You've already forked helm-gitea
							
							Compare commits
	
		
			60 Commits
		
	
	
		
			v11.0.1
			...
			82190f3d30
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 82190f3d30 | |||
|   | e059beb82b | ||
|   | 9206b34af3 | ||
|   | 203a282e93 | ||
|   | 81c12fa3e5 | ||
|   | c7e294cf8c | ||
|   | ce60c7bb0f | ||
|   | 2875e08daf | ||
| 09767c4494 | |||
|   | a45253abf9 | ||
|   | f9efe98fe7 | ||
|   | 92c187f264 | ||
|   | 4fbdf634a9 | ||
|   | f0dcbe88dd | ||
|   | aa7ccb47ba | ||
|   | 0f1f329de4 | ||
|   | cb28148dc8 | ||
|   | ee84a1750b | ||
|   | 6e1d516bb2 | ||
|   | 08143654a5 | ||
|   | e134835662 | ||
|   | e7db8cddd9 | ||
| ec7a659535 | |||
|   | db177a356f | ||
|   | d29a7e84a4 | ||
|   | 31fa278145 | ||
|   | 52c249eb08 | ||
|   | 0d532363eb | ||
|   | 8f0f44a864 | ||
|   | cf86118976 | ||
|   | 7f96084a30 | ||
|   | 5292684a4a | ||
|   | edc42f69a9 | ||
|   | 9c607f8a4b | ||
|   | 6d89d0a1b7 | ||
|   | 8f35f45e31 | ||
|   | a94eec4238 | ||
|   | 87272a1244 | ||
|   | ed06694adf | ||
|   | 443a6d0cd7 | ||
|   | 8854e62572 | ||
|   | da2d169d65 | ||
|   | ebb4b1ee49 | ||
|   | e64afe393e | ||
|   | 6e4e414771 | ||
|   | 037eca0c91 | ||
|   | d10adfd064 | ||
|   | a1fc670df5 | ||
|   | 0cfe38aec5 | ||
|   | 5410bb08c2 | ||
|   | 3b32a04b9c | ||
|   | 5b247ea860 | ||
|   | 3aea811f1f | ||
|   | a7035ca4e5 | ||
|   | fa36d2beef | ||
|   | 6c5b42c482 | ||
|   | 356dd6e710 | ||
|   | 1f313ac70e | ||
|   | d2d542e625 | ||
|   | 75cd261b37 | 
							
								
								
									
										114
									
								
								.gitea/scripts/add-annotations.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										114
									
								
								.gitea/scripts/add-annotations.sh
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,114 @@ | ||||
| #!/bin/bash | ||||
|  | ||||
| set -e | ||||
|  | ||||
| CHART_FILE="Chart.yaml" | ||||
| if [ ! -f "${CHART_FILE}" ]; then | ||||
|   echo "ERROR: ${CHART_FILE} not found!" 1>&2 | ||||
|   exit 1 | ||||
| fi | ||||
|  | ||||
| DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)" | ||||
| DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)" | ||||
|  | ||||
| if [ -z "${1}" ]; then | ||||
|   read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG | ||||
|   if [ -z "${OLD_TAG}" ]; then | ||||
|     OLD_TAG="${DEFAULT_OLD_TAG}" | ||||
|   fi | ||||
|  | ||||
|   while [ -z "$(git tag --list "${OLD_TAG}")" ]; do | ||||
|     echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2 | ||||
|     read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG | ||||
|     if [ -z "${OLD_TAG}" ]; then | ||||
|       OLD_TAG="${DEFAULT_OLD_TAG}" | ||||
|     fi | ||||
|   done | ||||
| else | ||||
|   OLD_TAG=${1} | ||||
|   if [ -z "$(git tag --list "${OLD_TAG}")" ]; then | ||||
|     echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2 | ||||
|     exit 1 | ||||
|   fi | ||||
| fi | ||||
|  | ||||
| if [ -z "${2}" ]; then | ||||
|   read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG | ||||
|   if [ -z "${NEW_TAG}" ]; then | ||||
|     NEW_TAG="${DEFAULT_NEW_TAG}" | ||||
|   fi | ||||
|  | ||||
|   while [ -z "$(git tag --list "${NEW_TAG}")" ]; do | ||||
|     echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2 | ||||
|     read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG | ||||
|     if [ -z "${NEW_TAG}" ]; then | ||||
|       NEW_TAG="${DEFAULT_NEW_TAG}" | ||||
|     fi | ||||
|   done | ||||
| else | ||||
|   NEW_TAG=${2} | ||||
|  | ||||
|   if [ -z "$(git tag --list "${NEW_TAG}")" ]; then | ||||
|     echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2 | ||||
|     exit 1 | ||||
|   fi | ||||
| fi | ||||
|  | ||||
| CHANGE_LOG_YAML=$(mktemp) | ||||
| echo "[]" > "${CHANGE_LOG_YAML}" | ||||
|  | ||||
| function map_type_to_kind() { | ||||
|   case "${1}" in | ||||
|     feat) | ||||
|       echo "added" | ||||
|     ;; | ||||
|     fix) | ||||
|       echo "fixed" | ||||
|     ;; | ||||
|     chore|style|test|ci|docs|refac) | ||||
|       echo "changed" | ||||
|     ;; | ||||
|     revert) | ||||
|       echo "removed" | ||||
|     ;; | ||||
|     sec) | ||||
|       echo "security" | ||||
|     ;; | ||||
|     *) | ||||
|       echo "skip" | ||||
|     ;; | ||||
|   esac | ||||
| } | ||||
|  | ||||
| COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")" | ||||
|  | ||||
| echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}" | ||||
|  | ||||
| while IFS= read -r line; do | ||||
|   if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then | ||||
|     TYPE="${BASH_REMATCH[1]}" | ||||
|     KIND=$(map_type_to_kind "${TYPE}") | ||||
|  | ||||
|     if [ "${KIND}" == "skip" ]; then | ||||
|       continue | ||||
|     fi | ||||
|  | ||||
|     DESC="${BASH_REMATCH[3]}" | ||||
|  | ||||
|     echo "- ${KIND}: ${DESC}" | ||||
|  | ||||
|     jq --arg kind "${KIND}" --arg description "${DESC}" '. += [ $ARGS.named ]' < "${CHANGE_LOG_YAML}" > "${CHANGE_LOG_YAML}.new" | ||||
|     mv "${CHANGE_LOG_YAML}.new" "${CHANGE_LOG_YAML}" | ||||
|  | ||||
|   fi | ||||
| done <<< "${COMMIT_TITLES}" | ||||
|  | ||||
| if [ -s "${CHANGE_LOG_YAML}" ]; then | ||||
|   yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}" | ||||
|   yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}" | ||||
| else | ||||
|   echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2 | ||||
|   exit 1 | ||||
| fi | ||||
|  | ||||
| rm "${CHANGE_LOG_YAML}" | ||||
| @@ -8,7 +8,7 @@ on: | ||||
| jobs: | ||||
|   changelog: | ||||
|     runs-on: ubuntu-latest | ||||
|     container: docker.io/thegeeklab/git-sv:1.0.12 | ||||
|     container: docker.io/thegeeklab/git-sv:2.0.3 | ||||
|     steps: | ||||
|       - name: install tools | ||||
|         run: | | ||||
|   | ||||
| @@ -11,7 +11,7 @@ on: | ||||
| jobs: | ||||
|   check-and-test: | ||||
|     runs-on: ubuntu-latest | ||||
|     container: commitlint/commitlint:19.7.1 | ||||
|     container: commitlint/commitlint:19.8.1 | ||||
|     steps: | ||||
|       - uses: actions/checkout@v4 | ||||
|       - name: check PR title | ||||
|   | ||||
| @@ -5,33 +5,51 @@ on: | ||||
|     tags: | ||||
|       - "*" | ||||
|  | ||||
| env: | ||||
|   # renovate: datasource=docker depName=alpine/helm | ||||
|   HELM_VERSION: "3.17.1" | ||||
|  | ||||
| jobs: | ||||
|   generate-chart-publish: | ||||
|     runs-on: ubuntu-latest | ||||
|     steps: | ||||
|       - uses: actions/checkout@v4 | ||||
|       - name: install tools | ||||
|         with: | ||||
|           fetch-depth: 0 | ||||
|  | ||||
|       - name: Install packages via apt | ||||
|         run: | | ||||
|           apt update -y | ||||
|           apt install -y curl ca-certificates curl gnupg | ||||
|           # helm | ||||
|           curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz | ||||
|           tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz | ||||
|           mv linux-amd64/helm /usr/local/bin/ | ||||
|           rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz | ||||
|           apt update --yes | ||||
|           apt install --yes curl ca-certificates curl gnupg jq | ||||
|  | ||||
|       - name: Install helm | ||||
|         env: | ||||
|           # renovate: datasource=docker depName=alpine/helm | ||||
|           HELM_VERSION: "3.18.4" | ||||
|         run: | | ||||
|           curl --fail --location --output /dev/stdout --silent --show-error https://get.helm.sh/helm-v${HELM_VERSION}-linux-$(dpkg --print-architecture).tar.gz | tar --extract --gzip --file /dev/stdin | ||||
|           mv linux-$(dpkg --print-architecture)/helm /usr/local/bin/ | ||||
|           rm --force --recursive linux-$(dpkg --print-architecture) helm-v${HELM_VERSION}-linux-$(dpkg --print-architecture).tar.gz | ||||
|           helm version | ||||
|           # docker | ||||
|  | ||||
|       - name: Install yq | ||||
|         env: | ||||
|           YQ_VERSION: v4.45.4 # renovate: datasource=github-releases depName=mikefarah/yq | ||||
|         run: | | ||||
|           curl --fail --location --output /dev/stdout --silent --show-error https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_$(dpkg --print-architecture).tar.gz | tar --extract --gzip --file /dev/stdin | ||||
|           mv yq_linux_$(dpkg --print-architecture) /usr/local/bin | ||||
|           rm --force --recursive yq_linux_$(dpkg --print-architecture) yq_linux_$(dpkg --print-architecture).tar.gz | ||||
|           yq --version | ||||
|  | ||||
|       - name: Install docker-ce via apt | ||||
|         run: | | ||||
|           install -m 0755 -d /etc/apt/keyrings | ||||
|           curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg | ||||
|           curl --fail --location --silent --show-error https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg | ||||
|           chmod a+r /etc/apt/keyrings/docker.gpg | ||||
|           echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null | ||||
|           apt update -y | ||||
|           apt install -y python3 python3-pip apt-transport-https docker-ce-cli | ||||
|           apt update --yes | ||||
|           apt install --yes python3 python3-pip apt-transport-https docker-ce-cli | ||||
|  | ||||
|       - name: Install awscli | ||||
|         run: | | ||||
|           pip install awscli --break-system-packages | ||||
|           aws --version | ||||
|  | ||||
|       - name: Import GPG key | ||||
|         id: import_gpg | ||||
| @@ -41,6 +59,15 @@ jobs: | ||||
|           passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }} | ||||
|           fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0 | ||||
|  | ||||
|       - name: Add Artifacthub.io annotations | ||||
|         run: | | ||||
|           NEW_TAG="$(git tag --sort=-version:refname | head --lines 1)" | ||||
|           OLD_TAG="$(git tag --sort=-version:refname | head --lines 2 | tail --lines 1)" | ||||
|           .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}" | ||||
|  | ||||
|       - name: Print Chart.yaml | ||||
|         run: cat Chart.yaml | ||||
|  | ||||
|       # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 | ||||
|       - name: package chart | ||||
|         run: | | ||||
| @@ -51,7 +78,7 @@ jobs: | ||||
|           helm package --version "${GITHUB_REF#refs/tags/v}" ./ | ||||
|           mkdir gitea | ||||
|           mv gitea*.tgz gitea/ | ||||
|           curl -s -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml | ||||
|           curl --fail --location --output gitea/index.yaml --silent --show-error https://dl.gitea.com/charts/index.yaml | ||||
|           helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml | ||||
|           # push to dockerhub | ||||
|           echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin | ||||
| @@ -68,3 +95,29 @@ jobs: | ||||
|       - name: Copy files to S3 and clear cache | ||||
|         run: | | ||||
|           aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/ | ||||
|  | ||||
|   release-gitea: | ||||
|     needs: generate-chart-publish | ||||
|     runs-on: ubuntu-latest | ||||
|     container: docker.io/thegeeklab/git-sv:2.0.3 | ||||
|     steps: | ||||
|       - name: install tools | ||||
|         run: | | ||||
|           apk add -q --update --no-cache nodejs | ||||
|       - uses: actions/checkout@v4 | ||||
|         with: | ||||
|           fetch-tags: true | ||||
|           fetch-depth: 0 | ||||
|  | ||||
|       - name: Create changelog | ||||
|         run: | | ||||
|           git sv current-version | ||||
|           git sv release-notes -t ${GITHUB_REF#refs/tags/} -o CHANGELOG.md | ||||
|           sed -i '1,2d' CHANGELOG.md # remove version | ||||
|           cat CHANGELOG.md | ||||
|  | ||||
|       - name: Release | ||||
|         uses: https://github.com/akkuman/gitea-release-action@v1 | ||||
|         with: | ||||
|           body_path: CHANGELOG.md | ||||
|           token: "${{ secrets.RELEASE_TOKEN }}" | ||||
|   | ||||
| @@ -10,12 +10,12 @@ on: | ||||
|  | ||||
| env: | ||||
|   # renovate: datasource=github-releases depName=helm-unittest/helm-unittest | ||||
|   HELM_UNITTEST_VERSION: "v0.7.2" | ||||
|   HELM_UNITTEST_VERSION: "v0.8.2" | ||||
|  | ||||
| jobs: | ||||
|   check-and-test: | ||||
|     runs-on: ubuntu-latest | ||||
|     container: alpine/helm:3.17.1 | ||||
|     container: alpine/helm:3.18.4 | ||||
|     steps: | ||||
|       - name: install tools | ||||
|         run: | | ||||
|   | ||||
							
								
								
									
										2
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
								
							| @@ -1,6 +1,6 @@ | ||||
| { | ||||
|     "yaml.schemas": { | ||||
|         "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.7.2/schema/helm-testsuite.json": [ | ||||
|         "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.8.2/schema/helm-testsuite.json": [ | ||||
|             "/unittests/**/*.yaml" | ||||
|         ] | ||||
|     }, | ||||
|   | ||||
| @@ -1 +1 @@ | ||||
| * @justusbunsi @pat-s | ||||
| charts/*  | ||||
|   | ||||
| @@ -75,6 +75,6 @@ See [bats documentation](https://bats-core.readthedocs.io/en/stable/) for usage | ||||
|  | ||||
| ## Release process | ||||
|  | ||||
| 1. Create a tag following the tagging schema | ||||
| 1. Push the tag | ||||
| 1. Ensure you have [`git-sv`](https://github.com/thegeeklab/git-sv) installed | ||||
| 1. Run `git sv tag` (this creates and pushes the tag following the respective next tag according to the semver commits issued since the last release) | ||||
| 1. Let CI do it's work | ||||
|   | ||||
							
								
								
									
										16
									
								
								Chart.lock
									
									
									
									
									
								
							
							
						
						
									
										16
									
								
								Chart.lock
									
									
									
									
									
								
							| @@ -1,15 +1,15 @@ | ||||
| dependencies: | ||||
| - name: postgresql | ||||
|   repository: oci://registry-1.docker.io/bitnamicharts | ||||
|   version: 16.4.14 | ||||
|   version: 16.7.21 | ||||
| - name: postgresql-ha | ||||
|   repository: oci://registry-1.docker.io/bitnamicharts | ||||
|   version: 15.2.3 | ||||
| - name: redis-cluster | ||||
|   version: 16.0.22 | ||||
| - name: valkey-cluster | ||||
|   repository: oci://registry-1.docker.io/bitnamicharts | ||||
|   version: 11.4.3 | ||||
| - name: redis | ||||
|   version: 3.0.18 | ||||
| - name: valkey | ||||
|   repository: oci://registry-1.docker.io/bitnamicharts | ||||
|   version: 20.8.0 | ||||
| digest: sha256:ce1a2a02c3e1adb764cae42ccce1efd2d41adb5024576e6d8a92b30b8dfe67db | ||||
| generated: "2025-02-23T00:12:41.541107288Z" | ||||
|   version: 3.0.22 | ||||
| digest: sha256:96a5d8b084c2558569064245792a7d882c8d0822da2f69fa6423ed682c6861bd | ||||
| generated: "2025-07-26T00:04:25.213432532Z" | ||||
|   | ||||
							
								
								
									
										26
									
								
								Chart.yaml
									
									
									
									
									
								
							
							
						
						
									
										26
									
								
								Chart.yaml
									
									
									
									
									
								
							| @@ -4,7 +4,7 @@ description: Gitea Helm chart for Kubernetes | ||||
| type: application | ||||
| version: 0.0.0 | ||||
| # renovate datasource=github-releases depName=go-gitea/gitea extractVersion=^v(?<version>.*)$ | ||||
| appVersion: 1.23.6 | ||||
| appVersion: 1.24.3 | ||||
| icon: https://gitea.com/assets/img/logo.svg | ||||
|  | ||||
| keywords: | ||||
| @@ -27,29 +27,25 @@ maintainers: | ||||
|     email: konrad.lother@novum-rgi.de | ||||
|   - name: Lucas Hahn | ||||
|     email: lucas.hahn@novum-rgi.de | ||||
|   - name: Steven Kriegler | ||||
|     email: sk.bunsenbrenner@gmail.com | ||||
|   - name: Patrick Schratz | ||||
|     email: patrick.schratz@gmail.com | ||||
|  | ||||
| dependencies: | ||||
|   # https://github.com/bitnami/charts/blob/main/bitnami/postgresql | ||||
|   - name: postgresql | ||||
|     repository: oci://registry-1.docker.io/bitnamicharts | ||||
|     version: 16.4.14 | ||||
|     version: 16.7.21 | ||||
|     condition: postgresql.enabled | ||||
|   # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml | ||||
|   - name: postgresql-ha | ||||
|     repository: oci://registry-1.docker.io/bitnamicharts | ||||
|     version: 15.2.3 | ||||
|     version: 16.0.22 | ||||
|     condition: postgresql-ha.enabled | ||||
|   # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml | ||||
|   - name: redis-cluster | ||||
|   # https://github.com/bitnami/charts/blob/main/bitnami/valkey-cluster/Chart.yaml | ||||
|   - name: valkey-cluster | ||||
|     repository: oci://registry-1.docker.io/bitnamicharts | ||||
|     version: 11.4.3 | ||||
|     condition: redis-cluster.enabled | ||||
|   # https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml | ||||
|   - name: redis | ||||
|     version: 3.0.18 | ||||
|     condition: valkey-cluster.enabled | ||||
|   # https://github.com/bitnami/charts/blob/main/bitnami/valkey/Chart.yaml | ||||
|   - name: valkey | ||||
|     repository: oci://registry-1.docker.io/bitnamicharts | ||||
|     version: 20.8.0 | ||||
|     condition: redis.enabled | ||||
|     version: 3.0.22 | ||||
|     condition: valkey.enabled | ||||
|   | ||||
							
								
								
									
										227
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										227
									
								
								README.md
									
									
									
									
									
								
							| @@ -33,6 +33,7 @@ | ||||
| - [Metrics and profiling](#metrics-and-profiling) | ||||
|   - [Secure Metrics Endpoint](#secure-metrics-endpoint) | ||||
| - [Pod annotations](#pod-annotations) | ||||
| - [TLS certificate rotation](#tls-certificate-rotation) | ||||
| - [Themes](#themes) | ||||
| - [Renovate](#renovate) | ||||
| - [Parameters](#parameters) | ||||
| @@ -47,13 +48,12 @@ | ||||
|   - [Persistence](#persistence-1) | ||||
|   - [Init](#init) | ||||
|   - [Signing](#signing) | ||||
|   - [Gitea Actions](#gitea-actions) | ||||
|   - [Gitea](#gitea) | ||||
|   - [LivenessProbe](#livenessprobe) | ||||
|   - [ReadinessProbe](#readinessprobe) | ||||
|   - [StartupProbe](#startupprobe) | ||||
|   - [redis-cluster](#redis-cluster) | ||||
|   - [redis](#redis) | ||||
|   - [valkey-cluster](#valkey-cluster) | ||||
|   - [valkey](#valkey) | ||||
|   - [PostgreSQL HA](#postgresql-ha) | ||||
|   - [PostgreSQL](#postgresql) | ||||
|   - [Advanced](#advanced) | ||||
| @@ -63,6 +63,8 @@ | ||||
| [Gitea](https://gitea.com) is a community managed lightweight code hosting solution written in Go. | ||||
| It is published under the MIT license. | ||||
|  | ||||
| > :warning: This chart is currently unmaintained and in desperate need of a new maintainer. If you want to apply as a maintainer, please comment on [#916](https://gitea.com/gitea/helm-gitea/issues/916) | ||||
|  | ||||
| ## Introduction | ||||
|  | ||||
| This helm chart has taken some inspiration from [jfelten's helm chart](https://github.com/jfelten/gitea-helm-chart). | ||||
| @@ -96,14 +98,14 @@ Users can also configure their own external providers via the configuration. | ||||
| These dependencies are enabled by default: | ||||
|  | ||||
| - PostgreSQL HA ([Bitnami PostgreSQL-HA](https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml)) | ||||
| - Redis-Cluster ([Bitnami Redis-Cluster](https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml)) | ||||
| - Valkey-Cluster ([Bitnami Valkey-Cluster](https://github.com/bitnami/charts/blob/main/bitnami/valkey-cluster/Chart.yaml)) | ||||
|  | ||||
| ### Non-HA Dependencies | ||||
|  | ||||
| Alternatively, the following non-HA replacements are available: | ||||
|  | ||||
| - PostgreSQL ([Bitnami PostgreSQL](<Postgresql](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml)>)) | ||||
| - Redis ([Bitnami Redis](<Redis](https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml)>)) | ||||
| - PostgreSQL ([Bitnami PostgreSQL](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml)) | ||||
| - Valkey ([Bitnami Valkey](https://github.com/bitnami/charts/blob/main/bitnami/valkey/Chart.yaml)) | ||||
|  | ||||
| ### Dependency Versioning | ||||
|  | ||||
| @@ -121,8 +123,8 @@ Please double-check the image repository and available tags in the sub-chart: | ||||
|  | ||||
| - [PostgreSQL-HA](https://hub.docker.com/r/bitnami/postgresql-repmgr/tags) | ||||
| - [PostgreSQL](https://hub.docker.com/r/bitnami/postgresql/tags) | ||||
| - [Redis Cluster](https://hub.docker.com/r/bitnami/redis-cluster/tags) | ||||
| - [Redis](https://hub.docker.com/r/bitnami/redis/tags) | ||||
| - [Valkey Cluster](https://hub.docker.com/r/bitnami/valkey-cluster/tags) | ||||
| - [Valkey](https://hub.docker.com/r/bitnami/valkey/tags) | ||||
|  | ||||
| and look up the image tag which fits your needs on Dockerhub. | ||||
|  | ||||
| @@ -167,7 +169,7 @@ available. As this is a Golang application, this can be implemented using `GOMAX | ||||
| of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS | ||||
| rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling. | ||||
|  | ||||
| Further information about this topic can be found [here](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/). | ||||
| Further information about this topic can be found [under this link](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/). | ||||
|  | ||||
| > [!NOTE] | ||||
| > The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is | ||||
| @@ -178,12 +180,12 @@ Further information about this topic can be found [here](https://kanishk.io/post | ||||
| ```yaml | ||||
| deployment: | ||||
|   env: | ||||
|   # Will be automatically defined! | ||||
|   - name: GOMAXPROCS | ||||
|     valueFrom: | ||||
|       resourceFieldRef: | ||||
|         divisor: "1" # Is required for GitDevOps systems like ArgoCD/Flux. Otherwise throw the system a diff error. (k8s-default=1) | ||||
|         resource: limits.cpu | ||||
|     # Will be automatically defined! | ||||
|     - name: GOMAXPROCS | ||||
|       valueFrom: | ||||
|         resourceFieldRef: | ||||
|           divisor: "1" # Is required for GitDevOps systems like ArgoCD/Flux. Otherwise throw the system a diff error. (k8s-default=1) | ||||
|           resource: limits.cpu | ||||
|  | ||||
| resources: | ||||
|   limits: | ||||
| @@ -282,28 +284,28 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us | ||||
|  | ||||
| #### Session, Cache and Queue | ||||
|  | ||||
| The session, cache and queue settings are set to use the built-in Redis Cluster sub-chart dependency. | ||||
| If Redis Cluster is disabled, the chart will fall back to the Gitea defaults which use "memory" for `session` and `cache` and "level" for `queue`. | ||||
| The session, cache and queue settings are set to use the built-in Valkey Cluster sub-chart dependency. | ||||
| If Valkey Cluster is disabled, the chart will fall back to the Gitea defaults which use "memory" for `session` and `cache` and "level" for `queue`. | ||||
|  | ||||
| While these will work and even not cause immediate issues after startup, **they are not recommended for production use**. | ||||
| Reasons being that a single pod will take on all the work for `session` and `cache` tasks in its available memory. | ||||
| It is likely that the pod will run out of memory or will face substantial memory spikes, depending on the workload. | ||||
| External tools such as `redis-cluster` or `memcached` handle these workloads much better. | ||||
| External tools such as `valkey-cluster` or `memcached` handle these workloads much better. | ||||
|  | ||||
| ### Single-Pod Configurations | ||||
|  | ||||
| If HA is not needed/desired, the following configurations can be used to deploy a single-pod Gitea instance. | ||||
|  | ||||
| 1. For a production-ready single-pod Gitea instance without external dependencies (using the chart dependency `postgresql` and `redis`): | ||||
| 1. For a production-ready single-pod Gitea instance without external dependencies (using the chart dependency `postgresql` and `valkey`): | ||||
|  | ||||
|    <details> | ||||
|  | ||||
|    <summary>values.yml</summary> | ||||
|  | ||||
|    ```yaml | ||||
|    redis-cluster: | ||||
|    valkey-cluster: | ||||
|      enabled: false | ||||
|    redis: | ||||
|    valkey: | ||||
|      enabled: true | ||||
|    postgresql: | ||||
|      enabled: true | ||||
| @@ -334,9 +336,9 @@ If HA is not needed/desired, the following configurations can be used to deploy | ||||
|    <summary>values.yml</summary> | ||||
|  | ||||
|    ```yaml | ||||
|    redis-cluster: | ||||
|    valkey-cluster: | ||||
|      enabled: false | ||||
|    redis: | ||||
|    valkey: | ||||
|      enabled: false | ||||
|    postgresql: | ||||
|      enabled: false | ||||
| @@ -534,21 +536,21 @@ and the repository exists. | ||||
| ``` | ||||
|  | ||||
| To solve this problem add the capability `SYS_CHROOT` to the `securityContext`. | ||||
| More about this issue [here](https://gitea.com/gitea/helm-gitea/issues/161). | ||||
| More about this issue [under this link](https://gitea.com/gitea/helm-gitea/issues/161). | ||||
|  | ||||
| ### Cache | ||||
|  | ||||
| The cache handling is done via `redis-cluster` (via the `bitnami` chart) by default. | ||||
| The cache handling is done via `valkey-cluster` (via the `bitnami` chart) by default. | ||||
| This deployment is HA-ready but can also be used for single-pod deployments. | ||||
| By default, 6 replicas are deployed for a working `redis-cluster` deployment. | ||||
| Many cloud providers offer a managed redis service, which can be used instead of the built-in `redis-cluster`. | ||||
| By default, 6 replicas are deployed for a working `valkey-cluster` deployment. | ||||
| Many cloud providers offer a managed valkey service, which can be used instead of the built-in `valkey-cluster`. | ||||
|  | ||||
| ```yaml | ||||
| redis-cluster: | ||||
| valkey-cluster: | ||||
|   enabled: true | ||||
| ``` | ||||
|  | ||||
| ⚠️ The redis charts [do not work well with special characters in the password](https://gitea.com/gitea/helm-gitea/issues/690). | ||||
| ⚠️ The valkey charts [do not work well with special characters in the password](https://gitea.com/gitea/helm-chart/issues/690). | ||||
| Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed. | ||||
|  | ||||
| ### Persistence | ||||
| @@ -694,7 +696,7 @@ Affected options: | ||||
|  | ||||
| Like the admin user, OAuth2 settings can be updated and disabled but not deleted. | ||||
| Deleting OAuth2 settings has to be done in the ui. | ||||
| All OAuth2 values, which are documented [here](https://docs.gitea.com/administration/command-line#admin), are | ||||
| All OAuth2 values, which are documented [under this link](https://docs.gitea.com/administration/command-line#admin), are | ||||
| available. | ||||
|  | ||||
| Multiple OAuth2 sources can be configured with additional OAuth list items. | ||||
| @@ -817,6 +819,31 @@ gitea: | ||||
|   podAnnotations: {} | ||||
| ``` | ||||
|  | ||||
| ## TLS certificate rotation | ||||
|  | ||||
| If Gitea uses TLS certificates that are mounted as a secret in the container file system, Gitea will not automatically apply them when the TLS certificates are rotated. | ||||
| Such a rotation can be for example triggered, when the cert-manager issues new TLS certificates before expiring. Further information is described as GitHub | ||||
| [issue](https://github.com/go-gitea/gitea/issues/27962). | ||||
|  | ||||
| Until the issue is present, a workaround can be applied. | ||||
| For example stakater's [reloader](https://github.com/stakater/Reloader) controller can be used to trigger a rolling update. | ||||
| The following annotation must be added to instruct the reloader controller to trigger a rolling update, when the mounted `configMaps` and `secrets` have been changed. | ||||
|  | ||||
| ```yaml | ||||
| deployment: | ||||
|   annotations: | ||||
|     reloader.stakater.com/auto: "true" | ||||
| ``` | ||||
|  | ||||
| Instead of triggering a rolling update for configMap and secret resources, this action can also be defined for individual items. | ||||
| For example, when the secret named `gitea-tls` is mounted and the reloader controller should only listen for changes of this secret: | ||||
|  | ||||
| ```yaml | ||||
| deployment: | ||||
|   annotations: | ||||
|     secret.reloader.stakater.com/reload: "gitea-tls" | ||||
| ``` | ||||
|  | ||||
| ## Themes | ||||
|  | ||||
| Custom themes can be added via k8s secrets and referencing them in `values.yaml`. | ||||
| @@ -991,16 +1018,15 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | ||||
|  | ||||
| ### Ingress | ||||
|  | ||||
| | Name                                 | Description                                                                 | Value             | | ||||
| | ------------------------------------ | --------------------------------------------------------------------------- | ----------------- | | ||||
| | `ingress.enabled`                    | Enable ingress                                                              | `false`           | | ||||
| | `ingress.className`                  | Ingress class name                                                          | `nil`             | | ||||
| | `ingress.annotations`                | Ingress annotations                                                         | `{}`              | | ||||
| | `ingress.hosts[0].host`              | Default Ingress host                                                        | `git.example.com` | | ||||
| | `ingress.hosts[0].paths[0].path`     | Default Ingress path                                                        | `/`               | | ||||
| | `ingress.hosts[0].paths[0].pathType` | Ingress path type                                                           | `Prefix`          | | ||||
| | `ingress.tls`                        | Ingress tls settings                                                        | `[]`              | | ||||
| | `ingress.apiVersion`                 | Specify APIVersion of ingress object. Mostly would only be used for argocd. |                   | | ||||
| | Name                             | Description                     | Value             | | ||||
| | -------------------------------- | ------------------------------- | ----------------- | | ||||
| | `ingress.enabled`                | Enable ingress                  | `false`           | | ||||
| | `ingress.className`              | DEPRECATED: Ingress class name. | `""`              | | ||||
| | `ingress.pathType`               | Ingress Path Type               | `Prefix`          | | ||||
| | `ingress.annotations`            | Ingress annotations             | `{}`              | | ||||
| | `ingress.hosts[0].host`          | Default Ingress host            | `git.example.com` | | ||||
| | `ingress.hosts[0].paths[0].path` | Default Ingress path            | `/`               | | ||||
| | `ingress.tls`                    | Ingress tls settings            | `[]`              | | ||||
|  | ||||
| ### deployment | ||||
|  | ||||
| @@ -1053,12 +1079,13 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | ||||
|  | ||||
| ### Init | ||||
|  | ||||
| | Name                                       | Description                                                                          | Value   | | ||||
| | ------------------------------------------ | ------------------------------------------------------------------------------------ | ------- | | ||||
| | `initPreScript`                            | Bash shell script copied verbatim to the start of the init-container.                | `""`    | | ||||
| | `initContainers.resources.limits`          | initContainers.limits Kubernetes resource limits for init containers                 | `{}`    | | ||||
| | `initContainers.resources.requests.cpu`    | initContainers.requests.cpu Kubernetes cpu resource limits for init containers       | `100m`  | | ||||
| | `initContainers.resources.requests.memory` | initContainers.requests.memory Kubernetes memory resource limits for init containers | `128Mi` | | ||||
| | Name                                       | Description                                                                          | Value        | | ||||
| | ------------------------------------------ | ------------------------------------------------------------------------------------ | ------------ | | ||||
| | `initPreScript`                            | Bash shell script copied verbatim to the start of the init-container.                | `""`         | | ||||
| | `initContainersScriptsVolumeMountPath`     | Path to mount the scripts consumed from the Secrets                                  | `/usr/sbinx` | | ||||
| | `initContainers.resources.limits`          | initContainers.limits Kubernetes resource limits for init containers                 | `{}`         | | ||||
| | `initContainers.resources.requests.cpu`    | initContainers.requests.cpu Kubernetes cpu resource limits for init containers       | `100m`       | | ||||
| | `initContainers.resources.requests.memory` | initContainers.requests.memory Kubernetes memory resource limits for init containers | `128Mi`      | | ||||
|  | ||||
| ### Signing | ||||
|  | ||||
| @@ -1069,44 +1096,6 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | ||||
| | `signing.privateKey`     | Inline private gpg key for signed internal Git activity           | `""`               | | ||||
| | `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""`               | | ||||
|  | ||||
| ### Gitea Actions | ||||
|  | ||||
| | Name                                              | Description                                                                                                                                 | Value                          | | ||||
| | ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | | ||||
| | `actions.enabled`                                 | Create an act runner StatefulSet.                                                                                                           | `false`                        | | ||||
| | `actions.init.image.repository`                   | The image used for the init containers                                                                                                      | `busybox`                      | | ||||
| | `actions.init.image.tag`                          | The image tag used for the init containers                                                                                                  | `1.37.0`                       | | ||||
| | `actions.statefulset.annotations`                 | Act runner annotations                                                                                                                      | `{}`                           | | ||||
| | `actions.statefulset.labels`                      | Act runner labels                                                                                                                           | `{}`                           | | ||||
| | `actions.statefulset.resources`                   | Act runner resources                                                                                                                        | `{}`                           | | ||||
| | `actions.statefulset.nodeSelector`                | NodeSelector for the statefulset                                                                                                            | `{}`                           | | ||||
| | `actions.statefulset.tolerations`                 | Tolerations for the statefulset                                                                                                             | `[]`                           | | ||||
| | `actions.statefulset.affinity`                    | Affinity for the statefulset                                                                                                                | `{}`                           | | ||||
| | `actions.statefulset.extraVolumes`                | Extra volumes for the statefulset                                                                                                           | `[]`                           | | ||||
| | `actions.statefulset.actRunner.repository`        | The Gitea act runner image                                                                                                                  | `gitea/act_runner`             | | ||||
| | `actions.statefulset.actRunner.tag`               | The Gitea act runner tag                                                                                                                    | `0.2.11`                       | | ||||
| | `actions.statefulset.actRunner.pullPolicy`        | The Gitea act runner pullPolicy                                                                                                             | `IfNotPresent`                 | | ||||
| | `actions.statefulset.actRunner.extraVolumeMounts` | Allows mounting extra volumes in the act runner container                                                                                   | `[]`                           | | ||||
| | `actions.statefulset.actRunner.config`            | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` | | ||||
| | `actions.statefulset.dind.repository`             | The Docker-in-Docker image                                                                                                                  | `docker`                       | | ||||
| | `actions.statefulset.dind.tag`                    | The Docker-in-Docker image tag                                                                                                              | `25.0.2-dind`                  | | ||||
| | `actions.statefulset.dind.pullPolicy`             | The Docker-in-Docker pullPolicy                                                                                                             | `IfNotPresent`                 | | ||||
| | `actions.statefulset.dind.extraVolumeMounts`      | Allows mounting extra volumes in the Docker-in-Docker container                                                                             | `[]`                           | | ||||
| | `actions.statefulset.dind.extraEnvs`              | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`                                                                | `[]`                           | | ||||
| | `actions.provisioning.enabled`                    | Create a job that will create and save the token in a Kubernetes Secret                                                                     | `false`                        | | ||||
| | `actions.provisioning.annotations`                | Job's annotations                                                                                                                           | `{}`                           | | ||||
| | `actions.provisioning.labels`                     | Job's labels                                                                                                                                | `{}`                           | | ||||
| | `actions.provisioning.resources`                  | Job's resources                                                                                                                             | `{}`                           | | ||||
| | `actions.provisioning.nodeSelector`               | NodeSelector for the job                                                                                                                    | `{}`                           | | ||||
| | `actions.provisioning.tolerations`                | Tolerations for the job                                                                                                                     | `[]`                           | | ||||
| | `actions.provisioning.affinity`                   | Affinity for the job                                                                                                                        | `{}`                           | | ||||
| | `actions.provisioning.ttlSecondsAfterFinished`    | ttl for the job after finished in order to allow helm to properly recognize that the job completed                                          | `300`                          | | ||||
| | `actions.provisioning.publish.repository`         | The image that can create the secret via kubectl                                                                                            | `bitnami/kubectl`              | | ||||
| | `actions.provisioning.publish.tag`                | The publish image tag that can create the secret                                                                                            | `1.29.0`                       | | ||||
| | `actions.provisioning.publish.pullPolicy`         | The publish image pullPolicy that can create the secret                                                                                     | `IfNotPresent`                 | | ||||
| | `actions.existingSecret`                          | Secret that contains the token                                                                                                              | `""`                           | | ||||
| | `actions.existingSecretKey`                       | Secret key                                                                                                                                  | `""`                           | | ||||
|  | ||||
| ### Gitea | ||||
|  | ||||
| | Name                                         | Description                                                                                                                    | Value                | | ||||
| @@ -1169,27 +1158,30 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | ||||
| | `gitea.startupProbe.successThreshold`    | Success threshold for startup probe             | `1`     | | ||||
| | `gitea.startupProbe.failureThreshold`    | Failure threshold for startup probe             | `10`    | | ||||
|  | ||||
| ### redis-cluster | ||||
| ### valkey-cluster | ||||
|  | ||||
| Redis cluster and [Redis](#redis) cannot be enabled at the same time. | ||||
| Valkey cluster and [Valkey](#valkey) cannot be enabled at the same time. | ||||
|  | ||||
| | Name                             | Description                                  | Value   | | ||||
| | -------------------------------- | -------------------------------------------- | ------- | | ||||
| | `redis-cluster.enabled`          | Enable redis cluster                         | `true`  | | ||||
| | `redis-cluster.usePassword`      | Whether to use password authentication       | `false` | | ||||
| | `redis-cluster.cluster.nodes`    | Number of redis cluster master nodes         | `3`     | | ||||
| | `redis-cluster.cluster.replicas` | Number of redis cluster master node replicas | `0`     | | ||||
| | Name                                  | Description                                                          | Value   | | ||||
| | ------------------------------------- | -------------------------------------------------------------------- | ------- | | ||||
| | `valkey-cluster.enabled`              | Enable valkey cluster                                                | `true`  | | ||||
| | `valkey-cluster.usePassword`          | Whether to use password authentication                               | `false` | | ||||
| | `valkey-cluster.usePasswordFiles`     | Whether to mount passwords as files instead of environment variables | `false` | | ||||
| | `valkey-cluster.cluster.nodes`        | Number of valkey cluster master nodes                                | `3`     | | ||||
| | `valkey-cluster.cluster.replicas`     | Number of valkey cluster master node replicas                        | `0`     | | ||||
| | `valkey-cluster.service.ports.valkey` | Port of Valkey service                                               | `6379`  | | ||||
|  | ||||
| ### redis | ||||
| ### valkey | ||||
|  | ||||
| Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. | ||||
| Valkey and [Valkey cluster](#valkey-cluster) cannot be enabled at the same time. | ||||
|  | ||||
| | Name                          | Description                                | Value        | | ||||
| | ----------------------------- | ------------------------------------------ | ------------ | | ||||
| | `redis.enabled`               | Enable redis standalone or replicated      | `false`      | | ||||
| | `redis.architecture`          | Whether to use standalone or replication   | `standalone` | | ||||
| | `redis.global.redis.password` | Required password                          | `changeme`   | | ||||
| | `redis.master.count`          | Number of Redis master instances to deploy | `1`          | | ||||
| | Name                                 | Description                                 | Value        | | ||||
| | ------------------------------------ | ------------------------------------------- | ------------ | | ||||
| | `valkey.enabled`                     | Enable valkey standalone or replicated      | `false`      | | ||||
| | `valkey.architecture`                | Whether to use standalone or replication    | `standalone` | | ||||
| | `valkey.global.valkey.password`      | Required password                           | `changeme`   | | ||||
| | `valkey.master.count`                | Number of Valkey master instances to deploy | `1`          | | ||||
| | `valkey.master.service.ports.valkey` | Port of Valkey service                      | `6379`       | | ||||
|  | ||||
| ### PostgreSQL HA | ||||
|  | ||||
| @@ -1203,6 +1195,7 @@ Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. | ||||
| | `postgresql-ha.postgresql.repmgrPassword`   | Repmgr Password                                                  | `changeme2` | | ||||
| | `postgresql-ha.postgresql.postgresPassword` | postgres Password                                                | `changeme1` | | ||||
| | `postgresql-ha.pgpool.adminPassword`        | pgpool adminPassword                                             | `changeme3` | | ||||
| | `postgresql-ha.pgpool.srCheckPassword`      | pgpool srCheckPassword                                           | `changeme4` | | ||||
| | `postgresql-ha.service.ports.postgresql`    | PostgreSQL service port (overrides `service.ports.postgresql`)   | `5432`      | | ||||
| | `postgresql-ha.persistence.size`            | PVC Storage Request for PostgreSQL HA volume                     | `10Gi`      | | ||||
|  | ||||
| @@ -1241,6 +1234,31 @@ If you miss this, blindly upgrading may delete your Postgres instance and you ma | ||||
|  | ||||
| <details> | ||||
|  | ||||
| <summary>To 12.0.0</summary> | ||||
|  | ||||
| <!-- prettier-ignore-start --> | ||||
| <!-- markdownlint-disable-next-line --> | ||||
| **Breaking changes** | ||||
| <!-- prettier-ignore-end --> | ||||
|  | ||||
| - Outsourced "Actions" related configuration. | ||||
|   To deploy and use "Actions", please see the new dedicated chart at <https://gitea.com/gitea/helm-actions>. | ||||
|   It is maintained by a seperate maintainer group and hasn't seen a release yet (at the time of the 12.0 release). | ||||
|   Feel encouraged to contribute if "Actions" is important to you! | ||||
|  | ||||
|   This change was made to avoid overloading the existing helm chart, which is already quite large in size and configuration options. | ||||
|   In addition, the existing maintainers team was not actively using "Actions" which slowed down development and community contributions. | ||||
|   While the new chart is still young (and waiting for contributions! and maintainers), we believe that it is the best way moving forward for both parts. | ||||
| - Migrated from Redis/Redis-cluster to Valkey/Valkey-cluster charts (#775). | ||||
|   While marked as breaking, there is no need to migrate data. | ||||
|   The cache will start to refill automatically. | ||||
| - Migrated ingress from `networking.k8s.io/v1beta` to `networking.k8s.io/v1`. | ||||
|   We didn't make any changes to the syntax, so the upgrade should be seamless. | ||||
|  | ||||
| </details> | ||||
|  | ||||
| <details> | ||||
|  | ||||
| <summary>To 11.0.0</summary> | ||||
|  | ||||
| <!-- prettier-ignore-start --> | ||||
| @@ -1258,8 +1276,7 @@ If you miss this, blindly upgrading may delete your Postgres instance and you ma | ||||
|   Although there are no breaking changes in the Redis Chart itself, it updates Redis from `7.2` to `7.4`. We recommend checking the release notes: | ||||
|   - [Redis Chart release notes (starting with v11.0.0)](https://github.com/bitnami/charts/blob/HEAD/bitnami/redis-cluster/CHANGELOG.md#1100-2024-08-09). | ||||
|   - [Redis 7.4 release notes](https://raw.githubusercontent.com/redis/redis/7.4/00-RELEASENOTES). | ||||
|  | ||||
| </details> | ||||
|   </details> | ||||
|  | ||||
| <details> | ||||
|  | ||||
| @@ -1336,16 +1353,16 @@ gitea: | ||||
|   config: | ||||
|     session: | ||||
|       PROVIDER: redis-cluster | ||||
|       PROVIDER_CONFIG: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||
|       PROVIDER_CONFIG: redis+cluster://:gitea@gitea-valkey-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||
|  | ||||
|     cache: | ||||
|       ENABLED: true | ||||
|       ADAPTER: redis-cluster | ||||
|       HOST: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||
|       HOST: redis+cluster://:gitea@gitea-valkey-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||
|  | ||||
|     queue: | ||||
|       TYPE: redis | ||||
|       CONN_STR: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||
|       CONN_STR: redis+cluster://:gitea@gitea-valkey-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||
| ``` | ||||
|  | ||||
| <!-- prettier-ignore-start --> | ||||
|   | ||||
| @@ -1,34 +0,0 @@ | ||||
| # Gitea Actions | ||||
|  | ||||
| In order to use the Gitea Actions act-runner you must either: | ||||
|  | ||||
| - enable persistence (used for automatic deployment to be able to store the token in a place accessible for the Job) | ||||
| - create a secret containing the act runner token and reference it as a `existingSecret` | ||||
|  | ||||
| In order to use Gitea Actions, you must log on the server that's running Gitea and run the command: | ||||
|     `gitea actions generate-runner-token` | ||||
|  | ||||
| This command will out a token that is needed by the act-runner to register with the Gitea backend. | ||||
|  | ||||
| Because this is a manual operation, we automated this using a Kubernetes Job using the following containers: | ||||
|  | ||||
| 1) `actions-token-create`: it uses the current `gitea-rootless` image, mounts the persistent directory to `/data/` then it saves the output from `gitea actions generate-runner-token` to `/data/actions/token` | ||||
| 2) `actions-token-upload`: it uses a `bitnami/kubectl` image, mounts the scripts directory (`/scripts`) and | ||||
| the persistent directory (`/data/`), and using the script from `/scripts/token.sh` stores the token in a Kubernetes secret | ||||
|  | ||||
| After the token is stored in a Kubernetes secret we can create the statefulset that contains the following containers: | ||||
|  | ||||
| 1) `act-runner`: authenticates with Gitea using the token that was stored in the secret | ||||
| 2) `dind`: DockerInDocker image that is used to run the actions | ||||
|  | ||||
| If you are not using persistent volumes, you cannot use the Job to automatically generate the token. | ||||
| In this case, you can use either the Web UI to generate the token or run a shell into a Gitea pod and invoke | ||||
| the command `gitea actions generate-runner-token`. After generating the token, you must create a secret and use it via: | ||||
|  | ||||
| ```yaml | ||||
| actions: | ||||
|   provisioning: | ||||
|     enabled: false | ||||
|   existingSecret: "secret-name" | ||||
|   existingSecretKey: "secret-key" | ||||
| ``` | ||||
| @@ -25,7 +25,7 @@ In addition, the following components are required for full HA-readiness: | ||||
|  | ||||
| - A HA-ready issue (and optionally code) indexer: `elasticsearch` or `meilisearch` | ||||
| - A HA-ready external object/asset storage (`minio`) (optional, assets can also be stored on the RWX file-system) | ||||
| - A HA-ready cache (`redis-cluster`) | ||||
| - A HA-ready cache (`valkey-cluster`) | ||||
| - A HA-ready DB | ||||
|  | ||||
| `postgres.enabled`, which default to `true`, must be set to `false` for a HA setup. | ||||
| @@ -72,33 +72,33 @@ persistence: | ||||
|  | ||||
| ## Cache, session and queue | ||||
|  | ||||
| A `redis` instance is required for the in-memory cache. | ||||
| A `valkey` instance is required for the in-memory cache. | ||||
| Two options exist: | ||||
|  | ||||
| - `redis` | ||||
| - `redis-cluster` | ||||
| - `valkey` | ||||
| - `valkey-cluster` | ||||
|  | ||||
| The chart provides `redis-cluster` as a dependency as this one can be used for both HA and non-HA setups. | ||||
| You're also welcome to go with `redis` if you prefer or already have a running instance. | ||||
| The chart provides `valkey-cluster` as a dependency as this one can be used for both HA and non-HA setups. | ||||
| You're also welcome to go with `valkey` if you prefer or already have a running instance. | ||||
|  | ||||
| It should be noted that `redis-cluster` support is only available starting with Gitea 1.19.2. | ||||
| You can also configure an external (managed) `redis` instance to be used. | ||||
| It should be noted that `valkey-cluster` support is only available starting with Gitea 1.19.2. | ||||
| You can also configure an external (managed) `valkey` instance to be used. | ||||
| To do so, you need to set the following configuration values yourself: | ||||
|  | ||||
| - `gitea.config.queue.TYPE`: redis` | ||||
| - `gitea.config.queue.CONN_STR`: `<your redis connection string>` | ||||
| - `gitea.config.queue.TYPE`: valkey` | ||||
| - `gitea.config.queue.CONN_STR`: `<your valkey connection string>` | ||||
|  | ||||
| - `gitea.config.session.PROVIDER`: `redis` | ||||
| - `gitea.config.session.PROVIDER_CONFIG`: `<your redis connection string>` | ||||
| - `gitea.config.session.PROVIDER`: `valkey` | ||||
| - `gitea.config.session.PROVIDER_CONFIG`: `<your valkey connection string>` | ||||
|  | ||||
| - `gitea.config.cache.ENABLED`: `true` | ||||
| - `gitea.config.cache.ADAPTER`: `redis` | ||||
| - `gitea.config.cache.HOST`: `<your redis connection string>` | ||||
| - `gitea.config.cache.ADAPTER`: `valkey` | ||||
| - `gitea.config.cache.HOST`: `<your valkey connection string>` | ||||
|  | ||||
| By default, the `redis-cluster` chart provisions three standalone master nodes of which each has a single replica. | ||||
| By default, the `valkey-cluster` chart provisions three standalone master nodes of which each has a single replica. | ||||
| To reduce the number of pods for a default Gitea deployment, we opted to omit the replicas (`replicas: 0`) by default. | ||||
| Only the minimum required number of master pods for a functional `redis-cluster` deployment are provisioned. | ||||
| For a "proper" `redis-cluster` setup however, we recommend to set `replicas: 1` and `nodes: 6`. | ||||
| Only the minimum required number of master pods for a functional `valkey-cluster` deployment are provisioned. | ||||
| For a "proper" `valkey-cluster` setup however, we recommend to set `replicas: 1` and `nodes: 6`. | ||||
|  | ||||
| ## Object and asset storage | ||||
|  | ||||
|   | ||||
							
