Currently if you end up at opendev.org it isn't clear how to start
contributing code. Add a "Get Started" link to the nav bar header to
will send you to the opendev developer docs.
Note we may want to consider updating the developer docs to be a better
landing page or even create a new doc for that, but this is a start.
Change-Id: Iee43e2552c1be2e4cd46f43f050e476f140530ad
We seem to semi regularly get questions about why we don't use features
like Gitea's issue tracker and wiki. Add that to the opendev.org front
page FAQ.
Change-Id: Ie5c4602741dcdb9cc4e87b9286a8f6b8b7ed7934
We don't use the bazel image anymore, so it can go away.
Also, the bouncy castle line in the gerrit base dir is bong.
Change-Id: I58842dd9adee108893c0c953c4bb8361b9117775
We install jeepyb and launchpadlib in gerrit-base. Those are
important. We also need to add cgi for gitweb.
The gerrit init command does two things that we don't actually
want it to do at runtime. It extracts the plugins into the
plugins dir, and it downloads the right database library.
We can extract the plugins for it during image creation, and
then we can also download the plugin it would have downloaded.
We can also download the mysql library for it:
https://gerrit.googlesource.com/gerrit/+/refs/heads/stable-2.13/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/init/libraries.config
Finally, we tell it to not download or expand anything during
init, because we're running in a container and next time we run
the process that dir isn't going to be there.
Our gerrit integration tests don't depend on our gerrit image builds.
Put in image depends between run-review and gerrit builds.
We also need to depend directly on opendev-buildset-registry.
Add java.security.egd setting to java invocation
This tells java to be secure.
https://stackoverflow.com/questions/58991966/what-java-security-egd-option-is-for
Add support for setting heap limit properly
The gerrit init script does this based on the value in
container.javaOptions. We could, but then we'd have to
run an entrypoint script. Instead, set the value via
the JAVA_OPTIONS env var setting based on a value from
ansible.
Finally, make gerrit-master image build non-voting
It looks like there might be a real issue, but debugging that
is not important for us at this moment.
Depends-On: https://review.opendev.org/714216
Change-Id: I01e94c10f470fb3c8ddfce7b0e201357e5050679
Upstream stopped running make generate in order to fix their static file
builds [0]. Our static file builds have stopped working with our bump to
1.11.3. Apply the corresponding fix to our dockerfile.
Note that we also use clean-all instead of clean to be sure we clean all
the js and css files first.
[0] 48be1889cd (diff-3254677a7917c6c01f55212f86c57fbf)
Change-Id: I40f0449ae29e185ba7082f2f5a27dc96acf58e31
With the move from OpenStack governance to our own OpenDev team, we
should also move to use the #opendev IRC channel in preference to
the #openstack-infra channel which will remain in use for OpenStack
specific discussions.
Update the references in our docs accordingly.
Change-Id: I448704f5d2664fd233a69a2ad12578ca24d9878a
We need to use bazelisk to build gerrit so that we can properly
track bazel versions in the job. Use the roles developed for
gerrit-review to do that, then simplify the dockerfile to have
it simply copy the war into the target image.
Also add polymer-bridges.
Depends-On: https://review.opendev.org/709256
Change-Id: I7c13df51d3b8c117bcc9aab9caad59687471d622
There was an issue in pip that prevented correctly caching locally
built wheels [1]. This has been fixed in recent pip versions so
upgrade pip in both images so image caching works correctly. This is
needed to unbreak nodepool images that fail to install the locally
built netifaces package.
[1] https://github.com/pypa/pip/issues/6852
Change-Id: Ibbe12bcc53253a80d0bafa3d09a20c49a3a2b784
haproxy-statsd uses opendevorg/python-base already. Add that to its
job dependencies and make sure it triggers on updates to python-base.
Update the FROM line to be fully qualified.
Change-Id: I9c8e8094f5570bf44076915610cd1be6d95ed326
To make it clear that docker hub is but one of many possible registries,
update our usage of FROM and image: lines to include docker.io in the
path.
There are a few other FROM lines for the gitea images which are handled
in a separate stack.
Change-Id: I6fafd5f659ad19de6951574afc9a6b6a4cf184df
1.10 introduces a PASSWORD_COMPLEXITY setting with a default value
of lower,upper,digit,spec - which requires passwords to have an
upper, lower, digit and special character. Our example password does
not have this, so set the PASSWORD_COMPLEXITY setting. We could
alternately leave it at the default and ensure that our passwords
meet the spec.
The sshd_config file is templated now, so we can set the listen port
via env var.
Change-Id: I6e4b595eabb9c6885d78fff1109ea9f602e89ef7
We need to run bindep before installing git, because otherwise if
a project needs git in its bindep, it won't show up because it'll
be on the build host.
Split the function in two and call them before and after the git
installation.
Change-Id: I316b1bc643eb9293500b31e676361eec7060701d
In the dependent change, the docker roles will add sibling packages to
the .zuul-siblings directory of the checked-out source.
Refactor the "assemble" script to handle this. Essentially we build
the wheel for "." and then iterate over ZUUL_SIBLINGS subdirectories
(set in a --build-arg by the role in dependent change) to also build
the sibling packages. Note we concatenate the bindep.txt files, so
that we end up with the complete package list required by the main
code and its dependencies.
"install-from-bindep" now installs all the wheels, using --force to
make sure we re-install the speculatively built packages.
