microsoft · marrobi · Nov 15, 2022 · Nov 11, 2022 · Nov 11, 2022 · Nov 11, 2022
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -34,6 +34,7 @@ ENHANCEMENTS:
 * Adds extra dns zones and links into core network ([#2828](https://github.com/microsoft/AzureTRE/pull/2828)).
 * Add UI version to its footer card ([#2849](https://github.com/microsoft/AzureTRE/pull/2849)).
 * Use `log_category_types` in `azurerm_monitor_diagnostic_categories` to remove deprecation warning ([#2855](https://github.com/microsoft/AzureTRE/pull/2855)).
+* Gitea workspace bundle has a number of updates as detailed in PR ([#2862](https://github.com/microsoft/AzureTRE/pull/2862).
 
 BUG FIXES:
 * Show the correct createdBy value for airlock requests in UI and in API queries ([#2779](https://github.com/microsoft/AzureTRE/pull/2779))

diff --git a/docs/tre-templates/workspace-services/gitea.md b/docs/tre-templates/workspace-services/gitea.md
@@ -4,7 +4,7 @@ See: [https://gitea.io/](https://gitea.io)
 
 ## Firewall Rules
 
-The Gitea worskpace service needs outbound access to:
+The Gitea worskpace service opens outbound access to:
 
 - AzureActiveDirectory
 - Azure AD CDN - `https://aadcdn.msftauth.net`
@@ -15,23 +15,12 @@ The Gitea worskpace service needs outbound access to:
 
 - The Gitea workspace service container image needs building and pushing:
 
-  `make build-gitea-workspace-service-image push-gitea-workspace-service-image`
-
-## Gitea Workspace Service Configuration
-
-When deploying a Gitea Workspace service the following properties need to be configured.
-
-| Property |  Description |
-| -------- |  ----------- |
-| `openid_client_id` | Valid client ID of the Workspace App Registration. |
-| `openid_client_secret` | Valid client secret of the Workspace App Registration. |
-| `openid_authority` | Valid authority of the OpenID service, such as `https://login.microsoftonline.com/{tenant_id}/v2.0` |
-
-Once the service is deployed a redirect URL will need adding to the Azure AD app registration in the format: `https://<gitea_url>/user/oauth2/oidc/callback`
+  `make workspace_service_bundle BUNDLE=gitea`
 
 ## Authenticating to Gitea and setting up a local username and password
 
-1. Navigate to the Gitea workspace service and from the menu click the `Sign in` button.
-2. Click sign in with OpenID button and sign in with the same credentials used to access the workspace.
-3. Once succesfully signed in choose a username.
-4. Navigate to the user settings and under the account tab set a password for your account( `https://<gitea_url>/user/settings/account` ). This username and passowrd should be used to authenticate against Gitea when carrying out git operations.
+1. Navigate to the Gitea workspace service using the connection URI from the details tab.
+2. and from the menu click the `Sign in` button.
+3. Click sign in with OpenID button and sign in with the same credentials used to access the workspace.
+4. Once succesfully signed in choose a username.
+5. Navigate to the user settings and under the account tab set a password for your account( `https://<gitea_url>/user/settings/account` ). This username and passowrd should be used to authenticate against Gitea when carrying out git operations.
diff --git a/templates/workspace_services/gitea/.env.sample b/templates/workspace_services/gitea/.env.sample
@@ -1,6 +1,3 @@
 ID="__CHANGE_ME__"
 WORKSPACE_ID="__CHANGE_ME__"
-OPENID_CLIENT_ID="__CHANGE_ME__"
-OPENID_CLIENT_SECRET="__CHANGE_ME__"
-OPENID_AUTHORITY="__CHANGE_ME__"
 MGMT_ACR_NAME="__CHANGE_ME__"
diff --git a/templates/workspace_services/gitea/docker/Dockerfile b/templates/workspace_services/gitea/docker/Dockerfile
@@ -1,10 +1,10 @@
-ARG GITEA_TAG=1.16.3
+ARG GITEA_TAG=1.17.3
 ARG CERTIFICATE_URL=https://www.digicert.com/CACerts/BaltimoreCyberTrustRoot.crt.pem
 
 FROM gitea/gitea:${GITEA_TAG}
 # need to pass args to stage
 ARG CERTIFICATE_URL
-RUN wget -O /usr/local/share/ca-certificates/mysql.crt.pem ${CERTIFICATE_URL} && update-ca-certificates
+RUN wget -q -O /usr/local/share/ca-certificates/mysql.crt.pem ${CERTIFICATE_URL} && update-ca-certificates
 COPY . /
 
 RUN /usr/sbin/adduser -D -g users gitea

diff --git a/templates/workspace_services/gitea/parameters.json b/templates/workspace_services/gitea/parameters.json
@@ -34,24 +34,6 @@
         "env": "MGMT_RESOURCE_GROUP_NAME"
       }
     },
-    {
-      "name": "openid_client_id",
-      "source": {
-        "env": "OPENID_CLIENT_ID"
-      }
-    },
-    {
-      "name": "openid_client_secret",
-      "source": {
-        "env": "OPENID_CLIENT_SECRET"
-      }
-    },
-    {
-      "name": "openid_authority",
-      "source": {
-        "env": "OPENID_AUTHORITY"
-      }
-    },
     {
       "name": "tfstate_container_name",
       "source": {

diff --git a/templates/workspace_services/gitea/porter.yaml b/templates/workspace_services/gitea/porter.yaml
@@ -1,6 +1,6 @@
 ---
 name: tre-workspace-service-gitea
-version: 0.5.0
+version: 0.6.0
 description: "A Gitea workspace service"
 dockerfile: Dockerfile.tmpl
 registry: azuretre
@@ -35,18 +35,6 @@ parameters:
     type: string
     description: "Resource group containing the devops ACR"
     env: MGMT_RESOURCE_GROUP_NAME
-  - name: openid_client_id
-    type: string
-    description: "The OpenID client ID"
-    env: OPENID_CLIENT_ID
-  - name: openid_client_secret
-    type: string
-    description: "The OpenID client secret"
-    env: OPENID_CLIENT_SECRET
-  - name: openid_authority
-    type: string
-    description: "The OpenID authority"
-    env: OPENID_AUTHORITY
   # the following are added automatically by the resource processor
   - name: id
     type: string
@@ -74,50 +62,69 @@ mixins:
       clientVersion: 1.2.6
 
 outputs:
-  - name: connection_uri
+  - name: internal_connection_uri
     type: string
     applyTo:
       - install
+      - upgrade
+  - name: authentication_callback_uri
+    type: string
+    applyTo:
+      - install
+      - upgrade
+  - name: workspace_address_space
+    type: string
+    applyTo:
+      - install
+      - upgrade
 
 install:
   - terraform:
       description: "Deploy Gitea workspace service"
-      input: false
       vars:
         workspace_id: "{{ bundle.parameters.workspace_id }}"
         tre_id: "{{ bundle.parameters.tre_id }}"
         id: "{{ bundle.parameters.id }}"
         mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}"
         mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}"
-        openid_client_id: "{{ bundle.parameters.openid_client_id }}"
-        openid_client_secret: "{{ bundle.parameters.openid_client_secret }}"
-        openid_authority: "{{ bundle.parameters.openid_authority }}"
       backendConfig:
         resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}"
         storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}"
         container_name: "{{ bundle.parameters.tfstate_container_name }}"
         key: "tre-workspace-service-gitea-{{ bundle.parameters.id }}"
       outputs:
-        - name: connection_uri
+        - name: internal_connection_uri
+        - name: authentication_callback_uri
+        - name: workspace_address_space
+
 upgrade:
-  - exec:
-      description: "Upgrade shared service"
-      command: echo
-      arguments:
-        - "This shared service does not implement upgrade action"
+  - terraform:
+      description: "Deploy Gitea workspace service"
+      vars:
+        workspace_id: "{{ bundle.parameters.workspace_id }}"
+        tre_id: "{{ bundle.parameters.tre_id }}"
+        id: "{{ bundle.parameters.id }}"
+        mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}"
+        mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}"
+      backendConfig:
+        resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}"
+        storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}"
+        container_name: "{{ bundle.parameters.tfstate_container_name }}"
+        key: "tre-workspace-service-gitea-{{ bundle.parameters.id }}"
+      outputs:
+        - name: internal_connection_uri
+        - name: authentication_callback_uri
+        - name: workspace_address_space
+
 uninstall:
   - terraform:
       description: "Tear down Gitead workspace service"
-      input: false
       vars:
         workspace_id: "{{ bundle.parameters.workspace_id }}"
         tre_id: "{{ bundle.parameters.tre_id }}"
         id: "{{ bundle.parameters.id }}"
         mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}"
         mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}"
-        openid_client_id: "{{ bundle.parameters.openid_client_id }}"
-        openid_client_secret: "{{ bundle.parameters.openid_client_secret }}"
-        openid_authority: "{{ bundle.parameters.openid_authority }}"
       backendConfig:
         resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}"
         storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}"