forgejo/forgejo
forgejo/forgejo
109
3.8k
Fork 659
Code Issues 1.2k Pull requests 160 Releases 95 Packages 1 Activity Actions 24

build: move backend-checks CI checks to Makefile: make pr-go #11053

Merged
Gusted merged 1 commit from slink/forgejo:make-pr-go into forgejo 2026-02-17 02:41:43 +01:00
Conversation 19 Commits 1 Files changed 4 +38 -3
slink commented 2026-01-26 13:48:26 +01:00
Contributor
Copy link

This is to have a simple and consistent make target for developers to locally run the checks which the CI will also run. The goal is to avoid wasting review cycles on CI failures.

To have a single source of truth, the CI is adjusted to call the same make target. Additional checks should no longer be added to the CI workflow, but rather to the makefile.

The pull request template is adjusted to remind of running this make target.

CI output is improved by using a simple bash script which uses sed to add ##[group] tags to "make --debug=b" output and filter out messages which usually do not contribute to understanding. While this approach has limits and depends on the specific debug output format of GNU make, it avoids adjusting the makefile itself for additional CI beautification, contributing to maintainability.

  • no tests needed (this is purely a build change)
  • docs: hint added to PR template
  • no release notes nedded
This is to have a simple and consistent make target for developers to locally run the checks which the CI will also run. The goal is to avoid wasting review cycles on CI failures. To have a single source of truth, the CI is adjusted to call the same make target. Additional checks should no longer be added to the CI workflow, but rather to the makefile. The pull request template is adjusted to remind of running this make target. CI output is improved by using a simple bash script which uses sed to add `##[group]` tags to "make --debug=b" output and filter out messages which usually do not contribute to understanding. While this approach has limits and depends on the specific debug output format of GNU make, it avoids adjusting the makefile itself for additional CI beautification, contributing to maintainability. - no tests needed (this is purely a build change) - docs: hint added to PR template - no release notes nedded
Gusted reviewed 2026-01-26 13:54:12 +01:00
Gusted left a comment
Owner
Copy link

Otherwise sounds like a nice improvement. Maybe also should be mentioned on https://forgejo.org/docs/latest/contributor/testing/?

Otherwise sounds like a nice improvement. Maybe also should be mentioned on https://forgejo.org/docs/latest/contributor/testing/?
.forgejo/pull_request_template.md Outdated
@ -13,3 +13,3 @@
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
### Tests for GO changes
Gusted commented 2026-01-26 13:53:03 +01:00
Owner
Copy link

S/GO/Go

S/GO/Go
👍 1
Gusted marked this conversation as resolved
slink force-pushed make-pr-go from 63b685a960
Some checks are pending
requirements / merge-conditions (pull_request) Waiting to run
Details
testing / backend-checks (pull_request) Waiting to run
Details
testing / frontend-checks (pull_request) Waiting to run
Details
testing / test-unit (pull_request) Blocked by required conditions
Details
testing / test-e2e (pull_request) Blocked by required conditions
Details
testing / test-remote-cacher (redis) (pull_request) Blocked by required conditions
Details
testing / test-remote-cacher (valkey) (pull_request) Blocked by required conditions
Details
testing / test-remote-cacher (garnet) (pull_request) Blocked by required conditions
Details
testing / test-remote-cacher (redict) (pull_request) Blocked by required conditions
Details
testing / test-mysql (pull_request) Blocked by required conditions
Details
testing / test-pgsql (pull_request) Blocked by required conditions
Details
testing / test-sqlite (pull_request) Blocked by required conditions
Details
testing / security-check (pull_request) Blocked by required conditions
Details
issue-labels / release-notes (pull_request_target) Waiting to run
Details
Integration tests for the release process / release-simulation (pull_request) Successful in 5m49s
Details
issue-labels / backporting (pull_request_target) Has been skipped
Details
issue-labels / cascade (pull_request_target) Has been skipped
Details
to 59e2a8874f
Some checks failed
Integration tests for the release process / release-simulation (pull_request) Successful in 6m27s
Details
testing / frontend-checks (pull_request) Successful in 1m22s
Details
testing / backend-checks (pull_request) Successful in 6m1s
Details
testing / test-unit (pull_request) Successful in 4m18s
Details
testing / test-remote-cacher (redis) (pull_request) Successful in 1m14s
Details
testing / test-remote-cacher (valkey) (pull_request) Successful in 1m11s
Details
testing / test-remote-cacher (garnet) (pull_request) Successful in 1m1s
Details
testing / test-remote-cacher (redict) (pull_request) Successful in 1m4s
Details
testing / test-e2e (pull_request) Successful in 24m0s
Details
testing / test-mysql (pull_request) Successful in 27m28s
Details
testing / test-sqlite (pull_request) Successful in 35m6s
Details
testing / test-pgsql (pull_request) Successful in 39m40s
Details
testing / security-check (pull_request) Successful in 1m12s
Details
issue-labels / release-notes (pull_request_target) Has been skipped
Details
requirements / merge-conditions (pull_request) Failing after 3s
Details
2026-01-26 14:06:30 +01:00 Compare
slink referenced this pull request from a commit 2026-01-26 14:15:30 +01:00
docs: Suggest to run make pr-go
slink referenced this pull request from a commit 2026-01-26 14:16:59 +01:00
docs: Suggest to run make pr-go
slink commented 2026-01-26 14:17:45 +01:00
Author
Contributor
Copy link

Changed GO into Go and docs pr opened: forgejo/docs#1714

Changed GO into Go and docs pr opened: https://codeberg.org/forgejo/docs/pulls/1714
viceice reviewed 2026-01-26 14:20:41 +01:00
.forgejo/workflows/testing.yml Outdated
@ -26,3 +26,2 @@
- uses: ./.forgejo/workflows-composite/setup-env
- run: su forgejo -c 'make deps-backend deps-tools'
- run: su forgejo -c 'make --always-make -j$(nproc) lint-backend tidy-check swagger-check lint-swagger fmt-check swagger-validate' # ensure the "go-licenses" make target runs
- run: su forgejo -c 'make -j$(nproc) pr-go'
viceice commented 2026-01-26 14:20:41 +01:00
Owner
Copy link

i would suggest to split it tioo multiple run commands for easier failure analyzation on failues. It's currently hard to find what fails

i would suggest to split it tioo multiple run commands for easier failure analyzation on failues. It's currently hard to find what fails
slink commented 2026-01-26 14:27:13 +01:00
Author
Contributor
Copy link

that would counter-act the goal of having a single source of truth.
If we have one thing in the CI and another in the Makefile, they will diverge again.

Should we maybe have a some magic string to make the CI format the output nicely?

that would counter-act the goal of having a single source of truth. If we have one thing in the CI and another in the `Makefile`, they will diverge again. Should we maybe have a some magic string to make the CI format the output nicely?
viceice commented 2026-01-26 14:37:59 +01:00
Owner
Copy link

not sure, i don't know if log grouping works on forgejo actions

https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-commands#grouping-log-lines

then we could detect actions and emit grouping commands on ci

not sure, i don't know if log grouping works on forgejo actions https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-commands#grouping-log-lines then we could detect actions and emit grouping commands on ci
Gusted commented 2026-01-26 14:40:00 +01:00
Owner
Copy link

#3337, its supported.

https://codeberg.org/forgejo/forgejo/pulls/3337, its supported.
👀 1
viceice commented 2026-01-26 14:41:08 +01:00
Owner
Copy link

@Gusted wrote in #11053 (comment):

#3337, its supported.

ha, found it too now😅

@Gusted wrote in https://codeberg.org/forgejo/forgejo/pulls/11053#issuecomment-10174722: > #3337, its supported. ha, found it too now😅
viceice commented 2026-01-26 14:42:12 +01:00
Owner
Copy link

we can use GITHUB_ACTIONS or FORGEJO_ACTIONS to detect

we can use `GITHUB_ACTIONS` or `FORGEJO_ACTIONS` to detect
slink commented 2026-01-26 14:51:17 +01:00
Author
Contributor
Copy link

Just CI?
I am trying to come up with something manageable for the Makefile...

Just `CI`? I am trying to come up with something manageable for the Makefile...
viceice commented 2026-01-26 14:55:28 +01:00
Owner
Copy link

sure
code.forgejo.org/forgejo/runner@6721a406e5/act/runner/run_context.go (L1360)

sure https://code.forgejo.org/forgejo/runner/src/commit/6721a406e5e6e5a07a9931d1d03fdcf4bbb0b48a/act/runner/run_context.go#L1360
slink changed title from build: move backend-checks CI checks to Makefile to WIP: build: move backend-checks CI checks to Makefile 2026-01-26 17:11:59 +01:00
slink force-pushed make-pr-go from 59e2a8874f
Some checks failed
Integration tests for the release process / release-simulation (pull_request) Successful in 6m27s
Details
testing / frontend-checks (pull_request) Successful in 1m22s
Details
testing / backend-checks (pull_request) Successful in 6m1s
Details
testing / test-unit (pull_request) Successful in 4m18s
Details
testing / test-remote-cacher (redis) (pull_request) Successful in 1m14s
Details
testing / test-remote-cacher (valkey) (pull_request) Successful in 1m11s
Details
testing / test-remote-cacher (garnet) (pull_request) Successful in 1m1s
Details
testing / test-remote-cacher (redict) (pull_request) Successful in 1m4s
Details
testing / test-e2e (pull_request) Successful in 24m0s
Details
testing / test-mysql (pull_request) Successful in 27m28s
Details
testing / test-sqlite (pull_request) Successful in 35m6s
Details
testing / test-pgsql (pull_request) Successful in 39m40s
Details
testing / security-check (pull_request) Successful in 1m12s
Details
issue-labels / release-notes (pull_request_target) Has been skipped
Details
requirements / merge-conditions (pull_request) Failing after 3s
Details
to e3e271934c
Some checks failed
testing.yml / test a CI grouping idea (pull_request) Failing after 0s
Details
issue-labels / release-notes (pull_request_target) Has been skipped
Details
requirements / merge-conditions (pull_request) Failing after 2s
Details
Integration tests for the release process / release-simulation (pull_request) Successful in 5m13s
Details
2026-01-26 17:15:31 +01:00 Compare
slink force-pushed make-pr-go from e3e271934c
Some checks failed
testing.yml / test a CI grouping idea (pull_request) Failing after 0s
Details
issue-labels / release-notes (pull_request_target) Has been skipped
Details
requirements / merge-conditions (pull_request) Failing after 2s
Details
Integration tests for the release process / release-simulation (pull_request) Successful in 5m13s
Details
to 58fbedc17f
Some checks failed
issue-labels / release-notes (pull_request_target) Has been skipped
Details
requirements / merge-conditions (pull_request) Failing after 1s
Details
testing / frontend-checks (pull_request) Successful in 55s
Details
testing / backend-checks (pull_request) Successful in 3m42s
Details
Integration tests for the release process / release-simulation (pull_request) Successful in 5m41s
Details
testing / test-unit (pull_request) Successful in 4m38s
Details
testing / test-remote-cacher (redis) (pull_request) Successful in 1m8s
Details
testing / test-remote-cacher (valkey) (pull_request) Successful in 1m13s
Details
testing / test-remote-cacher (redict) (pull_request) Successful in 1m6s
Details
testing / test-remote-cacher (garnet) (pull_request) Successful in 1m9s
Details
testing / test-e2e (pull_request) Successful in 19m30s
Details
testing / test-sqlite (pull_request) Has been cancelled
Details
testing / test-pgsql (pull_request) Has been cancelled
Details
testing / test-mysql (pull_request) Has been cancelled
Details
testing / security-check (pull_request) Has been cancelled
Details
2026-01-26 17:23:02 +01:00 Compare
slink commented 2026-01-26 17:40:21 +01:00
Author
Contributor
Copy link

