 @@ curl --user your_username:your_password_or_token \
|
||||
https://gitea.example.com/api/packages/testuser/debian/pool/bionic/main/upload
|
||||
```
|
||||
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md#authentication) instead of the password.
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md) instead of the password.
|
||||
|
||||
You cannot publish a package if a package of the same name, version, distribution, component and architecture already exists. You must delete the existing package first.
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ Publish generic files, like release binaries or other output, for your user or o
|
||||
|
||||
## Authenticate to the package registry
|
||||
|
||||
To authenticate to the Package Registry, you need to provide [custom HTTP headers or use HTTP Basic authentication](development/api-usage.md#authentication).
|
||||
To authenticate to the Package Registry, you need to provide [custom HTTP headers or use HTTP Basic authentication](development/api-usage.md).
|
||||
|
||||
## Publish a package
|
||||
|
||||
@@ -36,7 +36,7 @@ curl --user your_username:your_password_or_token \
|
||||
https://gitea.example.com/api/packages/testuser/generic/test_package/1.0.0/file.bin
|
||||
```
|
||||
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md#authentication) instead of the password.
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md) instead of the password.
|
||||
|
||||
The server responds with the following HTTP Status codes.
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ PUT https://gitea.example.com/api/packages/{owner}/go/upload
|
||||
| --------- | ----------- |
|
||||
| `owner` | The owner of the package. |
|
||||
|
||||
To authenticate to the package registry, you need to provide [custom HTTP headers or use HTTP Basic authentication](development/api-usage.md#authentication):
|
||||
To authenticate to the package registry, you need to provide [custom HTTP headers or use HTTP Basic authentication](development/api-usage.md):
|
||||
|
||||
```shell
|
||||
curl --user your_username:your_password_or_token \
|
||||
@@ -30,7 +30,7 @@ curl --user your_username:your_password_or_token \
|
||||
https://gitea.example.com/api/packages/testuser/go/upload
|
||||
```
|
||||
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md#authentication) instead of the password.
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md) instead of the password.
|
||||
|
||||
You cannot publish a package if a package of the same name and version already exists. You must delete the existing package first.
|
||||
|
||||
|
||||
@@ -30,7 +30,7 @@ helm cm-push ./{chart_file}.tgz {repo}
|
||||
| Parameter | Description |
|
||||
| ------------ | ----------- |
|
||||
| `username` | Your Gitea username. |
|
||||
| `password` | Your Gitea password. If you are using 2FA or OAuth use a [personal access token](development/api-usage.md#authentication) instead of the password. |
|
||||
| `password` | Your Gitea password. If you are using 2FA or OAuth use a [personal access token](development/api-usage.md) instead of the password. |
|
||||
| `repo` | The name for the repository. |
|
||||
| `chart_file` | The Helm Chart archive. |
|
||||
| `owner` | The owner of the package. |
|
||||
|
||||
@@ -58,7 +58,7 @@ Afterwards add the following sections to your project `pom.xml` file:
|
||||
|
||||
| Parameter | Description |
|
||||
| -------------- | ----------- |
|
||||
| `access_token` | Your [personal access token](development/api-usage.md#authentication). |
|
||||
| `access_token` | Your [personal access token](development/api-usage.md). |
|
||||
| `owner` | The owner of the package. |
|
||||
|
||||
### Gradle variant
|
||||
|
||||
@@ -29,7 +29,7 @@ npm config set -- '//gitea.example.com/api/packages/{owner}/npm/:_authToken' "{t
|
||||
| ------------ | ----------- |
|
||||
| `scope` | The scope of the packages. |
|
||||
| `owner` | The owner of the package. |
|
||||
| `token` | Your [personal access token](development/api-usage.md#authentication). |
|
||||
| `token` | Your [personal access token](development/api-usage.md). With `package` permissions. |
|
||||
|
||||
For example:
|
||||
|
||||
|
||||
@@ -26,7 +26,7 @@ dotnet nuget add source --name {source_name} --username {username} --password {p
|
||||
| ------------- | ----------- |
|
||||
| `source_name` | The desired source name. |
|
||||
| `username` | Your Gitea username. |
|
||||
| `password` | Your Gitea password. If you are using 2FA or OAuth use a [personal access token](development/api-usage.md#authentication) instead of the password. |
|
||||
| `password` | Your Gitea password. If you are using 2FA or OAuth use a [personal access token](development/api-usage.md) instead of the password. |
|
||||
| `owner` | The owner of the package. |
|
||||
|
||||
For example:
|
||||
@@ -35,7 +35,7 @@ For example:
|
||||
dotnet nuget add source --name gitea --username testuser --password password123 https://gitea.example.com/api/packages/testuser/nuget/index.json
|
||||
```
|
||||
|
||||
You can add the source without credentials and use the [`--api-key`](https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-nuget-push) parameter when publishing packages. In this case you need to provide a [personal access token](development/api-usage.md#authentication).
|
||||
You can add the source without credentials and use the [`--api-key`](https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-nuget-push) parameter when publishing packages. In this case you need to provide a [personal access token](development/api-usage.md).
|
||||
|
||||
## Publish a package
|
||||
|
||||
|
||||
@@ -35,6 +35,7 @@ The following package managers are currently supported:
|
||||
| [RPM](usage/packages/rpm.md) | - | `yum`, `dnf`, `zypper` |
|
||||
| [RubyGems](usage/packages/rubygems.md) | Ruby | `gem`, `Bundler` |
|
||||
| [Swift](usage/packages/swift.md) | Swift | `swift` |
|
||||
| [Terraform](usage/packages/terraform.md) | - | `terraform` |
|
||||
| [Vagrant](usage/packages/vagrant.md) | - | `vagrant` |
|
||||
|
||||
**The following paragraphs only apply if Packages are not globally disabled!**
|
||||
@@ -56,6 +57,8 @@ and shows a link to the repository on the package site (as well as a link to the
|
||||
| **read** access | public, if user is public too; otherwise for this user only | public, if org is public, otherwise for org members only |
|
||||
| **write** access | owner only | org members with admin or write access to the org |
|
||||
|
||||
Please note, that your respective package manager needs to have a [personal access token](development/api-usage.md) with the permissions `package` set to either Read or Read & Write to download and publish packages respectively.
|
||||
|
||||
N.B.: These access restrictions are [subject to change](https://github.com/go-gitea/gitea/issues/19270), where more finegrained control will be added via a dedicated organization team permission.
|
||||
|
||||
## Create or upload a package
|
||||
|
||||
@@ -26,7 +26,7 @@ dart pub token add https://gitea.example.com/api/packages/{owner}/pub
|
||||
| ------------ | ----------- |
|
||||
| `owner` | The owner of the package. |
|
||||
|
||||
You need to provide your [personal access token](development/api-usage.md#authentication).
|
||||
You need to provide your [personal access token](development/api-usage.md).
|
||||
|
||||
## Publish a package
|
||||
|
||||
|
||||
@@ -30,7 +30,7 @@ password = {password}
|
||||
| ------------ | ----------- |
|
||||
| `owner` | The owner of the package. |
|
||||
| `username` | Your Gitea username. |
|
||||
| `password` | Your Gitea password. If you are using 2FA or OAuth use a [personal access token](development/api-usage.md#authentication) instead of the password. |
|
||||
| `password` | Your Gitea password. If you are using 2FA or OAuth use a [personal access token](development/api-usage.md) instead of the password. |
|
||||
|
||||
## Publish a package
|
||||
|
||||
|
||||
@@ -37,7 +37,7 @@ dnf config-manager --add-repo https://gitea.example.com/api/packages/testuser/rp
|
||||
dnf config-manager --add-repo https://gitea.example.com/api/packages/testuser/rpm/centos/el7.repo
|
||||
```
|
||||
|
||||
If the registry is private, provide credentials in the url. You can use a password or a [personal access token](development/api-usage.md#authentication):
|
||||
If the registry is private, provide credentials in the url. You can use a password or a [personal access token](development/api-usage.md):
|
||||
|
||||
```shell
|
||||
dnf config-manager --add-repo https://{username}:{your_password_or_token}@gitea.example.com/api/packages/{owner}/rpm/{group}.repo
|
||||
@@ -72,7 +72,7 @@ curl --user your_username:your_password_or_token \
|
||||
https://gitea.example.com/api/packages/testuser/rpm/centos/el7/upload
|
||||
```
|
||||
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md#authentication) instead of the password.
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md) instead of the password.
|
||||
You cannot publish a file with the same name twice to a package. You must delete the existing package version first.
|
||||
|
||||
The server responds with the following HTTP Status codes.
|
||||
|
||||
@@ -24,7 +24,7 @@ https://gitea.example.com/api/packages/{owner}/rubygems: Bearer {token}
|
||||
| Parameter | Description |
|
||||
| ------------- | ----------- |
|
||||
| `owner` | The owner of the package. |
|
||||
| `token` | Your [personal access token](development/api-usage.md#authentication). |
|
||||
| `token` | Your [personal access token](development/api-usage.md). |
|
||||
|
||||
For example:
|
||||
|
||||
|
||||
@@ -25,7 +25,7 @@ swift package-registry login https://gitea.example.com/api/packages/{owner}/swif
|
||||
| ------------ | ----------- |
|
||||
| `owner` | The owner of the package. |
|
||||
| `username` | Your Gitea username. |
|
||||
| `password` | Your Gitea password. If you are using 2FA or OAuth use a [personal access token](development/api-usage.md#authentication) instead of the password. |
|
||||
| `password` | Your Gitea password. If you are using 2FA or OAuth use a [personal access token](development/api-usage.md) instead of the password. |
|
||||
|
||||
The login is optional and only needed if the package registry is private.
|
||||
|
||||
@@ -50,7 +50,7 @@ curl -X PUT --user {username}:{password} \
|
||||
| Placeholder | Description |
|
||||
| ----------- | ----------- |
|
||||
| `username` | Your Gitea username. |
|
||||
| `password` | Your Gitea password. If you are using 2FA or OAuth use a [personal access token](development/api-usage.md#authentication) instead of the password. |
|
||||
| `password` | Your Gitea password. If you are using 2FA or OAuth use a [personal access token](development/api-usage.md) instead of the password. |
|
||||
| `owner` | The owner of the package. |
|
||||
| `scope` | The package scope. |
|
||||
| `name` | The package name. |
|
||||
|
||||
99
docs/usage/packages/terraform.md
Normal file
99
docs/usage/packages/terraform.md
Normal file
@@ -0,0 +1,99 @@
|
||||
---
|
||||
date: "2026-03-04T00:00:00+00:00"
|
||||
slug: "terraform"
|
||||
sidebar_position: 118
|
||||
---
|
||||
|
||||
# Terraform State Registry
|
||||
|
||||
Publish terraform states to sync it between multiple users or CI system.
|
||||
|
||||
## Requirements
|
||||
|
||||
To work with the Terraform State registry, you need to use [Terraform](https://www.terraform.io/) or [OpenTofu](https://opentofu.org/).
|
||||
|
||||
## Configuring the package registry
|
||||
|
||||
To use the Gitea Terraform State registry, you need to configure the `http` backend in your Terraform configuration.
|
||||
|
||||
```hcl
|
||||
terraform {
|
||||
backend "http" {
|
||||
address = "https://gitea.example.com/api/packages/{owner}/terraform/state/{name}"
|
||||
lock_address = "https://gitea.example.com/api/packages/{owner}/terraform/state/{name}/lock"
|
||||
unlock_address = "https://gitea.example.com/api/packages/{owner}/terraform/state/{name}/lock"
|
||||
lock_method = "POST"
|
||||
unlock_method = "DELETE"
|
||||
username = "{username}"
|
||||
password = "{password_or_token}"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
| Placeholder | Description |
|
||||
| ----------- | ----------- |
|
||||
| `owner` | The owner of the state (user or organization). |
|
||||
| `name` | The name of the state. |
|
||||
| `username` | Your Gitea username. |
|
||||
| `password` | Your Gitea password or [personal access token](development/api-usage.md). |
|
||||
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md) instead of the password.
|
||||
|
||||
## Initialize the backend
|
||||
|
||||
After configuring the backend, you can initialize it with:
|
||||
|
||||
```shell
|
||||
terraform init
|
||||
```
|
||||
|
||||
Terraform will prompt you to migrate your state if you already have one locally.
|
||||
|
||||
## State Locking
|
||||
|
||||
Gitea supports state locking to prevent concurrent modifications. The `lock_address` and `unlock_address` should point to the `/lock` sub-route of your state URL.
|
||||
|
||||
- **Locking**: Performed via a `POST` request to `{address}/lock`.
|
||||
- **Unlocking**: Performed via a `DELETE` request to `{address}/lock`.
|
||||
|
||||
Terraform handles these requests automatically when configured as shown above.
|
||||
|
||||
## Encrypted state
|
||||
|
||||
The state registry supports [encrypted state](https://opentofu.org/docs/language/state/encryption/).
|
||||
|
||||
## State Versions and Management
|
||||
|
||||
Gitea keeps track of your Terraform state versions. You can use the API to retrieve or delete specific versions.
|
||||
|
||||
### Fetch state
|
||||
|
||||
To fetch the latest version of a state:
|
||||
|
||||
```shell
|
||||
curl --user {username}:{password_or_token} \
|
||||
https://gitea.example.com/api/packages/{owner}/terraform/state/{name}
|
||||
```
|
||||
|
||||
To fetch a specific version by its serial number:
|
||||
|
||||
```shell
|
||||
curl --user {username}:{password_or_token} \
|
||||
https://gitea.example.com/api/packages/{owner}/terraform/state/{name}/versions/{serial}
|
||||
```
|
||||
|
||||
### Delete state
|
||||
|
||||
To delete the entire state and all its versions:
|
||||
|
||||
```shell
|
||||
curl --user {username}:{password_or_token} -X DELETE \
|
||||
https://gitea.example.com/api/packages/{owner}/terraform/state/{name}
|
||||
```
|
||||
|
||||
To delete a specific version by its serial number:
|
||||
|
||||
```shell
|
||||
curl --user {username}:{password_or_token} -X DELETE \
|
||||
https://gitea.example.com/api/packages/{owner}/terraform/state/{name}/versions/{serial}
|
||||
```
|
||||
@@ -35,7 +35,7 @@ curl --user your_username:your_password_or_token \
|
||||
https://gitea.example.com/api/packages/testuser/vagrant/test_system/1.0.0/hyperv.box
|
||||
```
|
||||
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md#authentication) instead of the password.
|
||||
If you are using 2FA or OAuth use a [personal access token](development/api-usage.md) instead of the password.
|
||||
|
||||
You cannot publish a box if a box of the same name, version and provider already exists. You must delete the existing package first.
|
||||
|
||||
@@ -67,7 +67,7 @@ vagrant box add "https://gitea.example.com/api/packages/testuser/vagrant/test_sy
|
||||
```
|
||||
|
||||
This will install the latest version of the package. To add a specific version, use the `--box-version` parameter.
|
||||
If the registry is private you can pass your [personal access token](development/api-usage.md#authentication) in the `VAGRANT_CLOUD_TOKEN` environment variable.
|
||||
If the registry is private you can pass your [personal access token](development/api-usage.md) in the `VAGRANT_CLOUD_TOKEN` environment variable.
|
||||
|
||||
## Supported commands
|
||||
|
||||
|
||||
9
docs/usage/repository/_category_.json
Normal file
9
docs/usage/repository/_category_.json
Normal file
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"label": "Repository",
|
||||
"position": 10,
|
||||
"link": {
|
||||
"type": "generated-index",
|
||||
"slug": "/usage/repository",
|
||||
"description": "Repository management, Git operations, and content features"
|
||||
}
|
||||
}
|
||||
@@ -1,12 +1,10 @@
|
||||
---
|
||||
date: "2023-08-14T00:00:00+00:00"
|
||||
|
||||
slug: "blame"
|
||||
sidebar_position: 13
|
||||
|
||||
aliases:
|
||||
- /en-us/blame
|
||||
|
||||
- /blame
|
||||
---
|
||||
|
||||
# Blame File View
|
||||
@@ -1,11 +1,10 @@
|
||||
---
|
||||
date: "2021-02-02"
|
||||
|
||||
slug: "clone-filters"
|
||||
sidebar_position: 25
|
||||
aliases:
|
||||
- /en-us/clone-filters
|
||||
|
||||
- /clone-filters
|
||||
---
|
||||
|
||||
# Clone filters (partial clone)
|
||||
@@ -1,12 +1,10 @@
|
||||
---
|
||||
date: "2023-05-24T16:00:00+00:00"
|
||||
|
||||
slug: "code-owners"
|
||||
sidebar_position: 30
|
||||
|
||||
aliases:
|
||||
- /en-us/code-owners
|
||||
|
||||
- /code-owners
|
||||
---
|
||||
|
||||
# Code Owners
|
||||
@@ -1,11 +1,10 @@
|
||||
---
|
||||
date: "2022-12-01T00:00:00+00:00"
|
||||
|
||||
slug: "incoming-email"
|
||||
sidebar_position: 13
|
||||
sidebar_position: 130
|
||||
aliases:
|
||||
- /en-us/incoming-email
|
||||
|
||||
- /incoming-email
|
||||
---
|
||||
|
||||
# Incoming Email
|
||||
155
docs/usage/repository/markdown.md
Normal file
155
docs/usage/repository/markdown.md
Normal file
@@ -0,0 +1,155 @@
|
||||
---
|
||||
date: "2025-04-05T00:00:00+08:00"
|
||||
slug: "markdown"
|
||||
aliases:
|
||||
- /markdown
|
||||
sidebar_position: 4
|
||||
---
|
||||
|
||||
# Markdown
|
||||
|
||||
Gitea uses MarkDown structured text in many places, you can recognise it by the `.md` file extension.
|
||||
Markdown is plain text format for writing structured documents, allowing one to write
|
||||
"plain" text files that nonetheless have _"fancy"_ **formatting**, while still keeping the plain-text version readable.
|
||||
|
||||
Unfortunately, due to historical implementation differences, many subtle dialects exist.
|
||||
To avoid adding to the confusion, Gitea tries to follow "[GitHub Flavoured Markdown (GFM)](https://help.github.com/articles/github-flavored-markdown/)" as close as possible.
|
||||
"GFM" is an extension on top of the rigorously-specified [CommonMark](https://commonmark.org/) standard.
|
||||
CommonMark flavours are used by most major web platforms (e.g. Reddit, Stack Overflow, Discourse)
|
||||
and git forges (GitHub, GitLab and our very own Gitea), thus you shouldn't run into any surprises with Gitea.
|
||||
|
||||
For a quick introduction to the syntax and features of GitHub Flavoured Markdown, see the GitHub documentation:
|
||||
- [Basic formatting](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax)
|
||||
- [Advanced formatting](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting)
|
||||
|
||||
For a deeper history about CommonMark, its spec, and its reason for existence, see [CommonMark.org](https://commonmark.org/).
|
||||
|
||||
## Rendering options
|
||||
|
||||
Some Gitea's markdown rendering behaviors can be fine-tuned by global config options, see the `[markdown]` config section in the `app.example.ini`
|
||||
|
||||
|
||||
## Link path resolving
|
||||
|
||||
When rendering links for `<a href>`, `<img src>` and `<video src>`, Gitea resolves the link paths in the rendering context.
|
||||
|
||||
- If the link is an absolute path with scheme, the link is kept as-is.
|
||||
- If the link is an URL path, it is resolved with the base path of current rendering context.
|
||||
- In a comment-like context (issues, pull-requests, commit message), the base path is current repository's home link: `/owner-name/repo-name`.
|
||||
- In a repository file context (markdown files in the repository), the base path is current git ref path.
|
||||
|
||||
### Special link tokens
|
||||
|
||||
To make users easier to resolve a link to the Gitea instance's root path, Gitea has a special `/:root` path syntax.
|
||||
This will always resolve to Gitea's ROOT_URL.
|
||||
|
||||
Gitea also supports GitHub's `?raw=1` query parameter.
|
||||
A request to `/owner-name/repo-name/src/branch/main/file?raw=1` will be redirected to
|
||||
`/owner-name/repo-name/raw/branch/main/file`. This makes it possible to target raw contents from relative links
|
||||
(normally, the `src/` section of the path is provided automatically by Gitea and cannot be overriden).
|
||||
|
||||
### Link handling examples
|
||||
|
||||
For example, when rendering a markdown file in `/owner-name/repo-name/src/branch/main/dir`:
|
||||
1) Absolute with scheme: Link `https://example.org` will be rendered as-is.
|
||||
2) Relative from current file: Link `sub/file`is resolved to `/owner-name/repo-name/src/branch/main/dir/sub/file`
|
||||
3) Relative from repo root: Link `/sub/file` (note leading slash) is resolved to `/owner-name/repo-name/src/branch/main/sub/file`
|
||||
4) Raw media: If the link is used as `src` of an image or video, then it is resolved to `/owner-name/repo-name/raw/...`
|
||||
5) Raw relative: `sub/file?raw=1` will resolve to `/owner-name/repo-name/src/branch/main/dir/sub/file?raw=1`,
|
||||
which will redirect to `/owner-name/repo-name/raw/branch/main/dir/sub/file`.
|
||||
6) explicit root: Link `/:root/any-path` is always resolved to `$ROOT_URL/any-path` without any further processing.
|
||||
|
||||
|
||||
## Issue and pull-request reference
|
||||
|
||||
Using issue/pull-request numbers in a list:
|
||||
|
||||
```
|
||||
* #123
|
||||
* #456
|
||||
```
|
||||
|
||||
It will be rendered with issue titles to:
|
||||
|
||||
```
|
||||
* the issue title (#123)
|
||||
* the other issue title (#456)
|
||||
```
|
||||
|
||||
## Theme-based image display
|
||||
|
||||
Gitea supports the GitHub-like theme-based image display. Supported syntax:
|
||||
|
||||
* Use Markdown image
|
||||
|
||||
```
|
||||

|
||||
```
|
||||
|
||||
* Use `<img>` HTML tag
|
||||
|
||||
```
|
||||
<img src="my-light.png#gh-light-mode-only" height="120" width="120"/>
|
||||
<img src="my-dark.png#gh-dark-mode-only" height="120" width="120"/>
|
||||
```
|
||||
|
||||
* Use `<picture>` with `<source media>` (only works for themes with "auto" color preference)
|
||||
|
||||
```
|
||||
<picture>
|
||||
<source media="(prefers-color-scheme: dark)" srcset="my-dark.png">
|
||||
<source media="(prefers-color-scheme: light)" srcset="my-light.png">
|
||||
<img src="my-light.png">
|
||||
</picture>
|
||||
```
|
||||
|
||||
## Math expressions
|
||||
|
||||
Gitea supports GitHub-like math expression formatting.
|
||||
|
||||
### Inline expression
|
||||
|
||||
- ``` $\alpha$ ```: quoted by single-dollar `$`
|
||||
- ``` $$\alpha$$ ```: quoted by double-dollar `$$`
|
||||
- ``` $`\alpha`$ ```: quoted by dollar with backquotes, the backquotes could repeat like normal code blocks.
|
||||
|
||||
### Block expression
|
||||
|
||||
Using `$$`:
|
||||
|
||||
````
|
||||
$$
|
||||
\alpha
|
||||
$$
|
||||
````
|
||||
|
||||
Using code-block with language:
|
||||
|
||||
````
|
||||
```math
|
||||
\alpha
|
||||
```
|
||||
````
|
||||
|
||||
## Frontmatter
|
||||
|
||||
Gitea supports frontmatter and Table of Contents (TOC) rendering. By default, frontmatter rendering is enabled, and TOC rendering is disabled.
|
||||
|
||||
### Enabling TOC rendering
|
||||
|
||||
To enable TOC rendering for a markdown file, add `include_toc: true` to its frontmatter section.
|
||||
|
||||
### Disabling frontmatter
|
||||
|
||||
To disable frontmatter rendering for a markdown file, add `gitea: none` to its frontmatter section.
|
||||
|
||||
### Example
|
||||
|
||||
```yaml
|
||||
---
|
||||
include_toc: true
|
||||
gitea: none
|
||||
---
|
||||
```
|
||||
|
||||
Then, when you preview this markdown file in Gitea, the frontmatter section will not be rendered, and a Table of Contents will be generated at the top of the content.
|
||||
55
docs/usage/repository/migration.md
Normal file
55
docs/usage/repository/migration.md
Normal file
@@ -0,0 +1,55 @@
|
||||
---
|
||||
date: "2024-09-11T09:30:00+08:00"
|
||||
slug: "migration"
|
||||
sidebar_position: 40
|
||||
aliases:
|
||||
- /migration
|
||||
---
|
||||
|
||||
# Migration
|
||||
|
||||
You can migrate repositories from other Git services to your Gitea instance.
|
||||
|
||||
## How to migrate from Gogs/GitHub/GitLab to Gitea
|
||||
|
||||
To migrate from Gogs to Gitea:
|
||||
|
||||
- [Gogs version 0.11.46.0418](https://github.com/go-gitea/gitea/issues/4286)
|
||||
|
||||
To migrate from GitHub to Gitea, you can use Gitea's built-in migration form.
|
||||
|
||||
In order to migrate items such as issues, pull requests, etc. you will need to input at least your username.
|
||||
|
||||
[Example (requires login)](https://demo.gitea.com/repo/migrate)
|
||||
|
||||
To migrate from GitLab to Gitea, you can use this non-affiliated tool:
|
||||
|
||||
https://github.com/loganinak/MigrateGitlabToGogs
|
||||
|
||||
## How to migrate from AWS CodeCommit to Gitea
|
||||
|
||||
- To use the AWS CodeCommit API, Gitea requires an access key ID and a secret access key. For security reasons, we recommend creating a new user with the minimum necessary permissions and generating an access key ID and secret access key for the migration. The minimum permissions required for this user are as follows:
|
||||
```
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"codecommit:GetRepository",
|
||||
"codecommit:GitPull",
|
||||
"codecommit:ListPullRequests",
|
||||
"codecommit:GetPullRequest",
|
||||
"codecommit:GetCommentsForPullRequest"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:codecommit:<region>:<account>:<Repo-to-Migrate>
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
- If you do not need to migrate pull requests, you can remove the `ListPullRequests`, `GetPullRequest`, and `GetCommentsForPullRequest` actions.
|
||||
|
||||
- For instructions on how to create an IAM user and assign permissions, you can refer to this [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html).
|
||||
|
||||
- To clone this repository, Gitea requires HTTPS Git credentials. You can create HTTPS Git credentials according to this [AWS documentation](https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html).
|
||||
@@ -1,7 +1,9 @@
|
||||
---
|
||||
date: "2023-03-02T21:00:00+05:00"
|
||||
slug: "profile-readme"
|
||||
sidebar_position: 12
|
||||
sidebar_position: 42
|
||||
aliases:
|
||||
- /profile-readme
|
||||
---
|
||||
|
||||
# Profile READMEs
|
||||
@@ -5,6 +5,7 @@ sidebar_position: 15
|
||||
aliases:
|
||||
- /en-us/push-to-create
|
||||
- /en-us/push-options
|
||||
- /push
|
||||
---
|
||||
|
||||
# Push
|
||||
@@ -44,7 +45,7 @@ Push to create is a feature that allows you to push to a repository that does no
|
||||
|
||||
### Enabling Push To Create
|
||||
|
||||
In the `app.ini` file, set `ENABLE_PUSH_CREATE_USER` to `true` and `ENABLE_PUSH_CREATE_ORG` to `true` if you want to allow users to create repositories in their own user account and in organizations they are a member of respectively. Restart Gitea for the changes to take effect. You can read more about these two options in the [Configuration Cheat Sheet](../administration/config-cheat-sheet.md#repository-repository).
|
||||
In the `app.ini` file, set `ENABLE_PUSH_CREATE_USER` to `true` and `ENABLE_PUSH_CREATE_ORG` to `true` if you want to allow users to create repositories in their own user account and in organizations they are a member of respectively. Restart Gitea for the changes to take effect. You can read more about these two options in the [Configuration Cheat Sheet](../../administration/config-cheat-sheet#repository-repository).
|
||||
|
||||
### Using Push To Create
|
||||
|
||||
@@ -4,9 +4,10 @@ slug: "repo-mirror"
|
||||
sidebar_position: 45
|
||||
aliases:
|
||||
- /en-us/repo-mirror
|
||||
- /repo-mirror
|
||||
---
|
||||
|
||||
# Repository Mirror
|
||||
# Mirror Repository
|
||||
|
||||
Repository mirroring allows for the mirroring of repositories to and from external sources. You can use it to mirror branches, tags, and commits between repositories.
|
||||
|
||||
@@ -1,27 +1,30 @@
|
||||
---
|
||||
date: "2019-11-28:00:00+02:00"
|
||||
|
||||
slug: "template-repositories"
|
||||
sidebar_position: 14
|
||||
|
||||
sidebar_position: 44
|
||||
aliases:
|
||||
- /en-us/template-repositories
|
||||
- /template-repositories
|
||||
---
|
||||
|
||||
# Template Repositories
|
||||
# Template Repository
|
||||
|
||||
Gitea `1.11.0` and above includes template repositories, and one feature implemented with them is auto-expansion of specific variables within your template files.
|
||||
Since Gitea `1.11`, you can create template repositories.
|
||||
When creating a repo based on a template, you can copy most of its content, and even auto-inject variables into it.
|
||||
|
||||
To tell Gitea which files to expand, you must include a `template` file inside the `.gitea` directory of the template repository.
|
||||
By default, variables will not be expanded in any file.
|
||||
Only files contained in a pattern inside the `.gitea/template` file will be checked for if they contain variables.
|
||||
When creating the template, all files are included except for this `.gitea/template` file.
|
||||
|
||||
Gitea uses [gobwas/glob](https://github.com/gobwas/glob) for its glob syntax. It closely resembles a traditional `.gitignore`, however there may be slight differences.
|
||||
Gitea uses [gobwas/glob](https://github.com/gobwas/glob) for its glob syntax.
|
||||
It closely resembles a traditional `.gitignore`, however there may be slight differences.
|
||||
|
||||
## Example `.gitea/template` file
|
||||
|
||||
All paths are relative to the base of the repository
|
||||
|
||||
```gitignore
|
||||
# All .go files, anywhere in the repository
|
||||
# Expand all .go files, anywhere in the repository
|
||||
**.go
|
||||
|
||||
# All text files in the text directory
|
||||
@@ -34,20 +37,23 @@ a/b/c/d.json
|
||||
**.[bB][aA][tT]
|
||||
```
|
||||
|
||||
:::note
|
||||
The `template` file will be removed from the `.gitea` directory when a repository is generated from the template.
|
||||
:::
|
||||
|
||||
## Variable Expansion
|
||||
|
||||
In any file matched by the above globs, certain variables will be expanded.
|
||||
In any file matched by the above globs, the variables below will be expanded.
|
||||
|
||||
Matching filenames and paths can also be expanded, and are conservatively sanitized to support cross-platform filesystems.
|
||||
|
||||
All variables must be of the form `$VAR` or `${VAR}`. To escape an expansion, use a double `$$`, such as `$$VAR` or `$${VAR}`
|
||||
You can use variables by prefixing them with `$` or surrounding them with `${}`, so both `$VAR` and `${VAR}` insert the value of `VAR` at this location.
|
||||
To escape an expansion, use `$$`, such as `$$VAR` or `$${VAR}`.
|
||||
|
||||
These are the variables Gitea currently recognizes:
|
||||
|
||||
| Variable | Expands To | Transformable |
|
||||
| -------------------- | --------------------------------------------------- | ------------- |
|
||||
| YEAR | The year of generating the repository (i.e. `2024`) | ✘ |
|
||||
| MONTH | The month of generating the repository (i.e. `03`) | ✘ |
|
||||
| MONTH_ENGLISH | The month but in English (i.e. `March`) | ✓ |
|
||||
| DAY | The day of generating the repository (i.e. `02`) | ✘ |
|
||||
| REPO_NAME | The name of the generated repository | ✓ |
|
||||
| TEMPLATE_NAME | The name of the template repository | ✓ |
|
||||
| REPO_DESCRIPTION | The description of the generated repository | ✘ |
|
||||
@@ -63,11 +69,12 @@ All variables must be of the form `$VAR` or `${VAR}`. To escape an expansion, us
|
||||
|
||||
## Transformers :robot:
|
||||
|
||||
Gitea `1.12.0` adds a few transformers to some of the applicable variables above.
|
||||
Since Gitea `1.12.0`, variables marked as transformable in the table above also have alternative versions where the given transformer has been applied.
|
||||
|
||||
For example, to get `REPO_NAME` in `PASCAL`-case, your template would use `${REPO_NAME_PASCAL}`
|
||||
Transformed variables can be called by appending the transformer name to the variable name.
|
||||
For example, to get `REPO_NAME` in `PASCAL`-case, you should use the variable `${REPO_NAME_PASCAL}`.
|
||||
|
||||
Feeding `go-sdk` to the available transformers yields...
|
||||
The following transformers are available (assuming `go-sdk` is the input):
|
||||
|
||||
| Transformer | Effect |
|
||||
| ----------- | ------ |
|
||||
732
docs/usage/repository/webhooks.md
Normal file
732
docs/usage/repository/webhooks.md
Normal file
@@ -0,0 +1,732 @@
|
||||
---
|
||||
date: "2016-12-01T16:00:00+02:00"
|
||||
slug: "webhooks"
|
||||
sidebar_position: 30
|
||||
aliases:
|
||||
- /en-us/webhooks
|
||||
- /webhooks
|
||||
---
|
||||
|
||||
# Webhooks
|
||||
|
||||
Gitea can send outbound webhooks for repository activity. Repository webhooks are
|
||||
configured at `/:username/:reponame/settings/hooks` by a repository admin.
|
||||
Equivalent webhook pages also exist for organizations, users, and system
|
||||
administration.
|
||||
|
||||
Webhook configuration is available at four scopes:
|
||||
|
||||
- `Repository webhooks`: Trigger only for activity in one repository.
|
||||
- `Organization webhooks`: Trigger for activity in repositories owned by that
|
||||
organization.
|
||||
- `User webhooks`: Trigger for activity in repositories owned by that user.
|
||||
- `System webhooks`: Trigger for all eligible activity on the instance.
|
||||
|
||||
Gitea also supports admin-defined `default webhooks`. These are not an extra
|
||||
delivery scope. Instead, they are copied into newly created repositories and
|
||||
then behave like ordinary repository webhooks.
|
||||
|
||||
Gitea supports these outgoing webhook integrations:
|
||||
|
||||
- Gitea
|
||||
- Gogs
|
||||
- Slack
|
||||
- Discord
|
||||
- Dingtalk
|
||||
- Telegram
|
||||
- Microsoft Teams
|
||||
- Feishu
|
||||
- Matrix
|
||||
- Wechatwork
|
||||
- Packagist
|
||||
|
||||
The `Gitea` and `Gogs` webhook types send generic webhook payloads. The chat and
|
||||
service integrations listed above transform the same internal event into a
|
||||
service-specific request body.
|
||||
|
||||
## Configuration
|
||||
|
||||
This section covers the webhook settings you choose when creating or editing a
|
||||
webhook.
|
||||
|
||||
### Configuring a webhook
|
||||
|
||||
When creating a webhook, the main options are:
|
||||
|
||||
- `Target URL`: The endpoint that receives the delivery.
|
||||
- `HTTP Method`: Usually `POST` for generic webhooks.
|
||||
- `POST Content Type`: `application/json` or
|
||||
`application/x-www-form-urlencoded` for generic webhooks.
|
||||
- `Secret`: Used to sign the raw request body with HMAC.
|
||||
- `Authorization Header`: Optional custom `Authorization` header to send with
|
||||
each request.
|
||||
- `Branch Filter`: Optional glob filter for branch and tag related events.
|
||||
- `Trigger On`: `Push Events`, `All Events`, or a custom event selection.
|
||||
- `Active`: Whether the webhook is enabled.
|
||||
|
||||
:::note
|
||||
Older examples may still show a `secret` field inside the JSON payload. Current
|
||||
Gitea versions do not send the webhook secret in the payload body. Always verify
|
||||
the request by checking the signature headers instead.
|
||||
:::
|
||||
|
||||
### Branch filters
|
||||
|
||||
The branch filter uses glob syntax compatible with
|
||||
[`github.com/gobwas/glob`](https://pkg.go.dev/github.com/gobwas/glob#Compile).
|
||||
|
||||
- Empty, `*`, or `**` matches everything.
|
||||
- A plain branch name such as `main` matches that branch.
|
||||
- Full refs such as `refs/tags/v*` are also supported.
|
||||
- Brace expressions such as `{main,release/*}` are supported.
|
||||
- The filter only applies to events that carry a git ref, such as `create`,
|
||||
`delete`, and `push`.
|
||||
- Events without a ref, such as issues or releases, ignore the branch filter.
|
||||
|
||||
Examples:
|
||||
|
||||
- `main`
|
||||
- `{main,feature/*}`
|
||||
- `{refs/heads/feature/*,refs/tags/release/*}`
|
||||
|
||||
### Authorization header
|
||||
|
||||
Gitea can be configured to send a custom
|
||||
[Authorization header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization)
|
||||
with each webhook delivery. This is independent from the webhook secret:
|
||||
|
||||
- Use the secret to verify integrity with HMAC.
|
||||
- Use the `Authorization` header when the receiving endpoint requires
|
||||
application-level authentication.
|
||||
|
||||
## Delivery
|
||||
|
||||
This section describes how Gitea sends webhook deliveries and how receivers can
|
||||
identify and verify them.
|
||||
|
||||
### Delivery behavior
|
||||
|
||||
- Webhooks are delivered asynchronously over HTTP.
|
||||
- Generic `Gitea` and `Gogs` webhooks support `POST` and `GET`; `POST` is the
|
||||
normal choice.
|
||||
- For `POST` requests, the payload can be sent either as JSON
|
||||
(`application/json`) or as a form field named `payload`
|
||||
(`application/x-www-form-urlencoded`).
|
||||
- Provider-specific integrations may use the HTTP method and body format
|
||||
required by that provider.
|
||||
|
||||
### Delivery headers
|
||||
|
||||
Every delivery includes a unique delivery ID and event headers. For
|
||||
GitHub-compatible integrations, Gitea also sends the corresponding GitHub and
|
||||
Gogs header names.
|
||||
|
||||
| Header | Description |
|
||||
| --- | --- |
|
||||
| `X-Gitea-Delivery` | Unique delivery UUID for this attempt. |
|
||||
| `X-Gitea-Event` | Normalized event name, such as `push`, `issues`, or `pull_request`. |
|
||||
| `X-Gitea-Event-Type` | More specific event type, such as `issue_assign` or `pull_request_review_comment`. |
|
||||
| `X-Gitea-Signature` | Hex-encoded HMAC-SHA256 of the raw request body, without a prefix. |
|
||||
| `X-Gitea-Hook-Installation-Target-Type` | Where the webhook is defined: typically `repository`, `organization`, `user`, or `system`. Default webhooks are copied into repositories before delivery, so they are typically delivered as `repository`. |
|
||||
| `X-Gogs-Delivery`, `X-Gogs-Event`, `X-Gogs-Event-Type`, `X-Gogs-Signature` | Compatibility headers with the same values as the Gitea variants. |
|
||||
| `X-GitHub-Delivery`, `X-GitHub-Event`, `X-GitHub-Event-Type` | GitHub-style compatibility headers. |
|
||||
| `X-GitHub-Hook-Installation-Target-Type` | GitHub-style compatibility header for the webhook scope. |
|
||||
| `X-Hub-Signature` | GitHub-compatible HMAC-SHA1 header in the form `sha1=<digest>`. |
|
||||
| `X-Hub-Signature-256` | GitHub-compatible HMAC-SHA256 header in the form `sha256=<digest>`. |
|
||||
|
||||
If no secret is configured, the signature headers are still present, but their
|
||||
digest values are empty.
|
||||
|
||||
#### `Event` versus `Event-Type`
|
||||
|
||||
Some Gitea webhook subscriptions are grouped together under one normalized event
|
||||
name. For example, an issue assignment delivery uses the issue event group:
|
||||
|
||||
```http
|
||||
X-Gitea-Event: issues
|
||||
X-Gitea-Event-Type: issue_assign
|
||||
X-GitHub-Event: issues
|
||||
X-GitHub-Event-Type: issue_assign
|
||||
```
|
||||
|
||||
Use `X-Gitea-Event-Type` when you need the exact trigger that fired the webhook.
|
||||
|
||||
#### Validating deliveries
|
||||
|
||||
Gitea signs the raw request body with your webhook secret. To validate a
|
||||
delivery:
|
||||
|
||||
1. Read the request body exactly as it was received.
|
||||
2. Compute the HMAC-SHA256 digest with your webhook secret.
|
||||
3. Compare the result with `X-Gitea-Signature` or with the GitHub-compatible
|
||||
`X-Hub-Signature-256` header.
|
||||
4. Use a constant-time comparison when possible.
|
||||
|
||||
Important details:
|
||||
|
||||
- `X-Gitea-Signature` contains only the lowercase hexadecimal SHA-256 digest.
|
||||
- `X-Hub-Signature-256` contains the same digest with a `sha256=` prefix.
|
||||
- `X-Hub-Signature` is also sent for compatibility and uses SHA-1.
|
||||
- The body must be verified before JSON parsing or any other modification.
|
||||
|
||||
##### PHP example
|
||||
|
||||
The following example verifies a generic `Gitea` webhook sent as
|
||||
`application/json`.
|
||||
|
||||
```php
|
||||
<?php
|
||||
|
||||
$secret = '123';
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
||||
http_response_code(405);
|
||||
exit('Only POST is allowed');
|
||||
}
|
||||
|
||||
$payload = file_get_contents('php://input');
|
||||
$signature = $_SERVER['HTTP_X_GITEA_SIGNATURE'] ?? '';
|
||||
|
||||
if ($payload === false || $signature === '') {
|
||||
http_response_code(400);
|
||||
exit('Missing payload or signature');
|
||||
}
|
||||
|
||||
$expected = hash_hmac('sha256', $payload, $secret);
|
||||
|
||||
if (!hash_equals($expected, $signature)) {
|
||||
http_response_code(401);
|
||||
exit('Invalid signature');
|
||||
}
|
||||
|
||||
$event = $_SERVER['HTTP_X_GITEA_EVENT'] ?? '';
|
||||
$eventType = $_SERVER['HTTP_X_GITEA_EVENT_TYPE'] ?? '';
|
||||
$data = json_decode($payload, true);
|
||||
|
||||
if (!is_array($data)) {
|
||||
http_response_code(400);
|
||||
exit('Invalid JSON payload');
|
||||
}
|
||||
|
||||
http_response_code(204);
|
||||
```
|
||||
|
||||
## Events
|
||||
|
||||
This section follows the same event-by-event style used by GitHub's webhook
|
||||
documentation: each event describes when it occurs and what the top-level
|
||||
payload contains.
|
||||
|
||||
The event groups match the webhook settings UI: `Repository Events`,
|
||||
`Issue Events`, `Pull Request Events`, and `Workflow Events`.
|
||||
|
||||
### Repository Events
|
||||
|
||||
- `create`, `delete`, `fork`, `push`, `wiki`, `repository`, `release`, `package`, `status`
|
||||
|
||||
#### `create`
|
||||
|
||||
This event occurs when a branch or tag is created.
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `sha` | `string` | **Required.** The object ID of the created reference. |
|
||||
| `ref` | `string` | **Required.** The created branch or tag name. |
|
||||
| `ref_type` | `string` | **Required.** The reference type, such as `branch` or `tag`. |
|
||||
| `repository` | `object` | **Required.** The repository where the reference was created. |
|
||||
| `sender` | `object` | **Required.** The user who created the reference. |
|
||||
|
||||
#### `delete`
|
||||
|
||||
This event occurs when a branch or tag is deleted.
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `ref` | `string` | **Required.** The deleted branch or tag name. |
|
||||
| `ref_type` | `string` | **Required.** The reference type, such as `branch` or `tag`. |
|
||||
| `pusher_type` | `string` | **Required.** The actor type that deleted the ref. Current Gitea payloads use `user`. |
|
||||
| `repository` | `object` | **Required.** The repository where the reference was deleted. |
|
||||
| `sender` | `object` | **Required.** The user who deleted the reference. |
|
||||
|
||||
#### `fork`
|
||||
|
||||
This event occurs when a repository is forked.
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `forkee` | `object` | **Required.** The newly created fork repository. |
|
||||
| `repository` | `object` | **Required.** The original repository that was forked. |
|
||||
| `sender` | `object` | **Required.** The user who created the fork. |
|
||||
|
||||
#### `push`
|
||||
|
||||
This event occurs when commits are pushed to a branch or tag.
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `ref` | `string` | **Required.** The full pushed ref, such as `refs/heads/main`. |
|
||||
| `before` | `string` | **Required.** The commit SHA before the push. |
|
||||
| `after` | `string` | **Required.** The commit SHA after the push. |
|
||||
| `compare_url` | `string` | **Required.** URL to compare `before` and `after`. |
|
||||
| `commits` | `array` | **Required.** Commits included in the push. |
|
||||
| `total_commits` | `integer` | **Required.** Number of commits in the push. |
|
||||
| `head_commit` | `object` | The most recent commit in the push. |
|
||||
| `repository` | `object` | **Required.** The repository that received the push. |
|
||||
| `pusher` | `object` | **Required.** The user who performed the push. |
|
||||
| `sender` | `object` | **Required.** The user who triggered the webhook. |
|
||||
|
||||
#### `wiki`
|
||||
|
||||
This event occurs when a wiki page is created, edited, or deleted.
|
||||
|
||||
**Action type:** `created`, `edited`, `deleted`
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `action` | `string` | **Required.** The wiki page action. |
|
||||
| `repository` | `object` | **Required.** The repository that owns the wiki. |
|
||||
| `sender` | `object` | **Required.** The user who changed the wiki page. |
|
||||
| `page` | `string` | **Required.** The wiki page name. |
|
||||
| `comment` | `string` | The wiki commit message or comment. |
|
||||
|
||||
#### `repository`
|
||||
|
||||
This event occurs when a repository is created or deleted.
|
||||
|
||||
**Action type:** `created`, `deleted`
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `action` | `string` | **Required.** The repository action. |
|
||||
| `repository` | `object` | **Required.** The repository that was created or deleted. |
|
||||
| `organization` | `object` | Present when the repository belongs to an organization. |
|
||||
| `sender` | `object` | **Required.** The user who performed the action. |
|
||||
|
||||
#### `release`
|
||||
|
||||
This event occurs when a release is published, updated, or deleted.
|
||||
|
||||
**Action type:** `published`, `updated`, `deleted`
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `action` | `string` | **Required.** The release action. |
|
||||
| `release` | `object` | **Required.** The release that was acted on. |
|
||||
| `repository` | `object` | **Required.** The repository containing the release. |
|
||||
| `sender` | `object` | **Required.** The user who performed the action. |
|
||||
|
||||
#### `package`
|
||||
|
||||
This event occurs when a package is created or deleted.
|
||||
|
||||
**Action type:** `created`, `deleted`
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `action` | `string` | **Required.** The package action. |
|
||||
| `repository` | `object` | The repository associated with the package, when applicable. |
|
||||
| `package` | `object` | **Required.** The package that was acted on. |
|
||||
| `organization` | `object` | Present when the package owner is an organization. |
|
||||
| `sender` | `object` | **Required.** The user who performed the action. |
|
||||
|
||||
#### `status`
|
||||
|
||||
This event occurs when a commit status is created or updated through the API.
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `commit` | `object` | The commit associated with the status. |
|
||||
| `context` | `string` | **Required.** The status context, such as `ci/build`. |
|
||||
| `created_at` | `string` | **Required.** The time the status was created. |
|
||||
| `description` | `string` | Status description text. |
|
||||
| `id` | `integer` | **Required.** The status identifier. |
|
||||
| `repository` | `object` | **Required.** The repository containing the commit. |
|
||||
| `sender` | `object` | **Required.** The user who created the status. |
|
||||
| `sha` | `string` | **Required.** The commit SHA. |
|
||||
| `state` | `string` | **Required.** The state, such as `pending`, `success`, `error`, or `failure`. |
|
||||
| `target_url` | `string` | Target URL associated with the status. |
|
||||
| `updated_at` | `string` | The time the status was last updated. |
|
||||
|
||||
Unlike most other payloads, this event does not use an `action` field. The
|
||||
state transition is represented by `state`.
|
||||
|
||||
### Issue Events
|
||||
|
||||
- `issues`, `issue_assign`, `issue_label`, `issue_milestone`, `issue_comment`
|
||||
|
||||
#### `issues`
|
||||
|
||||
This event occurs when an issue is opened, closed, reopened, edited, or deleted.
|
||||
|
||||
**Action type:** `opened`, `closed`, `reopened`, `edited`, `deleted`
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `action` | `string` | **Required.** The issue action. |
|
||||
| `number` | `integer` | **Required.** The issue number. |
|
||||
| `changes` | `object` | Optional. Previous values for edited fields or label deltas. |
|
||||
| `issue` | `object` | **Required.** The issue that was acted on. |
|
||||
| `repository` | `object` | **Required.** The repository containing the issue. |
|
||||
| `sender` | `object` | **Required.** The user who performed the action. |
|
||||
| `commit_id` | `string` | The commit SHA associated with the issue action, if applicable. |
|
||||
|
||||
#### `issue_assign`
|
||||
|
||||
This event occurs when an issue is assigned or unassigned.
|
||||
|
||||
**Action type:** `assigned`, `unassigned`
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `action` | `string` | **Required.** The assignment action. |
|
||||
| `number` | `integer` | **Required.** The issue number. |
|
||||
| `changes` | `object` | Optional. Previous values for edited fields or label deltas. |
|
||||
| `issue` | `object` | **Required.** The issue that was acted on. |
|
||||
| `repository` | `object` | **Required.** The repository containing the issue. |
|
||||
| `sender` | `object` | **Required.** The user who performed the action. |
|
||||
| `commit_id` | `string` | The commit SHA associated with the issue action, if applicable. |
|
||||
|
||||
#### `issue_label`
|
||||
|
||||
This event occurs when issue labels are updated or cleared.
|
||||
|
||||
**Action type:** `label_updated`, `label_cleared`
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `action` | `string` | **Required.** The label update action. |
|
||||
| `number` | `integer` | **Required.** The issue number. |
|
||||
| `changes` | `object` | Optional. Previous values for edited fields or label deltas. |
|
||||
| `issue` | `object` | **Required.** The issue that was acted on. |
|
||||
| `repository` | `object` | **Required.** The repository containing the issue. |
|
||||
| `sender` | `object` | **Required.** The user who performed the action. |
|
||||
| `commit_id` | `string` | The commit SHA associated with the issue action, if applicable. |
|
||||
|
||||
#### `issue_milestone`
|
||||
|
||||
This event occurs when an issue is milestoned or demilestoned.
|
||||
|
||||
**Action type:** `milestoned`, `demilestoned`
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `action` | `string` | **Required.** The milestone action. |
|
||||
| `number` | `integer` | **Required.** The issue number. |
|
||||
| `changes` | `object` | Optional. Previous values for edited fields or label deltas. |
|
||||
| `issue` | `object` | **Required.** The issue that was acted on. |
|
||||
| `repository` | `object` | **Required.** The repository containing the issue. |
|
||||
| `sender` | `object` | **Required.** The user who performed the action. |
|
||||
| `commit_id` | `string` | The commit SHA associated with the issue action, if applicable. |
|
||||
|
||||
#### `issue_comment`
|
||||
|
||||
This event occurs when a comment on an issue is created, edited, or deleted.
|
||||
|
||||
**Action type:** `created`, `edited`, `deleted`
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `action` | `string` | **Required.** The comment action. |
|
||||
| `issue` | `object` | **Required.** The issue that the comment belongs to. |
|
||||
| `pull_request` | `object` | Present only when the comment is on a pull request timeline. |
|
||||
| `comment` | `object` | **Required.** The comment that was created, edited, or deleted. |
|
||||
| `changes` | `object` | Optional. Previous comment body when the action is `edited`. |
|
||||
| `repository` | `object` | **Required.** The repository containing the issue. |
|
||||
| `sender` | `object` | **Required.** The user who performed the action. |
|
||||
| `is_pull` | `boolean` | **Required.** Whether the comment is on a pull request timeline. |
|
||||
|
||||
### Pull Request Events
|
||||
|
||||
- `pull_request`, `pull_request_assign`, `pull_request_label`, `pull_request_milestone`, `pull_request_comment`, `pull_request_review`, `pull_request_review_approved`, `pull_request_review_rejected`, `pull_request_review_comment`, `pull_request_sync`, `pull_request_review_request`
|
||||
|
||||
#### `pull_request`
|
||||
|
||||
This event occurs when a pull request is opened, closed, reopened, edited, or deleted.
|
||||
|
||||
**Action type:** `opened`, `closed`, `reopened`, `edited`, `deleted`
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `action` | `string` | **Required.** The pull request action. |
|
||||
| `number` | `integer` | **Required.** The pull request number. |
|
||||
| `changes` | `object` | Optional. Previous values for edited fields or label deltas. |
|
||||
| `pull_request` | `object` | **Required.** The pull request that was acted on. |
|
||||
| `requested_reviewer` | `object` | Present for review request events. |
|
||||
| `repository` | `object` | **Required.** The repository containing the pull request. |
|
||||
| `sender` | `object` | **Required.** The user who performed the action. |
|
||||
| `commit_id` | `string` | The commit SHA associated with the pull request action, if applicable. |
|
||||
| `review` | `object` | Present for pull request review events. |
|
||||
|
||||
#### `pull_request_assign`
|
||||
|
||||
This event occurs when a pull request is assigned or unassigned.
|
||||
|
||||
**Action type:** `assigned`, `unassigned`
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `action` | `string` | **Required.** The assignment action. |
|
||||
| `number` | `integer` | **Required.** The pull request number. |
|
||||
| `changes` | `object` | Optional. Previous values for edited fields or label deltas. |
|
||||
| `pull_request` | `object` | **Required.** The pull request that was acted on. |
|
||||
| `requested_reviewer` | `object` | Present for review request events. |
|
||||
| `repository` | `object` | **Required.** The repository containing the pull request. |
|
||||
| `sender` | `object` | **Required.** The user who performed the action. |
|
||||
| `commit_id` | `string` | The commit SHA associated with the pull request action, if applicable. |
|
||||
| `review` | `object` | Present for pull request review events. |
|
||||
|
||||
#### `pull_request_label`
|
||||
|
||||
This event occurs when pull request labels are updated or cleared.
|
||||
|
||||
**Action type:** `label_updated`, `label_cleared`
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `action` | `string` | **Required.** The label update action. |
|
||||
| `number` | `integer` | **Required.** The pull request number. |
|
||||
| `changes` | `object` | Optional. Previous values for edited fields or label deltas. |
|
||||
| `pull_request` | `object` | **Required.** The pull request that was acted on. |
|
||||
| `requested_reviewer` | `object` | Present for review request events. |
|
||||
| `repository` | `object` | **Required.** The repository containing the pull request. |
|
||||
| `sender` | `object` | **Required.** The user who performed the action. |
|
||||
| `commit_id` | `string` | The commit SHA associated with the pull request action, if applicable. |
|
||||
| `review` | `object` | Present for pull request review events. |
|
||||
|
||||
#### `pull_request_milestone`
|
||||
|
||||
This event occurs when a pull request is milestoned or demilestoned.
|
||||
|
||||
**Action type:** `milestoned`, `demilestoned`
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `action` | `string` | **Required.** The milestone action. |
|
||||
| `number` | `integer` | **Required.** The pull request number. |
|
||||
| `changes` | `object` | Optional. Previous values for edited fields or label deltas. |
|
||||
| `pull_request` | `object` | **Required.** The pull request that was acted on. |
|
||||
| `requested_reviewer` | `object` | Present for review request events. |
|
||||
| `repository` | `object` | **Required.** The repository containing the pull request. |
|
||||
| `sender` | `object` | **Required.** The user who performed the action. |
|
||||
| `commit_id` | `string` | The commit SHA associated with the pull request action, if applicable. |
|
||||
| `review` | `object` | Present for pull request review events. |
|
||||
|
||||
#### `pull_request_comment`
|
||||
|
||||
This event occurs when a timeline comment on a pull request is created, edited, or deleted.
|
||||
|
||||
**Action type:** `created`, `edited`, `deleted`
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `action` | `string` | **Required.** The comment action. |
|
||||
| `issue` | `object` | **Required.** The related issue record for the pull request. |
|
||||
| `pull_request` | `object` | **Required.** The pull request the timeline comment belongs to. |
|
||||
| `comment` | `object` | **Required.** The comment that was created, edited, or deleted. |
|
||||
| `changes` | `object` | Optional. Previous comment body when the action is `edited`. |
|
||||
| `repository` | `object` | **Required.** The repository containing the pull request. |
|
||||
| `sender` | `object` | **Required.** The user who performed the action. |
|
||||
| `is_pull` | `boolean` | **Required.** Always `true` for this event. |
|
||||
|
||||
#### `pull_request_review`
|
||||
|
||||
This is a subscription-only umbrella event in the webhook settings UI.
|
||||
|
||||
It does not have its own delivery payload. When selected, Gitea delivers the
|
||||
more specific events `pull_request_review_approved`,
|
||||
`pull_request_review_rejected`, and `pull_request_review_comment`.
|
||||
|
||||
#### `pull_request_review_approved`
|
||||
|
||||
This event occurs when a pull request review is submitted with approval.
|
||||
|
||||
**Action type:** `reviewed`
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `action` | `string` | **Required.** Always `reviewed`. |
|
||||
| `number` | `integer` | **Required.** The pull request number. |
|
||||
| `changes` | `object` | Optional. Previous values for edited fields or label deltas. |
|
||||
| `pull_request` | `object` | **Required.** The pull request that was reviewed. |
|
||||
| `requested_reviewer` | `object` | Present for review request events. |
|
||||
| `repository` | `object` | **Required.** The repository containing the pull request. |
|
||||
| `sender` | `object` | **Required.** The user who submitted the review. |
|
||||
| `commit_id` | `string` | The commit SHA associated with the review event, if applicable. |
|
||||
| `review` | `object` | **Required.** The review payload. For this event, `review.type` is `approved`. |
|
||||
|
||||
#### `pull_request_review_rejected`
|
||||
|
||||
This event occurs when a pull request review is submitted with a rejection or a
|
||||
request for changes.
|
||||
|
||||
**Action type:** `reviewed`
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `action` | `string` | **Required.** Always `reviewed`. |
|
||||
| `number` | `integer` | **Required.** The pull request number. |
|
||||
| `changes` | `object` | Optional. Previous values for edited fields or label deltas. |
|
||||
| `pull_request` | `object` | **Required.** The pull request that was reviewed. |
|
||||
| `requested_reviewer` | `object` | Present for review request events. |
|
||||
| `repository` | `object` | **Required.** The repository containing the pull request. |
|
||||
| `sender` | `object` | **Required.** The user who submitted the review. |
|
||||
| `commit_id` | `string` | The commit SHA associated with the review event, if applicable. |
|
||||
| `review` | `object` | **Required.** The review payload. For this event, `review.type` is `rejected`. |
|
||||
|
||||
#### `pull_request_review_comment`
|
||||
|
||||
This event occurs when a pull request review is submitted as a comment.
|
||||
|
||||
**Action type:** `reviewed`
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `action` | `string` | **Required.** Always `reviewed`. |
|
||||
| `number` | `integer` | **Required.** The pull request number. |
|
||||
| `changes` | `object` | Optional. Previous values for edited fields or label deltas. |
|
||||
| `pull_request` | `object` | **Required.** The pull request that was reviewed. |
|
||||
| `requested_reviewer` | `object` | Present for review request events. |
|
||||
| `repository` | `object` | **Required.** The repository containing the pull request. |
|
||||
| `sender` | `object` | **Required.** The user who submitted the review. |
|
||||
| `commit_id` | `string` | The commit SHA associated with the review event, if applicable. |
|
||||
| `review` | `object` | **Required.** The review payload. For this event, `review.type` is `comment`. |
|
||||
|
||||
#### `pull_request_sync`
|
||||
|
||||
This event occurs when a pull request is synchronized after new commits are pushed.
|
||||
|
||||
**Action type:** `synchronized`
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `action` | `string` | **Required.** Always `synchronized`. |
|
||||
| `number` | `integer` | **Required.** The pull request number. |
|
||||
| `changes` | `object` | Optional. Previous values for edited fields or label deltas. |
|
||||
| `pull_request` | `object` | **Required.** The pull request that was synchronized. |
|
||||
| `requested_reviewer` | `object` | Present for review request events. |
|
||||
| `repository` | `object` | **Required.** The repository containing the pull request. |
|
||||
| `sender` | `object` | **Required.** The user who performed the synchronization. |
|
||||
| `commit_id` | `string` | The commit SHA associated with the synchronization event, if applicable. |
|
||||
| `review` | `object` | Present for pull request review events. |
|
||||
|
||||
#### `pull_request_review_request`
|
||||
|
||||
This event occurs when a reviewer is requested or a review request is removed.
|
||||
|
||||
**Action type:** `review_requested`, `review_request_removed`
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `action` | `string` | **Required.** The review request action. |
|
||||
| `number` | `integer` | **Required.** The pull request number. |
|
||||
| `changes` | `object` | Optional. Previous values for edited fields or label deltas. |
|
||||
| `pull_request` | `object` | **Required.** The pull request that was acted on. |
|
||||
| `requested_reviewer` | `object` | The reviewer that was requested or removed. |
|
||||
| `repository` | `object` | **Required.** The repository containing the pull request. |
|
||||
| `sender` | `object` | **Required.** The user who performed the action. |
|
||||
| `commit_id` | `string` | The commit SHA associated with the pull request action, if applicable. |
|
||||
| `review` | `object` | Present for pull request review events. |
|
||||
|
||||
### Workflow Events
|
||||
|
||||
- `workflow_run`, `workflow_job`
|
||||
|
||||
#### `workflow_run`
|
||||
|
||||
This event occurs when a Gitea Actions workflow run changes status.
|
||||
|
||||
**Action type:** `queued`, `waiting`, `in_progress`, `completed`
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `action` | `string` | **Required.** The workflow run status transition. |
|
||||
| `workflow` | `object` | **Required.** The workflow definition. |
|
||||
| `workflow_run` | `object` | **Required.** The workflow run that was acted on. |
|
||||
| `pull_request` | `object` | Present when the workflow run is associated with a pull request. |
|
||||
| `organization` | `object` | Present when the repository owner is an organization. |
|
||||
| `repository` | `object` | **Required.** The repository containing the workflow. |
|
||||
| `sender` | `object` | **Required.** The user who triggered the workflow run update. |
|
||||
|
||||
#### `workflow_job`
|
||||
|
||||
This event occurs when a Gitea Actions workflow job changes status.
|
||||
|
||||
**Action type:** `queued`, `waiting`, `in_progress`, `completed`
|
||||
|
||||
##### Payload parameters
|
||||
|
||||
| Name | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| `action` | `string` | **Required.** The workflow job status transition. |
|
||||
| `workflow_job` | `object` | **Required.** The workflow job that was acted on. |
|
||||
| `pull_request` | `object` | Present when the workflow job is associated with a pull request. |
|
||||
| `organization` | `object` | Present when the repository owner is an organization. |
|
||||
| `repository` | `object` | **Required.** The repository containing the workflow job. |
|
||||
| `sender` | `object` | **Required.** The user who triggered the workflow job update. |
|
||||
|
||||
## Testing, recent deliveries, and replay
|
||||
|
||||
Each webhook page includes:
|
||||
|
||||
- `Test Delivery`, which sends a synthetic `push` event for the repository.
|
||||
- `Recent Deliveries`, which shows request and response details.
|
||||
- `Redelivery`, which replays an earlier webhook delivery.
|
||||
|
||||
If the repository has no commits yet, the test delivery uses a generated fake
|
||||
commit so the webhook can still be exercised.
|
||||
|
||||
## Administration notes
|
||||
|
||||
Administrators can further control webhook delivery with instance settings such
|
||||
as host allow lists, delivery timeouts, and cleanup policies. See the
|
||||
[Webhook section of the configuration cheat sheet](../../administration/config-cheat-sheet.md#webhook-webhook).
|
||||
9
docs/usage/user-setting/_category_.json
Normal file
9
docs/usage/user-setting/_category_.json
Normal file
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"label": "User Setting",
|
||||
"position": 200,
|
||||
"link": {
|
||||
"type": "generated-index",
|
||||
"slug": "/usage/user-setting",
|
||||
"description": "Configuring user preferences and settings"
|
||||
}
|
||||
}
|
||||
@@ -1,9 +1,9 @@
|
||||
---
|
||||
date: "2023-08-22T14:21:00+08:00"
|
||||
|
||||
slug: "multi-factor-authentication"
|
||||
weight: 15
|
||||
|
||||
aliases:
|
||||
- /multi-factor-authentication
|
||||
---
|
||||
|
||||
# Multi-factor Authentication (MFA)
|
||||
@@ -1,189 +0,0 @@
|
||||
---
|
||||
date: "2016-12-01T16:00:00+02:00"
|
||||
slug: "webhooks"
|
||||
sidebar_position: 30
|
||||
aliases:
|
||||
- /en-us/webhooks
|
||||
---
|
||||
|
||||
# Webhooks
|
||||
|
||||
Gitea supports webhooks for repository events. This can be configured in the settings
|
||||
page `/:username/:reponame/settings/hooks` by a repository admin. Webhooks can also be configured on a per-organization and whole system basis.
|
||||
All event pushes are POST requests. The methods currently supported are:
|
||||
|
||||
- Gitea (can also be a GET request)
|
||||
- Gogs
|
||||
- Slack
|
||||
- Discord
|
||||
- Dingtalk
|
||||
- Telegram
|
||||
- Microsoft Teams
|
||||
- Feishu
|
||||
- Wechatwork
|
||||
- Packagist
|
||||
|
||||
### Event information
|
||||
|
||||
:::warning
|
||||
The `secret` field in the payload is deprecated as of Gitea 1.13.0 and will be removed in 1.14.0: https://github.com/go-gitea/gitea/issues/11755
|
||||
:::
|
||||
|
||||
The following is an example of event information that will be sent by Gitea to
|
||||
a Payload URL:
|
||||
|
||||
```http
|
||||
X-GitHub-Delivery: f6266f16-1bf3-46a5-9ea4-602e06ead473
|
||||
X-GitHub-Event: push
|
||||
X-Gogs-Delivery: f6266f16-1bf3-46a5-9ea4-602e06ead473
|
||||
X-Gogs-Event: push
|
||||
X-Gitea-Delivery: f6266f16-1bf3-46a5-9ea4-602e06ead473
|
||||
X-Gitea-Event: push
|
||||
```
|
||||
|
||||
```json
|
||||
{
|
||||
"secret": "3gEsCfjlV2ugRwgpU#w1*WaW*wa4NXgGmpCfkbG3",
|
||||
"ref": "refs/heads/develop",
|
||||
"before": "28e1879d029cb852e4844d9c718537df08844e03",
|
||||
"after": "bffeb74224043ba2feb48d137756c8a9331c449a",
|
||||
"compare_url": "http://localhost:3000/gitea/webhooks/compare/28e1879d029cb852e4844d9c718537df08844e03...bffeb74224043ba2feb48d137756c8a9331c449a",
|
||||
"commits": [
|
||||
{
|
||||
"id": "bffeb74224043ba2feb48d137756c8a9331c449a",
|
||||
"message": "Webhooks Yay!",
|
||||
"url": "http://localhost:3000/gitea/webhooks/commit/bffeb74224043ba2feb48d137756c8a9331c449a",
|
||||
"author": {
|
||||
"name": "Gitea",
|
||||
"email": "someone@gitea.io",
|
||||
"username": "gitea"
|
||||
},
|
||||
"committer": {
|
||||
"name": "Gitea",
|
||||
"email": "someone@gitea.io",
|
||||
"username": "gitea"
|
||||
},
|
||||
"timestamp": "2017-03-13T13:52:11-04:00"
|
||||
}
|
||||
],
|
||||
"repository": {
|
||||
"id": 140,
|
||||
"owner": {
|
||||
"id": 1,
|
||||
"login": "gitea",
|
||||
"full_name": "Gitea",
|
||||
"email": "someone@gitea.io",
|
||||
"avatar_url": "https://localhost:3000/avatars/1",
|
||||
"username": "gitea"
|
||||
},
|
||||
"name": "webhooks",
|
||||
"full_name": "gitea/webhooks",
|
||||
"description": "",
|
||||
"private": false,
|
||||
"fork": false,
|
||||
"html_url": "http://localhost:3000/gitea/webhooks",
|
||||
"ssh_url": "ssh://gitea@localhost:2222/gitea/webhooks.git",
|
||||
"clone_url": "http://localhost:3000/gitea/webhooks.git",
|
||||
"website": "",
|
||||
"stars_count": 0,
|
||||
"forks_count": 1,
|
||||
"watchers_count": 1,
|
||||
"open_issues_count": 7,
|
||||
"default_branch": "master",
|
||||
"created_at": "2017-02-26T04:29:06-05:00",
|
||||
"updated_at": "2017-03-13T13:51:58-04:00"
|
||||
},
|
||||
"pusher": {
|
||||
"id": 1,
|
||||
"login": "gitea",
|
||||
"full_name": "Gitea",
|
||||
"email": "someone@gitea.io",
|
||||
"avatar_url": "https://localhost:3000/avatars/1",
|
||||
"username": "gitea"
|
||||
},
|
||||
"sender": {
|
||||
"id": 1,
|
||||
"login": "gitea",
|
||||
"full_name": "Gitea",
|
||||
"email": "someone@gitea.io",
|
||||
"avatar_url": "https://localhost:3000/avatars/1",
|
||||
"username": "gitea"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
### Example
|
||||
|
||||
This is an example of how to use webhooks to run a php script upon push requests to the repository.
|
||||
In your repository Settings, under Webhooks, Setup a Gitea webhook as follows:
|
||||
|
||||
- Target URL: http://mydomain.com/webhook.php
|
||||
- HTTP Method: POST
|
||||
- POST Content Type: application/json
|
||||
- Secret: 123
|
||||
- Trigger On: Push Events
|
||||
- Active: Checked
|
||||
|
||||
Now on your server create the php file webhook.php
|
||||
|
||||
```php
|
||||
<?php
|
||||
|
||||
$secret_key = '123';
|
||||
|
||||
// check for POST request
|
||||
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
|
||||
error_log('FAILED - not POST - '. $_SERVER['REQUEST_METHOD']);
|
||||
exit();
|
||||
}
|
||||
|
||||
// get content type
|
||||
$content_type = isset($_SERVER['CONTENT_TYPE']) ? strtolower(trim($_SERVER['CONTENT_TYPE'])) : '';
|
||||
|
||||
if ($content_type != 'application/json') {
|
||||
error_log('FAILED - not application/json - '. $content_type);
|
||||
exit();
|
||||
}
|
||||
|
||||
// get payload
|
||||
$payload = trim(file_get_contents("php://input"));
|
||||
|
||||
if (empty($payload)) {
|
||||
error_log('FAILED - no payload');
|
||||
exit();
|
||||
}
|
||||
|
||||
// get header signature
|
||||
$header_signature = isset($_SERVER['HTTP_X_GITEA_SIGNATURE']) ? $_SERVER['HTTP_X_GITEA_SIGNATURE'] : '';
|
||||
|
||||
if (empty($header_signature)) {
|
||||
error_log('FAILED - header signature missing');
|
||||
exit();
|
||||
}
|
||||
|
||||
// calculate payload signature
|
||||
$payload_signature = hash_hmac('sha256', $payload, $secret_key, false);
|
||||
|
||||
// check payload signature against header signature
|
||||
if ($header_signature !== $payload_signature) {
|
||||
error_log('FAILED - payload signature');
|
||||
exit();
|
||||
}
|
||||
|
||||
// convert json to array
|
||||
$decoded = json_decode($payload, true);
|
||||
|
||||
// check for json decode errors
|
||||
if (json_last_error() !== JSON_ERROR_NONE) {
|
||||
error_log('FAILED - json decode - '. json_last_error());
|
||||
exit();
|
||||
}
|
||||
|
||||
// success, do something
|
||||
```
|
||||
|
||||
There is a Test Delivery button in the webhook settings that allows to test the configuration as well as a list of the most Recent Deliveries.
|
||||
|
||||
### Authorization header
|
||||
|
||||
**With 1.19**, Gitea hooks can be configured to send an [authorization header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization) to the webhook target.
|
||||
@@ -29,7 +29,19 @@ const apiConfig = [
|
||||
},
|
||||
{
|
||||
route: "/api/",
|
||||
spec: "static/swagger-23.json",
|
||||
spec: "static/swagger-26.json",
|
||||
},
|
||||
{
|
||||
route: "/api/1.27/",
|
||||
spec: "static/swagger-27.json",
|
||||
},
|
||||
{
|
||||
route: "/api/1.26/",
|
||||
spec: "static/swagger-26.json",
|
||||
},
|
||||
{
|
||||
route: "/api/1.25/",
|
||||
spec: "static/swagger-25.json",
|
||||
},
|
||||
{
|
||||
route: "/api/1.24/",
|
||||
@@ -43,18 +55,6 @@ const apiConfig = [
|
||||
route: "/api/1.22/",
|
||||
spec: "static/swagger-22.json",
|
||||
},
|
||||
{
|
||||
route: "/api/1.21/",
|
||||
spec: "static/swagger-21.json",
|
||||
},
|
||||
{
|
||||
route: "/api/1.20/",
|
||||
spec: "static/swagger-20.json",
|
||||
},
|
||||
{
|
||||
route: "/api/1.19/",
|
||||
spec: "static/swagger-19.json",
|
||||
},
|
||||
]
|
||||
: [],
|
||||
// Theme Options for modifying how redoc renders them
|
||||
@@ -72,37 +72,67 @@ const pageConfig = renderApiSSR
|
||||
: {};
|
||||
|
||||
const globalVariables = {
|
||||
current: {
|
||||
goVersion: "1.23",
|
||||
minGoVersion: "1.23",
|
||||
minNodeVersion: "18",
|
||||
"current": {
|
||||
goVersion: "1.26",
|
||||
minGoVersion: "1.26",
|
||||
minNodeVersion: "22",
|
||||
version: "main-nightly",
|
||||
sourceVersion: "main",
|
||||
sourceBranch: "main",
|
||||
dockerVersion: "nightly",
|
||||
displayVersion: "1.25-dev",
|
||||
displayVersion: "1.28-dev",
|
||||
},
|
||||
1.24: {
|
||||
"1.27": {
|
||||
goVersion: "1.26",
|
||||
minGoVersion: "1.26",
|
||||
minNodeVersion: "24",
|
||||
version: "1.27.0-rc0",
|
||||
sourceVersion: "v1.27.0-rc0",
|
||||
sourceBranch: "release/v1.27",
|
||||
dockerVersion: "1.27.0-rc0",
|
||||
displayVersion: "1.27.0-rc0",
|
||||
},
|
||||
"1.26": {
|
||||
goVersion: "1.26",
|
||||
minGoVersion: "1.26",
|
||||
minNodeVersion: "22",
|
||||
version: "1.26.4",
|
||||
sourceVersion: "v1.26.4",
|
||||
sourceBranch: "release/v1.26",
|
||||
dockerVersion: "1.26.4",
|
||||
displayVersion: "1.26.4",
|
||||
},
|
||||
"1.25": {
|
||||
goVersion: "1.25",
|
||||
minGoVersion: "1.25",
|
||||
minNodeVersion: "22",
|
||||
version: "1.25.5",
|
||||
sourceVersion: "v1.25.0",
|
||||
sourceBranch: "release/v1.25",
|
||||
dockerVersion: "1.25.5",
|
||||
displayVersion: "1.25.5",
|
||||
},
|
||||
"1.24": {
|
||||
goVersion: "1.24",
|
||||
minGoVersion: "1.23",
|
||||
minNodeVersion: "18",
|
||||
version: "1.24.0-rc0",
|
||||
sourceVersion: "v1.24.0-rc0",
|
||||
minGoVersion: "1.24",
|
||||
minNodeVersion: "22",
|
||||
version: "1.24.7",
|
||||
sourceVersion: "v1.24.0",
|
||||
sourceBranch: "release/v1.24",
|
||||
dockerVersion: "1.24.0-rc0",
|
||||
displayVersion: "1.24.0-rc0",
|
||||
dockerVersion: "1.24.7",
|
||||
displayVersion: "1.24.7",
|
||||
},
|
||||
1.23: {
|
||||
"1.23": {
|
||||
goVersion: "1.23",
|
||||
minGoVersion: "1.22",
|
||||
minNodeVersion: "18",
|
||||
version: "1.23.8",
|
||||
sourceVersion: "v1.23.0",
|
||||
sourceVersion: "v1.23.8",
|
||||
sourceBranch: "release/v1.23",
|
||||
dockerVersion: "1.23.8",
|
||||
displayVersion: "1.23.8",
|
||||
},
|
||||
1.22: {
|
||||
"1.22": {
|
||||
goVersion: "1.22",
|
||||
minGoVersion: "1.22",
|
||||
minNodeVersion: "18",
|
||||
@@ -112,61 +142,31 @@ const globalVariables = {
|
||||
dockerVersion: "1.22.6",
|
||||
displayVersion: "1.22.6",
|
||||
},
|
||||
1.21: {
|
||||
goVersion: "1.21",
|
||||
minGoVersion: "1.21",
|
||||
minNodeVersion: "18",
|
||||
version: "1.21.11",
|
||||
sourceVersion: "v1.21.11",
|
||||
sourceBranch: "release/v1.21",
|
||||
dockerVersion: "1.21.11",
|
||||
displayVersion: "1.21.11",
|
||||
},
|
||||
"1.20": {
|
||||
goVersion: "1.20",
|
||||
minGoVersion: "1.20",
|
||||
minNodeVersion: "16",
|
||||
version: "1.20.6",
|
||||
sourceVersion: "v1.20.6",
|
||||
sourceBranch: "release/v1.20",
|
||||
dockerVersion: "1.20.6",
|
||||
displayVersion: "1.20.6",
|
||||
},
|
||||
1.19: {
|
||||
goVersion: "1.20",
|
||||
minGoVersion: "1.19",
|
||||
minNodeVersion: "14",
|
||||
version: "1.19.4",
|
||||
sourceVersion: "v1.19.4",
|
||||
sourceBranch: "release/v1.19",
|
||||
dockerVersion: "1.19.4",
|
||||
displayVersion: "1.19.4",
|
||||
},
|
||||
};
|
||||
|
||||
const versions = {
|
||||
current: {
|
||||
"current": {
|
||||
label: globalVariables["current"].displayVersion, // path is kept as next for dev (so users can always find "nightly" docs)
|
||||
banner: "unreleased",
|
||||
},
|
||||
1.24: {
|
||||
"1.27": {
|
||||
label: globalVariables["1.27"].displayVersion,
|
||||
},
|
||||
"1.26": {
|
||||
label: globalVariables["1.26"].displayVersion,
|
||||
},
|
||||
"1.25": {
|
||||
label: globalVariables["1.25"].displayVersion,
|
||||
},
|
||||
"1.24": {
|
||||
label: globalVariables["1.24"].displayVersion,
|
||||
},
|
||||
1.23: {
|
||||
"1.23": {
|
||||
label: globalVariables["1.23"].displayVersion,
|
||||
},
|
||||
1.22: {
|
||||
"1.22": {
|
||||
label: globalVariables["1.22"].displayVersion,
|
||||
},
|
||||
1.21: {
|
||||
label: globalVariables["1.21"].displayVersion,
|
||||
},
|
||||
"1.20": {
|
||||
label: globalVariables["1.20"].displayVersion,
|
||||
},
|
||||
1.19: {
|
||||
label: globalVariables["1.19"].displayVersion,
|
||||
},
|
||||
};
|
||||
|
||||
/** @type {import('@docusaurus/types').Config} */
|
||||
@@ -176,10 +176,10 @@ const config = {
|
||||
url: "https://docs.gitea.com",
|
||||
baseUrl: "/",
|
||||
onBrokenLinks: "warn",
|
||||
onBrokenMarkdownLinks: "warn",
|
||||
favicon: "img/favicon.png",
|
||||
future: {
|
||||
experimental_faster: true,
|
||||
faster: true,
|
||||
v4: true
|
||||
},
|
||||
plugins: [
|
||||
[
|
||||
@@ -193,8 +193,8 @@ const config = {
|
||||
[
|
||||
"@docusaurus/plugin-content-docs",
|
||||
{
|
||||
id: "runner",
|
||||
path: "runner",
|
||||
id: "runner-docs",
|
||||
path: "runner-docs",
|
||||
routeBasePath: "runner",
|
||||
//sidebarPath: './runner/sidebars.js',
|
||||
versions: {
|
||||
@@ -202,12 +202,16 @@ const config = {
|
||||
label: "main",
|
||||
banner: "unreleased",
|
||||
},
|
||||
"1.0.8": {
|
||||
path: "1.0.8",
|
||||
label: "1.0.8",
|
||||
},
|
||||
"0.2.11": {
|
||||
path: "0.2.11",
|
||||
label: "0.2.11",
|
||||
},
|
||||
},
|
||||
lastVersion: "0.2.11",
|
||||
lastVersion: "1.0.8",
|
||||
editUrl: ({
|
||||
versionDocsDirPath,
|
||||
docPath,
|
||||
@@ -217,8 +221,8 @@ const config = {
|
||||
}) => {
|
||||
return `https://gitea.com/gitea/docs/src/branch/main/${
|
||||
version === "current"
|
||||
? "runner"
|
||||
: `runner_versioned_docs/version-${version}`
|
||||
? "runner-docs"
|
||||
: `runner-docs_versioned_docs/version-${version}`
|
||||
}/${docPath}`;
|
||||
},
|
||||
async sidebarItemsGenerator({ defaultSidebarItemsGenerator, ...args }) {
|
||||
@@ -283,7 +287,7 @@ const config = {
|
||||
}/${docPath}`;
|
||||
},
|
||||
versions: versions,
|
||||
lastVersion: "1.23",
|
||||
lastVersion: "1.26",
|
||||
async sidebarItemsGenerator({
|
||||
defaultSidebarItemsGenerator,
|
||||
...args
|
||||
@@ -311,6 +315,9 @@ const config = {
|
||||
apiConfig,
|
||||
],
|
||||
markdown: {
|
||||
hooks: {
|
||||
onBrokenMarkdownLinks: "warn",
|
||||
},
|
||||
preprocessor: ({ filePath, fileContent }) => {
|
||||
var key = "";
|
||||
var found = false;
|
||||
@@ -390,16 +397,16 @@ const config = {
|
||||
label: "Docs",
|
||||
},
|
||||
{
|
||||
to: "/api/1.23/",
|
||||
to: "/api/1.26/",
|
||||
label: "API",
|
||||
position: "left",
|
||||
activeBaseRegex: "api/(1.19|1.20|1.21|1.22|1.23|1.24|next)/",
|
||||
activeBaseRegex: "api/(1.22|1.23|1.24|1.25|1.26|1.27|next)/",
|
||||
},
|
||||
{
|
||||
to: "/runner/0.2.11/",
|
||||
to: "/runner/1.0.8/",
|
||||
label: "Runner",
|
||||
position: "left",
|
||||
activeBaseRegex: "runner/(0.2.11|next)/",
|
||||
activeBaseRegex: "runner/(1.0.8|0.2.11|next)/",
|
||||
},
|
||||
{
|
||||
position: "left",
|
||||
@@ -426,13 +433,13 @@ const config = {
|
||||
label: "API Version",
|
||||
position: "right",
|
||||
items: [
|
||||
{ to: "/api/next/", label: "1.25-dev" },
|
||||
{ to: "/api/1.24/", label: "1.24.0-rc0" },
|
||||
{ to: "/api/next/", label: "1.28-dev" },
|
||||
{ to: "/api/1.27/", label: "1.27.0-rc0" },
|
||||
{ to: "/api/1.26/", label: "1.26.4" },
|
||||
{ to: "/api/1.25/", label: "1.25.5" },
|
||||
{ to: "/api/1.24/", label: "1.24.7" },
|
||||
{ to: "/api/1.23/", label: "1.23.8" },
|
||||
{ to: "/api/1.22/", label: "1.22.6" },
|
||||
{ to: "/api/1.21/", label: "1.21.11" },
|
||||
{ to: "/api/1.20/", label: "1.20.6" },
|
||||
{ to: "/api/1.19/", label: "1.19.4" },
|
||||
],
|
||||
routerRgx: "/api/",
|
||||
classNames: "api-dropdown",
|
||||
@@ -443,6 +450,7 @@ const config = {
|
||||
position: "right",
|
||||
items: [
|
||||
{ to: "/runner/next/", label: "development" },
|
||||
{ to: "/runner/1.0.8/", label: "1.0.8" },
|
||||
{ to: "/runner/0.2.11/", label: "0.2.11" },
|
||||
],
|
||||
routerRgx: "/runner/",
|
||||
@@ -481,10 +489,6 @@ const config = {
|
||||
label: "Discord",
|
||||
href: "https://discord.gg/gitea",
|
||||
},
|
||||
{
|
||||
label: "Matrix",
|
||||
href: "https://matrix.to/#/#gitea-space:matrix.org",
|
||||
},
|
||||
{
|
||||
label: "Forum",
|
||||
href: "https://forum.gitea.com/",
|
||||
@@ -497,6 +501,10 @@ const config = {
|
||||
label: "Mastodon",
|
||||
href: "https://social.gitea.io/@gitea",
|
||||
},
|
||||
{
|
||||
label: "Bluesky",
|
||||
href: "https://bsky.app/profile/gitea.com",
|
||||
},
|
||||
],
|
||||
},
|
||||
{
|
||||
|
||||
@@ -0,0 +1,8 @@
|
||||
{
|
||||
"sidebar.docs.category.actions": {
|
||||
"message": "Actions"
|
||||
},
|
||||
"sidebar.docs.category.packages": {
|
||||
"message": "Packages"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,8 @@
|
||||
{
|
||||
"sidebar.docs.category.actions": {
|
||||
"message": "Actions"
|
||||
},
|
||||
"sidebar.docs.category.packages": {
|
||||
"message": "Packages"
|
||||
}
|
||||
}
|
||||
@@ -1,12 +0,0 @@
|
||||
---
|
||||
date: "2016-12-01T16:00:00+02:00"
|
||||
title: "运维"
|
||||
slug: "administration"
|
||||
sidebar_position: 30
|
||||
|
||||
menu:
|
||||
sidebar:
|
||||
name: "运维"
|
||||
sidebar_position: 20
|
||||
identifier: "administration"
|
||||
---
|
||||
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"label": "运维",
|
||||
"position": 30,
|
||||
"link": {
|
||||
"type": "generated-index",
|
||||
"slug": "/administration",
|
||||
"title": "运维"
|
||||
}
|
||||
}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user