Compare commits

..

No commits in common. "main" and "3.1.8" have entirely different histories.
main ... 3.1.8

52 changed files with 418 additions and 677 deletions

2
.gitignore vendored
View file

@ -10,7 +10,6 @@ target/
.lein-repl-history .lein-repl-history
.lein-failures .lein-failures
pom.* pom.*
reports/*
# cljs # cljs
.shadow-cljs .shadow-cljs
@ -29,4 +28,3 @@ auth.edn
config.edn config.edn
.eastwood .eastwood

View file

@ -6,7 +6,7 @@ stages:
- image - image
.img: &img .img: &img
image: "domaindrivenarchitecture/ddadevops-dind:4.11.4" image: "domaindrivenarchitecture/ddadevops-dind:4.10.7"
services: services:
- docker:dind - docker:dind
before_script: before_script:
@ -16,7 +16,7 @@ stages:
- export IMAGE_TAG=$CI_COMMIT_TAG - export IMAGE_TAG=$CI_COMMIT_TAG
.cljs-job: &cljs .cljs-job: &cljs
image: "domaindrivenarchitecture/ddadevops-clj-cljs:4.11.4" image: "domaindrivenarchitecture/ddadevops-clj-cljs:4.10.7"
cache: cache:
key: ${CI_COMMIT_REF_SLUG} key: ${CI_COMMIT_REF_SLUG}
paths: paths:
@ -29,7 +29,7 @@ stages:
- npm install - npm install
.clj-job: &clj .clj-job: &clj
image: "domaindrivenarchitecture/ddadevops-clj:4.11.4" image: "domaindrivenarchitecture/ddadevops-clj-cljs:4.10.7"
cache: cache:
key: ${CI_COMMIT_REF_SLUG} key: ${CI_COMMIT_REF_SLUG}
paths: paths:
@ -93,15 +93,6 @@ package-uberjar:
paths: paths:
- target/uberjar - target/uberjar
package-native:
<<: *clj
stage: package
script:
- pyb package_native
artifacts:
paths:
- target/graalvm
release-to-clojars: release-to-clojars:
<<: *clj <<: *clj
<<: *tag_only <<: *tag_only
@ -123,10 +114,9 @@ forgejo-backup-image-publish:
script: script:
- cd infrastructure/backup && pyb image publish - cd infrastructure/backup && pyb image publish
# This is currently not needed forgejo-federated-image-publish:
#forgejo-federated-image-publish: <<: *img
# <<: *img <<: *tag_only
# <<: *tag_only stage: image
# stage: image script:
# script: - cd infrastructure/federated && pyb image publish
# - cd infrastructure/federated && pyb image publish

View file

@ -1,7 +1,7 @@
# convention 4 kubernetes: c4k-forgejo # convention 4 kubernetes: c4k-forgejo
[![Clojars Project](https://img.shields.io/clojars/v/org.domaindrivenarchitecture/c4k-forgejo.svg)](https://clojars.org/org.domaindrivenarchitecture/c4k-forgejo) [![pipeline status](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/badges/master/pipeline.svg)](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/commits/main) [![Clojars Project](https://img.shields.io/clojars/v/org.domaindrivenarchitecture/c4k-forgejo.svg)](https://clojars.org/org.domaindrivenarchitecture/c4k-forgejo) [![pipeline status](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/badges/master/pipeline.svg)](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/commits/main)
[<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa.de/images/parts/contact/mastodon36_hue9b2464f10b18e134322af482b9c915e_5501_filter_14705073121015236177.png" width=20 alt="M"> meissa@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@meissa) | [Blog](https://domaindrivenarchitecture.org) | [Website](https://meissa.de) [<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa-gmbh.de/img/community/Mastodon_Logotype.svg" width=20 alt="team@social.meissa-gmbh.de"> team@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@team) | [Website & Blog](https://domaindrivenarchitecture.org)
## Purpose ## Purpose
@ -14,8 +14,6 @@ c4k-forgejo provides a k8s deployment file for forgejo containing:
* encrypted backup on S3 & restore * encrypted backup on S3 & restore
* monitoring on graphana-cloud * monitoring on graphana-cloud
c4k-forgejo is an example how to create efficient k8s one shot deployments with https://repo.prod.meissa.de/meissa/c4k-common.
## Try out ## Try out
Click on the image to try out live in your browser: Click on the image to try out live in your browser:
@ -35,19 +33,14 @@ After having deployed the yaml-file generated by the c4k-forgejo module you need
* The SSH-URL for a repo has the format: "ssh://git@domain:2222/[username]/[repo].git * The SSH-URL for a repo has the format: "ssh://git@domain:2222/[username]/[repo].git
Example: "git clone ssh://git@repo.test.meissa.de:2222/myuser/c4k-forgejo.git" Example: "git clone ssh://git@repo.test.meissa.de:2222/myuser/c4k-forgejo.git"
### Add Impressum
In order to customize the UI e.g. for adding an Impressum, see the [Forgejo Docs](https://forgejo.org/docs/latest/developer/customization/#adding-links-and-tabs).
The individually needed files have to be added by hand into the directory `/data/gitea/templates/custom/` in the forgejo Pod. Since a PV is mounted under `/data`, these ui customizations are persisted.
## Development & mirrors ## Development & mirrors
Development happens at: https://repo.prod.meissa.de/meissa/c4k-forgejo Development happens at: https://repo.prod.meissa.de/meissa/c4k-forgejo
Mirrors are: Mirrors are:
* https://codeberg.org/meissa/c4k-forgejo (Issues and PR)
* https://gitlab.com/domaindrivenarchitecture/c4k-forgejo (CI) * https://gitlab.com/domaindrivenarchitecture/c4k-forgejo (CI)
* https://codeberg.org/meissa/c4k-forgejo (issues and PR)
* https://github.com/DomainDrivenArchitecture/c4k-forgejo * https://github.com/DomainDrivenArchitecture/c4k-forgejo
For more details about our repository model see: https://repo.prod.meissa.de/meissa/federate-your-repos For more details about our repository model see: https://repo.prod.meissa.de/meissa/federate-your-repos
@ -55,6 +48,6 @@ For more details about our repository model see: https://repo.prod.meissa.de/mei
## License ## License
Copyright © 2023, 2024 meissa GmbH Copyright © 2023 meissa GmbH
Licensed under the [Apache License, Version 2.0](LICENSE) (the "License") Licensed under the [Apache License, Version 2.0](LICENSE) (the "License")
Pls. find licenses of our subcomponents [here](doc/SUBCOMPONENT_LICENSE) Pls. find licenses of our subcomponents [here](doc/SUBCOMPONENT_LICENSE)

View file

@ -29,9 +29,8 @@ def initialize(project):
"release_organisation": "meissa", "release_organisation": "meissa",
"release_repository_name": name, "release_repository_name": name,
"release_artifacts": [ "release_artifacts": [
"target/graalvm/" + name, "target/uberjar/c4k-forgejo-standalone.jar",
"target/uberjar/" + name + "-standalone.jar", "target/frontend-build/c4k-forgejo.js",
"target/frontend-build/" + name + ".js",
], ],
} }
@ -78,17 +77,17 @@ def package_frontend(project):
run("mkdir -p target/frontend-build", shell=True, check=True) run("mkdir -p target/frontend-build", shell=True, check=True)
run("shadow-cljs release frontend", shell=True, check=True) run("shadow-cljs release frontend", shell=True, check=True)
run( run(
"cp public/js/main.js target/frontend-build/" + project.name + ".js", "cp public/js/main.js target/frontend-build/c4k-forgejo.js",
shell=True, shell=True,
check=True, check=True,
) )
run( run(
"sha256sum target/frontend-build/c4k-forgejo.js > target/frontend-build/" + project.name + ".js.sha256", "sha256sum target/frontend-build/c4k-forgejo.js > target/frontend-build/c4k-forgejo.js.sha256",
shell=True, shell=True,
check=True, check=True,
) )
run( run(
"sha512sum target/frontend-build/c4k-forgejo.js > target/frontend-build/" + project.name + ".js.sha512", "sha512sum target/frontend-build/c4k-forgejo.js > target/frontend-build/c4k-forgejo.js.sha512",
shell=True, shell=True,
check=True, check=True,
) )
@ -97,67 +96,12 @@ def package_frontend(project):
@task @task
def package_uberjar(project): def package_uberjar(project):
run( run(
"sha256sum target/uberjar/c4k-forgejo-standalone.jar > target/uberjar/" + project.name + "-standalone.jar.sha256", "sha256sum target/uberjar/c4k-forgejo-standalone.jar > target/uberjar/c4k-forgejo-standalone.jar.sha256",
shell=True, shell=True,
check=True, check=True,
) )
run( run(
"sha512sum target/uberjar/c4k-forgejo-standalone.jar > target/uberjar/" + project.name + "-standalone.jar.sha512", "sha512sum target/uberjar/c4k-forgejo-standalone.jar > target/uberjar/c4k-forgejo-standalone.jar.sha512",
shell=True,
check=True,
)
@task
def package_native(project):
run(
"mkdir -p target/graalvm",
shell=True,
check=True,
)
run(
"native-image " +
"--native-image-info " +
"--report-unsupported-elements-at-runtime " +
"--no-server " +
"--no-fallback " +
"--features=clj_easy.graal_build_time.InitClojureClasses " +
"-jar target/uberjar/" + project.name + "-standalone.jar " +
"-march=compatibility " +
"-H:IncludeResources=.*.yaml " +
"-H:IncludeResources=logback.xml " +
"-H:Log=registerResource:verbose " +
"-H:Name=target/graalvm/" + project.name + "",
shell=True,
check=True,
)
run(
"sha256sum target/graalvm/c4k-forgejo > target/graalvm/" + project.name + ".sha256",
shell=True,
check=True,
)
run(
"sha512sum target/graalvm/c4k-forgejo > target/graalvm/" + project.name + ".sha512",
shell=True,
check=True,
)
@task
def inst(project):
run(
"lein uberjar",
shell=True,
check=True,
)
package_native(project)
run(
"sudo install -m=755 target/uberjar/" + project.name + "-standalone.jar /usr/local/bin/" + project.name + "-standalone.jar",
shell=True,
check=True,
)
run(
"sudo install -m=755 target/graalvm/" + project.name + " /usr/local/bin/" + project.name + "",
shell=True, shell=True,
check=True, check=True,
) )

View file

@ -10,32 +10,32 @@
## Manual init the restic repository for the first time ## Manual init the restic repository for the first time
1. apply backup-and-restore pod: 1. apply backup-and-restore pod:
`kubectl -n forgejo scale deployment backup-restore --replicas=1` `kubectl scale deployment backup-restore --replicas=1`
2. exec into pod and execute restore pod (press tab to get your exact pod name) 2. exec into pod and execute restore pod (press tab to get your exact pod name)
`kubectl -n forgejo exec -it backup-restore-... -- /usr/local/bin/init.bb` `kubectl exec -it backup-restore-... -- /usr/local/bin/init.sh`
3. remove backup-and-restore pod: 3. remove backup-and-restore pod:
`kubectl -n forgejo scale deployment backup-restore --replicas=0` `kubectl scale deployment backup-restore --replicas=0`
## Manual backup the restic repository for the first time ## Manual backup the restic repository for the first time
1. apply backup-and-restore pod: 1. apply backup-and-restore pod:
`kubectl -n forgejo scale deployment backup-restore --replicas=1` `kubectl scale deployment backup-restore --replicas=1`
2. exec into pod and execute backup pod (press tab to get your exact pod name) 2. exec into pod and execute backup pod (press tab to get your exact pod name)
`kubectl -n forgejo exec -it backup-restore-... -- /usr/local/bin/backup.bb` `kubectl exec -it backup-restore-... -- /usr/local/bin/backup.sh`
3. remove backup-and-restore pod: 3. remove backup-and-restore pod:
`kubectl -n forgejo scale deployment backup-restore --replicas=0` `kubectl scale deployment backup-restore --replicas=0`
## Manual restore ## Manual restore
1. apply backup-and-restore pod: 1. apply backup-and-restore pod:
`kubectl -n forgejo scale deployment backup-restore --replicas=1` `kubectl scale deployment backup-restore --replicas=1`
2. Scale down forgejo deployment: 2. Scale down forgejo deployment:
`kubectl -n forgejo scale deployment forgejo --replicas=0` `kubectl scale deployment forgejo --replicas=0`
3. exec into pod and execute restore pod (press tab to get your exact pod name) 3. exec into pod and execute restore pod (press tab to get your exact pod name)
`kubectl -n forgejo exec -it backup-restore-... -- /usr/local/bin/restore.bb` `kubectl exec -it backup-restore-... -- /usr/local/bin/restore.sh`
4. Start forgejo again: 4. Start forgejo again:
`kubectl -n forgejo scale deployment forgejo --replicas=1` `kubectl scale deployment forgejo --replicas=1`
5. remove backup-and-restore pod: 5. remove backup-and-restore pod:
`kubectl -n forgejo scale deployment backup-restore --replicas=0` `kubectl scale deployment backup-restore --replicas=0`

