Commit Graph

93 Commits

Author SHA1 Message Date
Clark Boylan 3a44e0cf64 Upgrade gitea to v1.21.11
This is a bugfix update upgrade from v1.21.10 to v1.21.11. None of the
templates we override have been changed between these two versions
according to git diff.

A full changelog can be found here:

  https://github.com/go-gitea/gitea/blob/v1.21.11/CHANGELOG.md

Change-Id: I4d3648e311fe87b275856f2d73aca4a79c2c5507
2024-04-16 08:32:22 -07:00
Clark Boylan af6fdaa1af Update gitea to v1.21.10
Gitea and OpenDev are playing a game of tag. Whenever we bump our
deployment up to the lastest version they release a new version the next
day. That means there is now a v1.21.10 available shortly after updating
to v1.21.9.

Again this appears to be a fairly straight forward bug fix release.
There are no diffs in the templates we override between 1.21.9 and
1.21.10. Full release notes can be found here:

  https://github.com/go-gitea/gitea/blob/v1.21.10/CHANGELOG.md

Change-Id: I7491d18b14100ca6457d42994a45de1e70de8758
2024-03-26 09:36:20 -07:00
Clark Boylan 9e9e980f09 Update gitea to 1.21.9
Almost immediately after we upgraded to 1.21.8 a new 1.21.9 release
became available. Again this appears to largely be a bugfix release with
no super important changes for us. However, there are performance
improvements which are always nice to see. The template files that we
override have not changed between 1.21.8 and 1.21.9.

Full change log can be found here:

  https://github.com/go-gitea/gitea/blob/v1.21.9/CHANGELOG.md

Change-Id: Ica763081203d9be44c9de0923a261afa820c891b
2024-03-22 09:10:20 -07:00
Clark Boylan 5a2bd42a4d Update gitea to 1.21.8
This is a bugfix release with no template updates and no other impactful
deployment changes that I can see. Full changelog notes can be found
here:

  https://github.com/go-gitea/gitea/blob/v1.21.8/CHANGELOG.md

Change-Id: I6009bbebc261e87702b7f603bf179be89d31edb9
2024-03-19 07:40:38 -07:00
Clark Boylan 31ea71655c Upgrade gitea to 1.21.7
This upgrades our gitea container image and, thus deployment, to version
1.21.7 from 1.21.5. There are no updates to the three template files we
override upstream according to git diff in the gitea repo.

A full changelog can be found here:

  https://github.com/go-gitea/gitea/blob/v1.21.7/CHANGELOG.md

Change-Id: I95d92f47085532275bf0f2508f9026e9394aebc7
2024-02-26 08:20:18 -08:00
Clark Boylan 3fd045aec3 Upgrade gitea to 1.21.5
This update includes a number of bugfixes. The changelog can be found
here: https://github.com/go-gitea/gitea/blob/v1.21.5/CHANGELOG.md.

There is a security fix for inappropriate access to non public container
images. We don't how private data and we don't use the container
registry in gitea so this doesn't affect us.

There are no changes to template files that we override.

Change-Id: I9419a22736de82e135a25fca22aef1ed10c19e1a
2024-02-01 10:14:43 -08:00
Clark Boylan fb531dae6f Update gitea to 1.21.4
We are currently running 1.21.3 so this shouldn't be a huge upgrade for
us. Full changelog can be found here:

  https://github.com/go-gitea/gitea/blob/v1.21.4/CHANGELOG.md

Two template files are removed from our custom template overrides. They
were both included for the 1.21.3 so that we could manually patch a bug
that resulted in HTTP 500 errors when using gitea's code search
functionality. Upstream included these fixes in the 1.21.4 release so we
don't need to override to fix this any longer. This should be covered by
a testinfra test case now too.

Change-Id: I221e5cd185631751c082bdf5e2902057e5200dc0
2024-01-18 12:59:04 -08:00
Clark Boylan 30279610b6 Update gitea to 1.21.3
Upgrade Gitea to 1.21.3. The changelogs for this release can be found
here:

  https://github.com/go-gitea/gitea/blob/v1.21.3/CHANGELOG.md

I have attempted to collect the interesting bits in this commit message
as well as information on why we do or don't make changes to address
these items.

1.21.0
 * BREAKING
   * Restrict certificate type for builtin SSH server (https://github.com/go-gitea/gitea/pull/26789)
     * We don't use the builtin SSH server and don't use certificates
       for auth. Nothing to do here.
   * Refactor to use urfave/cli/v2 (https://github.com/go-gitea/gitea/pull/25959)
     * The major change here updated `gitea` to stop accepting
       `gitea web`'s command options. Our dockerfile is set up to use
       `CMD ["/usr/local/bin/gitea", "web"]` so we are not affected.
   * Move public asset files to the proper directory (https://github.com/go-gitea/gitea/pull/25907)
     * We update the testinfra test for robots.txt to more robustly
       check file contents. Previously it checked a very generic
       prefix which may indicate a generic file being served.
     * We move custom/public/img into custom/public/assets/img.
       Screenshots should be used to confirm this works as expected.
   * Remove commit status running and warning to align GitHub (https://github.com/go-gitea/gitea/pull/25839)
     (partially reverted: Restore warning commit status (https://github.com/go-gitea/gitea/pull/27504) (https://github.com/go-gitea/gitea/pull/27529))
     * We don't rely on commit statuses as this is a read only replica
       of Gerrit.
   * Remove "CHARSET" config option for MySQL, always use "utf8mb4" (https://github.com/go-gitea/gitea/pull/25413)
     * We don't set [database].CHARSET. Doesn't affect us.
   * Set SSH_AUTHORIZED_KEYS_BACKUP to false (https://github.com/go-gitea/gitea/pull/25412)
     * We don't set this value explicitly so the default will flip from
       true to false for us. I don't think this is an issue because we
       keep track of our pubkeys in git.

 * SECURITY
   * Dont leak private users via extensions (https://github.com/go-gitea/gitea/pull/28023) (https://github.com/go-gitea/gitea/pull/28029)
     * We don't use private users.
   * Expanded minimum RSA Keylength to 3072 (https://github.com/go-gitea/gitea/pull/26604)
     * We have rotated keys used to replicate from gerrit to gitea to
       work around this. Now are keys are long enough to make gitea
       happy.

 * BUILD
   * Dockerfile small refactor (https://github.com/go-gitea/gitea/pull/27757) (https://github.com/go-gitea/gitea/pull/27826)
     * I've updated our Dockerfile to mimic these changes. Comment
       whitespace as well as how things are copied and chmoded in the
       build image have been updated.
     * TODO the file copies aren't working for us. I think due to how we
       ultimately clone the git repo. We use RUN but upstream is using
       COPY against the local build dir. I've aligned as best as I can,
       but we should see if we can do a similar COPY on our end.
   * Fix build errors on BSD (in BSDMakefile) (#27594) (#27608)
     * We don't run on BSD.
   * Fully replace drone with actions (#27556) (#27575)
     * This is how upstream builds their images. Doesn't affect our
       builds.
   * Enable markdownlint no-duplicate-header (#27500) (#27506)
     * Build time linters are somethign we don't care too much about on
       our end.
   * Enable production source maps for index.js, fix CSS sourcemaps (https://github.com/go-gitea/gitea/pull/27291) (https://github.com/go-gitea/gitea/pull/27295)
     * This emits a source map for index.js which can be used for in
       browser debugging. Don't think this is anything we need to take
       action on.
   * Update snap package (#27021)
     * We don't use a snap package.
   * Bump go to 1.21 (https://github.com/go-gitea/gitea/pull/26608)
     * Our go version is updated in the Dockerfile.
   * Bump xgo to go-1.21.x and node to 20 in release-version (https://github.com/go-gitea/gitea/pull/26589)
     * Our node version is updated in the Dockerfile.
   * Add template linting via djlint (#25212)
     * Build time linters are somethign we don't care too much about on
       our end.

1.21.1
 * SECURITY
   * Fix comment permissions (https://github.com/go-gitea/gitea/pull/28213) (https://github.com/go-gitea/gitea/pull/28216)
     * This affects disclosure of private repo content. We don't have
       private repos so shouldn't be affected.

1.21.2
 * SECURITY
   * Rebuild with recently released golang version
     * We'll automatically rebuild with newer golang too.
   * Fix missing check (https://github.com/go-gitea/gitea/pull/28406) (https://github.com/go-gitea/gitea/pull/28411)
     * There is minimal info here but it appears to be related to
       issues. We don't use issues so shouldn't affect us.
   * Do some missing checks (https://github.com/go-gitea/gitea/pull/28423) (https://github.com/go-gitea/gitea/pull/28432)
     * There is minimal info here but it appears to be related to
       checks around private repos. We don't use private repos so this
       shouldn't affect us.

1.21.3
 * SECURITY
   * Update golang.org/x/crypto (https://github.com/go-gitea/gitea/pull/28519)
     * This addresses recent concerns found in ssh for gitea's built in
       ssh implementation. We use openssh as provided by debian so will
       rely on our distro to provide fixes.

Finally 1.21.x broke rendering of code search templates. The issue is
here: https://github.com/go-gitea/gitea/issues/28607. To address this
I've vendored the two fixed template files
(https://github.com/go-gitea/gitea/pull/28576/files)into our custom
template dirs. Once upstream makes a release with these fixes we can
drop the custom files entirely as we don't override anything special in
them.

Change-Id: Id714826a9bc7682403afcf90f2761db8c84eacbf
2024-01-03 16:36:17 -08:00
Clark Boylan 6cf8b63bc8 Upgrade gitea to 1.20.6
This is a bugfix release with some security updates that while maybe not
critical due to our use of gitea as a read only mirror would be good to
get in anyway. Additionally we'll want to be on the latest 1.20 release
before updating to 1.21.

The changelog can be found here:

  https://github.com/go-gitea/gitea/blob/v1.20.6/CHANGELOG.md

Git diff reports no template updates between 1.20.5 and 1.20.6 in the
templates that we override.

Change-Id: Idd38660dce53b5765c1ab4bc021544bd105df138
2023-11-28 08:23:17 -08:00
Clark Boylan 9f024b5fea Rebuild gitea 1.20.5 on latest golang 1.20.10
Upstream golang updates are worth recompiling gitea under. Details can
be found in the golang 1.20 release notes:

  https://go.dev/doc/devel/release#go1.20.minor

Change-Id: I6ddeaa23d5aee23928d6f448095bb69fe82d94a9
2023-10-11 08:53:53 -07:00
Zuul 8a9e9ffe1b Merge "Upgrade to gitea 1.20.5" 2023-10-06 16:54:55 +00:00
Clark Boylan f1cc7d4f8e Update gitea base OS during image builds
This ensures we're always up to date with our packages even if the
upstream container images lag behind debian proper. Useful for pulling
in bugfixes more quickly than upstream seems to think we want them.

Change-Id: Ia7ec97ca17ad1175c8ddd4c5d037f516dcdd891a
2023-10-05 10:59:24 -07:00
Clark Boylan 267e0cb6f0 Upgrade to gitea 1.20.5
This looks like a straightforward bugfix release according to the
release notes [0]. There are also no template changes in the three
templates we override.

[0] https://github.com/go-gitea/gitea/blob/v1.20.5/CHANGELOG.md

Change-Id: Id5521289daeb974ac1ec73ffb85d5adb5780fae8
2023-10-03 09:39:23 -07:00
Clark Boylan c06b31df3a Update to gitea 1.20.4
This is a small update from what we are currently running (1.20.4). The
full changelog can be found here:

  https://github.com/go-gitea/gitea/blob/v1.20.4/CHANGELOG.md

There is one small template update in 1.20.4, but it is to documentation
urls which we are already overriding with our own documentation links so
doesn't affect us.

Change-Id: I5ed374e2e6e0056397e05404e0bf42ffd3906469
2023-09-08 08:10:29 -07:00
Clark Boylan dea0930962 Update Gitea images to bookworm
There are two main components that I expect will be affected by this
bookworm update. The first is git. Git is updated from 2.30.2-1+deb11u2
to 2.39.2-1.1. In general git has been very good about maintaining
compatibility, but there is some risk of a behavior change impacting us.

Second is openssh-server. In particular we upgrade from 8.4p1-5+deb11u1
to 9.2p1-2 which crosses the 8.8 release threshold. 8.8 changed how RSA
keys are handled. Now by default only RSA + SHA2 is negotiated by
default and RSA + SHA1 is not allowed. Gerrit currently uses RSA keys
for replication. This should all be fine because MINA added support for
negotiating RSA + SHA2 as both a client and server in version prior to
that running in Gerrit 3.7, but there is still some risk this will
break.

We can test this with held nodes, or we can assume it will work given
the fixes in MINA. Then if it breaks we can switched to ed25519 keys or
update config to openssh to reenable SHA1 or we can revert to bullseye.

Note, we make a small update to the image to set `ENV USER git` in both
the web and ssh iamges as the ssh image uses this env var to dynamically
set sshd_config's AllowUsers value. We weren't setting this value
previously which older sshd seems to ignore. Bookworm sshd gets angry
about this directly being set without a value in its config.

Change-Id: I5a923798e90be4dcd9486a97014180ed1790fab1
2023-09-01 09:44:52 -07:00
Clark Boylan a63f8c6dd7 Rebuild gitea on bullseye
We want to rebuild gitea on bullseye before upgrading to bookworm. The
reason for this is we only prune images that are more than 72 hours old.
Deploying a new bullseye image then deploying the bookworm image ensures
we have 72 hours before that bullseye image is pruned allowing us to
easily revert if necessary.

Change-Id: I5cc8078e0c5f6e55215e9419ac3569a686060b05
2023-09-01 09:44:51 -07:00
Clark Boylan ef450d1bce Update to Gitea 1.20
The 1.20 release is here. Upgrade to this version.

Things we change:
 * Nodejs is updated to v20 to match the alpine 3.18 package version
   that gitea switched to.
 * Templates are updated to match upstream 1.20 templates.
 * We drop the deprecated LFS_CONTENT_PATH from our server config and
   add an equivalent [lfs] config section.
 * Normalize app.ini content so that gitea won't write it back out to
   disk which fails due to permissions (and we don't want it overriding
   our configs anyway). For this we need to add WORK_PATH,
   oauth2.JWT_SECRET, and normliazing spacing and quoting for entries.
 * Set JWT_SIGNING_PRIVATE_KEY_FILE explicitly to be located at
   /data/gitea/jwt/private.pem otherwise gitea attempts to create the
   jwt/ directory somewhere it doesn't have permissions to (I think /)
   and won't be persisted across containers.
 * Replace log.ENABLE_ACCESS_LOG with log.logger.access.MODE = file as
   log.ENABLE_ACCESS_LOG is deprecated and doesn't appear to work
   anymore. This appears to be a documentation issue or they deprecated
   and removed things more quickly than originaly anticipated.
 * Add log.ACCESS_LOG_TEMPLATE to readd source port info to the access
   logs.
 * Add a templates/custom/header.tmpl file to set theme-color as the
   config item for this has been removed.

The 1.20.0 changelog [0] lists a number of breaking changes. I have
tried to capture there here as well as potential impacts to us:

 * Fix WORK_DIR for docker (root) image (#25738) (#25811)
   * We set APP_DATA_PATH to /data/gitea in our app.ini config which
     means we aren't relying on the inferred value from WORK_DIR. I
     think this isolates us from this chnage. But we can check for any
     content in /app/gitea on our running containers to be sure.
     Note we hardcode WORK_PATH to /data/gitea because gitea attempts to
     write this back to our config file otherwise as a result of this
     change.
 * Restrict [actions].DEFAULT_ACTIONS_URL to only github or self (#25581) (#25604)
   * We disable actions. This shouldn't affect us.
 * Refactor path & config system (#25330) (#25416)
   * This is related to the first breaking changes. Basically we need
     to check our use of WORK_PATH and determine if we need to hardcode
     it to something. Probably a good idea given how they keep changing
     this on us...
 * Fix all possible setting error related storages and added some tests (#23911) (#25244)
   * We don't use storage configs. This shouldn't affect us.
 * Use a separate admin page to show global stats, remove actions stat (#25062)
   * The breaking change only affects the use of Prometheus which we
     don't have yet.
 * Remove the service worker (#25010)
   * Is listed as a breaking change for UI cleanup that we don't need to
     cleanup. (ui.USE_SERVICE_WORKER can be removed).
 * Remove meta tags theme-color and default-theme (#24960)
   * https://github.com/go-gitea/gitea/pull/24960
   * Addressed by adding a custome templates/custom/header.tmpl file
     that sets this meta tag to the existing value. Note this only
     affects mobile clients so needs to be double checked via a mobile
     device.
 * Use [git.config] for reflog cleaning up (#24958)
   * Affects git.reflog config entries and we don' thave any.
 * Allow all URL schemes in Markdown links by default (#24805)
   * TODO determine if we need to limit link types and add that
     change if so. A point release was made to exclude bad types
     already. Not sure if there are others we need to add.
 * Redesign Scoped Access Tokens (#24767)
   * This breaks scoped tokens with scopes that don't exist anymore.
     I don't think we use scoped tokens.
 * Fix team members API endpoint pagination (#24754)
   * They 1 index the pagination of this endpoint now instead of 0
     indexing it.
 * Rewrite logger system (#24726)
   * They made changes to the loggers and encourage people to check
     their logs work as expected when upgrading. Using our test instance
     logs I don't see anything that is a problem.
 * Increase default LFS auth timeout from 20m to 24h (#24628)
   * We don't LFS but can change the timeout if necssary.
 * Rewrite queue (#24505)
   * Check for 'Removed queue option:' log entries and clean up
     corresponding entries in app.ini. We don't have any of these
     entries in our logs.
 * Remove unused setting time.FORMAT (#24430)
   * We didn't have this entry in app.ini.
 * Refactor setting.Other and remove unused SHOW_FOOTER_BRANDING (#24270)
   * This setting can be removed from app.ini, but we don't set it.
 * Correct the access log format (#24085)
   * We uncorrect it because they removed source port info in the
     correction step. They did this because some log parsers don't
     understand having the port info present, but if you are behind a
     reverse proxy this information is very important. We run gitea behind
     a reverse proxy.
 * Reserve ".png" suffix for user/org names (#23992)
   * .png is no longer a valid user/org name (it didn't work before
     anyway).
 * Prefer native parser for SSH public key parsing (#23798)
   * If you relied on the openssh ssh-keygen executable for public key
     parsing then you must explicitly set config to use it. I don't
     think we do as the golang native parser should handle the keytypes
     we use.
 * Editor preview support for external renderers (#23333)
   * This removed an app.ini settings we don't seem to set.
 * Add Gitea Profile Readmes (#23260)
   * Readmes in .profile repositories will always be shown now. We don't
     have .profiles repos so this doesn't affect us.
 * Refactor ctx in templates (#23105)
   * This affects custom templates as we may need to replace ctx with
     ctxData in our templates.
   * I've searched our templates for 'root', 'ctx', and 'ctxData' and
     have found no instances. Looking at the files modifying by the
     commits related to this change:
     bd7f218dce
     7c01260e1d
     we don't seem to override the affected files. I think we are fine
     as is.

The 1.20.1 changelog indicates there are no breaking changes, and git
diff shows no changes to the templates between 1.20.0 and 1.20.1.

The 1.20.2 changelog indicates there are no breaking changes, and git
diff shows no changes to the templates between 1.20.1 and 1.20.2.

The 1.20.3 changelog indicates there is a single breaking change:
 * Fix the wrong derive path (#26271) (#26318)
   * If I'm reading the code correctly, I think the problem was storage
     configuration inheriting the base storage config and particularly
     the related path. Then when archival storage looked for its config
     the path was the root gitea storage path and it would inadverdently
     delete all repos when deleting a single repo or something like
     that. We don't use these features and these are mirrors anyway so I
     don't think this really affects us.

[0] https://github.com/go-gitea/gitea/blob/v1.20.3/CHANGELOG.md

Change-Id: I265f0ad16c0e757a11c1d889996ffe2198625a1a
2023-08-21 08:49:46 -07:00
Jeremy Stanley edac8d2f40 Update gitea to 1.19.4
Gitea 1.19.4 patch update. Release notes can be found at:

  https://github.com/go-gitea/gitea/blob/v1.19.4/CHANGELOG.md

There are no breaking changes listed since the 1.19.3 we're
currently running, but one minor security improvement which is
basically not relevant to us, as well as a number of bug fixes some
of which may be (I skimmed and don't think any are but can't be
certain). Mainly this merges one template update to keep our forked
templates in line with upstream.

Change-Id: Ibf49a7b5701a3bfbee91acb53485443ff3c29411
2023-07-05 19:56:04 +00:00
Zuul 64bc63a620 Merge "Update gitea to 1.19.3" 2023-05-04 21:29:30 +00:00
Clark Boylan 1654759865 Update gitea to 1.19.3
Gitea 1.19 is here. Release notes can be found at:

  https://github.com/go-gitea/gitea/blob/v1.19.3/CHANGELOG.md

I've highlighted the breaking changes entries in this commit message
with notes on whether or not this affects us.

* 1.19.0
  * Add loading yaml label template files (#22976) (#23232)
    * I think this is for auto applying labels to PRs? Shouldn't affect
      us.
  * Make issue and code search support camel case for Bleve (#22829)
    * We don't rely on code search in gitea yet, but this seems like a
      good addition.
  * Repositories: by default disable all units except code and pulls on forks (#22541)
    * We don't allow forks so this shouldn't affect us.
  * Support template for merge message description (#22248)
    * We don't do merging via gitea so this shouldn't affect us.
  * Remove ONLY_SHOW_RELEVANT_REPOS setting (#21962)
    * We don't set this flag in our app.ini config file.
  * Implement actions (#21937)
    * They are disabled by default, but I've explicitly disabled them as
      we use Zuul.
  * Remove deprecated DSA host key from Docker Container (#21522)
    * Our installatins were all created prior to this update which
      generated DSA keys. We can go and manually clean them up with
      gitea disabled if we like.
  * Improve valid user name check (#20136)
    * As long as our CI job is able to create the necessary accounts we
      should be fine.

* 1.19.1
  * Rename actions unit to repo.actions and add docs for it (#23733) (#23881)
    * app.ini.j2 updated to use repo.actions to disable the repo unit.

* 1.19.2
  * No breaking changes listed.

* 1.19.3
  * No breaking changes listed.

In addition to the breaking changes upstream has updated to golang 1.20
and nodejs 18. We update our image to match.

In 1.19.0 and 1.19.1 org listing required authentication which was a new
change/regression in [0] gitea. I have updated the logo update role to
drop authentication details to make it clear this API should be publicly
accessible. In earlier patchsets I was forcing basic auth due to another
bug [1] which is not correct as we expect this API to be public.
Updating the role this way makes that more clear.

Finally the usual template updates are applied to keep our forked
templates in line with upstream. There were no template changes between
1.19.0, 1.19.1, 1.19.2, and 1.19.3 according to git diff.

[0] https://github.com/go-gitea/gitea/issues/24159
[1] https://github.com/go-gitea/gitea/issues/24160

Change-Id: I5570deaf505a27c8c90c58896de990a4d2d44530
2023-05-03 14:42:08 -07:00
Clark Boylan a4bcc755c5 Rebuild gitea images
Change-Id: I0c51e2187775c7a24723a8bfd94b9dee1c6a67f5
2023-05-03 13:59:24 -07:00
Clark Boylan 9aab305c9f Update gitea to 1.18.5
This upgrade bumps us up two minor releases for gitea. Changelogs can be
found here:

  https://github.com/go-gitea/gitea/blob/v1.18.5/CHANGELOG.md

On the whole seems pretty minor for our uses. I did check the diffs
between 1.18.3 and 1.18.5 for template files we override and those diffs
are empty.

Change-Id: I68204afc28b6382559ece115994c36d35ab60844
2023-02-27 08:37:37 -08:00
Zuul 4a67a684bc Merge "Feature our cloud donors on opendev.org" 2023-02-07 15:15:44 +00:00
Jeremy Stanley 7074dfe0e3 Feature our cloud donors on opendev.org
Add logos for our cloud donors, similar to the
https://openinfra.dev/members/#infrastructure or
https://www.openstack.org/community/supporting-organizations/#infra-donors
lists.

Companies whose logos are listed on the OpenInfra members page have
given explicit permission to the foundation to display those logos
in order to promote their involvement in foundation-led activities,
which includes projects and communities represented by the
foundation (like the OpenDev Collaboratory). The agreements the
companies referenced in this change have entered into aren't limited
to specific web sites, so displaying them on opendev.org shouldn't
require that we seek additional permission in order to do so.

When adding these logos in a subdirectory (for ease of maintenance),
we need to update the copy step from the assets image to the gitea
image making it recursive, otherwise the directory will be omitted
form the final image build. It's also worth noting that COPY
directives in Dockerfiles behave in an odd and non-shell-like
manner, as they flatten the files when recursing source directories,
so you end up needing to force them into the intended target
directories.

Change-Id: I56279da7008cd4961c964b00f23a255e2865b602
2023-02-06 21:47:53 +00:00
Clark Boylan 5435686d5d Revert "Update git in gitea images"
This reverts commit eb823707ab.

Upstream Debian has updated git to 2.30.2-1+deb11u1 which patches git
for the issues we manually patched to cover. We don't need the manual
patch anymore and can switch to the distro hence this revert.

Reviewers should double check that the image build process installs the
expected 2.30.2-1+deb11u1 version.

