forgejo/docs
32
45
Fork
You've already forked docs
203

docs: detailed documentation on options for securing a Forgejo Runner installation #1429

Merged
Gusted merged 5 commits from mfenniak/forgejo-docs:forgejo-runner-security into next 2025年09月10日 17:37:23 +02:00

Adds a new "Securing Forgejo Actions Deployments" document to the "Forgejo Actions administrator guide". This document attempts to paint a picture of the software configuration and system configuration options that will contribute to managing the risk in a Forgejo Actions deployment.

This PR builds upon the documentation in #1421; only the "docs: detailed documentation on securing a Forgejo Runner installation" commit is an addition relative to that PR at this time.

Adds a new "Securing Forgejo Actions Deployments" document to the "Forgejo Actions administrator guide". This document attempts to paint a picture of the software configuration and system configuration options that will contribute to managing the risk in a Forgejo Actions deployment. This PR builds upon the documentation in #1421; only the "docs: detailed documentation on securing a Forgejo Runner installation" commit is an addition relative to that PR at this time.
docs: describe common configurations for Actions to interact w/ docker
All checks were successful
pr / preview (pull_request_target) Successful in 1m27s
3558c0d008
revise per sclu1034's review
All checks were successful
pr / preview (pull_request_target) Successful in 1m28s
cf35c24119
mfenniak force-pushed forgejo-runner-security from b87856c1c4
Some checks failed
pr / preview (pull_request_target) Failing after 24s
to edb6db956d
Some checks failed
pr / preview (pull_request_target) Failing after 23s
2025年09月04日 04:47:07 +02:00 Compare
Author
Member
Copy link

For transparency, in the context of recent AI contributor discussions: this document is authored entirely by me. I have used Claude's LLM aid in proof-read for spelling, grammar, and as a cursory fact-check.

For transparency, in the context of recent AI contributor discussions: this document is authored entirely by me. I have used Claude's LLM aid in proof-read for spelling, grammar, and as a cursory fact-check.
mfenniak force-pushed forgejo-runner-security from edb6db956d
Some checks failed
pr / preview (pull_request_target) Failing after 23s
to 2780bbb8e5
Some checks failed
pr / preview (pull_request_target) Failing after 28s
2025年09月04日 04:49:08 +02:00 Compare
mfenniak force-pushed forgejo-runner-security from 2780bbb8e5
Some checks failed
pr / preview (pull_request_target) Failing after 28s
to c2ac9722a1
All checks were successful
pr / preview (pull_request_target) Successful in 1m33s
2025年09月04日 04:51:52 +02:00 Compare
Contributor
Copy link

re-ran the CI and it passes cli-docs, it was a temporary failure

re-ran the CI and it passes cli-docs, it was a temporary failure
Collaborator
Copy link

Preview ready: https://forgejo.codeberg.page/@docs_pull_1429/
https://forgejo.codeberg.page/@docs_pull_1429/docs/next/admin/actions/docker-access/
https://forgejo.codeberg.page/@docs_pull_1429/docs/next/admin/actions/security/

Preview ready: https://forgejo.codeberg.page/@docs_pull_1429/ https://forgejo.codeberg.page/@docs_pull_1429/docs/next/admin/actions/docker-access/ https://forgejo.codeberg.page/@docs_pull_1429/docs/next/admin/actions/security/
mfenniak force-pushed forgejo-runner-security from c2ac9722a1
All checks were successful
pr / preview (pull_request_target) Successful in 1m33s
to 02801d9248
All checks were successful
pr / preview (pull_request_target) Successful in 1m27s
2025年09月04日 18:49:34 +02:00 Compare
earl-warren requested changes 2025年09月04日 22:44:14 +02:00
Dismissed
earl-warren left a comment
Contributor
Copy link

I only have a handful of small suggestions. This is a very good guide, impressive.

I only have a handful of small suggestions. This is a very good guide, impressive.
@ -0,0 +23,4 @@
- [`repository.MAX_CREATION_LIMIT`](../../config-cheat-sheet/#repository-repository) can be set to `0` in order to prevent users from creating unexpected repositories on the instance. Mallory won't be able to create new empty repositories from which they may be able to run malicious workflow actions. Forgejo administrators can override this value temporarily when new authorized repositories are created, allowing the system to be usable despite this configuration.
- [`repository.ALLOW_FORK_WITHOUT_MAXIMUM_LIMIT`](../../config-cheat-sheet/#repository-repository) can be set to `false`, which will prevent users from forking existing repositories. Mallory won't be able to fork existing repositories, preventing them from creating pull requests that can trigger workflow runs.
Each of these configuration options changes both a security and functional aspect of Forgejo, with different configurations will be applicable for different use-cases.
Contributor
Copy link

I'm not sure what this sentence means. It feels like something was lost, maybe around "with different configurations will be applicable for different use-cases."

I'm not sure what this sentence means. It feels like something was lost, maybe around "with different configurations will be applicable for different use-cases."
Author
Member
Copy link

Changed in 97f3cc2f39393c7970a55d9de39e83b36f0edb6f to:

There is no ideal configuration for these values, as changing them affects Forgejo access and security, but limits functionality.

What I originally wanted to do here is document common configurations that people might use, such as:

  • I'm self-hosting Forgejo but just for myself and no collaborators
  • I'm self-hosting Forgejo but just for my project and I want collaborators, but I don't want random other repos
  • ... but just for my organization/company ...
  • ... as a public service ...
    But I think some of this is self-evident given the call out of these parameters, and I think it also feels like it's a stretch to be in the Forgejo Runner docs. So anyway, that's where that original sentence was going and never got to. Maybe it can be dropped, or maybe the new version is useful. :-)
Changed in 97f3cc2f39393c7970a55d9de39e83b36f0edb6f to: > There is no ideal configuration for these values, as changing them affects Forgejo access and security, but limits functionality. What I originally wanted to do here is document common configurations that people might use, such as: - I'm self-hosting Forgejo but just for myself and no collaborators - I'm self-hosting Forgejo but just for my *project* and I want collaborators, but I don't want random other repos - ... but just for my organization/company ... - ... as a public service ... But I think some of this is self-evident given the call out of these parameters, and I think it also feels like it's a stretch to be in the Forgejo Runner docs. So anyway, that's where that original sentence was going and never got to. Maybe it can be dropped, or maybe the new version is useful. :-)
Contributor
Copy link

This is good now.

This is good now.
earl-warren marked this conversation as resolved
@ -0,0 +35,4 @@
- **Repository** - A runner registered with a repository will only run actions defined in that repository.
- **Organization** & **User** - A runner registered with an organization or user will only run actions defined in a repository owned by that organization or user.
- **Site administration** - A runner registered in the site administration can run a job in any repository.
Contributor
Copy link

Global is what I would expect although I get what you mean.

**Global** is what I would expect although I get what you mean.
Author
Member
Copy link

I like Global. 97f3cc2f39393c7970a55d9de39e83b36f0edb6f

I like Global. 97f3cc2f39393c7970a55d9de39e83b36f0edb6f
@ -0,0 +43,4 @@
If Mallory has write access to the repository, they can run arbitrary workflows. Branch protection rules may appear to be a line of defense (for example: workflows are defined in `main` and Mallory can only create branches & PRs, not modify `main`), but Mallory has workarounds for this. They can create a new branch with a `on: push` configuration and configure the workflow to run when modifications are made to their branch.
If Mallory does not have direct write access, but can fork the repository and create pull requests, then their first pull request to the repository will require review from a contributor and approval before workflows can execute. After that, any future pull request that Mallory makes will have the workflow executed, including any modifications made in the fork. This can include the creation of a new workflow that has the `on: pull_request` target, allowing them to introduce workflows that never existed before. The `on: pull_request` target workflows that would be executed in this model do have elevated security relative to other workflows -- they have no access to the secrets in the repository.
Contributor
Copy link

The on: pull_request target workflows

you meant

The on: pull_request_target workflows

i think

> The `on: pull_request` target workflows you meant > The `on: pull_request_target` workflows i think
Author
Member
Copy link

This section was intended to be on: pull_request, not target, but the use of the word target was definitely incorrect. I meant the workflow event. Clarified in 97f3cc2f39393c7970a55d9de39e83b36f0edb6f.

This section was intended to be `on: pull_request`, not target, but the use of the word target was definitely incorrect. I meant the workflow event. Clarified in 97f3cc2f39393c7970a55d9de39e83b36f0edb6f.
earl-warren marked this conversation as resolved
@ -0,0 +77,4 @@
An administrator can change `container.network` from the default value of `""` to `"host"`, `"bridge"`, or a custom network name. The default value `""` causes a new isolated network to be created for each new job, and service/step containers are created on the same network to facilitate communication between them.
Changing the network mode to `"host"` will remove restrictions to allow all containers to communicate freely with each other and the host, without any job isolation. This can risk the confidentiality of other services on the host; for example, if a web server is running on `localhost:3000` that would normally be protected by access controls imposed by a reverse proxy like nginx, Mallory will be able to run job containers that can access this web server directly bypassing those controls. This can risk the availability of workflow jobs as well, by sharing the same network stack; if Mallory starts a workflow which starts a database server that listens to port `5432` which is already in-use in the host, it would probably fail to start due to a network port conflict, but they may be able to claim the port during database server maintenance and affect the availability of the other service.
Contributor
Copy link

This can risk the confidentiality of other services

I thought it should be

This can be a risk for the confidentiality of other services

or something similar. But then realized it is my non native English speaker ignorance.

> This can risk the confidentiality of other services I thought it should be > This can be a risk for the confidentiality of other services or something similar. But then realized it is my non native English speaker ignorance.
Author
Member
Copy link

I've tweaked to refer to the confidentiality of the data hosted by the service, as you're right to point out it felt like a mismatch of some kind. 97f3cc2f39393c7970a55d9de39e83b36f0edb6f

I've tweaked to refer to the confidentiality of the data hosted by the service, as you're right to point out it felt like a mismatch of some kind. 97f3cc2f39393c7970a55d9de39e83b36f0edb6f
earl-warren marked this conversation as resolved
@ -0,0 +109,4 @@
## Execution on Host (self)
When using the `self` label to allow jobs to run without containers, step commands are executed as the same user as the Forgejo Runner is executed as, and in the same host without any isolation.
Contributor
Copy link

I am not aware of self. Did you mean host?

I am not aware of `self`. Did you mean `host`?
Author
Member
Copy link

Ah, yup. Confusion here over the label name and label value. I was fairly sure I checked this twice and yet it was not correct. Fixed in 06f3433dbc94f069ec4424f24b863d1f34236610.

Ah, yup. Confusion here over the label name and label value. I was fairly sure I checked this twice and yet it was not correct. Fixed in 06f3433dbc94f069ec4424f24b863d1f34236610.
@ -0,0 +125,4 @@
Regardless of all the configuration options we've reviewed so far, as long as Mallory is able to execute arbitrary workflows that they author, you're exposing local network resources to interaction from Mallory's changes. For example, if your Forgejo Runner instance is colocated on the same network as end-user laptops and desktops, Mallory could enumerate local network resources through subnet scanning and attempt to attack those machines over the network.
If desired, preventing this type of attack will require isolating the subnet that the Forgejo Runner machine is hosted upon, and then limiting cross-subnet access at a firewall. If the Forgejo Runner is hosted on a virtual machine, tagged VLANs can be enforced at the VM level in order to perform this configuration without requiring physical network changes. The specifics of these configurations are out-of-scope for this document as they depend on the wild variety of network configurations and equipment in the wild.
Contributor
Copy link

s/on the wild variety /on the wide variety /

s/on the wild variety /on the wide variety /
Author
Member
Copy link

Corrected in 97f3cc2f39393c7970a55d9de39e83b36f0edb6f.

Corrected in 97f3cc2f39393c7970a55d9de39e83b36f0edb6f.
earl-warren marked this conversation as resolved
Author
Member
Copy link

@earl-warren Thanks for the review! 👍

@earl-warren Thanks for the review! 👍
@ -0,0 +41,4 @@
As an administrator of Forgejo Runner, if you wish to ensure that a malicious user like Mallory can never run unauthorized workflows, some of the responsibility will fall onto administrators of the Forgejo instance and the repository administrators. That might also be you, or it might include other colleagues and collaborators. Let's assume that a Forgejo Runner is configured on a specific repository, the tightest registration described in [Runner Registration](#runner-registration), and explore what we'd need to know to avoid Mallory running an unauthorized workflow.
If Mallory has write access to the repository, they can run arbitrary workflows. Branch protection rules may appear to be a line of defense (for example: workflows are defined in `main` and Mallory can only create branches & PRs, not modify `main`), but Mallory has workarounds for this. They can create a new branch with a `on: push` configuration and configure the workflow to run when modifications are made to their branch.
Member
Copy link

They can create a new branch with a on: push configuration and configure the workflow to run when modifications are made to their branch

Can be confusing, since the on: push isn't a configuration "on the branch" per se, just something that references the branch.

Maybe this instead:

They can create a new branch that isn't covered by branch protection, and a workflow with a matching on: push

Depending on how comprehensive you want to be, you could also mention that one can create a branch protection rule to restrict/disable pushes to all branches. PRs would be required to come from a fork, then.

> They can create a new branch with a `on: push` configuration and configure the workflow to run when modifications are made to their branch Can be confusing, since the `on: push` isn't a configuration "on the branch" per se, just something that references the branch. Maybe this instead: > They can create a new branch that isn't covered by branch protection, and a workflow with a matching `on: push` Depending on how comprehensive you want to be, you could also mention that one can create a branch protection rule to restrict/disable pushes to all branches. PRs would be required to come from a fork, then.
Author
Member
Copy link

re: on: push, updates in a26ca16ad50a1005b7fa6376c390e467173aa187.

re: creating branch protection rule to disable pushes... hm... trying to square that with why they would have write access to the repo. I guess the thought is that they'd write access to the repo for PR merges but can't create other branches? And if there were review requirements on the PR, then they also couldn't just merge their own PRs to bypass the restrictions. Sure... it feels hard to describe this in this document flow, and it kinda just boils down to the next paragraph about "does not have direct write access". I'm thinking it'd be confusing to describe here.

re: `on: push`, updates in a26ca16ad50a1005b7fa6376c390e467173aa187. re: creating branch protection rule to disable pushes... hm... trying to square that with why they would have write access to the repo. I guess the thought is that they'd write access to the repo for PR merges but can't create other branches? And if there were review requirements on the PR, then they also couldn't just merge their own PRs to bypass the restrictions. Sure... it feels hard to describe this in this document flow, and it kinda just boils down to the next paragraph about "does not have direct write access". I'm thinking it'd be confusing to describe here.
Member
Copy link

re: creating branch protection rule to disable pushes... hm... trying to square that with why they would have write access to the repo. I guess the thought is that they'd write access to the repo for PR merges but can't create other branches?

Yes. "write access" is often equated to just have rights to merge PRs, and having to create PRs from forks themselves if they want to add code.

Maybe this, then?

