lunny/helm-chart
1
0
Fork 0
Code Issues 36 Pull Requests 14 Actions Packages Projects Releases 93 Wiki Activity

rebased: Add Gitea Actions act runner #666

Merged
vjm merged 27 commits from gitea-actions into main 2024-11-10 13:35:57 +00:00
Conversation 27 Commits 27 Files Changed 24 +118 -78
15 changed files with 118 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 938e0b09af - Show all commits

66
README.md
View File

@ -999,40 +999,40 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
| `signing.privateKey` | Inline private gpg key for signed internal Git activity | `""` |
| `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""` |
### GiteaActions
### Gitea Actions
| Name | Description | Value |
| ----------------------------------------------- | --------------------------------------------------------------------------- | ------------------ |
| `actions.statefulset.enabled` | Create an act runner StatefulSet. | `false` |
| `actions.statefulset.annotations` | Act runner annotations | `{}` |
| `actions.statefulset.labels` | Act runner labels | `{}` |
| `actions.statefulset.resources` | Act runner resources | `{}` |
| `actions.statefulset.nodeSelector` | NodeSelector for the statefulset | `{}` |
| `actions.statefulset.tolerations` | Tolerations for the statefulset | `[]` |
| `actions.statefulset.affinity` | Affinity for the statefulset | `{}` |
| `actions.statefulset.config` | Act runner custom configuration. | `""` |
| `actions.statefulset.runnerLabels` | Act runner labels. | `""` |
| `actions.statefulset.actRunnerImage.repository` | The Gitea act runner image | `gitea/act_runner` |
| `actions.statefulset.actRunnerImage.tag` | The Gitea act runner tag | `0.2.6` |
| `actions.statefulset.actRunnerImage.pullPolicy` | The Gitea act runner pullPolicy | `IfNotPresent` |
| `actions.statefulset.dindImage.repository` | The Docker-in-Docker image | `docker` |
| `actions.statefulset.dindImage.tag` | The Docker-in-Docker image tag | `24.0.7-dind` |
| `actions.statefulset.dindImage.pullPolicy` | The Docker-in-Docker pullPolicy | `IfNotPresent` |
| `actions.job.enabled` | Create a job that will create and save the token in a Kubernetes Secret | `false` |
| `actions.job.annotations` | Job's annotations | `{}` |
| `actions.job.labels` | Job's labels | `{}` |
| `actions.job.resources` | Job's resources | `{}` |
| `actions.job.nodeSelector` | NodeSelector for the job | `{}` |
| `actions.job.tolerations` | Tolerations for the job | `[]` |
| `actions.job.affinity` | Affinity for the job | `{}` |
| `actions.job.tokenImage.repository` | The image that can create a token via `gitea actions generate-runner-token` | `gitea/gitea` |
| `actions.job.tokenImage.tag` | The token image tag that can create a token | `""` |
| `actions.job.tokenImage.pullPolicy` | The token image pullPolicy that can create a token | `IfNotPresent` |
| `actions.job.publishImage.repository` | The image that can create the secret via kubectl | `bitnami/kubectl` |
| `actions.job.publishImage.tag` | The publish image tag that can create the secret | `1.29.0` |
| `actions.job.publishImage.pullPolicy` | The publish image pullPolicy that can create the secret | `IfNotPresent` |
| `actions.existingSecret` | Secret that contains the token | `""` |
| `actions.existingSecretKey` | Secret key | `""` |
| Name | Description | Value |
| ------------------------------------------ | --------------------------------------------------------------------------- | ------------------ |
| `actions.enabled` | Create an act runner StatefulSet. | `false` |
| `actions.statefulset.annotations` | Act runner annotations | `{}` |
| `actions.statefulset.labels` | Act runner labels | `{}` |
| `actions.statefulset.resources` | Act runner resources | `{}` |
| `actions.statefulset.nodeSelector` | NodeSelector for the statefulset | `{}` |
| `actions.statefulset.tolerations` | Tolerations for the statefulset | `[]` |
| `actions.statefulset.affinity` | Affinity for the statefulset | `{}` |
| `actions.statefulset.config` | Act runner custom configuration. | `""` |
| `actions.statefulset.runnerLabels` | Act runner labels. | `""` |
| `actions.statefulset.actRunner.repository` | The Gitea act runner image | `gitea/act_runner` |
| `actions.statefulset.actRunner.tag` | The Gitea act runner tag | `0.2.6` |
| `actions.statefulset.actRunner.pullPolicy` | The Gitea act runner pullPolicy | `IfNotPresent` |
| `actions.statefulset.dind.repository` | The Docker-in-Docker image | `docker` |
| `actions.statefulset.dind.tag` | The Docker-in-Docker image tag | `25.0.2-dind` |
| `actions.statefulset.dind.pullPolicy` | The Docker-in-Docker pullPolicy | `IfNotPresent` |
| `actions.job.enabled` | Create a job that will create and save the token in a Kubernetes Secret | `false` |
| `actions.job.annotations` | Job's annotations | `{}` |
| `actions.job.labels` | Job's labels | `{}` |
| `actions.job.resources` | Job's resources | `{}` |
| `actions.job.nodeSelector` | NodeSelector for the job | `{}` |
| `actions.job.tolerations` | Tolerations for the job | `[]` |
| `actions.job.affinity` | Affinity for the job | `{}` |
| `actions.job.token.repository` | The image that can create a token via `gitea actions generate-runner-token` | `gitea/gitea` |
| `actions.job.token.tag` | The token image tag that can create a token | `""` |
| `actions.job.token.pullPolicy` | The token image pullPolicy that can create a token | `IfNotPresent` |
| `actions.job.publish.repository` | The image that can create the secret via kubectl | `bitnami/kubectl` |
| `actions.job.publish.tag` | The publish image tag that can create the secret | `1.29.0` |
| `actions.job.publish.pullPolicy` | The publish image pullPolicy that can create the secret | `IfNotPresent` |
| `actions.existingSecret` | Secret that contains the token | `""` |
| `actions.existingSecretKey` | Secret key | `""` |
### Gitea

44
readme-actions-dev.md Normal file
View File

@ -0,0 +1,44 @@
# Gitea Actions
In order to use the Gitea Actions act-runner you must:
- set the following environment variables to `deployment.env` (modify LOCAL_ROOT_URL if you used a different service name):
```yaml
deployment:
env:
- name: GITEA__ACTIONS__ENABLED
value: 'true'
- name: GITEA__SERVER__LOCAL_ROOT_URL
value: http://gitea-http:3000
```
- enable persistence (used for automatic deployment to be able to store the token in a place accessible for the Job)
In order to use Gitea Actions, you must log on the server that's running Gitea and run the command:
`gitea actions generate-runner-token`
This command will out a token that is needed by the act-runner to register with the Gitea backend.
Because this is a manual operation, we automated this using a Kubernetes Job using the following containers:
1) `actions-token-create`: it uses the current `gitea-rootless` image, mounts the persistent directory to `/data/` then it saves the output from `gitea actions generate-runner-token` to `/data/actions/token`
2) `actions-token-upload`: it uses a `bitnami/kubectl` image, mounts the scripts directory (`/scripts`) and
the persistent directory (`/data/`), and using the script from `/scripts/token.sh` stores the token in a Kubernetes secret
After the token is stored in a Kubernetes secret we can create the statefulset that contains the following containers:
1) `act-runner`: authenticates with Gitea using the token that was stored in the secret
2) `dind`: DockerInDocker image that is used to run the actions
If you are not using persistent volumes, you cannot use the Job to automatically generate the token.
In this case, you can use either the Web UI to generate the token or run a shell into a Gitea pod and invoke
the command `gitea actions generate-runner-token`. After generating the token, you must create a secret and use it via:
```yaml
actions:
job:
enabled: false
existingSecret: "secret-name"
existingSecretKey: "secret-key"
```

1
templates/_helpers.tpl
View File

@ -27,7 +27,6 @@ If release name contains chart name it will be used as a full name.
{{/*
Create a default worker name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "gitea.workername" -}}
{{- printf "%s-%s" .global.Release.Name .worker | trunc 63 | trimSuffix "-" -}}

2
templates/gitea/act_runner/config-act-runner.yaml
View File

@ -1,4 +1,4 @@
{{- if and (and .Values.actions.statefulset.enabled .Values.persistence.enabled) .Values.persistence.mount }}
{{- if .Values.actions.enabled }}
---
apiVersion: v1
kind: ConfigMap

8
templates/gitea/act_runner/job.yaml
View File

@ -42,8 +42,8 @@ spec:
done
containers:
- name: actions-token-create
image: "{{ .Values.actions.job.tokenImage.repository }}:{{ .Values.actions.job.tokenImage.tag | default (printf "%s-rootless" .Chart.AppVersion) }}"
imagePullPolicy: {{ .Values.actions.job.tokenImage.pullPolicy }}
image: "{{ .Values.actions.job.token.repository }}:{{ .Values.actions.job.token.tag | default (printf "%s-rootless" .Chart.AppVersion) }}"
imagePullPolicy: {{ .Values.actions.job.token.pullPolicy }}
env:
- name: GITEA_APP_INI
value: /data/gitea/conf/app.ini
@ -63,8 +63,8 @@ spec:
subPath: {{ .Values.persistence.subPath }}
{{- end }}
- name: actions-token-upload
image: "{{ .Values.actions.job.publishImage.repository }}:{{ .Values.actions.job.publishImage.tag }}"
imagePullPolicy: {{ .Values.actions.job.publishImage.pullPolicy }}
image: "{{ .Values.actions.job.publish.repository }}:{{ .Values.actions.job.publish.tag }}"
imagePullPolicy: {{ .Values.actions.job.publish.pullPolicy }}
env:
- name: SECRET_NAME
value: {{ $secretName }}

12
templates/gitea/act_runner/statefulset.yaml
View File

@ -1,4 +1,4 @@
{{- if and (and .Values.actions.statefulset.enabled .Values.persistence.enabled) .Values.persistence.mount }}
{{- if .Values.actions.enabled }}
{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
---
apiVersion: apps/v1
@ -38,8 +38,8 @@ spec:
done
containers:
- name: act-runner
image: "{{ .Values.actions.statefulset.actRunnerImage.repository }}:{{ .Values.actions.statefulset.actRunnerImage.tag }}"
imagePullPolicy: {{ .Values.actions.statefulset.actRunnerImage.pullPolicy }}
image: "{{ .Values.actions.statefulset.actRunner.repository }}:{{ .Values.actions.statefulset.actRunner.tag }}"
imagePullPolicy: {{ .Values.actions.statefulset.actRunner.pullPolicy }}
workingDir: /data
env:
- name: DOCKER_HOST
@ -52,7 +52,7 @@ spec:
valueFrom:
secretKeyRef:
name: "{{ .Values.actions.existingSecret | default $secretName }}"
key: "{{ .Values.actions.existingSecret | default "token" }}"
key: "{{ .Values.actions.existingSecretKey | default "token" }}"
- name: GITEA_INSTANCE_URL
value: "http://{{ include "gitea.fullname" . }}-http:{{ .Values.service.http.port }}"
- name: GITEA_RUNNER_LABELS
@ -70,8 +70,8 @@ spec:
- mountPath: /data
name: data-act-runner
- name: dind
image: "{{ .Values.actions.statefulset.dindImage.repository }}:{{ .Values.actions.statefulset.dindImage.tag }}"
imagePullPolicy: {{ .Values.actions.statefulset.dindImage.pullPolicy }}
image: "{{ .Values.actions.statefulset.dind.repository }}:{{ .Values.actions.statefulset.dind.tag }}"
imagePullPolicy: {{ .Values.actions.statefulset.dind.pullPolicy }}
env:
- name: DOCKER_HOST
value: tcp://127.0.0.1:2376

3
unittests/act_runner/config-act-runner.yaml
View File

@ -9,8 +9,7 @@ tests:
template: templates/gitea/act_runner/config-act-runner.yaml
set:
actions:
statefulset:
enabled: true
enabled: true
asserts:
- hasDocuments:
count: 1

2
unittests/act_runner/config-scripts.yaml
View File

@ -5,7 +5,7 @@ release:
templates:
- templates/gitea/act_runner/config-scripts.yaml
tests:
- it: renders a deployment
- it: renders a ConfigMap
template: templates/gitea/act_runner/config-scripts.yaml
set:
actions:

2
unittests/act_runner/job.yaml
View File

@ -5,7 +5,7 @@ release:
templates:
- templates/gitea/act_runner/job.yaml
tests:
- it: renders a deployment
- it: renders a Job
template: templates/gitea/act_runner/job.yaml
set:
actions:

2
unittests/act_runner/role-job.yaml
View File

@ -5,7 +5,7 @@ release:
templates:
- templates/gitea/act_runner/role-job.yaml
tests:
- it: renders a role
- it: renders a Role
template: templates/gitea/act_runner/role-job.yaml
set:
actions:

2
unittests/act_runner/rolebinding-job.yaml
View File

@ -5,7 +5,7 @@ release:
templates:
- templates/gitea/act_runner/rolebinding-job.yaml
tests:
- it: renders a deployment
- it: renders a RoleBinding
template: templates/gitea/act_runner/rolebinding-job.yaml
set:
actions:

2
unittests/act_runner/secret-token.yaml
View File

@ -5,7 +5,7 @@ release:
templates:
- templates/gitea/act_runner/secret-token.yaml
tests:
- it: renders a deployment
- it: renders a Secret
template: templates/gitea/act_runner/secret-token.yaml
set:
actions:

2
unittests/act_runner/serviceaccount-job.yaml
View File

@ -5,7 +5,7 @@ release:
templates:
- templates/gitea/act_runner/serviceaccount-job.yaml
tests:
- it: renders a deployment
- it: renders a ServiceAccount
template: templates/gitea/act_runner/serviceaccount-job.yaml
set:
actions:

5
unittests/act_runner/statefulset.yaml
View File

@ -5,12 +5,11 @@ release:
templates:
- templates/gitea/act_runner/statefulset.yaml
tests:
- it: renders a deployment
- it: renders a StatefulSet
template: templates/gitea/act_runner/statefulset.yaml
set:
actions:
statefulset:
enabled: true
enabled: true
asserts:
- hasDocuments:
count: 1

43
values.yaml
View File

@ -340,11 +340,11 @@ signing:
existingSecret: ""
# Configure Gitea Actions
# - must enable persistence
# - must enable persistence if the job is enabled
# - must define deployment.env.GITEA__ACTIONS__ENABLED and GITEA__SERVER__LOCAL_ROOT_URL
## @section GiteaActions
## @section Gitea Actions
#
## @param actions.statefulset.enabled Create an act runner StatefulSet.
## @param actions.enabled Create an act runner StatefulSet.
## @param actions.statefulset.annotations Act runner annotations
## @param actions.statefulset.labels Act runner labels
## @param actions.statefulset.resources Act runner resources
@ -353,12 +353,12 @@ signing:
## @param actions.statefulset.affinity Affinity for the statefulset
## @param actions.statefulset.config Act runner custom configuration.
## @param actions.statefulset.runnerLabels Act runner labels.
## @param actions.statefulset.actRunnerImage.repository The Gitea act runner image
## @param actions.statefulset.actRunnerImage.tag The Gitea act runner tag
## @param actions.statefulset.actRunnerImage.pullPolicy The Gitea act runner pullPolicy
## @param actions.statefulset.dindImage.repository The Docker-in-Docker image
## @param actions.statefulset.dindImage.tag The Docker-in-Docker image tag
## @param actions.statefulset.dindImage.pullPolicy The Docker-in-Docker pullPolicy
## @param actions.statefulset.actRunner.repository The Gitea act runner image
## @param actions.statefulset.actRunner.tag The Gitea act runner tag
## @param actions.statefulset.actRunner.pullPolicy The Gitea act runner pullPolicy
## @param actions.statefulset.dind.repository The Docker-in-Docker image
## @param actions.statefulset.dind.tag The Docker-in-Docker image tag
## @param actions.statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy
## @param actions.job.enabled Create a job that will create and save the token in a Kubernetes Secret
## @param actions.job.annotations Job's annotations
## @param actions.job.labels Job's labels
@ -366,18 +366,17 @@ signing:
## @param actions.job.nodeSelector NodeSelector for the job
## @param actions.job.tolerations Tolerations for the job
## @param actions.job.affinity Affinity for the job
## @param actions.job.tokenImage.repository The image that can create a token via `gitea actions generate-runner-token`
## @param actions.job.tokenImage.tag The token image tag that can create a token
## @param actions.job.tokenImage.pullPolicy The token image pullPolicy that can create a token
## @param actions.job.publishImage.repository The image that can create the secret via kubectl
## @param actions.job.publishImage.tag The publish image tag that can create the secret
## @param actions.job.publishImage.pullPolicy The publish image pullPolicy that can create the secret
## @param actions.job.token.repository The image that can create a token via `gitea actions generate-runner-token`
## @param actions.job.token.tag The token image tag that can create a token
## @param actions.job.token.pullPolicy The token image pullPolicy that can create a token
## @param actions.job.publish.repository The image that can create the secret via kubectl
## @param actions.job.publish.tag The publish image tag that can create the secret
## @param actions.job.publish.pullPolicy The publish image pullPolicy that can create the secret
## @param actions.existingSecret Secret that contains the token
## @param actions.existingSecretKey Secret key
actions:
enabled: false
statefulset:
enabled: false
annotations: {}
labels: {}
resources: {}
@ -388,14 +387,14 @@ actions:
config: ""
runnerLabels: ""
actRunnerImage:
actRunner:
repository: gitea/act_runner
tag: 0.2.6
pullPolicy: IfNotPresent
dindImage:
dind:
repository: docker
tag: 24.0.7-dind
tag: 25.0.2-dind
pullPolicy: IfNotPresent
job:
@ -408,12 +407,12 @@ actions:
tolerations: []
affinity: {}
tokenImage:
token:
repository: gitea/gitea
tag: ""
pullPolicy: IfNotPresent
publishImage:
publish:
repository: bitnami/kubectl
tag: 1.29.0
pullPolicy: IfNotPresent