From a66f398d71d0a962c403c74f32119343f396cdc5 Mon Sep 17 00:00:00 2001 From: Clemens Date: Tue, 9 Jul 2024 11:10:40 +0200 Subject: [PATCH 1/5] updated to forgejo version 7.0 --- src/main/cljc/dda/c4k_forgejo/forgejo.cljc | 2 +- src/main/resources/forgejo/appini-env-configmap.yaml | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/src/main/cljc/dda/c4k_forgejo/forgejo.cljc b/src/main/cljc/dda/c4k_forgejo/forgejo.cljc index 7d1c86a..06e14f6 100644 --- a/src/main/cljc/dda/c4k_forgejo/forgejo.cljc +++ b/src/main/cljc/dda/c4k_forgejo/forgejo.cljc @@ -71,7 +71,7 @@ (def federated-image-name "domaindrivenarchitecture/c4k-forgejo-federated") (def federated-image-version "latest") (def non-federated-image-name "codeberg.org/forgejo/forgejo") -(def non-federated-image-version "1.19") +(def non-federated-image-version "7.0") (defn-spec generate-image-str string? [config config?] diff --git a/src/main/resources/forgejo/appini-env-configmap.yaml b/src/main/resources/forgejo/appini-env-configmap.yaml index 348a62a..247d2c2 100644 --- a/src/main/resources/forgejo/appini-env-configmap.yaml +++ b/src/main/resources/forgejo/appini-env-configmap.yaml @@ -16,7 +16,6 @@ data: FORGEJO__database__NAME: forgejo FORGEJO__database__LOG_SQL: "false" FORGEJO__database__SSL_MODE: disable - FORGEJO__database__CHARSET: utf8 #[DEFAULT] APP_NAME: APPNAME @@ -37,12 +36,12 @@ data: #[mailer] FORGEJO__mailer__ENABLED: "true" FORGEJO__mailer__FROM: FROM - FORGEJO__mailer__MAILER_TYPE: smtp+startls + FORGEJO__mailer__PROTOCOL: smtp+starttls FORGEJO__mailer__SMTP_ADDR: MAILERHOST FORGEJO__mailer__SMTP_PORT: MAILERPORT #[oauth2] - FORGEJO__oauth2__ENABLE: "true" + FORGEJO__oauth2__ENABLED: "true" #[openid] FORGEJO__openid__ENABLE_OPENID: "true" @@ -76,7 +75,7 @@ data: FORGEJO__service__REQUIRE_SIGNIN_VIEW: "false" FORGEJO__service__REGISTER_EMAIL_CONFIRM: "true" FORGEJO__service__ENABLE_NOTIFY_MAIL: "true" - FORGEJO__service__EMAIL_DOMAIN_WHITELIST: WHITELISTDOMAINS + FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST: WHITELISTDOMAINS FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "false" FORGEJO__service__ENABLE_BASIC_AUTHENTICATION: "true" FORGEJO__service__ENABLE_CAPTCHA: "false" From 3f0ce02da3c69e619714b4b822503582bb291be7 Mon Sep 17 00:00:00 2001 From: Clemens Date: Tue, 9 Jul 2024 11:26:39 +0200 Subject: [PATCH 2/5] Added option for dedicated federation-enables and fixed tests --- src/main/cljc/dda/c4k_forgejo/core.cljc | 4 ++- src/main/cljc/dda/c4k_forgejo/forgejo.cljc | 30 +++++++++---------- .../cljc/dda/c4k_forgejo/forgejo_test.cljc | 12 ++++---- 3 files changed, 24 insertions(+), 22 deletions(-) diff --git a/src/main/cljc/dda/c4k_forgejo/core.cljc b/src/main/cljc/dda/c4k_forgejo/core.cljc index 5614ed4..303cbc3 100644 --- a/src/main/cljc/dda/c4k_forgejo/core.cljc +++ b/src/main/cljc/dda/c4k_forgejo/core.cljc @@ -12,6 +12,7 @@ (def config-defaults {:namespace "forgejo" :issuer "staging" :deploy-federated "false" + :federation-enabled "false" :db-name "forgejo" :pv-storage-size-gb 5 :pvc-storage-class-name "" @@ -26,7 +27,8 @@ ::forgejo/service-noreply-address] :opt-un [::forgejo/issuer ::forgejo/deploy-federated - ::forgejo/default-app-name + ::forgejo/federation-enabled + ::forgejo/default-app-name ::forgejo/service-domain-whitelist ::forgejo/forgejo-image-version-overwrite ::backup/restic-repository diff --git a/src/main/cljc/dda/c4k_forgejo/forgejo.cljc b/src/main/cljc/dda/c4k_forgejo/forgejo.cljc index 06e14f6..abda99c 100644 --- a/src/main/cljc/dda/c4k_forgejo/forgejo.cljc +++ b/src/main/cljc/dda/c4k_forgejo/forgejo.cljc @@ -33,6 +33,7 @@ (s/def ::default-app-name string?) (s/def ::fqdn pred/fqdn-string?) (s/def ::deploy-federated boolean-string?) +(s/def ::federation-enabled boolean-string?) (s/def ::mailer-from pred/bash-env-string?) (s/def ::mailer-host pred/bash-env-string?) (s/def ::mailer-port pred/bash-env-string?) @@ -53,6 +54,7 @@ ::service-noreply-address] :opt-un [::issuer ::deploy-federated + ::federation-enabled ::default-app-name ::service-domain-whitelist ::forgejo-image-version-overwrite])) @@ -88,7 +90,7 @@ (defn generate-appini-env [config] (let [{:keys [default-app-name - deploy-federated + federation-enabled fqdn mailer-from mailer-host @@ -97,19 +99,19 @@ service-noreply-address] :or {default-app-name "forgejo instance" service-domain-whitelist fqdn}} config - deploy-federated-bool (boolean-from-string deploy-federated)] + federation-enabled-bool (boolean-from-string federation-enabled)] (-> (yaml/load-as-edn "forgejo/appini-env-configmap.yaml") - (cm/replace-all-matching "APPNAME" default-app-name) - (cm/replace-all-matching "FQDN" fqdn) - (cm/replace-all-matching "URL" (str "https://" fqdn)) - (cm/replace-all-matching "FROM" mailer-from) - (cm/replace-all-matching "MAILERHOST" mailer-host) - (cm/replace-all-matching "MAILERPORT" mailer-port) - (cm/replace-all-matching "WHITELISTDOMAINS" service-domain-whitelist) - (cm/replace-all-matching "NOREPLY" service-noreply-address) - (cm/replace-all-matching "IS_FEDERATED" - (if deploy-federated-bool + (cm/replace-all-matching-values-by-new-value "APPNAME" default-app-name) + (cm/replace-all-matching-values-by-new-value "FQDN" fqdn) + (cm/replace-all-matching-values-by-new-value "URL" (str "https://" fqdn)) + (cm/replace-all-matching-values-by-new-value "FROM" mailer-from) + (cm/replace-all-matching-values-by-new-value "MAILERHOST" mailer-host) + (cm/replace-all-matching-values-by-new-value "MAILERPORT" mailer-port) + (cm/replace-all-matching-values-by-new-value "WHITELISTDOMAINS" service-domain-whitelist) + (cm/replace-all-matching-values-by-new-value "NOREPLY" service-noreply-address) + (cm/replace-all-matching-values-by-new-value "IS_FEDERATED" + (if federation-enabled-bool "true" "false"))))) @@ -148,11 +150,9 @@ (defn-spec generate-deployment pred/map-or-seq? [config config?] - (let [{:keys [deploy-federated]} config - deploy-federated-bool (boolean-from-string deploy-federated)] (-> (yaml/load-as-edn "forgejo/deployment.yaml") - (cm/replace-all-matching "IMAGE_NAME" (generate-image-str config))))) + (cm/replace-all-matching "IMAGE_NAME" (generate-image-str config)))) (defn generate-service [] diff --git a/src/test/cljc/dda/c4k_forgejo/forgejo_test.cljc b/src/test/cljc/dda/c4k_forgejo/forgejo_test.cljc index 51f3021..d7b801b 100644 --- a/src/test/cljc/dda/c4k_forgejo/forgejo_test.cljc +++ b/src/test/cljc/dda/c4k_forgejo/forgejo_test.cljc @@ -14,7 +14,7 @@ (deftest should-generate-image-str (testing "non-federated-image" - (is (= "codeberg.org/forgejo/forgejo:1.19" + (is (= "codeberg.org/forgejo/forgejo:7.0" (cut/generate-image-str {:fqdn "test.de" :mailer-from "" :mailer-host "m.t.de" @@ -63,12 +63,12 @@ :FORGEJO__server__ROOT_URL-c2 "https://test.com", :FORGEJO__server__SSH_DOMAIN-c1 "test.de", :FORGEJO__server__SSH_DOMAIN-c2 "test.com", - :FORGEJO__service__EMAIL_DOMAIN_WHITELIST-c1 "adb.de", - :FORGEJO__service__EMAIL_DOMAIN_WHITELIST-c2 "test.com,test.net", + :FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST-c1 "adb.de", + :FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST-c2 "test.com,test.net", :FORGEJO__service__NO_REPLY_ADDRESS-c1 "", :FORGEJO__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"} (th/map-diff (cut/generate-appini-env {:default-app-name "" - :deploy-federated "false" + :federation-enabled "false" :fqdn "test.de" :mailer-from "" :mailer-host "m.t.de" @@ -76,7 +76,7 @@ :service-domain-whitelist "adb.de" :service-noreply-address ""}) (cut/generate-appini-env {:default-app-name "test forgejo" - :deploy-federated "true" + :federation-enabled "true" :fqdn "test.com" :mailer-from "test@test.com" :mailer-host "mail.test.com" @@ -97,7 +97,7 @@ :spec {:containers [{:name "forgejo", - :image "codeberg.org/forgejo/forgejo:1.19", + :image "codeberg.org/forgejo/forgejo:7.0", :imagePullPolicy "IfNotPresent", :envFrom [{:configMapRef {:name "forgejo-env"}} {:secretRef {:name "forgejo-secrets"}}], :volumeMounts [{:name "forgejo-data-volume", :mountPath "/data"}], From 6a291d962ae67acf3ec9ab4c8f6fc1512ebb81c7 Mon Sep 17 00:00:00 2001 From: Clemens Date: Wed, 10 Jul 2024 11:39:46 +0200 Subject: [PATCH 3/5] added namespace to runbook commands --- doc/Runbook_UpgradeFrom1.19To7.0.5.md | 58 +++++++++++++-------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/doc/Runbook_UpgradeFrom1.19To7.0.5.md b/doc/Runbook_UpgradeFrom1.19To7.0.5.md index 4816595..45cbf69 100644 --- a/doc/Runbook_UpgradeFrom1.19To7.0.5.md +++ b/doc/Runbook_UpgradeFrom1.19To7.0.5.md @@ -9,70 +9,70 @@ ## Preparations -1. Stop Forgejo Prod: `k scale deployment forgejo --replicas=0` -1. Disable Backup Cron: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'` -1. Scale up Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1` -1. Execute Manual Backup: `kubectl exec -it backup-restore-... -- /usr/local/bin/backup.sh` +1. Stop Forgejo Prod: `k scale -n forgejo deployment forgejo --replicas=0` +1. Disable Backup Cron: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'` +1. Scale up Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1` +1. Execute Manual Backup: `kubectl exec -n forgejo -it backup-restore-... -- /usr/local/bin/backup.sh` ### Create 2nd Repo Prod Server 1. Terraform Preparations for 2nd Server: TODO 1. Install c4k-forgejo Version TODO with config `"forgejo-image-version-overwrite": "1.19.3-0"` -1. Stop Forgejo Deployment: `k scale deployment forgejo --replicas=0` -1. Disable Backup Cron: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'` -1. Scale up Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1` +1. Stop Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0` +1. Disable Backup Cron: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'` +1. Scale up Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1` 1. Restore Forgejo Backup: See [BackupAndRestore.md](BackupAndRestore.md) 1. Check for `..._INSTALL_LOCK: true` in ConfigMap `forgejo-env` -1. Scale up Forgejo Deployment and check for (startup) problems: `k scale deployment forgejo --replicas=1` +1. Scale up Forgejo Deployment and check for (startup) problems: `k scale -n forgejo deployment forgejo --replicas=1` ## Upgrade to 1.20.1-0 -1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0` -1. Adjust configmap: `k edit cm forgejo-env` +1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0` +1. Adjust configmap: `k edit -n forgejo cm forgejo-env` 1. Remove `FORGEJO__database__CHARSET: utf8` (This was a misconfiguration, since this option only had effect for mysql dbs) 1. Change `FORGEJO__mailer__MAILER_TYPE: smtp+startls` TO `FORGEJO__mailer__PROTOCOL: smtp+starttls` (Missed deprecation from 1.19) 1. Change `FORGEJO__service__EMAIL_DOMAIN_WHITELIST: repo.test.meissa.de` TO `FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST: repo.test.meissa.de` (Fallback deprecation in 1.21) -1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini` -1. Set version to `1.20.1-0` with `k edit deployment forgejo` -1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1` +1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini` +1. Set version to `1.20.1-0` with `k edit -n forgejo deployment forgejo` +1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1` 1. Check for errors ## Upgrade to 1.21.1-0 -1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0` -1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini` -1. Set version to `1.21.1-0` with `k edit deployment forgejo` -1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1` +1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0` +1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini` +1. Set version to `1.21.1-0` with `k edit -n forgejo deployment forgejo` +1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1` 1. Check for errors 1. After upgrading, login as an admin, go to the `/admin` page and click run `Sync missed branches from git data to databases` (`Fehlende Branches aus den Git-Daten in die Datenbank synchronisieren`). If this is not done there will be messages such as `LoadBranches: branch does not exist in the logs`. ## Upgrade to 7.0.0 -1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0` -1. Adjust configmap: `k edit cm forgejo-env` +1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0` +1. Adjust configmap: `k edit -n forgejo cm forgejo-env` 1. Change `FORGEJO__oauth2__ENABLE: "true"` TO `FORGEJO__oauth2__ENABLED: "true"` -1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini` -1. Set version to `7.0.0` with `k edit deployment forgejo` -1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1` +1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini` +1. Set version to `7.0.0` with `k edit -n forgejo deployment forgejo` +1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1` 1. Check for errors ## Upgrade to 7.0.5 (no breaking changes) TODO: Upgrade to 8.0.0 instead after Release! -1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0` -1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini` -1. Set version to `7.0.5` with `k edit deployment forgejo` -1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1` +1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0` +1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini` +1. Set version to `7.0.5` with `k edit -n forgejo deployment forgejo` +1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1` 1. Check for errors ## Post Work 1. Switch DNS to new server -1. Reenable Backup Cron on new server: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : false }}'` -1. Execute manual Backup on new server: `kubectl exec -it backup-restore-... -- /usr/local/bin/backup.sh` -1. Scale down Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1` +1. Reenable Backup Cron on new server: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : false }}'` +1. Execute manual Backup on new server: `kubectl exec -n forgejo -it backup-restore-... -- /usr/local/bin/backup.sh` +1. Scale down Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1` 1. The scope of all access tokens might (invisibly) have changed (in v1.20). Thus, rotate all tokens! 1. Users should check their ssh keys: if they use rsa keys the minimum length should be 3072 bits! However, shorter keys should still work. From c9f6d54ce1ca107d3d74804126a4e73c76dbdf07 Mon Sep 17 00:00:00 2001 From: Clemens Date: Wed, 31 Jul 2024 11:30:57 +0200 Subject: [PATCH 4/5] update forgejo image version to 8.0 --- src/main/cljc/dda/c4k_forgejo/forgejo.cljc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/cljc/dda/c4k_forgejo/forgejo.cljc b/src/main/cljc/dda/c4k_forgejo/forgejo.cljc index abda99c..0766a02 100644 --- a/src/main/cljc/dda/c4k_forgejo/forgejo.cljc +++ b/src/main/cljc/dda/c4k_forgejo/forgejo.cljc @@ -73,7 +73,7 @@ (def federated-image-name "domaindrivenarchitecture/c4k-forgejo-federated") (def federated-image-version "latest") (def non-federated-image-name "codeberg.org/forgejo/forgejo") -(def non-federated-image-version "7.0") +(def non-federated-image-version "8.0") (defn-spec generate-image-str string? [config config?] From b133f89ea4ca65b650b63e97d667d0fd086ec8e5 Mon Sep 17 00:00:00 2001 From: Clemens Date: Wed, 31 Jul 2024 11:37:23 +0200 Subject: [PATCH 5/5] fix tests --- src/test/cljc/dda/c4k_forgejo/forgejo_test.cljc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/test/cljc/dda/c4k_forgejo/forgejo_test.cljc b/src/test/cljc/dda/c4k_forgejo/forgejo_test.cljc index d7b801b..25d64cd 100644 --- a/src/test/cljc/dda/c4k_forgejo/forgejo_test.cljc +++ b/src/test/cljc/dda/c4k_forgejo/forgejo_test.cljc @@ -14,7 +14,7 @@ (deftest should-generate-image-str (testing "non-federated-image" - (is (= "codeberg.org/forgejo/forgejo:7.0" + (is (= "codeberg.org/forgejo/forgejo:8.0" (cut/generate-image-str {:fqdn "test.de" :mailer-from "" :mailer-host "m.t.de" @@ -97,7 +97,7 @@ :spec {:containers [{:name "forgejo", - :image "codeberg.org/forgejo/forgejo:7.0", + :image "codeberg.org/forgejo/forgejo:8.0", :imagePullPolicy "IfNotPresent", :envFrom [{:configMapRef {:name "forgejo-env"}} {:secretRef {:name "forgejo-secrets"}}], :volumeMounts [{:name "forgejo-data-volume", :mountPath "/data"}],