Weblate currently supports Git (with extended support forGitHub pull requests, GitLab merge requests, Gitea pull requests, Gerrit,Subversion, Bitbucket Server pull requests, and Azure DevOps pull requests) andMercurial as version control back-ends.
Accessing repositories¶
The VCS repository you want to use has to be accessible to Weblate. With apublicly available repository you just need to enter the correct URL (forexample https://github.com/WeblateOrg/weblate.git), but for privaterepositories or for push URLs the setup is more complex and requiresauthentication.
Accessing repositories from Hosted Weblate¶
For Hosted Weblate, there is a dedicated push user registered on GitHub,Bitbucket, Codeberg, and GitLab (with the username weblate, e-mailhosted@weblate.org, and a name or profile description Weblate push user).
Hint
There can be more Weblate users on the platforms, designated for other Weblate instances.Searching by e-mail hosted@weblate.org is recommended to find the correctuser for Hosted Weblate.
You need to add this user as a collaborator and give it appropriate permissions to yourrepository (read-only is okay for cloning, write is required for pushing).Depending on the service and your organization’s settings, this happens immediately,or requires confirmation on the Weblate side.
The weblate user on GitHub accepts invitations automatically within five minutes.Manual processing might be needed on the other services, so please be patient.
Once the weblate user is added to your repository, you can configureSource code repository and Repository push URL using the SSH protocol (for examplegit@github.com:WeblateOrg/weblate.git).
Accessing repositories on code hosting sites (GitHub, GitLab, Bitbucket, Azure DevOps, …)¶
Accessing repositories on code hosting sites is typically done by creating adedicated user who is associated with a Weblate SSH key (seeWeblate SSH key). This way you associate Weblate SSH key with a singleuser (this of frequently enforced by the platform) and grant this user accessto the repository. You can then use SSH URL to access the repository (seeSSH repositories).
Hint
On a Hosted Weblate, this is pre-cofigured for most of the public sites,please see Accessing repositories from Hosted Weblate.
SSH repositories¶
The most frequently used method to access private repositories is based on SSH.Authorize the public Weblate SSH key (see Weblate SSH key) to access the upstreamrepository this way.
Warning
On GitHub, each key can only be used once, see GitHub repositories andAccessing repositories from Hosted Weblate.
Weblate also stores the host key fingerprint upon first connection, and fails toconnect to the host should it be changed later (see Verifying SSH host keys).
In case adjustment is needed, do so from the Weblate admin interface:
Weblate SSH key¶
Changed in version 4.17: Weblate now generates both RSA and Ed25519 SSH keys. Using Ed25519 is recommended for new setups.
The Weblate public key is visible to all users browsing the About page.
Admins can generate or display the public key currently used by Weblate in the connection(from SSH keys) on the admin interface landing page.
Note
The corresponding private SSH key can not currently have a password, so ensure it iswell protected.
Hint
Make a backup of the generated private Weblate SSH key.
Verifying SSH host keys¶
Weblate automatically stores the SSH host keys on first access and remembersthem for further use.
In case you want to verify the key fingerprint before connecting to therepository, add the SSH host keys of the servers you are going to access inAdd host key, from the same section of the admin interface. Enterthe hostname you are going to access (e.g. gitlab.com), and pressSubmit. Verify its fingerprint matches the server you added.
The added keys with fingerprints are shown in the confirmation message:
Connecting to legacy SSH servers¶
Recent OpenSSH releases (for example the one used in Weblate Docker container)disable RSA signatures using the SHA-1 hash algorithm by default. This changehas been made as the SHA-1 hash algorithm is cryptographically broken, and itis possible to create chosen-prefix hash collisions for <USD$50K.
For most users, this change should be invisible and there is no need to replacessh-rsa keys. OpenSSH has supported RFC8332 RSA/SHA-256/512 signatures sincerelease 7.2 and existing ssh-rsa keys will automatically use the strongeralgorithm where possible.
Incompatibility is more likely when connecting to older SSH implementationsthat have not been upgraded or have not closely tracked improvements in the SSHprotocol. The SSH connection to such server will fail with:
no matching host key type found. Their offer: ssh-rsa
For these cases, it may be necessary to selectively re-enable RSA/SHA1 to allowconnection and/or user authentication via the HostkeyAlgorithms andPubkeyAcceptedAlgorithms options. For example, the following stanza inDATA_DIR/ssh/config will enable RSA/SHA1 for host and userauthentication for a single destination host:
Host legacy-host HostkeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa
We recommend enabling RSA/SHA1 only as a stopgap measure until legacyimplementations can be upgraded or reconfigured with another key type (such asECDSA or Ed25519).
GitHub repositories¶
Access via SSH is possible (see SSH repositories), but in case you need toaccess more than one repository, you will hit a GitHub limitation on allowedSSH key usage (since each key can be used only once).
In case the Push branch is not set, the project is forked andchanges pushed through a fork. In case it is set, changes are pushed to theupstream repository and chosen branch.
For smaller deployments, use HTTPS authentication with a personal accesstoken and your GitHub account, see Creating an access token for command-line use.
For bigger setups, it is usually better to create a dedicated user for Weblate,assign it the public SSH key generated in Weblate (see Weblate SSH key)and grant it access to all the repositories you want to translate. Thisapproach is also used for Hosted Weblate, there is dedicatedweblate user for that.
See also
Accessing repositories from Hosted Weblate
Weblate internal URLs¶
Share one repository setup between different components by referring toits placement as weblate://project/component in other(linked) components. This way linked componentsuse the VCS repository configuration of the main(referenced) component.
Warning
Removing main component also removes linked components.
Weblate automatically adjusts the repository URL when creating a component if itfinds a component with a matching repository setup. You can override this inthe last step of the component configuration.
Reasons to use this:
Saves disk space on the server, the repository is stored just once.
Makes the updates faster, only one repository is updated.
There is just single exported repository with Weblate translations (see Git exporter).
Some add-ons can operate on multiple components sharing one repository, for example Squash Git commits.
HTTPS repositories¶
To access protected HTTPS repositories, include the username and passwordin the URL. Don’t worry, Weblate will strip this info when the URL is shownto users (if even allowed to see the repository URL at all).
For example the GitHub URL with authentication added might look like:https://user:your_access_token@github.com/WeblateOrg/weblate.git.
Note
If your username or password contains special characters, those have to beURL encoded, for examplehttps://user%40example.com:%24password%23@bitbucket.org/….
Using proxy¶
If you need to access HTTP/HTTPS VCS repositories using a proxy server,configure the VCS to use it.
This can be done using the http_proxy, https_proxy, and all_proxyenvironment variables, (as described in the cURL documentation)or by enforcing it in the VCS configuration, for example:
git config --global http.proxy http://user:password@proxy.example.com:80
Note
The proxy configuration needs to be done under user running Weblate (seealso Filesystem permissions) and with HOME=$DATA_DIR/home (seeDATA_DIR), otherwise Git executed by Weblate will not use it.
Git¶
Hint
Weblate needs Git 2.12 or newer.
See also
See Accessing repositories for info on how to access different kinds of repositories.
Git with force push¶
This behaves exactly like Git itself, the only difference being that it alwaysforce pushes. This is intended only in the case of using a separate repositoryfor translations.
Warning
Use with caution, as this easily leads to lost commits in yourupstream repository.
Customizing Git configuration¶
Weblate invokes all VCS commands with HOME=$DATA_DIR/home (seeDATA_DIR), therefore editing the user configuration needs to be donein DATA_DIR/home/.git.
Git remote helpers¶
You can also use Git remote helpers for additionally supporting other versioncontrol systems, but be prepared to debug problems this may lead to.
At this time, helpers for Bazaar and Mercurial are available within separaterepositories on GitHub: git-remote-hg and git-remote-bzr.Download them manually and put somewhere in your search path(for example ~/bin). Make sure you have the corresponding version controlsystems installed.
Once you have these installed, such remotes can be used to specify a repositoryin Weblate.
To clone the gnuhello project from Launchpad using Bazaar:
bzr::lp:gnuhello
For the hello repository from selenic.com using Mercurial:
hg::http://selenic.com/repo/hello
Warning
The inconvenience of using Git remote helpers is for example with Mercurial,the remote helper sometimes creates a new tip when pushing changes back.
GitHub pull requests¶
This adds a thin layer atop Git using the GitHub API to allow pushingtranslation changes as pull requests, instead of pushing directly to the repository.
Git pushes changes directly to a repository, whileGitHub pull requests creates pull requests.The latter is not needed for merely accessing Git repositories.
You need to configure API credentials (GITHUB_CREDENTIALS) in theWeblate settings to make this work. Once configured, you will see aGitHub option when selecting Version control system.
See also
Pushing changes from Weblate,GITHUB_CREDENTIALS
GitLab merge requests¶
This just adds a thin layer atop Git using the GitLab API to allowpushing translation changes as merge requests instead ofpushing directly to the repository.
There is no need to use this to access Git repositories, ordinary Gitworks the same, the only difference is how pushing to a repository ishandled. With Git changes are pushed directly to the repository,while GitLab merge requests creates merge request.
You need to configure API credentials (GITLAB_CREDENTIALS) in theWeblate settings to make this work. Once configured, you will see aGitLab option when selecting Version control system.
See also
Pushing changes from Weblate,GITLAB_CREDENTIALS
Gitea pull requests¶
Added in version 4.12.
This just adds a thin layer atop Git using the Gitea API to allowpushing translation changes as pull requests instead ofpushing directly to the repository.
There is no need to use this to access Git repositories, ordinary Gitworks the same, the only difference is how pushing to a repository ishandled. With Git changes are pushed directly to the repository,while Gitea pull requests creates pull requests.
You need to configure API credentials (GITEA_CREDENTIALS) in theWeblate settings to make this work. Once configured, you will see aGitea option when selecting Version control system.
See also
Pushing changes from Weblate,GITEA_CREDENTIALS
Bitbucket Server pull requests¶
Added in version 4.16.
This just adds a thin layer atop Git using theBitbucket Server API to allow pushing translation changes as pull requestsinstead of pushing directly to the repository.
Warning
This does not support Bitbucket Cloud API.
There is no need to use this to access Git repositories, ordinary Gitworks the same, the only difference is how pushing to a repository ishandled. With Git changes are pushed directly to the repository,while Bitbucket Server pull requests creates pull request.
You need to configure API credentials (BITBUCKETSERVER_CREDENTIALS) in theWeblate settings to make this work. Once configured, you will see aBitbucket Server option when selecting Version control system.
See also
Pushing changes from Weblate,BITBUCKETSERVER_CREDENTIALS
Pagure merge requests¶
Added in version 4.3.2.
This just adds a thin layer atop Git using the Pagure API to allowpushing translation changes as merge requests instead ofpushing directly to the repository.
There is no need to use this to access Git repositories, ordinary Gitworks the same, the only difference is how pushing to a repository ishandled. With Git changes are pushed directly to the repository,while Pagure merge requests creates merge request.
You need to configure API credentials (PAGURE_CREDENTIALS) in theWeblate settings to make this work. Once configured, you will see aPagure option when selecting Version control system.
See also
Pushing changes from Weblate,PAGURE_CREDENTIALS
Gerrit¶
Adds a thin layer atop Git using the git-review tool to allowpushing translation changes as Gerrit review requests, instead ofpushing them directly to the repository.
The Gerrit documentation has the details on the configuration necessary to set upsuch repositories.
Azure DevOps pull requests¶
This adds a thin layer atop Git using the Azure DevOps API to allow pushingtranslation changes as pull requests, instead of pushing directly to the repository.
Git pushes changes directly to a repository, whileAzure DevOps pull requests creates pull requests.The latter is not needed for merely accessing Git repositories.
You need to configure API credentials (AZURE_DEVOPS_CREDENTIALS) in theWeblate settings to make this work. Once configured, you will see aAzure DevOps option when selecting Version control system.
See also
Pushing changes from Weblate,AZURE_DEVOPS_CREDENTIALS
Mercurial¶
Mercurial is another VCS you can use directly in Weblate.
Note
It should work with any Mercurial version, but there are sometimesincompatible changes to the command-line interface which breaks Weblateintegration.
See also
See Accessing repositories for info on how to access different kinds ofrepositories.
Subversion¶
Weblate uses git-svn to interact with subversion repositories. It isa Perl script that lets subversion be used by a Git client, enablingusers to maintain a full clone of the internal repository and commit locally.
Note
Weblate tries to detect Subversion repository layout automatically - itsupports both direct URLs for branch or repositories with standard layout(branches/, tags/ and trunk/). More info about this is to be found in thegit-svn documentation.If your repository does not have a standard layout and you encounter errors,try including the branch name in the repository URL and leaving branch empty.
Subversion credentials¶
Weblate expects you to have accepted the certificate up-front (and yourcredentials if needed). It will look to insert them into the DATA_DIRdirectory. Accept the certificate by using svn once with the $HOMEenvironment variable set to the DATA_DIR:
# Use DATA_DIR as configured in Weblate settings.py, it is /app/data in the DockerHOME=${DATA_DIR}/home svn co https://svn.example.com/example
See also
DATA_DIR
Local files¶
Hint
Underneath, this uses Git. It requires Git installed and allowsyou to switch to using Git natively with full history of your translations.
Weblate can also operate without a remote VCS. The initial translations areimported by uploading them. Later you can replace individual files by file upload,or add translation strings directly from Weblate (currently available only formonolingual translations).
In the background Weblate creates a Git repository for you and all changes aretracked in. In case you later decide to use a VCS to store the translations,you already have a repository within Weblate can base your integration on.
