๐ Forgejo#
networks:
forgejo:
external: false
services:
server:
image: codeberg.org/forgejo/forgejo:13
container_name: forgejo
environment:
- USER_UID=1000
- USER_GID=1000
- FORGEJO__database__DB_TYPE=postgres
- FORGEJO__database__HOST=db:5432
- FORGEJO__database__NAME=forgejo
- FORGEJO__database__USER=forgejo
- FORGEJO__database__PASSWD=forgejo
restart: always
networks:
- forgejo
volumes:
- ./forgejo:/data
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "222:22"
depends_on:
- db
db:
image: postgres:16
restart: always
environment:
- POSTGRES_USER=forgejo
- POSTGRES_PASSWORD=forgejo
- POSTGRES_DB=forgejo
networks:
- forgejo
volumes:
- ./postgres:/var/lib/postgresql/data
Tip
Generate self-signed certificate For testing purposesโฆ
แ
openssl req -x509 -nodes -newkey rsa:4096 -keyout forgejo.key \
-out forgejo.pem -subj="/CN=gforge" -addext "subjectAltName = DNS:forgejo, IP:82.64.232.18"
# copy self-signed cert
แ
cp forgejo.pem forgejo.key forgejo/gitea/conf
# or le cert
แ
sudo cp /etc/letsencrypt/live/forge.guisam.fr/{fullchain,privkey}.pem forgejo/gitea/conf
Tip
See #cerbot-dns-ovh to generate certificate.
Update configuration variables with certificate/key and domain
แ
grep -ni "domain\|protocol\|root_url\|_file" forgejo/gitea/conf/app.ini
18:DOMAIN = forge.guisam.fr
19:SSH_DOMAIN = forge
21:ROOT_URL = https://forge.guisam.fr:3000/
28:PROTOCOL = https
29:CERT_FILE = /data/gitea/conf/fullchain.pem
30:KEY_FILE = /data/gitea/conf/privkey.pem
แ
dig forge +noall +answer
forge. 0 IN A 192.168.94.62
แ
dig forge.guisam.fr +noall +answer
forge.guisam.fr. 982 IN A 82.64.232.18
Customize the homepage:
แ
mkdir forgejo/gitea/templates
แ
cat <<EOF > forgejo/gitea/templates/home.tmpl
{{template "base/head" .}}
<div role="main" aria-label="{{if .IsSigned}}{{ctx.Locale.Tr "dashboard"}}{{else}}{{ctx.Locale.Tr "home"}}{{end}}" class="page-content home">
<div class="tw-mb-8 tw-px-8">
<div class="center">
<img class="logo" width="220" height="220" src="{{AssetUrlPrefix}}/img/logo.svg" alt="{{ctx.Locale.Tr "logo"}}">
<div class="hero">
<h1 class="ui icon header title">
{{AppDisplayName}}
</h1>
<h2> ๐ ๐ค ๐ค </h2>
</div>
</div>
</div>
</div>
EOF
แ
dck restart server
Forgejo Actions Workflows โ Detailed Overview#
Forgejo Actions enable automated CI/CD pipelines using YAML-defined workflows in .forgejo/workflows/. These workflows respond to repository events and execute jobs on available runners.
Workflow Triggers and Structure#
Workflows are defined in .yaml files and activated by events like:
push: On code pushes to specific branches or tags (e.g.,tags: - 'v*.*.*').pull_request: On pull request creation or updates.workflow_dispatch: Manual trigger via UI or API.
Example:
on:
push:
tags:
- 'v*.*.*'
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: echo "Building version ${{ github.ref_name }}"
Job Execution and Environment#
Jobs run on runners labeled via runs-on (e.g., ubuntu-latest, docker). You can:
Use containers: Define a
container.image(e.g.,node:24.4) for isolated execution.Access context variables:
${{ forgejo.ref_name }}: Branch or tag name.${{ forgejo.sha }}: Commit hash.${{ secrets.API_KEY }}: Encrypted secrets stored in repository settings.
Real-World Use Cases#
Build and Push Docker Images Triggered on tag creation, builds an image and pushes to a private registry using
docker/build-push-action.Test and Deploy to Staging On
pushtodevelopment, runs tests and deploys to a test server via SSH.Artifact Upload Save build outputs using
actions/upload-artifact@v3for later use.
Secrets and Security#
Store sensitive data (passwords, tokens) as secrets in repository or instance settings.
Use
${{ secrets.VAR_NAME }}in workflows.Avoid exposing secrets in logs; use non-root users inside containers when possible.
Runner Setup#
Runners can be self-hosted or managed at the instance level.
Register via Settings > Actions > Runners using a token.
Ensure runner labels match
runs-onin workflows.