You've already forked helm-gitea
							
							Compare commits
	
		
			162 Commits
		
	
	
		
			v10.6.0
			...
			1d49cf3f58
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 1d49cf3f58 | |||
|   | 0a463f7252 | ||
|   | 14ac6abf78 | ||
| 89017545d3 | |||
|   | 40d8e5b6e3 | ||
|   | 1cdb7b7342 | ||
|   | 5c88f5fe9b | ||
|   | d7437cef0b | ||
|   | 1d7037e55e | ||
|   | 9cf42f55b0 | ||
|   | 8ed2db6aa5 | ||
|   | 667834962e | ||
|   | 78aba58284 | ||
|   | 7c0a924ca3 | ||
|   | 677b1af2ed | ||
|   | c9af860e60 | ||
|   | 3721929be2 | ||
|   | 44e9970b0b | ||
|   | 4fc53cd978 | ||
|   | 122bccd932 | ||
|   | 3233e33e27 | ||
|   | 6b99230843 | ||
| d9e181df93 | |||
|   | 603f8e68a7 | ||
| 10ad0f7743 | |||
| e31bd265b1 | |||
|   | 4cfcbd729f | ||
|   | f786359136 | ||
|   | 6d5fbcbaee | ||
|   | 14a4e47b73 | ||
|   | 3a7859f6cc | ||
|   | 364dfa2076 | ||
| 468c12643f | |||
|   | 46aa0534bb | ||
|   | 455cc67d41 | ||
|   | ec898f1330 | ||
| 82190f3d30 | |||
|   | e059beb82b | ||
|   | 9206b34af3 | ||
|   | 203a282e93 | ||
|   | 81c12fa3e5 | ||
|   | c7e294cf8c | ||
|   | ce60c7bb0f | ||
|   | 2875e08daf | ||
| 09767c4494 | |||
|   | a45253abf9 | ||
|   | f9efe98fe7 | ||
|   | 92c187f264 | ||
|   | 4fbdf634a9 | ||
|   | f0dcbe88dd | ||
|   | aa7ccb47ba | ||
|   | 0f1f329de4 | ||
|   | cb28148dc8 | ||
|   | ee84a1750b | ||
|   | 6e1d516bb2 | ||
|   | 08143654a5 | ||
|   | e134835662 | ||
|   | e7db8cddd9 | ||
| ec7a659535 | |||
|   | db177a356f | ||
|   | d29a7e84a4 | ||
|   | 31fa278145 | ||
|   | 52c249eb08 | ||
|   | 0d532363eb | ||
|   | 8f0f44a864 | ||
|   | cf86118976 | ||
|   | 7f96084a30 | ||
|   | 5292684a4a | ||
|   | edc42f69a9 | ||
|   | 9c607f8a4b | ||
|   | 6d89d0a1b7 | ||
|   | 8f35f45e31 | ||
|   | a94eec4238 | ||
|   | 87272a1244 | ||
|   | ed06694adf | ||
|   | 443a6d0cd7 | ||
|   | 8854e62572 | ||
|   | da2d169d65 | ||
|   | ebb4b1ee49 | ||
|   | e64afe393e | ||
|   | 6e4e414771 | ||
|   | 037eca0c91 | ||
|   | d10adfd064 | ||
|   | a1fc670df5 | ||
|   | 0cfe38aec5 | ||
|   | 5410bb08c2 | ||
|   | 3b32a04b9c | ||
|   | 5b247ea860 | ||
|   | 3aea811f1f | ||
|   | a7035ca4e5 | ||
|   | fa36d2beef | ||
|   | 6c5b42c482 | ||
|   | 356dd6e710 | ||
|   | 1f313ac70e | ||
|   | d2d542e625 | ||
|   | 75cd261b37 | ||
|   | 2c78da9c3e | ||
|   | 06f5179273 | ||
|   | e7e2ae9610 | ||
|   | 62f5ed6d46 | ||
|   | d2e9bcf4b8 | ||
|   | b44d43d2b0 | ||
|   | 03918a126b | ||
|   | 8d3f4d2260 | ||
|   | 74d550922b | ||
|   | 7245b3b4cc | ||
|   | c0cadb9056 | ||
|   | c38703f21e | ||
|   | ad475405e9 | ||
|   | 60ef163b22 | ||
|   | 941ab3ef49 | ||
|   | ff7783fcbe | ||
|   | 9f659afc47 | ||
|   | f74ab67b59 | ||
|   | 724ebc5258 | ||
|   | 44563bed35 | ||
|   | 6cb068ae12 | ||
|   | 3c931de904 | ||
|   | cb516e0f7f | ||
|   | 31d8e7c79f | ||
|   | 11d3fbcc77 | ||
|   | 05143021fe | ||
|   | a983974568 | ||
| edd8557bb0 | |||
|   | a4c706f521 | ||
|   | d8f155562b | ||
|   | 8bf5b2104d | ||
|   | d8ec7dc2f5 | ||
|   | 70cc590eb3 | ||
|   | 3ac51f2628 | ||
| 4f42f4bee3 | |||
|   | cc7532ec90 | ||
|   | 1d908965a8 | ||
|   | 43e0918cfc | ||
|   | 41deaf977e | ||
|   | b8b909be0b | ||
|   | 4f9a48ae51 | ||
|   | ef8ad0f050 | ||
|   | 680d95c943 | ||
|   | 48e61b164b | ||
|   | 3e72e8b983 | ||
|   | 9b28e264f7 | ||
|   | 8c4e8e8f30 | ||
|   | 5968cfa1d4 | ||
|   | 12f253db10 | ||
|   | 535aa1cf1a | ||
|   | a79fd31f7e | ||
|   | 726b36c6d8 | ||
|   | 4691b63f7a | ||
|   | 8f516048e4 | ||
|   | e9084e1833 | ||
|   | e733287dc2 | ||
|   | f4d1a6b516 | ||
|   | c3d0bae515 | ||
|   | aec87c2490 | ||
|   | e3db83e22b | ||
|   | 7cae9d3404 | ||
|   | 52153021e3 | ||
|   | 5f7d353901 | ||
|   | 389a8460e4 | ||
|   | 3bacaaad84 | ||
|   | 2be2e2a639 | 
							
								
								
									
										7
									
								
								.commitlintrc.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								.commitlintrc.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | |||||||
|  | { | ||||||
|  |   "extends": ["@commitlint/config-conventional"], | ||||||
|  |   "rules": { | ||||||
|  |     "type-enum": [2, "always", ["feat", "fix", "chore", "docs", "style", "refactor", "test", "perf", "ci", "WIP"]], | ||||||
|  |     "type-case": [0, "always", "lower-case"] | ||||||
|  |   } | ||||||
|  | } | ||||||
| @@ -23,7 +23,7 @@ | |||||||
| ### Applicable issues | ### Applicable issues | ||||||
|  |  | ||||||
| <!-- Enter any applicable Issues here (You can reference an issue using #). Please remove this section if there is no referenced issue. --> | <!-- Enter any applicable Issues here (You can reference an issue using #). Please remove this section if there is no referenced issue. --> | ||||||
|   - fixes # | - Fixes # | ||||||
|  |  | ||||||
| ### Additional information | ### Additional information | ||||||
|  |  | ||||||
| @@ -39,4 +39,6 @@ | |||||||
|  |  | ||||||
| - [ ] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) | - [ ] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) | ||||||
| - [ ] Breaking changes are documented in the `README.md` | - [ ] Breaking changes are documented in the `README.md` | ||||||
| - [ ] Templating unittests are added | - [ ] Helm templating unittests are added (required when changing anything in `templates` folder) | ||||||
|  | - [ ] Bash unittests are added (required when changing anything in `scripts` folder) | ||||||
|  | - [ ] All added template resources MUST render a namespace in metadata | ||||||
|   | |||||||
							
								
								
									
										114
									
								
								.gitea/scripts/add-annotations.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										114
									
								
								.gitea/scripts/add-annotations.sh
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,114 @@ | |||||||
|  | #!/bin/bash | ||||||
|  |  | ||||||
|  | set -e | ||||||
|  |  | ||||||
|  | CHART_FILE="Chart.yaml" | ||||||
|  | if [ ! -f "${CHART_FILE}" ]; then | ||||||
|  |   echo "ERROR: ${CHART_FILE} not found!" 1>&2 | ||||||
|  |   exit 1 | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)" | ||||||
|  | DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)" | ||||||
|  |  | ||||||
|  | if [ -z "${1}" ]; then | ||||||
|  |   read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG | ||||||
|  |   if [ -z "${OLD_TAG}" ]; then | ||||||
|  |     OLD_TAG="${DEFAULT_OLD_TAG}" | ||||||
|  |   fi | ||||||
|  |  | ||||||
|  |   while [ -z "$(git tag --list "${OLD_TAG}")" ]; do | ||||||
|  |     echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2 | ||||||
|  |     read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG | ||||||
|  |     if [ -z "${OLD_TAG}" ]; then | ||||||
|  |       OLD_TAG="${DEFAULT_OLD_TAG}" | ||||||
|  |     fi | ||||||
|  |   done | ||||||
|  | else | ||||||
|  |   OLD_TAG=${1} | ||||||
|  |   if [ -z "$(git tag --list "${OLD_TAG}")" ]; then | ||||||
|  |     echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2 | ||||||
|  |     exit 1 | ||||||
|  |   fi | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | if [ -z "${2}" ]; then | ||||||
|  |   read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG | ||||||
|  |   if [ -z "${NEW_TAG}" ]; then | ||||||
|  |     NEW_TAG="${DEFAULT_NEW_TAG}" | ||||||
|  |   fi | ||||||
|  |  | ||||||
|  |   while [ -z "$(git tag --list "${NEW_TAG}")" ]; do | ||||||
|  |     echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2 | ||||||
|  |     read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG | ||||||
|  |     if [ -z "${NEW_TAG}" ]; then | ||||||
|  |       NEW_TAG="${DEFAULT_NEW_TAG}" | ||||||
|  |     fi | ||||||
|  |   done | ||||||
|  | else | ||||||
|  |   NEW_TAG=${2} | ||||||
|  |  | ||||||
|  |   if [ -z "$(git tag --list "${NEW_TAG}")" ]; then | ||||||
|  |     echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2 | ||||||
|  |     exit 1 | ||||||
|  |   fi | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | CHANGE_LOG_YAML=$(mktemp) | ||||||
|  | echo "[]" > "${CHANGE_LOG_YAML}" | ||||||
|  |  | ||||||
|  | function map_type_to_kind() { | ||||||
|  |   case "${1}" in | ||||||
|  |     feat) | ||||||
|  |       echo "added" | ||||||
|  |     ;; | ||||||
|  |     fix) | ||||||
|  |       echo "fixed" | ||||||
|  |     ;; | ||||||
|  |     chore|style|test|ci|docs|refac) | ||||||
|  |       echo "changed" | ||||||
|  |     ;; | ||||||
|  |     revert) | ||||||
|  |       echo "removed" | ||||||
|  |     ;; | ||||||
|  |     sec) | ||||||
|  |       echo "security" | ||||||
|  |     ;; | ||||||
|  |     *) | ||||||
|  |       echo "skip" | ||||||
|  |     ;; | ||||||
|  |   esac | ||||||
|  | } | ||||||
|  |  | ||||||
|  | COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")" | ||||||
|  |  | ||||||
|  | echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}" | ||||||
|  |  | ||||||
|  | while IFS= read -r line; do | ||||||
|  |   if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then | ||||||
|  |     TYPE="${BASH_REMATCH[1]}" | ||||||
|  |     KIND=$(map_type_to_kind "${TYPE}") | ||||||
|  |  | ||||||
|  |     if [ "${KIND}" == "skip" ]; then | ||||||
|  |       continue | ||||||
|  |     fi | ||||||
|  |  | ||||||
|  |     DESC="${BASH_REMATCH[3]}" | ||||||
|  |  | ||||||
|  |     echo "- ${KIND}: ${DESC}" | ||||||
|  |  | ||||||
|  |     jq --arg kind "${KIND}" --arg description "${DESC}" '. += [ $ARGS.named ]' < "${CHANGE_LOG_YAML}" > "${CHANGE_LOG_YAML}.new" | ||||||
|  |     mv "${CHANGE_LOG_YAML}.new" "${CHANGE_LOG_YAML}" | ||||||
|  |  | ||||||
|  |   fi | ||||||
|  | done <<< "${COMMIT_TITLES}" | ||||||
|  |  | ||||||
|  | if [ -s "${CHANGE_LOG_YAML}" ]; then | ||||||
|  |   yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}" | ||||||
|  |   yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}" | ||||||
|  | else | ||||||
|  |   echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2 | ||||||
|  |   exit 1 | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | rm "${CHANGE_LOG_YAML}" | ||||||
							
								
								
									
										32
									
								
								.gitea/workflows/changelog.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										32
									
								
								.gitea/workflows/changelog.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,32 @@ | |||||||
|  | name: changelog | ||||||
|  |  | ||||||
|  | on: | ||||||
|  |   push: | ||||||
|  |     branches: | ||||||
|  |       - main | ||||||
|  |  | ||||||
|  | jobs: | ||||||
|  |   changelog: | ||||||
|  |     runs-on: ubuntu-latest | ||||||
|  |     container: docker.io/thegeeklab/git-sv:2.0.5 | ||||||
|  |     steps: | ||||||
|  |       - name: install tools | ||||||
|  |         run: | | ||||||
|  |           apk add -q --update --no-cache nodejs curl jq sed | ||||||
|  |       - uses: actions/checkout@v5 | ||||||
|  |         with: | ||||||
|  |           fetch-depth: 0 | ||||||
|  |       - name: Generate upcoming changelog | ||||||
|  |         run: | | ||||||
|  |           git sv rn -o changelog.md | ||||||
|  |           export RELEASE_NOTES=$(cat changelog.md) | ||||||
|  |           export ISSUE_NUMBER=$(curl -s "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues?state=open&q=Changelog%20for%20upcoming%20version" | jq '.[].number') | ||||||
|  |  | ||||||
|  |           echo $RELEASE_NOTES | ||||||
|  |           JSON_DATA=$(echo "" | jq -Rs --arg title 'Changelog for upcoming version' --arg body "$(cat changelog.md)" '{title: $title, body: $body}') | ||||||
|  |  | ||||||
|  |           if [ -z "$ISSUE_NUMBER" ]; then | ||||||
|  |             curl -s -X POST "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues" -H "Authorization: token ${{ secrets.ISSUE_RW_TOKEN }}" -H "Content-Type: application/json" -d "$JSON_DATA" | ||||||
|  |           else | ||||||
|  |             curl -s -X PATCH "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues/$ISSUE_NUMBER" -H "Authorization: token ${{ secrets.ISSUE_RW_TOKEN }}" -H "Content-Type: application/json" -d "$JSON_DATA" | ||||||
|  |           fi | ||||||
							
								
								
									
										19
									
								
								.gitea/workflows/commitlint.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								.gitea/workflows/commitlint.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | |||||||
|  | name: commitlint | ||||||
|  |  | ||||||
|  | on: | ||||||
|  |   pull_request: | ||||||
|  |     branches: | ||||||
|  |       - "*" | ||||||
|  |     types: | ||||||
|  |       - opened | ||||||
|  |       - edited | ||||||
|  |  | ||||||
|  | jobs: | ||||||
|  |   check-and-test: | ||||||
|  |     runs-on: ubuntu-latest | ||||||
|  |     container: commitlint/commitlint:20.1.0 | ||||||
|  |     steps: | ||||||
|  |       - uses: actions/checkout@v5 | ||||||
|  |       - name: check PR title | ||||||
|  |         run: | | ||||||
|  |           echo "${{ gitea.event.pull_request.title }}" | commitlint --config .commitlintrc.json | ||||||
| @@ -5,33 +5,51 @@ on: | |||||||
|     tags: |     tags: | ||||||
|       - "*" |       - "*" | ||||||
|  |  | ||||||
| env: |  | ||||||
|   # renovate: datasource=docker depName=alpine/helm |  | ||||||
|   HELM_VERSION: "3.15.3" |  | ||||||
|  |  | ||||||
| jobs: | jobs: | ||||||
|   generate-chart-publish: |   generate-chart-publish: | ||||||
|     runs-on: ubuntu-latest |     runs-on: ubuntu-latest | ||||||
|     steps: |     steps: | ||||||
|       - uses: actions/checkout@v4 |       - uses: actions/checkout@v5 | ||||||
|       - name: install tools |         with: | ||||||
|  |           fetch-depth: 0 | ||||||
|  |  | ||||||
|  |       - name: Install packages via apt | ||||||
|         run: | |         run: | | ||||||
|           apt update -y |           apt update --yes | ||||||
|           apt install -y curl ca-certificates curl gnupg |           apt install --yes curl ca-certificates curl gnupg jq | ||||||
|           # helm |  | ||||||
|           curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz |       - name: Install helm | ||||||
|           tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz |         env: | ||||||
|           mv linux-amd64/helm /usr/local/bin/ |           # renovate: datasource=docker depName=alpine/helm | ||||||
|           rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz |           HELM_VERSION: "3.19.0" | ||||||
|  |         run: | | ||||||
|  |           curl --fail --location --output /dev/stdout --silent --show-error https://get.helm.sh/helm-v${HELM_VERSION}-linux-$(dpkg --print-architecture).tar.gz | tar --extract --gzip --file /dev/stdin | ||||||
|  |           mv linux-$(dpkg --print-architecture)/helm /usr/local/bin/ | ||||||
|  |           rm --force --recursive linux-$(dpkg --print-architecture) helm-v${HELM_VERSION}-linux-$(dpkg --print-architecture).tar.gz | ||||||
|           helm version |           helm version | ||||||
|           # docker |  | ||||||
|  |       - name: Install yq | ||||||
|  |         env: | ||||||
|  |           YQ_VERSION: v4.45.4 # renovate: datasource=github-releases depName=mikefarah/yq | ||||||
|  |         run: | | ||||||
|  |           curl --fail --location --output /dev/stdout --silent --show-error https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_$(dpkg --print-architecture).tar.gz | tar --extract --gzip --file /dev/stdin | ||||||
|  |           mv yq_linux_$(dpkg --print-architecture) /usr/local/bin | ||||||
|  |           rm --force --recursive yq_linux_$(dpkg --print-architecture) yq_linux_$(dpkg --print-architecture).tar.gz | ||||||
|  |           yq --version | ||||||
|  |  | ||||||
|  |       - name: Install docker-ce via apt | ||||||
|  |         run: | | ||||||
|           install -m 0755 -d /etc/apt/keyrings |           install -m 0755 -d /etc/apt/keyrings | ||||||
|           curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg |           curl --fail --location --silent --show-error https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg | ||||||
|           chmod a+r /etc/apt/keyrings/docker.gpg |           chmod a+r /etc/apt/keyrings/docker.gpg | ||||||
|           echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null |           echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null | ||||||
|           apt update -y |           apt update --yes | ||||||
|           apt install -y python3 python3-pip apt-transport-https docker-ce-cli |           apt install --yes python3 python3-pip apt-transport-https docker-ce-cli | ||||||
|           pip install awscli |  | ||||||
|  |       - name: Install awscli | ||||||
|  |         run: | | ||||||
|  |           pip install awscli --break-system-packages | ||||||
|  |           aws --version | ||||||
|  |  | ||||||
|       - name: Import GPG key |       - name: Import GPG key | ||||||
|         id: import_gpg |         id: import_gpg | ||||||
| @@ -41,6 +59,15 @@ jobs: | |||||||
|           passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }} |           passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }} | ||||||
|           fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0 |           fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0 | ||||||
|  |  | ||||||
|  |       - name: Add Artifacthub.io annotations | ||||||
|  |         run: | | ||||||
|  |           NEW_TAG="$(git tag --sort=-version:refname | head --lines 1)" | ||||||
|  |           OLD_TAG="$(git tag --sort=-version:refname | head --lines 2 | tail --lines 1)" | ||||||
|  |           .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}" | ||||||
|  |  | ||||||
|  |       - name: Print Chart.yaml | ||||||
|  |         run: cat Chart.yaml | ||||||
|  |  | ||||||
|       # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 |       # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 | ||||||
|       - name: package chart |       - name: package chart | ||||||
|         run: | |         run: | | ||||||
| @@ -51,7 +78,7 @@ jobs: | |||||||
|           helm package --version "${GITHUB_REF#refs/tags/v}" ./ |           helm package --version "${GITHUB_REF#refs/tags/v}" ./ | ||||||
|           mkdir gitea |           mkdir gitea | ||||||
|           mv gitea*.tgz gitea/ |           mv gitea*.tgz gitea/ | ||||||
|           curl -s -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml |           curl --fail --location --output gitea/index.yaml --silent --show-error https://dl.gitea.com/charts/index.yaml | ||||||
|           helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml |           helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml | ||||||
|           # push to dockerhub |           # push to dockerhub | ||||||
|           echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin |           echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin | ||||||
| @@ -59,7 +86,7 @@ jobs: | |||||||
|           helm registry logout registry-1.docker.io |           helm registry logout registry-1.docker.io | ||||||
|  |  | ||||||
|       - name: aws credential configure |       - name: aws credential configure | ||||||
|         uses: https://github.com/aws-actions/configure-aws-credentials@v4 |         uses: https://github.com/aws-actions/configure-aws-credentials@v5 | ||||||
|         with: |         with: | ||||||
|           aws-access-key-id: ${{ secrets.AWS_KEY_ID }} |           aws-access-key-id: ${{ secrets.AWS_KEY_ID }} | ||||||
|           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||||||
| @@ -68,3 +95,29 @@ jobs: | |||||||
|       - name: Copy files to S3 and clear cache |       - name: Copy files to S3 and clear cache | ||||||
|         run: | |         run: | | ||||||
|           aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/ |           aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/ | ||||||
|  |  | ||||||
|  |   release-gitea: | ||||||
|  |     needs: generate-chart-publish | ||||||
|  |     runs-on: ubuntu-latest | ||||||
|  |     container: docker.io/thegeeklab/git-sv:2.0.5 | ||||||
|  |     steps: | ||||||
|  |       - name: install tools | ||||||
|  |         run: | | ||||||
|  |           apk add -q --update --no-cache nodejs | ||||||
|  |       - uses: actions/checkout@v5 | ||||||
|  |         with: | ||||||
|  |           fetch-tags: true | ||||||
|  |           fetch-depth: 0 | ||||||
|  |  | ||||||
|  |       - name: Create changelog | ||||||
|  |         run: | | ||||||
|  |           git sv current-version | ||||||
|  |           git sv release-notes -t ${GITHUB_REF#refs/tags/} -o CHANGELOG.md | ||||||
|  |           sed -i '1,2d' CHANGELOG.md # remove version | ||||||
|  |           cat CHANGELOG.md | ||||||
|  |  | ||||||
|  |       - name: Release | ||||||
|  |         uses: https://github.com/akkuman/gitea-release-action@v1 | ||||||
|  |         with: | ||||||
|  |           body_path: CHANGELOG.md | ||||||
|  |           token: "${{ secrets.RELEASE_TOKEN }}" | ||||||
|   | |||||||
| @@ -7,31 +7,35 @@ on: | |||||||
|   push: |   push: | ||||||
|     branches: |     branches: | ||||||
|       - main |       - main | ||||||
|       - "renovate/**" |  | ||||||
|  |  | ||||||
| env: | env: | ||||||
|   # renovate: datasource=github-releases depName=helm-unittest/helm-unittest |   # renovate: datasource=github-releases depName=helm-unittest/helm-unittest | ||||||
|   HELM_UNITTEST_VERSION: "v0.5.2" |   HELM_UNITTEST_VERSION: "v1.0.3" | ||||||
|  |  | ||||||
| jobs: | jobs: | ||||||
|   check-and-test: |   check-and-test: | ||||||
|     runs-on: ubuntu-latest |     runs-on: ubuntu-latest | ||||||
|     container: alpine/helm:3.15.3 |     container: alpine/helm:3.19.0 | ||||||
|     steps: |     steps: | ||||||
|       - name: install tools |       - name: install tools | ||||||
|         run: | |         run: | | ||||||
|           apk update |           apk update | ||||||
|           apk add --update make nodejs npm yamllint |           apk add --update bash make nodejs npm yamllint ncurses | ||||||
|       - uses: actions/checkout@v4 |       - uses: actions/checkout@v5 | ||||||
|       - name: install chart dependencies |       - name: install chart dependencies | ||||||
|         run: helm dependency build |         run: helm dependency build | ||||||
|       - name: lint |       - name: lint | ||||||
|         run: helm lint |         run: helm lint | ||||||
|       - name: template |       - name: template | ||||||
|         run: helm template --debug gitea-helm . |         run: helm template --debug gitea-helm . | ||||||
|       - name: unit tests |       - name: prepare unit test environment | ||||||
|         run: | |         run: | | ||||||
|           helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest |           helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest | ||||||
|  |           git submodule update --init --recursive | ||||||
|  |       - name: unit tests | ||||||
|  |         env: | ||||||
|  |           TERM: xterm | ||||||
|  |         run: | | ||||||
|           make unittests |           make unittests | ||||||
|       - name: verify readme |       - name: verify readme | ||||||
|         run: | |         run: | | ||||||
|   | |||||||
							
								
								
									
										12
									
								
								.gitmodules
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								.gitmodules
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,12 @@ | |||||||
|  | [submodule "unittests/bash/bats"] | ||||||
|  | 	path = unittests/bash/bats | ||||||
|  | 	url = https://github.com/bats-core/bats-core.git | ||||||
|  | [submodule "unittests/bash/test_helper/bats-support"] | ||||||
|  | 	path = unittests/bash/test_helper/bats-support | ||||||
|  | 	url = https://github.com/bats-core/bats-support.git | ||||||
|  | [submodule "unittests/bash/test_helper/bats-assert"] | ||||||
|  | 	path = unittests/bash/test_helper/bats-assert | ||||||
|  | 	url = https://github.com/bats-core/bats-assert.git | ||||||
|  | [submodule "unittests/bash/test_helper/bats-mock"] | ||||||
|  | 	path = unittests/bash/test_helper/bats-mock | ||||||
|  | 	url = https://github.com/jasonkarns/bats-mock.git | ||||||
							
								
								
									
										57
									
								
								.gitsv/config.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										57
									
								
								.gitsv/config.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,57 @@ | |||||||
|  | version: '1.1' # Configuration version. | ||||||
|  |  | ||||||
|  | versioning: | ||||||
|  |   update-major: [breaking] # Commit types used to bump major. | ||||||
|  |   update-minor: [feat, perf] # Commit types used to bump minor. | ||||||
|  |   update-patch: [build, ci, chore, fix, perf, refactor, test] # Commit types used to bump patch. | ||||||
|  |   # When type is not present on update rules and is unknown (not mapped on commit message types); | ||||||
|  |   # if ignore-unknown=false bump patch, if ignore-unknown=true do not bump version. | ||||||
|  |   ignore-unknown: false | ||||||
|  |  | ||||||
|  | tag: | ||||||
|  |   pattern: 'v%d.%d.%d' # Pattern used to create git tag. | ||||||
|  |   filter: '' # Enables you to filter for considerable tags using git pattern syntax. | ||||||
|  |  | ||||||
|  | release-notes: | ||||||
|  |   sections: # Array with each section of release note. Check template section for more information. | ||||||
|  |     - name: Breaking Changes | ||||||
|  |       section-type: breaking-changes | ||||||
|  |     - name: Features # Name used on section. | ||||||
|  |       section-type: commits # Type of the section, supported types: commits, breaking-changes. | ||||||
|  |       commit-types: [feat, perf] # Commit types for commit section-type, one commit type cannot be in more than one section. | ||||||
|  |     - name: Bug Fixes | ||||||
|  |       section-type: commits | ||||||
|  |       commit-types: [fix] | ||||||
|  |     - name: Maintenance | ||||||
|  |       section-type: commits | ||||||
|  |       commit-types: [chore, refactor] | ||||||
|  |     - name: Documentation | ||||||
|  |       commit-types: [docs] | ||||||
|  |       section-type: commits | ||||||
|  |     - name: CI | ||||||
|  |       commit-types: [ci] | ||||||
|  |       section-type: commits | ||||||
|  |  | ||||||
|  | branches: # Git branches config. | ||||||
|  |   prefix: ([a-z]+\/)? # Prefix used on branch name, it should be a regex group. | ||||||
|  |   suffix: (-.*)? # Suffix used on branch name, it should be a regex group. | ||||||
|  |   disable-issue: false # Set true if there is no need to recover issue id from branch name. | ||||||
|  |   skip: [] # List of branch names ignored on commit message validation. | ||||||
|  |   skip-detached: false # Set true if a detached branch should be ignored on commit message validation. | ||||||
|  |  | ||||||
|  | commit-message: | ||||||
|  |   # Supported commit types. | ||||||
|  |   types: [build, ci, chore, docs, feat, fix, perf, refactor, revert, style, test] | ||||||
|  |   header-selector: '' # You can put in a regex here to select only a certain part of the commit message. Please define a regex group 'header'. | ||||||
|  |   scope: | ||||||
|  |     # Define supported scopes, if blank, scope will not be validated, if not, only scope listed will be valid. | ||||||
|  |     # Don't forget to add "" on your list if you need to define scopes and keep it optional. | ||||||
|  |     values: [] | ||||||
|  |   footer: | ||||||
|  |     issue: # Use "issue: {}" if you wish to disable issue footer. | ||||||
|  |       key: jira # Name used to define an issue on footer metadata. | ||||||
|  |       key-synonyms: [Jira, JIRA] # Supported variations for footer metadata. | ||||||
|  |       use-hash: false # If false, use :<space> separator. If true, use <space># separator. | ||||||
|  |       add-value-prefix: '' # Add a prefix to issue value. | ||||||
|  |   issue: | ||||||
|  |     regex: '[A-Z]+-[0-9]+' # Regex for issue id. | ||||||
| @@ -5,6 +5,7 @@ | |||||||
| # Common VCS dirs | # Common VCS dirs | ||||||
| .git/ | .git/ | ||||||
| .gitignore | .gitignore | ||||||
|  | .gitmodules | ||||||
| .bzr/ | .bzr/ | ||||||
| .bzrignore | .bzrignore | ||||||
| .hg/ | .hg/ | ||||||
| @@ -31,3 +32,10 @@ Makefile | |||||||
| .drone.yml | .drone.yml | ||||||
| CONTRIBUTING.md | CONTRIBUTING.md | ||||||
| unittests/ | unittests/ | ||||||
|  | .editorconfig | ||||||
|  | .prettierignore | ||||||
|  | .yamllint | ||||||
|  | CODEOWNERS | ||||||
|  | renovate.json5 | ||||||
|  | .commitlintrc.json | ||||||
|  | .gitsv/ | ||||||
|   | |||||||
| @@ -129,6 +129,7 @@ MD041: | |||||||
| MD044: | MD044: | ||||||
|   # List of proper names |   # List of proper names | ||||||
|   names: |   names: | ||||||
|  |     - docker.gitea.com | ||||||
|     - Gitea |     - Gitea | ||||||
|     - PostgreSQL |     - PostgreSQL | ||||||
|     - Memcached |     - Memcached | ||||||
|   | |||||||
							
								
								
									
										3
									
								
								.vscode/extensions.json
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										3
									
								
								.vscode/extensions.json
									
									
									
									
										vendored
									
									
								
							| @@ -3,6 +3,7 @@ | |||||||
|         "yzhang.markdown-all-in-one", |         "yzhang.markdown-all-in-one", | ||||||
|         "DavidAnson.vscode-markdownlint", |         "DavidAnson.vscode-markdownlint", | ||||||
|         "Tim-Koehler.helm-intellisense", |         "Tim-Koehler.helm-intellisense", | ||||||
|         "esbenp.prettier-vscode" |         "esbenp.prettier-vscode", | ||||||
|  |         "jetmartin.bats" | ||||||
|     ] |     ] | ||||||
|   } |   } | ||||||
|   | |||||||
							
								
								
									
										11
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										11
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
								
							| @@ -1,8 +1,15 @@ | |||||||
| { | { | ||||||
|     "yaml.schemas": { |     "yaml.schemas": { | ||||||
|         "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.2/schema/helm-testsuite.json": [ |         "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.3/schema/helm-testsuite.json": [ | ||||||
|             "/unittests/**/*.yaml" |             "/unittests/**/*.yaml" | ||||||
|         ] |         ] | ||||||
|     }, |     }, | ||||||
|     "yaml.schemaStore.enable": true |     "yaml.schemaStore.enable": true, | ||||||
|  |     "[bats]": { | ||||||
|  |         "editor.tabSize": 2 | ||||||
|  |     }, | ||||||
|  |     "[shellscript]": { | ||||||
|  |         "files.eol": "\n", | ||||||
|  |         "editor.tabSize": 2 | ||||||
|  |     } | ||||||
| } | } | ||||||
|   | |||||||
| @@ -5,7 +5,7 @@ ignore: | | |||||||
|   .yamllint |   .yamllint | ||||||
|   node_modules |   node_modules | ||||||
|   templates |   templates | ||||||
|  |   unittests/bash | ||||||
|  |  | ||||||
| rules: | rules: | ||||||
|   truthy: |   truthy: | ||||||
|   | |||||||
| @@ -1 +1 @@ | |||||||
| * @justusbunsi @pat-s | * @rossigee @volker.raschek @ChristopherHX | ||||||
|   | |||||||
| @@ -29,6 +29,7 @@ When submitting or updating a PR: | |||||||
| - try to avoid rebases. They make code reviews for large PRs and comments much harder. | - try to avoid rebases. They make code reviews for large PRs and comments much harder. | ||||||
| - if applicable, use the PR template for a well-defined PR description. | - if applicable, use the PR template for a well-defined PR description. | ||||||
| - clearly mark breaking changes. | - clearly mark breaking changes. | ||||||
|  | - format the PR title following the [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/#specification) schema | ||||||
|  |  | ||||||
| ## Local development & testing | ## Local development & testing | ||||||
|  |  | ||||||
| @@ -37,7 +38,7 @@ be used: | |||||||
|  |  | ||||||
| 1. Install `minikube` and `helm`. | 1. Install `minikube` and `helm`. | ||||||
| 1. Start a `minikube` cluster via `minikube start`. | 1. Start a `minikube` cluster via `minikube start`. | ||||||
| 1. From the `gitea/helm-chart` directory execute the following command. | 1. From the `gitea/helm-gitea` directory execute the following command. | ||||||
|    This will install the dependencies listed in `Chart.yml` and deploy the current state of the helm chart found locally. |    This will install the dependencies listed in `Chart.yml` and deploy the current state of the helm chart found locally. | ||||||
|    If you want to test a branch, make sure to switch to the respective branch first. |    If you want to test a branch, make sure to switch to the respective branch first. | ||||||
|    `helm install --dependency-update gitea . -f values.yaml`. |    `helm install --dependency-update gitea . -f values.yaml`. | ||||||
| @@ -48,18 +49,32 @@ default port-forward svc/gitea-http 3000:3000`. | |||||||
|  |  | ||||||
| ### Unit tests | ### Unit tests | ||||||
|  |  | ||||||
|  | #### Helm templating tests | ||||||
|  |  | ||||||
| ```bash | ```bash | ||||||
| # install the unittest plugin | # install the unittest plugin | ||||||
| $ helm plugin install https://github.com/helm-unittest/helm-unittest | $ helm plugin install https://github.com/helm-unittest/helm-unittest | ||||||
|  |  | ||||||
| # run the unittests | # run the Helm unittests | ||||||
| make unittests | make unittests-helm | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/main/DOCUMENT.md) for usage instructions. | See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/main/DOCUMENT.md) for usage instructions. | ||||||
|  |  | ||||||
|  | #### Bash script tests | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # setup the environment | ||||||
|  | git submodule update --init --recursive | ||||||
|  |  | ||||||
|  | # run the bash tests | ||||||
|  | make unittests-bash | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | See [bats documentation](https://bats-core.readthedocs.io/en/stable/) for usage instructions. | ||||||
|  |  | ||||||
| ## Release process | ## Release process | ||||||
|  |  | ||||||
| 1. Create a tag following the tagging schema | 1. Ensure you have [`git-sv`](https://github.com/thegeeklab/git-sv) installed | ||||||
| 1. Push the tag | 1. Run `git sv tag` (this creates and pushes the tag following the respective next tag according to the semver commits issued since the last release) | ||||||
| 1. Let CI do it's work | 1. Let CI do it's work | ||||||
|   | |||||||
							
								
								
									
										16
									
								
								Chart.lock
									
									
									
									
									
								
							
							
						
						
									
										16
									
								
								Chart.lock
									
									
									
									
									
								
							| @@ -1,15 +1,15 @@ | |||||||
| dependencies: | dependencies: | ||||||
| - name: postgresql | - name: postgresql | ||||||
|   repository: oci://registry-1.docker.io/bitnamicharts |   repository: oci://registry-1.docker.io/bitnamicharts | ||||||
|   version: 15.5.20 |   version: 16.7.27 | ||||||
| - name: postgresql-ha | - name: postgresql-ha | ||||||
|   repository: oci://registry-1.docker.io/bitnamicharts |   repository: oci://registry-1.docker.io/bitnamicharts | ||||||
|   version: 14.2.16 |   version: 16.3.2 | ||||||
| - name: redis-cluster | - name: valkey-cluster | ||||||
|   repository: oci://registry-1.docker.io/bitnamicharts |   repository: oci://registry-1.docker.io/bitnamicharts | ||||||
|   version: 10.3.0 |   version: 3.0.24 | ||||||
| - name: redis | - name: valkey | ||||||
|   repository: oci://registry-1.docker.io/bitnamicharts |   repository: oci://registry-1.docker.io/bitnamicharts | ||||||
|   version: 19.6.4 |   version: 3.0.31 | ||||||
| digest: sha256:a28c809273f313c482e3f803a0a002c3bb3a0d2090bf6b732d68ecc4710b4732 | digest: sha256:ceb6a1890cfdc2627abb85d3e2a4baa64d30afd21dcfabce978a824a67f0a2bb | ||||||
| generated: "2024-08-03T00:21:16.080925346Z" | generated: "2025-08-30T00:03:04.59764502Z" | ||||||
|   | |||||||
							
								
								
									
										57
									
								
								Chart.yaml
									
									
									
									
									
								
							
							
						
						
									
										57
									
								
								Chart.yaml
									
									
									
									
									
								
							| @@ -4,9 +4,14 @@ description: Gitea Helm chart for Kubernetes | |||||||
| type: application | type: application | ||||||
| version: 0.0.0 | version: 0.0.0 | ||||||
| # renovate datasource=github-releases depName=go-gitea/gitea extractVersion=^v(?<version>.*)$ | # renovate datasource=github-releases depName=go-gitea/gitea extractVersion=^v(?<version>.*)$ | ||||||
| appVersion: 1.22.3 | appVersion: 1.24.6 | ||||||
| icon: https://gitea.com/assets/img/logo.svg | icon: https://gitea.com/assets/img/logo.svg | ||||||
|  |  | ||||||
|  | annotations: | ||||||
|  |   artifacthub.io/links: | | ||||||
|  |     - name: support | ||||||
|  |       url: https://gitea.com/gitea/helm-gitea/issues | ||||||
|  |  | ||||||
| keywords: | keywords: | ||||||
|   - git |   - git | ||||||
|   - issue tracker |   - issue tracker | ||||||
| @@ -14,42 +19,44 @@ keywords: | |||||||
|   - wiki |   - wiki | ||||||
|   - gitea |   - gitea | ||||||
|   - gogs |   - gogs | ||||||
|  |  | ||||||
| sources: | sources: | ||||||
|   - https://gitea.com/gitea/helm-chart |   - https://gitea.com/gitea/helm-gitea | ||||||
|   - https://github.com/go-gitea/gitea |   - https://github.com/go-gitea/gitea | ||||||
|   - https://hub.docker.com/r/gitea/gitea/ |   - https://docker.gitea.com/gitea | ||||||
|  |  | ||||||
| maintainers: | maintainers: | ||||||
|   - name: Charlie Drage |   # https://gitea.com/rossigee | ||||||
|     email: charlie@charliedrage.com |   - name: Ross Golder | ||||||
|   - name: Gitea Authors |     email: ross@golder.org | ||||||
|     email: maintainers@gitea.io |   # https://gitea.com/volker.raschek | ||||||
|   - name: Konrad Lother |   - name: Markus Pesch | ||||||
|     email: konrad.lother@novum-rgi.de |     email: markus.pesch+apps@cryptic.systems | ||||||
|   - name: Lucas Hahn |   # https://gitea.com/DaanSelen | ||||||
|     email: lucas.hahn@novum-rgi.de |   - name: Daan Selen | ||||||
|   - name: Steven Kriegler |     email: dselen@nerthus.nl | ||||||
|     email: sk.bunsenbrenner@gmail.com |   # https://gitea.com/ChristopherHX | ||||||
|   - name: Patrick Schratz |   - name: Christopher Homberger | ||||||
|     email: patrick.schratz@gmail.com |     email: christopher.homberger@web.de | ||||||
|  |  | ||||||
| dependencies: | dependencies: | ||||||
|   # https://github.com/bitnami/charts/blob/main/bitnami/postgresql |   # https://github.com/bitnami/charts/blob/main/bitnami/postgresql | ||||||
|   - name: postgresql |   - name: postgresql | ||||||
|     repository: oci://registry-1.docker.io/bitnamicharts |     repository: oci://registry-1.docker.io/bitnamicharts | ||||||
|     version: 15.5.20 |     version: 16.7.27 | ||||||
|     condition: postgresql.enabled |     condition: postgresql.enabled | ||||||
|   # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml |   # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml | ||||||
|   - name: postgresql-ha |   - name: postgresql-ha | ||||||
|     repository: oci://registry-1.docker.io/bitnamicharts |     repository: oci://registry-1.docker.io/bitnamicharts | ||||||
|     version: 14.2.16 |     version: 16.3.2 | ||||||
|     condition: postgresql-ha.enabled |     condition: postgresql-ha.enabled | ||||||
|   # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml |   # https://github.com/bitnami/charts/blob/main/bitnami/valkey-cluster/Chart.yaml | ||||||
|   - name: redis-cluster |   - name: valkey-cluster | ||||||
|     repository: oci://registry-1.docker.io/bitnamicharts |     repository: oci://registry-1.docker.io/bitnamicharts | ||||||
|     version: 10.3.0 |     version: 3.0.24 | ||||||
|     condition: redis-cluster.enabled |     condition: valkey-cluster.enabled | ||||||
|   # https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml |   # https://github.com/bitnami/charts/blob/main/bitnami/valkey/Chart.yaml | ||||||
|   - name: redis |   - name: valkey | ||||||
|     repository: oci://registry-1.docker.io/bitnamicharts |     repository: oci://registry-1.docker.io/bitnamicharts | ||||||
|     version: 19.6.4 |     version: 3.0.31 | ||||||
|     condition: redis.enabled |     condition: valkey.enabled | ||||||
|   | |||||||
							
								
								
									
										13
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						
									
										13
									
								
								Makefile
									
									
									
									
									
								
							| @@ -1,3 +1,5 @@ | |||||||
|  | SHELL := /usr/bin/env bash -O globstar | ||||||
|  |  | ||||||
| .PHONY: prepare-environment | .PHONY: prepare-environment | ||||||
| prepare-environment: | prepare-environment: | ||||||
| 	npm install | 	npm install | ||||||
| @@ -8,8 +10,15 @@ readme: prepare-environment | |||||||
| 	npm run readme:lint | 	npm run readme:lint | ||||||
|  |  | ||||||
| .PHONY: unittests | .PHONY: unittests | ||||||
| unittests: | unittests: unittests-helm unittests-bash | ||||||
| 	helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' -f 'unittests/values-conflicting-checks.yaml' ./ |  | ||||||
|  | .PHONY: unittests-helm | ||||||
|  | unittests-helm: | ||||||
|  | 	helm unittest --strict -f 'unittests/helm/**/*.yaml' -f 'unittests/helm/values-conflicting-checks.yaml' ./ | ||||||
|  |  | ||||||
|  | .PHONY: unittests-bash | ||||||
|  | unittests-bash: | ||||||
|  | 	./unittests/bash/bats/bin/bats --pretty ./unittests/bash/tests/**/*.bats | ||||||
|  |  | ||||||
| .PHONY: helm | .PHONY: helm | ||||||
| update-helm-dependencies: | update-helm-dependencies: | ||||||
|   | |||||||
							
								
								
									
										304
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										304
									
								
								README.md
									
									
									
									
									
								
							| @@ -8,6 +8,7 @@ | |||||||
|   - [Dependency Versioning](#dependency-versioning) |   - [Dependency Versioning](#dependency-versioning) | ||||||
| - [Installing](#installing) | - [Installing](#installing) | ||||||
| - [High Availability](#high-availability) | - [High Availability](#high-availability) | ||||||
|  | - [Limit resources](#limit-resources) | ||||||
| - [Configuration](#configuration) | - [Configuration](#configuration) | ||||||
|   - [Default Configuration](#default-configuration) |   - [Default Configuration](#default-configuration) | ||||||
|     - [Database defaults](#database-defaults) |     - [Database defaults](#database-defaults) | ||||||
| @@ -30,7 +31,9 @@ | |||||||
|   - [OAuth2 Settings](#oauth2-settings) |   - [OAuth2 Settings](#oauth2-settings) | ||||||
| - [Configure commit signing](#configure-commit-signing) | - [Configure commit signing](#configure-commit-signing) | ||||||
| - [Metrics and profiling](#metrics-and-profiling) | - [Metrics and profiling](#metrics-and-profiling) | ||||||
|  |   - [Secure Metrics Endpoint](#secure-metrics-endpoint) | ||||||
| - [Pod annotations](#pod-annotations) | - [Pod annotations](#pod-annotations) | ||||||
|  | - [TLS certificate rotation](#tls-certificate-rotation) | ||||||
| - [Themes](#themes) | - [Themes](#themes) | ||||||
| - [Renovate](#renovate) | - [Renovate](#renovate) | ||||||
| - [Parameters](#parameters) | - [Parameters](#parameters) | ||||||
| @@ -45,13 +48,12 @@ | |||||||
|   - [Persistence](#persistence-1) |   - [Persistence](#persistence-1) | ||||||
|   - [Init](#init) |   - [Init](#init) | ||||||
|   - [Signing](#signing) |   - [Signing](#signing) | ||||||
|   - [Gitea Actions](#gitea-actions) |  | ||||||
|   - [Gitea](#gitea) |   - [Gitea](#gitea) | ||||||
|   - [LivenessProbe](#livenessprobe) |   - [LivenessProbe](#livenessprobe) | ||||||
|   - [ReadinessProbe](#readinessprobe) |   - [ReadinessProbe](#readinessprobe) | ||||||
|   - [StartupProbe](#startupprobe) |   - [StartupProbe](#startupprobe) | ||||||
|   - [redis-cluster](#redis-cluster) |   - [valkey-cluster](#valkey-cluster) | ||||||
|   - [redis](#redis) |   - [valkey](#valkey) | ||||||
|   - [PostgreSQL HA](#postgresql-ha) |   - [PostgreSQL HA](#postgresql-ha) | ||||||
|   - [PostgreSQL](#postgresql) |   - [PostgreSQL](#postgresql) | ||||||
|   - [Advanced](#advanced) |   - [Advanced](#advanced) | ||||||
| @@ -70,7 +72,7 @@ Additionally, this chart allows to provide LDAP and admin user configuration wit | |||||||
| ## Update and versioning policy | ## Update and versioning policy | ||||||
|  |  | ||||||
| The Gitea helm chart versioning does not follow Gitea's versioning. | The Gitea helm chart versioning does not follow Gitea's versioning. | ||||||
| The latest chart version can be looked up in [https://dl.gitea.com/charts](https://dl.gitea.com/charts) or in the [repository releases](https://gitea.com/gitea/helm-chart/releases). | The latest chart version can be looked up in [https://dl.gitea.com/charts](https://dl.gitea.com/charts) or in the [repository releases](https://gitea.com/gitea/helm-gitea/releases). | ||||||
|  |  | ||||||
| The chart aims to follow Gitea's releases closely. | The chart aims to follow Gitea's releases closely. | ||||||
| There might be times when the chart is behind the latest Gitea release. | There might be times when the chart is behind the latest Gitea release. | ||||||
| @@ -94,14 +96,14 @@ Users can also configure their own external providers via the configuration. | |||||||
| These dependencies are enabled by default: | These dependencies are enabled by default: | ||||||
|  |  | ||||||
| - PostgreSQL HA ([Bitnami PostgreSQL-HA](https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml)) | - PostgreSQL HA ([Bitnami PostgreSQL-HA](https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml)) | ||||||
| - Redis-Cluster ([Bitnami Redis-Cluster](https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml)) | - Valkey-Cluster ([Bitnami Valkey-Cluster](https://github.com/bitnami/charts/blob/main/bitnami/valkey-cluster/Chart.yaml)) | ||||||
|  |  | ||||||
| ### Non-HA Dependencies | ### Non-HA Dependencies | ||||||
|  |  | ||||||
| Alternatively, the following non-HA replacements are available: | Alternatively, the following non-HA replacements are available: | ||||||
|  |  | ||||||
| - PostgreSQL ([Bitnami PostgreSQL](<Postgresql](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml)>)) | - PostgreSQL ([Bitnami PostgreSQL](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml)) | ||||||
| - Redis ([Bitnami Redis](<Redis](https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml)>)) | - Valkey ([Bitnami Valkey](https://github.com/bitnami/charts/blob/main/bitnami/valkey/Chart.yaml)) | ||||||
|  |  | ||||||
| ### Dependency Versioning | ### Dependency Versioning | ||||||
|  |  | ||||||
| @@ -119,8 +121,8 @@ Please double-check the image repository and available tags in the sub-chart: | |||||||
|  |  | ||||||
| - [PostgreSQL-HA](https://hub.docker.com/r/bitnami/postgresql-repmgr/tags) | - [PostgreSQL-HA](https://hub.docker.com/r/bitnami/postgresql-repmgr/tags) | ||||||
| - [PostgreSQL](https://hub.docker.com/r/bitnami/postgresql/tags) | - [PostgreSQL](https://hub.docker.com/r/bitnami/postgresql/tags) | ||||||
| - [Redis Cluster](https://hub.docker.com/r/bitnami/redis-cluster/tags) | - [Valkey Cluster](https://hub.docker.com/r/bitnami/valkey-cluster/tags) | ||||||
| - [Redis](https://hub.docker.com/r/bitnami/redis/tags) | - [Valkey](https://hub.docker.com/r/bitnami/valkey/tags) | ||||||
|  |  | ||||||
| and look up the image tag which fits your needs on Dockerhub. | and look up the image tag which fits your needs on Dockerhub. | ||||||
|  |  | ||||||
| @@ -138,6 +140,12 @@ Alternatively, the chart can also be installed from Dockerhub (since v9.6.0) | |||||||
| helm install gitea oci://registry-1.docker.io/giteacharts/gitea | helm install gitea oci://registry-1.docker.io/giteacharts/gitea | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  | To avoid potential Dockerhub rate limits, the chart can also be installed via [docker.gitea.com](https://blog.gitea.com/docker-registry-update/) (since v9.6.0) | ||||||
|  |  | ||||||
|  | ```sh | ||||||
|  | helm install gitea oci://docker.gitea.com/charts/gitea | ||||||
|  | ``` | ||||||
|  |  | ||||||
| When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom of this document for major and breaking changes. | When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom of this document for major and breaking changes. | ||||||
|  |  | ||||||
| ## High Availability | ## High Availability | ||||||
| @@ -148,6 +156,44 @@ Care must be taken for production use as not all implementation details of Gitea | |||||||
| Deploying a HA-ready Gitea instance requires some effort including using HA-ready dependencies. | Deploying a HA-ready Gitea instance requires some effort including using HA-ready dependencies. | ||||||
| See the [HA Setup](docs/ha-setup.md) document for more details. | See the [HA Setup](docs/ha-setup.md) document for more details. | ||||||
|  |  | ||||||
|  | ## Limit resources | ||||||
|  |  | ||||||
|  | If the application is deployed with a CPU resource limit, Prometheus may throw a CPU throttling warning for the | ||||||
|  | application. This has more or less to do with the fact that the application finds the number of CPUs of the host, but | ||||||
|  | cannot use the available CPU time to perform computing operations. | ||||||
|  |  | ||||||
|  | The application must be informed that despite several CPUs only a part (limit) of the available computing time is | ||||||
|  | available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way | ||||||
|  | of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS | ||||||
|  | rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling. | ||||||
|  |  | ||||||
|  | Further information about this topic can be found [under this link](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/). | ||||||
|  |  | ||||||
|  | > [!NOTE] | ||||||
|  | > The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is | ||||||
|  | > not anymore required. | ||||||
|  | > | ||||||
|  | > Please note that a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully. | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | deployment: | ||||||
|  |   env: | ||||||
|  |     # Will be automatically defined! | ||||||
|  |     - name: GOMAXPROCS | ||||||
|  |       valueFrom: | ||||||
|  |         resourceFieldRef: | ||||||
|  |           divisor: "1" # Is required for GitDevOps systems like ArgoCD/Flux. Otherwise throw the system a diff error. (k8s-default=1) | ||||||
|  |           resource: limits.cpu | ||||||
|  |  | ||||||
|  | resources: | ||||||
|  |   limits: | ||||||
|  |     cpu: 1000m | ||||||
|  |     memory: 512Mi | ||||||
|  |   requests: | ||||||
|  |     cpu: 100m | ||||||
|  |     memory: 512Mi | ||||||
|  | ``` | ||||||
|  |  | ||||||
| ## Configuration | ## Configuration | ||||||
|  |  | ||||||
| Gitea offers lots of configuration options. | Gitea offers lots of configuration options. | ||||||
| @@ -236,28 +282,28 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us | |||||||
|  |  | ||||||
| #### Session, Cache and Queue | #### Session, Cache and Queue | ||||||
|  |  | ||||||
| The session, cache and queue settings are set to use the built-in Redis Cluster sub-chart dependency. | The session, cache and queue settings are set to use the built-in Valkey Cluster sub-chart dependency. | ||||||
| If Redis Cluster is disabled, the chart will fall back to the Gitea defaults which use "memory" for `session` and `cache` and "level" for `queue`. | If Valkey Cluster is disabled, the chart will fall back to the Gitea defaults which use "memory" for `session` and `cache` and "level" for `queue`. | ||||||
|  |  | ||||||
| While these will work and even not cause immediate issues after startup, **they are not recommended for production use**. | While these will work and even not cause immediate issues after startup, **they are not recommended for production use**. | ||||||
| Reasons being that a single pod will take on all the work for `session` and `cache` tasks in its available memory. | Reasons being that a single pod will take on all the work for `session` and `cache` tasks in its available memory. | ||||||
| It is likely that the pod will run out of memory or will face substantial memory spikes, depending on the workload. | It is likely that the pod will run out of memory or will face substantial memory spikes, depending on the workload. | ||||||
| External tools such as `redis-cluster` or `memcached` handle these workloads much better. | External tools such as `valkey-cluster` or `memcached` handle these workloads much better. | ||||||
|  |  | ||||||
| ### Single-Pod Configurations | ### Single-Pod Configurations | ||||||
|  |  | ||||||
| If HA is not needed/desired, the following configurations can be used to deploy a single-pod Gitea instance. | If HA is not needed/desired, the following configurations can be used to deploy a single-pod Gitea instance. | ||||||
|  |  | ||||||
| 1. For a production-ready single-pod Gitea instance without external dependencies (using the chart dependency `postgresql` and `redis`): | 1. For a production-ready single-pod Gitea instance without external dependencies (using the chart dependency `postgresql` and `valkey`): | ||||||
|  |  | ||||||
|    <details> |    <details> | ||||||
|  |  | ||||||
|    <summary>values.yml</summary> |    <summary>values.yml</summary> | ||||||
|  |  | ||||||
|    ```yaml |    ```yaml | ||||||
|    redis-cluster: |    valkey-cluster: | ||||||
|      enabled: false |      enabled: false | ||||||
|    redis: |    valkey: | ||||||
|      enabled: true |      enabled: true | ||||||
|    postgresql: |    postgresql: | ||||||
|      enabled: true |      enabled: true | ||||||
| @@ -288,9 +334,9 @@ If HA is not needed/desired, the following configurations can be used to deploy | |||||||
|    <summary>values.yml</summary> |    <summary>values.yml</summary> | ||||||
|  |  | ||||||
|    ```yaml |    ```yaml | ||||||
|    redis-cluster: |    valkey-cluster: | ||||||
|      enabled: false |      enabled: false | ||||||
|    redis: |    valkey: | ||||||
|      enabled: false |      enabled: false | ||||||
|    postgresql: |    postgresql: | ||||||
|      enabled: false |      enabled: false | ||||||
| @@ -488,21 +534,21 @@ and the repository exists. | |||||||
| ``` | ``` | ||||||
|  |  | ||||||
| To solve this problem add the capability `SYS_CHROOT` to the `securityContext`. | To solve this problem add the capability `SYS_CHROOT` to the `securityContext`. | ||||||
| More about this issue [here](https://gitea.com/gitea/helm-chart/issues/161). | More about this issue [under this link](https://gitea.com/gitea/helm-gitea/issues/161). | ||||||
|  |  | ||||||
| ### Cache | ### Cache | ||||||
|  |  | ||||||
| The cache handling is done via `redis-cluster` (via the `bitnami` chart) by default. | The cache handling is done via `valkey-cluster` (via the `bitnami` chart) by default. | ||||||
| This deployment is HA-ready but can also be used for single-pod deployments. | This deployment is HA-ready but can also be used for single-pod deployments. | ||||||
| By default, 6 replicas are deployed for a working `redis-cluster` deployment. | By default, 6 replicas are deployed for a working `valkey-cluster` deployment. | ||||||
| Many cloud providers offer a managed redis service, which can be used instead of the built-in `redis-cluster`. | Many cloud providers offer a managed valkey service, which can be used instead of the built-in `valkey-cluster`. | ||||||
|  |  | ||||||
| ```yaml | ```yaml | ||||||
| redis-cluster: | valkey-cluster: | ||||||
|   enabled: true |   enabled: true | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| ⚠️ The redis charts [do not work well with special characters in the password](https://gitea.com/gitea/helm-chart/issues/690). | ⚠️ The valkey charts [do not work well with special characters in the password](https://gitea.com/gitea/helm-chart/issues/690). | ||||||
| Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed. | Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed. | ||||||
|  |  | ||||||
| ### Persistence | ### Persistence | ||||||
| @@ -538,7 +584,7 @@ You can interact with the postgres settings as displayed in the following exampl | |||||||
| postgresql: | postgresql: | ||||||
|   persistence: |   persistence: | ||||||
|     enabled: true |     enabled: true | ||||||
|     claimName: MyAwesomeGiteaPostgresClaim |     existingClaim: MyAwesomeGiteaPostgresClaim | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| ### Admin User | ### Admin User | ||||||
| @@ -648,7 +694,7 @@ Affected options: | |||||||
|  |  | ||||||
| Like the admin user, OAuth2 settings can be updated and disabled but not deleted. | Like the admin user, OAuth2 settings can be updated and disabled but not deleted. | ||||||
| Deleting OAuth2 settings has to be done in the ui. | Deleting OAuth2 settings has to be done in the ui. | ||||||
| All OAuth2 values, which are documented [here](https://docs.gitea.com/administration/command-line#admin), are | All OAuth2 values, which are documented [under this link](https://docs.gitea.com/administration/command-line#admin), are | ||||||
| available. | available. | ||||||
|  |  | ||||||
| Multiple OAuth2 sources can be configured with additional OAuth list items. | Multiple OAuth2 sources can be configured with additional OAuth list items. | ||||||
| @@ -693,7 +739,7 @@ gitea: | |||||||
|  |  | ||||||
| When using the rootless image the gpg key folder is not persistent by default. | When using the rootless image the gpg key folder is not persistent by default. | ||||||
| If you consider using signed commits for internal Gitea activities (e.g. initial commit), you'd need to provide a signing key. | If you consider using signed commits for internal Gitea activities (e.g. initial commit), you'd need to provide a signing key. | ||||||
| Prior to [PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be re-imported once the container got replaced by another. | Prior to [PR186](https://gitea.com/gitea/helm-gitea/pulls/186), imported keys had to be re-imported once the container got replaced by another. | ||||||
|  |  | ||||||
| The mentioned PR introduced a new configuration object `signing` allowing you to configure prerequisites for commit signing. | The mentioned PR introduced a new configuration object `signing` allowing you to configure prerequisites for commit signing. | ||||||
| By default this section is disabled to maintain backwards compatibility. | By default this section is disabled to maintain backwards compatibility. | ||||||
| @@ -747,6 +793,21 @@ gitea: | |||||||
|       ENABLE_PPROF: true |       ENABLE_PPROF: true | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  | ### Secure Metrics Endpoint | ||||||
|  |  | ||||||
|  | Metrics endpoint `/metrics` can be secured by using `Bearer` token authentication. | ||||||
|  |  | ||||||
|  | **Note:** Providing non-empty `TOKEN` value will also require authentication for `ServiceMonitor`. | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | gitea: | ||||||
|  |   metrics: | ||||||
|  |     token: "secure-token" | ||||||
|  |     enabled: true | ||||||
|  |     serviceMonitor: | ||||||
|  |       enabled: true | ||||||
|  | ``` | ||||||
|  |  | ||||||
| ## Pod annotations | ## Pod annotations | ||||||
|  |  | ||||||
| Annotations can be added to the Gitea pod. | Annotations can be added to the Gitea pod. | ||||||
| @@ -756,6 +817,31 @@ gitea: | |||||||
|   podAnnotations: {} |   podAnnotations: {} | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  | ## TLS certificate rotation | ||||||
|  |  | ||||||
|  | If Gitea uses TLS certificates that are mounted as a secret in the container file system, Gitea will not automatically apply them when the TLS certificates are rotated. | ||||||
|  | Such a rotation can be for example triggered, when the cert-manager issues new TLS certificates before expiring. Further information is described as GitHub | ||||||
|  | [issue](https://github.com/go-gitea/gitea/issues/27962). | ||||||
|  |  | ||||||
|  | Until the issue is present, a workaround can be applied. | ||||||
|  | For example stakater's [reloader](https://github.com/stakater/Reloader) controller can be used to trigger a rolling update. | ||||||
|  | The following annotation must be added to instruct the reloader controller to trigger a rolling update, when the mounted `configMaps` and `secrets` have been changed. | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | deployment: | ||||||
|  |   annotations: | ||||||
|  |     reloader.stakater.com/auto: "true" | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | Instead of triggering a rolling update for configMap and secret resources, this action can also be defined for individual items. | ||||||
|  | For example, when the secret named `gitea-tls` is mounted and the reloader controller should only listen for changes of this secret: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | deployment: | ||||||
|  |   annotations: | ||||||
|  |     secret.reloader.stakater.com/reload: "gitea-tls" | ||||||
|  | ``` | ||||||
|  |  | ||||||
| ## Themes | ## Themes | ||||||
|  |  | ||||||
| Custom themes can be added via k8s secrets and referencing them in `values.yaml`. | Custom themes can be added via k8s secrets and referencing them in `values.yaml`. | ||||||
| @@ -877,9 +963,9 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | |||||||
| ### Image | ### Image | ||||||
|  |  | ||||||
| | Name                 | Description                                                                                                                                                      | Value              | | | Name                 | Description                                                                                                                                                      | Value              | | ||||||
| | -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- | | | -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------ | | ||||||
| | `image.registry`     | image registry, e.g. gcr.io,docker.io                                                                                                                            | `""`           | | | `image.registry`     | image registry, e.g. gcr.io,docker.io                                                                                                                            | `docker.gitea.com` | | ||||||
| | `image.repository`   | Image to start for this pod                                                                                                                                      | `gitea/gitea`  | | | `image.repository`   | Image to start for this pod                                                                                                                                      | `gitea`            | | ||||||
| | `image.tag`          | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml.                          | `""`               | | | `image.tag`          | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml.                          | `""`               | | ||||||
| | `image.digest`       | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`                                                       | `""`               | | | `image.digest`       | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`                                                       | `""`               | | ||||||
| | `image.pullPolicy`   | Image pull policy                                                                                                                                                | `IfNotPresent`     | | | `image.pullPolicy`   | Image pull policy                                                                                                                                                | `IfNotPresent`     | | ||||||
| @@ -931,15 +1017,14 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | |||||||
| ### Ingress | ### Ingress | ||||||
|  |  | ||||||
| | Name                             | Description                     | Value             | | | Name                             | Description                     | Value             | | ||||||
| | ------------------------------------ | --------------------------------------------------------------------------- | ----------------- | | | -------------------------------- | ------------------------------- | ----------------- | | ||||||
| | `ingress.enabled`                | Enable ingress                  | `false`           | | | `ingress.enabled`                | Enable ingress                  | `false`           | | ||||||
| | `ingress.className`                  | Ingress class name                                                          | `nil`             | | | `ingress.className`              | DEPRECATED: Ingress class name. | `""`              | | ||||||
|  | | `ingress.pathType`               | Ingress Path Type               | `Prefix`          | | ||||||
| | `ingress.annotations`            | Ingress annotations             | `{}`              | | | `ingress.annotations`            | Ingress annotations             | `{}`              | | ||||||
| | `ingress.hosts[0].host`          | Default Ingress host            | `git.example.com` | | | `ingress.hosts[0].host`          | Default Ingress host            | `git.example.com` | | ||||||
| | `ingress.hosts[0].paths[0].path` | Default Ingress path            | `/`               | | | `ingress.hosts[0].paths[0].path` | Default Ingress path            | `/`               | | ||||||
| | `ingress.hosts[0].paths[0].pathType` | Ingress path type                                                           | `Prefix`          | |  | ||||||
| | `ingress.tls`                    | Ingress tls settings            | `[]`              | | | `ingress.tls`                    | Ingress tls settings            | `[]`              | | ||||||
| | `ingress.apiVersion`                 | Specify APIVersion of ingress object. Mostly would only be used for argocd. |                   | |  | ||||||
|  |  | ||||||
| ### deployment | ### deployment | ||||||
|  |  | ||||||
| @@ -985,6 +1070,8 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | |||||||
| | `persistence.subPath`                             | Subdirectory of the volume to mount at                                                                | `nil`                  | | | `persistence.subPath`                             | Subdirectory of the volume to mount at                                                                | `nil`                  | | ||||||
| | `persistence.volumeName`                          | Name of persistent volume in PVC                                                                      | `""`                   | | | `persistence.volumeName`                          | Name of persistent volume in PVC                                                                      | `""`                   | | ||||||
| | `extraContainers`                                 | Additional sidecar containers to run in the pod                                                       | `[]`                   | | | `extraContainers`                                 | Additional sidecar containers to run in the pod                                                       | `[]`                   | | ||||||
|  | | `preExtraInitContainers`                          | Additional init containers to run in the pod before Gitea runs it owns init containers.               | `[]`                   | | ||||||
|  | | `postExtraInitContainers`                         | Additional init containers to run in the pod after Gitea runs it owns init containers.                | `[]`                   | | ||||||
| | `extraVolumes`                                    | Additional volumes to mount to the Gitea deployment                                                   | `[]`                   | | | `extraVolumes`                                    | Additional volumes to mount to the Gitea deployment                                                   | `[]`                   | | ||||||
| | `extraContainerVolumeMounts`                      | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]`                   | | | `extraContainerVolumeMounts`                      | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]`                   | | ||||||
| | `extraInitVolumeMounts`                           | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration.    | `[]`                   | | | `extraInitVolumeMounts`                           | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration.    | `[]`                   | | ||||||
| @@ -993,8 +1080,9 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | |||||||
| ### Init | ### Init | ||||||
|  |  | ||||||
| | Name                                       | Description                                                                          | Value        | | | Name                                       | Description                                                                          | Value        | | ||||||
| | ------------------------------------------ | ------------------------------------------------------------------------------------ | ------- | | | ------------------------------------------ | ------------------------------------------------------------------------------------ | ------------ | | ||||||
| | `initPreScript`                            | Bash shell script copied verbatim to the start of the init-container.                | `""`         | | | `initPreScript`                            | Bash shell script copied verbatim to the start of the init-container.                | `""`         | | ||||||
|  | | `initContainersScriptsVolumeMountPath`     | Path to mount the scripts consumed from the Secrets                                  | `/usr/sbinx` | | ||||||
| | `initContainers.resources.limits`          | initContainers.limits Kubernetes resource limits for init containers                 | `{}`         | | | `initContainers.resources.limits`          | initContainers.limits Kubernetes resource limits for init containers                 | `{}`         | | ||||||
| | `initContainers.resources.requests.cpu`    | initContainers.requests.cpu Kubernetes cpu resource limits for init containers       | `100m`       | | | `initContainers.resources.requests.cpu`    | initContainers.requests.cpu Kubernetes cpu resource limits for init containers       | `100m`       | | ||||||
| | `initContainers.resources.requests.memory` | initContainers.requests.memory Kubernetes memory resource limits for init containers | `128Mi`      | | | `initContainers.resources.requests.memory` | initContainers.requests.memory Kubernetes memory resource limits for init containers | `128Mi`      | | ||||||
| @@ -1008,41 +1096,6 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | |||||||
| | `signing.privateKey`     | Inline private gpg key for signed internal Git activity           | `""`               | | | `signing.privateKey`     | Inline private gpg key for signed internal Git activity           | `""`               | | ||||||
| | `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""`               | | | `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""`               | | ||||||
|  |  | ||||||
| ### Gitea Actions |  | ||||||
|  |  | ||||||
| | Name                                           | Description                                                                                                                                 | Value                          | |  | ||||||
| | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | |  | ||||||
| | `actions.enabled`                              | Create an act runner StatefulSet.                                                                                                           | `false`                        | |  | ||||||
| | `actions.init.image.repository`                | The image used for the init containers                                                                                                      | `busybox`                      | |  | ||||||
| | `actions.init.image.tag`                       | The image tag used for the init containers                                                                                                  | `1.36.1`                       | |  | ||||||
| | `actions.statefulset.annotations`              | Act runner annotations                                                                                                                      | `{}`                           | |  | ||||||
| | `actions.statefulset.labels`                   | Act runner labels                                                                                                                           | `{}`                           | |  | ||||||
| | `actions.statefulset.resources`                | Act runner resources                                                                                                                        | `{}`                           | |  | ||||||
| | `actions.statefulset.nodeSelector`             | NodeSelector for the statefulset                                                                                                            | `{}`                           | |  | ||||||
| | `actions.statefulset.tolerations`              | Tolerations for the statefulset                                                                                                             | `[]`                           | |  | ||||||
| | `actions.statefulset.affinity`                 | Affinity for the statefulset                                                                                                                | `{}`                           | |  | ||||||
| | `actions.statefulset.actRunner.repository`     | The Gitea act runner image                                                                                                                  | `gitea/act_runner`             | |  | ||||||
| | `actions.statefulset.actRunner.tag`            | The Gitea act runner tag                                                                                                                    | `0.2.11`                       | |  | ||||||
| | `actions.statefulset.actRunner.pullPolicy`     | The Gitea act runner pullPolicy                                                                                                             | `IfNotPresent`                 | |  | ||||||
| | `actions.statefulset.actRunner.config`         | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` | |  | ||||||
| | `actions.statefulset.dind.repository`          | The Docker-in-Docker image                                                                                                                  | `docker`                       | |  | ||||||
| | `actions.statefulset.dind.tag`                 | The Docker-in-Docker image tag                                                                                                              | `25.0.2-dind`                  | |  | ||||||
| | `actions.statefulset.dind.pullPolicy`          | The Docker-in-Docker pullPolicy                                                                                                             | `IfNotPresent`                 | |  | ||||||
| | `actions.statefulset.dind.extraEnvs`           | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`                                                                | `[]`                           | |  | ||||||
| | `actions.provisioning.enabled`                 | Create a job that will create and save the token in a Kubernetes Secret                                                                     | `false`                        | |  | ||||||
| | `actions.provisioning.annotations`             | Job's annotations                                                                                                                           | `{}`                           | |  | ||||||
| | `actions.provisioning.labels`                  | Job's labels                                                                                                                                | `{}`                           | |  | ||||||
| | `actions.provisioning.resources`               | Job's resources                                                                                                                             | `{}`                           | |  | ||||||
| | `actions.provisioning.nodeSelector`            | NodeSelector for the job                                                                                                                    | `{}`                           | |  | ||||||
| | `actions.provisioning.tolerations`             | Tolerations for the job                                                                                                                     | `[]`                           | |  | ||||||
| | `actions.provisioning.affinity`                | Affinity for the job                                                                                                                        | `{}`                           | |  | ||||||
| | `actions.provisioning.ttlSecondsAfterFinished` | ttl for the job after finished in order to allow helm to properly recognize that the job completed                                          | `300`                          | |  | ||||||
| | `actions.provisioning.publish.repository`      | The image that can create the secret via kubectl                                                                                            | `bitnami/kubectl`              | |  | ||||||
| | `actions.provisioning.publish.tag`             | The publish image tag that can create the secret                                                                                            | `1.29.0`                       | |  | ||||||
| | `actions.provisioning.publish.pullPolicy`      | The publish image pullPolicy that can create the secret                                                                                     | `IfNotPresent`                 | |  | ||||||
| | `actions.existingSecret`                       | Secret that contains the token                                                                                                              | `""`                           | |  | ||||||
| | `actions.existingSecretKey`                    | Secret key                                                                                                                                  | `""`                           | |  | ||||||
|  |  | ||||||
| ### Gitea | ### Gitea | ||||||
|  |  | ||||||
| | Name                                         | Description                                                                                                                    | Value                | | | Name                                         | Description                                                                                                                    | Value                | | ||||||
| @@ -1053,6 +1106,7 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | |||||||
| | `gitea.admin.email`                          | Email for the Gitea admin user                                                                                                 | `gitea@local.domain` | | | `gitea.admin.email`                          | Email for the Gitea admin user                                                                                                 | `gitea@local.domain` | | ||||||
| | `gitea.admin.passwordMode`                   | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated  | `keepUpdated`        | | | `gitea.admin.passwordMode`                   | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated  | `keepUpdated`        | | ||||||
| | `gitea.metrics.enabled`                      | Enable Gitea metrics                                                                                                           | `false`              | | | `gitea.metrics.enabled`                      | Enable Gitea metrics                                                                                                           | `false`              | | ||||||
|  | | `gitea.metrics.token`                        | used for `bearer` token authentication on metrics endpoint. If not specified or empty metrics endpoint is public.              | `nil`                | | ||||||
| | `gitea.metrics.serviceMonitor.enabled`       | Enable Gitea metrics service monitor. Requires, that `gitea.metrics.enabled` is also set to true, to enable metrics generally. | `false`              | | | `gitea.metrics.serviceMonitor.enabled`       | Enable Gitea metrics service monitor. Requires, that `gitea.metrics.enabled` is also set to true, to enable metrics generally. | `false`              | | ||||||
| | `gitea.metrics.serviceMonitor.interval`      | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.                      | `""`                 | | | `gitea.metrics.serviceMonitor.interval`      | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.                      | `""`                 | | ||||||
| | `gitea.metrics.serviceMonitor.relabelings`   | RelabelConfigs to apply to samples before scraping.                                                                            | `[]`                 | | | `gitea.metrics.serviceMonitor.relabelings`   | RelabelConfigs to apply to samples before scraping.                                                                            | `[]`                 | | ||||||
| @@ -1104,53 +1158,73 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | |||||||
| | `gitea.startupProbe.successThreshold`    | Success threshold for startup probe             | `1`     | | | `gitea.startupProbe.successThreshold`    | Success threshold for startup probe             | `1`     | | ||||||
| | `gitea.startupProbe.failureThreshold`    | Failure threshold for startup probe             | `10`    | | | `gitea.startupProbe.failureThreshold`    | Failure threshold for startup probe             | `10`    | | ||||||
|  |  | ||||||
| ### redis-cluster | ### valkey-cluster | ||||||
|  |  | ||||||
| Redis cluster and [Redis](#redis) cannot be enabled at the same time. | Valkey cluster and [Valkey](#valkey) cannot be enabled at the same time. | ||||||
|  |  | ||||||
| | Name                                                | Description                                                           | Value                          | | | Name                                                | Description                                                           | Value                          | | ||||||
| | -------------------------------- | -------------------------------------------- | ------- | | | --------------------------------------------------- | --------------------------------------------------------------------- | ------------------------------ | | ||||||
| | `redis-cluster.enabled`          | Enable redis cluster                         | `true`  | | | `valkey-cluster.enabled`                            | Enable valkey cluster                                                 | `true`                         | | ||||||
| | `redis-cluster.usePassword`      | Whether to use password authentication       | `false` | | | `valkey-cluster.usePassword`                        | Whether to use password authentication.                               | `false`                        | | ||||||
| | `redis-cluster.cluster.nodes`    | Number of redis cluster master nodes         | `3`     | | | `valkey-cluster.usePasswordFiles`                   | Whether to mount passwords as files instead of environment variables. | `false`                        | | ||||||
| | `redis-cluster.cluster.replicas` | Number of redis cluster master node replicas | `0`     | | | `valkey-cluster.image.repository`                   | Image repository, eg. `bitnamilegacy/valkey-cluster`.                 | `bitnamilegacy/valkey-cluster` | | ||||||
|  | | `valkey-cluster.cluster.nodes`                      | Number of valkey cluster master nodes                                 | `3`                            | | ||||||
|  | | `valkey-cluster.cluster.replicas`                   | Number of valkey cluster master node replicas                         | `0`                            | | ||||||
|  | | `valkey-cluster.metrics.image.repository`           | Image repository, eg. `bitnamilegacy/redis-exporter`.                 | `bitnamilegacy/redis-exporter` | | ||||||
|  | | `valkey-cluster.service.ports.valkey`               | Port of Valkey service                                                | `6379`                         | | ||||||
|  | | `valkey-cluster.sysctlImage.repository`             | Image repository, eg. `bitnamilegacy/os-shell`.                       | `bitnamilegacy/os-shell`       | | ||||||
|  | | `valkey-cluster.volumePermissions.image.repository` | Image repository, eg. `bitnamilegacy/os-shell`.                       | `bitnamilegacy/os-shell`       | | ||||||
|  |  | ||||||
| ### redis | ### valkey | ||||||
|  |  | ||||||
| Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. | Valkey and [Valkey cluster](#valkey-cluster) cannot be enabled at the same time. | ||||||
|  |  | ||||||
| | Name                                        | Description                                           | Value                           | | | Name                                        | Description                                           | Value                           | | ||||||
| | ----------------------------- | ------------------------------------------ | ------------ | | | ------------------------------------------- | ----------------------------------------------------- | ------------------------------- | | ||||||
| | `redis.enabled`               | Enable redis standalone or replicated      | `false`      | | | `valkey.enabled`                            | Enable valkey standalone or replicated                | `false`                         | | ||||||
| | `redis.architecture`          | Whether to use standalone or replication   | `standalone` | | | `valkey.architecture`                       | Whether to use standalone or replication              | `standalone`                    | | ||||||
| | `redis.global.redis.password` | Required password                          | `changeme`   | | | `valkey.kubectl.image.repository`           | Image repository, eg. `bitnamilegacy/kubectl`.        | `bitnamilegacy/kubectl`         | | ||||||
| | `redis.master.count`          | Number of Redis master instances to deploy | `1`          | | | `valkey.image.repository`                   | Image repository, eg. `bitnamilegacy/valkey`.         | `bitnamilegacy/valkey`          | | ||||||
|  | | `valkey.global.valkey.password`             | Required password                                     | `changeme`                      | | ||||||
|  | | `valkey.master.count`                       | Number of Valkey master instances to deploy           | `1`                             | | ||||||
|  | | `valkey.master.service.ports.valkey`        | Port of Valkey service                                | `6379`                          | | ||||||
|  | | `valkey.metrics.image.repository`           | Image repository, eg. `bitnamilegacy/redis-exporter`. | `bitnamilegacy/redis-exporter`  | | ||||||
|  | | `valkey.sentinel.image.repository`          | Image repository, eg. `bitnamilegacy/sentinel`.       | `bitnamilegacy/valkey-sentinel` | | ||||||
|  | | `valkey.volumePermissions.image.repository` | Image repository, eg. `bitnamilegacy/os-shell`.       | `bitnamilegacy/os-shell`        | | ||||||
|  |  | ||||||
| ### PostgreSQL HA | ### PostgreSQL HA | ||||||
|  |  | ||||||
| | Name                                               | Description                                                      | Value                             | | | Name                                               | Description                                                      | Value                             | | ||||||
| | ------------------------------------------- | ---------------------------------------------------------------- | ----------- | | | -------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------- | | ||||||
| | `postgresql-ha.enabled`                            | Enable PostgreSQL HA                                             | `true`                            | | | `postgresql-ha.enabled`                            | Enable PostgreSQL HA                                             | `true`                            | | ||||||
| | `postgresql-ha.postgresql.password`         | Password for the `gitea` user (overrides `auth.password`)        | `changeme4` | |  | ||||||
| | `postgresql-ha.global.postgresql.database`         | Name for a custom database to create (overrides `auth.database`) | `gitea`                           | | | `postgresql-ha.global.postgresql.database`         | Name for a custom database to create (overrides `auth.database`) | `gitea`                           | | ||||||
| | `postgresql-ha.global.postgresql.username`         | Name for a custom user to create (overrides `auth.username`)     | `gitea`                           | | | `postgresql-ha.global.postgresql.username`         | Name for a custom user to create (overrides `auth.username`)     | `gitea`                           | | ||||||
| | `postgresql-ha.global.postgresql.password`         | Name for a custom password to create (overrides `auth.password`) | `gitea`                           | | | `postgresql-ha.global.postgresql.password`         | Name for a custom password to create (overrides `auth.password`) | `gitea`                           | | ||||||
|  | | `postgresql-ha.metrics.image.repository`           | Image repository, eg. `bitnamilegacy/postgres-exporter`.         | `bitnamilegacy/postgres-exporter` | | ||||||
|  | | `postgresql-ha.postgresql.image.repository`        | Image repository, eg. `bitnamilegacy/postgresql-repmgr`.         | `bitnamilegacy/postgresql-repmgr` | | ||||||
| | `postgresql-ha.postgresql.repmgrPassword`          | Repmgr Password                                                  | `changeme2`                       | | | `postgresql-ha.postgresql.repmgrPassword`          | Repmgr Password                                                  | `changeme2`                       | | ||||||
| | `postgresql-ha.postgresql.postgresPassword`        | postgres Password                                                | `changeme1`                       | | | `postgresql-ha.postgresql.postgresPassword`        | postgres Password                                                | `changeme1`                       | | ||||||
|  | | `postgresql-ha.postgresql.password`                | Password for the `gitea` user (overrides `auth.password`)        | `changeme4`                       | | ||||||
| | `postgresql-ha.pgpool.adminPassword`               | pgpool adminPassword                                             | `changeme3`                       | | | `postgresql-ha.pgpool.adminPassword`               | pgpool adminPassword                                             | `changeme3`                       | | ||||||
|  | | `postgresql-ha.pgpool.image.repository`            | Image repository, eg. `bitnamilegacy/pgpool`.                    | `bitnamilegacy/pgpool`            | | ||||||
|  | | `postgresql-ha.pgpool.srCheckPassword`             | pgpool srCheckPassword                                           | `changeme4`                       | | ||||||
| | `postgresql-ha.service.ports.postgresql`           | PostgreSQL service port (overrides `service.ports.postgresql`)   | `5432`                            | | | `postgresql-ha.service.ports.postgresql`           | PostgreSQL service port (overrides `service.ports.postgresql`)   | `5432`                            | | ||||||
| | `postgresql-ha.persistence.size`                   | PVC Storage Request for PostgreSQL HA volume                     | `10Gi`                            | | | `postgresql-ha.persistence.size`                   | PVC Storage Request for PostgreSQL HA volume                     | `10Gi`                            | | ||||||
|  | | `postgresql-ha.volumePermissions.image.repository` | Image repository, eg. `bitnamilegacy/os-shell`.                  | `bitnamilegacy/os-shell`          | | ||||||
|  |  | ||||||
| ### PostgreSQL | ### PostgreSQL | ||||||
|  |  | ||||||
| | Name                                                    | Description                                                      | Value                             | | | Name                                                    | Description                                                      | Value                             | | ||||||
| | ------------------------------------------------------- | ---------------------------------------------------------------- | ------- | | | ------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------- | | ||||||
| | `postgresql.enabled`                                    | Enable PostgreSQL                                                | `false`                           | | | `postgresql.enabled`                                    | Enable PostgreSQL                                                | `false`                           | | ||||||
| | `postgresql.global.postgresql.auth.password`            | Password for the `gitea` user (overrides `auth.password`)        | `gitea`                           | | | `postgresql.global.postgresql.auth.password`            | Password for the `gitea` user (overrides `auth.password`)        | `gitea`                           | | ||||||
| | `postgresql.global.postgresql.auth.database`            | Name for a custom database to create (overrides `auth.database`) | `gitea`                           | | | `postgresql.global.postgresql.auth.database`            | Name for a custom database to create (overrides `auth.database`) | `gitea`                           | | ||||||
| | `postgresql.global.postgresql.auth.username`            | Name for a custom user to create (overrides `auth.username`)     | `gitea`                           | | | `postgresql.global.postgresql.auth.username`            | Name for a custom user to create (overrides `auth.username`)     | `gitea`                           | | ||||||
| | `postgresql.global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`)   | `5432`                            | | | `postgresql.global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`)   | `5432`                            | | ||||||
|  | | `postgresql.image.repository`                           | Image repository, eg. `bitnamilegacy/postgresql`.                | `bitnamilegacy/postgresql`        | | ||||||
| | `postgresql.primary.persistence.size`                   | PVC Storage Request for PostgreSQL volume                        | `10Gi`                            | | | `postgresql.primary.persistence.size`                   | PVC Storage Request for PostgreSQL volume                        | `10Gi`                            | | ||||||
|  | | `postgresql.metrics.image.repository`                   | Image repository, eg. `bitnamilegacy/postgres-exporter`.         | `bitnamilegacy/postgres-exporter` | | ||||||
|  | | `postgresql.volumePermissions.image.repository`         | Image repository, eg. `bitnamilegacy/os-shell`.                  | `bitnamilegacy/os-shell`          | | ||||||
|  |  | ||||||
| ### Advanced | ### Advanced | ||||||
|  |  | ||||||
| @@ -1176,6 +1250,52 @@ If you miss this, blindly upgrading may delete your Postgres instance and you ma | |||||||
|  |  | ||||||
| <details> | <details> | ||||||
|  |  | ||||||
|  | <summary>To 12.0.0</summary> | ||||||
|  |  | ||||||
|  | <!-- prettier-ignore-start --> | ||||||
|  | <!-- markdownlint-disable-next-line --> | ||||||
|  | **Breaking changes** | ||||||
|  | <!-- prettier-ignore-end --> | ||||||
|  |  | ||||||
|  | - Outsourced "Actions" related configuration. | ||||||
|  |   To deploy and use "Actions", please see the new dedicated chart at <https://gitea.com/gitea/helm-actions>. | ||||||
|  |   It is maintained by a seperate maintainer group and hasn't seen a release yet (at the time of the 12.0 release). | ||||||
|  |   Feel encouraged to contribute if "Actions" is important to you! | ||||||
|  |  | ||||||
|  |   This change was made to avoid overloading the existing helm chart, which is already quite large in size and configuration options. | ||||||
|  |   In addition, the existing maintainers team was not actively using "Actions" which slowed down development and community contributions. | ||||||
|  |   While the new chart is still young (and waiting for contributions! and maintainers), we believe that it is the best way moving forward for both parts. | ||||||
|  | - Migrated from Redis/Redis-cluster to Valkey/Valkey-cluster charts (#775). | ||||||
|  |   While marked as breaking, there is no need to migrate data. | ||||||
|  |   The cache will start to refill automatically. | ||||||
|  | - Migrated ingress from `networking.k8s.io/v1beta` to `networking.k8s.io/v1`. | ||||||
|  |   We didn't make any changes to the syntax, so the upgrade should be seamless. | ||||||
|  |  | ||||||
|  | </details> | ||||||
|  |  | ||||||
|  | <details> | ||||||
|  |  | ||||||
|  | <summary>To 11.0.0</summary> | ||||||
|  |  | ||||||
|  | <!-- prettier-ignore-start --> | ||||||
|  | <!-- markdownlint-disable-next-line --> | ||||||
|  | **Breaking changes** | ||||||
|  | <!-- prettier-ignore-end --> | ||||||
|  |  | ||||||
|  | - Update Gitea to 1.23.x (review the [1.23 release blog post](https://blog.gitea.com/release-of-1.23.0/) for all application breaking changes) | ||||||
|  | - Update PostgreSQL sub-chart dependencies to appVersion 17.x | ||||||
|  | - Update Redis sub-chart to version 20.x (appVersion 7.4) | ||||||
|  |   Although there are no breaking changes in the Redis Chart itself, it updates Redis from `7.2` to `7.4`. We recommend checking the release notes: | ||||||
|  |   - [Redis Chart release notes (starting with v20.0.0)](https://github.com/bitnami/charts/blob/HEAD/bitnami/redis/CHANGELOG.md#2000-2024-08-09). | ||||||
|  |   - [Redis 7.4 release notes](https://raw.githubusercontent.com/redis/redis/7.4/00-RELEASENOTES). | ||||||
|  | - Update Redis Cluster sub-chart to version 11.x (appVersion 7.4) | ||||||
|  |   Although there are no breaking changes in the Redis Chart itself, it updates Redis from `7.2` to `7.4`. We recommend checking the release notes: | ||||||
|  |   - [Redis Chart release notes (starting with v11.0.0)](https://github.com/bitnami/charts/blob/HEAD/bitnami/redis-cluster/CHANGELOG.md#1100-2024-08-09). | ||||||
|  |   - [Redis 7.4 release notes](https://raw.githubusercontent.com/redis/redis/7.4/00-RELEASENOTES). | ||||||
|  |   </details> | ||||||
|  |  | ||||||
|  | <details> | ||||||
|  |  | ||||||
| <summary>To 10.0.0</summary> | <summary>To 10.0.0</summary> | ||||||
|  |  | ||||||
| <!-- prettier-ignore-start --> | <!-- prettier-ignore-start --> | ||||||
| @@ -1242,23 +1362,23 @@ The first item here (`<memcache service name>`) will be different compared to th | |||||||
| The above changes are motivated by the idea to tidy dependencies but also have HA-ready ones at the same time. | The above changes are motivated by the idea to tidy dependencies but also have HA-ready ones at the same time. | ||||||
| The previous `memcache` default was not HA-ready, hence we decided to switch to `redis-cluster` by default. | The previous `memcache` default was not HA-ready, hence we decided to switch to `redis-cluster` by default. | ||||||
|  |  | ||||||
| If you are coming from an existing deployment and [#356](https://gitea.com/gitea/helm-chart/issues/356) is still open, you need to set the config sections for `cache`, `session` and `queue` explicitly: | If you are coming from an existing deployment and [#356](https://gitea.com/gitea/helm-gitea/issues/356) is still open, you need to set the config sections for `cache`, `session` and `queue` explicitly: | ||||||
|  |  | ||||||
| ```yaml | ```yaml | ||||||
| gitea: | gitea: | ||||||
|   config: |   config: | ||||||
|     session: |     session: | ||||||
|       PROVIDER: redis-cluster |       PROVIDER: redis-cluster | ||||||
|       PROVIDER_CONFIG: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& |       PROVIDER_CONFIG: redis+cluster://:gitea@gitea-valkey-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||||
|  |  | ||||||
|     cache: |     cache: | ||||||
|       ENABLED: true |       ENABLED: true | ||||||
|       ADAPTER: redis-cluster |       ADAPTER: redis-cluster | ||||||
|       HOST: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& |       HOST: redis+cluster://:gitea@gitea-valkey-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||||
|  |  | ||||||
|     queue: |     queue: | ||||||
|       TYPE: redis |       TYPE: redis | ||||||
|       CONN_STR: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& |       CONN_STR: redis+cluster://:gitea@gitea-valkey-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| <!-- prettier-ignore-start --> | <!-- prettier-ignore-start --> | ||||||
| @@ -1267,7 +1387,7 @@ gitea: | |||||||
| <!-- prettier-ignore-end --> | <!-- prettier-ignore-end --> | ||||||
|  |  | ||||||
| If you are facing errors like `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED` due to this automatic transition: | If you are facing errors like `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED` due to this automatic transition: | ||||||
| Have a look at [this discussion](https://gitea.com/gitea/helm-chart/issues/487#issue-220660) and either set `image.rootless: false` or manually update your `~/.ssh/known_hosts` file(s). | Have a look at [this discussion](https://gitea.com/gitea/helm-gitea/issues/487#issue-220660) and either set `image.rootless: false` or manually update your `~/.ssh/known_hosts` file(s). | ||||||
|  |  | ||||||
| <!-- prettier-ignore-start --> | <!-- prettier-ignore-start --> | ||||||
| <!-- markdownlint-disable-next-line --> | <!-- markdownlint-disable-next-line --> | ||||||
| @@ -1323,7 +1443,7 @@ With respect to `values.yaml`, parameters `username`, `database` and `password` | |||||||
| Please adjust your `values.yaml` accordingly. | Please adjust your `values.yaml` accordingly. | ||||||
|  |  | ||||||
| **Attention**: The Postgres upgrade is not automatically handled by the chart and must be done by yourself. | **Attention**: The Postgres upgrade is not automatically handled by the chart and must be done by yourself. | ||||||
| See [this comment](https://gitea.com/gitea/helm-chart/issues/452#issuecomment-740885) for an extensive walkthrough. | See [this comment](https://gitea.com/gitea/helm-gitea/issues/452#issuecomment-740885) for an extensive walkthrough. | ||||||
| We again highly encourage users to use an external (managed) database for production instances. | We again highly encourage users to use an external (managed) database for production instances. | ||||||
|  |  | ||||||
| </details> | </details> | ||||||
|   | |||||||
| @@ -25,7 +25,7 @@ In addition, the following components are required for full HA-readiness: | |||||||
|  |  | ||||||
| - A HA-ready issue (and optionally code) indexer: `elasticsearch` or `meilisearch` | - A HA-ready issue (and optionally code) indexer: `elasticsearch` or `meilisearch` | ||||||
| - A HA-ready external object/asset storage (`minio`) (optional, assets can also be stored on the RWX file-system) | - A HA-ready external object/asset storage (`minio`) (optional, assets can also be stored on the RWX file-system) | ||||||
| - A HA-ready cache (`redis-cluster`) | - A HA-ready cache (`valkey-cluster`) | ||||||
| - A HA-ready DB | - A HA-ready DB | ||||||
|  |  | ||||||
| `postgres.enabled`, which default to `true`, must be set to `false` for a HA setup. | `postgres.enabled`, which default to `true`, must be set to `false` for a HA setup. | ||||||
| @@ -72,33 +72,33 @@ persistence: | |||||||
|  |  | ||||||
| ## Cache, session and queue | ## Cache, session and queue | ||||||
|  |  | ||||||
| A `redis` instance is required for the in-memory cache. | A `valkey` instance is required for the in-memory cache. | ||||||
| Two options exist: | Two options exist: | ||||||
|  |  | ||||||
| - `redis` | - `valkey` | ||||||
| - `redis-cluster` | - `valkey-cluster` | ||||||
|  |  | ||||||
| The chart provides `redis-cluster` as a dependency as this one can be used for both HA and non-HA setups. | The chart provides `valkey-cluster` as a dependency as this one can be used for both HA and non-HA setups. | ||||||
| You're also welcome to go with `redis` if you prefer or already have a running instance. | You're also welcome to go with `valkey` if you prefer or already have a running instance. | ||||||
|  |  | ||||||
| It should be noted that `redis-cluster` support is only available starting with Gitea 1.19.2. | It should be noted that `valkey-cluster` support is only available starting with Gitea 1.19.2. | ||||||
| You can also configure an external (managed) `redis` instance to be used. | You can also configure an external (managed) `valkey` instance to be used. | ||||||
| To do so, you need to set the following configuration values yourself: | To do so, you need to set the following configuration values yourself: | ||||||
|  |  | ||||||
| - `gitea.config.queue.TYPE`: redis` | - `gitea.config.queue.TYPE`: valkey` | ||||||
| - `gitea.config.queue.CONN_STR`: `<your redis connection string>` | - `gitea.config.queue.CONN_STR`: `<your valkey connection string>` | ||||||
|  |  | ||||||
| - `gitea.config.session.PROVIDER`: `redis` | - `gitea.config.session.PROVIDER`: `valkey` | ||||||
| - `gitea.config.session.PROVIDER_CONFIG`: `<your redis connection string>` | - `gitea.config.session.PROVIDER_CONFIG`: `<your valkey connection string>` | ||||||
|  |  | ||||||
| - `gitea.config.cache.ENABLED`: `true` | - `gitea.config.cache.ENABLED`: `true` | ||||||
| - `gitea.config.cache.ADAPTER`: `redis` | - `gitea.config.cache.ADAPTER`: `valkey` | ||||||
| - `gitea.config.cache.HOST`: `<your redis connection string>` | - `gitea.config.cache.HOST`: `<your valkey connection string>` | ||||||
|  |  | ||||||
| By default, the `redis-cluster` chart provisions three standalone master nodes of which each has a single replica. | By default, the `valkey-cluster` chart provisions three standalone master nodes of which each has a single replica. | ||||||
| To reduce the number of pods for a default Gitea deployment, we opted to omit the replicas (`replicas: 0`) by default. | To reduce the number of pods for a default Gitea deployment, we opted to omit the replicas (`replicas: 0`) by default. | ||||||
| Only the minimum required number of master pods for a functional `redis-cluster` deployment are provisioned. | Only the minimum required number of master pods for a functional `valkey-cluster` deployment are provisioned. | ||||||
| For a "proper" `redis-cluster` setup however, we recommend to set `replicas: 1` and `nodes: 6`. | For a "proper" `valkey-cluster` setup however, we recommend to set `replicas: 1` and `nodes: 6`. | ||||||
|  |  | ||||||
| ## Object and asset storage | ## Object and asset storage | ||||||
|  |  | ||||||
|   | |||||||
							
								
								
									
										1171
									
								
								package-lock.json
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										1171
									
								
								package-lock.json
									
									
									
										generated
									
									
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							| @@ -1,6 +1,6 @@ | |||||||
| { | { | ||||||
|   "name": "gitea-helm-chart", |   "name": "gitea-helm", | ||||||
|   "homepage": "https://gitea.com/gitea/helm-chart.git", |   "homepage": "https://gitea.com/gitea/helm-gitea.git", | ||||||
|   "license": "MIT", |   "license": "MIT", | ||||||
|   "private": true, |   "private": true, | ||||||
|   "engineStrict": true, |   "engineStrict": true, | ||||||
| @@ -14,6 +14,6 @@ | |||||||
|   }, |   }, | ||||||
|   "devDependencies": { |   "devDependencies": { | ||||||
|     "@bitnami/readme-generator-for-helm": "^2.5.0", |     "@bitnami/readme-generator-for-helm": "^2.5.0", | ||||||
|     "markdownlint-cli": "^0.41.0" |     "markdownlint-cli": "^0.45.0" | ||||||
|   } |   } | ||||||
| } | } | ||||||
| @@ -1,34 +0,0 @@ | |||||||
| # Gitea Actions |  | ||||||
|  |  | ||||||
| In order to use the Gitea Actions act-runner you must either: |  | ||||||
|  |  | ||||||
| - enable persistence (used for automatic deployment to be able to store the token in a place accessible for the Job) |  | ||||||
| - create a secret containing the act runner token and reference it as a `existingSecret` |  | ||||||
|  |  | ||||||
| In order to use Gitea Actions, you must log on the server that's running Gitea and run the command: |  | ||||||
|     `gitea actions generate-runner-token` |  | ||||||
|  |  | ||||||
| This command will out a token that is needed by the act-runner to register with the Gitea backend. |  | ||||||
|  |  | ||||||
| Because this is a manual operation, we automated this using a Kubernetes Job using the following containers: |  | ||||||
|  |  | ||||||
| 1) `actions-token-create`: it uses the current `gitea-rootless` image, mounts the persistent directory to `/data/` then it saves the output from `gitea actions generate-runner-token` to `/data/actions/token` |  | ||||||
| 2) `actions-token-upload`: it uses a `bitnami/kubectl` image, mounts the scripts directory (`/scripts`) and |  | ||||||
| the persistent directory (`/data/`), and using the script from `/scripts/token.sh` stores the token in a Kubernetes secret |  | ||||||
|  |  | ||||||
| After the token is stored in a Kubernetes secret we can create the statefulset that contains the following containers: |  | ||||||
|  |  | ||||||
| 1) `act-runner`: authenticates with Gitea using the token that was stored in the secret |  | ||||||
| 2) `dind`: DockerInDocker image that is used to run the actions |  | ||||||
|  |  | ||||||
| If you are not using persistent volumes, you cannot use the Job to automatically generate the token. |  | ||||||
| In this case, you can use either the Web UI to generate the token or run a shell into a Gitea pod and invoke |  | ||||||
| the command `gitea actions generate-runner-token`. After generating the token, you must create a secret and use it via: |  | ||||||
|  |  | ||||||
| ```yaml |  | ||||||
| actions: |  | ||||||
|   provisioning: |  | ||||||
|     enabled: false |  | ||||||
|   existingSecret: "secret-name" |  | ||||||
|   existingSecretKey: "secret-key" |  | ||||||
| ``` |  | ||||||
| @@ -9,13 +9,19 @@ | |||||||
|   labels: [ |   labels: [ | ||||||
|     'kind/dependency', |     'kind/dependency', | ||||||
|   ], |   ], | ||||||
|  |   digest: { | ||||||
|  |     automerge: true, | ||||||
|  |   }, | ||||||
|   automergeStrategy: 'squash', |   automergeStrategy: 'squash', | ||||||
|  |   'git-submodules': { | ||||||
|  |     enabled: true, | ||||||
|  |   }, | ||||||
|   customManagers: [ |   customManagers: [ | ||||||
|     { |     { | ||||||
|       description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions', |       description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions', | ||||||
|       customType: 'regex', |       customType: 'regex', | ||||||
|       fileMatch: [ |       managerFilePatterns: [ | ||||||
|         '.gitea/workflows/.+\\.ya?ml$', |         '/.gitea/workflows/.+\\.ya?ml$/', | ||||||
|       ], |       ], | ||||||
|       matchStrings: [ |       matchStrings: [ | ||||||
|         '# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?<currentValue>.+?)["\']?\\s', |         '# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?<currentValue>.+?)["\']?\\s', | ||||||
| @@ -24,21 +30,33 @@ | |||||||
|     { |     { | ||||||
|       description: 'Detect helm-unittest yaml schema file', |       description: 'Detect helm-unittest yaml schema file', | ||||||
|       customType: 'regex', |       customType: 'regex', | ||||||
|       fileMatch: ['.vscode/settings\\.json$'], |       managerFilePatterns: [ | ||||||
|  |         '/.vscode/settings\\.json$/', | ||||||
|  |       ], | ||||||
|       matchStrings: [ |       matchStrings: [ | ||||||
|         'https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json', |         'https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json', | ||||||
|       ], |       ], | ||||||
|       datasourceTemplate: 'github-releases', |       datasourceTemplate: 'github-releases', | ||||||
|     }, |     }, | ||||||
|     { |     { | ||||||
|       'description': 'Automatically detect new Gitea releases', |       description: 'Automatically detect new Gitea releases', | ||||||
|       'customType': 'regex', |       customType: 'regex', | ||||||
|       'fileMatch': ['(^|/)Chart\\.yaml$'], |       managerFilePatterns: [ | ||||||
|       'matchStrings': [ |         '/(^|/)Chart\\.yaml$/', | ||||||
|  |       ], | ||||||
|  |       matchStrings: [ | ||||||
|         '# renovate datasource=(?<datasource>\\S+) depName=(?<depName>\\S+) extractVersion=(?<extractVersion>\\S+)\\nappVersion:\\s?(?<currentValue>\\S+)\\n', |         '# renovate datasource=(?<datasource>\\S+) depName=(?<depName>\\S+) extractVersion=(?<extractVersion>\\S+)\\nappVersion:\\s?(?<currentValue>\\S+)\\n', | ||||||
|       ], |       ], | ||||||
|     }, |     }, | ||||||
|   ], |   ], | ||||||
|  |   lockFileMaintenance: { | ||||||
|  |     "enabled": true, | ||||||
|  |     "commitMessageAction": "update", | ||||||
|  |     "commitMessageTopic": "lockfiles", | ||||||
|  |     schedule: [ | ||||||
|  |       'at any time', | ||||||
|  |     ] | ||||||
|  |   }, | ||||||
|   packageRules: [ |   packageRules: [ | ||||||
|     { |     { | ||||||
|       groupName: 'subcharts (minor & patch)', |       groupName: 'subcharts (minor & patch)', | ||||||
| @@ -51,6 +69,17 @@ | |||||||
|         'digest', |         'digest', | ||||||
|       ], |       ], | ||||||
|     }, |     }, | ||||||
|  |     { | ||||||
|  |       groupName: 'bats testing framework', | ||||||
|  |       matchManagers: [ | ||||||
|  |         'git-submodules', | ||||||
|  |       ], | ||||||
|  |       matchUpdateTypes: [ | ||||||
|  |         'minor', | ||||||
|  |         'patch', | ||||||
|  |         'digest', | ||||||
|  |       ], | ||||||
|  |     }, | ||||||
|     { |     { | ||||||
|       groupName: 'workflow dependencies (minor & patch)', |       groupName: 'workflow dependencies (minor & patch)', | ||||||
|       matchManagers: [ |       matchManagers: [ | ||||||
| @@ -63,6 +92,25 @@ | |||||||
|         'patch', |         'patch', | ||||||
|         'digest', |         'digest', | ||||||
|       ], |       ], | ||||||
|  |       matchFileNames: [ | ||||||
|  |         '!Chart.yaml', | ||||||
|  |       ], | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       description: 'Update README.md on changes in values.yaml', | ||||||
|  |       matchManagers: [ | ||||||
|  |         'helm-values', | ||||||
|  |       ], | ||||||
|  |       postUpgradeTasks: { | ||||||
|  |         commands: [ | ||||||
|  |           'install-tool node', | ||||||
|  |           'make readme', | ||||||
|  |         ], | ||||||
|  |         fileFilters: [ | ||||||
|  |           'README.md', | ||||||
|  |         ], | ||||||
|  |         executionMode: 'update', | ||||||
|  |       }, | ||||||
|     }, |     }, | ||||||
|     { |     { | ||||||
|       description: 'Override changelog url for Helm image, to have release notes in our PRs', |       description: 'Override changelog url for Helm image, to have release notes in our PRs', | ||||||
| @@ -71,5 +119,14 @@ | |||||||
|       ], |       ], | ||||||
|       changelogUrl: 'https://github.com/helm/helm', |       changelogUrl: 'https://github.com/helm/helm', | ||||||
|     }, |     }, | ||||||
|  |     { | ||||||
|  |       description: 'Bump Gitea as fast as possible - not only on weekends', | ||||||
|  |       matchDepNames: [ | ||||||
|  |         'go-gitea/gitea', | ||||||
|  |       ], | ||||||
|  |       schedule: [ | ||||||
|  |         'at any time', | ||||||
|  |       ], | ||||||
|  |     }, | ||||||
|   ], |   ], | ||||||
| } | } | ||||||
|   | |||||||
							
								
								
									
										0
									
								
								scripts/token.sh → scripts/act_runner/token.sh
									
									
									
									
									
										
										
										Normal file → Executable file
									
								
							
							
						
						
									
										0
									
								
								scripts/token.sh → scripts/act_runner/token.sh
									
									
									
									
									
										
										
										Normal file → Executable file
									
								
							
							
								
								
									
										154
									
								
								scripts/init-containers/config/config_environment.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										154
									
								
								scripts/init-containers/config/config_environment.sh
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,154 @@ | |||||||
|  | #!/usr/bin/env bash | ||||||
|  | set -euo pipefail | ||||||
|  |  | ||||||
|  | function env2ini::log() { | ||||||
|  |   printf "${1}\n" | ||||||
|  | } | ||||||
|  |  | ||||||
|  | function env2ini::read_config_to_env() { | ||||||
|  |   local section="${1}" | ||||||
|  |   local line="${2}" | ||||||
|  |  | ||||||
|  |   if [[ -z "${line}" ]]; then | ||||||
|  |     # skip empty line | ||||||
|  |     return | ||||||
|  |   fi | ||||||
|  |  | ||||||
|  |   # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line | ||||||
|  |   local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)" | ||||||
|  |  | ||||||
|  |   if [[ -z "${setting}" ]]; then | ||||||
|  |     env2ini::log '  ! invalid setting' | ||||||
|  |     exit 1 | ||||||
|  |   fi | ||||||
|  |  | ||||||
|  |   local value='' | ||||||
|  |   local regex="^${setting}(\s*)=(\s*)(.*)" | ||||||
|  |   if [[ $line =~ $regex ]]; then | ||||||
|  |     value="${BASH_REMATCH[3]}" | ||||||
|  |   else | ||||||
|  |     env2ini::log '  ! invalid setting' | ||||||
|  |     exit 1 | ||||||
|  |   fi | ||||||
|  |  | ||||||
|  |   env2ini::log "    + '${setting}'" | ||||||
|  |  | ||||||
|  |   if [[ -z "${section}" ]]; then | ||||||
|  |     export "GITEA____${setting^^}=${value}"                           # '^^' makes the variable content uppercase | ||||||
|  |     return | ||||||
|  |   fi | ||||||
|  |  | ||||||
|  |   local masked_section="${section//./_0X2E_}"                            # '//' instructs to replace all matches | ||||||
|  |   masked_section="${masked_section//-/_0X2D_}" | ||||||
|  |  | ||||||
|  |   export "GITEA__${masked_section^^}__${setting^^}=${value}"        # '^^' makes the variable content uppercase | ||||||
|  | } | ||||||
|  |  | ||||||
|  | function env2ini::reload_preset_envs() { | ||||||
|  |   env2ini::log "Reloading preset envs..." | ||||||
|  |  | ||||||
|  |   while read -r line; do | ||||||
|  |     if [[ -z "${line}" ]]; then | ||||||
|  |       # skip empty line | ||||||
|  |       return | ||||||
|  |     fi | ||||||
|  |  | ||||||
|  |     # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line | ||||||
|  |     local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)" | ||||||
|  |  | ||||||
|  |     if [[ -z "${setting}" ]]; then | ||||||
|  |       env2ini::log '  ! invalid setting' | ||||||
|  |       exit 1 | ||||||
|  |     fi | ||||||
|  |  | ||||||
|  |     local value='' | ||||||
|  |     local regex="^${setting}(\s*)=(\s*)(.*)" | ||||||
|  |     if [[ $line =~ $regex ]]; then | ||||||
|  |       value="${BASH_REMATCH[3]}" | ||||||
|  |     else | ||||||
|  |       env2ini::log '  ! invalid setting' | ||||||
|  |       exit 1 | ||||||
|  |     fi | ||||||
|  |  | ||||||
|  |     env2ini::log "  + '${setting}'" | ||||||
|  |  | ||||||
|  |     export "${setting^^}=${value}"                           # '^^' makes the variable content uppercase | ||||||
|  |   done < "$TMP_EXISTING_ENVS_FILE" | ||||||
|  |  | ||||||
|  |   rm $TMP_EXISTING_ENVS_FILE | ||||||
|  | } | ||||||
|  |  | ||||||
|  |  | ||||||
|  | function env2ini::process_config_file() { | ||||||
|  |   local config_file="${1}" | ||||||
|  |   local section="$(basename "${config_file}")" | ||||||
|  |  | ||||||
|  |   if [[ $section == '_generals_' ]]; then | ||||||
|  |     env2ini::log "  [ini root]" | ||||||
|  |     section='' | ||||||
|  |   else | ||||||
|  |     env2ini::log "  ${section}" | ||||||
|  |   fi | ||||||
|  |  | ||||||
|  |   while read -r line; do | ||||||
|  |     env2ini::read_config_to_env "${section}" "${line}" | ||||||
|  |   done < <(awk 1 "${config_file}")                             # Helm .toYaml trims the trailing new line which breaks line processing; awk 1 ... adds it back while reading | ||||||
|  | } | ||||||
|  |  | ||||||
|  | function env2ini::load_config_sources() { | ||||||
|  |   local path="${1}" | ||||||
|  |  | ||||||
|  |   if [[ -d "${path}" ]]; then | ||||||
|  |     env2ini::log "Processing $(basename "${path}")..." | ||||||
|  |  | ||||||
|  |     while read -d '' configFile; do | ||||||
|  |       env2ini::process_config_file "${configFile}" | ||||||
|  |     done < <(find "${path}" -type l -not -name '..data' -print0) | ||||||
|  |  | ||||||
|  |     env2ini::log "\n" | ||||||
|  |   fi | ||||||
|  | } | ||||||
|  |  | ||||||
|  | function env2ini::generate_initial_secrets() { | ||||||
|  |   # These environment variables will either be | ||||||
|  |   #   - overwritten with user defined values, | ||||||
|  |   #   - initially used to set up Gitea | ||||||
|  |   # Anyway, they won't harm existing app.ini files | ||||||
|  |  | ||||||
|  |   export GITEA__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN) | ||||||
|  |   export GITEA__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY) | ||||||
|  |   export GITEA__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET) | ||||||
|  |   export GITEA__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET) | ||||||
|  |  | ||||||
|  |   env2ini::log "...Initial secrets generated\n" | ||||||
|  | } | ||||||
|  |  | ||||||
|  | # save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs | ||||||
|  | env | (grep -e '^GITEA__' || [[ $? == 1 ]]) > $TMP_EXISTING_ENVS_FILE | ||||||
|  |  | ||||||
|  | # MUST BE CALLED BEFORE OTHER CONFIGURATION | ||||||
|  | env2ini::generate_initial_secrets | ||||||
|  |  | ||||||
|  | env2ini::load_config_sources "$ENV_TO_INI_MOUNT_POINT/inlines/" | ||||||
|  | env2ini::load_config_sources "$ENV_TO_INI_MOUNT_POINT/additionals/" | ||||||
|  |  | ||||||
|  | # load existing envs to override auto generated envs | ||||||
|  | env2ini::reload_preset_envs | ||||||
|  |  | ||||||
|  | env2ini::log "=== All configuration sources loaded ===\n" | ||||||
|  |  | ||||||
|  | # safety to prevent rewrite of secret keys if an app.ini already exists | ||||||
|  | if [ -f ${GITEA_APP_INI} ]; then | ||||||
|  |   env2ini::log 'An app.ini file already exists. To prevent overwriting secret keys, these settings are dropped and remain unchanged:' | ||||||
|  |   env2ini::log '  - security.INTERNAL_TOKEN' | ||||||
|  |   env2ini::log '  - security.SECRET_KEY' | ||||||
|  |   env2ini::log '  - oauth2.JWT_SECRET' | ||||||
|  |   env2ini::log '  - server.LFS_JWT_SECRET' | ||||||
|  |  | ||||||
|  |   unset GITEA__SECURITY__INTERNAL_TOKEN | ||||||
|  |   unset GITEA__SECURITY__SECRET_KEY | ||||||
|  |   unset GITEA__OAUTH2__JWT_SECRET | ||||||
|  |   unset GITEA__SERVER__LFS_JWT_SECRET | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | environment-to-ini -o $GITEA_APP_INI | ||||||
							
								
								
									
										4
									
								
								scripts/init-containers/init/configure_gpg_environment.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										4
									
								
								scripts/init-containers/init/configure_gpg_environment.sh
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,4 @@ | |||||||
|  | #!/usr/bin/env bash | ||||||
|  | set -eu | ||||||
|  |  | ||||||
|  | gpg --batch --import "$TMP_RAW_GPG_KEY" | ||||||
| @@ -133,29 +133,29 @@ app.kubernetes.io/instance: {{ .Release.Name }} | |||||||
| {{- end -}} | {{- end -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
|  |  | ||||||
| {{- define "redis.dns" -}} | {{- define "valkey.dns" -}} | ||||||
| {{- if and ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} | {{- if and ((index .Values "valkey-cluster").enabled) ((index .Values "valkey").enabled) -}} | ||||||
| {{- fail "redis and redis-cluster cannot be enabled at the same time. Please only choose one." -}} | {{- fail "valkey and valkey-cluster cannot be enabled at the same time. Please only choose one." -}} | ||||||
| {{- else if (index .Values "redis-cluster").enabled -}} | {{- else if (index .Values "valkey-cluster").enabled -}} | ||||||
| {{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}} | {{- printf "redis+cluster://:%s@%s-valkey-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "valkey-cluster").global.valkey.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "valkey-cluster").service.ports.valkey -}} | ||||||
| {{- else if (index .Values "redis").enabled -}} | {{- else if (index .Values "valkey").enabled -}} | ||||||
| {{- printf "redis://:%s@%s-redis-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis").master.service.ports.redis -}} | {{- printf "redis://:%s@%s-valkey-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "valkey").global.valkey.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "valkey").master.service.ports.valkey -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
|  |  | ||||||
| {{- define "redis.port" -}} | {{- define "valkey.port" -}} | ||||||
| {{- if (index .Values "redis-cluster").enabled -}} | {{- if (index .Values "valkey-cluster").enabled -}} | ||||||
| {{ (index .Values "redis-cluster").service.ports.redis }} | {{ (index .Values "valkey-cluster").service.ports.valkey }} | ||||||
| {{- else if (index .Values "redis").enabled -}} | {{- else if (index .Values "valkey").enabled -}} | ||||||
| {{ (index .Values "redis").master.service.ports.redis }} | {{ (index .Values "valkey").master.service.ports.valkey }} | ||||||
| {{- end -}} | {{- end -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
|  |  | ||||||
| {{- define "redis.servicename" -}} | {{- define "valkey.servicename" -}} | ||||||
| {{- if (index .Values "redis-cluster").enabled -}} | {{- if (index .Values "valkey-cluster").enabled -}} | ||||||
| {{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} | {{- printf "%s-valkey-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} | ||||||
| {{- else if (index .Values "redis").enabled -}} | {{- else if (index .Values "valkey").enabled -}} | ||||||
| {{- printf "%s-redis-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} | {{- printf "%s-valkey-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
|  |  | ||||||
| @@ -220,15 +220,6 @@ https | |||||||
| {{- end -}} | {{- end -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
|  |  | ||||||
| {{- define "gitea.act_runner.local_root_url" -}} |  | ||||||
| {{- if not .Values.gitea.config.server.LOCAL_ROOT_URL -}} |  | ||||||
|     {{- printf "http://%s-http:%.0f" (include "gitea.fullname" .) .Values.service.http.port -}} |  | ||||||
| {{- else -}} |  | ||||||
|   {{/* fallback for allowing to overwrite this value via inline config */}} |  | ||||||
|   {{- .Values.gitea.config.server.LOCAL_ROOT_URL -}} |  | ||||||
| {{- end -}} |  | ||||||
| {{- end -}} |  | ||||||
|  |  | ||||||
| {{- define "gitea.inline_configuration" -}} | {{- define "gitea.inline_configuration" -}} | ||||||
|   {{- include "gitea.inline_configuration.init" . -}} |   {{- include "gitea.inline_configuration.init" . -}} | ||||||
|   {{- include "gitea.inline_configuration.defaults" . -}} |   {{- include "gitea.inline_configuration.defaults" . -}} | ||||||
| @@ -311,14 +302,17 @@ https | |||||||
|   {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}} |   {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}} | ||||||
|     {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} |     {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} | ||||||
|   {{- end -}} |   {{- end -}} | ||||||
|   {{- /* redis queue */ -}} |   {{- if and (not (hasKey .Values.gitea.config.metrics "TOKEN")) (.Values.gitea.metrics.token) (.Values.gitea.metrics.enabled) -}} | ||||||
|   {{- if or ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} |     {{- $_ := set .Values.gitea.config.metrics "TOKEN" .Values.gitea.metrics.token -}} | ||||||
|  |   {{- end -}} | ||||||
|  |   {{- /* valkey queue */ -}} | ||||||
|  |   {{- if or ((index .Values "valkey-cluster").enabled) ((index .Values "valkey").enabled) -}} | ||||||
|     {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}} |     {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}} | ||||||
|     {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}} |     {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "valkey.dns" .) -}} | ||||||
|     {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}} |     {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}} | ||||||
|     {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "redis.dns" .) -}} |     {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "valkey.dns" .) -}} | ||||||
|     {{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}} |     {{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}} | ||||||
|     {{- $_ := set .Values.gitea.config.cache "HOST" (include "redis.dns" .) -}} |     {{- $_ := set .Values.gitea.config.cache "HOST" (include "valkey.dns" .) -}} | ||||||
|   {{- else -}} |   {{- else -}} | ||||||
|     {{- if not (get .Values.gitea.config.session "PROVIDER") -}} |     {{- if not (get .Values.gitea.config.session "PROVIDER") -}} | ||||||
|       {{- $_ := set .Values.gitea.config.session "PROVIDER" "memory" -}} |       {{- $_ := set .Values.gitea.config.session "PROVIDER" "memory" -}} | ||||||
| @@ -342,9 +336,6 @@ https | |||||||
|   {{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}} |   {{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}} | ||||||
|      {{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}} |      {{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}} | ||||||
|   {{- end -}} |   {{- end -}} | ||||||
|   {{- if not .Values.gitea.config.actions.ENABLED -}} |  | ||||||
|      {{- $_ := set .Values.gitea.config.actions "ENABLED" (ternary "true" "false" .Values.actions.enabled) -}} |  | ||||||
|   {{- end -}} |  | ||||||
| {{- end -}} | {{- end -}} | ||||||
|  |  | ||||||
| {{- define "gitea.inline_configuration.defaults.server" -}} | {{- define "gitea.inline_configuration.defaults.server" -}} | ||||||
| @@ -364,25 +355,24 @@ https | |||||||
|   {{- if not .Values.gitea.config.server.ROOT_URL -}} |   {{- if not .Values.gitea.config.server.ROOT_URL -}} | ||||||
|     {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" (include "gitea.public_protocol" .) .Values.gitea.config.server.DOMAIN) -}} |     {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" (include "gitea.public_protocol" .) .Values.gitea.config.server.DOMAIN) -}} | ||||||
|   {{- end -}} |   {{- end -}} | ||||||
|   {{- if .Values.actions.enabled -}} |  | ||||||
|      {{- $_ := set .Values.gitea.config.server "LOCAL_ROOT_URL" (include "gitea.act_runner.local_root_url" .) -}} |  | ||||||
|   {{- end -}} |  | ||||||
|   {{- if not .Values.gitea.config.server.SSH_DOMAIN -}} |   {{- if not .Values.gitea.config.server.SSH_DOMAIN -}} | ||||||
|     {{- $_ := set .Values.gitea.config.server "SSH_DOMAIN" .Values.gitea.config.server.DOMAIN -}} |     {{- $_ := set .Values.gitea.config.server "SSH_DOMAIN" .Values.gitea.config.server.DOMAIN -}} | ||||||
|   {{- end -}} |   {{- end -}} | ||||||
|   {{- if not .Values.gitea.config.server.SSH_PORT -}} |   {{- if not .Values.gitea.config.server.SSH_PORT -}} | ||||||
|     {{- $_ := set .Values.gitea.config.server "SSH_PORT" .Values.service.ssh.port -}} |     {{- $_ := set .Values.gitea.config.server "SSH_PORT" .Values.service.ssh.port -}} | ||||||
|   {{- end -}} |   {{- end -}} | ||||||
|   {{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}} |  | ||||||
|     {{- if not .Values.image.rootless -}} |  | ||||||
|       {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}} |  | ||||||
|     {{- else -}} |  | ||||||
|       {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" "2222" -}} |  | ||||||
|     {{- end -}} |  | ||||||
|   {{- end -}} |  | ||||||
|   {{- if not (hasKey .Values.gitea.config.server "START_SSH_SERVER") -}} |   {{- if not (hasKey .Values.gitea.config.server "START_SSH_SERVER") -}} | ||||||
|     {{- if .Values.image.rootless -}} |     {{- if .Values.image.rootless -}} | ||||||
|       {{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "true" -}} |       {{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "true" -}} | ||||||
|  |       {{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}} | ||||||
|  |         {{- if not .Values.gitea.config.server.SSH_LISTEN_PORT -}} | ||||||
|  |           {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}} | ||||||
|  |         {{- else -}} | ||||||
|  |           {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_LISTEN_PORT -}} | ||||||
|  |         {{- end -}} | ||||||
|  |       {{- end -}} | ||||||
|  |     {{- else -}} | ||||||
|  |       {{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "false" -}} | ||||||
|     {{- end -}} |     {{- end -}} | ||||||
|   {{- end -}} |   {{- end -}} | ||||||
|   {{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}} |   {{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}} | ||||||
| @@ -440,6 +430,18 @@ https | |||||||
| {{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }} | {{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }} | ||||||
| {{- end -}} | {{- end -}} | ||||||
|  |  | ||||||
|  | {{- define "ingress.annotations" -}} | ||||||
|  |   {{- if .Values.ingress.annotations }} | ||||||
|  |   annotations: | ||||||
|  |     {{- $tp := typeOf .Values.ingress.annotations }} | ||||||
|  |     {{- if eq $tp "string" }} | ||||||
|  |       {{- tpl .Values.ingress.annotations . | nindent 4 }} | ||||||
|  |     {{- else }} | ||||||
|  |       {{- toYaml .Values.ingress.annotations | nindent 4 }} | ||||||
|  |     {{- end }} | ||||||
|  |   {{- end }} | ||||||
|  | {{- end -}} | ||||||
|  |  | ||||||
| {{- define "gitea.admin.passwordMode" -}} | {{- define "gitea.admin.passwordMode" -}} | ||||||
| {{- if has .Values.gitea.admin.passwordMode (tuple "keepUpdated" "initialOnlyNoReset" "initialOnlyRequireReset") -}} | {{- if has .Values.gitea.admin.passwordMode (tuple "keepUpdated" "initialOnlyNoReset" "initialOnlyRequireReset") -}} | ||||||
| {{ .Values.gitea.admin.passwordMode }} | {{ .Values.gitea.admin.passwordMode }} | ||||||
| @@ -465,3 +467,7 @@ https | |||||||
|   {{- end -}} |   {{- end -}} | ||||||
|   {{- toYaml $probe -}} |   {{- toYaml $probe -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
|  |  | ||||||
|  | {{- define "gitea.metrics-secret-name" -}} | ||||||
|  | {{ default (printf "%s-metrics-secret" (include "gitea.fullname" .)) }} | ||||||
|  | {{- end -}} | ||||||
|   | |||||||
| @@ -1,15 +0,0 @@ | |||||||
| {{- if .Values.actions.enabled -}} |  | ||||||
|     {{- if .Values.actions.provisioning.enabled -}} |  | ||||||
|         {{- if not (and .Values.persistence.enabled .Values.persistence.mount) -}} |  | ||||||
|             {{- fail "persistence.enabled and persistence.mount are required when provisioning is enabled" -}} |  | ||||||
|         {{- end -}} |  | ||||||
|         {{- if and .Values.persistence.enabled .Values.persistence.mount -}} |  | ||||||
|             {{- if .Values.actions.existingSecret -}} |  | ||||||
|                 {{- fail "Can't specify both actions.provisioning.enabled and actions.existingSecret" -}} |  | ||||||
|             {{- end -}} |  | ||||||
|         {{- end -}} |  | ||||||
|     {{- end -}} |  | ||||||
|     {{- if and (not .Values.actions.provisioning.enabled) (or (empty .Values.actions.existingSecret) (empty .Values.actions.existingSecretKey)) -}} |  | ||||||
|         {{- fail "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled" -}} |  | ||||||
|     {{- end -}} |  | ||||||
| {{- end -}} |  | ||||||
| @@ -1,14 +0,0 @@ | |||||||
| {{- if .Values.actions.enabled }} |  | ||||||
| --- |  | ||||||
| apiVersion: v1 |  | ||||||
| kind: ConfigMap |  | ||||||
| metadata: |  | ||||||
|   name: {{ include "gitea.fullname" . }}-act-runner-config |  | ||||||
|   labels: |  | ||||||
|     {{- include "gitea.labels" . | nindent 4 }} |  | ||||||
| data: |  | ||||||
|   config.yaml: | |  | ||||||
|     {{- with .Values.actions.statefulset.actRunner.config -}} |  | ||||||
|     {{ . | nindent 4}} |  | ||||||
|     {{- end -}} |  | ||||||
| {{- end }} |  | ||||||
| @@ -1,13 +0,0 @@ | |||||||
| {{- if .Values.actions.enabled }} |  | ||||||
| {{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} |  | ||||||
| --- |  | ||||||
| apiVersion: v1 |  | ||||||
| kind: ConfigMap |  | ||||||
| metadata: |  | ||||||
|   name: {{ include "gitea.fullname" . }}-scripts |  | ||||||
|   labels: |  | ||||||
|     {{- include "gitea.labels" . | nindent 4 }} |  | ||||||
| data: |  | ||||||
| {{ (.Files.Glob "scripts/*.sh").AsConfig | indent 2 }} |  | ||||||
| {{- end }} |  | ||||||
| {{- end }} |  | ||||||
| @@ -1,114 +0,0 @@ | |||||||
| {{- if .Values.actions.enabled }} |  | ||||||
| {{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} |  | ||||||
| {{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} |  | ||||||
| {{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} |  | ||||||
| --- |  | ||||||
| apiVersion: batch/v1 |  | ||||||
| kind: Job |  | ||||||
| metadata: |  | ||||||
|   name: {{ $name }} |  | ||||||
|   labels: |  | ||||||
|     {{- include "gitea.labels" . | nindent 4 }} |  | ||||||
|     {{- with .Values.actions.provisioning.labels }} |  | ||||||
|     {{- toYaml . | nindent 4 }} |  | ||||||
|     {{- end }} |  | ||||||
|     app.kubernetes.io/component: token-job |  | ||||||
|   annotations: |  | ||||||
|     {{- with .Values.actions.provisioning.annotations }} |  | ||||||
|     {{- toYaml . | nindent 4 }} |  | ||||||
|     {{- end }} |  | ||||||
| spec: |  | ||||||
|   ttlSecondsAfterFinished: {{ .Values.actions.provisioning.ttlSecondsAfterFinished }} |  | ||||||
|   template: |  | ||||||
|     metadata: |  | ||||||
|       labels: |  | ||||||
|         {{- include "gitea.labels" . | nindent 8 }} |  | ||||||
|         {{- with .Values.actions.provisioning.labels }} |  | ||||||
|         {{- toYaml . | nindent 8 }} |  | ||||||
|         {{- end }} |  | ||||||
|         app.kubernetes.io/component: token-job |  | ||||||
|     spec: |  | ||||||
|       initContainers: |  | ||||||
|         - name: init-gitea |  | ||||||
|           image: "{{ .Values.actions.init.image.repository }}:{{ .Values.actions.init.image.tag }}" |  | ||||||
|           command: |  | ||||||
|             - sh |  | ||||||
|             - -c |  | ||||||
|             - | |  | ||||||
|               while ! nc -z {{ include "gitea.fullname" . }}-http {{ .Values.service.http.port }}; do |  | ||||||
|                 sleep 5 |  | ||||||
|               done |  | ||||||
|       containers: |  | ||||||
|         - name: actions-token-create |  | ||||||
|           image: "{{ include "gitea.image" . }}" |  | ||||||
|           imagePullPolicy: {{ .Values.image.pullPolicy }} |  | ||||||
|           env: |  | ||||||
|             - name: GITEA_APP_INI |  | ||||||
|               value: /data/gitea/conf/app.ini |  | ||||||
|           command: |  | ||||||
|             - sh |  | ||||||
|             - -c |  | ||||||
|             - | |  | ||||||
|               echo "Generating act_runner token via 'gitea actions generate-runner-token'..." |  | ||||||
|               mkdir -p /data/actions/ |  | ||||||
|               gitea actions generate-runner-token | grep -E '^.{40}$' | tr -d '\n' > /data/actions/token |  | ||||||
|           resources: |  | ||||||
|             {{- toYaml .Values.actions.provisioning.resources | nindent 12 }} |  | ||||||
|           volumeMounts: |  | ||||||
|             - name: data |  | ||||||
|               mountPath: /data |  | ||||||
|               {{- if .Values.persistence.subPath }} |  | ||||||
|               subPath: {{ .Values.persistence.subPath }} |  | ||||||
|               {{- end }} |  | ||||||
|         - name: actions-token-upload |  | ||||||
|           image: "{{ .Values.actions.provisioning.publish.repository }}:{{ .Values.actions.provisioning.publish.tag }}" |  | ||||||
|           imagePullPolicy: {{ .Values.actions.provisioning.publish.pullPolicy }} |  | ||||||
|           env: |  | ||||||
|             - name: SECRET_NAME |  | ||||||
|               value: {{ $secretName }} |  | ||||||
|           command: |  | ||||||
|             - sh |  | ||||||
|             - -c |  | ||||||
|             - | |  | ||||||
|               printf "Checking rights to update kubernetes act_runner secret..." |  | ||||||
|               kubectl auth can-i update secret/${SECRET_NAME} |  | ||||||
|               /scripts/token.sh |  | ||||||
|           resources: |  | ||||||
|             {{- toYaml .Values.actions.provisioning.resources | nindent 12 }} |  | ||||||
|           volumeMounts: |  | ||||||
|             - mountPath: /scripts |  | ||||||
|               name: scripts |  | ||||||
|               readOnly: true |  | ||||||
|             - mountPath: /data |  | ||||||
|               name: data |  | ||||||
|               readOnly: true |  | ||||||
|               {{- if .Values.persistence.subPath }} |  | ||||||
|               subPath: {{ .Values.persistence.subPath }} |  | ||||||
|               {{- end }} |  | ||||||
|       {{- with .Values.actions.provisioning.nodeSelector }} |  | ||||||
|       nodeSelector: |  | ||||||
|         {{- toYaml . | nindent 8 }} |  | ||||||
|       {{- end }} |  | ||||||
|       {{- with .Values.actions.provisioning.affinity }} |  | ||||||
|       affinity: |  | ||||||
|         {{- toYaml . | nindent 8 }} |  | ||||||
|       {{- end }} |  | ||||||
|       {{- with .Values.actions.provisioning.tolerations }} |  | ||||||
|       tolerations: |  | ||||||
|         {{- toYaml . | nindent 8 }} |  | ||||||
|       {{- end }} |  | ||||||
|       restartPolicy: Never |  | ||||||
|       serviceAccount: {{ $name }} |  | ||||||
|       volumes: |  | ||||||
|         - name: scripts |  | ||||||
|           configMap: |  | ||||||
|             name: {{ include "gitea.fullname" . }}-scripts |  | ||||||
|             defaultMode: 0755 |  | ||||||
|         - name: data |  | ||||||
|           persistentVolumeClaim: |  | ||||||
|             claimName: {{ .Values.persistence.claimName }} |  | ||||||
|   parallelism: 1 |  | ||||||
|   completions: 1 |  | ||||||
|   backoffLimit: 1 |  | ||||||
| {{- end }} |  | ||||||
| {{- end }} |  | ||||||
| @@ -1,25 +0,0 @@ | |||||||
| {{- if .Values.actions.enabled }} |  | ||||||
| {{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} |  | ||||||
| {{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} |  | ||||||
| {{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} |  | ||||||
| --- |  | ||||||
| apiVersion: rbac.authorization.k8s.io/v1 |  | ||||||
| kind: Role |  | ||||||
| metadata: |  | ||||||
|   name: {{ $name }} |  | ||||||
|   labels: |  | ||||||
|     {{- include "gitea.labels" . | nindent 4 }} |  | ||||||
|     app.kubernetes.io/component: token-job |  | ||||||
| rules: |  | ||||||
|   - apiGroups: |  | ||||||
|       - "" |  | ||||||
|     resources: |  | ||||||
|       - secrets |  | ||||||
|     resourceNames: |  | ||||||
|       - {{ $secretName }} |  | ||||||
|     verbs: |  | ||||||
|       - get |  | ||||||
|       - update |  | ||||||
|       - patch |  | ||||||
| {{- end }} |  | ||||||
| {{- end }} |  | ||||||
| @@ -1,22 +0,0 @@ | |||||||
| {{- if .Values.actions.enabled }} |  | ||||||
| {{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} |  | ||||||
| {{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} |  | ||||||
| {{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} |  | ||||||
| --- |  | ||||||
| apiVersion: rbac.authorization.k8s.io/v1 |  | ||||||
| kind: RoleBinding |  | ||||||
| metadata: |  | ||||||
|   name: {{ $name }} |  | ||||||
|   labels: |  | ||||||
|     {{- include "gitea.labels" . | nindent 4 }} |  | ||||||
|     app.kubernetes.io/component: token-job |  | ||||||
| roleRef: |  | ||||||
|   apiGroup: rbac.authorization.k8s.io |  | ||||||
|   kind: Role |  | ||||||
|   name: {{ $name }} |  | ||||||
| subjects: |  | ||||||
|   - kind: ServiceAccount |  | ||||||
|     name: {{ $name }} |  | ||||||
|     namespace: {{ .Release.Namespace }} |  | ||||||
| {{- end }} |  | ||||||
| {{- end }} |  | ||||||
| @@ -1,19 +0,0 @@ | |||||||
| {{- if .Values.actions.enabled }} |  | ||||||
| {{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} |  | ||||||
| {{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} |  | ||||||
| {{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} |  | ||||||
| --- |  | ||||||
| apiVersion: v1 |  | ||||||
| kind: Secret |  | ||||||
| metadata: |  | ||||||
|   name: {{ $secretName }} |  | ||||||
|   labels: |  | ||||||
|     {{- include "gitea.labels" . | nindent 4 }} |  | ||||||
|     app.kubernetes.io/component: token-job |  | ||||||
| {{ $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) -}} |  | ||||||
| {{ if $secret -}} |  | ||||||
| data: |  | ||||||
|   token: {{ (b64dec (index $secret.data "token")) | b64enc }} |  | ||||||
| {{ end -}} |  | ||||||
| {{- end }} |  | ||||||
| {{- end }} |  | ||||||
| @@ -1,13 +0,0 @@ | |||||||
| {{- if .Values.actions.enabled }} |  | ||||||
| {{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} |  | ||||||
| {{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} |  | ||||||
| --- |  | ||||||
| apiVersion: v1 |  | ||||||
| kind: ServiceAccount |  | ||||||
| metadata: |  | ||||||
|   name: {{ $name }} |  | ||||||
|   labels: |  | ||||||
|     {{- include "gitea.labels" . | nindent 4 }} |  | ||||||
|     app.kubernetes.io/component: token-job |  | ||||||
| {{- end }} |  | ||||||
| {{- end }} |  | ||||||
| @@ -1,117 +0,0 @@ | |||||||
| {{- if .Values.actions.enabled }} |  | ||||||
| {{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} |  | ||||||
| --- |  | ||||||
| apiVersion: apps/v1 |  | ||||||
| kind: StatefulSet |  | ||||||
| metadata: |  | ||||||
|   labels: |  | ||||||
|     {{- include "gitea.labels.actRunner" . | nindent 4 }} |  | ||||||
|     {{- with .Values.actions.statefulset.labels }} |  | ||||||
|     {{- toYaml . | nindent 4 }} |  | ||||||
|     {{- end }} |  | ||||||
|   annotations: |  | ||||||
|     {{- with .Values.actions.statefulset.annotations }} |  | ||||||
|     {{- toYaml . | nindent 4 }} |  | ||||||
|     {{- end }} |  | ||||||
|   name: {{ include "gitea.fullname" . }}-act-runner |  | ||||||
| spec: |  | ||||||
|   selector: |  | ||||||
|     matchLabels: |  | ||||||
|       {{- include "gitea.selectorLabels.actRunner" . | nindent 6 }} |  | ||||||
|   template: |  | ||||||
|     metadata: |  | ||||||
|       labels: |  | ||||||
|         {{- include "gitea.labels.actRunner" . | nindent 8 }} |  | ||||||
|         {{- with .Values.actions.statefulset.labels }} |  | ||||||
|         {{- toYaml . | nindent 8 }} |  | ||||||
|         {{- end }} |  | ||||||
|     spec: |  | ||||||
|       initContainers: |  | ||||||
|         - name: init-gitea |  | ||||||
|           image: "{{ .Values.actions.init.image.repository }}:{{ .Values.actions.init.image.tag }}" |  | ||||||
|           command: |  | ||||||
|             - sh |  | ||||||
|             - -c |  | ||||||
|             - | |  | ||||||
|               while ! nc -z {{ include "gitea.fullname" . }}-http {{ .Values.service.http.port }}; do |  | ||||||
|                 sleep 5 |  | ||||||
|               done |  | ||||||
|       containers: |  | ||||||
|         - name: act-runner |  | ||||||
|           image: "{{ .Values.actions.statefulset.actRunner.repository }}:{{ .Values.actions.statefulset.actRunner.tag }}" |  | ||||||
|           imagePullPolicy: {{ .Values.actions.statefulset.actRunner.pullPolicy }} |  | ||||||
|           workingDir: /data |  | ||||||
|           env: |  | ||||||
|             - name: DOCKER_HOST |  | ||||||
|               value: tcp://127.0.0.1:2376 |  | ||||||
|             - name: DOCKER_TLS_VERIFY |  | ||||||
|               value: "1" |  | ||||||
|             - name: DOCKER_CERT_PATH |  | ||||||
|               value: /certs/server |  | ||||||
|             - name: GITEA_RUNNER_REGISTRATION_TOKEN |  | ||||||
|               valueFrom: |  | ||||||
|                 secretKeyRef: |  | ||||||
|                   name: "{{ .Values.actions.existingSecret | default $secretName }}" |  | ||||||
|                   key: "{{ .Values.actions.existingSecretKey | default "token" }}" |  | ||||||
|             - name: GITEA_INSTANCE_URL |  | ||||||
|               value: {{ include "gitea.act_runner.local_root_url" . }} |  | ||||||
|             - name: CONFIG_FILE |  | ||||||
|               value: /actrunner/config.yaml |  | ||||||
|           resources: |  | ||||||
|             {{- toYaml .Values.actions.statefulset.resources | nindent 12 }} |  | ||||||
|           volumeMounts: |  | ||||||
|             - mountPath: /actrunner/config.yaml |  | ||||||
|               name: act-runner-config |  | ||||||
|               subPath: config.yaml |  | ||||||
|             - mountPath: /certs/server |  | ||||||
|               name: docker-certs |  | ||||||
|             - mountPath: /data |  | ||||||
|               name: data-act-runner |  | ||||||
|         - name: dind |  | ||||||
|           image: "{{ .Values.actions.statefulset.dind.repository }}:{{ .Values.actions.statefulset.dind.tag }}" |  | ||||||
|           imagePullPolicy: {{ .Values.actions.statefulset.dind.pullPolicy }} |  | ||||||
|           env: |  | ||||||
|             - name: DOCKER_HOST |  | ||||||
|               value: tcp://127.0.0.1:2376 |  | ||||||
|             - name: DOCKER_TLS_VERIFY |  | ||||||
|               value: "1" |  | ||||||
|             - name: DOCKER_CERT_PATH |  | ||||||
|               value: /certs/server |  | ||||||
|             {{- if .Values.actions.statefulset.dind.extraEnvs }} |  | ||||||
|             {{- toYaml .Values.actions.statefulset.dind.extraEnvs | nindent 12 }} |  | ||||||
|             {{- end }} |  | ||||||
|           securityContext: |  | ||||||
|             privileged: true |  | ||||||
|           resources: |  | ||||||
|             {{- toYaml .Values.actions.statefulset.resources | nindent 12 }} |  | ||||||
|           volumeMounts: |  | ||||||
|             - mountPath: /certs/server |  | ||||||
|               name: docker-certs |  | ||||||
|       {{- with .Values.actions.statefulset.nodeSelector }} |  | ||||||
|       nodeSelector: |  | ||||||
|         {{- toYaml . | nindent 8 }} |  | ||||||
|       {{- end }} |  | ||||||
|       {{- with .Values.actions.statefulset.affinity }} |  | ||||||
|       affinity: |  | ||||||
|         {{- toYaml . | nindent 8 }} |  | ||||||
|       {{- end }} |  | ||||||
|       {{- with .Values.actions.statefulset.tolerations }} |  | ||||||
|       tolerations: |  | ||||||
|         {{- toYaml . | nindent 8 }} |  | ||||||
|       {{- end }} |  | ||||||
|       volumes: |  | ||||||
|         - name: act-runner-config |  | ||||||
|           configMap: |  | ||||||
|             name: {{ include "gitea.fullname" . }}-act-runner-config |  | ||||||
|         - name: docker-certs |  | ||||||
|           emptyDir: {} |  | ||||||
|   volumeClaimTemplates: |  | ||||||
|     - metadata: |  | ||||||
|         name: data-act-runner |  | ||||||
|       spec: |  | ||||||
|         accessModes: [ "ReadWriteOnce" ] |  | ||||||
|         {{- include "gitea.persistence.storageClass" . | nindent 8 }} |  | ||||||
|         resources: |  | ||||||
|           requests: |  | ||||||
|             storage: 1Mi |  | ||||||
| {{- end }} |  | ||||||
							
								
								
									
										3
									
								
								templates/gitea/check-actions-not-present.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										3
									
								
								templates/gitea/check-actions-not-present.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,3 @@ | |||||||
|  | {{- if .Values.actions -}} | ||||||
|  |     {{- fail "The actions sub-chart has been outsourced to a dedicated chart available at https://gitea.com/gitea/helm-actions. For assistance with the migration process, check https://gitea.com/gitea/helm-actions/issues/9." -}} | ||||||
|  | {{- end -}} | ||||||
| @@ -18,6 +18,7 @@ metadata: | |||||||
|     {{- include "gitea.labels" . | nindent 4 }} |     {{- include "gitea.labels" . | nindent 4 }} | ||||||
| type: Opaque | type: Opaque | ||||||
| stringData: | stringData: | ||||||
|  | {{ (.Files.Glob "scripts/init-containers/config/*.sh").AsConfig | indent 2 }} | ||||||
|   assertions: | |   assertions: | | ||||||
|  |  | ||||||
|     {{- /*assert that only one PG dep is enabled */ -}} |     {{- /*assert that only one PG dep is enabled */ -}} | ||||||
| @@ -26,17 +27,17 @@ stringData: | |||||||
|     {{- end }} |     {{- end }} | ||||||
|      |      | ||||||
|     {{- /* multiple replicas assertions */ -}} |     {{- /* multiple replicas assertions */ -}} | ||||||
|     {{- if gt .Values.replicaCount 1.0 -}} |     {{- if gt (.Values.replicaCount | int) 1 -}} | ||||||
|       {{- if .Values.gitea.config.cron -}} |       {{- if .Values.gitea.config.cron -}} | ||||||
|         {{- if .Values.gitea.config.cron.GIT_GC_REPOS -}} |         {{- if .Values.gitea.config.cron.GIT_GC_REPOS -}} | ||||||
|           {{- if eq .Values.gitea.config.cron.GIT_GC_REPOS.ENABLED true -}} |           {{- if eq .Values.gitea.config.cron.GIT_GC_REPOS.ENABLED true -}} | ||||||
|             {{ fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." }} |             {{ fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'gitea.config.cron.GIT_GC_REPOS.enabled = false'." }} | ||||||
|           {{- end }} |           {{- end }} | ||||||
|         {{- end }} |         {{- end }} | ||||||
|       {{- end }} |       {{- end }} | ||||||
|      |      | ||||||
|       {{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}} |       {{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}} | ||||||
|         {{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}} |         {{- fail "When using multiple replicas, a RWX file system is required and persistence.accessModes[0] must be set to ReadWriteMany." -}} | ||||||
|       {{- end }} |       {{- end }} | ||||||
|       {{- if .Values.gitea.config.indexer -}} |       {{- if .Values.gitea.config.indexer -}} | ||||||
|         {{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}} |         {{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}} | ||||||
| @@ -54,158 +55,3 @@ stringData: | |||||||
|       {{- end }} |       {{- end }} | ||||||
|        |        | ||||||
|     {{- end }} |     {{- end }} | ||||||
|   config_environment.sh: |- |  | ||||||
|     #!/usr/bin/env bash |  | ||||||
|     set -euo pipefail |  | ||||||
|  |  | ||||||
|     function env2ini::log() { |  | ||||||
|       printf "${1}\n" |  | ||||||
|     } |  | ||||||
|  |  | ||||||
|     function env2ini::read_config_to_env() { |  | ||||||
|       local section="${1}" |  | ||||||
|       local line="${2}" |  | ||||||
|  |  | ||||||
|       if [[ -z "${line}" ]]; then |  | ||||||
|         # skip empty line |  | ||||||
|         return |  | ||||||
|       fi |  | ||||||
|        |  | ||||||
|       # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line |  | ||||||
|       local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)" |  | ||||||
|  |  | ||||||
|       if [[ -z "${setting}" ]]; then |  | ||||||
|         env2ini::log '  ! invalid setting' |  | ||||||
|         exit 1 |  | ||||||
|       fi |  | ||||||
|  |  | ||||||
|       local value='' |  | ||||||
|       local regex="^${setting}(\s*)=(\s*)(.*)" |  | ||||||
|       if [[ $line =~ $regex ]]; then |  | ||||||
|         value="${BASH_REMATCH[3]}" |  | ||||||
|       else |  | ||||||
|         env2ini::log '  ! invalid setting' |  | ||||||
|         exit 1 |  | ||||||
|       fi |  | ||||||
|  |  | ||||||
|       env2ini::log "    + '${setting}'" |  | ||||||
|  |  | ||||||
|       if [[ -z "${section}" ]]; then |  | ||||||
|         export "GITEA____${setting^^}=${value}"                           # '^^' makes the variable content uppercase |  | ||||||
|         return |  | ||||||
|       fi |  | ||||||
|  |  | ||||||
|       local masked_section="${section//./_0X2E_}"                            # '//' instructs to replace all matches |  | ||||||
|       masked_section="${masked_section//-/_0X2D_}" |  | ||||||
|  |  | ||||||
|       export "GITEA__${masked_section^^}__${setting^^}=${value}"        # '^^' makes the variable content uppercase |  | ||||||
|     } |  | ||||||
|  |  | ||||||
|     function env2ini::reload_preset_envs() { |  | ||||||
|       env2ini::log "Reloading preset envs..." |  | ||||||
|  |  | ||||||
|       while read -r line; do |  | ||||||
|         if [[ -z "${line}" ]]; then |  | ||||||
|           # skip empty line |  | ||||||
|           return |  | ||||||
|         fi |  | ||||||
|  |  | ||||||
|         # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line |  | ||||||
|         local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)" |  | ||||||
|  |  | ||||||
|         if [[ -z "${setting}" ]]; then |  | ||||||
|           env2ini::log '  ! invalid setting' |  | ||||||
|           exit 1 |  | ||||||
|         fi |  | ||||||
|  |  | ||||||
|         local value='' |  | ||||||
|         local regex="^${setting}(\s*)=(\s*)(.*)" |  | ||||||
|         if [[ $line =~ $regex ]]; then |  | ||||||
|           value="${BASH_REMATCH[3]}" |  | ||||||
|         else |  | ||||||
|           env2ini::log '  ! invalid setting' |  | ||||||
|           exit 1 |  | ||||||
|         fi |  | ||||||
|  |  | ||||||
|         env2ini::log "  + '${setting}'" |  | ||||||
|  |  | ||||||
|         export "${setting^^}=${value}"                           # '^^' makes the variable content uppercase |  | ||||||
|       done < "/tmp/existing-envs" |  | ||||||
|  |  | ||||||
|       rm /tmp/existing-envs |  | ||||||
|     } |  | ||||||
|  |  | ||||||
|  |  | ||||||
|     function env2ini::process_config_file() { |  | ||||||
|       local config_file="${1}" |  | ||||||
|       local section="$(basename "${config_file}")" |  | ||||||
|  |  | ||||||
|       if [[ $section == '_generals_' ]]; then |  | ||||||
|         env2ini::log "  [ini root]" |  | ||||||
|         section='' |  | ||||||
|       else |  | ||||||
|         env2ini::log "  ${section}" |  | ||||||
|       fi |  | ||||||
|  |  | ||||||
|       while read -r line; do |  | ||||||
|         env2ini::read_config_to_env "${section}" "${line}" |  | ||||||
|       done < <(awk 1 "${config_file}")                             # Helm .toYaml trims the trailing new line which breaks line processing; awk 1 ... adds it back while reading |  | ||||||
|     } |  | ||||||
|  |  | ||||||
|     function env2ini::load_config_sources() { |  | ||||||
|       local path="${1}" |  | ||||||
|  |  | ||||||
|       if [[ -d "${path}" ]]; then |  | ||||||
|         env2ini::log "Processing $(basename "${path}")..." |  | ||||||
|  |  | ||||||
|         while read -d '' configFile; do |  | ||||||
|           env2ini::process_config_file "${configFile}" |  | ||||||
|         done < <(find "${path}" -type l -not -name '..data' -print0) |  | ||||||
|  |  | ||||||
|         env2ini::log "\n" |  | ||||||
|       fi |  | ||||||
|     } |  | ||||||
|  |  | ||||||
|     function env2ini::generate_initial_secrets() { |  | ||||||
|       # These environment variables will either be |  | ||||||
|       #   - overwritten with user defined values, |  | ||||||
|       #   - initially used to set up Gitea |  | ||||||
|       # Anyway, they won't harm existing app.ini files |  | ||||||
|  |  | ||||||
|       export GITEA__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN) |  | ||||||
|       export GITEA__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY) |  | ||||||
|       export GITEA__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET) |  | ||||||
|       export GITEA__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET) |  | ||||||
|  |  | ||||||
|       env2ini::log "...Initial secrets generated\n" |  | ||||||
|     } |  | ||||||
|      |  | ||||||
|     # save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs |  | ||||||
|     env | (grep -e '^GITEA__' || [[ $? == 1 ]]) > /tmp/existing-envs |  | ||||||
|      |  | ||||||
|     # MUST BE CALLED BEFORE OTHER CONFIGURATION |  | ||||||
|     env2ini::generate_initial_secrets |  | ||||||
|  |  | ||||||
|     env2ini::load_config_sources '/env-to-ini-mounts/inlines/' |  | ||||||
|     env2ini::load_config_sources '/env-to-ini-mounts/additionals/' |  | ||||||
|  |  | ||||||
|     # load existing envs to override auto generated envs |  | ||||||
|     env2ini::reload_preset_envs |  | ||||||
|  |  | ||||||
|     env2ini::log "=== All configuration sources loaded ===\n" |  | ||||||
|  |  | ||||||
|     # safety to prevent rewrite of secret keys if an app.ini already exists |  | ||||||
|     if [ -f ${GITEA_APP_INI} ]; then |  | ||||||
|       env2ini::log 'An app.ini file already exists. To prevent overwriting secret keys, these settings are dropped and remain unchanged:' |  | ||||||
|       env2ini::log '  - security.INTERNAL_TOKEN' |  | ||||||
|       env2ini::log '  - security.SECRET_KEY' |  | ||||||
|       env2ini::log '  - oauth2.JWT_SECRET' |  | ||||||
|       env2ini::log '  - server.LFS_JWT_SECRET' |  | ||||||
|  |  | ||||||
|       unset GITEA__SECURITY__INTERNAL_TOKEN |  | ||||||
|       unset GITEA__SECURITY__SECRET_KEY |  | ||||||
|       unset GITEA__OAUTH2__JWT_SECRET |  | ||||||
|       unset GITEA__SERVER__LFS_JWT_SECRET |  | ||||||
|     fi |  | ||||||
|  |  | ||||||
|     environment-to-ini -o $GITEA_APP_INI |  | ||||||
|   | |||||||
| @@ -59,10 +59,14 @@ spec: | |||||||
|       securityContext: |       securityContext: | ||||||
|         {{- toYaml .Values.podSecurityContext | nindent 8 }} |         {{- toYaml .Values.podSecurityContext | nindent 8 }} | ||||||
|       initContainers: |       initContainers: | ||||||
|  |         {{- if .Values.preExtraInitContainers }} | ||||||
|  |         {{- toYaml .Values.preExtraInitContainers | nindent 8 }} | ||||||
|  |         {{- end }} | ||||||
|         - name: init-directories |         - name: init-directories | ||||||
|           image: "{{ include "gitea.image" . }}" |           image: "{{ include "gitea.image" . }}" | ||||||
|           imagePullPolicy: {{ .Values.image.pullPolicy }} |           imagePullPolicy: {{ .Values.image.pullPolicy }} | ||||||
|           command: ["/usr/sbin/init_directory_structure.sh"] |           command: | ||||||
|  |             - "{{ .Values.initContainersScriptsVolumeMountPath }}/init_directory_structure.sh" | ||||||
|           env: |           env: | ||||||
|             - name: GITEA_APP_INI |             - name: GITEA_APP_INI | ||||||
|               value: /data/gitea/conf/app.ini |               value: /data/gitea/conf/app.ini | ||||||
| @@ -81,7 +85,7 @@ spec: | |||||||
|             {{- end }} |             {{- end }} | ||||||
|           volumeMounts: |           volumeMounts: | ||||||
|             - name: init |             - name: init | ||||||
|               mountPath: /usr/sbin |               mountPath: {{ .Values.initContainersScriptsVolumeMountPath }} | ||||||
|             - name: temp |             - name: temp | ||||||
|               mountPath: /tmp |               mountPath: /tmp | ||||||
|             - name: data |             - name: data | ||||||
| @@ -97,7 +101,8 @@ spec: | |||||||
|         - name: init-app-ini |         - name: init-app-ini | ||||||
|           image: "{{ include "gitea.image" . }}" |           image: "{{ include "gitea.image" . }}" | ||||||
|           imagePullPolicy: {{ .Values.image.pullPolicy }} |           imagePullPolicy: {{ .Values.image.pullPolicy }} | ||||||
|           command: ["/usr/sbin/config_environment.sh"] |           command: | ||||||
|  |           - "{{ .Values.initContainersScriptsVolumeMountPath }}/config_environment.sh" | ||||||
|           env: |           env: | ||||||
|             - name: GITEA_APP_INI |             - name: GITEA_APP_INI | ||||||
|               value: /data/gitea/conf/app.ini |               value: /data/gitea/conf/app.ini | ||||||
| @@ -107,15 +112,19 @@ spec: | |||||||
|               value: /data |               value: /data | ||||||
|             - name: GITEA_TEMP |             - name: GITEA_TEMP | ||||||
|               value: /tmp/gitea |               value: /tmp/gitea | ||||||
|  |             - name: TMP_EXISTING_ENVS_FILE | ||||||
|  |               value: /tmp/existing-envs | ||||||
|  |             - name: ENV_TO_INI_MOUNT_POINT | ||||||
|  |               value: /env-to-ini-mounts | ||||||
|             {{- if .Values.deployment.env }} |             {{- if .Values.deployment.env }} | ||||||
|             {{- toYaml .Values.deployment.env | nindent 12 }} |             {{- toYaml .Values.deployment.env | nindent 12 }} | ||||||
|             {{- end }} |             {{- end }} | ||||||
|             {{- if .Values.gitea.additionalConfigFromEnvs }} |             {{- if .Values.gitea.additionalConfigFromEnvs }} | ||||||
|             {{- toYaml .Values.gitea.additionalConfigFromEnvs | nindent 12 }} |             {{- tpl (toYaml .Values.gitea.additionalConfigFromEnvs) $ | nindent 12 }} | ||||||
|             {{- end }} |             {{- end }} | ||||||
|           volumeMounts: |           volumeMounts: | ||||||
|             - name: config |             - name: config | ||||||
|               mountPath: /usr/sbin |               mountPath: {{ .Values.initContainersScriptsVolumeMountPath }} | ||||||
|             - name: temp |             - name: temp | ||||||
|               mountPath: /tmp |               mountPath: /tmp | ||||||
|             - name: data |             - name: data | ||||||
| @@ -137,7 +146,8 @@ spec: | |||||||
|         {{- if .Values.signing.enabled }} |         {{- if .Values.signing.enabled }} | ||||||
|         - name: configure-gpg |         - name: configure-gpg | ||||||
|           image: "{{ include "gitea.image" . }}" |           image: "{{ include "gitea.image" . }}" | ||||||
|           command: ["/usr/sbin/configure_gpg_environment.sh"] |           command: | ||||||
|  |           - "{{ .Values.initContainersScriptsVolumeMountPath }}/configure_gpg_environment.sh" | ||||||
|           imagePullPolicy: {{ .Values.image.pullPolicy }} |           imagePullPolicy: {{ .Values.image.pullPolicy }} | ||||||
|           securityContext: |           securityContext: | ||||||
|             {{- /* By default this container runs as user 1000 unless otherwise stated */ -}} |             {{- /* By default this container runs as user 1000 unless otherwise stated */ -}} | ||||||
| @@ -149,9 +159,11 @@ spec: | |||||||
|           env: |           env: | ||||||
|             - name: GNUPGHOME |             - name: GNUPGHOME | ||||||
|               value: {{ .Values.signing.gpgHome }} |               value: {{ .Values.signing.gpgHome }} | ||||||
|  |             - name: TMP_RAW_GPG_KEY | ||||||
|  |               value: /raw/private.asc | ||||||
|           volumeMounts: |           volumeMounts: | ||||||
|             - name: init |             - name: init | ||||||
|               mountPath: /usr/sbin |               mountPath: {{ .Values.initContainersScriptsVolumeMountPath }} | ||||||
|             - name: data |             - name: data | ||||||
|               mountPath: /data |               mountPath: /data | ||||||
|               {{- if .Values.persistence.subPath }} |               {{- if .Values.persistence.subPath }} | ||||||
| @@ -168,7 +180,8 @@ spec: | |||||||
|         {{- end }} |         {{- end }} | ||||||
|         - name: configure-gitea |         - name: configure-gitea | ||||||
|           image: "{{ include "gitea.image" . }}" |           image: "{{ include "gitea.image" . }}" | ||||||
|           command: ["/usr/sbin/configure_gitea.sh"] |           command: | ||||||
|  |           - "{{ .Values.initContainersScriptsVolumeMountPath }}/configure_gitea.sh" | ||||||
|           imagePullPolicy: {{ .Values.image.pullPolicy }} |           imagePullPolicy: {{ .Values.image.pullPolicy }} | ||||||
|           securityContext: |           securityContext: | ||||||
|             {{- /* By default this container runs as user 1000 unless otherwise stated */ -}} |             {{- /* By default this container runs as user 1000 unless otherwise stated */ -}} | ||||||
| @@ -251,7 +264,7 @@ spec: | |||||||
|             {{- end }} |             {{- end }} | ||||||
|           volumeMounts: |           volumeMounts: | ||||||
|             - name: init |             - name: init | ||||||
|               mountPath: /usr/sbin |               mountPath: {{ .Values.initContainersScriptsVolumeMountPath }} | ||||||
|             - name: temp |             - name: temp | ||||||
|               mountPath: /tmp |               mountPath: /tmp | ||||||
|             - name: data |             - name: data | ||||||
| @@ -262,6 +275,9 @@ spec: | |||||||
|             {{- include "gitea.init-additional-mounts" . | nindent 12 }} |             {{- include "gitea.init-additional-mounts" . | nindent 12 }} | ||||||
|           resources: |           resources: | ||||||
|             {{- toYaml .Values.initContainers.resources | nindent 12 }} |             {{- toYaml .Values.initContainers.resources | nindent 12 }} | ||||||
|  |         {{- if .Values.postExtraInitContainers }} | ||||||
|  |         {{- toYaml .Values.postExtraInitContainers | nindent 8 }} | ||||||
|  |         {{- end }} | ||||||
|       terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }} |       terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }} | ||||||
|       containers: |       containers: | ||||||
|         - name: {{ .Chart.Name }} |         - name: {{ .Chart.Name }} | ||||||
| @@ -285,6 +301,13 @@ spec: | |||||||
|               value: /data |               value: /data | ||||||
|             - name: GITEA_TEMP |             - name: GITEA_TEMP | ||||||
|               value: /tmp/gitea |               value: /tmp/gitea | ||||||
|  |             {{- if and (hasKey .Values.resources "limits") (hasKey .Values.resources.limits "cpu") }} | ||||||
|  |             - name: GOMAXPROCS | ||||||
|  |               valueFrom: | ||||||
|  |                 resourceFieldRef: | ||||||
|  |                   divisor: "1" | ||||||
|  |                   resource: limits.cpu | ||||||
|  |             {{- end }} | ||||||
|             - name: TMPDIR |             - name: TMPDIR | ||||||
|               value: /tmp/gitea |               value: /tmp/gitea | ||||||
|             {{- if .Values.image.rootless }} |             {{- if .Values.image.rootless }} | ||||||
| @@ -347,9 +370,9 @@ spec: | |||||||
|       hostAliases: |       hostAliases: | ||||||
|         {{- toYaml . | nindent 8 }} |         {{- toYaml . | nindent 8 }} | ||||||
|       {{- end }} |       {{- end }} | ||||||
|       {{- with .Values.nodeSelector }} |       {{- range $key, $value := .Values.nodeSelector }} | ||||||
|       nodeSelector: |       nodeSelector: | ||||||
|         {{- toYaml . | nindent 8 }} |         {{ $key }}: {{ $value | quote }} | ||||||
|       {{- end }} |       {{- end }} | ||||||
|     {{- with .Values.affinity }} |     {{- with .Values.affinity }} | ||||||
|       affinity: |       affinity: | ||||||
|   | |||||||
| @@ -1,15 +1,7 @@ | |||||||
| {{- if .Values.ingress.enabled -}} | {{- if .Values.ingress.enabled -}} | ||||||
| {{- $fullName := include "gitea.fullname" . -}} | {{- $fullName := include "gitea.fullname" . -}} | ||||||
| {{- $httpPort := .Values.service.http.port -}} | {{- $httpPort := .Values.service.http.port -}} | ||||||
| {{- $apiVersion := "extensions/v1beta1" -}} | apiVersion: networking.k8s.io/v1 | ||||||
| {{- if .Values.ingress.apiVersion -}} |  | ||||||
| {{- $apiVersion = .Values.ingress.apiVersion -}} |  | ||||||
| {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} |  | ||||||
| {{- $apiVersion = "networking.k8s.io/v1" }} |  | ||||||
| {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}} |  | ||||||
| {{- $apiVersion = "networking.k8s.io/v1beta1" }} |  | ||||||
| {{- end }} |  | ||||||
| apiVersion: {{ $apiVersion }} |  | ||||||
| kind: Ingress | kind: Ingress | ||||||
| metadata: | metadata: | ||||||
|   name: {{ $fullName }} |   name: {{ $fullName }} | ||||||
| @@ -21,9 +13,7 @@ metadata: | |||||||
|       {{ $key }}: {{ $value | quote }} |       {{ $key }}: {{ $value | quote }} | ||||||
|     {{- end }} |     {{- end }} | ||||||
| spec: | spec: | ||||||
| {{- if .Values.ingress.className }} |  | ||||||
|   ingressClassName: {{ tpl .Values.ingress.className . }} |   ingressClassName: {{ tpl .Values.ingress.className . }} | ||||||
| {{- end }} |  | ||||||
| {{- if .Values.ingress.tls }} | {{- if .Values.ingress.tls }} | ||||||
|   tls: |   tls: | ||||||
|   {{- range .Values.ingress.tls }} |   {{- range .Values.ingress.tls }} | ||||||
| @@ -39,21 +29,34 @@ spec: | |||||||
|     - host: {{ tpl .host $ | quote }} |     - host: {{ tpl .host $ | quote }} | ||||||
|       http: |       http: | ||||||
|         paths: |         paths: | ||||||
|  |           {{- if .paths }} | ||||||
|           {{- range .paths }} |           {{- range .paths }} | ||||||
|           - path: {{ .path }} |           {{- if kindIs "string" . }} | ||||||
|             {{- if and .pathType (eq $apiVersion "networking.k8s.io/v1") }} |           - path: {{ . }} | ||||||
|             pathType: {{ .pathType }} |             pathType: {{ default "Prefix" $.Values.ingress.pathType }} | ||||||
|             {{- end }} |  | ||||||
|             backend: |             backend: | ||||||
|             {{- if eq $apiVersion "networking.k8s.io/v1" }} |  | ||||||
|               service: |               service: | ||||||
|                 name: {{ $fullName }}-http |                 name: {{ $fullName }}-http | ||||||
|                 port: |                 port: | ||||||
|                   number: {{ $httpPort }} |                   number: {{ $httpPort }} | ||||||
|           {{- else }} |           {{- else }} | ||||||
|               serviceName: {{ $fullName }}-http |           - path: {{ .path | default "/" }} | ||||||
|               servicePort: {{ $httpPort }} |             pathType: {{ .pathType | default "Prefix" }} | ||||||
|  |             backend: | ||||||
|  |               service: | ||||||
|  |                 name: {{ $fullName }}-http | ||||||
|  |                 port: | ||||||
|  |                   number: {{ $httpPort }} | ||||||
|           {{- end }} |           {{- end }} | ||||||
|           {{- end }} |           {{- end }} | ||||||
|  |           {{- else }} | ||||||
|  |           - path: "/" | ||||||
|  |             pathType: "Prefix" | ||||||
|  |             backend: | ||||||
|  |               service: | ||||||
|  |                 name: {{ $fullName }}-http | ||||||
|  |                 port: | ||||||
|  |                   number: {{ $httpPort }} | ||||||
|  |           {{- end }} | ||||||
|     {{- end }} |     {{- end }} | ||||||
| {{- end }} | {{- end }} | ||||||
|   | |||||||
| @@ -7,11 +7,7 @@ metadata: | |||||||
|     {{- include "gitea.labels" . | nindent 4 }} |     {{- include "gitea.labels" . | nindent 4 }} | ||||||
| type: Opaque | type: Opaque | ||||||
| stringData: | stringData: | ||||||
|   configure_gpg_environment.sh: |- | {{ (.Files.Glob "scripts/init-containers/init/*.sh").AsConfig | indent 2 }} | ||||||
|     #!/usr/bin/env bash |  | ||||||
|     set -eu |  | ||||||
|  |  | ||||||
|     gpg --batch --import /raw/private.asc |  | ||||||
|   init_directory_structure.sh: |- |   init_directory_structure.sh: |- | ||||||
|     #!/usr/bin/env bash |     #!/usr/bin/env bash | ||||||
|  |  | ||||||
| @@ -61,25 +57,25 @@ stringData: | |||||||
|       exit 1 |       exit 1 | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     {{- if include "redis.servicename" . }} |     {{- if include "valkey.servicename" . }} | ||||||
|     function test_redis_connection() { |     function test_valkey_connection() { | ||||||
|       local RETRY=0 |       local RETRY=0 | ||||||
|       local MAX=30 |       local MAX=30 | ||||||
|        |        | ||||||
|       echo 'Wait for redis to become avialable...' |       echo 'Wait for valkey to become avialable...' | ||||||
|       until [ "${RETRY}" -ge "${MAX}" ]; do |       until [ "${RETRY}" -ge "${MAX}" ]; do | ||||||
|         nc -vz -w2 {{ include "redis.servicename" . }} {{ include "redis.port" . }} && break |         nc -vz -w2 {{ include "valkey.servicename" . }} {{ include "valkey.port" . }} && break | ||||||
|         RETRY=$[${RETRY}+1] |         RETRY=$[${RETRY}+1] | ||||||
|         echo "...not ready yet (${RETRY}/${MAX})" |         echo "...not ready yet (${RETRY}/${MAX})" | ||||||
|       done |       done | ||||||
|  |  | ||||||
|       if [ "${RETRY}" -ge "${MAX}" ]; then |       if [ "${RETRY}" -ge "${MAX}" ]; then | ||||||
|         echo "Redis not reachable after '${MAX}' attempts!" |         echo "Valkey not reachable after '${MAX}' attempts!" | ||||||
|         exit 1 |         exit 1 | ||||||
|       fi |       fi | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     test_redis_connection |     test_valkey_connection | ||||||
|     {{- end }} |     {{- end }} | ||||||
|      |      | ||||||
|  |  | ||||||
| @@ -98,7 +94,7 @@ stringData: | |||||||
|  |  | ||||||
|         echo "ERROR: 'configure_admin_user' was not able to determine the current list of admin users." |         echo "ERROR: 'configure_admin_user' was not able to determine the current list of admin users." | ||||||
|         echo "       Please review the output of 'gitea admin user list --admin' shown below." |         echo "       Please review the output of 'gitea admin user list --admin' shown below." | ||||||
|         echo "       If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues." |         echo "       If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-gitea/issues." | ||||||
|         echo "DEBUG: Output of 'gitea admin user list --admin'" |         echo "DEBUG: Output of 'gitea admin user list --admin'" | ||||||
|         echo "--" |         echo "--" | ||||||
|         echo "${full_admin_list}" |         echo "${full_admin_list}" | ||||||
| @@ -121,7 +117,7 @@ stringData: | |||||||
|       else |       else | ||||||
|         if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = keepUpdated ]]; then |         if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = keepUpdated ]]; then | ||||||
|           echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." |           echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." | ||||||
|           # See https://gitea.com/gitea/helm-chart/issues/673 |           # See https://gitea.com/gitea/helm-gitea/issues/673 | ||||||
|           # --must-change-password argument was added to change-password, defaulting to true, counter to the previous behavior |           # --must-change-password argument was added to change-password, defaulting to true, counter to the previous behavior | ||||||
|           #   which acted as if it were provided with =false. If the argument is present in this version of gitea, then we |           #   which acted as if it were provided with =false. If the argument is present in this version of gitea, then we | ||||||
|           #   should add it to prevent requiring frequent admin password resets. |           #   should add it to prevent requiring frequent admin password resets. | ||||||
| @@ -158,7 +154,7 @@ stringData: | |||||||
|  |  | ||||||
|         echo "ERROR: 'configure_ldap' was not able to determine the current list of authentication sources." |         echo "ERROR: 'configure_ldap' was not able to determine the current list of authentication sources." | ||||||
|         echo "       Please review the output of 'gitea admin auth list --vertical-bars' shown below." |         echo "       Please review the output of 'gitea admin auth list --vertical-bars' shown below." | ||||||
|         echo "       If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues." |         echo "       If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-gitea/issues." | ||||||
|         echo "DEBUG: Output of 'gitea admin auth list --vertical-bars'" |         echo "DEBUG: Output of 'gitea admin auth list --vertical-bars'" | ||||||
|         echo "--" |         echo "--" | ||||||
|         echo "${full_auth_list}" |         echo "${full_auth_list}" | ||||||
| @@ -202,7 +198,7 @@ stringData: | |||||||
|  |  | ||||||
|         echo "ERROR: 'configure_oauth' was not able to determine the current list of authentication sources." |         echo "ERROR: 'configure_oauth' was not able to determine the current list of authentication sources." | ||||||
|         echo "       Please review the output of 'gitea admin auth list --vertical-bars' shown below." |         echo "       Please review the output of 'gitea admin auth list --vertical-bars' shown below." | ||||||
|         echo "       If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues." |         echo "       If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-gitea/issues." | ||||||
|         echo "DEBUG: Output of 'gitea admin auth list --vertical-bars'" |         echo "DEBUG: Output of 'gitea admin auth list --vertical-bars'" | ||||||
|         echo "--" |         echo "--" | ||||||
|         echo "${full_auth_list}" |         echo "${full_auth_list}" | ||||||
|   | |||||||
							
								
								