								
								
									
										269
									
								
								package-lock.json
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										269
									
								
								package-lock.json
									
									
									
										generated
									
									
									
								
							| @@ -8,7 +8,7 @@ | ||||
|       "license": "MIT", | ||||
|       "devDependencies": { | ||||
|         "@bitnami/readme-generator-for-helm": "^2.5.0", | ||||
|         "markdownlint-cli": "^0.44.0" | ||||
|         "markdownlint-cli": "^0.45.0" | ||||
|       }, | ||||
|       "engines": { | ||||
|         "node": ">=16.0.0", | ||||
| @@ -16,9 +16,9 @@ | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/@bitnami/readme-generator-for-helm": { | ||||
|       "version": "2.7.0", | ||||
|       "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.7.0.tgz", | ||||
|       "integrity": "sha512-fVxExmcuJ9NZb9ZE9OW3+lG8pUlXJAJdaO8UukV3A7WzYu4qOTr03MXPH9Gt5e/6mo3x4WYI/cXBksKfS0qn3w==", | ||||
|       "version": "2.7.2", | ||||
|       "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.7.2.tgz", | ||||
|       "integrity": "sha512-7eXyJzxQTQj2ajpHlIhadciCCYWOqN8ieaweU25bStHOZowQ2c2CQyjO/bX4gxIf73LoRKxHhEYgLTllJY9SIw==", | ||||
|       "dev": true, | ||||
|       "license": "Apache-2.0", | ||||
|       "dependencies": { | ||||
| @@ -32,6 +32,29 @@ | ||||
|         "readme-generator": "bin/index.js" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/@isaacs/balanced-match": { | ||||
|       "version": "4.0.1", | ||||
|       "resolved": "https://registry.npmjs.org/@isaacs/balanced-match/-/balanced-match-4.0.1.tgz", | ||||
|       "integrity": "sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==", | ||||
|       "dev": true, | ||||
|       "license": "MIT", | ||||
|       "engines": { | ||||
|         "node": "20 || >=22" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/@isaacs/brace-expansion": { | ||||
|       "version": "5.0.0", | ||||
|       "resolved": "https://registry.npmjs.org/@isaacs/brace-expansion/-/brace-expansion-5.0.0.tgz", | ||||
|       "integrity": "sha512-ZT55BDLV0yv0RBm2czMiZ+SqCGO7AvmOM3G/w2xhVPH+te0aKgFjmBvGlL1dH+ql2tgGO3MVrbb3jCKyvpgnxA==", | ||||
|       "dev": true, | ||||
|       "license": "MIT", | ||||
|       "dependencies": { | ||||
|         "@isaacs/balanced-match": "^4.0.1" | ||||
|       }, | ||||
|       "engines": { | ||||
|         "node": "20 || >=22" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/@isaacs/cliui": { | ||||
|       "version": "8.0.2", | ||||
|       "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", | ||||
| @@ -49,17 +72,6 @@ | ||||
|         "node": ">=12" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/@pkgjs/parseargs": { | ||||
|       "version": "0.11.0", | ||||
|       "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", | ||||
|       "integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==", | ||||
|       "dev": true, | ||||
|       "license": "MIT", | ||||
|       "optional": true, | ||||
|       "engines": { | ||||
|         "node": ">=14" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/@types/debug": { | ||||
|       "version": "4.1.12", | ||||
|       "resolved": "https://registry.npmjs.org/@types/debug/-/debug-4.1.12.tgz", | ||||
| @@ -205,10 +217,11 @@ | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/cross-spawn": { | ||||
|       "version": "7.0.3", | ||||
|       "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", | ||||
|       "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", | ||||
|       "version": "7.0.6", | ||||
|       "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", | ||||
|       "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", | ||||
|       "dev": true, | ||||
|       "license": "MIT", | ||||
|       "dependencies": { | ||||
|         "path-key": "^3.1.0", | ||||
|         "shebang-command": "^2.0.0", | ||||
| @@ -219,9 +232,9 @@ | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/debug": { | ||||
|       "version": "4.4.0", | ||||
|       "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.0.tgz", | ||||
|       "integrity": "sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==", | ||||
|       "version": "4.4.1", | ||||
|       "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.1.tgz", | ||||
|       "integrity": "sha512-KcKCqiftBJcZr++7ykoDIEwSa3XWowTfNPo92BYxjXiyYEVrUQh2aLyhxBCwww+heortUFxEJYcRzosstTEBYQ==", | ||||
|       "dev": true, | ||||
|       "license": "MIT", | ||||
|       "dependencies": { | ||||
| @@ -332,12 +345,13 @@ | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/foreground-child": { | ||||
|       "version": "3.1.1", | ||||
|       "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz", | ||||
|       "integrity": "sha512-TMKDUnIte6bfb5nWv7V/caI169OHgvwjb7V4WkeUvbQQdjr5rWKqHFiKWb/fcOwB+CzBT+qbWjvj+DVwRskpIg==", | ||||
|       "version": "3.3.1", | ||||
|       "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.3.1.tgz", | ||||
|       "integrity": "sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw==", | ||||
|       "dev": true, | ||||
|       "license": "ISC", | ||||
|       "dependencies": { | ||||
|         "cross-spawn": "^7.0.0", | ||||
|         "cross-spawn": "^7.0.6", | ||||
|         "signal-exit": "^4.0.1" | ||||
|       }, | ||||
|       "engines": { | ||||
| @@ -374,9 +388,9 @@ | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/ignore": { | ||||
|       "version": "7.0.3", | ||||
|       "resolved": "https://registry.npmjs.org/ignore/-/ignore-7.0.3.tgz", | ||||
|       "integrity": "sha512-bAH5jbK/F3T3Jls4I0SO1hmPR0dKU0a7+SY6n1yzRtG54FLO8d6w/nxLFX2Nb7dBu6cCWXPaAME6cYqFUMmuCA==", | ||||
|       "version": "7.0.5", | ||||
|       "resolved": "https://registry.npmjs.org/ignore/-/ignore-7.0.5.tgz", | ||||
|       "integrity": "sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==", | ||||
|       "dev": true, | ||||
|       "license": "MIT", | ||||
|       "engines": { | ||||
| @@ -469,7 +483,24 @@ | ||||
|       "version": "2.0.0", | ||||
|       "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", | ||||
|       "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", | ||||
|       "dev": true | ||||
|       "dev": true, | ||||
|       "license": "ISC" | ||||
|     }, | ||||
|     "node_modules/jackspeak": { | ||||
|       "version": "4.1.1", | ||||
|       "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-4.1.1.tgz", | ||||
|       "integrity": "sha512-zptv57P3GpL+O0I7VdMJNBZCu+BPHVQUk55Ft8/QCJjTVxrnJHuVuX/0Bl2A6/+2oyR/ZMEuFKwmzqqZ/U5nPQ==", | ||||
|       "dev": true, | ||||
|       "license": "BlueOak-1.0.0", | ||||
|       "dependencies": { | ||||
|         "@isaacs/cliui": "^8.0.2" | ||||
|       }, | ||||
|       "engines": { | ||||
|         "node": "20 || >=22" | ||||
|       }, | ||||
|       "funding": { | ||||
|         "url": "https://github.com/sponsors/isaacs" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/js-yaml": { | ||||
|       "version": "4.1.0", | ||||
| @@ -541,6 +572,16 @@ | ||||
|       "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/lru-cache": { | ||||
|       "version": "11.1.0", | ||||
|       "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.1.0.tgz", | ||||
|       "integrity": "sha512-QIXZUBJUx+2zHUdQujWejBkcD9+cs94tLn0+YL8UrCh+D5sCXZ4c7LaEH48pNwRY3MLDgqUFyhlCyjJPf1WP0A==", | ||||
|       "dev": true, | ||||
|       "license": "ISC", | ||||
|       "engines": { | ||||
|         "node": "20 || >=22" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/markdown-it": { | ||||
|       "version": "14.1.0", | ||||
|       "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.0.tgz", | ||||
| @@ -572,136 +613,89 @@ | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/markdownlint": { | ||||
|       "version": "0.37.4", | ||||
|       "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.37.4.tgz", | ||||
|       "integrity": "sha512-u00joA/syf3VhWh6/ybVFkib5Zpj2e5KB/cfCei8fkSRuums6nyisTWGqjTWIOFoFwuXoTBQQiqlB4qFKp8ncQ==", | ||||
|       "version": "0.38.0", | ||||
|       "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.38.0.tgz", | ||||
|       "integrity": "sha512-xaSxkaU7wY/0852zGApM8LdlIfGCW8ETZ0Rr62IQtAnUMlMuifsg09vWJcNYeL4f0anvr8Vo4ZQar8jGpV0btQ==", | ||||
|       "dev": true, | ||||
|       "license": "MIT", | ||||
|       "dependencies": { | ||||
|         "markdown-it": "14.1.0", | ||||
|         "micromark": "4.0.1", | ||||
|         "micromark-core-commonmark": "2.0.2", | ||||
|         "micromark-extension-directive": "3.0.2", | ||||
|         "micromark": "4.0.2", | ||||
|         "micromark-core-commonmark": "2.0.3", | ||||
|         "micromark-extension-directive": "4.0.0", | ||||
|         "micromark-extension-gfm-autolink-literal": "2.1.0", | ||||
|         "micromark-extension-gfm-footnote": "2.1.0", | ||||
|         "micromark-extension-gfm-table": "2.1.0", | ||||
|         "micromark-extension-gfm-table": "2.1.1", | ||||
|         "micromark-extension-math": "3.1.0", | ||||
|         "micromark-util-types": "2.0.1" | ||||
|         "micromark-util-types": "2.0.2" | ||||
|       }, | ||||
|       "engines": { | ||||
|         "node": ">=18" | ||||
|         "node": ">=20" | ||||
|       }, | ||||
|       "funding": { | ||||
|         "url": "https://github.com/sponsors/DavidAnson" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/markdownlint-cli": { | ||||
|       "version": "0.44.0", | ||||
|       "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.44.0.tgz", | ||||
|       "integrity": "sha512-ZJTAONlvF9NkrIBltCdW15DxN9UTbPiKMEqAh2EU2gwIFlrCMavyCEPPO121cqfYOrLUJWW8/XKWongstmmTeQ==", | ||||
|       "version": "0.45.0", | ||||
|       "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.45.0.tgz", | ||||
|       "integrity": "sha512-GiWr7GfJLVfcopL3t3pLumXCYs8sgWppjIA1F/Cc3zIMgD3tmkpyZ1xkm1Tej8mw53B93JsDjgA3KOftuYcfOw==", | ||||
|       "dev": true, | ||||
|       "license": "MIT", | ||||
|       "dependencies": { | ||||
|         "commander": "~13.1.0", | ||||
|         "glob": "~10.4.5", | ||||
|         "ignore": "~7.0.3", | ||||
|         "glob": "~11.0.2", | ||||
|         "ignore": "~7.0.4", | ||||
|         "js-yaml": "~4.1.0", | ||||
|         "jsonc-parser": "~3.3.1", | ||||
|         "jsonpointer": "~5.0.1", | ||||
|         "markdownlint": "~0.37.4", | ||||
|         "minimatch": "~9.0.5", | ||||
|         "markdown-it": "~14.1.0", | ||||
|         "markdownlint": "~0.38.0", | ||||
|         "minimatch": "~10.0.1", | ||||
|         "run-con": "~1.3.2", | ||||
|         "smol-toml": "~1.3.1" | ||||
|         "smol-toml": "~1.3.4" | ||||
|       }, | ||||
|       "bin": { | ||||
|         "markdownlint": "markdownlint.js" | ||||
|       }, | ||||
|       "engines": { | ||||
|         "node": ">=18" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/markdownlint-cli/node_modules/brace-expansion": { | ||||
|       "version": "2.0.1", | ||||
|       "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", | ||||
|       "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", | ||||
|       "dev": true, | ||||
|       "license": "MIT", | ||||
|       "dependencies": { | ||||
|         "balanced-match": "^1.0.0" | ||||
|         "node": ">=20" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/markdownlint-cli/node_modules/glob": { | ||||
|       "version": "10.4.5", | ||||
|       "resolved": "https://registry.npmjs.org/glob/-/glob-10.4.5.tgz", | ||||
|       "integrity": "sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==", | ||||
|       "version": "11.0.3", | ||||
|       "resolved": "https://registry.npmjs.org/glob/-/glob-11.0.3.tgz", | ||||
|       "integrity": "sha512-2Nim7dha1KVkaiF4q6Dj+ngPPMdfvLJEOpZk/jKiUAkqKebpGAWQXAq9z1xu9HKu5lWfqw/FASuccEjyznjPaA==", | ||||
|       "dev": true, | ||||
|       "license": "ISC", | ||||
|       "dependencies": { | ||||
|         "foreground-child": "^3.1.0", | ||||
|         "jackspeak": "^3.1.2", | ||||
|         "minimatch": "^9.0.4", | ||||
|         "foreground-child": "^3.3.1", | ||||
|         "jackspeak": "^4.1.1", | ||||
|         "minimatch": "^10.0.3", | ||||
|         "minipass": "^7.1.2", | ||||
|         "package-json-from-dist": "^1.0.0", | ||||
|         "path-scurry": "^1.11.1" | ||||
|         "path-scurry": "^2.0.0" | ||||
|       }, | ||||
|       "bin": { | ||||
|         "glob": "dist/esm/bin.mjs" | ||||
|       }, | ||||
|       "funding": { | ||||
|         "url": "https://github.com/sponsors/isaacs" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/markdownlint-cli/node_modules/jackspeak": { | ||||
|       "version": "3.4.3", | ||||
|       "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz", | ||||
|       "integrity": "sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==", | ||||
|       "dev": true, | ||||
|       "license": "BlueOak-1.0.0", | ||||
|       "dependencies": { | ||||
|         "@isaacs/cliui": "^8.0.2" | ||||
|       "engines": { | ||||
|         "node": "20 || >=22" | ||||
|       }, | ||||
|       "funding": { | ||||
|         "url": "https://github.com/sponsors/isaacs" | ||||
|       }, | ||||
|       "optionalDependencies": { | ||||
|         "@pkgjs/parseargs": "^0.11.0" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/markdownlint-cli/node_modules/lru-cache": { | ||||
|       "version": "10.4.3", | ||||
|       "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz", | ||||
|       "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==", | ||||
|       "dev": true, | ||||
|       "license": "ISC" | ||||
|     }, | ||||
|     "node_modules/markdownlint-cli/node_modules/minimatch": { | ||||
|       "version": "9.0.5", | ||||
|       "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz", | ||||
|       "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==", | ||||
|       "version": "10.0.3", | ||||
|       "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.0.3.tgz", | ||||
|       "integrity": "sha512-IPZ167aShDZZUMdRk66cyQAW3qr0WzbHkPdMYa8bzZhlHhO3jALbKdxcaak7W9FfT2rZNpQuUu4Od7ILEpXSaw==", | ||||
|       "dev": true, | ||||
|       "license": "ISC", | ||||
|       "dependencies": { | ||||
|         "brace-expansion": "^2.0.1" | ||||
|         "@isaacs/brace-expansion": "^5.0.0" | ||||
|       }, | ||||
|       "engines": { | ||||
|         "node": ">=16 || 14 >=14.17" | ||||
|       }, | ||||
|       "funding": { | ||||
|         "url": "https://github.com/sponsors/isaacs" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/markdownlint-cli/node_modules/path-scurry": { | ||||
|       "version": "1.11.1", | ||||
|       "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz", | ||||
|       "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==", | ||||
|       "dev": true, | ||||
|       "license": "BlueOak-1.0.0", | ||||
|       "dependencies": { | ||||
|         "lru-cache": "^10.2.0", | ||||
|         "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" | ||||
|       }, | ||||
|       "engines": { | ||||
|         "node": ">=16 || 14 >=14.18" | ||||
|         "node": "20 || >=22" | ||||
|       }, | ||||
|       "funding": { | ||||
|         "url": "https://github.com/sponsors/isaacs" | ||||
| @@ -714,9 +708,9 @@ | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/micromark": { | ||||
|       "version": "4.0.1", | ||||
|       "resolved": "https://registry.npmjs.org/micromark/-/micromark-4.0.1.tgz", | ||||
|       "integrity": "sha512-eBPdkcoCNvYcxQOAKAlceo5SNdzZWfF+FcSupREAzdAh9rRmE239CEQAiTwIgblwnoM8zzj35sZ5ZwvSEOF6Kw==", | ||||
|       "version": "4.0.2", | ||||
|       "resolved": "https://registry.npmjs.org/micromark/-/micromark-4.0.2.tgz", | ||||
|       "integrity": "sha512-zpe98Q6kvavpCr1NPVSCMebCKfD7CA2NqZ+rykeNhONIJBpc1tFKt9hucLGwha3jNTNI8lHpctWJWoimVF4PfA==", | ||||
|       "dev": true, | ||||
|       "funding": [ | ||||
|         { | ||||
| @@ -750,9 +744,9 @@ | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/micromark-core-commonmark": { | ||||
|       "version": "2.0.2", | ||||
|       "resolved": "https://registry.npmjs.org/micromark-core-commonmark/-/micromark-core-commonmark-2.0.2.tgz", | ||||
|       "integrity": "sha512-FKjQKbxd1cibWMM1P9N+H8TwlgGgSkWZMmfuVucLCHaYqeSvJ0hFeHsIa65pA2nYbes0f8LDHPMrd9X7Ujxg9w==", | ||||
|       "version": "2.0.3", | ||||
|       "resolved": "https://registry.npmjs.org/micromark-core-commonmark/-/micromark-core-commonmark-2.0.3.tgz", | ||||
|       "integrity": "sha512-RDBrHEMSxVFLg6xvnXmb1Ayr2WzLAWjeSATAoxwKYJV94TeNavgoIdA0a9ytzDSVzBy2YKFK+emCPOEibLeCrg==", | ||||
|       "dev": true, | ||||
|       "funding": [ | ||||
|         { | ||||
| @@ -785,9 +779,9 @@ | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/micromark-extension-directive": { | ||||
|       "version": "3.0.2", | ||||
|       "resolved": "https://registry.npmjs.org/micromark-extension-directive/-/micromark-extension-directive-3.0.2.tgz", | ||||
|       "integrity": "sha512-wjcXHgk+PPdmvR58Le9d7zQYWy+vKEU9Se44p2CrCDPiLr2FMyiT4Fyb5UFKFC66wGB3kPlgD7q3TnoqPS7SZA==", | ||||
|       "version": "4.0.0", | ||||
|       "resolved": "https://registry.npmjs.org/micromark-extension-directive/-/micromark-extension-directive-4.0.0.tgz", | ||||
|       "integrity": "sha512-/C2nqVmXXmiseSSuCdItCMho7ybwwop6RrrRPk0KbOHW21JKoCldC+8rFOaundDoRBUWBnJJcxeA/Kvi34WQXg==", | ||||
|       "dev": true, | ||||
|       "license": "MIT", | ||||
|       "dependencies": { | ||||
| @@ -843,9 +837,9 @@ | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/micromark-extension-gfm-table": { | ||||
|       "version": "2.1.0", | ||||
|       "resolved": "https://registry.npmjs.org/micromark-extension-gfm-table/-/micromark-extension-gfm-table-2.1.0.tgz", | ||||
|       "integrity": "sha512-Ub2ncQv+fwD70/l4ou27b4YzfNaCJOvyX4HxXU15m7mpYY+rjuWzsLIPZHJL253Z643RpbcP1oeIJlQ/SKW67g==", | ||||
|       "version": "2.1.1", | ||||
|       "resolved": "https://registry.npmjs.org/micromark-extension-gfm-table/-/micromark-extension-gfm-table-2.1.1.tgz", | ||||
|       "integrity": "sha512-t2OU/dXXioARrC6yWfJ4hqB7rct14e8f7m0cbI5hUmDyyIlwv5vEtooptH8INkbLzOatzKuVbQmAYcbWoyz6Dg==", | ||||
|       "dev": true, | ||||
|       "license": "MIT", | ||||
|       "dependencies": { | ||||
| @@ -1233,9 +1227,9 @@ | ||||
|       "license": "MIT" | ||||
|     }, | ||||
|     "node_modules/micromark-util-types": { | ||||
|       "version": "2.0.1", | ||||
|       "resolved": "https://registry.npmjs.org/micromark-util-types/-/micromark-util-types-2.0.1.tgz", | ||||
|       "integrity": "sha512-534m2WhVTddrcKVepwmVEVnUAmtrx9bfIjNoQHRqfnvdaHQiFytEhJoTgpWJvDEXCO5gLTQh3wYC1PgOJA4NSQ==", | ||||
|       "version": "2.0.2", | ||||
|       "resolved": "https://registry.npmjs.org/micromark-util-types/-/micromark-util-types-2.0.2.tgz", | ||||
|       "integrity": "sha512-Yw0ECSpJoViF1qTU4DC6NwtC4aWGt1EkzaQB8KPPyCRR8z9TWeV0HbEFGTO+ZY1wB22zmxnJqhPyTpOVCpeHTA==", | ||||
|       "dev": true, | ||||
|       "funding": [ | ||||
|         { | ||||
| @@ -1337,10 +1331,28 @@ | ||||
|       "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", | ||||
|       "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", | ||||
|       "dev": true, | ||||
|       "license": "MIT", | ||||
|       "engines": { | ||||
|         "node": ">=8" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/path-scurry": { | ||||
|       "version": "2.0.0", | ||||
|       "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-2.0.0.tgz", | ||||
|       "integrity": "sha512-ypGJsmGtdXUOeM5u93TyeIEfEhM6s+ljAhrk5vAvSx8uyY/02OvrZnA0YNGUrPXfpJMgI1ODd3nwz8Npx4O4cg==", | ||||
|       "dev": true, | ||||
|       "license": "BlueOak-1.0.0", | ||||
|       "dependencies": { | ||||
|         "lru-cache": "^11.0.0", | ||||
|         "minipass": "^7.1.2" | ||||
|       }, | ||||
|       "engines": { | ||||
|         "node": "20 || >=22" | ||||
|       }, | ||||
|       "funding": { | ||||
|         "url": "https://github.com/sponsors/isaacs" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/punycode.js": { | ||||
|       "version": "2.3.1", | ||||
|       "resolved": "https://registry.npmjs.org/punycode.js/-/punycode.js-2.3.1.tgz", | ||||
| @@ -1379,6 +1391,7 @@ | ||||
|       "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", | ||||
|       "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", | ||||
|       "dev": true, | ||||
|       "license": "MIT", | ||||
|       "dependencies": { | ||||
|         "shebang-regex": "^3.0.0" | ||||
|       }, | ||||
| @@ -1391,6 +1404,7 @@ | ||||
|       "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", | ||||
|       "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", | ||||
|       "dev": true, | ||||
|       "license": "MIT", | ||||
|       "engines": { | ||||
|         "node": ">=8" | ||||
|       } | ||||
| @@ -1408,9 +1422,9 @@ | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/smol-toml": { | ||||
|       "version": "1.3.1", | ||||
|       "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.3.1.tgz", | ||||
|       "integrity": "sha512-tEYNll18pPKHroYSmLLrksq233j021G0giwW7P3D24jC54pQ5W5BXMsQ/Mvw1OJCmEYDgY+lrzT+3nNUtoNfXQ==", | ||||
|       "version": "1.3.4", | ||||
|       "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.3.4.tgz", | ||||
|       "integrity": "sha512-UOPtVuYkzYGee0Bd2Szz8d2G3RfMfJ2t3qVdZUAozZyAk+a0Sxa+QKix0YCwjL/A1RR0ar44nCxaoN9FxdJGwA==", | ||||
|       "dev": true, | ||||
|       "license": "BSD-3-Clause", | ||||
|       "engines": { | ||||
| @@ -1539,6 +1553,7 @@ | ||||
|       "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", | ||||
|       "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", | ||||
|       "dev": true, | ||||
|       "license": "ISC", | ||||
|       "dependencies": { | ||||
|         "isexe": "^2.0.0" | ||||
|       }, | ||||
|   | ||||
| @@ -14,6 +14,6 @@ | ||||
|   }, | ||||
|   "devDependencies": { | ||||
|     "@bitnami/readme-generator-for-helm": "^2.5.0", | ||||
|     "markdownlint-cli": "^0.44.0" | ||||
|     "markdownlint-cli": "^0.45.0" | ||||
|   } | ||||
| } | ||||
| @@ -9,19 +9,19 @@ | ||||
|   labels: [ | ||||
|     'kind/dependency', | ||||
|   ], | ||||
|   "digest": { | ||||
|     "automerge": true | ||||
|   digest: { | ||||
|     automerge: true, | ||||
|   }, | ||||
|   automergeStrategy: 'squash', | ||||
|   'git-submodules': { | ||||
|     'enabled': true | ||||
|     enabled: true, | ||||
|   }, | ||||
|   customManagers: [ | ||||
|     { | ||||
|       description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions', | ||||
|       customType: 'regex', | ||||
|       fileMatch: [ | ||||
|         '.gitea/workflows/.+\\.ya?ml$', | ||||
|       managerFilePatterns: [ | ||||
|         '/.gitea/workflows/.+\\.ya?ml$/', | ||||
|       ], | ||||
|       matchStrings: [ | ||||
|         '# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?<currentValue>.+?)["\']?\\s', | ||||
| @@ -30,17 +30,21 @@ | ||||
|     { | ||||
|       description: 'Detect helm-unittest yaml schema file', | ||||
|       customType: 'regex', | ||||
|       fileMatch: ['.vscode/settings\\.json$'], | ||||
|       managerFilePatterns: [ | ||||
|         '/.vscode/settings\\.json$/', | ||||
|       ], | ||||
|       matchStrings: [ | ||||
|         'https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json', | ||||
|       ], | ||||
|       datasourceTemplate: 'github-releases', | ||||
|     }, | ||||
|     { | ||||
|       'description': 'Automatically detect new Gitea releases', | ||||
|       'customType': 'regex', | ||||
|       'fileMatch': ['(^|/)Chart\\.yaml$'], | ||||
|       'matchStrings': [ | ||||
|       description: 'Automatically detect new Gitea releases', | ||||
|       customType: 'regex', | ||||
|       managerFilePatterns: [ | ||||
|         '/(^|/)Chart\\.yaml$/', | ||||
|       ], | ||||
|       matchStrings: [ | ||||
|         '# renovate datasource=(?<datasource>\\S+) depName=(?<depName>\\S+) extractVersion=(?<extractVersion>\\S+)\\nappVersion:\\s?(?<currentValue>\\S+)\\n', | ||||
|       ], | ||||
|     }, | ||||
| @@ -57,6 +61,17 @@ | ||||
|         'digest', | ||||
|       ], | ||||
|     }, | ||||
|     { | ||||
|       groupName: 'bats testing framework', | ||||
|       matchManagers: [ | ||||
|         'git-submodules', | ||||
|       ], | ||||
|       matchUpdateTypes: [ | ||||
|         'minor', | ||||
|         'patch', | ||||
|         'digest', | ||||
|       ], | ||||
|     }, | ||||
|     { | ||||
|       groupName: 'workflow dependencies (minor & patch)', | ||||
|       matchManagers: [ | ||||
| @@ -101,7 +116,9 @@ | ||||
|       matchDepNames: [ | ||||
|         'go-gitea/gitea', | ||||
|       ], | ||||
|       schedule: ['at any time'], | ||||
|       schedule: [ | ||||
|         'at any time', | ||||
|       ], | ||||
|     }, | ||||
|   ], | ||||
| } | ||||
|   | ||||
| @@ -133,29 +133,29 @@ app.kubernetes.io/instance: {{ .Release.Name }} | ||||
| {{- end -}} | ||||
| {{- end -}} | ||||
|  | ||||
| {{- define "redis.dns" -}} | ||||
| {{- if and ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} | ||||
| {{- fail "redis and redis-cluster cannot be enabled at the same time. Please only choose one." -}} | ||||
| {{- else if (index .Values "redis-cluster").enabled -}} | ||||
| {{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}} | ||||
| {{- else if (index .Values "redis").enabled -}} | ||||
| {{- printf "redis://:%s@%s-redis-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis").master.service.ports.redis -}} | ||||
| {{- define "valkey.dns" -}} | ||||
| {{- if and ((index .Values "valkey-cluster").enabled) ((index .Values "valkey").enabled) -}} | ||||
| {{- fail "valkey and valkey-cluster cannot be enabled at the same time. Please only choose one." -}} | ||||
| {{- else if (index .Values "valkey-cluster").enabled -}} | ||||
| {{- printf "redis+cluster://:%s@%s-valkey-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "valkey-cluster").global.valkey.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "valkey-cluster").service.ports.valkey -}} | ||||
| {{- else if (index .Values "valkey").enabled -}} | ||||
| {{- printf "redis://:%s@%s-valkey-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "valkey").global.valkey.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "valkey").master.service.ports.valkey -}} | ||||
| {{- end -}} | ||||
| {{- end -}} | ||||
|  | ||||
| {{- define "redis.port" -}} | ||||
| {{- if (index .Values "redis-cluster").enabled -}} | ||||
| {{ (index .Values "redis-cluster").service.ports.redis }} | ||||
| {{- else if (index .Values "redis").enabled -}} | ||||
| {{ (index .Values "redis").master.service.ports.redis }} | ||||
| {{- define "valkey.port" -}} | ||||
| {{- if (index .Values "valkey-cluster").enabled -}} | ||||
| {{ (index .Values "valkey-cluster").service.ports.valkey }} | ||||
| {{- else if (index .Values "valkey").enabled -}} | ||||
| {{ (index .Values "valkey").master.service.ports.valkey }} | ||||
| {{- end -}} | ||||
| {{- end -}} | ||||
|  | ||||
| {{- define "redis.servicename" -}} | ||||
| {{- if (index .Values "redis-cluster").enabled -}} | ||||
| {{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} | ||||
| {{- else if (index .Values "redis").enabled -}} | ||||
| {{- printf "%s-redis-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} | ||||
| {{- define "valkey.servicename" -}} | ||||
| {{- if (index .Values "valkey-cluster").enabled -}} | ||||
| {{- printf "%s-valkey-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} | ||||
| {{- else if (index .Values "valkey").enabled -}} | ||||
| {{- printf "%s-valkey-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} | ||||
| {{- end -}} | ||||
| {{- end -}} | ||||
|  | ||||
| @@ -220,15 +220,6 @@ https | ||||
| {{- end -}} | ||||
| {{- end -}} | ||||
|  | ||||
| {{- define "gitea.act_runner.local_root_url" -}} | ||||
| {{- if not .Values.gitea.config.server.LOCAL_ROOT_URL -}} | ||||
|     {{- printf "http://%s-http:%.0f" (include "gitea.fullname" .) .Values.service.http.port -}} | ||||
| {{- else -}} | ||||
|   {{/* fallback for allowing to overwrite this value via inline config */}} | ||||
|   {{- .Values.gitea.config.server.LOCAL_ROOT_URL -}} | ||||
| {{- end -}} | ||||
| {{- end -}} | ||||
|  | ||||
| {{- define "gitea.inline_configuration" -}} | ||||
|   {{- include "gitea.inline_configuration.init" . -}} | ||||
|   {{- include "gitea.inline_configuration.defaults" . -}} | ||||
| @@ -314,14 +305,14 @@ https | ||||
|   {{- if and (not (hasKey .Values.gitea.config.metrics "TOKEN")) (.Values.gitea.metrics.token) (.Values.gitea.metrics.enabled) -}} | ||||
|     {{- $_ := set .Values.gitea.config.metrics "TOKEN" .Values.gitea.metrics.token -}} | ||||
|   {{- end -}} | ||||
|   {{- /* redis queue */ -}} | ||||
|   {{- if or ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} | ||||
|   {{- /* valkey queue */ -}} | ||||
|   {{- if or ((index .Values "valkey-cluster").enabled) ((index .Values "valkey").enabled) -}} | ||||
|     {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}} | ||||
|     {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}} | ||||
|     {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "valkey.dns" .) -}} | ||||
|     {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}} | ||||
|     {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "redis.dns" .) -}} | ||||
|     {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "valkey.dns" .) -}} | ||||
|     {{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}} | ||||
|     {{- $_ := set .Values.gitea.config.cache "HOST" (include "redis.dns" .) -}} | ||||
|     {{- $_ := set .Values.gitea.config.cache "HOST" (include "valkey.dns" .) -}} | ||||
|   {{- else -}} | ||||
|     {{- if not (get .Values.gitea.config.session "PROVIDER") -}} | ||||
|       {{- $_ := set .Values.gitea.config.session "PROVIDER" "memory" -}} | ||||
| @@ -345,9 +336,6 @@ https | ||||
|   {{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}} | ||||
|      {{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}} | ||||
|   {{- end -}} | ||||
|   {{- if not .Values.gitea.config.actions.ENABLED -}} | ||||
|      {{- $_ := set .Values.gitea.config.actions "ENABLED" (ternary "true" "false" .Values.actions.enabled) -}} | ||||
|   {{- end -}} | ||||
| {{- end -}} | ||||
|  | ||||
| {{- define "gitea.inline_configuration.defaults.server" -}} | ||||
| @@ -367,25 +355,24 @@ https | ||||
|   {{- if not .Values.gitea.config.server.ROOT_URL -}} | ||||
|     {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" (include "gitea.public_protocol" .) .Values.gitea.config.server.DOMAIN) -}} | ||||
|   {{- end -}} | ||||
|   {{- if .Values.actions.enabled -}} | ||||
|      {{- $_ := set .Values.gitea.config.server "LOCAL_ROOT_URL" (include "gitea.act_runner.local_root_url" .) -}} | ||||
|   {{- end -}} | ||||
|   {{- if not .Values.gitea.config.server.SSH_DOMAIN -}} | ||||
|     {{- $_ := set .Values.gitea.config.server "SSH_DOMAIN" .Values.gitea.config.server.DOMAIN -}} | ||||
|   {{- end -}} | ||||
|   {{- if not .Values.gitea.config.server.SSH_PORT -}} | ||||
|     {{- $_ := set .Values.gitea.config.server "SSH_PORT" .Values.service.ssh.port -}} | ||||
|   {{- end -}} | ||||
|   {{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}} | ||||
|     {{- if not .Values.image.rootless -}} | ||||
|       {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}} | ||||
|     {{- else -}} | ||||
|       {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" "2222" -}} | ||||
|     {{- end -}} | ||||
|   {{- end -}} | ||||
|   {{- if not (hasKey .Values.gitea.config.server "START_SSH_SERVER") -}} | ||||
|     {{- if .Values.image.rootless -}} | ||||
|       {{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "true" -}} | ||||
|       {{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}} | ||||
|         {{- if not .Values.gitea.config.server.SSH_LISTEN_PORT -}} | ||||
|           {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}} | ||||
|         {{- else -}} | ||||
|           {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_LISTEN_PORT -}} | ||||
|         {{- end -}} | ||||
|       {{- end -}} | ||||
|     {{- else -}} | ||||
|       {{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "false" -}} | ||||
|     {{- end -}} | ||||
|   {{- end -}} | ||||
|   {{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}} | ||||
| @@ -443,6 +430,18 @@ https | ||||
| {{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }} | ||||
| {{- end -}} | ||||
|  | ||||
| {{- define "ingress.annotations" -}} | ||||
|   {{- if .Values.ingress.annotations }} | ||||
|   annotations: | ||||
|     {{- $tp := typeOf .Values.ingress.annotations }} | ||||
|     {{- if eq $tp "string" }} | ||||
|       {{- tpl .Values.ingress.annotations . | nindent 4 }} | ||||
|     {{- else }} | ||||
|       {{- toYaml .Values.ingress.annotations | nindent 4 }} | ||||
|     {{- end }} | ||||
|   {{- end }} | ||||
| {{- end -}} | ||||
|  | ||||
| {{- define "gitea.admin.passwordMode" -}} | ||||
| {{- if has .Values.gitea.admin.passwordMode (tuple "keepUpdated" "initialOnlyNoReset" "initialOnlyRequireReset") -}} | ||||
| {{ .Values.gitea.admin.passwordMode }} | ||||
|   | ||||
| @@ -1,15 +0,0 @@ | ||||
| {{- if .Values.actions.enabled -}} | ||||
|     {{- if .Values.actions.provisioning.enabled -}} | ||||
|         {{- if not (and .Values.persistence.enabled .Values.persistence.mount) -}} | ||||
|             {{- fail "persistence.enabled and persistence.mount are required when provisioning is enabled" -}} | ||||
|         {{- end -}} | ||||
|         {{- if and .Values.persistence.enabled .Values.persistence.mount -}} | ||||
|             {{- if .Values.actions.existingSecret -}} | ||||
|                 {{- fail "Can't specify both actions.provisioning.enabled and actions.existingSecret" -}} | ||||
|             {{- end -}} | ||||
|         {{- end -}} | ||||
|     {{- end -}} | ||||
|     {{- if and (not .Values.actions.provisioning.enabled) (or (empty .Values.actions.existingSecret) (empty .Values.actions.existingSecretKey)) -}} | ||||
|         {{- fail "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled" -}} | ||||
|     {{- end -}} | ||||
| {{- end -}} | ||||
| @@ -1,15 +0,0 @@ | ||||
| {{- if .Values.actions.enabled }} | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: {{ include "gitea.fullname" . }}-act-runner-config | ||||
|   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||
|   labels: | ||||
|     {{- include "gitea.labels" . | nindent 4 }} | ||||
| data: | ||||
|   config.yaml: | | ||||
|     {{- with .Values.actions.statefulset.actRunner.config -}} | ||||
|     {{ . | nindent 4}} | ||||
|     {{- end -}} | ||||
| {{- end }} | ||||
| @@ -1,14 +0,0 @@ | ||||
| {{- if .Values.actions.enabled }} | ||||
| {{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: {{ include "gitea.fullname" . }}-scripts | ||||
|   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||
|   labels: | ||||
|     {{- include "gitea.labels" . | nindent 4 }} | ||||
| data: | ||||
| {{ (.Files.Glob "scripts/act_runner/*.sh").AsConfig | indent 2 }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
| @@ -1,115 +0,0 @@ | ||||
| {{- if .Values.actions.enabled }} | ||||
| {{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} | ||||
| {{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} | ||||
| {{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} | ||||
| --- | ||||
| apiVersion: batch/v1 | ||||
| kind: Job | ||||
| metadata: | ||||
|   name: {{ $name }} | ||||
|   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||
|   labels: | ||||
|     {{- include "gitea.labels" . | nindent 4 }} | ||||
|     {{- with .Values.actions.provisioning.labels }} | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|     {{- end }} | ||||
|     app.kubernetes.io/component: token-job | ||||
|   annotations: | ||||
|     {{- with .Values.actions.provisioning.annotations }} | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|     {{- end }} | ||||
| spec: | ||||
|   ttlSecondsAfterFinished: {{ .Values.actions.provisioning.ttlSecondsAfterFinished }} | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         {{- include "gitea.labels" . | nindent 8 }} | ||||
|         {{- with .Values.actions.provisioning.labels }} | ||||
|         {{- toYaml . | nindent 8 }} | ||||
|         {{- end }} | ||||
|         app.kubernetes.io/component: token-job | ||||
|     spec: | ||||
|       initContainers: | ||||
|         - name: init-gitea | ||||
|           image: "{{ .Values.actions.init.image.repository }}:{{ .Values.actions.init.image.tag }}" | ||||
|           command: | ||||
|             - sh | ||||
|             - -c | ||||
|             - | | ||||
|               while ! nc -z {{ include "gitea.fullname" . }}-http {{ .Values.service.http.port }}; do | ||||
|                 sleep 5 | ||||
|               done | ||||
|       containers: | ||||
|         - name: actions-token-create | ||||
|           image: "{{ include "gitea.image" . }}" | ||||
|           imagePullPolicy: {{ .Values.image.pullPolicy }} | ||||
|           env: | ||||
|             - name: GITEA_APP_INI | ||||
|               value: /data/gitea/conf/app.ini | ||||
|           command: | ||||
|             - sh | ||||
|             - -c | ||||
|             - | | ||||
|               echo "Generating act_runner token via 'gitea actions generate-runner-token'..." | ||||
|               mkdir -p /data/actions/ | ||||
|               gitea actions generate-runner-token | grep -E '^.{40}$' | tr -d '\n' > /data/actions/token | ||||
|           resources: | ||||
|             {{- toYaml .Values.actions.provisioning.resources | nindent 12 }} | ||||
|           volumeMounts: | ||||
|             - name: data | ||||
|               mountPath: /data | ||||
|               {{- if .Values.persistence.subPath }} | ||||
|               subPath: {{ .Values.persistence.subPath }} | ||||
|               {{- end }} | ||||
|         - name: actions-token-upload | ||||
|           image: "{{ .Values.actions.provisioning.publish.repository }}:{{ .Values.actions.provisioning.publish.tag }}" | ||||
|           imagePullPolicy: {{ .Values.actions.provisioning.publish.pullPolicy }} | ||||
|           env: | ||||
|             - name: SECRET_NAME | ||||
|               value: {{ $secretName }} | ||||
|           command: | ||||
|             - sh | ||||
|             - -c | ||||
|             - | | ||||
|               printf "Checking rights to update kubernetes act_runner secret..." | ||||
|               kubectl auth can-i update secret/${SECRET_NAME} | ||||
|               /scripts/token.sh | ||||
|           resources: | ||||
|             {{- toYaml .Values.actions.provisioning.resources | nindent 12 }} | ||||
|           volumeMounts: | ||||
|             - mountPath: /scripts | ||||
|               name: scripts | ||||
|               readOnly: true | ||||
|             - mountPath: /data | ||||
|               name: data | ||||
|               readOnly: true | ||||
|               {{- if .Values.persistence.subPath }} | ||||
|               subPath: {{ .Values.persistence.subPath }} | ||||
|               {{- end }} | ||||
|       {{- range $key, $value := .Values.actions.provisioning.nodeSelector }} | ||||
|       nodeSelector: | ||||
|         {{ $key }}: {{ $value | quote }} | ||||
|       {{- end }} | ||||
|       {{- with .Values.actions.provisioning.affinity }} | ||||
|       affinity: | ||||
|         {{- toYaml . | nindent 8 }} | ||||
|       {{- end }} | ||||
|       {{- with .Values.actions.provisioning.tolerations }} | ||||
|       tolerations: | ||||
|         {{- toYaml . | nindent 8 }} | ||||
|       {{- end }} | ||||
|       restartPolicy: Never | ||||
|       serviceAccount: {{ $name }} | ||||
|       volumes: | ||||
|         - name: scripts | ||||
|           configMap: | ||||
|             name: {{ include "gitea.fullname" . }}-scripts | ||||
|             defaultMode: 0755 | ||||
|         - name: data | ||||
|           persistentVolumeClaim: | ||||
|             claimName: {{ .Values.persistence.claimName }} | ||||
|   parallelism: 1 | ||||
|   completions: 1 | ||||
|   backoffLimit: 1 | ||||
| {{- end }} | ||||
| {{- end }} | ||||
| @@ -1,26 +0,0 @@ | ||||
| {{- if .Values.actions.enabled }} | ||||
| {{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} | ||||
| {{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} | ||||
| {{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: Role | ||||
| metadata: | ||||
|   name: {{ $name }} | ||||
|   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||
|   labels: | ||||
|     {{- include "gitea.labels" . | nindent 4 }} | ||||
|     app.kubernetes.io/component: token-job | ||||
| rules: | ||||
|   - apiGroups: | ||||
|       - "" | ||||
|     resources: | ||||
|       - secrets | ||||
|     resourceNames: | ||||
|       - {{ $secretName }} | ||||
|     verbs: | ||||
|       - get | ||||
|       - update | ||||
|       - patch | ||||
| {{- end }} | ||||
| {{- end }} | ||||
| @@ -1,23 +0,0 @@ | ||||
| {{- if .Values.actions.enabled }} | ||||
| {{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} | ||||
| {{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} | ||||
| {{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: RoleBinding | ||||
| metadata: | ||||
|   name: {{ $name }} | ||||
|   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||
|   labels: | ||||
|     {{- include "gitea.labels" . | nindent 4 }} | ||||
|     app.kubernetes.io/component: token-job | ||||
| roleRef: | ||||
|   apiGroup: rbac.authorization.k8s.io | ||||
|   kind: Role | ||||
|   name: {{ $name }} | ||||
| subjects: | ||||
|   - kind: ServiceAccount | ||||
|     name: {{ $name }} | ||||
|     namespace: {{ .Release.Namespace }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
| @@ -1,20 +0,0 @@ | ||||
| {{- if .Values.actions.enabled }} | ||||
| {{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} | ||||
| {{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} | ||||
| {{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: {{ $secretName }} | ||||
|   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||
|   labels: | ||||
|     {{- include "gitea.labels" . | nindent 4 }} | ||||
|     app.kubernetes.io/component: token-job | ||||
| {{ $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) -}} | ||||
| {{ if $secret -}} | ||||
| data: | ||||
|   token: {{ (b64dec (index $secret.data "token")) | b64enc }} | ||||
| {{ end -}} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
| @@ -1,14 +0,0 @@ | ||||
| {{- if .Values.actions.enabled }} | ||||
| {{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} | ||||
| {{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ServiceAccount | ||||
| metadata: | ||||
|   name: {{ $name }} | ||||
|   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||
|   labels: | ||||
|     {{- include "gitea.labels" . | nindent 4 }} | ||||
|     app.kubernetes.io/component: token-job | ||||
| {{- end }} | ||||
| {{- end }} | ||||
| @@ -1,129 +0,0 @@ | ||||
| {{- if .Values.actions.enabled }} | ||||
| {{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: StatefulSet | ||||
| metadata: | ||||
|   labels: | ||||
|     {{- include "gitea.labels.actRunner" . | nindent 4 }} | ||||
|     {{- with .Values.actions.statefulset.labels }} | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|     {{- end }} | ||||
|   annotations: | ||||
|     {{- with .Values.actions.statefulset.annotations }} | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|     {{- end }} | ||||
|   name: {{ include "gitea.fullname" . }}-act-runner | ||||
|   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||
| spec: | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       {{- include "gitea.selectorLabels.actRunner" . | nindent 6 }} | ||||
|   template: | ||||
|     metadata: | ||||
|       annotations: | ||||
|         checksum/config: {{ include (print $.Template.BasePath "/gitea/act_runner/config-act-runner.yaml") . | sha256sum }} | ||||
|       labels: | ||||
|         {{- include "gitea.labels.actRunner" . | nindent 8 }} | ||||
|         {{- with .Values.actions.statefulset.labels }} | ||||
|         {{- toYaml . | nindent 8 }} | ||||
|         {{- end }} | ||||
|     spec: | ||||
|       initContainers: | ||||
|         - name: init-gitea | ||||
|           image: "{{ .Values.actions.init.image.repository }}:{{ .Values.actions.init.image.tag }}" | ||||
|           command: | ||||
|             - sh | ||||
|             - -c | ||||
|             - | | ||||
|               while ! nc -z {{ include "gitea.fullname" . }}-http {{ .Values.service.http.port }}; do | ||||
|                 sleep 5 | ||||
|               done | ||||
|       containers: | ||||
|         - name: act-runner | ||||
|           image: "{{ .Values.actions.statefulset.actRunner.repository }}:{{ .Values.actions.statefulset.actRunner.tag }}" | ||||
|           imagePullPolicy: {{ .Values.actions.statefulset.actRunner.pullPolicy }} | ||||
|           workingDir: /data | ||||
|           env: | ||||
|             - name: DOCKER_HOST | ||||
|               value: tcp://127.0.0.1:2376 | ||||
|             - name: DOCKER_TLS_VERIFY | ||||
|               value: "1" | ||||
|             - name: DOCKER_CERT_PATH | ||||
|               value: /certs/server | ||||
|             - name: GITEA_RUNNER_REGISTRATION_TOKEN | ||||
|               valueFrom: | ||||
|                 secretKeyRef: | ||||
|                   name: "{{ .Values.actions.existingSecret | default $secretName }}" | ||||
|                   key: "{{ .Values.actions.existingSecretKey | default "token" }}" | ||||
|             - name: GITEA_INSTANCE_URL | ||||
|               value: {{ include "gitea.act_runner.local_root_url" . }} | ||||
|             - name: CONFIG_FILE | ||||
|               value: /actrunner/config.yaml | ||||
|           resources: | ||||
|             {{- toYaml .Values.actions.statefulset.resources | nindent 12 }} | ||||
|           volumeMounts: | ||||
|             - mountPath: /actrunner/config.yaml | ||||
|               name: act-runner-config | ||||
|               subPath: config.yaml | ||||
|             - mountPath: /certs/server | ||||
|               name: docker-certs | ||||
|             - mountPath: /data | ||||
|               name: data-act-runner | ||||
|             {{- with .Values.actions.statefulset.actRunner.extraVolumeMounts }} | ||||
|             {{- toYaml . | nindent 12 }} | ||||
|             {{- end }} | ||||
|         - name: dind | ||||
|           image: "{{ .Values.actions.statefulset.dind.repository }}:{{ .Values.actions.statefulset.dind.tag }}" | ||||
|           imagePullPolicy: {{ .Values.actions.statefulset.dind.pullPolicy }} | ||||
|           env: | ||||
|             - name: DOCKER_HOST | ||||
|               value: tcp://127.0.0.1:2376 | ||||
|             - name: DOCKER_TLS_VERIFY | ||||
|               value: "1" | ||||
|             - name: DOCKER_CERT_PATH | ||||
|               value: /certs/server | ||||
|             {{- if .Values.actions.statefulset.dind.extraEnvs }} | ||||
|             {{- toYaml .Values.actions.statefulset.dind.extraEnvs | nindent 12 }} | ||||
|             {{- end }} | ||||
|           securityContext: | ||||
|             privileged: true | ||||
|           resources: | ||||
|             {{- toYaml .Values.actions.statefulset.resources | nindent 12 }} | ||||
|           volumeMounts: | ||||
|             - mountPath: /certs/server | ||||
|               name: docker-certs | ||||
|             {{- with .Values.actions.statefulset.dind.extraVolumeMounts }} | ||||
|             {{- toYaml . | nindent 12 }} | ||||
|             {{- end }} | ||||
|       {{- range $key, $value := .Values.actions.statefulset.nodeSelector }} | ||||
|       nodeSelector: | ||||
|         {{ $key }}: {{ $value | quote }} | ||||
|       {{- end }} | ||||
|       {{- with .Values.actions.statefulset.affinity }} | ||||
|       affinity: | ||||
|         {{- toYaml . | nindent 8 }} | ||||
|       {{- end }} | ||||
|       {{- with .Values.actions.statefulset.tolerations }} | ||||
|       tolerations: | ||||
|         {{- toYaml . | nindent 8 }} | ||||
|       {{- end }} | ||||
|       volumes: | ||||
|         - name: act-runner-config | ||||
|           configMap: | ||||
|             name: {{ include "gitea.fullname" . }}-act-runner-config | ||||
|         - name: docker-certs | ||||
|           emptyDir: {} | ||||
|         {{- with .Values.actions.statefulset.extraVolumes }} | ||||
|         {{- toYaml . | nindent 8 }} | ||||
|         {{- end }} | ||||
|   volumeClaimTemplates: | ||||
|     - metadata: | ||||
|         name: data-act-runner | ||||
|       spec: | ||||
|         accessModes: [ "ReadWriteOnce" ] | ||||
|         {{- include "gitea.persistence.storageClass" . | nindent 8 }} | ||||
|         resources: | ||||
|           requests: | ||||
|             storage: 1Mi | ||||
| {{- end }} | ||||
							
								
								
									
										3
									
								
								templates/gitea/check-actions-not-present.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										3
									
								
								templates/gitea/check-actions-not-present.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,3 @@ | ||||
| {{- if .Values.actions -}} | ||||
|     {{- fail "The actions sub-chart has been outsourced to a dedicated chart available at https://gitea.com/gitea/helm-actions. For assistance with the migration process, check https://gitea.com/gitea/helm-actions/issues/9." -}} | ||||
| {{- end -}} | ||||
| @@ -27,7 +27,7 @@ stringData: | ||||
|     {{- end }} | ||||
|      | ||||
|     {{- /* multiple replicas assertions */ -}} | ||||
|     {{- if gt .Values.replicaCount 1.0 -}} | ||||
|     {{- if gt (.Values.replicaCount | int) 1 -}} | ||||
|       {{- if .Values.gitea.config.cron -}} | ||||
|         {{- if .Values.gitea.config.cron.GIT_GC_REPOS -}} | ||||
|           {{- if eq .Values.gitea.config.cron.GIT_GC_REPOS.ENABLED true -}} | ||||
|   | ||||
| @@ -62,7 +62,8 @@ spec: | ||||
|         - name: init-directories | ||||
|           image: "{{ include "gitea.image" . }}" | ||||
|           imagePullPolicy: {{ .Values.image.pullPolicy }} | ||||
|           command: ["/usr/sbin/init_directory_structure.sh"] | ||||
|           command: | ||||
|             - "{{ .Values.initContainersScriptsVolumeMountPath }}/init_directory_structure.sh" | ||||
|           env: | ||||
|             - name: GITEA_APP_INI | ||||
|               value: /data/gitea/conf/app.ini | ||||
| @@ -81,7 +82,7 @@ spec: | ||||
|             {{- end }} | ||||
|           volumeMounts: | ||||
|             - name: init | ||||
|               mountPath: /usr/sbin | ||||
|               mountPath: {{ .Values.initContainersScriptsVolumeMountPath }} | ||||
|             - name: temp | ||||
|               mountPath: /tmp | ||||
|             - name: data | ||||
| @@ -97,7 +98,8 @@ spec: | ||||
|         - name: init-app-ini | ||||
|           image: "{{ include "gitea.image" . }}" | ||||
|           imagePullPolicy: {{ .Values.image.pullPolicy }} | ||||
|           command: ["/usr/sbin/config_environment.sh"] | ||||
|           command:  | ||||
|           - "{{ .Values.initContainersScriptsVolumeMountPath }}/config_environment.sh" | ||||
|           env: | ||||
|             - name: GITEA_APP_INI | ||||
|               value: /data/gitea/conf/app.ini | ||||
| @@ -115,11 +117,11 @@ spec: | ||||
|             {{- toYaml .Values.deployment.env | nindent 12 }} | ||||
|             {{- end }} | ||||
|             {{- if .Values.gitea.additionalConfigFromEnvs }} | ||||
|             {{- toYaml .Values.gitea.additionalConfigFromEnvs | nindent 12 }} | ||||
|             {{- tpl (toYaml .Values.gitea.additionalConfigFromEnvs) $ | nindent 12 }} | ||||
|             {{- end }} | ||||
|           volumeMounts: | ||||
|             - name: config | ||||
|               mountPath: /usr/sbin | ||||
|               mountPath: {{ .Values.initContainersScriptsVolumeMountPath }} | ||||
|             - name: temp | ||||
|               mountPath: /tmp | ||||
|             - name: data | ||||
| @@ -141,7 +143,8 @@ spec: | ||||
|         {{- if .Values.signing.enabled }} | ||||
|         - name: configure-gpg | ||||
|           image: "{{ include "gitea.image" . }}" | ||||
|           command: ["/usr/sbin/configure_gpg_environment.sh"] | ||||
|           command:  | ||||
|           - "{{ .Values.initContainersScriptsVolumeMountPath }}/configure_gpg_environment.sh" | ||||
|           imagePullPolicy: {{ .Values.image.pullPolicy }} | ||||
|           securityContext: | ||||
|             {{- /* By default this container runs as user 1000 unless otherwise stated */ -}} | ||||
| @@ -157,7 +160,7 @@ spec: | ||||
|               value: /raw/private.asc | ||||
|           volumeMounts: | ||||
|             - name: init | ||||
|               mountPath: /usr/sbin | ||||
|               mountPath: {{ .Values.initContainersScriptsVolumeMountPath }} | ||||
|             - name: data | ||||
|               mountPath: /data | ||||
|               {{- if .Values.persistence.subPath }} | ||||
| @@ -174,7 +177,8 @@ spec: | ||||
|         {{- end }} | ||||
|         - name: configure-gitea | ||||
|           image: "{{ include "gitea.image" . }}" | ||||
|           command: ["/usr/sbin/configure_gitea.sh"] | ||||
|           command: | ||||
|           - "{{ .Values.initContainersScriptsVolumeMountPath }}/configure_gitea.sh" | ||||
|           imagePullPolicy: {{ .Values.image.pullPolicy }} | ||||
|           securityContext: | ||||
|             {{- /* By default this container runs as user 1000 unless otherwise stated */ -}} | ||||
| @@ -257,7 +261,7 @@ spec: | ||||
|             {{- end }} | ||||
|           volumeMounts: | ||||
|             - name: init | ||||
|               mountPath: /usr/sbin | ||||
|               mountPath: {{ .Values.initContainersScriptsVolumeMountPath }} | ||||
|             - name: temp | ||||
|               mountPath: /tmp | ||||
|             - name: data | ||||
|   | ||||
| @@ -1,15 +1,7 @@ | ||||
| {{- if .Values.ingress.enabled -}} | ||||
| {{- $fullName := include "gitea.fullname" . -}} | ||||
| {{- $httpPort := .Values.service.http.port -}} | ||||
| {{- $apiVersion := "extensions/v1beta1" -}} | ||||
| {{- if .Values.ingress.apiVersion -}} | ||||
| {{- $apiVersion = .Values.ingress.apiVersion -}} | ||||
| {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} | ||||
| {{- $apiVersion = "networking.k8s.io/v1" }} | ||||
| {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}} | ||||
| {{- $apiVersion = "networking.k8s.io/v1beta1" }} | ||||
| {{- end }} | ||||
| apiVersion: {{ $apiVersion }} | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: {{ $fullName }} | ||||
| @@ -21,9 +13,7 @@ metadata: | ||||
|       {{ $key }}: {{ $value | quote }} | ||||
|     {{- end }} | ||||
| spec: | ||||
| {{- if .Values.ingress.className }} | ||||
|   ingressClassName: {{ tpl .Values.ingress.className . }} | ||||
| {{- end }} | ||||
| {{- if .Values.ingress.tls }} | ||||
|   tls: | ||||
|   {{- range .Values.ingress.tls }} | ||||
| @@ -39,21 +29,34 @@ spec: | ||||
|     - host: {{ tpl .host $ | quote }} | ||||
|       http: | ||||
|         paths: | ||||
|           {{- if .paths }} | ||||
|           {{- range .paths }} | ||||
|           - path: {{ .path }} | ||||
|             {{- if and .pathType (eq $apiVersion "networking.k8s.io/v1") }} | ||||
|             pathType: {{ .pathType }} | ||||
|             {{- end }} | ||||
|           {{- if kindIs "string" . }} | ||||
|           - path: {{ . }} | ||||
|             pathType: {{ default "Prefix" $.Values.ingress.pathType }} | ||||
|             backend: | ||||
|               service: | ||||
|                 name: {{ $fullName }}-http | ||||
|                 port: | ||||
|                   number: {{ $httpPort }} | ||||
|           {{- else }} | ||||
|           - path: {{ .path | default "/" }} | ||||
|             pathType: {{ .pathType | default "Prefix" }} | ||||
|             backend: | ||||
|               service: | ||||
|                 name: {{ $fullName }}-http | ||||
|                 port: | ||||
|                   number: {{ $httpPort }} | ||||
|           {{- end }} | ||||
|           {{- end }} | ||||
|           {{- else }} | ||||
|           - path: "/" | ||||
|             pathType: "Prefix" | ||||
|             backend: | ||||
|             {{- if eq $apiVersion "networking.k8s.io/v1" }} | ||||
|               service: | ||||
|                 name: {{ $fullName }}-http | ||||
|                 port: | ||||
|                   number: {{ $httpPort }} | ||||
|             {{- else }} | ||||
|               serviceName: {{ $fullName }}-http | ||||
|               servicePort: {{ $httpPort }} | ||||
|             {{- end }} | ||||
|           {{- end }} | ||||
|     {{- end }} | ||||
| {{- end }} | ||||
|   | ||||
| @@ -57,25 +57,25 @@ stringData: | ||||
|       exit 1 | ||||
|     } | ||||
|  | ||||
|     {{- if include "redis.servicename" . }} | ||||
|     function test_redis_connection() { | ||||
|     {{- if include "valkey.servicename" . }} | ||||
|     function test_valkey_connection() { | ||||
|       local RETRY=0 | ||||
|       local MAX=30 | ||||
|        | ||||
|       echo 'Wait for redis to become available...' | ||||
|       echo 'Wait for valkey to become avialable...' | ||||
|       until [ "${RETRY}" -ge "${MAX}" ]; do | ||||
|         nc -vz -w2 {{ include "redis.servicename" . }} {{ include "redis.port" . }} && break | ||||
|         nc -vz -w2 {{ include "valkey.servicename" . }} {{ include "valkey.port" . }} && break | ||||
|         RETRY=$[${RETRY}+1] | ||||
|         echo "...not ready yet (${RETRY}/${MAX})" | ||||
|       done | ||||
|  | ||||
|       if [ "${RETRY}" -ge "${MAX}" ]; then | ||||
|         echo "Redis not reachable after '${MAX}' attempts!" | ||||
|         echo "Valkey not reachable after '${MAX}' attempts!" | ||||
|         exit 1 | ||||
|       fi | ||||
|     } | ||||
|  | ||||
|     test_redis_connection | ||||
|     test_valkey_connection | ||||
|     {{- end }} | ||||
|      | ||||
|  | ||||
|   | ||||
| @@ -10,7 +10,7 @@ metadata: | ||||
| {{ .Values.persistence.labels | toYaml | indent 4}} | ||||
| spec: | ||||
|   accessModes: | ||||
|   {{- if gt .Values.replicaCount 1.0 }} | ||||
|   {{- if gt (.Values.replicaCount | int) 1 }} | ||||
|       - ReadWriteMany | ||||
|   {{- else }} | ||||
|     {{- .Values.persistence.accessModes | toYaml | nindent 4 }} | ||||
|   | ||||
 Submodule unittests/bash/bats updated: 3172a45e55...855844b834
									
								
							 Submodule unittests/bash/test_helper/bats-assert updated: b93143a1bf...912a98804e
									
								
							 Submodule unittests/bash/test_helper/bats-mock updated: 93e0128b87...a4b1f8e659
									
								
							 Submodule unittests/bash/test_helper/bats-support updated: d007fc1f45...0ad082d459
									
								
							| @@ -1,69 +0,0 @@ | ||||
| suite: actions template | consistency checks | ||||
| release: | ||||
|   name: gitea-unittests | ||||
|   namespace: testing | ||||
| templates: | ||||
|   - templates/gitea/act_runner/01-consistency-checks.yaml | ||||
| tests: | ||||
|   - it: fails when provisioning is enabled BUT persistence is completely disabled | ||||
|     set: | ||||
|       persistence: | ||||
|         enabled: false | ||||
|       actions: | ||||
|         enabled: true | ||||
|         provisioning: | ||||
|           enabled: true | ||||
|     asserts: | ||||
|       - failedTemplate: | ||||
|           errorMessage: "persistence.enabled and persistence.mount are required when provisioning is enabled" | ||||
|   - it: fails when provisioning is enabled BUT mount is disabled, although persistence is enabled | ||||
|     set: | ||||
|       persistence: | ||||
|         enabled: true | ||||
|         mount: false | ||||
|       actions: | ||||
|         enabled: true | ||||
|         provisioning: | ||||
|           enabled: true | ||||
|     asserts: | ||||
|       - failedTemplate: | ||||
|           errorMessage: "persistence.enabled and persistence.mount are required when provisioning is enabled" | ||||
|   - it: fails when provisioning is enabled AND existingSecret is given | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: true | ||||
|         provisioning: | ||||
|           enabled: true | ||||
|         existingSecret: "secret-reference" | ||||
|     asserts: | ||||
|       - failedTemplate: | ||||
|           errorMessage: "Can't specify both actions.provisioning.enabled and actions.existingSecret" | ||||
|   - it: fails when provisioning is disabled BUT existingSecret and existingSecretKey are missing | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: true | ||||
|         provisioning: | ||||
|           enabled: false | ||||
|     asserts: | ||||
|       - failedTemplate: | ||||
|           errorMessage: "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled" | ||||
|   - it: fails when provisioning is disabled BUT existingSecretKey is missing | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: true | ||||
|         provisioning: | ||||
|           enabled: false | ||||
|         existingSecret: "my-secret" | ||||
|     asserts: | ||||
|       - failedTemplate: | ||||
|           errorMessage: "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled" | ||||
|   - it: fails when provisioning is disabled BUT existingSecret is missing | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: true | ||||
|         provisioning: | ||||
|           enabled: false | ||||
|         existingSecretKey: "my-secret-key" | ||||
|     asserts: | ||||
|       - failedTemplate: | ||||
|           errorMessage: "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled" | ||||
| @@ -1,45 +0,0 @@ | ||||
| # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json | ||||
| suite: actions template | config-act-runner | ||||
| release: | ||||
|   name: gitea-unittests | ||||
|   namespace: testing | ||||
| templates: | ||||
|   - templates/gitea/act_runner/config-act-runner.yaml | ||||
| tests: | ||||
|   - it: doesn't renders a ConfigMap by default | ||||
|     template: templates/gitea/act_runner/config-act-runner.yaml | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 0 | ||||
|   - it: renders a ConfigMap | ||||
|     template: templates/gitea/act_runner/config-act-runner.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: true | ||||
|         statefulset: | ||||
|           actRunner: | ||||
|             config: | | ||||
|               log: | ||||
|                 level: info | ||||
|               cache: | ||||
|                 enabled: false | ||||
|               runner: | ||||
|                 labels: | ||||
|                   - "ubuntu-latest" | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - containsDocument: | ||||
|           kind: ConfigMap | ||||
|           apiVersion: v1 | ||||
|           name: gitea-unittests-act-runner-config | ||||
|       - equal: | ||||
|           path: data["config.yaml"] | ||||
|           value: | | ||||
|             log: | ||||
|               level: info | ||||
|             cache: | ||||
|               enabled: false | ||||
|             runner: | ||||
|               labels: | ||||
|                 - "ubuntu-latest" | ||||
| @@ -1,49 +0,0 @@ | ||||
| suite: actions template | config-scripts | ||||
| release: | ||||
|   name: gitea-unittests | ||||
|   namespace: testing | ||||
| templates: | ||||
|   - templates/gitea/act_runner/config-scripts.yaml | ||||
| tests: | ||||
|   - it: renders a ConfigMap when all criteria are met | ||||
|     template: templates/gitea/act_runner/config-scripts.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: true | ||||
|         provisioning: | ||||
|           enabled: true | ||||
|       persistence: | ||||
|         enabled: true | ||||
|         mount: true | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - containsDocument: | ||||
|           kind: ConfigMap | ||||
|           apiVersion: v1 | ||||
|           name: gitea-unittests-scripts | ||||
|       - isNotNullOrEmpty: | ||||
|           path: data["token.sh"] | ||||
|   - it: doesn't renders a ConfigMap by default | ||||
|     template: templates/gitea/act_runner/config-scripts.yaml | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 0 | ||||
|   - it: doesn't renders a ConfigMap with disabled actions but enabled provisioning | ||||
|     template: templates/gitea/act_runner/config-scripts.yaml | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 0 | ||||
|   - it: doesn't renders a ConfigMap with disabled actions but otherwise met criteria | ||||
|     template: templates/gitea/act_runner/config-scripts.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: false | ||||
|         provisioning: | ||||
|           enabled: true | ||||
|       persistence: | ||||
|         enabled: true | ||||
|         mount: true | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 0 | ||||
| @@ -1,65 +0,0 @@ | ||||
| suite: actions template | job | ||||
| release: | ||||
|   name: gitea-unittests | ||||
|   namespace: testing | ||||
| chart: | ||||
|   # Override appVersion to have a pinned version for comparison | ||||
|   appVersion: 1.19.3 | ||||
| templates: | ||||
|   - templates/gitea/act_runner/job.yaml | ||||
| tests: | ||||
|   - it: renders a Job | ||||
|     template: templates/gitea/act_runner/job.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: true | ||||
|         provisioning: | ||||
|           enabled: true | ||||
|       persistence: | ||||
|         enabled: true | ||||
|         mount: true | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - containsDocument: | ||||
|           kind: Job | ||||
|           apiVersion: batch/v1 | ||||
|           name: gitea-unittests-actions-token-job | ||||
|       - equal: | ||||
|           path: spec.template.spec.containers[0].image | ||||
|           value: "docker.gitea.com/gitea:1.19.3-rootless" | ||||
|   - it: tag override | ||||
|     template: templates/gitea/act_runner/job.yaml | ||||
|     set: | ||||
|       image.tag: "1.19.4" | ||||
|       actions: | ||||
|         enabled: true | ||||
|         provisioning: | ||||
|           enabled: true | ||||
|           publish: | ||||
|             tag: "1.29.0" | ||||
|       persistence: | ||||
|         enabled: true | ||||
|         mount: true | ||||
|     asserts: | ||||
|       - equal: | ||||
|           path: spec.template.spec.containers[0].image | ||||
|           value: "docker.gitea.com/gitea:1.19.4-rootless" | ||||
|       - equal: | ||||
|           path: spec.template.spec.containers[1].image | ||||
|           value: "bitnami/kubectl:1.29.0" | ||||
|   - it: doesn't renders a Job by default | ||||
|     template: templates/gitea/act_runner/job.yaml | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 0 | ||||
|   - it: doesn't renders a Job when provisioning is enabled BUT actions are not enabled | ||||
|     template: templates/gitea/act_runner/job.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: false | ||||
|         provisioning: | ||||
|           enabled: true | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 0 | ||||
| @@ -1,42 +0,0 @@ | ||||
| suite: actions template | role-job | ||||
| release: | ||||
|   name: gitea-unittests | ||||
|   namespace: testing | ||||
| templates: | ||||
|   - templates/gitea/act_runner/role-job.yaml | ||||
| tests: | ||||
|   - it: doesn't renders a Role by default | ||||
|     template: templates/gitea/act_runner/role-job.yaml | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 0 | ||||
|   - it: renders a Role | ||||
|     template: templates/gitea/act_runner/role-job.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: true | ||||
|         provisioning: | ||||
|           enabled: true | ||||
|       persistence: | ||||
|         enabled: true | ||||
|         mount: true | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - containsDocument: | ||||
|           kind: Role | ||||
|           apiVersion: rbac.authorization.k8s.io/v1 | ||||
|           name: gitea-unittests-actions-token-job | ||||
|   - it: doesn't renders a Role when criteria met BUT actions are not enabled | ||||
|     template: templates/gitea/act_runner/role-job.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: false | ||||
|         provisioning: | ||||
|           enabled: true | ||||
|       persistence: | ||||
|         enabled: true | ||||
|         mount: true | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 0 | ||||
| @@ -1,42 +0,0 @@ | ||||
| suite: actions template | rolebinding-job | ||||
| release: | ||||
|   name: gitea-unittests | ||||
|   namespace: testing | ||||
| templates: | ||||
|   - templates/gitea/act_runner/rolebinding-job.yaml | ||||
| tests: | ||||
|   - it: doesn't renders a RoleBinding by default | ||||
|     template: templates/gitea/act_runner/rolebinding-job.yaml | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 0 | ||||
|   - it: renders a RoleBinding | ||||
|     template: templates/gitea/act_runner/rolebinding-job.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: true | ||||
|         provisioning: | ||||
|           enabled: true | ||||
|       persistence: | ||||
|         enabled: true | ||||
|         mount: true | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - containsDocument: | ||||
|           kind: RoleBinding | ||||
|           apiVersion: rbac.authorization.k8s.io/v1 | ||||
|           name: gitea-unittests-actions-token-job | ||||
|   - it: doesn't renders a RoleBinding when criteria met BUT actions are not enabled | ||||
|     template: templates/gitea/act_runner/rolebinding-job.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: false | ||||
|         provisioning: | ||||
|           enabled: true | ||||
|       persistence: | ||||
|         enabled: true | ||||
|         mount: true | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 0 | ||||
| @@ -1,42 +0,0 @@ | ||||
| suite: actions template | secret-token | ||||
| release: | ||||
|   name: gitea-unittests | ||||
|   namespace: testing | ||||
| templates: | ||||
|   - templates/gitea/act_runner/secret-token.yaml | ||||
| tests: | ||||
|   - it: doesn't renders a Secret by default | ||||
|     template: templates/gitea/act_runner/secret-token.yaml | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 0 | ||||
|   - it: renders a Secret | ||||
|     template: templates/gitea/act_runner/secret-token.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: true | ||||
|         provisioning: | ||||
|           enabled: true | ||||
|       persistence: | ||||
|         enabled: true | ||||
|         mount: true | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - containsDocument: | ||||
|           kind: Secret | ||||
|           apiVersion: v1 | ||||
|           name: gitea-unittests-actions-token | ||||
|   - it: doesn't renders a Secret when criteria met BUT actions are not enabled | ||||
|     template: templates/gitea/act_runner/secret-token.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: false | ||||
|         provisioning: | ||||
|           enabled: true | ||||
|       persistence: | ||||
|         enabled: true | ||||
|         mount: true | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 0 | ||||
| @@ -1,42 +0,0 @@ | ||||
| suite: actions template | serviceaccount-job | ||||
| release: | ||||
|   name: gitea-unittests | ||||
|   namespace: testing | ||||
| templates: | ||||
|   - templates/gitea/act_runner/serviceaccount-job.yaml | ||||
| tests: | ||||
|   - it: doesn't renders a ServiceAccount by default | ||||
|     template: templates/gitea/act_runner/serviceaccount-job.yaml | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 0 | ||||
|   - it: renders a ServiceAccount | ||||
|     template: templates/gitea/act_runner/serviceaccount-job.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: true | ||||
|         provisioning: | ||||
|           enabled: true | ||||
|       persistence: | ||||
|         enabled: true | ||||
|         mount: true | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - containsDocument: | ||||
|           kind: ServiceAccount | ||||
|           apiVersion: v1 | ||||
|           name: gitea-unittests-actions-token-job | ||||
|   - it: doesn't renders a ServiceAccount when criteria met BUT actions are not enabled | ||||
|     template: templates/gitea/act_runner/serviceaccount-job.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: false | ||||
|         provisioning: | ||||
|           enabled: true | ||||
|       persistence: | ||||
|         enabled: true | ||||
|         mount: true | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 0 | ||||
| @@ -1,182 +0,0 @@ | ||||
| suite: actions template | statefulset | ||||
| release: | ||||
|   name: gitea-unittests | ||||
|   namespace: testing | ||||
| templates: | ||||
|   - templates/gitea/act_runner/statefulset.yaml | ||||
|   - templates/gitea/act_runner/config-act-runner.yaml | ||||
| tests: | ||||
|   - it: doesn't renders a StatefulSet by default | ||||
|     template: templates/gitea/act_runner/statefulset.yaml | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 0 | ||||
|   - it: renders a StatefulSet (with given existingSecret/existingSecretKey) | ||||
|     template: templates/gitea/act_runner/statefulset.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: true | ||||
|         existingSecret: "my-secret" | ||||
|         existingSecretKey: "my-secret-key" | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - containsDocument: | ||||
|           kind: StatefulSet | ||||
|           apiVersion: apps/v1 | ||||
|           name: gitea-unittests-act-runner | ||||
|       - equal: | ||||
|           path: spec.template.spec.containers[0].env[3] | ||||
|           value: | ||||
|             name: GITEA_RUNNER_REGISTRATION_TOKEN | ||||
|             valueFrom: | ||||
|               secretKeyRef: | ||||
|                 name: "my-secret" | ||||
|                 key: "my-secret-key" | ||||
|   - it: renders a StatefulSet (with secret reference defaults for enabled provisioning) | ||||
|     template: templates/gitea/act_runner/statefulset.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: true | ||||
|         provisioning: | ||||
|           enabled: true | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - containsDocument: | ||||
|           kind: StatefulSet | ||||
|           apiVersion: apps/v1 | ||||
|           name: gitea-unittests-act-runner | ||||
|       - equal: | ||||
|           path: spec.template.spec.containers[0].env[3] | ||||
|           value: | ||||
|             name: GITEA_RUNNER_REGISTRATION_TOKEN | ||||
|             valueFrom: | ||||
|               secretKeyRef: | ||||
|                 name: "gitea-unittests-actions-token" | ||||
|                 key: "token" | ||||
|   - it: renders a StatefulSet (that tracks changes of the runner configuration as annotation) | ||||
|     template: templates/gitea/act_runner/statefulset.yaml | ||||
|     set: | ||||
|       image.tag: "1.22.3" # lock image tag to prevent test failures on future Gitea upgrades | ||||
|       actions: | ||||
|         enabled: true | ||||
|         existingSecret: "my-secret" | ||||
|         existingSecretKey: "my-secret-key" | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - containsDocument: | ||||
|           kind: StatefulSet | ||||
|           apiVersion: apps/v1 | ||||
|           name: gitea-unittests-act-runner | ||||
|       - equal: | ||||
|           path: spec.template.metadata.annotations["checksum/config"] | ||||
|           value: "2a2200e80fc29111d18b675789c265cd3d5f917754850f946f1ce3c55dcd65f8" | ||||
|   - it: renders a StatefulSet (with correct GITEA_INSTANCE_URL env with default act-runner specific LOCAL_ROOT_URL) | ||||
|     template: templates/gitea/act_runner/statefulset.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: true | ||||
|         existingSecret: "my-secret" | ||||
|         existingSecretKey: "my-secret-key" | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - containsDocument: | ||||
|           kind: StatefulSet | ||||
|           apiVersion: apps/v1 | ||||
|           name: gitea-unittests-act-runner | ||||
|       - equal: | ||||
|           path: spec.template.spec.containers[0].env[4] | ||||
|           value: | ||||
|             name: GITEA_INSTANCE_URL | ||||
|             value: "http://gitea-unittests-http:3000" | ||||
|   - it: renders a StatefulSet (with correct GITEA_INSTANCE_URL env from customized LOCAL_ROOT_URL) | ||||
|     template: templates/gitea/act_runner/statefulset.yaml | ||||
|     set: | ||||
|       gitea.config.server.LOCAL_ROOT_URL: "http://git.example.com" | ||||
|       actions: | ||||
|         enabled: true | ||||
|         existingSecret: "my-secret" | ||||
|         existingSecretKey: "my-secret-key" | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - containsDocument: | ||||
|           kind: StatefulSet | ||||
|           apiVersion: apps/v1 | ||||
|           name: gitea-unittests-act-runner | ||||
|       - equal: | ||||
|           path: spec.template.spec.containers[0].env[4] | ||||
|           value: | ||||
|             name: GITEA_INSTANCE_URL | ||||
|             value: "http://git.example.com" | ||||
|   - it: allows adding custom environment variables to the docker-in-docker container | ||||
|     template: templates/gitea/act_runner/statefulset.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: true | ||||
|         statefulset: | ||||
|           dind: | ||||
|             extraEnvs: | ||||
|               - name: "CUSTOM_ENV_NAME" | ||||
|                 value: "custom env value" | ||||
|     asserts: | ||||
|       - equal: | ||||
|           path: spec.template.spec.containers[1].env[3] | ||||
|           value: | ||||
|             name: "CUSTOM_ENV_NAME" | ||||
|             value: "custom env value" | ||||
|   - it: should mount an extra volume in the act runner container | ||||
|     template: templates/gitea/act_runner/statefulset.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: true | ||||
|         statefulset: | ||||
|           extraVolumes: | ||||
|             - name: my-act-runner-volume | ||||
|               emptyDir: {} | ||||
|           actRunner: | ||||
|             extraVolumeMounts: | ||||
|               - mountPath: /mnt | ||||
|                 name: my-act-runner-volume | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - containsDocument: | ||||
|           kind: StatefulSet | ||||
|           apiVersion: apps/v1 | ||||
|           name: gitea-unittests-act-runner | ||||
|       - contains: | ||||
|           any: true | ||||
|           path: spec.template.spec.containers[0].volumeMounts | ||||
|           content: | ||||
|             mountPath: /mnt | ||||
|             name: my-act-runner-volume | ||||
|   - it: should mount an extra volume in the docker-in-docker container | ||||
|     template: templates/gitea/act_runner/statefulset.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: true | ||||
|         statefulset: | ||||
|           extraVolumes: | ||||
|             - name: my-dind-volume | ||||
|               emptyDir: {} | ||||
|           dind: | ||||
|             extraVolumeMounts: | ||||
|               - mountPath: /mnt | ||||
|                 name: my-dind-volume | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - containsDocument: | ||||
|           kind: StatefulSet | ||||
|           apiVersion: apps/v1 | ||||
|           name: gitea-unittests-act-runner | ||||
|       - contains: | ||||
|           any: true | ||||
|           path: spec.template.spec.containers[1].volumeMounts | ||||
|           content: | ||||
|             mountPath: /mnt | ||||
|             name: my-dind-volume | ||||
							
								
								
									
										12
									
								
								unittests/helm/check-actions-not-present.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								unittests/helm/check-actions-not-present.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,12 @@ | ||||
| suite: Check if actions raises an error | ||||
| release: | ||||
|   name: gitea-unittests | ||||
|   namespace: testing | ||||
| tests: | ||||
|   - it: fails when trying to configure actions due to removal | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: true | ||||
|     asserts: | ||||
|       - failedTemplate: | ||||
|           errorMessage: The actions sub-chart has been outsourced to a dedicated chart available at https://gitea.com/gitea/helm-actions. For assistance with the migration process, check https://gitea.com/gitea/helm-actions/issues/9. | ||||
| @@ -5,57 +5,20 @@ release: | ||||
| templates: | ||||
|   - templates/gitea/config.yaml | ||||
| tests: | ||||
|   - it: "actions are not enabled by default" | ||||
|   - it: "actions are enabled by default (based on vanilla Gitea behavior)" | ||||
|     template: templates/gitea/config.yaml | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
|         notExists: | ||||
|           path: stringData.actions | ||||
|  | ||||
|   - it: "actions can be disabled via inline config" | ||||
|     template: templates/gitea/config.yaml | ||||
|     set: | ||||
|       gitea.config.actions.ENABLED: false | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
|         equal: | ||||
|           path: stringData.actions | ||||
|           value: |- | ||||
|             ENABLED=false | ||||
|  | ||||
|   - it: "actions can be enabled via inline config" | ||||
|     template: templates/gitea/config.yaml | ||||
|     set: | ||||
|       gitea.config.actions.ENABLED: true | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
|         equal: | ||||
|           path: stringData.actions | ||||
|           value: |- | ||||
|             ENABLED=true | ||||
|  | ||||
|   - it: "actions can be enabled via dedicated values object" | ||||
|     template: templates/gitea/config.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: true | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
|         equal: | ||||
|           path: stringData.actions | ||||
|           value: |- | ||||
|             ENABLED=true | ||||
|  | ||||
|   - it: "defines LOCAL_ROOT_URL when actions are enabled" | ||||
|     template: templates/gitea/config.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: true | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
|         matchRegex: | ||||
|           path: stringData.server | ||||
|           pattern: \nLOCAL_ROOT_URL=http://gitea-unittests-http:3000 | ||||
|  | ||||
|   - it: "respects custom LOCAL_ROOT_URL, even when actions are enabled" | ||||
|     template: templates/gitea/config.yaml | ||||
|     set: | ||||
|       actions: | ||||
|         enabled: true | ||||
|       gitea.config.server.LOCAL_ROOT_URL: "http://git.example.com" | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
|         matchRegex: | ||||
|           path: stringData.server | ||||
|           pattern: \nLOCAL_ROOT_URL=http://git.example.com | ||||
|   | ||||
| @@ -3,12 +3,12 @@ release: | ||||
|   name: gitea-unittests | ||||
|   namespace: testing | ||||
| tests: | ||||
|   - it: "cache is configured correctly for redis-cluster" | ||||
|   - it: "cache is configured correctly for valkey-cluster" | ||||
|     template: templates/gitea/config.yaml | ||||
|     set: | ||||
|       redis-cluster: | ||||
|       valkey-cluster: | ||||
|         enabled: true | ||||
|       redis: | ||||
|       valkey: | ||||
|         enabled: false | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
| @@ -16,14 +16,14 @@ tests: | ||||
|           path: stringData.cache | ||||
|           value: |- | ||||
|             ADAPTER=redis | ||||
|             HOST=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||
|             HOST=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||
|  | ||||
|   - it: "cache is configured correctly for redis" | ||||
|   - it: "cache is configured correctly for valkey" | ||||
|     template: templates/gitea/config.yaml | ||||
|     set: | ||||
|       redis-cluster: | ||||
|       valkey-cluster: | ||||
|         enabled: false | ||||
|       redis: | ||||
|       valkey: | ||||
|         enabled: true | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
| @@ -31,14 +31,14 @@ tests: | ||||
|           path: stringData.cache | ||||
|           value: |- | ||||
|             ADAPTER=redis | ||||
|             HOST=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||
|             HOST=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||
|  | ||||
|   - it: "cache is configured correctly for 'memory' when redis (or redis-cluster) is disabled" | ||||
|   - it: "cache is configured correctly for 'memory' when valkey (or valkey-cluster) is disabled" | ||||
|     template: templates/gitea/config.yaml | ||||
|     set: | ||||
|       redis-cluster: | ||||
|       valkey-cluster: | ||||
|         enabled: false | ||||
|       redis: | ||||
|       valkey: | ||||
|         enabled: false | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
| @@ -48,12 +48,12 @@ tests: | ||||
|             ADAPTER=memory | ||||
|             HOST= | ||||
|  | ||||
|   - it: "cache can be customized when redis (or redis-cluster) is disabled" | ||||
|   - it: "cache can be customized when valkey (or valkey-cluster) is disabled" | ||||
|     template: templates/gitea/config.yaml | ||||
|     set: | ||||
|       redis-cluster: | ||||
|       valkey-cluster: | ||||
|         enabled: false | ||||
|       redis: | ||||
|       valkey: | ||||
|         enabled: false | ||||
|       gitea.config.cache.ADAPTER: custom-adapter | ||||
|       gitea.config.cache.HOST: custom-host | ||||
|   | ||||
| @@ -3,42 +3,42 @@ release: | ||||
|   name: gitea-unittests | ||||
|   namespace: testing | ||||
| tests: | ||||
|   - it: "queue is configured correctly for redis-cluster" | ||||
|   - it: "queue is configured correctly for valkey-cluster" | ||||
|     template: templates/gitea/config.yaml | ||||
|     set: | ||||
|       redis-cluster: | ||||
|       valkey-cluster: | ||||
|         enabled: true | ||||
|       redis: | ||||
|       valkey: | ||||
|         enabled: false | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
|         equal: | ||||
|           path: stringData.queue | ||||
|           value: |- | ||||
|             CONN_STR=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||
|             CONN_STR=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||
|             TYPE=redis | ||||
|  | ||||
|   - it: "queue is configured correctly for redis" | ||||
|   - it: "queue is configured correctly for valkey" | ||||
|     template: templates/gitea/config.yaml | ||||
|     set: | ||||
|       redis-cluster: | ||||
|       valkey-cluster: | ||||
|         enabled: false | ||||
|       redis: | ||||
|       valkey: | ||||
|         enabled: true | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
|         equal: | ||||
|           path: stringData.queue | ||||
|           value: |- | ||||
|             CONN_STR=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||
|             CONN_STR=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||
|             TYPE=redis | ||||
|  | ||||
|   - it: "queue is configured correctly for 'levelDB' when redis (and redis-cluster) is disabled" | ||||
|   - it: "queue is configured correctly for 'levelDB' when valkey (and valkey-cluster) is disabled" | ||||
|     template: templates/gitea/config.yaml | ||||
|     set: | ||||
|       redis-cluster: | ||||
|       valkey-cluster: | ||||
|         enabled: false | ||||
|       redis: | ||||
|       valkey: | ||||
|         enabled: false | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
| @@ -48,12 +48,12 @@ tests: | ||||
|             CONN_STR= | ||||
|             TYPE=level | ||||
|  | ||||
|   - it: "queue can be customized when redis (and redis-cluster) are disabled" | ||||
|   - it: "queue can be customized when valkey (and valkey-cluster) are disabled" | ||||
|     template: templates/gitea/config.yaml | ||||
|     set: | ||||
|       redis-cluster: | ||||
|       valkey-cluster: | ||||
|         enabled: false | ||||
|       redis: | ||||
|       valkey: | ||||
|         enabled: false | ||||
|       gitea.config.queue.TYPE: custom-type | ||||
|       gitea.config.queue.CONN_STR: custom-connection-string | ||||
|   | ||||
| @@ -3,12 +3,12 @@ release: | ||||
|   name: gitea-unittests | ||||
|   namespace: testing | ||||
| tests: | ||||
|   - it: "session is configured correctly for redis-cluster" | ||||
|   - it: "session is configured correctly for valkey-cluster" | ||||
|     template: templates/gitea/config.yaml | ||||
|     set: | ||||
|       redis-cluster: | ||||
|       valkey-cluster: | ||||
|         enabled: true | ||||
|       redis: | ||||
|       valkey: | ||||
|         enabled: false | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
| @@ -16,14 +16,14 @@ tests: | ||||
|           path: stringData.session | ||||
|           value: |- | ||||
|             PROVIDER=redis | ||||
|             PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||
|             PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||
|  | ||||
|   - it: "session is configured correctly for redis" | ||||
|   - it: "session is configured correctly for valkey" | ||||
|     template: templates/gitea/config.yaml | ||||
|     set: | ||||
|       redis-cluster: | ||||
|       valkey-cluster: | ||||
|         enabled: false | ||||
|       redis: | ||||
|       valkey: | ||||
|         enabled: true | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
| @@ -31,14 +31,14 @@ tests: | ||||
|           path: stringData.session | ||||
|           value: |- | ||||
|             PROVIDER=redis | ||||
|             PROVIDER_CONFIG=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||
|             PROVIDER_CONFIG=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||
|  | ||||
|   - it: "session is configured correctly for 'memory' when redis (and redis-cluster) is disabled" | ||||
|   - it: "session is configured correctly for 'memory' when valkey (and valkey-cluster) is disabled" | ||||
|     template: templates/gitea/config.yaml | ||||
|     set: | ||||
|       redis-cluster: | ||||
|       valkey-cluster: | ||||
|         enabled: false | ||||
|       redis: | ||||
|       valkey: | ||||
|         enabled: false | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
| @@ -48,12 +48,12 @@ tests: | ||||
|             PROVIDER=memory | ||||
|             PROVIDER_CONFIG= | ||||
|  | ||||
|   - it: "session can be customized when redis (and redis-cluster) is disabled" | ||||
|   - it: "session can be customized when valkey (and valkey-cluster) is disabled" | ||||
|     template: templates/gitea/config.yaml | ||||
|     set: | ||||
|       redis-cluster: | ||||
|       valkey-cluster: | ||||
|         enabled: false | ||||
|       redis: | ||||
|       valkey: | ||||
|         enabled: false | ||||
|       gitea.config.session.PROVIDER: custom-provider | ||||
|       gitea.config.session.PROVIDER_CONFIG: custom-provider-config | ||||
|   | ||||
| @@ -18,6 +18,7 @@ set: | ||||
|       password: custom-password-overwritten-by-global-postgresql-password | ||||
|     pgpool: | ||||
|       adminPassword: custom-password-pgpool | ||||
|       srCheckPassword: custom-password-sr-check | ||||
|     service: | ||||
|       ports: | ||||
|         postgresql: 1234 | ||||
| @@ -75,6 +76,13 @@ tests: | ||||
|         equal: | ||||
|           path: data["admin-password"] | ||||
|           value: "Y3VzdG9tLXBhc3N3b3JkLXBncG9vbA==" | ||||
|   - it: "[postgresql-ha] pgpool.srCheckPassword is applied as expected" | ||||
|     template: charts/postgresql-ha/templates/pgpool/secrets.yaml | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
|         equal: | ||||
|           path: data["sr-check-password"] | ||||
|           value: "Y3VzdG9tLXBhc3N3b3JkLXNyLWNoZWNr" | ||||
|   - it: "[postgresql-ha] persistence.size is applied as expected" | ||||
|     template: charts/postgresql-ha/templates/postgresql/statefulset.yaml | ||||
|     asserts: | ||||
|   | ||||
| @@ -1,19 +1,19 @@ | ||||
| suite: Dependency checks | Customization integrity | redis-cluster | ||||
| suite: Dependency checks | Customization integrity | valkey-cluster | ||||
| release: | ||||
|   name: gitea-unittests | ||||
|   namespace: testing | ||||
| set: | ||||
|   redis: | ||||
|   valkey: | ||||
|     enabled: false | ||||
|   redis-cluster: | ||||
|   valkey-cluster: | ||||
|     enabled: true | ||||
|     usePassword: false | ||||
|     cluster: | ||||
|       nodes: 5 | ||||
|       replicas: 2 | ||||
| tests: | ||||
|   - it: "[redis-cluster] configures correct nodes/replicas" | ||||
|     template: charts/redis-cluster/templates/redis-statefulset.yaml | ||||
|   - it: "[valkey-cluster] configures correct nodes/replicas" | ||||
|     template: charts/valkey-cluster/templates/valkey-statefulset.yaml | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
|         equal: | ||||
| @@ -22,31 +22,31 @@ tests: | ||||
|       - documentIndex: 0 | ||||
|         matchRegex: | ||||
|           path: spec.template.spec.containers[0].args[0] | ||||
|           pattern: REDIS_CLUSTER_REPLICAS="2" | ||||
|   - it: "[redis-cluster] support auth-less connections" | ||||
|           pattern: VALKEY_CLUSTER_REPLICAS="2" | ||||
|   - it: "[valkey-cluster] support auth-less connections" | ||||
|     asserts: | ||||
|       - template: charts/redis-cluster/templates/secret.yaml | ||||
|       - template: charts/valkey-cluster/templates/secret.yaml | ||||
|         hasDocuments: | ||||
|           count: 0 | ||||
|       - template: charts/redis-cluster/templates/redis-statefulset.yaml | ||||
|       - template: charts/valkey-cluster/templates/valkey-statefulset.yaml | ||||
|         documentIndex: 0 | ||||
|         contains: | ||||
|           path: spec.template.spec.containers[0].env | ||||
|           content: | ||||
|             name: ALLOW_EMPTY_PASSWORD | ||||
|             value: "yes" | ||||
|   - it: "[redis-cluster] support auth-full connections" | ||||
|   - it: "[valkey-cluster] support auth-full connections" | ||||
|     set: | ||||
|       redis-cluster: | ||||
|       valkey-cluster: | ||||
|         usePassword: true | ||||
|     asserts: | ||||
|       - template: charts/redis-cluster/templates/secret.yaml | ||||
|       - template: charts/valkey-cluster/templates/secret.yaml | ||||
|         containsDocument: | ||||
|           kind: Secret | ||||
|           apiVersion: v1 | ||||
|           name: gitea-unittests-redis-cluster | ||||
|           name: gitea-unittests-valkey-cluster | ||||
|           namespace: testing | ||||
|       - template: charts/redis-cluster/templates/redis-statefulset.yaml | ||||
|       - template: charts/valkey-cluster/templates/valkey-statefulset.yaml | ||||
|         documentIndex: 0 | ||||
|         contains: | ||||
|           path: spec.template.spec.containers[0].env | ||||
| @@ -54,25 +54,25 @@ tests: | ||||
|             name: REDISCLI_AUTH | ||||
|             valueFrom: | ||||
|               secretKeyRef: | ||||
|                 name: gitea-unittests-redis-cluster | ||||
|                 key: redis-password | ||||
|       - template: charts/redis-cluster/templates/redis-statefulset.yaml | ||||
|                 name: gitea-unittests-valkey-cluster | ||||
|                 key: valkey-password | ||||
|       - template: charts/valkey-cluster/templates/valkey-statefulset.yaml | ||||
|         documentIndex: 0 | ||||
|         contains: | ||||
|           path: spec.template.spec.containers[0].env | ||||
|           content: | ||||
|             name: REDIS_PASSWORD | ||||
|             name: REDISCLI_AUTH | ||||
|             valueFrom: | ||||
|               secretKeyRef: | ||||
|                 name: gitea-unittests-redis-cluster | ||||
|                 key: redis-password | ||||
|   - it: "[redis-cluster] renders the referenced service" | ||||
|     template: charts/redis-cluster/templates/headless-svc.yaml | ||||
|                 name: gitea-unittests-valkey-cluster | ||||
|                 key: valkey-password | ||||
|   - it: "[valkey-cluster] renders the referenced service" | ||||
|     template: charts/valkey-cluster/templates/headless-svc.yaml | ||||
|     asserts: | ||||
|       - containsDocument: | ||||
|           kind: Service | ||||
|           apiVersion: v1 | ||||
|           name: gitea-unittests-redis-cluster-headless | ||||
|           name: gitea-unittests-valkey-cluster-headless | ||||
|           namespace: testing | ||||
|       - documentIndex: 0 | ||||
|         contains: | ||||
| @@ -81,10 +81,10 @@ tests: | ||||
|             name: tcp-redis | ||||
|             port: 6379 | ||||
|             targetPort: tcp-redis | ||||
|   - it: "[gitea] waits for redis-cluster to be up and running" | ||||
|   - it: "[gitea] waits for valkey-cluster to be up and running" | ||||
|     template: templates/gitea/init.yaml | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
|         matchRegex: | ||||
|           path: stringData["configure_gitea.sh"] | ||||
|           pattern: nc -vz -w2 gitea-unittests-redis-cluster-headless.testing.svc.cluster.local 6379 | ||||
|           pattern: nc -vz -w2 gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local 6379 | ||||
| @@ -1,40 +1,40 @@ | ||||
| suite: Dependency checks | Customization integrity | redis | ||||
| suite: Dependency checks | Customization integrity | valkey | ||||
| release: | ||||
|   name: gitea-unittests | ||||
|   namespace: testing | ||||
| set: | ||||
|   redis-cluster: | ||||
|   valkey-cluster: | ||||
|     enabled: false | ||||
|   redis: | ||||
|   valkey: | ||||
|     enabled: true | ||||
|     architecture: standalone | ||||
|     global: | ||||
|       redis: | ||||
|       valkey: | ||||
|         password: gitea-password | ||||
|     master: | ||||
|       count: 2 | ||||
| tests: | ||||
|   - it: "[redis] configures correct 'master' nodes" | ||||
|     template: charts/redis/templates/master/application.yaml | ||||
|   - it: "[valkey] configures correct 'master' nodes" | ||||
|     template: charts/valkey/templates/primary/application.yaml | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
|         equal: | ||||
|           path: spec.replicas | ||||
|           value: 2 | ||||
|   - it: "[redis] redis.global.redis.password is applied as expected" | ||||
|     template: charts/redis/templates/secret.yaml | ||||
|           value: 1 | ||||
|   - it: "[valkey] valkey.global.valkey.password is applied as expected" | ||||
|     template: charts/valkey/templates/secret.yaml | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
|         equal: | ||||
|           path: data["redis-password"] | ||||
|           path: data["valkey-password"] | ||||
|           value: "Z2l0ZWEtcGFzc3dvcmQ=" | ||||
|   - it: "[redis] renders the referenced service" | ||||
|     template: charts/redis/templates/headless-svc.yaml | ||||
|   - it: "[valkey] renders the referenced service" | ||||
|     template: charts/valkey/templates/headless-svc.yaml | ||||
|     asserts: | ||||
|       - containsDocument: | ||||
|           kind: Service | ||||
|           apiVersion: v1 | ||||
|           name: gitea-unittests-redis-headless | ||||
|           name: gitea-unittests-valkey-headless | ||||
|           namespace: testing | ||||
|       - documentIndex: 0 | ||||
|         contains: | ||||
| @@ -43,10 +43,10 @@ tests: | ||||
|             name: tcp-redis | ||||
|             port: 6379 | ||||
|             targetPort: redis | ||||
|   - it: "[gitea] waits for redis to be up and running" | ||||
|   - it: "[gitea] waits for valkey to be up and running" | ||||
|     template: templates/gitea/init.yaml | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
|         matchRegex: | ||||
|           path: stringData["configure_gitea.sh"] | ||||
|           pattern: nc -vz -w2 gitea-unittests-redis-headless.testing.svc.cluster.local 6379 | ||||
|           pattern: nc -vz -w2 gitea-unittests-valkey-headless.testing.svc.cluster.local 6379 | ||||
| @@ -29,29 +29,29 @@ tests: | ||||
|           path: spec.template.spec.containers[0].image | ||||
|           # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST | ||||
|           pattern: bitnami/postgresql:17.+$ | ||||
|   - it: "[redis-cluster] ensures we detect major image version upgrades" | ||||
|     template: charts/redis-cluster/templates/redis-statefulset.yaml | ||||
|   - it: "[valkey-cluster] ensures we detect major image version upgrades" | ||||
|     template: charts/valkey-cluster/templates/valkey-statefulset.yaml | ||||
|     set: | ||||
|       redis-cluster: | ||||
|       valkey-cluster: | ||||
|         enabled: true | ||||
|       redis: | ||||
|       valkey: | ||||
|         enabled: false | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
|         matchRegex: | ||||
|           path: spec.template.spec.containers[0].image | ||||
|           # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST | ||||
|           pattern: bitnami/redis-cluster:7.+$ | ||||
|   - it: "[redis] ensures we detect major image version upgrades" | ||||
|     template: charts/redis/templates/master/application.yaml | ||||
|           pattern: bitnami/valkey-cluster:8.+$ | ||||
|   - it: "[valkey] ensures we detect major image version upgrades" | ||||
|     template: charts/valkey/templates/primary/application.yaml | ||||
|     set: | ||||
|       redis-cluster: | ||||
|       valkey-cluster: | ||||
|         enabled: false | ||||
|       redis: | ||||
|       valkey: | ||||
|         enabled: true | ||||
|     asserts: | ||||
|       - documentIndex: 0 | ||||
|         matchRegex: | ||||
|           path: spec.template.spec.containers[0].image | ||||
|           # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST | ||||
|           pattern: bitnami/redis:7.+$ | ||||
|           pattern: bitnami/valkey:8.+$ | ||||
|   | ||||
| @@ -73,3 +73,23 @@ tests: | ||||
|             requests: | ||||
|               cpu: 100ms | ||||
|               memory: 100Mi | ||||
|   - it: Init containers have correct volumeMount path | ||||
|     template: templates/gitea/deployment.yaml | ||||
|     set: | ||||
|       initContainersScriptsVolumeMountPath: "/custom/init/path" | ||||
|     asserts: | ||||
|       - equal: | ||||
|           path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="init")].mountPath | ||||
|           value: "/custom/init/path" | ||||
|       - equal: | ||||
|           path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="config")].mountPath | ||||
|           value: "/custom/init/path" | ||||
|   - it: Init containers have correct volumeMount path if there is no override | ||||
|     template: templates/gitea/deployment.yaml | ||||
|     asserts: | ||||
|       - equal: | ||||
|           path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="init")].mountPath | ||||
|           value: "/usr/sbinx" | ||||
|       - equal: | ||||
|           path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="config")].mountPath | ||||
|           value: "/usr/sbinx" | ||||
|   | ||||
							
								
								
									
										150
									
								
								unittests/helm/deployment/deployment-additional-config.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										150
									
								
								unittests/helm/deployment/deployment-additional-config.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,150 @@ | ||||
| suite: deployment template | ||||
| release: | ||||
|   name: gitea-unittests | ||||
|   namespace: testing | ||||
| templates: | ||||
|   - templates/gitea/deployment.yaml | ||||
|   - templates/gitea/config.yaml | ||||
| tests: | ||||
|   - it: Renders a deployment | ||||
|     template: templates/gitea/deployment.yaml | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - containsDocument: | ||||
|           kind: Deployment | ||||
|           apiVersion: apps/v1 | ||||
|           name: gitea-unittests | ||||
|   - it: Deployment with empty additionalConfigFromEnvs | ||||
|     template: templates/gitea/deployment.yaml | ||||
|     set: | ||||
|       gitea.additionalConfigFromEnvs: [] | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - exists: | ||||
|           path: spec.template.spec.initContainers[1].env | ||||
|       - lengthEqual: | ||||
|           path: spec.template.spec.initContainers[1].env | ||||
|           count: 6 | ||||
|       - isSubset: | ||||
|           path: spec.template.spec.initContainers[1] | ||||
|           content: | ||||
|             env: | ||||
|               - name: GITEA_APP_INI | ||||
|                 value: /data/gitea/conf/app.ini | ||||
|               - name: GITEA_CUSTOM | ||||
|                 value: /data/gitea | ||||
|               - name: GITEA_WORK_DIR | ||||
|                 value: /data | ||||
|               - name: GITEA_TEMP | ||||
|                 value: /tmp/gitea | ||||
|               - name: TMP_EXISTING_ENVS_FILE | ||||
|                 value: /tmp/existing-envs | ||||
|               - name: ENV_TO_INI_MOUNT_POINT | ||||
|                 value: /env-to-ini-mounts | ||||
|   - it: Deployment with standard additionalConfigFromEnvs | ||||
|     template: templates/gitea/deployment.yaml | ||||
|     set: | ||||
|       gitea.additionalConfigFromEnvs: [{name: GITEA_database_HOST, value: my-db:123}, {name: GITEA_database_USER, value: my-user}] | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - exists: | ||||
|           path: spec.template.spec.initContainers[1].env | ||||
|       - lengthEqual: | ||||
|           path: spec.template.spec.initContainers[1].env | ||||
|           count: 8 | ||||
|       - isSubset: | ||||
|           path: spec.template.spec.initContainers[1] | ||||
|           content: | ||||
|             env: | ||||
|               - name: GITEA_APP_INI | ||||
|                 value: /data/gitea/conf/app.ini | ||||
|               - name: GITEA_CUSTOM | ||||
|                 value: /data/gitea | ||||
|               - name: GITEA_WORK_DIR | ||||
|                 value: /data | ||||
|               - name: GITEA_TEMP | ||||
|                 value: /tmp/gitea | ||||
|               - name: TMP_EXISTING_ENVS_FILE | ||||
|                 value: /tmp/existing-envs | ||||
|               - name: ENV_TO_INI_MOUNT_POINT | ||||
|                 value: /env-to-ini-mounts | ||||
|               - name: GITEA_database_HOST | ||||
|                 value: my-db:123 | ||||
|               - name: GITEA_database_USER | ||||
|                 value: my-user | ||||
|   - it: Deployment with templated additionalConfigFromEnvs | ||||
|     template: templates/gitea/deployment.yaml | ||||
|     set: | ||||
|       gitea.misc.host: my-db-host:321 | ||||
|       gitea.misc.user: my-db-user | ||||
|       gitea.additionalConfigFromEnvs: [{name: GITEA_database_HOST, value: "{{ .Values.gitea.misc.host }}"}, {name: GITEA_database_USER, value: "{{ .Values.gitea.misc.user }}"}] | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - exists: | ||||
|           path: spec.template.spec.initContainers[1].env | ||||
|       - lengthEqual: | ||||
|           path: spec.template.spec.initContainers[1].env | ||||
|           count: 8 | ||||
|       - isSubset: | ||||
|           path: spec.template.spec.initContainers[1] | ||||
|           content: | ||||
|             env: | ||||
|               - name: GITEA_APP_INI | ||||
|                 value: /data/gitea/conf/app.ini | ||||
|               - name: GITEA_CUSTOM | ||||
|                 value: /data/gitea | ||||
|               - name: GITEA_WORK_DIR | ||||
|                 value: /data | ||||
|               - name: GITEA_TEMP | ||||
|                 value: /tmp/gitea | ||||
|               - name: TMP_EXISTING_ENVS_FILE | ||||
|                 value: /tmp/existing-envs | ||||
|               - name: ENV_TO_INI_MOUNT_POINT | ||||
|                 value: /env-to-ini-mounts | ||||
|               - name: GITEA_database_HOST | ||||
|                 value: my-db-host:321 | ||||
|               - name: GITEA_database_USER | ||||
|                 value: my-db-user | ||||
|   - it: Deployment with additionalConfigFromEnvs templated secret name | ||||
|     template: templates/gitea/deployment.yaml | ||||
|     set: | ||||
|       gitea.misc.existingSecret: my-db-secret | ||||
|       gitea.additionalConfigFromEnvs[0]: | ||||
|         name: GITEA_database_HOST | ||||
|         valueFrom: | ||||
|           secretKeyRef: | ||||
|             name: "{{ .Values.gitea.misc.existingSecret }}" | ||||
|             key: password | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - exists: | ||||
|           path: spec.template.spec.initContainers[1].env | ||||
|       - lengthEqual: | ||||
|           path: spec.template.spec.initContainers[1].env | ||||
|           count: 7 | ||||
|       - isSubset: | ||||
|           path: spec.template.spec.initContainers[1] | ||||
|           content: | ||||
|             env: | ||||
|               - name: GITEA_APP_INI | ||||
|                 value: /data/gitea/conf/app.ini | ||||
|               - name: GITEA_CUSTOM | ||||
|                 value: /data/gitea | ||||
|               - name: GITEA_WORK_DIR | ||||
|                 value: /data | ||||
|               - name: GITEA_TEMP | ||||
|                 value: /tmp/gitea | ||||
|               - name: TMP_EXISTING_ENVS_FILE | ||||
|                 value: /tmp/existing-envs | ||||
|               - name: ENV_TO_INI_MOUNT_POINT | ||||
|                 value: /env-to-ini-mounts | ||||
|               - name: GITEA_database_HOST | ||||
|                 valueFrom: | ||||
|                   secretKeyRef: | ||||
|                     name: "my-db-secret" | ||||
|                     key: password | ||||
| @@ -1,28 +1,7 @@ | ||||
| suite: ingress template | ||||
| release: | ||||
|   name: gitea-unittests | ||||
|   namespace: testing | ||||
| suite: Test ingress tpl use | ||||
| templates: | ||||
|   - templates/gitea/ingress.yaml | ||||
| tests: | ||||
|   - it: hostname using TPL | ||||
|     set: | ||||
|       global.giteaHostName: "gitea.example.com" | ||||
|       ingress.enabled: true | ||||
|       ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}" | ||||
|       ingress.tls: | ||||
|         - secretName: gitea-tls | ||||
|           hosts: | ||||
|             - "{{ .Values.global.giteaHostName }}" | ||||
|     asserts: | ||||
|       - isKind: | ||||
|           of: Ingress | ||||
|       - equal: | ||||
|           path: spec.tls[0].hosts[0] | ||||
|           value: "gitea.example.com" | ||||
|       - equal: | ||||
|           path: spec.rules[0].host | ||||
|           value: "gitea.example.com" | ||||
|   - it: Ingress Class using TPL | ||||
|     set: | ||||
|       global.ingress.className: "ingress-class" | ||||
| @@ -45,3 +24,22 @@ tests: | ||||
|       - equal: | ||||
|           path: spec.ingressClassName | ||||
|           value: "ingress-class" | ||||
|  | ||||
|   - it: hostname using TPL | ||||
|     set: | ||||
|       global.giteaHostName: "gitea.example.com" | ||||
|       ingress.enabled: true | ||||
|       ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}" | ||||
|       ingress.tls: | ||||
|         - secretName: gitea-tls | ||||
|           hosts: | ||||
|             - "{{ .Values.global.giteaHostName }}" | ||||
|     asserts: | ||||
|       - isKind: | ||||
|           of: Ingress | ||||
|       - equal: | ||||
|           path: spec.tls[0].hosts[0] | ||||
|           value: "gitea.example.com" | ||||
|       - equal: | ||||
|           path: spec.rules[0].host | ||||
|           value: "gitea.example.com" | ||||
|   | ||||
| @@ -18,7 +18,7 @@ tests: | ||||
|           value: configure-gpg | ||||
|       - equal: | ||||
|           path: spec.template.spec.initContainers[2].command | ||||
|           value: ["/usr/sbin/configure_gpg_environment.sh"] | ||||
|           value: ["/usr/sbinx/configure_gpg_environment.sh"] | ||||
|       - equal: | ||||
|           path: spec.template.spec.initContainers[2].securityContext | ||||
|           value: | ||||
| @@ -34,7 +34,7 @@ tests: | ||||
|           path: spec.template.spec.initContainers[2].volumeMounts | ||||
|           value: | ||||
|             - name: init | ||||
|               mountPath: /usr/sbin | ||||
|               mountPath: /usr/sbinx | ||||
|             - name: data | ||||
|               mountPath: /data | ||||
|             - name: gpg-private-key | ||||
|   | ||||
							
								
								
									
										93
									
								
								unittests/helm/ingress/basic.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										93
									
								
								unittests/helm/ingress/basic.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,93 @@ | ||||
| suite: Test ingress.yaml | ||||
| templates: | ||||
|   - templates/gitea/ingress.yaml | ||||
| tests: | ||||
|   - it: should enable ingress when ingress.enabled is true | ||||
|     set: | ||||
|       ingress.enabled: true | ||||
|       ingress.apiVersion: networking.k8s.io/v1 | ||||
|       ingress.annotations: | ||||
|         kubernetes.io/ingress.class: nginx | ||||
|       ingress.className: nginx | ||||
|       ingress.tls: | ||||
|         - hosts: | ||||
|             - example.com | ||||
|           secretName: tls-secret | ||||
|       ingress.hosts: | ||||
|         - host: example.com | ||||
|           paths: ["/"] | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - isKind: | ||||
|           of: Ingress | ||||
|       - equal: | ||||
|           path: metadata.name | ||||
|           value: RELEASE-NAME-gitea | ||||
|       - matchRegex: | ||||
|           path: apiVersion | ||||
|           pattern: networking.k8s.io/v1 | ||||
|       - equal: | ||||
|           path: spec.ingressClassName | ||||
|           value: nginx | ||||
|       - equal: | ||||
|           path: spec.rules[0].host | ||||
|           value: "example.com" | ||||
|       - equal: | ||||
|           path: spec.tls[0].hosts[0] | ||||
|           value: "example.com" | ||||
|       - equal: | ||||
|           path: spec.tls[0].secretName | ||||
|           value: tls-secret | ||||
|       - equal: | ||||
|           path: metadata.annotations["kubernetes.io/ingress.class"] | ||||
|           value: nginx | ||||
|  | ||||
|   - it: should not create ingress when ingress.enabled is false | ||||
|     set: | ||||
|       ingress.enabled: false | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 0 | ||||
|  | ||||
|   - it: Ingress Class using TPL | ||||
|     set: | ||||
|       global.ingress.className: "ingress-class" | ||||
|       ingress.className: "{{ .Values.global.ingress.className }}" | ||||
|       ingress.enabled: true | ||||
|       ingress.hosts[0].host: "some-host" | ||||
|       ingress.tls: | ||||
|         - secretName: gitea-tls | ||||
|           hosts: | ||||
|             - "some-host" | ||||
|     asserts: | ||||
|       - isKind: | ||||
|           of: Ingress | ||||
|       - equal: | ||||
|           path: spec.tls[0].hosts[0] | ||||
|           value: "some-host" | ||||
|       - equal: | ||||
|           path: spec.rules[0].host | ||||
|           value: "some-host" | ||||
|       - equal: | ||||
|           path: spec.ingressClassName | ||||
|           value: "ingress-class" | ||||
|  | ||||
|   - it: hostname using TPL | ||||
|     set: | ||||
|       global.giteaHostName: "gitea.example.com" | ||||
|       ingress.enabled: true | ||||
|       ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}" | ||||
|       ingress.tls: | ||||
|         - secretName: gitea-tls | ||||
|           hosts: | ||||
|             - "{{ .Values.global.giteaHostName }}" | ||||
|     asserts: | ||||
|       - isKind: | ||||
|           of: Ingress | ||||
|       - equal: | ||||
|           path: spec.tls[0].hosts[0] | ||||
|           value: "gitea.example.com" | ||||
|       - equal: | ||||
|           path: spec.rules[0].host | ||||
|           value: "gitea.example.com" | ||||
							
								
								
									
										23
									
								
								unittests/helm/ingress/implicit-defaults.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								unittests/helm/ingress/implicit-defaults.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| suite: Test ingress with implicit path defaults | ||||
| templates: | ||||
|   - templates/gitea/ingress.yaml | ||||
| tests: | ||||
|   - it: should use default path and pathType when no paths are specified | ||||
|     set: | ||||
|       ingress.enabled: true | ||||
|       ingress.hosts: | ||||
|         - host: git.example.com | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - isKind: | ||||
|           of: Ingress | ||||
|       - equal: | ||||
|           path: spec.rules[0].host | ||||
|           value: "git.example.com" | ||||
|       - equal: | ||||
|           path: spec.rules[0].http.paths[0].path | ||||
|           value: "/" | ||||
|       - equal: | ||||
|           path: spec.rules[0].http.paths[0].pathType | ||||
|           value: "Prefix" | ||||
							
								
								
									
										45
									
								
								unittests/helm/ingress/ingress.tpl.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										45
									
								
								unittests/helm/ingress/ingress.tpl.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,45 @@ | ||||
| suite: Test ingress tpl use | ||||
| templates: | ||||
|   - templates/gitea/ingress.yaml | ||||
| tests: | ||||
|   - it: Ingress Class using TPL | ||||
|     set: | ||||
|       global.ingress.className: "ingress-class" | ||||
|       ingress.className: "{{ .Values.global.ingress.className }}" | ||||
|       ingress.enabled: true | ||||
|       ingress.hosts[0].host: "some-host" | ||||
|       ingress.tls: | ||||
|         - secretName: gitea-tls | ||||
|           hosts: | ||||
|             - "some-host" | ||||
|     asserts: | ||||
|       - isKind: | ||||
|           of: Ingress | ||||
|       - equal: | ||||
|           path: spec.tls[0].hosts[0] | ||||
|           value: "some-host" | ||||
|       - equal: | ||||
|           path: spec.rules[0].host | ||||
|           value: "some-host" | ||||
|       - equal: | ||||
|           path: spec.ingressClassName | ||||
|           value: "ingress-class" | ||||
|  | ||||
|   - it: hostname using TPL | ||||
|     set: | ||||
|       global.giteaHostName: "gitea.example.com" | ||||
|       ingress.enabled: true | ||||
|       ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}" | ||||
|       ingress.tls: | ||||
|         - secretName: gitea-tls | ||||
|           hosts: | ||||
|             - "{{ .Values.global.giteaHostName }}" | ||||
|     asserts: | ||||
|       - isKind: | ||||
|           of: Ingress | ||||
|       - equal: | ||||
|           path: spec.tls[0].hosts[0] | ||||
|           value: "gitea.example.com" | ||||
|       - equal: | ||||
|           path: spec.rules[0].host | ||||
|           value: "gitea.example.com" | ||||
							
								
								
									
										26
									
								
								unittests/helm/ingress/structured-paths.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										26
									
								
								unittests/helm/ingress/structured-paths.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,26 @@ | ||||
| suite: Test ingress with structured paths | ||||
| templates: | ||||
|   - templates/gitea/ingress.yaml | ||||
| tests: | ||||
|   - it: should work with structured path definitions | ||||
|     set: | ||||
|       ingress.enabled: true | ||||
|       ingress.hosts: | ||||
|         - host: git.devxy.io | ||||
|           paths: | ||||
|             - path: / | ||||
|               pathType: Prefix | ||||
|     asserts: | ||||
|       - hasDocuments: | ||||
|           count: 1 | ||||
|       - isKind: | ||||
|           of: Ingress | ||||
|       - equal: | ||||
|           path: spec.rules[0].host | ||||
|           value: "git.devxy.io" | ||||
|       - equal: | ||||
|           path: spec.rules[0].http.paths[0].path | ||||
|           value: "/" | ||||
|       - equal: | ||||
|           path: spec.rules[0].http.paths[0].pathType | ||||
|           value: "Prefix" | ||||
| @@ -3,12 +3,12 @@ release: | ||||
|   name: gitea-unittests | ||||
|   namespace: testing | ||||
| tests: | ||||
|   - it: fails when trying to configure redis and redis-cluster the same time | ||||
|   - it: fails when trying to configure valkey and valkey-cluster the same time | ||||
|     set: | ||||
|       redis-cluster: | ||||
|       valkey-cluster: | ||||
|         enabled: true | ||||
|       redis: | ||||
|       valkey: | ||||
|         enabled: true | ||||
|     asserts: | ||||
|       - failedTemplate: | ||||
|           errorMessage: redis and redis-cluster cannot be enabled at the same time. Please only choose one. | ||||
|           errorMessage: valkey and valkey-cluster cannot be enabled at the same time. Please only choose one. | ||||
|   | ||||
							
								
								
									
										167
									
								
								values.yaml
									
									
									
									
									
								
							
							
						
						
									
										167
									
								
								values.yaml
									
									
									
									
									
								
							| @@ -157,33 +157,25 @@ service: | ||||
|  | ||||
| ## @section Ingress | ||||
| ## @param ingress.enabled Enable ingress | ||||
| ## @param ingress.className Ingress class name | ||||
| ## @param ingress.className DEPRECATED: Ingress class name. | ||||
| ## @param ingress.pathType Ingress Path Type | ||||
| ## @param ingress.annotations Ingress annotations | ||||
| ## @param ingress.hosts[0].host Default Ingress host | ||||
| ## @param ingress.hosts[0].paths[0].path Default Ingress path | ||||
| ## @param ingress.hosts[0].paths[0].pathType Ingress path type | ||||
| ## @param ingress.tls Ingress tls settings | ||||
| ## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd. | ||||
| ingress: | ||||
|   enabled: false | ||||
|   # className: nginx | ||||
|   className: | ||||
|   annotations: | ||||
|     {} | ||||
|     # kubernetes.io/ingress.class: nginx | ||||
|     # kubernetes.io/tls-acme: "true" | ||||
|   className: "" | ||||
|   pathType: Prefix | ||||
|   annotations: {} | ||||
|   hosts: | ||||
|     - host: git.example.com | ||||
|       paths: | ||||
|         - path: / | ||||
|           pathType: Prefix | ||||
|   tls: [] | ||||
|   #  - secretName: chart-example-tls | ||||
|   #    hosts: | ||||
|   #      - git.example.com | ||||
|   # Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar | ||||
|   # If helm doesn't correctly detect your ingress API version you can set it here. | ||||
|   # apiVersion: networking.k8s.io/v1 | ||||
|  | ||||
| ## @section deployment | ||||
| # | ||||
| @@ -314,6 +306,8 @@ extraVolumeMounts: [] | ||||
| ## @section Init | ||||
| ## @param initPreScript Bash shell script copied verbatim to the start of the init-container. | ||||
| initPreScript: "" | ||||
| ## @param initContainersScriptsVolumeMountPath Path to mount the scripts consumed from the Secrets | ||||
| initContainersScriptsVolumeMountPath: "/usr/sbinx" | ||||
| # | ||||
| # initPreScript: | | ||||
| #   mkdir -p /data/git/.postgresql | ||||
| @@ -348,107 +342,6 @@ signing: | ||||
|   #   -----END PGP PRIVATE KEY BLOCK----- | ||||
|   existingSecret: "" | ||||
|  | ||||
| # Configure Gitea Actions | ||||
| # - must enable persistence if the job is enabled | ||||
| ## @section Gitea Actions | ||||
| # | ||||
| ## @param actions.enabled Create an act runner StatefulSet. | ||||
| ## @param actions.init.image.repository The image used for the init containers | ||||
| ## @param actions.init.image.tag The image tag used for the init containers | ||||
| ## @param actions.statefulset.annotations Act runner annotations | ||||
| ## @param actions.statefulset.labels Act runner labels | ||||
| ## @param actions.statefulset.resources Act runner resources | ||||
| ## @param actions.statefulset.nodeSelector NodeSelector for the statefulset | ||||
| ## @param actions.statefulset.tolerations Tolerations for the statefulset | ||||
| ## @param actions.statefulset.affinity Affinity for the statefulset | ||||
| ## @param actions.statefulset.extraVolumes Extra volumes for the statefulset | ||||
| ## @param actions.statefulset.actRunner.repository The Gitea act runner image | ||||
| ## @param actions.statefulset.actRunner.tag The Gitea act runner tag | ||||
| ## @param actions.statefulset.actRunner.pullPolicy The Gitea act runner pullPolicy | ||||
| ## @param actions.statefulset.actRunner.extraVolumeMounts Allows mounting extra volumes in the act runner container | ||||
| ## @param actions.statefulset.actRunner.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | ||||
| ## @param actions.statefulset.dind.repository The Docker-in-Docker image | ||||
| ## @param actions.statefulset.dind.tag The Docker-in-Docker image tag | ||||
| ## @param actions.statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy | ||||
| ## @param actions.statefulset.dind.extraVolumeMounts Allows mounting extra volumes in the Docker-in-Docker container | ||||
| ## @param actions.statefulset.dind.extraEnvs Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY` | ||||
| ## @param actions.provisioning.enabled Create a job that will create and save the token in a Kubernetes Secret | ||||
| ## @param actions.provisioning.annotations Job's annotations | ||||
| ## @param actions.provisioning.labels Job's labels | ||||
| ## @param actions.provisioning.resources Job's resources | ||||
| ## @param actions.provisioning.nodeSelector NodeSelector for the job | ||||
| ## @param actions.provisioning.tolerations Tolerations for the job | ||||
| ## @param actions.provisioning.affinity Affinity for the job | ||||
| ## @param actions.provisioning.ttlSecondsAfterFinished ttl for the job after finished in order to allow helm to properly recognize that the job completed | ||||
| ## @param actions.provisioning.publish.repository The image that can create the secret via kubectl | ||||
| ## @param actions.provisioning.publish.tag The publish image tag that can create the secret | ||||
| ## @param actions.provisioning.publish.pullPolicy The publish image pullPolicy that can create the secret | ||||
| ## @param actions.existingSecret Secret that contains the token | ||||
| ## @param actions.existingSecretKey Secret key | ||||
| actions: | ||||
|   enabled: false | ||||
|   statefulset: | ||||
|     annotations: {} | ||||
|     labels: {} | ||||
|     resources: {} | ||||
|     nodeSelector: {} | ||||
|     tolerations: [] | ||||
|     affinity: {} | ||||
|     extraVolumes: [] | ||||
|  | ||||
|     actRunner: | ||||
|       repository: gitea/act_runner | ||||
|       tag: 0.2.11 | ||||
|       pullPolicy: IfNotPresent | ||||
|       extraVolumeMounts: [] | ||||
|  | ||||
|       # See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml | ||||
|       config: | | ||||
|         log: | ||||
|           level: debug | ||||
|         cache: | ||||
|           enabled: false | ||||
|  | ||||
|     dind: | ||||
|       repository: docker | ||||
|       tag: 25.0.2-dind | ||||
|       pullPolicy: IfNotPresent | ||||
|       extraVolumeMounts: [] | ||||
|  | ||||
|       # If the container keeps crashing in your environment, you might have to add the `DOCKER_IPTABLES_LEGACY` environment variable. | ||||
|       # See https://github.com/docker-library/docker/issues/463#issuecomment-1881909456 | ||||
|       extraEnvs: [] | ||||
|         #  - name: "DOCKER_IPTABLES_LEGACY" | ||||
|         #    value: "1" | ||||
|  | ||||
|   init: | ||||
|     image: | ||||
|       repository: busybox | ||||
|       # Overrides the image tag whose default is the chart appVersion. | ||||
|       tag: "1.37.0" | ||||
|  | ||||
|   provisioning: | ||||
|     enabled: false | ||||
|  | ||||
|     annotations: {} | ||||
|     labels: {} | ||||
|     resources: {} | ||||
|     nodeSelector: {} | ||||
|     tolerations: [] | ||||
|     affinity: {} | ||||
|  | ||||
|     publish: | ||||
|       repository: bitnami/kubectl | ||||
|       tag: 1.29.0 | ||||
|       pullPolicy: IfNotPresent | ||||
|  | ||||
|     ttlSecondsAfterFinished: 300 | ||||
|  | ||||
|   ## Specify an existing token secret | ||||
|   ## | ||||
|   existingSecret: "" | ||||
|   existingSecretKey: "" | ||||
|  | ||||
| ## @section Gitea | ||||
| # | ||||
| gitea: | ||||
| @@ -608,41 +501,51 @@ gitea: | ||||
|     successThreshold: 1 | ||||
|     failureThreshold: 10 | ||||
|  | ||||
| ## @section redis-cluster | ||||
| ## @param redis-cluster.enabled Enable redis cluster | ||||
| # ⚠️ The redis charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-gitea/issues/690>). | ||||
| ## @section valkey-cluster | ||||
| ## @param valkey-cluster.enabled Enable valkey cluster | ||||
| # ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>). | ||||
| # Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed. | ||||
| ## @param redis-cluster.usePassword Whether to use password authentication | ||||
| ## @param redis-cluster.cluster.nodes Number of redis cluster master nodes | ||||
| ## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas | ||||
| ## @param valkey-cluster.usePassword Whether to use password authentication | ||||
| ## @param valkey-cluster.usePasswordFiles Whether to mount passwords as files instead of environment variables | ||||
| ## @param valkey-cluster.cluster.nodes Number of valkey cluster master nodes | ||||
| ## @param valkey-cluster.cluster.replicas Number of valkey cluster master node replicas | ||||
| ## @param valkey-cluster.service.ports.valkey Port of Valkey service | ||||
| ## @descriptionStart | ||||
| ## Redis cluster and [Redis](#redis) cannot be enabled at the same time. | ||||
| ## Valkey cluster and [Valkey](#valkey) cannot be enabled at the same time. | ||||
| ## @descriptionEnd | ||||
| redis-cluster: | ||||
| valkey-cluster: | ||||
|   enabled: true | ||||
|   usePassword: false | ||||
|   usePasswordFiles: false | ||||
|   cluster: | ||||
|     nodes: 3 # default: 6 | ||||
|     replicas: 0 # default: 1 | ||||
|   service: | ||||
|     ports: | ||||
|       valkey: 6379 | ||||
|  | ||||
| ## @section redis | ||||
| ## @param redis.enabled Enable redis standalone or replicated | ||||
| ## @param redis.architecture Whether to use standalone or replication | ||||
| # ⚠️ The redis charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-gitea/issues/690>). | ||||
| ## @section valkey | ||||
| ## @param valkey.enabled Enable valkey standalone or replicated | ||||
| ## @param valkey.architecture Whether to use standalone or replication | ||||
| # ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>). | ||||
| # Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed. | ||||
| ## @param redis.global.redis.password Required password | ||||
| ## @param redis.master.count Number of Redis master instances to deploy | ||||
| ## @param valkey.global.valkey.password Required password | ||||
| ## @param valkey.master.count Number of Valkey master instances to deploy | ||||
| ## @param valkey.master.service.ports.valkey Port of Valkey service | ||||
| ## @descriptionStart | ||||
| ## Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. | ||||
| ## Valkey and [Valkey cluster](#valkey-cluster) cannot be enabled at the same time. | ||||
| ## @descriptionEnd | ||||
| redis: | ||||
| valkey: | ||||
|   enabled: false | ||||
|   architecture: standalone | ||||
|   global: | ||||
|     redis: | ||||
|     valkey: | ||||
|       password: changeme | ||||
|   master: | ||||
|     count: 1 | ||||
|     service: | ||||
|       ports: | ||||
|         valkey: 6379 | ||||
|  | ||||
| ## @section PostgreSQL HA | ||||
| # | ||||
| @@ -654,6 +557,7 @@ redis: | ||||
| ## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password | ||||
| ## @param postgresql-ha.postgresql.postgresPassword postgres Password | ||||
| ## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword | ||||
| ## @param postgresql-ha.pgpool.srCheckPassword pgpool srCheckPassword | ||||
| ## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) | ||||
| ## @param postgresql-ha.persistence.size PVC Storage Request for PostgreSQL HA volume | ||||
| postgresql-ha: | ||||
| @@ -669,6 +573,7 @@ postgresql-ha: | ||||
|     password: changeme4 | ||||
|   pgpool: | ||||
|     adminPassword: changeme3 | ||||
|     srCheckPassword: changeme4 | ||||
|   service: | ||||
|     ports: | ||||
|       postgresql: 5432 | ||||
|   | ||||
		Reference in New Issue
	
	Block a user