opendev/system-config
Code Issues Proposed changes
system-config/playbooks/roles/gitea/templates/app.ini.j2
Clark Boylan a5095d52bc Update Gitea to version 1.22 
Changes made on our side to make this upgrade happen:

* Update the gitea checkout tag to v1.22.1
* Update the golang container version to 1.22 as gitea 1.22 has an
  undocumented hard dependency on golang 1.22 or newer.
* Update our overridden template files to match latest gitea template
  changes.
* Update our app.ini config to switch from [oauth2].ENABLE to
  [oauth2].ENABLED as the previous config string is deprecated and will
  be removed in 1.23.0 per:
    ...es/setting/oauth2.go:124:loadOAuth2From() [E] Deprecation: config
    option `[oauth2].ENABLE` presents, please use `[oauth2].ENABLED`
    instead because this fallback will be/has been removed in v1.23.0

The full release notes for this release can be found here:

  https://github.com/go-gitea/gitea/blob/v1.22.1/CHANGELOG.md

I've including the list of breaking changes below with my own
annotations on how/whether they affect us.

* BREAKING
  * Improve reverse proxy documents and clarify the AppURL guessing behavior (https://github.com/go-gitea/gitea/pull/31003) (https://github.com/go-gitea/gitea/pull/31020)
    * This isn't actually a breaking chagne but they have improved docs
      around how to properly set Host and X-Forwarded-Proto headers for
      gitea to enable better logging behind a reverse proxy. We should
      investigate.
  * Remember log in for a month by default (https://github.com/go-gitea/gitea/pull/30150)
    * Default was a week. We should consider rolling back to low values
      since we don't have real users.
  * Breaking summary for template refactoring (https://github.com/go-gitea/gitea/pull/29395)
    * All custom templates need to follow these changes
    * I don't think we're using any of the changed methods/functions in
      our templates. Testing should help confirm this.
  * Recommend/convert to use case-sensitive collation for MySQL/MSSQL (https://github.com/go-gitea/gitea/pull/28662)
    * This is the doctor update to address case sensitivity problems
      between git and gitea. We'll need to test this as part of our
      upgrade process and testing.
  * Make offline mode as default to not connect external avatar service by default (https://github.com/go-gitea/gitea/pull/28548)
    * We are already disabling gravatar. I think this will disable it
      harder.
  * Include public repos in the doer's dashboard for issue search (https://github.com/go-gitea/gitea/pull/28304)
    * This affects end user dashboard info rendering which we don't use.
  * Use restricted sanitizer for repository description (https://github.com/go-gitea/gitea/pull/28141)
    * We already control what goes into repo descriptions via
      projects.yaml. Shouldn't really affect us.
  * Support storage base path as prefix (https://github.com/go-gitea/gitea/pull/27827)
    * This change looks scary at first glance but appears to only affect
      minio storage systems (which is like an s3 abstraction layer). We
      store things to disk and shouldn't be affected if I read the PR
      correctly.
  * Enhanced auth token / remember me (https://github.com/go-gitea/gitea/pull/27606)
    * THis appears to improve security but it isn't clear what the
      effect on end users is. We'll see if our CI jobs are happy with
      new token generation I guess.
  * Rename the default themes to gitea-light, gitea-dark, gitea-auto (https://github.com/go-gitea/gitea/pull/27419)
    * If you didn't see the new themes, please remove the [ui].THEMES config option from app.ini
    * We don't do anything special for themes so this should noop for
      us.
  * Require MySQL 8.0, PostgreSQL 12, MSSQL 2012 (https://github.com/go-gitea/gitea/pull/27337)
    * Our version of MariaDB should be new enough to rough rough feature
      equivalent with MySQL 8.0 and newer. We might consider helping
      upstream add MariaDB testing if they haven't already though.

Change-Id: Ifb4f0d92d70bc06f717e6535f1b67a221e127180
2024-07-07 19:30:42 -07:00

142 lines
3.6 KiB
Django/Jinja
Raw Blame History

APP_NAME = OpenDev: Free Software Needs Free Tools
RUN_MODE = prod
RUN_USER = git
; TODO determine if this is appropriate for our existing installation
WORK_PATH= /data/gitea
[server]
APP_DATA_PATH = /data/gitea
SSH_DOMAIN = localhost
PROTOCOL = https
HTTP_PORT = 3000
ROOT_URL = https://opendev.org/
DISABLE_SSH = false
SSH_PORT = 22
DOMAIN = localhost
LFS_START_SERVER = true
LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}
OFFLINE_MODE = false
CERT_FILE = /certs/cert.pem
KEY_FILE = /certs/key.pem
REDIRECT_OTHER_PORT = true
PORT_TO_REDIRECT = 3080
[database]
DB_TYPE = mysql
HOST = localhost:3306
NAME = gitea
USER = {{ gitea_db_username }}
PASSWD = {{ gitea_db_password }}
SSL_MODE = disable
LOG_SQL = false
[repository]
ROOT = /data/git/repositories
DISABLED_REPO_UNITS = repo.issues,repo.pulls,repo.wiki,repo.projects,repo.actions
DISABLE_STARS = true
DISABLE_MIGRATIONS = true
[git]
; Implemented in 1.16 but broke older git clients. Now expected to work
; but we keep explicit config in place should it need to be toggled back
; to true again.
DISABLE_PARTIAL_CLONE = false
[federation]
ENABLED = false
[packages]
ENABLED = false
[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
REPO_INDEXER_ENABLED = true
STARTUP_TIMEOUT = 300s
[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER = file
[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
DISABLE_GRAVATAR = true
[attachment]
PATH = /data/gitea/attachments
[log]
ROOT_PATH = /logs
LEVEL = Info
STACKTRACE_LEVEL = Error
logger.access.MODE = file
{% raw -%}
ACCESS_LOG_TEMPLATE = {{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}" "{{.Ctx.Req.UserAgent}}"
{% endraw %}
[security]
INSTALL_LOCK = true
SECRET_KEY = {{ gitea_secret_key }}
INTERNAL_TOKEN = {{ gitea_internal_token }}
PASSWORD_COMPLEXITY = lower,upper,digit
[service]
DISABLE_REGISTRATION = true
SHOW_REGISTRATION_BUTTON = false
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
ENABLE_TIMETRACKING = false
DEFAULT_ENABLE_TIMETRACKING = false
NO_REPLY_ADDRESS = noreply.example.org
[mailer]
ENABLED = false
[oauth2]
ENABLED = false
; TODO we don't do oauth2 do we need to set this value?
JWT_SECRET = {{ gitea_oauth2_jwt_secret }}
; TODO we don't do oauth2 do we need to set this value?
JWT_SIGNING_PRIVATE_KEY_FILE = /data/gitea/jwt/private.pem
[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false
[markup.pandoc]
ENABLED = true
; List of file extensions that should be rendered by an external command
FILE_EXTENSIONS = .rst
; External command to render all matching extensions
RENDER_COMMAND = /usr/bin/pandoc -f rst
; Input is not a standard input but a file
IS_INPUT_FILE = false
[actions]
ENABLED = false
[lfs]
STORAGE_TYPE = local
PATH = /data/git/lfs
; This is an undocumented gitea cron job that will delete all
; repo archives once daily at midnight. Repo archives are
; tarballs/zips/etc of repository state generate for things like
; tags. This helps ensure we don't run out of disk.
[cron.delete_repo_archives]
ENABLED = true
RUN_AT_START = false
NOTICE_ON_SUCCESS = false
; Note we run this several hours after 0000 (midnight) to avoid conflict
; with default cron jobs run by gitea at that time.
SCHEDULE = 0 0 3 * * *
; We don't need gitea phoning out to check versions. We stay on
; top of new releases using github release notifications over email.
[cron.update_checker]
ENABLED = false
View Git Blame Copy Permalink