Compare commits

..

196 commits
3.0.4 ... main

Author SHA1 Message Date
9f978748e1 fix name 2024-11-04 08:50:53 +01:00
08b965b3a4 Merge branch 'main' of ssh://repo.prod.meissa.de:2222/meissa/c4k-forgejo 2024-10-15 10:09:27 +02:00
b35121ced2 [Skip-CI] Update steps from 1.21 to 7.0 2024-10-15 10:09:02 +02:00
9fefac0868 [skip ci] fix test 2024-09-20 13:41:08 +02:00
ad5fbfd173 [skip ci] update to 8.0.3; backup&restore cmd's use bb now 2024-09-20 12:12:28 +02:00
85107e23ad bump version to: 4.0.1-SNAPSHOT 2024-08-29 13:43:57 +02:00
5141b5ee77 release: 4.0.0 2024-08-29 13:43:57 +02:00
ce98afe445 upgrade dependencies 2024-08-29 13:41:19 +02:00
440456baa4 update runbook 2024-08-27 08:39:34 +02:00
581b50bf13 fix restore 2024-08-23 17:47:52 +02:00
22199ba2ac Merge branch 'main' of ssh://repo.prod.meissa.de:2222/meissa/c4k-forgejo 2024-08-23 15:44:54 +02:00
9352107720 set backup execution dir 2024-08-23 15:44:40 +02:00
bom
034a9bc83c Add aws credentials to prepare 2024-08-23 13:51:03 +02:00
2f46d330e1 test more stright forward 2024-08-23 13:25:13 +02:00
23ec2c6106 test the integration 2024-08-23 11:39:59 +02:00
a12a421bbf prepare first backup test 2024-08-23 08:45:43 +02:00
c0a5539d19 integration test now works 2024-08-16 19:13:58 +02:00
848b03c6ce use backup in integration test 2024-08-16 18:11:22 +02:00
2416e26f70 test the backup 2024-08-16 16:29:34 +02:00
90260b3ea4 no namespace in old versions 2024-08-14 19:19:00 +02:00
jem
fd3ead20f5 Merge pull request 'forgejo-upgrade' (#7) from forgejo-upgrade into main
Reviewed-on: #7
2024-08-09 15:10:27 +00:00
a7c298a824 Merge branch 'main' into forgejo-upgrade 2024-08-09 17:08:06 +02:00
65958b52f8 [Skip-CI] Add website to contact info 2024-08-06 13:03:04 +02:00
2b8de6b907 Merge branch 'main' of ssh://repo.prod.meissa.de:2222/meissa/c4k-forgejo 2024-08-05 08:58:47 +02:00
2d6f64b248 update federation 2024-08-05 08:58:14 +02:00
dbb96f1781 Merge branch 'forgejo-upgrade-new' 2024-08-01 10:08:39 +02:00
be80628785 [Skip-CI] Added "enable federation" to runbook 2024-07-31 11:59:37 +02:00
b133f89ea4 fix tests 2024-07-31 11:37:23 +02:00
c9f6d54ce1 update forgejo image version to 8.0 2024-07-31 11:30:57 +02:00
ba2b5157d4 [Skip-CI] added c4k-forgejo base version for upgrade to runbook 2024-07-31 11:29:00 +02:00
b21317268c bump version to: 3.5.1-SNAPSHOT 2024-07-31 11:22:13 +02:00
6bab8fcc39 release: 3.5.0 2024-07-31 11:22:13 +02:00
e1e032697d Added cmd for pod logs to Runbook 2024-07-31 10:16:47 +02:00
Clemens
26dba0b756 added namespace to runbook commands 2024-07-31 10:14:47 +02:00
5c521e2877 Added v8.0.0 upgrade to runbook 2024-07-31 10:02:36 +02:00
Clemens
6a291d962a added namespace to runbook commands 2024-07-31 09:40:16 +02:00
Clemens
3f0ce02da3 Added option for dedicated federation-enables and fixed tests 2024-07-31 09:39:06 +02:00
Clemens
a66f398d71 updated to forgejo version 7.0 2024-07-31 09:38:43 +02:00
670a45966d [Skip-CI] Add Analytics doc 2024-07-31 08:57:02 +02:00
gec
a9d1c57a64 Merge pull request 'Split generation of config- and auth-objects' (#5) from split-config-auth into main
Reviewed-on: #5
2024-07-19 09:29:31 +00:00
Clemens
97dace2030 updated deps 2024-07-19 11:27:03 +02:00
Clemens
c5fcec4985 adjust postgres function call 2024-07-19 10:59:32 +02:00
Clemens
3b10016fae added todo 2024-07-18 09:58:35 +02:00
Clemens
0d13edc8d3 fix auth calls 2024-07-18 09:31:42 +02:00
Clemens
2c3a031081 adjust auth-objects signature 2024-07-18 08:55:00 +02:00
Clemens
0055eb3435 adjusted configs 2024-07-17 15:33:30 +02:00
Clemens
d3dd3ca5ef split auth and config 2024-07-17 14:18:08 +02:00
Clemens
d5d4dd5b43 fix -v option 2024-07-17 08:29:14 +02:00
3a7c868f36 [Skip-CI] Add Analytics doc 2024-07-10 14:00:41 +02:00
Clemens
c8ad539a25 added namespace to runbook commands 2024-07-10 11:39:46 +02:00
Clemens
bf89f3c5a9 Merge branch 'main' into forgejo-upgrade 2024-07-10 10:03:38 +02:00
Clemens
11123e253f bump version to: 3.4.5-SNAPSHOT 2024-07-10 10:02:16 +02:00
Clemens
786c06cc0a release: 3.4.4 2024-07-10 10:02:16 +02:00
ba649f4c28 Use ratelimit from common 2024-07-10 09:51:32 +02:00
ecbe0feae4 [Skip-CI] Add todos 2024-07-09 16:22:45 +02:00
78beb0c099 Merge branch 'main' into forgejo-upgrade 2024-07-09 15:30:48 +02:00
01914f8d16 bump version to: 3.4.4-SNAPSHOT 2024-07-09 14:51:47 +02:00
7ccdf13af8 release: 3.4.3 2024-07-09 14:51:47 +02:00
6122e9139b Lift postgres config from k8s-objects
Add merge namespace in let.
2024-07-09 14:48:52 +02:00
076bfd4d72 bump version to: 3.4.3-SNAPSHOT 2024-07-09 12:07:26 +02:00
665008c1aa release: 3.4.2 2024-07-09 12:07:26 +02:00
574cc0f76b Use non deprecated functions 2024-07-09 12:05:29 +02:00
b5b45f8c1c Add missing namespace kw 2024-07-09 12:05:29 +02:00
Clemens
85d3070eb8 Merge branch 'main' into forgejo-upgrade 2024-07-09 11:47:55 +02:00
b618da8bed bump version to: 3.4.2-SNAPSHOT 2024-07-09 11:45:38 +02:00
a8e9e6f108 release: 3.4.1 2024-07-09 11:45:38 +02:00
13aa8ca700 Fix erroneous keycloak 2024-07-09 11:43:39 +02:00
Clemens
07eb505d53 Added option for dedicated federation-enables and fixed tests 2024-07-09 11:26:39 +02:00
Clemens
24bf119589 updated to forgejo version 7.0 2024-07-09 11:10:40 +02:00
9093748893 bump version to: 3.4.1-SNAPSHOT 2024-07-09 10:55:49 +02:00
92d56691a2 release: 3.4.0 2024-07-09 10:55:49 +02:00
42eb920690 Update cljs deps 2024-07-09 10:40:52 +02:00
a3081ef93e Merge branch 'main' of ssh://repo.prod.meissa.de:2222/meissa/c4k-forgejo 2024-07-09 10:34:48 +02:00
6a2cd2e7e8 Add ns 2024-07-09 10:34:45 +02:00
Clemens
cf7f77848f Added howto setup impressum 2024-07-09 09:25:24 +02:00
Clemens
c1c15f9eaa bump version to: 3.3.2-SNAPSHOT 2024-07-09 09:15:58 +02:00
Clemens
51c1d0e757 release: 3.3.1 2024-07-09 09:15:58 +02:00
Clemens
0eafb03ebd [Skip-CI] remove deprecated todo 2024-07-09 09:08:02 +02:00
Clemens
545410767f Added runbook todo and disabled forgejo-federated-image-publish 2024-07-09 09:05:57 +02:00
Clemens
3be3486202 bump version to: 3.3.1-SNAPSHOT 2024-07-08 13:55:59 +02:00
Clemens
f43c3fd7a7 release: 3.3.0 2024-07-08 13:55:59 +02:00
Clemens
e40861f46f dependency fix 2024-07-08 13:41:49 +02:00
Clemens
d981dfc15f update dependencies 2024-07-08 13:36:46 +02:00
Clemens
c94837a5bf Added missing commands into playbook 2024-07-08 12:59:02 +02:00
Clemens
8db0044895 Added forgejo version upgrade to 7.0.5 in playbook 2024-07-08 12:49:43 +02:00
Clemens
636ad07151 Added forgejo version upgrade to 7.0.0 in playbook 2024-07-08 12:33:37 +02:00
Clemens
1a82d62bd9 Added forgejo version upgrade to 1.21 in playbook 2024-07-08 11:53:38 +02:00
Clemens
49ae63536c Began playbook for forgejo version upgrade 2024-07-08 10:35:15 +02:00
Clemens
eaf06724e4 added option to override image-version tag 2024-07-08 08:28:14 +02:00
48b00899ea [Skip-CI] Format, remove unnecessary details 2024-07-05 11:47:32 +02:00
322a07de03 [Skip-CI] Consistent English 2024-07-05 11:34:14 +02:00
b9d38bdeed [Skip-CI] Clarifications 2024-07-05 10:32:33 +02:00
eb33cf5e0b [Skip-CI] Add Upgrade process for 1.19 to forgejo sem 2024-07-05 09:06:54 +02:00
Clemens
4f941c8e65 bump version to: 3.2.3-SNAPSHOT 2024-04-04 09:28:43 +02:00
Clemens
9821011412 release: 3.2.2 2024-04-04 09:28:43 +02:00
Clemens
c5c75a01c0 bugfix 2024-04-04 09:27:42 +02:00
Clemens
cf533be550 update dependencies 2024-04-04 09:27:36 +02:00
2c4923a1a8 bump version to: 3.2.2-SNAPSHOT 2024-02-21 16:36:19 +01:00
0573673e64 release: 3.2.1 2024-02-21 16:36:19 +01:00
7cdf8bf0c1 Merge remote-tracking branch 'refs/remotes/origin/main' 2024-02-21 16:24:13 +01:00
3692d4ef01 zlib no longer needed in isolation 2024-02-21 16:21:26 +01:00
7a0d2fd240 fix arch 2024-02-21 16:21:08 +01:00
01955cf99d update doc 2024-02-20 18:33:04 +01:00
ed9f3eb041 minor build script improvements 2024-02-19 16:27:15 +01:00
300c85e591 use newest ci-images 2024-02-19 16:16:54 +01:00
8933629f98 also add loopback.xml to native image 2024-02-19 16:14:56 +01:00
47874a2273 bump version to: 3.2.1-SNAPSHOT 2024-02-17 12:00:15 +01:00
b659f59df5 release: 3.2.0 2024-02-17 12:00:15 +01:00
jem
c2f4275e1e Merge pull request 'feature/native-build' (#4) from feature/native-build into main
Reviewed-on: #4
2024-02-17 10:51:07 +00:00
4b92e22ebd remove debug 2024-02-17 11:50:29 +01:00
38a595edf3 fix image used 2024-02-17 11:39:23 +01:00
81e0c44f4e initialize native-image? 2024-02-17 10:03:38 +01:00
764e8bc95b fix the build 2024-02-17 09:41:38 +01:00
b9b0d69cfd mv aliases to pyb 2024-02-17 09:21:08 +01:00
1e727c154b add graal to ci 2024-02-17 09:05:16 +01:00
bfdaf2f471 use common wo reflection 2024-02-16 17:50:54 +01:00
75e0b293c8 use graal_build_time 2024-02-16 17:05:43 +01:00
ce90b2515b add inst ty pyb 2024-02-16 16:55:26 +01:00
0e5f5aae2a try to create native image 2024-02-16 16:27:04 +01:00
386cf5a12e bump version to: 3.1.11-SNAPSHOT 2024-02-12 15:44:42 +01:00
bff6788400 release: 3.1.10 2024-02-12 15:44:41 +01:00
5391d5fa24 bump version to: 3.1.10-SNAPSHOT 2024-02-12 14:18:49 +01:00
29df189b80 release: 3.1.9 2024-02-12 14:18:49 +01:00
3b4d0667d4 compile after hard-fork 2024-02-12 14:16:03 +01:00
1c218186d2 bump version to: 3.1.9-SNAPSHOT 2024-02-09 19:25:55 +01:00
581c56faa9 release: 3.1.8 2024-02-09 19:25:55 +01:00
f92e66d187 update deps 2024-02-09 19:23:38 +01:00
633f450baf bump version to: 3.1.8-SNAPSHOT 2024-01-26 18:15:31 +01:00
54e6881deb release: 3.1.7 2024-01-26 18:15:31 +01:00
47a4d25304 bump version to: 3.1.7-SNAPSHOT 2024-01-26 15:39:52 +01:00
ace4d820a6 release: 3.1.6 2024-01-26 15:39:52 +01:00
1563e441eb bump version to: 3.1.6-SNAPSHOT 2024-01-26 15:13:12 +01:00
41b13684f3 release: 3.1.5 2024-01-26 15:13:11 +01:00
11d3d6b50f update dependencies 2024-01-26 15:11:03 +01:00
55a339d05c improved doc 2024-01-26 15:06:45 +01:00
056b543c7e Fix kubeconform params 2024-01-26 14:32:40 +01:00
a79a37d4d4 Merge pull request 'rate-limit' (#3) from rate-limit into main
Limiting the rates

Introducing rate limiting seemed like a very sensible step in order to mitigate against some forms of DoS attacks. As of now, we set the rates to a fixed amount with no configuration ability. This might change later on, depending on the use cases.
2024-01-23 09:02:06 +00:00
fba2a495e2 Merge branch 'main' into rate-limit 2024-01-23 09:00:30 +00:00
bba058afa0 [Skip-CI] Remove keywords from valid config 2024-01-19 11:40:08 +01:00
12034502ac Use default values in tests 2024-01-19 11:39:42 +01:00
4881ea3c0d Refactor Keywords 2024-01-19 11:38:33 +01:00
38183f7bf1 [Skip-CI, WIP] Refactor middleware generation 2024-01-19 10:18:49 +01:00
62fb2a37a0 [WIP] Use defaults for rate limit 2024-01-19 10:14:44 +01:00
aec67352d5 [Skip-CI] Add ToDos 2024-01-19 09:55:00 +01:00
1b40d136ad bump version to: 3.1.5-SNAPSHOT 2024-01-18 19:29:34 +01:00
b939a8b2a1 release: 3.1.4 2024-01-18 19:29:34 +01:00
a5aa79b3ab bump version to: 3.1.4-SNAPSHOT 2024-01-18 18:48:24 +01:00
cc3f6dba74 release: 3.1.3 2024-01-18 18:48:24 +01:00
040ef0e1bd update deps 2024-01-18 18:47:06 +01:00
3f0de27055 Add Middleware to be skipped 2024-01-17 15:40:47 +01:00
7d21f5aff1 Fix test 2024-01-17 12:44:22 +01:00
260d086232 Further split flow control 2024-01-17 12:36:24 +01:00
56b843981f Correct api version 2024-01-17 12:35:48 +01:00
777b94a340 Add average and burst keys 2024-01-17 11:57:55 +01:00
d9cb19242b Format 2024-01-17 11:57:40 +01:00
010ab3d8fd Split if into multiple whens
Otherwise weird behavior.
2024-01-17 11:57:19 +01:00
054e6954af Implement tests 2024-01-17 11:43:32 +01:00
2a6b6ccf3f Implement rate limit middleware 2024-01-17 11:43:15 +01:00
13e718ca37 Implement rate limit ingress 2024-01-17 11:40:58 +01:00
52e43fe23c Add specs for rate limit options 2024-01-17 11:37:31 +01:00
a63f170ace Generate ingress with rate limit conditionally 2024-01-17 11:36:43 +01:00
220eb337f9 No default values for optional rate limiting 2024-01-17 11:35:20 +01:00
8a3194e715 Add ToDo 2024-01-16 15:50:08 +01:00
c5e777c9c5 WIP: Add defn-spec for rate-limiting ingress 2024-01-16 15:44:10 +01:00
1ed850aea2 Initial rate limit middleware 2024-01-16 15:18:18 +01:00
Clemens
5992a6dac6 exclude codox-klipse-theme from hickory 2024-01-12 09:35:53 +01:00
83b850c339 bump version to: 3.1.3-SNAPSHOT 2024-01-08 18:27:43 +01:00
7e5a4c178c release: 3.1.2 2024-01-08 18:27:43 +01:00
6e94f4d712 bump version to: 3.1.2-SNAPSHOT 2024-01-05 16:59:14 +01:00
8fe536206a release: 3.1.1 2024-01-05 16:59:14 +01:00
98b5b427bf use newest build 2024-01-05 16:54:20 +01:00
2fd1d3cf40 bump version to: 3.1.1-SNAPSHOT 2024-01-05 16:19:24 +01:00
a4e1f500f2 release: 3.1.0 2024-01-05 16:19:24 +01:00
37d9939f73 update deps 2024-01-05 16:18:06 +01:00
c067e01783 use old build setup again ... 2024-01-05 16:01:10 +01:00
d4eca274a2 [skip-ci] infrastructure/../test folder removed 2023-12-22 16:56:13 +01:00
2e29ab6fe6 bump version to: 3.0.8-SNAPSHOT 2023-12-21 22:31:55 +01:00
960163792d release: 3.0.7 2023-12-21 22:31:55 +01:00
8e261a7a7b Merge branch 'main' of ssh://repo.prod.meissa.de:2222/meissa/c4k-forgejo 2023-12-21 22:26:45 +01:00
50fe9775d9 Improvements docker image building 2023-12-21 22:21:33 +01:00
e6e63051ae refactor to new commons features 2023-12-15 19:04:30 +01:00
7a7e05a715 add test 2023-12-15 19:03:58 +01:00
73f98a768f use our federated dev branch 2023-12-15 16:58:48 +01:00
831f71f916 bump version to: 3.0.7-SNAPSHOT 2023-12-15 16:26:18 +01:00
14456407d9 release: 3.0.6 2023-12-15 16:26:18 +01:00
6921ce1e8d update libs 2023-12-15 16:24:59 +01:00
23cf8f381a fail on install error 2023-11-03 11:13:23 +01:00
a1f24d9dfe [Skip-CI] Add ToDo 2023-10-24 14:36:54 +02:00
c0f2e71b06 bump version to: 3.0.6-SNAPSHOT 2023-10-18 20:56:21 +02:00
5011f5877e release: 3.0.5 2023-10-18 20:56:21 +02:00
685e248a19 Merge branch 'main' of ssh://repo.prod.meissa.de:2222/meissa/c4k-forgejo 2023-10-18 20:48:49 +02:00
bca71d97b3 Update infrastructure/backup Dockerfile 2023-10-18 20:46:23 +02:00
f2cac92780 Update infrastructure/backup with
dda-backup 1.0.9,
 infrastructure/federated Dockerfile improvements
2023-10-18 20:44:36 +02:00
jem
fd946f5c65 adjust to k8s version 1.27
Reviewed-on: #1
2023-10-13 15:08:28 +00:00
74b27ada32 adjust to new k8s version 2023-10-13 16:39:49 +02:00
bdf534e6fe bump version to: 3.0.5-SNAPSHOT 2023-10-13 16:09:14 +02:00
54 changed files with 782 additions and 466 deletions

2
.gitignore vendored
View file

@ -10,6 +10,7 @@ target/
.lein-repl-history
.lein-failures
pom.*
reports/*
# cljs
.shadow-cljs
@ -28,3 +29,4 @@ auth.edn
config.edn
.eastwood

View file

@ -6,7 +6,7 @@ stages:
- image
.img: &img
image: "domaindrivenarchitecture/ddadevops-dind:4.7.4"
image: "domaindrivenarchitecture/ddadevops-dind:4.11.4"
services:
- docker:dind
before_script:
@ -16,7 +16,7 @@ stages:
- export IMAGE_TAG=$CI_COMMIT_TAG
.cljs-job: &cljs
image: "domaindrivenarchitecture/ddadevops-clj-cljs:4.7.4"
image: "domaindrivenarchitecture/ddadevops-clj-cljs:4.11.4"
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
@ -29,7 +29,7 @@ stages:
- npm install
.clj-job: &clj
image: "domaindrivenarchitecture/ddadevops-clj-cljs:4.7.4"
image: "domaindrivenarchitecture/ddadevops-clj:4.11.4"
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
@ -93,6 +93,15 @@ package-uberjar:
paths:
- target/uberjar
package-native:
<<: *clj
stage: package
script:
- pyb package_native
artifacts:
paths:
- target/graalvm
release-to-clojars:
<<: *clj
<<: *tag_only
@ -114,9 +123,10 @@ forgejo-backup-image-publish:
script:
- cd infrastructure/backup && pyb image publish
forgejo-federated-image-publish:
<<: *img
<<: *tag_only
stage: image
script:
- cd infrastructure/federated && pyb image publish
# This is currently not needed
#forgejo-federated-image-publish:
# <<: *img
# <<: *tag_only
# stage: image
# script:
# - cd infrastructure/federated && pyb image publish

View file

@ -1,7 +1,7 @@
# convention 4 kubernetes: c4k-forgejo
[![Clojars Project](https://img.shields.io/clojars/v/org.domaindrivenarchitecture/c4k-forgejo.svg)](https://clojars.org/org.domaindrivenarchitecture/c4k-forgejo) [![pipeline status](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/badges/master/pipeline.svg)](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/commits/main)
[<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa-gmbh.de/img/community/Mastodon_Logotype.svg" width=20 alt="team@social.meissa-gmbh.de"> team@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@team) | [Website & Blog](https://domaindrivenarchitecture.org)
[<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa.de/images/parts/contact/mastodon36_hue9b2464f10b18e134322af482b9c915e_5501_filter_14705073121015236177.png" width=20 alt="M"> meissa@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@meissa) | [Blog](https://domaindrivenarchitecture.org) | [Website](https://meissa.de)
## Purpose
@ -14,6 +14,8 @@ c4k-forgejo provides a k8s deployment file for forgejo containing:
* encrypted backup on S3 & restore
* monitoring on graphana-cloud
c4k-forgejo is an example how to create efficient k8s one shot deployments with https://repo.prod.meissa.de/meissa/c4k-common.
## Try out
Click on the image to try out live in your browser:
@ -33,21 +35,26 @@ After having deployed the yaml-file generated by the c4k-forgejo module you need
* The SSH-URL for a repo has the format: "ssh://git@domain:2222/[username]/[repo].git
Example: "git clone ssh://git@repo.test.meissa.de:2222/myuser/c4k-forgejo.git"
### Add Impressum
In order to customize the UI e.g. for adding an Impressum, see the [Forgejo Docs](https://forgejo.org/docs/latest/developer/customization/#adding-links-and-tabs).
The individually needed files have to be added by hand into the directory `/data/gitea/templates/custom/` in the forgejo Pod. Since a PV is mounted under `/data`, these ui customizations are persisted.
## Development & mirrors
Development happens at: https://repo.prod.meissa.de/meissa/c4k-forgejo
Mirrors are:
https://gitlab.com/domaindrivenarchitecture/c4k-forgejo (issues and PR, CI)
https://codeberg.org/meissa/c4k-forgejo
https://github.com/DomainDrivenArchitecture/c4k-forgejo
* https://codeberg.org/meissa/c4k-forgejo (Issues and PR)
* https://gitlab.com/domaindrivenarchitecture/c4k-forgejo (CI)
* https://github.com/DomainDrivenArchitecture/c4k-forgejo
For more details about our repository model see: https://repo.prod.meissa.de/meissa/federate-your-repos
## License
Copyright © 2023 meissa GmbH
Copyright © 2023, 2024 meissa GmbH
Licensed under the [Apache License, Version 2.0](LICENSE) (the "License")
Pls. find licenses of our subcomponents [here](doc/SUBCOMPONENT_LICENSE)

View file

@ -29,8 +29,9 @@ def initialize(project):
"release_organisation": "meissa",
"release_repository_name": name,
"release_artifacts": [
"target/uberjar/c4k-forgejo-standalone.jar",
"target/frontend-build/c4k-forgejo.js",
"target/graalvm/" + name,
"target/uberjar/" + name + "-standalone.jar",
"target/frontend-build/" + name + ".js",
],
}
@ -56,7 +57,7 @@ def test_schema(project):
"java -jar target/uberjar/c4k-forgejo-standalone.jar "
+ "src/test/resources/forgejo-test/valid-config.yaml "
+ "src/test/resources/forgejo-test/valid-auth.yaml | "
+ "kubeconform --kubernetes-version 1.23.0 --strict --skip Certificate -",
+ """kubeconform --kubernetes-version 1.23.0 --strict --skip "Certificate,Middleware" -""",
shell=True,
check=True,
)
@ -77,17 +78,17 @@ def package_frontend(project):
run("mkdir -p target/frontend-build", shell=True, check=True)
run("shadow-cljs release frontend", shell=True, check=True)
run(
"cp public/js/main.js target/frontend-build/c4k-forgejo.js",
"cp public/js/main.js target/frontend-build/" + project.name + ".js",
shell=True,
check=True,
)
run(
"sha256sum target/frontend-build/c4k-forgejo.js > target/frontend-build/c4k-forgejo.js.sha256",
"sha256sum target/frontend-build/c4k-forgejo.js > target/frontend-build/" + project.name + ".js.sha256",
shell=True,
check=True,
)
run(
"sha512sum target/frontend-build/c4k-forgejo.js > target/frontend-build/c4k-forgejo.js.sha512",
"sha512sum target/frontend-build/c4k-forgejo.js > target/frontend-build/" + project.name + ".js.sha512",
shell=True,
check=True,
)
@ -96,12 +97,67 @@ def package_frontend(project):
@task
def package_uberjar(project):
run(
"sha256sum target/uberjar/c4k-forgejo-standalone.jar > target/uberjar/c4k-forgejo-standalone.jar.sha256",
"sha256sum target/uberjar/c4k-forgejo-standalone.jar > target/uberjar/" + project.name + "-standalone.jar.sha256",
shell=True,
check=True,
)
run(
"sha512sum target/uberjar/c4k-forgejo-standalone.jar > target/uberjar/c4k-forgejo-standalone.jar.sha512",
"sha512sum target/uberjar/c4k-forgejo-standalone.jar > target/uberjar/" + project.name + "-standalone.jar.sha512",
shell=True,
check=True,
)
@task
def package_native(project):
run(
"mkdir -p target/graalvm",
shell=True,
check=True,
)
run(
"native-image " +
"--native-image-info " +
"--report-unsupported-elements-at-runtime " +
"--no-server " +
"--no-fallback " +
"--features=clj_easy.graal_build_time.InitClojureClasses " +
"-jar target/uberjar/" + project.name + "-standalone.jar " +
"-march=compatibility " +
"-H:IncludeResources=.*.yaml " +
"-H:IncludeResources=logback.xml " +
"-H:Log=registerResource:verbose " +
"-H:Name=target/graalvm/" + project.name + "",
shell=True,
check=True,
)
run(
"sha256sum target/graalvm/c4k-forgejo > target/graalvm/" + project.name + ".sha256",
shell=True,
check=True,
)
run(
"sha512sum target/graalvm/c4k-forgejo > target/graalvm/" + project.name + ".sha512",
shell=True,
check=True,
)
@task
def inst(project):
run(
"lein uberjar",
shell=True,
check=True,
)
package_native(project)
run(
"sudo install -m=755 target/uberjar/" + project.name + "-standalone.jar /usr/local/bin/" + project.name + "-standalone.jar",
shell=True,
check=True,
)
run(
"sudo install -m=755 target/graalvm/" + project.name + " /usr/local/bin/" + project.name + "",
shell=True,
check=True,
)

View file

@ -10,32 +10,32 @@
## Manual init the restic repository for the first time
1. apply backup-and-restore pod:
`kubectl scale deployment backup-restore --replicas=1`
`kubectl -n forgejo scale deployment backup-restore --replicas=1`
2. exec into pod and execute restore pod (press tab to get your exact pod name)
`kubectl exec -it backup-restore-... -- /usr/local/bin/init.sh`
`kubectl -n forgejo exec -it backup-restore-... -- /usr/local/bin/init.bb`
3. remove backup-and-restore pod:
`kubectl scale deployment backup-restore --replicas=0`
`kubectl -n forgejo scale deployment backup-restore --replicas=0`
## Manual backup the restic repository for the first time
1. apply backup-and-restore pod:
`kubectl scale deployment backup-restore --replicas=1`
`kubectl -n forgejo scale deployment backup-restore --replicas=1`
2. exec into pod and execute backup pod (press tab to get your exact pod name)
`kubectl exec -it backup-restore-... -- /usr/local/bin/backup.sh`
`kubectl -n forgejo exec -it backup-restore-... -- /usr/local/bin/backup.bb`
3. remove backup-and-restore pod:
`kubectl scale deployment backup-restore --replicas=0`
`kubectl -n forgejo scale deployment backup-restore --replicas=0`
## Manual restore
1. apply backup-and-restore pod:
`kubectl scale deployment backup-restore --replicas=1`
`kubectl -n forgejo scale deployment backup-restore --replicas=1`
2. Scale down forgejo deployment:
`kubectl scale deployment forgejo --replicas=0`
`kubectl -n forgejo scale deployment forgejo --replicas=0`
3. exec into pod and execute restore pod (press tab to get your exact pod name)
`kubectl exec -it backup-restore-... -- /usr/local/bin/restore.sh`
`kubectl -n forgejo exec -it backup-restore-... -- /usr/local/bin/restore.bb`
4. Start forgejo again:
`kubectl scale deployment forgejo --replicas=1`
`kubectl -n forgejo scale deployment forgejo --replicas=1`
5. remove backup-and-restore pod:
`kubectl scale deployment backup-restore --replicas=0`
`kubectl -n forgejo scale deployment backup-restore --replicas=0`

