Git Hosting: Difference between revisions
(→Usage) |
(Document locale issues) |
||
(12 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
We have a [https://git.csclub.uwaterloo.ca |
We have a [https://git.csclub.uwaterloo.ca Gitea] instance running on [[Machine List#caffeine|caffeine]]. You can sign in via LDAP to the web interface. Projects used by CSC as a whole are owned by the [https://git.csclub.uwaterloo.ca/public public] organization, except for website-committee related repos, which are owned by the [https://git.csclub.uwaterloo.ca/www www] org. |
||
== Installation Details == |
|||
<code>/etc/gitea</code> on caffeine contains the configs for Gitea. It's installed as a Debian package, with additional files in <code>/var/lib/gitea/</code>and a systemd service at <code>/lib/systemd/system/gitea.service</code>. |
|||
There is a custom locale (used to define CSC-custom strings in some pages) at <code>/var/lib/gitea/custom/options/locale/locale_en-US.ini</code> that may need to be updated when the Gitea APT package is updated. To update this, run the <code>update_custom_locale.sh</code> in that directory (as root). |
|||
== Usage == |
== Usage == |
||
Line 5: | Line 10: | ||
- raymo |
- raymo |
||
=== SSH keys === |
|||
It is recommended to setup [https://git.csclub.uwaterloo.ca/user/settings/keys SSH keys] so that you do not have to enter your password each time you push to a repo. Once you have uploaded your public key, add the following to your ~/.ssh/config: |
|||
<pre> |
|||
Host csclub.uwaterloo.ca |
|||
HostName csclub.uwaterloo.ca |
|||
IdentityFile ~/.ssh/id_rsa |
|||
User git |
|||
</pre> |
|||
(Replace ~/.ssh/id_rsa by the location of your private SSH key.) Now you should be able to clone, push and pull over SSH. |
|||
== Continuous Integration == |
|||
We are running a CI server at https://ci.csclub.uwaterloo.ca. It uses OAuth via Gitea for logins, so you need to have logged in to Gitea first. See https://docs.drone.io/ for documentation. All you have to do is create a .drone.yml file in your repo, then enable CI on the repo from the CSC Drone website. There is an example [https://git.csclub.uwaterloo.ca/merenber/drone-test here]. |
|||
== Pushing and pulling from the filesystem == |
== Pushing and pulling from the filesystem == |
||
(for syscom only) |
(for syscom only) |
||
<br> |
<br> |
||
If you need to keep the ability to push/pull from the filesystem, in addition to Gitea, you will need to |
If you need to keep the ability to push/pull from the filesystem, in addition to Gitea, you will need to take the following steps. |
||
In this example, we are migrating a repo called 'public/repo.git', which is a folder under /srv/git on caffeine (which is a symlink to /users/git). |
|||
For example, let's say we want to make sure that everyone in the syscom group can push to the a repo called 'keyring'. |
|||
The way we're doing this right now is kind of hacky, but it works: |
The way we're doing this right now is kind of hacky, but it works: |
||
<ol> |
<ol> |
||
<li> |
<li>Clone the original repo locally: <code>git clone /srv/git/public/repo.git</code></li> |
||
<li> |
<li>Delete the old repo (from phosphoric-acid, which has no_root_squash): <code>rm -rf /srv/git/public/repo.git</code></li> |
||
<li>Create a new repo with the name 'repo' from the Gitea web UI. This should create a bare repository at <code>/srv/git/public/repo.git</code>. (Make sure you choose the 'public' org from the dropdown.)</li> |
|||
<li> |
<li> |
||
Push the original repo to the new remote: |
|||
Clone the keyring.git.bak repo to somewhere else (e.g. your homedir), add the Gitea URL as another remote, and push to the Gitea remote. e.g. |
|||
<pre> |
<pre> |
||
cd |
cd repo |
||
⚫ | |||
git clone /srv/git/keyring.git.bak |
|||
cd keyring.git.bak |
|||
⚫ | |||
git push gitea master |
git push gitea master |
||
</pre> |
</pre> |
||
If there are any other branches, push them as well. |
|||
</li> |
</li> |
||
<li> |
<li> |
||
Remove any git gooks which require gitea: |
|||
Remove the new repo directory and replace it with the old one: |
|||
<pre> |
<pre> |
||
rm - |
rm $(grep -IRl gitea /srv/git/public/repo.git/hooks) |
||
mv /srv/git/keyring.git.bak /srv/git/keyring.git |
|||
</pre> |
</pre> |
||
(It appears that it is necessary to push to Gitea at least once for later changes to show up.) |
|||
</li> |
</li> |
||
<li> |
<li> |
||
Change file permissions |
Change file permissions: |
||
<pre> |
<pre> |
||
chown -R git: |
chown -R git:git /srv/git/public/repo.git |
||
chmod g+ |
chmod -R g+w /srv/git/public/repo.git |
||
</pre> |
</pre> |
||
You will need to do this from phosphoric-acid (due to NFS root squashing). |
You will need to do this from phosphoric-acid (due to NFS root squashing). |
||
</li> |
</li> |
||
</ol> |
</ol> |
||
Note that the repo folder SHOULD be owned by git:git. Anything else will likely break Gitea. (If a user pushes something to the folder and their umask doesn't allow group members to read, for example, then Gitea will be unable to read the repo.) |
|||
After the steps above, you *should* be able to push to the keyring repo in three ways: Gitea via HTTPS, Gitea via SSH, and via the raw filesystem (i.e. <code>git clone /srv/git/keyring.git</code>). Furthermore, everyone in syscom should be able to push to it via the filesystem. |
|||
<br> |
|||
This means that only trusted users should be in the git group - ideally, only syscom members. |
Latest revision as of 21:04, 14 September 2022
We have a Gitea instance running on caffeine. You can sign in via LDAP to the web interface. Projects used by CSC as a whole are owned by the public organization, except for website-committee related repos, which are owned by the www org.
Installation Details
/etc/gitea
on caffeine contains the configs for Gitea. It's installed as a Debian package, with additional files in /var/lib/gitea/
and a systemd service at /lib/systemd/system/gitea.service
.
There is a custom locale (used to define CSC-custom strings in some pages) at /var/lib/gitea/custom/options/locale/locale_en-US.ini
that may need to be updated when the Gitea APT package is updated. To update this, run the update_custom_locale.sh
in that directory (as root).
Usage
"It's basically GitHub"
- raymo
SSH keys
It is recommended to setup SSH keys so that you do not have to enter your password each time you push to a repo. Once you have uploaded your public key, add the following to your ~/.ssh/config:
Host csclub.uwaterloo.ca HostName csclub.uwaterloo.ca IdentityFile ~/.ssh/id_rsa User git
(Replace ~/.ssh/id_rsa by the location of your private SSH key.) Now you should be able to clone, push and pull over SSH.
Continuous Integration
We are running a CI server at https://ci.csclub.uwaterloo.ca. It uses OAuth via Gitea for logins, so you need to have logged in to Gitea first. See https://docs.drone.io/ for documentation. All you have to do is create a .drone.yml file in your repo, then enable CI on the repo from the CSC Drone website. There is an example here.
Pushing and pulling from the filesystem
(for syscom only)
If you need to keep the ability to push/pull from the filesystem, in addition to Gitea, you will need to take the following steps.
In this example, we are migrating a repo called 'public/repo.git', which is a folder under /srv/git on caffeine (which is a symlink to /users/git).
The way we're doing this right now is kind of hacky, but it works:
- Clone the original repo locally:
git clone /srv/git/public/repo.git
- Delete the old repo (from phosphoric-acid, which has no_root_squash):
rm -rf /srv/git/public/repo.git
- Create a new repo with the name 'repo' from the Gitea web UI. This should create a bare repository at
/srv/git/public/repo.git
. (Make sure you choose the 'public' org from the dropdown.) -
Push the original repo to the new remote:
cd repo git remote add gitea https://git.csclub.uwaterloo.ca/public/repo.git git push gitea master
-
Remove any git gooks which require gitea:
rm $(grep -IRl gitea /srv/git/public/repo.git/hooks)
-
Change file permissions:
chown -R git:git /srv/git/public/repo.git chmod -R g+w /srv/git/public/repo.git
You will need to do this from phosphoric-acid (due to NFS root squashing).
Note that the repo folder SHOULD be owned by git:git. Anything else will likely break Gitea. (If a user pushes something to the folder and their umask doesn't allow group members to read, for example, then Gitea will be unable to read the repo.)
This means that only trusted users should be in the git group - ideally, only syscom members.