2024-11-10 13:35:57 +00:00
8 changed files with 115 additions and 96 deletions
--- a/templates/gitea/actions/config-act-runner.yaml
+++ b/templates/gitea/actions/config-act-runner.yaml
@ -0,0 +1,15 @@
+{{- if and (and .Values.actions.statefulset.enabled .Values.persistence.enabled) .Values.persistence.mount }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "gitea.fullname" . }}-act-runner-config
+  labels:
+    {{- include "gitea.labels" . | nindent 4 }}
+data:
+  config.yaml: |
+    log:
+      level: debug
+    cache:
+      enabled: false    
+{{- end }}
--- a/templates/gitea/actions/config-scripts.yaml
+++ b/templates/gitea/actions/config-scripts.yaml
@ -0,0 +1,14 @@
+{{- if and (and .Values.actions.job.enabled .Values.persistence.enabled) .Values.persistence.mount }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "gitea.fullname" . }}-scripts
+  labels:
+    {{- include "gitea.labels" . | nindent 4 }}
+  annotations:
+    # helm.sh/hook: post-install
+    # helm.sh/hook-delete-policy: hook-succeeded
+data:
+{{ (.Files.Glob "scripts/*.sh").AsConfig | indent 2 }}
+{{- end }}
--- a/templates/gitea/actions/job.yaml
+++ b/templates/gitea/actions/job.yaml
@ -5,70 +5,6 @@
 {{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
 {{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
 ---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "gitea.fullname" . }}-scripts
-  labels:
-    {{- include "gitea.labels" . | nindent 4 }}
-  annotations:
-    # helm.sh/hook: post-install
-    # helm.sh/hook-delete-policy: hook-succeeded
-data:
-{{ (.Files.Glob "scripts/*.sh").AsConfig | indent 2 }}
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ $name }}
-  labels:
-    {{- include "gitea.labels" . | nindent 4 }}
-    app.kubernetes.io/component: token-job
-  annotations:
-    # helm.sh/hook: post-install
-    # helm.sh/hook-delete-policy: hook-succeeded
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ $name }}
-  labels:
-    {{- include "gitea.labels" . | nindent 4 }}
-    app.kubernetes.io/component: token-job
-  annotations:
-    # helm.sh/hook: post-install
-    # helm.sh/hook-delete-policy: hook-succeeded
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - secrets
-    resourceNames:
-      - {{ $secretName }}
-    verbs:
-      - get
-      - update
-      - patch
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ $name }}
-  labels:
-    {{- include "gitea.labels" . | nindent 4 }}
-    app.kubernetes.io/component: token-job
-  annotations:
-    # helm.sh/hook: post-install
-    # helm.sh/hook-delete-policy: hook-succeeded
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ $name }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ $name }}
-    namespace: {{ .Release.Namespace }}
---
 apiVersion: batch/v1
 kind: Job
 metadata:
@ -154,22 +90,4 @@ spec:
  parallelism: 1
  completions: 1
  backoffLimit: 1
---
-apiVersion: v1
-kind: Secret
-metadata:
-  annotations:
-    # helm.sh/hook: post-install
-    # helm.sh/hook-delete-policy: never
-    argocd.argoproj.io/hook: Skip
-    argocd.argoproj.io/hook-delete-policy: Never
-  name: {{ $secretName }}
-  labels:
-    {{- include "gitea.labels" . | nindent 4 }}
-    app.kubernetes.io/component: token-job
-{{ $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) -}}
-{{ if $secret -}}
-data:
-  token: {{ (b64dec (index $secret.data "token")) | b64enc }}
-{{ end -}}
 {{- end }}
--- a/templates/gitea/actions/role-job.yaml
+++ b/templates/gitea/actions/role-job.yaml
@ -0,0 +1,26 @@
+{{- if and (and .Values.actions.job.enabled .Values.persistence.enabled) .Values.persistence.mount }}
+{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
+{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ $name }}
+  labels:
+    {{- include "gitea.labels" . | nindent 4 }}
+    app.kubernetes.io/component: token-job
+  annotations:
+    # helm.sh/hook: post-install
+    # helm.sh/hook-delete-policy: hook-succeeded
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    resourceNames:
+      - {{ $secretName }}
+    verbs:
+      - get
+      - update
+      - patch
+{{- end }}
--- a/templates/gitea/actions/rolebinding-job.yaml
+++ b/templates/gitea/actions/rolebinding-job.yaml
@ -0,0 +1,23 @@
+{{- if and (and .Values.actions.job.enabled .Values.persistence.enabled) .Values.persistence.mount }}
+{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
+{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ $name }}
+  labels:
+    {{- include "gitea.labels" . | nindent 4 }}
+    app.kubernetes.io/component: token-job
+  annotations:
+    # helm.sh/hook: post-install
+    # helm.sh/hook-delete-policy: hook-succeeded
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ $name }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ $name }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}
--- a/templates/gitea/actions/secret-token.yaml
+++ b/templates/gitea/actions/secret-token.yaml
@ -0,0 +1,22 @@
+{{- if and (and .Values.actions.job.enabled .Values.persistence.enabled) .Values.persistence.mount }}
+{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
+{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    # helm.sh/hook: post-install
+    # helm.sh/hook-delete-policy: never
+    argocd.argoproj.io/hook: Skip
+    argocd.argoproj.io/hook-delete-policy: Never
+  name: {{ $secretName }}
+  labels:
+    {{- include "gitea.labels" . | nindent 4 }}
+    app.kubernetes.io/component: token-job
+{{ $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) -}}
+{{ if $secret -}}
+data:
+  token: {{ (b64dec (index $secret.data "token")) | b64enc }}
+{{ end -}}
+{{- end }}
--- a/templates/gitea/actions/serviceaccount-job.yaml
+++ b/templates/gitea/actions/serviceaccount-job.yaml
@ -0,0 +1,14 @@
+{{- if and (and .Values.actions.job.enabled .Values.persistence.enabled) .Values.persistence.mount }}
+{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ $name }}
+  labels:
+    {{- include "gitea.labels" . | nindent 4 }}
+    app.kubernetes.io/component: token-job
+  annotations:
+    # helm.sh/hook: post-install
+    # helm.sh/hook-delete-policy: hook-succeeded
+{{- end }}
--- a/templates/gitea/actions/statefulset.yaml
+++ b/templates/gitea/actions/statefulset.yaml
@ -1,19 +1,6 @@
 {{- if and (and .Values.actions.statefulset.enabled .Values.persistence.enabled) .Values.persistence.mount }}
 {{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
 ---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "gitea.fullname" . }}-act-runner-config
-  labels:
-    {{- include "gitea.labels" . | nindent 4 }}
-data:
-  config.yaml: |
-    log:
-      level: debug
-    cache:
-      enabled: false    
---
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
@ -22,7 +9,7 @@ metadata:
    {{- if .Values.actions.statefulset.labels }}
    {{- toYaml .Values.actions.statefulset.labels | nindent 4 }}
    {{- end }}
-  name: act-runner
+  name: {{ include "gitea.fullname" . }}-act-runner
 spec:
  selector:
    matchLabels: