Migrate Forgejo from Homebrew to source build #316

Merged

eblume merged 3 commits from build-forgejo-from-source into main

2026-03-28 08:19:24 -07:00

eblume commented

2026-03-28 07:54:15 -07:00

Owner

Summary

Migrate Forgejo from Homebrew to source-built binary with mcquack LaunchAgent
Matches the established pattern used by zot, caddy, and alloy
Upgrades to v14.0.3 (7 security fixes: PKCE bypass, OAuth scope bypass, open redirect, and more)

Changes

Ansible role: Replace brew install/services with binary stat check + LaunchAgent
Paths: /opt/homebrew/var/forgejo → ~/forgejo, binary at ~/code/3rd/forgejo/forgejo
Run user: forgejo → erichblume (LaunchAgent user; SSH git user stays forgejo)
Docs: Updated Forgejo reference card, restart-indri guide
Service review: Stamped frigate-notify, cloudnative-pg, blumeops-pg as current

One-time migration steps (manual, on indri)

Clone from Codeberg, add forge mirror remote
Check out v14.0.3, build with make build && make forgejo
Stop brew, cp -a data to ~/forgejo, fix ownership
Run provision-indri --tags forgejo
Verify, then brew uninstall forgejo

Data safety

cp -a preserves everything (repos, SQLite DB, LFS, sessions, OAuth config)
Brew version stays installed as rollback until verification passes
No schema changes between 14.0.2 → 14.0.3

## Summary - Migrate Forgejo from Homebrew to source-built binary with mcquack LaunchAgent - Matches the established pattern used by zot, caddy, and alloy - Upgrades to v14.0.3 (7 security fixes: PKCE bypass, OAuth scope bypass, open redirect, and more) ## Changes - **Ansible role**: Replace brew install/services with binary stat check + LaunchAgent - **Paths**: `/opt/homebrew/var/forgejo` → `~/forgejo`, binary at `~/code/3rd/forgejo/forgejo` - **Run user**: `forgejo` → `erichblume` (LaunchAgent user; SSH git user stays `forgejo`) - **Docs**: Updated Forgejo reference card, restart-indri guide - **Service review**: Stamped frigate-notify, cloudnative-pg, blumeops-pg as current ## One-time migration steps (manual, on indri) 1. Clone from Codeberg, add forge mirror remote 2. Check out v14.0.3, build with `make build && make forgejo` 3. Stop brew, `cp -a` data to `~/forgejo`, fix ownership 4. Run `provision-indri --tags forgejo` 5. Verify, then `brew uninstall forgejo` ## Data safety - `cp -a` preserves everything (repos, SQLite DB, LFS, sessions, OAuth config) - Brew version stays installed as rollback until verification passes - No schema changes between 14.0.2 → 14.0.3

eblume added 2 commits

2026-03-28 07:54:16 -07:00

Update docs for Forgejo source build migration 4489fe4492

Update Forgejo reference card with source-build details (binary path,
data location, LaunchAgent, build instructions). Update restart-indri
to replace brew services commands with launchctl for Forgejo.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Migrate Forgejo Ansible role from Homebrew to source build 521cec5fde

Replace brew install/services with source-built binary + mcquack
LaunchAgent, matching the zot/caddy/alloy pattern. Key changes:

- defaults: new paths (~/forgejo, ~/code/3rd/forgejo), run_user → erichblume
- tasks: binary stat check instead of brew install, LaunchAgent deployment
- handlers: launchctl unload/load instead of brew services restart
- new forgejo.plist.j2 LaunchAgent template

Also stamps frigate-notify, cloudnative-pg, blumeops-pg as reviewed
(all up to date) and updates forgejo tracking to v14.0.3.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

eblume added 1 commit

2026-03-28 08:16:38 -07:00

Fix build instructions: never use make forgejo directly de8a08ca2d

make forgejo rebuilds with empty TAGS, stripping SQLite support.
Updated docs and role to use mise run build instead, which wraps
make build with the correct tags and creates the hardlink.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>