roles-ansible / ansible_role_gitea Goto Github PK
View Code? Open in Web Editor NEWAnsible role to configure and deploy gitea and forgejo, a painless self-hosted Git service.
License: BSD 3-Clause "New" or "Revised" License
Ansible role to configure and deploy gitea and forgejo, a painless self-hosted Git service.
License: BSD 3-Clause "New" or "Revised" License
ansible_role_gitea/tasks/backup.yml
Line 32 in d33e6b1
this can happen e.g. when the backup failed en then the task is ran again, gitea was stopped, no backup was made, gitea was updated.
Hi,
I think the release workflow is not working well.
In Github Actions, there is "Galaxy-NG Roles Import" workflow in Green Status but :
With this requirements.yaml :
---
roles:
- name: l3d.gitea
version: v3.4.1
And this command installation : ansible-galaxy role install -r requirements.yaml
, I have this issue :
ansible-galaxy role install -r requirements.yaml --force
Starting galaxy role install process
- downloading role 'gitea', owned by l3d
[WARNING]: - l3d.gitea was NOT installed successfully: - the specified version (v3.4.1) of l3d.gitea was not found in the list of available versions ([{'id':
'9686e825-fe2e-4e3e-bfc1-1ec7ce9e1b14', 'name': 'v1.0.0', 'version': '1.0.0', 'created': '2021-03-20T23:13:20.993880Z', 'modified': '2021-03-20T23:13:20.993907Z', 'commit_date':
'2021-03-20T19:08:49-04:00', 'commit_sha': '216088b15f6bc83f14d08f278127491d5c81dfb1', 'download_url': 'https://github.com/roles-ansible/ansible_role_gitea/archive/v1.0.0.tar.gz'},
{'id': 'd7521006-a46f-4826-9011-bd59ec601743', 'name': 'v1.1.0', 'version': '1.1.0', 'created': '2021-03-21T01:37:51.331318Z', 'modified': '2021-03-21T01:37:51.331345Z',
'commit_date': '2021-03-20T21:35:40-04:00', 'commit_sha': '8ed69febc11e1cbfee490fb488f350d8653e98de', 'download_url': 'https://github.com/roles-
ansible/ansible_role_gitea/archive/v1.1.0.tar.gz'},
[...]
{'id': '16d6d717-63cc-49df-80da-d2d130b463b4', 'name': 'v3.3.0', 'version': '3.3.0',
'created': '2023-08-29T23:14:27.594283Z', 'modified': '2023-08-29T23:14:27.594311Z', 'commit_date': '2023-08-29T19:10:12-04:00', 'commit_sha':
'20d8a17f84eb3e23de3402467d0fe344c75da86d', 'download_url': 'https://github.com/roles-ansible/ansible_role_gitea/archive/v3.3.0.tar.gz'}]).
ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.
This error shows that the release v3.3.0 is the last on ansible-galaxy (that can be verified here :https://galaxy.ansible.com/ui/standalone/roles/l3d/gitea/versions ) .
Do you have an idea why ? And how use the latest version with galaxy ?
Thanks :)
In the task: "Create directorys" the "directories" word is misspelled.
It would be nice for this role to be tested against a molecule configuration. Makes it easier to catch easy mistakes ! :)
Hi !
First of all, thanks for create and maintain this ansible role ! That's very usefull :)
I'm currently trying to automate my homelab gitea instance with Actions activate and use local mirror of actions repos.
I'm using this playbook :
- name: "Install gitea"
hosts: "{{ target }}"
roles:
- {role: l3d.gitea, tags: gitea}
vars:
...
gitea_actions_enabled: true # activate actions
gitea_require_signin: false # use by actions to git clone actions/<repo>
...
But I have this message : 2024/04/01 11:14:55 ...s/setting/actions.go:64:loadActionsFrom() [E] [actions] DEFAULT_ACTIONS_URL does not support "https://gitea.com" as custom URL any longer, fallback to "github"
By default, gitea_actions_default_actions_url
will be replace by https://gitea.com
but it's no longer supported by gitea see this PR
Only "github" or "self" are valid inputs.
On my server i am not runnig ssh on the standard port. So i want to configure gitea to run sshd on 22.
Is there any possiblity to do that, maybe we can include setcap...
Something like the following could be added to the role:
- name: Use gitea cli to create user
ansible.builtin.command: >
/usr/local/bin/gitea -c {{ gitea_configuration_path }}/gitea.ini admin user create
--username "{{ item.name }}"
--password "{{ item.password }}"
--email "{{ item.email }}"
--must-change-password=false
become_user: "{{ gitea_user }}"
register: gitearesult
failed_when:
- '"successfully created" not in gitearesult.stdout'
- '"user already exists" not in gitearesult.stderr'
changed_when:
- '"successfully created" in gitearesult.stdout'
loop: "{{ gitea_users }}"
With defaults/main.yml
looking like:
# list of users to add to Gitea, default is an empty list so that no user is created
gitea_users: []
# example of entry
# - name: johndoe
# password: verysecret
# email: "johndoe@{{ gitea_fqdn }}"
When installing, the import of the gpg key seems to fail, even if its set as argument:
fatal: [default]: FAILED! => {"changed": false, "cmd": ["gpg", "--verify", "/tmp/gitea-1.14.1.linux-amd64.xz.asc", "/tmp/gitea-1.14.1.linux-amd64.xz"], "delta": "0:00:00.390815", "end": "2021-04-19 16:04:15.835407", "msg": "non-zero return code", "rc": 2, "start": "2021-04-19 16:04:15.444592", "stderr": "gpg: Signature made Fri 16 Apr 2021 03:21:09 AM UTC using RSA key ID 9753F4B0\ngpg: Can't check signature: No public key", "stderr_lines": ["gpg: Signature made Fri 16 Apr 2021 03:21:09 AM UTC using RSA key ID 9753F4B0", "gpg: Can't check signature: No public key"], "stdout": "", "stdout_lines": []}
The used playbook:
---
# ansible-galaxy install do1jlr.gitea
- name: "Install gitea"
hosts: all
roles:
- {role: do1jlr.gitea, tags: gitea}
vars:
# Here we assume we are behind a reverse proxy that will
# handle https for us, so we bind on localhost:3000 using HTTP
gitea_http_domain: 'localhost'
gitea_root_url: 'http://localhost'
gitea_protocol: http
gitea_gpg_key: 7C9E68152594688862D62AF62D9AE806EC1592E2
gitea_ssh_domain: localhost
gitea_start_ssh: true
gitea_http_listen: 0.0.0.0
Tried this with the following vagrant box:
Vagrant.configure("2") do |config|
config.vm.box = "generic/debian10"
config.vm.provision "shell", inline: <<-SHELL
apt-get update
apt-get install -y python-apt
SHELL
config.vm.provision "ansible" do |ansible|
ansible.playbook = "playbook.yml"
end
config.vm.network "forwarded_port", guest: 3000, host: 8083
end
Currently to update versions, you either have to manually specify it in the role with gitea_version
, or update the the role from galaxy which updates the default value for gitea_version
. It would be nice to be able to set a latest
version in the role itself, which checks the installed version versus the version on github source on playbook execution and updates if needed.
Obviously, it should probably come with a warning that updating versions past the currently supported version in the role can lead to errors; but I think the benefit of being able to explicitly say "always keep this at the latest version" outweighs the risk.
I open this issue, with the Request for Comments on the update behavior of gitea with this role.
TL;DR
gitea_version
as it is?gitea_version
to latest
?gitea_version
and force everyone to think about it?Since the latest release v2.4.0 of this Ansible role, the automatic update to the latest gitea release is now also possible.
But the default value of the gitea_version
variable still contain an exact release of go-gitea. So with every update of gitea this release number must be adjusted. But unfortunately this does not always happen in a very timely manner. 😟
So now my thought would be to change the value of the gitea_version
variable. 🤔 But if it is just changed to 'latest'
, then users of this role might not notice this and might install a gitea version at some point, which they would not have wanted to install without being asked.
On the other hand, the variable gitea_version
could not be given a default value anymore. But explain to the users of this role in the README what values belong here (latest or an exact release version) and so you make no more decisions for the users of this role, which they may prefer to make themselves. 😎
What do you think about this? Do you have an opinion that you would like to share?
Hello, thanks for taking the time to write this role and maintaining it.
I've come across an error today while trying to deploy the role. It seems the URL used to gather the last version has an issue being parsed.
Full error log ;
fatal: [website]: FAILED! =>
msg: |-
The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'json'
The error appears to be in '/home/user/Documents/Code/playbook/roles/ansible_role_gitea/tasks/set_version.yml': line 18, column 7, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: "Set fact latest gitea release"
^ here
I've traced the change made back to this commit ; 39e76e2
I believe the error comes from this line ; https://github.com/roles-ansible/ansible_role_gitea/blame/main/tasks/set_version.yml#L14
When we visit the URL, I've got this result ;
{
"url": "https://api.github.com/repos/go-gitea/gitea/releases/67001059",
"assets_url": "https://api.github.com/repos/go-gitea/gitea/releases/67001059/assets",
"upload_url": "https://uploads.github.com/repos/go-gitea/gitea/releases/67001059/assets{?name,label}",
"html_url": "https://github.com/go-gitea/gitea/releases/tag/v1.16.8",
"id": 67001059,
"author": {},
"node_id": "RE_kwDOBFIx284D_lrj",
"tag_name": "v1.16.8",
"target_commitish": "main",
"name": "v1.16.8",
"draft": false,
"prerelease": false,
"created_at": "2022-05-16T17:31:15Z",
"published_at": "2022-05-16T18:14:21Z",
"assets": [],
"tarball_url": "https://api.github.com/repos/go-gitea/gitea/tarball/v1.16.8",
"zipball_url": "https://api.github.com/repos/go-gitea/gitea/zipball/v1.16.8",
"body": "* ENHANCEMENTS\r\n * Add doctor check/fix for bogus action rows (#19656) (#19669)\r\n * Make .cs highlighting legible on dark themes (#19604) (#19605)\r\n* BUGFIXES\r\n * Fix oauth setting list bug (#19681)\r\n * Delete user related oauth stuff on user deletion too (#19677) (#19680)\r\n * Fix new release from tags list UI (#19670) (#19673)\r\n * Prevent NPE when checking repo units if the user is nil (#19625) (#19630)\r\n * GetFeeds must always discard actions with dangling repo_id (#19598) (#19629)\r\n * Call MultipartForm.RemoveAll when request finishes (#19606) (#19607)\r\n * Avoid MoreThanOne error when creating a branch whose name conflicts with other ref names (#19557) (#19591)\r\n * Fix sending empty notifications (#19589) (#19590)\r\n * Ignore DNS error when doing migration allow/block check (#19566) (#19567)\r\n * Fix issue overview for teams (#19652) (#19653)",
"reactions": {
"url": "https://api.github.com/repos/go-gitea/gitea/releases/67001059/reactions",
"total_count": 20,
"+1": 1,
"-1": 0,
"laugh": 0,
"hooray": 19,
"confused": 0,
"heart": 0,
"rocket": 0,
"eyes": 0
}
}
I found the error strange because it is indeed JSON, and the attribute that is looked for does exist.
After some investigation, it happens that I was using the --check
mode to run my playbook. Thus, because remote module (ansible.legacy.uri) does not support check mode
the content wasn't JSON.
So the playbook runs well without check mode. To support it, we would simply need to check that the content of the registered variable is indeed JSON.
Maybe the role should fail in this case, inviting the user to set the lastest version themselves ?
Hello everyone.
As forgejo is becoming a hard fork of gitea, I'm proposing that it be moved to its own ansible role. (See forgejo news.)
What do you think about this?
I think future changes to the forgejo config could benefit from this. And since you can no longer swap the gitea binary with the forgejo binary, I don't see any advantage in keeping it in the same git project.
Hi,
I've got my Gitea instance behind a reverse proxy and I'd would like to have the public ssh port as 22 but the listening port of the process should still be set to 22222.
