Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Gitea

The Gitea provider tracks the tags and releases of a repository on a Gitea or Forgejo forge. One provider serves every instance of the API. The flavor key selects which public forge to target: codeberg (the default, on codeberg.org), forgejo (on code.forgejo.org), or gitea (on gitea.com).

# clover: provider=gitea repository=forgejo/forgejo constraint=minor
FROM codeberg.org/forgejo/forgejo:15.0.3

Keys

KeyDescription
providergitea
repositoryThe repository as owner/name
flavorWhich forge to target: codeberg (default), forgejo, or gitea
sourceWhat to list: tags (default) or releases
assetKeep only releases publishing a matching asset (needs source=releases)
constraintHow far the version may move (major/minor/patch, or a semver range)
includeKeep only matching tags
excludeDrop matching tags
prereleaseAllow or exclude prerelease versions
cooldownRequire a minimum age before a version is eligible
verify[-branch]Deep-verify a secure pin against upstream

A repository is a flat owner/name, since Gitea and Forgejo organize repositories under a single owner with no nested subgroups. Each flavor names one fixed host, so flavor=gitea tracks gitea.com/owner/name and flavor=forgejo tracks code.forgejo.org/owner/name.

Tags and releases

Gitea orders tags by creation date and offers no version sort, so the newest tag, not necessarily the highest version, heads the listing. A shallow lookup reads the first page, and when more tags remain, Clover suggests --deep to read them all. A tag records the commit SHA it points at, but a release does not (Gitea’s release target may be empty or a branch name, not a SHA), so a value=commit follower works with source=tags.

A release carries its publication date, used by cooldown, and an upstream prerelease flag, which prerelease filtering honors even when the tag itself looks stable. A tag carries no date of its own on Gitea, only its target commit’s, so Clover cannot age a tag without guessing. Rather than update past a cooldown it cannot check, a cooldown on source=tags skips the marker with a warning and holds the line; use source=releases to have it apply. A draft release is unpublished and never a candidate.

Selecting by asset

asset keeps only releases whose attachments contain a name matching its glob (or /regex/), then selects the newest of those. It requires source=releases, since only releases publish assets. Gitea does not publish a checksum alongside a release asset, so a value=sha256 follower must source one from a checksum file rather than asset metadata.

Authentication

Anonymous requests work but are rate-limited, and private repositories need a token. Authenticate once with a browser login:

clover login gitea                   # Codeberg (the default flavor)
clover login gitea --host gitea.com  # another flavor's host

This opens the host’s authorization page, captures the result on a local loopback port, and stores a read-only token in your system keychain under that host (refreshed automatically as it expires). It uses Gitea’s built-in tea OAuth application, so no app registration is needed on a stock instance. Pass --client-id if the instance disabled its built-in applications. Because it drives a local browser and loopback, run it on your own machine, and over SSH use a token instead.

Alternatively, set CLOVER_GITEA_TOKEN (or the ecosystem-standard GITEA_TOKEN) to a personal access token with read access. The environment variable takes precedence, suiting CI and headless runs. For safety it is sent only to Codeberg, the default flavor’s host, so a marker that names a different flavor never receives the token. To authenticate against another flavor, log in with clover login gitea --host instead.