From ca1d7015a7e203b0a18aaa5935aa5d7db6abef6f Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Sun, 25 Aug 2024 16:19:11 +0100
Subject: [PATCH] Migrate from gitea to forgejo

It's not just the colour scheme, honest!

Some things still need renaming, but at least the application has moved.
---
 ansible/main.yml                              |  4 +-
 .../roles/{gitea => forgejo}/files/app.ini    |  9 +-
 .../files/docker-compose.yml                  |  8 +-
 .../{gitea => forgejo}/files/footer.html      |  2 +-
 .../{gitea => forgejo}/handlers/main.yml      |  0
 .../roles/{gitea => forgejo}/tasks/main.yml   | 16 ----
 .../roles/{gitea => forgejo}/vars/vault.yml   |  0
 ansible/roles/forgejo_runner/files/config.yml | 82 +++++++++++++++++++
 .../forgejo_runner/files/docker-compose.yml   | 20 +++++
 .../roles/forgejo_runner/handlers/main.yml    |  4 +
 ansible/roles/forgejo_runner/tasks/main.yml   | 34 ++++++++
 .../gitea_runner/files/docker-compose.yml     | 17 ----
 ansible/roles/gitea_runner/handlers/main.yml  |  4 -
 ansible/roles/gitea_runner/tasks/main.yml     | 20 -----
 ansible/roles/gitea_runner/vars/vault.yml     | 10 ---
 15 files changed, 151 insertions(+), 79 deletions(-)
 rename ansible/roles/{gitea => forgejo}/files/app.ini (93%)
 rename ansible/roles/{gitea => forgejo}/files/docker-compose.yml (84%)
 rename ansible/roles/{gitea => forgejo}/files/footer.html (81%)
 rename ansible/roles/{gitea => forgejo}/handlers/main.yml (100%)
 rename ansible/roles/{gitea => forgejo}/tasks/main.yml (70%)
 rename ansible/roles/{gitea => forgejo}/vars/vault.yml (100%)
 create mode 100644 ansible/roles/forgejo_runner/files/config.yml
 create mode 100644 ansible/roles/forgejo_runner/files/docker-compose.yml
 create mode 100644 ansible/roles/forgejo_runner/handlers/main.yml
 create mode 100644 ansible/roles/forgejo_runner/tasks/main.yml
 delete mode 100644 ansible/roles/gitea_runner/files/docker-compose.yml
 delete mode 100644 ansible/roles/gitea_runner/handlers/main.yml
 delete mode 100644 ansible/roles/gitea_runner/tasks/main.yml
 delete mode 100644 ansible/roles/gitea_runner/vars/vault.yml

diff --git a/ansible/main.yml b/ansible/main.yml
index 563d5fe..dad799f 100644
--- a/ansible/main.yml
+++ b/ansible/main.yml
@@ -63,7 +63,7 @@
     - vaultwarden
     - tandoor
     - mastodon
-    - gitea
+    - forgejo
     - vikunja
     - authentik
     - minio
@@ -126,7 +126,7 @@
 
 - hosts: gitea-runner
   roles:
-    - gitea_runner
+    - forgejo_runner
 
 - hosts: renovate
   roles:
diff --git a/ansible/roles/gitea/files/app.ini b/ansible/roles/forgejo/files/app.ini
similarity index 93%
rename from ansible/roles/gitea/files/app.ini
rename to ansible/roles/forgejo/files/app.ini
index 23e9f63..2132e5e 100644
--- a/ansible/roles/gitea/files/app.ini
+++ b/ansible/roles/forgejo/files/app.ini
@@ -32,7 +32,7 @@ PASSWD   = gitea
 
 [session]
 PROVIDER        = db
-COOKIE_NAME     = gitea_session
+COOKIE_NAME     = forgejo_session
 
 [log]
 LEVEL = warn
@@ -42,8 +42,8 @@ INSTALL_LOCK                  = true
 SECRET_KEY                    = {{ vault_secret_key }}
 INTERNAL_TOKEN                = {{ vault_internal_token }}
 PASSWORD_HASH_ALGO            = pbkdf2
-COOKIE_USERNAME               = gitea_username
-COOKIE_REMEMBER_NAME          = gitea_remember
+COOKIE_USERNAME               = forgejo_username
+COOKIE_REMEMBER_NAME          = forgejo_remember
 LOGIN_REMEMBER_DAYS           = 30
 REVERSE_PROXY_TRUSTED_PROXIES = *
 
@@ -64,9 +64,8 @@ REPO_PAGING_NUM = 100
 [ui]
 SITEMAP_PAGING_NUM   = 100
 FEED_PAGING_NUM      = 100
-DEFAULT_THEME        = gitea-auto
+DEFAULT_THEME        = forgejo-auto
 ISSUE_PAGING_NUM     = 100
-THEME_COLOR_META_TAG = "#ff7f00"
 FEED_MAX_COMMIT_NUM  = 30
 SHOW_USER_EMAIL      = false
 EXPLORE_PAGING_NUM   = 100
diff --git a/ansible/roles/gitea/files/docker-compose.yml b/ansible/roles/forgejo/files/docker-compose.yml
similarity index 84%
rename from ansible/roles/gitea/files/docker-compose.yml
rename to ansible/roles/forgejo/files/docker-compose.yml
index 9044a53..728a655 100644
--- a/ansible/roles/gitea/files/docker-compose.yml
+++ b/ansible/roles/forgejo/files/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
-  gitea:
-    image: gitea/gitea:1.22-rootless
+  forgejo:
+    image: code.forgejo.org/forgejo/forgejo:8-rootless
     user: "{{ docker_user.id }}:{{ docker_user.id }}"
     environment:
       - TZ={{ timezone }}
@@ -22,8 +22,8 @@ services:
       - redis
     labels:
       - traefik.enable=true
-      - traefik.http.routers.gitea.rule=Host(`git.theorangeone.net`)
-      - traefik.http.services.gitea-gitea.loadbalancer.server.port=3000
+      - traefik.http.routers.forgejo.rule=Host(`git.theorangeone.net`)
+      - traefik.http.services.forgejo-forgejo.loadbalancer.server.port=3000
     networks:
       - default
       - traefik
diff --git a/ansible/roles/gitea/files/footer.html b/ansible/roles/forgejo/files/footer.html
similarity index 81%
rename from ansible/roles/gitea/files/footer.html
rename to ansible/roles/forgejo/files/footer.html
index 27f98b4..b6cc7eb 100644
--- a/ansible/roles/gitea/files/footer.html
+++ b/ansible/roles/forgejo/files/footer.html
@@ -1,3 +1,3 @@
-{{ if not .SignedUserName}}
+{{ if not .IsSigned }}
   <script defer data-domain="git.theorangeone.net" src="https://elbisualp.theorangeone.net/js/script.js"></script>
 {{ end }}
diff --git a/ansible/roles/gitea/handlers/main.yml b/ansible/roles/forgejo/handlers/main.yml
similarity index 100%
rename from ansible/roles/gitea/handlers/main.yml
rename to ansible/roles/forgejo/handlers/main.yml
diff --git a/ansible/roles/gitea/tasks/main.yml b/ansible/roles/forgejo/tasks/main.yml
similarity index 70%
rename from ansible/roles/gitea/tasks/main.yml
rename to ansible/roles/forgejo/tasks/main.yml
index 6e5136f..2af0247 100644
--- a/ansible/roles/gitea/tasks/main.yml
+++ b/ansible/roles/forgejo/tasks/main.yml
@@ -28,14 +28,6 @@
   notify: restart gitea
   become: true
 
-- name: Create public images directory
-  file:
-    path: "{{ app_data_dir }}/gitea/data/custom/public/assets/img"
-    state: directory
-    owner: "{{ docker_user.name }}"
-    mode: "{{ docker_compose_directory_mask }}"
-  become: true
-
 - name: Create custom templates directory
   file:
     path: "{{ app_data_dir }}/gitea/data/custom/templates/custom"
@@ -45,14 +37,6 @@
     recurse: true
   become: true
 
-- name: Install custom branding
-  unarchive:
-    src: https://git.theorangeone.net/api/packages/sys/generic/gitea-branding/latest/branding.zip
-    dest: "{{ app_data_dir }}/gitea/data/custom/public/assets/img"
-    remote_src: true
-    owner: "{{ docker_user.name }}"
-  become: true
-
 - name: Install custom footer
   copy:
     src: files/footer.html
diff --git a/ansible/roles/gitea/vars/vault.yml b/ansible/roles/forgejo/vars/vault.yml
similarity index 100%
rename from ansible/roles/gitea/vars/vault.yml
rename to ansible/roles/forgejo/vars/vault.yml
diff --git a/ansible/roles/forgejo_runner/files/config.yml b/ansible/roles/forgejo_runner/files/config.yml
new file mode 100644
index 0000000..668e81b
--- /dev/null
+++ b/ansible/roles/forgejo_runner/files/config.yml
@@ -0,0 +1,82 @@
+# based on https://gitea.com/gitea/act_runner/src/tag/v0.2.6/internal/pkg/config/config.example.yaml
+
+log:
+  # The level of logging, can be trace, debug, info, warn, error, fatal
+  level: info
+
+runner:
+  # Where to store the registration result.
+  file: /data/.runner
+  # Execute how many tasks concurrently at the same time.
+  capacity: "{{ ansible_processor_nproc }}"
+  # Extra environment variables to run jobs.
+  envs: {}
+  # Extra environment variables to run jobs from a file.
+  # It will be ignored if it's empty or the file doesn't exist.
+  env_file: /data/.env
+  # The timeout for a job to be finished.
+  # Please note that the Gitea instance also has a timeout (3h by default) for the job.
+  # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
+  timeout: 3h
+  # Whether skip verifying the TLS certificate of the Gitea instance.
+  insecure: false
+  # The timeout for fetching the job from the Gitea instance.
+  fetch_timeout: 5s
+  # The interval for fetching the job from the Gitea instance.
+  fetch_interval: 5s
+  # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
+  # Like: ["macos-arm64:host", "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye"]
+  # If it's empty when registering, it will ask for inputting labels.
+  # If it's empty when execute `daemon`, will use labels in `.runner` file.
+  # labels: []
+
+cache:
+  # Enable cache server to use actions/cache.
+  enabled: true
+  # The directory to store the cache data.
+  # If it's empty, the cache data will be stored in /data/.cache/actcache.
+  dir: /data/cache/server
+  # The host of the cache server.
+  # It's not for the address to listen, but the address to connect from job containers.
+  # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
+  host: ""
+  # The port of the cache server.
+  # 0 means to use a random available port.
+  port: 0
+  # The external cache server URL. Valid only when enable is true.
+  # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
+  # The URL should generally end with "/".
+  external_server: ""
+
+container:
+  # Specifies the network to which the container will connect.
+  # Could be host, bridge or the name of a custom network.
+  # If it's empty, act_runner will create a network automatically.
+  network: bridge
+  # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
+  privileged: false
+  # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
+  options: ""
+  # The parent directory of a job's working directory.
+  # If it's empty, /workspace will be used.
+  workdir_parent: /workspace
+  # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
+  # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
+  # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
+  # valid_volumes:
+  #   - data
+  #   - /src/*.json
+  # If you want to allow any volume, please use the following configuration:
+  # valid_volumes:
+  #   - '**'
+  # overrides the docker client host with the specified one.
+  # If it's empty, act_runner will find an available docker host automatically.
+  # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
+  # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
+  docker_host: ""
+  force_pull: false
+
+host:
+  # The parent directory of a job's working directory.
+  # If it's empty, /data/.cache/act/ will be used.
+  workdir_parent: /data/cache/actions
diff --git a/ansible/roles/forgejo_runner/files/docker-compose.yml b/ansible/roles/forgejo_runner/files/docker-compose.yml
new file mode 100644
index 0000000..976deb3
--- /dev/null
+++ b/ansible/roles/forgejo_runner/files/docker-compose.yml
@@ -0,0 +1,20 @@
+services:
+  forgejo-runner:
+    image: code.forgejo.org/forgejo/runner:3.5.1
+    user: "{{ docker_user.id }}"
+    volumes:
+      - /mnt/data:/data
+    environment:
+      - TZ={{ timezone }}
+      - DOCKER_HOST=tcp://dind:2375
+    restart: unless-stopped
+    command: forgejo-runner daemon
+    depends_on:
+      dind:
+        condition: service_started
+
+  dind:
+    image: docker:dind
+    privileged: true
+    command: [dockerd, -H, tcp://0.0.0.0:2375, --tls=false]
+    restart: unless-stopped
diff --git a/ansible/roles/forgejo_runner/handlers/main.yml b/ansible/roles/forgejo_runner/handlers/main.yml
new file mode 100644
index 0000000..d7198d5
--- /dev/null
+++ b/ansible/roles/forgejo_runner/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart forgejo-runner
+  shell:
+    chdir: /opt/forgejo-runner
+    cmd: "{{ docker_update_command }}"
diff --git a/ansible/roles/forgejo_runner/tasks/main.yml b/ansible/roles/forgejo_runner/tasks/main.yml
new file mode 100644
index 0000000..820d148
--- /dev/null
+++ b/ansible/roles/forgejo_runner/tasks/main.yml
@@ -0,0 +1,34 @@
+- name: Create install directory
+  file:
+    path: /opt/forgejo-runner
+    state: directory
+    owner: "{{ docker_user.name }}"
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+
+- name: Create data directory
+  file:
+    path: /opt/forgejo-runner/data
+    state: directory
+    mode: "700"
+    owner: "{{ docker_user.name }}"
+  become: true
+
+- name: Install config file
+  template:
+    src: files/config.yml
+    dest: /opt/forgejo-runner/data/config.yml
+    mode: "600"
+    owner: "{{ docker_user.name }}"
+  notify: restart forgejo-runner
+  become: true
+
+- name: Install compose file
+  template:
+    src: files/docker-compose.yml
+    dest: /opt/forgejo-runner/docker-compose.yml
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+    validate: docker-compose -f %s config
+  notify: restart forgejo-runner
+  become: true
diff --git a/ansible/roles/gitea_runner/files/docker-compose.yml b/ansible/roles/gitea_runner/files/docker-compose.yml
deleted file mode 100644
index adcb242..0000000
--- a/ansible/roles/gitea_runner/files/docker-compose.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-services:
-  act-runner:
-    image: vegardit/gitea-act-runner:latest
-    network_mode: host
-    volumes:
-      - /mnt/data:/data
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-    environment:
-      - TZ={{ timezone }}
-      - GITEA_INSTANCE_URL=https://git.theorangeone.net
-      - GITEA_RUNNER_REGISTRATION_TOKEN={{ vault_gitea_runner_registration_token }}
-      - GITEA_RUNNER_NAME={{ ansible_hostname }}
-      - GITEA_RUNNER_FETCH_INTERVAL=5s
-      - GITEA_RUNNER_MAX_PARALLEL_JOBS={{ ansible_processor_nproc }}
-      - GITEA_RUNNER_UID={{ docker_user.id }}
-      - GITEA_RUNNER_GID={{ docker_user.id }}
-    restart: unless-stopped
diff --git a/ansible/roles/gitea_runner/handlers/main.yml b/ansible/roles/gitea_runner/handlers/main.yml
deleted file mode 100644
index 27ab00b..0000000
--- a/ansible/roles/gitea_runner/handlers/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-- name: restart act-runner
-  shell:
-    chdir: /opt/act-runner
-    cmd: "{{ docker_update_command }}"
diff --git a/ansible/roles/gitea_runner/tasks/main.yml b/ansible/roles/gitea_runner/tasks/main.yml
deleted file mode 100644
index 39660e9..0000000
--- a/ansible/roles/gitea_runner/tasks/main.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-- name: Include vault
-  include_vars: vault.yml
-
-- name: Create install directory
-  file:
-    path: /opt/act-runner
-    state: directory
-    owner: "{{ docker_user.name }}"
-    mode: "{{ docker_compose_directory_mask }}"
-  become: true
-
-- name: Install compose file
-  template:
-    src: files/docker-compose.yml
-    dest: /opt/act-runner/docker-compose.yml
-    mode: "{{ docker_compose_file_mask }}"
-    owner: "{{ docker_user.name }}"
-    validate: docker-compose -f %s config
-  notify: restart act-runner
-  become: true
diff --git a/ansible/roles/gitea_runner/vars/vault.yml b/ansible/roles/gitea_runner/vars/vault.yml
deleted file mode 100644
index 4795502..0000000
--- a/ansible/roles/gitea_runner/vars/vault.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-39356636363738343339633132326666373534646563366335363336356362343438313030353466
-6564373739333030393666333438386533316332626136350a626439316537343030323761383863
-33666632636132386335393833636232373662626562326531666330373438613738613634643061
-3864336432626338320a373866356363613166366239356630663534646566636131353530623266
-66326334636361386338663739333134333761376239373133396534376139633364336433663362
-30313736303539663839313830336164346536383066393635323366363433616264373165356431
-35663832323132356538666333653135383332653232336336646265356665313165623035363561
-65306666393331383661353961306531636266393765626363616265326566316163396531373638
-3735