As far as I know, in order to achieve this, I need to set the SSH_LISTEN_PORT
however I can't seem to do it with this role.
Is there any alternative I am missing or the SSH_LISTEN_PORT
directive is missing ?
gitea is installed in /usr/local/bin, the ' Backing up gitea before upgrade' command calls sudo gitea, which fails
[jens@giteaqa ~]$ sudo -u gitea which gitea
which: no gitea in (/sbin:/bin:/usr/sbin:/usr/bin)
[gitea@giteaqa ~]$ which gitea
/usr/local/bin/gitea
This behaviour was introduced in
#66
Currently the ini templates used indentations for the key value pairs.
For unknown reasons the jinja2 templating engine cannot take over this indentation. Instead it deploy the ini file without the indentation. As a result the INI file is always redeployed even if nothing has changed in the parameters.
You can check this by running your playbook with -D option.
Proposial: Remove the indentation in the template to only see changes if really something in the parameters has changed.
If you agree I could do this and create a pull request.
At this point Forgejo are maintaining two releases, a stable version v1.21.2-1 and an old-stable v1.20.6-1, the code in this role to check the Codeberg API:
https://codeberg.org/api/v1/repos/forgejo/forgejo/releases?limit=1
Fetches whatever was released latest and the v1.20.6-1 release came after v1.21.2-1
In my case I had GITEA_VERSION set to 'latest' and ansible_role_gitea installed v1.20.6-1 on my existing v1.21.1-0 instance -- Forgejo refused to migrate the newer version of the database and the instance wouldn't restart.
The workaround/fix is simple, just specify the released version in GITEA_VERSION instead of 'latest' and rerun the role.
Earl Warren's replies to my comment imply that there isn't really a better way to get the correct 'latest' except something hairy like looping over the latest releases.
I'm not sure what the fix is. Possibly just a documentation change to recommend setting a release version of Forgejo instead of leaving GITEA_VERSION at its default of 'latest'?
Since Gitea 1.21 (go-gitea/gitea#25907) the path for custom logo assets is {{ gitea_custom }}/public/assets/img
(see https://docs.gitea.com/administration/customizing-gitea#changing-the-logo) and not {{ gitea_custom }}/public/img
(old path). Note the assets/
part addition.
I didn't have time to completely debug this, but when I changed from gitea to forgejo the gitea binary was still used, I first tought that somehow the service template wasn't correctly regenerated for a change like this, since it was already in place, but I now noticed it skips generating the service file at all if the os is not Debian or Suse?
Running on a centos machine.
I have jmespath installed:
pip3 list
# shows amongst many others
jmespath 1.0.1
But the task still fails with:
task path: <snip>/ansible_collections/l3d/git/roles/gitea/tasks/set_forgejo_version.yml:51
fatal: [2a01:4f8:c0c:d890::1]: FAILED! => {
"msg": "You need to install \"jmespath\" prior to running json_query filter"
}
This is on Ubuntu server 22.04 Jammy.
I'll take closer look at the role later, but suggestions welcome :)
This obviously means that install fails.
hello
does this role currently allow gitea Docker "Container Registry" as recently submitted in this PR?
https://docs.gitea.io/en-us/packages/container/
go-gitea/gitea#16510
Hi,
short question:
Can I swithc the role of thomas-maurice with this role without adjusting variables or is there anything that need a closer look before executing?
Install fails with the vars set:
gitea_fork: forgejo
gitea_version: lastest
I believe this is because forgejo project aren't setting a 'latest' tag and are not going to: see FAQ entry - unlike the Gitea project.
A workaround is to use the full numbered version eg 1.19.3-0. But that means manually updating the version var and re-running this role (or just using Gitea instead I guess) for every minor update.
Sanitized error details from ansible:
fatal: [my-server-ip]: FAILED! => {
"cache_control": "max-age=0, private, must-revalidate, no-transform",
"changed": false,
"connection": "close",
"content": "{\"errors\":null,\"message\":\"The target couldn't be found.\",\"url\":\"https://codeberg.org/api/swagger\"}\n",
"content_length": "99",
"content_security_policy_report_only": "default-src data: 'self' https://*.codeberg.org https://codeberg.org; script-src 'self' https://*.codeberg.org https://codeberg.org; style-src data: 'self' 'unsafe-inline' https://*.codeberg.org https://codeberg.org; img-src *; media-src *; object-src 'none'; report-uri https://codeberg.org/.well-known/csp-report",
"content_type": "application/json;charset=utf-8",
"date": "Tue, 09 May 2023 16:24:17 GMT",
"elapsed": 0,
"invocation": {
"module_args": {
"attributes": null,
"body": null,
"body_format": "raw",
"ca_path": null,
"ciphers": null,
"client_cert": null,
"client_key": null,
"creates": null,
"decompress": true,
"dest": null,
"follow_redirects": "safe",
"force": false,
"force_basic_auth": false,
"group": null,
"headers": {},
"http_agent": "ansible-httpget",
"method": "GET",
"mode": null,
"owner": null,
"remote_src": false,
"removes": null,
"return_content": true,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"status_code": [
200
],
"timeout": 30,
"unix_socket": null,
"unredirected_headers": [],
"unsafe_writes": false,
"url": "https://codeberg.org/api/v1/repos/forgejo/forgejo/releases/tags/vlastest",
"url_password": null,
"url_username": null,
"use_gssapi": false,
"use_netrc": true,
"use_proxy": true,
"validate_certs": true
}
},
"json": {
"errors": null,
"message": "The target couldn't be found.",
"url": "https://codeberg.org/api/swagger"
},
"msg": "Status code was 404 and not [200]: HTTP Error 404: Not Found",
"permissions_policy": "interest-cohort=()",
"redirected": false,
"status": 404,
"strict_transport_security": "max-age=63072000; includeSubDomains; preload",
"url": "https://codeberg.org/api/v1/repos/forgejo/forgejo/releases/tags/vlastest",
"x_content_type_options": "nosniff",
"x_frame_options": "sameorigin"
}
Hi, I noticed, that the newest version on Ansible Galaxy is v3.3.0. The following patch releases are missing.
I think I found the root cause, PR is incoming.
I missing:
DEFAULT_PRIVATE: last: Default private when creating a new repository. [last, private, public]
Can you add this point?
Something like the following:
- name: Import Git projects to gitea student user
ansible.builtin.uri:
url: "{{ gitea_protocol }}://{{ gitea_http_domain }}:{{ gitea_http_port }}/api/v1/repos/migrate"
method: POST
body_format: json
body: {"clone_addr": "{{ item.url }}", "repo_name": "{{ item.name }}"}
status_code: [201, 409] # Created or Conflict
headers:
Content-Type: "application/json"
user: "{{ gitea_users[0]['name'] }}"
password: "{{ gitea_users[0]['password'] }}"
force_basic_auth: yes
validate_certs: no
loop: "{{ gitea_repos }}"
Withdefaults/main.yml
looking like the following:
# list of repos to migrate/copy onto the first user's account
gitea_repos: []
# example of entry
# - name: ansible_role_gitea
# url: https://github.com/roles-ansible/ansible_role_gitea.git
It's a bit crude to simply use the first user but you perhaps have a better idea how to do it (simply worked for me!).
when upgrading the backup functionality doesn't work
you can reproduce it with a fresh install
version '1.17.4'
after creating the admin user and a test repository switch to 'latest' and upgrade
my ansible version is 2.12.1
gitea host is a debian 11
TASK [do1jlr.gitea : Backing up gitea before upgrade] ****************************************************************************************************************************************************************************************************************************************************************
fatal: [vboxdeb11]: FAILED! => {"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chmod: Ungültiger Modus: „A+user:gitea:rx:allow“\n„chmod --help“ liefert weitere Informationen.\n}). For information on working around this, see https://docs.ansible.com/ansible-core/2.12/user_guide/become.html#risks-of-becoming-an-unprivileged-user"}
Now path /etc/gitea/gitea.ini
is hardcoded. It will be great to see variables for all paths to be customizable :)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.