me/c4k-forgejo
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Change name from gitea to forgejo

Browse source
This commit is contained in:
Mirco 2023-03-28 09:46:15 +02:00
parent a25b031789
commit 5002ac874d
29 changed files with 66 additions and 727 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
.gitlab-ci.yml
View file

@ -48,7 +48,7 @@ test-schema:
stage: build_and_test
script:
- lein uberjar
- java -jar target/uberjar/c4k-gitea-standalone.jar valid-config.edn valid-auth.edn | kubeconform --kubernetes-version 1.19.0 --strict --skip Certificate -
- java -jar target/uberjar/c4k-forgejo-standalone.jar valid-config.edn valid-auth.edn | kubeconform --kubernetes-version 1.19.0 --strict --skip Certificate -
artifacts:
paths:
- target/uberjar
@ -69,9 +69,9 @@ package-frontend:
script:
- mkdir -p target/frontend-build
- shadow-cljs release frontend
- cp public/js/main.js target/frontend-build/c4k-gitea.js
- sha256sum target/frontend-build/c4k-gitea.js > target/frontend-build/c4k-gitea.js.sha256
- sha512sum target/frontend-build/c4k-gitea.js > target/frontend-build/c4k-gitea.js.sha512
- cp public/js/main.js target/frontend-build/c4k-forgejo.js
- sha256sum target/frontend-build/c4k-forgejo.js > target/frontend-build/c4k-forgejo.js.sha256
- sha512sum target/frontend-build/c4k-forgejo.js > target/frontend-build/c4k-forgejo.js.sha512
artifacts:
paths:
- target/frontend-build
@ -81,8 +81,8 @@ package-uberjar:
stage: package
script:
- lein uberjar
- sha256sum target/uberjar/c4k-gitea-standalone.jar > target/uberjar/c4k-gitea-standalone.jar.sha256
- sha512sum target/uberjar/c4k-gitea-standalone.jar > target/uberjar/c4k-gitea-standalone.jar.sha512
- sha256sum target/uberjar/c4k-forgejo-standalone.jar > target/uberjar/c4k-forgejo-standalone.jar.sha256
- sha512sum target/uberjar/c4k-forgejo-standalone.jar > target/uberjar/c4k-forgejo-standalone.jar.sha512
artifacts:
paths:
- target/uberjar
@ -108,9 +108,9 @@ release:
- apk --no-cache add curl
- |
release-cli create --name "Release $CI_COMMIT_TAG" --tag-name $CI_COMMIT_TAG \
--assets-link "{\"name\":\"c4k-gitea-standalone.jar\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-gitea/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-gitea-standalone.jar\"}" \
--assets-link "{\"name\":\"c4k-gitea-standalone.jar.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-gitea/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-gitea-standalone.jar.sha256\"}" \
--assets-link "{\"name\":\"c4k-gitea-standalone.jar.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-gitea/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-gitea-standalone.jar.sha512\"}" \
--assets-link "{\"name\":\"c4k-gitea.js\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-gitea/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-gitea.js\"}" \
--assets-link "{\"name\":\"c4k-gitea.js.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-gitea/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-gitea.js.sha256\"}" \
--assets-link "{\"name\":\"c4k-gitea.js.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-gitea/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-gitea.js.sha512\"}" \
--assets-link "{\"name\":\"c4k-forgejo-standalone.jar\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-forgejo-standalone.jar\"}" \
--assets-link "{\"name\":\"c4k-forgejo-standalone.jar.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-forgejo-standalone.jar.sha256\"}" \
--assets-link "{\"name\":\"c4k-forgejo-standalone.jar.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-forgejo-standalone.jar.sha512\"}" \
--assets-link "{\"name\":\"c4k-forgejo.js\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-forgejo.js\"}" \
--assets-link "{\"name\":\"c4k-forgejo.js.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-forgejo.js.sha256\"}" \
--assets-link "{\"name\":\"c4k-forgejo.js.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-forgejo.js.sha512\"}" \