View file

@ -39,23 +39,26 @@ npx shadow-cljs release frontend
## graalvm-setup ## graalvm-setup
``` ```
curl -LO https://github.com/graalvm/graalvm-ce-builds/releases/download/jdk-21.0.2/graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz curl -LO https://github.com/graalvm/graalvm-ce-builds/releases/download/vm-21.0.0.2/graalvm-ce-java11-linux-amd64-21.0.0.2.tar.gz
# unpack # unpack
tar -xzf graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz tar -xzf graalvm-ce-java11-linux-amd64-21.0.0.2.tar.gz
sudo mv graalvm-community-openjdk-21.0.2+13.1 /usr/lib/jvm/ sudo mv graalvm-ce-java11-21.0.0.2 /usr/lib/jvm/
sudo ln -s /usr/lib/jvm/graalvm-community-openjdk-21.0.2+13.1 /usr/lib/jvm/graalvm-21 sudo ln -s /usr/lib/jvm/graalvm-ce-java11-21.0.0.2 /usr/lib/jvm/graalvm
sudo ln -s /usr/lib/jvm/graalvm-21/bin/gu /usr/local/bin sudo ln -s /usr/lib/jvm/graalvm/bin/gu /usr/local/bin
sudo update-alternatives --install /usr/bin/java java /usr/lib/jvm/graalvm-21/bin/java 2 sudo update-alternatives --install /usr/bin/java java /usr/lib/jvm/graalvm/bin/java 2
sudo update-alternatives --config java sudo update-alternatives --config java
sudo ln -s /usr/lib/jvm/graalvm-21/bin/native-image /usr/local/bin
# install native-image in graalvm-ce-java11-linux-amd64-21.0.0.2/bin
sudo gu install native-image
sudo ln -s /usr/lib/jvm/graalvm/bin/native-image /usr/local/bin
# deps # deps
sudo apt-get install build-essential zlib1g-dev sudo apt-get install build-essential libz-dev zlib1g-dev
# build # build
cd ~/repo/c4k/c4k-forgejo cd ~/repo/dda/c4k-cloud
lein uberjar lein uberjar
mkdir -p target/graalvm mkdir -p target/graalvm
lein native lein native

41
doc/Releasing.md Normal file
View file

@ -0,0 +1,41 @@
# Release process
## ... for testing (snapshots)
Make sure your clojars.org credentials are correctly set in your ~/.lein/profiles.clj file.
``` bash
git add .
git commit
```
``` bash
lein deploy # or lein deploy clojars
```
## ... for stable release
Make sure tags are protected in gitlab:
Repository Settings -> Protected Tags -> set \*.\*.\* as tag and save.
``` bash
git checkout main # for old projects replace main with master
git add .
git commit
```
Execute tests
``` bash
shadow-cljs compile test
node target/node-tests.js
lein test
```
Release with type (NONE, PATCH, MINOR, MAJOR):
``` bash
RELEASE_TYPE=[TYPE] pyb prepare_release after_publish
```
Done.

View file

@ -1,135 +0,0 @@
# Playbook Upgrade from 1.19 to 7.0.5
## Info: Relevant Breaking Changes:
* 1.19.3: First version under consideration
* 1.20.1-0: Breaking https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#1-20-1-0
* 1.21.1-0: https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#1-21-1-0
* 7.0.0: https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-0
* 8.0.0: https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#8-0-0
## Preparations
1. Stop Forgejo Prod: `k scale deployment forgejo --replicas=0`
1. Disable Backup Cron: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
1. Scale up Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1`
1. Execute Manual Backup: `kubectl exec -n forgejo -it backup-restore-... -- /usr/local/bin/backup.sh`
### Create 2nd Repo Prod Server
1. Terraform Preparations for 2nd Server: TODO
1. Install c4k-forgejo Version `3.5.0`!
with config `"forgejo-image-version-overwrite": "1.19.3-0"` (in server-setup)
1. Stop Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
1. Disable Backup Cron: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
1. Scale up Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1`
1. Restore Forgejo Backup: See [BackupAndRestore.md](BackupAndRestore.md)
1. Check for `..._INSTALL_LOCK: true` in ConfigMap `forgejo-env`
1. Scale up Forgejo Deployment and check for (startup) problems: `k scale -n forgejo deployment forgejo --replicas=1`
## Upgrade to 1.20.1-0
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
1. Adjust configmap: `k edit -n forgejo cm forgejo-env`
1. Remove `FORGEJO__database__CHARSET: utf8` (This was a misconfiguration, since this option only had effect for mysql dbs)
1. Change `FORGEJO__mailer__MAILER_TYPE: smtp+startls` TO `FORGEJO__mailer__PROTOCOL: smtp+starttls` (Missed deprecation from 1.19)
1. Change `FORGEJO__service__EMAIL_DOMAIN_WHITELIST: repo.test.meissa.de` TO `FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST: repo.test.meissa.de` (Fallback deprecation in 1.21)
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
1. Set version to `1.20.1-0` with `k edit -n forgejo deployment forgejo`
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
1. Check for errors: `k logs -n forgejo forgejo-...`
## Upgrade to 1.21.1-0
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
1. Set version to `1.21.1-0` with `k edit -n forgejo deployment forgejo`
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
1. Check for errors: `k logs -n forgejo forgejo-...`
1. After upgrading, login as an admin, go to the `/admin` page and click run `Sync missed branches from git data to databases` (`Fehlende Branches aus den Git-Daten in die Datenbank synchronisieren`). If this is not done there will be messages such as `LoadBranches: branch does not exist in the logs`.
## Upgrade to 7.0.0
1. Check DB Version.
1. MariaDB or MySQL needs to be 8.0 or higher.
2. Postgres needs to be 12 or higher
1. API Endpoints
1. Check if the [/repos/{owner}/{repo}/releases](https://code.forgejo.org/api/swagger/#/repository/repoListReleases) API endpoint is used
1. as the per_page param is not used for [limit](https://codeberg.org/forgejo/forgejo/commit/0aab2d38a7d91bc8caff332e452364468ce52d9a) anymore
2. Check if [/repos/{owner}/{repo}/push_mirrors](https://code.forgejo.org/api/swagger/#/repository/repoListPushMirrors) and [/repos/{owner}/{repo}/push_mirrors](https://code.forgejo.org/api/swagger/#/repository/repoAddPushMirror) API endpoints are used
1. The date format of created and last_update fields are now [timestamps](https://codeberg.org/forgejo/forgejo/commit/0ee7cbf725f45650136be45f8e0f74d395f73b5c)
3. [pprof](https://forgejo.org/docs/v7.0/admin/config-cheat-sheet/#server-server) endpoint changed labels
1. graceful-lifecycle to gracefulLifecycle
2. process-type to processType
3. process-description to processDescription This allows for those endpoints to be scraped by services requiring prometheus style labels such as grafana-agent.
1. The Gitea themes were renamed and the \[ui\].THEMES setting must be changed as follows:
1. gitea is replaced by gitea-light
2. arc-green is replaced by gitea-dark
3. auto is replaced by gitea-auto
1. Migration warning
2. If the logs show a line like the following, run `doctor convert` to fix it.
3. Current database is using a case-insensitive collation "utf8mb4_general_ci"
4. Large instances may experience slow migrations when the database is upgraded to support SHA-256 git repositories.
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
1. Adjust configmap: `k edit -n forgejo cm forgejo-env`
1. Change `FORGEJO__oauth2__ENABLE: "true"` TO `FORGEJO__oauth2__ENABLED: "true"`
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
1. Set version to `7.0.0` with `k edit -n forgejo deployment forgejo`
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
1. Check for errors: `k logs -n forgejo forgejo-...`
## Upgrade to 8.0.3 (no relevant breaking changes)
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
1. Set version to `8.0.3` with `k edit -n forgejo deployment forgejo`
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
1. Check for errors: `k logs -n forgejo forgejo-...`
## Enable Federation
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
1. Adjust configmap: `k edit -n forgejo cm forgejo-env`
1. Change `FORGEJO__federation__ENABLED: "false"` TO `FORGEJO__federation__ENABLED: "true"`
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
1. Check for errors: `k logs -n forgejo forgejo-...`
## Post Work
1. Switch DNS to new server
1. Reenable Backup Cron on new server: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : false }}'`
1. Execute manual Backup on new server: `kubectl exec -n forgejo -it backup-restore-... -- /usr/local/bin/backup.sh`
1. Scale down Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1`
1. The scope of all access tokens might (invisibly) have changed (in v1.20). Thus, rotate all tokens!
1. Users should check their ssh keys: if they use rsa keys the minimum length should be 3072 bits! However, shorter keys should still work.
## Known Errors
### Error in v1.20.1-0
In the logs the following error can be found. This will be resolved automatically with the next upgrade (v1.21).
```
2024/07/08 08:31:30 ...g/config_provider.go:321:deprecatedSetting() [E] Deprecated fallback `[log]` `ROUTER` present. Use `[log]` `logger.router.MODE` instead. This fallback will be/has been removed in 1.21
```
# Add Shynet Analytics
1. Log into shynet & create new Service
1. Copy the generated html snippet and save it somewhere you remember
1. SSH into prod server
1. Make the necessary folders and files in forgejo data dir:
1. `kubectl exec -n forgejo -it forgejo-... -- bash`
1. `mkdir -p /data/gitea/templates/custom`
1. `touch /data/gitea/templates/custom/footer.tmpl`
1. Open the `footer.tmpl` and paste the saved snippet
1. Restart the pod
1. `k scale -n forgejo deployment forgejo --replicas=0`
1. `k scale -n forgejo deployment forgejo --replicas=1`
1. Add Information about analytics: Clone Datenschutz Repo
1. `git clone ssh://git@repo.prod.meissa.de:2222/meissa/Datenschutz.git`
1. Merge forgejo-upgrade into main
1. `git merge forgejo-upgrade`
1. Push to origin
1. `git push`

21
doc/Upgrading.md Normal file
View file

@ -0,0 +1,21 @@
# Upgrading process
## adhoc (on kubernetes cluster)
Ssh into your kubernetes cluster running the forgejo instance.
``` bash
kubectl edit configmap forgejo-env
# make sure INSTALL_LOCK under security is set to true to disable the installation screen
# save and exit
kubectl edit deployments forgejo
# search for your current forgejo version, e.g. 1.19
# replace with new version
# save and exit
kubectl scale deployment forgejo --replicas=0
kubectl scale deployment forgejo --replicas=1
```
Logging into the admin account should now show the new version.
You may want to update your c4k-forgejo resources to reflect the changes made on the cluster.

View file

@ -6,7 +6,7 @@ from ddadevops import *
name = "c4k-forgejo" name = "c4k-forgejo"
MODULE = "backup" MODULE = "backup"
PROJECT_ROOT_PATH = "../.." PROJECT_ROOT_PATH = "../.."
version = "4.0.1-dev" version = "3.1.8"
@init @init

View file

@ -1,4 +1,5 @@
FROM domaindrivenarchitecture/dda-backup:latest FROM domaindrivenarchitecture/dda-backup:latest
# Prepare Entrypoint Script
ADD resources /tmp ADD resources /tmp
RUN /tmp/install.bb RUN /tmp/install.sh

View file

@ -1,46 +0,0 @@
#!/usr/bin/env bb
(require
'[dda.backup.core :as bc]
'[dda.backup.restic :as rc]
'[dda.backup.postgresql :as pg]
'[dda.backup.backup :as bak])
(def restic-repo {:password-file (bc/env-or-file "RESTIC_PASSWORD_FILE")
:restic-repository (bc/env-or-file "RESTIC_REPOSITORY")})
(def file-config (merge restic-repo {:backup-path "files"
:execution-directory "/var/backups/"
:files ["gitea/" "git/repositories/"]}))
(def db-config (merge restic-repo {:backup-path "pg-database"
:pg-host (bc/env-or-file "POSTGRES_SERVICE")
:pg-port (bc/env-or-file "POSTGRES_PORT")
:pg-db (bc/env-or-file "POSTGRES_DB")
:pg-user (bc/env-or-file "POSTGRES_USER")
:pg-password (bc/env-or-file "POSTGRES_PASSWORD")}))
(def aws-config {:aws-access-key-id (bc/env-or-file "AWS_ACCESS_KEY_ID")
:aws-secret-access-key (bc/env-or-file "AWS_SECRET_ACCESS_KEY")})
(def dry-run {:dry-run true :debug true})
(defn prepare!
[]
(bc/create-aws-credentials! aws-config)
(pg/create-pg-pass! db-config))
(defn restic-repo-init!
[]
(rc/init! file-config)
(rc/init! db-config))
(defn restic-backup!
[]
(bak/backup-file! file-config)
(bak/backup-db! db-config))
(prepare!)
(restic-repo-init!)
(restic-backup!)

View file

@ -0,0 +1,19 @@
#!/bin/bash
set -Eexo pipefail
function main() {
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
file_env RESTIC_DAYS_TO_KEEP 30
file_env RESTIC_MONTHS_TO_KEEP 12
backup-db-dump
backup-fs-from-directory '/var/backups/' 'gitea/' 'git/repositories/'
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
source /usr/local/lib/file-functions.sh
main

View file

@ -1,3 +0,0 @@
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
orchestra/orchestra {:mvn/version "2021.01.01-1"}
org.domaindrivenarchitecture/dda-backup {:local/root "/usr/local/lib/dda-backup"}}}

View file

@ -1,3 +0,0 @@
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
orchestra/orchestra {:mvn/version "2021.01.01-1"}
org.domaindrivenarchitecture/dda-build {:mvn/version "0.1.1-SNAPSHOT"}}}

View file

@ -0,0 +1,15 @@
#!/bin/bash
set -Eexo pipefail
function main() {
create-pg-pass
while true; do
sleep 1m
done
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
main

View file

@ -0,0 +1,13 @@
#!/bin/bash
set -Eexo pipefail
function main() {
create-pg-pass
/usr/local/bin/backup.sh
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
main

View file

@ -1,3 +0,0 @@
#!/usr/bin/env bb
(println "initialized")

View file

@ -0,0 +1,16 @@
#!/bin/bash
set -Eexo pipefail
function main() {
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
init-database-repo
init-file-repo
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
source /usr/local/lib/file-functions.sh
main

View file

@ -1,14 +0,0 @@
#!/usr/bin/env bb
(require
'[dda.image.ubuntu :as ub]
'[dda.image.install :as in])
(ub/upgrade-system!)
(in/install! "bb-backup.edn" :target-name "bb.edn" :mod "0400")
(in/install! "backup.bb")
(in/install! "restore.bb")
(in/install! "list-snapshots.bb")
(in/install! "wait.bb")
(ub/cleanup-container!)

View file

@ -0,0 +1,21 @@
#!/bin/bash
set -exo pipefail
function main()
{
upgradeSystem
install -m 0700 /tmp/entrypoint.sh /
install -m 0700 /tmp/entrypoint-start-and-wait.sh /
install -m 0700 /tmp/init.sh /usr/local/bin/
install -m 0700 /tmp/backup.sh /usr/local/bin/
install -m 0700 /tmp/restore.sh /usr/local/bin/
install -m 0700 /tmp/restic-snapshots.sh /usr/local/bin/
cleanupDocker
} > /dev/null
source /tmp/install_functions_debian.sh
DEBIAN_FRONTEND=noninteractive DEBCONF_NOWARNINGS=yes main

View file

@ -1,28 +0,0 @@
#!/usr/bin/env bb
(require
'[dda.backup.core :as bc]
'[dda.backup.restic :as rc])
(def restic-repo {:password-file (bc/env-or-file "RESTIC_PASSWORD_FILE")
:restic-repository (bc/env-or-file "RESTIC_REPOSITORY")})
(def file-config (merge restic-repo {:backup-path "files"}))
(def db-config (merge restic-repo {:backup-path "pg-database"}))
(def aws-config {:aws-access-key-id (bc/env-or-file "AWS_ACCESS_KEY_ID")
:aws-secret-access-key (bc/env-or-file "AWS_SECRET_ACCESS_KEY")})
(defn prepare!
[]
(bc/create-aws-credentials! aws-config))
(defn list-snapshots!
[]
(rc/list-snapshots! file-config)
(rc/list-snapshots! db-config))
(prepare!)
(list-snapshots!)

View file

@ -0,0 +1,16 @@
#!/bin/bash
set -exo pipefail
function main() {
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
restic -r ${RESTIC_REPOSITORY}/files snapshots
restic -r ${RESTIC_REPOSITORY}/pg-database snapshots
}
source /usr/local/lib/functions.sh
source /usr/local/lib/file-functions.sh
main

View file

@ -1,46 +0,0 @@
#!/usr/bin/env bb
(require '[babashka.tasks :as tasks]
'[dda.backup.core :as bc]
'[dda.backup.postgresql :as pg]
'[dda.backup.restore :as rs])
(def restic-repo {:password-file (bc/env-or-file "RESTIC_PASSWORD_FILE")
:restic-repository (bc/env-or-file "RESTIC_REPOSITORY")})
(def file-config (merge restic-repo {:backup-path "files"
:restore-target-directory "/var/backups/restore"
:snapshot-id "latest"}))
(def db-config (merge restic-repo {:backup-path "pg-database"
:pg-host (bc/env-or-file "POSTGRES_SERVICE")
:pg-port (bc/env-or-file "POSTGRES_PORT")
:pg-db (bc/env-or-file "POSTGRES_DB")
:pg-user (bc/env-or-file "POSTGRES_USER")
:pg-password (bc/env-or-file "POSTGRES_PASSWORD")
:snapshot-id "latest"}))
(def aws-config {:aws-access-key-id (bc/env-or-file "AWS_ACCESS_KEY_ID")
:aws-secret-access-key (bc/env-or-file "AWS_SECRET_ACCESS_KEY")})
(def dry-run {:dry-run true :debug true})
(defn prepare!
[]
(pg/create-pg-pass! db-config)
(bc/create-aws-credentials! aws-config))
(defn restic-restore!
[]
(rs/restore-file! file-config)
(tasks/shell ["bash" "-c" "rm -rf /var/backups/gitea/*"])
(tasks/shell ["bash" "-c" "rm -rf /var/backups/git/repositories/*"])
(tasks/shell ["mv" "/var/backups/restore/gitea" "/var/backups/"])
(tasks/shell ["mv" "/var/backups/restore/git/repositories" "/var/backups/git/"])
(tasks/shell ["chown" "-R" "1000:1000" "/var/backups"])
(pg/drop-create-db! (merge db-config {:debug true}))
(rs/restore-db! (merge db-config {:debug true})))
(prepare!)
(restic-restore!)

View file

@ -0,0 +1,37 @@
#!/bin/bash
set -Eexo pipefail
function main() {
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
file_env POSTGRES_DB
file_env POSTGRES_PASSWORD
file_env POSTGRES_USER
# Restore latest snapshot into /var/backups/restore
restore-directory '/var/backups/restore'
rm -rf /var/backups/gitea/*
rm -rf /var/backups/git/repositories/*
cp -r /var/backups/restore/gitea /var/backups/ #ToDo: mv instead of cp or rm -rf after
cp -r /var/backups/restore/git/repositories /var/backups/git/ #ToDo: mv instead of cp or rm -rf after
# adjust file permissions for the git user
chown -R 1000:1000 /var/backups
# TODO: Regenerate Git Hooks? Do we need this?
#/usr/local/bin/gitea -c '/data/gitea/conf/app.ini' admin regenerate hooks
# Restore db
drop-create-db
restore-db
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
source /usr/local/lib/file-functions.sh
main

View file

@ -1,27 +0,0 @@
#!/usr/bin/env bb
(require
'[dda.backup.core :as bc]
'[dda.backup.postgresql :as pg])
(def restic-repo {:password-file (bc/env-or-file "RESTIC_PASSWORD_FILE")
:restic-repository (bc/env-or-file "RESTIC_REPOSITORY")})
(def db-config (merge restic-repo {:backup-path "pg-database"
:pg-host (bc/env-or-file "POSTGRES_SERVICE")
:pg-port (bc/env-or-file "POSTGRES_PORT")
:pg-db (bc/env-or-file "POSTGRES_DB")
:pg-user (bc/env-or-file "POSTGRES_USER")
:pg-password (bc/env-or-file "POSTGRES_PASSWORD")}))
(defn prepare!
[]
(pg/create-pg-pass! db-config))
(defn wait! []
(while true
(Thread/sleep 1000)))
(prepare!)
(wait!)

View file

@ -1,4 +0,0 @@
FROM c4k-forgejo-backup:latest
ADD resources /tmp/
RUN ENV_PASSWORD=env-password FILE_PASSWORD_FILE=/tmp/file_password /tmp/test.bb

View file

@ -1,3 +0,0 @@
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
orchestra/orchestra {:mvn/version "2021.01.01-1"}
org.domaindrivenarchitecture/dda-backup {:local/root "/usr/local/lib/dda-backup"}}}

View file

@ -1,62 +0,0 @@
#!/usr/bin/env bb
(require '[babashka.tasks :as tasks]
'[dda.backup.core :as bc]
'[dda.backup.restic :as rc]
'[dda.backup.postgresql :as pg]
'[dda.backup.backup :as bak]
'[dda.backup.restore :as rs])
(def restic-repo {:password-file "restic-pwd"
:restic-repository "restic-repo"})
(def file-config (merge restic-repo {:backup-path "files"
:files ["test-backup"]
:restore-target-directory "test-restore"}))
(def db-config (merge restic-repo {:backup-path "db"
:pg-db "mydb"
:pg-user "user"
:pg-password "password"}))
(def dry-run {:dry-run true :debug true})
(defn prepare!
[]
(spit "/tmp/file_password" "file-password")
(println (bc/env-or-file "FILE_PASSWORD"))
(println (bc/env-or-file "ENV_PASSWORD"))
(spit "restic-pwd" "ThePassword")
(tasks/shell "mkdir" "-p" "test-backup")
(spit "test-backup/file" "I was here")
(tasks/shell "mkdir" "-p" "test-restore")
(pg/create-pg-pass! db-config))
(defn restic-repo-init!
[]
(rc/init! file-config)
(rc/init! (merge db-config dry-run)))
(defn restic-backup!
[]
(bak/backup-file! file-config)
(bak/backup-db! (merge db-config dry-run)))
(defn list-snapshots!
[]
(rc/list-snapshots! file-config)
(rc/list-snapshots! (merge db-config dry-run)))
(defn restic-restore!
[]
(rs/restore-file! file-config)
(pg/drop-create-db! (merge db-config dry-run))
(rs/restore-db! (merge db-config dry-run)))
(prepare!)
(restic-repo-init!)
(restic-backup!)
(list-snapshots!)
(restic-restore!)

View file

@ -6,7 +6,7 @@ from ddadevops import *
name = 'c4k-forgejo' name = 'c4k-forgejo'
MODULE = 'federated' MODULE = 'federated'
PROJECT_ROOT_PATH = '../..' PROJECT_ROOT_PATH = '../..'
version = "4.0.1-dev" version = "3.1.8"
@init @init
def initialize(project): def initialize(project):

View file

@ -10,7 +10,9 @@ ENV TAGS "bindata timetzdata $TAGS"
ARG CGO_EXTRA_CFLAGS ARG CGO_EXTRA_CFLAGS
ENV FORGEJO_GIT_URL "https://codeberg.org/meissa/forgejo.git" ENV FORGEJO_GIT_URL "https://codeberg.org/meissa/forgejo.git"
ENV FORGEJO_BRANCH "forgejo-federated-star" #ENV FORGEJO_GIT_URL "https://git.exozy.me/a/gitea.git"
ENV FORGEJO_BRANCH "test-release"
#ENV FORGEJO_BRANCH "libreplanet-federation-demo"
#Build deps #Build deps
RUN apk -U upgrade RUN apk -U upgrade

View file

@ -2,7 +2,7 @@
"name": "c4k-forgejo", "name": "c4k-forgejo",
"description": "Generate c4k yaml for a forgejo deployment.", "description": "Generate c4k yaml for a forgejo deployment.",
"author": "meissa GmbH", "author": "meissa GmbH",
"version": "4.0.1-SNAPSHOT", "version": "3.1.8",
"homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-forgejo#readme", "homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-forgejo#readme",
"repository": "https://www.npmjs.com/package/c4k-forgejo", "repository": "https://www.npmjs.com/package/c4k-forgejo",
"license": "APACHE2", "license": "APACHE2",

View file

@ -1,17 +1,16 @@
(defproject org.domaindrivenarchitecture/c4k-forgejo "4.0.1-SNAPSHOT" (defproject org.domaindrivenarchitecture/c4k-forgejo "3.1.8"
:description "forgejo c4k-installation package" :description "forgejo c4k-installation package"
:url "https://domaindrivenarchitecture.org" :url "https://domaindrivenarchitecture.org"
:license {:name "Apache License, Version 2.0" :license {:name "Apache License, Version 2.0"
:url "https://www.apache.org/licenses/LICENSE-2.0.html"} :url "https://www.apache.org/licenses/LICENSE-2.0.html"}
:dependencies [[org.clojure/clojure "1.11.4" :scope "provided"] :dependencies [[org.clojure/clojure "1.11.1" :scope "provided"]
[org.clojure/tools.reader "1.5.0"] [org.clojure/tools.reader "1.3.7"]
[org.domaindrivenarchitecture/c4k-common-clj "8.0.0"] [org.domaindrivenarchitecture/c4k-common-clj "6.1.2"]
[hickory "0.7.1" :exclusions [viebel/codox-klipse-theme]]] [hickory "0.7.1" :exclusions [viebel/codox-klipse-theme]]]
:target-path "target/%s/" :target-path "target/%s/"
:source-paths ["src/main/cljc" :source-paths ["src/main/cljc"
"src/main/clj"] "src/main/clj"]
:resource-paths ["src/main/resources" :resource-paths ["src/main/resources"]
"project.clj"]
:repositories [["snapshots" :clojars] :repositories [["snapshots" :clojars]
["releases" :clojars]] ["releases" :clojars]]
:deploy-repositories [["snapshots" {:sign-releases false :url "https://clojars.org/repo"}] :deploy-repositories [["snapshots" {:sign-releases false :url "https://clojars.org/repo"}]
@ -23,14 +22,25 @@
:uberjar {:aot :all :uberjar {:aot :all
:main dda.c4k-forgejo.uberjar :main dda.c4k-forgejo.uberjar
:uberjar-name "c4k-forgejo-standalone.jar" :uberjar-name "c4k-forgejo-standalone.jar"
:dependencies [[org.clojure/tools.cli "1.1.230"] :dependencies [[org.clojure/tools.cli "1.0.219"]
[ch.qos.logback/logback-classic "1.5.7" [ch.qos.logback/logback-classic "1.4.14"
:exclusions [com.sun.mail/javax.mail]] :exclusions [com.sun.mail/javax.mail]]
[org.slf4j/jcl-over-slf4j "2.0.16"] [org.slf4j/jcl-over-slf4j "2.0.12"]]}}
[com.github.clj-easy/graal-build-time "1.0.5"]]}}
:release-tasks [["test"] :release-tasks [["test"]
["vcs" "assert-committed"] ["vcs" "assert-committed"]
["change" "version" "leiningen.release/bump-version" "release"] ["change" "version" "leiningen.release/bump-version" "release"]
["vcs" "commit"] ["vcs" "commit"]
["vcs" "tag" "v" "--no-sign"] ["vcs" "tag" "v" "--no-sign"]
["change" "version" "leiningen.release/bump-version"]]) ["change" "version" "leiningen.release/bump-version"]]
:aliases {"native" ["shell"
"native-image"
"--report-unsupported-elements-at-runtime"
"--initialize-at-build-time"
"-jar" "target/uberjar/c4k-forgejo-standalone.jar"
"-H:ResourceConfigurationFiles=graalvm-resource-config.json"
"-H:Log=registerResource"
"-H:Name=target/graalvm/${:name}"]
"inst" ["shell"
"sh"
"-c"
"lein uberjar && sudo install -m=755 target/uberjar/c4k-forgejo-standalone.jar /usr/local/bin/c4k-forgejo-standalone.jar"]})

View file

@ -4,7 +4,7 @@
"src/test/cljc" "src/test/cljc"
"src/test/cljs" "src/test/cljs"
"src/test/resources"] "src/test/resources"]
:dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "8.0.0"] :dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "6.1.2"]
[hickory "0.7.1"]] [hickory "0.7.1"]]
:builds {:frontend {:target :browser :builds {:frontend {:target :browser
:modules {:main {:init-fn dda.c4k-forgejo.browser/init}} :modules {:main {:init-fn dda.c4k-forgejo.browser/init}}

View file

@ -4,14 +4,11 @@
[dda.c4k-forgejo.core :as core] [dda.c4k-forgejo.core :as core]
[dda.c4k-common.uberjar :as uberjar])) [dda.c4k-common.uberjar :as uberjar]))
(set! *warn-on-reflection* true)
(defn -main [& cmd-args] (defn -main [& cmd-args]
(uberjar/main-cm (uberjar/main-common
"c4k-forgejo" "c4k-forgejo"
core/config? core/config?
core/auth? core/auth?
core/config-defaults core/config-defaults
core/config-objects core/k8s-objects
core/auth-objects
cmd-args)) cmd-args))

View file

@ -4,13 +4,12 @@
[dda.c4k-common.yaml :as yaml] [dda.c4k-common.yaml :as yaml]
[dda.c4k-common.base64 :as b64] [dda.c4k-common.base64 :as b64]
[dda.c4k-common.common :as cm] [dda.c4k-common.common :as cm]
[dda.c4k-common.predicate :as p]
#?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]]))) #?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]])))
(s/def ::aws-access-key-id p/bash-env-string?) (s/def ::aws-access-key-id cm/bash-env-string?)
(s/def ::aws-secret-access-key p/bash-env-string?) (s/def ::aws-secret-access-key cm/bash-env-string?)
(s/def ::restic-password p/bash-env-string?) (s/def ::restic-password cm/bash-env-string?)
(s/def ::restic-repository p/bash-env-string?) (s/def ::restic-repository cm/bash-env-string?)
#?(:cljs #?(:cljs
(defmethod yaml/load-resource :backup [resource-name] (defmethod yaml/load-resource :backup [resource-name]

View file

@ -6,18 +6,9 @@
[dda.c4k-common.monitoring :as mon] [dda.c4k-common.monitoring :as mon]
[dda.c4k-forgejo.forgejo :as forgejo] [dda.c4k-forgejo.forgejo :as forgejo]
[dda.c4k-forgejo.backup :as backup] [dda.c4k-forgejo.backup :as backup]
[dda.c4k-common.postgres :as postgres] [dda.c4k-common.postgres :as postgres]))
[dda.c4k-common.namespace :as ns]))
(def config-defaults {:namespace "forgejo" (def config-defaults {:issuer "staging", :deploy-federated "false"})
:issuer "staging"
:deploy-federated "false"
:federation-enabled "false"
:db-name "forgejo"
:pv-storage-size-gb 5
:pvc-storage-class-name ""
:postgres-image "postgres:14"
:postgres-size :2gb})
(def rate-limit-defaults {:max-rate 10, :max-concurrent-requests 5}) (def rate-limit-defaults {:max-rate 10, :max-concurrent-requests 5})
(def config? (s/keys :req-un [::forgejo/fqdn (def config? (s/keys :req-un [::forgejo/fqdn
@ -27,10 +18,8 @@
::forgejo/service-noreply-address] ::forgejo/service-noreply-address]
:opt-un [::forgejo/issuer :opt-un [::forgejo/issuer
::forgejo/deploy-federated ::forgejo/deploy-federated
::forgejo/federation-enabled
::forgejo/default-app-name ::forgejo/default-app-name
::forgejo/service-domain-whitelist ::forgejo/service-domain-whitelist
::forgejo/forgejo-image-version-overwrite
::backup/restic-repository ::backup/restic-repository
::mon/mon-cfg])) ::mon/mon-cfg]))
@ -42,39 +31,32 @@
(def vol? (s/keys :req-un [::forgejo/volume-total-storage-size])) (def vol? (s/keys :req-un [::forgejo/volume-total-storage-size]))
(defn config-objects [config] ; ToDo: ADR for generate functions - vector or no vector? (defn k8s-objects [config auth] ; ToDo: ADR for generate functions - vector or no vector?
(let [storage-class (if (contains? config :postgres-data-volume-path) :manual :local-path)] (let [storage-class (if (contains? config :postgres-data-volume-path) :manual :local-path)]
(map yaml/to-string (map yaml/to-string
(filter #(not (nil? %)) (filter #(not (nil? %))
(cm/concat-vec (cm/concat-vec
(ns/generate config) [(postgres/generate-config {:postgres-size :2gb :db-name "forgejo"})
[(postgres/generate-configmap config) (postgres/generate-secret auth)
(when (contains? config :postgres-data-volume-path) (when (contains? config :postgres-data-volume-path)
(postgres/generate-persistent-volume (select-keys config [:postgres-data-volume-path :pv-storage-size-gb]))) (postgres/generate-persistent-volume (select-keys config [:postgres-data-volume-path :pv-storage-size-gb])))
(postgres/generate-pvc (merge config {:pvc-storage-class-name storage-class})) (postgres/generate-pvc {:pv-storage-size-gb 5
(postgres/generate-deployment config) :pvc-storage-class-name storage-class})
(postgres/generate-service config) (postgres/generate-deployment {:postgres-image "postgres:14"
:postgres-size :2gb})
(postgres/generate-service)
(forgejo/generate-deployment config) (forgejo/generate-deployment config)
(forgejo/generate-service) (forgejo/generate-service)
(forgejo/generate-service-ssh) (forgejo/generate-service-ssh)
(forgejo/generate-data-volume config) (forgejo/generate-data-volume config)
(forgejo/generate-appini-env config)] (forgejo/generate-appini-env config)
(forgejo/generate-ratelimit-ingress-and-cert config) ; this function has a vector as output (forgejo/generate-secrets auth)
(forgejo/generate-rate-limit-middleware rate-limit-defaults)] ; this does not have a vector as output
(forgejo/generate-rate-limit-ingress-and-cert config) ; this function has a vector as output
(when (contains? config :restic-repository) (when (contains? config :restic-repository)
[(backup/generate-config config) [(backup/generate-config config)
(backup/generate-secret auth)
(backup/generate-cron) (backup/generate-cron)
(backup/generate-backup-restore-deployment config)]) (backup/generate-backup-restore-deployment config)])
(when (contains? config :mon-cfg) (when (:contains? config :mon-cfg)
(mon/generate-config))))))) (mon/generate (:mon-cfg config) (:mon-auth auth))))))))
(defn auth-objects [config auth]
(map yaml/to-string
(filter #(not (nil? %))
(cm/concat-vec
(ns/generate config)
[(postgres/generate-secret config auth)
(forgejo/generate-secrets auth)]
(when (contains? config :restic-repository)
[(backup/generate-secret auth)])
(when (contains? config :mon-cfg)
(mon/generate-auth (:mon-cfg config) (:mon-auth auth)))))))

View file

@ -33,13 +33,11 @@
(s/def ::default-app-name string?) (s/def ::default-app-name string?)
(s/def ::fqdn pred/fqdn-string?) (s/def ::fqdn pred/fqdn-string?)
(s/def ::deploy-federated boolean-string?) (s/def ::deploy-federated boolean-string?)
(s/def ::federation-enabled boolean-string?)
(s/def ::mailer-from pred/bash-env-string?) (s/def ::mailer-from pred/bash-env-string?)
(s/def ::mailer-host pred/bash-env-string?) (s/def ::mailer-host pred/bash-env-string?)
(s/def ::mailer-port pred/bash-env-string?) (s/def ::mailer-port pred/bash-env-string?)
(s/def ::service-domain-whitelist domain-list?) (s/def ::service-domain-whitelist domain-list?)
(s/def ::service-noreply-address string?) (s/def ::service-noreply-address string?)
(s/def ::forgejo-image-version-overwrite string?)
(s/def ::mailer-user pred/bash-env-string?) (s/def ::mailer-user pred/bash-env-string?)
(s/def ::mailer-pw pred/bash-env-string?) (s/def ::mailer-pw pred/bash-env-string?)
(s/def ::issuer pred/letsencrypt-issuer?) (s/def ::issuer pred/letsencrypt-issuer?)
@ -54,10 +52,8 @@
::service-noreply-address] ::service-noreply-address]
:opt-un [::issuer :opt-un [::issuer
::deploy-federated ::deploy-federated
::federation-enabled
::default-app-name ::default-app-name
::service-domain-whitelist ::service-domain-whitelist]))
::forgejo-image-version-overwrite]))
(def rate-limit-config? (s/keys :req-un [::max-rate (def rate-limit-config? (s/keys :req-un [::max-rate
::max-concurrent-requests])) ::max-concurrent-requests]))
@ -69,19 +65,9 @@
(defn data-storage-by-volume-size (defn data-storage-by-volume-size
[total] [total]
total) total)
;;TODO: remove unneccessaries, fedaration is merged
(def federated-image-name "domaindrivenarchitecture/c4k-forgejo-federated")
(def federated-image-version "latest")
(def non-federated-image-name "codeberg.org/forgejo/forgejo")
(def non-federated-image-version "8.0.3")
(defn-spec generate-image-str string? (def federated-image-name "domaindrivenarchitecture/c4k-forgejo-federated:latest")
[config config?] (def non-federated-image-name "codeberg.org/forgejo/forgejo:1.19")
(let [{:keys [deploy-federated forgejo-image-version-overwrite]} config
deploy-federated-bool (boolean-from-string deploy-federated)]
(if deploy-federated-bool
(str federated-image-name ":" (or forgejo-image-version-overwrite federated-image-version))
(str non-federated-image-name ":" (or forgejo-image-version-overwrite non-federated-image-version)))))
#?(:cljs #?(:cljs
(defmethod yaml/load-resource :forgejo [resource-name] (defmethod yaml/load-resource :forgejo [resource-name]
@ -90,7 +76,7 @@
(defn generate-appini-env (defn generate-appini-env
[config] [config]
(let [{:keys [default-app-name (let [{:keys [default-app-name
federation-enabled deploy-federated
fqdn fqdn
mailer-from mailer-from
mailer-host mailer-host
@ -99,7 +85,7 @@
service-noreply-address] service-noreply-address]
:or {default-app-name "forgejo instance" :or {default-app-name "forgejo instance"
service-domain-whitelist fqdn}} config service-domain-whitelist fqdn}} config
federation-enabled-bool (boolean-from-string federation-enabled)] deploy-federated-bool (boolean-from-string deploy-federated)]
(-> (->
(yaml/load-as-edn "forgejo/appini-env-configmap.yaml") (yaml/load-as-edn "forgejo/appini-env-configmap.yaml")
(cm/replace-all-matching-values-by-new-value "APPNAME" default-app-name) (cm/replace-all-matching-values-by-new-value "APPNAME" default-app-name)
