create initial secrets before app.ini removal

condition on existence
remove existing app.ini before creating it
2023-05-29 20:13:00 +02:00 · 2023-05-29 12:07:24 +02:00 · 2023-05-29 11:54:19 +02:00
56 changed files with 589 additions and 3043 deletions
@@ -39,4 +39,3 @@

 - [ ] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
 - [ ] Breaking changes are documented in the `README.md`
- [ ] Templating unittests are added
@@ -5,37 +5,24 @@ on:
    tags:
      - "*"

-env:
-  # renovate: datasource=docker depName=alpine/helm
-  HELM_VERSION: "3.15.3"
-
 jobs:
  generate-chart-publish:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - name: install tools
        run: |
          apt update -y
-          apt install -y curl ca-certificates curl gnupg
-          # helm
-          curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
-          tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
-          mv linux-amd64/helm /usr/local/bin/
-          rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
-          helm version
-          # docker
-          install -m 0755 -d /etc/apt/keyrings
-          curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
-          chmod a+r /etc/apt/keyrings/docker.gpg
-          echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
+          apt install -y curl
+          curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null
+          echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list
          apt update -y
-          apt install -y python3 python3-pip apt-transport-https docker-ce-cli
+          apt install -y python helm python3-pip apt-transport-https
          pip install awscli

      - name: Import GPG key
        id: import_gpg
-        uses: https://github.com/crazy-max/ghaction-import-gpg@v6
+        uses: https://github.com/crazy-max/ghaction-import-gpg@v5
        with:
          gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
          passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
@@ -44,22 +31,18 @@ jobs:
      # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
      - name: package chart
        run: |
-          echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
          # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
          helm plugin install https://github.com/pat-s/helm-gpg
-          helm dependency build
+          helm dependency update
          helm package --version "${GITHUB_REF#refs/tags/v}" ./
+          helm gpg sign "gitea-${GITHUB_REF#refs/tags/v}.tgz"
          mkdir gitea
          mv gitea*.tgz gitea/
-          curl -s -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml
-          helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml
-          # push to dockerhub
-          echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
-          helm push gitea/gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
-          helm registry logout registry-1.docker.io
+          curl -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml
+          helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml

      - name: aws credential configure
-        uses: https://github.com/aws-actions/configure-aws-credentials@v4
+        uses: https://github.com/aws-actions/configure-aws-credentials@v2
        with:
          aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -1,37 +1,32 @@
 name: check-and-test

 on:
-  pull_request:
-    branches:
-      - "*"
-  push:
-    branches:
-      - main
-      - "renovate/**"
-
-env:
-  # renovate: datasource=github-releases depName=helm-unittest/helm-unittest
-  HELM_UNITTEST_VERSION: "v0.5.1"
+  - pull_request

 jobs:
  check-and-test:
    runs-on: ubuntu-latest
-    container: alpine/helm:3.15.3
    steps:
+      - uses: actions/checkout@v3
      - name: install tools
        run: |
-          apk update
-          apk add --update make nodejs npm yamllint
-      - uses: actions/checkout@v4
-      - name: install chart dependencies
-        run: helm dependency build
+          apt update -y
+          apt install -y curl make
+          curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null
+          echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list
+          apt update -y
+          apt install -y helm python3-pip
+          pip install yamllint
+      - name: dependency update
+        run: helm dependency update
      - name: lint
        run: helm lint
      - name: template
-        run: helm template --debug gitea-helm .
+        run: |
+          helm template --debug gitea-helm .
      - name: unit tests
        run: |
-          helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
+          helm plugin install --version 0.3.1 https://github.com/helm-unittest/helm-unittest
          make unittests
      - name: verify readme
        run: |
@@ -47,7 +47,7 @@ MD013:
  # Number of characters
  line_length: 200
  # Number of characters for headings
-  heading_line_length: 100
+  heading_line_length: 80
  # Number of characters for code blocks
  code_block_line_length: 80
  # Include code blocks
@@ -73,7 +73,7 @@ MD022:
 # MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
 MD024:
  # Only check sibling headings
-  siblings_only: true
+  allow_different_nesting: true

 # MD025/single-title/single-h1 - Multiple top-level headings in the same document
 MD025:
@@ -106,7 +106,7 @@ MD030:
 # MD033/no-inline-html - Inline HTML
 MD033:
  # Allowed elements
-  allowed_elements: [details, summary]
+  allowed_elements: []

 # MD035/hr-style - Horizontal rule style
 MD035:
@@ -1,8 +0,0 @@
-{
-    "recommendations": [
-        "yzhang.markdown-all-in-one",
-        "DavidAnson.vscode-markdownlint",
-        "Tim-Koehler.helm-intellisense",
-        "esbenp.prettier-vscode"
-    ]
-  }
@@ -1,8 +0,0 @@
-{
-    "yaml.schemas": {
-        "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.1/schema/helm-testsuite.json": [
-            "/unittests/**/*.yaml"
-        ]
-    },
-    "yaml.schemaStore.enable": true
-}
@@ -1 +0,0 @@
-* @justusbunsi @pat-s
@@ -9,16 +9,21 @@ refactorings for easier maintainability or documentation improvements.
 - [`helm`](https://helm.sh/docs/intro/install/)
 - `make` is optional; you may call the commands directly

-When using Visual Studio Code as IDE, a [ready-to-use profile](.vscode/) is available.
+When using Visual Studio Code as IDE, following plugins might be useful:
+
+- [Markdown All in One](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one)
+- [markdownlint](https://marketplace.visualstudio.com/items?itemName=DavidAnson.vscode-markdownlint)
+- [Helm Intellisense](https://marketplace.visualstudio.com/items?itemName=Tim-Koehler.helm-intellisense)
+- [Prettier - Code formatter](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode)

 ## Documentation Requirements

-The `README.md` must include all configuration options.
-The parameters section is generated by extracting the parameter annotations from the `values.yaml` file, by using [this tool](https://github.com/bitnami-labs/readme-generator-for-helm).
+The `README.md` must include all configuration options. The parameters section
+is generated by extracting the parameter annotations from the `values.yaml` file,
+by using [this tool](https://github.com/bitnami-labs/readme-generator-for-helm).

-If changes were made on configuration options, run `make readme` to update the README file.
-
-The ToC is created via the VSCode [Markdown All in One](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one) extension which can/must also be used used to update it.
+If changes were made on configuration options, run `make readme` to update the
+README file.

 ## Pull Request Requirements

@@ -36,15 +41,16 @@ For local development and testing of pull requests, the following workflow can
 be used:

 1. Install `minikube` and `helm`.
-1. Start a `minikube` cluster via `minikube start`.
-1. From the `gitea/helm-chart` directory execute the following command.
-   This will install the dependencies listed in `Chart.yml` and deploy the current state of the helm chart found locally.
-   If you want to test a branch, make sure to switch to the respective branch first.
-   `helm install --dependency-update gitea . -f values.yaml`.
-1. Gitea is now deployed in `minikube`.
-   To access it, it's port needs to be forwarded first from `minikube` to localhost first via `kubectl --namespace
-default port-forward svc/gitea-http 3000:3000`.
-   Now Gitea is accessible at [http://localhost:3000](http://localhost:3000).
+2. Start a `minikube` cluster via `minikube start`.
+3. From the `gitea/helm-chart` directory execute the following command. This
+   will install the dependencies listed in `Chart.yml` and deploy the current
+   state of the helm chart found locally. If you want to test a branch, make
+   sure to switch to the respective branch first.
+  `helm install --dependency-update gitea . -f values.yaml`.
+4. Gitea is now deployed in `minikube`. To access it, it's port needs to be
+   forwarded first from `minikube` to localhost first via `kubectl --namespace
+   default port-forward svc/gitea-http 3000:3000`. Now Gitea is accessible at
+   [http://localhost:3000](http://localhost:3000).

 ### Unit tests

@@ -55,11 +61,3 @@ $ helm plugin install https://github.com/helm-unittest/helm-unittest
 # run the unittests
 make unittests
 ```
-
-See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/main/DOCUMENT.md) for usage instructions.
-
-## Release process
-
-1. Create a tag following the tagging schema
-1. Push the tag
-1. Let CI do it's work
@@ -1,15 +1,9 @@
 dependencies:
+- name: memcached
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 6.3.14
 - name: postgresql
  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 15.5.17
- name: postgresql-ha
-  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 14.2.12
- name: redis-cluster
-  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 10.2.7
- name: redis
-  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 19.6.2
-digest: sha256:842e8878e2da9cd62c2233f5ebfcdaa05598633a8bc2fa84803006929cf0c3cc
-generated: "2024-07-20T00:44:58.227558466Z"
+  version: 12.4.1
+digest: sha256:02d4846bf416038a42658dbca8f8001d0e3ce967b00e990048f8d420065c33fd
+generated: "2023-04-28T09:32:05.295167+02:00"
@@ -3,8 +3,8 @@ name: gitea
 description: Gitea Helm chart for Kubernetes
 type: application
 version: 0.0.0
-appVersion: 1.22.0
-icon: https://gitea.com/assets/img/logo.svg
+appVersion: 1.19.3
+icon: https://docs.gitea.io/images/gitea.png

 keywords:
  - git
@@ -31,24 +31,16 @@ maintainers:
  - name: Patrick Schratz
    email: patrick.schratz@gmail.com

+# Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details
 dependencies:
-  # https://github.com/bitnami/charts/blob/main/bitnami/postgresql
+  # OCI registry: https://blog.bitnami.com/2023/01/bitnami-helm-charts-available-as-oci.html (2023-01)
+  # Chart release date: 2023-04
+  - name: memcached
+    repository: oci://registry-1.docker.io/bitnamicharts
+    version: 6.3.14
+    condition: memcached.enabled
+  # Chart release date: 2023-04
  - name: postgresql
    repository: oci://registry-1.docker.io/bitnamicharts
-    version: 15.5.17
+    version: 12.4.1
    condition: postgresql.enabled
-  # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml
-  - name: postgresql-ha
-    repository: oci://registry-1.docker.io/bitnamicharts
-    version: 14.2.12
-    condition: postgresql-ha.enabled
-  # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml
-  - name: redis-cluster
-    repository: oci://registry-1.docker.io/bitnamicharts
-    version: 10.2.7
-    condition: redis-cluster.enabled
-  # https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml
-  - name: redis
-    repository: oci://registry-1.docker.io/bitnamicharts
-    version: 19.6.2
-    condition: redis.enabled
@@ -9,9 +9,4 @@ readme: prepare-environment

 .PHONY: unittests
 unittests:
-	helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' -f 'unittests/values-conflicting-checks.yaml' ./
-
-.PHONY: helm
-update-helm-dependencies:
-	helm dependency update
-  
+	helm unittest --strict -f 'unittests/**/*.yaml' ./
@@ -1,178 +0,0 @@
-# High Availability
-
-All components (in-memory DB, volume/asset storage, code indexer) used by Gitea must be deployed in a HA-ready fashion to achieve a full HA-ready Gitea deployment.
-The following document explains how to achieve this for all individual components.
-
-The resulting Gitea deployment will consist of ~ 10 pods (depending on the chosen components and their replicas).
-One should evaluate upfront whether a HA-deployment is required as switching between HA/non-HA comes with some effort.
-For production instances, HA is always recommended to increase uptime and have a frictionless update process.
-
-A general comment about chart dependencies and external services:
-Instead of relying on chart dependencies, it is often better to rely on an external, (managed) instances (in-memory database, asset storage provider, database, etc.).
-Many cloud providers offer such services, at least for databases or in-memory databases.
-They might cost a bit more than using a self-hosted k8s variant but are usually easier to maintain and scale, if needed.
-Also they can be centrally managed and are not linked to the Gitea helm chart or namespace.
-Please consider using external services before you start with your Gitea HA setup, it will make your life (and the life of the Gitea maintainers) easier.
-
-This helm chart tries to help as much as possible to simplify and assert the provisioning of a HA-ready Gitea instance by implementing smart conditionals if `replicaCount` is set to a value > 1.
-Nevertheless, we cannot guarantee for every possible combination of Gitea settings to work together perfectly in a HA setup.
-As a general advice, we recommend to have a test environment aside on which to test possible changes/upgrades before applying these to a production installation.
-
-## Requirements for HA
-
-Storage-wise, the HA-Gitea setup requires a RWX file-system which can be shared among the deployment-based replica pods.
-In addition, the following components are required for full HA-readiness:
-
- A HA-ready issue (and optionally code) indexer: `elasticsearch` or `meilisearch`
- A HA-ready external object/asset storage (`minio`) (optional, assets can also be stored on the RWX file-system)
- A HA-ready cache (`redis-cluster`)
- A HA-ready DB
-
-`postgres.enabled`, which default to `true`, must be set to `false` for a HA setup.
-The default `postgres` chart dependency is not HA-ready (there's a dedicated `postgres-ha` chart).
-
-The following sections discuss each of the components in more detail.
-Note that for each component discussed, the shown configurations only provides a (working) starting point, not necessarily the most optimal setup.
-We try to optimize this document over time as we have gained more experience with HA setups from users.
-
-## Indexers (Issues and code/repo)
-
-The default code indexer `bleve` is not able to allow multiple connections and hence cannot be used in a HA setup.
-Alternatives are `elasticsearch` and `meilisearch` (as of >= 1.19.2).
-Unless you have an existing `elasticsearch` cluster, we recommend using `meilisearch` as it is faster and requires way less resources.
-
-Unfortunately, `meilisearch` does only support the `ISSUE_INDEXER` and not the `REPO_INDEXER` yet ([tracking issue](https://github.com/go-gitea/gitea/pull/24149)).
-This means that the `REPO_INDEXER` must still be disabled for a HA setup right now.
-An alternative to the two options above for the `ISSUE_INDEXER` is `"db"`, however we recommend to just go with `meilisearch` in this case and to not bother the DB with indexing.
-
-To configure `meilisearch` within Gitea, do the following:
-
-```yml
-gitea:
-  config:
-    indexer:
-      ISSUE_INDEXER_CONN_STR: <http://meilisearch.<namespace>.svc.cluster.local:7700>
-      ISSUE_INDEXER_ENABLED: true
-      ISSUE_INDEXER_TYPE: meilisearch
-      REPO_INDEXER_ENABLED: false
-      # REPO_INDEXER_TYPE: meilisearch # not yet working
-```
-
-Unfortunately `meilisearch` cannot be deployed in HA as of now.
-Nevertheless it allows for multiple Gitea requests at the same time and is therefore required in a HA setup.
-
-Exemplary configuration for the [meilisearch-kubernetes](https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch) chart:
-
-```yaml
-persistence:
-  enabled: true
-  accessMode: ReadWriteOnce
-  size: 5Gi
-```
-
-## Cache, session and queue
-
-A `redis` instance is required for the in-memory cache.
-Two options exist:
-
- `redis`
- `redis-cluster`
-
-The chart provides `redis-cluster` as a dependency as this one can be used for both HA and non-HA setups.
-You're also welcome to go with `redis` if you prefer or already have a running instance.
-
-It should be noted that `redis-cluster` support is only available starting with Gitea 1.19.2.
-You can also configure an external (managed) `redis` instance to be used.
-To do so, you need to set the following configuration values yourself:
-
- `gitea.config.queue.TYPE`: redis`
- `gitea.config.queue.CONN_STR`: `<your redis connection string>`
-
- `gitea.config.session.PROVIDER`: `redis`
- `gitea.config.session.PROVIDER_CONFIG`: `<your redis connection string>`
-
- `gitea.config.cache.ENABLED`: `true`
- `gitea.config.cache.ADAPTER`: `redis`
- `gitea.config.cache.HOST`: `<your redis connection string>`
-
-By default, the `redis-cluster` chart provisions three standalone master nodes of which each has a single replica.
-To reduce the number of pods for a default Gitea deployment, we opted to omit the replicas (`replicas: 0`) by default.
-Only the minimum required number of master pods for a functional `redis-cluster` deployment are provisioned.
-For a "proper" `redis-cluster` setup however, we recommend to set `replicas: 1` and `nodes: 6`.
-
-## Object and asset storage
-
-Object/asset storage refers to the storage of attachments, avatars, LFS files, etc.
-While most of these can be stored on the RWX file-system, it is recommended to use an external S3-compatible object storage for such, mainly for performance reasons.
-
-By default the chart provisions a single RWO volume to store everything (repos, avatars, packages, etc.).
-This volume cannot be mounted by multiple pods.
-Hence, a RWX volume is required and (optionally) an external HA-ready object storage.
-
-> **Note:** Double-check that the file permissions are set correctly on the RWX volume! That is everything should be owned by the `git` user which usually has `uid=1000` and `gid=1000`.
-
-To use `minio` you need to deploy and configure an external `minio` instance yourself and explicitly define the `STORAGE_TYPE` values as shown below.
-
-Note that `MINIO_BUCKET` here is just a name and does not refer to a S3 bucket.
-It's the root access point for all objects belonging to the respective application, i.e., to Gitea in this case.
-
-```yaml
-gitea:
-  config:
-    attachment:
-      STORAGE_TYPE: minio
-    lfs:
-      STORAGE_TYPE: minio
-    picture:
-      AVATAR_STORAGE_TYPE: minio
-    "storage.packages":
-      STORAGE_TYPE: minio
-
-    storage:
-      MINIO_ENDPOINT: <minio-headless.<namespace>.svc.cluster.local:9000>
-      MINIO_LOCATION: <location>
-      MINIO_ACCESS_KEY_ID: <access key>
-      MINIO_SECRET_ACCESS_KEY: <secret key>
-      MINIO_BUCKET: <bucket name>
-      MINIO_USE_SSL: false
-```
-
-Exemplary configuration for the [bitnami minio](https://github.com/bitnami/charts/blob/main/bitnami/minio) chart:
-
-```yaml
-auth:
-  rootUser: minio
-mode: distributed
-replicaCount: 4
-persistence:
-  enabled: true
-  size: 20Gi
-  accessModes:
-    - ReadWriteOnce
-```
-
-## Database
-
-If you do not have an HA-ready DB, using a managed database service in the cloud might be the easiest and most robust solution.
-Remember: disable the built-in `postgres` dependency and configure the database connection manually via `gitea.config.database`:
-
-```yml
-gitea:
-  database:
-    builtIn:
-      postgresql:
-        enabled: false
-  config:
-    database:
-      DB_TYPE: postgres
-      HOST: <host>
-      NAME: <name>
-      USER: <user>
-```
-
-## Known issues
-
- Currently Cron jobs are run on all replicas as no leader election is implemented.
-  See [https://github.com/go-gitea/gitea/issues/13791](https://github.com/go-gitea/gitea/issues/13791) for a discussion and possible solution.
-
- Running with multiple replicas slows down Gitea a bit, i.e. page loading time increases. 
@@ -14,6 +14,6 @@
  },
  "devDependencies": {
    "@bitnami/readme-generator-for-helm": "^2.5.0",
-    "markdownlint-cli": "^0.41.0"
+    "markdownlint-cli": "^0.34.0"
  }
 }
@@ -1,60 +0,0 @@
-{
-  $schema: 'https://docs.renovatebot.com/renovate-schema.json',
-  extends: [
-    'gitea>gitea/renovate-config',
-    ':automergeMinor',
-    'schedule:automergeDaily',
-    'schedule:weekends',
-  ],
-  labels: [
-    'kind/dependency',
-  ],
-  automergeStrategy: 'squash',
-  customManagers: [
-    {
-      description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions',
-      customType: 'regex',
-      fileMatch: [
-        '.gitea/workflows/.+\\.ya?ml$',
-      ],
-      matchStrings: [
-        '# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?<currentValue>.+?)["\']?\\s',
-      ],
-    },
-    {
-      description: 'Detect helm-unittest yaml schema file',
-      customType: 'regex',
-      fileMatch: ['.vscode/settings\\.json$'],
-      matchStrings: [
-        'https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json',
-      ],
-      datasourceTemplate: 'github-releases',
-    },
-  ],
-  packageRules: [
-    {
-      groupName: 'subcharts (minor & patch)',
-      matchManagers: [
-        'helmv3',
-      ],
-      matchUpdateTypes: [
-        'minor',
-        'patch',
-        'digest',
-      ],
-    },
-    {
-      groupName: 'workflow dependencies (minor & patch)',
-      matchManagers: [
-        'github-actions',
-        'npm',
-        'custom.regex',
-      ],
-      matchUpdateTypes: [
-        'minor',
-        'patch',
-        'digest',
-      ],
-    },
-  ],
-}
@@ -18,19 +18,3 @@
  echo "Visit http://127.0.0.1:{{ .Values.service.http.port }} to use your application"
  kubectl --namespace {{ .Release.Namespace }} port-forward svc/{{ .Release.Name }}-http {{ .Values.service.http.port }}:{{ .Values.service.http.port }}
 {{- end }}
-{{- $warnings := list -}}
-{{- if eq (get .Values.gitea.config.cache "ADAPTER") "memory" -}}
-  {{- $warnings = append $warnings "Gitea uses 'memory' for caching which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#cache-cache for available options." -}}
-{{- end }}
-{{- if eq (get .Values.gitea.config.queue "TYPE") "level" -}}
-  {{- $warnings = append $warnings "Gitea uses 'leveldb' for queue actions which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#queue-queue-and-queue for available options." -}}
-{{- end }}
-{{- if eq (get .Values.gitea.config.session "PROVIDER") "memory" -}}
-  {{- $warnings = append $warnings "Gitea uses 'memory' for sessions which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#session-session for available options." -}}
-{{- end }}
-{{- if gt (len $warnings) 0 }}
-2. Review these warnings:
-{{- range $warnings }}
-  - {{ . }}
-{{- end }}
-{{- end }}
@@ -2,7 +2,6 @@
 {{/*
 Expand the name of the chart.
 */}}
-
 {{- define "gitea.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
@@ -36,22 +35,14 @@ Create chart name and version as used by the chart label.
 Create image name and tag used by the deployment.
 */}}
 {{- define "gitea.image" -}}
-{{- $fullOverride := .Values.image.fullOverride | default "" -}}
 {{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}}
-{{- $repository := .Values.image.repository -}}
-{{- $separator := ":" -}}
-{{- $tag := .Values.image.tag | default .Chart.AppVersion | toString -}}
+{{- $name := .Values.image.repository -}}
+{{- $tag := .Values.image.tag | default .Chart.AppVersion -}}
 {{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}}
-{{- $digest := "" -}}
-{{- if .Values.image.digest }}
-    {{- $digest = (printf "@%s" (.Values.image.digest | toString)) -}}
-{{- end -}}
-{{- if $fullOverride }}
-    {{- printf "%s" $fullOverride -}}
-{{- else if $registry }}
-    {{- printf "%s/%s%s%s%s%s" $registry $repository $separator $tag $rootless $digest -}}
+{{- if $registry -}}
+  {{- printf "%s/%s:%s%s" $registry $name $tag $rootless -}}
 {{- else -}}
-    {{- printf "%s%s%s%s%s" $repository $separator $tag $rootless $digest -}}
+  {{- printf "%s:%s%s" $name $tag $rootless -}}
 {{- end -}}
 {{- end -}}

@@ -74,7 +65,7 @@ imagePullSecrets:
 Storage Class
 */}}
 {{- define "gitea.persistence.storageClass" -}}
-{{- $storageClass :=  (tpl ( default "" .Values.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }}
+{{- $storageClass := .Values.global.storageClass | default .Values.persistence.storageClass }}
 {{- if $storageClass }}
 storageClassName: {{ $storageClass | quote }}
 {{- end }}
@@ -100,46 +91,16 @@ app.kubernetes.io/name: {{ include "gitea.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}

-{{- define "postgresql-ha.dns" -}}
-{{- if (index .Values "postgresql-ha").enabled -}}
-{{- printf "%s-postgresql-ha-pgpool.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}}
-{{- end -}}
-{{- end -}}
-
 {{- define "postgresql.dns" -}}
-{{- if (index .Values "postgresql").enabled -}}
 {{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.service.ports.postgresql -}}
 {{- end -}}
-{{- end -}}

-{{- define "redis.dns" -}}
-{{- if and ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}}
-{{- fail "redis and redis-cluster cannot be enabled at the same time. Please only choose one." -}}
-{{- else if (index .Values "redis-cluster").enabled -}}
-{{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}}
-{{- else if (index .Values "redis").enabled -}}
-{{- printf "redis://:%s@%s-redis-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis").master.service.ports.redis -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "redis.port" -}}
-{{- if (index .Values "redis-cluster").enabled -}}
-{{ (index .Values "redis-cluster").service.ports.redis }}
-{{- else if (index .Values "redis").enabled -}}
-{{ (index .Values "redis").master.service.ports.redis }}
-{{- end -}}
-{{- end -}}
-
-{{- define "redis.servicename" -}}
-{{- if (index .Values "redis-cluster").enabled -}}
-{{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
-{{- else if (index .Values "redis").enabled -}}
-{{- printf "%s-redis-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
-{{- end -}}
+{{- define "memcached.dns" -}}
+{{- printf "%s-memcached.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.memcached.service.ports.memcached | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

 {{- define "gitea.default_domain" -}}
-{{- printf "%s-http.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain -}}
+{{- printf "%s-gitea.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

 {{- define "gitea.ldap_settings" -}}
@@ -221,7 +182,6 @@ https
      {{- else -}}
        {{- (printf "Key %s cannot be on top level of configuration" $key) | fail -}}
      {{- end -}}
-
    {{- end }}
  {{- end }}

@@ -251,18 +211,6 @@ https
  {{- if not (hasKey .Values.gitea.config "oauth2") -}}
    {{- $_ := set .Values.gitea.config "oauth2" dict -}}
  {{- end -}}
-  {{- if not (hasKey .Values.gitea.config "session") -}}
-    {{- $_ := set .Values.gitea.config "session" dict -}}
-  {{- end -}}
-  {{- if not (hasKey .Values.gitea.config "queue") -}}
-    {{- $_ := set .Values.gitea.config "queue" dict -}}
-  {{- end -}}
-  {{- if not (hasKey .Values.gitea.config "queue.issue_indexer") -}}
-    {{- $_ := set .Values.gitea.config "queue.issue_indexer" dict -}}
-  {{- end -}}
-  {{- if not (hasKey .Values.gitea.config "indexer") -}}
-    {{- $_ := set .Values.gitea.config "indexer" dict -}}
-  {{- end -}}
 {{- end -}}

 {{- define "gitea.inline_configuration.defaults" -}}
@@ -278,36 +226,12 @@ https
  {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
    {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
  {{- end -}}
-  {{- /* redis queue */ -}}
-  {{- if or ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}}
-    {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}}
-    {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}}
-    {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}}
-    {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "redis.dns" .) -}}
-    {{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}}
-    {{- $_ := set .Values.gitea.config.cache "HOST" (include "redis.dns" .) -}}
-  {{- else -}}
-    {{- if not (get .Values.gitea.config.session "PROVIDER") -}}
-      {{- $_ := set .Values.gitea.config.session "PROVIDER" "memory" -}}
+  {{- if .Values.memcached.enabled -}}
+    {{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}}
+    {{- $_ := set .Values.gitea.config.cache "ADAPTER" "memcache" -}}
+    {{- if not (.Values.gitea.config.cache.HOST) -}}
+      {{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}}
    {{- end -}}
-    {{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}}
-      {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" "" -}}
-    {{- end -}}
-    {{- if not (get .Values.gitea.config.queue "TYPE") -}}
-      {{- $_ := set .Values.gitea.config.queue "TYPE" "level" -}}
-    {{- end -}}
-    {{- if not (get .Values.gitea.config.queue "CONN_STR") -}}
-      {{- $_ := set .Values.gitea.config.queue "CONN_STR" "" -}}
-    {{- end -}}
-    {{- if not (get .Values.gitea.config.cache "ADAPTER") -}}
-      {{- $_ := set .Values.gitea.config.cache "ADAPTER" "memory" -}}
-    {{- end -}}
-    {{- if not (get .Values.gitea.config.cache "HOST") -}}
-      {{- $_ := set .Values.gitea.config.cache "HOST" "" -}}
-    {{- end -}}
-  {{- end -}}
-  {{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}}
-     {{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}}
  {{- end -}}
 {{- end -}}

@@ -320,7 +244,7 @@ https
  {{- end -}}
  {{- if not (.Values.gitea.config.server.DOMAIN) -}}
    {{- if gt (len .Values.ingress.hosts) 0 -}}
-      {{- $_ := set .Values.gitea.config.server "DOMAIN" ( tpl (index .Values.ingress.hosts 0).host $) -}}
+      {{- $_ := set .Values.gitea.config.server "DOMAIN" (index .Values.ingress.hosts 0).host -}}
    {{- else -}}
      {{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.default_domain" .) -}}
    {{- end -}}
@@ -355,16 +279,7 @@ https
 {{- end -}}

 {{- define "gitea.inline_configuration.defaults.database" -}}
-  {{- if (index .Values "postgresql-ha" "enabled") -}}
-    {{- $_ := set .Values.gitea.config.database "DB_TYPE"   "postgres" -}}
-    {{- if not (.Values.gitea.config.database.HOST) -}}
-      {{- $_ := set .Values.gitea.config.database "HOST"      (include "postgresql-ha.dns" .) -}}
-    {{- end -}}
-    {{- $_ := set .Values.gitea.config.database "NAME"      (index .Values "postgresql-ha" "global" "postgresql" "database") -}}
-    {{- $_ := set .Values.gitea.config.database "USER"      (index .Values "postgresql-ha" "global" "postgresql" "username") -}}
-    {{- $_ := set .Values.gitea.config.database "PASSWD"    (index .Values "postgresql-ha" "global" "postgresql" "password") -}}
-  {{- end -}}
-  {{- if (index .Values "postgresql" "enabled") -}}
+  {{- if .Values.postgresql.enabled -}}
    {{- $_ := set .Values.gitea.config.database "DB_TYPE"   "postgres" -}}
    {{- if not (.Values.gitea.config.database.HOST) -}}
      {{- $_ := set .Values.gitea.config.database "HOST"      (include "postgresql.dns" .) -}}
@@ -396,41 +311,3 @@ https
 {{- define "gitea.gpg-key-secret-name" -}}
 {{ default (printf "%s-gpg-key" (include "gitea.fullname" .)) .Values.signing.existingSecret }}
 {{- end -}}
-
-{{- define "gitea.serviceAccountName" -}}
-{{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }}
-{{- end -}}
-
-{{- define "ingress.annotations" -}}
-  {{- if .Values.ingress.annotations }}
-  annotations:
-    {{- $tp := typeOf .Values.ingress.annotations }}
-    {{- if eq $tp "string" }}
-      {{- tpl .Values.ingress.annotations . | nindent 4 }}
-    {{- else }}
-      {{- toYaml .Values.ingress.annotations | nindent 4 }}
-    {{- end }}
-  {{- end }}
-{{- end -}}
-
-{{- define "ingress.ingressClassName" -}}
-{{- if ne .Values.ingress.className "" -}}
-# WARNING: 'ingress.className' is deprecated and will be removed in a future release. Use 'ingress.ingressClassName' instead."
-{{ end -}}
-{{- if and (ne .Values.ingress.className "" ) (ne .Values.ingress.ingressClassName "") -}}
-{{- fail "ingress.ingressClassName and ingress.className cannot be defined at the same time. Please only choose one." -}}
-{{- end -}}
-{{- if ne .Values.ingress.className "" -}}
-ingressClassName: {{ tpl .Values.ingress.className . }}
-{{- else if ne .Values.ingress.ingressClassName "" -}}
-ingressClassName: {{ tpl .Values.ingress.ingressClassName . }}
-{{- end -}}
-{{- end -}}
-
-{{- define "gitea.admin.passwordMode" -}}
-{{- if has .Values.gitea.admin.passwordMode (tuple "keepUpdated" "initialOnlyNoReset" "initialOnlyRequireReset") -}}
-{{ .Values.gitea.admin.passwordMode }}
-{{- else -}}
-{{ printf "gitea.admin.passwordMode must be set to one of 'keepUpdated', 'initialOnlyNoReset', or 'initialOnlyRequireReset'. Received: '%s'" .Values.gitea.admin.passwordMode | fail }}
-{{- end -}}
-{{- end -}}
@@ -16,46 +16,32 @@ metadata:
    {{- include "gitea.labels" . | nindent 4 }}
 type: Opaque
 stringData:
-  assertions: |
-
-    {{- /*assert that only one PG dep is enabled */ -}}
-    {{- if and (.Values.postgresql.enabled) (index .Values "postgresql-ha" "enabled") -}}
-      {{- fail "Only one of postgresql or postgresql-ha can be enabled at the same time." -}}
-    {{- end }}
-    
-    {{- /* multiple replicas assertions */ -}}
-    {{- if gt .Values.replicaCount 1.0 -}}
-      {{- if .Values.gitea.config.cron -}}
-        {{- if .Values.gitea.config.cron.GIT_GC_REPOS -}}
-          {{- if eq .Values.gitea.config.cron.GIT_GC_REPOS.ENABLED true -}}
-            {{ fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." }}
-          {{- end }}
-        {{- end }}
-      {{- end }}
-    
-      {{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}}
-        {{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}}
-      {{- end }}
-      {{- if .Values.gitea.config.indexer -}}
-        {{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}}
-          {{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}}
-        {{- end }}
-        {{- if .Values.gitea.config.indexer.REPO_INDEXER_TYPE -}}
-          {{- if eq .Values.gitea.config.indexer.REPO_INDEXER_TYPE "bleve" -}}
-            {{- if .Values.gitea.config.indexer.REPO_INDEXER_ENABLED -}}
-              {{- if eq .Values.gitea.config.indexer.REPO_INDEXER_ENABLED true -}}
-                {{- fail "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -}}
-              {{- end }}
-            {{- end }}
-          {{- end }}
-        {{- end }}
-      {{- end }}
-      
-    {{- end }}
  config_environment.sh: |-
    #!/usr/bin/env bash
    set -euo pipefail

+    ### initial creation of persistent secrets
+    if ![ -f ${GITEA_APP_INI} ]; then
+      function env2ini::generate_initial_secrets() {
+        # These environment variables will either be
+        #   - overwritten with user defined values,
+        #   - initially used to set up Gitea
+        # Anyway, they won't harm existing app.ini files
+
+        export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
+        export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
+        export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)
+        export ENV_TO_INI__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET)
+
+        env2ini::log "...Initial secrets generated\n"
+      }
+    fi
+
+    # ensure a clean start
+    if [ -f ${GITEA_APP_INI} ]; then
+      rm $GITEA_APP_INI
+    fi
+
    function env2ini::log() {
      printf "${1}\n"
    }
@@ -89,14 +75,14 @@ stringData:
      env2ini::log "    + '${setting}'"

      if [[ -z "${section}" ]]; then
-        export "GITEA____${setting^^}=${value}"                           # '^^' makes the variable content uppercase
+        export "ENV_TO_INI____${setting^^}=${value}"                           # '^^' makes the variable content uppercase
        return
      fi

      local masked_section="${section//./_0X2E_}"                            # '//' instructs to replace all matches
      masked_section="${masked_section//-/_0X2D_}"

-      export "GITEA__${masked_section^^}__${setting^^}=${value}"        # '^^' makes the variable content uppercase
+      export "ENV_TO_INI__${masked_section^^}__${setting^^}=${value}"        # '^^' makes the variable content uppercase
    }

    function env2ini::reload_preset_envs() {
@@ -164,22 +150,7 @@ stringData:
      fi
    }

-    function env2ini::generate_initial_secrets() {
-      # These environment variables will either be
-      #   - overwritten with user defined values,
-      #   - initially used to set up Gitea
-      # Anyway, they won't harm existing app.ini files
-
-      export GITEA__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
-      export GITEA__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
-      export GITEA__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)
-      export GITEA__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET)
-
-      env2ini::log "...Initial secrets generated\n"
-    }
-    
-    # save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs
-    env | (grep -e '^GITEA__' || [[ $? == 1 ]]) > /tmp/existing-envs
+    env | (grep ENV_TO_INI || [[ $? == 1 ]]) > /tmp/existing-envs
    
    # MUST BE CALLED BEFORE OTHER CONFIGURATION
    env2ini::generate_initial_secrets
@@ -200,10 +171,10 @@ stringData:
      env2ini::log '  - oauth2.JWT_SECRET'
      env2ini::log '  - server.LFS_JWT_SECRET'

-      unset GITEA__SECURITY__INTERNAL_TOKEN
-      unset GITEA__SECURITY__SECRET_KEY
-      unset GITEA__OAUTH2__JWT_SECRET
-      unset GITEA__SERVER__LFS_JWT_SECRET
+      unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN
+      unset ENV_TO_INI__SECURITY__SECRET_KEY
+      unset ENV_TO_INI__OAUTH2__JWT_SECRET
+      unset ENV_TO_INI__SERVER__LFS_JWT_SECRET
    fi

-    environment-to-ini -o $GITEA_APP_INI
+    environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI
@@ -4,18 +4,11 @@ metadata:
  name: {{ include "gitea.fullname" . }}-http
  labels:
    {{- include "gitea.labels" . | nindent 4 }}
-    {{- if .Values.service.http.labels }}
-    {{- toYaml .Values.service.http.labels  | nindent 4 }}
-    {{- end }}
  annotations:
    {{- toYaml .Values.service.http.annotations | nindent 4 }}
 spec:
  type: {{ .Values.service.http.type }}
-  {{- if eq .Values.service.http.type "LoadBalancer" }}
-  {{- if .Values.service.http.loadBalancerClass }}
-  loadBalancerClass: {{ .Values.service.http.loadBalancerClass }}
-  {{- end }}
-  {{- if and .Values.service.http.loadBalancerIP }}
+  {{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }}
  loadBalancerIP: {{ .Values.service.http.loadBalancerIP  }}
  {{- end }}
  {{- if .Values.service.http.loadBalancerSourceRanges }}
@@ -24,7 +17,6 @@ spec:
    - {{ . }}
  {{- end }}
  {{- end }}
-  {{- end }}
  {{- if .Values.service.http.externalIPs }}
  externalIPs:
    {{- toYaml .Values.service.http.externalIPs | nindent 4 }}
@@ -1,39 +1,58 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "gitea.fullname" . -}}
 {{- $httpPort := .Values.service.http.port -}}
-{{- $pathType := .Values.ingress.pathType -}}
-apiVersion: networking.k8s.io/v1
+{{- $apiVersion := "extensions/v1beta1" -}}
+{{- if .Values.ingress.apiVersion -}}
+{{- $apiVersion = .Values.ingress.apiVersion -}}
+{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}}
+{{- $apiVersion = "networking.k8s.io/v1" }}
+{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}}
+{{- $apiVersion = "networking.k8s.io/v1beta1" }}
+{{- end }}
+apiVersion: {{ $apiVersion }}
 kind: Ingress
 metadata:
  name: {{ $fullName }}
  labels:
    {{- include "gitea.labels" . | nindent 4 }}
-  {{- template "ingress.annotations" . }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
-  {{- include "ingress.ingressClassName" . | nindent 2 }}
+{{- if .Values.ingress.className }}
+  ingressClassName: {{ .Values.ingress.className }}
+{{- end }}
 {{- if .Values.ingress.tls }}
  tls:
  {{- range .Values.ingress.tls }}
    - hosts:
      {{- range .hosts }}
-        - {{ tpl . $ | quote }}
+        - {{ . | quote }}
      {{- end }}
      secretName: {{ .secretName }}
  {{- end }}
 {{- end }}
  rules:
    {{- range .Values.ingress.hosts }}
-    - host: {{ tpl .host $ | quote }}
+    - host: {{ .host | quote }}
      http:
        paths:
-          {{- range (.paths | default (list "/")) }}
-          - path: {{ . }}
-            pathType: {{ $pathType }}
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- if and .pathType (eq $apiVersion "networking.k8s.io/v1") }}
+            pathType: {{ .pathType }}
+            {{- end }}
            backend:
+            {{- if eq $apiVersion "networking.k8s.io/v1" }}
              service:
                name: {{ $fullName }}-http
                port:
                  number: {{ $httpPort }}
+            {{- else }}
+              serviceName: {{ $fullName }}-http
+              servicePort: {{ $httpPort }}
+            {{- end }}
          {{- end }}
    {{- end }}
 {{- end }}
@@ -61,81 +61,19 @@ stringData:
      echo "Gitea migrate might fail due to database connection...This init-container will try again in a few seconds"
      exit 1
    }
-
-    {{- if include "redis.servicename" . }}
-    function test_redis_connection() {
-      local RETRY=0
-      local MAX=30
-      
-      echo 'Wait for redis to become avialable...'
-      until [ "${RETRY}" -ge "${MAX}" ]; do
-        nc -vz -w2 {{ include "redis.servicename" . }} {{ include "redis.port" . }} && break
-        RETRY=$[${RETRY}+1]
-        echo "...not ready yet (${RETRY}/${MAX})"
-      done
-
-      if [ "${RETRY}" -ge "${MAX}" ]; then
-        echo "Redis not reachable after '${MAX}' attempts!"
-        exit 1
-      fi
-    }
-
-    test_redis_connection
-    {{- end }}
    

    {{- if or .Values.gitea.admin.existingSecret (and .Values.gitea.admin.username .Values.gitea.admin.password) }}
    function configure_admin_user() {
-      local full_admin_list=$(gitea admin user list --admin)
-      local actual_user_table=''
-
-      # We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line
-      local regex="(.*)(ID\s+Username\s+Email\s+IsActive.*)"
-      if [[ "${full_admin_list}" =~ $regex ]]; then
-        actual_user_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline
-      else
-        # This code block should never be reached, as long as the output table header remains the same.
-        # If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script.
-
-        echo "ERROR: 'configure_admin_user' was not able to determine the current list of admin users."
-        echo "       Please review the output of 'gitea admin user list --admin' shown below."
-        echo "       If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues."
-        echo "DEBUG: Output of 'gitea admin user list --admin'"
-        echo "--"
-        echo "${full_admin_list}"
-        echo "--"
-        exit 1
-      fi
-
-      local ACCOUNT_ID=$(echo "${actual_user_table}" | grep -E "\s+${GITEA_ADMIN_USERNAME}\s+" | awk -F " " "{printf \$1}")
+      local ACCOUNT_ID=$(gitea admin user list --admin | grep -e "\s\+${GITEA_ADMIN_USERNAME}\s\+" | awk -F " " "{printf \$1}")
      if [[ -z "${ACCOUNT_ID}" ]]; then
-        local -a create_args
-        create_args=(--admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }})
-        if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = initialOnlyRequireReset ]]; then
-          create_args+=(--must-change-password=true)
-        else
-          create_args+=(--must-change-password=false)
-        fi
        echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..."
-        gitea admin user create "${create_args[@]}"
+        gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }} --must-change-password=false
        echo '...created.'
      else
-        if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = keepUpdated ]]; then
-          echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..."
-          # See https://gitea.com/gitea/helm-chart/issues/673
-          # --must-change-password argument was added to change-password, defaulting to true, counter to the previous behavior
-          #   which acted as if it were provided with =false. If the argument is present in this version of gitea, then we
-          #   should add it to prevent requiring frequent admin password resets.
-          local -a change_args
-          change_args=(--username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}")
-          if gitea admin user change-password --help | grep -qF -- '--must-change-password'; then
-            change_args+=(--must-change-password=false)
-          fi
-          gitea admin user change-password "${change_args[@]}"
-          echo '...password sync done.'
-        else
-          echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist, but update mode is set to '${GITEA_ADMIN_PASSWORD_MODE}'. Skipping."
-        fi
+        echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..."
+        gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}"
+        echo '...password sync done.'
      fi
    }

@@ -146,28 +84,7 @@ stringData:
      {{- if .Values.gitea.ldap }}
      {{- range $idx, $value := .Values.gitea.ldap }}
      local LDAP_NAME={{ (printf "%s" $value.name) | squote }}
-      local full_auth_list=$(gitea admin auth list --vertical-bars)
-      local actual_auth_table=''
-
-      # We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line
-      local regex="(.*)(ID\s+\|Name\s+\|Type\s+\|Enabled.*)"
-      if [[ "${full_auth_list}" =~ $regex ]]; then
-        actual_auth_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline
-      else
-        # This code block should never be reached, as long as the output table header remains the same.
-        # If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script.
-
-        echo "ERROR: 'configure_ldap' was not able to determine the current list of authentication sources."
-        echo "       Please review the output of 'gitea admin auth list --vertical-bars' shown below."
-        echo "       If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues."
-        echo "DEBUG: Output of 'gitea admin auth list --vertical-bars'"
-        echo "--"
-        echo "${full_auth_list}"
-        echo "--"
-        exit 1
-      fi
-
-      local GITEA_AUTH_ID=$(echo "${actual_auth_table}" | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " "  "{print \$1}")
+      local GITEA_AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " "  "{print \$1}")

      if [[ -z "${GITEA_AUTH_ID}" ]]; then
        echo "No ldap configuration found with name '${LDAP_NAME}'. Installing it now..."
@@ -190,28 +107,7 @@ stringData:
      {{- if .Values.gitea.oauth }}
      {{- range $idx, $value := .Values.gitea.oauth }}
      local OAUTH_NAME={{ (printf "%s" $value.name) | squote }}
-      local full_auth_list=$(gitea admin auth list --vertical-bars)
-      local actual_auth_table=''
-
-      # We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line
-      local regex="(.*)(ID\s+\|Name\s+\|Type\s+\|Enabled.*)"
-      if [[ "${full_auth_list}" =~ $regex ]]; then
-        actual_auth_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline
-      else
-        # This code block should never be reached, as long as the output table header remains the same.
-        # If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script.
-
-        echo "ERROR: 'configure_oauth' was not able to determine the current list of authentication sources."
-        echo "       Please review the output of 'gitea admin auth list --vertical-bars' shown below."
-        echo "       If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues."
-        echo "DEBUG: Output of 'gitea admin auth list --vertical-bars'"
-        echo "--"
-        echo "${full_auth_list}"
-        echo "--"
-        exit 1
-      fi
-
-      local AUTH_ID=$(echo "${actual_auth_table}" | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " "  "{print \$1}")
+      local AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " "  "{print \$1}")

      if [[ -z "${AUTH_ID}" ]]; then
        echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..."
@@ -1,17 +0,0 @@
-{{- if .Values.podDisruptionBudget -}}
-{{- if .Capabilities.APIVersions.Has "policy/v1" }}
-apiVersion: policy/v1
-{{- else }}
-apiVersion: policy/v1beta1
-{{- end }}
-kind: PodDisruptionBudget
-metadata:
-  name: {{ include "gitea.fullname" . }}
-  labels:
-    {{- include "gitea.labels" . | nindent 4 }}
-spec:
-  selector:
-    matchLabels:
-      {{- include "gitea.selectorLabels" . | nindent 6 }}
-  {{- toYaml .Values.podDisruptionBudget | nindent 2 }}
-{{- end -}}
@@ -1,26 +0,0 @@
-{{- if and .Values.persistence.enabled .Values.persistence.create }}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ .Values.persistence.claimName }}
-  namespace: {{ $.Release.Namespace }}
-  annotations:
-{{ .Values.persistence.annotations | toYaml | indent 4}}
-  labels:
-{{ .Values.persistence.labels | toYaml | indent 4}}
-spec:
-  accessModes:
-  {{- if gt .Values.replicaCount 1.0 }}
-      - ReadWriteMany
-  {{- else }}
-    {{- .Values.persistence.accessModes | toYaml | nindent 4 }}
-  {{- end }}
-  volumeMode: Filesystem
-  {{- include "gitea.persistence.storageClass" . | nindent 2 }}
-  {{- with .Values.persistence.volumeName }}
-  volumeName: {{ . }}
-  {{- end }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.size }}
-{{- end }}
@@ -1,21 +0,0 @@
-{{- if .Values.serviceAccount.create }}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "gitea.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- include "gitea.labels" . | nindent 4 }}
-    {{- with .Values.serviceAccount.labels }}
-    {{- . | toYaml | nindent 4 }}
-  {{- end }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- . | toYaml | nindent 4 }}
-  {{- end }}
-automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
-{{- with .Values.serviceAccount.imagePullSecrets }}
-imagePullSecrets:
-  {{- . | toYaml | nindent 2 }}
-{{- end }}
-{{- end }}
@@ -4,17 +4,11 @@ metadata:
  name: {{ include "gitea.fullname" . }}-ssh
  labels:
    {{- include "gitea.labels" . | nindent 4 }}
-    {{- if .Values.service.ssh.labels }}
-    {{- toYaml .Values.service.ssh.labels  | nindent 4 }}
-    {{- end }}
  annotations:
    {{- toYaml .Values.service.ssh.annotations | nindent 4 }}
 spec:
  type: {{ .Values.service.ssh.type }}
  {{- if eq .Values.service.ssh.type "LoadBalancer" }}
-  {{- if .Values.service.ssh.loadBalancerClass }}
-  loadBalancerClass: {{ .Values.service.ssh.loadBalancerClass }}
-  {{- end }}
  {{- if .Values.service.ssh.loadBalancerIP }}
  loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }}
  {{- end -}}
@@ -45,9 +39,7 @@ spec:
  ports:
  - name: ssh
    port: {{ .Values.service.ssh.port }}
-    {{- if .Values.gitea.config.server.SSH_LISTEN_PORT }}
    targetPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }}
-    {{- end }}
    protocol: TCP
    {{- if .Values.service.ssh.nodePort }}
    nodePort: {{ .Values.service.ssh.nodePort }}
@@ -1,31 +1,22 @@
 apiVersion: apps/v1
-kind: Deployment
+kind: StatefulSet
 metadata:
  name: {{ include "gitea.fullname" . }}
  annotations:
-    {{- if .Values.deployment.annotations }}
-    {{- toYaml .Values.deployment.annotations | nindent 4 }}
+    {{- if .Values.statefulset.annotations }}
+    {{- toYaml .Values.statefulset.annotations | nindent 4 }}
    {{- end }}
  labels:
    {{- include "gitea.labels" . | nindent 4 }}
-    {{- if .Values.deployment.labels }}
-    {{- toYaml .Values.deployment.labels | nindent 4 }}
-    {{- end }}
 spec:
  replicas: {{ .Values.replicaCount }}
-  strategy:
-    type: {{ .Values.strategy.type }}
-    {{- if eq .Values.strategy.type "RollingUpdate" }}
-    rollingUpdate:
-      maxUnavailable: {{ .Values.strategy.rollingUpdate.maxUnavailable }}
-      maxSurge: {{ .Values.strategy.rollingUpdate.maxSurge }}
-    {{- end }}
  selector:
    matchLabels:
      {{- include "gitea.selectorLabels" . | nindent 6 }}
-      {{- if .Values.deployment.labels }}
-      {{- toYaml .Values.deployment.labels | nindent 6 }}
+      {{- if .Values.statefulset.labels }}
+      {{- toYaml .Values.statefulset.labels | nindent 6 }}
      {{- end }}
+  serviceName: {{ include "gitea.fullname" . }}
  template:
    metadata:
      annotations:
@@ -41,16 +32,13 @@ spec:
        {{- end }}
      labels:
        {{- include "gitea.labels" . | nindent 8 }}
-        {{- if .Values.deployment.labels }}
-        {{- toYaml .Values.deployment.labels | nindent 8 }}
+        {{- if .Values.statefulset.labels }}
+        {{- toYaml .Values.statefulset.labels | nindent 8 }}
        {{- end }}
    spec:
      {{- if .Values.schedulerName }}
      schedulerName: "{{ .Values.schedulerName }}"
      {{- end }}
-      {{- if (or .Values.serviceAccount.create .Values.serviceAccount.name) }}
-      serviceAccountName: {{ include "gitea.serviceAccountName" . }}
-      {{- end }}
      {{- if .Values.priorityClassName }}
      priorityClassName: "{{ .Values.priorityClassName }}"
      {{- end }}
@@ -71,8 +59,8 @@ spec:
              value: /data
            - name: GITEA_TEMP
              value: /tmp/gitea
-            {{- if .Values.deployment.env }}
-            {{- toYaml .Values.deployment.env | nindent 12 }}
+            {{- if .Values.statefulset.env }}
+            {{- toYaml .Values.statefulset.env | nindent 12 }}
            {{- end }}
            {{- if .Values.signing.enabled }}
            - name: GNUPGHOME
@@ -106,8 +94,8 @@ spec:
              value: /data
            - name: GITEA_TEMP
              value: /tmp/gitea
-            {{- if .Values.deployment.env }}
-            {{- toYaml .Values.deployment.env | nindent 12 }}
+            {{- if .Values.statefulset.env }}
+            {{- toYaml .Values.statefulset.env | nindent 12 }}
            {{- end }}
            {{- if .Values.gitea.additionalConfigFromEnvs }}
            {{- toYaml .Values.gitea.additionalConfigFromEnvs | nindent 12 }}
@@ -243,10 +231,8 @@ spec:
            - name: GITEA_ADMIN_PASSWORD
              value: {{ .Values.gitea.admin.password | quote }}
            {{- end }}
-            - name: GITEA_ADMIN_PASSWORD_MODE
-              value: {{ include "gitea.admin.passwordMode" $ }}
-            {{- if .Values.deployment.env }}
-            {{- toYaml .Values.deployment.env | nindent 12 }}
+            {{- if .Values.statefulset.env }}
+            {{- toYaml .Values.statefulset.env | nindent 12 }}
            {{- end }}
          volumeMounts:
            - name: init
@@ -261,7 +247,7 @@ spec:
            {{- include "gitea.init-additional-mounts" . | nindent 12 }}
          resources:
            {{- toYaml .Values.initContainers.resources | nindent 12 }}
-      terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }}
+      terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }}
      containers:
        - name: {{ .Chart.Name }}
          image: "{{ include "gitea.image" . }}"
@@ -294,8 +280,8 @@ spec:
            - name: GNUPGHOME
              value: {{ .Values.signing.gpgHome }}
            {{- end }}
-            {{- if .Values.deployment.env }}
-            {{- toYaml .Values.deployment.env | nindent 12 }}
+            {{- if .Values.statefulset.env }}
+            {{- toYaml .Values.statefulset.env | nindent 12 }}
            {{- end }}
          ports:
            - name: ssh
@@ -351,10 +337,6 @@ spec:
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
-    {{- with .Values.topologySpreadConstraints }}
-      topologySpreadConstraints: 
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
@@ -393,13 +375,38 @@ spec:
                path: private.asc
            defaultMode: 0100
        {{- end }}
-  {{- if .Values.persistence.enabled }}
-    {{- if .Values.persistence.mount }}
+  {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
        - name: data
          persistentVolumeClaim:
-            claimName: {{ .Values.persistence.claimName }}
-    {{- end }}
+  {{- with .Values.persistence.existingClaim }}
+            claimName: {{ tpl . $ }}
+  {{- end }}
  {{- else if not .Values.persistence.enabled }}
        - name: data
          emptyDir: {}
-  {{- end }}
+  {{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      {{- with .Values.persistence.annotations }}
+        annotations:
+        {{- range $key, $value := . }}
+          {{ $key }}: {{ $value }}
+        {{- end }}
+      {{- end }}
+      {{- with .Values.persistence.labels }}
+        labels:
+        {{- range $key, $value := . }}
+          {{ $key }}: {{ $value }}
+        {{- end }}
+      {{- end }}
+      spec:
+        accessModes:
+          {{- range .Values.persistence.accessModes }}
+            - {{ . | quote }}
+          {{- end }}
+        {{- include "gitea.persistence.storageClass" . | indent 8 }}
+        resources:
+          requests:
+            storage: {{ .Values.persistence.size | quote }}
+  {{- end }}
@@ -1,66 +0,0 @@
-suite: config template | cache config
-release:
-  name: gitea-unittests
-  namespace: testing
-tests:
-  - it: "cache is configured correctly for redis-cluster"
-    template: templates/gitea/config.yaml
-    set:
-      redis-cluster:
-        enabled: true
-      redis:
-        enabled: false
-    asserts:
-      - documentIndex: 0
-        equal:
-          path: stringData.cache
-          value: |-
-            ADAPTER=redis
-            HOST=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
-
-  - it: "cache is configured correctly for redis"
-    template: templates/gitea/config.yaml
-    set:
-      redis-cluster:
-        enabled: false
-      redis:
-        enabled: true
-    asserts:
-      - documentIndex: 0
-        equal:
-          path: stringData.cache
-          value: |-
-            ADAPTER=redis
-            HOST=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
-
-  - it: "cache is configured correctly for 'memory' when redis (or redis-cluster) is disabled"
-    template: templates/gitea/config.yaml
-    set:
-      redis-cluster:
-        enabled: false
-      redis:
-        enabled: false
-    asserts:
-      - documentIndex: 0
-        equal:
-          path: stringData.cache
-          value: |-
-            ADAPTER=memory
-            HOST=
-
-  - it: "cache can be customized when redis (or redis-cluster) is disabled"
-    template: templates/gitea/config.yaml
-    set:
-      redis-cluster:
-        enabled: false
-      redis:
-        enabled: false
-      gitea.config.cache.ADAPTER: custom-adapter
-      gitea.config.cache.HOST: custom-host
-    asserts:
-      - documentIndex: 0
-        equal:
-          path: stringData.cache
-          value: |-
-            ADAPTER=custom-adapter
-            HOST=custom-host
@@ -1,30 +0,0 @@
-suite: config template | database section (postgresql-ha)
-release:
-  name: gitea-unittests
-  namespace: testing
-tests:
-  - it: connects to pgpool service
-    template: templates/gitea/config.yaml
-    set:
-      postgresql:
-        enabled: false
-      postgresql-ha:
-        enabled: true
-    asserts:
-      - documentIndex: 0
-        matchRegex:
-          path: stringData.database
-          pattern: HOST=gitea-unittests-postgresql-ha-pgpool.testing.svc.cluster.local:5432
-  - it: renders the referenced service
-    template: charts/postgresql-ha/templates/pgpool/service.yaml
-    set:
-      postgresql:
-        enabled: false
-      postgresql-ha:
-        enabled: true
-    asserts:
-      - containsDocument:
-          kind: Service
-          apiVersion: v1
-          name: gitea-unittests-postgresql-ha-pgpool
-          namespace: testing
@@ -1,30 +0,0 @@
-suite: config template | database section (postgresql)
-release:
-  name: gitea-unittests
-  namespace: testing
-tests:
-  - it: "connects to postgresql service"
-    template: templates/gitea/config.yaml
-    set:
-      postgresql:
-        enabled: true
-      postgresql-ha:
-        enabled: false
-    asserts:
-      - documentIndex: 0
-        matchRegex:
-          path: stringData.database
-          pattern: HOST=gitea-unittests-postgresql.testing.svc.cluster.local:5432
-  - it: "renders the referenced service"
-    template: charts/postgresql/templates/primary/svc.yaml
-    set:
-      postgresql:
-        enabled: true
-      postgresql-ha:
-        enabled: false
-    asserts:
-      - containsDocument:
-          kind: Service
-          apiVersion: v1
-          name: gitea-unittests-postgresql
-          namespace: testing
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
pat-s	abf6e2c8a9	create initial secrets before app.ini removal	2023-05-29 20:13:00 +02:00
pat-s	b663ab88a2	condition on existence	2023-05-29 12:07:24 +02:00
pat-s	01b2cd6858	remove existing `app.ini` before creating it	2023-05-29 11:54:19 +02:00