From 5b19636034fbeb7090d2cc8947547a4f12d76859 Mon Sep 17 00:00:00 2001 From: Christopher Homberger Date: Sun, 30 Mar 2025 23:13:31 +0000 Subject: [PATCH] chore(core): refactor to make all unit tests pass (#6) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit _This is the first time I ever messed with helm and is an experiment to show what prevents the tests to pass and how far it still depends on the gitea chart_ ### Description of the change - Deletes a single test that seems to depend directly on gitea - make all tests pass - Moves all value accesses from `actions` one level up - Copies content of the gitea chart required by the existing test - Reveals all dependencies that needs to be decoupled - Fixes readme generation - add package.json - copy dependent readme section from helm-gitea - Removes all dependencies - giteaRootURL is now required to be provided - consistency check that this value has been provided - added test for consistency failure - nc command no longer uses an hardcoded dns name and is checked in tests - added test - Copied yamllint from helm-gitea - added pnpm lock file exclusion - Installed pnpm in the workflow - Updated make unittest command in CI to unittest-helm ### Benefits The existing tests are passing ### Possible drawbacks The provision job might still not work. ### Applicable issues - Fixes #5 ### Additional information The following usage should now deploy ```yaml existingSecret: "somesecret" existingSecretKey: "key" ## Specify the root URL of the Gitea instance giteaRootURL: "http://somedomain:3000" ``` ### ⚠ BREAKING - giteaRootURL is now required to be provided - Moves all value accesses from `actions` one level up - The values.yml had this change without updating tests / dev Readme Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/6 Reviewed-by: Lunny Xiao Reviewed-by: justusbunsi Reviewed-by: volker.raschek Co-authored-by: Christopher Homberger Co-committed-by: Christopher Homberger --- .gitea/workflows/test-pr.yml | 6 +- .yamllint | 21 + Chart.lock | 3 + Chart.yaml | 22 +- README.md | 81 ++ docs/actions-dev.md | 9 +- package.json | 19 + pnpm-lock.yaml | 932 ++++++++++++++++++ scripts/token.sh | 43 + templates/01-consistency-checks.yaml | 13 +- templates/_helpers.tpl | 131 +++ templates/config-act-runner.yaml | 4 +- templates/config-scripts.yaml | 6 +- templates/job.yaml | 30 +- templates/role-job.yaml | 4 +- templates/rolebinding-job.yaml | 4 +- templates/secret-token.yaml | 4 +- templates/serviceaccount-job.yaml | 4 +- templates/statefulset.yaml | 46 +- .../{ => helm}/01-consistency-checks.yaml | 60 +- unittests/helm/actions-config.yaml | 53 - unittests/{ => helm}/config-act-runner.yaml | 31 +- unittests/{ => helm}/config-scripts.yaml | 24 +- unittests/helm/job.yaml | 88 ++ unittests/{ => helm}/role-job.yaml | 20 +- unittests/{ => helm}/rolebinding-job.yaml | 20 +- unittests/{ => helm}/secret-token.yaml | 20 +- unittests/{ => helm}/serviceaccount-job.yaml | 20 +- unittests/helm/statefulset.yaml | 212 ++++ unittests/job.yaml | 65 -- unittests/statefulset.yaml | 182 ---- values.yaml | 59 ++ 32 files changed, 1752 insertions(+), 484 deletions(-) create mode 100644 .yamllint create mode 100644 Chart.lock create mode 100644 package.json create mode 100644 pnpm-lock.yaml create mode 100755 scripts/token.sh create mode 100644 templates/_helpers.tpl rename unittests/{ => helm}/01-consistency-checks.yaml (56%) delete mode 100644 unittests/helm/actions-config.yaml rename unittests/{ => helm}/config-act-runner.yaml (59%) rename unittests/{ => helm}/config-scripts.yaml (65%) create mode 100644 unittests/helm/job.yaml rename unittests/{ => helm}/role-job.yaml (67%) rename unittests/{ => helm}/rolebinding-job.yaml (66%) rename unittests/{ => helm}/secret-token.yaml (65%) rename unittests/{ => helm}/serviceaccount-job.yaml (65%) create mode 100644 unittests/helm/statefulset.yaml delete mode 100644 unittests/job.yaml delete mode 100644 unittests/statefulset.yaml diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index af88695..c1d6f7f 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -21,6 +21,10 @@ jobs: run: | apk update apk add --update bash make nodejs npm yamllint ncurses + - name: Install pnpm + uses: pnpm/action-setup@v4 + with: + version: 10 - uses: actions/checkout@v4 - name: install chart dependencies run: helm dependency build @@ -36,7 +40,7 @@ jobs: env: TERM: xterm run: | - make unittests + make unittests-helm - name: verify readme run: | make readme diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..8aaa9d1 --- /dev/null +++ b/.yamllint @@ -0,0 +1,21 @@ +--- +extends: default + +ignore: | + .yamllint + node_modules + templates + unittests/bash + pnpm-lock.yaml + +rules: + truthy: + allowed-values: ['true', 'false'] + check-keys: False + level: error + line-length: disable + document-start: disable + comments: + min-spaces-from-content: 1 + braces: + max-spaces-inside: 2 diff --git a/Chart.lock b/Chart.lock new file mode 100644 index 0000000..98b46af --- /dev/null +++ b/Chart.lock @@ -0,0 +1,3 @@ +dependencies: [] +digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 +generated: "2025-03-30T15:22:59.016934+02:00" diff --git a/Chart.yaml b/Chart.yaml index 2b47a38..c3890c2 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -16,24 +16,4 @@ sources: # FIXME: # maintainers: -dependencies: - # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - - name: postgresql - repository: oci://registry-1.docker.io/bitnamicharts - version: 16.4.14 - condition: postgresql.enabled - # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - - name: postgresql-ha - repository: oci://registry-1.docker.io/bitnamicharts - version: 15.2.3 - condition: postgresql-ha.enabled - # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - - name: redis-cluster - repository: oci://registry-1.docker.io/bitnamicharts - version: 11.4.3 - condition: redis-cluster.enabled - # https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml - - name: redis - repository: oci://registry-1.docker.io/bitnamicharts - version: 20.8.0 - condition: redis.enabled +dependencies: [] diff --git a/README.md b/README.md index 25f356e..f41ac2a 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,83 @@ # helm-act +## Rootless Defaults + +If `.Values.image.rootless: true`, then the following will occur. In case you use `.Values.image.fullOverride`, check that this works in your image: + +- If `.Values.provisioning.enabled: true`, then uses the rootless Gitea image, must match helm-Gitea. + +## Parameters + +### Gitea Actions + +| Name | Description | Value | +| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | +| `enabled` | Create an act runner StatefulSet. | `false` | +| `init.image.repository` | The image used for the init containers | `busybox` | +| `init.image.tag` | The image tag used for the init containers | `1.37.0` | +| `statefulset.annotations` | Act runner annotations | `{}` | +| `statefulset.labels` | Act runner labels | `{}` | +| `statefulset.resources` | Act runner resources | `{}` | +| `statefulset.nodeSelector` | NodeSelector for the statefulset | `{}` | +| `statefulset.tolerations` | Tolerations for the statefulset | `[]` | +| `statefulset.affinity` | Affinity for the statefulset | `{}` | +| `statefulset.extraVolumes` | Extra volumes for the statefulset | `[]` | +| `statefulset.actRunner.repository` | The Gitea act runner image | `gitea/act_runner` | +| `statefulset.actRunner.tag` | The Gitea act runner tag | `0.2.11` | +| `statefulset.actRunner.pullPolicy` | The Gitea act runner pullPolicy | `IfNotPresent` | +| `statefulset.actRunner.extraVolumeMounts` | Allows mounting extra volumes in the act runner container | `[]` | +| `statefulset.actRunner.config` | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` | +| `statefulset.dind.repository` | The Docker-in-Docker image | `docker` | +| `statefulset.dind.tag` | The Docker-in-Docker image tag | `25.0.2-dind` | +| `statefulset.dind.pullPolicy` | The Docker-in-Docker pullPolicy | `IfNotPresent` | +| `statefulset.dind.extraVolumeMounts` | Allows mounting extra volumes in the Docker-in-Docker container | `[]` | +| `statefulset.dind.extraEnvs` | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY` | `[]` | +| `provisioning.enabled` | Create a job that will create and save the token in a Kubernetes Secret | `false` | +| `provisioning.annotations` | Job's annotations | `{}` | +| `provisioning.labels` | Job's labels | `{}` | +| `provisioning.resources` | Job's resources | `{}` | +| `provisioning.nodeSelector` | NodeSelector for the job | `{}` | +| `provisioning.tolerations` | Tolerations for the job | `[]` | +| `provisioning.affinity` | Affinity for the job | `{}` | +| `provisioning.ttlSecondsAfterFinished` | ttl for the job after finished in order to allow helm to properly recognize that the job completed | `300` | +| `provisioning.publish.repository` | The image that can create the secret via kubectl | `bitnami/kubectl` | +| `provisioning.publish.tag` | The publish image tag that can create the secret | `1.29.0` | +| `provisioning.publish.pullPolicy` | The publish image pullPolicy that can create the secret | `IfNotPresent` | +| `existingSecret` | Secret that contains the token | `""` | +| `existingSecretKey` | Secret key | `""` | +| `giteaRootURL` | URL the act_runner registers and connect with | `""` | + +### Persistence + +| Name | Description | Value | +| ------------------------------------------------- | ------------------------------------------------------------------------- | ---------------------- | +| `persistence.enabled` | Enable persistent storage | `true` | +| `persistence.create` | Whether to create the persistentVolumeClaim for shared storage | `true` | +| `persistence.mount` | Whether the persistentVolumeClaim should be mounted (even if not created) | `true` | +| `persistence.claimName` | Use an existing claim to store repository information | `gitea-shared-storage` | +| `persistence.size` | Size for persistence to store repo information | `10Gi` | +| `persistence.accessModes` | AccessMode for persistence | `["ReadWriteOnce"]` | +| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` | +| `persistence.annotations.helm.sh/resource-policy` | Resource policy for the persistence volume claim | `keep` | +| `persistence.storageClass` | Name of the storage class to use | `nil` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `nil` | +| `persistence.volumeName` | Name of persistent volume in PVC | `""` | + +### Image + +| Name | Description | Value | +| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------ | +| `image.registry` | image