You've already forked helm-gitea
Compare commits
11 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 volker.raschek
|
3219f22a68
|
||
|
volker.raschek
|
cdd75f2e77
|
||
|
volker.raschek
|
c96824da7f
|
||
|
volker.raschek
|
5851fe7c4c
|
||
|
volker.raschek
|
5c39511d9a
|
||
|
volker.raschek
|
935b82ab0e
|
||
|
volker.raschek
|
1b22954570
|
||
|
volker.raschek
|
3da31782dd
|
||
|
volker.raschek
|
4d6db83c28 | ||
|
volker.raschek
|
72606192a6 | ||
|
volker.raschek
|
fb407618dc |
@@ -1,61 +1,65 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
set -e -o pipefail
|
||||
|
||||
CHART_FILE="Chart.yaml"
|
||||
if [ ! -f "${CHART_FILE}" ]; then
|
||||
echo "ERROR: ${CHART_FILE} not found!" 1>&2
|
||||
chart_file="Chart.yaml"
|
||||
if [ ! -f "${chart_file}" ]; then
|
||||
echo "ERROR: ${chart_file} not found!" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
|
||||
DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
|
||||
default_new_tag="$(git tag --sort=-version:refname | head -n 1)"
|
||||
default_old_tag="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
|
||||
|
||||
if [ -z "${1}" ]; then
|
||||
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
|
||||
if [ -z "${OLD_TAG}" ]; then
|
||||
OLD_TAG="${DEFAULT_OLD_TAG}"
|
||||
echo "Enter start tag [${default_old_tag}]:"
|
||||
read -r old_tag
|
||||
if [ -z "${old_tag}" ]; then
|
||||
old_tag="${default_old_tag}"
|
||||
fi
|
||||
|
||||
while [ -z "$(git tag --list "${OLD_TAG}")" ]; do
|
||||
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
|
||||
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
|
||||
if [ -z "${OLD_TAG}" ]; then
|
||||
OLD_TAG="${DEFAULT_OLD_TAG}"
|
||||
while [ -z "$(git tag --list "${old_tag}")" ]; do
|
||||
echo "ERROR: Tag '${old_tag}' not found!" 1>&2
|
||||
echo "Enter start tag [${default_old_tag}]:"
|
||||
read -r old_tag
|
||||
if [ -z "${old_tag}" ]; then
|
||||
old_tag="${default_old_tag}"
|
||||
fi
|
||||
done
|
||||
else
|
||||
OLD_TAG=${1}
|
||||
if [ -z "$(git tag --list "${OLD_TAG}")" ]; then
|
||||
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
|
||||
old_tag=${1}
|
||||
if [ -z "$(git tag --list "${old_tag}")" ]; then
|
||||
echo "ERROR: Tag '${old_tag}' not found!" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -z "${2}" ]; then
|
||||
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
|
||||
if [ -z "${NEW_TAG}" ]; then
|
||||
NEW_TAG="${DEFAULT_NEW_TAG}"
|
||||
echo "Enter end tag [${default_new_tag}]:"
|
||||
read -r new_tag
|
||||
if [ -z "${new_tag}" ]; then
|
||||
new_tag="${default_new_tag}"
|
||||
fi
|
||||
|
||||
while [ -z "$(git tag --list "${NEW_TAG}")" ]; do
|
||||
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
|
||||
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
|
||||
if [ -z "${NEW_TAG}" ]; then
|
||||
NEW_TAG="${DEFAULT_NEW_TAG}"
|
||||
while [ -z "$(git tag --list "${new_tag}")" ]; do
|
||||
echo "ERROR: Tag '${new_tag}' not found!" 1>&2
|
||||
echo "Enter end tag [${default_new_tag}]:"
|
||||
read -r new_tag
|
||||
if [ -z "${new_tag}" ]; then
|
||||
new_tag="${default_new_tag}"
|
||||
fi
|
||||
done
|
||||
else
|
||||
NEW_TAG=${2}
|
||||
new_tag=${2}
|
||||
|
||||
if [ -z "$(git tag --list "${NEW_TAG}")" ]; then
|
||||
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
|
||||
if [ -z "$(git tag --list "${new_tag}")" ]; then
|
||||
echo "ERROR: Tag '${new_tag}' not found!" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
CHANGE_LOG_YAML=$(mktemp)
|
||||
echo "[]" > "${CHANGE_LOG_YAML}"
|
||||
change_log_yaml=$(mktemp)
|
||||
echo "[]" > "${change_log_yaml}"
|
||||
|
||||
function map_type_to_kind() {
|
||||
case "${1}" in
|
||||
@@ -80,35 +84,42 @@ function map_type_to_kind() {
|
||||
esac
|
||||
}
|
||||
|
||||
COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")"
|
||||
commit_titles="$(git log --pretty=format:"%s" "${old_tag}..${new_tag}")"
|
||||
|
||||
echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}"
|
||||
echo "INFO: Generate change log entries from ${old_tag} until ${new_tag}"
|
||||
|
||||
while IFS= read -r line; do
|
||||
if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then
|
||||
TYPE="${BASH_REMATCH[1]}"
|
||||
KIND=$(map_type_to_kind "${TYPE}")
|
||||
type="${BASH_REMATCH[1]}"
|
||||
kind=$(map_type_to_kind "${type}")
|
||||
|
||||
if [ "${KIND}" == "skip" ]; then
|
||||
if [ "${kind}" == "skip" ]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
DESC="${BASH_REMATCH[3]}"
|
||||
desc="${BASH_REMATCH[3]}"
|
||||
|
||||
echo "- ${KIND}: ${DESC}"
|
||||
echo "- ${kind}: ${desc}"
|
||||
|
||||
jq --arg kind "${KIND}" --arg description "${DESC}" '. += [ $ARGS.named ]' < "${CHANGE_LOG_YAML}" > "${CHANGE_LOG_YAML}.new"
|
||||
mv "${CHANGE_LOG_YAML}.new" "${CHANGE_LOG_YAML}"
|
||||
jq --arg kind "${kind}" --arg description "${desc}" '. += [ $ARGS.named ]' < "${change_log_yaml}" > "${change_log_yaml}.new"
|
||||
mv "${change_log_yaml}.new" "${change_log_yaml}"
|
||||
|
||||
fi
|
||||
done <<< "${COMMIT_TITLES}"
|
||||
done <<< "${commit_titles}"
|
||||
|
||||
if [ -s "${CHANGE_LOG_YAML}" ]; then
|
||||
yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}"
|
||||
yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}"
|
||||
if [ -s "${change_log_yaml}" ]; then
|
||||
yq --inplace --input-format json --output-format yml "${change_log_yaml}"
|
||||
yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${change_log_yaml}\") | sort_keys(.)" "${chart_file}"
|
||||
else
|
||||
echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2
|
||||
echo "ERROR: Changelog file is empty: ${change_log_yaml}" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
rm "${CHANGE_LOG_YAML}"
|
||||
rm "${change_log_yaml}"
|
||||
|
||||
regexp=".*-alpha-[0-9]+(\.[0-9]+){,2}$"
|
||||
if [[ "${new_tag}" =~ $regexp ]]; then
|
||||
yq --inplace '.annotations."artifacthub.io/prerelease" = "true"' "${chart_file}"
|
||||
else
|
||||
yq --inplace '.annotations."artifacthub.io/prerelease" = "false"' "${chart_file}"
|
||||
fi
|
||||
|
||||
Executable
+86
@@ -0,0 +1,86 @@
|
||||
#!/bin/bash
|
||||
|
||||
DEFAULT_GITEA_SERVER_URL="${GITHUB_SERVER_URL:-"https://gitea.com"}"
|
||||
DEFAULT_GITEA_REPOSITORY="${GITHUB_REPOSITORY:-"gitea/helm-gitea"}"
|
||||
DEFAULT_GITEA_TOKEN="${ISSUE_RW_TOKEN:-""}"
|
||||
|
||||
if [ -z "${1}" ]; then
|
||||
read -p "Enter hostname of the Gitea instance [${DEFAULT_GITEA_SERVER_URL}]: " CURRENT_GITEA_SERVER_URL
|
||||
if [ -z "${CURRENT_GITEA_SERVER_URL}" ]; then
|
||||
CURRENT_GITEA_SERVER_URL="${DEFAULT_GITEA_SERVER_URL}"
|
||||
fi
|
||||
else
|
||||
CURRENT_GITEA_SERVER_URL=$1
|
||||
fi
|
||||
|
||||
if [ -z "${2}" ]; then
|
||||
read -p "Enter name of the git repository [${DEFAULT_GITEA_REPOSITORY}]: " CURRENT_GITEA_REPOSITORY
|
||||
if [ -z "${CURRENT_GITEA_REPOSITORY}" ]; then
|
||||
CURRENT_GITEA_REPOSITORY="${DEFAULT_GITEA_REPOSITORY}"
|
||||
fi
|
||||
else
|
||||
CURRENT_GITEA_REPOSITORY=$2
|
||||
fi
|
||||
|
||||
if [ -z "${3}" ]; then
|
||||
read -p "Enter token to access the Gitea instance [${DEFAULT_GITEA_TOKEN}]: " CURRENT_GITEA_TOKEN
|
||||
if [ -z "${CURRENT_GITEA_TOKEN}" ]; then
|
||||
CURRENT_GITEA_TOKEN="${DEFAULT_GITEA_TOKEN}"
|
||||
fi
|
||||
else
|
||||
CURRENT_GITEA_TOKEN=$3
|
||||
fi
|
||||
|
||||
if ! git sv rn -o /tmp/changelog.md; then
|
||||
echo "ERROR: Failed to generate /tmp/changelog.md" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
CURL_ARGS=(
|
||||
"--data-urlencode" "q=Changelog for upcoming version"
|
||||
# "--data-urlencode=\"q=Changelog for upcoming version\""
|
||||
"--data-urlencode" "state=open"
|
||||
"--fail"
|
||||
"--header" "Accept: application/json"
|
||||
"--header" "Authorization: token ${CURRENT_GITEA_TOKEN}"
|
||||
"--request" "GET"
|
||||
"--silent"
|
||||
)
|
||||
|
||||
if ! ISSUE_NUMBER="$(curl "${CURL_ARGS[@]}" "${CURRENT_GITEA_SERVER_URL}/api/v1/repos/${CURRENT_GITEA_REPOSITORY}/issues" | jq '.[].number')"; then
|
||||
echo "ERROR: Failed query issue number" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
export ISSUE_NUMBER
|
||||
|
||||
if ! echo "" | jq --raw-input --slurp --arg title "Changelog for upcoming version" --arg body "$(cat /tmp/changelog.md)" '{title: $title, body: $body}' 1> /tmp/payload.json; then
|
||||
echo "ERROR: Failed to create JSON payload file" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
CURL_ARGS=(
|
||||
"--data" "@/tmp/payload.json"
|
||||
"--fail"
|
||||
"--header" "Authorization: token ${CURRENT_GITEA_TOKEN}"
|
||||
"--header" "Content-Type: application/json"
|
||||
"--location"
|
||||
"--silent"
|
||||
"--output" "/dev/null"
|
||||
)
|
||||
|
||||
if [ -z "${ISSUE_NUMBER}" ]; then
|
||||
if ! curl "${CURL_ARGS[@]}" --request POST "${CURRENT_GITEA_SERVER_URL}/api/v1/repos/${CURRENT_GITEA_REPOSITORY}/issues"; then
|
||||
echo "ERROR: Failed to create new issue!" 1>&2
|
||||
exit 1
|
||||
else
|
||||
echo "INFO: Successfully created new issue!"
|
||||
fi
|
||||
else
|
||||
if ! curl "${CURL_ARGS[@]}" --request PATCH "${CURRENT_GITEA_SERVER_URL}/api/v1/repos/${CURRENT_GITEA_REPOSITORY}/issues/${ISSUE_NUMBER}"; then
|
||||
echo "ERROR: Failed to update issue with ID ${ISSUE_NUMBER}!" 1>&2
|
||||
exit 1
|
||||
else
|
||||
echo "INFO: Successfully updated existing issue with ID ${ISSUE_NUMBER}!"
|
||||
echo "INFO: ${CURRENT_GITEA_SERVER_URL}/${CURRENT_GITEA_REPOSITORY}/issues/${ISSUE_NUMBER}"
|
||||
fi
|
||||
fi
|
||||
@@ -1,32 +0,0 @@
|
||||
name: changelog
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
|
||||
jobs:
|
||||
changelog:
|
||||
runs-on: ubuntu-latest
|
||||
container: docker.io/thegeeklab/git-sv:2.1.1
|
||||
steps:
|
||||
- name: install tools
|
||||
run: |
|
||||
apk add -q --update --no-cache nodejs curl jq sed
|
||||
- uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Generate upcoming changelog
|
||||
run: |
|
||||
git sv rn -o changelog.md
|
||||
export RELEASE_NOTES=$(cat changelog.md)
|
||||
export ISSUE_NUMBER=$(curl -s "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues?state=open&q=Changelog%20for%20upcoming%20version" | jq '.[].number')
|
||||
|
||||
echo $RELEASE_NOTES
|
||||
JSON_DATA=$(echo "" | jq -Rs --arg title 'Changelog for upcoming version' --arg body "$(cat changelog.md)" '{title: $title, body: $body}')
|
||||
|
||||
if [ -z "$ISSUE_NUMBER" ]; then
|
||||
curl -s -X POST "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues" -H "Authorization: token ${{ secrets.ISSUE_RW_TOKEN }}" -H "Content-Type: application/json" -d "$JSON_DATA"
|
||||
else
|
||||
curl -s -X PATCH "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues/$ISSUE_NUMBER" -H "Authorization: token ${{ secrets.ISSUE_RW_TOKEN }}" -H "Content-Type: application/json" -d "$JSON_DATA"
|
||||
fi
|
||||
@@ -1,19 +1,17 @@
|
||||
name: commitlint
|
||||
name: Rum commitlint
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches:
|
||||
- "*"
|
||||
types:
|
||||
- opened
|
||||
- edited
|
||||
branches: [ '**' ]
|
||||
types: [ "opened", "edited" ]
|
||||
|
||||
jobs:
|
||||
check-and-test:
|
||||
container: docker.io/commitlint/commitlint:19.9.1
|
||||
name: Execute commitlint
|
||||
runs-on: ubuntu-latest
|
||||
container: commitlint/commitlint:20.5.3
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- name: check PR title
|
||||
- uses: actions/checkout@v5.0.0
|
||||
- name: Check PR title
|
||||
run: |
|
||||
echo "${{ gitea.event.pull_request.title }}" | commitlint --config .commitlintrc.json
|
||||
|
||||
@@ -0,0 +1,75 @@
|
||||
name: Run Helm tests
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches: [ '**' ]
|
||||
push:
|
||||
branches: [ '**' ]
|
||||
tags-ignore: [ '**' ]
|
||||
workflow_call: {}
|
||||
|
||||
env:
|
||||
# renovate: datasource=github-releases depName=helm-unittest/helm-unittest
|
||||
HELM_UNITTEST_VERSION: "v1.0.1"
|
||||
|
||||
jobs:
|
||||
helm-lint:
|
||||
container: docker.io/alpine/helm:3.18.6
|
||||
name: Execute helm lint
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Install additional tools
|
||||
run: |
|
||||
apk update
|
||||
apk add --update bash make nodejs
|
||||
- uses: actions/checkout@v5.0.0
|
||||
- name: Install helm chart dependencies
|
||||
run: helm dependency build
|
||||
- name: Execute helm lint
|
||||
run: helm lint
|
||||
|
||||
helm-template:
|
||||
container: docker.io/alpine/helm:3.18.6
|
||||
name: Execute helm template
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Install additional tools
|
||||
run: |
|
||||
apk update
|
||||
apk add --update bash make nodejs
|
||||
- uses: actions/checkout@v5.0.0
|
||||
- name: Install helm chart dependencies
|
||||
run: helm dependency build
|
||||
- name: Execute helm template
|
||||
run: helm template --debug gitea-helm .
|
||||
|
||||
helm-unittest:
|
||||
container: docker.io/alpine/helm:3.18.6
|
||||
name: Execute helm unittest
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Install additional tools
|
||||
run: |
|
||||
apk update
|
||||
apk add --update bash make nodejs npm yamllint ncurses
|
||||
- uses: actions/checkout@v5.0.0
|
||||
- name: Install helm chart dependencies
|
||||
run: helm dependency build
|
||||
- name: Install helm plugin 'unittest'
|
||||
run: |
|
||||
helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
|
||||
git submodule update --init --recursive
|
||||
- name: Execute helm unittest
|
||||
env:
|
||||
TERM: xterm
|
||||
run: make unittests
|
||||
|
||||
|
||||
|
||||
|
||||
# - name: verify readme
|
||||
# run: |
|
||||
# make readme
|
||||
# git diff --exit-code --name-only README.md
|
||||
# - name: yaml lint
|
||||
# uses: https://github.com/ibiqlik/action-yamllint@v3
|
||||
@@ -0,0 +1,52 @@
|
||||
name: Markdown linter
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
types: [ "opened", "reopened", "synchronize" ]
|
||||
push:
|
||||
branches: [ '**' ]
|
||||
tags-ignore: [ '**' ]
|
||||
workflow_dispatch: {}
|
||||
|
||||
jobs:
|
||||
readme-link:
|
||||
container:
|
||||
image: docker.io/library/node:24.9.0-alpine
|
||||
name: Execute npm run readme:link
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v5.0.0
|
||||
- name: Execute npm run readme:link
|
||||
run: |
|
||||
npm install
|
||||
npm run readme:link
|
||||
|
||||
readme-lint:
|
||||
container:
|
||||
image: docker.io/library/node:24.9.0-alpine
|
||||
name: Execute npm run readme:lint
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v5.0.0
|
||||
- name: Execute npm run readme:lint
|
||||
run: |
|
||||
npm install
|
||||
npm run readme:lint
|
||||
|
||||
readme-parameters:
|
||||
container:
|
||||
image: docker.io/library/node:24.9.0-alpine
|
||||
name: Execute npm run readme:parameters
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Install tooling
|
||||
run: |
|
||||
apk update
|
||||
apk add git
|
||||
- uses: actions/checkout@v5.0.0
|
||||
- name: Execute npm run readme:parameters
|
||||
run: |
|
||||
npm install
|
||||
npm run readme:parameters
|
||||
- name: Compare diff
|
||||
run: git diff --exit-code --name-only README.md
|
||||
@@ -1,110 +1,160 @@
|
||||
name: generate-chart
|
||||
name: Release
|
||||
|
||||
env:
|
||||
GPG_PRIVATE_KEY_FILE: ${{ runner.temp }}/private.key
|
||||
GPG_PRIVATE_KEY_FINGERPRINT: ${{ vars.GPG_PRIVATE_KEY_FINGERPRINT }}
|
||||
GPG_PRIVATE_KEY_PASSPHRASE_FILE: ${{ runner.temp }}/passphrase.txt
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- "*"
|
||||
tags: [ '**' ]
|
||||
|
||||
jobs:
|
||||
generate-chart-publish:
|
||||
publish-chart:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: azure/setup-helm@v4.3.1
|
||||
with:
|
||||
version: "v4.0.1" # renovate: datasource=github-tags depName=helm/helm
|
||||
|
||||
- name: Install helm plugins
|
||||
env:
|
||||
HELM_SIGSTORE_VERSION: "0.3.0" # renovate: datasource=github-tags depName=sigstore/helm-sigstore extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
|
||||
HELM_SCHEMA_VALUES_VERSION: "2.3.1" # renovate: datasource=github-tags depName=losisin/helm-values-schema-json extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
|
||||
HELM_UNITTEST_VERSION: "1.0.3" # renovate: datasource=github-tags depName=helm-unittest/helm-unittest extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
|
||||
run: |
|
||||
helm plugin install --verify=false https://github.com/sigstore/helm-sigstore.git --version "${HELM_SIGSTORE_VERSION}" 1> /dev/null
|
||||
helm plugin install --verify=false https://github.com/losisin/helm-values-schema-json.git --version "${HELM_SCHEMA_VALUES_VERSION}" 1> /dev/null
|
||||
helm plugin install --verify=false https://github.com/helm-unittest/helm-unittest.git --version "${HELM_UNITTEST_VERSION}" 1> /dev/null
|
||||
helm plugin list
|
||||
|
||||
- name: GPG configuration
|
||||
env:
|
||||
GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.GPGSIGN_PASSPHRASE }}
|
||||
GPG_PRIVATE_KEY: ${{ secrets.GPGSIGN_KEY }}
|
||||
run: |
|
||||
# Configure GPG and GPG Agent
|
||||
mkdir --parents "${HOME}/.gnupg"
|
||||
chmod 0700 "${HOME}/.gnupg"
|
||||
|
||||
cat > "${HOME}/.gnupg/gpg.conf" <<EOF
|
||||
use-agent
|
||||
pinentry-mode loopback
|
||||
EOF
|
||||
|
||||
cat > "${HOME}/.gnupg/gpg-agent.conf" <<EOF
|
||||
allow-loopback-pinentry
|
||||
max-cache-ttl 86400
|
||||
default-cache-ttl 86400
|
||||
EOF
|
||||
|
||||
gpgconf --kill gpg-agent
|
||||
gpgconf --launch gpg-agent
|
||||
|
||||
# Import GPG private key
|
||||
cat 1> "${GPG_PRIVATE_KEY_PASSPHRASE_FILE}" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
|
||||
cat 1> "${GPG_PRIVATE_KEY_FILE}" <<< "${GPG_PRIVATE_KEY}"
|
||||
gpg --batch --yes --passphrase-fd 0 --import "${GPG_PRIVATE_KEY_FILE}" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
|
||||
|
||||
# Export GPG keyring
|
||||
gpg --batch --yes --export "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/pubring.gpg"
|
||||
gpg --batch --yes --passphrase-fd 0 --export-secret-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/secring.gpg" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
|
||||
|
||||
- uses: actions/checkout@v6.0.2
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Install packages via apt
|
||||
run: |
|
||||
apt update --yes
|
||||
apt install --yes curl ca-certificates curl gnupg jq
|
||||
|
||||
- name: Install helm
|
||||
env:
|
||||
# renovate: datasource=docker depName=alpine/helm
|
||||
HELM_VERSION: "3.21.0"
|
||||
run: |
|
||||
curl --fail --location --output /dev/stdout --silent --show-error https://get.helm.sh/helm-v${HELM_VERSION}-linux-$(dpkg --print-architecture).tar.gz | tar --extract --gzip --file /dev/stdin
|
||||
mv linux-$(dpkg --print-architecture)/helm /usr/local/bin/
|
||||
rm --force --recursive linux-$(dpkg --print-architecture) helm-v${HELM_VERSION}-linux-$(dpkg --print-architecture).tar.gz
|
||||
helm version
|
||||
|
||||
- name: Install yq
|
||||
env:
|
||||
YQ_VERSION: v4.45.4 # renovate: datasource=github-releases depName=mikefarah/yq
|
||||
run: |
|
||||
curl --fail --location --output /dev/stdout --silent --show-error https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_$(dpkg --print-architecture).tar.gz | tar --extract --gzip --file /dev/stdin
|
||||
mv yq_linux_$(dpkg --print-architecture) /usr/local/bin
|
||||
rm --force --recursive yq_linux_$(dpkg --print-architecture) yq_linux_$(dpkg --print-architecture).tar.gz
|
||||
yq --version
|
||||
|
||||
- name: Install docker-ce via apt
|
||||
run: |
|
||||
install -m 0755 -d /etc/apt/keyrings
|
||||
curl --fail --location --silent --show-error https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
||||
chmod a+r /etc/apt/keyrings/docker.gpg
|
||||
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||
apt update --yes
|
||||
apt install --yes python3 python3-pip apt-transport-https docker-ce-cli
|
||||
|
||||
- name: Install awscli
|
||||
run: |
|
||||
pip install awscli --break-system-packages
|
||||
aws --version
|
||||
|
||||
- name: Import GPG key
|
||||
id: import_gpg
|
||||
uses: https://github.com/crazy-max/ghaction-import-gpg@v7
|
||||
with:
|
||||
gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
|
||||
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
|
||||
fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
|
||||
|
||||
- name: Add Artifacthub.io annotations
|
||||
run: |
|
||||
NEW_TAG="$(git tag --sort=-version:refname | head --lines 1)"
|
||||
OLD_TAG="$(git tag --sort=-version:refname | head --lines 2 | tail --lines 1)"
|
||||
.gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
|
||||
|
||||
- name: Print Chart.yaml
|
||||
run: cat Chart.yaml
|
||||
|
||||
# Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
|
||||
- name: package chart
|
||||
- name: Extract meta information
|
||||
run: |
|
||||
echo "GITEA_SERVER_HOSTNAME=$(echo "${GITHUB_SERVER_URL}" | cut --delimiter '/' --fields 3)" >> $GITHUB_ENV
|
||||
echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
|
||||
echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut --delimiter '/' --fields 2)" >> $GITHUB_ENV
|
||||
echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut --delimiter '/' --fields 1)" >> $GITHUB_ENV
|
||||
|
||||
- name: Package chart
|
||||
run: |
|
||||
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
|
||||
# FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
|
||||
helm plugin install https://github.com/pat-s/helm-gpg
|
||||
helm dependency build
|
||||
helm package --version "${GITHUB_REF#refs/tags/v}" ./
|
||||
mkdir gitea
|
||||
mv gitea*.tgz gitea/
|
||||
curl --fail --location --output gitea/index.yaml --silent --show-error https://dl.gitea.com/charts/index.yaml
|
||||
helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml
|
||||
# push to dockerhub
|
||||
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
|
||||
helm push gitea/gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
|
||||
helm registry logout registry-1.docker.io
|
||||
helm package \
|
||||
--sign \
|
||||
--key "$(gpg --with-colons --list-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" | grep uid | cut --delimiter ':' --fields 10)" \
|
||||
--keyring "${HOME}/.gnupg/secring.gpg" \
|
||||
--passphrase-file "${GPG_PRIVATE_KEY_PASSPHRASE_FILE}" \
|
||||
--version "${PACKAGE_VERSION}" ./
|
||||
|
||||
- name: aws credential configure
|
||||
uses: https://github.com/aws-actions/configure-aws-credentials@v6
|
||||
- uses: docker/login-action@v3.7.0
|
||||
with:
|
||||
aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
aws-region: ${{ secrets.AWS_REGION }}
|
||||
username: ${{ secrets.DOCKER_IO_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_IO_PASSWORD }}
|
||||
|
||||
- name: Copy files to S3 and clear cache
|
||||
- name: Upload package as OCI artifact to docker.io
|
||||
env:
|
||||
DOCKER_IO_REPO_NAME: ${{ vars.DOCKER_IO_REPO_NAME }}
|
||||
run: |
|
||||
aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/
|
||||
helm push *-${PACKAGE_VERSION}.tgz "oci://registry-1.docker.io/${DOCKER_IO_REPO_NAME}"
|
||||
|
||||
release-gitea:
|
||||
needs: generate-chart-publish
|
||||
- uses: docker/login-action@v3.7.0
|
||||
with:
|
||||
registry: ${{ github.server_url }}
|
||||
username: ${{ secrets.GITEA_PACKAGE_REGISTRY_USERNAME }}
|
||||
password: ${{ secrets.GITEA_PACKAGE_REGISTRY_TOKEN }}
|
||||
|
||||
- name: Upload package as OCI artifact to Gitea
|
||||
run: |
|
||||
helm push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz "oci://${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}/${REPOSITORY_NAME}"
|
||||
|
||||
|
||||
# - name: Build new index.yaml
|
||||
# run: |
|
||||
# mkdir gitea
|
||||
# curl \
|
||||
# --fail \
|
||||
# --header \
|
||||
# --location \
|
||||
# --output gitea/index.yaml \
|
||||
# --show-error \
|
||||
# --silent \
|
||||
# https://dl.gitea.com/charts/index.yaml
|
||||
|
||||
# helm repo index \
|
||||
# --merge gitea/index.yaml \
|
||||
# --url https://dl.gitea.com/charts \
|
||||
# gitea/
|
||||
|
||||
# - uses: aws-actions/configure-aws-credentials@v6.0.0
|
||||
# with:
|
||||
# aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
|
||||
# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
# aws-region: ${{ secrets.AWS_REGION }}
|
||||
|
||||
# - name: Upload package as Helm chart to AWS S3
|
||||
# run: |
|
||||
# aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET }}/charts/
|
||||
|
||||
publish-release-notes:
|
||||
needs: publish-chart
|
||||
runs-on: ubuntu-latest
|
||||
container: docker.io/thegeeklab/git-sv:2.1.1
|
||||
steps:
|
||||
- name: install tools
|
||||
- name: Install gitsv
|
||||
env:
|
||||
GITSV_VERSION: v2.0.9 # renovate: datasource=github-releases depName=thegeeklab/git-sv
|
||||
run: |
|
||||
apk add -q --update --no-cache nodejs
|
||||
- uses: actions/checkout@v6
|
||||
curl \
|
||||
--fail \
|
||||
--location \
|
||||
--output git-sv \
|
||||
--output-dir /usr/local/bin \
|
||||
--silent \
|
||||
--show-error \
|
||||
https://github.com/thegeeklab/git-sv/releases/download/${GITSV_VERSION}/git-sv-linux-$(dpkg --print-architecture)
|
||||
git-sv --version
|
||||
|
||||
- uses: actions/checkout@v6.0.0
|
||||
with:
|
||||
fetch-tags: true
|
||||
fetch-depth: 0
|
||||
@@ -112,12 +162,12 @@ jobs:
|
||||
- name: Create changelog
|
||||
run: |
|
||||
git sv current-version
|
||||
git sv release-notes -t ${GITHUB_REF#refs/tags/} -o CHANGELOG.md
|
||||
sed -i '1,2d' CHANGELOG.md # remove version
|
||||
git sv release-notes -t "${PACKAGE_VERSION}" -o CHANGELOG.md
|
||||
sed -i '1,2d' CHANGELOG.md
|
||||
cat CHANGELOG.md
|
||||
|
||||
- name: Release
|
||||
uses: https://github.com/akkuman/gitea-release-action@v1
|
||||
uses: akkuman/gitea-release-action@v1.3.5
|
||||
with:
|
||||
body_path: CHANGELOG.md
|
||||
token: "${{ secrets.RELEASE_TOKEN }}"
|
||||
|
||||
@@ -1,45 +0,0 @@
|
||||
name: check-and-test
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches:
|
||||
- "*"
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
|
||||
env:
|
||||
# renovate: datasource=github-releases depName=helm-unittest/helm-unittest
|
||||
HELM_UNITTEST_VERSION: "v1.1.0"
|
||||
|
||||
jobs:
|
||||
check-and-test:
|
||||
runs-on: ubuntu-latest
|
||||
container: alpine/helm:3.21.0
|
||||
steps:
|
||||
- name: install tools
|
||||
run: |
|
||||
apk update
|
||||
apk add --update bash make nodejs npm yamllint ncurses
|
||||
- uses: actions/checkout@v6
|
||||
- name: install chart dependencies
|
||||
run: helm dependency build
|
||||
- name: lint
|
||||
run: helm lint
|
||||
- name: template
|
||||
run: helm template --debug gitea-helm .
|
||||
- name: prepare unit test environment
|
||||
run: |
|
||||
helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
|
||||
git submodule update --init --recursive
|
||||
- name: unit tests
|
||||
env:
|
||||
TERM: xterm
|
||||
run: |
|
||||
make unittests
|
||||
- name: verify readme
|
||||
run: |
|
||||
make readme
|
||||
git diff --exit-code --name-only README.md
|
||||
- name: yaml lint
|
||||
uses: https://github.com/ibiqlik/action-yamllint@v3
|
||||
@@ -0,0 +1,29 @@
|
||||
name: Update changelog
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ "main" ]
|
||||
workflow_dispatch: {}
|
||||
|
||||
jobs:
|
||||
changelog:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Install packages via apt-get
|
||||
run: |
|
||||
apt-get update &&
|
||||
apt-get install --yes curl jq
|
||||
- uses: actions/checkout@v5.0.0
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Install git-sv
|
||||
env:
|
||||
GIT_SV_VERSION: v2.0.4 # renovate: datasource=github-releases depName=thegeeklab/git-sv
|
||||
run: |
|
||||
curl --fail --location --output /usr/local/bin/git-sv --silent --show-error https://github.com/thegeeklab/git-sv/releases/download/${GIT_SV_VERSION}/git-sv-linux-$(dpkg --print-architecture)
|
||||
chmod +x /usr/local/bin/git-sv
|
||||
git-sv --version
|
||||
- name: Update changelog issue
|
||||
env:
|
||||
ISSUE_RW_TOKEN: ${{ secrets.ISSUE_RW_TOKEN }}
|
||||
run: .gitea/scripts/update-changelog.sh
|
||||
@@ -0,0 +1,8 @@
|
||||
{
|
||||
"projectBaseUrl":"${workspaceFolder}",
|
||||
"ignorePatterns": [
|
||||
{
|
||||
"pattern": "^http://localhost"
|
||||
}
|
||||
]
|
||||
}
|
||||
Vendored
+1
-1
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"yaml.schemas": {
|
||||
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.1.0/schema/helm-testsuite.json": [
|
||||
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.1/schema/helm-testsuite.json": [
|
||||
"/unittests/**/*.yaml"
|
||||
]
|
||||
},
|
||||
|
||||
+1
-1
@@ -1 +1 @@
|
||||
* @volker.raschek @ChristopherHX
|
||||
* @rossigee @volker.raschek @ChristopherHX
|
||||
|
||||
+1
-2
@@ -44,8 +44,7 @@ be used:
|
||||
`helm install --dependency-update gitea . -f values.yaml`.
|
||||
1. Gitea is now deployed in `minikube`.
|
||||
To access it, it's port needs to be forwarded first from `minikube` to localhost first via `kubectl --namespace
|
||||
default port-forward svc/gitea-http 3000:3000`.
|
||||
Now Gitea is accessible at [http://localhost:3000](http://localhost:3000).
|
||||
default port-forward svc/gitea-http 3000:3000`. Now Gitea is accessible at [http://localhost:3000](http://localhost:3000).
|
||||
|
||||
### Unit tests
|
||||
|
||||
|
||||
+4
-1
@@ -4,7 +4,7 @@ description: Gitea Helm chart for Kubernetes
|
||||
type: application
|
||||
version: 0.0.0
|
||||
# renovate datasource=github-releases depName=go-gitea/gitea extractVersion=^v(?<version>.*)$
|
||||
appVersion: 1.26.2
|
||||
appVersion: 1.24.6
|
||||
icon: https://gitea.com/assets/img/logo.svg
|
||||
|
||||
annotations:
|
||||
@@ -26,6 +26,9 @@ sources:
|
||||
- https://docker.gitea.com/gitea
|
||||
|
||||
maintainers:
|
||||
# https://gitea.com/rossigee
|
||||
- name: Ross Golder
|
||||
email: ross@golder.org
|
||||
# https://gitea.com/volker.raschek
|
||||
- name: Markus Pesch
|
||||
email: markus.pesch+apps@cryptic.systems
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
- [Rootless Defaults](#rootless-defaults)
|
||||
- [Session, Cache and Queue](#session-cache-and-queue)
|
||||
- [Single-Pod Configurations](#single-pod-configurations)
|
||||
- [Additional _app.ini_ settings](#additional-appini-settings)
|
||||
- [Additional app.ini settings](#additional-appini-settings)
|
||||
- [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini)
|
||||
- [External Database](#external-database)
|
||||
- [Ports and external url](#ports-and-external-url)
|
||||
@@ -72,7 +72,7 @@ Additionally, this chart allows to provide LDAP and admin user configuration wit
|
||||
## Update and versioning policy
|
||||
|
||||
The Gitea helm chart versioning does not follow Gitea's versioning.
|
||||
The latest chart version can be looked up in [https://dl.gitea.com/charts](https://dl.gitea.com/charts) or in the [repository releases](https://gitea.com/gitea/helm-gitea/releases).
|
||||
The latest chart version can be looked up in [https://dl.gitea.com/charts/](https://dl.gitea.com/charts/) or in the [repository releases](https://gitea.com/gitea/helm-gitea/releases).
|
||||
|
||||
The chart aims to follow Gitea's releases closely.
|
||||
There might be times when the chart is behind the latest Gitea release.
|
||||
@@ -266,7 +266,7 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us
|
||||
|
||||
- `$HOME` becomes `/data/gitea/git`
|
||||
|
||||
[see deployment.yaml](./templates/gitea/deployment.yaml) template inside (init-)container "env" declarations
|
||||
[see deployment.yaml](./templates/deployment.yaml) template inside (init-)container "env" declarations
|
||||
|
||||
- `START_SSH_SERVER: true` (Unless explicity overwritten by `gitea.config.server.START_SSH_SERVER`)
|
||||
|
||||
@@ -278,38 +278,7 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us
|
||||
|
||||
- `SSH_LOG_LEVEL` environment variable is not injected into the container
|
||||
|
||||
[see deployment.yaml](./templates/gitea/deployment.yaml) template inside container "env" declarations
|
||||
|
||||
#### OpenShift Compatibility
|
||||
|
||||
When installing on OpenShift, enable the compatibility profile so chart-managed pods render SCC-safe defaults and the Gitea init containers stop forcing `runAsUser: 1000`:
|
||||
|
||||
```yaml
|
||||
openshift:
|
||||
enabled: true
|
||||
```
|
||||
|
||||
When enabled, the chart applies `allowPrivilegeEscalation: false`, drops all
|
||||
Linux capabilities, sets `runAsNonRoot: true`, uses
|
||||
`seccompProfile.type: RuntimeDefault`, and leaves `hostUsers` unset unless
|
||||
`openshift.hostUsers` is explicitly overridden.
|
||||
|
||||
The deployment keeps the existing vanilla Kubernetes behavior when OpenShift
|
||||
compatibility is disabled. Auto-detection relies on the
|
||||
`security.openshift.io/v1/SecurityContextConstraints` API, so set
|
||||
`openshift.enabled: true` explicitly when rendering outside a live cluster.
|
||||
|
||||
If you also want to expose Gitea through an OpenShift Route, enable the optional Route resource:
|
||||
|
||||
```yaml
|
||||
route:
|
||||
enabled: true
|
||||
host: git.apps.example.com
|
||||
tls:
|
||||
termination: edge
|
||||
```
|
||||
|
||||
When `route.host` is set, the chart uses it for `DOMAIN`, `SSH_DOMAIN`, and `ROOT_URL`. Setting `route.tls.termination` also switches the default `ROOT_URL` scheme to `https`.
|
||||
[see deployment.yaml](./templates/deployment.yaml) template inside container "env" declarations
|
||||
|
||||
#### Session, Cache and Queue
|
||||
|
||||
@@ -391,7 +360,7 @@ If HA is not needed/desired, the following configurations can be used to deploy
|
||||
|
||||
</details>
|
||||
|
||||
### Additional _app.ini_ settings
|
||||
### Additional app.ini settings
|
||||
|
||||
> **The [generic](https://docs.gitea.com/administration/config-cheat-sheet#overall-default)
|
||||
> section cannot be defined that way.**
|
||||
@@ -412,7 +381,7 @@ gitea:
|
||||
```
|
||||
|
||||
This would mount the two additional volumes (`oauth` and `some-additionals`) from different sources to the init container where the _app.ini_ gets updated.
