WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
36,533 Commits 9 Branches 0 Tags
4430178b29f481dde2b69b115fec9d9452b1f8d0
Commit Graph

729 Commits

Author SHA1 Message Date
Sundeep Anand
88a5027744 Update roles/distgit/pagure/templates/pagure.cfg 
Add Transtats link to CSP_HEADERS for Translation Status button to work.
 2021-11-19 00:45:56 +00:00
Michal Konečný
98ea6b11fc distgit: Add pull_request_close ACL 
Currently it's not possible to create token with pull_request_close ACL
for user (see https://pagure.io/pagure-dist-git/issue/144).

This commit will allow users to add pull_request_close ACL to their
token. The user is still validated if it has the permission, so adding
this ACL to user token doesn't allow user to use API to close any PR
currently opened in dist-git.

Thanks @pingou for helping me with this.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-08-11 15:22:42 +02:00
Lenka Segura
d654d59f3a Change FAS link from admin.fp.o to accounts.fp.o 2021-08-04 14:19:45 +00:00
Mattia Verga
15f3dea6a1 Use bugzilla.stage instance after partner-bugzilla shutdown 
Signed-off-by: Mattia Verga <mattia.verga@protonmail.com>
 2021-07-31 17:08:49 +00:00
Ryan Lerch
e8ceea85f1 distgit/pagure: change GIT_URL_SSH to use username 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2021-06-22 22:03:28 +10:00
Ryan Lerch
39b3f92abc distgit/pagure: remove the commit ACL for API keys in stg 
This was removed in prod in d0a8837 but left around in stg for
testing purposes. However, it is suspected that this was causing
users to not be able to push to forks in distgit, so removing.

https://pagure.io/fedora-infrastructure/issue/10045

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2021-06-22 19:32:58 +10:00
Pierre-Yves Chibon
6906744f61 distgit/pagure: Specify the url to oraculum in the config 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-05-04 11:53:21 +02:00
Pierre-Yves Chibon
292c0baf78 distgit: adjust the way we override the branches when querying PDC 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-04-06 14:04:16 +02:00
Pierre-Yves Chibon
2b46c6a7fb basessh/distgit: adjust the way ssh is configured for distgit 
Basically, we are now installing a small wrapper in /usr/local/bin
which just echoes to stdout what should be in the authorized_keys
file for that user.
That content is generated by retrieving the ssh key from sssd via
the command sss_ssh_authorizedkeys as well as the usual ssh way to
restrict the action an user/key can do: command="...".
In this case, we're setting a couple of environment variable that
are needed later on for things to work properly as well as only
allow the user to call the aclchecker.py script provided by pagure.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-04-03 21:16:51 +02:00
Pierre-Yves Chibon
00804542f3 Revert "basessh/distgit: adjust the way ssh is configured for distgit" 
This is still being reviewed and wasn't meant to be pushed out yet

This reverts commit 67844b4504.
 2021-04-03 19:10:54 +02:00
Pierre-Yves Chibon
67844b4504 basessh/distgit: adjust the way ssh is configured for distgit 
Basically, we are now installing a small wrapper in /usr/local/bin
which just echoes to stdout what should be in the authorized_keys
file for that user.
That content is generated by retrieving the ssh key from sssd via
the command sss_ssh_authorizedkeys as well as the usual ssh way to
restrict the action an user/key can do: command="...".
In this case, we're setting a couple of environment variable that
are needed later on for things to work properly as well as only
allow the user to call the aclchecker.py script provided by pagure.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-04-03 19:01:38 +02:00
Pierre-Yves Chibon
9d4f6c7620 distgit/pagure: disable the hook to block un-signed commits 
Relates to https://pagure.io/fedora-infrastructure/issue/9793

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-29 14:50:51 +02:00
Pierre-Yves Chibon
74b32a1768 distgit/pagure: fix thee if/else/endif block 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-02 11:18:29 +01:00
Pierre-Yves Chibon
5d83949656 distgit/pagure: Turn off username lookup in dist-git 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-02 11:16:06 +01:00
Pierre-Yves Chibon
8b39d13364 pagure/dist-git: Adjust the IP list allowed on the internal endpoint - again 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-01 17:26:47 +01:00
Pierre-Yves Chibon
caa8b7054a pagure/dist-git: Adjust the IP list allowed on the internal endpoint 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-01 17:02:50 +01:00
Pierre-Yves Chibon
40bfa1604b distgit/pagure: Let pagure to manage ssh keys in stg 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-01 16:36:20 +01:00
Pierre-Yves Chibon
0d1d2aace5 distgit/pagure: create the git user and add it to the packager group 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-01 16:25:10 +01:00
Pierre-Yves Chibon
ac2c21ca4a distgit/pagure: in stg we'll use the git user now 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-01 16:17:57 +01:00
Pierre-Yves Chibon
218d692b85 dist-git/pagure: configure pagure to allow access via a single git user for everyone 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-01 13:21:25 +01:00
Pierre-Yves Chibon
d0a8837c07 distgit/pagure: remove the commit ACL for API keys in prod 
This ACL turns out to be too confusing to users as it currently
does not work with our OIDC set-up with fedpkg.
Once we'll have figured out how to make both work together or
keep one and remove the other, we can revisit.

Keeping this in staging so we have a place where we can experiment
with this.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-18 09:26:48 +01:00
Pierre-Yves Chibon
b2b6bc8bcb distgit/pagure: make the short commit be 7 chars 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-15 14:59:27 +01:00
Pierre-Yves Chibon
7868dcfa81 distgit/pagure: add a hotfix tag where we fix the /var/log/pagure folder 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-12 09:52:00 +01:00
Pierre-Yves Chibon
dfc2844214 distgit/pagure: redirect users viewing files in the old default branch to the new default one 
Fixes https://pagure.io/fedora-infrastructure/issue/9620

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-10 17:58:53 +01:00
Mohan Boddu
f6d75dfca0 Mass branching, move from master to rawhide 
Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
 2021-02-09 11:20:12 -05:00
Neal Gompa
ff0a3beaff roles/distgit/pagure: Enable 'commit' ACL for API tokens 
This permits users to create API tokens that have the ability to
commit to repositories through HTTPS. This is especially useful for
non-packagers that are trying to contribute through pull requests,
because they lack the normal packager SSH permissions.

Signed-off-by: Neal Gompa <ngompa13@gmail.com>
 2021-02-04 08:35:19 +00:00
Pierre-Yves Chibon
f7f8f965c8 distgit/pagure: tell pagure-dist-git that main == rawhide 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-03 20:40:27 +01:00
Pierre-Yves Chibon
c625bdc1a7 distgit/pagure:Prevent creating main or rawhide without having it in PDC 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-03 14:31:33 +01:00
Pierre-Yves Chibon
caa56c98bb distgit/pagure: block pushing to master 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-03 14:12:47 +01:00
Pierre-Yves Chibon
05caa9f461 distgit/pagure: simplify RCM_BRANCHES and adjust the list of branches blocked 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-02 17:08:41 +01:00
Pierre-Yves Chibon
8850720c2e distgit/pagure: send the logs to stderr instead of stdout 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-20 23:08:04 +01:00
Kevin Fenzi
0741be6d2a pagure / pkgs: drop provenpackager excludes on firefox, thunderbird, xulrunner 
See https://pagure.io/fedora-infrastructure/issue/9557
Basically we don't need to block commits here anymore,
maintainers are confident they can prevent anything going out that
causes problems for the firefox name. Additionally, xulrunner was
retired a long time ago.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-15 13:40:45 -08:00
Kevin Fenzi
5927f7b321 distgit / hooks: only tweak perms on batcave hooks perms 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-15 11:39:26 -08:00
Pierre-Yves Chibon
b0fc7a8200 distgit/pagure: show 7 characters when showing the short hash of commits 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-14 13:34:09 +01:00
Pierre-Yves Chibon
3960dd182f distgit/pagure: make 'rawhide' be the default branch created when a repo is created 
This will only take effect once pagure 5.12+ is deployed

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-11 17:35:55 +01:00
Pierre-Yves Chibon
998c84baaa dist-git: add missing type 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 17:26:26 +01:00
Pierre-Yves Chibon
872090ee54 dist-git: some more selinux policy changes 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 17:24:55 +01:00
Pierre-Yves Chibon
d503f374db distgit: some more selinux policy update 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 16:51:51 +01:00
Pierre-Yves Chibon
3351fbd3b4 drop run_once when install selinux policies 
Otherwise the policy doesn't get installed everywhere...

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 16:48:42 +01:00
Pierre-Yves Chibon
74890814a1 distgit: adjust the selinux policy a little more 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 16:48:30 +01:00
Pierre-Yves Chibon
be1c8bcb45 distgit: keep working on the http_policy 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 15:56:37 +01:00
Pierre-Yves Chibon
f3a1c52522 distgit: ad missing instruction in the http_policy 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 15:53:18 +01:00
Pierre-Yves Chibon
f580d72f24 distgit: add the missing headers in the http_policy policy 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 15:49:30 +01:00
Pierre-Yves Chibon
1df7a7c0d3 distgit: add a selinux tag 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 15:38:09 +01:00
Pierre-Yves Chibon
1ef758c408 distgit: install another custom selinux policy 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 15:35:33 +01:00
Pierre-Yves Chibon
3f03400dac distgit: drop pagure related selinux config since it's now handled in the pagure role 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 17:27:27 +01:00
Pierre-Yves Chibon
a7e2a97fad distgit: drop selinux config from the distgit role as it is now in pagure role 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 17:24:18 +01:00
Pierre-Yves Chibon
0b3a2cc4a8 distgit/pagure: use symlink instead of complicated paths 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 15:58:58 +01:00
Pierre-Yves Chibon
618cbde6cc distgit/pagure: make the selinux files available to the distgit/pagure role 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 15:55:14 +01:00
Pierre-Yves Chibon
8890fb10a9 distgit/pagure: add missing '/' 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 15:50:20 +01:00