* Gitea user should be a system user
* Improve installation system
* Download archive instead of binary
* Add checksum validation
* Add GPG check
* Add backup process before upgrading
* Improve ARM support
* Improve support for Vault Encrypted JWT tokens
* Fix spacing in gitea configuration template
When Gitea rewrite the configuration file (e.g.: the JWT token is not
set or doesn't fit their criteria), it'll align space on a per-section
basis in the .ini file.
If the template is not properly spaced, at the next Ansible run, you'll
have an enormous diff, hidding what the real changes are.
* add proper redhat/debian deps for molecule testing
* Gitea group should be a system group
* fix linting for CI
* Update CI and meta information for up-to-date tests and distros
* molecule: fix typo for redhat packages
* fix typo
* bump gitea version to 1.13.1
* Use Ubuntu keyservers to play nicely with everyone
* Update minimum required ansible version to 2.9.8
This is required for Ubuntu Focal, which comes with systemd >= 245
The Get Facts modules doesn't work well with it before the bugfix
introduced in 2.9.8
* Replace yes by True to please the linting
* Truthy values needs to be lower-case
* bump gitea version to 1.13.2
* perform gitea dump as gitea user
* need to set become to yes
* autogenerate JWT_SECRETS (#77)
* autogenerate JWT_SECRETS
Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined.
In my opinion a much better idea than writing a value in the default config.
The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit.
* drop ansible.builtin. syntax
* Update file permissions for "{{ gitea_home }}" (#75)
The file permissions for {{ gitea_home }} especially in conjunction with the recurse: true flag are on closer inspection very open to all and also have a +x set on files.
This should be done better. And I have done here now.
By the way: To improve the -x on normal files in his gitea installation this shell command was useful for me
```
find . -type f -exec chmod a-x {} \+;
find . -type f -exec chmod u=rwX {} \+;
```
* Bump cryptography from 3.2 to 3.3.2 (#79)
Bumps [cryptography](https://github.com/pyca/cryptography) from 3.2 to 3.3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Gitea user should be a system user
* Improve installation system
* Download archive instead of binary
* Add checksum validation
* Add GPG check
* Add backup process before upgrading
* Improve ARM support
* Fix spacing in gitea configuration template
When Gitea rewrite the configuration file (e.g.: the JWT token is not
set or doesn't fit their criteria), it'll align space on a per-section
basis in the .ini file.
If the template is not properly spaced, at the next Ansible run, you'll
have an enormous diff, hidding what the real changes are.
* add proper redhat/debian deps for molecule testing
* Gitea group should be a system group
* fix linting for CI
* Update CI and meta information for up-to-date tests and distros
* molecule: fix typo for redhat packages
* fix typo
* bump gitea version to 1.13.1
* Use Ubuntu keyservers to play nicely with everyone
* Update minimum required ansible version to 2.9.8
This is required for Ubuntu Focal, which comes with systemd >= 245
The Get Facts modules doesn't work well with it before the bugfix
introduced in 2.9.8
* Replace yes by True to please the linting
* Truthy values needs to be lower-case
* bump gitea version to 1.13.2
* perform gitea dump as gitea user
* need to set become to yes
* check-variables.yml doesn't exists anymore
Co-authored-by: L3D <l3d@c3woc.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* autogenerate JWT_SECRETS
Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined.
In my opinion a much better idea than writing a value in the default config.
The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit.
* drop ansible.builtin. syntax
* delete trailing whitespace
* Add gitea_group
This will add the `gitea_group: gitea` and will probably
RESOLVE https://github.com/thomas-maurice/ansible-role-gitea/issues/70
* update variable length
update variable length to make this role idempotent
* vars should not include special character
gitea 1.13.0 was released which fixes security issues
some breaking changes were reported in the release notes but I didn't find any issues with them on my system, caution is advised
Support Gitea development, we now have a shop for Swag
SECURITY
Add Allow-/Block-List for Migrate & Mirrors (#13610) (#13776)
Prevent git operations for inactive users (#13527) (#13536)
Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13524)
Mitigate Security vulnerability in the git hook feature (#13058)
Disable DSA ssh keys by default (#13056)
Set TLS minimum version to 1.2 (#12689)
Use argon as default password hash algorithm (#12688)
BREAKING
Set RUN_MODE prod by default (#13765) (#13767)
Don't replace underscores in auto-generated IDs in goldmark (#12805)
Add Primary Key to Topic and RepoTopic tables (#12639)
Disable password complexity check default (#12557)
Change PIDFile default from /var/run/gitea.pid to /run/gitea.pid (#12500)
Add extension Support to Attachments (allow all types for releases) (#12465)
Remove IE11 Support (#11470)
Update gitea:
https://github.com/go-gitea/gitea/releases
What changed:
> 1.9.3
BUGFIXES
Fix go get from a private repository with Go 1.13 (#8100)
Strict name matching for Repository.GetTagID() (#8082)
Avoid ambiguity of branch/directory names for the git-diff-tree command (#8070)
Add change title notification for issues (#8064)
Run CORS handler first for /api routes (#7967) (#8053)
Evaluate emojis in commit messages in list view (#8044)
Fix failed to synchronize tags to releases for repository (#7990) (#7994)
Fix adding default Telegram webhook (#7972) (#7992)
Abort synchronization from LDAP source if there is some error (#7965)
Fix deformed emoji in commit message (#8071)
ENHANCEMENT
Keep blame view buttons sequence consistent with normal view when viewing a file (#8007) (#8009)
> 1.9.2
BUGFIXES
Fix wrong sender when send slack webhook (#7918) (#7924)
Upload support text/plain; charset=utf8 (#7899)
Lfs/lock: round locked_at timestamp to second (#7872) (#7875)
Fix non existent milestone with 500 error (#7867) (#7873)
SECURITY
Fix No PGP signature on 1.9.1 tag (#7874)
Release built with go 1.12.9 to fix security fixes in golang std lib, ref: https://groups.google.com/forum/#!msg/golang-announce/oeMaeUnkvVE/a49yvTLqAAAJ
ENHANCEMENT
Fix pull creation with empty changes (#7920) (#7926)
BUILD
Drone/docker: prepare multi-arch release + provide arm64 image (#7571) (#7884)
> 1.9.1
BREAKING
Add pagination for admin api get orgs and fix only list public orgs bug (#7742) (#7752)
SECURITY
Be more strict with git arguments (#7715) (#7762)
Release built with go 1.12.8 to fix security fixes in golang std lib, ref: https://groups.google.com/forum/#!topic/golang-nuts/fCQWxqxP8aA
BUGFIXES
Fix local runs of ssh-requiring integration tests (#7855) (#7857)
Fix hook problem (#7856) (#7754)
Use .ExpiredUnix.IsZero to display green color of forever valid gpg key (#7850) (#7846)
Do not fetch all refs (#7797) (#7837)
Fix duplicate call of webhook (#7824) (#7821)
Enable switching to a different source branch when PR already exists (#7823)
Rewrite existing repo units if setting is not included in api body (#7811)
Prevent Commit Status and Message From Overflowing On Branch Page (#7800) (#7808)
API: fix multiple bugs with statuses endpoints (Backport #7785) (#7807)
Fix Slack webhook fork message (1.9 release backport) (#7783)
Fix approvals counting (#7757) (#7777)
Fix rename failed when rewrite public keys (#7761) (#7769)
Fix dropTableColumns sqlite implementation (#7710) (#7765)
Fix repo_index_status lingering when deleting a repository (#7738)
Fix milestone completness calculation when migrating (#7725) (#7732)
Fixes indexed repos keeping outdated indexes when files grow too large (#7731)
Skip non-regular files (e.g. submodules) on repo indexing (#7717)
Improve branches list performance and fix protected branch icon when no-login (#7695) (#7704)
Correct wrong datetime format for git (#7689) (#7690)
Old behavior is to download the binary of `gitea_version` every run,
then checksum it against the currently installed version to see if it needs
to be copied over.
New behavior is to attempt to extract the current running version of gitea
and only initiate the old behavior if the running version != `gitea_version`.
Default is old behavior due to the major logic change involved.
Based on https://github.com/go-gitea/gitea/releases the current stable version of gitea is ``1.7.4``.
Thank you realy much @thomas-maurice and @madddi for updating this role.