upgrade concurency

Dockerfile

@@ -32,6 +32,6 @@ RUN ln -svf /bin/busybox /usr/sbin/sendmail \
     && chmod ugo+x /usr/local/bin/autobackup 
 COPY --from=dcronbuilder /opt/bitnami/gitea/dcron/crond /usr/sbin/crond
 RUN mkdir -p /etc/cron.d && chown -R 1001 /etc/cron.d && chmod 0755 /usr/sbin/crond
-
+COPY --chmod=0755 entrypoint.sh /opt/bitnami/scripts/gitea/entrypoint.sh
 WORKDIR /opt/bitnami/gitea
 USER 1001

README.md

@@ -1,2 +1,10 @@
 # gitea-bitnami-custom
-our custom installation of gitea packed by Bitnami
+
+our custom installation of gitea packed by Bitnami.  
+
+## What differs from the original Bitnami installation?
+
+- we embed a smtp server (postfix) to send emails
+- we embed cloudflared to create a tunnel to our gitea instance
+- we embed a cronjob to renew the letsencrypt certificate
+- we allow more than 1 replica of the gitea instance

Tiltfile

@@ -5,21 +5,25 @@ elif os.name == 'posix':
     datebase=str(local("date -I"))
 
 datei=str(abs(hash(datebase)))
-sha1=str(abs(hash(str(local("openssl dgst -sha1 Dockerfile")))))
+sha1=str(abs(hash(str(local("date +%s")))))
+arch="amd64"
+K8SArch="kubernetes.io/arch="+arch
 Namespace='sandbox-gitea-dev'
 ModuleName='my_module'
 ModulePath='./'+ModuleName
-CacheRegistry='ttl.sh/sanbox-gitea-dev-'+datei+'-cache'
-Registry='ttl.sh/sanbox-gitea-dev-'+sha1
+CacheRegistry='ttl.sh/sanbox-gitea-custom-'+datei+'-cache'
+Registry='ttl.sh/sanbox-gitea-custom-'+sha1
 default_registry(Registry)
 
 load('ext://helm_resource', 'helm_resource', 'helm_repo')
 load('ext://namespace', 'namespace_create')
 os.putenv ( 'NAMESPACE' , Namespace )
 os.putenv ( 'MODULENAME', ModuleName )
-os.putenv ('MODULEPATH', ModulePath)
+os.putenv ( 'MODULEPATH', ModulePath)
 os.putenv ( 'DOCKER_REGISTRY' , Registry ) 
 os.putenv ( 'DOCKER_CACHE_REGISTRY' , CacheRegistry ) 
+os.putenv ( 'K8S_ARCH' , K8SArch )
+os.putenv ( 'ARCH' , arch )
 namespace_create(Namespace)
 
 warn ("sha1: "+sha1)
@@ -28,14 +32,14 @@ if os.name == 'nt':
     # Code à exécuter si le système d'exploitation est Windows
     warn("Running on Windows")
     custom_build('gitea_bitnami_custom_tilted', 'kubectl -n %NAMESPACE% delete pod/kaniko & tar -cvz --exclude "node_modules" --exclude "dkim.rsa" --exclude "private" --exclude "k8s" --exclude ".git" --exclude ".github" --exclude-vcs --exclude ".docker" --exclude "_sensitive_datas" -f - \
-    ./Dockerfile libgitea.sh gitea-env.sh ./busybox autobackup.sh | kubectl -n %NAMESPACE% run kaniko --image=gcr.io/kaniko-project/executor:v1.19.2 --stdin=true --command -- /kaniko/executor -v info --dockerfile=Dockerfile --context=tar://stdin --destination=%EXPECTED_REF% --cache=true --cache-ttl=4h --cache-repo=%DOCKER_CACHE_REGISTRY%', [
+    ./Dockerfile libgitea.sh gitea-env.sh ./busybox autobackup.sh entrypoint.sh | kubectl -n %NAMESPACE% run kaniko --overrides=\'{ "apiVersion": "v1", "spec": { "nodeSelector": { "kubernetes.io/arch": "'+arch+'" } } }\' --image=gcr.io/kaniko-project/executor:v1.19.2 --stdin=true --command -- /kaniko/executor -v info --dockerfile=Dockerfile --context=tar://stdin --destination=%EXPECTED_REF% --cache=true --cache-ttl=4h --cache-repo=%DOCKER_CACHE_REGISTRY%', [
             ModuleName
         ], skips_local_docker = True)
 elif os.name == 'posix':
     # Code à exécuter si le système d'exploitation est Linux ou MacOS
     warn("Running on Posix")
     custom_build('gitea_bitnami_custom_tilted', 'kubectl -n $NAMESPACE delete pod/kaniko ; tar -cvz --exclude "node_modules" --exclude "dkim.rsa" --exclude "private" --exclude "k8s" --exclude ".git" --exclude ".github" --exclude-vcs --exclude ".docker" --exclude "_sensitive_datas" -f - \
-  ./Dockerfile libgitea.sh gitea-env.sh ./busybox autobackup.sh | kubectl -n $NAMESPACE run kaniko --image=gcr.io/kaniko-project/executor:v1.19.2 --stdin=true --command -- /kaniko/executor -v info --dockerfile=Dockerfile --context=tar://stdin --destination=$EXPECTED_REF --cache=true --cache-ttl=4h --cache-repo=$DOCKER_CACHE_REGISTRY', [
+  ./Dockerfile libgitea.sh gitea-env.sh ./busybox autobackup.sh entrypoint.sh | kubectl -n $NAMESPACE run kaniko --overrides=\'{"apiVersion":"v1","spec":{"nodeSelector":{"kubernetes.io/arch":"'+arch+'"}}}\' --image=gcr.io/kaniko-project/executor:v1.19.2 --stdin=true --command -- /kaniko/executor -v info --dockerfile=Dockerfile --context=tar://stdin --destination=$EXPECTED_REF --cache=true --cache-ttl=4h --cache-repo=$DOCKER_CACHE_REGISTRY', [
             ModuleName
         ], skips_local_docker = True)
 

_values_gitea.yaml

@@ -8,11 +8,13 @@ flex-smtpd:
     dkimSelector: dkim-gitea
     postfixHostname: smtp-gitea.sandbox.local
   image:
-    tag: v4.1.0f
+    tag: v4.1.0g
   service:
     name: smtpd
 
 gitea:
+  nodeSelector:
+    kubernetes.io/arch: amd64
   resources:
     limits:
       cpu: 2000m
@@ -32,12 +34,12 @@ gitea:
     enabled: true
     gatewayClassName: haproxy-gatewayclass
   image:
-    tag: 1.21.3
-    debug: true
-  replicaCount: 1
+    tag: 1.21.4
+    debug: false
+  replicaCount: 3
   persistence:
-    enabled: false
-    size: 10Gi
+    enabled: true
+    size: 25Mi
     accessModes: ["ReadWriteMany"]
   ingress:
     annotations:

entrypoint.sh

@@ -0,0 +1,101 @@
+#!/bin/bash
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+
+# shellcheck disable=SC1091
+
+set -o errexit
+set -o nounset
+set -o pipefail
+# set -o xtrace # Uncomment this line for debugging purposes
+
+# Load libraries
+. /opt/bitnami/scripts/libbitnami.sh
+. /opt/bitnami/scripts/liblog.sh
+. /opt/bitnami/scripts/libos.sh
+
+# Load Gitea environment variables
+. /opt/bitnami/scripts/gitea-env.sh
+
+print_welcome_page
+
+# Simpler version of abs() function
+function abs() {
+    [ $1 -lt 0 ] && echo $((-$1)) || echo $1
+}
+
+# Generate pseudo random number based on the hash of the hostname
+# This is to avoid multiple containers to do the same thing at the same time
+# The random number is used to wait a random amount of time before starting the setup
+# Basing the pseudo random number on the hostname hash allows to have a different number for each container
+# Because the hostname as a different hash in each container
+function get_pseudorandom_based_on_hash() {
+    MIN=${1:-43}
+    MAX=${2:-127}
+    HOSTNAME=${3:-$(hostname)}
+    HASH=$(echo -n "$HOSTNAME" | shasum | cut -f1 -d' ')
+    HASH_FIRST_16="${HASH:0:16}"
+    ABSHASH=$(abs $((0x$HASH_FIRST_16))) # convert hex to positive decimal
+    RANDOM_NUMBER=$((($ABSHASH % ($MAX - $MIN)) + $MIN + 1))
+    echo $RANDOM_NUMBER
+}
+
+function sleep_ms() {
+    MS=$(printf "%04d" ${1:-1000} | sed 's/\(.*\)\([0-9]\{3\}\)$/\1.\2/')
+    sleep $MS
+}
+
+_RANDOM=$(get_pseudorandom_based_on_hash 1000 10000)
+info "Waiting for $_RANDOM milliseconds before starting the setup..."
+sleep_ms $_RANDOM
+
+# Configure libnss_wrapper based on the UID/GID used to run the container
+# This container supports arbitrary UIDs, therefore we have do it dynamically
+if ! am_i_root; then
+    export LNAME="gitea"
+    export LD_PRELOAD="/opt/bitnami/common/lib/libnss_wrapper.so"
+    if [[ -f "$LD_PRELOAD" ]]; then
+        info "Configuring libnss_wrapper"
+        NSS_WRAPPER_PASSWD="$(mktemp)"
+        export NSS_WRAPPER_PASSWD
+        NSS_WRAPPER_GROUP="$(mktemp)"
+        export NSS_WRAPPER_GROUP
+        if [[ "$HOME" == "/" ]]; then
+            export HOME=/opt/bitnami/gitea
+        fi
+        echo "gitea:x:$(id -u):$(id -g):gitea:${HOME}:/bin/false" >"$NSS_WRAPPER_PASSWD"
+        echo "gitea:x:$(id -g):" >"$NSS_WRAPPER_GROUP"
+        chmod 400 "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
+    fi
+fi
+
+if [[ "$1" = "/opt/bitnami/scripts/gitea/run.sh" ]]; then
+    FILE="/bitnami/gitea/custom/conf/app.ini"
+    LOCKFILE="/bitnami/gitea/.app.ini.lock"
+    _RANDOM=$(get_pseudorandom_based_on_hash 60 120)
+    DIRNAME=$(dirname "$LOCKFILE")
+    mkdir -p "$DIRNAME"
+
+    info "** Starting Gitea setup on $(hostname) **"
+    # this loop is to wait for the bitnami/gitea/.app.ini.lock to be unlocked
+    # the bitnami/gitea/.app.ini.lock is locked when the bitnami application is being setup
+    while true; do
+        exec 200>"$LOCKFILE"
+        if flock -n 200; then
+            info "$(hostname): The file $FILE is not write-locked."
+            info "$(hostname): Locking the file for writing..."
+            /opt/bitnami/scripts/gitea/setup.sh
+            info "$(hostname): Unlocking the file..."
+            flock -u 200
+            info "$(hostname): The file $FILE is now unlocked."
+            break
+        else
+            warn "$(hostname): The file $FILE is write-locked. Waiting for $_RANDOM seconds before retrying..."
+            sleep $_RANDOM
+        fi
+    done
+    info "** Gitea setup finished on $(hostname) ! **"
+fi
+
+echo ""
+exec "$@"

helm/gitea/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 1.0.6
 - name: redis
   repository: https://charts.bitnami.com/bitnami
-  version: 18.2.0
+  version: 18.8.0
 - name: flex-smtpd
   repository: https://helm-repo.highcanfly.club
   version: 0.1.6
-digest: sha256:6c1d0d027a380ea3720742616b17ade1dfc5afc075dad38bcdf13b89357daced
-generated: "2024-01-29T08:29:49.174143+01:00"
+digest: sha256:c50ab6a3e4d57bdd7629669a940e503781a7785a019ed9f6f76a3bc9b89badab
+generated: "2024-01-29T19:57:40.67915+01:00"

helm/gitea/Chart.yaml

@@ -31,7 +31,7 @@ dependencies:
   version: 1.0.6
   repository: https://charts.bitnami.com/bitnami
 - name: redis
-  version: 18.2.0
+  version: 18.8.0
   repository: https://charts.bitnami.com/bitnami
 - name: flex-smtpd
   condition: flex-smtpd.enabled

libgitea.sh

@@ -98,6 +98,27 @@ gitea_stop() {
     stop_service_using_pid "$GITEA_PID_FILE"
 }
 
+########################
+# Checks whether a directory is empty or not
+# arguments:
+#   $1 - directory
+# returns:
+#   boolean
+#########################
+is_dir_empty() {
+    local -r path="${1:?missing directory}"
+    # Calculate real path in order to avoid issues with symlinks
+    local -r dir="$(realpath "$path")"
+    # This condition checks if the directory specified by "$dir" does not exist or is empty, except for a possible '.app.ini.lock' file.
+    # [[ ! -e "$dir" ]] checks if the directory "$dir" does not exist.
+    # [[ -z "$(find "$dir" -mindepth 1 -not -name '.app.ini.lock')" ]] checks if the directory "$dir" is empty or only contains the '.app.ini.lock' file.
+    if [[ ! -e "$dir" ]] || [[ -z "$(find "$dir" -mindepth 1 -not -name '.app.ini.lock')" ]] ; then
+        true
+    else
+        false
+    fi
+}
+
 ########################
 # Initialize Gitea
 # Arguments: