You've already forked helm-gitea
							
							Compare commits
	
		
			328 Commits
		
	
	
		
			v9.1.0
			...
			1d49cf3f58
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 1d49cf3f58 | |||
|   | 0a463f7252 | ||
|   | 14ac6abf78 | ||
| 89017545d3 | |||
|   | 40d8e5b6e3 | ||
|   | 1cdb7b7342 | ||
|   | 5c88f5fe9b | ||
|   | d7437cef0b | ||
|   | 1d7037e55e | ||
|   | 9cf42f55b0 | ||
|   | 8ed2db6aa5 | ||
|   | 667834962e | ||
|   | 78aba58284 | ||
|   | 7c0a924ca3 | ||
|   | 677b1af2ed | ||
|   | c9af860e60 | ||
|   | 3721929be2 | ||
|   | 44e9970b0b | ||
|   | 4fc53cd978 | ||
|   | 122bccd932 | ||
|   | 3233e33e27 | ||
|   | 6b99230843 | ||
| d9e181df93 | |||
|   | 603f8e68a7 | ||
| 10ad0f7743 | |||
| e31bd265b1 | |||
|   | 4cfcbd729f | ||
|   | f786359136 | ||
|   | 6d5fbcbaee | ||
|   | 14a4e47b73 | ||
|   | 3a7859f6cc | ||
|   | 364dfa2076 | ||
| 468c12643f | |||
|   | 46aa0534bb | ||
|   | 455cc67d41 | ||
|   | ec898f1330 | ||
| 82190f3d30 | |||
|   | e059beb82b | ||
|   | 9206b34af3 | ||
|   | 203a282e93 | ||
|   | 81c12fa3e5 | ||
|   | c7e294cf8c | ||
|   | ce60c7bb0f | ||
|   | 2875e08daf | ||
| 09767c4494 | |||
|   | a45253abf9 | ||
|   | f9efe98fe7 | ||
|   | 92c187f264 | ||
|   | 4fbdf634a9 | ||
|   | f0dcbe88dd | ||
|   | aa7ccb47ba | ||
|   | 0f1f329de4 | ||
|   | cb28148dc8 | ||
|   | ee84a1750b | ||
|   | 6e1d516bb2 | ||
|   | 08143654a5 | ||
|   | e134835662 | ||
|   | e7db8cddd9 | ||
| ec7a659535 | |||
|   | db177a356f | ||
|   | d29a7e84a4 | ||
|   | 31fa278145 | ||
|   | 52c249eb08 | ||
|   | 0d532363eb | ||
|   | 8f0f44a864 | ||
|   | cf86118976 | ||
|   | 7f96084a30 | ||
|   | 5292684a4a | ||
|   | edc42f69a9 | ||
|   | 9c607f8a4b | ||
|   | 6d89d0a1b7 | ||
|   | 8f35f45e31 | ||
|   | a94eec4238 | ||
|   | 87272a1244 | ||
|   | ed06694adf | ||
|   | 443a6d0cd7 | ||
|   | 8854e62572 | ||
|   | da2d169d65 | ||
|   | ebb4b1ee49 | ||
|   | e64afe393e | ||
|   | 6e4e414771 | ||
|   | 037eca0c91 | ||
|   | d10adfd064 | ||
|   | a1fc670df5 | ||
|   | 0cfe38aec5 | ||
|   | 5410bb08c2 | ||
|   | 3b32a04b9c | ||
|   | 5b247ea860 | ||
|   | 3aea811f1f | ||
|   | a7035ca4e5 | ||
|   | fa36d2beef | ||
|   | 6c5b42c482 | ||
|   | 356dd6e710 | ||
|   | 1f313ac70e | ||
|   | d2d542e625 | ||
|   | 75cd261b37 | ||
|   | 2c78da9c3e | ||
|   | 06f5179273 | ||
|   | e7e2ae9610 | ||
|   | 62f5ed6d46 | ||
|   | d2e9bcf4b8 | ||
|   | b44d43d2b0 | ||
|   | 03918a126b | ||
|   | 8d3f4d2260 | ||
|   | 74d550922b | ||
|   | 7245b3b4cc | ||
|   | c0cadb9056 | ||
|   | c38703f21e | ||
|   | ad475405e9 | ||
|   | 60ef163b22 | ||
|   | 941ab3ef49 | ||
|   | ff7783fcbe | ||
|   | 9f659afc47 | ||
|   | f74ab67b59 | ||
|   | 724ebc5258 | ||
|   | 44563bed35 | ||
|   | 6cb068ae12 | ||
|   | 3c931de904 | ||
|   | cb516e0f7f | ||
|   | 31d8e7c79f | ||
|   | 11d3fbcc77 | ||
|   | 05143021fe | ||
|   | a983974568 | ||
| edd8557bb0 | |||
|   | a4c706f521 | ||
|   | d8f155562b | ||
|   | 8bf5b2104d | ||
|   | d8ec7dc2f5 | ||
|   | 70cc590eb3 | ||
|   | 3ac51f2628 | ||
| 4f42f4bee3 | |||
|   | cc7532ec90 | ||
|   | 1d908965a8 | ||
|   | 43e0918cfc | ||
|   | 41deaf977e | ||
|   | b8b909be0b | ||
|   | 4f9a48ae51 | ||
|   | ef8ad0f050 | ||
|   | 680d95c943 | ||
|   | 48e61b164b | ||
|   | 3e72e8b983 | ||
|   | 9b28e264f7 | ||
|   | 8c4e8e8f30 | ||
|   | 5968cfa1d4 | ||
|   | 12f253db10 | ||
|   | 535aa1cf1a | ||
|   | a79fd31f7e | ||
|   | 726b36c6d8 | ||
|   | 4691b63f7a | ||
|   | 8f516048e4 | ||
|   | e9084e1833 | ||
|   | e733287dc2 | ||
|   | f4d1a6b516 | ||
|   | c3d0bae515 | ||
|   | aec87c2490 | ||
|   | e3db83e22b | ||
|   | 7cae9d3404 | ||
|   | 52153021e3 | ||
|   | 5f7d353901 | ||
|   | 389a8460e4 | ||
|   | 3bacaaad84 | ||
|   | 2be2e2a639 | ||
|   | 7b892431d6 | ||
|   | f7c66c0336 | ||
|   | 5c7e78b467 | ||
|   | 478af4e381 | ||
|   | 7c4d6c3797 | ||
|   | aa9808bc27 | ||
|   | a08e39f8ff | ||
|   | c039673e5a | ||
| e636984db1 | |||
|   | 77aa11a3bb | ||
|   | 3fdb39df68 | ||
|   | 9dc3f7c086 | ||
|   | 036b469ff9 | ||
|   | 339ee94260 | ||
|   | 1c71764d3c | ||
|   | e19723a3fb | ||
|   | 2a762f0865 | ||
|   | c32c6f929f | ||
|   | e29cd1c289 | ||
|   | a535919025 | ||
|   | 5c6cd932fe | ||
|   | 3265a5ed53 | ||
|   | 1dbf171ad3 | ||
|   | 6226e4eaea | ||
|   | 6ffc0a3790 | ||
|   | 1ac39a6f5d | ||
|   | c4168dd029 | ||
|   | 4dd17f045b | ||
|   | 030322170e | ||
|   | d407eda496 | ||
|   | b7b60dd51f | ||
|   | 22848d0ce7 | ||
|   | 157e87593d | ||
|   | f897e6350b | ||
|   | 21bc9a548b | ||
|   | b13063ad7a | ||
|   | 4d62136a3d | ||
|   | 548f932422 | ||
|   | dc30c66d25 | ||
|   | 0b2f3d6eb9 | ||
|   | dd304c1c1a | ||
|   | 4f4c71fb39 | ||
|   | 509ee975c4 | ||
|   | 15385d02ee | ||
|   | 617c773b7e | ||
|   | 42937062d9 | ||
|   | a91624b52d | ||
|   | b768ded932 | ||
|   | fd8246e51d | ||
|   | 20b14b01c1 | ||
|   | 74bae066c4 | ||
|   | 2f809390be | ||
|   | 153a664138 | ||
|   | 0135b10295 | ||
|   | 2a9273d32f | ||
|   | 3b2b700441 | ||
|   | 7fa896a0ce | ||
|   | d2bfa0250d | ||
|   | 2d77b626ac | ||
|   | 6644c1701b | ||
|   | a3fafc90a8 | ||
|   | ceb6de12a8 | ||
|   | ab5ec8ddb9 | ||
|   | d65737681a | ||
|   | 8ee589a56f | ||
|   | a82540e7eb | ||
|   | 0794fe5b8b | ||
|   | 3ac530f66d | ||
|   | 00fbf45f03 | ||
|   | 4d339bb05b | ||
|   | 829bca241d | ||
|   | 6be4f8bb97 | ||
|   | aeea86b26a | ||
|   | 4ed7818ec2 | ||
|   | b84a431854 | ||
|   | a1af5eab4e | ||
|   | f5ad4eb33d | ||
|   | 5dfaca13f2 | ||
|   | 70e5da077a | ||
|   | d7cba5443f | ||
|   | e9d401a9ee | ||
|   | 7b7789e65d | ||
|   | 8a191f0eca | ||
|   | 469eacaf1c | ||
|   | f0d0c00ed6 | ||
|   | 323bcd7526 | ||
|   | 59b246302b | ||
|   | 223069d042 | ||
|   | 060945a486 | ||
|   | ff932a0bf9 | ||
|   | 88a1650ce4 | ||
|   | d875809299 | ||
|   | a1d9059e53 | ||
|   | 7e403d5ef6 | ||
|   | 0081cabe0b | ||
|   | b265d87f55 | ||
|   | 8bcd2dc63b | ||
|   | 34c1212939 | ||
|   | 5c4bcaa1e3 | ||
|   | f7d661ee3a | ||
|   | 6c0699e86e | ||
|   | d52ead0be7 | ||
|   | ead62a0dbc | ||
|   | 7eea1acf05 | ||
|   | dcf1891edd | ||
|   | 7499fecc1a | ||
|   | 3cf91bf6e7 | ||
|   | 23847eba1c | ||
|   | bc872acdd3 | ||
|   | 7de8e83433 | ||
|   | 41e389c7cd | ||
|   | 82dc077673 | ||
|   | ebc4600920 | ||
|   | f3abf73ebc | ||
|   | 3707755373 | ||
|   | 074def2acc | ||
|   | a249229ccf | ||
|   | b68b9d91cf | ||
|   | 0cc8c6d558 | ||
|   | 64c6d80dcf | ||
|   | eb17917b53 | ||
|   | 7d96eb2940 | ||
|   | ca903c9cf3 | ||
|   | 40751af5c7 | ||
|   | 226564b74d | ||
|   | 9802e9ae41 | ||
|   | 7d2a375685 | ||
|   | ef4e0dc77d | ||
|   | cbaad0ed8f | ||
|   | d2598c6161 | ||
|   | 183b54fc27 | ||
|   | cd4271a1ad | ||
|   | dc8a2bd667 | ||
|   | c1c186b901 | ||
|   | 1551065946 | ||
|   | 1f72352f14 | ||
|   | 7a9df83d18 | ||
|   | c2b0b677c1 | ||
|   | ffbec41c88 | ||
|   | 74cec11931 | ||
|   | 5e76871731 | ||
|   | 453ab0e211 | ||
|   | c6887fde0a | ||
|   | 08c50abba9 | ||
|   | 779563141d | ||
|   | 0e5bccd732 | ||
|   | 95d5fb209b | ||
|   | 88d0f132d1 | ||
|   | eb13916386 | ||
|   | 38776e2b51 | ||
|   | 74fef7e4c6 | ||
|   | 054ee87a8c | ||
|   | 07fe17caf4 | ||
|   | 0d9d6bcbb2 | ||
|   | 28bd87b5a9 | ||
|   | 30000677d7 | ||
|   | 1550f9b4e0 | ||
|   | 3276f1e76d | ||
|   | 22872112cd | ||
|   | 3dd6632c5f | ||
|   | ff83bab0e2 | ||
|   | 7604d5606f | ||
|   | 1331ae5e96 | ||
|   | 35fcb41ce2 | ||
|   | 9e00bff9bd | ||
|   | 5e148748ce | 
							
								
								
									
										7
									
								
								.commitlintrc.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								.commitlintrc.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | |||||||
|  | { | ||||||
|  |   "extends": ["@commitlint/config-conventional"], | ||||||
|  |   "rules": { | ||||||
|  |     "type-enum": [2, "always", ["feat", "fix", "chore", "docs", "style", "refactor", "test", "perf", "ci", "WIP"]], | ||||||
|  |     "type-case": [0, "always", "lower-case"] | ||||||
|  |   } | ||||||
|  | } | ||||||
| @@ -23,7 +23,7 @@ | |||||||
| ### Applicable issues | ### Applicable issues | ||||||
|  |  | ||||||
| <!-- Enter any applicable Issues here (You can reference an issue using #). Please remove this section if there is no referenced issue. --> | <!-- Enter any applicable Issues here (You can reference an issue using #). Please remove this section if there is no referenced issue. --> | ||||||
|   - fixes # | - Fixes # | ||||||
|  |  | ||||||
| ### Additional information | ### Additional information | ||||||
|  |  | ||||||
| @@ -39,4 +39,6 @@ | |||||||
|  |  | ||||||
| - [ ] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) | - [ ] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) | ||||||
| - [ ] Breaking changes are documented in the `README.md` | - [ ] Breaking changes are documented in the `README.md` | ||||||
| - [ ] Templating unittests are added | - [ ] Helm templating unittests are added (required when changing anything in `templates` folder) | ||||||
|  | - [ ] Bash unittests are added (required when changing anything in `scripts` folder) | ||||||
|  | - [ ] All added template resources MUST render a namespace in metadata | ||||||
|   | |||||||
							
								
								
									
										114
									
								
								.gitea/scripts/add-annotations.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										114
									
								
								.gitea/scripts/add-annotations.sh
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,114 @@ | |||||||
|  | #!/bin/bash | ||||||
|  |  | ||||||
|  | set -e | ||||||
|  |  | ||||||
|  | CHART_FILE="Chart.yaml" | ||||||
|  | if [ ! -f "${CHART_FILE}" ]; then | ||||||
|  |   echo "ERROR: ${CHART_FILE} not found!" 1>&2 | ||||||
|  |   exit 1 | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)" | ||||||
|  | DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)" | ||||||
|  |  | ||||||
|  | if [ -z "${1}" ]; then | ||||||
|  |   read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG | ||||||
|  |   if [ -z "${OLD_TAG}" ]; then | ||||||
|  |     OLD_TAG="${DEFAULT_OLD_TAG}" | ||||||
|  |   fi | ||||||
|  |  | ||||||
|  |   while [ -z "$(git tag --list "${OLD_TAG}")" ]; do | ||||||
|  |     echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2 | ||||||
|  |     read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG | ||||||
|  |     if [ -z "${OLD_TAG}" ]; then | ||||||
|  |       OLD_TAG="${DEFAULT_OLD_TAG}" | ||||||
|  |     fi | ||||||
|  |   done | ||||||
|  | else | ||||||
|  |   OLD_TAG=${1} | ||||||
|  |   if [ -z "$(git tag --list "${OLD_TAG}")" ]; then | ||||||
|  |     echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2 | ||||||
|  |     exit 1 | ||||||
|  |   fi | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | if [ -z "${2}" ]; then | ||||||
|  |   read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG | ||||||
|  |   if [ -z "${NEW_TAG}" ]; then | ||||||
|  |     NEW_TAG="${DEFAULT_NEW_TAG}" | ||||||
|  |   fi | ||||||
|  |  | ||||||
|  |   while [ -z "$(git tag --list "${NEW_TAG}")" ]; do | ||||||
|  |     echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2 | ||||||
|  |     read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG | ||||||
|  |     if [ -z "${NEW_TAG}" ]; then | ||||||
|  |       NEW_TAG="${DEFAULT_NEW_TAG}" | ||||||
|  |     fi | ||||||
|  |   done | ||||||
|  | else | ||||||
|  |   NEW_TAG=${2} | ||||||
|  |  | ||||||
|  |   if [ -z "$(git tag --list "${NEW_TAG}")" ]; then | ||||||
|  |     echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2 | ||||||
|  |     exit 1 | ||||||
|  |   fi | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | CHANGE_LOG_YAML=$(mktemp) | ||||||
|  | echo "[]" > "${CHANGE_LOG_YAML}" | ||||||
|  |  | ||||||
|  | function map_type_to_kind() { | ||||||
|  |   case "${1}" in | ||||||
|  |     feat) | ||||||
|  |       echo "added" | ||||||
|  |     ;; | ||||||
|  |     fix) | ||||||
|  |       echo "fixed" | ||||||
|  |     ;; | ||||||
|  |     chore|style|test|ci|docs|refac) | ||||||
|  |       echo "changed" | ||||||
|  |     ;; | ||||||
|  |     revert) | ||||||
|  |       echo "removed" | ||||||
|  |     ;; | ||||||
|  |     sec) | ||||||
|  |       echo "security" | ||||||
|  |     ;; | ||||||
|  |     *) | ||||||
|  |       echo "skip" | ||||||
|  |     ;; | ||||||
|  |   esac | ||||||
|  | } | ||||||
|  |  | ||||||
|  | COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")" | ||||||
|  |  | ||||||
|  | echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}" | ||||||
|  |  | ||||||
|  | while IFS= read -r line; do | ||||||
|  |   if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then | ||||||
|  |     TYPE="${BASH_REMATCH[1]}" | ||||||
|  |     KIND=$(map_type_to_kind "${TYPE}") | ||||||
|  |  | ||||||
|  |     if [ "${KIND}" == "skip" ]; then | ||||||
|  |       continue | ||||||
|  |     fi | ||||||
|  |  | ||||||
|  |     DESC="${BASH_REMATCH[3]}" | ||||||
|  |  | ||||||
|  |     echo "- ${KIND}: ${DESC}" | ||||||
|  |  | ||||||
|  |     jq --arg kind "${KIND}" --arg description "${DESC}" '. += [ $ARGS.named ]' < "${CHANGE_LOG_YAML}" > "${CHANGE_LOG_YAML}.new" | ||||||
|  |     mv "${CHANGE_LOG_YAML}.new" "${CHANGE_LOG_YAML}" | ||||||
|  |  | ||||||
|  |   fi | ||||||
|  | done <<< "${COMMIT_TITLES}" | ||||||
|  |  | ||||||
|  | if [ -s "${CHANGE_LOG_YAML}" ]; then | ||||||
|  |   yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}" | ||||||
|  |   yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}" | ||||||
|  | else | ||||||
|  |   echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2 | ||||||
|  |   exit 1 | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | rm "${CHANGE_LOG_YAML}" | ||||||
							
								
								
									
										32
									
								
								.gitea/workflows/changelog.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										32
									
								
								.gitea/workflows/changelog.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,32 @@ | |||||||
|  | name: changelog | ||||||
|  |  | ||||||
|  | on: | ||||||
|  |   push: | ||||||
|  |     branches: | ||||||
|  |       - main | ||||||
|  |  | ||||||
|  | jobs: | ||||||
|  |   changelog: | ||||||
|  |     runs-on: ubuntu-latest | ||||||
|  |     container: docker.io/thegeeklab/git-sv:2.0.5 | ||||||
|  |     steps: | ||||||
|  |       - name: install tools | ||||||
|  |         run: | | ||||||
|  |           apk add -q --update --no-cache nodejs curl jq sed | ||||||
|  |       - uses: actions/checkout@v5 | ||||||
|  |         with: | ||||||
|  |           fetch-depth: 0 | ||||||
|  |       - name: Generate upcoming changelog | ||||||
|  |         run: | | ||||||
|  |           git sv rn -o changelog.md | ||||||
|  |           export RELEASE_NOTES=$(cat changelog.md) | ||||||
|  |           export ISSUE_NUMBER=$(curl -s "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues?state=open&q=Changelog%20for%20upcoming%20version" | jq '.[].number') | ||||||
|  |  | ||||||
|  |           echo $RELEASE_NOTES | ||||||
|  |           JSON_DATA=$(echo "" | jq -Rs --arg title 'Changelog for upcoming version' --arg body "$(cat changelog.md)" '{title: $title, body: $body}') | ||||||
|  |  | ||||||
|  |           if [ -z "$ISSUE_NUMBER" ]; then | ||||||
|  |             curl -s -X POST "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues" -H "Authorization: token ${{ secrets.ISSUE_RW_TOKEN }}" -H "Content-Type: application/json" -d "$JSON_DATA" | ||||||
|  |           else | ||||||
|  |             curl -s -X PATCH "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues/$ISSUE_NUMBER" -H "Authorization: token ${{ secrets.ISSUE_RW_TOKEN }}" -H "Content-Type: application/json" -d "$JSON_DATA" | ||||||
|  |           fi | ||||||
							
								
								
									
										19
									
								
								.gitea/workflows/commitlint.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								.gitea/workflows/commitlint.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | |||||||
|  | name: commitlint | ||||||
|  |  | ||||||
|  | on: | ||||||
|  |   pull_request: | ||||||
|  |     branches: | ||||||
|  |       - "*" | ||||||
|  |     types: | ||||||
|  |       - opened | ||||||
|  |       - edited | ||||||
|  |  | ||||||
|  | jobs: | ||||||
|  |   check-and-test: | ||||||
|  |     runs-on: ubuntu-latest | ||||||
|  |     container: commitlint/commitlint:20.1.0 | ||||||
|  |     steps: | ||||||
|  |       - uses: actions/checkout@v5 | ||||||
|  |       - name: check PR title | ||||||
|  |         run: | | ||||||
|  |           echo "${{ gitea.event.pull_request.title }}" | commitlint --config .commitlintrc.json | ||||||
| @@ -9,40 +9,84 @@ jobs: | |||||||
|   generate-chart-publish: |   generate-chart-publish: | ||||||
|     runs-on: ubuntu-latest |     runs-on: ubuntu-latest | ||||||
|     steps: |     steps: | ||||||
|       - uses: actions/checkout@v3 |       - uses: actions/checkout@v5 | ||||||
|       - name: install tools |         with: | ||||||
|  |           fetch-depth: 0 | ||||||
|  |  | ||||||
|  |       - name: Install packages via apt | ||||||
|         run: | |         run: | | ||||||
|           apt update -y |           apt update --yes | ||||||
|           apt install -y curl |           apt install --yes curl ca-certificates curl gnupg jq | ||||||
|           curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null |  | ||||||
|           echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list |       - name: Install helm | ||||||
|           apt update -y |         env: | ||||||
|           apt install -y python helm python3-pip apt-transport-https |           # renovate: datasource=docker depName=alpine/helm | ||||||
|           pip install awscli |           HELM_VERSION: "3.19.0" | ||||||
|  |         run: | | ||||||
|  |           curl --fail --location --output /dev/stdout --silent --show-error https://get.helm.sh/helm-v${HELM_VERSION}-linux-$(dpkg --print-architecture).tar.gz | tar --extract --gzip --file /dev/stdin | ||||||
|  |           mv linux-$(dpkg --print-architecture)/helm /usr/local/bin/ | ||||||
|  |           rm --force --recursive linux-$(dpkg --print-architecture) helm-v${HELM_VERSION}-linux-$(dpkg --print-architecture).tar.gz | ||||||
|  |           helm version | ||||||
|  |  | ||||||
|  |       - name: Install yq | ||||||
|  |         env: | ||||||
|  |           YQ_VERSION: v4.45.4 # renovate: datasource=github-releases depName=mikefarah/yq | ||||||
|  |         run: | | ||||||
|  |           curl --fail --location --output /dev/stdout --silent --show-error https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_$(dpkg --print-architecture).tar.gz | tar --extract --gzip --file /dev/stdin | ||||||
|  |           mv yq_linux_$(dpkg --print-architecture) /usr/local/bin | ||||||
|  |           rm --force --recursive yq_linux_$(dpkg --print-architecture) yq_linux_$(dpkg --print-architecture).tar.gz | ||||||
|  |           yq --version | ||||||
|  |  | ||||||
|  |       - name: Install docker-ce via apt | ||||||
|  |         run: | | ||||||
|  |           install -m 0755 -d /etc/apt/keyrings | ||||||
|  |           curl --fail --location --silent --show-error https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg | ||||||
|  |           chmod a+r /etc/apt/keyrings/docker.gpg | ||||||
|  |           echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null | ||||||
|  |           apt update --yes | ||||||
|  |           apt install --yes python3 python3-pip apt-transport-https docker-ce-cli | ||||||
|  |  | ||||||
|  |       - name: Install awscli | ||||||
|  |         run: | | ||||||
|  |           pip install awscli --break-system-packages | ||||||
|  |           aws --version | ||||||
|  |  | ||||||
|       - name: Import GPG key |       - name: Import GPG key | ||||||
|         id: import_gpg |         id: import_gpg | ||||||
|         uses: https://github.com/crazy-max/ghaction-import-gpg@v5 |         uses: https://github.com/crazy-max/ghaction-import-gpg@v6 | ||||||
|         with: |         with: | ||||||
|           gpg_private_key: ${{ secrets.GPGSIGN_KEY }} |           gpg_private_key: ${{ secrets.GPGSIGN_KEY }} | ||||||
|           passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }} |           passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }} | ||||||
|           fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0 |           fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0 | ||||||
|  |  | ||||||
|  |       - name: Add Artifacthub.io annotations | ||||||
|  |         run: | | ||||||
|  |           NEW_TAG="$(git tag --sort=-version:refname | head --lines 1)" | ||||||
|  |           OLD_TAG="$(git tag --sort=-version:refname | head --lines 2 | tail --lines 1)" | ||||||
|  |           .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}" | ||||||
|  |  | ||||||
|  |       - name: Print Chart.yaml | ||||||
|  |         run: cat Chart.yaml | ||||||
|  |  | ||||||
|       # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 |       # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 | ||||||
|       - name: package chart |       - name: package chart | ||||||
|         run: | |         run: | | ||||||
|  |           echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin | ||||||
|           # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved |           # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved | ||||||
|           helm plugin install https://github.com/pat-s/helm-gpg |           helm plugin install https://github.com/pat-s/helm-gpg | ||||||
|           helm dependency update |           helm dependency build | ||||||
|           helm package --version "${GITHUB_REF#refs/tags/v}" ./ |           helm package --version "${GITHUB_REF#refs/tags/v}" ./ | ||||||
|           helm gpg sign "gitea-${GITHUB_REF#refs/tags/v}.tgz" |  | ||||||
|           mkdir gitea |           mkdir gitea | ||||||
|           mv gitea*.tgz gitea/ |           mv gitea*.tgz gitea/ | ||||||
|           curl -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml |           curl --fail --location --output gitea/index.yaml --silent --show-error https://dl.gitea.com/charts/index.yaml | ||||||
|           helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml |           helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml | ||||||
|  |           # push to dockerhub | ||||||
|  |           echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin | ||||||
|  |           helm push gitea/gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts | ||||||
|  |           helm registry logout registry-1.docker.io | ||||||
|  |  | ||||||
|       - name: aws credential configure |       - name: aws credential configure | ||||||
|         uses: https://github.com/aws-actions/configure-aws-credentials@v2 |         uses: https://github.com/aws-actions/configure-aws-credentials@v5 | ||||||
|         with: |         with: | ||||||
|           aws-access-key-id: ${{ secrets.AWS_KEY_ID }} |           aws-access-key-id: ${{ secrets.AWS_KEY_ID }} | ||||||
|           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||||||
| @@ -51,3 +95,29 @@ jobs: | |||||||
|       - name: Copy files to S3 and clear cache |       - name: Copy files to S3 and clear cache | ||||||
|         run: | |         run: | | ||||||
|           aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/ |           aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/ | ||||||
|  |  | ||||||
|  |   release-gitea: | ||||||
|  |     needs: generate-chart-publish | ||||||
|  |     runs-on: ubuntu-latest | ||||||
|  |     container: docker.io/thegeeklab/git-sv:2.0.5 | ||||||
|  |     steps: | ||||||
|  |       - name: install tools | ||||||
|  |         run: | | ||||||
|  |           apk add -q --update --no-cache nodejs | ||||||
|  |       - uses: actions/checkout@v5 | ||||||
|  |         with: | ||||||
|  |           fetch-tags: true | ||||||
|  |           fetch-depth: 0 | ||||||
|  |  | ||||||
|  |       - name: Create changelog | ||||||
|  |         run: | | ||||||
|  |           git sv current-version | ||||||
|  |           git sv release-notes -t ${GITHUB_REF#refs/tags/} -o CHANGELOG.md | ||||||
|  |           sed -i '1,2d' CHANGELOG.md # remove version | ||||||
|  |           cat CHANGELOG.md | ||||||
|  |  | ||||||
|  |       - name: Release | ||||||
|  |         uses: https://github.com/akkuman/gitea-release-action@v1 | ||||||
|  |         with: | ||||||
|  |           body_path: CHANGELOG.md | ||||||
|  |           token: "${{ secrets.RELEASE_TOKEN }}" | ||||||
|   | |||||||
| @@ -1,32 +1,41 @@ | |||||||
| name: check-and-test | name: check-and-test | ||||||
|  |  | ||||||
| on: | on: | ||||||
|   - pull_request |   pull_request: | ||||||
|  |     branches: | ||||||
|  |       - "*" | ||||||
|  |   push: | ||||||
|  |     branches: | ||||||
|  |       - main | ||||||
|  |  | ||||||
|  | env: | ||||||
|  |   # renovate: datasource=github-releases depName=helm-unittest/helm-unittest | ||||||
|  |   HELM_UNITTEST_VERSION: "v1.0.3" | ||||||
|  |  | ||||||
| jobs: | jobs: | ||||||
|   check-and-test: |   check-and-test: | ||||||
|     runs-on: ubuntu-latest |     runs-on: ubuntu-latest | ||||||
|  |     container: alpine/helm:3.19.0 | ||||||
|     steps: |     steps: | ||||||
|       - uses: actions/checkout@v3 |  | ||||||
|       - name: install tools |       - name: install tools | ||||||
|         run: | |         run: | | ||||||
|           apt update -y |           apk update | ||||||
|           apt install -y curl make |           apk add --update bash make nodejs npm yamllint ncurses | ||||||
|           curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null |       - uses: actions/checkout@v5 | ||||||
|           echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list |       - name: install chart dependencies | ||||||
|           apt update -y |         run: helm dependency build | ||||||
|           apt install -y helm python3-pip |  | ||||||
|           pip install yamllint |  | ||||||
|       - name: dependency update |  | ||||||
|         run: helm dependency update |  | ||||||
|       - name: lint |       - name: lint | ||||||
|         run: helm lint |         run: helm lint | ||||||
|       - name: template |       - name: template | ||||||
|  |         run: helm template --debug gitea-helm . | ||||||
|  |       - name: prepare unit test environment | ||||||
|         run: | |         run: | | ||||||
|           helm template --debug gitea-helm . |           helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest | ||||||
|  |           git submodule update --init --recursive | ||||||
|       - name: unit tests |       - name: unit tests | ||||||
|  |         env: | ||||||
|  |           TERM: xterm | ||||||
|         run: | |         run: | | ||||||
|           helm plugin install --version 0.3.3 https://github.com/helm-unittest/helm-unittest |  | ||||||
|           make unittests |           make unittests | ||||||
|       - name: verify readme |       - name: verify readme | ||||||
|         run: | |         run: | | ||||||
|   | |||||||
							
								
								
									
										12
									
								
								.gitmodules
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								.gitmodules
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,12 @@ | |||||||
|  | [submodule "unittests/bash/bats"] | ||||||
|  | 	path = unittests/bash/bats | ||||||
|  | 	url = https://github.com/bats-core/bats-core.git | ||||||
|  | [submodule "unittests/bash/test_helper/bats-support"] | ||||||
|  | 	path = unittests/bash/test_helper/bats-support | ||||||
|  | 	url = https://github.com/bats-core/bats-support.git | ||||||
|  | [submodule "unittests/bash/test_helper/bats-assert"] | ||||||
|  | 	path = unittests/bash/test_helper/bats-assert | ||||||
|  | 	url = https://github.com/bats-core/bats-assert.git | ||||||
|  | [submodule "unittests/bash/test_helper/bats-mock"] | ||||||
|  | 	path = unittests/bash/test_helper/bats-mock | ||||||
|  | 	url = https://github.com/jasonkarns/bats-mock.git | ||||||
							
								
								
									
										57
									
								
								.gitsv/config.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										57
									
								
								.gitsv/config.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,57 @@ | |||||||
|  | version: '1.1' # Configuration version. | ||||||
|  |  | ||||||
|  | versioning: | ||||||
|  |   update-major: [breaking] # Commit types used to bump major. | ||||||
|  |   update-minor: [feat, perf] # Commit types used to bump minor. | ||||||
|  |   update-patch: [build, ci, chore, fix, perf, refactor, test] # Commit types used to bump patch. | ||||||
|  |   # When type is not present on update rules and is unknown (not mapped on commit message types); | ||||||
|  |   # if ignore-unknown=false bump patch, if ignore-unknown=true do not bump version. | ||||||
|  |   ignore-unknown: false | ||||||
|  |  | ||||||
|  | tag: | ||||||
|  |   pattern: 'v%d.%d.%d' # Pattern used to create git tag. | ||||||
|  |   filter: '' # Enables you to filter for considerable tags using git pattern syntax. | ||||||
|  |  | ||||||
|  | release-notes: | ||||||
|  |   sections: # Array with each section of release note. Check template section for more information. | ||||||
|  |     - name: Breaking Changes | ||||||
|  |       section-type: breaking-changes | ||||||
|  |     - name: Features # Name used on section. | ||||||
|  |       section-type: commits # Type of the section, supported types: commits, breaking-changes. | ||||||
|  |       commit-types: [feat, perf] # Commit types for commit section-type, one commit type cannot be in more than one section. | ||||||
|  |     - name: Bug Fixes | ||||||
|  |       section-type: commits | ||||||
|  |       commit-types: [fix] | ||||||
|  |     - name: Maintenance | ||||||
|  |       section-type: commits | ||||||
|  |       commit-types: [chore, refactor] | ||||||
|  |     - name: Documentation | ||||||
|  |       commit-types: [docs] | ||||||
|  |       section-type: commits | ||||||
|  |     - name: CI | ||||||
|  |       commit-types: [ci] | ||||||
|  |       section-type: commits | ||||||
|  |  | ||||||
|  | branches: # Git branches config. | ||||||
|  |   prefix: ([a-z]+\/)? # Prefix used on branch name, it should be a regex group. | ||||||
|  |   suffix: (-.*)? # Suffix used on branch name, it should be a regex group. | ||||||
|  |   disable-issue: false # Set true if there is no need to recover issue id from branch name. | ||||||
|  |   skip: [] # List of branch names ignored on commit message validation. | ||||||
|  |   skip-detached: false # Set true if a detached branch should be ignored on commit message validation. | ||||||
|  |  | ||||||
|  | commit-message: | ||||||
|  |   # Supported commit types. | ||||||
|  |   types: [build, ci, chore, docs, feat, fix, perf, refactor, revert, style, test] | ||||||
|  |   header-selector: '' # You can put in a regex here to select only a certain part of the commit message. Please define a regex group 'header'. | ||||||
|  |   scope: | ||||||
|  |     # Define supported scopes, if blank, scope will not be validated, if not, only scope listed will be valid. | ||||||
|  |     # Don't forget to add "" on your list if you need to define scopes and keep it optional. | ||||||
|  |     values: [] | ||||||
|  |   footer: | ||||||
|  |     issue: # Use "issue: {}" if you wish to disable issue footer. | ||||||
|  |       key: jira # Name used to define an issue on footer metadata. | ||||||
|  |       key-synonyms: [Jira, JIRA] # Supported variations for footer metadata. | ||||||
|  |       use-hash: false # If false, use :<space> separator. If true, use <space># separator. | ||||||
|  |       add-value-prefix: '' # Add a prefix to issue value. | ||||||
|  |   issue: | ||||||
|  |     regex: '[A-Z]+-[0-9]+' # Regex for issue id. | ||||||
| @@ -5,6 +5,7 @@ | |||||||
| # Common VCS dirs | # Common VCS dirs | ||||||
| .git/ | .git/ | ||||||
| .gitignore | .gitignore | ||||||
|  | .gitmodules | ||||||
| .bzr/ | .bzr/ | ||||||
| .bzrignore | .bzrignore | ||||||
| .hg/ | .hg/ | ||||||
| @@ -31,3 +32,10 @@ Makefile | |||||||
| .drone.yml | .drone.yml | ||||||
| CONTRIBUTING.md | CONTRIBUTING.md | ||||||
| unittests/ | unittests/ | ||||||
|  | .editorconfig | ||||||
|  | .prettierignore | ||||||
|  | .yamllint | ||||||
|  | CODEOWNERS | ||||||
|  | renovate.json5 | ||||||
|  | .commitlintrc.json | ||||||
|  | .gitsv/ | ||||||
|   | |||||||
| @@ -73,7 +73,7 @@ MD022: | |||||||
| # MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content | # MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content | ||||||
| MD024: | MD024: | ||||||
|   # Only check sibling headings |   # Only check sibling headings | ||||||
|   allow_different_nesting: true |   siblings_only: true | ||||||
|  |  | ||||||
| # MD025/single-title/single-h1 - Multiple top-level headings in the same document | # MD025/single-title/single-h1 - Multiple top-level headings in the same document | ||||||
| MD025: | MD025: | ||||||
| @@ -129,6 +129,7 @@ MD041: | |||||||
| MD044: | MD044: | ||||||
|   # List of proper names |   # List of proper names | ||||||
|   names: |   names: | ||||||
|  |     - docker.gitea.com | ||||||
|     - Gitea |     - Gitea | ||||||
|     - PostgreSQL |     - PostgreSQL | ||||||
|     - Memcached |     - Memcached | ||||||
|   | |||||||
							
								
								
									
										9
									
								
								.vscode/extensions.json
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								.vscode/extensions.json
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,9 @@ | |||||||
|  | { | ||||||
|  |     "recommendations": [ | ||||||
|  |         "yzhang.markdown-all-in-one", | ||||||
|  |         "DavidAnson.vscode-markdownlint", | ||||||
|  |         "Tim-Koehler.helm-intellisense", | ||||||
|  |         "esbenp.prettier-vscode", | ||||||
|  |         "jetmartin.bats" | ||||||
|  |     ] | ||||||
|  |   } | ||||||
							
								
								
									
										15
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										15
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,15 @@ | |||||||
|  | { | ||||||
|  |     "yaml.schemas": { | ||||||
|  |         "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.3/schema/helm-testsuite.json": [ | ||||||
|  |             "/unittests/**/*.yaml" | ||||||
|  |         ] | ||||||
|  |     }, | ||||||
|  |     "yaml.schemaStore.enable": true, | ||||||
|  |     "[bats]": { | ||||||
|  |         "editor.tabSize": 2 | ||||||
|  |     }, | ||||||
|  |     "[shellscript]": { | ||||||
|  |         "files.eol": "\n", | ||||||
|  |         "editor.tabSize": 2 | ||||||
|  |     } | ||||||
|  | } | ||||||
| @@ -5,7 +5,7 @@ ignore: | | |||||||
|   .yamllint |   .yamllint | ||||||
|   node_modules |   node_modules | ||||||
|   templates |   templates | ||||||
|  |   unittests/bash | ||||||
|  |  | ||||||
| rules: | rules: | ||||||
|   truthy: |   truthy: | ||||||
|   | |||||||
							
								
								
									
										1
									
								
								CODEOWNERS
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								CODEOWNERS
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1 @@ | |||||||
|  | * @rossigee @volker.raschek @ChristopherHX | ||||||
| @@ -9,12 +9,7 @@ refactorings for easier maintainability or documentation improvements. | |||||||
| - [`helm`](https://helm.sh/docs/intro/install/) | - [`helm`](https://helm.sh/docs/intro/install/) | ||||||
| - `make` is optional; you may call the commands directly | - `make` is optional; you may call the commands directly | ||||||
|  |  | ||||||
| When using Visual Studio Code as IDE, following plugins might be useful: | When using Visual Studio Code as IDE, a [ready-to-use profile](.vscode/) is available. | ||||||
|  |  | ||||||
| - [Markdown All in One](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one) |  | ||||||
| - [markdownlint](https://marketplace.visualstudio.com/items?itemName=DavidAnson.vscode-markdownlint) |  | ||||||
| - [Helm Intellisense](https://marketplace.visualstudio.com/items?itemName=Tim-Koehler.helm-intellisense) |  | ||||||
| - [Prettier - Code formatter](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode) |  | ||||||
|  |  | ||||||
| ## Documentation Requirements | ## Documentation Requirements | ||||||
|  |  | ||||||
| @@ -34,6 +29,7 @@ When submitting or updating a PR: | |||||||
| - try to avoid rebases. They make code reviews for large PRs and comments much harder. | - try to avoid rebases. They make code reviews for large PRs and comments much harder. | ||||||
| - if applicable, use the PR template for a well-defined PR description. | - if applicable, use the PR template for a well-defined PR description. | ||||||
| - clearly mark breaking changes. | - clearly mark breaking changes. | ||||||
|  | - format the PR title following the [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/#specification) schema | ||||||
|  |  | ||||||
| ## Local development & testing | ## Local development & testing | ||||||
|  |  | ||||||
| @@ -42,7 +38,7 @@ be used: | |||||||
|  |  | ||||||
| 1. Install `minikube` and `helm`. | 1. Install `minikube` and `helm`. | ||||||
| 1. Start a `minikube` cluster via `minikube start`. | 1. Start a `minikube` cluster via `minikube start`. | ||||||
| 1. From the `gitea/helm-chart` directory execute the following command. | 1. From the `gitea/helm-gitea` directory execute the following command. | ||||||
|    This will install the dependencies listed in `Chart.yml` and deploy the current state of the helm chart found locally. |    This will install the dependencies listed in `Chart.yml` and deploy the current state of the helm chart found locally. | ||||||
|    If you want to test a branch, make sure to switch to the respective branch first. |    If you want to test a branch, make sure to switch to the respective branch first. | ||||||
|    `helm install --dependency-update gitea . -f values.yaml`. |    `helm install --dependency-update gitea . -f values.yaml`. | ||||||
| @@ -53,18 +49,32 @@ default port-forward svc/gitea-http 3000:3000`. | |||||||
|  |  | ||||||
| ### Unit tests | ### Unit tests | ||||||
|  |  | ||||||
|  | #### Helm templating tests | ||||||
|  |  | ||||||
| ```bash | ```bash | ||||||
| # install the unittest plugin | # install the unittest plugin | ||||||
| $ helm plugin install https://github.com/helm-unittest/helm-unittest | $ helm plugin install https://github.com/helm-unittest/helm-unittest | ||||||
|  |  | ||||||
| # run the unittests | # run the Helm unittests | ||||||
| make unittests | make unittests-helm | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/v0.3.3/DOCUMENT.md) for usage instructions. | See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/main/DOCUMENT.md) for usage instructions. | ||||||
|  |  | ||||||
|  | #### Bash script tests | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # setup the environment | ||||||
|  | git submodule update --init --recursive | ||||||
|  |  | ||||||
|  | # run the bash tests | ||||||
|  | make unittests-bash | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | See [bats documentation](https://bats-core.readthedocs.io/en/stable/) for usage instructions. | ||||||
|  |  | ||||||
| ## Release process | ## Release process | ||||||
|  |  | ||||||
| 1. Create a tag following the tagging schema | 1. Ensure you have [`git-sv`](https://github.com/thegeeklab/git-sv) installed | ||||||
| 1. Push the tag | 1. Run `git sv tag` (this creates and pushes the tag following the respective next tag according to the semver commits issued since the last release) | ||||||
| 1. Let CI do it's work | 1. Let CI do it's work | ||||||
|   | |||||||
							
								
								
									
										15
									
								
								Chart.lock
									
									
									
									
									
								
							
							
						
						
									
										15
									
								
								Chart.lock
									
									
									
									
									
								
							| @@ -1,12 +1,15 @@ | |||||||
| dependencies: | dependencies: | ||||||
| - name: postgresql | - name: postgresql | ||||||
|   repository: oci://registry-1.docker.io/bitnamicharts |   repository: oci://registry-1.docker.io/bitnamicharts | ||||||
|   version: 12.6.6 |   version: 16.7.27 | ||||||
| - name: postgresql-ha | - name: postgresql-ha | ||||||
|   repository: oci://registry-1.docker.io/bitnamicharts |   repository: oci://registry-1.docker.io/bitnamicharts | ||||||
|   version: 11.7.9 |   version: 16.3.2 | ||||||
| - name: redis-cluster | - name: valkey-cluster | ||||||
|   repository: oci://registry-1.docker.io/bitnamicharts |   repository: oci://registry-1.docker.io/bitnamicharts | ||||||
|   version: 8.6.9 |   version: 3.0.24 | ||||||
| digest: sha256:52296a48610712a8eb69a32b1b5818b014bfb8dac79d883e11ebdaf97d41e85d | - name: valkey | ||||||
| generated: "2023-07-17T21:24:06.888357+02:00" |   repository: oci://registry-1.docker.io/bitnamicharts | ||||||
|  |   version: 3.0.31 | ||||||
|  | digest: sha256:ceb6a1890cfdc2627abb85d3e2a4baa64d30afd21dcfabce978a824a67f0a2bb | ||||||
|  | generated: "2025-08-30T00:03:04.59764502Z" | ||||||
|   | |||||||
							
								
								
									
										68
									
								
								Chart.yaml
									
									
									
									
									
								
							
							
						
						
									
										68
									
								
								Chart.yaml
									
									
									
									
									
								
							| @@ -3,8 +3,14 @@ name: gitea | |||||||
| description: Gitea Helm chart for Kubernetes | description: Gitea Helm chart for Kubernetes | ||||||
| type: application | type: application | ||||||
| version: 0.0.0 | version: 0.0.0 | ||||||
| appVersion: 1.20.2 | # renovate datasource=github-releases depName=go-gitea/gitea extractVersion=^v(?<version>.*)$ | ||||||
| icon: https://docs.gitea.io/images/gitea.png | appVersion: 1.24.6 | ||||||
|  | icon: https://gitea.com/assets/img/logo.svg | ||||||
|  |  | ||||||
|  | annotations: | ||||||
|  |   artifacthub.io/links: | | ||||||
|  |     - name: support | ||||||
|  |       url: https://gitea.com/gitea/helm-gitea/issues | ||||||
|  |  | ||||||
| keywords: | keywords: | ||||||
|   - git |   - git | ||||||
| @@ -13,38 +19,44 @@ keywords: | |||||||
|   - wiki |   - wiki | ||||||
|   - gitea |   - gitea | ||||||
|   - gogs |   - gogs | ||||||
| sources: |  | ||||||
|   - https://gitea.com/gitea/helm-chart |  | ||||||
|   - https://github.com/go-gitea/gitea |  | ||||||
|   - https://hub.docker.com/r/gitea/gitea/ |  | ||||||
| maintainers: |  | ||||||
|   - name: Charlie Drage |  | ||||||
|     email: charlie@charliedrage.com |  | ||||||
|   - name: Gitea Authors |  | ||||||
|     email: maintainers@gitea.io |  | ||||||
|   - name: Konrad Lother |  | ||||||
|     email: konrad.lother@novum-rgi.de |  | ||||||
|   - name: Lucas Hahn |  | ||||||
|     email: lucas.hahn@novum-rgi.de |  | ||||||
|   - name: Steven Kriegler |  | ||||||
|     email: sk.bunsenbrenner@gmail.com |  | ||||||
|   - name: Patrick Schratz |  | ||||||
|     email: patrick.schratz@gmail.com |  | ||||||
|  |  | ||||||
| # Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details | sources: | ||||||
|  |   - https://gitea.com/gitea/helm-gitea | ||||||
|  |   - https://github.com/go-gitea/gitea | ||||||
|  |   - https://docker.gitea.com/gitea | ||||||
|  |  | ||||||
|  | maintainers: | ||||||
|  |   # https://gitea.com/rossigee | ||||||
|  |   - name: Ross Golder | ||||||
|  |     email: ross@golder.org | ||||||
|  |   # https://gitea.com/volker.raschek | ||||||
|  |   - name: Markus Pesch | ||||||
|  |     email: markus.pesch+apps@cryptic.systems | ||||||
|  |   # https://gitea.com/DaanSelen | ||||||
|  |   - name: Daan Selen | ||||||
|  |     email: dselen@nerthus.nl | ||||||
|  |   # https://gitea.com/ChristopherHX | ||||||
|  |   - name: Christopher Homberger | ||||||
|  |     email: christopher.homberger@web.de | ||||||
|  |  | ||||||
| dependencies: | dependencies: | ||||||
|   # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml) |   # https://github.com/bitnami/charts/blob/main/bitnami/postgresql | ||||||
|   - name: postgresql |   - name: postgresql | ||||||
|     repository: oci://registry-1.docker.io/bitnamicharts |     repository: oci://registry-1.docker.io/bitnamicharts | ||||||
|     version: 12.6.6 |     version: 16.7.27 | ||||||
|     condition: postgresql.enabled |     condition: postgresql.enabled | ||||||
|   # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml) |   # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml | ||||||
|   - name: postgresql-ha |   - name: postgresql-ha | ||||||
|     repository: oci://registry-1.docker.io/bitnamicharts |     repository: oci://registry-1.docker.io/bitnamicharts | ||||||
|     version: 11.7.9 |     version: 16.3.2 | ||||||
|     condition: postgresql-ha.enabled |     condition: postgresql-ha.enabled | ||||||
|   # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml) |   # https://github.com/bitnami/charts/blob/main/bitnami/valkey-cluster/Chart.yaml | ||||||
|   - name: redis-cluster |   - name: valkey-cluster | ||||||
|     repository: oci://registry-1.docker.io/bitnamicharts |     repository: oci://registry-1.docker.io/bitnamicharts | ||||||
|     version: 8.6.9 |     version: 3.0.24 | ||||||
|     condition: redis-cluster.enabled |     condition: valkey-cluster.enabled | ||||||
|  |   # https://github.com/bitnami/charts/blob/main/bitnami/valkey/Chart.yaml | ||||||
|  |   - name: valkey | ||||||
|  |     repository: oci://registry-1.docker.io/bitnamicharts | ||||||
|  |     version: 3.0.31 | ||||||
|  |     condition: valkey.enabled | ||||||
|   | |||||||
							
								
								
									
										13
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						
									
										13
									
								
								Makefile
									
									
									
									
									
								
							| @@ -1,3 +1,5 @@ | |||||||
|  | SHELL := /usr/bin/env bash -O globstar | ||||||
|  |  | ||||||
| .PHONY: prepare-environment | .PHONY: prepare-environment | ||||||
| prepare-environment: | prepare-environment: | ||||||
| 	npm install | 	npm install | ||||||
| @@ -8,8 +10,15 @@ readme: prepare-environment | |||||||
| 	npm run readme:lint | 	npm run readme:lint | ||||||
|  |  | ||||||
| .PHONY: unittests | .PHONY: unittests | ||||||
| unittests: | unittests: unittests-helm unittests-bash | ||||||
| 	helm unittest --strict -f 'unittests/**/*.yaml' ./ |  | ||||||
|  | .PHONY: unittests-helm | ||||||
|  | unittests-helm: | ||||||
|  | 	helm unittest --strict -f 'unittests/helm/**/*.yaml' -f 'unittests/helm/values-conflicting-checks.yaml' ./ | ||||||
|  |  | ||||||
|  | .PHONY: unittests-bash | ||||||
|  | unittests-bash: | ||||||
|  | 	./unittests/bash/bats/bin/bats --pretty ./unittests/bash/tests/**/*.bats | ||||||
|  |  | ||||||
| .PHONY: helm | .PHONY: helm | ||||||
| update-helm-dependencies: | update-helm-dependencies: | ||||||
|   | |||||||
							
								
								
									
										528
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										528
									
								
								README.md
									
									
									
									
									
