a5095d52bc
Changes made on our side to make this upgrade happen:
* Update the gitea checkout tag to v1.22.1
* Update the golang container version to 1.22 as gitea 1.22 has an
undocumented hard dependency on golang 1.22 or newer.
* Update our overridden template files to match latest gitea template
changes.
* Update our app.ini config to switch from [oauth2].ENABLE to
[oauth2].ENABLED as the previous config string is deprecated and will
be removed in 1.23.0 per:
...es/setting/oauth2.go:124:loadOAuth2From() [E] Deprecation: config
option `[oauth2].ENABLE` presents, please use `[oauth2].ENABLED`
instead because this fallback will be/has been removed in v1.23.0
The full release notes for this release can be found here:
https://github.com/go-gitea/gitea/blob/v1.22.1/CHANGELOG.md
I've including the list of breaking changes below with my own
annotations on how/whether they affect us.
* BREAKING
* Improve reverse proxy documents and clarify the AppURL guessing behavior (https://github.com/go-gitea/gitea/pull/31003) (https://github.com/go-gitea/gitea/pull/31020)
* This isn't actually a breaking chagne but they have improved docs
around how to properly set Host and X-Forwarded-Proto headers for
gitea to enable better logging behind a reverse proxy. We should
investigate.
* Remember log in for a month by default (https://github.com/go-gitea/gitea/pull/30150)
* Default was a week. We should consider rolling back to low values
since we don't have real users.
* Breaking summary for template refactoring (https://github.com/go-gitea/gitea/pull/29395)
* All custom templates need to follow these changes
* I don't think we're using any of the changed methods/functions in
our templates. Testing should help confirm this.
* Recommend/convert to use case-sensitive collation for MySQL/MSSQL (https://github.com/go-gitea/gitea/pull/28662)
* This is the doctor update to address case sensitivity problems
between git and gitea. We'll need to test this as part of our
upgrade process and testing.
* Make offline mode as default to not connect external avatar service by default (https://github.com/go-gitea/gitea/pull/28548)
* We are already disabling gravatar. I think this will disable it
harder.
* Include public repos in the doer's dashboard for issue search (https://github.com/go-gitea/gitea/pull/28304)
* This affects end user dashboard info rendering which we don't use.
* Use restricted sanitizer for repository description (https://github.com/go-gitea/gitea/pull/28141)
* We already control what goes into repo descriptions via
projects.yaml. Shouldn't really affect us.
* Support storage base path as prefix (https://github.com/go-gitea/gitea/pull/27827)
* This change looks scary at first glance but appears to only affect
minio storage systems (which is like an s3 abstraction layer). We
store things to disk and shouldn't be affected if I read the PR
correctly.
* Enhanced auth token / remember me (https://github.com/go-gitea/gitea/pull/27606)
* THis appears to improve security but it isn't clear what the
effect on end users is. We'll see if our CI jobs are happy with
new token generation I guess.
* Rename the default themes to gitea-light, gitea-dark, gitea-auto (https://github.com/go-gitea/gitea/pull/27419)
* If you didn't see the new themes, please remove the [ui].THEMES config option from app.ini
* We don't do anything special for themes so this should noop for
us.
* Require MySQL 8.0, PostgreSQL 12, MSSQL 2012 (https://github.com/go-gitea/gitea/pull/27337)
* Our version of MariaDB should be new enough to rough rough feature
equivalent with MySQL 8.0 and newer. We might consider helping
upstream add MariaDB testing if they haven't already though.
Change-Id: Ifb4f0d92d70bc06f717e6535f1b67a221e127180
OpenDev System Configuration
This is the machinery that drives the configuration, testing, continuous integration and deployment of services provided by the OpenDev project.
Services are driven by Ansible playbooks and associated roles stored
here. If you are interested in the configuration of a particular
service, starting at playbooks/service-<name>.yaml
will show you how it is configured.
Most services are deployed via containers; many of them are built or
customised in this repository; see docker/.
A small number of legacy services are still configured with Puppet.
Although the act of running puppet on these hosts is managed by Ansible,
the actual core of their orchestration lives in manifests
and modules.
The files in this repository are provided as an opinionated example service deployment, and to allow the OpenDev Collaboratory to use public software development workflows in order to coordinate changes and improvements to the systems it runs. This repository is not intended as a reconsumable project on its own, and anyone wishing to adjust it to suit their own needs should do so with a fork. The system-config reviewers are unable to evaluate and support use cases for the contents here other than their own.
Testing
OpenDev infrastructure runs a complete testing and continuous-integration environment, powered by Zuul.
Any changes to playbooks, roles or containers will trigger jobs to thoroughly test those changes.
Tests run the orchestration for the modified services on test nodes
assigned to the job. After the testing deployment is configured
(validating the basic environment at least starts running), specific
tests are configured in the testinfra directory to validate
functionality.
Continuous Deployment
Once changes are reviewed and committed, they will be applied
automatically to the production hosts. This is done by Zuul jobs running
in the deploy pipeline. At any one time, you may see these
jobs running live on the status page or
you could check historical runs on the pipeline
results (note there is also an opendev-prod-hourly
pipeline, which ensures things like upstream package updates or
certificate renewals are incorporated in a timely fashion).
Contributing
Contributions are welcome!
You do not need any special permissions to make contributions, even those that will affect production services. Your changes will be automatically tested, reviewed by humans and, once accepted, deployed automatically.
Bug fixes or modifications to existing code are great places to start, and you will see the results of your changes in CI testing. Please remember that this repository consists of configuration and orchestration for OpenDev Collaboratory production systems, so contributions to it will be evaluated on the basis of whether they're useful or applicable to OpenDev's services. Changes intended to make the contents more easily reusable outside OpenDev itself are not in scope, and so will be rejected by reviewers.
You can develop all the playbooks, roles, containers and testing required for a new service just by uploading a change. Using a similar service as a template is generally a good place to start. If deploying to production will require new compute resources (servers, volumes, etc.) these will have to be deployed by an OpenDev administrator before your code is committed. Thus if you know you will need new resources, it is best to coordinate this before review.
The #opendev IRC on OFTC channel is the main place for interactive discussion. Feel free to ask any questions and someone will try to help ASAP. The OpenDev meeting is a co-ordinated time to synchronize on infrastructure issues. Issues should be added to the agenda for discussion; even if you can not attend, you can raise your issue and check back on the logs later. There is also the service-discuss mailing list where you are welcome to send queries or questions.
Documentation
The latest documentation is available at https://docs.opendev.org/opendev/system-config/latest/
That documentation is generated from this repository. You can geneate
it yourself with tox -e docs.