registry, e.g. gcr.io,docker.io | `docker.gitea.com` | +| `image.repository` | Image to start for this pod | `gitea` | +| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` | +| `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` | +| `image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** | `""` | + +### Global + +| Name | Description | Value | +| ---------------------- | ------------------------------ | ----- | +| `global.imageRegistry` | global image registry override | `""` | +| `global.storageClass` | global storage class override | `""` | diff --git a/docs/actions-dev.md b/docs/actions-dev.md index a633ad3..2f69659 100644 --- a/docs/actions-dev.md +++ b/docs/actions-dev.md @@ -26,9 +26,8 @@ In this case, you can use either the Web UI to generate the token or run a shell the command `gitea actions generate-runner-token`. After generating the token, you must create a secret and use it via: ```yaml -actions: - provisioning: - enabled: false - existingSecret: "secret-name" - existingSecretKey: "secret-key" +provisioning: + enabled: false +existingSecret: "secret-name" +existingSecretKey: "secret-key" ``` diff --git a/package.json b/package.json new file mode 100644 index 0000000..58c375b --- /dev/null +++ b/package.json @@ -0,0 +1,19 @@ +{ + "name": "gitea-helm-actions", + "homepage": "https://gitea.com/gitea/helm-actions.git", + "license": "MIT", + "private": true, + "engineStrict": true, + "engines": { + "node": ">=16.0.0", + "npm": ">=8.0.0" + }, + "scripts": { + "readme:lint": "markdownlint *.md -f", + "readme:parameters": "readme-generator -v values.yaml -r README.md" + }, + "devDependencies": { + "@bitnami/readme-generator-for-helm": "^2.7.0", + "markdownlint-cli": "^0.44.0" + } +} \ No newline at end of file diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml new file mode 100644 index 0000000..3644af8 --- /dev/null +++ b/pnpm-lock.yaml @@ -0,0 +1,932 @@ +lockfileVersion: '9.0' + +settings: + autoInstallPeers: true + excludeLinksFromLockfile: false + +importers: + + .: + devDependencies: + '@bitnami/readme-generator-for-helm': + specifier: ^2.7.0 + version: 2.7.0 + markdownlint-cli: + specifier: ^0.44.0 + version: 0.44.0 + +packages: + + '@bitnami/readme-generator-for-helm@2.7.0': + resolution: {integrity: sha512-fVxExmcuJ9NZb9ZE9OW3+lG8pUlXJAJdaO8UukV3A7WzYu4qOTr03MXPH9Gt5e/6mo3x4WYI/cXBksKfS0qn3w==} + hasBin: true + + '@isaacs/cliui@8.0.2': + resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==} + engines: {node: '>=12'} + + '@pkgjs/parseargs@0.11.0': + resolution: {integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==} + engines: {node: '>=14'} + + '@types/debug@4.1.12': + resolution: {integrity: sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==} + + '@types/katex@0.16.7': + resolution: {integrity: sha512-HMwFiRujE5PjrgwHQ25+bsLJgowjGjm5Z8FVSf0N6PwgJrwxH0QxzHYDcKsTfV3wva0vzrpqMTJS2jXPr5BMEQ==} + + '@types/ms@2.1.0': + resolution: {integrity: sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==} + + '@types/unist@2.0.11': + resolution: {integrity: sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA==} + + ansi-regex@5.0.1: + resolution: {integrity: sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==} + engines: {node: '>=8'} + + ansi-regex@6.1.0: + resolution: {integrity: sha512-7HSX4QQb4CspciLpVFwyRe79O3xsIZDDLER21kERQ71oaPodF8jL725AgJMFAYbooIqolJoRLuM81SpeUkpkvA==} + engines: {node: '>=12'} + + ansi-styles@4.3.0: + resolution: {integrity: sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==} + engines: {node: '>=8'} + + ansi-styles@6.2.1: + resolution: {integrity: sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==} + engines: {node: '>=12'} + + argparse@2.0.1: + resolution: {integrity: sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==} + + balanced-match@1.0.2: + resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==} + + brace-expansion@1.1.11: + resolution: {integrity: sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==} + + brace-expansion@2.0.1: + resolution: {integrity: sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==} + + character-entities-legacy@3.0.0: + resolution: {integrity: sha512-RpPp0asT/6ufRm//AJVwpViZbGM/MkjQFxJccQRHmISF/22NBtsHqAWmL+/pmkPWoIUJdWyeVleTl1wydHATVQ==} + + character-entities@2.0.2: + resolution: {integrity: sha512-shx7oQ0Awen/BRIdkjkvz54PnEEI/EjwXDSIZp86/KKdbafHh1Df/RYGBhn4hbe2+uKC9FnT5UCEdyPz3ai9hQ==} + + character-reference-invalid@2.0.1: + resolution: {integrity: sha512-iBZ4F4wRbyORVsu0jPV7gXkOsGYjGHPmAyv+HiHG8gi5PtC9KI2j1+v8/tlibRvjoWX027ypmG/n0HtO5t7unw==} + + color-convert@2.0.1: + resolution: {integrity: sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==} + engines: {node: '>=7.0.0'} + + color-name@1.1.4: + resolution: {integrity: sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==} + + commander@13.1.0: + resolution: {integrity: sha512-/rFeCpNJQbhSZjGVwO9RFV3xPqbnERS8MmIQzCtD/zl6gpJuV/bMLuN92oG3F7d8oDEHHRrujSXNUr8fpjntKw==} + engines: {node: '>=18'} + + commander@6.2.1: + resolution: {integrity: sha512-U7VdrJFnJgo4xjrHpTzu0yrHPGImdsmD95ZlgYSEajAn2JKzDhDTPG9kBTefmObL2w/ngeZnilk+OV9CG3d7UA==} + engines: {node: '>= 6'} + + commander@8.3.0: + resolution: {integrity: sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==} + engines: {node: '>= 12'} + + concat-map@0.0.1: + resolution: {integrity: sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==} + + cross-spawn@7.0.6: + resolution: {integrity: sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==} + engines: {node: '>= 8'} + + debug@4.4.0: + resolution: {integrity: sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==} + engines: {node: '>=6.0'} + peerDependencies: + supports-color: '*' + peerDependenciesMeta: + supports-color: + optional: true + + decode-named-character-reference@1.1.0: + resolution: {integrity: sha512-Wy+JTSbFThEOXQIR2L6mxJvEs+veIzpmqD7ynWxMXGpnk3smkHQOp6forLdHsKpAMW9iJpaBBIxz285t1n1C3w==} + + deep-extend@0.6.0: + resolution: {integrity: sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==} + engines: {node: '>=4.0.0'} + + dequal@2.0.3: + resolution: {integrity: sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==} + engines: {node: '>=6'} + + devlop@1.1.0: + resolution: {integrity: sha512-RWmIqhcFf1lRYBvNmr7qTNuyCt/7/ns2jbpp1+PalgE/rDQcBT0fioSMUpJ93irlUhC5hrg4cYqe6U+0ImW0rA==} + + dot-object@2.1.5: + resolution: {integrity: sha512-xHF8EP4XH/Ba9fvAF2LDd5O3IITVolerVV6xvkxoM8zlGEiCUrggpAnHyOoKJKCrhvPcGATFAUwIujj7bRG5UA==} + hasBin: true + + eastasianwidth@0.2.0: + resolution: {integrity: sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==} + + emoji-regex@8.0.0: + resolution: {integrity: sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==} + + emoji-regex@9.2.2: + resolution: {integrity: sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==} + + entities@4.5.0: + resolution: {integrity: sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==} + engines: {node: '>=0.12'} + + foreground-child@3.3.1: + resolution: {integrity: sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw==} + engines: {node: '>=14'} + + fs.realpath@1.0.0: + resolution: {integrity: sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==} + + glob@10.4.5: + resolution: {integrity: sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==} + hasBin: true + + glob@7.2.3: + resolution: {integrity: sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==} + deprecated: Glob versions prior to v9 are no longer supported + + ignore@7.0.3: + resolution: {integrity: sha512-bAH5jbK/F3T3Jls4I0SO1hmPR0dKU0a7+SY6n1yzRtG54FLO8d6w/nxLFX2Nb7dBu6cCWXPaAME6cYqFUMmuCA==} + engines: {node: '>= 4'} + + inflight@1.0.6: + resolution: {integrity: sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==} + deprecated: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. + + inherits@2.0.4: + resolution: {integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==} + + ini@4.1.3: + resolution: {integrity: sha512-X7rqawQBvfdjS10YU1y1YVreA3SsLrW9dX2CewP2EbBJM4ypVNLDkO5y04gejPwKIY9lR+7r9gn3rFPt/kmWFg==} + engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} + + is-alphabetical@2.0.1: + resolution: {integrity: sha512-FWyyY60MeTNyeSRpkM2Iry0G9hpr7/9kD40mD/cGQEuilcZYS4okz8SN2Q6rLCJ8gbCt6fN+rC+6tMGS99LaxQ==} + + is-alphanumerical@2.0.1: + resolution: {integrity: sha512-hmbYhX/9MUMF5uh7tOXyK/n0ZvWpad5caBA17GsC6vyuCqaWliRG5K1qS9inmUhEMaOBIW7/whAnSwveW/LtZw==} + + is-decimal@2.0.1: + resolution: {integrity: sha512-AAB9hiomQs5DXWcRB1rqsxGUstbRroFOPPVAomNk/3XHR5JyEZChOyTWe2oayKnsSsr/kcGqF+z6yuH6HHpN0A==} + + is-fullwidth-code-point@3.0.0: + resolution: {integrity: sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==} + engines: {node: '>=8'} + + is-hexadecimal@2.0.1: + resolution: {integrity: sha512-DgZQp241c8oO6cA1SbTEWiXeoxV42vlcJxgH+B3hi1AiqqKruZR3ZGF8In3fj4+/y/7rHvlOZLZtgJ/4ttYGZg==} + + isexe@2.0.0: + resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==} + + jackspeak@3.4.3: + resolution: {integrity: sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==} + + js-yaml@4.1.0: + resolution: {integrity: sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==} + hasBin: true + + jsonc-parser@3.3.1: + resolution: {integrity: sha512-HUgH65KyejrUFPvHFPbqOY0rsFip3Bo5wb4ngvdi1EpCYWUQDC5V+Y7mZws+DLkr4M//zQJoanu1SP+87Dv1oQ==} + + jsonpointer@5.0.1: + resolution: {integrity: sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==} + engines: {node: '>=0.10.0'} + + katex@0.16.21: + resolution: {integrity: sha512-XvqR7FgOHtWupfMiigNzmh+MgUVmDGU2kXZm899ZkPfcuoPuFxyHmXsgATDpFZDAXCI8tvinaVcDo8PIIJSo4A==} + hasBin: true + + linkify-it@5.0.0: + resolution: {integrity: sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==} + + lodash@4.17.21: + resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==} + + lru-cache@10.4.3: + resolution: {integrity: sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==} + + markdown-it@14.1.0: + resolution: {integrity: sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==} + hasBin: true + + markdown-table@2.0.0: + resolution: {integrity: sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==} + + markdownlint-cli@0.44.0: + resolution: {integrity: sha512-ZJTAONlvF9NkrIBltCdW15DxN9UTbPiKMEqAh2EU2gwIFlrCMavyCEPPO121cqfYOrLUJWW8/XKWongstmmTeQ==} + engines: {node: '>=18'} + hasBin: true + + markdownlint@0.37.4: + resolution: {integrity: sha512-u00joA/syf3VhWh6/ybVFkib5Zpj2e5KB/cfCei8fkSRuums6nyisTWGqjTWIOFoFwuXoTBQQiqlB4qFKp8ncQ==} + engines: {node: '>=18'} + + mdurl@2.0.0: + resolution: {integrity: sha512-Lf+9+2r+Tdp5wXDXC4PcIBjTDtq4UKjCPMQhKIuzpJNW0b96kVqSwW0bT7FhRSfmAiFYgP+SCRvdrDozfh0U5w==} + + micromark-core-commonmark@2.0.2: + resolution: {integrity: sha512-FKjQKbxd1cibWMM1P9N+H8TwlgGgSkWZMmfuVucLCHaYqeSvJ0hFeHsIa65pA2nYbes0f8LDHPMrd9X7Ujxg9w==} + + micromark-extension-directive@3.0.2: + resolution: {integrity: sha512-wjcXHgk+PPdmvR58Le9d7zQYWy+vKEU9Se44p2CrCDPiLr2FMyiT4Fyb5UFKFC66wGB3kPlgD7q3TnoqPS7SZA==} + + micromark-extension-gfm-autolink-literal@2.1.0: + resolution: {integrity: sha512-oOg7knzhicgQ3t4QCjCWgTmfNhvQbDDnJeVu9v81r7NltNCVmhPy1fJRX27pISafdjL+SVc4d3l48Gb6pbRypw==} + + micromark-extension-gfm-footnote@2.1.0: + resolution: {integrity: sha512-/yPhxI1ntnDNsiHtzLKYnE3vf9JZ6cAisqVDauhp4CEHxlb4uoOTxOCJ+9s51bIB8U1N1FJ1RXOKTIlD5B/gqw==} + + micromark-extension-gfm-table@2.1.0: + resolution: {integrity: sha512-Ub2ncQv+fwD70/l4ou27b4YzfNaCJOvyX4HxXU15m7mpYY+rjuWzsLIPZHJL253Z643RpbcP1oeIJlQ/SKW67g==} + + micromark-extension-math@3.1.0: + resolution: {integrity: sha512-lvEqd+fHjATVs+2v/8kg9i5Q0AP2k85H0WUOwpIVvUML8BapsMvh1XAogmQjOCsLpoKRCVQqEkQBB3NhVBcsOg==} + + micromark-factory-destination@2.0.1: + resolution: {integrity: sha512-Xe6rDdJlkmbFRExpTOmRj9N3MaWmbAgdpSrBQvCFqhezUn4AHqJHbaEnfbVYYiexVSs//tqOdY/DxhjdCiJnIA==} + + micromark-factory-label@2.0.1: + resolution: {integrity: sha512-VFMekyQExqIW7xIChcXn4ok29YE3rnuyveW3wZQWWqF4Nv9Wk5rgJ99KzPvHjkmPXF93FXIbBp6YdW3t71/7Vg==} + + micromark-factory-space@2.0.1: + resolution: {integrity: sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==} + + micromark-factory-title@2.0.1: + resolution: {integrity: sha512-5bZ+3CjhAd9eChYTHsjy6TGxpOFSKgKKJPJxr293jTbfry2KDoWkhBb6TcPVB4NmzaPhMs1Frm9AZH7OD4Cjzw==} + + micromark-factory-whitespace@2.0.1: + resolution: {integrity: sha512-Ob0nuZ3PKt/n0hORHyvoD9uZhr+Za8sFoP+OnMcnWK5lngSzALgQYKMr9RJVOWLqQYuyn6ulqGWSXdwf6F80lQ==} + + micromark-util-character@2.1.1: + resolution: {integrity: sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==} + + micromark-util-chunked@2.0.1: + resolution: {integrity: sha512-QUNFEOPELfmvv+4xiNg2sRYeS/P84pTW0TCgP5zc9FpXetHY0ab7SxKyAQCNCc1eK0459uoLI1y5oO5Vc1dbhA==} + + micromark-util-classify-character@2.0.1: + resolution: {integrity: sha512-K0kHzM6afW/MbeWYWLjoHQv1sgg2Q9EccHEDzSkxiP/EaagNzCm7T/WMKZ3rjMbvIpvBiZgwR3dKMygtA4mG1Q==} + + micromark-util-combine-extensions@2.0.1: + resolution: {integrity: sha512-OnAnH8Ujmy59JcyZw8JSbK9cGpdVY44NKgSM7E9Eh7DiLS2E9RNQf0dONaGDzEG9yjEl5hcqeIsj4hfRkLH/Bg==} + + micromark-util-decode-numeric-character-reference@2.0.2: + resolution: {integrity: sha512-ccUbYk6CwVdkmCQMyr64dXz42EfHGkPQlBj5p7YVGzq8I7CtjXZJrubAYezf7Rp+bjPseiROqe7G6foFd+lEuw==} + + micromark-util-encode@2.0.1: + resolution: {integrity: sha512-c3cVx2y4KqUnwopcO9b/SCdo2O67LwJJ/UyqGfbigahfegL9myoEFoDYZgkT7f36T0bLrM9hZTAaAyH+PCAXjw==} + + micromark-util-html-tag-name@2.0.1: + resolution: {integrity: sha512-2cNEiYDhCWKI+Gs9T0Tiysk136SnR13hhO8yW6BGNyhOC4qYFnwF1nKfD3HFAIXA5c45RrIG1ub11GiXeYd1xA==} + + micromark-util-normalize-identifier@2.0.1: + resolution: {integrity: sha512-sxPqmo70LyARJs0w2UclACPUUEqltCkJ6PhKdMIDuJ3gSf/Q+/GIe3WKl0Ijb/GyH9lOpUkRAO2wp0GVkLvS9Q==} + + micromark-util-resolve-all@2.0.1: + resolution: {integrity: sha512-VdQyxFWFT2/FGJgwQnJYbe1jjQoNTS4RjglmSjTUlpUMa95Htx9NHeYW4rGDJzbjvCsl9eLjMQwGeElsqmzcHg==} + + micromark-util-sanitize-uri@2.0.1: + resolution: {integrity: sha512-9N9IomZ/YuGGZZmQec1MbgxtlgougxTodVwDzzEouPKo3qFWvymFHWcnDi2vzV1ff6kas9ucW+o3yzJK9YB1AQ==} + + micromark-util-subtokenize@2.1.0: + resolution: {integrity: sha512-XQLu552iSctvnEcgXw6+Sx75GflAPNED1qx7eBJ+wydBb2KCbRZe+NwvIEEMM83uml1+2WSXpBAcp9IUCgCYWA==} + + micromark-util-symbol@2.0.1: + resolution: {integrity: sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==} + + micromark-util-types@2.0.1: + resolution: {integrity: sha512-534m2WhVTddrcKVepwmVEVnUAmtrx9bfIjNoQHRqfnvdaHQiFytEhJoTgpWJvDEXCO5gLTQh3wYC1PgOJA4NSQ==} + + micromark@4.0.1: + resolution: {integrity: sha512-eBPdkcoCNvYcxQOAKAlceo5SNdzZWfF+FcSupREAzdAh9rRmE239CEQAiTwIgblwnoM8zzj35sZ5ZwvSEOF6Kw==} + + minimatch@3.1.2: + resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==} + + minimatch@9.0.5: + resolution: {integrity: sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==} + engines: {node: '>=16 || 14 >=14.17'} + + minimist@1.2.8: + resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==} + + minipass@7.1.2: + resolution: {integrity: sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==} + engines: {node: '>=16 || 14 >=14.17'} + + ms@2.1.3: + resolution: {integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==} + + once@1.4.0: + resolution: {integrity: sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==} + + package-json-from-dist@1.0.1: + resolution: {integrity: sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==} + + parse-entities@4.0.2: + resolution: {integrity: sha512-GG2AQYWoLgL877gQIKeRPGO1xF9+eG1ujIb5soS5gPvLQ1y2o8FL90w2QWNdf9I361Mpp7726c+lj3U0qK1uGw==} + + path-is-absolute@1.0.1: + resolution: {integrity: sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==} + engines: {node: '>=0.10.0'} + + path-key@3.1.1: + resolution: {integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==} + engines: {node: '>=8'} + + path-scurry@1.11.1: + resolution: {integrity: sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==} + engines: {node: '>=16 || 14 >=14.18'} + + punycode.js@2.3.1: + resolution: {integrity: sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==} + engines: {node: '>=6'} + + repeat-string@1.6.1: + resolution: {integrity: sha512-PV0dzCYDNfRi1jCDbJzpW7jNNDRuCOG/jI5ctQcGKt/clZD+YcPS3yIlWuTJMmESC8aevCFmWJy5wjAFgNqN6w==} + engines: {node: '>=0.10'} + + run-con@1.3.2: + resolution: {integrity: sha512-CcfE+mYiTcKEzg0IqS08+efdnH0oJ3zV0wSUFBNrMHMuxCtXvBCLzCJHatwuXDcu/RlhjTziTo/a1ruQik6/Yg==} + hasBin: true + + shebang-command@2.0.0: + resolution: {integrity: sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==} + engines: {node: '>=8'} + + shebang-regex@3.0.0: + resolution: {integrity: sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==} + engines: {node: '>=8'} + + signal-exit@4.1.0: + resolution: {integrity: sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==} + engines: {node: '>=14'} + + smol-toml@1.3.1: + resolution: {integrity: sha512-tEYNll18pPKHroYSmLLrksq233j021G0giwW7P3D24jC54pQ5W5BXMsQ/Mvw1OJCmEYDgY+lrzT+3nNUtoNfXQ==} + engines: {node: '>= 18'} + + string-width@4.2.3: + resolution: {integrity: sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==} + engines: {node: '>=8'} + + string-width@5.1.2: + resolution: {integrity: sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==} + engines: {node: '>=12'} + + strip-ansi@6.0.1: + resolution: {integrity: sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==} + engines: {node: '>=8'} + + strip-ansi@7.1.0: + resolution: {integrity: sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==} + engines: {node: '>=12'} + + strip-json-comments@3.1.1: + resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==} + engines: {node: '>=8'} + + uc.micro@2.1.0: + resolution: {integrity: sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==} + + which@2.0.2: + resolution: {integrity: sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==} + engines: {node: '>= 8'} + hasBin: true + + wrap-ansi@7.0.0: + resolution: {integrity: sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==} + engines: {node: '>=10'} + + wrap-ansi@8.1.0: + resolution: {integrity: sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==} + engines: {node: '>=12'} + + wrappy@1.0.2: + resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==} + + yaml@2.7.0: + resolution: {integrity: sha512-+hSoy/QHluxmC9kCIJyL/uyFmLmc+e5CFR5Wa+bpIhIj85LVb9ZH2nVnqrHoSvKogwODv0ClqZkmiSSaIH5LTA==} + engines: {node: '>= 14'} + hasBin: true + +snapshots: + + '@bitnami/readme-generator-for-helm@2.7.0': + dependencies: + commander: 13.1.0 + dot-object: 2.1.5 + lodash: 4.17.21 + markdown-table: 2.0.0 + yaml: 2.7.0 + + '@isaacs/cliui@8.0.2': + dependencies: + string-width: 5.1.2 + string-width-cjs: string-width@4.2.3 + strip-ansi: 7.1.0 + strip-ansi-cjs: strip-ansi@6.0.1 + wrap-ansi: 8.1.0 + wrap-ansi-cjs: wrap-ansi@7.0.0 + + '@pkgjs/parseargs@0.11.0': + optional: true + + '@types/debug@4.1.12': + dependencies: + '@types/ms': 2.1.0 + + '@types/katex@0.16.7': {} + + '@types/ms@2.1.0': {} + + '@types/unist@2.0.11': {} + + ansi-regex@5.0.1: {} + + ansi-regex@6.1.0: {} + + ansi-styles@4.3.0: + dependencies: + color-convert: 2.0.1 + + ansi-styles@6.2.1: {} + + argparse@2.0.1: {} + + balanced-match@1.0.2: {} + + brace-expansion@1.1.11: + dependencies: + balanced-match: 1.0.2 + concat-map: 0.0.1 + + brace-expansion@2.0.1: + dependencies: + balanced-match: 1.0.2 + + character-entities-legacy@3.0.0: {} + + character-entities@2.0.2: {} + + character-reference-invalid@2.0.1: {} + + color-convert@2.0.1: + dependencies: + color-name: 1.1.4 + + color-name@1.1.4: {} + + commander@13.1.0: {} + + commander@6.2.1: {} + + commander@8.3.0: {} + + concat-map@0.0.1: {} + + cross-spawn@7.0.6: + dependencies: + path-key: 3.1.1 + shebang-command: 2.0.0 + which: 2.0.2 + + debug@4.4.0: + dependencies: + ms: 2.1.3 + + decode-named-character-reference@1.1.0: + dependencies: + character-entities: 2.0.2 + + deep-extend@0.6.0: {} + + dequal@2.0.3: {} + + devlop@1.1.0: + dependencies: + dequal: 2.0.3 + + dot-object@2.1.5: + dependencies: + commander: 6.2.1 + glob: 7.2.3 + + eastasianwidth@0.2.0: {} + + emoji-regex@8.0.0: {} + + emoji-regex@9.2.2: {} + + entities@4.5.0: {} + + foreground-child@3.3.1: + dependencies: + cross-spawn: 7.0.6 + signal-exit: 4.1.0 + + fs.realpath@1.0.0: {} + + glob@10.4.5: + dependencies: + foreground-child: 3.3.1 + jackspeak: 3.4.3 + minimatch: 9.0.5 + minipass: 7.1.2 + package-json-from-dist: 1.0.1 + path-scurry: 1.11.1 + + glob@7.2.3: + dependencies: + fs.realpath: 1.0.0 + inflight: 1.0.6 + inherits: 2.0.4 + minimatch: 3.1.2 + once: 1.4.0 + path-is-absolute: 1.0.1 + + ignore@7.0.3: {} + + inflight@1.0.6: + dependencies: + once: 1.4.0 + wrappy: 1.0.2 + + inherits@2.0.4: {} + + ini@4.1.3: {} + + is-alphabetical@2.0.1: {} + + is-alphanumerical@2.0.1: + dependencies: + is-alphabetical: 2.0.1 + is-decimal: 2.0.1 + + is-decimal@2.0.1: {} + + is-fullwidth-code-point@3.0.0: {} + + is-hexadecimal@2.0.1: {} + + isexe@2.0.0: {} + + jackspeak@3.4.3: + dependencies: + '@isaacs/cliui': 8.0.2 + optionalDependencies: + '@pkgjs/parseargs': 0.11.0 + + js-yaml@4.1.0: + dependencies: + argparse: 2.0.1 + + jsonc-parser@3.3.1: {} + + jsonpointer@5.0.1: {} + + katex@0.16.21: + dependencies: + commander: 8.3.0 + + linkify-it@5.0.0: + dependencies: + uc.micro: 2.1.0 + + lodash@4.17.21: {} + + lru-cache@10.4.3: {} + + markdown-it@14.1.0: + dependencies: + argparse: 2.0.1 + entities: 4.5.0 + linkify-it: 5.0.0 + mdurl: 2.0.0 + punycode.js: 2.3.1 + uc.micro: 2.1.0 + + markdown-table@2.0.0: + dependencies: + repeat-string: 1.6.1 + + markdownlint-cli@0.44.0: + dependencies: + commander: 13.1.0 + glob: 10.4.5 + ignore: 7.0.3 + js-yaml: 4.1.0 + jsonc-parser: 3.3.1 + jsonpointer: 5.0.1 + markdownlint: 0.37.4 + minimatch: 9.0.5 + run-con: 1.3.2 + smol-toml: 1.3.1 + transitivePeerDependencies: + - supports-color + + markdownlint@0.37.4: + dependencies: + markdown-it: 14.1.0 + micromark: 4.0.1 + micromark-core-commonmark: 2.0.2 + micromark-extension-directive: 3.0.2 + micromark-extension-gfm-autolink-literal: 2.1.0 + micromark-extension-gfm-footnote: 2.1.0 + micromark-extension-gfm-table: 2.1.0 + micromark-extension-math: 3.1.0 + micromark-util-types: 2.0.1 + transitivePeerDependencies: + - supports-color + + mdurl@2.0.0: {} + + micromark-core-commonmark@2.0.2: + dependencies: + decode-named-character-reference: 1.1.0 + devlop: 1.1.0 + micromark-factory-destination: 2.0.1 + micromark-factory-label: 2.0.1 + micromark-factory-space: 2.0.1 + micromark-factory-title: 2.0.1 + micromark-factory-whitespace: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-chunked: 2.0.1 + micromark-util-classify-character: 2.0.1 + micromark-util-html-tag-name: 2.0.1 + micromark-util-normalize-identifier: 2.0.1 + micromark-util-resolve-all: 2.0.1 + micromark-util-subtokenize: 2.1.0 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-extension-directive@3.0.2: + dependencies: + devlop: 1.1.0 + micromark-factory-space: 2.0.1 + micromark-factory-whitespace: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + parse-entities: 4.0.2 + + micromark-extension-gfm-autolink-literal@2.1.0: + dependencies: + micromark-util-character: 2.1.1 + micromark-util-sanitize-uri: 2.0.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-extension-gfm-footnote@2.1.0: + dependencies: + devlop: 1.1.0 + micromark-core-commonmark: 2.0.2 + micromark-factory-space: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-normalize-identifier: 2.0.1 + micromark-util-sanitize-uri: 2.0.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-extension-gfm-table@2.1.0: + dependencies: + devlop: 1.1.0 + micromark-factory-space: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-extension-math@3.1.0: + dependencies: + '@types/katex': 0.16.7 + devlop: 1.1.0 + katex: 0.16.21 + micromark-factory-space: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-factory-destination@2.0.1: + dependencies: + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-factory-label@2.0.1: + dependencies: + devlop: 1.1.0 + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-factory-space@2.0.1: + dependencies: + micromark-util-character: 2.1.1 + micromark-util-types: 2.0.1 + + micromark-factory-title@2.0.1: + dependencies: + micromark-factory-space: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-factory-whitespace@2.0.1: + dependencies: + micromark-factory-space: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-util-character@2.1.1: + dependencies: + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-util-chunked@2.0.1: + dependencies: + micromark-util-symbol: 2.0.1 + + micromark-util-classify-character@2.0.1: + dependencies: + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-util-combine-extensions@2.0.1: + dependencies: + micromark-util-chunked: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-util-decode-numeric-character-reference@2.0.2: + dependencies: + micromark-util-symbol: 2.0.1 + + micromark-util-encode@2.0.1: {} + + micromark-util-html-tag-name@2.0.1: {} + + micromark-util-normalize-identifier@2.0.1: + dependencies: + micromark-util-symbol: 2.0.1 + + micromark-util-resolve-all@2.0.1: + dependencies: + micromark-util-types: 2.0.1 + + micromark-util-sanitize-uri@2.0.1: + dependencies: + micromark-util-character: 2.1.1 + micromark-util-encode: 2.0.1 + micromark-util-symbol: 2.0.1 + + micromark-util-subtokenize@2.1.0: + dependencies: + devlop: 1.1.0 + micromark-util-chunked: 2.0.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-util-symbol@2.0.1: {} + + micromark-util-types@2.0.1: {} + + micromark@4.0.1: + dependencies: + '@types/debug': 4.1.12 + debug: 4.4.0 + decode-named-character-reference: 1.1.0 + devlop: 1.1.0 + micromark-core-commonmark: 2.0.2 + micromark-factory-space: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-chunked: 2.0.1 + micromark-util-combine-extensions: 2.0.1 + micromark-util-decode-numeric-character-reference: 2.0.2 + micromark-util-encode: 2.0.1 + micromark-util-normalize-identifier: 2.0.1 + micromark-util-resolve-all: 2.0.1 + micromark-util-sanitize-uri: 2.0.1 + micromark-util-subtokenize: 2.1.0 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + transitivePeerDependencies: + - supports-color + + minimatch@3.1.2: + dependencies: + brace-expansion: 1.1.11 + + minimatch@9.0.5: + dependencies: + brace-expansion: 2.0.1 + + minimist@1.2.8: {} + + minipass@7.1.2: {} + + ms@2.1.3: {} + + once@1.4.0: + dependencies: + wrappy: 1.0.2 + + package-json-from-dist@1.0.1: {} + + parse-entities@4.0.2: + dependencies: + '@types/unist': 2.0.11 + character-entities-legacy: 3.0.0 + character-reference-invalid: 2.0.1 + decode-named-character-reference: 1.1.0 + is-alphanumerical: 2.0.1 + is-decimal: 2.0.1 + is-hexadecimal: 2.0.1 + + path-is-absolute@1.0.1: {} + + path-key@3.1.1: {} + + path-scurry@1.11.1: + dependencies: + lru-cache: 10.4.3 + minipass: 7.1.2 + + punycode.js@2.3.1: {} + + repeat-string@1.6.1: {} + + run-con@1.3.2: + dependencies: + deep-extend: 0.6.0 + ini: 4.1.3 + minimist: 1.2.8 + strip-json-comments: 3.1.1 + + shebang-command@2.0.0: + dependencies: + shebang-regex: 3.0.0 + + shebang-regex@3.0.0: {} + + signal-exit@4.1.0: {} + + smol-toml@1.3.1: {} + + string-width@4.2.3: + dependencies: + emoji-regex: 8.0.0 + is-fullwidth-code-point: 3.0.0 + strip-ansi: 6.0.1 + + string-width@5.1.2: + dependencies: + eastasianwidth: 0.2.0 + emoji-regex: 9.2.2 + strip-ansi: 7.1.0 + + strip-ansi@6.0.1: + dependencies: + ansi-regex: 5.0.1 + + strip-ansi@7.1.0: + dependencies: + ansi-regex: 6.1.0 + + strip-json-comments@3.1.1: {} + + uc.micro@2.1.0: {} + + which@2.0.2: + dependencies: + isexe: 2.0.0 + + wrap-ansi@7.0.0: + dependencies: + ansi-styles: 4.3.0 + string-width: 4.2.3 + strip-ansi: 6.0.1 + + wrap-ansi@8.1.0: + dependencies: + ansi-styles: 6.2.1 + string-width: 5.1.2 + strip-ansi: 7.1.0 + + wrappy@1.0.2: {} + + yaml@2.7.0: {} diff --git a/scripts/token.sh b/scripts/token.sh new file mode 100755 index 0000000..cbb2ebd --- /dev/null +++ b/scripts/token.sh @@ -0,0 +1,43 @@ +#!/bin/sh + +set -eu + +timeout_delay=15 + +check_token() { + set +e + + echo "Checking for existing token..." + token="$(kubectl get secret "$SECRET_NAME" -o jsonpath="{.data['token']}" 2> /dev/null)" + [ $? -ne 0 ] && return 1 + [ -z "$token" ] && return 2 + return 0 +} + +create_token() { + echo "Waiting for new token to be generated..." + begin=$(date +%s) + end=$((begin + timeout_delay)) + while true; do + [ -f /data/actions/token ] && return 0 + [ "$(date +%s)" -gt $end ] && return 1 + sleep 5 + done +} + +store_token() { + echo "Storing the token in Kubernetes secret..." + kubectl patch secret "$SECRET_NAME" -p "{\"data\":{\"token\":\"$(base64 /data/actions/token | tr -d '\n')\"}}" +} + +if check_token; then + echo "Key already in place, exiting." + exit +fi + +if ! create_token; then + echo "Checking for an existing act runner token in secret $SECRET_NAME timed out after $timeout_delay" + exit 1 +fi + +store_token diff --git a/templates/01-consistency-checks.yaml b/templates/01-consistency-checks.yaml index 25ae556..2168b12 100644 --- a/templates/01-consistency-checks.yaml +++ b/templates/01-consistency-checks.yaml @@ -1,15 +1,18 @@ -{{- if .Values.actions.enabled -}} - {{- if .Values.actions.provisioning.enabled -}} +{{- if .Values.enabled -}} + {{- if .Values.provisioning.enabled -}} {{- if not (and .Values.persistence.enabled .Values.persistence.mount) -}} {{- fail "persistence.enabled and persistence.mount are required when provisioning is enabled" -}} {{- end -}} {{- if and .Values.persistence.enabled .Values.persistence.mount -}} - {{- if .Values.actions.existingSecret -}} + {{- if .Values.existingSecret -}} {{- fail "Can't specify both actions.provisioning.enabled and actions.existingSecret" -}} {{- end -}} {{- end -}} {{- end -}} - {{- if and (not .Values.actions.provisioning.enabled) (or (empty .Values.actions.existingSecret) (empty .Values.actions.existingSecretKey)) -}} - {{- fail "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled" -}} + {{- if and (not .Values.provisioning.enabled) (or (empty .Values.existingSecret) (empty .Values.existingSecretKey)) -}} + {{- fail "existingSecret and existingSecretKey are required when provisioning is disabled" -}} + {{- end -}} + {{- if not .Values.giteaRootURL -}} + {{- fail "giteaRootURL is required" -}} {{- end -}} {{- end -}} diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl new file mode 100644 index 0000000..76dbffe --- /dev/null +++ b/templates/_helpers.tpl @@ -0,0 +1,131 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} + +{{- define "gitea.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gitea.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default worker name. +*/}} +{{- define "gitea.workername" -}} +{{- printf "%s-%s" .global.Release.Name .worker | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gitea.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create image name and tag used by the deployment. +*/}} +{{- define "gitea.image" -}} +{{- $fullOverride := .Values.image.fullOverride | default "" -}} +{{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}} +{{- $repository := .Values.image.repository -}} +{{- $separator := ":" -}} +{{- $tag := .Values.image.tag | default .Chart.AppVersion | toString -}} +{{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}} +{{- $digest := "" -}} +{{- if .Values.image.digest }} + {{- $digest = (printf "@%s" (.Values.image.digest | toString)) -}} +{{- end -}} +{{- if $fullOverride }} + {{- printf "%s" $fullOverride -}} +{{- else if $registry }} + {{- printf "%s/%s%s%s%s%s" $registry $repository $separator $tag $rootless $digest -}} +{{- else -}} + {{- printf "%s%s%s%s%s" $repository $separator $tag $rootless $digest -}} +{{- end -}} +{{- end -}} + +{{/* +Storage Class +*/}} +{{- define "gitea.persistence.storageClass" -}} +{{- $storageClass := (tpl ( default "" .Values.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }} +{{- if $storageClass }} +storageClassName: {{ $storageClass | quote }} +{{- end }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "gitea.labels" -}} +helm.sh/chart: {{ include "gitea.chart" . }} +app: {{ include "gitea.name" . }} +{{ include "gitea.selectorLabels" . }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "gitea.labels.actRunner" -}} +helm.sh/chart: {{ include "gitea.chart" . }} +app: {{ include "gitea.name" . }}-act-runner +{{ include "gitea.selectorLabels.actRunner" . }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "gitea.selectorLabels" -}} +app.kubernetes.io/name: {{ include "gitea.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{- define "gitea.selectorLabels.actRunner" -}} +app.kubernetes.io/name: {{ include "gitea.name" . }}-act-runner +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{- define "gitea.act_runner.local_root_url" -}} + {{- .Values.giteaRootURL -}} +{{- end -}} + +{{/* +Parse the http url to hostname + port separated by space for the nc command +*/}} +{{- define "gitea.act_runner.nc" -}} +{{- $url := include "gitea.act_runner.local_root_url" . | urlParse -}} +{{- $host := get $url "host" -}} +{{- $scheme := get $url "scheme" -}} +{{- $port := "80" -}} +{{- if contains ":" $host -}} + {{- $hostAndPort := regexSplit ":" $host 2 -}} + {{- $host = index $hostAndPort 0 -}} + {{- $port = index $hostAndPort 1 -}} +{{- else if eq $scheme "https" -}} + {{- $port = "443" -}} +{{- else if eq $scheme "http" -}} + {{- $port = "80" -}} +{{- end -}} +{{- printf "%s %s" $host $port -}} +{{- end -}} diff --git a/templates/config-act-runner.yaml b/templates/config-act-runner.yaml index 433fb69..57195ca 100644 --- a/templates/config-act-runner.yaml +++ b/templates/config-act-runner.yaml @@ -1,4 +1,4 @@ -{{- if .Values.actions.enabled }} +{{- if .Values.enabled }} --- apiVersion: v1 kind: ConfigMap @@ -9,7 +9,7 @@ metadata: {{- include "gitea.labels" . | nindent 4 }} data: config.yaml: | - {{- with .Values.actions.statefulset.actRunner.config -}} + {{- with .Values.statefulset.actRunner.config -}} {{ . | nindent 4}} {{- end -}} {{- end }} diff --git a/templates/config-scripts.yaml b/templates/config-scripts.yaml index 5c47763..78ce638 100644 --- a/templates/config-scripts.yaml +++ b/templates/config-scripts.yaml @@ -1,5 +1,5 @@ -{{- if .Values.actions.enabled }} -{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} +{{- if .Values.enabled }} +{{- if and (and .Values.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} --- apiVersion: v1 kind: ConfigMap @@ -9,6 +9,6 @@ metadata: labels: {{- include "gitea.labels" . | nindent 4 }} data: -{{ (.Files.Glob "scripts/act_runner/*.sh").AsConfig | indent 2 }} +{{ (.Files.Glob "scripts/*.sh").AsConfig | indent 2 }} {{- end }} {{- end }} diff --git a/templates/job.yaml b/templates/job.yaml index 777eb77..c14316e 100644 --- a/templates/job.yaml +++ b/templates/job.yaml @@ -1,5 +1,5 @@ -{{- if .Values.actions.enabled }} -{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} +{{- if .Values.enabled }} +{{- if and (and .Values.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} {{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} {{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} --- @@ -10,33 +10,33 @@ metadata: namespace: {{ .Values.namespace | default .Release.Namespace }} labels: {{- include "gitea.labels" . | nindent 4 }} - {{- with .Values.actions.provisioning.labels }} + {{- with .Values.provisioning.labels }} {{- toYaml . | nindent 4 }} {{- end }} app.kubernetes.io/component: token-job annotations: - {{- with .Values.actions.provisioning.annotations }} + {{- with .Values.provisioning.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: - ttlSecondsAfterFinished: {{ .Values.actions.provisioning.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ .Values.provisioning.ttlSecondsAfterFinished }} template: metadata: labels: {{- include "gitea.labels" . | nindent 8 }} - {{- with .Values.actions.provisioning.labels }} + {{- with .Values.provisioning.labels }} {{- toYaml . | nindent 8 }} {{- end }} app.kubernetes.io/component: token-job spec: initContainers: - name: init-gitea - image: "{{ .Values.actions.init.image.repository }}:{{ .Values.actions.init.image.tag }}" + image: "{{ .Values.init.image.repository }}:{{ .Values.init.image.tag }}" command: - sh - -c - | - while ! nc -z {{ include "gitea.fullname" . }}-http {{ .Values.service.http.port }}; do + while ! nc -z {{ include "gitea.act_runner.nc" . }}; do sleep 5 done containers: @@ -54,7 +54,7 @@ spec: mkdir -p /data/actions/ gitea actions generate-runner-token | grep -E '^.{40}$' | tr -d '\n' > /data/actions/token resources: - {{- toYaml .Values.actions.provisioning.resources | nindent 12 }} + {{- toYaml .Values.provisioning.resources | nindent 12 }} volumeMounts: - name: data mountPath: /data @@ -62,8 +62,8 @@ spec: subPath: {{ .Values.persistence.subPath }} {{- end }} - name: actions-token-upload - image: "{{ .Values.actions.provisioning.publish.repository }}:{{ .Values.actions.provisioning.publish.tag }}" - imagePullPolicy: {{ .Values.actions.provisioning.publish.pullPolicy }} + image: "{{ .Values.provisioning.publish.repository }}:{{ .Values.provisioning.publish.tag }}" + imagePullPolicy: {{ .Values.provisioning.publish.pullPolicy }} env: - name: SECRET_NAME value: {{ $secretName }} @@ -75,7 +75,7 @@ spec: kubectl auth can-i update secret/${SECRET_NAME} /scripts/token.sh resources: - {{- toYaml .Values.actions.provisioning.resources | nindent 12 }} + {{- toYaml .Values.provisioning.resources | nindent 12 }} volumeMounts: - mountPath: /scripts name: scripts @@ -86,15 +86,15 @@ spec: {{- if .Values.persistence.subPath }} subPath: {{ .Values.persistence.subPath }} {{- end }} - {{- range $key, $value := .Values.actions.provisioning.nodeSelector }} + {{- range $key, $value := .Values.provisioning.nodeSelector }} nodeSelector: {{ $key }}: {{ $value | quote }} {{- end }} - {{- with .Values.actions.provisioning.affinity }} + {{- with .Values.provisioning.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.actions.provisioning.tolerations }} + {{- with .Values.provisioning.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/templates/role-job.yaml b/templates/role-job.yaml index c2afa57..c48f811 100644 --- a/templates/role-job.yaml +++ b/templates/role-job.yaml @@ -1,5 +1,5 @@ -{{- if .Values.actions.enabled }} -{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} +{{- if .Values.enabled }} +{{- if and (and .Values.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} {{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} {{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} --- diff --git a/templates/rolebinding-job.yaml b/templates/rolebinding-job.yaml index 1c67e84..f88cea6 100644 --- a/templates/rolebinding-job.yaml +++ b/templates/rolebinding-job.yaml @@ -1,5 +1,5 @@ -{{- if .Values.actions.enabled }} -{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} +{{- if .Values.enabled }} +{{- if and (and .Values.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} {{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} {{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} --- diff --git a/templates/secret-token.yaml b/templates/secret-token.yaml index bc3416b..134209f 100644 --- a/templates/secret-token.yaml +++ b/templates/secret-token.yaml @@ -1,5 +1,5 @@ -{{- if .Values.actions.enabled }} -{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} +{{- if .Values.enabled }} +{{- if and (and .Values.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} {{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} {{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} --- diff --git a/templates/serviceaccount-job.yaml b/templates/serviceaccount-job.yaml index dd39752..99a7124 100644 --- a/templates/serviceaccount-job.yaml +++ b/templates/serviceaccount-job.yaml @@ -1,5 +1,5 @@ -{{- if .Values.actions.enabled }} -{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} +{{- if .Values.enabled }} +{{- if and (and .Values.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} {{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} --- apiVersion: v1 diff --git a/templates/statefulset.yaml b/templates/statefulset.yaml index 72b4e19..1beff11 100644 --- a/templates/statefulset.yaml +++ b/templates/statefulset.yaml @@ -1,4 +1,4 @@ -{{- if .Values.actions.enabled }} +{{- if .Values.enabled }} {{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} --- apiVersion: apps/v1 @@ -6,11 +6,11 @@ kind: StatefulSet metadata: labels: {{- include "gitea.labels.actRunner" . | nindent 4 }} - {{- with .Values.actions.statefulset.labels }} + {{- with .Values.statefulset.labels }} {{- toYaml . | nindent 4 }} {{- end }} annotations: - {{- with .Values.actions.statefulset.annotations }} + {{- with .Values.statefulset.annotations }} {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "gitea.fullname" . }}-act-runner @@ -22,27 +22,27 @@ spec: template: metadata: annotations: - checksum/config: {{ include (print $.Template.BasePath "/gitea/act_runner/config-act-runner.yaml") . | sha256sum }} + checksum/config: {{ include (print $.Template.BasePath "/config-act-runner.yaml") . | sha256sum }} labels: {{- include "gitea.labels.actRunner" . | nindent 8 }} - {{- with .Values.actions.statefulset.labels }} + {{- with .Values.statefulset.labels }} {{- toYaml . | nindent 8 }} {{- end }} spec: initContainers: - name: init-gitea - image: "{{ .Values.actions.init.image.repository }}:{{ .Values.actions.init.image.tag }}" + image: "{{ .Values.init.image.repository }}:{{ .Values.init.image.tag }}" command: - sh - -c - | - while ! nc -z {{ include "gitea.fullname" . }}-http {{ .Values.service.http.port }}; do + while ! nc -z {{ include "gitea.act_runner.nc" . }}; do sleep 5 done containers: - name: act-runner - image: "{{ .Values.actions.statefulset.actRunner.repository }}:{{ .Values.actions.statefulset.actRunner.tag }}" - imagePullPolicy: {{ .Values.actions.statefulset.actRunner.pullPolicy }} + image: "{{ .Values.statefulset.actRunner.repository }}:{{ .Values.statefulset.actRunner.tag }}" + imagePullPolicy: {{ .Values.statefulset.actRunner.pullPolicy }} workingDir: /data env: - name: DOCKER_HOST @@ -54,14 +54,14 @@ spec: - name: GITEA_RUNNER_REGISTRATION_TOKEN valueFrom: secretKeyRef: - name: "{{ .Values.actions.existingSecret | default $secretName }}" - key: "{{ .Values.actions.existingSecretKey | default "token" }}" + name: "{{ .Values.existingSecret | default $secretName }}" + key: "{{ .Values.existingSecretKey | default "token" }}" - name: GITEA_INSTANCE_URL value: {{ include "gitea.act_runner.local_root_url" . }} - name: CONFIG_FILE value: /actrunner/config.yaml resources: - {{- toYaml .Values.actions.statefulset.resources | nindent 12 }} + {{- toYaml .Values.statefulset.resources | nindent 12 }} volumeMounts: - mountPath: /actrunner/config.yaml name: act-runner-config @@ -70,12 +70,12 @@ spec: name: docker-certs - mountPath: /data name: data-act-runner - {{- with .Values.actions.statefulset.actRunner.extraVolumeMounts }} + {{- with .Values.statefulset.actRunner.extraVolumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} - name: dind - image: "{{ .Values.actions.statefulset.dind.repository }}:{{ .Values.actions.statefulset.dind.tag }}" - imagePullPolicy: {{ .Values.actions.statefulset.dind.pullPolicy }} + image: "{{ .Values.statefulset.dind.repository }}:{{ .Values.statefulset.dind.tag }}" + imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }} env: - name: DOCKER_HOST value: tcp://127.0.0.1:2376 @@ -83,28 +83,28 @@ spec: value: "1" - name: DOCKER_CERT_PATH value: /certs/server - {{- if .Values.actions.statefulset.dind.extraEnvs }} - {{- toYaml .Values.actions.statefulset.dind.extraEnvs | nindent 12 }} + {{- if .Values.statefulset.dind.extraEnvs }} + {{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }} {{- end }} securityContext: privileged: true resources: - {{- toYaml .Values.actions.statefulset.resources | nindent 12 }} + {{- toYaml .Values.statefulset.resources | nindent 12 }} volumeMounts: - mountPath: /certs/server name: docker-certs - {{- with .Values.actions.statefulset.dind.extraVolumeMounts }} + {{- with .Values.statefulset.dind.extraVolumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} - {{- range $key, $value := .Values.actions.statefulset.nodeSelector }} + {{- range $key, $value := .Values.statefulset.nodeSelector }} nodeSelector: {{ $key }}: {{ $value | quote }} {{- end }} - {{- with .Values.actions.statefulset.affinity }} + {{- with .Values.statefulset.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.actions.statefulset.tolerations }} + {{- with .Values.statefulset.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} @@ -114,7 +114,7 @@ spec: name: {{ include "gitea.fullname" . }}-act-runner-config - name: docker-certs emptyDir: {} - {{- with .Values.actions.statefulset.extraVolumes }} + {{- with .Values.statefulset.extraVolumes }} {{- toYaml . | nindent 8 }} {{- end }} volumeClaimTemplates: diff --git a/unittests/01-consistency-checks.yaml b/unittests/helm/01-consistency-checks.yaml similarity index 56% rename from unittests/01-consistency-checks.yaml rename to unittests/helm/01-consistency-checks.yaml index 1c30924..a8fb9d8 100644 --- a/unittests/01-consistency-checks.yaml +++ b/unittests/helm/01-consistency-checks.yaml @@ -3,16 +3,15 @@ release: name: gitea-unittests namespace: testing templates: - - templates/gitea/act_runner/01-consistency-checks.yaml + - templates/01-consistency-checks.yaml tests: - it: fails when provisioning is enabled BUT persistence is completely disabled set: persistence: enabled: false - actions: + enabled: true + provisioning: enabled: true - provisioning: - enabled: true asserts: - failedTemplate: errorMessage: "persistence.enabled and persistence.mount are required when provisioning is enabled" @@ -21,49 +20,54 @@ tests: persistence: enabled: true mount: false - actions: + enabled: true + provisioning: enabled: true - provisioning: - enabled: true asserts: - failedTemplate: errorMessage: "persistence.enabled and persistence.mount are required when provisioning is enabled" - it: fails when provisioning is enabled AND existingSecret is given set: - actions: + enabled: true + provisioning: enabled: true - provisioning: - enabled: true - existingSecret: "secret-reference" + existingSecret: "secret-reference" asserts: - failedTemplate: errorMessage: "Can't specify both actions.provisioning.enabled and actions.existingSecret" - it: fails when provisioning is disabled BUT existingSecret and existingSecretKey are missing set: - actions: - enabled: true - provisioning: - enabled: false + enabled: true + provisioning: + enabled: false asserts: - failedTemplate: - errorMessage: "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled" + errorMessage: "existingSecret and existingSecretKey are required when provisioning is disabled" - it: fails when provisioning is disabled BUT existingSecretKey is missing set: - actions: - enabled: true - provisioning: - enabled: false - existingSecret: "my-secret" + enabled: true + provisioning: + enabled: false + existingSecret: "my-secret" asserts: - failedTemplate: - errorMessage: "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled" + errorMessage: "existingSecret and existingSecretKey are required when provisioning is disabled" - it: fails when provisioning is disabled BUT existingSecret is missing set: - actions: - enabled: true - provisioning: - enabled: false - existingSecretKey: "my-secret-key" + enabled: true + provisioning: + enabled: false + existingSecretKey: "my-secret-key" asserts: - failedTemplate: - errorMessage: "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled" + errorMessage: "existingSecret and existingSecretKey are required when provisioning is disabled" + - it: fails when LOCAL_ROOT_URL is missing + set: + enabled: true + provisioning: + enabled: false + existingSecret: "my-secret" + existingSecretKey: "my-secret-key" + asserts: + - failedTemplate: + errorMessage: "giteaRootURL is required" diff --git a/unittests/helm/actions-config.yaml b/unittests/helm/actions-config.yaml deleted file mode 100644 index e244aa8..0000000 --- a/unittests/helm/actions-config.yaml +++ /dev/null @@ -1,53 +0,0 @@ -suite: config template | actions config -release: - name: gitea-unittests - namespace: testing -templates: - - templates/config.yaml -tests: - - - it: "actions can be enabled via inline config" - template: templates/config.yaml - set: - gitea.config.actions.ENABLED: true - asserts: - - documentIndex: 0 - equal: - path: stringData.actions - value: |- - ENABLED=true - - - it: "actions can be enabled via dedicated values object" - template: templates/config.yaml - set: - actions: - enabled: true - asserts: - - documentIndex: 0 - equal: - path: stringData.actions - value: |- - ENABLED=true - - - it: "defines LOCAL_ROOT_URL when actions are enabled" - template: templates/config.yaml - set: - actions: - enabled: true - asserts: - - documentIndex: 0 - matchRegex: - path: stringData.server - pattern: \nLOCAL_ROOT_URL=http://gitea-unittests-http:3000 - - - it: "respects custom LOCAL_ROOT_URL, even when actions are enabled" - template: templates/config.yaml - set: - actions: - enabled: true - gitea.config.server.LOCAL_ROOT_URL: "http://git.example.com" - asserts: - - documentIndex: 0 - matchRegex: - path: stringData.server - pattern: \nLOCAL_ROOT_URL=http://git.example.com diff --git a/unittests/config-act-runner.yaml b/unittests/helm/config-act-runner.yaml similarity index 59% rename from unittests/config-act-runner.yaml rename to unittests/helm/config-act-runner.yaml index 2cba6bc..dc7a0e8 100644 --- a/unittests/config-act-runner.yaml +++ b/unittests/helm/config-act-runner.yaml @@ -4,35 +4,34 @@ release: name: gitea-unittests namespace: testing templates: - - templates/gitea/act_runner/config-act-runner.yaml + - templates/config-act-runner.yaml tests: - it: doesn't renders a ConfigMap by default - template: templates/gitea/act_runner/config-act-runner.yaml + template: templates/config-act-runner.yaml asserts: - hasDocuments: count: 0 - it: renders a ConfigMap - template: templates/gitea/act_runner/config-act-runner.yaml + template: templates/config-act-runner.yaml set: - actions: - enabled: true - statefulset: - actRunner: - config: | - log: - level: info - cache: - enabled: false - runner: - labels: - - "ubuntu-latest" + enabled: true + statefulset: + actRunner: + config: | + log: + level: info + cache: + enabled: false + runner: + labels: + - "ubuntu-latest" asserts: - hasDocuments: count: 1 - containsDocument: kind: ConfigMap apiVersion: v1 - name: gitea-unittests-act-runner-config + name: gitea-unittests-actions-act-runner-config - equal: path: data["config.yaml"] value: | diff --git a/unittests/config-scripts.yaml b/unittests/helm/config-scripts.yaml similarity index 65% rename from unittests/config-scripts.yaml rename to unittests/helm/config-scripts.yaml index da6d9aa..1b477ae 100644 --- a/unittests/config-scripts.yaml +++ b/unittests/helm/config-scripts.yaml @@ -3,15 +3,14 @@ release: name: gitea-unittests namespace: testing templates: - - templates/gitea/act_runner/config-scripts.yaml + - templates/config-scripts.yaml tests: - it: renders a ConfigMap when all criteria are met - template: templates/gitea/act_runner/config-scripts.yaml + template: templates/config-scripts.yaml set: - actions: + enabled: true + provisioning: enabled: true - provisioning: - enabled: true persistence: enabled: true mount: true @@ -21,26 +20,25 @@ tests: - containsDocument: kind: ConfigMap apiVersion: v1 - name: gitea-unittests-scripts + name: gitea-unittests-actions-scripts - isNotNullOrEmpty: path: data["token.sh"] - it: doesn't renders a ConfigMap by default - template: templates/gitea/act_runner/config-scripts.yaml + template: templates/config-scripts.yaml asserts: - hasDocuments: count: 0 - it: doesn't renders a ConfigMap with disabled actions but enabled provisioning - template: templates/gitea/act_runner/config-scripts.yaml + template: templates/config-scripts.yaml asserts: - hasDocuments: count: 0 - it: doesn't renders a ConfigMap with disabled actions but otherwise met criteria - template: templates/gitea/act_runner/config-scripts.yaml + template: templates/config-scripts.yaml set: - actions: - enabled: false - provisioning: - enabled: true + enabled: false + provisioning: + enabled: true persistence: enabled: true mount: true diff --git a/unittests/helm/job.yaml b/unittests/helm/job.yaml new file mode 100644 index 0000000..476053b --- /dev/null +++ b/unittests/helm/job.yaml @@ -0,0 +1,88 @@ +suite: actions template | job +release: + name: gitea-unittests + namespace: testing +chart: + # Override appVersion to have a pinned version for comparison + appVersion: 1.23.6 +templates: + - templates/job.yaml +tests: + - it: renders a Job + template: templates/job.yaml + set: + enabled: true + provisioning: + enabled: true + persistence: + enabled: true + mount: true + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: Job + apiVersion: batch/v1 + name: gitea-unittests-actions-token-job + - equal: + path: spec.template.spec.containers[0].image + value: "docker.gitea.com/gitea:1.23.6-rootless" + - it: tag override + template: templates/job.yaml + set: + image.tag: "1.23.7" + enabled: true + provisioning: + enabled: true + publish: + tag: "1.29.0" + persistence: + enabled: true + mount: true + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "docker.gitea.com/gitea:1.23.7-rootless" + - equal: + path: spec.template.spec.containers[1].image + value: "bitnami/kubectl:1.29.0" + - it: doesn't renders a Job by default + template: templates/job.yaml + asserts: + - hasDocuments: + count: 0 + - it: doesn't renders a Job when provisioning is enabled BUT actions are not enabled + template: templates/job.yaml + set: + enabled: false + provisioning: + enabled: true + asserts: + - hasDocuments: + count: 0 + - it: renders a Job with correct nc command + template: templates/job.yaml + set: + enabled: true + giteaRootURL: "https://git.example.com:8443" + provisioning: + enabled: true + persistence: + enabled: true + mount: true + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: Job + apiVersion: batch/v1 + name: gitea-unittests-actions-token-job + - equal: + path: spec.template.spec.containers[0].image + value: "docker.gitea.com/gitea:1.23.6-rootless" + - equal: + path: spec.template.spec.initContainers[0].command[2] + value: | + while ! nc -z git.example.com 8443; do + sleep 5 + done diff --git a/unittests/role-job.yaml b/unittests/helm/role-job.yaml similarity index 67% rename from unittests/role-job.yaml rename to unittests/helm/role-job.yaml index 8c511d8..e3688fb 100644 --- a/unittests/role-job.yaml +++ b/unittests/helm/role-job.yaml @@ -3,20 +3,19 @@ release: name: gitea-unittests namespace: testing templates: - - templates/gitea/act_runner/role-job.yaml + - templates/role-job.yaml tests: - it: doesn't renders a Role by default - template: templates/gitea/act_runner/role-job.yaml + template: templates/role-job.yaml asserts: - hasDocuments: count: 0 - it: renders a Role - template: templates/gitea/act_runner/role-job.yaml + template: templates/role-job.yaml set: - actions: + enabled: true + provisioning: enabled: true - provisioning: - enabled: true persistence: enabled: true mount: true @@ -28,12 +27,11 @@ tests: apiVersion: rbac.authorization.k8s.io/v1 name: gitea-unittests-actions-token-job - it: doesn't renders a Role when criteria met BUT actions are not enabled - template: templates/gitea/act_runner/role-job.yaml + template: templates/role-job.yaml set: - actions: - enabled: false - provisioning: - enabled: true + enabled: false + provisioning: + enabled: true persistence: enabled: true mount: true diff --git a/unittests/rolebinding-job.yaml b/unittests/helm/rolebinding-job.yaml similarity index 66% rename from unittests/rolebinding-job.yaml rename to unittests/helm/rolebinding-job.yaml index 2073bfc..68c4eeb 100644 --- a/unittests/rolebinding-job.yaml +++ b/unittests/helm/rolebinding-job.yaml @@ -3,20 +3,19 @@ release: name: gitea-unittests namespace: testing templates: - - templates/gitea/act_runner/rolebinding-job.yaml + - templates/rolebinding-job.yaml tests: - it: doesn't renders a RoleBinding by default - template: templates/gitea/act_runner/rolebinding-job.yaml + template: templates/rolebinding-job.yaml asserts: - hasDocuments: count: 0 - it: renders a RoleBinding - template: templates/gitea/act_runner/rolebinding-job.yaml + template: templates/rolebinding-job.yaml set: - actions: + enabled: true + provisioning: enabled: true - provisioning: - enabled: true persistence: enabled: true mount: true @@ -28,12 +27,11 @@ tests: apiVersion: rbac.authorization.k8s.io/v1 name: gitea-unittests-actions-token-job - it: doesn't renders a RoleBinding when criteria met BUT actions are not enabled - template: templates/gitea/act_runner/rolebinding-job.yaml + template: templates/rolebinding-job.yaml set: - actions: - enabled: false - provisioning: - enabled: true + enabled: false + provisioning: + enabled: true persistence: enabled: true mount: true diff --git a/unittests/secret-token.yaml b/unittests/helm/secret-token.yaml similarity index 65% rename from unittests/secret-token.yaml rename to unittests/helm/secret-token.yaml index b5054f3..08dcc89 100644 --- a/unittests/secret-token.yaml +++ b/unittests/helm/secret-token.yaml @@ -3,20 +3,19 @@ release: name: gitea-unittests namespace: testing templates: - - templates/gitea/act_runner/secret-token.yaml + - templates/secret-token.yaml tests: - it: doesn't renders a Secret by default - template: templates/gitea/act_runner/secret-token.yaml + template: templates/secret-token.yaml asserts: - hasDocuments: count: 0 - it: renders a Secret - template: templates/gitea/act_runner/secret-token.yaml + template: templates/secret-token.yaml set: - actions: + enabled: true + provisioning: enabled: true - provisioning: - enabled: true persistence: enabled: true mount: true @@ -28,12 +27,11 @@ tests: apiVersion: v1 name: gitea-unittests-actions-token - it: doesn't renders a Secret when criteria met BUT actions are not enabled - template: templates/gitea/act_runner/secret-token.yaml + template: templates/secret-token.yaml set: - actions: - enabled: false - provisioning: - enabled: true + enabled: false + provisioning: + enabled: true persistence: enabled: true mount: true diff --git a/unittests/serviceaccount-job.yaml b/unittests/helm/serviceaccount-job.yaml similarity index 65% rename from unittests/serviceaccount-job.yaml rename to unittests/helm/serviceaccount-job.yaml index bf8f0c8..77ca57f 100644 --- a/unittests/serviceaccount-job.yaml +++ b/unittests/helm/serviceaccount-job.yaml @@ -3,20 +3,19 @@ release: name: gitea-unittests namespace: testing templates: - - templates/gitea/act_runner/serviceaccount-job.yaml + - templates/serviceaccount-job.yaml tests: - it: doesn't renders a ServiceAccount by default - template: templates/gitea/act_runner/serviceaccount-job.yaml + template: templates/serviceaccount-job.yaml asserts: - hasDocuments: count: 0 - it: renders a ServiceAccount - template: templates/gitea/act_runner/serviceaccount-job.yaml + template: templates/serviceaccount-job.yaml set: - actions: + enabled: true + provisioning: enabled: true - provisioning: - enabled: true persistence: enabled: true mount: true @@ -28,12 +27,11 @@ tests: apiVersion: v1 name: gitea-unittests-actions-token-job - it: doesn't renders a ServiceAccount when criteria met BUT actions are not enabled - template: templates/gitea/act_runner/serviceaccount-job.yaml + template: templates/serviceaccount-job.yaml set: - actions: - enabled: false - provisioning: - enabled: true + enabled: false + provisioning: + enabled: true persistence: enabled: true mount: true diff --git a/unittests/helm/statefulset.yaml b/unittests/helm/statefulset.yaml new file mode 100644 index 0000000..47ea4a3 --- /dev/null +++ b/unittests/helm/statefulset.yaml @@ -0,0 +1,212 @@ +suite: actions template | statefulset +release: + name: gitea-unittests + namespace: testing +templates: + - templates/statefulset.yaml + - templates/config-act-runner.yaml +tests: + - it: doesn't renders a StatefulSet by default + template: templates/statefulset.yaml + asserts: + - hasDocuments: + count: 0 + - it: renders a StatefulSet (with given existingSecret/existingSecretKey) + template: templates/statefulset.yaml + set: + enabled: true + existingSecret: "my-secret" + existingSecretKey: "my-secret-key" + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: gitea-unittests-actions-act-runner + - equal: + path: spec.template.spec.containers[0].env[3] + value: + name: GITEA_RUNNER_REGISTRATION_TOKEN + valueFrom: + secretKeyRef: + name: "my-secret" + key: "my-secret-key" + - it: renders a StatefulSet (with secret reference defaults for enabled provisioning) + template: templates/statefulset.yaml + set: + enabled: true + provisioning: + enabled: true + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: gitea-unittests-actions-act-runner + - equal: + path: spec.template.spec.containers[0].env[3] + value: + name: GITEA_RUNNER_REGISTRATION_TOKEN + valueFrom: + secretKeyRef: + name: "gitea-unittests-actions-token" + key: "token" + - it: renders a StatefulSet (that tracks changes of the runner configuration as annotation) + template: templates/statefulset.yaml + set: + image.tag: "1.22.3" # lock image tag to prevent test failures on future Gitea upgrades + enabled: true + existingSecret: "my-secret" + existingSecretKey: "my-secret-key" + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: gitea-unittests-actions-act-runner + - equal: + path: spec.template.metadata.annotations["checksum/config"] + value: "e01f6cc186c5b523cba245cbfc9d556df49a71f7f650c979c2dbfd2bf40b9098" + - it: renders a StatefulSet http (with correct GITEA_INSTANCE_URL env from giteaRootURL) + template: templates/statefulset.yaml + set: + giteaRootURL: "http://git.example.com" + enabled: true + existingSecret: "my-secret" + existingSecretKey: "my-secret-key" + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: gitea-unittests-actions-act-runner + - equal: + path: spec.template.spec.containers[0].env[4] + value: + name: GITEA_INSTANCE_URL + value: "http://git.example.com" + - equal: + path: spec.template.spec.initContainers[0].command[2] + value: | + while ! nc -z git.example.com 80; do + sleep 5 + done + - it: renders a StatefulSet https (with correct GITEA_INSTANCE_URL env from giteaRootURL) + template: templates/statefulset.yaml + set: + giteaRootURL: "https://git.example.com" + enabled: true + existingSecret: "my-secret" + existingSecretKey: "my-secret-key" + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: gitea-unittests-actions-act-runner + - equal: + path: spec.template.spec.containers[0].env[4] + value: + name: GITEA_INSTANCE_URL + value: "https://git.example.com" + - equal: + path: spec.template.spec.initContainers[0].command[2] + value: | + while ! nc -z git.example.com 443; do + sleep 5 + done + - it: renders a StatefulSet https (with correct GITEA_INSTANCE_URL env from giteaRootURL) + template: templates/statefulset.yaml + set: + giteaRootURL: "https://git.example.com:8443" + enabled: true + existingSecret: "my-secret" + existingSecretKey: "my-secret-key" + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: gitea-unittests-actions-act-runner + - equal: + path: spec.template.spec.containers[0].env[4] + value: + name: GITEA_INSTANCE_URL + value: "https://git.example.com:8443" + - equal: + path: spec.template.spec.initContainers[0].command[2] + value: | + while ! nc -z git.example.com 8443; do + sleep 5 + done + - it: allows adding custom environment variables to the docker-in-docker container + template: templates/statefulset.yaml + set: + enabled: true + statefulset: + dind: + extraEnvs: + - name: "CUSTOM_ENV_NAME" + value: "custom env value" + asserts: + - equal: + path: spec.template.spec.containers[1].env[3] + value: + name: "CUSTOM_ENV_NAME" + value: "custom env value" + - it: should mount an extra volume in the act runner container + template: templates/statefulset.yaml + set: + enabled: true + statefulset: + extraVolumes: + - name: my-act-runner-volume + emptyDir: {} + actRunner: + extraVolumeMounts: + - mountPath: /mnt + name: my-act-runner-volume + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: gitea-unittests-actions-act-runner + - contains: + any: true + path: spec.template.spec.containers[0].volumeMounts + content: + mountPath: /mnt + name: my-act-runner-volume + - it: should mount an extra volume in the docker-in-docker container + template: templates/statefulset.yaml + set: + enabled: true + statefulset: + extraVolumes: + - name: my-dind-volume + emptyDir: {} + dind: + extraVolumeMounts: + - mountPath: /mnt + name: my-dind-volume + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: gitea-unittests-actions-act-runner + - contains: + any: true + path: spec.template.spec.containers[1].volumeMounts + content: + mountPath: /mnt + name: my-dind-volume diff --git a/unittests/job.yaml b/unittests/job.yaml deleted file mode 100644 index a16d40d..0000000 --- a/unittests/job.yaml +++ /dev/null @@ -1,65 +0,0 @@ -suite: actions template | job -release: - name: gitea-unittests - namespace: testing -chart: - # Override appVersion to have a pinned version for comparison - appVersion: 1.19.3 -templates: - - templates/gitea/act_runner/job.yaml -tests: - - it: renders a Job - template: templates/gitea/act_runner/job.yaml - set: - actions: - enabled: true - provisioning: - enabled: true - persistence: - enabled: true - mount: true - asserts: - - hasDocuments: - count: 1 - - containsDocument: - kind: Job - apiVersion: batch/v1 - name: gitea-unittests-actions-token-job - - equal: - path: spec.template.spec.containers[0].image - value: "docker.gitea.com/gitea:1.19.3-rootless" - - it: tag override - template: templates/gitea/act_runner/job.yaml - set: - image.tag: "1.19.4" - actions: - enabled: true - provisioning: - enabled: true - publish: - tag: "1.29.0" - persistence: - enabled: true - mount: true - asserts: - - equal: - path: spec.template.spec.containers[0].image - value: "docker.gitea.com/gitea:1.19.4-rootless" - - equal: - path: spec.template.spec.containers[1].image - value: "bitnami/kubectl:1.29.0" - - it: doesn't renders a Job by default - template: templates/gitea/act_runner/job.yaml - asserts: - - hasDocuments: - count: 0 - - it: doesn't renders a Job when provisioning is enabled BUT actions are not enabled - template: templates/gitea/act_runner/job.yaml - set: - actions: - enabled: false - provisioning: - enabled: true - asserts: - - hasDocuments: - count: 0 diff --git a/unittests/statefulset.yaml b/unittests/statefulset.yaml deleted file mode 100644 index 323fef6..0000000 --- a/unittests/statefulset.yaml +++ /dev/null @@ -1,182 +0,0 @@ -suite: actions template | statefulset -release: - name: gitea-unittests - namespace: testing -templates: - - templates/gitea/act_runner/statefulset.yaml - - templates/gitea/act_runner/config-act-runner.yaml -tests: - - it: doesn't renders a StatefulSet by default - template: templates/gitea/act_runner/statefulset.yaml - asserts: - - hasDocuments: - count: 0 - - it: renders a StatefulSet (with given existingSecret/existingSecretKey) - template: templates/gitea/act_runner/statefulset.yaml - set: - actions: - enabled: true - existingSecret: "my-secret" - existingSecretKey: "my-secret-key" - asserts: - - hasDocuments: - count: 1 - - containsDocument: - kind: StatefulSet - apiVersion: apps/v1 - name: gitea-unittests-act-runner - - equal: - path: spec.template.spec.containers[0].env[3] - value: - name: GITEA_RUNNER_REGISTRATION_TOKEN - valueFrom: - secretKeyRef: - name: "my-secret" - key: "my-secret-key" - - it: renders a StatefulSet (with secret reference defaults for enabled provisioning) - template: templates/gitea/act_runner/statefulset.yaml - set: - actions: - enabled: true - provisioning: - enabled: true - asserts: - - hasDocuments: - count: 1 - - containsDocument: - kind: StatefulSet - apiVersion: apps/v1 - name: gitea-unittests-act-runner - - equal: - path: spec.template.spec.containers[0].env[3] - value: - name: GITEA_RUNNER_REGISTRATION_TOKEN - valueFrom: - secretKeyRef: - name: "gitea-unittests-actions-token" - key: "token" - - it: renders a StatefulSet (that tracks changes of the runner configuration as annotation) - template: templates/gitea/act_runner/statefulset.yaml - set: - image.tag: "1.22.3" # lock image tag to prevent test failures on future Gitea upgrades - actions: - enabled: true - existingSecret: "my-secret" - existingSecretKey: "my-secret-key" - asserts: - - hasDocuments: - count: 1 - - containsDocument: - kind: StatefulSet - apiVersion: apps/v1 - name: gitea-unittests-act-runner - - equal: - path: spec.template.metadata.annotations["checksum/config"] - value: "2a2200e80fc29111d18b675789c265cd3d5f917754850f946f1ce3c55dcd65f8" - - it: renders a StatefulSet (with correct GITEA_INSTANCE_URL env with default act-runner specific LOCAL_ROOT_URL) - template: templates/gitea/act_runner/statefulset.yaml - set: - actions: - enabled: true - existingSecret: "my-secret" - existingSecretKey: "my-secret-key" - asserts: - - hasDocuments: - count: 1 - - containsDocument: - kind: StatefulSet - apiVersion: apps/v1 - name: gitea-unittests-act-runner - - equal: - path: spec.template.spec.containers[0].env[4] - value: - name: GITEA_INSTANCE_URL - value: "http://gitea-unittests-http:3000" - - it: renders a StatefulSet (with correct GITEA_INSTANCE_URL env from customized LOCAL_ROOT_URL) - template: templates/gitea/act_runner/statefulset.yaml - set: - gitea.config.server.LOCAL_ROOT_URL: "http://git.example.com" - actions: - enabled: true - existingSecret: "my-secret" - existingSecretKey: "my-secret-key" - asserts: - - hasDocuments: - count: 1 - - containsDocument: - kind: StatefulSet - apiVersion: apps/v1 - name: gitea-unittests-act-runner - - equal: - path: spec.template.spec.containers[0].env[4] - value: - name: GITEA_INSTANCE_URL - value: "http://git.example.com" - - it: allows adding custom environment variables to the docker-in-docker container - template: templates/gitea/act_runner/statefulset.yaml - set: - actions: - enabled: true - statefulset: - dind: - extraEnvs: - - name: "CUSTOM_ENV_NAME" - value: "custom env value" - asserts: - - equal: - path: spec.template.spec.containers[1].env[3] - value: - name: "CUSTOM_ENV_NAME" - value: "custom env value" - - it: should mount an extra volume in the act runner container - template: templates/gitea/act_runner/statefulset.yaml - set: - actions: - enabled: true - statefulset: - extraVolumes: - - name: my-act-runner-volume - emptyDir: {} - actRunner: - extraVolumeMounts: - - mountPath: /mnt - name: my-act-runner-volume - asserts: - - hasDocuments: - count: 1 - - containsDocument: - kind: StatefulSet - apiVersion: apps/v1 - name: gitea-unittests-act-runner - - contains: - any: true - path: spec.template.spec.containers[0].volumeMounts - content: - mountPath: /mnt - name: my-act-runner-volume - - it: should mount an extra volume in the docker-in-docker container - template: templates/gitea/act_runner/statefulset.yaml - set: - actions: - enabled: true - statefulset: - extraVolumes: - - name: my-dind-volume - emptyDir: {} - dind: - extraVolumeMounts: - - mountPath: /mnt - name: my-dind-volume - asserts: - - hasDocuments: - count: 1 - - containsDocument: - kind: StatefulSet - apiVersion: apps/v1 - name: gitea-unittests-act-runner - - contains: - any: true - path: spec.template.spec.containers[1].volumeMounts - content: - mountPath: /mnt - name: my-dind-volume diff --git a/values.yaml b/values.yaml index fc8ddec..54396b9 100644 --- a/values.yaml +++ b/values.yaml @@ -2,6 +2,7 @@ # - must enable persistence if the job is enabled ## @section Gitea Actions # +## @param enabled Create an act runner StatefulSet. ## @param init.image.repository The image used for the init containers ## @param init.image.tag The image tag used for the init containers ## @param statefulset.annotations Act runner annotations @@ -34,6 +35,7 @@ ## @param provisioning.publish.pullPolicy The publish image pullPolicy that can create the secret ## @param existingSecret Secret that contains the token ## @param existingSecretKey Secret key +## @param giteaRootURL URL the act_runner registers and connect with enabled: false statefulset: annotations: {} @@ -97,3 +99,60 @@ provisioning: ## existingSecret: "" existingSecretKey: "" + +## Specify the root URL of the Gitea instance +giteaRootURL: "" + +## @section Persistence +# +## @param persistence.enabled Enable persistent storage +## @param persistence.create Whether to create the persistentVolumeClaim for shared storage +## @param persistence.mount Whether the persistentVolumeClaim should be mounted (even if not created) +## @param persistence.claimName Use an existing claim to store repository information +## @param persistence.size Size for persistence to store repo information +## @param persistence.accessModes AccessMode for persistence +## @param persistence.labels Labels for the persistence volume claim to be created +## @param persistence.annotations.helm.sh/resource-policy Resource policy for the persistence volume claim +## @param persistence.storageClass Name of the storage class to use +## @param persistence.subPath Subdirectory of the volume to mount at +## @param persistence.volumeName Name of persistent volume in PVC +persistence: + enabled: true + create: true + mount: true + claimName: gitea-shared-storage + size: 10Gi + accessModes: + - ReadWriteOnce + labels: {} + storageClass: + subPath: + volumeName: "" + annotations: + helm.sh/resource-policy: keep + +## @section Image +## @param image.registry image registry, e.g. gcr.io,docker.io +## @param image.repository Image to start for this pod +## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. +## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` +## @param image.pullPolicy Image pull policy +## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher +## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** +image: + registry: "docker.gitea.com" + repository: gitea + # Overrides the image tag whose default is the chart appVersion. + tag: "" + digest: "" + pullPolicy: IfNotPresent + rootless: true + fullOverride: "" + +## @section Global +# +## @param global.imageRegistry global image registry override +## @param global.storageClass global storage class override +global: + imageRegistry: "" + storageClass: ""