Gitea, a lightweight and open-source Git hosting platform designed for simplicity and ease of self-hosting, has released version 1.27.
A key change in this release is improved handling of reusable Actions workflows. Workflows referenced with uses: are now parsed directly by Gitea, with each called workflow expanded into separate jobs. These jobs have individual entries in the run sidebar, separate logs, and dedicated nodes in the dependency graph, making it easier to identify failures within reusable workflows.
Nested reusable workflows are supported as well, including the propagation of inputs, outputs, and matrix jobs. However, external reusable workflows referenced through URLs pointing to another Gitea instance are no longer supported. Administrators relying on this configuration will need to move the corresponding repositories to the local instance.
Gitea Actions now supports job summaries via the GITHUB_STEP_SUMMARY environment variable. Workflow steps can write Markdown content to this file, which Gitea displays directly on the run summary page rather than storing it as a downloadable artifact.
Moreover, Support for jobs.<job_id>.continue-on-error has been corrected. Previously, Gitea parsed this setting but still marked the entire workflow as failed when the permitted job failed. Version 1.27 now handles these failures correctly when determining the final workflow status.
Canceled workflows receive more predictable handling too. Gitea can now execute post-run cleanup steps and conditions using always() or cancelled() before marking the job as canceled. Job summaries, the transitional canceling state, and correct continue-on-error processing require the newly released Gitea Runner 2.0. Older runners remain compatible but will not provide these capabilities.
On top of that, organizations, users, and administrators can now define shared Actions workflows outside individual repositories. Owner-level workflows can be shared across all repositories for a user or organization, while global workflows are available throughout the entire Gitea instance. Administrators can also enable, disable, or remove multiple runners at once through the web interface.
Beyond Actions, Gitea 1.27 introduces native rendering for Jupyter Notebook files. Files using the .ipynb format are now presented as formatted notebooks, including their generated output, rather than being displayed as raw JSON.
Issues and pull requests can now be assigned to multiple projects simultaneously, with project columns assignable directly from the issue sidebar. Plus, file history now includes an option to follow files across renames, ensuring the commit history continues beyond file name changes.
Additional repository and collaboration improvements include compact avatar stacks, expanded syntax highlighting for fenced Markdown code blocks, searchable organization member lists, and discoverable organization teams. Administrators can now set separate repository creation limits for personal accounts and organizations.
On the API side, Gitea now publishes an OpenAPI 3.0 specification at /openapi.v1.json, simplifying client generation and integration with external development tools. The release also introduces endpoints for inspecting the current access token, allowing a token to delete itself, managing issue and pull request assignees, and listing workflow runs associated with a particular workflow.
Regarding security, this release includes 45 documented CVEs that have been addressed. Fixes include privilege escalation, server-side request forgery, authorization and token-scope bypasses, private repository and organization information disclosure, branch-protection bypasses, local file inclusion, session reuse, and several denial-of-service issues.
For more information, see the announcement. As always, users should back up their data before upgrading by replacing the binary or Docker container and restarting the service.
