volker.raschek/helm-gitea
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Temporary revert GPG feature for semver based retagging (#373)

Browse Source 
Feature #343 happens to be a breaking change when enabling `.Values.signing` but not specifying
any of the new private key properties. Tag `v6.0.2` is therefore not following semantic versioning.

This temporarily reverts commit b8f0310c43 and a fix-up commit 57a1cd27d9
to retag 6.0.2 as 6.0.3.

Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/373
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
This commit is contained in:
justusbunsi
2022-10-21 00:35:19 +08:00
parent 57a1cd27d9
commit d5ce1a47ea
18 changed files with 22 additions and 440 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
unittests/gpg-secret/signing-disabled.yaml
View File

@ -1,13 +0,0 @@
suite: GPG secret template (signing disabled)
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/gpg-secret.yaml
tests:
- it: renders nothing
set:
signing.enabled: false
asserts:
- hasDocuments:
count: 0

40
unittests/gpg-secret/signing-enabled.yaml
View File

@ -1,40 +0,0 @@
suite: GPG secret template (signing enabled)
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/gpg-secret.yaml
tests:
- it: fails rendering when nothing is configured
set:
signing:
enabled: true
asserts:
- failedTemplate:
errorMessage: Either specify `signing.privateKey` or `signing.existingKey`
- it: skips rendering using external secret reference
set:
signing:
enabled: true
existingSecret: "external-secret-reference"
asserts:
- hasDocuments:
count: 0
- it: renders secret specification using inline gpg key
set:
signing:
enabled: true
privateKey: "gpg-key-placeholder"
asserts:
- hasDocuments:
count: 1
- documentIndex: 0
containsDocument:
kind: Secret
apiVersion: v1
name: gitea-unittests-gpg-key
- isNotEmpty:
path: metadata.labels
- equal:
path: data.privateKey
value: "Z3BnLWtleS1wbGFjZWhvbGRlcg=="

15
unittests/init/basic.yaml
View File

@ -1,15 +0,0 @@
suite: Init template (basic)
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/init.yaml
tests:
- it: renders a secret
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: Secret
apiVersion: v1
name: gitea-unittests-init

64
unittests/init/init_directory_structure.sh.yaml
View File

@ -1,64 +0,0 @@
suite: Init template
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/init.yaml
tests:
- it: runs gpg in batch mode
set:
signing.enabled: true
asserts:
- equal:
path: stringData.[configure_gpg_environment.sh]
value: |-
#!/usr/bin/env bash
set -eu
gpg --batch --import /raw/private.asc
- it: skips gpg script block for disabled signing
asserts:
- equal:
path: stringData.[init_directory_structure.sh]
value: |-
#!/usr/bin/env bash
set -euo pipefail
set -x
chown 1000:1000 /data
mkdir -p /data/git/.ssh
chmod -R 700 /data/git/.ssh
[ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
# prepare temp directory structure
mkdir -p "${GITEA_TEMP}"
chown 1000:1000 "${GITEA_TEMP}"
chmod ug+rwx "${GITEA_TEMP}"
- it: adds gpg script block for enabled signing
set:
signing.enabled: true
asserts:
- equal:
path: stringData.[init_directory_structure.sh]
value: |-
#!/usr/bin/env bash
set -euo pipefail
set -x
chown 1000:1000 /data
mkdir -p /data/git/.ssh
chmod -R 700 /data/git/.ssh
[ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
# prepare temp directory structure
mkdir -p "${GITEA_TEMP}"
chown 1000:1000 "${GITEA_TEMP}"
chmod ug+rwx "${GITEA_TEMP}"
if [ ! -d "${GNUPGHOME}" ]; then
mkdir -p "${GNUPGHOME}"
chmod 700 "${GNUPGHOME}"
chown 1000:1000 "${GNUPGHOME}"
fi

17
unittests/statefulset/basic.yaml
View File

@ -1,17 +0,0 @@
suite: Statefulset template (basic)
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/statefulset.yaml
- templates/gitea/config.yaml
tests:
- it: renders a statefulset
template: templates/gitea/statefulset.yaml
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests

40
unittests/statefulset/signing-disabled.yaml
View File

@ -1,40 +0,0 @@
suite: Statefulset template (signing disabled)
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/statefulset.yaml
- templates/gitea/config.yaml
tests:
- it: skips gpg init container
template: templates/gitea/statefulset.yaml
asserts:
- notContains:
path: spec.template.spec.initContainers
any: true
content:
name: configure-gpg
- it: skips gpg env in `init-directories` init container
template: templates/gitea/statefulset.yaml
set:
signing.enabled: true
asserts:
- contains:
path: spec.template.spec.initContainers[0].env
content:
name: GNUPGHOME
value: /data/git/.gnupg
- it: skips gpg env in runtime container
template: templates/gitea/statefulset.yaml
asserts:
- notContains:
path: spec.template.spec.containers[0].env
content:
name: GNUPGHOME
- it: skips gpg volume spec
template: templates/gitea/statefulset.yaml
asserts:
- notContains:
path: spec.template.spec.volumes
content:
name: gpg-private-key

93
unittests/statefulset/signing-enabled.yaml
View File

@ -1,93 +0,0 @@
suite: Statefulset template (signing enabled)
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/statefulset.yaml
- templates/gitea/config.yaml
tests:
- it: adds gpg init container
template: templates/gitea/statefulset.yaml
set:
signing:
enabled: true
existingSecret: "custom-gpg-secret"
asserts:
- equal:
path: spec.template.spec.initContainers[2].name
value: configure-gpg
- equal:
path: spec.template.spec.initContainers[2].command
value: ["/usr/sbin/configure_gpg_environment.sh"]
- equal:
path: spec.template.spec.initContainers[2].securityContext
value:
runAsUser: 1000
- equal:
path: spec.template.spec.initContainers[2].env
value:
- name: GNUPGHOME
value: /data/git/.gnupg
- equal:
path: spec.template.spec.initContainers[2].volumeMounts
value:
- name: init
mountPath: /usr/sbin
- name: data
mountPath: /data
- name: gpg-private-key
mountPath: /raw
readOnly: true
- it: adds gpg env in `init-directories` init container
template: templates/gitea/statefulset.yaml
set:
signing.enabled: true
asserts:
- contains:
path: spec.template.spec.initContainers[0].env
content:
name: GNUPGHOME
value: /data/git/.gnupg
- it: adds gpg env in runtime container
template: templates/gitea/statefulset.yaml
set:
signing.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: GNUPGHOME
value: /data/git/.gnupg
- it: adds gpg volume spec
template: templates/gitea/statefulset.yaml
set:
signing:
enabled: true
asserts:
- contains:
path: spec.template.spec.volumes
content:
name: gpg-private-key
secret:
secretName: gitea-unittests-gpg-key
items:
- key: privateKey
path: private.asc
defaultMode: 0100
- it: supports gpg volume spec with external reference
template: templates/gitea/statefulset.yaml
set:
signing:
enabled: true
existingSecret: custom-gpg-secret
asserts:
- contains:
path: spec.template.spec.volumes
content:
name: gpg-private-key
secret:
secretName: custom-gpg-secret
items:
- key: privateKey
path: private.asc
defaultMode: 0100