This means that a single Dockerfile works under Zuul when
ZUUL_SIBLINGS is set, pointing to Zuul's checkouts; but it also works
stand-alone -- in this case ZUUL_SIBLINGS is empty and we just install
from upstream as usual.
Depends-On: https://review.opendev.org/696987
Change-Id: I4943ae723b06b0ad808e7c7f20788109e21aa8bf
We are seeing issues with hanging git connections discussed in [1].
It is suggested to upgrade to gitea 1.9.6; do that.
[1] https://github.com/go-gitea/gitea/issues/9006
Change-Id: Ibbbe73b5487d3d01a8d7ba23ecca16c2264973ca
The homepage mentions a lot of technologies that OpenDev use, but
doesn't link to any of the running instances. This commit
adds links to review.opendev.org, etherpad.openstack.org and
the configuration for the opendev homepage itself, so that
it's easier to find things and to experience the technologies
it refers to.
Change-Id: Ia041ebbc558539955238bb4fdb4da868bf6f1dd8
I'm bad at Gitea templates, so the recently-introduced "proposed
changes" tab is active-selected (while it should never be) and the link
is missing the repository name.
This should fix it...
Change-Id: I02adc8ebd012adc233a37223480d14517c7f3c98
Gitea is quickly becoming the public face of Opendev, however it can
be difficult for visitors to understand how to propose changes (or
access already-proposed changes), and then assume everything on opendev
is read-only (which is the exact opposite of what we want to convey).
In the spirit of further integrating Opendev tooling, add a link to
on every repository to open proposed changes on Gerrit.
NB: the link is not I18n-ilized since there is no simple way to add a
new string there, and I did not want to use teh "Pull requests"
terminology.
Change-Id: I851a1e7d25556194947198a8f5534542d167c7f8
Java is in /usr/local in these base images. Also, combining
ENTRYPOINT and CMD with [] syntax seems to lead to the whole
thing with [ getting passed to the entrypoint - which leads to
errors like:
/bin/sh: 1: [/usr/bin/java,: not found
Change-Id: I7c1ebdff58d6590724eaf5d429437a5c8c25fe22
Also Revert "Update gitea build to golang 1.13 on buster-slim"
1.9.4 has a bug where doing a get as an unauthenticated user
results in a 500:
http://paste.openstack.org/show/785534/
A pull request has been submitted upstream:
https://github.com/go-gitea/gitea/pull/8653
This reverts commit 1993d985d037a24f31c85026d8add2a8d23b4d9a.
This reverts commit cedb272a9bcbc044180b5caef81567673b0434ff.
Change-Id: I75c117d0dc851f7b3c389a19ad0c8e233886b250
So that we can keep one python base image for our python things,
base jinja-init and gitea-init on python-base. Also, tie jinja-init
to python-base in the dependency graph and gitea-init to jinja-init.
This way if python-base updates, we'll rebuild our python images.
Update FROM lines to use full paths to images.
Change-Id: I554bf07fa8e458e443729cf4b8f40d7ceeaafa04
buster is the new debian release, use it. And use the
slim image, rather than the full, because we can.
Upstream is now building with 1.13 - follow suit.
Update the FROM lines to use explicit paths to images.
Change-Id: I42f7cea1365b8bb0af56861f38107cbdffd130b0
This is the latest release from upstream. We're not
currently running with any additional patches, although
we did submit one for the atomic updating of repo counts. That
patch will be in 1.10.
There is only one change to the templates we've customized
since the ref we're running from. That is included in the
repo/header.tmpl.
Change-Id: Id426ce6072e127a08810b9fbb109445d36bef2d9
Apparently, an update to the python-base image caused a new image
to be uploaded to dockerhub. Because python-builder was not updated,
it is running a slightly older base image which we believe is causing
issues with python wheel packaging due to possible different python
versions.
Change-Id: I38948882131e30c7358a970292621b0280b75aac
A few things have changed and we need to fix them in one go.
Use mirror for installing docker for buildset-registry
While, we need to make this more systemic, that's hanging off of the
mirror rework. For now, since we know all of these jobs are debian
based, just set the mirror location.
Replace use of zuul cloner with git clones
You can never be a prophet in your own hometown. This is now broken
because of the git cache rework, so just replace it.
Update libjemalloc library
python:slim is based on buster now, which has libjemalloc2 not
libjemalloc1.
Remove gerrit repo remote for submodules
A recent change to the base jobs to use prepare-workspace-git
broke the gerrit image builds by actually having the origin
remote by /dev/null as intended. This breaks submodules because
for a few of them where we don't have matching stable branches
the submodule relative path behavior is actually exactly what
we want.
Since we don't care about the remote otherwise, remove the
origin remote before doing the submodule update --init so that
the submodule will clone the refs from the zuul prepared repo.
Change-Id: Ieb5b6bc8711fe971ed3445c7c267306ac4616464
Our existing config management puts files into hooks and static.
We can bind mount those in, but having the mount-points in the
image is useful.
The tmp dir is important for gerrit to be able to write
plugin expansions and javaamelody data.
Change-Id: Idd917c268ed7bdead412620dfe3ca842736b7463
1.0.0 has released, which is what gerrit wants now. Use it.
Depends-On: https://review.opendev.org/688555
Change-Id: I6cd76b8cfda3656d6105f9fe96b82a388809375f
