* Gitea user should be a system user
* Improve installation system
* Download archive instead of binary
* Add checksum validation
* Add GPG check
* Add backup process before upgrading
* Improve ARM support
* Improve support for Vault Encrypted JWT tokens
* Fix spacing in gitea configuration template
When Gitea rewrite the configuration file (e.g.: the JWT token is not
set or doesn't fit their criteria), it'll align space on a per-section
basis in the .ini file.
If the template is not properly spaced, at the next Ansible run, you'll
have an enormous diff, hidding what the real changes are.
* add proper redhat/debian deps for molecule testing
* Gitea group should be a system group
* fix linting for CI
* Update CI and meta information for up-to-date tests and distros
* molecule: fix typo for redhat packages
* fix typo
* bump gitea version to 1.13.1
* Use Ubuntu keyservers to play nicely with everyone
* Update minimum required ansible version to 2.9.8
This is required for Ubuntu Focal, which comes with systemd >= 245
The Get Facts modules doesn't work well with it before the bugfix
introduced in 2.9.8
* Replace yes by True to please the linting
* Truthy values needs to be lower-case
* bump gitea version to 1.13.2
* perform gitea dump as gitea user
* need to set become to yes
* autogenerate JWT_SECRETS (#77)
* autogenerate JWT_SECRETS
Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined.
In my opinion a much better idea than writing a value in the default config.
The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit.
* drop ansible.builtin. syntax
* Update file permissions for "{{ gitea_home }}" (#75)
The file permissions for {{ gitea_home }} especially in conjunction with the recurse: true flag are on closer inspection very open to all and also have a +x set on files.
This should be done better. And I have done here now.
By the way: To improve the -x on normal files in his gitea installation this shell command was useful for me
```
find . -type f -exec chmod a-x {} \+;
find . -type f -exec chmod u=rwX {} \+;
```
* Bump cryptography from 3.2 to 3.3.2 (#79)
Bumps [cryptography](https://github.com/pyca/cryptography) from 3.2 to 3.3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Gitea user should be a system user
* Improve installation system
* Download archive instead of binary
* Add checksum validation
* Add GPG check
* Add backup process before upgrading
* Improve ARM support
* Fix spacing in gitea configuration template
When Gitea rewrite the configuration file (e.g.: the JWT token is not
set or doesn't fit their criteria), it'll align space on a per-section
basis in the .ini file.
If the template is not properly spaced, at the next Ansible run, you'll
have an enormous diff, hidding what the real changes are.
* add proper redhat/debian deps for molecule testing
* Gitea group should be a system group
* fix linting for CI
* Update CI and meta information for up-to-date tests and distros
* molecule: fix typo for redhat packages
* fix typo
* bump gitea version to 1.13.1
* Use Ubuntu keyservers to play nicely with everyone
* Update minimum required ansible version to 2.9.8
This is required for Ubuntu Focal, which comes with systemd >= 245
The Get Facts modules doesn't work well with it before the bugfix
introduced in 2.9.8
* Replace yes by True to please the linting
* Truthy values needs to be lower-case
* bump gitea version to 1.13.2
* perform gitea dump as gitea user
* need to set become to yes
* check-variables.yml doesn't exists anymore
Co-authored-by: L3D <l3d@c3woc.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* autogenerate JWT_SECRETS
Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined.
In my opinion a much better idea than writing a value in the default config.
The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit.
* drop ansible.builtin. syntax
* delete trailing whitespace
* Add gitea_group
This will add the `gitea_group: gitea` and will probably
RESOLVE https://github.com/thomas-maurice/ansible-role-gitea/issues/70
* update variable length
update variable length to make this role idempotent
* vars should not include special character
gitea 1.13.0 was released which fixes security issues
some breaking changes were reported in the release notes but I didn't find any issues with them on my system, caution is advised
Support Gitea development, we now have a shop for Swag
SECURITY
Add Allow-/Block-List for Migrate & Mirrors (#13610) (#13776)
Prevent git operations for inactive users (#13527) (#13536)
Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13524)
Mitigate Security vulnerability in the git hook feature (#13058)
Disable DSA ssh keys by default (#13056)
Set TLS minimum version to 1.2 (#12689)
Use argon as default password hash algorithm (#12688)
BREAKING
Set RUN_MODE prod by default (#13765) (#13767)
Don't replace underscores in auto-generated IDs in goldmark (#12805)
Add Primary Key to Topic and RepoTopic tables (#12639)
Disable password complexity check default (#12557)
Change PIDFile default from /var/run/gitea.pid to /run/gitea.pid (#12500)
Add extension Support to Attachments (allow all types for releases) (#12465)
Remove IE11 Support (#11470)
Update gitea:
https://github.com/go-gitea/gitea/releases
What changed:
> 1.9.3
BUGFIXES
Fix go get from a private repository with Go 1.13 (#8100)
Strict name matching for Repository.GetTagID() (#8082)
Avoid ambiguity of branch/directory names for the git-diff-tree command (#8070)
Add change title notification for issues (#8064)
Run CORS handler first for /api routes (#7967) (#8053)
Evaluate emojis in commit messages in list view (#8044)
Fix failed to synchronize tags to releases for repository (#7990) (#7994)
Fix adding default Telegram webhook (#7972) (#7992)
Abort synchronization from LDAP source if there is some error (#7965)
Fix deformed emoji in commit message (#8071)
ENHANCEMENT
Keep blame view buttons sequence consistent with normal view when viewing a file (#8007) (#8009)
> 1.9.2
BUGFIXES
Fix wrong sender when send slack webhook (#7918) (#7924)
Upload support text/plain; charset=utf8 (#7899)
Lfs/lock: round locked_at timestamp to second (#7872) (#7875)
Fix non existent milestone with 500 error (#7867) (#7873)
SECURITY
Fix No PGP signature on 1.9.1 tag (#7874)
Release built with go 1.12.9 to fix security fixes in golang std lib, ref: https://groups.google.com/forum/#!msg/golang-announce/oeMaeUnkvVE/a49yvTLqAAAJ
ENHANCEMENT
Fix pull creation with empty changes (#7920) (#7926)
BUILD
Drone/docker: prepare multi-arch release + provide arm64 image (#7571) (#7884)
> 1.9.1
BREAKING
Add pagination for admin api get orgs and fix only list public orgs bug (#7742) (#7752)
SECURITY
Be more strict with git arguments (#7715) (#7762)
Release built with go 1.12.8 to fix security fixes in golang std lib, ref: https://groups.google.com/forum/#!topic/golang-nuts/fCQWxqxP8aA
BUGFIXES
Fix local runs of ssh-requiring integration tests (#7855) (#7857)
Fix hook problem (#7856) (#7754)
Use .ExpiredUnix.IsZero to display green color of forever valid gpg key (#7850) (#7846)
Do not fetch all refs (#7797) (#7837)
Fix duplicate call of webhook (#7824) (#7821)
Enable switching to a different source branch when PR already exists (#7823)
Rewrite existing repo units if setting is not included in api body (#7811)
Prevent Commit Status and Message From Overflowing On Branch Page (#7800) (#7808)
API: fix multiple bugs with statuses endpoints (Backport #7785) (#7807)
Fix Slack webhook fork message (1.9 release backport) (#7783)
Fix approvals counting (#7757) (#7777)
Fix rename failed when rewrite public keys (#7761) (#7769)
Fix dropTableColumns sqlite implementation (#7710) (#7765)
Fix repo_index_status lingering when deleting a repository (#7738)
Fix milestone completness calculation when migrating (#7725) (#7732)
Fixes indexed repos keeping outdated indexes when files grow too large (#7731)
Skip non-regular files (e.g. submodules) on repo indexing (#7717)
Improve branches list performance and fix protected branch icon when no-login (#7695) (#7704)
Correct wrong datetime format for git (#7689) (#7690)
