diff --git a/README.md b/README.md index a2f676f..d4259c9 100644 --- a/README.md +++ b/README.md @@ -587,7 +587,7 @@ gitea: | `image.repository` | Image to start for this pod | `gitea/gitea` | | `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` | | `image.pullPolicy` | Image pull policy | `Always` | -| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` | +| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` | | `imagePullSecrets` | Secret to use for pulling the image | `[]` | ### Security diff --git a/unittests/init/init_directory_structure.sh-rootless.yaml b/unittests/init/init_directory_structure.sh-rootless.yaml new file mode 100644 index 0000000..854bcce --- /dev/null +++ b/unittests/init/init_directory_structure.sh-rootless.yaml @@ -0,0 +1,68 @@ +suite: Init template +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/init.yaml +tests: + - it: runs gpg in batch mode + set: + signing.enabled: true + signing.privateKey: |- + -----BEGIN PGP PRIVATE KEY BLOCK----- + {placeholder} + -----END PGP PRIVATE KEY BLOCK----- + asserts: + - equal: + path: stringData["configure_gpg_environment.sh"] + value: |- + #!/usr/bin/env bash + set -eu + + gpg --batch --import /raw/private.asc + - it: skips gpg script block for disabled signing + asserts: + - equal: + path: stringData["init_directory_structure.sh"] + value: |- + #!/usr/bin/env bash + + set -euo pipefail + + set -x + mkdir -p /data/git/.ssh + chmod -R 700 /data/git/.ssh + [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf + + # prepare temp directory structure + mkdir -p "${GITEA_TEMP}" + chmod ug+rwx "${GITEA_TEMP}" + - it: adds gpg script block for enabled signing + set: + signing.enabled: true + signing.privateKey: |- + -----BEGIN PGP PRIVATE KEY BLOCK----- + {placeholder} + -----END PGP PRIVATE KEY BLOCK----- + asserts: + - equal: + path: stringData["init_directory_structure.sh"] + value: |- + #!/usr/bin/env bash + + set -euo pipefail + + set -x + mkdir -p /data/git/.ssh + chmod -R 700 /data/git/.ssh + [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf + + # prepare temp directory structure + mkdir -p "${GITEA_TEMP}" + chmod ug+rwx "${GITEA_TEMP}" + + if [ ! -d "${GNUPGHOME}" ]; then + mkdir -p "${GNUPGHOME}" + chmod 700 "${GNUPGHOME}" + chown 1000:1000 "${GNUPGHOME}" + fi diff --git a/unittests/init/init_directory_structure.sh.yaml b/unittests/init/init_directory_structure.sh.yaml index ddfa981..7e59404 100644 --- a/unittests/init/init_directory_structure.sh.yaml +++ b/unittests/init/init_directory_structure.sh.yaml @@ -7,6 +7,7 @@ templates: tests: - it: runs gpg in batch mode set: + image.rootless: false signing.enabled: true signing.privateKey: |- -----BEGIN PGP PRIVATE KEY BLOCK----- @@ -21,6 +22,8 @@ tests: gpg --batch --import /raw/private.asc - it: skips gpg script block for disabled signing + set: + image.rootless: false asserts: - equal: path: stringData["init_directory_structure.sh"] @@ -41,6 +44,7 @@ tests: chmod ug+rwx "${GITEA_TEMP}" - it: adds gpg script block for enabled signing set: + image.rootless: false signing.enabled: true signing.privateKey: |- -----BEGIN PGP PRIVATE KEY BLOCK----- diff --git a/values.yaml b/values.yaml index a73a88b..c37edc2 100644 --- a/values.yaml +++ b/values.yaml @@ -38,7 +38,7 @@ image: # Overrides the image tag whose default is the chart appVersion. tag: "" pullPolicy: Always - rootless: false # only possible when running 1.14 or later + rootless: true ## @param imagePullSecrets Secret to use for pulling the image imagePullSecrets: []