FTR: The following idea is nice, I think, because it does not require any changes to the makefile, but I found no way to replace the working directory output with the current target:

diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml
index d40d000c4e..1e0c1bbc17 100644
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@@ -24,7 +24,7 @@ jobs:
           EOF
       - uses: https://data.forgejo.org/actions/checkout@v6
       - uses: ./.forgejo/workflows-composite/setup-env
-      - run: su forgejo -c 'make -j$(nproc) pr-go'
+      - run: su forgejo -c './tools/cimake.sh pr-go'
       # this will re-run the backend target also contained in pr-go, but
       # a re-build is insignificant
       - uses: ./.forgejo/workflows-composite/build-backend
diff --git a/tools/cimake.sh b/tools/cimake.sh
new file mode 100755
index 0000000000..1d935120e5
--- /dev/null
+++ b/tools/cimake.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+# GNU make wrapper for invocation from ci to generate grouping of output
+# without getting into the YAML madness of "what is a string"
+exec make -w -O -j$(nproc) "$@" 2>&1 | sed 's:^make\: Entering directory:\#\#[group]:;s:^make\: Leaving directory:\#\#[endgroup]:'

this produces:

image

But I am giving it up, because we should really have descriptive names for the groups

FTR: The following idea is nice, I think, because it does not require any changes to the makefile, but I found no way to replace the working directory output with the current target: ```diff diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml index d40d000c4e..1e0c1bbc17 100644 --- a/.forgejo/workflows/testing.yml +++ b/.forgejo/workflows/testing.yml @@ -24,7 +24,7 @@ jobs: EOF - uses: https://data.forgejo.org/actions/checkout@v6 - uses: ./.forgejo/workflows-composite/setup-env - - run: su forgejo -c 'make -j$(nproc) pr-go' + - run: su forgejo -c './tools/cimake.sh pr-go' # this will re-run the backend target also contained in pr-go, but # a re-build is insignificant - uses: ./.forgejo/workflows-composite/build-backend diff --git a/tools/cimake.sh b/tools/cimake.sh new file mode 100755 index 0000000000..1d935120e5 --- /dev/null +++ b/tools/cimake.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +# GNU make wrapper for invocation from ci to generate grouping of output +# without getting into the YAML madness of "what is a string" +exec make -w -O -j$(nproc) "$@" 2>&1 | sed 's:^make\: Entering directory:\#\#[group]:;s:^make\: Leaving directory:\#\#[endgroup]:' ``` this produces: ![image](/attachments/c6e2464d-4ce4-4e3f-9be1-3c8f5373cab7) But I am giving it up, because we should really have descriptive names for the groups
image.png
51 KiB
or does the idea actually work?
All checks were successful
testing / frontend-checks (pull_request) Successful in 48s
Details
testing / backend-checks (pull_request) Successful in 2m16s
Details
Integration tests for the release process / release-simulation (pull_request) Successful in 5m49s
Details
testing / test-unit (pull_request) Successful in 4m14s
Details
testing / test-remote-cacher (redict) (pull_request) Successful in 1m18s
Details
testing / test-remote-cacher (valkey) (pull_request) Successful in 1m19s
Details
testing / test-remote-cacher (redis) (pull_request) Successful in 1m19s
Details
testing / test-remote-cacher (garnet) (pull_request) Successful in 1m19s
Details
testing / test-e2e (pull_request) Successful in 25m58s
Details
testing / test-mysql (pull_request) Successful in 26m36s
Details
testing / test-sqlite (pull_request) Successful in 32m41s
Details
testing / test-pgsql (pull_request) Successful in 35m41s
Details
testing / security-check (pull_request) Successful in 51s
Details
issue-labels / backporting (pull_request_target) Has been skipped
Details
issue-labels / cascade (pull_request_target) Has been skipped
Details
issue-labels / release-notes (pull_request_target) Has been skipped
Details
requirements / merge-conditions (pull_request) Successful in 1s
Details
140c9d8e8e
slink commented 2026-01-26 17:51:28 +01:00
Author
Contributor
Copy link

Actually... There is a debug option which might give us what we want.
@viceice could you have a look at https://codeberg.org/forgejo/forgejo/actions/runs/134218/jobs/0/attempt/1 and tell me what you think?

As mentioned before, the compelling advantage of something like this is that it does not require changes to the makefile (which can be forgotten etc.).

The drawback (if it is any) is that we need to accept additional debug output which we are less interested in, or we'd need to hack more line replacements for those parts of the output which we do not want to see (with the danger of accidentally suppressing something which we are interested in)

image

Actually... There is a debug option which might give us what we want. @viceice could you have a look at https://codeberg.org/forgejo/forgejo/actions/runs/134218/jobs/0/attempt/1 and tell me what you think? As mentioned before, the compelling advantage of something like this is that it does not require changes to the makefile (which can be forgotten etc.). The drawback (if it is any) is that we need to accept additional debug output which we are less interested in, or we'd need to hack more line replacements for those parts of the output which we do not want to see (with the danger of accidentally suppressing something which we _are_ interested in) ![image](/attachments/19407ccb-9f31-4c24-91e5-0f8dc1c066b7)
image.png
164 KiB
slink changed title from WIP: build: move backend-checks CI checks to Makefile to WIP: build: move CI checks to Makefile 2026-01-26 17:54:25 +01:00
viceice commented 2026-01-27 13:36:07 +01:00
Owner
Copy link

looks promissing, maybe we should try to filter some more known verbose messages 🙃

  • Prerequisite 'tests/e2e/changes.go' is newer than target 'templates/swagger/v1_json.tmpl'.
  • File 'swagger-check' does not exist.

then we're porbably good to go

looks promissing, maybe we should try to filter some more known verbose messages 🙃 - `Prerequisite 'tests/e2e/changes.go' is newer than target 'templates/swagger/v1_json.tmpl'.` - `File 'swagger-check' does not exist.` then we're porbably good to go
👍 1
slink force-pushed make-pr-go from 140c9d8e8e
All checks were successful
testing / frontend-checks (pull_request) Successful in 48s
Details
testing / backend-checks (pull_request) Successful in 2m16s
Details
Integration tests for the release process / release-simulation (pull_request) Successful in 5m49s
Details
testing / test-unit (pull_request) Successful in 4m14s
Details
testing / test-remote-cacher (redict) (pull_request) Successful in 1m18s
Details
testing / test-remote-cacher (valkey) (pull_request) Successful in 1m19s
Details
testing / test-remote-cacher (redis) (pull_request) Successful in 1m19s
Details
testing / test-remote-cacher (garnet) (pull_request) Successful in 1m19s
Details
testing / test-e2e (pull_request) Successful in 25m58s
Details
testing / test-mysql (pull_request) Successful in 26m36s
Details
testing / test-sqlite (pull_request) Successful in 32m41s
Details
testing / test-pgsql (pull_request) Successful in 35m41s
Details
testing / security-check (pull_request) Successful in 51s
Details
issue-labels / backporting (pull_request_target) Has been skipped
Details
issue-labels / cascade (pull_request_target) Has been skipped
Details
issue-labels / release-notes (pull_request_target) Has been skipped
Details
requirements / merge-conditions (pull_request) Successful in 1s
Details
to 6d13f7794e
All checks were successful
issue-labels / release-notes (pull_request_target) Has been skipped
Details
requirements / merge-conditions (pull_request) Successful in 2s
Details
testing / frontend-checks (pull_request) Successful in 1m13s
Details
Integration tests for the release process / release-simulation (pull_request) Successful in 5m49s
Details
testing / backend-checks (pull_request) Successful in 4m34s
Details
testing / test-unit (pull_request) Successful in 4m35s
Details
testing / test-remote-cacher (redis) (pull_request) Successful in 1m2s
Details
testing / test-remote-cacher (valkey) (pull_request) Successful in 1m3s
Details
testing / test-remote-cacher (garnet) (pull_request) Successful in 1m1s
Details
testing / test-remote-cacher (redict) (pull_request) Successful in 1m3s
Details
testing / test-mysql (pull_request) Successful in 23m53s
Details
testing / test-sqlite (pull_request) Successful in 26m5s
Details
testing / test-pgsql (pull_request) Successful in 30m49s
Details
testing / security-check (pull_request) Successful in 40s
Details
testing / test-e2e (pull_request) Successful in 17m16s
Details
2026-01-27 14:39:25 +01:00 Compare
slink changed title from WIP: build: move CI checks to Makefile to build: move backend-checks CI checks to Makefile: make pr-go 2026-01-27 14:41:38 +01:00
slink commented 2026-01-27 14:44:11 +01:00
Author
Contributor
Copy link

ready for merge:

tools/cimake.sh:

  • filtering of additional messages as suggested by @viceice
  • set pipefail mode to make sure a make failure is propagated
  • general polishing

CI:

  • added reference to makefile
ready for merge: tools/cimake.sh: * filtering of additional messages as suggested by @viceice * set pipefail mode to make sure a make failure is propagated * general polishing CI: * added reference to makefile
slink commented 2026-01-27 14:53:11 +01:00
Author
Contributor
Copy link

This failure https://codeberg.org/forgejo/forgejo/actions/runs/134508/jobs/3/attempt/1 looks unrelated, I did not touch e2e and the error looks like ... something swallowed some characters...?

This failure https://codeberg.org/forgejo/forgejo/actions/runs/134508/jobs/3/attempt/1 looks unrelated, I did not touch e2e and the error looks like ... something swallowed some characters...?
viceice approved these changes 2026-01-27 15:03:10 +01:00
Dismissed
slink force-pushed make-pr-go from 6d13f7794e
All checks were successful
issue-labels / release-notes (pull_request_target) Has been skipped
Details
requirements / merge-conditions (pull_request) Successful in 2s
Details
testing / frontend-checks (pull_request) Successful in 1m13s
Details
Integration tests for the release process / release-simulation (pull_request) Successful in 5m49s
Details
testing / backend-checks (pull_request) Successful in 4m34s
Details
testing / test-unit (pull_request) Successful in 4m35s
Details
testing / test-remote-cacher (redis) (pull_request) Successful in 1m2s
Details
testing / test-remote-cacher (valkey) (pull_request) Successful in 1m3s
Details
testing / test-remote-cacher (garnet) (pull_request) Successful in 1m1s
Details
testing / test-remote-cacher (redict) (pull_request) Successful in 1m3s
Details
testing / test-mysql (pull_request) Successful in 23m53s
Details
testing / test-sqlite (pull_request) Successful in 26m5s
Details
testing / test-pgsql (pull_request) Successful in 30m49s
Details
testing / security-check (pull_request) Successful in 40s
Details
testing / test-e2e (pull_request) Successful in 17m16s
Details
to 0d8262e582
All checks were successful
issue-labels / release-notes (pull_request_target) Has been skipped
Details
requirements / merge-conditions (pull_request) Successful in 2s
Details
testing / frontend-checks (pull_request) Successful in 57s
Details
testing / backend-checks (pull_request) Successful in 2m53s
Details
Integration tests for the release process / release-simulation (pull_request) Successful in 5m25s
Details
testing / test-unit (pull_request) Successful in 5m48s
Details
testing / test-remote-cacher (garnet) (pull_request) Successful in 1m48s
Details
testing / test-remote-cacher (redict) (pull_request) Successful in 1m51s
Details
testing / test-remote-cacher (redis) (pull_request) Successful in 1m54s
Details
testing / test-remote-cacher (valkey) (pull_request) Successful in 1m53s
Details
testing / test-e2e (pull_request) Successful in 24m2s
Details
testing / test-mysql (pull_request) Successful in 26m26s
Details
testing / test-sqlite (pull_request) Successful in 32m24s
Details
testing / test-pgsql (pull_request) Successful in 37m37s
Details
testing / security-check (pull_request) Successful in 1m10s
Details
issue-labels / backporting (pull_request_target) Has been skipped
Details
milestone / set (pull_request_target) Successful in 6s
Details
2026-02-05 11:07:12 +01:00 Compare
slink commented 2026-02-05 11:07:14 +01:00
Author
Contributor
Copy link

rebased and force-pushed, no changes to the patch

rebased and force-pushed, no changes to the patch
viceice approved these changes 2026-02-05 11:18:59 +01:00
mfenniak commented 2026-02-07 03:51:06 +01:00
Member
Copy link

While this has been open, I've prepared a new backend check in #11142, using semgrep. I'm inclined to leave the semgrep change separate from this new pr-go make target because: (a) it already is, so neither of these changes will conflict on each other, (b) it requires a separate tool that can't be automatically installed by the go toolchain (semgrep) since it's not a go tool, (c) it's a relatively slow tool, (d) the slow perf is mitigated in CI because it uses patch-aware detection of what files to run against.

Just wanted to raise this note to see if there's an alternate opinion before either change moves forward. semgrep's applicability in #11142 will be so very small that it's unlikely to be an inconvenience, but that could change over time.

While this has been open, I've prepared a new backend check in #11142, using `semgrep`. I'm inclined to leave the `semgrep` change separate from this new `pr-go` make target because: (a) it already is, so neither of these changes will conflict on each other, (b) it requires a separate tool that can't be automatically installed by the go toolchain (`semgrep`) since it's not a go tool, (c) it's a relatively slow tool, (d) the slow perf is mitigated in CI because it uses patch-aware detection of what files to run against. Just wanted to raise this note to see if there's an alternate opinion before either change moves forward. `semgrep`'s applicability in #11142 will be so very small that it's unlikely to be an inconvenience, but that could change over time.
slink commented 2026-02-07 13:38:50 +01:00
Author
Contributor
Copy link

Re @mfenniak

I am not competent regarding semgrep, but it seems to be a proprietary, closed source tool (I only checked briefly, the pip installer for the CE cli contains a big binary executable). As a matter of principle, I would not even install such a tool locally, and, consequently, I would vote against requiring it to pass for PRs to be merged. In my opinion, there is also a risk of relying too much on such a tool, and in my mind there is a broader conflict with forgejo's values.

I do not have any say in this project, so the maintainers are of course to make their decision independent of this opinion.

As a possible compromise, one option could be to just run the tool "asynchronously" against trunk.

Re @mfenniak I am not competent regarding semgrep, but it seems to be a proprietary, closed source tool (I only checked briefly, the pip installer for the CE cli contains a big binary executable). As a matter of principle, I would not even install such a tool locally, and, consequently, I would vote against requiring it to pass for PRs to be merged. In my opinion, there is also a risk of relying too much on such a tool, and in my mind there is a broader conflict with forgejo's values. I do not have any say in this project, so the maintainers are of course to make their decision independent of this opinion. As a possible compromise, one option could be to just run the tool "asynchronously" against trunk.
mfenniak commented 2026-02-07 15:03:30 +01:00
Member
Copy link

@slink wrote in #11053 (comment):

I am not competent regarding semgrep, but it seems to be a proprietary, closed source tool (I only checked briefly, the pip installer for the CE cli contains a big binary executable).

This is a misunderstanding of a weird packaging choice. semgrep is an LGPL-2.1 licensed open source tool. https://github.com/semgrep/semgrep It's written in OCaml, so I'm not sure why they use a pip package as a distribution tool, but that's the cause of the binary -- it's not a python tool.

Now, there is a fair criticism of the project in a more nuanced way -- the authors recently removed capabilities from the open source tool to package them as part of their commercial engine. (https://semgrep.dev/blog/2024/important-updates-to-semgrep-oss/#json-and-sarif-output-changes) This resulted in a fork, Opengrep. We could easily adopt Opengrep instead if it proves to be the healthier project in the long-term due to the limited usage proposed at this time.

With that information in mind, how is your opinion on make pr-go influenced?

@slink wrote in https://codeberg.org/forgejo/forgejo/pulls/11053#issuecomment-10426718: > I am not competent regarding semgrep, but it seems to be a proprietary, closed source tool (I only checked briefly, the pip installer for the CE cli contains a big binary executable). This is a misunderstanding of a weird packaging choice. semgrep is an LGPL-2.1 licensed open source tool. https://github.com/semgrep/semgrep It's written in OCaml, so I'm not sure why they use a pip package as a distribution tool, but that's the cause of the binary -- it's not a python tool. Now, there is a fair criticism of the project in a more nuanced way -- the authors recently removed capabilities from the open source tool to package them as part of their commercial engine. (https://semgrep.dev/blog/2024/important-updates-to-semgrep-oss/#json-and-sarif-output-changes) This resulted in a fork, Opengrep. We could easily adopt Opengrep instead if it proves to be the healthier project in the long-term due to the limited usage proposed at this time. With that information in mind, how is your opinion on `make pr-go` influenced?
👍 1
slink commented 2026-02-08 19:55:34 +01:00
Author
Contributor
Copy link

@mfenniak wrote in #11053 (comment):

This is a misunderstanding of a weird packaging choice. semgrep is an LGPL-2.1 licensed open source tool.

Thank you so much for clearing up my misunderstanding. 🙏 FWIW, their corporate website does not exactly promote a link to their sources either, but I really should have looked more carefully. Thank you again for correcting my mistake.

As long as the toolchain can be built from sources, I am fine with requiring it.

@mfenniak wrote in https://codeberg.org/forgejo/forgejo/pulls/11053#issuecomment-10428132: > This is a misunderstanding of a weird packaging choice. semgrep is an LGPL-2.1 licensed open source tool. Thank you so much for clearing up my misunderstanding. 🙏 FWIW, their corporate website does not exactly promote a link to their sources either, but I really should have looked more carefully. Thank you again for correcting my mistake. As long as the toolchain can be built from sources, I am fine with requiring it.
slink commented 2026-02-08 20:02:44 +01:00
Author
Contributor
Copy link

@mfenniak I just realized that I might not have answered your actual question: Being inexperienced with semgrep, I am not sure how relevant it would be to run it locally. As a newbie to this project, I wanted to avoid pushing PRs for which CI immediately fails, and just today I found issues which would only should up in e2e. So I guess in principle make pr-go could include all CI checks, but it also needs to remain manageable in terms of runtime.
So based on

it's a relatively slow tool, (d) the slow perf is mitigated in CI because it uses patch-aware detection of what files to run against.

it would seem sensible to not run it with make pr-go?

@mfenniak I just realized that I might not have answered your actual question: Being inexperienced with semgrep, I am not sure how relevant it would be to run it locally. As a newbie to this project, I wanted to avoid pushing PRs for which CI immediately fails, and just today I found issues which would only should up in e2e. So I guess in principle `make pr-go` could include _all_ CI checks, but it also needs to remain manageable in terms of runtime. So based on > it's a relatively slow tool, (d) the slow perf is mitigated in CI because it uses patch-aware detection of what files to run against. it would seem sensible to not run it with `make pr-go`?
slink referenced this pull request from a commit 2026-02-09 17:18:06 +01:00
docs: Suggest to run make pr-go
Gusted commented 2026-02-17 02:03:16 +01:00
Owner
Copy link

@slink wrote in #11053 (comment):

it's a relatively slow tool, (d) the slow perf is mitigated in CI because it uses patch-aware detection of what files to run against.

it would seem sensible to not run it with make pr-go?

It runs in 6 seconds for me, but I'm not sure how well installing python packages is in the current Makefile, there's some as that was inherited from Gitea but I don't think we ever ran them.

@slink wrote in https://codeberg.org/forgejo/forgejo/pulls/11053#issuecomment-10449888: > > it's a relatively slow tool, (d) the slow perf is mitigated in CI because it uses patch-aware detection of what files to run against. > > it would seem sensible to not run it with `make pr-go`? It runs in 6 seconds for me, but I'm not sure how well installing python packages is in the current Makefile, there's some as that was inherited from Gitea but I don't think we ever ran them.
Gusted approved these changes 2026-02-17 02:11:18 +01:00
Gusted left a comment
Owner
Copy link

Looks good, thanks!

Looks good, thanks!
Gusted merged commit a81fc2a290 into forgejo 2026-02-17 02:41:43 +01:00
ltdk commented 2026-02-17 18:36:15 +01:00
First-time contributor
Copy link

Just want to say thank you for doing this & the docs update, since they would have helped with an earlier PR I submitted. Hopefully they help newer folks too.

Just want to say thank you for doing this & the docs update, since they would have helped with an earlier PR I submitted. Hopefully they help newer folks too.
❤️ 1
Sign in to join this conversation.
Reviewers
No reviewers
viceice
Gusted
Labels
Clear labels   
arch
riscv64

Archived

  
backport/v1.19

Scheduled for backport to Forgejo v1.19

Archived

  
backport/v1.20

Scheduled for backport to Forgejo v1.20

Archived

  
backport/v1.21/forgejo

Scheduled for backport to Forgejo v1.21

Archived

  
backport/v10.0/forgejo

Automated backport to v10.0

Archived

  
backport/v11.0/forgejo

Automated backport to v11.0

  
backport/v12.0/forgejo

Automated backport to v12.0

Archived

  
backport/v13.0/forgejo

Automated backport to v13.0

Archived

  
backport/v14.0/forgejo

Automated backport to v14.0

  
backport/v7.0/forgejo

Scheduled for backport to Forgejo v7.0

Archived

  
backport/v8.0/forgejo

Scheduled for backport to Forgejo v8.0

Archived

  
backport/v9.0/forgejo

Scheduled for backport to Forgejo v9.0

Archived

  
breaking

The release containing this change is not backward compatible

  
bug

Something is not working

Archived

  
bug
confirmed
it can be reproduced

  
bug
duplicate
bug has already been reported in the Forgejo tracker

  
bug
needs-more-info
the information provided does not contain enough details

  
bug
new-report
bug has just been reported and need triage (default label on issue creation)

  
bug
reported-upstream
bug cannot be fixed within Forgejo easily, it has been reported upstream

  
code/actions

Forgejo Actions feature

  
code/api

API

  
code/auth

Forgejo Authentication

  
code/auth/faidp

Forgejo as Identity Provider (in OAuth/OIDC flow)

  
code/auth/farp

Forgejo as Relying Party / Client (in OAuth/OIDC flow)

  
code/email

Everything related to email in Forgejo

  
code/federation

Federation

  
code/git

Related to the Git backend in Forgejo

  
code/migrations

Migration between Git forges (i.e. for GitHub, GitLab, Gitea, Forgejo, etc.). NOT for database migrations.

  
code/packages

Forgejo package and container registry

  
code/wiki
  
database
MySQL
https://www.mysql.com/

  
database
PostgreSQL
https://www.postgresql.org/

  
database
SQLite
https://sqlite.org/

  
dependency-upgrade

https://codeberg.org/forgejo/forgejo/issues/2779

  
dependency
certmagic
github.com/caddyserver/certmagic

Archived

  
dependency
chart.js
https://github.com/chartjs/Chart.js

Archived

  
dependency
Chi
https://github.com/go-chi/chi/

Archived

  
dependency
Chroma
https://github.com/alecthomas/chroma/

Archived

  
dependency
citation.js
https://github.com/larsgw/citation.js/

Archived

  
dependency
codespell
https://github.com/codespell-project/codespell

Archived

  
dependency
css-loader
https://github.com/webpack-contrib/css-loader

Archived

  
dependency
devcontainers
https://github.com/devcontainers/cli

Archived

  
dependency
dropzone
https://github.com/dropzone/dropzone

Archived

  
dependency
editorconfig-checker
https://github.com/editorconfig-checker/editorconfig-checker

Archived

  
dependency
elasticsearch
https://www.elastic.co/elasticsearch

Archived

  
dependency
enmime
https://github.com/jhillyerd/enmime

Archived

  
dependency
F3
https://f3.forgefriends.org/

  
dependency
ForgeFed
https://forgefed.org

  
dependency
garage
https://git.deuxfleurs.fr/Deuxfleurs/garage

  
dependency
Git
https://git-scm.com/

Archived

  
dependency
git-backporting
https://github.com/kiegroup/git-backporting

Archived

  
dependency
Gitea
https://github.com/go-gitea/gitea

  
dependency
gitignore
https://github.com/github/gitignore

Archived

  
dependency
go-ap
https://github.com/go-ap/activitypub

Archived

  
dependency
go-enry
https://github.com/go-enry/go-enry

Archived

  
dependency
go-gitlab
https://github.com/xanzy/go-gitlab

Archived

  
dependency
Go-org
https://github.com/niklasfasching/go-org

Archived

  
dependency
go-rpmutils
https://github.com/sassoftware/go-rpmutils

Archived

  
dependency
go-sql-driver mysql
https://github.com/go-sql-driver/mysql/

Archived

  
dependency
go-swagger
github.com/go-swagger/go-swagger

Archived

  
dependency
go-version
https://github.com/hashicorp/go-version

Archived

  
dependency
go-webauthn
https://github.com/go-webauthn/webauthn

Archived

  
dependency
gocron
https://github.com/go-co-op/gocron

Archived

  
dependency
Golang
https://go.dev/

  
dependency
goldmark
https://github.com/yuin/goldmark

Archived

  
dependency
goquery
github.com/PuerkitoBio/goquery

Archived

  
dependency
Goth
https://github.com/markbates/goth/

Archived

  
dependency
grpc-go
https://github.com/grpc/grpc-go

Archived

  
dependency
happy-dom
https://github.com/capricorn86/happy-dom

Archived

  
dependency
Helm
https://helm.sh/

Archived

  
dependency
image-spec
https://github.com/opencontainers/image-spec

Archived

  
dependency
jsonschema
https://github.com/santhosh-tekuri/jsonschema

Archived

  
dependency
KaTeX
https://github.com/KaTeX/KaTeX

Archived

  
dependency
lint
All linting tools and libraries

Archived

  
dependency
MariaDB
https://mariadb.com/

Archived

  
dependency
Mermaid
https://github.com/mermaid-js/mermaid/

Archived

  
dependency
minio-go
https://github.com/minio/minio-go/

Archived

  
dependency
misspell
github.com/golangci/misspell/cmd/misspell

Archived

  
dependency
Monaco
https://github.com/microsoft/monaco-editor

Archived

  
dependency
PDFobject
https://pdfobject.com/

Archived

  
dependency
playwright
https://playwright.dev/

Archived

  
dependency
postcss
https://github.com/postcss/postcss

Archived

  
dependency
postcss-plugins
https://github.com/csstools/postcss-plugins

Archived

  
dependency
pprof
https://github.com/google/pprof

Archived

  
dependency
prometheus client_golang
https://github.com/prometheus/client_golang

Archived

  
dependency
protobuf
https://google.golang.org/protobuf

Archived

  
dependency
relative-time-element
https://github.com/github/relative-time-element

Archived

  
dependency
renovate
https://github.com/renovatebot/renovate

Archived

  
dependency
reply
https://code.forgejo.org/forgejo/reply

Archived

  
dependency
ssh
https://github.com/gliderlabs/ssh

Archived

  
dependency
swagger-ui
https://github.com/swagger-api/swagger-ui

Archived

  
dependency
tailwind
https://tailwindcss.com/

Archived

  
dependency
temporal-polyfill
https://github.com/fullcalendar/temporal-polyfill

Archived

  
dependency
terminal-to-html
github.com/buildkite/terminal-to-html

Archived

  
dependency
tests-only
Undifferentiated dependencies used for testing only

Archived

  
dependency
text-expander-element
https://github.com/github/text-expander-element

Archived

  
dependency
urfave
https://github.com/urfave/cli

Archived

  
dependency
vfsgen
https://github.com/lunny/vfsgen

Archived

  
dependency
vite
https://vitejs.dev/

Archived

  
dependency
Woodpecker CI
https://woodpecker-ci.org/

Archived

  
dependency
x tools
https://golang.org/x/tools

Archived

  
dependency
XORM
https://gitea.com/xorm/xorm

Archived

  
Discussion

   
duplicate

This issue or pull request already exists

  
enhancement/feature

New feature

  
forgejo/accessibility

Accessibility (a11y)

  
forgejo/branding

Branding (logo, name, tagline etc.)

  
forgejo/ci

Forgejo Actions CI configuration

  
forgejo/commit-graph

The commit graph feature and page.

  
forgejo/documentation

   
forgejo/furnace cleanup

Keeping Forgejo in sync with its dependencies and contributing back to them

Archived

  
forgejo/i18n

t9n/translation, l10n/localization, and i18n/internationalization of Forgejo

  
forgejo/interop

Interoperability with other services: Webhooks, bridges, integrations

  
forgejo/moderation

Moderation

  
forgejo/privacy

Privacy first

  
forgejo/release

Release management

  
forgejo/scaling

Performance and scaling

  
forgejo/security

Security (please disclose responsibly)

  
forgejo/ui

User interface

  
Gain
High
User research provides indicators that this would be good to have, interested contributors are encouraged to pick this.

  
Gain
Nice to have
This is likely worth having, but the assumption is not backed by user research data (it might benefit a small amount of users only.) Unlikely to receive much attention, but feel free to pick.

  
Gain
Undefined
Not enough information to assess the request's benefits. This issue may be closed if no gain is established: You can help by giving us more input.

  
Gain
Very High
User research indicates that this is an important improvement for Forgejo users. Contributions very welcome!

  
good first issue

Optimal for first-timers! Make sure to look for further explanations and ask for help if needed. If you want, you can consider the person who added this label as a point of contact.

  
i18n/backport-stable

This PR needs to be backported to stable branch of Forgejo safely and manually, using a migration script.

  
impact
large
Large impact: Potential data loss, many users affected, major degradation in UX.

  
impact
medium
Medium impact: Several users affected, degradation in UX, workarounds might be available but inconvenient.

  
impact
small
Small impact: No data loss, workarounds might be available, affects few users.

  
impact
unknown
Report was not yet triaged to assess impact.

  
Incompatible license

This pull request contains changes that are not (yet) compatible with the current Forgejo license

  
issue
closed
The issue was resolved in the repository of the dependency

  
issue
do-not-exist-yet
An issue should be created in the respository of the dependency

  
issue
open
An open issue exists in the upstream repository of the dependency

  
manual test

Pull requests that have been merged with a manual test

Archived

  
Manually tested during feature freeze

The manual test instructions were followed

  
OS
FreeBSD
Specific to the FreeBSD Operating System

  
OS
Linux
Specific to (GNU/)Linux Operating Systems

  
OS
macOS
Specific to the MacOS Operating System

  
OS
Windows
Specific to the Windows Operating System

  
problem

A user report about a problem. Needs to be triaged to find potential solutions.

  
QA

   
regression

found in the version of the milestone and not before

  
release blocker

Issues that must be fixed before the release can be published

  
Release Cycle
Feature Freeze
Only bug fixes with automated tests (except for CSS/JavaScript)

  
release-blocker
v7.0
Issues that must be fixed before Forgejo v7.0 can be released 17 April 2024

Archived

  
release-blocker
v7.0.1
Issues that must be fixed before Forgejo v7.0.1 can be released

Archived

  
release-blocker
v7.0.2
Issues that must be fixed before Forgejo v7.0.2 can be released

Archived

  
release-blocker
v7.0.3
Issues that must be fixed before Forgejo v7.0.3 can be released

Archived

  
release-blocker
v7.0.4
Issues that must be fixed before Forgejo v7.0.4 can be released

Archived

  
release-blocker
v8.0.0
Issues that must be fixed before Forgejo v8.0.0 can be released

Archived

  
release-blocker/v9.0.0

Issues that must be fixed before Forgejo v9.0.0 can be released

Archived

  
run-all-playwright-tests

Add this label to a PR to run all playwright tests manually.

  
run-end-to-end-tests

Trigger additional tests on the PR when it is ready to be merged

  
test
manual
manual testing has been documented

  
test
needed
test should be added

  
test
needs-help
help needed to add a test

  
test
not-needed
no additional test is needed

  
test
present
test has been added

  
untested

Pull requests that have been merged with no test and submitted as is to the dependency where they belong

Archived

  
User research - time-tracker

Time tracking feature for issues and the JS stopwatch.

  
valuable code

This PR was closed because the implementation is incomplete

  
worth a release-note

Add this PR to the release notes

  
User research - Accessibility

Requires input about accessibility features, likely involves user testing.

  
User research - Blocked

Do not pick as-is! We are happy if you can help, but please coordinate with ongoing redesign in this area.

  
User research - Community

Community features, such as discovering other people's work or otherwise feeling welcome on a Forgejo instance.

  
User research - Config (instance)

Instance-wide configuration, authentication and other admin-only needs.

  
User research - Errors

How to deal with errors in the application and write helpful error messages.

  
User research - Filters

How filter and search is being worked with.

  
User research - Future backlog

The issue might be inspiring for future design work.

  
User research - Git workflow

AGit, fork-based and new Git workflow, PR creation etc

  
User research - Labels

Active research about Labels

  
User research - Moderation

Moderation Featuers for Admins are undergoing active User Research

  
User research - Needs input

Use this label to let the User Research team know their input is requested.

  
User research - Notifications/Dashboard

Research on how users should know what to do next.

  
User research - Rendering

Text rendering, markup languages etc

  
User research - Repo creation

Active research about the New Repo dialog.

  
User research - Repo units

The repo sections, disabling them and the "Add more" button.

  
User research - Security

   
User research - Settings (in-app)

How to structure in-app settings in the future?

No labels
arch
riscv64
backport/v1.19
backport/v1.20
backport/v1.21/forgejo
backport/v10.0/forgejo
backport/v11.0/forgejo
backport/v12.0/forgejo
backport/v13.0/forgejo
backport/v14.0/forgejo
backport/v7.0/forgejo
backport/v8.0/forgejo
backport/v9.0/forgejo
breaking
bug
bug
confirmed
bug
duplicate
bug
needs-more-info
bug
new-report
bug
reported-upstream
code/actions
code/api
code/auth
code/auth/faidp
code/auth/farp
code/email
code/federation
code/git
code/migrations
code/packages
code/wiki
database
MySQL
database
PostgreSQL
database
SQLite
dependency-upgrade
dependency
certmagic
dependency
chart.js
dependency
Chi
dependency
Chroma
dependency
citation.js
dependency
codespell
dependency
css-loader
dependency
devcontainers
dependency
dropzone
dependency
editorconfig-checker
dependency
elasticsearch
dependency
enmime
dependency
F3
dependency
ForgeFed
dependency
garage
dependency
Git
dependency
git-backporting
dependency
Gitea
dependency
gitignore
dependency
go-ap
dependency
go-enry
dependency
go-gitlab
dependency
Go-org
dependency
go-rpmutils
dependency
go-sql-driver mysql
dependency
go-swagger
dependency
go-version
dependency
go-webauthn
dependency
gocron
dependency
Golang
dependency
goldmark
dependency
goquery
dependency
Goth
dependency
grpc-go
dependency
happy-dom
dependency
Helm
dependency
image-spec
dependency
jsonschema
dependency
KaTeX
dependency
lint
dependency
MariaDB
dependency
Mermaid
dependency
minio-go
dependency
misspell
dependency
Monaco
dependency
PDFobject
dependency
playwright
dependency
postcss
dependency
postcss-plugins
dependency
pprof
dependency
prometheus client_golang
dependency
protobuf
dependency
relative-time-element
dependency
renovate
dependency
reply
dependency
ssh
dependency
swagger-ui
dependency
tailwind
dependency
temporal-polyfill
dependency
terminal-to-html
dependency
tests-only
dependency
text-expander-element
dependency
urfave
dependency
vfsgen
dependency
vite
dependency
Woodpecker CI
dependency
x tools
dependency
XORM
Discussion
duplicate
enhancement/feature
forgejo/accessibility
forgejo/branding
forgejo/ci
forgejo/commit-graph
forgejo/documentation
forgejo/furnace cleanup
forgejo/i18n
forgejo/interop
forgejo/moderation
forgejo/privacy
forgejo/release
forgejo/scaling
forgejo/security
forgejo/ui
Gain
High
Gain
Nice to have
Gain
Undefined
Gain
Very High
good first issue
i18n/backport-stable
impact
large
impact
medium
impact
small
impact
unknown
Incompatible license
issue
closed
issue
do-not-exist-yet
issue
open
manual test
Manually tested during feature freeze
OS
FreeBSD
OS
Linux
OS
macOS
OS
Windows
problem
QA
regression
release blocker
Release Cycle
Feature Freeze
release-blocker
v7.0
release-blocker
v7.0.1
release-blocker
v7.0.2
release-blocker
v7.0.3
release-blocker
v7.0.4
release-blocker
v8.0.0
release-blocker/v9.0.0
run-all-playwright-tests
run-end-to-end-tests
test
manual
test
needed
test
needs-help
test
not-needed
test
present
untested
User research - time-tracker
valuable code
worth a release-note
User research - Accessibility
User research - Blocked
User research - Community
User research - Config (instance)
User research - Errors
User research - Filters
User research - Future backlog
User research - Git workflow
User research - Labels
User research - Moderation
User research - Needs input
User research - Notifications/Dashboard
User research - Rendering
User research - Repo creation
User research - Repo units
User research - Security
User research - Settings (in-app)
Milestone
Clear milestone
No items
No milestone
Forgejo v15.0.0
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
5 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo/forgejo!11053
No description provided.