summaryrefslogtreecommitdiffstats
path: root/docs
Commit message (Collapse)AuthorAgeFilesLines
* Set RUN_MODE prod by default (#13765)silverwind2020-11-303-5/+3
| | | | | | | I think it's a bad default to have "dev" as the default run mode which enables debugging and now also disables HTTP caching. It's better to just default to a value suitable for general deployments. Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Add Allow-/Block-List for Migrate & Mirrors (#13610)65432020-11-282-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add black list and white list support for migrating repositories * fix fmt * fix lint * fix vendor * fix modules.txt * clean diff * specify log message * use blocklist/allowlist * allways use lowercase to match url * Apply allow/block * Settings: use existing "migrations" section * convert domains lower case * dont store unused value * Block private addresses for migration by default * fix lint * use proposed-upstream func to detect private IP addr * a nit * add own error for blocked migration, add tests, imprufe api * fix test * fix-if-localhost-is-ipv4 * rename error & error message * rename setting options * Apply suggestions from code review Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Format files (#13698)65432020-11-2831-96/+54
| | | | | | | | | | | | | | | | * align "make help" * format * untouch build/generate-svg.js * untouch .eslintrc * combine editorconfig's * rm editorconfig Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Fixed the log path on fail2ban page (#13726)Jesse Laprade2020-11-271-8/+8
| | | | | | * Changed path from /home/git/gitea/log/gitea.log to /var/lib/gitea/log/gitea.log on the fail2ban page, so the log matches the instructions found on the following binary installation page: https://docs.gitea.io/en-us/install-from-binary/#create-required-directory-structure
* specific version in docker compose (#13644)techknowlogick2020-11-192-7/+7
| | | | | | | * specific version in docker compose fix #13643 * update latest version
* Docs: Installation from package (#13607)gsilvan2020-11-181-12/+15
| | | | | | | | | | | | | | | | * add Arch Linux * add Arch Linux ARM * remove Debian There is no package in any of Debian's official repositories as of 17.11.2020 17:55 UTC. * shrink Alpine Linux * Update docs/content/doc/installation/from-package.en-us.md Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: techknowlogick <matti@mdranta.net>
* HTTP cache rework and enable caching for storage assets (#13569)silverwind2020-11-171-1/+1
| | | | | | | | | | This enabled HTTP time-based cache for storage assets, primarily avatars. I have not observed If-Modified-Since from browsers during tests but I guess it's good to support regardless. It introduces a new generic httpcache module that can handle both time-based and etag-based caching. Additionally, manifest.json and robots.txt are now also cachable.
* proper signature validation (#13523)Cacciuc2020-11-131-1/+1
| | | | | | | | | $header_signature could be a typed float (start with 0e and then only numbers) and a float does equal a string when comparing with typed juggle. eg: 0e123 != "abc" does return false, but 0e123 !== "abc" returns true. you previously could circumvent the signature check when providing a header signature in the float format (0e...) Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* docs(comparison): GitHub Actions (#13474)Simon Legner2020-11-081-1/+1
| | | https://github.com/features/actions
* Add note about installation on kubernetes to docs (#13469)techknowlogick2020-11-081-0/+27
| | | Co-authored-by: zeripath <art27@cantab.net>
* docker: rootless image (#10154)Antoine GIRARD2020-10-311-0/+296
| | | | | | | | | * docker: rootless image * improve docs + remove check for write perm on custom * add more info on ssh passtrough * Add comment for internal ssh server in container config
* Fix --port setting (#13288)zeripath2020-10-301-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fix --port setting Unfortunately there was an error in #13195 which set the --port option before the settings were read. This PR fixes this by moving applying this option to after the the settings are read However, on looking further into this code I believe that the setPort code was slightly odd. Firstly, it may make sense to run the install page on a different temporary port to the full system and this should be possible with a --install-port option. Secondy, if the --port option is provided we should apply it to both otherwise there will be unusual behaviour on graceful restart Thirdly, the documentation for --port says that the setting is temporary - it should therefore not save its result to the configuration (This however, does mean that authorized_keys and internal links may not be correct. - I think we need to discuss this option further.) Fix #13277 Signed-off-by: Andrew Thornton <art27@cantab.net> * Update cmd/web.go * Apply suggestions from code review Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Fix command-line doc examples (#13337)Shikaku2020-10-281-2/+2
|
* Add deprecation notice for webhook payload's secret field (#13330)JustAnotherArchivist2020-10-271-0/+2
|
* Remove duplicated repository.upload on cheat-sheet docs (#13290)Lunny Xiao2020-10-241-9/+0
| | | Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Refactor docs (#13275)John Olheiser2020-10-2317-226/+132
| | | | | | | | | | | | | * First pass Signed-off-by: jolheiser <john.olheiser@gmail.com> * More changes Signed-off-by: jolheiser <john.olheiser@gmail.com> * Redirects Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Clarify app.example.ini documentation (#13256)Mattias Persson2020-10-221-7/+49
| | | | | | | | | | | | | * Clarify app.example.ini documentation Hard to understand if cron i needed to activate all other cron. * Added missing "Extended cron tasks" to config-cheat-sheet.en-us.md cron default is false - setting it true activates all cron. Changed the documentation accordingly * Fixed spelling Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* add sdk links to docs (#13266)M4RKUS-111112020-10-221-2/+7
| | | | | | | | | | * add sdk links to docs * Update docs/content/doc/advanced/api-usage.en-us.md Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: Markus <git+markus@obermui.de> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Inform user of how disable SSH feature when installing using Docker (#13180)Amoo Hesam2020-10-221-1/+1
|
* Use CSS Variables for fonts, remove postcss-loader (#13204)silverwind2020-10-191-0/+12
| | | | | | | | | | | | | * Use CSS Variables for fonts, remove postcss-loader - Use CSS variables for fonts, making the fonts easier to customize - Remove postcss-loader, it's not doing anything useful and is actually applying strange transforms on our CSS. Fixes: https://github.com/go-gitea/gitea/issues/11045 * introduce helper variable, mark documented vars * work around case issue by always quoting specific fonts
* Align `SSH_AUTHORIZED_KEYS_BACKUP` var with the value in `app.ini` (#13212)Patrick Schratz2020-10-192-2/+2
| | | | | | | | | * Align `SSH_AUTHORIZED_KEYS_BACKUP` var with the value in `app.ini` * Also fix the cheat sheet and move it to below - SSH_CREATE_AUTHORIZED_KEYS_FILE Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net>
* Improve users management through the CLI (#6001) (#10492)ydelafollye2020-10-151-19/+31
| | | | | | | | | | * Fix images in wiki edit preview (#11546) Make sure wiki editor sets wiki to true so gitea renders it as a wiki page. Also change the context data attr for edit form. This looks wrong but everywhere else in our code assumes the urlPrefix to be just the repo url when rendering and manually adds /wiki to the rendered url regardless. Fixes #11540
* Update external-renderers.en-us.md (#13165)Johan Van de Wauw2020-10-151-1/+1
| | | | | | Alpine 3.12 (the version used by current master) no longer provides the python-dev package: https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.12.0#python2_no_longer_provides_python_and_python-devel As the next steps explicitely use python3 it is not needed anyway.
* Enhance config cheat sheet on passwd quoting (#13158)Robin2020-10-151-1/+1
| | | See #13126
* Avatars and Repo avatars support storing in minio (#12516)Lunny Xiao2020-10-142-4/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Avatar support minio * Support repo avatar minio storage * Add missing migration * Fix bug * Fix test * Add test for minio store type on avatars and repo avatars; Add documents * Fix bug * Fix bug * Add back missed avatar link method * refactor codes * Simplify the codes * Code improvements * Fix lint * Fix test mysql * Fix test mysql * Fix test mysql * Fix settings * Fix test * fix test * Fix bug
* Gitea 2 Gitea migration (#12657)65432020-10-141-6/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * first draft * update gitea sdk to 9e280adb4da * adapt feat of updated sdk * releases now works * break the Reactions loop * use convertGiteaLabel * fix endless loop because paggination is not supported there !!! * rename gitea local uploader files * pagination can bite you in the ass * Version Checks * lint * docs * rename gitea sdk import to miss future conficts * go-swagger: dont scan the sdk structs * make sure gitea can shutdown gracefully * make GetPullRequests and GetIssues similar * rm useles * Add Test: started ... * ... add tests ... * Add tests and Fixing things * Workaround missing SHA * Adapt: Ensure that all migration requests are cancellable (714ab71ddc4260937b1480519d453d2dc4e77dd6) * LINT: fix misspells in test set * adapt ListMergeRequestAwardEmoji * update sdk * Return error when creating giteadownloader failed * update sdk * adapt new sdk * adopt new features * check version before err * adapt: 'migrate service type switch page' * optimize * Fix DefaultBranch * impruve * handle subPath * fix test * Fix ReviewCommentPosition * test GetReviews * add DefaultBranch int test set * rm unused * Update SDK to v0.13.0 * addopt sdk changes * found better link * format template * Update Docs * Update Gitea SDK (v0.13.1)
* Add ssh certificate support (#12281)Wim2020-10-101-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add ssh certificate support * Add ssh certificate support to builtin ssh * Write trusted-user-ca-keys.pem based on configuration * Update app.example.ini * Update templates/user/settings/keys_principal.tmpl Co-authored-by: silverwind <me@silverwind.io> * Remove unused locale string * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * Add missing creation of SSH.Rootpath * Update cheatsheet, example and locale strings * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go * Optimizations based on feedback * Validate CA keys for external sshd * Add filename option and change default filename Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty. Add some more documentation. * Remove unneeded principalkey functions * Add blank line * Apply suggestions from code review Co-authored-by: zeripath <art27@cantab.net> * Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default email,username this means that users only can add the principals that match their email or username. To allow anything the admin need to set the option anything. This allows for a safe default in gitea which protects against malicious users using other user's prinicipals. (before that user could set it). This commit also has some small other fixes from the last code review. * Rewrite principal keys file on user deletion * Use correct rewrite method * Set correct AuthorizedPrincipalsBackup default setting * Rewrite principalsfile when adding principals * Add update authorized_principals option to admin dashboard * Handle non-primary emails Signed-off-by: Andrew Thornton <art27@cantab.net> * Add the command actually to the dashboard template * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * By default do not show principal options unless there are CA keys set or they are explicitly set Signed-off-by: Andrew Thornton <art27@cantab.net> * allow settings when enabled * Fix typos in TrustedUserCAKeys path * Allow every CASignatureAlgorithms algorithm As this depends on the content of TrustedUserCAKeys we should allow all signature algorithms as admins can choose the specific algorithm on their signing CA * Update models/ssh_key.go Co-authored-by: Lauris BH <lauris@nix.lv> * Fix linting issue Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Change default log configuration (#13088)zeripath2020-10-101-2/+41
| | | | | | | | | | | | | | | * Change default log configuration This PR changes the install page and the docker default logging configuration to match the suggested configuration that I repeatedly end up suggesting on issues. It further improves the logging configuration docs to recommend specific instructions for how to configure logs for posting to issues. Signed-off-by: Andrew Thornton <art27@cantab.net> * Update docs/content/doc/advanced/logging-documentation.en-us.md
* Disable DSA ssh keys by default (#13056)zeripath2020-10-091-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Disable DSA ssh keys by default OpenSSH has disabled DSA keys since version 7.0 As the docker runs openssh > v7.0 we should just disable DSA keys by default. Refers to #11417 Signed-off-by: Andrew Thornton <art27@cantab.net> * Just disable DSA keys by default Signed-off-by: Andrew Thornton <art27@cantab.net> * Appears we need to set the minimum key sizes too Signed-off-by: Andrew Thornton <art27@cantab.net> * Appears we need to set the minimum key sizes too Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove DSA type * Fix Tests Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
* Improve Docker container name (#13077)Melroy van den Berg2020-10-081-5/+13
| | | | | | | | | | | * Improve Docker container name Use a better Docker container name than the default 'server' * Changing to gitea and use recommended v3 Docker-compose Use `gitea` as container name. And use version 3 of the docker-compose, which should now be used: https://docs.docker.com/compose/compose-file/compose-versioning/ Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Mitigate Security vulnerability in the git hook feature (#13058)Niklas Goerke2020-10-071-2/+7
| | | | | | | | | | | | | * Extend git hook warning in the UI. Git hooks are a dangerous feature, administrators should be warned before giving the git hook privilege to users. * Disable Git hooks by default and add warning. Git hooks are a dangerous features (see warning text) that should only be enabled if the administrator was informed about the risk involved. Co-authored-by: Niklas Goerke <goerke@fzi.de>
* Update third-party-tools.en-us.md (#13046)Rongjian Zhang2020-10-061-0/+1
|
* [Docs] Update GitNex Link (#13050)65432020-10-061-3/+3
|
* Attachments: Add extension support, allow all types for releases (#12465)silverwind2020-10-051-4/+15
| | | | | | | | | | | | | | | | | | | | | * Attachments: Add extension support, allow all types for releases - Add support for file extensions, matching the `accept` attribute of `<input type="file">` - Add support for type wildcard mime types, e.g. `image/*` - Create repository.release.ALLOWED_TYPES setting (default unrestricted) - Change default for attachment.ALLOWED_TYPES to a list of extensions - Split out POST /attachments into two endpoints for issue/pr and releases to prevent circumvention of allowed types check Fixes: https://github.com/go-gitea/gitea/pull/10172 Fixes: https://github.com/go-gitea/gitea/issues/7266 Fixes: https://github.com/go-gitea/gitea/pull/12460 Ref: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers * rename function * extract GET routes out of RepoMustNotBeArchived Co-authored-by: Lauris BH <lauris@nix.lv>
* updated docs with caveat for authorized_keys (#13030)Divyam Bhasin2020-10-041-1/+20
| | | | | | | * updated docs with caveat for authorized_keys * wrapped authorized_keys in ticks Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* hCaptcha Support (#12594)John Olheiser2020-10-021-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Initial work on hCaptcha Signed-off-by: jolheiser <john.olheiser@gmail.com> * Use module Signed-off-by: jolheiser <john.olheiser@gmail.com> * Format Signed-off-by: jolheiser <john.olheiser@gmail.com> * At least return and debug log a captcha error Signed-off-by: jolheiser <john.olheiser@gmail.com> * Pass context to hCaptcha Signed-off-by: jolheiser <john.olheiser@gmail.com> * Add context to recaptcha Signed-off-by: jolheiser <john.olheiser@gmail.com> * fix lint Signed-off-by: Andrew Thornton <art27@cantab.net> * Finish hcaptcha Signed-off-by: jolheiser <john.olheiser@gmail.com> * Update example config Signed-off-by: jolheiser <john.olheiser@gmail.com> * Apply error fix for recaptcha Signed-off-by: jolheiser <john.olheiser@gmail.com> * Change recaptcha ChallengeTS to string Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: Andrew Thornton <art27@cantab.net>
* Update comparison for GitLab CE (#13019)Claudius Ellsel2020-10-021-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | * Update comparison for GitLab CE Fixes #13018. * Update docs/content/doc/features/comparison.en-us.md Co-authored-by: mrsdizzie <info@mrsdizzie.com> * Update comparison.en-us.md According to the linked issue it is there and just the documentation is lacking. * Update docs/content/doc/features/comparison.en-us.md Co-authored-by: techknowlogick <matti@mdranta.net> * Update docs/content/doc/features/comparison.en-us.md Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: mrsdizzie <info@mrsdizzie.com> Co-authored-by: techknowlogick <matti@mdranta.net>
* latest version is 1.12.5 (#13005)techknowlogick2020-10-011-1/+1
|
* Copy missing things from app.example.ini to Cheat Sheet (#12988)zeripath2020-10-011-2/+89
| | | Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix hugo shortcode typo in faq (#12987)raoulb2020-09-302-1/+1
| | | | | * Fix hugo shortcode typo in faq * Switch to using language tags
* Clarification on the use of certificate chains (#12986)PE1NUT2020-09-302-2/+2
| | | | | | | | | | | * Clarification on the use of certificate chains * As per @bagasme Co-authored-by: Bagas Sanjaya <bagasdotme@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Bagas Sanjaya <bagasdotme@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Fix typo on Chinese documents (#12982)Lunny Xiao2020-09-301-1/+1
|
* Add default storage configurations (#12813)Lunny Xiao2020-09-292-38/+117
| | | | Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net>
* Docs: Add missing SESSION_LIFE_TIME to Config Cheat Sheet (#12968)65432020-09-281-0/+1
| | | Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Allow common redis and leveldb connections (#12385)zeripath2020-09-281-9/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Allow common redis and leveldb connections Prevents multiple reopening of redis and leveldb connections to the same place by sharing connections. Further allows for more configurable redis connection type using the redisURI and a leveldbURI scheme. Signed-off-by: Andrew Thornton <art27@cantab.net> * add unit-test Signed-off-by: Andrew Thornton <art27@cantab.net> * as per @lunny Signed-off-by: Andrew Thornton <art27@cantab.net> * add test Signed-off-by: Andrew Thornton <art27@cantab.net> * Update modules/cache/cache_redis.go * Update modules/queue/queue_disk.go * Update modules/cache/cache_redis.go * Update modules/cache/cache_redis.go * Update modules/queue/unique_queue_disk.go * Update modules/queue/queue_disk.go * Update modules/queue/unique_queue_disk.go * Update modules/session/redis.go Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
* Add config option to make create-on-push repositories public by default (#12936)Tait Hoyem2020-09-272-0/+2
| | | | | | | | | | | | | | | | | | | | | * Add config option to make create-on-push repositories public by default * Fix linting * Add option to 'config cheat sheet' page * Chinese translation Signed-off-by: a1012112796 <1012112796@qq.com> * Fix typo in docs * fix typo * Add option to example config Co-authored-by: Tait Hoyem <code@tait.tech> Co-authored-by: a1012112796 <1012112796@qq.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Add a step for binding IP address for listening on remote database (#12898)Bagas Sanjaya2020-09-261-12/+23
| | | | | | | | * Add listen address configuration step * Fix numbering order Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com> Co-authored-by: Lauris BH <lauris@nix.lv>
* Proposals for cheat-sheet docs (#12946)Melroy van den Berg2020-09-261-2/+9
| | | | | | | * Propose additional settings in cheat sheet Add most used settings of app.ini to cheat sheet docs. * Fix small typo
* Add configurable Trust Models (#11712)zeripath2020-09-201-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add configurable Trust Models Gitea's default signature verification model differs from GitHub. GitHub uses signatures to verify that the committer is who they say they are - meaning that when GitHub makes a signed commit it must be the committer. The GitHub model prevents re-publishing of commits after revocation of a key and prevents re-signing of other people's commits to create a completely trusted repository signed by one key or a set of trusted keys. The default behaviour of Gitea in contrast is to always display the avatar and information related to a signature. This allows signatures to be decoupled from the committer. That being said, allowing arbitary users to present other peoples commits as theirs is not necessarily desired therefore we have a trust model whereby signatures from collaborators are marked trusted, signatures matching the commit line are marked untrusted and signatures that match a user in the db but not the committer line are marked unmatched. The problem with this model is that this conflicts with Github therefore we need to provide an option to allow users to choose the Github model should they wish to. Signed-off-by: Andrew Thornton <art27@cantab.net> * Adjust locale strings Signed-off-by: Andrew Thornton <art27@cantab.net> * as per @6543 Co-authored-by: 6543 <6543@obermui.de> * Update models/gpg_key.go * Add migration for repository Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix external renderers example (#12841)Johan Van de Wauw2020-09-141-2/+2
| | | | | | | | | | | | * libffi-dev is required for building jupyter * matplotlib can not be installed using wheels on the used version of alpine linux, which means it must be compiled and a large number of other packages have to be installed as well. This is very inefficient: see eg. https://pythonspeed.com/articles/alpine-docker-python/ Apart from that, matplotlib is actually not required for rendering notebook files in gitea and it will pull in other dependencies which take some time to build (ie numpy).