30279610b6
Upgrade Gitea to 1.21.3. The changelogs for this release can be found here: https://github.com/go-gitea/gitea/blob/v1.21.3/CHANGELOG.md I have attempted to collect the interesting bits in this commit message as well as information on why we do or don't make changes to address these items. 1.21.0 * BREAKING * Restrict certificate type for builtin SSH server (https://github.com/go-gitea/gitea/pull/26789) * We don't use the builtin SSH server and don't use certificates for auth. Nothing to do here. * Refactor to use urfave/cli/v2 (https://github.com/go-gitea/gitea/pull/25959) * The major change here updated `gitea` to stop accepting `gitea web`'s command options. Our dockerfile is set up to use `CMD ["/usr/local/bin/gitea", "web"]` so we are not affected. * Move public asset files to the proper directory (https://github.com/go-gitea/gitea/pull/25907) * We update the testinfra test for robots.txt to more robustly check file contents. Previously it checked a very generic prefix which may indicate a generic file being served. * We move custom/public/img into custom/public/assets/img. Screenshots should be used to confirm this works as expected. * Remove commit status running and warning to align GitHub (https://github.com/go-gitea/gitea/pull/25839) (partially reverted: Restore warning commit status (https://github.com/go-gitea/gitea/pull/27504) (https://github.com/go-gitea/gitea/pull/27529)) * We don't rely on commit statuses as this is a read only replica of Gerrit. * Remove "CHARSET" config option for MySQL, always use "utf8mb4" (https://github.com/go-gitea/gitea/pull/25413) * We don't set [database].CHARSET. Doesn't affect us. * Set SSH_AUTHORIZED_KEYS_BACKUP to false (https://github.com/go-gitea/gitea/pull/25412) * We don't set this value explicitly so the default will flip from true to false for us. I don't think this is an issue because we keep track of our pubkeys in git. * SECURITY * Dont leak private users via extensions (https://github.com/go-gitea/gitea/pull/28023) (https://github.com/go-gitea/gitea/pull/28029) * We don't use private users. * Expanded minimum RSA Keylength to 3072 (https://github.com/go-gitea/gitea/pull/26604) * We have rotated keys used to replicate from gerrit to gitea to work around this. Now are keys are long enough to make gitea happy. * BUILD * Dockerfile small refactor (https://github.com/go-gitea/gitea/pull/27757) (https://github.com/go-gitea/gitea/pull/27826) * I've updated our Dockerfile to mimic these changes. Comment whitespace as well as how things are copied and chmoded in the build image have been updated. * TODO the file copies aren't working for us. I think due to how we ultimately clone the git repo. We use RUN but upstream is using COPY against the local build dir. I've aligned as best as I can, but we should see if we can do a similar COPY on our end. * Fix build errors on BSD (in BSDMakefile) (#27594) (#27608) * We don't run on BSD. * Fully replace drone with actions (#27556) (#27575) * This is how upstream builds their images. Doesn't affect our builds. * Enable markdownlint no-duplicate-header (#27500) (#27506) * Build time linters are somethign we don't care too much about on our end. * Enable production source maps for index.js, fix CSS sourcemaps (https://github.com/go-gitea/gitea/pull/27291) (https://github.com/go-gitea/gitea/pull/27295) * This emits a source map for index.js which can be used for in browser debugging. Don't think this is anything we need to take action on. * Update snap package (#27021) * We don't use a snap package. * Bump go to 1.21 (https://github.com/go-gitea/gitea/pull/26608) * Our go version is updated in the Dockerfile. * Bump xgo to go-1.21.x and node to 20 in release-version (https://github.com/go-gitea/gitea/pull/26589) * Our node version is updated in the Dockerfile. * Add template linting via djlint (#25212) * Build time linters are somethign we don't care too much about on our end. 1.21.1 * SECURITY * Fix comment permissions (https://github.com/go-gitea/gitea/pull/28213) (https://github.com/go-gitea/gitea/pull/28216) * This affects disclosure of private repo content. We don't have private repos so shouldn't be affected. 1.21.2 * SECURITY * Rebuild with recently released golang version * We'll automatically rebuild with newer golang too. * Fix missing check (https://github.com/go-gitea/gitea/pull/28406) (https://github.com/go-gitea/gitea/pull/28411) * There is minimal info here but it appears to be related to issues. We don't use issues so shouldn't affect us. * Do some missing checks (https://github.com/go-gitea/gitea/pull/28423) (https://github.com/go-gitea/gitea/pull/28432) * There is minimal info here but it appears to be related to checks around private repos. We don't use private repos so this shouldn't affect us. 1.21.3 * SECURITY * Update golang.org/x/crypto (https://github.com/go-gitea/gitea/pull/28519) * This addresses recent concerns found in ssh for gitea's built in ssh implementation. We use openssh as provided by debian so will rely on our distro to provide fixes. Finally 1.21.x broke rendering of code search templates. The issue is here: https://github.com/go-gitea/gitea/issues/28607. To address this I've vendored the two fixed template files (https://github.com/go-gitea/gitea/pull/28576/files)into our custom template dirs. Once upstream makes a release with these fixes we can drop the custom files entirely as we don't override anything special in them. Change-Id: Id714826a9bc7682403afcf90f2761db8c84eacbf
131 lines
5.1 KiB
Python
131 lines
5.1 KiB
Python
# Copyright 2018 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from util import take_screenshots
|
|
|
|
testinfra_hosts = ['gitea99.opendev.org']
|
|
|
|
|
|
def test_gitea_listening(host):
|
|
gitea_https = host.socket("tcp://0.0.0.0:3000")
|
|
assert gitea_https.is_listening
|
|
gitea_http = host.socket("tcp://0.0.0.0:3080")
|
|
assert gitea_http.is_listening
|
|
gitea_ssh = host.socket("tcp://0.0.0.0:222")
|
|
assert gitea_ssh.is_listening
|
|
gitea_proxy = host.socket("tcp://0.0.0.0:3081")
|
|
assert gitea_proxy.is_listening
|
|
|
|
def test_ulimit(host):
|
|
cmd = host.run("docker exec gitea-docker_gitea-web_1 prlimit")
|
|
expected = ("STACK max stack size "
|
|
"16777216 9223372036854775807 bytes")
|
|
assert expected in cmd.stdout.split('\n')
|
|
|
|
def test_robots(host):
|
|
cmd = host.run('curl --insecure '
|
|
'--resolve gitea99.opendev.org:3081:127.0.0.1 '
|
|
'https://gitea99.opendev.org:3081/robots.txt')
|
|
assert 'Disallow: /' in cmd.stdout
|
|
assert 'This was kindly seeded with a mix of' in cmd.stdout
|
|
|
|
def test_matrix_server(host):
|
|
cmd = host.run('curl --insecure -v '
|
|
'--resolve gitea99.opendev.org:3081:127.0.0.1 '
|
|
'https://gitea99.opendev.org:3081/.well-known/matrix/server')
|
|
assert '"m.server": "opendev.ems.host:443"' in cmd.stdout
|
|
assert 'Access-Control-Allow-Origin' not in cmd.stderr
|
|
|
|
def test_matrix_client(host):
|
|
cmd = host.run('curl --insecure -v '
|
|
'--resolve gitea99.opendev.org:3081:127.0.0.1 '
|
|
'https://gitea99.opendev.org:3081/.well-known/matrix/client')
|
|
assert '"base_url": "https://opendev.ems.host"' in cmd.stdout
|
|
assert 'Access-Control-Allow-Origin' in cmd.stderr
|
|
|
|
def test_proxy(host):
|
|
cmd = host.run('curl --insecure '
|
|
'--resolve gitea99.opendev.org:3081:127.0.0.1 '
|
|
'https://gitea99.opendev.org:3081/')
|
|
assert 'Git with a cup of tea' in cmd.stdout
|
|
|
|
def test_proxy_ua_blacklist(host):
|
|
cmd = host.run('curl --insecure -A '
|
|
'" Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; TencentTraveler 4.0)" '
|
|
'--resolve gitea99.opendev.org:3081:127.0.0.1 '
|
|
'https://gitea99.opendev.org:3081/')
|
|
assert '403 Forbidden' in cmd.stdout
|
|
|
|
def test_ondisk_logs(host):
|
|
mariadb_log = host.file('/var/log/containers/docker-mariadb.log')
|
|
assert mariadb_log.exists
|
|
|
|
gitea_log = host.file('/var/log/containers/docker-gitea.log')
|
|
assert gitea_log.exists
|
|
|
|
gitea_ssh_log = host.file('/var/log/containers/docker-gitea-ssh.log')
|
|
assert gitea_ssh_log.exists
|
|
assert gitea_ssh_log.contains("Server listening on :: port 222.")
|
|
|
|
def test_project_clone(host):
|
|
# Note this tests the result of a project rename in gitea as well.
|
|
cmd = host.run(
|
|
'GIT_SSL_NO_VERIFY=1 '
|
|
'git clone https://localhost:3081/opendev/disk-image-builder '
|
|
'/tmp/disk-image-builder')
|
|
assert "Cloning into '/tmp/disk-image-builder'..." in cmd.stderr
|
|
assert cmd.succeeded
|
|
# Check that our default of master is still honored.
|
|
# Gitea defaults to main as of 1.17.0.
|
|
cmd = host.run(
|
|
'git -C /tmp/disk-image-builder '
|
|
'symbolic-ref refs/remotes/origin/HEAD')
|
|
assert "refs/remotes/origin/master" in cmd.stdout
|
|
assert "refs/remotes/origin/main" not in cmd.stdout
|
|
assert cmd.succeeded
|
|
|
|
def test_partial_project_clone(host):
|
|
cmd = host.run(
|
|
'GIT_SSL_NO_VERIFY=1 '
|
|
'git clone --filter=blob:none '
|
|
'https://localhost:3081/opendev/system-config '
|
|
'/tmp/test-system-config-clone')
|
|
assert "Cloning into '/tmp/test-system-config-clone'..." in cmd.stderr
|
|
assert cmd.succeeded
|
|
# Check that our default of master is still honored.
|
|
# Gitea defaults to main as of 1.17.0.
|
|
cmd = host.run(
|
|
'git -C /tmp/test-system-config-clone '
|
|
'symbolic-ref refs/remotes/origin/HEAD')
|
|
assert "refs/remotes/origin/master" in cmd.stdout
|
|
assert "refs/remotes/origin/main" not in cmd.stdout
|
|
assert cmd.succeeded
|
|
|
|
def test_gitea_screenshots(host):
|
|
|
|
shots = (
|
|
('https://localhost:3081', None, 'gitea-main.png'),
|
|
('https://localhost:3081/opendev/system-config', None,
|
|
'gitea-project-system-config.png'),
|
|
('https://localhost:3081/opendev/disk-image-builder', None,
|
|
'gitea-project-dib.png'),
|
|
('https://localhost:3081/opendev/', None,
|
|
'gitea-org-opendev.png'),
|
|
('https://localhost:3081/explore/organizations', None,
|
|
'gitea-org-explore.png'),
|
|
)
|
|
|
|
take_screenshots(host, shots)
|
|
|