forked from stove/dataset
gitea to forgejo
This commit is contained in:
parent
b77d7d5784
commit
f369998d15
23 changed files with 237 additions and 426 deletions
10
seed/forgejo/DEBUG.md
Normal file
10
seed/forgejo/DEBUG.md
Normal file
|
@ -0,0 +1,10 @@
|
|||
Créer un utilisateur
|
||||
=====================
|
||||
|
||||
su - forgejo -s /bin/bash -c "forgejo admin user create --username gnunux --password Njw_csh7DeeZtWDxC6WVXDdB-9A --email gnunux@gnunux.info --admin -c /etc/forgejo/app.ini"
|
||||
|
||||
DEBUG
|
||||
=====
|
||||
|
||||
sed -i 's/info/debug/g' /etc/forgejo/app.ini
|
||||
systemctl restart forgejo
|
|
@ -1,6 +1,6 @@
|
|||
format: '0.1'
|
||||
description: Gitea, a community managed lightweight code hosting solution
|
||||
website: https://gitea.io/
|
||||
description: Forgejo, a community managed lightweight code hosting solution
|
||||
website: https://forgejo.org/
|
||||
depends:
|
||||
- base-fedora-36
|
||||
- postgresql-client
|
|
@ -1,11 +1,11 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<rougail version="0.10">
|
||||
<services>
|
||||
<service name="gitea" target="multi-user" engine="cheetah">
|
||||
<file engine="none" source="sysuser-gitea.conf">/sysusers.d/0gitea.conf</file>
|
||||
<file engine="none" source="tmpfile-gitea.conf">/tmpfiles.d/0gitea.conf</file>
|
||||
<file>/etc/gitea/app.ini</file>
|
||||
<file>/tests/gitea.yml</file>
|
||||
<service name="forgejo" target="multi-user" engine="cheetah">
|
||||
<file engine="none" source="sysuser-forgejo.conf">/sysusers.d/0forgejo.conf</file>
|
||||
<file engine="none" source="tmpfile-forgejo.conf">/tmpfiles.d/0forgejo.conf</file>
|
||||
<file>/etc/forgejo/app.ini</file>
|
||||
<file>/tests/forgejo.yml</file>
|
||||
</service>
|
||||
</services>
|
||||
<variables>
|
||||
|
@ -16,17 +16,17 @@
|
|||
</family>
|
||||
<family name="redis" description="Redis">
|
||||
<variable name="redis_client_key_owner" redefine="True">
|
||||
<value>gitea</value>
|
||||
<value>forgejo</value>
|
||||
</variable>
|
||||
</family>
|
||||
<family name="gitea" description="Gitea" help="Git forge Gitea">
|
||||
<variable name="gitea_title" mandatory="True" description="Titre de la forge">
|
||||
<family name="forgejo" description="Gitea" help="Git forge Gitea">
|
||||
<variable name="forgejo_title" mandatory="True" description="Titre de la forge">
|
||||
<value>Gitea: Git avec une tasse de thé</value>
|
||||
</variable>
|
||||
<variable name="gitea_mail_sender" type="mail" description="Les courriels sont envoyés à partir de cet adresse" mandatory="True"/>
|
||||
<variable name="gitea_secret_key" type="password" hidden="True"/>
|
||||
<variable name="gitea_internal_token" type="password" hidden="True"/>
|
||||
<variable name="gitea_lfs_jwt_secret" type="password" hidden="True"/>
|
||||
<variable name="forgejo_mail_sender" type="mail" description="Les courriels sont envoyés à partir de cet adresse" mandatory="True"/>
|
||||
<variable name="forgejo_secret_key" type="password" hidden="True"/>
|
||||
<variable name="forgejo_internal_token" type="password" hidden="True"/>
|
||||
<variable name="forgejo_lfs_jwt_secret" type="password" hidden="True"/>
|
||||
</family>
|
||||
<family name="revprox">
|
||||
<family name="revprox_client">
|
||||
|
@ -38,10 +38,10 @@
|
|||
<value>3000</value>
|
||||
</variable>
|
||||
<variable name="revprox_client_cert_owner" redefine="True">
|
||||
<value>gitea</value>
|
||||
<value>forgejo</value>
|
||||
</variable>
|
||||
<variable name="revprox_client_cert_group" redefine="True">
|
||||
<value>gitea</value>
|
||||
<value>forgejo</value>
|
||||
</variable>
|
||||
</family>
|
||||
<family name="oauth2_client">
|
||||
|
@ -72,29 +72,29 @@
|
|||
<fill name="get_password">
|
||||
<param name="server_name" type="variable">domain_name_eth0</param>
|
||||
<param name="username">secret_key</param>
|
||||
<param name="description">gitea</param>
|
||||
<param name="description">forgejo</param>
|
||||
<param name="type">cleartext</param>
|
||||
<param name="hide" type="variable">hide_secret</param>
|
||||
<param name="length" type="number">105</param>
|
||||
<target>gitea_secret_key</target>
|
||||
<target>forgejo_secret_key</target>
|
||||
</fill>
|
||||
<fill name="get_password">
|
||||
<param name="server_name" type="variable">domain_name_eth0</param>
|
||||
<param name="username">internal_token</param>
|
||||
<param name="description">gitea</param>
|
||||
<param name="description">forgejo</param>
|
||||
<param name="type">cleartext</param>
|
||||
<param name="hide" type="variable">hide_secret</param>
|
||||
<param name="length" type="number">105</param>
|
||||
<target>gitea_internal_token</target>
|
||||
<target>forgejo_internal_token</target>
|
||||
</fill>
|
||||
<fill name="get_password">
|
||||
<param name="server_name" type="variable">domain_name_eth0</param>
|
||||
<param name="username">lfs_jwt_secret</param>
|
||||
<param name="description">gitea</param>
|
||||
<param name="description">forgejo</param>
|
||||
<param name="type">cleartext</param>
|
||||
<param name="hide" type="variable">hide_secret</param>
|
||||
<param name="length" type="number">43</param>
|
||||
<target>gitea_lfs_jwt_secret</target>
|
||||
<target>forgejo_lfs_jwt_secret</target>
|
||||
</fill>
|
||||
<fill name="calc_oauth2_client_login">
|
||||
<param type="variable" optional="True">revprox_client_external_domainnames</param>
|
26
seed/forgejo/manual/image/postinstall/forgejo.sh
Normal file
26
seed/forgejo/manual/image/postinstall/forgejo.sh
Normal file
|
@ -0,0 +1,26 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -ex
|
||||
|
||||
gpg --keyserver keys.openpgp.org --recv EB114F5E6C0DC2BCDD183550A4B61A2DC5923710
|
||||
|
||||
JSON==$(wget -q 'https://codeberg.org/api/v1/repos/forgejo/forgejo/releases?draft=false&pre-release=false&limit=1' --header 'accept: application/json' -O -)
|
||||
VERS=$(echo JSON| jq -r '.[0].name')
|
||||
|
||||
mkdir -p ~/forgejo/
|
||||
|
||||
if [ ! -f ~/"forgejo/forgejo-$VERS-linux-amd64.xz" ]; then
|
||||
rm -rf ~/"forgejo/forgejo-*-linux-amd64.xz"
|
||||
wget $(echo $JSON | jq -r '.[0].assets | map(select(.name | endswith("linux-amd64.xz"))) | .[0].browser_download_url') -O ~/"forgejo/forgejo-$VERS-linux-amd64.xz"
|
||||
fi
|
||||
if [ ! -f ~/"forgejo/forgejo-$VERS-linux-amd64.xz.asc" ]; then
|
||||
rm -rf ~/"forgejo/forgejo-*-linux-amd64.xz.asc"
|
||||
wget $(echo $JSON | jq -r '.[0].assets | map(select(.name | endswith("linux-amd64.xz"))) | .[0].browser_download_url') -O ~/"forgejo/forgejo-$VERS-linux-amd64.xz.asc"
|
||||
fi
|
||||
|
||||
gpg --verify ~/"forgejo/forgejo-$VERS-linux-amd64.xz.asc" ~/"forgejo/forgejo-$VERS-linux-amd64.xz"
|
||||
|
||||
cp -a ~/"forgejo/forgejo-$VERS-linux-amd64.xz" .
|
||||
xz -d "forgejo-$VERS-linux-amd64.xz"
|
||||
mv "forgejo-$VERS-linux-amd64" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/bin/forgejo"
|
||||
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/bin/forgejo"
|
|
@ -1,6 +1,6 @@
|
|||
# GNUNUX https://github.com/go-gitea/gitea/blob/main/custom/conf/app.example.ini
|
||||
APP_NAME = %%gitea_title
|
||||
RUN_USER = gitea
|
||||
# GNUNUX https://codeberg.org/forgejo/forgejo/raw/branch/forgejo/custom/conf/app.example.ini
|
||||
APP_NAME = %%forgejo_title
|
||||
RUN_USER = forgejo
|
||||
RUN_MODE = prod
|
||||
|
||||
[database]
|
||||
|
@ -15,34 +15,37 @@ CHARSET = utf8
|
|||
LOG_SQL = false
|
||||
|
||||
[repository]
|
||||
ROOT = /srv/gitea/lib/data/gitea-repositories
|
||||
ROOT = /srv/forgejo/lib/data/forgejo-repositories
|
||||
DEFAULT_BRANCH = main
|
||||
|
||||
[server]
|
||||
SSH_DOMAIN = %%revprox_client_external_domainnames[0]
|
||||
DOMAIN = %%revprox_client_external_domainnames[0]
|
||||
HTTP_PORT = 3000
|
||||
ROOT_URL = https://%%revprox_client_external_domainnames[0]/gitea/
|
||||
ROOT_URL = https://%%revprox_client_external_domainnames[0]%%revprox_client_external_domainnames[0]revprox_client_location
|
||||
LOCAL_ROOT_URL = https://%%domain_name_eth0:3000/
|
||||
DISABLE_SSH = false
|
||||
START_SSH_SERVER = true
|
||||
SSH_LISTEN_PORT = 2222
|
||||
SSH_PORT = 2222
|
||||
LFS_START_SERVER = true
|
||||
LFS_CONTENT_PATH = /srv/gitea/lib/data/lfs
|
||||
LFS_JWT_SECRET = %%gitea_lfs_jwt_secret
|
||||
LFS_JWT_SECRET = %%forgejo_lfs_jwt_secret
|
||||
OFFLINE_MODE = true
|
||||
PROTOCOL = https
|
||||
CERT_FILE = %%revprox_client_cert_file
|
||||
KEY_FILE = %%revprox_client_key_file
|
||||
|
||||
[lfs]
|
||||
PATH = /srv/forgejo/lib/data/lfs
|
||||
|
||||
[mailer]
|
||||
ENABLED = true
|
||||
HOST = %%smtp_relay_address
|
||||
FROM = %%gitea_mail_sender
|
||||
USER = %%smtp_relay_user@%%ip_eth0
|
||||
PASSWD = %%smtp_relay_password
|
||||
IS_TLS_ENABLED = true
|
||||
ENABLED = true
|
||||
SMTP_ADDR = %%smtp_relay_address
|
||||
SMTP_PORT = 25
|
||||
FROM = %%forgejo_mail_sender
|
||||
USER = %%smtp_relay_user@%%ip_eth0
|
||||
PASSWD = %%smtp_relay_password
|
||||
PROTOCOL = smtp+starttls
|
||||
;USE_CERTIFICATE = false
|
||||
;CERT_FILE = custom/mailer/cert.pem
|
||||
;KEY_FILE = custom/mailer/key.pem
|
||||
|
@ -97,11 +100,11 @@ HOST = network=tcp,addr=%%redis_client_server_domainname:6379,username=%%redis_c
|
|||
[log]
|
||||
MODE = console
|
||||
LEVEL = info
|
||||
ROOT_PATH = /srv/gitea/lib/log
|
||||
ROOT_PATH = /srv/forgejo/lib/log
|
||||
ROUTER = console
|
||||
|
||||
[security]
|
||||
INSTALL_LOCK = true
|
||||
SECRET_KEY = %%gitea_secret_key
|
||||
INTERNAL_TOKEN = %%gitea_internal_token
|
||||
SECRET_KEY = %%forgejo_secret_key
|
||||
INTERNAL_TOKEN = %%forgejo_internal_token
|
||||
PASSWORD_HASH_ALGO = pbkdf2
|
39
seed/forgejo/templates/forgejo.service
Normal file
39
seed/forgejo/templates/forgejo.service
Normal file
|
@ -0,0 +1,39 @@
|
|||
#GNUNUX https://codeberg.org/forgejo/forgejo/raw/branch/forgejo/contrib/systemd/forgejo.service
|
||||
[Unit]
|
||||
Description=Forgejo (Beyond coding. We forge.)
|
||||
After=syslog.target
|
||||
After=network.target
|
||||
#>GNUNUX
|
||||
After=risotto.target
|
||||
#<GNUNUX
|
||||
|
||||
[Service]
|
||||
# Modify these two values and uncomment them if you have
|
||||
# repos with lots of files and get an HTTP error 500 because
|
||||
# of that
|
||||
###
|
||||
#LimitMEMLOCK=infinity
|
||||
#LimitNOFILE=65535
|
||||
RestartSec=2s
|
||||
Type=simple
|
||||
User=forgejo
|
||||
Group=forgejo
|
||||
WorkingDirectory=/srv/forgejo/lib/
|
||||
ExecStart=/usr/bin/forgejo web --config /etc/forgejo/app.ini
|
||||
ExecStartPre=/bin/bash -c '%slurp
|
||||
/usr/bin/forgejo migrate --config /etc/forgejo/app.ini;%slurp
|
||||
if /usr/bin/forgejo admin auth list --config /etc/forgejo/app.ini | grep "OAuth2"; then %slurp
|
||||
echo "UPDATE";%slurp
|
||||
id=$(/usr/bin/forgejo --config /etc/forgejo/app.ini admin auth list |tail -n 1|awk "{ print \$1}");%slurp
|
||||
/usr/bin/forgejo admin auth update-oauth --id $id --name "%%domain_name_eth0" --provider "openidConnect" --key "%%oauth2_client_id" --secret "%%oauth2_client_secret" --scopes "profile email" --auto-discover-url "https://%%oauth2_client_server_domainname/.well-known/openid-configuration" --config /etc/forgejo/app.ini;%slurp
|
||||
else %slurp
|
||||
echo "CONFIGURE";%slurp
|
||||
/usr/bin/forgejo admin auth add-oauth --name "%%domain_name_eth0" --provider "openidConnect" --key "%%oauth2_client_id" --secret "%%oauth2_client_secret" --scopes "profile email" --auto-discover-url "https://%%oauth2_client_server_domainname/.well-known/openid-configuration" --config /etc/forgejo/app.ini;%slurp
|
||||
fi;%slurp
|
||||
sleep 2;%slurp
|
||||
echo "CONFIGURATION DONE"'
|
||||
Restart=always
|
||||
Environment=GITEA_WORK_DIR=/srv/forgejo/lib
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -7,4 +7,4 @@ auth_url: %%oauth2_client_external[0]
|
|||
auth_server: %%oauth2_server_domainname
|
||||
username: %%username
|
||||
password: %%get_password(server_name='test', username=%%username, description='test', type="cleartext", hide=%%hide_secret, temporary=True)
|
||||
gitea_title: "%%gitea_title"
|
||||
forgejo_title: "%%forgejo_title"
|
2
seed/forgejo/templates/sysuser-forgejo.conf
Normal file
2
seed/forgejo/templates/sysuser-forgejo.conf
Normal file
|
@ -0,0 +1,2 @@
|
|||
g forgejo 999 -
|
||||
u forgejo 999:999 "Git Version Control" /srv/forgejo/home /bin/nologin
|
4
seed/forgejo/templates/tmpfile-forgejo.conf
Normal file
4
seed/forgejo/templates/tmpfile-forgejo.conf
Normal file
|
@ -0,0 +1,4 @@
|
|||
d /srv/forgejo/lib/custom 750 forgejo forgejo - -
|
||||
d /srv/forgejo/lib/data 750 forgejo forgejo - -
|
||||
d /srv/forgejo/lib/log 750 forgejo forgejo - -
|
||||
d /srv/forgejo/home 750 forgejo forgejo - -
|
|
@ -1,11 +1,12 @@
|
|||
from yaml import load, SafeLoader
|
||||
from os import environ, makedirs
|
||||
from os import environ, makedirs, unlink
|
||||
from os.path import expandvars, isfile, isdir, dirname, join
|
||||
from re import search
|
||||
from dulwich.porcelain import init, clone, add, commit, push
|
||||
|
||||
from shutil import move
|
||||
from glob import glob
|
||||
from tempfile import TemporaryDirectory
|
||||
from subprocess import run
|
||||
from dulwich.porcelain import init, clone, add, commit, push
|
||||
|
||||
|
||||
from revprox import Authentication
|
||||
|
@ -13,8 +14,14 @@ from mookdns import MookDnsSystem
|
|||
|
||||
|
||||
PORT = '3000'
|
||||
GITEA_USERNAME = 'gitea'
|
||||
KEY_FILE = expandvars("$HOME/tests/risotto")
|
||||
GITEA_USERNAME = 'forgejo'
|
||||
GITEA_PORT = '2222'
|
||||
KEY_FILE = '/var/lib/risotto/srv/hosts/forgejo'
|
||||
# transition between gitea and forgejo
|
||||
GITEA_KEY_FILE = '/var/lib/risotto/srv/hosts/gitea'
|
||||
KNOWN_KEY = expandvars('$HOME/.ssh/known_hosts')
|
||||
CONFIG_SSH = expandvars('$HOME/.ssh/config')
|
||||
CONFIG_GIT = expandvars('$HOME/.gitconfig')
|
||||
|
||||
|
||||
AUTHENTICATION = None
|
||||
|
@ -24,7 +31,7 @@ DATA = None
|
|||
def get_data():
|
||||
global DATA
|
||||
if not DATA:
|
||||
conf_file = f'{environ["MACHINE_TEST_DIR"]}/gitea.yml'
|
||||
conf_file = f'{environ["MACHINE_TEST_DIR"]}/forgejo.yml'
|
||||
with open(conf_file) as yaml:
|
||||
DATA = load(yaml, Loader=SafeLoader)
|
||||
return DATA
|
||||
|
@ -38,11 +45,54 @@ def get_authentication(data):
|
|||
data['revprox_ip'],
|
||||
data['username'],
|
||||
data['password'],
|
||||
f'<title>{data["username"]} - Dashboard - {data["gitea_title"]}</title>',
|
||||
# f'<title>{data["username"]} - Tableau de bord - {data["forgejo_title"]}</title>',
|
||||
f'<title>{data["username"]} - Dashboard - {data["forgejo_title"]}</title>',
|
||||
)
|
||||
return AUTHENTICATION
|
||||
|
||||
|
||||
class SSHConfig:
|
||||
def __enter__(self):
|
||||
self.old_file = '{CONFIG_SSH}.old'
|
||||
if isfile(CONFIG_SSH) and not isfile(self.old_file):
|
||||
move(CONFIG_SSH, self.old_file)
|
||||
with open(CONFIG_SSH, 'w') as fh:
|
||||
fh.write(f"""Host *
|
||||
User forgejo
|
||||
PubkeyAcceptedKeyTypes +ssh-rsa
|
||||
StrictHostKeyChecking no
|
||||
IdentityFile {KEY_FILE}
|
||||
""")
|
||||
|
||||
def __exit__(self, *args):
|
||||
if isfile(self.old_file):
|
||||
move(self.old_file, CONFIG_SSH)
|
||||
else:
|
||||
unlink(CONFIG_SSH)
|
||||
|
||||
|
||||
class GITConfig:
|
||||
def __enter__(self):
|
||||
self.old_file = '{CONFIG_GIT}.old'
|
||||
if isfile(CONFIG_GIT) and not isfile(self.old_file):
|
||||
move(CONFIG_GIT, self.old_file)
|
||||
with open(CONFIG_GIT, 'w') as fh:
|
||||
conf_file = f'{environ["MACHINE_TEST_DIR"]}/reverse-proxy.yml'
|
||||
with open(conf_file) as yaml:
|
||||
data = load(yaml, Loader=SafeLoader)
|
||||
path = join(environ["MACHINE_TEST_DIR"], data["ca_certificate"])
|
||||
cert = glob(path)
|
||||
fh.write(f"""[http]
|
||||
sslCAInfo = {cert[0]}
|
||||
""")
|
||||
|
||||
def __exit__(self, *args):
|
||||
if isfile(self.old_file):
|
||||
move(self.old_file, CONFIG_GIT)
|
||||
else:
|
||||
unlink(CONFIG_GIT)
|
||||
|
||||
|
||||
def get_info(authentication,
|
||||
url,
|
||||
with_uid=False,
|
||||
|
@ -77,7 +127,7 @@ def get_info(authentication,
|
|||
|
||||
|
||||
def add_ssh_key(authentication, data):
|
||||
# Send key to gitea
|
||||
# Send key to forgejo
|
||||
url = f'{data["base_url"]}user/settings/keys'
|
||||
is_already_key, csrf = get_info(authentication, url, found_string='test_key_risotto')
|
||||
if is_already_key:
|
||||
|
@ -87,7 +137,7 @@ def add_ssh_key(authentication, data):
|
|||
key_dir = dirname(KEY_FILE)
|
||||
if not isdir(key_dir):
|
||||
makedirs(key_dir)
|
||||
cmd = ['/usr/bin/ssh-keygen', '-N', '', '-f', KEY_FILE]
|
||||
cmd = ['/usr/bin/ssh-keygen', '-t', 'rsa', '-N', '', '-f', KEY_FILE]
|
||||
run(cmd)
|
||||
with open(f'{KEY_FILE}.pub') as fh:
|
||||
key = fh.read()
|
||||
|
@ -104,12 +154,12 @@ def delete_ssh_key(authentication, data):
|
|||
is_already_key, csrf = get_info(authentication, url, found_string='test_key_risotto')
|
||||
|
||||
|
||||
def test_gitea():
|
||||
def test_forgejo():
|
||||
data = get_data()
|
||||
get_authentication(data)
|
||||
|
||||
|
||||
def test_gitea_repos():
|
||||
def test_forgejo_repos():
|
||||
data = get_data()
|
||||
authentication = get_authentication(data)
|
||||
if 'FIRST_RUN' in environ:
|
||||
|
@ -124,7 +174,7 @@ def test_gitea_repos():
|
|||
assert json['data'][0]['full_name'] == f'{username}/test_persistent'
|
||||
|
||||
|
||||
def test_gitea_create_repo():
|
||||
def test_forgejo_create_repo():
|
||||
data = get_data()
|
||||
authentication = get_authentication(data)
|
||||
url = f'{data["base_url"]}repo/create'
|
||||
|
@ -144,24 +194,31 @@ def test_repo():
|
|||
if 'FIRST_RUN' in environ:
|
||||
# delete_ssh_key(authentication, data)
|
||||
add_ssh_key(authentication, data)
|
||||
if not isfile(KEY_FILE):
|
||||
if isfile(GITEA_KEY_FILE):
|
||||
move(GITEA_KEY_FILE, KEY_FILE)
|
||||
move(GITEA_KEY_FILE + '.pub', KEY_FILE + '.pub')
|
||||
else:
|
||||
raise Exception(f'cannot find ssh key "{KEY_FILE}", do you run with FIRST_RUN?')
|
||||
with TemporaryDirectory() as tmpdirname:
|
||||
username = data['username'].split('@', 1)[0]
|
||||
dns = data['base_url'].split('/', 3)[2]
|
||||
ssh_url = f'ssh://{GITEA_USERNAME}@{dns}:2222/{username}/test.git'
|
||||
with MookDnsSystem(dns, data['ip']):
|
||||
filename = join(tmpdirname, 'test.txt')
|
||||
with open(filename, 'w') as fh:
|
||||
fh.write('test')
|
||||
repo = init(tmpdirname)
|
||||
add(repo, filename)
|
||||
commit(repo, message=b'test commit')
|
||||
push(repo=repo,
|
||||
remote_location=ssh_url,
|
||||
refspecs='master',
|
||||
)
|
||||
lst = list(repo.get_walker())
|
||||
assert len(lst) == 1
|
||||
assert lst[0].commit.message == b'test commit'
|
||||
ssh_url = f'ssh://{GITEA_USERNAME}@{dns}:{GITEA_PORT}/{username}/test.git'
|
||||
with SSHConfig():
|
||||
with MookDnsSystem(dns, data['ip']):
|
||||
filename = join(tmpdirname, 'test.txt')
|
||||
with open(filename, 'w') as fh:
|
||||
fh.write('test')
|
||||
repo = init(tmpdirname)
|
||||
add(repo, filename)
|
||||
commit(repo, message=b'test commit')
|
||||
push(repo=repo,
|
||||
remote_location=ssh_url,
|
||||
refspecs='master',
|
||||
)
|
||||
lst = list(repo.get_walker())
|
||||
assert len(lst) == 1
|
||||
assert lst[0].commit.message == b'test commit'
|
||||
|
||||
|
||||
def test_clone_http():
|
||||
|
@ -174,14 +231,19 @@ def test_clone_http():
|
|||
username = data['username'].split('@', 1)[0]
|
||||
dns = data['base_url'].split('/', 3)[2]
|
||||
http_url = f'{data["base_url"]}{username}/test.git'
|
||||
with MookDnsSystem(dns, data['revprox_ip']):
|
||||
repo = clone(http_url, tmpdirname)
|
||||
lst = list(repo.get_walker())
|
||||
assert len(lst) == 1
|
||||
assert lst[0].commit.message == b'test commit'
|
||||
with SSHConfig():
|
||||
with MookDnsSystem(dns, data['revprox_ip']):
|
||||
try:
|
||||
repo = clone(http_url, tmpdirname)
|
||||
except:
|
||||
with GITConfig():
|
||||
repo = clone(http_url, tmpdirname)
|
||||
lst = list(repo.get_walker())
|
||||
assert len(lst) == 1
|
||||
assert lst[0].commit.message == b'test commit'
|
||||
|
||||
|
||||
def test_gitea_delete_repo():
|
||||
def test_forgejo_delete_repo():
|
||||
repo_name = 'test'
|
||||
data = get_data()
|
||||
authentication = get_authentication(data)
|
||||
|
@ -206,21 +268,22 @@ def test_repo_persistent():
|
|||
with TemporaryDirectory() as tmpdirname:
|
||||
username = data['username'].split('@', 1)[0]
|
||||
dns = data['base_url'].split('/', 3)[2]
|
||||
ssh_url = f'ssh://{GITEA_USERNAME}@{dns}:2222/{username}/test_persistent.git'
|
||||
with MookDnsSystem(dns, data['ip']):
|
||||
if 'FIRST_RUN' in environ:
|
||||
filename = join(tmpdirname, 'test.txt')
|
||||
with open(filename, 'w') as fh:
|
||||
fh.write('test')
|
||||
repo = init(tmpdirname)
|
||||
add(repo, filename)
|
||||
commit(repo, message=b'test commit')
|
||||
push(repo=repo,
|
||||
remote_location=ssh_url,
|
||||
refspecs='master',
|
||||
)
|
||||
else:
|
||||
repo = clone(ssh_url, tmpdirname)
|
||||
lst = list(repo.get_walker())
|
||||
assert len(lst) == 1
|
||||
assert lst[0].commit.message == b'test commit'
|
||||
ssh_url = f'ssh://{GITEA_USERNAME}@{dns}:{GITEA_PORT}/{username}/test_persistent.git'
|
||||
with SSHConfig():
|
||||
with MookDnsSystem(dns, data['ip']):
|
||||
if 'FIRST_RUN' in environ:
|
||||
filename = join(tmpdirname, 'test.txt')
|
||||
with open(filename, 'w') as fh:
|
||||
fh.write('test')
|
||||
repo = init(tmpdirname)
|
||||
add(repo, filename)
|
||||
commit(repo, message=b'test commit')
|
||||
push(repo=repo,
|
||||
remote_location=ssh_url,
|
||||
refspecs='master',
|
||||
)
|
||||
else:
|
||||
repo = clone(ssh_url, tmpdirname)
|
||||
lst = list(repo.get_walker())
|
||||
assert len(lst) == 1
|
||||
assert lst[0].commit.message == b'test commit'
|
|
@ -1,10 +0,0 @@
|
|||
Créer un utilisateur
|
||||
=====================
|
||||
|
||||
su - gitea -s /bin/bash -c "gitea admin user create --username gnunux --password Njw_csh7DeeZtWDxC6WVXDdB-9A --email gnunux@gnunux.info --admin -c /etc/gitea/app.ini"
|
||||
|
||||
DEBUG
|
||||
=====
|
||||
|
||||
sed -i 's/info/debug/g' /etc/gitea/app.ini
|
||||
systemctl restart gitea
|
|
@ -1,88 +0,0 @@
|
|||
---
|
||||
gitea: none
|
||||
include_toc: true
|
||||
---
|
||||
|
||||
# gitea
|
||||
|
||||
[All applications services for this dataset.](../README.md)
|
||||
|
||||
## Description
|
||||
|
||||
Gitea, a community managed lightweight code hosting solution.
|
||||
|
||||
[For more informations](https://gitea.io/)
|
||||
|
||||
## Dependances
|
||||
|
||||
- [base-fedora-36](../base-fedora-36/README.md)
|
||||
- [base-fedora](../base-fedora/README.md)
|
||||
- [systemd](../systemd/README.md)
|
||||
- [base-machine](../base-machine/README.md)
|
||||
- [base](../base/README.md)
|
||||
- [dns-local](../dns-local/README.md)
|
||||
- [postgresql-client](../postgresql-client/README.md)
|
||||
- [reverse-proxy-client](../reverse-proxy-client/README.md)
|
||||
- [relay-mail-client](../relay-mail-client/README.md)
|
||||
- [redis-client](../redis-client/README.md)
|
||||
- [oauth2-client](../oauth2-client/README.md)
|
||||
|
||||
## Variables
|
||||
|
||||
### Général (*general*)
|
||||
|
||||
#### network (*general.network*)
|
||||
|
||||
| Description | Values |
|
||||
|---------------------------------------------------|----------|
|
||||
| *[**incoming_ports**](dictionaries/31_gitea.xml)* | 2222 |
|
||||
|
||||
#### Redis (*general.redis*)
|
||||
|
||||
| Description | Values |
|
||||
|-----------------------------------------------------------|----------|
|
||||
| *[**redis_client_key_owner**](dictionaries/31_gitea.xml)* | gitea |
|
||||
|
||||
#### Gitea (*general.gitea*)
|
||||
|
||||
Git forge Gitea
|
||||
|
||||
| Description | Values | Type |
|
||||
|-----------------------------------------------------------------------------------------------------------|----------------------------------|------------------------------------------------------------------------------------------------------------------------|
|
||||
| **Titre de la forge** (*[gitea_title](dictionaries/31_gitea.xml)*) | Gitea: Git avec une tasse de thé | [string](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) |
|
||||
| **Les courriels sont envoyés à partir de cet adresse** (*[gitea_mail_sender](dictionaries/31_gitea.xml)*) | | [mail](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) |
|
||||
|
||||
#### revprox (*general.revprox*)
|
||||
|
||||
| Description | Values |
|
||||
|--------------------------------------------------------------|----------|
|
||||
| *[**revprox_client_port**](dictionaries/31_gitea.xml)* | 3000 |
|
||||
| *[**revprox_client_cert_owner**](dictionaries/31_gitea.xml)* | gitea |
|
||||
| *[**revprox_client_cert_group**](dictionaries/31_gitea.xml)* | gitea |
|
||||
|
||||
##### revprox_client (*general.revprox.revprox_client*)
|
||||
|
||||
| Description | Values |
|
||||
|------------------------------------------------------------------|----------|
|
||||
| *[**revprox_client_local_location**](dictionaries/31_gitea.xml)* | / |
|
||||
|
||||
#### oauth2_client (*general.oauth2_client*)
|
||||
|
||||
| Description | Values |
|
||||
|-----------------------------------------------------------------------|----------------------|
|
||||
| *[**oauth2_is_client_application**](dictionaries/31_gitea.xml)* | True |
|
||||
| *[**oauth2_client_name**](dictionaries/31_gitea.xml)* | Forge |
|
||||
| *[**oauth2_client_description**](dictionaries/31_gitea.xml)* | Forge logiciel Gitea |
|
||||
| *[**oauth2_client_category**](dictionaries/31_gitea.xml)* | Développement |
|
||||
| *[**oauth2_client_logo**](dictionaries/31_gitea.xml)* | silique_note.png |
|
||||
| *[**oauth2_client_token_signature_algo**](dictionaries/31_gitea.xml)* | RS256 |
|
||||
|
||||
##### external (*general.oauth2_client.external*)
|
||||
|
||||
| Description |
|
||||
|-------------------------------------------------------|
|
||||
| *[oauth2_client_external](dictionaries/31_gitea.xml)* |
|
||||
|
||||
|
||||
- [+]: variable is multiple
|
||||
- **bold**: variable is mandatory
|
|
@ -1,25 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -ex
|
||||
|
||||
gpg --keyserver keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
|
||||
|
||||
VERS=$(wget https://dl.gitea.io/gitea/version.json -q -O - | jq -r '.latest.version')
|
||||
|
||||
mkdir -p ~/gitea/
|
||||
|
||||
if [ ! -f ~/"gitea/gitea-$VERS-linux-amd64.xz" ]; then
|
||||
rm -rf ~/"gitea/gitea-*-linux-amd64.xz"
|
||||
wget "https://dl.gitea.io/gitea/$VERS/gitea-$VERS-linux-amd64.xz" -O ~/"gitea/gitea-$VERS-linux-amd64.xz"
|
||||
fi
|
||||
if [ ! -f ~/"gitea/gitea-$VERS-linux-amd64.xz.asc" ]; then
|
||||
rm -rf ~/"gitea/gitea-*-linux-amd64.xz.asc"
|
||||
wget "https://dl.gitea.io/gitea/$VERS/gitea-$VERS-linux-amd64.xz.asc" -O ~/"gitea/gitea-$VERS-linux-amd64.xz.asc"
|
||||
fi
|
||||
|
||||
gpg --verify ~/"gitea/gitea-$VERS-linux-amd64.xz.asc" ~/"gitea/gitea-$VERS-linux-amd64.xz"
|
||||
|
||||
cp -a ~/"gitea/gitea-$VERS-linux-amd64.xz" .
|
||||
xz -d "gitea-$VERS-linux-amd64.xz"
|
||||
mv "gitea-$VERS-linux-amd64" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/bin/gitea"
|
||||
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/bin/gitea"
|
|
@ -1,24 +0,0 @@
|
|||
#ORIGIN https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/systemd/gitea.service
|
||||
[Unit]
|
||||
Description=Gitea (Git with a cup of tea)
|
||||
After=risotto.target
|
||||
|
||||
[Service]
|
||||
# Modify these two values and uncomment them if you have
|
||||
# repos with lots of files and get an HTTP error 500 because
|
||||
# of that
|
||||
###
|
||||
#LimitMEMLOCK=infinity
|
||||
#LimitNOFILE=65535
|
||||
RestartSec=2s
|
||||
Type=simple
|
||||
User=gitea
|
||||
Group=gitea
|
||||
WorkingDirectory=/srv/gitea/lib/
|
||||
ExecStart=/usr/bin/gitea web --config /etc/gitea/app.ini
|
||||
ExecStartPre=-/bin/bash -c 'if /usr/bin/gitea admin auth list --config /etc/gitea/app.ini | grep "OAuth2"; then echo "UPDATE";id=$(/usr/bin/gitea --config /etc/gitea/app.ini admin auth list |tail -n 1|awk "{ print \$1}");/usr/bin/gitea admin auth update-oauth --id $id --name "%%domain_name_eth0" --provider "openidConnect" --key "%%oauth2_client_id" --secret "%%oauth2_client_secret" --scopes "profile email" --auto-discover-url "https://%%oauth2_client_server_domainname/.well-known/openid-configuration" --config /etc/gitea/app.ini;else echo "CONFIGURE"; /usr/bin/gitea admin auth add-oauth --name "%%domain_name_eth0" --provider "openidConnect" --key "%%oauth2_client_id" --secret "%%oauth2_client_secret" --scopes "profile email" --auto-discover-url "https://%%oauth2_client_server_domainname/.well-known/openid-configuration" --config /etc/gitea/app.ini;fi;sleep 2; echo "CONFIGURATION DONE"'
|
||||
Restart=always
|
||||
Environment=USER=gitea HOME=/srv/gitea/home GITEA_WORK_DIR=/srv/gitea/lib
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,2 +0,0 @@
|
|||
g gitea 999 -
|
||||
u gitea 999:999 "Git Version Control" /srv/gitea/home /bin/nologin
|
|
@ -1,4 +0,0 @@
|
|||
d /srv/gitea/lib/custom 750 gitea gitea - -
|
||||
d /srv/gitea/lib/data 750 gitea gitea - -
|
||||
d /srv/gitea/lib/log 750 gitea gitea - -
|
||||
d /srv/gitea/home 750 gitea gitea - -
|
|
@ -1,115 +0,0 @@
|
|||
# For more information on configuration, see:
|
||||
# * Official English Documentation: http://nginx.org/en/docs/
|
||||
# * Official Russian Documentation: http://nginx.org/ru/docs/
|
||||
|
||||
%if %%os_name == 'Fedora'
|
||||
user nginx;
|
||||
%else
|
||||
user www-data;
|
||||
%end if
|
||||
worker_processes auto;
|
||||
#GNUNUX error_log /var/log/nginx/error.log;
|
||||
#>GNUNUX
|
||||
error_log syslog:server=unix:/dev/log;
|
||||
#<GNUNUX
|
||||
|
||||
pid /run/nginx.pid;
|
||||
|
||||
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
|
||||
%if %%os_name == 'Fedora'
|
||||
include /usr/share/nginx/modules/*.conf;
|
||||
%else
|
||||
include /etc/nginx/modules-enabled/*.conf;
|
||||
%end if
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
#GNUNUX access_log /var/log/nginx/access.log main;
|
||||
#>GNUNUX
|
||||
access_log syslog:server=unix:/dev/log combined;
|
||||
error_log syslog:server=unix:/dev/log error;
|
||||
#<GNUNUX
|
||||
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
keepalive_timeout 65;
