Commit graph

111 commits

Author SHA1 Message Date
Earl Warren 9128268f29 fix(ci): do not block pull request CI when go-versions lags behind
When a new go version is published, it takes about 24h for
https://github.com/actions/go-versions to be updated (see
https://github.com/actions/go-versions/pull/102 for example).

In the meantime the setup-go action that depends on it will install a
version of go that fails golang.org/x/vuln/cmd/govulncheck.

Move the security check to be the last step of the test job instead of
the first. It will still block the PRs from being merged but it will
allow the PR authors to keep working and look at the test results in
the meantime.

Fixes: https://codeberg.org/forgejo/forgejo/issues/4294
(cherry picked from commit ee7f568aed)
2024-07-03 17:13:54 +00:00
Earl Warren abf72a42e7
ci(release): upgrade v*.next.forgejo.org when the release is ready
The https://v$major.next.forgejo.org instances are polling for new
releases with a cron job every hour. This is not only a waste of
resources because there is nothing most of the time, it also imposes a
delay of maximum one hour when there is a new release.

When the release is published, notify the corresponding instance that
an upgrade is ready. In the request will 404 but leave a trace in the
logs which can trigger an upgrade script if wakeup-on-logs is
configured accordingly.

  GET https://v$major.next.forgejo.org/.well-known/wakeup-on-logs/forgejo-v$major

* v8 - a daemon watching on the web server logs was installed for
  https://v8.next.forgejo.org and will perform the upgrade.
* v7 - nothing will happen for https://v7.next.forgejo.org because
  it still relies on the hourly cron job.
* v1.21 - nothing will happen because https://v1.next.forgejo.org does
  not exist.

See also:

* https://forgejo.org/docs/next/developer/infrastructure
* https://code.forgejo.org/infrastructure/wakeup-on-logs
2024-07-01 12:52:59 +02:00
Renovate Bot db8fb0021f Update renovate to v37.421.2 2024-07-01 00:01:26 +00:00
Earl Warren a3491f064f Merge pull request 'test(js): make test-frontend-coverage displays vitest coverage' (#4224) from earl-warren/forgejo:wip-frontend-coverage into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4224
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-06-24 08:41:59 +00:00
Earl Warren 536efeb26e
test(js): make test-frontend-coverage displays vitest coverage 2024-06-24 10:03:42 +02:00
Renovate Bot 3244c96f1c Update ghcr.io/visualon/renovate Docker tag to v37.414.1 2024-06-24 00:02:22 +00:00
Elias Elwyn abde31148f Integration test for redis alternatives - garnet, redict (#4138)
For #4082.

~~Per the discussion in the issue, the current plan will likely involve duplicating the redis library calling code once for each cacher, as neither garnet nor redict guarantee continued compatibility with redis.~~

See discussion below for details.

## Tasklist

- [x] Write workflow to run cache-specific unit test(s) only (cache, session, queue, nosql) for each cacher
- [x] Check whether garnet and redict pass unit tests with no code modification (gauge required work)
  - both passed, but that is because there were very few tests that test the remote cache store

### Out of scope for this PR

- Improve test coverage
  - `modules/cache` against a server
  - `modules/session` against a server (also needs tests in general)
- _(?) Duplicate implementation for each cacher_
  - _Restructure redis usage in `modules/cache` and `modules/settings/cache`_
  - _Restructure `modules/session` and its settings_
  - _Restructure `modules/queue` and its settings_
  - _Restructure `modules/nosql` and its settings_

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4138
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Elias Elwyn <a@jthv.ai>
Co-committed-by: Elias Elwyn <a@jthv.ai>
2024-06-18 12:31:15 +00:00
Renovate Bot db767e2d12 Update ghcr.io/visualon/renovate Docker tag to v37.409.1 2024-06-17 00:02:26 +00:00
Renovate Bot 6e6c2aadd7 Update elasticsearch Docker tag to v7.17.22 2024-06-14 00:02:49 +00:00
Renovate Bot c12b0cd10a Update ghcr.io/visualon/renovate Docker tag to v37.399.10 2024-06-10 02:02:27 +00:00
Renovate Bot f253e352cd Update ghcr.io/visualon/renovate Docker tag to v37.392.0 2024-06-06 00:04:28 +00:00
Renovate Bot 8dd72661af Update ghcr.io/visualon/renovate Docker tag to v37.391.2 2024-06-05 16:08:45 +00:00
Renovate Bot c071bdaf96 Update elasticsearch Docker tag to v7.17.21 2024-06-05 00:05:10 +00:00
Mai-Lapyst e58ce86264 Update the elasticsearch mappings for issues to use long instead of integer for int64 (#3982)
This updates the mapping definition of the elasticsearch issue indexer backend to use `long` instead of `integer`s wherever the go type is a `int64`. Without it larger instances could run into an issue.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3982
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Co-committed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
2024-06-04 07:37:59 +00:00
Renovate Bot 87b4a169ca Update ghcr.io/visualon/renovate Docker tag to v37.385.0 2024-06-02 22:06:00 +00:00
Michael Kriese 629554f8a8
chore(renovate): use sqlite package cache 2024-05-31 13:54:12 +02:00
Renovate Bot 1a6fb16166 Update ghcr.io/visualon/renovate Docker tag to v37.382.4 2024-05-31 09:09:22 +00:00
Earl Warren b1e78f0354 Merge pull request 'Update redis Docker tag to v7.2.5' (#3896) from renovate/redis-7.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3896
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-25 08:40:32 +00:00
Earl Warren 98be7826a3
chore(dependency): pin redis to 7.2 for testing
There is no need to pin a specific patch version for testing. The
worst that can happen in this context is that the CI fails and it can
be addressed in this context. It will not impact releases.
2024-05-25 08:25:51 +02:00
Renovate Bot 3b0501e69f Update code.forgejo.org/oci/alpine Docker tag to v3.20 2024-05-25 02:05:40 +00:00
Renovate Bot 237362ddd3 Update redis Docker tag to v7.2.5 2024-05-25 00:05:17 +00:00
Renovate Bot f5157085aa Update ghcr.io/visualon/renovate Docker tag to v37.374.3 2024-05-22 20:06:04 +00:00
Victoria Nadasdi df0d1a2134 feat: parse prefix from redis URI for queues (#3836)
For security reasons, scoping access to a redis server via ACL rules is
a good practice. Some parts of the codebase handles prefix like cache[^1]
and session[^2], but the queue module doesn't.

This patch adds this missing functionality to the queue module.

Note about relevant test:
I tried to keep the PR as small as possible (and reasonable), and not
change how the test runs. Updated the existing test to use the same
redis address and basically duplicated the test with the extra flag. It
does NOT test if the keys are correct, it ensures only it works as
expected. To make assertions about the keys, the whole test has to be
updated as the general wrapper doesn't allow the main test to check
anything provider (redis) specific property. That's not something I
wanted to take on now.

[^1]: e4c3c039be/modules/cache/cache_redis.go (L139-L150)
[^2]: e4c3c039be/modules/session/redis.go (L122-L129)

Signed-off-by: Victoria Nadasdi <victoria@efertone.me>

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3836
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Victoria Nadasdi <victoria@efertone.me>
Co-committed-by: Victoria Nadasdi <victoria@efertone.me>
2024-05-20 14:10:54 +00:00
Earl Warren b88bae5c5a Merge pull request 'Enable renovate osv vulnerability alerts' (#2788) from viceice/forgejo:chore/renovate into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2788
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-14 12:01:47 +00:00
Renovate Bot 159474ff23 Update ghcr.io/visualon/renovate Docker tag to v37.359.0 2024-05-14 10:03:32 +00:00
Michael Kriese 06725504a3
Enable renovate osv vulnerability alerts 2024-05-14 09:42:22 +02:00
Renovate Bot 8e1a6d8e73 Update ghcr.io/visualon/renovate Docker tag to v37.351.2 2024-05-08 20:05:21 +00:00
Renovate Bot 73031f4b80 Update ghcr.io/visualon/renovate Docker tag to v37.340.9 2024-05-05 02:04:30 +00:00
Renovate Bot 15978d4d07 Update ghcr.io/visualon/renovate Docker tag to v37.330.1 2024-05-01 06:02:32 +00:00
Renovate Bot a3be70f0a5 Update ghcr.io/visualon/renovate Docker tag to v37.323.3 2024-04-26 04:02:40 +00:00
Earl Warren aa66d0a0eb
test(ldap): add LDAP tests 2024-04-24 22:06:32 +02:00
Renovate Bot 56831d345d Update ghcr.io/visualon/renovate Docker tag to v37.316.2 2024-04-22 12:03:00 +00:00
Earl Warren 9303f8e72d
ci(renovate): fix step names (take 2) 2024-04-18 20:08:27 +02:00
Earl Warren c7b8a434c3 Merge pull request 'ci(renovate): fix step names' (#3311) from viceice/forgejo:ci/renovate/fix-step-names into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3311
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-18 14:04:19 +00:00
Renovate Bot 0f078ba4c9 Update ghcr.io/visualon/renovate Docker tag to v37.305.0 2024-04-18 11:25:53 +00:00
Michael Kriese 1f4915692b
ci(renovate): fix step names 2024-04-18 13:22:51 +02:00
Renovate Bot ca2473e895 Update ghcr.io/visualon/renovate Docker tag to v37.303.2 2024-04-17 16:05:21 +00:00
Earl Warren 97189d41f3
fix(release): add missing ARG RELEASE_VERSION
The ARG RELEASE_VERSION set in the build-env image does not propagate
to the images that follow. As a result the value of the version label
is always empty.

This should have been caught by the test in the CI but although it
notified the problem in the output, it did not fail. Upgrade to the
forgejo-build-publish version that fixes this false positive.
2024-04-17 17:16:53 +02:00
Earl Warren 028d19c0fe
feat(release): add OCI labels to container images 2024-04-16 17:50:57 +02:00
Earl Warren 3d2fa4930d Merge pull request 'Update ghcr.io/visualon/renovate Docker tag to v37.296.0' (#3221) from renovate/ghcr.io-visualon-renovate-37.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3221
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-04-15 17:25:56 +00:00
Earl Warren bd431f64f6
[CI] configure backport to comment on the PR on failure 2024-04-15 18:23:57 +02:00
Renovate Bot 84b3136f26 Update ghcr.io/visualon/renovate Docker tag to v37.296.0 2024-04-15 16:07:18 +00:00
Renovate Bot 2059abd9c0 Update ghcr.io/visualon/renovate Docker tag to v37.290.1 2024-04-13 00:04:43 +00:00
Earl Warren 9ef05fec5d Merge pull request 'Update forgejo/forgejo-build-publish action to v5' (#3182) from renovate/forgejo-forgejo-build-publish-5.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3182
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-12 12:22:24 +00:00
Renovate Bot d7ae60ae91 Update forgejo/forgejo-build-publish action to v5 2024-04-12 10:19:15 +00:00
Earl Warren 0355f63a48
[CI] backport upgrade to git-backporting@v4.8.0
* no-auto-squash: true so it DTRT for merged & squashed PRs
* target-branch-pattern: replaces the ad-hoc logic to determine the
  target branch name

It also now supports backporting to multiple branches. This is not
going to be immediately useful but will greatly help in three months
when there are two releases receiving backports.
2024-04-11 10:15:38 +02:00
Renovate Bot 90b160dd34 Update ghcr.io/visualon/renovate Docker tag to v37.282.1 2024-04-11 00:04:53 +00:00
Renovate Bot 6b7aaad986 Update ghcr.io/visualon/renovate Docker tag to v37.280.0 2024-04-08 14:05:06 +00:00
Earl Warren b7303cd3b5 Merge pull request 'Run Renovate more often' (#3108) from viceice/forgejo:chore/renovate-settings into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3108
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-08 08:11:32 +00:00
Michael Kriese cca2141078
Run Renovate more often 2024-04-08 09:19:58 +02:00