Customizable .gnupg folder location (#186)

The `HOME` path is not persistent when using the rootless image, so the `.gnupg` folder isn't either. Since the chart always used `/data/...` as mount point for storage of all kinds, it is a minimal impact to just relocate the dynamic `$HOME/.gnupg` folder location to the persistent `/data/git/.gnupg`. This is where the signing keys are stored when running root based environments. Doing so will - allow migrations between both image variants - persist signing keys for rootless environments Fixes: #155 Co-authored-by: techknowlogick <techknowlogick@gitea.io> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/186 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-30 03:23:32 +08:00 · 2021-06-30 03:23:32 +08:00 · 7a3515c2f2
parent 2901671d23
commit 7a3515c2f2
3 changed files with 19 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -40,6 +40,17 @@ Previously the ROOT folder for the gitea repositories was located at /data/git/g

 This chart will set the gitea.config.repository.ROOT value default to /data/git/gitea-repositories

+## Configure Commit Signing
+
+When using the rootless image the gpg key folder was is not persistent by default. If you consider using signed commits for internal Gitea activities (e.g. initial commit), you'd need to provide a signing key. Prior to [PR 186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be re-imported once the container got replaced by another.  
+The mentioned PR introduced a new configuration object `signing` allowing you to configure prerequisites for commit signing. By default this section is disabled to maintain backwards compatibility.
+
+```yaml
+  signing:
+    enabled: false
+    gpgHome: /data/git/.gnupg
+```
+
 ## Examples

 ### Gitea Configuration
--- a/templates/gitea/statefulset.yaml
+++ b/templates/gitea/statefulset.yaml
@ -120,6 +120,10 @@ spec:
              value: /tmp/gitea
            - name: TMPDIR
              value: /tmp/gitea
+            {{- if .Values.signing.enabled }}
+            - name: GNUPGHOME
+              value: {{ .Values.signing.gpgHome }}
+            {{- end }}
            {{- if .Values.statefulset.env }}
            {{- toYaml .Values.statefulset.env | nindent 12 }}
            {{- end }}
--- a/values.yaml
+++ b/values.yaml
@ -127,6 +127,10 @@ initPreScript: ""
 #   chown -R git:git /data/git/.postgresql/
 #   chmod 400 /data/git/.postgresql/postgresql.key

+# Configure commit/action signing prerequisites
+signing:
+  enabled: false
+  gpgHome: /data/git/.gnupg

 gitea:
  admin: