added namespace to runbook commands

Added option for dedicated federation-enables and fixed tests
updated to forgejo version 7.0
2024-07-31 09:40:16 +02:00 · 2024-07-31 09:39:06 +02:00 · 2024-07-31 09:38:43 +02:00
5 changed files with 57 additions and 56 deletions
--- a/doc/Runbook_UpgradeFrom1.19To7.0.5.md
+++ b/doc/Runbook_UpgradeFrom1.19To7.0.5.md
@ -9,70 +9,70 @@

 ## Preparations

-1. Stop Forgejo Prod: `k scale deployment forgejo --replicas=0`
-1. Disable Backup Cron: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
-1. Scale up Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1`
-1. Execute Manual Backup: `kubectl exec -it backup-restore-... -- /usr/local/bin/backup.sh`
+1. Stop Forgejo Prod: `k scale -n forgejo deployment forgejo --replicas=0`
+1. Disable Backup Cron: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
+1. Scale up Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1`
+1. Execute Manual Backup: `kubectl exec -n forgejo -it backup-restore-... -- /usr/local/bin/backup.sh`

 ### Create 2nd Repo Prod Server

 1. Terraform Preparations for 2nd Server: TODO
 1. Install c4k-forgejo Version TODO   
   with config `"forgejo-image-version-overwrite": "1.19.3-0"`
-1. Stop Forgejo Deployment: `k scale deployment forgejo --replicas=0`
-1. Disable Backup Cron: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
-1. Scale up Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1`
+1. Stop Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
+1. Disable Backup Cron: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
+1. Scale up Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1`
 1. Restore Forgejo Backup: See [BackupAndRestore.md](BackupAndRestore.md)
 1. Check for `..._INSTALL_LOCK: true` in ConfigMap `forgejo-env`
-1. Scale up Forgejo Deployment and check for (startup) problems: `k scale deployment forgejo --replicas=1`
+1. Scale up Forgejo Deployment and check for (startup) problems: `k scale -n forgejo deployment forgejo --replicas=1`

 ## Upgrade to 1.20.1-0

-1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0`
-1. Adjust configmap: `k edit cm forgejo-env`
+1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
+1. Adjust configmap: `k edit -n forgejo cm forgejo-env`
    1. Remove `FORGEJO__database__CHARSET: utf8` (This was a misconfiguration, since this option only had effect for mysql dbs)
    1. Change `FORGEJO__mailer__MAILER_TYPE: smtp+startls` TO `FORGEJO__mailer__PROTOCOL: smtp+starttls` (Missed deprecation from 1.19)
    1. Change `FORGEJO__service__EMAIL_DOMAIN_WHITELIST: repo.test.meissa.de` TO `FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST: repo.test.meissa.de` (Fallback deprecation in 1.21)
-1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
-1. Set version to `1.20.1-0` with `k edit deployment forgejo`
-1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1`
+1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
+1. Set version to `1.20.1-0` with `k edit -n forgejo deployment forgejo`
+1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
 1. Check for errors

 ## Upgrade to 1.21.1-0

-1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0`
-1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
-1. Set version to `1.21.1-0` with `k edit deployment forgejo`
-1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1`
+1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
+1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
+1. Set version to `1.21.1-0` with `k edit -n forgejo deployment forgejo`
+1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
 1. Check for errors
 1. After upgrading, login as an admin, go to the `/admin` page and click run `Sync missed branches from git data to databases` (`Fehlende Branches aus den Git-Daten in die Datenbank synchronisieren`). If this is not done there will be messages such as `LoadBranches: branch does not exist in the logs`.

 ## Upgrade to 7.0.0

-1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0`
-1. Adjust configmap: `k edit cm forgejo-env`
+1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
+1. Adjust configmap: `k edit -n forgejo cm forgejo-env`
    1. Change `FORGEJO__oauth2__ENABLE: "true"` TO `FORGEJO__oauth2__ENABLED: "true"`
-1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
-1. Set version to `7.0.0` with `k edit deployment forgejo`
-1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1`
+1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
+1. Set version to `7.0.0` with `k edit -n forgejo deployment forgejo`
+1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
 1. Check for errors

 ## Upgrade to 7.0.5 (no breaking changes)

 TODO: Upgrade to 8.0.0 instead after Release!

-1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0`
-1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
-1. Set version to `7.0.5` with `k edit deployment forgejo`
-1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1`
+1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
+1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
+1. Set version to `7.0.5` with `k edit -n forgejo deployment forgejo`
+1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
 1. Check for errors

 ## Post Work

 1. Switch DNS to new server
-1. Reenable Backup Cron on new server: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : false }}'`
-1. Execute manual Backup on new server: `kubectl exec -it backup-restore-... -- /usr/local/bin/backup.sh`
-1. Scale down Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1`
+1. Reenable Backup Cron on new server: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : false }}'`
+1. Execute manual Backup on new server: `kubectl exec -n forgejo -it backup-restore-... -- /usr/local/bin/backup.sh`
+1. Scale down Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1`
 1. The scope of all access tokens might (invisibly) have changed (in v1.20). Thus, rotate all tokens!
 1. Users should check their ssh keys: if they use rsa keys the minimum length should be 3072 bits! However, shorter keys should still work.

--- a/src/main/cljc/dda/c4k_forgejo/core.cljc
+++ b/src/main/cljc/dda/c4k_forgejo/core.cljc
@ -12,6 +12,7 @@
 (def config-defaults {:namespace "forgejo"
                      :issuer "staging"
                      :deploy-federated "false"
+                      :federation-enabled "false"
                      :db-name "forgejo"
                      :pv-storage-size-gb 5
                      :pvc-storage-class-name ""
@ -26,7 +27,8 @@
                              ::forgejo/service-noreply-address]
                     :opt-un [::forgejo/issuer
                              ::forgejo/deploy-federated
-                              ::forgejo/default-app-name
+                              ::forgejo/federation-enabled
+                              ::forgejo/default-app-name 
                              ::forgejo/service-domain-whitelist
                              ::forgejo/forgejo-image-version-overwrite
                              ::backup/restic-repository
--- a/src/main/cljc/dda/c4k_forgejo/forgejo.cljc
+++ b/src/main/cljc/dda/c4k_forgejo/forgejo.cljc
@ -33,6 +33,7 @@
 (s/def ::default-app-name string?)
 (s/def ::fqdn pred/fqdn-string?)
 (s/def ::deploy-federated boolean-string?)
+(s/def ::federation-enabled boolean-string?)
 (s/def ::mailer-from pred/bash-env-string?)
 (s/def ::mailer-host pred/bash-env-string?)
 (s/def ::mailer-port pred/bash-env-string?)
@ -53,6 +54,7 @@
                              ::service-noreply-address]
                     :opt-un [::issuer
                              ::deploy-federated
+                              ::federation-enabled
                              ::default-app-name
                              ::service-domain-whitelist
                              ::forgejo-image-version-overwrite]))
@ -71,7 +73,7 @@
 (def federated-image-name "domaindrivenarchitecture/c4k-forgejo-federated")
 (def federated-image-version "latest")
 (def non-federated-image-name "codeberg.org/forgejo/forgejo")
-(def non-federated-image-version "1.19")
+(def non-federated-image-version "7.0")

 (defn-spec generate-image-str string?
  [config config?]
@ -88,7 +90,7 @@
 (defn generate-appini-env
  [config]
  (let [{:keys [default-app-name
-                deploy-federated
+                federation-enabled
                fqdn
                mailer-from
                mailer-host
@ -97,19 +99,19 @@
                service-noreply-address]
         :or {default-app-name "forgejo instance"
              service-domain-whitelist fqdn}} config
-        deploy-federated-bool (boolean-from-string deploy-federated)]
+        federation-enabled-bool (boolean-from-string federation-enabled)]
    (->
     (yaml/load-as-edn "forgejo/appini-env-configmap.yaml")
-     (cm/replace-all-matching "APPNAME" default-app-name)
-     (cm/replace-all-matching "FQDN" fqdn)
-     (cm/replace-all-matching "URL" (str "https://" fqdn))
-     (cm/replace-all-matching "FROM" mailer-from)
-     (cm/replace-all-matching "MAILERHOST" mailer-host)
-     (cm/replace-all-matching "MAILERPORT" mailer-port)
-     (cm/replace-all-matching "WHITELISTDOMAINS" service-domain-whitelist)
-     (cm/replace-all-matching "NOREPLY" service-noreply-address)
-     (cm/replace-all-matching "IS_FEDERATED" 
-                                                  (if deploy-federated-bool
+     (cm/replace-all-matching-values-by-new-value "APPNAME" default-app-name)
+     (cm/replace-all-matching-values-by-new-value "FQDN" fqdn)
+     (cm/replace-all-matching-values-by-new-value "URL" (str "https://" fqdn))
+     (cm/replace-all-matching-values-by-new-value "FROM" mailer-from)
+     (cm/replace-all-matching-values-by-new-value "MAILERHOST" mailer-host)
+     (cm/replace-all-matching-values-by-new-value "MAILERPORT" mailer-port)
+     (cm/replace-all-matching-values-by-new-value "WHITELISTDOMAINS" service-domain-whitelist)
+     (cm/replace-all-matching-values-by-new-value "NOREPLY" service-noreply-address)
+     (cm/replace-all-matching-values-by-new-value "IS_FEDERATED" 
+                                                  (if federation-enabled-bool
                                                    "true"
                                                    "false")))))

@ -148,11 +150,9 @@

 (defn-spec generate-deployment pred/map-or-seq?
  [config config?]
-  (let [{:keys [deploy-federated]} config
-        deploy-federated-bool (boolean-from-string deploy-federated)]
    (->
     (yaml/load-as-edn "forgejo/deployment.yaml")
-     (cm/replace-all-matching "IMAGE_NAME" (generate-image-str config)))))
+     (cm/replace-all-matching "IMAGE_NAME" (generate-image-str config))))

 (defn generate-service
  []
--- a/src/main/resources/forgejo/appini-env-configmap.yaml
+++ b/src/main/resources/forgejo/appini-env-configmap.yaml
@ -16,7 +16,6 @@ data:
  FORGEJO__database__NAME: forgejo
  FORGEJO__database__LOG_SQL: "false"
  FORGEJO__database__SSL_MODE: disable
-  FORGEJO__database__CHARSET: utf8

  #[DEFAULT]
  APP_NAME: APPNAME
@ -37,12 +36,12 @@ data:
  #[mailer]
  FORGEJO__mailer__ENABLED: "true"
  FORGEJO__mailer__FROM: FROM
-  FORGEJO__mailer__MAILER_TYPE: smtp+startls
+  FORGEJO__mailer__PROTOCOL: smtp+starttls
  FORGEJO__mailer__SMTP_ADDR: MAILERHOST
  FORGEJO__mailer__SMTP_PORT: MAILERPORT

  #[oauth2]
-  FORGEJO__oauth2__ENABLE: "true"
+  FORGEJO__oauth2__ENABLED: "true"

  #[openid]
  FORGEJO__openid__ENABLE_OPENID: "true"
@ -76,7 +75,7 @@ data:
  FORGEJO__service__REQUIRE_SIGNIN_VIEW: "false"
  FORGEJO__service__REGISTER_EMAIL_CONFIRM: "true"
  FORGEJO__service__ENABLE_NOTIFY_MAIL: "true"
-  FORGEJO__service__EMAIL_DOMAIN_WHITELIST: WHITELISTDOMAINS 
+  FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST: WHITELISTDOMAINS 
  FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "false"
  FORGEJO__service__ENABLE_BASIC_AUTHENTICATION: "true"
  FORGEJO__service__ENABLE_CAPTCHA: "false"
--- a/src/test/cljc/dda/c4k_forgejo/forgejo_test.cljc
+++ b/src/test/cljc/dda/c4k_forgejo/forgejo_test.cljc
@ -14,7 +14,7 @@

 (deftest should-generate-image-str
  (testing "non-federated-image"
-    (is (= "codeberg.org/forgejo/forgejo:1.19"
+    (is (= "codeberg.org/forgejo/forgejo:7.0"
           (cut/generate-image-str {:fqdn "test.de"
                                    :mailer-from ""
                                    :mailer-host "m.t.de"
@ -63,12 +63,12 @@
          :FORGEJO__server__ROOT_URL-c2 "https://test.com",
          :FORGEJO__server__SSH_DOMAIN-c1 "test.de",
          :FORGEJO__server__SSH_DOMAIN-c2 "test.com",
-          :FORGEJO__service__EMAIL_DOMAIN_WHITELIST-c1 "adb.de",
-          :FORGEJO__service__EMAIL_DOMAIN_WHITELIST-c2 "test.com,test.net",
+          :FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST-c1 "adb.de",
+          :FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST-c2 "test.com,test.net",
          :FORGEJO__service__NO_REPLY_ADDRESS-c1 "",
          :FORGEJO__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"}
         (th/map-diff (cut/generate-appini-env {:default-app-name ""
-                                                :deploy-federated "false"
+                                                :federation-enabled "false"
                                                :fqdn "test.de"
                                                :mailer-from ""
                                                :mailer-host "m.t.de"
@ -76,7 +76,7 @@
                                                :service-domain-whitelist "adb.de"
                                                :service-noreply-address ""})
                      (cut/generate-appini-env {:default-app-name "test forgejo"
-                                                :deploy-federated "true"
+                                                :federation-enabled "true"
                                                :fqdn "test.com"
                                                :mailer-from "test@test.com"
                                                :mailer-host "mail.test.com"
@ -97,7 +97,7 @@
              :spec
              {:containers
               [{:name "forgejo",
-                 :image "codeberg.org/forgejo/forgejo:1.19",
+                 :image "codeberg.org/forgejo/forgejo:7.0",
                 :imagePullPolicy "IfNotPresent",
                 :envFrom [{:configMapRef {:name "forgejo-env"}} {:secretRef {:name "forgejo-secrets"}}],
                 :volumeMounts [{:name "forgejo-data-volume", :mountPath "/data"}],
Author	SHA1	Message	Date
Clemens	6a291d962a	added namespace to runbook commands	2024-07-31 09:40:16 +02:00
Clemens	3f0ce02da3	Added option for dedicated federation-enables and fixed tests	2024-07-31 09:39:06 +02:00
Clemens	a66f398d71	updated to forgejo version 7.0	2024-07-31 09:38:43 +02:00