									
										12
									
								
								templates/gitea/metrics-secret.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								templates/gitea/metrics-secret.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,12 @@ | |||||||
|  | {{- if and (.Values.gitea.metrics.enabled) (.Values.gitea.metrics.serviceMonitor.enabled) (.Values.gitea.metrics.token) -}} | ||||||
|  | apiVersion: v1 | ||||||
|  | kind: Secret | ||||||
|  | metadata: | ||||||
|  |   name: {{ include "gitea.metrics-secret-name" . }} | ||||||
|  |   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||||
|  |   labels: | ||||||
|  |     {{- include "gitea.labels" . | nindent 4 }} | ||||||
|  | type: Opaque | ||||||
|  | data: | ||||||
|  |   token: {{ .Values.gitea.metrics.token  | b64enc }} | ||||||
|  | {{- end }} | ||||||
| @@ -10,7 +10,7 @@ metadata: | |||||||
| {{ .Values.persistence.labels | toYaml | indent 4}} | {{ .Values.persistence.labels | toYaml | indent 4}} | ||||||
| spec: | spec: | ||||||
|   accessModes: |   accessModes: | ||||||
|   {{- if gt .Values.replicaCount 1.0 }} |   {{- if gt (.Values.replicaCount | int) 1 }} | ||||||
|       - ReadWriteMany |       - ReadWriteMany | ||||||
|   {{- else }} |   {{- else }} | ||||||
|     {{- .Values.persistence.accessModes | toYaml | nindent 4 }} |     {{- .Values.persistence.accessModes | toYaml | nindent 4 }} | ||||||
|   | |||||||
| @@ -32,4 +32,12 @@ spec: | |||||||
|     tlsConfig: |     tlsConfig: | ||||||
|       {{- . | toYaml | nindent 6 }} |       {{- . | toYaml | nindent 6 }} | ||||||
|     {{- end }} |     {{- end }} | ||||||
|  |     {{- if .Values.gitea.metrics.token }} | ||||||
|  |     authorization: | ||||||
|  |       type: Bearer | ||||||
|  |       credentials: | ||||||
|  |         name: {{ include "gitea.metrics-secret-name" . }} | ||||||
|  |         key: token | ||||||
|  |         optional: false | ||||||
|  |     {{- end }} | ||||||
| {{- end -}} | {{- end -}} | ||||||
| @@ -1,69 +0,0 @@ | |||||||
| suite: actions template | consistency checks |  | ||||||
| release: |  | ||||||
|   name: gitea-unittests |  | ||||||
|   namespace: testing |  | ||||||
| templates: |  | ||||||
|   - templates/gitea/act_runner/01-consistency-checks.yaml |  | ||||||
| tests: |  | ||||||
|   - it: fails when provisioning is enabled BUT persistence is completely disabled |  | ||||||
|     set: |  | ||||||
|       persistence: |  | ||||||
|         enabled: false |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|         provisioning: |  | ||||||
|           enabled: true |  | ||||||
|     asserts: |  | ||||||
|       - failedTemplate: |  | ||||||
|           errorMessage: "persistence.enabled and persistence.mount are required when provisioning is enabled" |  | ||||||
|   - it: fails when provisioning is enabled BUT mount is disabled, although persistence is enabled |  | ||||||
|     set: |  | ||||||
|       persistence: |  | ||||||
|         enabled: true |  | ||||||
|         mount: false |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|         provisioning: |  | ||||||
|           enabled: true |  | ||||||
|     asserts: |  | ||||||
|       - failedTemplate: |  | ||||||
|           errorMessage: "persistence.enabled and persistence.mount are required when provisioning is enabled" |  | ||||||
|   - it: fails when provisioning is enabled AND existingSecret is given |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|         provisioning: |  | ||||||
|           enabled: true |  | ||||||
|         existingSecret: "secret-reference" |  | ||||||
|     asserts: |  | ||||||
|       - failedTemplate: |  | ||||||
|           errorMessage: "Can't specify both actions.provisioning.enabled and actions.existingSecret" |  | ||||||
|   - it: fails when provisioning is disabled BUT existingSecret and existingSecretKey are missing |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|         provisioning: |  | ||||||
|           enabled: false |  | ||||||
|     asserts: |  | ||||||
|       - failedTemplate: |  | ||||||
|           errorMessage: "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled" |  | ||||||
|   - it: fails when provisioning is disabled BUT existingSecretKey is missing |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|         provisioning: |  | ||||||
|           enabled: false |  | ||||||
|         existingSecret: "my-secret" |  | ||||||
|     asserts: |  | ||||||
|       - failedTemplate: |  | ||||||
|           errorMessage: "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled" |  | ||||||
|   - it: fails when provisioning is disabled BUT existingSecret is missing |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|         provisioning: |  | ||||||
|           enabled: false |  | ||||||
|         existingSecretKey: "my-secret-key" |  | ||||||
|     asserts: |  | ||||||
|       - failedTemplate: |  | ||||||
|           errorMessage: "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled" |  | ||||||
| @@ -1,45 +0,0 @@ | |||||||
| # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json |  | ||||||
| suite: actions template | config-act-runner |  | ||||||
| release: |  | ||||||
|   name: gitea-unittests |  | ||||||
|   namespace: testing |  | ||||||
| templates: |  | ||||||
|   - templates/gitea/act_runner/config-act-runner.yaml |  | ||||||
| tests: |  | ||||||
|   - it: doesn't renders a ConfigMap by default |  | ||||||
|     template: templates/gitea/act_runner/config-act-runner.yaml |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 0 |  | ||||||
|   - it: renders a ConfigMap |  | ||||||
|     template: templates/gitea/act_runner/config-act-runner.yaml |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|         statefulset: |  | ||||||
|           actRunner: |  | ||||||
|             config: | |  | ||||||
|               log: |  | ||||||
|                 level: info |  | ||||||
|               cache: |  | ||||||
|                 enabled: false |  | ||||||
|               runner: |  | ||||||
|                 labels: |  | ||||||
|                   - "ubuntu-latest" |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 1 |  | ||||||
|       - containsDocument: |  | ||||||
|           kind: ConfigMap |  | ||||||
|           apiVersion: v1 |  | ||||||
|           name: gitea-unittests-act-runner-config |  | ||||||
|       - equal: |  | ||||||
|           path: data["config.yaml"] |  | ||||||
|           value: | |  | ||||||
|             log: |  | ||||||
|               level: info |  | ||||||
|             cache: |  | ||||||
|               enabled: false |  | ||||||
|             runner: |  | ||||||
|               labels: |  | ||||||
|                 - "ubuntu-latest" |  | ||||||
| @@ -1,49 +0,0 @@ | |||||||
| suite: actions template | config-scripts |  | ||||||
| release: |  | ||||||
|   name: gitea-unittests |  | ||||||
|   namespace: testing |  | ||||||
| templates: |  | ||||||
|   - templates/gitea/act_runner/config-scripts.yaml |  | ||||||
| tests: |  | ||||||
|   - it: renders a ConfigMap when all criteria are met |  | ||||||
|     template: templates/gitea/act_runner/config-scripts.yaml |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|         provisioning: |  | ||||||
|           enabled: true |  | ||||||
|       persistence: |  | ||||||
|         enabled: true |  | ||||||
|         mount: true |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 1 |  | ||||||
|       - containsDocument: |  | ||||||
|           kind: ConfigMap |  | ||||||
|           apiVersion: v1 |  | ||||||
|           name: gitea-unittests-scripts |  | ||||||
|       - isNotNullOrEmpty: |  | ||||||
|           path: data["token.sh"] |  | ||||||
|   - it: doesn't renders a ConfigMap by default |  | ||||||
|     template: templates/gitea/act_runner/config-scripts.yaml |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 0 |  | ||||||
|   - it: doesn't renders a ConfigMap with disabled actions but enabled provisioning |  | ||||||
|     template: templates/gitea/act_runner/config-scripts.yaml |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 0 |  | ||||||
|   - it: doesn't renders a ConfigMap with disabled actions but otherwise met criteria |  | ||||||
|     template: templates/gitea/act_runner/config-scripts.yaml |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: false |  | ||||||
|         provisioning: |  | ||||||
|           enabled: true |  | ||||||
|       persistence: |  | ||||||
|         enabled: true |  | ||||||
|         mount: true |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 0 |  | ||||||
| @@ -1,65 +0,0 @@ | |||||||
| suite: actions template | job |  | ||||||
| release: |  | ||||||
|   name: gitea-unittests |  | ||||||
|   namespace: testing |  | ||||||
| chart: |  | ||||||
|   # Override appVersion to have a pinned version for comparison |  | ||||||
|   appVersion: 1.19.3 |  | ||||||
| templates: |  | ||||||
|   - templates/gitea/act_runner/job.yaml |  | ||||||
| tests: |  | ||||||
|   - it: renders a Job |  | ||||||
|     template: templates/gitea/act_runner/job.yaml |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|         provisioning: |  | ||||||
|           enabled: true |  | ||||||
|       persistence: |  | ||||||
|         enabled: true |  | ||||||
|         mount: true |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 1 |  | ||||||
|       - containsDocument: |  | ||||||
|           kind: Job |  | ||||||
|           apiVersion: batch/v1 |  | ||||||
|           name: gitea-unittests-actions-token-job |  | ||||||
|       - equal: |  | ||||||
|           path: spec.template.spec.containers[0].image |  | ||||||
|           value: "gitea/gitea:1.19.3-rootless" |  | ||||||
|   - it: tag override |  | ||||||
|     template: templates/gitea/act_runner/job.yaml |  | ||||||
|     set: |  | ||||||
|       image.tag: "1.19.4" |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|         provisioning: |  | ||||||
|           enabled: true |  | ||||||
|           publish: |  | ||||||
|             tag: "1.29.0" |  | ||||||
|       persistence: |  | ||||||
|         enabled: true |  | ||||||
|         mount: true |  | ||||||
|     asserts: |  | ||||||
|       - equal: |  | ||||||
|           path: spec.template.spec.containers[0].image |  | ||||||
|           value: "gitea/gitea:1.19.4-rootless" |  | ||||||
|       - equal: |  | ||||||
|           path: spec.template.spec.containers[1].image |  | ||||||
|           value: "bitnami/kubectl:1.29.0" |  | ||||||
|   - it: doesn't renders a Job by default |  | ||||||
|     template: templates/gitea/act_runner/job.yaml |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 0 |  | ||||||
|   - it: doesn't renders a Job when provisioning is enabled BUT actions are not enabled |  | ||||||
|     template: templates/gitea/act_runner/job.yaml |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: false |  | ||||||
|         provisioning: |  | ||||||
|           enabled: true |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 0 |  | ||||||
| @@ -1,42 +0,0 @@ | |||||||
| suite: actions template | role-job |  | ||||||
| release: |  | ||||||
|   name: gitea-unittests |  | ||||||
|   namespace: testing |  | ||||||
| templates: |  | ||||||
|   - templates/gitea/act_runner/role-job.yaml |  | ||||||
| tests: |  | ||||||
|   - it: doesn't renders a Role by default |  | ||||||
|     template: templates/gitea/act_runner/role-job.yaml |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 0 |  | ||||||
|   - it: renders a Role |  | ||||||
|     template: templates/gitea/act_runner/role-job.yaml |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|         provisioning: |  | ||||||
|           enabled: true |  | ||||||
|       persistence: |  | ||||||
|         enabled: true |  | ||||||
|         mount: true |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 1 |  | ||||||
|       - containsDocument: |  | ||||||
|           kind: Role |  | ||||||
|           apiVersion: rbac.authorization.k8s.io/v1 |  | ||||||
|           name: gitea-unittests-actions-token-job |  | ||||||
|   - it: doesn't renders a Role when criteria met BUT actions are not enabled |  | ||||||
|     template: templates/gitea/act_runner/role-job.yaml |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: false |  | ||||||
|         provisioning: |  | ||||||
|           enabled: true |  | ||||||
|       persistence: |  | ||||||
|         enabled: true |  | ||||||
|         mount: true |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 0 |  | ||||||
| @@ -1,42 +0,0 @@ | |||||||
| suite: actions template | rolebinding-job |  | ||||||
| release: |  | ||||||
|   name: gitea-unittests |  | ||||||
|   namespace: testing |  | ||||||
| templates: |  | ||||||
|   - templates/gitea/act_runner/rolebinding-job.yaml |  | ||||||
| tests: |  | ||||||
|   - it: doesn't renders a RoleBinding by default |  | ||||||
|     template: templates/gitea/act_runner/rolebinding-job.yaml |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 0 |  | ||||||
|   - it: renders a RoleBinding |  | ||||||
|     template: templates/gitea/act_runner/rolebinding-job.yaml |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|         provisioning: |  | ||||||
|           enabled: true |  | ||||||
|       persistence: |  | ||||||
|         enabled: true |  | ||||||
|         mount: true |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 1 |  | ||||||
|       - containsDocument: |  | ||||||
|           kind: RoleBinding |  | ||||||
|           apiVersion: rbac.authorization.k8s.io/v1 |  | ||||||
|           name: gitea-unittests-actions-token-job |  | ||||||
|   - it: doesn't renders a RoleBinding when criteria met BUT actions are not enabled |  | ||||||
|     template: templates/gitea/act_runner/rolebinding-job.yaml |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: false |  | ||||||
|         provisioning: |  | ||||||
|           enabled: true |  | ||||||
|       persistence: |  | ||||||
|         enabled: true |  | ||||||
|         mount: true |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 0 |  | ||||||
| @@ -1,42 +0,0 @@ | |||||||
| suite: actions template | secret-token |  | ||||||
| release: |  | ||||||
|   name: gitea-unittests |  | ||||||
|   namespace: testing |  | ||||||
| templates: |  | ||||||
|   - templates/gitea/act_runner/secret-token.yaml |  | ||||||
| tests: |  | ||||||
|   - it: doesn't renders a Secret by default |  | ||||||
|     template: templates/gitea/act_runner/secret-token.yaml |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 0 |  | ||||||
|   - it: renders a Secret |  | ||||||
|     template: templates/gitea/act_runner/secret-token.yaml |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|         provisioning: |  | ||||||
|           enabled: true |  | ||||||
|       persistence: |  | ||||||
|         enabled: true |  | ||||||
|         mount: true |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 1 |  | ||||||
|       - containsDocument: |  | ||||||
|           kind: Secret |  | ||||||
|           apiVersion: v1 |  | ||||||
|           name: gitea-unittests-actions-token |  | ||||||
|   - it: doesn't renders a Secret when criteria met BUT actions are not enabled |  | ||||||
|     template: templates/gitea/act_runner/secret-token.yaml |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: false |  | ||||||
|         provisioning: |  | ||||||
|           enabled: true |  | ||||||
|       persistence: |  | ||||||
|         enabled: true |  | ||||||
|         mount: true |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 0 |  | ||||||
| @@ -1,42 +0,0 @@ | |||||||
| suite: actions template | serviceaccount-job |  | ||||||
| release: |  | ||||||
|   name: gitea-unittests |  | ||||||
|   namespace: testing |  | ||||||
| templates: |  | ||||||
|   - templates/gitea/act_runner/serviceaccount-job.yaml |  | ||||||
| tests: |  | ||||||
|   - it: doesn't renders a ServiceAccount by default |  | ||||||
|     template: templates/gitea/act_runner/serviceaccount-job.yaml |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 0 |  | ||||||
|   - it: renders a ServiceAccount |  | ||||||
|     template: templates/gitea/act_runner/serviceaccount-job.yaml |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|         provisioning: |  | ||||||
|           enabled: true |  | ||||||
|       persistence: |  | ||||||
|         enabled: true |  | ||||||
|         mount: true |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 1 |  | ||||||
|       - containsDocument: |  | ||||||
|           kind: ServiceAccount |  | ||||||
|           apiVersion: v1 |  | ||||||
|           name: gitea-unittests-actions-token-job |  | ||||||
|   - it: doesn't renders a ServiceAccount when criteria met BUT actions are not enabled |  | ||||||
|     template: templates/gitea/act_runner/serviceaccount-job.yaml |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: false |  | ||||||
|         provisioning: |  | ||||||
|           enabled: true |  | ||||||
|       persistence: |  | ||||||
|         enabled: true |  | ||||||
|         mount: true |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 0 |  | ||||||
| @@ -1,111 +0,0 @@ | |||||||
| suite: actions template | statefulset |  | ||||||
| release: |  | ||||||
|   name: gitea-unittests |  | ||||||
|   namespace: testing |  | ||||||
| templates: |  | ||||||
|   - templates/gitea/act_runner/statefulset.yaml |  | ||||||
| tests: |  | ||||||
|   - it: doesn't renders a StatefulSet by default |  | ||||||
|     template: templates/gitea/act_runner/statefulset.yaml |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 0 |  | ||||||
|   - it: renders a StatefulSet (with given existingSecret/existingSecretKey) |  | ||||||
|     template: templates/gitea/act_runner/statefulset.yaml |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|         existingSecret: "my-secret" |  | ||||||
|         existingSecretKey: "my-secret-key" |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 1 |  | ||||||
|       - containsDocument: |  | ||||||
|           kind: StatefulSet |  | ||||||
|           apiVersion: apps/v1 |  | ||||||
|           name: gitea-unittests-act-runner |  | ||||||
|       - equal: |  | ||||||
|           path: spec.template.spec.containers[0].env[3] |  | ||||||
|           value: |  | ||||||
|             name: GITEA_RUNNER_REGISTRATION_TOKEN |  | ||||||
|             valueFrom: |  | ||||||
|               secretKeyRef: |  | ||||||
|                 name: "my-secret" |  | ||||||
|                 key: "my-secret-key" |  | ||||||
|   - it: renders a StatefulSet (with secret reference defaults for enabled provisioning) |  | ||||||
|     template: templates/gitea/act_runner/statefulset.yaml |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|         provisioning: |  | ||||||
|           enabled: true |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 1 |  | ||||||
|       - containsDocument: |  | ||||||
|           kind: StatefulSet |  | ||||||
|           apiVersion: apps/v1 |  | ||||||
|           name: gitea-unittests-act-runner |  | ||||||
|       - equal: |  | ||||||
|           path: spec.template.spec.containers[0].env[3] |  | ||||||
|           value: |  | ||||||
|             name: GITEA_RUNNER_REGISTRATION_TOKEN |  | ||||||
|             valueFrom: |  | ||||||
|               secretKeyRef: |  | ||||||
|                 name: "gitea-unittests-actions-token" |  | ||||||
|                 key: "token" |  | ||||||
|   - it: renders a StatefulSet (with correct GITEA_INSTANCE_URL env with default act-runner specific LOCAL_ROOT_URL) |  | ||||||
|     template: templates/gitea/act_runner/statefulset.yaml |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|         existingSecret: "my-secret" |  | ||||||
|         existingSecretKey: "my-secret-key" |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 1 |  | ||||||
|       - containsDocument: |  | ||||||
|           kind: StatefulSet |  | ||||||
|           apiVersion: apps/v1 |  | ||||||
|           name: gitea-unittests-act-runner |  | ||||||
|       - equal: |  | ||||||
|           path: spec.template.spec.containers[0].env[4] |  | ||||||
|           value: |  | ||||||
|             name: GITEA_INSTANCE_URL |  | ||||||
|             value: "http://gitea-unittests-http:3000" |  | ||||||
|   - it: renders a StatefulSet (with correct GITEA_INSTANCE_URL env from customized LOCAL_ROOT_URL) |  | ||||||
|     template: templates/gitea/act_runner/statefulset.yaml |  | ||||||
|     set: |  | ||||||
|       gitea.config.server.LOCAL_ROOT_URL: "http://git.example.com" |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|         existingSecret: "my-secret" |  | ||||||
|         existingSecretKey: "my-secret-key" |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 1 |  | ||||||
|       - containsDocument: |  | ||||||
|           kind: StatefulSet |  | ||||||
|           apiVersion: apps/v1 |  | ||||||
|           name: gitea-unittests-act-runner |  | ||||||
|       - equal: |  | ||||||
|           path: spec.template.spec.containers[0].env[4] |  | ||||||
|           value: |  | ||||||
|             name: GITEA_INSTANCE_URL |  | ||||||
|             value: "http://git.example.com" |  | ||||||
|   - it: allows adding custom environment variables to the docker-in-docker container |  | ||||||
|     template: templates/gitea/act_runner/statefulset.yaml |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|         statefulset: |  | ||||||
|           dind: |  | ||||||
|             extraEnvs: |  | ||||||
|               - name: "CUSTOM_ENV_NAME" |  | ||||||
|                 value: "custom env value" |  | ||||||
|     asserts: |  | ||||||
|       - equal: |  | ||||||
|           path: spec.template.spec.containers[1].env[3] |  | ||||||
|           value: |  | ||||||
|             name: "CUSTOM_ENV_NAME" |  | ||||||
|             value: "custom env value" |  | ||||||
							
								
								
									
										1
									
								
								unittests/bash/bats
									
									
									
									
									
										Submodule
									
								
							
							
								
								
								
								
								
							
						
						
									
										1
									
								
								unittests/bash/bats
									
									
									
									
									
										Submodule
									
								
							 Submodule unittests/bash/bats added at 855844b834
									
								
							
							
								
								
									
										1
									
								
								unittests/bash/test_helper/bats-assert
									
									
									
									
									
										Submodule
									
								
							
							
								
								
								
								
								
							
						
						
									
										1
									
								
								unittests/bash/test_helper/bats-assert
									
									
									
									
									
										Submodule
									
								
							 Submodule unittests/bash/test_helper/bats-assert added at 3be0fb7856
									
								
							
							
								
								
									
										1
									
								
								unittests/bash/test_helper/bats-mock
									
									
									
									
									
										Submodule
									
								
							
							
								
								
								
								
								
							
						
						
									
										1
									
								
								unittests/bash/test_helper/bats-mock
									
									
									
									
									
										Submodule
									
								
							 Submodule unittests/bash/test_helper/bats-mock added at 9d8aa349f1
									
								
							
							
								
								
									
										1
									
								
								unittests/bash/test_helper/bats-support
									
									
									
									
									
										Submodule
									
								
							
							
								
								
								
								
								
							
						
						
									
										1
									
								
								unittests/bash/test_helper/bats-support
									
									
									
									
									
										Submodule
									
								
							 Submodule unittests/bash/test_helper/bats-support added at 0954abb992
									
								
							
							
								
								
									
										7
									
								
								unittests/bash/test_helper/common-setup.bash
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								unittests/bash/test_helper/common-setup.bash
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | |||||||
|  | #!/usr/bin/env bash | ||||||
|  |  | ||||||
|  | function common_setup() { | ||||||
|  |   load "$TEST_ROOT/test_helper/bats-support/load" | ||||||
|  |   load "$TEST_ROOT/test_helper/bats-assert/load" | ||||||
|  |   load "$TEST_ROOT/test_helper/bats-mock/stub" | ||||||
|  | } | ||||||
| @@ -0,0 +1,204 @@ | |||||||
|  | #!/usr/bin/env bats | ||||||
|  |  | ||||||
|  | function setup() { | ||||||
|  |   PROJECT_ROOT="$(git rev-parse --show-toplevel)" | ||||||
|  |   TEST_ROOT="$PROJECT_ROOT/unittests/bash" | ||||||
|  |   load "$TEST_ROOT/test_helper/common-setup" | ||||||
|  |   common_setup | ||||||
|  |  | ||||||
|  |   export GITEA_APP_INI="$BATS_TEST_TMPDIR/app.ini" | ||||||
|  |   export TMP_EXISTING_ENVS_FILE="$BATS_TEST_TMPDIR/existing-envs" | ||||||
|  |   export ENV_TO_INI_MOUNT_POINT="$BATS_TEST_TMPDIR/env-to-ini-mounts" | ||||||
|  |  | ||||||
|  |   stub gitea \ | ||||||
|  |       "generate secret INTERNAL_TOKEN : echo 'mocked-internal-token'" \ | ||||||
|  |       "generate secret SECRET_KEY : echo 'mocked-secret-key'" \ | ||||||
|  |       "generate secret JWT_SECRET : echo 'mocked-jwt-secret'" \ | ||||||
|  |       "generate secret LFS_JWT_SECRET : echo 'mocked-lfs-jwt-secret'" | ||||||
|  | } | ||||||
|  |  | ||||||
|  | function teardown() { | ||||||
|  |   unstub gitea | ||||||
|  |   # This condition exists due to https://github.com/jasonkarns/bats-mock/pull/37 being still open | ||||||
|  |   if [ $ENV_TO_INI_EXPECTED -eq 1 ]; then | ||||||
|  |     unstub environment-to-ini | ||||||
|  |   fi | ||||||
|  | } | ||||||
|  |  | ||||||
|  | # This function exists due to https://github.com/jasonkarns/bats-mock/pull/37 being still open | ||||||
|  | function expect_environment_to_ini_call() { | ||||||
|  |   export ENV_TO_INI_EXPECTED=1 | ||||||
|  |   stub environment-to-ini \ | ||||||
|  |     "-o $GITEA_APP_INI : echo 'Stubbed environment-to-ini was called!'" | ||||||
|  | } | ||||||
|  |  | ||||||
|  | function execute_test_script() { | ||||||
|  |   currentEnvsBefore=$(env | sort) | ||||||
|  |   source $PROJECT_ROOT/scripts/init-containers/config/config_environment.sh | ||||||
|  |   local exitCode=$? | ||||||
|  |   currentEnvsAfter=$(env | sort) | ||||||
|  |  | ||||||
|  |   # diff as unified +/- output without context before/after | ||||||
|  |   diff --unified=0 <(echo "$currentEnvsBefore") <(echo "$currentEnvsAfter") | ||||||
|  |  | ||||||
|  |   exit $exitCode | ||||||
|  | } | ||||||
|  |  | ||||||
|  | function write_mounted_file() { | ||||||
|  |   # either "inlines" or "additionals" | ||||||
|  |   scope="${1}" | ||||||
|  |   file="${2}" | ||||||
|  |   content="${3}" | ||||||
|  |  | ||||||
|  |   mkdir -p "$ENV_TO_INI_MOUNT_POINT/$scope/..data/" | ||||||
|  |   echo "${content}" > "$ENV_TO_INI_MOUNT_POINT/$scope/..data/$file" | ||||||
|  |   ln -sf "$ENV_TO_INI_MOUNT_POINT/$scope/..data/$file" "$ENV_TO_INI_MOUNT_POINT/$scope/$file" | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @test "works as expected when nothing is configured" { | ||||||
|  |   expect_environment_to_ini_call | ||||||
|  |   run $PROJECT_ROOT/scripts/init-containers/config/config_environment.sh | ||||||
|  |  | ||||||
|  |   assert_success | ||||||
|  |   assert_line '...Initial secrets generated' | ||||||
|  |   assert_line 'Reloading preset envs...' | ||||||
|  |   assert_line '=== All configuration sources loaded ===' | ||||||
|  |   assert_line 'Stubbed environment-to-ini was called!' | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @test "exports initial secrets" { | ||||||
|  |   expect_environment_to_ini_call | ||||||
|  |   run execute_test_script | ||||||
|  |  | ||||||
|  |   assert_success | ||||||
|  |   assert_line '+GITEA__OAUTH2__JWT_SECRET=mocked-jwt-secret' | ||||||
|  |   assert_line '+GITEA__SECURITY__INTERNAL_TOKEN=mocked-internal-token' | ||||||
|  |   assert_line '+GITEA__SECURITY__SECRET_KEY=mocked-secret-key' | ||||||
|  |   assert_line '+GITEA__SERVER__LFS_JWT_SECRET=mocked-lfs-jwt-secret' | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @test "does NOT export initial secrets when app.ini already exists" { | ||||||
|  |   expect_environment_to_ini_call | ||||||
|  |   touch $GITEA_APP_INI | ||||||
|  |  | ||||||
|  |   run execute_test_script | ||||||
|  |  | ||||||
|  |   assert_success | ||||||
|  |   assert_line --partial 'An app.ini file already exists.' | ||||||
|  |   refute_line '+GITEA__OAUTH2__JWT_SECRET=mocked-jwt-secret' | ||||||
|  |   refute_line '+GITEA__SECURITY__INTERNAL_TOKEN=mocked-internal-token' | ||||||
|  |   refute_line '+GITEA__SECURITY__SECRET_KEY=mocked-secret-key' | ||||||
|  |   refute_line '+GITEA__SERVER__LFS_JWT_SECRET=mocked-lfs-jwt-secret' | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @test "ensures that preset environment variables take precedence over auto-generated ones" { | ||||||
|  |   expect_environment_to_ini_call | ||||||
|  |   export GITEA__OAUTH2__JWT_SECRET="pre-defined-jwt-secret" | ||||||
|  |  | ||||||
|  |   run execute_test_script | ||||||
|  |  | ||||||
|  |   assert_success | ||||||
|  |   refute_line '+GITEA__OAUTH2__JWT_SECRET=mocked-jwt-secret' | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @test "ensures that preset environment variables take precedence over mounted ones" { | ||||||
|  |   expect_environment_to_ini_call | ||||||
|  |   export GITEA__OAUTH2__JWT_SECRET="pre-defined-jwt-secret" | ||||||
|  |   write_mounted_file "inlines" "oauth2" "$(cat << EOF | ||||||
|  | JWT_SECRET=inline-jwt-secret | ||||||
|  | EOF | ||||||
|  | )" | ||||||
|  |  | ||||||
|  |   run execute_test_script | ||||||
|  |  | ||||||
|  |   assert_success | ||||||
|  |   refute_line '+GITEA__OAUTH2__JWT_SECRET=mocked-jwt-secret' | ||||||
|  |   refute_line '+GITEA__OAUTH2__JWT_SECRET=inline-jwt-secret' | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @test "ensures that additionals take precedence over inlines" { | ||||||
|  |   expect_environment_to_ini_call | ||||||
|  |   write_mounted_file "inlines" "oauth2" "$(cat << EOF | ||||||
|  | JWT_SECRET=inline-jwt-secret | ||||||
|  | EOF | ||||||
|  | )" | ||||||
|  |   write_mounted_file "additionals" "oauth2" "$(cat << EOF | ||||||
|  | JWT_SECRET=additional-jwt-secret | ||||||
|  | EOF | ||||||
|  | )" | ||||||
|  |  | ||||||
|  |   run execute_test_script | ||||||
|  |  | ||||||
|  |   assert_success | ||||||
|  |   refute_line '+GITEA__OAUTH2__JWT_SECRET=mocked-jwt-secret' | ||||||
|  |   refute_line '+GITEA__OAUTH2__JWT_SECRET=inline-jwt-secret' | ||||||
|  |   assert_line '+GITEA__OAUTH2__JWT_SECRET=additional-jwt-secret' | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @test "ensures that dotted/dashed sections are properly masked" { | ||||||
|  |   expect_environment_to_ini_call | ||||||
|  |   write_mounted_file "inlines" "repository.pull-request" "$(cat << EOF | ||||||
|  | WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP] | ||||||
|  | EOF | ||||||
|  | )" | ||||||
|  |  | ||||||
|  |   run execute_test_script | ||||||
|  |  | ||||||
|  |   assert_success | ||||||
|  |   assert_line '+GITEA__REPOSITORY_0X2E_PULL_0X2D_REQUEST__WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]' | ||||||
|  | } | ||||||
|  |  | ||||||
|  | ############################################################### | ||||||
|  | ##### THIS IS A BUG, BUT I WANT IT TO BE COVERED BY TESTS ##### | ||||||
|  | ############################################################### | ||||||
|  | @test "ensures uppercase section and setting names (🐞)" { | ||||||
|  |   expect_environment_to_ini_call | ||||||
|  |   export GITEA__oauth2__JwT_Secret="pre-defined-jwt-secret" | ||||||
|  |   write_mounted_file "inlines" "repository.pull-request" "$(cat << EOF | ||||||
|  | WORK_IN_progress_PREFIXES=WIP:,[WIP] | ||||||
|  | EOF | ||||||
|  | )" | ||||||
|  |  | ||||||
|  |   run execute_test_script | ||||||
|  |  | ||||||
|  |   assert_success | ||||||
|  |   assert_line '+GITEA__REPOSITORY_0X2E_PULL_0X2D_REQUEST__WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]' | ||||||
|  |   assert_line '+GITEA__OAUTH2__JWT_SECRET=pre-defined-jwt-secret' | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @test "treats top-level configuration as section-less" { | ||||||
|  |   expect_environment_to_ini_call | ||||||
|  |   write_mounted_file "inlines" "_generals_" "$(cat << EOF | ||||||
|  | APP_NAME=Hello top-level configuration | ||||||
|  | RUN_MODE=dev | ||||||
|  | EOF | ||||||
|  | )" | ||||||
|  |  | ||||||
|  |   run execute_test_script | ||||||
|  |  | ||||||
|  |   assert_success | ||||||
|  |   assert_line '+GITEA____APP_NAME=Hello top-level configuration' | ||||||
|  |   assert_line '+GITEA____RUN_MODE=dev' | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @test "fails on invalid setting" { | ||||||
|  |   write_mounted_file "inlines" "_generals_" "$(cat << EOF | ||||||
|  | some random invalid string | ||||||
|  | EOF | ||||||
|  | )" | ||||||
|  |  | ||||||
|  |   run execute_test_script | ||||||
|  |  | ||||||
|  |   assert_failure | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @test "treats empty setting name as invalid setting" { | ||||||
|  |   write_mounted_file "inlines" "_generals_" "$(cat << EOF | ||||||
|  | =value | ||||||
|  | EOF | ||||||
|  | )" | ||||||
|  |  | ||||||
|  |   run execute_test_script | ||||||
|  |  | ||||||
|  |   assert_failure | ||||||
|  | } | ||||||
| @@ -1,61 +0,0 @@ | |||||||
| suite: config template | actions config |  | ||||||
| release: |  | ||||||
|   name: gitea-unittests |  | ||||||
|   namespace: testing |  | ||||||
| templates: |  | ||||||
|   - templates/gitea/config.yaml |  | ||||||
| tests: |  | ||||||
|   - it: "actions are not enabled by default" |  | ||||||
|     template: templates/gitea/config.yaml |  | ||||||
|     asserts: |  | ||||||
|       - documentIndex: 0 |  | ||||||
|         equal: |  | ||||||
|           path: stringData.actions |  | ||||||
|           value: |- |  | ||||||
|             ENABLED=false |  | ||||||
|  |  | ||||||
|   - it: "actions can be enabled via inline config" |  | ||||||
|     template: templates/gitea/config.yaml |  | ||||||
|     set: |  | ||||||
|       gitea.config.actions.ENABLED: true |  | ||||||
|     asserts: |  | ||||||
|       - documentIndex: 0 |  | ||||||
|         equal: |  | ||||||
|           path: stringData.actions |  | ||||||
|           value: |- |  | ||||||
|             ENABLED=true |  | ||||||
|  |  | ||||||
|   - it: "actions can be enabled via dedicated values object" |  | ||||||
|     template: templates/gitea/config.yaml |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|     asserts: |  | ||||||
|       - documentIndex: 0 |  | ||||||
|         equal: |  | ||||||
|           path: stringData.actions |  | ||||||
|           value: |- |  | ||||||
|             ENABLED=true |  | ||||||
|  |  | ||||||
|   - it: "defines LOCAL_ROOT_URL when actions are enabled" |  | ||||||
|     template: templates/gitea/config.yaml |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|     asserts: |  | ||||||
|       - documentIndex: 0 |  | ||||||
|         matchRegex: |  | ||||||
|           path: stringData.server |  | ||||||
|           pattern: \nLOCAL_ROOT_URL=http://gitea-unittests-http:3000 |  | ||||||
|  |  | ||||||
|   - it: "respects custom LOCAL_ROOT_URL, even when actions are enabled" |  | ||||||
|     template: templates/gitea/config.yaml |  | ||||||
|     set: |  | ||||||
|       actions: |  | ||||||
|         enabled: true |  | ||||||
|       gitea.config.server.LOCAL_ROOT_URL: "http://git.example.com" |  | ||||||
|     asserts: |  | ||||||
|       - documentIndex: 0 |  | ||||||
|         matchRegex: |  | ||||||
|           path: stringData.server |  | ||||||
|           pattern: \nLOCAL_ROOT_URL=http://git.example.com |  | ||||||
| @@ -1,30 +0,0 @@ | |||||||
| suite: config template | database section (postgresql-ha) |  | ||||||
| release: |  | ||||||
|   name: gitea-unittests |  | ||||||
|   namespace: testing |  | ||||||
| tests: |  | ||||||
|   - it: connects to pgpool service |  | ||||||
|     template: templates/gitea/config.yaml |  | ||||||
|     set: |  | ||||||
|       postgresql: |  | ||||||
|         enabled: false |  | ||||||
|       postgresql-ha: |  | ||||||
|         enabled: true |  | ||||||
|     asserts: |  | ||||||
|       - documentIndex: 0 |  | ||||||
|         matchRegex: |  | ||||||
|           path: stringData.database |  | ||||||
|           pattern: HOST=gitea-unittests-postgresql-ha-pgpool.testing.svc.cluster.local:5432 |  | ||||||
|   - it: renders the referenced service |  | ||||||
|     template: charts/postgresql-ha/templates/pgpool/service.yaml |  | ||||||
|     set: |  | ||||||
|       postgresql: |  | ||||||
|         enabled: false |  | ||||||
|       postgresql-ha: |  | ||||||
|         enabled: true |  | ||||||
|     asserts: |  | ||||||
|       - containsDocument: |  | ||||||
|           kind: Service |  | ||||||
|           apiVersion: v1 |  | ||||||
|           name: gitea-unittests-postgresql-ha-pgpool |  | ||||||
|           namespace: testing |  | ||||||
| @@ -1,30 +0,0 @@ | |||||||
| suite: config template | database section (postgresql) |  | ||||||
| release: |  | ||||||
|   name: gitea-unittests |  | ||||||
|   namespace: testing |  | ||||||
| tests: |  | ||||||
|   - it: "connects to postgresql service" |  | ||||||
|     template: templates/gitea/config.yaml |  | ||||||
|     set: |  | ||||||
|       postgresql: |  | ||||||
|         enabled: true |  | ||||||
|       postgresql-ha: |  | ||||||
|         enabled: false |  | ||||||
|     asserts: |  | ||||||
|       - documentIndex: 0 |  | ||||||
|         matchRegex: |  | ||||||
|           path: stringData.database |  | ||||||
|           pattern: HOST=gitea-unittests-postgresql.testing.svc.cluster.local:5432 |  | ||||||
|   - it: "renders the referenced service" |  | ||||||
|     template: charts/postgresql/templates/primary/svc.yaml |  | ||||||
|     set: |  | ||||||
|       postgresql: |  | ||||||
|         enabled: true |  | ||||||
|       postgresql-ha: |  | ||||||
|         enabled: false |  | ||||||
|     asserts: |  | ||||||
|       - containsDocument: |  | ||||||
|           kind: Service |  | ||||||
|           apiVersion: v1 |  | ||||||
|           name: gitea-unittests-postgresql |  | ||||||
|           namespace: testing |  | ||||||
| @@ -1,31 +0,0 @@ | |||||||
| suite: deployment template (basic) |  | ||||||
| release: |  | ||||||
|   name: gitea-unittests |  | ||||||
|   namespace: testing |  | ||||||
| templates: |  | ||||||
|   - templates/gitea/deployment.yaml |  | ||||||
|   - templates/gitea/config.yaml |  | ||||||
| tests: |  | ||||||
|   - it: renders a deployment |  | ||||||
|     template: templates/gitea/deployment.yaml |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 1 |  | ||||||
|       - containsDocument: |  | ||||||
|           kind: Deployment |  | ||||||
|           apiVersion: apps/v1 |  | ||||||
|           name: gitea-unittests |  | ||||||
|   - it: deployment labels are set |  | ||||||
|     template: templates/gitea/deployment.yaml |  | ||||||
|     set: |  | ||||||
|       deployment.labels: |  | ||||||
|         hello: world |  | ||||||
|     asserts: |  | ||||||
|       - isSubset: |  | ||||||
|           path: metadata.labels |  | ||||||
|           content: |  | ||||||
|             hello: world |  | ||||||
|       - isSubset: |  | ||||||
|           path: spec.template.metadata.labels |  | ||||||
|           content: |  | ||||||
|             hello: world |  | ||||||
							
								
								
									
										12
									
								
								unittests/helm/check-actions-not-present.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								unittests/helm/check-actions-not-present.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,12 @@ | |||||||
|  | suite: Check if actions raises an error | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | tests: | ||||||
|  |   - it: fails when trying to configure actions due to removal | ||||||
|  |     set: | ||||||
|  |       actions: | ||||||
|  |         enabled: true | ||||||
|  |     asserts: | ||||||
|  |       - failedTemplate: | ||||||
|  |           errorMessage: The actions sub-chart has been outsourced to a dedicated chart available at https://gitea.com/gitea/helm-actions. For assistance with the migration process, check https://gitea.com/gitea/helm-actions/issues/9. | ||||||
							
								
								
									
										24
									
								
								unittests/helm/config/actions-config.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								unittests/helm/config/actions-config.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,24 @@ | |||||||
|  | suite: config template | actions config | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/config.yaml | ||||||
|  | tests: | ||||||
|  |   - it: "actions are enabled by default (based on vanilla Gitea behavior)" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         notExists: | ||||||
|  |           path: stringData.actions | ||||||
|  |  | ||||||
|  |   - it: "actions can be disabled via inline config" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       gitea.config.actions.ENABLED: false | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.actions | ||||||
|  |           value: |- | ||||||
|  |             ENABLED=false | ||||||
| @@ -3,12 +3,12 @@ release: | |||||||
|   name: gitea-unittests |   name: gitea-unittests | ||||||
|   namespace: testing |   namespace: testing | ||||||
| tests: | tests: | ||||||
|   - it: "cache is configured correctly for redis-cluster" |   - it: "cache is configured correctly for valkey-cluster" | ||||||
|     template: templates/gitea/config.yaml |     template: templates/gitea/config.yaml | ||||||
|     set: |     set: | ||||||
|       redis-cluster: |       valkey-cluster: | ||||||
|         enabled: true |         enabled: true | ||||||
|       redis: |       valkey: | ||||||
|         enabled: false |         enabled: false | ||||||
|     asserts: |     asserts: | ||||||
|       - documentIndex: 0 |       - documentIndex: 0 | ||||||
| @@ -16,14 +16,14 @@ tests: | |||||||
|           path: stringData.cache |           path: stringData.cache | ||||||
|           value: |- |           value: |- | ||||||
|             ADAPTER=redis |             ADAPTER=redis | ||||||
|             HOST=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& |             HOST=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||||
| 
 | 
 | ||||||
|   - it: "cache is configured correctly for redis" |   - it: "cache is configured correctly for valkey" | ||||||
|     template: templates/gitea/config.yaml |     template: templates/gitea/config.yaml | ||||||
|     set: |     set: | ||||||
|       redis-cluster: |       valkey-cluster: | ||||||
|         enabled: false |         enabled: false | ||||||
|       redis: |       valkey: | ||||||
|         enabled: true |         enabled: true | ||||||
|     asserts: |     asserts: | ||||||
|       - documentIndex: 0 |       - documentIndex: 0 | ||||||
| @@ -31,14 +31,14 @@ tests: | |||||||
|           path: stringData.cache |           path: stringData.cache | ||||||
|           value: |- |           value: |- | ||||||
|             ADAPTER=redis |             ADAPTER=redis | ||||||
|             HOST=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& |             HOST=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||||
| 
 | 
 | ||||||
|   - it: "cache is configured correctly for 'memory' when redis (or redis-cluster) is disabled" |   - it: "cache is configured correctly for 'memory' when valkey (or valkey-cluster) is disabled" | ||||||
|     template: templates/gitea/config.yaml |     template: templates/gitea/config.yaml | ||||||
|     set: |     set: | ||||||
|       redis-cluster: |       valkey-cluster: | ||||||
|         enabled: false |         enabled: false | ||||||
|       redis: |       valkey: | ||||||
|         enabled: false |         enabled: false | ||||||
|     asserts: |     asserts: | ||||||
|       - documentIndex: 0 |       - documentIndex: 0 | ||||||
| @@ -48,12 +48,12 @@ tests: | |||||||
|             ADAPTER=memory |             ADAPTER=memory | ||||||
|             HOST= |             HOST= | ||||||
| 
 | 
 | ||||||
|   - it: "cache can be customized when redis (or redis-cluster) is disabled" |   - it: "cache can be customized when valkey (or valkey-cluster) is disabled" | ||||||
|     template: templates/gitea/config.yaml |     template: templates/gitea/config.yaml | ||||||
|     set: |     set: | ||||||
|       redis-cluster: |       valkey-cluster: | ||||||
|         enabled: false |         enabled: false | ||||||
|       redis: |       valkey: | ||||||
|         enabled: false |         enabled: false | ||||||
|       gitea.config.cache.ADAPTER: custom-adapter |       gitea.config.cache.ADAPTER: custom-adapter | ||||||
|       gitea.config.cache.HOST: custom-host |       gitea.config.cache.HOST: custom-host | ||||||
							
								
								
									
										58
									
								
								unittests/helm/config/metrics-section_metrics-token.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										58
									
								
								unittests/helm/config/metrics-section_metrics-token.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,58 @@ | |||||||
|  | suite: config template | metrics section (metrics token) | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | tests: | ||||||
|  |   - it: metrics token is set | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       gitea: | ||||||
|  |         metrics: | ||||||
|  |           enabled: true | ||||||
|  |           token: "somepassword" | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.metrics | ||||||
|  |           value: |- | ||||||
|  |             ENABLED=true | ||||||
|  |             TOKEN=somepassword | ||||||
|  |   - it: metrics token is empty | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       gitea: | ||||||
|  |         metrics: | ||||||
|  |           enabled: true | ||||||
|  |           token: "" | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.metrics | ||||||
|  |           value: |- | ||||||
|  |             ENABLED=true | ||||||
|  |   - it: metrics token is nil | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       gitea: | ||||||
|  |         metrics: | ||||||
|  |           enabled: true | ||||||
|  |           token: | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.metrics | ||||||
|  |           value: |- | ||||||
|  |             ENABLED=true | ||||||
|  |   - it: does not configures a token if metrics are disabled | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       gitea: | ||||||
|  |         metrics: | ||||||
|  |           enabled: false | ||||||
|  |           token: "somepassword" | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.metrics | ||||||
|  |           value: |- | ||||||
|  |             ENABLED=false | ||||||
| @@ -3,42 +3,42 @@ release: | |||||||
|   name: gitea-unittests |   name: gitea-unittests | ||||||
|   namespace: testing |   namespace: testing | ||||||
| tests: | tests: | ||||||
|   - it: "queue is configured correctly for redis-cluster" |   - it: "queue is configured correctly for valkey-cluster" | ||||||
|     template: templates/gitea/config.yaml |     template: templates/gitea/config.yaml | ||||||
|     set: |     set: | ||||||
|       redis-cluster: |       valkey-cluster: | ||||||
|         enabled: true |         enabled: true | ||||||
|       redis: |       valkey: | ||||||
|         enabled: false |         enabled: false | ||||||
|     asserts: |     asserts: | ||||||
|       - documentIndex: 0 |       - documentIndex: 0 | ||||||
|         equal: |         equal: | ||||||
|           path: stringData.queue |           path: stringData.queue | ||||||
|           value: |- |           value: |- | ||||||
|             CONN_STR=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& |             CONN_STR=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||||
|             TYPE=redis |             TYPE=redis | ||||||
| 
 | 
 | ||||||
|   - it: "queue is configured correctly for redis" |   - it: "queue is configured correctly for valkey" | ||||||
|     template: templates/gitea/config.yaml |     template: templates/gitea/config.yaml | ||||||
|     set: |     set: | ||||||
|       redis-cluster: |       valkey-cluster: | ||||||
|         enabled: false |         enabled: false | ||||||
|       redis: |       valkey: | ||||||
|         enabled: true |         enabled: true | ||||||
|     asserts: |     asserts: | ||||||
|       - documentIndex: 0 |       - documentIndex: 0 | ||||||
|         equal: |         equal: | ||||||
|           path: stringData.queue |           path: stringData.queue | ||||||
|           value: |- |           value: |- | ||||||
|             CONN_STR=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& |             CONN_STR=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||||
|             TYPE=redis |             TYPE=redis | ||||||
| 
 | 
 | ||||||
|   - it: "queue is configured correctly for 'levelDB' when redis (and redis-cluster) is disabled" |   - it: "queue is configured correctly for 'levelDB' when valkey (and valkey-cluster) is disabled" | ||||||
|     template: templates/gitea/config.yaml |     template: templates/gitea/config.yaml | ||||||
|     set: |     set: | ||||||
|       redis-cluster: |       valkey-cluster: | ||||||
|         enabled: false |         enabled: false | ||||||
|       redis: |       valkey: | ||||||
|         enabled: false |         enabled: false | ||||||
|     asserts: |     asserts: | ||||||
|       - documentIndex: 0 |       - documentIndex: 0 | ||||||
| @@ -48,12 +48,12 @@ tests: | |||||||
|             CONN_STR= |             CONN_STR= | ||||||
|             TYPE=level |             TYPE=level | ||||||
| 
 | 
 | ||||||
|   - it: "queue can be customized when redis (and redis-cluster) are disabled" |   - it: "queue can be customized when valkey (and valkey-cluster) are disabled" | ||||||
|     template: templates/gitea/config.yaml |     template: templates/gitea/config.yaml | ||||||
|     set: |     set: | ||||||
|       redis-cluster: |       valkey-cluster: | ||||||
|         enabled: false |         enabled: false | ||||||
|       redis: |       valkey: | ||||||
|         enabled: false |         enabled: false | ||||||
|       gitea.config.queue.TYPE: custom-type |       gitea.config.queue.TYPE: custom-type | ||||||
|       gitea.config.queue.CONN_STR: custom-connection-string |       gitea.config.queue.CONN_STR: custom-connection-string | ||||||
| @@ -3,12 +3,12 @@ release: | |||||||
|   name: gitea-unittests |   name: gitea-unittests | ||||||
|   namespace: testing |   namespace: testing | ||||||
| tests: | tests: | ||||||
|   - it: "session is configured correctly for redis-cluster" |   - it: "session is configured correctly for valkey-cluster" | ||||||
|     template: templates/gitea/config.yaml |     template: templates/gitea/config.yaml | ||||||
|     set: |     set: | ||||||
|       redis-cluster: |       valkey-cluster: | ||||||
|         enabled: true |         enabled: true | ||||||
|       redis: |       valkey: | ||||||
|         enabled: false |         enabled: false | ||||||
|     asserts: |     asserts: | ||||||
|       - documentIndex: 0 |       - documentIndex: 0 | ||||||
| @@ -16,14 +16,14 @@ tests: | |||||||
|           path: stringData.session |           path: stringData.session | ||||||
|           value: |- |           value: |- | ||||||
|             PROVIDER=redis |             PROVIDER=redis | ||||||
|             PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& |             PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||||
| 
 | 
 | ||||||
|   - it: "session is configured correctly for redis" |   - it: "session is configured correctly for valkey" | ||||||
|     template: templates/gitea/config.yaml |     template: templates/gitea/config.yaml | ||||||
|     set: |     set: | ||||||
|       redis-cluster: |       valkey-cluster: | ||||||
|         enabled: false |         enabled: false | ||||||
|       redis: |       valkey: | ||||||
|         enabled: true |         enabled: true | ||||||
|     asserts: |     asserts: | ||||||
|       - documentIndex: 0 |       - documentIndex: 0 | ||||||
| @@ -31,14 +31,14 @@ tests: | |||||||
|           path: stringData.session |           path: stringData.session | ||||||
|           value: |- |           value: |- | ||||||
|             PROVIDER=redis |             PROVIDER=redis | ||||||
|             PROVIDER_CONFIG=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& |             PROVIDER_CONFIG=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||||
| 
 | 
 | ||||||
|   - it: "session is configured correctly for 'memory' when redis (and redis-cluster) is disabled" |   - it: "session is configured correctly for 'memory' when valkey (and valkey-cluster) is disabled" | ||||||
|     template: templates/gitea/config.yaml |     template: templates/gitea/config.yaml | ||||||
|     set: |     set: | ||||||
|       redis-cluster: |       valkey-cluster: | ||||||
|         enabled: false |         enabled: false | ||||||
|       redis: |       valkey: | ||||||
|         enabled: false |         enabled: false | ||||||
|     asserts: |     asserts: | ||||||
|       - documentIndex: 0 |       - documentIndex: 0 | ||||||
| @@ -48,12 +48,12 @@ tests: | |||||||
|             PROVIDER=memory |             PROVIDER=memory | ||||||
|             PROVIDER_CONFIG= |             PROVIDER_CONFIG= | ||||||
| 
 | 
 | ||||||
|   - it: "session can be customized when redis (and redis-cluster) is disabled" |   - it: "session can be customized when valkey (and valkey-cluster) is disabled" | ||||||
|     template: templates/gitea/config.yaml |     template: templates/gitea/config.yaml | ||||||
|     set: |     set: | ||||||
|       redis-cluster: |       valkey-cluster: | ||||||
|         enabled: false |         enabled: false | ||||||
|       redis: |       valkey: | ||||||
|         enabled: false |         enabled: false | ||||||
|       gitea.config.session.PROVIDER: custom-provider |       gitea.config.session.PROVIDER: custom-provider | ||||||
|       gitea.config.session.PROVIDER_CONFIG: custom-provider-config |       gitea.config.session.PROVIDER_CONFIG: custom-provider-config | ||||||
| @@ -0,0 +1,129 @@ | |||||||
|  | suite: Dependency checks | Customization integrity | postgresql-ha | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | set: | ||||||
|  |   postgresql: | ||||||
|  |     enabled: false | ||||||
|  |   postgresql-ha: | ||||||
|  |     enabled: true | ||||||
|  |     global: | ||||||
|  |       postgresql: | ||||||
|  |         database: gitea-database | ||||||
|  |         password: gitea-password | ||||||
|  |         username: gitea-username | ||||||
|  |     postgresql: | ||||||
|  |       repmgrPassword: custom-password-repmgr | ||||||
|  |       postgresPassword: custom-password-postgres | ||||||
|  |       password: custom-password-overwritten-by-global-postgresql-password | ||||||
|  |     pgpool: | ||||||
|  |       adminPassword: custom-password-pgpool | ||||||
|  |       srCheckPassword: custom-password-sr-check | ||||||
|  |     service: | ||||||
|  |       ports: | ||||||
|  |         postgresql: 1234 | ||||||
|  |     persistence: | ||||||
|  |       size: 1337Mi | ||||||
|  | tests: | ||||||
|  |   - it: "[postgresql-ha] DB settings are applied as expected" | ||||||
|  |     template: charts/postgresql-ha/templates/postgresql/statefulset.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         contains: | ||||||
|  |           path: spec.template.spec.containers[0].env | ||||||
|  |           content: | ||||||
|  |             name: POSTGRES_DB | ||||||
|  |             value: "gitea-database" | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         contains: | ||||||
|  |           path: spec.template.spec.containers[0].env | ||||||
|  |           content: | ||||||
|  |             name: POSTGRES_USER | ||||||
|  |             value: "gitea-username" | ||||||
|  |   - it: "[postgresql-ha] DB passwords are applied as expected" | ||||||
|  |     template: charts/postgresql-ha/templates/postgresql/secrets.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: data["repmgr-password"] | ||||||
|  |           value: "Y3VzdG9tLXBhc3N3b3JkLXJlcG1ncg==" | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: data["postgres-password"] | ||||||
|  |           value: "Y3VzdG9tLXBhc3N3b3JkLXBvc3RncmVz" | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: data["password"] | ||||||
|  |           value: "Z2l0ZWEtcGFzc3dvcmQ=" # postgresql-ha.postgresql.password is overwritten by postgresql-ha.global.postgresql.password and should not be referenced here | ||||||
|  |   - it: "[postgresql-ha] pgpool.adminPassword is applied as expected" | ||||||
|  |     template: charts/postgresql-ha/templates/pgpool/secrets.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: data["admin-password"] | ||||||
|  |           value: "Y3VzdG9tLXBhc3N3b3JkLXBncG9vbA==" | ||||||
|  |   - it: "[postgresql-ha] pgpool.adminPassword is applied as expected" | ||||||
|  |     template: charts/postgresql-ha/templates/pgpool/secrets.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: data["admin-password"] | ||||||
|  |           value: "Y3VzdG9tLXBhc3N3b3JkLXBncG9vbA==" | ||||||
|  |   - it: "[postgresql-ha] pgpool.adminPassword is applied as expected" | ||||||
|  |     template: charts/postgresql-ha/templates/pgpool/secrets.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: data["admin-password"] | ||||||
|  |           value: "Y3VzdG9tLXBhc3N3b3JkLXBncG9vbA==" | ||||||
|  |   - it: "[postgresql-ha] pgpool.srCheckPassword is applied as expected" | ||||||
|  |     template: charts/postgresql-ha/templates/pgpool/secrets.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: data["sr-check-password"] | ||||||
|  |           value: "Y3VzdG9tLXBhc3N3b3JkLXNyLWNoZWNr" | ||||||
|  |   - it: "[postgresql-ha] persistence.size is applied as expected" | ||||||
|  |     template: charts/postgresql-ha/templates/postgresql/statefulset.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: spec.volumeClaimTemplates[0].spec.resources.requests.storage | ||||||
|  |           value: "1337Mi" | ||||||
|  |   - it: "[postgresql-ha] service.ports.postgresql is applied as expected" | ||||||
|  |     template: charts/postgresql-ha/templates/pgpool/service.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: spec.ports[0].port | ||||||
|  |           value: 1234 | ||||||
|  |   - it: "[postgresql-ha] renders the referenced service" | ||||||
|  |     template: charts/postgresql-ha/templates/pgpool/service.yaml | ||||||
|  |     asserts: | ||||||
|  |       - containsDocument: | ||||||
|  |           kind: Service | ||||||
|  |           apiVersion: v1 | ||||||
|  |           name: gitea-unittests-postgresql-ha-pgpool | ||||||
|  |           namespace: testing | ||||||
|  |   - it: "[gitea] connects to pgpool service" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.database | ||||||
|  |           pattern: HOST=gitea-unittests-postgresql-ha-pgpool.testing.svc.cluster.local:1234 | ||||||
|  |   - it: "[gitea] connects to configured database" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.database | ||||||
|  |           pattern: NAME=gitea-database | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.database | ||||||
|  |           pattern: USER=gitea-username | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.database | ||||||
|  |           pattern: PASSWD=gitea-password | ||||||
| @@ -0,0 +1,88 @@ | |||||||
|  | suite: Dependency checks | Customization integrity | postgresql | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | set: | ||||||
|  |   postgresql-ha: | ||||||
|  |     enabled: false | ||||||
|  |   postgresql: | ||||||
|  |     enabled: true | ||||||
|  |     global: | ||||||
|  |       postgresql: | ||||||
|  |         auth: | ||||||
|  |           password: gitea-password | ||||||
|  |           database: gitea-database | ||||||
|  |           username: gitea-username | ||||||
|  |         service: | ||||||
|  |           ports: | ||||||
|  |             postgresql: 1234 | ||||||
|  |     primary: | ||||||
|  |       persistence: | ||||||
|  |         size: 1337Mi | ||||||
|  | tests: | ||||||
|  |   - it: "[postgresql] DB settings are applied as expected" | ||||||
|  |     template: charts/postgresql/templates/primary/statefulset.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         contains: | ||||||
|  |           path: spec.template.spec.containers[0].env | ||||||
|  |           content: | ||||||
|  |             name: POSTGRES_DATABASE | ||||||
|  |             value: "gitea-database" | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         contains: | ||||||
|  |           path: spec.template.spec.containers[0].env | ||||||
|  |           content: | ||||||
|  |             name: POSTGRES_USER | ||||||
|  |             value: "gitea-username" | ||||||
|  |   - it: "[postgresql] DB password is applied as expected" | ||||||
|  |     template: charts/postgresql/templates/secrets.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: data["password"] | ||||||
|  |           value: "Z2l0ZWEtcGFzc3dvcmQ=" | ||||||
|  |   - it: "[postgresql] primary.persistence.size is applied as expected" | ||||||
|  |     template: charts/postgresql/templates/primary/statefulset.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: spec.volumeClaimTemplates[0].spec.resources.requests.storage | ||||||
|  |           value: "1337Mi" | ||||||
|  |   - it: "[postgresql] global.postgresql.service.ports.postgresql is applied as expected" | ||||||
|  |     template: charts/postgresql/templates/primary/svc.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: spec.ports[0].port | ||||||
|  |           value: 1234 | ||||||
|  |   - it: "[postgresql] renders the referenced service" | ||||||
|  |     template: charts/postgresql/templates/primary/svc.yaml | ||||||
|  |     asserts: | ||||||
|  |       - containsDocument: | ||||||
|  |           kind: Service | ||||||
|  |           apiVersion: v1 | ||||||
|  |           name: gitea-unittests-postgresql | ||||||
|  |           namespace: testing | ||||||
|  |   - it: "[gitea] connects to postgresql service" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.database | ||||||
|  |           pattern: HOST=gitea-unittests-postgresql.testing.svc.cluster.local:1234 | ||||||
|  |   - it: "[gitea] connects to configured database" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.database | ||||||
|  |           pattern: NAME=gitea-database | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.database | ||||||
|  |           pattern: USER=gitea-username | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.database | ||||||
|  |           pattern: PASSWD=gitea-password | ||||||
| @@ -0,0 +1,90 @@ | |||||||
|  | suite: Dependency checks | Customization integrity | valkey-cluster | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | set: | ||||||
|  |   valkey: | ||||||
|  |     enabled: false | ||||||
|  |   valkey-cluster: | ||||||
|  |     enabled: true | ||||||
|  |     usePassword: false | ||||||
|  |     cluster: | ||||||
|  |       nodes: 5 | ||||||
|  |       replicas: 2 | ||||||
|  | tests: | ||||||
|  |   - it: "[valkey-cluster] configures correct nodes/replicas" | ||||||
|  |     template: charts/valkey-cluster/templates/valkey-statefulset.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: spec.replicas | ||||||
|  |           value: 5 | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: spec.template.spec.containers[0].args[0] | ||||||
|  |           pattern: VALKEY_CLUSTER_REPLICAS="2" | ||||||
|  |   - it: "[valkey-cluster] support auth-less connections" | ||||||
|  |     asserts: | ||||||
|  |       - template: charts/valkey-cluster/templates/secret.yaml | ||||||
|  |         hasDocuments: | ||||||
|  |           count: 0 | ||||||
|  |       - template: charts/valkey-cluster/templates/valkey-statefulset.yaml | ||||||
|  |         documentIndex: 0 | ||||||
|  |         contains: | ||||||
|  |           path: spec.template.spec.containers[0].env | ||||||
|  |           content: | ||||||
|  |             name: ALLOW_EMPTY_PASSWORD | ||||||
|  |             value: "yes" | ||||||
|  |   - it: "[valkey-cluster] support auth-full connections" | ||||||
|  |     set: | ||||||
|  |       valkey-cluster: | ||||||
|  |         usePassword: true | ||||||
|  |     asserts: | ||||||
|  |       - template: charts/valkey-cluster/templates/secret.yaml | ||||||
|  |         containsDocument: | ||||||
|  |           kind: Secret | ||||||
|  |           apiVersion: v1 | ||||||
|  |           name: gitea-unittests-valkey-cluster | ||||||
|  |           namespace: testing | ||||||
|  |       - template: charts/valkey-cluster/templates/valkey-statefulset.yaml | ||||||
|  |         documentIndex: 0 | ||||||
|  |         contains: | ||||||
|  |           path: spec.template.spec.containers[0].env | ||||||
|  |           content: | ||||||
|  |             name: REDISCLI_AUTH | ||||||
|  |             valueFrom: | ||||||
|  |               secretKeyRef: | ||||||
|  |                 name: gitea-unittests-valkey-cluster | ||||||
|  |                 key: valkey-password | ||||||
|  |       - template: charts/valkey-cluster/templates/valkey-statefulset.yaml | ||||||
|  |         documentIndex: 0 | ||||||
|  |         contains: | ||||||
|  |           path: spec.template.spec.containers[0].env | ||||||
|  |           content: | ||||||
|  |             name: REDISCLI_AUTH | ||||||
|  |             valueFrom: | ||||||
|  |               secretKeyRef: | ||||||
|  |                 name: gitea-unittests-valkey-cluster | ||||||
|  |                 key: valkey-password | ||||||
|  |   - it: "[valkey-cluster] renders the referenced service" | ||||||
|  |     template: charts/valkey-cluster/templates/headless-svc.yaml | ||||||
|  |     asserts: | ||||||
|  |       - containsDocument: | ||||||
|  |           kind: Service | ||||||
|  |           apiVersion: v1 | ||||||
|  |           name: gitea-unittests-valkey-cluster-headless | ||||||
|  |           namespace: testing | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         contains: | ||||||
|  |           path: spec.ports | ||||||
|  |           content: | ||||||
|  |             name: tcp-redis | ||||||
|  |             port: 6379 | ||||||
|  |             targetPort: tcp-redis | ||||||
|  |   - it: "[gitea] waits for valkey-cluster to be up and running" | ||||||
|  |     template: templates/gitea/init.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData["configure_gitea.sh"] | ||||||
|  |           pattern: nc -vz -w2 gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local 6379 | ||||||
| @@ -0,0 +1,52 @@ | |||||||
|  | suite: Dependency checks | Customization integrity | valkey | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | set: | ||||||
|  |   valkey-cluster: | ||||||
|  |     enabled: false | ||||||
|  |   valkey: | ||||||
|  |     enabled: true | ||||||
|  |     architecture: standalone | ||||||
|  |     global: | ||||||
|  |       valkey: | ||||||
|  |         password: gitea-password | ||||||
|  |     master: | ||||||
|  |       count: 2 | ||||||
|  | tests: | ||||||
|  |   - it: "[valkey] configures correct 'master' nodes" | ||||||
|  |     template: charts/valkey/templates/primary/application.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: spec.replicas | ||||||
|  |           value: 1 | ||||||
|  |   - it: "[valkey] valkey.global.valkey.password is applied as expected" | ||||||
|  |     template: charts/valkey/templates/secret.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: data["valkey-password"] | ||||||
|  |           value: "Z2l0ZWEtcGFzc3dvcmQ=" | ||||||
|  |   - it: "[valkey] renders the referenced service" | ||||||
|  |     template: charts/valkey/templates/headless-svc.yaml | ||||||
|  |     asserts: | ||||||
|  |       - containsDocument: | ||||||
|  |           kind: Service | ||||||
|  |           apiVersion: v1 | ||||||
|  |           name: gitea-unittests-valkey-headless | ||||||
|  |           namespace: testing | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         contains: | ||||||
|  |           path: spec.ports | ||||||
|  |           content: | ||||||
|  |             name: tcp-redis | ||||||
|  |             port: 6379 | ||||||
|  |             targetPort: redis | ||||||
|  |   - it: "[gitea] waits for valkey to be up and running" | ||||||
|  |     template: templates/gitea/init.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData["configure_gitea.sh"] | ||||||
|  |           pattern: nc -vz -w2 gitea-unittests-valkey-headless.testing.svc.cluster.local 6379 | ||||||
| @@ -1,4 +1,4 @@ | |||||||
| suite: Dependency update consistency | suite: Dependency checks | Major image bumps | ||||||
| release: | release: | ||||||
|   name: gitea-unittests |   name: gitea-unittests | ||||||
|   namespace: testing |   namespace: testing | ||||||
| @@ -15,7 +15,7 @@ tests: | |||||||
|         matchRegex: |         matchRegex: | ||||||
|           path: spec.template.spec.containers[0].image |           path: spec.template.spec.containers[0].image | ||||||
|           # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST |           # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST | ||||||
|           pattern: bitnami/postgresql-repmgr:16.+$ |           pattern: bitnamilegacy/postgresql-repmgr:17.+$ | ||||||
|   - it: "[postgresql] ensures we detect major image version upgrades" |   - it: "[postgresql] ensures we detect major image version upgrades" | ||||||
|     template: charts/postgresql/templates/primary/statefulset.yaml |     template: charts/postgresql/templates/primary/statefulset.yaml | ||||||
|     set: |     set: | ||||||
| @@ -28,30 +28,30 @@ tests: | |||||||
|         matchRegex: |         matchRegex: | ||||||
|           path: spec.template.spec.containers[0].image |           path: spec.template.spec.containers[0].image | ||||||
|           # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST |           # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST | ||||||
|           pattern: bitnami/postgresql:16.+$ |           pattern: bitnamilegacy/postgresql:17.+$ | ||||||
|   - it: "[redis-cluster] ensures we detect major image version upgrades" |   - it: "[valkey-cluster] ensures we detect major image version upgrades" | ||||||
|     template: charts/redis-cluster/templates/redis-statefulset.yaml |     template: charts/valkey-cluster/templates/valkey-statefulset.yaml | ||||||
|     set: |     set: | ||||||
|       redis-cluster: |       valkey-cluster: | ||||||
|         enabled: true |         enabled: true | ||||||
|       redis: |       valkey: | ||||||
|         enabled: false |         enabled: false | ||||||
|     asserts: |     asserts: | ||||||
|       - documentIndex: 0 |       - documentIndex: 0 | ||||||
|         matchRegex: |         matchRegex: | ||||||
|           path: spec.template.spec.containers[0].image |           path: spec.template.spec.containers[0].image | ||||||
|           # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST |           # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST | ||||||
|           pattern: bitnami/redis-cluster:7.+$ |           pattern: bitnamilegacy/valkey-cluster:8.+$ | ||||||
|   - it: "[redis] ensures we detect major image version upgrades" |   - it: "[valkey] ensures we detect major image version upgrades" | ||||||
|     template: charts/redis/templates/master/application.yaml |     template: charts/valkey/templates/primary/application.yaml | ||||||
|     set: |     set: | ||||||
|       redis-cluster: |       valkey-cluster: | ||||||
|         enabled: false |         enabled: false | ||||||
|       redis: |       valkey: | ||||||
|         enabled: true |         enabled: true | ||||||
|     asserts: |     asserts: | ||||||
|       - documentIndex: 0 |       - documentIndex: 0 | ||||||
|         matchRegex: |         matchRegex: | ||||||
|           path: spec.template.spec.containers[0].image |           path: spec.template.spec.containers[0].image | ||||||
|           # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST |           # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST | ||||||
|           pattern: bitnami/redis:7.+$ |           pattern: bitnamilegacy/valkey:8.+$ | ||||||
| @@ -20,14 +20,14 @@ tests: | |||||||
|               ENABLED: true |               ENABLED: true | ||||||
|     asserts: |     asserts: | ||||||
|       - failedTemplate: |       - failedTemplate: | ||||||
|           errorMessage: "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." |           errorMessage: "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'gitea.config.cron.GIT_GC_REPOS.enabled = false'." | ||||||
|   - it: fails with multiple replicas and RWX file system not set |   - it: fails with multiple replicas and RWX file system not set | ||||||
|     template: templates/gitea/deployment.yaml |     template: templates/gitea/deployment.yaml | ||||||
|     set: |     set: | ||||||
|       replicaCount: 2 |       replicaCount: 2 | ||||||
|     asserts: |     asserts: | ||||||
|       - failedTemplate: |       - failedTemplate: | ||||||
|           errorMessage: "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." |           errorMessage: "When using multiple replicas, a RWX file system is required and persistence.accessModes[0] must be set to ReadWriteMany." | ||||||
|   - it: fails with multiple replicas and bleve issue indexer |   - it: fails with multiple replicas and bleve issue indexer | ||||||
|     template: templates/gitea/deployment.yaml |     template: templates/gitea/deployment.yaml | ||||||
|     set: |     set: | ||||||
							
								
								
									
										95
									
								
								unittests/helm/deployment/basic.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										95
									
								
								unittests/helm/deployment/basic.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,95 @@ | |||||||
|  | suite: deployment template (basic) | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/deployment.yaml | ||||||
|  |   - templates/gitea/config.yaml | ||||||
|  | tests: | ||||||
|  |   - it: renders a deployment | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - containsDocument: | ||||||
|  |           kind: Deployment | ||||||
|  |           apiVersion: apps/v1 | ||||||
|  |           name: gitea-unittests | ||||||
|  |   - it: deployment labels are set | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       deployment.labels: | ||||||
|  |         hello: world | ||||||
|  |     asserts: | ||||||
|  |       - isSubset: | ||||||
|  |           path: metadata.labels | ||||||
|  |           content: | ||||||
|  |             hello: world | ||||||
|  |       - isSubset: | ||||||
|  |           path: spec.template.metadata.labels | ||||||
|  |           content: | ||||||
|  |             hello: world | ||||||
|  |   - it: "injects TMP_EXISTING_ENVS_FILE as environment variable to 'init-app-ini' init container" | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     asserts: | ||||||
|  |       - contains: | ||||||
|  |           path: spec.template.spec.initContainers[1].env | ||||||
|  |           content: | ||||||
|  |             name: TMP_EXISTING_ENVS_FILE | ||||||
|  |             value: /tmp/existing-envs | ||||||
|  |   - it: "injects ENV_TO_INI_MOUNT_POINT as environment variable to 'init-app-ini' init container" | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     asserts: | ||||||
|  |       - contains: | ||||||
|  |           path: spec.template.spec.initContainers[1].env | ||||||
|  |           content: | ||||||
|  |             name: ENV_TO_INI_MOUNT_POINT | ||||||
|  |             value: /env-to-ini-mounts | ||||||
|  |   - it: CPU resources are defined as well as GOMAXPROCS | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       resources: | ||||||
|  |         limits: | ||||||
|  |           cpu: 200ms | ||||||
|  |           memory: 200Mi | ||||||
|  |         requests: | ||||||
|  |           cpu: 100ms | ||||||
|  |           memory: 100Mi | ||||||
|  |     asserts: | ||||||
|  |       - contains: | ||||||
|  |           path: spec.template.spec.containers[0].env | ||||||
|  |           content: | ||||||
|  |             name: GOMAXPROCS | ||||||
|  |             valueFrom: | ||||||
|  |               resourceFieldRef: | ||||||
|  |                 divisor: "1" | ||||||
|  |                 resource: limits.cpu | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.containers[0].resources | ||||||
|  |           value: | ||||||
|  |             limits: | ||||||
|  |               cpu: 200ms | ||||||
|  |               memory: 200Mi | ||||||
|  |             requests: | ||||||
|  |               cpu: 100ms | ||||||
|  |               memory: 100Mi | ||||||
|  |   - it: Init containers have correct volumeMount path | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       initContainersScriptsVolumeMountPath: "/custom/init/path" | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="init")].mountPath | ||||||
|  |           value: "/custom/init/path" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="config")].mountPath | ||||||
|  |           value: "/custom/init/path" | ||||||
|  |   - it: Init containers have correct volumeMount path if there is no override | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="init")].mountPath | ||||||
|  |           value: "/usr/sbinx" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="config")].mountPath | ||||||
|  |           value: "/usr/sbinx" | ||||||
							
								
								
									
										150
									
								
								unittests/helm/deployment/deployment-additional-config.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										150
									
								
								unittests/helm/deployment/deployment-additional-config.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,150 @@ | |||||||
|  | suite: deployment template | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/deployment.yaml | ||||||
|  |   - templates/gitea/config.yaml | ||||||
|  | tests: | ||||||
|  |   - it: Renders a deployment | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - containsDocument: | ||||||
|  |           kind: Deployment | ||||||
|  |           apiVersion: apps/v1 | ||||||
|  |           name: gitea-unittests | ||||||
|  |   - it: Deployment with empty additionalConfigFromEnvs | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       gitea.additionalConfigFromEnvs: [] | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - exists: | ||||||
|  |           path: spec.template.spec.initContainers[1].env | ||||||
|  |       - lengthEqual: | ||||||
|  |           path: spec.template.spec.initContainers[1].env | ||||||
|  |           count: 6 | ||||||
|  |       - isSubset: | ||||||
|  |           path: spec.template.spec.initContainers[1] | ||||||
|  |           content: | ||||||
|  |             env: | ||||||
|  |               - name: GITEA_APP_INI | ||||||
|  |                 value: /data/gitea/conf/app.ini | ||||||
|  |               - name: GITEA_CUSTOM | ||||||
|  |                 value: /data/gitea | ||||||
|  |               - name: GITEA_WORK_DIR | ||||||
|  |                 value: /data | ||||||
|  |               - name: GITEA_TEMP | ||||||
|  |                 value: /tmp/gitea | ||||||
|  |               - name: TMP_EXISTING_ENVS_FILE | ||||||
|  |                 value: /tmp/existing-envs | ||||||
|  |               - name: ENV_TO_INI_MOUNT_POINT | ||||||
|  |                 value: /env-to-ini-mounts | ||||||
|  |   - it: Deployment with standard additionalConfigFromEnvs | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       gitea.additionalConfigFromEnvs: [{name: GITEA_database_HOST, value: my-db:123}, {name: GITEA_database_USER, value: my-user}] | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - exists: | ||||||
|  |           path: spec.template.spec.initContainers[1].env | ||||||
|  |       - lengthEqual: | ||||||
|  |           path: spec.template.spec.initContainers[1].env | ||||||
|  |           count: 8 | ||||||
|  |       - isSubset: | ||||||
|  |           path: spec.template.spec.initContainers[1] | ||||||
|  |           content: | ||||||
|  |             env: | ||||||
|  |               - name: GITEA_APP_INI | ||||||
|  |                 value: /data/gitea/conf/app.ini | ||||||
|  |               - name: GITEA_CUSTOM | ||||||
|  |                 value: /data/gitea | ||||||
|  |               - name: GITEA_WORK_DIR | ||||||
|  |                 value: /data | ||||||
|  |               - name: GITEA_TEMP | ||||||
|  |                 value: /tmp/gitea | ||||||
|  |               - name: TMP_EXISTING_ENVS_FILE | ||||||
|  |                 value: /tmp/existing-envs | ||||||
|  |               - name: ENV_TO_INI_MOUNT_POINT | ||||||
|  |                 value: /env-to-ini-mounts | ||||||
|  |               - name: GITEA_database_HOST | ||||||
|  |                 value: my-db:123 | ||||||
|  |               - name: GITEA_database_USER | ||||||
|  |                 value: my-user | ||||||
|  |   - it: Deployment with templated additionalConfigFromEnvs | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       gitea.misc.host: my-db-host:321 | ||||||
|  |       gitea.misc.user: my-db-user | ||||||
|  |       gitea.additionalConfigFromEnvs: [{name: GITEA_database_HOST, value: "{{ .Values.gitea.misc.host }}"}, {name: GITEA_database_USER, value: "{{ .Values.gitea.misc.user }}"}] | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - exists: | ||||||
|  |           path: spec.template.spec.initContainers[1].env | ||||||
|  |       - lengthEqual: | ||||||
|  |           path: spec.template.spec.initContainers[1].env | ||||||
|  |           count: 8 | ||||||
|  |       - isSubset: | ||||||
|  |           path: spec.template.spec.initContainers[1] | ||||||
|  |           content: | ||||||
|  |             env: | ||||||
|  |               - name: GITEA_APP_INI | ||||||
|  |                 value: /data/gitea/conf/app.ini | ||||||
|  |               - name: GITEA_CUSTOM | ||||||
|  |                 value: /data/gitea | ||||||
|  |               - name: GITEA_WORK_DIR | ||||||
|  |                 value: /data | ||||||
|  |               - name: GITEA_TEMP | ||||||
|  |                 value: /tmp/gitea | ||||||
|  |               - name: TMP_EXISTING_ENVS_FILE | ||||||
|  |                 value: /tmp/existing-envs | ||||||
|  |               - name: ENV_TO_INI_MOUNT_POINT | ||||||
|  |                 value: /env-to-ini-mounts | ||||||
|  |               - name: GITEA_database_HOST | ||||||
|  |                 value: my-db-host:321 | ||||||
|  |               - name: GITEA_database_USER | ||||||
|  |                 value: my-db-user | ||||||
|  |   - it: Deployment with additionalConfigFromEnvs templated secret name | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       gitea.misc.existingSecret: my-db-secret | ||||||
|  |       gitea.additionalConfigFromEnvs[0]: | ||||||
|  |         name: GITEA_database_HOST | ||||||
|  |         valueFrom: | ||||||
|  |           secretKeyRef: | ||||||
|  |             name: "{{ .Values.gitea.misc.existingSecret }}" | ||||||
|  |             key: password | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - exists: | ||||||
|  |           path: spec.template.spec.initContainers[1].env | ||||||
|  |       - lengthEqual: | ||||||
|  |           path: spec.template.spec.initContainers[1].env | ||||||
|  |           count: 7 | ||||||
|  |       - isSubset: | ||||||
|  |           path: spec.template.spec.initContainers[1] | ||||||
|  |           content: | ||||||
|  |             env: | ||||||
|  |               - name: GITEA_APP_INI | ||||||
|  |                 value: /data/gitea/conf/app.ini | ||||||
|  |               - name: GITEA_CUSTOM | ||||||
|  |                 value: /data/gitea | ||||||
|  |               - name: GITEA_WORK_DIR | ||||||
|  |                 value: /data | ||||||
|  |               - name: GITEA_TEMP | ||||||
|  |                 value: /tmp/gitea | ||||||
|  |               - name: TMP_EXISTING_ENVS_FILE | ||||||
|  |                 value: /tmp/existing-envs | ||||||
|  |               - name: ENV_TO_INI_MOUNT_POINT | ||||||
|  |                 value: /env-to-ini-mounts | ||||||
|  |               - name: GITEA_database_HOST | ||||||
|  |                 valueFrom: | ||||||
|  |                   secretKeyRef: | ||||||
|  |                     name: "my-db-secret" | ||||||
|  |                     key: password | ||||||
							
								
								
									
										59
									
								
								unittests/helm/deployment/extraInitContainers.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										59
									
								
								unittests/helm/deployment/extraInitContainers.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,59 @@ | |||||||
|  | suite: deployment template | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/deployment.yaml | ||||||
|  |   - templates/gitea/config.yaml | ||||||
|  | tests: | ||||||
|  |   - it: Render the deployment (default) | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |         template: templates/gitea/deployment.yaml | ||||||
|  |       - lengthEqual: | ||||||
|  |           path: spec.template.spec.initContainers | ||||||
|  |           count: 3 | ||||||
|  |         template: templates/gitea/deployment.yaml | ||||||
|  |  | ||||||
|  |   - it: Render the deployment (signing) | ||||||
|  |     set: | ||||||
|  |       signing.enabled: true | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |         template: templates/gitea/deployment.yaml | ||||||
|  |       - lengthEqual: | ||||||
|  |           path: spec.template.spec.initContainers | ||||||
|  |           count: 4 | ||||||
|  |         template: templates/gitea/deployment.yaml | ||||||
|  |  | ||||||
|  |   - it: Render the deployment (extraInitContainers) | ||||||
|  |     set: | ||||||
|  |       postExtraInitContainers: | ||||||
|  |         - name: foo | ||||||
|  |           image: docker.io/library/busybox:latest | ||||||
|  |       preExtraInitContainers: | ||||||
|  |         - name: bar | ||||||
|  |           image: docker.io/library/busybox:latest | ||||||
|  |       signing.enabled: true | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |         template: templates/gitea/deployment.yaml | ||||||
|  |       - lengthEqual: | ||||||
|  |           path: spec.template.spec.initContainers | ||||||
|  |           count: 6 | ||||||
|  |         template: templates/gitea/deployment.yaml | ||||||
|  |       - contains: | ||||||
|  |           path: spec.template.spec.initContainers | ||||||
|  |           content: | ||||||
|  |             name: foo | ||||||
|  |             image: docker.io/library/busybox:latest | ||||||
|  |         template: templates/gitea/deployment.yaml | ||||||
|  |       - contains: | ||||||
|  |           path: spec.template.spec.initContainers | ||||||
|  |           content: | ||||||
|  |             name: bar | ||||||
|  |             image: docker.io/library/busybox:latest | ||||||
|  |         template: templates/gitea/deployment.yaml | ||||||
| @@ -14,7 +14,7 @@ tests: | |||||||
|     asserts: |     asserts: | ||||||
|       - equal: |       - equal: | ||||||
|           path: spec.template.spec.containers[0].image |           path: spec.template.spec.containers[0].image | ||||||
|           value: "gitea/gitea:1.19.3-rootless" |           value: "docker.gitea.com/gitea:1.19.3-rootless" | ||||||
|   - it: tag override |   - it: tag override | ||||||
|     template: templates/gitea/deployment.yaml |     template: templates/gitea/deployment.yaml | ||||||
|     set: |     set: | ||||||
| @@ -22,7 +22,7 @@ tests: | |||||||
|     asserts: |     asserts: | ||||||
|       - equal: |       - equal: | ||||||
|           path: spec.template.spec.containers[0].image |           path: spec.template.spec.containers[0].image | ||||||
|           value: "gitea/gitea:1.19.4-rootless" |           value: "docker.gitea.com/gitea:1.19.4-rootless" | ||||||
|   - it: root-based image |   - it: root-based image | ||||||
|     template: templates/gitea/deployment.yaml |     template: templates/gitea/deployment.yaml | ||||||
|     set: |     set: | ||||||
| @@ -30,7 +30,7 @@ tests: | |||||||
|     asserts: |     asserts: | ||||||
|       - equal: |       - equal: | ||||||
|           path: spec.template.spec.containers[0].image |           path: spec.template.spec.containers[0].image | ||||||
|           value: "gitea/gitea:1.19.3" |           value: "docker.gitea.com/gitea:1.19.3" | ||||||
|   - it: scoped registry |   - it: scoped registry | ||||||
|     template: templates/gitea/deployment.yaml |     template: templates/gitea/deployment.yaml | ||||||
|     set: |     set: | ||||||
| @@ -38,7 +38,7 @@ tests: | |||||||
|     asserts: |     asserts: | ||||||
|       - equal: |       - equal: | ||||||
|           path: spec.template.spec.containers[0].image |           path: spec.template.spec.containers[0].image | ||||||
|           value: "example.com/gitea/gitea:1.19.3-rootless" |           value: "example.com/gitea:1.19.3-rootless" | ||||||
|   - it: global registry |   - it: global registry | ||||||
|     template: templates/gitea/deployment.yaml |     template: templates/gitea/deployment.yaml | ||||||
|     set: |     set: | ||||||
| @@ -46,7 +46,7 @@ tests: | |||||||
|     asserts: |     asserts: | ||||||
|       - equal: |       - equal: | ||||||
|           path: spec.template.spec.containers[0].image |           path: spec.template.spec.containers[0].image | ||||||
|           value: "global.example.com/gitea/gitea:1.19.3-rootless" |           value: "global.example.com/gitea:1.19.3-rootless" | ||||||
|   - it: digest for rootless image |   - it: digest for rootless image | ||||||
|     template: templates/gitea/deployment.yaml |     template: templates/gitea/deployment.yaml | ||||||
|     set: |     set: | ||||||
| @@ -56,12 +56,12 @@ tests: | |||||||
|     asserts: |     asserts: | ||||||
|       - equal: |       - equal: | ||||||
|           path: spec.template.spec.containers[0].image |           path: spec.template.spec.containers[0].image | ||||||
|           value: "gitea/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" |           value: "docker.gitea.com/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" | ||||||
|   - it: image fullOverride (does not append rootless) |   - it: image fullOverride (does not append rootless) | ||||||
|     template: templates/gitea/deployment.yaml |     template: templates/gitea/deployment.yaml | ||||||
|     set: |     set: | ||||||
|       image: |       image: | ||||||
|         fullOverride: gitea/gitea:1.19.3 |         fullOverride: docker.gitea.com/gitea:1.19.3 | ||||||
|         # setting rootless, registry, repository, tag, and digest to prove that override works |         # setting rootless, registry, repository, tag, and digest to prove that override works | ||||||
|         rootless: true |         rootless: true | ||||||
|         registry: example.com |         registry: example.com | ||||||
| @@ -71,7 +71,7 @@ tests: | |||||||
|     asserts: |     asserts: | ||||||
|       - equal: |       - equal: | ||||||
|           path: spec.template.spec.containers[0].image |           path: spec.template.spec.containers[0].image | ||||||
|           value: "gitea/gitea:1.19.3" |           value: "docker.gitea.com/gitea:1.19.3" | ||||||
|   - it: digest for root-based image |   - it: digest for root-based image | ||||||
|     template: templates/gitea/deployment.yaml |     template: templates/gitea/deployment.yaml | ||||||
|     set: |     set: | ||||||
| @@ -81,7 +81,7 @@ tests: | |||||||
|     asserts: |     asserts: | ||||||
|       - equal: |       - equal: | ||||||
|           path: spec.template.spec.containers[0].image |           path: spec.template.spec.containers[0].image | ||||||
|           value: "gitea/gitea:1.19.3@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" |           value: "docker.gitea.com/gitea:1.19.3@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" | ||||||
|   - it: digest and global registry |   - it: digest and global registry | ||||||
|     template: templates/gitea/deployment.yaml |     template: templates/gitea/deployment.yaml | ||||||
|     set: |     set: | ||||||
| @@ -90,21 +90,21 @@ tests: | |||||||
|     asserts: |     asserts: | ||||||
|       - equal: |       - equal: | ||||||
|           path: spec.template.spec.containers[0].image |           path: spec.template.spec.containers[0].image | ||||||
|           value: "global.example.com/gitea/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" |           value: "global.example.com/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" | ||||||
|   - it: correctly renders floating tag references |   - it: correctly renders floating tag references | ||||||
|     template: templates/gitea/deployment.yaml |     template: templates/gitea/deployment.yaml | ||||||
|     set: |     set: | ||||||
|       image.tag: 1.21 # use non-quoted value on purpose. See: https://gitea.com/gitea/helm-chart/issues/631 |       image.tag: 1.21 # use non-quoted value on purpose. See: https://gitea.com/gitea/helm-gitea/issues/631 | ||||||
|     asserts: |     asserts: | ||||||
|       - equal: |       - equal: | ||||||
|           path: spec.template.spec.initContainers[0].image |           path: spec.template.spec.initContainers[0].image | ||||||
|           value: "gitea/gitea:1.21-rootless" |           value: "docker.gitea.com/gitea:1.21-rootless" | ||||||
|       - equal: |       - equal: | ||||||
|           path: spec.template.spec.initContainers[1].image |           path: spec.template.spec.initContainers[1].image | ||||||
|           value: "gitea/gitea:1.21-rootless" |           value: "docker.gitea.com/gitea:1.21-rootless" | ||||||
|       - equal: |       - equal: | ||||||
|           path: spec.template.spec.initContainers[2].image |           path: spec.template.spec.initContainers[2].image | ||||||
|           value: "gitea/gitea:1.21-rootless" |           value: "docker.gitea.com/gitea:1.21-rootless" | ||||||
|       - equal: |       - equal: | ||||||
|           path: spec.template.spec.containers[0].image |           path: spec.template.spec.containers[0].image | ||||||
|           value: "gitea/gitea:1.21-rootless" |           value: "docker.gitea.com/gitea:1.21-rootless" | ||||||
| @@ -1,28 +1,7 @@ | |||||||
| suite: ingress template | suite: Test ingress tpl use | ||||||
| release: |  | ||||||
|   name: gitea-unittests |  | ||||||
|   namespace: testing |  | ||||||
| templates: | templates: | ||||||
|   - templates/gitea/ingress.yaml |   - templates/gitea/ingress.yaml | ||||||
| tests: | tests: | ||||||
|   - it: hostname using TPL |  | ||||||
|     set: |  | ||||||
|       global.giteaHostName: "gitea.example.com" |  | ||||||
|       ingress.enabled: true |  | ||||||
|       ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}" |  | ||||||
|       ingress.tls: |  | ||||||
|         - secretName: gitea-tls |  | ||||||
|           hosts: |  | ||||||
|             - "{{ .Values.global.giteaHostName }}" |  | ||||||
|     asserts: |  | ||||||
|       - isKind: |  | ||||||
|           of: Ingress |  | ||||||
|       - equal: |  | ||||||
|           path: spec.tls[0].hosts[0] |  | ||||||
|           value: "gitea.example.com" |  | ||||||
|       - equal: |  | ||||||
|           path: spec.rules[0].host |  | ||||||
|           value: "gitea.example.com" |  | ||||||
|   - it: Ingress Class using TPL |   - it: Ingress Class using TPL | ||||||
|     set: |     set: | ||||||
|       global.ingress.className: "ingress-class" |       global.ingress.className: "ingress-class" | ||||||
| @@ -45,3 +24,22 @@ tests: | |||||||
|       - equal: |       - equal: | ||||||
|           path: spec.ingressClassName |           path: spec.ingressClassName | ||||||
|           value: "ingress-class" |           value: "ingress-class" | ||||||
|  | 
 | ||||||
|  |   - it: hostname using TPL | ||||||
|  |     set: | ||||||
|  |       global.giteaHostName: "gitea.example.com" | ||||||
|  |       ingress.enabled: true | ||||||
|  |       ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}" | ||||||
|  |       ingress.tls: | ||||||
|  |         - secretName: gitea-tls | ||||||
|  |           hosts: | ||||||
|  |             - "{{ .Values.global.giteaHostName }}" | ||||||
|  |     asserts: | ||||||
|  |       - isKind: | ||||||
|  |           of: Ingress | ||||||
|  |       - equal: | ||||||
|  |           path: spec.tls[0].hosts[0] | ||||||
|  |           value: "gitea.example.com" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].host | ||||||
|  |           value: "gitea.example.com" | ||||||
| @@ -18,7 +18,7 @@ tests: | |||||||
|           value: configure-gpg |           value: configure-gpg | ||||||
|       - equal: |       - equal: | ||||||
|           path: spec.template.spec.initContainers[2].command |           path: spec.template.spec.initContainers[2].command | ||||||
|           value: ["/usr/sbin/configure_gpg_environment.sh"] |           value: ["/usr/sbinx/configure_gpg_environment.sh"] | ||||||
|       - equal: |       - equal: | ||||||
|           path: spec.template.spec.initContainers[2].securityContext |           path: spec.template.spec.initContainers[2].securityContext | ||||||
|           value: |           value: | ||||||
| @@ -28,11 +28,13 @@ tests: | |||||||
|           value: |           value: | ||||||
|             - name: GNUPGHOME |             - name: GNUPGHOME | ||||||
|               value: /data/git/.gnupg |               value: /data/git/.gnupg | ||||||
|  |             - name: TMP_RAW_GPG_KEY | ||||||
|  |               value: /raw/private.asc | ||||||
|       - equal: |       - equal: | ||||||
|           path: spec.template.spec.initContainers[2].volumeMounts |           path: spec.template.spec.initContainers[2].volumeMounts | ||||||
|           value: |           value: | ||||||
|             - name: init |             - name: init | ||||||
|               mountPath: /usr/sbin |               mountPath: /usr/sbinx | ||||||
|             - name: data |             - name: data | ||||||
|               mountPath: /data |               mountPath: /data | ||||||
|             - name: gpg-private-key |             - name: gpg-private-key | ||||||
| @@ -30,7 +30,7 @@ tests: | |||||||
|   - it: supports overriding SSH log level (even when image.fullOverride set) |   - it: supports overriding SSH log level (even when image.fullOverride set) | ||||||
|     template: templates/gitea/deployment.yaml |     template: templates/gitea/deployment.yaml | ||||||
|     set: |     set: | ||||||
|       image.fullOverride: gitea/gitea:1.19.3 |       image.fullOverride: docker.gitea.com/gitea:1.19.3 | ||||||
|       image.rootless: false |       image.rootless: false | ||||||
|       gitea.ssh.logLevel: "DEBUG" |       gitea.ssh.logLevel: "DEBUG" | ||||||
|     asserts: |     asserts: | ||||||
| @@ -53,7 +53,7 @@ tests: | |||||||
|   - it: skips SSH_LOG_LEVEL for rootless image (even when image.fullOverride set) |   - it: skips SSH_LOG_LEVEL for rootless image (even when image.fullOverride set) | ||||||
|     template: templates/gitea/deployment.yaml |     template: templates/gitea/deployment.yaml | ||||||
|     set: |     set: | ||||||
|       image.fullOverride: gitea/gitea:1.19.3 |       image.fullOverride: docker.gitea.com/gitea:1.19.3 | ||||||
|       image.rootless: true |       image.rootless: true | ||||||
|       gitea.ssh.logLevel: "DEBUG" # explicitly defining a non-standard level here |       gitea.ssh.logLevel: "DEBUG" # explicitly defining a non-standard level here | ||||||
|     asserts: |     asserts: | ||||||
							
								
								
									
										93
									
								
								unittests/helm/ingress/basic.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										93
									
								
								unittests/helm/ingress/basic.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,93 @@ | |||||||
|  | suite: Test ingress.yaml | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/ingress.yaml | ||||||
|  | tests: | ||||||
|  |   - it: should enable ingress when ingress.enabled is true | ||||||
|  |     set: | ||||||
|  |       ingress.enabled: true | ||||||
|  |       ingress.apiVersion: networking.k8s.io/v1 | ||||||
|  |       ingress.annotations: | ||||||
|  |         kubernetes.io/ingress.class: nginx | ||||||
|  |       ingress.className: nginx | ||||||
|  |       ingress.tls: | ||||||
|  |         - hosts: | ||||||
|  |             - example.com | ||||||
|  |           secretName: tls-secret | ||||||
|  |       ingress.hosts: | ||||||
|  |         - host: example.com | ||||||
|  |           paths: ["/"] | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - isKind: | ||||||
|  |           of: Ingress | ||||||
|  |       - equal: | ||||||
|  |           path: metadata.name | ||||||
|  |           value: RELEASE-NAME-gitea | ||||||
|  |       - matchRegex: | ||||||
|  |           path: apiVersion | ||||||
|  |           pattern: networking.k8s.io/v1 | ||||||
|  |       - equal: | ||||||
|  |           path: spec.ingressClassName | ||||||
|  |           value: nginx | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].host | ||||||
|  |           value: "example.com" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.tls[0].hosts[0] | ||||||
|  |           value: "example.com" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.tls[0].secretName | ||||||
|  |           value: tls-secret | ||||||
|  |       - equal: | ||||||
|  |           path: metadata.annotations["kubernetes.io/ingress.class"] | ||||||
|  |           value: nginx | ||||||
|  |  | ||||||
|  |   - it: should not create ingress when ingress.enabled is false | ||||||
|  |     set: | ||||||
|  |       ingress.enabled: false | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 0 | ||||||
|  |  | ||||||
|  |   - it: Ingress Class using TPL | ||||||
|  |     set: | ||||||
|  |       global.ingress.className: "ingress-class" | ||||||
|  |       ingress.className: "{{ .Values.global.ingress.className }}" | ||||||
|  |       ingress.enabled: true | ||||||
|  |       ingress.hosts[0].host: "some-host" | ||||||
|  |       ingress.tls: | ||||||
|  |         - secretName: gitea-tls | ||||||
|  |           hosts: | ||||||
|  |             - "some-host" | ||||||
|  |     asserts: | ||||||
|  |       - isKind: | ||||||
|  |           of: Ingress | ||||||
|  |       - equal: | ||||||
|  |           path: spec.tls[0].hosts[0] | ||||||
|  |           value: "some-host" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].host | ||||||
|  |           value: "some-host" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.ingressClassName | ||||||
|  |           value: "ingress-class" | ||||||
|  |  | ||||||
|  |   - it: hostname using TPL | ||||||
|  |     set: | ||||||
|  |       global.giteaHostName: "gitea.example.com" | ||||||
|  |       ingress.enabled: true | ||||||
|  |       ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}" | ||||||
|  |       ingress.tls: | ||||||
|  |         - secretName: gitea-tls | ||||||
|  |           hosts: | ||||||
|  |             - "{{ .Values.global.giteaHostName }}" | ||||||
|  |     asserts: | ||||||
|  |       - isKind: | ||||||
|  |           of: Ingress | ||||||
|  |       - equal: | ||||||
|  |           path: spec.tls[0].hosts[0] | ||||||
|  |           value: "gitea.example.com" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].host | ||||||
|  |           value: "gitea.example.com" | ||||||
							
								
								
									
										23
									
								
								unittests/helm/ingress/implicit-defaults.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								unittests/helm/ingress/implicit-defaults.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | |||||||
|  | suite: Test ingress with implicit path defaults | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/ingress.yaml | ||||||
|  | tests: | ||||||
|  |   - it: should use default path and pathType when no paths are specified | ||||||
|  |     set: | ||||||
|  |       ingress.enabled: true | ||||||
|  |       ingress.hosts: | ||||||
|  |         - host: git.example.com | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - isKind: | ||||||
|  |           of: Ingress | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].host | ||||||
|  |           value: "git.example.com" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].http.paths[0].path | ||||||
|  |           value: "/" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].http.paths[0].pathType | ||||||
|  |           value: "Prefix" | ||||||
							
								
								
									
										45
									
								
								unittests/helm/ingress/ingress.tpl.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										45
									
								
								unittests/helm/ingress/ingress.tpl.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,45 @@ | |||||||
|  | suite: Test ingress tpl use | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/ingress.yaml | ||||||
|  | tests: | ||||||
|  |   - it: Ingress Class using TPL | ||||||
|  |     set: | ||||||
|  |       global.ingress.className: "ingress-class" | ||||||
|  |       ingress.className: "{{ .Values.global.ingress.className }}" | ||||||
|  |       ingress.enabled: true | ||||||
|  |       ingress.hosts[0].host: "some-host" | ||||||
|  |       ingress.tls: | ||||||
|  |         - secretName: gitea-tls | ||||||
|  |           hosts: | ||||||
|  |             - "some-host" | ||||||
|  |     asserts: | ||||||
|  |       - isKind: | ||||||
|  |           of: Ingress | ||||||
|  |       - equal: | ||||||
|  |           path: spec.tls[0].hosts[0] | ||||||
|  |           value: "some-host" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].host | ||||||
|  |           value: "some-host" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.ingressClassName | ||||||
|  |           value: "ingress-class" | ||||||
|  |  | ||||||
|  |   - it: hostname using TPL | ||||||
|  |     set: | ||||||
|  |       global.giteaHostName: "gitea.example.com" | ||||||
|  |       ingress.enabled: true | ||||||
|  |       ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}" | ||||||
|  |       ingress.tls: | ||||||
|  |         - secretName: gitea-tls | ||||||
|  |           hosts: | ||||||
|  |             - "{{ .Values.global.giteaHostName }}" | ||||||
|  |     asserts: | ||||||
|  |       - isKind: | ||||||
|  |           of: Ingress | ||||||
|  |       - equal: | ||||||
|  |           path: spec.tls[0].hosts[0] | ||||||
|  |           value: "gitea.example.com" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].host | ||||||
|  |           value: "gitea.example.com" | ||||||
							
								
								
									
										26
									
								
								unittests/helm/ingress/structured-paths.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										26
									
								
								unittests/helm/ingress/structured-paths.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,26 @@ | |||||||
|  | suite: Test ingress with structured paths | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/ingress.yaml | ||||||
|  | tests: | ||||||
|  |   - it: should work with structured path definitions | ||||||
|  |     set: | ||||||
|  |       ingress.enabled: true | ||||||
|  |       ingress.hosts: | ||||||
|  |         - host: git.devxy.io | ||||||
|  |           paths: | ||||||
|  |             - path: / | ||||||
|  |               pathType: Prefix | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - isKind: | ||||||
|  |           of: Ingress | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].host | ||||||
|  |           value: "git.devxy.io" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].http.paths[0].path | ||||||
|  |           value: "/" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].http.paths[0].pathType | ||||||
|  |           value: "Prefix" | ||||||
| @@ -15,11 +15,11 @@ tests: | |||||||
|     asserts: |     asserts: | ||||||
|       - equal: |       - equal: | ||||||
|           path: stringData["configure_gpg_environment.sh"] |           path: stringData["configure_gpg_environment.sh"] | ||||||
|           value: |- |           value: | | ||||||
|             #!/usr/bin/env bash |             #!/usr/bin/env bash | ||||||
|             set -eu |             set -eu | ||||||
| 
 | 
 | ||||||
|             gpg --batch --import /raw/private.asc |             gpg --batch --import "$TMP_RAW_GPG_KEY" | ||||||
|   - it: skips gpg script block for disabled signing |   - it: skips gpg script block for disabled signing | ||||||
|     asserts: |     asserts: | ||||||
|       - equal: |       - equal: | ||||||
| @@ -65,7 +65,7 @@ tests: | |||||||
|   - it: it does not chown /data even when image.fullOverride is set |   - it: it does not chown /data even when image.fullOverride is set | ||||||
|     template: templates/gitea/init.yaml |     template: templates/gitea/init.yaml | ||||||
|     set: |     set: | ||||||
|       image.fullOverride: gitea/gitea:1.20.5 |       image.fullOverride: docker.gitea.com/gitea:1.20.5 | ||||||
|     asserts: |     asserts: | ||||||
|       - equal: |       - equal: | ||||||
|           path: stringData["init_directory_structure.sh"] |           path: stringData["init_directory_structure.sh"] | ||||||
| @@ -16,11 +16,11 @@ tests: | |||||||
|     asserts: |     asserts: | ||||||
|       - equal: |       - equal: | ||||||
|           path: stringData["configure_gpg_environment.sh"] |           path: stringData["configure_gpg_environment.sh"] | ||||||
|           value: |- |           value: | | ||||||
|             #!/usr/bin/env bash |             #!/usr/bin/env bash | ||||||
|             set -eu |             set -eu | ||||||
| 
 | 
 | ||||||
|             gpg --batch --import /raw/private.asc |             gpg --batch --import "$TMP_RAW_GPG_KEY" | ||||||
|   - it: skips gpg script block for disabled signing |   - it: skips gpg script block for disabled signing | ||||||
|     set: |     set: | ||||||
|       image.rootless: false |       image.rootless: false | ||||||
Some files were not shown because too many files have changed in this diff Show More
		Reference in New Issue
	
	Block a user