git-refinery web interface
==========================
This is a small Django-based web application that is intended to help in
the preparation of software release notes. It enables you to browse through
commits in a git repository, add short notes on each commit and then gather
up those notes. You can also easily search and categorise commits.
There are two main methods of setting up this application - within
a set of Docker containers, or standalone. The Docker-based setup
is more suited for production whereas standalone is a bit easier
for development. This document will consider only the Docker-based
setup; for standalone please see README.devel.
Docker Setup
------------
The dockersetup.py script will set up and configure a cluster of 3
docker containers:
- gitrefineryapp: the application
- gitrefinerydb: the database
- gitrefineryweb: NGINX web server (as a proxy and for serving static content)
The script will edit all necessary configuration files, build and launch all
containers, and do the initial database setup.
1) Install docker and docker-compose per instructions:
https://docs.docker.com/compose/install/
** Note: for latest docker-compose version follow the directions above,
rather than using a perhaps outdated one provided by your distribution.
2) Run the setup script (dockersetup.py). You can optionally supply your
hostname, proxy settings, a sql database file of layer mappings to import,
and a host to container port mapping. For more information, run:
./dockersetup.py -h
Example command to run containers with a proxy:
./dockersetup.py -p http://<proxyserver>:<port>
NOTE: If you want email sending to work (required for user registration and
password resets), you should use the -e/--email-host option to specify your
outgoing email server.
3) Once the script completes, open a web browser and navigate to the URL
printed out by the script. By default that would be: https://localhost:8081
4) If you need to rerun this script for any reason a second time, you'll need
to choose between two modes:
A) Updating (-u/--update) - updates the code and runs any database upgrades
if applicable, or
B) Reinstalling (-r/--reinstall) - deletes the containers and reinstalls
from scratch. Be warned that this will throw away all data in the
database.
Note that updating with -u/--update will only work if the configuration
changes originally made by dockersetup.py upon installation (e.g. passwords,
hostname, etc.) are still present in the source tree.
TROUBLESHOOTING:
- Network issues behind a proxy when building container: On some systems
(particularly where dnsmasq is installed), /etc/resolv.conf is set to
127.0.0.x, rather than your local DNS server. Docker will look there for
your DNS server, and when it fails to find it it will default to using a
public one (frequently 8.8.8.8). Many corporate proxies blocks public DNS
servers, so you will need to manually supply the DNS server to docker using
/etc/docker/daemon.json:
{"dns": ["xx.xx.xx.xx] }
Usage
-----
1. Open the application (at http://127.0.0.1:8000/gitrefinery/ when running
a local test) and log in with the button at the top right if you haven't
already
2. Click "Add repository", enter the details and click "Save"
3. Click "Add release", enter the details and click "Save"
4. Click "Import release" and wait for the repository to be fetched - you
can see progress on the console if you're running the test server
5. You can click on individual shortlog links to expand to see the full
commit message. If you define some categories (using the admin interface),
then you can click on a category to add the commit to that category and
add notes specific to the category - these will appear in the final
release notes output under the category. If no notes are entered, the
commit shortlog will be used.
6. Enter notes for commits as desired. You can use the search functionality
to find commits, and label commits for easy searching later.
7. When finished, you can see the entire list of commit notes by clicking
on the "Review notes" button at the bottom of the page. If these are to
your satisfaction, just copy and paste to your release notes document,
and you're done!
Security Considerations
-----------------------
Some things to be aware of from a security perspective:
* By default, anyone can register themselves an account. If you wish to
disable new user registration and manage users manually through the admin
interface instead, then add the following line to docker/settings.py:
REGISTRATION_OPEN = False
Then, assuming you have already run dockersetup.py to install the
application, run the following command to update it:
./dockersetup.py -u
* By default, dockersetup.py enables connection to the web server via
HTTPS using a self-signed certificate; connections via HTTP are
re-directed to HTTPS. However, the self-signed certificate is only
intended to provide a minimum level of security, but will result in
browser warnings and is not recommended for production - instead,
obtain and use your own certificate/key pair corresponding to the
domain which will be used to access the application in production,
or alternatively if the application is accessible to the internet you
can use Let's Encrypt.
* Django supports several databases. By default, dockersetup.py sets up mariadb
for database and uses default settings from upstream. For production setup,
you might consider applying different rules or use your preferred
database.
https://docs.djangoproject.com/en/3.2/ref/databases/
* If you provide your own certificates for HTTPS, you should probably
also enable HSTS in your configuration. Refer to the Django Security
guide for details on how to do that:
https://docs.djangoproject.com/en/3.2/topics/security/#ssl-https
* To reset a forgotten account password, you can either use the password
reset function ( /accounts/password_reset/ ) or alternatively from the
backend you can run the following command:
docker-compose exec layersapp /opt/layerindex/manage.py changepassword <username>
* The web-based password reset function will ask the user answers to
security questions they selected and answered when they created the
account. Admins can configure the selectable security questions in
the admin interface under "Security questions"; however, be cautious
about deleting or substantially changing a question if you already
have user accounts that have given answers to that question, as doing
so will invalidate the user-set answers. You can check this if you go
to delete the security question in the admin interface - any user
answers will show up as "Security question answers" listed to be
deleted along with the question.
Note: the superuser created during setup will not have answers to
security questions set, so if you think you might need to use the
password reset function later you will need to set these by logging
into the application and then going to Edit Profile on the top-right
user drop-down menu.
* Security question answers are stored using the same mechanism as
for passwords, i.e. a secure one-way hash; thus answers cannot be
retrieved from the database once set. Additionally, if a user wants
to change one of their answers via the Edit Profile function, they
will be required to re-specify all of them.
* Account lockout: this application will lock out the user in two ways:
- By IP address (using django-axes) after too many invalid login attempts.
(default 3). The lockout can be removed using the following command:
docker-compose exec layersapp /opt/layerindex/manage.py axes_reset
If you wish to disable this, remove or comment out "axes" in
INSTALLED_APPS. For more information on configuring axes, see:
https://django-axes.readthedocs.io/en/latest/
- By account for too many incorrect password reset attempts. To remove
this lockout, log into the admin interface, go to Users, click on the
the user, tick the Active checkbox and then save.
Maintenance
-----------
The code for this application is maintained by the Yocto Project.
The latest version of the code can always be found here:
http://git.yoctoproject.org/cgit/cgit.cgi/git-refinery-web/
Contributions are welcome. Please send patches / pull requests to
yocto@yoctoproject.org with '[git-refinery-web]' in the subject.
License
-------
This application is based upon the Django project template, whose files
are covered by the BSD license and are copyright (c) Django Software
Foundation and individual contributors.
Bundled Bootstrap 3 (including Glyphicons) is redistributed under the
MIT license.
Bundled jQuery is redistributed under the MIT license.
Bundled JavaScript Cookie is redistributed under the MIT license.
All other content is copyright (C) 2014-2018 Intel Corporation and
licensed under the MIT license (unless otherwise noted) - see
COPYING.MIT for details.
Trademarks
----------
* Other names and brands may be claimed as the property of others.
