mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-29 07:46:49 +00:00
df0d1a2134
For security reasons, scoping access to a redis server via ACL rules is a good practice. Some parts of the codebase handles prefix like cache[^1] and session[^2], but the queue module doesn't. This patch adds this missing functionality to the queue module. Note about relevant test: I tried to keep the PR as small as possible (and reasonable), and not change how the test runs. Updated the existing test to use the same redis address and basically duplicated the test with the extra flag. It does NOT test if the keys are correct, it ensures only it works as expected. To make assertions about the keys, the whole test has to be updated as the general wrapper doesn't allow the main test to check anything provider (redis) specific property. That's not something I wanted to take on now. [^1]:e4c3c039be/modules/cache/cache_redis.go (L139-L150)
[^2]:e4c3c039be/modules/session/redis.go (L122-L129)
Signed-off-by: Victoria Nadasdi <victoria@efertone.me> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3836 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Victoria Nadasdi <victoria@efertone.me> Co-committed-by: Victoria Nadasdi <victoria@efertone.me>
223 lines
7.3 KiB
YAML
223 lines
7.3 KiB
YAML
name: testing
|
|
|
|
on:
|
|
pull_request:
|
|
push:
|
|
branches:
|
|
- 'forgejo*'
|
|
- 'v*/forgejo*'
|
|
|
|
jobs:
|
|
backend-checks:
|
|
if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
|
|
runs-on: docker
|
|
container:
|
|
image: 'docker.io/node:20-bookworm'
|
|
steps:
|
|
- name: event info
|
|
run: |
|
|
cat <<'EOF'
|
|
${{ toJSON(github) }}
|
|
EOF
|
|
- uses: https://code.forgejo.org/actions/checkout@v3
|
|
- uses: https://code.forgejo.org/actions/setup-go@v4
|
|
with:
|
|
go-version: "1.22"
|
|
check-latest: true
|
|
- run: make deps-backend deps-tools
|
|
- run: make --always-make -j$(nproc) lint-backend checks-backend # ensure the "go-licenses" make target runs
|
|
frontend-checks:
|
|
if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
|
|
runs-on: docker
|
|
container:
|
|
image: 'docker.io/node:20-bookworm'
|
|
steps:
|
|
- uses: https://code.forgejo.org/actions/checkout@v3
|
|
- run: make deps-frontend
|
|
- run: make lint-frontend
|
|
- run: make checks-frontend
|
|
- run: make test-frontend
|
|
- run: make frontend
|
|
test-unit:
|
|
if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
|
|
runs-on: docker
|
|
needs: [backend-checks, frontend-checks]
|
|
container:
|
|
image: 'docker.io/node:20-bookworm'
|
|
services:
|
|
minio:
|
|
image: bitnami/minio:2024.3.30
|
|
options: >-
|
|
--hostname gitea.minio
|
|
env:
|
|
MINIO_DOMAIN: minio
|
|
MINIO_ROOT_USER: 123456
|
|
MINIO_ROOT_PASSWORD: 12345678
|
|
redis:
|
|
image: redis:7.2.4
|
|
steps:
|
|
- uses: https://code.forgejo.org/actions/checkout@v3
|
|
- uses: https://code.forgejo.org/actions/setup-go@v4
|
|
with:
|
|
go-version: "1.22"
|
|
- run: |
|
|
git config --add safe.directory '*'
|
|
adduser --quiet --comment forgejo --disabled-password forgejo
|
|
chown -R forgejo:forgejo .
|
|
- name: install git >= 2.42
|
|
run: |
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
echo deb http://deb.debian.org/debian/ testing main > /etc/apt/sources.list.d/testing.list
|
|
apt-get update -qq
|
|
apt-get -q install -qq -y git
|
|
rm /etc/apt/sources.list.d/testing.list
|
|
apt-get update -qq
|
|
- run: |
|
|
su forgejo -c 'make deps-backend'
|
|
- run: |
|
|
su forgejo -c 'make backend'
|
|
env:
|
|
TAGS: bindata
|
|
- run: |
|
|
su forgejo -c 'make test-backend test-check'
|
|
timeout-minutes: 50
|
|
env:
|
|
RACE_ENABLED: 'true'
|
|
TAGS: bindata
|
|
TEST_REDIS_SERVER: redis:6379
|
|
test-mysql:
|
|
if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
|
|
runs-on: docker
|
|
needs: [backend-checks, frontend-checks]
|
|
container:
|
|
image: 'docker.io/node:20-bookworm'
|
|
services:
|
|
mysql:
|
|
image: 'docker.io/mysql:8-debian'
|
|
env:
|
|
MYSQL_ALLOW_EMPTY_PASSWORD: yes
|
|
MYSQL_DATABASE: testgitea
|
|
#
|
|
# See also https://codeberg.org/forgejo/forgejo/issues/976
|
|
#
|
|
cmd: ['mysqld', '--innodb-adaptive-flushing=OFF', '--innodb-buffer-pool-size=4G', '--innodb-log-buffer-size=128M', '--innodb-flush-log-at-trx-commit=0', '--innodb-flush-log-at-timeout=30', '--innodb-flush-method=nosync', '--innodb-fsync-threshold=1000000000']
|
|
steps:
|
|
- uses: https://code.forgejo.org/actions/checkout@v3
|
|
- uses: https://code.forgejo.org/actions/setup-go@v4
|
|
with:
|
|
go-version: "1.22"
|
|
- name: install dependencies & git >= 2.42
|
|
run: |
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
echo deb http://deb.debian.org/debian/ testing main > /etc/apt/sources.list.d/testing.list
|
|
apt-get update -qq
|
|
apt-get install --no-install-recommends -qq -y git git-lfs
|
|
rm /etc/apt/sources.list.d/testing.list
|
|
apt-get update -qq
|
|
- name: setup user and permissions
|
|
run: |
|
|
git config --add safe.directory '*'
|
|
adduser --quiet --comment forgejo --disabled-password forgejo
|
|
chown -R forgejo:forgejo .
|
|
- run: |
|
|
su forgejo -c 'make deps-backend'
|
|
- run: |
|
|
su forgejo -c 'make backend'
|
|
env:
|
|
TAGS: bindata
|
|
- run: |
|
|
su forgejo -c 'make test-mysql-migration test-mysql'
|
|
timeout-minutes: 50
|
|
env:
|
|
TAGS: bindata
|
|
USE_REPO_TEST_DIR: 1
|
|
test-pgsql:
|
|
if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
|
|
runs-on: docker
|
|
needs: [backend-checks, frontend-checks]
|
|
container:
|
|
image: 'docker.io/node:20-bookworm'
|
|
services:
|
|
minio:
|
|
image: bitnami/minio:2024.3.30
|
|
env:
|
|
MINIO_ROOT_USER: 123456
|
|
MINIO_ROOT_PASSWORD: 12345678
|
|
ldap:
|
|
image: docker.io/gitea/test-openldap:latest
|
|
pgsql:
|
|
image: 'docker.io/postgres:15'
|
|
env:
|
|
POSTGRES_DB: test
|
|
POSTGRES_PASSWORD: postgres
|
|
steps:
|
|
- uses: https://code.forgejo.org/actions/checkout@v3
|
|
- uses: https://code.forgejo.org/actions/setup-go@v4
|
|
with:
|
|
go-version: "1.22"
|
|
- name: install dependencies & git >= 2.42
|
|
run: |
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
echo deb http://deb.debian.org/debian/ testing main > /etc/apt/sources.list.d/testing.list
|
|
apt-get update -qq
|
|
apt-get install --no-install-recommends -qq -y git git-lfs
|
|
rm /etc/apt/sources.list.d/testing.list
|
|
apt-get update -qq
|
|
- name: setup user and permissions
|
|
run: |
|
|
git config --add safe.directory '*'
|
|
adduser --quiet --comment forgejo --disabled-password forgejo
|
|
chown -R forgejo:forgejo .
|
|
- run: |
|
|
su forgejo -c 'make deps-backend'
|
|
- run: |
|
|
su forgejo -c 'make backend'
|
|
env:
|
|
TAGS: bindata
|
|
- run: |
|
|
su forgejo -c 'make test-pgsql-migration test-pgsql'
|
|
timeout-minutes: 50
|
|
env:
|
|
TAGS: bindata
|
|
RACE_ENABLED: true
|
|
USE_REPO_TEST_DIR: 1
|
|
TEST_LDAP: 1
|
|
test-sqlite:
|
|
if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
|
|
runs-on: docker
|
|
needs: [backend-checks, frontend-checks]
|
|
container:
|
|
image: 'docker.io/node:20-bookworm'
|
|
steps:
|
|
- uses: https://code.forgejo.org/actions/checkout@v3
|
|
- uses: https://code.forgejo.org/actions/setup-go@v4
|
|
with:
|
|
go-version: "1.22"
|
|
- name: install dependencies & git >= 2.42
|
|
run: |
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
echo deb http://deb.debian.org/debian/ testing main > /etc/apt/sources.list.d/testing.list
|
|
apt-get update -qq
|
|
apt-get install --no-install-recommends -qq -y git git-lfs
|
|
rm /etc/apt/sources.list.d/testing.list
|
|
apt-get update -qq
|
|
- name: setup user and permissions
|
|
run: |
|
|
git config --add safe.directory '*'
|
|
adduser --quiet --comment forgejo --disabled-password forgejo
|
|
chown -R forgejo:forgejo .
|
|
- run: |
|
|
su forgejo -c 'make deps-backend'
|
|
- run: |
|
|
su forgejo -c 'make backend'
|
|
env:
|
|
TAGS: bindata sqlite sqlite_unlock_notify
|
|
- run: |
|
|
su forgejo -c 'make test-sqlite-migration test-sqlite'
|
|
timeout-minutes: 50
|
|
env:
|
|
TAGS: bindata sqlite sqlite_unlock_notify
|
|
RACE_ENABLED: true
|
|
TEST_TAGS: sqlite sqlite_unlock_notify
|
|
USE_REPO_TEST_DIR: 1
|