Compare commits
2 Commits
main
...
chore/remo
| Author | SHA1 | Date | |
|---|---|---|---|
| 26d4a53449 | |||
| 779e9f28e8 |
39
README.md
39
README.md
@ -47,7 +47,6 @@
|
||||
- [Persistence](#persistence-1)
|
||||
- [Init](#init)
|
||||
- [Signing](#signing)
|
||||
- [Gitea Actions](#gitea-actions)
|
||||
- [Gitea](#gitea)
|
||||
- [LivenessProbe](#livenessprobe)
|
||||
- [ReadinessProbe](#readinessprobe)
|
||||
@ -1069,44 +1068,6 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
|
||||
| `signing.privateKey` | Inline private gpg key for signed internal Git activity | `""` |
|
||||
| `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""` |
|
||||
|
||||
### Gitea Actions
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
|
||||
| `actions.enabled` | Create an act runner StatefulSet. | `false` |
|
||||
| `actions.init.image.repository` | The image used for the init containers | `busybox` |
|
||||
| `actions.init.image.tag` | The image tag used for the init containers | `1.37.0` |
|
||||
| `actions.statefulset.annotations` | Act runner annotations | `{}` |
|
||||
| `actions.statefulset.labels` | Act runner labels | `{}` |
|
||||
| `actions.statefulset.resources` | Act runner resources | `{}` |
|
||||
| `actions.statefulset.nodeSelector` | NodeSelector for the statefulset | `{}` |
|
||||
| `actions.statefulset.tolerations` | Tolerations for the statefulset | `[]` |
|
||||
| `actions.statefulset.affinity` | Affinity for the statefulset | `{}` |
|
||||
| `actions.statefulset.extraVolumes` | Extra volumes for the statefulset | `[]` |
|
||||
| `actions.statefulset.actRunner.repository` | The Gitea act runner image | `gitea/act_runner` |
|
||||
| `actions.statefulset.actRunner.tag` | The Gitea act runner tag | `0.2.11` |
|
||||
| `actions.statefulset.actRunner.pullPolicy` | The Gitea act runner pullPolicy | `IfNotPresent` |
|
||||
| `actions.statefulset.actRunner.extraVolumeMounts` | Allows mounting extra volumes in the act runner container | `[]` |
|
||||
| `actions.statefulset.actRunner.config` | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` |
|
||||
| `actions.statefulset.dind.repository` | The Docker-in-Docker image | `docker` |
|
||||
| `actions.statefulset.dind.tag` | The Docker-in-Docker image tag | `25.0.2-dind` |
|
||||
| `actions.statefulset.dind.pullPolicy` | The Docker-in-Docker pullPolicy | `IfNotPresent` |
|
||||
| `actions.statefulset.dind.extraVolumeMounts` | Allows mounting extra volumes in the Docker-in-Docker container | `[]` |
|
||||
| `actions.statefulset.dind.extraEnvs` | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY` | `[]` |
|
||||
| `actions.provisioning.enabled` | Create a job that will create and save the token in a Kubernetes Secret | `false` |
|
||||
| `actions.provisioning.annotations` | Job's annotations | `{}` |
|
||||
| `actions.provisioning.labels` | Job's labels | `{}` |
|
||||
| `actions.provisioning.resources` | Job's resources | `{}` |
|
||||
| `actions.provisioning.nodeSelector` | NodeSelector for the job | `{}` |
|
||||
| `actions.provisioning.tolerations` | Tolerations for the job | `[]` |
|
||||
| `actions.provisioning.affinity` | Affinity for the job | `{}` |
|
||||
| `actions.provisioning.ttlSecondsAfterFinished` | ttl for the job after finished in order to allow helm to properly recognize that the job completed | `300` |
|
||||
| `actions.provisioning.publish.repository` | The image that can create the secret via kubectl | `bitnami/kubectl` |
|
||||
| `actions.provisioning.publish.tag` | The publish image tag that can create the secret | `1.29.0` |
|
||||
| `actions.provisioning.publish.pullPolicy` | The publish image pullPolicy that can create the secret | `IfNotPresent` |
|
||||
| `actions.existingSecret` | Secret that contains the token | `""` |
|
||||
| `actions.existingSecretKey` | Secret key | `""` |
|
||||
|
||||
### Gitea
|
||||
|
||||
| Name | Description | Value |
|
||||
|
||||
@ -1,34 +0,0 @@
|
||||
# Gitea Actions
|
||||
|
||||
In order to use the Gitea Actions act-runner you must either:
|
||||
|
||||
- enable persistence (used for automatic deployment to be able to store the token in a place accessible for the Job)
|
||||
- create a secret containing the act runner token and reference it as a `existingSecret`
|
||||
|
||||
In order to use Gitea Actions, you must log on the server that's running Gitea and run the command:
|
||||
`gitea actions generate-runner-token`
|
||||
|
||||
This command will out a token that is needed by the act-runner to register with the Gitea backend.
