feat(telco-kpis): Add Gitea role for test report publishing

Implement Gitea deployment and report publishing infrastructure for hosting
Telco-KPIs test reports with vault integration and retention policies.

## Problem

Telco-KPIs test reports need centralized hosting accessible to test engineers
and stakeholders. Reports generated on bastion hosts need automated publishing
to a Git-based repository system with retention management.

## Solution

Created `gitea` Ansible role for deploying Gitea server and publishing test
reports as Markdown files with compressed artifacts.

**Role: playbooks/telco-kpis/roles/gitea/**

## Features

**Deployment:**
- Podman-based Gitea server deployment on bastion
- SQLite database with automatic migration handling
- Firewall configuration (port 3000)
- Accessibility checking instead of container existence
- Admin user creation with API token management

**Report Publishing:**
- Creates organization and repositories automatically
- Publishes Markdown reports via Gitea API
- Uploads compressed tarball as release artifact
- Updates repository README with latest report links
- Retention policy: keeps last 15 reports, removes older ones

**Vault Integration:**
- Gitea credentials stored in Ansible vault
- Secure API token management
- Credential validation before operations

## Implementation Details

**Role Structure:**
- `tasks/main.yml` - Entry point with operation dispatch
- `tasks/deploy.yml` - Gitea server deployment
- `tasks/initialize.yml` - Initial configuration and admin setup
- `tasks/validate-credentials.yml` - Vault credential validation
- `tasks/create-repository.yml` - Repository creation
- `tasks/publish-report.yml` - Report publishing workflow
- `defaults/main.yml` - Default variables
- `templates/README.md.j2` - Repository README template

**Task Operations:**
- `gitea_operation: deploy` - Deploy and initialize Gitea server
- `gitea_operation: publish` - Publish test report
- `gitea_operation: validate` - Validate vault credentials

## Usage

**Deploy Gitea:**
```yaml
- name: Deploy Gitea server
  ansible.builtin.include_role:
    name: gitea
  vars:
    gitea_operation: deploy
    gitea_vault_org: telco-kpis
```

**Publish report:**
```yaml
- name: Publish test report
  ansible.builtin.include_role:
    name: gitea
  vars:
    gitea_operation: publish
    gitea_vault_org: telco-kpis
    gitea_vault_repo: hlxcl7-reports
    gitea_report_file: /path/to/report.md
    gitea_artifact_file: /path/to/artifacts.tar.gz
```

## Key Features

**Firewall Management:**
- Detects firewalld vs. iptables
- Adds port 3000 rule if not present
- Handles both firewall backends

**Database Migration:**
- Waits for database initialization on first run
- Handles migration errors gracefully
- Retries admin user creation after migration

**Repository Retention:**
- Keeps last 15 reports per repository
- Automatically deletes older reports
- Prevents unbounded repository growth

**Error Handling:**
- Comprehensive API error checking
- Retries for transient failures
- Detailed error messages

## Benefits

- Centralized test report hosting
- Automated report publishing workflow
- Secure credential management via vault
- Retention policy prevents storage bloat
- Accessible web UI for stakeholders
- Git-based versioning of reports

## Integration

Used by `playbooks/telco-kpis/generate-report.yml` to publish aggregated test
reports from all Telco-KPIs tests (node-info, BIOS validation, performance
tests, deployment timeline).

Related: Telco-KPIs test infrastructure, report generation system
Signed-off-by: Carlos Cardenosa <ccardeno@redhat.com>

Author: ccardenosa

playbooks/telco-kpis/roles/gitea/README.md

@@ -0,0 +1,28 @@
+---
+# Gitea Configuration Defaults
+gitea_container_name: gitea
+gitea_http_port: 3000
+gitea_ssh_port: 2222
+gitea_domain: "bastion.kni-qe-71.telco-kpis.rdu3.redhat.com"
+gitea_root_url: "http://{{ gitea_domain }}:{{ gitea_http_port }}/"
+
+# Admin credentials from vault (defaults to bastion user credentials)
+# These are typically provided by ansible_group_bastions vault or bastion host_vars
+gitea_admin_user: "{{ ansible_user | default('telcov10n') }}"
+gitea_admin_password: "{{ ansible_password | default(lookup('env', 'BASTION_PASSWORD') | default('', true)) }}"
+gitea_admin_email: "{{ gitea_admin_user }}@localhost"
+
+gitea_data_dir: "{{ ansible_env.HOME }}/gitea/data"
+gitea_repo_name: telco-kpis-reports
+gitea_repo_description: "Telco KPIs Test Reports Archive"
+gitea_image: "docker.io/gitea/gitea:latest"
+
+# API endpoints
+gitea_api_base: "{{ gitea_root_url }}api/v1"
+gitea_install_url: "{{ gitea_root_url }}"
+
+# Development mode flag (passed from playbook)
+development_mode: false
+
+# Repository retention policy
+gitea_report_retention_days: 7  # Keep reports for last 7 days

playbooks/telco-kpis/roles/gitea/defaults/main.yml

@@ -0,0 +1,57 @@
+---
+# Create telco-kpis-reports repository if it doesn't exist
+
+- name: Check if repository exists
+  ansible.builtin.uri:
+    url: "{{ gitea_api_base }}/repos/{{ gitea_admin_user }}/{{ gitea_repo_name }}"
+    method: GET
+    user: "{{ gitea_admin_user }}"
+    password: "{{ gitea_admin_password }}"
+    force_basic_auth: true
+    status_code: [200, 404]
+  register: repo_check
+
+- name: Display repository status
+  ansible.builtin.debug:
+    msg: "Repository exists: {{ repo_check.status == 200 }}"
+
+- name: Create repository
+  when: repo_check.status == 404
+  block:
+    - name: Create telco-kpis-reports repository via API
+      ansible.builtin.uri:
+        url: "{{ gitea_api_base }}/user/repos"
+        method: POST
+        user: "{{ gitea_admin_user }}"
+        password: "{{ gitea_admin_password }}"
+        force_basic_auth: true
+        body_format: json
+        body:
+          name: "{{ gitea_repo_name }}"
+          description: "{{ gitea_repo_description }}"
+          private: false
+          auto_init: true
+          default_branch: main
+          readme: "Default"
+        status_code: [201, 422]  # 422 if already exists
+      register: repo_create
+
+    - name: Display repository creation result
+      ansible.builtin.debug:
+        msg: "Repository created: {{ repo_create.status == 201 }}"
+
+    - name: Wait for repository initialization
+      ansible.builtin.pause:
+        seconds: 5
+      when: repo_create.status == 201
+
+- name: Get repository clone URL
+  ansible.builtin.set_fact:
+    gitea_repo_http_url: "http://{{ gitea_admin_user }}:{{ gitea_admin_password }}@{{ gitea_domain }}:{{ gitea_http_port }}/{{ gitea_admin_user }}/{{ gitea_repo_name }}.git"
+    gitea_repo_web_url: "{{ gitea_root_url }}{{ gitea_admin_user }}/{{ gitea_repo_name }}"
+
+- name: Display repository URLs
+  ansible.builtin.debug:
+    msg:
+      - "Repository Web URL: {{ gitea_repo_web_url }}"
+      - "Repository Clone URL: http://{{ gitea_domain }}:{{ gitea_http_port }}/{{ gitea_admin_user }}/{{ gitea_repo_name }}.git"

playbooks/telco-kpis/roles/gitea/tasks/create-repository.yml

@@ -0,0 +1,142 @@
+---
+# Deploy Gitea container on bastion if not already running
+
+- name: Check if Gitea is accessible via localhost
+  ansible.builtin.uri:
+    url: "http://localhost:{{ gitea_http_port }}/"
+    method: GET
+    status_code: 200
+    validate_certs: false
+  register: gitea_accessible
+  failed_when: false
+  changed_when: false
+
+- name: Check if firewalld is running
+  ansible.builtin.systemd:
+    name: firewalld
+  register: firewalld_check
+  failed_when: false
+  become: true
+
+- name: Check if Gitea HTTP port is open in firewall
+  ansible.builtin.shell: firewall-cmd --list-ports | grep -q "{{ gitea_http_port }}/tcp"
+  register: http_port_open
+  failed_when: false
+  changed_when: false
+  become: true
+  when:
+    - firewalld_check.status is defined
+    - firewalld_check.status.ActiveState == "active"
+
+- name: Check if Gitea SSH port is open in firewall
+  ansible.builtin.shell: firewall-cmd --list-ports | grep -q "{{ gitea_ssh_port }}/tcp"
+  register: ssh_port_open
+  failed_when: false
+  changed_when: false
+  become: true
+  when:
+    - firewalld_check.status is defined
+    - firewalld_check.status.ActiveState == "active"
+
+- name: Set Gitea deployment needed flag
+  ansible.builtin.set_fact:
+    gitea_deployment_needed: "{{ (gitea_accessible.status is not defined or gitea_accessible.status != 200) or (firewalld_check.status is defined and firewalld_check.status.ActiveState == 'active' and (http_port_open.rc != 0 or ssh_port_open.rc != 0)) }}"
+
+- name: Display Gitea status
+  ansible.builtin.debug:
+    msg: "{{ 'Gitea is running and firewall configured - skipping deployment' if not gitea_deployment_needed else 'Gitea deployment or firewall configuration needed' }}"
+
+- name: Deploy Gitea
+  when: gitea_deployment_needed
+  block:
+    - name: Configure firewall rules
+      when:
+        - firewalld_check.status is defined
+        - firewalld_check.status.ActiveState == "active"
+        - http_port_open.rc != 0 or ssh_port_open.rc != 0
+      block:
+        - name: Open Gitea HTTP port in firewall
+          ansible.posix.firewalld:
+            port: "{{ gitea_http_port }}/tcp"
+            permanent: true
+            state: enabled
+            immediate: true
+          become: true
+
+        - name: Open Gitea SSH port in firewall
+          ansible.posix.firewalld:
+            port: "{{ gitea_ssh_port }}/tcp"
+            permanent: true
+            state: enabled
+            immediate: true
+          become: true
+
+        - name: Display firewall configuration status
+          ansible.builtin.debug:
+            msg: "Firewall configured: ports 3000/tcp and 2222/tcp opened"
+
+    - name: Deploy or redeploy Gitea container
+      when: gitea_accessible.status is not defined or gitea_accessible.status != 200
+      block:
+        - name: Check if Gitea container exists
+          ansible.builtin.command: podman ps -a --format json
+          register: podman_containers
+          changed_when: false
+
+        - name: Parse container list
+          ansible.builtin.set_fact:
+            gitea_container_exists: "{{ (podman_containers.stdout | from_json) | selectattr('Names', 'contains', gitea_container_name) | list | length > 0 }}"
+
+        - name: Remove existing broken Gitea container
+          ansible.builtin.command: podman rm -f {{ gitea_container_name }}
+          when: gitea_container_exists
+          register: remove_result
+          changed_when: remove_result.rc == 0
+
+        - name: Create Gitea data directory
+          ansible.builtin.file:
+            path: "{{ gitea_data_dir }}"
+            state: directory
+            mode: '0755'
+
+        - name: Pull Gitea container image
+          ansible.builtin.command: podman pull {{ gitea_image }}
+          register: pull_result
+          changed_when: "'Downloaded newer image' in pull_result.stdout or 'Copying blob' in pull_result.stderr"
+
+        - name: Deploy Gitea container
+          ansible.builtin.command: >
+            podman run -d
+            --name {{ gitea_container_name }}
+            -p {{ gitea_http_port }}:3000
+            -p {{ gitea_ssh_port }}:22
+            -v {{ gitea_data_dir }}:/data:Z
+            -e USER_UID={{ ansible_user_uid }}
+            -e USER_GID={{ ansible_user_gid }}
+            -e GITEA__database__DB_TYPE=sqlite3
+            -e GITEA__database__PATH=/data/gitea/gitea.db
+            -e GITEA__server__DOMAIN={{ gitea_domain }}
+            -e GITEA__server__ROOT_URL={{ gitea_root_url }}
+            -e GITEA__server__SSH_DOMAIN={{ gitea_domain }}
+            -e GITEA__server__SSH_PORT={{ gitea_ssh_port }}
+            -e GITEA__service__DISABLE_REGISTRATION=true
+            -e GITEA__repository__DEFAULT_BRANCH=main
+            --restart=always
+            {{ gitea_image }}
+          register: deploy_result
+          changed_when: deploy_result.rc == 0
+
+        - name: Wait for Gitea to start
+          ansible.builtin.uri:
+            url: "http://localhost:{{ gitea_http_port }}/"
+            method: GET
+            status_code: 200
+            validate_certs: false
+          register: gitea_health
+          until: gitea_health.status == 200
+          retries: 30
+          delay: 2
+
+- name: Display Gitea deployment status
+  ansible.builtin.debug:
+    msg: "Gitea is accessible at {{ gitea_root_url }}"