Add gpg configuration settings (#343)

### Description of the change This PR adds support for gpg key setup. It allows to pass the gpg private key content inline inside `values.yaml` or refer to an existing secret containing the key content data. ### Benefits Administrators don't need to manually setup the gpg environment from inside a running container. It also eliminates the breaking change of Gitea 1.17 regarding `[git].HOME` as the `GNUPGHOME` environment variable is used consistently to relocate the `.gnupg` directory to its former location. ### Applicable issues - fixes #107 ### Additional information This PR add the first unit tests to this Helm Chart, ensuring templating integrity for signing related configuration. ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com> Co-authored-by: pat-s <pat-s@noreply.gitea.io> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/343 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2022-09-28 16:18:59 +08:00
parent 0d1f748898
commit b8f0310c43
18 changed files with 429 additions and 22 deletions
--- a/README.md
+++ b/README.md
@ -41,24 +41,6 @@ of this document for major and breaking changes.
 - Helm 3.0+
 - PV provisioner for persistent data support

-## Configure Commit Signing
-
-When using the rootless image the gpg key folder was is not persistent by
-default. If you consider using signed commits for internal Gitea activities
-(e.g. initial commit), you'd need to provide a signing key. Prior to
-[PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be
-re-imported once the container got replaced by another.
-
-The mentioned PR introduced a new configuration object `signing` allowing you to
-configure prerequisites for commit signing. By default this section is disabled
-to maintain backwards compatibility.
-
-```yaml
-signing:
-  enabled: false
-  gpgHome: /data/git/.gnupg
-```
-
 ## Examples

 ### Gitea Configuration
@ -525,6 +507,49 @@ gitea:
        ...
 ```

+## Configure commit signing
+
+When using the rootless image the gpg key folder is not persistent by
+default. If you consider using signed commits for internal Gitea activities
+(e.g. initial commit), you'd need to provide a signing key. Prior to
+[PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be
+re-imported once the container got replaced by another.
+
+The mentioned PR introduced a new configuration object `signing` allowing you to
+configure prerequisites for commit signing. By default this section is disabled
+to maintain backwards compatibility.
+
+```yaml
+signing:
+  enabled: false
+  gpgHome: /data/git/.gnupg
+```
+
+Regardless of the used container image the `signing` object allows to specify a
+private gpg key. Either using the `signing.privateKey` to define the key inline,
+or refer to an existing secret containing the key data by using `signing.existingKey`.
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: custom-gitea-gpg-key
+type: Opaque
+stringData:
+  privateKey: |-
+    -----BEGIN PGP PRIVATE KEY BLOCK-----
+    ...
+    -----END PGP PRIVATE KEY BLOCK-----
+```
+
+```yaml
+signing:
+  existingSecret: custom-gitea-gpg-key
+```
+
+To use the gpg key, Gitea needs to be configured accordingly. A detailed description
+can be found in the [official Gitea documentation](https://docs.gitea.io/en-us/signing/#general-configuration).
+
 ### Metrics and profiling

 A Prometheus `/metrics` endpoint on the `HTTP_PORT` and `pprof` profiling
@ -669,10 +694,12 @@ gitea:

 ### Signing

-| Name              | Description                  | Value              |
-| ----------------- | ---------------------------- | ------------------ |
-| `signing.enabled` | Enable commit/action signing | `false`            |
-| `signing.gpgHome` | GPG home directory           | `/data/git/.gnupg` |
+| Name                     | Description                                                       | Value              |
+| ------------------------ | ----------------------------------------------------------------- | ------------------ |
+| `signing.enabled`        | Enable commit/action signing                                      | `false`            |
+| `signing.gpgHome`        | GPG home directory                                                | `/data/git/.gnupg` |
+| `signing.privateKey`     | Inline private gpg key for signed Gitea actions                   | `""`               |
+| `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""`               |

 ### Gitea