You've already forked helm-gitea
Compare commits
225 Commits
v9.6.0
...
46eec9290d
Author | SHA1 | Date | |
---|---|---|---|
46eec9290d
|
|||
![]() |
e059beb82b | ||
![]() |
9206b34af3 | ||
![]() |
203a282e93 | ||
![]() |
81c12fa3e5 | ||
![]() |
c7e294cf8c | ||
![]() |
ce60c7bb0f | ||
![]() |
2875e08daf | ||
09767c4494 | |||
![]() |
a45253abf9 | ||
![]() |
f9efe98fe7 | ||
![]() |
92c187f264 | ||
![]() |
4fbdf634a9 | ||
![]() |
f0dcbe88dd | ||
![]() |
aa7ccb47ba | ||
![]() |
0f1f329de4 | ||
![]() |
cb28148dc8 | ||
![]() |
ee84a1750b | ||
![]() |
6e1d516bb2 | ||
![]() |
08143654a5 | ||
![]() |
e134835662 | ||
![]() |
e7db8cddd9 | ||
ec7a659535 | |||
![]() |
db177a356f | ||
![]() |
d29a7e84a4 | ||
![]() |
31fa278145 | ||
![]() |
52c249eb08 | ||
![]() |
0d532363eb | ||
![]() |
8f0f44a864 | ||
![]() |
cf86118976 | ||
![]() |
7f96084a30 | ||
![]() |
5292684a4a | ||
![]() |
edc42f69a9 | ||
![]() |
9c607f8a4b | ||
![]() |
6d89d0a1b7 | ||
![]() |
8f35f45e31 | ||
![]() |
a94eec4238 | ||
![]() |
87272a1244 | ||
![]() |
ed06694adf | ||
![]() |
443a6d0cd7 | ||
![]() |
8854e62572 | ||
![]() |
da2d169d65 | ||
![]() |
ebb4b1ee49 | ||
![]() |
e64afe393e | ||
![]() |
6e4e414771 | ||
![]() |
037eca0c91 | ||
![]() |
d10adfd064 | ||
![]() |
a1fc670df5 | ||
![]() |
0cfe38aec5 | ||
![]() |
5410bb08c2 | ||
![]() |
3b32a04b9c | ||
![]() |
5b247ea860 | ||
![]() |
3aea811f1f | ||
![]() |
a7035ca4e5 | ||
![]() |
fa36d2beef | ||
![]() |
6c5b42c482 | ||
![]() |
356dd6e710 | ||
![]() |
1f313ac70e | ||
![]() |
d2d542e625 | ||
![]() |
75cd261b37 | ||
![]() |
2c78da9c3e | ||
![]() |
06f5179273 | ||
![]() |
e7e2ae9610 | ||
![]() |
62f5ed6d46 | ||
![]() |
d2e9bcf4b8 | ||
![]() |
b44d43d2b0 | ||
![]() |
03918a126b | ||
![]() |
8d3f4d2260 | ||
![]() |
74d550922b | ||
![]() |
7245b3b4cc | ||
![]() |
c0cadb9056 | ||
![]() |
c38703f21e | ||
![]() |
ad475405e9 | ||
![]() |
60ef163b22 | ||
![]() |
941ab3ef49 | ||
![]() |
ff7783fcbe | ||
![]() |
9f659afc47 | ||
![]() |
f74ab67b59 | ||
![]() |
724ebc5258 | ||
![]() |
44563bed35 | ||
![]() |
6cb068ae12 | ||
![]() |
3c931de904 | ||
![]() |
cb516e0f7f | ||
![]() |
31d8e7c79f | ||
![]() |
11d3fbcc77 | ||
![]() |
05143021fe | ||
![]() |
a983974568 | ||
edd8557bb0 | |||
![]() |
a4c706f521 | ||
![]() |
d8f155562b | ||
![]() |
8bf5b2104d | ||
![]() |
d8ec7dc2f5 | ||
![]() |
70cc590eb3 | ||
![]() |
3ac51f2628 | ||
4f42f4bee3 | |||
![]() |
cc7532ec90 | ||
![]() |
1d908965a8 | ||
![]() |
43e0918cfc | ||
![]() |
41deaf977e | ||
![]() |
b8b909be0b | ||
![]() |
4f9a48ae51 | ||
![]() |
ef8ad0f050 | ||
![]() |
680d95c943 | ||
![]() |
48e61b164b | ||
![]() |
3e72e8b983 | ||
![]() |
9b28e264f7 | ||
![]() |
8c4e8e8f30 | ||
![]() |
5968cfa1d4 | ||
![]() |
12f253db10 | ||
![]() |
535aa1cf1a | ||
![]() |
a79fd31f7e | ||
![]() |
726b36c6d8 | ||
![]() |
4691b63f7a | ||
![]() |
8f516048e4 | ||
![]() |
e9084e1833 | ||
![]() |
e733287dc2 | ||
![]() |
f4d1a6b516 | ||
![]() |
c3d0bae515 | ||
![]() |
aec87c2490 | ||
![]() |
e3db83e22b | ||
![]() |
7cae9d3404 | ||
![]() |
52153021e3 | ||
![]() |
5f7d353901 | ||
![]() |
389a8460e4 | ||
![]() |
3bacaaad84 | ||
![]() |
2be2e2a639 | ||
![]() |
7b892431d6 | ||
![]() |
f7c66c0336 | ||
![]() |
5c7e78b467 | ||
![]() |
478af4e381 | ||
![]() |
7c4d6c3797 | ||
![]() |
aa9808bc27 | ||
![]() |
a08e39f8ff | ||
![]() |
c039673e5a | ||
e636984db1 | |||
![]() |
77aa11a3bb | ||
![]() |
3fdb39df68 | ||
![]() |
9dc3f7c086 | ||
![]() |
036b469ff9 | ||
![]() |
339ee94260 | ||
![]() |
1c71764d3c | ||
![]() |
e19723a3fb | ||
![]() |
2a762f0865 | ||
![]() |
c32c6f929f | ||
![]() |
e29cd1c289 | ||
![]() |
a535919025 | ||
![]() |
5c6cd932fe | ||
![]() |
3265a5ed53 | ||
![]() |
1dbf171ad3 | ||
![]() |
6226e4eaea | ||
![]() |
6ffc0a3790 | ||
![]() |
1ac39a6f5d | ||
![]() |
c4168dd029 | ||
![]() |
4dd17f045b | ||
![]() |
030322170e | ||
![]() |
d407eda496 | ||
![]() |
b7b60dd51f | ||
![]() |
22848d0ce7 | ||
![]() |
157e87593d | ||
![]() |
f897e6350b | ||
![]() |
21bc9a548b | ||
![]() |
b13063ad7a | ||
![]() |
4d62136a3d | ||
![]() |
548f932422 | ||
![]() |
dc30c66d25 | ||
![]() |
0b2f3d6eb9 | ||
![]() |
dd304c1c1a | ||
![]() |
4f4c71fb39 | ||
![]() |
509ee975c4 | ||
![]() |
15385d02ee | ||
![]() |
617c773b7e | ||
![]() |
42937062d9 | ||
![]() |
a91624b52d | ||
![]() |
b768ded932 | ||
![]() |
fd8246e51d | ||
![]() |
20b14b01c1 | ||
![]() |
74bae066c4 | ||
![]() |
2f809390be | ||
![]() |
153a664138 | ||
![]() |
0135b10295 | ||
![]() |
2a9273d32f | ||
![]() |
3b2b700441 | ||
![]() |
7fa896a0ce | ||
![]() |
d2bfa0250d | ||
![]() |
2d77b626ac | ||
![]() |
6644c1701b | ||
![]() |
a3fafc90a8 | ||
![]() |
ceb6de12a8 | ||
![]() |
ab5ec8ddb9 | ||
![]() |
d65737681a | ||
![]() |
8ee589a56f | ||
![]() |
a82540e7eb | ||
![]() |
0794fe5b8b | ||
![]() |
3ac530f66d | ||
![]() |
00fbf45f03 | ||
![]() |
4d339bb05b | ||
![]() |
829bca241d | ||
![]() |
6be4f8bb97 | ||
![]() |
aeea86b26a | ||
![]() |
4ed7818ec2 | ||
![]() |
b84a431854 | ||
![]() |
a1af5eab4e | ||
![]() |
f5ad4eb33d | ||
![]() |
5dfaca13f2 | ||
![]() |
70e5da077a | ||
![]() |
d7cba5443f | ||
![]() |
e9d401a9ee | ||
![]() |
7b7789e65d | ||
![]() |
8a191f0eca | ||
![]() |
469eacaf1c | ||
![]() |
f0d0c00ed6 | ||
![]() |
323bcd7526 | ||
![]() |
59b246302b | ||
![]() |
223069d042 | ||
![]() |
060945a486 | ||
![]() |
ff932a0bf9 | ||
![]() |
88a1650ce4 | ||
![]() |
d875809299 | ||
![]() |
a1d9059e53 | ||
![]() |
7e403d5ef6 | ||
![]() |
0081cabe0b | ||
![]() |
b265d87f55 | ||
![]() |
8bcd2dc63b | ||
![]() |
34c1212939 | ||
![]() |
5c4bcaa1e3 |
7
.commitlintrc.json
Normal file
7
.commitlintrc.json
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
{
|
||||||
|
"extends": ["@commitlint/config-conventional"],
|
||||||
|
"rules": {
|
||||||
|
"type-enum": [2, "always", ["feat", "fix", "chore", "docs", "style", "refactor", "test", "perf", "ci", "WIP"]],
|
||||||
|
"type-case": [0, "always", "lower-case"]
|
||||||
|
}
|
||||||
|
}
|
@@ -23,7 +23,7 @@
|
|||||||
### Applicable issues
|
### Applicable issues
|
||||||
|
|
||||||
<!-- Enter any applicable Issues here (You can reference an issue using #). Please remove this section if there is no referenced issue. -->
|
<!-- Enter any applicable Issues here (You can reference an issue using #). Please remove this section if there is no referenced issue. -->
|
||||||
- fixes #
|
- Fixes #
|
||||||
|
|
||||||
### Additional information
|
### Additional information
|
||||||
|
|
||||||
@@ -39,4 +39,6 @@
|
|||||||
|
|
||||||
- [ ] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
|
- [ ] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
|
||||||
- [ ] Breaking changes are documented in the `README.md`
|
- [ ] Breaking changes are documented in the `README.md`
|
||||||
- [ ] Templating unittests are added
|
- [ ] Helm templating unittests are added (required when changing anything in `templates` folder)
|
||||||
|
- [ ] Bash unittests are added (required when changing anything in `scripts` folder)
|
||||||
|
- [ ] All added template resources MUST render a namespace in metadata
|
||||||
|
114
.gitea/scripts/add-annotations.sh
Executable file
114
.gitea/scripts/add-annotations.sh
Executable file
@@ -0,0 +1,114 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
CHART_FILE="Chart.yaml"
|
||||||
|
if [ ! -f "${CHART_FILE}" ]; then
|
||||||
|
echo "ERROR: ${CHART_FILE} not found!" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
|
||||||
|
DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
|
||||||
|
|
||||||
|
if [ -z "${1}" ]; then
|
||||||
|
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
|
||||||
|
if [ -z "${OLD_TAG}" ]; then
|
||||||
|
OLD_TAG="${DEFAULT_OLD_TAG}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
while [ -z "$(git tag --list "${OLD_TAG}")" ]; do
|
||||||
|
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
|
||||||
|
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
|
||||||
|
if [ -z "${OLD_TAG}" ]; then
|
||||||
|
OLD_TAG="${DEFAULT_OLD_TAG}"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
else
|
||||||
|
OLD_TAG=${1}
|
||||||
|
if [ -z "$(git tag --list "${OLD_TAG}")" ]; then
|
||||||
|
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "${2}" ]; then
|
||||||
|
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
|
||||||
|
if [ -z "${NEW_TAG}" ]; then
|
||||||
|
NEW_TAG="${DEFAULT_NEW_TAG}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
while [ -z "$(git tag --list "${NEW_TAG}")" ]; do
|
||||||
|
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
|
||||||
|
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
|
||||||
|
if [ -z "${NEW_TAG}" ]; then
|
||||||
|
NEW_TAG="${DEFAULT_NEW_TAG}"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
else
|
||||||
|
NEW_TAG=${2}
|
||||||
|
|
||||||
|
if [ -z "$(git tag --list "${NEW_TAG}")" ]; then
|
||||||
|
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
CHANGE_LOG_YAML=$(mktemp)
|
||||||
|
echo "[]" > "${CHANGE_LOG_YAML}"
|
||||||
|
|
||||||
|
function map_type_to_kind() {
|
||||||
|
case "${1}" in
|
||||||
|
feat)
|
||||||
|
echo "added"
|
||||||
|
;;
|
||||||
|
fix)
|
||||||
|
echo "fixed"
|
||||||
|
;;
|
||||||
|
chore|style|test|ci|docs|refac)
|
||||||
|
echo "changed"
|
||||||
|
;;
|
||||||
|
revert)
|
||||||
|
echo "removed"
|
||||||
|
;;
|
||||||
|
sec)
|
||||||
|
echo "security"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "skip"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")"
|
||||||
|
|
||||||
|
echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}"
|
||||||
|
|
||||||
|
while IFS= read -r line; do
|
||||||
|
if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then
|
||||||
|
TYPE="${BASH_REMATCH[1]}"
|
||||||
|
KIND=$(map_type_to_kind "${TYPE}")
|
||||||
|
|
||||||
|
if [ "${KIND}" == "skip" ]; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
DESC="${BASH_REMATCH[3]}"
|
||||||
|
|
||||||
|
echo "- ${KIND}: ${DESC}"
|
||||||
|
|
||||||
|
jq --arg kind "${KIND}" --arg description "${DESC}" '. += [ $ARGS.named ]' < "${CHANGE_LOG_YAML}" > "${CHANGE_LOG_YAML}.new"
|
||||||
|
mv "${CHANGE_LOG_YAML}.new" "${CHANGE_LOG_YAML}"
|
||||||
|
|
||||||
|
fi
|
||||||
|
done <<< "${COMMIT_TITLES}"
|
||||||
|
|
||||||
|
if [ -s "${CHANGE_LOG_YAML}" ]; then
|
||||||
|
yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}"
|
||||||
|
yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}"
|
||||||
|
else
|
||||||
|
echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
rm "${CHANGE_LOG_YAML}"
|
32
.gitea/workflows/changelog.yml
Normal file
32
.gitea/workflows/changelog.yml
Normal file
@@ -0,0 +1,32 @@
|
|||||||
|
name: changelog
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
changelog:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
container: docker.io/thegeeklab/git-sv:2.0.3
|
||||||
|
steps:
|
||||||
|
- name: install tools
|
||||||
|
run: |
|
||||||
|
apk add -q --update --no-cache nodejs curl jq sed
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
- name: Generate upcoming changelog
|
||||||
|
run: |
|
||||||
|
git sv rn -o changelog.md
|
||||||
|
export RELEASE_NOTES=$(cat changelog.md)
|
||||||
|
export ISSUE_NUMBER=$(curl -s "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues?state=open&q=Changelog%20for%20upcoming%20version" | jq '.[].number')
|
||||||
|
|
||||||
|
echo $RELEASE_NOTES
|
||||||
|
JSON_DATA=$(echo "" | jq -Rs --arg title 'Changelog for upcoming version' --arg body "$(cat changelog.md)" '{title: $title, body: $body}')
|
||||||
|
|
||||||
|
if [ -z "$ISSUE_NUMBER" ]; then
|
||||||
|
curl -s -X POST "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues" -H "Authorization: token ${{ secrets.ISSUE_RW_TOKEN }}" -H "Content-Type: application/json" -d "$JSON_DATA"
|
||||||
|
else
|
||||||
|
curl -s -X PATCH "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues/$ISSUE_NUMBER" -H "Authorization: token ${{ secrets.ISSUE_RW_TOKEN }}" -H "Content-Type: application/json" -d "$JSON_DATA"
|
||||||
|
fi
|
19
.gitea/workflows/commitlint.yml
Normal file
19
.gitea/workflows/commitlint.yml
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
name: commitlint
|
||||||
|
|
||||||
|
on:
|
||||||
|
pull_request:
|
||||||
|
branches:
|
||||||
|
- "*"
|
||||||
|
types:
|
||||||
|
- opened
|
||||||
|
- edited
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
check-and-test:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
container: commitlint/commitlint:19.8.1
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
- name: check PR title
|
||||||
|
run: |
|
||||||
|
echo "${{ gitea.event.pull_request.title }}" | commitlint --config .commitlintrc.json
|
@@ -5,51 +5,80 @@ on:
|
|||||||
tags:
|
tags:
|
||||||
- "*"
|
- "*"
|
||||||
|
|
||||||
env:
|
|
||||||
# renovate: datasource=docker depName=alpine/helm
|
|
||||||
HELM_VERSION: "3.13.2"
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
generate-chart-publish:
|
generate-chart-publish:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
- name: install tools
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
|
- name: Install packages via apt
|
||||||
|
run: |
|
||||||
|
apt update --yes
|
||||||
|
apt install --yes curl ca-certificates curl gnupg jq
|
||||||
|
|
||||||
|
- name: Install helm
|
||||||
|
env:
|
||||||
|
# renovate: datasource=docker depName=alpine/helm
|
||||||
|
HELM_VERSION: "3.18.4"
|
||||||
|
run: |
|
||||||
|
curl --fail --location --output /dev/stdout --silent --show-error https://get.helm.sh/helm-v${HELM_VERSION}-linux-$(dpkg --print-architecture).tar.gz | tar --extract --gzip --file /dev/stdin
|
||||||
|
mv linux-$(dpkg --print-architecture)/helm /usr/local/bin/
|
||||||
|
rm --force --recursive linux-$(dpkg --print-architecture) helm-v${HELM_VERSION}-linux-$(dpkg --print-architecture).tar.gz
|
||||||
|
helm version
|
||||||
|
|
||||||
|
- name: Install yq
|
||||||
|
env:
|
||||||
|
YQ_VERSION: v4.45.4 # renovate: datasource=github-releases depName=mikefarah/yq
|
||||||
|
run: |
|
||||||
|
curl --fail --location --output /dev/stdout --silent --show-error https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_$(dpkg --print-architecture).tar.gz | tar --extract --gzip --file /dev/stdin
|
||||||
|
mv yq_linux_$(dpkg --print-architecture) /usr/local/bin
|
||||||
|
rm --force --recursive yq_linux_$(dpkg --print-architecture) yq_linux_$(dpkg --print-architecture).tar.gz
|
||||||
|
yq --version
|
||||||
|
|
||||||
|
- name: Install docker-ce via apt
|
||||||
run: |
|
run: |
|
||||||
apt update -y
|
|
||||||
apt install -y curl ca-certificates curl gnupg
|
|
||||||
# helm
|
|
||||||
curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null
|
|
||||||
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list
|
|
||||||
# docker
|
|
||||||
install -m 0755 -d /etc/apt/keyrings
|
install -m 0755 -d /etc/apt/keyrings
|
||||||
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
curl --fail --location --silent --show-error https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
||||||
chmod a+r /etc/apt/keyrings/docker.gpg
|
chmod a+r /etc/apt/keyrings/docker.gpg
|
||||||
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
|
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||||
apt update -y
|
apt update --yes
|
||||||
apt install -y python helm=${{ env.HELM_VERSION }}-1 python3-pip apt-transport-https docker-ce-cli
|
apt install --yes python3 python3-pip apt-transport-https docker-ce-cli
|
||||||
pip install awscli
|
|
||||||
|
- name: Install awscli
|
||||||
|
run: |
|
||||||
|
pip install awscli --break-system-packages
|
||||||
|
aws --version
|
||||||
|
|
||||||
- name: Import GPG key
|
- name: Import GPG key
|
||||||
id: import_gpg
|
id: import_gpg
|
||||||
uses: https://github.com/crazy-max/ghaction-import-gpg@v5
|
uses: https://github.com/crazy-max/ghaction-import-gpg@v6
|
||||||
with:
|
with:
|
||||||
gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
|
gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
|
||||||
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
|
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
|
||||||
fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
|
fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
|
||||||
|
|
||||||
|
- name: Add Artifacthub.io annotations
|
||||||
|
run: |
|
||||||
|
NEW_TAG="$(git tag --sort=-version:refname | head --lines 1)"
|
||||||
|
OLD_TAG="$(git tag --sort=-version:refname | head --lines 2 | tail --lines 1)"
|
||||||
|
.gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
|
||||||
|
|
||||||
|
- name: Print Chart.yaml
|
||||||
|
run: cat Chart.yaml
|
||||||
|
|
||||||
# Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
|
# Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
|
||||||
- name: package chart
|
- name: package chart
|
||||||
run: |
|
run: |
|
||||||
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
|
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
|
||||||
# FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
|
# FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
|
||||||
helm plugin install https://github.com/pat-s/helm-gpg
|
helm plugin install https://github.com/pat-s/helm-gpg
|
||||||
helm dependency update
|
helm dependency build
|
||||||
helm package --version "${GITHUB_REF#refs/tags/v}" ./
|
helm package --version "${GITHUB_REF#refs/tags/v}" ./
|
||||||
helm gpg sign "gitea-${GITHUB_REF#refs/tags/v}.tgz"
|
|
||||||
mkdir gitea
|
mkdir gitea
|
||||||
mv gitea*.tgz gitea/
|
mv gitea*.tgz gitea/
|
||||||
curl -s -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml
|
curl --fail --location --output gitea/index.yaml --silent --show-error https://dl.gitea.com/charts/index.yaml
|
||||||
helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml
|
helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml
|
||||||
# push to dockerhub
|
# push to dockerhub
|
||||||
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
|
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
|
||||||
@@ -57,7 +86,7 @@ jobs:
|
|||||||
helm registry logout registry-1.docker.io
|
helm registry logout registry-1.docker.io
|
||||||
|
|
||||||
- name: aws credential configure
|
- name: aws credential configure
|
||||||
uses: https://github.com/aws-actions/configure-aws-credentials@v2
|
uses: https://github.com/aws-actions/configure-aws-credentials@v4
|
||||||
with:
|
with:
|
||||||
aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
|
aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
|
||||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||||
@@ -66,3 +95,29 @@ jobs:
|
|||||||
- name: Copy files to S3 and clear cache
|
- name: Copy files to S3 and clear cache
|
||||||
run: |
|
run: |
|
||||||
aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/
|
aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/
|
||||||
|
|
||||||
|
release-gitea:
|
||||||
|
needs: generate-chart-publish
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
container: docker.io/thegeeklab/git-sv:2.0.3
|
||||||
|
steps:
|
||||||
|
- name: install tools
|
||||||
|
run: |
|
||||||
|
apk add -q --update --no-cache nodejs
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
fetch-tags: true
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
|
- name: Create changelog
|
||||||
|
run: |
|
||||||
|
git sv current-version
|
||||||
|
git sv release-notes -t ${GITHUB_REF#refs/tags/} -o CHANGELOG.md
|
||||||
|
sed -i '1,2d' CHANGELOG.md # remove version
|
||||||
|
cat CHANGELOG.md
|
||||||
|
|
||||||
|
- name: Release
|
||||||
|
uses: https://github.com/akkuman/gitea-release-action@v1
|
||||||
|
with:
|
||||||
|
body_path: CHANGELOG.md
|
||||||
|
token: "${{ secrets.RELEASE_TOKEN }}"
|
||||||
|
@@ -7,21 +7,20 @@ on:
|
|||||||
push:
|
push:
|
||||||
branches:
|
branches:
|
||||||
- main
|
- main
|
||||||
- "renovate/**"
|
|
||||||
|
|
||||||
env:
|
env:
|
||||||
# renovate: datasource=github-releases depName=helm-unittest/helm-unittest
|
# renovate: datasource=github-releases depName=helm-unittest/helm-unittest
|
||||||
HELM_UNITTEST_VERSION: "v0.3.6"
|
HELM_UNITTEST_VERSION: "v0.8.2"
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
check-and-test:
|
check-and-test:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
container: alpine/helm:3.13.2
|
container: alpine/helm:3.18.4
|
||||||
steps:
|
steps:
|
||||||
- name: install tools
|
- name: install tools
|
||||||
run: |
|
run: |
|
||||||
apk update
|
apk update
|
||||||
apk add --update make nodejs npm yamllint
|
apk add --update bash make nodejs npm yamllint ncurses
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
- name: install chart dependencies
|
- name: install chart dependencies
|
||||||
run: helm dependency build
|
run: helm dependency build
|
||||||
@@ -29,9 +28,14 @@ jobs:
|
|||||||
run: helm lint
|
run: helm lint
|
||||||
- name: template
|
- name: template
|
||||||
run: helm template --debug gitea-helm .
|
run: helm template --debug gitea-helm .
|
||||||
- name: unit tests
|
- name: prepare unit test environment
|
||||||
run: |
|
run: |
|
||||||
helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
|
helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
|
||||||
|
git submodule update --init --recursive
|
||||||
|
- name: unit tests
|
||||||
|
env:
|
||||||
|
TERM: xterm
|
||||||
|
run: |
|
||||||
make unittests
|
make unittests
|
||||||
- name: verify readme
|
- name: verify readme
|
||||||
run: |
|
run: |
|
||||||
|
12
.gitmodules
vendored
Normal file
12
.gitmodules
vendored
Normal file
@@ -0,0 +1,12 @@
|
|||||||
|
[submodule "unittests/bash/bats"]
|
||||||
|
path = unittests/bash/bats
|
||||||
|
url = https://github.com/bats-core/bats-core.git
|
||||||
|
[submodule "unittests/bash/test_helper/bats-support"]
|
||||||
|
path = unittests/bash/test_helper/bats-support
|
||||||
|
url = https://github.com/bats-core/bats-support.git
|
||||||
|
[submodule "unittests/bash/test_helper/bats-assert"]
|
||||||
|
path = unittests/bash/test_helper/bats-assert
|
||||||
|
url = https://github.com/bats-core/bats-assert.git
|
||||||
|
[submodule "unittests/bash/test_helper/bats-mock"]
|
||||||
|
path = unittests/bash/test_helper/bats-mock
|
||||||
|
url = https://github.com/jasonkarns/bats-mock.git
|
57
.gitsv/config.yaml
Normal file
57
.gitsv/config.yaml
Normal file
@@ -0,0 +1,57 @@
|
|||||||
|
version: '1.1' # Configuration version.
|
||||||
|
|
||||||
|
versioning:
|
||||||
|
update-major: [breaking] # Commit types used to bump major.
|
||||||
|
update-minor: [feat, perf] # Commit types used to bump minor.
|
||||||
|
update-patch: [build, ci, chore, fix, perf, refactor, test] # Commit types used to bump patch.
|
||||||
|
# When type is not present on update rules and is unknown (not mapped on commit message types);
|
||||||
|
# if ignore-unknown=false bump patch, if ignore-unknown=true do not bump version.
|
||||||
|
ignore-unknown: false
|
||||||
|
|
||||||
|
tag:
|
||||||
|
pattern: 'v%d.%d.%d' # Pattern used to create git tag.
|
||||||
|
filter: '' # Enables you to filter for considerable tags using git pattern syntax.
|
||||||
|
|
||||||
|
release-notes:
|
||||||
|
sections: # Array with each section of release note. Check template section for more information.
|
||||||
|
- name: Breaking Changes
|
||||||
|
section-type: breaking-changes
|
||||||
|
- name: Features # Name used on section.
|
||||||
|
section-type: commits # Type of the section, supported types: commits, breaking-changes.
|
||||||
|
commit-types: [feat, perf] # Commit types for commit section-type, one commit type cannot be in more than one section.
|
||||||
|
- name: Bug Fixes
|
||||||
|
section-type: commits
|
||||||
|
commit-types: [fix]
|
||||||
|
- name: Maintenance
|
||||||
|
section-type: commits
|
||||||
|
commit-types: [chore, refactor]
|
||||||
|
- name: Documentation
|
||||||
|
commit-types: [docs]
|
||||||
|
section-type: commits
|
||||||
|
- name: CI
|
||||||
|
commit-types: [ci]
|
||||||
|
section-type: commits
|
||||||
|
|
||||||
|
branches: # Git branches config.
|
||||||
|
prefix: ([a-z]+\/)? # Prefix used on branch name, it should be a regex group.
|
||||||
|
suffix: (-.*)? # Suffix used on branch name, it should be a regex group.
|
||||||
|
disable-issue: false # Set true if there is no need to recover issue id from branch name.
|
||||||
|
skip: [] # List of branch names ignored on commit message validation.
|
||||||
|
skip-detached: false # Set true if a detached branch should be ignored on commit message validation.
|
||||||
|
|
||||||
|
commit-message:
|
||||||
|
# Supported commit types.
|
||||||
|
types: [build, ci, chore, docs, feat, fix, perf, refactor, revert, style, test]
|
||||||
|
header-selector: '' # You can put in a regex here to select only a certain part of the commit message. Please define a regex group 'header'.
|
||||||
|
scope:
|
||||||
|
# Define supported scopes, if blank, scope will not be validated, if not, only scope listed will be valid.
|
||||||
|
# Don't forget to add "" on your list if you need to define scopes and keep it optional.
|
||||||
|
values: []
|
||||||
|
footer:
|
||||||
|
issue: # Use "issue: {}" if you wish to disable issue footer.
|
||||||
|
key: jira # Name used to define an issue on footer metadata.
|
||||||
|
key-synonyms: [Jira, JIRA] # Supported variations for footer metadata.
|
||||||
|
use-hash: false # If false, use :<space> separator. If true, use <space># separator.
|
||||||
|
add-value-prefix: '' # Add a prefix to issue value.
|
||||||
|
issue:
|
||||||
|
regex: '[A-Z]+-[0-9]+' # Regex for issue id.
|
@@ -5,6 +5,7 @@
|
|||||||
# Common VCS dirs
|
# Common VCS dirs
|
||||||
.git/
|
.git/
|
||||||
.gitignore
|
.gitignore
|
||||||
|
.gitmodules
|
||||||
.bzr/
|
.bzr/
|
||||||
.bzrignore
|
.bzrignore
|
||||||
.hg/
|
.hg/
|
||||||
@@ -31,3 +32,10 @@ Makefile
|
|||||||
.drone.yml
|
.drone.yml
|
||||||
CONTRIBUTING.md
|
CONTRIBUTING.md
|
||||||
unittests/
|
unittests/
|
||||||
|
.editorconfig
|
||||||
|
.prettierignore
|
||||||
|
.yamllint
|
||||||
|
CODEOWNERS
|
||||||
|
renovate.json5
|
||||||
|
.commitlintrc.json
|
||||||
|
.gitsv/
|
||||||
|
@@ -73,7 +73,7 @@ MD022:
|
|||||||
# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
|
# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
|
||||||
MD024:
|
MD024:
|
||||||
# Only check sibling headings
|
# Only check sibling headings
|
||||||
allow_different_nesting: true
|
siblings_only: true
|
||||||
|
|
||||||
# MD025/single-title/single-h1 - Multiple top-level headings in the same document
|
# MD025/single-title/single-h1 - Multiple top-level headings in the same document
|
||||||
MD025:
|
MD025:
|
||||||
@@ -129,6 +129,7 @@ MD041:
|
|||||||
MD044:
|
MD044:
|
||||||
# List of proper names
|
# List of proper names
|
||||||
names:
|
names:
|
||||||
|
- docker.gitea.com
|
||||||
- Gitea
|
- Gitea
|
||||||
- PostgreSQL
|
- PostgreSQL
|
||||||
- Memcached
|
- Memcached
|
||||||
|
3
.vscode/extensions.json
vendored
3
.vscode/extensions.json
vendored
@@ -3,6 +3,7 @@
|
|||||||
"yzhang.markdown-all-in-one",
|
"yzhang.markdown-all-in-one",
|
||||||
"DavidAnson.vscode-markdownlint",
|
"DavidAnson.vscode-markdownlint",
|
||||||
"Tim-Koehler.helm-intellisense",
|
"Tim-Koehler.helm-intellisense",
|
||||||
"esbenp.prettier-vscode"
|
"esbenp.prettier-vscode",
|
||||||
|
"jetmartin.bats"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
11
.vscode/settings.json
vendored
11
.vscode/settings.json
vendored
@@ -1,8 +1,15 @@
|
|||||||
{
|
{
|
||||||
"yaml.schemas": {
|
"yaml.schemas": {
|
||||||
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json": [
|
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.8.2/schema/helm-testsuite.json": [
|
||||||
"/unittests/**/*.yaml"
|
"/unittests/**/*.yaml"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"yaml.schemaStore.enable": true
|
"yaml.schemaStore.enable": true,
|
||||||
|
"[bats]": {
|
||||||
|
"editor.tabSize": 2
|
||||||
|
},
|
||||||
|
"[shellscript]": {
|
||||||
|
"files.eol": "\n",
|
||||||
|
"editor.tabSize": 2
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@@ -5,7 +5,7 @@ ignore: |
|
|||||||
.yamllint
|
.yamllint
|
||||||
node_modules
|
node_modules
|
||||||
templates
|
templates
|
||||||
|
unittests/bash
|
||||||
|
|
||||||
rules:
|
rules:
|
||||||
truthy:
|
truthy:
|
||||||
|
1
CODEOWNERS
Normal file
1
CODEOWNERS
Normal file
@@ -0,0 +1 @@
|
|||||||
|
charts/*
|
@@ -29,6 +29,7 @@ When submitting or updating a PR:
|
|||||||
- try to avoid rebases. They make code reviews for large PRs and comments much harder.
|
- try to avoid rebases. They make code reviews for large PRs and comments much harder.
|
||||||
- if applicable, use the PR template for a well-defined PR description.
|
- if applicable, use the PR template for a well-defined PR description.
|
||||||
- clearly mark breaking changes.
|
- clearly mark breaking changes.
|
||||||
|
- format the PR title following the [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/#specification) schema
|
||||||
|
|
||||||
## Local development & testing
|
## Local development & testing
|
||||||
|
|
||||||
@@ -37,7 +38,7 @@ be used:
|
|||||||
|
|
||||||
1. Install `minikube` and `helm`.
|
1. Install `minikube` and `helm`.
|
||||||
1. Start a `minikube` cluster via `minikube start`.
|
1. Start a `minikube` cluster via `minikube start`.
|
||||||
1. From the `gitea/helm-chart` directory execute the following command.
|
1. From the `gitea/helm-gitea` directory execute the following command.
|
||||||
This will install the dependencies listed in `Chart.yml` and deploy the current state of the helm chart found locally.
|
This will install the dependencies listed in `Chart.yml` and deploy the current state of the helm chart found locally.
|
||||||
If you want to test a branch, make sure to switch to the respective branch first.
|
If you want to test a branch, make sure to switch to the respective branch first.
|
||||||
`helm install --dependency-update gitea . -f values.yaml`.
|
`helm install --dependency-update gitea . -f values.yaml`.
|
||||||
@@ -48,18 +49,32 @@ default port-forward svc/gitea-http 3000:3000`.
|
|||||||
|
|
||||||
### Unit tests
|
### Unit tests
|
||||||
|
|
||||||
|
#### Helm templating tests
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# install the unittest plugin
|
# install the unittest plugin
|
||||||
$ helm plugin install https://github.com/helm-unittest/helm-unittest
|
$ helm plugin install https://github.com/helm-unittest/helm-unittest
|
||||||
|
|
||||||
# run the unittests
|
# run the Helm unittests
|
||||||
make unittests
|
make unittests-helm
|
||||||
```
|
```
|
||||||
|
|
||||||
See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/main/DOCUMENT.md) for usage instructions.
|
See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/main/DOCUMENT.md) for usage instructions.
|
||||||
|
|
||||||
|
#### Bash script tests
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# setup the environment
|
||||||
|
git submodule update --init --recursive
|
||||||
|
|
||||||
|
# run the bash tests
|
||||||
|
make unittests-bash
|
||||||
|
```
|
||||||
|
|
||||||
|
See [bats documentation](https://bats-core.readthedocs.io/en/stable/) for usage instructions.
|
||||||
|
|
||||||
## Release process
|
## Release process
|
||||||
|
|
||||||
1. Create a tag following the tagging schema
|
1. Ensure you have [`git-sv`](https://github.com/thegeeklab/git-sv) installed
|
||||||
1. Push the tag
|
1. Run `git sv tag` (this creates and pushes the tag following the respective next tag according to the semver commits issued since the last release)
|
||||||
1. Let CI do it's work
|
1. Let CI do it's work
|
||||||
|
15
Chart.lock
15
Chart.lock
@@ -1,12 +1,15 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- name: postgresql
|
- name: postgresql
|
||||||
repository: oci://registry-1.docker.io/bitnamicharts
|
repository: oci://registry-1.docker.io/bitnamicharts
|
||||||
version: 12.12.10
|
version: 16.7.21
|
||||||
- name: postgresql-ha
|
- name: postgresql-ha
|
||||||
repository: oci://registry-1.docker.io/bitnamicharts
|
repository: oci://registry-1.docker.io/bitnamicharts
|
||||||
version: 11.9.4
|
version: 16.0.22
|
||||||
- name: redis-cluster
|
- name: valkey-cluster
|
||||||
repository: oci://registry-1.docker.io/bitnamicharts
|
repository: oci://registry-1.docker.io/bitnamicharts
|
||||||
version: 9.1.3
|
version: 3.0.18
|
||||||
digest: sha256:6bda620320a05a5ea4efb4189a86d30092aeb0a6f3e0009538f4bea312af0863
|
- name: valkey
|
||||||
generated: "2023-11-14T00:08:15.790217865Z"
|
repository: oci://registry-1.docker.io/bitnamicharts
|
||||||
|
version: 3.0.22
|
||||||
|
digest: sha256:96a5d8b084c2558569064245792a7d882c8d0822da2f69fa6423ed682c6861bd
|
||||||
|
generated: "2025-07-26T00:04:25.213432532Z"
|
||||||
|
29
Chart.yaml
29
Chart.yaml
@@ -3,7 +3,8 @@ name: gitea
|
|||||||
description: Gitea Helm chart for Kubernetes
|
description: Gitea Helm chart for Kubernetes
|
||||||
type: application
|
type: application
|
||||||
version: 0.0.0
|
version: 0.0.0
|
||||||
appVersion: 1.21.0
|
# renovate datasource=github-releases depName=go-gitea/gitea extractVersion=^v(?<version>.*)$
|
||||||
|
appVersion: 1.24.3
|
||||||
icon: https://gitea.com/assets/img/logo.svg
|
icon: https://gitea.com/assets/img/logo.svg
|
||||||
|
|
||||||
keywords:
|
keywords:
|
||||||
@@ -14,9 +15,9 @@ keywords:
|
|||||||
- gitea
|
- gitea
|
||||||
- gogs
|
- gogs
|
||||||
sources:
|
sources:
|
||||||
- https://gitea.com/gitea/helm-chart
|
- https://gitea.com/gitea/helm-gitea
|
||||||
- https://github.com/go-gitea/gitea
|
- https://github.com/go-gitea/gitea
|
||||||
- https://hub.docker.com/r/gitea/gitea/
|
- https://docker.gitea.com/gitea
|
||||||
maintainers:
|
maintainers:
|
||||||
- name: Charlie Drage
|
- name: Charlie Drage
|
||||||
email: charlie@charliedrage.com
|
email: charlie@charliedrage.com
|
||||||
@@ -26,25 +27,25 @@ maintainers:
|
|||||||
email: konrad.lother@novum-rgi.de
|
email: konrad.lother@novum-rgi.de
|
||||||
- name: Lucas Hahn
|
- name: Lucas Hahn
|
||||||
email: lucas.hahn@novum-rgi.de
|
email: lucas.hahn@novum-rgi.de
|
||||||
- name: Steven Kriegler
|
|
||||||
email: sk.bunsenbrenner@gmail.com
|
|
||||||
- name: Patrick Schratz
|
|
||||||
email: patrick.schratz@gmail.com
|
|
||||||
|
|
||||||
# Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details
|
|
||||||
dependencies:
|
dependencies:
|
||||||
# https://github.com/bitnami/charts/blob/main/bitnami/postgresql
|
# https://github.com/bitnami/charts/blob/main/bitnami/postgresql
|
||||||
- name: postgresql
|
- name: postgresql
|
||||||
repository: oci://registry-1.docker.io/bitnamicharts
|
repository: oci://registry-1.docker.io/bitnamicharts
|
||||||
version: 12.12.10
|
version: 16.7.21
|
||||||
condition: postgresql.enabled
|
condition: postgresql.enabled
|
||||||
# https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml
|
# https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml
|
||||||
- name: postgresql-ha
|
- name: postgresql-ha
|
||||||
repository: oci://registry-1.docker.io/bitnamicharts
|
repository: oci://registry-1.docker.io/bitnamicharts
|
||||||
version: 11.9.4
|
version: 16.0.22
|
||||||
condition: postgresql-ha.enabled
|
condition: postgresql-ha.enabled
|
||||||
# https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml
|
# https://github.com/bitnami/charts/blob/main/bitnami/valkey-cluster/Chart.yaml
|
||||||
- name: redis-cluster
|
- name: valkey-cluster
|
||||||
repository: oci://registry-1.docker.io/bitnamicharts
|
repository: oci://registry-1.docker.io/bitnamicharts
|
||||||
version: 9.1.3
|
version: 3.0.18
|
||||||
condition: redis-cluster.enabled
|
condition: valkey-cluster.enabled
|
||||||
|
# https://github.com/bitnami/charts/blob/main/bitnami/valkey/Chart.yaml
|
||||||
|
- name: valkey
|
||||||
|
repository: oci://registry-1.docker.io/bitnamicharts
|
||||||
|
version: 3.0.22
|
||||||
|
condition: valkey.enabled
|
||||||
|
13
Makefile
13
Makefile
@@ -1,3 +1,5 @@
|
|||||||
|
SHELL := /usr/bin/env bash -O globstar
|
||||||
|
|
||||||
.PHONY: prepare-environment
|
.PHONY: prepare-environment
|
||||||
prepare-environment:
|
prepare-environment:
|
||||||
npm install
|
npm install
|
||||||
@@ -8,8 +10,15 @@ readme: prepare-environment
|
|||||||
npm run readme:lint
|
npm run readme:lint
|
||||||
|
|
||||||
.PHONY: unittests
|
.PHONY: unittests
|
||||||
unittests:
|
unittests: unittests-helm unittests-bash
|
||||||
helm unittest --strict -f 'unittests/**/*.yaml' ./
|
|
||||||
|
.PHONY: unittests-helm
|
||||||
|
unittests-helm:
|
||||||
|
helm unittest --strict -f 'unittests/helm/**/*.yaml' -f 'unittests/helm/values-conflicting-checks.yaml' ./
|
||||||
|
|
||||||
|
.PHONY: unittests-bash
|
||||||
|
unittests-bash:
|
||||||
|
./unittests/bash/bats/bin/bats --pretty ./unittests/bash/tests/**/*.bats
|
||||||
|
|
||||||
.PHONY: helm
|
.PHONY: helm
|
||||||
update-helm-dependencies:
|
update-helm-dependencies:
|
||||||
|
349
README.md
349
README.md
@@ -3,14 +3,19 @@
|
|||||||
- [Introduction](#introduction)
|
- [Introduction](#introduction)
|
||||||
- [Update and versioning policy](#update-and-versioning-policy)
|
- [Update and versioning policy](#update-and-versioning-policy)
|
||||||
- [Dependencies](#dependencies)
|
- [Dependencies](#dependencies)
|
||||||
|
- [HA Dependencies](#ha-dependencies)
|
||||||
|
- [Non-HA Dependencies](#non-ha-dependencies)
|
||||||
|
- [Dependency Versioning](#dependency-versioning)
|
||||||
- [Installing](#installing)
|
- [Installing](#installing)
|
||||||
- [High Availability](#high-availability)
|
- [High Availability](#high-availability)
|
||||||
|
- [Limit resources](#limit-resources)
|
||||||
- [Configuration](#configuration)
|
- [Configuration](#configuration)
|
||||||
- [Default Configuration](#default-configuration)
|
- [Default Configuration](#default-configuration)
|
||||||
- [Database defaults](#database-defaults)
|
- [Database defaults](#database-defaults)
|
||||||
- [Server defaults](#server-defaults)
|
- [Server defaults](#server-defaults)
|
||||||
- [Metrics defaults](#metrics-defaults)
|
- [Metrics defaults](#metrics-defaults)
|
||||||
- [Rootless Defaults](#rootless-defaults)
|
- [Rootless Defaults](#rootless-defaults)
|
||||||
|
- [Session, Cache and Queue](#session-cache-and-queue)
|
||||||
- [Single-Pod Configurations](#single-pod-configurations)
|
- [Single-Pod Configurations](#single-pod-configurations)
|
||||||
- [Additional _app.ini_ settings](#additional-appini-settings)
|
- [Additional _app.ini_ settings](#additional-appini-settings)
|
||||||
- [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini)
|
- [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini)
|
||||||
@@ -26,7 +31,9 @@
|
|||||||
- [OAuth2 Settings](#oauth2-settings)
|
- [OAuth2 Settings](#oauth2-settings)
|
||||||
- [Configure commit signing](#configure-commit-signing)
|
- [Configure commit signing](#configure-commit-signing)
|
||||||
- [Metrics and profiling](#metrics-and-profiling)
|
- [Metrics and profiling](#metrics-and-profiling)
|
||||||
|
- [Secure Metrics Endpoint](#secure-metrics-endpoint)
|
||||||
- [Pod annotations](#pod-annotations)
|
- [Pod annotations](#pod-annotations)
|
||||||
|
- [TLS certificate rotation](#tls-certificate-rotation)
|
||||||
- [Themes](#themes)
|
- [Themes](#themes)
|
||||||
- [Renovate](#renovate)
|
- [Renovate](#renovate)
|
||||||
- [Parameters](#parameters)
|
- [Parameters](#parameters)
|
||||||
@@ -45,8 +52,9 @@
|
|||||||
- [LivenessProbe](#livenessprobe)
|
- [LivenessProbe](#livenessprobe)
|
||||||
- [ReadinessProbe](#readinessprobe)
|
- [ReadinessProbe](#readinessprobe)
|
||||||
- [StartupProbe](#startupprobe)
|
- [StartupProbe](#startupprobe)
|
||||||
- [redis-cluster](#redis-cluster)
|
- [valkey-cluster](#valkey-cluster)
|
||||||
- [PostgreSQL-ha](#postgresql-ha)
|
- [valkey](#valkey)
|
||||||
|
- [PostgreSQL HA](#postgresql-ha)
|
||||||
- [PostgreSQL](#postgresql)
|
- [PostgreSQL](#postgresql)
|
||||||
- [Advanced](#advanced)
|
- [Advanced](#advanced)
|
||||||
- [Contributing](#contributing)
|
- [Contributing](#contributing)
|
||||||
@@ -55,6 +63,8 @@
|
|||||||
[Gitea](https://gitea.com) is a community managed lightweight code hosting solution written in Go.
|
[Gitea](https://gitea.com) is a community managed lightweight code hosting solution written in Go.
|
||||||
It is published under the MIT license.
|
It is published under the MIT license.
|
||||||
|
|
||||||
|
> :warning: This chart is currently unmaintained and in desperate need of a new maintainer. If you want to apply as a maintainer, please comment on [#916](https://gitea.com/gitea/helm-gitea/issues/916)
|
||||||
|
|
||||||
## Introduction
|
## Introduction
|
||||||
|
|
||||||
This helm chart has taken some inspiration from [jfelten's helm chart](https://github.com/jfelten/gitea-helm-chart).
|
This helm chart has taken some inspiration from [jfelten's helm chart](https://github.com/jfelten/gitea-helm-chart).
|
||||||
@@ -64,7 +74,7 @@ Additionally, this chart allows to provide LDAP and admin user configuration wit
|
|||||||
## Update and versioning policy
|
## Update and versioning policy
|
||||||
|
|
||||||
The Gitea helm chart versioning does not follow Gitea's versioning.
|
The Gitea helm chart versioning does not follow Gitea's versioning.
|
||||||
The latest chart version can be looked up in [https://dl.gitea.com/charts](https://dl.gitea.com/charts) or in the [repository releases](https://gitea.com/gitea/helm-chart/releases).
|
The latest chart version can be looked up in [https://dl.gitea.com/charts](https://dl.gitea.com/charts) or in the [repository releases](https://gitea.com/gitea/helm-gitea/releases).
|
||||||
|
|
||||||
The chart aims to follow Gitea's releases closely.
|
The chart aims to follow Gitea's releases closely.
|
||||||
There might be times when the chart is behind the latest Gitea release.
|
There might be times when the chart is behind the latest Gitea release.
|
||||||
@@ -79,13 +89,44 @@ Yet most often no issues will be encountered and the chart maintainers aim to co
|
|||||||
|
|
||||||
## Dependencies
|
## Dependencies
|
||||||
|
|
||||||
Gitea can be run with an external database and cache.
|
Gitea is most performant when run with an external database and cache.
|
||||||
This chart provides those dependencies, which can be enabled, or disabled via configuration.
|
This chart provides those dependencies via sub-charts.
|
||||||
|
Users can also configure their own external providers via the configuration.
|
||||||
|
|
||||||
Dependencies:
|
### HA Dependencies
|
||||||
|
|
||||||
- PostgreSQL HA ([configuration](#postgresql))
|
These dependencies are enabled by default:
|
||||||
- Redis Cluster ([configuration](#cache))
|
|
||||||
|
- PostgreSQL HA ([Bitnami PostgreSQL-HA](https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml))
|
||||||
|
- Valkey-Cluster ([Bitnami Valkey-Cluster](https://github.com/bitnami/charts/blob/main/bitnami/valkey-cluster/Chart.yaml))
|
||||||
|
|
||||||
|
### Non-HA Dependencies
|
||||||
|
|
||||||
|
Alternatively, the following non-HA replacements are available:
|
||||||
|
|
||||||
|
- PostgreSQL ([Bitnami PostgreSQL](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml))
|
||||||
|
- Valkey ([Bitnami Valkey](https://github.com/bitnami/charts/blob/main/bitnami/valkey/Chart.yaml))
|
||||||
|
|
||||||
|
### Dependency Versioning
|
||||||
|
|
||||||
|
Updates of sub-charts will be incorporated into the Gitea chart as they are released.
|
||||||
|
The reasoning behind this is that new users of the chart will start with the most recent sub-chart dependency versions.
|
||||||
|
|
||||||
|
**Note** If you want to stay on an older appVersion of a sub-chart dependency (e.g. PostgreSQL), you need to override the image tag in your `values.yaml` file.
|
||||||
|
In fact, we recommend to do so right from the start to be independent of major sub-chart dependency changes as they are released.
|
||||||
|
There is no need to update to every new PostgreSQL major version - you can happily skip some and do larger updates when you are ready for them.
|
||||||
|
|
||||||
|
We recommend to use a rolling tag like `:<majorVersion>-debian-<debian major version>` to incorporate minor and patch updates for the respective major version as they are released.
|
||||||
|
Alternatively you can also use a versioning helper tool like [renovate](https://github.com/renovatebot/renovate).
|
||||||
|
|
||||||
|
Please double-check the image repository and available tags in the sub-chart:
|
||||||
|
|
||||||
|
- [PostgreSQL-HA](https://hub.docker.com/r/bitnami/postgresql-repmgr/tags)
|
||||||
|
- [PostgreSQL](https://hub.docker.com/r/bitnami/postgresql/tags)
|
||||||
|
- [Valkey Cluster](https://hub.docker.com/r/bitnami/valkey-cluster/tags)
|
||||||
|
- [Valkey](https://hub.docker.com/r/bitnami/valkey/tags)
|
||||||
|
|
||||||
|
and look up the image tag which fits your needs on Dockerhub.
|
||||||
|
|
||||||
## Installing
|
## Installing
|
||||||
|
|
||||||
@@ -101,6 +142,12 @@ Alternatively, the chart can also be installed from Dockerhub (since v9.6.0)
|
|||||||
helm install gitea oci://registry-1.docker.io/giteacharts/gitea
|
helm install gitea oci://registry-1.docker.io/giteacharts/gitea
|
||||||
```
|
```
|
||||||
|
|
||||||
|
To avoid potential Dockerhub rate limits, the chart can also be installed via [docker.gitea.com](https://blog.gitea.com/docker-registry-update/) (since v9.6.0)
|
||||||
|
|
||||||
|
```sh
|
||||||
|
helm install gitea oci://docker.gitea.com/charts/gitea
|
||||||
|
```
|
||||||
|
|
||||||
When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom of this document for major and breaking changes.
|
When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom of this document for major and breaking changes.
|
||||||
|
|
||||||
## High Availability
|
## High Availability
|
||||||
@@ -111,6 +158,44 @@ Care must be taken for production use as not all implementation details of Gitea
|
|||||||
Deploying a HA-ready Gitea instance requires some effort including using HA-ready dependencies.
|
Deploying a HA-ready Gitea instance requires some effort including using HA-ready dependencies.
|
||||||
See the [HA Setup](docs/ha-setup.md) document for more details.
|
See the [HA Setup](docs/ha-setup.md) document for more details.
|
||||||
|
|
||||||
|
## Limit resources
|
||||||
|
|
||||||
|
If the application is deployed with a CPU resource limit, Prometheus may throw a CPU throttling warning for the
|
||||||
|
application. This has more or less to do with the fact that the application finds the number of CPUs of the host, but
|
||||||
|
cannot use the available CPU time to perform computing operations.
|
||||||
|
|
||||||
|
The application must be informed that despite several CPUs only a part (limit) of the available computing time is
|
||||||
|
available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way
|
||||||
|
of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS
|
||||||
|
rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling.
|
||||||
|
|
||||||
|
Further information about this topic can be found [under this link](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/).
|
||||||
|
|
||||||
|
> [!NOTE]
|
||||||
|
> The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is
|
||||||
|
> not anymore required.
|
||||||
|
>
|
||||||
|
> Please note that a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
deployment:
|
||||||
|
env:
|
||||||
|
# Will be automatically defined!
|
||||||
|
- name: GOMAXPROCS
|
||||||
|
valueFrom:
|
||||||
|
resourceFieldRef:
|
||||||
|
divisor: "1" # Is required for GitDevOps systems like ArgoCD/Flux. Otherwise throw the system a diff error. (k8s-default=1)
|
||||||
|
resource: limits.cpu
|
||||||
|
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 1000m
|
||||||
|
memory: 512Mi
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 512Mi
|
||||||
|
```
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
Gitea offers lots of configuration options.
|
Gitea offers lots of configuration options.
|
||||||
@@ -197,19 +282,31 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us
|
|||||||
|
|
||||||
[see deployment.yaml](./templates/gitea/deployment.yaml) template inside container "env" declarations
|
[see deployment.yaml](./templates/gitea/deployment.yaml) template inside container "env" declarations
|
||||||
|
|
||||||
|
#### Session, Cache and Queue
|
||||||
|
|
||||||
|
The session, cache and queue settings are set to use the built-in Valkey Cluster sub-chart dependency.
|
||||||
|
If Valkey Cluster is disabled, the chart will fall back to the Gitea defaults which use "memory" for `session` and `cache` and "level" for `queue`.
|
||||||
|
|
||||||
|
While these will work and even not cause immediate issues after startup, **they are not recommended for production use**.
|
||||||
|
Reasons being that a single pod will take on all the work for `session` and `cache` tasks in its available memory.
|
||||||
|
It is likely that the pod will run out of memory or will face substantial memory spikes, depending on the workload.
|
||||||
|
External tools such as `valkey-cluster` or `memcached` handle these workloads much better.
|
||||||
|
|
||||||
### Single-Pod Configurations
|
### Single-Pod Configurations
|
||||||
|
|
||||||
If HA is not needed/desired, the following configurations can be used to deploy a single-pod Gitea instance.
|
If HA is not needed/desired, the following configurations can be used to deploy a single-pod Gitea instance.
|
||||||
|
|
||||||
1. For a production-ready single-pod Gitea instance without external dependencies (using the chart dependency `postgresql`):
|
1. For a production-ready single-pod Gitea instance without external dependencies (using the chart dependency `postgresql` and `valkey`):
|
||||||
|
|
||||||
<details>
|
<details>
|
||||||
|
|
||||||
<summary>values.yml</summary>
|
<summary>values.yml</summary>
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
redis-cluster:
|
valkey-cluster:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
valkey:
|
||||||
|
enabled: true
|
||||||
postgresql:
|
postgresql:
|
||||||
enabled: true
|
enabled: true
|
||||||
postgresql-ha:
|
postgresql-ha:
|
||||||
@@ -222,12 +319,6 @@ If HA is not needed/desired, the following configurations can be used to deploy
|
|||||||
config:
|
config:
|
||||||
database:
|
database:
|
||||||
DB_TYPE: postgres
|
DB_TYPE: postgres
|
||||||
session:
|
|
||||||
PROVIDER: db
|
|
||||||
cache:
|
|
||||||
ADAPTER: memory
|
|
||||||
queue:
|
|
||||||
TYPE: level
|
|
||||||
indexer:
|
indexer:
|
||||||
ISSUE_INDEXER_TYPE: bleve
|
ISSUE_INDEXER_TYPE: bleve
|
||||||
REPO_INDEXER_ENABLED: true
|
REPO_INDEXER_ENABLED: true
|
||||||
@@ -245,7 +336,9 @@ If HA is not needed/desired, the following configurations can be used to deploy
|
|||||||
<summary>values.yml</summary>
|
<summary>values.yml</summary>
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
redis-cluster:
|
valkey-cluster:
|
||||||
|
enabled: false
|
||||||
|
valkey:
|
||||||
enabled: false
|
enabled: false
|
||||||
postgresql:
|
postgresql:
|
||||||
enabled: false
|
enabled: false
|
||||||
@@ -376,6 +469,9 @@ gitea:
|
|||||||
|
|
||||||
postgresql:
|
postgresql:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
|
postgresql-ha:
|
||||||
|
enabled: false
|
||||||
```
|
```
|
||||||
|
|
||||||
### Ports and external url
|
### Ports and external url
|
||||||
@@ -440,20 +536,23 @@ and the repository exists.
|
|||||||
```
|
```
|
||||||
|
|
||||||
To solve this problem add the capability `SYS_CHROOT` to the `securityContext`.
|
To solve this problem add the capability `SYS_CHROOT` to the `securityContext`.
|
||||||
More about this issue [here](https://gitea.com/gitea/helm-chart/issues/161).
|
More about this issue [under this link](https://gitea.com/gitea/helm-gitea/issues/161).
|
||||||
|
|
||||||
### Cache
|
### Cache
|
||||||
|
|
||||||
The cache handling is done via `redis-cluster` (via the `bitnami` chart) by default.
|
The cache handling is done via `valkey-cluster` (via the `bitnami` chart) by default.
|
||||||
This deployment is HA-ready but can also be used for single-pod deployments.
|
This deployment is HA-ready but can also be used for single-pod deployments.
|
||||||
By default, 6 replicas are deployed for a working `redis-cluster` deployment.
|
By default, 6 replicas are deployed for a working `valkey-cluster` deployment.
|
||||||
Many cloud providers offer a managed redis service, which can be used instead of the built-in `redis-cluster`.
|
Many cloud providers offer a managed valkey service, which can be used instead of the built-in `valkey-cluster`.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
redis-cluster:
|
valkey-cluster:
|
||||||
enabled: true
|
enabled: true
|
||||||
```
|
```
|
||||||
|
|
||||||
|
⚠️ The valkey charts [do not work well with special characters in the password](https://gitea.com/gitea/helm-chart/issues/690).
|
||||||
|
Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
|
||||||
|
|
||||||
### Persistence
|
### Persistence
|
||||||
|
|
||||||
Gitea will be deployed as a deployment.
|
Gitea will be deployed as a deployment.
|
||||||
@@ -487,7 +586,7 @@ You can interact with the postgres settings as displayed in the following exampl
|
|||||||
postgresql:
|
postgresql:
|
||||||
persistence:
|
persistence:
|
||||||
enabled: true
|
enabled: true
|
||||||
claimName: MyAwesomeGiteaPostgresClaim
|
existingClaim: MyAwesomeGiteaPostgresClaim
|
||||||
```
|
```
|
||||||
|
|
||||||
### Admin User
|
### Admin User
|
||||||
@@ -525,6 +624,20 @@ gitea:
|
|||||||
existingSecret: gitea-admin-secret
|
existingSecret: gitea-admin-secret
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Whether you use the existing Secret or specify a user name and password, there are three modes for how the admin user password is created or set.
|
||||||
|
|
||||||
|
- `keepUpdated` (the default) will set the admin user password, and reset it to the defined value every time the pod is recreated.
|
||||||
|
- `initialOnlyNoReset` will set the admin user password when creating it, but never try to update the password.
|
||||||
|
- `initialOnlyRequireReset` will set the admin user password when creating it, never update it, and require that the password be changed at the initial login.
|
||||||
|
|
||||||
|
These modes can be set like the following:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
gitea:
|
||||||
|
admin:
|
||||||
|
passwordMode: initialOnlyRequireReset
|
||||||
|
```
|
||||||
|
|
||||||
### LDAP Settings
|
### LDAP Settings
|
||||||
|
|
||||||
Like the admin user the LDAP settings can be updated.
|
Like the admin user the LDAP settings can be updated.
|
||||||
@@ -583,7 +696,7 @@ Affected options:
|
|||||||
|
|
||||||
Like the admin user, OAuth2 settings can be updated and disabled but not deleted.
|
Like the admin user, OAuth2 settings can be updated and disabled but not deleted.
|
||||||
Deleting OAuth2 settings has to be done in the ui.
|
Deleting OAuth2 settings has to be done in the ui.
|
||||||
All OAuth2 values, which are documented [here](https://docs.gitea.com/administration/command-line#admin), are
|
All OAuth2 values, which are documented [under this link](https://docs.gitea.com/administration/command-line#admin), are
|
||||||
available.
|
available.
|
||||||
|
|
||||||
Multiple OAuth2 sources can be configured with additional OAuth list items.
|
Multiple OAuth2 sources can be configured with additional OAuth list items.
|
||||||
@@ -628,7 +741,7 @@ gitea:
|
|||||||
|
|
||||||
When using the rootless image the gpg key folder is not persistent by default.
|
When using the rootless image the gpg key folder is not persistent by default.
|
||||||
If you consider using signed commits for internal Gitea activities (e.g. initial commit), you'd need to provide a signing key.
|
If you consider using signed commits for internal Gitea activities (e.g. initial commit), you'd need to provide a signing key.
|
||||||
Prior to [PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be re-imported once the container got replaced by another.
|
Prior to [PR186](https://gitea.com/gitea/helm-gitea/pulls/186), imported keys had to be re-imported once the container got replaced by another.
|
||||||
|
|
||||||
The mentioned PR introduced a new configuration object `signing` allowing you to configure prerequisites for commit signing.
|
The mentioned PR introduced a new configuration object `signing` allowing you to configure prerequisites for commit signing.
|
||||||
By default this section is disabled to maintain backwards compatibility.
|
By default this section is disabled to maintain backwards compatibility.
|
||||||
@@ -682,6 +795,21 @@ gitea:
|
|||||||
ENABLE_PPROF: true
|
ENABLE_PPROF: true
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Secure Metrics Endpoint
|
||||||
|
|
||||||
|
Metrics endpoint `/metrics` can be secured by using `Bearer` token authentication.
|
||||||
|
|
||||||
|
**Note:** Providing non-empty `TOKEN` value will also require authentication for `ServiceMonitor`.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
gitea:
|
||||||
|
metrics:
|
||||||
|
token: "secure-token"
|
||||||
|
enabled: true
|
||||||
|
serviceMonitor:
|
||||||
|
enabled: true
|
||||||
|
```
|
||||||
|
|
||||||
## Pod annotations
|
## Pod annotations
|
||||||
|
|
||||||
Annotations can be added to the Gitea pod.
|
Annotations can be added to the Gitea pod.
|
||||||
@@ -691,6 +819,31 @@ gitea:
|
|||||||
podAnnotations: {}
|
podAnnotations: {}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## TLS certificate rotation
|
||||||
|
|
||||||
|
If Gitea uses TLS certificates that are mounted as a secret in the container file system, Gitea will not automatically apply them when the TLS certificates are rotated.
|
||||||
|
Such a rotation can be for example triggered, when the cert-manager issues new TLS certificates before expiring. Further information is described as GitHub
|
||||||
|
[issue](https://github.com/go-gitea/gitea/issues/27962).
|
||||||
|
|
||||||
|
Until the issue is present, a workaround can be applied.
|
||||||
|
For example stakater's [reloader](https://github.com/stakater/Reloader) controller can be used to trigger a rolling update.
|
||||||
|
The following annotation must be added to instruct the reloader controller to trigger a rolling update, when the mounted `configMaps` and `secrets` have been changed.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
deployment:
|
||||||
|
annotations:
|
||||||
|
reloader.stakater.com/auto: "true"
|
||||||
|
```
|
||||||
|
|
||||||
|
Instead of triggering a rolling update for configMap and secret resources, this action can also be defined for individual items.
|
||||||
|
For example, when the secret named `gitea-tls` is mounted and the reloader controller should only listen for changes of this secret:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
deployment:
|
||||||
|
annotations:
|
||||||
|
secret.reloader.stakater.com/reload: "gitea-tls"
|
||||||
|
```
|
||||||
|
|
||||||
## Themes
|
## Themes
|
||||||
|
|
||||||
Custom themes can be added via k8s secrets and referencing them in `values.yaml`.
|
Custom themes can be added via k8s secrets and referencing them in `values.yaml`.
|
||||||
@@ -792,11 +945,12 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
|
|||||||
### Global
|
### Global
|
||||||
|
|
||||||
| Name | Description | Value |
|
| Name | Description | Value |
|
||||||
| ------------------------- | ------------------------------------------------------------------------- | ----- |
|
| ------------------------- | ---------------------------------------------------------------------------------------------- | ----- |
|
||||||
| `global.imageRegistry` | global image registry override | `""` |
|
| `global.imageRegistry` | global image registry override | `""` |
|
||||||
| `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets` | `[]` |
|
| `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets` | `[]` |
|
||||||
| `global.storageClass` | global storage class override | `""` |
|
| `global.storageClass` | global storage class override | `""` |
|
||||||
| `global.hostAliases` | global hostAliases which will be added to the pod's hosts files | `[]` |
|
| `global.hostAliases` | global hostAliases which will be added to the pod's hosts files | `[]` |
|
||||||
|
| `namespace` | An explicit namespace to deploy Gitea into. Defaults to the release namespace if not specified | `""` |
|
||||||
| `replicaCount` | number of replicas for the deployment | `1` |
|
| `replicaCount` | number of replicas for the deployment | `1` |
|
||||||
|
|
||||||
### strategy
|
### strategy
|
||||||
@@ -811,9 +965,9 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
|
|||||||
### Image
|
### Image
|
||||||
|
|
||||||
| Name | Description | Value |
|
| Name | Description | Value |
|
||||||
| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- |
|
| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------ |
|
||||||
| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` |
|
| `image.registry` | image registry, e.g. gcr.io,docker.io | `docker.gitea.com` |
|
||||||
| `image.repository` | Image to start for this pod | `gitea/gitea` |
|
| `image.repository` | Image to start for this pod | `gitea` |
|
||||||
| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` |
|
| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` |
|
||||||
| `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` |
|
| `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` |
|
||||||
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
|
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
|
||||||
@@ -845,6 +999,8 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
|
|||||||
| `service.http.ipFamilies` | HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). | `nil` |
|
| `service.http.ipFamilies` | HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). | `nil` |
|
||||||
| `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` |
|
| `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` |
|
||||||
| `service.http.annotations` | HTTP service annotations | `{}` |
|
| `service.http.annotations` | HTTP service annotations | `{}` |
|
||||||
|
| `service.http.labels` | HTTP service additional labels | `{}` |
|
||||||
|
| `service.http.loadBalancerClass` | Loadbalancer class | `nil` |
|
||||||
| `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` |
|
| `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` |
|
||||||
| `service.ssh.port` | Port number for ssh traffic | `22` |
|
| `service.ssh.port` | Port number for ssh traffic | `22` |
|
||||||
| `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for deployment is None | `None` |
|
| `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for deployment is None | `None` |
|
||||||
@@ -857,19 +1013,20 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
|
|||||||
| `service.ssh.hostPort` | HostPort for ssh service | `nil` |
|
| `service.ssh.hostPort` | HostPort for ssh service | `nil` |
|
||||||
| `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` |
|
| `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` |
|
||||||
| `service.ssh.annotations` | SSH service annotations | `{}` |
|
| `service.ssh.annotations` | SSH service annotations | `{}` |
|
||||||
|
| `service.ssh.labels` | SSH service additional labels | `{}` |
|
||||||
|
| `service.ssh.loadBalancerClass` | Loadbalancer class | `nil` |
|
||||||
|
|
||||||
### Ingress
|
### Ingress
|
||||||
|
|
||||||
| Name | Description | Value |
|
| Name | Description | Value |
|
||||||
| ------------------------------------ | --------------------------------------------------------------------------- | ----------------- |
|
| -------------------------------- | ------------------------------- | ----------------- |
|
||||||
| `ingress.enabled` | Enable ingress | `false` |
|
| `ingress.enabled` | Enable ingress | `false` |
|
||||||
| `ingress.className` | Ingress class name | `nil` |
|
| `ingress.className` | DEPRECATED: Ingress class name. | `""` |
|
||||||
|
| `ingress.pathType` | Ingress Path Type | `Prefix` |
|
||||||
| `ingress.annotations` | Ingress annotations | `{}` |
|
| `ingress.annotations` | Ingress annotations | `{}` |
|
||||||
| `ingress.hosts[0].host` | Default Ingress host | `git.example.com` |
|
| `ingress.hosts[0].host` | Default Ingress host | `git.example.com` |
|
||||||
| `ingress.hosts[0].paths[0].path` | Default Ingress path | `/` |
|
| `ingress.hosts[0].paths[0].path` | Default Ingress path | `/` |
|
||||||
| `ingress.hosts[0].paths[0].pathType` | Ingress path type | `Prefix` |
|
|
||||||
| `ingress.tls` | Ingress tls settings | `[]` |
|
| `ingress.tls` | Ingress tls settings | `[]` |
|
||||||
| `ingress.apiVersion` | Specify APIVersion of ingress object. Mostly would only be used for argocd. | |
|
|
||||||
|
|
||||||
### deployment
|
### deployment
|
||||||
|
|
||||||
@@ -914,6 +1071,7 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
|
|||||||
| `persistence.storageClass` | Name of the storage class to use | `nil` |
|
| `persistence.storageClass` | Name of the storage class to use | `nil` |
|
||||||
| `persistence.subPath` | Subdirectory of the volume to mount at | `nil` |
|
| `persistence.subPath` | Subdirectory of the volume to mount at | `nil` |
|
||||||
| `persistence.volumeName` | Name of persistent volume in PVC | `""` |
|
| `persistence.volumeName` | Name of persistent volume in PVC | `""` |
|
||||||
|
| `extraContainers` | Additional sidecar containers to run in the pod | `[]` |
|
||||||
| `extraVolumes` | Additional volumes to mount to the Gitea deployment | `[]` |
|
| `extraVolumes` | Additional volumes to mount to the Gitea deployment | `[]` |
|
||||||
| `extraContainerVolumeMounts` | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]` |
|
| `extraContainerVolumeMounts` | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]` |
|
||||||
| `extraInitVolumeMounts` | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. | `[]` |
|
| `extraInitVolumeMounts` | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. | `[]` |
|
||||||
@@ -922,8 +1080,9 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
|
|||||||
### Init
|
### Init
|
||||||
|
|
||||||
| Name | Description | Value |
|
| Name | Description | Value |
|
||||||
| ------------------------------------------ | ------------------------------------------------------------------------------------ | ------- |
|
| ------------------------------------------ | ------------------------------------------------------------------------------------ | ------------ |
|
||||||
| `initPreScript` | Bash shell script copied verbatim to the start of the init-container. | `""` |
|
| `initPreScript` | Bash shell script copied verbatim to the start of the init-container. | `""` |
|
||||||
|
| `initContainersScriptsVolumeMountPath` | Path to mount the scripts consumed from the Secrets | `/usr/sbinx` |
|
||||||
| `initContainers.resources.limits` | initContainers.limits Kubernetes resource limits for init containers | `{}` |
|
| `initContainers.resources.limits` | initContainers.limits Kubernetes resource limits for init containers | `{}` |
|
||||||
| `initContainers.resources.requests.cpu` | initContainers.requests.cpu Kubernetes cpu resource limits for init containers | `100m` |
|
| `initContainers.resources.requests.cpu` | initContainers.requests.cpu Kubernetes cpu resource limits for init containers | `100m` |
|
||||||
| `initContainers.resources.requests.memory` | initContainers.requests.memory Kubernetes memory resource limits for init containers | `128Mi` |
|
| `initContainers.resources.requests.memory` | initContainers.requests.memory Kubernetes memory resource limits for init containers | `128Mi` |
|
||||||
@@ -934,19 +1093,26 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
|
|||||||
| ------------------------ | ----------------------------------------------------------------- | ------------------ |
|
| ------------------------ | ----------------------------------------------------------------- | ------------------ |
|
||||||
| `signing.enabled` | Enable commit/action signing | `false` |
|
| `signing.enabled` | Enable commit/action signing | `false` |
|
||||||
| `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` |
|
| `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` |
|
||||||
| `signing.privateKey` | Inline private gpg key for signed Gitea actions | `""` |
|
| `signing.privateKey` | Inline private gpg key for signed internal Git activity | `""` |
|
||||||
| `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""` |
|
| `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""` |
|
||||||
|
|
||||||
### Gitea
|
### Gitea
|
||||||
|
|
||||||
| Name | Description | Value |
|
| Name | Description | Value |
|
||||||
| -------------------------------------- | ------------------------------------------------------------------------- | -------------------- |
|
| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | -------------------- |
|
||||||
| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` |
|
| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` |
|
||||||
| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` |
|
| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` |
|
||||||
| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` |
|
| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` |
|
||||||
| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` |
|
| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` |
|
||||||
|
| `gitea.admin.passwordMode` | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated | `keepUpdated` |
|
||||||
| `gitea.metrics.enabled` | Enable Gitea metrics | `false` |
|
| `gitea.metrics.enabled` | Enable Gitea metrics | `false` |
|
||||||
| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor | `false` |
|
| `gitea.metrics.token` | used for `bearer` token authentication on metrics endpoint. If not specified or empty metrics endpoint is public. | `nil` |
|
||||||
|
| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor. Requires, that `gitea.metrics.enabled` is also set to true, to enable metrics generally. | `false` |
|
||||||
|
| `gitea.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | `""` |
|
||||||
|
| `gitea.metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` |
|
||||||
|
| `gitea.metrics.serviceMonitor.scheme` | HTTP scheme to use for scraping. For example `http` or `https`. Default is http. | `""` |
|
||||||
|
| `gitea.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. | `""` |
|
||||||
|
| `gitea.metrics.serviceMonitor.tlsConfig` | TLS configuration to use when scraping the metric endpoint by Prometheus. | `{}` |
|
||||||
| `gitea.ldap` | LDAP configuration | `[]` |
|
| `gitea.ldap` | LDAP configuration | `[]` |
|
||||||
| `gitea.oauth` | OAuth configuration | `[]` |
|
| `gitea.oauth` | OAuth configuration | `[]` |
|
||||||
| `gitea.config.server.SSH_PORT` | SSH port for rootlful Gitea image | `22` |
|
| `gitea.config.server.SSH_PORT` | SSH port for rootlful Gitea image | `22` |
|
||||||
@@ -992,20 +1158,36 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
|
|||||||
| `gitea.startupProbe.successThreshold` | Success threshold for startup probe | `1` |
|
| `gitea.startupProbe.successThreshold` | Success threshold for startup probe | `1` |
|
||||||
| `gitea.startupProbe.failureThreshold` | Failure threshold for startup probe | `10` |
|
| `gitea.startupProbe.failureThreshold` | Failure threshold for startup probe | `10` |
|
||||||
|
|
||||||
### redis-cluster
|
### valkey-cluster
|
||||||
|
|
||||||
|
Valkey cluster and [Valkey](#valkey) cannot be enabled at the same time.
|
||||||
|
|
||||||
| Name | Description | Value |
|
| Name | Description | Value |
|
||||||
| -------------------------------- | -------------------------------------------- | ------- |
|
| ------------------------------------- | -------------------------------------------------------------------- | ------- |
|
||||||
| `redis-cluster.enabled` | Enable redis | `true` |
|
| `valkey-cluster.enabled` | Enable valkey cluster | `true` |
|
||||||
| `redis-cluster.usePassword` | Whether to use password authentication | `false` |
|
| `valkey-cluster.usePassword` | Whether to use password authentication | `false` |
|
||||||
| `redis-cluster.cluster.nodes` | Number of redis cluster master nodes | `3` |
|
| `valkey-cluster.usePasswordFiles` | Whether to mount passwords as files instead of environment variables | `false` |
|
||||||
| `redis-cluster.cluster.replicas` | Number of redis cluster master node replicas | `0` |
|
| `valkey-cluster.cluster.nodes` | Number of valkey cluster master nodes | `3` |
|
||||||
|
| `valkey-cluster.cluster.replicas` | Number of valkey cluster master node replicas | `0` |
|
||||||
|
| `valkey-cluster.service.ports.valkey` | Port of Valkey service | `6379` |
|
||||||
|
|
||||||
### PostgreSQL-ha
|
### valkey
|
||||||
|
|
||||||
|
Valkey and [Valkey cluster](#valkey-cluster) cannot be enabled at the same time.
|
||||||
|
|
||||||
|
| Name | Description | Value |
|
||||||
|
| ------------------------------------ | ------------------------------------------- | ------------ |
|
||||||
|
| `valkey.enabled` | Enable valkey standalone or replicated | `false` |
|
||||||
|
| `valkey.architecture` | Whether to use standalone or replication | `standalone` |
|
||||||
|
| `valkey.global.valkey.password` | Required password | `changeme` |
|
||||||
|
| `valkey.master.count` | Number of Valkey master instances to deploy | `1` |
|
||||||
|
| `valkey.master.service.ports.valkey` | Port of Valkey service | `6379` |
|
||||||
|
|
||||||
|
### PostgreSQL HA
|
||||||
|
|
||||||
| Name | Description | Value |
|
| Name | Description | Value |
|
||||||
| ------------------------------------------- | ---------------------------------------------------------------- | ----------- |
|
| ------------------------------------------- | ---------------------------------------------------------------- | ----------- |
|
||||||
| `postgresql-ha.enabled` | Enable PostgreSQL-ha | `true` |
|
| `postgresql-ha.enabled` | Enable PostgreSQL HA | `true` |
|
||||||
| `postgresql-ha.postgresql.password` | Password for the `gitea` user (overrides `auth.password`) | `changeme4` |
|
| `postgresql-ha.postgresql.password` | Password for the `gitea` user (overrides `auth.password`) | `changeme4` |
|
||||||
| `postgresql-ha.global.postgresql.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` |
|
| `postgresql-ha.global.postgresql.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` |
|
||||||
| `postgresql-ha.global.postgresql.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` |
|
| `postgresql-ha.global.postgresql.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` |
|
||||||
@@ -1013,8 +1195,9 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
|
|||||||
| `postgresql-ha.postgresql.repmgrPassword` | Repmgr Password | `changeme2` |
|
| `postgresql-ha.postgresql.repmgrPassword` | Repmgr Password | `changeme2` |
|
||||||
| `postgresql-ha.postgresql.postgresPassword` | postgres Password | `changeme1` |
|
| `postgresql-ha.postgresql.postgresPassword` | postgres Password | `changeme1` |
|
||||||
| `postgresql-ha.pgpool.adminPassword` | pgpool adminPassword | `changeme3` |
|
| `postgresql-ha.pgpool.adminPassword` | pgpool adminPassword | `changeme3` |
|
||||||
|
| `postgresql-ha.pgpool.srCheckPassword` | pgpool srCheckPassword | `changeme4` |
|
||||||
| `postgresql-ha.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` |
|
| `postgresql-ha.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` |
|
||||||
| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL-ha volume | `10Gi` |
|
| `postgresql-ha.persistence.size` | PVC Storage Request for PostgreSQL HA volume | `10Gi` |
|
||||||
|
|
||||||
### PostgreSQL
|
### PostgreSQL
|
||||||
|
|
||||||
@@ -1051,6 +1234,68 @@ If you miss this, blindly upgrading may delete your Postgres instance and you ma
|
|||||||
|
|
||||||
<details>
|
<details>
|
||||||
|
|
||||||
|
<summary>To 12.0.0</summary>
|
||||||
|
|
||||||
|
<!-- prettier-ignore-start -->
|
||||||
|
<!-- markdownlint-disable-next-line -->
|
||||||
|
**Breaking changes**
|
||||||
|
<!-- prettier-ignore-end -->
|
||||||
|
|
||||||
|
- Outsourced "Actions" related configuration.
|
||||||
|
To deploy and use "Actions", please see the new dedicated chart at <https://gitea.com/gitea/helm-actions>.
|
||||||
|
It is maintained by a seperate maintainer group and hasn't seen a release yet (at the time of the 12.0 release).
|
||||||
|
Feel encouraged to contribute if "Actions" is important to you!
|
||||||
|
|
||||||
|
This change was made to avoid overloading the existing helm chart, which is already quite large in size and configuration options.
|
||||||
|
In addition, the existing maintainers team was not actively using "Actions" which slowed down development and community contributions.
|
||||||
|
While the new chart is still young (and waiting for contributions! and maintainers), we believe that it is the best way moving forward for both parts.
|
||||||
|
- Migrated from Redis/Redis-cluster to Valkey/Valkey-cluster charts (#775).
|
||||||
|
While marked as breaking, there is no need to migrate data.
|
||||||
|
The cache will start to refill automatically.
|
||||||
|
- Migrated ingress from `networking.k8s.io/v1beta` to `networking.k8s.io/v1`.
|
||||||
|
We didn't make any changes to the syntax, so the upgrade should be seamless.
|
||||||
|
|
||||||
|
</details>
|
||||||
|
|
||||||
|
<details>
|
||||||
|
|
||||||
|
<summary>To 11.0.0</summary>
|
||||||
|
|
||||||
|
<!-- prettier-ignore-start -->
|
||||||
|
<!-- markdownlint-disable-next-line -->
|
||||||
|
**Breaking changes**
|
||||||
|
<!-- prettier-ignore-end -->
|
||||||
|
|
||||||
|
- Update Gitea to 1.23.x (review the [1.23 release blog post](https://blog.gitea.com/release-of-1.23.0/) for all application breaking changes)
|
||||||
|
- Update PostgreSQL sub-chart dependencies to appVersion 17.x
|
||||||
|
- Update Redis sub-chart to version 20.x (appVersion 7.4)
|
||||||
|
Although there are no breaking changes in the Redis Chart itself, it updates Redis from `7.2` to `7.4`. We recommend checking the release notes:
|
||||||
|
- [Redis Chart release notes (starting with v20.0.0)](https://github.com/bitnami/charts/blob/HEAD/bitnami/redis/CHANGELOG.md#2000-2024-08-09).
|
||||||
|
- [Redis 7.4 release notes](https://raw.githubusercontent.com/redis/redis/7.4/00-RELEASENOTES).
|
||||||
|
- Update Redis Cluster sub-chart to version 11.x (appVersion 7.4)
|
||||||
|
Although there are no breaking changes in the Redis Chart itself, it updates Redis from `7.2` to `7.4`. We recommend checking the release notes:
|
||||||
|
- [Redis Chart release notes (starting with v11.0.0)](https://github.com/bitnami/charts/blob/HEAD/bitnami/redis-cluster/CHANGELOG.md#1100-2024-08-09).
|
||||||
|
- [Redis 7.4 release notes](https://raw.githubusercontent.com/redis/redis/7.4/00-RELEASENOTES).
|
||||||
|
</details>
|
||||||
|
|
||||||
|
<details>
|
||||||
|
|
||||||
|
<summary>To 10.0.0</summary>
|
||||||
|
|
||||||
|
<!-- prettier-ignore-start -->
|
||||||
|
<!-- markdownlint-disable-next-line -->
|
||||||
|
**Breaking changes**
|
||||||
|
<!-- prettier-ignore-end -->
|
||||||
|
|
||||||
|
- Update PostgreSQL sub-chart dependencies to appVersion 16.x
|
||||||
|
- Update to sub-charts versioning approach: Users are encouraged to pin the version tag of the sub-chart dependencies to a major appVersion.
|
||||||
|
This avoids issues during chart upgrades and allows to incorporate new sub-chart versions as they are released.
|
||||||
|
Please see the new [README section describing the versioning approach for sub-chart versions](#dependency-versioning).
|
||||||
|
|
||||||
|
</details>
|
||||||
|
|
||||||
|
<details>
|
||||||
|
|
||||||
<summary>To 9.6.0</summary>
|
<summary>To 9.6.0</summary>
|
||||||
|
|
||||||
Chart 9.6.0 ships with Gitea 1.21.0.
|
Chart 9.6.0 ships with Gitea 1.21.0.
|
||||||
@@ -1101,23 +1346,23 @@ The first item here (`<memcache service name>`) will be different compared to th
|
|||||||
The above changes are motivated by the idea to tidy dependencies but also have HA-ready ones at the same time.
|
The above changes are motivated by the idea to tidy dependencies but also have HA-ready ones at the same time.
|
||||||
The previous `memcache` default was not HA-ready, hence we decided to switch to `redis-cluster` by default.
|
The previous `memcache` default was not HA-ready, hence we decided to switch to `redis-cluster` by default.
|
||||||
|
|
||||||
If you are coming from an existing deployment and [#356](https://gitea.com/gitea/helm-chart/issues/356) is still open, you need to set the config sections for `cache`, `session` and `queue` explicitly:
|
If you are coming from an existing deployment and [#356](https://gitea.com/gitea/helm-gitea/issues/356) is still open, you need to set the config sections for `cache`, `session` and `queue` explicitly:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
gitea:
|
gitea:
|
||||||
config:
|
config:
|
||||||
session:
|
session:
|
||||||
PROVIDER: redis-cluster
|
PROVIDER: redis-cluster
|
||||||
PROVIDER_CONFIG: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
PROVIDER_CONFIG: redis+cluster://:gitea@gitea-valkey-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||||
|
|
||||||
cache:
|
cache:
|
||||||
ENABLED: true
|
ENABLED: true
|
||||||
ADAPTER: redis-cluster
|
ADAPTER: redis-cluster
|
||||||
HOST: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
HOST: redis+cluster://:gitea@gitea-valkey-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||||
|
|
||||||
queue:
|
queue:
|
||||||
TYPE: redis
|
TYPE: redis
|
||||||
CONN_STR: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
CONN_STR: redis+cluster://:gitea@gitea-valkey-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||||
```
|
```
|
||||||
|
|
||||||
<!-- prettier-ignore-start -->
|
<!-- prettier-ignore-start -->
|
||||||
@@ -1126,7 +1371,7 @@ gitea:
|
|||||||
<!-- prettier-ignore-end -->
|
<!-- prettier-ignore-end -->
|
||||||
|
|
||||||
If you are facing errors like `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED` due to this automatic transition:
|
If you are facing errors like `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED` due to this automatic transition:
|
||||||
Have a look at [this discussion](https://gitea.com/gitea/helm-chart/issues/487#issue-220660) and either set `image.rootless: false` or manually update your `~/.ssh/known_hosts` file(s).
|
Have a look at [this discussion](https://gitea.com/gitea/helm-gitea/issues/487#issue-220660) and either set `image.rootless: false` or manually update your `~/.ssh/known_hosts` file(s).
|
||||||
|
|
||||||
<!-- prettier-ignore-start -->
|
<!-- prettier-ignore-start -->
|
||||||
<!-- markdownlint-disable-next-line -->
|
<!-- markdownlint-disable-next-line -->
|
||||||
@@ -1182,7 +1427,7 @@ With respect to `values.yaml`, parameters `username`, `database` and `password`
|
|||||||
Please adjust your `values.yaml` accordingly.
|
Please adjust your `values.yaml` accordingly.
|
||||||
|
|
||||||
**Attention**: The Postgres upgrade is not automatically handled by the chart and must be done by yourself.
|
**Attention**: The Postgres upgrade is not automatically handled by the chart and must be done by yourself.
|
||||||
See [this comment](https://gitea.com/gitea/helm-chart/issues/452#issuecomment-740885) for an extensive walkthrough.
|
See [this comment](https://gitea.com/gitea/helm-gitea/issues/452#issuecomment-740885) for an extensive walkthrough.
|
||||||
We again highly encourage users to use an external (managed) database for production instances.
|
We again highly encourage users to use an external (managed) database for production instances.
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
@@ -25,7 +25,7 @@ In addition, the following components are required for full HA-readiness:
|
|||||||
|
|
||||||
- A HA-ready issue (and optionally code) indexer: `elasticsearch` or `meilisearch`
|
- A HA-ready issue (and optionally code) indexer: `elasticsearch` or `meilisearch`
|
||||||
- A HA-ready external object/asset storage (`minio`) (optional, assets can also be stored on the RWX file-system)
|
- A HA-ready external object/asset storage (`minio`) (optional, assets can also be stored on the RWX file-system)
|
||||||
- A HA-ready cache (`redis-cluster`)
|
- A HA-ready cache (`valkey-cluster`)
|
||||||
- A HA-ready DB
|
- A HA-ready DB
|
||||||
|
|
||||||
`postgres.enabled`, which default to `true`, must be set to `false` for a HA setup.
|
`postgres.enabled`, which default to `true`, must be set to `false` for a HA setup.
|
||||||
@@ -72,33 +72,33 @@ persistence:
|
|||||||
|
|
||||||
## Cache, session and queue
|
## Cache, session and queue
|
||||||
|
|
||||||
A `redis` instance is required for the in-memory cache.
|
A `valkey` instance is required for the in-memory cache.
|
||||||
Two options exist:
|
Two options exist:
|
||||||
|
|
||||||
- `redis`
|
- `valkey`
|
||||||
- `redis-cluster`
|
- `valkey-cluster`
|
||||||
|
|
||||||
The chart provides `redis-cluster` as a dependency as this one can be used for both HA and non-HA setups.
|
The chart provides `valkey-cluster` as a dependency as this one can be used for both HA and non-HA setups.
|
||||||
You're also welcome to go with `redis` if you prefer or already have a running instance.
|
You're also welcome to go with `valkey` if you prefer or already have a running instance.
|
||||||
|
|
||||||
It should be noted that `redis-cluster` support is only available starting with Gitea 1.19.2.
|
It should be noted that `valkey-cluster` support is only available starting with Gitea 1.19.2.
|
||||||
You can also configure an external (managed) `redis` instance to be used.
|
You can also configure an external (managed) `valkey` instance to be used.
|
||||||
To do so, you need to set the following configuration values yourself:
|
To do so, you need to set the following configuration values yourself:
|
||||||
|
|
||||||
- `gitea.config.queue.TYPE`: redis`
|
- `gitea.config.queue.TYPE`: valkey`
|
||||||
- `gitea.config.queue.CONN_STR`: `<your redis connection string>`
|
- `gitea.config.queue.CONN_STR`: `<your valkey connection string>`
|
||||||
|
|
||||||
- `gitea.config.session.PROVIDER`: `redis`
|
- `gitea.config.session.PROVIDER`: `valkey`
|
||||||
- `gitea.config.session.PROVIDER_CONFIG`: `<your redis connection string>`
|
- `gitea.config.session.PROVIDER_CONFIG`: `<your valkey connection string>`
|
||||||
|
|
||||||
- `gitea.config.cache.ENABLED`: `true`
|
- `gitea.config.cache.ENABLED`: `true`
|
||||||
- `gitea.config.cache.ADAPTER`: `redis`
|
- `gitea.config.cache.ADAPTER`: `valkey`
|
||||||
- `gitea.config.cache.HOST`: `<your redis connection string>`
|
- `gitea.config.cache.HOST`: `<your valkey connection string>`
|
||||||
|
|
||||||
By default, the `redis-cluster` chart provisions three standalone master nodes of which each has a single replica.
|
By default, the `valkey-cluster` chart provisions three standalone master nodes of which each has a single replica.
|
||||||
To reduce the number of pods for a default Gitea deployment, we opted to omit the replicas (`replicas: 0`) by default.
|
To reduce the number of pods for a default Gitea deployment, we opted to omit the replicas (`replicas: 0`) by default.
|
||||||
Only the minimum required number of master pods for a functional `redis-cluster` deployment are provisioned.
|
Only the minimum required number of master pods for a functional `valkey-cluster` deployment are provisioned.
|
||||||
For a "proper" `redis-cluster` setup however, we recommend to set `replicas: 1` and `nodes: 6`.
|
For a "proper" `valkey-cluster` setup however, we recommend to set `replicas: 1` and `nodes: 6`.
|
||||||
|
|
||||||
## Object and asset storage
|
## Object and asset storage
|
||||||
|
|
||||||
|
1127
package-lock.json
generated
1127
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
@@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "gitea-helm-chart",
|
"name": "gitea-helm",
|
||||||
"homepage": "https://gitea.com/gitea/helm-chart.git",
|
"homepage": "https://gitea.com/gitea/helm-gitea.git",
|
||||||
"license": "MIT",
|
"license": "MIT",
|
||||||
"private": true,
|
"private": true,
|
||||||
"engineStrict": true,
|
"engineStrict": true,
|
||||||
@@ -14,6 +14,6 @@
|
|||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"@bitnami/readme-generator-for-helm": "^2.5.0",
|
"@bitnami/readme-generator-for-helm": "^2.5.0",
|
||||||
"markdownlint-cli": "^0.37.0"
|
"markdownlint-cli": "^0.45.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
103
renovate.json5
103
renovate.json5
@@ -6,28 +6,119 @@
|
|||||||
'schedule:automergeDaily',
|
'schedule:automergeDaily',
|
||||||
'schedule:weekends',
|
'schedule:weekends',
|
||||||
],
|
],
|
||||||
labels: ['kind/dependency'],
|
labels: [
|
||||||
|
'kind/dependency',
|
||||||
|
],
|
||||||
|
digest: {
|
||||||
|
automerge: true,
|
||||||
|
},
|
||||||
automergeStrategy: 'squash',
|
automergeStrategy: 'squash',
|
||||||
|
'git-submodules': {
|
||||||
|
enabled: true,
|
||||||
|
},
|
||||||
customManagers: [
|
customManagers: [
|
||||||
{
|
{
|
||||||
description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions',
|
description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions',
|
||||||
customType: 'regex',
|
customType: 'regex',
|
||||||
fileMatch: ['.gitea/workflows/.+\\.ya?ml$'],
|
managerFilePatterns: [
|
||||||
|
'/.gitea/workflows/.+\\.ya?ml$/',
|
||||||
|
],
|
||||||
matchStrings: [
|
matchStrings: [
|
||||||
'# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?<currentValue>.+?)["\']?\\s',
|
'# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?<currentValue>.+?)["\']?\\s',
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
description: 'Detect helm-unittest yaml schema file',
|
||||||
|
customType: 'regex',
|
||||||
|
managerFilePatterns: [
|
||||||
|
'/.vscode/settings\\.json$/',
|
||||||
|
],
|
||||||
|
matchStrings: [
|
||||||
|
'https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json',
|
||||||
|
],
|
||||||
|
datasourceTemplate: 'github-releases',
|
||||||
|
},
|
||||||
|
{
|
||||||
|
description: 'Automatically detect new Gitea releases',
|
||||||
|
customType: 'regex',
|
||||||
|
managerFilePatterns: [
|
||||||
|
'/(^|/)Chart\\.yaml$/',
|
||||||
|
],
|
||||||
|
matchStrings: [
|
||||||
|
'# renovate datasource=(?<datasource>\\S+) depName=(?<depName>\\S+) extractVersion=(?<extractVersion>\\S+)\\nappVersion:\\s?(?<currentValue>\\S+)\\n',
|
||||||
|
],
|
||||||
|
},
|
||||||
],
|
],
|
||||||
packageRules: [
|
packageRules: [
|
||||||
{
|
{
|
||||||
groupName: 'subcharts (minor & patch)',
|
groupName: 'subcharts (minor & patch)',
|
||||||
matchManagers: ['helmv3'],
|
matchManagers: [
|
||||||
matchUpdateTypes: ['minor', 'patch', 'digest'],
|
'helmv3',
|
||||||
|
],
|
||||||
|
matchUpdateTypes: [
|
||||||
|
'minor',
|
||||||
|
'patch',
|
||||||
|
'digest',
|
||||||
|
],
|
||||||
|
},
|
||||||
|
{
|
||||||
|
groupName: 'bats testing framework',
|
||||||
|
matchManagers: [
|
||||||
|
'git-submodules',
|
||||||
|
],
|
||||||
|
matchUpdateTypes: [
|
||||||
|
'minor',
|
||||||
|
'patch',
|
||||||
|
'digest',
|
||||||
|
],
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
groupName: 'workflow dependencies (minor & patch)',
|
groupName: 'workflow dependencies (minor & patch)',
|
||||||
matchManagers: ['github-actions', 'npm', 'regex'],
|
matchManagers: [
|
||||||
matchUpdateTypes: ['minor', 'patch', 'digest'],
|
'github-actions',
|
||||||
|
'npm',
|
||||||
|
'custom.regex',
|
||||||
|
],
|
||||||
|
matchUpdateTypes: [
|
||||||
|
'minor',
|
||||||
|
'patch',
|
||||||
|
'digest',
|
||||||
|
],
|
||||||
|
matchFileNames: [
|
||||||
|
'!Chart.yaml',
|
||||||
|
],
|
||||||
|
},
|
||||||
|
{
|
||||||
|
description: 'Update README.md on changes in values.yaml',
|
||||||
|
matchManagers: [
|
||||||
|
'helm-values',
|
||||||
|
],
|
||||||
|
postUpgradeTasks: {
|
||||||
|
commands: [
|
||||||
|
'install-tool node',
|
||||||
|
'make readme',
|
||||||
|
],
|
||||||
|
fileFilters: [
|
||||||
|
'README.md',
|
||||||
|
],
|
||||||
|
executionMode: 'update',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
description: 'Override changelog url for Helm image, to have release notes in our PRs',
|
||||||
|
matchDepNames: [
|
||||||
|
'alpine/helm',
|
||||||
|
],
|
||||||
|
changelogUrl: 'https://github.com/helm/helm',
|
||||||
|
},
|
||||||
|
{
|
||||||
|
description: 'Bump Gitea as fast as possible - not only on weekends',
|
||||||
|
matchDepNames: [
|
||||||
|
'go-gitea/gitea',
|
||||||
|
],
|
||||||
|
schedule: [
|
||||||
|
'at any time',
|
||||||
|
],
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
}
|
}
|
||||||
|
43
scripts/act_runner/token.sh
Executable file
43
scripts/act_runner/token.sh
Executable file
@@ -0,0 +1,43 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -eu
|
||||||
|
|
||||||
|
timeout_delay=15
|
||||||
|
|
||||||
|
check_token() {
|
||||||
|
set +e
|
||||||
|
|
||||||
|
echo "Checking for existing token..."
|
||||||
|
token="$(kubectl get secret "$SECRET_NAME" -o jsonpath="{.data['token']}" 2> /dev/null)"
|
||||||
|
[ $? -ne 0 ] && return 1
|
||||||
|
[ -z "$token" ] && return 2
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
create_token() {
|
||||||
|
echo "Waiting for new token to be generated..."
|
||||||
|
begin=$(date +%s)
|
||||||
|
end=$((begin + timeout_delay))
|
||||||
|
while true; do
|
||||||
|
[ -f /data/actions/token ] && return 0
|
||||||
|
[ "$(date +%s)" -gt $end ] && return 1
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
store_token() {
|
||||||
|
echo "Storing the token in Kubernetes secret..."
|
||||||
|
kubectl patch secret "$SECRET_NAME" -p "{\"data\":{\"token\":\"$(base64 /data/actions/token | tr -d '\n')\"}}"
|
||||||
|
}
|
||||||
|
|
||||||
|
if check_token; then
|
||||||
|
echo "Key already in place, exiting."
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! create_token; then
|
||||||
|
echo "Checking for an existing act runner token in secret $SECRET_NAME timed out after $timeout_delay"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
store_token
|
154
scripts/init-containers/config/config_environment.sh
Executable file
154
scripts/init-containers/config/config_environment.sh
Executable file
@@ -0,0 +1,154 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
function env2ini::log() {
|
||||||
|
printf "${1}\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
function env2ini::read_config_to_env() {
|
||||||
|
local section="${1}"
|
||||||
|
local line="${2}"
|
||||||
|
|
||||||
|
if [[ -z "${line}" ]]; then
|
||||||
|
# skip empty line
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
# 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line
|
||||||
|
local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)"
|
||||||
|
|
||||||
|
if [[ -z "${setting}" ]]; then
|
||||||
|
env2ini::log ' ! invalid setting'
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
local value=''
|
||||||
|
local regex="^${setting}(\s*)=(\s*)(.*)"
|
||||||
|
if [[ $line =~ $regex ]]; then
|
||||||
|
value="${BASH_REMATCH[3]}"
|
||||||
|
else
|
||||||
|
env2ini::log ' ! invalid setting'
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
env2ini::log " + '${setting}'"
|
||||||
|
|
||||||
|
if [[ -z "${section}" ]]; then
|
||||||
|
export "GITEA____${setting^^}=${value}" # '^^' makes the variable content uppercase
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
local masked_section="${section//./_0X2E_}" # '//' instructs to replace all matches
|
||||||
|
masked_section="${masked_section//-/_0X2D_}"
|
||||||
|
|
||||||
|
export "GITEA__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase
|
||||||
|
}
|
||||||
|
|
||||||
|
function env2ini::reload_preset_envs() {
|
||||||
|
env2ini::log "Reloading preset envs..."
|
||||||
|
|
||||||
|
while read -r line; do
|
||||||
|
if [[ -z "${line}" ]]; then
|
||||||
|
# skip empty line
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
# 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line
|
||||||
|
local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)"
|
||||||
|
|
||||||
|
if [[ -z "${setting}" ]]; then
|
||||||
|
env2ini::log ' ! invalid setting'
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
local value=''
|
||||||
|
local regex="^${setting}(\s*)=(\s*)(.*)"
|
||||||
|
if [[ $line =~ $regex ]]; then
|
||||||
|
value="${BASH_REMATCH[3]}"
|
||||||
|
else
|
||||||
|
env2ini::log ' ! invalid setting'
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
env2ini::log " + '${setting}'"
|
||||||
|
|
||||||
|
export "${setting^^}=${value}" # '^^' makes the variable content uppercase
|
||||||
|
done < "$TMP_EXISTING_ENVS_FILE"
|
||||||
|
|
||||||
|
rm $TMP_EXISTING_ENVS_FILE
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function env2ini::process_config_file() {
|
||||||
|
local config_file="${1}"
|
||||||
|
local section="$(basename "${config_file}")"
|
||||||
|
|
||||||
|
if [[ $section == '_generals_' ]]; then
|
||||||
|
env2ini::log " [ini root]"
|
||||||
|
section=''
|
||||||
|
else
|
||||||
|
env2ini::log " ${section}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
while read -r line; do
|
||||||
|
env2ini::read_config_to_env "${section}" "${line}"
|
||||||
|
done < <(awk 1 "${config_file}") # Helm .toYaml trims the trailing new line which breaks line processing; awk 1 ... adds it back while reading
|
||||||
|
}
|
||||||
|
|
||||||
|
function env2ini::load_config_sources() {
|
||||||
|
local path="${1}"
|
||||||
|
|
||||||
|
if [[ -d "${path}" ]]; then
|
||||||
|
env2ini::log "Processing $(basename "${path}")..."
|
||||||
|
|
||||||
|
while read -d '' configFile; do
|
||||||
|
env2ini::process_config_file "${configFile}"
|
||||||
|
done < <(find "${path}" -type l -not -name '..data' -print0)
|
||||||
|
|
||||||
|
env2ini::log "\n"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function env2ini::generate_initial_secrets() {
|
||||||
|
# These environment variables will either be
|
||||||
|
# - overwritten with user defined values,
|
||||||
|
# - initially used to set up Gitea
|
||||||
|
# Anyway, they won't harm existing app.ini files
|
||||||
|
|
||||||
|
export GITEA__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
|
||||||
|
export GITEA__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
|
||||||
|
export GITEA__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)
|
||||||
|
export GITEA__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET)
|
||||||
|
|
||||||
|
env2ini::log "...Initial secrets generated\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
# save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs
|
||||||
|
env | (grep -e '^GITEA__' || [[ $? == 1 ]]) > $TMP_EXISTING_ENVS_FILE
|
||||||
|
|
||||||
|
# MUST BE CALLED BEFORE OTHER CONFIGURATION
|
||||||
|
env2ini::generate_initial_secrets
|
||||||
|
|
||||||
|
env2ini::load_config_sources "$ENV_TO_INI_MOUNT_POINT/inlines/"
|
||||||
|
env2ini::load_config_sources "$ENV_TO_INI_MOUNT_POINT/additionals/"
|
||||||
|
|
||||||
|
# load existing envs to override auto generated envs
|
||||||
|
env2ini::reload_preset_envs
|
||||||
|
|
||||||
|
env2ini::log "=== All configuration sources loaded ===\n"
|
||||||
|
|
||||||
|
# safety to prevent rewrite of secret keys if an app.ini already exists
|
||||||
|
if [ -f ${GITEA_APP_INI} ]; then
|
||||||
|
env2ini::log 'An app.ini file already exists. To prevent overwriting secret keys, these settings are dropped and remain unchanged:'
|
||||||
|
env2ini::log ' - security.INTERNAL_TOKEN'
|
||||||
|
env2ini::log ' - security.SECRET_KEY'
|
||||||
|
env2ini::log ' - oauth2.JWT_SECRET'
|
||||||
|
env2ini::log ' - server.LFS_JWT_SECRET'
|
||||||
|
|
||||||
|
unset GITEA__SECURITY__INTERNAL_TOKEN
|
||||||
|
unset GITEA__SECURITY__SECRET_KEY
|
||||||
|
unset GITEA__OAUTH2__JWT_SECRET
|
||||||
|
unset GITEA__SERVER__LFS_JWT_SECRET
|
||||||
|
fi
|
||||||
|
|
||||||
|
environment-to-ini -o $GITEA_APP_INI
|
4
scripts/init-containers/init/configure_gpg_environment.sh
Executable file
4
scripts/init-containers/init/configure_gpg_environment.sh
Executable file
@@ -0,0 +1,4 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
set -eu
|
||||||
|
|
||||||
|
gpg --batch --import "$TMP_RAW_GPG_KEY"
|
@@ -18,3 +18,19 @@
|
|||||||
echo "Visit http://127.0.0.1:{{ .Values.service.http.port }} to use your application"
|
echo "Visit http://127.0.0.1:{{ .Values.service.http.port }} to use your application"
|
||||||
kubectl --namespace {{ .Release.Namespace }} port-forward svc/{{ .Release.Name }}-http {{ .Values.service.http.port }}:{{ .Values.service.http.port }}
|
kubectl --namespace {{ .Release.Namespace }} port-forward svc/{{ .Release.Name }}-http {{ .Values.service.http.port }}:{{ .Values.service.http.port }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- $warnings := list -}}
|
||||||
|
{{- if eq (get .Values.gitea.config.cache "ADAPTER") "memory" -}}
|
||||||
|
{{- $warnings = append $warnings "Gitea uses 'memory' for caching which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#cache-cache for available options." -}}
|
||||||
|
{{- end }}
|
||||||
|
{{- if eq (get .Values.gitea.config.queue "TYPE") "level" -}}
|
||||||
|
{{- $warnings = append $warnings "Gitea uses 'leveldb' for queue actions which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#queue-queue-and-queue for available options." -}}
|
||||||
|
{{- end }}
|
||||||
|
{{- if eq (get .Values.gitea.config.session "PROVIDER") "memory" -}}
|
||||||
|
{{- $warnings = append $warnings "Gitea uses 'memory' for sessions which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#session-session for available options." -}}
|
||||||
|
{{- end }}
|
||||||
|
{{- if gt (len $warnings) 0 }}
|
||||||
|
2. Review these warnings:
|
||||||
|
{{- range $warnings }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
@@ -3,26 +3,6 @@
|
|||||||
Expand the name of the chart.
|
Expand the name of the chart.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
{{- /* multiple replicas assertions */ -}}
|
|
||||||
{{- if gt .Values.replicaCount 1.0 -}}
|
|
||||||
{{- fail "When using multiple replicas, a RWX file system is required" -}}
|
|
||||||
{{- if eq (get (.Values.persistence.accessModes 0) "ReadWriteOnce") -}}
|
|
||||||
{{- fail "When using multiple replicas, a RWX file system is required" -}}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}}
|
|
||||||
{{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if and (eq .Values.gitea.config.indexer.REPO_INDEXER_TYPE "bleve") (eq .Values.gitea.config.indexer.REPO_INDEXER_ENABLED "true") -}}
|
|
||||||
{{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}}
|
|
||||||
{{- (printf "DEBUG: When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'") | fail -}}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- define "gitea.name" -}}
|
{{- define "gitea.name" -}}
|
||||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
@@ -45,6 +25,13 @@ If release name contains chart name it will be used as a full name.
|
|||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a default worker name.
|
||||||
|
*/}}
|
||||||
|
{{- define "gitea.workername" -}}
|
||||||
|
{{- printf "%s-%s" .global.Release.Name .worker | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{/*
|
{{/*
|
||||||
Create chart name and version as used by the chart label.
|
Create chart name and version as used by the chart label.
|
||||||
*/}}
|
*/}}
|
||||||
@@ -60,7 +47,7 @@ Create image name and tag used by the deployment.
|
|||||||
{{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}}
|
{{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}}
|
||||||
{{- $repository := .Values.image.repository -}}
|
{{- $repository := .Values.image.repository -}}
|
||||||
{{- $separator := ":" -}}
|
{{- $separator := ":" -}}
|
||||||
{{- $tag := .Values.image.tag | default .Chart.AppVersion -}}
|
{{- $tag := .Values.image.tag | default .Chart.AppVersion | toString -}}
|
||||||
{{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}}
|
{{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}}
|
||||||
{{- $digest := "" -}}
|
{{- $digest := "" -}}
|
||||||
{{- if .Values.image.digest }}
|
{{- if .Values.image.digest }}
|
||||||
@@ -94,7 +81,7 @@ imagePullSecrets:
|
|||||||
Storage Class
|
Storage Class
|
||||||
*/}}
|
*/}}
|
||||||
{{- define "gitea.persistence.storageClass" -}}
|
{{- define "gitea.persistence.storageClass" -}}
|
||||||
{{- $storageClass := .Values.global.storageClass | default .Values.persistence.storageClass }}
|
{{- $storageClass := (tpl ( default "" .Values.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }}
|
||||||
{{- if $storageClass }}
|
{{- if $storageClass }}
|
||||||
storageClassName: {{ $storageClass | quote }}
|
storageClassName: {{ $storageClass | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
@@ -112,6 +99,15 @@ version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
|
|||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "gitea.labels.actRunner" -}}
|
||||||
|
helm.sh/chart: {{ include "gitea.chart" . }}
|
||||||
|
app: {{ include "gitea.name" . }}-act-runner
|
||||||
|
{{ include "gitea.selectorLabels.actRunner" . }}
|
||||||
|
app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
|
||||||
|
version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{/*
|
{{/*
|
||||||
Selector labels
|
Selector labels
|
||||||
*/}}
|
*/}}
|
||||||
@@ -120,6 +116,11 @@ app.kubernetes.io/name: {{ include "gitea.name" . }}
|
|||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "gitea.selectorLabels.actRunner" -}}
|
||||||
|
app.kubernetes.io/name: {{ include "gitea.name" . }}-act-runner
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{- define "postgresql-ha.dns" -}}
|
{{- define "postgresql-ha.dns" -}}
|
||||||
{{- if (index .Values "postgresql-ha").enabled -}}
|
{{- if (index .Values "postgresql-ha").enabled -}}
|
||||||
{{- printf "%s-postgresql-ha-pgpool.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}}
|
{{- printf "%s-postgresql-ha-pgpool.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}}
|
||||||
@@ -132,21 +133,29 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
|||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{- define "redis.dns" -}}
|
{{- define "valkey.dns" -}}
|
||||||
{{- if (index .Values "redis-cluster").enabled -}}
|
{{- if and ((index .Values "valkey-cluster").enabled) ((index .Values "valkey").enabled) -}}
|
||||||
{{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}}
|
{{- fail "valkey and valkey-cluster cannot be enabled at the same time. Please only choose one." -}}
|
||||||
|
{{- else if (index .Values "valkey-cluster").enabled -}}
|
||||||
|
{{- printf "redis+cluster://:%s@%s-valkey-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "valkey-cluster").global.valkey.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "valkey-cluster").service.ports.valkey -}}
|
||||||
|
{{- else if (index .Values "valkey").enabled -}}
|
||||||
|
{{- printf "redis://:%s@%s-valkey-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "valkey").global.valkey.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "valkey").master.service.ports.valkey -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{- define "redis.port" -}}
|
{{- define "valkey.port" -}}
|
||||||
{{- if (index .Values "redis-cluster").enabled -}}
|
{{- if (index .Values "valkey-cluster").enabled -}}
|
||||||
{{ (index .Values "redis-cluster").service.ports.redis }}
|
{{ (index .Values "valkey-cluster").service.ports.valkey }}
|
||||||
|
{{- else if (index .Values "valkey").enabled -}}
|
||||||
|
{{ (index .Values "valkey").master.service.ports.valkey }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{- define "redis.servicename" -}}
|
{{- define "valkey.servicename" -}}
|
||||||
{{- if (index .Values "redis-cluster").enabled -}}
|
{{- if (index .Values "valkey-cluster").enabled -}}
|
||||||
{{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
|
{{- printf "%s-valkey-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
|
||||||
|
{{- else if (index .Values "valkey").enabled -}}
|
||||||
|
{{- printf "%s-valkey-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
@@ -275,6 +284,9 @@ https
|
|||||||
{{- if not (hasKey .Values.gitea.config "indexer") -}}
|
{{- if not (hasKey .Values.gitea.config "indexer") -}}
|
||||||
{{- $_ := set .Values.gitea.config "indexer" dict -}}
|
{{- $_ := set .Values.gitea.config "indexer" dict -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
{{- if not (hasKey .Values.gitea.config "actions") -}}
|
||||||
|
{{- $_ := set .Values.gitea.config "actions" dict -}}
|
||||||
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{- define "gitea.inline_configuration.defaults" -}}
|
{{- define "gitea.inline_configuration.defaults" -}}
|
||||||
@@ -290,23 +302,36 @@ https
|
|||||||
{{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
|
{{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
|
||||||
{{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
|
{{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- if (index .Values "redis-cluster").enabled -}}
|
{{- if and (not (hasKey .Values.gitea.config.metrics "TOKEN")) (.Values.gitea.metrics.token) (.Values.gitea.metrics.enabled) -}}
|
||||||
{{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}}
|
{{- $_ := set .Values.gitea.config.metrics "TOKEN" .Values.gitea.metrics.token -}}
|
||||||
{{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}}
|
|
||||||
{{- if not (.Values.gitea.config.cache.HOST) -}}
|
|
||||||
{{- $_ := set .Values.gitea.config.cache "HOST" (include "redis.dns" .) -}}
|
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- /* valkey queue */ -}}
|
||||||
{{- /* redis queue */ -}}
|
{{- if or ((index .Values "valkey-cluster").enabled) ((index .Values "valkey").enabled) -}}
|
||||||
{{- if (index .Values "redis-cluster").enabled -}}
|
|
||||||
{{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}}
|
{{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}}
|
||||||
{{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}}
|
{{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "valkey.dns" .) -}}
|
||||||
{{- end -}}
|
|
||||||
{{- if not (get .Values.gitea.config.session "PROVIDER") -}}
|
|
||||||
{{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}}
|
{{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "valkey.dns" .) -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.cache "HOST" (include "valkey.dns" .) -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- if not (get .Values.gitea.config.session "PROVIDER") -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.session "PROVIDER" "memory" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}}
|
{{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}}
|
||||||
{{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "redis.dns" .) -}}
|
{{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" "" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if not (get .Values.gitea.config.queue "TYPE") -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.queue "TYPE" "level" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if not (get .Values.gitea.config.queue "CONN_STR") -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.queue "CONN_STR" "" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if not (get .Values.gitea.config.cache "ADAPTER") -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.cache "ADAPTER" "memory" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if not (get .Values.gitea.config.cache "HOST") -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.cache "HOST" "" -}}
|
||||||
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}}
|
{{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}}
|
||||||
{{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}}
|
{{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}}
|
||||||
@@ -336,16 +361,18 @@ https
|
|||||||
{{- if not .Values.gitea.config.server.SSH_PORT -}}
|
{{- if not .Values.gitea.config.server.SSH_PORT -}}
|
||||||
{{- $_ := set .Values.gitea.config.server "SSH_PORT" .Values.service.ssh.port -}}
|
{{- $_ := set .Values.gitea.config.server "SSH_PORT" .Values.service.ssh.port -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}}
|
|
||||||
{{- if not .Values.image.rootless -}}
|
|
||||||
{{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}}
|
|
||||||
{{- else -}}
|
|
||||||
{{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" "2222" -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if not (hasKey .Values.gitea.config.server "START_SSH_SERVER") -}}
|
{{- if not (hasKey .Values.gitea.config.server "START_SSH_SERVER") -}}
|
||||||
{{- if .Values.image.rootless -}}
|
{{- if .Values.image.rootless -}}
|
||||||
{{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "true" -}}
|
{{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "true" -}}
|
||||||
|
{{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}}
|
||||||
|
{{- if not .Values.gitea.config.server.SSH_LISTEN_PORT -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_LISTEN_PORT -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "false" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}}
|
{{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}}
|
||||||
@@ -402,3 +429,45 @@ https
|
|||||||
{{- define "gitea.serviceAccountName" -}}
|
{{- define "gitea.serviceAccountName" -}}
|
||||||
{{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }}
|
{{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "ingress.annotations" -}}
|
||||||
|
{{- if .Values.ingress.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{- $tp := typeOf .Values.ingress.annotations }}
|
||||||
|
{{- if eq $tp "string" }}
|
||||||
|
{{- tpl .Values.ingress.annotations . | nindent 4 }}
|
||||||
|
{{- else }}
|
||||||
|
{{- toYaml .Values.ingress.annotations | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "gitea.admin.passwordMode" -}}
|
||||||
|
{{- if has .Values.gitea.admin.passwordMode (tuple "keepUpdated" "initialOnlyNoReset" "initialOnlyRequireReset") -}}
|
||||||
|
{{ .Values.gitea.admin.passwordMode }}
|
||||||
|
{{- else -}}
|
||||||
|
{{ printf "gitea.admin.passwordMode must be set to one of 'keepUpdated', 'initialOnlyNoReset', or 'initialOnlyRequireReset'. Received: '%s'" .Values.gitea.admin.passwordMode | fail }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/* Create a functioning probe object for rendering. Given argument must be either a livenessProbe, readinessProbe, or startupProbe */}}
|
||||||
|
{{- define "gitea.deployment.probe" -}}
|
||||||
|
{{- $probe := unset . "enabled" -}}
|
||||||
|
{{- $probeKeys := keys $probe -}}
|
||||||
|
{{- $containsCustomMethod := false -}}
|
||||||
|
{{- $chartDefaultMethod := "tcpSocket" -}}
|
||||||
|
{{- $nonChartDefaultMethods := list "exec" "httpGet" "grpc" -}}
|
||||||
|
{{- range $probeKeys -}}
|
||||||
|
{{- if has . $nonChartDefaultMethods -}}
|
||||||
|
{{- $containsCustomMethod = true -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if $containsCustomMethod -}}
|
||||||
|
{{- $probe = unset . $chartDefaultMethod -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- toYaml $probe -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "gitea.metrics-secret-name" -}}
|
||||||
|
{{ default (printf "%s-metrics-secret" (include "gitea.fullname" .)) }}
|
||||||
|
{{- end -}}
|
||||||
|
3
templates/gitea/check-actions-not-present.yaml
Normal file
3
templates/gitea/check-actions-not-present.yaml
Normal file
@@ -0,0 +1,3 @@
|
|||||||
|
{{- if .Values.actions -}}
|
||||||
|
{{- fail "The actions sub-chart has been outsourced to a dedicated chart available at https://gitea.com/gitea/helm-actions. For assistance with the migration process, check https://gitea.com/gitea/helm-actions/issues/9." -}}
|
||||||
|
{{- end -}}
|
@@ -2,6 +2,7 @@ apiVersion: v1
|
|||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "gitea.fullname" . }}-inline-config
|
name: {{ include "gitea.fullname" . }}-inline-config
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "gitea.labels" . | nindent 4 }}
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
type: Opaque
|
type: Opaque
|
||||||
@@ -12,10 +13,12 @@ apiVersion: v1
|
|||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "gitea.fullname" . }}
|
name: {{ include "gitea.fullname" . }}
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "gitea.labels" . | nindent 4 }}
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
type: Opaque
|
type: Opaque
|
||||||
stringData:
|
stringData:
|
||||||
|
{{ (.Files.Glob "scripts/init-containers/config/*.sh").AsConfig | indent 2 }}
|
||||||
assertions: |
|
assertions: |
|
||||||
|
|
||||||
{{- /*assert that only one PG dep is enabled */ -}}
|
{{- /*assert that only one PG dep is enabled */ -}}
|
||||||
@@ -24,181 +27,31 @@ stringData:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
{{- /* multiple replicas assertions */ -}}
|
{{- /* multiple replicas assertions */ -}}
|
||||||
{{- if gt .Values.replicaCount 1.0 -}}
|
{{- if gt (.Values.replicaCount | int) 1 -}}
|
||||||
{{- if (get (get .Values.gitea.config "cron.GIT_GC_REPOS") "ENABLED") -}}
|
{{- if .Values.gitea.config.cron -}}
|
||||||
{{- fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." -}}
|
{{- if .Values.gitea.config.cron.GIT_GC_REPOS -}}
|
||||||
|
{{- if eq .Values.gitea.config.cron.GIT_GC_REPOS.ENABLED true -}}
|
||||||
|
{{ fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'gitea.config.cron.GIT_GC_REPOS.enabled = false'." }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
{{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}}
|
{{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}}
|
||||||
{{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}}
|
{{- fail "When using multiple replicas, a RWX file system is required and persistence.accessModes[0] must be set to ReadWriteMany." -}}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.gitea.config.indexer -}}
|
||||||
{{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}}
|
{{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}}
|
||||||
{{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}}
|
{{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.gitea.config.indexer.REPO_INDEXER_TYPE -}}
|
{{- if .Values.gitea.config.indexer.REPO_INDEXER_TYPE -}}
|
||||||
{{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_TYPE") "bleve" -}}
|
{{- if eq .Values.gitea.config.indexer.REPO_INDEXER_TYPE "bleve" -}}
|
||||||
{{- if .Values.gitea.config.indexer.REPO_INDEXER_ENABLED -}}
|
{{- if .Values.gitea.config.indexer.REPO_INDEXER_ENABLED -}}
|
||||||
{{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_ENABLED") "true" -}}
|
{{- if eq .Values.gitea.config.indexer.REPO_INDEXER_ENABLED true -}}
|
||||||
{{- fail "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -}}
|
{{- fail "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -}}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
config_environment.sh: |-
|
|
||||||
#!/usr/bin/env bash
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
function env2ini::log() {
|
|
||||||
printf "${1}\n"
|
|
||||||
}
|
|
||||||
|
|
||||||
function env2ini::read_config_to_env() {
|
|
||||||
local section="${1}"
|
|
||||||
local line="${2}"
|
|
||||||
|
|
||||||
if [[ -z "${line}" ]]; then
|
|
||||||
# skip empty line
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
|
|
||||||
# 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line
|
|
||||||
local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)"
|
|
||||||
|
|
||||||
if [[ -z "${setting}" ]]; then
|
|
||||||
env2ini::log ' ! invalid setting'
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
local value=''
|
|
||||||
local regex="^${setting}(\s*)=(\s*)(.*)"
|
|
||||||
if [[ $line =~ $regex ]]; then
|
|
||||||
value="${BASH_REMATCH[3]}"
|
|
||||||
else
|
|
||||||
env2ini::log ' ! invalid setting'
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
env2ini::log " + '${setting}'"
|
|
||||||
|
|
||||||
if [[ -z "${section}" ]]; then
|
|
||||||
export "GITEA____${setting^^}=${value}" # '^^' makes the variable content uppercase
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
|
|
||||||
local masked_section="${section//./_0X2E_}" # '//' instructs to replace all matches
|
|
||||||
masked_section="${masked_section//-/_0X2D_}"
|
|
||||||
|
|
||||||
export "GITEA__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase
|
|
||||||
}
|
|
||||||
|
|
||||||
function env2ini::reload_preset_envs() {
|
|
||||||
env2ini::log "Reloading preset envs..."
|
|
||||||
|
|
||||||
while read -r line; do
|
|
||||||
if [[ -z "${line}" ]]; then
|
|
||||||
# skip empty line
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
|
|
||||||
# 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line
|
|
||||||
local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)"
|
|
||||||
|
|
||||||
if [[ -z "${setting}" ]]; then
|
|
||||||
env2ini::log ' ! invalid setting'
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
local value=''
|
|
||||||
local regex="^${setting}(\s*)=(\s*)(.*)"
|
|
||||||
if [[ $line =~ $regex ]]; then
|
|
||||||
value="${BASH_REMATCH[3]}"
|
|
||||||
else
|
|
||||||
env2ini::log ' ! invalid setting'
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
env2ini::log " + '${setting}'"
|
|
||||||
|
|
||||||
export "${setting^^}=${value}" # '^^' makes the variable content uppercase
|
|
||||||
done < "/tmp/existing-envs"
|
|
||||||
|
|
||||||
rm /tmp/existing-envs
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
function env2ini::process_config_file() {
|
|
||||||
local config_file="${1}"
|
|
||||||
local section="$(basename "${config_file}")"
|
|
||||||
|
|
||||||
if [[ $section == '_generals_' ]]; then
|
|
||||||
env2ini::log " [ini root]"
|
|
||||||
section=''
|
|
||||||
else
|
|
||||||
env2ini::log " ${section}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
while read -r line; do
|
|
||||||
env2ini::read_config_to_env "${section}" "${line}"
|
|
||||||
done < <(awk 1 "${config_file}") # Helm .toYaml trims the trailing new line which breaks line processing; awk 1 ... adds it back while reading
|
|
||||||
}
|
|
||||||
|
|
||||||
function env2ini::load_config_sources() {
|
|
||||||
local path="${1}"
|
|
||||||
|
|
||||||
if [[ -d "${path}" ]]; then
|
|
||||||
env2ini::log "Processing $(basename "${path}")..."
|
|
||||||
|
|
||||||
while read -d '' configFile; do
|
|
||||||
env2ini::process_config_file "${configFile}"
|
|
||||||
done < <(find "${path}" -type l -not -name '..data' -print0)
|
|
||||||
|
|
||||||
env2ini::log "\n"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
function env2ini::generate_initial_secrets() {
|
|
||||||
# These environment variables will either be
|
|
||||||
# - overwritten with user defined values,
|
|
||||||
# - initially used to set up Gitea
|
|
||||||
# Anyway, they won't harm existing app.ini files
|
|
||||||
|
|
||||||
export GITEA__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
|
|
||||||
export GITEA__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
|
|
||||||
export GITEA__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)
|
|
||||||
export GITEA__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET)
|
|
||||||
|
|
||||||
env2ini::log "...Initial secrets generated\n"
|
|
||||||
}
|
|
||||||
|
|
||||||
# save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs
|
|
||||||
env | (grep GITEA || [[ $? == 1 ]]) > /tmp/existing-envs
|
|
||||||
|
|
||||||
# MUST BE CALLED BEFORE OTHER CONFIGURATION
|
|
||||||
env2ini::generate_initial_secrets
|
|
||||||
|
|
||||||
env2ini::load_config_sources '/env-to-ini-mounts/inlines/'
|
|
||||||
env2ini::load_config_sources '/env-to-ini-mounts/additionals/'
|
|
||||||
|
|
||||||
# load existing envs to override auto generated envs
|
|
||||||
env2ini::reload_preset_envs
|
|
||||||
|
|
||||||
env2ini::log "=== All configuration sources loaded ===\n"
|
|
||||||
|
|
||||||
# safety to prevent rewrite of secret keys if an app.ini already exists
|
|
||||||
if [ -f ${GITEA_APP_INI} ]; then
|
|
||||||
env2ini::log 'An app.ini file already exists. To prevent overwriting secret keys, these settings are dropped and remain unchanged:'
|
|
||||||
env2ini::log ' - security.INTERNAL_TOKEN'
|
|
||||||
env2ini::log ' - security.SECRET_KEY'
|
|
||||||
env2ini::log ' - oauth2.JWT_SECRET'
|
|
||||||
env2ini::log ' - server.LFS_JWT_SECRET'
|
|
||||||
|
|
||||||
unset GITEA__SECURITY__INTERNAL_TOKEN
|
|
||||||
unset GITEA__SECURITY__SECRET_KEY
|
|
||||||
unset GITEA__OAUTH2__JWT_SECRET
|
|
||||||
unset GITEA__SERVER__LFS_JWT_SECRET
|
|
||||||
fi
|
|
||||||
|
|
||||||
environment-to-ini -o $GITEA_APP_INI
|
|
||||||
|
@@ -2,12 +2,16 @@ apiVersion: apps/v1
|
|||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "gitea.fullname" . }}
|
name: {{ include "gitea.fullname" . }}
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
annotations:
|
annotations:
|
||||||
{{- if .Values.deployment.annotations }}
|
{{- if .Values.deployment.annotations }}
|
||||||
{{- toYaml .Values.deployment.annotations | nindent 4 }}
|
{{- toYaml .Values.deployment.annotations | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "gitea.labels" . | nindent 4 }}
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
|
{{- if .Values.deployment.labels }}
|
||||||
|
{{- toYaml .Values.deployment.labels | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
spec:
|
spec:
|
||||||
replicas: {{ .Values.replicaCount }}
|
replicas: {{ .Values.replicaCount }}
|
||||||
strategy:
|
strategy:
|
||||||
@@ -58,7 +62,8 @@ spec:
|
|||||||
- name: init-directories
|
- name: init-directories
|
||||||
image: "{{ include "gitea.image" . }}"
|
image: "{{ include "gitea.image" . }}"
|
||||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||||
command: ["/usr/sbin/init_directory_structure.sh"]
|
command:
|
||||||
|
- "{{ .Values.initContainersScriptsVolumeMountPath }}/init_directory_structure.sh"
|
||||||
env:
|
env:
|
||||||
- name: GITEA_APP_INI
|
- name: GITEA_APP_INI
|
||||||
value: /data/gitea/conf/app.ini
|
value: /data/gitea/conf/app.ini
|
||||||
@@ -77,7 +82,7 @@ spec:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: init
|
- name: init
|
||||||
mountPath: /usr/sbin
|
mountPath: {{ .Values.initContainersScriptsVolumeMountPath }}
|
||||||
- name: temp
|
- name: temp
|
||||||
mountPath: /tmp
|
mountPath: /tmp
|
||||||
- name: data
|
- name: data
|
||||||
@@ -93,7 +98,8 @@ spec:
|
|||||||
- name: init-app-ini
|
- name: init-app-ini
|
||||||
image: "{{ include "gitea.image" . }}"
|
image: "{{ include "gitea.image" . }}"
|
||||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||||
command: ["/usr/sbin/config_environment.sh"]
|
command:
|
||||||
|
- "{{ .Values.initContainersScriptsVolumeMountPath }}/config_environment.sh"
|
||||||
env:
|
env:
|
||||||
- name: GITEA_APP_INI
|
- name: GITEA_APP_INI
|
||||||
value: /data/gitea/conf/app.ini
|
value: /data/gitea/conf/app.ini
|
||||||
@@ -103,15 +109,19 @@ spec:
|
|||||||
value: /data
|
value: /data
|
||||||
- name: GITEA_TEMP
|
- name: GITEA_TEMP
|
||||||
value: /tmp/gitea
|
value: /tmp/gitea
|
||||||
|
- name: TMP_EXISTING_ENVS_FILE
|
||||||
|
value: /tmp/existing-envs
|
||||||
|
- name: ENV_TO_INI_MOUNT_POINT
|
||||||
|
value: /env-to-ini-mounts
|
||||||
{{- if .Values.deployment.env }}
|
{{- if .Values.deployment.env }}
|
||||||
{{- toYaml .Values.deployment.env | nindent 12 }}
|
{{- toYaml .Values.deployment.env | nindent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.gitea.additionalConfigFromEnvs }}
|
{{- if .Values.gitea.additionalConfigFromEnvs }}
|
||||||
{{- toYaml .Values.gitea.additionalConfigFromEnvs | nindent 12 }}
|
{{- tpl (toYaml .Values.gitea.additionalConfigFromEnvs) $ | nindent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: config
|
- name: config
|
||||||
mountPath: /usr/sbin
|
mountPath: {{ .Values.initContainersScriptsVolumeMountPath }}
|
||||||
- name: temp
|
- name: temp
|
||||||
mountPath: /tmp
|
mountPath: /tmp
|
||||||
- name: data
|
- name: data
|
||||||
@@ -133,7 +143,8 @@ spec:
|
|||||||
{{- if .Values.signing.enabled }}
|
{{- if .Values.signing.enabled }}
|
||||||
- name: configure-gpg
|
- name: configure-gpg
|
||||||
image: "{{ include "gitea.image" . }}"
|
image: "{{ include "gitea.image" . }}"
|
||||||
command: ["/usr/sbin/configure_gpg_environment.sh"]
|
command:
|
||||||
|
- "{{ .Values.initContainersScriptsVolumeMountPath }}/configure_gpg_environment.sh"
|
||||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||||
securityContext:
|
securityContext:
|
||||||
{{- /* By default this container runs as user 1000 unless otherwise stated */ -}}
|
{{- /* By default this container runs as user 1000 unless otherwise stated */ -}}
|
||||||
@@ -145,9 +156,11 @@ spec:
|
|||||||
env:
|
env:
|
||||||
- name: GNUPGHOME
|
- name: GNUPGHOME
|
||||||
value: {{ .Values.signing.gpgHome }}
|
value: {{ .Values.signing.gpgHome }}
|
||||||
|
- name: TMP_RAW_GPG_KEY
|
||||||
|
value: /raw/private.asc
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: init
|
- name: init
|
||||||
mountPath: /usr/sbin
|
mountPath: {{ .Values.initContainersScriptsVolumeMountPath }}
|
||||||
- name: data
|
- name: data
|
||||||
mountPath: /data
|
mountPath: /data
|
||||||
{{- if .Values.persistence.subPath }}
|
{{- if .Values.persistence.subPath }}
|
||||||
@@ -164,7 +177,8 @@ spec:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
- name: configure-gitea
|
- name: configure-gitea
|
||||||
image: "{{ include "gitea.image" . }}"
|
image: "{{ include "gitea.image" . }}"
|
||||||
command: ["/usr/sbin/configure_gitea.sh"]
|
command:
|
||||||
|
- "{{ .Values.initContainersScriptsVolumeMountPath }}/configure_gitea.sh"
|
||||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||||
securityContext:
|
securityContext:
|
||||||
{{- /* By default this container runs as user 1000 unless otherwise stated */ -}}
|
{{- /* By default this container runs as user 1000 unless otherwise stated */ -}}
|
||||||
@@ -240,12 +254,14 @@ spec:
|
|||||||
- name: GITEA_ADMIN_PASSWORD
|
- name: GITEA_ADMIN_PASSWORD
|
||||||
value: {{ .Values.gitea.admin.password | quote }}
|
value: {{ .Values.gitea.admin.password | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
- name: GITEA_ADMIN_PASSWORD_MODE
|
||||||
|
value: {{ include "gitea.admin.passwordMode" $ }}
|
||||||
{{- if .Values.deployment.env }}
|
{{- if .Values.deployment.env }}
|
||||||
{{- toYaml .Values.deployment.env | nindent 12 }}
|
{{- toYaml .Values.deployment.env | nindent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: init
|
- name: init
|
||||||
mountPath: /usr/sbin
|
mountPath: {{ .Values.initContainersScriptsVolumeMountPath }}
|
||||||
- name: temp
|
- name: temp
|
||||||
mountPath: /tmp
|
mountPath: /tmp
|
||||||
- name: data
|
- name: data
|
||||||
@@ -279,6 +295,13 @@ spec:
|
|||||||
value: /data
|
value: /data
|
||||||
- name: GITEA_TEMP
|
- name: GITEA_TEMP
|
||||||
value: /tmp/gitea
|
value: /tmp/gitea
|
||||||
|
{{- if and (hasKey .Values.resources "limits") (hasKey .Values.resources.limits "cpu") }}
|
||||||
|
- name: GOMAXPROCS
|
||||||
|
valueFrom:
|
||||||
|
resourceFieldRef:
|
||||||
|
divisor: "1"
|
||||||
|
resource: limits.cpu
|
||||||
|
{{- end }}
|
||||||
- name: TMPDIR
|
- name: TMPDIR
|
||||||
value: /tmp/gitea
|
value: /tmp/gitea
|
||||||
{{- if .Values.image.rootless }}
|
{{- if .Values.image.rootless }}
|
||||||
@@ -306,15 +329,15 @@ spec:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.gitea.livenessProbe.enabled }}
|
{{- if .Values.gitea.livenessProbe.enabled }}
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
{{- toYaml (omit .Values.gitea.livenessProbe "enabled") | nindent 12 }}
|
{{- include "gitea.deployment.probe" .Values.gitea.livenessProbe | nindent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.gitea.readinessProbe.enabled }}
|
{{- if .Values.gitea.readinessProbe.enabled }}
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
{{- toYaml (omit .Values.gitea.readinessProbe "enabled") | nindent 12 }}
|
{{- include "gitea.deployment.probe" .Values.gitea.readinessProbe | nindent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.gitea.startupProbe.enabled }}
|
{{- if .Values.gitea.startupProbe.enabled }}
|
||||||
startupProbe:
|
startupProbe:
|
||||||
{{- toYaml (omit .Values.gitea.startupProbe "enabled") | nindent 12 }}
|
{{- include "gitea.deployment.probe" .Values.gitea.startupProbe | nindent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
resources:
|
resources:
|
||||||
{{- toYaml .Values.resources | nindent 12 }}
|
{{- toYaml .Values.resources | nindent 12 }}
|
||||||
@@ -334,13 +357,16 @@ spec:
|
|||||||
subPath: {{ .Values.persistence.subPath }}
|
subPath: {{ .Values.persistence.subPath }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- include "gitea.container-additional-mounts" . | nindent 12 }}
|
{{- include "gitea.container-additional-mounts" . | nindent 12 }}
|
||||||
|
{{- if .Values.extraContainers }}
|
||||||
|
{{- toYaml .Values.extraContainers | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
{{- with .Values.global.hostAliases }}
|
{{- with .Values.global.hostAliases }}
|
||||||
hostAliases:
|
hostAliases:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with .Values.nodeSelector }}
|
{{- range $key, $value := .Values.nodeSelector }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{ $key }}: {{ $value | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with .Values.affinity }}
|
{{- with .Values.affinity }}
|
||||||
affinity:
|
affinity:
|
||||||
|
@@ -7,6 +7,7 @@ apiVersion: v1
|
|||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "gitea.gpg-key-secret-name" . }}
|
name: {{ include "gitea.gpg-key-secret-name" . }}
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "gitea.labels" . | nindent 4 }}
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
type: Opaque
|
type: Opaque
|
||||||
|
@@ -2,13 +2,21 @@ apiVersion: v1
|
|||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "gitea.fullname" . }}-http
|
name: {{ include "gitea.fullname" . }}-http
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "gitea.labels" . | nindent 4 }}
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
|
{{- if .Values.service.http.labels }}
|
||||||
|
{{- toYaml .Values.service.http.labels | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
annotations:
|
annotations:
|
||||||
{{- toYaml .Values.service.http.annotations | nindent 4 }}
|
{{- toYaml .Values.service.http.annotations | nindent 4 }}
|
||||||
spec:
|
spec:
|
||||||
type: {{ .Values.service.http.type }}
|
type: {{ .Values.service.http.type }}
|
||||||
{{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }}
|
{{- if eq .Values.service.http.type "LoadBalancer" }}
|
||||||
|
{{- if .Values.service.http.loadBalancerClass }}
|
||||||
|
loadBalancerClass: {{ .Values.service.http.loadBalancerClass }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and .Values.service.http.loadBalancerIP }}
|
||||||
loadBalancerIP: {{ .Values.service.http.loadBalancerIP }}
|
loadBalancerIP: {{ .Values.service.http.loadBalancerIP }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.service.http.loadBalancerSourceRanges }}
|
{{- if .Values.service.http.loadBalancerSourceRanges }}
|
||||||
@@ -17,6 +25,7 @@ spec:
|
|||||||
- {{ . }}
|
- {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.service.http.externalIPs }}
|
{{- if .Values.service.http.externalIPs }}
|
||||||
externalIPs:
|
externalIPs:
|
||||||
{{- toYaml .Values.service.http.externalIPs | nindent 4 }}
|
{{- toYaml .Values.service.http.externalIPs | nindent 4 }}
|
||||||
|
@@ -1,18 +1,11 @@
|
|||||||
{{- if .Values.ingress.enabled -}}
|
{{- if .Values.ingress.enabled -}}
|
||||||
{{- $fullName := include "gitea.fullname" . -}}
|
{{- $fullName := include "gitea.fullname" . -}}
|
||||||
{{- $httpPort := .Values.service.http.port -}}
|
{{- $httpPort := .Values.service.http.port -}}
|
||||||
{{- $apiVersion := "extensions/v1beta1" -}}
|
apiVersion: networking.k8s.io/v1
|
||||||
{{- if .Values.ingress.apiVersion -}}
|
|
||||||
{{- $apiVersion = .Values.ingress.apiVersion -}}
|
|
||||||
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}}
|
|
||||||
{{- $apiVersion = "networking.k8s.io/v1" }}
|
|
||||||
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}}
|
|
||||||
{{- $apiVersion = "networking.k8s.io/v1beta1" }}
|
|
||||||
{{- end }}
|
|
||||||
apiVersion: {{ $apiVersion }}
|
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ $fullName }}
|
name: {{ $fullName }}
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "gitea.labels" . | nindent 4 }}
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
annotations:
|
annotations:
|
||||||
@@ -20,9 +13,7 @@ metadata:
|
|||||||
{{ $key }}: {{ $value | quote }}
|
{{ $key }}: {{ $value | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
spec:
|
spec:
|
||||||
{{- if .Values.ingress.className }}
|
ingressClassName: {{ tpl .Values.ingress.className . }}
|
||||||
ingressClassName: {{ .Values.ingress.className }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.ingress.tls }}
|
{{- if .Values.ingress.tls }}
|
||||||
tls:
|
tls:
|
||||||
{{- range .Values.ingress.tls }}
|
{{- range .Values.ingress.tls }}
|
||||||
@@ -38,21 +29,34 @@ spec:
|
|||||||
- host: {{ tpl .host $ | quote }}
|
- host: {{ tpl .host $ | quote }}
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
|
{{- if .paths }}
|
||||||
{{- range .paths }}
|
{{- range .paths }}
|
||||||
- path: {{ .path }}
|
{{- if kindIs "string" . }}
|
||||||
{{- if and .pathType (eq $apiVersion "networking.k8s.io/v1") }}
|
- path: {{ . }}
|
||||||
pathType: {{ .pathType }}
|
pathType: {{ default "Prefix" $.Values.ingress.pathType }}
|
||||||
{{- end }}
|
|
||||||
backend:
|
backend:
|
||||||
{{- if eq $apiVersion "networking.k8s.io/v1" }}
|
|
||||||
service:
|
service:
|
||||||
name: {{ $fullName }}-http
|
name: {{ $fullName }}-http
|
||||||
port:
|
port:
|
||||||
number: {{ $httpPort }}
|
number: {{ $httpPort }}
|
||||||
{{- else }}
|
{{- else }}
|
||||||
serviceName: {{ $fullName }}-http
|
- path: {{ .path | default "/" }}
|
||||||
servicePort: {{ $httpPort }}
|
pathType: {{ .pathType | default "Prefix" }}
|
||||||
{{- end }}
|
backend:
|
||||||
|
service:
|
||||||
|
name: {{ $fullName }}-http
|
||||||
|
port:
|
||||||
|
number: {{ $httpPort }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- else }}
|
||||||
|
- path: "/"
|
||||||
|
pathType: "Prefix"
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: {{ $fullName }}-http
|
||||||
|
port:
|
||||||
|
number: {{ $httpPort }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@@ -2,15 +2,12 @@ apiVersion: v1
|
|||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "gitea.fullname" . }}-init
|
name: {{ include "gitea.fullname" . }}-init
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "gitea.labels" . | nindent 4 }}
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
type: Opaque
|
type: Opaque
|
||||||
stringData:
|
stringData:
|
||||||
configure_gpg_environment.sh: |-
|
{{ (.Files.Glob "scripts/init-containers/init/*.sh").AsConfig | indent 2 }}
|
||||||
#!/usr/bin/env bash
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
gpg --batch --import /raw/private.asc
|
|
||||||
init_directory_structure.sh: |-
|
init_directory_structure.sh: |-
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
@@ -24,27 +21,25 @@ stringData:
|
|||||||
# END: initPreScript
|
# END: initPreScript
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
set -x
|
|
||||||
|
|
||||||
{{- if not .Values.image.rootless }}
|
{{- if not .Values.image.rootless }}
|
||||||
chown 1000:1000 /data
|
chown -v 1000:1000 /data
|
||||||
{{- end }}
|
{{- end }}
|
||||||
mkdir -p /data/git/.ssh
|
mkdir -pv /data/git/.ssh
|
||||||
chmod -R 700 /data/git/.ssh
|
chmod -Rv 700 /data/git/.ssh
|
||||||
[ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
|
[ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf
|
||||||
|
|
||||||
# prepare temp directory structure
|
# prepare temp directory structure
|
||||||
mkdir -p "${GITEA_TEMP}"
|
mkdir -pv "${GITEA_TEMP}"
|
||||||
{{- if not .Values.image.rootless }}
|
{{- if not .Values.image.rootless }}
|
||||||
chown 1000:1000 "${GITEA_TEMP}"
|
chown -v 1000:1000 "${GITEA_TEMP}"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
chmod ug+rwx "${GITEA_TEMP}"
|
chmod -v ug+rwx "${GITEA_TEMP}"
|
||||||
|
|
||||||
{{ if .Values.signing.enabled -}}
|
{{ if .Values.signing.enabled -}}
|
||||||
if [ ! -d "${GNUPGHOME}" ]; then
|
if [ ! -d "${GNUPGHOME}" ]; then
|
||||||
mkdir -p "${GNUPGHOME}"
|
mkdir -pv "${GNUPGHOME}"
|
||||||
chmod 700 "${GNUPGHOME}"
|
chmod -v 700 "${GNUPGHOME}"
|
||||||
chown 1000:1000 "${GNUPGHOME}"
|
chown -v 1000:1000 "${GNUPGHOME}"
|
||||||
fi
|
fi
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
@@ -62,39 +57,80 @@ stringData:
|
|||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
{{- if include "redis.servicename" . }}
|
{{- if include "valkey.servicename" . }}
|
||||||
function test_redis_connection() {
|
function test_valkey_connection() {
|
||||||
local RETRY=0
|
local RETRY=0
|
||||||
local MAX=30
|
local MAX=30
|
||||||
|
|
||||||
echo 'Wait for redis to become avialable...'
|
echo 'Wait for valkey to become avialable...'
|
||||||
until [ "${RETRY}" -ge "${MAX}" ]; do
|
until [ "${RETRY}" -ge "${MAX}" ]; do
|
||||||
nc -vz -w2 {{ include "redis.servicename" . }} {{ include "redis.port" . }} && break
|
nc -vz -w2 {{ include "valkey.servicename" . }} {{ include "valkey.port" . }} && break
|
||||||
RETRY=$[${RETRY}+1]
|
RETRY=$[${RETRY}+1]
|
||||||
echo "...not ready yet (${RETRY}/${MAX})"
|
echo "...not ready yet (${RETRY}/${MAX})"
|
||||||
done
|
done
|
||||||
|
|
||||||
if [ "${RETRY}" -ge "${MAX}" ]; then
|
if [ "${RETRY}" -ge "${MAX}" ]; then
|
||||||
echo "Redis not reachable after '${MAX}' attempts!"
|
echo "Valkey not reachable after '${MAX}' attempts!"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
test_redis_connection
|
test_valkey_connection
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
|
|
||||||
{{- if or .Values.gitea.admin.existingSecret (and .Values.gitea.admin.username .Values.gitea.admin.password) }}
|
{{- if or .Values.gitea.admin.existingSecret (and .Values.gitea.admin.username .Values.gitea.admin.password) }}
|
||||||
function configure_admin_user() {
|
function configure_admin_user() {
|
||||||
local ACCOUNT_ID=$(gitea admin user list --admin | grep -e "\s\+${GITEA_ADMIN_USERNAME}\s\+" | awk -F " " "{printf \$1}")
|
local full_admin_list=$(gitea admin user list --admin)
|
||||||
|
local actual_user_table=''
|
||||||
|
|
||||||
|
# We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line
|
||||||
|
local regex="(.*)(ID\s+Username\s+Email\s+IsActive.*)"
|
||||||
|
if [[ "${full_admin_list}" =~ $regex ]]; then
|
||||||
|
actual_user_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline
|
||||||
|
else
|
||||||
|
# This code block should never be reached, as long as the output table header remains the same.
|
||||||
|
# If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script.
|
||||||
|
|
||||||
|
echo "ERROR: 'configure_admin_user' was not able to determine the current list of admin users."
|
||||||
|
echo " Please review the output of 'gitea admin user list --admin' shown below."
|
||||||
|
echo " If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-gitea/issues."
|
||||||
|
echo "DEBUG: Output of 'gitea admin user list --admin'"
|
||||||
|
echo "--"
|
||||||
|
echo "${full_admin_list}"
|
||||||
|
echo "--"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
local ACCOUNT_ID=$(echo "${actual_user_table}" | grep -E "\s+${GITEA_ADMIN_USERNAME}\s+" | awk -F " " "{printf \$1}")
|
||||||
if [[ -z "${ACCOUNT_ID}" ]]; then
|
if [[ -z "${ACCOUNT_ID}" ]]; then
|
||||||
|
local -a create_args
|
||||||
|
create_args=(--admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }})
|
||||||
|
if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = initialOnlyRequireReset ]]; then
|
||||||
|
create_args+=(--must-change-password=true)
|
||||||
|
else
|
||||||
|
create_args+=(--must-change-password=false)
|
||||||
|
fi
|
||||||
echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..."
|
echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..."
|
||||||
gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }} --must-change-password=false
|
gitea admin user create "${create_args[@]}"
|
||||||
echo '...created.'
|
echo '...created.'
|
||||||
else
|
else
|
||||||
|
if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = keepUpdated ]]; then
|
||||||
echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..."
|
echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..."
|
||||||
gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}"
|
# See https://gitea.com/gitea/helm-gitea/issues/673
|
||||||
|
# --must-change-password argument was added to change-password, defaulting to true, counter to the previous behavior
|
||||||
|
# which acted as if it were provided with =false. If the argument is present in this version of gitea, then we
|
||||||
|
# should add it to prevent requiring frequent admin password resets.
|
||||||
|
local -a change_args
|
||||||
|
change_args=(--username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}")
|
||||||
|
if gitea admin user change-password --help | grep -qF -- '--must-change-password'; then
|
||||||
|
change_args+=(--must-change-password=false)
|
||||||
|
fi
|
||||||
|
gitea admin user change-password "${change_args[@]}"
|
||||||
echo '...password sync done.'
|
echo '...password sync done.'
|
||||||
|
else
|
||||||
|
echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist, but update mode is set to '${GITEA_ADMIN_PASSWORD_MODE}'. Skipping."
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -105,7 +141,28 @@ stringData:
|
|||||||
{{- if .Values.gitea.ldap }}
|
{{- if .Values.gitea.ldap }}
|
||||||
{{- range $idx, $value := .Values.gitea.ldap }}
|
{{- range $idx, $value := .Values.gitea.ldap }}
|
||||||
local LDAP_NAME={{ (printf "%s" $value.name) | squote }}
|
local LDAP_NAME={{ (printf "%s" $value.name) | squote }}
|
||||||
local GITEA_AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " " "{print \$1}")
|
local full_auth_list=$(gitea admin auth list --vertical-bars)
|
||||||
|
local actual_auth_table=''
|
||||||
|
|
||||||
|
# We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line
|
||||||
|
local regex="(.*)(ID\s+\|Name\s+\|Type\s+\|Enabled.*)"
|
||||||
|
if [[ "${full_auth_list}" =~ $regex ]]; then
|
||||||
|
actual_auth_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline
|
||||||
|
else
|
||||||
|
# This code block should never be reached, as long as the output table header remains the same.
|
||||||
|
# If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script.
|
||||||
|
|
||||||
|
echo "ERROR: 'configure_ldap' was not able to determine the current list of authentication sources."
|
||||||
|
echo " Please review the output of 'gitea admin auth list --vertical-bars' shown below."
|
||||||
|
echo " If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-gitea/issues."
|
||||||
|
echo "DEBUG: Output of 'gitea admin auth list --vertical-bars'"
|
||||||
|
echo "--"
|
||||||
|
echo "${full_auth_list}"
|
||||||
|
echo "--"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
local GITEA_AUTH_ID=$(echo "${actual_auth_table}" | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " " "{print \$1}")
|
||||||
|
|
||||||
if [[ -z "${GITEA_AUTH_ID}" ]]; then
|
if [[ -z "${GITEA_AUTH_ID}" ]]; then
|
||||||
echo "No ldap configuration found with name '${LDAP_NAME}'. Installing it now..."
|
echo "No ldap configuration found with name '${LDAP_NAME}'. Installing it now..."
|
||||||
@@ -128,7 +185,28 @@ stringData:
|
|||||||
{{- if .Values.gitea.oauth }}
|
{{- if .Values.gitea.oauth }}
|
||||||
{{- range $idx, $value := .Values.gitea.oauth }}
|
{{- range $idx, $value := .Values.gitea.oauth }}
|
||||||
local OAUTH_NAME={{ (printf "%s" $value.name) | squote }}
|
local OAUTH_NAME={{ (printf "%s" $value.name) | squote }}
|
||||||
local AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}")
|
local full_auth_list=$(gitea admin auth list --vertical-bars)
|
||||||
|
local actual_auth_table=''
|
||||||
|
|
||||||
|
# We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line
|
||||||
|
local regex="(.*)(ID\s+\|Name\s+\|Type\s+\|Enabled.*)"
|
||||||
|
if [[ "${full_auth_list}" =~ $regex ]]; then
|
||||||
|
actual_auth_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline
|
||||||
|
else
|
||||||
|
# This code block should never be reached, as long as the output table header remains the same.
|
||||||
|
# If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script.
|
||||||
|
|
||||||
|
echo "ERROR: 'configure_oauth' was not able to determine the current list of authentication sources."
|
||||||
|
echo " Please review the output of 'gitea admin auth list --vertical-bars' shown below."
|
||||||
|
echo " If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-gitea/issues."
|
||||||
|
echo "DEBUG: Output of 'gitea admin auth list --vertical-bars'"
|
||||||
|
echo "--"
|
||||||
|
echo "${full_auth_list}"
|
||||||
|
echo "--"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
local AUTH_ID=$(echo "${actual_auth_table}" | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}")
|
||||||
|
|
||||||
if [[ -z "${AUTH_ID}" ]]; then
|
if [[ -z "${AUTH_ID}" ]]; then
|
||||||
echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..."
|
echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..."
|
||||||
|
12
templates/gitea/metrics-secret.yaml
Normal file
12
templates/gitea/metrics-secret.yaml
Normal file
@@ -0,0 +1,12 @@
|
|||||||
|
{{- if and (.Values.gitea.metrics.enabled) (.Values.gitea.metrics.serviceMonitor.enabled) (.Values.gitea.metrics.token) -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ include "gitea.metrics-secret-name" . }}
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
token: {{ .Values.gitea.metrics.token | b64enc }}
|
||||||
|
{{- end }}
|
@@ -7,6 +7,7 @@ apiVersion: policy/v1beta1
|
|||||||
kind: PodDisruptionBudget
|
kind: PodDisruptionBudget
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "gitea.fullname" . }}
|
name: {{ include "gitea.fullname" . }}
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "gitea.labels" . | nindent 4 }}
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
spec:
|
spec:
|
||||||
|
@@ -3,20 +3,20 @@ kind: PersistentVolumeClaim
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ .Values.persistence.claimName }}
|
name: {{ .Values.persistence.claimName }}
|
||||||
namespace: {{ $.Release.Namespace }}
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
annotations:
|
annotations:
|
||||||
{{ .Values.persistence.annotations | toYaml | indent 4}}
|
{{ .Values.persistence.annotations | toYaml | indent 4}}
|
||||||
|
labels:
|
||||||
|
{{ .Values.persistence.labels | toYaml | indent 4}}
|
||||||
spec:
|
spec:
|
||||||
accessModes:
|
accessModes:
|
||||||
{{- if gt .Values.replicaCount 1.0 }}
|
{{- if gt (.Values.replicaCount | int) 1 }}
|
||||||
- ReadWriteMany
|
- ReadWriteMany
|
||||||
{{- else }}
|
{{- else }}
|
||||||
{{- .Values.persistence.accessModes | toYaml | nindent 4 }}
|
{{- .Values.persistence.accessModes | toYaml | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
volumeMode: Filesystem
|
volumeMode: Filesystem
|
||||||
{{- if .Values.persistence.storageClass }}
|
{{- include "gitea.persistence.storageClass" . | nindent 2 }}
|
||||||
storageClassName: {{ .Values.persistence.storageClass }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.persistence.volumeName }}
|
{{- with .Values.persistence.volumeName }}
|
||||||
volumeName: {{ . }}
|
volumeName: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@@ -3,7 +3,7 @@ apiVersion: v1
|
|||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "gitea.serviceAccountName" . }}
|
name: {{ include "gitea.serviceAccountName" . }}
|
||||||
namespace: {{ .Release.Namespace | quote }}
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "gitea.labels" . | nindent 4 }}
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
{{- with .Values.serviceAccount.labels }}
|
{{- with .Values.serviceAccount.labels }}
|
||||||
|
@@ -1,8 +1,9 @@
|
|||||||
{{- if .Values.gitea.metrics.serviceMonitor.enabled -}}
|
{{- if and .Values.gitea.metrics.enabled .Values.gitea.metrics.serviceMonitor.enabled -}}
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "gitea.fullname" . }}
|
name: {{ include "gitea.fullname" . }}
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "gitea.labels" . | nindent 4 }}
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
{{- if .Values.gitea.metrics.serviceMonitor.additionalLabels }}
|
{{- if .Values.gitea.metrics.serviceMonitor.additionalLabels }}
|
||||||
@@ -14,4 +15,29 @@ spec:
|
|||||||
{{- include "gitea.selectorLabels" . | nindent 6 }}
|
{{- include "gitea.selectorLabels" . | nindent 6 }}
|
||||||
endpoints:
|
endpoints:
|
||||||
- port: http
|
- port: http
|
||||||
|
{{- if .Values.gitea.metrics.serviceMonitor.interval }}
|
||||||
|
interval: {{ .Values.gitea.metrics.serviceMonitor.interval }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.gitea.metrics.serviceMonitor.relabelings }}
|
||||||
|
relabelings:
|
||||||
|
{{- . | toYaml | nindent 6 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.gitea.metrics.serviceMonitor.scheme }}
|
||||||
|
scheme: {{ .Values.gitea.metrics.serviceMonitor.scheme }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.gitea.metrics.serviceMonitor.scrapeTimeout }}
|
||||||
|
scrapeTimeout: {{ .Values.gitea.metrics.serviceMonitor.scrapeTimeout }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.gitea.metrics.serviceMonitor.tlsConfig }}
|
||||||
|
tlsConfig:
|
||||||
|
{{- . | toYaml | nindent 6 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.gitea.metrics.token }}
|
||||||
|
authorization:
|
||||||
|
type: Bearer
|
||||||
|
credentials:
|
||||||
|
name: {{ include "gitea.metrics-secret-name" . }}
|
||||||
|
key: token
|
||||||
|
optional: false
|
||||||
|
{{- end }}
|
||||||
{{- end -}}
|
{{- end -}}
|
@@ -2,13 +2,20 @@ apiVersion: v1
|
|||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "gitea.fullname" . }}-ssh
|
name: {{ include "gitea.fullname" . }}-ssh
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "gitea.labels" . | nindent 4 }}
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
|
{{- if .Values.service.ssh.labels }}
|
||||||
|
{{- toYaml .Values.service.ssh.labels | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
annotations:
|
annotations:
|
||||||
{{- toYaml .Values.service.ssh.annotations | nindent 4 }}
|
{{- toYaml .Values.service.ssh.annotations | nindent 4 }}
|
||||||
spec:
|
spec:
|
||||||
type: {{ .Values.service.ssh.type }}
|
type: {{ .Values.service.ssh.type }}
|
||||||
{{- if eq .Values.service.ssh.type "LoadBalancer" }}
|
{{- if eq .Values.service.ssh.type "LoadBalancer" }}
|
||||||
|
{{- if .Values.service.ssh.loadBalancerClass }}
|
||||||
|
loadBalancerClass: {{ .Values.service.ssh.loadBalancerClass }}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.service.ssh.loadBalancerIP }}
|
{{- if .Values.service.ssh.loadBalancerIP }}
|
||||||
loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }}
|
loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
@@ -3,6 +3,7 @@ apiVersion: v1
|
|||||||
kind: Pod
|
kind: Pod
|
||||||
metadata:
|
metadata:
|
||||||
name: "{{ include "gitea.fullname" . }}-test-connection"
|
name: "{{ include "gitea.fullname" . }}-test-connection"
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{ include "gitea.labels" . | nindent 4 }}
|
{{ include "gitea.labels" . | nindent 4 }}
|
||||||
annotations:
|
annotations:
|
||||||
|
1
unittests/bash/bats
Submodule
1
unittests/bash/bats
Submodule
Submodule unittests/bash/bats added at 855844b834
1
unittests/bash/test_helper/bats-assert
Submodule
1
unittests/bash/test_helper/bats-assert
Submodule
Submodule unittests/bash/test_helper/bats-assert added at 912a98804e
1
unittests/bash/test_helper/bats-mock
Submodule
1
unittests/bash/test_helper/bats-mock
Submodule
Submodule unittests/bash/test_helper/bats-mock added at a4b1f8e659
1
unittests/bash/test_helper/bats-support
Submodule
1
unittests/bash/test_helper/bats-support
Submodule
Submodule unittests/bash/test_helper/bats-support added at 0ad082d459
7
unittests/bash/test_helper/common-setup.bash
Normal file
7
unittests/bash/test_helper/common-setup.bash
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
function common_setup() {
|
||||||
|
load "$TEST_ROOT/test_helper/bats-support/load"
|
||||||
|
load "$TEST_ROOT/test_helper/bats-assert/load"
|
||||||
|
load "$TEST_ROOT/test_helper/bats-mock/stub"
|
||||||
|
}
|
@@ -0,0 +1,204 @@
|
|||||||
|
#!/usr/bin/env bats
|
||||||
|
|
||||||
|
function setup() {
|
||||||
|
PROJECT_ROOT="$(git rev-parse --show-toplevel)"
|
||||||
|
TEST_ROOT="$PROJECT_ROOT/unittests/bash"
|
||||||
|
load "$TEST_ROOT/test_helper/common-setup"
|
||||||
|
common_setup
|
||||||
|
|
||||||
|
export GITEA_APP_INI="$BATS_TEST_TMPDIR/app.ini"
|
||||||
|
export TMP_EXISTING_ENVS_FILE="$BATS_TEST_TMPDIR/existing-envs"
|
||||||
|
export ENV_TO_INI_MOUNT_POINT="$BATS_TEST_TMPDIR/env-to-ini-mounts"
|
||||||
|
|
||||||
|
stub gitea \
|
||||||
|
"generate secret INTERNAL_TOKEN : echo 'mocked-internal-token'" \
|
||||||
|
"generate secret SECRET_KEY : echo 'mocked-secret-key'" \
|
||||||
|
"generate secret JWT_SECRET : echo 'mocked-jwt-secret'" \
|
||||||
|
"generate secret LFS_JWT_SECRET : echo 'mocked-lfs-jwt-secret'"
|
||||||
|
}
|
||||||
|
|
||||||
|
function teardown() {
|
||||||
|
unstub gitea
|
||||||
|
# This condition exists due to https://github.com/jasonkarns/bats-mock/pull/37 being still open
|
||||||
|
if [ $ENV_TO_INI_EXPECTED -eq 1 ]; then
|
||||||
|
unstub environment-to-ini
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# This function exists due to https://github.com/jasonkarns/bats-mock/pull/37 being still open
|
||||||
|
function expect_environment_to_ini_call() {
|
||||||
|
export ENV_TO_INI_EXPECTED=1
|
||||||
|
stub environment-to-ini \
|
||||||
|
"-o $GITEA_APP_INI : echo 'Stubbed environment-to-ini was called!'"
|
||||||
|
}
|
||||||
|
|
||||||
|
function execute_test_script() {
|
||||||
|
currentEnvsBefore=$(env | sort)
|
||||||
|
source $PROJECT_ROOT/scripts/init-containers/config/config_environment.sh
|
||||||
|
local exitCode=$?
|
||||||
|
currentEnvsAfter=$(env | sort)
|
||||||
|
|
||||||
|
# diff as unified +/- output without context before/after
|
||||||
|
diff --unified=0 <(echo "$currentEnvsBefore") <(echo "$currentEnvsAfter")
|
||||||
|
|
||||||
|
exit $exitCode
|
||||||
|
}
|
||||||
|
|
||||||
|
function write_mounted_file() {
|
||||||
|
# either "inlines" or "additionals"
|
||||||
|
scope="${1}"
|
||||||
|
file="${2}"
|
||||||
|
content="${3}"
|
||||||
|
|
||||||
|
mkdir -p "$ENV_TO_INI_MOUNT_POINT/$scope/..data/"
|
||||||
|
echo "${content}" > "$ENV_TO_INI_MOUNT_POINT/$scope/..data/$file"
|
||||||
|
ln -sf "$ENV_TO_INI_MOUNT_POINT/$scope/..data/$file" "$ENV_TO_INI_MOUNT_POINT/$scope/$file"
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "works as expected when nothing is configured" {
|
||||||
|
expect_environment_to_ini_call
|
||||||
|
run $PROJECT_ROOT/scripts/init-containers/config/config_environment.sh
|
||||||
|
|
||||||
|
assert_success
|
||||||
|
assert_line '...Initial secrets generated'
|
||||||
|
assert_line 'Reloading preset envs...'
|
||||||
|
assert_line '=== All configuration sources loaded ==='
|
||||||
|
assert_line 'Stubbed environment-to-ini was called!'
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "exports initial secrets" {
|
||||||
|
expect_environment_to_ini_call
|
||||||
|
run execute_test_script
|
||||||
|
|
||||||
|
assert_success
|
||||||
|
assert_line '+GITEA__OAUTH2__JWT_SECRET=mocked-jwt-secret'
|
||||||
|
assert_line '+GITEA__SECURITY__INTERNAL_TOKEN=mocked-internal-token'
|
||||||
|
assert_line '+GITEA__SECURITY__SECRET_KEY=mocked-secret-key'
|
||||||
|
assert_line '+GITEA__SERVER__LFS_JWT_SECRET=mocked-lfs-jwt-secret'
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "does NOT export initial secrets when app.ini already exists" {
|
||||||
|
expect_environment_to_ini_call
|
||||||
|
touch $GITEA_APP_INI
|
||||||
|
|
||||||
|
run execute_test_script
|
||||||
|
|
||||||
|
assert_success
|
||||||
|
assert_line --partial 'An app.ini file already exists.'
|
||||||
|
refute_line '+GITEA__OAUTH2__JWT_SECRET=mocked-jwt-secret'
|
||||||
|
refute_line '+GITEA__SECURITY__INTERNAL_TOKEN=mocked-internal-token'
|
||||||
|
refute_line '+GITEA__SECURITY__SECRET_KEY=mocked-secret-key'
|
||||||
|
refute_line '+GITEA__SERVER__LFS_JWT_SECRET=mocked-lfs-jwt-secret'
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "ensures that preset environment variables take precedence over auto-generated ones" {
|
||||||
|
expect_environment_to_ini_call
|
||||||
|
export GITEA__OAUTH2__JWT_SECRET="pre-defined-jwt-secret"
|
||||||
|
|
||||||
|
run execute_test_script
|
||||||
|
|
||||||
|
assert_success
|
||||||
|
refute_line '+GITEA__OAUTH2__JWT_SECRET=mocked-jwt-secret'
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "ensures that preset environment variables take precedence over mounted ones" {
|
||||||
|
expect_environment_to_ini_call
|
||||||
|
export GITEA__OAUTH2__JWT_SECRET="pre-defined-jwt-secret"
|
||||||
|
write_mounted_file "inlines" "oauth2" "$(cat << EOF
|
||||||
|
JWT_SECRET=inline-jwt-secret
|
||||||
|
EOF
|
||||||
|
)"
|
||||||
|
|
||||||
|
run execute_test_script
|
||||||
|
|
||||||
|
assert_success
|
||||||
|
refute_line '+GITEA__OAUTH2__JWT_SECRET=mocked-jwt-secret'
|
||||||
|
refute_line '+GITEA__OAUTH2__JWT_SECRET=inline-jwt-secret'
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "ensures that additionals take precedence over inlines" {
|
||||||
|
expect_environment_to_ini_call
|
||||||
|
write_mounted_file "inlines" "oauth2" "$(cat << EOF
|
||||||
|
JWT_SECRET=inline-jwt-secret
|
||||||
|
EOF
|
||||||
|
)"
|
||||||
|
write_mounted_file "additionals" "oauth2" "$(cat << EOF
|
||||||
|
JWT_SECRET=additional-jwt-secret
|
||||||
|
EOF
|
||||||
|
)"
|
||||||
|
|
||||||
|
run execute_test_script
|
||||||
|
|
||||||
|
assert_success
|
||||||
|
refute_line '+GITEA__OAUTH2__JWT_SECRET=mocked-jwt-secret'
|
||||||
|
refute_line '+GITEA__OAUTH2__JWT_SECRET=inline-jwt-secret'
|
||||||
|
assert_line '+GITEA__OAUTH2__JWT_SECRET=additional-jwt-secret'
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "ensures that dotted/dashed sections are properly masked" {
|
||||||
|
expect_environment_to_ini_call
|
||||||
|
write_mounted_file "inlines" "repository.pull-request" "$(cat << EOF
|
||||||
|
WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]
|
||||||
|
EOF
|
||||||
|
)"
|
||||||
|
|
||||||
|
run execute_test_script
|
||||||
|
|
||||||
|
assert_success
|
||||||
|
assert_line '+GITEA__REPOSITORY_0X2E_PULL_0X2D_REQUEST__WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]'
|
||||||
|
}
|
||||||
|
|
||||||
|
###############################################################
|
||||||
|
##### THIS IS A BUG, BUT I WANT IT TO BE COVERED BY TESTS #####
|
||||||
|
###############################################################
|
||||||
|
@test "ensures uppercase section and setting names (🐞)" {
|
||||||
|
expect_environment_to_ini_call
|
||||||
|
export GITEA__oauth2__JwT_Secret="pre-defined-jwt-secret"
|
||||||
|
write_mounted_file "inlines" "repository.pull-request" "$(cat << EOF
|
||||||
|
WORK_IN_progress_PREFIXES=WIP:,[WIP]
|
||||||
|
EOF
|
||||||
|
)"
|
||||||
|
|
||||||
|
run execute_test_script
|
||||||
|
|
||||||
|
assert_success
|
||||||
|
assert_line '+GITEA__REPOSITORY_0X2E_PULL_0X2D_REQUEST__WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]'
|
||||||
|
assert_line '+GITEA__OAUTH2__JWT_SECRET=pre-defined-jwt-secret'
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "treats top-level configuration as section-less" {
|
||||||
|
expect_environment_to_ini_call
|
||||||
|
write_mounted_file "inlines" "_generals_" "$(cat << EOF
|
||||||
|
APP_NAME=Hello top-level configuration
|
||||||
|
RUN_MODE=dev
|
||||||
|
EOF
|
||||||
|
)"
|
||||||
|
|
||||||
|
run execute_test_script
|
||||||
|
|
||||||
|
assert_success
|
||||||
|
assert_line '+GITEA____APP_NAME=Hello top-level configuration'
|
||||||
|
assert_line '+GITEA____RUN_MODE=dev'
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "fails on invalid setting" {
|
||||||
|
write_mounted_file "inlines" "_generals_" "$(cat << EOF
|
||||||
|
some random invalid string
|
||||||
|
EOF
|
||||||
|
)"
|
||||||
|
|
||||||
|
run execute_test_script
|
||||||
|
|
||||||
|
assert_failure
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "treats empty setting name as invalid setting" {
|
||||||
|
write_mounted_file "inlines" "_generals_" "$(cat << EOF
|
||||||
|
=value
|
||||||
|
EOF
|
||||||
|
)"
|
||||||
|
|
||||||
|
run execute_test_script
|
||||||
|
|
||||||
|
assert_failure
|
||||||
|
}
|
@@ -1,30 +0,0 @@
|
|||||||
suite: config template | database section (postgresql-ha)
|
|
||||||
release:
|
|
||||||
name: gitea-unittests
|
|
||||||
namespace: testing
|
|
||||||
tests:
|
|
||||||
- it: connects to pgpool service
|
|
||||||
template: templates/gitea/config.yaml
|
|
||||||
set:
|
|
||||||
postgresql:
|
|
||||||
enabled: false
|
|
||||||
postgresql-ha:
|
|
||||||
enabled: true
|
|
||||||
asserts:
|
|
||||||
- documentIndex: 0
|
|
||||||
matchRegex:
|
|
||||||
path: stringData.database
|
|
||||||
pattern: HOST=gitea-unittests-postgresql-ha-pgpool.testing.svc.cluster.local:5432
|
|
||||||
- it: renders the referenced service
|
|
||||||
template: charts/postgresql-ha/templates/pgpool/service.yaml
|
|
||||||
set:
|
|
||||||
postgresql:
|
|
||||||
enabled: false
|
|
||||||
postgresql-ha:
|
|
||||||
enabled: true
|
|
||||||
asserts:
|
|
||||||
- containsDocument:
|
|
||||||
kind: Service
|
|
||||||
apiVersion: v1
|
|
||||||
name: gitea-unittests-postgresql-ha-pgpool
|
|
||||||
namespace: testing
|
|
@@ -1,30 +0,0 @@
|
|||||||
suite: config template | database section (postgresql)
|
|
||||||
release:
|
|
||||||
name: gitea-unittests
|
|
||||||
namespace: testing
|
|
||||||
tests:
|
|
||||||
- it: "connects to postgresql service"
|
|
||||||
template: templates/gitea/config.yaml
|
|
||||||
set:
|
|
||||||
postgresql:
|
|
||||||
enabled: true
|
|
||||||
postgresql-ha:
|
|
||||||
enabled: false
|
|
||||||
asserts:
|
|
||||||
- documentIndex: 0
|
|
||||||
matchRegex:
|
|
||||||
path: stringData.database
|
|
||||||
pattern: HOST=gitea-unittests-postgresql.testing.svc.cluster.local:5432
|
|
||||||
- it: "renders the referenced service"
|
|
||||||
template: charts/postgresql/templates/primary/svc.yaml
|
|
||||||
set:
|
|
||||||
postgresql:
|
|
||||||
enabled: true
|
|
||||||
postgresql-ha:
|
|
||||||
enabled: false
|
|
||||||
asserts:
|
|
||||||
- containsDocument:
|
|
||||||
kind: Service
|
|
||||||
apiVersion: v1
|
|
||||||
name: gitea-unittests-postgresql
|
|
||||||
namespace: testing
|
|
@@ -1,17 +0,0 @@
|
|||||||
suite: deployment template (basic)
|
|
||||||
release:
|
|
||||||
name: gitea-unittests
|
|
||||||
namespace: testing
|
|
||||||
templates:
|
|
||||||
- templates/gitea/deployment.yaml
|
|
||||||
- templates/gitea/config.yaml
|
|
||||||
tests:
|
|
||||||
- it: renders a deployment
|
|
||||||
template: templates/gitea/deployment.yaml
|
|
||||||
asserts:
|
|
||||||
- hasDocuments:
|
|
||||||
count: 1
|
|
||||||
- containsDocument:
|
|
||||||
kind: Deployment
|
|
||||||
apiVersion: apps/v1
|
|
||||||
name: gitea-unittests
|
|
@@ -1,23 +0,0 @@
|
|||||||
suite: ingress template
|
|
||||||
release:
|
|
||||||
name: gitea-unittests
|
|
||||||
namespace: testing
|
|
||||||
templates:
|
|
||||||
- templates/gitea/ingress.yaml
|
|
||||||
tests:
|
|
||||||
- it: hostname using TPL
|
|
||||||
set:
|
|
||||||
global.giteaHostName: "gitea.example.com"
|
|
||||||
ingress.enabled: true
|
|
||||||
ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}"
|
|
||||||
ingress.tls:
|
|
||||||
- secretName: gitea-tls
|
|
||||||
hosts:
|
|
||||||
- "{{ .Values.global.giteaHostName }}"
|
|
||||||
asserts:
|
|
||||||
- equal:
|
|
||||||
path: spec.tls[0].hosts[0]
|
|
||||||
value: "gitea.example.com"
|
|
||||||
- equal:
|
|
||||||
path: spec.rules[0].host
|
|
||||||
value: "gitea.example.com"
|
|
12
unittests/helm/check-actions-not-present.yaml
Normal file
12
unittests/helm/check-actions-not-present.yaml
Normal file
@@ -0,0 +1,12 @@
|
|||||||
|
suite: Check if actions raises an error
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
tests:
|
||||||
|
- it: fails when trying to configure actions due to removal
|
||||||
|
set:
|
||||||
|
actions:
|
||||||
|
enabled: true
|
||||||
|
asserts:
|
||||||
|
- failedTemplate:
|
||||||
|
errorMessage: The actions sub-chart has been outsourced to a dedicated chart available at https://gitea.com/gitea/helm-actions. For assistance with the migration process, check https://gitea.com/gitea/helm-actions/issues/9.
|
24
unittests/helm/config/actions-config.yaml
Normal file
24
unittests/helm/config/actions-config.yaml
Normal file
@@ -0,0 +1,24 @@
|
|||||||
|
suite: config template | actions config
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/gitea/config.yaml
|
||||||
|
tests:
|
||||||
|
- it: "actions are enabled by default (based on vanilla Gitea behavior)"
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
notExists:
|
||||||
|
path: stringData.actions
|
||||||
|
|
||||||
|
- it: "actions can be disabled via inline config"
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
set:
|
||||||
|
gitea.config.actions.ENABLED: false
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: stringData.actions
|
||||||
|
value: |-
|
||||||
|
ENABLED=false
|
66
unittests/helm/config/cache-config.yaml
Normal file
66
unittests/helm/config/cache-config.yaml
Normal file
@@ -0,0 +1,66 @@
|
|||||||
|
suite: config template | cache config
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
tests:
|
||||||
|
- it: "cache is configured correctly for valkey-cluster"
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
set:
|
||||||
|
valkey-cluster:
|
||||||
|
enabled: true
|
||||||
|
valkey:
|
||||||
|
enabled: false
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: stringData.cache
|
||||||
|
value: |-
|
||||||
|
ADAPTER=redis
|
||||||
|
HOST=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||||
|
|
||||||
|
- it: "cache is configured correctly for valkey"
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
set:
|
||||||
|
valkey-cluster:
|
||||||
|
enabled: false
|
||||||
|
valkey:
|
||||||
|
enabled: true
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: stringData.cache
|
||||||
|
value: |-
|
||||||
|
ADAPTER=redis
|
||||||
|
HOST=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||||
|
|
||||||
|
- it: "cache is configured correctly for 'memory' when valkey (or valkey-cluster) is disabled"
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
set:
|
||||||
|
valkey-cluster:
|
||||||
|
enabled: false
|
||||||
|
valkey:
|
||||||
|
enabled: false
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: stringData.cache
|
||||||
|
value: |-
|
||||||
|
ADAPTER=memory
|
||||||
|
HOST=
|
||||||
|
|
||||||
|
- it: "cache can be customized when valkey (or valkey-cluster) is disabled"
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
set:
|
||||||
|
valkey-cluster:
|
||||||
|
enabled: false
|
||||||
|
valkey:
|
||||||
|
enabled: false
|
||||||
|
gitea.config.cache.ADAPTER: custom-adapter
|
||||||
|
gitea.config.cache.HOST: custom-host
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: stringData.cache
|
||||||
|
value: |-
|
||||||
|
ADAPTER=custom-adapter
|
||||||
|
HOST=custom-host
|
58
unittests/helm/config/metrics-section_metrics-token.yaml
Normal file
58
unittests/helm/config/metrics-section_metrics-token.yaml
Normal file
@@ -0,0 +1,58 @@
|
|||||||
|
suite: config template | metrics section (metrics token)
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
tests:
|
||||||
|
- it: metrics token is set
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
set:
|
||||||
|
gitea:
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
token: "somepassword"
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: stringData.metrics
|
||||||
|
value: |-
|
||||||
|
ENABLED=true
|
||||||
|
TOKEN=somepassword
|
||||||
|
- it: metrics token is empty
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
set:
|
||||||
|
gitea:
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
token: ""
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: stringData.metrics
|
||||||
|
value: |-
|
||||||
|
ENABLED=true
|
||||||
|
- it: metrics token is nil
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
set:
|
||||||
|
gitea:
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
token:
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: stringData.metrics
|
||||||
|
value: |-
|
||||||
|
ENABLED=true
|
||||||
|
- it: does not configures a token if metrics are disabled
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
set:
|
||||||
|
gitea:
|
||||||
|
metrics:
|
||||||
|
enabled: false
|
||||||
|
token: "somepassword"
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: stringData.metrics
|
||||||
|
value: |-
|
||||||
|
ENABLED=false
|
66
unittests/helm/config/queue-config.yaml
Normal file
66
unittests/helm/config/queue-config.yaml
Normal file
@@ -0,0 +1,66 @@
|
|||||||
|
suite: config template | queue config
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
tests:
|
||||||
|
- it: "queue is configured correctly for valkey-cluster"
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
set:
|
||||||
|
valkey-cluster:
|
||||||
|
enabled: true
|
||||||
|
valkey:
|
||||||
|
enabled: false
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: stringData.queue
|
||||||
|
value: |-
|
||||||
|
CONN_STR=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||||
|
TYPE=redis
|
||||||
|
|
||||||
|
- it: "queue is configured correctly for valkey"
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
set:
|
||||||
|
valkey-cluster:
|
||||||
|
enabled: false
|
||||||
|
valkey:
|
||||||
|
enabled: true
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: stringData.queue
|
||||||
|
value: |-
|
||||||
|
CONN_STR=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||||
|
TYPE=redis
|
||||||
|
|
||||||
|
- it: "queue is configured correctly for 'levelDB' when valkey (and valkey-cluster) is disabled"
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
set:
|
||||||
|
valkey-cluster:
|
||||||
|
enabled: false
|
||||||
|
valkey:
|
||||||
|
enabled: false
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: stringData.queue
|
||||||
|
value: |-
|
||||||
|
CONN_STR=
|
||||||
|
TYPE=level
|
||||||
|
|
||||||
|
- it: "queue can be customized when valkey (and valkey-cluster) are disabled"
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
set:
|
||||||
|
valkey-cluster:
|
||||||
|
enabled: false
|
||||||
|
valkey:
|
||||||
|
enabled: false
|
||||||
|
gitea.config.queue.TYPE: custom-type
|
||||||
|
gitea.config.queue.CONN_STR: custom-connection-string
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: stringData.queue
|
||||||
|
value: |-
|
||||||
|
CONN_STR=custom-connection-string
|
||||||
|
TYPE=custom-type
|
66
unittests/helm/config/session-config.yaml
Normal file
66
unittests/helm/config/session-config.yaml
Normal file
@@ -0,0 +1,66 @@
|
|||||||
|
suite: config template | session config
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
tests:
|
||||||
|
- it: "session is configured correctly for valkey-cluster"
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
set:
|
||||||
|
valkey-cluster:
|
||||||
|
enabled: true
|
||||||
|
valkey:
|
||||||
|
enabled: false
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: stringData.session
|
||||||
|
value: |-
|
||||||
|
PROVIDER=redis
|
||||||
|
PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||||
|
|
||||||
|
- it: "session is configured correctly for valkey"
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
set:
|
||||||
|
valkey-cluster:
|
||||||
|
enabled: false
|
||||||
|
valkey:
|
||||||
|
enabled: true
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: stringData.session
|
||||||
|
value: |-
|
||||||
|
PROVIDER=redis
|
||||||
|
PROVIDER_CONFIG=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||||
|
|
||||||
|
- it: "session is configured correctly for 'memory' when valkey (and valkey-cluster) is disabled"
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
set:
|
||||||
|
valkey-cluster:
|
||||||
|
enabled: false
|
||||||
|
valkey:
|
||||||
|
enabled: false
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: stringData.session
|
||||||
|
value: |-
|
||||||
|
PROVIDER=memory
|
||||||
|
PROVIDER_CONFIG=
|
||||||
|
|
||||||
|
- it: "session can be customized when valkey (and valkey-cluster) is disabled"
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
set:
|
||||||
|
valkey-cluster:
|
||||||
|
enabled: false
|
||||||
|
valkey:
|
||||||
|
enabled: false
|
||||||
|
gitea.config.session.PROVIDER: custom-provider
|
||||||
|
gitea.config.session.PROVIDER_CONFIG: custom-provider-config
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: stringData.session
|
||||||
|
value: |-
|
||||||
|
PROVIDER=custom-provider
|
||||||
|
PROVIDER_CONFIG=custom-provider-config
|
@@ -0,0 +1,129 @@
|
|||||||
|
suite: Dependency checks | Customization integrity | postgresql-ha
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
set:
|
||||||
|
postgresql:
|
||||||
|
enabled: false
|
||||||
|
postgresql-ha:
|
||||||
|
enabled: true
|
||||||
|
global:
|
||||||
|
postgresql:
|
||||||
|
database: gitea-database
|
||||||
|
password: gitea-password
|
||||||
|
username: gitea-username
|
||||||
|
postgresql:
|
||||||
|
repmgrPassword: custom-password-repmgr
|
||||||
|
postgresPassword: custom-password-postgres
|
||||||
|
password: custom-password-overwritten-by-global-postgresql-password
|
||||||
|
pgpool:
|
||||||
|
adminPassword: custom-password-pgpool
|
||||||
|
srCheckPassword: custom-password-sr-check
|
||||||
|
service:
|
||||||
|
ports:
|
||||||
|
postgresql: 1234
|
||||||
|
persistence:
|
||||||
|
size: 1337Mi
|
||||||
|
tests:
|
||||||
|
- it: "[postgresql-ha] DB settings are applied as expected"
|
||||||
|
template: charts/postgresql-ha/templates/postgresql/statefulset.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
contains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: POSTGRES_DB
|
||||||
|
value: "gitea-database"
|
||||||
|
- documentIndex: 0
|
||||||
|
contains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: POSTGRES_USER
|
||||||
|
value: "gitea-username"
|
||||||
|
- it: "[postgresql-ha] DB passwords are applied as expected"
|
||||||
|
template: charts/postgresql-ha/templates/postgresql/secrets.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: data["repmgr-password"]
|
||||||
|
value: "Y3VzdG9tLXBhc3N3b3JkLXJlcG1ncg=="
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: data["postgres-password"]
|
||||||
|
value: "Y3VzdG9tLXBhc3N3b3JkLXBvc3RncmVz"
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: data["password"]
|
||||||
|
value: "Z2l0ZWEtcGFzc3dvcmQ=" # postgresql-ha.postgresql.password is overwritten by postgresql-ha.global.postgresql.password and should not be referenced here
|
||||||
|
- it: "[postgresql-ha] pgpool.adminPassword is applied as expected"
|
||||||
|
template: charts/postgresql-ha/templates/pgpool/secrets.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: data["admin-password"]
|
||||||
|
value: "Y3VzdG9tLXBhc3N3b3JkLXBncG9vbA=="
|
||||||
|
- it: "[postgresql-ha] pgpool.adminPassword is applied as expected"
|
||||||
|
template: charts/postgresql-ha/templates/pgpool/secrets.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: data["admin-password"]
|
||||||
|
value: "Y3VzdG9tLXBhc3N3b3JkLXBncG9vbA=="
|
||||||
|
- it: "[postgresql-ha] pgpool.adminPassword is applied as expected"
|
||||||
|
template: charts/postgresql-ha/templates/pgpool/secrets.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: data["admin-password"]
|
||||||
|
value: "Y3VzdG9tLXBhc3N3b3JkLXBncG9vbA=="
|
||||||
|
- it: "[postgresql-ha] pgpool.srCheckPassword is applied as expected"
|
||||||
|
template: charts/postgresql-ha/templates/pgpool/secrets.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: data["sr-check-password"]
|
||||||
|
value: "Y3VzdG9tLXBhc3N3b3JkLXNyLWNoZWNr"
|
||||||
|
- it: "[postgresql-ha] persistence.size is applied as expected"
|
||||||
|
template: charts/postgresql-ha/templates/postgresql/statefulset.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: spec.volumeClaimTemplates[0].spec.resources.requests.storage
|
||||||
|
value: "1337Mi"
|
||||||
|
- it: "[postgresql-ha] service.ports.postgresql is applied as expected"
|
||||||
|
template: charts/postgresql-ha/templates/pgpool/service.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: spec.ports[0].port
|
||||||
|
value: 1234
|
||||||
|
- it: "[postgresql-ha] renders the referenced service"
|
||||||
|
template: charts/postgresql-ha/templates/pgpool/service.yaml
|
||||||
|
asserts:
|
||||||
|
- containsDocument:
|
||||||
|
kind: Service
|
||||||
|
apiVersion: v1
|
||||||
|
name: gitea-unittests-postgresql-ha-pgpool
|
||||||
|
namespace: testing
|
||||||
|
- it: "[gitea] connects to pgpool service"
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
matchRegex:
|
||||||
|
path: stringData.database
|
||||||
|
pattern: HOST=gitea-unittests-postgresql-ha-pgpool.testing.svc.cluster.local:1234
|
||||||
|
- it: "[gitea] connects to configured database"
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
matchRegex:
|
||||||
|
path: stringData.database
|
||||||
|
pattern: NAME=gitea-database
|
||||||
|
- documentIndex: 0
|
||||||
|
matchRegex:
|
||||||
|
path: stringData.database
|
||||||
|
pattern: USER=gitea-username
|
||||||
|
- documentIndex: 0
|
||||||
|
matchRegex:
|
||||||
|
path: stringData.database
|
||||||
|
pattern: PASSWD=gitea-password
|
@@ -0,0 +1,88 @@
|
|||||||
|
suite: Dependency checks | Customization integrity | postgresql
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
set:
|
||||||
|
postgresql-ha:
|
||||||
|
enabled: false
|
||||||
|
postgresql:
|
||||||
|
enabled: true
|
||||||
|
global:
|
||||||
|
postgresql:
|
||||||
|
auth:
|
||||||
|
password: gitea-password
|
||||||
|
database: gitea-database
|
||||||
|
username: gitea-username
|
||||||
|
service:
|
||||||
|
ports:
|
||||||
|
postgresql: 1234
|
||||||
|
primary:
|
||||||
|
persistence:
|
||||||
|
size: 1337Mi
|
||||||
|
tests:
|
||||||
|
- it: "[postgresql] DB settings are applied as expected"
|
||||||
|
template: charts/postgresql/templates/primary/statefulset.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
contains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: POSTGRES_DATABASE
|
||||||
|
value: "gitea-database"
|
||||||
|
- documentIndex: 0
|
||||||
|
contains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: POSTGRES_USER
|
||||||
|
value: "gitea-username"
|
||||||
|
- it: "[postgresql] DB password is applied as expected"
|
||||||
|
template: charts/postgresql/templates/secrets.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: data["password"]
|
||||||
|
value: "Z2l0ZWEtcGFzc3dvcmQ="
|
||||||
|
- it: "[postgresql] primary.persistence.size is applied as expected"
|
||||||
|
template: charts/postgresql/templates/primary/statefulset.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: spec.volumeClaimTemplates[0].spec.resources.requests.storage
|
||||||
|
value: "1337Mi"
|
||||||
|
- it: "[postgresql] global.postgresql.service.ports.postgresql is applied as expected"
|
||||||
|
template: charts/postgresql/templates/primary/svc.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: spec.ports[0].port
|
||||||
|
value: 1234
|
||||||
|
- it: "[postgresql] renders the referenced service"
|
||||||
|
template: charts/postgresql/templates/primary/svc.yaml
|
||||||
|
asserts:
|
||||||
|
- containsDocument:
|
||||||
|
kind: Service
|
||||||
|
apiVersion: v1
|
||||||
|
name: gitea-unittests-postgresql
|
||||||
|
namespace: testing
|
||||||
|
- it: "[gitea] connects to postgresql service"
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
matchRegex:
|
||||||
|
path: stringData.database
|
||||||
|
pattern: HOST=gitea-unittests-postgresql.testing.svc.cluster.local:1234
|
||||||
|
- it: "[gitea] connects to configured database"
|
||||||
|
template: templates/gitea/config.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
matchRegex:
|
||||||
|
path: stringData.database
|
||||||
|
pattern: NAME=gitea-database
|
||||||
|
- documentIndex: 0
|
||||||
|
matchRegex:
|
||||||
|
path: stringData.database
|
||||||
|
pattern: USER=gitea-username
|
||||||
|
- documentIndex: 0
|
||||||
|
matchRegex:
|
||||||
|
path: stringData.database
|
||||||
|
pattern: PASSWD=gitea-password
|
@@ -0,0 +1,90 @@
|
|||||||
|
suite: Dependency checks | Customization integrity | valkey-cluster
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
set:
|
||||||
|
valkey:
|
||||||
|
enabled: false
|
||||||
|
valkey-cluster:
|
||||||
|
enabled: true
|
||||||
|
usePassword: false
|
||||||
|
cluster:
|
||||||
|
nodes: 5
|
||||||
|
replicas: 2
|
||||||
|
tests:
|
||||||
|
- it: "[valkey-cluster] configures correct nodes/replicas"
|
||||||
|
template: charts/valkey-cluster/templates/valkey-statefulset.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: spec.replicas
|
||||||
|
value: 5
|
||||||
|
- documentIndex: 0
|
||||||
|
matchRegex:
|
||||||
|
path: spec.template.spec.containers[0].args[0]
|
||||||
|
pattern: VALKEY_CLUSTER_REPLICAS="2"
|
||||||
|
- it: "[valkey-cluster] support auth-less connections"
|
||||||
|
asserts:
|
||||||
|
- template: charts/valkey-cluster/templates/secret.yaml
|
||||||
|
hasDocuments:
|
||||||
|
count: 0
|
||||||
|
- template: charts/valkey-cluster/templates/valkey-statefulset.yaml
|
||||||
|
documentIndex: 0
|
||||||
|
contains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: ALLOW_EMPTY_PASSWORD
|
||||||
|
value: "yes"
|
||||||
|
- it: "[valkey-cluster] support auth-full connections"
|
||||||
|
set:
|
||||||
|
valkey-cluster:
|
||||||
|
usePassword: true
|
||||||
|
asserts:
|
||||||
|
- template: charts/valkey-cluster/templates/secret.yaml
|
||||||
|
containsDocument:
|
||||||
|
kind: Secret
|
||||||
|
apiVersion: v1
|
||||||
|
name: gitea-unittests-valkey-cluster
|
||||||
|
namespace: testing
|
||||||
|
- template: charts/valkey-cluster/templates/valkey-statefulset.yaml
|
||||||
|
documentIndex: 0
|
||||||
|
contains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: REDISCLI_AUTH
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: gitea-unittests-valkey-cluster
|
||||||
|
key: valkey-password
|
||||||
|
- template: charts/valkey-cluster/templates/valkey-statefulset.yaml
|
||||||
|
documentIndex: 0
|
||||||
|
contains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: REDISCLI_AUTH
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: gitea-unittests-valkey-cluster
|
||||||
|
key: valkey-password
|
||||||
|
- it: "[valkey-cluster] renders the referenced service"
|
||||||
|
template: charts/valkey-cluster/templates/headless-svc.yaml
|
||||||
|
asserts:
|
||||||
|
- containsDocument:
|
||||||
|
kind: Service
|
||||||
|
apiVersion: v1
|
||||||
|
name: gitea-unittests-valkey-cluster-headless
|
||||||
|
namespace: testing
|
||||||
|
- documentIndex: 0
|
||||||
|
contains:
|
||||||
|
path: spec.ports
|
||||||
|
content:
|
||||||
|
name: tcp-redis
|
||||||
|
port: 6379
|
||||||
|
targetPort: tcp-redis
|
||||||
|
- it: "[gitea] waits for valkey-cluster to be up and running"
|
||||||
|
template: templates/gitea/init.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
matchRegex:
|
||||||
|
path: stringData["configure_gitea.sh"]
|
||||||
|
pattern: nc -vz -w2 gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local 6379
|
@@ -0,0 +1,52 @@
|
|||||||
|
suite: Dependency checks | Customization integrity | valkey
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
set:
|
||||||
|
valkey-cluster:
|
||||||
|
enabled: false
|
||||||
|
valkey:
|
||||||
|
enabled: true
|
||||||
|
architecture: standalone
|
||||||
|
global:
|
||||||
|
valkey:
|
||||||
|
password: gitea-password
|
||||||
|
master:
|
||||||
|
count: 2
|
||||||
|
tests:
|
||||||
|
- it: "[valkey] configures correct 'master' nodes"
|
||||||
|
template: charts/valkey/templates/primary/application.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: spec.replicas
|
||||||
|
value: 1
|
||||||
|
- it: "[valkey] valkey.global.valkey.password is applied as expected"
|
||||||
|
template: charts/valkey/templates/secret.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
equal:
|
||||||
|
path: data["valkey-password"]
|
||||||
|
value: "Z2l0ZWEtcGFzc3dvcmQ="
|
||||||
|
- it: "[valkey] renders the referenced service"
|
||||||
|
template: charts/valkey/templates/headless-svc.yaml
|
||||||
|
asserts:
|
||||||
|
- containsDocument:
|
||||||
|
kind: Service
|
||||||
|
apiVersion: v1
|
||||||
|
name: gitea-unittests-valkey-headless
|
||||||
|
namespace: testing
|
||||||
|
- documentIndex: 0
|
||||||
|
contains:
|
||||||
|
path: spec.ports
|
||||||
|
content:
|
||||||
|
name: tcp-redis
|
||||||
|
port: 6379
|
||||||
|
targetPort: redis
|
||||||
|
- it: "[gitea] waits for valkey to be up and running"
|
||||||
|
template: templates/gitea/init.yaml
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
matchRegex:
|
||||||
|
path: stringData["configure_gitea.sh"]
|
||||||
|
pattern: nc -vz -w2 gitea-unittests-valkey-headless.testing.svc.cluster.local 6379
|
57
unittests/helm/dependency-checks/major-image-bump.yaml
Normal file
57
unittests/helm/dependency-checks/major-image-bump.yaml
Normal file
@@ -0,0 +1,57 @@
|
|||||||
|
suite: Dependency checks | Major image bumps
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
tests:
|
||||||
|
- it: "[postgresql-ha] ensures we detect major image version upgrades"
|
||||||
|
template: charts/postgresql-ha/templates/postgresql/statefulset.yaml
|
||||||
|
set:
|
||||||
|
postgresql:
|
||||||
|
enabled: false
|
||||||
|
postgresql-ha:
|
||||||
|
enabled: true
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
matchRegex:
|
||||||
|
path: spec.template.spec.containers[0].image
|
||||||
|
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
|
||||||
|
pattern: bitnami/postgresql-repmgr:17.+$
|
||||||
|
- it: "[postgresql] ensures we detect major image version upgrades"
|
||||||
|
template: charts/postgresql/templates/primary/statefulset.yaml
|
||||||
|
set:
|
||||||
|
postgresql:
|
||||||
|
enabled: true
|
||||||
|
postgresql-ha:
|
||||||
|
enabled: false
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
matchRegex:
|
||||||
|
path: spec.template.spec.containers[0].image
|
||||||
|
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
|
||||||
|
pattern: bitnami/postgresql:17.+$
|
||||||
|
- it: "[valkey-cluster] ensures we detect major image version upgrades"
|
||||||
|
template: charts/valkey-cluster/templates/valkey-statefulset.yaml
|
||||||
|
set:
|
||||||
|
valkey-cluster:
|
||||||
|
enabled: true
|
||||||
|
valkey:
|
||||||
|
enabled: false
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
matchRegex:
|
||||||
|
path: spec.template.spec.containers[0].image
|
||||||
|
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
|
||||||
|
pattern: bitnami/valkey-cluster:8.+$
|
||||||
|
- it: "[valkey] ensures we detect major image version upgrades"
|
||||||
|
template: charts/valkey/templates/primary/application.yaml
|
||||||
|
set:
|
||||||
|
valkey-cluster:
|
||||||
|
enabled: false
|
||||||
|
valkey:
|
||||||
|
enabled: true
|
||||||
|
asserts:
|
||||||
|
- documentIndex: 0
|
||||||
|
matchRegex:
|
||||||
|
path: spec.template.spec.containers[0].image
|
||||||
|
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
|
||||||
|
pattern: bitnami/valkey:8.+$
|
59
unittests/helm/deployment/HA.yaml
Normal file
59
unittests/helm/deployment/HA.yaml
Normal file
@@ -0,0 +1,59 @@
|
|||||||
|
suite: deployment template (HA)
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/gitea/deployment.yaml
|
||||||
|
- templates/gitea/config.yaml
|
||||||
|
tests:
|
||||||
|
- it: fails with multiple replicas and "GIT_GC_REPOS" enabled
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
set:
|
||||||
|
replicaCount: 2
|
||||||
|
persistence:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteMany
|
||||||
|
gitea:
|
||||||
|
config:
|
||||||
|
cron:
|
||||||
|
GIT_GC_REPOS:
|
||||||
|
ENABLED: true
|
||||||
|
asserts:
|
||||||
|
- failedTemplate:
|
||||||
|
errorMessage: "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'gitea.config.cron.GIT_GC_REPOS.enabled = false'."
|
||||||
|
- it: fails with multiple replicas and RWX file system not set
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
set:
|
||||||
|
replicaCount: 2
|
||||||
|
asserts:
|
||||||
|
- failedTemplate:
|
||||||
|
errorMessage: "When using multiple replicas, a RWX file system is required and persistence.accessModes[0] must be set to ReadWriteMany."
|
||||||
|
- it: fails with multiple replicas and bleve issue indexer
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
set:
|
||||||
|
replicaCount: 2
|
||||||
|
persistence:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteMany
|
||||||
|
gitea:
|
||||||
|
config:
|
||||||
|
indexer:
|
||||||
|
ISSUE_INDEXER_TYPE: bleve
|
||||||
|
asserts:
|
||||||
|
- failedTemplate:
|
||||||
|
errorMessage: "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)."
|
||||||
|
- it: fails with multiple replicas and bleve repo indexer
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
set:
|
||||||
|
replicaCount: 2
|
||||||
|
persistence:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteMany
|
||||||
|
gitea:
|
||||||
|
config:
|
||||||
|
indexer:
|
||||||
|
REPO_INDEXER_TYPE: bleve
|
||||||
|
REPO_INDEXER_ENABLED: true
|
||||||
|
asserts:
|
||||||
|
- failedTemplate:
|
||||||
|
errorMessage: "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled."
|
95
unittests/helm/deployment/basic.yaml
Normal file
95
unittests/helm/deployment/basic.yaml
Normal file
@@ -0,0 +1,95 @@
|
|||||||
|
suite: deployment template (basic)
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/gitea/deployment.yaml
|
||||||
|
- templates/gitea/config.yaml
|
||||||
|
tests:
|
||||||
|
- it: renders a deployment
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- containsDocument:
|
||||||
|
kind: Deployment
|
||||||
|
apiVersion: apps/v1
|
||||||
|
name: gitea-unittests
|
||||||
|
- it: deployment labels are set
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
set:
|
||||||
|
deployment.labels:
|
||||||
|
hello: world
|
||||||
|
asserts:
|
||||||
|
- isSubset:
|
||||||
|
path: metadata.labels
|
||||||
|
content:
|
||||||
|
hello: world
|
||||||
|
- isSubset:
|
||||||
|
path: spec.template.metadata.labels
|
||||||
|
content:
|
||||||
|
hello: world
|
||||||
|
- it: "injects TMP_EXISTING_ENVS_FILE as environment variable to 'init-app-ini' init container"
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
asserts:
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.initContainers[1].env
|
||||||
|
content:
|
||||||
|
name: TMP_EXISTING_ENVS_FILE
|
||||||
|
value: /tmp/existing-envs
|
||||||
|
- it: "injects ENV_TO_INI_MOUNT_POINT as environment variable to 'init-app-ini' init container"
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
asserts:
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.initContainers[1].env
|
||||||
|
content:
|
||||||
|
name: ENV_TO_INI_MOUNT_POINT
|
||||||
|
value: /env-to-ini-mounts
|
||||||
|
- it: CPU resources are defined as well as GOMAXPROCS
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
set:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 200ms
|
||||||
|
memory: 200Mi
|
||||||
|
requests:
|
||||||
|
cpu: 100ms
|
||||||
|
memory: 100Mi
|
||||||
|
asserts:
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: GOMAXPROCS
|
||||||
|
valueFrom:
|
||||||
|
resourceFieldRef:
|
||||||
|
divisor: "1"
|
||||||
|
resource: limits.cpu
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.containers[0].resources
|
||||||
|
value:
|
||||||
|
limits:
|
||||||
|
cpu: 200ms
|
||||||
|
memory: 200Mi
|
||||||
|
requests:
|
||||||
|
cpu: 100ms
|
||||||
|
memory: 100Mi
|
||||||
|
- it: Init containers have correct volumeMount path
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
set:
|
||||||
|
initContainersScriptsVolumeMountPath: "/custom/init/path"
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="init")].mountPath
|
||||||
|
value: "/custom/init/path"
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="config")].mountPath
|
||||||
|
value: "/custom/init/path"
|
||||||
|
- it: Init containers have correct volumeMount path if there is no override
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="init")].mountPath
|
||||||
|
value: "/usr/sbinx"
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="config")].mountPath
|
||||||
|
value: "/usr/sbinx"
|
150
unittests/helm/deployment/deployment-additional-config.yaml
Normal file
150
unittests/helm/deployment/deployment-additional-config.yaml
Normal file
@@ -0,0 +1,150 @@
|
|||||||
|
suite: deployment template
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/gitea/deployment.yaml
|
||||||
|
- templates/gitea/config.yaml
|
||||||
|
tests:
|
||||||
|
- it: Renders a deployment
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- containsDocument:
|
||||||
|
kind: Deployment
|
||||||
|
apiVersion: apps/v1
|
||||||
|
name: gitea-unittests
|
||||||
|
- it: Deployment with empty additionalConfigFromEnvs
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
set:
|
||||||
|
gitea.additionalConfigFromEnvs: []
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- exists:
|
||||||
|
path: spec.template.spec.initContainers[1].env
|
||||||
|
- lengthEqual:
|
||||||
|
path: spec.template.spec.initContainers[1].env
|
||||||
|
count: 6
|
||||||
|
- isSubset:
|
||||||
|
path: spec.template.spec.initContainers[1]
|
||||||
|
content:
|
||||||
|
env:
|
||||||
|
- name: GITEA_APP_INI
|
||||||
|
value: /data/gitea/conf/app.ini
|
||||||
|
- name: GITEA_CUSTOM
|
||||||
|
value: /data/gitea
|
||||||
|
- name: GITEA_WORK_DIR
|
||||||
|
value: /data
|
||||||
|
- name: GITEA_TEMP
|
||||||
|
value: /tmp/gitea
|
||||||
|
- name: TMP_EXISTING_ENVS_FILE
|
||||||
|
value: /tmp/existing-envs
|
||||||
|
- name: ENV_TO_INI_MOUNT_POINT
|
||||||
|
value: /env-to-ini-mounts
|
||||||
|
- it: Deployment with standard additionalConfigFromEnvs
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
set:
|
||||||
|
gitea.additionalConfigFromEnvs: [{name: GITEA_database_HOST, value: my-db:123}, {name: GITEA_database_USER, value: my-user}]
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- exists:
|
||||||
|
path: spec.template.spec.initContainers[1].env
|
||||||
|
- lengthEqual:
|
||||||
|
path: spec.template.spec.initContainers[1].env
|
||||||
|
count: 8
|
||||||
|
- isSubset:
|
||||||
|
path: spec.template.spec.initContainers[1]
|
||||||
|
content:
|
||||||
|
env:
|
||||||
|
- name: GITEA_APP_INI
|
||||||
|
value: /data/gitea/conf/app.ini
|
||||||
|
- name: GITEA_CUSTOM
|
||||||
|
value: /data/gitea
|
||||||
|
- name: GITEA_WORK_DIR
|
||||||
|
value: /data
|
||||||
|
- name: GITEA_TEMP
|
||||||
|
value: /tmp/gitea
|
||||||
|
- name: TMP_EXISTING_ENVS_FILE
|
||||||
|
value: /tmp/existing-envs
|
||||||
|
- name: ENV_TO_INI_MOUNT_POINT
|
||||||
|
value: /env-to-ini-mounts
|
||||||
|
- name: GITEA_database_HOST
|
||||||
|
value: my-db:123
|
||||||
|
- name: GITEA_database_USER
|
||||||
|
value: my-user
|
||||||
|
- it: Deployment with templated additionalConfigFromEnvs
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
set:
|
||||||
|
gitea.misc.host: my-db-host:321
|
||||||
|
gitea.misc.user: my-db-user
|
||||||
|
gitea.additionalConfigFromEnvs: [{name: GITEA_database_HOST, value: "{{ .Values.gitea.misc.host }}"}, {name: GITEA_database_USER, value: "{{ .Values.gitea.misc.user }}"}]
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- exists:
|
||||||
|
path: spec.template.spec.initContainers[1].env
|
||||||
|
- lengthEqual:
|
||||||
|
path: spec.template.spec.initContainers[1].env
|
||||||
|
count: 8
|
||||||
|
- isSubset:
|
||||||
|
path: spec.template.spec.initContainers[1]
|
||||||
|
content:
|
||||||
|
env:
|
||||||
|
- name: GITEA_APP_INI
|
||||||
|
value: /data/gitea/conf/app.ini
|
||||||
|
- name: GITEA_CUSTOM
|
||||||
|
value: /data/gitea
|
||||||
|
- name: GITEA_WORK_DIR
|
||||||
|
value: /data
|
||||||
|
- name: GITEA_TEMP
|
||||||
|
value: /tmp/gitea
|
||||||
|
- name: TMP_EXISTING_ENVS_FILE
|
||||||
|
value: /tmp/existing-envs
|
||||||
|
- name: ENV_TO_INI_MOUNT_POINT
|
||||||
|
value: /env-to-ini-mounts
|
||||||
|
- name: GITEA_database_HOST
|
||||||
|
value: my-db-host:321
|
||||||
|
- name: GITEA_database_USER
|
||||||
|
value: my-db-user
|
||||||
|
- it: Deployment with additionalConfigFromEnvs templated secret name
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
set:
|
||||||
|
gitea.misc.existingSecret: my-db-secret
|
||||||
|
gitea.additionalConfigFromEnvs[0]:
|
||||||
|
name: GITEA_database_HOST
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: "{{ .Values.gitea.misc.existingSecret }}"
|
||||||
|
key: password
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- exists:
|
||||||
|
path: spec.template.spec.initContainers[1].env
|
||||||
|
- lengthEqual:
|
||||||
|
path: spec.template.spec.initContainers[1].env
|
||||||
|
count: 7
|
||||||
|
- isSubset:
|
||||||
|
path: spec.template.spec.initContainers[1]
|
||||||
|
content:
|
||||||
|
env:
|
||||||
|
- name: GITEA_APP_INI
|
||||||
|
value: /data/gitea/conf/app.ini
|
||||||
|
- name: GITEA_CUSTOM
|
||||||
|
value: /data/gitea
|
||||||
|
- name: GITEA_WORK_DIR
|
||||||
|
value: /data
|
||||||
|
- name: GITEA_TEMP
|
||||||
|
value: /tmp/gitea
|
||||||
|
- name: TMP_EXISTING_ENVS_FILE
|
||||||
|
value: /tmp/existing-envs
|
||||||
|
- name: ENV_TO_INI_MOUNT_POINT
|
||||||
|
value: /env-to-ini-mounts
|
||||||
|
- name: GITEA_database_HOST
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: "my-db-secret"
|
||||||
|
key: password
|
@@ -14,7 +14,7 @@ tests:
|
|||||||
asserts:
|
asserts:
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.containers[0].image
|
path: spec.template.spec.containers[0].image
|
||||||
value: "gitea/gitea:1.19.3-rootless"
|
value: "docker.gitea.com/gitea:1.19.3-rootless"
|
||||||
- it: tag override
|
- it: tag override
|
||||||
template: templates/gitea/deployment.yaml
|
template: templates/gitea/deployment.yaml
|
||||||
set:
|
set:
|
||||||
@@ -22,7 +22,7 @@ tests:
|
|||||||
asserts:
|
asserts:
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.containers[0].image
|
path: spec.template.spec.containers[0].image
|
||||||
value: "gitea/gitea:1.19.4-rootless"
|
value: "docker.gitea.com/gitea:1.19.4-rootless"
|
||||||
- it: root-based image
|
- it: root-based image
|
||||||
template: templates/gitea/deployment.yaml
|
template: templates/gitea/deployment.yaml
|
||||||
set:
|
set:
|
||||||
@@ -30,7 +30,7 @@ tests:
|
|||||||
asserts:
|
asserts:
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.containers[0].image
|
path: spec.template.spec.containers[0].image
|
||||||
value: "gitea/gitea:1.19.3"
|
value: "docker.gitea.com/gitea:1.19.3"
|
||||||
- it: scoped registry
|
- it: scoped registry
|
||||||
template: templates/gitea/deployment.yaml
|
template: templates/gitea/deployment.yaml
|
||||||
set:
|
set:
|
||||||
@@ -38,7 +38,7 @@ tests:
|
|||||||
asserts:
|
asserts:
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.containers[0].image
|
path: spec.template.spec.containers[0].image
|
||||||
value: "example.com/gitea/gitea:1.19.3-rootless"
|
value: "example.com/gitea:1.19.3-rootless"
|
||||||
- it: global registry
|
- it: global registry
|
||||||
template: templates/gitea/deployment.yaml
|
template: templates/gitea/deployment.yaml
|
||||||
set:
|
set:
|
||||||
@@ -46,7 +46,7 @@ tests:
|
|||||||
asserts:
|
asserts:
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.containers[0].image
|
path: spec.template.spec.containers[0].image
|
||||||
value: "global.example.com/gitea/gitea:1.19.3-rootless"
|
value: "global.example.com/gitea:1.19.3-rootless"
|
||||||
- it: digest for rootless image
|
- it: digest for rootless image
|
||||||
template: templates/gitea/deployment.yaml
|
template: templates/gitea/deployment.yaml
|
||||||
set:
|
set:
|
||||||
@@ -56,12 +56,12 @@ tests:
|
|||||||
asserts:
|
asserts:
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.containers[0].image
|
path: spec.template.spec.containers[0].image
|
||||||
value: "gitea/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
|
value: "docker.gitea.com/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
|
||||||
- it: image fullOverride (does not append rootless)
|
- it: image fullOverride (does not append rootless)
|
||||||
template: templates/gitea/deployment.yaml
|
template: templates/gitea/deployment.yaml
|
||||||
set:
|
set:
|
||||||
image:
|
image:
|
||||||
fullOverride: gitea/gitea:1.19.3
|
fullOverride: docker.gitea.com/gitea:1.19.3
|
||||||
# setting rootless, registry, repository, tag, and digest to prove that override works
|
# setting rootless, registry, repository, tag, and digest to prove that override works
|
||||||
rootless: true
|
rootless: true
|
||||||
registry: example.com
|
registry: example.com
|
||||||
@@ -71,7 +71,7 @@ tests:
|
|||||||
asserts:
|
asserts:
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.containers[0].image
|
path: spec.template.spec.containers[0].image
|
||||||
value: "gitea/gitea:1.19.3"
|
value: "docker.gitea.com/gitea:1.19.3"
|
||||||
- it: digest for root-based image
|
- it: digest for root-based image
|
||||||
template: templates/gitea/deployment.yaml
|
template: templates/gitea/deployment.yaml
|
||||||
set:
|
set:
|
||||||
@@ -81,7 +81,7 @@ tests:
|
|||||||
asserts:
|
asserts:
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.containers[0].image
|
path: spec.template.spec.containers[0].image
|
||||||
value: "gitea/gitea:1.19.3@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
|
value: "docker.gitea.com/gitea:1.19.3@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
|
||||||
- it: digest and global registry
|
- it: digest and global registry
|
||||||
template: templates/gitea/deployment.yaml
|
template: templates/gitea/deployment.yaml
|
||||||
set:
|
set:
|
||||||
@@ -90,4 +90,21 @@ tests:
|
|||||||
asserts:
|
asserts:
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.containers[0].image
|
path: spec.template.spec.containers[0].image
|
||||||
value: "global.example.com/gitea/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
|
value: "global.example.com/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
|
||||||
|
- it: correctly renders floating tag references
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
set:
|
||||||
|
image.tag: 1.21 # use non-quoted value on purpose. See: https://gitea.com/gitea/helm-gitea/issues/631
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.initContainers[0].image
|
||||||
|
value: "docker.gitea.com/gitea:1.21-rootless"
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.initContainers[1].image
|
||||||
|
value: "docker.gitea.com/gitea:1.21-rootless"
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.initContainers[2].image
|
||||||
|
value: "docker.gitea.com/gitea:1.21-rootless"
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.containers[0].image
|
||||||
|
value: "docker.gitea.com/gitea:1.21-rootless"
|
45
unittests/helm/deployment/ingress-configuration.yaml
Normal file
45
unittests/helm/deployment/ingress-configuration.yaml
Normal file
@@ -0,0 +1,45 @@
|
|||||||
|
suite: Test ingress tpl use
|
||||||
|
templates:
|
||||||
|
- templates/gitea/ingress.yaml
|
||||||
|
tests:
|
||||||
|
- it: Ingress Class using TPL
|
||||||
|
set:
|
||||||
|
global.ingress.className: "ingress-class"
|
||||||
|
ingress.className: "{{ .Values.global.ingress.className }}"
|
||||||
|
ingress.enabled: true
|
||||||
|
ingress.hosts[0].host: "some-host"
|
||||||
|
ingress.tls:
|
||||||
|
- secretName: gitea-tls
|
||||||
|
hosts:
|
||||||
|
- "some-host"
|
||||||
|
asserts:
|
||||||
|
- isKind:
|
||||||
|
of: Ingress
|
||||||
|
- equal:
|
||||||
|
path: spec.tls[0].hosts[0]
|
||||||
|
value: "some-host"
|
||||||
|
- equal:
|
||||||
|
path: spec.rules[0].host
|
||||||
|
value: "some-host"
|
||||||
|
- equal:
|
||||||
|
path: spec.ingressClassName
|
||||||
|
value: "ingress-class"
|
||||||
|
|
||||||
|
- it: hostname using TPL
|
||||||
|
set:
|
||||||
|
global.giteaHostName: "gitea.example.com"
|
||||||
|
ingress.enabled: true
|
||||||
|
ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}"
|
||||||
|
ingress.tls:
|
||||||
|
- secretName: gitea-tls
|
||||||
|
hosts:
|
||||||
|
- "{{ .Values.global.giteaHostName }}"
|
||||||
|
asserts:
|
||||||
|
- isKind:
|
||||||
|
of: Ingress
|
||||||
|
- equal:
|
||||||
|
path: spec.tls[0].hosts[0]
|
||||||
|
value: "gitea.example.com"
|
||||||
|
- equal:
|
||||||
|
path: spec.rules[0].host
|
||||||
|
value: "gitea.example.com"
|
188
unittests/helm/deployment/probes.yaml
Normal file
188
unittests/helm/deployment/probes.yaml
Normal file
@@ -0,0 +1,188 @@
|
|||||||
|
suite: deployment template (probes)
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/gitea/deployment.yaml
|
||||||
|
- templates/gitea/config.yaml
|
||||||
|
tests:
|
||||||
|
- it: renders default liveness probe
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.containers[0].livenessProbe.enabled
|
||||||
|
- isSubset:
|
||||||
|
path: spec.template.spec.containers[0].livenessProbe
|
||||||
|
content:
|
||||||
|
failureThreshold: 10
|
||||||
|
initialDelaySeconds: 200
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
tcpSocket:
|
||||||
|
port: http
|
||||||
|
timeoutSeconds: 1
|
||||||
|
- it: renders default readiness probe
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.containers[0].readinessProbe.enabled
|
||||||
|
- isSubset:
|
||||||
|
path: spec.template.spec.containers[0].readinessProbe
|
||||||
|
content:
|
||||||
|
failureThreshold: 3
|
||||||
|
initialDelaySeconds: 5
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
tcpSocket:
|
||||||
|
port: http
|
||||||
|
timeoutSeconds: 1
|
||||||
|
- it: does not render a default startup probe
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.containers[0].startupProbe
|
||||||
|
- it: allows enabling a startup probe
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
set:
|
||||||
|
gitea.startupProbe.enabled: true
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.containers[0].startupProbe.enabled
|
||||||
|
- isSubset:
|
||||||
|
path: spec.template.spec.containers[0].startupProbe
|
||||||
|
content:
|
||||||
|
failureThreshold: 10
|
||||||
|
initialDelaySeconds: 60
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
tcpSocket:
|
||||||
|
port: http
|
||||||
|
timeoutSeconds: 1
|
||||||
|
|
||||||
|
- it: allows overwriting the default port of the liveness probe
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
set:
|
||||||
|
gitea:
|
||||||
|
livenessProbe:
|
||||||
|
tcpSocket:
|
||||||
|
port: my-port
|
||||||
|
asserts:
|
||||||
|
- isSubset:
|
||||||
|
path: spec.template.spec.containers[0].livenessProbe
|
||||||
|
content:
|
||||||
|
tcpSocket:
|
||||||
|
port: my-port
|
||||||
|
|
||||||
|
- it: allows overwriting the default port of the readiness probe
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
set:
|
||||||
|
gitea:
|
||||||
|
readinessProbe:
|
||||||
|
tcpSocket:
|
||||||
|
port: my-port
|
||||||
|
asserts:
|
||||||
|
- isSubset:
|
||||||
|
path: spec.template.spec.containers[0].readinessProbe
|
||||||
|
content:
|
||||||
|
tcpSocket:
|
||||||
|
port: my-port
|
||||||
|
|
||||||
|
- it: allows overwriting the default port of the startup probe
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
set:
|
||||||
|
gitea:
|
||||||
|
startupProbe:
|
||||||
|
enabled: true
|
||||||
|
tcpSocket:
|
||||||
|
port: my-port
|
||||||
|
asserts:
|
||||||
|
- isSubset:
|
||||||
|
path: spec.template.spec.containers[0].startupProbe
|
||||||
|
content:
|
||||||
|
tcpSocket:
|
||||||
|
port: my-port
|
||||||
|
|
||||||
|
- it: allows using a non-default method as liveness probe
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
set:
|
||||||
|
gitea:
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /api/healthz
|
||||||
|
port: http
|
||||||
|
initialDelaySeconds: 13371
|
||||||
|
timeoutSeconds: 13372
|
||||||
|
periodSeconds: 13373
|
||||||
|
successThreshold: 13374
|
||||||
|
failureThreshold: 13375
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.containers[0].livenessProbe.tcpSocket
|
||||||
|
- isSubset:
|
||||||
|
path: spec.template.spec.containers[0].livenessProbe
|
||||||
|
content:
|
||||||
|
failureThreshold: 13375
|
||||||
|
initialDelaySeconds: 13371
|
||||||
|
periodSeconds: 13373
|
||||||
|
successThreshold: 13374
|
||||||
|
httpGet:
|
||||||
|
path: /api/healthz
|
||||||
|
port: http
|
||||||
|
timeoutSeconds: 13372
|
||||||
|
|
||||||
|
- it: allows using a non-default method as readiness probe
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
set:
|
||||||
|
gitea:
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /api/healthz
|
||||||
|
port: http
|
||||||
|
initialDelaySeconds: 13371
|
||||||
|
timeoutSeconds: 13372
|
||||||
|
periodSeconds: 13373
|
||||||
|
successThreshold: 13374
|
||||||
|
failureThreshold: 13375
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.containers[0].readinessProbe.tcpSocket
|
||||||
|
- isSubset:
|
||||||
|
path: spec.template.spec.containers[0].readinessProbe
|
||||||
|
content:
|
||||||
|
failureThreshold: 13375
|
||||||
|
initialDelaySeconds: 13371
|
||||||
|
periodSeconds: 13373
|
||||||
|
successThreshold: 13374
|
||||||
|
httpGet:
|
||||||
|
path: /api/healthz
|
||||||
|
port: http
|
||||||
|
timeoutSeconds: 13372
|
||||||
|
|
||||||
|
- it: allows using a non-default method as startup probe
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
set:
|
||||||
|
gitea:
|
||||||
|
startupProbe:
|
||||||
|
enabled: true
|
||||||
|
httpGet:
|
||||||
|
path: /api/healthz
|
||||||
|
port: http
|
||||||
|
initialDelaySeconds: 13371
|
||||||
|
timeoutSeconds: 13372
|
||||||
|
periodSeconds: 13373
|
||||||
|
successThreshold: 13374
|
||||||
|
failureThreshold: 13375
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.containers[0].startupProbe.tcpSocket
|
||||||
|
- isSubset:
|
||||||
|
path: spec.template.spec.containers[0].startupProbe
|
||||||
|
content:
|
||||||
|
failureThreshold: 13375
|
||||||
|
initialDelaySeconds: 13371
|
||||||
|
periodSeconds: 13373
|
||||||
|
successThreshold: 13374
|
||||||
|
httpGet:
|
||||||
|
path: /api/healthz
|
||||||
|
port: http
|
||||||
|
timeoutSeconds: 13372
|
21
unittests/helm/deployment/sidecar-container.yaml
Normal file
21
unittests/helm/deployment/sidecar-container.yaml
Normal file
@@ -0,0 +1,21 @@
|
|||||||
|
suite: sidecar container
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/gitea/deployment.yaml
|
||||||
|
- templates/gitea/config.yaml
|
||||||
|
tests:
|
||||||
|
- it: supports adding a sidecar container
|
||||||
|
template: templates/gitea/deployment.yaml
|
||||||
|
set:
|
||||||
|
extraContainers:
|
||||||
|
- name: sidecar-bob
|
||||||
|
image: busybox
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.containers[1].name
|
||||||
|
value: "sidecar-bob"
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.containers[1].image
|
||||||
|
value: "busybox"
|
@@ -18,7 +18,7 @@ tests:
|
|||||||
value: configure-gpg
|
value: configure-gpg
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.initContainers[2].command
|
path: spec.template.spec.initContainers[2].command
|
||||||
value: ["/usr/sbin/configure_gpg_environment.sh"]
|
value: ["/usr/sbinx/configure_gpg_environment.sh"]
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.initContainers[2].securityContext
|
path: spec.template.spec.initContainers[2].securityContext
|
||||||
value:
|
value:
|
||||||
@@ -28,11 +28,13 @@ tests:
|
|||||||
value:
|
value:
|
||||||
- name: GNUPGHOME
|
- name: GNUPGHOME
|
||||||
value: /data/git/.gnupg
|
value: /data/git/.gnupg
|
||||||
|
- name: TMP_RAW_GPG_KEY
|
||||||
|
value: /raw/private.asc
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.initContainers[2].volumeMounts
|
path: spec.template.spec.initContainers[2].volumeMounts
|
||||||
value:
|
value:
|
||||||
- name: init
|
- name: init
|
||||||
mountPath: /usr/sbin
|
mountPath: /usr/sbinx
|
||||||
- name: data
|
- name: data
|
||||||
mountPath: /data
|
mountPath: /data
|
||||||
- name: gpg-private-key
|
- name: gpg-private-key
|
@@ -30,7 +30,7 @@ tests:
|
|||||||
- it: supports overriding SSH log level (even when image.fullOverride set)
|
- it: supports overriding SSH log level (even when image.fullOverride set)
|
||||||
template: templates/gitea/deployment.yaml
|
template: templates/gitea/deployment.yaml
|
||||||
set:
|
set:
|
||||||
image.fullOverride: gitea/gitea:1.19.3
|
image.fullOverride: docker.gitea.com/gitea:1.19.3
|
||||||
image.rootless: false
|
image.rootless: false
|
||||||
gitea.ssh.logLevel: "DEBUG"
|
gitea.ssh.logLevel: "DEBUG"
|
||||||
asserts:
|
asserts:
|
||||||
@@ -53,7 +53,7 @@ tests:
|
|||||||
- it: skips SSH_LOG_LEVEL for rootless image (even when image.fullOverride set)
|
- it: skips SSH_LOG_LEVEL for rootless image (even when image.fullOverride set)
|
||||||
template: templates/gitea/deployment.yaml
|
template: templates/gitea/deployment.yaml
|
||||||
set:
|
set:
|
||||||
image.fullOverride: gitea/gitea:1.19.3
|
image.fullOverride: docker.gitea.com/gitea:1.19.3
|
||||||
image.rootless: true
|
image.rootless: true
|
||||||
gitea.ssh.logLevel: "DEBUG" # explicitly defining a non-standard level here
|
gitea.ssh.logLevel: "DEBUG" # explicitly defining a non-standard level here
|
||||||
asserts:
|
asserts:
|
39
unittests/helm/deployment/storage-class-configuration.yaml
Normal file
39
unittests/helm/deployment/storage-class-configuration.yaml
Normal file
@@ -0,0 +1,39 @@
|
|||||||
|
# File: tests/gitea-storageclass-tests.yaml
|
||||||
|
|
||||||
|
suite: storage class configuration tests
|
||||||
|
|
||||||
|
release:
|
||||||
|
name: gitea-storageclass-tests
|
||||||
|
namespace: testing
|
||||||
|
|
||||||
|
templates:
|
||||||
|
- templates/gitea/pvc.yaml
|
||||||
|
|
||||||
|
tests:
|
||||||
|
- it: should set storageClassName when persistence.storageClass is defined
|
||||||
|
template: templates/gitea/pvc.yaml
|
||||||
|
set:
|
||||||
|
persistence.storageClass: "my-storage-class"
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: "spec.storageClassName"
|
||||||
|
value: "my-storage-class"
|
||||||
|
|
||||||
|
- it: should set global.storageClass when persistence.storageClass is not defined
|
||||||
|
template: templates/gitea/pvc.yaml
|
||||||
|
set:
|
||||||
|
global.storageClass: "default-storage-class"
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.storageClassName
|
||||||
|
value: "default-storage-class"
|
||||||
|
|
||||||
|
- it: should set storageClassName when persistence.storageClass is defined and global.storageClass is defined
|
||||||
|
template: templates/gitea/pvc.yaml
|
||||||
|
set:
|
||||||
|
global.storageClass: "default-storage-class"
|
||||||
|
persistence.storageClass: "my-storage-class"
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.storageClassName
|
||||||
|
value: "my-storage-class"
|
118
unittests/helm/deployment/svc-configuration.yaml
Normal file
118
unittests/helm/deployment/svc-configuration.yaml
Normal file
@@ -0,0 +1,118 @@
|
|||||||
|
suite: ssh-svc / http-svc template (Services configuration)
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/gitea/ssh-svc.yaml
|
||||||
|
- templates/gitea/http-svc.yaml
|
||||||
|
tests:
|
||||||
|
- it: supports adding custom labels to ssh-svc
|
||||||
|
template: templates/gitea/ssh-svc.yaml
|
||||||
|
set:
|
||||||
|
service:
|
||||||
|
ssh:
|
||||||
|
labels:
|
||||||
|
gitea/testkey: testvalue
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: metadata.labels["gitea/testkey"]
|
||||||
|
value: "testvalue"
|
||||||
|
|
||||||
|
- it: keeps existing labels (ssh)
|
||||||
|
template: templates/gitea/ssh-svc.yaml
|
||||||
|
set:
|
||||||
|
service:
|
||||||
|
ssh:
|
||||||
|
labels: {}
|
||||||
|
asserts:
|
||||||
|
- exists:
|
||||||
|
path: metadata.labels["app"]
|
||||||
|
|
||||||
|
- it: supports adding custom labels to http-svc
|
||||||
|
template: templates/gitea/http-svc.yaml
|
||||||
|
set:
|
||||||
|
service:
|
||||||
|
http:
|
||||||
|
labels:
|
||||||
|
gitea/testkey: testvalue
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: metadata.labels["gitea/testkey"]
|
||||||
|
value: "testvalue"
|
||||||
|
|
||||||
|
- it: keeps existing labels (http)
|
||||||
|
template: templates/gitea/http-svc.yaml
|
||||||
|
set:
|
||||||
|
service:
|
||||||
|
http:
|
||||||
|
labels: {}
|
||||||
|
asserts:
|
||||||
|
- exists:
|
||||||
|
path: metadata.labels["app"]
|
||||||
|
|
||||||
|
- it: render service.ssh.loadBalancerClass if set and type is LoadBalancer
|
||||||
|
template: templates/gitea/ssh-svc.yaml
|
||||||
|
set:
|
||||||
|
service:
|
||||||
|
ssh:
|
||||||
|
loadBalancerClass: "example.com/class"
|
||||||
|
type: LoadBalancer
|
||||||
|
loadBalancerIP: "1.2.3.4"
|
||||||
|
loadBalancerSourceRanges:
|
||||||
|
- "1.2.3.4/32"
|
||||||
|
- "5.6.7.8/32"
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.loadBalancerClass
|
||||||
|
value: "example.com/class"
|
||||||
|
- equal:
|
||||||
|
path: spec.loadBalancerIP
|
||||||
|
value: "1.2.3.4"
|
||||||
|
- equal:
|
||||||
|
path: spec.loadBalancerSourceRanges
|
||||||
|
value: ["1.2.3.4/32", "5.6.7.8/32"]
|
||||||
|
|
||||||
|
- it: does not render when loadbalancer properties are set but type is not loadBalancerClass
|
||||||
|
template: templates/gitea/http-svc.yaml
|
||||||
|
set:
|
||||||
|
service:
|
||||||
|
http:
|
||||||
|
type: ClusterIP
|
||||||
|
loadBalancerClass: "example.com/class"
|
||||||
|
loadBalancerIP: "1.2.3.4"
|
||||||
|
loadBalancerSourceRanges:
|
||||||
|
- "1.2.3.4/32"
|
||||||
|
- "5.6.7.8/32"
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.loadBalancerClass
|
||||||
|
- notExists:
|
||||||
|
path: spec.loadBalancerIP
|
||||||
|
- notExists:
|
||||||
|
path: spec.loadBalancerSourceRanges
|
||||||
|
|
||||||
|
- it: does not render loadBalancerClass by default even when type is LoadBalancer
|
||||||
|
template: templates/gitea/http-svc.yaml
|
||||||
|
set:
|
||||||
|
service:
|
||||||
|
http:
|
||||||
|
type: LoadBalancer
|
||||||
|
loadBalancerIP: "1.2.3.4"
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.loadBalancerClass
|
||||||
|
- equal:
|
||||||
|
path: spec.loadBalancerIP
|
||||||
|
value: "1.2.3.4"
|
||||||
|
|
||||||
|
- it: both ssh and http services exist
|
||||||
|
templates:
|
||||||
|
- templates/gitea/ssh-svc.yaml
|
||||||
|
- templates/gitea/http-svc.yaml
|
||||||
|
asserts:
|
||||||
|
- matchRegex:
|
||||||
|
path: metadata.name
|
||||||
|
pattern: "^gitea-unittests-(?:ssh|http)$"
|
||||||
|
- matchRegex:
|
||||||
|
path: spec.ports[0].name
|
||||||
|
pattern: "^(?:ssh|http)$"
|
@@ -33,7 +33,7 @@ tests:
|
|||||||
kind: Secret
|
kind: Secret
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
name: gitea-unittests-gpg-key
|
name: gitea-unittests-gpg-key
|
||||||
- isNotEmpty:
|
- isNotNullOrEmpty:
|
||||||
path: metadata.labels
|
path: metadata.labels
|
||||||
- equal:
|
- equal:
|
||||||
path: data.privateKey
|
path: data.privateKey
|
93
unittests/helm/ingress/basic.yaml
Normal file
93
unittests/helm/ingress/basic.yaml
Normal file
@@ -0,0 +1,93 @@
|
|||||||
|
suite: Test ingress.yaml
|
||||||
|
templates:
|
||||||
|
- templates/gitea/ingress.yaml
|
||||||
|
tests:
|
||||||
|
- it: should enable ingress when ingress.enabled is true
|
||||||
|
set:
|
||||||
|
ingress.enabled: true
|
||||||
|
ingress.apiVersion: networking.k8s.io/v1
|
||||||
|
ingress.annotations:
|
||||||
|
kubernetes.io/ingress.class: nginx
|
||||||
|
ingress.className: nginx
|
||||||
|
ingress.tls:
|
||||||
|
- hosts:
|
||||||
|
- example.com
|
||||||
|
secretName: tls-secret
|
||||||
|
ingress.hosts:
|
||||||
|
- host: example.com
|
||||||
|
paths: ["/"]
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- isKind:
|
||||||
|
of: Ingress
|
||||||
|
- equal:
|
||||||
|
path: metadata.name
|
||||||
|
value: RELEASE-NAME-gitea
|
||||||
|
- matchRegex:
|
||||||
|
path: apiVersion
|
||||||
|
pattern: networking.k8s.io/v1
|
||||||
|
- equal:
|
||||||
|
path: spec.ingressClassName
|
||||||
|
value: nginx
|
||||||
|
- equal:
|
||||||
|
path: spec.rules[0].host
|
||||||
|
value: "example.com"
|
||||||
|
- equal:
|
||||||
|
path: spec.tls[0].hosts[0]
|
||||||
|
value: "example.com"
|
||||||
|
- equal:
|
||||||
|
path: spec.tls[0].secretName
|
||||||
|
value: tls-secret
|
||||||
|
- equal:
|
||||||
|
path: metadata.annotations["kubernetes.io/ingress.class"]
|
||||||
|
value: nginx
|
||||||
|
|
||||||
|
- it: should not create ingress when ingress.enabled is false
|
||||||
|
set:
|
||||||
|
ingress.enabled: false
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Ingress Class using TPL
|
||||||
|
set:
|
||||||
|
global.ingress.className: "ingress-class"
|
||||||
|
ingress.className: "{{ .Values.global.ingress.className }}"
|
||||||
|
ingress.enabled: true
|
||||||
|
ingress.hosts[0].host: "some-host"
|
||||||
|
ingress.tls:
|
||||||
|
- secretName: gitea-tls
|
||||||
|
hosts:
|
||||||
|
- "some-host"
|
||||||
|
asserts:
|
||||||
|
- isKind:
|
||||||
|
of: Ingress
|
||||||
|
- equal:
|
||||||
|
path: spec.tls[0].hosts[0]
|
||||||
|
value: "some-host"
|
||||||
|
- equal:
|
||||||
|
path: spec.rules[0].host
|
||||||
|
value: "some-host"
|
||||||
|
- equal:
|
||||||
|
path: spec.ingressClassName
|
||||||
|
value: "ingress-class"
|
||||||
|
|
||||||
|
- it: hostname using TPL
|
||||||
|
set:
|
||||||
|
global.giteaHostName: "gitea.example.com"
|
||||||
|
ingress.enabled: true
|
||||||
|
ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}"
|
||||||
|
ingress.tls:
|
||||||
|
- secretName: gitea-tls
|
||||||
|
hosts:
|
||||||
|
- "{{ .Values.global.giteaHostName }}"
|
||||||
|
asserts:
|
||||||
|
- isKind:
|
||||||
|
of: Ingress
|
||||||
|
- equal:
|
||||||
|
path: spec.tls[0].hosts[0]
|
||||||
|
value: "gitea.example.com"
|
||||||
|
- equal:
|
||||||
|
path: spec.rules[0].host
|
||||||
|
value: "gitea.example.com"
|
23
unittests/helm/ingress/implicit-defaults.yaml
Normal file
23
unittests/helm/ingress/implicit-defaults.yaml
Normal file
@@ -0,0 +1,23 @@
|
|||||||
|
suite: Test ingress with implicit path defaults
|
||||||
|
templates:
|
||||||
|
- templates/gitea/ingress.yaml
|
||||||
|
tests:
|
||||||
|
- it: should use default path and pathType when no paths are specified
|
||||||
|
set:
|
||||||
|
ingress.enabled: true
|
||||||
|
ingress.hosts:
|
||||||
|
- host: git.example.com
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- isKind:
|
||||||
|
of: Ingress
|
||||||
|
- equal:
|
||||||
|
path: spec.rules[0].host
|
||||||
|
value: "git.example.com"
|
||||||
|
- equal:
|
||||||
|
path: spec.rules[0].http.paths[0].path
|
||||||
|
value: "/"
|
||||||
|
- equal:
|
||||||
|
path: spec.rules[0].http.paths[0].pathType
|
||||||
|
value: "Prefix"
|
45
unittests/helm/ingress/ingress.tpl.yaml
Normal file
45
unittests/helm/ingress/ingress.tpl.yaml
Normal file
@@ -0,0 +1,45 @@
|
|||||||
|
suite: Test ingress tpl use
|
||||||
|
templates:
|
||||||
|
- templates/gitea/ingress.yaml
|
||||||
|
tests:
|
||||||
|
- it: Ingress Class using TPL
|
||||||
|
set:
|
||||||
|
global.ingress.className: "ingress-class"
|
||||||
|
ingress.className: "{{ .Values.global.ingress.className }}"
|
||||||
|
ingress.enabled: true
|
||||||
|
ingress.hosts[0].host: "some-host"
|
||||||
|
ingress.tls:
|
||||||
|
- secretName: gitea-tls
|
||||||
|
hosts:
|
||||||
|
- "some-host"
|
||||||
|
asserts:
|
||||||
|
- isKind:
|
||||||
|
of: Ingress
|
||||||
|
- equal:
|
||||||
|
path: spec.tls[0].hosts[0]
|
||||||
|
value: "some-host"
|
||||||
|
- equal:
|
||||||
|
path: spec.rules[0].host
|
||||||
|
value: "some-host"
|
||||||
|
- equal:
|
||||||
|
path: spec.ingressClassName
|
||||||
|
value: "ingress-class"
|
||||||
|
|
||||||
|
- it: hostname using TPL
|
||||||
|
set:
|
||||||
|
global.giteaHostName: "gitea.example.com"
|
||||||
|
ingress.enabled: true
|
||||||
|
ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}"
|
||||||
|
ingress.tls:
|
||||||
|
- secretName: gitea-tls
|
||||||
|
hosts:
|
||||||
|
- "{{ .Values.global.giteaHostName }}"
|
||||||
|
asserts:
|
||||||
|
- isKind:
|
||||||
|
of: Ingress
|
||||||
|
- equal:
|
||||||
|
path: spec.tls[0].hosts[0]
|
||||||
|
value: "gitea.example.com"
|
||||||
|
- equal:
|
||||||
|
path: spec.rules[0].host
|
||||||
|
value: "gitea.example.com"
|
26
unittests/helm/ingress/structured-paths.yaml
Normal file
26
unittests/helm/ingress/structured-paths.yaml
Normal file
@@ -0,0 +1,26 @@
|
|||||||
|
suite: Test ingress with structured paths
|
||||||
|
templates:
|
||||||
|
- templates/gitea/ingress.yaml
|
||||||
|
tests:
|
||||||
|
- it: should work with structured path definitions
|
||||||
|
set:
|
||||||
|
ingress.enabled: true
|
||||||
|
ingress.hosts:
|
||||||
|
- host: git.devxy.io
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- isKind:
|
||||||
|
of: Ingress
|
||||||
|
- equal:
|
||||||
|
path: spec.rules[0].host
|
||||||
|
value: "git.devxy.io"
|
||||||
|
- equal:
|
||||||
|
path: spec.rules[0].http.paths[0].path
|
||||||
|
value: "/"
|
||||||
|
- equal:
|
||||||
|
path: spec.rules[0].http.paths[0].pathType
|
||||||
|
value: "Prefix"
|
@@ -15,11 +15,11 @@ tests:
|
|||||||
asserts:
|
asserts:
|
||||||
- equal:
|
- equal:
|
||||||
path: stringData["configure_gpg_environment.sh"]
|
path: stringData["configure_gpg_environment.sh"]
|
||||||
value: |-
|
value: |
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
set -eu
|
set -eu
|
||||||
|
|
||||||
gpg --batch --import /raw/private.asc
|
gpg --batch --import "$TMP_RAW_GPG_KEY"
|
||||||
- it: skips gpg script block for disabled signing
|
- it: skips gpg script block for disabled signing
|
||||||
asserts:
|
asserts:
|
||||||
- equal:
|
- equal:
|
||||||
@@ -28,15 +28,13 @@ tests:
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
mkdir -pv /data/git/.ssh
|
||||||
set -x
|
chmod -Rv 700 /data/git/.ssh
|
||||||
mkdir -p /data/git/.ssh
|
[ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf
|
||||||
chmod -R 700 /data/git/.ssh
|
|
||||||
[ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
|
|
||||||
|
|
||||||
# prepare temp directory structure
|
# prepare temp directory structure
|
||||||
mkdir -p "${GITEA_TEMP}"
|
mkdir -pv "${GITEA_TEMP}"
|
||||||
chmod ug+rwx "${GITEA_TEMP}"
|
chmod -v ug+rwx "${GITEA_TEMP}"
|
||||||
- it: adds gpg script block for enabled signing
|
- it: adds gpg script block for enabled signing
|
||||||
set:
|
set:
|
||||||
signing.enabled: true
|
signing.enabled: true
|
||||||
@@ -51,25 +49,23 @@ tests:
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
mkdir -pv /data/git/.ssh
|
||||||
set -x
|
chmod -Rv 700 /data/git/.ssh
|
||||||
mkdir -p /data/git/.ssh
|
[ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf
|
||||||
chmod -R 700 /data/git/.ssh
|
|
||||||
[ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
|
|
||||||
|
|
||||||
# prepare temp directory structure
|
# prepare temp directory structure
|
||||||
mkdir -p "${GITEA_TEMP}"
|
mkdir -pv "${GITEA_TEMP}"
|
||||||
chmod ug+rwx "${GITEA_TEMP}"
|
chmod -v ug+rwx "${GITEA_TEMP}"
|
||||||
|
|
||||||
if [ ! -d "${GNUPGHOME}" ]; then
|
if [ ! -d "${GNUPGHOME}" ]; then
|
||||||
mkdir -p "${GNUPGHOME}"
|
mkdir -pv "${GNUPGHOME}"
|
||||||
chmod 700 "${GNUPGHOME}"
|
chmod -v 700 "${GNUPGHOME}"
|
||||||
chown 1000:1000 "${GNUPGHOME}"
|
chown -v 1000:1000 "${GNUPGHOME}"
|
||||||
fi
|
fi
|
||||||
- it: it does not chown /data even when image.fullOverride is set
|
- it: it does not chown /data even when image.fullOverride is set
|
||||||
template: templates/gitea/init.yaml
|
template: templates/gitea/init.yaml
|
||||||
set:
|
set:
|
||||||
image.fullOverride: gitea/gitea:1.20.5
|
image.fullOverride: docker.gitea.com/gitea:1.20.5
|
||||||
asserts:
|
asserts:
|
||||||
- equal:
|
- equal:
|
||||||
path: stringData["init_directory_structure.sh"]
|
path: stringData["init_directory_structure.sh"]
|
||||||
@@ -77,12 +73,10 @@ tests:
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
mkdir -pv /data/git/.ssh
|
||||||
set -x
|
chmod -Rv 700 /data/git/.ssh
|
||||||
mkdir -p /data/git/.ssh
|
[ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf
|
||||||
chmod -R 700 /data/git/.ssh
|
|
||||||
[ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
|
|
||||||
|
|
||||||
# prepare temp directory structure
|
# prepare temp directory structure
|
||||||
mkdir -p "${GITEA_TEMP}"
|
mkdir -pv "${GITEA_TEMP}"
|
||||||
chmod ug+rwx "${GITEA_TEMP}"
|
chmod -v ug+rwx "${GITEA_TEMP}"
|
@@ -16,11 +16,11 @@ tests:
|
|||||||
asserts:
|
asserts:
|
||||||
- equal:
|
- equal:
|
||||||
path: stringData["configure_gpg_environment.sh"]
|
path: stringData["configure_gpg_environment.sh"]
|
||||||
value: |-
|
value: |
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
set -eu
|
set -eu
|
||||||
|
|
||||||
gpg --batch --import /raw/private.asc
|
gpg --batch --import "$TMP_RAW_GPG_KEY"
|
||||||
- it: skips gpg script block for disabled signing
|
- it: skips gpg script block for disabled signing
|
||||||
set:
|
set:
|
||||||
image.rootless: false
|
image.rootless: false
|
||||||
@@ -31,17 +31,15 @@ tests:
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
chown -v 1000:1000 /data
|
||||||
set -x
|
mkdir -pv /data/git/.ssh
|
||||||
chown 1000:1000 /data
|
chmod -Rv 700 /data/git/.ssh
|
||||||
mkdir -p /data/git/.ssh
|
[ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf
|
||||||
chmod -R 700 /data/git/.ssh
|
|
||||||
[ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
|
|
||||||
|
|
||||||
# prepare temp directory structure
|
# prepare temp directory structure
|
||||||
mkdir -p "${GITEA_TEMP}"
|
mkdir -pv "${GITEA_TEMP}"
|
||||||
chown 1000:1000 "${GITEA_TEMP}"
|
chown -v 1000:1000 "${GITEA_TEMP}"
|
||||||
chmod ug+rwx "${GITEA_TEMP}"
|
chmod -v ug+rwx "${GITEA_TEMP}"
|
||||||
- it: adds gpg script block for enabled signing
|
- it: adds gpg script block for enabled signing
|
||||||
set:
|
set:
|
||||||
image.rootless: false
|
image.rootless: false
|
||||||
@@ -57,20 +55,18 @@ tests:
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
chown -v 1000:1000 /data
|
||||||
set -x
|
mkdir -pv /data/git/.ssh
|
||||||
chown 1000:1000 /data
|
chmod -Rv 700 /data/git/.ssh
|
||||||
mkdir -p /data/git/.ssh
|
[ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf
|
||||||
chmod -R 700 /data/git/.ssh
|
|
||||||
[ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
|
|
||||||
|
|
||||||
# prepare temp directory structure
|
# prepare temp directory structure
|
||||||
mkdir -p "${GITEA_TEMP}"
|
mkdir -pv "${GITEA_TEMP}"
|
||||||
chown 1000:1000 "${GITEA_TEMP}"
|
chown -v 1000:1000 "${GITEA_TEMP}"
|
||||||
chmod ug+rwx "${GITEA_TEMP}"
|
chmod -v ug+rwx "${GITEA_TEMP}"
|
||||||
|
|
||||||
if [ ! -d "${GNUPGHOME}" ]; then
|
if [ ! -d "${GNUPGHOME}" ]; then
|
||||||
mkdir -p "${GNUPGHOME}"
|
mkdir -pv "${GNUPGHOME}"
|
||||||
chmod 700 "${GNUPGHOME}"
|
chmod -v 700 "${GNUPGHOME}"
|
||||||
chown 1000:1000 "${GNUPGHOME}"
|
chown -v 1000:1000 "${GNUPGHOME}"
|
||||||
fi
|
fi
|
@@ -0,0 +1,23 @@
|
|||||||
|
suite: Metrics secret template (monitoring disabled)
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/gitea/metrics-secret.yaml
|
||||||
|
tests:
|
||||||
|
- it: renders nothing if monitoring disabled and gitea.metrics.token empty
|
||||||
|
set:
|
||||||
|
gitea.metrics.enabled: false
|
||||||
|
gitea.metrics.serviceMonitor.enabled: false
|
||||||
|
gitea.metrics.token: ""
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
- it: renders nothing if monitoring disabled and gitea.metrics.token not empty
|
||||||
|
set:
|
||||||
|
gitea.metrics.enabled: false
|
||||||
|
gitea.metrics.serviceMonitor.enabled: false
|
||||||
|
gitea.metrics.token: "test-token"
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
@@ -0,0 +1,33 @@
|
|||||||
|
suite: Metrics secret template (monitoring enabled)
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/gitea/metrics-secret.yaml
|
||||||
|
tests:
|
||||||
|
- it: renders nothing if monitoring enabled and gitea.metrics.token empty
|
||||||
|
set:
|
||||||
|
gitea.metrics.enabled: true
|
||||||
|
gitea.metrics.serviceMonitor.enabled: true
|
||||||
|
gitea.metrics.token: ""
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
- it: renders Secret if monitoring enabled and gitea.metrics.token not empty
|
||||||
|
set:
|
||||||
|
gitea.metrics.enabled: true
|
||||||
|
gitea.metrics.serviceMonitor.enabled: true
|
||||||
|
gitea.metrics.token: "test-token"
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- documentIndex: 0
|
||||||
|
containsDocument:
|
||||||
|
kind: Secret
|
||||||
|
apiVersion: v1
|
||||||
|
name: gitea-unittests-metrics-secret
|
||||||
|
- isNotNullOrEmpty:
|
||||||
|
path: metadata.labels
|
||||||
|
- equal:
|
||||||
|
path: data.token
|
||||||
|
value: "dGVzdC10b2tlbg=="
|
19
unittests/helm/pvc/pvc-configuration.yaml
Normal file
19
unittests/helm/pvc/pvc-configuration.yaml
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
suite: PVC template
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/gitea/pvc.yaml
|
||||||
|
tests:
|
||||||
|
- it: Storage Class using TPL
|
||||||
|
set:
|
||||||
|
global.persistence.storageClass: "storage-class"
|
||||||
|
persistence.enabled: true
|
||||||
|
persistence.create: true
|
||||||
|
persistence.storageClass: "{{ .Values.global.persistence.storageClass }}"
|
||||||
|
asserts:
|
||||||
|
- isKind:
|
||||||
|
of: PersistentVolumeClaim
|
||||||
|
- equal:
|
||||||
|
path: spec.storageClassName
|
||||||
|
value: "storage-class"
|
89
unittests/helm/servicemonitor/basic.yaml
Normal file
89
unittests/helm/servicemonitor/basic.yaml
Normal file
@@ -0,0 +1,89 @@
|
|||||||
|
suite: ServiceMonitor template (basic)
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/gitea/servicemonitor.yaml
|
||||||
|
tests:
|
||||||
|
- it: skips rendering by default
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
- it: renders default ServiceMonitor object with gitea.metrics.enabled=true
|
||||||
|
set:
|
||||||
|
gitea.metrics.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
- it: renders default ServiceMonitor object with gitea.metrics.serviceMonitor.enabled=true
|
||||||
|
set:
|
||||||
|
gitea.metrics.serviceMonitor.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
- it: renders defaults
|
||||||
|
set:
|
||||||
|
gitea.metrics.enabled: true
|
||||||
|
gitea.metrics.serviceMonitor.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- containsDocument:
|
||||||
|
kind: ServiceMonitor
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
name: gitea-unittests
|
||||||
|
- notExists:
|
||||||
|
path: metadata.annotations
|
||||||
|
- notExists:
|
||||||
|
path: spec.endpoints[0].interval
|
||||||
|
- equal:
|
||||||
|
path: spec.endpoints[0].port
|
||||||
|
value: http
|
||||||
|
- notExists:
|
||||||
|
path: spec.endpoints[0].scheme
|
||||||
|
- notExists:
|
||||||
|
path: spec.endpoints[0].scrapeTimeout
|
||||||
|
- notExists:
|
||||||
|
path: spec.endpoints[0].tlsConfig
|
||||||
|
- it: renders custom scrape interval
|
||||||
|
set:
|
||||||
|
gitea.metrics.enabled: true
|
||||||
|
gitea.metrics.serviceMonitor.enabled: true
|
||||||
|
gitea.metrics.serviceMonitor.interval: 30s
|
||||||
|
gitea.metrics.serviceMonitor.scrapeTimeout: 5s
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.endpoints[0].interval
|
||||||
|
value: 30s
|
||||||
|
- equal:
|
||||||
|
path: spec.endpoints[0].scrapeTimeout
|
||||||
|
value: 5s
|
||||||
|
- it: renders custom tls config
|
||||||
|
set:
|
||||||
|
gitea.metrics.enabled: true
|
||||||
|
gitea.metrics.serviceMonitor.enabled: true
|
||||||
|
gitea.metrics.serviceMonitor.scheme: https
|
||||||
|
gitea.metrics.serviceMonitor.tlsConfig.caFile: /etc/prometheus/tls/ca.crt
|
||||||
|
gitea.metrics.serviceMonitor.tlsConfig.certFile: /etc/prometheus/tls/tls.crt
|
||||||
|
gitea.metrics.serviceMonitor.tlsConfig.keyFile: /etc/prometheus/tls/tls.key
|
||||||
|
gitea.metrics.serviceMonitor.tlsConfig.insecureSkipVerify: false
|
||||||
|
gitea.metrics.serviceMonitor.tlsConfig.serverName: gitea-unittest
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.endpoints[0].scheme
|
||||||
|
value: https
|
||||||
|
- equal:
|
||||||
|
path: spec.endpoints[0].tlsConfig.caFile
|
||||||
|
value: /etc/prometheus/tls/ca.crt
|
||||||
|
- equal:
|
||||||
|
path: spec.endpoints[0].tlsConfig.certFile
|
||||||
|
value: /etc/prometheus/tls/tls.crt
|
||||||
|
- equal:
|
||||||
|
path: spec.endpoints[0].tlsConfig.keyFile
|
||||||
|
value: /etc/prometheus/tls/tls.key
|
||||||
|
- equal:
|
||||||
|
path: spec.endpoints[0].tlsConfig.insecureSkipVerify
|
||||||
|
value: false
|
||||||
|
- equal:
|
||||||
|
path: spec.endpoints[0].tlsConfig.serverName
|
||||||
|
value: gitea-unittest
|
23
unittests/helm/servicemonitor/servicemonitor-disabled.yaml
Normal file
23
unittests/helm/servicemonitor/servicemonitor-disabled.yaml
Normal file
@@ -0,0 +1,23 @@
|
|||||||
|
suite: ServiceMonitor template (monitoring disabled)
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/gitea/servicemonitor.yaml
|
||||||
|
tests:
|
||||||
|
- it: renders nothing if gitea.metrics.serviceMonitor disabled and gitea.metrics.token empty
|
||||||
|
set:
|
||||||
|
gitea.metrics.enabled: false
|
||||||
|
gitea.metrics.token: ""
|
||||||
|
gitea.metrics.serviceMonitor.enabled: false
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
- it: renders nothing if gitea.metrics.serviceMonitor disabled and gitea.metrics.token not empty
|
||||||
|
set:
|
||||||
|
gitea.metrics.enabled: false
|
||||||
|
gitea.metrics.token: "test-token"
|
||||||
|
gitea.metrics.serviceMonitor.enabled: false
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
70
unittests/helm/servicemonitor/servicemonitor-enabled.yaml
Normal file
70
unittests/helm/servicemonitor/servicemonitor-enabled.yaml
Normal file
@@ -0,0 +1,70 @@
|
|||||||
|
suite: ServiceMonitor template (monitoring enabled)
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/gitea/servicemonitor.yaml
|
||||||
|
tests:
|
||||||
|
- it: renders unsecure ServiceMonitor if gitea.metrics.token nil
|
||||||
|
set:
|
||||||
|
gitea.metrics.enabled: true
|
||||||
|
gitea.metrics.token:
|
||||||
|
gitea.metrics.serviceMonitor.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- documentIndex: 0
|
||||||
|
containsDocument:
|
||||||
|
kind: ServiceMonitor
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
name: gitea-unittests
|
||||||
|
- isNotNullOrEmpty:
|
||||||
|
path: metadata.labels
|
||||||
|
- equal:
|
||||||
|
path: spec.endpoints
|
||||||
|
value:
|
||||||
|
- port: http
|
||||||
|
- it: renders unsecure ServiceMonitor if gitea.metrics.token empty
|
||||||
|
set:
|
||||||
|
gitea.metrics.enabled: true
|
||||||
|
gitea.metrics.token: ""
|
||||||
|
gitea.metrics.serviceMonitor.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- documentIndex: 0
|
||||||
|
containsDocument:
|
||||||
|
kind: ServiceMonitor
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
name: gitea-unittests
|
||||||
|
- isNotNullOrEmpty:
|
||||||
|
path: metadata.labels
|
||||||
|
- equal:
|
||||||
|
path: spec.endpoints
|
||||||
|
value:
|
||||||
|
- port: http
|
||||||
|
- it: renders secure ServiceMonitor if gitea.metrics.token not empty
|
||||||
|
set:
|
||||||
|
gitea.metrics.enabled: true
|
||||||
|
gitea.metrics.token: "test-token"
|
||||||
|
gitea.metrics.serviceMonitor.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- documentIndex: 0
|
||||||
|
containsDocument:
|
||||||
|
kind: ServiceMonitor
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
name: gitea-unittests
|
||||||
|
- isNotNullOrEmpty:
|
||||||
|
path: metadata.labels
|
||||||
|
- equal:
|
||||||
|
path: spec.endpoints
|
||||||
|
value:
|
||||||
|
- port: http
|
||||||
|
authorization:
|
||||||
|
type: Bearer
|
||||||
|
credentials:
|
||||||
|
name: gitea-unittests-metrics-secret
|
||||||
|
key: token
|
||||||
|
optional: false
|
14
unittests/helm/values-conflicting-checks.yaml
Normal file
14
unittests/helm/values-conflicting-checks.yaml
Normal file
@@ -0,0 +1,14 @@
|
|||||||
|
suite: Values conflicting checks
|
||||||
|
release:
|
||||||
|
name: gitea-unittests
|
||||||
|
namespace: testing
|
||||||
|
tests:
|
||||||
|
- it: fails when trying to configure valkey and valkey-cluster the same time
|
||||||
|
set:
|
||||||
|
valkey-cluster:
|
||||||
|
enabled: true
|
||||||
|
valkey:
|
||||||
|
enabled: true
|
||||||
|
asserts:
|
||||||
|
- failedTemplate:
|
||||||
|
errorMessage: valkey and valkey-cluster cannot be enabled at the same time. Please only choose one.
|
118
values.yaml
118
values.yaml
@@ -20,6 +20,9 @@ global:
|
|||||||
# hostnames:
|
# hostnames:
|
||||||
# - example.com
|
# - example.com
|
||||||
|
|
||||||
|
## @param namespace An explicit namespace to deploy gitea into. Defaults to the release namespace if not specified
|
||||||
|
namespace: ""
|
||||||
|
|
||||||
## @param replicaCount number of replicas for the deployment
|
## @param replicaCount number of replicas for the deployment
|
||||||
replicaCount: 1
|
replicaCount: 1
|
||||||
|
|
||||||
@@ -45,8 +48,8 @@ clusterDomain: cluster.local
|
|||||||
## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher
|
## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher
|
||||||
## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).**
|
## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).**
|
||||||
image:
|
image:
|
||||||
registry: ""
|
registry: "docker.gitea.com"
|
||||||
repository: gitea/gitea
|
repository: gitea
|
||||||
# Overrides the image tag whose default is the chart appVersion.
|
# Overrides the image tag whose default is the chart appVersion.
|
||||||
tag: ""
|
tag: ""
|
||||||
digest: ""
|
digest: ""
|
||||||
@@ -73,7 +76,7 @@ containerSecurityContext: {}
|
|||||||
# # run pods on nodes that use the container runtime cri-o. Otherwise, you will
|
# # run pods on nodes that use the container runtime cri-o. Otherwise, you will
|
||||||
# # get an error message from the SSH server that it is not possible to read from
|
# # get an error message from the SSH server that it is not possible to read from
|
||||||
# # the repository.
|
# # the repository.
|
||||||
# # https://gitea.com/gitea/helm-chart/issues/161
|
# # https://gitea.com/gitea/helm-gitea/issues/161
|
||||||
# add:
|
# add:
|
||||||
# - SYS_CHROOT
|
# - SYS_CHROOT
|
||||||
# privileged: false
|
# privileged: false
|
||||||
@@ -106,6 +109,8 @@ service:
|
|||||||
## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
|
## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
|
||||||
## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer
|
## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer
|
||||||
## @param service.http.annotations HTTP service annotations
|
## @param service.http.annotations HTTP service annotations
|
||||||
|
## @param service.http.labels HTTP service additional labels
|
||||||
|
## @param service.http.loadBalancerClass Loadbalancer class
|
||||||
http:
|
http:
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
port: 3000
|
port: 3000
|
||||||
@@ -118,6 +123,8 @@ service:
|
|||||||
ipFamilies:
|
ipFamilies:
|
||||||
loadBalancerSourceRanges: []
|
loadBalancerSourceRanges: []
|
||||||
annotations: {}
|
annotations: {}
|
||||||
|
labels: {}
|
||||||
|
loadBalancerClass:
|
||||||
## @param service.ssh.type Kubernetes service type for ssh traffic
|
## @param service.ssh.type Kubernetes service type for ssh traffic
|
||||||
## @param service.ssh.port Port number for ssh traffic
|
## @param service.ssh.port Port number for ssh traffic
|
||||||
## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None
|
## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None
|
||||||
@@ -130,6 +137,8 @@ service:
|
|||||||
## @param service.ssh.hostPort HostPort for ssh service
|
## @param service.ssh.hostPort HostPort for ssh service
|
||||||
## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer
|
## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer
|
||||||
## @param service.ssh.annotations SSH service annotations
|
## @param service.ssh.annotations SSH service annotations
|
||||||
|
## @param service.ssh.labels SSH service additional labels
|
||||||
|
## @param service.ssh.loadBalancerClass Loadbalancer class
|
||||||
ssh:
|
ssh:
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
port: 22
|
port: 22
|
||||||
@@ -143,36 +152,30 @@ service:
|
|||||||
hostPort:
|
hostPort:
|
||||||
loadBalancerSourceRanges: []
|
loadBalancerSourceRanges: []
|
||||||
annotations: {}
|
annotations: {}
|
||||||
|
labels: {}
|
||||||
|
loadBalancerClass:
|
||||||
|
|
||||||
## @section Ingress
|
## @section Ingress
|
||||||
## @param ingress.enabled Enable ingress
|
## @param ingress.enabled Enable ingress
|
||||||
## @param ingress.className Ingress class name
|
## @param ingress.className DEPRECATED: Ingress class name.
|
||||||
|
## @param ingress.pathType Ingress Path Type
|
||||||
## @param ingress.annotations Ingress annotations
|
## @param ingress.annotations Ingress annotations
|
||||||
## @param ingress.hosts[0].host Default Ingress host
|
## @param ingress.hosts[0].host Default Ingress host
|
||||||
## @param ingress.hosts[0].paths[0].path Default Ingress path
|
## @param ingress.hosts[0].paths[0].path Default Ingress path
|
||||||
## @param ingress.hosts[0].paths[0].pathType Ingress path type
|
|
||||||
## @param ingress.tls Ingress tls settings
|
## @param ingress.tls Ingress tls settings
|
||||||
## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd.
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: false
|
enabled: false
|
||||||
# className: nginx
|
className: ""
|
||||||
className:
|
pathType: Prefix
|
||||||
annotations:
|
annotations: {}
|
||||||
{}
|
|
||||||
# kubernetes.io/ingress.class: nginx
|
|
||||||
# kubernetes.io/tls-acme: "true"
|
|
||||||
hosts:
|
hosts:
|
||||||
- host: git.example.com
|
- host: git.example.com
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
|
||||||
tls: []
|
tls: []
|
||||||
# - secretName: chart-example-tls
|
# - secretName: chart-example-tls
|
||||||
# hosts:
|
# hosts:
|
||||||
# - git.example.com
|
# - git.example.com
|
||||||
# Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar
|
|
||||||
# If helm doesn't correctly detect your ingress API version you can set it here.
|
|
||||||
# apiVersion: networking.k8s.io/v1
|
|
||||||
|
|
||||||
## @section deployment
|
## @section deployment
|
||||||
#
|
#
|
||||||
@@ -272,6 +275,12 @@ persistence:
|
|||||||
annotations:
|
annotations:
|
||||||
helm.sh/resource-policy: keep
|
helm.sh/resource-policy: keep
|
||||||
|
|
||||||
|
## @param extraContainers Additional sidecar containers to run in the pod
|
||||||
|
extraContainers: []
|
||||||
|
# - name: sidecar-bob
|
||||||
|
# image: busybox
|
||||||
|
# command: [/bin/sh, -c, 'echo "Hello world"; sleep 86400']
|
||||||
|
|
||||||
## @param extraVolumes Additional volumes to mount to the Gitea deployment
|
## @param extraVolumes Additional volumes to mount to the Gitea deployment
|
||||||
extraVolumes: []
|
extraVolumes: []
|
||||||
# - name: postgres-ssl-vol
|
# - name: postgres-ssl-vol
|
||||||
@@ -297,6 +306,8 @@ extraVolumeMounts: []
|
|||||||
## @section Init
|
## @section Init
|
||||||
## @param initPreScript Bash shell script copied verbatim to the start of the init-container.
|
## @param initPreScript Bash shell script copied verbatim to the start of the init-container.
|
||||||
initPreScript: ""
|
initPreScript: ""
|
||||||
|
## @param initContainersScriptsVolumeMountPath Path to mount the scripts consumed from the Secrets
|
||||||
|
initContainersScriptsVolumeMountPath: "/usr/sbinx"
|
||||||
#
|
#
|
||||||
# initPreScript: |
|
# initPreScript: |
|
||||||
# mkdir -p /data/git/.postgresql
|
# mkdir -p /data/git/.postgresql
|
||||||
@@ -319,7 +330,7 @@ initContainers:
|
|||||||
#
|
#
|
||||||
## @param signing.enabled Enable commit/action signing
|
## @param signing.enabled Enable commit/action signing
|
||||||
## @param signing.gpgHome GPG home directory
|
## @param signing.gpgHome GPG home directory
|
||||||
## @param signing.privateKey Inline private gpg key for signed Gitea actions
|
## @param signing.privateKey Inline private gpg key for signed internal Git activity
|
||||||
## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey`
|
## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey`
|
||||||
signing:
|
signing:
|
||||||
enabled: false
|
enabled: false
|
||||||
@@ -338,21 +349,35 @@ gitea:
|
|||||||
## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials
|
## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials
|
||||||
## @param gitea.admin.password Password for the Gitea admin user
|
## @param gitea.admin.password Password for the Gitea admin user
|
||||||
## @param gitea.admin.email Email for the Gitea admin user
|
## @param gitea.admin.email Email for the Gitea admin user
|
||||||
|
## @param gitea.admin.passwordMode Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated
|
||||||
admin:
|
admin:
|
||||||
# existingSecret: gitea-admin-secret
|
# existingSecret: gitea-admin-secret
|
||||||
existingSecret:
|
existingSecret:
|
||||||
username: gitea_admin
|
username: gitea_admin
|
||||||
password: r8sA8CPHD9!bt6d
|
password: r8sA8CPHD9!bt6d
|
||||||
email: "gitea@local.domain"
|
email: "gitea@local.domain"
|
||||||
|
passwordMode: keepUpdated
|
||||||
|
|
||||||
## @param gitea.metrics.enabled Enable Gitea metrics
|
## @param gitea.metrics.enabled Enable Gitea metrics
|
||||||
## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor
|
## @param gitea.metrics.token used for `bearer` token authentication on metrics endpoint. If not specified or empty metrics endpoint is public.
|
||||||
|
## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor. Requires, that `gitea.metrics.enabled` is also set to true, to enable metrics generally.
|
||||||
|
## @param gitea.metrics.serviceMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.
|
||||||
|
## @param gitea.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping.
|
||||||
|
## @param gitea.metrics.serviceMonitor.scheme HTTP scheme to use for scraping. For example `http` or `https`. Default is http.
|
||||||
|
## @param gitea.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.
|
||||||
|
## @param gitea.metrics.serviceMonitor.tlsConfig TLS configuration to use when scraping the metric endpoint by Prometheus.
|
||||||
metrics:
|
metrics:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
token:
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
enabled: false
|
enabled: false
|
||||||
# additionalLabels:
|
# additionalLabels:
|
||||||
# prometheus-release: prom1
|
# prometheus-release: prom1
|
||||||
|
interval: ""
|
||||||
|
relabelings: []
|
||||||
|
scheme: ""
|
||||||
|
scrapeTimeout: ""
|
||||||
|
tlsConfig: {}
|
||||||
|
|
||||||
## @param gitea.ldap LDAP configuration
|
## @param gitea.ldap LDAP configuration
|
||||||
ldap:
|
ldap:
|
||||||
@@ -476,21 +501,55 @@ gitea:
|
|||||||
successThreshold: 1
|
successThreshold: 1
|
||||||
failureThreshold: 10
|
failureThreshold: 10
|
||||||
|
|
||||||
## @section redis-cluster
|
## @section valkey-cluster
|
||||||
## @param redis-cluster.enabled Enable redis
|
## @param valkey-cluster.enabled Enable valkey cluster
|
||||||
## @param redis-cluster.usePassword Whether to use password authentication
|
# ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>).
|
||||||
## @param redis-cluster.cluster.nodes Number of redis cluster master nodes
|
# Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
|
||||||
## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas
|
## @param valkey-cluster.usePassword Whether to use password authentication
|
||||||
redis-cluster:
|
## @param valkey-cluster.usePasswordFiles Whether to mount passwords as files instead of environment variables
|
||||||
|
## @param valkey-cluster.cluster.nodes Number of valkey cluster master nodes
|
||||||
|
## @param valkey-cluster.cluster.replicas Number of valkey cluster master node replicas
|
||||||
|
## @param valkey-cluster.service.ports.valkey Port of Valkey service
|
||||||
|
## @descriptionStart
|
||||||
|
## Valkey cluster and [Valkey](#valkey) cannot be enabled at the same time.
|
||||||
|
## @descriptionEnd
|
||||||
|
valkey-cluster:
|
||||||
enabled: true
|
enabled: true
|
||||||
usePassword: false
|
usePassword: false
|
||||||
|
usePasswordFiles: false
|
||||||
cluster:
|
cluster:
|
||||||
nodes: 3 # default: 6
|
nodes: 3 # default: 6
|
||||||
replicas: 0 # default: 1
|
replicas: 0 # default: 1
|
||||||
|
service:
|
||||||
|
ports:
|
||||||
|
valkey: 6379
|
||||||
|
|
||||||
## @section postgresql-ha
|
## @section valkey
|
||||||
|
## @param valkey.enabled Enable valkey standalone or replicated
|
||||||
|
## @param valkey.architecture Whether to use standalone or replication
|
||||||
|
# ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>).
|
||||||
|
# Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
|
||||||
|
## @param valkey.global.valkey.password Required password
|
||||||
|
## @param valkey.master.count Number of Valkey master instances to deploy
|
||||||
|
## @param valkey.master.service.ports.valkey Port of Valkey service
|
||||||
|
## @descriptionStart
|
||||||
|
## Valkey and [Valkey cluster](#valkey-cluster) cannot be enabled at the same time.
|
||||||
|
## @descriptionEnd
|
||||||
|
valkey:
|
||||||
|
enabled: false
|
||||||
|
architecture: standalone
|
||||||
|
global:
|
||||||
|
valkey:
|
||||||
|
password: changeme
|
||||||
|
master:
|
||||||
|
count: 1
|
||||||
|
service:
|
||||||
|
ports:
|
||||||
|
valkey: 6379
|
||||||
|
|
||||||
|
## @section PostgreSQL HA
|
||||||
#
|
#
|
||||||
## @param postgresql-ha.enabled Enable postgresql-ha
|
## @param postgresql-ha.enabled Enable PostgreSQL HA
|
||||||
## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`)
|
## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`)
|
||||||
## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`)
|
## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`)
|
||||||
## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`)
|
## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`)
|
||||||
@@ -498,8 +557,9 @@ redis-cluster:
|
|||||||
## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password
|
## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password
|
||||||
## @param postgresql-ha.postgresql.postgresPassword postgres Password
|
## @param postgresql-ha.postgresql.postgresPassword postgres Password
|
||||||
## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword
|
## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword
|
||||||
## @param postgresql-ha.service.ports.postgresql postgresql service port (overrides `service.ports.postgresql`)
|
## @param postgresql-ha.pgpool.srCheckPassword pgpool srCheckPassword
|
||||||
## @param postgresql-ha.primary.persistence.size PVC Storage Request for postgresql-ha volume
|
## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
|
||||||
|
## @param postgresql-ha.persistence.size PVC Storage Request for PostgreSQL HA volume
|
||||||
postgresql-ha:
|
postgresql-ha:
|
||||||
global:
|
global:
|
||||||
postgresql:
|
postgresql:
|
||||||
@@ -513,10 +573,10 @@ postgresql-ha:
|
|||||||
password: changeme4
|
password: changeme4
|
||||||
pgpool:
|
pgpool:
|
||||||
adminPassword: changeme3
|
adminPassword: changeme3
|
||||||
|
srCheckPassword: changeme4
|
||||||
service:
|
service:
|
||||||
ports:
|
ports:
|
||||||
postgresql: 5432
|
postgresql: 5432
|
||||||
primary:
|
|
||||||
persistence:
|
persistence:
|
||||||
size: 10Gi
|
size: 10Gi
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user