Only render ingressClassName when not empty

Signed-off-by: justusbunsi <sk.bunsenbrenner@gmail.com>

.commitlintrc.json

@@ -1,7 +0,0 @@
-{
-  "extends": ["@commitlint/config-conventional"],
-  "rules": {
-    "type-enum": [2, "always", ["feat", "fix", "chore", "docs", "style", "refactor", "test", "perf", "ci", "WIP"]],
-    "type-case": [0, "always", "lower-case"]
-  }
-}

.gitea/PULL_REQUEST_TEMPLATE.md

@@ -23,7 +23,7 @@
 ### Applicable issues
 
 <!-- Enter any applicable Issues here (You can reference an issue using #). Please remove this section if there is no referenced issue. -->
-- Fixes #
+  - fixes #
 
 ### Additional information
 
@@ -39,6 +39,4 @@
 
 - [ ] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
 - [ ] Breaking changes are documented in the `README.md`
-- [ ] Helm templating unittests are added (required when changing anything in `templates` folder)
-- [ ] Bash unittests are added (required when changing anything in `scripts` folder)
-- [ ] All added template resources MUST render a namespace in metadata
+- [ ] Templating unittests are added

.gitea/workflows/changelog.yml

@@ -1,32 +0,0 @@
-name: changelog
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  changelog:
-    runs-on: ubuntu-latest
-    container: docker.io/thegeeklab/git-sv:1.0.12
-    steps:
-      - name: install tools
-        run: |
-          apk add -q --update --no-cache nodejs curl jq sed
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Generate upcoming changelog
-        run: |
-          git sv rn -o changelog.md
-          export RELEASE_NOTES=$(cat changelog.md)
-          export ISSUE_NUMBER=$(curl -s "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues?state=open&q=Changelog%20for%20upcoming%20version" | jq '.[].number')
-
-          echo $RELEASE_NOTES
-          JSON_DATA=$(echo "" | jq -Rs --arg title 'Changelog for upcoming version' --arg body "$(cat changelog.md)" '{title: $title, body: $body}')
-
-          if [ -z "$ISSUE_NUMBER" ]; then
-            curl -s -X POST "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues" -H "Authorization: token ${{ secrets.ISSUE_RW_TOKEN }}" -H "Content-Type: application/json" -d "$JSON_DATA"
-          else
-            curl -s -X PATCH "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues/$ISSUE_NUMBER" -H "Authorization: token ${{ secrets.ISSUE_RW_TOKEN }}" -H "Content-Type: application/json" -d "$JSON_DATA"
-          fi

.gitea/workflows/commitlint.yml

@@ -1,19 +0,0 @@
-name: commitlint
-
-on:
-  pull_request:
-    branches:
-      - "*"
-    types:
-      - opened
-      - edited
-
-jobs:
-  check-and-test:
-    runs-on: ubuntu-latest
-    container: commitlint/commitlint:19.7.1
-    steps:
-      - uses: actions/checkout@v4
-      - name: check PR title
-        run: |
-          echo "${{ gitea.event.pull_request.title }}" | commitlint --config .commitlintrc.json

.gitea/workflows/release-version.yml

@@ -7,7 +7,7 @@ on:
 
 env:
   # renovate: datasource=docker depName=alpine/helm
-  HELM_VERSION: "3.17.1"
+  HELM_VERSION: "3.15.3"
 
 jobs:
   generate-chart-publish:
@@ -31,7 +31,7 @@ jobs:
           echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
           apt update -y
           apt install -y python3 python3-pip apt-transport-https docker-ce-cli
-          pip install awscli --break-system-packages
+          pip install awscli
 
       - name: Import GPG key
         id: import_gpg

.gitea/workflows/test-pr.yml

@@ -7,20 +7,21 @@ on:
   push:
     branches:
       - main
+      - "renovate/**"
 
 env:
   # renovate: datasource=github-releases depName=helm-unittest/helm-unittest
-  HELM_UNITTEST_VERSION: "v0.7.2"
+  HELM_UNITTEST_VERSION: "v0.5.1"
 
 jobs:
   check-and-test:
     runs-on: ubuntu-latest
-    container: alpine/helm:3.17.1
+    container: alpine/helm:3.15.3
     steps:
       - name: install tools
         run: |
           apk update
-          apk add --update bash make nodejs npm yamllint ncurses
+          apk add --update make nodejs npm yamllint
       - uses: actions/checkout@v4
       - name: install chart dependencies
         run: helm dependency build
@@ -28,14 +29,9 @@ jobs:
         run: helm lint
       - name: template
         run: helm template --debug gitea-helm .
-      - name: prepare unit test environment
+      - name: unit tests
         run: |
           helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
-          git submodule update --init --recursive
-      - name: unit tests
-        env:
-          TERM: xterm
-        run: |
           make unittests
       - name: verify readme
         run: |

.gitmodules

@@ -1,12 +0,0 @@
-[submodule "unittests/bash/bats"]
-	path = unittests/bash/bats
-	url = https://github.com/bats-core/bats-core.git
-[submodule "unittests/bash/test_helper/bats-support"]
-	path = unittests/bash/test_helper/bats-support
-	url = https://github.com/bats-core/bats-support.git
-[submodule "unittests/bash/test_helper/bats-assert"]
-	path = unittests/bash/test_helper/bats-assert
-	url = https://github.com/bats-core/bats-assert.git
-[submodule "unittests/bash/test_helper/bats-mock"]
-	path = unittests/bash/test_helper/bats-mock
-	url = https://github.com/jasonkarns/bats-mock.git

.gitsv/config.yaml

@@ -1,57 +0,0 @@
-version: '1.1' # Configuration version.
-
-versioning:
-  update-major: [breaking] # Commit types used to bump major.
-  update-minor: [feat, perf] # Commit types used to bump minor.
-  update-patch: [build, ci, chore, fix, perf, refactor, test] # Commit types used to bump patch.
-  # When type is not present on update rules and is unknown (not mapped on commit message types);
-  # if ignore-unknown=false bump patch, if ignore-unknown=true do not bump version.
-  ignore-unknown: false
-
-tag:
-  pattern: 'v%d.%d.%d' # Pattern used to create git tag.
-  filter: '' # Enables you to filter for considerable tags using git pattern syntax.
-
-release-notes:
-  sections: # Array with each section of release note. Check template section for more information.
-    - name: Breaking Changes
-      section-type: breaking-changes
-    - name: Features # Name used on section.
-      section-type: commits # Type of the section, supported types: commits, breaking-changes.
-      commit-types: [feat, perf] # Commit types for commit section-type, one commit type cannot be in more than one section.
-    - name: Bug Fixes
-      section-type: commits
-      commit-types: [fix]
-    - name: Maintenance
-      section-type: commits
-      commit-types: [chore, refactor]
-    - name: Documentation
-      commit-types: [docs]
-      section-type: commits
-    - name: CI
-      commit-types: [ci]
-      section-type: commits
-
-branches: # Git branches config.
-  prefix: ([a-z]+\/)? # Prefix used on branch name, it should be a regex group.
-  suffix: (-.*)? # Suffix used on branch name, it should be a regex group.
-  disable-issue: false # Set true if there is no need to recover issue id from branch name.
-  skip: [] # List of branch names ignored on commit message validation.
-  skip-detached: false # Set true if a detached branch should be ignored on commit message validation.
-
-commit-message:
-  # Supported commit types.
-  types: [build, ci, chore, docs, feat, fix, perf, refactor, revert, style, test]
-  header-selector: '' # You can put in a regex here to select only a certain part of the commit message. Please define a regex group 'header'.
-  scope:
-    # Define supported scopes, if blank, scope will not be validated, if not, only scope listed will be valid.
-    # Don't forget to add "" on your list if you need to define scopes and keep it optional.
-    values: []
-  footer:
-    issue: # Use "issue: {}" if you wish to disable issue footer.
-      key: jira # Name used to define an issue on footer metadata.
-      key-synonyms: [Jira, JIRA] # Supported variations for footer metadata.
-      use-hash: false # If false, use :<space> separator. If true, use <space># separator.
-      add-value-prefix: '' # Add a prefix to issue value.
-  issue:
-    regex: '[A-Z]+-[0-9]+' # Regex for issue id.

.helmignore

@@ -5,7 +5,6 @@
 # Common VCS dirs
 .git/
 .gitignore
-.gitmodules
 .bzr/
 .bzrignore
 .hg/
@@ -32,10 +31,3 @@ Makefile
 .drone.yml
 CONTRIBUTING.md
 unittests/
-.editorconfig
-.prettierignore
-.yamllint
-CODEOWNERS
-renovate.json5
-.commitlintrc.json
-.gitsv/

.markdownlint.yaml

@@ -129,7 +129,6 @@ MD041:
 MD044:
   # List of proper names
   names:
-    - docker.gitea.com
     - Gitea
     - PostgreSQL
     - Memcached

.vscode/extensions.json

@@ -3,7 +3,6 @@
         "yzhang.markdown-all-in-one",
         "DavidAnson.vscode-markdownlint",
         "Tim-Koehler.helm-intellisense",
-        "esbenp.prettier-vscode",
-        "jetmartin.bats"
+        "esbenp.prettier-vscode"
     ]
   }

.vscode/settings.json

@@ -1,15 +1,8 @@
 {
     "yaml.schemas": {
-        "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.7.2/schema/helm-testsuite.json": [
+        "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.1/schema/helm-testsuite.json": [
             "/unittests/**/*.yaml"
         ]
     },
-    "yaml.schemaStore.enable": true,
-    "[bats]": {
-        "editor.tabSize": 2
-    },
-    "[shellscript]": {
-        "files.eol": "\n",
-        "editor.tabSize": 2
-    }
+    "yaml.schemaStore.enable": true
 }

.yamllint

@@ -5,7 +5,7 @@ ignore: |
   .yamllint
   node_modules
   templates
-  unittests/bash
+
 
 rules:
   truthy:
@@ -17,4 +17,4 @@ rules:
   comments:
     min-spaces-from-content: 1
   braces:
-    max-spaces-inside: 2
+    max-spaces-inside: 2

CONTRIBUTING.md

@@ -29,7 +29,6 @@ When submitting or updating a PR:
 - try to avoid rebases. They make code reviews for large PRs and comments much harder.
 - if applicable, use the PR template for a well-defined PR description.
 - clearly mark breaking changes.
-- format the PR title following the [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/#specification) schema
 
 ## Local development & testing
 
@@ -38,7 +37,7 @@ be used:
 
 1. Install `minikube` and `helm`.
 1. Start a `minikube` cluster via `minikube start`.
-1. From the `gitea/helm-gitea` directory execute the following command.
+1. From the `gitea/helm-chart` directory execute the following command.
    This will install the dependencies listed in `Chart.yml` and deploy the current state of the helm chart found locally.
    If you want to test a branch, make sure to switch to the respective branch first.
    `helm install --dependency-update gitea . -f values.yaml`.
@@ -49,30 +48,16 @@ default port-forward svc/gitea-http 3000:3000`.
 
 ### Unit tests
 
-#### Helm templating tests
-
 ```bash
 # install the unittest plugin
 $ helm plugin install https://github.com/helm-unittest/helm-unittest
 
-# run the Helm unittests
-make unittests-helm
+# run the unittests
+make unittests
 ```
 
 See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/main/DOCUMENT.md) for usage instructions.
 
-#### Bash script tests
-
-```bash
-# setup the environment
-git submodule update --init --recursive
-
-# run the bash tests
-make unittests-bash
-```
-
-See [bats documentation](https://bats-core.readthedocs.io/en/stable/) for usage instructions.
-
 ## Release process
 
 1. Create a tag following the tagging schema

Chart.lock

@@ -1,15 +1,15 @@
 dependencies:
 - name: postgresql
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 16.4.14
+  version: 15.5.17
 - name: postgresql-ha
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 15.2.3
+  version: 14.2.12
 - name: redis-cluster
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 11.4.3
+  version: 10.2.7
 - name: redis
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 20.8.0
-digest: sha256:ce1a2a02c3e1adb764cae42ccce1efd2d41adb5024576e6d8a92b30b8dfe67db
-generated: "2025-02-23T00:12:41.541107288Z"
+  version: 19.6.2
+digest: sha256:842e8878e2da9cd62c2233f5ebfcdaa05598633a8bc2fa84803006929cf0c3cc
+generated: "2024-07-20T00:44:58.227558466Z"

Chart.yaml

@@ -3,8 +3,7 @@ name: gitea
 description: Gitea Helm chart for Kubernetes
 type: application
 version: 0.0.0
-# renovate datasource=github-releases depName=go-gitea/gitea extractVersion=^v(?<version>.*)$
-appVersion: 1.23.5
+appVersion: 1.22.0
 icon: https://gitea.com/assets/img/logo.svg
 
 keywords:
@@ -15,9 +14,9 @@ keywords:
   - gitea
   - gogs
 sources:
-  - https://gitea.com/gitea/helm-gitea
+  - https://gitea.com/gitea/helm-chart
   - https://github.com/go-gitea/gitea
-  - https://docker.gitea.com/gitea
+  - https://hub.docker.com/r/gitea/gitea/
 maintainers:
   - name: Charlie Drage
     email: charlie@charliedrage.com
@@ -36,20 +35,20 @@ dependencies:
   # https://github.com/bitnami/charts/blob/main/bitnami/postgresql
   - name: postgresql
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 16.4.14
+    version: 15.5.17
     condition: postgresql.enabled
   # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml
   - name: postgresql-ha
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 15.2.3
+    version: 14.2.12
     condition: postgresql-ha.enabled
   # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml
   - name: redis-cluster
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 11.4.3
+    version: 10.2.7
     condition: redis-cluster.enabled
   # https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml
   - name: redis
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 20.8.0
+    version: 19.6.2
     condition: redis.enabled

Makefile

@@ -1,5 +1,3 @@
-SHELL := /usr/bin/env bash -O globstar
-
 .PHONY: prepare-environment
 prepare-environment:
 	npm install
@@ -10,15 +8,8 @@ readme: prepare-environment
 	npm run readme:lint
 
 .PHONY: unittests
-unittests: unittests-helm unittests-bash
-
-.PHONY: unittests-helm
-unittests-helm:
-	helm unittest --strict -f 'unittests/helm/**/*.yaml' -f 'unittests/helm/values-conflicting-checks.yaml' ./
-
-.PHONY: unittests-bash
-unittests-bash:
-	./unittests/bash/bats/bin/bats --pretty ./unittests/bash/tests/**/*.bats
+unittests:
+	helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' -f 'unittests/values-conflicting-checks.yaml' ./
 
 .PHONY: helm
 update-helm-dependencies:

package.json

@@ -1,6 +1,6 @@
 {
-  "name": "gitea-helm",
-  "homepage": "https://gitea.com/gitea/helm-gitea.git",
+  "name": "gitea-helm-chart",
+  "homepage": "https://gitea.com/gitea/helm-chart.git",
   "license": "MIT",
   "private": true,
   "engineStrict": true,
@@ -14,6 +14,6 @@
   },
   "devDependencies": {
     "@bitnami/readme-generator-for-helm": "^2.5.0",
-    "markdownlint-cli": "^0.44.0"
+    "markdownlint-cli": "^0.41.0"
   }
-}
+}

renovate.json5

@@ -9,13 +9,7 @@
   labels: [
     'kind/dependency',
   ],
-  "digest": {
-    "automerge": true
-  },
   automergeStrategy: 'squash',
-  'git-submodules': {
-    'enabled': true
-  },
   customManagers: [
     {
       description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions',
@@ -36,14 +30,6 @@
       ],
       datasourceTemplate: 'github-releases',
     },
-    {
-      'description': 'Automatically detect new Gitea releases',
-      'customType': 'regex',
-      'fileMatch': ['(^|/)Chart\\.yaml$'],
-      'matchStrings': [
-        '# renovate datasource=(?<datasource>\\S+) depName=(?<depName>\\S+) extractVersion=(?<extractVersion>\\S+)\\nappVersion:\\s?(?<currentValue>\\S+)\\n',
-      ],
-    },
   ],
   packageRules: [
     {
@@ -69,39 +55,6 @@
         'patch',
         'digest',
       ],
-      matchFileNames: [
-        '!Chart.yaml',
-      ],
-    },
-    {
-      description: 'Update README.md on changes in values.yaml',
-      matchManagers: [
-        'helm-values',
-      ],
-      postUpgradeTasks: {
-        commands: [
-          'install-tool node',
-          'make readme',
-        ],
-        fileFilters: [
-          'README.md',
-        ],
-        executionMode: 'update',
-      },
-    },
-    {
-      description: 'Override changelog url for Helm image, to have release notes in our PRs',
-      matchDepNames: [
-        'alpine/helm',
-      ],
-      changelogUrl: 'https://github.com/helm/helm',
-    },
-    {
-      description: 'Bump Gitea as fast as possible - not only on weekends',
-      matchDepNames: [
-        'go-gitea/gitea',
-      ],
-      schedule: ['at any time'],
     },
   ],
 }

scripts/act_runner/token.sh

@@ -1,43 +0,0 @@
-#!/bin/sh
-
-set -eu
-
-timeout_delay=15
-
-check_token() {
-  set +e
-
-  echo "Checking for existing token..."
-  token="$(kubectl get secret "$SECRET_NAME" -o jsonpath="{.data['token']}" 2> /dev/null)"
-  [ $? -ne 0 ] && return 1
-  [ -z "$token" ] && return 2
-  return 0
-}
-
-create_token() {
-  echo "Waiting for new token to be generated..."
-  begin=$(date +%s)
-  end=$((begin + timeout_delay))
-  while true; do
-    [ -f /data/actions/token ] && return 0
-    [ "$(date +%s)" -gt $end ] && return 1
-    sleep 5
-  done
-}
-
-store_token() {
-  echo "Storing the token in Kubernetes secret..."
-  kubectl patch secret "$SECRET_NAME" -p "{\"data\":{\"token\":\"$(base64 /data/actions/token | tr -d '\n')\"}}"
-}
-
-if check_token; then
-  echo "Key already in place, exiting."
-  exit
-fi
-
-if ! create_token; then
-  echo "Checking for an existing act runner token in secret $SECRET_NAME timed out after $timeout_delay"
-  exit 1
-fi
-
-store_token

scripts/init-containers/config/config_environment.sh

@@ -1,154 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-function env2ini::log() {
-  printf "${1}\n"
-}
-
-function env2ini::read_config_to_env() {
-  local section="${1}"
-  local line="${2}"
-
-  if [[ -z "${line}" ]]; then
-    # skip empty line
-    return
-  fi
-
-  # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line
-  local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)"
-
-  if [[ -z "${setting}" ]]; then
-    env2ini::log '  ! invalid setting'
-    exit 1
-  fi
-
-  local value=''
-  local regex="^${setting}(\s*)=(\s*)(.*)"
-  if [[ $line =~ $regex ]]; then
-    value="${BASH_REMATCH[3]}"
-  else
-    env2ini::log '  ! invalid setting'
-    exit 1
-  fi
-
-  env2ini::log "    + '${setting}'"
-
-  if [[ -z "${section}" ]]; then
-    export "GITEA____${setting^^}=${value}"                           # '^^' makes the variable content uppercase
-    return
-  fi
-
-  local masked_section="${section//./_0X2E_}"                            # '//' instructs to replace all matches
-  masked_section="${masked_section//-/_0X2D_}"
-
-  export "GITEA__${masked_section^^}__${setting^^}=${value}"        # '^^' makes the variable content uppercase
-}
-
-function env2ini::reload_preset_envs() {
-  env2ini::log "Reloading preset envs..."
-
-  while read -r line; do
-    if [[ -z "${line}" ]]; then
-      # skip empty line
-      return
-    fi
-
-    # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line
-    local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)"
-
-    if [[ -z "${setting}" ]]; then
-      env2ini::log '  ! invalid setting'
-      exit 1
-    fi
-
-    local value=''
-    local regex="^${setting}(\s*)=(\s*)(.*)"
-    if [[ $line =~ $regex ]]; then
-      value="${BASH_REMATCH[3]}"
-    else
-      env2ini::log '  ! invalid setting'
-      exit 1
-    fi
-
-    env2ini::log "  + '${setting}'"
-
-    export "${setting^^}=${value}"                           # '^^' makes the variable content uppercase
-  done < "$TMP_EXISTING_ENVS_FILE"
-
-  rm $TMP_EXISTING_ENVS_FILE
-}
-
-
-function env2ini::process_config_file() {
-  local config_file="${1}"
-  local section="$(basename "${config_file}")"
-
-  if [[ $section == '_generals_' ]]; then
-    env2ini::log "  [ini root]"
-    section=''
-  else
-    env2ini::log "  ${section}"
-  fi
-
-  while read -r line; do
-    env2ini::read_config_to_env "${section}" "${line}"
-  done < <(awk 1 "${config_file}")                             # Helm .toYaml trims the trailing new line which breaks line processing; awk 1 ... adds it back while reading
-}
-
-function env2ini::load_config_sources() {
-  local path="${1}"
-
-  if [[ -d "${path}" ]]; then
-    env2ini::log "Processing $(basename "${path}")..."
-
-    while read -d '' configFile; do
-      env2ini::process_config_file "${configFile}"
-    done < <(find "${path}" -type l -not -name '..data' -print0)
-
-    env2ini::log "\n"
-  fi
-}
-
-function env2ini::generate_initial_secrets() {
-  # These environment variables will either be
-  #   - overwritten with user defined values,
-  #   - initially used to set up Gitea
-  # Anyway, they won't harm existing app.ini files
-
-  export GITEA__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
-  export GITEA__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
-  export GITEA__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)
-  export GITEA__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET)
-
-  env2ini::log "...Initial secrets generated\n"
-}
-
-# save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs
-env | (grep -e '^GITEA__' || [[ $? == 1 ]]) > $TMP_EXISTING_ENVS_FILE
-
-# MUST BE CALLED BEFORE OTHER CONFIGURATION
-env2ini::generate_initial_secrets
-
-env2ini::load_config_sources "$ENV_TO_INI_MOUNT_POINT/inlines/"
-env2ini::load_config_sources "$ENV_TO_INI_MOUNT_POINT/additionals/"
-
-# load existing envs to override auto generated envs
-env2ini::reload_preset_envs
-
-env2ini::log "=== All configuration sources loaded ===\n"
-
-# safety to prevent rewrite of secret keys if an app.ini already exists
-if [ -f ${GITEA_APP_INI} ]; then
-  env2ini::log 'An app.ini file already exists. To prevent overwriting secret keys, these settings are dropped and remain unchanged:'
-  env2ini::log '  - security.INTERNAL_TOKEN'
-  env2ini::log '  - security.SECRET_KEY'
-  env2ini::log '  - oauth2.JWT_SECRET'
-  env2ini::log '  - server.LFS_JWT_SECRET'
-
-  unset GITEA__SECURITY__INTERNAL_TOKEN
-  unset GITEA__SECURITY__SECRET_KEY
-  unset GITEA__OAUTH2__JWT_SECRET
-  unset GITEA__SERVER__LFS_JWT_SECRET
-fi
-
-environment-to-ini -o $GITEA_APP_INI

scripts/init-containers/init/configure_gpg_environment.sh

@@ -1,4 +0,0 @@
-#!/usr/bin/env bash
-set -eu
-
-gpg --batch --import "$TMP_RAW_GPG_KEY"

templates/_helpers.tpl

@@ -25,13 +25,6 @@ If release name contains chart name it will be used as a full name.
 {{- end -}}
 {{- end -}}
 
-{{/*
-Create a default worker name.
-*/}}
-{{- define "gitea.workername" -}}
-{{- printf "%s-%s" .global.Release.Name .worker | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
 {{/*
 Create chart name and version as used by the chart label.
 */}}
@@ -99,15 +92,6 @@ version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 
-{{- define "gitea.labels.actRunner" -}}
-helm.sh/chart: {{ include "gitea.chart" . }}
-app: {{ include "gitea.name" . }}-act-runner
-{{ include "gitea.selectorLabels.actRunner" . }}
-app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
-version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end -}}
-
 {{/*
 Selector labels
 */}}
@@ -116,11 +100,6 @@ app.kubernetes.io/name: {{ include "gitea.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 
-{{- define "gitea.selectorLabels.actRunner" -}}
-app.kubernetes.io/name: {{ include "gitea.name" . }}-act-runner
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end -}}
-
 {{- define "postgresql-ha.dns" -}}
 {{- if (index .Values "postgresql-ha").enabled -}}
 {{- printf "%s-postgresql-ha-pgpool.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}}
@@ -220,15 +199,6 @@ https
 {{- end -}}
 {{- end -}}
 
-{{- define "gitea.act_runner.local_root_url" -}}
-{{- if not .Values.gitea.config.server.LOCAL_ROOT_URL -}}
-    {{- printf "http://%s-http:%.0f" (include "gitea.fullname" .) .Values.service.http.port -}}
-{{- else -}}
-  {{/* fallback for allowing to overwrite this value via inline config */}}
-  {{- .Values.gitea.config.server.LOCAL_ROOT_URL -}}
-{{- end -}}
-{{- end -}}
-
 {{- define "gitea.inline_configuration" -}}
   {{- include "gitea.inline_configuration.init" . -}}
   {{- include "gitea.inline_configuration.defaults" . -}}
@@ -293,9 +263,6 @@ https
   {{- if not (hasKey .Values.gitea.config "indexer") -}}
     {{- $_ := set .Values.gitea.config "indexer" dict -}}
   {{- end -}}
-  {{- if not (hasKey .Values.gitea.config "actions") -}}
-    {{- $_ := set .Values.gitea.config "actions" dict -}}
-  {{- end -}}
 {{- end -}}
 
 {{- define "gitea.inline_configuration.defaults" -}}
@@ -311,9 +278,6 @@ https
   {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
     {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
   {{- end -}}
-  {{- if and (not (hasKey .Values.gitea.config.metrics "TOKEN")) (.Values.gitea.metrics.token) (.Values.gitea.metrics.enabled) -}}
-    {{- $_ := set .Values.gitea.config.metrics "TOKEN" .Values.gitea.metrics.token -}}
-  {{- end -}}
   {{- /* redis queue */ -}}
   {{- if or ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}}
     {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}}
@@ -437,6 +401,32 @@ https
 {{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }}
 {{- end -}}
 
+{{- define "ingress.annotations" -}}
+  {{- if .Values.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{- define "ingress.ingressClassName" -}}
+{{- if ne .Values.ingress.className "" -}}
+# WARNING: 'ingress.className' is deprecated and will be removed in a future release. Use 'ingress.ingressClassName' instead."
+{{ end -}}
+{{- if and (ne .Values.ingress.className "" ) (ne .Values.ingress.ingressClassName "") -}}
+{{- fail "ingress.ingressClassName and ingress.className cannot be defined at the same time. Please only choose one." -}}
+{{- end -}}
+{{- if ne .Values.ingress.className "" -}}
+ingressClassName: {{ tpl .Values.ingress.className . }}
+{{- else if ne .Values.ingress.ingressClassName "" -}}
+ingressClassName: {{ tpl .Values.ingress.ingressClassName . }}
+{{- end -}}
+{{- end -}}
+
 {{- define "gitea.admin.passwordMode" -}}
 {{- if has .Values.gitea.admin.passwordMode (tuple "keepUpdated" "initialOnlyNoReset" "initialOnlyRequireReset") -}}
 {{ .Values.gitea.admin.passwordMode }}
@@ -444,25 +434,3 @@ https
 {{ printf "gitea.admin.passwordMode must be set to one of 'keepUpdated', 'initialOnlyNoReset', or 'initialOnlyRequireReset'. Received: '%s'" .Values.gitea.admin.passwordMode | fail }}
 {{- end -}}
 {{- end -}}
-
-{{/* Create a functioning probe object for rendering. Given argument must be either a livenessProbe, readinessProbe, or startupProbe */}}
-{{- define "gitea.deployment.probe" -}}
-  {{- $probe := unset . "enabled" -}}
-  {{- $probeKeys := keys $probe -}}
-  {{- $containsCustomMethod := false -}}
-  {{- $chartDefaultMethod := "tcpSocket" -}}
-  {{- $nonChartDefaultMethods := list "exec" "httpGet" "grpc" -}}
-  {{- range $probeKeys -}}
-    {{- if has . $nonChartDefaultMethods -}}
-      {{- $containsCustomMethod = true -}}
-    {{- end -}}
-  {{- end -}}
-  {{- if $containsCustomMethod -}}
-    {{- $probe = unset . $chartDefaultMethod -}}
-  {{- end -}}
-  {{- toYaml $probe -}}
-{{- end -}}
-
-{{- define "gitea.metrics-secret-name" -}}
-{{ default (printf "%s-metrics-secret" (include "gitea.fullname" .)) }}
-{{- end -}}

templates/gitea/config.yaml

@@ -2,7 +2,6 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ include "gitea.fullname" . }}-inline-config
-  namespace: {{ .Values.namespace | default .Release.Namespace }}
   labels:
     {{- include "gitea.labels" . | nindent 4 }}
 type: Opaque
@@ -13,12 +12,10 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ include "gitea.fullname" . }}
-  namespace: {{ .Values.namespace | default .Release.Namespace }}
   labels:
     {{- include "gitea.labels" . | nindent 4 }}
 type: Opaque
 stringData:
-{{ (.Files.Glob "scripts/init-containers/config/*.sh").AsConfig | indent 2 }}
   assertions: |
 
     {{- /*assert that only one PG dep is enabled */ -}}
@@ -55,3 +52,158 @@ stringData:
       {{- end }}
       
     {{- end }}
+  config_environment.sh: |-
+    #!/usr/bin/env bash
+    set -euo pipefail
+
+    function env2ini::log() {
+      printf "${1}\n"
+    }
+
+    function env2ini::read_config_to_env() {
+      local section="${1}"
+      local line="${2}"
+
+      if [[ -z "${line}" ]]; then
+        # skip empty line
+        return
+      fi
+      
+      # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line
+      local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)"
+
+      if [[ -z "${setting}" ]]; then
+        env2ini::log '  ! invalid setting'
+        exit 1
+      fi
+
+      local value=''
+      local regex="^${setting}(\s*)=(\s*)(.*)"
+      if [[ $line =~ $regex ]]; then
+        value="${BASH_REMATCH[3]}"
+      else
+        env2ini::log '  ! invalid setting'
+        exit 1
+      fi
+
+      env2ini::log "    + '${setting}'"
+
+      if [[ -z "${section}" ]]; then
+        export "GITEA____${setting^^}=${value}"                           # '^^' makes the variable content uppercase
+        return
+      fi
+
+      local masked_section="${section//./_0X2E_}"                            # '//' instructs to replace all matches
+      masked_section="${masked_section//-/_0X2D_}"
+
+      export "GITEA__${masked_section^^}__${setting^^}=${value}"        # '^^' makes the variable content uppercase
+    }
+
+    function env2ini::reload_preset_envs() {
+      env2ini::log "Reloading preset envs..."
+
+      while read -r line; do
+        if [[ -z "${line}" ]]; then
+          # skip empty line
+          return
+        fi
+
+        # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line
+        local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)"
+
+        if [[ -z "${setting}" ]]; then
+          env2ini::log '  ! invalid setting'
+          exit 1
+        fi
+
+        local value=''
+        local regex="^${setting}(\s*)=(\s*)(.*)"
+        if [[ $line =~ $regex ]]; then
+          value="${BASH_REMATCH[3]}"
+        else
+          env2ini::log '  ! invalid setting'
+          exit 1
+        fi
+
+        env2ini::log "  + '${setting}'"
+
+        export "${setting^^}=${value}"                           # '^^' makes the variable content uppercase
+      done < "/tmp/existing-envs"
+
+      rm /tmp/existing-envs
+    }
+
+
+    function env2ini::process_config_file() {
+      local config_file="${1}"
+      local section="$(basename "${config_file}")"
+
+      if [[ $section == '_generals_' ]]; then
+        env2ini::log "  [ini root]"
+        section=''
+      else
+        env2ini::log "  ${section}"
+      fi
+
+      while read -r line; do
+        env2ini::read_config_to_env "${section}" "${line}"
+      done < <(awk 1 "${config_file}")                             # Helm .toYaml trims the trailing new line which breaks line processing; awk 1 ... adds it back while reading
+    }
+
+    function env2ini::load_config_sources() {
+      local path="${1}"
+
+      if [[ -d "${path}" ]]; then
+        env2ini::log "Processing $(basename "${path}")..."
+
+        while read -d '' configFile; do
+          env2ini::process_config_file "${configFile}"
+        done < <(find "${path}" -type l -not -name '..data' -print0)
+
+        env2ini::log "\n"
+      fi
+    }
+
+    function env2ini::generate_initial_secrets() {
+      # These environment variables will either be
+      #   - overwritten with user defined values,
+      #   - initially used to set up Gitea
+      # Anyway, they won't harm existing app.ini files
+
+      export GITEA__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
+      export GITEA__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
+      export GITEA__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)
+      export GITEA__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET)
+
+      env2ini::log "...Initial secrets generated\n"
+    }
+    
+    # save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs
+    env | (grep -e '^GITEA__' || [[ $? == 1 ]]) > /tmp/existing-envs
+    
+    # MUST BE CALLED BEFORE OTHER CONFIGURATION
+    env2ini::generate_initial_secrets
+
+    env2ini::load_config_sources '/env-to-ini-mounts/inlines/'
+    env2ini::load_config_sources '/env-to-ini-mounts/additionals/'
+
+    # load existing envs to override auto generated envs
+    env2ini::reload_preset_envs
+
+    env2ini::log "=== All configuration sources loaded ===\n"
+
+    # safety to prevent rewrite of secret keys if an app.ini already exists
+    if [ -f ${GITEA_APP_INI} ]; then
+      env2ini::log 'An app.ini file already exists. To prevent overwriting secret keys, these settings are dropped and remain unchanged:'
+      env2ini::log '  - security.INTERNAL_TOKEN'
+      env2ini::log '  - security.SECRET_KEY'
+      env2ini::log '  - oauth2.JWT_SECRET'
+      env2ini::log '  - server.LFS_JWT_SECRET'
+
+      unset GITEA__SECURITY__INTERNAL_TOKEN
+      unset GITEA__SECURITY__SECRET_KEY
+      unset GITEA__OAUTH2__JWT_SECRET
+      unset GITEA__SERVER__LFS_JWT_SECRET
+    fi
+
+    environment-to-ini -o $GITEA_APP_INI

templates/gitea/deployment.yaml

@@ -2,7 +2,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "gitea.fullname" . }}
-  namespace: {{ .Values.namespace | default .Release.Namespace }}
   annotations:
     {{- if .Values.deployment.annotations }}
     {{- toYaml .Values.deployment.annotations | nindent 4 }}
@@ -107,10 +106,6 @@ spec:
               value: /data
             - name: GITEA_TEMP
               value: /tmp/gitea
-            - name: TMP_EXISTING_ENVS_FILE
-              value: /tmp/existing-envs
-            - name: ENV_TO_INI_MOUNT_POINT
-              value: /env-to-ini-mounts
             {{- if .Values.deployment.env }}
             {{- toYaml .Values.deployment.env | nindent 12 }}
             {{- end }}
@@ -153,8 +148,6 @@ spec:
           env:
             - name: GNUPGHOME
               value: {{ .Values.signing.gpgHome }}
-            - name: TMP_RAW_GPG_KEY
-              value: /raw/private.asc
           volumeMounts:
             - name: init
               mountPath: /usr/sbin
@@ -291,13 +284,6 @@ spec:
               value: /data
             - name: GITEA_TEMP
               value: /tmp/gitea
-            {{- if and (hasKey .Values.resources "limits") (hasKey .Values.resources.limits "cpu") }}
-            - name: GOMAXPROCS
-              valueFrom:
-                resourceFieldRef:
-                  divisor: "1"
-                  resource: limits.cpu
-            {{- end }}
             - name: TMPDIR
               value: /tmp/gitea
             {{- if .Values.image.rootless }}
@@ -325,15 +311,15 @@ spec:
             {{- end }}
           {{- if .Values.gitea.livenessProbe.enabled }}
           livenessProbe:
-            {{- include "gitea.deployment.probe" .Values.gitea.livenessProbe | nindent 12 }}
+            {{- toYaml (omit .Values.gitea.livenessProbe "enabled") | nindent 12 }}
           {{- end }}
           {{- if .Values.gitea.readinessProbe.enabled }}
           readinessProbe:
-            {{- include "gitea.deployment.probe" .Values.gitea.readinessProbe | nindent 12 }}
+            {{- toYaml (omit .Values.gitea.readinessProbe "enabled") | nindent 12 }}
           {{- end }}
           {{- if .Values.gitea.startupProbe.enabled }}
           startupProbe:
-            {{- include "gitea.deployment.probe" .Values.gitea.startupProbe | nindent 12 }}
+            {{- toYaml (omit .Values.gitea.startupProbe "enabled") | nindent 12 }}
           {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
@@ -353,23 +339,20 @@ spec:
               subPath: {{ .Values.persistence.subPath }}
               {{- end }}
             {{- include "gitea.container-additional-mounts" . | nindent 12 }}
-        {{- if .Values.extraContainers }}
-        {{- toYaml .Values.extraContainers | nindent 8 }}
-        {{- end }}
       {{- with .Values.global.hostAliases }}
       hostAliases:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- range $key, $value := .Values.nodeSelector }}
+      {{- with .Values.nodeSelector }}
       nodeSelector:
-        {{ $key }}: {{ $value | quote }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
     {{- with .Values.affinity }}
       affinity:
         {{- toYaml . | nindent 8 }}
     {{- end }}
     {{- with .Values.topologySpreadConstraints }}
-      topologySpreadConstraints:
+      topologySpreadConstraints: 
         {{- toYaml . | nindent 8 }}
     {{- end }}
     {{- with .Values.tolerations }}
@@ -419,4 +402,4 @@ spec:
   {{- else if not .Values.persistence.enabled }}
         - name: data
           emptyDir: {}
-  {{- end }}
+  {{- end }}

templates/gitea/gpg-secret.yaml

@@ -7,7 +7,6 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ include "gitea.gpg-key-secret-name" . }}
-  namespace: {{ .Values.namespace | default .Release.Namespace }}
   labels:
     {{- include "gitea.labels" . | nindent 4 }}
 type: Opaque

templates/gitea/http-svc.yaml

@@ -2,7 +2,6 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ include "gitea.fullname" . }}-http
-  namespace: {{ .Values.namespace | default .Release.Namespace }}
   labels:
     {{- include "gitea.labels" . | nindent 4 }}
     {{- if .Values.service.http.labels }}

templates/gitea/ingress.yaml

@@ -1,29 +1,16 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "gitea.fullname" . -}}
 {{- $httpPort := .Values.service.http.port -}}
-{{- $apiVersion := "extensions/v1beta1" -}}
-{{- if .Values.ingress.apiVersion -}}
-{{- $apiVersion = .Values.ingress.apiVersion -}}
-{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}}
-{{- $apiVersion = "networking.k8s.io/v1" }}
-{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}}
-{{- $apiVersion = "networking.k8s.io/v1beta1" }}
-{{- end }}
-apiVersion: {{ $apiVersion }}
+{{- $pathType := .Values.ingress.pathType -}}
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: {{ $fullName }}
-  namespace: {{ .Values.namespace | default .Release.Namespace }}
   labels:
     {{- include "gitea.labels" . | nindent 4 }}
-  annotations:
-    {{- range $key, $value := .Values.ingress.annotations }}
-      {{ $key }}: {{ $value | quote }}
-    {{- end }}
+  {{- template "ingress.annotations" . }}
 spec:
-{{- if .Values.ingress.className }}
-  ingressClassName: {{ tpl .Values.ingress.className . }}
-{{- end }}
+  {{- include "ingress.ingressClassName" . | nindent 2 }}
 {{- if .Values.ingress.tls }}
   tls:
   {{- range .Values.ingress.tls }}
@@ -39,21 +26,14 @@ spec:
     - host: {{ tpl .host $ | quote }}
       http:
         paths:
-          {{- range .paths }}
-          - path: {{ .path }}
-            {{- if and .pathType (eq $apiVersion "networking.k8s.io/v1") }}
-            pathType: {{ .pathType }}
-            {{- end }}
+          {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            pathType: {{ $pathType }}
             backend:
-            {{- if eq $apiVersion "networking.k8s.io/v1" }}
               service:
                 name: {{ $fullName }}-http
                 port:
                   number: {{ $httpPort }}
-            {{- else }}
-              serviceName: {{ $fullName }}-http
-              servicePort: {{ $httpPort }}
-            {{- end }}
           {{- end }}
     {{- end }}
 {{- end }}