diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 9e0d02f..c4cb9a0 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -7,7 +7,7 @@ on: env: # renovate: datasource=docker depName=alpine/helm - HELM_VERSION: "3.12.3" + HELM_VERSION: "3.14.3" jobs: generate-chart-publish: @@ -32,7 +32,7 @@ jobs: - name: Import GPG key id: import_gpg - uses: https://github.com/crazy-max/ghaction-import-gpg@v5 + uses: https://github.com/crazy-max/ghaction-import-gpg@v6 with: gpg_private_key: ${{ secrets.GPGSIGN_KEY }} passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }} @@ -41,19 +41,23 @@ jobs: # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 - name: package chart run: | - echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin + echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved helm plugin install https://github.com/pat-s/helm-gpg - helm dependency update + helm dependency build helm package --version "${GITHUB_REF#refs/tags/v}" ./ helm gpg sign "gitea-${GITHUB_REF#refs/tags/v}.tgz" mkdir gitea mv gitea*.tgz gitea/ - curl -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml + curl -s -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml + # push to dockerhub + echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin + helm push gitea/gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts + helm registry logout registry-1.docker.io - name: aws credential configure - uses: https://github.com/aws-actions/configure-aws-credentials@v2 + uses: https://github.com/aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 0ec13da..9139106 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -1,16 +1,22 @@ name: check-and-test on: - - pull_request + pull_request: + branches: + - "*" + push: + branches: + - main + - "renovate/**" env: # renovate: datasource=github-releases depName=helm-unittest/helm-unittest - HELM_UNITTEST_VERSION: "v0.3.6" + HELM_UNITTEST_VERSION: "v0.4.4" jobs: check-and-test: runs-on: ubuntu-latest - container: alpine/helm:3.12.3 + container: alpine/helm:3.14.3 steps: - name: install tools run: | diff --git a/.markdownlint.yaml b/.markdownlint.yaml index 7b0c356..30cdea2 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -73,7 +73,7 @@ MD022: # MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content MD024: # Only check sibling headings - allow_different_nesting: true + siblings_only: true # MD025/single-title/single-h1 - Multiple top-level headings in the same document MD025: diff --git a/.vscode/settings.json b/.vscode/settings.json index d709909..5fb5f66 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,6 +1,6 @@ { "yaml.schemas": { - "https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json": [ + "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.4.4/schema/helm-testsuite.json": [ "/unittests/**/*.yaml" ] }, diff --git a/Chart.lock b/Chart.lock index d9be4a5..c3f3006 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,15 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.12.10 + version: 14.3.3 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.4 + version: 14.0.0 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.1.1 -- name: redis - repository: oci://registry-1.docker.io/bitnamicharts - version: 18.3.2 -digest: sha256:e2a5ec18698a82e1e1e69c7185efa07836e56463f505fef230baaf45b0788a86 -generated: "2023-11-10T07:59:46.844492907-05:00" + version: 9.8.1 +digest: sha256:7198cbc213ba08053d4896b72b59f1c8d1153542a894a82fcddfa74cf2fa4519 +generated: "2024-03-16T00:21:37.945732911Z" diff --git a/Chart.yaml b/Chart.yaml index eac72dd..ee93c4c 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.20.5 +appVersion: 1.21.7 icon: https://gitea.com/assets/img/logo.svg keywords: @@ -31,22 +31,21 @@ maintainers: - name: Patrick Schratz email: patrick.schratz@gmail.com -# Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.12.10 + version: 14.3.3 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.4 + version: 14.0.0 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.1.1 + version: 9.8.1 condition: redis-cluster.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml - name: redis diff --git a/Makefile b/Makefile index e3e4f03..4e4b5bd 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ readme: prepare-environment .PHONY: unittests unittests: - helm unittest --strict -f 'unittests/**/*.yaml' ./ + helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' ./ .PHONY: helm update-helm-dependencies: diff --git a/README.md b/README.md index fa91de0..defd747 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,9 @@ - [Introduction](#introduction) - [Update and versioning policy](#update-and-versioning-policy) - [Dependencies](#dependencies) + - [HA Dependencies](#ha-dependencies) + - [Non-HA Dependencies](#non-ha-dependencies) + - [Dependency Versioning](#dependency-versioning) - [Installing](#installing) - [High Availability](#high-availability) - [Configuration](#configuration) @@ -10,6 +13,8 @@ - [Database defaults](#database-defaults) - [Server defaults](#server-defaults) - [Metrics defaults](#metrics-defaults) + - [Rootless Defaults](#rootless-defaults) + - [Session, Cache and Queue](#session-cache-and-queue) - [Single-Pod Configurations](#single-pod-configurations) - [Additional _app.ini_ settings](#additional-appini-settings) - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini) @@ -45,7 +50,7 @@ - [ReadinessProbe](#readinessprobe) - [StartupProbe](#startupprobe) - [redis-cluster](#redis-cluster) - - [PostgreSQL-ha](#postgresql-ha) + - [PostgreSQL HA](#postgresql-ha) - [PostgreSQL](#postgresql) - [Advanced](#advanced) - [Contributing](#contributing) @@ -78,13 +83,42 @@ Yet most often no issues will be encountered and the chart maintainers aim to co ## Dependencies -Gitea can be run with an external database and cache. -This chart provides those dependencies, which can be enabled, or disabled via configuration. +Gitea is most performant when run with an external database and cache. +This chart provides those dependencies via sub-charts. +Users can also configure their own external providers via the configuration. -Dependencies: +### HA Dependencies -- PostgreSQL HA ([configuration](#postgresql)) -- Redis Cluster ([configuration](#cache)) +These dependencies are enabled by default: + +- PostgreSQL HA ([Bitnami PostgreSQL-HA](https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml)) +- Redis-Cluster ([Bitnami Redis-Cluster](https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml)) + +### Non-HA Dependencies + +Alternatively, the following non-HA replacements are available: + +- PostgreSQL ([Bitnami PostgreSQL](postgresql](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml))) + +### Dependency Versioning + +Updates of sub-charts will be incorporated into the Gitea chart as they are released. +The reasoning behind this is that new users of the chart will start with the most recent sub-chart dependency versions. + +**Note** If you want to stay on an older appVersion of a sub-chart dependency (e.g. PostgreSQL), you need to override the image tag in your `values.yaml` file. +In fact, we recommend to do so right from the start to be independent of major sub-chart dependency changes as they are released. +There is no need to update to every new PostgreSQL major version - you can happily skip some and do larger updates when you are ready for them. + +We recommend to use a rolling tag like `:-debian-` to incorporate minor and patch updates for the respective major version as they are released. +Alternatively you can also use a versioning helper tool like [renovate](https://github.com/renovatebot/renovate). + +Please double-check the image repository and available tags in the sub-chart: + +- [PostgreSQL-HA](https://hub.docker.com/r/bitnami/postgresql-repmgr/tags) +- [PostgreSQL](https://hub.docker.com/r/bitnami/postgresql/tags) +- [Redis Cluster](https://hub.docker.com/r/bitnami/redis-cluster/tags) + +and look up the image tag which fits your needs on Dockerhub. ## Installing @@ -94,14 +128,18 @@ helm repo update helm install gitea gitea-charts/gitea ``` +Alternatively, the chart can also be installed from Dockerhub (since v9.6.0) + +```sh +helm install gitea oci://registry-1.docker.io/giteacharts/gitea +``` + When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom of this document for major and breaking changes. ## High Availability -⚠️ **EXPERIMENTAL** ⚠️ - -Since version 9.0.0 this chart has experimental support for running Gitea and it's dependencies in a HA setup. -The setup is still experimental and care must be taken for production use as Gitea core is not yet officially HA-ready. +Since version 9.0.0 this chart supports running Gitea and it's dependencies in HA mode. +Care must be taken for production use as not all implementation details of Gitea core are officially HA-ready yet. Deploying a HA-ready Gitea instance requires some effort including using HA-ready dependencies. See the [HA Setup](docs/ha-setup.md) document for more details. @@ -172,6 +210,36 @@ The Prometheus `/metrics` endpoint is disabled by default. ENABLED = false ``` +#### Rootless Defaults + +If `.Values.image.rootless: true`, then the following will occur. In case you use `.Values.image.fullOverride`, check that this works in your image: + +- `$HOME` becomes `/data/gitea/git` + + [see deployment.yaml](./templates/gitea/deployment.yaml) template inside (init-)container "env" declarations + +- `START_SSH_SERVER: true` (Unless explicity overwritten by `gitea.config.server.START_SSH_SERVER`) + + [see \_helpers.tpl](./templates/_helpers.tpl) in `gitea.inline_configuration.defaults.server` definition + +- `SSH_LISTEN_PORT: 2222` (Unless explicity overwritten by `gitea.config.server.SSH_LISTEN_PORT`) + + [see \_helpers.tpl](./templates/_helpers.tpl) in `gitea.inline_configuration.defaults.server` definition + +- `SSH_LOG_LEVEL` environment variable is not injected into the container + + [see deployment.yaml](./templates/gitea/deployment.yaml) template inside container "env" declarations + +#### Session, Cache and Queue + +The session, cache and queue settings are set to use the built-in Redis Cluster sub-chart dependency. +If Redis Cluster is disabled, the chart will fall back to the Gitea defaults which use "memory" for `session` and `cache` and "level" for `queue`. + +While these will work and even not cause immediate issues after startup, **they are not recommended for production use**. +Reasons being that a single pod will take on all the work for `session` and `cache` tasks in its available memory. +It is likely that the pod will run out of memory or will face substantial memory spikes, depending on the workload. +External tools such as `redis-cluster` or `memcached` handle these workloads much better. + ### Single-Pod Configurations If HA is not needed/desired, the following configurations can be used to deploy a single-pod Gitea instance. @@ -216,9 +284,9 @@ If HA is not needed/desired, the following configurations can be used to deploy **Do not use this configuration for production use**.
- + values.yml - + ```yaml redis-cluster: enabled: false @@ -226,10 +294,10 @@ If HA is not needed/desired, the following configurations can be used to deploy enabled: false postgresql-ha: enabled: false - + persistence: enabled: false - + gitea: config: database: @@ -681,7 +749,7 @@ extraVolumes: extraVolumeMounts: - name: gitea-themes readOnly: true - mountPath: "/data/gitea/public/css" + mountPath: "/data/gitea/public/assets/css" ``` The secret can be created via `terraform`: @@ -785,15 +853,16 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo ### Image -| Name | Description | Value | -| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------- | ------------- | -| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` | -| `image.repository` | Image to start for this pod | `gitea/gitea` | -| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` | -| `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | -| `image.pullPolicy` | Image pull policy | `Always` | -| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` | -| `imagePullSecrets` | Secret to use for pulling the image | `[]` | +| Name | Description | Value | +| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- | +| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` | +| `image.repository` | Image to start for this pod | `gitea/gitea` | +| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` | +| `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` | +| `image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** | `""` | +| `imagePullSecrets` | Secret to use for pulling the image | `[]` | ### Security @@ -819,6 +888,7 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | `service.http.ipFamilies` | HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). | `nil` | | `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` | | `service.http.annotations` | HTTP service annotations | `{}` | +| `service.http.labels` | HTTP service additional labels | `{}` | | `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` | | `service.ssh.port` | Port number for ssh traffic | `22` | | `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for deployment is None | `None` | @@ -831,6 +901,7 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | `service.ssh.hostPort` | HostPort for ssh service | `nil` | | `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` | | `service.ssh.annotations` | SSH service annotations | `{}` | +| `service.ssh.labels` | SSH service additional labels | `{}` | ### Ingress @@ -908,7 +979,7 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | ------------------------ | ----------------------------------------------------------------- | ------------------ | | `signing.enabled` | Enable commit/action signing | `false` | | `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` | -| `signing.privateKey` | Inline private gpg key for signed Gitea actions | `""` | +| `signing.privateKey` | Inline private gpg key for signed internal Git activity | `""` | | `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""` | ### Gitea @@ -968,16 +1039,18 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo ### redis-cluster -| Name | Description | Value | -| --------------------------- | -------------------------------------- | ------- | -| `redis-cluster.enabled` | Enable redis | `true` | -| `redis-cluster.usePassword` | Whether to use password authentication | `false` | +| Name | Description | Value | +| -------------------------------- | -------------------------------------------- | ------- | +| `redis-cluster.enabled` | Enable redis | `true` | +| `redis-cluster.usePassword` | Whether to use password authentication | `false` | +| `redis-cluster.cluster.nodes` | Number of redis cluster master nodes | `3` | +| `redis-cluster.cluster.replicas` | Number of redis cluster master node replicas | `0` | -### PostgreSQL-ha +### PostgreSQL HA | Name | Description | Value | | ------------------------------------------- | ---------------------------------------------------------------- | ----------- | -| `postgresql-ha.enabled` | Enable PostgreSQL-ha | `true` | +| `postgresql-ha.enabled` | Enable PostgreSQL HA | `true` | | `postgresql-ha.postgresql.password` | Password for the `gitea` user (overrides `auth.password`) | `changeme4` | | `postgresql-ha.global.postgresql.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` | | `postgresql-ha.global.postgresql.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` | @@ -986,7 +1059,7 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | `postgresql-ha.postgresql.postgresPassword` | postgres Password | `changeme1` | | `postgresql-ha.pgpool.adminPassword` | pgpool adminPassword | `changeme3` | | `postgresql-ha.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` | -| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL-ha volume | `10Gi` | +| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL HA volume | `10Gi` | ### PostgreSQL @@ -1023,6 +1096,31 @@ If you miss this, blindly upgrading may delete your Postgres instance and you ma
+To 10.0.0 + + + +**Breaking changes** + + +- Update PostgreSQL sub-chart dependencies to appVersion 16.x +- Update to sub-charts versioning approach: Users are encouraged to pin the version tag of the sub-chart dependencies to a major appVersion. + This avoids issues during chart upgrades and allows to incorporate new sub-chart versions as they are released. + Please see the new [README section describing the versioning approach for sub-chart versions](#dependency-versioning). + +
+ +
+ +To 9.6.0 + +Chart 9.6.0 ships with Gitea 1.21.0. +While there are no breaking changes in the chart, please check the changes of the [1.21 release blog post](https://blog.gitea.com/release-of-1.21.0/). + +
+ +
+ To 9.0.0 This chart release comes with many breaking changes while aiming for a HA-ready setup. @@ -1083,14 +1181,18 @@ gitea: CONN_STR: redis+cluster://:gitea@gitea-redis-cluster-headless..svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& ``` + **Switch to rootless image by default** + If you are facing errors like `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED` due to this automatic transition: Have a look at [this discussion](https://gitea.com/gitea/helm-chart/issues/487#issue-220660) and either set `image.rootless: false` or manually update your `~/.ssh/known_hosts` file(s). + **Transitioning from a RWO to RWX Persistent Volume** + If you want to switch to a RWX volume and go for HA, you need to @@ -1098,8 +1200,10 @@ If you want to switch to a RWX volume and go for HA, you need to 2. Let the chart create a new RWX PV (or do it statically yourself) 3. Restore the backup to the same location in the new PV + **Transitioning from Postgres to Postgres HA** + If you are running with a non-HA PG DB from a previous chart release, you need to set @@ -1108,8 +1212,10 @@ If you are running with a non-HA PG DB from a previous chart release, you need t This is needed to stay with your existing single-instance DB (as the HA-variant is the new default). + **Change of env-to-ini prefix** + Before this release, the env-to-ini prefix was `ENV_TO_INI__`. This allowed a clear distinction between user-provided and chart-provided env-to-ini variables. diff --git a/docs/ha-setup.md b/docs/ha-setup.md index 4620317..b3ed491 100644 --- a/docs/ha-setup.md +++ b/docs/ha-setup.md @@ -1,7 +1,5 @@ # High Availability -⚠️ **EXPERIMENTAL** ⚠️ - All components (in-memory DB, volume/asset storage, code indexer) used by Gitea must be deployed in a HA-ready fashion to achieve a full HA-ready Gitea deployment. The following document explains how to achieve this for all individual components. @@ -97,6 +95,11 @@ To do so, you need to set the following configuration values yourself: - `gitea.config.cache.ADAPTER`: `redis` - `gitea.config.cache.HOST`: `` +By default, the `redis-cluster` chart provisions three standalone master nodes of which each has a single replica. +To reduce the number of pods for a default Gitea deployment, we opted to omit the replicas (`replicas: 0`) by default. +Only the minimum required number of master pods for a functional `redis-cluster` deployment are provisioned. +For a "proper" `redis-cluster` setup however, we recommend to set `replicas: 1` and `nodes: 6`. + ## Object and asset storage Object/asset storage refers to the storage of attachments, avatars, LFS files, etc. diff --git a/package-lock.json b/package-lock.json index 0faac29..961bccf 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,7 +8,7 @@ "license": "MIT", "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.37.0" + "markdownlint-cli": "^0.39.0" }, "engines": { "node": ">=16.0.0", @@ -195,9 +195,9 @@ "dev": true }, "node_modules/entities": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz", - "integrity": "sha512-WiyBqoomrwMdFG1e0kqvASYfnlb0lp8M5o5Fw2OFq1hNZxxcNk8Ik0Xm7LxzBhuidnZB/UtBqVCgUz3kBOP51Q==", + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", + "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==", "dev": true, "engines": { "node": ">=0.12" @@ -261,9 +261,9 @@ } }, "node_modules/ignore": { - "version": "5.2.4", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.4.tgz", - "integrity": "sha512-MAb38BcSbH0eHNBxn7ql2NH/kX33OkB3lZ1BNdh7ENeRChHTYsTvWrMubiIAMNS2llXEEgZ1MUOBtXChP3kaFQ==", + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.0.tgz", + "integrity": "sha512-g7dmpshy+gD7mh88OC9NwSGTKoc3kyLAZQRU1mt53Aw/vnvfXnbC+F/7F7QoYVKbV+KNvJx8wArewKy1vXMtlg==", "dev": true, "engines": { "node": ">= 4" @@ -310,9 +310,9 @@ "dev": true }, "node_modules/jackspeak": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.2.0.tgz", - "integrity": "sha512-r5XBrqIJfwRIjRt/Xr5fv9Wh09qyhHfKnYddDlpM+ibRR20qrYActpCAgU6U+d53EOEjzkvxPMVHSlgR7leXrQ==", + "version": "2.3.6", + "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz", + "integrity": "sha512-N3yCS/NegsOBokc8GAdM8UcmfsKiSS8cipheD/nivzr700H+nsMOxJjQnvwOcRYVuFkdH0wGUvW2WbXGmrZGbQ==", "dev": true, "dependencies": { "@isaacs/cliui": "^8.0.2" @@ -340,18 +340,18 @@ } }, "node_modules/jsonc-parser": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.2.0.tgz", - "integrity": "sha512-gfFQZrcTc8CnKXp6Y4/CBT3fTc0OVuDofpre4aEeEpSBPV5X5v4+Vmx+8snU7RLPrNHPKSgLxGo9YuQzz20o+w==", + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.2.1.tgz", + "integrity": "sha512-AilxAyFOAcK5wA1+LeaySVBrHsGQvUFCDWXKpZjzaL0PqW+xfBOttn8GNtWKFWqneyMZj41MWF9Kl6iPWLwgOA==", "dev": true }, "node_modules/linkify-it": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-4.0.1.tgz", - "integrity": "sha512-C7bfi1UZmoj8+PQx22XyeXCuBlokoyWQL5pWSP+EI6nzRylyThouddufc2c1NDIcP9k5agmN9fLpA7VNJfIiqw==", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.0.tgz", + "integrity": "sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==", "dev": true, "dependencies": { - "uc.micro": "^1.0.1" + "uc.micro": "^2.0.0" } }, "node_modules/lodash": { @@ -370,19 +370,20 @@ } }, "node_modules/markdown-it": { - "version": "13.0.1", - "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-13.0.1.tgz", - "integrity": "sha512-lTlxriVoy2criHP0JKRhO2VDG9c2ypWCsT237eDiLqi09rmbKoUetyGHq2uOIRoRS//kfoJckS0eUzzkDR+k2Q==", + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.0.0.tgz", + "integrity": "sha512-seFjF0FIcPt4P9U39Bq1JYblX0KZCjDLFFQPHpL5AzHpqPEKtosxmdq/LTVZnjfH7tjt9BxStm+wXcDBNuYmzw==", "dev": true, "dependencies": { "argparse": "^2.0.1", - "entities": "~3.0.1", - "linkify-it": "^4.0.1", - "mdurl": "^1.0.1", - "uc.micro": "^1.0.5" + "entities": "^4.4.0", + "linkify-it": "^5.0.0", + "mdurl": "^2.0.0", + "punycode.js": "^2.3.1", + "uc.micro": "^2.0.0" }, "bin": { - "markdown-it": "bin/markdown-it.js" + "markdown-it": "bin/markdown-it.mjs" } }, "node_modules/markdown-table": { @@ -399,31 +400,34 @@ } }, "node_modules/markdownlint": { - "version": "0.31.1", - "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.31.1.tgz", - "integrity": "sha512-CKMR2hgcIBrYlIUccDCOvi966PZ0kJExDrUi1R+oF9PvqQmCrTqjOsgIvf2403OmJ+CWomuzDoylr6KbuMyvHA==", + "version": "0.33.0", + "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.33.0.tgz", + "integrity": "sha512-4lbtT14A3m0LPX1WS/3d1m7Blg+ZwiLq36WvjQqFGsX3Gik99NV+VXp/PW3n+Q62xyPdbvGOCfjPqjW+/SKMig==", "dev": true, "dependencies": { - "markdown-it": "13.0.1", - "markdownlint-micromark": "0.1.7" + "markdown-it": "14.0.0", + "markdownlint-micromark": "0.1.8" }, "engines": { - "node": ">=16" + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/DavidAnson" } }, "node_modules/markdownlint-cli": { - "version": "0.37.0", - "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.37.0.tgz", - "integrity": "sha512-hNKAc0bWBBuVhJbSWbUhRzavstiB4o1jh3JeSpwC4/dt6eJ54lRfYHRxVdzVp4qGWBKbeE6Pg490PFEfrKjqSg==", + "version": "0.39.0", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.39.0.tgz", + "integrity": "sha512-ZuFN7Xpsbn1Nbp0YYkeLOfXOMOfLQBik2lKRy8pVI/llmKQ2uW7x+8k5OMgF6o7XCsTDSYC/OOmeJ+3qplvnJQ==", "dev": true, "dependencies": { - "commander": "~11.0.0", + "commander": "~11.1.0", "get-stdin": "~9.0.0", - "glob": "~10.3.4", - "ignore": "~5.2.4", + "glob": "~10.3.10", + "ignore": "~5.3.0", "js-yaml": "^4.1.0", - "jsonc-parser": "~3.2.0", - "markdownlint": "~0.31.1", + "jsonc-parser": "~3.2.1", + "markdownlint": "~0.33.0", "minimatch": "~9.0.3", "run-con": "~1.3.2" }, @@ -431,7 +435,7 @@ "markdownlint": "markdownlint.js" }, "engines": { - "node": ">=16" + "node": ">=18" } }, "node_modules/markdownlint-cli/node_modules/brace-expansion": { @@ -444,28 +448,28 @@ } }, "node_modules/markdownlint-cli/node_modules/commander": { - "version": "11.0.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-11.0.0.tgz", - "integrity": "sha512-9HMlXtt/BNoYr8ooyjjNRdIilOTkVJXB+GhxMTtOKwk0R4j4lS4NpjuqmRxroBfnfTSHQIHQB7wryHhXarNjmQ==", + "version": "11.1.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-11.1.0.tgz", + "integrity": "sha512-yPVavfyCcRhmorC7rWlkHn15b4wDVgVmBA7kV4QVBsF7kv/9TKJAbAXVTxvTnwP8HHKjRCJDClKbciiYS7p0DQ==", "dev": true, "engines": { "node": ">=16" } }, "node_modules/markdownlint-cli/node_modules/glob": { - "version": "10.3.5", - "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.5.tgz", - "integrity": "sha512-bYUpUD7XDEHI4Q2O5a7PXGvyw4deKR70kHiDxzQbe925wbZknhOzUt2xBgTkYL6RBcVeXYuD9iNYeqoWbBZQnA==", + "version": "10.3.10", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.10.tgz", + "integrity": "sha512-fa46+tv1Ak0UPK1TOy/pZrIybNNt4HCv7SDzwyfiOZkvZLEbjsZkJBPtDHVshZjbecAoAGSC20MjLDG/qr679g==", "dev": true, "dependencies": { "foreground-child": "^3.1.0", - "jackspeak": "^2.0.3", + "jackspeak": "^2.3.5", "minimatch": "^9.0.1", "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0", "path-scurry": "^1.10.1" }, "bin": { - "glob": "dist/cjs/src/bin.js" + "glob": "dist/esm/bin.mjs" }, "engines": { "node": ">=16 || 14 >=14.17" @@ -490,18 +494,21 @@ } }, "node_modules/markdownlint-micromark": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.7.tgz", - "integrity": "sha512-BbRPTC72fl5vlSKv37v/xIENSRDYL/7X/XoFzZ740FGEbs9vZerLrIkFRY0rv7slQKxDczToYuMmqQFN61fi4Q==", + "version": "0.1.8", + "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.8.tgz", + "integrity": "sha512-1ouYkMRo9/6gou9gObuMDnvZM8jC/ly3QCFQyoSPCS2XV1ZClU0xpKbL1Ar3bWWRT1RnBZkWUEiNKrI2CwiBQA==", "dev": true, "engines": { "node": ">=16" + }, + "funding": { + "url": "https://github.com/sponsors/DavidAnson" } }, "node_modules/mdurl": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-1.0.1.tgz", - "integrity": "sha512-/sKlQJCBYVY9Ers9hqzKou4H6V5UWc/M59TH2dvkt+84itfnq7uFOMLpOiOS4ujvHP4etln18fmIxA5R5fll0g==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-2.0.0.tgz", + "integrity": "sha512-Lf+9+2r+Tdp5wXDXC4PcIBjTDtq4UKjCPMQhKIuzpJNW0b96kVqSwW0bT7FhRSfmAiFYgP+SCRvdrDozfh0U5w==", "dev": true }, "node_modules/minimatch": { @@ -577,6 +584,15 @@ "url": "https://github.com/sponsors/isaacs" } }, + "node_modules/punycode.js": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/punycode.js/-/punycode.js-2.3.1.tgz", + "integrity": "sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==", + "dev": true, + "engines": { + "node": ">=6" + } + }, "node_modules/repeat-string": { "version": "1.6.1", "resolved": "https://registry.npmjs.org/repeat-string/-/repeat-string-1.6.1.tgz", @@ -743,9 +759,9 @@ } }, "node_modules/uc.micro": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-1.0.6.tgz", - "integrity": "sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-2.0.0.tgz", + "integrity": "sha512-DffL94LsNOccVn4hyfRe5rdKa273swqeA5DJpMOeFmEn1wCDc7nAbbB0gXlgBCL7TNzeTv6G7XVWzan7iJtfig==", "dev": true }, "node_modules/which": { diff --git a/package.json b/package.json index 44ef232..32f1599 100644 --- a/package.json +++ b/package.json @@ -14,6 +14,6 @@ }, "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.37.0" + "markdownlint-cli": "^0.39.0" } } diff --git a/renovate.json5 b/renovate.json5 index f4b9100..1831179 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -1,25 +1,60 @@ { - $schema: "https://docs.renovatebot.com/renovate-schema.json", - extends: ["gitea>gitea/renovate-config"], - labels: ["kind/dependency"], + $schema: 'https://docs.renovatebot.com/renovate-schema.json', + extends: [ + 'gitea>gitea/renovate-config', + ':automergeMinor', + 'schedule:automergeDaily', + 'schedule:weekends', + ], + labels: [ + 'kind/dependency', + ], + automergeStrategy: 'squash', customManagers: [ - { - description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions', - customType: 'regex', - fileMatch: ['.gitea/workflows/.+\\.ya?ml$'], - matchStrings: [ - '# renovate: datasource=(?[a-z-.]+?) depName=(?[^\\s]+?)(?: (?:lookupName|packageName)=(?[^\\s]+?))?(?: versioning=(?[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?.+?)["\']?\\s', - ], - }, - ], + { + description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions', + customType: 'regex', + fileMatch: [ + '.gitea/workflows/.+\\.ya?ml$', + ], + matchStrings: [ + '# renovate: datasource=(?[a-z-.]+?) depName=(?[^\\s]+?)(?: (?:lookupName|packageName)=(?[^\\s]+?))?(?: versioning=(?[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?.+?)["\']?\\s', + ], + }, + { + description: 'Detect helm-unittest yaml schema file', + customType: 'regex', + fileMatch: ['.vscode/settings\\.json$'], + matchStrings: [ + 'https:\\/\\/raw\\.githubusercontent\\.com\\/(?[^\\s]+?)\\/(?v[0-9.]+?)\\/schema\\/helm-testsuite\\.json', + ], + datasourceTemplate: 'github-releases', + }, + ], packageRules: [ { - description: "Automerge minor + patch dependency updates weekly", - matchManagers: ["helmv3"], - matchUpdateTypes: ["minor", "patch", "digest"], - automerge: true, - automergeStrategy: "squash", - extends: ["schedule:weekly"], + groupName: 'subcharts (minor & patch)', + matchManagers: [ + 'helmv3', + ], + matchUpdateTypes: [ + 'minor', + 'patch', + 'digest', + ], + }, + { + groupName: 'workflow dependencies (minor & patch)', + matchManagers: [ + 'github-actions', + 'npm', + 'custom.regex', + ], + matchUpdateTypes: [ + 'minor', + 'patch', + 'digest', + ], }, ], } diff --git a/templates/NOTES.txt b/templates/NOTES.txt index 25b35e7..ad5a8fa 100644 --- a/templates/NOTES.txt +++ b/templates/NOTES.txt @@ -18,3 +18,19 @@ echo "Visit http://127.0.0.1:{{ .Values.service.http.port }} to use your application" kubectl --namespace {{ .Release.Namespace }} port-forward svc/{{ .Release.Name }}-http {{ .Values.service.http.port }}:{{ .Values.service.http.port }} {{- end }} +{{- $warnings := list -}} +{{- if eq (get .Values.gitea.config.cache "ADAPTER") "memory" -}} + {{- $warnings = append $warnings "Gitea uses 'memory' for caching which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#cache-cache for available options." -}} +{{- end }} +{{- if eq (get .Values.gitea.config.queue "TYPE") "level" -}} + {{- $warnings = append $warnings "Gitea uses 'leveldb' for queue actions which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#queue-queue-and-queue for available options." -}} +{{- end }} +{{- if eq (get .Values.gitea.config.session "PROVIDER") "memory" -}} + {{- $warnings = append $warnings "Gitea uses 'memory' for sessions which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#session-session for available options." -}} +{{- end }} +{{- if gt (len $warnings) 0 }} +2. Review these warnings: +{{- range $warnings }} + - {{ . }} +{{- end }} +{{- end }} diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index bb47cd2..bfc20e0 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -3,26 +3,6 @@ Expand the name of the chart. */}} -{{- /* multiple replicas assertions */ -}} -{{- if gt .Values.replicaCount 1.0 -}} - {{- fail "When using multiple replicas, a RWX file system is required" -}} - {{- if eq (get (.Values.persistence.accessModes 0) "ReadWriteOnce") -}} - {{- fail "When using multiple replicas, a RWX file system is required" -}} - {{- end }} - - {{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}} - {{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}} - {{- end }} - - {{- if and (eq .Values.gitea.config.indexer.REPO_INDEXER_TYPE "bleve") (eq .Values.gitea.config.indexer.REPO_INDEXER_ENABLED "true") -}} - {{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}} - {{- end }} - - {{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}} - {{- (printf "DEBUG: When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'") | fail -}} - {{- end }} -{{- end }} - {{- define "gitea.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -56,6 +36,7 @@ Create chart name and version as used by the chart label. Create image name and tag used by the deployment. */}} {{- define "gitea.image" -}} +{{- $fullOverride := .Values.image.fullOverride | default "" -}} {{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}} {{- $repository := .Values.image.repository -}} {{- $separator := ":" -}} @@ -65,7 +46,9 @@ Create image name and tag used by the deployment. {{- if .Values.image.digest }} {{- $digest = (printf "@%s" (.Values.image.digest | toString)) -}} {{- end -}} -{{- if $registry }} +{{- if $fullOverride }} + {{- printf "%s" $fullOverride -}} +{{- else if $registry }} {{- printf "%s/%s%s%s%s%s" $registry $repository $separator $tag $rootless $digest -}} {{- else -}} {{- printf "%s%s%s%s%s" $repository $separator $tag $rootless $digest -}} @@ -91,7 +74,7 @@ imagePullSecrets: Storage Class */}} {{- define "gitea.persistence.storageClass" -}} -{{- $storageClass := .Values.global.storageClass | default .Values.persistence.storageClass }} +{{- $storageClass := .Values.persistence.storageClass | default .Values.global.storageClass }} {{- if $storageClass }} storageClassName: {{ $storageClass | quote }} {{- end }} @@ -154,7 +137,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "gitea.default_domain" -}} -{{- printf "%s-gitea.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain | trunc 63 | trimSuffix "-" -}} +{{- printf "%s-http.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain -}} {{- end -}} {{- define "gitea.ldap_settings" -}} @@ -304,12 +287,29 @@ https {{- if or ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}} {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}} - {{- end -}} - {{- if not (get .Values.gitea.config.session "PROVIDER") -}} {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}} - {{- end -}} - {{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}} {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "redis.dns" .) -}} + {{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}} + {{- $_ := set .Values.gitea.config.cache "HOST" (include "redis.dns" .) -}} + {{- else -}} + {{- if not (get .Values.gitea.config.session "PROVIDER") -}} + {{- $_ := set .Values.gitea.config.session "PROVIDER" "memory" -}} + {{- end -}} + {{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}} + {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" "" -}} + {{- end -}} + {{- if not (get .Values.gitea.config.queue "TYPE") -}} + {{- $_ := set .Values.gitea.config.queue "TYPE" "level" -}} + {{- end -}} + {{- if not (get .Values.gitea.config.queue "CONN_STR") -}} + {{- $_ := set .Values.gitea.config.queue "CONN_STR" "" -}} + {{- end -}} + {{- if not (get .Values.gitea.config.cache "ADAPTER") -}} + {{- $_ := set .Values.gitea.config.cache "ADAPTER" "memory" -}} + {{- end -}} + {{- if not (get .Values.gitea.config.cache "HOST") -}} + {{- $_ := set .Values.gitea.config.cache "HOST" "" -}} + {{- end -}} {{- end -}} {{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}} {{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}} diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 1c7ab1d..68df5f8 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -18,35 +18,40 @@ type: Opaque stringData: assertions: | -{{- /*assert that only one PG dep is enabled */ -}} -{{- if and (.Values.postgresql.enabled) (index .Values "postgresql-ha" "enabled") -}} - {{- fail "Only one of postgresql or postgresql-ha can be enabled at the same time." -}} -{{- end }} - -{{- /* multiple replicas assertions */ -}} -{{- if gt .Values.replicaCount 1.0 -}} - {{- if (get (get .Values.gitea.config "cron.GIT_GC_REPOS") "ENABLED") -}} - {{- fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." -}} - {{- end }} - - {{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}} - {{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}} - {{- end }} - - {{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}} - {{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}} - {{- end }} - {{- if .Values.gitea.config.indexer.REPO_INDEXER_TYPE -}} - {{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_TYPE") "bleve" -}} - {{- if .Values.gitea.config.indexer.REPO_INDEXER_ENABLED -}} - {{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_ENABLED") "true" -}} - {{- fail "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -}} + {{- /*assert that only one PG dep is enabled */ -}} + {{- if and (.Values.postgresql.enabled) (index .Values "postgresql-ha" "enabled") -}} + {{- fail "Only one of postgresql or postgresql-ha can be enabled at the same time." -}} + {{- end }} + + {{- /* multiple replicas assertions */ -}} + {{- if gt .Values.replicaCount 1.0 -}} + {{- if .Values.gitea.config.cron -}} + {{- if .Values.gitea.config.cron.GIT_GC_REPOS -}} + {{- if eq .Values.gitea.config.cron.GIT_GC_REPOS.ENABLED true -}} + {{ fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." }} + {{- end }} {{- end }} {{- end }} + + {{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}} + {{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}} + {{- end }} + {{- if .Values.gitea.config.indexer -}} + {{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}} + {{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}} + {{- end }} + {{- if .Values.gitea.config.indexer.REPO_INDEXER_TYPE -}} + {{- if eq .Values.gitea.config.indexer.REPO_INDEXER_TYPE "bleve" -}} + {{- if .Values.gitea.config.indexer.REPO_INDEXER_ENABLED -}} + {{- if eq .Values.gitea.config.indexer.REPO_INDEXER_ENABLED true -}} + {{- fail "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -}} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} - {{- end }} - -{{- end }} config_environment.sh: |- #!/usr/bin/env bash set -euo pipefail @@ -174,7 +179,7 @@ stringData: } # save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs - env | (grep GITEA || [[ $? == 1 ]]) > /tmp/existing-envs + env | (grep -e '^GITEA__' || [[ $? == 1 ]]) > /tmp/existing-envs # MUST BE CALLED BEFORE OTHER CONFIGURATION env2ini::generate_initial_secrets diff --git a/templates/gitea/http-svc.yaml b/templates/gitea/http-svc.yaml index 659724c..0ec7370 100644 --- a/templates/gitea/http-svc.yaml +++ b/templates/gitea/http-svc.yaml @@ -4,6 +4,9 @@ metadata: name: {{ include "gitea.fullname" . }}-http labels: {{- include "gitea.labels" . | nindent 4 }} + {{- if .Values.service.http.labels }} + {{- toYaml .Values.service.http.labels | nindent 4 }} + {{- end }} annotations: {{- toYaml .Values.service.http.annotations | nindent 4 }} spec: diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index f07f1a5..a67166b 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -86,7 +86,28 @@ stringData: {{- if or .Values.gitea.admin.existingSecret (and .Values.gitea.admin.username .Values.gitea.admin.password) }} function configure_admin_user() { - local ACCOUNT_ID=$(gitea admin user list --admin | grep -e "\s\+${GITEA_ADMIN_USERNAME}\s\+" | awk -F " " "{printf \$1}") + local full_admin_list=$(gitea admin user list --admin) + local actual_user_table='' + + # We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line + local regex="(.*)(ID\s+Username\s+Email\s+IsActive.*)" + if [[ "${full_admin_list}" =~ $regex ]]; then + actual_user_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline + else + # This code block should never be reached, as long as the output table header remains the same. + # If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script. + + echo "ERROR: 'configure_admin_user' was not able to determine the current list of admin users." + echo " Please review the output of 'gitea admin user list --admin' shown below." + echo " If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues." + echo "DEBUG: Output of 'gitea admin user list --admin'" + echo "--" + echo "${full_admin_list}" + echo "--" + exit 1 + fi + + local ACCOUNT_ID=$(echo "${actual_user_table}" | grep -E "\s+${GITEA_ADMIN_USERNAME}\s+" | awk -F " " "{printf \$1}") if [[ -z "${ACCOUNT_ID}" ]]; then echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..." gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }} --must-change-password=false @@ -105,7 +126,28 @@ stringData: {{- if .Values.gitea.ldap }} {{- range $idx, $value := .Values.gitea.ldap }} local LDAP_NAME={{ (printf "%s" $value.name) | squote }} - local GITEA_AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " " "{print \$1}") + local full_auth_list=$(gitea admin auth list --vertical-bars) + local actual_auth_table='' + + # We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line + local regex="(.*)(ID\s+\|Name\s+\|Type\s+\|Enabled.*)" + if [[ "${full_auth_list}" =~ $regex ]]; then + actual_auth_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline + else + # This code block should never be reached, as long as the output table header remains the same. + # If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script. + + echo "ERROR: 'configure_ldap' was not able to determine the current list of authentication sources." + echo " Please review the output of 'gitea admin auth list --vertical-bars' shown below." + echo " If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues." + echo "DEBUG: Output of 'gitea admin auth list --vertical-bars'" + echo "--" + echo "${full_auth_list}" + echo "--" + exit 1 + fi + + local GITEA_AUTH_ID=$(echo "${actual_auth_table}" | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " " "{print \$1}") if [[ -z "${GITEA_AUTH_ID}" ]]; then echo "No ldap configuration found with name '${LDAP_NAME}'. Installing it now..." @@ -128,7 +170,28 @@ stringData: {{- if .Values.gitea.oauth }} {{- range $idx, $value := .Values.gitea.oauth }} local OAUTH_NAME={{ (printf "%s" $value.name) | squote }} - local AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}") + local full_auth_list=$(gitea admin auth list --vertical-bars) + local actual_auth_table='' + + # We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line + local regex="(.*)(ID\s+\|Name\s+\|Type\s+\|Enabled.*)" + if [[ "${full_auth_list}" =~ $regex ]]; then + actual_auth_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline + else + # This code block should never be reached, as long as the output table header remains the same. + # If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script. + + echo "ERROR: 'configure_oauth' was not able to determine the current list of authentication sources." + echo " Please review the output of 'gitea admin auth list --vertical-bars' shown below." + echo " If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues." + echo "DEBUG: Output of 'gitea admin auth list --vertical-bars'" + echo "--" + echo "${full_auth_list}" + echo "--" + exit 1 + fi + + local AUTH_ID=$(echo "${actual_auth_table}" | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}") if [[ -z "${AUTH_ID}" ]]; then echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..." diff --git a/templates/gitea/pvc.yaml b/templates/gitea/pvc.yaml index 995bd10..601483e 100644 --- a/templates/gitea/pvc.yaml +++ b/templates/gitea/pvc.yaml @@ -6,6 +6,8 @@ metadata: namespace: {{ $.Release.Namespace }} annotations: {{ .Values.persistence.annotations | toYaml | indent 4}} + labels: +{{ .Values.persistence.labels | toYaml | indent 4}} spec: accessModes: {{- if gt .Values.replicaCount 1.0 }} @@ -14,9 +16,7 @@ spec: {{- .Values.persistence.accessModes | toYaml | nindent 4 }} {{- end }} volumeMode: Filesystem - {{- if .Values.persistence.storageClass }} - storageClassName: {{ .Values.persistence.storageClass }} - {{- end }} + {{- include "gitea.persistence.storageClass" . | nindent 2 }} {{- with .Values.persistence.volumeName }} volumeName: {{ . }} {{- end }} diff --git a/templates/gitea/ssh-svc.yaml b/templates/gitea/ssh-svc.yaml index 3e8b3c2..3ee756c 100644 --- a/templates/gitea/ssh-svc.yaml +++ b/templates/gitea/ssh-svc.yaml @@ -4,6 +4,9 @@ metadata: name: {{ include "gitea.fullname" . }}-ssh labels: {{- include "gitea.labels" . | nindent 4 }} + {{- if .Values.service.ssh.labels }} + {{- toYaml .Values.service.ssh.labels | nindent 4 }} + {{- end }} annotations: {{- toYaml .Values.service.ssh.annotations | nindent 4 }} spec: diff --git a/unittests/config/cache-config.yaml b/unittests/config/cache-config.yaml new file mode 100644 index 0000000..cd55d90 --- /dev/null +++ b/unittests/config/cache-config.yaml @@ -0,0 +1,45 @@ +suite: config template | cache config +release: + name: gitea-unittests + namespace: testing +tests: + - it: "cache is configured correctly for redis-cluster" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.cache + value: |- + ADAPTER=redis + HOST=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + + - it: "cache is configured correctly for 'memory' when redis-cluster is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + asserts: + - documentIndex: 0 + equal: + path: stringData.cache + value: |- + ADAPTER=memory + HOST= + + - it: "cache can be customized when redis-cluster is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + gitea.config.cache.ADAPTER: custom-adapter + gitea.config.cache.HOST: custom-host + asserts: + - documentIndex: 0 + equal: + path: stringData.cache + value: |- + ADAPTER=custom-adapter + HOST=custom-host diff --git a/unittests/config/queue-config.yaml b/unittests/config/queue-config.yaml new file mode 100644 index 0000000..f83543a --- /dev/null +++ b/unittests/config/queue-config.yaml @@ -0,0 +1,45 @@ +suite: config template | queue config +release: + name: gitea-unittests + namespace: testing +tests: + - it: "queue is configured correctly for redis-cluster" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.queue + value: |- + CONN_STR=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + TYPE=redis + + - it: "queue is configured correctly for 'levelDB' when redis-cluster is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + asserts: + - documentIndex: 0 + equal: + path: stringData.queue + value: |- + CONN_STR= + TYPE=level + + - it: "queue can be customized when redis-cluster is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + gitea.config.queue.TYPE: custom-type + gitea.config.queue.CONN_STR: custom-connection-string + asserts: + - documentIndex: 0 + equal: + path: stringData.queue + value: |- + CONN_STR=custom-connection-string + TYPE=custom-type diff --git a/unittests/config/server-section_domain.yaml b/unittests/config/server-section_domain.yaml new file mode 100644 index 0000000..cf5a3b8 --- /dev/null +++ b/unittests/config/server-section_domain.yaml @@ -0,0 +1,67 @@ +suite: config template | server section (domain related) +release: + name: gitea-unittests + namespace: testing +tests: + - it: "[default values] uses ingress host for DOMAIN|SSH_DOMAIN|ROOT_URL" + template: templates/gitea/config.yaml + asserts: + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nDOMAIN=git.example.com + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nSSH_DOMAIN=git.example.com + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nROOT_URL=http://git.example.com + + ################################################ + + - it: "[no ingress hosts] uses gitea http service for DOMAIN|SSH_DOMAIN|ROOT_URL" + template: templates/gitea/config.yaml + set: + ingress: + hosts: [] + asserts: + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nDOMAIN=gitea-unittests-http.testing.svc.cluster.local + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nSSH_DOMAIN=gitea-unittests-http.testing.svc.cluster.local + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nROOT_URL=http://gitea-unittests-http.testing.svc.cluster.local + + ################################################ + + - it: "[provided via values] uses that for DOMAIN|SSH_DOMAIN|ROOT_URL" + template: templates/gitea/config.yaml + set: + gitea.config.server.DOMAIN: provided.example.com + ingress: + hosts: + - host: non-used.example.com + paths: + - path: / + pathType: Prefix + asserts: + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nDOMAIN=provided.example.com + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nSSH_DOMAIN=provided.example.com + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nROOT_URL=http://provided.example.com diff --git a/unittests/config/session-config.yaml b/unittests/config/session-config.yaml new file mode 100644 index 0000000..2b6e771 --- /dev/null +++ b/unittests/config/session-config.yaml @@ -0,0 +1,45 @@ +suite: config template | session config +release: + name: gitea-unittests + namespace: testing +tests: + - it: "session is configured correctly for redis-cluster" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.session + value: |- + PROVIDER=redis + PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + + - it: "session is configured correctly for 'memory' when redis-cluster is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + asserts: + - documentIndex: 0 + equal: + path: stringData.session + value: |- + PROVIDER=memory + PROVIDER_CONFIG= + + - it: "session can be customized when redis-cluster is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + gitea.config.session.PROVIDER: custom-provider + gitea.config.session.PROVIDER_CONFIG: custom-provider-config + asserts: + - documentIndex: 0 + equal: + path: stringData.session + value: |- + PROVIDER=custom-provider + PROVIDER_CONFIG=custom-provider-config diff --git a/unittests/dependency-major-image-check.yaml b/unittests/dependency-major-image-check.yaml new file mode 100644 index 0000000..cd25274 --- /dev/null +++ b/unittests/dependency-major-image-check.yaml @@ -0,0 +1,42 @@ +suite: Dependency update consistency +release: + name: gitea-unittests + namespace: testing +tests: + - it: "[postgresql-ha] ensures we detect major image version upgrades" + template: charts/postgresql-ha/templates/postgresql/statefulset.yaml + set: + postgresql: + enabled: false + postgresql-ha: + enabled: true + asserts: + - documentIndex: 0 + matchRegex: + path: spec.template.spec.containers[0].image + # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST + pattern: bitnami/postgresql-repmgr:16.+$ + - it: "[postgresql] ensures we detect major image version upgrades" + template: charts/postgresql/templates/primary/statefulset.yaml + set: + postgresql: + enabled: true + postgresql-ha: + enabled: false + asserts: + - documentIndex: 0 + matchRegex: + path: spec.template.spec.containers[0].image + # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST + pattern: bitnami/postgresql:16.+$ + - it: "[redis-cluster] ensures we detect major image version upgrades" + template: charts/redis-cluster/templates/redis-statefulset.yaml + set: + redis-cluster: + enabled: true + asserts: + - documentIndex: 0 + matchRegex: + path: spec.template.spec.containers[0].image + # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST + pattern: bitnami/redis-cluster:7.+$ diff --git a/unittests/deployment/HA.yaml b/unittests/deployment/HA.yaml new file mode 100644 index 0000000..8cc4dd1 --- /dev/null +++ b/unittests/deployment/HA.yaml @@ -0,0 +1,59 @@ +suite: deployment template (HA) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/deployment.yaml + - templates/gitea/config.yaml +tests: + - it: fails with multiple replicas and "GIT_GC_REPOS" enabled + template: templates/gitea/deployment.yaml + set: + replicaCount: 2 + persistence: + accessModes: + - ReadWriteMany + gitea: + config: + cron: + GIT_GC_REPOS: + ENABLED: true + asserts: + - failedTemplate: + errorMessage: "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." + - it: fails with multiple replicas and RWX file system not set + template: templates/gitea/deployment.yaml + set: + replicaCount: 2 + asserts: + - failedTemplate: + errorMessage: "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." + - it: fails with multiple replicas and bleve issue indexer + template: templates/gitea/deployment.yaml + set: + replicaCount: 2 + persistence: + accessModes: + - ReadWriteMany + gitea: + config: + indexer: + ISSUE_INDEXER_TYPE: bleve + asserts: + - failedTemplate: + errorMessage: "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." + - it: fails with multiple replicas and bleve repo indexer + template: templates/gitea/deployment.yaml + set: + replicaCount: 2 + persistence: + accessModes: + - ReadWriteMany + gitea: + config: + indexer: + REPO_INDEXER_TYPE: bleve + REPO_INDEXER_ENABLED: true + asserts: + - failedTemplate: + errorMessage: "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." diff --git a/unittests/deployment/image-configuration.yaml b/unittests/deployment/image-configuration.yaml index cdfd73a..35f8981 100644 --- a/unittests/deployment/image-configuration.yaml +++ b/unittests/deployment/image-configuration.yaml @@ -57,6 +57,21 @@ tests: - equal: path: spec.template.spec.containers[0].image value: "gitea/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" + - it: image fullOverride (does not append rootless) + template: templates/gitea/deployment.yaml + set: + image: + fullOverride: gitea/gitea:1.19.3 + # setting rootless, registry, repository, tag, and digest to prove that override works + rootless: true + registry: example.com + repository: example/image + tag: "1.0.0" + digest: sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "gitea/gitea:1.19.3" - it: digest for root-based image template: templates/gitea/deployment.yaml set: diff --git a/unittests/deployment/ssh-configuration.yaml b/unittests/deployment/ssh-configuration.yaml index efd0525..543fd5f 100644 --- a/unittests/deployment/ssh-configuration.yaml +++ b/unittests/deployment/ssh-configuration.yaml @@ -27,6 +27,18 @@ tests: content: name: SSH_LOG_LEVEL value: "DEBUG" + - it: supports overriding SSH log level (even when image.fullOverride set) + template: templates/gitea/deployment.yaml + set: + image.fullOverride: gitea/gitea:1.19.3 + image.rootless: false + gitea.ssh.logLevel: "DEBUG" + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: SSH_LOG_LEVEL + value: "DEBUG" - it: skips SSH_LOG_LEVEL for rootless image template: templates/gitea/deployment.yaml set: @@ -38,3 +50,15 @@ tests: any: true content: name: SSH_LOG_LEVEL + - it: skips SSH_LOG_LEVEL for rootless image (even when image.fullOverride set) + template: templates/gitea/deployment.yaml + set: + image.fullOverride: gitea/gitea:1.19.3 + image.rootless: true + gitea.ssh.logLevel: "DEBUG" # explicitly defining a non-standard level here + asserts: + - notContains: + path: spec.template.spec.containers[0].env + any: true + content: + name: SSH_LOG_LEVEL diff --git a/unittests/deployment/storage-class-configuration.yaml b/unittests/deployment/storage-class-configuration.yaml new file mode 100644 index 0000000..abad587 --- /dev/null +++ b/unittests/deployment/storage-class-configuration.yaml @@ -0,0 +1,39 @@ +# File: tests/gitea-storageclass-tests.yaml + +suite: storage class configuration tests + +release: + name: gitea-storageclass-tests + namespace: testing + +templates: + - templates/gitea/pvc.yaml + +tests: + - it: should set storageClassName when persistence.storageClass is defined + template: templates/gitea/pvc.yaml + set: + persistence.storageClass: "my-storage-class" + asserts: + - equal: + path: "spec.storageClassName" + value: "my-storage-class" + + - it: should set global.storageClass when persistence.storageClass is not defined + template: templates/gitea/pvc.yaml + set: + global.storageClass: "default-storage-class" + asserts: + - equal: + path: spec.storageClassName + value: "default-storage-class" + + - it: should set storageClassName when persistence.storageClass is defined and global.storageClass is defined + template: templates/gitea/pvc.yaml + set: + global.storageClass: "default-storage-class" + persistence.storageClass: "my-storage-class" + asserts: + - equal: + path: spec.storageClassName + value: "my-storage-class" diff --git a/unittests/deployment/svc-configuration.yaml b/unittests/deployment/svc-configuration.yaml new file mode 100644 index 0000000..a032470 --- /dev/null +++ b/unittests/deployment/svc-configuration.yaml @@ -0,0 +1,51 @@ +suite: ssh-svc / http-svc template (Services configuration) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/ssh-svc.yaml + - templates/gitea/http-svc.yaml +tests: + - it: supports adding custom labels to ssh-svc + template: templates/gitea/ssh-svc.yaml + set: + service: + ssh: + labels: + gitea/testkey: testvalue + asserts: + - equal: + path: metadata.labels["gitea/testkey"] + value: "testvalue" + + - it: keeps existing labels (ssh) + template: templates/gitea/ssh-svc.yaml + set: + service: + ssh: + labels: {} + asserts: + - exists: + path: metadata.labels["app"] + + - it: supports adding custom labels to http-svc + template: templates/gitea/http-svc.yaml + set: + service: + http: + labels: + gitea/testkey: testvalue + asserts: + - equal: + path: metadata.labels["gitea/testkey"] + value: "testvalue" + + - it: keeps existing labels (http) + template: templates/gitea/http-svc.yaml + set: + service: + http: + labels: {} + asserts: + - exists: + path: metadata.labels["app"] diff --git a/unittests/gpg-secret/signing-enabled.yaml b/unittests/gpg-secret/signing-enabled.yaml index 4040793..8fcab68 100644 --- a/unittests/gpg-secret/signing-enabled.yaml +++ b/unittests/gpg-secret/signing-enabled.yaml @@ -33,7 +33,7 @@ tests: kind: Secret apiVersion: v1 name: gitea-unittests-gpg-key - - isNotEmpty: + - isNotNullOrEmpty: path: metadata.labels - equal: path: data.privateKey diff --git a/unittests/init/init_directory_structure.sh-rootless.yaml b/unittests/init/init_directory_structure.sh-rootless.yaml index 854bcce..29dac81 100644 --- a/unittests/init/init_directory_structure.sh-rootless.yaml +++ b/unittests/init/init_directory_structure.sh-rootless.yaml @@ -66,3 +66,23 @@ tests: chmod 700 "${GNUPGHOME}" chown 1000:1000 "${GNUPGHOME}" fi + - it: it does not chown /data even when image.fullOverride is set + template: templates/gitea/init.yaml + set: + image.fullOverride: gitea/gitea:1.20.5 + asserts: + - equal: + path: stringData["init_directory_structure.sh"] + value: |- + #!/usr/bin/env bash + + set -euo pipefail + + set -x + mkdir -p /data/git/.ssh + chmod -R 700 /data/git/.ssh + [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf + + # prepare temp directory structure + mkdir -p "${GITEA_TEMP}" + chmod ug+rwx "${GITEA_TEMP}" diff --git a/values.yaml b/values.yaml index da508cb..b7536bc 100644 --- a/values.yaml +++ b/values.yaml @@ -43,14 +43,16 @@ clusterDomain: cluster.local ## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` ## @param image.pullPolicy Image pull policy ## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher +## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** image: registry: "" repository: gitea/gitea # Overrides the image tag whose default is the chart appVersion. tag: "" digest: "" - pullPolicy: Always + pullPolicy: IfNotPresent rootless: true + fullOverride: "" ## @param imagePullSecrets Secret to use for pulling the image imagePullSecrets: [] @@ -104,6 +106,7 @@ service: ## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer ## @param service.http.annotations HTTP service annotations + ## @param service.http.labels HTTP service additional labels http: type: ClusterIP port: 3000 @@ -116,6 +119,7 @@ service: ipFamilies: loadBalancerSourceRanges: [] annotations: {} + labels: {} ## @param service.ssh.type Kubernetes service type for ssh traffic ## @param service.ssh.port Port number for ssh traffic ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None @@ -128,6 +132,7 @@ service: ## @param service.ssh.hostPort HostPort for ssh service ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer ## @param service.ssh.annotations SSH service annotations + ## @param service.ssh.labels SSH service additional labels ssh: type: ClusterIP port: 22 @@ -141,6 +146,7 @@ service: hostPort: loadBalancerSourceRanges: [] annotations: {} + labels: {} ## @section Ingress ## @param ingress.enabled Enable ingress @@ -317,7 +323,7 @@ initContainers: # ## @param signing.enabled Enable commit/action signing ## @param signing.gpgHome GPG home directory -## @param signing.privateKey Inline private gpg key for signed Gitea actions +## @param signing.privateKey Inline private gpg key for signed internal Git activity ## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey` signing: enabled: false @@ -477,9 +483,14 @@ gitea: ## @section redis-cluster ## @param redis-cluster.enabled Enable redis cluster ## @param redis-cluster.usePassword Whether to use password authentication +## @param redis-cluster.cluster.nodes Number of redis cluster master nodes +## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas redis-cluster: enabled: true usePassword: false + cluster: + nodes: 3 # default: 6 + replicas: 0 # default: 1 ## @section redis ## @param redis.enabled Enable redis standalone or replicated @@ -495,9 +506,9 @@ redis: replica: replicaCount: 1 -## @section postgresql-ha +## @section PostgreSQL HA # -## @param postgresql-ha.enabled Enable postgresql-ha +## @param postgresql-ha.enabled Enable PostgreSQL HA ## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`) ## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`) ## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`) @@ -505,8 +516,8 @@ redis: ## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password ## @param postgresql-ha.postgresql.postgresPassword postgres Password ## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword -## @param postgresql-ha.service.ports.postgresql postgresql service port (overrides `service.ports.postgresql`) -## @param postgresql-ha.primary.persistence.size PVC Storage Request for postgresql-ha volume +## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) +## @param postgresql-ha.primary.persistence.size PVC Storage Request for PostgreSQL HA volume postgresql-ha: global: postgresql: