diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f6cf93c58..995c1efd69 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ## 0.26.0 (Unreleased) +**BREAKING CHANGES & MIGRATIONS**: +* Updated the version of gitea and the runtime build script. Updating Gitea will remove the storage from underneath it and result in a redeploy. ([#4672](https://github.com/microsoft/AzureTRE/pull/4672)) ENHANCEMENTS: * Create CODEOWNERS file with repository maintainers diff --git a/devops/scripts/bundle_runtime_image_build.sh b/devops/scripts/bundle_runtime_image_build.sh index 5acc6cb801..81fc4eb3f7 100755 --- a/devops/scripts/bundle_runtime_image_build.sh +++ b/devops/scripts/bundle_runtime_image_build.sh @@ -32,15 +32,13 @@ if [ -n "${CI_CACHE_ACR_NAME:-}" ]; then docker_cache+=("--cache-from" "${CI_CACHE_ACR_NAME}${acr_domain_suffix}/${IMAGE_NAME_PREFIX}/${image_name}:${version}") fi -ARCHITECTURE=$(docker info --format "{{ .Architecture }}" ) - -if [ "${ARCHITECTURE}" == "aarch64" ]; then - DOCKER_BUILD_COMMAND="docker buildx build --platform linux/amd64" -else - DOCKER_BUILD_COMMAND="docker build" -fi +# Force BuildKit + buildx for amd64 + load into local docker +export DOCKER_BUILDKIT=1 +DOCKER_BUILD_COMMAND="docker buildx build --platform linux/amd64 --load" ${DOCKER_BUILD_COMMAND} --build-arg BUILDKIT_INLINE_CACHE=1 \ -t "${FULL_IMAGE_NAME_PREFIX}/${image_name}:${version}" \ "${docker_cache[@]}" -f "${docker_file}" "${docker_context}" +## Needed as workaround for v1 manifests not being supported in Azure App Service on Linux. + diff --git a/templates/shared_services/gitea/docker/Dockerfile b/templates/shared_services/gitea/docker/Dockerfile index 16b4fd3bff..14d348bd4c 100644 --- a/templates/shared_services/gitea/docker/Dockerfile +++ b/templates/shared_services/gitea/docker/Dockerfile @@ -1,4 +1,4 @@ -ARG GITEA_TAG=1.15 +ARG GITEA_TAG=1.24.5 ARG CERTIFICATE_URL=https://www.digicert.com/CACerts/BaltimoreCyberTrustRoot.crt.pem FROM gitea/gitea:${GITEA_TAG} diff --git a/templates/shared_services/gitea/docker/version.txt b/templates/shared_services/gitea/docker/version.txt index df0ed33211..3d26edf777 100644 --- a/templates/shared_services/gitea/docker/version.txt +++ b/templates/shared_services/gitea/docker/version.txt @@ -1 +1 @@ -__version__ = "0.3.12" +__version__ = "0.4.1" diff --git a/templates/shared_services/gitea/porter.yaml b/templates/shared_services/gitea/porter.yaml index 1fdf3374fb..dc0b8e566f 100644 --- a/templates/shared_services/gitea/porter.yaml +++ b/templates/shared_services/gitea/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-gitea -version: 1.2.1 +version: 2.0.1 description: "A Gitea shared service" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/shared_services/gitea/terraform/gitea-webapp.tf b/templates/shared_services/gitea/terraform/gitea-webapp.tf index 068b11b399..033fab6aeb 100644 --- a/templates/shared_services/gitea/terraform/gitea-webapp.tf +++ b/templates/shared_services/gitea/terraform/gitea-webapp.tf @@ -39,13 +39,19 @@ resource "azurerm_linux_web_app" "gitea" { GITEA__server__ROOT_URL = "https://${local.webapp_name}.azurewebsites.net/" GITEA__server__LFS_START_SERVER = "true" - GITEA__lfs__PATH = "/data/lfs" - GITEA__lfs__STORAGE_TYPE = "local" GITEA__log_0x2E_console__COLORIZE = "false" # Azure monitor doens't show colors, so this is easier to read. GITEA__picture__DISABLE_GRAVATAR = "true" # external avaters are not available due to network restrictions GITEA__security__INSTALL_LOCK = true GITEA__service__DISABLE_REGISTRATION = true + GITEA__migrations__ALLOW_LOCALNETWORKS = "true" + + GITEA__storage__STORAGE_TYPE = "azureblob" + GITEA__storage__AZURE_BLOB_ENDPOINT = data.azurerm_storage_account.gitea.primary_blob_endpoint + GITEA__storage__AZURE_BLOB_ACCOUNT_NAME = data.azurerm_storage_account.gitea.name + GITEA__storage__AZURE_BLOB_ACCOUNT_KEY = data.azurerm_storage_account.gitea.primary_access_key + GITEA__storage__AZURE_BLOB_CONTAINER = azurerm_storage_container.gitea_blob_container.name + GITEA__database__SSL_MODE = "true" GITEA__database__DB_TYPE = "mysql" GITEA__database__HOST = azurerm_mysql_flexible_server.gitea.fqdn @@ -74,16 +80,6 @@ resource "azurerm_linux_web_app" "gitea" { docker_image_name = "microsoft/azuretre/gitea:${local.version}" } } - - storage_account { - name = "gitea-data" - type = "AzureFiles" - account_name = data.azurerm_storage_account.gitea.name - access_key = data.azurerm_storage_account.gitea.primary_access_key - share_name = azurerm_storage_share.gitea.name - mount_path = "/data" - } - logs { application_logs { file_system_level = "Information" @@ -98,7 +94,8 @@ resource "azurerm_linux_web_app" "gitea" { } depends_on = [ - azurerm_key_vault_secret.gitea_password + azurerm_key_vault_secret.gitea_password, + azurerm_storage_container.gitea_blob_container ] } @@ -168,7 +165,6 @@ resource "azurerm_monitor_diagnostic_setting" "webapp_gitea" { metric { category = "AllMetrics" - enabled = true } } @@ -191,14 +187,14 @@ resource "azurerm_key_vault_secret" "gitea_password" { lifecycle { ignore_changes = [tags] } } -resource "azurerm_storage_share" "gitea" { - name = "gitea-data" - storage_account_name = data.azurerm_storage_account.gitea.name - quota = var.gitea_storage_limit -} - resource "azurerm_role_assignment" "gitea_acrpull_role" { scope = data.azurerm_container_registry.mgmt_acr.id role_definition_name = "AcrPull" principal_id = azurerm_user_assigned_identity.gitea_id.principal_id } + +resource "azurerm_storage_container" "gitea_blob_container" { + name = "gitea" + storage_account_id = data.azurerm_storage_account.gitea.id + container_access_type = "private" +} diff --git a/templates/workspace_services/gitea/docker/Dockerfile b/templates/workspace_services/gitea/docker/Dockerfile index c82267de82..8094b7fc14 100644 --- a/templates/workspace_services/gitea/docker/Dockerfile +++ b/templates/workspace_services/gitea/docker/Dockerfile @@ -1,4 +1,4 @@ -ARG GITEA_TAG=1.17.3 +ARG GITEA_TAG=1.24.5 ARG CERTIFICATE_URL=https://www.digicert.com/CACerts/BaltimoreCyberTrustRoot.crt.pem FROM gitea/gitea:${GITEA_TAG} @@ -7,6 +7,8 @@ ARG CERTIFICATE_URL RUN wget -q -O /usr/local/share/ca-certificates/mysql.crt.pem ${CERTIFICATE_URL} && update-ca-certificates COPY . / +RUN chmod +x ./configure_gitea.sh + RUN /usr/sbin/adduser -D -g users gitea ENTRYPOINT ["/bin/bash", "-c", "./configure_gitea.sh & /usr/bin/entrypoint"] diff --git a/templates/workspace_services/gitea/porter.yaml b/templates/workspace_services/gitea/porter.yaml index 6a4df69b0f..6144ce8cb0 100644 --- a/templates/workspace_services/gitea/porter.yaml +++ b/templates/workspace_services/gitea/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-workspace-service-gitea -version: 1.3.2 +version: 2.0.1 description: "A Gitea workspace service" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspace_services/gitea/terraform/.terraform.lock.hcl b/templates/workspace_services/gitea/terraform/.terraform.lock.hcl deleted file mode 100644 index c9d619dae5..0000000000 --- a/templates/workspace_services/gitea/terraform/.terraform.lock.hcl +++ /dev/null @@ -1,82 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/azure/azapi" { - version = "1.15.0" - constraints = "1.15.0" - hashes = [ - "h1:Y7ruMuPh8UJRTRl4rm+cdpGtmURx2taqiuqfYaH3o48=", - "zh:0627a8bc77254debc25dc0c7b62e055138217c97b03221e593c3c56dc7550671", - "zh:2fe045f07070ef75d0bec4b0595a74c14394daa838ddb964e2fd23cc98c40c34", - "zh:343009f39c957883b2c06145a5954e524c70f93585f943f1ea3d28ef6995d0d0", - "zh:53fe9ab54485aaebc9b91e27a10bce2729a1c95b1399079e631dc6bb9e3f27dc", - "zh:63c407e7dc04d178d4798c17ad489d9cc92f7d1941d7f4a3f560b95908b6107b", - "zh:7d6fc2b432b264f036bb80ab2b2ba67f80a5d98da8a8c322aa097833dad598c9", - "zh:7ec49c0a8799d469eb6e2a1f856693f9862f1b73f5ed70adc1b346e5a4c6458d", - "zh:889704f10319d301d677539d788fc82a7c73608ab78cb93e1280ac2be39e6e00", - "zh:90b4b07405b7cde9ebae3b034cb5bb5dd18484d1b95bd250f905451f1e86ac3f", - "zh:92aa9c241a8cb2a6d81ad47bc007c119f8b818464a960ebaf39008766c361e6b", - "zh:f28fbd0a2c59e239b53067bc1adc691be444876bcb2d4f78d310f549724da6e0", - "zh:ffb15e0ddfa505d0e9b75341570199076ae574887124f398162b1ead9376b25f", - ] -} - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "4.27.0" - constraints = "4.27.0" - hashes = [ - "h1:2fs47aLDaEm93ANXXVRdTjlbUBmFBZRsFjyshKoPE3o=", - "zh:0c69edea1995bd3bd9e61980757169c35bf22281b660b5c755b6cb13d08d29d2", - "zh:25b86bf7b9678371d8573983954c571696f3e64a3967133be3b835da36307106", - "zh:49921cff4f26a49bafada60cd07dabb52c5eb35231059ed928a4f4722e269c82", - "zh:4b986166531f9fd1289f01d8220519443e74888a21da512c1b841b006dad6215", - "zh:53fb65b2ca4df637f03e4748a100a7d7fc77249e307c03e294d6259cec0310f6", - "zh:5c0d021a387ca4e2a5a01da009746a08c45f08e971c10d9bda54539d7264d671", - "zh:600043f2b20dc5a45275e43f175c19fe8b6e8e9557a0c884aef018f1f63de90e", - "zh:a0284f6f38912f67bb4cb7829fda3fa75be81fea6a9b21119965c2a839430092", - "zh:a7ac0576e2069ef77557042c6b5157ded364fbd355b2f9bf7f5441622424086e", - "zh:c5db0bcafe986868e28cc6225b68b2d1cf4bf631939d260ca845f17a9aa1677d", - "zh:ce620c0eb71b1fdd925828b30cf232a869abccf1c459180f2f991c4166315251", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.5.2" - constraints = "2.5.2" - hashes = [ - "h1:JlMZD6nYqJ8sSrFfEAH0Vk/SL8WLZRmFaMUF9PJK5wM=", - "zh:136299545178ce281c56f36965bf91c35407c11897f7082b3b983d86cb79b511", - "zh:3b4486858aa9cb8163378722b642c57c529b6c64bfbfc9461d940a84cd66ebea", - "zh:4855ee628ead847741aa4f4fc9bed50cfdbf197f2912775dd9fe7bc43fa077c0", - "zh:4b8cd2583d1edcac4011caafe8afb7a95e8110a607a1d5fb87d921178074a69b", - "zh:52084ddaff8c8cd3f9e7bcb7ce4dc1eab00602912c96da43c29b4762dc376038", - "zh:71562d330d3f92d79b2952ffdda0dad167e952e46200c767dd30c6af8d7c0ed3", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:805f81ade06ff68fa8b908d31892eaed5c180ae031c77ad35f82cb7a74b97cf4", - "zh:8b6b3ebeaaa8e38dd04e56996abe80db9be6f4c1df75ac3cccc77642899bd464", - "zh:ad07750576b99248037b897de71113cc19b1a8d0bc235eb99173cc83d0de3b1b", - "zh:b9f1c3bfadb74068f5c205292badb0661e17ac05eb23bfe8bd809691e4583d0e", - "zh:cc4cbcd67414fefb111c1bf7ab0bc4beb8c0b553d01719ad17de9a047adff4d1", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.7.2" - constraints = "3.7.2" - hashes = [ - "h1:356j/3XnXEKr9nyicLUufzoF4Yr6hRy481KIxRVpK0c=", - "zh:14829603a32e4bc4d05062f059e545a91e27ff033756b48afbae6b3c835f508f", - "zh:1527fb07d9fea400d70e9e6eb4a2b918d5060d604749b6f1c361518e7da546dc", - "zh:1e86bcd7ebec85ba336b423ba1db046aeaa3c0e5f921039b3f1a6fc2f978feab", - "zh:24536dec8bde66753f4b4030b8f3ef43c196d69cccbea1c382d01b222478c7a3", - "zh:29f1786486759fad9b0ce4fdfbbfece9343ad47cd50119045075e05afe49d212", - "zh:4d701e978c2dd8604ba1ce962b047607701e65c078cb22e97171513e9e57491f", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7b8434212eef0f8c83f5a90c6d76feaf850f6502b61b53c329e85b3b281cba34", - "zh:ac8a23c212258b7976e1621275e3af7099e7e4a3d4478cf8d5d2a27f3bc3e967", - "zh:b516ca74431f3df4c6cf90ddcdb4042c626e026317a33c53f0b445a3d93b720d", - "zh:dc76e4326aec2490c1600d6871a95e78f9050f9ce427c71707ea412a2f2f1a62", - "zh:eac7b63e86c749c7d48f527671c7aee5b4e26c10be6ad7232d6860167f99dbb0", - ] -} diff --git a/templates/workspace_services/gitea/terraform/data.tf b/templates/workspace_services/gitea/terraform/data.tf index eb24688f2a..7726665ac9 100644 --- a/templates/workspace_services/gitea/terraform/data.tf +++ b/templates/workspace_services/gitea/terraform/data.tf @@ -39,8 +39,8 @@ data "azurerm_private_dns_zone" "mysql" { resource_group_name = local.core_resource_group_name } -data "azurerm_private_dns_zone" "filecore" { - name = module.terraform_azurerm_environment_configuration.private_links["privatelink.file.core.windows.net"] +data "azurerm_private_dns_zone" "blobcore" { + name = module.terraform_azurerm_environment_configuration.private_links["privatelink.blob.core.windows.net"] resource_group_name = local.core_resource_group_name } diff --git a/templates/workspace_services/gitea/terraform/gitea-webapp.tf b/templates/workspace_services/gitea/terraform/gitea-webapp.tf index 6673ddc5a2..2c98182db9 100644 --- a/templates/workspace_services/gitea/terraform/gitea-webapp.tf +++ b/templates/workspace_services/gitea/terraform/gitea-webapp.tf @@ -57,12 +57,21 @@ resource "azurerm_linux_web_app" "gitea" { GITEA__service__DISABLE_REGISTRATION = false GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION = true GITEA__service__SHOW_REGISTRATION_BUTTON = false - GITEA__database__SSL_MODE = "true" - GITEA__database__DB_TYPE = "mysql" - GITEA__database__HOST = azurerm_mysql_flexible_server.gitea.fqdn - GITEA__database__NAME = azurerm_mysql_flexible_database.gitea.name - GITEA__database__USER = azurerm_mysql_flexible_server.gitea.administrator_login - GITEA__database__PASSWD = "@Microsoft.KeyVault(SecretUri=${azurerm_key_vault_secret.db_password.id})" + + GITEA__migrations__ALLOW_LOCALNETWORKS = "true" + + GITEA__storage__STORAGE_TYPE = "azureblob" + GITEA__storage__AZURE_BLOB_ENDPOINT = azurerm_storage_account.gitea.primary_blob_endpoint + GITEA__storage__AZURE_BLOB_ACCOUNT_NAME = azurerm_storage_account.gitea.name + GITEA__storage__AZURE_BLOB_ACCOUNT_KEY = azurerm_storage_account.gitea.primary_access_key + GITEA__storage__AZURE_BLOB_CONTAINER = azurerm_storage_container.gitea_blob_container.name + + GITEA__database__SSL_MODE = "true" + GITEA__database__DB_TYPE = "mysql" + GITEA__database__HOST = azurerm_mysql_flexible_server.gitea.fqdn + GITEA__database__NAME = azurerm_mysql_flexible_database.gitea.name + GITEA__database__USER = azurerm_mysql_flexible_server.gitea.administrator_login + GITEA__database__PASSWD = "@Microsoft.KeyVault(SecretUri=${azurerm_key_vault_secret.db_password.id})" } lifecycle { ignore_changes = [tags] } @@ -86,14 +95,6 @@ resource "azurerm_linux_web_app" "gitea" { } } - storage_account { - name = "gitea-data" - type = "AzureFiles" - account_name = azurerm_storage_account.gitea.name - access_key = azurerm_storage_account.gitea.primary_access_key - share_name = azurerm_storage_share.gitea.name - mount_path = "/data/gitea/" - } logs { application_logs { @@ -109,7 +110,9 @@ resource "azurerm_linux_web_app" "gitea" { } depends_on = [ - azurerm_key_vault_secret.gitea_password + azurerm_key_vault_secret.gitea_password, + azurerm_storage_account.gitea, + azurerm_storage_container.gitea_blob_container ] } @@ -178,7 +181,6 @@ resource "azurerm_monitor_diagnostic_setting" "gitea" { metric { category = "AllMetrics" - enabled = true } } diff --git a/templates/workspace_services/gitea/terraform/storage.tf b/templates/workspace_services/gitea/terraform/storage.tf index 0e74f16883..aed8ba0e5d 100644 --- a/templates/workspace_services/gitea/terraform/storage.tf +++ b/templates/workspace_services/gitea/terraform/storage.tf @@ -38,8 +38,8 @@ resource "azurerm_storage_account_network_rules" "stgrules" { bypass = ["AzureServices"] } -resource "azurerm_private_endpoint" "stgfilepe" { - name = "stgfilepe-${local.service_resource_name_suffix}" +resource "azurerm_private_endpoint" "stgblobpe" { + name = "stgblobpe-${local.service_resource_name_suffix}" location = data.azurerm_resource_group.ws.location resource_group_name = data.azurerm_resource_group.ws.name subnet_id = data.azurerm_subnet.services.id @@ -49,20 +49,19 @@ resource "azurerm_private_endpoint" "stgfilepe" { private_dns_zone_group { name = "private-dns-zone-group" - private_dns_zone_ids = [data.azurerm_private_dns_zone.filecore.id] + private_dns_zone_ids = [data.azurerm_private_dns_zone.blobcore.id] } private_service_connection { - name = "stgfilepesc-${local.service_resource_name_suffix}" + name = "stgblobpesc-${local.service_resource_name_suffix}" private_connection_resource_id = azurerm_storage_account.gitea.id is_manual_connection = false - subresource_names = ["File"] + subresource_names = ["blob"] } } - -resource "azurerm_storage_share" "gitea" { - name = "gitea-data" - storage_account_name = azurerm_storage_account.gitea.name - quota = var.gitea_storage_limit +resource "azurerm_storage_container" "gitea_blob_container" { + name = "gitea" + storage_account_id = azurerm_storage_account.gitea.id + container_access_type = "private" } diff --git a/templates/workspace_services/gitea/terraform/variables.tf b/templates/workspace_services/gitea/terraform/variables.tf index 267c41fcc6..ed5decb221 100644 --- a/templates/workspace_services/gitea/terraform/variables.tf +++ b/templates/workspace_services/gitea/terraform/variables.tf @@ -16,11 +16,7 @@ variable "mgmt_acr_name" { variable "aad_authority_url" { type = string } -variable "gitea_storage_limit" { - type = number - description = "Space allocated in GB for the Gitea data in Azure Files Share" - default = 100 -} + variable "arm_environment" { type = string } diff --git a/templates/workspace_services/gitea/version.txt b/templates/workspace_services/gitea/version.txt index 43c4ab0058..a5f830a2c0 100644 --- a/templates/workspace_services/gitea/version.txt +++ b/templates/workspace_services/gitea/version.txt @@ -1 +1 @@ -__version__ = "0.6.1" +__version__ = "0.7.1"