ansible/ansible_role_gitea
1
1
Fork 0
mirror of https://github.com/roles-ansible/ansible_role_gitea.git synced 2024-08-16 11:39:50 +02:00
Code Issues Releases Activity

Adding support for forgejo installation

Browse source
This commit is contained in:
L3D 2023-01-27 01:35:16 +01:00
parent 768f1fd4ad
commit 975be7e627
Signed by: l3d
GPG key ID: CD08445BFF4313D1
14 changed files with 201 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -48,6 +48,7 @@ Either you define exactly which release you install. Or you use the option ``lat
| `gitea_version` | `latest` | Define either the exact release to install *(eg. `1.16.0`)* or use ``latest`` *(default)* to install the latest release. |
| `gitea_version_check` | `true` | Check if installed version != `gitea_version` before initiating binary download |
| `gitea_gpg_key` | `7C9E68152594688862D62AF62D9AE806EC1592E2` | the gpg key the gitea binary is signed with |
| `gitea_forgejo_gpg_key` | `EB114F5E6C0DC2BCDD183550A4B61A2DC5923710` | the gpg key the forgejo binary is signed with |
| `gitea_gpg_server` | `hkps://keys.openpgp.org` | A gpg key server where this role can download the gpg key |
| `gitea_backup_on_upgrade` | `false` | Optionally a backup can be created with every update of gitea. |
| `gitea_backup_location` | `{{ gitea_home }}/backups/` | Where to store the gitea backup if one is created with this role. |
@ -61,6 +62,7 @@ Either you define exactly which release you install. Or you use the option ``lat
| `gitea_home` | `/var/lib/gitea` | Base directory to work |
| `gitea_user_home` | `{{ gitea_home }}` | home of gitea user |
| `gitea_executable_path` | `/usr/local/bin/gitea` | Path for gitea executable |
| `gitea_forgejo_executable_path` | `/usr/local/bin/forgejo` | Path for forgejo executable |
| `gitea_configuraion_path` | `/etc/gitea` | Where to put the gitea.ini config |
| `gitea_shell` | `/bin/false` | UNIX shell used by gitea. Set it to `/bin/bash` if you don't use the gitea built-in ssh server. |
| `gitea_systemd_cap_net_bind_service` | `false` | Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file |

1
defaults/main.yml
View file

@ -19,6 +19,7 @@ gitea_group: 'gitea'
gitea_home: '/var/lib/gitea'
gitea_user_home: '{{ gitea_home }}'
gitea_executable_path: '/usr/local/bin/gitea'
gitea_forgejo_executable_path: '/usr/local/bin/forgejo'
gitea_configuraion_path: '/etc/gitea'
gitea_shell: '/bin/false'
gitea_systemd_cap_net_bind_service: false

2
tasks/backup.yml
View file

@ -29,7 +29,7 @@
- name: Backing up gitea before upgrade
become: true
ansible.builtin.command:
cmd: "sudo -u {{ gitea_user }} {{ gitea_executable_path }} dump -c {{ gitea_configuraion_path }}/gitea.ini"
cmd: "sudo -u {{ gitea_user }} {{ gitea_full_executable_path }} dump -c {{ gitea_configuraion_path }}/gitea.ini"
chdir: "{{ gitea_backup_location }}"
changed_when: true
rescue:

4
tasks/gitea_secrets.yml
View file

@ -1,7 +1,7 @@
---
- name: Generate gitea SECRET_KEY if not provided
become: true
ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret SECRET_KEY > {{ gitea_configuraion_path }}/gitea_secret_key'
ansible.builtin.shell: 'umask 077; {{ gitea_full_executable_path }} generate secret SECRET_KEY > {{ gitea_configuraion_path }}/gitea_secret_key'
args:
creates: '{{ gitea_configuraion_path }}/gitea_secret_key'
when: gitea_secret_key | string | length == 0
@ -20,7 +20,7 @@
- name: Generate gitea INTERNAL_TOKEN if not provided
become: true
ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret INTERNAL_TOKEN > {{ gitea_configuraion_path }}/gitea_internal_token'
ansible.builtin.shell: 'umask 077; {{ gitea_full_executable_path }} generate secret INTERNAL_TOKEN > {{ gitea_configuraion_path }}/gitea_internal_token'
args:
creates: '{{ gitea_configuraion_path }}/gitea_internal_token'
when: gitea_internal_token | string | length == 0

78
tasks/install_forgejo.yml Normal file
View file

@ -0,0 +1,78 @@
---
- name: Dependency block
block:
- name: Update apt cache
become: true
ansible.builtin.apt:
cache_valid_time: 3600
update_cache: true
register: _pre_update_apt_cache
until: _pre_update_apt_cache is succeeded
when:
- ansible_pkg_mgr == "apt"
- name: Install dependencies
become: true
ansible.builtin.package:
name: "{{ gitea_dependencies }}"
state: present
register: _install_dep_packages
until: _install_dep_packages is succeeded
retries: 5
delay: 2
- name: Install forgejo block
when: (not gitea_version_check | bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version_target))
block:
- name: Download forgejo archive
ansible.builtin.get_url:
url: "{{ gitea_forgejo_dl_url | first }}"
dest: "/tmp/{{ gitea_filename }}"
checksum: "sha256:{{ gitea_forgejo_checksum }}"
mode: 0640
register: _download_archive
until: _download_archive is succeeded
retries: 5
delay: 2
- name: Download forgejo asc file
ansible.builtin.get_url:
url: "{{ gitea_forgejo_signed_url | first }}"
dest: "/tmp/{{ gitea_filename }}.asc"
mode: 0640
register: _download_asc
until: _download_asc is succeeded
retries: 5
delay: 2
- name: Check forgejo gpg key
ansible.builtin.command: "gpg --list-keys 0x{{ gitea_forgejo_gpg_key }}"
register: _gitea_gpg_key_status
changed_when: false
failed_when: _gitea_gpg_key_status.rc not in (0, 2)
- name: print gpg key staus on verbosity
ansible.builtin.debug:
msg: "{{ _gitea_gpg_key_status.stdout }}"
verbosity: 1
- name: Import forgejo gpg key
ansible.builtin.command: "gpg --keyserver {{ gitea_gpg_server }} --recv {{ gitea_forgejo_gpg_key }}"
register: _gitea_import_key
changed_when: '"imported: 1" in _gitea_import_key.stderr'
when: '_gitea_gpg_key_status.rc != 0 or "expired" in _gitea_gpg_key_status.stdout'
- name: Check archive signature
ansible.builtin.command: "gpg --verify /tmp/{{ gitea_filename }}.asc /tmp/{{ gitea_filename }}"
changed_when: false
- name: Propagate gitea binary
become: true
ansible.builtin.copy:
src: "/tmp/{{ gitea_filename }}"
remote_src: true
dest: "{{ gitea_full_executable_path }}"
mode: 0755
owner: root
group: root
notify: "Restart gitea"

4
tasks/install.yml → tasks/install_gitea.yml
View file

@ -21,7 +21,7 @@
retries: 5
delay: 2
- name: Install block
- name: Install gitea block
when: (not gitea_version_check | bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version_target))
block:
- name: Download gitea archive
@ -76,7 +76,7 @@
ansible.builtin.copy:
src: "/tmp/{{ gitea_filename }}"
remote_src: true
dest: "{{ gitea_executable_path }}"
dest: "{{ gitea_full_executable_path }}"
mode: 0755
owner: root
group: root

4
tasks/jwt_secrets.yml
View file

@ -1,7 +1,7 @@
---
- name: Generate OAuth2 JWT_SECRET if not provided
become: true
ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret JWT_SECRET > {{ gitea_configuraion_path }}/gitea_oauth_jwt_secret'
ansible.builtin.shell: 'umask 077; {{ gitea_full_executable_path }} generate secret JWT_SECRET > {{ gitea_configuraion_path }}/gitea_oauth_jwt_secret'
args:
creates: '{{ gitea_configuraion_path }}/gitea_oauth_jwt_secret'
when: gitea_oauth2_jwt_secret | length == 0
@ -20,7 +20,7 @@
- name: Generate LFS JWT_SECRET if not provided
become: true
ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret JWT_SECRET > {{ gitea_configuraion_path }}/gitea_lfs_jwt_secret'
ansible.builtin.shell: 'umask 077; {{ gitea_full_executable_path }} generate secret JWT_SECRET > {{ gitea_configuraion_path }}/gitea_lfs_jwt_secret'
args:
creates: '{{ gitea_configuraion_path }}/gitea_lfs_jwt_secret'
when: gitea_lfs_jwt_secret | length == 0

6
tasks/main.yml
View file

@ -20,7 +20,7 @@
ansible.builtin.include_vars: "{{ lookup('first_found', gitea_variables) }}"
- name: Gather versioning information
ansible.builtin.include_tasks: set_version.yml
ansible.builtin.include_tasks: "set_{{ gitea_fork | lower }}_version.yml"
- name: Backup gitea before update
ansible.builtin.include_tasks: backup.yml
@ -29,8 +29,8 @@
- name: Create gitea user and role
ansible.builtin.include_tasks: create_user.yml
- name: Install or update gitea
ansible.builtin.include_tasks: install.yml
- name: "Install or update {{ gitea_fork }}"
ansible.builtin.include_tasks: "install_{{ gitea_fork | lower }}.yml"
- name: Create directories
ansible.builtin.include_tasks: directory.yml

98
tasks/set_forgejo_version.yml Normal file
View file

@ -0,0 +1,98 @@
---
- name: "Check forgejo installed version"
ansible.builtin.shell: "set -eo pipefail; {{ gitea_full_executable_path }} -v | cut -d' ' -f 3"
args:
executable: /bin/bash
register: gitea_active_version
changed_when: false
failed_when: false
- name: "Determine 'latest' version release"
when: gitea_version == "latest"
block:
- name: "Get latest forgejo release metadata"
ansible.builtin.uri:
url: 'https://codeberg.org/api/v1/repos/forgejo/forgejo/releases?limit=1'
return_content: true
register: gitea_forgejo_remote_metadata
when: not ansible_check_mode
- name: "Fail if running in check mode without versions set."
ansible.builtin.fail:
msg: |
"You are running this playbook in check mode:
Please set the Gitea version with the variable 'gitea_version', because the URI module cannot detect the latest version in this mode."
when: ansible_check_mode and (gitea_version == 'latest' or gitea_version == 'present')
- name: "Set fact latest forgejo release"
ansible.builtin.set_fact:
gitea_remote_version: "{{ gitea_forgejo_remote_metadata.json.0.tag_name[1:] }}"
when: not ansible_check_mode
- name: "Set forgejo version target (latest)"
ansible.builtin.set_fact:
gitea_version_target: "{{ gitea_remote_version }}"
when: not ansible_check_mode
- name: "Set gitea version target {{ gitea_version }}"
ansible.builtin.set_fact:
gitea_version_target: "{{ gitea_version }}"
when: gitea_version != "latest"
- name: "Get specific forgejo release metadata"
ansible.builtin.uri:
url: 'https://codeberg.org/api/v1/repos/forgejo/forgejo/releases/tags/v{{ gitea_version_target }}'
return_content: true
register: gitea_forgejo_remote_tags_metadata
when: not ansible_check_mode
- name: "Generate forgejo download url"
ansible.builtin.set_fact:
gitea_forgejo_dl_url: "{{ gitea_forgejo_remote_tags_metadata.json | community.general.json_query(gitea_forgejo_query_download) }}"
when: not ansible_check_mode
- name: "Generate forgejo download checksum url"
ansible.builtin.set_fact:
gitea_forgejo_checksum_url: "{{ gitea_forgejo_remote_tags_metadata.json | community.general.json_query(gitea_forgejo_query_checksum) }}"
when: not ansible_check_mode
- name: Get forgejo checksum
ansible.builtin.uri:
url: "{{ gitea_forgejo_checksum_url | first }}"
return_content: true
register: _gitea_forgejo_dl_checksum
when: not ansible_check_mode
- name: Set forjeo checksum
ansible.builtin.set_fact:
gitea_forgejo_checksum: "{{ _gitea_forgejo_dl_checksum.content.split(' ')[0] }}"
when: not ansible_check_mode
- name: "Generate forgejo download signed url"
ansible.builtin.set_fact:
gitea_forgejo_signed_url: "{{ gitea_forgejo_remote_tags_metadata.json | community.general.json_query(gitea_forgejo_query_signed) }}"
when: not ansible_check_mode
- name: "Set a example forgejo download link if in check mode"
ansible.builtin.set_fact:
gitea_forgejo_dl_url: ['https://codeberg.org/attachments/a00333ad-250a-4d30-a764-9a37fb24f419']
when: ansible_check_mode
- name: "Set a example forgejo checksum link if in check mode"
ansible.builtin.set_fact:
gitea_forgejo_checksum: 'f8c71464d1b250bf022eaa3df270c810950904ceb71da5cefc7ec24a034a4c87'
when: ansible_check_mode
- name: "Set a example forgejo checksum link if in check mode"
ansible.builtin.set_fact:
gitea_forgejo_signed_url: ['https://codeberg.org/attachments/ae5e50c6-e86e-4202-b95f-f142e8138e2f']
when: ansible_check_mode
- name: Show Download URLs
ansible.builtin.debug:
msg: "{{ item }}"
verbosity: 1
with_items:
- "gitea_forgejo_dl_url: {{ gitea_forgejo_dl_url | first }}"
- "gitea_forgejo_checksum: {{ gitea_forgejo_checksum }}"
- "gitea_forgejo_signed_url: {{ gitea_forgejo_signed_url | first }}"

2
tasks/set_version.yml → tasks/set_gitea_version.yml
View file

@ -1,6 +1,6 @@
---
- name: "Check gitea installed version"
ansible.builtin.shell: "set -eo pipefail; {{ gitea_executable_path }} -v | cut -d' ' -f 3"
ansible.builtin.shell: "set -eo pipefail; {{ gitea_full_executable_path }} -v | cut -d' ' -f 3"
args:
executable: /bin/bash
register: gitea_active_version

4
templates/gitea.service.j2
View file

@ -1,11 +1,11 @@
[Unit]
Description=Gitea git server
Description={{ gitea_fork }} git server
After=network.target
[Service]
User={{ gitea_user }}
Group={{ gitea_group }}
ExecStart={{ gitea_executable_path }} web -c {{ gitea_configuraion_path }}/gitea.ini --custom-path {{ gitea_custom }}/
ExecStart={{ gitea_full_executable_path }} web -c {{ gitea_configuraion_path }}/gitea.ini --custom-path {{ gitea_custom }}/
Restart=on-failure
WorkingDirectory={{ gitea_home }}
{% if gitea_systemd_cap_net_bind_service %}

6
vars/fork_forgejo.yml
View file

@ -1 +1,7 @@
---
# set filenames for forgejo
gitea_full_executable_path: "{{ gitea_forgejo_executable_path }}"
gitea_filename: "forgejo-{{ gitea_version_target }}-linux-{{ gitea_arch }}"
gitea_forgejo_query_download: "assets[?name==`{{ gitea_filename }}`].browser_download_url"
gitea_forgejo_query_checksum: "assets[?name==`{{ gitea_filename }}.sha256`].browser_download_url"
gitea_forgejo_query_signed: "assets[?name==`{{ gitea_filename }}.asc`].browser_download_url"

3
vars/fork_gitea.yml
View file

@ -1 +1,4 @@
---
# set filenames for gitea
gitea_full_executable_path: "{{ gitea_executable_path }}"
gitea_filename: "gitea-{{ gitea_version_target }}.linux-{{ gitea_arch }}"

1
vars/main.yml
View file

@ -8,7 +8,6 @@ gitea_go_arch_map:
armv5l: 'arm-5'
gitea_arch: "{{ gitea_go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
gitea_filename: "gitea-{{ gitea_version_target }}.linux-{{ gitea_arch }}"
gitea_supported_forks: 'gitea and forgejo'
gitea_fork_variables: