From 07633d08bb9a7b7c3c67fdd7b1fe0178fe2a615c Mon Sep 17 00:00:00 2001 From: dementhorr Date: Fri, 12 Jan 2024 20:27:02 +0100 Subject: [PATCH] Fixed mistakes --- scripts/token.sh | 6 ++-- templates/_helpers.tpl | 14 +++++++++ .../config-act-runner.yaml | 9 +++++- .../config-scripts.yaml | 3 -- .../gitea/{actions => act_runner}/job.yaml | 25 ++++++++------- .../{actions => act_runner}/role-job.yaml | 3 -- .../rolebinding-job.yaml | 3 -- .../{actions => act_runner}/secret-token.yaml | 5 --- .../serviceaccount-job.yaml | 3 -- .../{actions => act_runner}/statefulset.yaml | 31 +++++++------------ unittests/actions/config-act-runner.yaml | 2 +- values.yaml | 13 +++++--- 12 files changed, 61 insertions(+), 56 deletions(-) rename templates/gitea/{actions => act_runner}/config-act-runner.yaml (62%) rename templates/gitea/{actions => act_runner}/config-scripts.yaml (77%) rename templates/gitea/{actions => act_runner}/job.yaml (83%) rename templates/gitea/{actions => act_runner}/role-job.yaml (86%) rename templates/gitea/{actions => act_runner}/rolebinding-job.yaml (87%) rename templates/gitea/{actions => act_runner}/secret-token.yaml (78%) rename templates/gitea/{actions => act_runner}/serviceaccount-job.yaml (79%) rename templates/gitea/{actions => act_runner}/statefulset.yaml (74%) diff --git a/scripts/token.sh b/scripts/token.sh index 8186ddd..cbb2ebd 100644 --- a/scripts/token.sh +++ b/scripts/token.sh @@ -2,6 +2,8 @@ set -eu +timeout_delay=15 + check_token() { set +e @@ -15,7 +17,7 @@ check_token() { create_token() { echo "Waiting for new token to be generated..." begin=$(date +%s) - end=$((begin + 300)) # 5 minutes + end=$((begin + timeout_delay)) while true; do [ -f /data/actions/token ] && return 0 [ "$(date +%s)" -gt $end ] && return 1 @@ -34,7 +36,7 @@ if check_token; then fi if ! create_token; then - echo "Timed out waiting for a token to appear." + echo "Checking for an existing act runner token in secret $SECRET_NAME timed out after $timeout_delay" exit 1 fi diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index f000723..392e306 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -100,6 +100,15 @@ version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} +{{- define "gitea.labels.actRunner" -}} +helm.sh/chart: {{ include "gitea.chart" . }} +app: {{ include "gitea.name" . }}-act-runner +{{ include "gitea.selectorLabels.actRunner" . }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + {{/* Selector labels */}} @@ -108,6 +117,11 @@ app.kubernetes.io/name: {{ include "gitea.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} +{{- define "gitea.selectorLabels.actRunner" -}} +app.kubernetes.io/name: {{ include "gitea.name" . }}-act-runner +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + {{- define "postgresql-ha.dns" -}} {{- if (index .Values "postgresql-ha").enabled -}} {{- printf "%s-postgresql-ha-pgpool.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}} diff --git a/templates/gitea/actions/config-act-runner.yaml b/templates/gitea/act_runner/config-act-runner.yaml similarity index 62% rename from templates/gitea/actions/config-act-runner.yaml rename to templates/gitea/act_runner/config-act-runner.yaml index 6f9423c..091f200 100644 --- a/templates/gitea/actions/config-act-runner.yaml +++ b/templates/gitea/act_runner/config-act-runner.yaml @@ -7,9 +7,16 @@ metadata: labels: {{- include "gitea.labels" . | nindent 4 }} data: + {{- if .Values.actions.statefulset.config }} + config.yaml: | + {{- with .Values.actions.statefulset.config -}} + {{ . | nindent 4}} + {{- end -}} + {{- else }} config.yaml: | log: level: debug cache: - enabled: false + enabled: false + {{- end }} {{- end }} diff --git a/templates/gitea/actions/config-scripts.yaml b/templates/gitea/act_runner/config-scripts.yaml similarity index 77% rename from templates/gitea/actions/config-scripts.yaml rename to templates/gitea/act_runner/config-scripts.yaml index cbe5cdc..17d9bba 100644 --- a/templates/gitea/actions/config-scripts.yaml +++ b/templates/gitea/act_runner/config-scripts.yaml @@ -6,9 +6,6 @@ metadata: name: {{ include "gitea.fullname" . }}-scripts labels: {{- include "gitea.labels" . | nindent 4 }} - annotations: - # helm.sh/hook: post-install - # helm.sh/hook-delete-policy: hook-succeeded data: {{ (.Files.Glob "scripts/*.sh").AsConfig | indent 2 }} {{- end }} diff --git a/templates/gitea/actions/job.yaml b/templates/gitea/act_runner/job.yaml similarity index 83% rename from templates/gitea/actions/job.yaml rename to templates/gitea/act_runner/job.yaml index 4173f28..2814ffc 100644 --- a/templates/gitea/actions/job.yaml +++ b/templates/gitea/act_runner/job.yaml @@ -12,9 +12,6 @@ metadata: labels: {{- include "gitea.labels" . | nindent 4 }} app.kubernetes.io/component: token-job - annotations: - # helm.sh/hook: post-install - # helm.sh/hook-delete-policy: hook-succeeded {{- with .Values.actions.job.annotations }} {{- toYaml . | nindent 4 }} {{- end }} @@ -26,9 +23,19 @@ spec: {{- include "gitea.labels" . | nindent 8 }} app.kubernetes.io/component: token-job spec: + initContainers: + - name: init-gitea + image: busybox:1.36.1 + command: + - sh + - -c + - | + while ! nc -z {{ include "gitea.fullname" . }}-http {{ .Values.service.http.port }}; do + sleep 5 + done containers: - name: actions-token-create - image: "{{ .Values.actions.job.tokenImage.repository }}:{{ .Values.actions.job.tokenImage.tag | default "latest-rootless" }}" + image: "{{ .Values.actions.job.tokenImage.repository }}:{{ .Values.actions.job.tokenImage.tag | default (printf "%s-rootless" .Chart.AppVersion) }}" imagePullPolicy: {{ .Values.actions.job.tokenImage.pullPolicy }} env: - name: GITEA_APP_INI @@ -37,11 +44,7 @@ spec: - sh - -c - | - while ! nc -z gitea-http 3000; do - sleep 5 - done - - echo "Generating token..." + echo "Generating act_runner token via 'gitea actions generate-runner-token'..." mkdir -p /data/actions/ gitea actions generate-runner-token | grep -E '^.{40}$' | tr -d '\n' > /data/actions/token resources: @@ -53,7 +56,7 @@ spec: subPath: {{ .Values.persistence.subPath }} {{- end }} - name: actions-token-upload - image: "{{ .Values.actions.job.publishImage.repository }}:{{ .Values.actions.job.publishImage.tag | default "latest" }}" + image: "{{ .Values.actions.job.publishImage.repository }}:{{ .Values.actions.job.publishImage.tag }}" imagePullPolicy: {{ .Values.actions.job.publishImage.pullPolicy }} env: - name: SECRET_NAME @@ -62,7 +65,7 @@ spec: - sh - -c - | - printf "Checking rights to update secret... " + printf "Checking rights to update kubernetes act_runner secret..." kubectl auth can-i update secret/${SECRET_NAME} /scripts/token.sh resources: diff --git a/templates/gitea/actions/role-job.yaml b/templates/gitea/act_runner/role-job.yaml similarity index 86% rename from templates/gitea/actions/role-job.yaml rename to templates/gitea/act_runner/role-job.yaml index 6f4ab74..9b838b5 100644 --- a/templates/gitea/actions/role-job.yaml +++ b/templates/gitea/act_runner/role-job.yaml @@ -9,9 +9,6 @@ metadata: labels: {{- include "gitea.labels" . | nindent 4 }} app.kubernetes.io/component: token-job - annotations: - # helm.sh/hook: post-install - # helm.sh/hook-delete-policy: hook-succeeded rules: - apiGroups: - "" diff --git a/templates/gitea/actions/rolebinding-job.yaml b/templates/gitea/act_runner/rolebinding-job.yaml similarity index 87% rename from templates/gitea/actions/rolebinding-job.yaml rename to templates/gitea/act_runner/rolebinding-job.yaml index be2d2de..8442c73 100644 --- a/templates/gitea/actions/rolebinding-job.yaml +++ b/templates/gitea/act_runner/rolebinding-job.yaml @@ -9,9 +9,6 @@ metadata: labels: {{- include "gitea.labels" . | nindent 4 }} app.kubernetes.io/component: token-job - annotations: - # helm.sh/hook: post-install - # helm.sh/hook-delete-policy: hook-succeeded roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/templates/gitea/actions/secret-token.yaml b/templates/gitea/act_runner/secret-token.yaml similarity index 78% rename from templates/gitea/actions/secret-token.yaml rename to templates/gitea/act_runner/secret-token.yaml index e2b1e12..5de4111 100644 --- a/templates/gitea/actions/secret-token.yaml +++ b/templates/gitea/act_runner/secret-token.yaml @@ -5,11 +5,6 @@ apiVersion: v1 kind: Secret metadata: - annotations: - # helm.sh/hook: post-install - # helm.sh/hook-delete-policy: never - argocd.argoproj.io/hook: Skip - argocd.argoproj.io/hook-delete-policy: Never name: {{ $secretName }} labels: {{- include "gitea.labels" . | nindent 4 }} diff --git a/templates/gitea/actions/serviceaccount-job.yaml b/templates/gitea/act_runner/serviceaccount-job.yaml similarity index 79% rename from templates/gitea/actions/serviceaccount-job.yaml rename to templates/gitea/act_runner/serviceaccount-job.yaml index 5731c0c..5ef2101 100644 --- a/templates/gitea/actions/serviceaccount-job.yaml +++ b/templates/gitea/act_runner/serviceaccount-job.yaml @@ -8,7 +8,4 @@ metadata: labels: {{- include "gitea.labels" . | nindent 4 }} app.kubernetes.io/component: token-job - annotations: - # helm.sh/hook: post-install - # helm.sh/hook-delete-policy: hook-succeeded {{- end }} diff --git a/templates/gitea/actions/statefulset.yaml b/templates/gitea/act_runner/statefulset.yaml similarity index 74% rename from templates/gitea/actions/statefulset.yaml rename to templates/gitea/act_runner/statefulset.yaml index 8fcb07d..9a778c1 100644 --- a/templates/gitea/actions/statefulset.yaml +++ b/templates/gitea/act_runner/statefulset.yaml @@ -5,39 +5,30 @@ apiVersion: apps/v1 kind: StatefulSet metadata: labels: - {{- include "gitea.labels" . | nindent 4 }} - {{- if .Values.actions.statefulset.labels }} - {{- toYaml .Values.actions.statefulset.labels | nindent 4 }} - {{- end }} + {{- include "gitea.labels.actRunner" . | nindent 4 }} name: {{ include "gitea.fullname" . }}-act-runner spec: selector: matchLabels: - {{- include "gitea.selectorLabels" . | nindent 6 }} - {{- if .Values.actions.statefulset.labels }} - {{- toYaml .Values.actions.statefulset.labels | nindent 6 }} - {{- end }} + {{- include "gitea.selectorLabels.actRunner" . | nindent 6 }} template: metadata: labels: - {{- include "gitea.labels" . | nindent 8 }} - {{- if .Values.actions.statefulset.labels }} - {{- toYaml .Values.actions.statefulset.labels | nindent 8 }} - {{- end }} + {{- include "gitea.labels.actRunner" . | nindent 8 }} spec: initContainers: - name: init-gitea - image: busybox:latest + image: busybox:1.36.1 command: - sh - -c - | - while ! nc -z gitea-http 3000; do + while ! nc -z {{ include "gitea.fullname" . }}-http {{ .Values.service.http.port }}; do sleep 5 done containers: - name: act-runner - image: "{{ .Values.actions.statefulset.actRunnerImage.repository }}:{{ .Values.actions.statefulset.actRunnerImage.tag | default "latest" }}" + image: "{{ .Values.actions.statefulset.actRunnerImage.repository }}:{{ .Values.actions.statefulset.actRunnerImage.tag }}" imagePullPolicy: {{ .Values.actions.statefulset.actRunnerImage.pullPolicy }} workingDir: /data env: @@ -50,12 +41,12 @@ spec: - name: GITEA_RUNNER_REGISTRATION_TOKEN valueFrom: secretKeyRef: - name: {{ $secretName }} - key: token + name: "{{ .Values.actions.existingSecret | default $secretName }}" + key: "{{ .Values.actions.existingSecret | default "token" }}" - name: GITEA_INSTANCE_URL - value: http://gitea-http:3000 + value: "http://{{ include "gitea.fullname" . }}-http:{{ .Values.service.http.port }}" - name: GITEA_RUNNER_LABELS - value: ubuntu-latest + value: "{{ .Values.actions.statefulset.runnerLabels | default "ubuntu-latest" }}" - name: CONFIG_FILE value: /actrunner/config.yaml volumeMounts: @@ -67,7 +58,7 @@ spec: - mountPath: /data name: data-act-runner - name: dind - image: "{{ .Values.actions.statefulset.dindImage.repository }}:{{ .Values.actions.statefulset.dindImage.tag | default "24.0.7-dind" }}" + image: "{{ .Values.actions.statefulset.dindImage.repository }}:{{ .Values.actions.statefulset.dindImage.tag }}" imagePullPolicy: {{ .Values.actions.statefulset.dindImage.pullPolicy }} env: - name: DOCKER_HOST diff --git a/unittests/actions/config-act-runner.yaml b/unittests/actions/config-act-runner.yaml index a4982e9..01af7b2 100644 --- a/unittests/actions/config-act-runner.yaml +++ b/unittests/actions/config-act-runner.yaml @@ -5,7 +5,7 @@ release: templates: - templates/gitea/actions/config-act-runner.yaml tests: - - it: renders a deployment + - it: renders a ConfigMap template: templates/gitea/actions/config-act-runner.yaml set: actions: diff --git a/values.yaml b/values.yaml index 6389fc6..7e3a580 100644 --- a/values.yaml +++ b/values.yaml @@ -345,6 +345,8 @@ signing: ## @section GiteaActions # ## @param actions.statefulset.enabled Create an act-runner StatefulSet. +## @param actions.statefulset.config Act runner custom configuration. +## @param actions.statefulset.runnerLabels Act runner labels. ## @param actions.statefulset.actRunnerImage.repository The Gitea act runner image ## @param actions.statefulset.actRunnerImage.tag The Gitea act runner tag ## @param actions.statefulset.actRunnerImage.pullPolicy The Gitea act runner pullPolicy @@ -368,14 +370,17 @@ actions: labels: {} resources: {} + config: "" + runnerLabels: "" + actRunnerImage: repository: gitea/act_runner - # tag: latest + tag: 0.2.6 pullPolicy: IfNotPresent dindImage: repository: docker - # tag: 24.0.7-dind + tag: 24.0.7-dind pullPolicy: IfNotPresent job: @@ -386,12 +391,12 @@ actions: tokenImage: repository: gitea/gitea - # tag: latest-rootless + tag: "" pullPolicy: IfNotPresent publishImage: repository: bitnami/kubectl - # tag: latest + tag: 1.29.0 pullPolicy: IfNotPresent ## Specify an existing token secret