Compare commits
No commits in common. "main" and "3.1.4" have entirely different histories.
51 changed files with 371 additions and 688 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -10,7 +10,6 @@ target/
|
||||||
.lein-repl-history
|
.lein-repl-history
|
||||||
.lein-failures
|
.lein-failures
|
||||||
pom.*
|
pom.*
|
||||||
reports/*
|
|
||||||
|
|
||||||
# cljs
|
# cljs
|
||||||
.shadow-cljs
|
.shadow-cljs
|
||||||
|
@ -29,4 +28,3 @@ auth.edn
|
||||||
config.edn
|
config.edn
|
||||||
|
|
||||||
.eastwood
|
.eastwood
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@ stages:
|
||||||
- image
|
- image
|
||||||
|
|
||||||
.img: &img
|
.img: &img
|
||||||
image: "domaindrivenarchitecture/ddadevops-dind:4.11.4"
|
image: "domaindrivenarchitecture/ddadevops-dind:4.10.7"
|
||||||
services:
|
services:
|
||||||
- docker:dind
|
- docker:dind
|
||||||
before_script:
|
before_script:
|
||||||
|
@ -16,7 +16,7 @@ stages:
|
||||||
- export IMAGE_TAG=$CI_COMMIT_TAG
|
- export IMAGE_TAG=$CI_COMMIT_TAG
|
||||||
|
|
||||||
.cljs-job: &cljs
|
.cljs-job: &cljs
|
||||||
image: "domaindrivenarchitecture/ddadevops-clj-cljs:4.11.4"
|
image: "domaindrivenarchitecture/ddadevops-clj-cljs:4.10.7"
|
||||||
cache:
|
cache:
|
||||||
key: ${CI_COMMIT_REF_SLUG}
|
key: ${CI_COMMIT_REF_SLUG}
|
||||||
paths:
|
paths:
|
||||||
|
@ -29,7 +29,7 @@ stages:
|
||||||
- npm install
|
- npm install
|
||||||
|
|
||||||
.clj-job: &clj
|
.clj-job: &clj
|
||||||
image: "domaindrivenarchitecture/ddadevops-clj:4.11.4"
|
image: "domaindrivenarchitecture/ddadevops-clj-cljs:4.10.7"
|
||||||
cache:
|
cache:
|
||||||
key: ${CI_COMMIT_REF_SLUG}
|
key: ${CI_COMMIT_REF_SLUG}
|
||||||
paths:
|
paths:
|
||||||
|
@ -93,15 +93,6 @@ package-uberjar:
|
||||||
paths:
|
paths:
|
||||||
- target/uberjar
|
- target/uberjar
|
||||||
|
|
||||||
package-native:
|
|
||||||
<<: *clj
|
|
||||||
stage: package
|
|
||||||
script:
|
|
||||||
- pyb package_native
|
|
||||||
artifacts:
|
|
||||||
paths:
|
|
||||||
- target/graalvm
|
|
||||||
|
|
||||||
release-to-clojars:
|
release-to-clojars:
|
||||||
<<: *clj
|
<<: *clj
|
||||||
<<: *tag_only
|
<<: *tag_only
|
||||||
|
@ -123,10 +114,9 @@ forgejo-backup-image-publish:
|
||||||
script:
|
script:
|
||||||
- cd infrastructure/backup && pyb image publish
|
- cd infrastructure/backup && pyb image publish
|
||||||
|
|
||||||
# This is currently not needed
|
forgejo-federated-image-publish:
|
||||||
#forgejo-federated-image-publish:
|
<<: *img
|
||||||
# <<: *img
|
<<: *tag_only
|
||||||
# <<: *tag_only
|
stage: image
|
||||||
# stage: image
|
script:
|
||||||
# script:
|
- cd infrastructure/federated && pyb image publish
|
||||||
# - cd infrastructure/federated && pyb image publish
|
|
17
README.md
17
README.md
|
@ -1,7 +1,7 @@
|
||||||
# convention 4 kubernetes: c4k-forgejo
|
# convention 4 kubernetes: c4k-forgejo
|
||||||
[![Clojars Project](https://img.shields.io/clojars/v/org.domaindrivenarchitecture/c4k-forgejo.svg)](https://clojars.org/org.domaindrivenarchitecture/c4k-forgejo) [![pipeline status](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/badges/master/pipeline.svg)](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/commits/main)
|
[![Clojars Project](https://img.shields.io/clojars/v/org.domaindrivenarchitecture/c4k-forgejo.svg)](https://clojars.org/org.domaindrivenarchitecture/c4k-forgejo) [![pipeline status](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/badges/master/pipeline.svg)](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/commits/main)
|
||||||
|
|
||||||
[<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa.de/images/parts/contact/mastodon36_hue9b2464f10b18e134322af482b9c915e_5501_filter_14705073121015236177.png" width=20 alt="M"> meissa@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@meissa) | [Blog](https://domaindrivenarchitecture.org) | [Website](https://meissa.de)
|
[<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa-gmbh.de/img/community/Mastodon_Logotype.svg" width=20 alt="team@social.meissa-gmbh.de"> team@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@team) | [Website & Blog](https://domaindrivenarchitecture.org)
|
||||||
|
|
||||||
## Purpose
|
## Purpose
|
||||||
|
|
||||||
|
@ -14,8 +14,6 @@ c4k-forgejo provides a k8s deployment file for forgejo containing:
|
||||||
* encrypted backup on S3 & restore
|
* encrypted backup on S3 & restore
|
||||||
* monitoring on graphana-cloud
|
* monitoring on graphana-cloud
|
||||||
|
|
||||||
c4k-forgejo is an example how to create efficient k8s one shot deployments with https://repo.prod.meissa.de/meissa/c4k-common.
|
|
||||||
|
|
||||||
## Try out
|
## Try out
|
||||||
|
|
||||||
Click on the image to try out live in your browser:
|
Click on the image to try out live in your browser:
|
||||||
|
@ -35,26 +33,21 @@ After having deployed the yaml-file generated by the c4k-forgejo module you need
|
||||||
* The SSH-URL for a repo has the format: "ssh://git@domain:2222/[username]/[repo].git
|
* The SSH-URL for a repo has the format: "ssh://git@domain:2222/[username]/[repo].git
|
||||||
Example: "git clone ssh://git@repo.test.meissa.de:2222/myuser/c4k-forgejo.git"
|
Example: "git clone ssh://git@repo.test.meissa.de:2222/myuser/c4k-forgejo.git"
|
||||||
|
|
||||||
### Add Impressum
|
|
||||||
|
|
||||||
In order to customize the UI e.g. for adding an Impressum, see the [Forgejo Docs](https://forgejo.org/docs/latest/developer/customization/#adding-links-and-tabs).
|
|
||||||
The individually needed files have to be added by hand into the directory `/data/gitea/templates/custom/` in the forgejo Pod. Since a PV is mounted under `/data`, these ui customizations are persisted.
|
|
||||||
|
|
||||||
## Development & mirrors
|
## Development & mirrors
|
||||||
|
|
||||||
Development happens at: https://repo.prod.meissa.de/meissa/c4k-forgejo
|
Development happens at: https://repo.prod.meissa.de/meissa/c4k-forgejo
|
||||||
|
|
||||||
Mirrors are:
|
Mirrors are:
|
||||||
|
|
||||||
* https://codeberg.org/meissa/c4k-forgejo (Issues and PR)
|
https://gitlab.com/domaindrivenarchitecture/c4k-forgejo (issues and PR, CI)
|
||||||
* https://gitlab.com/domaindrivenarchitecture/c4k-forgejo (CI)
|
https://codeberg.org/meissa/c4k-forgejo
|
||||||
* https://github.com/DomainDrivenArchitecture/c4k-forgejo
|
https://github.com/DomainDrivenArchitecture/c4k-forgejo
|
||||||
|
|
||||||
For more details about our repository model see: https://repo.prod.meissa.de/meissa/federate-your-repos
|
For more details about our repository model see: https://repo.prod.meissa.de/meissa/federate-your-repos
|
||||||
|
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
||||||
Copyright © 2023, 2024 meissa GmbH
|
Copyright © 2023 meissa GmbH
|
||||||
Licensed under the [Apache License, Version 2.0](LICENSE) (the "License")
|
Licensed under the [Apache License, Version 2.0](LICENSE) (the "License")
|
||||||
Pls. find licenses of our subcomponents [here](doc/SUBCOMPONENT_LICENSE)
|
Pls. find licenses of our subcomponents [here](doc/SUBCOMPONENT_LICENSE)
|
72
build.py
72
build.py
|
@ -29,9 +29,8 @@ def initialize(project):
|
||||||
"release_organisation": "meissa",
|
"release_organisation": "meissa",
|
||||||
"release_repository_name": name,
|
"release_repository_name": name,
|
||||||
"release_artifacts": [
|
"release_artifacts": [
|
||||||
"target/graalvm/" + name,
|
"target/uberjar/c4k-forgejo-standalone.jar",
|
||||||
"target/uberjar/" + name + "-standalone.jar",
|
"target/frontend-build/c4k-forgejo.js",
|
||||||
"target/frontend-build/" + name + ".js",
|
|
||||||
],
|
],
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -57,7 +56,7 @@ def test_schema(project):
|
||||||
"java -jar target/uberjar/c4k-forgejo-standalone.jar "
|
"java -jar target/uberjar/c4k-forgejo-standalone.jar "
|
||||||
+ "src/test/resources/forgejo-test/valid-config.yaml "
|
+ "src/test/resources/forgejo-test/valid-config.yaml "
|
||||||
+ "src/test/resources/forgejo-test/valid-auth.yaml | "
|
+ "src/test/resources/forgejo-test/valid-auth.yaml | "
|
||||||
+ """kubeconform --kubernetes-version 1.23.0 --strict --skip "Certificate,Middleware" -""",
|
+ "kubeconform --kubernetes-version 1.23.0 --strict --skip Certificate -",
|
||||||
shell=True,
|
shell=True,
|
||||||
check=True,
|
check=True,
|
||||||
)
|
)
|
||||||
|
@ -78,17 +77,17 @@ def package_frontend(project):
|
||||||
run("mkdir -p target/frontend-build", shell=True, check=True)
|
run("mkdir -p target/frontend-build", shell=True, check=True)
|
||||||
run("shadow-cljs release frontend", shell=True, check=True)
|
run("shadow-cljs release frontend", shell=True, check=True)
|
||||||
run(
|
run(
|
||||||
"cp public/js/main.js target/frontend-build/" + project.name + ".js",
|
"cp public/js/main.js target/frontend-build/c4k-forgejo.js",
|
||||||
shell=True,
|
shell=True,
|
||||||
check=True,
|
check=True,
|
||||||
)
|
)
|
||||||
run(
|
run(
|
||||||
"sha256sum target/frontend-build/c4k-forgejo.js > target/frontend-build/" + project.name + ".js.sha256",
|
"sha256sum target/frontend-build/c4k-forgejo.js > target/frontend-build/c4k-forgejo.js.sha256",
|
||||||
shell=True,
|
shell=True,
|
||||||
check=True,
|
check=True,
|
||||||
)
|
)
|
||||||
run(
|
run(
|
||||||
"sha512sum target/frontend-build/c4k-forgejo.js > target/frontend-build/" + project.name + ".js.sha512",
|
"sha512sum target/frontend-build/c4k-forgejo.js > target/frontend-build/c4k-forgejo.js.sha512",
|
||||||
shell=True,
|
shell=True,
|
||||||
check=True,
|
check=True,
|
||||||
)
|
)
|
||||||
|
@ -97,67 +96,12 @@ def package_frontend(project):
|
||||||
@task
|
@task
|
||||||
def package_uberjar(project):
|
def package_uberjar(project):
|
||||||
run(
|
run(
|
||||||
"sha256sum target/uberjar/c4k-forgejo-standalone.jar > target/uberjar/" + project.name + "-standalone.jar.sha256",
|
"sha256sum target/uberjar/c4k-forgejo-standalone.jar > target/uberjar/c4k-forgejo-standalone.jar.sha256",
|
||||||
shell=True,
|
shell=True,
|
||||||
check=True,
|
check=True,
|
||||||
)
|
)
|
||||||
run(
|
run(
|
||||||
"sha512sum target/uberjar/c4k-forgejo-standalone.jar > target/uberjar/" + project.name + "-standalone.jar.sha512",
|
"sha512sum target/uberjar/c4k-forgejo-standalone.jar > target/uberjar/c4k-forgejo-standalone.jar.sha512",
|
||||||
shell=True,
|
|
||||||
check=True,
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
@task
|
|
||||||
def package_native(project):
|
|
||||||
run(
|
|
||||||
"mkdir -p target/graalvm",
|
|
||||||
shell=True,
|
|
||||||
check=True,
|
|
||||||
)
|
|
||||||
run(
|
|
||||||
"native-image " +
|
|
||||||
"--native-image-info " +
|
|
||||||
"--report-unsupported-elements-at-runtime " +
|
|
||||||
"--no-server " +
|
|
||||||
"--no-fallback " +
|
|
||||||
"--features=clj_easy.graal_build_time.InitClojureClasses " +
|
|
||||||
"-jar target/uberjar/" + project.name + "-standalone.jar " +
|
|
||||||
