From 987d2ec6106e79dedc3d466bf8f815f5e50555c7 Mon Sep 17 00:00:00 2001 From: Luciano Giacchetta Date: Wed, 8 Apr 2026 18:59:56 -0300 Subject: [PATCH 1/3] Testing Molecule --- .gitea/workflows/update-gitea-version.yml | 6 +++--- .github/workflows/trigger.yml | 17 +++++++++++++++++ 2 files changed, 20 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/trigger.yml diff --git a/.gitea/workflows/update-gitea-version.yml b/.gitea/workflows/update-gitea-version.yml index 68dc483..1721513 100644 --- a/.gitea/workflows/update-gitea-version.yml +++ b/.gitea/workflows/update-gitea-version.yml @@ -42,11 +42,11 @@ jobs: fi - name: Install Molecule - if: steps.check.outputs.needs_update == 'true' + # if: steps.check.outputs.needs_update == 'true' run: pip install ansible molecule molecule-plugins[podman] - name: Install Ansible collections - if: steps.check.outputs.needs_update == 'true' + # if: steps.check.outputs.needs_update == 'true' run: ansible-galaxy collection install containers.podman - name: Update gitea_version @@ -62,7 +62,7 @@ jobs: echo "Verified: gitea_version updated to $UPDATED" - name: Run Molecule tests - if: steps.check.outputs.needs_update == 'true' + # if: steps.check.outputs.needs_update == 'true' working-directory: ansible_role_scm run: molecule test diff --git a/.github/workflows/trigger.yml b/.github/workflows/trigger.yml new file mode 100644 index 0000000..09aa0e0 --- /dev/null +++ b/.github/workflows/trigger.yml @@ -0,0 +1,17 @@ +name: Calling Docusaurus + +on: + push: + branches: + - main + +jobs: + dispatch: + runs-on: ubuntu-latest + steps: + - name: Repository Dispatch + uses: peter-evans/repository-dispatch@v4 + with: + token: ${{ secrets.PUBLIC_REPOSITORY_DISPATCH }} + repository: gianet-us/www_gianet_us + event-type: trigger-docs-update -- 2.43.0 From a908afddc21e85e5d5a65149c578aea65d4cc3cc Mon Sep 17 00:00:00 2001 From: Luciano Giacchetta Date: Wed, 8 Apr 2026 19:30:56 -0300 Subject: [PATCH 2/3] fix missing autogerated keys, tokens and secrets --- tasks/main.yml | 91 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) diff --git a/tasks/main.yml b/tasks/main.yml index 032aca7..7e441ce 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -96,6 +96,97 @@ loop_control: label: '{{ item.path }}' +- name: "Slurp existing App Config" + ansible.builtin.slurp: + src: '{{ gitea_etc }}/app.ini' + register: _gitea_existing_ini + failed_when: false + no_log: true + +- name: "Extract existing secrets from App Config" + vars: + _ini: '{{ _gitea_existing_ini.content | default("") | b64decode }}' + ansible.builtin.set_fact: + _gitea_secret_key: >- + {{ (_ini | regex_search('SECRET_KEY\s*=\s*(\S+)', '\1') or ['']) | first }} + _gitea_internal_token: >- + {{ (_ini | regex_search('INTERNAL_TOKEN\s*=\s*(\S+)', '\1') or ['']) | first }} + _gitea_jwt_secret: >- + {{ (_ini | regex_search('(?m)^JWT_SECRET\s*=\s*(\S+)', '\1') or ['']) | first }} + no_log: true + +- name: "Generate SECRET_KEY" + when: + - "'SECRET_KEY' not in (gitea_app_ini.security | default({}))" + - _gitea_secret_key == '' + ansible.builtin.command: + argv: + - '{{ gitea_opt }}/{{ gitea_name }}' + - generate + - secret + - SECRET_KEY + register: _gitea_gen_secret_key + changed_when: false + no_log: true + +- name: "Generate INTERNAL_TOKEN" + when: + - "'INTERNAL_TOKEN' not in (gitea_app_ini.security | default({}))" + - _gitea_internal_token == '' + ansible.builtin.command: + argv: + - '{{ gitea_opt }}/{{ gitea_name }}' + - generate + - secret + - INTERNAL_TOKEN + register: _gitea_gen_internal_token + changed_when: false + no_log: true + +- name: "Generate JWT_SECRET" + when: + - "'JWT_SECRET' not in (gitea_app_ini.oauth2 | default({}))" + - _gitea_jwt_secret == '' + ansible.builtin.command: + argv: + - '{{ gitea_opt }}/{{ gitea_name }}' + - generate + - secret + - JWT_SECRET + register: _gitea_gen_jwt_secret + changed_when: false + no_log: true + +- name: "Merge generated secrets into App Config" + vars: + _secret_key: >- + {{ gitea_app_ini.security.SECRET_KEY | default( + _gitea_secret_key if _gitea_secret_key != '' + else ((_gitea_gen_secret_key | default({})).stdout | default('') | trim) + ) }} + _internal_token: >- + {{ gitea_app_ini.security.INTERNAL_TOKEN | default( + _gitea_internal_token if _gitea_internal_token != '' + else ((_gitea_gen_internal_token | default({})).stdout | default('') | trim) + ) }} + _jwt_secret: >- + {{ gitea_app_ini.oauth2.JWT_SECRET | default( + _gitea_jwt_secret if _gitea_jwt_secret != '' + else ((_gitea_gen_jwt_secret | default({})).stdout | default('') | trim) + ) }} + ansible.builtin.set_fact: + gitea_app_ini: >- + {{ gitea_app_ini | combine({ + 'security': (gitea_app_ini.security | default({})) | combine({ + 'SECRET_KEY': _secret_key, + 'INTERNAL_TOKEN': _internal_token + }), + 'oauth2': (gitea_app_ini.oauth2 | default({})) | combine({ + 'JWT_SECRET': _jwt_secret + }) + }) }} + no_log: true + - name: "Template App Config" notify: gitea_restart ansible.builtin.template: -- 2.43.0 From f61de6753f63a3dc027690a517abe5a545f13600 Mon Sep 17 00:00:00 2001 From: Luciano Giacchetta Date: Wed, 8 Apr 2026 19:35:29 -0300 Subject: [PATCH 3/3] re-enable controls --- .gitea/workflows/update-gitea-version.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitea/workflows/update-gitea-version.yml b/.gitea/workflows/update-gitea-version.yml index 1721513..68dc483 100644 --- a/.gitea/workflows/update-gitea-version.yml +++ b/.gitea/workflows/update-gitea-version.yml @@ -42,11 +42,11 @@ jobs: fi - name: Install Molecule - # if: steps.check.outputs.needs_update == 'true' + if: steps.check.outputs.needs_update == 'true' run: pip install ansible molecule molecule-plugins[podman] - name: Install Ansible collections - # if: steps.check.outputs.needs_update == 'true' + if: steps.check.outputs.needs_update == 'true' run: ansible-galaxy collection install containers.podman - name: Update gitea_version @@ -62,7 +62,7 @@ jobs: echo "Verified: gitea_version updated to $UPDATED" - name: Run Molecule tests - # if: steps.check.outputs.needs_update == 'true' + if: steps.check.outputs.needs_update == 'true' working-directory: ansible_role_scm run: molecule test -- 2.43.0