								
							| @@ -3,12 +3,22 @@ | |||||||
| - [Introduction](#introduction) | - [Introduction](#introduction) | ||||||
| - [Update and versioning policy](#update-and-versioning-policy) | - [Update and versioning policy](#update-and-versioning-policy) | ||||||
| - [Dependencies](#dependencies) | - [Dependencies](#dependencies) | ||||||
|  |   - [HA Dependencies](#ha-dependencies) | ||||||
|  |   - [Non-HA Dependencies](#non-ha-dependencies) | ||||||
|  |   - [Dependency Versioning](#dependency-versioning) | ||||||
| - [Installing](#installing) | - [Installing](#installing) | ||||||
| - [High Availability](#high-availability) | - [High Availability](#high-availability) | ||||||
|  | - [Limit resources](#limit-resources) | ||||||
| - [Configuration](#configuration) | - [Configuration](#configuration) | ||||||
|   - [Default Configuration](#default-configuration) |   - [Default Configuration](#default-configuration) | ||||||
|   - [Minimal Configuration](#minimal-configuration) |     - [Database defaults](#database-defaults) | ||||||
|  |     - [Server defaults](#server-defaults) | ||||||
|  |     - [Metrics defaults](#metrics-defaults) | ||||||
|  |     - [Rootless Defaults](#rootless-defaults) | ||||||
|  |     - [Session, Cache and Queue](#session-cache-and-queue) | ||||||
|  |   - [Single-Pod Configurations](#single-pod-configurations) | ||||||
|   - [Additional _app.ini_ settings](#additional-appini-settings) |   - [Additional _app.ini_ settings](#additional-appini-settings) | ||||||
|  |     - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini) | ||||||
|   - [External Database](#external-database) |   - [External Database](#external-database) | ||||||
|   - [Ports and external url](#ports-and-external-url) |   - [Ports and external url](#ports-and-external-url) | ||||||
|   - [ClusterIP](#clusterip) |   - [ClusterIP](#clusterip) | ||||||
| @@ -21,8 +31,11 @@ | |||||||
|   - [OAuth2 Settings](#oauth2-settings) |   - [OAuth2 Settings](#oauth2-settings) | ||||||
| - [Configure commit signing](#configure-commit-signing) | - [Configure commit signing](#configure-commit-signing) | ||||||
| - [Metrics and profiling](#metrics-and-profiling) | - [Metrics and profiling](#metrics-and-profiling) | ||||||
|  |   - [Secure Metrics Endpoint](#secure-metrics-endpoint) | ||||||
| - [Pod annotations](#pod-annotations) | - [Pod annotations](#pod-annotations) | ||||||
|  | - [TLS certificate rotation](#tls-certificate-rotation) | ||||||
| - [Themes](#themes) | - [Themes](#themes) | ||||||
|  | - [Renovate](#renovate) | ||||||
| - [Parameters](#parameters) | - [Parameters](#parameters) | ||||||
|   - [Global](#global) |   - [Global](#global) | ||||||
|   - [strategy](#strategy) |   - [strategy](#strategy) | ||||||
| @@ -39,14 +52,15 @@ | |||||||
|   - [LivenessProbe](#livenessprobe) |   - [LivenessProbe](#livenessprobe) | ||||||
|   - [ReadinessProbe](#readinessprobe) |   - [ReadinessProbe](#readinessprobe) | ||||||
|   - [StartupProbe](#startupprobe) |   - [StartupProbe](#startupprobe) | ||||||
|   - [redis-cluster](#redis-cluster) |   - [valkey-cluster](#valkey-cluster) | ||||||
|   - [PostgreSQL-ha](#postgresql-ha) |   - [valkey](#valkey) | ||||||
|  |   - [PostgreSQL HA](#postgresql-ha) | ||||||
|   - [PostgreSQL](#postgresql) |   - [PostgreSQL](#postgresql) | ||||||
|   - [Advanced](#advanced) |   - [Advanced](#advanced) | ||||||
| - [Contributing](#contributing) | - [Contributing](#contributing) | ||||||
| - [Upgrading](#upgrading) | - [Upgrading](#upgrading) | ||||||
|  |  | ||||||
| [Gitea](https://gitea.io/en-us/) is a community managed lightweight code hosting solution written in Go. | [Gitea](https://gitea.com) is a community managed lightweight code hosting solution written in Go. | ||||||
| It is published under the MIT license. | It is published under the MIT license. | ||||||
|  |  | ||||||
| ## Introduction | ## Introduction | ||||||
| @@ -58,7 +72,7 @@ Additionally, this chart allows to provide LDAP and admin user configuration wit | |||||||
| ## Update and versioning policy | ## Update and versioning policy | ||||||
|  |  | ||||||
| The Gitea helm chart versioning does not follow Gitea's versioning. | The Gitea helm chart versioning does not follow Gitea's versioning. | ||||||
| The latest chart version can be looked up in [https://dl.gitea.com/charts](https://dl.gitea.com/charts) or in the [repository releases](https://gitea.com/gitea/helm-chart/releases). | The latest chart version can be looked up in [https://dl.gitea.com/charts](https://dl.gitea.com/charts) or in the [repository releases](https://gitea.com/gitea/helm-gitea/releases). | ||||||
|  |  | ||||||
| The chart aims to follow Gitea's releases closely. | The chart aims to follow Gitea's releases closely. | ||||||
| There might be times when the chart is behind the latest Gitea release. | There might be times when the chart is behind the latest Gitea release. | ||||||
| @@ -73,38 +87,117 @@ Yet most often no issues will be encountered and the chart maintainers aim to co | |||||||
|  |  | ||||||
| ## Dependencies | ## Dependencies | ||||||
|  |  | ||||||
| Gitea can be run with an external database and cache. | Gitea is most performant when run with an external database and cache. | ||||||
| This chart provides those dependencies, which can be enabled, or disabled via configuration. | This chart provides those dependencies via sub-charts. | ||||||
|  | Users can also configure their own external providers via the configuration. | ||||||
|  |  | ||||||
| Dependencies: | ### HA Dependencies | ||||||
|  |  | ||||||
| - PostgreSQL HA ([configuration](#postgresql)) | These dependencies are enabled by default: | ||||||
| - Redis Cluster ([configuration](#cache)) |  | ||||||
|  | - PostgreSQL HA ([Bitnami PostgreSQL-HA](https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml)) | ||||||
|  | - Valkey-Cluster ([Bitnami Valkey-Cluster](https://github.com/bitnami/charts/blob/main/bitnami/valkey-cluster/Chart.yaml)) | ||||||
|  |  | ||||||
|  | ### Non-HA Dependencies | ||||||
|  |  | ||||||
|  | Alternatively, the following non-HA replacements are available: | ||||||
|  |  | ||||||
|  | - PostgreSQL ([Bitnami PostgreSQL](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml)) | ||||||
|  | - Valkey ([Bitnami Valkey](https://github.com/bitnami/charts/blob/main/bitnami/valkey/Chart.yaml)) | ||||||
|  |  | ||||||
|  | ### Dependency Versioning | ||||||
|  |  | ||||||
|  | Updates of sub-charts will be incorporated into the Gitea chart as they are released. | ||||||
|  | The reasoning behind this is that new users of the chart will start with the most recent sub-chart dependency versions. | ||||||
|  |  | ||||||
|  | **Note** If you want to stay on an older appVersion of a sub-chart dependency (e.g. PostgreSQL), you need to override the image tag in your `values.yaml` file. | ||||||
|  | In fact, we recommend to do so right from the start to be independent of major sub-chart dependency changes as they are released. | ||||||
|  | There is no need to update to every new PostgreSQL major version - you can happily skip some and do larger updates when you are ready for them. | ||||||
|  |  | ||||||
|  | We recommend to use a rolling tag like `:<majorVersion>-debian-<debian major version>` to incorporate minor and patch updates for the respective major version as they are released. | ||||||
|  | Alternatively you can also use a versioning helper tool like [renovate](https://github.com/renovatebot/renovate). | ||||||
|  |  | ||||||
|  | Please double-check the image repository and available tags in the sub-chart: | ||||||
|  |  | ||||||
|  | - [PostgreSQL-HA](https://hub.docker.com/r/bitnami/postgresql-repmgr/tags) | ||||||
|  | - [PostgreSQL](https://hub.docker.com/r/bitnami/postgresql/tags) | ||||||
|  | - [Valkey Cluster](https://hub.docker.com/r/bitnami/valkey-cluster/tags) | ||||||
|  | - [Valkey](https://hub.docker.com/r/bitnami/valkey/tags) | ||||||
|  |  | ||||||
|  | and look up the image tag which fits your needs on Dockerhub. | ||||||
|  |  | ||||||
| ## Installing | ## Installing | ||||||
|  |  | ||||||
| ```sh | ```sh | ||||||
| helm repo add gitea-charts https://dl.gitea.io/charts/ | helm repo add gitea-charts https://dl.gitea.com/charts/ | ||||||
| helm repo update | helm repo update | ||||||
| helm install gitea gitea-charts/gitea | helm install gitea gitea-charts/gitea | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  | Alternatively, the chart can also be installed from Dockerhub (since v9.6.0) | ||||||
|  |  | ||||||
|  | ```sh | ||||||
|  | helm install gitea oci://registry-1.docker.io/giteacharts/gitea | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | To avoid potential Dockerhub rate limits, the chart can also be installed via [docker.gitea.com](https://blog.gitea.com/docker-registry-update/) (since v9.6.0) | ||||||
|  |  | ||||||
|  | ```sh | ||||||
|  | helm install gitea oci://docker.gitea.com/charts/gitea | ||||||
|  | ``` | ||||||
|  |  | ||||||
| When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom of this document for major and breaking changes. | When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom of this document for major and breaking changes. | ||||||
|  |  | ||||||
| ## High Availability | ## High Availability | ||||||
|  |  | ||||||
| ⚠️ **EXPERIMENTAL** ⚠️ | Since version 9.0.0 this chart supports running Gitea and it's dependencies in HA mode. | ||||||
|  | Care must be taken for production use as not all implementation details of Gitea core are officially HA-ready yet. | ||||||
| Since version 9.0.0 this chart has experimental support for running Gitea and it's dependencies in a HA setup. |  | ||||||
| The setup is still experimental and care must be taken for production use as Gitea core is not yet officially HA-ready. |  | ||||||
|  |  | ||||||
| Deploying a HA-ready Gitea instance requires some effort including using HA-ready dependencies. | Deploying a HA-ready Gitea instance requires some effort including using HA-ready dependencies. | ||||||
| See the [HA Setup](docs/ha-setup.md) document for more details. | See the [HA Setup](docs/ha-setup.md) document for more details. | ||||||
|  |  | ||||||
|  | ## Limit resources | ||||||
|  |  | ||||||
|  | If the application is deployed with a CPU resource limit, Prometheus may throw a CPU throttling warning for the | ||||||
|  | application. This has more or less to do with the fact that the application finds the number of CPUs of the host, but | ||||||
|  | cannot use the available CPU time to perform computing operations. | ||||||
|  |  | ||||||
|  | The application must be informed that despite several CPUs only a part (limit) of the available computing time is | ||||||
|  | available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way | ||||||
|  | of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS | ||||||
|  | rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling. | ||||||
|  |  | ||||||
|  | Further information about this topic can be found [under this link](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/). | ||||||
|  |  | ||||||
|  | > [!NOTE] | ||||||
|  | > The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is | ||||||
|  | > not anymore required. | ||||||
|  | > | ||||||
|  | > Please note that a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully. | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | deployment: | ||||||
|  |   env: | ||||||
|  |     # Will be automatically defined! | ||||||
|  |     - name: GOMAXPROCS | ||||||
|  |       valueFrom: | ||||||
|  |         resourceFieldRef: | ||||||
|  |           divisor: "1" # Is required for GitDevOps systems like ArgoCD/Flux. Otherwise throw the system a diff error. (k8s-default=1) | ||||||
|  |           resource: limits.cpu | ||||||
|  |  | ||||||
|  | resources: | ||||||
|  |   limits: | ||||||
|  |     cpu: 1000m | ||||||
|  |     memory: 512Mi | ||||||
|  |   requests: | ||||||
|  |     cpu: 100m | ||||||
|  |     memory: 512Mi | ||||||
|  | ``` | ||||||
|  |  | ||||||
| ## Configuration | ## Configuration | ||||||
|  |  | ||||||
| Gitea offers lots of configuration options. | Gitea offers lots of configuration options. | ||||||
| This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/). | This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.com/administration/config-cheat-sheet). | ||||||
|  |  | ||||||
| ```yaml | ```yaml | ||||||
| gitea: | gitea: | ||||||
| @@ -167,22 +260,93 @@ The Prometheus `/metrics` endpoint is disabled by default. | |||||||
| ENABLED = false | ENABLED = false | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| ### Minimal Configuration | #### Rootless Defaults | ||||||
|  |  | ||||||
| For a minimal installation, i.e. without HA dependencies and using the built-in SQLITE DB instead of Postgres, the following configuration can be used: | If `.Values.image.rootless: true`, then the following will occur. In case you use `.Values.image.fullOverride`, check that this works in your image: | ||||||
|  |  | ||||||
| ```yaml | - `$HOME` becomes `/data/gitea/git` | ||||||
| redis-cluster: |  | ||||||
|  |   [see deployment.yaml](./templates/gitea/deployment.yaml) template inside (init-)container "env" declarations | ||||||
|  |  | ||||||
|  | - `START_SSH_SERVER: true` (Unless explicity overwritten by `gitea.config.server.START_SSH_SERVER`) | ||||||
|  |  | ||||||
|  |   [see \_helpers.tpl](./templates/_helpers.tpl) in `gitea.inline_configuration.defaults.server` definition | ||||||
|  |  | ||||||
|  | - `SSH_LISTEN_PORT: 2222` (Unless explicity overwritten by `gitea.config.server.SSH_LISTEN_PORT`) | ||||||
|  |  | ||||||
|  |   [see \_helpers.tpl](./templates/_helpers.tpl) in `gitea.inline_configuration.defaults.server` definition | ||||||
|  |  | ||||||
|  | - `SSH_LOG_LEVEL` environment variable is not injected into the container | ||||||
|  |  | ||||||
|  |   [see deployment.yaml](./templates/gitea/deployment.yaml) template inside container "env" declarations | ||||||
|  |  | ||||||
|  | #### Session, Cache and Queue | ||||||
|  |  | ||||||
|  | The session, cache and queue settings are set to use the built-in Valkey Cluster sub-chart dependency. | ||||||
|  | If Valkey Cluster is disabled, the chart will fall back to the Gitea defaults which use "memory" for `session` and `cache` and "level" for `queue`. | ||||||
|  |  | ||||||
|  | While these will work and even not cause immediate issues after startup, **they are not recommended for production use**. | ||||||
|  | Reasons being that a single pod will take on all the work for `session` and `cache` tasks in its available memory. | ||||||
|  | It is likely that the pod will run out of memory or will face substantial memory spikes, depending on the workload. | ||||||
|  | External tools such as `valkey-cluster` or `memcached` handle these workloads much better. | ||||||
|  |  | ||||||
|  | ### Single-Pod Configurations | ||||||
|  |  | ||||||
|  | If HA is not needed/desired, the following configurations can be used to deploy a single-pod Gitea instance. | ||||||
|  |  | ||||||
|  | 1. For a production-ready single-pod Gitea instance without external dependencies (using the chart dependency `postgresql` and `valkey`): | ||||||
|  |  | ||||||
|  |    <details> | ||||||
|  |  | ||||||
|  |    <summary>values.yml</summary> | ||||||
|  |  | ||||||
|  |    ```yaml | ||||||
|  |    valkey-cluster: | ||||||
|      enabled: false |      enabled: false | ||||||
| postgresql: |    valkey: | ||||||
|   enabled: false |      enabled: true | ||||||
| postgresql-ha: |    postgresql: | ||||||
|  |      enabled: true | ||||||
|  |    postgresql-ha: | ||||||
|      enabled: false |      enabled: false | ||||||
|  |  | ||||||
| persistence: |    persistence: | ||||||
|  |      enabled: true | ||||||
|  |  | ||||||
|  |    gitea: | ||||||
|  |      config: | ||||||
|  |        database: | ||||||
|  |          DB_TYPE: postgres | ||||||
|  |        indexer: | ||||||
|  |          ISSUE_INDEXER_TYPE: bleve | ||||||
|  |          REPO_INDEXER_ENABLED: true | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  |    </details> | ||||||
|  |  | ||||||
|  | 2. For a minimal DEV installation (using the built-in sqlite DB instead of Postgres): | ||||||
|  |  | ||||||
|  |    This will result in a single-pod Gitea instance _without any dependencies and persistence_. | ||||||
|  |    **Do not use this configuration for production use**. | ||||||
|  |  | ||||||
|  |    <details> | ||||||
|  |  | ||||||
|  |    <summary>values.yml</summary> | ||||||
|  |  | ||||||
|  |    ```yaml | ||||||
|  |    valkey-cluster: | ||||||
|  |      enabled: false | ||||||
|  |    valkey: | ||||||
|  |      enabled: false | ||||||
|  |    postgresql: | ||||||
|  |      enabled: false | ||||||
|  |    postgresql-ha: | ||||||
|      enabled: false |      enabled: false | ||||||
|  |  | ||||||
| gitea: |    persistence: | ||||||
|  |      enabled: false | ||||||
|  |  | ||||||
|  |    gitea: | ||||||
|      config: |      config: | ||||||
|        database: |        database: | ||||||
|          DB_TYPE: sqlite3 |          DB_TYPE: sqlite3 | ||||||
| @@ -192,14 +356,13 @@ gitea: | |||||||
|          ADAPTER: memory |          ADAPTER: memory | ||||||
|        queue: |        queue: | ||||||
|          TYPE: level |          TYPE: level | ||||||
| ``` |    ``` | ||||||
|  |  | ||||||
| This will result in a single-pod Gitea instance without any dependencies and persistence. |    </details> | ||||||
| Do not use this configuration for production use. |  | ||||||
|  |  | ||||||
| ### Additional _app.ini_ settings | ### Additional _app.ini_ settings | ||||||
|  |  | ||||||
| > **The [generic](https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default) | > **The [generic](https://docs.gitea.com/administration/config-cheat-sheet#overall-default) | ||||||
| > section cannot be defined that way.** | > section cannot be defined that way.** | ||||||
|  |  | ||||||
| Some settings inside _app.ini_ (like passwords or whole authentication configurations) must be considered sensitive and therefore should not be passed via plain text inside the _values.yaml_ file. | Some settings inside _app.ini_ (like passwords or whole authentication configurations) must be considered sensitive and therefore should not be passed via plain text inside the _values.yaml_ file. | ||||||
| @@ -286,7 +449,7 @@ Priority (highest to lowest) for defining app.ini variables: | |||||||
|  |  | ||||||
| ### External Database | ### External Database | ||||||
|  |  | ||||||
| Any external database listed in [https://docs.gitea.io/en-us/database-prep/](https://docs.gitea.io/en-us/database-prep/) can be used instead of the built-in PostgreSQL. | Any external database listed in [https://docs.gitea.com/installation/database-prep](https://docs.gitea.com/installation/database-prep) can be used instead of the built-in PostgreSQL. | ||||||
| In fact, it is **highly recommended** to use an external database to ensure a stable Gitea installation longterm. | In fact, it is **highly recommended** to use an external database to ensure a stable Gitea installation longterm. | ||||||
|  |  | ||||||
| If an external database is used, no matter which type, make sure to set `postgresql.enabled` to `false` to disable the use of the built-in PostgreSQL. | If an external database is used, no matter which type, make sure to set `postgresql.enabled` to `false` to disable the use of the built-in PostgreSQL. | ||||||
| @@ -304,6 +467,9 @@ gitea: | |||||||
|  |  | ||||||
| postgresql: | postgresql: | ||||||
|   enabled: false |   enabled: false | ||||||
|  |  | ||||||
|  | postgresql-ha: | ||||||
|  |   enabled: false | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| ### Ports and external url | ### Ports and external url | ||||||
| @@ -368,20 +534,23 @@ and the repository exists. | |||||||
| ``` | ``` | ||||||
|  |  | ||||||
| To solve this problem add the capability `SYS_CHROOT` to the `securityContext`. | To solve this problem add the capability `SYS_CHROOT` to the `securityContext`. | ||||||
| More about this issue [here](https://gitea.com/gitea/helm-chart/issues/161). | More about this issue [under this link](https://gitea.com/gitea/helm-gitea/issues/161). | ||||||
|  |  | ||||||
| ### Cache | ### Cache | ||||||
|  |  | ||||||
| The cache handling is done via `redis-cluster` (via the `bitnami` chart) by default. | The cache handling is done via `valkey-cluster` (via the `bitnami` chart) by default. | ||||||
| This deployment is HA-ready but can also be used for single-pod deployments. | This deployment is HA-ready but can also be used for single-pod deployments. | ||||||
| By default, 6 replicas are deployed for a working `redis-cluster` deployment. | By default, 6 replicas are deployed for a working `valkey-cluster` deployment. | ||||||
| Many cloud providers offer a managed redis service, which can be used instead of the built-in `redis-cluster`. | Many cloud providers offer a managed valkey service, which can be used instead of the built-in `valkey-cluster`. | ||||||
|  |  | ||||||
| ```yaml | ```yaml | ||||||
| redis-cluster: | valkey-cluster: | ||||||
|   enabled: true |   enabled: true | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  | ⚠️ The valkey charts [do not work well with special characters in the password](https://gitea.com/gitea/helm-chart/issues/690). | ||||||
|  | Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed. | ||||||
|  |  | ||||||
| ### Persistence | ### Persistence | ||||||
|  |  | ||||||
| Gitea will be deployed as a deployment. | Gitea will be deployed as a deployment. | ||||||
| @@ -415,7 +584,7 @@ You can interact with the postgres settings as displayed in the following exampl | |||||||
| postgresql: | postgresql: | ||||||
|   persistence: |   persistence: | ||||||
|     enabled: true |     enabled: true | ||||||
|     claimName: MyAwesomeGiteaPostgresClaim |     existingClaim: MyAwesomeGiteaPostgresClaim | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| ### Admin User | ### Admin User | ||||||
| @@ -453,10 +622,24 @@ gitea: | |||||||
|     existingSecret: gitea-admin-secret |     existingSecret: gitea-admin-secret | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  | Whether you use the existing Secret or specify a user name and password, there are three modes for how the admin user password is created or set. | ||||||
|  |  | ||||||
|  | - `keepUpdated` (the default) will set the admin user password, and reset it to the defined value every time the pod is recreated. | ||||||
|  | - `initialOnlyNoReset` will set the admin user password when creating it, but never try to update the password. | ||||||
|  | - `initialOnlyRequireReset` will set the admin user password when creating it, never update it, and require that the password be changed at the initial login. | ||||||
|  |  | ||||||
|  | These modes can be set like the following: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | gitea: | ||||||
|  |   admin: | ||||||
|  |     passwordMode: initialOnlyRequireReset | ||||||
|  | ``` | ||||||
|  |  | ||||||
| ### LDAP Settings | ### LDAP Settings | ||||||
|  |  | ||||||
| Like the admin user the LDAP settings can be updated. | Like the admin user the LDAP settings can be updated. | ||||||
| All LDAP values from <https://docs.gitea.io/en-us/command-line/#admin> are available. | All LDAP values from <https://docs.gitea.com/administration/command-line#admin> are available. | ||||||
|  |  | ||||||
| Multiple LDAP sources can be configured with additional LDAP list items. | Multiple LDAP sources can be configured with additional LDAP list items. | ||||||
|  |  | ||||||
| @@ -511,7 +694,7 @@ Affected options: | |||||||
|  |  | ||||||
| Like the admin user, OAuth2 settings can be updated and disabled but not deleted. | Like the admin user, OAuth2 settings can be updated and disabled but not deleted. | ||||||
| Deleting OAuth2 settings has to be done in the ui. | Deleting OAuth2 settings has to be done in the ui. | ||||||
| All OAuth2 values, which are documented [here](https://docs.gitea.io/en-us/command-line/#admin), are | All OAuth2 values, which are documented [under this link](https://docs.gitea.com/administration/command-line#admin), are | ||||||
| available. | available. | ||||||
|  |  | ||||||
| Multiple OAuth2 sources can be configured with additional OAuth list items. | Multiple OAuth2 sources can be configured with additional OAuth list items. | ||||||
| @@ -556,7 +739,7 @@ gitea: | |||||||
|  |  | ||||||
| When using the rootless image the gpg key folder is not persistent by default. | When using the rootless image the gpg key folder is not persistent by default. | ||||||
| If you consider using signed commits for internal Gitea activities (e.g. initial commit), you'd need to provide a signing key. | If you consider using signed commits for internal Gitea activities (e.g. initial commit), you'd need to provide a signing key. | ||||||
| Prior to [PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be re-imported once the container got replaced by another. | Prior to [PR186](https://gitea.com/gitea/helm-gitea/pulls/186), imported keys had to be re-imported once the container got replaced by another. | ||||||
|  |  | ||||||
| The mentioned PR introduced a new configuration object `signing` allowing you to configure prerequisites for commit signing. | The mentioned PR introduced a new configuration object `signing` allowing you to configure prerequisites for commit signing. | ||||||
| By default this section is disabled to maintain backwards compatibility. | By default this section is disabled to maintain backwards compatibility. | ||||||
| @@ -589,7 +772,7 @@ signing: | |||||||
| ``` | ``` | ||||||
|  |  | ||||||
| To use the gpg key, Gitea needs to be configured accordingly. | To use the gpg key, Gitea needs to be configured accordingly. | ||||||
| A detailed description can be found in the [official Gitea documentation](https://docs.gitea.io/en-us/signing/#general-configuration). | A detailed description can be found in the [official Gitea documentation](https://docs.gitea.com/administration/signing#general-configuration). | ||||||
|  |  | ||||||
| ## Metrics and profiling | ## Metrics and profiling | ||||||
|  |  | ||||||
| @@ -610,6 +793,21 @@ gitea: | |||||||
|       ENABLE_PPROF: true |       ENABLE_PPROF: true | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  | ### Secure Metrics Endpoint | ||||||
|  |  | ||||||
|  | Metrics endpoint `/metrics` can be secured by using `Bearer` token authentication. | ||||||
|  |  | ||||||
|  | **Note:** Providing non-empty `TOKEN` value will also require authentication for `ServiceMonitor`. | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | gitea: | ||||||
|  |   metrics: | ||||||
|  |     token: "secure-token" | ||||||
|  |     enabled: true | ||||||
|  |     serviceMonitor: | ||||||
|  |       enabled: true | ||||||
|  | ``` | ||||||
|  |  | ||||||
| ## Pod annotations | ## Pod annotations | ||||||
|  |  | ||||||
| Annotations can be added to the Gitea pod. | Annotations can be added to the Gitea pod. | ||||||
| @@ -619,6 +817,31 @@ gitea: | |||||||
|   podAnnotations: {} |   podAnnotations: {} | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  | ## TLS certificate rotation | ||||||
|  |  | ||||||
|  | If Gitea uses TLS certificates that are mounted as a secret in the container file system, Gitea will not automatically apply them when the TLS certificates are rotated. | ||||||
|  | Such a rotation can be for example triggered, when the cert-manager issues new TLS certificates before expiring. Further information is described as GitHub | ||||||
|  | [issue](https://github.com/go-gitea/gitea/issues/27962). | ||||||
|  |  | ||||||
|  | Until the issue is present, a workaround can be applied. | ||||||
|  | For example stakater's [reloader](https://github.com/stakater/Reloader) controller can be used to trigger a rolling update. | ||||||
|  | The following annotation must be added to instruct the reloader controller to trigger a rolling update, when the mounted `configMaps` and `secrets` have been changed. | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | deployment: | ||||||
|  |   annotations: | ||||||
|  |     reloader.stakater.com/auto: "true" | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | Instead of triggering a rolling update for configMap and secret resources, this action can also be defined for individual items. | ||||||
|  | For example, when the secret named `gitea-tls` is mounted and the reloader controller should only listen for changes of this secret: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | deployment: | ||||||
|  |   annotations: | ||||||
|  |     secret.reloader.stakater.com/reload: "gitea-tls" | ||||||
|  | ``` | ||||||
|  |  | ||||||
| ## Themes | ## Themes | ||||||
|  |  | ||||||
| Custom themes can be added via k8s secrets and referencing them in `values.yaml`. | Custom themes can be added via k8s secrets and referencing them in `values.yaml`. | ||||||
| @@ -634,7 +857,7 @@ extraVolumes: | |||||||
| extraVolumeMounts: | extraVolumeMounts: | ||||||
|   - name: gitea-themes |   - name: gitea-themes | ||||||
|     readOnly: true |     readOnly: true | ||||||
|     mountPath: "/data/gitea/public/css" |     mountPath: "/data/gitea/public/assets/css" | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| The secret can be created via `terraform`: | The secret can be created via `terraform`: | ||||||
| @@ -687,16 +910,45 @@ or natively via `kubectl`: | |||||||
| kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --namespace gitea | kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --namespace gitea | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  | ## Renovate | ||||||
|  |  | ||||||
|  | To be able to use a digest value which is automatically updated by `Renovate` a [customManager](https://docs.renovatebot.com/modules/manager/regex/) is required. | ||||||
|  | Here's an examplary `values.yml` definition which makes use of a digest: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | image: | ||||||
|  |   repository: gitea/gitea | ||||||
|  |   tag: 1.20.2 | ||||||
|  |   digest: sha256:6e3b85a36653894d6741d0aefb41dfaac39044e028a42e0a520cc05ebd7bfc3f | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | By default Renovate adds digest after the `tag`. | ||||||
|  | To comply with the Gitea helm chart definition of the digest parameter, a "customManagers" definition is required: | ||||||
|  |  | ||||||
|  | ```json | ||||||
|  | "customManagers": [ | ||||||
|  |   { | ||||||
|  |     "customType": "regex", | ||||||
|  |     "description": "Apply an explicit gitea digest field match", | ||||||
|  |     "fileMatch": ["values\\.ya?ml"], | ||||||
|  |     "matchStrings": ["(?<depName>gitea\\/gitea)\\n(?<indentation>\\s+)tag: (?<currentValue>[^@].*?)\\n\\s+digest: (?<currentDigest>sha256:[a-f0-9]+)"], | ||||||
|  |     "datasourceTemplate": "docker", | ||||||
|  |     "autoReplaceStringTemplate": "{{depName}}\n{{indentation}}tag: {{newValue}}\n{{indentation}}digest: {{#if newDigest}}{{{newDigest}}}{{else}}{{{currentDigest}}}{{/if}}" | ||||||
|  |   } | ||||||
|  | ] | ||||||
|  | ``` | ||||||
|  |  | ||||||
| ## Parameters | ## Parameters | ||||||
|  |  | ||||||
| ### Global | ### Global | ||||||
|  |  | ||||||
| | Name                      | Description                                                                                    | Value | | | Name                      | Description                                                                                    | Value | | ||||||
| | ------------------------- | ------------------------------------------------------------------------- | ----- | | | ------------------------- | ---------------------------------------------------------------------------------------------- | ----- | | ||||||
| | `global.imageRegistry`    | global image registry override                                                                 | `""`  | | | `global.imageRegistry`    | global image registry override                                                                 | `""`  | | ||||||
| | `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets`                      | `[]`  | | | `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets`                      | `[]`  | | ||||||
| | `global.storageClass`     | global storage class override                                                                  | `""`  | | | `global.storageClass`     | global storage class override                                                                  | `""`  | | ||||||
| | `global.hostAliases`      | global hostAliases which will be added to the pod's hosts files                                | `[]`  | | | `global.hostAliases`      | global hostAliases which will be added to the pod's hosts files                                | `[]`  | | ||||||
|  | | `namespace`               | An explicit namespace to deploy Gitea into. Defaults to the release namespace if not specified | `""`  | | ||||||
| | `replicaCount`            | number of replicas for the deployment                                                          | `1`   | | | `replicaCount`            | number of replicas for the deployment                                                          | `1`   | | ||||||
|  |  | ||||||
| ### strategy | ### strategy | ||||||
| @@ -711,12 +963,14 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | |||||||
| ### Image | ### Image | ||||||
|  |  | ||||||
| | Name                 | Description                                                                                                                                                      | Value              | | | Name                 | Description                                                                                                                                                      | Value              | | ||||||
| | ------------------ | --------------------------------------------------------------------------------------------------------------------------------------- | ------------- | | | -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------ | | ||||||
| | `image.registry`   | image registry, e.g. gcr.io,docker.io                                                                                                   | `""`          | | | `image.registry`     | image registry, e.g. gcr.io,docker.io                                                                                                                            | `docker.gitea.com` | | ||||||
| | `image.repository` | Image to start for this pod                                                                                                             | `gitea/gitea` | | | `image.repository`   | Image to start for this pod                                                                                                                                      | `gitea`            | | ||||||
| | `image.tag`          | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml.                          | `""`               | | | `image.tag`          | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml.                          | `""`               | | ||||||
| | `image.pullPolicy` | Image pull policy                                                                                                                       | `Always`      | | | `image.digest`       | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`                                                       | `""`               | | ||||||
|  | | `image.pullPolicy`   | Image pull policy                                                                                                                                                | `IfNotPresent`     | | ||||||
| | `image.rootless`     | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher                                                                        | `true`             | | | `image.rootless`     | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher                                                                        | `true`             | | ||||||
|  | | `image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** | `""`               | | ||||||
| | `imagePullSecrets`   | Secret to use for pulling the image                                                                                                                              | `[]`               | | | `imagePullSecrets`   | Secret to use for pulling the image                                                                                                                              | `[]`               | | ||||||
|  |  | ||||||
| ### Security | ### Security | ||||||
| @@ -743,6 +997,8 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | |||||||
| | `service.http.ipFamilies`               | HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). | `nil`       | | | `service.http.ipFamilies`               | HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). | `nil`       | | ||||||
| | `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer                                                                                                                                                            | `[]`        | | | `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer                                                                                                                                                            | `[]`        | | ||||||
| | `service.http.annotations`              | HTTP service annotations                                                                                                                                                                             | `{}`        | | | `service.http.annotations`              | HTTP service annotations                                                                                                                                                                             | `{}`        | | ||||||
|  | | `service.http.labels`                   | HTTP service additional labels                                                                                                                                                                       | `{}`        | | ||||||
|  | | `service.http.loadBalancerClass`        | Loadbalancer class                                                                                                                                                                                   | `nil`       | | ||||||
| | `service.ssh.type`                      | Kubernetes service type for ssh traffic                                                                                                                                                              | `ClusterIP` | | | `service.ssh.type`                      | Kubernetes service type for ssh traffic                                                                                                                                                              | `ClusterIP` | | ||||||
| | `service.ssh.port`                      | Port number for ssh traffic                                                                                                                                                                          | `22`        | | | `service.ssh.port`                      | Port number for ssh traffic                                                                                                                                                                          | `22`        | | ||||||
| | `service.ssh.clusterIP`                 | ClusterIP setting for ssh autosetup for deployment is None                                                                                                                                           | `None`      | | | `service.ssh.clusterIP`                 | ClusterIP setting for ssh autosetup for deployment is None                                                                                                                                           | `None`      | | ||||||
| @@ -755,19 +1011,20 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | |||||||
| | `service.ssh.hostPort`                  | HostPort for ssh service                                                                                                                                                                             | `nil`       | | | `service.ssh.hostPort`                  | HostPort for ssh service                                                                                                                                                                             | `nil`       | | ||||||
| | `service.ssh.loadBalancerSourceRanges`  | Source range filter for ssh loadbalancer                                                                                                                                                             | `[]`        | | | `service.ssh.loadBalancerSourceRanges`  | Source range filter for ssh loadbalancer                                                                                                                                                             | `[]`        | | ||||||
| | `service.ssh.annotations`               | SSH service annotations                                                                                                                                                                              | `{}`        | | | `service.ssh.annotations`               | SSH service annotations                                                                                                                                                                              | `{}`        | | ||||||
|  | | `service.ssh.labels`                    | SSH service additional labels                                                                                                                                                                        | `{}`        | | ||||||
|  | | `service.ssh.loadBalancerClass`         | Loadbalancer class                                                                                                                                                                                   | `nil`       | | ||||||
|  |  | ||||||
| ### Ingress | ### Ingress | ||||||
|  |  | ||||||
| | Name                             | Description                     | Value             | | | Name                             | Description                     | Value             | | ||||||
| | ------------------------------------ | --------------------------------------------------------------------------- | ----------------- | | | -------------------------------- | ------------------------------- | ----------------- | | ||||||
| | `ingress.enabled`                | Enable ingress                  | `false`           | | | `ingress.enabled`                | Enable ingress                  | `false`           | | ||||||
| | `ingress.className`                  | Ingress class name                                                          | `nil`             | | | `ingress.className`              | DEPRECATED: Ingress class name. | `""`              | | ||||||
|  | | `ingress.pathType`               | Ingress Path Type               | `Prefix`          | | ||||||
| | `ingress.annotations`            | Ingress annotations             | `{}`              | | | `ingress.annotations`            | Ingress annotations             | `{}`              | | ||||||
| | `ingress.hosts[0].host`          | Default Ingress host            | `git.example.com` | | | `ingress.hosts[0].host`          | Default Ingress host            | `git.example.com` | | ||||||
| | `ingress.hosts[0].paths[0].path` | Default Ingress path            | `/`               | | | `ingress.hosts[0].paths[0].path` | Default Ingress path            | `/`               | | ||||||
| | `ingress.hosts[0].paths[0].pathType` | Ingress path type                                                           | `Prefix`          | |  | ||||||
| | `ingress.tls`                    | Ingress tls settings            | `[]`              | | | `ingress.tls`                    | Ingress tls settings            | `[]`              | | ||||||
| | `ingress.apiVersion`                 | Specify APIVersion of ingress object. Mostly would only be used for argocd. |                   | |  | ||||||
|  |  | ||||||
| ### deployment | ### deployment | ||||||
|  |  | ||||||
| @@ -812,6 +1069,9 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | |||||||
| | `persistence.storageClass`                        | Name of the storage class to use                                                                      | `nil`                  | | | `persistence.storageClass`                        | Name of the storage class to use                                                                      | `nil`                  | | ||||||
| | `persistence.subPath`                             | Subdirectory of the volume to mount at                                                                | `nil`                  | | | `persistence.subPath`                             | Subdirectory of the volume to mount at                                                                | `nil`                  | | ||||||
| | `persistence.volumeName`                          | Name of persistent volume in PVC                                                                      | `""`                   | | | `persistence.volumeName`                          | Name of persistent volume in PVC                                                                      | `""`                   | | ||||||
|  | | `extraContainers`                                 | Additional sidecar containers to run in the pod                                                       | `[]`                   | | ||||||
|  | | `preExtraInitContainers`                          | Additional init containers to run in the pod before Gitea runs it owns init containers.               | `[]`                   | | ||||||
|  | | `postExtraInitContainers`                         | Additional init containers to run in the pod after Gitea runs it owns init containers.                | `[]`                   | | ||||||
| | `extraVolumes`                                    | Additional volumes to mount to the Gitea deployment                                                   | `[]`                   | | | `extraVolumes`                                    | Additional volumes to mount to the Gitea deployment                                                   | `[]`                   | | ||||||
| | `extraContainerVolumeMounts`                      | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]`                   | | | `extraContainerVolumeMounts`                      | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]`                   | | ||||||
| | `extraInitVolumeMounts`                           | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration.    | `[]`                   | | | `extraInitVolumeMounts`                           | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration.    | `[]`                   | | ||||||
| @@ -820,8 +1080,9 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | |||||||
| ### Init | ### Init | ||||||
|  |  | ||||||
| | Name                                       | Description                                                                          | Value        | | | Name                                       | Description                                                                          | Value        | | ||||||
| | ------------------------------------------ | ------------------------------------------------------------------------------------ | ------- | | | ------------------------------------------ | ------------------------------------------------------------------------------------ | ------------ | | ||||||
| | `initPreScript`                            | Bash shell script copied verbatim to the start of the init-container.                | `""`         | | | `initPreScript`                            | Bash shell script copied verbatim to the start of the init-container.                | `""`         | | ||||||
|  | | `initContainersScriptsVolumeMountPath`     | Path to mount the scripts consumed from the Secrets                                  | `/usr/sbinx` | | ||||||
| | `initContainers.resources.limits`          | initContainers.limits Kubernetes resource limits for init containers                 | `{}`         | | | `initContainers.resources.limits`          | initContainers.limits Kubernetes resource limits for init containers                 | `{}`         | | ||||||
| | `initContainers.resources.requests.cpu`    | initContainers.requests.cpu Kubernetes cpu resource limits for init containers       | `100m`       | | | `initContainers.resources.requests.cpu`    | initContainers.requests.cpu Kubernetes cpu resource limits for init containers       | `100m`       | | ||||||
| | `initContainers.resources.requests.memory` | initContainers.requests.memory Kubernetes memory resource limits for init containers | `128Mi`      | | | `initContainers.resources.requests.memory` | initContainers.requests.memory Kubernetes memory resource limits for init containers | `128Mi`      | | ||||||
| @@ -832,19 +1093,26 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | |||||||
| | ------------------------ | ----------------------------------------------------------------- | ------------------ | | | ------------------------ | ----------------------------------------------------------------- | ------------------ | | ||||||
| | `signing.enabled`        | Enable commit/action signing                                      | `false`            | | | `signing.enabled`        | Enable commit/action signing                                      | `false`            | | ||||||
| | `signing.gpgHome`        | GPG home directory                                                | `/data/git/.gnupg` | | | `signing.gpgHome`        | GPG home directory                                                | `/data/git/.gnupg` | | ||||||
| | `signing.privateKey`     | Inline private gpg key for signed Gitea actions                   | `""`               | | | `signing.privateKey`     | Inline private gpg key for signed internal Git activity           | `""`               | | ||||||
| | `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""`               | | | `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""`               | | ||||||
|  |  | ||||||
| ### Gitea | ### Gitea | ||||||
|  |  | ||||||
| | Name                                         | Description                                                                                                                    | Value                | | | Name                                         | Description                                                                                                                    | Value                | | ||||||
| | -------------------------------------- | ------------------------------------------------------------------------- | -------------------- | | | -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | -------------------- | | ||||||
| | `gitea.admin.username`                       | Username for the Gitea admin user                                                                                              | `gitea_admin`        | | | `gitea.admin.username`                       | Username for the Gitea admin user                                                                                              | `gitea_admin`        | | ||||||
| | `gitea.admin.existingSecret`                 | Use an existing secret to store admin user credentials                                                                         | `nil`                | | | `gitea.admin.existingSecret`                 | Use an existing secret to store admin user credentials                                                                         | `nil`                | | ||||||
| | `gitea.admin.password`                       | Password for the Gitea admin user                                                                                              | `r8sA8CPHD9!bt6d`    | | | `gitea.admin.password`                       | Password for the Gitea admin user                                                                                              | `r8sA8CPHD9!bt6d`    | | ||||||
| | `gitea.admin.email`                          | Email for the Gitea admin user                                                                                                 | `gitea@local.domain` | | | `gitea.admin.email`                          | Email for the Gitea admin user                                                                                                 | `gitea@local.domain` | | ||||||
|  | | `gitea.admin.passwordMode`                   | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated  | `keepUpdated`        | | ||||||
| | `gitea.metrics.enabled`                      | Enable Gitea metrics                                                                                                           | `false`              | | | `gitea.metrics.enabled`                      | Enable Gitea metrics                                                                                                           | `false`              | | ||||||
| | `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor                                      | `false`              | | | `gitea.metrics.token`                        | used for `bearer` token authentication on metrics endpoint. If not specified or empty metrics endpoint is public.              | `nil`                | | ||||||
|  | | `gitea.metrics.serviceMonitor.enabled`       | Enable Gitea metrics service monitor. Requires, that `gitea.metrics.enabled` is also set to true, to enable metrics generally. | `false`              | | ||||||
|  | | `gitea.metrics.serviceMonitor.interval`      | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.                      | `""`                 | | ||||||
|  | | `gitea.metrics.serviceMonitor.relabelings`   | RelabelConfigs to apply to samples before scraping.                                                                            | `[]`                 | | ||||||
|  | | `gitea.metrics.serviceMonitor.scheme`        | HTTP scheme to use for scraping. For example `http` or `https`. Default is http.                                               | `""`                 | | ||||||
|  | | `gitea.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.                           | `""`                 | | ||||||
|  | | `gitea.metrics.serviceMonitor.tlsConfig`     | TLS configuration to use when scraping the metric endpoint by Prometheus.                                                      | `{}`                 | | ||||||
| | `gitea.ldap`                                 | LDAP configuration                                                                                                             | `[]`                 | | | `gitea.ldap`                                 | LDAP configuration                                                                                                             | `[]`                 | | ||||||
| | `gitea.oauth`                                | OAuth configuration                                                                                                            | `[]`                 | | | `gitea.oauth`                                | OAuth configuration                                                                                                            | `[]`                 | | ||||||
| | `gitea.config.server.SSH_PORT`               | SSH port for rootlful Gitea image                                                                                              | `22`                 | | | `gitea.config.server.SSH_PORT`               | SSH port for rootlful Gitea image                                                                                              | `22`                 | | ||||||
| @@ -890,38 +1158,73 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | |||||||
| | `gitea.startupProbe.successThreshold`    | Success threshold for startup probe             | `1`     | | | `gitea.startupProbe.successThreshold`    | Success threshold for startup probe             | `1`     | | ||||||
| | `gitea.startupProbe.failureThreshold`    | Failure threshold for startup probe             | `10`    | | | `gitea.startupProbe.failureThreshold`    | Failure threshold for startup probe             | `10`    | | ||||||
|  |  | ||||||
| ### redis-cluster | ### valkey-cluster | ||||||
|  |  | ||||||
|  | Valkey cluster and [Valkey](#valkey) cannot be enabled at the same time. | ||||||
|  |  | ||||||
| | Name                                                | Description                                                           | Value                          | | | Name                                                | Description                                                           | Value                          | | ||||||
| | --------------------------- | -------------------------------------- | ------- | | | --------------------------------------------------- | --------------------------------------------------------------------- | ------------------------------ | | ||||||
| | `redis-cluster.enabled`     | Enable redis                           | `true`  | | | `valkey-cluster.enabled`                            | Enable valkey cluster                                                 | `true`                         | | ||||||
| | `redis-cluster.usePassword` | Whether to use password authentication | `false` | | | `valkey-cluster.usePassword`                        | Whether to use password authentication.                               | `false`                        | | ||||||
|  | | `valkey-cluster.usePasswordFiles`                   | Whether to mount passwords as files instead of environment variables. | `false`                        | | ||||||
|  | | `valkey-cluster.image.repository`                   | Image repository, eg. `bitnamilegacy/valkey-cluster`.                 | `bitnamilegacy/valkey-cluster` | | ||||||
|  | | `valkey-cluster.cluster.nodes`                      | Number of valkey cluster master nodes                                 | `3`                            | | ||||||
|  | | `valkey-cluster.cluster.replicas`                   | Number of valkey cluster master node replicas                         | `0`                            | | ||||||
|  | | `valkey-cluster.metrics.image.repository`           | Image repository, eg. `bitnamilegacy/redis-exporter`.                 | `bitnamilegacy/redis-exporter` | | ||||||
|  | | `valkey-cluster.service.ports.valkey`               | Port of Valkey service                                                | `6379`                         | | ||||||
|  | | `valkey-cluster.sysctlImage.repository`             | Image repository, eg. `bitnamilegacy/os-shell`.                       | `bitnamilegacy/os-shell`       | | ||||||
|  | | `valkey-cluster.volumePermissions.image.repository` | Image repository, eg. `bitnamilegacy/os-shell`.                       | `bitnamilegacy/os-shell`       | | ||||||
|  |  | ||||||
| ### PostgreSQL-ha | ### valkey | ||||||
|  |  | ||||||
|  | Valkey and [Valkey cluster](#valkey-cluster) cannot be enabled at the same time. | ||||||
|  |  | ||||||
| | Name                                        | Description                                           | Value                           | | | Name                                        | Description                                           | Value                           | | ||||||
| | ------------------------------------------- | ---------------------------------------------------------------- | ----------- | | | ------------------------------------------- | ----------------------------------------------------- | ------------------------------- | | ||||||
| | `postgresql-ha.enabled`                     | Enable PostgreSQL-ha                                             | `true`      | | | `valkey.enabled`                            | Enable valkey standalone or replicated                | `false`                         | | ||||||
| | `postgresql-ha.postgresql.password`         | Password for the `gitea` user (overrides `auth.password`)        | `changeme4` | | | `valkey.architecture`                       | Whether to use standalone or replication              | `standalone`                    | | ||||||
|  | | `valkey.kubectl.image.repository`           | Image repository, eg. `bitnamilegacy/kubectl`.        | `bitnamilegacy/kubectl`         | | ||||||
|  | | `valkey.image.repository`                   | Image repository, eg. `bitnamilegacy/valkey`.         | `bitnamilegacy/valkey`          | | ||||||
|  | | `valkey.global.valkey.password`             | Required password                                     | `changeme`                      | | ||||||
|  | | `valkey.master.count`                       | Number of Valkey master instances to deploy           | `1`                             | | ||||||
|  | | `valkey.master.service.ports.valkey`        | Port of Valkey service                                | `6379`                          | | ||||||
|  | | `valkey.metrics.image.repository`           | Image repository, eg. `bitnamilegacy/redis-exporter`. | `bitnamilegacy/redis-exporter`  | | ||||||
|  | | `valkey.sentinel.image.repository`          | Image repository, eg. `bitnamilegacy/sentinel`.       | `bitnamilegacy/valkey-sentinel` | | ||||||
|  | | `valkey.volumePermissions.image.repository` | Image repository, eg. `bitnamilegacy/os-shell`.       | `bitnamilegacy/os-shell`        | | ||||||
|  |  | ||||||
|  | ### PostgreSQL HA | ||||||
|  |  | ||||||
|  | | Name                                               | Description                                                      | Value                             | | ||||||
|  | | -------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------- | | ||||||
|  | | `postgresql-ha.enabled`                            | Enable PostgreSQL HA                                             | `true`                            | | ||||||
| | `postgresql-ha.global.postgresql.database`         | Name for a custom database to create (overrides `auth.database`) | `gitea`                           | | | `postgresql-ha.global.postgresql.database`         | Name for a custom database to create (overrides `auth.database`) | `gitea`                           | | ||||||
| | `postgresql-ha.global.postgresql.username`         | Name for a custom user to create (overrides `auth.username`)     | `gitea`                           | | | `postgresql-ha.global.postgresql.username`         | Name for a custom user to create (overrides `auth.username`)     | `gitea`                           | | ||||||
| | `postgresql-ha.global.postgresql.password`         | Name for a custom password to create (overrides `auth.password`) | `gitea`                           | | | `postgresql-ha.global.postgresql.password`         | Name for a custom password to create (overrides `auth.password`) | `gitea`                           | | ||||||
|  | | `postgresql-ha.metrics.image.repository`           | Image repository, eg. `bitnamilegacy/postgres-exporter`.         | `bitnamilegacy/postgres-exporter` | | ||||||
|  | | `postgresql-ha.postgresql.image.repository`        | Image repository, eg. `bitnamilegacy/postgresql-repmgr`.         | `bitnamilegacy/postgresql-repmgr` | | ||||||
| | `postgresql-ha.postgresql.repmgrPassword`          | Repmgr Password                                                  | `changeme2`                       | | | `postgresql-ha.postgresql.repmgrPassword`          | Repmgr Password                                                  | `changeme2`                       | | ||||||
| | `postgresql-ha.postgresql.postgresPassword`        | postgres Password                                                | `changeme1`                       | | | `postgresql-ha.postgresql.postgresPassword`        | postgres Password                                                | `changeme1`                       | | ||||||
|  | | `postgresql-ha.postgresql.password`                | Password for the `gitea` user (overrides `auth.password`)        | `changeme4`                       | | ||||||
| | `postgresql-ha.pgpool.adminPassword`               | pgpool adminPassword                                             | `changeme3`                       | | | `postgresql-ha.pgpool.adminPassword`               | pgpool adminPassword                                             | `changeme3`                       | | ||||||
|  | | `postgresql-ha.pgpool.image.repository`            | Image repository, eg. `bitnamilegacy/pgpool`.                    | `bitnamilegacy/pgpool`            | | ||||||
|  | | `postgresql-ha.pgpool.srCheckPassword`             | pgpool srCheckPassword                                           | `changeme4`                       | | ||||||
| | `postgresql-ha.service.ports.postgresql`           | PostgreSQL service port (overrides `service.ports.postgresql`)   | `5432`                            | | | `postgresql-ha.service.ports.postgresql`           | PostgreSQL service port (overrides `service.ports.postgresql`)   | `5432`                            | | ||||||
| | `postgresql-ha.primary.persistence.size`    | PVC Storage Request for PostgreSQL-ha volume                     | `10Gi`      | | | `postgresql-ha.persistence.size`                   | PVC Storage Request for PostgreSQL HA volume                     | `10Gi`                            | | ||||||
|  | | `postgresql-ha.volumePermissions.image.repository` | Image repository, eg. `bitnamilegacy/os-shell`.                  | `bitnamilegacy/os-shell`          | | ||||||
|  |  | ||||||
| ### PostgreSQL | ### PostgreSQL | ||||||
|  |  | ||||||
| | Name                                                    | Description                                                      | Value                             | | | Name                                                    | Description                                                      | Value                             | | ||||||
| | ------------------------------------------------------- | ---------------------------------------------------------------- | ------- | | | ------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------- | | ||||||
| | `postgresql.enabled`                                    | Enable PostgreSQL                                                | `false`                           | | | `postgresql.enabled`                                    | Enable PostgreSQL                                                | `false`                           | | ||||||
| | `postgresql.global.postgresql.auth.password`            | Password for the `gitea` user (overrides `auth.password`)        | `gitea`                           | | | `postgresql.global.postgresql.auth.password`            | Password for the `gitea` user (overrides `auth.password`)        | `gitea`                           | | ||||||
| | `postgresql.global.postgresql.auth.database`            | Name for a custom database to create (overrides `auth.database`) | `gitea`                           | | | `postgresql.global.postgresql.auth.database`            | Name for a custom database to create (overrides `auth.database`) | `gitea`                           | | ||||||
| | `postgresql.global.postgresql.auth.username`            | Name for a custom user to create (overrides `auth.username`)     | `gitea`                           | | | `postgresql.global.postgresql.auth.username`            | Name for a custom user to create (overrides `auth.username`)     | `gitea`                           | | ||||||
| | `postgresql.global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`)   | `5432`                            | | | `postgresql.global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`)   | `5432`                            | | ||||||
|  | | `postgresql.image.repository`                           | Image repository, eg. `bitnamilegacy/postgresql`.                | `bitnamilegacy/postgresql`        | | ||||||
| | `postgresql.primary.persistence.size`                   | PVC Storage Request for PostgreSQL volume                        | `10Gi`                            | | | `postgresql.primary.persistence.size`                   | PVC Storage Request for PostgreSQL volume                        | `10Gi`                            | | ||||||
|  | | `postgresql.metrics.image.repository`                   | Image repository, eg. `bitnamilegacy/postgres-exporter`.         | `bitnamilegacy/postgres-exporter` | | ||||||
|  | | `postgresql.volumePermissions.image.repository`         | Image repository, eg. `bitnamilegacy/os-shell`.                  | `bitnamilegacy/os-shell`          | | ||||||
|  |  | ||||||
| ### Advanced | ### Advanced | ||||||
|  |  | ||||||
| @@ -947,6 +1250,77 @@ If you miss this, blindly upgrading may delete your Postgres instance and you ma | |||||||
|  |  | ||||||
| <details> | <details> | ||||||
|  |  | ||||||
|  | <summary>To 12.0.0</summary> | ||||||
|  |  | ||||||
|  | <!-- prettier-ignore-start --> | ||||||
|  | <!-- markdownlint-disable-next-line --> | ||||||
|  | **Breaking changes** | ||||||
|  | <!-- prettier-ignore-end --> | ||||||
|  |  | ||||||
|  | - Outsourced "Actions" related configuration. | ||||||
|  |   To deploy and use "Actions", please see the new dedicated chart at <https://gitea.com/gitea/helm-actions>. | ||||||
|  |   It is maintained by a seperate maintainer group and hasn't seen a release yet (at the time of the 12.0 release). | ||||||
|  |   Feel encouraged to contribute if "Actions" is important to you! | ||||||
|  |  | ||||||
|  |   This change was made to avoid overloading the existing helm chart, which is already quite large in size and configuration options. | ||||||
|  |   In addition, the existing maintainers team was not actively using "Actions" which slowed down development and community contributions. | ||||||
|  |   While the new chart is still young (and waiting for contributions! and maintainers), we believe that it is the best way moving forward for both parts. | ||||||
|  | - Migrated from Redis/Redis-cluster to Valkey/Valkey-cluster charts (#775). | ||||||
|  |   While marked as breaking, there is no need to migrate data. | ||||||
|  |   The cache will start to refill automatically. | ||||||
|  | - Migrated ingress from `networking.k8s.io/v1beta` to `networking.k8s.io/v1`. | ||||||
|  |   We didn't make any changes to the syntax, so the upgrade should be seamless. | ||||||
|  |  | ||||||
|  | </details> | ||||||
|  |  | ||||||
|  | <details> | ||||||
|  |  | ||||||
|  | <summary>To 11.0.0</summary> | ||||||
|  |  | ||||||
|  | <!-- prettier-ignore-start --> | ||||||
|  | <!-- markdownlint-disable-next-line --> | ||||||
|  | **Breaking changes** | ||||||
|  | <!-- prettier-ignore-end --> | ||||||
|  |  | ||||||
|  | - Update Gitea to 1.23.x (review the [1.23 release blog post](https://blog.gitea.com/release-of-1.23.0/) for all application breaking changes) | ||||||
|  | - Update PostgreSQL sub-chart dependencies to appVersion 17.x | ||||||
|  | - Update Redis sub-chart to version 20.x (appVersion 7.4) | ||||||
|  |   Although there are no breaking changes in the Redis Chart itself, it updates Redis from `7.2` to `7.4`. We recommend checking the release notes: | ||||||
|  |   - [Redis Chart release notes (starting with v20.0.0)](https://github.com/bitnami/charts/blob/HEAD/bitnami/redis/CHANGELOG.md#2000-2024-08-09). | ||||||
|  |   - [Redis 7.4 release notes](https://raw.githubusercontent.com/redis/redis/7.4/00-RELEASENOTES). | ||||||
|  | - Update Redis Cluster sub-chart to version 11.x (appVersion 7.4) | ||||||
|  |   Although there are no breaking changes in the Redis Chart itself, it updates Redis from `7.2` to `7.4`. We recommend checking the release notes: | ||||||
|  |   - [Redis Chart release notes (starting with v11.0.0)](https://github.com/bitnami/charts/blob/HEAD/bitnami/redis-cluster/CHANGELOG.md#1100-2024-08-09). | ||||||
|  |   - [Redis 7.4 release notes](https://raw.githubusercontent.com/redis/redis/7.4/00-RELEASENOTES). | ||||||
|  |   </details> | ||||||
|  |  | ||||||
|  | <details> | ||||||
|  |  | ||||||
|  | <summary>To 10.0.0</summary> | ||||||
|  |  | ||||||
|  | <!-- prettier-ignore-start --> | ||||||
|  | <!-- markdownlint-disable-next-line --> | ||||||
|  | **Breaking changes** | ||||||
|  | <!-- prettier-ignore-end --> | ||||||
|  |  | ||||||
|  | - Update PostgreSQL sub-chart dependencies to appVersion 16.x | ||||||
|  | - Update to sub-charts versioning approach: Users are encouraged to pin the version tag of the sub-chart dependencies to a major appVersion. | ||||||
|  |   This avoids issues during chart upgrades and allows to incorporate new sub-chart versions as they are released. | ||||||
|  |   Please see the new [README section describing the versioning approach for sub-chart versions](#dependency-versioning). | ||||||
|  |  | ||||||
|  | </details> | ||||||
|  |  | ||||||
|  | <details> | ||||||
|  |  | ||||||
|  | <summary>To 9.6.0</summary> | ||||||
|  |  | ||||||
|  | Chart 9.6.0 ships with Gitea 1.21.0. | ||||||
|  | While there are no breaking changes in the chart, please check the changes of the [1.21 release blog post](https://blog.gitea.com/release-of-1.21.0/). | ||||||
|  |  | ||||||
|  | </details> | ||||||
|  |  | ||||||
|  | <details> | ||||||
|  |  | ||||||
| <summary>To 9.0.0</summary> | <summary>To 9.0.0</summary> | ||||||
|  |  | ||||||
| This chart release comes with many breaking changes while aiming for a HA-ready setup. | This chart release comes with many breaking changes while aiming for a HA-ready setup. | ||||||
| @@ -988,25 +1362,37 @@ The first item here (`<memcache service name>`) will be different compared to th | |||||||
| The above changes are motivated by the idea to tidy dependencies but also have HA-ready ones at the same time. | The above changes are motivated by the idea to tidy dependencies but also have HA-ready ones at the same time. | ||||||
| The previous `memcache` default was not HA-ready, hence we decided to switch to `redis-cluster` by default. | The previous `memcache` default was not HA-ready, hence we decided to switch to `redis-cluster` by default. | ||||||
|  |  | ||||||
| If you are coming from an existing deployment and [#356](https://gitea.com/gitea/helm-chart/issues/356) is still open, you need to set the config sections for `cache`, `session` and `queue` explicitly: | If you are coming from an existing deployment and [#356](https://gitea.com/gitea/helm-gitea/issues/356) is still open, you need to set the config sections for `cache`, `session` and `queue` explicitly: | ||||||
|  |  | ||||||
| ```yaml | ```yaml | ||||||
|  | gitea: | ||||||
|  |   config: | ||||||
|     session: |     session: | ||||||
|       PROVIDER: redis-cluster |       PROVIDER: redis-cluster | ||||||
|       PROVIDER_CONFIG: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& |       PROVIDER_CONFIG: redis+cluster://:gitea@gitea-valkey-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||||
|  |  | ||||||
|     cache: |     cache: | ||||||
|       ENABLED: true |       ENABLED: true | ||||||
|       ADAPTER: redis-cluster |       ADAPTER: redis-cluster | ||||||
|       HOST: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& |       HOST: redis+cluster://:gitea@gitea-valkey-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||||
|  |  | ||||||
|     queue: |     queue: | ||||||
|       TYPE: redis |       TYPE: redis | ||||||
|       CONN_STR: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& |       CONN_STR: redis+cluster://:gitea@gitea-valkey-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  | <!-- prettier-ignore-start --> | ||||||
|  | <!-- markdownlint-disable-next-line --> | ||||||
|  | **Switch to rootless image by default** | ||||||
|  | <!-- prettier-ignore-end --> | ||||||
|  |  | ||||||
|  | If you are facing errors like `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED` due to this automatic transition: | ||||||
|  | Have a look at [this discussion](https://gitea.com/gitea/helm-gitea/issues/487#issue-220660) and either set `image.rootless: false` or manually update your `~/.ssh/known_hosts` file(s). | ||||||
|  |  | ||||||
|  | <!-- prettier-ignore-start --> | ||||||
| <!-- markdownlint-disable-next-line --> | <!-- markdownlint-disable-next-line --> | ||||||
| **Transitioning from a RWO to RWX Persistent Volume** | **Transitioning from a RWO to RWX Persistent Volume** | ||||||
|  | <!-- prettier-ignore-end --> | ||||||
|  |  | ||||||
| If you want to switch to a RWX volume and go for HA, you need to | If you want to switch to a RWX volume and go for HA, you need to | ||||||
|  |  | ||||||
| @@ -1014,8 +1400,10 @@ If you want to switch to a RWX volume and go for HA, you need to | |||||||
| 2. Let the chart create a new RWX PV (or do it statically yourself) | 2. Let the chart create a new RWX PV (or do it statically yourself) | ||||||
| 3. Restore the backup to the same location in the new PV | 3. Restore the backup to the same location in the new PV | ||||||
|  |  | ||||||
|  | <!-- prettier-ignore-start --> | ||||||
| <!-- markdownlint-disable-next-line --> | <!-- markdownlint-disable-next-line --> | ||||||
| **Transitioning from Postgres to Postgres HA** | **Transitioning from Postgres to Postgres HA** | ||||||
|  | <!-- prettier-ignore-end --> | ||||||
|  |  | ||||||
| If you are running with a non-HA PG DB from a previous chart release, you need to set | If you are running with a non-HA PG DB from a previous chart release, you need to set | ||||||
|  |  | ||||||
| @@ -1024,8 +1412,10 @@ If you are running with a non-HA PG DB from a previous chart release, you need t | |||||||
|  |  | ||||||
| This is needed to stay with your existing single-instance DB (as the HA-variant is the new default). | This is needed to stay with your existing single-instance DB (as the HA-variant is the new default). | ||||||
|  |  | ||||||
|  | <!-- prettier-ignore-start --> | ||||||
| <!-- markdownlint-disable-next-line --> | <!-- markdownlint-disable-next-line --> | ||||||
| **Change of env-to-ini prefix** | **Change of env-to-ini prefix** | ||||||
|  | <!-- prettier-ignore-end --> | ||||||
|  |  | ||||||
| Before this release, the env-to-ini prefix was `ENV_TO_INI__`. | Before this release, the env-to-ini prefix was `ENV_TO_INI__`. | ||||||
| This allowed a clear distinction between user-provided and chart-provided env-to-ini variables. | This allowed a clear distinction between user-provided and chart-provided env-to-ini variables. | ||||||
| @@ -1053,7 +1443,7 @@ With respect to `values.yaml`, parameters `username`, `database` and `password` | |||||||
| Please adjust your `values.yaml` accordingly. | Please adjust your `values.yaml` accordingly. | ||||||
|  |  | ||||||
| **Attention**: The Postgres upgrade is not automatically handled by the chart and must be done by yourself. | **Attention**: The Postgres upgrade is not automatically handled by the chart and must be done by yourself. | ||||||
| See [this comment](https://gitea.com/gitea/helm-chart/issues/452#issuecomment-740885) for an extensive walkthrough. | See [this comment](https://gitea.com/gitea/helm-gitea/issues/452#issuecomment-740885) for an extensive walkthrough. | ||||||
| We again highly encourage users to use an external (managed) database for production instances. | We again highly encourage users to use an external (managed) database for production instances. | ||||||
|  |  | ||||||
| </details> | </details> | ||||||
|   | |||||||
| @@ -1,7 +1,5 @@ | |||||||
| # High Availability | # High Availability | ||||||
|  |  | ||||||
| ⚠️ **EXPERIMENTAL** ⚠️ |  | ||||||
|  |  | ||||||
| All components (in-memory DB, volume/asset storage, code indexer) used by Gitea must be deployed in a HA-ready fashion to achieve a full HA-ready Gitea deployment. | All components (in-memory DB, volume/asset storage, code indexer) used by Gitea must be deployed in a HA-ready fashion to achieve a full HA-ready Gitea deployment. | ||||||
| The following document explains how to achieve this for all individual components. | The following document explains how to achieve this for all individual components. | ||||||
|  |  | ||||||
| @@ -27,7 +25,7 @@ In addition, the following components are required for full HA-readiness: | |||||||
|  |  | ||||||
| - A HA-ready issue (and optionally code) indexer: `elasticsearch` or `meilisearch` | - A HA-ready issue (and optionally code) indexer: `elasticsearch` or `meilisearch` | ||||||
| - A HA-ready external object/asset storage (`minio`) (optional, assets can also be stored on the RWX file-system) | - A HA-ready external object/asset storage (`minio`) (optional, assets can also be stored on the RWX file-system) | ||||||
| - A HA-ready cache (`redis-cluster`) | - A HA-ready cache (`valkey-cluster`) | ||||||
| - A HA-ready DB | - A HA-ready DB | ||||||
|  |  | ||||||
| `postgres.enabled`, which default to `true`, must be set to `false` for a HA setup. | `postgres.enabled`, which default to `true`, must be set to `false` for a HA setup. | ||||||
| @@ -74,28 +72,33 @@ persistence: | |||||||
|  |  | ||||||
| ## Cache, session and queue | ## Cache, session and queue | ||||||
|  |  | ||||||
| A `redis` instance is required for the in-memory cache. | A `valkey` instance is required for the in-memory cache. | ||||||
| Two options exist: | Two options exist: | ||||||
|  |  | ||||||
| - `redis` | - `valkey` | ||||||
| - `redis-cluster` | - `valkey-cluster` | ||||||
|  |  | ||||||
| The chart provides `redis-cluster` as a dependency as this one can be used for both HA and non-HA setups. | The chart provides `valkey-cluster` as a dependency as this one can be used for both HA and non-HA setups. | ||||||
| You're also welcome to go with `redis` if you prefer or already have a running instance. | You're also welcome to go with `valkey` if you prefer or already have a running instance. | ||||||
|  |  | ||||||
| It should be noted that `redis-cluster` support is only available starting with Gitea 1.19.2. | It should be noted that `valkey-cluster` support is only available starting with Gitea 1.19.2. | ||||||
| You can also configure an external (managed) `redis` instance to be used. | You can also configure an external (managed) `valkey` instance to be used. | ||||||
| To do so, you need to set the following configuration values yourself: | To do so, you need to set the following configuration values yourself: | ||||||
|  |  | ||||||
| - `gitea.config.queue.TYPE`: redis` | - `gitea.config.queue.TYPE`: valkey` | ||||||
| - `gitea.config.queue.CONN_STR`: `<your redis connection string>` | - `gitea.config.queue.CONN_STR`: `<your valkey connection string>` | ||||||
|  |  | ||||||
| - `gitea.config.session.PROVIDER`: `redis` | - `gitea.config.session.PROVIDER`: `valkey` | ||||||
| - `gitea.config.session.PROVIDER_CONFIG`: `<your redis connection string>` | - `gitea.config.session.PROVIDER_CONFIG`: `<your valkey connection string>` | ||||||
|  |  | ||||||
| - `gitea.config.cache.ENABLED`: `true` | - `gitea.config.cache.ENABLED`: `true` | ||||||
| - `gitea.config.cache.ADAPTER`: `redis` | - `gitea.config.cache.ADAPTER`: `valkey` | ||||||
| - `gitea.config.cache.HOST`: `<your redis connection string>` | - `gitea.config.cache.HOST`: `<your valkey connection string>` | ||||||
|  |  | ||||||
|  | By default, the `valkey-cluster` chart provisions three standalone master nodes of which each has a single replica. | ||||||
|  | To reduce the number of pods for a default Gitea deployment, we opted to omit the replicas (`replicas: 0`) by default. | ||||||
|  | Only the minimum required number of master pods for a functional `valkey-cluster` deployment are provisioned. | ||||||
|  | For a "proper" `valkey-cluster` setup however, we recommend to set `replicas: 1` and `nodes: 6`. | ||||||
|  |  | ||||||
| ## Object and asset storage | ## Object and asset storage | ||||||
|  |  | ||||||
|   | |||||||
							
								
								
									
										1257
									
								
								package-lock.json
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										1257
									
								
								package-lock.json
									
									
									
										generated
									
									
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							| @@ -1,6 +1,6 @@ | |||||||
| { | { | ||||||
|   "name": "gitea-helm-chart", |   "name": "gitea-helm", | ||||||
|   "homepage": "https://gitea.com/gitea/helm-chart.git", |   "homepage": "https://gitea.com/gitea/helm-gitea.git", | ||||||
|   "license": "MIT", |   "license": "MIT", | ||||||
|   "private": true, |   "private": true, | ||||||
|   "engineStrict": true, |   "engineStrict": true, | ||||||
| @@ -14,6 +14,6 @@ | |||||||
|   }, |   }, | ||||||
|   "devDependencies": { |   "devDependencies": { | ||||||
|     "@bitnami/readme-generator-for-helm": "^2.5.0", |     "@bitnami/readme-generator-for-helm": "^2.5.0", | ||||||
|     "markdownlint-cli": "^0.34.0" |     "markdownlint-cli": "^0.45.0" | ||||||
|   } |   } | ||||||
| } | } | ||||||
							
								
								
									
										132
									
								
								renovate.json5
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										132
									
								
								renovate.json5
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,132 @@ | |||||||
|  | { | ||||||
|  |   $schema: 'https://docs.renovatebot.com/renovate-schema.json', | ||||||
|  |   extends: [ | ||||||
|  |     'gitea>gitea/renovate-config', | ||||||
|  |     ':automergeMinor', | ||||||
|  |     'schedule:automergeDaily', | ||||||
|  |     'schedule:weekends', | ||||||
|  |   ], | ||||||
|  |   labels: [ | ||||||
|  |     'kind/dependency', | ||||||
|  |   ], | ||||||
|  |   digest: { | ||||||
|  |     automerge: true, | ||||||
|  |   }, | ||||||
|  |   automergeStrategy: 'squash', | ||||||
|  |   'git-submodules': { | ||||||
|  |     enabled: true, | ||||||
|  |   }, | ||||||
|  |   customManagers: [ | ||||||
|  |     { | ||||||
|  |       description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions', | ||||||
|  |       customType: 'regex', | ||||||
|  |       managerFilePatterns: [ | ||||||
|  |         '/.gitea/workflows/.+\\.ya?ml$/', | ||||||
|  |       ], | ||||||
|  |       matchStrings: [ | ||||||
|  |         '# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?<currentValue>.+?)["\']?\\s', | ||||||
|  |       ], | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       description: 'Detect helm-unittest yaml schema file', | ||||||
|  |       customType: 'regex', | ||||||
|  |       managerFilePatterns: [ | ||||||
|  |         '/.vscode/settings\\.json$/', | ||||||
|  |       ], | ||||||
|  |       matchStrings: [ | ||||||
|  |         'https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json', | ||||||
|  |       ], | ||||||
|  |       datasourceTemplate: 'github-releases', | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       description: 'Automatically detect new Gitea releases', | ||||||
|  |       customType: 'regex', | ||||||
|  |       managerFilePatterns: [ | ||||||
|  |         '/(^|/)Chart\\.yaml$/', | ||||||
|  |       ], | ||||||
|  |       matchStrings: [ | ||||||
|  |         '# renovate datasource=(?<datasource>\\S+) depName=(?<depName>\\S+) extractVersion=(?<extractVersion>\\S+)\\nappVersion:\\s?(?<currentValue>\\S+)\\n', | ||||||
|  |       ], | ||||||
|  |     }, | ||||||
|  |   ], | ||||||
|  |   lockFileMaintenance: { | ||||||
|  |     "enabled": true, | ||||||
|  |     "commitMessageAction": "update", | ||||||
|  |     "commitMessageTopic": "lockfiles", | ||||||
|  |     schedule: [ | ||||||
|  |       'at any time', | ||||||
|  |     ] | ||||||
|  |   }, | ||||||
|  |   packageRules: [ | ||||||
|  |     { | ||||||
|  |       groupName: 'subcharts (minor & patch)', | ||||||
|  |       matchManagers: [ | ||||||
|  |         'helmv3', | ||||||
|  |       ], | ||||||
|  |       matchUpdateTypes: [ | ||||||
|  |         'minor', | ||||||
|  |         'patch', | ||||||
|  |         'digest', | ||||||
|  |       ], | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       groupName: 'bats testing framework', | ||||||
|  |       matchManagers: [ | ||||||
|  |         'git-submodules', | ||||||
|  |       ], | ||||||
|  |       matchUpdateTypes: [ | ||||||
|  |         'minor', | ||||||
|  |         'patch', | ||||||
|  |         'digest', | ||||||
|  |       ], | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       groupName: 'workflow dependencies (minor & patch)', | ||||||
|  |       matchManagers: [ | ||||||
|  |         'github-actions', | ||||||
|  |         'npm', | ||||||
|  |         'custom.regex', | ||||||
|  |       ], | ||||||
|  |       matchUpdateTypes: [ | ||||||
|  |         'minor', | ||||||
|  |         'patch', | ||||||
|  |         'digest', | ||||||
|  |       ], | ||||||
|  |       matchFileNames: [ | ||||||
|  |         '!Chart.yaml', | ||||||
|  |       ], | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       description: 'Update README.md on changes in values.yaml', | ||||||
|  |       matchManagers: [ | ||||||
|  |         'helm-values', | ||||||
|  |       ], | ||||||
|  |       postUpgradeTasks: { | ||||||
|  |         commands: [ | ||||||
|  |           'install-tool node', | ||||||
|  |           'make readme', | ||||||
|  |         ], | ||||||
|  |         fileFilters: [ | ||||||
|  |           'README.md', | ||||||
|  |         ], | ||||||
|  |         executionMode: 'update', | ||||||
|  |       }, | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       description: 'Override changelog url for Helm image, to have release notes in our PRs', | ||||||
|  |       matchDepNames: [ | ||||||
|  |         'alpine/helm', | ||||||
|  |       ], | ||||||
|  |       changelogUrl: 'https://github.com/helm/helm', | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       description: 'Bump Gitea as fast as possible - not only on weekends', | ||||||
|  |       matchDepNames: [ | ||||||
|  |         'go-gitea/gitea', | ||||||
|  |       ], | ||||||
|  |       schedule: [ | ||||||
|  |         'at any time', | ||||||
|  |       ], | ||||||
|  |     }, | ||||||
|  |   ], | ||||||
|  | } | ||||||
							
								
								
									
										43
									
								
								scripts/act_runner/token.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										43
									
								
								scripts/act_runner/token.sh
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,43 @@ | |||||||
|  | #!/bin/sh | ||||||
|  |  | ||||||
|  | set -eu | ||||||
|  |  | ||||||
|  | timeout_delay=15 | ||||||
|  |  | ||||||
|  | check_token() { | ||||||
|  |   set +e | ||||||
|  |  | ||||||
|  |   echo "Checking for existing token..." | ||||||
|  |   token="$(kubectl get secret "$SECRET_NAME" -o jsonpath="{.data['token']}" 2> /dev/null)" | ||||||
|  |   [ $? -ne 0 ] && return 1 | ||||||
|  |   [ -z "$token" ] && return 2 | ||||||
|  |   return 0 | ||||||
|  | } | ||||||
|  |  | ||||||
|  | create_token() { | ||||||
|  |   echo "Waiting for new token to be generated..." | ||||||
|  |   begin=$(date +%s) | ||||||
|  |   end=$((begin + timeout_delay)) | ||||||
|  |   while true; do | ||||||
|  |     [ -f /data/actions/token ] && return 0 | ||||||
|  |     [ "$(date +%s)" -gt $end ] && return 1 | ||||||
|  |     sleep 5 | ||||||
|  |   done | ||||||
|  | } | ||||||
|  |  | ||||||
|  | store_token() { | ||||||
|  |   echo "Storing the token in Kubernetes secret..." | ||||||
|  |   kubectl patch secret "$SECRET_NAME" -p "{\"data\":{\"token\":\"$(base64 /data/actions/token | tr -d '\n')\"}}" | ||||||
|  | } | ||||||
|  |  | ||||||
|  | if check_token; then | ||||||
|  |   echo "Key already in place, exiting." | ||||||
|  |   exit | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | if ! create_token; then | ||||||
|  |   echo "Checking for an existing act runner token in secret $SECRET_NAME timed out after $timeout_delay" | ||||||
|  |   exit 1 | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | store_token | ||||||
							
								
								
									
										154
									
								
								scripts/init-containers/config/config_environment.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										154
									
								
								scripts/init-containers/config/config_environment.sh
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,154 @@ | |||||||
|  | #!/usr/bin/env bash | ||||||
|  | set -euo pipefail | ||||||
|  |  | ||||||
|  | function env2ini::log() { | ||||||
|  |   printf "${1}\n" | ||||||
|  | } | ||||||
|  |  | ||||||
|  | function env2ini::read_config_to_env() { | ||||||
|  |   local section="${1}" | ||||||
|  |   local line="${2}" | ||||||
|  |  | ||||||
|  |   if [[ -z "${line}" ]]; then | ||||||
|  |     # skip empty line | ||||||
|  |     return | ||||||
|  |   fi | ||||||
|  |  | ||||||
|  |   # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line | ||||||
|  |   local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)" | ||||||
|  |  | ||||||
|  |   if [[ -z "${setting}" ]]; then | ||||||
|  |     env2ini::log '  ! invalid setting' | ||||||
|  |     exit 1 | ||||||
|  |   fi | ||||||
|  |  | ||||||
|  |   local value='' | ||||||
|  |   local regex="^${setting}(\s*)=(\s*)(.*)" | ||||||
|  |   if [[ $line =~ $regex ]]; then | ||||||
|  |     value="${BASH_REMATCH[3]}" | ||||||
|  |   else | ||||||
|  |     env2ini::log '  ! invalid setting' | ||||||
|  |     exit 1 | ||||||
|  |   fi | ||||||
|  |  | ||||||
|  |   env2ini::log "    + '${setting}'" | ||||||
|  |  | ||||||
|  |   if [[ -z "${section}" ]]; then | ||||||
|  |     export "GITEA____${setting^^}=${value}"                           # '^^' makes the variable content uppercase | ||||||
|  |     return | ||||||
|  |   fi | ||||||
|  |  | ||||||
|  |   local masked_section="${section//./_0X2E_}"                            # '//' instructs to replace all matches | ||||||
|  |   masked_section="${masked_section//-/_0X2D_}" | ||||||
|  |  | ||||||
|  |   export "GITEA__${masked_section^^}__${setting^^}=${value}"        # '^^' makes the variable content uppercase | ||||||
|  | } | ||||||
|  |  | ||||||
|  | function env2ini::reload_preset_envs() { | ||||||
|  |   env2ini::log "Reloading preset envs..." | ||||||
|  |  | ||||||
|  |   while read -r line; do | ||||||
|  |     if [[ -z "${line}" ]]; then | ||||||
|  |       # skip empty line | ||||||
|  |       return | ||||||
|  |     fi | ||||||
|  |  | ||||||
|  |     # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line | ||||||
|  |     local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)" | ||||||
|  |  | ||||||
|  |     if [[ -z "${setting}" ]]; then | ||||||
|  |       env2ini::log '  ! invalid setting' | ||||||
|  |       exit 1 | ||||||
|  |     fi | ||||||
|  |  | ||||||
|  |     local value='' | ||||||
|  |     local regex="^${setting}(\s*)=(\s*)(.*)" | ||||||
|  |     if [[ $line =~ $regex ]]; then | ||||||
|  |       value="${BASH_REMATCH[3]}" | ||||||
|  |     else | ||||||
|  |       env2ini::log '  ! invalid setting' | ||||||
|  |       exit 1 | ||||||
|  |     fi | ||||||
|  |  | ||||||
|  |     env2ini::log "  + '${setting}'" | ||||||
|  |  | ||||||
|  |     export "${setting^^}=${value}"                           # '^^' makes the variable content uppercase | ||||||
|  |   done < "$TMP_EXISTING_ENVS_FILE" | ||||||
|  |  | ||||||
|  |   rm $TMP_EXISTING_ENVS_FILE | ||||||
|  | } | ||||||
|  |  | ||||||
|  |  | ||||||
|  | function env2ini::process_config_file() { | ||||||
|  |   local config_file="${1}" | ||||||
|  |   local section="$(basename "${config_file}")" | ||||||
|  |  | ||||||
|  |   if [[ $section == '_generals_' ]]; then | ||||||
|  |     env2ini::log "  [ini root]" | ||||||
|  |     section='' | ||||||
|  |   else | ||||||
|  |     env2ini::log "  ${section}" | ||||||
|  |   fi | ||||||
|  |  | ||||||
|  |   while read -r line; do | ||||||
|  |     env2ini::read_config_to_env "${section}" "${line}" | ||||||
|  |   done < <(awk 1 "${config_file}")                             # Helm .toYaml trims the trailing new line which breaks line processing; awk 1 ... adds it back while reading | ||||||
|  | } | ||||||
|  |  | ||||||
|  | function env2ini::load_config_sources() { | ||||||
|  |   local path="${1}" | ||||||
|  |  | ||||||
|  |   if [[ -d "${path}" ]]; then | ||||||
|  |     env2ini::log "Processing $(basename "${path}")..." | ||||||
|  |  | ||||||
|  |     while read -d '' configFile; do | ||||||
|  |       env2ini::process_config_file "${configFile}" | ||||||
|  |     done < <(find "${path}" -type l -not -name '..data' -print0) | ||||||
|  |  | ||||||
|  |     env2ini::log "\n" | ||||||
|  |   fi | ||||||
|  | } | ||||||
|  |  | ||||||
|  | function env2ini::generate_initial_secrets() { | ||||||
|  |   # These environment variables will either be | ||||||
|  |   #   - overwritten with user defined values, | ||||||
|  |   #   - initially used to set up Gitea | ||||||
|  |   # Anyway, they won't harm existing app.ini files | ||||||
|  |  | ||||||
|  |   export GITEA__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN) | ||||||
|  |   export GITEA__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY) | ||||||
|  |   export GITEA__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET) | ||||||
|  |   export GITEA__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET) | ||||||
|  |  | ||||||
|  |   env2ini::log "...Initial secrets generated\n" | ||||||
|  | } | ||||||
|  |  | ||||||
|  | # save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs | ||||||
|  | env | (grep -e '^GITEA__' || [[ $? == 1 ]]) > $TMP_EXISTING_ENVS_FILE | ||||||
|  |  | ||||||
|  | # MUST BE CALLED BEFORE OTHER CONFIGURATION | ||||||
|  | env2ini::generate_initial_secrets | ||||||
|  |  | ||||||
|  | env2ini::load_config_sources "$ENV_TO_INI_MOUNT_POINT/inlines/" | ||||||
|  | env2ini::load_config_sources "$ENV_TO_INI_MOUNT_POINT/additionals/" | ||||||
|  |  | ||||||
|  | # load existing envs to override auto generated envs | ||||||
|  | env2ini::reload_preset_envs | ||||||
|  |  | ||||||
|  | env2ini::log "=== All configuration sources loaded ===\n" | ||||||
|  |  | ||||||
|  | # safety to prevent rewrite of secret keys if an app.ini already exists | ||||||
|  | if [ -f ${GITEA_APP_INI} ]; then | ||||||
|  |   env2ini::log 'An app.ini file already exists. To prevent overwriting secret keys, these settings are dropped and remain unchanged:' | ||||||
|  |   env2ini::log '  - security.INTERNAL_TOKEN' | ||||||
|  |   env2ini::log '  - security.SECRET_KEY' | ||||||
|  |   env2ini::log '  - oauth2.JWT_SECRET' | ||||||
|  |   env2ini::log '  - server.LFS_JWT_SECRET' | ||||||
|  |  | ||||||
|  |   unset GITEA__SECURITY__INTERNAL_TOKEN | ||||||
|  |   unset GITEA__SECURITY__SECRET_KEY | ||||||
|  |   unset GITEA__OAUTH2__JWT_SECRET | ||||||
|  |   unset GITEA__SERVER__LFS_JWT_SECRET | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | environment-to-ini -o $GITEA_APP_INI | ||||||
							
								
								
									
										4
									
								
								scripts/init-containers/init/configure_gpg_environment.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										4
									
								
								scripts/init-containers/init/configure_gpg_environment.sh
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,4 @@ | |||||||
|  | #!/usr/bin/env bash | ||||||
|  | set -eu | ||||||
|  |  | ||||||
|  | gpg --batch --import "$TMP_RAW_GPG_KEY" | ||||||
| @@ -18,3 +18,19 @@ | |||||||
|   echo "Visit http://127.0.0.1:{{ .Values.service.http.port }} to use your application" |   echo "Visit http://127.0.0.1:{{ .Values.service.http.port }} to use your application" | ||||||
|   kubectl --namespace {{ .Release.Namespace }} port-forward svc/{{ .Release.Name }}-http {{ .Values.service.http.port }}:{{ .Values.service.http.port }} |   kubectl --namespace {{ .Release.Namespace }} port-forward svc/{{ .Release.Name }}-http {{ .Values.service.http.port }}:{{ .Values.service.http.port }} | ||||||
| {{- end }} | {{- end }} | ||||||
|  | {{- $warnings := list -}} | ||||||
|  | {{- if eq (get .Values.gitea.config.cache "ADAPTER") "memory" -}} | ||||||
|  |   {{- $warnings = append $warnings "Gitea uses 'memory' for caching which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#cache-cache for available options." -}} | ||||||
|  | {{- end }} | ||||||
|  | {{- if eq (get .Values.gitea.config.queue "TYPE") "level" -}} | ||||||
|  |   {{- $warnings = append $warnings "Gitea uses 'leveldb' for queue actions which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#queue-queue-and-queue for available options." -}} | ||||||
|  | {{- end }} | ||||||
|  | {{- if eq (get .Values.gitea.config.session "PROVIDER") "memory" -}} | ||||||
|  |   {{- $warnings = append $warnings "Gitea uses 'memory' for sessions which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#session-session for available options." -}} | ||||||
|  | {{- end }} | ||||||
|  | {{- if gt (len $warnings) 0 }} | ||||||
|  | 2. Review these warnings: | ||||||
|  | {{- range $warnings }} | ||||||
|  |   - {{ . }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|   | |||||||
| @@ -3,26 +3,6 @@ | |||||||
| Expand the name of the chart. | Expand the name of the chart. | ||||||
| */}} | */}} | ||||||
|  |  | ||||||
| {{- /* multiple replicas assertions */ -}} |  | ||||||
| {{- if gt .Values.replicaCount 1.0 -}} |  | ||||||
|   {{- fail "When using multiple replicas, a RWX file system is required" -}} |  | ||||||
|   {{- if eq (get (.Values.persistence.accessModes 0) "ReadWriteOnce") -}} |  | ||||||
|     {{- fail "When using multiple replicas, a RWX file system is required" -}} |  | ||||||
|   {{- end }} |  | ||||||
|    |  | ||||||
|   {{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}} |  | ||||||
|     {{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}} |  | ||||||
|   {{- end }} |  | ||||||
|    |  | ||||||
|   {{- if and (eq .Values.gitea.config.indexer.REPO_INDEXER_TYPE "bleve") (eq .Values.gitea.config.indexer.REPO_INDEXER_ENABLED "true") -}} |  | ||||||
|     {{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}} |  | ||||||
|   {{- end }} |  | ||||||
|    |  | ||||||
|   {{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}} |  | ||||||
|     {{- (printf "DEBUG: When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'") | fail -}} |  | ||||||
|   {{- end }} |  | ||||||
| {{- end }} |  | ||||||
|  |  | ||||||
| {{- define "gitea.name" -}} | {{- define "gitea.name" -}} | ||||||
| {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
| @@ -45,6 +25,13 @@ If release name contains chart name it will be used as a full name. | |||||||
| {{- end -}} | {{- end -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
|  |  | ||||||
|  | {{/* | ||||||
|  | Create a default worker name. | ||||||
|  | */}} | ||||||
|  | {{- define "gitea.workername" -}} | ||||||
|  | {{- printf "%s-%s" .global.Release.Name .worker | trunc 63 | trimSuffix "-" -}} | ||||||
|  | {{- end -}} | ||||||
|  |  | ||||||
| {{/* | {{/* | ||||||
| Create chart name and version as used by the chart label. | Create chart name and version as used by the chart label. | ||||||
| */}} | */}} | ||||||
| @@ -56,14 +43,22 @@ Create chart name and version as used by the chart label. | |||||||
| Create image name and tag used by the deployment. | Create image name and tag used by the deployment. | ||||||
| */}} | */}} | ||||||
| {{- define "gitea.image" -}} | {{- define "gitea.image" -}} | ||||||
|  | {{- $fullOverride := .Values.image.fullOverride | default "" -}} | ||||||
| {{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}} | {{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}} | ||||||
| {{- $name := .Values.image.repository -}} | {{- $repository := .Values.image.repository -}} | ||||||
| {{- $tag := .Values.image.tag | default .Chart.AppVersion -}} | {{- $separator := ":" -}} | ||||||
|  | {{- $tag := .Values.image.tag | default .Chart.AppVersion | toString -}} | ||||||
| {{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}} | {{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}} | ||||||
| {{- if $registry -}} | {{- $digest := "" -}} | ||||||
|   {{- printf "%s/%s:%s%s" $registry $name $tag $rootless -}} | {{- if .Values.image.digest }} | ||||||
|  |     {{- $digest = (printf "@%s" (.Values.image.digest | toString)) -}} | ||||||
|  | {{- end -}} | ||||||
|  | {{- if $fullOverride }} | ||||||
|  |     {{- printf "%s" $fullOverride -}} | ||||||
|  | {{- else if $registry }} | ||||||
|  |     {{- printf "%s/%s%s%s%s%s" $registry $repository $separator $tag $rootless $digest -}} | ||||||
| {{- else -}} | {{- else -}} | ||||||
|   {{- printf "%s:%s%s" $name $tag $rootless -}} |     {{- printf "%s%s%s%s%s" $repository $separator $tag $rootless $digest -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
|  |  | ||||||
| @@ -86,7 +81,7 @@ imagePullSecrets: | |||||||
| Storage Class | Storage Class | ||||||
| */}} | */}} | ||||||
| {{- define "gitea.persistence.storageClass" -}} | {{- define "gitea.persistence.storageClass" -}} | ||||||
| {{- $storageClass := .Values.global.storageClass | default .Values.persistence.storageClass }} | {{- $storageClass :=  (tpl ( default "" .Values.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }} | ||||||
| {{- if $storageClass }} | {{- if $storageClass }} | ||||||
| storageClassName: {{ $storageClass | quote }} | storageClassName: {{ $storageClass | quote }} | ||||||
| {{- end }} | {{- end }} | ||||||
| @@ -104,6 +99,15 @@ version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} | |||||||
| app.kubernetes.io/managed-by: {{ .Release.Service }} | app.kubernetes.io/managed-by: {{ .Release.Service }} | ||||||
| {{- end -}} | {{- end -}} | ||||||
|  |  | ||||||
|  | {{- define "gitea.labels.actRunner" -}} | ||||||
|  | helm.sh/chart: {{ include "gitea.chart" . }} | ||||||
|  | app: {{ include "gitea.name" . }}-act-runner | ||||||
|  | {{ include "gitea.selectorLabels.actRunner" . }} | ||||||
|  | app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} | ||||||
|  | version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} | ||||||
|  | app.kubernetes.io/managed-by: {{ .Release.Service }} | ||||||
|  | {{- end -}} | ||||||
|  |  | ||||||
| {{/* | {{/* | ||||||
| Selector labels | Selector labels | ||||||
| */}} | */}} | ||||||
| @@ -112,9 +116,14 @@ app.kubernetes.io/name: {{ include "gitea.name" . }} | |||||||
| app.kubernetes.io/instance: {{ .Release.Name }} | app.kubernetes.io/instance: {{ .Release.Name }} | ||||||
| {{- end -}} | {{- end -}} | ||||||
|  |  | ||||||
|  | {{- define "gitea.selectorLabels.actRunner" -}} | ||||||
|  | app.kubernetes.io/name: {{ include "gitea.name" . }}-act-runner | ||||||
|  | app.kubernetes.io/instance: {{ .Release.Name }} | ||||||
|  | {{- end -}} | ||||||
|  |  | ||||||
| {{- define "postgresql-ha.dns" -}} | {{- define "postgresql-ha.dns" -}} | ||||||
| {{- if (index .Values "postgresql-ha").enabled -}} | {{- if (index .Values "postgresql-ha").enabled -}} | ||||||
| {{- printf "%s-postgresql-ha-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}} | {{- printf "%s-postgresql-ha-pgpool.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
|  |  | ||||||
| @@ -124,26 +133,34 @@ app.kubernetes.io/instance: {{ .Release.Name }} | |||||||
| {{- end -}} | {{- end -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
|  |  | ||||||
| {{- define "redis.dns" -}} | {{- define "valkey.dns" -}} | ||||||
| {{- if (index .Values "redis-cluster").enabled -}} | {{- if and ((index .Values "valkey-cluster").enabled) ((index .Values "valkey").enabled) -}} | ||||||
| {{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}} | {{- fail "valkey and valkey-cluster cannot be enabled at the same time. Please only choose one." -}} | ||||||
|  | {{- else if (index .Values "valkey-cluster").enabled -}} | ||||||
|  | {{- printf "redis+cluster://:%s@%s-valkey-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "valkey-cluster").global.valkey.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "valkey-cluster").service.ports.valkey -}} | ||||||
|  | {{- else if (index .Values "valkey").enabled -}} | ||||||
|  | {{- printf "redis://:%s@%s-valkey-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "valkey").global.valkey.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "valkey").master.service.ports.valkey -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
|  |  | ||||||
| {{- define "redis.port" -}} | {{- define "valkey.port" -}} | ||||||
| {{- if (index .Values "redis-cluster").enabled -}} | {{- if (index .Values "valkey-cluster").enabled -}} | ||||||
| {{ (index .Values "redis-cluster").service.ports.redis }} | {{ (index .Values "valkey-cluster").service.ports.valkey }} | ||||||
|  | {{- else if (index .Values "valkey").enabled -}} | ||||||
|  | {{ (index .Values "valkey").master.service.ports.valkey }} | ||||||
| {{- end -}} | {{- end -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
|  |  | ||||||
| {{- define "redis.servicename" -}} | {{- define "valkey.servicename" -}} | ||||||
| {{- if (index .Values "redis-cluster").enabled -}} | {{- if (index .Values "valkey-cluster").enabled -}} | ||||||
| {{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} | {{- printf "%s-valkey-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} | ||||||
|  | {{- else if (index .Values "valkey").enabled -}} | ||||||
|  | {{- printf "%s-valkey-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
|  |  | ||||||
| {{- define "gitea.default_domain" -}} | {{- define "gitea.default_domain" -}} | ||||||
| {{- printf "%s-gitea.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain | trunc 63 | trimSuffix "-" -}} | {{- printf "%s-http.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
|  |  | ||||||
| {{- define "gitea.ldap_settings" -}} | {{- define "gitea.ldap_settings" -}} | ||||||
| @@ -267,6 +284,9 @@ https | |||||||
|   {{- if not (hasKey .Values.gitea.config "indexer") -}} |   {{- if not (hasKey .Values.gitea.config "indexer") -}} | ||||||
|     {{- $_ := set .Values.gitea.config "indexer" dict -}} |     {{- $_ := set .Values.gitea.config "indexer" dict -}} | ||||||
|   {{- end -}} |   {{- end -}} | ||||||
|  |   {{- if not (hasKey .Values.gitea.config "actions") -}} | ||||||
|  |     {{- $_ := set .Values.gitea.config "actions" dict -}} | ||||||
|  |   {{- end -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
|  |  | ||||||
| {{- define "gitea.inline_configuration.defaults" -}} | {{- define "gitea.inline_configuration.defaults" -}} | ||||||
| @@ -282,23 +302,36 @@ https | |||||||
|   {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}} |   {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}} | ||||||
|     {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} |     {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} | ||||||
|   {{- end -}} |   {{- end -}} | ||||||
|   {{- if (index .Values "redis-cluster").enabled -}} |   {{- if and (not (hasKey .Values.gitea.config.metrics "TOKEN")) (.Values.gitea.metrics.token) (.Values.gitea.metrics.enabled) -}} | ||||||
|     {{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}} |     {{- $_ := set .Values.gitea.config.metrics "TOKEN" .Values.gitea.metrics.token -}} | ||||||
|     {{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}} |  | ||||||
|     {{- if not (.Values.gitea.config.cache.HOST) -}} |  | ||||||
|       {{- $_ := set .Values.gitea.config.cache "HOST" (include "redis.dns" .) -}} |  | ||||||
|   {{- end -}} |   {{- end -}} | ||||||
|   {{- end -}} |   {{- /* valkey queue */ -}} | ||||||
|   {{- /* redis queue */ -}} |   {{- if or ((index .Values "valkey-cluster").enabled) ((index .Values "valkey").enabled) -}} | ||||||
|   {{- if (index .Values "redis-cluster").enabled -}} |  | ||||||
|     {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}} |     {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}} | ||||||
|     {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}} |     {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "valkey.dns" .) -}} | ||||||
|   {{- end -}} |  | ||||||
|   {{- if not (get .Values.gitea.config.session "PROVIDER") -}} |  | ||||||
|     {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}} |     {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}} | ||||||
|  |     {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "valkey.dns" .) -}} | ||||||
|  |     {{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}} | ||||||
|  |     {{- $_ := set .Values.gitea.config.cache "HOST" (include "valkey.dns" .) -}} | ||||||
|  |   {{- else -}} | ||||||
|  |     {{- if not (get .Values.gitea.config.session "PROVIDER") -}} | ||||||
|  |       {{- $_ := set .Values.gitea.config.session "PROVIDER" "memory" -}} | ||||||
|     {{- end -}} |     {{- end -}} | ||||||
|     {{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}} |     {{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}} | ||||||
|     {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "redis.dns" .) -}} |       {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" "" -}} | ||||||
|  |     {{- end -}} | ||||||
|  |     {{- if not (get .Values.gitea.config.queue "TYPE") -}} | ||||||
|  |       {{- $_ := set .Values.gitea.config.queue "TYPE" "level" -}} | ||||||
|  |     {{- end -}} | ||||||
|  |     {{- if not (get .Values.gitea.config.queue "CONN_STR") -}} | ||||||
|  |       {{- $_ := set .Values.gitea.config.queue "CONN_STR" "" -}} | ||||||
|  |     {{- end -}} | ||||||
|  |     {{- if not (get .Values.gitea.config.cache "ADAPTER") -}} | ||||||
|  |       {{- $_ := set .Values.gitea.config.cache "ADAPTER" "memory" -}} | ||||||
|  |     {{- end -}} | ||||||
|  |     {{- if not (get .Values.gitea.config.cache "HOST") -}} | ||||||
|  |       {{- $_ := set .Values.gitea.config.cache "HOST" "" -}} | ||||||
|  |     {{- end -}} | ||||||
|   {{- end -}} |   {{- end -}} | ||||||
|   {{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}} |   {{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}} | ||||||
|      {{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}} |      {{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}} | ||||||
| @@ -314,7 +347,7 @@ https | |||||||
|   {{- end -}} |   {{- end -}} | ||||||
|   {{- if not (.Values.gitea.config.server.DOMAIN) -}} |   {{- if not (.Values.gitea.config.server.DOMAIN) -}} | ||||||
|     {{- if gt (len .Values.ingress.hosts) 0 -}} |     {{- if gt (len .Values.ingress.hosts) 0 -}} | ||||||
|       {{- $_ := set .Values.gitea.config.server "DOMAIN" (index .Values.ingress.hosts 0).host -}} |       {{- $_ := set .Values.gitea.config.server "DOMAIN" ( tpl (index .Values.ingress.hosts 0).host $) -}} | ||||||
|     {{- else -}} |     {{- else -}} | ||||||
|       {{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.default_domain" .) -}} |       {{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.default_domain" .) -}} | ||||||
|     {{- end -}} |     {{- end -}} | ||||||
| @@ -328,16 +361,18 @@ https | |||||||
|   {{- if not .Values.gitea.config.server.SSH_PORT -}} |   {{- if not .Values.gitea.config.server.SSH_PORT -}} | ||||||
|     {{- $_ := set .Values.gitea.config.server "SSH_PORT" .Values.service.ssh.port -}} |     {{- $_ := set .Values.gitea.config.server "SSH_PORT" .Values.service.ssh.port -}} | ||||||
|   {{- end -}} |   {{- end -}} | ||||||
|   {{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}} |  | ||||||
|     {{- if not .Values.image.rootless -}} |  | ||||||
|       {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}} |  | ||||||
|     {{- else -}} |  | ||||||
|       {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" "2222" -}} |  | ||||||
|     {{- end -}} |  | ||||||
|   {{- end -}} |  | ||||||
|   {{- if not (hasKey .Values.gitea.config.server "START_SSH_SERVER") -}} |   {{- if not (hasKey .Values.gitea.config.server "START_SSH_SERVER") -}} | ||||||
|     {{- if .Values.image.rootless -}} |     {{- if .Values.image.rootless -}} | ||||||
|       {{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "true" -}} |       {{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "true" -}} | ||||||
|  |       {{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}} | ||||||
|  |         {{- if not .Values.gitea.config.server.SSH_LISTEN_PORT -}} | ||||||
|  |           {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}} | ||||||
|  |         {{- else -}} | ||||||
|  |           {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_LISTEN_PORT -}} | ||||||
|  |         {{- end -}} | ||||||
|  |       {{- end -}} | ||||||
|  |     {{- else -}} | ||||||
|  |       {{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "false" -}} | ||||||
|     {{- end -}} |     {{- end -}} | ||||||
|   {{- end -}} |   {{- end -}} | ||||||
|   {{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}} |   {{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}} | ||||||
| @@ -394,3 +429,45 @@ https | |||||||
| {{- define "gitea.serviceAccountName" -}} | {{- define "gitea.serviceAccountName" -}} | ||||||
| {{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }} | {{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }} | ||||||
| {{- end -}} | {{- end -}} | ||||||
|  |  | ||||||
|  | {{- define "ingress.annotations" -}} | ||||||
|  |   {{- if .Values.ingress.annotations }} | ||||||
|  |   annotations: | ||||||
|  |     {{- $tp := typeOf .Values.ingress.annotations }} | ||||||
|  |     {{- if eq $tp "string" }} | ||||||
|  |       {{- tpl .Values.ingress.annotations . | nindent 4 }} | ||||||
|  |     {{- else }} | ||||||
|  |       {{- toYaml .Values.ingress.annotations | nindent 4 }} | ||||||
|  |     {{- end }} | ||||||
|  |   {{- end }} | ||||||
|  | {{- end -}} | ||||||
|  |  | ||||||
|  | {{- define "gitea.admin.passwordMode" -}} | ||||||
|  | {{- if has .Values.gitea.admin.passwordMode (tuple "keepUpdated" "initialOnlyNoReset" "initialOnlyRequireReset") -}} | ||||||
|  | {{ .Values.gitea.admin.passwordMode }} | ||||||
|  | {{- else -}} | ||||||
|  | {{ printf "gitea.admin.passwordMode must be set to one of 'keepUpdated', 'initialOnlyNoReset', or 'initialOnlyRequireReset'. Received: '%s'" .Values.gitea.admin.passwordMode | fail }} | ||||||
|  | {{- end -}} | ||||||
|  | {{- end -}} | ||||||
|  |  | ||||||
|  | {{/* Create a functioning probe object for rendering. Given argument must be either a livenessProbe, readinessProbe, or startupProbe */}} | ||||||
|  | {{- define "gitea.deployment.probe" -}} | ||||||
|  |   {{- $probe := unset . "enabled" -}} | ||||||
|  |   {{- $probeKeys := keys $probe -}} | ||||||
|  |   {{- $containsCustomMethod := false -}} | ||||||
|  |   {{- $chartDefaultMethod := "tcpSocket" -}} | ||||||
|  |   {{- $nonChartDefaultMethods := list "exec" "httpGet" "grpc" -}} | ||||||
|  |   {{- range $probeKeys -}} | ||||||
|  |     {{- if has . $nonChartDefaultMethods -}} | ||||||
|  |       {{- $containsCustomMethod = true -}} | ||||||
|  |     {{- end -}} | ||||||
|  |   {{- end -}} | ||||||
|  |   {{- if $containsCustomMethod -}} | ||||||
|  |     {{- $probe = unset . $chartDefaultMethod -}} | ||||||
|  |   {{- end -}} | ||||||
|  |   {{- toYaml $probe -}} | ||||||
|  | {{- end -}} | ||||||
|  |  | ||||||
|  | {{- define "gitea.metrics-secret-name" -}} | ||||||
|  | {{ default (printf "%s-metrics-secret" (include "gitea.fullname" .)) }} | ||||||
|  | {{- end -}} | ||||||
|   | |||||||
							
								
								
									
										3
									
								
								templates/gitea/check-actions-not-present.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										3
									
								
								templates/gitea/check-actions-not-present.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,3 @@ | |||||||
|  | {{- if .Values.actions -}} | ||||||
|  |     {{- fail "The actions sub-chart has been outsourced to a dedicated chart available at https://gitea.com/gitea/helm-actions. For assistance with the migration process, check https://gitea.com/gitea/helm-actions/issues/9." -}} | ||||||
|  | {{- end -}} | ||||||
| @@ -2,6 +2,7 @@ apiVersion: v1 | |||||||
| kind: Secret | kind: Secret | ||||||
| metadata: | metadata: | ||||||
|   name: {{ include "gitea.fullname" . }}-inline-config |   name: {{ include "gitea.fullname" . }}-inline-config | ||||||
|  |   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||||
|   labels: |   labels: | ||||||
|     {{- include "gitea.labels" . | nindent 4 }} |     {{- include "gitea.labels" . | nindent 4 }} | ||||||
| type: Opaque | type: Opaque | ||||||
| @@ -12,195 +13,45 @@ apiVersion: v1 | |||||||
| kind: Secret | kind: Secret | ||||||
| metadata: | metadata: | ||||||
|   name: {{ include "gitea.fullname" . }} |   name: {{ include "gitea.fullname" . }} | ||||||
|  |   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||||
|   labels: |   labels: | ||||||
|     {{- include "gitea.labels" . | nindent 4 }} |     {{- include "gitea.labels" . | nindent 4 }} | ||||||
| type: Opaque | type: Opaque | ||||||
| stringData: | stringData: | ||||||
|  | {{ (.Files.Glob "scripts/init-containers/config/*.sh").AsConfig | indent 2 }} | ||||||
|   assertions: | |   assertions: | | ||||||
|  |  | ||||||
| {{- /*assert that only one PG dep is enabled */ -}} |     {{- /*assert that only one PG dep is enabled */ -}} | ||||||
| {{- if and (.Values.postgresql.enabled) (index .Values "postgresql-ha" "enabled") -}} |     {{- if and (.Values.postgresql.enabled) (index .Values "postgresql-ha" "enabled") -}} | ||||||
|       {{- fail "Only one of postgresql or postgresql-ha can be enabled at the same time." -}} |       {{- fail "Only one of postgresql or postgresql-ha can be enabled at the same time." -}} | ||||||
| {{- end }} |     {{- end }} | ||||||
|      |      | ||||||
| {{- /* multiple replicas assertions */ -}} |     {{- /* multiple replicas assertions */ -}} | ||||||
| {{- if gt .Values.replicaCount 1.0 -}} |     {{- if gt (.Values.replicaCount | int) 1 -}} | ||||||
|  |       {{- if .Values.gitea.config.cron -}} | ||||||
|         {{- if .Values.gitea.config.cron.GIT_GC_REPOS -}} |         {{- if .Values.gitea.config.cron.GIT_GC_REPOS -}} | ||||||
|     {{- if .Values.gitea.config.cron.GIT_GC_REPOS.enabled -}} |           {{- if eq .Values.gitea.config.cron.GIT_GC_REPOS.ENABLED true -}} | ||||||
|       {{- fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'GIT_GC_REPOS.enabled = false'." -}} |             {{ fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'gitea.config.cron.GIT_GC_REPOS.enabled = false'." }} | ||||||
|  |           {{- end }} | ||||||
|         {{- end }} |         {{- end }} | ||||||
|       {{- end }} |       {{- end }} | ||||||
|      |      | ||||||
|       {{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}} |       {{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}} | ||||||
|     {{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}} |         {{- fail "When using multiple replicas, a RWX file system is required and persistence.accessModes[0] must be set to ReadWriteMany." -}} | ||||||
|       {{- end }} |       {{- end }} | ||||||
|  |       {{- if .Values.gitea.config.indexer -}} | ||||||
|   {{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}} |         {{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}} | ||||||
|           {{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}} |           {{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}} | ||||||
|         {{- end }} |         {{- end }} | ||||||
|         {{- if .Values.gitea.config.indexer.REPO_INDEXER_TYPE -}} |         {{- if .Values.gitea.config.indexer.REPO_INDEXER_TYPE -}} | ||||||
|     {{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_TYPE") "bleve" -}} |           {{- if eq .Values.gitea.config.indexer.REPO_INDEXER_TYPE "bleve" -}} | ||||||
|             {{- if .Values.gitea.config.indexer.REPO_INDEXER_ENABLED -}} |             {{- if .Values.gitea.config.indexer.REPO_INDEXER_ENABLED -}} | ||||||
|         {{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_ENABLED") "true" -}} |               {{- if eq .Values.gitea.config.indexer.REPO_INDEXER_ENABLED true -}} | ||||||
|                 {{- fail "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -}} |                 {{- fail "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -}} | ||||||
|               {{- end }} |               {{- end }} | ||||||
|             {{- end }} |             {{- end }} | ||||||
|           {{- end }} |           {{- end }} | ||||||
|         {{- end }} |         {{- end }} | ||||||
|  |       {{- end }} | ||||||
|        |        | ||||||
| {{- end }} |     {{- end }} | ||||||
|   config_environment.sh: |- |  | ||||||
|     #!/usr/bin/env bash |  | ||||||
|     set -euo pipefail |  | ||||||
|  |  | ||||||
|     function env2ini::log() { |  | ||||||
|       printf "${1}\n" |  | ||||||
|     } |  | ||||||
|  |  | ||||||
|     function env2ini::read_config_to_env() { |  | ||||||
|       local section="${1}" |  | ||||||
|       local line="${2}" |  | ||||||
|  |  | ||||||
|       if [[ -z "${line}" ]]; then |  | ||||||
|         # skip empty line |  | ||||||
|         return |  | ||||||
|       fi |  | ||||||
|        |  | ||||||
|       # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line |  | ||||||
|       local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)" |  | ||||||
|  |  | ||||||
|       if [[ -z "${setting}" ]]; then |  | ||||||
|         env2ini::log '  ! invalid setting' |  | ||||||
|         exit 1 |  | ||||||
|       fi |  | ||||||
|  |  | ||||||
|       local value='' |  | ||||||
|       local regex="^${setting}(\s*)=(\s*)(.*)" |  | ||||||
|       if [[ $line =~ $regex ]]; then |  | ||||||
|         value="${BASH_REMATCH[3]}" |  | ||||||
|       else |  | ||||||
|         env2ini::log '  ! invalid setting' |  | ||||||
|         exit 1 |  | ||||||
|       fi |  | ||||||
|  |  | ||||||
|       env2ini::log "    + '${setting}'" |  | ||||||
|  |  | ||||||
|       if [[ -z "${section}" ]]; then |  | ||||||
|         export "GITEA____${setting^^}=${value}"                           # '^^' makes the variable content uppercase |  | ||||||
|         return |  | ||||||
|       fi |  | ||||||
|  |  | ||||||
|       local masked_section="${section//./_0X2E_}"                            # '//' instructs to replace all matches |  | ||||||
|       masked_section="${masked_section//-/_0X2D_}" |  | ||||||
|  |  | ||||||
|       export "GITEA__${masked_section^^}__${setting^^}=${value}"        # '^^' makes the variable content uppercase |  | ||||||
|     } |  | ||||||
|  |  | ||||||
|     function env2ini::reload_preset_envs() { |  | ||||||
|       env2ini::log "Reloading preset envs..." |  | ||||||
|  |  | ||||||
|       while read -r line; do |  | ||||||
|         if [[ -z "${line}" ]]; then |  | ||||||
|           # skip empty line |  | ||||||
|           return |  | ||||||
|         fi |  | ||||||
|  |  | ||||||
|         # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line |  | ||||||
|         local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)" |  | ||||||
|  |  | ||||||
|         if [[ -z "${setting}" ]]; then |  | ||||||
|           env2ini::log '  ! invalid setting' |  | ||||||
|           exit 1 |  | ||||||
|         fi |  | ||||||
|  |  | ||||||
|         local value='' |  | ||||||
|         local regex="^${setting}(\s*)=(\s*)(.*)" |  | ||||||
|         if [[ $line =~ $regex ]]; then |  | ||||||
|           value="${BASH_REMATCH[3]}" |  | ||||||
|         else |  | ||||||
|           env2ini::log '  ! invalid setting' |  | ||||||
|           exit 1 |  | ||||||
|         fi |  | ||||||
|  |  | ||||||
|         env2ini::log "  + '${setting}'" |  | ||||||
|  |  | ||||||
|         export "${setting^^}=${value}"                           # '^^' makes the variable content uppercase |  | ||||||
|       done < "/tmp/existing-envs" |  | ||||||
|  |  | ||||||
|       rm /tmp/existing-envs |  | ||||||
|     } |  | ||||||
|  |  | ||||||
|  |  | ||||||
|     function env2ini::process_config_file() { |  | ||||||
|       local config_file="${1}" |  | ||||||
|       local section="$(basename "${config_file}")" |  | ||||||
|  |  | ||||||
|       if [[ $section == '_generals_' ]]; then |  | ||||||
|         env2ini::log "  [ini root]" |  | ||||||
|         section='' |  | ||||||
|       else |  | ||||||
|         env2ini::log "  ${section}" |  | ||||||
|       fi |  | ||||||
|  |  | ||||||
|       while read -r line; do |  | ||||||
|         env2ini::read_config_to_env "${section}" "${line}" |  | ||||||
|       done < <(awk 1 "${config_file}")                             # Helm .toYaml trims the trailing new line which breaks line processing; awk 1 ... adds it back while reading |  | ||||||
|     } |  | ||||||
|  |  | ||||||
|     function env2ini::load_config_sources() { |  | ||||||
|       local path="${1}" |  | ||||||
|  |  | ||||||
|       if [[ -d "${path}" ]]; then |  | ||||||
|         env2ini::log "Processing $(basename "${path}")..." |  | ||||||
|  |  | ||||||
|         while read -d '' configFile; do |  | ||||||
|           env2ini::process_config_file "${configFile}" |  | ||||||
|         done < <(find "${path}" -type l -not -name '..data' -print0) |  | ||||||
|  |  | ||||||
|         env2ini::log "\n" |  | ||||||
|       fi |  | ||||||
|     } |  | ||||||
|  |  | ||||||
|     function env2ini::generate_initial_secrets() { |  | ||||||
|       # These environment variables will either be |  | ||||||
|       #   - overwritten with user defined values, |  | ||||||
|       #   - initially used to set up Gitea |  | ||||||
|       # Anyway, they won't harm existing app.ini files |  | ||||||
|  |  | ||||||
|       export GITEA__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN) |  | ||||||
|       export GITEA__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY) |  | ||||||
|       export GITEA__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET) |  | ||||||
|       export GITEA__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET) |  | ||||||
|  |  | ||||||
|       env2ini::log "...Initial secrets generated\n" |  | ||||||
|     } |  | ||||||
|      |  | ||||||
|     # save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs |  | ||||||
|     env | (grep GITEA || [[ $? == 1 ]]) > /tmp/existing-envs |  | ||||||
|      |  | ||||||
|     # MUST BE CALLED BEFORE OTHER CONFIGURATION |  | ||||||
|     env2ini::generate_initial_secrets |  | ||||||
|  |  | ||||||
|     env2ini::load_config_sources '/env-to-ini-mounts/inlines/' |  | ||||||
|     env2ini::load_config_sources '/env-to-ini-mounts/additionals/' |  | ||||||
|  |  | ||||||
|     # load existing envs to override auto generated envs |  | ||||||
|     env2ini::reload_preset_envs |  | ||||||
|  |  | ||||||
|     env2ini::log "=== All configuration sources loaded ===\n" |  | ||||||
|  |  | ||||||
|     # safety to prevent rewrite of secret keys if an app.ini already exists |  | ||||||
|     if [ -f ${GITEA_APP_INI} ]; then |  | ||||||
|       env2ini::log 'An app.ini file already exists. To prevent overwriting secret keys, these settings are dropped and remain unchanged:' |  | ||||||
|       env2ini::log '  - security.INTERNAL_TOKEN' |  | ||||||
|       env2ini::log '  - security.SECRET_KEY' |  | ||||||
|       env2ini::log '  - oauth2.JWT_SECRET' |  | ||||||
|       env2ini::log '  - server.LFS_JWT_SECRET' |  | ||||||
|  |  | ||||||
|       unset GITEA__SECURITY__INTERNAL_TOKEN |  | ||||||
|       unset GITEA__SECURITY__SECRET_KEY |  | ||||||
|       unset GITEA__OAUTH2__JWT_SECRET |  | ||||||
|       unset GITEA__SERVER__LFS_JWT_SECRET |  | ||||||
|     fi |  | ||||||
|  |  | ||||||
|     environment-to-ini -o $GITEA_APP_INI |  | ||||||
|   | |||||||
| @@ -2,12 +2,16 @@ apiVersion: apps/v1 | |||||||
| kind: Deployment | kind: Deployment | ||||||
| metadata: | metadata: | ||||||
|   name: {{ include "gitea.fullname" . }} |   name: {{ include "gitea.fullname" . }} | ||||||
|  |   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||||
|   annotations: |   annotations: | ||||||
|     {{- if .Values.deployment.annotations }} |     {{- if .Values.deployment.annotations }} | ||||||
|     {{- toYaml .Values.deployment.annotations | nindent 4 }} |     {{- toYaml .Values.deployment.annotations | nindent 4 }} | ||||||
|     {{- end }} |     {{- end }} | ||||||
|   labels: |   labels: | ||||||
|     {{- include "gitea.labels" . | nindent 4 }} |     {{- include "gitea.labels" . | nindent 4 }} | ||||||
|  |     {{- if .Values.deployment.labels }} | ||||||
|  |     {{- toYaml .Values.deployment.labels | nindent 4 }} | ||||||
|  |     {{- end }} | ||||||
| spec: | spec: | ||||||
|   replicas: {{ .Values.replicaCount }} |   replicas: {{ .Values.replicaCount }} | ||||||
|   strategy: |   strategy: | ||||||
| @@ -55,10 +59,14 @@ spec: | |||||||
|       securityContext: |       securityContext: | ||||||
|         {{- toYaml .Values.podSecurityContext | nindent 8 }} |         {{- toYaml .Values.podSecurityContext | nindent 8 }} | ||||||
|       initContainers: |       initContainers: | ||||||
|  |         {{- if .Values.preExtraInitContainers }} | ||||||
|  |         {{- toYaml .Values.preExtraInitContainers | nindent 8 }} | ||||||
|  |         {{- end }} | ||||||
|         - name: init-directories |         - name: init-directories | ||||||
|           image: "{{ include "gitea.image" . }}" |           image: "{{ include "gitea.image" . }}" | ||||||
|           imagePullPolicy: {{ .Values.image.pullPolicy }} |           imagePullPolicy: {{ .Values.image.pullPolicy }} | ||||||
|           command: ["/usr/sbin/init_directory_structure.sh"] |           command: | ||||||
|  |             - "{{ .Values.initContainersScriptsVolumeMountPath }}/init_directory_structure.sh" | ||||||
|           env: |           env: | ||||||
|             - name: GITEA_APP_INI |             - name: GITEA_APP_INI | ||||||
|               value: /data/gitea/conf/app.ini |               value: /data/gitea/conf/app.ini | ||||||
| @@ -77,7 +85,7 @@ spec: | |||||||
|             {{- end }} |             {{- end }} | ||||||
|           volumeMounts: |           volumeMounts: | ||||||
|             - name: init |             - name: init | ||||||
|               mountPath: /usr/sbin |               mountPath: {{ .Values.initContainersScriptsVolumeMountPath }} | ||||||
|             - name: temp |             - name: temp | ||||||
|               mountPath: /tmp |               mountPath: /tmp | ||||||
|             - name: data |             - name: data | ||||||
| @@ -93,7 +101,8 @@ spec: | |||||||
|         - name: init-app-ini |         - name: init-app-ini | ||||||
|           image: "{{ include "gitea.image" . }}" |           image: "{{ include "gitea.image" . }}" | ||||||
|           imagePullPolicy: {{ .Values.image.pullPolicy }} |           imagePullPolicy: {{ .Values.image.pullPolicy }} | ||||||
|           command: ["/usr/sbin/config_environment.sh"] |           command: | ||||||
|  |           - "{{ .Values.initContainersScriptsVolumeMountPath }}/config_environment.sh" | ||||||
|           env: |           env: | ||||||
|             - name: GITEA_APP_INI |             - name: GITEA_APP_INI | ||||||
|               value: /data/gitea/conf/app.ini |               value: /data/gitea/conf/app.ini | ||||||
| @@ -103,15 +112,19 @@ spec: | |||||||
|               value: /data |               value: /data | ||||||
|             - name: GITEA_TEMP |             - name: GITEA_TEMP | ||||||
|               value: /tmp/gitea |               value: /tmp/gitea | ||||||
|  |             - name: TMP_EXISTING_ENVS_FILE | ||||||
|  |               value: /tmp/existing-envs | ||||||
|  |             - name: ENV_TO_INI_MOUNT_POINT | ||||||
|  |               value: /env-to-ini-mounts | ||||||
|             {{- if .Values.deployment.env }} |             {{- if .Values.deployment.env }} | ||||||
|             {{- toYaml .Values.deployment.env | nindent 12 }} |             {{- toYaml .Values.deployment.env | nindent 12 }} | ||||||
|             {{- end }} |             {{- end }} | ||||||
|             {{- if .Values.gitea.additionalConfigFromEnvs }} |             {{- if .Values.gitea.additionalConfigFromEnvs }} | ||||||
|             {{- toYaml .Values.gitea.additionalConfigFromEnvs | nindent 12 }} |             {{- tpl (toYaml .Values.gitea.additionalConfigFromEnvs) $ | nindent 12 }} | ||||||
|             {{- end }} |             {{- end }} | ||||||
|           volumeMounts: |           volumeMounts: | ||||||
|             - name: config |             - name: config | ||||||
|               mountPath: /usr/sbin |               mountPath: {{ .Values.initContainersScriptsVolumeMountPath }} | ||||||
|             - name: temp |             - name: temp | ||||||
|               mountPath: /tmp |               mountPath: /tmp | ||||||
|             - name: data |             - name: data | ||||||
| @@ -133,7 +146,8 @@ spec: | |||||||
|         {{- if .Values.signing.enabled }} |         {{- if .Values.signing.enabled }} | ||||||
|         - name: configure-gpg |         - name: configure-gpg | ||||||
|           image: "{{ include "gitea.image" . }}" |           image: "{{ include "gitea.image" . }}" | ||||||
|           command: ["/usr/sbin/configure_gpg_environment.sh"] |           command: | ||||||
|  |           - "{{ .Values.initContainersScriptsVolumeMountPath }}/configure_gpg_environment.sh" | ||||||
|           imagePullPolicy: {{ .Values.image.pullPolicy }} |           imagePullPolicy: {{ .Values.image.pullPolicy }} | ||||||
|           securityContext: |           securityContext: | ||||||
|             {{- /* By default this container runs as user 1000 unless otherwise stated */ -}} |             {{- /* By default this container runs as user 1000 unless otherwise stated */ -}} | ||||||
| @@ -145,9 +159,11 @@ spec: | |||||||
|           env: |           env: | ||||||
|             - name: GNUPGHOME |             - name: GNUPGHOME | ||||||
|               value: {{ .Values.signing.gpgHome }} |               value: {{ .Values.signing.gpgHome }} | ||||||
|  |             - name: TMP_RAW_GPG_KEY | ||||||
|  |               value: /raw/private.asc | ||||||
|           volumeMounts: |           volumeMounts: | ||||||
|             - name: init |             - name: init | ||||||
|               mountPath: /usr/sbin |               mountPath: {{ .Values.initContainersScriptsVolumeMountPath }} | ||||||
|             - name: data |             - name: data | ||||||
|               mountPath: /data |               mountPath: /data | ||||||
|               {{- if .Values.persistence.subPath }} |               {{- if .Values.persistence.subPath }} | ||||||
| @@ -164,7 +180,8 @@ spec: | |||||||
|         {{- end }} |         {{- end }} | ||||||
|         - name: configure-gitea |         - name: configure-gitea | ||||||
|           image: "{{ include "gitea.image" . }}" |           image: "{{ include "gitea.image" . }}" | ||||||
|           command: ["/usr/sbin/configure_gitea.sh"] |           command: | ||||||
|  |           - "{{ .Values.initContainersScriptsVolumeMountPath }}/configure_gitea.sh" | ||||||
|           imagePullPolicy: {{ .Values.image.pullPolicy }} |           imagePullPolicy: {{ .Values.image.pullPolicy }} | ||||||
|           securityContext: |           securityContext: | ||||||
|             {{- /* By default this container runs as user 1000 unless otherwise stated */ -}} |             {{- /* By default this container runs as user 1000 unless otherwise stated */ -}} | ||||||
| @@ -240,12 +257,14 @@ spec: | |||||||
|             - name: GITEA_ADMIN_PASSWORD |             - name: GITEA_ADMIN_PASSWORD | ||||||
|               value: {{ .Values.gitea.admin.password | quote }} |               value: {{ .Values.gitea.admin.password | quote }} | ||||||
|             {{- end }} |             {{- end }} | ||||||
|  |             - name: GITEA_ADMIN_PASSWORD_MODE | ||||||
|  |               value: {{ include "gitea.admin.passwordMode" $ }} | ||||||
|             {{- if .Values.deployment.env }} |             {{- if .Values.deployment.env }} | ||||||
|             {{- toYaml .Values.deployment.env | nindent 12 }} |             {{- toYaml .Values.deployment.env | nindent 12 }} | ||||||
|             {{- end }} |             {{- end }} | ||||||
|           volumeMounts: |           volumeMounts: | ||||||
|             - name: init |             - name: init | ||||||
|               mountPath: /usr/sbin |               mountPath: {{ .Values.initContainersScriptsVolumeMountPath }} | ||||||
|             - name: temp |             - name: temp | ||||||
|               mountPath: /tmp |               mountPath: /tmp | ||||||
|             - name: data |             - name: data | ||||||
| @@ -256,6 +275,9 @@ spec: | |||||||
|             {{- include "gitea.init-additional-mounts" . | nindent 12 }} |             {{- include "gitea.init-additional-mounts" . | nindent 12 }} | ||||||
|           resources: |           resources: | ||||||
|             {{- toYaml .Values.initContainers.resources | nindent 12 }} |             {{- toYaml .Values.initContainers.resources | nindent 12 }} | ||||||
|  |         {{- if .Values.postExtraInitContainers }} | ||||||
|  |         {{- toYaml .Values.postExtraInitContainers | nindent 8 }} | ||||||
|  |         {{- end }} | ||||||
|       terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }} |       terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }} | ||||||
|       containers: |       containers: | ||||||
|         - name: {{ .Chart.Name }} |         - name: {{ .Chart.Name }} | ||||||
| @@ -279,6 +301,13 @@ spec: | |||||||
|               value: /data |               value: /data | ||||||
|             - name: GITEA_TEMP |             - name: GITEA_TEMP | ||||||
|               value: /tmp/gitea |               value: /tmp/gitea | ||||||
|  |             {{- if and (hasKey .Values.resources "limits") (hasKey .Values.resources.limits "cpu") }} | ||||||
|  |             - name: GOMAXPROCS | ||||||
|  |               valueFrom: | ||||||
|  |                 resourceFieldRef: | ||||||
|  |                   divisor: "1" | ||||||
|  |                   resource: limits.cpu | ||||||
|  |             {{- end }} | ||||||
|             - name: TMPDIR |             - name: TMPDIR | ||||||
|               value: /tmp/gitea |               value: /tmp/gitea | ||||||
|             {{- if .Values.image.rootless }} |             {{- if .Values.image.rootless }} | ||||||
| @@ -306,15 +335,15 @@ spec: | |||||||
|             {{- end }} |             {{- end }} | ||||||
|           {{- if .Values.gitea.livenessProbe.enabled }} |           {{- if .Values.gitea.livenessProbe.enabled }} | ||||||
|           livenessProbe: |           livenessProbe: | ||||||
|             {{- toYaml (omit .Values.gitea.livenessProbe "enabled") | nindent 12 }} |             {{- include "gitea.deployment.probe" .Values.gitea.livenessProbe | nindent 12 }} | ||||||
|           {{- end }} |           {{- end }} | ||||||
|           {{- if .Values.gitea.readinessProbe.enabled }} |           {{- if .Values.gitea.readinessProbe.enabled }} | ||||||
|           readinessProbe: |           readinessProbe: | ||||||
|             {{- toYaml (omit .Values.gitea.readinessProbe "enabled") | nindent 12 }} |             {{- include "gitea.deployment.probe" .Values.gitea.readinessProbe | nindent 12 }} | ||||||
|           {{- end }} |           {{- end }} | ||||||
|           {{- if .Values.gitea.startupProbe.enabled }} |           {{- if .Values.gitea.startupProbe.enabled }} | ||||||
|           startupProbe: |           startupProbe: | ||||||
|             {{- toYaml (omit .Values.gitea.startupProbe "enabled") | nindent 12 }} |             {{- include "gitea.deployment.probe" .Values.gitea.startupProbe | nindent 12 }} | ||||||
|           {{- end }} |           {{- end }} | ||||||
|           resources: |           resources: | ||||||
|             {{- toYaml .Values.resources | nindent 12 }} |             {{- toYaml .Values.resources | nindent 12 }} | ||||||
| @@ -334,13 +363,16 @@ spec: | |||||||
|               subPath: {{ .Values.persistence.subPath }} |               subPath: {{ .Values.persistence.subPath }} | ||||||
|               {{- end }} |               {{- end }} | ||||||
|             {{- include "gitea.container-additional-mounts" . | nindent 12 }} |             {{- include "gitea.container-additional-mounts" . | nindent 12 }} | ||||||
|  |         {{- if .Values.extraContainers }} | ||||||
|  |         {{- toYaml .Values.extraContainers | nindent 8 }} | ||||||
|  |         {{- end }} | ||||||
|       {{- with .Values.global.hostAliases }} |       {{- with .Values.global.hostAliases }} | ||||||
|       hostAliases: |       hostAliases: | ||||||
|         {{- toYaml . | nindent 8 }} |         {{- toYaml . | nindent 8 }} | ||||||
|       {{- end }} |       {{- end }} | ||||||
|       {{- with .Values.nodeSelector }} |       {{- range $key, $value := .Values.nodeSelector }} | ||||||
|       nodeSelector: |       nodeSelector: | ||||||
|         {{- toYaml . | nindent 8 }} |         {{ $key }}: {{ $value | quote }} | ||||||
|       {{- end }} |       {{- end }} | ||||||
|     {{- with .Values.affinity }} |     {{- with .Values.affinity }} | ||||||
|       affinity: |       affinity: | ||||||
|   | |||||||
| @@ -7,6 +7,7 @@ apiVersion: v1 | |||||||
| kind: Secret | kind: Secret | ||||||
| metadata: | metadata: | ||||||
|   name: {{ include "gitea.gpg-key-secret-name" . }} |   name: {{ include "gitea.gpg-key-secret-name" . }} | ||||||
|  |   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||||
|   labels: |   labels: | ||||||
|     {{- include "gitea.labels" . | nindent 4 }} |     {{- include "gitea.labels" . | nindent 4 }} | ||||||
| type: Opaque | type: Opaque | ||||||
|   | |||||||
| @@ -2,13 +2,21 @@ apiVersion: v1 | |||||||
| kind: Service | kind: Service | ||||||
| metadata: | metadata: | ||||||
|   name: {{ include "gitea.fullname" . }}-http |   name: {{ include "gitea.fullname" . }}-http | ||||||
|  |   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||||
|   labels: |   labels: | ||||||
|     {{- include "gitea.labels" . | nindent 4 }} |     {{- include "gitea.labels" . | nindent 4 }} | ||||||
|  |     {{- if .Values.service.http.labels }} | ||||||
|  |     {{- toYaml .Values.service.http.labels  | nindent 4 }} | ||||||
|  |     {{- end }} | ||||||
|   annotations: |   annotations: | ||||||
|     {{- toYaml .Values.service.http.annotations | nindent 4 }} |     {{- toYaml .Values.service.http.annotations | nindent 4 }} | ||||||
| spec: | spec: | ||||||
|   type: {{ .Values.service.http.type }} |   type: {{ .Values.service.http.type }} | ||||||
|   {{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }} |   {{- if eq .Values.service.http.type "LoadBalancer" }} | ||||||
|  |   {{- if .Values.service.http.loadBalancerClass }} | ||||||
|  |   loadBalancerClass: {{ .Values.service.http.loadBalancerClass }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- if and .Values.service.http.loadBalancerIP }} | ||||||
|   loadBalancerIP: {{ .Values.service.http.loadBalancerIP  }} |   loadBalancerIP: {{ .Values.service.http.loadBalancerIP  }} | ||||||
|   {{- end }} |   {{- end }} | ||||||
|   {{- if .Values.service.http.loadBalancerSourceRanges }} |   {{- if .Values.service.http.loadBalancerSourceRanges }} | ||||||
| @@ -17,6 +25,7 @@ spec: | |||||||
|     - {{ . }} |     - {{ . }} | ||||||
|   {{- end }} |   {{- end }} | ||||||
|   {{- end }} |   {{- end }} | ||||||
|  |   {{- end }} | ||||||
|   {{- if .Values.service.http.externalIPs }} |   {{- if .Values.service.http.externalIPs }} | ||||||
|   externalIPs: |   externalIPs: | ||||||
|     {{- toYaml .Values.service.http.externalIPs | nindent 4 }} |     {{- toYaml .Values.service.http.externalIPs | nindent 4 }} | ||||||
|   | |||||||
| @@ -1,58 +1,62 @@ | |||||||
| {{- if .Values.ingress.enabled -}} | {{- if .Values.ingress.enabled -}} | ||||||
| {{- $fullName := include "gitea.fullname" . -}} | {{- $fullName := include "gitea.fullname" . -}} | ||||||
| {{- $httpPort := .Values.service.http.port -}} | {{- $httpPort := .Values.service.http.port -}} | ||||||
| {{- $apiVersion := "extensions/v1beta1" -}} | apiVersion: networking.k8s.io/v1 | ||||||
| {{- if .Values.ingress.apiVersion -}} |  | ||||||
| {{- $apiVersion = .Values.ingress.apiVersion -}} |  | ||||||
| {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} |  | ||||||
| {{- $apiVersion = "networking.k8s.io/v1" }} |  | ||||||
| {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}} |  | ||||||
| {{- $apiVersion = "networking.k8s.io/v1beta1" }} |  | ||||||
| {{- end }} |  | ||||||
| apiVersion: {{ $apiVersion }} |  | ||||||
| kind: Ingress | kind: Ingress | ||||||
| metadata: | metadata: | ||||||
|   name: {{ $fullName }} |   name: {{ $fullName }} | ||||||
|  |   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||||
|   labels: |   labels: | ||||||
|     {{- include "gitea.labels" . | nindent 4 }} |     {{- include "gitea.labels" . | nindent 4 }} | ||||||
|   {{- with .Values.ingress.annotations }} |  | ||||||
|   annotations: |   annotations: | ||||||
|     {{- toYaml . | nindent 4 }} |     {{- range $key, $value := .Values.ingress.annotations }} | ||||||
|  |       {{ $key }}: {{ $value | quote }} | ||||||
|     {{- end }} |     {{- end }} | ||||||
| spec: | spec: | ||||||
| {{- if .Values.ingress.className }} |   ingressClassName: {{ tpl .Values.ingress.className . }} | ||||||
|   ingressClassName: {{ .Values.ingress.className }} |  | ||||||
| {{- end }} |  | ||||||
| {{- if .Values.ingress.tls }} | {{- if .Values.ingress.tls }} | ||||||
|   tls: |   tls: | ||||||
|   {{- range .Values.ingress.tls }} |   {{- range .Values.ingress.tls }} | ||||||
|     - hosts: |     - hosts: | ||||||
|       {{- range .hosts }} |       {{- range .hosts }} | ||||||
|         - {{ . | quote }} |         - {{ tpl . $ | quote }} | ||||||
|       {{- end }} |       {{- end }} | ||||||
|       secretName: {{ .secretName }} |       secretName: {{ .secretName }} | ||||||
|   {{- end }} |   {{- end }} | ||||||
| {{- end }} | {{- end }} | ||||||
|   rules: |   rules: | ||||||
|     {{- range .Values.ingress.hosts }} |     {{- range .Values.ingress.hosts }} | ||||||
|     - host: {{ .host | quote }} |     - host: {{ tpl .host $ | quote }} | ||||||
|       http: |       http: | ||||||
|         paths: |         paths: | ||||||
|  |           {{- if .paths }} | ||||||
|           {{- range .paths }} |           {{- range .paths }} | ||||||
|           - path: {{ .path }} |           {{- if kindIs "string" . }} | ||||||
|             {{- if and .pathType (eq $apiVersion "networking.k8s.io/v1") }} |           - path: {{ . }} | ||||||
|             pathType: {{ .pathType }} |             pathType: {{ default "Prefix" $.Values.ingress.pathType }} | ||||||
|             {{- end }} |  | ||||||
|             backend: |             backend: | ||||||
|             {{- if eq $apiVersion "networking.k8s.io/v1" }} |  | ||||||
|               service: |               service: | ||||||
|                 name: {{ $fullName }}-http |                 name: {{ $fullName }}-http | ||||||
|                 port: |                 port: | ||||||
|                   number: {{ $httpPort }} |                   number: {{ $httpPort }} | ||||||
|           {{- else }} |           {{- else }} | ||||||
|               serviceName: {{ $fullName }}-http |           - path: {{ .path | default "/" }} | ||||||
|               servicePort: {{ $httpPort }} |             pathType: {{ .pathType | default "Prefix" }} | ||||||
|  |             backend: | ||||||
|  |               service: | ||||||
|  |                 name: {{ $fullName }}-http | ||||||
|  |                 port: | ||||||
|  |                   number: {{ $httpPort }} | ||||||
|           {{- end }} |           {{- end }} | ||||||
|           {{- end }} |           {{- end }} | ||||||
|  |           {{- else }} | ||||||
|  |           - path: "/" | ||||||
|  |             pathType: "Prefix" | ||||||
|  |             backend: | ||||||
|  |               service: | ||||||
|  |                 name: {{ $fullName }}-http | ||||||
|  |                 port: | ||||||
|  |                   number: {{ $httpPort }} | ||||||
|  |           {{- end }} | ||||||
|     {{- end }} |     {{- end }} | ||||||
| {{- end }} | {{- end }} | ||||||
|   | |||||||
| @@ -2,15 +2,12 @@ apiVersion: v1 | |||||||
| kind: Secret | kind: Secret | ||||||
| metadata: | metadata: | ||||||
|   name: {{ include "gitea.fullname" . }}-init |   name: {{ include "gitea.fullname" . }}-init | ||||||
|  |   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||||
|   labels: |   labels: | ||||||
|     {{- include "gitea.labels" . | nindent 4 }} |     {{- include "gitea.labels" . | nindent 4 }} | ||||||
| type: Opaque | type: Opaque | ||||||
| stringData: | stringData: | ||||||
|   configure_gpg_environment.sh: |- | {{ (.Files.Glob "scripts/init-containers/init/*.sh").AsConfig | indent 2 }} | ||||||
|     #!/usr/bin/env bash |  | ||||||
|     set -eu |  | ||||||
|  |  | ||||||
|     gpg --batch --import /raw/private.asc |  | ||||||
|   init_directory_structure.sh: |- |   init_directory_structure.sh: |- | ||||||
|     #!/usr/bin/env bash |     #!/usr/bin/env bash | ||||||
|  |  | ||||||
| @@ -24,27 +21,25 @@ stringData: | |||||||
|     # END: initPreScript |     # END: initPreScript | ||||||
|     {{- end }} |     {{- end }} | ||||||
|  |  | ||||||
|     set -x |  | ||||||
|  |  | ||||||
|     {{- if not .Values.image.rootless }} |     {{- if not .Values.image.rootless }} | ||||||
|     chown 1000:1000 /data |     chown -v 1000:1000 /data | ||||||
|     {{- end }} |     {{- end }} | ||||||
|     mkdir -p /data/git/.ssh |     mkdir -pv /data/git/.ssh | ||||||
|     chmod -R 700 /data/git/.ssh |     chmod -Rv 700 /data/git/.ssh | ||||||
|     [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf |     [ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf | ||||||
|  |  | ||||||
|     # prepare temp directory structure |     # prepare temp directory structure | ||||||
|     mkdir -p "${GITEA_TEMP}" |     mkdir -pv "${GITEA_TEMP}" | ||||||
|     {{- if not .Values.image.rootless }} |     {{- if not .Values.image.rootless }} | ||||||
|     chown 1000:1000 "${GITEA_TEMP}" |     chown -v 1000:1000 "${GITEA_TEMP}" | ||||||
|     {{- end }} |     {{- end }} | ||||||
|     chmod ug+rwx "${GITEA_TEMP}" |     chmod -v ug+rwx "${GITEA_TEMP}" | ||||||
|  |  | ||||||
|     {{ if .Values.signing.enabled -}} |     {{ if .Values.signing.enabled -}} | ||||||
|     if [ ! -d "${GNUPGHOME}" ]; then |     if [ ! -d "${GNUPGHOME}" ]; then | ||||||
|       mkdir -p "${GNUPGHOME}" |       mkdir -pv "${GNUPGHOME}" | ||||||
|       chmod 700 "${GNUPGHOME}" |       chmod -v 700 "${GNUPGHOME}" | ||||||
|       chown 1000:1000 "${GNUPGHOME}" |       chown -v 1000:1000 "${GNUPGHOME}" | ||||||
|     fi |     fi | ||||||
|     {{- end }} |     {{- end }} | ||||||
|  |  | ||||||
| @@ -62,39 +57,80 @@ stringData: | |||||||
|       exit 1 |       exit 1 | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     {{- if include "redis.servicename" . }} |     {{- if include "valkey.servicename" . }} | ||||||
|     function test_redis_connection() { |     function test_valkey_connection() { | ||||||
|       local RETRY=0 |       local RETRY=0 | ||||||
|       local MAX=30 |       local MAX=30 | ||||||
|        |        | ||||||
|       echo 'Wait for redis to become avialable...' |       echo 'Wait for valkey to become avialable...' | ||||||
|       until [ "${RETRY}" -ge "${MAX}" ]; do |       until [ "${RETRY}" -ge "${MAX}" ]; do | ||||||
|         nc -vz -w2 {{ include "redis.servicename" . }} {{ include "redis.port" . }} && break |         nc -vz -w2 {{ include "valkey.servicename" . }} {{ include "valkey.port" . }} && break | ||||||
|         RETRY=$[${RETRY}+1] |         RETRY=$[${RETRY}+1] | ||||||
|         echo "...not ready yet (${RETRY}/${MAX})" |         echo "...not ready yet (${RETRY}/${MAX})" | ||||||
|       done |       done | ||||||
|  |  | ||||||
|       if [ "${RETRY}" -ge "${MAX}" ]; then |       if [ "${RETRY}" -ge "${MAX}" ]; then | ||||||
|         echo "Redis not reachable after '${MAX}' attempts!" |         echo "Valkey not reachable after '${MAX}' attempts!" | ||||||
|         exit 1 |         exit 1 | ||||||
|       fi |       fi | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     test_redis_connection |     test_valkey_connection | ||||||
|     {{- end }} |     {{- end }} | ||||||
|      |      | ||||||
|  |  | ||||||
|     {{- if or .Values.gitea.admin.existingSecret (and .Values.gitea.admin.username .Values.gitea.admin.password) }} |     {{- if or .Values.gitea.admin.existingSecret (and .Values.gitea.admin.username .Values.gitea.admin.password) }} | ||||||
|     function configure_admin_user() { |     function configure_admin_user() { | ||||||
|       local ACCOUNT_ID=$(gitea admin user list --admin | grep -e "\s\+${GITEA_ADMIN_USERNAME}\s\+" | awk -F " " "{printf \$1}") |       local full_admin_list=$(gitea admin user list --admin) | ||||||
|  |       local actual_user_table='' | ||||||
|  |  | ||||||
|  |       # We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line | ||||||
|  |       local regex="(.*)(ID\s+Username\s+Email\s+IsActive.*)" | ||||||
|  |       if [[ "${full_admin_list}" =~ $regex ]]; then | ||||||
|  |         actual_user_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline | ||||||
|  |       else | ||||||
|  |         # This code block should never be reached, as long as the output table header remains the same. | ||||||
|  |         # If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script. | ||||||
|  |  | ||||||
|  |         echo "ERROR: 'configure_admin_user' was not able to determine the current list of admin users." | ||||||
|  |         echo "       Please review the output of 'gitea admin user list --admin' shown below." | ||||||
|  |         echo "       If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-gitea/issues." | ||||||
|  |         echo "DEBUG: Output of 'gitea admin user list --admin'" | ||||||
|  |         echo "--" | ||||||
|  |         echo "${full_admin_list}" | ||||||
|  |         echo "--" | ||||||
|  |         exit 1 | ||||||
|  |       fi | ||||||
|  |  | ||||||
|  |       local ACCOUNT_ID=$(echo "${actual_user_table}" | grep -E "\s+${GITEA_ADMIN_USERNAME}\s+" | awk -F " " "{printf \$1}") | ||||||
|       if [[ -z "${ACCOUNT_ID}" ]]; then |       if [[ -z "${ACCOUNT_ID}" ]]; then | ||||||
|  |         local -a create_args | ||||||
|  |         create_args=(--admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }}) | ||||||
|  |         if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = initialOnlyRequireReset ]]; then | ||||||
|  |           create_args+=(--must-change-password=true) | ||||||
|  |         else | ||||||
|  |           create_args+=(--must-change-password=false) | ||||||
|  |         fi | ||||||
|         echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..." |         echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..." | ||||||
|         gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }} --must-change-password=false |         gitea admin user create "${create_args[@]}" | ||||||
|         echo '...created.' |         echo '...created.' | ||||||
|       else |       else | ||||||
|  |         if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = keepUpdated ]]; then | ||||||
|           echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." |           echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." | ||||||
|         gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" |           # See https://gitea.com/gitea/helm-gitea/issues/673 | ||||||
|  |           # --must-change-password argument was added to change-password, defaulting to true, counter to the previous behavior | ||||||
|  |           #   which acted as if it were provided with =false. If the argument is present in this version of gitea, then we | ||||||
|  |           #   should add it to prevent requiring frequent admin password resets. | ||||||
|  |           local -a change_args | ||||||
|  |           change_args=(--username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}") | ||||||
|  |           if gitea admin user change-password --help | grep -qF -- '--must-change-password'; then | ||||||
|  |             change_args+=(--must-change-password=false) | ||||||
|  |           fi | ||||||
|  |           gitea admin user change-password "${change_args[@]}" | ||||||
|           echo '...password sync done.' |           echo '...password sync done.' | ||||||
|  |         else | ||||||
|  |           echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist, but update mode is set to '${GITEA_ADMIN_PASSWORD_MODE}'. Skipping." | ||||||
|  |         fi | ||||||
|       fi |       fi | ||||||
|     } |     } | ||||||
|  |  | ||||||
| @@ -105,7 +141,28 @@ stringData: | |||||||
|       {{- if .Values.gitea.ldap }} |       {{- if .Values.gitea.ldap }} | ||||||
|       {{- range $idx, $value := .Values.gitea.ldap }} |       {{- range $idx, $value := .Values.gitea.ldap }} | ||||||
|       local LDAP_NAME={{ (printf "%s" $value.name) | squote }} |       local LDAP_NAME={{ (printf "%s" $value.name) | squote }} | ||||||
|       local GITEA_AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " "  "{print \$1}") |       local full_auth_list=$(gitea admin auth list --vertical-bars) | ||||||
|  |       local actual_auth_table='' | ||||||
|  |  | ||||||
|  |       # We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line | ||||||
|  |       local regex="(.*)(ID\s+\|Name\s+\|Type\s+\|Enabled.*)" | ||||||
|  |       if [[ "${full_auth_list}" =~ $regex ]]; then | ||||||
|  |         actual_auth_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline | ||||||
|  |       else | ||||||
|  |         # This code block should never be reached, as long as the output table header remains the same. | ||||||
|  |         # If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script. | ||||||
|  |  | ||||||
|  |         echo "ERROR: 'configure_ldap' was not able to determine the current list of authentication sources." | ||||||
|  |         echo "       Please review the output of 'gitea admin auth list --vertical-bars' shown below." | ||||||
|  |         echo "       If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-gitea/issues." | ||||||
|  |         echo "DEBUG: Output of 'gitea admin auth list --vertical-bars'" | ||||||
|  |         echo "--" | ||||||
|  |         echo "${full_auth_list}" | ||||||
|  |         echo "--" | ||||||
|  |         exit 1 | ||||||
|  |       fi | ||||||
|  |  | ||||||
|  |       local GITEA_AUTH_ID=$(echo "${actual_auth_table}" | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " "  "{print \$1}") | ||||||
|  |  | ||||||
|       if [[ -z "${GITEA_AUTH_ID}" ]]; then |       if [[ -z "${GITEA_AUTH_ID}" ]]; then | ||||||
|         echo "No ldap configuration found with name '${LDAP_NAME}'. Installing it now..." |         echo "No ldap configuration found with name '${LDAP_NAME}'. Installing it now..." | ||||||
| @@ -128,7 +185,28 @@ stringData: | |||||||
|       {{- if .Values.gitea.oauth }} |       {{- if .Values.gitea.oauth }} | ||||||
|       {{- range $idx, $value := .Values.gitea.oauth }} |       {{- range $idx, $value := .Values.gitea.oauth }} | ||||||
|       local OAUTH_NAME={{ (printf "%s" $value.name) | squote }} |       local OAUTH_NAME={{ (printf "%s" $value.name) | squote }} | ||||||
|       local AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " "  "{print \$1}") |       local full_auth_list=$(gitea admin auth list --vertical-bars) | ||||||
|  |       local actual_auth_table='' | ||||||
|  |  | ||||||
|  |       # We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line | ||||||
|  |       local regex="(.*)(ID\s+\|Name\s+\|Type\s+\|Enabled.*)" | ||||||
|  |       if [[ "${full_auth_list}" =~ $regex ]]; then | ||||||
|  |         actual_auth_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline | ||||||
|  |       else | ||||||
|  |         # This code block should never be reached, as long as the output table header remains the same. | ||||||
|  |         # If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script. | ||||||
|  |  | ||||||
|  |         echo "ERROR: 'configure_oauth' was not able to determine the current list of authentication sources." | ||||||
|  |         echo "       Please review the output of 'gitea admin auth list --vertical-bars' shown below." | ||||||
|  |         echo "       If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-gitea/issues." | ||||||
|  |         echo "DEBUG: Output of 'gitea admin auth list --vertical-bars'" | ||||||
|  |         echo "--" | ||||||
|  |         echo "${full_auth_list}" | ||||||
|  |         echo "--" | ||||||
|  |         exit 1 | ||||||
|  |       fi | ||||||
|  |  | ||||||
|  |       local AUTH_ID=$(echo "${actual_auth_table}" | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " "  "{print \$1}") | ||||||
|  |  | ||||||
|       if [[ -z "${AUTH_ID}" ]]; then |       if [[ -z "${AUTH_ID}" ]]; then | ||||||
|         echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..." |         echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..." | ||||||
|   | |||||||
							
								
								
									
										12
									
								
								templates/gitea/metrics-secret.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								templates/gitea/metrics-secret.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,12 @@ | |||||||
|  | {{- if and (.Values.gitea.metrics.enabled) (.Values.gitea.metrics.serviceMonitor.enabled) (.Values.gitea.metrics.token) -}} | ||||||
|  | apiVersion: v1 | ||||||
|  | kind: Secret | ||||||
|  | metadata: | ||||||
|  |   name: {{ include "gitea.metrics-secret-name" . }} | ||||||
|  |   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||||
|  |   labels: | ||||||
|  |     {{- include "gitea.labels" . | nindent 4 }} | ||||||
|  | type: Opaque | ||||||
|  | data: | ||||||
|  |   token: {{ .Values.gitea.metrics.token  | b64enc }} | ||||||
|  | {{- end }} | ||||||
| @@ -7,6 +7,7 @@ apiVersion: policy/v1beta1 | |||||||
| kind: PodDisruptionBudget | kind: PodDisruptionBudget | ||||||
| metadata: | metadata: | ||||||
|   name: {{ include "gitea.fullname" . }} |   name: {{ include "gitea.fullname" . }} | ||||||
|  |   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||||
|   labels: |   labels: | ||||||
|     {{- include "gitea.labels" . | nindent 4 }} |     {{- include "gitea.labels" . | nindent 4 }} | ||||||
| spec: | spec: | ||||||
|   | |||||||
| @@ -3,20 +3,20 @@ kind: PersistentVolumeClaim | |||||||
| apiVersion: v1 | apiVersion: v1 | ||||||
| metadata: | metadata: | ||||||
|   name: {{ .Values.persistence.claimName }} |   name: {{ .Values.persistence.claimName }} | ||||||
|   namespace: {{ $.Release.Namespace }} |   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||||
|   annotations: |   annotations: | ||||||
| {{ .Values.persistence.annotations | toYaml | indent 4}} | {{ .Values.persistence.annotations | toYaml | indent 4}} | ||||||
|  |   labels: | ||||||
|  | {{ .Values.persistence.labels | toYaml | indent 4}} | ||||||
| spec: | spec: | ||||||
|   accessModes: |   accessModes: | ||||||
|   {{- if gt .Values.replicaCount 1.0 }} |   {{- if gt (.Values.replicaCount | int) 1 }} | ||||||
|       - ReadWriteMany |       - ReadWriteMany | ||||||
|   {{- else }} |   {{- else }} | ||||||
|     {{- .Values.persistence.accessModes | toYaml | nindent 4 }} |     {{- .Values.persistence.accessModes | toYaml | nindent 4 }} | ||||||
|   {{- end }} |   {{- end }} | ||||||
|   volumeMode: Filesystem |   volumeMode: Filesystem | ||||||
|   {{- if .Values.persistence.storageClass }} |   {{- include "gitea.persistence.storageClass" . | nindent 2 }} | ||||||
|   storageClassName: {{ .Values.persistence.storageClass }} |  | ||||||
|   {{- end }} |  | ||||||
|   {{- with .Values.persistence.volumeName }} |   {{- with .Values.persistence.volumeName }} | ||||||
|   volumeName: {{ . }} |   volumeName: {{ . }} | ||||||
|   {{- end }} |   {{- end }} | ||||||
|   | |||||||
| @@ -3,7 +3,7 @@ apiVersion: v1 | |||||||
| kind: ServiceAccount | kind: ServiceAccount | ||||||
| metadata: | metadata: | ||||||
|   name: {{ include "gitea.serviceAccountName" . }} |   name: {{ include "gitea.serviceAccountName" . }} | ||||||
|   namespace: {{ .Release.Namespace | quote }} |   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||||
|   labels: |   labels: | ||||||
|     {{- include "gitea.labels" . | nindent 4 }} |     {{- include "gitea.labels" . | nindent 4 }} | ||||||
|     {{- with .Values.serviceAccount.labels }} |     {{- with .Values.serviceAccount.labels }} | ||||||
|   | |||||||
| @@ -1,8 +1,9 @@ | |||||||
| {{- if .Values.gitea.metrics.serviceMonitor.enabled -}} | {{- if and .Values.gitea.metrics.enabled .Values.gitea.metrics.serviceMonitor.enabled -}} | ||||||
| apiVersion: monitoring.coreos.com/v1 | apiVersion: monitoring.coreos.com/v1 | ||||||
| kind: ServiceMonitor | kind: ServiceMonitor | ||||||
| metadata: | metadata: | ||||||
|   name: {{ include "gitea.fullname" . }} |   name: {{ include "gitea.fullname" . }} | ||||||
|  |   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||||
|   labels: |   labels: | ||||||
|     {{- include "gitea.labels" . | nindent 4 }} |     {{- include "gitea.labels" . | nindent 4 }} | ||||||
|     {{- if .Values.gitea.metrics.serviceMonitor.additionalLabels }} |     {{- if .Values.gitea.metrics.serviceMonitor.additionalLabels }} | ||||||
| @@ -14,4 +15,29 @@ spec: | |||||||
|       {{- include "gitea.selectorLabels" . | nindent 6 }} |       {{- include "gitea.selectorLabels" . | nindent 6 }} | ||||||
|   endpoints: |   endpoints: | ||||||
|   - port: http |   - port: http | ||||||
|  |     {{- if .Values.gitea.metrics.serviceMonitor.interval }} | ||||||
|  |     interval: {{ .Values.gitea.metrics.serviceMonitor.interval }} | ||||||
|  |     {{- end }} | ||||||
|  |     {{- with .Values.gitea.metrics.serviceMonitor.relabelings }} | ||||||
|  |     relabelings: | ||||||
|  |       {{- . | toYaml | nindent 6 }} | ||||||
|  |     {{- end }} | ||||||
|  |     {{- if .Values.gitea.metrics.serviceMonitor.scheme }} | ||||||
|  |     scheme: {{ .Values.gitea.metrics.serviceMonitor.scheme }} | ||||||
|  |     {{- end }} | ||||||
|  |     {{- if .Values.gitea.metrics.serviceMonitor.scrapeTimeout }} | ||||||
|  |     scrapeTimeout: {{ .Values.gitea.metrics.serviceMonitor.scrapeTimeout }} | ||||||
|  |     {{- end }} | ||||||
|  |     {{- with .Values.gitea.metrics.serviceMonitor.tlsConfig }} | ||||||
|  |     tlsConfig: | ||||||
|  |       {{- . | toYaml | nindent 6 }} | ||||||
|  |     {{- end }} | ||||||
|  |     {{- if .Values.gitea.metrics.token }} | ||||||
|  |     authorization: | ||||||
|  |       type: Bearer | ||||||
|  |       credentials: | ||||||
|  |         name: {{ include "gitea.metrics-secret-name" . }} | ||||||
|  |         key: token | ||||||
|  |         optional: false | ||||||
|  |     {{- end }} | ||||||
| {{- end -}} | {{- end -}} | ||||||
| @@ -2,13 +2,20 @@ apiVersion: v1 | |||||||
| kind: Service | kind: Service | ||||||
| metadata: | metadata: | ||||||
|   name: {{ include "gitea.fullname" . }}-ssh |   name: {{ include "gitea.fullname" . }}-ssh | ||||||
|  |   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||||
|   labels: |   labels: | ||||||
|     {{- include "gitea.labels" . | nindent 4 }} |     {{- include "gitea.labels" . | nindent 4 }} | ||||||
|  |     {{- if .Values.service.ssh.labels }} | ||||||
|  |     {{- toYaml .Values.service.ssh.labels  | nindent 4 }} | ||||||
|  |     {{- end }} | ||||||
|   annotations: |   annotations: | ||||||
|     {{- toYaml .Values.service.ssh.annotations | nindent 4 }} |     {{- toYaml .Values.service.ssh.annotations | nindent 4 }} | ||||||
| spec: | spec: | ||||||
|   type: {{ .Values.service.ssh.type }} |   type: {{ .Values.service.ssh.type }} | ||||||
|   {{- if eq .Values.service.ssh.type "LoadBalancer" }} |   {{- if eq .Values.service.ssh.type "LoadBalancer" }} | ||||||
|  |   {{- if .Values.service.ssh.loadBalancerClass }} | ||||||
|  |   loadBalancerClass: {{ .Values.service.ssh.loadBalancerClass }} | ||||||
|  |   {{- end }} | ||||||
|   {{- if .Values.service.ssh.loadBalancerIP }} |   {{- if .Values.service.ssh.loadBalancerIP }} | ||||||
|   loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }} |   loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }} | ||||||
|   {{- end -}} |   {{- end -}} | ||||||
|   | |||||||
| @@ -3,6 +3,7 @@ apiVersion: v1 | |||||||
| kind: Pod | kind: Pod | ||||||
| metadata: | metadata: | ||||||
|   name: "{{ include "gitea.fullname" . }}-test-connection" |   name: "{{ include "gitea.fullname" . }}-test-connection" | ||||||
|  |   namespace: {{ .Values.namespace | default .Release.Namespace }} | ||||||
|   labels: |   labels: | ||||||
| {{ include "gitea.labels" . | nindent 4 }} | {{ include "gitea.labels" . | nindent 4 }} | ||||||
|   annotations: |   annotations: | ||||||
|   | |||||||
							
								
								
									
										1
									
								
								unittests/bash/bats
									
									
									
									
									
										Submodule
									
								
							
							
								
								
								
								
								
							
						
						
									
										1
									
								
								unittests/bash/bats
									
									
									
									
									
										Submodule
									
								
							 Submodule unittests/bash/bats added at 855844b834
									
								
							
							
								
								
									
										1
									
								
								unittests/bash/test_helper/bats-assert
									
									
									
									
									
										Submodule
									
								
							
							
								
								
								
								
								
							
						
						
									
										1
									
								
								unittests/bash/test_helper/bats-assert
									
									
									
									
									
										Submodule
									
								
							 Submodule unittests/bash/test_helper/bats-assert added at 3be0fb7856
									
								
							
							
								
								
									
										1
									
								
								unittests/bash/test_helper/bats-mock
									
									
									
									
									
										Submodule
									
								
							
							
								
								
								
								
								
							
						
						
									
										1
									
								
								unittests/bash/test_helper/bats-mock
									
									
									
									
									
										Submodule
									
								
							 Submodule unittests/bash/test_helper/bats-mock added at 9d8aa349f1
									
								
							
							
								
								
									
										1
									
								
								unittests/bash/test_helper/bats-support
									
									
									
									
									
										Submodule
									
								
							
							
								
								
								
								
								
							
						
						
									
										1
									
								
								unittests/bash/test_helper/bats-support
									
									
									
									
									
										Submodule
									
								
							 Submodule unittests/bash/test_helper/bats-support added at 0954abb992
									
								
							
							
								
								
									
										7
									
								
								unittests/bash/test_helper/common-setup.bash
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								unittests/bash/test_helper/common-setup.bash
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | |||||||
|  | #!/usr/bin/env bash | ||||||
|  |  | ||||||
|  | function common_setup() { | ||||||
|  |   load "$TEST_ROOT/test_helper/bats-support/load" | ||||||
|  |   load "$TEST_ROOT/test_helper/bats-assert/load" | ||||||
|  |   load "$TEST_ROOT/test_helper/bats-mock/stub" | ||||||
|  | } | ||||||
| @@ -0,0 +1,204 @@ | |||||||
|  | #!/usr/bin/env bats | ||||||
|  |  | ||||||
|  | function setup() { | ||||||
|  |   PROJECT_ROOT="$(git rev-parse --show-toplevel)" | ||||||
|  |   TEST_ROOT="$PROJECT_ROOT/unittests/bash" | ||||||
|  |   load "$TEST_ROOT/test_helper/common-setup" | ||||||
|  |   common_setup | ||||||
|  |  | ||||||
|  |   export GITEA_APP_INI="$BATS_TEST_TMPDIR/app.ini" | ||||||
|  |   export TMP_EXISTING_ENVS_FILE="$BATS_TEST_TMPDIR/existing-envs" | ||||||
|  |   export ENV_TO_INI_MOUNT_POINT="$BATS_TEST_TMPDIR/env-to-ini-mounts" | ||||||
|  |  | ||||||
|  |   stub gitea \ | ||||||
|  |       "generate secret INTERNAL_TOKEN : echo 'mocked-internal-token'" \ | ||||||
|  |       "generate secret SECRET_KEY : echo 'mocked-secret-key'" \ | ||||||
|  |       "generate secret JWT_SECRET : echo 'mocked-jwt-secret'" \ | ||||||
|  |       "generate secret LFS_JWT_SECRET : echo 'mocked-lfs-jwt-secret'" | ||||||
|  | } | ||||||
|  |  | ||||||
|  | function teardown() { | ||||||
|  |   unstub gitea | ||||||
|  |   # This condition exists due to https://github.com/jasonkarns/bats-mock/pull/37 being still open | ||||||
|  |   if [ $ENV_TO_INI_EXPECTED -eq 1 ]; then | ||||||
|  |     unstub environment-to-ini | ||||||
|  |   fi | ||||||
|  | } | ||||||
|  |  | ||||||
|  | # This function exists due to https://github.com/jasonkarns/bats-mock/pull/37 being still open | ||||||
|  | function expect_environment_to_ini_call() { | ||||||
|  |   export ENV_TO_INI_EXPECTED=1 | ||||||
|  |   stub environment-to-ini \ | ||||||
|  |     "-o $GITEA_APP_INI : echo 'Stubbed environment-to-ini was called!'" | ||||||
|  | } | ||||||
|  |  | ||||||
|  | function execute_test_script() { | ||||||
|  |   currentEnvsBefore=$(env | sort) | ||||||
|  |   source $PROJECT_ROOT/scripts/init-containers/config/config_environment.sh | ||||||
|  |   local exitCode=$? | ||||||
|  |   currentEnvsAfter=$(env | sort) | ||||||
|  |  | ||||||
|  |   # diff as unified +/- output without context before/after | ||||||
|  |   diff --unified=0 <(echo "$currentEnvsBefore") <(echo "$currentEnvsAfter") | ||||||
|  |  | ||||||
|  |   exit $exitCode | ||||||
|  | } | ||||||
|  |  | ||||||
|  | function write_mounted_file() { | ||||||
|  |   # either "inlines" or "additionals" | ||||||
|  |   scope="${1}" | ||||||
|  |   file="${2}" | ||||||
|  |   content="${3}" | ||||||
|  |  | ||||||
|  |   mkdir -p "$ENV_TO_INI_MOUNT_POINT/$scope/..data/" | ||||||
|  |   echo "${content}" > "$ENV_TO_INI_MOUNT_POINT/$scope/..data/$file" | ||||||
|  |   ln -sf "$ENV_TO_INI_MOUNT_POINT/$scope/..data/$file" "$ENV_TO_INI_MOUNT_POINT/$scope/$file" | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @test "works as expected when nothing is configured" { | ||||||
|  |   expect_environment_to_ini_call | ||||||
|  |   run $PROJECT_ROOT/scripts/init-containers/config/config_environment.sh | ||||||
|  |  | ||||||
|  |   assert_success | ||||||
|  |   assert_line '...Initial secrets generated' | ||||||
|  |   assert_line 'Reloading preset envs...' | ||||||
|  |   assert_line '=== All configuration sources loaded ===' | ||||||
|  |   assert_line 'Stubbed environment-to-ini was called!' | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @test "exports initial secrets" { | ||||||
|  |   expect_environment_to_ini_call | ||||||
|  |   run execute_test_script | ||||||
|  |  | ||||||
|  |   assert_success | ||||||
|  |   assert_line '+GITEA__OAUTH2__JWT_SECRET=mocked-jwt-secret' | ||||||
|  |   assert_line '+GITEA__SECURITY__INTERNAL_TOKEN=mocked-internal-token' | ||||||
|  |   assert_line '+GITEA__SECURITY__SECRET_KEY=mocked-secret-key' | ||||||
|  |   assert_line '+GITEA__SERVER__LFS_JWT_SECRET=mocked-lfs-jwt-secret' | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @test "does NOT export initial secrets when app.ini already exists" { | ||||||
|  |   expect_environment_to_ini_call | ||||||
|  |   touch $GITEA_APP_INI | ||||||
|  |  | ||||||
|  |   run execute_test_script | ||||||
|  |  | ||||||
|  |   assert_success | ||||||
|  |   assert_line --partial 'An app.ini file already exists.' | ||||||
|  |   refute_line '+GITEA__OAUTH2__JWT_SECRET=mocked-jwt-secret' | ||||||
|  |   refute_line '+GITEA__SECURITY__INTERNAL_TOKEN=mocked-internal-token' | ||||||
|  |   refute_line '+GITEA__SECURITY__SECRET_KEY=mocked-secret-key' | ||||||
|  |   refute_line '+GITEA__SERVER__LFS_JWT_SECRET=mocked-lfs-jwt-secret' | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @test "ensures that preset environment variables take precedence over auto-generated ones" { | ||||||
|  |   expect_environment_to_ini_call | ||||||
|  |   export GITEA__OAUTH2__JWT_SECRET="pre-defined-jwt-secret" | ||||||
|  |  | ||||||
|  |   run execute_test_script | ||||||
|  |  | ||||||
|  |   assert_success | ||||||
|  |   refute_line '+GITEA__OAUTH2__JWT_SECRET=mocked-jwt-secret' | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @test "ensures that preset environment variables take precedence over mounted ones" { | ||||||
|  |   expect_environment_to_ini_call | ||||||
|  |   export GITEA__OAUTH2__JWT_SECRET="pre-defined-jwt-secret" | ||||||
|  |   write_mounted_file "inlines" "oauth2" "$(cat << EOF | ||||||
|  | JWT_SECRET=inline-jwt-secret | ||||||
|  | EOF | ||||||
|  | )" | ||||||
|  |  | ||||||
|  |   run execute_test_script | ||||||
|  |  | ||||||
|  |   assert_success | ||||||
|  |   refute_line '+GITEA__OAUTH2__JWT_SECRET=mocked-jwt-secret' | ||||||
|  |   refute_line '+GITEA__OAUTH2__JWT_SECRET=inline-jwt-secret' | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @test "ensures that additionals take precedence over inlines" { | ||||||
|  |   expect_environment_to_ini_call | ||||||
|  |   write_mounted_file "inlines" "oauth2" "$(cat << EOF | ||||||
|  | JWT_SECRET=inline-jwt-secret | ||||||
|  | EOF | ||||||
|  | )" | ||||||
|  |   write_mounted_file "additionals" "oauth2" "$(cat << EOF | ||||||
|  | JWT_SECRET=additional-jwt-secret | ||||||
|  | EOF | ||||||
|  | )" | ||||||
|  |  | ||||||
|  |   run execute_test_script | ||||||
|  |  | ||||||
|  |   assert_success | ||||||
|  |   refute_line '+GITEA__OAUTH2__JWT_SECRET=mocked-jwt-secret' | ||||||
|  |   refute_line '+GITEA__OAUTH2__JWT_SECRET=inline-jwt-secret' | ||||||
|  |   assert_line '+GITEA__OAUTH2__JWT_SECRET=additional-jwt-secret' | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @test "ensures that dotted/dashed sections are properly masked" { | ||||||
|  |   expect_environment_to_ini_call | ||||||
|  |   write_mounted_file "inlines" "repository.pull-request" "$(cat << EOF | ||||||
|  | WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP] | ||||||
|  | EOF | ||||||
|  | )" | ||||||
|  |  | ||||||
|  |   run execute_test_script | ||||||
|  |  | ||||||
|  |   assert_success | ||||||
|  |   assert_line '+GITEA__REPOSITORY_0X2E_PULL_0X2D_REQUEST__WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]' | ||||||
|  | } | ||||||
|  |  | ||||||
|  | ############################################################### | ||||||
|  | ##### THIS IS A BUG, BUT I WANT IT TO BE COVERED BY TESTS ##### | ||||||
|  | ############################################################### | ||||||
|  | @test "ensures uppercase section and setting names (🐞)" { | ||||||
|  |   expect_environment_to_ini_call | ||||||
|  |   export GITEA__oauth2__JwT_Secret="pre-defined-jwt-secret" | ||||||
|  |   write_mounted_file "inlines" "repository.pull-request" "$(cat << EOF | ||||||
|  | WORK_IN_progress_PREFIXES=WIP:,[WIP] | ||||||
|  | EOF | ||||||
|  | )" | ||||||
|  |  | ||||||
|  |   run execute_test_script | ||||||
|  |  | ||||||
|  |   assert_success | ||||||
|  |   assert_line '+GITEA__REPOSITORY_0X2E_PULL_0X2D_REQUEST__WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]' | ||||||
|  |   assert_line '+GITEA__OAUTH2__JWT_SECRET=pre-defined-jwt-secret' | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @test "treats top-level configuration as section-less" { | ||||||
|  |   expect_environment_to_ini_call | ||||||
|  |   write_mounted_file "inlines" "_generals_" "$(cat << EOF | ||||||
|  | APP_NAME=Hello top-level configuration | ||||||
|  | RUN_MODE=dev | ||||||
|  | EOF | ||||||
|  | )" | ||||||
|  |  | ||||||
|  |   run execute_test_script | ||||||
|  |  | ||||||
|  |   assert_success | ||||||
|  |   assert_line '+GITEA____APP_NAME=Hello top-level configuration' | ||||||
|  |   assert_line '+GITEA____RUN_MODE=dev' | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @test "fails on invalid setting" { | ||||||
|  |   write_mounted_file "inlines" "_generals_" "$(cat << EOF | ||||||
|  | some random invalid string | ||||||
|  | EOF | ||||||
|  | )" | ||||||
|  |  | ||||||
|  |   run execute_test_script | ||||||
|  |  | ||||||
|  |   assert_failure | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @test "treats empty setting name as invalid setting" { | ||||||
|  |   write_mounted_file "inlines" "_generals_" "$(cat << EOF | ||||||
|  | =value | ||||||
|  | EOF | ||||||
|  | )" | ||||||
|  |  | ||||||
|  |   run execute_test_script | ||||||
|  |  | ||||||
|  |   assert_failure | ||||||
|  | } | ||||||
| @@ -1,17 +0,0 @@ | |||||||
| suite: deployment template (basic) |  | ||||||
| release: |  | ||||||
|   name: gitea-unittests |  | ||||||
|   namespace: testing |  | ||||||
| templates: |  | ||||||
|   - templates/gitea/deployment.yaml |  | ||||||
|   - templates/gitea/config.yaml |  | ||||||
| tests: |  | ||||||
|   - it: renders a deployment |  | ||||||
|     template: templates/gitea/deployment.yaml |  | ||||||
|     asserts: |  | ||||||
|       - hasDocuments: |  | ||||||
|           count: 1 |  | ||||||
|       - containsDocument: |  | ||||||
|           kind: Deployment |  | ||||||
|           apiVersion: apps/v1 |  | ||||||
|           name: gitea-unittests |  | ||||||
							
								
								
									
										12
									
								
								unittests/helm/check-actions-not-present.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								unittests/helm/check-actions-not-present.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,12 @@ | |||||||
|  | suite: Check if actions raises an error | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | tests: | ||||||
|  |   - it: fails when trying to configure actions due to removal | ||||||
|  |     set: | ||||||
|  |       actions: | ||||||
|  |         enabled: true | ||||||
|  |     asserts: | ||||||
|  |       - failedTemplate: | ||||||
|  |           errorMessage: The actions sub-chart has been outsourced to a dedicated chart available at https://gitea.com/gitea/helm-actions. For assistance with the migration process, check https://gitea.com/gitea/helm-actions/issues/9. | ||||||
							
								
								
									
										24
									
								
								unittests/helm/config/actions-config.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								unittests/helm/config/actions-config.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,24 @@ | |||||||
|  | suite: config template | actions config | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/config.yaml | ||||||
|  | tests: | ||||||
|  |   - it: "actions are enabled by default (based on vanilla Gitea behavior)" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         notExists: | ||||||
|  |           path: stringData.actions | ||||||
|  |  | ||||||
|  |   - it: "actions can be disabled via inline config" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       gitea.config.actions.ENABLED: false | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.actions | ||||||
|  |           value: |- | ||||||
|  |             ENABLED=false | ||||||
							
								
								
									
										66
									
								
								unittests/helm/config/cache-config.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										66
									
								
								unittests/helm/config/cache-config.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,66 @@ | |||||||
|  | suite: config template | cache config | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | tests: | ||||||
|  |   - it: "cache is configured correctly for valkey-cluster" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       valkey-cluster: | ||||||
|  |         enabled: true | ||||||
|  |       valkey: | ||||||
|  |         enabled: false | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.cache | ||||||
|  |           value: |- | ||||||
|  |             ADAPTER=redis | ||||||
|  |             HOST=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||||
|  |  | ||||||
|  |   - it: "cache is configured correctly for valkey" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       valkey-cluster: | ||||||
|  |         enabled: false | ||||||
|  |       valkey: | ||||||
|  |         enabled: true | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.cache | ||||||
|  |           value: |- | ||||||
|  |             ADAPTER=redis | ||||||
|  |             HOST=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||||
|  |  | ||||||
|  |   - it: "cache is configured correctly for 'memory' when valkey (or valkey-cluster) is disabled" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       valkey-cluster: | ||||||
|  |         enabled: false | ||||||
|  |       valkey: | ||||||
|  |         enabled: false | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.cache | ||||||
|  |           value: |- | ||||||
|  |             ADAPTER=memory | ||||||
|  |             HOST= | ||||||
|  |  | ||||||
|  |   - it: "cache can be customized when valkey (or valkey-cluster) is disabled" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       valkey-cluster: | ||||||
|  |         enabled: false | ||||||
|  |       valkey: | ||||||
|  |         enabled: false | ||||||
|  |       gitea.config.cache.ADAPTER: custom-adapter | ||||||
|  |       gitea.config.cache.HOST: custom-host | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.cache | ||||||
|  |           value: |- | ||||||
|  |             ADAPTER=custom-adapter | ||||||
|  |             HOST=custom-host | ||||||
							
								
								
									
										58
									
								
								unittests/helm/config/metrics-section_metrics-token.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										58
									
								
								unittests/helm/config/metrics-section_metrics-token.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,58 @@ | |||||||
|  | suite: config template | metrics section (metrics token) | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | tests: | ||||||
|  |   - it: metrics token is set | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       gitea: | ||||||
|  |         metrics: | ||||||
|  |           enabled: true | ||||||
|  |           token: "somepassword" | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.metrics | ||||||
|  |           value: |- | ||||||
|  |             ENABLED=true | ||||||
|  |             TOKEN=somepassword | ||||||
|  |   - it: metrics token is empty | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       gitea: | ||||||
|  |         metrics: | ||||||
|  |           enabled: true | ||||||
|  |           token: "" | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.metrics | ||||||
|  |           value: |- | ||||||
|  |             ENABLED=true | ||||||
|  |   - it: metrics token is nil | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       gitea: | ||||||
|  |         metrics: | ||||||
|  |           enabled: true | ||||||
|  |           token: | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.metrics | ||||||
|  |           value: |- | ||||||
|  |             ENABLED=true | ||||||
|  |   - it: does not configures a token if metrics are disabled | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       gitea: | ||||||
|  |         metrics: | ||||||
|  |           enabled: false | ||||||
|  |           token: "somepassword" | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.metrics | ||||||
|  |           value: |- | ||||||
|  |             ENABLED=false | ||||||
							
								
								
									
										66
									
								
								unittests/helm/config/queue-config.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										66
									
								
								unittests/helm/config/queue-config.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,66 @@ | |||||||
|  | suite: config template | queue config | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | tests: | ||||||
|  |   - it: "queue is configured correctly for valkey-cluster" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       valkey-cluster: | ||||||
|  |         enabled: true | ||||||
|  |       valkey: | ||||||
|  |         enabled: false | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.queue | ||||||
|  |           value: |- | ||||||
|  |             CONN_STR=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||||
|  |             TYPE=redis | ||||||
|  |  | ||||||
|  |   - it: "queue is configured correctly for valkey" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       valkey-cluster: | ||||||
|  |         enabled: false | ||||||
|  |       valkey: | ||||||
|  |         enabled: true | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.queue | ||||||
|  |           value: |- | ||||||
|  |             CONN_STR=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||||
|  |             TYPE=redis | ||||||
|  |  | ||||||
|  |   - it: "queue is configured correctly for 'levelDB' when valkey (and valkey-cluster) is disabled" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       valkey-cluster: | ||||||
|  |         enabled: false | ||||||
|  |       valkey: | ||||||
|  |         enabled: false | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.queue | ||||||
|  |           value: |- | ||||||
|  |             CONN_STR= | ||||||
|  |             TYPE=level | ||||||
|  |  | ||||||
|  |   - it: "queue can be customized when valkey (and valkey-cluster) are disabled" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       valkey-cluster: | ||||||
|  |         enabled: false | ||||||
|  |       valkey: | ||||||
|  |         enabled: false | ||||||
|  |       gitea.config.queue.TYPE: custom-type | ||||||
|  |       gitea.config.queue.CONN_STR: custom-connection-string | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.queue | ||||||
|  |           value: |- | ||||||
|  |             CONN_STR=custom-connection-string | ||||||
|  |             TYPE=custom-type | ||||||
							
								
								
									
										67
									
								
								unittests/helm/config/server-section_domain.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										67
									
								
								unittests/helm/config/server-section_domain.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,67 @@ | |||||||
|  | suite: config template | server section (domain related) | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | tests: | ||||||
|  |   - it: "[default values] uses ingress host for DOMAIN|SSH_DOMAIN|ROOT_URL" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.server | ||||||
|  |           pattern: \nDOMAIN=git.example.com | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.server | ||||||
|  |           pattern: \nSSH_DOMAIN=git.example.com | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.server | ||||||
|  |           pattern: \nROOT_URL=http://git.example.com | ||||||
|  |  | ||||||
|  |   ################################################ | ||||||
|  |  | ||||||
|  |   - it: "[no ingress hosts] uses gitea http service for DOMAIN|SSH_DOMAIN|ROOT_URL" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       ingress: | ||||||
|  |         hosts: [] | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.server | ||||||
|  |           pattern: \nDOMAIN=gitea-unittests-http.testing.svc.cluster.local | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.server | ||||||
|  |           pattern: \nSSH_DOMAIN=gitea-unittests-http.testing.svc.cluster.local | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.server | ||||||
|  |           pattern: \nROOT_URL=http://gitea-unittests-http.testing.svc.cluster.local | ||||||
|  |  | ||||||
|  |   ################################################ | ||||||
|  |  | ||||||
|  |   - it: "[provided via values] uses that for DOMAIN|SSH_DOMAIN|ROOT_URL" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       gitea.config.server.DOMAIN: provided.example.com | ||||||
|  |       ingress: | ||||||
|  |         hosts: | ||||||
|  |           - host: non-used.example.com | ||||||
|  |             paths: | ||||||
|  |               - path: / | ||||||
|  |                 pathType: Prefix | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.server | ||||||
|  |           pattern: \nDOMAIN=provided.example.com | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.server | ||||||
|  |           pattern: \nSSH_DOMAIN=provided.example.com | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.server | ||||||
|  |           pattern: \nROOT_URL=http://provided.example.com | ||||||
							
								
								
									
										66
									
								
								unittests/helm/config/session-config.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										66
									
								
								unittests/helm/config/session-config.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,66 @@ | |||||||
|  | suite: config template | session config | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | tests: | ||||||
|  |   - it: "session is configured correctly for valkey-cluster" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       valkey-cluster: | ||||||
|  |         enabled: true | ||||||
|  |       valkey: | ||||||
|  |         enabled: false | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.session | ||||||
|  |           value: |- | ||||||
|  |             PROVIDER=redis | ||||||
|  |             PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||||
|  |  | ||||||
|  |   - it: "session is configured correctly for valkey" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       valkey-cluster: | ||||||
|  |         enabled: false | ||||||
|  |       valkey: | ||||||
|  |         enabled: true | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.session | ||||||
|  |           value: |- | ||||||
|  |             PROVIDER=redis | ||||||
|  |             PROVIDER_CONFIG=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& | ||||||
|  |  | ||||||
|  |   - it: "session is configured correctly for 'memory' when valkey (and valkey-cluster) is disabled" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       valkey-cluster: | ||||||
|  |         enabled: false | ||||||
|  |       valkey: | ||||||
|  |         enabled: false | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.session | ||||||
|  |           value: |- | ||||||
|  |             PROVIDER=memory | ||||||
|  |             PROVIDER_CONFIG= | ||||||
|  |  | ||||||
|  |   - it: "session can be customized when valkey (and valkey-cluster) is disabled" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     set: | ||||||
|  |       valkey-cluster: | ||||||
|  |         enabled: false | ||||||
|  |       valkey: | ||||||
|  |         enabled: false | ||||||
|  |       gitea.config.session.PROVIDER: custom-provider | ||||||
|  |       gitea.config.session.PROVIDER_CONFIG: custom-provider-config | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: stringData.session | ||||||
|  |           value: |- | ||||||
|  |             PROVIDER=custom-provider | ||||||
|  |             PROVIDER_CONFIG=custom-provider-config | ||||||
| @@ -0,0 +1,129 @@ | |||||||
|  | suite: Dependency checks | Customization integrity | postgresql-ha | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | set: | ||||||
|  |   postgresql: | ||||||
|  |     enabled: false | ||||||
|  |   postgresql-ha: | ||||||
|  |     enabled: true | ||||||
|  |     global: | ||||||
|  |       postgresql: | ||||||
|  |         database: gitea-database | ||||||
|  |         password: gitea-password | ||||||
|  |         username: gitea-username | ||||||
|  |     postgresql: | ||||||
|  |       repmgrPassword: custom-password-repmgr | ||||||
|  |       postgresPassword: custom-password-postgres | ||||||
|  |       password: custom-password-overwritten-by-global-postgresql-password | ||||||
|  |     pgpool: | ||||||
|  |       adminPassword: custom-password-pgpool | ||||||
|  |       srCheckPassword: custom-password-sr-check | ||||||
|  |     service: | ||||||
|  |       ports: | ||||||
|  |         postgresql: 1234 | ||||||
|  |     persistence: | ||||||
|  |       size: 1337Mi | ||||||
|  | tests: | ||||||
|  |   - it: "[postgresql-ha] DB settings are applied as expected" | ||||||
|  |     template: charts/postgresql-ha/templates/postgresql/statefulset.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         contains: | ||||||
|  |           path: spec.template.spec.containers[0].env | ||||||
|  |           content: | ||||||
|  |             name: POSTGRES_DB | ||||||
|  |             value: "gitea-database" | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         contains: | ||||||
|  |           path: spec.template.spec.containers[0].env | ||||||
|  |           content: | ||||||
|  |             name: POSTGRES_USER | ||||||
|  |             value: "gitea-username" | ||||||
|  |   - it: "[postgresql-ha] DB passwords are applied as expected" | ||||||
|  |     template: charts/postgresql-ha/templates/postgresql/secrets.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: data["repmgr-password"] | ||||||
|  |           value: "Y3VzdG9tLXBhc3N3b3JkLXJlcG1ncg==" | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: data["postgres-password"] | ||||||
|  |           value: "Y3VzdG9tLXBhc3N3b3JkLXBvc3RncmVz" | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: data["password"] | ||||||
|  |           value: "Z2l0ZWEtcGFzc3dvcmQ=" # postgresql-ha.postgresql.password is overwritten by postgresql-ha.global.postgresql.password and should not be referenced here | ||||||
|  |   - it: "[postgresql-ha] pgpool.adminPassword is applied as expected" | ||||||
|  |     template: charts/postgresql-ha/templates/pgpool/secrets.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: data["admin-password"] | ||||||
|  |           value: "Y3VzdG9tLXBhc3N3b3JkLXBncG9vbA==" | ||||||
|  |   - it: "[postgresql-ha] pgpool.adminPassword is applied as expected" | ||||||
|  |     template: charts/postgresql-ha/templates/pgpool/secrets.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: data["admin-password"] | ||||||
|  |           value: "Y3VzdG9tLXBhc3N3b3JkLXBncG9vbA==" | ||||||
|  |   - it: "[postgresql-ha] pgpool.adminPassword is applied as expected" | ||||||
|  |     template: charts/postgresql-ha/templates/pgpool/secrets.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: data["admin-password"] | ||||||
|  |           value: "Y3VzdG9tLXBhc3N3b3JkLXBncG9vbA==" | ||||||
|  |   - it: "[postgresql-ha] pgpool.srCheckPassword is applied as expected" | ||||||
|  |     template: charts/postgresql-ha/templates/pgpool/secrets.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: data["sr-check-password"] | ||||||
|  |           value: "Y3VzdG9tLXBhc3N3b3JkLXNyLWNoZWNr" | ||||||
|  |   - it: "[postgresql-ha] persistence.size is applied as expected" | ||||||
|  |     template: charts/postgresql-ha/templates/postgresql/statefulset.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: spec.volumeClaimTemplates[0].spec.resources.requests.storage | ||||||
|  |           value: "1337Mi" | ||||||
|  |   - it: "[postgresql-ha] service.ports.postgresql is applied as expected" | ||||||
|  |     template: charts/postgresql-ha/templates/pgpool/service.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: spec.ports[0].port | ||||||
|  |           value: 1234 | ||||||
|  |   - it: "[postgresql-ha] renders the referenced service" | ||||||
|  |     template: charts/postgresql-ha/templates/pgpool/service.yaml | ||||||
|  |     asserts: | ||||||
|  |       - containsDocument: | ||||||
|  |           kind: Service | ||||||
|  |           apiVersion: v1 | ||||||
|  |           name: gitea-unittests-postgresql-ha-pgpool | ||||||
|  |           namespace: testing | ||||||
|  |   - it: "[gitea] connects to pgpool service" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.database | ||||||
|  |           pattern: HOST=gitea-unittests-postgresql-ha-pgpool.testing.svc.cluster.local:1234 | ||||||
|  |   - it: "[gitea] connects to configured database" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.database | ||||||
|  |           pattern: NAME=gitea-database | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.database | ||||||
|  |           pattern: USER=gitea-username | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.database | ||||||
|  |           pattern: PASSWD=gitea-password | ||||||
| @@ -0,0 +1,88 @@ | |||||||
|  | suite: Dependency checks | Customization integrity | postgresql | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | set: | ||||||
|  |   postgresql-ha: | ||||||
|  |     enabled: false | ||||||
|  |   postgresql: | ||||||
|  |     enabled: true | ||||||
|  |     global: | ||||||
|  |       postgresql: | ||||||
|  |         auth: | ||||||
|  |           password: gitea-password | ||||||
|  |           database: gitea-database | ||||||
|  |           username: gitea-username | ||||||
|  |         service: | ||||||
|  |           ports: | ||||||
|  |             postgresql: 1234 | ||||||
|  |     primary: | ||||||
|  |       persistence: | ||||||
|  |         size: 1337Mi | ||||||
|  | tests: | ||||||
|  |   - it: "[postgresql] DB settings are applied as expected" | ||||||
|  |     template: charts/postgresql/templates/primary/statefulset.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         contains: | ||||||
|  |           path: spec.template.spec.containers[0].env | ||||||
|  |           content: | ||||||
|  |             name: POSTGRES_DATABASE | ||||||
|  |             value: "gitea-database" | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         contains: | ||||||
|  |           path: spec.template.spec.containers[0].env | ||||||
|  |           content: | ||||||
|  |             name: POSTGRES_USER | ||||||
|  |             value: "gitea-username" | ||||||
|  |   - it: "[postgresql] DB password is applied as expected" | ||||||
|  |     template: charts/postgresql/templates/secrets.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: data["password"] | ||||||
|  |           value: "Z2l0ZWEtcGFzc3dvcmQ=" | ||||||
|  |   - it: "[postgresql] primary.persistence.size is applied as expected" | ||||||
|  |     template: charts/postgresql/templates/primary/statefulset.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: spec.volumeClaimTemplates[0].spec.resources.requests.storage | ||||||
|  |           value: "1337Mi" | ||||||
|  |   - it: "[postgresql] global.postgresql.service.ports.postgresql is applied as expected" | ||||||
|  |     template: charts/postgresql/templates/primary/svc.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: spec.ports[0].port | ||||||
|  |           value: 1234 | ||||||
|  |   - it: "[postgresql] renders the referenced service" | ||||||
|  |     template: charts/postgresql/templates/primary/svc.yaml | ||||||
|  |     asserts: | ||||||
|  |       - containsDocument: | ||||||
|  |           kind: Service | ||||||
|  |           apiVersion: v1 | ||||||
|  |           name: gitea-unittests-postgresql | ||||||
|  |           namespace: testing | ||||||
|  |   - it: "[gitea] connects to postgresql service" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.database | ||||||
|  |           pattern: HOST=gitea-unittests-postgresql.testing.svc.cluster.local:1234 | ||||||
|  |   - it: "[gitea] connects to configured database" | ||||||
|  |     template: templates/gitea/config.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.database | ||||||
|  |           pattern: NAME=gitea-database | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.database | ||||||
|  |           pattern: USER=gitea-username | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.database | ||||||
|  |           pattern: PASSWD=gitea-password | ||||||
| @@ -0,0 +1,90 @@ | |||||||
|  | suite: Dependency checks | Customization integrity | valkey-cluster | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | set: | ||||||
|  |   valkey: | ||||||
|  |     enabled: false | ||||||
|  |   valkey-cluster: | ||||||
|  |     enabled: true | ||||||
|  |     usePassword: false | ||||||
|  |     cluster: | ||||||
|  |       nodes: 5 | ||||||
|  |       replicas: 2 | ||||||
|  | tests: | ||||||
|  |   - it: "[valkey-cluster] configures correct nodes/replicas" | ||||||
|  |     template: charts/valkey-cluster/templates/valkey-statefulset.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: spec.replicas | ||||||
|  |           value: 5 | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: spec.template.spec.containers[0].args[0] | ||||||
|  |           pattern: VALKEY_CLUSTER_REPLICAS="2" | ||||||
|  |   - it: "[valkey-cluster] support auth-less connections" | ||||||
|  |     asserts: | ||||||
|  |       - template: charts/valkey-cluster/templates/secret.yaml | ||||||
|  |         hasDocuments: | ||||||
|  |           count: 0 | ||||||
|  |       - template: charts/valkey-cluster/templates/valkey-statefulset.yaml | ||||||
|  |         documentIndex: 0 | ||||||
|  |         contains: | ||||||
|  |           path: spec.template.spec.containers[0].env | ||||||
|  |           content: | ||||||
|  |             name: ALLOW_EMPTY_PASSWORD | ||||||
|  |             value: "yes" | ||||||
|  |   - it: "[valkey-cluster] support auth-full connections" | ||||||
|  |     set: | ||||||
|  |       valkey-cluster: | ||||||
|  |         usePassword: true | ||||||
|  |     asserts: | ||||||
|  |       - template: charts/valkey-cluster/templates/secret.yaml | ||||||
|  |         containsDocument: | ||||||
|  |           kind: Secret | ||||||
|  |           apiVersion: v1 | ||||||
|  |           name: gitea-unittests-valkey-cluster | ||||||
|  |           namespace: testing | ||||||
|  |       - template: charts/valkey-cluster/templates/valkey-statefulset.yaml | ||||||
|  |         documentIndex: 0 | ||||||
|  |         contains: | ||||||
|  |           path: spec.template.spec.containers[0].env | ||||||
|  |           content: | ||||||
|  |             name: REDISCLI_AUTH | ||||||
|  |             valueFrom: | ||||||
|  |               secretKeyRef: | ||||||
|  |                 name: gitea-unittests-valkey-cluster | ||||||
|  |                 key: valkey-password | ||||||
|  |       - template: charts/valkey-cluster/templates/valkey-statefulset.yaml | ||||||
|  |         documentIndex: 0 | ||||||
|  |         contains: | ||||||
|  |           path: spec.template.spec.containers[0].env | ||||||
|  |           content: | ||||||
|  |             name: REDISCLI_AUTH | ||||||
|  |             valueFrom: | ||||||
|  |               secretKeyRef: | ||||||
|  |                 name: gitea-unittests-valkey-cluster | ||||||
|  |                 key: valkey-password | ||||||
|  |   - it: "[valkey-cluster] renders the referenced service" | ||||||
|  |     template: charts/valkey-cluster/templates/headless-svc.yaml | ||||||
|  |     asserts: | ||||||
|  |       - containsDocument: | ||||||
|  |           kind: Service | ||||||
|  |           apiVersion: v1 | ||||||
|  |           name: gitea-unittests-valkey-cluster-headless | ||||||
|  |           namespace: testing | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         contains: | ||||||
|  |           path: spec.ports | ||||||
|  |           content: | ||||||
|  |             name: tcp-redis | ||||||
|  |             port: 6379 | ||||||
|  |             targetPort: tcp-redis | ||||||
|  |   - it: "[gitea] waits for valkey-cluster to be up and running" | ||||||
|  |     template: templates/gitea/init.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData["configure_gitea.sh"] | ||||||
|  |           pattern: nc -vz -w2 gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local 6379 | ||||||
| @@ -0,0 +1,52 @@ | |||||||
|  | suite: Dependency checks | Customization integrity | valkey | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | set: | ||||||
|  |   valkey-cluster: | ||||||
|  |     enabled: false | ||||||
|  |   valkey: | ||||||
|  |     enabled: true | ||||||
|  |     architecture: standalone | ||||||
|  |     global: | ||||||
|  |       valkey: | ||||||
|  |         password: gitea-password | ||||||
|  |     master: | ||||||
|  |       count: 2 | ||||||
|  | tests: | ||||||
|  |   - it: "[valkey] configures correct 'master' nodes" | ||||||
|  |     template: charts/valkey/templates/primary/application.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: spec.replicas | ||||||
|  |           value: 1 | ||||||
|  |   - it: "[valkey] valkey.global.valkey.password is applied as expected" | ||||||
|  |     template: charts/valkey/templates/secret.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         equal: | ||||||
|  |           path: data["valkey-password"] | ||||||
|  |           value: "Z2l0ZWEtcGFzc3dvcmQ=" | ||||||
|  |   - it: "[valkey] renders the referenced service" | ||||||
|  |     template: charts/valkey/templates/headless-svc.yaml | ||||||
|  |     asserts: | ||||||
|  |       - containsDocument: | ||||||
|  |           kind: Service | ||||||
|  |           apiVersion: v1 | ||||||
|  |           name: gitea-unittests-valkey-headless | ||||||
|  |           namespace: testing | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         contains: | ||||||
|  |           path: spec.ports | ||||||
|  |           content: | ||||||
|  |             name: tcp-redis | ||||||
|  |             port: 6379 | ||||||
|  |             targetPort: redis | ||||||
|  |   - it: "[gitea] waits for valkey to be up and running" | ||||||
|  |     template: templates/gitea/init.yaml | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData["configure_gitea.sh"] | ||||||
|  |           pattern: nc -vz -w2 gitea-unittests-valkey-headless.testing.svc.cluster.local 6379 | ||||||
							
								
								
									
										57
									
								
								unittests/helm/dependency-checks/major-image-bump.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										57
									
								
								unittests/helm/dependency-checks/major-image-bump.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,57 @@ | |||||||
|  | suite: Dependency checks | Major image bumps | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | tests: | ||||||
|  |   - it: "[postgresql-ha] ensures we detect major image version upgrades" | ||||||
|  |     template: charts/postgresql-ha/templates/postgresql/statefulset.yaml | ||||||
|  |     set: | ||||||
|  |       postgresql: | ||||||
|  |         enabled: false | ||||||
|  |       postgresql-ha: | ||||||
|  |         enabled: true | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: spec.template.spec.containers[0].image | ||||||
|  |           # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST | ||||||
|  |           pattern: bitnamilegacy/postgresql-repmgr:17.+$ | ||||||
|  |   - it: "[postgresql] ensures we detect major image version upgrades" | ||||||
|  |     template: charts/postgresql/templates/primary/statefulset.yaml | ||||||
|  |     set: | ||||||
|  |       postgresql: | ||||||
|  |         enabled: true | ||||||
|  |       postgresql-ha: | ||||||
|  |         enabled: false | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: spec.template.spec.containers[0].image | ||||||
|  |           # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST | ||||||
|  |           pattern: bitnamilegacy/postgresql:17.+$ | ||||||
|  |   - it: "[valkey-cluster] ensures we detect major image version upgrades" | ||||||
|  |     template: charts/valkey-cluster/templates/valkey-statefulset.yaml | ||||||
|  |     set: | ||||||
|  |       valkey-cluster: | ||||||
|  |         enabled: true | ||||||
|  |       valkey: | ||||||
|  |         enabled: false | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: spec.template.spec.containers[0].image | ||||||
|  |           # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST | ||||||
|  |           pattern: bitnamilegacy/valkey-cluster:8.+$ | ||||||
|  |   - it: "[valkey] ensures we detect major image version upgrades" | ||||||
|  |     template: charts/valkey/templates/primary/application.yaml | ||||||
|  |     set: | ||||||
|  |       valkey-cluster: | ||||||
|  |         enabled: false | ||||||
|  |       valkey: | ||||||
|  |         enabled: true | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: spec.template.spec.containers[0].image | ||||||
|  |           # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST | ||||||
|  |           pattern: bitnamilegacy/valkey:8.+$ | ||||||
							
								
								
									
										59
									
								
								unittests/helm/deployment/HA.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										59
									
								
								unittests/helm/deployment/HA.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,59 @@ | |||||||
|  | suite: deployment template (HA) | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/deployment.yaml | ||||||
|  |   - templates/gitea/config.yaml | ||||||
|  | tests: | ||||||
|  |   - it: fails with multiple replicas and "GIT_GC_REPOS" enabled | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       replicaCount: 2 | ||||||
|  |       persistence: | ||||||
|  |         accessModes: | ||||||
|  |           - ReadWriteMany | ||||||
|  |       gitea: | ||||||
|  |         config: | ||||||
|  |           cron: | ||||||
|  |             GIT_GC_REPOS: | ||||||
|  |               ENABLED: true | ||||||
|  |     asserts: | ||||||
|  |       - failedTemplate: | ||||||
|  |           errorMessage: "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'gitea.config.cron.GIT_GC_REPOS.enabled = false'." | ||||||
|  |   - it: fails with multiple replicas and RWX file system not set | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       replicaCount: 2 | ||||||
|  |     asserts: | ||||||
|  |       - failedTemplate: | ||||||
|  |           errorMessage: "When using multiple replicas, a RWX file system is required and persistence.accessModes[0] must be set to ReadWriteMany." | ||||||
|  |   - it: fails with multiple replicas and bleve issue indexer | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       replicaCount: 2 | ||||||
|  |       persistence: | ||||||
|  |         accessModes: | ||||||
|  |           - ReadWriteMany | ||||||
|  |       gitea: | ||||||
|  |         config: | ||||||
|  |           indexer: | ||||||
|  |             ISSUE_INDEXER_TYPE: bleve | ||||||
|  |     asserts: | ||||||
|  |       - failedTemplate: | ||||||
|  |           errorMessage: "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." | ||||||
|  |   - it: fails with multiple replicas and bleve repo indexer | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       replicaCount: 2 | ||||||
|  |       persistence: | ||||||
|  |         accessModes: | ||||||
|  |           - ReadWriteMany | ||||||
|  |       gitea: | ||||||
|  |         config: | ||||||
|  |           indexer: | ||||||
|  |             REPO_INDEXER_TYPE: bleve | ||||||
|  |             REPO_INDEXER_ENABLED: true | ||||||
|  |     asserts: | ||||||
|  |       - failedTemplate: | ||||||
|  |           errorMessage: "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." | ||||||
							
								
								
									
										95
									
								
								unittests/helm/deployment/basic.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										95
									
								
								unittests/helm/deployment/basic.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,95 @@ | |||||||
|  | suite: deployment template (basic) | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/deployment.yaml | ||||||
|  |   - templates/gitea/config.yaml | ||||||
|  | tests: | ||||||
|  |   - it: renders a deployment | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - containsDocument: | ||||||
|  |           kind: Deployment | ||||||
|  |           apiVersion: apps/v1 | ||||||
|  |           name: gitea-unittests | ||||||
|  |   - it: deployment labels are set | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       deployment.labels: | ||||||
|  |         hello: world | ||||||
|  |     asserts: | ||||||
|  |       - isSubset: | ||||||
|  |           path: metadata.labels | ||||||
|  |           content: | ||||||
|  |             hello: world | ||||||
|  |       - isSubset: | ||||||
|  |           path: spec.template.metadata.labels | ||||||
|  |           content: | ||||||
|  |             hello: world | ||||||
|  |   - it: "injects TMP_EXISTING_ENVS_FILE as environment variable to 'init-app-ini' init container" | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     asserts: | ||||||
|  |       - contains: | ||||||
|  |           path: spec.template.spec.initContainers[1].env | ||||||
|  |           content: | ||||||
|  |             name: TMP_EXISTING_ENVS_FILE | ||||||
|  |             value: /tmp/existing-envs | ||||||
|  |   - it: "injects ENV_TO_INI_MOUNT_POINT as environment variable to 'init-app-ini' init container" | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     asserts: | ||||||
|  |       - contains: | ||||||
|  |           path: spec.template.spec.initContainers[1].env | ||||||
|  |           content: | ||||||
|  |             name: ENV_TO_INI_MOUNT_POINT | ||||||
|  |             value: /env-to-ini-mounts | ||||||
|  |   - it: CPU resources are defined as well as GOMAXPROCS | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       resources: | ||||||
|  |         limits: | ||||||
|  |           cpu: 200ms | ||||||
|  |           memory: 200Mi | ||||||
|  |         requests: | ||||||
|  |           cpu: 100ms | ||||||
|  |           memory: 100Mi | ||||||
|  |     asserts: | ||||||
|  |       - contains: | ||||||
|  |           path: spec.template.spec.containers[0].env | ||||||
|  |           content: | ||||||
|  |             name: GOMAXPROCS | ||||||
|  |             valueFrom: | ||||||
|  |               resourceFieldRef: | ||||||
|  |                 divisor: "1" | ||||||
|  |                 resource: limits.cpu | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.containers[0].resources | ||||||
|  |           value: | ||||||
|  |             limits: | ||||||
|  |               cpu: 200ms | ||||||
|  |               memory: 200Mi | ||||||
|  |             requests: | ||||||
|  |               cpu: 100ms | ||||||
|  |               memory: 100Mi | ||||||
|  |   - it: Init containers have correct volumeMount path | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       initContainersScriptsVolumeMountPath: "/custom/init/path" | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="init")].mountPath | ||||||
|  |           value: "/custom/init/path" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="config")].mountPath | ||||||
|  |           value: "/custom/init/path" | ||||||
|  |   - it: Init containers have correct volumeMount path if there is no override | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="init")].mountPath | ||||||
|  |           value: "/usr/sbinx" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="config")].mountPath | ||||||
|  |           value: "/usr/sbinx" | ||||||
							
								
								
									
										150
									
								
								unittests/helm/deployment/deployment-additional-config.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										150
									
								
								unittests/helm/deployment/deployment-additional-config.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,150 @@ | |||||||
|  | suite: deployment template | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/deployment.yaml | ||||||
|  |   - templates/gitea/config.yaml | ||||||
|  | tests: | ||||||
|  |   - it: Renders a deployment | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - containsDocument: | ||||||
|  |           kind: Deployment | ||||||
|  |           apiVersion: apps/v1 | ||||||
|  |           name: gitea-unittests | ||||||
|  |   - it: Deployment with empty additionalConfigFromEnvs | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       gitea.additionalConfigFromEnvs: [] | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - exists: | ||||||
|  |           path: spec.template.spec.initContainers[1].env | ||||||
|  |       - lengthEqual: | ||||||
|  |           path: spec.template.spec.initContainers[1].env | ||||||
|  |           count: 6 | ||||||
|  |       - isSubset: | ||||||
|  |           path: spec.template.spec.initContainers[1] | ||||||
|  |           content: | ||||||
|  |             env: | ||||||
|  |               - name: GITEA_APP_INI | ||||||
|  |                 value: /data/gitea/conf/app.ini | ||||||
|  |               - name: GITEA_CUSTOM | ||||||
|  |                 value: /data/gitea | ||||||
|  |               - name: GITEA_WORK_DIR | ||||||
|  |                 value: /data | ||||||
|  |               - name: GITEA_TEMP | ||||||
|  |                 value: /tmp/gitea | ||||||
|  |               - name: TMP_EXISTING_ENVS_FILE | ||||||
|  |                 value: /tmp/existing-envs | ||||||
|  |               - name: ENV_TO_INI_MOUNT_POINT | ||||||
|  |                 value: /env-to-ini-mounts | ||||||
|  |   - it: Deployment with standard additionalConfigFromEnvs | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       gitea.additionalConfigFromEnvs: [{name: GITEA_database_HOST, value: my-db:123}, {name: GITEA_database_USER, value: my-user}] | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - exists: | ||||||
|  |           path: spec.template.spec.initContainers[1].env | ||||||
|  |       - lengthEqual: | ||||||
|  |           path: spec.template.spec.initContainers[1].env | ||||||
|  |           count: 8 | ||||||
|  |       - isSubset: | ||||||
|  |           path: spec.template.spec.initContainers[1] | ||||||
|  |           content: | ||||||
|  |             env: | ||||||
|  |               - name: GITEA_APP_INI | ||||||
|  |                 value: /data/gitea/conf/app.ini | ||||||
|  |               - name: GITEA_CUSTOM | ||||||
|  |                 value: /data/gitea | ||||||
|  |               - name: GITEA_WORK_DIR | ||||||
|  |                 value: /data | ||||||
|  |               - name: GITEA_TEMP | ||||||
|  |                 value: /tmp/gitea | ||||||
|  |               - name: TMP_EXISTING_ENVS_FILE | ||||||
|  |                 value: /tmp/existing-envs | ||||||
|  |               - name: ENV_TO_INI_MOUNT_POINT | ||||||
|  |                 value: /env-to-ini-mounts | ||||||
|  |               - name: GITEA_database_HOST | ||||||
|  |                 value: my-db:123 | ||||||
|  |               - name: GITEA_database_USER | ||||||
|  |                 value: my-user | ||||||
|  |   - it: Deployment with templated additionalConfigFromEnvs | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       gitea.misc.host: my-db-host:321 | ||||||
|  |       gitea.misc.user: my-db-user | ||||||
|  |       gitea.additionalConfigFromEnvs: [{name: GITEA_database_HOST, value: "{{ .Values.gitea.misc.host }}"}, {name: GITEA_database_USER, value: "{{ .Values.gitea.misc.user }}"}] | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - exists: | ||||||
|  |           path: spec.template.spec.initContainers[1].env | ||||||
|  |       - lengthEqual: | ||||||
|  |           path: spec.template.spec.initContainers[1].env | ||||||
|  |           count: 8 | ||||||
|  |       - isSubset: | ||||||
|  |           path: spec.template.spec.initContainers[1] | ||||||
|  |           content: | ||||||
|  |             env: | ||||||
|  |               - name: GITEA_APP_INI | ||||||
|  |                 value: /data/gitea/conf/app.ini | ||||||
|  |               - name: GITEA_CUSTOM | ||||||
|  |                 value: /data/gitea | ||||||
|  |               - name: GITEA_WORK_DIR | ||||||
|  |                 value: /data | ||||||
|  |               - name: GITEA_TEMP | ||||||
|  |                 value: /tmp/gitea | ||||||
|  |               - name: TMP_EXISTING_ENVS_FILE | ||||||
|  |                 value: /tmp/existing-envs | ||||||
|  |               - name: ENV_TO_INI_MOUNT_POINT | ||||||
|  |                 value: /env-to-ini-mounts | ||||||
|  |               - name: GITEA_database_HOST | ||||||
|  |                 value: my-db-host:321 | ||||||
|  |               - name: GITEA_database_USER | ||||||
|  |                 value: my-db-user | ||||||
|  |   - it: Deployment with additionalConfigFromEnvs templated secret name | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       gitea.misc.existingSecret: my-db-secret | ||||||
|  |       gitea.additionalConfigFromEnvs[0]: | ||||||
|  |         name: GITEA_database_HOST | ||||||
|  |         valueFrom: | ||||||
|  |           secretKeyRef: | ||||||
|  |             name: "{{ .Values.gitea.misc.existingSecret }}" | ||||||
|  |             key: password | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - exists: | ||||||
|  |           path: spec.template.spec.initContainers[1].env | ||||||
|  |       - lengthEqual: | ||||||
|  |           path: spec.template.spec.initContainers[1].env | ||||||
|  |           count: 7 | ||||||
|  |       - isSubset: | ||||||
|  |           path: spec.template.spec.initContainers[1] | ||||||
|  |           content: | ||||||
|  |             env: | ||||||
|  |               - name: GITEA_APP_INI | ||||||
|  |                 value: /data/gitea/conf/app.ini | ||||||
|  |               - name: GITEA_CUSTOM | ||||||
|  |                 value: /data/gitea | ||||||
|  |               - name: GITEA_WORK_DIR | ||||||
|  |                 value: /data | ||||||
|  |               - name: GITEA_TEMP | ||||||
|  |                 value: /tmp/gitea | ||||||
|  |               - name: TMP_EXISTING_ENVS_FILE | ||||||
|  |                 value: /tmp/existing-envs | ||||||
|  |               - name: ENV_TO_INI_MOUNT_POINT | ||||||
|  |                 value: /env-to-ini-mounts | ||||||
|  |               - name: GITEA_database_HOST | ||||||
|  |                 valueFrom: | ||||||
|  |                   secretKeyRef: | ||||||
|  |                     name: "my-db-secret" | ||||||
|  |                     key: password | ||||||
							
								
								
									
										59
									
								
								unittests/helm/deployment/extraInitContainers.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										59
									
								
								unittests/helm/deployment/extraInitContainers.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,59 @@ | |||||||
|  | suite: deployment template | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/deployment.yaml | ||||||
|  |   - templates/gitea/config.yaml | ||||||
|  | tests: | ||||||
|  |   - it: Render the deployment (default) | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |         template: templates/gitea/deployment.yaml | ||||||
|  |       - lengthEqual: | ||||||
|  |           path: spec.template.spec.initContainers | ||||||
|  |           count: 3 | ||||||
|  |         template: templates/gitea/deployment.yaml | ||||||
|  |  | ||||||
|  |   - it: Render the deployment (signing) | ||||||
|  |     set: | ||||||
|  |       signing.enabled: true | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |         template: templates/gitea/deployment.yaml | ||||||
|  |       - lengthEqual: | ||||||
|  |           path: spec.template.spec.initContainers | ||||||
|  |           count: 4 | ||||||
|  |         template: templates/gitea/deployment.yaml | ||||||
|  |  | ||||||
|  |   - it: Render the deployment (extraInitContainers) | ||||||
|  |     set: | ||||||
|  |       postExtraInitContainers: | ||||||
|  |         - name: foo | ||||||
|  |           image: docker.io/library/busybox:latest | ||||||
|  |       preExtraInitContainers: | ||||||
|  |         - name: bar | ||||||
|  |           image: docker.io/library/busybox:latest | ||||||
|  |       signing.enabled: true | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |         template: templates/gitea/deployment.yaml | ||||||
|  |       - lengthEqual: | ||||||
|  |           path: spec.template.spec.initContainers | ||||||
|  |           count: 6 | ||||||
|  |         template: templates/gitea/deployment.yaml | ||||||
|  |       - contains: | ||||||
|  |           path: spec.template.spec.initContainers | ||||||
|  |           content: | ||||||
|  |             name: foo | ||||||
|  |             image: docker.io/library/busybox:latest | ||||||
|  |         template: templates/gitea/deployment.yaml | ||||||
|  |       - contains: | ||||||
|  |           path: spec.template.spec.initContainers | ||||||
|  |           content: | ||||||
|  |             name: bar | ||||||
|  |             image: docker.io/library/busybox:latest | ||||||
|  |         template: templates/gitea/deployment.yaml | ||||||
							
								
								
									
										110
									
								
								unittests/helm/deployment/image-configuration.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										110
									
								
								unittests/helm/deployment/image-configuration.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,110 @@ | |||||||
|  | suite: deployment template (image configuration) | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | chart: | ||||||
|  |   # Override appVersion to be consistent with used digest :) | ||||||
|  |   appVersion: 1.19.3 | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/deployment.yaml | ||||||
|  |   - templates/gitea/config.yaml | ||||||
|  | tests: | ||||||
|  |   - it: default values | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.containers[0].image | ||||||
|  |           value: "docker.gitea.com/gitea:1.19.3-rootless" | ||||||
|  |   - it: tag override | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       image.tag: "1.19.4" | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.containers[0].image | ||||||
|  |           value: "docker.gitea.com/gitea:1.19.4-rootless" | ||||||
|  |   - it: root-based image | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       image.rootless: false | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.containers[0].image | ||||||
|  |           value: "docker.gitea.com/gitea:1.19.3" | ||||||
|  |   - it: scoped registry | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       image.registry: "example.com" | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.containers[0].image | ||||||
|  |           value: "example.com/gitea:1.19.3-rootless" | ||||||
|  |   - it: global registry | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       global.imageRegistry: "global.example.com" | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.containers[0].image | ||||||
|  |           value: "global.example.com/gitea:1.19.3-rootless" | ||||||
|  |   - it: digest for rootless image | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       image: | ||||||
|  |         rootless: true | ||||||
|  |         digest: sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.containers[0].image | ||||||
|  |           value: "docker.gitea.com/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" | ||||||
|  |   - it: image fullOverride (does not append rootless) | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       image: | ||||||
|  |         fullOverride: docker.gitea.com/gitea:1.19.3 | ||||||
|  |         # setting rootless, registry, repository, tag, and digest to prove that override works | ||||||
|  |         rootless: true | ||||||
|  |         registry: example.com | ||||||
|  |         repository: example/image | ||||||
|  |         tag: "1.0.0" | ||||||
|  |         digest: sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.containers[0].image | ||||||
|  |           value: "docker.gitea.com/gitea:1.19.3" | ||||||
|  |   - it: digest for root-based image | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       image: | ||||||
|  |         rootless: false | ||||||
|  |         digest: sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.containers[0].image | ||||||
|  |           value: "docker.gitea.com/gitea:1.19.3@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" | ||||||
|  |   - it: digest and global registry | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       global.imageRegistry: "global.example.com" | ||||||
|  |       image.digest: "sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.containers[0].image | ||||||
|  |           value: "global.example.com/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" | ||||||
|  |   - it: correctly renders floating tag references | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       image.tag: 1.21 # use non-quoted value on purpose. See: https://gitea.com/gitea/helm-gitea/issues/631 | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.initContainers[0].image | ||||||
|  |           value: "docker.gitea.com/gitea:1.21-rootless" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.initContainers[1].image | ||||||
|  |           value: "docker.gitea.com/gitea:1.21-rootless" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.initContainers[2].image | ||||||
|  |           value: "docker.gitea.com/gitea:1.21-rootless" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.containers[0].image | ||||||
|  |           value: "docker.gitea.com/gitea:1.21-rootless" | ||||||
							
								
								
									
										45
									
								
								unittests/helm/deployment/ingress-configuration.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										45
									
								
								unittests/helm/deployment/ingress-configuration.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,45 @@ | |||||||
|  | suite: Test ingress tpl use | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/ingress.yaml | ||||||
|  | tests: | ||||||
|  |   - it: Ingress Class using TPL | ||||||
|  |     set: | ||||||
|  |       global.ingress.className: "ingress-class" | ||||||
|  |       ingress.className: "{{ .Values.global.ingress.className }}" | ||||||
|  |       ingress.enabled: true | ||||||
|  |       ingress.hosts[0].host: "some-host" | ||||||
|  |       ingress.tls: | ||||||
|  |         - secretName: gitea-tls | ||||||
|  |           hosts: | ||||||
|  |             - "some-host" | ||||||
|  |     asserts: | ||||||
|  |       - isKind: | ||||||
|  |           of: Ingress | ||||||
|  |       - equal: | ||||||
|  |           path: spec.tls[0].hosts[0] | ||||||
|  |           value: "some-host" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].host | ||||||
|  |           value: "some-host" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.ingressClassName | ||||||
|  |           value: "ingress-class" | ||||||
|  |  | ||||||
|  |   - it: hostname using TPL | ||||||
|  |     set: | ||||||
|  |       global.giteaHostName: "gitea.example.com" | ||||||
|  |       ingress.enabled: true | ||||||
|  |       ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}" | ||||||
|  |       ingress.tls: | ||||||
|  |         - secretName: gitea-tls | ||||||
|  |           hosts: | ||||||
|  |             - "{{ .Values.global.giteaHostName }}" | ||||||
|  |     asserts: | ||||||
|  |       - isKind: | ||||||
|  |           of: Ingress | ||||||
|  |       - equal: | ||||||
|  |           path: spec.tls[0].hosts[0] | ||||||
|  |           value: "gitea.example.com" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].host | ||||||
|  |           value: "gitea.example.com" | ||||||
							
								
								
									
										33
									
								
								unittests/helm/deployment/inline-config.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										33
									
								
								unittests/helm/deployment/inline-config.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,33 @@ | |||||||
|  | suite: config template | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/config.yaml | ||||||
|  | tests: | ||||||
|  |   - it: inline config stringData.server using TPL | ||||||
|  |     set: | ||||||
|  |       global.giteaHostName: "gitea.example.com" | ||||||
|  |       ingress.enabled: true | ||||||
|  |       ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}" | ||||||
|  |       ingress.tls: | ||||||
|  |         - secretName: gitea-tls | ||||||
|  |           hosts: | ||||||
|  |             - "{{ .Values.global.giteaHostName }}" | ||||||
|  |     asserts: | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: metadata.name | ||||||
|  |           pattern: .*-inline-config$ | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.server | ||||||
|  |           pattern: DOMAIN=gitea\.example\.com | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.server | ||||||
|  |           pattern: ROOT_URL=https://gitea\.example\.com | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         matchRegex: | ||||||
|  |           path: stringData.server | ||||||
|  |           pattern: SSH_DOMAIN=gitea\.example\.com | ||||||
							
								
								
									
										188
									
								
								unittests/helm/deployment/probes.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										188
									
								
								unittests/helm/deployment/probes.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,188 @@ | |||||||
|  | suite: deployment template (probes) | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/deployment.yaml | ||||||
|  |   - templates/gitea/config.yaml | ||||||
|  | tests: | ||||||
|  |   - it: renders default liveness probe | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     asserts: | ||||||
|  |       - notExists: | ||||||
|  |           path: spec.template.spec.containers[0].livenessProbe.enabled | ||||||
|  |       - isSubset: | ||||||
|  |           path: spec.template.spec.containers[0].livenessProbe | ||||||
|  |           content: | ||||||
|  |             failureThreshold: 10 | ||||||
|  |             initialDelaySeconds: 200 | ||||||
|  |             periodSeconds: 10 | ||||||
|  |             successThreshold: 1 | ||||||
|  |             tcpSocket: | ||||||
|  |               port: http | ||||||
|  |             timeoutSeconds: 1 | ||||||
|  |   - it: renders default readiness probe | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     asserts: | ||||||
|  |       - notExists: | ||||||
|  |           path: spec.template.spec.containers[0].readinessProbe.enabled | ||||||
|  |       - isSubset: | ||||||
|  |           path: spec.template.spec.containers[0].readinessProbe | ||||||
|  |           content: | ||||||
|  |             failureThreshold: 3 | ||||||
|  |             initialDelaySeconds: 5 | ||||||
|  |             periodSeconds: 10 | ||||||
|  |             successThreshold: 1 | ||||||
|  |             tcpSocket: | ||||||
|  |               port: http | ||||||
|  |             timeoutSeconds: 1 | ||||||
|  |   - it: does not render a default startup probe | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     asserts: | ||||||
|  |       - notExists: | ||||||
|  |           path: spec.template.spec.containers[0].startupProbe | ||||||
|  |   - it: allows enabling a startup probe | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       gitea.startupProbe.enabled: true | ||||||
|  |     asserts: | ||||||
|  |       - notExists: | ||||||
|  |           path: spec.template.spec.containers[0].startupProbe.enabled | ||||||
|  |       - isSubset: | ||||||
|  |           path: spec.template.spec.containers[0].startupProbe | ||||||
|  |           content: | ||||||
|  |             failureThreshold: 10 | ||||||
|  |             initialDelaySeconds: 60 | ||||||
|  |             periodSeconds: 10 | ||||||
|  |             successThreshold: 1 | ||||||
|  |             tcpSocket: | ||||||
|  |               port: http | ||||||
|  |             timeoutSeconds: 1 | ||||||
|  |  | ||||||
|  |   - it: allows overwriting the default port of the liveness probe | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       gitea: | ||||||
|  |         livenessProbe: | ||||||
|  |           tcpSocket: | ||||||
|  |             port: my-port | ||||||
|  |     asserts: | ||||||
|  |       - isSubset: | ||||||
|  |           path: spec.template.spec.containers[0].livenessProbe | ||||||
|  |           content: | ||||||
|  |             tcpSocket: | ||||||
|  |               port: my-port | ||||||
|  |  | ||||||
|  |   - it: allows overwriting the default port of the readiness probe | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       gitea: | ||||||
|  |         readinessProbe: | ||||||
|  |           tcpSocket: | ||||||
|  |             port: my-port | ||||||
|  |     asserts: | ||||||
|  |       - isSubset: | ||||||
|  |           path: spec.template.spec.containers[0].readinessProbe | ||||||
|  |           content: | ||||||
|  |             tcpSocket: | ||||||
|  |               port: my-port | ||||||
|  |  | ||||||
|  |   - it: allows overwriting the default port of the startup probe | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       gitea: | ||||||
|  |         startupProbe: | ||||||
|  |           enabled: true | ||||||
|  |           tcpSocket: | ||||||
|  |             port: my-port | ||||||
|  |     asserts: | ||||||
|  |       - isSubset: | ||||||
|  |           path: spec.template.spec.containers[0].startupProbe | ||||||
|  |           content: | ||||||
|  |             tcpSocket: | ||||||
|  |               port: my-port | ||||||
|  |  | ||||||
|  |   - it: allows using a non-default method as liveness probe | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       gitea: | ||||||
|  |         livenessProbe: | ||||||
|  |           httpGet: | ||||||
|  |             path: /api/healthz | ||||||
|  |             port: http | ||||||
|  |           initialDelaySeconds: 13371 | ||||||
|  |           timeoutSeconds: 13372 | ||||||
|  |           periodSeconds: 13373 | ||||||
|  |           successThreshold: 13374 | ||||||
|  |           failureThreshold: 13375 | ||||||
|  |     asserts: | ||||||
|  |       - notExists: | ||||||
|  |           path: spec.template.spec.containers[0].livenessProbe.tcpSocket | ||||||
|  |       - isSubset: | ||||||
|  |           path: spec.template.spec.containers[0].livenessProbe | ||||||
|  |           content: | ||||||
|  |             failureThreshold: 13375 | ||||||
|  |             initialDelaySeconds: 13371 | ||||||
|  |             periodSeconds: 13373 | ||||||
|  |             successThreshold: 13374 | ||||||
|  |             httpGet: | ||||||
|  |               path: /api/healthz | ||||||
|  |               port: http | ||||||
|  |             timeoutSeconds: 13372 | ||||||
|  |  | ||||||
|  |   - it: allows using a non-default method as readiness probe | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       gitea: | ||||||
|  |         readinessProbe: | ||||||
|  |           httpGet: | ||||||
|  |             path: /api/healthz | ||||||
|  |             port: http | ||||||
|  |           initialDelaySeconds: 13371 | ||||||
|  |           timeoutSeconds: 13372 | ||||||
|  |           periodSeconds: 13373 | ||||||
|  |           successThreshold: 13374 | ||||||
|  |           failureThreshold: 13375 | ||||||
|  |     asserts: | ||||||
|  |       - notExists: | ||||||
|  |           path: spec.template.spec.containers[0].readinessProbe.tcpSocket | ||||||
|  |       - isSubset: | ||||||
|  |           path: spec.template.spec.containers[0].readinessProbe | ||||||
|  |           content: | ||||||
|  |             failureThreshold: 13375 | ||||||
|  |             initialDelaySeconds: 13371 | ||||||
|  |             periodSeconds: 13373 | ||||||
|  |             successThreshold: 13374 | ||||||
|  |             httpGet: | ||||||
|  |               path: /api/healthz | ||||||
|  |               port: http | ||||||
|  |             timeoutSeconds: 13372 | ||||||
|  |  | ||||||
|  |   - it: allows using a non-default method as startup probe | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       gitea: | ||||||
|  |         startupProbe: | ||||||
|  |           enabled: true | ||||||
|  |           httpGet: | ||||||
|  |             path: /api/healthz | ||||||
|  |             port: http | ||||||
|  |           initialDelaySeconds: 13371 | ||||||
|  |           timeoutSeconds: 13372 | ||||||
|  |           periodSeconds: 13373 | ||||||
|  |           successThreshold: 13374 | ||||||
|  |           failureThreshold: 13375 | ||||||
|  |     asserts: | ||||||
|  |       - notExists: | ||||||
|  |           path: spec.template.spec.containers[0].startupProbe.tcpSocket | ||||||
|  |       - isSubset: | ||||||
|  |           path: spec.template.spec.containers[0].startupProbe | ||||||
|  |           content: | ||||||
|  |             failureThreshold: 13375 | ||||||
|  |             initialDelaySeconds: 13371 | ||||||
|  |             periodSeconds: 13373 | ||||||
|  |             successThreshold: 13374 | ||||||
|  |             httpGet: | ||||||
|  |               path: /api/healthz | ||||||
|  |               port: http | ||||||
|  |             timeoutSeconds: 13372 | ||||||
							
								
								
									
										21
									
								
								unittests/helm/deployment/sidecar-container.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										21
									
								
								unittests/helm/deployment/sidecar-container.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,21 @@ | |||||||
|  | suite: sidecar container | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/deployment.yaml | ||||||
|  |   - templates/gitea/config.yaml | ||||||
|  | tests: | ||||||
|  |   - it: supports adding a sidecar container | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       extraContainers: | ||||||
|  |         - name: sidecar-bob | ||||||
|  |           image: busybox | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.containers[1].name | ||||||
|  |           value: "sidecar-bob" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.template.spec.containers[1].image | ||||||
|  |           value: "busybox" | ||||||
| @@ -18,7 +18,7 @@ tests: | |||||||
|           value: configure-gpg |           value: configure-gpg | ||||||
|       - equal: |       - equal: | ||||||
|           path: spec.template.spec.initContainers[2].command |           path: spec.template.spec.initContainers[2].command | ||||||
|           value: ["/usr/sbin/configure_gpg_environment.sh"] |           value: ["/usr/sbinx/configure_gpg_environment.sh"] | ||||||
|       - equal: |       - equal: | ||||||
|           path: spec.template.spec.initContainers[2].securityContext |           path: spec.template.spec.initContainers[2].securityContext | ||||||
|           value: |           value: | ||||||
| @@ -28,11 +28,13 @@ tests: | |||||||
|           value: |           value: | ||||||
|             - name: GNUPGHOME |             - name: GNUPGHOME | ||||||
|               value: /data/git/.gnupg |               value: /data/git/.gnupg | ||||||
|  |             - name: TMP_RAW_GPG_KEY | ||||||
|  |               value: /raw/private.asc | ||||||
|       - equal: |       - equal: | ||||||
|           path: spec.template.spec.initContainers[2].volumeMounts |           path: spec.template.spec.initContainers[2].volumeMounts | ||||||
|           value: |           value: | ||||||
|             - name: init |             - name: init | ||||||
|               mountPath: /usr/sbin |               mountPath: /usr/sbinx | ||||||
|             - name: data |             - name: data | ||||||
|               mountPath: /data |               mountPath: /data | ||||||
|             - name: gpg-private-key |             - name: gpg-private-key | ||||||
| @@ -27,6 +27,18 @@ tests: | |||||||
|           content: |           content: | ||||||
|             name: SSH_LOG_LEVEL |             name: SSH_LOG_LEVEL | ||||||
|             value: "DEBUG" |             value: "DEBUG" | ||||||
|  |   - it: supports overriding SSH log level (even when image.fullOverride set) | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       image.fullOverride: docker.gitea.com/gitea:1.19.3 | ||||||
|  |       image.rootless: false | ||||||
|  |       gitea.ssh.logLevel: "DEBUG" | ||||||
|  |     asserts: | ||||||
|  |       - contains: | ||||||
|  |           path: spec.template.spec.containers[0].env | ||||||
|  |           content: | ||||||
|  |             name: SSH_LOG_LEVEL | ||||||
|  |             value: "DEBUG" | ||||||
|   - it: skips SSH_LOG_LEVEL for rootless image |   - it: skips SSH_LOG_LEVEL for rootless image | ||||||
|     template: templates/gitea/deployment.yaml |     template: templates/gitea/deployment.yaml | ||||||
|     set: |     set: | ||||||
| @@ -38,3 +50,15 @@ tests: | |||||||
|           any: true |           any: true | ||||||
|           content: |           content: | ||||||
|             name: SSH_LOG_LEVEL |             name: SSH_LOG_LEVEL | ||||||
|  |   - it: skips SSH_LOG_LEVEL for rootless image (even when image.fullOverride set) | ||||||
|  |     template: templates/gitea/deployment.yaml | ||||||
|  |     set: | ||||||
|  |       image.fullOverride: docker.gitea.com/gitea:1.19.3 | ||||||
|  |       image.rootless: true | ||||||
|  |       gitea.ssh.logLevel: "DEBUG" # explicitly defining a non-standard level here | ||||||
|  |     asserts: | ||||||
|  |       - notContains: | ||||||
|  |           path: spec.template.spec.containers[0].env | ||||||
|  |           any: true | ||||||
|  |           content: | ||||||
|  |             name: SSH_LOG_LEVEL | ||||||
							
								
								
									
										39
									
								
								unittests/helm/deployment/storage-class-configuration.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										39
									
								
								unittests/helm/deployment/storage-class-configuration.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,39 @@ | |||||||
|  | # File: tests/gitea-storageclass-tests.yaml | ||||||
|  |  | ||||||
|  | suite: storage class configuration tests | ||||||
|  |  | ||||||
|  | release: | ||||||
|  |   name: gitea-storageclass-tests | ||||||
|  |   namespace: testing | ||||||
|  |  | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/pvc.yaml | ||||||
|  |  | ||||||
|  | tests: | ||||||
|  |   - it: should set storageClassName when persistence.storageClass is defined | ||||||
|  |     template: templates/gitea/pvc.yaml | ||||||
|  |     set: | ||||||
|  |       persistence.storageClass: "my-storage-class" | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: "spec.storageClassName" | ||||||
|  |           value: "my-storage-class" | ||||||
|  |  | ||||||
|  |   - it: should set global.storageClass when persistence.storageClass is not defined | ||||||
|  |     template: templates/gitea/pvc.yaml | ||||||
|  |     set: | ||||||
|  |       global.storageClass: "default-storage-class" | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: spec.storageClassName | ||||||
|  |           value: "default-storage-class" | ||||||
|  |  | ||||||
|  |   - it: should set storageClassName when persistence.storageClass is defined and global.storageClass is defined | ||||||
|  |     template: templates/gitea/pvc.yaml | ||||||
|  |     set: | ||||||
|  |       global.storageClass: "default-storage-class" | ||||||
|  |       persistence.storageClass: "my-storage-class" | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: spec.storageClassName | ||||||
|  |           value: "my-storage-class" | ||||||
							
								
								
									
										118
									
								
								unittests/helm/deployment/svc-configuration.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										118
									
								
								unittests/helm/deployment/svc-configuration.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,118 @@ | |||||||
|  | suite: ssh-svc / http-svc template (Services configuration) | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/ssh-svc.yaml | ||||||
|  |   - templates/gitea/http-svc.yaml | ||||||
|  | tests: | ||||||
|  |   - it: supports adding custom labels to ssh-svc | ||||||
|  |     template: templates/gitea/ssh-svc.yaml | ||||||
|  |     set: | ||||||
|  |       service: | ||||||
|  |         ssh: | ||||||
|  |           labels: | ||||||
|  |             gitea/testkey: testvalue | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: metadata.labels["gitea/testkey"] | ||||||
|  |           value: "testvalue" | ||||||
|  |  | ||||||
|  |   - it: keeps existing labels (ssh) | ||||||
|  |     template: templates/gitea/ssh-svc.yaml | ||||||
|  |     set: | ||||||
|  |       service: | ||||||
|  |         ssh: | ||||||
|  |           labels: {} | ||||||
|  |     asserts: | ||||||
|  |       - exists: | ||||||
|  |           path: metadata.labels["app"] | ||||||
|  |  | ||||||
|  |   - it: supports adding custom labels to http-svc | ||||||
|  |     template: templates/gitea/http-svc.yaml | ||||||
|  |     set: | ||||||
|  |       service: | ||||||
|  |         http: | ||||||
|  |           labels: | ||||||
|  |             gitea/testkey: testvalue | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: metadata.labels["gitea/testkey"] | ||||||
|  |           value: "testvalue" | ||||||
|  |  | ||||||
|  |   - it: keeps existing labels (http) | ||||||
|  |     template: templates/gitea/http-svc.yaml | ||||||
|  |     set: | ||||||
|  |       service: | ||||||
|  |         http: | ||||||
|  |           labels: {} | ||||||
|  |     asserts: | ||||||
|  |       - exists: | ||||||
|  |           path: metadata.labels["app"] | ||||||
|  |  | ||||||
|  |   - it: render service.ssh.loadBalancerClass if set and type is LoadBalancer | ||||||
|  |     template: templates/gitea/ssh-svc.yaml | ||||||
|  |     set: | ||||||
|  |       service: | ||||||
|  |         ssh: | ||||||
|  |           loadBalancerClass: "example.com/class" | ||||||
|  |           type: LoadBalancer | ||||||
|  |           loadBalancerIP: "1.2.3.4" | ||||||
|  |           loadBalancerSourceRanges: | ||||||
|  |             - "1.2.3.4/32" | ||||||
|  |             - "5.6.7.8/32" | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: spec.loadBalancerClass | ||||||
|  |           value: "example.com/class" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.loadBalancerIP | ||||||
|  |           value: "1.2.3.4" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.loadBalancerSourceRanges | ||||||
|  |           value: ["1.2.3.4/32", "5.6.7.8/32"] | ||||||
|  |  | ||||||
|  |   - it: does not render when loadbalancer properties are set but type is not loadBalancerClass | ||||||
|  |     template: templates/gitea/http-svc.yaml | ||||||
|  |     set: | ||||||
|  |       service: | ||||||
|  |         http: | ||||||
|  |           type: ClusterIP | ||||||
|  |           loadBalancerClass: "example.com/class" | ||||||
|  |           loadBalancerIP: "1.2.3.4" | ||||||
|  |           loadBalancerSourceRanges: | ||||||
|  |             - "1.2.3.4/32" | ||||||
|  |             - "5.6.7.8/32" | ||||||
|  |     asserts: | ||||||
|  |       - notExists: | ||||||
|  |           path: spec.loadBalancerClass | ||||||
|  |       - notExists: | ||||||
|  |           path: spec.loadBalancerIP | ||||||
|  |       - notExists: | ||||||
|  |           path: spec.loadBalancerSourceRanges | ||||||
|  |  | ||||||
|  |   - it: does not render loadBalancerClass by default even when type is LoadBalancer | ||||||
|  |     template: templates/gitea/http-svc.yaml | ||||||
|  |     set: | ||||||
|  |       service: | ||||||
|  |         http: | ||||||
|  |           type: LoadBalancer | ||||||
|  |           loadBalancerIP: "1.2.3.4" | ||||||
|  |     asserts: | ||||||
|  |       - notExists: | ||||||
|  |           path: spec.loadBalancerClass | ||||||
|  |       - equal: | ||||||
|  |           path: spec.loadBalancerIP | ||||||
|  |           value: "1.2.3.4" | ||||||
|  |  | ||||||
|  |   - it: both ssh and http services exist | ||||||
|  |     templates: | ||||||
|  |       - templates/gitea/ssh-svc.yaml | ||||||
|  |       - templates/gitea/http-svc.yaml | ||||||
|  |     asserts: | ||||||
|  |       - matchRegex: | ||||||
|  |           path: metadata.name | ||||||
|  |           pattern: "^gitea-unittests-(?:ssh|http)$" | ||||||
|  |       - matchRegex: | ||||||
|  |           path: spec.ports[0].name | ||||||
|  |           pattern: "^(?:ssh|http)$" | ||||||
| @@ -33,7 +33,7 @@ tests: | |||||||
|           kind: Secret |           kind: Secret | ||||||
|           apiVersion: v1 |           apiVersion: v1 | ||||||
|           name: gitea-unittests-gpg-key |           name: gitea-unittests-gpg-key | ||||||
|       - isNotEmpty: |       - isNotNullOrEmpty: | ||||||
|           path: metadata.labels |           path: metadata.labels | ||||||
|       - equal: |       - equal: | ||||||
|           path: data.privateKey |           path: data.privateKey | ||||||
							
								
								
									
										93
									
								
								unittests/helm/ingress/basic.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										93
									
								
								unittests/helm/ingress/basic.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,93 @@ | |||||||
|  | suite: Test ingress.yaml | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/ingress.yaml | ||||||
|  | tests: | ||||||
|  |   - it: should enable ingress when ingress.enabled is true | ||||||
|  |     set: | ||||||
|  |       ingress.enabled: true | ||||||
|  |       ingress.apiVersion: networking.k8s.io/v1 | ||||||
|  |       ingress.annotations: | ||||||
|  |         kubernetes.io/ingress.class: nginx | ||||||
|  |       ingress.className: nginx | ||||||
|  |       ingress.tls: | ||||||
|  |         - hosts: | ||||||
|  |             - example.com | ||||||
|  |           secretName: tls-secret | ||||||
|  |       ingress.hosts: | ||||||
|  |         - host: example.com | ||||||
|  |           paths: ["/"] | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - isKind: | ||||||
|  |           of: Ingress | ||||||
|  |       - equal: | ||||||
|  |           path: metadata.name | ||||||
|  |           value: RELEASE-NAME-gitea | ||||||
|  |       - matchRegex: | ||||||
|  |           path: apiVersion | ||||||
|  |           pattern: networking.k8s.io/v1 | ||||||
|  |       - equal: | ||||||
|  |           path: spec.ingressClassName | ||||||
|  |           value: nginx | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].host | ||||||
|  |           value: "example.com" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.tls[0].hosts[0] | ||||||
|  |           value: "example.com" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.tls[0].secretName | ||||||
|  |           value: tls-secret | ||||||
|  |       - equal: | ||||||
|  |           path: metadata.annotations["kubernetes.io/ingress.class"] | ||||||
|  |           value: nginx | ||||||
|  |  | ||||||
|  |   - it: should not create ingress when ingress.enabled is false | ||||||
|  |     set: | ||||||
|  |       ingress.enabled: false | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 0 | ||||||
|  |  | ||||||
|  |   - it: Ingress Class using TPL | ||||||
|  |     set: | ||||||
|  |       global.ingress.className: "ingress-class" | ||||||
|  |       ingress.className: "{{ .Values.global.ingress.className }}" | ||||||
|  |       ingress.enabled: true | ||||||
|  |       ingress.hosts[0].host: "some-host" | ||||||
|  |       ingress.tls: | ||||||
|  |         - secretName: gitea-tls | ||||||
|  |           hosts: | ||||||
|  |             - "some-host" | ||||||
|  |     asserts: | ||||||
|  |       - isKind: | ||||||
|  |           of: Ingress | ||||||
|  |       - equal: | ||||||
|  |           path: spec.tls[0].hosts[0] | ||||||
|  |           value: "some-host" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].host | ||||||
|  |           value: "some-host" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.ingressClassName | ||||||
|  |           value: "ingress-class" | ||||||
|  |  | ||||||
|  |   - it: hostname using TPL | ||||||
|  |     set: | ||||||
|  |       global.giteaHostName: "gitea.example.com" | ||||||
|  |       ingress.enabled: true | ||||||
|  |       ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}" | ||||||
|  |       ingress.tls: | ||||||
|  |         - secretName: gitea-tls | ||||||
|  |           hosts: | ||||||
|  |             - "{{ .Values.global.giteaHostName }}" | ||||||
|  |     asserts: | ||||||
|  |       - isKind: | ||||||
|  |           of: Ingress | ||||||
|  |       - equal: | ||||||
|  |           path: spec.tls[0].hosts[0] | ||||||
|  |           value: "gitea.example.com" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].host | ||||||
|  |           value: "gitea.example.com" | ||||||
							
								
								
									
										23
									
								
								unittests/helm/ingress/implicit-defaults.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								unittests/helm/ingress/implicit-defaults.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | |||||||
|  | suite: Test ingress with implicit path defaults | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/ingress.yaml | ||||||
|  | tests: | ||||||
|  |   - it: should use default path and pathType when no paths are specified | ||||||
|  |     set: | ||||||
|  |       ingress.enabled: true | ||||||
|  |       ingress.hosts: | ||||||
|  |         - host: git.example.com | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - isKind: | ||||||
|  |           of: Ingress | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].host | ||||||
|  |           value: "git.example.com" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].http.paths[0].path | ||||||
|  |           value: "/" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].http.paths[0].pathType | ||||||
|  |           value: "Prefix" | ||||||
							
								
								
									
										45
									
								
								unittests/helm/ingress/ingress.tpl.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										45
									
								
								unittests/helm/ingress/ingress.tpl.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,45 @@ | |||||||
|  | suite: Test ingress tpl use | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/ingress.yaml | ||||||
|  | tests: | ||||||
|  |   - it: Ingress Class using TPL | ||||||
|  |     set: | ||||||
|  |       global.ingress.className: "ingress-class" | ||||||
|  |       ingress.className: "{{ .Values.global.ingress.className }}" | ||||||
|  |       ingress.enabled: true | ||||||
|  |       ingress.hosts[0].host: "some-host" | ||||||
|  |       ingress.tls: | ||||||
|  |         - secretName: gitea-tls | ||||||
|  |           hosts: | ||||||
|  |             - "some-host" | ||||||
|  |     asserts: | ||||||
|  |       - isKind: | ||||||
|  |           of: Ingress | ||||||
|  |       - equal: | ||||||
|  |           path: spec.tls[0].hosts[0] | ||||||
|  |           value: "some-host" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].host | ||||||
|  |           value: "some-host" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.ingressClassName | ||||||
|  |           value: "ingress-class" | ||||||
|  |  | ||||||
|  |   - it: hostname using TPL | ||||||
|  |     set: | ||||||
|  |       global.giteaHostName: "gitea.example.com" | ||||||
|  |       ingress.enabled: true | ||||||
|  |       ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}" | ||||||
|  |       ingress.tls: | ||||||
|  |         - secretName: gitea-tls | ||||||
|  |           hosts: | ||||||
|  |             - "{{ .Values.global.giteaHostName }}" | ||||||
|  |     asserts: | ||||||
|  |       - isKind: | ||||||
|  |           of: Ingress | ||||||
|  |       - equal: | ||||||
|  |           path: spec.tls[0].hosts[0] | ||||||
|  |           value: "gitea.example.com" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].host | ||||||
|  |           value: "gitea.example.com" | ||||||
							
								
								
									
										26
									
								
								unittests/helm/ingress/structured-paths.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										26
									
								
								unittests/helm/ingress/structured-paths.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,26 @@ | |||||||
|  | suite: Test ingress with structured paths | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/ingress.yaml | ||||||
|  | tests: | ||||||
|  |   - it: should work with structured path definitions | ||||||
|  |     set: | ||||||
|  |       ingress.enabled: true | ||||||
|  |       ingress.hosts: | ||||||
|  |         - host: git.devxy.io | ||||||
|  |           paths: | ||||||
|  |             - path: / | ||||||
|  |               pathType: Prefix | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - isKind: | ||||||
|  |           of: Ingress | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].host | ||||||
|  |           value: "git.devxy.io" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].http.paths[0].path | ||||||
|  |           value: "/" | ||||||
|  |       - equal: | ||||||
|  |           path: spec.rules[0].http.paths[0].pathType | ||||||
|  |           value: "Prefix" | ||||||
| @@ -15,11 +15,11 @@ tests: | |||||||
|     asserts: |     asserts: | ||||||
|       - equal: |       - equal: | ||||||
|           path: stringData["configure_gpg_environment.sh"] |           path: stringData["configure_gpg_environment.sh"] | ||||||
|           value: |- |           value: | | ||||||
|             #!/usr/bin/env bash |             #!/usr/bin/env bash | ||||||
|             set -eu |             set -eu | ||||||
| 
 | 
 | ||||||
|             gpg --batch --import /raw/private.asc |             gpg --batch --import "$TMP_RAW_GPG_KEY" | ||||||
|   - it: skips gpg script block for disabled signing |   - it: skips gpg script block for disabled signing | ||||||
|     asserts: |     asserts: | ||||||
|       - equal: |       - equal: | ||||||
| @@ -28,15 +28,13 @@ tests: | |||||||
|             #!/usr/bin/env bash |             #!/usr/bin/env bash | ||||||
| 
 | 
 | ||||||
|             set -euo pipefail |             set -euo pipefail | ||||||
| 
 |             mkdir -pv /data/git/.ssh | ||||||
|             set -x |             chmod -Rv 700 /data/git/.ssh | ||||||
|             mkdir -p /data/git/.ssh |             [ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf | ||||||
|             chmod -R 700 /data/git/.ssh |  | ||||||
|             [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf |  | ||||||
| 
 | 
 | ||||||
|             # prepare temp directory structure |             # prepare temp directory structure | ||||||
|             mkdir -p "${GITEA_TEMP}" |             mkdir -pv "${GITEA_TEMP}" | ||||||
|             chmod ug+rwx "${GITEA_TEMP}" |             chmod -v ug+rwx "${GITEA_TEMP}" | ||||||
|   - it: adds gpg script block for enabled signing |   - it: adds gpg script block for enabled signing | ||||||
|     set: |     set: | ||||||
|       signing.enabled: true |       signing.enabled: true | ||||||
| @@ -51,18 +49,34 @@ tests: | |||||||
|             #!/usr/bin/env bash |             #!/usr/bin/env bash | ||||||
| 
 | 
 | ||||||
|             set -euo pipefail |             set -euo pipefail | ||||||
| 
 |             mkdir -pv /data/git/.ssh | ||||||
|             set -x |             chmod -Rv 700 /data/git/.ssh | ||||||
|             mkdir -p /data/git/.ssh |             [ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf | ||||||
|             chmod -R 700 /data/git/.ssh |  | ||||||
|             [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf |  | ||||||
| 
 | 
 | ||||||
|             # prepare temp directory structure |             # prepare temp directory structure | ||||||
|             mkdir -p "${GITEA_TEMP}" |             mkdir -pv "${GITEA_TEMP}" | ||||||
|             chmod ug+rwx "${GITEA_TEMP}" |             chmod -v ug+rwx "${GITEA_TEMP}" | ||||||
| 
 | 
 | ||||||
|             if [ ! -d "${GNUPGHOME}" ]; then |             if [ ! -d "${GNUPGHOME}" ]; then | ||||||
|               mkdir -p "${GNUPGHOME}" |               mkdir -pv "${GNUPGHOME}" | ||||||
|               chmod 700 "${GNUPGHOME}" |               chmod -v 700 "${GNUPGHOME}" | ||||||
|               chown 1000:1000 "${GNUPGHOME}" |               chown -v 1000:1000 "${GNUPGHOME}" | ||||||
|             fi |             fi | ||||||
|  |   - it: it does not chown /data even when image.fullOverride is set | ||||||
|  |     template: templates/gitea/init.yaml | ||||||
|  |     set: | ||||||
|  |       image.fullOverride: docker.gitea.com/gitea:1.20.5 | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: stringData["init_directory_structure.sh"] | ||||||
|  |           value: |- | ||||||
|  |             #!/usr/bin/env bash | ||||||
|  | 
 | ||||||
|  |             set -euo pipefail | ||||||
|  |             mkdir -pv /data/git/.ssh | ||||||
|  |             chmod -Rv 700 /data/git/.ssh | ||||||
|  |             [ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf | ||||||
|  | 
 | ||||||
|  |             # prepare temp directory structure | ||||||
|  |             mkdir -pv "${GITEA_TEMP}" | ||||||
|  |             chmod -v ug+rwx "${GITEA_TEMP}" | ||||||
| @@ -16,11 +16,11 @@ tests: | |||||||
|     asserts: |     asserts: | ||||||
|       - equal: |       - equal: | ||||||
|           path: stringData["configure_gpg_environment.sh"] |           path: stringData["configure_gpg_environment.sh"] | ||||||
|           value: |- |           value: | | ||||||
|             #!/usr/bin/env bash |             #!/usr/bin/env bash | ||||||
|             set -eu |             set -eu | ||||||
| 
 | 
 | ||||||
|             gpg --batch --import /raw/private.asc |             gpg --batch --import "$TMP_RAW_GPG_KEY" | ||||||
|   - it: skips gpg script block for disabled signing |   - it: skips gpg script block for disabled signing | ||||||
|     set: |     set: | ||||||
|       image.rootless: false |       image.rootless: false | ||||||
| @@ -31,17 +31,15 @@ tests: | |||||||
|             #!/usr/bin/env bash |             #!/usr/bin/env bash | ||||||
| 
 | 
 | ||||||
|             set -euo pipefail |             set -euo pipefail | ||||||
| 
 |             chown -v 1000:1000 /data | ||||||
|             set -x |             mkdir -pv /data/git/.ssh | ||||||
|             chown 1000:1000 /data |             chmod -Rv 700 /data/git/.ssh | ||||||
|             mkdir -p /data/git/.ssh |             [ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf | ||||||
|             chmod -R 700 /data/git/.ssh |  | ||||||
|             [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf |  | ||||||
| 
 | 
 | ||||||
|             # prepare temp directory structure |             # prepare temp directory structure | ||||||
|             mkdir -p "${GITEA_TEMP}" |             mkdir -pv "${GITEA_TEMP}" | ||||||
|             chown 1000:1000 "${GITEA_TEMP}" |             chown -v 1000:1000 "${GITEA_TEMP}" | ||||||
|             chmod ug+rwx "${GITEA_TEMP}" |             chmod -v ug+rwx "${GITEA_TEMP}" | ||||||
|   - it: adds gpg script block for enabled signing |   - it: adds gpg script block for enabled signing | ||||||
|     set: |     set: | ||||||
|       image.rootless: false |       image.rootless: false | ||||||
| @@ -57,20 +55,18 @@ tests: | |||||||
|             #!/usr/bin/env bash |             #!/usr/bin/env bash | ||||||
| 
 | 
 | ||||||
|             set -euo pipefail |             set -euo pipefail | ||||||
| 
 |             chown -v 1000:1000 /data | ||||||
|             set -x |             mkdir -pv /data/git/.ssh | ||||||
|             chown 1000:1000 /data |             chmod -Rv 700 /data/git/.ssh | ||||||
|             mkdir -p /data/git/.ssh |             [ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf | ||||||
|             chmod -R 700 /data/git/.ssh |  | ||||||
|             [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf |  | ||||||
| 
 | 
 | ||||||
|             # prepare temp directory structure |             # prepare temp directory structure | ||||||
|             mkdir -p "${GITEA_TEMP}" |             mkdir -pv "${GITEA_TEMP}" | ||||||
|             chown 1000:1000 "${GITEA_TEMP}" |             chown -v 1000:1000 "${GITEA_TEMP}" | ||||||
|             chmod ug+rwx "${GITEA_TEMP}" |             chmod -v ug+rwx "${GITEA_TEMP}" | ||||||
| 
 | 
 | ||||||
|             if [ ! -d "${GNUPGHOME}" ]; then |             if [ ! -d "${GNUPGHOME}" ]; then | ||||||
|               mkdir -p "${GNUPGHOME}" |               mkdir -pv "${GNUPGHOME}" | ||||||
|               chmod 700 "${GNUPGHOME}" |               chmod -v 700 "${GNUPGHOME}" | ||||||
|               chown 1000:1000 "${GNUPGHOME}" |               chown -v 1000:1000 "${GNUPGHOME}" | ||||||
|             fi |             fi | ||||||
| @@ -0,0 +1,23 @@ | |||||||
|  | suite: Metrics secret template (monitoring disabled) | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/metrics-secret.yaml | ||||||
|  | tests: | ||||||
|  |   - it: renders nothing if monitoring disabled and gitea.metrics.token empty | ||||||
|  |     set: | ||||||
|  |       gitea.metrics.enabled: false | ||||||
|  |       gitea.metrics.serviceMonitor.enabled: false | ||||||
|  |       gitea.metrics.token: "" | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 0 | ||||||
|  |   - it: renders nothing if monitoring disabled and gitea.metrics.token not empty | ||||||
|  |     set: | ||||||
|  |       gitea.metrics.enabled: false | ||||||
|  |       gitea.metrics.serviceMonitor.enabled: false | ||||||
|  |       gitea.metrics.token: "test-token" | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 0 | ||||||
| @@ -0,0 +1,33 @@ | |||||||
|  | suite: Metrics secret template (monitoring enabled) | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/metrics-secret.yaml | ||||||
|  | tests: | ||||||
|  |   - it: renders nothing if monitoring enabled and gitea.metrics.token empty | ||||||
|  |     set: | ||||||
|  |       gitea.metrics.enabled: true | ||||||
|  |       gitea.metrics.serviceMonitor.enabled: true | ||||||
|  |       gitea.metrics.token: "" | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 0 | ||||||
|  |   - it: renders Secret if monitoring enabled and gitea.metrics.token not empty | ||||||
|  |     set: | ||||||
|  |       gitea.metrics.enabled: true | ||||||
|  |       gitea.metrics.serviceMonitor.enabled: true | ||||||
|  |       gitea.metrics.token: "test-token" | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         containsDocument: | ||||||
|  |           kind: Secret | ||||||
|  |           apiVersion: v1 | ||||||
|  |           name: gitea-unittests-metrics-secret | ||||||
|  |       - isNotNullOrEmpty: | ||||||
|  |           path: metadata.labels | ||||||
|  |       - equal: | ||||||
|  |           path: data.token | ||||||
|  |           value: "dGVzdC10b2tlbg==" | ||||||
							
								
								
									
										19
									
								
								unittests/helm/pvc/pvc-configuration.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								unittests/helm/pvc/pvc-configuration.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | |||||||
|  | suite: PVC template | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/pvc.yaml | ||||||
|  | tests: | ||||||
|  |   - it: Storage Class using TPL | ||||||
|  |     set: | ||||||
|  |       global.persistence.storageClass: "storage-class" | ||||||
|  |       persistence.enabled: true | ||||||
|  |       persistence.create: true | ||||||
|  |       persistence.storageClass: "{{ .Values.global.persistence.storageClass }}" | ||||||
|  |     asserts: | ||||||
|  |       - isKind: | ||||||
|  |           of: PersistentVolumeClaim | ||||||
|  |       - equal: | ||||||
|  |           path: spec.storageClassName | ||||||
|  |           value: "storage-class" | ||||||
							
								
								
									
										89
									
								
								unittests/helm/servicemonitor/basic.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										89
									
								
								unittests/helm/servicemonitor/basic.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,89 @@ | |||||||
|  | suite: ServiceMonitor template (basic) | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/servicemonitor.yaml | ||||||
|  | tests: | ||||||
|  |   - it: skips rendering by default | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 0 | ||||||
|  |   - it: renders default ServiceMonitor object with gitea.metrics.enabled=true | ||||||
|  |     set: | ||||||
|  |       gitea.metrics.enabled: true | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 0 | ||||||
|  |   - it: renders default ServiceMonitor object with gitea.metrics.serviceMonitor.enabled=true | ||||||
|  |     set: | ||||||
|  |       gitea.metrics.serviceMonitor.enabled: true | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 0 | ||||||
|  |   - it: renders defaults | ||||||
|  |     set: | ||||||
|  |       gitea.metrics.enabled: true | ||||||
|  |       gitea.metrics.serviceMonitor.enabled: true | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - containsDocument: | ||||||
|  |           kind: ServiceMonitor | ||||||
|  |           apiVersion: monitoring.coreos.com/v1 | ||||||
|  |           name: gitea-unittests | ||||||
|  |       - notExists: | ||||||
|  |           path: metadata.annotations | ||||||
|  |       - notExists: | ||||||
|  |           path: spec.endpoints[0].interval | ||||||
|  |       - equal: | ||||||
|  |           path: spec.endpoints[0].port | ||||||
|  |           value: http | ||||||
|  |       - notExists: | ||||||
|  |           path: spec.endpoints[0].scheme | ||||||
|  |       - notExists: | ||||||
|  |           path: spec.endpoints[0].scrapeTimeout | ||||||
|  |       - notExists: | ||||||
|  |           path: spec.endpoints[0].tlsConfig | ||||||
|  |   - it: renders custom scrape interval | ||||||
|  |     set: | ||||||
|  |       gitea.metrics.enabled: true | ||||||
|  |       gitea.metrics.serviceMonitor.enabled: true | ||||||
|  |       gitea.metrics.serviceMonitor.interval: 30s | ||||||
|  |       gitea.metrics.serviceMonitor.scrapeTimeout: 5s | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: spec.endpoints[0].interval | ||||||
|  |           value: 30s | ||||||
|  |       - equal: | ||||||
|  |           path: spec.endpoints[0].scrapeTimeout | ||||||
|  |           value: 5s | ||||||
|  |   - it: renders custom tls config | ||||||
|  |     set: | ||||||
|  |       gitea.metrics.enabled: true | ||||||
|  |       gitea.metrics.serviceMonitor.enabled: true | ||||||
|  |       gitea.metrics.serviceMonitor.scheme: https | ||||||
|  |       gitea.metrics.serviceMonitor.tlsConfig.caFile: /etc/prometheus/tls/ca.crt | ||||||
|  |       gitea.metrics.serviceMonitor.tlsConfig.certFile: /etc/prometheus/tls/tls.crt | ||||||
|  |       gitea.metrics.serviceMonitor.tlsConfig.keyFile: /etc/prometheus/tls/tls.key | ||||||
|  |       gitea.metrics.serviceMonitor.tlsConfig.insecureSkipVerify: false | ||||||
|  |       gitea.metrics.serviceMonitor.tlsConfig.serverName: gitea-unittest | ||||||
|  |     asserts: | ||||||
|  |       - equal: | ||||||
|  |           path: spec.endpoints[0].scheme | ||||||
|  |           value: https | ||||||
|  |       - equal: | ||||||
|  |           path: spec.endpoints[0].tlsConfig.caFile | ||||||
|  |           value: /etc/prometheus/tls/ca.crt | ||||||
|  |       - equal: | ||||||
|  |           path: spec.endpoints[0].tlsConfig.certFile | ||||||
|  |           value: /etc/prometheus/tls/tls.crt | ||||||
|  |       - equal: | ||||||
|  |           path: spec.endpoints[0].tlsConfig.keyFile | ||||||
|  |           value: /etc/prometheus/tls/tls.key | ||||||
|  |       - equal: | ||||||
|  |           path: spec.endpoints[0].tlsConfig.insecureSkipVerify | ||||||
|  |           value: false | ||||||
|  |       - equal: | ||||||
|  |           path: spec.endpoints[0].tlsConfig.serverName | ||||||
|  |           value: gitea-unittest | ||||||
							
								
								
									
										23
									
								
								unittests/helm/servicemonitor/servicemonitor-disabled.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								unittests/helm/servicemonitor/servicemonitor-disabled.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | |||||||
|  | suite: ServiceMonitor template (monitoring disabled) | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/servicemonitor.yaml | ||||||
|  | tests: | ||||||
|  |   - it: renders nothing if gitea.metrics.serviceMonitor disabled and gitea.metrics.token empty | ||||||
|  |     set: | ||||||
|  |       gitea.metrics.enabled: false | ||||||
|  |       gitea.metrics.token: "" | ||||||
|  |       gitea.metrics.serviceMonitor.enabled: false | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 0 | ||||||
|  |   - it: renders nothing if gitea.metrics.serviceMonitor disabled and gitea.metrics.token not empty | ||||||
|  |     set: | ||||||
|  |       gitea.metrics.enabled: false | ||||||
|  |       gitea.metrics.token: "test-token" | ||||||
|  |       gitea.metrics.serviceMonitor.enabled: false | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 0 | ||||||
							
								
								
									
										70
									
								
								unittests/helm/servicemonitor/servicemonitor-enabled.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										70
									
								
								unittests/helm/servicemonitor/servicemonitor-enabled.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,70 @@ | |||||||
|  | suite: ServiceMonitor template (monitoring enabled) | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  |   - templates/gitea/servicemonitor.yaml | ||||||
|  | tests: | ||||||
|  |   - it: renders unsecure ServiceMonitor if gitea.metrics.token nil | ||||||
|  |     set: | ||||||
|  |       gitea.metrics.enabled: true | ||||||
|  |       gitea.metrics.token: | ||||||
|  |       gitea.metrics.serviceMonitor.enabled: true | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         containsDocument: | ||||||
|  |           kind: ServiceMonitor | ||||||
|  |           apiVersion: monitoring.coreos.com/v1 | ||||||
|  |           name: gitea-unittests | ||||||
|  |       - isNotNullOrEmpty: | ||||||
|  |           path: metadata.labels | ||||||
|  |       - equal: | ||||||
|  |           path: spec.endpoints | ||||||
|  |           value: | ||||||
|  |             - port: http | ||||||
|  |   - it: renders unsecure ServiceMonitor if gitea.metrics.token empty | ||||||
|  |     set: | ||||||
|  |       gitea.metrics.enabled: true | ||||||
|  |       gitea.metrics.token: "" | ||||||
|  |       gitea.metrics.serviceMonitor.enabled: true | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         containsDocument: | ||||||
|  |           kind: ServiceMonitor | ||||||
|  |           apiVersion: monitoring.coreos.com/v1 | ||||||
|  |           name: gitea-unittests | ||||||
|  |       - isNotNullOrEmpty: | ||||||
|  |           path: metadata.labels | ||||||
|  |       - equal: | ||||||
|  |           path: spec.endpoints | ||||||
|  |           value: | ||||||
|  |             - port: http | ||||||
|  |   - it: renders secure ServiceMonitor if gitea.metrics.token not empty | ||||||
|  |     set: | ||||||
|  |       gitea.metrics.enabled: true | ||||||
|  |       gitea.metrics.token: "test-token" | ||||||
|  |       gitea.metrics.serviceMonitor.enabled: true | ||||||
|  |     asserts: | ||||||
|  |       - hasDocuments: | ||||||
|  |           count: 1 | ||||||
|  |       - documentIndex: 0 | ||||||
|  |         containsDocument: | ||||||
|  |           kind: ServiceMonitor | ||||||
|  |           apiVersion: monitoring.coreos.com/v1 | ||||||
|  |           name: gitea-unittests | ||||||
|  |       - isNotNullOrEmpty: | ||||||
|  |           path: metadata.labels | ||||||
|  |       - equal: | ||||||
|  |           path: spec.endpoints | ||||||
|  |           value: | ||||||
|  |             - port: http | ||||||
|  |               authorization: | ||||||
|  |                 type: Bearer | ||||||
|  |                 credentials: | ||||||
|  |                   name: gitea-unittests-metrics-secret | ||||||
|  |                   key: token | ||||||
|  |                   optional: false | ||||||
							
								
								
									
										14
									
								
								unittests/helm/values-conflicting-checks.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										14
									
								
								unittests/helm/values-conflicting-checks.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,14 @@ | |||||||
|  | suite: Values conflicting checks | ||||||
|  | release: | ||||||
|  |   name: gitea-unittests | ||||||
|  |   namespace: testing | ||||||
|  | tests: | ||||||
|  |   - it: fails when trying to configure valkey and valkey-cluster the same time | ||||||
|  |     set: | ||||||
|  |       valkey-cluster: | ||||||
|  |         enabled: true | ||||||
|  |       valkey: | ||||||
|  |         enabled: true | ||||||
|  |     asserts: | ||||||
|  |       - failedTemplate: | ||||||
|  |           errorMessage: valkey and valkey-cluster cannot be enabled at the same time. Please only choose one. | ||||||
							
								
								
									
										252
									
								
								values.yaml
									
									
									
									
									
								
							
							
						
						
									
										252
									
								
								values.yaml
									
									
									
									
									
								
							| @@ -20,6 +20,9 @@ global: | |||||||
|   #   hostnames: |   #   hostnames: | ||||||
|   #   - example.com |   #   - example.com | ||||||
|  |  | ||||||
|  | ## @param namespace An explicit namespace to deploy gitea into. Defaults to the release namespace if not specified | ||||||
|  | namespace: "" | ||||||
|  |  | ||||||
| ## @param replicaCount number of replicas for the deployment | ## @param replicaCount number of replicas for the deployment | ||||||
| replicaCount: 1 | replicaCount: 1 | ||||||
|  |  | ||||||
| @@ -40,15 +43,19 @@ clusterDomain: cluster.local | |||||||
| ## @param image.registry image registry, e.g. gcr.io,docker.io | ## @param image.registry image registry, e.g. gcr.io,docker.io | ||||||
| ## @param image.repository Image to start for this pod | ## @param image.repository Image to start for this pod | ||||||
| ## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | ## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | ||||||
|  | ## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | ||||||
| ## @param image.pullPolicy Image pull policy | ## @param image.pullPolicy Image pull policy | ||||||
| ## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | ## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | ||||||
|  | ## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** | ||||||
| image: | image: | ||||||
|   registry: "" |   registry: "docker.gitea.com" | ||||||
|   repository: gitea/gitea |   repository: gitea | ||||||
|   # Overrides the image tag whose default is the chart appVersion. |   # Overrides the image tag whose default is the chart appVersion. | ||||||
|   tag: "" |   tag: "" | ||||||
|   pullPolicy: Always |   digest: "" | ||||||
|  |   pullPolicy: IfNotPresent | ||||||
|   rootless: true |   rootless: true | ||||||
|  |   fullOverride: "" | ||||||
|  |  | ||||||
| ## @param imagePullSecrets Secret to use for pulling the image | ## @param imagePullSecrets Secret to use for pulling the image | ||||||
| imagePullSecrets: [] | imagePullSecrets: [] | ||||||
| @@ -69,7 +76,7 @@ containerSecurityContext: {} | |||||||
| #   # run pods on nodes that use the container runtime cri-o. Otherwise, you will | #   # run pods on nodes that use the container runtime cri-o. Otherwise, you will | ||||||
| #   # get an error message from the SSH server that it is not possible to read from | #   # get an error message from the SSH server that it is not possible to read from | ||||||
| #   # the repository. | #   # the repository. | ||||||
| #   # https://gitea.com/gitea/helm-chart/issues/161 | #   # https://gitea.com/gitea/helm-gitea/issues/161 | ||||||
| #     add: | #     add: | ||||||
| #       - SYS_CHROOT | #       - SYS_CHROOT | ||||||
| #   privileged: false | #   privileged: false | ||||||
| @@ -102,6 +109,8 @@ service: | |||||||
|   ## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). |   ## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). | ||||||
|   ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer |   ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer | ||||||
|   ## @param service.http.annotations HTTP service annotations |   ## @param service.http.annotations HTTP service annotations | ||||||
|  |   ## @param service.http.labels HTTP service additional labels | ||||||
|  |   ## @param service.http.loadBalancerClass Loadbalancer class | ||||||
|   http: |   http: | ||||||
|     type: ClusterIP |     type: ClusterIP | ||||||
|     port: 3000 |     port: 3000 | ||||||
| @@ -114,6 +123,8 @@ service: | |||||||
|     ipFamilies: |     ipFamilies: | ||||||
|     loadBalancerSourceRanges: [] |     loadBalancerSourceRanges: [] | ||||||
|     annotations: {} |     annotations: {} | ||||||
|  |     labels: {} | ||||||
|  |     loadBalancerClass: | ||||||
|   ## @param service.ssh.type Kubernetes service type for ssh traffic |   ## @param service.ssh.type Kubernetes service type for ssh traffic | ||||||
|   ## @param service.ssh.port Port number for ssh traffic |   ## @param service.ssh.port Port number for ssh traffic | ||||||
|   ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None |   ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None | ||||||
| @@ -126,6 +137,8 @@ service: | |||||||
|   ## @param service.ssh.hostPort HostPort for ssh service |   ## @param service.ssh.hostPort HostPort for ssh service | ||||||
|   ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer |   ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer | ||||||
|   ## @param service.ssh.annotations SSH service annotations |   ## @param service.ssh.annotations SSH service annotations | ||||||
|  |   ## @param service.ssh.labels SSH service additional labels | ||||||
|  |   ## @param service.ssh.loadBalancerClass Loadbalancer class | ||||||
|   ssh: |   ssh: | ||||||
|     type: ClusterIP |     type: ClusterIP | ||||||
|     port: 22 |     port: 22 | ||||||
| @@ -139,36 +152,30 @@ service: | |||||||
|     hostPort: |     hostPort: | ||||||
|     loadBalancerSourceRanges: [] |     loadBalancerSourceRanges: [] | ||||||
|     annotations: {} |     annotations: {} | ||||||
|  |     labels: {} | ||||||
|  |     loadBalancerClass: | ||||||
|  |  | ||||||
| ## @section Ingress | ## @section Ingress | ||||||
| ## @param ingress.enabled Enable ingress | ## @param ingress.enabled Enable ingress | ||||||
| ## @param ingress.className Ingress class name | ## @param ingress.className DEPRECATED: Ingress class name. | ||||||
|  | ## @param ingress.pathType Ingress Path Type | ||||||
| ## @param ingress.annotations Ingress annotations | ## @param ingress.annotations Ingress annotations | ||||||
| ## @param ingress.hosts[0].host Default Ingress host | ## @param ingress.hosts[0].host Default Ingress host | ||||||
| ## @param ingress.hosts[0].paths[0].path Default Ingress path | ## @param ingress.hosts[0].paths[0].path Default Ingress path | ||||||
| ## @param ingress.hosts[0].paths[0].pathType Ingress path type |  | ||||||
| ## @param ingress.tls Ingress tls settings | ## @param ingress.tls Ingress tls settings | ||||||
| ## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd. |  | ||||||
| ingress: | ingress: | ||||||
|   enabled: false |   enabled: false | ||||||
|   # className: nginx |   className: "" | ||||||
|   className: |   pathType: Prefix | ||||||
|   annotations: |   annotations: {} | ||||||
|     {} |  | ||||||
|     # kubernetes.io/ingress.class: nginx |  | ||||||
|     # kubernetes.io/tls-acme: "true" |  | ||||||
|   hosts: |   hosts: | ||||||
|     - host: git.example.com |     - host: git.example.com | ||||||
|       paths: |       paths: | ||||||
|         - path: / |         - path: / | ||||||
|           pathType: Prefix |  | ||||||
|   tls: [] |   tls: [] | ||||||
|   #  - secretName: chart-example-tls |   #  - secretName: chart-example-tls | ||||||
|   #    hosts: |   #    hosts: | ||||||
|   #      - git.example.com |   #      - git.example.com | ||||||
|   # Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar |  | ||||||
|   # If helm doesn't correctly detect your ingress API version you can set it here. |  | ||||||
|   # apiVersion: networking.k8s.io/v1 |  | ||||||
|  |  | ||||||
| ## @section deployment | ## @section deployment | ||||||
| # | # | ||||||
| @@ -268,6 +275,24 @@ persistence: | |||||||
|   annotations: |   annotations: | ||||||
|     helm.sh/resource-policy: keep |     helm.sh/resource-policy: keep | ||||||
|  |  | ||||||
|  | ## @param extraContainers Additional sidecar containers to run in the pod | ||||||
|  | extraContainers: [] | ||||||
|  | #  - name: sidecar-bob | ||||||
|  | #    image: busybox | ||||||
|  | #    command: [/bin/sh, -c, 'echo "Hello world"'] | ||||||
|  |  | ||||||
|  | ## @param preExtraInitContainers Additional init containers to run in the pod before gitea runs it owns init containers. | ||||||
|  | preExtraInitContainers: [] | ||||||
|  | # - name: pre-init-container | ||||||
|  | #   image: docker.io/library/busybox | ||||||
|  | #   command: [ /bin/sh, -c, 'echo "Hello world! I am a pre init container."' ] | ||||||
|  |  | ||||||
|  | ## @param postExtraInitContainers Additional init containers to run in the pod after gitea runs it owns init containers. | ||||||
|  | postExtraInitContainers: [] | ||||||
|  | # - name: post-init-container | ||||||
|  | #   image: docker.io/library/busybox | ||||||
|  | #   command: [ /bin/sh, -c, 'echo "Hello world! I am a post init container."' ] | ||||||
|  |  | ||||||
| ## @param extraVolumes Additional volumes to mount to the Gitea deployment | ## @param extraVolumes Additional volumes to mount to the Gitea deployment | ||||||
| extraVolumes: [] | extraVolumes: [] | ||||||
| # - name: postgres-ssl-vol | # - name: postgres-ssl-vol | ||||||
| @@ -293,6 +318,8 @@ extraVolumeMounts: [] | |||||||
| ## @section Init | ## @section Init | ||||||
| ## @param initPreScript Bash shell script copied verbatim to the start of the init-container. | ## @param initPreScript Bash shell script copied verbatim to the start of the init-container. | ||||||
| initPreScript: "" | initPreScript: "" | ||||||
|  | ## @param initContainersScriptsVolumeMountPath Path to mount the scripts consumed from the Secrets | ||||||
|  | initContainersScriptsVolumeMountPath: "/usr/sbinx" | ||||||
| # | # | ||||||
| # initPreScript: | | # initPreScript: | | ||||||
| #   mkdir -p /data/git/.postgresql | #   mkdir -p /data/git/.postgresql | ||||||
| @@ -315,7 +342,7 @@ initContainers: | |||||||
| # | # | ||||||
| ## @param signing.enabled Enable commit/action signing | ## @param signing.enabled Enable commit/action signing | ||||||
| ## @param signing.gpgHome GPG home directory | ## @param signing.gpgHome GPG home directory | ||||||
| ## @param signing.privateKey Inline private gpg key for signed Gitea actions | ## @param signing.privateKey Inline private gpg key for signed internal Git activity | ||||||
| ## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey` | ## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey` | ||||||
| signing: | signing: | ||||||
|   enabled: false |   enabled: false | ||||||
| @@ -334,21 +361,35 @@ gitea: | |||||||
|   ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials |   ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials | ||||||
|   ## @param gitea.admin.password Password for the Gitea admin user |   ## @param gitea.admin.password Password for the Gitea admin user | ||||||
|   ## @param gitea.admin.email Email for the Gitea admin user |   ## @param gitea.admin.email Email for the Gitea admin user | ||||||
|  |   ## @param gitea.admin.passwordMode Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated | ||||||
|   admin: |   admin: | ||||||
|     # existingSecret: gitea-admin-secret |     # existingSecret: gitea-admin-secret | ||||||
|     existingSecret: |     existingSecret: | ||||||
|     username: gitea_admin |     username: gitea_admin | ||||||
|     password: r8sA8CPHD9!bt6d |     password: r8sA8CPHD9!bt6d | ||||||
|     email: "gitea@local.domain" |     email: "gitea@local.domain" | ||||||
|  |     passwordMode: keepUpdated | ||||||
|  |  | ||||||
|   ## @param gitea.metrics.enabled Enable Gitea metrics |   ## @param gitea.metrics.enabled Enable Gitea metrics | ||||||
|   ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor |   ## @param gitea.metrics.token used for `bearer` token authentication on metrics endpoint. If not specified or empty metrics endpoint is public. | ||||||
|  |   ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor. Requires, that `gitea.metrics.enabled` is also set to true, to enable metrics generally. | ||||||
|  |   ## @param gitea.metrics.serviceMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | ||||||
|  |   ## @param gitea.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. | ||||||
|  |   ## @param gitea.metrics.serviceMonitor.scheme HTTP scheme to use for scraping. For example `http` or `https`. Default is http. | ||||||
|  |   ## @param gitea.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. | ||||||
|  |   ## @param gitea.metrics.serviceMonitor.tlsConfig TLS configuration to use when scraping the metric endpoint by Prometheus. | ||||||
|   metrics: |   metrics: | ||||||
|     enabled: false |     enabled: false | ||||||
|  |     token: | ||||||
|     serviceMonitor: |     serviceMonitor: | ||||||
|       enabled: false |       enabled: false | ||||||
|       #  additionalLabels: |       #  additionalLabels: | ||||||
|       #    prometheus-release: prom1 |       #    prometheus-release: prom1 | ||||||
|  |       interval: "" | ||||||
|  |       relabelings: [] | ||||||
|  |       scheme: "" | ||||||
|  |       scrapeTimeout: "" | ||||||
|  |       tlsConfig: {} | ||||||
|  |  | ||||||
|   ## @param gitea.ldap LDAP configuration |   ## @param gitea.ldap LDAP configuration | ||||||
|   ldap: |   ldap: | ||||||
| @@ -472,55 +513,162 @@ gitea: | |||||||
|     successThreshold: 1 |     successThreshold: 1 | ||||||
|     failureThreshold: 10 |     failureThreshold: 10 | ||||||
|  |  | ||||||
| ## @section redis-cluster | ## @section valkey-cluster | ||||||
| ## @param redis-cluster.enabled Enable redis | ## @descriptionStart | ||||||
| ## @param redis-cluster.usePassword Whether to use password authentication | ## Valkey cluster and [Valkey](#valkey) cannot be enabled at the same time. | ||||||
| redis-cluster: | ## @descriptionEnd | ||||||
|  | valkey-cluster: | ||||||
|  |   ## @param valkey-cluster.enabled Enable valkey cluster | ||||||
|  |   # ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>). | ||||||
|  |   # Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed. | ||||||
|  |   ## @param valkey-cluster.usePassword Whether to use password authentication. | ||||||
|  |   ## @param valkey-cluster.usePasswordFiles Whether to mount passwords as files instead of environment variables. | ||||||
|   enabled: true |   enabled: true | ||||||
|   usePassword: false |   usePassword: false | ||||||
|  |   usePasswordFiles: false | ||||||
|  |  | ||||||
| ## @section postgresql-ha |   ## @param valkey-cluster.image.repository Image repository, eg. `bitnamilegacy/valkey-cluster`. | ||||||
| # |   image: | ||||||
| ## @param postgresql-ha.enabled Enable postgresql-ha |     repository: bitnamilegacy/valkey-cluster | ||||||
| ## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`) |  | ||||||
| ## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`) |   ## @param valkey-cluster.cluster.nodes Number of valkey cluster master nodes | ||||||
| ## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`) |   ## @param valkey-cluster.cluster.replicas Number of valkey cluster master node replicas | ||||||
| ## @param postgresql-ha.global.postgresql.password Name for a custom password to create (overrides `auth.password`) |   cluster: | ||||||
| ## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password |     nodes: 3 # default: 6 | ||||||
| ## @param postgresql-ha.postgresql.postgresPassword postgres Password |     replicas: 0 # default: 1 | ||||||
| ## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword |  | ||||||
| ## @param postgresql-ha.service.ports.postgresql postgresql service port (overrides `service.ports.postgresql`) |   ## @param valkey-cluster.metrics.image.repository Image repository, eg. `bitnamilegacy/redis-exporter`. | ||||||
| ## @param postgresql-ha.primary.persistence.size PVC Storage Request for postgresql-ha volume |   metrics: | ||||||
|  |     image: | ||||||
|  |       repository: bitnamilegacy/redis-exporter | ||||||
|  |  | ||||||
|  |   ## @param valkey-cluster.service.ports.valkey Port of Valkey service | ||||||
|  |   service: | ||||||
|  |     ports: | ||||||
|  |       valkey: 6379 | ||||||
|  |  | ||||||
|  |   ## @param valkey-cluster.sysctlImage.repository Image repository, eg. `bitnamilegacy/os-shell`. | ||||||
|  |   sysctlImage: | ||||||
|  |     repository: bitnamilegacy/os-shell | ||||||
|  |  | ||||||
|  |   ## @param valkey-cluster.volumePermissions.image.repository Image repository, eg. `bitnamilegacy/os-shell`. | ||||||
|  |   volumePermissions: | ||||||
|  |     image: | ||||||
|  |       repository: bitnamilegacy/os-shell | ||||||
|  |  | ||||||
|  |  | ||||||
|  | ## @section valkey | ||||||
|  |  | ||||||
|  | ## @descriptionStart | ||||||
|  | ## Valkey and [Valkey cluster](#valkey-cluster) cannot be enabled at the same time. | ||||||
|  | ## @descriptionEnd | ||||||
|  | valkey: | ||||||
|  |   ## @param valkey.enabled Enable valkey standalone or replicated | ||||||
|  |   ## @param valkey.architecture Whether to use standalone or replication | ||||||
|  |   enabled: false | ||||||
|  |   architecture: standalone | ||||||
|  |  | ||||||
|  |   ## @param valkey.kubectl.image.repository Image repository, eg. `bitnamilegacy/kubectl`. | ||||||
|  |   kubectl: | ||||||
|  |     image: | ||||||
|  |       repository: bitnamilegacy/kubectl | ||||||
|  |  | ||||||
|  |   ## @param valkey.image.repository Image repository, eg. `bitnamilegacy/valkey`. | ||||||
|  |   image: | ||||||
|  |     repository: bitnamilegacy/valkey | ||||||
|  |  | ||||||
|  |   # ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>). | ||||||
|  |   # Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed. | ||||||
|  |   ## @param valkey.global.valkey.password Required password | ||||||
|  |   global: | ||||||
|  |     valkey: | ||||||
|  |       password: changeme | ||||||
|  |  | ||||||
|  |   ## @param valkey.master.count Number of Valkey master instances to deploy | ||||||
|  |   ## @param valkey.master.service.ports.valkey Port of Valkey service | ||||||
|  |   master: | ||||||
|  |     count: 1 | ||||||
|  |     service: | ||||||
|  |       ports: | ||||||
|  |         valkey: 6379 | ||||||
|  |  | ||||||
|  |   ## @param valkey.metrics.image.repository Image repository, eg. `bitnamilegacy/redis-exporter`. | ||||||
|  |   metrics: | ||||||
|  |     image: | ||||||
|  |       repository: bitnamilegacy/redis-exporter | ||||||
|  |  | ||||||
|  |   ## @param valkey.sentinel.image.repository Image repository, eg. `bitnamilegacy/sentinel`. | ||||||
|  |   sentinel: | ||||||
|  |     image: | ||||||
|  |       repository: bitnamilegacy/valkey-sentinel | ||||||
|  |  | ||||||
|  |   ## @param valkey.volumePermissions.image.repository Image repository, eg. `bitnamilegacy/os-shell`. | ||||||
|  |   volumePermissions: | ||||||
|  |     image: | ||||||
|  |       repository: bitnamilegacy/os-shell | ||||||
|  |  | ||||||
|  | ## @section PostgreSQL HA | ||||||
| postgresql-ha: | postgresql-ha: | ||||||
|  |   ## @param postgresql-ha.enabled Enable PostgreSQL HA | ||||||
|  |   enabled: true | ||||||
|  |  | ||||||
|  |   ## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`) | ||||||
|  |   ## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`) | ||||||
|  |   ## @param postgresql-ha.global.postgresql.password Name for a custom password to create (overrides `auth.password`) | ||||||
|   global: |   global: | ||||||
|     postgresql: |     postgresql: | ||||||
|       database: gitea |       database: gitea | ||||||
|       password: gitea |       password: gitea | ||||||
|       username: gitea |       username: gitea | ||||||
|   enabled: true |  | ||||||
|  |   ## @param postgresql-ha.metrics.image.repository Image repository, eg. `bitnamilegacy/postgres-exporter`. | ||||||
|  |   metrics: | ||||||
|  |     image: | ||||||
|  |       repository: bitnamilegacy/postgres-exporter | ||||||
|  |  | ||||||
|  |   ## @param postgresql-ha.postgresql.image.repository Image repository, eg. `bitnamilegacy/postgresql-repmgr`. | ||||||
|  |   ## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password | ||||||
|  |   ## @param postgresql-ha.postgresql.postgresPassword postgres Password | ||||||
|  |   ## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`) | ||||||
|   postgresql: |   postgresql: | ||||||
|  |     image: | ||||||
|  |       repository: bitnamilegacy/postgresql-repmgr | ||||||
|     repmgrPassword: changeme2 |     repmgrPassword: changeme2 | ||||||
|     postgresPassword: changeme1 |     postgresPassword: changeme1 | ||||||
|     password: changeme4 |     password: changeme4 | ||||||
|  |  | ||||||
|  |   ## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword | ||||||
|  |   ## @param postgresql-ha.pgpool.image.repository Image repository, eg. `bitnamilegacy/pgpool`. | ||||||
|  |   ## @param postgresql-ha.pgpool.srCheckPassword pgpool srCheckPassword | ||||||
|   pgpool: |   pgpool: | ||||||
|     adminPassword: changeme3 |     adminPassword: changeme3 | ||||||
|  |     image: | ||||||
|  |       repository: bitnamilegacy/pgpool | ||||||
|  |     srCheckPassword: changeme4 | ||||||
|  |  | ||||||
|  |   ## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) | ||||||
|   service: |   service: | ||||||
|     ports: |     ports: | ||||||
|       postgresql: 5432 |       postgresql: 5432 | ||||||
|   primary: |  | ||||||
|  |   ## @param postgresql-ha.persistence.size PVC Storage Request for PostgreSQL HA volume | ||||||
|   persistence: |   persistence: | ||||||
|     size: 10Gi |     size: 10Gi | ||||||
|  |  | ||||||
|  |   ## @param postgresql-ha.volumePermissions.image.repository Image repository, eg. `bitnamilegacy/os-shell`. | ||||||
|  |   volumePermissions: | ||||||
|  |     image: | ||||||
|  |       repository: bitnamilegacy/os-shell | ||||||
|  |  | ||||||
| ## @section PostgreSQL | ## @section PostgreSQL | ||||||
| # |  | ||||||
| ## @param postgresql.enabled Enable PostgreSQL |  | ||||||
| ## @param postgresql.global.postgresql.auth.password Password for the `gitea` user (overrides `auth.password`) |  | ||||||
| ## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`) |  | ||||||
| ## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`) |  | ||||||
| ## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) |  | ||||||
| ## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume |  | ||||||
| postgresql: | postgresql: | ||||||
|  |   ## @param postgresql.enabled Enable PostgreSQL | ||||||
|   enabled: false |   enabled: false | ||||||
|  |  | ||||||
|  |   ## @param postgresql.global.postgresql.auth.password Password for the `gitea` user (overrides `auth.password`) | ||||||
|  |   ## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`) | ||||||
|  |   ## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`) | ||||||
|  |   ## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) | ||||||
|   global: |   global: | ||||||
|     postgresql: |     postgresql: | ||||||
|       auth: |       auth: | ||||||
| @@ -530,10 +678,26 @@ postgresql: | |||||||
|       service: |       service: | ||||||
|         ports: |         ports: | ||||||
|           postgresql: 5432 |           postgresql: 5432 | ||||||
|  |  | ||||||
|  |   ## @param postgresql.image.repository Image repository, eg. `bitnamilegacy/postgresql`. | ||||||
|  |   image: | ||||||
|  |     repository: bitnamilegacy/postgresql | ||||||
|  |  | ||||||
|  |   ## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume | ||||||
|   primary: |   primary: | ||||||
|     persistence: |     persistence: | ||||||
|       size: 10Gi |       size: 10Gi | ||||||
|  |  | ||||||
|  |   ## @param postgresql.metrics.image.repository Image repository, eg. `bitnamilegacy/postgres-exporter`. | ||||||
|  |   metrics: | ||||||
|  |     image: | ||||||
|  |       repository: bitnamilegacy/postgres-exporter | ||||||
|  |  | ||||||
|  |   ## @param postgresql.volumePermissions.image.repository Image repository, eg. `bitnamilegacy/os-shell`. | ||||||
|  |   volumePermissions: | ||||||
|  |     image: | ||||||
|  |       repository: bitnamilegacy/os-shell | ||||||
|  |  | ||||||
| # By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update. | # By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update. | ||||||
| # Set it to false to skip this basic validation check. | # Set it to false to skip this basic validation check. | ||||||
| ## @section Advanced | ## @section Advanced | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user