Update Gitea version and configuration for Azure Blob storage support. #4672
Conversation
Also had to change the bundle_runtime_image_build.sh to use buildx and force v2 manifests.
|
@jonnyry Have a look, should be fixed now 😄 |
|
@james-annages do you know if it's possible to use managed identity rather than an access key? Access keys are blocked in all our subscriptions so can't test it out. |
@marrobi I dont think so. They are using the Azure go SDK but it looks like they have hardcoded using the key: Gitea Azure blob code |
|
@james-annages sorry its taken a while to get to this. The breaking change - as I understand the data will not be "migrated"? If so we should use a major version bump as this requires a force parameter to be passed to the API. |
@marrobi Ye im happy to do so. The storage is not mirgated. People may be able to add the miration but i was not sure how to do so efectivlay. |
Unit Test Results0 tests 0 ✅ 0s ⏱️ Results for commit 7726648. ♻️ This comment has been updated with latest results. |
bumped the to account for the bracking change of the storage.
bumped the to account for the bracking change of the storage.
|
@james-annages can you resolve this linting: |
@marrobi sorted, sorry had missed the fail emails. |
|
/test |
|
🤖 pr-bot 🤖 🏃 Running tests: https://github.com/microsoft/AzureTRE/actions/runs/18464649436 (with refid (in response to this comment from @james-annages) |
|
Is the only way to leverage Azure Blob from Gitea to use the storage account's access key? I am concerned that in 2025, we're still forced to use these access keys, which then require exemptions in many compliance policies. |
@SvenAelterman I aggree, however the gitea code is using the Key in the Azure sdk and not giving options for other methords. Long term we can put a problem in with the gitea repo and see if they will make a change? |
I think that's a good idea. I perused the open issues at the Gitea repo and didn't see anything yet. |
Problem reased on the Gitea Github repo. Gitea repo issue |
There was a problem hiding this comment.
Pull request overview
This PR updates the Gitea workspace and shared service templates to use a newer version of Gitea (1.24.5, up from 1.15/1.17.3) and migrates storage from Azure Files to Azure Blob Storage. The change also addresses compatibility issues with Azure App Service by updating the Docker build process to force v2 manifests using buildx.
Key changes:
- Gitea version bumped to 1.24.5 across both workspace and shared service templates
- Storage migrated from Azure Files (file share) to Azure Blob Storage (blob container)
- Bundle versions updated to 2.0.1 (major version bump) reflecting the breaking storage migration
- Docker build script updated to use buildx with platform specification for v2 manifest generation
Reviewed changes
Copilot reviewed 13 out of 14 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| templates/workspace_services/gitea/version.txt | Bumped version from 0.6.1 to 0.7.1 for the runtime image |
| templates/workspace_services/gitea/terraform/variables.tf | Removed unused gitea_storage_limit variable |
| templates/workspace_services/gitea/terraform/storage.tf | Replaced Azure Files share with Azure Blob container and updated private endpoint configuration |
| templates/workspace_services/gitea/terraform/gitea-webapp.tf | Added Azure Blob storage configuration environment variables, removed file share mount, updated dependencies |
| templates/workspace_services/gitea/terraform/data.tf | Changed DNS zone reference from file to blob storage |
| templates/workspace_services/gitea/terraform/.terraform.lock.hcl | Removed Terraform lock file |
| templates/workspace_services/gitea/porter.yaml | Bumped bundle version from 1.3.2 to 2.0.1 |
| templates/workspace_services/gitea/docker/Dockerfile | Updated Gitea tag to 1.24.5 and added execute permission for configure script |
| templates/shared_services/gitea/terraform/gitea-webapp.tf | Migrated to Azure Blob storage configuration, removed file share mount and storage account block |
| templates/shared_services/gitea/porter.yaml | Bumped bundle version from 1.2.1 to 2.0.1 |
| templates/shared_services/gitea/docker/version.txt | Bumped version from 0.3.12 to 0.4.1 |
| templates/shared_services/gitea/docker/Dockerfile | Updated Gitea tag to 1.24.5 |
| devops/scripts/bundle_runtime_image_build.sh | Updated to force buildx with amd64 platform and v2 manifests |
| CHANGELOG.md | Added breaking change notice for Gitea update and storage migration |
Files not reviewed (1)
- templates/workspace_services/gitea/terraform/.terraform.lock.hcl: Language not supported
Comments suppressed due to low confidence (1)
templates/workspace_services/gitea/terraform/.terraform.lock.hcl:1
- The
.terraform.lock.hclfile has been completely removed from the workspace services Gitea template, but it still exists in the shared services Gitea template (templates/shared_services/gitea/terraform/.terraform.lock.hcl). According to Terraform best practices, lock files should be checked into version control to ensure consistent provider versions across environments. This inconsistency should be addressed - either regenerate and include the lock file for workspace services or provide justification for its removal.
| ## Needed as workaround for v1 manifests not being supported in Azure App Service on Linux. | ||
|
|
There was a problem hiding this comment.
This comment appears incomplete. It should explain what the workaround is for and possibly link to a related issue. Consider completing it with details like: "Needed as workaround for v1 manifests not being supported in Azure App Service on Linux. BuildKit with buildx ensures v2 manifest generation."
| ## Needed as workaround for v1 manifests not being supported in Azure App Service on Linux. | |
| ## Workaround: Force BuildKit and buildx to ensure Docker produces v2 image manifests. | |
| ## Azure App Service on Linux does not support v1 image manifests, which are produced by the default Docker build. | |
| ## By using BuildKit with buildx (`DOCKER_BUILDKIT=1` and `docker buildx build`), we ensure v2 manifests are generated. | |
| ## See: https://github.com/microsoft/AzureTRE/issues/2532 |
| <!-- markdownlint-disable MD041 --> | ||
| ## 0.26.0 (Unreleased) | ||
| **BREAKING CHANGES & MIGRATIONS**: | ||
| * Updated the version of gitea and the runtime build script. Updating Gitea will remove the storage from underneath it and result in a redeploy. ([#4672](https://github.com/microsoft/AzureTRE/pull/4672)) |
There was a problem hiding this comment.
According to the project's version management guidelines, component version updates should be documented in the CHANGELOG under a "COMPONENTS" section. This entry describes updates to Gitea (from 1.15/1.17.3 to 1.24.5) and bundle versions (workspace service: 1.3.2→2.0.1, shared service: 1.2.1→2.0.1). Consider adding a "COMPONENTS:" section after "BREAKING CHANGES & MIGRATIONS:" with the version updates formatted like:
COMPONENTS:
* Update Gitea workspace service from 1.3.2 to 2.0.1 and Gitea version from 1.17.3 to 1.24.5 ([#4672](https://github.com/microsoft/AzureTRE/pull/4672))
* Update Gitea shared service from 1.2.1 to 2.0.1 and Gitea version from 1.15 to 1.24.5 ([#4672](https://github.com/microsoft/AzureTRE/pull/4672))
There was a problem hiding this comment.
Shouldnt be under components but needs to be moved to latest release.
There was a problem hiding this comment.
Shouldnt be under components but needs to be moved to latest release.
3 participants
Also had to change the bundle_runtime_image_build.sh to use buildx and force v2 manifests.
Resolves #4671
What is being addressed
How is this addressed
bundle_runtime_image_build.shto use buildx and manafests v2.