Added tech-documentation for the Job
This commit is contained in:
parent
5456b1b76e
commit
938e0b09af
66
README.md
66
README.md
@ -999,40 +999,40 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
|
||||
| `signing.privateKey` | Inline private gpg key for signed internal Git activity | `""` |
|
||||
| `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""` |
|
||||
|
||||
### GiteaActions
|
||||
### Gitea Actions
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------- | --------------------------------------------------------------------------- | ------------------ |
|
||||
| `actions.statefulset.enabled` | Create an act runner StatefulSet. | `false` |
|
||||
| `actions.statefulset.annotations` | Act runner annotations | `{}` |
|
||||
| `actions.statefulset.labels` | Act runner labels | `{}` |
|
||||
| `actions.statefulset.resources` | Act runner resources | `{}` |
|
||||
| `actions.statefulset.nodeSelector` | NodeSelector for the statefulset | `{}` |
|
||||
| `actions.statefulset.tolerations` | Tolerations for the statefulset | `[]` |
|
||||
| `actions.statefulset.affinity` | Affinity for the statefulset | `{}` |
|
||||
| `actions.statefulset.config` | Act runner custom configuration. | `""` |
|
||||
| `actions.statefulset.runnerLabels` | Act runner labels. | `""` |
|
||||
| `actions.statefulset.actRunnerImage.repository` | The Gitea act runner image | `gitea/act_runner` |
|
||||
| `actions.statefulset.actRunnerImage.tag` | The Gitea act runner tag | `0.2.6` |
|
||||
| `actions.statefulset.actRunnerImage.pullPolicy` | The Gitea act runner pullPolicy | `IfNotPresent` |
|
||||
| `actions.statefulset.dindImage.repository` | The Docker-in-Docker image | `docker` |
|
||||
| `actions.statefulset.dindImage.tag` | The Docker-in-Docker image tag | `24.0.7-dind` |
|
||||
| `actions.statefulset.dindImage.pullPolicy` | The Docker-in-Docker pullPolicy | `IfNotPresent` |
|
||||
| `actions.job.enabled` | Create a job that will create and save the token in a Kubernetes Secret | `false` |
|
||||
| `actions.job.annotations` | Job's annotations | `{}` |
|
||||
| `actions.job.labels` | Job's labels | `{}` |
|
||||
| `actions.job.resources` | Job's resources | `{}` |
|
||||
| `actions.job.nodeSelector` | NodeSelector for the job | `{}` |
|
||||
| `actions.job.tolerations` | Tolerations for the job | `[]` |
|
||||
| `actions.job.affinity` | Affinity for the job | `{}` |
|
||||
| `actions.job.tokenImage.repository` | The image that can create a token via `gitea actions generate-runner-token` | `gitea/gitea` |
|
||||
| `actions.job.tokenImage.tag` | The token image tag that can create a token | `""` |
|
||||
| `actions.job.tokenImage.pullPolicy` | The token image pullPolicy that can create a token | `IfNotPresent` |
|
||||
| `actions.job.publishImage.repository` | The image that can create the secret via kubectl | `bitnami/kubectl` |
|
||||
| `actions.job.publishImage.tag` | The publish image tag that can create the secret | `1.29.0` |
|
||||
| `actions.job.publishImage.pullPolicy` | The publish image pullPolicy that can create the secret | `IfNotPresent` |
|
||||
| `actions.existingSecret` | Secret that contains the token | `""` |
|
||||
| `actions.existingSecretKey` | Secret key | `""` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------ | --------------------------------------------------------------------------- | ------------------ |
|
||||
| `actions.enabled` | Create an act runner StatefulSet. | `false` |
|
||||
| `actions.statefulset.annotations` | Act runner annotations | `{}` |
|
||||
| `actions.statefulset.labels` | Act runner labels | `{}` |
|
||||
| `actions.statefulset.resources` | Act runner resources | `{}` |
|
||||
| `actions.statefulset.nodeSelector` | NodeSelector for the statefulset | `{}` |
|
||||
| `actions.statefulset.tolerations` | Tolerations for the statefulset | `[]` |
|
||||
| `actions.statefulset.affinity` | Affinity for the statefulset | `{}` |
|
||||
| `actions.statefulset.config` | Act runner custom configuration. | `""` |
|
||||
| `actions.statefulset.runnerLabels` | Act runner labels. | `""` |
|
||||
| `actions.statefulset.actRunner.repository` | The Gitea act runner image | `gitea/act_runner` |
|
||||
| `actions.statefulset.actRunner.tag` | The Gitea act runner tag | `0.2.6` |
|
||||
| `actions.statefulset.actRunner.pullPolicy` | The Gitea act runner pullPolicy | `IfNotPresent` |
|
||||
| `actions.statefulset.dind.repository` | The Docker-in-Docker image | `docker` |
|
||||
| `actions.statefulset.dind.tag` | The Docker-in-Docker image tag | `25.0.2-dind` |
|
||||
| `actions.statefulset.dind.pullPolicy` | The Docker-in-Docker pullPolicy | `IfNotPresent` |
|
||||
| `actions.job.enabled` | Create a job that will create and save the token in a Kubernetes Secret | `false` |
|
||||
| `actions.job.annotations` | Job's annotations | `{}` |
|
||||
| `actions.job.labels` | Job's labels | `{}` |
|
||||
| `actions.job.resources` | Job's resources | `{}` |
|
||||
| `actions.job.nodeSelector` | NodeSelector for the job | `{}` |
|
||||
| `actions.job.tolerations` | Tolerations for the job | `[]` |
|
||||
| `actions.job.affinity` | Affinity for the job | `{}` |
|
||||
| `actions.job.token.repository` | The image that can create a token via `gitea actions generate-runner-token` | `gitea/gitea` |
|
||||
| `actions.job.token.tag` | The token image tag that can create a token | `""` |
|
||||
| `actions.job.token.pullPolicy` | The token image pullPolicy that can create a token | `IfNotPresent` |
|
||||
| `actions.job.publish.repository` | The image that can create the secret via kubectl | `bitnami/kubectl` |
|
||||
| `actions.job.publish.tag` | The publish image tag that can create the secret | `1.29.0` |
|
||||
| `actions.job.publish.pullPolicy` | The publish image pullPolicy that can create the secret | `IfNotPresent` |
|
||||
| `actions.existingSecret` | Secret that contains the token | `""` |
|
||||
| `actions.existingSecretKey` | Secret key | `""` |
|
||||
|
||||
### Gitea
|
||||
|
||||
|
44
readme-actions-dev.md
Normal file
44
readme-actions-dev.md
Normal file
@ -0,0 +1,44 @@
|
||||
# Gitea Actions
|
||||
|
||||
In order to use the Gitea Actions act-runner you must:
|
||||
|
||||
- set the following environment variables to `deployment.env` (modify LOCAL_ROOT_URL if you used a different service name):
|
||||
|
||||
```yaml
|
||||
deployment:
|
||||
env:
|
||||
- name: GITEA__ACTIONS__ENABLED
|
||||
value: 'true'
|
||||
- name: GITEA__SERVER__LOCAL_ROOT_URL
|
||||
value: http://gitea-http:3000
|
||||
```
|
||||
|
||||
- enable persistence (used for automatic deployment to be able to store the token in a place accessible for the Job)
|
||||
|
||||
In order to use Gitea Actions, you must log on the server that's running Gitea and run the command:
|
||||
`gitea actions generate-runner-token`
|
||||
|
||||
This command will out a token that is needed by the act-runner to register with the Gitea backend.
|
||||
|
||||
Because this is a manual operation, we automated this using a Kubernetes Job using the following containers:
|
||||
|
||||
1) `actions-token-create`: it uses the current `gitea-rootless` image, mounts the persistent directory to `/data/` then it saves the output from `gitea actions generate-runner-token` to `/data/actions/token`
|
||||
2) `actions-token-upload`: it uses a `bitnami/kubectl` image, mounts the scripts directory (`/scripts`) and
|
||||
the persistent directory (`/data/`), and using the script from `/scripts/token.sh` stores the token in a Kubernetes secret
|
||||
|
||||
After the token is stored in a Kubernetes secret we can create the statefulset that contains the following containers:
|
||||
|
||||
1) `act-runner`: authenticates with Gitea using the token that was stored in the secret
|
||||
2) `dind`: DockerInDocker image that is used to run the actions
|
||||
|
||||
If you are not using persistent volumes, you cannot use the Job to automatically generate the token.
|
||||
In this case, you can use either the Web UI to generate the token or run a shell into a Gitea pod and invoke
|
||||
the command `gitea actions generate-runner-token`. After generating the token, you must create a secret and use it via:
|
||||
|
||||
```yaml
|
||||
actions:
|
||||
job:
|
||||
enabled: false
|
||||
existingSecret: "secret-name"
|
||||
existingSecretKey: "secret-key"
|
||||
```
|
@ -27,7 +27,6 @@ If release name contains chart name it will be used as a full name.
|
||||
|
||||
{{/*
|
||||
Create a default worker name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
*/}}
|
||||
{{- define "gitea.workername" -}}
|
||||
{{- printf "%s-%s" .global.Release.Name .worker | trunc 63 | trimSuffix "-" -}}
|
||||
|
@ -1,4 +1,4 @@
|
||||
{{- if and (and .Values.actions.statefulset.enabled .Values.persistence.enabled) .Values.persistence.mount }}
|
||||
{{- if .Values.actions.enabled }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
|
@ -42,8 +42,8 @@ spec:
|
||||
done
|
||||
containers:
|
||||
- name: actions-token-create
|
||||
image: "{{ .Values.actions.job.tokenImage.repository }}:{{ .Values.actions.job.tokenImage.tag | default (printf "%s-rootless" .Chart.AppVersion) }}"
|
||||
imagePullPolicy: {{ .Values.actions.job.tokenImage.pullPolicy }}
|
||||
image: "{{ .Values.actions.job.token.repository }}:{{ .Values.actions.job.token.tag | default (printf "%s-rootless" .Chart.AppVersion) }}"
|
||||
imagePullPolicy: {{ .Values.actions.job.token.pullPolicy }}
|
||||
env:
|
||||
- name: GITEA_APP_INI
|
||||
value: /data/gitea/conf/app.ini
|
||||
@ -63,8 +63,8 @@ spec:
|
||||
subPath: {{ .Values.persistence.subPath }}
|
||||
{{- end }}
|
||||
- name: actions-token-upload
|
||||
image: "{{ .Values.actions.job.publishImage.repository }}:{{ .Values.actions.job.publishImage.tag }}"
|
||||
imagePullPolicy: {{ .Values.actions.job.publishImage.pullPolicy }}
|
||||
image: "{{ .Values.actions.job.publish.repository }}:{{ .Values.actions.job.publish.tag }}"
|
||||
imagePullPolicy: {{ .Values.actions.job.publish.pullPolicy }}
|
||||
env:
|
||||
- name: SECRET_NAME
|
||||
value: {{ $secretName }}
|
||||
|
@ -1,4 +1,4 @@
|
||||
{{- if and (and .Values.actions.statefulset.enabled .Values.persistence.enabled) .Values.persistence.mount }}
|
||||
{{- if .Values.actions.enabled }}
|
||||
{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
@ -38,8 +38,8 @@ spec:
|
||||
done
|
||||
containers:
|
||||
- name: act-runner
|
||||
image: "{{ .Values.actions.statefulset.actRunnerImage.repository }}:{{ .Values.actions.statefulset.actRunnerImage.tag }}"
|
||||
imagePullPolicy: {{ .Values.actions.statefulset.actRunnerImage.pullPolicy }}
|
||||
image: "{{ .Values.actions.statefulset.actRunner.repository }}:{{ .Values.actions.statefulset.actRunner.tag }}"
|
||||
imagePullPolicy: {{ .Values.actions.statefulset.actRunner.pullPolicy }}
|
||||
workingDir: /data
|
||||
env:
|
||||
- name: DOCKER_HOST
|
||||
@ -52,7 +52,7 @@ spec:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.actions.existingSecret | default $secretName }}"
|
||||
key: "{{ .Values.actions.existingSecret | default "token" }}"
|
||||
key: "{{ .Values.actions.existingSecretKey | default "token" }}"
|
||||
- name: GITEA_INSTANCE_URL
|
||||
value: "http://{{ include "gitea.fullname" . }}-http:{{ .Values.service.http.port }}"
|
||||
- name: GITEA_RUNNER_LABELS
|
||||
@ -70,8 +70,8 @@ spec:
|
||||
- mountPath: /data
|
||||
name: data-act-runner
|
||||
- name: dind
|
||||
image: "{{ .Values.actions.statefulset.dindImage.repository }}:{{ .Values.actions.statefulset.dindImage.tag }}"
|
||||
imagePullPolicy: {{ .Values.actions.statefulset.dindImage.pullPolicy }}
|
||||
image: "{{ .Values.actions.statefulset.dind.repository }}:{{ .Values.actions.statefulset.dind.tag }}"
|
||||
imagePullPolicy: {{ .Values.actions.statefulset.dind.pullPolicy }}
|
||||
env:
|
||||
- name: DOCKER_HOST
|
||||
value: tcp://127.0.0.1:2376
|
||||
|
@ -9,8 +9,7 @@ tests:
|
||||
template: templates/gitea/act_runner/config-act-runner.yaml
|
||||
set:
|
||||
actions:
|
||||
statefulset:
|
||||
enabled: true
|
||||
enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
|
@ -5,7 +5,7 @@ release:
|
||||
templates:
|
||||
- templates/gitea/act_runner/config-scripts.yaml
|
||||
tests:
|
||||
- it: renders a deployment
|
||||
- it: renders a ConfigMap
|
||||
template: templates/gitea/act_runner/config-scripts.yaml
|
||||
set:
|
||||
actions:
|
||||
|
@ -5,7 +5,7 @@ release:
|
||||
templates:
|
||||
- templates/gitea/act_runner/job.yaml
|
||||
tests:
|
||||
- it: renders a deployment
|
||||
- it: renders a Job
|
||||
template: templates/gitea/act_runner/job.yaml
|
||||
set:
|
||||
actions:
|
||||
|
@ -5,7 +5,7 @@ release:
|
||||
templates:
|
||||
- templates/gitea/act_runner/role-job.yaml
|
||||
tests:
|
||||
- it: renders a role
|
||||
- it: renders a Role
|
||||
template: templates/gitea/act_runner/role-job.yaml
|
||||
set:
|
||||
actions:
|
||||
|
@ -5,7 +5,7 @@ release:
|
||||
templates:
|
||||
- templates/gitea/act_runner/rolebinding-job.yaml
|
||||
tests:
|
||||
- it: renders a deployment
|
||||
- it: renders a RoleBinding
|
||||
template: templates/gitea/act_runner/rolebinding-job.yaml
|
||||
set:
|
||||
actions:
|
||||
|
@ -5,7 +5,7 @@ release:
|
||||
templates:
|
||||
- templates/gitea/act_runner/secret-token.yaml
|
||||
tests:
|
||||
- it: renders a deployment
|
||||
- it: renders a Secret
|
||||
template: templates/gitea/act_runner/secret-token.yaml
|
||||
set:
|
||||
actions:
|
||||
|
@ -5,7 +5,7 @@ release:
|
||||
templates:
|
||||
- templates/gitea/act_runner/serviceaccount-job.yaml
|
||||
tests:
|
||||
- it: renders a deployment
|
||||
- it: renders a ServiceAccount
|
||||
template: templates/gitea/act_runner/serviceaccount-job.yaml
|
||||
set:
|
||||
actions:
|
||||
|
@ -5,12 +5,11 @@ release:
|
||||
templates:
|
||||
- templates/gitea/act_runner/statefulset.yaml
|
||||
tests:
|
||||
- it: renders a deployment
|
||||
- it: renders a StatefulSet
|
||||
template: templates/gitea/act_runner/statefulset.yaml
|
||||
set:
|
||||
actions:
|
||||
statefulset:
|
||||
enabled: true
|
||||
enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
|
43
values.yaml
43
values.yaml
@ -340,11 +340,11 @@ signing:
|
||||
existingSecret: ""
|
||||
|
||||
# Configure Gitea Actions
|
||||
# - must enable persistence
|
||||
# - must enable persistence if the job is enabled
|
||||
# - must define deployment.env.GITEA__ACTIONS__ENABLED and GITEA__SERVER__LOCAL_ROOT_URL
|
||||
## @section GiteaActions
|
||||
## @section Gitea Actions
|
||||
#
|
||||
## @param actions.statefulset.enabled Create an act runner StatefulSet.
|
||||
## @param actions.enabled Create an act runner StatefulSet.
|
||||
## @param actions.statefulset.annotations Act runner annotations
|
||||
## @param actions.statefulset.labels Act runner labels
|
||||
## @param actions.statefulset.resources Act runner resources
|
||||
@ -353,12 +353,12 @@ signing:
|
||||
## @param actions.statefulset.affinity Affinity for the statefulset
|
||||
## @param actions.statefulset.config Act runner custom configuration.
|
||||
## @param actions.statefulset.runnerLabels Act runner labels.
|
||||
## @param actions.statefulset.actRunnerImage.repository The Gitea act runner image
|
||||
## @param actions.statefulset.actRunnerImage.tag The Gitea act runner tag
|
||||
## @param actions.statefulset.actRunnerImage.pullPolicy The Gitea act runner pullPolicy
|
||||
## @param actions.statefulset.dindImage.repository The Docker-in-Docker image
|
||||
## @param actions.statefulset.dindImage.tag The Docker-in-Docker image tag
|
||||
## @param actions.statefulset.dindImage.pullPolicy The Docker-in-Docker pullPolicy
|
||||
## @param actions.statefulset.actRunner.repository The Gitea act runner image
|
||||
## @param actions.statefulset.actRunner.tag The Gitea act runner tag
|
||||
## @param actions.statefulset.actRunner.pullPolicy The Gitea act runner pullPolicy
|
||||
## @param actions.statefulset.dind.repository The Docker-in-Docker image
|
||||
## @param actions.statefulset.dind.tag The Docker-in-Docker image tag
|
||||
## @param actions.statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy
|
||||
## @param actions.job.enabled Create a job that will create and save the token in a Kubernetes Secret
|
||||
## @param actions.job.annotations Job's annotations
|
||||
## @param actions.job.labels Job's labels
|
||||
@ -366,18 +366,17 @@ signing:
|
||||
## @param actions.job.nodeSelector NodeSelector for the job
|
||||
## @param actions.job.tolerations Tolerations for the job
|
||||
## @param actions.job.affinity Affinity for the job
|
||||
## @param actions.job.tokenImage.repository The image that can create a token via `gitea actions generate-runner-token`
|
||||
## @param actions.job.tokenImage.tag The token image tag that can create a token
|
||||
## @param actions.job.tokenImage.pullPolicy The token image pullPolicy that can create a token
|
||||
## @param actions.job.publishImage.repository The image that can create the secret via kubectl
|
||||
## @param actions.job.publishImage.tag The publish image tag that can create the secret
|
||||
## @param actions.job.publishImage.pullPolicy The publish image pullPolicy that can create the secret
|
||||
## @param actions.job.token.repository The image that can create a token via `gitea actions generate-runner-token`
|
||||
## @param actions.job.token.tag The token image tag that can create a token
|
||||
## @param actions.job.token.pullPolicy The token image pullPolicy that can create a token
|
||||
## @param actions.job.publish.repository The image that can create the secret via kubectl
|
||||
## @param actions.job.publish.tag The publish image tag that can create the secret
|
||||
## @param actions.job.publish.pullPolicy The publish image pullPolicy that can create the secret
|
||||
## @param actions.existingSecret Secret that contains the token
|
||||
## @param actions.existingSecretKey Secret key
|
||||
actions:
|
||||
enabled: false
|
||||
statefulset:
|
||||
enabled: false
|
||||
|
||||
annotations: {}
|
||||
labels: {}
|
||||
resources: {}
|
||||
@ -388,14 +387,14 @@ actions:
|
||||
config: ""
|
||||
runnerLabels: ""
|
||||
|
||||
actRunnerImage:
|
||||
actRunner:
|
||||
repository: gitea/act_runner
|
||||
tag: 0.2.6
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
dindImage:
|
||||
dind:
|
||||
repository: docker
|
||||
tag: 24.0.7-dind
|
||||
tag: 25.0.2-dind
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
job:
|
||||
@ -408,12 +407,12 @@ actions:
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
|
||||
tokenImage:
|
||||
token:
|
||||
repository: gitea/gitea
|
||||
tag: ""
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
publishImage:
|
||||
publish:
|
||||
repository: bitnami/kubectl
|
||||
tag: 1.29.0
|
||||
pullPolicy: IfNotPresent
|
||||
|
Loading…
x
Reference in New Issue
Block a user