|
||||
|
||||
Because this is a manual operation, we automated this using a Kubernetes Job using the following containers:
|
||||
|
||||
1) `actions-token-create`: it uses the current `gitea-rootless` image, mounts the persistent directory to `/data/` then it saves the output from `gitea actions generate-runner-token` to `/data/actions/token`
|
||||
2) `actions-token-upload`: it uses a `bitnami/kubectl` image, mounts the scripts directory (`/scripts`) and
|
||||
the persistent directory (`/data/`), and using the script from `/scripts/token.sh` stores the token in a Kubernetes secret
|
||||
|
||||
After the token is stored in a Kubernetes secret we can create the statefulset that contains the following containers:
|
||||
|
||||
1) `act-runner`: authenticates with Gitea using the token that was stored in the secret
|
||||
2) `dind`: DockerInDocker image that is used to run the actions
|
||||
|
||||
If you are not using persistent volumes, you cannot use the Job to automatically generate the token.
|
||||
In this case, you can use either the Web UI to generate the token or run a shell into a Gitea pod and invoke
|
||||
the command `gitea actions generate-runner-token`. After generating the token, you must create a secret and use it via:
|
||||
|
||||
```yaml
|
||||
actions:
|
||||
provisioning:
|
||||
enabled: false
|
||||
existingSecret: "secret-name"
|
||||
existingSecretKey: "secret-key"
|
||||
```
|
||||
@ -345,9 +345,6 @@ https
|
||||
{{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}}
|
||||
{{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}}
|
||||
{{- end -}}
|
||||
{{- if not .Values.gitea.config.actions.ENABLED -}}
|
||||
{{- $_ := set .Values.gitea.config.actions "ENABLED" (ternary "true" "false" .Values.actions.enabled) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.inline_configuration.defaults.server" -}}
|
||||
@ -367,9 +364,6 @@ https
|
||||
{{- if not .Values.gitea.config.server.ROOT_URL -}}
|
||||
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" (include "gitea.public_protocol" .) .Values.gitea.config.server.DOMAIN) -}}
|
||||
{{- end -}}
|
||||
{{- if .Values.actions.enabled -}}
|
||||
{{- $_ := set .Values.gitea.config.server "LOCAL_ROOT_URL" (include "gitea.act_runner.local_root_url" .) -}}
|
||||
{{- end -}}
|
||||
{{- if not .Values.gitea.config.server.SSH_DOMAIN -}}
|
||||
{{- $_ := set .Values.gitea.config.server "SSH_DOMAIN" .Values.gitea.config.server.DOMAIN -}}
|
||||
{{- end -}}
|
||||
|
||||
@ -1,15 +0,0 @@
|
||||
{{- if .Values.actions.enabled -}}
|
||||
{{- if .Values.actions.provisioning.enabled -}}
|
||||
{{- if not (and .Values.persistence.enabled .Values.persistence.mount) -}}
|
||||
{{- fail "persistence.enabled and persistence.mount are required when provisioning is enabled" -}}
|
||||
{{- end -}}
|
||||
{{- if and .Values.persistence.enabled .Values.persistence.mount -}}
|
||||
{{- if .Values.actions.existingSecret -}}
|
||||
{{- fail "Can't specify both actions.provisioning.enabled and actions.existingSecret" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if and (not .Values.actions.provisioning.enabled) (or (empty .Values.actions.existingSecret) (empty .Values.actions.existingSecretKey)) -}}
|
||||
{{- fail "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@ -1,15 +0,0 @@
|
||||
{{- if .Values.actions.enabled }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "gitea.fullname" . }}-act-runner-config
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
data:
|
||||
config.yaml: |
|
||||
{{- with .Values.actions.statefulset.actRunner.config -}}
|
||||
{{ . | nindent 4}}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
@ -1,14 +0,0 @@
|
||||
{{- if .Values.actions.enabled }}
|
||||
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "gitea.fullname" . }}-scripts
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
data:
|
||||
{{ (.Files.Glob "scripts/act_runner/*.sh").AsConfig | indent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@ -1,115 +0,0 @@
|
||||
{{- if .Values.actions.enabled }}
|
||||
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
|
||||
{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
|
||||
{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ $name }}
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
{{- with .Values.actions.provisioning.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/component: token-job
|
||||
annotations:
|
||||
{{- with .Values.actions.provisioning.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
ttlSecondsAfterFinished: {{ .Values.actions.provisioning.ttlSecondsAfterFinished }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 8 }}
|
||||
{{- with .Values.actions.provisioning.labels }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/component: token-job
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-gitea
|
||||
image: "{{ .Values.actions.init.image.repository }}:{{ .Values.actions.init.image.tag }}"
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
while ! nc -z {{ include "gitea.fullname" . }}-http {{ .Values.service.http.port }}; do
|
||||
sleep 5
|
||||
done
|
||||
containers:
|
||||
- name: actions-token-create
|
||||
image: "{{ include "gitea.image" . }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
env:
|
||||
- name: GITEA_APP_INI
|
||||
value: /data/gitea/conf/app.ini
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
echo "Generating act_runner token via 'gitea actions generate-runner-token'..."
|
||||
mkdir -p /data/actions/
|
||||
gitea actions generate-runner-token | grep -E '^.{40}$' | tr -d '\n' > /data/actions/token
|
||||
resources:
|
||||
{{- toYaml .Values.actions.provisioning.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
{{- if .Values.persistence.subPath }}
|
||||
subPath: {{ .Values.persistence.subPath }}
|
||||
{{- end }}
|
||||
- name: actions-token-upload
|
||||
image: "{{ .Values.actions.provisioning.publish.repository }}:{{ .Values.actions.provisioning.publish.tag }}"
|
||||
imagePullPolicy: {{ .Values.actions.provisioning.publish.pullPolicy }}
|
||||
env:
|
||||
- name: SECRET_NAME
|
||||
value: {{ $secretName }}
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
printf "Checking rights to update kubernetes act_runner secret..."
|
||||
kubectl auth can-i update secret/${SECRET_NAME}
|
||||
/scripts/token.sh
|
||||
resources:
|
||||
{{- toYaml .Values.actions.provisioning.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
- mountPath: /scripts
|
||||
name: scripts
|
||||
readOnly: true
|
||||
- mountPath: /data
|
||||
name: data
|
||||
readOnly: true
|
||||
{{- if .Values.persistence.subPath }}
|
||||
subPath: {{ .Values.persistence.subPath }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.actions.provisioning.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.actions.provisioning.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.actions.provisioning.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
restartPolicy: Never
|
||||
serviceAccount: {{ $name }}
|
||||
volumes:
|
||||
- name: scripts
|
||||
configMap:
|
||||
name: {{ include "gitea.fullname" . }}-scripts
|
||||
defaultMode: 0755
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .Values.persistence.claimName }}
|
||||
parallelism: 1
|
||||
completions: 1
|
||||
backoffLimit: 1
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@ -1,26 +0,0 @@
|
||||
{{- if .Values.actions.enabled }}
|
||||
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
|
||||
{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
|
||||
{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ $name }}
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: token-job
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
resourceNames:
|
||||
- {{ $secretName }}
|
||||
verbs:
|
||||
- get
|
||||
- update
|
||||
- patch
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@ -1,23 +0,0 @@
|
||||
{{- if .Values.actions.enabled }}
|
||||
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
|
||||
{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
|
||||
{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ $name }}
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: token-job
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ $name }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ $name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@ -1,20 +0,0 @@
|
||||
{{- if .Values.actions.enabled }}
|
||||
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
|
||||
{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
|
||||
{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: token-job
|
||||
{{ $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) -}}
|
||||
{{ if $secret -}}
|
||||
data:
|
||||
token: {{ (b64dec (index $secret.data "token")) | b64enc }}
|
||||
{{ end -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@ -1,14 +0,0 @@
|
||||
{{- if .Values.actions.enabled }}
|
||||
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
|
||||
{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ $name }}
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: token-job
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@ -1,129 +0,0 @@
|
||||
{{- if .Values.actions.enabled }}
|
||||
{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "gitea.labels.actRunner" . | nindent 4 }}
|
||||
{{- with .Values.actions.statefulset.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
{{- with .Values.actions.statefulset.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "gitea.fullname" . }}-act-runner
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "gitea.selectorLabels.actRunner" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
checksum/config: {{ include (print $.Template.BasePath "/gitea/act_runner/config-act-runner.yaml") . | sha256sum }}
|
||||
labels:
|
||||
{{- include "gitea.labels.actRunner" . | nindent 8 }}
|
||||
{{- with .Values.actions.statefulset.labels }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-gitea
|
||||
image: "{{ .Values.actions.init.image.repository }}:{{ .Values.actions.init.image.tag }}"
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
while ! nc -z {{ include "gitea.fullname" . }}-http {{ .Values.service.http.port }}; do
|
||||
sleep 5
|
||||
done
|
||||
containers:
|
||||
- name: act-runner
|
||||
image: "{{ .Values.actions.statefulset.actRunner.repository }}:{{ .Values.actions.statefulset.actRunner.tag }}"
|
||||
imagePullPolicy: {{ .Values.actions.statefulset.actRunner.pullPolicy }}
|
||||
workingDir: /data
|
||||
env:
|
||||
- name: DOCKER_HOST
|
||||
value: tcp://127.0.0.1:2376
|
||||
- name: DOCKER_TLS_VERIFY
|
||||
value: "1"
|
||||
- name: DOCKER_CERT_PATH
|
||||
value: /certs/server
|
||||
- name: GITEA_RUNNER_REGISTRATION_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.actions.existingSecret | default $secretName }}"
|
||||
key: "{{ .Values.actions.existingSecretKey | default "token" }}"
|
||||
- name: GITEA_INSTANCE_URL
|
||||
value: {{ include "gitea.act_runner.local_root_url" . }}
|
||||
- name: CONFIG_FILE
|
||||
value: /actrunner/config.yaml
|
||||
resources:
|
||||
{{- toYaml .Values.actions.statefulset.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
- mountPath: /actrunner/config.yaml
|
||||
name: act-runner-config
|
||||
subPath: config.yaml
|
||||
- mountPath: /certs/server
|
||||
name: docker-certs
|
||||
- mountPath: /data
|
||||
name: data-act-runner
|
||||
{{- with .Values.actions.statefulset.actRunner.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
- name: dind
|
||||
image: "{{ .Values.actions.statefulset.dind.repository }}:{{ .Values.actions.statefulset.dind.tag }}"
|
||||
imagePullPolicy: {{ .Values.actions.statefulset.dind.pullPolicy }}
|
||||
env:
|
||||
- name: DOCKER_HOST
|
||||
value: tcp://127.0.0.1:2376
|
||||
- name: DOCKER_TLS_VERIFY
|
||||
value: "1"
|
||||
- name: DOCKER_CERT_PATH
|
||||
value: /certs/server
|
||||
{{- if .Values.actions.statefulset.dind.extraEnvs }}
|
||||
{{- toYaml .Values.actions.statefulset.dind.extraEnvs | nindent 12 }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
privileged: true
|
||||
resources:
|
||||
{{- toYaml .Values.actions.statefulset.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
- mountPath: /certs/server
|
||||
name: docker-certs
|
||||
{{- with .Values.actions.statefulset.dind.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.actions.statefulset.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.actions.statefulset.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.actions.statefulset.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: act-runner-config
|
||||
configMap:
|
||||
name: {{ include "gitea.fullname" . }}-act-runner-config
|
||||
- name: docker-certs
|
||||
emptyDir: {}
|
||||
{{- with .Values.actions.statefulset.extraVolumes }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: data-act-runner
|
||||
spec:
|
||||
accessModes: [ "ReadWriteOnce" ]
|
||||
{{- include "gitea.persistence.storageClass" . | nindent 8 }}
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Mi
|
||||
{{- end }}
|
||||
@ -1,69 +0,0 @@
|
||||
suite: actions template | consistency checks
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/act_runner/01-consistency-checks.yaml
|
||||
tests:
|
||||
- it: fails when provisioning is enabled BUT persistence is completely disabled
|
||||
set:
|
||||
persistence:
|
||||
enabled: false
|
||||
actions:
|
||||
enabled: true
|
||||
provisioning:
|
||||
enabled: true
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "persistence.enabled and persistence.mount are required when provisioning is enabled"
|
||||
- it: fails when provisioning is enabled BUT mount is disabled, although persistence is enabled
|
||||
set:
|
||||
persistence:
|
||||
enabled: true
|
||||
mount: false
|
||||
actions:
|
||||
enabled: true
|
||||
provisioning:
|
||||
enabled: true
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "persistence.enabled and persistence.mount are required when provisioning is enabled"
|
||||
- it: fails when provisioning is enabled AND existingSecret is given
|
||||
set:
|
||||
actions:
|
||||
enabled: true
|
||||
provisioning:
|
||||
enabled: true
|
||||
existingSecret: "secret-reference"
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "Can't specify both actions.provisioning.enabled and actions.existingSecret"
|
||||
- it: fails when provisioning is disabled BUT existingSecret and existingSecretKey are missing
|
||||
set:
|
||||
actions:
|
||||
enabled: true
|
||||
provisioning:
|
||||
enabled: false
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled"
|
||||
- it: fails when provisioning is disabled BUT existingSecretKey is missing
|
||||
set:
|
||||
actions:
|
||||
enabled: true
|
||||
provisioning:
|
||||
enabled: false
|
||||
existingSecret: "my-secret"
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled"
|
||||
- it: fails when provisioning is disabled BUT existingSecret is missing
|
||||
set:
|
||||
actions:
|
||||
enabled: true
|
||||
provisioning:
|
||||
enabled: false
|
||||
existingSecretKey: "my-secret-key"
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled"
|
||||
@ -1,45 +0,0 @@
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
|
||||
suite: actions template | config-act-runner
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/act_runner/config-act-runner.yaml
|
||||
tests:
|
||||
- it: doesn't renders a ConfigMap by default
|
||||
template: templates/gitea/act_runner/config-act-runner.yaml
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
- it: renders a ConfigMap
|
||||
template: templates/gitea/act_runner/config-act-runner.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: true
|
||||
statefulset:
|
||||
actRunner:
|
||||
config: |
|
||||
log:
|
||||
level: info
|
||||
cache:
|
||||
enabled: false
|
||||
runner:
|
||||
labels:
|
||||
- "ubuntu-latest"
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
kind: ConfigMap
|
||||
apiVersion: v1
|
||||
name: gitea-unittests-act-runner-config
|
||||
- equal:
|
||||
path: data["config.yaml"]
|
||||
value: |
|
||||
log:
|
||||
level: info
|
||||
cache:
|
||||
enabled: false
|
||||
runner:
|
||||
labels:
|
||||
- "ubuntu-latest"
|
||||
@ -1,49 +0,0 @@
|
||||
suite: actions template | config-scripts
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/act_runner/config-scripts.yaml
|
||||
tests:
|
||||
- it: renders a ConfigMap when all criteria are met
|
||||
template: templates/gitea/act_runner/config-scripts.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: true
|
||||
provisioning:
|
||||
enabled: true
|
||||
persistence:
|
||||
enabled: true
|
||||
mount: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
kind: ConfigMap
|
||||
apiVersion: v1
|
||||
name: gitea-unittests-scripts
|
||||
- isNotNullOrEmpty:
|
||||
path: data["token.sh"]
|
||||
- it: doesn't renders a ConfigMap by default
|
||||
template: templates/gitea/act_runner/config-scripts.yaml
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
- it: doesn't renders a ConfigMap with disabled actions but enabled provisioning
|
||||
template: templates/gitea/act_runner/config-scripts.yaml
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
- it: doesn't renders a ConfigMap with disabled actions but otherwise met criteria
|
||||
template: templates/gitea/act_runner/config-scripts.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: false
|
||||
provisioning:
|
||||
enabled: true
|
||||
persistence:
|
||||
enabled: true
|
||||
mount: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
@ -1,65 +0,0 @@
|
||||
suite: actions template | job
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
chart:
|
||||
# Override appVersion to have a pinned version for comparison
|
||||
appVersion: 1.19.3
|
||||
templates:
|
||||
- templates/gitea/act_runner/job.yaml
|
||||
tests:
|
||||
- it: renders a Job
|
||||
template: templates/gitea/act_runner/job.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: true
|
||||
provisioning:
|
||||
enabled: true
|
||||
persistence:
|
||||
enabled: true
|
||||
mount: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
kind: Job
|
||||
apiVersion: batch/v1
|
||||
name: gitea-unittests-actions-token-job
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: "docker.gitea.com/gitea:1.19.3-rootless"
|
||||
- it: tag override
|
||||
template: templates/gitea/act_runner/job.yaml
|
||||
set:
|
||||
image.tag: "1.19.4"
|
||||
actions:
|
||||
enabled: true
|
||||
provisioning:
|
||||
enabled: true
|
||||
publish:
|
||||
tag: "1.29.0"
|
||||
persistence:
|
||||
enabled: true
|
||||
mount: true
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: "docker.gitea.com/gitea:1.19.4-rootless"
|
||||
- equal:
|
||||
path: spec.template.spec.containers[1].image
|
||||
value: "bitnami/kubectl:1.29.0"
|
||||
- it: doesn't renders a Job by default
|
||||
template: templates/gitea/act_runner/job.yaml
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
- it: doesn't renders a Job when provisioning is enabled BUT actions are not enabled
|
||||
template: templates/gitea/act_runner/job.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: false
|
||||
provisioning:
|
||||
enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
@ -1,42 +0,0 @@
|
||||
suite: actions template | role-job
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/act_runner/role-job.yaml
|
||||
tests:
|
||||
- it: doesn't renders a Role by default
|
||||
template: templates/gitea/act_runner/role-job.yaml
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
- it: renders a Role
|
||||
template: templates/gitea/act_runner/role-job.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: true
|
||||
provisioning:
|
||||
enabled: true
|
||||
persistence:
|
||||
enabled: true
|
||||
mount: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
kind: Role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
name: gitea-unittests-actions-token-job
|
||||
- it: doesn't renders a Role when criteria met BUT actions are not enabled
|
||||
template: templates/gitea/act_runner/role-job.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: false
|
||||
provisioning:
|
||||
enabled: true
|
||||
persistence:
|
||||
enabled: true
|
||||
mount: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
@ -1,42 +0,0 @@
|
||||
suite: actions template | rolebinding-job
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/act_runner/rolebinding-job.yaml
|
||||
tests:
|
||||
- it: doesn't renders a RoleBinding by default
|
||||
template: templates/gitea/act_runner/rolebinding-job.yaml
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
- it: renders a RoleBinding
|
||||
template: templates/gitea/act_runner/rolebinding-job.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: true
|
||||
provisioning:
|
||||
enabled: true
|
||||
persistence:
|
||||
enabled: true
|
||||
mount: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
name: gitea-unittests-actions-token-job
|
||||
- it: doesn't renders a RoleBinding when criteria met BUT actions are not enabled
|
||||
template: templates/gitea/act_runner/rolebinding-job.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: false
|
||||
provisioning:
|
||||
enabled: true
|
||||
persistence:
|
||||
enabled: true
|
||||
mount: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
@ -1,42 +0,0 @@
|
||||
suite: actions template | secret-token
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/act_runner/secret-token.yaml
|
||||
tests:
|
||||
- it: doesn't renders a Secret by default
|
||||
template: templates/gitea/act_runner/secret-token.yaml
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
- it: renders a Secret
|
||||
template: templates/gitea/act_runner/secret-token.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: true
|
||||
provisioning:
|
||||
enabled: true
|
||||
persistence:
|
||||
enabled: true
|
||||
mount: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
kind: Secret
|
||||
apiVersion: v1
|
||||
name: gitea-unittests-actions-token
|
||||
- it: doesn't renders a Secret when criteria met BUT actions are not enabled
|
||||
template: templates/gitea/act_runner/secret-token.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: false
|
||||
provisioning:
|
||||
enabled: true
|
||||
persistence:
|
||||
enabled: true
|
||||
mount: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
@ -1,42 +0,0 @@
|
||||
suite: actions template | serviceaccount-job
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/act_runner/serviceaccount-job.yaml
|
||||
tests:
|
||||
- it: doesn't renders a ServiceAccount by default
|
||||
template: templates/gitea/act_runner/serviceaccount-job.yaml
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
- it: renders a ServiceAccount
|
||||
template: templates/gitea/act_runner/serviceaccount-job.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: true
|
||||
provisioning:
|
||||
enabled: true
|
||||
persistence:
|
||||
enabled: true
|
||||
mount: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
kind: ServiceAccount
|
||||
apiVersion: v1
|
||||
name: gitea-unittests-actions-token-job
|
||||
- it: doesn't renders a ServiceAccount when criteria met BUT actions are not enabled
|
||||
template: templates/gitea/act_runner/serviceaccount-job.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: false
|
||||
provisioning:
|
||||
enabled: true
|
||||
persistence:
|
||||
enabled: true
|
||||
mount: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
@ -1,182 +0,0 @@
|
||||
suite: actions template | statefulset
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/act_runner/statefulset.yaml
|
||||
- templates/gitea/act_runner/config-act-runner.yaml
|
||||
tests:
|
||||
- it: doesn't renders a StatefulSet by default
|
||||
template: templates/gitea/act_runner/statefulset.yaml
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
- it: renders a StatefulSet (with given existingSecret/existingSecretKey)
|
||||
template: templates/gitea/act_runner/statefulset.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: true
|
||||
existingSecret: "my-secret"
|
||||
existingSecretKey: "my-secret-key"
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
kind: StatefulSet
|
||||
apiVersion: apps/v1
|
||||
name: gitea-unittests-act-runner
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].env[3]
|
||||
value:
|
||||
name: GITEA_RUNNER_REGISTRATION_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "my-secret"
|
||||
key: "my-secret-key"
|
||||
- it: renders a StatefulSet (with secret reference defaults for enabled provisioning)
|
||||
template: templates/gitea/act_runner/statefulset.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: true
|
||||
provisioning:
|
||||
enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
kind: StatefulSet
|
||||
apiVersion: apps/v1
|
||||
name: gitea-unittests-act-runner
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].env[3]
|
||||
value:
|
||||
name: GITEA_RUNNER_REGISTRATION_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "gitea-unittests-actions-token"
|
||||
key: "token"
|
||||
- it: renders a StatefulSet (that tracks changes of the runner configuration as annotation)
|
||||
template: templates/gitea/act_runner/statefulset.yaml
|
||||
set:
|
||||
image.tag: "1.22.3" # lock image tag to prevent test failures on future Gitea upgrades
|
||||
actions:
|
||||
enabled: true
|
||||
existingSecret: "my-secret"
|
||||
existingSecretKey: "my-secret-key"
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
kind: StatefulSet
|
||||
apiVersion: apps/v1
|
||||
name: gitea-unittests-act-runner
|
||||
- equal:
|
||||
path: spec.template.metadata.annotations["checksum/config"]
|
||||
value: "2a2200e80fc29111d18b675789c265cd3d5f917754850f946f1ce3c55dcd65f8"
|
||||
- it: renders a StatefulSet (with correct GITEA_INSTANCE_URL env with default act-runner specific LOCAL_ROOT_URL)
|
||||
template: templates/gitea/act_runner/statefulset.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: true
|
||||
existingSecret: "my-secret"
|
||||
existingSecretKey: "my-secret-key"
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
kind: StatefulSet
|
||||
apiVersion: apps/v1
|
||||
name: gitea-unittests-act-runner
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].env[4]
|
||||
value:
|
||||
name: GITEA_INSTANCE_URL
|
||||
value: "http://gitea-unittests-http:3000"
|
||||
- it: renders a StatefulSet (with correct GITEA_INSTANCE_URL env from customized LOCAL_ROOT_URL)
|
||||
template: templates/gitea/act_runner/statefulset.yaml
|
||||
set:
|
||||
gitea.config.server.LOCAL_ROOT_URL: "http://git.example.com"
|
||||
actions:
|
||||
enabled: true
|
||||
existingSecret: "my-secret"
|
||||
existingSecretKey: "my-secret-key"
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
kind: StatefulSet
|
||||
apiVersion: apps/v1
|
||||
name: gitea-unittests-act-runner
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].env[4]
|
||||
value:
|
||||
name: GITEA_INSTANCE_URL
|
||||
value: "http://git.example.com"
|
||||
- it: allows adding custom environment variables to the docker-in-docker container
|
||||
template: templates/gitea/act_runner/statefulset.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: true
|
||||
statefulset:
|
||||
dind:
|
||||
extraEnvs:
|
||||
- name: "CUSTOM_ENV_NAME"
|
||||
value: "custom env value"
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[1].env[3]
|
||||
value:
|
||||
name: "CUSTOM_ENV_NAME"
|
||||
value: "custom env value"
|
||||
- it: should mount an extra volume in the act runner container
|
||||
template: templates/gitea/act_runner/statefulset.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: true
|
||||
statefulset:
|
||||
extraVolumes:
|
||||
- name: my-act-runner-volume
|
||||
emptyDir: {}
|
||||
actRunner:
|
||||
extraVolumeMounts:
|
||||
- mountPath: /mnt
|
||||
name: my-act-runner-volume
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
kind: StatefulSet
|
||||
apiVersion: apps/v1
|
||||
name: gitea-unittests-act-runner
|
||||
- contains:
|
||||
any: true
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
mountPath: /mnt
|
||||
name: my-act-runner-volume
|
||||
- it: should mount an extra volume in the docker-in-docker container
|
||||
template: templates/gitea/act_runner/statefulset.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: true
|
||||
statefulset:
|
||||
extraVolumes:
|
||||
- name: my-dind-volume
|
||||
emptyDir: {}
|
||||
dind:
|
||||
extraVolumeMounts:
|
||||
- mountPath: /mnt
|
||||
name: my-dind-volume
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
kind: StatefulSet
|
||||
apiVersion: apps/v1
|
||||
name: gitea-unittests-act-runner
|
||||
- contains:
|
||||
any: true
|
||||
path: spec.template.spec.containers[1].volumeMounts
|
||||
content:
|
||||
mountPath: /mnt
|
||||
name: my-dind-volume
|
||||
@ -1,61 +0,0 @@
|
||||
suite: config template | actions config
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/config.yaml
|
||||
tests:
|
||||
- it: "actions are not enabled by default"
|
||||
template: templates/gitea/config.yaml
|
||||
asserts:
|
||||
- documentIndex: 0
|
||||
equal:
|
||||
path: stringData.actions
|
||||
value: |-
|
||||
ENABLED=false
|
||||
|
||||
- it: "actions can be enabled via inline config"
|
||||
template: templates/gitea/config.yaml
|
||||
set:
|
||||
gitea.config.actions.ENABLED: true
|
||||
asserts:
|
||||
- documentIndex: 0
|
||||
equal:
|
||||
path: stringData.actions
|
||||
value: |-
|
||||
ENABLED=true
|
||||
|
||||
- it: "actions can be enabled via dedicated values object"
|
||||
template: templates/gitea/config.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: true
|
||||
asserts:
|
||||
- documentIndex: 0
|
||||
equal:
|
||||
path: stringData.actions
|
||||
value: |-
|
||||
ENABLED=true
|
||||
|
||||
- it: "defines LOCAL_ROOT_URL when actions are enabled"
|
||||
template: templates/gitea/config.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: true
|
||||
asserts:
|
||||
- documentIndex: 0
|
||||
matchRegex:
|
||||
path: stringData.server
|
||||
pattern: \nLOCAL_ROOT_URL=http://gitea-unittests-http:3000
|
||||
|
||||
- it: "respects custom LOCAL_ROOT_URL, even when actions are enabled"
|
||||
template: templates/gitea/config.yaml
|
||||
set:
|
||||
actions:
|
||||
enabled: true
|
||||
gitea.config.server.LOCAL_ROOT_URL: "http://git.example.com"
|
||||
asserts:
|
||||
- documentIndex: 0
|
||||
matchRegex:
|
||||
path: stringData.server
|
||||
pattern: \nLOCAL_ROOT_URL=http://git.example.com
|
||||
101
values.yaml
101
values.yaml
@ -348,107 +348,6 @@ signing:
|
||||
# -----END PGP PRIVATE KEY BLOCK-----
|
||||
existingSecret: ""
|
||||
|
||||
# Configure Gitea Actions
|
||||
# - must enable persistence if the job is enabled
|
||||
## @section Gitea Actions
|
||||
#
|
||||
## @param actions.enabled Create an act runner StatefulSet.
|
||||
## @param actions.init.image.repository The image used for the init containers
|
||||
## @param actions.init.image.tag The image tag used for the init containers
|
||||
## @param actions.statefulset.annotations Act runner annotations
|
||||
## @param actions.statefulset.labels Act runner labels
|
||||
## @param actions.statefulset.resources Act runner resources
|
||||
## @param actions.statefulset.nodeSelector NodeSelector for the statefulset
|
||||
## @param actions.statefulset.tolerations Tolerations for the statefulset
|
||||
## @param actions.statefulset.affinity Affinity for the statefulset
|
||||
## @param actions.statefulset.extraVolumes Extra volumes for the statefulset
|
||||
## @param actions.statefulset.actRunner.repository The Gitea act runner image
|
||||
## @param actions.statefulset.actRunner.tag The Gitea act runner tag
|
||||
## @param actions.statefulset.actRunner.pullPolicy The Gitea act runner pullPolicy
|
||||
## @param actions.statefulset.actRunner.extraVolumeMounts Allows mounting extra volumes in the act runner container
|
||||
## @param actions.statefulset.actRunner.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details.
|
||||
## @param actions.statefulset.dind.repository The Docker-in-Docker image
|
||||
## @param actions.statefulset.dind.tag The Docker-in-Docker image tag
|
||||
## @param actions.statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy
|
||||
## @param actions.statefulset.dind.extraVolumeMounts Allows mounting extra volumes in the Docker-in-Docker container
|
||||
## @param actions.statefulset.dind.extraEnvs Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`
|
||||
## @param actions.provisioning.enabled Create a job that will create and save the token in a Kubernetes Secret
|
||||
## @param actions.provisioning.annotations Job's annotations
|
||||
## @param actions.provisioning.labels Job's labels
|
||||
## @param actions.provisioning.resources Job's resources
|
||||
## @param actions.provisioning.nodeSelector NodeSelector for the job
|
||||
## @param actions.provisioning.tolerations Tolerations for the job
|
||||
## @param actions.provisioning.affinity Affinity for the job
|
||||
## @param actions.provisioning.ttlSecondsAfterFinished ttl for the job after finished in order to allow helm to properly recognize that the job completed
|
||||
## @param actions.provisioning.publish.repository The image that can create the secret via kubectl
|
||||
## @param actions.provisioning.publish.tag The publish image tag that can create the secret
|
||||
## @param actions.provisioning.publish.pullPolicy The publish image pullPolicy that can create the secret
|
||||
## @param actions.existingSecret Secret that contains the token
|
||||
## @param actions.existingSecretKey Secret key
|
||||
actions:
|
||||
enabled: false
|
||||
statefulset:
|
||||
annotations: {}
|
||||
labels: {}
|
||||
resources: {}
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
extraVolumes: []
|
||||
|
||||
actRunner:
|
||||
repository: gitea/act_runner
|
||||
tag: 0.2.11
|
||||
pullPolicy: IfNotPresent
|
||||
extraVolumeMounts: []
|
||||
|
||||
# See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
|
||||
config: |
|
||||
log:
|
||||
level: debug
|
||||
cache:
|
||||
enabled: false
|
||||
|
||||
dind:
|
||||
repository: docker
|
||||
tag: 25.0.2-dind
|
||||
pullPolicy: IfNotPresent
|
||||
extraVolumeMounts: []
|
||||
|
||||
# If the container keeps crashing in your environment, you might have to add the `DOCKER_IPTABLES_LEGACY` environment variable.
|
||||
# See https://github.com/docker-library/docker/issues/463#issuecomment-1881909456
|
||||
extraEnvs: []
|
||||
# - name: "DOCKER_IPTABLES_LEGACY"
|
||||
# value: "1"
|
||||
|
||||
init:
|
||||
image:
|
||||
repository: busybox
|
||||
# Overrides the image tag whose default is the chart appVersion.
|
||||
tag: "1.37.0"
|
||||
|
||||
provisioning:
|
||||
enabled: false
|
||||
|
||||
annotations: {}
|
||||
labels: {}
|
||||
resources: {}
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
|
||||
publish:
|
||||
repository: bitnami/kubectl
|
||||
tag: 1.29.0
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
ttlSecondsAfterFinished: 300
|
||||
|
||||
## Specify an existing token secret
|
||||
##
|
||||
existingSecret: ""
|
||||
existingSecretKey: ""
|
||||
|
||||
## @section Gitea
|
||||
#
|
||||
gitea:
|
||||
|
||||
Reference in New Issue
Block a user