From dcb57af6f7cc49401bd70a9c80ef59b96197291c Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Sun, 20 Jul 2025 18:14:20 +0200
Subject: [PATCH] Implemented gitea database patch

---
 roles/web-app-gitea/tasks/01_database.yml     | 30 +++++++++++++++++++
 .../tasks/{setup.yml => 02_setup.yml}         |  0
 .../tasks/{cleanup.yml => 03_cleanup.yml}     |  0
 roles/web-app-gitea/tasks/cleanup/ldap.yml    |  6 ++--
 roles/web-app-gitea/tasks/cleanup/oidc.yml    |  6 ++--
 roles/web-app-gitea/tasks/main.yml            | 15 +++++-----
 roles/web-app-gitea/tasks/setup/ldap.yml      |  9 ++----
 roles/web-app-gitea/tasks/setup/oidc.yml      |  9 ++----
 .../templates/docker-compose.yml.j2           |  2 +-
 roles/web-app-gitea/vars/main.yml             | 14 +++++----
 10 files changed, 58 insertions(+), 33 deletions(-)
 create mode 100644 roles/web-app-gitea/tasks/01_database.yml
 rename roles/web-app-gitea/tasks/{setup.yml => 02_setup.yml} (100%)
 rename roles/web-app-gitea/tasks/{cleanup.yml => 03_cleanup.yml} (100%)

diff --git a/roles/web-app-gitea/tasks/01_database.yml b/roles/web-app-gitea/tasks/01_database.yml
new file mode 100644
index 00000000..ad538dd8
--- /dev/null
+++ b/roles/web-app-gitea/tasks/01_database.yml
@@ -0,0 +1,30 @@
+---
+- name: Flush handlers to ensure Gitea is up before DB patch
+  meta: flush_handlers
+
+- name: Patch Gitea DB host in app.ini
+  command: >
+    docker exec -i --user {{ gitea_user }} {{ gitea_container }}
+    sed -ri "s|^(HOST\s*=\s*).*$|\1{{ database_host }}:{{ database_port }}|" {{ gitea_config }}
+  notify: docker compose up
+
+- name: Patch Gitea DB name in app.ini
+  command: >
+    docker exec -i --user {{ gitea_user }} {{ gitea_container }}
+    sed -ri "s|^(NAME\s*=\s*).*$|\1{{ database_name }}|" {{ gitea_config }}
+  notify: docker compose up
+
+- name: Patch Gitea DB user in app.ini
+  command: >
+    docker exec -i --user {{ gitea_user }} {{ gitea_container }}
+    sed -ri "s|^(USER\s*=\s*).*$|\1{{ database_username }}|" {{ gitea_config }}
+  notify: docker compose up
+
+- name: Patch Gitea DB password in app.ini
+  command: >
+    docker exec -i --user {{ gitea_user }} {{ gitea_container }}
+    sed -ri "s|^(PASSWD\s*=\s*).*$|\1{{ database_password }}|" {{ gitea_config }}
+  notify: docker compose up
+
+- name: "Flush database patches"
+  meta: flush_handlers
\ No newline at end of file
diff --git a/roles/web-app-gitea/tasks/setup.yml b/roles/web-app-gitea/tasks/02_setup.yml
similarity index 100%
rename from roles/web-app-gitea/tasks/setup.yml
rename to roles/web-app-gitea/tasks/02_setup.yml
diff --git a/roles/web-app-gitea/tasks/cleanup.yml b/roles/web-app-gitea/tasks/03_cleanup.yml
similarity index 100%
rename from roles/web-app-gitea/tasks/cleanup.yml
rename to roles/web-app-gitea/tasks/03_cleanup.yml
diff --git a/roles/web-app-gitea/tasks/cleanup/ldap.yml b/roles/web-app-gitea/tasks/cleanup/ldap.yml
index a64d4467..581e539e 100644
--- a/roles/web-app-gitea/tasks/cleanup/ldap.yml
+++ b/roles/web-app-gitea/tasks/cleanup/ldap.yml
@@ -1,7 +1,6 @@
 - name: "Lookup existing LDAP auth source ID"
   shell: |
-    docker-compose -f "{{ docker_compose.directories.instance }}/docker-compose.yml" \
-      exec -T --user git application \
+    docker exec -i --user {{ gitea_user }} {{ gitea_container }} \
       gitea admin auth list \
       | awk -v name="LDAP ({{ primary_domain }})" '$0 ~ name {print $1; exit}'
   args:
@@ -12,8 +11,7 @@
 
 - name: "Delete existing LDAP auth source if present"
   shell: |
-    docker-compose -f "{{ docker_compose.directories.instance }}/docker-compose.yml" \
-      exec -T --user git application \
+    docker exec -i --user {{ gitea_user }} {{ gitea_container }} \
       gitea admin auth delete --id {{ ldap_source_id_raw.stdout }}
   args:
     chdir: "{{ docker_compose.directories.instance }}"
diff --git a/roles/web-app-gitea/tasks/cleanup/oidc.yml b/roles/web-app-gitea/tasks/cleanup/oidc.yml
index 47e0e073..7af308ba 100644
--- a/roles/web-app-gitea/tasks/cleanup/oidc.yml
+++ b/roles/web-app-gitea/tasks/cleanup/oidc.yml
@@ -1,8 +1,7 @@
 
 - name: "Lookup existing OIDC auth source ID"
   shell: |
-    docker-compose -f "{{ docker_compose.directories.instance }}/docker-compose.yml" \
-      exec -T --user git application \
+    docker exec -i --user {{ gitea_user }} {{ gitea_container }} \
       gitea admin auth list \
       | awk -v name="{{ oidc.button_text }}" '$0 ~ name {print $1; exit}'
   args:
@@ -13,8 +12,7 @@
 
 - name: "Delete existing OIDC auth source if present"
   shell: |
-    docker-compose -f "{{ docker_compose.directories.instance }}/docker-compose.yml" \
-      exec -T --user git application \
+    docker exec -i --user {{ gitea_user }} {{ gitea_container }} \
       gitea admin auth delete --id {{ oidc_source_id_raw.stdout }}
   args:
     chdir: "{{ docker_compose.directories.instance }}"
diff --git a/roles/web-app-gitea/tasks/main.yml b/roles/web-app-gitea/tasks/main.yml
index 80b0f4a2..3cb114bf 100644
--- a/roles/web-app-gitea/tasks/main.yml
+++ b/roles/web-app-gitea/tasks/main.yml
@@ -10,10 +10,12 @@
     delay: 5
     timeout: 300
 
+- name: Patch Gitea database settings in app.ini
+  include_tasks: 01_database.yml
+
 - name: "Run DB migrations inside Gitea container"
   shell: |
-    docker-compose -f "{{ docker_compose.directories.instance }}/docker-compose.yml" \
-      exec -T --user git application \
+    docker exec -i --user {{ gitea_user }} {{ gitea_container }} \
       /app/gitea/gitea migrate
   args:
     chdir: "{{ docker_compose.directories.instance }}"
@@ -22,14 +24,13 @@
 
 - name: "Create initial admin user"
   shell: |
-    docker-compose -f "{{ docker_compose.directories.instance }}/docker-compose.yml" \
-      exec -T --user git application \
+    docker exec -i --user {{ gitea_user }} {{ gitea_container }} \
       /app/gitea/gitea admin user create \
         --admin \
         --username "{{ users.administrator.username }}" \
         --password "{{ users.administrator.password }}" \
         --email    "{{ users.administrator.email }}" \
-        -c /data/gitea/conf/app.ini
+        -c {{ gitea_config }}
   args:
     chdir: "{{ docker_compose.directories.instance }}"
   register: create_admin
@@ -49,10 +50,10 @@
   when: applications | get_app_conf(application_id, 'features.oidc', False) or applications | get_app_conf(application_id, 'features.ldap', False)
 
 - name: Execute Setup Routines
-  include_tasks: setup.yml
+  include_tasks: 02_setup.yml
 
 - name: Execute Cleanup Routines
-  include_tasks: cleanup.yml 
+  include_tasks: 03_cleanup.yml 
   when: mode_cleanup
 
 - name: Include DNS role to register Gitea domain(s)
diff --git a/roles/web-app-gitea/tasks/setup/ldap.yml b/roles/web-app-gitea/tasks/setup/ldap.yml
index d4fc95f2..093d8455 100644
--- a/roles/web-app-gitea/tasks/setup/ldap.yml
+++ b/roles/web-app-gitea/tasks/setup/ldap.yml
@@ -1,7 +1,6 @@
 - name: "Add LDAP Authentication Source"
   shell: |
-    docker-compose -f "{{ docker_compose.directories.instance }}/docker-compose.yml" \
-      exec -T --user git application \
+    docker exec -i --user {{ gitea_user }} {{ gitea_container }} \
       gitea admin auth add-ldap \
       {{ gitea_ldap_auth_args | join(' ') }}
   args:
@@ -11,8 +10,7 @@
 
 - name: "Lookup existing LDAP auth source ID"
   shell: |
-    docker-compose -f "{{ docker_compose.directories.instance }}/docker-compose.yml" \
-      exec -T --user git application \
+    docker exec -i --user {{ gitea_user }} {{ gitea_container }} \
       gitea admin auth list \
       | tail -n +2 \
       | grep -F "LDAP ({{ primary_domain }})" \
@@ -31,8 +29,7 @@
 
 - name: "Update LDAP Authentication Source"
   shell: |
-    docker-compose -f "{{ docker_compose.directories.instance }}/docker-compose.yml" \
-      exec -T --user git application \
+    docker exec -i --user {{ gitea_user }} {{ gitea_container }} \
       gitea admin auth update-ldap \
       --id {{ ldap_source_id }} \
       {{ gitea_ldap_auth_args | join(' ') }}
diff --git a/roles/web-app-gitea/tasks/setup/oidc.yml b/roles/web-app-gitea/tasks/setup/oidc.yml
index c4546f42..55513d37 100644
--- a/roles/web-app-gitea/tasks/setup/oidc.yml
+++ b/roles/web-app-gitea/tasks/setup/oidc.yml
@@ -1,7 +1,6 @@
 - name: "Add Keycloak OIDC Provider"
   shell: |
-    docker-compose -f "{{ docker_compose.directories.instance }}/docker-compose.yml" \
-      exec -T --user git application \
+    docker exec -i --user {{ gitea_user }} {{ gitea_container }} \
       gitea admin auth add-oauth \
         --provider openidConnect \
         --name     "{{ oidc.button_text }}" \
@@ -16,8 +15,7 @@
 
 - name: "Lookup existing Keycloak auth source ID"
   shell: |
-    docker-compose -f "{{ docker_compose.directories.instance }}/docker-compose.yml" \
-      exec -T --user git application \
+    docker exec -i --user {{ gitea_user }} {{ gitea_container }} \
       /app/gitea/gitea admin auth list \
       | tail -n +2 \
       | grep -F "{{ oidc.button_text }}" \
@@ -36,8 +34,7 @@
 
 - name: "Update Keycloak OIDC Provider"
   shell: |
-    docker-compose -f "{{ docker_compose.directories.instance }}/docker-compose.yml" \
-      exec -T --user git application \
+    docker exec -i --user {{ gitea_user }} {{ gitea_container }} \
       gitea admin auth update-oauth \
         --id {{ oidc_source_id }}\
         --provider openidConnect \
diff --git a/roles/web-app-gitea/templates/docker-compose.yml.j2 b/roles/web-app-gitea/templates/docker-compose.yml.j2
index d6b5d740..1c4d12cd 100644
--- a/roles/web-app-gitea/templates/docker-compose.yml.j2
+++ b/roles/web-app-gitea/templates/docker-compose.yml.j2
@@ -3,7 +3,7 @@
   application:
 {% include 'roles/docker-container/templates/base.yml.j2' %}
     image: "{{ gitea_image }}:{{ gitea_version }}"
-    name:  "{{ gitea_name }}"
+    container_name:  "{{ gitea_container }}"
     ports:
       - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
       - "{{ports.public.ssh[application_id]}}:22"
diff --git a/roles/web-app-gitea/vars/main.yml b/roles/web-app-gitea/vars/main.yml
index 563a2219..562f7d60 100644
--- a/roles/web-app-gitea/vars/main.yml
+++ b/roles/web-app-gitea/vars/main.yml
@@ -15,9 +15,13 @@ gitea_ldap_auth_args:
   - '--email-attribute "{{ ldap.user.attributes.mail }}"'
   - '--public-ssh-key-attribute "{{ ldap.user.attributes.ssh_public_key }}"'
   - '--synchronize-users'
-gitea_version:   "{{ applications | get_app_conf(application_id, 'docker.services.gitea.version', True) }}"
-gitea_image:     "{{ applications | get_app_conf(application_id, 'docker.services.gitea.image', True) }}"
-gitea_name:      "{{ applications | get_app_conf(application_id, 'docker.services.gitea.name', True) }}"
-gitea_volume:    "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
+gitea_version:    "{{ applications | get_app_conf(application_id, 'docker.services.gitea.version', True) }}"
+gitea_image:      "{{ applications | get_app_conf(application_id, 'docker.services.gitea.image', True) }}"
+gitea_container:  "{{ applications | get_app_conf(application_id, 'docker.services.gitea.name', True) }}"
+gitea_volume:     "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
+gitea_user:       "git"
+gitea_config:     "/data/gitea/conf/app.ini"
 
-container_port:  "{{ applications | get_app_conf(application_id, 'docker.services.gitea.port', True) }}"
\ No newline at end of file
+container_port:  "{{ applications | get_app_conf(application_id, 'docker.services.gitea.port', True) }}"
+
+docker_compose_flush_handlers:          true
\ No newline at end of file