lunny/helm-chart
1
0
Fork 0
Code Issues 36 Pull Requests 14 Actions Packages Projects Releases 93 Wiki Activity

Set image.rootless to true by default (#449)

Browse Source 
fix #432

Assuming that "everybody" is meanwhile on > 1.14.

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/449
This commit is contained in:
pat-s 2023-06-27 20:32:01 +00:00
parent aa33330abe
commit 5ed140088e
4 changed files with 74 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -587,7 +587,7 @@ gitea:
| `image.repository` | Image to start for this pod | `gitea/gitea` |
| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` |
| `image.pullPolicy` | Image pull policy | `Always` |
| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` |
| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` |
| `imagePullSecrets` | Secret to use for pulling the image | `[]` |
### Security

68
unittests/init/init_directory_structure.sh-rootless.yaml Normal file
View File

@ -0,0 +1,68 @@
suite: Init template
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/init.yaml
tests:
- it: runs gpg in batch mode
set:
signing.enabled: true
signing.privateKey: |-
-----BEGIN PGP PRIVATE KEY BLOCK-----
{placeholder}
-----END PGP PRIVATE KEY BLOCK-----
asserts:
- equal:
path: stringData["configure_gpg_environment.sh"]
value: |-
#!/usr/bin/env bash
set -eu
gpg --batch --import /raw/private.asc
- it: skips gpg script block for disabled signing
asserts:
- equal:
path: stringData["init_directory_structure.sh"]
value: |-
#!/usr/bin/env bash
set -euo pipefail
set -x
mkdir -p /data/git/.ssh
chmod -R 700 /data/git/.ssh
[ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
# prepare temp directory structure
mkdir -p "${GITEA_TEMP}"
chmod ug+rwx "${GITEA_TEMP}"
- it: adds gpg script block for enabled signing
set:
signing.enabled: true
signing.privateKey: |-
-----BEGIN PGP PRIVATE KEY BLOCK-----
{placeholder}
-----END PGP PRIVATE KEY BLOCK-----
asserts:
- equal:
path: stringData["init_directory_structure.sh"]
value: |-
#!/usr/bin/env bash
set -euo pipefail
set -x
mkdir -p /data/git/.ssh
chmod -R 700 /data/git/.ssh
[ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
# prepare temp directory structure
mkdir -p "${GITEA_TEMP}"
chmod ug+rwx "${GITEA_TEMP}"
if [ ! -d "${GNUPGHOME}" ]; then
mkdir -p "${GNUPGHOME}"
chmod 700 "${GNUPGHOME}"
chown 1000:1000 "${GNUPGHOME}"
fi

4
unittests/init/init_directory_structure.sh.yaml
View File

@ -7,6 +7,7 @@ templates:
tests:
- it: runs gpg in batch mode
set:
image.rootless: false
signing.enabled: true
signing.privateKey: |-
-----BEGIN PGP PRIVATE KEY BLOCK-----
@ -21,6 +22,8 @@ tests:
gpg --batch --import /raw/private.asc
- it: skips gpg script block for disabled signing
set:
image.rootless: false
asserts:
- equal:
path: stringData["init_directory_structure.sh"]
@ -41,6 +44,7 @@ tests:
chmod ug+rwx "${GITEA_TEMP}"
- it: adds gpg script block for enabled signing
set:
image.rootless: false
signing.enabled: true
signing.privateKey: |-
-----BEGIN PGP PRIVATE KEY BLOCK-----

2
values.yaml
View File

@ -38,7 +38,7 @@ image:
# Overrides the image tag whose default is the chart appVersion.
tag: ""
pullPolicy: Always
rootless: false # only possible when running 1.14 or later
rootless: true
## @param imagePullSecrets Secret to use for pulling the image
imagePullSecrets: []