WIP

The following PR add the annotation 'artifacthub.io/changes'. For each semantic
commit will be the annotation extended. Further information can be found in the
documentation of
[Artifacthub.io](https://artifacthub.io/docs/topics/annotations/helm/#supported-annotations).

The CI has been adapted. The binary jq as well as yq in >= v4.0 is required.
Otherwise will not be concatenated the YAML file correctly via the yq expression,
because the `loadstr()` expression is not available in lower versions.

Additionally the relation between the semantic commit and the Artifacthub.io
change log type should be clarified. The current relationshiop can be adapted if
needed.

Furthermore, yq will be installed as part of the CI steps. It would be great if
yq is also available as deb package in >=v4.0. This would reduce the boiler
plate to install yq and maintain the version via renovate.

Regarding the renovate expression. In my environment works this expression, but
I don't know if it also works in this gitea/renovate instance.

.gitea/scripts/add-annotations.sh

@@ -0,0 +1,114 @@
+#!/bin/bash
+
+set -e
+
+CHART_FILE="Chart.yaml"
+if [ ! -f "${CHART_FILE}" ]; then
+  echo "ERROR: ${CHART_FILE} not found!" 1>&2
+  exit 1
+fi
+
+DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
+DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
+
+if [ -z "${1}" ]; then
+  read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
+  if [ -z "${OLD_TAG}" ]; then
+    OLD_TAG="${DEFAULT_OLD_TAG}"
+  fi
+
+  while [ -z "$(git tag --list "${OLD_TAG}")" ]; do
+    echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
+    read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
+    if [ -z "${OLD_TAG}" ]; then
+      OLD_TAG="${DEFAULT_OLD_TAG}"
+    fi
+  done
+else
+  OLD_TAG=${1}
+  if [ -z "$(git tag --list "${OLD_TAG}")" ]; then
+    echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
+    exit 1
+  fi
+fi
+
+if [ -z "${2}" ]; then
+  read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
+  if [ -z "${NEW_TAG}" ]; then
+    NEW_TAG="${DEFAULT_NEW_TAG}"
+  fi
+
+  while [ -z "$(git tag --list "${NEW_TAG}")" ]; do
+    echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
+    read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
+    if [ -z "${NEW_TAG}" ]; then
+      NEW_TAG="${DEFAULT_NEW_TAG}"
+    fi
+  done
+else
+  NEW_TAG=${2}
+
+  if [ -z "$(git tag --list "${NEW_TAG}")" ]; then
+    echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
+    exit 1
+  fi
+fi
+
+CHANGE_LOG_YAML=$(mktemp)
+echo "[]" > "${CHANGE_LOG_YAML}"
+
+function map_type_to_kind() {
+  case "${1}" in
+    feat)
+      echo "added"
+    ;;
+    fix)
+      echo "fixed"
+    ;;
+    chore|style|test|ci|docs|refac)
+      echo "changed"
+    ;;
+    revert)
+      echo "removed"
+    ;;
+    sec)
+      echo "security"
+    ;;
+    *)
+      echo "skip"
+    ;;
+  esac
+}
+
+COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")"
+
+echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}"
+
+while IFS= read -r line; do
+  if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then
+    TYPE="${BASH_REMATCH[1]}"
+    KIND=$(map_type_to_kind "${TYPE}")
+
+    if [ "${KIND}" == "skip" ]; then
+      continue
+    fi
+
+    DESC="${BASH_REMATCH[3]}"
+
+    echo "- ${KIND}: ${DESC}"
+
+    jq --arg kind changed --arg description "$DESC" '. += [ $ARGS.named ]' < ${CHANGE_LOG_YAML} > ${CHANGE_LOG_YAML}.new
+    mv ${CHANGE_LOG_YAML}.new ${CHANGE_LOG_YAML}
+
+  fi
+done <<< "${COMMIT_TITLES}"
+
+if [ -s "${CHANGE_LOG_YAML}" ]; then
+  yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}"
+  yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}"
+else
+  echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2
+  exit 1
+fi
+
+rm "${CHANGE_LOG_YAML}"

.gitea/workflows/changelog.yml

@@ -1,32 +0,0 @@
-name: changelog
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  changelog:
-    runs-on: ubuntu-latest
-    container: docker.io/thegeeklab/git-sv:1.0.12
-    steps:
-      - name: install tools
-        run: |
-          apk add -q --update --no-cache nodejs curl jq sed
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Generate upcoming changelog
-        run: |
-          git sv rn -o changelog.md
-          export RELEASE_NOTES=$(cat changelog.md)
-          export ISSUE_NUMBER=$(curl -s "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues?state=open&q=Changelog%20for%20upcoming%20version" | jq '.[].number')
-
-          echo $RELEASE_NOTES
-          JSON_DATA=$(echo "" | jq -Rs --arg title 'Changelog for upcoming version' --arg body "$(cat changelog.md)" '{title: $title, body: $body}')
-
-          if [ -z "$ISSUE_NUMBER" ]; then
-            curl -s -X POST "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues" -H "Authorization: token ${{ secrets.ISSUE_RW_TOKEN }}" -H "Content-Type: application/json" -d "$JSON_DATA"
-          else
-            curl -s -X PATCH "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues/$ISSUE_NUMBER" -H "Authorization: token ${{ secrets.ISSUE_RW_TOKEN }}" -H "Content-Type: application/json" -d "$JSON_DATA"
-          fi

.gitea/workflows/commitlint.yml

@@ -1,19 +0,0 @@
-name: commitlint
-
-on:
-  pull_request:
-    branches:
-      - "*"
-    types:
-      - opened
-      - edited
-
-jobs:
-  check-and-test:
-    runs-on: ubuntu-latest
-    container: commitlint/commitlint:19.7.1
-    steps:
-      - uses: actions/checkout@v4
-      - name: check PR title
-        run: |
-          echo "${{ gitea.event.pull_request.title }}" | commitlint --config .commitlintrc.json

.gitea/workflows/release-version.yml

@@ -2,69 +2,145 @@ name: generate-chart
 
 on:
   push:
-    tags:
+    branches:
       - "*"
 
 env:
   # renovate: datasource=docker depName=alpine/helm
-  HELM_VERSION: "3.17.1"
+  HELM_VERSION: "3.17.3"
 
 jobs:
   generate-chart-publish:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: install tools
+        with:
+          fetch-depth: 0
+
+      - name: Determine Architecture and Operating System to support x86_64 and ARM based CI nodes
         run: |
-          apt update -y
-          apt install -y curl ca-certificates curl gnupg
-          # helm
-          curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
-          tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
-          mv linux-amd64/helm /usr/local/bin/
-          rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
+          # determine operating system
+          OS=$(uname | tr '[:upper:]' '[:lower:]')
+          echo "OS=${OS}" >> $GITHUB_ENV
+          echo "INFO: Set environment variable OS=${OS}"
+
+          # determine architecture
+          ARCH="$(uname -m)"
+          case "${ARCH}" in
+            aarch64) ARCH=arm64;;
+            x86_64) ARCH=amd64;;
+          esac
+          echo "ARCH=${ARCH}" >> $GITHUB_ENV
+          echo "INFO: Set environment variable ARCH=${ARCH}"
+
+      - name: Install packages via apt
+        run: |
+          apt update --yes
+
+          echo "INFO: Install packages via apt"
+          apt install --yes curl ca-certificates curl gnupg jq
+
+      - name: Install helm
+        run: |
+          curl --fail --location --output /dev/stdout --silent --show-error https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-${OS}-${ARCH}.tar.gz | tar --extract --gzip --file /dev/stdin
+          mv ${OS}-${ARCH}/helm /usr/local/bin/
+          rm --force --recursive ${OS}-${ARCH} helm-v${{ env.HELM_VERSION }}-${OS}-${ARCH}.tar.gz
           helm version
-          # docker
+
+      - name: Install yq
+        env:
+          YQ_VERSION: v4.45.4 # renovate: datasource=github-releases depName=mikefarah/yq
+        run: |
+          curl --fail --location --output /dev/stdout --silent --show-error https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_${OS}_${ARCH}.tar.gz | tar --extract --gzip --file /dev/stdin
+          mv yq_${OS}_${ARCH} /usr/local/bin
+          rm --force --recursive yq_${OS}_${ARCH} yq_${OS}_${ARCH}.tar.gz
+          yq --version
+
+      - name: Install docker-ce via apt
+        run: |
+          echo "INFO: Install docker"
           install -m 0755 -d /etc/apt/keyrings
-          curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+          curl --fail --location --silent --show-error https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
           chmod a+r /etc/apt/keyrings/docker.gpg
           echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
-          apt update -y
-          apt install -y python3 python3-pip apt-transport-https docker-ce-cli
+          apt update --yes
+          apt install --yes python3 python3-pip apt-transport-https docker-ce-cli
+
+      - name: Install awscli
+        run: |
+          echo "INFO: Install awscli via python pip"
           pip install awscli --break-system-packages
+          aws --version
 
-      - name: Import GPG key
-        id: import_gpg
-        uses: https://github.com/crazy-max/ghaction-import-gpg@v6
-        with:
-          gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
-          passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
-          fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
+  #     - name: Import GPG key
+  #       id: import_gpg
+  #       uses: https://github.com/crazy-max/ghaction-import-gpg@v6
+  #       with:
+  #         gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
+  #         passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
+  #         fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
 
-      # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
-      - name: package chart
+      - name: Add Artifacthub.io annotations
         run: |
-          echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
-          # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
-          helm plugin install https://github.com/pat-s/helm-gpg
-          helm dependency build
-          helm package --version "${GITHUB_REF#refs/tags/v}" ./
-          mkdir gitea
-          mv gitea*.tgz gitea/
-          curl -s -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml
-          helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml
-          # push to dockerhub
-          echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
-          helm push gitea/gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
-          helm registry logout registry-1.docker.io
+          NEW_TAG=v12.0.0
+          OLD_TAG=v11.0.1
+          # NEW_TAG="$(git tag --sort=-version:refname | head --lines 1)"
+          # OLD_TAG="$(git tag --sort=-version:refname | head --lines 2 | tail --lines 1)"
+          .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
 
-      - name: aws credential configure
-        uses: https://github.com/aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ secrets.AWS_REGION }}
+      - name: Print Chart.yaml
+        run: cat Chart.yaml
 
-      - name: Copy files to S3 and clear cache
-        run: |
-          aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/
+  #     # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
+  #     - name: package chart
+  #       run: |
+  #         echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
+  #         # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
+  #         helm plugin install https://github.com/pat-s/helm-gpg
+  #         helm dependency build
+  #         helm package --version "${GITHUB_REF#refs/tags/v}" ./
+  #         mkdir gitea
+  #         mv gitea*.tgz gitea/
+  #         curl --fail --location --output gitea/index.yaml --silent --show-error https://dl.gitea.com/charts/index.yaml
+  #         helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml
+  #         # push to dockerhub
+  #         echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
+  #         helm push gitea/gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
+  #         helm registry logout registry-1.docker.io
+
+  #     - name: aws credential configure
+  #       uses: https://github.com/aws-actions/configure-aws-credentials@v4
+  #       with:
+  #         aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
+  #         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  #         aws-region: ${{ secrets.AWS_REGION }}
+
+  #     - name: Copy files to S3 and clear cache
+  #       run: |
+  #         aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/
+
+  # release-gitea:
+  #   # needs: generate-chart-publish
+  #   runs-on: ubuntu-latest
+  #   container: docker.io/thegeeklab/git-sv:2.0.1
+  #   steps:
+  #     - name: install tools
+  #       run: |
+  #         apk add -q --update --no-cache nodejs
+  #     - uses: actions/checkout@v4
+  #       with:
+  #         fetch-tags: true
+  #         fetch-depth: 0
+
+  #     - name: Create changelog
+  #       run: |
+  #         git sv current-version
+  #         git sv release-notes -t ${GITHUB_REF#refs/tags/} -o CHANGELOG.md
+  #         sed -i '1,2d' CHANGELOG.md # remove version
+  #         cat CHANGELOG.md
+
+  #     - name: Release
+  #       uses: https://github.com/akkuman/gitea-release-action@v1
+  #       with:
+  #         body_path: CHANGELOG.md
+  #         token: "${{ secrets.RELEASE_TOKEN }}"

.gitea/workflows/test-pr.yml

@@ -1,45 +0,0 @@
-name: check-and-test
-
-on:
-  pull_request:
-    branches:
-      - "*"
-  push:
-    branches:
-      - main
-
-env:
-  # renovate: datasource=github-releases depName=helm-unittest/helm-unittest
-  HELM_UNITTEST_VERSION: "v0.7.2"
-
-jobs:
-  check-and-test:
-    runs-on: ubuntu-latest
-    container: alpine/helm:3.17.1
-    steps:
-      - name: install tools
-        run: |
-          apk update
-          apk add --update bash make nodejs npm yamllint ncurses
-      - uses: actions/checkout@v4
-      - name: install chart dependencies
-        run: helm dependency build
-      - name: lint
-        run: helm lint
-      - name: template
-        run: helm template --debug gitea-helm .
-      - name: prepare unit test environment
-        run: |
-          helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
-          git submodule update --init --recursive
-      - name: unit tests
-        env:
-          TERM: xterm
-        run: |
-          make unittests
-      - name: verify readme
-        run: |
-          make readme
-          git diff --exit-code --name-only README.md
-      - name: yaml lint
-        uses: https://github.com/ibiqlik/action-yamllint@v3

.vscode/settings.json

@@ -1,6 +1,6 @@
 {
     "yaml.schemas": {
-        "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.7.2/schema/helm-testsuite.json": [
+        "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.8.2/schema/helm-testsuite.json": [
             "/unittests/**/*.yaml"
         ]
     },

CODEOWNERS

@@ -1 +1 @@
-* @justusbunsi @pat-s
+charts/* @justusbunsi @pat-s

CONTRIBUTING.md

@@ -75,6 +75,6 @@ See [bats documentation](https://bats-core.readthedocs.io/en/stable/) for usage
 
 ## Release process
 
-1. Create a tag following the tagging schema
-1. Push the tag
+1. Ensure you have [`git-sv`](https://github.com/thegeeklab/git-sv) installed
+1. Run `git sv tag` (this creates and pushes the tag following the respective next tag according to the semver commits issued since the last release)
 1. Let CI do it's work

Chart.lock

@@ -1,15 +1,15 @@
 dependencies:
 - name: postgresql
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 16.4.14
+  version: 16.7.4
 - name: postgresql-ha
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 15.2.3
-- name: redis-cluster
+  version: 16.0.6
+- name: valkey-cluster
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 11.4.3
-- name: redis
+  version: 3.0.10
+- name: valkey
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 20.8.0
-digest: sha256:ce1a2a02c3e1adb764cae42ccce1efd2d41adb5024576e6d8a92b30b8dfe67db
-generated: "2025-02-23T00:12:41.541107288Z"
+  version: 3.0.9
+digest: sha256:aeafc605b86db0ff3999cd808af1c9ca3a6a749aae0d42f2fdae89803b3bb60a
+generated: "2025-05-25T00:23:17.804516988Z"

Chart.yaml

@@ -4,7 +4,7 @@ description: Gitea Helm chart for Kubernetes
 type: application
 version: 0.0.0
 # renovate datasource=github-releases depName=go-gitea/gitea extractVersion=^v(?<version>.*)$
-appVersion: 1.23.6
+appVersion: 1.23.8
 icon: https://gitea.com/assets/img/logo.svg
 
 keywords:
@@ -36,20 +36,20 @@ dependencies:
   # https://github.com/bitnami/charts/blob/main/bitnami/postgresql
   - name: postgresql
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 16.4.14
+    version: 16.7.4
     condition: postgresql.enabled
   # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml
   - name: postgresql-ha
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 15.2.3
+    version: 16.0.6
     condition: postgresql-ha.enabled
-  # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml
-  - name: redis-cluster
+  # https://github.com/bitnami/charts/blob/main/bitnami/valkey-cluster/Chart.yaml
+  - name: valkey-cluster
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 11.4.3
-    condition: redis-cluster.enabled
-  # https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml
-  - name: redis
+    version: 3.0.10
+    condition: valkey-cluster.enabled
+  # https://github.com/bitnami/charts/blob/main/bitnami/valkey/Chart.yaml
+  - name: valkey
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 20.8.0
-    condition: redis.enabled
+    version: 3.0.9
+    condition: valkey.enabled

README.md

@@ -47,13 +47,12 @@
   - [Persistence](#persistence-1)
   - [Init](#init)
   - [Signing](#signing)
-  - [Gitea Actions](#gitea-actions)
   - [Gitea](#gitea)
   - [LivenessProbe](#livenessprobe)
   - [ReadinessProbe](#readinessprobe)
   - [StartupProbe](#startupprobe)
-  - [redis-cluster](#redis-cluster)
-  - [redis](#redis)
+  - [valkey-cluster](#valkey-cluster)
+  - [valkey](#valkey)
   - [PostgreSQL HA](#postgresql-ha)
   - [PostgreSQL](#postgresql)
   - [Advanced](#advanced)
@@ -96,14 +95,14 @@ Users can also configure their own external providers via the configuration.
 These dependencies are enabled by default:
 
 - PostgreSQL HA ([Bitnami PostgreSQL-HA](https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml))
-- Redis-Cluster ([Bitnami Redis-Cluster](https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml))
+- Valkey-Cluster ([Bitnami Valkey-Cluster](https://github.com/bitnami/charts/blob/main/bitnami/valkey-cluster/Chart.yaml))
 
 ### Non-HA Dependencies
 
 Alternatively, the following non-HA replacements are available:
 
 - PostgreSQL ([Bitnami PostgreSQL](<Postgresql](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml)>))
-- Redis ([Bitnami Redis](<Redis](https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml)>))
+- Valkey ([Bitnami Valkey](<Valkey](https://github.com/bitnami/charts/blob/main/bitnami/valkey/Chart.yaml)>))
 
 ### Dependency Versioning
 
@@ -121,8 +120,8 @@ Please double-check the image repository and available tags in the sub-chart:
 
 - [PostgreSQL-HA](https://hub.docker.com/r/bitnami/postgresql-repmgr/tags)
 - [PostgreSQL](https://hub.docker.com/r/bitnami/postgresql/tags)
-- [Redis Cluster](https://hub.docker.com/r/bitnami/redis-cluster/tags)
-- [Redis](https://hub.docker.com/r/bitnami/redis/tags)
+- [Valkey Cluster](https://hub.docker.com/r/bitnami/valkey-cluster/tags)
+- [Valkey](https://hub.docker.com/r/bitnami/valkey/tags)
 
 and look up the image tag which fits your needs on Dockerhub.
 
@@ -178,12 +177,12 @@ Further information about this topic can be found [here](https://kanishk.io/post
 ```yaml
 deployment:
   env:
-  # Will be automatically defined!
-  - name: GOMAXPROCS
-    valueFrom:
-      resourceFieldRef:
-        divisor: "1" # Is required for GitDevOps systems like ArgoCD/Flux. Otherwise throw the system a diff error. (k8s-default=1)
-        resource: limits.cpu
+    # Will be automatically defined!
+    - name: GOMAXPROCS
+      valueFrom:
+        resourceFieldRef:
+          divisor: "1" # Is required for GitDevOps systems like ArgoCD/Flux. Otherwise throw the system a diff error. (k8s-default=1)
+          resource: limits.cpu
 
 resources:
   limits:
@@ -282,28 +281,28 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us
 
 #### Session, Cache and Queue
 
-The session, cache and queue settings are set to use the built-in Redis Cluster sub-chart dependency.
-If Redis Cluster is disabled, the chart will fall back to the Gitea defaults which use "memory" for `session` and `cache` and "level" for `queue`.
+The session, cache and queue settings are set to use the built-in Valkey Cluster sub-chart dependency.
+If Valkey Cluster is disabled, the chart will fall back to the Gitea defaults which use "memory" for `session` and `cache` and "level" for `queue`.
 
 While these will work and even not cause immediate issues after startup, **they are not recommended for production use**.
 Reasons being that a single pod will take on all the work for `session` and `cache` tasks in its available memory.
 It is likely that the pod will run out of memory or will face substantial memory spikes, depending on the workload.
-External tools such as `redis-cluster` or `memcached` handle these workloads much better.
+External tools such as `valkey-cluster` or `memcached` handle these workloads much better.
 
 ### Single-Pod Configurations
 
 If HA is not needed/desired, the following configurations can be used to deploy a single-pod Gitea instance.
 
-1. For a production-ready single-pod Gitea instance without external dependencies (using the chart dependency `postgresql` and `redis`):
+1. For a production-ready single-pod Gitea instance without external dependencies (using the chart dependency `postgresql` and `valkey`):
 
    <details>
 
    <summary>values.yml</summary>
 
    ```yaml
-   redis-cluster:
+   valkey-cluster:
      enabled: false
-   redis:
+   valkey:
      enabled: true
    postgresql:
      enabled: true
@@ -334,9 +333,9 @@ If HA is not needed/desired, the following configurations can be used to deploy
    <summary>values.yml</summary>
 
    ```yaml
-   redis-cluster:
+   valkey-cluster:
      enabled: false
-   redis:
+   valkey:
      enabled: false
    postgresql:
      enabled: false
@@ -538,17 +537,17 @@ More about this issue [here](https://gitea.com/gitea/helm-gitea/issues/161).
 
 ### Cache
 
-The cache handling is done via `redis-cluster` (via the `bitnami` chart) by default.
+The cache handling is done via `valkey-cluster` (via the `bitnami` chart) by default.
 This deployment is HA-ready but can also be used for single-pod deployments.
-By default, 6 replicas are deployed for a working `redis-cluster` deployment.
-Many cloud providers offer a managed redis service, which can be used instead of the built-in `redis-cluster`.
+By default, 6 replicas are deployed for a working `valkey-cluster` deployment.
+Many cloud providers offer a managed valkey service, which can be used instead of the built-in `valkey-cluster`.
 
 ```yaml
-redis-cluster:
+valkey-cluster:
   enabled: true
 ```
 
-⚠️ The redis charts [do not work well with special characters in the password](https://gitea.com/gitea/helm-gitea/issues/690).
+⚠️ The valkey charts [do not work well with special characters in the password](https://gitea.com/gitea/helm-chart/issues/690).
 Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
 
 ### Persistence
@@ -991,16 +990,15 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
 
 ### Ingress
 
-| Name                                 | Description                                                                 | Value             |
-| ------------------------------------ | --------------------------------------------------------------------------- | ----------------- |
-| `ingress.enabled`                    | Enable ingress                                                              | `false`           |
-| `ingress.className`                  | Ingress class name                                                          | `nil`             |
-| `ingress.annotations`                | Ingress annotations                                                         | `{}`              |
-| `ingress.hosts[0].host`              | Default Ingress host                                                        | `git.example.com` |
-| `ingress.hosts[0].paths[0].path`     | Default Ingress path                                                        | `/`               |
-| `ingress.hosts[0].paths[0].pathType` | Ingress path type                                                           | `Prefix`          |
-| `ingress.tls`                        | Ingress tls settings                                                        | `[]`              |
-| `ingress.apiVersion`                 | Specify APIVersion of ingress object. Mostly would only be used for argocd. |                   |
+| Name                             | Description                     | Value             |
+| -------------------------------- | ------------------------------- | ----------------- |
+| `ingress.enabled`                | Enable ingress                  | `false`           |
+| `ingress.className`              | DEPRECATED: Ingress class name. | `""`              |
+| `ingress.pathType`               | Ingress Path Type               | `Prefix`          |
+| `ingress.annotations`            | Ingress annotations             | `{}`              |
+| `ingress.hosts[0].host`          | Default Ingress host            | `git.example.com` |
+| `ingress.hosts[0].paths[0].path` | Default Ingress path            | `/`               |
+| `ingress.tls`                    | Ingress tls settings            | `[]`              |
 
 ### deployment
 
@@ -1053,12 +1051,13 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
 
 ### Init
 
-| Name                                       | Description                                                                          | Value   |
-| ------------------------------------------ | ------------------------------------------------------------------------------------ | ------- |
-| `initPreScript`                            | Bash shell script copied verbatim to the start of the init-container.                | `""`    |
-| `initContainers.resources.limits`          | initContainers.limits Kubernetes resource limits for init containers                 | `{}`    |
-| `initContainers.resources.requests.cpu`    | initContainers.requests.cpu Kubernetes cpu resource limits for init containers       | `100m`  |
-| `initContainers.resources.requests.memory` | initContainers.requests.memory Kubernetes memory resource limits for init containers | `128Mi` |
+| Name                                       | Description                                                                          | Value        |
+| ------------------------------------------ | ------------------------------------------------------------------------------------ | ------------ |
+| `initPreScript`                            | Bash shell script copied verbatim to the start of the init-container.                | `""`         |
+| `initContainersScriptsVolumeMountPath`     | Path to mount the scripts consumed from the Secrets                                  | `/usr/sbinx` |
+| `initContainers.resources.limits`          | initContainers.limits Kubernetes resource limits for init containers                 | `{}`         |
+| `initContainers.resources.requests.cpu`    | initContainers.requests.cpu Kubernetes cpu resource limits for init containers       | `100m`       |
+| `initContainers.resources.requests.memory` | initContainers.requests.memory Kubernetes memory resource limits for init containers | `128Mi`      |
 
 ### Signing
 
@@ -1069,44 +1068,6 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
 | `signing.privateKey`     | Inline private gpg key for signed internal Git activity           | `""`               |
 | `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""`               |
 
-### Gitea Actions
-
-| Name                                              | Description                                                                                                                                 | Value                          |
-| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
-| `actions.enabled`                                 | Create an act runner StatefulSet.                                                                                                           | `false`                        |
-| `actions.init.image.repository`                   | The image used for the init containers                                                                                                      | `busybox`                      |
-| `actions.init.image.tag`                          | The image tag used for the init containers                                                                                                  | `1.37.0`                       |
-| `actions.statefulset.annotations`                 | Act runner annotations                                                                                                                      | `{}`                           |
-| `actions.statefulset.labels`                      | Act runner labels                                                                                                                           | `{}`                           |
-| `actions.statefulset.resources`                   | Act runner resources                                                                                                                        | `{}`                           |
-| `actions.statefulset.nodeSelector`                | NodeSelector for the statefulset                                                                                                            | `{}`                           |
-| `actions.statefulset.tolerations`                 | Tolerations for the statefulset                                                                                                             | `[]`                           |
-| `actions.statefulset.affinity`                    | Affinity for the statefulset                                                                                                                | `{}`                           |
-| `actions.statefulset.extraVolumes`                | Extra volumes for the statefulset                                                                                                           | `[]`                           |
-| `actions.statefulset.actRunner.repository`        | The Gitea act runner image                                                                                                                  | `gitea/act_runner`             |
-| `actions.statefulset.actRunner.tag`               | The Gitea act runner tag                                                                                                                    | `0.2.11`                       |
-| `actions.statefulset.actRunner.pullPolicy`        | The Gitea act runner pullPolicy                                                                                                             | `IfNotPresent`                 |
-| `actions.statefulset.actRunner.extraVolumeMounts` | Allows mounting extra volumes in the act runner container                                                                                   | `[]`                           |
-| `actions.statefulset.actRunner.config`            | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` |
-| `actions.statefulset.dind.repository`             | The Docker-in-Docker image                                                                                                                  | `docker`                       |
-| `actions.statefulset.dind.tag`                    | The Docker-in-Docker image tag                                                                                                              | `25.0.2-dind`                  |
-| `actions.statefulset.dind.pullPolicy`             | The Docker-in-Docker pullPolicy                                                                                                             | `IfNotPresent`                 |
-| `actions.statefulset.dind.extraVolumeMounts`      | Allows mounting extra volumes in the Docker-in-Docker container                                                                             | `[]`                           |
-| `actions.statefulset.dind.extraEnvs`              | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`                                                                | `[]`                           |
-| `actions.provisioning.enabled`                    | Create a job that will create and save the token in a Kubernetes Secret                                                                     | `false`                        |
-| `actions.provisioning.annotations`                | Job's annotations                                                                                                                           | `{}`                           |
-| `actions.provisioning.labels`                     | Job's labels                                                                                                                                | `{}`                           |
-| `actions.provisioning.resources`                  | Job's resources                                                                                                                             | `{}`                           |
-| `actions.provisioning.nodeSelector`               | NodeSelector for the job                                                                                                                    | `{}`                           |
-| `actions.provisioning.tolerations`                | Tolerations for the job                                                                                                                     | `[]`                           |
-| `actions.provisioning.affinity`                   | Affinity for the job                                                                                                                        | `{}`                           |
-| `actions.provisioning.ttlSecondsAfterFinished`    | ttl for the job after finished in order to allow helm to properly recognize that the job completed                                          | `300`                          |
-| `actions.provisioning.publish.repository`         | The image that can create the secret via kubectl                                                                                            | `bitnami/kubectl`              |
-| `actions.provisioning.publish.tag`                | The publish image tag that can create the secret                                                                                            | `1.29.0`                       |
-| `actions.provisioning.publish.pullPolicy`         | The publish image pullPolicy that can create the secret                                                                                     | `IfNotPresent`                 |
-| `actions.existingSecret`                          | Secret that contains the token                                                                                                              | `""`                           |
-| `actions.existingSecretKey`                       | Secret key                                                                                                                                  | `""`                           |
-
 ### Gitea
 
 | Name                                         | Description                                                                                                                    | Value                |
@@ -1169,27 +1130,30 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
 | `gitea.startupProbe.successThreshold`    | Success threshold for startup probe             | `1`     |
 | `gitea.startupProbe.failureThreshold`    | Failure threshold for startup probe             | `10`    |
 
-### redis-cluster
+### valkey-cluster
 
-Redis cluster and [Redis](#redis) cannot be enabled at the same time.
+Valkey cluster and [Valkey](#valkey) cannot be enabled at the same time.
 
-| Name                             | Description                                  | Value   |
-| -------------------------------- | -------------------------------------------- | ------- |
-| `redis-cluster.enabled`          | Enable redis cluster                         | `true`  |
-| `redis-cluster.usePassword`      | Whether to use password authentication       | `false` |
-| `redis-cluster.cluster.nodes`    | Number of redis cluster master nodes         | `3`     |
-| `redis-cluster.cluster.replicas` | Number of redis cluster master node replicas | `0`     |
+| Name                                  | Description                                                          | Value   |
+| ------------------------------------- | -------------------------------------------------------------------- | ------- |
+| `valkey-cluster.enabled`              | Enable valkey cluster                                                | `true`  |
+| `valkey-cluster.usePassword`          | Whether to use password authentication                               | `false` |
+| `valkey-cluster.usePasswordFiles`     | Whether to mount passwords as files instead of environment variables | `false` |
+| `valkey-cluster.cluster.nodes`        | Number of valkey cluster master nodes                                | `3`     |
+| `valkey-cluster.cluster.replicas`     | Number of valkey cluster master node replicas                        | `0`     |
+| `valkey-cluster.service.ports.valkey` | Port of Valkey service                                               | `6379`  |
 
-### redis
+### valkey
 
-Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time.
+Valkey and [Valkey cluster](#valkey-cluster) cannot be enabled at the same time.
 
-| Name                          | Description                                | Value        |
-| ----------------------------- | ------------------------------------------ | ------------ |
-| `redis.enabled`               | Enable redis standalone or replicated      | `false`      |
-| `redis.architecture`          | Whether to use standalone or replication   | `standalone` |
-| `redis.global.redis.password` | Required password                          | `changeme`   |
-| `redis.master.count`          | Number of Redis master instances to deploy | `1`          |
+| Name                                 | Description                                 | Value        |
+| ------------------------------------ | ------------------------------------------- | ------------ |
+| `valkey.enabled`                     | Enable valkey standalone or replicated      | `false`      |
+| `valkey.architecture`                | Whether to use standalone or replication    | `standalone` |
+| `valkey.global.valkey.password`      | Required password                           | `changeme`   |
+| `valkey.master.count`                | Number of Valkey master instances to deploy | `1`          |
+| `valkey.master.service.ports.valkey` | Port of Valkey service                      | `6379`       |
 
 ### PostgreSQL HA
 
@@ -1241,6 +1205,31 @@ If you miss this, blindly upgrading may delete your Postgres instance and you ma
 
 <details>
 
+<summary>To 12.0.0</summary>
+
+<!-- prettier-ignore-start -->
+<!-- markdownlint-disable-next-line -->
+**Breaking changes**
+<!-- prettier-ignore-end -->
+
+- Outsourced "Actions" related configuration.
+  To deploy and use "Actions", please see the new dedicated chart at <https://gitea.com/gitea/helm-actions>.
+  It is maintained by a seperate maintainer group and hasn't seen a release yet (at the time of the 12.0 release).
+  Feel encouraged to contribute if "Actions" is important to you!
+  
+  This change was made to avoid overloading the existing helm chart, which is already quite large in size and configuration options.
+  In addition, the existing maintainers team was not actively using "Actions" which slowed down development and community contributions.
+  While the new chart is still young (and waiting for contributions! and maintainers), we believe that it is the best way moving forward for both parts.
+- Migrated from Redis/Redis-cluster to Valkey/Valkey-cluster charts (#775).
+  While marked as breaking, there is no need to migrate data.
+  The cache will start to refill automatically.
+- Migrated ingress from `networking.k8s.io/v1beta` to `networking.k8s.io/v1`.
+  We didn't make any changes to the syntax, so the upgrade should be seamless.
+
+</details>
+
+<details>
+
 <summary>To 11.0.0</summary>
 
 <!-- prettier-ignore-start -->
@@ -1258,8 +1247,7 @@ If you miss this, blindly upgrading may delete your Postgres instance and you ma
   Although there are no breaking changes in the Redis Chart itself, it updates Redis from `7.2` to `7.4`. We recommend checking the release notes:
   - [Redis Chart release notes (starting with v11.0.0)](https://github.com/bitnami/charts/blob/HEAD/bitnami/redis-cluster/CHANGELOG.md#1100-2024-08-09).
   - [Redis 7.4 release notes](https://raw.githubusercontent.com/redis/redis/7.4/00-RELEASENOTES).
-
-</details>
+  </details>
 
 <details>
 
@@ -1336,16 +1324,16 @@ gitea:
   config:
     session:
       PROVIDER: redis-cluster
-      PROVIDER_CONFIG: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
+      PROVIDER_CONFIG: redis+cluster://:gitea@gitea-valkey-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
 
     cache:
       ENABLED: true
       ADAPTER: redis-cluster
-      HOST: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
+      HOST: redis+cluster://:gitea@gitea-valkey-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
 
     queue:
       TYPE: redis
-      CONN_STR: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
+      CONN_STR: redis+cluster://:gitea@gitea-valkey-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
 ```
 
 <!-- prettier-ignore-start -->

docs/actions-dev.md

@@ -1,34 +0,0 @@
-# Gitea Actions
-
-In order to use the Gitea Actions act-runner you must either:
-
-- enable persistence (used for automatic deployment to be able to store the token in a place accessible for the Job)
-- create a secret containing the act runner token and reference it as a `existingSecret`
-
-In order to use Gitea Actions, you must log on the server that's running Gitea and run the command:
-    `gitea actions generate-runner-token`
-
-This command will out a token that is needed by the act-runner to register with the Gitea backend.
-
-Because this is a manual operation, we automated this using a Kubernetes Job using the following containers:
-
-1) `actions-token-create`: it uses the current `gitea-rootless` image, mounts the persistent directory to `/data/` then it saves the output from `gitea actions generate-runner-token` to `/data/actions/token`
-2) `actions-token-upload`: it uses a `bitnami/kubectl` image, mounts the scripts directory (`/scripts`) and
-the persistent directory (`/data/`), and using the script from `/scripts/token.sh` stores the token in a Kubernetes secret
-
-After the token is stored in a Kubernetes secret we can create the statefulset that contains the following containers:
-
-1) `act-runner`: authenticates with Gitea using the token that was stored in the secret
-2) `dind`: DockerInDocker image that is used to run the actions
-
-If you are not using persistent volumes, you cannot use the Job to automatically generate the token.
-In this case, you can use either the Web UI to generate the token or run a shell into a Gitea pod and invoke
-the command `gitea actions generate-runner-token`. After generating the token, you must create a secret and use it via:
-
-```yaml
-actions:
-  provisioning:
-    enabled: false
-  existingSecret: "secret-name"
-  existingSecretKey: "secret-key"
-```

docs/ha-setup.md

@@ -25,7 +25,7 @@ In addition, the following components are required for full HA-readiness:
 
 - A HA-ready issue (and optionally code) indexer: `elasticsearch` or `meilisearch`
 - A HA-ready external object/asset storage (`minio`) (optional, assets can also be stored on the RWX file-system)
-- A HA-ready cache (`redis-cluster`)
+- A HA-ready cache (`valkey-cluster`)
 - A HA-ready DB
 
 `postgres.enabled`, which default to `true`, must be set to `false` for a HA setup.
@@ -72,33 +72,33 @@ persistence:
 
 ## Cache, session and queue
 
-A `redis` instance is required for the in-memory cache.
+A `valkey` instance is required for the in-memory cache.
 Two options exist:
 
-- `redis`
-- `redis-cluster`
+- `valkey`
+- `valkey-cluster`
 
-The chart provides `redis-cluster` as a dependency as this one can be used for both HA and non-HA setups.
-You're also welcome to go with `redis` if you prefer or already have a running instance.
+The chart provides `valkey-cluster` as a dependency as this one can be used for both HA and non-HA setups.
+You're also welcome to go with `valkey` if you prefer or already have a running instance.
 
-It should be noted that `redis-cluster` support is only available starting with Gitea 1.19.2.
-You can also configure an external (managed) `redis` instance to be used.
+It should be noted that `valkey-cluster` support is only available starting with Gitea 1.19.2.
+You can also configure an external (managed) `valkey` instance to be used.
 To do so, you need to set the following configuration values yourself:
 
-- `gitea.config.queue.TYPE`: redis`
-- `gitea.config.queue.CONN_STR`: `<your redis connection string>`
+- `gitea.config.queue.TYPE`: valkey`
+- `gitea.config.queue.CONN_STR`: `<your valkey connection string>`
 
-- `gitea.config.session.PROVIDER`: `redis`
-- `gitea.config.session.PROVIDER_CONFIG`: `<your redis connection string>`
+- `gitea.config.session.PROVIDER`: `valkey`
+- `gitea.config.session.PROVIDER_CONFIG`: `<your valkey connection string>`
 
 - `gitea.config.cache.ENABLED`: `true`
-- `gitea.config.cache.ADAPTER`: `redis`
-- `gitea.config.cache.HOST`: `<your redis connection string>`
+- `gitea.config.cache.ADAPTER`: `valkey`
+- `gitea.config.cache.HOST`: `<your valkey connection string>`
 
-By default, the `redis-cluster` chart provisions three standalone master nodes of which each has a single replica.
+By default, the `valkey-cluster` chart provisions three standalone master nodes of which each has a single replica.
 To reduce the number of pods for a default Gitea deployment, we opted to omit the replicas (`replicas: 0`) by default.
-Only the minimum required number of master pods for a functional `redis-cluster` deployment are provisioned.
-For a "proper" `redis-cluster` setup however, we recommend to set `replicas: 1` and `nodes: 6`.
+Only the minimum required number of master pods for a functional `valkey-cluster` deployment are provisioned.
+For a "proper" `valkey-cluster` setup however, we recommend to set `replicas: 1` and `nodes: 6`.
 
 ## Object and asset storage
 

package-lock.json

@@ -1660,4 +1660,4 @@
       }
     }
   }
-}
+}

renovate.json5

@@ -9,19 +9,19 @@
   labels: [
     'kind/dependency',
   ],
-  "digest": {
-    "automerge": true
+  digest: {
+    automerge: true,
   },
   automergeStrategy: 'squash',
   'git-submodules': {
-    'enabled': true
+    enabled: true,
   },
   customManagers: [
     {
       description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions',
       customType: 'regex',
-      fileMatch: [
-        '.gitea/workflows/.+\\.ya?ml$',
+      managerFilePatterns: [
+        '/.gitea/workflows/.+\\.ya?ml$/',
       ],
       matchStrings: [
         '# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?<currentValue>.+?)["\']?\\s',
@@ -30,17 +30,21 @@
     {
       description: 'Detect helm-unittest yaml schema file',
       customType: 'regex',
-      fileMatch: ['.vscode/settings\\.json$'],
+      managerFilePatterns: [
+        '/.vscode/settings\\.json$/',
+      ],
       matchStrings: [
         'https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json',
       ],
       datasourceTemplate: 'github-releases',
     },
     {
-      'description': 'Automatically detect new Gitea releases',
-      'customType': 'regex',
-      'fileMatch': ['(^|/)Chart\\.yaml$'],
-      'matchStrings': [
+      description: 'Automatically detect new Gitea releases',
+      customType: 'regex',
+      managerFilePatterns: [
+        '/(^|/)Chart\\.yaml$/',
+      ],
+      matchStrings: [
         '# renovate datasource=(?<datasource>\\S+) depName=(?<depName>\\S+) extractVersion=(?<extractVersion>\\S+)\\nappVersion:\\s?(?<currentValue>\\S+)\\n',
       ],
     },
@@ -57,6 +61,17 @@
         'digest',
       ],
     },
+    {
+      groupName: 'bats testing framework',
+      matchManagers: [
+        'git-submodules',
+      ],
+      matchUpdateTypes: [
+        'minor',
+        'patch',
+        'digest',
+      ],
+    },
     {
       groupName: 'workflow dependencies (minor & patch)',
       matchManagers: [
@@ -101,7 +116,9 @@
       matchDepNames: [
         'go-gitea/gitea',
       ],
-      schedule: ['at any time'],
+      schedule: [
+        'at any time',
+      ],
     },
   ],
 }

templates/_helpers.tpl

@@ -133,29 +133,29 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- end -}}
 
-{{- define "redis.dns" -}}
-{{- if and ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}}
-{{- fail "redis and redis-cluster cannot be enabled at the same time. Please only choose one." -}}
-{{- else if (index .Values "redis-cluster").enabled -}}
-{{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}}
-{{- else if (index .Values "redis").enabled -}}
-{{- printf "redis://:%s@%s-redis-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis").master.service.ports.redis -}}
+{{- define "valkey.dns" -}}
+{{- if and ((index .Values "valkey-cluster").enabled) ((index .Values "valkey").enabled) -}}
+{{- fail "valkey and valkey-cluster cannot be enabled at the same time. Please only choose one." -}}
+{{- else if (index .Values "valkey-cluster").enabled -}}
+{{- printf "redis+cluster://:%s@%s-valkey-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "valkey-cluster").global.valkey.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "valkey-cluster").service.ports.valkey -}}
+{{- else if (index .Values "valkey").enabled -}}
+{{- printf "redis://:%s@%s-valkey-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "valkey").global.valkey.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "valkey").master.service.ports.valkey -}}
 {{- end -}}
 {{- end -}}
 
-{{- define "redis.port" -}}
-{{- if (index .Values "redis-cluster").enabled -}}
-{{ (index .Values "redis-cluster").service.ports.redis }}
-{{- else if (index .Values "redis").enabled -}}
-{{ (index .Values "redis").master.service.ports.redis }}
+{{- define "valkey.port" -}}
+{{- if (index .Values "valkey-cluster").enabled -}}
+{{ (index .Values "valkey-cluster").service.ports.valkey }}
+{{- else if (index .Values "valkey").enabled -}}
+{{ (index .Values "valkey").master.service.ports.valkey }}
 {{- end -}}
 {{- end -}}
 
-{{- define "redis.servicename" -}}
-{{- if (index .Values "redis-cluster").enabled -}}
-{{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
-{{- else if (index .Values "redis").enabled -}}
-{{- printf "%s-redis-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
+{{- define "valkey.servicename" -}}
+{{- if (index .Values "valkey-cluster").enabled -}}
+{{- printf "%s-valkey-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
+{{- else if (index .Values "valkey").enabled -}}
+{{- printf "%s-valkey-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
 {{- end -}}
 {{- end -}}
 
@@ -220,15 +220,6 @@ https
 {{- end -}}
 {{- end -}}
 
-{{- define "gitea.act_runner.local_root_url" -}}
-{{- if not .Values.gitea.config.server.LOCAL_ROOT_URL -}}
-    {{- printf "http://%s-http:%.0f" (include "gitea.fullname" .) .Values.service.http.port -}}
-{{- else -}}
-  {{/* fallback for allowing to overwrite this value via inline config */}}
-  {{- .Values.gitea.config.server.LOCAL_ROOT_URL -}}
-{{- end -}}
-{{- end -}}
-
 {{- define "gitea.inline_configuration" -}}
   {{- include "gitea.inline_configuration.init" . -}}
   {{- include "gitea.inline_configuration.defaults" . -}}
@@ -314,14 +305,14 @@ https
   {{- if and (not (hasKey .Values.gitea.config.metrics "TOKEN")) (.Values.gitea.metrics.token) (.Values.gitea.metrics.enabled) -}}
     {{- $_ := set .Values.gitea.config.metrics "TOKEN" .Values.gitea.metrics.token -}}
   {{- end -}}
-  {{- /* redis queue */ -}}
-  {{- if or ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}}
+  {{- /* valkey queue */ -}}
+  {{- if or ((index .Values "valkey-cluster").enabled) ((index .Values "valkey").enabled) -}}
     {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}}
-    {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}}
+    {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "valkey.dns" .) -}}
     {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}}
-    {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "redis.dns" .) -}}
+    {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "valkey.dns" .) -}}
     {{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}}
-    {{- $_ := set .Values.gitea.config.cache "HOST" (include "redis.dns" .) -}}
+    {{- $_ := set .Values.gitea.config.cache "HOST" (include "valkey.dns" .) -}}
   {{- else -}}
     {{- if not (get .Values.gitea.config.session "PROVIDER") -}}
       {{- $_ := set .Values.gitea.config.session "PROVIDER" "memory" -}}
@@ -345,9 +336,6 @@ https
   {{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}}
      {{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}}
   {{- end -}}
-  {{- if not .Values.gitea.config.actions.ENABLED -}}
-     {{- $_ := set .Values.gitea.config.actions "ENABLED" (ternary "true" "false" .Values.actions.enabled) -}}
-  {{- end -}}
 {{- end -}}
 
 {{- define "gitea.inline_configuration.defaults.server" -}}
@@ -367,9 +355,6 @@ https
   {{- if not .Values.gitea.config.server.ROOT_URL -}}
     {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" (include "gitea.public_protocol" .) .Values.gitea.config.server.DOMAIN) -}}
   {{- end -}}
-  {{- if .Values.actions.enabled -}}
-     {{- $_ := set .Values.gitea.config.server "LOCAL_ROOT_URL" (include "gitea.act_runner.local_root_url" .) -}}
-  {{- end -}}
   {{- if not .Values.gitea.config.server.SSH_DOMAIN -}}
     {{- $_ := set .Values.gitea.config.server "SSH_DOMAIN" .Values.gitea.config.server.DOMAIN -}}
   {{- end -}}
@@ -443,6 +428,18 @@ https
 {{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }}
 {{- end -}}
 
+{{- define "ingress.annotations" -}}
+  {{- if .Values.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
 {{- define "gitea.admin.passwordMode" -}}
 {{- if has .Values.gitea.admin.passwordMode (tuple "keepUpdated" "initialOnlyNoReset" "initialOnlyRequireReset") -}}
 {{ .Values.gitea.admin.passwordMode }}
@@ -471,4 +468,4 @@ https
 
 {{- define "gitea.metrics-secret-name" -}}
 {{ default (printf "%s-metrics-secret" (include "gitea.fullname" .)) }}
-{{- end -}}
+{{- end -}}

templates/gitea/act_runner/01-consistency-checks.yaml

@@ -1,15 +0,0 @@
-{{- if .Values.actions.enabled -}}
-    {{- if .Values.actions.provisioning.enabled -}}
-        {{- if not (and .Values.persistence.enabled .Values.persistence.mount) -}}
-            {{- fail "persistence.enabled and persistence.mount are required when provisioning is enabled" -}}
-        {{- end -}}
-        {{- if and .Values.persistence.enabled .Values.persistence.mount -}}
-            {{- if .Values.actions.existingSecret -}}
-                {{- fail "Can't specify both actions.provisioning.enabled and actions.existingSecret" -}}
-            {{- end -}}
-        {{- end -}}
-    {{- end -}}
-    {{- if and (not .Values.actions.provisioning.enabled) (or (empty .Values.actions.existingSecret) (empty .Values.actions.existingSecretKey)) -}}
-        {{- fail "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled" -}}
-    {{- end -}}
-{{- end -}}

templates/gitea/act_runner/config-act-runner.yaml

@@ -1,15 +0,0 @@
-{{- if .Values.actions.enabled }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "gitea.fullname" . }}-act-runner-config
-  namespace: {{ .Values.namespace | default .Release.Namespace }}
-  labels:
-    {{- include "gitea.labels" . | nindent 4 }}
-data:
-  config.yaml: |
-    {{- with .Values.actions.statefulset.actRunner.config -}}
-    {{ . | nindent 4}}
-    {{- end -}}
-{{- end }}

templates/gitea/act_runner/config-scripts.yaml

@@ -1,14 +0,0 @@
-{{- if .Values.actions.enabled }}
-{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "gitea.fullname" . }}-scripts
-  namespace: {{ .Values.namespace | default .Release.Namespace }}
-  labels:
-    {{- include "gitea.labels" . | nindent 4 }}
-data:
-{{ (.Files.Glob "scripts/act_runner/*.sh").AsConfig | indent 2 }}
-{{- end }}
-{{- end }}

templates/gitea/act_runner/job.yaml

@@ -1,115 +0,0 @@
-{{- if .Values.actions.enabled }}
-{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
-{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
-{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: {{ $name }}
-  namespace: {{ .Values.namespace | default .Release.Namespace }}
-  labels:
-    {{- include "gitea.labels" . | nindent 4 }}
-    {{- with .Values.actions.provisioning.labels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-    app.kubernetes.io/component: token-job
-  annotations:
-    {{- with .Values.actions.provisioning.annotations }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-spec:
-  ttlSecondsAfterFinished: {{ .Values.actions.provisioning.ttlSecondsAfterFinished }}
-  template:
-    metadata:
-      labels:
-        {{- include "gitea.labels" . | nindent 8 }}
-        {{- with .Values.actions.provisioning.labels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-        app.kubernetes.io/component: token-job
-    spec:
-      initContainers:
-        - name: init-gitea
-          image: "{{ .Values.actions.init.image.repository }}:{{ .Values.actions.init.image.tag }}"
-          command:
-            - sh
-            - -c
-            - |
-              while ! nc -z {{ include "gitea.fullname" . }}-http {{ .Values.service.http.port }}; do
-                sleep 5
-              done
-      containers:
-        - name: actions-token-create
-          image: "{{ include "gitea.image" . }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          env:
-            - name: GITEA_APP_INI
-              value: /data/gitea/conf/app.ini
-          command:
-            - sh
-            - -c
-            - |
-              echo "Generating act_runner token via 'gitea actions generate-runner-token'..."
-              mkdir -p /data/actions/
-              gitea actions generate-runner-token | grep -E '^.{40}$' | tr -d '\n' > /data/actions/token
-          resources:
-            {{- toYaml .Values.actions.provisioning.resources | nindent 12 }}
-          volumeMounts:
-            - name: data
-              mountPath: /data
-              {{- if .Values.persistence.subPath }}
-              subPath: {{ .Values.persistence.subPath }}
-              {{- end }}
-        - name: actions-token-upload
-          image: "{{ .Values.actions.provisioning.publish.repository }}:{{ .Values.actions.provisioning.publish.tag }}"
-          imagePullPolicy: {{ .Values.actions.provisioning.publish.pullPolicy }}
-          env:
-            - name: SECRET_NAME
-              value: {{ $secretName }}
-          command:
-            - sh
-            - -c
-            - |
-              printf "Checking rights to update kubernetes act_runner secret..."
-              kubectl auth can-i update secret/${SECRET_NAME}
-              /scripts/token.sh
-          resources:
-            {{- toYaml .Values.actions.provisioning.resources | nindent 12 }}
-          volumeMounts:
-            - mountPath: /scripts
-              name: scripts
-              readOnly: true
-            - mountPath: /data
-              name: data
-              readOnly: true
-              {{- if .Values.persistence.subPath }}
-              subPath: {{ .Values.persistence.subPath }}
-              {{- end }}
-      {{- range $key, $value := .Values.actions.provisioning.nodeSelector }}
-      nodeSelector:
-        {{ $key }}: {{ $value | quote }}
-      {{- end }}
-      {{- with .Values.actions.provisioning.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.actions.provisioning.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      restartPolicy: Never
-      serviceAccount: {{ $name }}
-      volumes:
-        - name: scripts
-          configMap:
-            name: {{ include "gitea.fullname" . }}-scripts
-            defaultMode: 0755
-        - name: data
-          persistentVolumeClaim:
-            claimName: {{ .Values.persistence.claimName }}
-  parallelism: 1
-  completions: 1
-  backoffLimit: 1
-{{- end }}
-{{- end }}

templates/gitea/act_runner/role-job.yaml

@@ -1,26 +0,0 @@
-{{- if .Values.actions.enabled }}
-{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
-{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
-{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ $name }}
-  namespace: {{ .Values.namespace | default .Release.Namespace }}
-  labels:
-    {{- include "gitea.labels" . | nindent 4 }}
-    app.kubernetes.io/component: token-job
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - secrets
-    resourceNames:
-      - {{ $secretName }}
-    verbs:
-      - get
-      - update
-      - patch
-{{- end }}
-{{- end }}

templates/gitea/act_runner/rolebinding-job.yaml

@@ -1,23 +0,0 @@
-{{- if .Values.actions.enabled }}
-{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
-{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
-{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ $name }}
-  namespace: {{ .Values.namespace | default .Release.Namespace }}
-  labels:
-    {{- include "gitea.labels" . | nindent 4 }}
-    app.kubernetes.io/component: token-job
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ $name }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ $name }}
-    namespace: {{ .Release.Namespace }}
-{{- end }}
-{{- end }}

templates/gitea/act_runner/secret-token.yaml

@@ -1,20 +0,0 @@
-{{- if .Values.actions.enabled }}
-{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
-{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
-{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ $secretName }}
-  namespace: {{ .Values.namespace | default .Release.Namespace }}
-  labels:
-    {{- include "gitea.labels" . | nindent 4 }}
-    app.kubernetes.io/component: token-job
-{{ $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) -}}
-{{ if $secret -}}
-data:
-  token: {{ (b64dec (index $secret.data "token")) | b64enc }}
-{{ end -}}
-{{- end }}
-{{- end }}

templates/gitea/act_runner/serviceaccount-job.yaml

@@ -1,14 +0,0 @@
-{{- if .Values.actions.enabled }}
-{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
-{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ $name }}
-  namespace: {{ .Values.namespace | default .Release.Namespace }}
-  labels:
-    {{- include "gitea.labels" . | nindent 4 }}
-    app.kubernetes.io/component: token-job
-{{- end }}
-{{- end }}

templates/gitea/act_runner/statefulset.yaml

@@ -1,129 +0,0 @@
-{{- if .Values.actions.enabled }}
-{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
----
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  labels:
-    {{- include "gitea.labels.actRunner" . | nindent 4 }}
-    {{- with .Values.actions.statefulset.labels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-  annotations:
-    {{- with .Values.actions.statefulset.annotations }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-  name: {{ include "gitea.fullname" . }}-act-runner
-  namespace: {{ .Values.namespace | default .Release.Namespace }}
-spec:
-  selector:
-    matchLabels:
-      {{- include "gitea.selectorLabels.actRunner" . | nindent 6 }}
-  template:
-    metadata:
-      annotations:
-        checksum/config: {{ include (print $.Template.BasePath "/gitea/act_runner/config-act-runner.yaml") . | sha256sum }}
-      labels:
-        {{- include "gitea.labels.actRunner" . | nindent 8 }}
-        {{- with .Values.actions.statefulset.labels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      initContainers:
-        - name: init-gitea
-          image: "{{ .Values.actions.init.image.repository }}:{{ .Values.actions.init.image.tag }}"
-          command:
-            - sh
-            - -c
-            - |
-              while ! nc -z {{ include "gitea.fullname" . }}-http {{ .Values.service.http.port }}; do
-                sleep 5
-              done
-      containers:
-        - name: act-runner
-          image: "{{ .Values.actions.statefulset.actRunner.repository }}:{{ .Values.actions.statefulset.actRunner.tag }}"
-          imagePullPolicy: {{ .Values.actions.statefulset.actRunner.pullPolicy }}
-          workingDir: /data
-          env:
-            - name: DOCKER_HOST
-              value: tcp://127.0.0.1:2376
-            - name: DOCKER_TLS_VERIFY
-              value: "1"
-            - name: DOCKER_CERT_PATH
-              value: /certs/server
-            - name: GITEA_RUNNER_REGISTRATION_TOKEN
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.actions.existingSecret | default $secretName }}"
-                  key: "{{ .Values.actions.existingSecretKey | default "token" }}"
-            - name: GITEA_INSTANCE_URL
-              value: {{ include "gitea.act_runner.local_root_url" . }}
-            - name: CONFIG_FILE
-              value: /actrunner/config.yaml
-          resources:
-            {{- toYaml .Values.actions.statefulset.resources | nindent 12 }}
-          volumeMounts:
-            - mountPath: /actrunner/config.yaml
-              name: act-runner-config
-              subPath: config.yaml
-            - mountPath: /certs/server
-              name: docker-certs
-            - mountPath: /data
-              name: data-act-runner
-            {{- with .Values.actions.statefulset.actRunner.extraVolumeMounts }}
-            {{- toYaml . | nindent 12 }}
-            {{- end }}
-        - name: dind
-          image: "{{ .Values.actions.statefulset.dind.repository }}:{{ .Values.actions.statefulset.dind.tag }}"
-          imagePullPolicy: {{ .Values.actions.statefulset.dind.pullPolicy }}
-          env:
-            - name: DOCKER_HOST
-              value: tcp://127.0.0.1:2376
-            - name: DOCKER_TLS_VERIFY
-              value: "1"
-            - name: DOCKER_CERT_PATH
-              value: /certs/server
-            {{- if .Values.actions.statefulset.dind.extraEnvs }}
-            {{- toYaml .Values.actions.statefulset.dind.extraEnvs | nindent 12 }}
-            {{- end }}
-          securityContext:
-            privileged: true
-          resources:
-            {{- toYaml .Values.actions.statefulset.resources | nindent 12 }}
-          volumeMounts:
-            - mountPath: /certs/server
-              name: docker-certs
-            {{- with .Values.actions.statefulset.dind.extraVolumeMounts }}
-            {{- toYaml . | nindent 12 }}
-            {{- end }}
-      {{- range $key, $value := .Values.actions.statefulset.nodeSelector }}
-      nodeSelector:
-        {{ $key }}: {{ $value | quote }}
-      {{- end }}
-      {{- with .Values.actions.statefulset.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.actions.statefulset.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      volumes:
-        - name: act-runner-config
-          configMap:
-            name: {{ include "gitea.fullname" . }}-act-runner-config
-        - name: docker-certs
-          emptyDir: {}
-        {{- with .Values.actions.statefulset.extraVolumes }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-  volumeClaimTemplates:
-    - metadata:
-        name: data-act-runner
-      spec:
-        accessModes: [ "ReadWriteOnce" ]
-        {{- include "gitea.persistence.storageClass" . | nindent 8 }}
-        resources:
-          requests:
-            storage: 1Mi
-{{- end }}

templates/gitea/check-actions-not-present.yaml

@@ -0,0 +1,3 @@
+{{- if .Values.actions -}}
+    {{- fail "The actions sub-chart has been outsourced to a dedicated chart available at https://gitea.com/gitea/helm-actions. For assistance with the migration process, check https://gitea.com/gitea/helm-actions/issues/9." -}}
+{{- end -}}

templates/gitea/deployment.yaml

@@ -62,7 +62,8 @@ spec:
         - name: init-directories
           image: "{{ include "gitea.image" . }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
-          command: ["/usr/sbin/init_directory_structure.sh"]
+          command:
+            - "{{ .Values.initContainersScriptsVolumeMountPath }}/init_directory_structure.sh"
           env:
             - name: GITEA_APP_INI
               value: /data/gitea/conf/app.ini
@@ -81,7 +82,7 @@ spec:
             {{- end }}
           volumeMounts:
             - name: init
-              mountPath: /usr/sbin
+              mountPath: {{ .Values.initContainersScriptsVolumeMountPath }}
             - name: temp
               mountPath: /tmp
             - name: data
@@ -97,7 +98,8 @@ spec:
         - name: init-app-ini
           image: "{{ include "gitea.image" . }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
-          command: ["/usr/sbin/config_environment.sh"]
+          command: 
+          - "{{ .Values.initContainersScriptsVolumeMountPath }}/config_environment.sh"
           env:
             - name: GITEA_APP_INI
               value: /data/gitea/conf/app.ini
@@ -115,11 +117,11 @@ spec:
             {{- toYaml .Values.deployment.env | nindent 12 }}
             {{- end }}
             {{- if .Values.gitea.additionalConfigFromEnvs }}
-            {{- toYaml .Values.gitea.additionalConfigFromEnvs | nindent 12 }}
+            {{- tpl (toYaml .Values.gitea.additionalConfigFromEnvs) $ | nindent 12 }}
             {{- end }}
           volumeMounts:
             - name: config
-              mountPath: /usr/sbin
+              mountPath: {{ .Values.initContainersScriptsVolumeMountPath }}
             - name: temp
               mountPath: /tmp
             - name: data
@@ -141,7 +143,8 @@ spec:
         {{- if .Values.signing.enabled }}
         - name: configure-gpg
           image: "{{ include "gitea.image" . }}"
-          command: ["/usr/sbin/configure_gpg_environment.sh"]
+          command: 
+          - "{{ .Values.initContainersScriptsVolumeMountPath }}/configure_gpg_environment.sh"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           securityContext:
             {{- /* By default this container runs as user 1000 unless otherwise stated */ -}}
@@ -157,7 +160,7 @@ spec:
               value: /raw/private.asc
           volumeMounts:
             - name: init
-              mountPath: /usr/sbin
+              mountPath: {{ .Values.initContainersScriptsVolumeMountPath }}
             - name: data
               mountPath: /data
               {{- if .Values.persistence.subPath }}
@@ -174,7 +177,8 @@ spec:
         {{- end }}
         - name: configure-gitea
           image: "{{ include "gitea.image" . }}"
-          command: ["/usr/sbin/configure_gitea.sh"]
+          command:
+          - "{{ .Values.initContainersScriptsVolumeMountPath }}/configure_gitea.sh"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           securityContext:
             {{- /* By default this container runs as user 1000 unless otherwise stated */ -}}
@@ -257,7 +261,7 @@ spec:
             {{- end }}
           volumeMounts:
             - name: init
-              mountPath: /usr/sbin
+              mountPath: {{ .Values.initContainersScriptsVolumeMountPath }}
             - name: temp
               mountPath: /tmp
             - name: data

templates/gitea/ingress.yaml

@@ -1,15 +1,7 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "gitea.fullname" . -}}
 {{- $httpPort := .Values.service.http.port -}}
-{{- $apiVersion := "extensions/v1beta1" -}}
-{{- if .Values.ingress.apiVersion -}}
-{{- $apiVersion = .Values.ingress.apiVersion -}}
-{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}}
-{{- $apiVersion = "networking.k8s.io/v1" }}
-{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}}
-{{- $apiVersion = "networking.k8s.io/v1beta1" }}
-{{- end }}
-apiVersion: {{ $apiVersion }}
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: {{ $fullName }}
@@ -21,9 +13,7 @@ metadata:
       {{ $key }}: {{ $value | quote }}
     {{- end }}
 spec:
-{{- if .Values.ingress.className }}
   ingressClassName: {{ tpl .Values.ingress.className . }}
-{{- end }}
 {{- if .Values.ingress.tls }}
   tls:
   {{- range .Values.ingress.tls }}
@@ -39,21 +29,34 @@ spec:
     - host: {{ tpl .host $ | quote }}
       http:
         paths:
+          {{- if .paths }}
           {{- range .paths }}
-          - path: {{ .path }}
-            {{- if and .pathType (eq $apiVersion "networking.k8s.io/v1") }}
-            pathType: {{ .pathType }}
-            {{- end }}
+          {{- if kindIs "string" . }}
+          - path: {{ . }}
+            pathType: {{ default "Prefix" $.Values.ingress.pathType }}
+            backend:
+              service:
+                name: {{ $fullName }}-http
+                port:
+                  number: {{ $httpPort }}
+          {{- else }}
+          - path: {{ .path | default "/" }}
+            pathType: {{ .pathType | default "Prefix" }}
+            backend:
+              service:
+                name: {{ $fullName }}-http
+                port:
+                  number: {{ $httpPort }}
+          {{- end }}
+          {{- end }}
+          {{- else }}
+          - path: "/"
+            pathType: "Prefix"
             backend:
-            {{- if eq $apiVersion "networking.k8s.io/v1" }}
               service:
                 name: {{ $fullName }}-http
                 port:
                   number: {{ $httpPort }}
-            {{- else }}
-              serviceName: {{ $fullName }}-http
-              servicePort: {{ $httpPort }}
-            {{- end }}
           {{- end }}
     {{- end }}
 {{- end }}

templates/gitea/init.yaml

@@ -57,25 +57,25 @@ stringData:
       exit 1
     }
 
-    {{- if include "redis.servicename" . }}
-    function test_redis_connection() {
+    {{- if include "valkey.servicename" . }}
+    function test_valkey_connection() {
       local RETRY=0
       local MAX=30
       
-      echo 'Wait for redis to become available...'
+      echo 'Wait for valkey to become avialable...'
       until [ "${RETRY}" -ge "${MAX}" ]; do
-        nc -vz -w2 {{ include "redis.servicename" . }} {{ include "redis.port" . }} && break
+        nc -vz -w2 {{ include "valkey.servicename" . }} {{ include "valkey.port" . }} && break
         RETRY=$[${RETRY}+1]
         echo "...not ready yet (${RETRY}/${MAX})"
       done
 
       if [ "${RETRY}" -ge "${MAX}" ]; then
-        echo "Redis not reachable after '${MAX}' attempts!"
+        echo "Valkey not reachable after '${MAX}' attempts!"
         exit 1
       fi
     }
 
-    test_redis_connection
+    test_valkey_connection
     {{- end }}
     
 
@@ -225,4 +225,4 @@ stringData:
 
     configure_oauth
 
-    echo '==== END GITEA CONFIGURATION ===='
+    echo '==== END GITEA CONFIGURATION ===='

unittests/bash/bats

@@ -1 +1 @@
-Subproject commit 3172a45e55a58bbaf952e971a4b7347483842ba7
+Subproject commit 5ec2d815109358b3ad86f5aabf289d96e6535ac5

unittests/helm/act_runner/01-consistency-checks.yaml

@@ -1,69 +0,0 @@
-suite: actions template | consistency checks
-release:
-  name: gitea-unittests
-  namespace: testing
-templates:
-  - templates/gitea/act_runner/01-consistency-checks.yaml
-tests:
-  - it: fails when provisioning is enabled BUT persistence is completely disabled
-    set:
-      persistence:
-        enabled: false
-      actions:
-        enabled: true
-        provisioning:
-          enabled: true
-    asserts:
-      - failedTemplate:
-          errorMessage: "persistence.enabled and persistence.mount are required when provisioning is enabled"
-  - it: fails when provisioning is enabled BUT mount is disabled, although persistence is enabled
-    set:
-      persistence:
-        enabled: true
-        mount: false
-      actions:
-        enabled: true
-        provisioning:
-          enabled: true
-    asserts:
-      - failedTemplate:
-          errorMessage: "persistence.enabled and persistence.mount are required when provisioning is enabled"
-  - it: fails when provisioning is enabled AND existingSecret is given
-    set:
-      actions:
-        enabled: true
-        provisioning:
-          enabled: true
-        existingSecret: "secret-reference"
-    asserts:
-      - failedTemplate:
-          errorMessage: "Can't specify both actions.provisioning.enabled and actions.existingSecret"
-  - it: fails when provisioning is disabled BUT existingSecret and existingSecretKey are missing
-    set:
-      actions:
-        enabled: true
-        provisioning:
-          enabled: false
-    asserts:
-      - failedTemplate:
-          errorMessage: "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled"
-  - it: fails when provisioning is disabled BUT existingSecretKey is missing
-    set:
-      actions:
-        enabled: true
-        provisioning:
-          enabled: false
-        existingSecret: "my-secret"
-    asserts:
-      - failedTemplate:
-          errorMessage: "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled"
-  - it: fails when provisioning is disabled BUT existingSecret is missing
-    set:
-      actions:
-        enabled: true
-        provisioning:
-          enabled: false
-        existingSecretKey: "my-secret-key"
-    asserts:
-      - failedTemplate:
-          errorMessage: "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled"

unittests/helm/act_runner/config-act-runner.yaml

@@ -1,45 +0,0 @@
-# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
-suite: actions template | config-act-runner
-release:
-  name: gitea-unittests
-  namespace: testing
-templates:
-  - templates/gitea/act_runner/config-act-runner.yaml
-tests:
-  - it: doesn't renders a ConfigMap by default
-    template: templates/gitea/act_runner/config-act-runner.yaml
-    asserts:
-      - hasDocuments:
-          count: 0
-  - it: renders a ConfigMap
-    template: templates/gitea/act_runner/config-act-runner.yaml
-    set:
-      actions:
-        enabled: true
-        statefulset:
-          actRunner:
-            config: |
-              log:
-                level: info
-              cache:
-                enabled: false
-              runner:
-                labels:
-                  - "ubuntu-latest"
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: ConfigMap
-          apiVersion: v1
-          name: gitea-unittests-act-runner-config
-      - equal:
-          path: data["config.yaml"]
-          value: |
-            log:
-              level: info
-            cache:
-              enabled: false
-            runner:
-              labels:
-                - "ubuntu-latest"

unittests/helm/act_runner/config-scripts.yaml

@@ -1,49 +0,0 @@
-suite: actions template | config-scripts
-release:
-  name: gitea-unittests
-  namespace: testing
-templates:
-  - templates/gitea/act_runner/config-scripts.yaml
-tests:
-  - it: renders a ConfigMap when all criteria are met
-    template: templates/gitea/act_runner/config-scripts.yaml
-    set:
-      actions:
-        enabled: true
-        provisioning:
-          enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: ConfigMap
-          apiVersion: v1
-          name: gitea-unittests-scripts
-      - isNotNullOrEmpty:
-          path: data["token.sh"]
-  - it: doesn't renders a ConfigMap by default
-    template: templates/gitea/act_runner/config-scripts.yaml
-    asserts:
-      - hasDocuments:
-          count: 0
-  - it: doesn't renders a ConfigMap with disabled actions but enabled provisioning
-    template: templates/gitea/act_runner/config-scripts.yaml
-    asserts:
-      - hasDocuments:
-          count: 0
-  - it: doesn't renders a ConfigMap with disabled actions but otherwise met criteria
-    template: templates/gitea/act_runner/config-scripts.yaml
-    set:
-      actions:
-        enabled: false
-        provisioning:
-          enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 0

unittests/helm/act_runner/job.yaml

@@ -1,65 +0,0 @@
-suite: actions template | job
-release:
-  name: gitea-unittests
-  namespace: testing
-chart:
-  # Override appVersion to have a pinned version for comparison
-  appVersion: 1.19.3
-templates:
-  - templates/gitea/act_runner/job.yaml
-tests:
-  - it: renders a Job
-    template: templates/gitea/act_runner/job.yaml
-    set:
-      actions:
-        enabled: true
-        provisioning:
-          enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: Job
-          apiVersion: batch/v1
-          name: gitea-unittests-actions-token-job
-      - equal:
-          path: spec.template.spec.containers[0].image
-          value: "docker.gitea.com/gitea:1.19.3-rootless"
-  - it: tag override
-    template: templates/gitea/act_runner/job.yaml
-    set:
-      image.tag: "1.19.4"
-      actions:
-        enabled: true
-        provisioning:
-          enabled: true
-          publish:
-            tag: "1.29.0"
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - equal:
-          path: spec.template.spec.containers[0].image
-          value: "docker.gitea.com/gitea:1.19.4-rootless"
-      - equal:
-          path: spec.template.spec.containers[1].image
-          value: "bitnami/kubectl:1.29.0"
-  - it: doesn't renders a Job by default
-    template: templates/gitea/act_runner/job.yaml
-    asserts:
-      - hasDocuments:
-          count: 0
-  - it: doesn't renders a Job when provisioning is enabled BUT actions are not enabled
-    template: templates/gitea/act_runner/job.yaml
-    set:
-      actions:
-        enabled: false
-        provisioning:
-          enabled: true
-    asserts:
-      - hasDocuments:
-          count: 0

unittests/helm/act_runner/role-job.yaml

@@ -1,42 +0,0 @@
-suite: actions template | role-job
-release:
-  name: gitea-unittests
-  namespace: testing
-templates:
-  - templates/gitea/act_runner/role-job.yaml
-tests:
-  - it: doesn't renders a Role by default
-    template: templates/gitea/act_runner/role-job.yaml
-    asserts:
-      - hasDocuments:
-          count: 0
-  - it: renders a Role
-    template: templates/gitea/act_runner/role-job.yaml
-    set:
-      actions:
-        enabled: true
-        provisioning:
-          enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: Role
-          apiVersion: rbac.authorization.k8s.io/v1
-          name: gitea-unittests-actions-token-job
-  - it: doesn't renders a Role when criteria met BUT actions are not enabled
-    template: templates/gitea/act_runner/role-job.yaml
-    set:
-      actions:
-        enabled: false
-        provisioning:
-          enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 0

unittests/helm/act_runner/rolebinding-job.yaml

@@ -1,42 +0,0 @@
-suite: actions template | rolebinding-job
-release:
-  name: gitea-unittests
-  namespace: testing
-templates:
-  - templates/gitea/act_runner/rolebinding-job.yaml
-tests:
-  - it: doesn't renders a RoleBinding by default
-    template: templates/gitea/act_runner/rolebinding-job.yaml
-    asserts:
-      - hasDocuments:
-          count: 0
-  - it: renders a RoleBinding
-    template: templates/gitea/act_runner/rolebinding-job.yaml
-    set:
-      actions:
-        enabled: true
-        provisioning:
-          enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: RoleBinding
-          apiVersion: rbac.authorization.k8s.io/v1
-          name: gitea-unittests-actions-token-job
-  - it: doesn't renders a RoleBinding when criteria met BUT actions are not enabled
-    template: templates/gitea/act_runner/rolebinding-job.yaml
-    set:
-      actions:
-        enabled: false
-        provisioning:
-          enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 0

unittests/helm/act_runner/secret-token.yaml

@@ -1,42 +0,0 @@
-suite: actions template | secret-token
-release:
-  name: gitea-unittests
-  namespace: testing
-templates:
-  - templates/gitea/act_runner/secret-token.yaml
-tests:
-  - it: doesn't renders a Secret by default
-    template: templates/gitea/act_runner/secret-token.yaml
-    asserts:
-      - hasDocuments:
-          count: 0
-  - it: renders a Secret
-    template: templates/gitea/act_runner/secret-token.yaml
-    set:
-      actions:
-        enabled: true
-        provisioning:
-          enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: Secret
-          apiVersion: v1
-          name: gitea-unittests-actions-token
-  - it: doesn't renders a Secret when criteria met BUT actions are not enabled
-    template: templates/gitea/act_runner/secret-token.yaml
-    set:
-      actions:
-        enabled: false
-        provisioning:
-          enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 0

unittests/helm/act_runner/serviceaccount-job.yaml

@@ -1,42 +0,0 @@
-suite: actions template | serviceaccount-job
-release:
-  name: gitea-unittests
-  namespace: testing
-templates:
-  - templates/gitea/act_runner/serviceaccount-job.yaml
-tests:
-  - it: doesn't renders a ServiceAccount by default
-    template: templates/gitea/act_runner/serviceaccount-job.yaml
-    asserts:
-      - hasDocuments:
-          count: 0
-  - it: renders a ServiceAccount
-    template: templates/gitea/act_runner/serviceaccount-job.yaml
-    set:
-      actions:
-        enabled: true
-        provisioning:
-          enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: ServiceAccount
-          apiVersion: v1
-          name: gitea-unittests-actions-token-job
-  - it: doesn't renders a ServiceAccount when criteria met BUT actions are not enabled
-    template: templates/gitea/act_runner/serviceaccount-job.yaml
-    set:
-      actions:
-        enabled: false
-        provisioning:
-          enabled: true
-      persistence:
-        enabled: true
-        mount: true
-    asserts:
-      - hasDocuments:
-          count: 0

unittests/helm/act_runner/statefulset.yaml

@@ -1,182 +0,0 @@
-suite: actions template | statefulset
-release:
-  name: gitea-unittests
-  namespace: testing
-templates:
-  - templates/gitea/act_runner/statefulset.yaml
-  - templates/gitea/act_runner/config-act-runner.yaml
-tests:
-  - it: doesn't renders a StatefulSet by default
-    template: templates/gitea/act_runner/statefulset.yaml
-    asserts:
-      - hasDocuments:
-          count: 0
-  - it: renders a StatefulSet (with given existingSecret/existingSecretKey)
-    template: templates/gitea/act_runner/statefulset.yaml
-    set:
-      actions:
-        enabled: true
-        existingSecret: "my-secret"
-        existingSecretKey: "my-secret-key"
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-act-runner
-      - equal:
-          path: spec.template.spec.containers[0].env[3]
-          value:
-            name: GITEA_RUNNER_REGISTRATION_TOKEN
-            valueFrom:
-              secretKeyRef:
-                name: "my-secret"
-                key: "my-secret-key"
-  - it: renders a StatefulSet (with secret reference defaults for enabled provisioning)
-    template: templates/gitea/act_runner/statefulset.yaml
-    set:
-      actions:
-        enabled: true
-        provisioning:
-          enabled: true
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-act-runner
-      - equal:
-          path: spec.template.spec.containers[0].env[3]
-          value:
-            name: GITEA_RUNNER_REGISTRATION_TOKEN
-            valueFrom:
-              secretKeyRef:
-                name: "gitea-unittests-actions-token"
-                key: "token"
-  - it: renders a StatefulSet (that tracks changes of the runner configuration as annotation)
-    template: templates/gitea/act_runner/statefulset.yaml
-    set:
-      image.tag: "1.22.3" # lock image tag to prevent test failures on future Gitea upgrades
-      actions:
-        enabled: true
-        existingSecret: "my-secret"
-        existingSecretKey: "my-secret-key"
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-act-runner
-      - equal:
-          path: spec.template.metadata.annotations["checksum/config"]
-          value: "2a2200e80fc29111d18b675789c265cd3d5f917754850f946f1ce3c55dcd65f8"
-  - it: renders a StatefulSet (with correct GITEA_INSTANCE_URL env with default act-runner specific LOCAL_ROOT_URL)
-    template: templates/gitea/act_runner/statefulset.yaml
-    set:
-      actions:
-        enabled: true
-        existingSecret: "my-secret"
-        existingSecretKey: "my-secret-key"
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-act-runner
-      - equal:
-          path: spec.template.spec.containers[0].env[4]
-          value:
-            name: GITEA_INSTANCE_URL
-            value: "http://gitea-unittests-http:3000"
-  - it: renders a StatefulSet (with correct GITEA_INSTANCE_URL env from customized LOCAL_ROOT_URL)
-    template: templates/gitea/act_runner/statefulset.yaml
-    set:
-      gitea.config.server.LOCAL_ROOT_URL: "http://git.example.com"
-      actions:
-        enabled: true
-        existingSecret: "my-secret"
-        existingSecretKey: "my-secret-key"
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-act-runner
-      - equal:
-          path: spec.template.spec.containers[0].env[4]
-          value:
-            name: GITEA_INSTANCE_URL
-            value: "http://git.example.com"
-  - it: allows adding custom environment variables to the docker-in-docker container
-    template: templates/gitea/act_runner/statefulset.yaml
-    set:
-      actions:
-        enabled: true
-        statefulset:
-          dind:
-            extraEnvs:
-              - name: "CUSTOM_ENV_NAME"
-                value: "custom env value"
-    asserts:
-      - equal:
-          path: spec.template.spec.containers[1].env[3]
-          value:
-            name: "CUSTOM_ENV_NAME"
-            value: "custom env value"
-  - it: should mount an extra volume in the act runner container
-    template: templates/gitea/act_runner/statefulset.yaml
-    set:
-      actions:
-        enabled: true
-        statefulset:
-          extraVolumes:
-            - name: my-act-runner-volume
-              emptyDir: {}
-          actRunner:
-            extraVolumeMounts:
-              - mountPath: /mnt
-                name: my-act-runner-volume
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-act-runner
-      - contains:
-          any: true
-          path: spec.template.spec.containers[0].volumeMounts
-          content:
-            mountPath: /mnt
-            name: my-act-runner-volume
-  - it: should mount an extra volume in the docker-in-docker container
-    template: templates/gitea/act_runner/statefulset.yaml
-    set:
-      actions:
-        enabled: true
-        statefulset:
-          extraVolumes:
-            - name: my-dind-volume
-              emptyDir: {}
-          dind:
-            extraVolumeMounts:
-              - mountPath: /mnt
-                name: my-dind-volume
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-act-runner
-      - contains:
-          any: true
-          path: spec.template.spec.containers[1].volumeMounts
-          content:
-            mountPath: /mnt
-            name: my-dind-volume

unittests/helm/check-actions-not-present.yaml

@@ -0,0 +1,12 @@
+suite: Check if actions raises an error
+release:
+  name: gitea-unittests
+  namespace: testing
+tests:
+  - it: fails when trying to configure actions due to removal
+    set:
+      actions:
+        enabled: true
+    asserts:
+      - failedTemplate:
+          errorMessage: The actions sub-chart has been outsourced to a dedicated chart available at https://gitea.com/gitea/helm-actions. For assistance with the migration process, check https://gitea.com/gitea/helm-actions/issues/9.

unittests/helm/config/actions-config.yaml

@@ -5,57 +5,20 @@ release:
 templates:
   - templates/gitea/config.yaml
 tests:
-  - it: "actions are not enabled by default"
+  - it: "actions are enabled by default (based on vanilla Gitea behavior)"
     template: templates/gitea/config.yaml
+    asserts:
+      - documentIndex: 0
+        notExists:
+          path: stringData.actions
+
+  - it: "actions can be disabled via inline config"
+    template: templates/gitea/config.yaml
+    set:
+      gitea.config.actions.ENABLED: false
     asserts:
       - documentIndex: 0
         equal:
           path: stringData.actions
           value: |-
             ENABLED=false
-
-  - it: "actions can be enabled via inline config"
-    template: templates/gitea/config.yaml
-    set:
-      gitea.config.actions.ENABLED: true
-    asserts:
-      - documentIndex: 0
-        equal:
-          path: stringData.actions
-          value: |-
-            ENABLED=true
-
-  - it: "actions can be enabled via dedicated values object"
-    template: templates/gitea/config.yaml
-    set:
-      actions:
-        enabled: true
-    asserts:
-      - documentIndex: 0
-        equal:
-          path: stringData.actions
-          value: |-
-            ENABLED=true
-
-  - it: "defines LOCAL_ROOT_URL when actions are enabled"
-    template: templates/gitea/config.yaml
-    set:
-      actions:
-        enabled: true
-    asserts:
-      - documentIndex: 0
-        matchRegex:
-          path: stringData.server
-          pattern: \nLOCAL_ROOT_URL=http://gitea-unittests-http:3000
-
-  - it: "respects custom LOCAL_ROOT_URL, even when actions are enabled"
-    template: templates/gitea/config.yaml
-    set:
-      actions:
-        enabled: true
-      gitea.config.server.LOCAL_ROOT_URL: "http://git.example.com"
-    asserts:
-      - documentIndex: 0
-        matchRegex:
-          path: stringData.server
-          pattern: \nLOCAL_ROOT_URL=http://git.example.com

unittests/helm/config/cache-config.yaml

@@ -3,12 +3,12 @@ release:
   name: gitea-unittests
   namespace: testing
 tests:
-  - it: "cache is configured correctly for redis-cluster"
+  - it: "cache is configured correctly for valkey-cluster"
     template: templates/gitea/config.yaml
     set:
-      redis-cluster:
+      valkey-cluster:
         enabled: true
-      redis:
+      valkey:
         enabled: false
     asserts:
       - documentIndex: 0
@@ -16,14 +16,14 @@ tests:
           path: stringData.cache
           value: |-
             ADAPTER=redis
-            HOST=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
+            HOST=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
 
-  - it: "cache is configured correctly for redis"
+  - it: "cache is configured correctly for valkey"
     template: templates/gitea/config.yaml
     set:
-      redis-cluster:
+      valkey-cluster:
         enabled: false
-      redis:
+      valkey:
         enabled: true
     asserts:
       - documentIndex: 0
@@ -31,14 +31,14 @@ tests:
           path: stringData.cache
           value: |-
             ADAPTER=redis
-            HOST=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
+            HOST=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
 
-  - it: "cache is configured correctly for 'memory' when redis (or redis-cluster) is disabled"
+  - it: "cache is configured correctly for 'memory' when valkey (or valkey-cluster) is disabled"
     template: templates/gitea/config.yaml
     set:
-      redis-cluster:
+      valkey-cluster:
         enabled: false
-      redis:
+      valkey:
         enabled: false
     asserts:
       - documentIndex: 0
@@ -48,12 +48,12 @@ tests:
             ADAPTER=memory
             HOST=
 
-  - it: "cache can be customized when redis (or redis-cluster) is disabled"
+  - it: "cache can be customized when valkey (or valkey-cluster) is disabled"
     template: templates/gitea/config.yaml
     set:
-      redis-cluster:
+      valkey-cluster:
         enabled: false
-      redis:
+      valkey:
         enabled: false
       gitea.config.cache.ADAPTER: custom-adapter
       gitea.config.cache.HOST: custom-host

unittests/helm/config/queue-config.yaml

@@ -3,42 +3,42 @@ release:
   name: gitea-unittests
   namespace: testing
 tests:
-  - it: "queue is configured correctly for redis-cluster"
+  - it: "queue is configured correctly for valkey-cluster"
     template: templates/gitea/config.yaml
     set:
-      redis-cluster:
+      valkey-cluster:
         enabled: true
-      redis:
+      valkey:
         enabled: false
     asserts:
       - documentIndex: 0
         equal:
           path: stringData.queue
           value: |-
-            CONN_STR=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
+            CONN_STR=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
             TYPE=redis
 
-  - it: "queue is configured correctly for redis"
+  - it: "queue is configured correctly for valkey"
     template: templates/gitea/config.yaml
     set:
-      redis-cluster:
+      valkey-cluster:
         enabled: false
-      redis:
+      valkey:
         enabled: true
     asserts:
       - documentIndex: 0
         equal:
           path: stringData.queue
           value: |-
-            CONN_STR=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
+            CONN_STR=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
             TYPE=redis
 
-  - it: "queue is configured correctly for 'levelDB' when redis (and redis-cluster) is disabled"
+  - it: "queue is configured correctly for 'levelDB' when valkey (and valkey-cluster) is disabled"
     template: templates/gitea/config.yaml
     set:
-      redis-cluster:
+      valkey-cluster:
         enabled: false
-      redis:
+      valkey:
         enabled: false
     asserts:
       - documentIndex: 0
@@ -48,12 +48,12 @@ tests:
             CONN_STR=
             TYPE=level
 
-  - it: "queue can be customized when redis (and redis-cluster) are disabled"
+  - it: "queue can be customized when valkey (and valkey-cluster) are disabled"
     template: templates/gitea/config.yaml
     set:
-      redis-cluster:
+      valkey-cluster:
         enabled: false
-      redis:
+      valkey:
         enabled: false
       gitea.config.queue.TYPE: custom-type
       gitea.config.queue.CONN_STR: custom-connection-string

unittests/helm/config/session-config.yaml

@@ -3,12 +3,12 @@ release:
   name: gitea-unittests
   namespace: testing
 tests:
-  - it: "session is configured correctly for redis-cluster"
+  - it: "session is configured correctly for valkey-cluster"
     template: templates/gitea/config.yaml
     set:
-      redis-cluster:
+      valkey-cluster:
         enabled: true
-      redis:
+      valkey:
         enabled: false
     asserts:
       - documentIndex: 0
@@ -16,14 +16,14 @@ tests:
           path: stringData.session
           value: |-
             PROVIDER=redis
-            PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
+            PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
 
-  - it: "session is configured correctly for redis"
+  - it: "session is configured correctly for valkey"
     template: templates/gitea/config.yaml
     set:
-      redis-cluster:
+      valkey-cluster:
         enabled: false
-      redis:
+      valkey:
         enabled: true
     asserts:
       - documentIndex: 0
@@ -31,14 +31,14 @@ tests:
           path: stringData.session
           value: |-
             PROVIDER=redis
-            PROVIDER_CONFIG=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
+            PROVIDER_CONFIG=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
 
-  - it: "session is configured correctly for 'memory' when redis (and redis-cluster) is disabled"
+  - it: "session is configured correctly for 'memory' when valkey (and valkey-cluster) is disabled"
     template: templates/gitea/config.yaml
     set:
-      redis-cluster:
+      valkey-cluster:
         enabled: false
-      redis:
+      valkey:
         enabled: false
     asserts:
       - documentIndex: 0
@@ -48,12 +48,12 @@ tests:
             PROVIDER=memory
             PROVIDER_CONFIG=
 
-  - it: "session can be customized when redis (and redis-cluster) is disabled"
+  - it: "session can be customized when valkey (and valkey-cluster) is disabled"
     template: templates/gitea/config.yaml
     set:
-      redis-cluster:
+      valkey-cluster:
         enabled: false
-      redis:
+      valkey:
         enabled: false
       gitea.config.session.PROVIDER: custom-provider
       gitea.config.session.PROVIDER_CONFIG: custom-provider-config

unittests/helm/dependency-checks/customization-integrity-valkey-cluster.yaml

@@ -1,19 +1,19 @@
-suite: Dependency checks | Customization integrity | redis-cluster
+suite: Dependency checks | Customization integrity | valkey-cluster
 release:
   name: gitea-unittests
   namespace: testing
 set:
-  redis:
+  valkey:
     enabled: false
-  redis-cluster:
+  valkey-cluster:
     enabled: true
     usePassword: false
     cluster:
       nodes: 5
       replicas: 2
 tests:
-  - it: "[redis-cluster] configures correct nodes/replicas"
-    template: charts/redis-cluster/templates/redis-statefulset.yaml
+  - it: "[valkey-cluster] configures correct nodes/replicas"
+    template: charts/valkey-cluster/templates/valkey-statefulset.yaml
     asserts:
       - documentIndex: 0
         equal:
@@ -22,31 +22,31 @@ tests:
       - documentIndex: 0
         matchRegex:
           path: spec.template.spec.containers[0].args[0]
-          pattern: REDIS_CLUSTER_REPLICAS="2"
-  - it: "[redis-cluster] support auth-less connections"
+          pattern: VALKEY_CLUSTER_REPLICAS="2"
+  - it: "[valkey-cluster] support auth-less connections"
     asserts:
-      - template: charts/redis-cluster/templates/secret.yaml
+      - template: charts/valkey-cluster/templates/secret.yaml
         hasDocuments:
           count: 0
-      - template: charts/redis-cluster/templates/redis-statefulset.yaml
+      - template: charts/valkey-cluster/templates/valkey-statefulset.yaml
         documentIndex: 0
         contains:
           path: spec.template.spec.containers[0].env
           content:
             name: ALLOW_EMPTY_PASSWORD
             value: "yes"
-  - it: "[redis-cluster] support auth-full connections"
+  - it: "[valkey-cluster] support auth-full connections"
     set:
-      redis-cluster:
+      valkey-cluster:
         usePassword: true
     asserts:
-      - template: charts/redis-cluster/templates/secret.yaml
+      - template: charts/valkey-cluster/templates/secret.yaml
         containsDocument:
           kind: Secret
           apiVersion: v1
-          name: gitea-unittests-redis-cluster
+          name: gitea-unittests-valkey-cluster
           namespace: testing
-      - template: charts/redis-cluster/templates/redis-statefulset.yaml
+      - template: charts/valkey-cluster/templates/valkey-statefulset.yaml
         documentIndex: 0
         contains:
           path: spec.template.spec.containers[0].env
@@ -54,25 +54,25 @@ tests:
             name: REDISCLI_AUTH
             valueFrom:
               secretKeyRef:
-                name: gitea-unittests-redis-cluster
-                key: redis-password
-      - template: charts/redis-cluster/templates/redis-statefulset.yaml
+                name: gitea-unittests-valkey-cluster
+                key: valkey-password
+      - template: charts/valkey-cluster/templates/valkey-statefulset.yaml
         documentIndex: 0
         contains:
           path: spec.template.spec.containers[0].env
           content:
-            name: REDIS_PASSWORD
+            name: REDISCLI_AUTH
             valueFrom:
               secretKeyRef:
-                name: gitea-unittests-redis-cluster
-                key: redis-password
-  - it: "[redis-cluster] renders the referenced service"
-    template: charts/redis-cluster/templates/headless-svc.yaml
+                name: gitea-unittests-valkey-cluster
+                key: valkey-password
+  - it: "[valkey-cluster] renders the referenced service"
+    template: charts/valkey-cluster/templates/headless-svc.yaml
     asserts:
       - containsDocument:
           kind: Service
           apiVersion: v1
-          name: gitea-unittests-redis-cluster-headless
+          name: gitea-unittests-valkey-cluster-headless
           namespace: testing
       - documentIndex: 0
         contains:
@@ -81,10 +81,10 @@ tests:
             name: tcp-redis
             port: 6379
             targetPort: tcp-redis
-  - it: "[gitea] waits for redis-cluster to be up and running"
+  - it: "[gitea] waits for valkey-cluster to be up and running"
     template: templates/gitea/init.yaml
     asserts:
       - documentIndex: 0
         matchRegex:
           path: stringData["configure_gitea.sh"]
-          pattern: nc -vz -w2 gitea-unittests-redis-cluster-headless.testing.svc.cluster.local 6379
+          pattern: nc -vz -w2 gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local 6379

unittests/helm/dependency-checks/customization-integrity-valkey.yaml

@@ -1,40 +1,40 @@
-suite: Dependency checks | Customization integrity | redis
+suite: Dependency checks | Customization integrity | valkey
 release:
   name: gitea-unittests
   namespace: testing
 set:
-  redis-cluster:
+  valkey-cluster:
     enabled: false
-  redis:
+  valkey:
     enabled: true
     architecture: standalone
     global:
-      redis:
+      valkey:
         password: gitea-password
     master:
       count: 2
 tests:
-  - it: "[redis] configures correct 'master' nodes"
-    template: charts/redis/templates/master/application.yaml
+  - it: "[valkey] configures correct 'master' nodes"
+    template: charts/valkey/templates/primary/application.yaml
     asserts:
       - documentIndex: 0
         equal:
           path: spec.replicas
-          value: 2
-  - it: "[redis] redis.global.redis.password is applied as expected"
-    template: charts/redis/templates/secret.yaml
+          value: 1
+  - it: "[valkey] valkey.global.valkey.password is applied as expected"
+    template: charts/valkey/templates/secret.yaml
     asserts:
       - documentIndex: 0
         equal:
-          path: data["redis-password"]
+          path: data["valkey-password"]
           value: "Z2l0ZWEtcGFzc3dvcmQ="
-  - it: "[redis] renders the referenced service"
-    template: charts/redis/templates/headless-svc.yaml
+  - it: "[valkey] renders the referenced service"
+    template: charts/valkey/templates/headless-svc.yaml
     asserts:
       - containsDocument:
           kind: Service
           apiVersion: v1
-          name: gitea-unittests-redis-headless
+          name: gitea-unittests-valkey-headless
           namespace: testing
       - documentIndex: 0
         contains:
@@ -43,10 +43,10 @@ tests:
             name: tcp-redis
             port: 6379
             targetPort: redis
-  - it: "[gitea] waits for redis to be up and running"
+  - it: "[gitea] waits for valkey to be up and running"
     template: templates/gitea/init.yaml
     asserts:
       - documentIndex: 0
         matchRegex:
           path: stringData["configure_gitea.sh"]
-          pattern: nc -vz -w2 gitea-unittests-redis-headless.testing.svc.cluster.local 6379
+          pattern: nc -vz -w2 gitea-unittests-valkey-headless.testing.svc.cluster.local 6379

unittests/helm/dependency-checks/major-image-bump.yaml

@@ -29,29 +29,29 @@ tests:
           path: spec.template.spec.containers[0].image
           # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
           pattern: bitnami/postgresql:17.+$
-  - it: "[redis-cluster] ensures we detect major image version upgrades"
-    template: charts/redis-cluster/templates/redis-statefulset.yaml
+  - it: "[valkey-cluster] ensures we detect major image version upgrades"
+    template: charts/valkey-cluster/templates/valkey-statefulset.yaml
     set:
-      redis-cluster:
+      valkey-cluster:
         enabled: true
-      redis:
+      valkey:
         enabled: false
     asserts:
       - documentIndex: 0
         matchRegex:
           path: spec.template.spec.containers[0].image
           # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
-          pattern: bitnami/redis-cluster:7.+$
-  - it: "[redis] ensures we detect major image version upgrades"
-    template: charts/redis/templates/master/application.yaml
+          pattern: bitnami/valkey-cluster:8.+$
+  - it: "[valkey] ensures we detect major image version upgrades"
+    template: charts/valkey/templates/primary/application.yaml
     set:
-      redis-cluster:
+      valkey-cluster:
         enabled: false
-      redis:
+      valkey:
         enabled: true
     asserts:
       - documentIndex: 0
         matchRegex:
           path: spec.template.spec.containers[0].image
           # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
-          pattern: bitnami/redis:7.+$
+          pattern: bitnami/valkey:8.+$

unittests/helm/deployment/basic.yaml

@@ -73,3 +73,23 @@ tests:
             requests:
               cpu: 100ms
               memory: 100Mi
+  - it: Init containers have correct volumeMount path
+    template: templates/gitea/deployment.yaml
+    set:
+      initContainersScriptsVolumeMountPath: "/custom/init/path"
+    asserts:
+      - equal:
+          path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="init")].mountPath
+          value: "/custom/init/path"
+      - equal:
+          path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="config")].mountPath
+          value: "/custom/init/path"
+  - it: Init containers have correct volumeMount path if there is no override
+    template: templates/gitea/deployment.yaml
+    asserts:
+      - equal:
+          path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="init")].mountPath
+          value: "/usr/sbinx"
+      - equal:
+          path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="config")].mountPath
+          value: "/usr/sbinx"

unittests/helm/deployment/deployment-additional-config.yaml

@@ -0,0 +1,150 @@
+suite: deployment template
+release:
+  name: gitea-unittests
+  namespace: testing
+templates:
+  - templates/gitea/deployment.yaml
+  - templates/gitea/config.yaml
+tests:
+  - it: Renders a deployment
+    template: templates/gitea/deployment.yaml
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: Deployment
+          apiVersion: apps/v1
+          name: gitea-unittests
+  - it: Deployment with empty additionalConfigFromEnvs
+    template: templates/gitea/deployment.yaml
+    set:
+      gitea.additionalConfigFromEnvs: []
+    asserts:
+      - hasDocuments:
+          count: 1
+      - exists:
+          path: spec.template.spec.initContainers[1].env
+      - lengthEqual:
+          path: spec.template.spec.initContainers[1].env
+          count: 6
+      - isSubset:
+          path: spec.template.spec.initContainers[1]
+          content:
+            env:
+              - name: GITEA_APP_INI
+                value: /data/gitea/conf/app.ini
+              - name: GITEA_CUSTOM
+                value: /data/gitea
+              - name: GITEA_WORK_DIR
+                value: /data
+              - name: GITEA_TEMP
+                value: /tmp/gitea
+              - name: TMP_EXISTING_ENVS_FILE
+                value: /tmp/existing-envs
+              - name: ENV_TO_INI_MOUNT_POINT
+                value: /env-to-ini-mounts
+  - it: Deployment with standard additionalConfigFromEnvs
+    template: templates/gitea/deployment.yaml
+    set:
+      gitea.additionalConfigFromEnvs: [{name: GITEA_database_HOST, value: my-db:123}, {name: GITEA_database_USER, value: my-user}]
+    asserts:
+      - hasDocuments:
+          count: 1
+      - exists:
+          path: spec.template.spec.initContainers[1].env
+      - lengthEqual:
+          path: spec.template.spec.initContainers[1].env
+          count: 8
+      - isSubset:
+          path: spec.template.spec.initContainers[1]
+          content:
+            env:
+              - name: GITEA_APP_INI
+                value: /data/gitea/conf/app.ini
+              - name: GITEA_CUSTOM
+                value: /data/gitea
+              - name: GITEA_WORK_DIR
+                value: /data
+              - name: GITEA_TEMP
+                value: /tmp/gitea
+              - name: TMP_EXISTING_ENVS_FILE
+                value: /tmp/existing-envs
+              - name: ENV_TO_INI_MOUNT_POINT
+                value: /env-to-ini-mounts
+              - name: GITEA_database_HOST
+                value: my-db:123
+              - name: GITEA_database_USER
+                value: my-user
+  - it: Deployment with templated additionalConfigFromEnvs
+    template: templates/gitea/deployment.yaml
+    set:
+      gitea.misc.host: my-db-host:321
+      gitea.misc.user: my-db-user
+      gitea.additionalConfigFromEnvs: [{name: GITEA_database_HOST, value: "{{ .Values.gitea.misc.host }}"}, {name: GITEA_database_USER, value: "{{ .Values.gitea.misc.user }}"}]
+    asserts:
+      - hasDocuments:
+          count: 1
+      - exists:
+          path: spec.template.spec.initContainers[1].env
+      - lengthEqual:
+          path: spec.template.spec.initContainers[1].env
+          count: 8
+      - isSubset:
+          path: spec.template.spec.initContainers[1]
+          content:
+            env:
+              - name: GITEA_APP_INI
+                value: /data/gitea/conf/app.ini
+              - name: GITEA_CUSTOM
+                value: /data/gitea
+              - name: GITEA_WORK_DIR
+                value: /data
+              - name: GITEA_TEMP
+                value: /tmp/gitea
+              - name: TMP_EXISTING_ENVS_FILE
+                value: /tmp/existing-envs
+              - name: ENV_TO_INI_MOUNT_POINT
+                value: /env-to-ini-mounts
+              - name: GITEA_database_HOST
+                value: my-db-host:321
+              - name: GITEA_database_USER
+                value: my-db-user
+  - it: Deployment with additionalConfigFromEnvs templated secret name
+    template: templates/gitea/deployment.yaml
+    set:
+      gitea.misc.existingSecret: my-db-secret
+      gitea.additionalConfigFromEnvs[0]:
+        name: GITEA_database_HOST
+        valueFrom:
+          secretKeyRef:
+            name: "{{ .Values.gitea.misc.existingSecret }}"
+            key: password
+    asserts:
+      - hasDocuments:
+          count: 1
+      - exists:
+          path: spec.template.spec.initContainers[1].env
+      - lengthEqual:
+          path: spec.template.spec.initContainers[1].env
+          count: 7
+      - isSubset:
+          path: spec.template.spec.initContainers[1]
+          content:
+            env:
+              - name: GITEA_APP_INI
+                value: /data/gitea/conf/app.ini
+              - name: GITEA_CUSTOM
+                value: /data/gitea
+              - name: GITEA_WORK_DIR
+                value: /data
+              - name: GITEA_TEMP
+                value: /tmp/gitea
+              - name: TMP_EXISTING_ENVS_FILE
+                value: /tmp/existing-envs
+              - name: ENV_TO_INI_MOUNT_POINT
+                value: /env-to-ini-mounts
+              - name: GITEA_database_HOST
+                valueFrom:
+                  secretKeyRef:
+                    name: "my-db-secret"
+                    key: password

unittests/helm/deployment/ingress-configuration.yaml

@@ -1,28 +1,7 @@
-suite: ingress template
-release:
-  name: gitea-unittests
-  namespace: testing
+suite: Test ingress tpl use
 templates:
   - templates/gitea/ingress.yaml
 tests:
-  - it: hostname using TPL
-    set:
-      global.giteaHostName: "gitea.example.com"
-      ingress.enabled: true
-      ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}"
-      ingress.tls:
-        - secretName: gitea-tls
-          hosts:
-            - "{{ .Values.global.giteaHostName }}"
-    asserts:
-      - isKind:
-          of: Ingress
-      - equal:
-          path: spec.tls[0].hosts[0]
-          value: "gitea.example.com"
-      - equal:
-          path: spec.rules[0].host
-          value: "gitea.example.com"
   - it: Ingress Class using TPL
     set:
       global.ingress.className: "ingress-class"
@@ -45,3 +24,22 @@ tests:
       - equal:
           path: spec.ingressClassName
           value: "ingress-class"
+
+  - it: hostname using TPL
+    set:
+      global.giteaHostName: "gitea.example.com"
+      ingress.enabled: true
+      ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}"
+      ingress.tls:
+        - secretName: gitea-tls
+          hosts:
+            - "{{ .Values.global.giteaHostName }}"
+    asserts:
+      - isKind:
+          of: Ingress
+      - equal:
+          path: spec.tls[0].hosts[0]
+          value: "gitea.example.com"
+      - equal:
+          path: spec.rules[0].host
+          value: "gitea.example.com"

unittests/helm/deployment/signing-enabled.yaml

@@ -18,7 +18,7 @@ tests:
           value: configure-gpg
       - equal:
           path: spec.template.spec.initContainers[2].command
-          value: ["/usr/sbin/configure_gpg_environment.sh"]
+          value: ["/usr/sbinx/configure_gpg_environment.sh"]
       - equal:
           path: spec.template.spec.initContainers[2].securityContext
           value:
@@ -34,7 +34,7 @@ tests:
           path: spec.template.spec.initContainers[2].volumeMounts
           value:
             - name: init
-              mountPath: /usr/sbin
+              mountPath: /usr/sbinx
             - name: data
               mountPath: /data
             - name: gpg-private-key

unittests/helm/ingress/basic.yaml

@@ -0,0 +1,93 @@
+suite: Test ingress.yaml
+templates:
+  - templates/gitea/ingress.yaml
+tests:
+  - it: should enable ingress when ingress.enabled is true
+    set:
+      ingress.enabled: true
+      ingress.apiVersion: networking.k8s.io/v1
+      ingress.annotations:
+        kubernetes.io/ingress.class: nginx
+      ingress.className: nginx
+      ingress.tls:
+        - hosts:
+            - example.com
+          secretName: tls-secret
+      ingress.hosts:
+        - host: example.com
+          paths: ["/"]
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: Ingress
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-gitea
+      - matchRegex:
+          path: apiVersion
+          pattern: networking.k8s.io/v1
+      - equal:
+          path: spec.ingressClassName
+          value: nginx
+      - equal:
+          path: spec.rules[0].host
+          value: "example.com"
+      - equal:
+          path: spec.tls[0].hosts[0]
+          value: "example.com"
+      - equal:
+          path: spec.tls[0].secretName
+          value: tls-secret
+      - equal:
+          path: metadata.annotations["kubernetes.io/ingress.class"]
+          value: nginx
+
+  - it: should not create ingress when ingress.enabled is false
+    set:
+      ingress.enabled: false
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: Ingress Class using TPL
+    set:
+      global.ingress.className: "ingress-class"
+      ingress.className: "{{ .Values.global.ingress.className }}"
+      ingress.enabled: true
+      ingress.hosts[0].host: "some-host"
+      ingress.tls:
+        - secretName: gitea-tls
+          hosts:
+            - "some-host"
+    asserts:
+      - isKind:
+          of: Ingress
+      - equal:
+          path: spec.tls[0].hosts[0]
+          value: "some-host"
+      - equal:
+          path: spec.rules[0].host
+          value: "some-host"
+      - equal:
+          path: spec.ingressClassName
+          value: "ingress-class"
+
+  - it: hostname using TPL
+    set:
+      global.giteaHostName: "gitea.example.com"
+      ingress.enabled: true
+      ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}"
+      ingress.tls:
+        - secretName: gitea-tls
+          hosts:
+            - "{{ .Values.global.giteaHostName }}"
+    asserts:
+      - isKind:
+          of: Ingress
+      - equal:
+          path: spec.tls[0].hosts[0]
+          value: "gitea.example.com"
+      - equal:
+          path: spec.rules[0].host
+          value: "gitea.example.com"

unittests/helm/ingress/implicit-defaults.yaml

@@ -0,0 +1,23 @@
+suite: Test ingress with implicit path defaults
+templates:
+  - templates/gitea/ingress.yaml
+tests:
+  - it: should use default path and pathType when no paths are specified
+    set:
+      ingress.enabled: true
+      ingress.hosts:
+        - host: git.example.com
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: Ingress
+      - equal:
+          path: spec.rules[0].host
+          value: "git.example.com"
+      - equal:
+          path: spec.rules[0].http.paths[0].path
+          value: "/"
+      - equal:
+          path: spec.rules[0].http.paths[0].pathType
+          value: "Prefix"

unittests/helm/ingress/ingress.tpl.yaml

@@ -0,0 +1,45 @@
+suite: Test ingress tpl use
+templates:
+  - templates/gitea/ingress.yaml
+tests:
+  - it: Ingress Class using TPL
+    set:
+      global.ingress.className: "ingress-class"
+      ingress.className: "{{ .Values.global.ingress.className }}"
+      ingress.enabled: true
+      ingress.hosts[0].host: "some-host"
+      ingress.tls:
+        - secretName: gitea-tls
+          hosts:
+            - "some-host"
+    asserts:
+      - isKind:
+          of: Ingress
+      - equal:
+          path: spec.tls[0].hosts[0]
+          value: "some-host"
+      - equal:
+          path: spec.rules[0].host
+          value: "some-host"
+      - equal:
+          path: spec.ingressClassName
+          value: "ingress-class"
+
+  - it: hostname using TPL
+    set:
+      global.giteaHostName: "gitea.example.com"
+      ingress.enabled: true
+      ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}"
+      ingress.tls:
+        - secretName: gitea-tls
+          hosts:
+            - "{{ .Values.global.giteaHostName }}"
+    asserts:
+      - isKind:
+          of: Ingress
+      - equal:
+          path: spec.tls[0].hosts[0]
+          value: "gitea.example.com"
+      - equal:
+          path: spec.rules[0].host
+          value: "gitea.example.com"

unittests/helm/ingress/structured-paths.yaml

@@ -0,0 +1,26 @@
+suite: Test ingress with structured paths
+templates:
+  - templates/gitea/ingress.yaml
+tests:
+  - it: should work with structured path definitions
+    set:
+      ingress.enabled: true
+      ingress.hosts:
+        - host: git.devxy.io
+          paths:
+            - path: /
+              pathType: Prefix
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: Ingress
+      - equal:
+          path: spec.rules[0].host
+          value: "git.devxy.io"
+      - equal:
+          path: spec.rules[0].http.paths[0].path
+          value: "/"
+      - equal:
+          path: spec.rules[0].http.paths[0].pathType
+          value: "Prefix"

unittests/helm/values-conflicting-checks.yaml

@@ -3,12 +3,12 @@ release:
   name: gitea-unittests
   namespace: testing
 tests:
-  - it: fails when trying to configure redis and redis-cluster the same time
+  - it: fails when trying to configure valkey and valkey-cluster the same time
     set:
-      redis-cluster:
+      valkey-cluster:
         enabled: true
-      redis:
+      valkey:
         enabled: true
     asserts:
       - failedTemplate:
-          errorMessage: redis and redis-cluster cannot be enabled at the same time. Please only choose one.
+          errorMessage: valkey and valkey-cluster cannot be enabled at the same time. Please only choose one.

values.yaml

@@ -157,33 +157,25 @@ service:
 
 ## @section Ingress
 ## @param ingress.enabled Enable ingress
-## @param ingress.className Ingress class name
+## @param ingress.className DEPRECATED: Ingress class name.
+## @param ingress.pathType Ingress Path Type
 ## @param ingress.annotations Ingress annotations
 ## @param ingress.hosts[0].host Default Ingress host
 ## @param ingress.hosts[0].paths[0].path Default Ingress path
-## @param ingress.hosts[0].paths[0].pathType Ingress path type
 ## @param ingress.tls Ingress tls settings
-## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd.
 ingress:
   enabled: false
-  # className: nginx
-  className:
-  annotations:
-    {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
+  className: ""
+  pathType: Prefix
+  annotations: {}
   hosts:
     - host: git.example.com
       paths:
         - path: /
-          pathType: Prefix
   tls: []
   #  - secretName: chart-example-tls
   #    hosts:
   #      - git.example.com
-  # Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar
-  # If helm doesn't correctly detect your ingress API version you can set it here.
-  # apiVersion: networking.k8s.io/v1
 
 ## @section deployment
 #
@@ -314,6 +306,8 @@ extraVolumeMounts: []
 ## @section Init
 ## @param initPreScript Bash shell script copied verbatim to the start of the init-container.
 initPreScript: ""
+## @param initContainersScriptsVolumeMountPath Path to mount the scripts consumed from the Secrets
+initContainersScriptsVolumeMountPath: "/usr/sbinx"
 #
 # initPreScript: |
 #   mkdir -p /data/git/.postgresql
@@ -348,107 +342,6 @@ signing:
   #   -----END PGP PRIVATE KEY BLOCK-----
   existingSecret: ""
 
-# Configure Gitea Actions
-# - must enable persistence if the job is enabled
-## @section Gitea Actions
-#
-## @param actions.enabled Create an act runner StatefulSet.
-## @param actions.init.image.repository The image used for the init containers
-## @param actions.init.image.tag The image tag used for the init containers
-## @param actions.statefulset.annotations Act runner annotations
-## @param actions.statefulset.labels Act runner labels
-## @param actions.statefulset.resources Act runner resources
-## @param actions.statefulset.nodeSelector NodeSelector for the statefulset
-## @param actions.statefulset.tolerations Tolerations for the statefulset
-## @param actions.statefulset.affinity Affinity for the statefulset
-## @param actions.statefulset.extraVolumes Extra volumes for the statefulset
-## @param actions.statefulset.actRunner.repository The Gitea act runner image
-## @param actions.statefulset.actRunner.tag The Gitea act runner tag
-## @param actions.statefulset.actRunner.pullPolicy The Gitea act runner pullPolicy
-## @param actions.statefulset.actRunner.extraVolumeMounts Allows mounting extra volumes in the act runner container
-## @param actions.statefulset.actRunner.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details.
-## @param actions.statefulset.dind.repository The Docker-in-Docker image
-## @param actions.statefulset.dind.tag The Docker-in-Docker image tag
-## @param actions.statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy
-## @param actions.statefulset.dind.extraVolumeMounts Allows mounting extra volumes in the Docker-in-Docker container
-## @param actions.statefulset.dind.extraEnvs Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`
-## @param actions.provisioning.enabled Create a job that will create and save the token in a Kubernetes Secret
-## @param actions.provisioning.annotations Job's annotations
-## @param actions.provisioning.labels Job's labels
-## @param actions.provisioning.resources Job's resources
-## @param actions.provisioning.nodeSelector NodeSelector for the job
-## @param actions.provisioning.tolerations Tolerations for the job
-## @param actions.provisioning.affinity Affinity for the job
-## @param actions.provisioning.ttlSecondsAfterFinished ttl for the job after finished in order to allow helm to properly recognize that the job completed
-## @param actions.provisioning.publish.repository The image that can create the secret via kubectl
-## @param actions.provisioning.publish.tag The publish image tag that can create the secret
-## @param actions.provisioning.publish.pullPolicy The publish image pullPolicy that can create the secret
-## @param actions.existingSecret Secret that contains the token
-## @param actions.existingSecretKey Secret key
-actions:
-  enabled: false
-  statefulset:
-    annotations: {}
-    labels: {}
-    resources: {}
-    nodeSelector: {}
-    tolerations: []
-    affinity: {}
-    extraVolumes: []
-
-    actRunner:
-      repository: gitea/act_runner
-      tag: 0.2.11
-      pullPolicy: IfNotPresent
-      extraVolumeMounts: []
-
-      # See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
-      config: |
-        log:
-          level: debug
-        cache:
-          enabled: false
-
-    dind:
-      repository: docker
-      tag: 25.0.2-dind
-      pullPolicy: IfNotPresent
-      extraVolumeMounts: []
-
-      # If the container keeps crashing in your environment, you might have to add the `DOCKER_IPTABLES_LEGACY` environment variable.
-      # See https://github.com/docker-library/docker/issues/463#issuecomment-1881909456
-      extraEnvs: []
-        #  - name: "DOCKER_IPTABLES_LEGACY"
-        #    value: "1"
-
-  init:
-    image:
-      repository: busybox
-      # Overrides the image tag whose default is the chart appVersion.
-      tag: "1.37.0"
-
-  provisioning:
-    enabled: false
-
-    annotations: {}
-    labels: {}
-    resources: {}
-    nodeSelector: {}
-    tolerations: []
-    affinity: {}
-
-    publish:
-      repository: bitnami/kubectl
-      tag: 1.29.0
-      pullPolicy: IfNotPresent
-
-    ttlSecondsAfterFinished: 300
-
-  ## Specify an existing token secret
-  ##
-  existingSecret: ""
-  existingSecretKey: ""
-
 ## @section Gitea
 #
 gitea:
@@ -608,41 +501,51 @@ gitea:
     successThreshold: 1
     failureThreshold: 10
 
-## @section redis-cluster
-## @param redis-cluster.enabled Enable redis cluster
-# ⚠️ The redis charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-gitea/issues/690>).
+## @section valkey-cluster
+## @param valkey-cluster.enabled Enable valkey cluster
+# ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>).
 # Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
-## @param redis-cluster.usePassword Whether to use password authentication
-## @param redis-cluster.cluster.nodes Number of redis cluster master nodes
-## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas
+## @param valkey-cluster.usePassword Whether to use password authentication
+## @param valkey-cluster.usePasswordFiles Whether to mount passwords as files instead of environment variables
+## @param valkey-cluster.cluster.nodes Number of valkey cluster master nodes
+## @param valkey-cluster.cluster.replicas Number of valkey cluster master node replicas
+## @param valkey-cluster.service.ports.valkey Port of Valkey service
 ## @descriptionStart
-## Redis cluster and [Redis](#redis) cannot be enabled at the same time.
+## Valkey cluster and [Valkey](#valkey) cannot be enabled at the same time.
 ## @descriptionEnd
-redis-cluster:
+valkey-cluster:
   enabled: true
   usePassword: false
+  usePasswordFiles: false
   cluster:
     nodes: 3 # default: 6
     replicas: 0 # default: 1
+  service:
+    ports:
+      valkey: 6379
 
-## @section redis
-## @param redis.enabled Enable redis standalone or replicated
-## @param redis.architecture Whether to use standalone or replication
-# ⚠️ The redis charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-gitea/issues/690>).
+## @section valkey
+## @param valkey.enabled Enable valkey standalone or replicated
+## @param valkey.architecture Whether to use standalone or replication
+# ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>).
 # Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
-## @param redis.global.redis.password Required password
-## @param redis.master.count Number of Redis master instances to deploy
+## @param valkey.global.valkey.password Required password
+## @param valkey.master.count Number of Valkey master instances to deploy
+## @param valkey.master.service.ports.valkey Port of Valkey service
 ## @descriptionStart
-## Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time.
+## Valkey and [Valkey cluster](#valkey-cluster) cannot be enabled at the same time.
 ## @descriptionEnd
-redis:
+valkey:
   enabled: false
   architecture: standalone
   global:
-    redis:
+    valkey:
       password: changeme
   master:
     count: 1
+    service:
+      ports:
+        valkey: 6379
 
 ## @section PostgreSQL HA
 #