Git Hosting: Difference between revisions

From CSCWiki
Jump to navigation Jump to search
mNo edit summary
(8 intermediate revisions by 2 users not shown)
Line 1: Line 1:
We have a [https://git.csclub.uwaterloo.ca gitea] instance running off of <nowiki>caffeine</nowiki>. You can sign in via LDAP to the web interface. Projects used by CSC as a whole are owned by the [https://git.csclub.uwaterloo.ca/public public] organization.
We have a [https://git.csclub.uwaterloo.ca gitea] instance running off of <nowiki>caffeine</nowiki>. You can sign in via LDAP to the web interface. Projects used by CSC as a whole are owned by the [https://git.csclub.uwaterloo.ca/public public] organization, except for website-committee related repos, which are owned by the [https://git.csclub.uwaterloo.ca/www www] org.


== Usage ==
== Usage ==
Line 5: Line 5:


- raymo
- raymo

=== SSH keys ===
It is recommended to setup [https://git.csclub.uwaterloo.ca/user/settings/keys SSH keys] so that you do not have to enter your password each time you push to a repo. Once you have uploaded your public key, add the following to your ~/.ssh/config:
<pre>
Host csclub.uwaterloo.ca
HostName csclub.uwaterloo.ca
IdentityFile ~/.ssh/id_rsa
User git
</pre>
(Replace ~/.ssh/id_rsa by the location of your private SSH key.) Now you should be able to clone, push and pull over SSH.

== Continuous Integration ==
We are running a CI server at https://ci.csclub.uwaterloo.ca. It uses OAuth via Gitea for logins, so you need to have logged in to Gitea first. See https://docs.drone.io/ for documentation. All you have to do is create a .drone.yml file in your repo, then enable CI on the repo from the CSC Drone website. There is an example [https://git.csclub.uwaterloo.ca/merenber/drone-test here].


== Pushing and pulling from the filesystem ==
== Pushing and pulling from the filesystem ==
(for syscom only)
(for syscom only)
<br>
<br>
If you need to keep the ability to push/pull from the filesystem, in addition to Gitea, you will need to make sure that the repo directory is owned by a group in which you are a member, and is group-writable.
If you need to keep the ability to push/pull from the filesystem, in addition to Gitea, you will need to take the following steps.
In this example, we are migrating a repo called 'public/repo.git', which is a folder under /srv/git on caffeine (which is a symlink to /users/git).
For example, let's say we want to make sure that everyone in the syscom group can push to the a repo called 'keyring'.
The way we're doing this right now is kind of hacky, but it works:
The way we're doing this right now is kind of hacky, but it works:
<ol>
<ol>
<li>Change the name of the repo folder, e.g. <code>mv /srv/git/keyring.git /srv/git/keyring.git.bak</code></li>
<li>Clone the original repo locally: <code>git clone /srv/git/public/repo.git</code></li>
<li>Create a new repo with the name 'keyring' from the Gitea web UI. This should create a bare repository at <code>/srv/git/keyring</code>.</li>
<li>Delete the old repo (from phosphoric-acid, which has no_root_squash): <code>rm -rf /srv/git/public/repo.git</code></li>
<li>Create a new repo with the name 'repo' from the Gitea web UI. This should create a bare repository at <code>/srv/git/public/repo.git</code>. (Make sure you choose the 'public' org from the dropdown.)</li>
<li>
<li>
Push the original repo to the new remote:
Clone the keyring.git.bak repo to somewhere else (e.g. your homedir), add the Gitea URL as another remote, and push to the Gitea remote. e.g.
<pre>
<pre>
cd ~
cd repo
git remote add gitea https://git.csclub.uwaterloo.ca/public/repo.git
git clone /srv/git/keyring.git.bak
cd keyring.git.bak
git remote add gitea https://git.csclub.uwaterloo.ca/public/keyring.git
git push gitea master
git push gitea master
</pre>
</pre>
If there are any other branches, push them as well.
</li>
</li>
<li>
<li>
Remove any git gooks which require gitea:
Remove the new repo directory and replace it with the old one:
<pre>
<pre>
rm -rf /srv/git/keyring.git
rm $(grep -IRl gitea /srv/git/public/repo.git/hooks)
mv /srv/git/keyring.git.bak /srv/git/keyring.git
</pre>
</pre>
(It appears that it is necessary to push to Gitea at least once for later changes to show up.)
</li>
</li>
<li>
<li>
Change file permissions if necessary:
Change file permissions:
<pre>
<pre>
chown -R git:syscom /srv/git/keyring.git
chown -R git:git /srv/git/public/repo.git
chmod g+w /srv/git/keyring.git
chmod -R g+w /srv/git/public/repo.git
</pre>
</pre>
You will need to do this from phosphoric-acid (due to NFS root squashing).
You will need to do this from phosphoric-acid (due to NFS root squashing).
</li>
</li>
</ol>
</ol>
Note that the repo folder SHOULD be owned by git:git. Anything else will likely break Gitea. (If a user pushes something to the folder and their umask doesn't allow group members to read, for example, then Gitea will be unable to read the repo.)
After the steps above, you *should* be able to push to the keyring repo in three ways: Gitea via HTTPS, Gitea via SSH, and via the raw filesystem (i.e. <code>git clone /srv/git/keyring.git</code>). Furthermore, everyone in syscom should be able to push to it via the filesystem.
<br>
This means that only trusted users should be in the git group - ideally, only syscom members.

Revision as of 21:47, 7 December 2021

We have a gitea instance running off of caffeine. You can sign in via LDAP to the web interface. Projects used by CSC as a whole are owned by the public organization, except for website-committee related repos, which are owned by the www org.

Usage

"It's basically GitHub"

- raymo

SSH keys

It is recommended to setup SSH keys so that you do not have to enter your password each time you push to a repo. Once you have uploaded your public key, add the following to your ~/.ssh/config:

Host csclub.uwaterloo.ca
        HostName csclub.uwaterloo.ca
        IdentityFile ~/.ssh/id_rsa
        User git

(Replace ~/.ssh/id_rsa by the location of your private SSH key.) Now you should be able to clone, push and pull over SSH.

Continuous Integration

We are running a CI server at https://ci.csclub.uwaterloo.ca. It uses OAuth via Gitea for logins, so you need to have logged in to Gitea first. See https://docs.drone.io/ for documentation. All you have to do is create a .drone.yml file in your repo, then enable CI on the repo from the CSC Drone website. There is an example here.

Pushing and pulling from the filesystem

(for syscom only)
If you need to keep the ability to push/pull from the filesystem, in addition to Gitea, you will need to take the following steps. In this example, we are migrating a repo called 'public/repo.git', which is a folder under /srv/git on caffeine (which is a symlink to /users/git). The way we're doing this right now is kind of hacky, but it works:

  1. Clone the original repo locally: git clone /srv/git/public/repo.git
  2. Delete the old repo (from phosphoric-acid, which has no_root_squash): rm -rf /srv/git/public/repo.git
  3. Create a new repo with the name 'repo' from the Gitea web UI. This should create a bare repository at /srv/git/public/repo.git. (Make sure you choose the 'public' org from the dropdown.)
  4. Push the original repo to the new remote:
    cd repo
    git remote add gitea https://git.csclub.uwaterloo.ca/public/repo.git
    git push gitea master
    
  5. Remove any git gooks which require gitea:
    rm $(grep -IRl gitea /srv/git/public/repo.git/hooks)
    
  6. Change file permissions:
    chown -R git:git /srv/git/public/repo.git
    chmod -R g+w /srv/git/public/repo.git
    

    You will need to do this from phosphoric-acid (due to NFS root squashing).

Note that the repo folder SHOULD be owned by git:git. Anything else will likely break Gitea. (If a user pushes something to the folder and their umask doesn't allow group members to read, for example, then Gitea will be unable to read the repo.)
This means that only trusted users should be in the git group - ideally, only syscom members.