We are upgrading from 1.23.1 to 1.23.3. Both 1.23.2 and 1.23.3 are
bugfix releases but 1.23.2 includes a breaking change to webhooks. We
don't use webhooks so this shouldn't affect us. Complete changelog can
be found here:
https://github.com/go-gitea/gitea/blob/v1.23.3/CHANGELOG.md
There is also a minor update to one of the templates we override which I
have synced over.
Change-Id: I97ba30309da63ecb4fb4fc301209c60ea8dc8504
This appears to be a very minor update from 2.2.6 (as far as I can tell
dockerfile and settings haven't changed). The changelog indicates that
important changes were rewritten to use react 19 and react router v7.
Other than that only dependency updates were made.
https://github.com/ether/etherpad-lite/blob/v2.2.7/CHANGELOG.md
Change-Id: I48e8914ffa7026e35b6341628a709301c6a61c26
This updates our gitea image builds to Gitea 1.23. There are a number of
breaking changes (noted below) and the full changelog can be seen here:
https://github.com/go-gitea/gitea/blob/v1.23.1/CHANGELOG.md
* BREAKING
* Rename config option [camo].Allways to [camo].Always (#32097)
* This config section is not in our app.ini.
* Remove SHA1 for support for ssh rsa signing (#31857)
* We don't require the use of ssh rsa signing so shouldn't impact
us.
* Use UTC as default timezone when schedule Actions cron tasks (#31742)
* We don't use Actions so this shouldn't affect us.
* Delete Actions logs older than 1 year by default (#31735)
* We don't use Actions so this shouldn't affect us.
* Make OIDC introspection authentication strictly require Client ID
and secret (#31632)
* We don't use OIDC so this shouldn't affect us.
Separately I believe that a fix for the memory leak we have observed did
land in 1.23.
We do update to golang 1.23 to match upstream, and have edited our
overridden template to match as well.
Finally, we switch the mariadb image over to our opendevmirror'd image
on quay.io. This is a good opportunity to make the switch as it avoids
unnecessary extra downtime/upgrades.
Change-Id: Ie613160477d2236a27dc047131ba003cb396b84b
Gerrit made new bugfix releases for the two images we're currently
building. The most important one is for 3.10.4 as we're currently
deploying 3.10 in production. The full changelog for 3.10.4 is here:
https://www.gerritcodereview.com/3.10.html
No breaking changes are noted. Primarily a bugfix release.
Bundling this update with a change to increase h2 compaction time may be
a good idea.
Change-Id: Ieed0cdb937681d9c30ede87e483ca0abe3c3c1ad
This is another small bugfix update. Full changelog can be seen here:
https://github.com/go-gitea/gitea/blob/v1.22.6/CHANGELOG.md
The templates that we override have not been updated since v1.22.5.
Change-Id: Ibffca22ee4d285e58a0cbed72685113f097cddf2
This appears to be a fairly minor bugfix release with fixes to branch
deletion permissions (doesnt' really affect us), updates to the crypto
library, and miscellaneous behavior fixes. Full changelog can be seen
here:
https://github.com/go-gitea/gitea/blob/v1.22.5/CHANGELOG.md
There are no differences in the templates we override between v1.22.4
and v1.22.5 according to git diff.
Change-Id: Ic61ebdc28a9441ce00c9739f54a034165000e5d0
This updates gitea from 1.22.3 to 1.22.4 to pickup a number of bugfixes
and performance improvements. Unfortunately, it doesn't look like our
suspected memory leak problem has been addressed yet according to the
issue tracker and the release notes. Full release notes can be found
here:
https://github.com/go-gitea/gitea/blob/v1.22.4/CHANGELOG.md
The templates that we override do not appear to have any updates in this
release so we don't make any update to them here.
Change-Id: Iaa7ed850ded311b547052e1afafbd06e0fd05560
This appears to be a small update compared to other recent updates. In
particular the dockerfile has not changed and neither have the
settings.json files. The changelog can be found here:
https://github.com/ether/etherpad-lite/blob/v2.2.6/CHANGELOG.md
The only notable update there is that pads can be deleted by their
creators. I suspect this is a noop for us since we don't do
authenticated access, but we should check with a held node.
Change-Id: I4e935828912d004eb7694e981926557db8b26e56
There are new bugfix updates for both of the Gerrit images we are building.
Bump up to these new releases. As far as I can tell all plugins with fixed
tags have just been retagged (for both v3.9.x and v3.10.x).
Change-Id: Ie57b11a48919bd3fb0f27beaf8d92a99397bb10a
This is a bugfix release with a number of improvements. The full
changelog can be found here:
https://github.com/go-gitea/gitea/blob/v1.22.3/CHANGELOG.md
There were no template changes in the template we override compared to
v1.22.2 (the current deployed version). No other build changes appear to
exist either (same golang version etc).
Change-Id: Id8d7057596e2a067534076507ffa64e4a85ac5e3
This upgrades our images to Alpine 3.20, Django 4.2, Mailman 3.3.10,
Postorius 1.3.13, Hyperkitty 1.3.12 and django-mailman3 1.3.15.
Files are re-synced with upstream (either container or project)
files, with versions and any alterations noted.
Change-Id: I78d37c0635d38ecfc1d1143a69892fe8d8685214
After the 2.2.4 release we upgraded to a development commit between
2.2.4 and the future (at that time non existant) 2.2.5 release to fix
integration between meetpad and etherpad. Now there is a proper 2.2.5
and we should update to get off the dev commit.
This release fixes a number of bugs, updates dependencies, and adds
proper swagger documentation for the API. The "complete" changelog can
be seen here:
https://github.com/ether/etherpad-lite/blob/v2.2.5/CHANGELOG.md
Note that I don't believe the API has changed they are merely
documenting it properly using swagger. Our testing should confirm.
To expose the new swagger documentation we do add /api-docs/ and
/api-docs.json to our proxy exclusion list.
We also update our settings.json files to sync with upstream. This pulls
in a new `updateServer` key value pair to set the location that should
be checked by etherpad to determine if there is a newer version
available. I believe this behavior has existing for years they are just
now making it a bit more configurable. Unfortunately the way this value
is used I think we will do a local file lookup if we set the value to
"". I've stuck with the default since this shouldn't be a regression and
we can try to disable it later.
Change-Id: I73a09a0c79db18887cb1703c84f9aebae6f072eb
We're running v1.22.1 currently and v1.22.2 fixes a number of bugs. The
full changelog can be seen here:
https://github.com/go-gitea/gitea/blob/v1.22.2/CHANGELOG.md
The template files we override have not changed and neither has the
Dockerfile since we last upgraded. I expect this should be a fairly
straightforward bugfix upgrade. Reviewers please to read the changelog
to see if there is anything we should be concerned about.
Change-Id: I4983865c94429c4cbcb54329f0f83b2fb0f26404
This updates etherpad to the current develop branch state
(commit 08f199178d2932cc0ec956aaeb3f62e8a535598a) to pull in a fix after
the v2.2.4 release and before v2.2.5. Specifically we're interested in a
fix for embedding etherpad as we do with meetpad.
If a 2.2.5 release is pushed before this lands we should switch over to
that instead.
Change-Id: I497c6b434dae54ed808f62143a4c12fb42cc2c47
There are 2.2.0 and 2.2.1 tags but no built releases and they don't show
up in the changelog for 2.2.2 either. Thats fine we can ignore them and
upgrade to latest (2.2.4) instead. The changelog for 2.2.4 can be found
here:
https://github.com/ether/etherpad-lite/blob/v2.2.4/CHANGELOG.md
Notable this changes how plugins are loaded into the js shipped to the
browser. We should confirm that our plugins are working as expected as
part of this update.
On the config management side of things there are some small updates to
the Dockerfile to sync up with upstream changes to how etherpad is
built. We also update the settings json file to configure log type. Note
this change was only made to the normal settings file and not the docker
settings file upstream so we match that in this change as well.
Finally we also update our mod_rewrite rules in apache to prevent new
javascript loading locations from being redirected to /p/
inappropriately. Previously we were redirecting foo.min.js to
/p/foo.min.js which caused the server to return html instead of js which
led to syntax errors. This then resulted in js errors from the
ep_headings plugin. It appears this plugin is ancient and no longer
maintained and seems to rely on require() functionality that was removed
from etherpad in 2.2.2. We switch to the ep_headings2 plugin instead.
This will allow us to file bugs against maintained software should
problems persist.
Fungi tested ep_headings2 against our production db content and things
seem to work despite this issue existing [0]. We should upgrade
carefully but it seems like things will likely be functional.
We should also check if these redirect rules affect meetpad as well. But
this can likely be done after the upgrade.
[0] https://github.com/ether/ep_headings2/issues/4
Change-Id: I4a907b5170d3612f4525153a0a07c291d6481a92
We'll continue to deploy 'latest' but we tag the etherpad version
explicitly in order to make rollbacks simpler if necessary. Etherpad has
seen a resurgence in development which has led to some potentially
painful upgrade paths that we need to accomodate. Having rollbacks be
possible is a nice safety net.
Change-Id: I3ea59c1e4b33d777fae356d377773a4a60e9313e
We just updated the gerrit image version tags but that did not promote
the images in docker hub so production doesn't see them. Force a rebuild
via the dockerfile (with an updated comment) to actually get images to
promote.
Change-Id: I0ea50b1d92b8633e59d4c4aff1b0ec8c7a47a0b5
This newer version actually restores APIKEY authentication, but we
already converted to oauth2.0 so we don't revert. Otherwise it seems
like there are a number of small fixes. Full change log here:
https://github.com/ether/etherpad-lite/blob/v2.1.1/CHANGELOG.md
In this change we resync configuration template files which results in a
few small updates. We also realign the dockerfile with upstream which
also results in a few small updates one of which is bumping the nodejs
version to 22 from 20.
Change-Id: I39664fde59a7cc9fdf2451d41018ae11b9e99b79
Changes made on our side to make this upgrade happen:
* Update the gitea checkout tag to v1.22.1
* Update the golang container version to 1.22 as gitea 1.22 has an
undocumented hard dependency on golang 1.22 or newer.
* Update our overridden template files to match latest gitea template
changes.
* Update our app.ini config to switch from [oauth2].ENABLE to
[oauth2].ENABLED as the previous config string is deprecated and will
be removed in 1.23.0 per:
...es/setting/oauth2.go:124:loadOAuth2From() [E] Deprecation: config
option `[oauth2].ENABLE` presents, please use `[oauth2].ENABLED`
instead because this fallback will be/has been removed in v1.23.0
The full release notes for this release can be found here:
https://github.com/go-gitea/gitea/blob/v1.22.1/CHANGELOG.md
I've including the list of breaking changes below with my own
annotations on how/whether they affect us.
* BREAKING
* Improve reverse proxy documents and clarify the AppURL guessing behavior (https://github.com/go-gitea/gitea/pull/31003) (https://github.com/go-gitea/gitea/pull/31020)
* This isn't actually a breaking chagne but they have improved docs
around how to properly set Host and X-Forwarded-Proto headers for
gitea to enable better logging behind a reverse proxy. We should
investigate.
* Remember log in for a month by default (https://github.com/go-gitea/gitea/pull/30150)
* Default was a week. We should consider rolling back to low values
since we don't have real users.
* Breaking summary for template refactoring (https://github.com/go-gitea/gitea/pull/29395)
* All custom templates need to follow these changes
* I don't think we're using any of the changed methods/functions in
our templates. Testing should help confirm this.
* Recommend/convert to use case-sensitive collation for MySQL/MSSQL (https://github.com/go-gitea/gitea/pull/28662)
* This is the doctor update to address case sensitivity problems
between git and gitea. We'll need to test this as part of our
upgrade process and testing.
* Make offline mode as default to not connect external avatar service by default (https://github.com/go-gitea/gitea/pull/28548)
* We are already disabling gravatar. I think this will disable it
harder.
* Include public repos in the doer's dashboard for issue search (https://github.com/go-gitea/gitea/pull/28304)
* This affects end user dashboard info rendering which we don't use.
* Use restricted sanitizer for repository description (https://github.com/go-gitea/gitea/pull/28141)
* We already control what goes into repo descriptions via
projects.yaml. Shouldn't really affect us.
* Support storage base path as prefix (https://github.com/go-gitea/gitea/pull/27827)
* This change looks scary at first glance but appears to only affect
minio storage systems (which is like an s3 abstraction layer). We
store things to disk and shouldn't be affected if I read the PR
correctly.
* Enhanced auth token / remember me (https://github.com/go-gitea/gitea/pull/27606)
* THis appears to improve security but it isn't clear what the
effect on end users is. We'll see if our CI jobs are happy with
new token generation I guess.
* Rename the default themes to gitea-light, gitea-dark, gitea-auto (https://github.com/go-gitea/gitea/pull/27419)
* If you didn't see the new themes, please remove the [ui].THEMES config option from app.ini
* We don't do anything special for themes so this should noop for
us.
* Require MySQL 8.0, PostgreSQL 12, MSSQL 2012 (https://github.com/go-gitea/gitea/pull/27337)
* Our version of MariaDB should be new enough to rough rough feature
equivalent with MySQL 8.0 and newer. We might consider helping
upstream add MariaDB testing if they haven't already though.
Change-Id: Ifb4f0d92d70bc06f717e6535f1b67a221e127180
There are new bugfix updates for both of the Gerrit images we are
building. Bump up to these new releases. The delta between these updates
and what we are already running should be quite small since we just
updated updates recently which will update the main gerrit repo off of
stable branches. Many plugins are fixed to tags but many of those simply
get retagged with new versions. There are some exceptions to this like
the codemirror-editor plugin though.
Overall though should be a straightforward update.
Change-Id: Ic8df1922672317f463e39548f318eae77796b9fd
The last rebuild only promoted our Gerrit 3.8 image. This appears to
have happened because we only modified the jobs and not the Dockerfile
itself. Fix this by modifying the Dockerfile which should rebuild and
promote both 3.8 and 3.9 images ensuring that our upgrade testing tests
what we want to upgrade to.
Change-Id: I8d06ea9971a6ee0c0e06e6fe2b73391526be6220
This updates changes how Etherpad is built and how authentication is
managed for API requests. This ends up changing a lot of our tooling
around etherpad but etherpad itself (other than the auth changes)
doesn't seem to change much. In response to this I update our admin docs
on common api tasks to use the new process. Then update our testinfra
testing as well to cover that to ensure it all continues to work
properly after this change.
Note the Dockerfile updates are all adapted from upstream. I'm actually
not fond of the decisions they have made in this image build, but being
in sync is probably more important than fixing the multistage builds and
being different.
This change jumps us from v1.9.7 to 2.0.3 (covers releases 2.0.0, 2.0.1,
and 2.0.2 too). A changelog can be found here:
https://github.com/ether/etherpad-lite/blob/v2.0.3/CHANGELOG.md
Change-Id: Ia7c4f26d893b4fc4a178262e1a6b9f3fa80d2a5c
This is our semi regular python base image rebuild. This ensures we're
running relatively up to date python builds as well as base system
packages (though many of our image builds update the base system too).
Change-Id: Ice918219a64bd5845de9dc3330bf292261c6a80e
Gitea wants us to move the robots.txt file to a new location. It
currently logs a warning about it:
2024/04/17 19:30:56 cmd/web.go:191:serveInstalled() [E] Found legacy public
asset "robots.txt" in CustomPath. Please move it to
/custom/public/robots.txt
Change-Id: Ic4a7f3bbe4633972e0409b37b511fdb03f968442
This is a bugfix update upgrade from v1.21.10 to v1.21.11. None of the
templates we override have been changed between these two versions
according to git diff.
A full changelog can be found here:
https://github.com/go-gitea/gitea/blob/v1.21.11/CHANGELOG.md
Change-Id: I4d3648e311fe87b275856f2d73aca4a79c2c5507
Gitea and OpenDev are playing a game of tag. Whenever we bump our
deployment up to the lastest version they release a new version the next
day. That means there is now a v1.21.10 available shortly after updating
to v1.21.9.
Again this appears to be a fairly straight forward bug fix release.
There are no diffs in the templates we override between 1.21.9 and
1.21.10. Full release notes can be found here:
https://github.com/go-gitea/gitea/blob/v1.21.10/CHANGELOG.md
Change-Id: I7491d18b14100ca6457d42994a45de1e70de8758
Almost immediately after we upgraded to 1.21.8 a new 1.21.9 release
became available. Again this appears to largely be a bugfix release with
no super important changes for us. However, there are performance
improvements which are always nice to see. The template files that we
override have not changed between 1.21.8 and 1.21.9.
Full change log can be found here:
https://github.com/go-gitea/gitea/blob/v1.21.9/CHANGELOG.md
Change-Id: Ica763081203d9be44c9de0923a261afa820c891b
This is a bugfix release with no template updates and no other impactful
deployment changes that I can see. Full changelog notes can be found
here:
https://github.com/go-gitea/gitea/blob/v1.21.8/CHANGELOG.md
Change-Id: I6009bbebc261e87702b7f603bf179be89d31edb9
This upgrades our gitea container image and, thus deployment, to version
1.21.7 from 1.21.5. There are no updates to the three template files we
override upstream according to git diff in the gitea repo.
A full changelog can be found here:
https://github.com/go-gitea/gitea/blob/v1.21.7/CHANGELOG.md
Change-Id: I95d92f47085532275bf0f2508f9026e9394aebc7
There is at least one Gerrit bugfix for an NPE that we should pick up by
this update. There are also improvements to the MINA SSHD server that
gerrit runs.
Full changelogs can be found here:
https://www.gerritcodereview.com/3.8.html#384
Change-Id: Icba387496457c5a60fd914a6ee689104d3a52c1d
This change updates etherpad to version 1.9.7 from 1.9.6. The
changelog [0] is minimal, but does indicate there are changes to plugin
installations. Looking at the upstream Dockerfile, which we based our
Dockerfile on, there are no changes between 1.9.6 and 1.9.7 implying
this plugin installation update is transparent to us. That said we
should hold a node and test that our plugins are working as expected.
[0] https://github.com/ether/etherpad-lite/blob/v1.9.7/CHANGELOG.md
Change-Id: Ie708299fae39549f048f37938daa60668189be67
This update includes a number of bugfixes. The changelog can be found
here: https://github.com/go-gitea/gitea/blob/v1.21.5/CHANGELOG.md.
There is a security fix for inappropriate access to non public container
images. We don't how private data and we don't use the container
registry in gitea so this doesn't affect us.
There are no changes to template files that we override.
Change-Id: I9419a22736de82e135a25fca22aef1ed10c19e1a
We are currently running 1.21.3 so this shouldn't be a huge upgrade for
us. Full changelog can be found here:
https://github.com/go-gitea/gitea/blob/v1.21.4/CHANGELOG.md
Two template files are removed from our custom template overrides. They
were both included for the 1.21.3 so that we could manually patch a bug
that resulted in HTTP 500 errors when using gitea's code search
functionality. Upstream included these fixes in the 1.21.4 release so we
don't need to override to fix this any longer. This should be covered by
a testinfra test case now too.
Change-Id: I221e5cd185631751c082bdf5e2902057e5200dc0
We've experienced some runaway growth of Gitea archive cache files
on one of our backends, which according to upstream is often caused
by web crawlers indexing the archive URLs. They recommended updating
our robots.txt to the current state of https://gitea.com/robots.txt
in order to help mitigate the issue.
I've kept things we expressly commented out before still commented
out, or anything that seems similar to what we commented out on the
assumption that the reasons would carry over.
After some discussion in IRC, we also decided it would make sense to
disallow /avatars and /user/* like they do.
Change-Id: I2b43b89de08c9a9d170e1ecbd14b1e6336fd2c84
