ilot/codeberg-pages-server: new aport

backports/forgejo-runner/APKBUILD

@@ -0,0 +1,47 @@
+# Contributor: Patrycja Rosa <alpine@ptrcnull.me>
+# Maintainer: Patrycja Rosa <alpine@ptrcnull.me>
+pkgname=forgejo-runner
+pkgver=3.5.0
+pkgrel=2
+pkgdesc="CI/CD job runner for Forgejo"
+url="https://code.forgejo.org/forgejo/runner"
+arch="all"
+license="MIT"
+makedepends="go"
+install="$pkgname.pre-install $pkgname.pre-upgrade"
+subpackages="$pkgname-openrc"
+source="$pkgname-$pkgver.tar.gz::https://code.forgejo.org/forgejo/runner/archive/v$pkgver.tar.gz
+
+	forgejo-runner.logrotate
+	forgejo-runner.initd
+	forgejo-runner.confd
+	"
+builddir="$srcdir/runner"
+options="!check" # tests require running forgejo
+
+build() {
+	go build \
+		-o forgejo-runner \
+		-ldflags "-X gitea.com/gitea/act_runner/internal/pkg/ver.version=$pkgver"
+	./forgejo-runner generate-config > config.example.yaml
+}
+
+check() {
+	go test ./...
+}
+
+package() {
+	install -Dm755 forgejo-runner -t "$pkgdir"/usr/bin/
+	install -Dm644 config.example.yaml -t "$pkgdir"/etc/forgejo-runner/
+
+	install -Dm755 "$srcdir"/forgejo-runner.initd "$pkgdir"/etc/init.d/forgejo-runner
+	install -Dm644 "$srcdir"/forgejo-runner.confd "$pkgdir"/etc/conf.d/forgejo-runner
+	install -Dm644 "$srcdir"/forgejo-runner.logrotate "$pkgdir"/etc/logrotate.d/forgejo-runner
+}
+
+sha512sums="
+e78968a5f9b6e797fb759a5c8cbf46a5c2fef2083dabc88599c9017729faface963576c63a948b0add424cb267902e864fb1a1b619202660296976d93e670713  forgejo-runner-3.5.0.tar.gz
+a3c7238b0c63053325d31e09277edd88690ef5260854517f82d9042d6173fb5d24ebfe36e1d7363673dd8801972638a6e69b6af8ad43debb6057515c73655236  forgejo-runner.logrotate
+bb0c6fbe90109c77f9ef9cb0d35d20b8033be0e4b7a60839b596aa5528dfa24309ec894d8c04066bf8fb30143e63a5fd8cc6fc89aac364422b583e0f840e2da6  forgejo-runner.initd
+e11eab27f88f1181112389befa7de3aa0bac7c26841861918707ede53335535425c805e6682e25704e9c8a6aecba3dc13e20900a99df1183762b012b62f26d5f  forgejo-runner.confd
+"

backports/forgejo-runner/forgejo-runner.confd

@@ -0,0 +1,17 @@
+# Configuration for /etc/init.d/forgejo-runner
+
+# Path to the config file (--config).
+#cfgfile="/etc/forgejo-runner/config.yaml"
+
+# Path to the working directory (--working-directory).
+#datadir="/var/lib/forgejo-runner"
+
+# Path to the log file where stdout/stderr will be redirected.
+# Leave empty/commented out to use syslog instead.
+#output_log="/var/log/forgejo-runner.log"
+
+# You may change this to root, e.g. to run jobs in LXC
+#command_user="forgejo-runner"
+
+# Comment out to run without process supervisor.
+supervisor=supervise-daemon

backports/forgejo-runner/forgejo-runner.initd

@@ -0,0 +1,38 @@
+#!/sbin/openrc-run
+
+description="Forgejo CI Runner"
+name="Forgejo Runner"
+
+: ${cfgfile:="/etc/forgejo-runner/config.yaml"}
+: ${datadir:="/var/lib/forgejo-runner"}
+: ${command_user:="forgejo-runner"}
+
+command="/usr/bin/forgejo-runner"
+command_args="daemon --config $cfgfile"
+command_background="yes"
+directory="$datadir"
+pidfile="/run/$RC_SVCNAME.pid"
+
+depend() {
+	need net
+	use dns logger
+}
+
+start_pre() {
+	checkpath -d -o "$command_user" /etc/forgejo-runner
+	checkpath -d -o "$command_user" "$datadir"
+
+	if ! [ -e "$cfgfile" ]; then
+		eerror "Config file $cfgfile doesn't exist."
+		eerror "You can generate it with: forgejo-runner generate-config,"
+		eerror "or use the auto-generated one in /etc/forgejo-runner/config.example.yaml"
+		return 1
+	fi
+
+	if [ "$error_log" ]; then
+		output_log="$error_log"
+	else
+		output_logger="logger -t '${RC_SVCNAME}' -p daemon.info"
+		error_logger="logger -t '${RC_SVCNAME}' -p daemon.error"
+	fi
+}

backports/forgejo-runner/forgejo-runner.logrotate

@@ -0,0 +1,5 @@
+/var/log/forgejo-runner.log {
+	copytruncate
+	missingok
+	notifempty
+}

backports/forgejo-runner/forgejo-runner.pre-install

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+addgroup -S forgejo-runner 2>/dev/null
+adduser -S -D -H -h /var/lib/forgejo-runner -s /sbin/nologin -G forgejo-runner -g forgejo-runner forgejo-runner 2>/dev/null
+
+cat >&2 <<EOF
+* In order to setup the runner, create a config file
+* in /etc/forgejo-runner/config.yaml (either from .example.yaml,
+* or generating your own with 'forgejo-runner generate-config'),
+* then register it with 'doas -u forgejo-runner forgejo-runner register'
+* ran in the /var/lib/forgejo-runner directory.
+EOF
+
+exit 0

backports/forgejo-runner/forgejo-runner.pre-upgrade

@@ -0,0 +1 @@
+forgejo-runner.pre-install

ilot/authentik/APKBUILD

@@ -1,8 +1,8 @@
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=authentik
-pkgver=2024.4.3
-pkgrel=2
+pkgver=2024.4.4
+pkgrel=0
 pkgdesc="An open-source Identity Provider focused on flexibility and versatility"
 url="https://github.com/goauthentik/authentik"
 # s390x: missing py3-celery py3-flower and py3-kombu
@@ -247,7 +247,7 @@ package() {
 }
 
 sha512sums="
-121ed925d81a5cb2a14fed8ec8b324352e40b1fcbba83573bfdc1d1f66a91d9670cd64d7ef752c8a2df6c34fc3e19e8aec5c6752d33e87b487a462a590212ab0  authentik-2024.4.3.tar.gz
+22c8ff16b93b9fcb84478b6476dd4f6413719037affc7756f20ba1dc3afff1fbaae2f1fc89d7b3a9c4372fcc856009d8a4ef5eb7854855e4528523fb456a2491  authentik-2024.4.4.tar.gz
 4defb4fe3a4230f4aa517fbecd5e5b8bcef2a64e1b40615660ae9eec33597310a09df5e126f4d39ce7764bd1716c0a7040637699135c103cbc1879593c6c06f1  authentik.openrc
 6cb03b9b69df39bb4539fe05c966536314d766b2e9307a92d87070ba5f5b7e7ab70f1b5ee1ab3c0c50c23454f9c5a4caec29e63fdf411bbb7a124ad687569b89  authentik-worker.openrc
 351e6920d987861f8bf0d7ab2f942db716a8dbdad1f690ac662a6ef29ac0fd46cf817cf557de08f1c024703503d36bc8b46f0d9eb1ecaeb399dce4c3bb527d17  authentik-ldap.openrc

ilot/codeberg-pages-server/APKBUILD

@@ -0,0 +1,45 @@
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+pkgname=codeberg-pages-server
+pkgver=5.1
+pkgrel=0
+pkgdesc="The Codeberg Pages Server – with custom domain support, per-repo pages using the "pages" branch, caching and more."
+url="https://codeberg.org/Codeberg/pages-server"
+arch="all"
+license="EUPL-1.2"
+depends="nginx"
+makedepends="go just"
+# tests disabled for now
+options="!check"
+install="$pkgname.post-install $pkgname.post-upgrade $pkgname.pre-install"
+source="
+	$pkgname-$pkgver.tar.gz::https://codeberg.org/Codeberg/pages-server/archive/v$pkgver.tar.gz
+	codeberg-pages-server.openrc
+	upgrade-go-sqlite3-to-1.14.19.patch
+	"
+builddir="$srcdir/"pages-server
+subpackages="$pkgname-openrc"
+pkgusers="git"
+pkggroups="www-data"
+
+export GOPATH=$srcdir/go
+export GOCACHE=$srcdir/go-build
+export GOTMPDIR=$srcdir
+
+build() {
+	just build
+}
+
+package() {
+	msg "Packaging $pkgname"
+	install -Dm755 "$builddir"/build/codeberg-pages-server "$pkgdir"/usr/bin/codeberg-pages-server
+
+	install -Dm755 "$srcdir"/$pkgname.openrc \
+		"$pkgdir"/etc/init.d/$pkgname
+}
+
+sha512sums="
+55a1dd5ed0f1cb2aaad1066eca8bfbd1d537169ed3712c748163ebff64edc45d05ac1f6f062433e232e2638a790232438282f96dd7410eb4cbaff7208f5f2427  codeberg-pages-server-5.1.tar.gz
+4defb4fe3a4230f4aa517fbecd5e5b8bcef2a64e1b40615660ae9eec33597310a09df5e126f4d39ce7764bd1716c0a7040637699135c103cbc1879593c6c06f1  codeberg-pages-server.openrc
+895f1c8d22fcf1d5491a6fe0ce5d93201f83b6dd5fc81b24016b609988fb6c66fdde75bb3830f385a5c83d96366ca3a5f4f9524f52058b6c5dfd8b80d14bac5b  upgrade-go-sqlite3-to-1.14.19.patch
+"

ilot/codeberg-pages-server/codeberg-pages-server.openrc

@@ -0,0 +1,30 @@
+#!/sbin/openrc-run
+  
+name="$RC_SVCNAME"
+cfgfile="/etc/conf.d/$RC_SVCNAME.conf"
+pidfile="/run/$RC_SVCNAME.pid"
+working_directory="/usr/share/webapps/authentik"
+command="/usr/share/webapps/authentik/server"
+command_user="authentik"
+command_group="authentik"
+start_stop_daemon_args=""
+command_background="yes"
+output_log="/var/log/authentik/$RC_SVCNAME.log"
+error_log="/var/log/authentik/$RC_SVCNAME.err"
+
+depend() {
+        need redis
+        need postgresql
+}
+
+start_pre() {
+	cd "$working_directory"
+        checkpath --directory --owner $command_user:$command_group --mode 0775 \
+                /var/log/authentik \
+                /var/lib/authentik/certs
+}
+
+stop_pre() {
+	ebegin "Killing child processes"
+	kill $(ps -o pid= --ppid $(cat $pidfile)) || true
+}

ilot/codeberg-pages-server/codeberg-pages-server.post-install

@@ -0,0 +1,39 @@
+#!/bin/sh
+set -eu
+
+group=authentik
+config_file='/etc/authentik/config.yml'
+
+setcap 'cap_net_bind_service=+ep' /usr/share/webapps/authentik/server
+
+if [ $(grep '@@SECRET_KEY@@' "$config_file") ]; then
+	echo "* Generating random secret in $config_file" >&2
+
+	secret_key="$(pwgen -s 50 1)"
+	sed -i "s|@@SECRET_KEY@@|$secret_key|" "$config_file"
+	chown root:$group "$config_file"
+fi
+
+if [ "${0##*.}" = 'post-upgrade' ]; then
+	cat >&2 <<-EOF
+	*
+	* To finish Authentik upgrade run:
+	*
+	*     authentik-manage migrate
+	*
+	EOF
+else
+	cat >&2 <<-EOF
+	*
+	* 1. Adjust settings in /etc/authentik/config.yml.
+	*
+	* 2. Create database for Authentik:
+	*
+	*     psql -c "CREATE ROLE authentik PASSWORD 'top-secret' INHERIT LOGIN;"
+	*     psql -c "CREATE DATABASE authentik OWNER authentik ENCODING 'UTF-8';"
+	*
+	* 3. Run "authentik-manage migrate"
+	* 4. Setup admin user at https://<your server>/if/flow/initial-setup/
+	*
+	EOF
+fi

ilot/codeberg-pages-server/codeberg-pages-server.post-upgrade

@@ -0,0 +1 @@
+codeberg-pages-server.post-install

ilot/codeberg-pages-server/codeberg-pages-server.pre-install

@@ -0,0 +1,26 @@
+#!/bin/sh
+# It's very important to set user/group correctly.
+
+authentik_dir='/var/lib/authentik'
+
+if ! getent group authentik 1>/dev/null; then
+	echo '* Creating group authentik' 1>&2
+
+	addgroup -S authentik
+fi
+
+if ! id authentik 2>/dev/null 1>&2; then
+	echo '* Creating user authentik' 1>&2
+
+	adduser -DHS -G authentik -h "$authentik_dir" -s /bin/sh  \
+		-g "added by apk for authentik" authentik
+	passwd -u authentik 1>/dev/null  # unlock
+fi
+
+if ! id -Gn authentik | grep -Fq redis; then
+	echo '* Adding user authentik to group redis' 1>&2
+
+	addgroup authentik redis
+fi
+
+exit 0

ilot/codeberg-pages-server/upgrade-go-sqlite3-to-1.14.19.patch

@@ -0,0 +1,26 @@
+diff --git a/go.mod.orig b/go.mod
+index eba292e..00310e5 100644
+--- a/go.mod.orig
++++ b/go.mod
+@@ -11,7 +11,7 @@ require (
+ 	github.com/go-sql-driver/mysql v1.6.0
+ 	github.com/joho/godotenv v1.4.0
+ 	github.com/lib/pq v1.10.7
+-	github.com/mattn/go-sqlite3 v1.14.16
++	github.com/mattn/go-sqlite3 v1.14.19
+ 	github.com/microcosm-cc/bluemonday v1.0.26
+ 	github.com/reugn/equalizer v0.0.0-20210216135016-a959c509d7ad
+ 	github.com/rs/zerolog v1.27.0
+diff --git a/go.sum.orig b/go.sum
+index 7ea8b78..19145ea 100644
+--- a/go.sum.orig
++++ b/go.sum
+@@ -479,6 +479,8 @@ github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m
+ github.com/mattn/go-sqlite3 v1.14.9/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
+ github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y=
+ github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
++github.com/mattn/go-sqlite3 v1.14.19 h1:fhGleo2h1p8tVChob4I9HpmVFIAkKGpiukdrgQbWfGI=
++github.com/mattn/go-sqlite3 v1.14.19/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
+ github.com/mattn/go-tty v0.0.0-20180219170247-931426f7535a/go.mod h1:XPvLUNfbS4fJH25nqRHfWLMa1ONC8Amw+mIA639KxkE=
+ github.com/mattn/go-tty v0.0.3/go.mod h1:ihxohKRERHTVzN+aSVRwACLCeqIoZAWpoICkkvrWyR0=
+ github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=

ilot/forgejo-aneksajo/APKBUILD

@@ -0,0 +1,112 @@
+# Contributor: Carlo Landmeter <clandmeter@alpinelinux.org>
+# Contributor: 6543 <6543@obermui.de>
+# Contributor: techknowlogick <techknowlogick@gitea.io>
+# Contributor: Patrycja Rosa <alpine@ptrcnull.me>
+# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+pkgname=forgejo-aneksajo
+pkgver=8.0.1
+_gittag=v$pkgver-git-annex0
+pkgrel=0
+pkgdesc="Self-hosted Git service written in Go with git-annex support"
+url="https://forgejo.org"
+# riscv64: builds fail https://codeberg.org/forgejo/forgejo/issues/3025
+arch="all !riscv64"
+license="MIT"
+depends="git git-lfs gnupg"
+makedepends="go nodejs npm"
+checkdepends="bash openssh openssh-keygen sqlite tzdata"
+install="$pkgname.pre-install"
+pkgusers="forgejo"
+pkggroups="www-data"
+subpackages="$pkgname-openrc"
+source="$pkgname-$_gittag.tar.gz::https://codeberg.org/matrss/forgejo-aneksajo/archive/$_gittag.tar.gz
+	$pkgname.initd
+	$pkgname.ini
+	"
+builddir="$srcdir/forgejo-aneksajo"
+options="!check net chmod-clean" # broken with GIT_CEILING
+
+# secfixes:
+#   7.0.4-r0:
+#     - CVE-2024-24789
+#   7.0.3-r0:
+#     - CVE-2024-24788
+#   1.21.10.0-r0:
+#     - CVE-2023-45288
+#   1.21.3.0-r0:
+#     - CVE-2023-48795
+
+export GOCACHE="${GOCACHE:-"$srcdir/go-cache"}"
+export GOTMPDIR="${GOTMPDIR:-"$srcdir"}"
+export GOMODCACHE="${GOMODCACHE:-"$srcdir/go"}"
+
+# Skip tests for archs that fail unrelated in CI
+case "$CARCH" in
+s390x|x86|armhf|armv7) options="$options !check" ;;
+esac
+
+prepare() {
+	default_prepare
+
+	npm ci
+}
+
+build() {
+	# XXX: LARGEFILE64
+	export CGO_CFLAGS="$CFLAGS -O2 -D_LARGEFILE64_SOURCE"
+	export TAGS="bindata sqlite sqlite_unlock_notify"
+	export GITEA_VERSION="$pkgver"
+	export EXTRA_GOFLAGS="$GOFLAGS"
+	export CGO_LDFLAGS="$LDFLAGS"
+	unset LDFLAGS
+	## make FHS compliant
+	local setting="code.gitea.io/gitea/modules/setting"
+	export LDFLAGS="$LDFLAGS -X $setting.CustomConf=/etc/forgejo/app.ini"
+	export LDFLAGS="$LDFLAGS -X $setting.AppWorkPath=/var/lib/forgejo/"
+
+	make -j1 build
+}
+
+check() {
+	local home="$srcdir"/home
+	mkdir -p "$home"
+	install -d -m700 "$home"/.ssh
+	touch "$home"/.gitconfig
+
+	env GITEA_ROOT="$home" HOME="$home" GITEA_WORK_DIR="$(pwd)" timeout -s ABRT 20m make -j1 test-sqlite
+	## "make test" - modified (exclude broken tests)
+	## 'code.gitea.io/gitea/modules/migrations': github hase rate limits! 403 API
+	local tests=$(go list ./... | grep -v /vendor/ |
+		grep -v 'code.gitea.io/gitea/modules/migrations' |
+		grep -v 'code.gitea.io/gitea/modules/charset' |
+		grep -v 'code.gitea.io/gitea/models/migrations' |
+		grep -v 'code.gitea.io/gitea/services/migrations' |
+		grep -v 'code.gitea.io/gitea/integrations')
+	env GITEA_CONF="$PWD/tests/sqlite.ini" GITEA_ROOT="$home" HOME="$home" GO111MODULE=on go test -mod=vendor -tags='sqlite sqlite_unlock_notify' $tests
+
+}
+
+package() {
+	for dir in $pkgname $pkgname/git $pkgname/data $pkgname/db $pkgname/custom; do
+		install -dm750 -o forgejo -g www-data \
+			"$pkgdir"/var/lib/$dir
+	done
+
+	install -dm755 -o forgejo -g www-data "$pkgdir"/var/log/forgejo
+
+	# TODO: rename when upstream does
+	install -Dm755 -g www-data gitea "$pkgdir"/usr/bin/forgejo
+
+	install -Dm644 -o forgejo -g www-data "$srcdir"/forgejo-aneksajo.ini \
+		"$pkgdir"/etc/forgejo/app.ini
+	chown forgejo:www-data "$pkgdir"/etc/forgejo
+
+	install -Dm755 "$srcdir"/forgejo-aneksajo.initd \
+		"$pkgdir"/etc/init.d/forgejo
+}
+
+sha512sums="
+d8e273d369c934eec7ff84795cd0d896cda53bc1a2d17f610dd8476ff92dc50c4a24c4598366ef8aac3be52ddef6630489043183085334376c30bc5d4d5f15c2  forgejo-aneksajo-v8.0.1-git-annex0.tar.gz
+eb93a9f6c8f204de5c813f58727015f53f9feaab546589e016c60743131559f04fc1518f487b6d2a0e7fa8fab6d4a67cd0cd9713a7ccd9dec767a8c1ddebe129  forgejo-aneksajo.initd
+b537b41b6b3a945274a6028800f39787b48c318425a37cf5d40ace0d1b305444fd07f17b4acafcd31a629bedd7d008b0bb3e30f82ffeb3d7e7e947bdbe0ff4f3  forgejo-aneksajo.ini
+"

ilot/forgejo-aneksajo/forgejo-aneksajo.ini

@@ -0,0 +1,26 @@
+# Configuration cheat sheet: https://forgejo.org/docs/latest/admin/config-cheat-sheet/
+
+RUN_USER = forgejo
+RUN_MODE = prod
+
+[repository]
+ROOT = /var/lib/forgejo/git
+SCRIPT_TYPE = sh
+
+[server]
+STATIC_ROOT_PATH = /usr/share/webapps/forgejo
+APP_DATA_PATH    = /var/lib/forgejo/data
+LFS_START_SERVER = true
+
+[database]
+DB_TYPE = sqlite3
+PATH = /var/lib/forgejo/db/forgejo.db
+SSL_MODE = disable
+
+[session]
+PROVIDER = file
+
+[log]
+ROOT_PATH = /var/log/forgejo
+MODE = file
+LEVEL = Info

ilot/forgejo-aneksajo/forgejo-aneksajo.initd

@@ -0,0 +1,15 @@
+#!/sbin/openrc-run
+
+supervisor=supervise-daemon
+name=forgejo
+command="/usr/bin/forgejo"
+command_user="${FORGEJO_USER:-forgejo}:www-data"
+command_args="web --config '${FORGEJO_CONF:-/etc/forgejo/app.ini}'"
+supervise_daemon_args="--env FORGEJO_WORK_DIR='${FORGEJO_WORK_DIR:-/var/lib/forgejo}' --chdir '${FORGEJO_WORK_DIR:-/var/lib/forgejo}' --stdout '${FORGEJO_LOG_FILE:-/var/log/forgejo/http.log}' --stderr '${FORGEJO_LOG_FILE:-/var/log/forgejo/http.log}'"
+pidfile="/run/forgejo.pid"
+
+depend() {
+  use logger dns
+  need net
+  after firewall mysql postgresql
+}

ilot/forgejo-aneksajo/forgejo-aneksajo.pre-install

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+addgroup -S -g 82 www-data 2>/dev/null
+adduser -S -D -h /var/lib/forgejo -s /bin/sh -G www-data -g forgejo forgejo 2>/dev/null \
+	&& passwd -u forgejo 2>/dev/null
+
+exit 0

ilot/py3-django-rest-framework/APKBUILD

@@ -4,7 +4,7 @@
 pkgname=py3-django-rest-framework
 _pkgname=django-rest-framework
 pkgver=3.14.0
-pkgrel=1
+pkgrel=2
 pkgdesc="Web APIs for Django"
 url="https://github.com/encode/django-rest-framework"
 arch="noarch"