|
||||
All files mounted that way will be read and converted to environment variables and then added to the _app.ini_ using [Gitea config edit-ini](https://docs.gitea.com/administration/config-cheat-sheet#use-environment-variables-to-setup-gitea).
|
||||
All files mounted that way will be read and converted to environment variables and then added to the _app.ini_ using [environment-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini).
|
||||
|
||||
The key of such additional source represents the section inside the _app.ini_.
|
||||
The value for each key can be multiline ini-like definitions.
|
||||
@@ -453,10 +422,10 @@ Users are able to define their own environment variables, which are loaded into
|
||||
We also support to directly interact with the generated _app.ini_.
|
||||
|
||||
To inject self defined variables into the _app.ini_ a certain format needs to be honored.
|
||||
This is described in detail on the [Gitea config edit-ini](https://docs.gitea.com/administration/config-cheat-sheet#use-environment-variables-to-setup-gitea) page.
|
||||
This is described in detail on the [env-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini) page.
|
||||
|
||||
Prior to Gitea 1.20 and Chart 9.0.0 the helm chart had a custom prefix `ENV_TO_INI`.
|
||||
After the support for a custom prefix was removed in Gitea core, the prefix was changed to `GITEA`.
|
||||
After the support for a custom prefix was removed in Gite core, the prefix was changed to `GITEA`.
|
||||
|
||||
For example a database setting needs to have the following format:
|
||||
|
||||
@@ -1006,14 +975,12 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
|
||||
|
||||
### Security
|
||||
|
||||
| Name | Description | Value |
|
||||
| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ----- |
|
||||
| `openshift.enabled` | Enable OpenShift compatibility defaults for chart-managed pods. Defaults to auto-detect based on the SecurityContextConstraints API. | `nil` |
|
||||
| `openshift.hostUsers` | Override the PodSpec hostUsers field for chart-managed pods. When unset, the field is omitted so the platform default is used. | `nil` |
|
||||
| `podSecurityContext` | Pod security context. On non-OpenShift clusters the chart defaults `fsGroup` to `1000` when this map is empty. | `{}` |
|
||||
| `containerSecurityContext` | Security context | `{}` |
|
||||
| `securityContext` | Run init and Gitea containers as a specific securityContext | `{}` |
|
||||
| `podDisruptionBudget` | Pod disruption budget | `{}` |
|
||||
| Name | Description | Value |
|
||||
| ---------------------------- | --------------------------------------------------------------- | ------ |
|
||||
| `podSecurityContext.fsGroup` | Set the shared file system group for all containers in the pod. | `1000` |
|
||||
| `containerSecurityContext` | Security context | `{}` |
|
||||
| `securityContext` | Run init and Gitea containers as a specific securityContext | `{}` |
|
||||
| `podDisruptionBudget` | Pod disruption budget | `{}` |
|
||||
|
||||
### Service
|
||||
|
||||
@@ -1059,22 +1026,6 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
|
||||
| `ingress.hosts[0].paths[0].path` | Default Ingress path | `/` |
|
||||
| `ingress.tls` | Ingress tls settings | `[]` |
|
||||
|
||||
### Route
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------- | -------------------------------------------------------------------------------------------------------------- | ------- |
|
||||
| `route.enabled` | Enable OpenShift Route | `false` |
|
||||
| `route.annotations` | Route annotations | `{}` |
|
||||
| `route.host` | Route host. When unset, OpenShift may generate one and Gitea URL defaults fall back to ingress/service values. | `""` |
|
||||
| `route.path` | Route path | `""` |
|
||||
| `route.wildcardPolicy` | Route wildcard policy | `None` |
|
||||
| `route.tls.termination` | Route TLS termination type | `nil` |
|
||||
| `route.tls.insecureEdgeTerminationPolicy` | Route insecure edge termination policy | `nil` |
|
||||
| `route.tls.key` | Route TLS key | `nil` |
|
||||
| `route.tls.certificate` | Route TLS certificate | `nil` |
|
||||
| `route.tls.caCertificate` | Route TLS CA certificate | `nil` |
|
||||
| `route.tls.destinationCACertificate` | Route destination CA certificate | `nil` |
|
||||
|
||||
### deployment
|
||||
|
||||
| Name | Description | Value |
|
||||
@@ -1147,30 +1098,29 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
|
||||
|
||||
### Gitea
|
||||
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------- |
|
||||
| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` |
|
||||
| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` |
|
||||
| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` |
|
||||
| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` |
|
||||
| `gitea.admin.passwordMode` | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated | `keepUpdated` |
|
||||
| `gitea.metrics.enabled` | Enable Gitea metrics | `false` |
|
||||
| `gitea.metrics.token` | used for `bearer` token authentication on metrics endpoint. If not specified or empty metrics endpoint is public. | `nil` |
|
||||
| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor. Requires, that `gitea.metrics.enabled` is also set to true, to enable metrics generally. | `false` |
|
||||
| `gitea.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | `""` |
|
||||
| `gitea.metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` |
|
||||
| `gitea.metrics.serviceMonitor.scheme` | HTTP scheme to use for scraping. For example `http` or `https`. Default is http. | `""` |
|
||||
| `gitea.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. | `""` |
|
||||
| `gitea.metrics.serviceMonitor.tlsConfig` | TLS configuration to use when scraping the metric endpoint by Prometheus. | `{}` |
|
||||
| `gitea.ldap` | LDAP configuration | `[]` |
|
||||
| `gitea.oauth` | OAuth configuration | `[]` |
|
||||
| `gitea.config.server.SSH_PORT` | SSH port for rootlful Gitea image | `22` |
|
||||
| `gitea.config.server.SSH_LISTEN_PORT` | SSH port for rootless Gitea image | `2222` |
|
||||
| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` |
|
||||
| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` |
|
||||
| `gitea.extraEnvSourceFile` | Source environment variables from a file during init container startup. This is especially useful for reading environment variable files generated by the Vault agent-injector. | `nil` |
|
||||
| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` |
|
||||
| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` |
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | -------------------- |
|
||||
| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` |
|
||||
| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` |
|
||||
| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` |
|
||||
| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` |
|
||||
| `gitea.admin.passwordMode` | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated | `keepUpdated` |
|
||||
| `gitea.metrics.enabled` | Enable Gitea metrics | `false` |
|
||||
| `gitea.metrics.token` | used for `bearer` token authentication on metrics endpoint. If not specified or empty metrics endpoint is public. | `nil` |
|
||||
| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor. Requires, that `gitea.metrics.enabled` is also set to true, to enable metrics generally. | `false` |
|
||||
| `gitea.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | `""` |
|
||||
| `gitea.metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` |
|
||||
| `gitea.metrics.serviceMonitor.scheme` | HTTP scheme to use for scraping. For example `http` or `https`. Default is http. | `""` |
|
||||
| `gitea.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. | `""` |
|
||||
| `gitea.metrics.serviceMonitor.tlsConfig` | TLS configuration to use when scraping the metric endpoint by Prometheus. | `{}` |
|
||||
| `gitea.ldap` | LDAP configuration | `[]` |
|
||||
| `gitea.oauth` | OAuth configuration | `[]` |
|
||||
| `gitea.config.server.SSH_PORT` | SSH port for rootlful Gitea image | `22` |
|
||||
| `gitea.config.server.SSH_LISTEN_PORT` | SSH port for rootless Gitea image | `2222` |
|
||||
| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` |
|
||||
| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` |
|
||||
| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` |
|
||||
| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` |
|
||||
|
||||
### LivenessProbe
|
||||
|
||||
@@ -1208,89 +1158,68 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
|
||||
| `gitea.startupProbe.successThreshold` | Success threshold for startup probe | `1` |
|
||||
| `gitea.startupProbe.failureThreshold` | Failure threshold for startup probe | `10` |
|
||||
|
||||
### Network Policy
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------- | ------------------------------------------------------------------------- | ------- |
|
||||
| `networkPolicy.enabled` | Enable network policies in general. | `false` |
|
||||
| `networkPolicy.annotations` | Additional network policy annotations. | `{}` |
|
||||
| `networkPolicy.labels` | Additional network policy labels. | `{}` |
|
||||
| `networkPolicy.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]` |
|
||||
| `networkPolicy.egress` | Concrete egress network policy implementation. | `[]` |
|
||||
| `networkPolicy.ingress` | Concrete ingress network policy implementation. | `[]` |
|
||||
|
||||
### valkey-cluster
|
||||
|
||||
Valkey cluster and [Valkey](#valkey) cannot be enabled at the same time.
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------------- | --------------------------------------------------------------------------- | ------------------------------ |
|
||||
| `valkey-cluster.enabled` | Enable valkey cluster | `true` |
|
||||
| `valkey-cluster.usePassword` | Whether to use password authentication. | `false` |
|
||||
| `valkey-cluster.usePasswordFiles` | Whether to mount passwords as files instead of environment variables. | `false` |
|
||||
| `valkey-cluster.image.repository` | Image repository, eg. `bitnamilegacy/valkey-cluster`. | `bitnamilegacy/valkey-cluster` |
|
||||
| `valkey-cluster.cluster.nodes` | Number of valkey cluster master nodes | `3` |
|
||||
| `valkey-cluster.cluster.replicas` | Number of valkey cluster master node replicas | `0` |
|
||||
| `valkey-cluster.metrics.image.repository` | Image repository, eg. `bitnamilegacy/redis-exporter`. | `bitnamilegacy/redis-exporter` |
|
||||
| `valkey-cluster.persistence.enabled` | Enable persistence on Valkey replicas nodes using Persistent Volume Claims. | `true` |
|
||||
| `valkey-cluster.persistence.storageClass` | Persistent Volume storage class. | `""` |
|
||||
| `valkey-cluster.persistence.size` | Persistent Volume size. | `8Gi` |
|
||||
| `valkey-cluster.service.ports.valkey` | Port of Valkey service | `6379` |
|
||||
| `valkey-cluster.sysctlImage.repository` | Image repository, eg. `bitnamilegacy/os-shell`. | `bitnamilegacy/os-shell` |
|
||||
| `valkey-cluster.volumePermissions.image.repository` | Image repository, eg. `bitnamilegacy/os-shell`. | `bitnamilegacy/os-shell` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------- | -------------------------------------------------------------------- | ------- |
|
||||
| `valkey-cluster.enabled` | Enable valkey cluster | `true` |
|
||||
| `valkey-cluster.usePassword` | Whether to use password authentication | `false` |
|
||||
| `valkey-cluster.usePasswordFiles` | Whether to mount passwords as files instead of environment variables | `false` |
|
||||
| `valkey-cluster.cluster.nodes` | Number of valkey cluster master nodes | `3` |
|
||||
| `valkey-cluster.cluster.replicas` | Number of valkey cluster master node replicas | `0` |
|
||||
| `valkey-cluster.service.ports.valkey` | Port of Valkey service | `6379` |
|
||||
|
||||
### valkey
|
||||
|
||||
Valkey and [Valkey cluster](#valkey-cluster) cannot be enabled at the same time.
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------- | --------------------------------------------------------------------------- | ------------------------------- |
|
||||
| `valkey.enabled` | Enable valkey standalone or replicated | `false` |
|
||||
| `valkey.architecture` | Whether to use standalone or replication | `standalone` |
|
||||
| `valkey.kubectl.image.repository` | Image repository, eg. `bitnamilegacy/kubectl`. | `bitnamilegacy/kubectl` |
|
||||
| `valkey.image.repository` | Image repository, eg. `bitnamilegacy/valkey`. | `bitnamilegacy/valkey` |
|
||||
| `valkey.global.valkey.password` | Required password | `changeme` |
|
||||
| `valkey.master.count` | Number of Valkey master instances to deploy | `1` |
|
||||
| `valkey.master.service.ports.valkey` | Port of Valkey service | `6379` |
|
||||
| `valkey.metrics.image.repository` | Image repository, eg. `bitnamilegacy/redis-exporter`. | `bitnamilegacy/redis-exporter` |
|
||||
| `valkey.primary.persistence.enabled` | Enable persistence on Valkey replicas nodes using Persistent Volume Claims. | `true` |
|
||||
| `valkey.primary.persistence.storageClass` | Persistent Volume storage class. | `""` |
|
||||
| `valkey.primary.persistence.size` | Persistent Volume size. | `8Gi` |
|
||||
| `valkey.replica.persistence.enabled` | Enable persistence on Valkey replicas nodes using Persistent Volume Claims. | `true` |
|
||||
| `valkey.replica.persistence.storageClass` | Persistent Volume storage class. | `""` |
|
||||
| `valkey.replica.persistence.size` | Persistent Volume size. | `8Gi` |
|
||||
| `valkey.sentinel.image.repository` | Image repository, eg. `bitnamilegacy/sentinel`. | `bitnamilegacy/valkey-sentinel` |
|
||||
| `valkey.volumePermissions.image.repository` | Image repository, eg. `bitnamilegacy/os-shell`. | `bitnamilegacy/os-shell` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------ | ------------------------------------------- | ------------ |
|
||||
| `valkey.enabled` | Enable valkey standalone or replicated | `false` |
|
||||
| `valkey.architecture` | Whether to use standalone or replication | `standalone` |
|
||||
| `valkey.global.valkey.password` | Required password | `changeme` |
|
||||
| `valkey.master.count` | Number of Valkey master instances to deploy | `1` |
|
||||
| `valkey.master.service.ports.valkey` | Port of Valkey service | `6379` |
|
||||
|
||||
### PostgreSQL HA
|
||||
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------- |
|
||||
| `postgresql-ha.enabled` | Enable PostgreSQL HA | `true` |
|
||||
| `postgresql-ha.global.postgresql.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` |
|
||||
| `postgresql-ha.global.postgresql.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` |
|
||||
| `postgresql-ha.global.postgresql.password` | Name for a custom password to create (overrides `auth.password`) | `gitea` |
|
||||
| `postgresql-ha.metrics.image.repository` | Image repository, eg. `bitnamilegacy/postgres-exporter`. | `bitnamilegacy/postgres-exporter` |
|
||||
| `postgresql-ha.postgresql.image.repository` | Image repository, eg. `bitnamilegacy/postgresql-repmgr`. | `bitnamilegacy/postgresql-repmgr` |
|
||||
| `postgresql-ha.postgresql.repmgrPassword` | Repmgr Password | `changeme2` |
|
||||
| `postgresql-ha.postgresql.postgresPassword` | postgres Password | `changeme1` |
|
||||
| `postgresql-ha.postgresql.password` | Password for the `gitea` user (overrides `auth.password`) | `changeme4` |
|
||||
| `postgresql-ha.pgpool.adminPassword` | pgpool adminPassword | `changeme3` |
|
||||
| `postgresql-ha.pgpool.image.repository` | Image repository, eg. `bitnamilegacy/pgpool`. | `bitnamilegacy/pgpool` |
|
||||
| `postgresql-ha.pgpool.srCheckPassword` | pgpool srCheckPassword | `changeme4` |
|
||||
| `postgresql-ha.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` |
|
||||
| `postgresql-ha.persistence.enabled` | Enable persistence. | `true` |
|
||||
| `postgresql-ha.persistence.storageClass` | Persistent Volume Storage Class. | `""` |
|
||||
| `postgresql-ha.persistence.size` | PVC Storage Request for PostgreSQL HA volume | `10Gi` |
|
||||
| `postgresql-ha.volumePermissions.image.repository` | Image repository, eg. `bitnamilegacy/os-shell`. | `bitnamilegacy/os-shell` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------- | ---------------------------------------------------------------- | ----------- |
|
||||
| `postgresql-ha.enabled` | Enable PostgreSQL HA | `true` |
|
||||
| `postgresql-ha.postgresql.password` | Password for the `gitea` user (overrides `auth.password`) | `changeme4` |
|
||||
| `postgresql-ha.global.postgresql.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` |
|
||||
| `postgresql-ha.global.postgresql.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` |
|
||||
| `postgresql-ha.global.postgresql.password` | Name for a custom password to create (overrides `auth.password`) | `gitea` |
|
||||
| `postgresql-ha.postgresql.repmgrPassword` | Repmgr Password | `changeme2` |
|
||||
| `postgresql-ha.postgresql.postgresPassword` | postgres Password | `changeme1` |
|
||||
| `postgresql-ha.pgpool.adminPassword` | pgpool adminPassword | `changeme3` |
|
||||
| `postgresql-ha.pgpool.srCheckPassword` | pgpool srCheckPassword | `changeme4` |
|
||||
| `postgresql-ha.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` |
|
||||
| `postgresql-ha.persistence.size` | PVC Storage Request for PostgreSQL HA volume | `10Gi` |
|
||||
|
||||
### PostgreSQL
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------- |
|
||||
| `postgresql.enabled` | Enable PostgreSQL | `false` |
|
||||
| `postgresql.global.postgresql.auth.password` | Password for the `gitea` user (overrides `auth.password`) | `gitea` |
|
||||
| `postgresql.global.postgresql.auth.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` |
|
||||
| `postgresql.global.postgresql.auth.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` |
|
||||
| `postgresql.global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` |
|
||||
| `postgresql.image.repository` | Image repository, eg. `bitnamilegacy/postgresql`. | `bitnamilegacy/postgresql` |
|
||||
| `postgresql.primary.persistence.enabled` | Enable persistence. | `true` |
|
||||
| `postgresql.primary.persistence.storageClass` | Persistent Volume storage class. | `""` |
|
||||
| `postgresql.primary.persistence.size` | PVC Storage Request for PostgreSQL volume. | `10Gi` |
|
||||
| `postgresql.readReplicas.persistence.enabled` | Enable PostgreSQL read only data persistence using PVC. | `true` |
|
||||
| `postgresql.readReplicas.persistence.storageClass` | Persistent Volume storage class. | `""` |
|
||||
| `postgresql.readReplicas.persistence.size` | PVC Storage Request for PostgreSQL volume. | `""` |
|
||||
| `postgresql.metrics.image.repository` | Image repository, eg. `bitnamilegacy/postgres-exporter`. | `bitnamilegacy/postgres-exporter` |
|
||||
| `postgresql.volumePermissions.image.repository` | Image repository, eg. `bitnamilegacy/os-shell`. | `bitnamilegacy/os-shell` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------- | ---------------------------------------------------------------- | ------- |
|
||||
| `postgresql.enabled` | Enable PostgreSQL | `false` |
|
||||
| `postgresql.global.postgresql.auth.password` | Password for the `gitea` user (overrides `auth.password`) | `gitea` |
|
||||
| `postgresql.global.postgresql.auth.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` |
|
||||
| `postgresql.global.postgresql.auth.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` |
|
||||
| `postgresql.global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` |
|
||||
| `postgresql.primary.persistence.size` | PVC Storage Request for PostgreSQL volume | `10Gi` |
|
||||
|
||||
### Advanced
|
||||
|
||||
@@ -1577,7 +1506,7 @@ mariadb:
|
||||
|
||||
### App.ini generation <!-- omit from toc -->
|
||||
|
||||
The app.ini generation has changed and now uses the `gitea config edit-ini` subcommand introduced in Gitea 1.26.
|
||||
The app.ini generation has changed and now utilizes the environment-to-ini script provided by newer Gitea versions.
|
||||
This change ensures, that the app.ini is now persistent.
|
||||
|
||||
### Secret Key generation <!-- omit from toc -->
|
||||
|
||||
Generated
+1397
-148
File diff suppressed because it is too large
Load Diff
+3
-1
@@ -9,11 +9,13 @@
|
||||
"npm": ">=8.0.0"
|
||||
},
|
||||
"scripts": {
|
||||
"readme:link": "markdown-link-check --config .markdownlink.json *.md",
|
||||
"readme:lint": "markdownlint *.md -f",
|
||||
"readme:parameters": "readme-generator -v values.yaml -r README.md"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@bitnami/readme-generator-for-helm": "^2.5.0",
|
||||
"markdownlint-cli": "^0.48.0"
|
||||
"markdown-link-check": "^3.13.6",
|
||||
"markdownlint-cli": "^0.45.0"
|
||||
}
|
||||
}
|
||||
@@ -78,6 +78,7 @@ function env2ini::reload_preset_envs() {
|
||||
rm $TMP_EXISTING_ENVS_FILE
|
||||
}
|
||||
|
||||
|
||||
function env2ini::process_config_file() {
|
||||
local config_file="${1}"
|
||||
local section="$(basename "${config_file}")"
|
||||
@@ -150,4 +151,4 @@ if [ -f ${GITEA_APP_INI} ]; then
|
||||
unset GITEA__SERVER__LFS_JWT_SECRET
|
||||
fi
|
||||
|
||||
gitea config edit-ini --apply-env --config "$GITEA_APP_INI" --out "$GITEA_APP_INI"
|
||||
environment-to-ini -o $GITEA_APP_INI
|
||||
|
||||
+1
-8
@@ -1,12 +1,5 @@
|
||||
1. Get the application URL by running these commands:
|
||||
{{- if .Values.route.enabled }}
|
||||
{{- if .Values.route.host }}
|
||||
{{ include "gitea.public_protocol" . }}://{{ tpl .Values.route.host . }}{{ .Values.route.path }}
|
||||
{{- else }}
|
||||
export ROUTE_HOST=$(kubectl get route --namespace {{ .Release.Namespace }} {{ include "gitea.fullname" . }} -o jsonpath="{.spec.host}")
|
||||
echo {{ include "gitea.public_protocol" . }}://$ROUTE_HOST{{ .Values.route.path }}
|
||||
{{- end }}
|
||||
{{- else if .Values.ingress.enabled }}
|
||||
{{- if .Values.ingress.enabled }}
|
||||
{{- range $host := .Values.ingress.hosts }}
|
||||
{{- range .paths }}
|
||||
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
|
||||
|
||||
+15
-98
@@ -76,87 +76,6 @@ imagePullSecrets:
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return true when OpenShift compatibility defaults should be rendered.
|
||||
If openshift.enabled is unset, auto-detect via the SCC API.
|
||||
*/}}
|
||||
{{- define "gitea.openshift.enabled" -}}
|
||||
{{- if kindIs "bool" .Values.openshift.enabled -}}
|
||||
{{ ternary "true" "false" .Values.openshift.enabled }}
|
||||
{{- else if .Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints" -}}
|
||||
true
|
||||
{{- else -}}
|
||||
false
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the pod's hostUsers setting when OpenShift compatibility is enabled.
|
||||
*/}}
|
||||
{{- define "gitea.hostUsers" -}}
|
||||
{{- if eq (include "gitea.openshift.enabled" . | trim) "true" -}}
|
||||
{{- if kindIs "bool" .Values.openshift.hostUsers -}}
|
||||
{{ ternary "true" "false" .Values.openshift.hostUsers }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Render pod securityContext. On non-OpenShift clusters an empty map defaults fsGroup to 1000.
|
||||
*/}}
|
||||
{{- define "gitea.podSecurityContext" -}}
|
||||
{{- $podSecurityContext := deepCopy .Values.podSecurityContext -}}
|
||||
{{- if and (ne (include "gitea.openshift.enabled" . | trim) "true") (not (hasKey $podSecurityContext "fsGroup")) -}}
|
||||
{{- $_ := set $podSecurityContext "fsGroup" 1000 -}}
|
||||
{{- end -}}
|
||||
{{- if gt (len $podSecurityContext) 0 -}}
|
||||
{{ toYaml $podSecurityContext }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Render container securityContext with OpenShift restricted SCC defaults when enabled.
|
||||
*/}}
|
||||
{{- define "gitea.containerSecurityContext" -}}
|
||||
{{- $root := index . 0 -}}
|
||||
{{- $containerSecurityContext := deepCopy (index . 1) -}}
|
||||
{{- if eq (include "gitea.openshift.enabled" $root | trim) "true" -}}
|
||||
{{- $containerSecurityContext = mergeOverwrite (dict
|
||||
"allowPrivilegeEscalation" false
|
||||
"capabilities" (dict "drop" (list "ALL"))
|
||||
"runAsNonRoot" true
|
||||
"seccompProfile" (dict "type" "RuntimeDefault")
|
||||
) $containerSecurityContext -}}
|
||||
{{- end -}}
|
||||
{{- if gt (len $containerSecurityContext) 0 -}}
|
||||
{{ toYaml $containerSecurityContext }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Render the securityContext for init containers that execute Gitea/GPG commands.
|
||||
These default to runAsUser 1000 outside OpenShift to preserve existing behavior.
|
||||
*/}}
|
||||
{{- define "gitea.commandInitContainerSecurityContext" -}}
|
||||
{{- $root := index . 0 -}}
|
||||
{{- $containerSecurityContext := deepCopy (index . 1) -}}
|
||||
{{- if and (ne (include "gitea.openshift.enabled" $root | trim) "true") (not (hasKey $containerSecurityContext "runAsUser")) -}}
|
||||
{{- $_ := set $containerSecurityContext "runAsUser" 1000 -}}
|
||||
{{- end -}}
|
||||
{{- include "gitea.containerSecurityContext" (list $root $containerSecurityContext) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Render the runtime container securityContext while honoring the deprecated securityContext value.
|
||||
*/}}
|
||||
{{- define "gitea.runtimeContainerSecurityContext" -}}
|
||||
{{- $containerSecurityContext := deepCopy .Values.containerSecurityContext -}}
|
||||
{{- if and (eq (len $containerSecurityContext) 0) .Values.securityContext -}}
|
||||
{{- $containerSecurityContext = deepCopy .Values.securityContext -}}
|
||||
{{- end -}}
|
||||
{{- include "gitea.containerSecurityContext" (list . $containerSecurityContext) -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Storage Class
|
||||
@@ -168,6 +87,12 @@ storageClassName: {{ $storageClass | quote }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Common annotations
|
||||
*/}}
|
||||
{{- define "gitea.annotations" -}}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
@@ -220,7 +145,7 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- else if (index .Values "valkey-cluster").enabled -}}
|
||||
{{- printf "redis+cluster://:%s@%s-valkey-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "valkey-cluster").global.valkey.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "valkey-cluster").service.ports.valkey -}}
|
||||
{{- else if (index .Values "valkey").enabled -}}
|
||||
{{- printf "redis://:%s@%s-valkey-primary.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "valkey").global.valkey.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "valkey").master.service.ports.valkey -}}
|
||||
{{- printf "redis://:%s@%s-valkey-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "valkey").global.valkey.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "valkey").master.service.ports.valkey -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
@@ -234,9 +159,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
|
||||
{{- define "valkey.servicename" -}}
|
||||
{{- if (index .Values "valkey-cluster").enabled -}}
|
||||
{{- printf "%s-valkey-cluster-headless.%s.svc" .Release.Name .Release.Namespace -}}
|
||||
{{- printf "%s-valkey-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
|
||||
{{- else if (index .Values "valkey").enabled -}}
|
||||
{{- printf "%s-valkey-primary.%s.svc" .Release.Name .Release.Namespace -}}
|
||||
{{- printf "%s-valkey-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
@@ -244,16 +169,6 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- printf "%s-http.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.public_hostname" -}}
|
||||
{{- if and .Values.route.enabled .Values.route.host -}}
|
||||
{{ tpl .Values.route.host . }}
|
||||
{{- else if gt (len .Values.ingress.hosts) 0 -}}
|
||||
{{ tpl (index .Values.ingress.hosts 0).host $ }}
|
||||
{{- else -}}
|
||||
{{ include "gitea.default_domain" . }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.ldap_settings" -}}
|
||||
{{- $idx := index . 0 }}
|
||||
{{- $values := index . 1 }}
|
||||
@@ -304,9 +219,7 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.public_protocol" -}}
|
||||
{{- if and .Values.route.enabled .Values.route.tls.termination -}}
|
||||
https
|
||||
{{- else if and .Values.ingress.enabled (gt (len .Values.ingress.tls) 0) -}}
|
||||
{{- if and .Values.ingress.enabled (gt (len .Values.ingress.tls) 0) -}}
|
||||
https
|
||||
{{- else -}}
|
||||
{{ .Values.gitea.config.server.PROTOCOL }}
|
||||
@@ -439,7 +352,11 @@ https
|
||||
{{- $_ := set .Values.gitea.config.server "PROTOCOL" "http" -}}
|
||||
{{- end -}}
|
||||
{{- if not (.Values.gitea.config.server.DOMAIN) -}}
|
||||
{{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.public_hostname" .) -}}
|
||||
{{- if gt (len .Values.ingress.hosts) 0 -}}
|
||||
{{- $_ := set .Values.gitea.config.server "DOMAIN" ( tpl (index .Values.ingress.hosts 0).host $) -}}
|
||||
{{- else -}}
|
||||
{{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.default_domain" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if not .Values.gitea.config.server.ROOT_URL -}}
|
||||
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" (include "gitea.public_protocol" .) .Values.gitea.config.server.DOMAIN) -}}
|
||||
|
||||
@@ -0,0 +1,19 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/* annotations */}}
|
||||
|
||||
{{- define "gitea.networkPolicy.annotations" -}}
|
||||
{{ include "gitea.annotations" . }}
|
||||
{{- if .Values.networkPolicy.annotations }}
|
||||
{{ toYaml .Values.networkPolicy.annotations }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* labels */}}
|
||||
|
||||
{{- define "gitea.networkPolicy.labels" -}}
|
||||
{{ include "gitea.labels" . }}
|
||||
{{- if .Values.networkPolicy.labels }}
|
||||
{{ toYaml .Values.networkPolicy.labels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,17 @@
|
||||
---
|
||||
|
||||
{{/* labels */}}
|
||||
|
||||
{{- define "gitea.pod.labels" -}}
|
||||
{{- include "gitea.labels" . }}
|
||||
{{- if .Values.deployment.labels }}
|
||||
{{ toYaml .Values.deployment.labels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "gitea.pod.selectorLabels" -}}
|
||||
{{- include "gitea.selectorLabels" . }}
|
||||
{{- if .Values.deployment.labels }}
|
||||
{{ toYaml .Values.deployment.labels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -23,11 +23,11 @@ spec:
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "gitea.selectorLabels" . | nindent 6 }}
|
||||
{{- include "gitea.pod.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
checksum/config: {{ include (print $.Template.BasePath "/gitea/config.yaml") . | sha256sum }}
|
||||
checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
|
||||
{{- range $idx, $value := .Values.gitea.ldap }}
|
||||
checksum/ldap_{{ $idx }}: {{ include "gitea.ldap_settings" (list $idx $value) | sha256sum }}
|
||||
{{- end }}
|
||||
@@ -38,16 +38,8 @@ spec:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 8 }}
|
||||
{{- if .Values.deployment.labels }}
|
||||
{{- toYaml .Values.deployment.labels | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- include "gitea.pod.labels" . | nindent 8 }}
|
||||
spec:
|
||||
{{- $hostUsers := include "gitea.hostUsers" . | trim }}
|
||||
{{- $podSecurityContext := include "gitea.podSecurityContext" . | trim }}
|
||||
{{- $containerSecurityContext := include "gitea.containerSecurityContext" (list . (deepCopy .Values.containerSecurityContext)) | trim }}
|
||||
{{- $commandInitContainerSecurityContext := include "gitea.commandInitContainerSecurityContext" (list . (deepCopy .Values.containerSecurityContext)) | trim }}
|
||||
{{- $runtimeContainerSecurityContext := include "gitea.runtimeContainerSecurityContext" . | trim }}
|
||||
{{- if .Values.schedulerName }}
|
||||
schedulerName: "{{ .Values.schedulerName }}"
|
||||
{{- end }}
|
||||
@@ -57,14 +49,9 @@ spec:
|
||||
{{- if .Values.priorityClassName }}
|
||||
priorityClassName: "{{ .Values.priorityClassName }}"
|
||||
{{- end }}
|
||||
{{- if $hostUsers }}
|
||||
hostUsers: {{ $hostUsers }}
|
||||
{{- end }}
|
||||
{{- include "gitea.images.pullSecrets" . | nindent 6 }}
|
||||
{{- if $podSecurityContext }}
|
||||
securityContext:
|
||||
{{- $podSecurityContext | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
||||
initContainers:
|
||||
{{- if .Values.preExtraInitContainers }}
|
||||
{{- toYaml .Values.preExtraInitContainers | nindent 8 }}
|
||||
@@ -101,25 +88,15 @@ spec:
|
||||
subPath: {{ .Values.persistence.subPath }}
|
||||
{{- end }}
|
||||
{{- include "gitea.init-additional-mounts" . | nindent 12 }}
|
||||
{{- if $containerSecurityContext }}
|
||||
securityContext:
|
||||
{{- $containerSecurityContext | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- toYaml .Values.containerSecurityContext | nindent 12 }}
|
||||
resources:
|
||||
{{- toYaml .Values.initContainers.resources | nindent 12 }}
|
||||
- name: init-app-ini
|
||||
image: "{{ include "gitea.image" . }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
{{- if .Values.gitea.extraEnvSourceFile }}
|
||||
command:
|
||||
- "/bin/bash"
|
||||
- "-c"
|
||||
args:
|
||||
- "test -f {{ .Values.gitea.extraEnvSourceFile }} && source {{ .Values.gitea.extraEnvSourceFile }} || { echo 'ERROR: Failed to source {{ .Values.gitea.extraEnvSourceFile }}'; exit 1; } && {{ .Values.initContainersScriptsVolumeMountPath }}/config_environment.sh"
|
||||
{{- else }}
|
||||
command:
|
||||
- "{{ .Values.initContainersScriptsVolumeMountPath }}/config_environment.sh"
|
||||
{{- end }}
|
||||
env:
|
||||
- name: GITEA_APP_INI
|
||||
value: /data/gitea/conf/app.ini
|
||||
@@ -156,30 +133,23 @@ spec:
|
||||
mountPath: "/env-to-ini-mounts/additionals/{{ $idx }}/"
|
||||
{{- end }}
|
||||
{{- include "gitea.init-additional-mounts" . | nindent 12 }}
|
||||
{{- if $containerSecurityContext }}
|
||||
securityContext:
|
||||
{{- $containerSecurityContext | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- toYaml .Values.containerSecurityContext | nindent 12 }}
|
||||
resources:
|
||||
{{- toYaml .Values.initContainers.resources | nindent 12 }}
|
||||
{{- if .Values.signing.enabled }}
|
||||
- name: configure-gpg
|
||||
image: "{{ include "gitea.image" . }}"
|
||||
{{- if .Values.gitea.extraEnvSourceFile }}
|
||||
command:
|
||||
- "/bin/bash"
|
||||
- "-c"
|
||||
args:
|
||||
- "test -f {{ .Values.gitea.extraEnvSourceFile }} && source {{ .Values.gitea.extraEnvSourceFile }} || { echo 'ERROR: Failed to source {{ .Values.gitea.extraEnvSourceFile }}'; exit 1; } && {{ .Values.initContainersScriptsVolumeMountPath }}/configure_gpg_environment.sh"
|
||||
{{- else }}
|
||||
command:
|
||||
- "{{ .Values.initContainersScriptsVolumeMountPath }}/configure_gpg_environment.sh"
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
{{- if $commandInitContainerSecurityContext }}
|
||||
securityContext:
|
||||
{{- $commandInitContainerSecurityContext | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- /* By default this container runs as user 1000 unless otherwise stated */ -}}
|
||||
{{- $csc := deepCopy .Values.containerSecurityContext -}}
|
||||
{{- if not (hasKey $csc "runAsUser") -}}
|
||||
{{- $_ := set $csc "runAsUser" 1000 -}}
|
||||
{{- end -}}
|
||||
{{- toYaml $csc | nindent 12 }}
|
||||
env:
|
||||
- name: GNUPGHOME
|
||||
value: {{ .Values.signing.gpgHome }}
|
||||
@@ -204,21 +174,16 @@ spec:
|
||||
{{- end }}
|
||||
- name: configure-gitea
|
||||
image: "{{ include "gitea.image" . }}"
|
||||
{{- if .Values.gitea.extraEnvSourceFile }}
|
||||
command:
|
||||
- "/bin/bash"
|
||||
- "-c"
|
||||
args:
|
||||
- "test -f {{ .Values.gitea.extraEnvSourceFile }} && source {{ .Values.gitea.extraEnvSourceFile }} || { echo 'ERROR: Failed to source {{ .Values.gitea.extraEnvSourceFile }}'; exit 1; } && {{ .Values.initContainersScriptsVolumeMountPath }}/configure_gitea.sh"
|
||||
{{- else }}
|
||||
command:
|
||||
- "{{ .Values.initContainersScriptsVolumeMountPath }}/configure_gitea.sh"
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
{{- if $commandInitContainerSecurityContext }}
|
||||
securityContext:
|
||||
{{- $commandInitContainerSecurityContext | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- /* By default this container runs as user 1000 unless otherwise stated */ -}}
|
||||
{{- $csc := deepCopy .Values.containerSecurityContext -}}
|
||||
{{- if not (hasKey $csc "runAsUser") -}}
|
||||
{{- $_ := set $csc "runAsUser" 1000 -}}
|
||||
{{- end -}}
|
||||
{{- toYaml $csc | nindent 12 }}
|
||||
env:
|
||||
- name: GITEA_APP_INI
|
||||
value: /data/gitea/conf/app.ini
|
||||
@@ -376,10 +341,13 @@ spec:
|
||||
{{- end }}
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
{{- if $runtimeContainerSecurityContext }}
|
||||
securityContext:
|
||||
{{- $runtimeContainerSecurityContext | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- /* Honor the deprecated securityContext variable when defined */ -}}
|
||||
{{- if .Values.containerSecurityContext -}}
|
||||
{{ toYaml .Values.containerSecurityContext | nindent 12 -}}
|
||||
{{- else -}}
|
||||
{{ toYaml .Values.securityContext | nindent 12 -}}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: temp
|
||||
mountPath: /tmp
|
||||
@@ -1,8 +1,8 @@
|
||||
{{- range .Values.extraDeploy }}
|
||||
---
|
||||
{{- if typeIs "string" . }}
|
||||
{{ tpl . $ }}
|
||||
{{- tpl . $ }}
|
||||
{{- else }}
|
||||
{{ tpl (. | toYaml) $ }}
|
||||
{{- tpl (. | toYaml) $ }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -1,52 +0,0 @@
|
||||
{{- if .Values.route.enabled -}}
|
||||
{{- $fullName := include "gitea.fullname" . -}}
|
||||
apiVersion: route.openshift.io/v1
|
||||
kind: Route
|
||||
metadata:
|
||||
name: {{ $fullName }}
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
{{- with .Values.route.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.route.host }}
|
||||
host: {{ tpl .Values.route.host . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.route.path }}
|
||||
path: {{ tpl .Values.route.path . | quote }}
|
||||
{{- end }}
|
||||
to:
|
||||
kind: Service
|
||||
name: {{ $fullName }}-http
|
||||
port:
|
||||
targetPort: http
|
||||
wildcardPolicy: {{ .Values.route.wildcardPolicy }}
|
||||
{{- with .Values.route.tls }}
|
||||
{{- if .termination }}
|
||||
tls:
|
||||
termination: {{ .termination }}
|
||||
{{- if .insecureEdgeTerminationPolicy }}
|
||||
insecureEdgeTerminationPolicy: {{ .insecureEdgeTerminationPolicy }}
|
||||
{{- end }}
|
||||
{{- if .key }}
|
||||
key: |
|
||||
{{- .key | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if .certificate }}
|
||||
certificate: |
|
||||
{{- .certificate | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if .caCertificate }}
|
||||
caCertificate: |
|
||||
{{- .caCertificate | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if .destinationCACertificate }}
|
||||
destinationCACertificate: |
|
||||
{{- .destinationCACertificate | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -64,7 +64,7 @@ stringData:
|
||||
|
||||
echo 'Wait for valkey to become avialable...'
|
||||
until [ "${RETRY}" -ge "${MAX}" ]; do
|
||||
RES_OPTIONS="ndots:0" nc -vz -w2 {{ include "valkey.servicename" . }} {{ include "valkey.port" . }} && break
|
||||
nc -vz -w2 {{ include "valkey.servicename" . }} {{ include "valkey.port" . }} && break
|
||||
RETRY=$[${RETRY}+1]
|
||||
echo "...not ready yet (${RETRY}/${MAX})"
|
||||
done
|
||||
@@ -123,7 +123,7 @@ stringData:
|
||||
# should add it to prevent requiring frequent admin password resets.
|
||||
local -a change_args
|
||||
change_args=(--username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}")
|
||||
if gitea admin user change-password --help | grep -F -- '--must-change-password' >/dev/null; then
|
||||
if gitea admin user change-password --help | grep -qF -- '--must-change-password'; then
|
||||
change_args+=(--must-change-password=false)
|
||||
fi
|
||||
gitea admin user change-password "${change_args[@]}"
|
||||
@@ -225,4 +225,4 @@ stringData:
|
||||
|
||||
configure_oauth
|
||||
|
||||
echo '==== END GITEA CONFIGURATION ===='
|
||||
echo '==== END GITEA CONFIGURATION ===='
|
||||
@@ -0,0 +1,32 @@
|
||||
{{- if .Values.networkPolicy.enabled }}
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
{{- with (include "gitea.networkPolicy.annotations" . | fromYaml) }}
|
||||
annotations:
|
||||
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with (include "gitea.networkPolicy.labels" . | fromYaml) }}
|
||||
labels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "gitea.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "gitea.pod.selectorLabels" $ | nindent 6 }}
|
||||
{{- with .Values.networkPolicy.policyTypes }}
|
||||
policyTypes:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- with .Values.networkPolicy.egress }}
|
||||
egress:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- with .Values.networkPolicy.ingress }}
|
||||
ingress:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -9,18 +9,9 @@ metadata:
|
||||
annotations:
|
||||
"helm.sh/hook": test-success
|
||||
spec:
|
||||
{{- $hostUsers := include "gitea.hostUsers" . | trim }}
|
||||
{{- $testContainerSecurityContext := include "gitea.containerSecurityContext" (list . (dict)) | trim }}
|
||||
{{- if $hostUsers }}
|
||||
hostUsers: {{ $hostUsers }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: wget
|
||||
image: "{{ .Values.test.image.name }}:{{ .Values.test.image.tag }}"
|
||||
{{- if $testContainerSecurityContext }}
|
||||
securityContext:
|
||||
{{- $testContainerSecurityContext | nindent 8 }}
|
||||
{{- end }}
|
||||
command: ['wget']
|
||||
args: ['{{ include "gitea.fullname" . }}-http:{{ .Values.service.http.port }}']
|
||||
restartPolicy: Never
|
||||
|
||||
+1
-1
Submodule unittests/bash/bats updated: 5f12b31721...855844b834
Submodule unittests/bash/test_helper/bats-assert updated: 697471b7a8...3be0fb7856
Submodule unittests/bash/test_helper/bats-mock updated: 9c239d6a10...9d8aa349f1
@@ -9,51 +9,27 @@ function setup() {
|
||||
export GITEA_APP_INI="$BATS_TEST_TMPDIR/app.ini"
|
||||
export TMP_EXISTING_ENVS_FILE="$BATS_TEST_TMPDIR/existing-envs"
|
||||
export ENV_TO_INI_MOUNT_POINT="$BATS_TEST_TMPDIR/env-to-ini-mounts"
|
||||
export GITEA_EDIT_INI_EXPECTED=0
|
||||
export PATH="$BATS_TEST_TMPDIR/bin:$PATH"
|
||||
|
||||
mkdir -p "$BATS_TEST_TMPDIR/bin"
|
||||
cat >"$BATS_TEST_TMPDIR/bin/gitea" <<'EOF'
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
case "$*" in
|
||||
'generate secret INTERNAL_TOKEN')
|
||||
echo 'mocked-internal-token'
|
||||
;;
|
||||
'generate secret SECRET_KEY')
|
||||
echo 'mocked-secret-key'
|
||||
;;
|
||||
'generate secret JWT_SECRET')
|
||||
echo 'mocked-jwt-secret'
|
||||
;;
|
||||
'generate secret LFS_JWT_SECRET')
|
||||
echo 'mocked-lfs-jwt-secret'
|
||||
;;
|
||||
"config edit-ini --apply-env --config $GITEA_APP_INI --out $GITEA_APP_INI")
|
||||
if [ "$GITEA_EDIT_INI_EXPECTED" -eq 1 ]; then
|
||||
echo 'Stubbed gitea config edit-ini was called!'
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo 'Unexpected gitea config edit-ini invocation' >&2
|
||||
exit 127
|
||||
;;
|
||||
*)
|
||||
echo "Unexpected gitea invocation: $*" >&2
|
||||
exit 127
|
||||
;;
|
||||
esac
|
||||
EOF
|
||||
chmod +x "$BATS_TEST_TMPDIR/bin/gitea"
|
||||
stub gitea \
|
||||
"generate secret INTERNAL_TOKEN : echo 'mocked-internal-token'" \
|
||||
"generate secret SECRET_KEY : echo 'mocked-secret-key'" \
|
||||
"generate secret JWT_SECRET : echo 'mocked-jwt-secret'" \
|
||||
"generate secret LFS_JWT_SECRET : echo 'mocked-lfs-jwt-secret'"
|
||||
}
|
||||
|
||||
function teardown() {
|
||||
:
|
||||
unstub gitea
|
||||
# This condition exists due to https://github.com/jasonkarns/bats-mock/pull/37 being still open
|
||||
if [ $ENV_TO_INI_EXPECTED -eq 1 ]; then
|
||||
unstub environment-to-ini
|
||||
fi
|
||||
}
|
||||
|
||||
function expect_gitea_config_edit_ini_call() {
|
||||
export GITEA_EDIT_INI_EXPECTED=1
|
||||
# This function exists due to https://github.com/jasonkarns/bats-mock/pull/37 being still open
|
||||
function expect_environment_to_ini_call() {
|
||||
export ENV_TO_INI_EXPECTED=1
|
||||
stub environment-to-ini \
|
||||
"-o $GITEA_APP_INI : echo 'Stubbed environment-to-ini was called!'"
|
||||
}
|
||||
|
||||
function execute_test_script() {
|
||||
@@ -80,18 +56,18 @@ function write_mounted_file() {
|
||||
}
|
||||
|
||||
@test "works as expected when nothing is configured" {
|
||||
expect_gitea_config_edit_ini_call
|
||||
expect_environment_to_ini_call
|
||||
run $PROJECT_ROOT/scripts/init-containers/config/config_environment.sh
|
||||
|
||||
assert_success
|
||||
assert_line '...Initial secrets generated'
|
||||
assert_line 'Reloading preset envs...'
|
||||
assert_line '=== All configuration sources loaded ==='
|
||||
assert_line 'Stubbed gitea config edit-ini was called!'
|
||||
assert_line 'Stubbed environment-to-ini was called!'
|
||||
}
|
||||
|
||||
@test "exports initial secrets" {
|
||||
expect_gitea_config_edit_ini_call
|
||||
expect_environment_to_ini_call
|
||||
run execute_test_script
|
||||
|
||||
assert_success
|
||||
@@ -102,7 +78,7 @@ function write_mounted_file() {
|
||||
}
|
||||
|
||||
@test "does NOT export initial secrets when app.ini already exists" {
|
||||
expect_gitea_config_edit_ini_call
|
||||
expect_environment_to_ini_call
|
||||
touch $GITEA_APP_INI
|
||||
|
||||
run execute_test_script
|
||||
@@ -116,7 +92,7 @@ function write_mounted_file() {
|
||||
}
|
||||
|
||||
@test "ensures that preset environment variables take precedence over auto-generated ones" {
|
||||
expect_gitea_config_edit_ini_call
|
||||
expect_environment_to_ini_call
|
||||
export GITEA__OAUTH2__JWT_SECRET="pre-defined-jwt-secret"
|
||||
|
||||
run execute_test_script
|
||||
@@ -126,7 +102,7 @@ function write_mounted_file() {
|
||||
}
|
||||
|
||||
@test "ensures that preset environment variables take precedence over mounted ones" {
|
||||
expect_gitea_config_edit_ini_call
|
||||
expect_environment_to_ini_call
|
||||
export GITEA__OAUTH2__JWT_SECRET="pre-defined-jwt-secret"
|
||||
write_mounted_file "inlines" "oauth2" "$(cat << EOF
|
||||
JWT_SECRET=inline-jwt-secret
|
||||
@@ -141,7 +117,7 @@ EOF
|
||||
}
|
||||
|
||||
@test "ensures that additionals take precedence over inlines" {
|
||||
expect_gitea_config_edit_ini_call
|
||||
expect_environment_to_ini_call
|
||||
write_mounted_file "inlines" "oauth2" "$(cat << EOF
|
||||
JWT_SECRET=inline-jwt-secret
|
||||
EOF
|
||||
@@ -160,7 +136,7 @@ EOF
|
||||
}
|
||||
|
||||
@test "ensures that dotted/dashed sections are properly masked" {
|
||||
expect_gitea_config_edit_ini_call
|
||||
expect_environment_to_ini_call
|
||||
write_mounted_file "inlines" "repository.pull-request" "$(cat << EOF
|
||||
WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]
|
||||
EOF
|
||||
@@ -176,7 +152,7 @@ EOF
|
||||
##### THIS IS A BUG, BUT I WANT IT TO BE COVERED BY TESTS #####
|
||||
###############################################################
|
||||
@test "ensures uppercase section and setting names (🐞)" {
|
||||
expect_gitea_config_edit_ini_call
|
||||
expect_environment_to_ini_call
|
||||
export GITEA__oauth2__JwT_Secret="pre-defined-jwt-secret"
|
||||
write_mounted_file "inlines" "repository.pull-request" "$(cat << EOF
|
||||
WORK_IN_progress_PREFIXES=WIP:,[WIP]
|
||||
@@ -191,7 +167,7 @@ EOF
|
||||
}
|
||||
|
||||
@test "treats top-level configuration as section-less" {
|
||||
expect_gitea_config_edit_ini_call
|
||||
expect_environment_to_ini_call
|
||||
write_mounted_file "inlines" "_generals_" "$(cat << EOF
|
||||
APP_NAME=Hello top-level configuration
|
||||
RUN_MODE=dev
|
||||
|
||||
@@ -3,17 +3,17 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/config.yaml
|
||||
- templates/config.yaml
|
||||
tests:
|
||||
- it: "actions are enabled by default (based on vanilla Gitea behavior)"
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
asserts:
|
||||
- documentIndex: 0
|
||||
notExists:
|
||||
path: stringData.actions
|
||||
|
||||
- it: "actions can be disabled via inline config"
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
set:
|
||||
gitea.config.actions.ENABLED: false
|
||||
asserts:
|
||||
|
||||
@@ -4,7 +4,7 @@ release:
|
||||
namespace: testing
|
||||
tests:
|
||||
- it: "cache is configured correctly for valkey-cluster"
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
set:
|
||||
valkey-cluster:
|
||||
enabled: true
|
||||
@@ -19,7 +19,7 @@ tests:
|
||||
HOST=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||
|
||||
- it: "cache is configured correctly for valkey"
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
set:
|
||||
valkey-cluster:
|
||||
enabled: false
|
||||
@@ -31,10 +31,10 @@ tests:
|
||||
path: stringData.cache
|
||||
value: |-
|
||||
ADAPTER=redis
|
||||
HOST=redis://:changeme@gitea-unittests-valkey-primary.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||
HOST=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||
|
||||
- it: "cache is configured correctly for 'memory' when valkey (or valkey-cluster) is disabled"
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
set:
|
||||
valkey-cluster:
|
||||
enabled: false
|
||||
@@ -49,7 +49,7 @@ tests:
|
||||
HOST=
|
||||
|
||||
- it: "cache can be customized when valkey (or valkey-cluster) is disabled"
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
set:
|
||||
valkey-cluster:
|
||||
enabled: false
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
suite: config template | config_environment.sh
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/config.yaml
|
||||
tests:
|
||||
- it: uses `gitea config edit-ini` to write app.ini from environment variables
|
||||
template: templates/gitea/config.yaml
|
||||
asserts:
|
||||
- documentIndex: 1
|
||||
matchRegex:
|
||||
path: stringData["config_environment.sh"]
|
||||
pattern: 'gitea config edit-ini --apply-env --config .+GITEA_APP_INI.+ --out .+GITEA_APP_INI'
|
||||
@@ -4,7 +4,7 @@ release:
|
||||
namespace: testing
|
||||
tests:
|
||||
- it: metrics token is set
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
set:
|
||||
gitea:
|
||||
metrics:
|
||||
@@ -18,7 +18,7 @@ tests:
|
||||
ENABLED=true
|
||||
TOKEN=somepassword
|
||||
- it: metrics token is empty
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
set:
|
||||
gitea:
|
||||
metrics:
|
||||
@@ -31,7 +31,7 @@ tests:
|
||||
value: |-
|
||||
ENABLED=true
|
||||
- it: metrics token is nil
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
set:
|
||||
gitea:
|
||||
metrics:
|
||||
@@ -44,7 +44,7 @@ tests:
|
||||
value: |-
|
||||
ENABLED=true
|
||||
- it: does not configures a token if metrics are disabled
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
set:
|
||||
gitea:
|
||||
metrics:
|
||||
|
||||
@@ -4,7 +4,7 @@ release:
|
||||
namespace: testing
|
||||
tests:
|
||||
- it: "queue is configured correctly for valkey-cluster"
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
set:
|
||||
valkey-cluster:
|
||||
enabled: true
|
||||
@@ -19,7 +19,7 @@ tests:
|
||||
TYPE=redis
|
||||
|
||||
- it: "queue is configured correctly for valkey"
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
set:
|
||||
valkey-cluster:
|
||||
enabled: false
|
||||
@@ -30,11 +30,11 @@ tests:
|
||||
equal:
|
||||
path: stringData.queue
|
||||
value: |-
|
||||
CONN_STR=redis://:changeme@gitea-unittests-valkey-primary.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||
CONN_STR=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||
TYPE=redis
|
||||
|
||||
- it: "queue is configured correctly for 'levelDB' when valkey (and valkey-cluster) is disabled"
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
set:
|
||||
valkey-cluster:
|
||||
enabled: false
|
||||
@@ -49,7 +49,7 @@ tests:
|
||||
TYPE=level
|
||||
|
||||
- it: "queue can be customized when valkey (and valkey-cluster) are disabled"
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
set:
|
||||
valkey-cluster:
|
||||
enabled: false
|
||||
|
||||
@@ -4,7 +4,7 @@ release:
|
||||
namespace: testing
|
||||
tests:
|
||||
- it: "[default values] uses ingress host for DOMAIN|SSH_DOMAIN|ROOT_URL"
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
asserts:
|
||||
- documentIndex: 0
|
||||
matchRegex:
|
||||
@@ -22,7 +22,7 @@ tests:
|
||||
################################################
|
||||
|
||||
- it: "[no ingress hosts] uses gitea http service for DOMAIN|SSH_DOMAIN|ROOT_URL"
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
set:
|
||||
ingress:
|
||||
hosts: []
|
||||
@@ -43,7 +43,7 @@ tests:
|
||||
################################################
|
||||
|
||||
- it: "[provided via values] uses that for DOMAIN|SSH_DOMAIN|ROOT_URL"
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
set:
|
||||
gitea.config.server.DOMAIN: provided.example.com
|
||||
ingress:
|
||||
@@ -65,41 +65,3 @@ tests:
|
||||
matchRegex:
|
||||
path: stringData.server
|
||||
pattern: \nROOT_URL=http://provided.example.com
|
||||
|
||||
################################################
|
||||
|
||||
- it: "[route enabled] uses route host for DOMAIN|SSH_DOMAIN|ROOT_URL"
|
||||
template: templates/gitea/config.yaml
|
||||
set:
|
||||
route:
|
||||
enabled: true
|
||||
host: route.example.com
|
||||
asserts:
|
||||
- documentIndex: 0
|
||||
matchRegex:
|
||||
path: stringData.server
|
||||
pattern: \nDOMAIN=route.example.com
|
||||
- documentIndex: 0
|
||||
matchRegex:
|
||||
path: stringData.server
|
||||
pattern: \nSSH_DOMAIN=route.example.com
|
||||
- documentIndex: 0
|
||||
matchRegex:
|
||||
path: stringData.server
|
||||
pattern: \nROOT_URL=http://route.example.com
|
||||
|
||||
################################################
|
||||
|
||||
- it: "[route tls termination] uses https for ROOT_URL"
|
||||
template: templates/gitea/config.yaml
|
||||
set:
|
||||
route:
|
||||
enabled: true
|
||||
host: route.example.com
|
||||
tls:
|
||||
termination: edge
|
||||
asserts:
|
||||
- documentIndex: 0
|
||||
matchRegex:
|
||||
path: stringData.server
|
||||
pattern: \nROOT_URL=https://route.example.com
|
||||
|
||||
@@ -4,7 +4,7 @@ release:
|
||||
namespace: testing
|
||||
tests:
|
||||
- it: "session is configured correctly for valkey-cluster"
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
set:
|
||||
valkey-cluster:
|
||||
enabled: true
|
||||
@@ -19,7 +19,7 @@ tests:
|
||||
PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||
|
||||
- it: "session is configured correctly for valkey"
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
set:
|
||||
valkey-cluster:
|
||||
enabled: false
|
||||
@@ -31,10 +31,10 @@ tests:
|
||||
path: stringData.session
|
||||
value: |-
|
||||
PROVIDER=redis
|
||||
PROVIDER_CONFIG=redis://:changeme@gitea-unittests-valkey-primary.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||
PROVIDER_CONFIG=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||
|
||||
- it: "session is configured correctly for 'memory' when valkey (and valkey-cluster) is disabled"
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
set:
|
||||
valkey-cluster:
|
||||
enabled: false
|
||||
@@ -49,7 +49,7 @@ tests:
|
||||
PROVIDER_CONFIG=
|
||||
|
||||
- it: "session can be customized when valkey (and valkey-cluster) is disabled"
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
set:
|
||||
valkey-cluster:
|
||||
enabled: false
|
||||
|
||||
@@ -106,14 +106,14 @@ tests:
|
||||
name: gitea-unittests-postgresql-ha-pgpool
|
||||
namespace: testing
|
||||
- it: "[gitea] connects to pgpool service"
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
asserts:
|
||||
- documentIndex: 0
|
||||
matchRegex:
|
||||
path: stringData.database
|
||||
pattern: HOST=gitea-unittests-postgresql-ha-pgpool.testing.svc.cluster.local:1234
|
||||
- it: "[gitea] connects to configured database"
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
asserts:
|
||||
- documentIndex: 0
|
||||
matchRegex:
|
||||
|
||||
@@ -65,14 +65,14 @@ tests:
|
||||
name: gitea-unittests-postgresql
|
||||
namespace: testing
|
||||
- it: "[gitea] connects to postgresql service"
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
asserts:
|
||||
- documentIndex: 0
|
||||
matchRegex:
|
||||
path: stringData.database
|
||||
pattern: HOST=gitea-unittests-postgresql.testing.svc.cluster.local:1234
|
||||
- it: "[gitea] connects to configured database"
|
||||
template: templates/gitea/config.yaml
|
||||
template: templates/config.yaml
|
||||
asserts:
|
||||
- documentIndex: 0
|
||||
matchRegex:
|
||||
|
||||
@@ -82,9 +82,9 @@ tests:
|
||||
port: 6379
|
||||
targetPort: tcp-redis
|
||||
- it: "[gitea] waits for valkey-cluster to be up and running"
|
||||
template: templates/gitea/init.yaml
|
||||
template: templates/init.yaml
|
||||
asserts:
|
||||
- documentIndex: 0
|
||||
matchRegex:
|
||||
path: stringData["configure_gitea.sh"]
|
||||
pattern: nc -vz -w2 gitea-unittests-valkey-cluster-headless.testing.svc 6379
|
||||
pattern: nc -vz -w2 gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local 6379
|
||||
|
||||
@@ -29,25 +29,24 @@ tests:
|
||||
path: data["valkey-password"]
|
||||
value: "Z2l0ZWEtcGFzc3dvcmQ="
|
||||
- it: "[valkey] renders the referenced service"
|
||||
template: charts/valkey/templates/primary/service.yaml
|
||||
template: charts/valkey/templates/headless-svc.yaml
|
||||
asserts:
|
||||
- containsDocument:
|
||||
kind: Service
|
||||
apiVersion: v1
|
||||
name: gitea-unittests-valkey-primary
|
||||
name: gitea-unittests-valkey-headless
|
||||
namespace: testing
|
||||
- documentIndex: 0
|
||||
contains:
|
||||
path: spec.ports
|
||||
content:
|
||||
name: tcp-redis
|
||||
nodePort: null
|
||||
port: 6379
|
||||
targetPort: redis
|
||||
- it: "[gitea] waits for valkey to be up and running"
|
||||
template: templates/gitea/init.yaml
|
||||
template: templates/init.yaml
|
||||
asserts:
|
||||
- documentIndex: 0
|
||||
matchRegex:
|
||||
path: stringData["configure_gitea.sh"]
|
||||
pattern: nc -vz -w2 gitea-unittests-valkey-primary.testing.svc 6379
|
||||
pattern: nc -vz -w2 gitea-unittests-valkey-headless.testing.svc.cluster.local 6379
|
||||
|
||||
@@ -15,7 +15,7 @@ tests:
|
||||
matchRegex:
|
||||
path: spec.template.spec.containers[0].image
|
||||
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
|
||||
pattern: bitnamilegacy/postgresql-repmgr:17.+$
|
||||
pattern: bitnami/postgresql-repmgr:17.+$
|
||||
- it: "[postgresql] ensures we detect major image version upgrades"
|
||||
template: charts/postgresql/templates/primary/statefulset.yaml
|
||||
set:
|
||||
@@ -28,7 +28,7 @@ tests:
|
||||
matchRegex:
|
||||
path: spec.template.spec.containers[0].image
|
||||
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
|
||||
pattern: bitnamilegacy/postgresql:17.+$
|
||||
pattern: bitnami/postgresql:17.+$
|
||||
- it: "[valkey-cluster] ensures we detect major image version upgrades"
|
||||
template: charts/valkey-cluster/templates/valkey-statefulset.yaml
|
||||
set:
|
||||
@@ -41,7 +41,7 @@ tests:
|
||||
matchRegex:
|
||||
path: spec.template.spec.containers[0].image
|
||||
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
|
||||
pattern: bitnamilegacy/valkey-cluster:8.+$
|
||||
pattern: bitnami/valkey-cluster:8.+$
|
||||
- it: "[valkey] ensures we detect major image version upgrades"
|
||||
template: charts/valkey/templates/primary/application.yaml
|
||||
set:
|
||||
@@ -54,4 +54,4 @@ tests:
|
||||
matchRegex:
|
||||
path: spec.template.spec.containers[0].image
|
||||
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
|
||||
pattern: bitnamilegacy/valkey:8.+$
|
||||
pattern: bitnami/valkey:8.+$
|
||||
|
||||
@@ -3,11 +3,11 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/deployment.yaml
|
||||
- templates/gitea/config.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/config.yaml
|
||||
tests:
|
||||
- it: fails with multiple replicas and "GIT_GC_REPOS" enabled
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
replicaCount: 2
|
||||
persistence:
|
||||
@@ -22,14 +22,14 @@ tests:
|
||||
- failedTemplate:
|
||||
errorMessage: "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'gitea.config.cron.GIT_GC_REPOS.enabled = false'."
|
||||
- it: fails with multiple replicas and RWX file system not set
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
replicaCount: 2
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "When using multiple replicas, a RWX file system is required and persistence.accessModes[0] must be set to ReadWriteMany."
|
||||
- it: fails with multiple replicas and bleve issue indexer
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
replicaCount: 2
|
||||
persistence:
|
||||
@@ -43,7 +43,7 @@ tests:
|
||||
- failedTemplate:
|
||||
errorMessage: "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)."
|
||||
- it: fails with multiple replicas and bleve repo indexer
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
replicaCount: 2
|
||||
persistence:
|
||||
|
||||
@@ -3,11 +3,11 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/deployment.yaml
|
||||
- templates/gitea/config.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/config.yaml
|
||||
tests:
|
||||
- it: renders a deployment
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
@@ -16,7 +16,7 @@ tests:
|
||||
apiVersion: apps/v1
|
||||
name: gitea-unittests
|
||||
- it: deployment labels are set
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
deployment.labels:
|
||||
hello: world
|
||||
@@ -29,27 +29,11 @@ tests:
|
||||
path: spec.template.metadata.labels
|
||||
content:
|
||||
hello: world
|
||||
- isNotSubset:
|
||||
path: spec.selector.matchLabels
|
||||
content:
|
||||
hello: world
|
||||
- it: deployment labels are not in selector matchLabels
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
deployment.labels:
|
||||
custom-label: custom-value
|
||||
another-label: another-value
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.selector.matchLabels
|
||||
value:
|
||||
app.kubernetes.io/name: gitea
|
||||
app.kubernetes.io/instance: gitea-unittests
|
||||
- it: nodeSelector is undefined
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.spec.nodeSelector
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- it: nodeSelector is defined
|
||||
set:
|
||||
nodeSelector:
|
||||
@@ -61,10 +45,10 @@ tests:
|
||||
content:
|
||||
foo: bar
|
||||
bar: foo
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: "injects TMP_EXISTING_ENVS_FILE as environment variable to 'init-app-ini' init container"
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
asserts:
|
||||
- contains:
|
||||
path: spec.template.spec.initContainers[1].env
|
||||
@@ -72,7 +56,7 @@ tests:
|
||||
name: TMP_EXISTING_ENVS_FILE
|
||||
value: /tmp/existing-envs
|
||||
- it: "injects ENV_TO_INI_MOUNT_POINT as environment variable to 'init-app-ini' init container"
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
asserts:
|
||||
- contains:
|
||||
path: spec.template.spec.initContainers[1].env
|
||||
@@ -80,7 +64,7 @@ tests:
|
||||
name: ENV_TO_INI_MOUNT_POINT
|
||||
value: /env-to-ini-mounts
|
||||
- it: CPU resources are defined as well as GOMAXPROCS
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
resources:
|
||||
limits:
|
||||
@@ -108,7 +92,7 @@ tests:
|
||||
cpu: 100ms
|
||||
memory: 100Mi
|
||||
- it: Init containers have correct volumeMount path
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
initContainersScriptsVolumeMountPath: "/custom/init/path"
|
||||
asserts:
|
||||
@@ -119,7 +103,7 @@ tests:
|
||||
path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="config")].mountPath
|
||||
value: "/custom/init/path"
|
||||
- it: Init containers have correct volumeMount path if there is no override
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="init")].mountPath
|
||||
|
||||
@@ -3,11 +3,11 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/deployment.yaml
|
||||
- templates/gitea/config.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/config.yaml
|
||||
tests:
|
||||
- it: Renders a deployment
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
@@ -16,7 +16,7 @@ tests:
|
||||
apiVersion: apps/v1
|
||||
name: gitea-unittests
|
||||
- it: Deployment with empty additionalConfigFromEnvs
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
gitea.additionalConfigFromEnvs: []
|
||||
asserts:
|
||||
@@ -44,7 +44,7 @@ tests:
|
||||
- name: ENV_TO_INI_MOUNT_POINT
|
||||
value: /env-to-ini-mounts
|
||||
- it: Deployment with standard additionalConfigFromEnvs
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
gitea.additionalConfigFromEnvs: [{name: GITEA_database_HOST, value: my-db:123}, {name: GITEA_database_USER, value: my-user}]
|
||||
asserts:
|
||||
@@ -76,7 +76,7 @@ tests:
|
||||
- name: GITEA_database_USER
|
||||
value: my-user
|
||||
- it: Deployment with templated additionalConfigFromEnvs
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
gitea.misc.host: my-db-host:321
|
||||
gitea.misc.user: my-db-user
|
||||
@@ -110,7 +110,7 @@ tests:
|
||||
- name: GITEA_database_USER
|
||||
value: my-db-user
|
||||
- it: Deployment with additionalConfigFromEnvs templated secret name
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
gitea.misc.existingSecret: my-db-secret
|
||||
gitea.additionalConfigFromEnvs[0]:
|
||||
|
||||
@@ -1,82 +0,0 @@
|
||||
suite: deployment template (extraEnvSourceFile)
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/deployment.yaml
|
||||
- templates/gitea/config.yaml
|
||||
tests:
|
||||
- it: uses direct execution when extraEnvSourceFile is not set
|
||||
template: templates/gitea/deployment.yaml
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.initContainers[1].command
|
||||
value: ["/usr/sbinx/config_environment.sh"]
|
||||
- notExists:
|
||||
path: spec.template.spec.initContainers[1].args
|
||||
- equal:
|
||||
path: spec.template.spec.initContainers[2].command
|
||||
value: ["/usr/sbinx/configure_gitea.sh"]
|
||||
- notExists:
|
||||
path: spec.template.spec.initContainers[2].args
|
||||
|
||||
- it: sources env file in init-app-ini when extraEnvSourceFile is set
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
gitea:
|
||||
extraEnvSourceFile: /vault/secrets/gitea
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.initContainers[1].command
|
||||
value: ["/bin/bash", "-c"]
|
||||
- matchRegex:
|
||||
path: spec.template.spec.initContainers[1].args[0]
|
||||
pattern: source /vault/secrets/gitea
|
||||
- matchRegex:
|
||||
path: spec.template.spec.initContainers[1].args[0]
|
||||
pattern: config_environment\.sh
|
||||
|
||||
- it: sources env file in configure-gitea when extraEnvSourceFile is set
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
gitea:
|
||||
extraEnvSourceFile: /vault/secrets/gitea
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.initContainers[2].command
|
||||
value: ["/bin/bash", "-c"]
|
||||
- matchRegex:
|
||||
path: spec.template.spec.initContainers[2].args[0]
|
||||
pattern: source /vault/secrets/gitea
|
||||
- matchRegex:
|
||||
path: spec.template.spec.initContainers[2].args[0]
|
||||
pattern: configure_gitea\.sh
|
||||
|
||||
- it: sources env file in configure-gpg when extraEnvSourceFile is set with signing enabled
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
signing:
|
||||
enabled: true
|
||||
existingSecret: "custom-gpg-secret"
|
||||
gitea:
|
||||
extraEnvSourceFile: /vault/secrets/gitea
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.initContainers[2].command
|
||||
value: ["/bin/bash", "-c"]
|
||||
- matchRegex:
|
||||
path: spec.template.spec.initContainers[2].args[0]
|
||||
pattern: source /vault/secrets/gitea
|
||||
- matchRegex:
|
||||
path: spec.template.spec.initContainers[2].args[0]
|
||||
pattern: configure_gpg_environment\.sh
|
||||
|
||||
- it: includes file existence check in source command
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
gitea:
|
||||
extraEnvSourceFile: /vault/secrets/gitea
|
||||
asserts:
|
||||
- matchRegex:
|
||||
path: spec.template.spec.initContainers[1].args[0]
|
||||
pattern: "test -f /vault/secrets/gitea"
|
||||
@@ -3,18 +3,18 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/deployment.yaml
|
||||
- templates/gitea/config.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/config.yaml
|
||||
tests:
|
||||
- it: Render the deployment (default)
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- lengthEqual:
|
||||
path: spec.template.spec.initContainers
|
||||
count: 3
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Render the deployment (signing)
|
||||
set:
|
||||
@@ -22,11 +22,11 @@ tests:
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- lengthEqual:
|
||||
path: spec.template.spec.initContainers
|
||||
count: 4
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Render the deployment (extraInitContainers)
|
||||
set:
|
||||
@@ -40,20 +40,20 @@ tests:
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- lengthEqual:
|
||||
path: spec.template.spec.initContainers
|
||||
count: 6
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.initContainers
|
||||
content:
|
||||
name: foo
|
||||
image: docker.io/library/busybox:latest
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.initContainers
|
||||
content:
|
||||
name: bar
|
||||
image: docker.io/library/busybox:latest
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
@@ -6,17 +6,17 @@ chart:
|
||||
# Override appVersion to be consistent with used digest :)
|
||||
appVersion: 1.19.3
|
||||
templates:
|
||||
- templates/gitea/deployment.yaml
|
||||
- templates/gitea/config.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/config.yaml
|
||||
tests:
|
||||
- it: default values
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: "docker.gitea.com/gitea:1.19.3-rootless"
|
||||
- it: tag override
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
image.tag: "1.19.4"
|
||||
asserts:
|
||||
@@ -24,7 +24,7 @@ tests:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: "docker.gitea.com/gitea:1.19.4-rootless"
|
||||
- it: root-based image
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
image.rootless: false
|
||||
asserts:
|
||||
@@ -32,7 +32,7 @@ tests:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: "docker.gitea.com/gitea:1.19.3"
|
||||
- it: scoped registry
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
image.registry: "example.com"
|
||||
asserts:
|
||||
@@ -40,7 +40,7 @@ tests:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: "example.com/gitea:1.19.3-rootless"
|
||||
- it: global registry
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
global.imageRegistry: "global.example.com"
|
||||
asserts:
|
||||
@@ -48,7 +48,7 @@ tests:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: "global.example.com/gitea:1.19.3-rootless"
|
||||
- it: digest for rootless image
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
image:
|
||||
rootless: true
|
||||
@@ -58,7 +58,7 @@ tests:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: "docker.gitea.com/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
|
||||
- it: image fullOverride (does not append rootless)
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
image:
|
||||
fullOverride: docker.gitea.com/gitea:1.19.3
|
||||
@@ -73,7 +73,7 @@ tests:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: "docker.gitea.com/gitea:1.19.3"
|
||||
- it: digest for root-based image
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
image:
|
||||
rootless: false
|
||||
@@ -83,7 +83,7 @@ tests:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: "docker.gitea.com/gitea:1.19.3@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
|
||||
- it: digest and global registry
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
global.imageRegistry: "global.example.com"
|
||||
image.digest: "sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
|
||||
@@ -92,7 +92,7 @@ tests:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: "global.example.com/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
|
||||
- it: correctly renders floating tag references
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
image.tag: 1.21 # use non-quoted value on purpose. See: https://gitea.com/gitea/helm-gitea/issues/631
|
||||
asserts:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
suite: Test ingress tpl use
|
||||
templates:
|
||||
- templates/gitea/ingress.yaml
|
||||
- templates/ingress.yaml
|
||||
tests:
|
||||
- it: Ingress Class using TPL
|
||||
set:
|
||||
|
||||
@@ -3,7 +3,7 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/config.yaml
|
||||
- templates/config.yaml
|
||||
tests:
|
||||
- it: inline config stringData.server using TPL
|
||||
set:
|
||||
|
||||
@@ -1,106 +0,0 @@
|
||||
suite: deployment template (openshift)
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/deployment.yaml
|
||||
- templates/gitea/config.yaml
|
||||
tests:
|
||||
- it: renders openshift-compatible defaults for chart-managed containers
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
openshift.enabled: true
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.spec.hostUsers
|
||||
- notExists:
|
||||
path: spec.template.spec.securityContext
|
||||
- equal:
|
||||
path: spec.template.spec.initContainers[0].securityContext
|
||||
value:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
- equal:
|
||||
path: spec.template.spec.initContainers[1].securityContext
|
||||
value:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
- equal:
|
||||
path: spec.template.spec.initContainers[2].securityContext
|
||||
value:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].securityContext
|
||||
value:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
|
||||
- it: does not force runAsUser 1000 for command init containers on OpenShift
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
openshift.enabled: true
|
||||
signing.enabled: true
|
||||
signing.existingSecret: custom-gpg-secret
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.spec.initContainers[2].securityContext.runAsUser
|
||||
- notExists:
|
||||
path: spec.template.spec.initContainers[3].securityContext.runAsUser
|
||||
|
||||
- it: preserves explicit pod and container security context overrides on OpenShift
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
openshift:
|
||||
enabled: true
|
||||
hostUsers: true
|
||||
podSecurityContext:
|
||||
fsGroup: 1000620000
|
||||
containerSecurityContext:
|
||||
runAsUser: 1000620000
|
||||
runAsGroup: 1000620000
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.hostUsers
|
||||
value: true
|
||||
- equal:
|
||||
path: spec.template.spec.securityContext
|
||||
value:
|
||||
fsGroup: 1000620000
|
||||
- equal:
|
||||
path: spec.template.spec.initContainers[2].securityContext.runAsUser
|
||||
value: 1000620000
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].securityContext.runAsGroup
|
||||
value: 1000620000
|
||||
|
||||
- it: renders an explicit hostUsers=false override on OpenShift
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
openshift:
|
||||
enabled: true
|
||||
hostUsers: false
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.hostUsers
|
||||
value: false
|
||||
@@ -3,11 +3,11 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/deployment.yaml
|
||||
- templates/gitea/config.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/config.yaml
|
||||
tests:
|
||||
- it: renders default liveness probe
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].livenessProbe.enabled
|
||||
@@ -22,7 +22,7 @@ tests:
|
||||
port: http
|
||||
timeoutSeconds: 1
|
||||
- it: renders default readiness probe
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].readinessProbe.enabled
|
||||
@@ -37,12 +37,12 @@ tests:
|
||||
port: http
|
||||
timeoutSeconds: 1
|
||||
- it: does not render a default startup probe
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].startupProbe
|
||||
- it: allows enabling a startup probe
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
gitea.startupProbe.enabled: true
|
||||
asserts:
|
||||
@@ -60,7 +60,7 @@ tests:
|
||||
timeoutSeconds: 1
|
||||
|
||||
- it: allows overwriting the default port of the liveness probe
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
gitea:
|
||||
livenessProbe:
|
||||
@@ -74,7 +74,7 @@ tests:
|
||||
port: my-port
|
||||
|
||||
- it: allows overwriting the default port of the readiness probe
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
gitea:
|
||||
readinessProbe:
|
||||
@@ -88,7 +88,7 @@ tests:
|
||||
port: my-port
|
||||
|
||||
- it: allows overwriting the default port of the startup probe
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
gitea:
|
||||
startupProbe:
|
||||
@@ -103,7 +103,7 @@ tests:
|
||||
port: my-port
|
||||
|
||||
- it: allows using a non-default method as liveness probe
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
gitea:
|
||||
livenessProbe:
|
||||
@@ -131,7 +131,7 @@ tests:
|
||||
timeoutSeconds: 13372
|
||||
|
||||
- it: allows using a non-default method as readiness probe
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
gitea:
|
||||
readinessProbe:
|
||||
@@ -159,7 +159,7 @@ tests:
|
||||
timeoutSeconds: 13372
|
||||
|
||||
- it: allows using a non-default method as startup probe
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
gitea:
|
||||
startupProbe:
|
||||
|
||||
@@ -3,11 +3,11 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/deployment.yaml
|
||||
- templates/gitea/config.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/config.yaml
|
||||
tests:
|
||||
- it: supports adding a sidecar container
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
extraContainers:
|
||||
- name: sidecar-bob
|
||||
|
||||
@@ -3,11 +3,11 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/deployment.yaml
|
||||
- templates/gitea/config.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/config.yaml
|
||||
tests:
|
||||
- it: skips gpg init container
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
asserts:
|
||||
- notContains:
|
||||
path: spec.template.spec.initContainers
|
||||
@@ -15,7 +15,7 @@ tests:
|
||||
content:
|
||||
name: configure-gpg
|
||||
- it: skips gpg env in `init-directories` init container
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
signing.enabled: false
|
||||
asserts:
|
||||
@@ -25,14 +25,14 @@ tests:
|
||||
name: GNUPGHOME
|
||||
value: /data/git/.gnupg
|
||||
- it: skips gpg env in runtime container
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
asserts:
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: GNUPGHOME
|
||||
- it: skips gpg volume spec
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
asserts:
|
||||
- notContains:
|
||||
path: spec.template.spec.volumes
|
||||
|
||||
@@ -3,11 +3,11 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/deployment.yaml
|
||||
- templates/gitea/config.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/config.yaml
|
||||
tests:
|
||||
- it: adds gpg init container
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
signing:
|
||||
enabled: true
|
||||
@@ -41,7 +41,7 @@ tests:
|
||||
mountPath: /raw
|
||||
readOnly: true
|
||||
- it: adds gpg env in `init-directories` init container
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
signing.enabled: true
|
||||
signing.existingSecret: "custom-gpg-secret"
|
||||
@@ -52,7 +52,7 @@ tests:
|
||||
name: GNUPGHOME
|
||||
value: /data/git/.gnupg
|
||||
- it: adds gpg env in runtime container
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
signing.enabled: true
|
||||
signing.existingSecret: "custom-gpg-secret"
|
||||
@@ -63,7 +63,7 @@ tests:
|
||||
name: GNUPGHOME
|
||||
value: /data/git/.gnupg
|
||||
- it: adds gpg volume spec
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
signing:
|
||||
enabled: true
|
||||
@@ -80,7 +80,7 @@ tests:
|
||||
path: private.asc
|
||||
defaultMode: 0100
|
||||
- it: supports gpg volume spec with external reference
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
signing:
|
||||
enabled: true
|
||||
|
||||
@@ -3,11 +3,11 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/deployment.yaml
|
||||
- templates/gitea/config.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/config.yaml
|
||||
tests:
|
||||
- it: supports defining SSH log level for root based image
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
image.rootless: false
|
||||
asserts:
|
||||
@@ -17,7 +17,7 @@ tests:
|
||||
name: SSH_LOG_LEVEL
|
||||
value: "INFO"
|
||||
- it: supports overriding SSH log level
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
image.rootless: false
|
||||
gitea.ssh.logLevel: "DEBUG"
|
||||
@@ -28,7 +28,7 @@ tests:
|
||||
name: SSH_LOG_LEVEL
|
||||
value: "DEBUG"
|
||||
- it: supports overriding SSH log level (even when image.fullOverride set)
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
image.fullOverride: docker.gitea.com/gitea:1.19.3
|
||||
image.rootless: false
|
||||
@@ -40,7 +40,7 @@ tests:
|
||||
name: SSH_LOG_LEVEL
|
||||
value: "DEBUG"
|
||||
- it: skips SSH_LOG_LEVEL for rootless image
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
image.rootless: true
|
||||
gitea.ssh.logLevel: "DEBUG" # explicitly defining a non-standard level here
|
||||
@@ -51,7 +51,7 @@ tests:
|
||||
content:
|
||||
name: SSH_LOG_LEVEL
|
||||
- it: skips SSH_LOG_LEVEL for rootless image (even when image.fullOverride set)
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
image.fullOverride: docker.gitea.com/gitea:1.19.3
|
||||
image.rootless: true
|
||||
|
||||
@@ -7,11 +7,11 @@ release:
|
||||
namespace: testing
|
||||
|
||||
templates:
|
||||
- templates/gitea/pvc.yaml
|
||||
- templates/pvc.yaml
|
||||
|
||||
tests:
|
||||
- it: should set storageClassName when persistence.storageClass is defined
|
||||
template: templates/gitea/pvc.yaml
|
||||
template: templates/pvc.yaml
|
||||
set:
|
||||
persistence.storageClass: "my-storage-class"
|
||||
asserts:
|
||||
@@ -20,7 +20,7 @@ tests:
|
||||
value: "my-storage-class"
|
||||
|
||||
- it: should set global.storageClass when persistence.storageClass is not defined
|
||||
template: templates/gitea/pvc.yaml
|
||||
template: templates/pvc.yaml
|
||||
set:
|
||||
global.storageClass: "default-storage-class"
|
||||
asserts:
|
||||
@@ -29,7 +29,7 @@ tests:
|
||||
value: "default-storage-class"
|
||||
|
||||
- it: should set storageClassName when persistence.storageClass is defined and global.storageClass is defined
|
||||
template: templates/gitea/pvc.yaml
|
||||
template: templates/pvc.yaml
|
||||
set:
|
||||
global.storageClass: "default-storage-class"
|
||||
persistence.storageClass: "my-storage-class"
|
||||
|
||||
@@ -3,11 +3,11 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/ssh-svc.yaml
|
||||
- templates/gitea/http-svc.yaml
|
||||
- templates/ssh-svc.yaml
|
||||
- templates/http-svc.yaml
|
||||
tests:
|
||||
- it: supports adding custom labels to ssh-svc
|
||||
template: templates/gitea/ssh-svc.yaml
|
||||
template: templates/ssh-svc.yaml
|
||||
set:
|
||||
service:
|
||||
ssh:
|
||||
@@ -19,7 +19,7 @@ tests:
|
||||
value: "testvalue"
|
||||
|
||||
- it: keeps existing labels (ssh)
|
||||
template: templates/gitea/ssh-svc.yaml
|
||||
template: templates/ssh-svc.yaml
|
||||
set:
|
||||
service:
|
||||
ssh:
|
||||
@@ -29,7 +29,7 @@ tests:
|
||||
path: metadata.labels["app"]
|
||||
|
||||
- it: supports adding custom labels to http-svc
|
||||
template: templates/gitea/http-svc.yaml
|
||||
template: templates/http-svc.yaml
|
||||
set:
|
||||
service:
|
||||
http:
|
||||
@@ -41,7 +41,7 @@ tests:
|
||||
value: "testvalue"
|
||||
|
||||
- it: keeps existing labels (http)
|
||||
template: templates/gitea/http-svc.yaml
|
||||
template: templates/http-svc.yaml
|
||||
set:
|
||||
service:
|
||||
http:
|
||||
@@ -51,7 +51,7 @@ tests:
|
||||
path: metadata.labels["app"]
|
||||
|
||||
- it: render service.ssh.loadBalancerClass if set and type is LoadBalancer
|
||||
template: templates/gitea/ssh-svc.yaml
|
||||
template: templates/ssh-svc.yaml
|
||||
set:
|
||||
service:
|
||||
ssh:
|
||||
@@ -73,7 +73,7 @@ tests:
|
||||
value: ["1.2.3.4/32", "5.6.7.8/32"]
|
||||
|
||||
- it: does not render when loadbalancer properties are set but type is not loadBalancerClass
|
||||
template: templates/gitea/http-svc.yaml
|
||||
template: templates/http-svc.yaml
|
||||
set:
|
||||
service:
|
||||
http:
|
||||
@@ -92,7 +92,7 @@ tests:
|
||||
path: spec.loadBalancerSourceRanges
|
||||
|
||||
- it: does not render loadBalancerClass by default even when type is LoadBalancer
|
||||
template: templates/gitea/http-svc.yaml
|
||||
template: templates/http-svc.yaml
|
||||
set:
|
||||
service:
|
||||
http:
|
||||
@@ -107,8 +107,8 @@ tests:
|
||||
|
||||
- it: both ssh and http services exist
|
||||
templates:
|
||||
- templates/gitea/ssh-svc.yaml
|
||||
- templates/gitea/http-svc.yaml
|
||||
- templates/ssh-svc.yaml
|
||||
- templates/http-svc.yaml
|
||||
asserts:
|
||||
- matchRegex:
|
||||
path: metadata.name
|
||||
|
||||
@@ -3,7 +3,7 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/gpg-secret.yaml
|
||||
- templates/gpg-secret.yaml
|
||||
tests:
|
||||
- it: renders nothing
|
||||
set:
|
||||
|
||||
@@ -3,7 +3,7 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/gpg-secret.yaml
|
||||
- templates/gpg-secret.yaml
|
||||
tests:
|
||||
- it: fails rendering when nothing is configured
|
||||
set:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
suite: Test ingress.yaml
|
||||
templates:
|
||||
- templates/gitea/ingress.yaml
|
||||
- templates/ingress.yaml
|
||||
tests:
|
||||
- it: should enable ingress when ingress.enabled is true
|
||||
set:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
suite: Test ingress with implicit path defaults
|
||||
templates:
|
||||
- templates/gitea/ingress.yaml
|
||||
- templates/ingress.yaml
|
||||
tests:
|
||||
- it: should use default path and pathType when no paths are specified
|
||||
set:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
suite: Test ingress tpl use
|
||||
templates:
|
||||
- templates/gitea/ingress.yaml
|
||||
- templates/ingress.yaml
|
||||
tests:
|
||||
- it: Ingress Class using TPL
|
||||
set:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
suite: Test ingress with structured paths
|
||||
templates:
|
||||
- templates/gitea/ingress.yaml
|
||||
- templates/ingress.yaml
|
||||
tests:
|
||||
- it: should work with structured path definitions
|
||||
set:
|
||||
|
||||
@@ -3,7 +3,7 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/init.yaml
|
||||
- templates/init.yaml
|
||||
tests:
|
||||
- it: renders a secret
|
||||
asserts:
|
||||
|
||||
@@ -3,7 +3,7 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/init.yaml
|
||||
- templates/init.yaml
|
||||
tests:
|
||||
- it: runs gpg in batch mode
|
||||
set:
|
||||
@@ -63,7 +63,7 @@ tests:
|
||||
chown -v 1000:1000 "${GNUPGHOME}"
|
||||
fi
|
||||
- it: it does not chown /data even when image.fullOverride is set
|
||||
template: templates/gitea/init.yaml
|
||||
template: templates/init.yaml
|
||||
set:
|
||||
image.fullOverride: docker.gitea.com/gitea:1.20.5
|
||||
asserts:
|
||||
|
||||
@@ -3,7 +3,7 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/init.yaml
|
||||
- templates/init.yaml
|
||||
tests:
|
||||
- it: runs gpg in batch mode
|
||||
set:
|
||||
|
||||
@@ -3,7 +3,7 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/metrics-secret.yaml
|
||||
- templates/metrics-secret.yaml
|
||||
tests:
|
||||
- it: renders nothing if monitoring disabled and gitea.metrics.token empty
|
||||
set:
|
||||
|
||||
@@ -3,7 +3,7 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/metrics-secret.yaml
|
||||
- templates/metrics-secret.yaml
|
||||
tests:
|
||||
- it: renders nothing if monitoring enabled and gitea.metrics.token empty
|
||||
set:
|
||||
|
||||
@@ -0,0 +1,100 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: NetworkPolicy template
|
||||
release:
|
||||
name: gitea-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/networkPolicy.yaml
|
||||
tests:
|
||||
- it: Skip rendering networkPolicy
|
||||
set:
|
||||
networkPolicy.enabled: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Render default networkPolicy
|
||||
set:
|
||||
networkPolicy.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
name: gitea-unittest
|
||||
namespace: testing
|
||||
- notExists:
|
||||
path: metadata.annotations
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app: gitea
|
||||
app.kubernetes.io/instance: gitea-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: gitea
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: gitea-0.1.0
|
||||
version: 0.1.0
|
||||
- equal:
|
||||
path: spec.podSelector.matchLabels
|
||||
value:
|
||||
app.kubernetes.io/instance: gitea-unittest
|
||||
app.kubernetes.io/name: gitea
|
||||
- notExists:
|
||||
path: spec.policyTypes
|
||||
- notExists:
|
||||
path: spec.egress
|
||||
- notExists:
|
||||
path: spec.ingress
|
||||
|
||||
- it: Template networkPolicy with policyTypes, egress and ingress configuration
|
||||
set:
|
||||
networkPolicy.enabled: true
|
||||
networkPolicy.policyTypes:
|
||||
- Egress
|
||||
- Ingress
|
||||
networkPolicy.ingress:
|
||||
- from:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: monitoring
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: prometheus
|
||||
networkPolicy.egress:
|
||||
- to:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: ingress-nginx
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.policyTypes
|
||||
value:
|
||||
- Egress
|
||||
- Ingress
|
||||
- equal:
|
||||
path: spec.egress
|
||||
value:
|
||||
- to:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: ingress-nginx
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
- equal:
|
||||
path: spec.ingress
|
||||
value:
|
||||
- from:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: monitoring
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: prometheus
|
||||
@@ -3,7 +3,7 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/pvc.yaml
|
||||
- templates/pvc.yaml
|
||||
tests:
|
||||
- it: Storage Class using TPL
|
||||
set:
|
||||
|
||||
@@ -1,58 +0,0 @@
|
||||
suite: Test route.yaml
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/route.yaml
|
||||
tests:
|
||||
- it: should create route when route.enabled is true
|
||||
set:
|
||||
route:
|
||||
enabled: true
|
||||
host: git.apps.example.com
|
||||
path: /
|
||||
annotations:
|
||||
haproxy.router.openshift.io/timeout: 5m
|
||||
tls:
|
||||
termination: edge
|
||||
insecureEdgeTerminationPolicy: Redirect
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: gitea-unittests
|
||||
- equal:
|
||||
path: metadata.annotations["haproxy.router.openshift.io/timeout"]
|
||||
value: 5m
|
||||
- equal:
|
||||
path: spec.host
|
||||
value: git.apps.example.com
|
||||
- equal:
|
||||
path: spec.path
|
||||
value: /
|
||||
- equal:
|
||||
path: spec.to.kind
|
||||
value: Service
|
||||
- equal:
|
||||
path: spec.to.name
|
||||
value: gitea-unittests-http
|
||||
- equal:
|
||||
path: spec.port.targetPort
|
||||
value: http
|
||||
- equal:
|
||||
path: spec.wildcardPolicy
|
||||
value: None
|
||||
- equal:
|
||||
path: spec.tls.termination
|
||||
value: edge
|
||||
- equal:
|
||||
path: spec.tls.insecureEdgeTerminationPolicy
|
||||
value: Redirect
|
||||
|
||||
- it: should not create route when route.enabled is false
|
||||
set:
|
||||
route.enabled: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
@@ -3,7 +3,7 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/serviceaccount.yaml
|
||||
- templates/serviceaccount.yaml
|
||||
tests:
|
||||
- it: skips rendering by default
|
||||
asserts:
|
||||
|
||||
@@ -3,17 +3,17 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/serviceaccount.yaml
|
||||
- templates/gitea/deployment.yaml
|
||||
- templates/gitea/config.yaml
|
||||
- templates/serviceaccount.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/config.yaml
|
||||
tests:
|
||||
- it: does not modify the deployment by default
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.serviceAccountName
|
||||
- it: adds the reference to the deployment with serviceAccount.create=true
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
serviceAccount.create: true
|
||||
asserts:
|
||||
@@ -21,7 +21,7 @@ tests:
|
||||
path: spec.template.spec.serviceAccountName
|
||||
value: gitea-unittests
|
||||
- it: allows referencing an externally created ServiceAccount to the deployment
|
||||
template: templates/gitea/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
set:
|
||||
serviceAccount:
|
||||
create: false # explicitly set to define rendering behavior
|
||||
|
||||
@@ -3,7 +3,7 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/servicemonitor.yaml
|
||||
- templates/servicemonitor.yaml
|
||||
tests:
|
||||
- it: skips rendering by default
|
||||
asserts:
|
||||
|
||||
@@ -3,7 +3,7 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/servicemonitor.yaml
|
||||
- templates/servicemonitor.yaml
|
||||
tests:
|
||||
- it: renders nothing if gitea.metrics.serviceMonitor disabled and gitea.metrics.token empty
|
||||
set:
|
||||
|
||||
@@ -3,7 +3,7 @@ release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/servicemonitor.yaml
|
||||
- templates/servicemonitor.yaml
|
||||
tests:
|
||||
- it: renders unsecure ServiceMonitor if gitea.metrics.token nil
|
||||
set:
|
||||
|
||||
@@ -1,33 +0,0 @@
|
||||
suite: test connection template
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/tests/test-http-connection.yaml
|
||||
tests:
|
||||
- it: renders openshift-compatible defaults for the test pod
|
||||
set:
|
||||
openshift.enabled: true
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.hostUsers
|
||||
- equal:
|
||||
path: spec.containers[0].securityContext
|
||||
value:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
|
||||
- it: renders an explicit hostUsers=false override for the test pod
|
||||
set:
|
||||
openshift:
|
||||
enabled: true
|
||||
hostUsers: false
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.hostUsers
|
||||
value: false
|
||||
+135
-220
@@ -20,7 +20,7 @@ global:
|
||||
# hostnames:
|
||||
# - example.com
|
||||
|
||||
## @param namespace An explicit namespace to deploy gitea into. Defaults to the release namespace if not specified
|
||||
## @param namespace An explicit namespace to deploy Gitea into. Defaults to the release namespace if not specified
|
||||
namespace: ""
|
||||
|
||||
## @param replicaCount number of replicas for the deployment
|
||||
@@ -62,14 +62,9 @@ imagePullSecrets: []
|
||||
|
||||
## @section Security
|
||||
# Security context is only usable with rootless image due to image design
|
||||
## @param openshift.enabled Enable OpenShift compatibility defaults for chart-managed pods. Defaults to auto-detect based on the SecurityContextConstraints API.
|
||||
## @param openshift.hostUsers Override the PodSpec hostUsers field for chart-managed pods. When unset, the field is omitted so the platform default is used.
|
||||
openshift:
|
||||
enabled: null
|
||||
hostUsers: null
|
||||
|
||||
## @param podSecurityContext Pod security context. On non-OpenShift clusters the chart defaults `fsGroup` to `1000` when this map is empty.
|
||||
podSecurityContext: {}
|
||||
## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod.
|
||||
podSecurityContext:
|
||||
fsGroup: 1000
|
||||
|
||||
## @param containerSecurityContext Security context
|
||||
containerSecurityContext: {}
|
||||
@@ -182,32 +177,6 @@ ingress:
|
||||
# hosts:
|
||||
# - git.example.com
|
||||
|
||||
## @section Route
|
||||
## @param route.enabled Enable OpenShift Route
|
||||
## @param route.annotations Route annotations
|
||||
## @param route.host Route host. When unset, OpenShift may generate one and Gitea URL defaults fall back to ingress/service values.
|
||||
## @param route.path Route path
|
||||
## @param route.wildcardPolicy Route wildcard policy
|
||||
## @param route.tls.termination Route TLS termination type
|
||||
## @param route.tls.insecureEdgeTerminationPolicy Route insecure edge termination policy
|
||||
## @param route.tls.key Route TLS key
|
||||
## @param route.tls.certificate Route TLS certificate
|
||||
## @param route.tls.caCertificate Route TLS CA certificate
|
||||
## @param route.tls.destinationCACertificate Route destination CA certificate
|
||||
route:
|
||||
enabled: false
|
||||
annotations: {}
|
||||
host: ""
|
||||
path: ""
|
||||
wildcardPolicy: None
|
||||
tls:
|
||||
termination:
|
||||
insecureEdgeTerminationPolicy:
|
||||
key:
|
||||
certificate:
|
||||
caCertificate:
|
||||
destinationCACertificate:
|
||||
|
||||
## @section deployment
|
||||
#
|
||||
## @param resources Kubernetes resources
|
||||
@@ -312,13 +281,13 @@ extraContainers: []
|
||||
# image: busybox
|
||||
# command: [/bin/sh, -c, 'echo "Hello world"']
|
||||
|
||||
## @param preExtraInitContainers Additional init containers to run in the pod before gitea runs it owns init containers.
|
||||
## @param preExtraInitContainers Additional init containers to run in the pod before Gitea runs it owns init containers.
|
||||
preExtraInitContainers: []
|
||||
# - name: pre-init-container
|
||||
# image: docker.io/library/busybox
|
||||
# command: [ /bin/sh, -c, 'echo "Hello world! I am a pre init container."' ]
|
||||
|
||||
## @param postExtraInitContainers Additional init containers to run in the pod after gitea runs it owns init containers.
|
||||
## @param postExtraInitContainers Additional init containers to run in the pod after Gitea runs it owns init containers.
|
||||
postExtraInitContainers: []
|
||||
# - name: post-init-container
|
||||
# image: docker.io/library/busybox
|
||||
@@ -477,28 +446,6 @@ gitea:
|
||||
## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables
|
||||
additionalConfigFromEnvs: []
|
||||
|
||||
## @param gitea.extraEnvSourceFile Source environment variables from a file during init container startup. This is especially useful for reading environment variable files generated by the Vault agent-injector.
|
||||
## See the sample annotations below for reference.
|
||||
## podAnnotations:
|
||||
## vault.hashicorp.com/agent-inject: "true"
|
||||
## vault.hashicorp.com/agent-init-first: "true"
|
||||
## vault.hashicorp.com/agent-inject-secret-gitea: <path/to/secret>
|
||||
## vault.hashicorp.com/agent-inject-template-gitea: |
|
||||
## {{- with secret "path/to/secret" -}}
|
||||
## export GITEA__database__HOST="{{ .Data.data.db_host }}"
|
||||
## export GITEA__database__NAME="{{ .Data.data.db_name }}"
|
||||
## export GITEA__database__USER="{{ .Data.data.db_user }}"
|
||||
## export GITEA__database__PASSWD="{{ .Data.data.db_password }}"
|
||||
## export GITEA__queue__CONN_STR="{{ .Data.data.kv_conn_string }}"
|
||||
## export GITEA__session__PROVIDER_CONFIG="{{ .Data.data.kv_conn_string }}"
|
||||
## export GITEA__cache__HOST="{{ .Data.data.kv_conn_string }}"
|
||||
## export GITEA_ADMIN_USERNAME="{{ .Data.data.gitea_admin_user }}"
|
||||
## export GITEA_ADMIN_PASSWORD="{{ .Data.data.gitea_admin_password }}"
|
||||
## {{- end }}
|
||||
|
||||
# extraEnvSourceFile: /vault/secrets/gitea
|
||||
extraEnvSourceFile:
|
||||
|
||||
## @param gitea.podAnnotations Annotations for the Gitea pod
|
||||
podAnnotations: {}
|
||||
|
||||
@@ -566,192 +513,189 @@ gitea:
|
||||
successThreshold: 1
|
||||
failureThreshold: 10
|
||||
|
||||
|
||||
## @section Network Policy
|
||||
networkPolicy:
|
||||
## @param networkPolicy.enabled Enable network policies in general.
|
||||
## @param networkPolicy.annotations Additional network policy annotations.
|
||||
## @param networkPolicy.labels Additional network policy labels.
|
||||
## @param networkPolicy.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
|
||||
## @param networkPolicy.egress Concrete egress network policy implementation.
|
||||
## @skip networkPolicy.egress Skip individual egress configuration.
|
||||
## @param networkPolicy.ingress Concrete ingress network policy implementation.
|
||||
## @skip networkPolicy.ingress Skip individual ingress configuration.
|
||||
enabled: false
|
||||
annotations: {}
|
||||
labels: {}
|
||||
policyTypes: []
|
||||
# - Egress
|
||||
# - Ingress
|
||||
egress: []
|
||||
# Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns.
|
||||
#
|
||||
# - to:
|
||||
# - namespaceSelector:
|
||||
# matchLabels:
|
||||
# kubernetes.io/metadata.name: kube-system
|
||||
# podSelector:
|
||||
# matchLabels:
|
||||
# k8s-app: kube-dns
|
||||
# ports:
|
||||
# - port: 53
|
||||
# protocol: TCP
|
||||
# - port: 53
|
||||
# protocol: UDP
|
||||
|
||||
# Allow outgoing traffic via HTTPS. For example for oAuth2, Gravatar and other third party APIs.
|
||||
#
|
||||
# - to:
|
||||
# ports:
|
||||
# - port: 443
|
||||
# protocol: TCP
|
||||
|
||||
# Allow outgoing traffic to PostgreSQL.
|
||||
#
|
||||
# - to:
|
||||
# - podSelector:
|
||||
# matchLabels:
|
||||
# app.kubernetes.io/name: postgresql-ha
|
||||
# ports: []
|
||||
# # Avoid explicit list of ports, because Gitea tries to ping the PostgreSQL database during the initialization
|
||||
# # process. The ICMP protocol is currently not supported as list of protocols by kubernetes. For this reason would
|
||||
# # lead listing of the ports to an issue. Therefore, please handle the database ports with care.
|
||||
# #
|
||||
# # - port: 5432
|
||||
# # protocol: TCP
|
||||
|
||||
# Allow outgoing traffic to Valkey.
|
||||
#
|
||||
# - to:
|
||||
# - podSelector:
|
||||
# matchLabels:
|
||||
# app.kubernetes.io/name: valkey-cluster
|
||||
# ports:
|
||||
# - port: 6379
|
||||
# protocol: TCP
|
||||
# - port: 16379
|
||||
# protocol: TCP
|
||||
|
||||
ingress: []
|
||||
# Allow incoming HTTP traffic from prometheus.
|
||||
#
|
||||
# - from:
|
||||
# - namespaceSelector:
|
||||
# matchLabels:
|
||||
# kubernetes.io/metadata.name: monitoring
|
||||
# podSelector:
|
||||
# matchLabels:
|
||||
# app.kubernetes.io/name: prometheus
|
||||
# ports:
|
||||
# - port: http
|
||||
# protocol: TCP
|
||||
|
||||
# Allow incoming HTTP traffic from ingress-nginx.
|
||||
#
|
||||
# - from:
|
||||
# - namespaceSelector:
|
||||
# matchLabels:
|
||||
# kubernetes.io/metadata.name: ingress-nginx
|
||||
# podSelector:
|
||||
# matchLabels:
|
||||
# app.kubernetes.io/name: ingress-nginx
|
||||
# ports:
|
||||
# - port: http
|
||||
# protocol: TCP
|
||||
|
||||
|
||||
## @section valkey-cluster
|
||||
## @param valkey-cluster.enabled Enable valkey cluster
|
||||
# ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>).
|
||||
# Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
|
||||
## @param valkey-cluster.usePassword Whether to use password authentication
|
||||
## @param valkey-cluster.usePasswordFiles Whether to mount passwords as files instead of environment variables
|
||||
## @param valkey-cluster.cluster.nodes Number of valkey cluster master nodes
|
||||
## @param valkey-cluster.cluster.replicas Number of valkey cluster master node replicas
|
||||
## @param valkey-cluster.service.ports.valkey Port of Valkey service
|
||||
## @descriptionStart
|
||||
## Valkey cluster and [Valkey](#valkey) cannot be enabled at the same time.
|
||||
## @descriptionEnd
|
||||
valkey-cluster:
|
||||
## @param valkey-cluster.enabled Enable valkey cluster
|
||||
# ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>).
|
||||
# Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
|
||||
## @param valkey-cluster.usePassword Whether to use password authentication.
|
||||
## @param valkey-cluster.usePasswordFiles Whether to mount passwords as files instead of environment variables.
|
||||
enabled: true
|
||||
usePassword: false
|
||||
usePasswordFiles: false
|
||||
|
||||
## @param valkey-cluster.image.repository Image repository, eg. `bitnamilegacy/valkey-cluster`.
|
||||
image:
|
||||
repository: bitnamilegacy/valkey-cluster
|
||||
|
||||
## @param valkey-cluster.cluster.nodes Number of valkey cluster master nodes
|
||||
## @param valkey-cluster.cluster.replicas Number of valkey cluster master node replicas
|
||||
cluster:
|
||||
nodes: 3 # default: 6
|
||||
replicas: 0 # default: 1
|
||||
|
||||
## @param valkey-cluster.metrics.image.repository Image repository, eg. `bitnamilegacy/redis-exporter`.
|
||||
metrics:
|
||||
image:
|
||||
repository: bitnamilegacy/redis-exporter
|
||||
|
||||
## @param valkey-cluster.persistence.enabled Enable persistence on Valkey replicas nodes using Persistent Volume Claims.
|
||||
## @param valkey-cluster.persistence.storageClass Persistent Volume storage class.
|
||||
## @param valkey-cluster.persistence.size Persistent Volume size.
|
||||
persistence:
|
||||
enabled: true
|
||||
storageClass: ""
|
||||
size: 8Gi
|
||||
|
||||
## @param valkey-cluster.service.ports.valkey Port of Valkey service
|
||||
service:
|
||||
ports:
|
||||
valkey: 6379
|
||||
|
||||
## @param valkey-cluster.sysctlImage.repository Image repository, eg. `bitnamilegacy/os-shell`.
|
||||
sysctlImage:
|
||||
repository: bitnamilegacy/os-shell
|
||||
|
||||
## @param valkey-cluster.volumePermissions.image.repository Image repository, eg. `bitnamilegacy/os-shell`.
|
||||
volumePermissions:
|
||||
image:
|
||||
repository: bitnamilegacy/os-shell
|
||||
|
||||
|
||||
## @section valkey
|
||||
|
||||
## @param valkey.enabled Enable valkey standalone or replicated
|
||||
## @param valkey.architecture Whether to use standalone or replication
|
||||
# ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>).
|
||||
# Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
|
||||
## @param valkey.global.valkey.password Required password
|
||||
## @param valkey.master.count Number of Valkey master instances to deploy
|
||||
## @param valkey.master.service.ports.valkey Port of Valkey service
|
||||
## @descriptionStart
|
||||
## Valkey and [Valkey cluster](#valkey-cluster) cannot be enabled at the same time.
|
||||
## @descriptionEnd
|
||||
valkey:
|
||||
## @param valkey.enabled Enable valkey standalone or replicated
|
||||
## @param valkey.architecture Whether to use standalone or replication
|
||||
enabled: false
|
||||
architecture: standalone
|
||||
|
||||
## @param valkey.kubectl.image.repository Image repository, eg. `bitnamilegacy/kubectl`.
|
||||
kubectl:
|
||||
image:
|
||||
repository: bitnamilegacy/kubectl
|
||||
|
||||
## @param valkey.image.repository Image repository, eg. `bitnamilegacy/valkey`.
|
||||
image:
|
||||
repository: bitnamilegacy/valkey
|
||||
|
||||
# ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>).
|
||||
# Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
|
||||
## @param valkey.global.valkey.password Required password
|
||||
global:
|
||||
valkey:
|
||||
password: changeme
|
||||
|
||||
## @param valkey.master.count Number of Valkey master instances to deploy
|
||||
## @param valkey.master.service.ports.valkey Port of Valkey service
|
||||
master:
|
||||
count: 1
|
||||
service:
|
||||
ports:
|
||||
valkey: 6379
|
||||
|
||||
## @param valkey.metrics.image.repository Image repository, eg. `bitnamilegacy/redis-exporter`.
|
||||
metrics:
|
||||
image:
|
||||
repository: bitnamilegacy/redis-exporter
|
||||
|
||||
primary:
|
||||
## @param valkey.primary.persistence.enabled Enable persistence on Valkey replicas nodes using Persistent Volume Claims.
|
||||
## @param valkey.primary.persistence.storageClass Persistent Volume storage class.
|
||||
## @param valkey.primary.persistence.size Persistent Volume size.
|
||||
persistence:
|
||||
enabled: true
|
||||
storageClass: ""
|
||||
size: 8Gi
|
||||
|
||||
replica:
|
||||
## @param valkey.replica.persistence.enabled Enable persistence on Valkey replicas nodes using Persistent Volume Claims.
|
||||
## @param valkey.replica.persistence.storageClass Persistent Volume storage class.
|
||||
## @param valkey.replica.persistence.size Persistent Volume size.
|
||||
persistence:
|
||||
enabled: true
|
||||
storageClass: ""
|
||||
size: 8Gi
|
||||
|
||||
## @param valkey.sentinel.image.repository Image repository, eg. `bitnamilegacy/sentinel`.
|
||||
sentinel:
|
||||
image:
|
||||
repository: bitnamilegacy/valkey-sentinel
|
||||
|
||||
## @param valkey.volumePermissions.image.repository Image repository, eg. `bitnamilegacy/os-shell`.
|
||||
volumePermissions:
|
||||
image:
|
||||
repository: bitnamilegacy/os-shell
|
||||
|
||||
## @section PostgreSQL HA
|
||||
#
|
||||
## @param postgresql-ha.enabled Enable PostgreSQL HA
|
||||
## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`)
|
||||
## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`)
|
||||
## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`)
|
||||
## @param postgresql-ha.global.postgresql.password Name for a custom password to create (overrides `auth.password`)
|
||||
## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password
|
||||
## @param postgresql-ha.postgresql.postgresPassword postgres Password
|
||||
## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword
|
||||
## @param postgresql-ha.pgpool.srCheckPassword pgpool srCheckPassword
|
||||
## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
|
||||
## @param postgresql-ha.persistence.size PVC Storage Request for PostgreSQL HA volume
|
||||
postgresql-ha:
|
||||
## @param postgresql-ha.enabled Enable PostgreSQL HA
|
||||
enabled: true
|
||||
|
||||
## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`)
|
||||
## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`)
|
||||
## @param postgresql-ha.global.postgresql.password Name for a custom password to create (overrides `auth.password`)
|
||||
global:
|
||||
postgresql:
|
||||
database: gitea
|
||||
password: gitea
|
||||
username: gitea
|
||||
|
||||
## @param postgresql-ha.metrics.image.repository Image repository, eg. `bitnamilegacy/postgres-exporter`.
|
||||
metrics:
|
||||
image:
|
||||
repository: bitnamilegacy/postgres-exporter
|
||||
|
||||
## @param postgresql-ha.postgresql.image.repository Image repository, eg. `bitnamilegacy/postgresql-repmgr`.
|
||||
## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password
|
||||
## @param postgresql-ha.postgresql.postgresPassword postgres Password
|
||||
## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`)
|
||||
enabled: true
|
||||
postgresql:
|
||||
image:
|
||||
repository: bitnamilegacy/postgresql-repmgr
|
||||
repmgrPassword: changeme2
|
||||
postgresPassword: changeme1
|
||||
password: changeme4
|
||||
|
||||
## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword
|
||||
## @param postgresql-ha.pgpool.image.repository Image repository, eg. `bitnamilegacy/pgpool`.
|
||||
## @param postgresql-ha.pgpool.srCheckPassword pgpool srCheckPassword
|
||||
pgpool:
|
||||
adminPassword: changeme3
|
||||
image:
|
||||
repository: bitnamilegacy/pgpool
|
||||
srCheckPassword: changeme4
|
||||
|
||||
## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
|
||||
service:
|
||||
ports:
|
||||
postgresql: 5432
|
||||
|
||||
## @param postgresql-ha.persistence.enabled Enable persistence.
|
||||
## @param postgresql-ha.persistence.storageClass Persistent Volume Storage Class.
|
||||
## @param postgresql-ha.persistence.size PVC Storage Request for PostgreSQL HA volume
|
||||
persistence:
|
||||
enabled: true
|
||||
storageClass: ""
|
||||
size: 10Gi
|
||||
|
||||
## @param postgresql-ha.volumePermissions.image.repository Image repository, eg. `bitnamilegacy/os-shell`.
|
||||
volumePermissions:
|
||||
image:
|
||||
repository: bitnamilegacy/os-shell
|
||||
|
||||
## @section PostgreSQL
|
||||
#
|
||||
## @param postgresql.enabled Enable PostgreSQL
|
||||
## @param postgresql.global.postgresql.auth.password Password for the `gitea` user (overrides `auth.password`)
|
||||
## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`)
|
||||
## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`)
|
||||
## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
|
||||
## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume
|
||||
postgresql:
|
||||
## @param postgresql.enabled Enable PostgreSQL
|
||||
enabled: false
|
||||
|
||||
## @param postgresql.global.postgresql.auth.password Password for the `gitea` user (overrides `auth.password`)
|
||||
## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`)
|
||||
## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`)
|
||||
## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
|
||||
global:
|
||||
postgresql:
|
||||
auth:
|
||||
@@ -761,39 +705,10 @@ postgresql:
|
||||
service:
|
||||
ports:
|
||||
postgresql: 5432
|
||||
|
||||
## @param postgresql.image.repository Image repository, eg. `bitnamilegacy/postgresql`.
|
||||
image:
|
||||
repository: bitnamilegacy/postgresql
|
||||
|
||||
primary:
|
||||
## @param postgresql.primary.persistence.enabled Enable persistence.
|
||||
## @param postgresql.primary.persistence.storageClass Persistent Volume storage class.
|
||||
## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume.
|
||||
persistence:
|
||||
enabled: true
|
||||
storageClass: ""
|
||||
size: 10Gi
|
||||
|
||||
readReplicas:
|
||||
## @param postgresql.readReplicas.persistence.enabled Enable PostgreSQL read only data persistence using PVC.
|
||||
## @param postgresql.readReplicas.persistence.storageClass Persistent Volume storage class.
|
||||
## @param postgresql.readReplicas.persistence.size PVC Storage Request for PostgreSQL volume.
|
||||
persistence:
|
||||
enabled: true
|
||||
storageClass: ""
|
||||
size: ""
|
||||
|
||||
## @param postgresql.metrics.image.repository Image repository, eg. `bitnamilegacy/postgres-exporter`.
|
||||
metrics:
|
||||
image:
|
||||
repository: bitnamilegacy/postgres-exporter
|
||||
|
||||
## @param postgresql.volumePermissions.image.repository Image repository, eg. `bitnamilegacy/os-shell`.
|
||||
volumePermissions:
|
||||
image:
|
||||
repository: bitnamilegacy/os-shell
|
||||
|
||||
# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update.
|
||||
# Set it to false to skip this basic validation check.
|
||||
## @section Advanced
|
||||
|
||||
Reference in New Issue
Block a user