|
||||
types_hash_max_size 4096;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
# Load modular configuration files from the /etc/nginx/conf.d directory.
|
||||
# See http://nginx.org/en/docs/ngx_core_module.html#include
|
||||
# for more information.
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
%if %%nginx_default_http
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name _;
|
||||
root %%nginx_root;
|
||||
|
||||
# Load configuration files for the default server block.
|
||||
include /etc/nginx/default.d/*.conf;
|
||||
|
||||
error_page 404 /404.html;
|
||||
location = /404.html {
|
||||
}
|
||||
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
}
|
||||
}
|
||||
%end if
|
||||
# Settings for a TLS enabled server.
|
||||
#
|
||||
%if %%nginx_default_https
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
%if %%getVar('revprox_client_external_domainnames', None)
|
||||
%for %%domain in %%revprox_client_external_domainnames
|
||||
server_name %%domain;
|
||||
%end for
|
||||
%else
|
||||
server_name _;
|
||||
%end if
|
||||
root %%nginx_root;
|
||||
|
||||
# ssl_certificate "/etc/pki/nginx/server.crt";
|
||||
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
|
||||
ssl_certificate %%revprox_crt_file;
|
||||
ssl_certificate_key %%revprox_key_file;
|
||||
%if %%getVar('revprox_client_external_domainnames', None)
|
||||
ssl_client_certificate %%revprox_ca_file;
|
||||
%else
|
||||
ssl_client_certificate /etc/pki/ca-trust/source/anchors/ca_HTTP.crt;
|
||||
%end if
|
||||
|
||||
ssl_session_cache shared:SSL:1m;
|
||||
ssl_session_timeout 10m;
|
||||
|
||||
%if %%os_name == 'Fedora'
|
||||
ssl_ciphers PROFILE=SYSTEM;
|
||||
ssl_prefer_server_ciphers on;
|
||||
%end if
|
||||
# Load configuration files for the default server block.
|
||||
include /etc/nginx/default.d/*.conf;
|
||||
|
||||
error_page 404 /404.html;
|
||||
location = /40x.html {
|
||||
}
|
||||
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
}
|
||||
}
|
||||
%end if
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
}
|
|
@ -1,10 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>Welcome</title>
|
||||
<style>
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
</body>
|
||||
</html>
|
|
@ -1,10 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>Welcome</title>
|
||||
<style>
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
</body>
|
||||
</html>
|
|
@ -1,48 +0,0 @@
|
|||
# Location of the slapd configuration to use. If using the cn=config
|
||||
# backend to store configuration in LDIF, set this variable to the
|
||||
# directory containing the cn=config data; otherwise set it to the location
|
||||
# of your slapd.conf file. If empty, use the compiled-in default
|
||||
# (/etc/ldap/slapd.d).
|
||||
SLAPD_CONF="/etc/ldap/slapd.conf"
|
||||
|
||||
# System account to run the slapd server under. If empty the server
|
||||
# will run as root.
|
||||
SLAPD_USER="openldap"
|
||||
|
||||
# System group to run the slapd server under. If empty the server will
|
||||
# run in the primary group of its user.
|
||||
SLAPD_GROUP="openldap"
|
||||
|
||||
# Path to the pid file of the slapd server. If not set the init.d script
|
||||
# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.d by
|
||||
# default)
|
||||
SLAPD_PIDFILE=
|
||||
|
||||
# slapd normally serves ldap only on all TCP-ports 389. slapd can also
|
||||
# service requests on TCP-port 636 (ldaps) and requests via unix
|
||||
# sockets.
|
||||
# Example usage:
|
||||
# SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
|
||||
SLAPD_SERVICES="ldaps:///"
|
||||
|
||||
# If SLAPD_NO_START is set, the init script will not start or restart
|
||||
# slapd (but stop will still work). Uncomment this if you are
|
||||
# starting slapd via some other means or if you don't want slapd normally
|
||||
# started at boot.
|
||||
#SLAPD_NO_START=1
|
||||
|
||||
# If SLAPD_SENTINEL_FILE is set to path to a file and that file exists,
|
||||
# the init script will not start or restart slapd (but stop will still
|
||||
# work). Use this for temporarily disabling startup of slapd (when doing
|
||||
# maintenance, for example, or through a configuration management system)
|
||||
# when you don't want to edit a configuration file.
|
||||
SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
|
||||
|
||||
# For Kerberos authentication (via SASL), slapd by default uses the system
|
||||
# keytab file (/etc/krb5.keytab). To use a different keytab file,
|
||||
# uncomment this line and change the path.
|
||||
#export KRB5_KTNAME=/etc/krb5.keytab
|
||||
|
||||
# Additional options to pass to slapd
|
||||
SLAPD_OPTIONS=""
|
||||
|
Loading…
Reference in a new issue