@ -111,7 +97,7 @@
(cm/replace-all-matching-values-by-new-value "WHITELISTDOMAINS" service-domain-whitelist) (cm/replace-all-matching-values-by-new-value "WHITELISTDOMAINS" service-domain-whitelist)
(cm/replace-all-matching-values-by-new-value "NOREPLY" service-noreply-address) (cm/replace-all-matching-values-by-new-value "NOREPLY" service-noreply-address)
(cm/replace-all-matching-values-by-new-value "IS_FEDERATED" (cm/replace-all-matching-values-by-new-value "IS_FEDERATED"
(if federation-enabled-bool (if deploy-federated-bool
"true" "true"
"false"))))) "false")))))
@ -123,36 +109,59 @@
mailer-pw]} auth] mailer-pw]} auth]
(-> (->
(yaml/load-as-edn "forgejo/secrets.yaml") (yaml/load-as-edn "forgejo/secrets.yaml")
(cm/replace-all-matching "DBUSER" (b64/encode postgres-db-user)) (cm/replace-all-matching-values-by-new-value "DBUSER" (b64/encode postgres-db-user))
(cm/replace-all-matching "DBPW" (b64/encode postgres-db-password)) (cm/replace-all-matching-values-by-new-value "DBPW" (b64/encode postgres-db-password))
(cm/replace-all-matching "MAILERUSER" (b64/encode mailer-user)) (cm/replace-all-matching-values-by-new-value "MAILERUSER" (b64/encode mailer-user))
(cm/replace-all-matching "MAILERPW" (b64/encode mailer-pw))))) (cm/replace-all-matching-values-by-new-value "MAILERPW" (b64/encode mailer-pw)))))
(defn-spec generate-ratelimit-ingress-and-cert seq? (defn generate-ingress-and-cert
[config config?] [config]
(let [{:keys [fqdn max-rate max-concurrent-requests namespace]} config] (let [{:keys [fqdn]} config]
(ing/generate-simple-ingress (merge (ing/generate-ingress-and-cert
(merge
{:service-name "forgejo-service" {:service-name "forgejo-service"
:service-port 3000 :service-port 3000
:fqdns [fqdn] :fqdns [fqdn]}
:average-rate max-rate
:burst-rate max-concurrent-requests
:namespace namespace}
config)))) config))))
(defn-spec generate-rate-limit-ingress-and-cert pred/map-or-seq?
[config config?]
(->
(generate-ingress-and-cert config) ; returns a vector
(#(assoc-in % ; Attention: heavily relying on the output order of ing/generate-ingress-and-cert
[1 :metadata :annotations :traefik.ingress.kubernetes.io/router.middlewares]
(str
(-> (second %) :metadata :annotations :traefik.ingress.kubernetes.io/router.middlewares)
", default-ratelimit@kubernetescrd")))))
; using :average and :burst seems sensible, :period may be interesting for fine tuning later on
(defn-spec generate-rate-limit-middleware pred/map-or-seq?
[config rate-limit-config?]
(let [{:keys [max-rate max-concurrent-requests]} config]
(->
(yaml/load-as-edn "forgejo/middleware-ratelimit.yaml")
(cm/replace-key-value :average max-rate)
(cm/replace-key-value :burst max-concurrent-requests))))
(defn-spec generate-data-volume pred/map-or-seq? (defn-spec generate-data-volume pred/map-or-seq?
[config vol?] [config vol?]
(let [{:keys [volume-total-storage-size]} config (let [{:keys [volume-total-storage-size]} config
data-storage-size (data-storage-by-volume-size volume-total-storage-size)] data-storage-size (data-storage-by-volume-size volume-total-storage-size)]
(-> (->
(yaml/load-as-edn "forgejo/datavolume.yaml") (yaml/load-as-edn "forgejo/datavolume.yaml")
(cm/replace-all-matching "DATASTORAGESIZE" (str (str data-storage-size) "Gi"))))) (cm/replace-all-matching-values-by-new-value "DATASTORAGESIZE" (str (str data-storage-size) "Gi")))))
(defn-spec generate-deployment pred/map-or-seq? (defn-spec generate-deployment pred/map-or-seq?
[config config?] [config config?]
(let [{:keys [deploy-federated]} config
deploy-federated-bool (boolean-from-string deploy-federated)]
(-> (->
(yaml/load-as-edn "forgejo/deployment.yaml") (yaml/load-as-edn "forgejo/deployment.yaml")
(cm/replace-all-matching "IMAGE_NAME" (generate-image-str config)))) (cm/replace-all-matching-values-by-new-value "IMAGE_NAME"
(if deploy-federated-bool
federated-image-name
non-federated-image-name)))))
(defn generate-service (defn generate-service
[] []

View file

@ -79,7 +79,8 @@
(when (not (st/blank? app-name)) (when (not (st/blank? app-name))
{:default-app-name app-name}) {:default-app-name app-name})
(when (not (st/blank? domain-whitelist)) (when (not (st/blank? domain-whitelist))
{:service-domain-whitelist domain-whitelist})))) {:service-domain-whitelist domain-whitelist})
)))
(defn validate-all! [] (defn validate-all! []
(br/validate! "fqdn" ::forgejo/fqdn) (br/validate! "fqdn" ::forgejo/fqdn)
@ -102,21 +103,16 @@
(defn init [] (defn init []
(br/append-hickory (generate-content-div)) (br/append-hickory (generate-content-div))
(let [config-only false
auth-only false]
(-> js/document (-> js/document
(.getElementById "generate-button") (.getElementById "generate-button")
(.addEventListener "click" (.addEventListener "click"
#(do (validate-all!) #(do (validate-all!)
(-> (cm/generate-cm (-> (cm/generate-common
(config-from-document) (config-from-document)
(br/get-content-from-element "auth" :deserializer edn/read-string) (br/get-content-from-element "auth" :deserializer edn/read-string)
core/config-defaults core/config-defaults
core/config-objects core/k8s-objects)
core/auth-objects (br/set-output!)))))
config-only
auth-only)
(br/set-output!))))))
(add-validate-listener "fqdn") (add-validate-listener "fqdn")
(add-validate-listener "deploy-federated") (add-validate-listener "deploy-federated")
(add-validate-listener "mailer-from") (add-validate-listener "mailer-from")

View file

@ -2,7 +2,6 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: backup-restore name: backup-restore
namespace: forgejo
spec: spec:
replicas: 0 replicas: 0
selector: selector:
@ -21,7 +20,7 @@ spec:
- image: domaindrivenarchitecture/c4k-forgejo-backup - image: domaindrivenarchitecture/c4k-forgejo-backup
name: backup-app name: backup-app
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: ["wait.bb"] command: ["/entrypoint-start-and-wait.sh"]
env: env:
- name: POSTGRES_USER - name: POSTGRES_USER
valueFrom: valueFrom:

View file

@ -2,7 +2,6 @@ apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: backup-config name: backup-config
namespace: forgejo
labels: labels:
app.kubernetes.io/name: backup app.kubernetes.io/name: backup
app.kubernetes.io/part-of: forgejo app.kubernetes.io/part-of: forgejo

View file

@ -2,7 +2,6 @@ apiVersion: batch/v1
kind: CronJob kind: CronJob
metadata: metadata:
name: forgejo-backup name: forgejo-backup
namespace: forgejo
labels: labels:
app.kubernetes.part-of: forgejo app.kubernetes.part-of: forgejo
spec: spec:
@ -17,7 +16,7 @@ spec:
- name: backup-app - name: backup-app
image: domaindrivenarchitecture/c4k-forgejo-backup image: domaindrivenarchitecture/c4k-forgejo-backup
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: ["backup.bb"] command: ["/entrypoint.sh"]
env: env:
- name: POSTGRES_USER - name: POSTGRES_USER
valueFrom: valueFrom:

View file

@ -2,7 +2,6 @@ apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: backup-secret name: backup-secret
namespace: forgejo
type: Opaque type: Opaque
data: data:
aws-access-key-id: aws-access-key-id aws-access-key-id: aws-access-key-id

View file

@ -2,7 +2,7 @@ apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: forgejo-env name: forgejo-env
namespace: forgejo namespace: default
data: data:
#[admin] #[admin]
FORGEJO__admin__DEFAULT_EMAIL_NOTIFICATIONS: "enabled" # Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled FORGEJO__admin__DEFAULT_EMAIL_NOTIFICATIONS: "enabled" # Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
@ -16,6 +16,7 @@ data:
FORGEJO__database__NAME: forgejo FORGEJO__database__NAME: forgejo
FORGEJO__database__LOG_SQL: "false" FORGEJO__database__LOG_SQL: "false"
FORGEJO__database__SSL_MODE: disable FORGEJO__database__SSL_MODE: disable
FORGEJO__database__CHARSET: utf8
#[DEFAULT] #[DEFAULT]
APP_NAME: APPNAME APP_NAME: APPNAME
@ -36,12 +37,12 @@ data:
#[mailer] #[mailer]
FORGEJO__mailer__ENABLED: "true" FORGEJO__mailer__ENABLED: "true"
FORGEJO__mailer__FROM: FROM FORGEJO__mailer__FROM: FROM
FORGEJO__mailer__PROTOCOL: smtp+starttls FORGEJO__mailer__MAILER_TYPE: smtp+startls
FORGEJO__mailer__SMTP_ADDR: MAILERHOST FORGEJO__mailer__SMTP_ADDR: MAILERHOST
FORGEJO__mailer__SMTP_PORT: MAILERPORT FORGEJO__mailer__SMTP_PORT: MAILERPORT
#[oauth2] #[oauth2]
FORGEJO__oauth2__ENABLED: "true" FORGEJO__oauth2__ENABLE: "true"
#[openid] #[openid]
FORGEJO__openid__ENABLE_OPENID: "true" FORGEJO__openid__ENABLE_OPENID: "true"
@ -75,7 +76,7 @@ data:
FORGEJO__service__REQUIRE_SIGNIN_VIEW: "false" FORGEJO__service__REQUIRE_SIGNIN_VIEW: "false"
FORGEJO__service__REGISTER_EMAIL_CONFIRM: "true" FORGEJO__service__REGISTER_EMAIL_CONFIRM: "true"
FORGEJO__service__ENABLE_NOTIFY_MAIL: "true" FORGEJO__service__ENABLE_NOTIFY_MAIL: "true"
FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST: WHITELISTDOMAINS FORGEJO__service__EMAIL_DOMAIN_WHITELIST: WHITELISTDOMAINS
FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "false" FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "false"
FORGEJO__service__ENABLE_BASIC_AUTHENTICATION: "true" FORGEJO__service__ENABLE_BASIC_AUTHENTICATION: "true"
FORGEJO__service__ENABLE_CAPTCHA: "false" FORGEJO__service__ENABLE_CAPTCHA: "false"

View file

@ -2,7 +2,7 @@ apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: forgejo-data-pvc name: forgejo-data-pvc
namespace: forgejo namespace: default
labels: labels:
app: forgejo app: forgejo
spec: spec:

View file

@ -2,7 +2,7 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: forgejo name: forgejo
namespace: forgejo namespace: default
labels: labels:
app: forgejo app: forgejo
spec: spec:

View file

@ -0,0 +1,8 @@
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: ratelimit
spec:
rateLimit: # Config options for rate limiting: https://doc.traefik.io/traefik/middlewares/http/ratelimit/
average: AVG
burst: BRS

View file

@ -2,7 +2,6 @@ apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: forgejo-secrets name: forgejo-secrets
namespace: forgejo
data: data:
FORGEJO__database__USER: DBUSER FORGEJO__database__USER: DBUSER
FORGEJO__database__PASSWD: DBPW FORGEJO__database__PASSWD: DBPW

View file

@ -2,7 +2,7 @@ kind: Service
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: forgejo-ssh-service name: forgejo-ssh-service
namespace: forgejo namespace: default
annotations: annotations:
metallb.universe.tf/allow-shared-ip: "shared-ip-service-group" metallb.universe.tf/allow-shared-ip: "shared-ip-service-group"
metallb.universe.tf/address-pool: public metallb.universe.tf/address-pool: public

View file

@ -2,7 +2,7 @@ kind: Service
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: forgejo-service name: forgejo-service
namespace: forgejo namespace: default
spec: spec:
selector: selector:
app: forgejo app: forgejo

View file

@ -13,7 +13,6 @@
:kind "ConfigMap", :kind "ConfigMap",
:metadata :metadata
{:name "backup-config", {:name "backup-config",
:namespace "forgejo",
:labels :labels
#:app.kubernetes.io{:name "backup", :part-of "forgejo"}}, #:app.kubernetes.io{:name "backup", :part-of "forgejo"}},
:data {:restic-repository "s3:s3.amazonaws.com/backup/federated-repo"}} :data {:restic-repository "s3:s3.amazonaws.com/backup/federated-repo"}}
@ -24,7 +23,6 @@
:kind "ConfigMap", :kind "ConfigMap",
:metadata :metadata
{:name "backup-config", {:name "backup-config",
:namespace "forgejo",
:labels :labels
#:app.kubernetes.io{:name "backup", :part-of "forgejo"}}, #:app.kubernetes.io{:name "backup", :part-of "forgejo"}},
:data {:restic-repository "s3:s3.amazonaws.com/backup/repo"}} :data {:restic-repository "s3:s3.amazonaws.com/backup/repo"}}

View file

@ -12,40 +12,6 @@
(st/instrument `cut/generate-ingress) (st/instrument `cut/generate-ingress)
(st/instrument `cut/generate-secrets) (st/instrument `cut/generate-secrets)
(deftest should-generate-image-str
(testing "non-federated-image"
(is (= "codeberg.org/forgejo/forgejo:8.0.3"
(cut/generate-image-str {:fqdn "test.de"
:mailer-from ""
:mailer-host "m.t.de"
:mailer-port "123"
:service-noreply-address ""
:deploy-federated "false"})))
(is (= "codeberg.org/forgejo/forgejo:1.19.3-0"
(cut/generate-image-str {:fqdn "test.de"
:mailer-from ""
:mailer-host "m.t.de"
:mailer-port "123"
:service-noreply-address ""
:deploy-federated "false"
:forgejo-image-version-overwrite "1.19.3-0"}))))
(testing "federated-image"
(is (= "domaindrivenarchitecture/c4k-forgejo-federated:latest"
(cut/generate-image-str {:fqdn "test.de"
:mailer-from ""
:mailer-host "m.t.de"
:mailer-port "123"
:service-noreply-address ""
:deploy-federated "true"})))
(is (= "domaindrivenarchitecture/c4k-forgejo-federated:3.2.0"
(cut/generate-image-str {:fqdn "test.de"
:mailer-from ""
:mailer-host "m.t.de"
:mailer-port "123"
:service-noreply-address ""
:deploy-federated "true"
:forgejo-image-version-overwrite "3.2.0"})))))
(deftest should-generate-appini-env (deftest should-generate-appini-env
(is (= {:APP_NAME-c1 "", (is (= {:APP_NAME-c1 "",
:APP_NAME-c2 "test forgejo", :APP_NAME-c2 "test forgejo",
@ -63,20 +29,21 @@
:FORGEJO__server__ROOT_URL-c2 "https://test.com", :FORGEJO__server__ROOT_URL-c2 "https://test.com",
:FORGEJO__server__SSH_DOMAIN-c1 "test.de", :FORGEJO__server__SSH_DOMAIN-c1 "test.de",
:FORGEJO__server__SSH_DOMAIN-c2 "test.com", :FORGEJO__server__SSH_DOMAIN-c2 "test.com",
:FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST-c1 "adb.de", :FORGEJO__service__EMAIL_DOMAIN_WHITELIST-c1 "adb.de",
:FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST-c2 "test.com,test.net", :FORGEJO__service__EMAIL_DOMAIN_WHITELIST-c2 "test.com,test.net",
:FORGEJO__service__NO_REPLY_ADDRESS-c1 "", :FORGEJO__service__NO_REPLY_ADDRESS-c1 "",
:FORGEJO__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"} :FORGEJO__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"}
(th/map-diff (cut/generate-appini-env {:default-app-name "" (th/map-diff (cut/generate-appini-env {:default-app-name ""
:federation-enabled "false" :deploy-federated "false"
:fqdn "test.de" :fqdn "test.de"
:mailer-from "" :mailer-from ""
:mailer-host "m.t.de" :mailer-host "m.t.de"
:mailer-port "123" :mailer-port "123"
:service-domain-whitelist "adb.de" :service-domain-whitelist "adb.de"
:service-noreply-address ""}) :service-noreply-address ""
})
(cut/generate-appini-env {:default-app-name "test forgejo" (cut/generate-appini-env {:default-app-name "test forgejo"
:federation-enabled "true" :deploy-federated "true"
:fqdn "test.com" :fqdn "test.com"
:mailer-from "test@test.com" :mailer-from "test@test.com"
:mailer-host "mail.test.com" :mailer-host "mail.test.com"
@ -88,7 +55,7 @@
(testing "non-federated" (testing "non-federated"
(is (= {:apiVersion "apps/v1", (is (= {:apiVersion "apps/v1",
:kind "Deployment", :kind "Deployment",
:metadata {:name "forgejo", :namespace "forgejo", :labels {:app "forgejo"}}, :metadata {:name "forgejo", :namespace "default", :labels {:app "forgejo"}},
:spec :spec
{:replicas 1, {:replicas 1,
:selector {:matchLabels {:app "forgejo"}}, :selector {:matchLabels {:app "forgejo"}},
@ -97,7 +64,7 @@
:spec :spec
{:containers {:containers
[{:name "forgejo", [{:name "forgejo",
:image "codeberg.org/forgejo/forgejo:8.0.3", :image "codeberg.org/forgejo/forgejo:1.19",
:imagePullPolicy "IfNotPresent", :imagePullPolicy "IfNotPresent",
:envFrom [{:configMapRef {:name "forgejo-env"}} {:secretRef {:name "forgejo-secrets"}}], :envFrom [{:configMapRef {:name "forgejo-env"}} {:secretRef {:name "forgejo-secrets"}}],
:volumeMounts [{:name "forgejo-data-volume", :mountPath "/data"}], :volumeMounts [{:name "forgejo-data-volume", :mountPath "/data"}],
@ -115,7 +82,7 @@
(testing "federated-deployment" (testing "federated-deployment"
(is (= {:apiVersion "apps/v1", (is (= {:apiVersion "apps/v1",
:kind "Deployment", :kind "Deployment",
:metadata {:name "forgejo", :namespace "forgejo", :labels {:app "forgejo"}}, :metadata {:name "forgejo", :namespace "default", :labels {:app "forgejo"}},
:spec :spec
{:replicas 1, {:replicas 1,
:selector {:matchLabels {:app "forgejo"}}, :selector {:matchLabels {:app "forgejo"}},
@ -163,3 +130,26 @@
:storage-c2 "15Gi"} :storage-c2 "15Gi"}
(th/map-diff (cut/generate-data-volume {:volume-total-storage-size 1}) (th/map-diff (cut/generate-data-volume {:volume-total-storage-size 1})
(cut/generate-data-volume {:volume-total-storage-size 15}))))) (cut/generate-data-volume {:volume-total-storage-size 15})))))
(deftest should-generate-middleware-ratelimit
(is (= {:apiVersion "traefik.containo.us/v1alpha1",
:kind "Middleware",
:metadata {:name "ratelimit"},
:spec {:rateLimit {:average 10, :burst 5}}}
(cut/generate-rate-limit-middleware {:max-rate 10, :max-concurrent-requests 5}))))
(deftest should-generate-middleware-ratelimit-ingress-and-cert
(is (= {:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure",
:traefik.ingress.kubernetes.io/router.middlewares
"default-redirect-https@kubernetescrd, default-ratelimit@kubernetescrd",
:metallb.universe.tf/address-pool "public"}
(-> (second
(cut/generate-rate-limit-ingress-and-cert
{:fqdn "test.de"
:mailer-from ""
:mailer-host "m.t.de"
:mailer-port "123"
:service-noreply-address ""
:average 10
:burst 5}))
:metadata :annotations))))