View file

@ -39,26 +39,23 @@ npx shadow-cljs release frontend
## graalvm-setup
```
curl -LO https://github.com/graalvm/graalvm-ce-builds/releases/download/vm-21.0.0.2/graalvm-ce-java11-linux-amd64-21.0.0.2.tar.gz
curl -LO https://github.com/graalvm/graalvm-ce-builds/releases/download/jdk-21.0.2/graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz
# unpack
tar -xzf graalvm-ce-java11-linux-amd64-21.0.0.2.tar.gz
tar -xzf graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz
sudo mv graalvm-ce-java11-21.0.0.2 /usr/lib/jvm/
sudo ln -s /usr/lib/jvm/graalvm-ce-java11-21.0.0.2 /usr/lib/jvm/graalvm
sudo ln -s /usr/lib/jvm/graalvm/bin/gu /usr/local/bin
sudo update-alternatives --install /usr/bin/java java /usr/lib/jvm/graalvm/bin/java 2
sudo mv graalvm-community-openjdk-21.0.2+13.1 /usr/lib/jvm/
sudo ln -s /usr/lib/jvm/graalvm-community-openjdk-21.0.2+13.1 /usr/lib/jvm/graalvm-21
sudo ln -s /usr/lib/jvm/graalvm-21/bin/gu /usr/local/bin
sudo update-alternatives --install /usr/bin/java java /usr/lib/jvm/graalvm-21/bin/java 2
sudo update-alternatives --config java
# install native-image in graalvm-ce-java11-linux-amd64-21.0.0.2/bin
sudo gu install native-image
sudo ln -s /usr/lib/jvm/graalvm/bin/native-image /usr/local/bin
sudo ln -s /usr/lib/jvm/graalvm-21/bin/native-image /usr/local/bin
# deps
sudo apt-get install build-essential libz-dev zlib1g-dev
sudo apt-get install build-essential zlib1g-dev
# build
cd ~/repo/dda/c4k-cloud
cd ~/repo/c4k/c4k-forgejo
lein uberjar
mkdir -p target/graalvm
lein native

View file

@ -1,41 +0,0 @@
# Release process
## ... for testing (snapshots)
Make sure your clojars.org credentials are correctly set in your ~/.lein/profiles.clj file.
``` bash
git add .
git commit
```
``` bash
lein deploy # or lein deploy clojars
```
## ... for stable release
Make sure tags are protected in gitlab:
Repository Settings -> Protected Tags -> set \*.\*.\* as tag and save.
``` bash
git checkout main # for old projects replace main with master
git add .
git commit
```
Execute tests
``` bash
shadow-cljs compile test
node target/node-tests.js
lein test
```
Release with type (NONE, PATCH, MINOR, MAJOR):
``` bash
RELEASE_TYPE=[TYPE] pyb prepare_release after_publish
```
Done.

View file

@ -0,0 +1,135 @@
# Playbook Upgrade from 1.19 to 7.0.5
## Info: Relevant Breaking Changes:
* 1.19.3: First version under consideration
* 1.20.1-0: Breaking https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#1-20-1-0
* 1.21.1-0: https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#1-21-1-0
* 7.0.0: https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-0
* 8.0.0: https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#8-0-0
## Preparations
1. Stop Forgejo Prod: `k scale deployment forgejo --replicas=0`
1. Disable Backup Cron: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
1. Scale up Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1`
1. Execute Manual Backup: `kubectl exec -n forgejo -it backup-restore-... -- /usr/local/bin/backup.sh`
### Create 2nd Repo Prod Server
1. Terraform Preparations for 2nd Server: TODO
1. Install c4k-forgejo Version `3.5.0`!
with config `"forgejo-image-version-overwrite": "1.19.3-0"` (in server-setup)
1. Stop Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
1. Disable Backup Cron: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
1. Scale up Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1`
1. Restore Forgejo Backup: See [BackupAndRestore.md](BackupAndRestore.md)
1. Check for `..._INSTALL_LOCK: true` in ConfigMap `forgejo-env`
1. Scale up Forgejo Deployment and check for (startup) problems: `k scale -n forgejo deployment forgejo --replicas=1`
## Upgrade to 1.20.1-0
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
1. Adjust configmap: `k edit -n forgejo cm forgejo-env`
1. Remove `FORGEJO__database__CHARSET: utf8` (This was a misconfiguration, since this option only had effect for mysql dbs)
1. Change `FORGEJO__mailer__MAILER_TYPE: smtp+startls` TO `FORGEJO__mailer__PROTOCOL: smtp+starttls` (Missed deprecation from 1.19)
1. Change `FORGEJO__service__EMAIL_DOMAIN_WHITELIST: repo.test.meissa.de` TO `FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST: repo.test.meissa.de` (Fallback deprecation in 1.21)
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
1. Set version to `1.20.1-0` with `k edit -n forgejo deployment forgejo`
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
1. Check for errors: `k logs -n forgejo forgejo-...`
## Upgrade to 1.21.1-0
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
1. Set version to `1.21.1-0` with `k edit -n forgejo deployment forgejo`
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
1. Check for errors: `k logs -n forgejo forgejo-...`
1. After upgrading, login as an admin, go to the `/admin` page and click run `Sync missed branches from git data to databases` (`Fehlende Branches aus den Git-Daten in die Datenbank synchronisieren`). If this is not done there will be messages such as `LoadBranches: branch does not exist in the logs`.
## Upgrade to 7.0.0
1. Check DB Version.
1. MariaDB or MySQL needs to be 8.0 or higher.
2. Postgres needs to be 12 or higher
1. API Endpoints
1. Check if the [/repos/{owner}/{repo}/releases](https://code.forgejo.org/api/swagger/#/repository/repoListReleases) API endpoint is used
1. as the per_page param is not used for [limit](https://codeberg.org/forgejo/forgejo/commit/0aab2d38a7d91bc8caff332e452364468ce52d9a) anymore
2. Check if [/repos/{owner}/{repo}/push_mirrors](https://code.forgejo.org/api/swagger/#/repository/repoListPushMirrors) and [/repos/{owner}/{repo}/push_mirrors](https://code.forgejo.org/api/swagger/#/repository/repoAddPushMirror) API endpoints are used
1. The date format of created and last_update fields are now [timestamps](https://codeberg.org/forgejo/forgejo/commit/0ee7cbf725f45650136be45f8e0f74d395f73b5c)
3. [pprof](https://forgejo.org/docs/v7.0/admin/config-cheat-sheet/#server-server) endpoint changed labels
1. graceful-lifecycle to gracefulLifecycle
2. process-type to processType
3. process-description to processDescription This allows for those endpoints to be scraped by services requiring prometheus style labels such as grafana-agent.
1. The Gitea themes were renamed and the \[ui\].THEMES setting must be changed as follows:
1. gitea is replaced by gitea-light
2. arc-green is replaced by gitea-dark
3. auto is replaced by gitea-auto
1. Migration warning
2. If the logs show a line like the following, run `doctor convert` to fix it.
3. Current database is using a case-insensitive collation "utf8mb4_general_ci"
4. Large instances may experience slow migrations when the database is upgraded to support SHA-256 git repositories.
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
1. Adjust configmap: `k edit -n forgejo cm forgejo-env`
1. Change `FORGEJO__oauth2__ENABLE: "true"` TO `FORGEJO__oauth2__ENABLED: "true"`
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
1. Set version to `7.0.0` with `k edit -n forgejo deployment forgejo`
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
1. Check for errors: `k logs -n forgejo forgejo-...`
## Upgrade to 8.0.3 (no relevant breaking changes)
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
1. Set version to `8.0.3` with `k edit -n forgejo deployment forgejo`
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
1. Check for errors: `k logs -n forgejo forgejo-...`
## Enable Federation
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
1. Adjust configmap: `k edit -n forgejo cm forgejo-env`
1. Change `FORGEJO__federation__ENABLED: "false"` TO `FORGEJO__federation__ENABLED: "true"`
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
1. Check for errors: `k logs -n forgejo forgejo-...`
## Post Work
1. Switch DNS to new server
1. Reenable Backup Cron on new server: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : false }}'`
1. Execute manual Backup on new server: `kubectl exec -n forgejo -it backup-restore-... -- /usr/local/bin/backup.sh`
1. Scale down Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1`
1. The scope of all access tokens might (invisibly) have changed (in v1.20). Thus, rotate all tokens!
1. Users should check their ssh keys: if they use rsa keys the minimum length should be 3072 bits! However, shorter keys should still work.
## Known Errors
### Error in v1.20.1-0
In the logs the following error can be found. This will be resolved automatically with the next upgrade (v1.21).
```
2024/07/08 08:31:30 ...g/config_provider.go:321:deprecatedSetting() [E] Deprecated fallback `[log]` `ROUTER` present. Use `[log]` `logger.router.MODE` instead. This fallback will be/has been removed in 1.21
```
# Add Shynet Analytics
1. Log into shynet & create new Service
1. Copy the generated html snippet and save it somewhere you remember
1. SSH into prod server
1. Make the necessary folders and files in forgejo data dir:
1. `kubectl exec -n forgejo -it forgejo-... -- bash`
1. `mkdir -p /data/gitea/templates/custom`
1. `touch /data/gitea/templates/custom/footer.tmpl`
1. Open the `footer.tmpl` and paste the saved snippet
1. Restart the pod
1. `k scale -n forgejo deployment forgejo --replicas=0`
1. `k scale -n forgejo deployment forgejo --replicas=1`
1. Add Information about analytics: Clone Datenschutz Repo
1. `git clone ssh://git@repo.prod.meissa.de:2222/meissa/Datenschutz.git`
1. Merge forgejo-upgrade into main
1. `git merge forgejo-upgrade`
1. Push to origin
1. `git push`

View file

@ -1,21 +0,0 @@
# Upgrading process
## adhoc (on kubernetes cluster)
Ssh into your kubernetes cluster running the forgejo instance.
``` bash
kubectl edit configmap forgejo-env
# make sure INSTALL_LOCK under security is set to true to disable the installation screen
# save and exit
kubectl edit deployments forgejo
# search for your current forgejo version, e.g. 1.19
# replace with new version
# save and exit
kubectl scale deployment forgejo --replicas=0
kubectl scale deployment forgejo --replicas=1
```
Logging into the admin account should now show the new version.
You may want to update your c4k-forgejo resources to reflect the changes made on the cluster.

View file

@ -6,7 +6,7 @@ from ddadevops import *
name = "c4k-forgejo"
MODULE = "backup"
PROJECT_ROOT_PATH = "../.."
version = "3.0.4"
version = "4.0.1-dev"
@init

View file

@ -1,5 +1,4 @@
FROM domaindrivenarchitecture/dda-backup:1.0.6
FROM domaindrivenarchitecture/dda-backup:latest
# Prepare Entrypoint Script
ADD resources /tmp
RUN /tmp/install.sh
RUN /tmp/install.bb

View file

@ -0,0 +1,46 @@
#!/usr/bin/env bb
(require
'[dda.backup.core :as bc]
'[dda.backup.restic :as rc]
'[dda.backup.postgresql :as pg]
'[dda.backup.backup :as bak])
(def restic-repo {:password-file (bc/env-or-file "RESTIC_PASSWORD_FILE")
:restic-repository (bc/env-or-file "RESTIC_REPOSITORY")})
(def file-config (merge restic-repo {:backup-path "files"
:execution-directory "/var/backups/"
:files ["gitea/" "git/repositories/"]}))
(def db-config (merge restic-repo {:backup-path "pg-database"
:pg-host (bc/env-or-file "POSTGRES_SERVICE")
:pg-port (bc/env-or-file "POSTGRES_PORT")
:pg-db (bc/env-or-file "POSTGRES_DB")
:pg-user (bc/env-or-file "POSTGRES_USER")
:pg-password (bc/env-or-file "POSTGRES_PASSWORD")}))
(def aws-config {:aws-access-key-id (bc/env-or-file "AWS_ACCESS_KEY_ID")
:aws-secret-access-key (bc/env-or-file "AWS_SECRET_ACCESS_KEY")})
(def dry-run {:dry-run true :debug true})
(defn prepare!
[]
(bc/create-aws-credentials! aws-config)
(pg/create-pg-pass! db-config))
(defn restic-repo-init!
[]
(rc/init! file-config)
(rc/init! db-config))
(defn restic-backup!
[]
(bak/backup-file! file-config)
(bak/backup-db! db-config))
(prepare!)
(restic-repo-init!)
(restic-backup!)

View file

@ -1,19 +0,0 @@
#!/bin/bash
set -o pipefail
function main() {
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
file_env RESTIC_DAYS_TO_KEEP 30
file_env RESTIC_MONTHS_TO_KEEP 12
backup-db-dump
backup-fs-from-directory '/var/backups/' 'gitea/' 'git/repositories/'
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
source /usr/local/lib/file-functions.sh
main

View file

@ -0,0 +1,3 @@
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
orchestra/orchestra {:mvn/version "2021.01.01-1"}
org.domaindrivenarchitecture/dda-backup {:local/root "/usr/local/lib/dda-backup"}}}

View file

@ -0,0 +1,3 @@
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
orchestra/orchestra {:mvn/version "2021.01.01-1"}
org.domaindrivenarchitecture/dda-build {:mvn/version "0.1.1-SNAPSHOT"}}}

View file

@ -1,13 +0,0 @@
#!/bin/bash
function main() {
create-pg-pass
while true; do
sleep 1m
done
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
main

View file

@ -1,11 +0,0 @@
#!/bin/bash
function main() {
create-pg-pass
/usr/local/bin/backup.sh
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
main

View file

@ -0,0 +1,3 @@
#!/usr/bin/env bb
(println "initialized")

View file

@ -1,14 +0,0 @@
#!/bin/bash
function main() {
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
init-database-repo
init-file-repo
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
source /usr/local/lib/file-functions.sh
main

View file

@ -0,0 +1,14 @@
#!/usr/bin/env bb
(require
'[dda.image.ubuntu :as ub]
'[dda.image.install :as in])
(ub/upgrade-system!)
(in/install! "bb-backup.edn" :target-name "bb.edn" :mod "0400")
(in/install! "backup.bb")
(in/install! "restore.bb")
(in/install! "list-snapshots.bb")
(in/install! "wait.bb")
(ub/cleanup-container!)

View file

@ -1,11 +0,0 @@
#!/bin/bash
apt-get update > /dev/null;
install -m 0700 /tmp/entrypoint.sh /
install -m 0700 /tmp/entrypoint-start-and-wait.sh /
install -m 0700 /tmp/init.sh /usr/local/bin/
install -m 0700 /tmp/backup.sh /usr/local/bin/
install -m 0700 /tmp/restore.sh /usr/local/bin/
install -m 0700 /tmp/restic-snapshots.sh /usr/local/bin/

View file

@ -0,0 +1,28 @@
#!/usr/bin/env bb
(require
'[dda.backup.core :as bc]
'[dda.backup.restic :as rc])
(def restic-repo {:password-file (bc/env-or-file "RESTIC_PASSWORD_FILE")
:restic-repository (bc/env-or-file "RESTIC_REPOSITORY")})
(def file-config (merge restic-repo {:backup-path "files"}))
(def db-config (merge restic-repo {:backup-path "pg-database"}))
(def aws-config {:aws-access-key-id (bc/env-or-file "AWS_ACCESS_KEY_ID")
:aws-secret-access-key (bc/env-or-file "AWS_SECRET_ACCESS_KEY")})
(defn prepare!
[]
(bc/create-aws-credentials! aws-config))
(defn list-snapshots!
[]
(rc/list-snapshots! file-config)
(rc/list-snapshots! db-config))
(prepare!)
(list-snapshots!)

View file

@ -1,16 +0,0 @@
#!/bin/bash
set -o pipefail
function main() {
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
restic -r ${RESTIC_REPOSITORY}/files snapshots
restic -r ${RESTIC_REPOSITORY}/pg-database snapshots
}
source /usr/local/lib/functions.sh
source /usr/local/lib/file-functions.sh
main

View file

@ -0,0 +1,46 @@
#!/usr/bin/env bb
(require '[babashka.tasks :as tasks]
'[dda.backup.core :as bc]
'[dda.backup.postgresql :as pg]
'[dda.backup.restore :as rs])
(def restic-repo {:password-file (bc/env-or-file "RESTIC_PASSWORD_FILE")
:restic-repository (bc/env-or-file "RESTIC_REPOSITORY")})
(def file-config (merge restic-repo {:backup-path "files"
:restore-target-directory "/var/backups/restore"
:snapshot-id "latest"}))
(def db-config (merge restic-repo {:backup-path "pg-database"
:pg-host (bc/env-or-file "POSTGRES_SERVICE")
:pg-port (bc/env-or-file "POSTGRES_PORT")
:pg-db (bc/env-or-file "POSTGRES_DB")
:pg-user (bc/env-or-file "POSTGRES_USER")
:pg-password (bc/env-or-file "POSTGRES_PASSWORD")
:snapshot-id "latest"}))
(def aws-config {:aws-access-key-id (bc/env-or-file "AWS_ACCESS_KEY_ID")
:aws-secret-access-key (bc/env-or-file "AWS_SECRET_ACCESS_KEY")})
(def dry-run {:dry-run true :debug true})
(defn prepare!
[]
(pg/create-pg-pass! db-config)
(bc/create-aws-credentials! aws-config))
(defn restic-restore!
[]
(rs/restore-file! file-config)
(tasks/shell ["bash" "-c" "rm -rf /var/backups/gitea/*"])
(tasks/shell ["bash" "-c" "rm -rf /var/backups/git/repositories/*"])
(tasks/shell ["mv" "/var/backups/restore/gitea" "/var/backups/"])
(tasks/shell ["mv" "/var/backups/restore/git/repositories" "/var/backups/git/"])
(tasks/shell ["chown" "-R" "1000:1000" "/var/backups"])
(pg/drop-create-db! (merge db-config {:debug true}))
(rs/restore-db! (merge db-config {:debug true})))
(prepare!)
(restic-restore!)

View file

@ -1,38 +0,0 @@
#!/bin/bash
set -Eeo pipefail
function main() {
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
file_env POSTGRES_DB
file_env POSTGRES_PASSWORD
file_env POSTGRES_USER
# Restore latest snapshot into /var/backups/restore
rm -rf /var/backups/restore
restore-directory '/var/backups/restore'
rm -rf /var/backups/gitea/*
rm -rf /var/backups/git/repositories/*
cp -r /var/backups/restore/gitea /var/backups/
cp -r /var/backups/restore/git/repositories /var/backups/git/
# adjust file permissions for the git user
chown -R 1000:1000 /var/backups
# TODO: Regenerate Git Hooks? Do we need this?
#/usr/local/bin/gitea -c '/data/gitea/conf/app.ini' admin regenerate hooks
# Restore db
drop-create-db
restore-db
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
source /usr/local/lib/file-functions.sh
main

View file

@ -0,0 +1,27 @@
#!/usr/bin/env bb
(require
'[dda.backup.core :as bc]
'[dda.backup.postgresql :as pg])
(def restic-repo {:password-file (bc/env-or-file "RESTIC_PASSWORD_FILE")
:restic-repository (bc/env-or-file "RESTIC_REPOSITORY")})
(def db-config (merge restic-repo {:backup-path "pg-database"
:pg-host (bc/env-or-file "POSTGRES_SERVICE")
:pg-port (bc/env-or-file "POSTGRES_PORT")
:pg-db (bc/env-or-file "POSTGRES_DB")
:pg-user (bc/env-or-file "POSTGRES_USER")
:pg-password (bc/env-or-file "POSTGRES_PASSWORD")}))
(defn prepare!
[]
(pg/create-pg-pass! db-config))
(defn wait! []
(while true
(Thread/sleep 1000)))
(prepare!)
(wait!)

View file

@ -1,11 +1,4 @@
FROM c4k-forgejo-backup
FROM c4k-forgejo-backup:latest
RUN apt update
RUN apt -yqq --no-install-recommends --yes install curl default-jre-headless
RUN curl -L -o /tmp/serverspec.jar \
https://github.com/DomainDrivenArchitecture/dda-serverspec-crate/releases/download/2.0.0/dda-serverspec-standalone.jar
COPY serverspec.edn /tmp/serverspec.edn
RUN java -jar /tmp/serverspec.jar /tmp/serverspec.edn -v
ADD resources /tmp/
RUN ENV_PASSWORD=env-password FILE_PASSWORD_FILE=/tmp/file_password /tmp/test.bb

View file

@ -0,0 +1,3 @@
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
orchestra/orchestra {:mvn/version "2021.01.01-1"}
org.domaindrivenarchitecture/dda-backup {:local/root "/usr/local/lib/dda-backup"}}}

View file

@ -0,0 +1,62 @@
#!/usr/bin/env bb
(require '[babashka.tasks :as tasks]
'[dda.backup.core :as bc]
'[dda.backup.restic :as rc]
'[dda.backup.postgresql :as pg]
'[dda.backup.backup :as bak]
'[dda.backup.restore :as rs])
(def restic-repo {:password-file "restic-pwd"
:restic-repository "restic-repo"})
(def file-config (merge restic-repo {:backup-path "files"
:files ["test-backup"]
:restore-target-directory "test-restore"}))
(def db-config (merge restic-repo {:backup-path "db"
:pg-db "mydb"
:pg-user "user"
:pg-password "password"}))
(def dry-run {:dry-run true :debug true})
(defn prepare!
[]
(spit "/tmp/file_password" "file-password")
(println (bc/env-or-file "FILE_PASSWORD"))
(println (bc/env-or-file "ENV_PASSWORD"))
(spit "restic-pwd" "ThePassword")
(tasks/shell "mkdir" "-p" "test-backup")
(spit "test-backup/file" "I was here")
(tasks/shell "mkdir" "-p" "test-restore")
(pg/create-pg-pass! db-config))
(defn restic-repo-init!
[]
(rc/init! file-config)
(rc/init! (merge db-config dry-run)))
(defn restic-backup!
[]
(bak/backup-file! file-config)
(bak/backup-db! (merge db-config dry-run)))
(defn list-snapshots!
[]
(rc/list-snapshots! file-config)
(rc/list-snapshots! (merge db-config dry-run)))
(defn restic-restore!
[]
(rs/restore-file! file-config)
(pg/drop-create-db! (merge db-config dry-run))
(rs/restore-db! (merge db-config dry-run)))
(prepare!)
(restic-repo-init!)
(restic-backup!)
(list-snapshots!)
(restic-restore!)

View file

@ -1,6 +0,0 @@
{:file [{:path "/usr/local/bin/init.sh" :mod "700"}
{:path "/usr/local/bin/backup.sh" :mod "700"}
{:path "/usr/local/bin/restore.sh" :mod "700"}
{:path "/usr/local/bin/restic-snapshots.sh" :mod "700"}
{:path "/entrypoint.sh" :mod "700"}
{:path "/entrypoint-start-and-wait.sh" :mod "700"}]}

View file

@ -6,7 +6,7 @@ from ddadevops import *
name = 'c4k-forgejo'
MODULE = 'federated'
PROJECT_ROOT_PATH = '../..'
version = "3.0.4"
version = "4.0.1-dev"
@init
def initialize(project):

View file

@ -1,5 +1,5 @@
#Build stage
FROM docker.io/library/golang:1.21-alpine3.18 AS build-env
FROM docker.io/library/golang:1.21-alpine3.19 as build-env
ARG GOPROXY
ENV GOPROXY ${GOPROXY:-direct}
@ -9,12 +9,12 @@ ARG TAGS="sqlite sqlite_unlock_notify"
ENV TAGS "bindata timetzdata $TAGS"
ARG CGO_EXTRA_CFLAGS
ENV FORGEJO_GIT_URL "https://codeberg.org/forgejo/forgejo.git"
#ENV FORGEJO_GIT_URL "https://git.exozy.me/a/gitea.git"
ENV FORGEJO_BRANCH "forgejo-development"
#ENV FORGEJO_BRANCH "libreplanet-federation-demo"
ENV FORGEJO_GIT_URL "https://codeberg.org/meissa/forgejo.git"
ENV FORGEJO_BRANCH "forgejo-federated-star"
#Build deps
RUN apk -U upgrade
RUN apk cache clean
RUN apk --no-cache add build-base git nodejs npm
#Setup repo
@ -34,6 +34,8 @@ LABEL maintainer="contact@forgejo.org"
EXPOSE 22 3000
RUN apk -U upgrade
RUN apk cache clean
RUN apk --no-cache add \
bash \
ca-certificates \

View file

@ -1,10 +0,0 @@
FROM c4k-forgejo-federated
RUN apk --no-cache add openjdk11-jre-headless
RUN curl -L -o /tmp/serverspec.jar \
https://github.com/DomainDrivenArchitecture/dda-serverspec-crate/releases/download/2.0.0/dda-serverspec-standalone.jar
COPY serverspec.edn /tmp/serverspec.edn
RUN java -jar /tmp/serverspec.jar /tmp/serverspec.edn -v

View file

@ -1,8 +0,0 @@
{:file [{:path "/usr/bin/entrypoint" :mod "755"}
{:path "/app/gitea/gitea" :mod "755"}
{:path "/usr/local/bin/gitea" :mod "755"}
{:path "/usr/local/bin/environment-to-ini" :mod "755"}
{:path "/etc/s6/gitea/" :mod "755"}
{:path "/etc/s6/openssh/" :mod "755"}
{:path "/etc/s6/.s6-svscan/" :mod "755"}
{:path "/etc/profile.d/gitea_bash_autocomplete.sh" :mod "644"}]}

View file

@ -2,7 +2,7 @@
"name": "c4k-forgejo",
"description": "Generate c4k yaml for a forgejo deployment.",
"author": "meissa GmbH",
"version": "3.0.4",
"version": "4.0.1-SNAPSHOT",
"homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-forgejo#readme",
"repository": "https://www.npmjs.com/package/c4k-forgejo",
"license": "APACHE2",

View file

@ -1,16 +1,17 @@
(defproject org.domaindrivenarchitecture/c4k-forgejo "3.0.4"
(defproject org.domaindrivenarchitecture/c4k-forgejo "4.0.1-SNAPSHOT"
:description "forgejo c4k-installation package"
:url "https://domaindrivenarchitecture.org"
:license {:name "Apache License, Version 2.0"
:url "https://www.apache.org/licenses/LICENSE-2.0.html"}
:dependencies [[org.clojure/clojure "1.11.1" :scope "provided"]
[org.clojure/tools.reader "1.3.6"]
[org.domaindrivenarchitecture/c4k-common-clj "6.0.3"]
[hickory "0.7.1"]]
:dependencies [[org.clojure/clojure "1.11.4" :scope "provided"]
[org.clojure/tools.reader "1.5.0"]
[org.domaindrivenarchitecture/c4k-common-clj "8.0.0"]
[hickory "0.7.1" :exclusions [viebel/codox-klipse-theme]]]
:target-path "target/%s/"
:source-paths ["src/main/cljc"
"src/main/clj"]
:resource-paths ["src/main/resources"]
:resource-paths ["src/main/resources"
"project.clj"]
:repositories [["snapshots" :clojars]
["releases" :clojars]]
:deploy-repositories [["snapshots" {:sign-releases false :url "https://clojars.org/repo"}]
@ -22,25 +23,14 @@
:uberjar {:aot :all
:main dda.c4k-forgejo.uberjar
:uberjar-name "c4k-forgejo-standalone.jar"
:dependencies [[org.clojure/tools.cli "1.0.219"]
[ch.qos.logback/logback-classic "1.4.11"
:dependencies [[org.clojure/tools.cli "1.1.230"]
[ch.qos.logback/logback-classic "1.5.7"
:exclusions [com.sun.mail/javax.mail]]
[org.slf4j/jcl-over-slf4j "2.0.9"]]}}
[org.slf4j/jcl-over-slf4j "2.0.16"]
[com.github.clj-easy/graal-build-time "1.0.5"]]}}
:release-tasks [["test"]
["vcs" "assert-committed"]
["change" "version" "leiningen.release/bump-version" "release"]
["vcs" "commit"]
["vcs" "tag" "v" "--no-sign"]
["change" "version" "leiningen.release/bump-version"]]
:aliases {"native" ["shell"
"native-image"
"--report-unsupported-elements-at-runtime"
"--initialize-at-build-time"
"-jar" "target/uberjar/c4k-forgejo-standalone.jar"
"-H:ResourceConfigurationFiles=graalvm-resource-config.json"
"-H:Log=registerResource"
"-H:Name=target/graalvm/${:name}"]
"inst" ["shell"
"sh"
"-c"
"lein uberjar && sudo install -m=755 target/uberjar/c4k-forgejo-standalone.jar /usr/local/bin/c4k-forgejo-standalone.jar"]})
["change" "version" "leiningen.release/bump-version"]])

View file

@ -4,7 +4,7 @@
"src/test/cljc"
"src/test/cljs"
"src/test/resources"]
:dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "6.0.1"]
:dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "8.0.0"]
[hickory "0.7.1"]]
:builds {:frontend {:target :browser
:modules {:main {:init-fn dda.c4k-forgejo.browser/init}}

View file

@ -4,11 +4,14 @@
[dda.c4k-forgejo.core :as core]
[dda.c4k-common.uberjar :as uberjar]))
(set! *warn-on-reflection* true)
(defn -main [& cmd-args]
(uberjar/main-common
(uberjar/main-cm
"c4k-forgejo"
core/config?
core/auth?
core/config-defaults
core/k8s-objects
core/config-objects
core/auth-objects
cmd-args))

View file

@ -1,24 +1,20 @@
(ns dda.c4k-forgejo.backup
(:require
[clojure.spec.alpha :as s]
#?(:cljs [shadow.resource :as rc])
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.common :as cm]))
[dda.c4k-common.common :as cm]
[dda.c4k-common.predicate :as p]
#?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]])))
(s/def ::aws-access-key-id cm/bash-env-string?)
(s/def ::aws-secret-access-key cm/bash-env-string?)
(s/def ::restic-password cm/bash-env-string?)
(s/def ::restic-repository cm/bash-env-string?)
(s/def ::aws-access-key-id p/bash-env-string?)
(s/def ::aws-secret-access-key p/bash-env-string?)
(s/def ::restic-password p/bash-env-string?)
(s/def ::restic-repository p/bash-env-string?)
#?(:cljs
(defmethod yaml/load-resource :backup [resource-name]
(case resource-name
"backup/config.yaml" (rc/inline "backup/config.yaml")
"backup/cron.yaml" (rc/inline "backup/cron.yaml")
"backup/secret.yaml" (rc/inline "backup/secret.yaml")
"backup/backup-restore-deployment.yaml" (rc/inline "backup/backup-restore-deployment.yaml")
(throw (js/Error. "Undefined Resource!")))))
(get (inline-resources "backup") resource-name)))
(defn generate-config [my-conf]
(let [{:keys [restic-repository]} my-conf]

View file

@ -1,24 +1,36 @@
(ns dda.c4k-forgejo.core
(:require
[clojure.spec.alpha :as s]
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm]
[dda.c4k-common.monitoring :as mon]
[dda.c4k-forgejo.forgejo :as forgejo]
[dda.c4k-forgejo.backup :as backup]
[dda.c4k-common.postgres :as postgres]))
(:require
[clojure.spec.alpha :as s]
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm]
[dda.c4k-common.monitoring :as mon]
[dda.c4k-forgejo.forgejo :as forgejo]
[dda.c4k-forgejo.backup :as backup]
[dda.c4k-common.postgres :as postgres]
[dda.c4k-common.namespace :as ns]))
(def config-defaults {:issuer "staging", :deploy-federated "false"})
(def config-defaults {:namespace "forgejo"
:issuer "staging"
:deploy-federated "false"
:federation-enabled "false"
:db-name "forgejo"
:pv-storage-size-gb 5
:pvc-storage-class-name ""
:postgres-image "postgres:14"
:postgres-size :2gb})
(def rate-limit-defaults {:max-rate 10, :max-concurrent-requests 5})
(def config? (s/keys :req-un [::forgejo/fqdn
::forgejo/mailer-from
::forgejo/mailer-host
(def config? (s/keys :req-un [::forgejo/fqdn
::forgejo/mailer-from
::forgejo/mailer-host
::forgejo/mailer-port
::forgejo/service-noreply-address]
:opt-un [::forgejo/issuer
:opt-un [::forgejo/issuer
::forgejo/deploy-federated
::forgejo/federation-enabled
::forgejo/default-app-name
::forgejo/service-domain-whitelist
::forgejo/forgejo-image-version-overwrite
::backup/restic-repository
::mon/mon-cfg]))
@ -30,31 +42,39 @@
(def vol? (s/keys :req-un [::forgejo/volume-total-storage-size]))
(defn k8s-objects [config auth]
(defn config-objects [config] ; ToDo: ADR for generate functions - vector or no vector?
(let [storage-class (if (contains? config :postgres-data-volume-path) :manual :local-path)]
(map yaml/to-string
(filter #(not (nil? %))
(cm/concat-vec
[(postgres/generate-config {:postgres-size :2gb :db-name "forgejo"})
(postgres/generate-secret auth)
(ns/generate config)
[(postgres/generate-configmap config)
(when (contains? config :postgres-data-volume-path)
(postgres/generate-persistent-volume (select-keys config [:postgres-data-volume-path :pv-storage-size-gb])))
(postgres/generate-pvc {:pv-storage-size-gb 5
:pvc-storage-class-name storage-class})
(postgres/generate-deployment {:postgres-image "postgres:14"
:postgres-size :2gb})
(postgres/generate-service)
(postgres/generate-pvc (merge config {:pvc-storage-class-name storage-class}))
(postgres/generate-deployment config)
(postgres/generate-service config)
(forgejo/generate-deployment config)
(forgejo/generate-service)
(forgejo/generate-service-ssh)
(forgejo/generate-service-ssh)
(forgejo/generate-data-volume config)
(forgejo/generate-appini-env config)
(forgejo/generate-secrets auth)]
(forgejo/generate-ingress-and-cert config)
(forgejo/generate-appini-env config)]
(forgejo/generate-ratelimit-ingress-and-cert config) ; this function has a vector as output
(when (contains? config :restic-repository)
[(backup/generate-config config)
(backup/generate-secret auth)
(backup/generate-cron)
(backup/generate-backup-restore-deployment config)])
(when (:contains? config :mon-cfg)
(mon/generate (:mon-cfg config) (:mon-auth auth))))))))
(when (contains? config :mon-cfg)
(mon/generate-config)))))))
(defn auth-objects [config auth]
(map yaml/to-string
(filter #(not (nil? %))
(cm/concat-vec
(ns/generate config)
[(postgres/generate-secret config auth)
(forgejo/generate-secrets auth)]
(when (contains? config :restic-repository)
[(backup/generate-secret auth)])
(when (contains? config :mon-cfg)
(mon/generate-auth (:mon-cfg config) (:mon-auth auth)))))))

View file

@ -2,17 +2,15 @@
(:require
[clojure.spec.alpha :as s]
[clojure.string :as st]
#?(:cljs [shadow.resource :as rc])
#?(:clj [orchestra.core :refer [defn-spec]]
:cljs [orchestra.core :refer-macros [defn-spec]])
#?(:clj [clojure.edn :as edn]
:cljs [cljs.reader :as edn])
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm]
[dda.c4k-common.ingress :as ing]
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.predicate :as pred]
[dda.c4k-common.postgres :as postgres]))
[dda.c4k-common.postgres :as postgres]
#?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]])))
(defn domain-list?
[input]
@ -35,15 +33,19 @@
(s/def ::default-app-name string?)
(s/def ::fqdn pred/fqdn-string?)
(s/def ::deploy-federated boolean-string?)
(s/def ::federation-enabled boolean-string?)
(s/def ::mailer-from pred/bash-env-string?)
(s/def ::mailer-host pred/bash-env-string?)
(s/def ::mailer-port pred/bash-env-string?)
(s/def ::service-domain-whitelist domain-list?)
(s/def ::service-noreply-address string?)
(s/def ::forgejo-image-version-overwrite string?)
(s/def ::mailer-user pred/bash-env-string?)
(s/def ::mailer-pw pred/bash-env-string?)
(s/def ::issuer pred/letsencrypt-issuer?)
(s/def ::volume-total-storage-size (partial pred/int-gt-n? 5))
(s/def ::max-rate int?)
(s/def ::max-concurrent-requests int?)
(def config? (s/keys :req-un [::fqdn
::mailer-from
@ -52,8 +54,13 @@
::service-noreply-address]
:opt-un [::issuer
::deploy-federated
::federation-enabled
::default-app-name
::service-domain-whitelist]))
::service-domain-whitelist
::forgejo-image-version-overwrite]))
(def rate-limit-config? (s/keys :req-un [::max-rate
::max-concurrent-requests]))
(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password ::mailer-user ::mailer-pw]))
@ -62,25 +69,28 @@
(defn data-storage-by-volume-size
[total]
total)
;;TODO: remove unneccessaries, fedaration is merged
(def federated-image-name "domaindrivenarchitecture/c4k-forgejo-federated")
(def federated-image-version "latest")
(def non-federated-image-name "codeberg.org/forgejo/forgejo")
(def non-federated-image-version "8.0.3")
(def federated-image-name "domaindrivenarchitecture/c4k-forgejo-federated:latest")
(def non-federated-image-name "codeberg.org/forgejo/forgejo:1.19")
(defn-spec generate-image-str string?
[config config?]
(let [{:keys [deploy-federated forgejo-image-version-overwrite]} config
deploy-federated-bool (boolean-from-string deploy-federated)]
(if deploy-federated-bool
(str federated-image-name ":" (or forgejo-image-version-overwrite federated-image-version))
(str non-federated-image-name ":" (or forgejo-image-version-overwrite non-federated-image-version)))))
#?(:cljs
(defmethod yaml/load-resource :forgejo [resource-name]
(case resource-name
"forgejo/appini-env-configmap.yaml" (rc/inline "forgejo/appini-env-configmap.yaml")
"forgejo/deployment.yaml" (rc/inline "forgejo/deployment.yaml")
"forgejo/secrets.yaml" (rc/inline "forgejo/secrets.yaml")
"forgejo/service.yaml" (rc/inline "forgejo/service.yaml")
"forgejo/service-ssh.yaml" (rc/inline "forgejo/service-ssh.yaml")
"forgejo/datavolume.yaml" (rc/inline "forgejo/datavolume.yaml")
(throw (js/Error. "Undefined Resource!")))))
(get (inline-resources "forgejo") resource-name)))
(defn generate-appini-env
[config]
(let [{:keys [default-app-name
deploy-federated
federation-enabled
fqdn
mailer-from
mailer-host
@ -89,7 +99,7 @@
service-noreply-address]
:or {default-app-name "forgejo instance"
service-domain-whitelist fqdn}} config
deploy-federated-bool (boolean-from-string deploy-federated)]
federation-enabled-bool (boolean-from-string federation-enabled)]
(->
(yaml/load-as-edn "forgejo/appini-env-configmap.yaml")
(cm/replace-all-matching-values-by-new-value "APPNAME" default-app-name)
@ -101,7 +111,7 @@
(cm/replace-all-matching-values-by-new-value "WHITELISTDOMAINS" service-domain-whitelist)
(cm/replace-all-matching-values-by-new-value "NOREPLY" service-noreply-address)
(cm/replace-all-matching-values-by-new-value "IS_FEDERATED"
(if deploy-federated-bool
(if federation-enabled-bool
"true"
"false")))))
@ -113,20 +123,22 @@
mailer-pw]} auth]
(->
(yaml/load-as-edn "forgejo/secrets.yaml")
(cm/replace-all-matching-values-by-new-value "DBUSER" (b64/encode postgres-db-user))
(cm/replace-all-matching-values-by-new-value "DBPW" (b64/encode postgres-db-password))
(cm/replace-all-matching-values-by-new-value "MAILERUSER" (b64/encode mailer-user))
(cm/replace-all-matching-values-by-new-value "MAILERPW" (b64/encode mailer-pw)))))
(cm/replace-all-matching "DBUSER" (b64/encode postgres-db-user))
(cm/replace-all-matching "DBPW" (b64/encode postgres-db-password))
(cm/replace-all-matching "MAILERUSER" (b64/encode mailer-user))
(cm/replace-all-matching "MAILERPW" (b64/encode mailer-pw)))))
(defn generate-ingress-and-cert
[config]
(let [{:keys [fqdn]} config]
(ing/generate-ingress-and-cert
(merge
{:service-name "forgejo-service"
:service-port 3000
:fqdns [fqdn]}
config))))
(defn-spec generate-ratelimit-ingress-and-cert seq?
[config config?]
(let [{:keys [fqdn max-rate max-concurrent-requests namespace]} config]
(ing/generate-simple-ingress (merge
{:service-name "forgejo-service"
:service-port 3000
:fqdns [fqdn]
:average-rate max-rate
:burst-rate max-concurrent-requests
:namespace namespace}
config))))
(defn-spec generate-data-volume pred/map-or-seq?
[config vol?]
@ -134,18 +146,13 @@
data-storage-size (data-storage-by-volume-size volume-total-storage-size)]
(->
(yaml/load-as-edn "forgejo/datavolume.yaml")
(cm/replace-all-matching-values-by-new-value "DATASTORAGESIZE" (str (str data-storage-size) "Gi")))))
(cm/replace-all-matching "DATASTORAGESIZE" (str (str data-storage-size) "Gi")))))
(defn-spec generate-deployment pred/map-or-seq?
[config config?]
(let [{:keys [deploy-federated]} config
deploy-federated-bool (boolean-from-string deploy-federated)]
(->
(yaml/load-as-edn "forgejo/deployment.yaml")
(cm/replace-all-matching-values-by-new-value "IMAGE_NAME"
(if deploy-federated-bool
federated-image-name
non-federated-image-name)))))
(cm/replace-all-matching "IMAGE_NAME" (generate-image-str config))))
(defn generate-service
[]

View file

@ -4,7 +4,7 @@
[clojure.tools.reader.edn :as edn]
[dda.c4k-forgejo.core :as core]
[dda.c4k-forgejo.forgejo :as forgejo]
[dda.c4k-common.browser :as br]
[dda.c4k-common.browser :as br]
[dda.c4k-common.common :as cm]))
(defn generate-group
@ -73,14 +73,13 @@
:mailer-host (br/get-content-from-element "mailer-host")
:mailer-port (br/get-content-from-element "mailer-port")
:service-noreply-address (br/get-content-from-element "service-noreply-address")
:volume-total-storage-size (br/get-content-from-element "volume-total-storage-size" :deserializer js/parseInt)}
:volume-total-storage-size (br/get-content-from-element "volume-total-storage-size" :deserializer js/parseInt)}
(when (not (st/blank? issuer))
{:issuer issuer})
(when (not (st/blank? app-name))
{:default-app-name app-name})
(when (not (st/blank? domain-whitelist))
{:service-domain-whitelist domain-whitelist})
)))
{:service-domain-whitelist domain-whitelist}))))
(defn validate-all! []
(br/validate! "fqdn" ::forgejo/fqdn)
@ -91,7 +90,7 @@
(br/validate! "deploy-federated" ::forgejo/deploy-federated :optional true)
(br/validate! "issuer" ::forgejo/issuer :optional true)
(br/validate! "app-name" ::forgejo/default-app-name :optional true)
(br/validate! "domain-whitelist" ::forgejo/service-domain-whitelist :optional true)
(br/validate! "domain-whitelist" ::forgejo/service-domain-whitelist :optional true)
(br/validate! "volume-total-storage-size" ::forgejo/volume-total-storage-size :deserializer js/parseInt)
(br/validate! "auth" forgejo/auth? :deserializer edn/read-string)
(br/set-form-validated!))
@ -103,16 +102,21 @@
(defn init []
(br/append-hickory (generate-content-div))
(-> js/document
(.getElementById "generate-button")
(.addEventListener "click"
#(do (validate-all!)
(-> (cm/generate-common
(config-from-document)
(br/get-content-from-element "auth" :deserializer edn/read-string)
core/config-defaults
core/k8s-objects)
(br/set-output!)))))
(let [config-only false
auth-only false]
(-> js/document
(.getElementById "generate-button")
(.addEventListener "click"
#(do (validate-all!)
(-> (cm/generate-cm
(config-from-document)
(br/get-content-from-element "auth" :deserializer edn/read-string)
core/config-defaults
core/config-objects
core/auth-objects
config-only
auth-only)
(br/set-output!))))))
(add-validate-listener "fqdn")
(add-validate-listener "deploy-federated")
(add-validate-listener "mailer-from")
@ -120,7 +124,7 @@
(add-validate-listener "mailer-port")
(add-validate-listener "service-noreply-address")
(add-validate-listener "app-name")
(add-validate-listener "domain-whitelist")
(add-validate-listener "domain-whitelist")
(add-validate-listener "volume-total-storage-size")
(add-validate-listener "issuer")
(add-validate-listener "auth"))

View file

@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: backup-restore
namespace: forgejo
spec:
replicas: 0
selector:
@ -20,7 +21,7 @@ spec:
- image: domaindrivenarchitecture/c4k-forgejo-backup
name: backup-app
imagePullPolicy: IfNotPresent
command: ["/entrypoint-start-and-wait.sh"]
command: ["wait.bb"]
env:
- name: POSTGRES_USER
valueFrom:

View file

@ -2,6 +2,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: backup-config
namespace: forgejo
labels:
app.kubernetes.io/name: backup
app.kubernetes.io/part-of: forgejo

View file

@ -1,7 +1,8 @@
apiVersion: batch/v1beta1
apiVersion: batch/v1
kind: CronJob
metadata:
name: forgejo-backup
namespace: forgejo