-If Mallory has write access to the repository, they can run arbitrary workflows.
+If Mallory can push directly to the repository, they can run arbitrary workflows
> re: creating branch protection rule to disable pushes... hm... trying to square that with why they would have write access to the repo. I guess the thought is that they'd write access to the repo for PR merges but can't create other branches? Yes. "write access" is often equated to just have rights to merge PRs, and having to create PRs from forks themselves if they want to add code. Maybe this, then? ```diff -If Mallory has write access to the repository, they can run arbitrary workflows. +If Mallory can push directly to the repository, they can run arbitrary workflows ```
Author
Member
Copy link

Revised in 210857d4dd5236b071d6c46416ece2af31c4dc78.

Revised in 210857d4dd5236b071d6c46416ece2af31c4dc78.
sclu1034 marked this conversation as resolved
@ -0,0 +43,4 @@
If Mallory has write access to the repository, they can run arbitrary workflows. Branch protection rules may appear to be a line of defense (for example: workflows are defined in `main` and Mallory can only create branches & PRs, not modify `main`), but Mallory has workarounds for this. They can create a new branch with a `on: push` configuration and configure the workflow to run when modifications are made to their branch.
If Mallory does not have direct write access, but can fork the repository and create pull requests, then their first pull request to the repository will require review from a contributor and approval before workflows can execute. After that, any future pull request that Mallory makes will have the workflow executed, including any modifications made in the fork. This can include the creation of a new workflow that has the `on: pull_request` event, allowing them to introduce workflows that never existed before. The `on: pull_request` workflows that would be executed in this model do have elevated security relative to other workflows -- they have no access to the secrets in the repository.
Member
Copy link

The on: pull_request workflows [...] do have elevated security
they have no access to the secrets in the repository

Those two are contradicting each other.

> The `on: pull_request` workflows [...] do have elevated security > they have no access to the secrets in the repository Those two are contradicting each other.
Author
Member
Copy link

Clarified to additional restrictions. a26ca16ad50a1005b7fa6376c390e467173aa187

Clarified to `additional restrictions`. a26ca16ad50a1005b7fa6376c390e467173aa187
sclu1034 marked this conversation as resolved
@ -0,0 +45,4 @@
If Mallory does not have direct write access, but can fork the repository and create pull requests, then their first pull request to the repository will require review from a contributor and approval before workflows can execute. After that, any future pull request that Mallory makes will have the workflow executed, including any modifications made in the fork. This can include the creation of a new workflow that has the `on: pull_request` event, allowing them to introduce workflows that never existed before. The `on: pull_request` workflows that would be executed in this model do have elevated security relative to other workflows -- they have no access to the secrets in the repository.
If the repository has an `on: pull_request_target` workflow defined in it, then Mallory cannot modify the code that is executed in that workflow unless their pull requests are merged -- the workflow runs with the content of the target branch of the PR, rather than with the content of the branch. However, these workflows do have access to secrets, and can sometimes make mistakes in interacting with the code in the pull request in a dangerous manner. `on: pull_request_target` workflows require careful engineering and review to ensure that they do not interact with other code in the repository to introduce new security risks -- these considerations are described in [`on.pull_request_target`](../../../user/actions/reference/#onpull_request_target).
Member
Copy link
-rather than with the content of the branch
+rather than with the content of the pull request

"branch" by itself is ambiguous, and even with "source branch", people are sometimes confused what the source or target is.
"content of the pull request" should make this easier for those.

It might make sense to mention actions/checkout checking out the target instead of the source for this event type, and that even if one does check out the source, they should take care not to run scripts/code that could have been modified by the PR.

```diff -rather than with the content of the branch +rather than with the content of the pull request ``` "branch" by itself is ambiguous, and even with "source branch", people are sometimes confused what the source or target is. "content of the pull request" should make this easier for those. --- It might make sense to mention `actions/checkout` checking out the target instead of the source for this event type, and that even if one does check out the source, they should take care not to run scripts/code that could have been modified by the PR.
Author
Member
Copy link

re: branch -> pull request -- revised in a26ca16ad50a1005b7fa6376c390e467173aa187.

re: actions/checkout and other care -- that is described in detail in the referenced link for on.pull_request_target, so I'd prefer to not repeat them here.

re: branch -> pull request -- revised in a26ca16ad50a1005b7fa6376c390e467173aa187. re: `actions/checkout` and other care -- that is described in detail in the referenced link for `on.pull_request_target`, so I'd prefer to not repeat them here.
sclu1034 marked this conversation as resolved
@ -0,0 +77,4 @@
An administrator can change `container.network` from the default value of `""` to `"host"`, `"bridge"`, or a custom network name. The default value `""` causes a new isolated network to be created for each new job, and service/step containers are created on the same network to facilitate communication between them.
Changing the network mode to `"host"` will remove restrictions to allow all containers to communicate freely with each other and the host, without any job isolation. This can be a risk to the confidentiality of data hosted by other services on the host; for example, if a web server is running on `localhost:3000` that would normally be protected by access controls imposed by a reverse proxy like nginx, Mallory will be able to run job containers that can access this web server directly bypassing those controls. This can risk the availability of workflow jobs as well, by sharing the same network stack; if Mallory starts a workflow which starts a database server that listens to port `5432` which is already in-use in the host, it would probably fail to start due to a network port conflict, but they may be able to claim the port during database server maintenance and affect the availability of the other service.
Member
Copy link

A container can always communicate with the host (unless it doesn't have an IP at all). You'd need to figure out the host's IP, but that's not particularly hard in most cases.

If "a server on localhost:3000" does happen to mean a socket of (127.0.0.1, 3000), then the container can indeed not access that unless network mode is host. But listening on 0.0.0.0 is relatively common, and any container on the same host, regardless of its network mode, can access that by default.

A container can always communicate with the host (unless it doesn't have an IP at all). You'd need to figure out the host's IP, but that's not particularly hard in most cases. If "a server on `localhost:3000`" does happen to mean a socket of `(127.0.0.1, 3000)`, then the container can indeed not access that unless network mode is `host`. But listening on `0.0.0.0` is relatively common, and any container on the same host, regardless of its network mode, can access that by default.
Author
Member
Copy link

localhost:3000 did mean 127.0.0.1 binding to me, but I'll be specific. Revised in a26ca16ad50a1005b7fa6376c390e467173aa187.

`localhost:3000` did mean `127.0.0.1` binding to me, but I'll be specific. Revised in a26ca16ad50a1005b7fa6376c390e467173aa187.
sclu1034 marked this conversation as resolved
@ -0,0 +79,4 @@
Changing the network mode to `"host"` will remove restrictions to allow all containers to communicate freely with each other and the host, without any job isolation. This can be a risk to the confidentiality of data hosted by other services on the host; for example, if a web server is running on `localhost:3000` that would normally be protected by access controls imposed by a reverse proxy like nginx, Mallory will be able to run job containers that can access this web server directly bypassing those controls. This can risk the availability of workflow jobs as well, by sharing the same network stack; if Mallory starts a workflow which starts a database server that listens to port `5432` which is already in-use in the host, it would probably fail to start due to a network port conflict, but they may be able to claim the port during database server maintenance and affect the availability of the other service.
Changing the network mode to `"bridge"` will allow unrestricted network access, but scoped only to other docker containers running on the same docker daemon. This is more restricted than `"host"`, but allows similar risks if there are confidential services running in docker that are outside the job container.
Member
Copy link

but scoped only to other docker containers running on the same docker daemon

Only to other containers that are also on the default bridge. Containers that are connected to user-defined bridges (i.e. custom networks) cannot be accessed from the default bridge.

> but scoped only to other docker containers running on the same docker daemon Only to other containers that are also on the default `bridge`. Containers that are connected to user-defined bridges (i.e. custom networks) cannot be accessed from the default `bridge`.
Author
Member
Copy link

Revised in a26ca16ad50a1005b7fa6376c390e467173aa187.

Revised in a26ca16ad50a1005b7fa6376c390e467173aa187.
sclu1034 marked this conversation as resolved
mfenniak force-pushed forgejo-runner-security from 06f3433dbc
All checks were successful
pr / preview (pull_request_target) Successful in 1m28s
backport / backporting (pull_request_target) Has been skipped
to a26ca16ad5
All checks were successful
pr / preview (pull_request_target) Successful in 1m28s
2025年09月05日 22:15:07 +02:00 Compare
Author
Member
Copy link

@sclu1034 Revision pass complete, thank you.

@sclu1034 Revision pass complete, thank you.
Contributor
Copy link

@sclu1034 although you did not "Request for change", I'll wait on your approval before merging.

@sclu1034 although you did not "Request for change", I'll wait on your approval before merging.
mfenniak force-pushed forgejo-runner-security from a26ca16ad5
All checks were successful
pr / preview (pull_request_target) Successful in 1m28s
to 210857d4dd
All checks were successful
pr / preview (pull_request_target) Successful in 2m21s
2025年09月09日 17:33:05 +02:00 Compare
Contributor
Copy link

Please let me know when the conflict is resolved. I don't think there is a notification for that.

Please let me know when the conflict is resolved. I don't think there is a notification for that.
mfenniak force-pushed forgejo-runner-security from 210857d4dd
All checks were successful
pr / preview (pull_request_target) Successful in 2m21s
to 0d1f0b74c3
All checks were successful
pr / preview (pull_request_target) Successful in 1m33s
backport / backporting (pull_request_target) Successful in 6s
2025年09月10日 16:50:15 +02:00 Compare
Author
Member
Copy link

Conflicts resolved, ready for merge.

Conflicts resolved, ready for merge.
Sign in to join this conversation.
No reviewers
Labels
Clear labels
404

Broken links or missing content
backport/v1.19

Changes which should be backported to the v1.19 docs

Archived

backport/v1.20

Changes which should be backported to the v1.20 docs

Archived

backport/v1.21

Changes which should be backported to the v1.21 docs

Archived

backport/v10.0

Automated backport to v10.0

Archived

backport/v11.0

Automated backport to v11.0
backport/v12.0

Automated backport to v12.0

Archived

backport/v13.0

Automated backport to v13.0
backport/v14.0

Automated backport to v14.0
backport/v7.0

Automated backport to the v7.0 docs

Archived

backport/v8.0

Automated backport to the v8.0 docs

Archived

backport/v9.0

Automated backport to the v9.0 docs

Archived

good first issue

This issue is suitable for "drive-by contributors" wanting to contribute for the first time, and fixing it should be straightforward.
meta

Tooling and processes for maintaining the docs
new docs

Content to be added to the documentation

Archived

User research - Accessibility

Requires input about accessibility features, likely involves user testing.
User research - Blocked

Do not pick as-is! We are happy if you can help, but please coordinate with ongoing redesign in this area.
User research - Community

Community features, such as discovering other people's work or otherwise feeling welcome on a Forgejo instance.
User research - Config (instance)

Instance-wide configuration, authentication and other admin-only needs.
User research - Errors

How to deal with errors in the application and write helpful error messages.
User research - Filters

How filter and search is being worked with.
User research - Future backlog

The issue might be inspiring for future design work.
User research - Git workflow

AGit, fork-based and new Git workflow, PR creation etc
User research - Labels

Active research about Labels
User research - Moderation

Moderation Featuers for Admins are undergoing active User Research
User research - Needs input

Use this label to let the User Research team know their input is requested.
User research - Notifications/Dashboard

Research on how users should know what to do next.
User research - Rendering

Text rendering, markup languages etc
User research - Repo creation

Active research about the New Repo dialog.
User research - Repo units

The repo sections, disabling them and the "Add more" button.
User research - Security
User research - Settings (in-app)

How to structure in-app settings in the future?
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
4 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo/docs!1429
Reference in a new issue
forgejo/docs
No description provided.
Delete branch "mfenniak/forgejo-docs:forgejo-runner-security"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?