BREAKING CHANGE: remove forgejo

Merge pull request 'feat: support Git LFS on plain gitea' (#57 ) from lfs into master
Reviewed-on: #57 Reviewed-by: ammaratef45 <ammaratef45@proton.me>
2026-06-16 18:33:21 -03:00 · 2026-06-15 21:08:52 +00:00 · 2026-06-15 19:33:03 +00:00 · 2026-06-04 16:47:00 +00:00 · 2026-06-04 16:46:28 +00:00 · 2026-05-19 03:43:34 +00:00
10 changed files with 56 additions and 21 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -51,7 +51,7 @@ steps:
        from_secret: drone_abra-bot_token
      fork: true
      repositories:
-        - coop-cloud/auto-recipes-catalogue-json
+        - toolshed/auto-recipes-catalogue-json

 trigger:
  event: tag
--- a/.env.sample
+++ b/.env.sample
@ -8,8 +8,10 @@ COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
 # COMPOSE_FILE="$COMPOSE_FILE:compose.sqlite3.yml"
 # COMPOSE_FILE="$COMPOSE_FILE:compose.postgres.yml"

-# Enable to use forgejo instead of gitea
-# COMPOSE_FILE="$COMPOSE_FILE:compose.forgejo.yml"
+# Enable Git LFS on plain gitea (not needed with forgejo, which bundles it).
+# Mounts the lfs_jwt_secret secret and sets GITEA_LFS_START_SERVER=true.
+# COMPOSE_FILE="$COMPOSE_FILE:compose.lfs.yml"
+# SECRET_LFS_JWT_SECRET_VERSION=v1 # length=43

 GITEA_DOMAIN=git.example.com
 GITEA_ALLOW_ONLY_EXTERNAL_REGISTRATION=true
@ -33,6 +35,7 @@ GITEA_DEFAULT_ORG_VISIBILITY=limited
 GITEA_REQUIRE_SIGNIN_VIEW=true
 GITEA_ENABLE_PUSH_CREATE_USER=false
 GITEA_ENABLE_PUSH_CREATE_ORG=false
+GITEA_LFS_START_SERVER=false

 GITEA_REPO_UPLOAD_ENABLED=true
 GITEA_REPO_UPLOAD_ALLOWED_TYPES=*/*
@ -67,6 +70,11 @@ SECRET_SECRET_KEY_VERSION=v1 # length=64
 # GITEA_ACCOUNT_LINKING=replace-me
 # GITEA_OAUTH2_CLIENT_ENABLED=replace-me

+# Lifetime of an OAuth2 refresh token in hours, prolly no need to edit. We
+# were hitting issues with infrequently pushed to repos that were not picked
+# up by drone after a month of inactivity, hence the option.
+# GITEA__oauth2__REFRESH_TOKEN_EXPIRATION_TIME=730
+
 # Indexer (for issue search)
 # GITEA_REPO_INDEXER_ENABLED=false
 # GITEA_ISSUE_INDEXER_TYPE=db
--- a/README.md
+++ b/README.md
@ -15,7 +15,7 @@

 ## Basic usage

-1. Set up Docker Swarm and [`abra`][abra]
+1. [Set up Docker Swarm and `abra`][operators-tutorial]
 2. Deploy [`coop-cloud/traefik`][cc-traefik]
 3. `abra app new gitea --secrets` (optionally with `--pass` if you'd like
   to save secrets in `pass`)
@ -23,12 +23,15 @@
   your Docker swarm box
 5. `abra app deploy YOURAPPDOMAIN`

+[operators-tutorial]: https://docs.coopcloud.tech/operators/tutorial/
+[cc-traefik]: https://git.coopcloud.tech/coop-cloud/traefik/
+
 ## Create first user

 Run

 ```bash
-abra app run YOURAPPNAME app gitea -c /etc/gitea/app.ini admin user create --username USERNAME --admin --random-password --email EMAIL
+abra app run YOURAPPNAME app -- gitea -c /etc/gitea/app.ini admin user create --username USERNAME --admin --random-password --email EMAIL
 ```

 See the [Gitea command-line documentation](https://docs.gitea.io/en-us/command-line/) for more options.  Make sure not to forget the `-c /etc/gitea/app.ini`.
@ -36,25 +39,34 @@ See the [Gitea command-line documentation](https://docs.gitea.io/en-us/command-l
 ## Enable SSH

 You most certainly want to be able to access your repository over SSH.  To do so, make sure you uncomment the right lines in the configuration for `traefik`.
-```
+
+```sh
 abra app config YOURTRAEFIKAPP
 ```
+
 There uncomment or add these lines:
-```
+
+```sh
 GITEA_SSH_ENABLED=1
 COMPOSE_FILE="compose.yml:compose.gitea.yml"
 ```
+
 Then redeploy traefik:
-```
+
+```sh
 abra app undeploy YOURTRAEFIKAPP
 abra app deploy YOURTRAEFIKAPP
 ```
+
 You might need to wait a bit.  To check if it worked, you can run
-```
+
+```sh
 telnet my.gitea.example.com 2222
 ```
+
 Once you have added a public SSH key, you can check that you can connect to your gitea server with
-```
+
+```sh
 ssh -T -p 2222 git@my.gitea.example.com
 ```

--- a/abra.sh
+++ b/abra.sh
@ -1,4 +1,4 @@
-export APP_INI_VERSION=v20
+export APP_INI_VERSION=v22
 export DOCKER_SETUP_SH_VERSION=v1
 export PG_BACKUP_VERSION=v1

--- a/app.ini.tmpl
+++ b/app.ini.tmpl
@ -60,6 +60,10 @@ SSH_DOMAIN = {{ env "GITEA_DOMAIN" }}
 SSH_LISTEN_PORT = {{ env "GITEA_SSH_PORT" }}
 SSH_PORT = {{ env "GITEA_SSH_PORT" }}
 START_SSH_SERVER = true
+LFS_START_SERVER = {{ env "GITEA_LFS_START_SERVER" }}
+{{ if (eq (env "GITEA_LFS_START_SERVER") "true") }}
+LFS_JWT_SECRET = {{ secret "lfs_jwt_secret" }}
+{{ end }}

 [security]
 INSTALL_LOCK = true
--- a/compose.forgejo.yml
+++ b/compose.forgejo.yml
@ -1,5 +0,0 @@
-version: '3.8'
-
-services:
-  app:
-    image: codeberg.org/forgejo/forgejo:9.0.3-rootless
--- a/compose.lfs.yml
+++ b/compose.lfs.yml
@ -0,0 +1,13 @@
+version: "3.8"
+
+services:
+  app:
+    environment:
+      - GITEA_LFS_START_SERVER=true
+    secrets:
+      - lfs_jwt_secret
+
+secrets:
+  lfs_jwt_secret:
+    name: ${STACK_NAME}_lfs_jwt_secret_${SECRET_LFS_JWT_SECRET_VERSION}
+    external: true
--- a/compose.postgres.yml
+++ b/compose.postgres.yml
@ -10,7 +10,7 @@ services:
    secrets:
      - db_password
  db:
-    image: postgres:15.10
+    image: postgres:15.13
    deploy:
      labels:
        backupbot.backup.pre-hook: "/pg_backup.sh backup"
--- a/compose.smtp.yml
+++ b/compose.smtp.yml
@ -8,7 +8,7 @@ services:
      - GITEA_MAILER_ADDR
      - GITEA_MAILER_PORT
      - GITEA_MAILER_USER
-      - "GITEA_MAILER_PROTOCOL=${GITEA_MAILER_FROM:-smtps}"
+      - "GITEA_MAILER_PROTOCOL=${GITEA_MAILER_PROTOCOL:-smtps}"
    secrets:
      - smtp_password

--- a/compose.yml
+++ b/compose.yml
@ -3,7 +3,7 @@ version: "3.8"

 services:
  app:
-    image: "gitea/gitea:1.22.6-rootless"
+    image: "gitea/gitea:1.24.2-rootless"
    configs:
      - source: app_ini
        target: /etc/gitea/app.ini
@ -51,6 +51,8 @@ services:
      - GITEA_ALLOWED_USER_VISIBILITY_MODES
      - GITEA_DEFAULT_ORG_VISIBILITY
      - GITEA_REQUIRE_SIGNIN_VIEW
+      - GITEA__oauth2__REFRESH_TOKEN_EXPIRATION_TIME
+      - GITEA_LFS_START_SERVER=${GITEA_LFS_START_SERVER:-false}
    volumes:
      - data:/var/lib/gitea
      - config:/etc/gitea
@ -68,7 +70,7 @@ services:
    deploy:
      update_config:
        failure_action: rollback
-        order: start-first
+        order: stop-first
      labels:
        - "backupbot.backup=${ENABLE_BACKUPS:-true}"
        - "traefik.enable=true"
@ -81,10 +83,11 @@ services:
        - "traefik.tcp.services.${STACK_NAME}-ssh.loadbalancer.server.port=${GITEA_SSH_PORT}"
        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}_cors"
        - "traefik.http.middlewares.${STACK_NAME}_cors.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