"-march=compatibility " +
|
|
||||||
"-H:IncludeResources=.*.yaml " +
|
|
||||||
"-H:IncludeResources=logback.xml " +
|
|
||||||
"-H:Log=registerResource:verbose " +
|
|
||||||
"-H:Name=target/graalvm/" + project.name + "",
|
|
||||||
shell=True,
|
|
||||||
check=True,
|
|
||||||
)
|
|
||||||
run(
|
|
||||||
"sha256sum target/graalvm/c4k-forgejo > target/graalvm/" + project.name + ".sha256",
|
|
||||||
shell=True,
|
|
||||||
check=True,
|
|
||||||
)
|
|
||||||
run(
|
|
||||||
"sha512sum target/graalvm/c4k-forgejo > target/graalvm/" + project.name + ".sha512",
|
|
||||||
shell=True,
|
|
||||||
check=True,
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
@task
|
|
||||||
def inst(project):
|
|
||||||
run(
|
|
||||||
"lein uberjar",
|
|
||||||
shell=True,
|
|
||||||
check=True,
|
|
||||||
)
|
|
||||||
package_native(project)
|
|
||||||
run(
|
|
||||||
"sudo install -m=755 target/uberjar/" + project.name + "-standalone.jar /usr/local/bin/" + project.name + "-standalone.jar",
|
|
||||||
shell=True,
|
|
||||||
check=True,
|
|
||||||
)
|
|
||||||
run(
|
|
||||||
"sudo install -m=755 target/graalvm/" + project.name + " /usr/local/bin/" + project.name + "",
|
|
||||||
shell=True,
|
shell=True,
|
||||||
check=True,
|
check=True,
|
||||||
)
|
)
|
||||||
|
|
|
@ -10,32 +10,32 @@
|
||||||
## Manual init the restic repository for the first time
|
## Manual init the restic repository for the first time
|
||||||
|
|
||||||
1. apply backup-and-restore pod:
|
1. apply backup-and-restore pod:
|
||||||
`kubectl -n forgejo scale deployment backup-restore --replicas=1`
|
`kubectl scale deployment backup-restore --replicas=1`
|
||||||
2. exec into pod and execute restore pod (press tab to get your exact pod name)
|
2. exec into pod and execute restore pod (press tab to get your exact pod name)
|
||||||
`kubectl -n forgejo exec -it backup-restore-... -- /usr/local/bin/init.bb`
|
`kubectl exec -it backup-restore-... -- /usr/local/bin/init.sh`
|
||||||
3. remove backup-and-restore pod:
|
3. remove backup-and-restore pod:
|
||||||
`kubectl -n forgejo scale deployment backup-restore --replicas=0`
|
`kubectl scale deployment backup-restore --replicas=0`
|
||||||
|
|
||||||
|
|
||||||
## Manual backup the restic repository for the first time
|
## Manual backup the restic repository for the first time
|
||||||
|
|
||||||
1. apply backup-and-restore pod:
|
1. apply backup-and-restore pod:
|
||||||
`kubectl -n forgejo scale deployment backup-restore --replicas=1`
|
`kubectl scale deployment backup-restore --replicas=1`
|
||||||
2. exec into pod and execute backup pod (press tab to get your exact pod name)
|
2. exec into pod and execute backup pod (press tab to get your exact pod name)
|
||||||
`kubectl -n forgejo exec -it backup-restore-... -- /usr/local/bin/backup.bb`
|
`kubectl exec -it backup-restore-... -- /usr/local/bin/backup.sh`
|
||||||
3. remove backup-and-restore pod:
|
3. remove backup-and-restore pod:
|
||||||
`kubectl -n forgejo scale deployment backup-restore --replicas=0`
|
`kubectl scale deployment backup-restore --replicas=0`
|
||||||
|
|
||||||
|
|
||||||
## Manual restore
|
## Manual restore
|
||||||
|
|
||||||
1. apply backup-and-restore pod:
|
1. apply backup-and-restore pod:
|
||||||
`kubectl -n forgejo scale deployment backup-restore --replicas=1`
|
`kubectl scale deployment backup-restore --replicas=1`
|
||||||
2. Scale down forgejo deployment:
|
2. Scale down forgejo deployment:
|
||||||
`kubectl -n forgejo scale deployment forgejo --replicas=0`
|
`kubectl scale deployment forgejo --replicas=0`
|
||||||
3. exec into pod and execute restore pod (press tab to get your exact pod name)
|
3. exec into pod and execute restore pod (press tab to get your exact pod name)
|
||||||
`kubectl -n forgejo exec -it backup-restore-... -- /usr/local/bin/restore.bb`
|
`kubectl exec -it backup-restore-... -- /usr/local/bin/restore.sh`
|
||||||
4. Start forgejo again:
|
4. Start forgejo again:
|
||||||
`kubectl -n forgejo scale deployment forgejo --replicas=1`
|
`kubectl scale deployment forgejo --replicas=1`
|
||||||
5. remove backup-and-restore pod:
|
5. remove backup-and-restore pod:
|
||||||
`kubectl -n forgejo scale deployment backup-restore --replicas=0`
|
`kubectl scale deployment backup-restore --replicas=0`
|
||||||
|
|
|
@ -39,23 +39,26 @@ npx shadow-cljs release frontend
|
||||||
## graalvm-setup
|
## graalvm-setup
|
||||||
|
|
||||||
```
|
```
|
||||||
curl -LO https://github.com/graalvm/graalvm-ce-builds/releases/download/jdk-21.0.2/graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz
|
curl -LO https://github.com/graalvm/graalvm-ce-builds/releases/download/vm-21.0.0.2/graalvm-ce-java11-linux-amd64-21.0.0.2.tar.gz
|
||||||
|
|
||||||
# unpack
|
# unpack
|
||||||
tar -xzf graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz
|
tar -xzf graalvm-ce-java11-linux-amd64-21.0.0.2.tar.gz
|
||||||
|
|
||||||
sudo mv graalvm-community-openjdk-21.0.2+13.1 /usr/lib/jvm/
|
sudo mv graalvm-ce-java11-21.0.0.2 /usr/lib/jvm/
|
||||||
sudo ln -s /usr/lib/jvm/graalvm-community-openjdk-21.0.2+13.1 /usr/lib/jvm/graalvm-21
|
sudo ln -s /usr/lib/jvm/graalvm-ce-java11-21.0.0.2 /usr/lib/jvm/graalvm
|
||||||
sudo ln -s /usr/lib/jvm/graalvm-21/bin/gu /usr/local/bin
|
sudo ln -s /usr/lib/jvm/graalvm/bin/gu /usr/local/bin
|
||||||
sudo update-alternatives --install /usr/bin/java java /usr/lib/jvm/graalvm-21/bin/java 2
|
sudo update-alternatives --install /usr/bin/java java /usr/lib/jvm/graalvm/bin/java 2
|
||||||
sudo update-alternatives --config java
|
sudo update-alternatives --config java
|
||||||
sudo ln -s /usr/lib/jvm/graalvm-21/bin/native-image /usr/local/bin
|
|
||||||
|
# install native-image in graalvm-ce-java11-linux-amd64-21.0.0.2/bin
|
||||||
|
sudo gu install native-image
|
||||||
|
sudo ln -s /usr/lib/jvm/graalvm/bin/native-image /usr/local/bin
|
||||||
|
|
||||||
# deps
|
# deps
|
||||||
sudo apt-get install build-essential zlib1g-dev
|
sudo apt-get install build-essential libz-dev zlib1g-dev
|
||||||
|
|
||||||
# build
|
# build
|
||||||
cd ~/repo/c4k/c4k-forgejo
|
cd ~/repo/dda/c4k-cloud
|
||||||
lein uberjar
|
lein uberjar
|
||||||
mkdir -p target/graalvm
|
mkdir -p target/graalvm
|
||||||
lein native
|
lein native
|
||||||
|
|
41
doc/Releasing.md
Normal file
41
doc/Releasing.md
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
# Release process
|
||||||
|
|
||||||
|
## ... for testing (snapshots)
|
||||||
|
|
||||||
|
Make sure your clojars.org credentials are correctly set in your ~/.lein/profiles.clj file.
|
||||||
|
|
||||||
|
``` bash
|
||||||
|
git add .
|
||||||
|
git commit
|
||||||
|
```
|
||||||
|
|
||||||
|
``` bash
|
||||||
|
lein deploy # or lein deploy clojars
|
||||||
|
```
|
||||||
|
|
||||||
|
## ... for stable release
|
||||||
|
|
||||||
|
Make sure tags are protected in gitlab:
|
||||||
|
Repository Settings -> Protected Tags -> set \*.\*.\* as tag and save.
|
||||||
|
|
||||||
|
``` bash
|
||||||
|
git checkout main # for old projects replace main with master
|
||||||
|
git add .
|
||||||
|
git commit
|
||||||
|
```
|
||||||
|
|
||||||
|
Execute tests
|
||||||
|
|
||||||
|
``` bash
|
||||||
|
shadow-cljs compile test
|
||||||
|
node target/node-tests.js
|
||||||
|
lein test
|
||||||
|
```
|
||||||
|
|
||||||
|
Release with type (NONE, PATCH, MINOR, MAJOR):
|
||||||
|
``` bash
|
||||||
|
RELEASE_TYPE=[TYPE] pyb prepare_release after_publish
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
Done.
|
|
@ -1,135 +0,0 @@
|
||||||
# Playbook Upgrade from 1.19 to 7.0.5
|
|
||||||
|
|
||||||
## Info: Relevant Breaking Changes:
|
|
||||||
|
|
||||||
* 1.19.3: First version under consideration
|
|
||||||
* 1.20.1-0: Breaking https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#1-20-1-0
|
|
||||||
* 1.21.1-0: https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#1-21-1-0
|
|
||||||
* 7.0.0: https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-0
|
|
||||||
* 8.0.0: https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#8-0-0
|
|
||||||
|
|
||||||
## Preparations
|
|
||||||
|
|
||||||
1. Stop Forgejo Prod: `k scale deployment forgejo --replicas=0`
|
|
||||||
1. Disable Backup Cron: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
|
|
||||||
1. Scale up Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1`
|
|
||||||
1. Execute Manual Backup: `kubectl exec -n forgejo -it backup-restore-... -- /usr/local/bin/backup.sh`
|
|
||||||
|
|
||||||
### Create 2nd Repo Prod Server
|
|
||||||
|
|
||||||
1. Terraform Preparations for 2nd Server: TODO
|
|
||||||
1. Install c4k-forgejo Version `3.5.0`!
|
|
||||||
with config `"forgejo-image-version-overwrite": "1.19.3-0"` (in server-setup)
|
|
||||||
1. Stop Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
|
|
||||||
1. Disable Backup Cron: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
|
|
||||||
1. Scale up Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1`
|
|
||||||
1. Restore Forgejo Backup: See [BackupAndRestore.md](BackupAndRestore.md)
|
|
||||||
1. Check for `..._INSTALL_LOCK: true` in ConfigMap `forgejo-env`
|
|
||||||
1. Scale up Forgejo Deployment and check for (startup) problems: `k scale -n forgejo deployment forgejo --replicas=1`
|
|
||||||
|
|
||||||
## Upgrade to 1.20.1-0
|
|
||||||
|
|
||||||
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
|
|
||||||
1. Adjust configmap: `k edit -n forgejo cm forgejo-env`
|
|
||||||
1. Remove `FORGEJO__database__CHARSET: utf8` (This was a misconfiguration, since this option only had effect for mysql dbs)
|
|
||||||
1. Change `FORGEJO__mailer__MAILER_TYPE: smtp+startls` TO `FORGEJO__mailer__PROTOCOL: smtp+starttls` (Missed deprecation from 1.19)
|
|
||||||
1. Change `FORGEJO__service__EMAIL_DOMAIN_WHITELIST: repo.test.meissa.de` TO `FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST: repo.test.meissa.de` (Fallback deprecation in 1.21)
|
|
||||||
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
|
|
||||||
1. Set version to `1.20.1-0` with `k edit -n forgejo deployment forgejo`
|
|
||||||
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
|
|
||||||
1. Check for errors: `k logs -n forgejo forgejo-...`
|
|
||||||
|
|
||||||
## Upgrade to 1.21.1-0
|
|
||||||
|
|
||||||
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
|
|
||||||
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
|
|
||||||
1. Set version to `1.21.1-0` with `k edit -n forgejo deployment forgejo`
|
|
||||||
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
|
|
||||||
1. Check for errors: `k logs -n forgejo forgejo-...`
|
|
||||||
1. After upgrading, login as an admin, go to the `/admin` page and click run `Sync missed branches from git data to databases` (`Fehlende Branches aus den Git-Daten in die Datenbank synchronisieren`). If this is not done there will be messages such as `LoadBranches: branch does not exist in the logs`.
|
|
||||||
|
|
||||||
## Upgrade to 7.0.0
|
|
||||||
|
|
||||||
1. Check DB Version.
|
|
||||||
1. MariaDB or MySQL needs to be 8.0 or higher.
|
|
||||||
2. Postgres needs to be 12 or higher
|
|
||||||
1. API Endpoints
|
|
||||||
1. Check if the [/repos/{owner}/{repo}/releases](https://code.forgejo.org/api/swagger/#/repository/repoListReleases) API endpoint is used
|
|
||||||
1. as the per_page param is not used for [limit](https://codeberg.org/forgejo/forgejo/commit/0aab2d38a7d91bc8caff332e452364468ce52d9a) anymore
|
|
||||||
2. Check if [/repos/{owner}/{repo}/push_mirrors](https://code.forgejo.org/api/swagger/#/repository/repoListPushMirrors) and [/repos/{owner}/{repo}/push_mirrors](https://code.forgejo.org/api/swagger/#/repository/repoAddPushMirror) API endpoints are used
|
|
||||||
1. The date format of created and last_update fields are now [timestamps](https://codeberg.org/forgejo/forgejo/commit/0ee7cbf725f45650136be45f8e0f74d395f73b5c)
|
|
||||||
3. [pprof](https://forgejo.org/docs/v7.0/admin/config-cheat-sheet/#server-server) endpoint changed labels
|
|
||||||
1. graceful-lifecycle to gracefulLifecycle
|
|
||||||
2. process-type to processType
|
|
||||||
3. process-description to processDescription This allows for those endpoints to be scraped by services requiring prometheus style labels such as grafana-agent.
|
|
||||||
1. The Gitea themes were renamed and the \[ui\].THEMES setting must be changed as follows:
|
|
||||||
1. gitea is replaced by gitea-light
|
|
||||||
2. arc-green is replaced by gitea-dark
|
|
||||||
3. auto is replaced by gitea-auto
|
|
||||||
1. Migration warning
|
|
||||||
2. If the logs show a line like the following, run `doctor convert` to fix it.
|
|
||||||
3. Current database is using a case-insensitive collation "utf8mb4_general_ci"
|
|
||||||
4. Large instances may experience slow migrations when the database is upgraded to support SHA-256 git repositories.
|
|
||||||
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
|
|
||||||
1. Adjust configmap: `k edit -n forgejo cm forgejo-env`
|
|
||||||
1. Change `FORGEJO__oauth2__ENABLE: "true"` TO `FORGEJO__oauth2__ENABLED: "true"`
|
|
||||||
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
|
|
||||||
1. Set version to `7.0.0` with `k edit -n forgejo deployment forgejo`
|
|
||||||
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
|
|
||||||
1. Check for errors: `k logs -n forgejo forgejo-...`
|
|
||||||
|
|
||||||
## Upgrade to 8.0.3 (no relevant breaking changes)
|
|
||||||
|
|
||||||
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
|
|
||||||
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
|
|
||||||
1. Set version to `8.0.3` with `k edit -n forgejo deployment forgejo`
|
|
||||||
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
|
|
||||||
1. Check for errors: `k logs -n forgejo forgejo-...`
|
|
||||||
|
|
||||||
## Enable Federation
|
|
||||||
|
|
||||||
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
|
|
||||||
1. Adjust configmap: `k edit -n forgejo cm forgejo-env`
|
|
||||||
1. Change `FORGEJO__federation__ENABLED: "false"` TO `FORGEJO__federation__ENABLED: "true"`
|
|
||||||
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
|
|
||||||
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
|
|
||||||
1. Check for errors: `k logs -n forgejo forgejo-...`
|
|
||||||
|
|
||||||
## Post Work
|
|
||||||
|
|
||||||
1. Switch DNS to new server
|
|
||||||
1. Reenable Backup Cron on new server: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : false }}'`
|
|
||||||
1. Execute manual Backup on new server: `kubectl exec -n forgejo -it backup-restore-... -- /usr/local/bin/backup.sh`
|
|
||||||
1. Scale down Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1`
|
|
||||||
1. The scope of all access tokens might (invisibly) have changed (in v1.20). Thus, rotate all tokens!
|
|
||||||
1. Users should check their ssh keys: if they use rsa keys the minimum length should be 3072 bits! However, shorter keys should still work.
|
|
||||||
|
|
||||||
## Known Errors
|
|
||||||
|
|
||||||
### Error in v1.20.1-0
|
|
||||||
|
|
||||||
In the logs the following error can be found. This will be resolved automatically with the next upgrade (v1.21).
|
|
||||||
|
|
||||||
```
|
|
||||||
2024/07/08 08:31:30 ...g/config_provider.go:321:deprecatedSetting() [E] Deprecated fallback `[log]` `ROUTER` present. Use `[log]` `logger.router.MODE` instead. This fallback will be/has been removed in 1.21
|
|
||||||
```
|
|
||||||
|
|
||||||
# Add Shynet Analytics
|
|
||||||
|
|
||||||
1. Log into shynet & create new Service
|
|
||||||
1. Copy the generated html snippet and save it somewhere you remember
|
|
||||||
1. SSH into prod server
|
|
||||||
1. Make the necessary folders and files in forgejo data dir:
|
|
||||||
1. `kubectl exec -n forgejo -it forgejo-... -- bash`
|
|
||||||
1. `mkdir -p /data/gitea/templates/custom`
|
|
||||||
1. `touch /data/gitea/templates/custom/footer.tmpl`
|
|
||||||
1. Open the `footer.tmpl` and paste the saved snippet
|
|
||||||
1. Restart the pod
|
|
||||||
1. `k scale -n forgejo deployment forgejo --replicas=0`
|
|
||||||
1. `k scale -n forgejo deployment forgejo --replicas=1`
|
|
||||||
1. Add Information about analytics: Clone Datenschutz Repo
|
|
||||||
1. `git clone ssh://git@repo.prod.meissa.de:2222/meissa/Datenschutz.git`
|
|
||||||
1. Merge forgejo-upgrade into main
|
|
||||||
1. `git merge forgejo-upgrade`
|
|
||||||
1. Push to origin
|
|
||||||
1. `git push`
|
|
21
doc/Upgrading.md
Normal file
21
doc/Upgrading.md
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# Upgrading process
|
||||||
|
|
||||||
|
## adhoc (on kubernetes cluster)
|
||||||
|
|
||||||
|
Ssh into your kubernetes cluster running the forgejo instance.
|
||||||
|
|
||||||
|
``` bash
|
||||||
|
kubectl edit configmap forgejo-env
|
||||||
|
# make sure INSTALL_LOCK under security is set to true to disable the installation screen
|
||||||
|
# save and exit
|
||||||
|
kubectl edit deployments forgejo
|
||||||
|
# search for your current forgejo version, e.g. 1.19
|
||||||
|
# replace with new version
|
||||||
|
# save and exit
|
||||||
|
kubectl scale deployment forgejo --replicas=0
|
||||||
|
kubectl scale deployment forgejo --replicas=1
|
||||||
|
```
|
||||||
|
|
||||||
|
Logging into the admin account should now show the new version.
|
||||||
|
|
||||||
|
You may want to update your c4k-forgejo resources to reflect the changes made on the cluster.
|
|
@ -6,7 +6,7 @@ from ddadevops import *
|
||||||
name = "c4k-forgejo"
|
name = "c4k-forgejo"
|
||||||
MODULE = "backup"
|
MODULE = "backup"
|
||||||
PROJECT_ROOT_PATH = "../.."
|
PROJECT_ROOT_PATH = "../.."
|
||||||
version = "4.0.1-dev"
|
version = "3.1.4"
|
||||||
|
|
||||||
|
|
||||||
@init
|
@init
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
FROM domaindrivenarchitecture/dda-backup:latest
|
FROM domaindrivenarchitecture/dda-backup:latest
|
||||||
|
|
||||||
|
# Prepare Entrypoint Script
|
||||||
ADD resources /tmp
|
ADD resources /tmp
|
||||||
RUN /tmp/install.bb
|
RUN /tmp/install.sh
|
||||||
|
|
|
@ -1,46 +0,0 @@
|
||||||
#!/usr/bin/env bb
|
|
||||||
|
|
||||||
(require
|
|
||||||
'[dda.backup.core :as bc]
|
|
||||||
'[dda.backup.restic :as rc]
|
|
||||||
'[dda.backup.postgresql :as pg]
|
|
||||||
'[dda.backup.backup :as bak])
|
|
||||||
|
|
||||||
(def restic-repo {:password-file (bc/env-or-file "RESTIC_PASSWORD_FILE")
|
|
||||||
:restic-repository (bc/env-or-file "RESTIC_REPOSITORY")})
|
|
||||||
|
|
||||||
(def file-config (merge restic-repo {:backup-path "files"
|
|
||||||
:execution-directory "/var/backups/"
|
|
||||||
:files ["gitea/" "git/repositories/"]}))
|
|
||||||
|
|
||||||
|
|
||||||
(def db-config (merge restic-repo {:backup-path "pg-database"
|
|
||||||
:pg-host (bc/env-or-file "POSTGRES_SERVICE")
|
|
||||||
:pg-port (bc/env-or-file "POSTGRES_PORT")
|
|
||||||
:pg-db (bc/env-or-file "POSTGRES_DB")
|
|
||||||
:pg-user (bc/env-or-file "POSTGRES_USER")
|
|
||||||
:pg-password (bc/env-or-file "POSTGRES_PASSWORD")}))
|
|
||||||
|
|
||||||
(def aws-config {:aws-access-key-id (bc/env-or-file "AWS_ACCESS_KEY_ID")
|
|
||||||
:aws-secret-access-key (bc/env-or-file "AWS_SECRET_ACCESS_KEY")})
|
|
||||||
|
|
||||||
(def dry-run {:dry-run true :debug true})
|
|
||||||
|
|
||||||
(defn prepare!
|
|
||||||
[]
|
|
||||||
(bc/create-aws-credentials! aws-config)
|
|
||||||
(pg/create-pg-pass! db-config))
|
|
||||||
|
|
||||||
(defn restic-repo-init!
|
|
||||||
[]
|
|
||||||
(rc/init! file-config)
|
|
||||||
(rc/init! db-config))
|
|
||||||
|
|
||||||
(defn restic-backup!
|
|
||||||
[]
|
|
||||||
(bak/backup-file! file-config)
|
|
||||||
(bak/backup-db! db-config))
|
|
||||||
|
|
||||||
(prepare!)
|
|
||||||
(restic-repo-init!)
|
|
||||||
(restic-backup!)
|
|
19
infrastructure/backup/image/resources/backup.sh
Executable file
19
infrastructure/backup/image/resources/backup.sh
Executable file
|
@ -0,0 +1,19 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -Eexo pipefail
|
||||||
|
|
||||||
|
function main() {
|
||||||
|
file_env AWS_ACCESS_KEY_ID
|
||||||
|
file_env AWS_SECRET_ACCESS_KEY
|
||||||
|
file_env RESTIC_DAYS_TO_KEEP 30
|
||||||
|
file_env RESTIC_MONTHS_TO_KEEP 12
|
||||||
|
|
||||||
|
backup-db-dump
|
||||||
|
backup-fs-from-directory '/var/backups/' 'gitea/' 'git/repositories/'
|
||||||
|
}
|
||||||
|
|
||||||
|
source /usr/local/lib/functions.sh
|
||||||
|
source /usr/local/lib/pg-functions.sh
|
||||||
|
source /usr/local/lib/file-functions.sh
|
||||||
|
|
||||||
|
main
|
|
@ -1,3 +0,0 @@
|
||||||
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
|
|
||||||
orchestra/orchestra {:mvn/version "2021.01.01-1"}
|
|
||||||
org.domaindrivenarchitecture/dda-backup {:local/root "/usr/local/lib/dda-backup"}}}
|
|
|
@ -1,3 +0,0 @@
|
||||||
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
|
|
||||||
orchestra/orchestra {:mvn/version "2021.01.01-1"}
|
|
||||||
org.domaindrivenarchitecture/dda-build {:mvn/version "0.1.1-SNAPSHOT"}}}
|
|
|
@ -0,0 +1,15 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -Eexo pipefail
|
||||||
|
|
||||||
|
function main() {
|
||||||
|
create-pg-pass
|
||||||
|
|
||||||
|
while true; do
|
||||||
|
sleep 1m
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
source /usr/local/lib/functions.sh
|
||||||
|
source /usr/local/lib/pg-functions.sh
|
||||||
|
main
|
13
infrastructure/backup/image/resources/entrypoint.sh
Executable file
13
infrastructure/backup/image/resources/entrypoint.sh
Executable file
|
@ -0,0 +1,13 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -Eexo pipefail
|
||||||
|
|
||||||
|
function main() {
|
||||||
|
create-pg-pass
|
||||||
|
|
||||||
|
/usr/local/bin/backup.sh
|
||||||
|
}
|
||||||
|
|
||||||
|
source /usr/local/lib/functions.sh
|
||||||
|
source /usr/local/lib/pg-functions.sh
|
||||||
|
main
|
|
@ -1,3 +0,0 @@
|
||||||
#!/usr/bin/env bb
|
|
||||||
|
|
||||||
(println "initialized")
|
|
16
infrastructure/backup/image/resources/init.sh
Executable file
16
infrastructure/backup/image/resources/init.sh
Executable file
|
@ -0,0 +1,16 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -Eexo pipefail
|
||||||
|
|
||||||
|
function main() {
|
||||||
|
file_env AWS_ACCESS_KEY_ID
|
||||||
|
file_env AWS_SECRET_ACCESS_KEY
|
||||||
|
|
||||||
|
init-database-repo
|
||||||
|
init-file-repo
|
||||||
|
}
|
||||||
|
|
||||||
|
source /usr/local/lib/functions.sh
|
||||||
|
source /usr/local/lib/pg-functions.sh
|
||||||
|
source /usr/local/lib/file-functions.sh
|
||||||
|
main
|
|
@ -1,14 +0,0 @@
|
||||||
#!/usr/bin/env bb
|
|
||||||
|
|
||||||
(require
|
|
||||||
'[dda.image.ubuntu :as ub]
|
|
||||||
'[dda.image.install :as in])
|
|
||||||
|
|
||||||
|
|
||||||
(ub/upgrade-system!)
|
|
||||||
(in/install! "bb-backup.edn" :target-name "bb.edn" :mod "0400")
|
|
||||||
(in/install! "backup.bb")
|
|
||||||
(in/install! "restore.bb")
|
|
||||||
(in/install! "list-snapshots.bb")
|
|
||||||
(in/install! "wait.bb")
|
|
||||||
(ub/cleanup-container!)
|
|
21
infrastructure/backup/image/resources/install.sh
Executable file
21
infrastructure/backup/image/resources/install.sh
Executable file
|
@ -0,0 +1,21 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -exo pipefail
|
||||||
|
|
||||||
|
function main()
|
||||||
|
{
|
||||||
|
upgradeSystem
|
||||||
|
|
||||||
|
install -m 0700 /tmp/entrypoint.sh /
|
||||||
|
install -m 0700 /tmp/entrypoint-start-and-wait.sh /
|
||||||
|
|
||||||
|
install -m 0700 /tmp/init.sh /usr/local/bin/
|
||||||
|
install -m 0700 /tmp/backup.sh /usr/local/bin/
|
||||||
|
install -m 0700 /tmp/restore.sh /usr/local/bin/
|
||||||
|
install -m 0700 /tmp/restic-snapshots.sh /usr/local/bin/
|
||||||
|
|
||||||
|
cleanupDocker
|
||||||
|
} > /dev/null
|
||||||
|
|
||||||
|
source /tmp/install_functions_debian.sh
|
||||||
|
DEBIAN_FRONTEND=noninteractive DEBCONF_NOWARNINGS=yes main
|
|
@ -1,28 +0,0 @@
|
||||||
#!/usr/bin/env bb
|
|
||||||
|
|
||||||
(require
|
|
||||||
'[dda.backup.core :as bc]
|
|
||||||
'[dda.backup.restic :as rc])
|
|
||||||
|
|
||||||
(def restic-repo {:password-file (bc/env-or-file "RESTIC_PASSWORD_FILE")
|
|
||||||
:restic-repository (bc/env-or-file "RESTIC_REPOSITORY")})
|
|
||||||
|
|
||||||
(def file-config (merge restic-repo {:backup-path "files"}))
|
|
||||||
|
|
||||||
|
|
||||||
(def db-config (merge restic-repo {:backup-path "pg-database"}))
|
|
||||||
|
|
||||||
(def aws-config {:aws-access-key-id (bc/env-or-file "AWS_ACCESS_KEY_ID")
|
|
||||||
:aws-secret-access-key (bc/env-or-file "AWS_SECRET_ACCESS_KEY")})
|
|
||||||
|
|
||||||
(defn prepare!
|
|
||||||
[]
|
|
||||||
(bc/create-aws-credentials! aws-config))
|
|
||||||
|
|
||||||
(defn list-snapshots!
|
|
||||||
[]
|
|
||||||
(rc/list-snapshots! file-config)
|
|
||||||
(rc/list-snapshots! db-config))
|
|
||||||
|
|
||||||
(prepare!)
|
|
||||||
(list-snapshots!)
|
|
16
infrastructure/backup/image/resources/restic-snapshots.sh
Executable file
16
infrastructure/backup/image/resources/restic-snapshots.sh
Executable file
|
@ -0,0 +1,16 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -exo pipefail
|
||||||
|
|
||||||
|
function main() {
|
||||||
|
file_env AWS_ACCESS_KEY_ID
|
||||||
|
file_env AWS_SECRET_ACCESS_KEY
|
||||||
|
|
||||||
|
restic -r ${RESTIC_REPOSITORY}/files snapshots
|
||||||
|
restic -r ${RESTIC_REPOSITORY}/pg-database snapshots
|
||||||
|
}
|
||||||
|
|
||||||
|
source /usr/local/lib/functions.sh
|
||||||
|
source /usr/local/lib/file-functions.sh
|
||||||
|
|
||||||
|
main
|
|
@ -1,46 +0,0 @@
|
||||||
#!/usr/bin/env bb
|
|
||||||
|
|
||||||
(require '[babashka.tasks :as tasks]
|
|
||||||
'[dda.backup.core :as bc]
|
|
||||||
'[dda.backup.postgresql :as pg]
|
|
||||||
'[dda.backup.restore :as rs])
|
|
||||||
|
|
||||||
(def restic-repo {:password-file (bc/env-or-file "RESTIC_PASSWORD_FILE")
|
|
||||||
:restic-repository (bc/env-or-file "RESTIC_REPOSITORY")})
|
|
||||||
|
|
||||||
(def file-config (merge restic-repo {:backup-path "files"
|
|
||||||
:restore-target-directory "/var/backups/restore"
|
|
||||||
:snapshot-id "latest"}))
|
|
||||||
|
|
||||||
|
|
||||||
(def db-config (merge restic-repo {:backup-path "pg-database"
|
|
||||||
:pg-host (bc/env-or-file "POSTGRES_SERVICE")
|
|
||||||
:pg-port (bc/env-or-file "POSTGRES_PORT")
|
|
||||||
:pg-db (bc/env-or-file "POSTGRES_DB")
|
|
||||||
:pg-user (bc/env-or-file "POSTGRES_USER")
|
|
||||||
:pg-password (bc/env-or-file "POSTGRES_PASSWORD")
|
|
||||||
:snapshot-id "latest"}))
|
|
||||||
|
|
||||||
(def aws-config {:aws-access-key-id (bc/env-or-file "AWS_ACCESS_KEY_ID")
|
|
||||||
:aws-secret-access-key (bc/env-or-file "AWS_SECRET_ACCESS_KEY")})
|
|
||||||
|
|
||||||
(def dry-run {:dry-run true :debug true})
|
|
||||||
|
|
||||||
(defn prepare!
|
|
||||||
[]
|
|
||||||
(pg/create-pg-pass! db-config)
|
|
||||||
(bc/create-aws-credentials! aws-config))
|
|
||||||
|
|
||||||
(defn restic-restore!
|
|
||||||
[]
|
|
||||||
(rs/restore-file! file-config)
|
|
||||||
(tasks/shell ["bash" "-c" "rm -rf /var/backups/gitea/*"])
|
|
||||||
(tasks/shell ["bash" "-c" "rm -rf /var/backups/git/repositories/*"])
|
|
||||||
(tasks/shell ["mv" "/var/backups/restore/gitea" "/var/backups/"])
|
|
||||||
(tasks/shell ["mv" "/var/backups/restore/git/repositories" "/var/backups/git/"])
|
|
||||||
(tasks/shell ["chown" "-R" "1000:1000" "/var/backups"])
|
|
||||||
(pg/drop-create-db! (merge db-config {:debug true}))
|
|
||||||
(rs/restore-db! (merge db-config {:debug true})))
|
|
||||||
|
|
||||||
(prepare!)
|
|
||||||
(restic-restore!)
|
|
37
infrastructure/backup/image/resources/restore.sh
Executable file
37
infrastructure/backup/image/resources/restore.sh
Executable file
|
@ -0,0 +1,37 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -Eexo pipefail
|
||||||
|
|
||||||
|
function main() {
|
||||||
|
|
||||||
|
file_env AWS_ACCESS_KEY_ID
|
||||||
|
file_env AWS_SECRET_ACCESS_KEY
|
||||||
|
|
||||||
|
file_env POSTGRES_DB
|
||||||
|
file_env POSTGRES_PASSWORD
|
||||||
|
file_env POSTGRES_USER
|
||||||
|
|
||||||
|
# Restore latest snapshot into /var/backups/restore
|
||||||
|
restore-directory '/var/backups/restore'
|
||||||
|
|
||||||
|
rm -rf /var/backups/gitea/*
|
||||||
|
rm -rf /var/backups/git/repositories/*
|
||||||
|
cp -r /var/backups/restore/gitea /var/backups/ #ToDo: mv instead of cp or rm -rf after
|
||||||
|
cp -r /var/backups/restore/git/repositories /var/backups/git/ #ToDo: mv instead of cp or rm -rf after
|
||||||
|
|
||||||
|
# adjust file permissions for the git user
|
||||||
|
chown -R 1000:1000 /var/backups
|
||||||
|
|
||||||
|
# TODO: Regenerate Git Hooks? Do we need this?
|
||||||
|
#/usr/local/bin/gitea -c '/data/gitea/conf/app.ini' admin regenerate hooks
|
||||||
|
|
||||||
|
# Restore db
|
||||||
|
drop-create-db
|
||||||
|
restore-db
|
||||||
|
}
|
||||||
|
|
||||||
|
source /usr/local/lib/functions.sh
|
||||||
|
source /usr/local/lib/pg-functions.sh
|
||||||
|
source /usr/local/lib/file-functions.sh
|
||||||
|
|
||||||
|
main
|
|
@ -1,27 +0,0 @@
|
||||||
#!/usr/bin/env bb
|
|
||||||
|
|
||||||
(require
|
|
||||||
'[dda.backup.core :as bc]
|
|
||||||
'[dda.backup.postgresql :as pg])
|
|
||||||
|
|
||||||
|
|
||||||
(def restic-repo {:password-file (bc/env-or-file "RESTIC_PASSWORD_FILE")
|
|
||||||
:restic-repository (bc/env-or-file "RESTIC_REPOSITORY")})
|
|
||||||
|
|
||||||
(def db-config (merge restic-repo {:backup-path "pg-database"
|
|
||||||
:pg-host (bc/env-or-file "POSTGRES_SERVICE")
|
|
||||||
:pg-port (bc/env-or-file "POSTGRES_PORT")
|
|
||||||
:pg-db (bc/env-or-file "POSTGRES_DB")
|
|
||||||
:pg-user (bc/env-or-file "POSTGRES_USER")
|
|
||||||
:pg-password (bc/env-or-file "POSTGRES_PASSWORD")}))
|
|
||||||
|
|
||||||
(defn prepare!
|
|
||||||
[]
|
|
||||||
(pg/create-pg-pass! db-config))
|
|
||||||
|
|
||||||
(defn wait! []
|
|
||||||
(while true
|
|
||||||
(Thread/sleep 1000)))
|
|
||||||
|
|
||||||
(prepare!)
|
|
||||||
(wait!)
|
|
|
@ -1,4 +0,0 @@
|
||||||
FROM c4k-forgejo-backup:latest
|
|
||||||
|
|
||||||
ADD resources /tmp/
|
|
||||||
RUN ENV_PASSWORD=env-password FILE_PASSWORD_FILE=/tmp/file_password /tmp/test.bb
|
|
|
@ -1,3 +0,0 @@
|
||||||
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
|
|
||||||
orchestra/orchestra {:mvn/version "2021.01.01-1"}
|
|
||||||
org.domaindrivenarchitecture/dda-backup {:local/root "/usr/local/lib/dda-backup"}}}
|
|
|
@ -1,62 +0,0 @@
|
||||||
#!/usr/bin/env bb
|
|
||||||
|
|
||||||
(require '[babashka.tasks :as tasks]
|
|
||||||
'[dda.backup.core :as bc]
|
|
||||||
'[dda.backup.restic :as rc]
|
|
||||||
'[dda.backup.postgresql :as pg]
|
|
||||||
'[dda.backup.backup :as bak]
|
|
||||||
'[dda.backup.restore :as rs])
|
|
||||||
|
|
||||||
(def restic-repo {:password-file "restic-pwd"
|
|
||||||
:restic-repository "restic-repo"})
|
|
||||||
|
|
||||||
(def file-config (merge restic-repo {:backup-path "files"
|
|
||||||
:files ["test-backup"]
|
|
||||||
:restore-target-directory "test-restore"}))
|
|
||||||
|
|
||||||
|
|
||||||
(def db-config (merge restic-repo {:backup-path "db"
|
|
||||||
:pg-db "mydb"
|
|
||||||
:pg-user "user"
|
|
||||||
:pg-password "password"}))
|
|
||||||
|
|
||||||
(def dry-run {:dry-run true :debug true})
|
|
||||||
|
|
||||||
(defn prepare!
|
|
||||||
[]
|
|
||||||
(spit "/tmp/file_password" "file-password")
|
|
||||||
(println (bc/env-or-file "FILE_PASSWORD"))
|
|
||||||
(println (bc/env-or-file "ENV_PASSWORD"))
|
|
||||||
(spit "restic-pwd" "ThePassword")
|
|
||||||
(tasks/shell "mkdir" "-p" "test-backup")
|
|
||||||
(spit "test-backup/file" "I was here")
|
|
||||||
(tasks/shell "mkdir" "-p" "test-restore")
|
|
||||||
(pg/create-pg-pass! db-config))
|
|
||||||
|
|
||||||
(defn restic-repo-init!
|
|
||||||
[]
|
|
||||||
(rc/init! file-config)
|
|
||||||
(rc/init! (merge db-config dry-run)))
|
|
||||||
|
|
||||||
(defn restic-backup!
|
|
||||||
[]
|
|
||||||
(bak/backup-file! file-config)
|
|
||||||
(bak/backup-db! (merge db-config dry-run)))
|
|
||||||
|
|
||||||
(defn list-snapshots!
|
|
||||||
[]
|
|
||||||
(rc/list-snapshots! file-config)
|
|
||||||
(rc/list-snapshots! (merge db-config dry-run)))
|
|
||||||
|
|
||||||
|
|
||||||
(defn restic-restore!
|
|
||||||
[]
|
|
||||||
(rs/restore-file! file-config)
|
|
||||||
(pg/drop-create-db! (merge db-config dry-run))
|
|
||||||
(rs/restore-db! (merge db-config dry-run)))
|
|
||||||
|
|
||||||
(prepare!)
|
|
||||||
(restic-repo-init!)
|
|
||||||
(restic-backup!)
|
|
||||||
(list-snapshots!)
|
|
||||||
(restic-restore!)
|
|
|
@ -6,7 +6,7 @@ from ddadevops import *
|
||||||
name = 'c4k-forgejo'
|
name = 'c4k-forgejo'
|
||||||
MODULE = 'federated'
|
MODULE = 'federated'
|
||||||
PROJECT_ROOT_PATH = '../..'
|
PROJECT_ROOT_PATH = '../..'
|
||||||
version = "4.0.1-dev"
|
version = "3.1.4"
|
||||||
|
|
||||||
@init
|
@init
|
||||||
def initialize(project):
|
def initialize(project):
|
||||||
|
|
|
@ -10,7 +10,9 @@ ENV TAGS "bindata timetzdata $TAGS"
|
||||||
ARG CGO_EXTRA_CFLAGS
|
ARG CGO_EXTRA_CFLAGS
|
||||||
|
|
||||||
ENV FORGEJO_GIT_URL "https://codeberg.org/meissa/forgejo.git"
|
ENV FORGEJO_GIT_URL "https://codeberg.org/meissa/forgejo.git"
|
||||||
ENV FORGEJO_BRANCH "forgejo-federated-star"
|
#ENV FORGEJO_GIT_URL "https://git.exozy.me/a/gitea.git"
|
||||||
|
ENV FORGEJO_BRANCH "test-release"
|
||||||
|
#ENV FORGEJO_BRANCH "libreplanet-federation-demo"
|
||||||
|
|
||||||
#Build deps
|
#Build deps
|
||||||
RUN apk -U upgrade
|
RUN apk -U upgrade
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
"name": "c4k-forgejo",
|
"name": "c4k-forgejo",
|
||||||
"description": "Generate c4k yaml for a forgejo deployment.",
|
"description": "Generate c4k yaml for a forgejo deployment.",
|
||||||
"author": "meissa GmbH",
|
"author": "meissa GmbH",
|
||||||
"version": "4.0.1-SNAPSHOT",
|
"version": "3.1.4",
|
||||||
"homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-forgejo#readme",
|
"homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-forgejo#readme",
|
||||||
"repository": "https://www.npmjs.com/package/c4k-forgejo",
|
"repository": "https://www.npmjs.com/package/c4k-forgejo",
|
||||||
"license": "APACHE2",
|
"license": "APACHE2",
|
||||||
|
|
32
project.clj
32
project.clj
|
@ -1,17 +1,16 @@
|
||||||
(defproject org.domaindrivenarchitecture/c4k-forgejo "4.0.1-SNAPSHOT"
|
(defproject org.domaindrivenarchitecture/c4k-forgejo "3.1.4"
|
||||||
:description "forgejo c4k-installation package"
|
:description "forgejo c4k-installation package"
|
||||||
:url "https://domaindrivenarchitecture.org"
|
:url "https://domaindrivenarchitecture.org"
|
||||||
:license {:name "Apache License, Version 2.0"
|
:license {:name "Apache License, Version 2.0"
|
||||||
:url "https://www.apache.org/licenses/LICENSE-2.0.html"}
|
:url "https://www.apache.org/licenses/LICENSE-2.0.html"}
|
||||||
:dependencies [[org.clojure/clojure "1.11.4" :scope "provided"]
|
:dependencies [[org.clojure/clojure "1.11.1" :scope "provided"]
|
||||||
[org.clojure/tools.reader "1.5.0"]
|
[org.clojure/tools.reader "1.3.7"]
|
||||||
[org.domaindrivenarchitecture/c4k-common-clj "8.0.0"]
|
[org.domaindrivenarchitecture/c4k-common-clj "6.1.0"]
|
||||||
[hickory "0.7.1" :exclusions [viebel/codox-klipse-theme]]]
|
[hickory "0.7.1" :exclusions [viebel/codox-klipse-theme]]]
|
||||||
:target-path "target/%s/"
|
:target-path "target/%s/"
|
||||||
:source-paths ["src/main/cljc"
|
:source-paths ["src/main/cljc"
|
||||||
"src/main/clj"]
|
"src/main/clj"]
|
||||||
:resource-paths ["src/main/resources"
|
:resource-paths ["src/main/resources"]
|
||||||
"project.clj"]
|
|
||||||
:repositories [["snapshots" :clojars]
|
:repositories [["snapshots" :clojars]
|
||||||
["releases" :clojars]]
|
["releases" :clojars]]
|
||||||
:deploy-repositories [["snapshots" {:sign-releases false :url "https://clojars.org/repo"}]
|
:deploy-repositories [["snapshots" {:sign-releases false :url "https://clojars.org/repo"}]
|
||||||
|
@ -23,14 +22,25 @@
|
||||||
:uberjar {:aot :all
|
:uberjar {:aot :all
|
||||||
:main dda.c4k-forgejo.uberjar
|
:main dda.c4k-forgejo.uberjar
|
||||||
:uberjar-name "c4k-forgejo-standalone.jar"
|
:uberjar-name "c4k-forgejo-standalone.jar"
|
||||||
:dependencies [[org.clojure/tools.cli "1.1.230"]
|
:dependencies [[org.clojure/tools.cli "1.0.219"]
|
||||||
[ch.qos.logback/logback-classic "1.5.7"
|
[ch.qos.logback/logback-classic "1.4.14"
|
||||||
:exclusions [com.sun.mail/javax.mail]]
|
:exclusions [com.sun.mail/javax.mail]]
|
||||||
[org.slf4j/jcl-over-slf4j "2.0.16"]
|
[org.slf4j/jcl-over-slf4j "2.0.11"]]}}
|
||||||
[com.github.clj-easy/graal-build-time "1.0.5"]]}}
|
|
||||||
:release-tasks [["test"]
|
:release-tasks [["test"]
|
||||||
["vcs" "assert-committed"]
|
["vcs" "assert-committed"]
|
||||||
["change" "version" "leiningen.release/bump-version" "release"]
|
["change" "version" "leiningen.release/bump-version" "release"]
|
||||||
["vcs" "commit"]
|
["vcs" "commit"]
|
||||||
["vcs" "tag" "v" "--no-sign"]
|
["vcs" "tag" "v" "--no-sign"]
|
||||||
["change" "version" "leiningen.release/bump-version"]])
|
["change" "version" "leiningen.release/bump-version"]]
|
||||||
|
:aliases {"native" ["shell"
|
||||||
|
"native-image"
|
||||||
|
"--report-unsupported-elements-at-runtime"
|
||||||
|
"--initialize-at-build-time"
|
||||||
|
"-jar" "target/uberjar/c4k-forgejo-standalone.jar"
|
||||||
|
"-H:ResourceConfigurationFiles=graalvm-resource-config.json"
|
||||||
|
"-H:Log=registerResource"
|
||||||
|
"-H:Name=target/graalvm/${:name}"]
|
||||||
|
"inst" ["shell"
|
||||||
|
"sh"
|
||||||
|
"-c"
|
||||||
|
"lein uberjar && sudo install -m=755 target/uberjar/c4k-forgejo-standalone.jar /usr/local/bin/c4k-forgejo-standalone.jar"]})
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
"src/test/cljc"
|
"src/test/cljc"
|
||||||
"src/test/cljs"
|
"src/test/cljs"
|
||||||
"src/test/resources"]
|
"src/test/resources"]
|
||||||
:dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "8.0.0"]
|
:dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "6.1.0"]
|
||||||
[hickory "0.7.1"]]
|
[hickory "0.7.1"]]
|
||||||
:builds {:frontend {:target :browser
|
:builds {:frontend {:target :browser
|
||||||
:modules {:main {:init-fn dda.c4k-forgejo.browser/init}}
|
:modules {:main {:init-fn dda.c4k-forgejo.browser/init}}
|
||||||
|
|
|
@ -4,14 +4,11 @@
|
||||||
[dda.c4k-forgejo.core :as core]
|
[dda.c4k-forgejo.core :as core]
|
||||||
[dda.c4k-common.uberjar :as uberjar]))
|
[dda.c4k-common.uberjar :as uberjar]))
|
||||||
|
|
||||||
(set! *warn-on-reflection* true)
|
|
||||||
|
|
||||||
(defn -main [& cmd-args]
|
(defn -main [& cmd-args]
|
||||||
(uberjar/main-cm
|
(uberjar/main-common
|
||||||
"c4k-forgejo"
|
"c4k-forgejo"
|
||||||
core/config?
|
core/config?
|
||||||
core/auth?
|
core/auth?
|
||||||
core/config-defaults
|
core/config-defaults
|
||||||
core/config-objects
|
core/k8s-objects
|
||||||
core/auth-objects
|
|
||||||
cmd-args))
|
cmd-args))
|
||||||
|
|
|
@ -4,13 +4,12 @@
|
||||||
[dda.c4k-common.yaml :as yaml]
|
[dda.c4k-common.yaml :as yaml]
|
||||||
[dda.c4k-common.base64 :as b64]
|
[dda.c4k-common.base64 :as b64]
|
||||||
[dda.c4k-common.common :as cm]
|
[dda.c4k-common.common :as cm]
|
||||||
[dda.c4k-common.predicate :as p]
|
|
||||||
#?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]])))
|
#?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]])))
|
||||||
|
|
||||||
(s/def ::aws-access-key-id p/bash-env-string?)
|
(s/def ::aws-access-key-id cm/bash-env-string?)
|
||||||
(s/def ::aws-secret-access-key p/bash-env-string?)
|
(s/def ::aws-secret-access-key cm/bash-env-string?)
|
||||||
(s/def ::restic-password p/bash-env-string?)
|
(s/def ::restic-password cm/bash-env-string?)
|
||||||
(s/def ::restic-repository p/bash-env-string?)
|
(s/def ::restic-repository cm/bash-env-string?)
|
||||||
|
|
||||||
#?(:cljs
|
#?(:cljs
|
||||||
(defmethod yaml/load-resource :backup [resource-name]
|
(defmethod yaml/load-resource :backup [resource-name]
|
||||||
|
|
|
@ -1,36 +1,24 @@
|
||||||
(ns dda.c4k-forgejo.core
|
(ns dda.c4k-forgejo.core
|
||||||
(:require
|
(:require
|
||||||
[clojure.spec.alpha :as s]
|
[clojure.spec.alpha :as s]
|
||||||
[dda.c4k-common.yaml :as yaml]
|
[dda.c4k-common.yaml :as yaml]
|
||||||
[dda.c4k-common.common :as cm]
|
[dda.c4k-common.common :as cm]
|
||||||
[dda.c4k-common.monitoring :as mon]
|
[dda.c4k-common.monitoring :as mon]
|
||||||
[dda.c4k-forgejo.forgejo :as forgejo]
|
[dda.c4k-forgejo.forgejo :as forgejo]
|
||||||
[dda.c4k-forgejo.backup :as backup]
|
[dda.c4k-forgejo.backup :as backup]
|
||||||
[dda.c4k-common.postgres :as postgres]
|
[dda.c4k-common.postgres :as postgres]))
|
||||||
[dda.c4k-common.namespace :as ns]))
|
|
||||||
|
|
||||||
(def config-defaults {:namespace "forgejo"
|
(def config-defaults {:issuer "staging", :deploy-federated "false"})
|
||||||
:issuer "staging"
|
|
||||||
:deploy-federated "false"
|
|
||||||
:federation-enabled "false"
|
|
||||||
:db-name "forgejo"
|
|
||||||
:pv-storage-size-gb 5
|
|
||||||
:pvc-storage-class-name ""
|
|
||||||
:postgres-image "postgres:14"
|
|
||||||
:postgres-size :2gb})
|
|
||||||
(def rate-limit-defaults {:max-rate 10, :max-concurrent-requests 5})
|
|
||||||
|
|
||||||
(def config? (s/keys :req-un [::forgejo/fqdn
|
(def config? (s/keys :req-un [::forgejo/fqdn
|
||||||
::forgejo/mailer-from
|
::forgejo/mailer-from
|
||||||
::forgejo/mailer-host
|
::forgejo/mailer-host
|
||||||
::forgejo/mailer-port
|
::forgejo/mailer-port
|
||||||
::forgejo/service-noreply-address]
|
::forgejo/service-noreply-address]
|
||||||
:opt-un [::forgejo/issuer
|
:opt-un [::forgejo/issuer
|
||||||
::forgejo/deploy-federated
|
::forgejo/deploy-federated
|
||||||
::forgejo/federation-enabled
|
|
||||||
::forgejo/default-app-name
|
::forgejo/default-app-name
|
||||||
::forgejo/service-domain-whitelist
|
::forgejo/service-domain-whitelist
|
||||||
::forgejo/forgejo-image-version-overwrite
|
|
||||||
::backup/restic-repository
|
::backup/restic-repository
|
||||||
::mon/mon-cfg]))
|
::mon/mon-cfg]))
|
||||||
|
|
||||||
|
@ -42,39 +30,31 @@
|
||||||
|
|
||||||
(def vol? (s/keys :req-un [::forgejo/volume-total-storage-size]))
|
(def vol? (s/keys :req-un [::forgejo/volume-total-storage-size]))
|
||||||
|
|
||||||
(defn config-objects [config] ; ToDo: ADR for generate functions - vector or no vector?
|
(defn k8s-objects [config auth]
|
||||||
(let [storage-class (if (contains? config :postgres-data-volume-path) :manual :local-path)]
|
(let [storage-class (if (contains? config :postgres-data-volume-path) :manual :local-path)]
|
||||||
(map yaml/to-string
|
(map yaml/to-string
|
||||||
(filter #(not (nil? %))
|
(filter #(not (nil? %))
|
||||||
(cm/concat-vec
|
(cm/concat-vec
|
||||||
(ns/generate config)
|
[(postgres/generate-config {:postgres-size :2gb :db-name "forgejo"})
|
||||||
[(postgres/generate-configmap config)
|
(postgres/generate-secret auth)
|
||||||
(when (contains? config :postgres-data-volume-path)
|
(when (contains? config :postgres-data-volume-path)
|
||||||
(postgres/generate-persistent-volume (select-keys config [:postgres-data-volume-path :pv-storage-size-gb])))
|
(postgres/generate-persistent-volume (select-keys config [:postgres-data-volume-path :pv-storage-size-gb])))
|
||||||
(postgres/generate-pvc (merge config {:pvc-storage-class-name storage-class}))
|
(postgres/generate-pvc {:pv-storage-size-gb 5
|
||||||
(postgres/generate-deployment config)
|
:pvc-storage-class-name storage-class})
|
||||||
(postgres/generate-service config)
|
(postgres/generate-deployment {:postgres-image "postgres:14"
|
||||||
|
:postgres-size :2gb})
|
||||||
|
(postgres/generate-service)
|
||||||
(forgejo/generate-deployment config)
|
(forgejo/generate-deployment config)
|
||||||
(forgejo/generate-service)
|
(forgejo/generate-service)
|
||||||
(forgejo/generate-service-ssh)
|
(forgejo/generate-service-ssh)
|
||||||
(forgejo/generate-data-volume config)
|
(forgejo/generate-data-volume config)
|
||||||
(forgejo/generate-appini-env config)]
|
(forgejo/generate-appini-env config)
|
||||||
(forgejo/generate-ratelimit-ingress-and-cert config) ; this function has a vector as output
|
(forgejo/generate-secrets auth)]
|
||||||
|
(forgejo/generate-ingress-and-cert config)
|
||||||
(when (contains? config :restic-repository)
|
(when (contains? config :restic-repository)
|
||||||
[(backup/generate-config config)
|
[(backup/generate-config config)
|
||||||
|
(backup/generate-secret auth)
|
||||||
(backup/generate-cron)
|
(backup/generate-cron)
|
||||||
(backup/generate-backup-restore-deployment config)])
|
(backup/generate-backup-restore-deployment config)])
|
||||||
(when (contains? config :mon-cfg)
|
(when (:contains? config :mon-cfg)
|
||||||
(mon/generate-config)))))))
|
(mon/generate (:mon-cfg config) (:mon-auth auth))))))))
|
||||||
|
|
||||||
(defn auth-objects [config auth]
|
|
||||||
(map yaml/to-string
|
|
||||||
(filter #(not (nil? %))
|
|
||||||
(cm/concat-vec
|
|
||||||
(ns/generate config)
|
|
||||||
[(postgres/generate-secret config auth)
|
|
||||||
(forgejo/generate-secrets auth)]
|
|
||||||
(when (contains? config :restic-repository)
|
|
||||||
[(backup/generate-secret auth)])
|
|
||||||
(when (contains? config :mon-cfg)
|
|
||||||
(mon/generate-auth (:mon-cfg config) (:mon-auth auth)))))))
|
|
||||||
|
|
|
@ -33,19 +33,15 @@
|
||||||
(s/def ::default-app-name string?)
|
(s/def ::default-app-name string?)
|
||||||
(s/def ::fqdn pred/fqdn-string?)
|
(s/def ::fqdn pred/fqdn-string?)
|
||||||
(s/def ::deploy-federated boolean-string?)
|
(s/def ::deploy-federated boolean-string?)
|
||||||
(s/def ::federation-enabled boolean-string?)
|
|
||||||
(s/def ::mailer-from pred/bash-env-string?)
|
(s/def ::mailer-from pred/bash-env-string?)
|
||||||
(s/def ::mailer-host pred/bash-env-string?)
|
(s/def ::mailer-host pred/bash-env-string?)
|
||||||
(s/def ::mailer-port pred/bash-env-string?)
|
(s/def ::mailer-port pred/bash-env-string?)
|
||||||
(s/def ::service-domain-whitelist domain-list?)
|
(s/def ::service-domain-whitelist domain-list?)
|
||||||
(s/def ::service-noreply-address string?)
|
(s/def ::service-noreply-address string?)
|
||||||
(s/def ::forgejo-image-version-overwrite string?)
|
|
||||||
(s/def ::mailer-user pred/bash-env-string?)
|
(s/def ::mailer-user pred/bash-env-string?)
|
||||||
(s/def ::mailer-pw pred/bash-env-string?)
|
(s/def ::mailer-pw pred/bash-env-string?)
|
||||||
(s/def ::issuer pred/letsencrypt-issuer?)
|
(s/def ::issuer pred/letsencrypt-issuer?)
|
||||||
(s/def ::volume-total-storage-size (partial pred/int-gt-n? 5))
|
(s/def ::volume-total-storage-size (partial pred/int-gt-n? 5))
|
||||||
(s/def ::max-rate int?)
|
|
||||||
(s/def ::max-concurrent-requests int?)
|
|
||||||
|
|
||||||
(def config? (s/keys :req-un [::fqdn
|
(def config? (s/keys :req-un [::fqdn
|
||||||
::mailer-from
|
::mailer-from
|
||||||
|
@ -54,13 +50,8 @@
|
||||||
::service-noreply-address]
|
::service-noreply-address]
|
||||||
:opt-un [::issuer
|
:opt-un [::issuer
|
||||||
::deploy-federated
|
::deploy-federated
|
||||||
::federation-enabled
|
|
||||||
::default-app-name
|
::default-app-name
|
||||||
::service-domain-whitelist
|
::service-domain-whitelist]))
|
||||||
::forgejo-image-version-overwrite]))
|
|
||||||
|
|
||||||
(def rate-limit-config? (s/keys :req-un [::max-rate
|
|
||||||
::max-concurrent-requests]))
|
|
||||||
|
|
||||||
(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password ::mailer-user ::mailer-pw]))
|
(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password ::mailer-user ::mailer-pw]))
|
||||||
|
|
||||||
|
@ -69,19 +60,9 @@
|
||||||
(defn data-storage-by-volume-size
|
(defn data-storage-by-volume-size
|
||||||
[total]
|
[total]
|
||||||
total)
|
total)
|
||||||
;;TODO: remove unneccessaries, fedaration is merged
|
|
||||||
(def federated-image-name "domaindrivenarchitecture/c4k-forgejo-federated")
|
|
||||||
(def federated-image-version "latest")
|
|
||||||
(def non-federated-image-name "codeberg.org/forgejo/forgejo")
|
|
||||||
(def non-federated-image-version "8.0.3")
|
|
||||||
|
|
||||||
(defn-spec generate-image-str string?
|
(def federated-image-name "domaindrivenarchitecture/c4k-forgejo-federated:latest")
|
||||||
[config config?]
|
(def non-federated-image-name "codeberg.org/forgejo/forgejo:1.19")
|
||||||
(let [{:keys [deploy-federated forgejo-image-version-overwrite]} config
|
|
||||||
deploy-federated-bool (boolean-from-string deploy-federated)]
|
|
||||||
(if deploy-federated-bool
|
|
||||||
(str federated-image-name ":" (or forgejo-image-version-overwrite federated-image-version))
|
|
||||||
(str non-federated-image-name ":" (or forgejo-image-version-overwrite non-federated-image-version)))))
|
|
||||||
|
|
||||||
#?(:cljs
|
#?(:cljs
|
||||||
(defmethod yaml/load-resource :forgejo [resource-name]
|
(defmethod yaml/load-resource :forgejo [resource-name]
|
||||||
|
@ -90,7 +71,7 @@
|
||||||
(defn generate-appini-env
|
(defn generate-appini-env
|
||||||
[config]
|
[config]
|
||||||
(let [{:keys [default-app-name
|
(let [{:keys [default-app-name
|
||||||
federation-enabled
|
deploy-federated
|
||||||
fqdn
|
fqdn
|
||||||
mailer-from
|
mailer-from
|
||||||
mailer-host
|
mailer-host
|
||||||
|
@ -99,7 +80,7 @@
|
||||||
service-noreply-address]
|
service-noreply-address]
|
||||||
:or {default-app-name "forgejo instance"
|
:or {default-app-name "forgejo instance"
|
||||||
service-domain-whitelist fqdn}} config
|
service-domain-whitelist fqdn}} config
|
||||||
federation-enabled-bool (boolean-from-string federation-enabled)]
|
deploy-federated-bool (boolean-from-string deploy-federated)]
|
||||||
(->
|
(->
|
||||||
(yaml/load-as-edn "forgejo/appini-env-configmap.yaml")
|
(yaml/load-as-edn "forgejo/appini-env-configmap.yaml")
|
||||||
(cm/replace-all-matching-values-by-new-value "APPNAME" default-app-name)
|
(cm/replace-all-matching-values-by-new-value "APPNAME" default-app-name)
|
||||||
|
@ -111,7 +92,7 @@
|
||||||
(cm/replace-all-matching-values-by-new-value "WHITELISTDOMAINS" service-domain-whitelist)
|
(cm/replace-all-matching-values-by-new-value "WHITELISTDOMAINS" service-domain-whitelist)
|
||||||
(cm/replace-all-matching-values-by-new-value "NOREPLY" service-noreply-address)
|
(cm/replace-all-matching-values-by-new-value "NOREPLY" service-noreply-address)
|
||||||
(cm/replace-all-matching-values-by-new-value "IS_FEDERATED"
|
(cm/replace-all-matching-values-by-new-value "IS_FEDERATED"
|
||||||
(if federation-enabled-bool
|
(if deploy-federated-bool
|
||||||
"true"
|
"true"
|
||||||
"false")))))
|
"false")))))
|
||||||
|
|
||||||
|
@ -123,22 +104,20 @@
|
||||||
mailer-pw]} auth]
|
mailer-pw]} auth]
|
||||||
(->
|
(->
|
||||||
(yaml/load-as-edn "forgejo/secrets.yaml")
|
(yaml/load-as-edn "forgejo/secrets.yaml")
|
||||||
(cm/replace-all-matching "DBUSER" (b64/encode postgres-db-user))
|
(cm/replace-all-matching-values-by-new-value "DBUSER" (b64/encode postgres-db-user))
|
||||||
(cm/replace-all-matching "DBPW" (b64/encode postgres-db-password))
|
(cm/replace-all-matching-values-by-new-value "DBPW" (b64/encode postgres-db-password))
|
||||||
(cm/replace-all-matching "MAILERUSER" (b64/encode mailer-user))
|
(cm/replace-all-matching-values-by-new-value "MAILERUSER" (b64/encode mailer-user))
|
||||||
(cm/replace-all-matching "MAILERPW" (b64/encode mailer-pw)))))
|
(cm/replace-all-matching-values-by-new-value "MAILERPW" (b64/encode mailer-pw)))))
|
||||||
|
|
||||||
(defn-spec generate-ratelimit-ingress-and-cert seq?
|
(defn generate-ingress-and-cert
|
||||||
[config config?]
|
[config]
|
||||||
(let [{:keys [fqdn max-rate max-concurrent-requests namespace]} config]
|
(let [{:keys [fqdn]} config]
|
||||||
(ing/generate-simple-ingress (merge
|
(ing/generate-ingress-and-cert
|
||||||
{:service-name "forgejo-service"
|
(merge
|
||||||
:service-port 3000
|
{:service-name "forgejo-service"
|
||||||
:fqdns [fqdn]
|
:service-port 3000
|
||||||
:average-rate max-rate
|
:fqdns [fqdn]}
|
||||||
:burst-rate max-concurrent-requests
|
config))))
|
||||||
:namespace namespace}
|
|
||||||
config))))
|
|
||||||
|
|
||||||
(defn-spec generate-data-volume pred/map-or-seq?
|
(defn-spec generate-data-volume pred/map-or-seq?
|
||||||
[config vol?]
|
[config vol?]
|
||||||
|
@ -146,13 +125,18 @@
|
||||||
data-storage-size (data-storage-by-volume-size volume-total-storage-size)]
|
data-storage-size (data-storage-by-volume-size volume-total-storage-size)]
|
||||||
(->
|
(->
|
||||||
(yaml/load-as-edn "forgejo/datavolume.yaml")
|
(yaml/load-as-edn "forgejo/datavolume.yaml")
|
||||||
(cm/replace-all-matching "DATASTORAGESIZE" (str (str data-storage-size) "Gi")))))
|
(cm/replace-all-matching-values-by-new-value "DATASTORAGESIZE" (str (str data-storage-size) "Gi")))))
|
||||||
|
|
||||||
(defn-spec generate-deployment pred/map-or-seq?
|
(defn-spec generate-deployment pred/map-or-seq?
|
||||||
[config config?]
|
[config config?]
|
||||||
|
(let [{:keys [deploy-federated]} config
|
||||||
|
deploy-federated-bool (boolean-from-string deploy-federated)]
|
||||||
(->
|
(->
|
||||||
(yaml/load-as-edn "forgejo/deployment.yaml")
|
(yaml/load-as-edn "forgejo/deployment.yaml")
|
||||||
(cm/replace-all-matching "IMAGE_NAME" (generate-image-str config))))
|
(cm/replace-all-matching-values-by-new-value "IMAGE_NAME"
|
||||||
|
(if deploy-federated-bool
|
||||||
|
federated-image-name
|
||||||
|
non-federated-image-name)))))
|
||||||
|
|
||||||
(defn generate-service
|
(defn generate-service
|
||||||
[]
|
[]
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
[clojure.tools.reader.edn :as edn]
|
[clojure.tools.reader.edn :as edn]
|
||||||
[dda.c4k-forgejo.core :as core]
|
[dda.c4k-forgejo.core :as core]
|
||||||
[dda.c4k-forgejo.forgejo :as forgejo]
|
[dda.c4k-forgejo.forgejo :as forgejo]
|
||||||
[dda.c4k-common.browser :as br]
|
[dda.c4k-common.browser :as br]
|
||||||
[dda.c4k-common.common :as cm]))
|
[dda.c4k-common.common :as cm]))
|
||||||
|
|
||||||
(defn generate-group
|
(defn generate-group
|
||||||
|
@ -73,13 +73,14 @@
|
||||||
:mailer-host (br/get-content-from-element "mailer-host")
|
:mailer-host (br/get-content-from-element "mailer-host")
|
||||||
:mailer-port (br/get-content-from-element "mailer-port")
|
:mailer-port (br/get-content-from-element "mailer-port")
|
||||||
:service-noreply-address (br/get-content-from-element "service-noreply-address")
|
:service-noreply-address (br/get-content-from-element "service-noreply-address")
|
||||||
:volume-total-storage-size (br/get-content-from-element "volume-total-storage-size" :deserializer js/parseInt)}
|
:volume-total-storage-size (br/get-content-from-element "volume-total-storage-size" :deserializer js/parseInt)}
|
||||||
(when (not (st/blank? issuer))
|
(when (not (st/blank? issuer))
|
||||||
{:issuer issuer})
|
{:issuer issuer})
|
||||||
(when (not (st/blank? app-name))
|
(when (not (st/blank? app-name))
|
||||||
{:default-app-name app-name})
|
{:default-app-name app-name})
|
||||||
(when (not (st/blank? domain-whitelist))
|
(when (not (st/blank? domain-whitelist))
|
||||||
{:service-domain-whitelist domain-whitelist}))))
|
{:service-domain-whitelist domain-whitelist})
|
||||||
|
)))
|
||||||
|
|
||||||
(defn validate-all! []
|
(defn validate-all! []
|
||||||
(br/validate! "fqdn" ::forgejo/fqdn)
|
(br/validate! "fqdn" ::forgejo/fqdn)
|
||||||
|
@ -90,7 +91,7 @@
|
||||||
(br/validate! "deploy-federated" ::forgejo/deploy-federated :optional true)
|
(br/validate! "deploy-federated" ::forgejo/deploy-federated :optional true)
|
||||||
(br/validate! "issuer" ::forgejo/issuer :optional true)
|
(br/validate! "issuer" ::forgejo/issuer :optional true)
|
||||||
(br/validate! "app-name" ::forgejo/default-app-name :optional true)
|
(br/validate! "app-name" ::forgejo/default-app-name :optional true)
|
||||||
(br/validate! "domain-whitelist" ::forgejo/service-domain-whitelist :optional true)
|
(br/validate! "domain-whitelist" ::forgejo/service-domain-whitelist :optional true)
|
||||||
(br/validate! "volume-total-storage-size" ::forgejo/volume-total-storage-size :deserializer js/parseInt)
|
(br/validate! "volume-total-storage-size" ::forgejo/volume-total-storage-size :deserializer js/parseInt)
|
||||||
(br/validate! "auth" forgejo/auth? :deserializer edn/read-string)
|
(br/validate! "auth" forgejo/auth? :deserializer edn/read-string)
|
||||||
(br/set-form-validated!))
|
(br/set-form-validated!))
|
||||||
|
@ -102,21 +103,16 @@
|
||||||
|
|
||||||
(defn init []
|
(defn init []
|
||||||
(br/append-hickory (generate-content-div))
|
(br/append-hickory (generate-content-div))
|
||||||
(let [config-only false
|
(-> js/document
|
||||||
auth-only false]
|
(.getElementById "generate-button")
|
||||||
(-> js/document
|
(.addEventListener "click"
|
||||||
(.getElementById "generate-button")
|
#(do (validate-all!)
|
||||||
(.addEventListener "click"
|
(-> (cm/generate-common
|
||||||
#(do (validate-all!)
|
(config-from-document)
|
||||||
(-> (cm/generate-cm
|
(br/get-content-from-element "auth" :deserializer edn/read-string)
|
||||||
(config-from-document)
|
core/config-defaults
|
||||||
(br/get-content-from-element "auth" :deserializer edn/read-string)
|
core/k8s-objects)
|
||||||
core/config-defaults
|
(br/set-output!)))))
|
||||||
core/config-objects
|
|
||||||
core/auth-objects
|
|
||||||
config-only
|
|
||||||
auth-only)
|
|
||||||
(br/set-output!))))))
|
|
||||||
(add-validate-listener "fqdn")
|
(add-validate-listener "fqdn")
|
||||||
(add-validate-listener "deploy-federated")
|
(add-validate-listener "deploy-federated")
|
||||||
(add-validate-listener "mailer-from")
|
(add-validate-listener "mailer-from")
|
||||||
|
@ -124,7 +120,7 @@
|
||||||
(add-validate-listener "mailer-port")
|
(add-validate-listener "mailer-port")
|
||||||
(add-validate-listener "service-noreply-address")
|
(add-validate-listener "service-noreply-address")
|
||||||
(add-validate-listener "app-name")
|
(add-validate-listener "app-name")
|
||||||
(add-validate-listener "domain-whitelist")
|
(add-validate-listener "domain-whitelist")
|
||||||
(add-validate-listener "volume-total-storage-size")
|
(add-validate-listener "volume-total-storage-size")
|
||||||
(add-validate-listener "issuer")
|
(add-validate-listener "issuer")
|
||||||
(add-validate-listener "auth"))
|
(add-validate-listener "auth"))
|
|
@ -2,7 +2,6 @@ apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: backup-restore
|
name: backup-restore
|
||||||
namespace: forgejo
|
|
||||||
spec:
|
spec:
|
||||||
replicas: 0
|
replicas: 0
|
||||||
selector:
|
selector:
|
||||||
|
@ -21,7 +20,7 @@ spec:
|
||||||
- image: domaindrivenarchitecture/c4k-forgejo-backup
|
- image: domaindrivenarchitecture/c4k-forgejo-backup
|
||||||
name: backup-app
|
name: backup-app
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
command: ["wait.bb"]
|
command: ["/entrypoint-start-and-wait.sh"]
|
||||||
env:
|
env:
|
||||||
- name: POSTGRES_USER
|
- name: POSTGRES_USER
|
||||||
valueFrom:
|
valueFrom:
|
||||||
|
|
|
@ -2,7 +2,6 @@ apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
name: backup-config
|
name: backup-config
|
||||||
namespace: forgejo
|
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: backup
|
app.kubernetes.io/name: backup
|
||||||
app.kubernetes.io/part-of: forgejo
|
app.kubernetes.io/part-of: forgejo
|
||||||
|
|
|
@ -2,7 +2,6 @@ apiVersion: batch/v1
|
||||||
kind: CronJob
|
kind: CronJob
|
||||||
metadata:
|
metadata:
|
||||||
name: forgejo-backup
|
name: forgejo-backup
|
||||||
namespace: forgejo
|
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.part-of: forgejo
|
app.kubernetes.part-of: forgejo
|
||||||
spec:
|
spec:
|
||||||
|
@ -17,7 +16,7 @@ spec:
|
||||||
- name: backup-app
|
- name: backup-app
|
||||||
image: domaindrivenarchitecture/c4k-forgejo-backup
|
image: domaindrivenarchitecture/c4k-forgejo-backup
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
command: ["backup.bb"]
|
command: ["/entrypoint.sh"]
|
||||||
env:
|
env:
|
||||||
- name: POSTGRES_USER
|
- name: POSTGRES_USER
|
||||||
valueFrom:
|
valueFrom:
|
||||||
|
|
|
@ -2,7 +2,6 @@ apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: backup-secret
|
name: backup-secret
|
||||||
namespace: forgejo
|
|
||||||
type: Opaque
|
type: Opaque
|
||||||
data:
|
data:
|
||||||
aws-access-key-id: aws-access-key-id
|
aws-access-key-id: aws-access-key-id
|
||||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
name: forgejo-env
|
name: forgejo-env
|
||||||
namespace: forgejo
|
namespace: default
|
||||||
data:
|
data:
|
||||||
#[admin]
|
#[admin]
|
||||||
FORGEJO__admin__DEFAULT_EMAIL_NOTIFICATIONS: "enabled" # Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
|
FORGEJO__admin__DEFAULT_EMAIL_NOTIFICATIONS: "enabled" # Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
|
||||||
|
@ -16,6 +16,7 @@ data:
|
||||||
FORGEJO__database__NAME: forgejo
|
FORGEJO__database__NAME: forgejo
|
||||||
FORGEJO__database__LOG_SQL: "false"
|
FORGEJO__database__LOG_SQL: "false"
|
||||||
FORGEJO__database__SSL_MODE: disable
|
FORGEJO__database__SSL_MODE: disable
|
||||||
|
FORGEJO__database__CHARSET: utf8
|
||||||
|
|
||||||
#[DEFAULT]
|
#[DEFAULT]
|
||||||
APP_NAME: APPNAME
|
APP_NAME: APPNAME
|
||||||
|
