Commit graph

117 commits

Author SHA1 Message Date
Earl Warren
d1dadf4e06
fix(ci): use 512MB for elasticsearch instead of 32GB
It can be observed that when elasticsearch runs in the CI the process
uses 32GB of resident memory.

Set Xmx and Xms to no more than the threshold that the JVM uses for
compressed object pointers (compressed oops); the exact threshold
varies but is near 32 GB. You can verify that you are under the
threshold by looking for a line in the logs like the following:

Refs: https://www.elastic.co/guide/en/elasticsearch/reference/7.5/docker.html
Refs: https://www.elastic.co/guide/en/elasticsearch/reference/7.5/heap-size.html
2024-07-16 08:10:58 +02:00
Renovate Bot
20161546d5 Update renovate to v37.431.4 2024-07-15 04:03:33 +00:00
Elias Elwyn
f3f6bc5b33
test: add valkey to remote cache test 2024-07-09 14:26:46 +10:00
Earl Warren
764b9abc6b Merge pull request 'tests: run JavaScript tests when web_src/js is modified' (#4419) from earl-warren/forgejo:wip-e2e into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4419
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-08 18:50:02 +00:00
Earl Warren
a6a64f1fdc
tests: run JavaScript tests when web_src/js is modified
otherwise they are not useful
2024-07-08 19:26:14 +02:00
Renovate Bot
faaf03a44a Update renovate to v37.425.2 2024-07-08 13:01:21 +00:00
Earl Warren
ee7f568aed
fix(ci): do not block pull request CI when go-versions lags behind
When a new go version is published, it takes about 24h for
https://github.com/actions/go-versions to be updated (see
https://github.com/actions/go-versions/pull/102 for example).

In the meantime the setup-go action that depends on it will install a
version of go that fails golang.org/x/vuln/cmd/govulncheck.

Move the security check to be the last step of the test job instead of
the first. It will still block the PRs from being merged but it will
allow the PR authors to keep working and look at the test results in
the meantime.

Fixes: https://codeberg.org/forgejo/forgejo/issues/4294
2024-07-03 15:57:35 +02:00
Earl Warren
abf72a42e7
ci(release): upgrade v*.next.forgejo.org when the release is ready
The https://v$major.next.forgejo.org instances are polling for new
releases with a cron job every hour. This is not only a waste of
resources because there is nothing most of the time, it also imposes a
delay of maximum one hour when there is a new release.

When the release is published, notify the corresponding instance that
an upgrade is ready. In the request will 404 but leave a trace in the
logs which can trigger an upgrade script if wakeup-on-logs is
configured accordingly.

  GET https://v$major.next.forgejo.org/.well-known/wakeup-on-logs/forgejo-v$major

* v8 - a daemon watching on the web server logs was installed for
  https://v8.next.forgejo.org and will perform the upgrade.
* v7 - nothing will happen for https://v7.next.forgejo.org because
  it still relies on the hourly cron job.
* v1.21 - nothing will happen because https://v1.next.forgejo.org does
  not exist.

See also:

* https://forgejo.org/docs/next/developer/infrastructure
* https://code.forgejo.org/infrastructure/wakeup-on-logs
2024-07-01 12:52:59 +02:00
Renovate Bot
db8fb0021f Update renovate to v37.421.2 2024-07-01 00:01:26 +00:00
Earl Warren
a3491f064f Merge pull request 'test(js): make test-frontend-coverage displays vitest coverage' (#4224) from earl-warren/forgejo:wip-frontend-coverage into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4224
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-06-24 08:41:59 +00:00
Earl Warren
536efeb26e
test(js): make test-frontend-coverage displays vitest coverage 2024-06-24 10:03:42 +02:00
Renovate Bot
3244c96f1c Update ghcr.io/visualon/renovate Docker tag to v37.414.1 2024-06-24 00:02:22 +00:00
Elias Elwyn
abde31148f Integration test for redis alternatives - garnet, redict (#4138)
For #4082.

~~Per the discussion in the issue, the current plan will likely involve duplicating the redis library calling code once for each cacher, as neither garnet nor redict guarantee continued compatibility with redis.~~

See discussion below for details.

## Tasklist

- [x] Write workflow to run cache-specific unit test(s) only (cache, session, queue, nosql) for each cacher
- [x] Check whether garnet and redict pass unit tests with no code modification (gauge required work)
  - both passed, but that is because there were very few tests that test the remote cache store

### Out of scope for this PR

- Improve test coverage
  - `modules/cache` against a server
  - `modules/session` against a server (also needs tests in general)
- _(?) Duplicate implementation for each cacher_
  - _Restructure redis usage in `modules/cache` and `modules/settings/cache`_
  - _Restructure `modules/session` and its settings_
  - _Restructure `modules/queue` and its settings_
  - _Restructure `modules/nosql` and its settings_

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4138
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Elias Elwyn <a@jthv.ai>
Co-committed-by: Elias Elwyn <a@jthv.ai>
2024-06-18 12:31:15 +00:00
Renovate Bot
db767e2d12 Update ghcr.io/visualon/renovate Docker tag to v37.409.1 2024-06-17 00:02:26 +00:00
Renovate Bot
6e6c2aadd7 Update elasticsearch Docker tag to v7.17.22 2024-06-14 00:02:49 +00:00
Renovate Bot
c12b0cd10a Update ghcr.io/visualon/renovate Docker tag to v37.399.10 2024-06-10 02:02:27 +00:00
Renovate Bot
f253e352cd Update ghcr.io/visualon/renovate Docker tag to v37.392.0 2024-06-06 00:04:28 +00:00
Renovate Bot
8dd72661af Update ghcr.io/visualon/renovate Docker tag to v37.391.2 2024-06-05 16:08:45 +00:00
Renovate Bot
c071bdaf96 Update elasticsearch Docker tag to v7.17.21 2024-06-05 00:05:10 +00:00
Mai-Lapyst
e58ce86264 Update the elasticsearch mappings for issues to use long instead of integer for int64 (#3982)
This updates the mapping definition of the elasticsearch issue indexer backend to use `long` instead of `integer`s wherever the go type is a `int64`. Without it larger instances could run into an issue.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3982
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Co-committed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
2024-06-04 07:37:59 +00:00
Renovate Bot
87b4a169ca Update ghcr.io/visualon/renovate Docker tag to v37.385.0 2024-06-02 22:06:00 +00:00
Michael Kriese
629554f8a8
chore(renovate): use sqlite package cache 2024-05-31 13:54:12 +02:00
Renovate Bot
1a6fb16166 Update ghcr.io/visualon/renovate Docker tag to v37.382.4 2024-05-31 09:09:22 +00:00
Earl Warren
b1e78f0354 Merge pull request 'Update redis Docker tag to v7.2.5' (#3896) from renovate/redis-7.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3896
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-25 08:40:32 +00:00
Earl Warren
98be7826a3
chore(dependency): pin redis to 7.2 for testing
There is no need to pin a specific patch version for testing. The
worst that can happen in this context is that the CI fails and it can
be addressed in this context. It will not impact releases.
2024-05-25 08:25:51 +02:00
Renovate Bot
3b0501e69f Update code.forgejo.org/oci/alpine Docker tag to v3.20 2024-05-25 02:05:40 +00:00
Renovate Bot
237362ddd3 Update redis Docker tag to v7.2.5 2024-05-25 00:05:17 +00:00
Renovate Bot
f5157085aa Update ghcr.io/visualon/renovate Docker tag to v37.374.3 2024-05-22 20:06:04 +00:00
Victoria Nadasdi
df0d1a2134 feat: parse prefix from redis URI for queues (#3836)
For security reasons, scoping access to a redis server via ACL rules is
a good practice. Some parts of the codebase handles prefix like cache[^1]
and session[^2], but the queue module doesn't.

This patch adds this missing functionality to the queue module.

Note about relevant test:
I tried to keep the PR as small as possible (and reasonable), and not
change how the test runs. Updated the existing test to use the same
redis address and basically duplicated the test with the extra flag. It
does NOT test if the keys are correct, it ensures only it works as
expected. To make assertions about the keys, the whole test has to be
updated as the general wrapper doesn't allow the main test to check
anything provider (redis) specific property. That's not something I
wanted to take on now.

[^1]: e4c3c039be/modules/cache/cache_redis.go (L139-L150)
[^2]: e4c3c039be/modules/session/redis.go (L122-L129)

Signed-off-by: Victoria Nadasdi <victoria@efertone.me>

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3836
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Victoria Nadasdi <victoria@efertone.me>
Co-committed-by: Victoria Nadasdi <victoria@efertone.me>
2024-05-20 14:10:54 +00:00
Earl Warren
b88bae5c5a Merge pull request 'Enable renovate osv vulnerability alerts' (#2788) from viceice/forgejo:chore/renovate into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2788
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-14 12:01:47 +00:00
Renovate Bot
159474ff23 Update ghcr.io/visualon/renovate Docker tag to v37.359.0 2024-05-14 10:03:32 +00:00
Michael Kriese
06725504a3
Enable renovate osv vulnerability alerts 2024-05-14 09:42:22 +02:00
Renovate Bot
8e1a6d8e73 Update ghcr.io/visualon/renovate Docker tag to v37.351.2 2024-05-08 20:05:21 +00:00
Renovate Bot
73031f4b80 Update ghcr.io/visualon/renovate Docker tag to v37.340.9 2024-05-05 02:04:30 +00:00
Renovate Bot
15978d4d07 Update ghcr.io/visualon/renovate Docker tag to v37.330.1 2024-05-01 06:02:32 +00:00
Renovate Bot
a3be70f0a5 Update ghcr.io/visualon/renovate Docker tag to v37.323.3 2024-04-26 04:02:40 +00:00
Earl Warren
aa66d0a0eb
test(ldap): add LDAP tests 2024-04-24 22:06:32 +02:00
Renovate Bot
56831d345d Update ghcr.io/visualon/renovate Docker tag to v37.316.2 2024-04-22 12:03:00 +00:00
Earl Warren
9303f8e72d
ci(renovate): fix step names (take 2) 2024-04-18 20:08:27 +02:00
Earl Warren
c7b8a434c3 Merge pull request 'ci(renovate): fix step names' (#3311) from viceice/forgejo:ci/renovate/fix-step-names into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3311
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-18 14:04:19 +00:00
Renovate Bot
0f078ba4c9 Update ghcr.io/visualon/renovate Docker tag to v37.305.0 2024-04-18 11:25:53 +00:00
Michael Kriese
1f4915692b
ci(renovate): fix step names 2024-04-18 13:22:51 +02:00
Renovate Bot
ca2473e895 Update ghcr.io/visualon/renovate Docker tag to v37.303.2 2024-04-17 16:05:21 +00:00
Earl Warren
97189d41f3
fix(release): add missing ARG RELEASE_VERSION
The ARG RELEASE_VERSION set in the build-env image does not propagate
to the images that follow. As a result the value of the version label
is always empty.

This should have been caught by the test in the CI but although it
notified the problem in the output, it did not fail. Upgrade to the
forgejo-build-publish version that fixes this false positive.
2024-04-17 17:16:53 +02:00
Earl Warren
028d19c0fe
feat(release): add OCI labels to container images 2024-04-16 17:50:57 +02:00
Earl Warren
3d2fa4930d Merge pull request 'Update ghcr.io/visualon/renovate Docker tag to v37.296.0' (#3221) from renovate/ghcr.io-visualon-renovate-37.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3221
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-04-15 17:25:56 +00:00
Earl Warren
bd431f64f6
[CI] configure backport to comment on the PR on failure 2024-04-15 18:23:57 +02:00
Renovate Bot
84b3136f26 Update ghcr.io/visualon/renovate Docker tag to v37.296.0 2024-04-15 16:07:18 +00:00
Renovate Bot
2059abd9c0 Update ghcr.io/visualon/renovate Docker tag to v37.290.1 2024-04-13 00:04:43 +00:00
Earl Warren
9ef05fec5d Merge pull request 'Update forgejo/forgejo-build-publish action to v5' (#3182) from renovate/forgejo-forgejo-build-publish-5.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3182
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-12 12:22:24 +00:00