From 416ce48c3228109964b9a320639dfa6dd5d66b94 Mon Sep 17 00:00:00 2001
From: Michal Konecny <mkonecny@redhat.com>
Date: Fri, 10 Jan 2025 10:44:08 +0100
Subject: [PATCH] [release-monitoring] Prepare for 2.0.0 release

Update deployment and configuration for Anitya 2.0.0 release.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
---
 .../release-monitoring/templates/anitya.toml  | 53 ++++++++++++++++---
 .../templates/buildconfig.yml                 |  5 --
 2 files changed, 45 insertions(+), 13 deletions(-)

diff --git a/roles/openshift-apps/release-monitoring/templates/anitya.toml b/roles/openshift-apps/release-monitoring/templates/anitya.toml
index f8a93cfcfc..7a12e17dfd 100644
--- a/roles/openshift-apps/release-monitoring/templates/anitya.toml
+++ b/roles/openshift-apps/release-monitoring/templates/anitya.toml
@@ -22,11 +22,10 @@ db_url = "postgresql://{{ anitya_db_user }}:{{ anitya_db_pass }}@{{ anitya_db_ho
 # List of admins
 anitya_web_admins = [
 {% if env == 'staging' %}
-  "7d183b09-d0d7-49e6-8ff3-fc2cce312cc0", # zlopez stg
+  "zlopez@fedoraproject.org", # zlopez stg
 {% else %}
-  "5dd1b1f2-fee1-44f0-abeb-29df5bf151c7", # zlopez
-  "5a11f015-54ee-4319-9092-39c427873575", # tibbs
-  "42abdf74-b50e-49b4-a674-7cf01868d609", # kevin
+  "zlopez@fedoraproject.org", # zlopez
+  "kevin@fedoraproject.org", # kevin
 {% endif %}
 ]
 
@@ -87,10 +86,48 @@ google_server_metadata_url = "https://accounts.google.com/.well-known/openid-con
 # Additional arguments for Google authentication
 google_client_kwargs = { scope = "openid profile email" }
 {% else %}
-social_auth_authentication_backends = [
-  'social_core.backends.fedora.FedoraOpenId',
-  'social_core.backends.open_id.OpenIdAuth',
-]
+# Enabled authentication backends
+authlib_enabled_backends = ["Fedora", "GitHub", "Google"]
+
+# Github OAuth backend variables
+# Github OAuth app client id
+# See https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app
+github_client_id = "{{ anitya_github_client_id }}"
+# Github OAuth app client secret
+# See https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app
+github_client_secret = "{{ anitya_github_client_secret }}"
+# Github access token URL
+github_access_token_url = "https://github.com/login/oauth/access_token"
+# Github URL used for authorization
+github_authorize_url = "https://github.com/login/oauth/authorize"
+# Github URL for API
+github_api_base_url = "https://api.github.com/"
+# Additional arguments for Github authentication
+github_client_kwargs = { scope = "user" }
+
+# Fedora OAuth backend variables
+# Fedora OAuth client id
+# Have to be requested in a ticket on https://pagure.io/fedora-infrastructure
+fedora_client_id = "{{ anitya_fedora_client_id }}"
+# Fedora OAuth secret
+# Have to be requested in a ticket on https://pagure.io/fedora-infrastructure
+fedora_client_secret = "{{ anitya_fedora_client_secret }}"
+# Fedora OAuth authentication endpoint
+fedora_server_metadata_url = "https://id.fedoraproject.org/.well-known/openid-configuration"
+# Additional arguments for Fedora authentication
+fedora_client_kwargs = { scope = "openid profile email", token_endpoint_auth_method = "client_secret_post" }
+
+# Google OAuth backend variables
+# Google OAuth client id
+# See https://support.google.com/cloud/answer/6158849
+google_client_id = "{{ anitya_google_client_id }}"
+# Google OAuth client secret
+# See https://support.google.com/cloud/answer/6158849
+google_client_secret = "{{ anitya_google_client_secret }}"
+# Google OAuth authentication endpoint
+google_server_metadata_url = "https://accounts.google.com/.well-known/openid-configuration"
+# Additional arguments for Google authentication
+google_client_kwargs = { scope = "openid profile email" }
 {% endif %}
 
 # Default regular expression used for backend
diff --git a/roles/openshift-apps/release-monitoring/templates/buildconfig.yml b/roles/openshift-apps/release-monitoring/templates/buildconfig.yml
index 260b59d668..5c57091771 100644
--- a/roles/openshift-apps/release-monitoring/templates/buildconfig.yml
+++ b/roles/openshift-apps/release-monitoring/templates/buildconfig.yml
@@ -74,11 +74,6 @@ items:
                 pip-3 install dist/*.whl && \
                 popd && \
                 rm -rf anitya
-{% if env == 'production' %}
-        # Hotfix for social_auth-sqlalchemy
-        # Could be removed when we switch to something else
-        RUN sed -i 's/base64.encodestring/base64.encodebytes/g' /usr/local/lib/python3.12/site-packages/social_sqlalchemy/storage.py
-{% endif %}
         RUN mkdir /httpdir
         RUN chmod 777 /httpdir
         EXPOSE 8080