50 lines
2.3 KiB
Markdown
50 lines
2.3 KiB
Markdown
# Forgejo/Gitea Moderation Script
|
|
|
|
Currently Forgejo/Gitea does not offer the ability for users or organizations protect their repositories from unwanted interactions from other users (while leaving repos open for other contributions) other then manually deleting issues/PRs and comments.
|
|
|
|
This script allows you to automate what you can do by defining a list of organizations and repositories to protect, and a list of users to block. It will then delete any issues/PRs created or comments made by a block user on a protected repository.
|
|
|
|
[Forgejo Issue](https://codeberg.org/forgejo/forgejo/issues/476) | [Forgejo PR](https://codeberg.org/forgejo/forgejo/pulls/540)
|
|
|
|
|
|
## Quick start
|
|
|
|
**This is a Proof of Concept. Some testing has been done, but it may not be fit for a production environment.**
|
|
|
|
1. [Generate an Access Token](https://docs.codeberg.org/advanced/access-token/) for a user account that has admin access to the repositories that will be watched.
|
|
|
|
2. Clone or download/extract repository and cd into the directory.
|
|
|
|
3. Copy `config.yml.example` to `config.yml`
|
|
|
|
**_All variables in the `config.yml` file can be overwritten with environmental variables. (Examples are given in the `config.yml.example` file)_**
|
|
|
|
4. Edit `config.yml` and make sure to set at least `base_url`, `api_token`, and add at least one entry to `orgs` or `repos`, and at least one user to `block_users`
|
|
|
|
**_If `base_url` or `api_token` are left unset the script will exit with an error._**
|
|
**_If there are no repos to watch or users to block the script will exit without an error._**
|
|
|
|
5. Set `history` to a time interval greater then your anticipated cron schedule.
|
|
|
|
6. Run `pip3 install -r requirements.txt`
|
|
|
|
7. Run `python3 moderate.py`
|
|
|
|
|
|
## Limitation
|
|
|
|
This script is limited by what is possible with the API.
|
|
|
|
- Can not stop a blocked user from following.
|
|
- Can not stop a blocked user from watching a repository.
|
|
- Can not remove a star given by a blocked user.
|
|
- Can not remove a reaction to issue/PR or comment from blocked user.
|
|
|
|
|
|
## Possible Improvements
|
|
|
|
The script is mostly designed to be run by a cron job. Changes could be made to have it watch for notifications. This might reduce API calls, and allow it to be run as more of a service.
|
|
|
|
- Reject repository transfers from blocked users
|
|
- Remove API token owner as collaborator of blocked users repository.
|