labels:
app.kubernetes.part-of: forgejo
spec:
@ -16,7 +17,7 @@ spec:
- name: backup-app
image: domaindrivenarchitecture/c4k-forgejo-backup
imagePullPolicy: IfNotPresent
command: ["/entrypoint.sh"]
command: ["backup.bb"]
env:
- name: POSTGRES_USER
valueFrom:

View file

@ -2,6 +2,7 @@ apiVersion: v1
kind: Secret
metadata:
name: backup-secret
namespace: forgejo
type: Opaque
data:
aws-access-key-id: aws-access-key-id

View file

@ -2,7 +2,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: forgejo-env
namespace: default
namespace: forgejo
data:
#[admin]
FORGEJO__admin__DEFAULT_EMAIL_NOTIFICATIONS: "enabled" # Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
@ -16,7 +16,6 @@ data:
FORGEJO__database__NAME: forgejo
FORGEJO__database__LOG_SQL: "false"
FORGEJO__database__SSL_MODE: disable
FORGEJO__database__CHARSET: utf8
#[DEFAULT]
APP_NAME: APPNAME
@ -37,12 +36,12 @@ data:
#[mailer]
FORGEJO__mailer__ENABLED: "true"
FORGEJO__mailer__FROM: FROM
FORGEJO__mailer__MAILER_TYPE: smtp+startls
FORGEJO__mailer__PROTOCOL: smtp+starttls
FORGEJO__mailer__SMTP_ADDR: MAILERHOST
FORGEJO__mailer__SMTP_PORT: MAILERPORT
#[oauth2]
FORGEJO__oauth2__ENABLE: "true"
FORGEJO__oauth2__ENABLED: "true"
#[openid]
FORGEJO__openid__ENABLE_OPENID: "true"
@ -76,7 +75,7 @@ data:
FORGEJO__service__REQUIRE_SIGNIN_VIEW: "false"
FORGEJO__service__REGISTER_EMAIL_CONFIRM: "true"
FORGEJO__service__ENABLE_NOTIFY_MAIL: "true"
FORGEJO__service__EMAIL_DOMAIN_WHITELIST: WHITELISTDOMAINS
FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST: WHITELISTDOMAINS
FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "false"
FORGEJO__service__ENABLE_BASIC_AUTHENTICATION: "true"
FORGEJO__service__ENABLE_CAPTCHA: "false"

View file

@ -2,7 +2,7 @@ apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: forgejo-data-pvc
namespace: default
namespace: forgejo
labels:
app: forgejo
spec:

View file

@ -2,7 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: forgejo
namespace: default
namespace: forgejo
labels:
app: forgejo
spec:

View file

@ -2,6 +2,7 @@ apiVersion: v1
kind: Secret
metadata:
name: forgejo-secrets
namespace: forgejo
data:
FORGEJO__database__USER: DBUSER
FORGEJO__database__PASSWD: DBPW

View file

@ -2,7 +2,7 @@ kind: Service
apiVersion: v1
metadata:
name: forgejo-ssh-service
namespace: default
namespace: forgejo
annotations:
metallb.universe.tf/allow-shared-ip: "shared-ip-service-group"
metallb.universe.tf/address-pool: public

View file

@ -2,7 +2,7 @@ kind: Service
apiVersion: v1
metadata:
name: forgejo-service
namespace: default
namespace: forgejo
spec:
selector:
app: forgejo

View file

@ -0,0 +1,32 @@
(ns dda.c4k-forgejo.backup-test
(:require
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[clojure.spec.test.alpha :as st]
[dda.c4k-forgejo.backup :as cut]))
(st/instrument `cut/generate-config)
(deftest should-generate-backup-config
(testing "federated"
(is (= {:apiVersion "v1",
:kind "ConfigMap",
:metadata
{:name "backup-config",
:namespace "forgejo",
:labels
#:app.kubernetes.io{:name "backup", :part-of "forgejo"}},
:data {:restic-repository "s3:s3.amazonaws.com/backup/federated-repo"}}
(cut/generate-config
{:restic-repository "s3:s3.amazonaws.com/backup/federated-repo"}))))
(testing "non-federated"
(is (= {:apiVersion "v1",
:kind "ConfigMap",
:metadata
{:name "backup-config",
:namespace "forgejo",
:labels
#:app.kubernetes.io{:name "backup", :part-of "forgejo"}},
:data {:restic-repository "s3:s3.amazonaws.com/backup/repo"}}
(cut/generate-config
{:restic-repository "s3:s3.amazonaws.com/backup/repo"})))))

View file

@ -12,6 +12,40 @@
(st/instrument `cut/generate-ingress)
(st/instrument `cut/generate-secrets)
(deftest should-generate-image-str
(testing "non-federated-image"
(is (= "codeberg.org/forgejo/forgejo:8.0.3"
(cut/generate-image-str {:fqdn "test.de"
:mailer-from ""
:mailer-host "m.t.de"
:mailer-port "123"
:service-noreply-address ""
:deploy-federated "false"})))
(is (= "codeberg.org/forgejo/forgejo:1.19.3-0"
(cut/generate-image-str {:fqdn "test.de"
:mailer-from ""
:mailer-host "m.t.de"
:mailer-port "123"
:service-noreply-address ""
:deploy-federated "false"
:forgejo-image-version-overwrite "1.19.3-0"}))))
(testing "federated-image"
(is (= "domaindrivenarchitecture/c4k-forgejo-federated:latest"
(cut/generate-image-str {:fqdn "test.de"
:mailer-from ""
:mailer-host "m.t.de"
:mailer-port "123"
:service-noreply-address ""
:deploy-federated "true"})))
(is (= "domaindrivenarchitecture/c4k-forgejo-federated:3.2.0"
(cut/generate-image-str {:fqdn "test.de"
:mailer-from ""
:mailer-host "m.t.de"
:mailer-port "123"
:service-noreply-address ""
:deploy-federated "true"
:forgejo-image-version-overwrite "3.2.0"})))))
(deftest should-generate-appini-env
(is (= {:APP_NAME-c1 "",
:APP_NAME-c2 "test forgejo",
@ -29,21 +63,20 @@
:FORGEJO__server__ROOT_URL-c2 "https://test.com",
:FORGEJO__server__SSH_DOMAIN-c1 "test.de",
:FORGEJO__server__SSH_DOMAIN-c2 "test.com",
:FORGEJO__service__EMAIL_DOMAIN_WHITELIST-c1 "adb.de",
:FORGEJO__service__EMAIL_DOMAIN_WHITELIST-c2 "test.com,test.net",
:FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST-c1 "adb.de",
:FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST-c2 "test.com,test.net",
:FORGEJO__service__NO_REPLY_ADDRESS-c1 "",
:FORGEJO__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"}
(th/map-diff (cut/generate-appini-env {:default-app-name ""
:deploy-federated "false"
:fqdn "test.de"
:federation-enabled "false"
:fqdn "test.de"
:mailer-from ""
:mailer-host "m.t.de"
:mailer-port "123"
:service-domain-whitelist "adb.de"
:service-noreply-address ""
})
:service-noreply-address ""})
(cut/generate-appini-env {:default-app-name "test forgejo"
:deploy-federated "true"
:federation-enabled "true"
:fqdn "test.com"
:mailer-from "test@test.com"
:mailer-host "mail.test.com"
@ -51,62 +84,61 @@
:service-domain-whitelist "test.com,test.net"
:service-noreply-address "noreply@test.com"})))))
(deftest should-generate-non-federated-deployment
(is (= {:apiVersion "apps/v1",
:kind "Deployment",
:metadata {:name "forgejo", :namespace "default", :labels {:app "forgejo"}},
:spec
{:replicas 1,
:selector {:matchLabels {:app "forgejo"}},
:template
{:metadata {:name "forgejo", :labels {:app "forgejo"}},
(deftest should-generate-deployment
(testing "non-federated"
(is (= {:apiVersion "apps/v1",
:kind "Deployment",
:metadata {:name "forgejo", :namespace "forgejo", :labels {:app "forgejo"}},
:spec
{:containers
[{:name "forgejo",
:image "codeberg.org/forgejo/forgejo:1.19",
:imagePullPolicy "IfNotPresent",
:envFrom [{:configMapRef {:name "forgejo-env"}} {:secretRef {:name "forgejo-secrets"}}],
:volumeMounts [{:name "forgejo-data-volume", :mountPath "/data"}],
:ports [{:containerPort 22, :name "git-ssh"} {:containerPort 3000, :name "forgejo"}]}],
:volumes [{:name "forgejo-data-volume", :persistentVolumeClaim {:claimName "forgejo-data-pvc"}}]}}}}
(cut/generate-deployment
{:default-app-name ""
:deploy-federated "false"
:fqdn "test.de"
:mailer-from ""
:mailer-host "m.t.de"
:mailer-port "123"
:service-domain-whitelist "adb.de"
:service-noreply-address ""}
))))
(deftest should-generate-federated-deployment
(is (= {:apiVersion "apps/v1",
:kind "Deployment",
:metadata {:name "forgejo", :namespace "default", :labels {:app "forgejo"}},
:spec
{:replicas 1,
:selector {:matchLabels {:app "forgejo"}},
:template
{:metadata {:name "forgejo", :labels {:app "forgejo"}},
{:replicas 1,
:selector {:matchLabels {:app "forgejo"}},
:template
{:metadata {:name "forgejo", :labels {:app "forgejo"}},
:spec
{:containers
[{:name "forgejo",
:image "codeberg.org/forgejo/forgejo:8.0.3",
:imagePullPolicy "IfNotPresent",
:envFrom [{:configMapRef {:name "forgejo-env"}} {:secretRef {:name "forgejo-secrets"}}],
:volumeMounts [{:name "forgejo-data-volume", :mountPath "/data"}],
:ports [{:containerPort 22, :name "git-ssh"} {:containerPort 3000, :name "forgejo"}]}],
:volumes [{:name "forgejo-data-volume", :persistentVolumeClaim {:claimName "forgejo-data-pvc"}}]}}}}
(cut/generate-deployment
{:default-app-name ""
:deploy-federated "false"
:fqdn "test.de"
:mailer-from ""
:mailer-host "m.t.de"
:mailer-port "123"
:service-domain-whitelist "adb.de"
:service-noreply-address ""}))))
(testing "federated-deployment"
(is (= {:apiVersion "apps/v1",
:kind "Deployment",
:metadata {:name "forgejo", :namespace "forgejo", :labels {:app "forgejo"}},
:spec
{:containers
[{:name "forgejo",
:image "domaindrivenarchitecture/c4k-forgejo-federated:latest",
:imagePullPolicy "IfNotPresent",
:envFrom [{:configMapRef {:name "forgejo-env"}} {:secretRef {:name "forgejo-secrets"}}],
:volumeMounts [{:name "forgejo-data-volume", :mountPath "/data"}],
:ports [{:containerPort 22, :name "git-ssh"} {:containerPort 3000, :name "forgejo"}]}],
:volumes [{:name "forgejo-data-volume", :persistentVolumeClaim {:claimName "forgejo-data-pvc"}}]}}}}
(cut/generate-deployment
{:default-app-name ""
:deploy-federated "true"
:fqdn "test.de"
:mailer-from ""
:mailer-host "m.t.de"
:mailer-port "123"
:service-domain-whitelist "adb.de"
:service-noreply-address ""}))))
{:replicas 1,
:selector {:matchLabels {:app "forgejo"}},
:template
{:metadata {:name "forgejo", :labels {:app "forgejo"}},
:spec
{:containers
[{:name "forgejo",
:image "domaindrivenarchitecture/c4k-forgejo-federated:latest",
:imagePullPolicy "IfNotPresent",
:envFrom [{:configMapRef {:name "forgejo-env"}} {:secretRef {:name "forgejo-secrets"}}],
:volumeMounts [{:name "forgejo-data-volume", :mountPath "/data"}],
:ports [{:containerPort 22, :name "git-ssh"} {:containerPort 3000, :name "forgejo"}]}],
:volumes [{:name "forgejo-data-volume", :persistentVolumeClaim {:claimName "forgejo-data-pvc"}}]}}}}
(cut/generate-deployment
{:default-app-name ""
:deploy-federated "true"
:fqdn "test.de"
:mailer-from ""
:mailer-host "m.t.de"
:mailer-port "123"
:service-domain-whitelist "adb.de"
:service-noreply-address ""})))))
(deftest should-generate-secret
(is (= {:FORGEJO__database__USER-c1 "",