fix(ci): improve workflows

The following patch adapts the CI workflows. The worflows has been splitted into
dedicated parts. For example the `helm template` and `helm unittest` command is
now a seperate step to notice that a change affects the template mechanism but
not the unittest. This was priviously not possible, because both commands were
part of one step.

Additionally has the changelog workflow be improved. The shell commands has
been migrated to a dedicated file named `.gitea/scripts/changelog.sh`. This has
the advantage, that the shellcheck plugin of IDE's support developers by
developing such shell scripts. Furthermore, the used container image has been
replaced by the ubuntu:latest image of the act_runner. This make it more
comfortable in using `curl` or `jq`, because the complete set of features/flags are
avialable instead of the previously used container image
`docker.io/thegeeklab/git-sv:2.0.5`. Final note to the shell script
`changelog.sh`, this can now be executed locally as well as on ARM-based
act_runners and helps to test the helm chart in own Gitea environments
beforehand.

In addition, a new workflow for markdown files has now been introduced. This
checks the `README.md` file for links, ensures that it is properly formatted, and
verifies that the parameters match those in `values.yaml`. Here, too, the commands
have been outsourced to separate jobs so that more precise interaction is
possible in the event of an error.

This patch also requires an adjustment in branch protection. There, the
workflows that must be successful before a merge must be redefined.

.gitea/scripts/update-changelog.sh

@@ -0,0 +1,86 @@
+#!/bin/bash
+
+DEFAULT_GITEA_SERVER_URL="${GITHUB_SERVER_URL:-"https://gitea.com"}"
+DEFAULT_GITEA_REPOSITORY="${GITHUB_REPOSITORY:-"gitea/helm-gitea"}"
+DEFAULT_GITEA_TOKEN="${ISSUE_RW_TOKEN:-""}"
+
+if [ -z "${1}" ]; then
+  read -p "Enter hostname of the Gitea instance [${DEFAULT_GITEA_SERVER_URL}]: " CURRENT_GITEA_SERVER_URL
+  if [ -z "${CURRENT_GITEA_SERVER_URL}" ]; then
+    CURRENT_GITEA_SERVER_URL="${DEFAULT_GITEA_SERVER_URL}"
+  fi
+else
+  CURRENT_GITEA_SERVER_URL=$1
+fi
+
+if [ -z "${2}" ]; then
+  read -p "Enter name of the git repository [${DEFAULT_GITEA_REPOSITORY}]: " CURRENT_GITEA_REPOSITORY
+  if [ -z "${CURRENT_GITEA_REPOSITORY}" ]; then
+    CURRENT_GITEA_REPOSITORY="${DEFAULT_GITEA_REPOSITORY}"
+  fi
+else
+  CURRENT_GITEA_REPOSITORY=$2
+fi
+
+if [ -z "${3}" ]; then
+  read -p "Enter token to access the Gitea instance [${DEFAULT_GITEA_TOKEN}]: " CURRENT_GITEA_TOKEN
+  if [ -z "${CURRENT_GITEA_TOKEN}" ]; then
+    CURRENT_GITEA_TOKEN="${DEFAULT_GITEA_TOKEN}"
+  fi
+else
+  CURRENT_GITEA_TOKEN=$3
+fi
+
+if ! git sv rn -o /tmp/changelog.md; then
+  echo "ERROR: Failed to generate /tmp/changelog.md" 1>&2
+  exit 1
+fi
+
+CURL_ARGS=(
+  "--data-urlencode" "q=Changelog for upcoming version"
+  # "--data-urlencode=\"q=Changelog for upcoming version\""
+  "--data-urlencode" "state=open"
+  "--fail"
+  "--header" "Accept: application/json"
+  "--header" "Authorization: token ${CURRENT_GITEA_TOKEN}"
+  "--request" "GET"
+  "--silent"
+)
+
+if ! ISSUE_NUMBER="$(curl "${CURL_ARGS[@]}" "${CURRENT_GITEA_SERVER_URL}/api/v1/repos/${CURRENT_GITEA_REPOSITORY}/issues" | jq '.[].number')"; then
+  echo "ERROR: Failed query issue number" 1>&2
+  exit 1
+fi
+export ISSUE_NUMBER
+
+if ! echo "" | jq --raw-input --slurp --arg title "Changelog for upcoming version" --arg body "$(cat /tmp/changelog.md)" '{title: $title, body: $body}' 1> /tmp/payload.json; then
+  echo "ERROR: Failed to create JSON payload file" 1>&2
+  exit 1
+fi
+
+CURL_ARGS=(
+  "--data" "@/tmp/payload.json"
+  "--fail"
+  "--header" "Authorization: token ${CURRENT_GITEA_TOKEN}"
+  "--header" "Content-Type: application/json"
+  "--location"
+  "--silent"
+  "--output" "/dev/null"
+)
+
+if [ -z "${ISSUE_NUMBER}" ]; then
+  if ! curl "${CURL_ARGS[@]}" --request POST "${CURRENT_GITEA_SERVER_URL}/api/v1/repos/${CURRENT_GITEA_REPOSITORY}/issues"; then
+    echo "ERROR: Failed to create new issue!" 1>&2
+    exit 1
+  else
+    echo "INFO: Successfully created new issue!"
+  fi
+else
+  if ! curl "${CURL_ARGS[@]}" --request PATCH "${CURRENT_GITEA_SERVER_URL}/api/v1/repos/${CURRENT_GITEA_REPOSITORY}/issues/${ISSUE_NUMBER}"; then
+    echo "ERROR: Failed to update issue with ID ${ISSUE_NUMBER}!" 1>&2
+    exit 1
+  else
+    echo "INFO: Successfully updated existing issue with ID ${ISSUE_NUMBER}!"
+    echo "INFO: ${CURRENT_GITEA_SERVER_URL}/${CURRENT_GITEA_REPOSITORY}/issues/${ISSUE_NUMBER}"
+  fi
+fi

.gitea/workflows/changelog.yml

@@ -1,32 +0,0 @@
-name: changelog
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  changelog:
-    runs-on: ubuntu-latest
-    container: docker.io/thegeeklab/git-sv:2.0.5
-    steps:
-      - name: install tools
-        run: |
-          apk add -q --update --no-cache nodejs curl jq sed
-      - uses: actions/checkout@v5
-        with:
-          fetch-depth: 0
-      - name: Generate upcoming changelog
-        run: |
-          git sv rn -o changelog.md
-          export RELEASE_NOTES=$(cat changelog.md)
-          export ISSUE_NUMBER=$(curl -s "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues?state=open&q=Changelog%20for%20upcoming%20version" | jq '.[].number')
-
-          echo $RELEASE_NOTES
-          JSON_DATA=$(echo "" | jq -Rs --arg title 'Changelog for upcoming version' --arg body "$(cat changelog.md)" '{title: $title, body: $body}')
-
-          if [ -z "$ISSUE_NUMBER" ]; then
-            curl -s -X POST "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues" -H "Authorization: token ${{ secrets.ISSUE_RW_TOKEN }}" -H "Content-Type: application/json" -d "$JSON_DATA"
-          else
-            curl -s -X PATCH "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues/$ISSUE_NUMBER" -H "Authorization: token ${{ secrets.ISSUE_RW_TOKEN }}" -H "Content-Type: application/json" -d "$JSON_DATA"
-          fi

.gitea/workflows/commitlint.yml

@@ -1,19 +1,17 @@
-name: commitlint
+name: Rum commitlint
 
 on:
   pull_request:
-    branches:
-      - "*"
-    types:
-      - opened
-      - edited
+    branches: [ '**' ]
+    types: [ "opened", "edited" ]
 
 jobs:
   check-and-test:
+    container: docker.io/commitlint/commitlint:19.9.1
+    name: Execute commitlint
     runs-on: ubuntu-latest
-    container: commitlint/commitlint:19.9.1
     steps:
-      - uses: actions/checkout@v5
-      - name: check PR title
+      - uses: actions/checkout@v5.0.0
+      - name: Check PR title
         run: |
           echo "${{ gitea.event.pull_request.title }}" | commitlint --config .commitlintrc.json

.gitea/workflows/helm.yml

@@ -0,0 +1,75 @@
+name: Run Helm tests
+
+on:
+  pull_request:
+    branches: [ '**' ]
+  push:
+    branches: [ '**' ]
+    tags-ignore: [ '**' ]
+  workflow_call: {}
+
+env:
+  # renovate: datasource=github-releases depName=helm-unittest/helm-unittest
+  HELM_UNITTEST_VERSION: "v1.0.1"
+
+jobs:
+  helm-lint:
+    container: docker.io/alpine/helm:3.18.6
+    name: Execute helm lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install additional tools
+        run: |
+          apk update
+          apk add --update bash make nodejs
+      - uses: actions/checkout@v5.0.0
+      - name: Install helm chart dependencies
+        run: helm dependency build
+      - name: Execute helm lint
+        run: helm lint
+
+  helm-template:
+    container: docker.io/alpine/helm:3.18.6
+    name: Execute helm template
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install additional tools
+        run: |
+          apk update
+          apk add --update bash make nodejs
+      - uses: actions/checkout@v5.0.0
+      - name: Install helm chart dependencies
+        run: helm dependency build
+      - name: Execute helm template
+        run: helm template --debug gitea-helm .
+
+  helm-unittest:
+    container: docker.io/alpine/helm:3.18.6
+    name: Execute helm unittest
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install additional tools
+        run: |
+          apk update
+          apk add --update bash make nodejs npm yamllint ncurses
+      - uses: actions/checkout@v5.0.0
+      - name: Install helm chart dependencies
+        run: helm dependency build
+      - name: Install helm plugin 'unittest'
+        run: |
+          helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
+          git submodule update --init --recursive
+      - name: Execute helm unittest
+        env:
+          TERM: xterm
+        run: make unittests
+
+
+
+
+      # - name: verify readme
+      #   run: |
+      #     make readme
+      #     git diff --exit-code --name-only README.md
+      # - name: yaml lint
+      #   uses: https://github.com/ibiqlik/action-yamllint@v3

.gitea/workflows/markdown-linters.yml

@@ -0,0 +1,52 @@
+name: Markdown linter
+
+on:
+  pull_request:
+    types: [ "opened", "reopened", "synchronize" ]
+  push:
+    branches: [ '**' ]
+    tags-ignore: [ '**' ]
+  workflow_dispatch: {}
+
+jobs:
+  readme-link:
+    container:
+      image: docker.io/library/node:24.9.0-alpine
+    name: Execute npm run readme:link
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v5.0.0
+    - name: Execute npm run readme:link
+      run: |
+        npm install
+        npm run readme:link
+
+  readme-lint:
+    container:
+      image: docker.io/library/node:24.9.0-alpine
+    name: Execute npm run readme:lint
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v5.0.0
+    - name: Execute npm run readme:lint
+      run: |
+        npm install
+        npm run readme:lint
+
+  readme-parameters:
+    container:
+      image: docker.io/library/node:24.9.0-alpine
+    name: Execute npm run readme:parameters
+    runs-on: ubuntu-latest
+    steps:
+    - name: Install tooling
+      run: |
+        apk update
+        apk add git
+    - uses: actions/checkout@v5.0.0
+    - name: Execute npm run readme:parameters
+      run: |
+        npm install
+        npm run readme:parameters
+    - name: Compare diff
+      run: git diff --exit-code --name-only README.md

.gitea/workflows/release-version.yml

@@ -2,14 +2,13 @@ name: generate-chart
 
 on:
   push:
-    tags:
-      - "*"
+    tags: [ '**' ]
 
 jobs:
   generate-chart-publish:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v5.0.0
         with:
           fetch-depth: 0
 
@@ -65,11 +64,11 @@ jobs:
           OLD_TAG="$(git tag --sort=-version:refname | head --lines 2 | tail --lines 1)"
           .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
 
-      - name: Print Chart.yaml
+      - name: Print Chart.yaml on stdout
         run: cat Chart.yaml
 
       # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
-      - name: package chart
+      - name: Package Helm chart
         run: |
           echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
           # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
@@ -85,7 +84,7 @@ jobs:
           helm push gitea/gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
           helm registry logout registry-1.docker.io
 
-      - name: aws credential configure
+      - name: Configure AWS credentials
         uses: https://github.com/aws-actions/configure-aws-credentials@v5
         with:
           aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
@@ -97,14 +96,14 @@ jobs:
           aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/
 
   release-gitea:
+    container: docker.io/thegeeklab/git-sv:2.0.5
     needs: generate-chart-publish
     runs-on: ubuntu-latest
-    container: docker.io/thegeeklab/git-sv:2.0.5
     steps:
-      - name: install tools
+      - name: Install packages via apt
         run: |
           apk add -q --update --no-cache nodejs
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v5.0.0
         with:
           fetch-tags: true
           fetch-depth: 0

.gitea/workflows/test-pr.yml

@@ -1,46 +0,0 @@
-name: check-and-test
-
-on:
-  pull_request:
-    branches:
-      - "*"
-  push:
-    branches:
-      - main
-      - v13
-
-env:
-  # renovate: datasource=github-releases depName=helm-unittest/helm-unittest
-  HELM_UNITTEST_VERSION: "v1.0.1"
-
-jobs:
-  check-and-test:
-    runs-on: ubuntu-latest
-    container: alpine/helm:3.18.6
-    steps:
-      - name: install tools
-        run: |
-          apk update
-          apk add --update bash make nodejs npm yamllint ncurses
-      - uses: actions/checkout@v5
-      - name: install chart dependencies
-        run: helm dependency build
-      - name: lint
-        run: helm lint
-      - name: template
-        run: helm template --debug gitea-helm .
-      - name: prepare unit test environment
-        run: |
-          helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
-          git submodule update --init --recursive
-      - name: unit tests
-        env:
-          TERM: xterm
-        run: |
-          make unittests
-      - name: verify readme
-        run: |
-          make readme
-          git diff --exit-code --name-only README.md
-      - name: yaml lint
-        uses: https://github.com/ibiqlik/action-yamllint@v3

.gitea/workflows/update-changelog.yml

@@ -0,0 +1,29 @@
+name: Update changelog
+
+on:
+  push:
+    branches: [ "main" ]
+  workflow_dispatch: {}
+
+jobs:
+  changelog:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install packages via apt-get
+        run: |
+          apt-get update &&
+          apt-get install --yes curl jq
+      - uses: actions/checkout@v5.0.0
+        with:
+          fetch-depth: 0
+      - name: Install git-sv
+        env:
+          GIT_SV_VERSION: v2.0.4 # renovate: datasource=github-releases depName=thegeeklab/git-sv
+        run: |
+          curl --fail --location --output /usr/local/bin/git-sv --silent --show-error https://github.com/thegeeklab/git-sv/releases/download/${GIT_SV_VERSION}/git-sv-linux-$(dpkg --print-architecture)
+          chmod +x /usr/local/bin/git-sv
+          git-sv --version
+      - name: Update changelog issue
+        env:
+          ISSUE_RW_TOKEN: ${{ secrets.ISSUE_RW_TOKEN }}
+        run: .gitea/scripts/update-changelog.sh

.markdownlink.json

@@ -0,0 +1,8 @@
+{
+  "projectBaseUrl":"${workspaceFolder}",
+  "ignorePatterns": [
+    {
+      "pattern": "^http://localhost"
+    }
+  ]
+}

CONTRIBUTING.md

@@ -44,8 +44,7 @@ be used:
    `helm install --dependency-update gitea . -f values.yaml`.
 1. Gitea is now deployed in `minikube`.
    To access it, it's port needs to be forwarded first from `minikube` to localhost first via `kubectl --namespace
-default port-forward svc/gitea-http 3000:3000`.
-   Now Gitea is accessible at [http://localhost:3000](http://localhost:3000).
+default port-forward svc/gitea-http 3000:3000`. Now Gitea is accessible at [http://localhost:3000](http://localhost:3000).
 
 ### Unit tests
 

README.md

@@ -17,7 +17,7 @@
     - [Rootless Defaults](#rootless-defaults)
     - [Session, Cache and Queue](#session-cache-and-queue)
   - [Single-Pod Configurations](#single-pod-configurations)
-  - [Additional _app.ini_ settings](#additional-appini-settings)
+  - [Additional app.ini settings](#additional-appini-settings)
     - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini)
   - [External Database](#external-database)
   - [Ports and external url](#ports-and-external-url)
@@ -72,7 +72,7 @@ Additionally, this chart allows to provide LDAP and admin user configuration wit
 ## Update and versioning policy
 
 The Gitea helm chart versioning does not follow Gitea's versioning.
-The latest chart version can be looked up in [https://dl.gitea.com/charts](https://dl.gitea.com/charts) or in the [repository releases](https://gitea.com/gitea/helm-gitea/releases).
+The latest chart version can be looked up in [https://dl.gitea.com/charts/](https://dl.gitea.com/charts/) or in the [repository releases](https://gitea.com/gitea/helm-gitea/releases).
 
 The chart aims to follow Gitea's releases closely.
 There might be times when the chart is behind the latest Gitea release.
@@ -360,7 +360,7 @@ If HA is not needed/desired, the following configurations can be used to deploy
 
    </details>
 
-### Additional _app.ini_ settings
+### Additional app.ini settings
 
 > **The [generic](https://docs.gitea.com/administration/config-cheat-sheet#overall-default)
 > section cannot be defined that way.**

package.json

@@ -9,11 +9,13 @@
     "npm": ">=8.0.0"
   },
   "scripts": {
+    "readme:link": "markdown-link-check --config .markdownlink.json *.md",
     "readme:lint": "markdownlint *.md -f",
     "readme:parameters": "readme-generator -v values.yaml -r README.md"
   },
   "devDependencies": {
     "@bitnami/readme-generator-for-helm": "^2.5.0",
+    "markdown-link-check": "^3.13.6",
     "markdownlint-cli": "^0.45.0"
   }
 }

values.yaml

@@ -20,7 +20,7 @@ global:
   #   hostnames:
   #   - example.com
 
-## @param namespace An explicit namespace to deploy gitea into. Defaults to the release namespace if not specified
+## @param namespace An explicit namespace to deploy Gitea into. Defaults to the release namespace if not specified
 namespace: ""
 
 ## @param replicaCount number of replicas for the deployment
@@ -281,13 +281,13 @@ extraContainers: []
 #    image: busybox
 #    command: [/bin/sh, -c, 'echo "Hello world"']
 
-## @param preExtraInitContainers Additional init containers to run in the pod before gitea runs it owns init containers.
+## @param preExtraInitContainers Additional init containers to run in the pod before Gitea runs it owns init containers.
 preExtraInitContainers: []
 # - name: pre-init-container
 #   image: docker.io/library/busybox
 #   command: [ /bin/sh, -c, 'echo "Hello world! I am a pre init container."' ]
 
-## @param postExtraInitContainers Additional init containers to run in the pod after gitea runs it owns init containers.
+## @param postExtraInitContainers Additional init containers to run in the pod after Gitea runs it owns init containers.
 postExtraInitContainers: []
 # - name: post-init-container
 #   image: docker.io/library/busybox