From 0e97d5e39fda2d40509acd2464973858ae231b39 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Thu, 1 Sep 2022 17:27:14 -0500
Subject: [PATCH] r/gitea: Update to 1.17.0

The only major change that affects the configuration policy is the
introduction of the `webhook.ALLOWED_HOST_LIST` setting.  For some dumb
reason, the default value of this setting *denies* access to machines on
the local network.  This makes no sense; why do they expect you to host
your CI or whatever on a *public* network?  Of course, the only reason
given is "for security reasons."
---
 gitea.yml                        | 3 ++-
 roles/gitea/defaults/main.yml    | 6 ++++--
 roles/gitea/tasks/main.yml       | 2 +-
 roles/gitea/templates/app.ini.j2 | 3 +++
 roles/gitea/vars/main.yml        | 4 ++++
 5 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/gitea.yml b/gitea.yml
index 457e305..c8e723e 100644
--- a/gitea.yml
+++ b/gitea.yml
@@ -1,7 +1,8 @@
 - hosts: gitea
   roles:
   - apache
-  - gitea
+  - role: gitea
+    tags: gitea
   - sshd
   tasks:
   - name: ensure apache is running
diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml
index 66120fb..a4e6bc0 100644
--- a/roles/gitea/defaults/main.yml
+++ b/roles/gitea/defaults/main.yml
@@ -1,11 +1,13 @@
-gitea_version: 1.11.0
+gitea_version: 1.17.1
 gitea_arch: '{{ _gitea_arch_map[ansible_architecture] }}'
 gitea_bin: gitea-{{ gitea_version }}-linux-{{ gitea_arch }}
 gitea_bin_sha256: >-
-  d4df5f456cf13d49c096525ff762ad70386251d3f0d2805735b5dfade17e88d4
+  {{ _gitea_cksm_map[gitea_version][gitea_arch] }}
 gitea_download_url: >-
   https://dl.gitea.io/gitea/{{ gitea_version }}/{{ gitea_bin }}
 
 gitea_ssh_domain: '{{ ansible_fqdn }}'
 gitea_http_domain: '{{ gitea_ssh_domain }}'
 gitea_root_url: 'http://{{ gitea_http_domain }}:3000/'
+gitea_webhook_allowed_host_list:
+- '*'
diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml
index 0db184e..3c8beda 100644
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@@ -31,7 +31,7 @@
   get_url:
     url: '{{ gitea_download_url }}'
     dest: 'roles/gitea/files/{{ gitea_bin }}'
-    checksum: 'sha256:{{ gitea_bin_sha256 }}'
+    checksum: '{{ gitea_bin_sha256 }}'
   tags:
   - download
 - name: ensure gitea is installed
diff --git a/roles/gitea/templates/app.ini.j2 b/roles/gitea/templates/app.ini.j2
index e23972d..d61507b 100644
--- a/roles/gitea/templates/app.ini.j2
+++ b/roles/gitea/templates/app.ini.j2
@@ -67,3 +67,6 @@ JWT_SECRET = {{ gitea_oauth2_jwt_secret }}
 
 [metrics]
 ENABLED = true
+
+[webhook]
+ALLOWED_HOST_LIST = {{ gitea_webhook_allowed_host_list|join(',') }}
diff --git a/roles/gitea/vars/main.yml b/roles/gitea/vars/main.yml
index c3200ab..dc140be 100644
--- a/roles/gitea/vars/main.yml
+++ b/roles/gitea/vars/main.yml
@@ -3,3 +3,7 @@ _gitea_arch_map:
   x86_64: amd64
   aarch64: arm64
   armv7l: arm
+
+_gitea_cksm_map:
+  1.17.1:
+    amd64: sha256:eafd476ee2a303d758448314272add00898d045439ab0d353ff4286c5e63496f