Change-Id: I17fd16a88fbcaa9bbd5d32bfc6d4bb8cdd52ce99
2023-01-30 11:11:27 -08:00
Zuul ef43cea2ff Merge "Update gitea to 1.18.3" 2023-01-26 17:56:12 +00:00
Zuul fd25738784 Merge "Update Gitea to 1.17.4" 2023-01-23 17:52:07 +00:00
Clark Boylan c80699ea3a Update gitea to 1.18.3
This updates our Gitea installation to 1.18.3. We bump our go verison to
1.19 to match upstream, disable some newer features in app.ini, and
synchronize our template files with upstream edits.

Otherwise not much stood out to me in the changelog as far as backward
compatibility goes:

  https://github.com/go-gitea/gitea/blob/v1.18.3/CHANGELOG.md

Reviewers should look this over and double check that though.

Change-Id: I9679fb4908621a065ab3a0bc670a0e96ea15f476
2023-01-23 08:42:16 -08:00
Clark Boylan eb823707ab Update git in gitea images
Change-Id: I6a9be4362ab6c8f35ed949e708ce2f21b495a96d
2023-01-18 15:52:55 -08:00
Clark Boylan 1d6b7c6640 Update Gitea to 1.17.4
The template files we override do not appear to have changed between
1.17.3 and 1.17.4. This update should get us into a spot where we can
plan to upgrade to 1.18.

Change-Id: I9690a7339bb8ca913ca279c9eaf3ff13eefff9e1
2023-01-17 09:54:02 -08:00
Clark Boylan 0209a923e3 Rebuild gitea images under new golang release
Golang makes periodic compiler releases. One was made today and we
should rebuild gitea under it. Looks like the
library/golang:1.18-bullseye image has update in docker hub:

  https://hub.docker.com/layers/library/golang/1.18-bullseye/images/sha256-0fb1e79db0084e49cd4169612c6f7b7d414a1dba59072997cd3ac3ae1d725361?context=explore

Which should be all we need to take advantage of this new release.

Change-Id: I7d411e244296ffd97483b93942ce3105e8d3e325
2022-11-01 12:45:41 -07:00
Clark Boylan 9827330640 Update to gitea 1.17.3
This updates our gitea images from 1.17.2 to 1.17.3. Git diff of the
three template files we override between 1.17.2 and 1.17.3 show no
changes to the templates. Also, while the changelog indicates go 1.19
fmt is used with gitea 1.17 now the 1.17 Dockerfile continues to build
gitea itself with go 1.18. We don't update our golang version for this
reason.

The changelog can be found here:
  https://github.com/go-gitea/gitea/blob/v1.17.3/CHANGELOG.md

Additionally, I've modified how we do our docker image prune step to
keep old images for 3 days. The reason for this is it gives us a short
window of time where we can easily revert to the old image that we have
stored locally on the system. Keep in mind that this will slightly
increase disk consumption on the nodes by about 1GB per
gitea+gitea-ssh+mariadb set. I think this is worthwhile considering
these images don't update often so we should only ever have one extra
old set on the node. If others don't care for this feel free to modify
the change to remove this edit.

Change-Id: I84e89e461ae8957c553c8f3d1b537af622a824b4
2022-10-15 18:58:50 +00:00
Clark Boylan b83109dc11 Update to Gitea 1.17.2
This is the first minor Gitea update we've seen in a long time with
updated template files. I've updated the header.tmpl file to match
1.17.2's content.

Full changelog can be seen at:
  https://github.com/go-gitea/gitea/blob/v1.17.2/CHANGELOG.md#1172---2022-09-06

Change-Id: I087f13beb64e2a3b607f1f60e2d3841567845543
2022-09-06 15:37:25 -07:00
Clark Boylan 7f06a0ce2e Update to Gitea 1.17
Please  carefully review the changelog:

  https://github.com/go-gitea/gitea/blob/v1.17.1/CHANGELOG.md

and ensure that we've properly addressed the items listed there.

I have listed the breaking changes list here and any actions we've taken
or justification for why they don't affect us:

* Require go1.18 for Gitea 1.17 (#19918)
  We were already using go 1.18.
* Make AppDataPath absolute against the AppWorkPath if it is not (#19815)
  Path is already absolute:
  playbooks/roles/gitea/templates/app.ini.j2:APP_DATA_PATH    = /data/gitea
* Nuke the incorrect permission report on /api/v1/notifications (#19761)
  This has to do with how that api endpoint returns permissions. We
  don't use this anywhere as far as I can tell.
* Refactor git module, make Gitea use internal git config (#19732)
  In the gitea container /data/git/.gitconfig is present but we don't
  appear to manage this in system-config. I think that means this
  change is a noop for us as gitea will move its managed .gitconfig
  from /data/git/.gitconfig to /data/git/repositories/.gitconfig.
  I expect the contents to be the same since gitea must be managing
  the file old content today.
* Remove RequireHighlightJS field, update plantuml example. (#19615)
  This was a flag that toggled syntax highlighting on and off as best
  as I can tell. The default is to just have it turned on and we don't
  check the flag in any of our templates.
* Increase minimal required git version to 2.0 (#19577)
  Debian Bullseye ships with 2.30.2-1.
* Add a directory prefix gitea-src-VERSION to release-tar-file (#19396)
  They were tarbombing people and their tarballs extracted into the
  current dir. They now no longer do that. We build from git so this
  doesn't affect us.
* Use "main" as default branch name (#19354)
  We explicitly set the default branch name to master for both gitea and
  gerrit. This should be a noop for us. Testing has been added to check
  this.
  https://opendev.org/opendev/system-config/src/branch/master/playbooks/roles/gitea-git-repos/library/gitea_create_repos.py#L129-L132
  https://opendev.org/opendev/jeepyb/src/branch/master/jeepyb/cmd/manage_projects.py#L488
* Make cron task no notice on success (#19221)
  I'm not aware of us relying on any cron tasks or any cron task
  notifications.
* Add pam account authorization check (#19040)
  We don't integrate with pam so the change in behavior to check
  authorization does not affect us.
* Show messages for users if the ROOT_URL is wrong, show JavaScript errors (#18971)
  This message shows up in CI because ROOT_URL is https://opendev.org
  but we access gitea in testing via localhost. I don't think this
  is worth fixing. Its a good reminder that the instance is a test
  instance.
* Refactor mirror code & fix StartToMirror (#18904)
  We don't mirror repos with gitea. Should be a noop for us.
* Remove deprecated SSH ciphers from default (#18697)
  hmac-sha1-96, diffie-hellman-group1-sha1, and arcfour{128,256} are
  removed. The only ssh user is gerrit's replication. MINA should
  be able to support more modern ciphers and be fine.
* Add the possibility to allow the user to have a favicon which differs from the main logo (#18542)
  Previously, logo.svg was used as the favicon.svg and gitea only fell
  back to favicon.png if the browser couldn't so the .svg. But now they
  want to support users having different logo.svg and favicon.svg. This
  necessitates explicitly adding a favicon.svg. Something we already do.
  Details at https://github.com/go-gitea/gitea/pull/18542
* Update reserved usernames list (#18438)
  This shouldn't be a problem for us as we don't have regular users and
  gerrit is not a reserved name.
* Support custom ACME provider (#18340)
  We run ACME with LE out of band. This doesn't affect us.
* Change initial TrustModel to committer (#18335)
  This changes the signed commits trust model from collaborator
  to committer. THis won't affect us as we aren't maintaining trusted
  keys. But basically this now shows if the signed commit by the
  committer matches the committer's key.
* Update HTTP status codes (#18063)
  This changed redirect HTTP codes from 302 to 307. Shouldn't
  affect us.
* Upgrade Alpine from 3.13 to 3.15 (#18050)
  We build on Debian and not alpine. The alpine nodejs version did
  change from 14 to 16 in this change and we've updated to match.
* Restrict email address validation (#17688)
  If we had real users this may pose a problem as they are limiting
  the set of emails gitea would accept to a smaller set than they
  accepted before. Also fewer than actually allowed by email. But
  we don't have real users so this should be fine.
* Refactor Router Logger (#17308)
  This streamlines and improves the log format of some of the gitea
  logs. We aren't automatically processing these logs today so this
  shouldn't have a major impact on us.

Additionally this release adds a new git.HOME_PATH setting to set the
location for writing out git configs and potential gnupg configs. We
should be fine to let gitea write this content out to the default path,
but there is potential for this to impact our ssh daemon.

Changes made include:

 * Minimal updates to web templates to match 1.17
 * Updating nodejs to v16 as v14 failed to build gitea
 * Disabling the new enabled by default "packages" feature
 * New test to check repos have a master branch by default instead of
   Gitea's new default of main.

Change-Id: I88105eccd118e3daca72f0b86a6b351c35e37413
2022-08-18 14:12:30 -07:00
Clark Boylan 18c7d8ead1 Update Gitea to 1.16.9
This is a bugfix release that gitea suggests we update to for important
fixes.

Changelog can be found at:
  https://github.com/go-gitea/gitea/blob/v1.16.9/CHANGELOG.md

One thing I note is the inclusion of support for git safe.directory in
newer git versions. Our bullseye git version is too old to support this,
but we also configure consistent users so this should be a non issue for
us.

Change-Id: I8c3e4e5eead13eeb72bee3ae6c8b89081cdc5cf0
2022-07-13 13:44:28 -07:00
Clark Boylan 5c50ae731f Upgrade gitea to v1.16.8
This appears to be a straightforward bug fix release according to the
release notes:

  https://github.com/go-gitea/gitea/blob/v1.16.8/CHANGELOG.md

No template change between v1.16.7 and v1.16.8 according to git.

Change-Id: I0b9bb2f15beb7d3b1541c02e6e96601d25449e33
2022-05-16 11:36:17 -07:00
Clark Boylan 0ae3ffc118 Upgrade gitea to v1.16.7
This is the latest bug fix release. Upgrade to it to pull in those bug
fixes. You can see the full list of changes in the release notes:

  https://github.com/go-gitea/gitea/blob/v1.16.7/CHANGELOG.md#1167---2022-05-02

I've checked template diffs between v1.16.6 and v1.16.7 and they are
empty.

Change-Id: I5c8cb5bf02ab5ca8f64da25f1384291921ba8bba
2022-05-02 10:10:11 -07:00
Clark Boylan 325333016e Upgrade Gitea to 1.16.6
This update brings a number of bugfixes. The most visible to us is it
should fix partial clones for older clients. This means we can reenable
partial cloning again. Note that we have testing of partial clones which
should detect if this is working for us.

There are no template diffs for the three template files we override
between 1.16.5 and 1.16.6. The release notes can be found at:

  https://github.com/go-gitea/gitea/blob/v1.16.6/CHANGELOG.md#1166---2022-04-20

Change-Id: Ie5b6a3bcd73f135fe8914b55896a3a428a41dccc
2022-04-20 16:47:02 -07:00
Clark Boylan 6f3597a748 Update gitea to v1.16.5
We update gitea to v1.16.5 and update to using the golang:1.18-bullseye
image as the release notes [0] for this version indicate that upstream
has switched to golang 1.18 to build now.

I don't see any deltas in the templates that we updated between v1.16.4
and v1.16.5

[0] https://raw.githubusercontent.com/go-gitea/gitea/v1.16.5/CHANGELOG.md

Change-Id: I794d0db2dbb64d962debaba385eb0e46b463877a
2022-03-25 11:55:20 -07:00
Clark Boylan dd0a3374d2 Update Gitea to 1.16.4
Gitea 1.16.4 is now available. Note that this update includes the
changes from 1.16.0-1.16.3 as well since we are upgrading from
1.15.x. The changelog can be found at:

  https://github.com/go-gitea/gitea/blob/v1.16.4/CHANGELOG.md

In particular this calls out:

  https://github.com/go-gitea/gitea/pull/17846

as a potentially breaking change that may impact our use of ssh. We
attempt to update our Dockerfile to use the correct gitea command script
to address this but we should likely test replication before landing
this update.

The changelog is quite large and I haven't been able to fully examine it
for impacts. Reviewers are encouraged to look it over and find items we
should address. Additionally once this is reliably building we should
hold a node and inspect it directly.

Change-Id: I0bf7400d43583a8e8b54581225c70cba53007876
2022-03-14 14:57:00 -07:00
Clark Boylan 3e2c71c6b6 Upgrade Gitea to v1.15.11
The template file diffs for the templates we override are empty between
v1.15.10 and v1.15.11.

Change-Id: I89bf351ffb8608b65b70084c8f132e7684ef233a
2022-02-03 08:23:14 -08:00
Clark Boylan 00dbb0e697 Upgrade gitea to v1.15.10
Release notes for gitea v1.15.10 can be found at:

  https://github.com/go-gitea/gitea/blob/v1.15.10/CHANGELOG.md#11510---2022-01-14

I did not see any delta in the templates we update between v1.15.9 and
v1.15.10.

Change-Id: I505d68e3ac44fb4b5a77b978430a8656b1bdcad4
2022-01-14 11:19:34 -08:00
Clark Boylan 3ea7d2e0bd Update gitea to v1.15.9
There are no template changes between v1.15.7 and v1.15.9 according to
git diff.

Change-Id: I3a126db4434c1cdf6d8efd31cdbbd5cd50986bf2
2022-01-04 08:16:36 -08:00
Clark Boylan a57f3bab08 Update gitea to 1.15.7
Changelog here:
  https://github.com/go-gitea/gitea/blob/v1.15.7/CHANGELOG.md#1157---2021-12-01

Seems to mostly be a number of bugfixes which we like to get.

Note there is one tiny mostly inconsequently template update that we
make to a commented out portion of the head navbar file. But we do this
to avoid unnecessary future delta that needs to be resolved.

Change-Id: I9bf19c4f63d1713701ec889a705f3c8855d943d7
2021-12-06 11:02:13 -08:00
Clark Boylan f2cd358b70 Upgrade to gitea 1.15.6
Another bug fix release. We upgrade to keep up and not fall behind.
Release notes can be found at:

  https://github.com/go-gitea/gitea/blob/v1.15.6/CHANGELOG.md

Change-Id: I44874476d6fd09f3333205b3036ed12000560cba
2021-10-28 08:37:04 -07:00
Clark Boylan cc41e880eb Upgrade gitea to 1.15.5
Changelog at:

  https://github.com/go-gitea/gitea/blob/v1.15.5/CHANGELOG.md

Change-Id: I4948aaa6d26364ce8f9de66ce83d1b40c763e132
2021-10-25 08:22:03 -07:00
Clark Boylan b6d121627c Update gitea to 1.15.4
They just released a 1.15.4 version with a number of bugfixes.

Changelog at:

  https://github.com/go-gitea/gitea/blob/v1.15.4/CHANGELOG.md

Change-Id: Idf5f5a0b2d7bc5acbe79fb38753671d21c71e288
2021-10-08 12:13:22 -07:00
Zuul d108da5785 Merge "Upgrade gitea to 1.15.3" 2021-10-06 22:47:20 +00:00
Zuul 9f1f1ef811 Merge "Update our gitea images to bullseye" 2021-10-06 15:53:35 +00:00
Clark Boylan 048a918a61 Upgrade gitea to 1.15.3
We move robots.txt to custom/ instead of custom/public/ as
custom/public/ is now served at /assets/ via the gitea webserver and we
need robots.txt at the root. Related to this we update image urls to be
prefixed with AssetUrlPrefix in their paths so that if this path changes
against in the future we should automatically accomodate that.

Change-Id: I8ce5fe8ff342617ff156a401be8418d593fd35c4
2021-09-27 12:54:52 -07:00