20
README.md
View file

@ -1,12 +1,12 @@
# convention 4 kubernetes: c4k-gitea
[![Clojars Project](https://img.shields.io/clojars/v/org.domaindrivenarchitecture/c4k-gitea.svg)](https://clojars.org/org.domaindrivenarchitecture/c4k-gitea) [![pipeline status](https://gitlab.com/domaindrivenarchitecture/c4k-gitea/badges/master/pipeline.svg)](https://gitlab.com/domaindrivenarchitecture/c4k-gitea/-/commits/main)
# convention 4 kubernetes: c4k-forgejo
[![Clojars Project](https://img.shields.io/clojars/v/org.domaindrivenarchitecture/c4k-forgejo.svg)](https://clojars.org/org.domaindrivenarchitecture/c4k-forgejo) [![pipeline status](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/badges/master/pipeline.svg)](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/commits/main)
[<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa-gmbh.de/img/community/Mastodon_Logotype.svg" width=20 alt="team@social.meissa-gmbh.de"> team@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@team) | [Website & Blog](https://domaindrivenarchitecture.org)
## Purpose
c4k-gitea provides a k8s deployment file for Gitea containing:
* gitea
c4k-forgejo provides a k8s deployment file for forgejo containing:
* forgejo
* ingress having a letsencrypt managed certificate
* postgres database
@ -15,21 +15,21 @@ c4k-gitea provides a k8s deployment file for Gitea containing:
Click on the image to try out live in your browser:
[![Try it out](doc/tryItOut.png "Try out yourself")](https://domaindrivenarchitecture.org/pages/dda-provision/c4k-gitea/)
[![Try it out](doc/tryItOut.png "Try out yourself")](https://domaindrivenarchitecture.org/pages/dda-provision/c4k-forgejo/)
Your input will stay in your browser. No server interaction is required.
## Gitea setup
## Forgejo setup
After having deployed the yaml-file generated by the c4k-gitea module you need to complete the setup for gitea:
After having deployed the yaml-file generated by the c4k-forgejo module you need to complete the setup for forgejo:
* Open the URL of your gitea-server, and you will be shown a configuration page.
* Open the URL of your forgejo-server, and you will be shown a configuration page.
* Adjust the settings according to your needs
* Add the administrator's data (name, password and email) and submit the page.
* The required database will be created and the Gitea setup will be completed.
* The required database will be created and the forgejo setup will be completed.
* The SSH-URL for a repo has the format: "ssh://git@domain:2222/[username]/[repo].git
Example: "git clone ssh://git@repo.test.meissa.de:2222/myuser/c4k-gitea.git"
Example: "git clone ssh://git@repo.test.meissa.de:2222/myuser/c4k-forgejo.git"
## License

2
copy-and-build-dda-io.sh
View file

@ -10,7 +10,7 @@ set -eo pipefail
srcDir="/home/$USER/"
srcName="main.js"
targetDir="/home/$USER/"
targetName="c4k-gitea.js"
targetName="c4k-forgejo.js"
echo "build"
shadow-cljs compile frontend

8
doc/BackupAndRestore.md
View file

@ -31,11 +31,11 @@
1. apply backup-and-restore pod:
`kubectl scale deployment backup-restore --replicas=1`
2. Scale down gitea deployment:
`kubectl scale deployment gitea --replicas=0`
2. Scale down forgejo deployment:
`kubectl scale deployment forgejo --replicas=0`
3. exec into pod and execute restore pod (press tab to get your exact pod name)
`kubectl exec -it backup-restore-... -- /usr/local/bin/restore.sh`
4. Start gitea again:
`kubectl scale deployment gitea --replicas=1`
4. Start forgejo again:
`kubectl scale deployment forgejo --replicas=1`
5. remove backup-and-restore pod:
`kubectl scale deployment backup-restore --replicas=0`

14
doc/Upgrading.md
View file

@ -2,20 +2,20 @@
## adhoc (on kubernetes cluster)
Ssh into your kubernetes cluster running the gitea instance.
Ssh into your kubernetes cluster running the forgejo instance.
``` bash
kubectl edit configmap gitea-env
kubectl edit configmap forgejo-env
# make sure INSTALL_LOCK under security is set to true to disable the installation screen
# save and exit
kubectl edit deployments gitea
# search for your current gitea version, e.g. 1.17.0
kubectl edit deployments forgejo
# search for your current forgejo version, e.g. 1.17.0
# replace with new version
# save and exit
kubectl scale deployment gitea --replicas=0
kubectl scale deployment gitea --replicas=1
kubectl scale deployment forgejo --replicas=0
kubectl scale deployment forgejo --replicas=1
```
Logging into the admin account should now show the new version.
You may want to update your c4k-gitea resources to reflect the changes made on the cluster.
You may want to update your c4k-forgejo resources to reflect the changes made on the cluster.

2
infrastructure/docker-backup/build.py
View file

@ -3,7 +3,7 @@ from pybuilder.core import task, init
from ddadevops import *
import logging
name = 'c4k-gitea-backup'
name = 'c4k-forgejo-backup'
MODULE = 'docker'
PROJECT_ROOT_PATH = '../..'

16
package.json
View file

@ -1,18 +1,18 @@
{
"name": "c4k-gitea",
"description": "Generate c4k yaml for a gitea deployment.",
"name": "c4k-forgejo",
"description": "Generate c4k yaml for a forgejo deployment.",
"author": "meissa GmbH",
"version": "1.0.1-SNAPSHOT",
"homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-gitea#readme",
"repository": "https://www.npmjs.com/package/c4k-gitea",
"homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-forgejo#readme",
"repository": "https://www.npmjs.com/package/c4k-forgejo",
"license": "APACHE2",
"main": "c4k-gitea.js",
"main": "c4k-forgejo.js",
"bin": {
"c4k-gitea": "./c4k-gitea.js"
"c4k-forgejo": "./c4k-forgejo.js"
},
"keywords": [
"cljs",
"gitea",
"forgejo",
"k8s",
"c4k",
"deployment",
@ -20,7 +20,7 @@
"convention4kubernetes"
],
"bugs": {
"url": "https://gitlab.com/domaindrivenarchitecture/c4k-gitea/issues"
"url": "https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/issues"
},
"dependencies": {
"js-base64": "^3.6.1",

12
project.clj
View file

@ -1,5 +1,5 @@
(defproject org.domaindrivenarchitecture/c4k-gitea "1.0.1-SNAPSHOT"
:description "gitea c4k-installation package"
(defproject org.domaindrivenarchitecture/c4k-forgejo "1.0.1-SNAPSHOT"
:description "forgejo c4k-installation package"
:url "https://domaindrivenarchitecture.org"
:license {:name "Apache License, Version 2.0"
:url "https://www.apache.org/licenses/LICENSE-2.0.html"}
@ -20,8 +20,8 @@
:dependencies [[dda/data-test "0.1.1"]]}
:dev {:plugins [[lein-shell "0.5.0"]]}
:uberjar {:aot :all
:main dda.c4k-gitea.uberjar
:uberjar-name "c4k-gitea-standalone.jar"
:main dda.c4k-forgejo.uberjar
:uberjar-name "c4k-forgejo-standalone.jar"
:dependencies [[org.clojure/tools.cli "1.0.206"]
[ch.qos.logback/logback-classic "1.3.0-alpha4"
:exclusions [com.sun.mail/javax.mail]]
@ -36,11 +36,11 @@
"native-image"
"--report-unsupported-elements-at-runtime"
"--initialize-at-build-time"
"-jar" "target/uberjar/c4k-gitea-standalone.jar"
"-jar" "target/uberjar/c4k-forgejo-standalone.jar"
"-H:ResourceConfigurationFiles=graalvm-resource-config.json"
"-H:Log=registerResource"
"-H:Name=target/graalvm/${:name}"]
"inst" ["shell"
"sh"
"-c"
"lein uberjar && sudo install -m=755 target/uberjar/c4k-gitea-standalone.jar /usr/local/bin/c4k-gitea-standalone.jar"]})
"lein uberjar && sudo install -m=755 target/uberjar/c4k-forgejo-standalone.jar /usr/local/bin/c4k-forgejo-standalone.jar"]})

2
public/index.html
View file

@ -3,7 +3,7 @@
<head>
<meta charset="utf-8" />
<title>c4k-gitea</title>
<title>c4k-forgejo</title>
<link href="https://domaindrivenarchitecture.org/css/bootstrap.min.css" rel="stylesheet" type="text/css" />
<link href="https://domaindrivenarchitecture.org/css/fonts/fontawesome/fontawesome.css" rel="stylesheet"
type="text/css" />

2
shadow-cljs.edn
View file

@ -7,7 +7,7 @@
:dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "3.0.1"]
[hickory "0.7.1"]]
:builds {:frontend {:target :browser
:modules {:main {:init-fn dda.c4k-gitea.browser/init}}
:modules {:main {:init-fn dda.c4k-forgejo.browser/init}}
:release {}
:compiler-options {:optimizations :advanced}}
:test {:target :node-test

9
src/main/clj/dda/c4k_gitea/uberjar.clj
View file

@ -1,9 +0,0 @@
(ns dda.c4k-gitea.uberjar
(:gen-class)
(:require
[dda.c4k-gitea.core :as core]
[dda.c4k-gitea.gitea :as gitea]
[dda.c4k-common.uberjar :as uberjar]))
(defn -main [& cmd-args]
(uberjar/main-common "c4k-gitea" core/config? core/auth? core/config-defaults core/k8s-objects cmd-args))

44
src/main/cljc/dda/c4k_gitea/backup.cljc
View file

@ -1,44 +0,0 @@
(ns dda.c4k-gitea.backup
(:require
[clojure.spec.alpha :as s]
#?(:cljs [shadow.resource :as rc])
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.common :as cm]))
(s/def ::aws-access-key-id cm/bash-env-string?)
(s/def ::aws-secret-access-key cm/bash-env-string?)
(s/def ::restic-password cm/bash-env-string?)
(s/def ::restic-repository cm/bash-env-string?)
#?(:cljs
(defmethod yaml/load-resource :backup [resource-name]
(case resource-name
"backup/config.yaml" (rc/inline "backup/config.yaml")
"backup/cron.yaml" (rc/inline "backup/cron.yaml")
"backup/secret.yaml" (rc/inline "backup/secret.yaml")
"backup/backup-restore-deployment.yaml" (rc/inline "backup/backup-restore-deployment.yaml")
(throw (js/Error. "Undefined Resource!")))))
(defn generate-config [my-conf]
(let [{:keys [restic-repository]} my-conf]
(->
(yaml/from-string (yaml/load-resource "backup/config.yaml"))
(cm/replace-key-value :restic-repository restic-repository))))
(defn generate-cron []
(yaml/from-string (yaml/load-resource "backup/cron.yaml")))
(defn generate-backup-restore-deployment [my-conf]
(let [backup-restore-yaml (yaml/from-string (yaml/load-resource "backup/backup-restore-deployment.yaml"))]
(if (and (contains? my-conf :local-integration-test) (= true (:local-integration-test my-conf)))
(cm/replace-named-value backup-restore-yaml "CERTIFICATE_FILE" "/var/run/secrets/localstack-secrets/ca.crt")
backup-restore-yaml)))
(defn generate-secret [my-auth]
(let [{:keys [aws-access-key-id aws-secret-access-key restic-password]} my-auth]
(->
(yaml/from-string (yaml/load-resource "backup/secret.yaml"))
(cm/replace-key-value :aws-access-key-id (b64/encode aws-access-key-id))
(cm/replace-key-value :aws-secret-access-key (b64/encode aws-secret-access-key))
(cm/replace-key-value :restic-password (b64/encode restic-password)))))

54
src/main/cljc/dda/c4k_gitea/core.cljc
View file

@ -1,54 +0,0 @@
(ns dda.c4k-gitea.core
(:require
[clojure.spec.alpha :as s]
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm]
[dda.c4k-gitea.gitea :as gitea]
[dda.c4k-gitea.backup :as backup]
[dda.c4k-common.postgres :as postgres]))
(def config-defaults {:issuer "staging"})
(def config? (s/keys :req-un [::gitea/fqdn
::gitea/mailer-from
::gitea/mailer-host-port
::gitea/service-noreply-address]
:opt-un [::gitea/issuer
::gitea/default-app-name
::gitea/service-domain-whitelist
::backup/restic-repository]))
(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password
::gitea/mailer-user ::gitea/mailer-pw
::backup/aws-access-key-id ::backup/aws-secret-access-key]
:opt-un [::backup/restic-password])) ; TODO gec: Is restic password opt or req?
(def vol? (s/keys :req-un [::gitea/volume-total-storage-size]))
(defn k8s-objects [config]
(let [storage-class (if (contains? config :postgres-data-volume-path) :manual :local-path)]
(map yaml/to-string
(filter #(not (nil? %))
(cm/concat-vec
[(postgres/generate-config {:postgres-size :2gb :db-name "gitea"})
(postgres/generate-secret config)
(when (contains? config :postgres-data-volume-path)
(postgres/generate-persistent-volume (select-keys config [:postgres-data-volume-path :pv-storage-size-gb])))
(postgres/generate-pvc {:pv-storage-size-gb 5
:pvc-storage-class-name storage-class})
(postgres/generate-deployment {:postgres-image "postgres:14"
:postgres-size :2gb})
(postgres/generate-service)
(gitea/generate-deployment)
(gitea/generate-service)
(gitea/generate-service-ssh)
(gitea/generate-data-volume config)
(gitea/generate-appini-env config)
(gitea/generate-secrets config)
(gitea/generate-ingress config)
(gitea/generate-certificate config)]
(when (contains? config :restic-repository)
[(backup/generate-config config)
(backup/generate-secret config)
(backup/generate-cron)
(backup/generate-backup-restore-deployment config)]))))))

138
src/main/cljc/dda/c4k_gitea/gitea.cljc
View file

@ -1,138 +0,0 @@
(ns dda.c4k-gitea.gitea
(:require
[clojure.spec.alpha :as s]
[clojure.string :as st]
#?(:cljs [shadow.resource :as rc])
#?(:clj [orchestra.core :refer [defn-spec]]
:cljs [orchestra.core :refer-macros [defn-spec]])
#?(:clj [clojure.edn :as edn]
:cljs [cljs.reader :as edn])
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm]
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.predicate :as pred]
[dda.c4k-common.postgres :as postgres]))
(defn domain-list?
[input]
(or
(st/blank? input)
(pred/string-of-separated-by? pred/fqdn-string? #"," input)))
(s/def ::default-app-name string?)
(s/def ::fqdn pred/fqdn-string?)
(s/def ::mailer-from pred/bash-env-string?)
(s/def ::mailer-host-port pred/host-and-port-string?)
(s/def ::service-domain-whitelist domain-list?)
(s/def ::service-noreply-address string?)
(s/def ::mailer-user pred/bash-env-string?)
(s/def ::mailer-pw pred/bash-env-string?)
(s/def ::issuer pred/letsencrypt-issuer?)
(s/def ::volume-total-storage-size (partial pred/int-gt-n? 5))
(def config-defaults {:issuer "staging"})
(def config? (s/keys :req-un [::fqdn
::mailer-from
::mailer-host-port
::service-noreply-address]
:opt-un [::issuer
::default-app-name
::service-domain-whitelist]))
(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password ::mailer-user ::mailer-pw]))
(def vol? (s/keys :req-un [::volume-total-storage-size]))
(defn data-storage-by-volume-size
[total]
total)
#?(:cljs
(defmethod yaml/load-resource :gitea [resource-name]
(case resource-name
"gitea/appini-env-configmap.yaml" (rc/inline "gitea/appini-env-configmap.yaml")
"gitea/deployment.yaml" (rc/inline "gitea/deployment.yaml")
"gitea/certificate.yaml" (rc/inline "gitea/certificate.yaml")
"gitea/ingress.yaml" (rc/inline "gitea/ingress.yaml")
"gitea/secrets.yaml" (rc/inline "gitea/secrets.yaml")
"gitea/service.yaml" (rc/inline "gitea/service.yaml")
"gitea/service-ssh.yaml" (rc/inline "gitea/service-ssh.yaml")
"gitea/datavolume.yaml" (rc/inline "gitea/datavolume.yaml")
(throw (js/Error. "Undefined Resource!")))))
#?(:cljs
(defmethod yaml/load-as-edn :gitea [resource-name]
(yaml/from-string (yaml/load-resource resource-name))))
(defn generate-appini-env
[config]
(let [{:keys [default-app-name
fqdn
mailer-from
mailer-host-port
service-domain-whitelist
service-noreply-address]
:or {default-app-name "Gitea instance"
service-domain-whitelist fqdn}}
config]
(->
(yaml/load-as-edn "gitea/appini-env-configmap.yaml")
(cm/replace-all-matching-values-by-new-value "APPNAME" default-app-name)
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn)
(cm/replace-all-matching-values-by-new-value "URL" (str "https://" fqdn))
(cm/replace-all-matching-values-by-new-value "FROM" mailer-from)
(cm/replace-all-matching-values-by-new-value "HOSTANDPORT" mailer-host-port)
(cm/replace-all-matching-values-by-new-value "WHITELISTDOMAINS" service-domain-whitelist)
(cm/replace-all-matching-values-by-new-value "NOREPLY" service-noreply-address))))
(defn generate-secrets
[auth]
(let [{:keys [postgres-db-user
postgres-db-password
mailer-user
mailer-pw]} auth]
(->
(yaml/load-as-edn "gitea/secrets.yaml")
(cm/replace-all-matching-values-by-new-value "DBUSER" (b64/encode postgres-db-user))
(cm/replace-all-matching-values-by-new-value "DBPW" (b64/encode postgres-db-password))
(cm/replace-all-matching-values-by-new-value "MAILERUSER" (b64/encode mailer-user))
(cm/replace-all-matching-values-by-new-value "MAILERPW" (b64/encode mailer-pw)))))
(defn generate-ingress
[config]
(let [{:keys [fqdn]} config]
(->
(yaml/load-as-edn "gitea/ingress.yaml")
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
(defn generate-certificate
[config]
(let [{:keys [fqdn issuer]
:or {issuer "staging"}} config
letsencrypt-issuer (name issuer)]
(->
(yaml/load-as-edn "gitea/certificate.yaml")
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
(defn-spec generate-data-volume pred/map-or-seq?
[config vol?]
(let [{:keys [volume-total-storage-size]} config
data-storage-size (data-storage-by-volume-size volume-total-storage-size)]
(->
(yaml/load-as-edn "gitea/datavolume.yaml")
(cm/replace-all-matching-values-by-new-value "DATASTORAGESIZE" (str (str data-storage-size) "Gi")))))
(defn generate-deployment
[]
(yaml/load-as-edn "gitea/deployment.yaml"))
(defn generate-service
[]
(yaml/load-as-edn "gitea/service.yaml"))
(defn generate-service-ssh
[]
(yaml/load-as-edn "gitea/service-ssh.yaml"))

118
src/main/cljs/dda/c4k_gitea/browser.cljs
View file

@ -1,118 +0,0 @@
(ns dda.c4k-gitea.browser
(:require
[clojure.string :as st]
[clojure.tools.reader.edn :as edn]
[dda.c4k-gitea.core :as core]
[dda.c4k-gitea.gitea :as gitea]
[dda.c4k-common.browser :as br]
[dda.c4k-common.common :as cm]))
(defn generate-group
[name
content]
[{:type :element
:tag :div
:attrs {:class "rounded border border-3 m-3 p-2"}
:content [{:type :element
:tag :b
:attrs {:style "z-index: 1; position: relative; top: -1.3rem;"}
:content name}
{:type :element
:tag :fieldset
:content content}]}])
(defn generate-content []
(cm/concat-vec
[(assoc
(br/generate-needs-validation) :content
(cm/concat-vec
(generate-group
"domain"
(cm/concat-vec
(br/generate-input-field "fqdn" "Your fqdn:" "repo.test.de")
(br/generate-input-field "mailer-from" "Your mailer email address:" "test@test.de")
(br/generate-input-field "mailer-host-port" "Your mailer host with port:" "test.de:123")
(br/generate-input-field "service-noreply-address" "Your noreply domain:" "test.de")
(br/generate-input-field "issuer" "(Optional) Your issuer prod/staging:" "")
(br/generate-input-field "app-name" "(Optional) Your app name:" "")
(br/generate-input-field "domain-whitelist" "(Optional) Domain whitelist for registration email-addresses:" "")))
(generate-group
"provider"
(cm/concat-vec
(br/generate-input-field "volume-total-storage-size" "Your gitea volume-total-storage-size:" "20")))
(generate-group
"credentials"
(br/generate-text-area
"auth" "Your auth.edn:"
"{:postgres-db-user \"gitea\"
:postgres-db-password \"gitea-db-password\"
:mailer-user \"test@test.de\"
:mailer-pw \"mail-test-password\"}"
"5"))
[(br/generate-br)]
(br/generate-button "generate-button" "Generate c4k yaml")))]
(br/generate-output "c4k-gitea-output" "Your c4k deployment.yaml:" "25")))
(defn generate-content-div
[]
{:type :element
:tag :div
:content
(generate-content)})
(defn config-from-document []
(let [issuer (br/get-content-from-element "issuer" :optional true)
app-name (br/get-content-from-element "app-name" :optional true)
domain-whitelist (br/get-content-from-element "domain-whitelist" :optional true)]
(merge
{:fqdn (br/get-content-from-element "fqdn")
:mailer-from (br/get-content-from-element "mailer-from")
:mailer-host-port (br/get-content-from-element "mailer-host-port")
:service-noreply-address (br/get-content-from-element "service-noreply-address")
:volume-total-storage-size (br/get-content-from-element "volume-total-storage-size" :deserializer js/parseInt)}
(when (not (st/blank? issuer))
{:issuer issuer})
(when (not (st/blank? app-name))
{:default-app-name app-name})
(when (not (st/blank? domain-whitelist))
{:service-domain-whitelist domain-whitelist})
)))
(defn validate-all! []
(br/validate! "fqdn" ::gitea/fqdn)
(br/validate! "mailer-from" ::gitea/mailer-from)
(br/validate! "mailer-host-port" ::gitea/mailer-host-port)
(br/validate! "service-noreply-address" ::gitea/service-noreply-address)
(br/validate! "issuer" ::gitea/issuer :optional true)
(br/validate! "app-name" ::gitea/default-app-name :optional true)
(br/validate! "domain-whitelist" ::gitea/service-domain-whitelist :optional true)
(br/validate! "volume-total-storage-size" ::gitea/volume-total-storage-size :deserializer js/parseInt)
(br/validate! "auth" gitea/auth? :deserializer edn/read-string)
(br/set-form-validated!))
(defn add-validate-listener [name]
(-> (br/get-element-by-id name)
(.addEventListener "blur" #(do (validate-all!)))))
(defn init []
(br/append-hickory (generate-content-div))
(-> js/document
(.getElementById "generate-button")
(.addEventListener "click"
#(do (validate-all!)
(-> (cm/generate-common
(config-from-document)
(br/get-content-from-element "auth" :deserializer edn/read-string)
gitea/config-defaults
core/k8s-objects)
(br/set-output!)))))
(add-validate-listener "fqdn")
(add-validate-listener "mailer-from")
(add-validate-listener "mailer-host-port")
(add-validate-listener "service-noreply-address")
(add-validate-listener "app-name")
(add-validate-listener "domain-whitelist")
(add-validate-listener "volume-total-storage-size")
(add-validate-listener "issuer")
(add-validate-listener "auth"))

10
src/main/resources/backup/backup-restore-deployment.yaml
View file

@ -14,10 +14,10 @@ spec:
labels:
app: backup-restore
app.kubernetes.io/name: backup-restore
app.kubernetes.io/part-of: gitea
app.kubernetes.io/part-of: forgejo
spec:
containers:
- image: domaindrivenarchitecture/c4k-gitea-backup
- image: domaindrivenarchitecture/c4k-forgejo-backup
name: backup-app
imagePullPolicy: IfNotPresent
command: ["/entrypoint-start-and-wait.sh"]
@ -59,15 +59,15 @@ spec:
- name: CERTIFICATE_FILE
value: ""
volumeMounts:
- name: gitea-data-volume
- name: forgejo-data-volume
mountPath: /var/backups
- name: backup-secret-volume
mountPath: /var/run/secrets/backup-secrets
readOnly: true
volumes:
- name: gitea-data-volume
- name: forgejo-data-volume
persistentVolumeClaim:
claimName: gitea-data-pvc
claimName: forgejo-data-pvc
- name: backup-secret-volume
secret:
secretName: backup-secret

2
src/main/resources/backup/config.yaml
View file

@ -4,6 +4,6 @@ metadata:
name: backup-config
labels:
app.kubernetes.io/name: backup
app.kubernetes.io/part-of: gitea
app.kubernetes.io/part-of: forgejo
data:
restic-repository: restic-repository

12
src/main/resources/backup/cron.yaml
View file

@ -1,9 +1,9 @@
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: gitea-backup
name: forgejo-backup
labels:
app.kubernetes.part-of: gitea
app.kubernetes.part-of: forgejo
spec:
schedule: "10 23 * * *"
successfulJobsHistoryLimit: 1
@ -14,7 +14,7 @@ spec:
spec:
containers:
- name: backup-app
image: domaindrivenarchitecture/c4k-gitea-backup
image: domaindrivenarchitecture/c4k-forgejo-backup
imagePullPolicy: IfNotPresent
command: ["/entrypoint.sh"]
env:
@ -55,15 +55,15 @@ spec:
- name: CERTIFICATE_FILE
value: ""
volumeMounts:
- name: gitea-data-volume
- name: forgejo-data-volume
mountPath: /var/backups
- name: backup-secret-volume
mountPath: /var/run/secrets/backup-secrets
readOnly: true
volumes:
- name: gitea-data-volume
- name: forgejo-data-volume
persistentVolumeClaim:
claimName: gitea-data-pvc
claimName: forgejo-data-pvc
- name: backup-secret-volume
secret:
secretName: backup-secret

90
src/main/resources/gitea/appini-env-configmap.yaml
View file

@ -1,90 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: gitea-env
namespace: default
data:
#[admin]
GITEA__admin__DEFAULT_EMAIL_NOTIFICATIONS: "enabled" # Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
#[attachments]
GITEA__attachments__PATH: /data/gitea/attachments
#[database]
GITEA__database__DB_TYPE: "postgres"
GITEA__database__HOST: "postgresql-service:5432"
GITEA__database__NAME: gitea
GITEA__database__LOG_SQL: "false"
GITEA__database__SSL_MODE: disable
GITEA__database__CHARSET: utf8
#[DEFAULT]
APP_NAME: APPNAME
RUN_MODE: prod
RUN_USER: git
#[federation]
GITEA__federation__ENABLED: "true"
#[indexer]
GITEA__indexer__ISSUE_INDEXER_PATH: /data/gitea/indexers/issues.bleve
#[log]
GITEA__log__MODE: "console, file"
GITEA__log__LEVEL: Info
GITEA__log__ROOT_PATH: /data/gitea/log
#[mailer]
GITEA__mailer__ENABLED: "true"
GITEA__mailer__FROM: FROM
GITEA__mailer__MAILER_TYPE: smtp+startls
# TODO: jem 2022-08-02: outdated with v1.18, use SMTP_ADDR & SMTP_PORT instead
GITEA__mailer__HOST: HOSTANDPORT
#[oauth2]
GITEA__oauth2__ENABLE: "true"
#[openid]
GITEA__openid__ENABLE_OPENID: "true"
GITEA__openid__ENABLE_OPENID_SIGNIN: "true"
GITEA__openid__ENABLE_OPENID_SIGNUP: "true"
#[picture]
GITEA__picture__AVATAR_UPLOAD_PATH: /data/gitea/avatars
GITEA__picture__REPOSITORY_AVATAR_UPLOAD_PATH: /data/gitea/repo-avatars
GITEA__picture__DISABLE_GRAVATAR: "false"
GITEA__picture__ENABLE_FEDERATED_AVATAR: "true" # Enable support for federated avatars (see http://www.libravatar.org).
#[repository]
GITEA__repository__ROOT: /data/git/repositories
GITEA__repository__DEFAULT_PRIVATE: last
GITEA__repository__LOCAL_COPY_PATH: /data/gitea/tmp/local-repo
GITEA__repository__TEMP_PATH: /data/gitea/uploads
#[security]
GITEA__security__INSTALL_LOCK: "true"
#[server]
GITEA__server__DOMAIN: FQDN
GITEA__server__SSH_DOMAIN: FQDN
GITEA__server__ROOT_URL: URL
GITEA__server__HTTP_PORT: "3000" # HTTP listen port of the server (in the pod)
GITEA__server__SSH_PORT: "2222" # SSH port displayed in clone URL
#[service]
GITEA__service__DISABLE_REGISTRATION: "false"
GITEA__service__REQUIRE_SIGNIN_VIEW: "false"
GITEA__service__REGISTER_EMAIL_CONFIRM: "true"
GITEA__service__ENABLE_NOTIFY_MAIL: "true"
GITEA__service__EMAIL_DOMAIN_WHITELIST: WHITELISTDOMAINS
GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "false"
GITEA__service__ENABLE_BASIC_AUTHENTICATION: "true"
GITEA__service__ENABLE_CAPTCHA: "false"
GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE: "true"
GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION: "true"
GITEA__service__DEFAULT_ENABLE_TIMETRACKING: "true"
GITEA__service__NO_REPLY_ADDRESS: NOREPLY
#[session]
GITEA__session__PROVIDER_CONFIG: /data/gitea/sessions
GITEA__session__PROVIDER: file

15
src/main/resources/gitea/certificate.yaml
View file

@ -1,15 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: gitea-cert
namespace: default
spec:
secretName: gitea-cert
commonName: FQDN
duration: 2160h # 90d
renewBefore: 360h # 15d
dnsNames:
- FQDN
issuerRef:
name: staging
kind: ClusterIssuer

15
src/main/resources/gitea/datavolume.yaml
View file

@ -1,15 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea-data-pvc
namespace: default
labels:
app: gitea
spec:
storageClassName: local-path
accessModes:
- ReadWriteOnce
resources:
requests:
storage: DATASTORAGESIZE

41
src/main/resources/gitea/deployment.yaml
View file

@ -1,41 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea
namespace: default
labels:
app: gitea
spec:
replicas: 1
selector:
matchLabels:
app: gitea
template:
metadata:
name: gitea
labels:
app: gitea
spec:
containers:
- name: gitea
image: gitea/gitea:1.17.3
imagePullPolicy: IfNotPresent
# config settings
envFrom:
- configMapRef:
name: gitea-env
- secretRef:
name: gitea-secrets
volumeMounts:
- name: gitea-data-volume
mountPath: "/data"
ports:
- containerPort: 22
name: git-ssh
- containerPort: 3000
name: gitea
volumes:
- name: gitea-data-volume
persistentVolumeClaim:
claimName: gitea-data-pvc

24
src/main/resources/gitea/ingress.yaml
View file

@ -1,24 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-gitea
namespace: default
annotations:
ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
spec:
tls:
- hosts:
- FQDN
secretName: gitea-cert
rules:
- host: FQDN
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: gitea-service
port:
number: 3000

11
src/main/resources/gitea/secrets.yaml
View file

@ -1,11 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: gitea-secrets
data:
GITEA__database__USER: DBUSER
GITEA__database__PASSWD: DBPW
GITEA__mailer__USER: MAILERUSER
GITEA__mailer__PASSWD: MAILERPW

17
src/main/resources/gitea/service-ssh.yaml
View file

@ -1,17 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: gitea-ssh-service
namespace: default
annotations:
metallb.universe.tf/allow-shared-ip: "shared-ip-service-group"
metallb.universe.tf/address-pool: public
spec:
type: LoadBalancer
selector:
app: gitea
ports:
- port: 2222
targetPort: 22
protocol: TCP

12
src/main/resources/gitea/service.yaml
View file

@ -1,12 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: gitea-service
namespace: default
spec:
selector:
app: gitea
ports:
- name: gitea-http
port: 3000

73
src/test/cljc/dda/c4k_gitea/gitea_test.cljc
View file

@ -1,73 +0,0 @@
(ns dda.c4k-gitea.gitea-test
(:require
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[clojure.spec.test.alpha :as st]
[dda.c4k-common.test-helper :as th]
[dda.c4k-common.base64 :as b64]
[dda.c4k-gitea.gitea :as cut]))
(st/instrument `cut/generate-appini-env)
(st/instrument `cut/generate-ingress)
(st/instrument `cut/generate-secrets)
(deftest should-generate-appini-env
(is (= {:APP_NAME-c1 "",
:APP_NAME-c2 "test gitea",
:GITEA__mailer__FROM-c1 "",
:GITEA__mailer__FROM-c2 "test@test.com",
:GITEA__mailer__HOST-c1 "m.t.de:123",
:GITEA__mailer__HOST-c2 "mail.test.com:123",
:GITEA__server__DOMAIN-c1 "test.de",
:GITEA__server__DOMAIN-c2 "test.com",
:GITEA__server__ROOT_URL-c1 "https://test.de",
:GITEA__server__ROOT_URL-c2 "https://test.com",
:GITEA__server__SSH_DOMAIN-c1 "test.de",
:GITEA__server__SSH_DOMAIN-c2 "test.com",
:GITEA__service__EMAIL_DOMAIN_WHITELIST-c1 "adb.de",
:GITEA__service__EMAIL_DOMAIN_WHITELIST-c2 "test.com,test.net",
:GITEA__service__NO_REPLY_ADDRESS-c1 "",
:GITEA__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"}
(th/map-diff (cut/generate-appini-env {:default-app-name ""
:fqdn "test.de"
:mailer-from ""
:mailer-host-port "m.t.de:123"
:service-domain-whitelist "adb.de"
:service-noreply-address ""
})
(cut/generate-appini-env {:default-app-name "test gitea"
:fqdn "test.com"
:mailer-from "test@test.com"
:mailer-host-port "mail.test.com:123"
:service-domain-whitelist "test.com,test.net"
:service-noreply-address "noreply@test.com"
})))))
(deftest should-generate-certificate
(is (= {:name-c2 "prod", :name-c1 "staging"}
(th/map-diff (cut/generate-certificate {})
(cut/generate-certificate {:issuer "prod"})))))
(deftest should-generate-secret
(is (= {:GITEA__database__USER-c1 "",
:GITEA__database__USER-c2 (b64/encode "pg-user"),
:GITEA__database__PASSWD-c1 "",
:GITEA__database__PASSWD-c2 (b64/encode "pg-pw"),
:GITEA__mailer__USER-c1 "",
:GITEA__mailer__USER-c2 (b64/encode "maileruser"),
:GITEA__mailer__PASSWD-c1 "",
:GITEA__mailer__PASSWD-c2 (b64/encode "mailerpw")}
(th/map-diff (cut/generate-secrets {:postgres-db-user ""
:postgres-db-password ""
:mailer-user ""
:mailer-pw ""})
(cut/generate-secrets {:postgres-db-user "pg-user"
:postgres-db-password "pg-pw"
:mailer-user "maileruser"
:mailer-pw "mailerpw"})))))
(deftest should-generate-data-volume
(is (= {:storage-c1 "1Gi",
:storage-c2 "15Gi"}
(th/map-diff (cut/generate-data-volume {:volume-total-storage-size 1})
(cut/generate-data-volume {:volume-total-storage-size 15})))))

4
valid-auth.edn
View file

@ -1,5 +1,5 @@
{:postgres-db-user "gitea"
:postgres-db-password "gitea-db-password"
{:postgres-db-user "forgejo"
:postgres-db-password "forgejo-db-password"
:mailer-user ""
:mailer-pw ""
:aws-access-key-id "AWS_KEY_ID"

2
valid-config.edn
View file

@ -1,4 +1,4 @@
{:default-app-name "Meissas awesome gitea"
{:default-app-name "Meissas awesome forgejo"
:fqdn "test.de"
:issuer "staging"
:mailer-from "test@test.de"