+        - "traefik.http.middlewares.${STACK_NAME}_cors.headers.accesscontrolallowheaders=content-type,authorization"
        - "traefik.http.middlewares.${STACK_NAME}_cors.headers.accesscontrolalloworiginlist=https://${GITEA_CORS_ALLOW_DOMAIN}"
        - "traefik.http.middlewares.${STACK_NAME}_cors.headers.accesscontrolmaxage=100"
        - "traefik.http.middlewares.${STACK_NAME}_cors.headers.addvaryheader=true"
-        - coop-cloud.${STACK_NAME}.version=3.0.2+1.22.6-rootless
+        - coop-cloud.${STACK_NAME}.version=3.6.0+1.24.2-rootless


 networks:
Author	SHA1	Message	Date
f	6a0339d3f2	BREAKING CHANGE: remove forgejo	2026-06-16 18:33:21 -03:00
notplants	ce4de9e645	Merge pull request 'feat: support Git LFS on plain gitea' (#57 ) from lfs into master Some checks failed continuous-integration/drone/push Build is failing Details Reviewed-on: #57 Reviewed-by: ammaratef45 <ammaratef45@proton.me>	2026-06-15 21:08:52 +00:00
notplants	357926f26e	feat: support Git LFS on plain gitea All checks were successful continuous-integration/drone/tag Build is passing Details Add an opt-in compose.lfs.yml that mounts the lfs_jwt_secret secret and enables GITEA_LFS_START_SERVER for plain gitea (forgejo already bundles LFS). Emit LFS_JWT_SECRET in app.ini whenever the LFS server is on so the JWT secret is stable across redeploys instead of being regenerated on every restart (app.ini is a read-only config mount). Bump version 3.5.2 -> 3.6.0.	2026-06-15 19:33:03 +00:00
notplants	e6a1cc79e9	Merge pull request 'change deploy logic to stop-first instead of start-first' (#53 ) from stop-first into master Some checks failed continuous-integration/drone/push Build is failing Details continuous-integration/drone/tag Build is passing Details Reviewed-on: #53	2026-06-04 16:47:00 +00:00
notplants	34dd04ac99	Merge branch 'master' into stop-first	2026-06-04 16:46:28 +00:00
ammaratef45	6aa52c1e73	fix abra command in documentation Some checks failed continuous-integration/drone/push Build is failing Details	2026-05-19 03:43:34 +00:00
notplants	e7c4999f78	bump version number to 3.5.3	2026-05-18 12:59:07 -04:00
notplants	c63e1cdd04	change deploy logic to stop-first instead of start-first	2026-05-18 12:51:20 -04:00
3wc	db92e97071	docs: Fix broken README links, appease markdown linter	2026-01-08 21:29:48 -05:00
p4u1	d86d742ed1	Adds missing access controll headers All checks were successful continuous-integration/drone/push Build is passing Details	2025-10-27 18:29:54 +01:00
f	989294173e	chore: publish 3.5.2+1.24.2-rootless release All checks were successful continuous-integration/drone/tag Build is passing Details continuous-integration/drone/push Build is passing Details	2025-09-01 07:44:54 -03:00
f	4e789bf977	fix: forgejo 12.0.2	2025-09-01 07:38:52 -03:00
f	485fa32512	chore: publish 3.5.1+1.24.2-rootless release All checks were successful continuous-integration/drone/tag Build is passing Details continuous-integration/drone/push Build is passing Details	2025-07-26 01:35:54 -03:00
f	54fd30f38a	fix: forgejo 12.0.1	2025-07-26 01:33:48 -03:00
f	6d586f6ad3	chore: publish 3.5.0+1.24.2-rootless release All checks were successful continuous-integration/drone/tag Build is passing Details continuous-integration/drone/push Build is passing Details	2025-07-19 11:42:35 -03:00
f	8c9793ace9	feat: upgrade to forgejo 12	2025-07-19 11:41:41 -03:00
3wc	4cfc2ac2e0	chore: publish 3.4.0+1.24.2-rootless release All checks were successful continuous-integration/drone/tag Build is passing Details continuous-integration/drone/push Build is passing Details	2025-06-25 18:34:34 +01:00
f	ca4733a0b0	fix: upgrade forgejo to 11.0.2 All checks were successful continuous-integration/drone/push Build is passing Details	2025-06-19 10:26:08 -03:00
fauno	5a65ef04c5	Merge pull request 'feat: forgejo 11' (#45 ) from forgejo into master All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #45	2025-06-19 13:21:57 +00:00
3wc	270ed7bb93	chore: publish 3.3.1+1.23.8-rootless release Some checks failed continuous-integration/drone/tag Build is passing Details continuous-integration/drone/push Build is failing Details	2025-05-16 20:54:29 +02:00
3wordchant	b2c9d95e60	Merge pull request 'fix: security release' (#44 ) from upgrade into master All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #44	2025-05-16 18:53:40 +00:00
3wordchant	88b226f713	Merge branch 'master' into upgrade	2025-05-16 18:53:32 +00:00
f	94af9cea9e	feat: forgejo 11	2025-05-15 14:36:29 -03:00
fauno	85dcf3a0b1	Merge pull request 'forgejo upgrade' (#41 ) from forgejo into master All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #41 Reviewed-by: decentral1se <decentral1se@noreply.git.coopcloud.tech>	2025-05-15 17:27:24 +00:00
f	3840e87f2f	fix: security release https://blog.gitea.com/release-of-1.23.8/	2025-05-15 14:24:52 -03:00
f	777aad5da4	Merge branch 'master' into forgejo	2025-05-15 14:22:53 -03:00
fauno	5350ce207f	Merge pull request 'feat: lfs server' (#42 ) from lfs into master All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #42	2025-05-15 17:22:06 +00:00
Cassowary	2bfec14654	Update .drone.yml All checks were successful continuous-integration/drone/push Build is passing Details	2025-04-10 10:50:49 -07:00
f	b44e18f063	feat: configuration by forge	2025-02-20 09:17:58 -03:00
f	77624221b4	feat: lfs server	2025-02-18 15:44:59 -03:00
f	ce632c8e5f	Merge branch 'master' of https://git.coopcloud.tech/coop-cloud/gitea	2025-02-13 12:29:31 -03:00
f	cac5c8d694	feat: upgrade to forgejo 10.0.1	2025-02-13 12:29:09 -03:00
knoflook	cf2298162d	chore: publish 3.3.0+1.23.1-rootless release Some checks failed continuous-integration/drone/tag Build is failing Details continuous-integration/drone/push Build is passing Details	2025-02-12 14:35:34 +01:00
knoflook	0bbac9ed9c	feat: refresh token validity	2025-02-12 14:34:11 +01:00
f	8ffd4d33be	chore: publish 3.2.0+1.23.1-rootless release Some checks failed continuous-integration/drone/tag Build is failing Details continuous-integration/drone/push Build is passing Details	2025-01-21 10:23:43 -03:00
f	7364f0b87c	feat: update forgejo to version 10.0.0	2025-01-21 10:23:08 -03:00
Javielico	1619c333c3	chore: publish 3.1.1+1.23.1-rootless release Some checks failed continuous-integration/drone/tag Build is failing Details continuous-integration/drone/push Build is failing Details	2025-01-18 15:14:06 +00:00
Javielico	6d681457f8	chore: publish 3.1.0+1.23.0-rootless release Some checks failed continuous-integration/drone/tag Build is failing Details continuous-integration/drone/push Build is passing Details	2025-01-18 15:13:22 +00:00
3wc	b2087cf373	chore: publish 3.0.3+1.22.6-rootless release Some checks failed continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is failing Details	2025-01-15 12:09:07 -05:00
3wc	1418946974	Whoops, typo 😳 All checks were successful continuous-integration/drone/push Build is passing Details	2025-01-14 17:37:38 -05:00