Git LFS Support
Soft Serve now supports Git LFS over both HTTP and SSH. You can upload/download LFS files on your Soft Serve instance. The SSH protocol is enabled by default. To use HTTP instead, you can disable the SSH protocol in the config under lfs.ssh_enabled.
Collaborator Access Levels
You can now specify the access level for collaborators. Before, all repository collaborators would have read-write access. Now you can have more fine control over repository collaborator access. If you don't specify an access level when adding a collaborator to a repository, read-write access level will be used.
HTTP Authentication
Prior to this release, Soft Serve Git HTTP server would only serve public repositories and wouldn't allow push access. Now, you can use user access tokens to push repositories over HTTP. You can generate a personal token using the token SSH command.
Postgres Support
We have added Postgres database support for those who need a more powerful database engine. SQLite is still the default database engine for Soft Serve. Head to Database Configuration for more information on how to set up Postgres for your Soft Serve instance.
Changelog
New Features
- 61ad744: feat(ssh): use custom logging middleware (@aymanbagabas)
- f69f064: feat(web): implement git auth and lfs (@aymanbagabas)
- 882e701: feat: add collaborators with access level (@aymanbagabas)
- af81aec: feat: add lfs config and tests (@aymanbagabas)
- 8e68dba: feat: implement git-lfs preliminary support (@aymanbagabas)
- c7829a3: feat: print clone url on repo create (@aymanbagabas)
- e0882cc: feat: store repo meta data in repo directory (#338) (@aymanbagabas)
- e4a47c5: feat: support git push options (#341) (@aymanbagabas)
- a9e5ace: feat: support user access tokens (@aymanbagabas)
- f1a1da5: feat: use gorilla/mux (@aymanbagabas)
Bug fixes
- c4dde1c: feat,fix: add task manager (@aymanbagabas)
- 7cd0583: fix(ci): golangci linter (@aymanbagabas)
- db3bc9b: fix(cmd): user info reporting false admin status (@aymanbagabas)
- bd8c60c: fix(lfs): don't timeout when searching lfs objects (@aymanbagabas)
- babc52f: fix(lfs): fetch missing lfs objects when mirroring (@aymanbagabas)
- 8d41446: fix(ssh): increase the default idle-timeout to 10 minutes (@aymanbagabas)
- fe70399: fix(tests): make git-daemon use random port (@aymanbagabas)
- e5f8b20: fix(tests): testscript race condition (@aymanbagabas)
- ea6b9a4: fix: add repo owner and separate lfs data for each repository (@aymanbagabas)
- 942d494: fix: add ssh commands back (#370) (@aymanbagabas)
- fd167be: fix: backend update hook arguments (@aymanbagabas)
- e10942e: fix: config paths on windows (@aymanbagabas)
- 8594ecf: fix: demo gif (#373) (@maaslalani)
- 02fd650: fix: disable codecov on push (@aymanbagabas)
- 1c781fe: fix: ignore case README filenames (@bashbunni)
- 050a0d1: fix: initial default branch name (#340) (@aymanbagabas)
- 969cf76: fix: metric cardinality et al (#315) (@caarlos0)
- b0eebaa: fix: panic on ssh lfs transfer (@aymanbagabas)
- 09dedc4: fix: remove extra metrics label (@aymanbagabas)
- da5bf4e: fix: remove repo when stat mismatch (@aymanbagabas)
- d0afaa0: fix: respect gitattributes (#342) (@aymanbagabas)
- 7c73084: fix: tests (@aymanbagabas)
- b26060b: refactor,fix(ssh): use cobra for git commands (@aymanbagabas)
Dependency updates
- ddb3bd6: feat(deps): bump github.com/charmbracelet/bubbles from 0.15.0 to 0.16.1 (@dependabot[bot])
- 940bde7: feat(deps): bump github.com/charmbracelet/bubbletea (@dependabot[bot])
- bf6b47f: feat(deps): bump github.com/charmbracelet/bubbletea (@dependabot[bot])
- 191b832: feat(deps): bump github.com/charmbracelet/keygen from 0.4.2 to 0.4.3 (@dependabot[bot])
- 62b9fda: feat(deps): bump github.com/charmbracelet/lipgloss from 0.7.1 to 0.8.0 (#372) (@dependabot[bot])
- 75cf8a5: feat(deps): bump github.com/charmbracelet/log (@dependabot[bot])
- 277bbc1: feat(deps): bump github.com/charmbracelet/log from 0.2.1 to 0.2.2 (@dependabot[bot])
- 104aa73: feat(deps): bump github.com/charmbracelet/log from 0.2.3 to 0.2.4 (#371) (@dependabot[bot])
- 1491acb: feat(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (@dependabot[bot])
- e610867: feat(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.1 (@dependabot[bot])
- a12b45b: feat(deps): bump github.com/gogs/git-module from 1.8.2 to 1.8.3 (#365) (@dependabot[bot])
- c2a9b29: feat(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.2 to 2.0.3 (@dependabot[bot])
- fa6deb4: feat(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.3 to 2.0.4 (@dependabot[bot])
- bb94850: feat(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.4 to 2.0.5 (@dependabot[bot])
- d1593cc: feat(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.5 to 2.0.6 (#374) (@dependabot[bot])
- f0eb762: feat(deps): bump github.com/lib/pq from 1.2.0 to 1.10.9 (#339) (@dependabot[bot])
- f147ff5: feat(deps): bump github.com/muesli/termenv from 0.15.1 to 0.15.2 (@dependabot[bot])
- 7b3f2c2: feat(deps): bump github.com/prometheus/client_golang (#325) (@dependabot[bot])
- d7fcf9d: feat(deps): bump github.com/rogpeppe/go-internal (@dependabot[bot])
- 0e9abaf: feat(deps): bump go.uber.org/automaxprocs from 1.5.2 to 1.5.3 (#343) (@dependabot[bot])
- 75172cf: feat(deps): bump golang.org/x/crypto from 0.10.0 to 0.11.0 (#335) (@dependabot[bot])
- 05ecf8d: feat(deps): bump golang.org/x/crypto from 0.11.0 to 0.12.0 (@dependabot[bot])
- 691f681: feat(deps): bump golang.org/x/crypto from 0.9.0 to 0.10.0 (#323) (@dependabot[bot])
- a72790a: feat(deps): bump golang.org/x/sync from 0.2.0 to 0.3.0 (@dependabot[bot])
- 6ce418b: feat(deps): bump modernc.org/sqlite from 1.22.1 to 1.23.0 (@dependabot[bot])
- 65de5ba: feat(deps): bump modernc.org/sqlite from 1.23.0 to 1.23.1 (@dependabot[bot])
- ad4231b: feat(deps): bump modernc.org/sqlite from 1.23.1 to 1.24.0 (#336) (@dependabot[bot])
- f52dcd2: feat(deps): bump modernc.org/sqlite from 1.24.0 to 1.25.0 (@dependabot[bot])
Documentation updates
- abcb242: Revert "docs: update soft-serve demo GIF / screencast" (@maaslalani)
- 0353cf2: docs: add sqlite foreign key note (@aymanbagabas)
- 49ec3aa: docs: update readme (#360) (@aymanbagabas)
- 0509a50: docs: update soft-serve demo GIF / screencast (@maaslalani)
Other work
- b60a7f2: Add commit command (#331) (@luandy64)
- e78725f: Smart HTTP Git transport & partial clones (#291) (#332) (@aymanbagabas)
- b3d5ce8: refactor: combine migrations into one (@aymanbagabas)
- e398b4d: refactor: implement database module and abstract backend (#337) (@aymanbagabas)
- 3a61783: refactor: move jobs into its own module (@aymanbagabas)
Verifying the artifacts
First, download the checksums.txt file, for example, with wget:
wget 'https://github.com/charmbracelet/soft-serve/releases/download/0.6.0/checksums.txt'Then, verify it using cosign:
cosign verify-blob \
--certificate-identity 'https://github.com/charmbracelet/meta/.github/workflows/goreleaser.yml@refs/heads/main' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--cert 'https://github.com/charmbracelet/soft-serve/releases/download/0.6.0/checksums.txt.pem' \
--signature 'https://github.com/charmbracelet/soft-serve/releases/download/0.6.0/checksums.txt.sig' \
./checksums.txtIf the output is Verified OK, you can safely use it to verify the checksums of other artifacts you downloaded from the release using sha256sum:
sha256sum --ignore-missing -c checksums.txtDone! You artifacts are now verified!
Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or on Discord.