We'll override logging.conf with logging.test.conf for debug logging
needed for tests now, so we can rely on the default logging.conf
for production use.
Signed-off-by: Kevin Morris <kevr@0cost.org>
- On non-localhost communication, this whitelists forwarded headers
on all remote ips
- Add more headers
- Force https X-Forwarded-Proto
- Unset Forwarded header and rely on X-Forwarded-*
Signed-off-by: Kevin Morris <kevr@0cost.org>
When the Docker image is outdated, we need to fetch updated
archlinux-keyring keys to perform an -Syu without problems.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Without this rewriting, we've been running into conversing with
HTTP over HTTPS (400 Bad Request).
TODO: Refactor this entire nginx config to something a bit more
simple and clean.
Signed-off-by: Kevin Morris <kevr@0cost.org>
We don't need the https certificates being dealt with in the fastapi
service; we will define our certificates in any frontend nginx
running on top.
Signed-off-by: Kevin Morris <kevr@0cost.org>
`install` includes dependencies present in poetry.lock
and we must stick to them if we wish to pin dependencies.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Centralize database setup there and remove all copying of
config.dev from the entrypoint scripts (the Dockerfile
now does it).
Signed-off-by: Kevin Morris <kevr@0cost.org>
For the `git` service, ./data is always used to provide an
optional overriding of ssh host keys. In aur-dev production
containers, most services which use the data mount use an
internal Docker `data` volume instead.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This only deals with .gz files in the root of the request_uri
and now more. That is: /packages.gz goes through the nginx regex,
but now /cgit/.../snapshot/package.tar.gz is served by the cgit
block.
Signed-off-by: Kevin Morris <kevr@0cost.org>
There is a new ./data bind mount used here. If ssh_host_* keys are
in ./data when the git service starts, they'll override the
container-generated host keys.
Signed-off-by: Kevin Morris <kevr@0cost.org>
A user that can create databases is now required for tests,
we use the 'root' user in Docker.
Added docker services:
---------------------
- mariadb_test - host localhost:13307
Signed-off-by: Kevin Morris <kevr@0cost.org>
Normally, these scripts are used to update official providers
in the aurweb database along with archives that can be retrieved.
Run both of these scripts in a 5 minute cron job, to both reflect
the live instance database and production load.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Previously, we restricted this to gunicorn to get it working on aur-dev.
This change makes it usable through any backend, and also no-op if
PROMETHEUS_MULTIPROC_DIR is not defined.
Signed-off-by: Kevin Morris <kevr@0cost.org>
The previous method was super bad. Even if a variable was declared,
if it was empty, we would run into a false-positive. Additionally,
the previous method did not allow us to not specify the COMMIT_HASH
variable; which is problematic for development environments.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Previously CGIT_CLONE_PREFIX_(PHP|FASTAPI), we found that we could
use the same env var in multiple places, including non-cgit-clone-prefix
areas.
So, they were renamed, and one additional prefix was added.
- CGIT_CLONE_PREFIX_PHP -> AURWEB_PHP_PREFIX
- Used for cgit's clone prefix and AUR_CONFIG's aur_location for PHP
- CGIT_CLONE_PREFIX_FASTAPI -> AURWEB_FASTAPI_PREFIX
- Used for cgit's clone prefix and AUR_CONFIG's aur_location for FastAPI
- AURWEB_SSHD_PREFIX
- Used for aurweb's sshd clone prefix shown on package pages
Signed-off-by: Kevin Morris <kevr@0cost.org>
Additionally, clone-prefix is now configurable via environment variables:
- CGIT_CLONE_PREFIX_PHP
- CGIT_CLONE_PREFIX_FASTAPI
These vars can be used by production to customize the clone prefix.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Supply FASTAPI_BACKEND=gunicorn and FASTAPI_WORKERS=<threads_num> to
docker-compose up to use the gunicorn backend.
This is defaulted in production to gunicorn, but FASTAPI_WORKERS
should definitely be configured by any production deployment.
Signed-off-by: Kevin Morris <kevr@0cost.org>
In some cases, when tests fail through Docker, the database
ends up in an invalid state. This causes subsequent runs to
error out with non-sensical DB errors. The `test_initdb.py`
test suite runs tests which setup every modifiable table
in the database, so let's just run it first here to avoid
any invalid test DB state.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit adds a new Arch dependency: `libeatmydata`, which
provides the `eatmydata` executable that stubs out fsync() operations.
We use `eatmydata` to run our sharness and pytests in Docker now.
With `autocommit=True`, required by SQLAlchemy to keep the
session up to date with external DB modifications, many fsync
calls are used in the SQLite backend; especially because we're wiping
and creating records in every DB-bound test.
**Before:**
- mysql: 1m42s (elapsed during pytest run)
- sqlite: 3m06s (elapsed during pytest run)
**After:**
- mysql: 1m40s (elapsed during pytest run)
- sqlite: 1m50s (elapsed during pytest run)
Shout out to @klausenbusk, who suggested this as a possible fix,
and it was. Thanks, Kristian!
Closes#120
Signed-off-by: Kevin Morris <kevr@0cost.org>
Now, when a `./cache/production.{cert,key}.pem` pair is found, it is
used in place of any certificates generated by the `ca` service.
This allows users to customize the certificate that the FastAPI
ASGI server uses as well as the front-end nginx certificates.
Optional:
- ./cache/production.cert.pem
- ./cache/production.key.pem
Fallback:
- ./cache/localhost.cert.pem + ./cache/root.ca.pem (chain)
- ./cache/localhost.key.pem
Signed-off-by: Kevin Morris <kevr@0cost.org>
