Merge branch 'main' into remove/commintlint

## 🔍 Motivation & Context

Requiring `npm` and `node` to be present in all repositories, regardless of tech-stack used, is getting cumbersome and unnecessary. For now, I am removing this. In the future, I will find a better way to get commit-lint working.

## 🔖 Related Issue

None.

## ✨ Changes

- Removed all traces of `commitlint`.

Reviewed-on: https://code.maximhutz.com/Web/Gitea/pulls/20
Co-authored-by: Max <git@maximhutz.me>
Co-committed-by: Max <git@maximhutz.me>

.commitlintrc.yml

@@ -1,2 +0,0 @@
-extends:
-  - "@commitlint/config-conventional"

.husky/commit-msg

@@ -1,4 +0,0 @@
-#!/usr/bin/env sh
-. "$(dirname -- "$0")/_/husky.sh"
-
-npx --no -- commitlint --edit "$1"

.husky/pre-commit

@@ -1,5 +0,0 @@
-#!/usr/bin/env sh
-. "$(dirname -- "$0")/_/husky.sh"
-
-terraform -chdir=terraform validate
-terraform -chdir=terraform fmt -recursive

.husky/prepare-commit-msg

@@ -1,4 +0,0 @@
-#!/usr/bin/env sh
-. "$(dirname -- "$0")/_/husky.sh"
-
-exec < /dev/tty && node_modules/.bin/cz --hook || true

Taskfile.yml

@@ -22,12 +22,14 @@ tasks:
   gitea/build: ansible-playbook playbooks/gitea/build.yml
   gitea/deploy: ansible-playbook playbooks/gitea/deployment.yml
   gitea/enter: ./ssm/gitea.sh
+  gitea/token: ansible-playbook playbooks/gitea/runner_token.yml
   gitea:
      - task: gitea/build
      - task: gitea/deploy
   
-  runner: ansible-playbook playbooks/runner/deployment.yml
+  runner/enter: ./ssm/runner.sh
+  runner/deploy: ansible-playbook playbooks/runner/deployment.yml
   
-  repository/copy: ansible-playbook playbooks/repository.yml
+  repo/fetch: ansible-playbook playbooks/repository/fetch.yml
 
-  dev: docker compose -f compose.dev.yml up
+  dev: docker compose -f compose.dev.yml up --build --force-recreate --no-deps

compose.dev.yml

@@ -10,25 +10,24 @@ services:
   #   ports:
   #     - 80:80
 
-  # gitea:
-  #   container_name: codebase-dev-gitea
-  #   build: gitea
-  #   volumes:
-  #     - ./gitea/boot:/var/lib/gitea
-  #     - /etc/timezone:/etc/timezone:ro
-  #     - /etc/localtime:/etc/localtime:ro
-  #   ports:
-  #     - 80:80
-  #     - 443:443
-  #     - 2222:2222
-  #   environment:
-  #     GITEA_APP_INI: /etc/gitea/dev.app.ini
-  
-  runner:
-    container_name: codebase-dev-runner
-    image: gitea/act_runner
-    environment:
-      GITEA_INSTANCE_URL: "https://code.maximhutz.com/"
-      GITEA_RUNNER_REGISTRATION_TOKEN: "bgM1Ux9do7EWj6JwniXjdfs8fmjuzWgMeeNF5vhd"
+  gitea:
+    container_name: codebase-dev-gitea
+    build:
+      context: gitea
+      dockerfile: Dockerfile.dev
     volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - 80:80
+      - 443:443
+      - 2222:2222
+  
+  # runner:
+  #   container_name: codebase-dev-runner
+  #   image: gitea/act_runner
+  #   environment:
+  #     GITEA_INSTANCE_URL: "https://code.maximhutz.com/"
+  #     GITEA_RUNNER_REGISTRATION_TOKEN: "bgM1Ux9do7EWj6JwniXjdfs8fmjuzWgMeeNF5vhd"
+  #   volumes:
+  #     - /var/run/docker.sock:/var/run/docker.sock

gitea/Dockerfile

@@ -1,5 +1,15 @@
-FROM gitea/gitea:latest-rootless
+FROM gitea/gitea:latest
 
-ADD --chown=git:git config /etc/gitea
-ADD --chown=git:git custom /etc/gitea-custom
-ENV GITEA_CUSTOM /etc/gitea-custom
+RUN apk add aws-cli xz
+
+ADD --chown=git:git custom /data/gitea
+ADD --chown=git:git entrypoint.sh /home/entrypoint.sh
+
+ADD --chown=git:git scripts /home/scripts
+RUN chmod +x /home/scripts/*
+
+ADD --chown=git:git crontab.txt /home/crontab.txt
+RUN /usr/bin/crontab /home/crontab.txt
+
+ENTRYPOINT [ "/home/entrypoint.sh" ]
+CMD [ "/usr/bin/s6-svscan", "/etc/s6" ]

gitea/Dockerfile.dev

@@ -0,0 +1,18 @@
+FROM gitea/gitea:latest
+
+RUN apk add aws-cli xz
+
+ADD --chown=git:git custom /data/gitea
+ADD --chown=git:git entrypoint.sh /home/entrypoint.sh
+
+ADD --chown=git:git scripts /home/scripts
+RUN chmod +x /home/scripts/*
+
+ADD --chown=git:git crontab.txt /home/crontab.txt
+RUN /usr/bin/crontab /home/crontab.txt
+
+RUN rm /data/gitea/conf/app.ini
+RUN mv /data/gitea/conf/dev.app.ini /data/gitea/conf/app.ini
+
+ENTRYPOINT [ "/home/entrypoint.sh" ]
+CMD [ "/usr/bin/s6-svscan", "/etc/s6" ]

gitea/crontab.txt

@@ -0,0 +1 @@
+0 0 * * * /home/scripts/push.sh >> /home/cron.log

gitea/entrypoint.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+# Get S3 data.
+echo "Pulling data..."
+./home/scripts/pull.sh
+echo "Data pulled!"
+
+# Run crontab.
+/usr/sbin/crond -f -l 8 &
+
+# shellcheck disable=SC2068
+exec /usr/bin/entrypoint $@

gitea/scripts/pull.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+# Pull achived data.
+aws s3 cp "$BOOT_URI" /home/archive.tar.xz
+
+# Extracted Gitea data.
+mkdir -p /var/lib/gitea
+tar -xvf /home/archive.tar.xz -C /var/lib/gitea

gitea/scripts/push.sh

@@ -0,0 +1,23 @@
+#!/bin/sh
+
+set -e
+
+GITEA_PROCESS="$(pgrep gitea)"
+
+# Stop Gitea.
+echo "Stopped Gitea..."
+kill -STOP "$GITEA_PROCESS"
+
+# Archive Gitea data.
+echo "Archiving..."
+cd /var/lib/gitea
+tar cfJ ../archive.tar.xz .
+cd ..
+
+# Upload to S3.
+echo "Uploading..."
+aws s3 cp archive.tar.xz "$BOOT_URI"
+
+# Restart Gitea.
+kill -CONT "$GITEA_PROCESS"
+echo "Restarted Gitea!"

package.json

@@ -1,25 +0,0 @@
-{
-  "name": "codebase",
-  "version": "1.0.0",
-  "description": "This is the [Gitea](https://about.gitea.com/) instance that stores all repositories seen on [this site](https://git1.maximhutz.com)!",
-  "main": "index.js",
-  "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1",
-    "prepare": "husky install",
-    "cz": "cz"
-  },
-  "keywords": [],
-  "author": "",
-  "license": "ISC",
-  "devDependencies": {
-    "@commitlint/cli": "19.4.0",
-    "@commitlint/config-conventional": "19.2.2",
-    "cz-conventional-changelog": "^3.3.0",
-    "husky": "^8.0.0"
-  },
-  "config": {
-    "commitizen": {
-      "path": "./node_modules/cz-conventional-changelog"
-    }
-  }
-}

playbooks/gitea/deployment.yml

@@ -20,7 +20,7 @@
         mode: get
         bucket: "{{ image_bucket }}"
         object: "{{ image_key }}"
-        dest: ~/image.tar.xz
+        dest: /root/image.tar.xz
 
         region: "{{ aws_region }}"
         access_key: "{{ aws_access_key }}"
@@ -28,7 +28,7 @@
 
     - name: Load image.
       community.docker.docker_image_load:
-        path: ~/image.tar.xz
+        path: /root/image.tar.xz
       register: image
 
     - name: Fetch repository.
@@ -36,7 +36,7 @@
         mode: get
         bucket: "{{ boot_bucket }}"
         object: "{{ boot_key }}"
-        dest: ~/boot.tar.xz
+        dest: /root/boot.tar.xz
 
         region: "{{ aws_region }}"
         access_key: "{{ aws_access_key }}"
@@ -44,9 +44,9 @@
 
     - name: Unarchive image.
       ansible.builtin.unarchive:
-        src: ~/boot.tar.xz
+        src: /root/boot.tar.xz
         remote_src: true
-        dest: "~"
+        dest: /root
         group: 1000
         owner: 1000
 
@@ -56,13 +56,17 @@
         image: "{{ image.image_names[0] }}"
         state: started
         recreate: true
-        restart_policy: always
+        restart_policy: unless-stopped
         ports: [80:80, 2222:2222]
         env:
           GITEA__security__INTERNAL_TOKEN: "{{ internal_secret }}"
           GITEA__server__LFS_JWT_SECRET: "{{ lfs_secret }}"
           GITEA__oauth2__JWT_SECRET: "{{ jwt_secret }}"
+          AWS_REGION: "{{ gitea_boot.value.region }}"
+          AWS_ACCESS_KEY_ID: "{{ gitea_boot.value.id }}"
+          AWS_SECRET_ACCESS_KEY: "{{ gitea_boot.value.secret }}"
+          BOOT_URI: "s3://{{ boot_bucket }}/{{ boot_key }}"
         volumes:
-          - ~/boot:/var/lib/gitea
+          - /root/boot:/var/lib/gitea
           - /etc/timezone:/etc/timezone:ro
           - /etc/localtime:/etc/localtime:ro

playbooks/gitea/runner_token.yml

@@ -0,0 +1,22 @@
+- name: Get Gitea Runner registration token.
+  hosts: localhost
+  become: true
+  vars_files:
+    - ../../secrets/gitea.json
+    - ../../secrets/terraform.json
+  vars:
+    ansible_connection: aws_ssm
+    ansible_python_interpreter: /usr/bin/python3
+    ansible_aws_ssm_plugin: "{{ ssm_plugin }}"
+    ansible_aws_ssm_bucket_name: "{{ image_bucket }}"
+    ansible_aws_ssm_instance_id: "{{ private_instance_id.value }}"
+
+    ansible_aws_ssm_region: "{{ aws_region }}"
+    ansible_aws_ssm_access_key_id: "{{ aws_access_key }}"
+    ansible_aws_ssm_secret_access_key: "{{ aws_secret_key }}"
+  tasks:
+    - name: Get token.
+      community.docker.docker_container_exec:
+        container: server
+        command: gitea actions generate-runner-token
+      register: token

playbooks/proxy/deployment.yml

@@ -14,22 +14,6 @@
     ansible_aws_ssm_access_key_id: "{{ aws_access_key }}"
     ansible_aws_ssm_secret_access_key: "{{ aws_secret_key }}"
   tasks:
-    # - name: Fetch image.
-    #   amazon.aws.s3_object:
-    #     mode: get
-    #     bucket: "{{ image_bucket }}"
-    #     object: "{{ image_key }}"
-    #     dest: ~/image.tar.xz
-
-    #     region: "{{ aws_region }}"
-    #     access_key: "{{ aws_access_key }}"
-    #     secret_key: "{{ aws_secret_key }}"
-
-    # - name: Load image.
-    #   community.docker.docker_image_load:
-    #     path: ~/image.tar.xz
-    #   register: image
-
     - name: Run image.
       community.docker.docker_container:
         name: server
@@ -41,6 +25,3 @@
         volumes:
           - ./data:/data
           - ./letsencrypt:/etc/letsencrypt
-        env:
-          INITIAL_ADMIN_EMAIL: "proxy@maximhutz.com"
-          INITIAL_ADMIN_PASSWORD: "expensive-giraffe"

playbooks/repository/fetch.yml

@@ -1,9 +1,7 @@
----
-
 - name: Pull Gitea data.
   hosts: localhost
   vars_files:
-    ../secrets/gitea.json
+    ../../secrets/gitea.json
   tasks:
     - name: Temp file.
       ansible.builtin.tempfile:
@@ -12,8 +10,8 @@
 
     - name: Fetch from S3.
       amazon.aws.s3_object:
-        bucket: "acer-saccharum"
-        object: "codebase/gitea/boot"
+        bucket: "{{ boot_bucket }}"
+        object: "{{ boot_key }}"
         dest: "{{ file.path }}"
         mode: get
 
@@ -24,4 +22,4 @@
     - name: Unarchive image.
       ansible.builtin.unarchive:
         src: "{{ file.path }}"
-        dest: ../gitea
+        dest: ../../gitea

playbooks/runner/deployment.yml

@@ -1,24 +1,5 @@
 - name: Get registration token.
-  hosts: localhost
-  vars_files:
-    - ../../secrets/proxy.json
-    - ../../secrets/terraform.json
-  vars:
-    ansible_connection: aws_ssm
-    ansible_python_interpreter: /usr/bin/python3
-    ansible_aws_ssm_plugin: "{{ ssm_plugin }}"
-    ansible_aws_ssm_bucket_name: "{{ image_bucket }}"
-    ansible_aws_ssm_instance_id: "{{ private_instance_id.value }}"
-
-    ansible_aws_ssm_region: "{{ aws_region }}"
-    ansible_aws_ssm_access_key_id: "{{ aws_access_key }}"
-    ansible_aws_ssm_secret_access_key: "{{ aws_secret_key }}"
-  tasks:
-    - name: Generate registration token.
-      community.docker.docker_container_exec:
-        container: server
-        command: gitea actions grt
-      register: token
+  ansible.builtin.import_playbook: ../gitea/runner_token.yml
 
 - name: Deploy artifact to instance.
   hosts: localhost

requirements.txt

@@ -0,0 +1,41 @@
+ansible==11.1.0
+ansible-compat==24.10.0
+ansible-core==2.18.1
+ansible-lint==24.12.2
+attrs==24.3.0
+black==24.10.0
+boto3==1.35.95
+botocore==1.35.95
+bracex==2.5.post1
+certifi==2024.12.14
+cffi==1.17.1
+charset-normalizer==3.4.1
+click==8.1.8
+cryptography==44.0.0
+filelock==3.16.1
+idna==3.10
+importlib_metadata==8.5.0
+Jinja2==3.1.5
+jmespath==1.0.1
+jsonschema==4.23.0
+jsonschema-specifications==2024.10.1
+MarkupSafe==3.0.2
+mypy-extensions==1.0.0
+packaging==24.2
+pathspec==0.12.1
+platformdirs==4.3.6
+pycparser==2.22
+python-dateutil==2.9.0.post0
+PyYAML==6.0.2
+referencing==0.35.1
+requests==2.32.3
+resolvelib==1.0.1
+rpds-py==0.22.3
+ruamel.yaml==0.18.10
+s3transfer==0.10.4
+six==1.17.0
+subprocess-tee==0.4.2
+urllib3==2.3.0
+wcmatch==10.0
+yamllint==1.35.1
+zipp==3.21.0

ssm/runner.sh

@@ -0,0 +1,19 @@
+#!/bin/sh
+
+set -e
+
+# ---------------------------------------------------------------------------- #
+
+AWS_REGION="us-east-1"
+AWS_ACCESS_KEY_ID="$(jq -r '.aws_access_key' < secrets/runner.json)"
+AWS_SECRET_ACCESS_KEY="$(jq -r '.aws_secret_key' < secrets/runner.json)"
+
+export AWS_REGION
+export AWS_ACCESS_KEY_ID
+export AWS_SECRET_ACCESS_KEY
+
+# ---------------------------------------------------------------------------- #
+
+INSTANCE_ID="$(jq -r '.runner_instance_id.value' < secrets/terraform.json)"
+
+aws ssm start-session --target "$INSTANCE_ID"

terraform/iam.tf

@@ -0,0 +1,31 @@
+data "aws_s3_bucket" "storage_bucket" {
+  bucket = var.gitea_boot.bucket
+}
+
+data "aws_iam_policy_document" "gitea_bool_policy" {
+  statement {
+    effect    = "Allow"
+    actions   = ["s3:*", "s3-object-lambda:*"]
+    resources = ["${data.aws_s3_bucket.storage_bucket.arn}/${var.gitea_boot.key}"]
+  }
+}
+
+resource "aws_iam_policy" "gitea_boot_policy" {
+  name        = "${var.gitea_boot.role}Policy"
+  description = "The policy that manages the Gitea Boot."
+
+  policy = data.aws_iam_policy_document.gitea_bool_policy.json
+}
+
+resource "aws_iam_user" "gitea_boot_user" {
+  name = "${var.gitea_boot.role}User"
+}
+
+resource "aws_iam_user_policy_attachment" "attachment" {
+  user       = aws_iam_user.gitea_boot_user.name
+  policy_arn = aws_iam_policy.gitea_boot_policy.arn
+}
+
+resource "aws_iam_access_key" "gitea_boot_key" {
+  user    = aws_iam_user.gitea_boot_user.name
+}

terraform/install.sh

@@ -2,9 +2,18 @@
 
 amazon-linux-extras install docker ansible2 python3.8 -y
 
+# Make Docker work.
 systemctl enable docker
 systemctl start docker
-
 usermod -a -G docker ssm-user
+
+# Set up the correct version of Python (for Ansible).
 ln -sf /usr/bin/python3.8 /usr/bin/python3
-pip install botocore boto3 requests
+ln -sf /usr/bin/pip3.8 /usr/bin/pip3
+pip3 install botocore boto3 requests
+
+# Add some swap space.
+sudo dd if=/dev/zero of=/swapfile bs=128M count=8
+sudo chmod 600 /swapfile
+sudo mkswap /swapfile
+sudo swapon /swapfile

terraform/outputs.tf

@@ -1,19 +1,29 @@
-# The instance ID (`i-*****************`) of the reverse proxy.
 output "public_instance_id" {
   value = aws_instance.public.id
+  description = "The instance ID (`i-*****************`) of the reverse proxy."
 }
 
-# The instance ID of the Gitea instance.
 output "private_instance_id" {
   value = aws_instance.private.id
+  description = "The instance ID of the Gitea instance."
 }
 
-# The instance ID of the Gitea runner.
 output "runner_instance_id" {
   value = aws_instance.runner.id
+  description = "The instance ID of the Gitea runner."
 }
 
-# The private IP (not accessible from internet) of the Gitea instnace.
 output "private_instance_ip" {
   value = aws_instance.private.private_ip
+  description = "The private IP (not accessible from internet) of the Gitea instnace."
+}
+
+output "gitea_boot" {
+  value = {
+    id = aws_iam_access_key.gitea_boot_key.id
+    secret = aws_iam_access_key.gitea_boot_key.secret
+    region = var.region
+  }
+  description = "The credentials to manipulate the codebase repository boot."
+  sensitive = true
 }

terraform/variables.tf

@@ -11,4 +11,13 @@ variable "roles" {
     secret = string
   }))
   description = "The different roles that are used by Terraform."
+}
+
+variable "gitea_boot" {
+  type = object({
+    bucket = string
+    key = string
+    role = string
+  })
+  description = "The storage for the Gitea instance."
 }