migrate database if app.ini found #5290
Conversation
Codecov Report
@@ Coverage Diff @@
## master #5290 +/- ##
=========================================
Coverage ? 37.83%
=========================================
Files ? 322
Lines ? 47489
Branches ? 0
=========================================
Hits ? 17968
Misses ? 26935
Partials ? 2586Continue to review full report at Codecov.
|
bkcsoft
added
the
lgtm/need 2
| chmod 644 /data/gitea/conf/app.ini | ||
| chown -R 1000:1000 /data/git /data/gitea | ||
| su - git -c gitea migrate -c /data/gitea/conf/app.ini | ||
| fi |
There was a problem hiding this comment.
Please use ${USER}, ${USER_UID}, and ${USER_GID} variables instead of hardcoding them.
There was a problem hiding this comment.
${USER_UID}, ${USER_GID}, $UID and $GID are undefined, i'll use $USER:$USER is that ok ?
There was a problem hiding this comment.
I see these variables (USER_UID and USER_GID) should be defined by default to 1000 if not specified by the docker-compose environment key, and they're not defined in my docker-compose.
So I don't understand why they are undefined, i've echoed them in the entrypoint and only USER was defined. Using $USER:$USER in the chown may create problems if a developer defines the USER_UID and USER_GID in their env.
There was a problem hiding this comment.
The original entry point script just checks for the variables and if they're there does something. That's why they're undefined.
You may have to adjust it to define the variables if they're not there or empty.
if [ -z "${USER_GID}" ]; then
USER_GID="`id -g ${USER}`"
fiAnd similarly for UID. Otherwise I'd be suspicious that the chown could choose the wrong UID and GID in cases were they were set explicitly - but I'd happily defer to more expert opinion on this.
bkcsoft
added
lgtm/need 1
bkcsoft
added
lgtm/done
| @@ -22,6 +30,13 @@ for FOLDER in /data/gitea/conf /data/gitea/log /data/git /data/ssh; do | |||
| mkdir -p ${FOLDER} | |||
| done | |||
|
|
|||
| if [ -f /data/gitea/conf/app.ini ]; then | |||
| echo "Found app.ini config file, migrating database" | |||
| chmod 644 /data/gitea/conf/app.ini | |||
There was a problem hiding this comment.
This will allow anyone with access to the server to read the app.ini, exposing any credentials (database, metrics, smtp).
There was a problem hiding this comment.
Hmm... I guess you're right. I guess this should be 600. In some ways this is not so bad because this for docker - you shouldn't have other users on it in any case, that's not the docker way.
There was a problem hiding this comment.
Is there any reason to change the file permissions?
There was a problem hiding this comment.
Possibly not. If you've not set the INSTALL_LOCK setting in your app.ini and you've got the wrong mode then you won't be able to use /install. However I guess we shouldn't be being preventing people from shooting themselves in the foot like that. Pop a PR on if you're able otherwise I can when I'm next at a dev box. @techknowlogick do you agree that perhaps we shouldn't changing the mode here?
There was a problem hiding this comment.
@pciavald What was your reasoning for changing the mode?
|
@techknowlogick I think unfortunately there may still be problems with this. The correct place for automigration is likely within the gitea script within the s6 folder. That would require a little refactoring of that to make it work. However a simple improvement is that we should change the migrate line to: as per my comment: Then this will more closely match how docker starts Gitea so if people have used relative paths etc in their app.ini we're not affected by these. I won't have a chance to write a pr for this for several days so if you can or get a friendly minion please do. |
Hi,
For my installation of gitea, I needed unattended initial config. @techknowlogick told me on Discord that it could be done using then new migrate command,
gitea migrate -c /data/gitea/conf/app.ini.I've added in the Docker entrypoint:
/data/gitea/conf/app.iniexistsIt works correctly on my machine, in my docker-compose the data volume is mapped with only the config file and the platform auto-inits. However I can see in the logs this error which does not affect behaviour: