chore: add maintainer volker.raschek to the chart

Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/33
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-committed-by: ChristopherHX <christopher.homberger@web.de>

CODEOWNERS

@@ -0,0 +1 @@
+* @rossigee @volker.raschek @ChristopherHX

Chart.yaml

@@ -13,7 +13,18 @@ keywords:
 sources:
   - https://gitea.com/gitea/helm-actions
   - https://gitea.com/gitea/act
-# FIXME:
+
-# maintainers:
+maintainers:
+  # https://gitea.com/DaanSelen
+  - name: Daan Selen
+    email: dselen@nerthus.nl
+
+  # https://gitea.com/volker.raschek
+  - name: Markus Pesch
+    email: markus.pesch+apps@cryptic.systems
+
+  # https://gitea.com/ChristopherHX
+  - name: Christopher Homberger
+    email: christopher.homberger@web.de
 
 dependencies: []

README.md

@@ -1,4 +1,10 @@
-# helm-act
+# Gitea Actions Helm Chart
+
+This helm chart serves as the way to deploy the Gitea [act-runners](https://gitea.com/gitea/act_runner) alongside a running Gitea instance.  
+It serves as a standalone chart and does not rely on Gitea to be present in the same environment, however it needs to be able to reach a Gitea instance to function.  
+The parameters which can be used to customize the deployment are described below, check those out if you want to see if something is supported.  
+
+If you want to propose a new feature or mechanism, submit an [issue here](https://gitea.com/gitea/helm-actions/issues).
 
 ## Rootless Defaults
 
@@ -15,6 +21,7 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us
 | `enabled`                                 | Create an act runner StatefulSet.                                                                                                           | `false`                        |
 | `init.image.repository`                   | The image used for the init containers                                                                                                      | `busybox`                      |
 | `init.image.tag`                          | The image tag used for the init containers                                                                                                  | `1.37.0`                       |
+| `statefulset.replicas`                    | the amount of (replica) runner pods deployed                                                                                                | `1`                            |
 | `statefulset.annotations`                 | Act runner annotations                                                                                                                      | `{}`                           |
 | `statefulset.labels`                      | Act runner labels                                                                                                                           | `{}`                           |
 | `statefulset.resources`                   | Act runner resources                                                                                                                        | `{}`                           |
@@ -33,49 +40,10 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us
 | `statefulset.dind.extraVolumeMounts`      | Allows mounting extra volumes in the Docker-in-Docker container                                                                             | `[]`                           |
 | `statefulset.dind.extraEnvs`              | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`                                                                | `[]`                           |
 | `statefulset.persistence.size`            | Size for persistence to store act runner data                                                                                               | `1Gi`                          |
-| `provisioning.enabled`                    | Create a job that will create and save the token in a Kubernetes Secret                                                                     | `false`                        |
-| `provisioning.annotations`                | Job's annotations                                                                                                                           | `{}`                           |
-| `provisioning.labels`                     | Job's labels                                                                                                                                | `{}`                           |
-| `provisioning.resources`                  | Job's resources                                                                                                                             | `{}`                           |
-| `provisioning.nodeSelector`               | NodeSelector for the job                                                                                                                    | `{}`                           |
-| `provisioning.tolerations`                | Tolerations for the job                                                                                                                     | `[]`                           |
-| `provisioning.affinity`                   | Affinity for the job                                                                                                                        | `{}`                           |
-| `provisioning.ttlSecondsAfterFinished`    | ttl for the job after finished in order to allow helm to properly recognize that the job completed                                          | `300`                          |
-| `provisioning.publish.repository`         | The image that can create the secret via kubectl                                                                                            | `bitnami/kubectl`              |
-| `provisioning.publish.tag`                | The publish image tag that can create the secret                                                                                            | `1.29.0`                       |
-| `provisioning.publish.pullPolicy`         | The publish image pullPolicy that can create the secret                                                                                     | `IfNotPresent`                 |
 | `existingSecret`                          | Secret that contains the token                                                                                                              | `""`                           |
 | `existingSecretKey`                       | Secret key                                                                                                                                  | `""`                           |
 | `giteaRootURL`                            | URL the act_runner registers and connect with                                                                                               | `""`                           |
 
-### Persistence
-
-| Name                                              | Description                                                               | Value                  |
-| ------------------------------------------------- | ------------------------------------------------------------------------- | ---------------------- |
-| `persistence.enabled`                             | Enable persistent storage                                                 | `true`                 |
-| `persistence.create`                              | Whether to create the persistentVolumeClaim for shared storage            | `true`                 |
-| `persistence.mount`                               | Whether the persistentVolumeClaim should be mounted (even if not created) | `true`                 |
-| `persistence.claimName`                           | Use an existing claim to store repository information                     | `gitea-shared-storage` |
-| `persistence.size`                                | Size for persistence to store repo information                            | `10Gi`                 |
-| `persistence.accessModes`                         | AccessMode for persistence                                                | `["ReadWriteOnce"]`    |
-| `persistence.labels`                              | Labels for the persistence volume claim to be created                     | `{}`                   |
-| `persistence.annotations.helm.sh/resource-policy` | Resource policy for the persistence volume claim                          | `keep`                 |
-| `persistence.storageClass`                        | Name of the storage class to use                                          | `nil`                  |
-| `persistence.subPath`                             | Subdirectory of the volume to mount at                                    | `nil`                  |
-| `persistence.volumeName`                          | Name of persistent volume in PVC                                          | `""`                   |
-
-### Image
-
-| Name                 | Description                                                                                                                                                      | Value              |
-| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------ |
-| `image.registry`     | image registry, e.g. gcr.io,docker.io                                                                                                                            | `docker.gitea.com` |
-| `image.repository`   | Image to start for this pod                                                                                                                                      | `gitea`            |
-| `image.tag`          | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml.                          | `""`               |
-| `image.digest`       | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`                                                       | `""`               |
-| `image.pullPolicy`   | Image pull policy                                                                                                                                                | `IfNotPresent`     |
-| `image.rootless`     | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher                                                                        | `true`             |
-| `image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** | `""`               |
-
 ### Global
 
 | Name                   | Description                    | Value |

templates/01-consistency-checks.yaml

@@ -1,15 +1,6 @@
 {{- if .Values.enabled -}}
-    {{- if .Values.provisioning.enabled -}}
+
-        {{- if not (and .Values.persistence.enabled .Values.persistence.mount) -}}
+    {{- if or (empty .Values.existingSecret) (empty .Values.existingSecretKey) -}}
-            {{- fail "persistence.enabled and persistence.mount are required when provisioning is enabled" -}}
-        {{- end -}}
-        {{- if and .Values.persistence.enabled .Values.persistence.mount -}}
-            {{- if .Values.existingSecret -}}
-                {{- fail "Can't specify both actions.provisioning.enabled and actions.existingSecret" -}}
-            {{- end -}}
-        {{- end -}}
-    {{- end -}}
-    {{- if and (not .Values.provisioning.enabled) (or (empty .Values.existingSecret) (empty .Values.existingSecretKey)) -}}
         {{- fail "existingSecret and existingSecretKey are required when provisioning is disabled" -}}
     {{- end -}}
     {{- if not .Values.giteaRootURL -}}

templates/_helpers.tpl

@@ -39,34 +39,11 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
-{{/*
-Create image name and tag used by the deployment.
-*/}}
-{{- define "gitea.actions.image" -}}
-{{- $fullOverride := .Values.image.fullOverride | default "" -}}
-{{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}}
-{{- $repository := .Values.image.repository -}}
-{{- $separator := ":" -}}
-{{- $tag := .Values.image.tag | default .Chart.AppVersion | toString -}}
-{{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}}
-{{- $digest := "" -}}
-{{- if .Values.image.digest }}
-    {{- $digest = (printf "@%s" (.Values.image.digest | toString)) -}}
-{{- end -}}
-{{- if $fullOverride }}
-    {{- printf "%s" $fullOverride -}}
-{{- else if $registry }}
-    {{- printf "%s/%s%s%s%s%s" $registry $repository $separator $tag $rootless $digest -}}
-{{- else -}}
-    {{- printf "%s%s%s%s%s" $repository $separator $tag $rootless $digest -}}
-{{- end -}}
-{{- end -}}
-
 {{/*
 Storage Class
 */}}
 {{- define "gitea.actions.persistence.storageClass" -}}
-{{- $storageClass :=  (tpl ( default "" .Values.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }}
+{{- $storageClass :=  default (tpl ( default "" .Values.global.storageClass) .) }}
 {{- if $storageClass }}
 storageClassName: {{ $storageClass | quote }}
 {{- end }}
@@ -79,8 +56,8 @@ Common labels
 helm.sh/chart: {{ include "gitea.actions.chart" . }}
 app: {{ include "gitea.actions.name" . }}
 {{ include "gitea.actions.selectorLabels" . }}
-app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
+app.kubernetes.io/version: {{ default .Chart.AppVersion | quote }}
-version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
+version: {{ default .Chart.AppVersion | quote }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 
@@ -88,8 +65,8 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 helm.sh/chart: {{ include "gitea.actions.chart" . }}
 app: {{ include "gitea.actions.name" . }}-act-runner
 {{ include "gitea.actions.selectorLabels.actRunner" . }}
-app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
+app.kubernetes.io/version: {{ default .Chart.AppVersion | quote }}
-version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
+version: {{ default .Chart.AppVersion | quote }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 
@@ -109,23 +86,3 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- define "gitea.actions.local_root_url" -}}
   {{- .Values.giteaRootURL -}}
 {{- end -}}
-
-{{/*
-Parse the http url to hostname + port separated by space for the nc command
-*/}}
-{{- define "gitea.actions.nc" -}}
-{{- $url := include "gitea.actions.local_root_url" . | urlParse -}}
-{{- $host := get $url "host" -}}
-{{- $scheme := get $url "scheme" -}}
-{{- $port := "80" -}}
-{{- if contains ":" $host -}}
-    {{- $hostAndPort := regexSplit ":" $host 2 -}}
-    {{- $host = index $hostAndPort 0 -}}
-    {{- $port = index $hostAndPort 1 -}}
-{{- else if eq $scheme "https" -}}
-    {{- $port = "443" -}}
-{{- else if eq $scheme "http" -}}
-    {{- $port = "80" -}}
-{{- end -}}
-{{- printf "%s %s" $host $port -}}
-{{- end -}}

templates/config-scripts.yaml

@@ -1,14 +0,0 @@
-{{- if .Values.enabled }}
-{{- if and (and .Values.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "gitea.actions.fullname" . }}-scripts
-  namespace: {{ .Values.namespace | default .Release.Namespace }}
-  labels:
-    {{- include "gitea.actions.labels" . | nindent 4 }}
-data:
-{{ (.Files.Glob "scripts/*.sh").AsConfig | indent 2 }}
-{{- end }}
-{{- end }}

templates/job.yaml

@@ -1,115 +0,0 @@
-{{- if .Values.enabled }}
-{{- if and (and .Values.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
-{{- $name := include "gitea.actions.workername" (dict "global" . "worker" "actions-token-job") }}
-{{- $secretName := include "gitea.actions.workername" (dict "global" . "worker" "actions-token") }}
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: {{ $name }}
-  namespace: {{ .Values.namespace | default .Release.Namespace }}
-  labels:
-    {{- include "gitea.actions.labels" . | nindent 4 }}
-    {{- with .Values.provisioning.labels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-    app.kubernetes.io/component: token-job
-  annotations:
-    {{- with .Values.provisioning.annotations }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-spec:
-  ttlSecondsAfterFinished: {{ .Values.provisioning.ttlSecondsAfterFinished }}
-  template:
-    metadata:
-      labels:
-        {{- include "gitea.actions.labels" . | nindent 8 }}
-        {{- with .Values.provisioning.labels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-        app.kubernetes.io/component: token-job
-    spec:
-      initContainers:
-        - name: init-gitea
-          image: "{{ .Values.init.image.repository }}:{{ .Values.init.image.tag }}"
-          command:
-            - sh
-            - -c
-            - |
-              while ! nc -z {{ include "gitea.actions.nc" . }}; do
-                sleep 5
-              done
-      containers:
-        - name: actions-token-create
-          image: "{{ include "gitea.actions.image" . }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          env:
-            - name: GITEA_APP_INI
-              value: /data/gitea/conf/app.ini
-          command:
-            - sh
-            - -c
-            - |
-              echo "Generating act_runner token via 'gitea actions generate-runner-token'..."
-              mkdir -p /data/actions/
-              gitea actions generate-runner-token | grep -E '^.{40}$' | tr -d '\n' > /data/actions/token
-          resources:
-            {{- toYaml .Values.provisioning.resources | nindent 12 }}
-          volumeMounts:
-            - name: data
-              mountPath: /data
-              {{- if .Values.persistence.subPath }}
-              subPath: {{ .Values.persistence.subPath }}
-              {{- end }}
-        - name: actions-token-upload
-          image: "{{ .Values.provisioning.publish.repository }}:{{ .Values.provisioning.publish.tag }}"
-          imagePullPolicy: {{ .Values.provisioning.publish.pullPolicy }}
-          env:
-            - name: SECRET_NAME
-              value: {{ $secretName }}
-          command:
-            - sh
-            - -c
-            - |
-              printf "Checking rights to update kubernetes act_runner secret..."
-              kubectl auth can-i update secret/${SECRET_NAME}
-              /scripts/token.sh
-          resources:
-            {{- toYaml .Values.provisioning.resources | nindent 12 }}
-          volumeMounts:
-            - mountPath: /scripts
-              name: scripts
-              readOnly: true
-            - mountPath: /data
-              name: data
-              readOnly: true
-              {{- if .Values.persistence.subPath }}
-              subPath: {{ .Values.persistence.subPath }}
-              {{- end }}
-      {{- range $key, $value := .Values.provisioning.nodeSelector }}
-      nodeSelector:
-        {{ $key }}: {{ $value | quote }}
-      {{- end }}
-      {{- with .Values.provisioning.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.provisioning.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      restartPolicy: Never
-      serviceAccount: {{ $name }}
-      volumes:
-        - name: scripts
-          configMap:
-            name: {{ include "gitea.actions.fullname" . }}-scripts
-            defaultMode: 0755
-        - name: data
-          persistentVolumeClaim:
-            claimName: {{ .Values.persistence.claimName }}
-  parallelism: 1
-  completions: 1
-  backoffLimit: 1
-{{- end }}
-{{- end }}

templates/role-job.yaml

@@ -1,26 +0,0 @@
-{{- if .Values.enabled }}
-{{- if and (and .Values.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
-{{- $name := include "gitea.actions.workername" (dict "global" . "worker" "actions-token-job") }}
-{{- $secretName := include "gitea.actions.workername" (dict "global" . "worker" "actions-token") }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ $name }}
-  namespace: {{ .Values.namespace | default .Release.Namespace }}
-  labels:
-    {{- include "gitea.actions.labels" . | nindent 4 }}
-    app.kubernetes.io/component: token-job
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - secrets
-    resourceNames:
-      - {{ $secretName }}
-    verbs:
-      - get
-      - update
-      - patch
-{{- end }}
-{{- end }}

templates/rolebinding-job.yaml

@@ -1,22 +0,0 @@
-{{- if .Values.enabled }}
-{{- if and (and .Values.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
-{{- $name := include "gitea.actions.workername" (dict "global" . "worker" "actions-token-job") }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ $name }}
-  namespace: {{ .Values.namespace | default .Release.Namespace }}
-  labels:
-    {{- include "gitea.actions.labels" . | nindent 4 }}
-    app.kubernetes.io/component: token-job
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ $name }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ $name }}
-    namespace: {{ .Release.Namespace }}
-{{- end }}
-{{- end }}

templates/secret-token.yaml

@@ -1,20 +0,0 @@
-{{- if .Values.enabled }}
-{{- if and (and .Values.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
-{{- $name := include "gitea.actions.workername" (dict "global" . "worker" "actions-token-job") }}
-{{- $secretName := include "gitea.actions.workername" (dict "global" . "worker" "actions-token") }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ $secretName }}
-  namespace: {{ .Values.namespace | default .Release.Namespace }}
-  labels:
-    {{- include "gitea.actions.labels" . | nindent 4 }}
-    app.kubernetes.io/component: token-job
-{{ $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) -}}
-{{ if $secret -}}
-data:
-  token: {{ (b64dec (index $secret.data "token")) | b64enc }}
-{{ end -}}
-{{- end }}
-{{- end }}

templates/serviceaccount-job.yaml

@@ -1,14 +0,0 @@
-{{- if .Values.enabled }}
-{{- if and (and .Values.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
-{{- $name := include "gitea.actions.workername" (dict "global" . "worker" "actions-token-job") }}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ $name }}
-  namespace: {{ .Values.namespace | default .Release.Namespace }}
-  labels:
-    {{- include "gitea.actions.labels" . | nindent 4 }}
-    app.kubernetes.io/component: token-job
-{{- end }}
-{{- end }}

templates/statefulset.yaml

@@ -16,6 +16,7 @@ metadata:
   name: {{ include "gitea.actions.fullname" . }}-act-runner
   namespace: {{ .Values.namespace | default .Release.Namespace }}
 spec:
+  replicas: {{ .Values.statefulset.replicas | default 1 }}
   selector:
     matchLabels:
       {{- include "gitea.actions.selectorLabels.actRunner" . | nindent 6 }}
@@ -36,9 +37,12 @@ spec:
             - sh
             - -c
             - |
-              while ! nc -z {{ include "gitea.actions.nc" . }}; do
+              echo 'Trying to reach Gitea on {{ include "gitea.actions.local_root_url" . }}'
-                sleep 5
+              until timeout 10 wget --no-check-certificate --spider {{ include "gitea.actions.local_root_url" . }}; do
+                sleep 3
+                echo "Trying again in 3 seconds..."
               done
+              echo "Gitea has been reached!"
       containers:
         - name: act-runner
           image: "{{ .Values.statefulset.actRunner.repository }}:{{ .Values.statefulset.actRunner.tag }}"

unittests/helm/01-consistency-checks.yaml

@@ -5,49 +5,15 @@ release:
 templates:
   - templates/01-consistency-checks.yaml
 tests:
-  - it: fails when provisioning is enabled BUT persistence is completely disabled
-    set:
-      persistence:
-        enabled: false
-      enabled: true
-      provisioning:
-        enabled: true
-    asserts:
-      - failedTemplate:
-          errorMessage: "persistence.enabled and persistence.mount are required when provisioning is enabled"
-  - it: fails when provisioning is enabled BUT mount is disabled, although persistence is enabled
-    set:
-      persistence:
-        enabled: true
-        mount: false
-      enabled: true
-      provisioning:
-        enabled: true
-    asserts:
-      - failedTemplate:
-          errorMessage: "persistence.enabled and persistence.mount are required when provisioning is enabled"
-  - it: fails when provisioning is enabled AND existingSecret is given
-    set:
-      enabled: true
-      provisioning:
-        enabled: true
-      existingSecret: "secret-reference"
-    asserts:
-      - failedTemplate:
-          errorMessage: "Can't specify both actions.provisioning.enabled and actions.existingSecret"
   - it: fails when provisioning is disabled BUT existingSecret and existingSecretKey are missing
     set:
       enabled: true
-      provisioning:
-        enabled: false
     asserts:
       - failedTemplate:
           errorMessage: "existingSecret and existingSecretKey are required when provisioning is disabled"
   - it: fails when provisioning is disabled BUT existingSecretKey is missing
     set:
       enabled: true
-      provisioning:
-        enabled: false
       existingSecret: "my-secret"
     asserts:
       - failedTemplate:
@@ -55,8 +21,6 @@ tests:
   - it: fails when provisioning is disabled BUT existingSecret is missing
     set:
       enabled: true
-      provisioning:
-        enabled: false
       existingSecretKey: "my-secret-key"
     asserts:
       - failedTemplate:
@@ -64,8 +28,6 @@ tests:
   - it: fails when LOCAL_ROOT_URL is missing
     set:
       enabled: true
-      provisioning:
-        enabled: false
       existingSecret: "my-secret"
       existingSecretKey: "my-secret-key"
     asserts:

unittests/helm/config-scripts.yaml

@@ -1,47 +0,0 @@
-suite: actions template | config-scripts
-release:
-  name: gitea-unittests
-  namespace: testing
-templates:
-  - templates/config-scripts.yaml
-tests:
-  - it: renders a ConfigMap when all criteria are met
-    template: templates/config-scripts.yaml
-    set:
-      enabled: true
-      provisioning:
-        enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: ConfigMap
-          apiVersion: v1
-          name: gitea-unittests-actions-scripts
-      - isNotNullOrEmpty:
-          path: data["token.sh"]
-  - it: doesn't renders a ConfigMap by default
-    template: templates/config-scripts.yaml
-    asserts:
-      - hasDocuments:
-          count: 0
-  - it: doesn't renders a ConfigMap with disabled actions but enabled provisioning
-    template: templates/config-scripts.yaml
-    asserts:
-      - hasDocuments:
-          count: 0
-  - it: doesn't renders a ConfigMap with disabled actions but otherwise met criteria
-    template: templates/config-scripts.yaml
-    set:
-      enabled: false
-      provisioning:
-        enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 0

unittests/helm/job.yaml

@@ -1,88 +0,0 @@
-suite: actions template | job
-release:
-  name: gitea-unittests
-  namespace: testing
-chart:
-  # Override appVersion to have a pinned version for comparison
-  appVersion: 1.23.6
-templates:
-  - templates/job.yaml
-tests:
-  - it: renders a Job
-    template: templates/job.yaml
-    set:
-      enabled: true
-      provisioning:
-        enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: Job
-          apiVersion: batch/v1
-          name: gitea-unittests-actions-token-job
-      - equal:
-          path: spec.template.spec.containers[0].image
-          value: "docker.gitea.com/gitea:1.23.6-rootless"
-  - it: tag override
-    template: templates/job.yaml
-    set:
-      image.tag: "1.23.7"
-      enabled: true
-      provisioning:
-        enabled: true
-        publish:
-          tag: "1.29.0"
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - equal:
-          path: spec.template.spec.containers[0].image
-          value: "docker.gitea.com/gitea:1.23.7-rootless"
-      - equal:
-          path: spec.template.spec.containers[1].image
-          value: "bitnami/kubectl:1.29.0"
-  - it: doesn't renders a Job by default
-    template: templates/job.yaml
-    asserts:
-      - hasDocuments:
-          count: 0
-  - it: doesn't renders a Job when provisioning is enabled BUT actions are not enabled
-    template: templates/job.yaml
-    set:
-      enabled: false
-      provisioning:
-        enabled: true
-    asserts:
-      - hasDocuments:
-          count: 0
-  - it: renders a Job with correct nc command
-    template: templates/job.yaml
-    set:
-      enabled: true
-      giteaRootURL: "https://git.example.com:8443"
-      provisioning:
-        enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: Job
-          apiVersion: batch/v1
-          name: gitea-unittests-actions-token-job
-      - equal:
-          path: spec.template.spec.containers[0].image
-          value: "docker.gitea.com/gitea:1.23.6-rootless"
-      - equal:
-          path: spec.template.spec.initContainers[0].command[2]
-          value: |
-            while ! nc -z git.example.com 8443; do
-              sleep 5
-            done

unittests/helm/role-job.yaml

@@ -1,40 +0,0 @@
-suite: actions template | role-job
-release:
-  name: gitea-unittests
-  namespace: testing
-templates:
-  - templates/role-job.yaml
-tests:
-  - it: doesn't renders a Role by default
-    template: templates/role-job.yaml
-    asserts:
-      - hasDocuments:
-          count: 0
-  - it: renders a Role
-    template: templates/role-job.yaml
-    set:
-      enabled: true
-      provisioning:
-        enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: Role
-          apiVersion: rbac.authorization.k8s.io/v1
-          name: gitea-unittests-actions-token-job
-  - it: doesn't renders a Role when criteria met BUT actions are not enabled
-    template: templates/role-job.yaml
-    set:
-      enabled: false
-      provisioning:
-        enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 0

unittests/helm/rolebinding-job.yaml

@@ -1,40 +0,0 @@
-suite: actions template | rolebinding-job
-release:
-  name: gitea-unittests
-  namespace: testing
-templates:
-  - templates/rolebinding-job.yaml
-tests:
-  - it: doesn't renders a RoleBinding by default
-    template: templates/rolebinding-job.yaml
-    asserts:
-      - hasDocuments:
-          count: 0
-  - it: renders a RoleBinding
-    template: templates/rolebinding-job.yaml
-    set:
-      enabled: true
-      provisioning:
-        enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: RoleBinding
-          apiVersion: rbac.authorization.k8s.io/v1
-          name: gitea-unittests-actions-token-job
-  - it: doesn't renders a RoleBinding when criteria met BUT actions are not enabled
-    template: templates/rolebinding-job.yaml
-    set:
-      enabled: false
-      provisioning:
-        enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 0

unittests/helm/secret-token.yaml

@@ -1,40 +0,0 @@
-suite: actions template | secret-token
-release:
-  name: gitea-unittests
-  namespace: testing
-templates:
-  - templates/secret-token.yaml
-tests:
-  - it: doesn't renders a Secret by default
-    template: templates/secret-token.yaml
-    asserts:
-      - hasDocuments:
-          count: 0
-  - it: renders a Secret
-    template: templates/secret-token.yaml
-    set:
-      enabled: true
-      provisioning:
-        enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: Secret
-          apiVersion: v1
-          name: gitea-unittests-actions-token
-  - it: doesn't renders a Secret when criteria met BUT actions are not enabled
-    template: templates/secret-token.yaml
-    set:
-      enabled: false
-      provisioning:
-        enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 0

unittests/helm/serviceaccount-job.yaml

@@ -1,40 +0,0 @@
-suite: actions template | serviceaccount-job
-release:
-  name: gitea-unittests
-  namespace: testing
-templates:
-  - templates/serviceaccount-job.yaml
-tests:
-  - it: doesn't renders a ServiceAccount by default
-    template: templates/serviceaccount-job.yaml
-    asserts:
-      - hasDocuments:
-          count: 0
-  - it: renders a ServiceAccount
-    template: templates/serviceaccount-job.yaml
-    set:
-      enabled: true
-      provisioning:
-        enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: ServiceAccount
-          apiVersion: v1
-          name: gitea-unittests-actions-token-job
-  - it: doesn't renders a ServiceAccount when criteria met BUT actions are not enabled
-    template: templates/serviceaccount-job.yaml
-    set:
-      enabled: false
-      provisioning:
-        enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 0

unittests/helm/statefulset.yaml

@@ -69,7 +69,7 @@ tests:
           name: gitea-unittests-actions-act-runner
       - equal:
           path: spec.template.metadata.annotations["checksum/config"]
-          value: "e01f6cc186c5b523cba245cbfc9d556df49a71f7f650c979c2dbfd2bf40b9098"
+          value: "7566d9c60261bf8cbff6a6936fc7aead96cec540d8c793d142a5ad4664c56ba5"
   - it: renders a StatefulSet http (with correct GITEA_INSTANCE_URL env from giteaRootURL)
     template: templates/statefulset.yaml
     set:
@@ -92,9 +92,12 @@ tests:
       - equal:
           path: spec.template.spec.initContainers[0].command[2]
           value: |
-            while ! nc -z git.example.com 80; do
+            echo 'Trying to reach Gitea on http://git.example.com'
-              sleep 5
+            until timeout 10 wget --no-check-certificate --spider http://git.example.com; do
+              sleep 3
+              echo "Trying again in 3 seconds..."
             done
+            echo "Gitea has been reached!"
   - it: renders a StatefulSet https (with correct GITEA_INSTANCE_URL env from giteaRootURL)
     template: templates/statefulset.yaml
     set:
@@ -117,9 +120,12 @@ tests:
       - equal:
           path: spec.template.spec.initContainers[0].command[2]
           value: |
-            while ! nc -z git.example.com 443; do
+            echo 'Trying to reach Gitea on https://git.example.com'
-              sleep 5
+            until timeout 10 wget --no-check-certificate --spider https://git.example.com; do
+              sleep 3
+              echo "Trying again in 3 seconds..."
             done
+            echo "Gitea has been reached!"
   - it: renders a StatefulSet https (with correct GITEA_INSTANCE_URL env from giteaRootURL)
     template: templates/statefulset.yaml
     set:
@@ -142,9 +148,12 @@ tests:
       - equal:
           path: spec.template.spec.initContainers[0].command[2]
           value: |
-            while ! nc -z git.example.com 8443; do
+            echo 'Trying to reach Gitea on https://git.example.com:8443'
-              sleep 5
+            until timeout 10 wget --no-check-certificate --spider https://git.example.com:8443; do
+              sleep 3
+              echo "Trying again in 3 seconds..."
             done
+            echo "Gitea has been reached!"
   - it: allows adding custom environment variables to the docker-in-docker container
     template: templates/statefulset.yaml
     set:

values.yaml

@@ -1,10 +1,10 @@
 # Configure Gitea Actions
-# - must enable persistence if the job is enabled
 ## @section Gitea Actions
 #
 ## @param enabled Create an act runner StatefulSet.
 ## @param init.image.repository The image used for the init containers
 ## @param init.image.tag The image tag used for the init containers
+## @param statefulset.replicas the amount of (replica) runner pods deployed
 ## @param statefulset.annotations Act runner annotations
 ## @param statefulset.labels Act runner labels
 ## @param statefulset.resources Act runner resources
@@ -23,22 +23,12 @@
 ## @param statefulset.dind.extraVolumeMounts Allows mounting extra volumes in the Docker-in-Docker container
 ## @param statefulset.dind.extraEnvs Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`
 ## @param statefulset.persistence.size Size for persistence to store act runner data
-## @param provisioning.enabled Create a job that will create and save the token in a Kubernetes Secret
-## @param provisioning.annotations Job's annotations
-## @param provisioning.labels Job's labels
-## @param provisioning.resources Job's resources
-## @param provisioning.nodeSelector NodeSelector for the job
-## @param provisioning.tolerations Tolerations for the job
-## @param provisioning.affinity Affinity for the job
-## @param provisioning.ttlSecondsAfterFinished ttl for the job after finished in order to allow helm to properly recognize that the job completed
-## @param provisioning.publish.repository The image that can create the secret via kubectl
-## @param provisioning.publish.tag The publish image tag that can create the secret
-## @param provisioning.publish.pullPolicy The publish image pullPolicy that can create the secret
 ## @param existingSecret Secret that contains the token
 ## @param existingSecretKey Secret key
 ## @param giteaRootURL URL the act_runner registers and connect with
 enabled: false
 statefulset:
+  replicas: 1
   annotations: {}
   labels: {}
   resources: {}
@@ -82,23 +72,6 @@ init:
     # Overrides the image tag whose default is the chart appVersion.
     tag: "1.37.0"
 
-provisioning:
-  enabled: false
-
-  annotations: {}
-  labels: {}
-  resources: {}
-  nodeSelector: {}
-  tolerations: []
-  affinity: {}
-
-  publish:
-    repository: bitnami/kubectl
-    tag: 1.29.0
-    pullPolicy: IfNotPresent
-
-  ttlSecondsAfterFinished: 300
-
 ## Specify an existing token secret
 ##
 existingSecret: ""
@@ -107,52 +80,6 @@ existingSecretKey: ""
 ## Specify the root URL of the Gitea instance
 giteaRootURL: ""
 
-## @section Persistence
-#
-## @param persistence.enabled Enable persistent storage
-## @param persistence.create Whether to create the persistentVolumeClaim for shared storage
-## @param persistence.mount Whether the persistentVolumeClaim should be mounted (even if not created)
-## @param persistence.claimName Use an existing claim to store repository information
-## @param persistence.size Size for persistence to store repo information
-## @param persistence.accessModes AccessMode for persistence
-## @param persistence.labels Labels for the persistence volume claim to be created
-## @param persistence.annotations.helm.sh/resource-policy Resource policy for the persistence volume claim
-## @param persistence.storageClass Name of the storage class to use
-## @param persistence.subPath Subdirectory of the volume to mount at
-## @param persistence.volumeName Name of persistent volume in PVC
-persistence:
-  enabled: true
-  create: true
-  mount: true
-  claimName: gitea-shared-storage
-  size: 10Gi
-  accessModes:
-    - ReadWriteOnce
-  labels: {}
-  storageClass:
-  subPath:
-  volumeName: ""
-  annotations:
-    helm.sh/resource-policy: keep
-
-## @section Image
-## @param image.registry image registry, e.g. gcr.io,docker.io
-## @param image.repository Image to start for this pod
-## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml.
-## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
-## @param image.pullPolicy Image pull policy
-## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher
-## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).**
-image:
-  registry: "docker.gitea.com"
-  repository: gitea
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: ""
-  digest: ""
-  pullPolicy: IfNotPresent
-  rootless: true
-  fullOverride: ""
-
 ## @section Global
 #
 ## @param global.imageRegistry global image registry override