@ -36,12 +37,12 @@ data:
|
||||||
#[mailer]
|
#[mailer]
|
||||||
FORGEJO__mailer__ENABLED: "true"
|
FORGEJO__mailer__ENABLED: "true"
|
||||||
FORGEJO__mailer__FROM: FROM
|
FORGEJO__mailer__FROM: FROM
|
||||||
FORGEJO__mailer__PROTOCOL: smtp+starttls
|
FORGEJO__mailer__MAILER_TYPE: smtp+startls
|
||||||
FORGEJO__mailer__SMTP_ADDR: MAILERHOST
|
FORGEJO__mailer__SMTP_ADDR: MAILERHOST
|
||||||
FORGEJO__mailer__SMTP_PORT: MAILERPORT
|
FORGEJO__mailer__SMTP_PORT: MAILERPORT
|
||||||
|
|
||||||
#[oauth2]
|
#[oauth2]
|
||||||
FORGEJO__oauth2__ENABLED: "true"
|
FORGEJO__oauth2__ENABLE: "true"
|
||||||
|
|
||||||
#[openid]
|
#[openid]
|
||||||
FORGEJO__openid__ENABLE_OPENID: "true"
|
FORGEJO__openid__ENABLE_OPENID: "true"
|
||||||
|
@ -75,7 +76,7 @@ data:
|
||||||
FORGEJO__service__REQUIRE_SIGNIN_VIEW: "false"
|
FORGEJO__service__REQUIRE_SIGNIN_VIEW: "false"
|
||||||
FORGEJO__service__REGISTER_EMAIL_CONFIRM: "true"
|
FORGEJO__service__REGISTER_EMAIL_CONFIRM: "true"
|
||||||
FORGEJO__service__ENABLE_NOTIFY_MAIL: "true"
|
FORGEJO__service__ENABLE_NOTIFY_MAIL: "true"
|
||||||
FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST: WHITELISTDOMAINS
|
FORGEJO__service__EMAIL_DOMAIN_WHITELIST: WHITELISTDOMAINS
|
||||||
FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "false"
|
FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "false"
|
||||||
FORGEJO__service__ENABLE_BASIC_AUTHENTICATION: "true"
|
FORGEJO__service__ENABLE_BASIC_AUTHENTICATION: "true"
|
||||||
FORGEJO__service__ENABLE_CAPTCHA: "false"
|
FORGEJO__service__ENABLE_CAPTCHA: "false"
|
||||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v1
|
||||||
kind: PersistentVolumeClaim
|
kind: PersistentVolumeClaim
|
||||||
metadata:
|
metadata:
|
||||||
name: forgejo-data-pvc
|
name: forgejo-data-pvc
|
||||||
namespace: forgejo
|
namespace: default
|
||||||
labels:
|
labels:
|
||||||
app: forgejo
|
app: forgejo
|
||||||
spec:
|
spec:
|
||||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: forgejo
|
name: forgejo
|
||||||
namespace: forgejo
|
namespace: default
|
||||||
labels:
|
labels:
|
||||||
app: forgejo
|
app: forgejo
|
||||||
spec:
|
spec:
|
||||||
|
|
|
@ -2,7 +2,6 @@ apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: forgejo-secrets
|
name: forgejo-secrets
|
||||||
namespace: forgejo
|
|
||||||
data:
|
data:
|
||||||
FORGEJO__database__USER: DBUSER
|
FORGEJO__database__USER: DBUSER
|
||||||
FORGEJO__database__PASSWD: DBPW
|
FORGEJO__database__PASSWD: DBPW
|
||||||
|
|
|
@ -2,7 +2,7 @@ kind: Service
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
metadata:
|
metadata:
|
||||||
name: forgejo-ssh-service
|
name: forgejo-ssh-service
|
||||||
namespace: forgejo
|
namespace: default
|
||||||
annotations:
|
annotations:
|
||||||
metallb.universe.tf/allow-shared-ip: "shared-ip-service-group"
|
metallb.universe.tf/allow-shared-ip: "shared-ip-service-group"
|
||||||
metallb.universe.tf/address-pool: public
|
metallb.universe.tf/address-pool: public
|
||||||
|
|
|
@ -2,7 +2,7 @@ kind: Service
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
metadata:
|
metadata:
|
||||||
name: forgejo-service
|
name: forgejo-service
|
||||||
namespace: forgejo
|
namespace: default
|
||||||
spec:
|
spec:
|
||||||
selector:
|
selector:
|
||||||
app: forgejo
|
app: forgejo
|
||||||
|
|
|
@ -13,7 +13,6 @@
|
||||||
:kind "ConfigMap",
|
:kind "ConfigMap",
|
||||||
:metadata
|
:metadata
|
||||||
{:name "backup-config",
|
{:name "backup-config",
|
||||||
:namespace "forgejo",
|
|
||||||
:labels
|
:labels
|
||||||
#:app.kubernetes.io{:name "backup", :part-of "forgejo"}},
|
#:app.kubernetes.io{:name "backup", :part-of "forgejo"}},
|
||||||
:data {:restic-repository "s3:s3.amazonaws.com/backup/federated-repo"}}
|
:data {:restic-repository "s3:s3.amazonaws.com/backup/federated-repo"}}
|
||||||
|
@ -24,7 +23,6 @@
|
||||||
:kind "ConfigMap",
|
:kind "ConfigMap",
|
||||||
:metadata
|
:metadata
|
||||||
{:name "backup-config",
|
{:name "backup-config",
|
||||||
:namespace "forgejo",
|
|
||||||
:labels
|
:labels
|
||||||
#:app.kubernetes.io{:name "backup", :part-of "forgejo"}},
|
#:app.kubernetes.io{:name "backup", :part-of "forgejo"}},
|
||||||
:data {:restic-repository "s3:s3.amazonaws.com/backup/repo"}}
|
:data {:restic-repository "s3:s3.amazonaws.com/backup/repo"}}
|
||||||
|
|
|
@ -12,40 +12,6 @@
|
||||||
(st/instrument `cut/generate-ingress)
|
(st/instrument `cut/generate-ingress)
|
||||||
(st/instrument `cut/generate-secrets)
|
(st/instrument `cut/generate-secrets)
|
||||||
|
|
||||||
(deftest should-generate-image-str
|
|
||||||
(testing "non-federated-image"
|
|
||||||
(is (= "codeberg.org/forgejo/forgejo:8.0.3"
|
|
||||||
(cut/generate-image-str {:fqdn "test.de"
|
|
||||||
:mailer-from ""
|
|
||||||
:mailer-host "m.t.de"
|
|
||||||
:mailer-port "123"
|
|
||||||
:service-noreply-address ""
|
|
||||||
:deploy-federated "false"})))
|
|
||||||
(is (= "codeberg.org/forgejo/forgejo:1.19.3-0"
|
|
||||||
(cut/generate-image-str {:fqdn "test.de"
|
|
||||||
:mailer-from ""
|
|
||||||
:mailer-host "m.t.de"
|
|
||||||
:mailer-port "123"
|
|
||||||
:service-noreply-address ""
|
|
||||||
:deploy-federated "false"
|
|
||||||
:forgejo-image-version-overwrite "1.19.3-0"}))))
|
|
||||||
(testing "federated-image"
|
|
||||||
(is (= "domaindrivenarchitecture/c4k-forgejo-federated:latest"
|
|
||||||
(cut/generate-image-str {:fqdn "test.de"
|
|
||||||
:mailer-from ""
|
|
||||||
:mailer-host "m.t.de"
|
|
||||||
:mailer-port "123"
|
|
||||||
:service-noreply-address ""
|
|
||||||
:deploy-federated "true"})))
|
|
||||||
(is (= "domaindrivenarchitecture/c4k-forgejo-federated:3.2.0"
|
|
||||||
(cut/generate-image-str {:fqdn "test.de"
|
|
||||||
:mailer-from ""
|
|
||||||
:mailer-host "m.t.de"
|
|
||||||
:mailer-port "123"
|
|
||||||
:service-noreply-address ""
|
|
||||||
:deploy-federated "true"
|
|
||||||
:forgejo-image-version-overwrite "3.2.0"})))))
|
|
||||||
|
|
||||||
(deftest should-generate-appini-env
|
(deftest should-generate-appini-env
|
||||||
(is (= {:APP_NAME-c1 "",
|
(is (= {:APP_NAME-c1 "",
|
||||||
:APP_NAME-c2 "test forgejo",
|
:APP_NAME-c2 "test forgejo",
|
||||||
|
@ -63,20 +29,21 @@
|
||||||
:FORGEJO__server__ROOT_URL-c2 "https://test.com",
|
:FORGEJO__server__ROOT_URL-c2 "https://test.com",
|
||||||
:FORGEJO__server__SSH_DOMAIN-c1 "test.de",
|
:FORGEJO__server__SSH_DOMAIN-c1 "test.de",
|
||||||
:FORGEJO__server__SSH_DOMAIN-c2 "test.com",
|
:FORGEJO__server__SSH_DOMAIN-c2 "test.com",
|
||||||
:FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST-c1 "adb.de",
|
:FORGEJO__service__EMAIL_DOMAIN_WHITELIST-c1 "adb.de",
|
||||||
:FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST-c2 "test.com,test.net",
|
:FORGEJO__service__EMAIL_DOMAIN_WHITELIST-c2 "test.com,test.net",
|
||||||
:FORGEJO__service__NO_REPLY_ADDRESS-c1 "",
|
:FORGEJO__service__NO_REPLY_ADDRESS-c1 "",
|
||||||
:FORGEJO__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"}
|
:FORGEJO__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"}
|
||||||
(th/map-diff (cut/generate-appini-env {:default-app-name ""
|
(th/map-diff (cut/generate-appini-env {:default-app-name ""
|
||||||
:federation-enabled "false"
|
:deploy-federated "false"
|
||||||
:fqdn "test.de"
|
:fqdn "test.de"
|
||||||
:mailer-from ""
|
:mailer-from ""
|
||||||
:mailer-host "m.t.de"
|
:mailer-host "m.t.de"
|
||||||
:mailer-port "123"
|
:mailer-port "123"
|
||||||
:service-domain-whitelist "adb.de"
|
:service-domain-whitelist "adb.de"
|
||||||
:service-noreply-address ""})
|
:service-noreply-address ""
|
||||||
|
})
|
||||||
(cut/generate-appini-env {:default-app-name "test forgejo"
|
(cut/generate-appini-env {:default-app-name "test forgejo"
|
||||||
:federation-enabled "true"
|
:deploy-federated "true"
|
||||||
:fqdn "test.com"
|
:fqdn "test.com"
|
||||||
:mailer-from "test@test.com"
|
:mailer-from "test@test.com"
|
||||||
:mailer-host "mail.test.com"
|
:mailer-host "mail.test.com"
|
||||||
|
@ -88,7 +55,7 @@
|
||||||
(testing "non-federated"
|
(testing "non-federated"
|
||||||
(is (= {:apiVersion "apps/v1",
|
(is (= {:apiVersion "apps/v1",
|
||||||
:kind "Deployment",
|
:kind "Deployment",
|
||||||
:metadata {:name "forgejo", :namespace "forgejo", :labels {:app "forgejo"}},
|
:metadata {:name "forgejo", :namespace "default", :labels {:app "forgejo"}},
|
||||||
:spec
|
:spec
|
||||||
{:replicas 1,
|
{:replicas 1,
|
||||||
:selector {:matchLabels {:app "forgejo"}},
|
:selector {:matchLabels {:app "forgejo"}},
|
||||||
|
@ -97,7 +64,7 @@
|
||||||
:spec
|
:spec
|
||||||
{:containers
|
{:containers
|
||||||
[{:name "forgejo",
|
[{:name "forgejo",
|
||||||
:image "codeberg.org/forgejo/forgejo:8.0.3",
|
:image "codeberg.org/forgejo/forgejo:1.19",
|
||||||
:imagePullPolicy "IfNotPresent",
|
:imagePullPolicy "IfNotPresent",
|
||||||
:envFrom [{:configMapRef {:name "forgejo-env"}} {:secretRef {:name "forgejo-secrets"}}],
|
:envFrom [{:configMapRef {:name "forgejo-env"}} {:secretRef {:name "forgejo-secrets"}}],
|
||||||
:volumeMounts [{:name "forgejo-data-volume", :mountPath "/data"}],
|
:volumeMounts [{:name "forgejo-data-volume", :mountPath "/data"}],
|
||||||
|
@ -115,7 +82,7 @@
|
||||||
(testing "federated-deployment"
|
(testing "federated-deployment"
|
||||||
(is (= {:apiVersion "apps/v1",
|
(is (= {:apiVersion "apps/v1",
|
||||||
:kind "Deployment",
|
:kind "Deployment",
|
||||||
:metadata {:name "forgejo", :namespace "forgejo", :labels {:app "forgejo"}},
|
:metadata {:name "forgejo", :namespace "default", :labels {:app "forgejo"}},
|
||||||
:spec
|
:spec
|
||||||
{:replicas 1,
|
{:replicas 1,
|
||||||
:selector {:matchLabels {:app "forgejo"}},
|
:selector {:matchLabels {:app "forgejo"}},
|
||||||
|
|
Loading…
Reference in a new issue