volker.raschek/helm-gitea
Archived
1
0
Fork 0
Code Issues 2 Pull Requests 7 Actions Packages Projects Releases Wiki Activity

Compare commits

base: volker.raschek/helm-gitea:main
Branches Tags
volker.raschek/helm-gitea:main volker.raschek/helm-gitea:renovate/postgresql-18.x volker.raschek/helm-gitea:renovate/bats-testing-framework volker.raschek/helm-gitea:renovate/lock-file-maintenance volker.raschek/helm-gitea:renovate/alpine-helm-4.x volker.raschek/helm-gitea:renovate/valkey-5.x volker.raschek/helm-gitea:renovate/https-github.com-crazy-max-ghaction-import-gpg-7.x volker.raschek/helm-gitea:feat/sign volker.raschek/helm-gitea:renovate/https-github.com-aws-actions-configure-aws-credentials-6.x volker.raschek/helm-gitea:v13
volker.raschek/helm-gitea:13.0.0-alpha-10 volker.raschek/helm-gitea:13.0.0-alpha-9 volker.raschek/helm-gitea:13.0.0-alpha-8 volker.raschek/helm-gitea:13.0.0-alpha-7 volker.raschek/helm-gitea:13.0.0-alpha-6 volker.raschek/helm-gitea:13.0.0-alpha-5 volker.raschek/helm-gitea:13.0.0-alpha-4 volker.raschek/helm-gitea:13.0.0-alpha-3 volker.raschek/helm-gitea:13.0.0-alpha-2 volker.raschek/helm-gitea:13.0.0-alpha-1 volker.raschek/helm-gitea:v12.0.0 volker.raschek/helm-gitea:v11.0.1 volker.raschek/helm-gitea:v11.0.0 volker.raschek/helm-gitea:v10.6.0 volker.raschek/helm-gitea:v10.5.0 volker.raschek/helm-gitea:v10.4.1 volker.raschek/helm-gitea:v10.4.0 volker.raschek/helm-gitea:v10.3.0 volker.raschek/helm-gitea:v10.2.0 volker.raschek/helm-gitea:v10.1.4 volker.raschek/helm-gitea:v10.1.3 volker.raschek/helm-gitea:v10.1.2 volker.raschek/helm-gitea:v10.1.1 volker.raschek/helm-gitea:v10.1.0 volker.raschek/helm-gitea:v10.0.2 volker.raschek/helm-gitea:v10.0.1 volker.raschek/helm-gitea:v10.0.0 volker.raschek/helm-gitea:v9.6.1 volker.raschek/helm-gitea:v9.6.0 volker.raschek/helm-gitea:v9.5.1 volker.raschek/helm-gitea:v9.5.0 volker.raschek/helm-gitea:v9.4.0 volker.raschek/helm-gitea:v9.3.0 volker.raschek/helm-gitea:v9.2.1 volker.raschek/helm-gitea:v9.2.0 volker.raschek/helm-gitea:v9.1.0 volker.raschek/helm-gitea:v9.0.4 volker.raschek/helm-gitea:v9.0.3 volker.raschek/helm-gitea:v9.0.2 volker.raschek/helm-gitea:v9.0.1 volker.raschek/helm-gitea:v9.0.0 volker.raschek/helm-gitea:v8.3.0 volker.raschek/helm-gitea:v8.2.0 volker.raschek/helm-gitea:v8.1.0 volker.raschek/helm-gitea:v8.0.3 volker.raschek/helm-gitea:v8.0.2 volker.raschek/helm-gitea:v8.0.1 volker.raschek/helm-gitea:v8.0.0 volker.raschek/helm-gitea:v7.0.4 volker.raschek/helm-gitea:v7.0.3 volker.raschek/helm-gitea:v7.0.2 volker.raschek/helm-gitea:v7.0.1 volker.raschek/helm-gitea:v7.0.0 volker.raschek/helm-gitea:v6.0.5 volker.raschek/helm-gitea:v6.0.4 volker.raschek/helm-gitea:v6.0.3 volker.raschek/helm-gitea:v6.0.2 volker.raschek/helm-gitea:v6.0.1 volker.raschek/helm-gitea:v6.0.0 volker.raschek/helm-gitea:v5.0.9 volker.raschek/helm-gitea:v5.0.8 volker.raschek/helm-gitea:v5.0.7 volker.raschek/helm-gitea:v5.0.6 volker.raschek/helm-gitea:v5.0.5 volker.raschek/helm-gitea:v5.0.4 volker.raschek/helm-gitea:v5.0.3 volker.raschek/helm-gitea:v5.0.2 volker.raschek/helm-gitea:v5.0.1 volker.raschek/helm-gitea:v5.0.0 volker.raschek/helm-gitea:v4.1.1 volker.raschek/helm-gitea:v4.1.0 volker.raschek/helm-gitea:v4.0.3 volker.raschek/helm-gitea:v4.0.2 volker.raschek/helm-gitea:v4.0.1 volker.raschek/helm-gitea:v4.0.0 volker.raschek/helm-gitea:v3.1.4 volker.raschek/helm-gitea:v3.1.3 volker.raschek/helm-gitea:v3.1.2 volker.raschek/helm-gitea:v3.1.1 volker.raschek/helm-gitea:v3.1.0 volker.raschek/helm-gitea:v3.0.0 volker.raschek/helm-gitea:v2.2.5 volker.raschek/helm-gitea:v2.2.4 volker.raschek/helm-gitea:v2.2.3 volker.raschek/helm-gitea:v2.2.2 volker.raschek/helm-gitea:v2.2.1 volker.raschek/helm-gitea:v2.2.0 volker.raschek/helm-gitea:v2.1.11 volker.raschek/helm-gitea:v2.1.10 volker.raschek/helm-gitea:v2.1.9 volker.raschek/helm-gitea:v2.1.8 volker.raschek/helm-gitea:v2.1.7 volker.raschek/helm-gitea:v2.1.6 volker.raschek/helm-gitea:v2.1.5 volker.raschek/helm-gitea:v2.1.4 volker.raschek/helm-gitea:v2.1.3 volker.raschek/helm-gitea:v2.1.2 volker.raschek/helm-gitea:v2.1.1 volker.raschek/helm-gitea:v2.1.0 volker.raschek/helm-gitea:v2.0.7 volker.raschek/helm-gitea:v2.0.6 volker.raschek/helm-gitea:v2.0.5 volker.raschek/helm-gitea:v2.0.4 volker.raschek/helm-gitea:v2.0.3 volker.raschek/helm-gitea:v2.0.2 volker.raschek/helm-gitea:v2.0.0 volker.raschek/helm-gitea:v1.5.5 volker.raschek/helm-gitea:v1.5.4 volker.raschek/helm-gitea:v1.5.3 volker.raschek/helm-gitea:v1.5.2 volker.raschek/helm-gitea:v1.5.1 volker.raschek/helm-gitea:v1.5.0 volker.raschek/helm-gitea:v1.4.9 volker.raschek/helm-gitea:v1.4.8 volker.raschek/helm-gitea:v1.4.7 volker.raschek/helm-gitea:v1.4.6 volker.raschek/helm-gitea:v1.4.5 volker.raschek/helm-gitea:v1.4.4 volker.raschek/helm-gitea:v1.4.3 volker.raschek/helm-gitea:v1.4.2
..
compare: volker.raschek/helm-gitea:13.0.0-alpha-3
Branches Tags
volker.raschek/helm-gitea:main volker.raschek/helm-gitea:renovate/postgresql-18.x volker.raschek/helm-gitea:renovate/bats-testing-framework volker.raschek/helm-gitea:renovate/lock-file-maintenance volker.raschek/helm-gitea:renovate/alpine-helm-4.x volker.raschek/helm-gitea:renovate/valkey-5.x volker.raschek/helm-gitea:renovate/https-github.com-crazy-max-ghaction-import-gpg-7.x volker.raschek/helm-gitea:feat/sign volker.raschek/helm-gitea:renovate/https-github.com-aws-actions-configure-aws-credentials-6.x volker.raschek/helm-gitea:v13
volker.raschek/helm-gitea:13.0.0-alpha-10 volker.raschek/helm-gitea:13.0.0-alpha-9 volker.raschek/helm-gitea:13.0.0-alpha-8 volker.raschek/helm-gitea:13.0.0-alpha-7 volker.raschek/helm-gitea:13.0.0-alpha-6 volker.raschek/helm-gitea:13.0.0-alpha-5 volker.raschek/helm-gitea:13.0.0-alpha-4 volker.raschek/helm-gitea:13.0.0-alpha-3 volker.raschek/helm-gitea:13.0.0-alpha-2 volker.raschek/helm-gitea:13.0.0-alpha-1 volker.raschek/helm-gitea:v12.0.0 volker.raschek/helm-gitea:v11.0.1 volker.raschek/helm-gitea:v11.0.0 volker.raschek/helm-gitea:v10.6.0 volker.raschek/helm-gitea:v10.5.0 volker.raschek/helm-gitea:v10.4.1 volker.raschek/helm-gitea:v10.4.0 volker.raschek/helm-gitea:v10.3.0 volker.raschek/helm-gitea:v10.2.0 volker.raschek/helm-gitea:v10.1.4 volker.raschek/helm-gitea:v10.1.3 volker.raschek/helm-gitea:v10.1.2 volker.raschek/helm-gitea:v10.1.1 volker.raschek/helm-gitea:v10.1.0 volker.raschek/helm-gitea:v10.0.2 volker.raschek/helm-gitea:v10.0.1 volker.raschek/helm-gitea:v10.0.0 volker.raschek/helm-gitea:v9.6.1 volker.raschek/helm-gitea:v9.6.0 volker.raschek/helm-gitea:v9.5.1 volker.raschek/helm-gitea:v9.5.0 volker.raschek/helm-gitea:v9.4.0 volker.raschek/helm-gitea:v9.3.0 volker.raschek/helm-gitea:v9.2.1 volker.raschek/helm-gitea:v9.2.0 volker.raschek/helm-gitea:v9.1.0 volker.raschek/helm-gitea:v9.0.4 volker.raschek/helm-gitea:v9.0.3 volker.raschek/helm-gitea:v9.0.2 volker.raschek/helm-gitea:v9.0.1 volker.raschek/helm-gitea:v9.0.0 volker.raschek/helm-gitea:v8.3.0 volker.raschek/helm-gitea:v8.2.0 volker.raschek/helm-gitea:v8.1.0 volker.raschek/helm-gitea:v8.0.3 volker.raschek/helm-gitea:v8.0.2 volker.raschek/helm-gitea:v8.0.1 volker.raschek/helm-gitea:v8.0.0 volker.raschek/helm-gitea:v7.0.4 volker.raschek/helm-gitea:v7.0.3 volker.raschek/helm-gitea:v7.0.2 volker.raschek/helm-gitea:v7.0.1 volker.raschek/helm-gitea:v7.0.0 volker.raschek/helm-gitea:v6.0.5 volker.raschek/helm-gitea:v6.0.4 volker.raschek/helm-gitea:v6.0.3 volker.raschek/helm-gitea:v6.0.2 volker.raschek/helm-gitea:v6.0.1 volker.raschek/helm-gitea:v6.0.0 volker.raschek/helm-gitea:v5.0.9 volker.raschek/helm-gitea:v5.0.8 volker.raschek/helm-gitea:v5.0.7 volker.raschek/helm-gitea:v5.0.6 volker.raschek/helm-gitea:v5.0.5 volker.raschek/helm-gitea:v5.0.4 volker.raschek/helm-gitea:v5.0.3 volker.raschek/helm-gitea:v5.0.2 volker.raschek/helm-gitea:v5.0.1 volker.raschek/helm-gitea:v5.0.0 volker.raschek/helm-gitea:v4.1.1 volker.raschek/helm-gitea:v4.1.0 volker.raschek/helm-gitea:v4.0.3 volker.raschek/helm-gitea:v4.0.2 volker.raschek/helm-gitea:v4.0.1 volker.raschek/helm-gitea:v4.0.0 volker.raschek/helm-gitea:v3.1.4 volker.raschek/helm-gitea:v3.1.3 volker.raschek/helm-gitea:v3.1.2 volker.raschek/helm-gitea:v3.1.1 volker.raschek/helm-gitea:v3.1.0 volker.raschek/helm-gitea:v3.0.0 volker.raschek/helm-gitea:v2.2.5 volker.raschek/helm-gitea:v2.2.4 volker.raschek/helm-gitea:v2.2.3 volker.raschek/helm-gitea:v2.2.2 volker.raschek/helm-gitea:v2.2.1 volker.raschek/helm-gitea:v2.2.0 volker.raschek/helm-gitea:v2.1.11 volker.raschek/helm-gitea:v2.1.10 volker.raschek/helm-gitea:v2.1.9 volker.raschek/helm-gitea:v2.1.8 volker.raschek/helm-gitea:v2.1.7 volker.raschek/helm-gitea:v2.1.6 volker.raschek/helm-gitea:v2.1.5 volker.raschek/helm-gitea:v2.1.4 volker.raschek/helm-gitea:v2.1.3 volker.raschek/helm-gitea:v2.1.2 volker.raschek/helm-gitea:v2.1.1 volker.raschek/helm-gitea:v2.1.0 volker.raschek/helm-gitea:v2.0.7 volker.raschek/helm-gitea:v2.0.6 volker.raschek/helm-gitea:v2.0.5 volker.raschek/helm-gitea:v2.0.4 volker.raschek/helm-gitea:v2.0.3 volker.raschek/helm-gitea:v2.0.2 volker.raschek/helm-gitea:v2.0.0 volker.raschek/helm-gitea:v1.5.5 volker.raschek/helm-gitea:v1.5.4 volker.raschek/helm-gitea:v1.5.3 volker.raschek/helm-gitea:v1.5.2 volker.raschek/helm-gitea:v1.5.1 volker.raschek/helm-gitea:v1.5.0 volker.raschek/helm-gitea:v1.4.9 volker.raschek/helm-gitea:v1.4.8 volker.raschek/helm-gitea:v1.4.7 volker.raschek/helm-gitea:v1.4.6 volker.raschek/helm-gitea:v1.4.5 volker.raschek/helm-gitea:v1.4.4 volker.raschek/helm-gitea:v1.4.3 volker.raschek/helm-gitea:v1.4.2

12 Commits
main .. 13.0.0-alpha-3

Author SHA1 Message Date
volker.raschek a78b5d6172 fix(ci): asd
Run Helm tests / Execute helm lint (push) Successful in 8s
Details
Run Helm tests / Execute helm template (push) Successful in 17s
Details
Run Helm tests / Execute helm unittest (push) Successful in 26s
Details
Markdown linter / Execute npm run readme:lint (push) Successful in 7s
Details
Markdown linter / Execute npm run readme:parameters (push) Successful in 9s
Details
Markdown linter / Execute npm run readme:link (push) Successful in 36s
Details
Release / publish-chart (push) Failing after 29s
Details
Release / publish-release-notes (push) Has been skipped
Details
2026-02-15 19:43:33 +01:00
volker.raschek 3219f22a68 asd
Run Helm tests / Execute helm lint (push) Successful in 9s
Details
Run Helm tests / Execute helm template (push) Successful in 17s
Details
Run Helm tests / Execute helm unittest (push) Successful in 26s
Details
Markdown linter / Execute npm run readme:lint (push) Successful in 8s
Details
Markdown linter / Execute npm run readme:link (push) Successful in 35s
Details
Markdown linter / Execute npm run readme:parameters (push) Successful in 9s
Details
Release / publish-chart (push) Failing after 54s
Details
Release / publish-release-notes (push) Has been skipped
Details
2026-02-15 19:33:48 +01:00
volker.raschek cdd75f2e77 fix(ci): adapt release workflow
Run Helm tests / Execute helm lint (push) Successful in 14s
Details
Run Helm tests / Execute helm unittest (push) Successful in 27s
Details
Run Helm tests / Execute helm template (push) Successful in 50s
Details
Markdown linter / Execute npm run readme:link (push) Successful in 27s
Details
Markdown linter / Execute npm run readme:parameters (push) Successful in 12s
Details
Markdown linter / Execute npm run readme:lint (push) Successful in 36s
Details
Release / publish-chart (push) Failing after 24s
Details
Release / publish-release-notes (push) Has been skipped
Details
2026-02-15 18:45:42 +01:00
volker.raschek c96824da7f fix(ci): adapt release workflow 2026-02-15 18:43:33 +01:00
volker.raschek 5851fe7c4c fix(scripts): support pre-releases 2026-02-15 16:52:47 +01:00
volker.raschek 5c39511d9a fix(deployment): adapt nodeSelector test 2025-12-18 20:11:38 +01:00
volker.raschek 935b82ab0e fix(Makefile): add yamllint as dedicated target 2025-11-05 19:11:28 +01:00
volker.raschek 1b22954570 fix(deployment): avoid duplicated nodeSelector #980 2025-11-05 19:11:28 +01:00
volker.raschek 3da31782dd fix(Chart): add annotation 'artifacthub.io/links' 2025-10-12 12:15:58 +02:00
volker.raschek 4d6db83c28 fix(ci): improve workflows (#959)
Run Helm tests / Execute helm lint (push) Successful in 11s
Details
Run Helm tests / Execute helm template (push) Failing after 11s
Details
Run Helm tests / Execute helm unittest (push) Successful in 28s
Details
Markdown linter / Execute npm run readme:link (push) Successful in 36s
Details
Markdown linter / Execute npm run readme:lint (push) Successful in 8s
Details
Markdown linter / Execute npm run readme:parameters (push) Successful in 27s
Details 
🤖 Split up helm chart workflows

The following patch adapts the CI workflows. The worflows has been splitted into
dedicated parts. For example the `helm template` and `helm unittest` command is
now a seperate step to notice that a change affects the template mechanism but
not the unittest. This was priviously not possible, because both commands were
part of one step.

🤖 Changelog Issue

Additionally has the changelog workflow be improved. The shell commands has
been migrated to a dedicated file named `.gitea/scripts/changelog.sh`. This has
the advantage, that the shellcheck plugin of IDE's support developers by
developing such shell scripts. Furthermore, the used container image has been
replaced by the ubuntu:latest image of the act_runner. This make it more
comfortable in using `curl` or `jq`, because the complete set of features/flags
are
avialable instead of the previously used container image
`docker.io/thegeeklab/git-sv:2.0.5`. Final note to the shell script
`changelog.sh`, this can now be executed locally as well as on ARM-based
act_runners and helps to test the helm chart in own Gitea environments
beforehand.

🤖 Markdown linter

In addition, a new workflow for markdown files has now been introduced. This
checks the `README.md` file for links, ensures that it is properly formatted,
and verifies that the parameters match those in `values.yaml`. Here, too, the
commands have been outsourced to separate jobs so that more precise interaction
is possible in the event of an error.

⚠️ Warning

This patch also requires an adjustment in branch protection. There, the
workflows that must be successful before a merge must be redefined.

Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/959
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Markus Pesch <markus.pesch@cryptic.systems>
Co-committed-by: Markus Pesch <markus.pesch@cryptic.systems>
 2025-10-03 07:38:26 +00:00
volker.raschek 72606192a6 refactor(structure): remove leading gitea directory (#958) 
The following pull request removes the `gitea` directory. With regard to maintaining act_runners in a separate git repository or helm chart, this additional directory becomes redundant.

Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/958
Reviewed-by: DaanSelen <daanselen@noreply.gitea.com>
Co-authored-by: Markus Pesch <markus.pesch@cryptic.systems>
Co-committed-by: Markus Pesch <markus.pesch@cryptic.systems>
 2025-10-02 11:36:47 +00:00
volker.raschek fb407618dc feat: support network policies (#952) 
The following patch adds support for network policies.

The patch does not contain any specific network policies, as it is uncertain in which environment and with which access rights gitea will be deployed.

With regard to third-party components such as PostgreSQL or Valkey, the network policy may need to be adjusted. Whether this happens directly in the helm chart or whether the user has to enter it themselves is open to discussion.

During testing, I defined a few sample network policies to get Gitea up and running. These are only examples.

Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/952
Reviewed-by: DaanSelen <daanselen@noreply.gitea.com>
Co-authored-by: Markus Pesch <markus.pesch@cryptic.systems>
Co-committed-by: Markus Pesch <markus.pesch@cryptic.systems>
 2025-09-22 07:05:21 +00:00
93 changed files with 2477 additions and 1534 deletions
Expand all files Collapse all files
.gitea/scripts/add-annotations.sh
+56 -45
View File
@@ -1,61 +1,65 @@
#!/bin/bash #!/bin/bash
set -e set -e -o pipefail
CHART_FILE="Chart.yaml" chart_file="Chart.yaml"
if [ ! -f "${CHART_FILE}" ]; then if [ ! -f "${chart_file}" ]; then
echo "ERROR: ${CHART_FILE} not found!" 1>&2 echo "ERROR: ${chart_file} not found!" 1>&2
exit 1 exit 1
fi fi
DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)" default_new_tag="$(git tag --sort=-version:refname | head -n 1)"
DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)" default_old_tag="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
if [ -z "${1}" ]; then if [ -z "${1}" ]; then
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG echo "Enter start tag [${default_old_tag}]:"
if [ -z "${OLD_TAG}" ]; then read -r old_tag
OLD_TAG="${DEFAULT_OLD_TAG}" if [ -z "${old_tag}" ]; then
old_tag="${default_old_tag}"
fi fi
while [ -z "$(git tag --list "${OLD_TAG}")" ]; do while [ -z "$(git tag --list "${old_tag}")" ]; do
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2 echo "ERROR: Tag '${old_tag}' not found!" 1>&2
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG echo "Enter start tag [${default_old_tag}]:"
if [ -z "${OLD_TAG}" ]; then read -r old_tag
OLD_TAG="${DEFAULT_OLD_TAG}" if [ -z "${old_tag}" ]; then
old_tag="${default_old_tag}"
fi fi
done done
else else
OLD_TAG=${1} old_tag=${1}
if [ -z "$(git tag --list "${OLD_TAG}")" ]; then if [ -z "$(git tag --list "${old_tag}")" ]; then
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2 echo "ERROR: Tag '${old_tag}' not found!" 1>&2
exit 1 exit 1
fi fi
fi fi
if [ -z "${2}" ]; then if [ -z "${2}" ]; then
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG echo "Enter end tag [${default_new_tag}]:"
if [ -z "${NEW_TAG}" ]; then read -r new_tag
NEW_TAG="${DEFAULT_NEW_TAG}" if [ -z "${new_tag}" ]; then
new_tag="${default_new_tag}"
fi fi
while [ -z "$(git tag --list "${NEW_TAG}")" ]; do while [ -z "$(git tag --list "${new_tag}")" ]; do
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2 echo "ERROR: Tag '${new_tag}' not found!" 1>&2
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG echo "Enter end tag [${default_new_tag}]:"
if [ -z "${NEW_TAG}" ]; then read -r new_tag
NEW_TAG="${DEFAULT_NEW_TAG}" if [ -z "${new_tag}" ]; then
new_tag="${default_new_tag}"
fi fi
done done
else else
NEW_TAG=${2} new_tag=${2}
if [ -z "$(git tag --list "${NEW_TAG}")" ]; then if [ -z "$(git tag --list "${new_tag}")" ]; then
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2 echo "ERROR: Tag '${new_tag}' not found!" 1>&2
exit 1 exit 1
fi fi
fi fi
CHANGE_LOG_YAML=$(mktemp) change_log_yaml=$(mktemp)
echo "[]" > "${CHANGE_LOG_YAML}" echo "[]" > "${change_log_yaml}"
function map_type_to_kind() { function map_type_to_kind() {
case "${1}" in case "${1}" in
@@ -80,35 +84,42 @@ function map_type_to_kind() {
esac esac
} }
COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")" commit_titles="$(git log --pretty=format:"%s" "${old_tag}..${new_tag}")"
echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}" echo "INFO: Generate change log entries from ${old_tag} until ${new_tag}"
while IFS= read -r line; do while IFS= read -r line; do
if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then
TYPE="${BASH_REMATCH[1]}" type="${BASH_REMATCH[1]}"
KIND=$(map_type_to_kind "${TYPE}") kind=$(map_type_to_kind "${type}")
if [ "${KIND}" == "skip" ]; then if [ "${kind}" == "skip" ]; then
continue continue
fi fi
DESC="${BASH_REMATCH[3]}" desc="${BASH_REMATCH[3]}"
echo "- ${KIND}: ${DESC}" echo "- ${kind}: ${desc}"
jq --arg kind "${KIND}" --arg description "${DESC}" '. += [ $ARGS.named ]' < "${CHANGE_LOG_YAML}" > "${CHANGE_LOG_YAML}.new" jq --arg kind "${kind}" --arg description "${desc}" '. += [ $ARGS.named ]' < "${change_log_yaml}" > "${change_log_yaml}.new"
mv "${CHANGE_LOG_YAML}.new" "${CHANGE_LOG_YAML}" mv "${change_log_yaml}.new" "${change_log_yaml}"
fi fi
done <<< "${COMMIT_TITLES}" done <<< "${commit_titles}"
if [ -s "${CHANGE_LOG_YAML}" ]; then if [ -s "${change_log_yaml}" ]; then
yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}" yq --inplace --input-format json --output-format yml "${change_log_yaml}"
yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}" yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${change_log_yaml}\") | sort_keys(.)" "${chart_file}"
else else
echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2 echo "ERROR: Changelog file is empty: ${change_log_yaml}" 1>&2
exit 1 exit 1
fi fi
rm "${CHANGE_LOG_YAML}" rm "${change_log_yaml}"
regexp=".*-alpha-[0-9]+(\.[0-9]+){,2}$"
if [[ "${new_tag}" =~ $regexp ]]; then
yq --inplace '.annotations."artifacthub.io/prerelease" = "true"' "${chart_file}"
else
yq --inplace '.annotations."artifacthub.io/prerelease" = "false"' "${chart_file}"
fi
.gitea/scripts/update-changelog.sh
Executable
+86
View File
@@ -0,0 +1,86 @@
#!/bin/bash
DEFAULT_GITEA_SERVER_URL="${GITHUB_SERVER_URL:-"https://gitea.com"}"
DEFAULT_GITEA_REPOSITORY="${GITHUB_REPOSITORY:-"gitea/helm-gitea"}"
DEFAULT_GITEA_TOKEN="${ISSUE_RW_TOKEN:-""}"
if [ -z "${1}" ]; then
read -p "Enter hostname of the Gitea instance [${DEFAULT_GITEA_SERVER_URL}]: " CURRENT_GITEA_SERVER_URL
if [ -z "${CURRENT_GITEA_SERVER_URL}" ]; then
CURRENT_GITEA_SERVER_URL="${DEFAULT_GITEA_SERVER_URL}"
fi
else
CURRENT_GITEA_SERVER_URL=$1
fi
if [ -z "${2}" ]; then
read -p "Enter name of the git repository [${DEFAULT_GITEA_REPOSITORY}]: " CURRENT_GITEA_REPOSITORY
if [ -z "${CURRENT_GITEA_REPOSITORY}" ]; then
CURRENT_GITEA_REPOSITORY="${DEFAULT_GITEA_REPOSITORY}"
fi
else
CURRENT_GITEA_REPOSITORY=$2
fi
if [ -z "${3}" ]; then
read -p "Enter token to access the Gitea instance [${DEFAULT_GITEA_TOKEN}]: " CURRENT_GITEA_TOKEN
if [ -z "${CURRENT_GITEA_TOKEN}" ]; then
CURRENT_GITEA_TOKEN="${DEFAULT_GITEA_TOKEN}"
fi
else
CURRENT_GITEA_TOKEN=$3
fi
if ! git sv rn -o /tmp/changelog.md; then
echo "ERROR: Failed to generate /tmp/changelog.md" 1>&2
exit 1
fi
CURL_ARGS=(
"--data-urlencode" "q=Changelog for upcoming version"
# "--data-urlencode=\"q=Changelog for upcoming version\""
"--data-urlencode" "state=open"
"--fail"
"--header" "Accept: application/json"
"--header" "Authorization: token ${CURRENT_GITEA_TOKEN}"
"--request" "GET"
"--silent"
)
if ! ISSUE_NUMBER="$(curl "${CURL_ARGS[@]}" "${CURRENT_GITEA_SERVER_URL}/api/v1/repos/${CURRENT_GITEA_REPOSITORY}/issues" | jq '.[].number')"; then
echo "ERROR: Failed query issue number" 1>&2
exit 1
fi
export ISSUE_NUMBER
if ! echo "" | jq --raw-input --slurp --arg title "Changelog for upcoming version" --arg body "$(cat /tmp/changelog.md)" '{title: $title, body: $body}' 1> /tmp/payload.json; then
echo "ERROR: Failed to create JSON payload file" 1>&2
exit 1
fi
CURL_ARGS=(
"--data" "@/tmp/payload.json"
"--fail"
"--header" "Authorization: token ${CURRENT_GITEA_TOKEN}"
"--header" "Content-Type: application/json"
"--location"
"--silent"
"--output" "/dev/null"
)
if [ -z "${ISSUE_NUMBER}" ]; then
if ! curl "${CURL_ARGS[@]}" --request POST "${CURRENT_GITEA_SERVER_URL}/api/v1/repos/${CURRENT_GITEA_REPOSITORY}/issues"; then
echo "ERROR: Failed to create new issue!" 1>&2
exit 1
else
echo "INFO: Successfully created new issue!"
fi
else
if ! curl "${CURL_ARGS[@]}" --request PATCH "${CURRENT_GITEA_SERVER_URL}/api/v1/repos/${CURRENT_GITEA_REPOSITORY}/issues/${ISSUE_NUMBER}"; then
echo "ERROR: Failed to update issue with ID ${ISSUE_NUMBER}!" 1>&2
exit 1
else
echo "INFO: Successfully updated existing issue with ID ${ISSUE_NUMBER}!"
echo "INFO: ${CURRENT_GITEA_SERVER_URL}/${CURRENT_GITEA_REPOSITORY}/issues/${ISSUE_NUMBER}"
fi
fi
.gitea/workflows/changelog.yml
-32
View File
@@ -1,32 +0,0 @@
name: changelog
on:
push:
branches:
- main
jobs:
changelog:
runs-on: ubuntu-latest
container: docker.io/thegeeklab/git-sv:2.1.1
steps:
- name: install tools
run: |
apk add -q --update --no-cache nodejs curl jq sed
- uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Generate upcoming changelog
run: |
git sv rn -o changelog.md
export RELEASE_NOTES=$(cat changelog.md)
export ISSUE_NUMBER=$(curl -s "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues?state=open&q=Changelog%20for%20upcoming%20version" | jq '.[].number')
echo $RELEASE_NOTES
JSON_DATA=$(echo "" | jq -Rs --arg title 'Changelog for upcoming version' --arg body "$(cat changelog.md)" '{title: $title, body: $body}')
if [ -z "$ISSUE_NUMBER" ]; then
curl -s -X POST "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues" -H "Authorization: token ${{ secrets.ISSUE_RW_TOKEN }}" -H "Content-Type: application/json" -d "$JSON_DATA"
else
curl -s -X PATCH "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues/$ISSUE_NUMBER" -H "Authorization: token ${{ secrets.ISSUE_RW_TOKEN }}" -H "Content-Type: application/json" -d "$JSON_DATA"
fi
.gitea/workflows/commitlint.yml
+7 -9
View File
@@ -1,19 +1,17 @@
name: commitlint name: Rum commitlint
on: on:
pull_request: pull_request:
branches: branches: [ '**' ]
- "*" types: [ "opened", "edited" ]
types:
- opened
- edited
jobs: jobs:
check-and-test: check-and-test:
container: docker.io/commitlint/commitlint:19.9.1
name: Execute commitlint
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: commitlint/commitlint:20.5.3
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@v5.0.0
- name: check PR title - name: Check PR title
run: | run: |
echo "${{ gitea.event.pull_request.title }}" | commitlint --config .commitlintrc.json echo "${{ gitea.event.pull_request.title }}" | commitlint --config .commitlintrc.json
.gitea/workflows/helm.yml
+75
View File
@@ -0,0 +1,75 @@
name: Run Helm tests
on:
pull_request:
branches: [ '**' ]
push:
branches: [ '**' ]
tags-ignore: [ '**' ]
workflow_call: {}
env:
# renovate: datasource=github-releases depName=helm-unittest/helm-unittest
HELM_UNITTEST_VERSION: "v1.0.1"
jobs:
helm-lint:
container: docker.io/alpine/helm:3.18.6
name: Execute helm lint
runs-on: ubuntu-latest
steps:
- name: Install additional tools
run: |
apk update
apk add --update bash make nodejs
- uses: actions/checkout@v5.0.0
- name: Install helm chart dependencies
run: helm dependency build
- name: Execute helm lint
run: helm lint
helm-template:
container: docker.io/alpine/helm:3.18.6
name: Execute helm template
runs-on: ubuntu-latest
steps:
- name: Install additional tools
run: |
apk update
apk add --update bash make nodejs
- uses: actions/checkout@v5.0.0
- name: Install helm chart dependencies
run: helm dependency build
- name: Execute helm template
run: helm template --debug gitea-helm .
helm-unittest:
container: docker.io/alpine/helm:3.18.6
name: Execute helm unittest
runs-on: ubuntu-latest
steps:
- name: Install additional tools
run: |
apk update
apk add --update bash make nodejs npm yamllint ncurses
- uses: actions/checkout@v5.0.0
- name: Install helm chart dependencies
run: helm dependency build
- name: Install helm plugin 'unittest'
run: |
helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
git submodule update --init --recursive
- name: Execute helm unittest
env:
TERM: xterm
run: make unittests
# - name: verify readme
# run: |
# make readme
# git diff --exit-code --name-only README.md
# - name: yaml lint
# uses: https://github.com/ibiqlik/action-yamllint@v3
.gitea/workflows/markdown-linters.yml
+52
View File
@@ -0,0 +1,52 @@
name: Markdown linter
on:
pull_request:
types: [ "opened", "reopened", "synchronize" ]
push:
branches: [ '**' ]
tags-ignore: [ '**' ]
workflow_dispatch: {}
jobs:
readme-link:
container:
image: docker.io/library/node:24.9.0-alpine
name: Execute npm run readme:link
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5.0.0
- name: Execute npm run readme:link
run: |
npm install
npm run readme:link
readme-lint:
container:
image: docker.io/library/node:24.9.0-alpine
name: Execute npm run readme:lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5.0.0
- name: Execute npm run readme:lint
run: |
npm install
npm run readme:lint
readme-parameters:
container:
image: docker.io/library/node:24.9.0-alpine
name: Execute npm run readme:parameters
runs-on: ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git
- uses: actions/checkout@v5.0.0
- name: Execute npm run readme:parameters
run: |
npm install
npm run readme:parameters
- name: Compare diff
run: git diff --exit-code --name-only README.md
.gitea/workflows/release-version.yml
+134 -84
View File
@@ -1,110 +1,160 @@
name: generate-chart name: Release
env:
GPG_PRIVATE_KEY_FILE: ${{ runner.temp }}/private.key
GPG_PRIVATE_KEY_FINGERPRINT: ${{ vars.GPG_PRIVATE_KEY_FINGERPRINT }}
GPG_PRIVATE_KEY_PASSPHRASE_FILE: ${{ runner.temp }}/passphrase.txt
on: on:
push: push:
tags: tags: [ '**' ]
- "*"
jobs: jobs:
generate-chart-publish: publish-chart:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v6 - uses: azure/setup-helm@v4.3.1
with:
version: "v4.0.1" # renovate: datasource=github-tags depName=helm/helm
- name: Install helm plugins
env:
HELM_SIGSTORE_VERSION: "0.3.0" # renovate: datasource=github-tags depName=sigstore/helm-sigstore extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
HELM_SCHEMA_VALUES_VERSION: "2.3.1" # renovate: datasource=github-tags depName=losisin/helm-values-schema-json extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
HELM_UNITTEST_VERSION: "1.0.3" # renovate: datasource=github-tags depName=helm-unittest/helm-unittest extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
run: |
helm plugin install --verify=false https://github.com/sigstore/helm-sigstore.git --version "${HELM_SIGSTORE_VERSION}" 1> /dev/null
helm plugin install --verify=false https://github.com/losisin/helm-values-schema-json.git --version "${HELM_SCHEMA_VALUES_VERSION}" 1> /dev/null
helm plugin install --verify=false https://github.com/helm-unittest/helm-unittest.git --version "${HELM_UNITTEST_VERSION}" 1> /dev/null
helm plugin list
- name: GPG configuration
env:
GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.GPGSIGN_PASSPHRASE }}
GPG_PRIVATE_KEY: ${{ secrets.GPGSIGN_KEY }}
run: |
# Configure GPG and GPG Agent
mkdir --parents "${HOME}/.gnupg"
chmod 0700 "${HOME}/.gnupg"
cat > "${HOME}/.gnupg/gpg.conf" <<EOF
use-agent
pinentry-mode loopback
EOF
cat > "${HOME}/.gnupg/gpg-agent.conf" <<EOF
allow-loopback-pinentry
max-cache-ttl 86400
default-cache-ttl 86400
EOF
gpgconf --kill gpg-agent
gpgconf --launch gpg-agent
# Import GPG private key
cat 1> "${GPG_PRIVATE_KEY_PASSPHRASE_FILE}" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
cat 1> "${GPG_PRIVATE_KEY_FILE}" <<< "${GPG_PRIVATE_KEY}"
gpg --batch --yes --passphrase-fd 0 --import "${GPG_PRIVATE_KEY_FILE}" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
# Export GPG keyring
gpg --batch --yes --export "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/pubring.gpg"
gpg --batch --yes --passphrase-fd 0 --export-secret-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/secring.gpg" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
- uses: actions/checkout@v6.0.2
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Install packages via apt
run: |
apt update --yes
apt install --yes curl ca-certificates curl gnupg jq
- name: Install helm
env:
# renovate: datasource=docker depName=alpine/helm
HELM_VERSION: "3.21.0"
run: |
curl --fail --location --output /dev/stdout --silent --show-error https://get.helm.sh/helm-v${HELM_VERSION}-linux-$(dpkg --print-architecture).tar.gz | tar --extract --gzip --file /dev/stdin
mv linux-$(dpkg --print-architecture)/helm /usr/local/bin/
rm --force --recursive linux-$(dpkg --print-architecture) helm-v${HELM_VERSION}-linux-$(dpkg --print-architecture).tar.gz
helm version
- name: Install yq
env:
YQ_VERSION: v4.45.4 # renovate: datasource=github-releases depName=mikefarah/yq
run: |
curl --fail --location --output /dev/stdout --silent --show-error https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_$(dpkg --print-architecture).tar.gz | tar --extract --gzip --file /dev/stdin
mv yq_linux_$(dpkg --print-architecture) /usr/local/bin
rm --force --recursive yq_linux_$(dpkg --print-architecture) yq_linux_$(dpkg --print-architecture).tar.gz
yq --version
- name: Install docker-ce via apt
run: |
install -m 0755 -d /etc/apt/keyrings
curl --fail --location --silent --show-error https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update --yes
apt install --yes python3 python3-pip apt-transport-https docker-ce-cli
- name: Install awscli
run: |
pip install awscli --break-system-packages
aws --version
- name: Import GPG key
id: import_gpg
uses: https://github.com/crazy-max/ghaction-import-gpg@v7
with:
gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
- name: Add Artifacthub.io annotations - name: Add Artifacthub.io annotations
run: | run: |
NEW_TAG="$(git tag --sort=-version:refname | head --lines 1)" NEW_TAG="$(git tag --sort=-version:refname | head --lines 1)"
OLD_TAG="$(git tag --sort=-version:refname | head --lines 2 | tail --lines 1)" OLD_TAG="$(git tag --sort=-version:refname | head --lines 2 | tail --lines 1)"
.gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}" .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
- name: Print Chart.yaml - name: Extract meta information
run: cat Chart.yaml run: |
echo "GITEA_SERVER_HOSTNAME=$(echo "${GITHUB_SERVER_URL}" | cut --delimiter '/' --fields 3)" >> $GITHUB_ENV
# Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
- name: package chart echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut --delimiter '/' --fields 2)" >> $GITHUB_ENV
echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut --delimiter '/' --fields 1)" >> $GITHUB_ENV
- name: Package chart
run: | run: |
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
# FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
helm plugin install https://github.com/pat-s/helm-gpg
helm dependency build helm dependency build
helm package --version "${GITHUB_REF#refs/tags/v}" ./ helm package \
mkdir gitea --sign \
mv gitea*.tgz gitea/ --key "$(gpg --with-colons --list-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" | grep uid | cut --delimiter ':' --fields 10)" \
curl --fail --location --output gitea/index.yaml --silent --show-error https://dl.gitea.com/charts/index.yaml --keyring "${HOME}/.gnupg/secring.gpg" \
helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml --passphrase-file "${GPG_PRIVATE_KEY_PASSPHRASE_FILE}" \
# push to dockerhub --version "${PACKAGE_VERSION}" ./
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
helm push gitea/gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
helm registry logout registry-1.docker.io
- name: aws credential configure - uses: docker/login-action@v3.7.0
uses: https://github.com/aws-actions/configure-aws-credentials@v6
with: with:
aws-access-key-id: ${{ secrets.AWS_KEY_ID }} username: ${{ secrets.DOCKER_IO_USERNAME }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} password: ${{ secrets.DOCKER_IO_PASSWORD }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Copy files to S3 and clear cache - name: Upload package as OCI artifact to docker.io
env:
DOCKER_IO_REPO_NAME: ${{ vars.DOCKER_IO_REPO_NAME }}
run: | run: |
aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/ helm push *-${PACKAGE_VERSION}.tgz "oci://registry-1.docker.io/${DOCKER_IO_REPO_NAME}"
release-gitea: - uses: docker/login-action@v3.7.0
needs: generate-chart-publish with:
registry: ${{ github.server_url }}
username: ${{ secrets.GT_PACKAGE_REGISTRY_USERNAME }}
password: ${{ secrets.GT_PACKAGE_REGISTRY_TOKEN }}
- name: Upload package as OCI artifact to Gitea
run: |
helm push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz "oci://${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}/${REPOSITORY_NAME}"
# - name: Build new index.yaml
# run: |
# mkdir gitea
# curl \
# --fail \
# --header \
# --location \
# --output gitea/index.yaml \
# --show-error \
# --silent \
# https://dl.gitea.com/charts/index.yaml
# helm repo index \
# --merge gitea/index.yaml \
# --url https://dl.gitea.com/charts \
# gitea/
# - uses: aws-actions/configure-aws-credentials@v6.0.0
# with:
# aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# aws-region: ${{ secrets.AWS_REGION }}
# - name: Upload package as Helm chart to AWS S3
# run: |
# aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET }}/charts/
publish-release-notes:
needs: publish-chart
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: docker.io/thegeeklab/git-sv:2.1.1
steps: steps:
- name: install tools - name: Install gitsv
env:
GITSV_VERSION: v2.0.9 # renovate: datasource=github-releases depName=thegeeklab/git-sv
run: | run: |
apk add -q --update --no-cache nodejs curl \
- uses: actions/checkout@v6 --fail \
--location \
--output git-sv \
--output-dir /usr/local/bin \
--silent \
--show-error \
https://github.com/thegeeklab/git-sv/releases/download/${GITSV_VERSION}/git-sv-linux-$(dpkg --print-architecture)
git-sv --version
- uses: actions/checkout@v6.0.0
with: with:
fetch-tags: true fetch-tags: true
fetch-depth: 0 fetch-depth: 0
@@ -112,12 +162,12 @@ jobs:
- name: Create changelog - name: Create changelog
run: | run: |
git sv current-version git sv current-version
git sv release-notes -t ${GITHUB_REF#refs/tags/} -o CHANGELOG.md git sv release-notes -t "${PACKAGE_VERSION}" -o CHANGELOG.md
sed -i '1,2d' CHANGELOG.md # remove version sed -i '1,2d' CHANGELOG.md
cat CHANGELOG.md cat CHANGELOG.md
- name: Release - name: Release
uses: https://github.com/akkuman/gitea-release-action@v1 uses: akkuman/gitea-release-action@v1.3.5
with: with:
body_path: CHANGELOG.md body_path: CHANGELOG.md
token: "${{ secrets.RELEASE_TOKEN }}" token: "${{ secrets.RELEASE_TOKEN }}"
.gitea/workflows/test-pr.yml
-45
View File
@@ -1,45 +0,0 @@
name: check-and-test
on:
pull_request:
branches:
- "*"
push:
branches:
- main
env:
# renovate: datasource=github-releases depName=helm-unittest/helm-unittest
HELM_UNITTEST_VERSION: "v1.1.0"
jobs:
check-and-test:
runs-on: ubuntu-latest
container: alpine/helm:3.21.0
steps:
- name: install tools
run: |
apk update
apk add --update bash make nodejs npm yamllint ncurses
- uses: actions/checkout@v6
- name: install chart dependencies
run: helm dependency build
- name: lint
run: helm lint
- name: template
run: helm template --debug gitea-helm .
- name: prepare unit test environment
run: |
helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
git submodule update --init --recursive
- name: unit tests
env:
TERM: xterm
run: |
make unittests
- name: verify readme
run: |
make readme
git diff --exit-code --name-only README.md
- name: yaml lint
uses: https://github.com/ibiqlik/action-yamllint@v3
.gitea/workflows/update-changelog.yml
+29
View File
@@ -0,0 +1,29 @@
name: Update changelog
on:
push:
branches: [ "main" ]
workflow_dispatch: {}
jobs:
changelog:
runs-on: ubuntu-latest
steps:
- name: Install packages via apt-get
run: |
apt-get update &&
apt-get install --yes curl jq
- uses: actions/checkout@v5.0.0
with:
fetch-depth: 0
- name: Install git-sv
env:
GIT_SV_VERSION: v2.0.4 # renovate: datasource=github-releases depName=thegeeklab/git-sv
run: |
curl --fail --location --output /usr/local/bin/git-sv --silent --show-error https://github.com/thegeeklab/git-sv/releases/download/${GIT_SV_VERSION}/git-sv-linux-$(dpkg --print-architecture)
chmod +x /usr/local/bin/git-sv
git-sv --version
- name: Update changelog issue
env:
ISSUE_RW_TOKEN: ${{ secrets.ISSUE_RW_TOKEN }}
run: .gitea/scripts/update-changelog.sh
.markdownlink.json
+8
View File
@@ -0,0 +1,8 @@
{
"projectBaseUrl":"${workspaceFolder}",
"ignorePatterns": [
{
"pattern": "^http://localhost"
}
]
}
.vscode/settings.json
Vendored
+1 -1
View File
@@ -1,6 +1,6 @@
{ {
"yaml.schemas": { "yaml.schemas": {
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.1.0/schema/helm-testsuite.json": [ "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.1/schema/helm-testsuite.json": [
"/unittests/**/*.yaml" "/unittests/**/*.yaml"
] ]
}, },
CODEOWNERS
+1 -1
View File
@@ -1 +1 @@
* @volker.raschek @ChristopherHX * @rossigee @volker.raschek @ChristopherHX
CONTRIBUTING.md
+1 -2
View File
@@ -44,8 +44,7 @@ be used:
`helm install --dependency-update gitea . -f values.yaml`. `helm install --dependency-update gitea . -f values.yaml`.
1. Gitea is now deployed in `minikube`. 1. Gitea is now deployed in `minikube`.
To access it, it's port needs to be forwarded first from `minikube` to localhost first via `kubectl --namespace To access it, it's port needs to be forwarded first from `minikube` to localhost first via `kubectl --namespace
default port-forward svc/gitea-http 3000:3000`. default port-forward svc/gitea-http 3000:3000`. Now Gitea is accessible at [http://localhost:3000](http://localhost:3000).
Now Gitea is accessible at [http://localhost:3000](http://localhost:3000).
### Unit tests ### Unit tests
Chart.yaml
+4 -1
View File
@@ -4,7 +4,7 @@ description: Gitea Helm chart for Kubernetes
type: application type: application
version: 0.0.0 version: 0.0.0
# renovate datasource=github-releases depName=go-gitea/gitea extractVersion=^v(?<version>.*)$ # renovate datasource=github-releases depName=go-gitea/gitea extractVersion=^v(?<version>.*)$
appVersion: 1.26.2 appVersion: 1.24.6
icon: https://gitea.com/assets/img/logo.svg icon: https://gitea.com/assets/img/logo.svg
annotations: annotations:
@@ -26,6 +26,9 @@ sources:
- https://docker.gitea.com/gitea - https://docker.gitea.com/gitea
maintainers: maintainers:
# https://gitea.com/rossigee
- name: Ross Golder
email: ross@golder.org
# https://gitea.com/volker.raschek # https://gitea.com/volker.raschek
- name: Markus Pesch - name: Markus Pesch
email: markus.pesch+apps@cryptic.systems email: markus.pesch+apps@cryptic.systems
README.md
+85 -156
View File
@@ -17,7 +17,7 @@
- [Rootless Defaults](#rootless-defaults) - [Rootless Defaults](#rootless-defaults)
- [Session, Cache and Queue](#session-cache-and-queue) - [Session, Cache and Queue](#session-cache-and-queue)
- [Single-Pod Configurations](#single-pod-configurations) - [Single-Pod Configurations](#single-pod-configurations)
- [Additional _app.ini_ settings](#additional-appini-settings) - [Additional app.ini settings](#additional-appini-settings)
- [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini) - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini)
- [External Database](#external-database) - [External Database](#external-database)
- [Ports and external url](#ports-and-external-url) - [Ports and external url](#ports-and-external-url)
@@ -72,7 +72,7 @@ Additionally, this chart allows to provide LDAP and admin user configuration wit
## Update and versioning policy ## Update and versioning policy
The Gitea helm chart versioning does not follow Gitea's versioning. The Gitea helm chart versioning does not follow Gitea's versioning.
The latest chart version can be looked up in [https://dl.gitea.com/charts](https://dl.gitea.com/charts) or in the [repository releases](https://gitea.com/gitea/helm-gitea/releases). The latest chart version can be looked up in [https://dl.gitea.com/charts/](https://dl.gitea.com/charts/) or in the [repository releases](https://gitea.com/gitea/helm-gitea/releases).
The chart aims to follow Gitea's releases closely. The chart aims to follow Gitea's releases closely.
There might be times when the chart is behind the latest Gitea release. There might be times when the chart is behind the latest Gitea release.
@@ -266,7 +266,7 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us
- `$HOME` becomes `/data/gitea/git` - `$HOME` becomes `/data/gitea/git`
[see deployment.yaml](./templates/gitea/deployment.yaml) template inside (init-)container "env" declarations [see deployment.yaml](./templates/deployment.yaml) template inside (init-)container "env" declarations
- `START_SSH_SERVER: true` (Unless explicity overwritten by `gitea.config.server.START_SSH_SERVER`) - `START_SSH_SERVER: true` (Unless explicity overwritten by `gitea.config.server.START_SSH_SERVER`)
@@ -278,38 +278,7 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us
- `SSH_LOG_LEVEL` environment variable is not injected into the container - `SSH_LOG_LEVEL` environment variable is not injected into the container
[see deployment.yaml](./templates/gitea/deployment.yaml) template inside container "env" declarations [see deployment.yaml](./templates/deployment.yaml) template inside container "env" declarations
#### OpenShift Compatibility
When installing on OpenShift, enable the compatibility profile so chart-managed pods render SCC-safe defaults and the Gitea init containers stop forcing `runAsUser: 1000`:
```yaml
openshift:
enabled: true
```
When enabled, the chart applies `allowPrivilegeEscalation: false`, drops all
Linux capabilities, sets `runAsNonRoot: true`, uses
`seccompProfile.type: RuntimeDefault`, and leaves `hostUsers` unset unless
`openshift.hostUsers` is explicitly overridden.
The deployment keeps the existing vanilla Kubernetes behavior when OpenShift
compatibility is disabled. Auto-detection relies on the
`security.openshift.io/v1/SecurityContextConstraints` API, so set
`openshift.enabled: true` explicitly when rendering outside a live cluster.
If you also want to expose Gitea through an OpenShift Route, enable the optional Route resource:
```yaml
route:
enabled: true
host: git.apps.example.com
tls:
termination: edge
```
When `route.host` is set, the chart uses it for `DOMAIN`, `SSH_DOMAIN`, and `ROOT_URL`. Setting `route.tls.termination` also switches the default `ROOT_URL` scheme to `https`.
#### Session, Cache and Queue #### Session, Cache and Queue
@@ -391,7 +360,7 @@ If HA is not needed/desired, the following configurations can be used to deploy
</details> </details>
### Additional _app.ini_ settings ### Additional app.ini settings
> **The [generic](https://docs.gitea.com/administration/config-cheat-sheet#overall-default) > **The [generic](https://docs.gitea.com/administration/config-cheat-sheet#overall-default)
> section cannot be defined that way.** > section cannot be defined that way.**
@@ -412,7 +381,7 @@ gitea:
``` ```
This would mount the two additional volumes (`oauth` and `some-additionals`) from different sources to the init container where the _app.ini_ gets updated. This would mount the two additional volumes (`oauth` and `some-additionals`) from different sources to the init container where the _app.ini_ gets updated.
All files mounted that way will be read and converted to environment variables and then added to the _app.ini_ using [Gitea config edit-ini](https://docs.gitea.com/administration/config-cheat-sheet#use-environment-variables-to-setup-gitea). All files mounted that way will be read and converted to environment variables and then added to the _app.ini_ using [environment-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini).
The key of such additional source represents the section inside the _app.ini_. The key of such additional source represents the section inside the _app.ini_.
The value for each key can be multiline ini-like definitions. The value for each key can be multiline ini-like definitions.
@@ -453,10 +422,10 @@ Users are able to define their own environment variables, which are loaded into
We also support to directly interact with the generated _app.ini_. We also support to directly interact with the generated _app.ini_.
To inject self defined variables into the _app.ini_ a certain format needs to be honored. To inject self defined variables into the _app.ini_ a certain format needs to be honored.
This is described in detail on the [Gitea config edit-ini](https://docs.gitea.com/administration/config-cheat-sheet#use-environment-variables-to-setup-gitea) page. This is described in detail on the [env-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini) page.
Prior to Gitea 1.20 and Chart 9.0.0 the helm chart had a custom prefix `ENV_TO_INI`. Prior to Gitea 1.20 and Chart 9.0.0 the helm chart had a custom prefix `ENV_TO_INI`.
After the support for a custom prefix was removed in Gitea core, the prefix was changed to `GITEA`. After the support for a custom prefix was removed in Gite core, the prefix was changed to `GITEA`.
For example a database setting needs to have the following format: For example a database setting needs to have the following format:
@@ -1006,14 +975,12 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
### Security ### Security
| Name | Description | Value | | Name | Description | Value |
| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ----- | | ---------------------------- | --------------------------------------------------------------- | ------ |
| `openshift.enabled` | Enable OpenShift compatibility defaults for chart-managed pods. Defaults to auto-detect based on the SecurityContextConstraints API. | `nil` | | `podSecurityContext.fsGroup` | Set the shared file system group for all containers in the pod. | `1000` |
| `openshift.hostUsers` | Override the PodSpec hostUsers field for chart-managed pods. When unset, the field is omitted so the platform default is used. | `nil` | | `containerSecurityContext` | Security context | `{}` |
| `podSecurityContext` | Pod security context. On non-OpenShift clusters the chart defaults `fsGroup` to `1000` when this map is empty. | `{}` | | `securityContext` | Run init and Gitea containers as a specific securityContext | `{}` |
| `containerSecurityContext` | Security context | `{}` | | `podDisruptionBudget` | Pod disruption budget | `{}` |
| `securityContext` | Run init and Gitea containers as a specific securityContext | `{}` |
| `podDisruptionBudget` | Pod disruption budget | `{}` |
### Service ### Service
@@ -1059,22 +1026,6 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
| `ingress.hosts[0].paths[0].path` | Default Ingress path | `/` | | `ingress.hosts[0].paths[0].path` | Default Ingress path | `/` |
| `ingress.tls` | Ingress tls settings | `[]` | | `ingress.tls` | Ingress tls settings | `[]` |
### Route
| Name | Description | Value |
| ----------------------------------------- | -------------------------------------------------------------------------------------------------------------- | ------- |
| `route.enabled` | Enable OpenShift Route | `false` |
| `route.annotations` | Route annotations | `{}` |
| `route.host` | Route host. When unset, OpenShift may generate one and Gitea URL defaults fall back to ingress/service values. | `""` |
| `route.path` | Route path | `""` |
| `route.wildcardPolicy` | Route wildcard policy | `None` |
| `route.tls.termination` | Route TLS termination type | `nil` |
| `route.tls.insecureEdgeTerminationPolicy` | Route insecure edge termination policy | `nil` |
| `route.tls.key` | Route TLS key | `nil` |
| `route.tls.certificate` | Route TLS certificate | `nil` |
| `route.tls.caCertificate` | Route TLS CA certificate | `nil` |
| `route.tls.destinationCACertificate` | Route destination CA certificate | `nil` |
### deployment ### deployment
| Name | Description | Value | | Name | Description | Value |
@@ -1147,30 +1098,29 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
### Gitea ### Gitea
| Name | Description | Value | | Name | Description | Value |
| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------- | | -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | -------------------- |
| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` | | `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` |
| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | | `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` |
| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` | | `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` |
| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` | | `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` |
| `gitea.admin.passwordMode` | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated | `keepUpdated` | | `gitea.admin.passwordMode` | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated | `keepUpdated` |
| `gitea.metrics.enabled` | Enable Gitea metrics | `false` | | `gitea.metrics.enabled` | Enable Gitea metrics | `false` |
| `gitea.metrics.token` | used for `bearer` token authentication on metrics endpoint. If not specified or empty metrics endpoint is public. | `nil` | | `gitea.metrics.token` | used for `bearer` token authentication on metrics endpoint. If not specified or empty metrics endpoint is public. | `nil` |
| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor. Requires, that `gitea.metrics.enabled` is also set to true, to enable metrics generally. | `false` | | `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor. Requires, that `gitea.metrics.enabled` is also set to true, to enable metrics generally. | `false` |
| `gitea.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | `""` | | `gitea.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | `""` |
| `gitea.metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` | | `gitea.metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` |
| `gitea.metrics.serviceMonitor.scheme` | HTTP scheme to use for scraping. For example `http` or `https`. Default is http. | `""` | | `gitea.metrics.serviceMonitor.scheme` | HTTP scheme to use for scraping. For example `http` or `https`. Default is http. | `""` |
| `gitea.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. | `""` | | `gitea.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. | `""` |
| `gitea.metrics.serviceMonitor.tlsConfig` | TLS configuration to use when scraping the metric endpoint by Prometheus. | `{}` | | `gitea.metrics.serviceMonitor.tlsConfig` | TLS configuration to use when scraping the metric endpoint by Prometheus. | `{}` |
| `gitea.ldap` | LDAP configuration | `[]` | | `gitea.ldap` | LDAP configuration | `[]` |
| `gitea.oauth` | OAuth configuration | `[]` | | `gitea.oauth` | OAuth configuration | `[]` |
| `gitea.config.server.SSH_PORT` | SSH port for rootlful Gitea image | `22` | | `gitea.config.server.SSH_PORT` | SSH port for rootlful Gitea image | `22` |
| `gitea.config.server.SSH_LISTEN_PORT` | SSH port for rootless Gitea image | `2222` | | `gitea.config.server.SSH_LISTEN_PORT` | SSH port for rootless Gitea image | `2222` |
| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | | `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` |
| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | | `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` |
| `gitea.extraEnvSourceFile` | Source environment variables from a file during init container startup. This is especially useful for reading environment variable files generated by the Vault agent-injector. | `nil` | | `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` |
| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` | | `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` |
| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` |
### LivenessProbe ### LivenessProbe
@@ -1208,89 +1158,68 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
| `gitea.startupProbe.successThreshold` | Success threshold for startup probe | `1` | | `gitea.startupProbe.successThreshold` | Success threshold for startup probe | `1` |
| `gitea.startupProbe.failureThreshold` | Failure threshold for startup probe | `10` | | `gitea.startupProbe.failureThreshold` | Failure threshold for startup probe | `10` |
### Network Policy
| Name | Description | Value |
| --------------------------- | ------------------------------------------------------------------------- | ------- |
| `networkPolicy.enabled` | Enable network policies in general. | `false` |
| `networkPolicy.annotations` | Additional network policy annotations. | `{}` |
| `networkPolicy.labels` | Additional network policy labels. | `{}` |
| `networkPolicy.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]` |
| `networkPolicy.egress` | Concrete egress network policy implementation. | `[]` |
| `networkPolicy.ingress` | Concrete ingress network policy implementation. | `[]` |
### valkey-cluster ### valkey-cluster
Valkey cluster and [Valkey](#valkey) cannot be enabled at the same time. Valkey cluster and [Valkey](#valkey) cannot be enabled at the same time.
| Name | Description | Value | | Name | Description | Value |
| --------------------------------------------------- | --------------------------------------------------------------------------- | ------------------------------ | | ------------------------------------- | -------------------------------------------------------------------- | ------- |
| `valkey-cluster.enabled` | Enable valkey cluster | `true` | | `valkey-cluster.enabled` | Enable valkey cluster | `true` |
| `valkey-cluster.usePassword` | Whether to use password authentication. | `false` | | `valkey-cluster.usePassword` | Whether to use password authentication | `false` |
| `valkey-cluster.usePasswordFiles` | Whether to mount passwords as files instead of environment variables. | `false` | | `valkey-cluster.usePasswordFiles` | Whether to mount passwords as files instead of environment variables | `false` |
| `valkey-cluster.image.repository` | Image repository, eg. `bitnamilegacy/valkey-cluster`. | `bitnamilegacy/valkey-cluster` | | `valkey-cluster.cluster.nodes` | Number of valkey cluster master nodes | `3` |
| `valkey-cluster.cluster.nodes` | Number of valkey cluster master nodes | `3` | | `valkey-cluster.cluster.replicas` | Number of valkey cluster master node replicas | `0` |
| `valkey-cluster.cluster.replicas` | Number of valkey cluster master node replicas | `0` | | `valkey-cluster.service.ports.valkey` | Port of Valkey service | `6379` |
| `valkey-cluster.metrics.image.repository` | Image repository, eg. `bitnamilegacy/redis-exporter`. | `bitnamilegacy/redis-exporter` |
| `valkey-cluster.persistence.enabled` | Enable persistence on Valkey replicas nodes using Persistent Volume Claims. | `true` |
| `valkey-cluster.persistence.storageClass` | Persistent Volume storage class. | `""` |
| `valkey-cluster.persistence.size` | Persistent Volume size. | `8Gi` |
| `valkey-cluster.service.ports.valkey` | Port of Valkey service | `6379` |
| `valkey-cluster.sysctlImage.repository` | Image repository, eg. `bitnamilegacy/os-shell`. | `bitnamilegacy/os-shell` |
| `valkey-cluster.volumePermissions.image.repository` | Image repository, eg. `bitnamilegacy/os-shell`. | `bitnamilegacy/os-shell` |
### valkey ### valkey
Valkey and [Valkey cluster](#valkey-cluster) cannot be enabled at the same time. Valkey and [Valkey cluster](#valkey-cluster) cannot be enabled at the same time.
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------- | --------------------------------------------------------------------------- | ------------------------------- | | ------------------------------------ | ------------------------------------------- | ------------ |
| `valkey.enabled` | Enable valkey standalone or replicated | `false` | | `valkey.enabled` | Enable valkey standalone or replicated | `false` |
| `valkey.architecture` | Whether to use standalone or replication | `standalone` | | `valkey.architecture` | Whether to use standalone or replication | `standalone` |
| `valkey.kubectl.image.repository` | Image repository, eg. `bitnamilegacy/kubectl`. | `bitnamilegacy/kubectl` | | `valkey.global.valkey.password` | Required password | `changeme` |
| `valkey.image.repository` | Image repository, eg. `bitnamilegacy/valkey`. | `bitnamilegacy/valkey` | | `valkey.master.count` | Number of Valkey master instances to deploy | `1` |
| `valkey.global.valkey.password` | Required password | `changeme` | | `valkey.master.service.ports.valkey` | Port of Valkey service | `6379` |
| `valkey.master.count` | Number of Valkey master instances to deploy | `1` |
| `valkey.master.service.ports.valkey` | Port of Valkey service | `6379` |
| `valkey.metrics.image.repository` | Image repository, eg. `bitnamilegacy/redis-exporter`. | `bitnamilegacy/redis-exporter` |
| `valkey.primary.persistence.enabled` | Enable persistence on Valkey replicas nodes using Persistent Volume Claims. | `true` |
| `valkey.primary.persistence.storageClass` | Persistent Volume storage class. | `""` |
| `valkey.primary.persistence.size` | Persistent Volume size. | `8Gi` |
| `valkey.replica.persistence.enabled` | Enable persistence on Valkey replicas nodes using Persistent Volume Claims. | `true` |
| `valkey.replica.persistence.storageClass` | Persistent Volume storage class. | `""` |
| `valkey.replica.persistence.size` | Persistent Volume size. | `8Gi` |
| `valkey.sentinel.image.repository` | Image repository, eg. `bitnamilegacy/sentinel`. | `bitnamilegacy/valkey-sentinel` |
| `valkey.volumePermissions.image.repository` | Image repository, eg. `bitnamilegacy/os-shell`. | `bitnamilegacy/os-shell` |
### PostgreSQL HA ### PostgreSQL HA
| Name | Description | Value | | Name | Description | Value |
| -------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------- | | ------------------------------------------- | ---------------------------------------------------------------- | ----------- |
| `postgresql-ha.enabled` | Enable PostgreSQL HA | `true` | | `postgresql-ha.enabled` | Enable PostgreSQL HA | `true` |
| `postgresql-ha.global.postgresql.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` | | `postgresql-ha.postgresql.password` | Password for the `gitea` user (overrides `auth.password`) | `changeme4` |
| `postgresql-ha.global.postgresql.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` | | `postgresql-ha.global.postgresql.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` |
| `postgresql-ha.global.postgresql.password` | Name for a custom password to create (overrides `auth.password`) | `gitea` | | `postgresql-ha.global.postgresql.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` |
| `postgresql-ha.metrics.image.repository` | Image repository, eg. `bitnamilegacy/postgres-exporter`. | `bitnamilegacy/postgres-exporter` | | `postgresql-ha.global.postgresql.password` | Name for a custom password to create (overrides `auth.password`) | `gitea` |
| `postgresql-ha.postgresql.image.repository` | Image repository, eg. `bitnamilegacy/postgresql-repmgr`. | `bitnamilegacy/postgresql-repmgr` | | `postgresql-ha.postgresql.repmgrPassword` | Repmgr Password | `changeme2` |
| `postgresql-ha.postgresql.repmgrPassword` | Repmgr Password | `changeme2` | | `postgresql-ha.postgresql.postgresPassword` | postgres Password | `changeme1` |
| `postgresql-ha.postgresql.postgresPassword` | postgres Password | `changeme1` | | `postgresql-ha.pgpool.adminPassword` | pgpool adminPassword | `changeme3` |
| `postgresql-ha.postgresql.password` | Password for the `gitea` user (overrides `auth.password`) | `changeme4` | | `postgresql-ha.pgpool.srCheckPassword` | pgpool srCheckPassword | `changeme4` |
| `postgresql-ha.pgpool.adminPassword` | pgpool adminPassword | `changeme3` | | `postgresql-ha.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` |
| `postgresql-ha.pgpool.image.repository` | Image repository, eg. `bitnamilegacy/pgpool`. | `bitnamilegacy/pgpool` | | `postgresql-ha.persistence.size` | PVC Storage Request for PostgreSQL HA volume | `10Gi` |
| `postgresql-ha.pgpool.srCheckPassword` | pgpool srCheckPassword | `changeme4` |
| `postgresql-ha.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` |
| `postgresql-ha.persistence.enabled` | Enable persistence. | `true` |
| `postgresql-ha.persistence.storageClass` | Persistent Volume Storage Class. | `""` |
| `postgresql-ha.persistence.size` | PVC Storage Request for PostgreSQL HA volume | `10Gi` |
| `postgresql-ha.volumePermissions.image.repository` | Image repository, eg. `bitnamilegacy/os-shell`. | `bitnamilegacy/os-shell` |
### PostgreSQL ### PostgreSQL
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------- | | ------------------------------------------------------- | ---------------------------------------------------------------- | ------- |
| `postgresql.enabled` | Enable PostgreSQL | `false` | | `postgresql.enabled` | Enable PostgreSQL | `false` |
| `postgresql.global.postgresql.auth.password` | Password for the `gitea` user (overrides `auth.password`) | `gitea` | | `postgresql.global.postgresql.auth.password` | Password for the `gitea` user (overrides `auth.password`) | `gitea` |
| `postgresql.global.postgresql.auth.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` | | `postgresql.global.postgresql.auth.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` |
| `postgresql.global.postgresql.auth.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` | | `postgresql.global.postgresql.auth.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` |
| `postgresql.global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` | | `postgresql.global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` |
| `postgresql.image.repository` | Image repository, eg. `bitnamilegacy/postgresql`. | `bitnamilegacy/postgresql` | | `postgresql.primary.persistence.size` | PVC Storage Request for PostgreSQL volume | `10Gi` |
| `postgresql.primary.persistence.enabled` | Enable persistence. | `true` |
| `postgresql.primary.persistence.storageClass` | Persistent Volume storage class. | `""` |
| `postgresql.primary.persistence.size` | PVC Storage Request for PostgreSQL volume. | `10Gi` |
| `postgresql.readReplicas.persistence.enabled` | Enable PostgreSQL read only data persistence using PVC. | `true` |
| `postgresql.readReplicas.persistence.storageClass` | Persistent Volume storage class. | `""` |
| `postgresql.readReplicas.persistence.size` | PVC Storage Request for PostgreSQL volume. | `""` |
| `postgresql.metrics.image.repository` | Image repository, eg. `bitnamilegacy/postgres-exporter`. | `bitnamilegacy/postgres-exporter` |
| `postgresql.volumePermissions.image.repository` | Image repository, eg. `bitnamilegacy/os-shell`. | `bitnamilegacy/os-shell` |
### Advanced ### Advanced
@@ -1577,7 +1506,7 @@ mariadb:
### App.ini generation <!-- omit from toc --> ### App.ini generation <!-- omit from toc -->
The app.ini generation has changed and now uses the `gitea config edit-ini` subcommand introduced in Gitea 1.26. The app.ini generation has changed and now utilizes the environment-to-ini script provided by newer Gitea versions.
This change ensures, that the app.ini is now persistent. This change ensures, that the app.ini is now persistent.
### Secret Key generation <!-- omit from toc --> ### Secret Key generation <!-- omit from toc -->
package-lock.json
Generated
+1397 -148
View File
File diff suppressed because it is too large Load Diff
package.json
+3 -1
View File
@@ -9,11 +9,13 @@
"npm": ">=8.0.0" "npm": ">=8.0.0"
}, },
"scripts": { "scripts": {
"readme:link": "markdown-link-check --config .markdownlink.json *.md",
"readme:lint": "markdownlint *.md -f", "readme:lint": "markdownlint *.md -f",
"readme:parameters": "readme-generator -v values.yaml -r README.md" "readme:parameters": "readme-generator -v values.yaml -r README.md"
}, },
"devDependencies": { "devDependencies": {
"@bitnami/readme-generator-for-helm": "^2.5.0", "@bitnami/readme-generator-for-helm": "^2.5.0",
"markdownlint-cli": "^0.48.0" "markdown-link-check": "^3.13.6",
"markdownlint-cli": "^0.45.0"
} }
} }
scripts/init-containers/config/config_environment.sh
+2 -1
View File
@@ -78,6 +78,7 @@ function env2ini::reload_preset_envs() {
rm $TMP_EXISTING_ENVS_FILE rm $TMP_EXISTING_ENVS_FILE
} }
function env2ini::process_config_file() { function env2ini::process_config_file() {
local config_file="${1}" local config_file="${1}"
local section="$(basename "${config_file}")" local section="$(basename "${config_file}")"
@@ -150,4 +151,4 @@ if [ -f ${GITEA_APP_INI} ]; then
unset GITEA__SERVER__LFS_JWT_SECRET unset GITEA__SERVER__LFS_JWT_SECRET
fi fi
gitea config edit-ini --apply-env --config "$GITEA_APP_INI" --out "$GITEA_APP_INI" environment-to-ini -o $GITEA_APP_INI
templates/NOTES.txt
+1 -8
View File
@@ -1,12 +1,5 @@
1. Get the application URL by running these commands: 1. Get the application URL by running these commands:
{{- if .Values.route.enabled }} {{- if .Values.ingress.enabled }}
{{- if .Values.route.host }}
{{ include "gitea.public_protocol" . }}://{{ tpl .Values.route.host . }}{{ .Values.route.path }}
{{- else }}
export ROUTE_HOST=$(kubectl get route --namespace {{ .Release.Namespace }} {{ include "gitea.fullname" . }} -o jsonpath="{.spec.host}")
echo {{ include "gitea.public_protocol" . }}://$ROUTE_HOST{{ .Values.route.path }}
{{- end }}
{{- else if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }} {{- range $host := .Values.ingress.hosts }}
{{- range .paths }} {{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
templates/_helpers.tpl
+15 -98
View File
@@ -76,87 +76,6 @@ imagePullSecrets:
{{- end }} {{- end }}
{{- end -}} {{- end -}}
{{/*
Return true when OpenShift compatibility defaults should be rendered.
If openshift.enabled is unset, auto-detect via the SCC API.
*/}}
{{- define "gitea.openshift.enabled" -}}
{{- if kindIs "bool" .Values.openshift.enabled -}}
{{ ternary "true" "false" .Values.openshift.enabled }}
{{- else if .Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints" -}}
true
{{- else -}}
false
{{- end -}}
{{- end -}}
{{/*
Return the pod's hostUsers setting when OpenShift compatibility is enabled.
*/}}
{{- define "gitea.hostUsers" -}}
{{- if eq (include "gitea.openshift.enabled" . | trim) "true" -}}
{{- if kindIs "bool" .Values.openshift.hostUsers -}}
{{ ternary "true" "false" .Values.openshift.hostUsers }}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Render pod securityContext. On non-OpenShift clusters an empty map defaults fsGroup to 1000.
*/}}
{{- define "gitea.podSecurityContext" -}}
{{- $podSecurityContext := deepCopy .Values.podSecurityContext -}}
{{- if and (ne (include "gitea.openshift.enabled" . | trim) "true") (not (hasKey $podSecurityContext "fsGroup")) -}}
{{- $_ := set $podSecurityContext "fsGroup" 1000 -}}
{{- end -}}
{{- if gt (len $podSecurityContext) 0 -}}
{{ toYaml $podSecurityContext }}
{{- end -}}
{{- end -}}
{{/*
Render container securityContext with OpenShift restricted SCC defaults when enabled.
*/}}
{{- define "gitea.containerSecurityContext" -}}
{{- $root := index . 0 -}}
{{- $containerSecurityContext := deepCopy (index . 1) -}}
{{- if eq (include "gitea.openshift.enabled" $root | trim) "true" -}}
{{- $containerSecurityContext = mergeOverwrite (dict
"allowPrivilegeEscalation" false
"capabilities" (dict "drop" (list "ALL"))
"runAsNonRoot" true
"seccompProfile" (dict "type" "RuntimeDefault")
) $containerSecurityContext -}}
{{- end -}}
{{- if gt (len $containerSecurityContext) 0 -}}
{{ toYaml $containerSecurityContext }}
{{- end -}}
{{- end -}}
{{/*
Render the securityContext for init containers that execute Gitea/GPG commands.
These default to runAsUser 1000 outside OpenShift to preserve existing behavior.
*/}}
{{- define "gitea.commandInitContainerSecurityContext" -}}
{{- $root := index . 0 -}}
{{- $containerSecurityContext := deepCopy (index . 1) -}}
{{- if and (ne (include "gitea.openshift.enabled" $root | trim) "true") (not (hasKey $containerSecurityContext "runAsUser")) -}}
{{- $_ := set $containerSecurityContext "runAsUser" 1000 -}}
{{- end -}}
{{- include "gitea.containerSecurityContext" (list $root $containerSecurityContext) -}}
{{- end -}}
{{/*
Render the runtime container securityContext while honoring the deprecated securityContext value.
*/}}
{{- define "gitea.runtimeContainerSecurityContext" -}}
{{- $containerSecurityContext := deepCopy .Values.containerSecurityContext -}}
{{- if and (eq (len $containerSecurityContext) 0) .Values.securityContext -}}
{{- $containerSecurityContext = deepCopy .Values.securityContext -}}
{{- end -}}
{{- include "gitea.containerSecurityContext" (list . $containerSecurityContext) -}}
{{- end -}}
{{/* {{/*
Storage Class Storage Class
@@ -168,6 +87,12 @@ storageClassName: {{ $storageClass | quote }}
{{- end }} {{- end }}
{{- end -}} {{- end -}}
{{/*
Common annotations
*/}}
{{- define "gitea.annotations" -}}
{{- end }}
{{/* {{/*
Common labels Common labels
*/}} */}}
@@ -220,7 +145,7 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{- else if (index .Values "valkey-cluster").enabled -}} {{- else if (index .Values "valkey-cluster").enabled -}}
{{- printf "redis+cluster://:%s@%s-valkey-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "valkey-cluster").global.valkey.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "valkey-cluster").service.ports.valkey -}} {{- printf "redis+cluster://:%s@%s-valkey-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "valkey-cluster").global.valkey.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "valkey-cluster").service.ports.valkey -}}
{{- else if (index .Values "valkey").enabled -}} {{- else if (index .Values "valkey").enabled -}}
{{- printf "redis://:%s@%s-valkey-primary.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "valkey").global.valkey.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "valkey").master.service.ports.valkey -}} {{- printf "redis://:%s@%s-valkey-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "valkey").global.valkey.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "valkey").master.service.ports.valkey -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
@@ -234,9 +159,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{- define "valkey.servicename" -}} {{- define "valkey.servicename" -}}
{{- if (index .Values "valkey-cluster").enabled -}} {{- if (index .Values "valkey-cluster").enabled -}}
{{- printf "%s-valkey-cluster-headless.%s.svc" .Release.Name .Release.Namespace -}} {{- printf "%s-valkey-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
{{- else if (index .Values "valkey").enabled -}} {{- else if (index .Values "valkey").enabled -}}
{{- printf "%s-valkey-primary.%s.svc" .Release.Name .Release.Namespace -}} {{- printf "%s-valkey-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
@@ -244,16 +169,6 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{- printf "%s-http.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain -}} {{- printf "%s-http.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain -}}
{{- end -}} {{- end -}}
{{- define "gitea.public_hostname" -}}
{{- if and .Values.route.enabled .Values.route.host -}}
{{ tpl .Values.route.host . }}
{{- else if gt (len .Values.ingress.hosts) 0 -}}
{{ tpl (index .Values.ingress.hosts 0).host $ }}
{{- else -}}
{{ include "gitea.default_domain" . }}
{{- end -}}
{{- end -}}
{{- define "gitea.ldap_settings" -}} {{- define "gitea.ldap_settings" -}}
{{- $idx := index . 0 }} {{- $idx := index . 0 }}
{{- $values := index . 1 }} {{- $values := index . 1 }}
@@ -304,9 +219,7 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}} {{- end -}}
{{- define "gitea.public_protocol" -}} {{- define "gitea.public_protocol" -}}
{{- if and .Values.route.enabled .Values.route.tls.termination -}} {{- if and .Values.ingress.enabled (gt (len .Values.ingress.tls) 0) -}}
https
{{- else if and .Values.ingress.enabled (gt (len .Values.ingress.tls) 0) -}}
https https
{{- else -}} {{- else -}}
{{ .Values.gitea.config.server.PROTOCOL }} {{ .Values.gitea.config.server.PROTOCOL }}
@@ -439,7 +352,11 @@ https
{{- $_ := set .Values.gitea.config.server "PROTOCOL" "http" -}} {{- $_ := set .Values.gitea.config.server "PROTOCOL" "http" -}}
{{- end -}} {{- end -}}
{{- if not (.Values.gitea.config.server.DOMAIN) -}} {{- if not (.Values.gitea.config.server.DOMAIN) -}}
{{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.public_hostname" .) -}} {{- if gt (len .Values.ingress.hosts) 0 -}}
{{- $_ := set .Values.gitea.config.server "DOMAIN" ( tpl (index .Values.ingress.hosts 0).host $) -}}
{{- else -}}
{{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.default_domain" .) -}}
{{- end -}}
{{- end -}} {{- end -}}
{{- if not .Values.gitea.config.server.ROOT_URL -}} {{- if not .Values.gitea.config.server.ROOT_URL -}}
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" (include "gitea.public_protocol" .) .Values.gitea.config.server.DOMAIN) -}} {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" (include "gitea.public_protocol" .) .Values.gitea.config.server.DOMAIN) -}}
templates/_networkPolicy.tpl
+19
View File
@@ -0,0 +1,19 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "gitea.networkPolicy.annotations" -}}
{{ include "gitea.annotations" . }}
{{- if .Values.networkPolicy.annotations }}
{{ toYaml .Values.networkPolicy.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "gitea.networkPolicy.labels" -}}
{{ include "gitea.labels" . }}
{{- if .Values.networkPolicy.labels }}
{{ toYaml .Values.networkPolicy.labels }}
{{- end }}
{{- end }}
templates/_pod.tpl
+17
View File
@@ -0,0 +1,17 @@
---
{{/* labels */}}
{{- define "gitea.pod.labels" -}}
{{- include "gitea.labels" . }}
{{- if .Values.deployment.labels }}
{{ toYaml .Values.deployment.labels }}
{{- end }}
{{- end }}
{{- define "gitea.pod.selectorLabels" -}}
{{- include "gitea.selectorLabels" . }}
{{- if .Values.deployment.labels }}
{{ toYaml .Values.deployment.labels }}
{{- end }}
{{- end }}
templates/gitea/check-actions-not-present.yaml → templates/check-actions-not-present.yaml
View File
templates/gitea/config.yaml → templates/config.yaml
View File
templates/gitea/deployment.yaml → templates/deployment.yaml
+24 -56
View File
@@ -23,11 +23,11 @@ spec:
{{- end }} {{- end }}
selector: selector:
matchLabels: matchLabels:
{{- include "gitea.selectorLabels" . | nindent 6 }} {{- include "gitea.pod.selectorLabels" . | nindent 6 }}
template: template:
metadata: metadata:
annotations: annotations:
checksum/config: {{ include (print $.Template.BasePath "/gitea/config.yaml") . | sha256sum }} checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
{{- range $idx, $value := .Values.gitea.ldap }} {{- range $idx, $value := .Values.gitea.ldap }}
checksum/ldap_{{ $idx }}: {{ include "gitea.ldap_settings" (list $idx $value) | sha256sum }} checksum/ldap_{{ $idx }}: {{ include "gitea.ldap_settings" (list $idx $value) | sha256sum }}
{{- end }} {{- end }}
@@ -38,16 +38,8 @@ spec:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
labels: labels:
{{- include "gitea.labels" . | nindent 8 }} {{- include "gitea.pod.labels" . | nindent 8 }}
{{- if .Values.deployment.labels }}
{{- toYaml .Values.deployment.labels | nindent 8 }}
{{- end }}
spec: spec:
{{- $hostUsers := include "gitea.hostUsers" . | trim }}
{{- $podSecurityContext := include "gitea.podSecurityContext" . | trim }}
{{- $containerSecurityContext := include "gitea.containerSecurityContext" (list . (deepCopy .Values.containerSecurityContext)) | trim }}
{{- $commandInitContainerSecurityContext := include "gitea.commandInitContainerSecurityContext" (list . (deepCopy .Values.containerSecurityContext)) | trim }}
{{- $runtimeContainerSecurityContext := include "gitea.runtimeContainerSecurityContext" . | trim }}
{{- if .Values.schedulerName }} {{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}" schedulerName: "{{ .Values.schedulerName }}"
{{- end }} {{- end }}
@@ -57,14 +49,9 @@ spec:
{{- if .Values.priorityClassName }} {{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}" priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }} {{- end }}
{{- if $hostUsers }}
hostUsers: {{ $hostUsers }}
{{- end }}
{{- include "gitea.images.pullSecrets" . | nindent 6 }} {{- include "gitea.images.pullSecrets" . | nindent 6 }}
{{- if $podSecurityContext }}
securityContext: securityContext:
{{- $podSecurityContext | nindent 8 }} {{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- end }}
initContainers: initContainers:
{{- if .Values.preExtraInitContainers }} {{- if .Values.preExtraInitContainers }}
{{- toYaml .Values.preExtraInitContainers | nindent 8 }} {{- toYaml .Values.preExtraInitContainers | nindent 8 }}
@@ -101,25 +88,15 @@ spec:
subPath: {{ .Values.persistence.subPath }} subPath: {{ .Values.persistence.subPath }}
{{- end }} {{- end }}
{{- include "gitea.init-additional-mounts" . | nindent 12 }} {{- include "gitea.init-additional-mounts" . | nindent 12 }}
{{- if $containerSecurityContext }}
securityContext: securityContext:
{{- $containerSecurityContext | nindent 12 }} {{- toYaml .Values.containerSecurityContext | nindent 12 }}
{{- end }}
resources: resources:
{{- toYaml .Values.initContainers.resources | nindent 12 }} {{- toYaml .Values.initContainers.resources | nindent 12 }}
- name: init-app-ini - name: init-app-ini
image: "{{ include "gitea.image" . }}" image: "{{ include "gitea.image" . }}"
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.gitea.extraEnvSourceFile }}
command:
- "/bin/bash"
- "-c"
args:
- "test -f {{ .Values.gitea.extraEnvSourceFile }} && source {{ .Values.gitea.extraEnvSourceFile }} || { echo 'ERROR: Failed to source {{ .Values.gitea.extraEnvSourceFile }}'; exit 1; } && {{ .Values.initContainersScriptsVolumeMountPath }}/config_environment.sh"
{{- else }}
command: command:
- "{{ .Values.initContainersScriptsVolumeMountPath }}/config_environment.sh" - "{{ .Values.initContainersScriptsVolumeMountPath }}/config_environment.sh"
{{- end }}
env: env:
- name: GITEA_APP_INI - name: GITEA_APP_INI
value: /data/gitea/conf/app.ini value: /data/gitea/conf/app.ini
@@ -156,30 +133,23 @@ spec:
mountPath: "/env-to-ini-mounts/additionals/{{ $idx }}/" mountPath: "/env-to-ini-mounts/additionals/{{ $idx }}/"
{{- end }} {{- end }}
{{- include "gitea.init-additional-mounts" . | nindent 12 }} {{- include "gitea.init-additional-mounts" . | nindent 12 }}
{{- if $containerSecurityContext }}
securityContext: securityContext:
{{- $containerSecurityContext | nindent 12 }} {{- toYaml .Values.containerSecurityContext | nindent 12 }}
{{- end }}
resources: resources:
{{- toYaml .Values.initContainers.resources | nindent 12 }} {{- toYaml .Values.initContainers.resources | nindent 12 }}
{{- if .Values.signing.enabled }} {{- if .Values.signing.enabled }}
- name: configure-gpg - name: configure-gpg
image: "{{ include "gitea.image" . }}" image: "{{ include "gitea.image" . }}"
{{- if .Values.gitea.extraEnvSourceFile }}
command:
- "/bin/bash"
- "-c"
args:
- "test -f {{ .Values.gitea.extraEnvSourceFile }} && source {{ .Values.gitea.extraEnvSourceFile }} || { echo 'ERROR: Failed to source {{ .Values.gitea.extraEnvSourceFile }}'; exit 1; } && {{ .Values.initContainersScriptsVolumeMountPath }}/configure_gpg_environment.sh"
{{- else }}
command: command:
- "{{ .Values.initContainersScriptsVolumeMountPath }}/configure_gpg_environment.sh" - "{{ .Values.initContainersScriptsVolumeMountPath }}/configure_gpg_environment.sh"
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if $commandInitContainerSecurityContext }}
securityContext: securityContext:
{{- $commandInitContainerSecurityContext | nindent 12 }} {{- /* By default this container runs as user 1000 unless otherwise stated */ -}}
{{- end }} {{- $csc := deepCopy .Values.containerSecurityContext -}}
{{- if not (hasKey $csc "runAsUser") -}}
{{- $_ := set $csc "runAsUser" 1000 -}}
{{- end -}}
{{- toYaml $csc | nindent 12 }}
env: env:
- name: GNUPGHOME - name: GNUPGHOME
value: {{ .Values.signing.gpgHome }} value: {{ .Values.signing.gpgHome }}
@@ -204,21 +174,16 @@ spec:
{{- end }} {{- end }}
- name: configure-gitea - name: configure-gitea
image: "{{ include "gitea.image" . }}" image: "{{ include "gitea.image" . }}"
{{- if .Values.gitea.extraEnvSourceFile }}
command:
- "/bin/bash"
- "-c"
args:
- "test -f {{ .Values.gitea.extraEnvSourceFile }} && source {{ .Values.gitea.extraEnvSourceFile }} || { echo 'ERROR: Failed to source {{ .Values.gitea.extraEnvSourceFile }}'; exit 1; } && {{ .Values.initContainersScriptsVolumeMountPath }}/configure_gitea.sh"
{{- else }}
command: command:
- "{{ .Values.initContainersScriptsVolumeMountPath }}/configure_gitea.sh" - "{{ .Values.initContainersScriptsVolumeMountPath }}/configure_gitea.sh"
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if $commandInitContainerSecurityContext }}
securityContext: securityContext:
{{- $commandInitContainerSecurityContext | nindent 12 }} {{- /* By default this container runs as user 1000 unless otherwise stated */ -}}
{{- end }} {{- $csc := deepCopy .Values.containerSecurityContext -}}
{{- if not (hasKey $csc "runAsUser") -}}
{{- $_ := set $csc "runAsUser" 1000 -}}
{{- end -}}
{{- toYaml $csc | nindent 12 }}
env: env:
- name: GITEA_APP_INI - name: GITEA_APP_INI
value: /data/gitea/conf/app.ini value: /data/gitea/conf/app.ini
@@ -376,10 +341,13 @@ spec:
{{- end }} {{- end }}
resources: resources:
{{- toYaml .Values.resources | nindent 12 }} {{- toYaml .Values.resources | nindent 12 }}
{{- if $runtimeContainerSecurityContext }}
securityContext: securityContext:
{{- $runtimeContainerSecurityContext | nindent 12 }} {{- /* Honor the deprecated securityContext variable when defined */ -}}
{{- end }} {{- if .Values.containerSecurityContext -}}
{{ toYaml .Values.containerSecurityContext | nindent 12 -}}
{{- else -}}
{{ toYaml .Values.securityContext | nindent 12 -}}
{{- end }}
volumeMounts: volumeMounts:
- name: temp - name: temp
mountPath: /tmp mountPath: /tmp
templates/gitea/deprecation.yaml → templates/deprecation.yaml
View File
templates/gitea/extra-list.yaml → templates/extra-list.yaml
+2 -2
View File
@@ -1,8 +1,8 @@
{{- range .Values.extraDeploy }} {{- range .Values.extraDeploy }}
--- ---
{{- if typeIs "string" . }} {{- if typeIs "string" . }}
{{ tpl . $ }} {{- tpl . $ }}
{{- else }} {{- else }}
{{ tpl (. | toYaml) $ }} {{- tpl (. | toYaml) $ }}
{{- end }} {{- end }}
{{- end }} {{- end }}
templates/gitea/route.yaml
-52
View File
@@ -1,52 +0,0 @@
{{- if .Values.route.enabled -}}
{{- $fullName := include "gitea.fullname" . -}}
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: {{ $fullName }}
namespace: {{ .Values.namespace | default .Release.Namespace }}
labels:
{{- include "gitea.labels" . | nindent 4 }}
{{- with .Values.route.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.route.host }}
host: {{ tpl .Values.route.host . | quote }}
{{- end }}
{{- if .Values.route.path }}
path: {{ tpl .Values.route.path . | quote }}
{{- end }}
to:
kind: Service
name: {{ $fullName }}-http
port:
targetPort: http
wildcardPolicy: {{ .Values.route.wildcardPolicy }}
{{- with .Values.route.tls }}
{{- if .termination }}
tls:
termination: {{ .termination }}
{{- if .insecureEdgeTerminationPolicy }}
insecureEdgeTerminationPolicy: {{ .insecureEdgeTerminationPolicy }}
{{- end }}
{{- if .key }}
key: |
{{- .key | nindent 6 }}
{{- end }}
{{- if .certificate }}
certificate: |
{{- .certificate | nindent 6 }}
{{- end }}
{{- if .caCertificate }}
caCertificate: |
{{- .caCertificate | nindent 6 }}
{{- end }}
{{- if .destinationCACertificate }}
destinationCACertificate: |
{{- .destinationCACertificate | nindent 6 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
templates/gitea/gpg-secret.yaml → templates/gpg-secret.yaml
View File
templates/gitea/http-svc.yaml → templates/http-svc.yaml
View File
templates/gitea/ingress.yaml → templates/ingress.yaml
View File
templates/gitea/init.yaml → templates/init.yaml
+2 -2
View File
@@ -64,7 +64,7 @@ stringData:
echo 'Wait for valkey to become avialable...' echo 'Wait for valkey to become avialable...'
until [ "${RETRY}" -ge "${MAX}" ]; do until [ "${RETRY}" -ge "${MAX}" ]; do
RES_OPTIONS="ndots:0" nc -vz -w2 {{ include "valkey.servicename" . }} {{ include "valkey.port" . }} && break nc -vz -w2 {{ include "valkey.servicename" . }} {{ include "valkey.port" . }} && break
RETRY=$[${RETRY}+1] RETRY=$[${RETRY}+1]
echo "...not ready yet (${RETRY}/${MAX})" echo "...not ready yet (${RETRY}/${MAX})"
done done
@@ -123,7 +123,7 @@ stringData:
# should add it to prevent requiring frequent admin password resets. # should add it to prevent requiring frequent admin password resets.
local -a change_args local -a change_args
change_args=(--username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}") change_args=(--username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}")
if gitea admin user change-password --help | grep -F -- '--must-change-password' >/dev/null; then if gitea admin user change-password --help | grep -qF -- '--must-change-password'; then
change_args+=(--must-change-password=false) change_args+=(--must-change-password=false)
fi fi
gitea admin user change-password "${change_args[@]}" gitea admin user change-password "${change_args[@]}"
templates/gitea/metrics-secret.yaml → templates/metrics-secret.yaml
View File
templates/networkPolicy.yaml
+32
View File
@@ -0,0 +1,32 @@
{{- if .Values.networkPolicy.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
{{- with (include "gitea.networkPolicy.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "gitea.networkPolicy.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "gitea.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
podSelector:
matchLabels:
{{- include "gitea.pod.selectorLabels" $ | nindent 6 }}
{{- with .Values.networkPolicy.policyTypes }}
policyTypes:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.networkPolicy.egress }}
egress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.networkPolicy.ingress }}
ingress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
templates/gitea/poddisruptionbudget.yaml → templates/poddisruptionbudget.yaml
View File
templates/gitea/pvc.yaml → templates/pvc.yaml
View File
templates/gitea/serviceaccount.yaml → templates/serviceaccount.yaml
View File
templates/gitea/servicemonitor.yaml → templates/servicemonitor.yaml
View File
templates/gitea/ssh-svc.yaml → templates/ssh-svc.yaml
View File
templates/tests/test-http-connection.yaml
-9
View File
@@ -9,18 +9,9 @@ metadata:
annotations: annotations:
"helm.sh/hook": test-success "helm.sh/hook": test-success
spec: spec:
{{- $hostUsers := include "gitea.hostUsers" . | trim }}
{{- $testContainerSecurityContext := include "gitea.containerSecurityContext" (list . (dict)) | trim }}
{{- if $hostUsers }}
hostUsers: {{ $hostUsers }}
{{- end }}
containers: containers:
- name: wget - name: wget
image: "{{ .Values.test.image.name }}:{{ .Values.test.image.tag }}" image: "{{ .Values.test.image.name }}:{{ .Values.test.image.tag }}"
{{- if $testContainerSecurityContext }}
securityContext:
{{- $testContainerSecurityContext | nindent 8 }}
{{- end }}
command: ['wget'] command: ['wget']
args: ['{{ include "gitea.fullname" . }}-http:{{ .Values.service.http.port }}'] args: ['{{ include "gitea.fullname" . }}-http:{{ .Values.service.http.port }}']
restartPolicy: Never restartPolicy: Never
unittests/bash/bats
+1 -1
Submodule unittests/bash/bats updated: 5f12b31721...855844b834
unittests/bash/test_helper/bats-assert
+1 -1
Submodule unittests/bash/test_helper/bats-assert updated: 697471b7a8...3be0fb7856
unittests/bash/test_helper/bats-mock
+1 -1
Submodule unittests/bash/test_helper/bats-mock updated: 9c239d6a10...9d8aa349f1
unittests/bash/tests/init-containers/config/config_environment.bats
+25 -49
View File
@@ -9,51 +9,27 @@ function setup() {
export GITEA_APP_INI="$BATS_TEST_TMPDIR/app.ini" export GITEA_APP_INI="$BATS_TEST_TMPDIR/app.ini"
export TMP_EXISTING_ENVS_FILE="$BATS_TEST_TMPDIR/existing-envs" export TMP_EXISTING_ENVS_FILE="$BATS_TEST_TMPDIR/existing-envs"
export ENV_TO_INI_MOUNT_POINT="$BATS_TEST_TMPDIR/env-to-ini-mounts" export ENV_TO_INI_MOUNT_POINT="$BATS_TEST_TMPDIR/env-to-ini-mounts"
export GITEA_EDIT_INI_EXPECTED=0
export PATH="$BATS_TEST_TMPDIR/bin:$PATH"
mkdir -p "$BATS_TEST_TMPDIR/bin" stub gitea \
cat >"$BATS_TEST_TMPDIR/bin/gitea" <<'EOF' "generate secret INTERNAL_TOKEN : echo 'mocked-internal-token'" \
#!/usr/bin/env bash "generate secret SECRET_KEY : echo 'mocked-secret-key'" \
set -euo pipefail "generate secret JWT_SECRET : echo 'mocked-jwt-secret'" \
"generate secret LFS_JWT_SECRET : echo 'mocked-lfs-jwt-secret'"
case "$*" in
'generate secret INTERNAL_TOKEN')
echo 'mocked-internal-token'
;;
'generate secret SECRET_KEY')
echo 'mocked-secret-key'
;;
'generate secret JWT_SECRET')
echo 'mocked-jwt-secret'
;;
'generate secret LFS_JWT_SECRET')
echo 'mocked-lfs-jwt-secret'
;;
"config edit-ini --apply-env --config $GITEA_APP_INI --out $GITEA_APP_INI")
if [ "$GITEA_EDIT_INI_EXPECTED" -eq 1 ]; then
echo 'Stubbed gitea config edit-ini was called!'
exit 0
fi
echo 'Unexpected gitea config edit-ini invocation' >&2
exit 127
;;
*)
echo "Unexpected gitea invocation: $*" >&2
exit 127
;;
esac
EOF
chmod +x "$BATS_TEST_TMPDIR/bin/gitea"
} }
function teardown() { function teardown() {
: unstub gitea
# This condition exists due to https://github.com/jasonkarns/bats-mock/pull/37 being still open
if [ $ENV_TO_INI_EXPECTED -eq 1 ]; then
unstub environment-to-ini
fi
} }
function expect_gitea_config_edit_ini_call() { # This function exists due to https://github.com/jasonkarns/bats-mock/pull/37 being still open
export GITEA_EDIT_INI_EXPECTED=1 function expect_environment_to_ini_call() {
export ENV_TO_INI_EXPECTED=1
stub environment-to-ini \
"-o $GITEA_APP_INI : echo 'Stubbed environment-to-ini was called!'"
} }
function execute_test_script() { function execute_test_script() {
@@ -80,18 +56,18 @@ function write_mounted_file() {
} }
@test "works as expected when nothing is configured" { @test "works as expected when nothing is configured" {
expect_gitea_config_edit_ini_call expect_environment_to_ini_call
run $PROJECT_ROOT/scripts/init-containers/config/config_environment.sh run $PROJECT_ROOT/scripts/init-containers/config/config_environment.sh
assert_success assert_success
assert_line '...Initial secrets generated' assert_line '...Initial secrets generated'
assert_line 'Reloading preset envs...' assert_line 'Reloading preset envs...'
assert_line '=== All configuration sources loaded ===' assert_line '=== All configuration sources loaded ==='
assert_line 'Stubbed gitea config edit-ini was called!' assert_line 'Stubbed environment-to-ini was called!'
} }
@test "exports initial secrets" { @test "exports initial secrets" {
expect_gitea_config_edit_ini_call expect_environment_to_ini_call
run execute_test_script run execute_test_script
assert_success assert_success
@@ -102,7 +78,7 @@ function write_mounted_file() {
} }
@test "does NOT export initial secrets when app.ini already exists" { @test "does NOT export initial secrets when app.ini already exists" {
expect_gitea_config_edit_ini_call expect_environment_to_ini_call
touch $GITEA_APP_INI touch $GITEA_APP_INI
run execute_test_script run execute_test_script
@@ -116,7 +92,7 @@ function write_mounted_file() {
} }
@test "ensures that preset environment variables take precedence over auto-generated ones" { @test "ensures that preset environment variables take precedence over auto-generated ones" {
expect_gitea_config_edit_ini_call expect_environment_to_ini_call
export GITEA__OAUTH2__JWT_SECRET="pre-defined-jwt-secret" export GITEA__OAUTH2__JWT_SECRET="pre-defined-jwt-secret"
run execute_test_script run execute_test_script
@@ -126,7 +102,7 @@ function write_mounted_file() {
} }
@test "ensures that preset environment variables take precedence over mounted ones" { @test "ensures that preset environment variables take precedence over mounted ones" {
expect_gitea_config_edit_ini_call expect_environment_to_ini_call
export GITEA__OAUTH2__JWT_SECRET="pre-defined-jwt-secret" export GITEA__OAUTH2__JWT_SECRET="pre-defined-jwt-secret"
write_mounted_file "inlines" "oauth2" "$(cat << EOF write_mounted_file "inlines" "oauth2" "$(cat << EOF
JWT_SECRET=inline-jwt-secret JWT_SECRET=inline-jwt-secret
@@ -141,7 +117,7 @@ EOF
} }
@test "ensures that additionals take precedence over inlines" { @test "ensures that additionals take precedence over inlines" {
expect_gitea_config_edit_ini_call expect_environment_to_ini_call
write_mounted_file "inlines" "oauth2" "$(cat << EOF write_mounted_file "inlines" "oauth2" "$(cat << EOF
JWT_SECRET=inline-jwt-secret JWT_SECRET=inline-jwt-secret
EOF EOF
@@ -160,7 +136,7 @@ EOF
} }
@test "ensures that dotted/dashed sections are properly masked" { @test "ensures that dotted/dashed sections are properly masked" {
expect_gitea_config_edit_ini_call expect_environment_to_ini_call
write_mounted_file "inlines" "repository.pull-request" "$(cat << EOF write_mounted_file "inlines" "repository.pull-request" "$(cat << EOF
WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP] WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]
EOF EOF
@@ -176,7 +152,7 @@ EOF
##### THIS IS A BUG, BUT I WANT IT TO BE COVERED BY TESTS ##### ##### THIS IS A BUG, BUT I WANT IT TO BE COVERED BY TESTS #####
############################################################### ###############################################################
@test "ensures uppercase section and setting names (🐞)" { @test "ensures uppercase section and setting names (🐞)" {
expect_gitea_config_edit_ini_call expect_environment_to_ini_call
export GITEA__oauth2__JwT_Secret="pre-defined-jwt-secret" export GITEA__oauth2__JwT_Secret="pre-defined-jwt-secret"
write_mounted_file "inlines" "repository.pull-request" "$(cat << EOF write_mounted_file "inlines" "repository.pull-request" "$(cat << EOF
WORK_IN_progress_PREFIXES=WIP:,[WIP] WORK_IN_progress_PREFIXES=WIP:,[WIP]
@@ -191,7 +167,7 @@ EOF
} }
@test "treats top-level configuration as section-less" { @test "treats top-level configuration as section-less" {
expect_gitea_config_edit_ini_call expect_environment_to_ini_call
write_mounted_file "inlines" "_generals_" "$(cat << EOF write_mounted_file "inlines" "_generals_" "$(cat << EOF
APP_NAME=Hello top-level configuration APP_NAME=Hello top-level configuration
RUN_MODE=dev RUN_MODE=dev
unittests/helm/config/actions-config.yaml
+3 -3
View File
@@ -3,17 +3,17 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/config.yaml - templates/config.yaml
tests: tests:
- it: "actions are enabled by default (based on vanilla Gitea behavior)" - it: "actions are enabled by default (based on vanilla Gitea behavior)"
template: templates/gitea/config.yaml template: templates/config.yaml
asserts: asserts:
- documentIndex: 0 - documentIndex: 0
notExists: notExists:
path: stringData.actions path: stringData.actions
- it: "actions can be disabled via inline config" - it: "actions can be disabled via inline config"
template: templates/gitea/config.yaml template: templates/config.yaml
set: set:
gitea.config.actions.ENABLED: false gitea.config.actions.ENABLED: false
asserts: asserts:
unittests/helm/config/cache-config.yaml
+5 -5
View File
@@ -4,7 +4,7 @@ release:
namespace: testing namespace: testing
tests: tests:
- it: "cache is configured correctly for valkey-cluster" - it: "cache is configured correctly for valkey-cluster"
template: templates/gitea/config.yaml template: templates/config.yaml
set: set:
valkey-cluster: valkey-cluster:
enabled: true enabled: true
@@ -19,7 +19,7 @@ tests:
HOST=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& HOST=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
- it: "cache is configured correctly for valkey" - it: "cache is configured correctly for valkey"
template: templates/gitea/config.yaml template: templates/config.yaml
set: set:
valkey-cluster: valkey-cluster:
enabled: false enabled: false
@@ -31,10 +31,10 @@ tests:
path: stringData.cache path: stringData.cache
value: |- value: |-
ADAPTER=redis ADAPTER=redis
HOST=redis://:changeme@gitea-unittests-valkey-primary.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& HOST=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
- it: "cache is configured correctly for 'memory' when valkey (or valkey-cluster) is disabled" - it: "cache is configured correctly for 'memory' when valkey (or valkey-cluster) is disabled"
template: templates/gitea/config.yaml template: templates/config.yaml
set: set:
valkey-cluster: valkey-cluster:
enabled: false enabled: false
@@ -49,7 +49,7 @@ tests:
HOST= HOST=
- it: "cache can be customized when valkey (or valkey-cluster) is disabled" - it: "cache can be customized when valkey (or valkey-cluster) is disabled"
template: templates/gitea/config.yaml template: templates/config.yaml
set: set:
valkey-cluster: valkey-cluster:
enabled: false enabled: false
unittests/helm/config/config-environment-script.yaml
-14
View File
@@ -1,14 +0,0 @@
suite: config template | config_environment.sh
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/config.yaml
tests:
- it: uses `gitea config edit-ini` to write app.ini from environment variables
template: templates/gitea/config.yaml
asserts:
- documentIndex: 1
matchRegex:
path: stringData["config_environment.sh"]
pattern: 'gitea config edit-ini --apply-env --config .+GITEA_APP_INI.+ --out .+GITEA_APP_INI'
unittests/helm/config/metrics-section_metrics-token.yaml
+4 -4
View File
@@ -4,7 +4,7 @@ release:
namespace: testing namespace: testing
tests: tests:
- it: metrics token is set - it: metrics token is set
template: templates/gitea/config.yaml template: templates/config.yaml
set: set:
gitea: gitea:
metrics: metrics:
@@ -18,7 +18,7 @@ tests:
ENABLED=true ENABLED=true
TOKEN=somepassword TOKEN=somepassword
- it: metrics token is empty - it: metrics token is empty
template: templates/gitea/config.yaml template: templates/config.yaml
set: set:
gitea: gitea:
metrics: metrics:
@@ -31,7 +31,7 @@ tests:
value: |- value: |-
ENABLED=true ENABLED=true
- it: metrics token is nil - it: metrics token is nil
template: templates/gitea/config.yaml template: templates/config.yaml
set: set:
gitea: gitea:
metrics: metrics:
@@ -44,7 +44,7 @@ tests:
value: |- value: |-
ENABLED=true ENABLED=true
- it: does not configures a token if metrics are disabled - it: does not configures a token if metrics are disabled
template: templates/gitea/config.yaml template: templates/config.yaml
set: set:
gitea: gitea:
metrics: metrics:
unittests/helm/config/queue-config.yaml
+5 -5
View File
@@ -4,7 +4,7 @@ release:
namespace: testing namespace: testing
tests: tests:
- it: "queue is configured correctly for valkey-cluster" - it: "queue is configured correctly for valkey-cluster"
template: templates/gitea/config.yaml template: templates/config.yaml
set: set:
valkey-cluster: valkey-cluster:
enabled: true enabled: true
@@ -19,7 +19,7 @@ tests:
TYPE=redis TYPE=redis
- it: "queue is configured correctly for valkey" - it: "queue is configured correctly for valkey"
template: templates/gitea/config.yaml template: templates/config.yaml
set: set:
valkey-cluster: valkey-cluster:
enabled: false enabled: false
@@ -30,11 +30,11 @@ tests:
equal: equal:
path: stringData.queue path: stringData.queue
value: |- value: |-
CONN_STR=redis://:changeme@gitea-unittests-valkey-primary.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& CONN_STR=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
TYPE=redis TYPE=redis
- it: "queue is configured correctly for 'levelDB' when valkey (and valkey-cluster) is disabled" - it: "queue is configured correctly for 'levelDB' when valkey (and valkey-cluster) is disabled"
template: templates/gitea/config.yaml template: templates/config.yaml
set: set:
valkey-cluster: valkey-cluster:
enabled: false enabled: false
@@ -49,7 +49,7 @@ tests:
TYPE=level TYPE=level
- it: "queue can be customized when valkey (and valkey-cluster) are disabled" - it: "queue can be customized when valkey (and valkey-cluster) are disabled"
template: templates/gitea/config.yaml template: templates/config.yaml
set: set:
valkey-cluster: valkey-cluster:
enabled: false enabled: false
unittests/helm/config/server-section_domain.yaml
+3 -41
View File
@@ -4,7 +4,7 @@ release:
namespace: testing namespace: testing
tests: tests:
- it: "[default values] uses ingress host for DOMAIN|SSH_DOMAIN|ROOT_URL" - it: "[default values] uses ingress host for DOMAIN|SSH_DOMAIN|ROOT_URL"
template: templates/gitea/config.yaml template: templates/config.yaml
asserts: asserts:
- documentIndex: 0 - documentIndex: 0
matchRegex: matchRegex:
@@ -22,7 +22,7 @@ tests:
################################################ ################################################
- it: "[no ingress hosts] uses gitea http service for DOMAIN|SSH_DOMAIN|ROOT_URL" - it: "[no ingress hosts] uses gitea http service for DOMAIN|SSH_DOMAIN|ROOT_URL"
template: templates/gitea/config.yaml template: templates/config.yaml
set: set:
ingress: ingress:
hosts: [] hosts: []
@@ -43,7 +43,7 @@ tests:
################################################ ################################################
- it: "[provided via values] uses that for DOMAIN|SSH_DOMAIN|ROOT_URL" - it: "[provided via values] uses that for DOMAIN|SSH_DOMAIN|ROOT_URL"
template: templates/gitea/config.yaml template: templates/config.yaml
set: set:
gitea.config.server.DOMAIN: provided.example.com gitea.config.server.DOMAIN: provided.example.com
ingress: ingress:
@@ -65,41 +65,3 @@ tests:
matchRegex: matchRegex:
path: stringData.server path: stringData.server
pattern: \nROOT_URL=http://provided.example.com pattern: \nROOT_URL=http://provided.example.com
################################################
- it: "[route enabled] uses route host for DOMAIN|SSH_DOMAIN|ROOT_URL"
template: templates/gitea/config.yaml
set:
route:
enabled: true
host: route.example.com
asserts:
- documentIndex: 0
matchRegex:
path: stringData.server
pattern: \nDOMAIN=route.example.com
- documentIndex: 0
matchRegex:
path: stringData.server
pattern: \nSSH_DOMAIN=route.example.com
- documentIndex: 0
matchRegex:
path: stringData.server
pattern: \nROOT_URL=http://route.example.com
################################################
- it: "[route tls termination] uses https for ROOT_URL"
template: templates/gitea/config.yaml
set:
route:
enabled: true
host: route.example.com
tls:
termination: edge
asserts:
- documentIndex: 0
matchRegex:
path: stringData.server
pattern: \nROOT_URL=https://route.example.com
unittests/helm/config/session-config.yaml
+5 -5
View File
@@ -4,7 +4,7 @@ release:
namespace: testing namespace: testing
tests: tests:
- it: "session is configured correctly for valkey-cluster" - it: "session is configured correctly for valkey-cluster"
template: templates/gitea/config.yaml template: templates/config.yaml
set: set:
valkey-cluster: valkey-cluster:
enabled: true enabled: true
@@ -19,7 +19,7 @@ tests:
PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
- it: "session is configured correctly for valkey" - it: "session is configured correctly for valkey"
template: templates/gitea/config.yaml template: templates/config.yaml
set: set:
valkey-cluster: valkey-cluster:
enabled: false enabled: false
@@ -31,10 +31,10 @@ tests:
path: stringData.session path: stringData.session
value: |- value: |-
PROVIDER=redis PROVIDER=redis
PROVIDER_CONFIG=redis://:changeme@gitea-unittests-valkey-primary.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& PROVIDER_CONFIG=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
- it: "session is configured correctly for 'memory' when valkey (and valkey-cluster) is disabled" - it: "session is configured correctly for 'memory' when valkey (and valkey-cluster) is disabled"
template: templates/gitea/config.yaml template: templates/config.yaml
set: set:
valkey-cluster: valkey-cluster:
enabled: false enabled: false
@@ -49,7 +49,7 @@ tests:
PROVIDER_CONFIG= PROVIDER_CONFIG=
- it: "session can be customized when valkey (and valkey-cluster) is disabled" - it: "session can be customized when valkey (and valkey-cluster) is disabled"
template: templates/gitea/config.yaml template: templates/config.yaml
set: set:
valkey-cluster: valkey-cluster:
enabled: false enabled: false
unittests/helm/dependency-checks/customization-integrity-postgresql-ha.yaml
+2 -2
View File
@@ -106,14 +106,14 @@ tests:
name: gitea-unittests-postgresql-ha-pgpool name: gitea-unittests-postgresql-ha-pgpool
namespace: testing namespace: testing
- it: "[gitea] connects to pgpool service" - it: "[gitea] connects to pgpool service"
template: templates/gitea/config.yaml template: templates/config.yaml
asserts: asserts:
- documentIndex: 0 - documentIndex: 0
matchRegex: matchRegex:
path: stringData.database path: stringData.database
pattern: HOST=gitea-unittests-postgresql-ha-pgpool.testing.svc.cluster.local:1234 pattern: HOST=gitea-unittests-postgresql-ha-pgpool.testing.svc.cluster.local:1234
- it: "[gitea] connects to configured database" - it: "[gitea] connects to configured database"
template: templates/gitea/config.yaml template: templates/config.yaml
asserts: asserts:
- documentIndex: 0 - documentIndex: 0
matchRegex: matchRegex:
unittests/helm/dependency-checks/customization-integrity-postgresql.yaml
+2 -2
View File
@@ -65,14 +65,14 @@ tests:
name: gitea-unittests-postgresql name: gitea-unittests-postgresql
namespace: testing namespace: testing
- it: "[gitea] connects to postgresql service" - it: "[gitea] connects to postgresql service"
template: templates/gitea/config.yaml template: templates/config.yaml
asserts: asserts:
- documentIndex: 0 - documentIndex: 0
matchRegex: matchRegex:
path: stringData.database path: stringData.database
pattern: HOST=gitea-unittests-postgresql.testing.svc.cluster.local:1234 pattern: HOST=gitea-unittests-postgresql.testing.svc.cluster.local:1234
- it: "[gitea] connects to configured database" - it: "[gitea] connects to configured database"
template: templates/gitea/config.yaml template: templates/config.yaml
asserts: asserts:
- documentIndex: 0 - documentIndex: 0
matchRegex: matchRegex:
unittests/helm/dependency-checks/customization-integrity-valkey-cluster.yaml
+2 -2
View File
@@ -82,9 +82,9 @@ tests:
port: 6379 port: 6379
targetPort: tcp-redis targetPort: tcp-redis
- it: "[gitea] waits for valkey-cluster to be up and running" - it: "[gitea] waits for valkey-cluster to be up and running"
template: templates/gitea/init.yaml template: templates/init.yaml
asserts: asserts:
- documentIndex: 0 - documentIndex: 0
matchRegex: matchRegex:
path: stringData["configure_gitea.sh"] path: stringData["configure_gitea.sh"]
pattern: nc -vz -w2 gitea-unittests-valkey-cluster-headless.testing.svc 6379 pattern: nc -vz -w2 gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local 6379
unittests/helm/dependency-checks/customization-integrity-valkey.yaml
+4 -5
View File
@@ -29,25 +29,24 @@ tests:
path: data["valkey-password"] path: data["valkey-password"]
value: "Z2l0ZWEtcGFzc3dvcmQ=" value: "Z2l0ZWEtcGFzc3dvcmQ="
- it: "[valkey] renders the referenced service" - it: "[valkey] renders the referenced service"
template: charts/valkey/templates/primary/service.yaml template: charts/valkey/templates/headless-svc.yaml
asserts: asserts:
- containsDocument: - containsDocument:
kind: Service kind: Service
apiVersion: v1 apiVersion: v1
name: gitea-unittests-valkey-primary name: gitea-unittests-valkey-headless
namespace: testing namespace: testing
- documentIndex: 0 - documentIndex: 0
contains: contains:
path: spec.ports path: spec.ports
content: content:
name: tcp-redis name: tcp-redis
nodePort: null
port: 6379 port: 6379
targetPort: redis targetPort: redis
- it: "[gitea] waits for valkey to be up and running" - it: "[gitea] waits for valkey to be up and running"
template: templates/gitea/init.yaml template: templates/init.yaml
asserts: asserts:
- documentIndex: 0 - documentIndex: 0
matchRegex: matchRegex:
path: stringData["configure_gitea.sh"] path: stringData["configure_gitea.sh"]
pattern: nc -vz -w2 gitea-unittests-valkey-primary.testing.svc 6379 pattern: nc -vz -w2 gitea-unittests-valkey-headless.testing.svc.cluster.local 6379
unittests/helm/dependency-checks/major-image-bump.yaml
+4 -4
View File
@@ -15,7 +15,7 @@ tests:
matchRegex: matchRegex:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
pattern: bitnamilegacy/postgresql-repmgr:17.+$ pattern: bitnami/postgresql-repmgr:17.+$
- it: "[postgresql] ensures we detect major image version upgrades" - it: "[postgresql] ensures we detect major image version upgrades"
template: charts/postgresql/templates/primary/statefulset.yaml template: charts/postgresql/templates/primary/statefulset.yaml
set: set:
@@ -28,7 +28,7 @@ tests:
matchRegex: matchRegex:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
pattern: bitnamilegacy/postgresql:17.+$ pattern: bitnami/postgresql:17.+$
- it: "[valkey-cluster] ensures we detect major image version upgrades" - it: "[valkey-cluster] ensures we detect major image version upgrades"
template: charts/valkey-cluster/templates/valkey-statefulset.yaml template: charts/valkey-cluster/templates/valkey-statefulset.yaml
set: set:
@@ -41,7 +41,7 @@ tests:
matchRegex: matchRegex:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
pattern: bitnamilegacy/valkey-cluster:8.+$ pattern: bitnami/valkey-cluster:8.+$
- it: "[valkey] ensures we detect major image version upgrades" - it: "[valkey] ensures we detect major image version upgrades"
template: charts/valkey/templates/primary/application.yaml template: charts/valkey/templates/primary/application.yaml
set: set:
@@ -54,4 +54,4 @@ tests:
matchRegex: matchRegex:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
pattern: bitnamilegacy/valkey:8.+$ pattern: bitnami/valkey:8.+$
unittests/helm/deployment/HA.yaml
+6 -6
View File
@@ -3,11 +3,11 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/deployment.yaml - templates/deployment.yaml
- templates/gitea/config.yaml - templates/config.yaml
tests: tests:
- it: fails with multiple replicas and "GIT_GC_REPOS" enabled - it: fails with multiple replicas and "GIT_GC_REPOS" enabled
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
replicaCount: 2 replicaCount: 2
persistence: persistence:
@@ -22,14 +22,14 @@ tests:
- failedTemplate: - failedTemplate:
errorMessage: "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'gitea.config.cron.GIT_GC_REPOS.enabled = false'." errorMessage: "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'gitea.config.cron.GIT_GC_REPOS.enabled = false'."
- it: fails with multiple replicas and RWX file system not set - it: fails with multiple replicas and RWX file system not set
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
replicaCount: 2 replicaCount: 2
asserts: asserts:
- failedTemplate: - failedTemplate:
errorMessage: "When using multiple replicas, a RWX file system is required and persistence.accessModes[0] must be set to ReadWriteMany." errorMessage: "When using multiple replicas, a RWX file system is required and persistence.accessModes[0] must be set to ReadWriteMany."
- it: fails with multiple replicas and bleve issue indexer - it: fails with multiple replicas and bleve issue indexer
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
replicaCount: 2 replicaCount: 2
persistence: persistence:
@@ -43,7 +43,7 @@ tests:
- failedTemplate: - failedTemplate:
errorMessage: "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." errorMessage: "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)."
- it: fails with multiple replicas and bleve repo indexer - it: fails with multiple replicas and bleve repo indexer
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
replicaCount: 2 replicaCount: 2
persistence: persistence:
unittests/helm/deployment/basic.yaml
+11 -27
View File
@@ -3,11 +3,11 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/deployment.yaml - templates/deployment.yaml
- templates/gitea/config.yaml - templates/config.yaml
tests: tests:
- it: renders a deployment - it: renders a deployment
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 1 count: 1
@@ -16,7 +16,7 @@ tests:
apiVersion: apps/v1 apiVersion: apps/v1
name: gitea-unittests name: gitea-unittests
- it: deployment labels are set - it: deployment labels are set
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
deployment.labels: deployment.labels:
hello: world hello: world
@@ -29,27 +29,11 @@ tests:
path: spec.template.metadata.labels path: spec.template.metadata.labels
content: content:
hello: world hello: world
- isNotSubset:
path: spec.selector.matchLabels
content:
hello: world
- it: deployment labels are not in selector matchLabels
template: templates/gitea/deployment.yaml
set:
deployment.labels:
custom-label: custom-value
another-label: another-value
asserts:
- equal:
path: spec.selector.matchLabels
value:
app.kubernetes.io/name: gitea
app.kubernetes.io/instance: gitea-unittests
- it: nodeSelector is undefined - it: nodeSelector is undefined
asserts: asserts:
- notExists: - notExists:
path: spec.template.spec.nodeSelector path: spec.template.spec.nodeSelector
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
- it: nodeSelector is defined - it: nodeSelector is defined
set: set:
nodeSelector: nodeSelector:
@@ -61,10 +45,10 @@ tests:
content: content:
foo: bar foo: bar
bar: foo bar: foo
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
- it: "injects TMP_EXISTING_ENVS_FILE as environment variable to 'init-app-ini' init container" - it: "injects TMP_EXISTING_ENVS_FILE as environment variable to 'init-app-ini' init container"
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
asserts: asserts:
- contains: - contains:
path: spec.template.spec.initContainers[1].env path: spec.template.spec.initContainers[1].env
@@ -72,7 +56,7 @@ tests:
name: TMP_EXISTING_ENVS_FILE name: TMP_EXISTING_ENVS_FILE
value: /tmp/existing-envs value: /tmp/existing-envs
- it: "injects ENV_TO_INI_MOUNT_POINT as environment variable to 'init-app-ini' init container" - it: "injects ENV_TO_INI_MOUNT_POINT as environment variable to 'init-app-ini' init container"
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
asserts: asserts:
- contains: - contains:
path: spec.template.spec.initContainers[1].env path: spec.template.spec.initContainers[1].env
@@ -80,7 +64,7 @@ tests:
name: ENV_TO_INI_MOUNT_POINT name: ENV_TO_INI_MOUNT_POINT
value: /env-to-ini-mounts value: /env-to-ini-mounts
- it: CPU resources are defined as well as GOMAXPROCS - it: CPU resources are defined as well as GOMAXPROCS
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
resources: resources:
limits: limits:
@@ -108,7 +92,7 @@ tests:
cpu: 100ms cpu: 100ms
memory: 100Mi memory: 100Mi
- it: Init containers have correct volumeMount path - it: Init containers have correct volumeMount path
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
initContainersScriptsVolumeMountPath: "/custom/init/path" initContainersScriptsVolumeMountPath: "/custom/init/path"
asserts: asserts:
@@ -119,7 +103,7 @@ tests:
path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="config")].mountPath path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="config")].mountPath
value: "/custom/init/path" value: "/custom/init/path"
- it: Init containers have correct volumeMount path if there is no override - it: Init containers have correct volumeMount path if there is no override
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
asserts: asserts:
- equal: - equal:
path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="init")].mountPath path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="init")].mountPath
unittests/helm/deployment/deployment-additional-config.yaml
+7 -7
View File
@@ -3,11 +3,11 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/deployment.yaml - templates/deployment.yaml
- templates/gitea/config.yaml - templates/config.yaml
tests: tests:
- it: Renders a deployment - it: Renders a deployment
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 1 count: 1
@@ -16,7 +16,7 @@ tests:
apiVersion: apps/v1 apiVersion: apps/v1
name: gitea-unittests name: gitea-unittests
- it: Deployment with empty additionalConfigFromEnvs - it: Deployment with empty additionalConfigFromEnvs
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
gitea.additionalConfigFromEnvs: [] gitea.additionalConfigFromEnvs: []
asserts: asserts:
@@ -44,7 +44,7 @@ tests:
- name: ENV_TO_INI_MOUNT_POINT - name: ENV_TO_INI_MOUNT_POINT
value: /env-to-ini-mounts value: /env-to-ini-mounts
- it: Deployment with standard additionalConfigFromEnvs - it: Deployment with standard additionalConfigFromEnvs
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
gitea.additionalConfigFromEnvs: [{name: GITEA_database_HOST, value: my-db:123}, {name: GITEA_database_USER, value: my-user}] gitea.additionalConfigFromEnvs: [{name: GITEA_database_HOST, value: my-db:123}, {name: GITEA_database_USER, value: my-user}]
asserts: asserts:
@@ -76,7 +76,7 @@ tests:
- name: GITEA_database_USER - name: GITEA_database_USER
value: my-user value: my-user
- it: Deployment with templated additionalConfigFromEnvs - it: Deployment with templated additionalConfigFromEnvs
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
gitea.misc.host: my-db-host:321 gitea.misc.host: my-db-host:321
gitea.misc.user: my-db-user gitea.misc.user: my-db-user
@@ -110,7 +110,7 @@ tests:
- name: GITEA_database_USER - name: GITEA_database_USER
value: my-db-user value: my-db-user
- it: Deployment with additionalConfigFromEnvs templated secret name - it: Deployment with additionalConfigFromEnvs templated secret name
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
gitea.misc.existingSecret: my-db-secret gitea.misc.existingSecret: my-db-secret
gitea.additionalConfigFromEnvs[0]: gitea.additionalConfigFromEnvs[0]:
unittests/helm/deployment/extraEnvSourceFile.yaml
-82
View File
@@ -1,82 +0,0 @@
suite: deployment template (extraEnvSourceFile)
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/deployment.yaml
- templates/gitea/config.yaml
tests:
- it: uses direct execution when extraEnvSourceFile is not set
template: templates/gitea/deployment.yaml
asserts:
- equal:
path: spec.template.spec.initContainers[1].command
value: ["/usr/sbinx/config_environment.sh"]
- notExists:
path: spec.template.spec.initContainers[1].args
- equal:
path: spec.template.spec.initContainers[2].command
value: ["/usr/sbinx/configure_gitea.sh"]
- notExists:
path: spec.template.spec.initContainers[2].args
- it: sources env file in init-app-ini when extraEnvSourceFile is set
template: templates/gitea/deployment.yaml
set:
gitea:
extraEnvSourceFile: /vault/secrets/gitea
asserts:
- equal:
path: spec.template.spec.initContainers[1].command
value: ["/bin/bash", "-c"]
- matchRegex:
path: spec.template.spec.initContainers[1].args[0]
pattern: source /vault/secrets/gitea
- matchRegex:
path: spec.template.spec.initContainers[1].args[0]
pattern: config_environment\.sh
- it: sources env file in configure-gitea when extraEnvSourceFile is set
template: templates/gitea/deployment.yaml
set:
gitea:
extraEnvSourceFile: /vault/secrets/gitea
asserts:
- equal:
path: spec.template.spec.initContainers[2].command
value: ["/bin/bash", "-c"]
- matchRegex:
path: spec.template.spec.initContainers[2].args[0]
pattern: source /vault/secrets/gitea
- matchRegex:
path: spec.template.spec.initContainers[2].args[0]
pattern: configure_gitea\.sh
- it: sources env file in configure-gpg when extraEnvSourceFile is set with signing enabled
template: templates/gitea/deployment.yaml
set:
signing:
enabled: true
existingSecret: "custom-gpg-secret"
gitea:
extraEnvSourceFile: /vault/secrets/gitea
asserts:
- equal:
path: spec.template.spec.initContainers[2].command
value: ["/bin/bash", "-c"]
- matchRegex:
path: spec.template.spec.initContainers[2].args[0]
pattern: source /vault/secrets/gitea
- matchRegex:
path: spec.template.spec.initContainers[2].args[0]
pattern: configure_gpg_environment\.sh
- it: includes file existence check in source command
template: templates/gitea/deployment.yaml
set:
gitea:
extraEnvSourceFile: /vault/secrets/gitea
asserts:
- matchRegex:
path: spec.template.spec.initContainers[1].args[0]
pattern: "test -f /vault/secrets/gitea"
unittests/helm/deployment/extraInitContainers.yaml
+10 -10
View File
@@ -3,18 +3,18 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/deployment.yaml - templates/deployment.yaml
- templates/gitea/config.yaml - templates/config.yaml
tests: tests:
- it: Render the deployment (default) - it: Render the deployment (default)
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 1 count: 1
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
- lengthEqual: - lengthEqual:
path: spec.template.spec.initContainers path: spec.template.spec.initContainers
count: 3 count: 3
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
- it: Render the deployment (signing) - it: Render the deployment (signing)
set: set:
@@ -22,11 +22,11 @@ tests:
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 1 count: 1
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
- lengthEqual: - lengthEqual:
path: spec.template.spec.initContainers path: spec.template.spec.initContainers
count: 4 count: 4
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
- it: Render the deployment (extraInitContainers) - it: Render the deployment (extraInitContainers)
set: set:
@@ -40,20 +40,20 @@ tests:
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 1 count: 1
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
- lengthEqual: - lengthEqual:
path: spec.template.spec.initContainers path: spec.template.spec.initContainers
count: 6 count: 6
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.initContainers path: spec.template.spec.initContainers
content: content:
name: foo name: foo
image: docker.io/library/busybox:latest image: docker.io/library/busybox:latest
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.initContainers path: spec.template.spec.initContainers
content: content:
name: bar name: bar
image: docker.io/library/busybox:latest image: docker.io/library/busybox:latest
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
unittests/helm/deployment/image-configuration.yaml
+12 -12
View File
@@ -6,17 +6,17 @@ chart:
# Override appVersion to be consistent with used digest :) # Override appVersion to be consistent with used digest :)
appVersion: 1.19.3 appVersion: 1.19.3
templates: templates:
- templates/gitea/deployment.yaml - templates/deployment.yaml
- templates/gitea/config.yaml - templates/config.yaml
tests: tests:
- it: default values - it: default values
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
asserts: asserts:
- equal: - equal:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: "docker.gitea.com/gitea:1.19.3-rootless" value: "docker.gitea.com/gitea:1.19.3-rootless"
- it: tag override - it: tag override
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
image.tag: "1.19.4" image.tag: "1.19.4"
asserts: asserts:
@@ -24,7 +24,7 @@ tests:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: "docker.gitea.com/gitea:1.19.4-rootless" value: "docker.gitea.com/gitea:1.19.4-rootless"
- it: root-based image - it: root-based image
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
image.rootless: false image.rootless: false
asserts: asserts:
@@ -32,7 +32,7 @@ tests:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: "docker.gitea.com/gitea:1.19.3" value: "docker.gitea.com/gitea:1.19.3"
- it: scoped registry - it: scoped registry
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
image.registry: "example.com" image.registry: "example.com"
asserts: asserts:
@@ -40,7 +40,7 @@ tests:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: "example.com/gitea:1.19.3-rootless" value: "example.com/gitea:1.19.3-rootless"
- it: global registry - it: global registry
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
global.imageRegistry: "global.example.com" global.imageRegistry: "global.example.com"
asserts: asserts:
@@ -48,7 +48,7 @@ tests:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: "global.example.com/gitea:1.19.3-rootless" value: "global.example.com/gitea:1.19.3-rootless"
- it: digest for rootless image - it: digest for rootless image
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
image: image:
rootless: true rootless: true
@@ -58,7 +58,7 @@ tests:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: "docker.gitea.com/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" value: "docker.gitea.com/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
- it: image fullOverride (does not append rootless) - it: image fullOverride (does not append rootless)
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
image: image:
fullOverride: docker.gitea.com/gitea:1.19.3 fullOverride: docker.gitea.com/gitea:1.19.3
@@ -73,7 +73,7 @@ tests:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: "docker.gitea.com/gitea:1.19.3" value: "docker.gitea.com/gitea:1.19.3"
- it: digest for root-based image - it: digest for root-based image
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
image: image:
rootless: false rootless: false
@@ -83,7 +83,7 @@ tests:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: "docker.gitea.com/gitea:1.19.3@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" value: "docker.gitea.com/gitea:1.19.3@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
- it: digest and global registry - it: digest and global registry
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
global.imageRegistry: "global.example.com" global.imageRegistry: "global.example.com"
image.digest: "sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" image.digest: "sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
@@ -92,7 +92,7 @@ tests:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: "global.example.com/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" value: "global.example.com/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
- it: correctly renders floating tag references - it: correctly renders floating tag references
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
image.tag: 1.21 # use non-quoted value on purpose. See: https://gitea.com/gitea/helm-gitea/issues/631 image.tag: 1.21 # use non-quoted value on purpose. See: https://gitea.com/gitea/helm-gitea/issues/631
asserts: asserts:
unittests/helm/deployment/ingress-configuration.yaml
+1 -1
View File
@@ -1,6 +1,6 @@
suite: Test ingress tpl use suite: Test ingress tpl use
templates: templates:
- templates/gitea/ingress.yaml - templates/ingress.yaml
tests: tests:
- it: Ingress Class using TPL - it: Ingress Class using TPL
set: set:
unittests/helm/deployment/inline-config.yaml
+1 -1
View File
@@ -3,7 +3,7 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/config.yaml - templates/config.yaml
tests: tests:
- it: inline config stringData.server using TPL - it: inline config stringData.server using TPL
set: set:
unittests/helm/deployment/openshift.yaml
-106
View File
@@ -1,106 +0,0 @@
suite: deployment template (openshift)
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/deployment.yaml
- templates/gitea/config.yaml
tests:
- it: renders openshift-compatible defaults for chart-managed containers
template: templates/gitea/deployment.yaml
set:
openshift.enabled: true
asserts:
- notExists:
path: spec.template.spec.hostUsers
- notExists:
path: spec.template.spec.securityContext
- equal:
path: spec.template.spec.initContainers[0].securityContext
value:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
- equal:
path: spec.template.spec.initContainers[1].securityContext
value:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
- equal:
path: spec.template.spec.initContainers[2].securityContext
value:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
- equal:
path: spec.template.spec.containers[0].securityContext
value:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
- it: does not force runAsUser 1000 for command init containers on OpenShift
template: templates/gitea/deployment.yaml
set:
openshift.enabled: true
signing.enabled: true
signing.existingSecret: custom-gpg-secret
asserts:
- notExists:
path: spec.template.spec.initContainers[2].securityContext.runAsUser
- notExists:
path: spec.template.spec.initContainers[3].securityContext.runAsUser
- it: preserves explicit pod and container security context overrides on OpenShift
template: templates/gitea/deployment.yaml
set:
openshift:
enabled: true
hostUsers: true
podSecurityContext:
fsGroup: 1000620000
containerSecurityContext:
runAsUser: 1000620000
runAsGroup: 1000620000
asserts:
- equal:
path: spec.template.spec.hostUsers
value: true
- equal:
path: spec.template.spec.securityContext
value:
fsGroup: 1000620000
- equal:
path: spec.template.spec.initContainers[2].securityContext.runAsUser
value: 1000620000
- equal:
path: spec.template.spec.containers[0].securityContext.runAsGroup
value: 1000620000
- it: renders an explicit hostUsers=false override on OpenShift
template: templates/gitea/deployment.yaml
set:
openshift:
enabled: true
hostUsers: false
asserts:
- equal:
path: spec.template.spec.hostUsers
value: false
unittests/helm/deployment/probes.yaml
+12 -12
View File
@@ -3,11 +3,11 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/deployment.yaml - templates/deployment.yaml
- templates/gitea/config.yaml - templates/config.yaml
tests: tests:
- it: renders default liveness probe - it: renders default liveness probe
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
asserts: asserts:
- notExists: - notExists:
path: spec.template.spec.containers[0].livenessProbe.enabled path: spec.template.spec.containers[0].livenessProbe.enabled
@@ -22,7 +22,7 @@ tests:
port: http port: http
timeoutSeconds: 1 timeoutSeconds: 1
- it: renders default readiness probe - it: renders default readiness probe
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
asserts: asserts:
- notExists: - notExists:
path: spec.template.spec.containers[0].readinessProbe.enabled path: spec.template.spec.containers[0].readinessProbe.enabled
@@ -37,12 +37,12 @@ tests:
port: http port: http
timeoutSeconds: 1 timeoutSeconds: 1
- it: does not render a default startup probe - it: does not render a default startup probe
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
asserts: asserts:
- notExists: - notExists:
path: spec.template.spec.containers[0].startupProbe path: spec.template.spec.containers[0].startupProbe
- it: allows enabling a startup probe - it: allows enabling a startup probe
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
gitea.startupProbe.enabled: true gitea.startupProbe.enabled: true
asserts: asserts:
@@ -60,7 +60,7 @@ tests:
timeoutSeconds: 1 timeoutSeconds: 1
- it: allows overwriting the default port of the liveness probe - it: allows overwriting the default port of the liveness probe
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
gitea: gitea:
livenessProbe: livenessProbe:
@@ -74,7 +74,7 @@ tests:
port: my-port port: my-port
- it: allows overwriting the default port of the readiness probe - it: allows overwriting the default port of the readiness probe
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
gitea: gitea:
readinessProbe: readinessProbe:
@@ -88,7 +88,7 @@ tests:
port: my-port port: my-port
- it: allows overwriting the default port of the startup probe - it: allows overwriting the default port of the startup probe
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
gitea: gitea:
startupProbe: startupProbe:
@@ -103,7 +103,7 @@ tests:
port: my-port port: my-port
- it: allows using a non-default method as liveness probe - it: allows using a non-default method as liveness probe
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
gitea: gitea:
livenessProbe: livenessProbe:
@@ -131,7 +131,7 @@ tests:
timeoutSeconds: 13372 timeoutSeconds: 13372
- it: allows using a non-default method as readiness probe - it: allows using a non-default method as readiness probe
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
gitea: gitea:
readinessProbe: readinessProbe:
@@ -159,7 +159,7 @@ tests:
timeoutSeconds: 13372 timeoutSeconds: 13372
- it: allows using a non-default method as startup probe - it: allows using a non-default method as startup probe
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
gitea: gitea:
startupProbe: startupProbe:
unittests/helm/deployment/sidecar-container.yaml
+3 -3
View File
@@ -3,11 +3,11 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/deployment.yaml - templates/deployment.yaml
- templates/gitea/config.yaml - templates/config.yaml
tests: tests:
- it: supports adding a sidecar container - it: supports adding a sidecar container
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
extraContainers: extraContainers:
- name: sidecar-bob - name: sidecar-bob
unittests/helm/deployment/signing-disabled.yaml
+6 -6
View File
@@ -3,11 +3,11 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/deployment.yaml - templates/deployment.yaml
- templates/gitea/config.yaml - templates/config.yaml
tests: tests:
- it: skips gpg init container - it: skips gpg init container
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
asserts: asserts:
- notContains: - notContains:
path: spec.template.spec.initContainers path: spec.template.spec.initContainers
@@ -15,7 +15,7 @@ tests:
content: content:
name: configure-gpg name: configure-gpg
- it: skips gpg env in `init-directories` init container - it: skips gpg env in `init-directories` init container
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
signing.enabled: false signing.enabled: false
asserts: asserts:
@@ -25,14 +25,14 @@ tests:
name: GNUPGHOME name: GNUPGHOME
value: /data/git/.gnupg value: /data/git/.gnupg
- it: skips gpg env in runtime container - it: skips gpg env in runtime container
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
asserts: asserts:
- notContains: - notContains:
path: spec.template.spec.containers[0].env path: spec.template.spec.containers[0].env
content: content:
name: GNUPGHOME name: GNUPGHOME
- it: skips gpg volume spec - it: skips gpg volume spec
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
asserts: asserts:
- notContains: - notContains:
path: spec.template.spec.volumes path: spec.template.spec.volumes
unittests/helm/deployment/signing-enabled.yaml
+7 -7
View File
@@ -3,11 +3,11 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/deployment.yaml - templates/deployment.yaml
- templates/gitea/config.yaml - templates/config.yaml
tests: tests:
- it: adds gpg init container - it: adds gpg init container
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
signing: signing:
enabled: true enabled: true
@@ -41,7 +41,7 @@ tests:
mountPath: /raw mountPath: /raw
readOnly: true readOnly: true
- it: adds gpg env in `init-directories` init container - it: adds gpg env in `init-directories` init container
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
signing.enabled: true signing.enabled: true
signing.existingSecret: "custom-gpg-secret" signing.existingSecret: "custom-gpg-secret"
@@ -52,7 +52,7 @@ tests:
name: GNUPGHOME name: GNUPGHOME
value: /data/git/.gnupg value: /data/git/.gnupg
- it: adds gpg env in runtime container - it: adds gpg env in runtime container
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
signing.enabled: true signing.enabled: true
signing.existingSecret: "custom-gpg-secret" signing.existingSecret: "custom-gpg-secret"
@@ -63,7 +63,7 @@ tests:
name: GNUPGHOME name: GNUPGHOME
value: /data/git/.gnupg value: /data/git/.gnupg
- it: adds gpg volume spec - it: adds gpg volume spec
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
signing: signing:
enabled: true enabled: true
@@ -80,7 +80,7 @@ tests:
path: private.asc path: private.asc
defaultMode: 0100 defaultMode: 0100
- it: supports gpg volume spec with external reference - it: supports gpg volume spec with external reference
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
signing: signing:
enabled: true enabled: true
unittests/helm/deployment/ssh-configuration.yaml
+7 -7
View File
@@ -3,11 +3,11 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/deployment.yaml - templates/deployment.yaml
- templates/gitea/config.yaml - templates/config.yaml
tests: tests:
- it: supports defining SSH log level for root based image - it: supports defining SSH log level for root based image
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
image.rootless: false image.rootless: false
asserts: asserts:
@@ -17,7 +17,7 @@ tests:
name: SSH_LOG_LEVEL name: SSH_LOG_LEVEL
value: "INFO" value: "INFO"
- it: supports overriding SSH log level - it: supports overriding SSH log level
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
image.rootless: false image.rootless: false
gitea.ssh.logLevel: "DEBUG" gitea.ssh.logLevel: "DEBUG"
@@ -28,7 +28,7 @@ tests:
name: SSH_LOG_LEVEL name: SSH_LOG_LEVEL
value: "DEBUG" value: "DEBUG"
- it: supports overriding SSH log level (even when image.fullOverride set) - it: supports overriding SSH log level (even when image.fullOverride set)
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
image.fullOverride: docker.gitea.com/gitea:1.19.3 image.fullOverride: docker.gitea.com/gitea:1.19.3
image.rootless: false image.rootless: false
@@ -40,7 +40,7 @@ tests:
name: SSH_LOG_LEVEL name: SSH_LOG_LEVEL
value: "DEBUG" value: "DEBUG"
- it: skips SSH_LOG_LEVEL for rootless image - it: skips SSH_LOG_LEVEL for rootless image
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
image.rootless: true image.rootless: true
gitea.ssh.logLevel: "DEBUG" # explicitly defining a non-standard level here gitea.ssh.logLevel: "DEBUG" # explicitly defining a non-standard level here
@@ -51,7 +51,7 @@ tests:
content: content:
name: SSH_LOG_LEVEL name: SSH_LOG_LEVEL
- it: skips SSH_LOG_LEVEL for rootless image (even when image.fullOverride set) - it: skips SSH_LOG_LEVEL for rootless image (even when image.fullOverride set)
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
image.fullOverride: docker.gitea.com/gitea:1.19.3 image.fullOverride: docker.gitea.com/gitea:1.19.3
image.rootless: true image.rootless: true
unittests/helm/deployment/storage-class-configuration.yaml
+4 -4
View File
@@ -7,11 +7,11 @@ release:
namespace: testing namespace: testing
templates: templates:
- templates/gitea/pvc.yaml - templates/pvc.yaml
tests: tests:
- it: should set storageClassName when persistence.storageClass is defined - it: should set storageClassName when persistence.storageClass is defined
template: templates/gitea/pvc.yaml template: templates/pvc.yaml
set: set:
persistence.storageClass: "my-storage-class" persistence.storageClass: "my-storage-class"
asserts: asserts:
@@ -20,7 +20,7 @@ tests:
value: "my-storage-class" value: "my-storage-class"
- it: should set global.storageClass when persistence.storageClass is not defined - it: should set global.storageClass when persistence.storageClass is not defined
template: templates/gitea/pvc.yaml template: templates/pvc.yaml
set: set:
global.storageClass: "default-storage-class" global.storageClass: "default-storage-class"
asserts: asserts:
@@ -29,7 +29,7 @@ tests:
value: "default-storage-class" value: "default-storage-class"
- it: should set storageClassName when persistence.storageClass is defined and global.storageClass is defined - it: should set storageClassName when persistence.storageClass is defined and global.storageClass is defined
template: templates/gitea/pvc.yaml template: templates/pvc.yaml
set: set:
global.storageClass: "default-storage-class" global.storageClass: "default-storage-class"
persistence.storageClass: "my-storage-class" persistence.storageClass: "my-storage-class"
unittests/helm/deployment/svc-configuration.yaml
+11 -11
View File
@@ -3,11 +3,11 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/ssh-svc.yaml - templates/ssh-svc.yaml
- templates/gitea/http-svc.yaml - templates/http-svc.yaml
tests: tests:
- it: supports adding custom labels to ssh-svc - it: supports adding custom labels to ssh-svc
template: templates/gitea/ssh-svc.yaml template: templates/ssh-svc.yaml
set: set:
service: service:
ssh: ssh:
@@ -19,7 +19,7 @@ tests:
value: "testvalue" value: "testvalue"
- it: keeps existing labels (ssh) - it: keeps existing labels (ssh)
template: templates/gitea/ssh-svc.yaml template: templates/ssh-svc.yaml
set: set:
service: service:
ssh: ssh:
@@ -29,7 +29,7 @@ tests:
path: metadata.labels["app"] path: metadata.labels["app"]
- it: supports adding custom labels to http-svc - it: supports adding custom labels to http-svc
template: templates/gitea/http-svc.yaml template: templates/http-svc.yaml
set: set:
service: service:
http: http:
@@ -41,7 +41,7 @@ tests:
value: "testvalue" value: "testvalue"
- it: keeps existing labels (http) - it: keeps existing labels (http)
template: templates/gitea/http-svc.yaml template: templates/http-svc.yaml
set: set:
service: service:
http: http:
@@ -51,7 +51,7 @@ tests:
path: metadata.labels["app"] path: metadata.labels["app"]
- it: render service.ssh.loadBalancerClass if set and type is LoadBalancer - it: render service.ssh.loadBalancerClass if set and type is LoadBalancer
template: templates/gitea/ssh-svc.yaml template: templates/ssh-svc.yaml
set: set:
service: service:
ssh: ssh:
@@ -73,7 +73,7 @@ tests:
value: ["1.2.3.4/32", "5.6.7.8/32"] value: ["1.2.3.4/32", "5.6.7.8/32"]
- it: does not render when loadbalancer properties are set but type is not loadBalancerClass - it: does not render when loadbalancer properties are set but type is not loadBalancerClass
template: templates/gitea/http-svc.yaml template: templates/http-svc.yaml
set: set:
service: service:
http: http:
@@ -92,7 +92,7 @@ tests:
path: spec.loadBalancerSourceRanges path: spec.loadBalancerSourceRanges
- it: does not render loadBalancerClass by default even when type is LoadBalancer - it: does not render loadBalancerClass by default even when type is LoadBalancer
template: templates/gitea/http-svc.yaml template: templates/http-svc.yaml
set: set:
service: service:
http: http:
@@ -107,8 +107,8 @@ tests:
- it: both ssh and http services exist - it: both ssh and http services exist
templates: templates:
- templates/gitea/ssh-svc.yaml - templates/ssh-svc.yaml
- templates/gitea/http-svc.yaml - templates/http-svc.yaml
asserts: asserts:
- matchRegex: - matchRegex:
path: metadata.name path: metadata.name
unittests/helm/gpg-secret/signing-disabled.yaml
+1 -1
View File
@@ -3,7 +3,7 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/gpg-secret.yaml - templates/gpg-secret.yaml
tests: tests:
- it: renders nothing - it: renders nothing
set: set:
unittests/helm/gpg-secret/signing-enabled.yaml
+1 -1
View File
@@ -3,7 +3,7 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/gpg-secret.yaml - templates/gpg-secret.yaml
tests: tests:
- it: fails rendering when nothing is configured - it: fails rendering when nothing is configured
set: set:
unittests/helm/ingress/basic.yaml
+1 -1
View File
@@ -1,6 +1,6 @@
suite: Test ingress.yaml suite: Test ingress.yaml
templates: templates:
- templates/gitea/ingress.yaml - templates/ingress.yaml
tests: tests:
- it: should enable ingress when ingress.enabled is true - it: should enable ingress when ingress.enabled is true
set: set:
unittests/helm/ingress/implicit-defaults.yaml
+1 -1
View File
@@ -1,6 +1,6 @@
suite: Test ingress with implicit path defaults suite: Test ingress with implicit path defaults
templates: templates:
- templates/gitea/ingress.yaml - templates/ingress.yaml
tests: tests:
- it: should use default path and pathType when no paths are specified - it: should use default path and pathType when no paths are specified
set: set:
unittests/helm/ingress/ingress.tpl.yaml
+1 -1
View File
@@ -1,6 +1,6 @@
suite: Test ingress tpl use suite: Test ingress tpl use
templates: templates:
- templates/gitea/ingress.yaml - templates/ingress.yaml
tests: tests:
- it: Ingress Class using TPL - it: Ingress Class using TPL
set: set:
unittests/helm/ingress/structured-paths.yaml
+1 -1
View File
@@ -1,6 +1,6 @@
suite: Test ingress with structured paths suite: Test ingress with structured paths
templates: templates:
- templates/gitea/ingress.yaml - templates/ingress.yaml
tests: tests:
- it: should work with structured path definitions - it: should work with structured path definitions
set: set:
unittests/helm/init/basic.yaml
+1 -1
View File
@@ -3,7 +3,7 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/init.yaml - templates/init.yaml
tests: tests:
- it: renders a secret - it: renders a secret
asserts: asserts:
unittests/helm/init/init_directory_structure.sh-rootless.yaml
+2 -2
View File
@@ -3,7 +3,7 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/init.yaml - templates/init.yaml
tests: tests:
- it: runs gpg in batch mode - it: runs gpg in batch mode
set: set:
@@ -63,7 +63,7 @@ tests:
chown -v 1000:1000 "${GNUPGHOME}" chown -v 1000:1000 "${GNUPGHOME}"
fi fi
- it: it does not chown /data even when image.fullOverride is set - it: it does not chown /data even when image.fullOverride is set
template: templates/gitea/init.yaml template: templates/init.yaml
set: set:
image.fullOverride: docker.gitea.com/gitea:1.20.5 image.fullOverride: docker.gitea.com/gitea:1.20.5
asserts: asserts:
unittests/helm/init/init_directory_structure.sh.yaml
+1 -1
View File
@@ -3,7 +3,7 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/init.yaml - templates/init.yaml
tests: tests:
- it: runs gpg in batch mode - it: runs gpg in batch mode
set: set:
unittests/helm/metric-secret/metrics-secret-servicemonitor-disabled.yaml
+1 -1
View File
@@ -3,7 +3,7 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/metrics-secret.yaml - templates/metrics-secret.yaml
tests: tests:
- it: renders nothing if monitoring disabled and gitea.metrics.token empty - it: renders nothing if monitoring disabled and gitea.metrics.token empty
set: set:
unittests/helm/metric-secret/metrics-secret-servicemonitor-enabled.yaml
+1 -1
View File
@@ -3,7 +3,7 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/metrics-secret.yaml - templates/metrics-secret.yaml
tests: tests:
- it: renders nothing if monitoring enabled and gitea.metrics.token empty - it: renders nothing if monitoring enabled and gitea.metrics.token empty
set: set:
unittests/helm/networkPolicy/networkPolicy.yaml
+100
View File
@@ -0,0 +1,100 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: NetworkPolicy template
release:
name: gitea-unittest
namespace: testing
templates:
- templates/networkPolicy.yaml
tests:
- it: Skip rendering networkPolicy
set:
networkPolicy.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Render default networkPolicy
set:
networkPolicy.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
name: gitea-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app: gitea
app.kubernetes.io/instance: gitea-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: gitea
app.kubernetes.io/version: 0.1.0
helm.sh/chart: gitea-0.1.0
version: 0.1.0
- equal:
path: spec.podSelector.matchLabels
value:
app.kubernetes.io/instance: gitea-unittest
app.kubernetes.io/name: gitea
- notExists:
path: spec.policyTypes
- notExists:
path: spec.egress
- notExists:
path: spec.ingress
- it: Template networkPolicy with policyTypes, egress and ingress configuration
set:
networkPolicy.enabled: true
networkPolicy.policyTypes:
- Egress
- Ingress
networkPolicy.ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: monitoring
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus
networkPolicy.egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
podSelector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
asserts:
- equal:
path: spec.policyTypes
value:
- Egress
- Ingress
- equal:
path: spec.egress
value:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
podSelector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
- equal:
path: spec.ingress
value:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: monitoring
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus
unittests/helm/pvc/pvc-configuration.yaml
+1 -1
View File
@@ -3,7 +3,7 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/pvc.yaml - templates/pvc.yaml
tests: tests:
- it: Storage Class using TPL - it: Storage Class using TPL
set: set:
unittests/helm/route/basic.yaml
-58
View File
@@ -1,58 +0,0 @@
suite: Test route.yaml
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/route.yaml
tests:
- it: should create route when route.enabled is true
set:
route:
enabled: true
host: git.apps.example.com
path: /
annotations:
haproxy.router.openshift.io/timeout: 5m
tls:
termination: edge
insecureEdgeTerminationPolicy: Redirect
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.name
value: gitea-unittests
- equal:
path: metadata.annotations["haproxy.router.openshift.io/timeout"]
value: 5m
- equal:
path: spec.host
value: git.apps.example.com
- equal:
path: spec.path
value: /
- equal:
path: spec.to.kind
value: Service
- equal:
path: spec.to.name
value: gitea-unittests-http
- equal:
path: spec.port.targetPort
value: http
- equal:
path: spec.wildcardPolicy
value: None
- equal:
path: spec.tls.termination
value: edge
- equal:
path: spec.tls.insecureEdgeTerminationPolicy
value: Redirect
- it: should not create route when route.enabled is false
set:
route.enabled: false
asserts:
- hasDocuments:
count: 0
unittests/helm/serviceaccount/basic.yaml
+1 -1
View File
@@ -3,7 +3,7 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/serviceaccount.yaml - templates/serviceaccount.yaml
tests: tests:
- it: skips rendering by default - it: skips rendering by default
asserts: asserts:
unittests/helm/serviceaccount/reference.yaml
+6 -6
View File
@@ -3,17 +3,17 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/serviceaccount.yaml - templates/serviceaccount.yaml
- templates/gitea/deployment.yaml - templates/deployment.yaml
- templates/gitea/config.yaml - templates/config.yaml
tests: tests:
- it: does not modify the deployment by default - it: does not modify the deployment by default
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
asserts: asserts:
- notExists: - notExists:
path: spec.serviceAccountName path: spec.serviceAccountName
- it: adds the reference to the deployment with serviceAccount.create=true - it: adds the reference to the deployment with serviceAccount.create=true
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
serviceAccount.create: true serviceAccount.create: true
asserts: asserts:
@@ -21,7 +21,7 @@ tests:
path: spec.template.spec.serviceAccountName path: spec.template.spec.serviceAccountName
value: gitea-unittests value: gitea-unittests
- it: allows referencing an externally created ServiceAccount to the deployment - it: allows referencing an externally created ServiceAccount to the deployment
template: templates/gitea/deployment.yaml template: templates/deployment.yaml
set: set:
serviceAccount: serviceAccount:
create: false # explicitly set to define rendering behavior create: false # explicitly set to define rendering behavior
unittests/helm/servicemonitor/basic.yaml
+1 -1
View File
@@ -3,7 +3,7 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/servicemonitor.yaml - templates/servicemonitor.yaml
tests: tests:
- it: skips rendering by default - it: skips rendering by default
asserts: asserts:
unittests/helm/servicemonitor/servicemonitor-disabled.yaml
+1 -1
View File
@@ -3,7 +3,7 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/servicemonitor.yaml - templates/servicemonitor.yaml
tests: tests:
- it: renders nothing if gitea.metrics.serviceMonitor disabled and gitea.metrics.token empty - it: renders nothing if gitea.metrics.serviceMonitor disabled and gitea.metrics.token empty
set: set:
unittests/helm/servicemonitor/servicemonitor-enabled.yaml
+1 -1
View File
@@ -3,7 +3,7 @@ release:
name: gitea-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/servicemonitor.yaml - templates/servicemonitor.yaml
tests: tests:
- it: renders unsecure ServiceMonitor if gitea.metrics.token nil - it: renders unsecure ServiceMonitor if gitea.metrics.token nil
set: set:
unittests/helm/tests/test-http-connection.yaml
-33
View File
@@ -1,33 +0,0 @@
suite: test connection template
release:
name: gitea-unittests
namespace: testing
templates:
- templates/tests/test-http-connection.yaml
tests:
- it: renders openshift-compatible defaults for the test pod
set:
openshift.enabled: true
asserts:
- notExists:
path: spec.hostUsers
- equal:
path: spec.containers[0].securityContext
value:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
- it: renders an explicit hostUsers=false override for the test pod
set:
openshift:
enabled: true
hostUsers: false
asserts:
- equal:
path: spec.hostUsers
value: false
values.yaml
+135 -220
View File
@@ -20,7 +20,7 @@ global:
# hostnames: # hostnames:
# - example.com # - example.com
## @param namespace An explicit namespace to deploy gitea into. Defaults to the release namespace if not specified ## @param namespace An explicit namespace to deploy Gitea into. Defaults to the release namespace if not specified
namespace: "" namespace: ""
## @param replicaCount number of replicas for the deployment ## @param replicaCount number of replicas for the deployment
@@ -62,14 +62,9 @@ imagePullSecrets: []
## @section Security ## @section Security
# Security context is only usable with rootless image due to image design # Security context is only usable with rootless image due to image design
## @param openshift.enabled Enable OpenShift compatibility defaults for chart-managed pods. Defaults to auto-detect based on the SecurityContextConstraints API. ## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod.
## @param openshift.hostUsers Override the PodSpec hostUsers field for chart-managed pods. When unset, the field is omitted so the platform default is used. podSecurityContext:
openshift: fsGroup: 1000
enabled: null
hostUsers: null
## @param podSecurityContext Pod security context. On non-OpenShift clusters the chart defaults `fsGroup` to `1000` when this map is empty.
podSecurityContext: {}
## @param containerSecurityContext Security context ## @param containerSecurityContext Security context
containerSecurityContext: {} containerSecurityContext: {}
@@ -182,32 +177,6 @@ ingress:
# hosts: # hosts:
# - git.example.com # - git.example.com
## @section Route
## @param route.enabled Enable OpenShift Route
## @param route.annotations Route annotations
## @param route.host Route host. When unset, OpenShift may generate one and Gitea URL defaults fall back to ingress/service values.
## @param route.path Route path
## @param route.wildcardPolicy Route wildcard policy
## @param route.tls.termination Route TLS termination type
## @param route.tls.insecureEdgeTerminationPolicy Route insecure edge termination policy
## @param route.tls.key Route TLS key
## @param route.tls.certificate Route TLS certificate
## @param route.tls.caCertificate Route TLS CA certificate
## @param route.tls.destinationCACertificate Route destination CA certificate
route:
enabled: false
annotations: {}
host: ""
path: ""
wildcardPolicy: None
tls:
termination:
insecureEdgeTerminationPolicy:
key:
certificate:
caCertificate:
destinationCACertificate:
## @section deployment ## @section deployment
# #
## @param resources Kubernetes resources ## @param resources Kubernetes resources
@@ -312,13 +281,13 @@ extraContainers: []
# image: busybox # image: busybox
# command: [/bin/sh, -c, 'echo "Hello world"'] # command: [/bin/sh, -c, 'echo "Hello world"']
## @param preExtraInitContainers Additional init containers to run in the pod before gitea runs it owns init containers. ## @param preExtraInitContainers Additional init containers to run in the pod before Gitea runs it owns init containers.
preExtraInitContainers: [] preExtraInitContainers: []
# - name: pre-init-container # - name: pre-init-container
# image: docker.io/library/busybox # image: docker.io/library/busybox
# command: [ /bin/sh, -c, 'echo "Hello world! I am a pre init container."' ] # command: [ /bin/sh, -c, 'echo "Hello world! I am a pre init container."' ]
## @param postExtraInitContainers Additional init containers to run in the pod after gitea runs it owns init containers. ## @param postExtraInitContainers Additional init containers to run in the pod after Gitea runs it owns init containers.
postExtraInitContainers: [] postExtraInitContainers: []
# - name: post-init-container # - name: post-init-container
# image: docker.io/library/busybox # image: docker.io/library/busybox
@@ -477,28 +446,6 @@ gitea:
## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables ## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables
additionalConfigFromEnvs: [] additionalConfigFromEnvs: []
## @param gitea.extraEnvSourceFile Source environment variables from a file during init container startup. This is especially useful for reading environment variable files generated by the Vault agent-injector.
## See the sample annotations below for reference.
## podAnnotations:
## vault.hashicorp.com/agent-inject: "true"
## vault.hashicorp.com/agent-init-first: "true"
## vault.hashicorp.com/agent-inject-secret-gitea: <path/to/secret>
## vault.hashicorp.com/agent-inject-template-gitea: |
## {{- with secret "path/to/secret" -}}
## export GITEA__database__HOST="{{ .Data.data.db_host }}"
## export GITEA__database__NAME="{{ .Data.data.db_name }}"
## export GITEA__database__USER="{{ .Data.data.db_user }}"
## export GITEA__database__PASSWD="{{ .Data.data.db_password }}"
## export GITEA__queue__CONN_STR="{{ .Data.data.kv_conn_string }}"
## export GITEA__session__PROVIDER_CONFIG="{{ .Data.data.kv_conn_string }}"
## export GITEA__cache__HOST="{{ .Data.data.kv_conn_string }}"
## export GITEA_ADMIN_USERNAME="{{ .Data.data.gitea_admin_user }}"
## export GITEA_ADMIN_PASSWORD="{{ .Data.data.gitea_admin_password }}"
## {{- end }}
# extraEnvSourceFile: /vault/secrets/gitea
extraEnvSourceFile:
## @param gitea.podAnnotations Annotations for the Gitea pod ## @param gitea.podAnnotations Annotations for the Gitea pod
podAnnotations: {} podAnnotations: {}
@@ -566,192 +513,189 @@ gitea:
successThreshold: 1 successThreshold: 1
failureThreshold: 10 failureThreshold: 10
## @section Network Policy
networkPolicy:
## @param networkPolicy.enabled Enable network policies in general.
## @param networkPolicy.annotations Additional network policy annotations.
## @param networkPolicy.labels Additional network policy labels.
## @param networkPolicy.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
## @param networkPolicy.egress Concrete egress network policy implementation.
## @skip networkPolicy.egress Skip individual egress configuration.
## @param networkPolicy.ingress Concrete ingress network policy implementation.
## @skip networkPolicy.ingress Skip individual ingress configuration.
enabled: false
annotations: {}
labels: {}
policyTypes: []
# - Egress
# - Ingress
egress: []
# Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns.
#
# - to:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: kube-system
# podSelector:
# matchLabels:
# k8s-app: kube-dns
# ports:
# - port: 53
# protocol: TCP
# - port: 53
# protocol: UDP
# Allow outgoing traffic via HTTPS. For example for oAuth2, Gravatar and other third party APIs.
#
# - to:
# ports:
# - port: 443
# protocol: TCP
# Allow outgoing traffic to PostgreSQL.
#
# - to:
# - podSelector:
# matchLabels:
# app.kubernetes.io/name: postgresql-ha
# ports: []
# # Avoid explicit list of ports, because Gitea tries to ping the PostgreSQL database during the initialization
# # process. The ICMP protocol is currently not supported as list of protocols by kubernetes. For this reason would
# # lead listing of the ports to an issue. Therefore, please handle the database ports with care.
# #
# # - port: 5432
# # protocol: TCP
# Allow outgoing traffic to Valkey.
#
# - to:
# - podSelector:
# matchLabels:
# app.kubernetes.io/name: valkey-cluster
# ports:
# - port: 6379
# protocol: TCP
# - port: 16379
# protocol: TCP
ingress: []
# Allow incoming HTTP traffic from prometheus.
#
# - from:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: monitoring
# podSelector:
# matchLabels:
# app.kubernetes.io/name: prometheus
# ports:
# - port: http
# protocol: TCP
# Allow incoming HTTP traffic from ingress-nginx.
#
# - from:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: ingress-nginx
# podSelector:
# matchLabels:
# app.kubernetes.io/name: ingress-nginx
# ports:
# - port: http
# protocol: TCP
## @section valkey-cluster ## @section valkey-cluster
## @param valkey-cluster.enabled Enable valkey cluster
# ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>).
# Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
## @param valkey-cluster.usePassword Whether to use password authentication
## @param valkey-cluster.usePasswordFiles Whether to mount passwords as files instead of environment variables
## @param valkey-cluster.cluster.nodes Number of valkey cluster master nodes
## @param valkey-cluster.cluster.replicas Number of valkey cluster master node replicas
## @param valkey-cluster.service.ports.valkey Port of Valkey service
## @descriptionStart ## @descriptionStart
## Valkey cluster and [Valkey](#valkey) cannot be enabled at the same time. ## Valkey cluster and [Valkey](#valkey) cannot be enabled at the same time.
## @descriptionEnd ## @descriptionEnd
valkey-cluster: valkey-cluster:
## @param valkey-cluster.enabled Enable valkey cluster
# ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>).
# Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
## @param valkey-cluster.usePassword Whether to use password authentication.
## @param valkey-cluster.usePasswordFiles Whether to mount passwords as files instead of environment variables.
enabled: true enabled: true
usePassword: false usePassword: false
usePasswordFiles: false usePasswordFiles: false
## @param valkey-cluster.image.repository Image repository, eg. `bitnamilegacy/valkey-cluster`.
image:
repository: bitnamilegacy/valkey-cluster
## @param valkey-cluster.cluster.nodes Number of valkey cluster master nodes
## @param valkey-cluster.cluster.replicas Number of valkey cluster master node replicas
cluster: cluster:
nodes: 3 # default: 6 nodes: 3 # default: 6
replicas: 0 # default: 1 replicas: 0 # default: 1
## @param valkey-cluster.metrics.image.repository Image repository, eg. `bitnamilegacy/redis-exporter`.
metrics:
image:
repository: bitnamilegacy/redis-exporter
## @param valkey-cluster.persistence.enabled Enable persistence on Valkey replicas nodes using Persistent Volume Claims.
## @param valkey-cluster.persistence.storageClass Persistent Volume storage class.
## @param valkey-cluster.persistence.size Persistent Volume size.
persistence:
enabled: true
storageClass: ""
size: 8Gi
## @param valkey-cluster.service.ports.valkey Port of Valkey service
service: service:
ports: ports:
valkey: 6379 valkey: 6379
## @param valkey-cluster.sysctlImage.repository Image repository, eg. `bitnamilegacy/os-shell`.
sysctlImage:
repository: bitnamilegacy/os-shell
## @param valkey-cluster.volumePermissions.image.repository Image repository, eg. `bitnamilegacy/os-shell`.
volumePermissions:
image:
repository: bitnamilegacy/os-shell
## @section valkey ## @section valkey
## @param valkey.enabled Enable valkey standalone or replicated
## @param valkey.architecture Whether to use standalone or replication
# ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>).
# Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
## @param valkey.global.valkey.password Required password
## @param valkey.master.count Number of Valkey master instances to deploy
## @param valkey.master.service.ports.valkey Port of Valkey service
## @descriptionStart ## @descriptionStart
## Valkey and [Valkey cluster](#valkey-cluster) cannot be enabled at the same time. ## Valkey and [Valkey cluster](#valkey-cluster) cannot be enabled at the same time.
## @descriptionEnd ## @descriptionEnd
valkey: valkey:
## @param valkey.enabled Enable valkey standalone or replicated
## @param valkey.architecture Whether to use standalone or replication
enabled: false enabled: false
architecture: standalone architecture: standalone
## @param valkey.kubectl.image.repository Image repository, eg. `bitnamilegacy/kubectl`.
kubectl:
image:
repository: bitnamilegacy/kubectl
## @param valkey.image.repository Image repository, eg. `bitnamilegacy/valkey`.
image:
repository: bitnamilegacy/valkey
# ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>).
# Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
## @param valkey.global.valkey.password Required password
global: global:
valkey: valkey:
password: changeme password: changeme
## @param valkey.master.count Number of Valkey master instances to deploy
## @param valkey.master.service.ports.valkey Port of Valkey service
master: master:
count: 1 count: 1
service: service:
ports: ports:
valkey: 6379 valkey: 6379
## @param valkey.metrics.image.repository Image repository, eg. `bitnamilegacy/redis-exporter`.
metrics:
image:
repository: bitnamilegacy/redis-exporter
primary:
## @param valkey.primary.persistence.enabled Enable persistence on Valkey replicas nodes using Persistent Volume Claims.
## @param valkey.primary.persistence.storageClass Persistent Volume storage class.
## @param valkey.primary.persistence.size Persistent Volume size.
persistence:
enabled: true
storageClass: ""
size: 8Gi
replica:
## @param valkey.replica.persistence.enabled Enable persistence on Valkey replicas nodes using Persistent Volume Claims.
## @param valkey.replica.persistence.storageClass Persistent Volume storage class.
## @param valkey.replica.persistence.size Persistent Volume size.
persistence:
enabled: true
storageClass: ""
size: 8Gi
## @param valkey.sentinel.image.repository Image repository, eg. `bitnamilegacy/sentinel`.
sentinel:
image:
repository: bitnamilegacy/valkey-sentinel
## @param valkey.volumePermissions.image.repository Image repository, eg. `bitnamilegacy/os-shell`.
volumePermissions:
image:
repository: bitnamilegacy/os-shell
## @section PostgreSQL HA ## @section PostgreSQL HA
#
## @param postgresql-ha.enabled Enable PostgreSQL HA
## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`)
## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`)
## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`)
## @param postgresql-ha.global.postgresql.password Name for a custom password to create (overrides `auth.password`)
## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password
## @param postgresql-ha.postgresql.postgresPassword postgres Password
## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword
## @param postgresql-ha.pgpool.srCheckPassword pgpool srCheckPassword
## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
## @param postgresql-ha.persistence.size PVC Storage Request for PostgreSQL HA volume
postgresql-ha: postgresql-ha:
## @param postgresql-ha.enabled Enable PostgreSQL HA
enabled: true
## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`)
## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`)
## @param postgresql-ha.global.postgresql.password Name for a custom password to create (overrides `auth.password`)
global: global:
postgresql: postgresql:
database: gitea database: gitea
password: gitea password: gitea
username: gitea username: gitea
enabled: true
## @param postgresql-ha.metrics.image.repository Image repository, eg. `bitnamilegacy/postgres-exporter`.
metrics:
image:
repository: bitnamilegacy/postgres-exporter
## @param postgresql-ha.postgresql.image.repository Image repository, eg. `bitnamilegacy/postgresql-repmgr`.
## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password
## @param postgresql-ha.postgresql.postgresPassword postgres Password
## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`)
postgresql: postgresql:
image:
repository: bitnamilegacy/postgresql-repmgr
repmgrPassword: changeme2 repmgrPassword: changeme2
postgresPassword: changeme1 postgresPassword: changeme1
password: changeme4 password: changeme4
## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword
## @param postgresql-ha.pgpool.image.repository Image repository, eg. `bitnamilegacy/pgpool`.
## @param postgresql-ha.pgpool.srCheckPassword pgpool srCheckPassword
pgpool: pgpool:
adminPassword: changeme3 adminPassword: changeme3
image:
repository: bitnamilegacy/pgpool
srCheckPassword: changeme4 srCheckPassword: changeme4
## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
service: service:
ports: ports:
postgresql: 5432 postgresql: 5432
## @param postgresql-ha.persistence.enabled Enable persistence.
## @param postgresql-ha.persistence.storageClass Persistent Volume Storage Class.
## @param postgresql-ha.persistence.size PVC Storage Request for PostgreSQL HA volume
persistence: persistence:
enabled: true
storageClass: ""
size: 10Gi size: 10Gi
## @param postgresql-ha.volumePermissions.image.repository Image repository, eg. `bitnamilegacy/os-shell`.
volumePermissions:
image:
repository: bitnamilegacy/os-shell
## @section PostgreSQL ## @section PostgreSQL
#
## @param postgresql.enabled Enable PostgreSQL
## @param postgresql.global.postgresql.auth.password Password for the `gitea` user (overrides `auth.password`)
## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`)
## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`)
## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume
postgresql: postgresql:
## @param postgresql.enabled Enable PostgreSQL
enabled: false enabled: false
## @param postgresql.global.postgresql.auth.password Password for the `gitea` user (overrides `auth.password`)
## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`)
## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`)
## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
global: global:
postgresql: postgresql:
auth: auth:
@@ -761,39 +705,10 @@ postgresql:
service: service:
ports: ports:
postgresql: 5432 postgresql: 5432
## @param postgresql.image.repository Image repository, eg. `bitnamilegacy/postgresql`.
image:
repository: bitnamilegacy/postgresql
primary: primary:
## @param postgresql.primary.persistence.enabled Enable persistence.
## @param postgresql.primary.persistence.storageClass Persistent Volume storage class.
## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume.
persistence: persistence:
enabled: true
storageClass: ""
size: 10Gi size: 10Gi
readReplicas:
## @param postgresql.readReplicas.persistence.enabled Enable PostgreSQL read only data persistence using PVC.
## @param postgresql.readReplicas.persistence.storageClass Persistent Volume storage class.
## @param postgresql.readReplicas.persistence.size PVC Storage Request for PostgreSQL volume.
persistence:
enabled: true
storageClass: ""
size: ""
## @param postgresql.metrics.image.repository Image repository, eg. `bitnamilegacy/postgres-exporter`.
metrics:
image:
repository: bitnamilegacy/postgres-exporter
## @param postgresql.volumePermissions.image.repository Image repository, eg. `bitnamilegacy/os-shell`.
volumePermissions:
image:
repository: bitnamilegacy/os-shell
# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update. # By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update.
# Set it to false to skip this basic validation check. # Set it to false to skip this basic validation check.
## @section Advanced ## @section Advanced