Our goal is upgrading to 3.0. To do that we need to upgrade to 2.15, then
to 2.16, then to 3.0. Build all of the images so that we can do that.
2.16 and 3.0 also use bazel, so just use one copy of the Dockerfile for
all three and let zuul check out the repos to the right versions.
Depends-On: https://review.opendev.org/673147
Depends-On: https://review.opendev.org/672320
Change-Id: I35bd278e0c70c871fa44d005c60a987d1d8e3cdc
To provide a stepwise upgrade path from 2.13 running directly to
2.15 in a container, make a container image containing the war we're
using currently. This should let us make a change to how we run the
war without changing the war at all, and then update the war.
Instead of trying to make a clean build for gerrit 2.13 inside of a
builder image, just have it wget the already built wars and jars we
have.
There are pieces of this that duplicate what's being done in puppet,
but in this context it's not immediately clear these are important to
do. However, it's also not clear they're a bad idea.
The gerrit 2.15 build needs a newer bazel. Looking at the CI scripts
that are used by gerrithub, we find that they use bazel 0.26.1
and nodesource v10. Use the bazel image published by google to get
a bazel builder image.
Set gerrit uid/git to 3000 in both images to match the existing
directory ownership so that bindmounting doesn't face permissions
problems.
Change-Id: I3533f01c0859ed50640dcfd98023994c5867c056
This reverts commit fe1b3cee80.
We suspect this may be the cause of some templates going all weird:
* times are showing up as "ago%!(EXTRA string=months%!(EXTRA int64=8))"
* many strings are now showing up as lower cased (eg "explore")
Also, the link to gerrit for nova is "project:openstack/" and is
missing the "nova" portion of the name.
Change-Id: I72a06efd118ad0eae231f5ddf1a9888cb8d35aba
Build a container image with the haproxy-statsd script, and run that
along with the haproxy container.
Change-Id: I18be70d339df613bf9a72e115e80a6da876111e0
The current gitea master has our change to avoid indexing extra
refs, so we can start replicating refs/changes and refs/notes to
it. It also fixes a bug we observed when viewing the index of
the starlingx/integ repo.
This also switches us back to the upstream repo, though since
we're using an intermediate commit, the version displayed in
the web ui will be "6eb53ac570ab9af51fc9cbd79f1db782edce57e0".
The docker entrypoint script has moved, so the Dockerfile is updated
to reflect that.
Change-Id: I47769fc1ca62a39122d96a1fc0c1bfc2caca6a4f
This has a few emergency local patches while we wait for them to
appear in an upstream release.
This updates the modified templates to match the changes in 1.8.0
upstream.
This also disables the oauth2 service, which is new in 1.8.0.
Without disabling this, gitea tries to generate a JWT secret and
write it to the file, which in our case is read only. If we want
to enable it, we need to add a new JWT_SECRET setting.
Change-Id: I969682bce6ff25b7614ce9265097307ee9cbc6cb
Co-Authored-By: Monty Taylor <mordred@inaugust.com>
This helps to reduce the image size but not creating /root/.cache folder
for pip related files.
Change-Id: I1162d7d6fd2e4c7dd9cde44c964aec610a4dd6d3
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
By removing /var/lib/apt/lists it reduces the image size.
Change-Id: Icbe118a2725700b9e5e8da97d062161c5b9a5d2d
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
jemalloc is apparently good with python memory according to
https://zapier.com/engineering/celery-python-jemalloc/
Also, according to these graphs from Tobias:
https://paste.pics/581cc286226407ab0be400b94951a7d9
it helps with the apparent memory leak seen in python3.6
and python3.7 with zuul.
There doesn't seem to be any downside to it, so install it
and enable it.
Change-Id: I354bc35e5fa1aee90e1c8b6918c5a70dafd4f990
There's no real need to tie these together into a multi-stage
Dockerfile as they don't really share anything. Split them.
Change-Id: Ifd7ccadcd8048eeb57797d60356aec2f9f0d2c80
Depends-On: https://review.openstack.org/641805
The stacked opendev logo is added to the home page as an svg.
A 120x120 ping is added as the gitea icon. It appears in several
places throughout gitea source code, and therefore it's easier to
just replace it using the same filename and format rather than
updating the templates with a new filename.
Change-Id: I888b8913c7b6a1045975f10240d744d09b9355b0
We don't want to offer links to tarballs of git exports. For the
overwhelming majority of repos, this is a bogus tarball and people
already have the issue of mistakenly trying to use them on github.
In order to bring these back, we'd want to amend the release process
to either also upload tarballs to gitea (probably once we have gitea
back in k8s) - or maybe be able to create Release objects in gitea
that point to external release storage. We probably also want to
write an upstream patch to allow configuring a repo to never show
an autogenerated git export style release.
Change-Id: Idd02d5816b7d04c9a5dcd55fd1d527379d341b92
Story: 2004627
Task: 29848
Gitea supports internal TLS termination as well as redirection of
http to https. That may be simpler than terminating in a reverse
proxy. Let's try it.
Also, make the dockerfile match the expectation of the job that
there will be a gitea-init stage.
Also, fix the repository root setting in app.ini.
Change-Id: Ia6b66b53cebdb1afa49fef89a0559615f98052f1
We can't rewrite hashes with mod_rewrite, as they are client-side
and are not sent to the server. Instead, put in a javascript snippet
to rewrite them in the format that gitea is looking for.
We only need to handle single lines, as cgit doesn't handle ranges.
Change-Id: I6226e420838a88276a86e406c40f6707eb090310
This removes the activity link, which uselessly shows PR and Issue
activity, as well as the fork, start and watch buttons.
Change-Id: Id40eae211ec9b5165cfc0e38e668ce962cf98d9a
It really doesn't actually matter, but if we do the apt-get install
before the COPY, it can increase the caching efficiency by a billionth
of a percent.
Depends-On: https://review.openstack.org/632528
Change-Id: I875812c956af1c4739e0986d267a47652bb5e6f3
There are cases when an issue has been fixed upstream in a
dependency but not yet released and it is desirable to install
that version in a built image. pbr does not support such urls
in requirements files because releasing software that depends
on unreleased software is quite dangerous.
Update assemble and install-from-bindep to install -r requirements.txt
before installing the actual software so that image builds with
such requirements lines will work.
Change-Id: Ie17a66bdc4ea0609ce4e66051f659cbd829fdd5d
This is a builder image intended to make it easy to build
images for projects that use pbr and bindep.
Also, build a python-base image for use with python-builder
pbrx installed dumb-init in a base image and used it as an
entrypoint for the image. This is a good pattern that we should
continue. Make a python-base image that can be used in the FROM
line of consuming final images.
Change-Id: I8da39e680e9c5ca0d8f603a2645e83fc3be87a8b
Add jobs to build, upload, and promote a gerrit image to
Docker Hub. This uses alternative tags, build path, and
build args.
Change-Id: Iea7109f9ee0ec18431f298a2ecc611678a868d6d
Co-Authored-By: Monty Taylor <mordred@inaugust.com>
Add jobs to build, upload, and promote a gitea image to Docker Hub.
This produces two images (gitea and openssh) from a single Dockerfile
via a multi-stage build.
Change-Id: I8e6136787f75cd69b881b7ac715418c86d356872
The gerrit source dir needs three plugins cloned into
the plugins dir and also a few files updated.
Depends-On: https://review.openstack.org/631007
Change-Id: I56037137d43ee1cea0a4c17e48d09102e1599ddc
Whenever we promote an image, delete the change tag for that image
in Docker Hub, and also delete any change tags older than 24 hours
in order to keep the Docker Hub image registry tidy.
Change-Id: Id4654c893963bdb0a364b1132793fe4fb152bf27
This job has no nodes; the playbook needs to run on localhost.
The only tasks use the uri module without local files, so should
be safe.
Change-Id: Ic012426a66be3b85efe9af35089addf1316dfa63
The credentials secret needs to be associated with the playbook
that uses it.
Also, add build-image-jinja-init to check, this was accidentally
omitted earlier.
Change-Id: I527a26781a716f9307539e4a486d6b79b32f25fd
Upload an image to dockerhub with a change-specific tag in every
gate job, and then, if the change lands, re-tag the image in
dockerhub.
Change-Id: Ie57fc342cbe29d261d33845829b77a0c1bae5ff4