fix: Gitea Traefik routing and connection pool optimization

- Remove middleware reference from Gitea Traefik labels (caused routing issues) - Optimize Gitea connection pool settings (MAX_IDLE_CONNS=30, authentication_timeout=180s) - Add explicit service reference in Traefik labels - Fix intermittent 504 timeouts by improving PostgreSQL connection handling Fixes Gitea unreachability via git.michaelschiemer.de
2025-11-09 14:46:15 +01:00
parent 85c369e846
commit 36ef2a1e2c
1366 changed files with 104925 additions and 28719 deletions
--- a/scripts/deployment/setup-secrets-interactive.sh
+++ b/scripts/deployment/setup-secrets-interactive.sh
@@ -0,0 +1,183 @@
+#!/bin/bash
+# Interaktives Script zum Setzen der Gitea Secrets via API
+# Fragt nach Token falls nicht vorhanden
+
+set -euo pipefail
+
+# Repository Info aus git remote
+REPO_FULL=$(git remote get-url origin 2>/dev/null | sed -E 's/.*[:/]([^/]+)\/([^/]+)\.git$/\1\/\2/' || echo "michael/michaelschiemer")
+REPO_OWNER=$(echo "$REPO_FULL" | cut -d'/' -f1)
+REPO_NAME=$(echo "$REPO_FULL" | cut -d'/' -f2)
+
+GITEA_URL="${GITEA_URL:-https://git.michaelschiemer.de}"
+GITEA_TOKEN="${GITEA_TOKEN:-}"
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+echo -e "${BLUE}════════════════════════════════════════════════════════════${NC}"
+echo -e "${BLUE}Gitea Repository Secrets Setup via API${NC}"
+echo -e "${BLUE}════════════════════════════════════════════════════════════${NC}"
+echo ""
+echo -e "Repository: ${GREEN}${REPO_OWNER}/${REPO_NAME}${NC}"
+echo -e "Gitea URL: ${GREEN}${GITEA_URL}${NC}"
+echo ""
+
+# Prüfe ob Token vorhanden
+if [ -z "$GITEA_TOKEN" ]; then
+    echo -e "${YELLOW}⚠️  GITEA_TOKEN nicht gefunden${NC}"
+    echo ""
+    echo -e "${BLUE}Du musst zuerst einen Gitea Access Token erstellen:${NC}"
+    echo ""
+    echo "1. Öffne im Browser:"
+    echo -e "   ${GREEN}${GITEA_URL}/user/settings/applications${NC}"
+    echo ""
+    echo "2. Scrolle zu 'Generate New Token'"
+    echo ""
+    echo "3. Konfiguration:"
+    echo "   - Name: z.B. 'CI/CD Secrets Setup'"
+    echo "   - Scopes: ✅ write:repository (mindestens)"
+    echo ""
+    echo "4. Klicke 'Generate Token'"
+    echo ""
+    echo "5. Kopiere den Token (wird nur einmal angezeigt!)"
+    echo ""
+    echo -e "${YELLOW}Dann füge den Token hier ein (wird nicht angezeigt):${NC}"
+    read -s -p "Gitea Token: " GITEA_TOKEN
+    echo ""
+    echo ""
+fi
+
+# Funktion zum Setzen eines Secrets
+set_secret() {
+    local secret_name=$1
+    local secret_value=$2
+    
+    echo -n "Setting $secret_name... "
+    
+    local response=$(curl -s -w "\n%{http_code}" \
+        -X PUT \
+        -H "Authorization: token ${GITEA_TOKEN}" \
+        -H "Content-Type: application/json" \
+        "${GITEA_URL}/api/v1/repos/${REPO_OWNER}/${REPO_NAME}/actions/secrets/${secret_name}" \
+        -d "{
+            \"data\": \"${secret_value}\"
+        }" 2>&1)
+    
+    local http_code=$(echo "$response" | tail -n1)
+    local body=$(echo "$response" | sed '$d')
+    
+    if [ "$http_code" = "204" ] || [ "$http_code" = "201" ]; then
+        echo -e "${GREEN}✅ OK${NC}"
+        return 0
+    elif [ "$http_code" = "404" ]; then
+        echo -e "${RED}❌ Repository nicht gefunden (404)${NC}"
+        echo "   Prüfe: REPO_OWNER=${REPO_OWNER}, REPO_NAME=${REPO_NAME}"
+        return 1
+    elif [ "$http_code" = "403" ]; then
+        echo -e "${RED}❌ Keine Berechtigung (403)${NC}"
+        echo "   Token benötigt 'write:repository' Scope"
+        return 1
+    elif [ "$http_code" = "401" ]; then
+        echo -e "${RED}❌ Ungültiger Token (401)${NC}"
+        return 1
+    else
+        echo -e "${RED}❌ FAILED (HTTP $http_code)${NC}"
+        echo "Response: $body"
+        return 1
+    fi
+}
+
+# Prüfe Token-Gültigkeit
+echo -e "${BLUE}Prüfe Token-Gültigkeit...${NC}"
+TOKEN_CHECK=$(curl -s -o /dev/null -w "%{http_code}" \
+    -H "Authorization: token ${GITEA_TOKEN}" \
+    "${GITEA_URL}/api/v1/user" 2>&1)
+
+if [ "$TOKEN_CHECK" != "200" ]; then
+    echo -e "${RED}❌ Token ist ungültig oder hat keine ausreichenden Berechtigungen${NC}"
+    echo "HTTP Status: $TOKEN_CHECK"
+    exit 1
+fi
+
+echo -e "${GREEN}✅ Token ist gültig${NC}"
+echo ""
+
+# Registry Password
+REGISTRY_PASSWORD="${REGISTRY_PASSWORD:-registry-secure-password-2025}"
+
+# SSH Private Key
+SSH_KEY_PATH="${SSH_KEY_PATH:-$HOME/.ssh/production}"
+if [ -f "$SSH_KEY_PATH" ]; then
+    SSH_PRIVATE_KEY=$(cat "$SSH_KEY_PATH")
+    echo -e "${GREEN}✓ SSH private key gefunden: ${SSH_KEY_PATH}${NC}"
+else
+    echo -e "${YELLOW}⚠️  SSH private key nicht gefunden: ${SSH_KEY_PATH}${NC}"
+    echo ""
+    read -p "SSH Key Pfad (oder Enter für Skip): " custom_ssh_path
+    if [ -n "$custom_ssh_path" ] && [ -f "$custom_ssh_path" ]; then
+        SSH_PRIVATE_KEY=$(cat "$custom_ssh_path")
+        echo -e "${GREEN}✓ SSH private key geladen${NC}"
+    else
+        echo -e "${YELLOW}⚠️  Überspringe SSH_PRIVATE_KEY${NC}"
+        SSH_PRIVATE_KEY=""
+    fi
+fi
+
+echo ""
+echo -e "${BLUE}Setze Secrets für Repository: ${REPO_OWNER}/${REPO_NAME}${NC}"
+echo ""
+
+# Setze Secrets
+ERRORS=0
+
+echo -e "${BLUE}Secret 1/3: REGISTRY_USER${NC}"
+if set_secret "REGISTRY_USER" "admin"; then
+    echo ""
+else
+    ERRORS=$((ERRORS + 1))
+fi
+
+echo -e "${BLUE}Secret 2/3: REGISTRY_PASSWORD${NC}"
+if set_secret "REGISTRY_PASSWORD" "$REGISTRY_PASSWORD"; then
+    echo ""
+else
+    ERRORS=$((ERRORS + 1))
+fi
+
+if [ -n "$SSH_PRIVATE_KEY" ]; then
+    echo -e "${BLUE}Secret 3/3: SSH_PRIVATE_KEY${NC}"
+    # Escape JSON special characters
+    SSH_PRIVATE_KEY_ESCAPED=$(echo "$SSH_PRIVATE_KEY" | sed 's/\\/\\\\/g' | sed 's/"/\\"/g' | sed ':a;N;$!ba;s/\n/\\n/g')
+    if set_secret "SSH_PRIVATE_KEY" "$SSH_PRIVATE_KEY_ESCAPED"; then
+        echo ""
+    else
+        ERRORS=$((ERRORS + 1))
+    fi
+else
+    echo -e "${YELLOW}⚠️  Überspringe SSH_PRIVATE_KEY (nicht gefunden)${NC}"
+    echo ""
+fi
+
+# Zusammenfassung
+echo -e "${BLUE}════════════════════════════════════════════════════════════${NC}"
+if [ $ERRORS -eq 0 ]; then
+    echo -e "${GREEN}✅ Secrets Setup erfolgreich abgeschlossen!${NC}"
+    echo ""
+    echo -e "Verifizierung:"
+    echo -e "  - Gehe zu: ${GREEN}${GITEA_URL}/${REPO_OWNER}/${REPO_NAME}/settings${NC}"
+    echo -e "  - Oder teste den Workflow: ${GREEN}Repository → Actions → Test Registry Credentials${NC}"
+    exit 0
+else
+    echo -e "${RED}❌ Fehler beim Setzen von $ERRORS Secret(s)${NC}"
+    echo ""
+    echo "Troubleshooting:"
+    echo "  - Prüfe Token-Berechtigungen (benötigt: write:repository)"
+    echo "  - Prüfe Repository-Name: ${REPO_OWNER}/${REPO_NAME}"
+    echo "  - Prüfe ob Actions für das Repository aktiviert ist"
+    exit 1
+fi