lunny/helm-chart
1
0
Fork 0
Code Issues 36 Pull Requests 14 Actions Packages Projects Releases 93 Wiki Activity

rebased: Add Gitea Actions act runner #666

Merged
vjm merged 27 commits from gitea-actions into main 2024-11-10 13:35:57 +00:00
Conversation 27 Commits 27 Files Changed 24 +363 -10
19 changed files with 363 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit e6525acfb7 - Show all commits

15
templates/_helpers.tpl
View File

@ -220,6 +220,15 @@ https
{{- end -}}
{{- end -}}
{{- define "gitea.act_runner.local_root_url" -}}
{{- if not .Values.gitea.config.server.LOCAL_ROOT_URL -}}
{{- printf "http://%s-http:%.0f" (include "gitea.fullname" .) .Values.service.http.port -}}
{{- else -}}
{{/* fallback for allowing to overwrite this value via inline config */}}
{{- .Values.gitea.config.server.LOCAL_ROOT_URL -}}
{{- end -}}
{{- end -}}
{{- define "gitea.inline_configuration" -}}
{{- include "gitea.inline_configuration.init" . -}}
{{- include "gitea.inline_configuration.defaults" . -}}
@ -334,7 +343,7 @@ https
{{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}}
{{- end -}}
{{- if not .Values.gitea.config.actions.ENABLED -}}
{{- $_ := set .Values.gitea.config.actions "ENABLED" "false" -}}
{{- $_ := set .Values.gitea.config.actions "ENABLED" (ternary "true" "false" .Values.actions.enabled) -}}
{{- end -}}
{{- end -}}
@ -355,8 +364,8 @@ https
{{- if not .Values.gitea.config.server.ROOT_URL -}}
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" (include "gitea.public_protocol" .) .Values.gitea.config.server.DOMAIN) -}}
{{- end -}}
{{- if not .Values.gitea.config.server.LOCAL_ROOT_URL -}}
{{- $_ := set .Values.gitea.config.server "LOCAL_ROOT_URL" (printf "http://%s-http:%.0f" (include "gitea.fullname" .) .Values.service.http.port) -}}
{{- if .Values.actions.enabled -}}
{{- $_ := set .Values.gitea.config.server "LOCAL_ROOT_URL" (include "gitea.act_runner.local_root_url" .) -}}
{{- end -}}
{{- if not .Values.gitea.config.server.SSH_DOMAIN -}}
{{- $_ := set .Values.gitea.config.server "SSH_DOMAIN" .Values.gitea.config.server.DOMAIN -}}

15
templates/gitea/act_runner/01-consistency-checks.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if .Values.actions.enabled -}}
{{- if .Values.actions.provisioning.enabled -}}
{{- if not (and .Values.persistence.enabled .Values.persistence.mount) -}}
{{- fail "persistence.enabled and persistence.mount are required when provisioning is enabled" -}}
{{- end -}}
{{- if and .Values.persistence.enabled .Values.persistence.mount -}}
{{- if .Values.actions.existingSecret -}}
{{- fail "Can't specify both actions.provisioning.enabled and actions.existingSecret" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if and (not .Values.actions.provisioning.enabled) (or (empty .Values.actions.existingSecret) (empty .Values.actions.existingSecretKey)) -}}
{{- fail "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled" -}}
{{- end -}}
{{- end -}}

2
templates/gitea/act_runner/config-scripts.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.actions.enabled }}
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
---
apiVersion: v1
@ -9,3 +10,4 @@ metadata:
data:
{{ (.Files.Glob "scripts/*.sh").AsConfig | indent 2 }}
{{- end }}
{{- end }}

5
templates/gitea/act_runner/job.yaml
View File

@ -1,7 +1,5 @@
{{- if .Values.actions.enabled }}
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
{{- if .Values.actions.existingSecret }}
{{- fail "Can't specify both actions.provisioning.enabled and actions.existingSecret" }}
{{- end }}
{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
---
@ -113,3 +111,4 @@ spec:
completions: 1
backoffLimit: 1
{{- end }}
{{- end }}

2
templates/gitea/act_runner/role-job.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.actions.enabled }}
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
@ -21,3 +22,4 @@ rules:
- update
- patch
{{- end }}
{{- end }}

2
templates/gitea/act_runner/rolebinding-job.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.actions.enabled }}
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
@ -18,3 +19,4 @@ subjects:
name: {{ $name }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}

2
templates/gitea/act_runner/secret-token.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.actions.enabled }}
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
@ -15,3 +16,4 @@ data:
token: {{ (b64dec (index $secret.data "token")) | b64enc }}
{{ end -}}
{{- end }}
{{- end }}

2
templates/gitea/act_runner/serviceaccount-job.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.actions.enabled }}
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
---
@ -9,3 +10,4 @@ metadata:
{{- include "gitea.labels" . | nindent 4 }}
app.kubernetes.io/component: token-job
{{- end }}
{{- end }}

2
templates/gitea/act_runner/statefulset.yaml
View File

@ -54,7 +54,7 @@ spec:
name: "{{ .Values.actions.existingSecret | default $secretName }}"
key: "{{ .Values.actions.existingSecretKey | default "token" }}"
- name: GITEA_INSTANCE_URL
value: {{ .Values.gitea.config.server.LOCAL_ROOT_URL | quote }}
value: {{ include "gitea.act_runner.local_root_url" . }}
- name: CONFIG_FILE
value: /actrunner/config.yaml
resources:

69
unittests/act_runner/01-consistency-checks.yaml Normal file
View File

@ -0,0 +1,69 @@
suite: actions template | consistency checks
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/act_runner/01-consistency-checks.yaml
tests:
- it: fails when provisioning is enabled BUT persistence is completely disabled
set:
persistence:
enabled: false
actions:
enabled: true
provisioning:
enabled: true
asserts:
- failedTemplate:
errorMessage: "persistence.enabled and persistence.mount are required when provisioning is enabled"
- it: fails when provisioning is enabled BUT mount is disabled, although persistence is enabled
set:
persistence:
enabled: true
mount: false
actions:
enabled: true
provisioning:
enabled: true
asserts:
- failedTemplate:
errorMessage: "persistence.enabled and persistence.mount are required when provisioning is enabled"
- it: fails when provisioning is enabled AND existingSecret is given
set:
actions:
enabled: true
provisioning:
enabled: true
existingSecret: "secret-reference"
asserts:
- failedTemplate:
errorMessage: "Can't specify both actions.provisioning.enabled and actions.existingSecret"
- it: fails when provisioning is disabled BUT existingSecret and existingSecretKey are missing
set:
actions:
enabled: true
provisioning:
enabled: false
asserts:
- failedTemplate:
errorMessage: "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled"
- it: fails when provisioning is disabled BUT existingSecretKey is missing
set:
actions:
enabled: true
provisioning:
enabled: false
existingSecret: "my-secret"
asserts:
- failedTemplate:
errorMessage: "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled"
- it: fails when provisioning is disabled BUT existingSecret is missing
set:
actions:
enabled: true
provisioning:
enabled: false
existingSecretKey: "my-secret-key"
asserts:
- failedTemplate:
errorMessage: "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled"

5
unittests/act_runner/config-act-runner.yaml
View File

@ -6,6 +6,11 @@ release:
templates:
- templates/gitea/act_runner/config-act-runner.yaml
tests:
- it: doesn't renders a ConfigMap by default
template: templates/gitea/act_runner/config-act-runner.yaml
asserts:
- hasDocuments:
count: 0
- it: renders a ConfigMap
template: templates/gitea/act_runner/config-act-runner.yaml
set:

26
unittests/act_runner/config-scripts.yaml
View File

@ -5,10 +5,11 @@ release:
templates:
- templates/gitea/act_runner/config-scripts.yaml
tests:
- it: renders a ConfigMap
- it: renders a ConfigMap when all criteria are met
template: templates/gitea/act_runner/config-scripts.yaml
set:
actions:
enabled: true
provisioning:
enabled: true
persistence:
@ -23,3 +24,26 @@ tests:
name: gitea-unittests-scripts
- isNotNullOrEmpty:
path: data["token.sh"]
- it: doesn't renders a ConfigMap by default
template: templates/gitea/act_runner/config-scripts.yaml
asserts:
- hasDocuments:
count: 0
- it: doesn't renders a ConfigMap with disabled actions but enabled provisioning
template: templates/gitea/act_runner/config-scripts.yaml
asserts:
- hasDocuments:
count: 0
- it: doesn't renders a ConfigMap with disabled actions but otherwise met criteria
template: templates/gitea/act_runner/config-scripts.yaml
set:
actions:
enabled: false
provisioning:
enabled: true
persistence:
enabled: true
mount: true
asserts:
- hasDocuments:
count: 0

19
unittests/act_runner/job.yaml
View File

@ -3,7 +3,7 @@ release:
name: gitea-unittests
namespace: testing
chart:
# Override appVersion to be consistent with used digest :)
# Override appVersion to have a pinned version for comparison
appVersion: 1.19.3
templates:
- templates/gitea/act_runner/job.yaml
@ -12,6 +12,7 @@ tests:
template: templates/gitea/act_runner/job.yaml
set:
actions:
enabled: true
provisioning:
enabled: true
persistence:
@ -32,6 +33,7 @@ tests:
set:
image.tag: "1.19.4"
actions:
enabled: true
provisioning:
enabled: true
publish:
@ -46,3 +48,18 @@ tests:
- equal:
path: spec.template.spec.containers[1].image
value: "bitnami/kubectl:1.29.0"
- it: doesn't renders a Job by default
template: templates/gitea/act_runner/job.yaml
asserts:
- hasDocuments:
count: 0
- it: doesn't renders a Job when provisioning is enabled BUT actions are not enabled
template: templates/gitea/act_runner/job.yaml
set:
actions:
enabled: false
provisioning:
enabled: true
asserts:
- hasDocuments:
count: 0

19
unittests/act_runner/role-job.yaml
View File

@ -5,10 +5,16 @@ release:
templates:
- templates/gitea/act_runner/role-job.yaml
tests:
- it: doesn't renders a Role by default
template: templates/gitea/act_runner/role-job.yaml
asserts:
- hasDocuments:
count: 0
- it: renders a Role
template: templates/gitea/act_runner/role-job.yaml
set:
actions:
enabled: true
provisioning:
enabled: true
persistence:
@ -21,3 +27,16 @@ tests:
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
name: gitea-unittests-actions-token-job
- it: doesn't renders a Role when criteria met BUT actions are not enabled
template: templates/gitea/act_runner/role-job.yaml
set:
actions:
enabled: false
provisioning:
enabled: true
persistence:
enabled: true
mount: true
asserts:
- hasDocuments:
count: 0

19
unittests/act_runner/rolebinding-job.yaml
View File

@ -5,10 +5,16 @@ release:
templates:
- templates/gitea/act_runner/rolebinding-job.yaml
tests:
- it: doesn't renders a RoleBinding by default
template: templates/gitea/act_runner/rolebinding-job.yaml
asserts:
- hasDocuments:
count: 0
- it: renders a RoleBinding
template: templates/gitea/act_runner/rolebinding-job.yaml
set:
actions:
enabled: true
provisioning:
enabled: true
persistence:
@ -21,3 +27,16 @@ tests:
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
name: gitea-unittests-actions-token-job
- it: doesn't renders a RoleBinding when criteria met BUT actions are not enabled
template: templates/gitea/act_runner/rolebinding-job.yaml
set:
actions:
enabled: false
provisioning:
enabled: true
persistence:
enabled: true
mount: true
asserts:
- hasDocuments:
count: 0

19
unittests/act_runner/secret-token.yaml
View File

@ -5,10 +5,16 @@ release:
templates:
- templates/gitea/act_runner/secret-token.yaml
tests:
- it: doesn't renders a Secret by default
template: templates/gitea/act_runner/secret-token.yaml
asserts:
- hasDocuments:
count: 0
- it: renders a Secret
template: templates/gitea/act_runner/secret-token.yaml
set:
actions:
enabled: true
provisioning:
enabled: true
persistence:
@ -21,3 +27,16 @@ tests:
kind: Secret
apiVersion: v1
name: gitea-unittests-actions-token
- it: doesn't renders a Secret when criteria met BUT actions are not enabled
template: templates/gitea/act_runner/secret-token.yaml
set:
actions:
enabled: false
provisioning:
enabled: true
persistence:
enabled: true
mount: true
asserts:
- hasDocuments:
count: 0

19
unittests/act_runner/serviceaccount-job.yaml
View File

@ -5,10 +5,16 @@ release:
templates:
- templates/gitea/act_runner/serviceaccount-job.yaml
tests:
- it: doesn't renders a ServiceAccount by default
template: templates/gitea/act_runner/serviceaccount-job.yaml
asserts:
- hasDocuments:
count: 0
- it: renders a ServiceAccount
template: templates/gitea/act_runner/serviceaccount-job.yaml
set:
actions:
enabled: true
provisioning:
enabled: true
persistence:
@ -21,3 +27,16 @@ tests:
kind: ServiceAccount
apiVersion: v1
name: gitea-unittests-actions-token-job
- it: doesn't renders a ServiceAccount when criteria met BUT actions are not enabled
template: templates/gitea/act_runner/serviceaccount-job.yaml
set:
actions:
enabled: false
provisioning:
enabled: true
persistence:
enabled: true
mount: true
asserts:
- hasDocuments:
count: 0

70
unittests/act_runner/statefulset.yaml
View File

@ -5,11 +5,40 @@ release:
templates:
- templates/gitea/act_runner/statefulset.yaml
tests:
- it: renders a StatefulSet
- it: doesn't renders a StatefulSet by default
template: templates/gitea/act_runner/statefulset.yaml
asserts:
- hasDocuments:
count: 0
- it: renders a StatefulSet (with given existingSecret/existingSecretKey)
template: templates/gitea/act_runner/statefulset.yaml
set:
actions:
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-act-runner
- equal:
path: spec.template.spec.containers[0].env[3]
value:
name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: "my-secret"
key: "my-secret-key"
- it: renders a StatefulSet (with secret reference defaults for enabled provisioning)
template: templates/gitea/act_runner/statefulset.yaml
set:
actions:
enabled: true
provisioning:
enabled: true
asserts:
- hasDocuments:
count: 1
@ -25,3 +54,42 @@ tests:
secretKeyRef:
name: "gitea-unittests-actions-token"
key: "token"
- it: renders a StatefulSet (with correct GITEA_INSTANCE_URL env with default act-runner specific LOCAL_ROOT_URL)
template: templates/gitea/act_runner/statefulset.yaml
set:
actions:
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-act-runner
- equal:
path: spec.template.spec.containers[0].env[4]
value:
name: GITEA_INSTANCE_URL
value: "http://gitea-unittests-http:3000"
- it: renders a StatefulSet (with correct GITEA_INSTANCE_URL env from customized LOCAL_ROOT_URL)
template: templates/gitea/act_runner/statefulset.yaml
set:
gitea.config.server.LOCAL_ROOT_URL: "http://git.example.com"
actions:
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-act-runner
- equal:
path: spec.template.spec.containers[0].env[4]
value:
name: GITEA_INSTANCE_URL
value: "http://git.example.com"

61
unittests/config/actions-config.yaml Normal file
View File

@ -0,0 +1,61 @@
suite: config template | actions config
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/config.yaml
tests:
- it: "actions are not enabled by default"
template: templates/gitea/config.yaml
asserts:
- documentIndex: 0
equal:
path: stringData.actions
value: |-
ENABLED=false
- it: "actions can be enabled via inline config"
template: templates/gitea/config.yaml
set:
gitea.config.actions.ENABLED: true
asserts:
- documentIndex: 0
equal:
path: stringData.actions
value: |-
ENABLED=true
- it: "actions can be enabled via dedicated values object"
template: templates/gitea/config.yaml
set:
actions:
enabled: true
asserts:
- documentIndex: 0
equal:
path: stringData.actions
value: |-
ENABLED=true
- it: "defines LOCAL_ROOT_URL when actions are enabled"
template: templates/gitea/config.yaml
set:
actions:
enabled: true
asserts:
- documentIndex: 0
matchRegex:
path: stringData.server
pattern: \nLOCAL_ROOT_URL=http://gitea-unittests-http:3000
- it: "respects custom LOCAL_ROOT_URL, even when actions are enabled"
template: templates/gitea/config.yaml
set:
actions:
enabled: true
gitea.config.server.LOCAL_ROOT_URL: "http://git.example.com"
asserts:
- documentIndex: 0
matchRegex:
path: stringData.server
pattern: \nLOCAL_ROOT_URL=http://git.example.com