├── .github └── workflows │ └── docker-publish.yml ├── Dockerfile ├── README.md ├── build.sh ├── clean.sh ├── openshift ├── gitea-ephemeral-template.yaml └── gitea-persistent-template.yaml ├── root └── usr │ └── bin │ ├── giteacmd │ └── rungitea └── setup.sh /.github/workflows/docker-publish.yml: -------------------------------------------------------------------------------- 1 | name: Docker 2 | 3 | # This workflow uses actions that are not certified by GitHub. 4 | # They are provided by a third-party and are governed by 5 | # separate terms of service, privacy policy, and support 6 | # documentation. 7 | 8 | on: 9 | push: 10 | branches: [ "main" ] 11 | # Publish semver tags as releases. 12 | tags: [ 'v*.*.*' ] 13 | pull_request: 14 | branches: [ "main" ] 15 | 16 | env: 17 | # Use docker.io for Docker Hub if empty 18 | REGISTRY: ghcr.io 19 | # github.repository as / 20 | IMAGE_NAME: ${{ github.repository }} 21 | 22 | jobs: 23 | build: 24 | 25 | runs-on: ubuntu-latest 26 | permissions: 27 | contents: read 28 | packages: write 29 | # This is used to complete the identity challenge 30 | # with sigstore/fulcio when running outside of PRs. 31 | id-token: write 32 | 33 | steps: 34 | - name: Checkout repository 35 | uses: actions/checkout@v3 36 | 37 | # Install the cosign tool except on PR 38 | # https://github.com/sigstore/cosign-installer 39 | - name: Install cosign 40 | if: github.event_name != 'pull_request' 41 | uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1 42 | with: 43 | cosign-release: 'v2.1.1' 44 | 45 | # Set up BuildKit Docker container builder to be able to build 46 | # multi-platform images and export cache 47 | # https://github.com/docker/setup-buildx-action 48 | - name: Set up Docker Buildx 49 | uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 50 | 51 | # Login against a Docker registry except on PR 52 | # https://github.com/docker/login-action 53 | - name: Log into registry ${{ env.REGISTRY }} 54 | if: github.event_name != 'pull_request' 55 | uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 56 | with: 57 | registry: ${{ env.REGISTRY }} 58 | username: ${{ github.actor }} 59 | password: ${{ secrets.GITHUB_TOKEN }} 60 | 61 | # Extract metadata (tags, labels) for Docker 62 | # https://github.com/docker/metadata-action 63 | - name: Extract Docker metadata 64 | id: meta 65 | uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 66 | with: 67 | images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} 68 | 69 | # Build and push Docker image with Buildx (don't push on PR) 70 | # https://github.com/docker/build-push-action 71 | - name: Build and push Docker image 72 | id: build-and-push 73 | uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 74 | with: 75 | context: . 76 | push: ${{ github.event_name != 'pull_request' }} 77 | tags: ${{ steps.meta.outputs.tags }} 78 | labels: ${{ steps.meta.outputs.labels }} 79 | cache-from: type=gha 80 | cache-to: type=gha,mode=max 81 | 82 | # Sign the resulting Docker image digest except on PRs. 83 | # This will only write to the public Rekor transparency log when the Docker 84 | # repository is public to avoid leaking data. If you would like to publish 85 | # transparency data even for private images, pass --force to cosign below. 86 | # https://github.com/sigstore/cosign 87 | - name: Sign the published Docker image 88 | if: ${{ github.event_name != 'pull_request' }} 89 | env: 90 | # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable 91 | TAGS: ${{ steps.meta.outputs.tags }} 92 | DIGEST: ${{ steps.build-and-push.outputs.digest }} 93 | # This step uses the identity token to provision an ephemeral certificate 94 | # against the sigstore community Fulcio instance. 95 | run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} 96 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # Use Red Hat Universal Base Image 9 - Minimal 2 | FROM registry.access.redhat.com/ubi9/ubi-minimal:latest 3 | 4 | # Set the Gitea Version to install. 5 | # Check https://dl.gitea.io/gitea/ for available versions. 6 | ARG GITEA_VERSION="1.20.0" 7 | ARG BUILD_DATE="2023-10-01" 8 | 9 | ENV APP_HOME=/home/gitea 10 | ENV REPO_HOME=/gitea-repositories 11 | 12 | LABEL name="Gitea - Git Service" \ 13 | vendor="Gitea" \ 14 | io.k8s.display-name="Gitea - Git Service" \ 15 | io.openshift.expose-services="3000/tcp:gitea,2022/tcp:ssh" \ 16 | io.openshift.tags="gitea" \ 17 | build-date=$BUILD_DATE \ 18 | version=$GITEA_VERSION \ 19 | release="1" \ 20 | maintainer="Wolfgang Kulhanek " 21 | 22 | COPY ./root / 23 | 24 | # Update latest packages and install Prerequisites 25 | RUN microdnf -y update \ 26 | && microdnf -y install git ca-certificates openssh gettext openssh tzdata tar gzip bzip2 source-highlight \ 27 | && microdnf -y clean all \ 28 | && rm -rf /var/cache/yum 29 | # && microdnf -y install git ca-certificates openssh gettext openssh tzdata tar gzip bzip2 asciidoc source-highlight \ 30 | 31 | RUN adduser gitea --home-dir=/home/gitea \ 32 | && mkdir ${REPO_HOME} \ 33 | && chmod 775 ${REPO_HOME} \ 34 | && chgrp 0 ${REPO_HOME} \ 35 | && mkdir -p ${APP_HOME}/data/lfs \ 36 | && mkdir -p ${APP_HOME}/conf \ 37 | && mkdir /.ssh \ 38 | && curl -L -o ${APP_HOME}/gitea https://dl.gitea.io/gitea/${GITEA_VERSION}/gitea-${GITEA_VERSION}-linux-amd64 \ 39 | && chmod 775 ${APP_HOME}/gitea \ 40 | && chown gitea:root ${APP_HOME}/gitea \ 41 | && chgrp -R 0 ${APP_HOME} \ 42 | && chgrp -R 0 /.ssh \ 43 | && chmod -R g=u ${APP_HOME} /etc/passwd 44 | 45 | WORKDIR ${APP_HOME} 46 | VOLUME ${REPO_HOME} 47 | EXPOSE 2022 3000 48 | USER 1001 49 | 50 | ENTRYPOINT ["/usr/bin/rungitea"] 51 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Gitea for OpenShift 2 | Gitea is a Git service. Learn more about it at https://gitea.io. 3 | 4 | Running containers on OpenShift comes with certain security and other requirements. This repository contains: 5 | 6 | * A Dockerfile for building an OpenShift-compatible Gitea image 7 | * A shell script to build the image using podman 8 | * The run scripts used in the Docker image 9 | 10 | ## Prerequisites 11 | * An account in an OpenShift 4.10+ environment and a project 12 | 13 | * Gitea requires a database to store its information. Provisioning a database is out-of-scope for this repository. If you wish to run the database on OpenShift, it is suggested that you deploy PostgreSQL using persistent storage. More information on the OpenShift PostgreSQL deployment is here: 14 | 15 | https://docs.openshift.org/latest/using_images/db_images/postgresql.html 16 | 17 | # Deployment via Operator 18 | A Gitea Operator can be found at https://github.com/rhpds/gitea-operator. Operators are the preferred way to deploy applications on Kubernetes. 19 | 20 | # Deployment via Helm Chart 21 | A Helm Chart has been created at [https://github.com/redhat-cop/helm-charts/charts/gitea](https://github.com/redhat-cop/helm-charts/tree/master/charts/gitea). 22 | 23 | Note that hostname is required during Gitea Helm chart installation in order to configure repository URLs correctly. 24 | 25 | # Deployment via OpenShift Template 26 | Gitea can be easily deployed using the included templates in `openshift` folder. 27 | 28 | Note that the template deploys PostgreSQL 12. If you are on an older OpenShift cluster that doesn't have that ImageStream available yet then modify the template first to use a PostgreSQL version that your clusters supports (9.6 or 10) in the ImageStream object. 29 | 30 | If your have persistent volumes available in your cluster: 31 | 32 | ``` 33 | oc new-app -f https://raw.githubusercontent.com/rhpds/openshift-gitea-image/main/openshift/gitea-persistent-template.yaml --param=HOSTNAME=gitea-demo.yourdomain.com 34 | ``` 35 | Otherwise: 36 | ``` 37 | oc new-app -f https://raw.githubusercontent.com/rhpds/openshift-gitea-image/main/openshift/gitea-ephemeral-template.yaml --param=HOSTNAME=gitea-demo.yourdomain.com 38 | ``` 39 | 40 | Note that hostname is required during Gitea template deployment in order to configure repository URLs correctly. 41 | 42 | Added automatic build 43 | -------------------------------------------------------------------------------- /build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | MAJOR_VERSION=1.23 3 | MINOR_VERSION=8 4 | 5 | GITEA_VERSION="${MAJOR_VERSION}.${MINOR_VERSION}" 6 | BUILD_DATE=$(date +"%Y-%m-%d") 7 | 8 | podman build . \ 9 | --build-arg GITEA_VERSION=${GITEA_VERSION} \ 10 | --build-arg BUILD_DATE=${BUILD_DATE} \ 11 | --tag quay.io/rhpds/gitea:latest 12 | 13 | podman tag quay.io/rhpds/gitea:latest quay.io/rhpds/gitea:${MAJOR_VERSION}.${MINOR_VERSION} 14 | podman tag quay.io/rhpds/gitea:latest quay.io/rhpds/gitea:${MAJOR_VERSION} 15 | 16 | podman push quay.io/rhpds/gitea:${MAJOR_VERSION}.${MINOR_VERSION} 17 | podman push quay.io/rhpds/gitea:${MAJOR_VERSION} 18 | podman push quay.io/rhpds/gitea:latest 19 | # git tag ${MAJOR_VERSION}.${MINOR_VERSION} 20 | # git push origin ${MAJOR_VERSION}.${MINOR_VERSION} 21 | -------------------------------------------------------------------------------- /clean.sh: -------------------------------------------------------------------------------- 1 | oc delete all -lapp=gitea 2 | oc delete cm gitea 3 | oc delete pvc gitea-data 4 | oc delete all -lapp=postgresql_gitea 5 | oc delete pvc postgresql 6 | oc delete secret postgresql 7 | -------------------------------------------------------------------------------- /openshift/gitea-ephemeral-template.yaml: -------------------------------------------------------------------------------- 1 | kind: Template 2 | apiVersion: v1 3 | metadata: 4 | annotations: 5 | description: The Gitea git server (https://gitea.io/en-US/) 6 | tags: instant-app,gitea,datastore 7 | iconClass: "icon-github" 8 | name: gitea-persistent 9 | objects: 10 | - kind: ServiceAccount 11 | apiVersion: v1 12 | metadata: 13 | creationTimestamp: null 14 | labels: 15 | app: ${APPLICATION_NAME} 16 | name: ${APPLICATION_NAME} 17 | - kind: Service 18 | apiVersion: v1 19 | metadata: 20 | annotations: 21 | description: Exposes the database server 22 | name: ${APPLICATION_NAME}-postgresql 23 | spec: 24 | ports: 25 | - name: postgresql 26 | port: 5432 27 | targetPort: 5432 28 | selector: 29 | name: ${APPLICATION_NAME}-postgresql 30 | - kind: DeploymentConfig 31 | apiVersion: v1 32 | metadata: 33 | annotations: 34 | description: Defines how to deploy the database 35 | name: ${APPLICATION_NAME}-postgresql 36 | spec: 37 | replicas: 1 38 | selector: 39 | name: ${APPLICATION_NAME}-postgresql 40 | strategy: 41 | type: Recreate 42 | template: 43 | metadata: 44 | labels: 45 | name: ${APPLICATION_NAME}-postgresql 46 | name: ${APPLICATION_NAME}-postgresql 47 | spec: 48 | serviceAccountName: ${APPLICATION_NAME} 49 | containers: 50 | - env: 51 | - name: POSTGRESQL_USER 52 | value: ${DATABASE_USER} 53 | - name: POSTGRESQL_PASSWORD 54 | value: ${DATABASE_PASSWORD} 55 | - name: POSTGRESQL_DATABASE 56 | value: ${DATABASE_NAME} 57 | - name: POSTGRESQL_MAX_CONNECTIONS 58 | value: ${DATABASE_MAX_CONNECTIONS} 59 | - name: POSTGRESQL_SHARED_BUFFERS 60 | value: ${DATABASE_SHARED_BUFFERS} 61 | - name: POSTGRESQL_ADMIN_PASSWORD 62 | value: ${DATABASE_ADMIN_PASSWORD} 63 | image: ' ' 64 | livenessProbe: 65 | initialDelaySeconds: 30 66 | tcpSocket: 67 | port: 5432 68 | timeoutSeconds: 1 69 | name: postgresql 70 | ports: 71 | - containerPort: 5432 72 | readinessProbe: 73 | exec: 74 | command: 75 | - /bin/sh 76 | - -i 77 | - -c 78 | - psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1' 79 | initialDelaySeconds: 5 80 | timeoutSeconds: 1 81 | resources: 82 | limits: 83 | memory: 512Mi 84 | volumeMounts: 85 | - mountPath: /var/lib/pgsql/data 86 | name: gitea-postgres-data 87 | volumes: 88 | - name: gitea-postgres-data 89 | emptyDir: {} 90 | triggers: 91 | - imageChangeParams: 92 | automatic: true 93 | containerNames: 94 | - postgresql 95 | from: 96 | kind: ImageStreamTag 97 | name: postgresql:12 98 | namespace: openshift 99 | type: ImageChange 100 | - type: ConfigChange 101 | - kind: Service 102 | apiVersion: v1 103 | metadata: 104 | annotations: 105 | description: The Gitea server's http port 106 | service.alpha.openshift.io/dependencies: '[{"name":"${APPLICATION_NAME}-postgresql","namespace":"","kind":"Service"}]' 107 | labels: 108 | app: ${APPLICATION_NAME} 109 | name: ${APPLICATION_NAME} 110 | spec: 111 | ports: 112 | - name: 3000-tcp 113 | port: 3000 114 | protocol: TCP 115 | targetPort: 3000 116 | selector: 117 | app: ${APPLICATION_NAME} 118 | deploymentconfig: ${APPLICATION_NAME} 119 | sessionAffinity: None 120 | type: ClusterIP 121 | status: 122 | loadBalancer: {} 123 | - kind: Route 124 | apiVersion: v1 125 | id: ${APPLICATION_NAME}-http 126 | metadata: 127 | annotations: 128 | description: Route for application's http service. 129 | labels: 130 | app: ${APPLICATION_NAME} 131 | name: ${APPLICATION_NAME} 132 | spec: 133 | host: ${HOSTNAME} 134 | to: 135 | name: ${APPLICATION_NAME} 136 | tls: 137 | termination: edge 138 | - kind: DeploymentConfig 139 | apiVersion: v1 140 | metadata: 141 | labels: 142 | app: ${APPLICATION_NAME} 143 | name: ${APPLICATION_NAME} 144 | spec: 145 | replicas: 1 146 | selector: 147 | app: ${APPLICATION_NAME} 148 | deploymentconfig: ${APPLICATION_NAME} 149 | strategy: 150 | resources: {} 151 | rollingParams: 152 | intervalSeconds: 1 153 | maxSurge: 25% 154 | maxUnavailable: 25% 155 | timeoutSeconds: 600 156 | updatePeriodSeconds: 1 157 | type: Rolling 158 | template: 159 | metadata: 160 | creationTimestamp: null 161 | labels: 162 | app: ${APPLICATION_NAME} 163 | deploymentconfig: ${APPLICATION_NAME} 164 | spec: 165 | serviceAccountName: ${APPLICATION_NAME} 166 | containers: 167 | - image: "${GITEA_IMAGE}:${GITEA_VERSION}" 168 | imagePullPolicy: Always 169 | name: ${APPLICATION_NAME} 170 | ports: 171 | - containerPort: 3000 172 | protocol: TCP 173 | resources: {} 174 | terminationMessagePath: /dev/termination-log 175 | volumeMounts: 176 | - name: gitea-repositories 177 | mountPath: /gitea-repositories 178 | - name: gitea-config 179 | mountPath: /home/gitea/conf 180 | readinessProbe: 181 | httpGet: 182 | path: / 183 | port: 3000 184 | scheme: HTTP 185 | initialDelaySeconds: 5 186 | timeoutSeconds: 1 187 | periodSeconds: 20 188 | successThreshold: 1 189 | failureThreshold: 3 190 | livenessProbe: 191 | httpGet: 192 | path: / 193 | port: 3000 194 | scheme: HTTP 195 | initialDelaySeconds: 30 196 | timeoutSeconds: 1 197 | periodSeconds: 10 198 | successThreshold: 1 199 | failureThreshold: 3 200 | dnsPolicy: ClusterFirst 201 | restartPolicy: Always 202 | securityContext: {} 203 | terminationGracePeriodSeconds: 30 204 | volumes: 205 | - name: gitea-repositories 206 | emptyDir: {} 207 | - name: gitea-config 208 | configMap: 209 | name: gitea-config 210 | items: 211 | - key: app.ini 212 | path: app.ini 213 | test: false 214 | triggers: 215 | - type: ConfigChange 216 | - kind: PersistentVolumeClaim 217 | apiVersion: v1 218 | metadata: 219 | name: gitea-repositories 220 | spec: 221 | accessModes: 222 | - ReadWriteOnce 223 | resources: 224 | requests: 225 | storage: ${GITEA_VOLUME_CAPACITY} 226 | - kind: PersistentVolumeClaim 227 | apiVersion: v1 228 | metadata: 229 | name: gitea-postgres-data 230 | spec: 231 | accessModes: 232 | - ReadWriteOnce 233 | resources: 234 | requests: 235 | storage: ${DB_VOLUME_CAPACITY} 236 | - kind: ConfigMap 237 | apiVersion: v1 238 | metadata: 239 | name: gitea-config 240 | data: 241 | app.ini: | 242 | APP_NAME = Gitea: Git with a cup of tea 243 | RUN_USER = gitea 244 | RUN_MODE = prod 245 | 246 | [security] 247 | INTERNAL_TOKEN = ${GITEA_INTERNAL_TOKEN} 248 | INSTALL_LOCK = true 249 | SECRET_KEY = ${GITEA_SECRET_KEY} 250 | PASSWORD_COMPLEXITY = off 251 | 252 | [oauth2] 253 | ENABLE = false 254 | 255 | [database] 256 | DB_TYPE = postgres 257 | HOST = ${APPLICATION_NAME}-postgresql:5432 258 | NAME = ${DATABASE_NAME} 259 | USER = ${DATABASE_USER} 260 | PASSWD = ${DATABASE_PASSWORD} 261 | SSL_MODE = disable 262 | 263 | [repository] 264 | ROOT = /gitea-repositories 265 | 266 | [server] 267 | ROOT_URL = https://${HOSTNAME} 268 | SSH_DOMAIN = ${HOSTNAME} 269 | DOMAIN = ${HOSTNAME} 270 | HTTP_PORT = 3000 271 | SSH_PORT = 2022 272 | DISABLE_SSH = false 273 | START_SSH_SERVER = true 274 | LFS_START_SERVER = false 275 | OFFLINE_MODE = false 276 | 277 | [mailer] 278 | ENABLED = false 279 | 280 | [service] 281 | REGISTER_EMAIL_CONFIRM = false 282 | ENABLE_NOTIFY_MAIL = false 283 | DISABLE_REGISTRATION = false 284 | ENABLE_CAPTCHA = false 285 | REQUIRE_SIGNIN_VIEW = false 286 | DEFAULT_KEEP_EMAIL_PRIVATE = false 287 | DEFAULT_ALLOW_CREATE_ORGANIZATION = true 288 | DEFAULT_ENABLE_TIMETRACKING = true 289 | NO_REPLY_ADDRESS = noreply.example.org 290 | 291 | [picture] 292 | DISABLE_GRAVATAR = false 293 | ENABLE_FEDERATED_AVATAR = true 294 | 295 | [openid] 296 | ENABLE_OPENID_SIGNIN = false 297 | ENABLE_OPENID_SIGNUP = false 298 | 299 | [session] 300 | PROVIDER = file 301 | 302 | [log] 303 | MODE = file 304 | LEVEL = Info 305 | ROOT_PATH = /home/gitea/log 306 | 307 | [markup.asciidoc] 308 | ENABLED = true 309 | FILE_EXTENSIONS = .adoc,.asciidoc 310 | RENDER_COMMAND = "asciidoc --out-file=- -" 311 | IS_INPUT_FILE = false 312 | parameters: 313 | - description: The name for the application. 314 | name: APPLICATION_NAME 315 | required: true 316 | value: gitea 317 | - description: 'Custom hostname for http service route. Leave blank for default hostname, e.g.: -.' 318 | name: HOSTNAME 319 | required: true 320 | - description: Volume space available for data, e.g. 512Mi, 2Gi 321 | name: GITEA_VOLUME_CAPACITY 322 | required: true 323 | value: 1Gi 324 | - description: Volume space available for postregs data, e.g. 512Mi, 2Gi 325 | name: DB_VOLUME_CAPACITY 326 | required: true 327 | value: 1Gi 328 | - displayName: Database Username 329 | from: gitea 330 | value: gitea 331 | name: DATABASE_USER 332 | - displayName: Database Password 333 | from: '[a-zA-Z0-9]{8}' 334 | value: gitea 335 | name: DATABASE_PASSWORD 336 | - displayName: Database Name 337 | name: DATABASE_NAME 338 | value: gitea 339 | - displayName: Database Admin Password 340 | from: '[a-zA-Z0-9]{8}' 341 | generate: expression 342 | name: DATABASE_ADMIN_PASSWORD 343 | - displayName: Maximum Database Connections 344 | name: DATABASE_MAX_CONNECTIONS 345 | value: "100" 346 | - displayName: Shared Buffer Amount 347 | name: DATABASE_SHARED_BUFFERS 348 | value: 12MB 349 | - name: INSTALL_LOCK 350 | displayName: Installation lock 351 | description: 'If set to true, installation (/install) page will be disabled. Set to false if you want to run the installation wizard via web' 352 | value: "true" 353 | - name: GITEA_INTERNAL_TOKEN 354 | displayName: Gitea Internal Security Token 355 | description: Gitea Internal Security Token 356 | from: '[a-zA-Z0-9]{105}' 357 | generate: expression 358 | - name: GITEA_SECRET_KEY 359 | displayName: Gitea Secret Key 360 | description: Gitea Secret Key 361 | from: '[a-zA-Z0-9]{10}' 362 | generate: expression 363 | - name: GITEA_IMAGE 364 | displayName: Gitea Image 365 | description: The name and tag for the Gitea Image to use 366 | value: "quay.io/rhpds/gitea" 367 | required: true 368 | - name: GITEA_VERSION 369 | displayName: Gitea Image Version Tag 370 | description: The tag for the Gitea Image to use 371 | value: "latest" 372 | required: true 373 | -------------------------------------------------------------------------------- /openshift/gitea-persistent-template.yaml: -------------------------------------------------------------------------------- 1 | kind: Template 2 | apiVersion: v1 3 | metadata: 4 | annotations: 5 | description: The Gitea git server (https://gitea.io/en-US/) 6 | tags: instant-app,gitea,datastore 7 | iconClass: "icon-github" 8 | name: gitea-persistent 9 | objects: 10 | - kind: ServiceAccount 11 | apiVersion: v1 12 | metadata: 13 | creationTimestamp: null 14 | labels: 15 | app: ${APPLICATION_NAME} 16 | name: ${APPLICATION_NAME} 17 | - kind: Service 18 | apiVersion: v1 19 | metadata: 20 | annotations: 21 | description: Exposes the database server 22 | name: ${APPLICATION_NAME}-postgresql 23 | spec: 24 | ports: 25 | - name: postgresql 26 | port: 5432 27 | targetPort: 5432 28 | selector: 29 | name: ${APPLICATION_NAME}-postgresql 30 | - kind: DeploymentConfig 31 | apiVersion: v1 32 | metadata: 33 | annotations: 34 | description: Defines how to deploy the database 35 | name: ${APPLICATION_NAME}-postgresql 36 | spec: 37 | replicas: 1 38 | selector: 39 | name: ${APPLICATION_NAME}-postgresql 40 | strategy: 41 | type: Recreate 42 | template: 43 | metadata: 44 | labels: 45 | name: ${APPLICATION_NAME}-postgresql 46 | name: ${APPLICATION_NAME}-postgresql 47 | spec: 48 | serviceAccountName: ${APPLICATION_NAME} 49 | containers: 50 | - env: 51 | - name: POSTGRESQL_USER 52 | value: ${DATABASE_USER} 53 | - name: POSTGRESQL_PASSWORD 54 | value: ${DATABASE_PASSWORD} 55 | - name: POSTGRESQL_DATABASE 56 | value: ${DATABASE_NAME} 57 | - name: POSTGRESQL_MAX_CONNECTIONS 58 | value: ${DATABASE_MAX_CONNECTIONS} 59 | - name: POSTGRESQL_SHARED_BUFFERS 60 | value: ${DATABASE_SHARED_BUFFERS} 61 | - name: POSTGRESQL_ADMIN_PASSWORD 62 | value: ${DATABASE_ADMIN_PASSWORD} 63 | image: ' ' 64 | livenessProbe: 65 | initialDelaySeconds: 30 66 | tcpSocket: 67 | port: 5432 68 | timeoutSeconds: 1 69 | name: postgresql 70 | ports: 71 | - containerPort: 5432 72 | readinessProbe: 73 | exec: 74 | command: 75 | - /bin/sh 76 | - -i 77 | - -c 78 | - psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1' 79 | initialDelaySeconds: 5 80 | timeoutSeconds: 1 81 | resources: 82 | limits: 83 | memory: 512Mi 84 | volumeMounts: 85 | - mountPath: /var/lib/pgsql/data 86 | name: gitea-postgres-data 87 | volumes: 88 | - name: gitea-postgres-data 89 | persistentVolumeClaim: 90 | claimName: gitea-postgres-data 91 | triggers: 92 | - imageChangeParams: 93 | automatic: true 94 | containerNames: 95 | - postgresql 96 | from: 97 | kind: ImageStreamTag 98 | name: postgresql:12 99 | namespace: openshift 100 | type: ImageChange 101 | - type: ConfigChange 102 | - kind: Service 103 | apiVersion: v1 104 | metadata: 105 | annotations: 106 | description: The Gitea server's http port 107 | service.alpha.openshift.io/dependencies: '[{"name":"${APPLICATION_NAME}-postgresql","namespace":"","kind":"Service"}]' 108 | labels: 109 | app: ${APPLICATION_NAME} 110 | name: ${APPLICATION_NAME} 111 | spec: 112 | ports: 113 | - name: 3000-tcp 114 | port: 3000 115 | protocol: TCP 116 | targetPort: 3000 117 | selector: 118 | app: ${APPLICATION_NAME} 119 | deploymentconfig: ${APPLICATION_NAME} 120 | sessionAffinity: None 121 | type: ClusterIP 122 | status: 123 | loadBalancer: {} 124 | - kind: Route 125 | apiVersion: v1 126 | id: ${APPLICATION_NAME}-http 127 | metadata: 128 | annotations: 129 | description: Route for application's http service. 130 | labels: 131 | app: ${APPLICATION_NAME} 132 | name: ${APPLICATION_NAME} 133 | spec: 134 | host: ${HOSTNAME} 135 | to: 136 | name: ${APPLICATION_NAME} 137 | tls: 138 | termination: edge 139 | - kind: DeploymentConfig 140 | apiVersion: v1 141 | metadata: 142 | labels: 143 | app: ${APPLICATION_NAME} 144 | name: ${APPLICATION_NAME} 145 | spec: 146 | replicas: 1 147 | selector: 148 | app: ${APPLICATION_NAME} 149 | deploymentconfig: ${APPLICATION_NAME} 150 | strategy: 151 | resources: {} 152 | rollingParams: 153 | intervalSeconds: 1 154 | maxSurge: 25% 155 | maxUnavailable: 25% 156 | timeoutSeconds: 600 157 | updatePeriodSeconds: 1 158 | type: Rolling 159 | template: 160 | metadata: 161 | creationTimestamp: null 162 | labels: 163 | app: ${APPLICATION_NAME} 164 | deploymentconfig: ${APPLICATION_NAME} 165 | spec: 166 | serviceAccountName: ${APPLICATION_NAME} 167 | containers: 168 | - image: "${GITEA_IMAGE}:${GITEA_VERSION}" 169 | imagePullPolicy: Always 170 | name: ${APPLICATION_NAME} 171 | ports: 172 | - containerPort: 3000 173 | protocol: TCP 174 | resources: {} 175 | terminationMessagePath: /dev/termination-log 176 | volumeMounts: 177 | - name: gitea-repositories 178 | mountPath: /gitea-repositories 179 | - name: gitea-config 180 | mountPath: /home/gitea/conf 181 | readinessProbe: 182 | httpGet: 183 | path: / 184 | port: 3000 185 | scheme: HTTP 186 | initialDelaySeconds: 5 187 | timeoutSeconds: 1 188 | periodSeconds: 20 189 | successThreshold: 1 190 | failureThreshold: 3 191 | livenessProbe: 192 | httpGet: 193 | path: / 194 | port: 3000 195 | scheme: HTTP 196 | initialDelaySeconds: 30 197 | timeoutSeconds: 1 198 | periodSeconds: 10 199 | successThreshold: 1 200 | failureThreshold: 3 201 | dnsPolicy: ClusterFirst 202 | restartPolicy: Always 203 | securityContext: {} 204 | terminationGracePeriodSeconds: 30 205 | volumes: 206 | - name: gitea-repositories 207 | persistentVolumeClaim: 208 | claimName: gitea-repositories 209 | - name: gitea-config 210 | configMap: 211 | name: gitea-config 212 | items: 213 | - key: app.ini 214 | path: app.ini 215 | test: false 216 | triggers: 217 | - type: ConfigChange 218 | - kind: PersistentVolumeClaim 219 | apiVersion: v1 220 | metadata: 221 | name: gitea-repositories 222 | spec: 223 | accessModes: 224 | - ReadWriteOnce 225 | resources: 226 | requests: 227 | storage: ${GITEA_VOLUME_CAPACITY} 228 | - kind: PersistentVolumeClaim 229 | apiVersion: v1 230 | metadata: 231 | name: gitea-postgres-data 232 | spec: 233 | accessModes: 234 | - ReadWriteOnce 235 | resources: 236 | requests: 237 | storage: ${DB_VOLUME_CAPACITY} 238 | - kind: ConfigMap 239 | apiVersion: v1 240 | metadata: 241 | name: gitea-config 242 | data: 243 | app.ini: | 244 | APP_NAME = Gitea: Git with a cup of tea 245 | RUN_USER = gitea 246 | RUN_MODE = prod 247 | 248 | [security] 249 | INTERNAL_TOKEN = ${GITEA_INTERNAL_TOKEN} 250 | INSTALL_LOCK = true 251 | SECRET_KEY = ${GITEA_SECRET_KEY} 252 | PASSWORD_COMPLEXITY = off 253 | 254 | [oauth2] 255 | ENABLE = false 256 | 257 | [database] 258 | DB_TYPE = postgres 259 | HOST = ${APPLICATION_NAME}-postgresql:5432 260 | NAME = ${DATABASE_NAME} 261 | USER = ${DATABASE_USER} 262 | PASSWD = ${DATABASE_PASSWORD} 263 | SSL_MODE = disable 264 | 265 | [repository] 266 | ROOT = /gitea-repositories 267 | 268 | [server] 269 | ROOT_URL = https://${HOSTNAME} 270 | SSH_DOMAIN = ${HOSTNAME} 271 | DOMAIN = ${HOSTNAME} 272 | HTTP_PORT = 3000 273 | SSH_PORT = 2022 274 | DISABLE_SSH = false 275 | START_SSH_SERVER = true 276 | LFS_START_SERVER = false 277 | OFFLINE_MODE = false 278 | 279 | [mailer] 280 | ENABLED = false 281 | 282 | [service] 283 | REGISTER_EMAIL_CONFIRM = false 284 | ENABLE_NOTIFY_MAIL = false 285 | DISABLE_REGISTRATION = false 286 | ENABLE_CAPTCHA = false 287 | REQUIRE_SIGNIN_VIEW = false 288 | DEFAULT_KEEP_EMAIL_PRIVATE = false 289 | DEFAULT_ALLOW_CREATE_ORGANIZATION = true 290 | DEFAULT_ENABLE_TIMETRACKING = true 291 | NO_REPLY_ADDRESS = noreply.example.org 292 | 293 | [picture] 294 | DISABLE_GRAVATAR = false 295 | ENABLE_FEDERATED_AVATAR = true 296 | 297 | [openid] 298 | ENABLE_OPENID_SIGNIN = false 299 | ENABLE_OPENID_SIGNUP = false 300 | 301 | [session] 302 | PROVIDER = file 303 | 304 | [log] 305 | MODE = file 306 | LEVEL = Info 307 | ROOT_PATH = /home/gitea/log 308 | 309 | [markup.asciidoc] 310 | ENABLED = true 311 | FILE_EXTENSIONS = .adoc,.asciidoc 312 | RENDER_COMMAND = "asciidoc --out-file=- -" 313 | IS_INPUT_FILE = false 314 | parameters: 315 | - description: The name for the application. 316 | name: APPLICATION_NAME 317 | required: true 318 | value: gitea 319 | - description: 'Custom hostname for http service route. Leave blank for default hostname, e.g.: -.' 320 | name: HOSTNAME 321 | required: true 322 | - description: Volume space available for data, e.g. 512Mi, 2Gi 323 | name: GITEA_VOLUME_CAPACITY 324 | required: true 325 | value: 1Gi 326 | - description: Volume space available for postregs data, e.g. 512Mi, 2Gi 327 | name: DB_VOLUME_CAPACITY 328 | required: true 329 | value: 1Gi 330 | - displayName: Database Username 331 | from: gitea 332 | value: gitea 333 | name: DATABASE_USER 334 | - displayName: Database Password 335 | from: '[a-zA-Z0-9]{8}' 336 | value: gitea 337 | name: DATABASE_PASSWORD 338 | - displayName: Database Name 339 | name: DATABASE_NAME 340 | value: gitea 341 | - displayName: Database Admin Password 342 | from: '[a-zA-Z0-9]{8}' 343 | generate: expression 344 | name: DATABASE_ADMIN_PASSWORD 345 | - displayName: Maximum Database Connections 346 | name: DATABASE_MAX_CONNECTIONS 347 | value: "100" 348 | - displayName: Shared Buffer Amount 349 | name: DATABASE_SHARED_BUFFERS 350 | value: 12MB 351 | - name: INSTALL_LOCK 352 | displayName: Installation lock 353 | description: 'If set to true, installation (/install) page will be disabled. Set to false if you want to run the installation wizard via web' 354 | value: "true" 355 | - name: GITEA_INTERNAL_TOKEN 356 | displayName: Gitea Internal Security Token 357 | description: Gitea Internal Security Token 358 | from: '[a-zA-Z0-9]{105}' 359 | generate: expression 360 | - name: GITEA_SECRET_KEY 361 | displayName: Gitea Secret Key 362 | description: Gitea Secret Key 363 | from: '[a-zA-Z0-9]{10}' 364 | generate: expression 365 | - name: GITEA_IMAGE 366 | displayName: Gitea Image 367 | description: The name and tag for the Gitea Image to use 368 | value: "quay.io/rhpds/gitea" 369 | required: true 370 | - name: GITEA_VERSION 371 | displayName: Gitea Image Version Tag 372 | description: The tag for the Gitea Image to use 373 | value: "latest" 374 | required: true 375 | -------------------------------------------------------------------------------- /root/usr/bin/giteacmd: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Set a few environment variables to make Gitea behave 4 | export GITEA_WORK_DIR=/home/gitea 5 | export USER=gitea 6 | export USERNAME=gitea 7 | export HOME=/home/gitea 8 | 9 | # Run gitea command 10 | exec /home/gitea/gitea --config=/home/gitea/conf/app.ini "$@" 11 | -------------------------------------------------------------------------------- /root/usr/bin/rungitea: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Set a few environment variables to make Gitea behave 4 | export GITEA_WORK_DIR=/home/gitea 5 | export USER=gitea 6 | export USERNAME=gitea 7 | export HOME=/home/gitea 8 | 9 | # Updated /etc/passwd with current UID of the running container 10 | grep -v ^gitea /etc/passwd > "/tmp/passwd" 11 | echo "gitea:x:$(id -u):0:gitea user:/data:/sbin/nologin" >> /tmp/passwd 12 | cat /tmp/passwd >/etc/passwd 13 | rm /tmp/passwd 14 | 15 | # Set up config directory with app.ini from ConfigMap 16 | if [ ! -d "${GITEA_WORK_DIR}/conf" ]; then 17 | mkdir ${GITEA_WORK_DIR}/conf 18 | fi 19 | 20 | # Copy app.ini imported from ConfigMap to writeable location 21 | if [ -f "${GITEA_WORK_DIR}/conf-import/app.ini" ]; then 22 | cp ${GITEA_WORK_DIR}/conf-import/app.ini ${GITEA_WORK_DIR}/conf/app.ini 23 | fi 24 | 25 | # Start Gitea's Web Interface 26 | exec ${GITEA_WORK_DIR}/gitea --config=${GITEA_WORK_DIR}/conf/app.ini web 27 | 28 | -------------------------------------------------------------------------------- /setup.sh: -------------------------------------------------------------------------------- 1 | oc new-app postgresql-persistent \ 2 | --param POSTGRESQL_DATABASE=gitea \ 3 | --param POSTGRESQL_USER=gitea \ 4 | --param POSTGRESQL_PASSWORD=gitea \ 5 | --param VOLUME_CAPACITY=4Gi \ 6 | -lapp=postgresql_gitea 7 | 8 | echo "apiVersion: v1 9 | kind: PersistentVolumeClaim 10 | metadata: 11 | name: gitea-data 12 | spec: 13 | accessModes: 14 | - ReadWriteOnce 15 | resources: 16 | requests: 17 | storage: 4Gi" | oc create -f - 18 | 19 | oc new-app quay.io/wkulhanek/gitea:latest -lapp=gitea --name=gitea 20 | oc set volume dc/gitea \ 21 | --add \ 22 | --overwrite \ 23 | --name=gitea-volume-1 \ 24 | --mount-path=/gitea-repositories \ 25 | --type persistentVolumeClaim \ 26 | --claim-name=gitea-data 27 | oc expose svc gitea 28 | --------------------------------------------------------------------------------