volker.raschek/helm-actions
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

refactor!: remove actions runner token provisioning (#15)

Browse Source 
To be discussed. In https://gitea.com/gitea/helm-actions/issues/9#issuecomment-1002191 and https://gitea.com/gitea/helm-actions/pulls/13 I described that a migration of provisioning is currently not feasible due to
- helm limitations
  - You are forced to repeat a lot of stuff for the default branch
  -  helm-actions cannot read values of the helm-gitea chart to fix this
- No agreement about making helm-gitea a optional dependency of helm-actions can be reached at the moment

# Proposal

- Create a new repository that includes both helm-gitea **and** helm-actions
- Provisioning leaves this repository as well like it did in helm-gitea
- Create that as gitea/helm-stack or whatever name
- Provisioning code and tests moves to gitea/helm-stack

We would need help with the repository creation

Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/15
Reviewed-by: DaanSelen <daanselen@noreply.gitea.com>
Co-authored-by: ChristopherHX <christopherhx@noreply.gitea.com>
Co-committed-by: ChristopherHX <christopherhx@noreply.gitea.com>
This commit is contained in:
ChristopherHX
2025-08-13 21:15:21 +00:00
committed by DaanSelen
parent 7ad8e12e45
commit 8c95dcd282
18 changed files with 8 additions and 698 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
unittests/helm/01-consistency-checks.yaml
View File

@ -5,49 +5,15 @@ release:
templates:
- templates/01-consistency-checks.yaml
tests:
- it: fails when provisioning is enabled BUT persistence is completely disabled
set:
persistence:
enabled: false
enabled: true
provisioning:
enabled: true
asserts:
- failedTemplate:
errorMessage: "persistence.enabled and persistence.mount are required when provisioning is enabled"
- it: fails when provisioning is enabled BUT mount is disabled, although persistence is enabled
set:
persistence:
enabled: true
mount: false
enabled: true
provisioning:
enabled: true
asserts:
- failedTemplate:
errorMessage: "persistence.enabled and persistence.mount are required when provisioning is enabled"
- it: fails when provisioning is enabled AND existingSecret is given
set:
enabled: true
provisioning:
enabled: true
existingSecret: "secret-reference"
asserts:
- failedTemplate:
errorMessage: "Can't specify both actions.provisioning.enabled and actions.existingSecret"
- it: fails when provisioning is disabled BUT existingSecret and existingSecretKey are missing
set:
enabled: true
provisioning:
enabled: false
asserts:
- failedTemplate:
errorMessage: "existingSecret and existingSecretKey are required when provisioning is disabled"
- it: fails when provisioning is disabled BUT existingSecretKey is missing
set:
enabled: true
provisioning:
enabled: false
existingSecret: "my-secret"
asserts:
- failedTemplate:
@ -55,8 +21,6 @@ tests:
- it: fails when provisioning is disabled BUT existingSecret is missing
set:
enabled: true
provisioning:
enabled: false
existingSecretKey: "my-secret-key"
asserts:
- failedTemplate:
@ -64,8 +28,6 @@ tests:
- it: fails when LOCAL_ROOT_URL is missing
set:
enabled: true
provisioning:
enabled: false
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
asserts:

47
unittests/helm/config-scripts.yaml
View File

@ -1,47 +0,0 @@
suite: actions template | config-scripts
release:
name: gitea-unittests
namespace: testing
templates:
- templates/config-scripts.yaml
tests:
- it: renders a ConfigMap when all criteria are met
template: templates/config-scripts.yaml
set:
enabled: true
provisioning:
enabled: true
persistence:
enabled: true
mount: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: ConfigMap
apiVersion: v1
name: gitea-unittests-actions-scripts
- isNotNullOrEmpty:
path: data["token.sh"]
- it: doesn't renders a ConfigMap by default
template: templates/config-scripts.yaml
asserts:
- hasDocuments:
count: 0
- it: doesn't renders a ConfigMap with disabled actions but enabled provisioning
template: templates/config-scripts.yaml
asserts:
- hasDocuments:
count: 0
- it: doesn't renders a ConfigMap with disabled actions but otherwise met criteria
template: templates/config-scripts.yaml
set:
enabled: false
provisioning:
enabled: true
persistence:
enabled: true
mount: true
asserts:
- hasDocuments:
count: 0

88
unittests/helm/job.yaml
View File

@ -1,88 +0,0 @@
suite: actions template | job
release:
name: gitea-unittests
namespace: testing
chart:
# Override appVersion to have a pinned version for comparison
appVersion: 1.23.6
templates:
- templates/job.yaml
tests:
- it: renders a Job
template: templates/job.yaml
set:
enabled: true
provisioning:
enabled: true
persistence:
enabled: true
mount: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: Job
apiVersion: batch/v1
name: gitea-unittests-actions-token-job
- equal:
path: spec.template.spec.containers[0].image
value: "docker.gitea.com/gitea:1.23.6-rootless"
- it: tag override
template: templates/job.yaml
set:
image.tag: "1.23.7"
enabled: true
provisioning:
enabled: true
publish:
tag: "1.29.0"
persistence:
enabled: true
mount: true
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: "docker.gitea.com/gitea:1.23.7-rootless"
- equal:
path: spec.template.spec.containers[1].image
value: "bitnami/kubectl:1.29.0"
- it: doesn't renders a Job by default
template: templates/job.yaml
asserts:
- hasDocuments:
count: 0
- it: doesn't renders a Job when provisioning is enabled BUT actions are not enabled
template: templates/job.yaml
set:
enabled: false
provisioning:
enabled: true
asserts:
- hasDocuments:
count: 0
- it: renders a Job with correct nc command
template: templates/job.yaml
set:
enabled: true
giteaRootURL: "https://git.example.com:8443"
provisioning:
enabled: true
persistence:
enabled: true
mount: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: Job
apiVersion: batch/v1
name: gitea-unittests-actions-token-job
- equal:
path: spec.template.spec.containers[0].image
value: "docker.gitea.com/gitea:1.23.6-rootless"
- equal:
path: spec.template.spec.initContainers[0].command[2]
value: |
while ! nc -z git.example.com 8443; do
sleep 5
done

40
unittests/helm/role-job.yaml
View File

@ -1,40 +0,0 @@
suite: actions template | role-job
release:
name: gitea-unittests
namespace: testing
templates:
- templates/role-job.yaml
tests:
- it: doesn't renders a Role by default
template: templates/role-job.yaml
asserts:
- hasDocuments:
count: 0
- it: renders a Role
template: templates/role-job.yaml
set:
enabled: true
provisioning:
enabled: true
persistence:
enabled: true
mount: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
name: gitea-unittests-actions-token-job
- it: doesn't renders a Role when criteria met BUT actions are not enabled
template: templates/role-job.yaml
set:
enabled: false
provisioning:
enabled: true
persistence:
enabled: true
mount: true
asserts:
- hasDocuments:
count: 0

40
unittests/helm/rolebinding-job.yaml
View File

@ -1,40 +0,0 @@
suite: actions template | rolebinding-job
release:
name: gitea-unittests
namespace: testing
templates:
- templates/rolebinding-job.yaml
tests:
- it: doesn't renders a RoleBinding by default
template: templates/rolebinding-job.yaml
asserts:
- hasDocuments:
count: 0
- it: renders a RoleBinding
template: templates/rolebinding-job.yaml
set:
enabled: true
provisioning:
enabled: true
persistence:
enabled: true
mount: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
name: gitea-unittests-actions-token-job
- it: doesn't renders a RoleBinding when criteria met BUT actions are not enabled
template: templates/rolebinding-job.yaml
set:
enabled: false
provisioning:
enabled: true
persistence:
enabled: true
mount: true
asserts:
- hasDocuments:
count: 0

40
unittests/helm/secret-token.yaml
View File

@ -1,40 +0,0 @@
suite: actions template | secret-token
release:
name: gitea-unittests
namespace: testing
templates:
- templates/secret-token.yaml
tests:
- it: doesn't renders a Secret by default
template: templates/secret-token.yaml
asserts:
- hasDocuments:
count: 0
- it: renders a Secret
template: templates/secret-token.yaml
set:
enabled: true
provisioning:
enabled: true
persistence:
enabled: true
mount: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: Secret
apiVersion: v1
name: gitea-unittests-actions-token
- it: doesn't renders a Secret when criteria met BUT actions are not enabled
template: templates/secret-token.yaml
set:
enabled: false
provisioning:
enabled: true
persistence:
enabled: true
mount: true
asserts:
- hasDocuments:
count: 0

40
unittests/helm/serviceaccount-job.yaml
View File

@ -1,40 +0,0 @@
suite: actions template | serviceaccount-job
release:
name: gitea-unittests
namespace: testing
templates:
- templates/serviceaccount-job.yaml
tests:
- it: doesn't renders a ServiceAccount by default
template: templates/serviceaccount-job.yaml
asserts:
- hasDocuments:
count: 0
- it: renders a ServiceAccount
template: templates/serviceaccount-job.yaml
set:
enabled: true
provisioning:
enabled: true
persistence:
enabled: true
mount: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: ServiceAccount
apiVersion: v1
name: gitea-unittests-actions-token-job
- it: doesn't renders a ServiceAccount when criteria met BUT actions are not enabled
template: templates/serviceaccount-job.yaml
set:
enabled: false
provisioning:
enabled: true
persistence:
enabled: true
mount: true
asserts:
- hasDocuments:
count: 0

2
unittests/helm/statefulset.yaml
View File

@ -69,7 +69,7 @@ tests:
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.metadata.annotations["checksum/config"]
value: "e01f6cc186c5b523cba245cbfc9d556df49a71f7f650c979c2dbfd2bf40b9098"
value: "7566d9c60261bf8cbff6a6936fc7aead96cec540d8c793d142a5ad4664c56ba5"
- it: renders a StatefulSet http (with correct GITEA_INSTANCE_URL env from giteaRootURL)
template: templates/statefulset.yaml
set: