From e28c1520c0584f55cbf6729c2b6229dca24e6214 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 4 May 2023 09:45:36 +0800 Subject: [PATCH 001/114] bump to 1.19.3 (#443) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/443 Reviewed-by: techknowlogick Co-authored-by: pat-s Co-committed-by: pat-s --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 98176dc..0689e91 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.19.2 +appVersion: 1.19.3 icon: https://docs.gitea.io/images/gitea.png keywords: From eefa169b8d6b1e98dd5c58d414eee5b438b630ae Mon Sep 17 00:00:00 2001 From: pat-s Date: Fri, 5 May 2023 13:27:17 +0800 Subject: [PATCH 002/114] Update node packages (#445) Followed https://stackoverflow.com/a/71186834/4185785. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/445 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- package-lock.json | 920 +++++++++++++++++++++++++++------------------- package.json | 4 +- 2 files changed, 538 insertions(+), 386 deletions(-) diff --git a/package-lock.json b/package-lock.json index 4a19561..ffd22d5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,14 +1,14 @@ { "name": "gitea-helm-chart", - "lockfileVersion": 2, + "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "gitea-helm-chart", "license": "MIT", "devDependencies": { - "@bitnami/readme-generator-for-helm": "^2.4.2", - "markdownlint-cli": "^0.31.1" + "@bitnami/readme-generator-for-helm": "^2.5.0", + "markdownlint-cli": "^0.34.0" }, "engines": { "node": ">=16.0.0", @@ -16,9 +16,9 @@ } }, "node_modules/@bitnami/readme-generator-for-helm": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.4.2.tgz", - "integrity": "sha512-2kIXOjRiKJ3PBoBD6EaImp4SNyGM/w67ZPPwbuJi5NeXesupQjFyhIhcKliIledlpuiSrMeH9l80yl6hvmYHUA==", + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.5.0.tgz", + "integrity": "sha512-bYggL/kWwyxjctSrIBMOcrTQSj8LA3yYcEzfGTJIFoHKl5M7ifZtox//8G5K3FTw6qdOnPZcA10fl2y4N6uB/g==", "dev": true, "dependencies": { "commander": "^7.1.0", @@ -31,6 +31,57 @@ "readme-generator": "bin/index.js" } }, + "node_modules/@isaacs/cliui": { + "version": "8.0.2", + "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", + "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==", + "dev": true, + "dependencies": { + "string-width": "^5.1.2", + "string-width-cjs": "npm:string-width@^4.2.0", + "strip-ansi": "^7.0.1", + "strip-ansi-cjs": "npm:strip-ansi@^6.0.1", + "wrap-ansi": "^8.1.0", + "wrap-ansi-cjs": "npm:wrap-ansi@^7.0.0" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/@pkgjs/parseargs": { + "version": "0.11.0", + "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", + "integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==", + "dev": true, + "optional": true, + "engines": { + "node": ">=14" + } + }, + "node_modules/ansi-regex": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", + "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==", + "dev": true, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/ansi-regex?sponsor=1" + } + }, + "node_modules/ansi-styles": { + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", + "integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==", + "dev": true, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, "node_modules/argparse": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", @@ -53,6 +104,24 @@ "concat-map": "0.0.1" } }, + "node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dev": true, + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "dev": true + }, "node_modules/commander": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/commander/-/commander-7.2.0.tgz", @@ -68,6 +137,20 @@ "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", "dev": true }, + "node_modules/cross-spawn": { + "version": "7.0.3", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "dev": true, + "dependencies": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + }, + "engines": { + "node": ">= 8" + } + }, "node_modules/deep-extend": { "version": "0.6.0", "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.6.0.tgz", @@ -99,15 +182,46 @@ "node": ">= 6" } }, + "node_modules/eastasianwidth": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", + "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==", + "dev": true + }, + "node_modules/emoji-regex": { + "version": "9.2.2", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==", + "dev": true + }, "node_modules/entities": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/entities/-/entities-2.1.0.tgz", - "integrity": "sha512-hCx1oky9PFrJ611mf0ifBLBRW8lUUVRlFolb5gWRfIELabBlbp9xZvrqZLZAs+NxFnbfQoeGd8wDkygjg7U85w==", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz", + "integrity": "sha512-WiyBqoomrwMdFG1e0kqvASYfnlb0lp8M5o5Fw2OFq1hNZxxcNk8Ik0Xm7LxzBhuidnZB/UtBqVCgUz3kBOP51Q==", "dev": true, + "engines": { + "node": ">=0.12" + }, "funding": { "url": "https://github.com/fb55/entities?sponsor=1" } }, + "node_modules/foreground-child": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz", + "integrity": "sha512-TMKDUnIte6bfb5nWv7V/caI169OHgvwjb7V4WkeUvbQQdjr5rWKqHFiKWb/fcOwB+CzBT+qbWjvj+DVwRskpIg==", + "dev": true, + "dependencies": { + "cross-spawn": "^7.0.0", + "signal-exit": "^4.0.1" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, "node_modules/fs.realpath": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", @@ -147,9 +261,9 @@ } }, "node_modules/ignore": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.0.tgz", - "integrity": "sha512-CmxgYGiEPCLhfLnpPp1MoRmifwEIOgjcHXxOBjv7mY96c+eWScsOP9c112ZyLdWHi0FxHjI+4uVhKYp/gcdRmQ==", + "version": "5.2.4", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.4.tgz", + "integrity": "sha512-MAb38BcSbH0eHNBxn7ql2NH/kX33OkB3lZ1BNdh7ENeRChHTYsTvWrMubiIAMNS2llXEEgZ1MUOBtXChP3kaFQ==", "dev": true, "engines": { "node": ">= 4" @@ -172,12 +286,45 @@ "dev": true }, "node_modules/ini": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ini/-/ini-2.0.0.tgz", - "integrity": "sha512-7PnF4oN3CvZF23ADhA5wRaYEQpJ8qygSkbtTXWBeXWXmEVRXK+1ITciHWwHhsjv1TmW0MgacIv6hEi5pX5NQdA==", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/ini/-/ini-3.0.1.tgz", + "integrity": "sha512-it4HyVAUTKBc6m8e1iXWvXSTdndF7HbdN713+kvLrymxTaU4AUBWrJ4vEooP+V7fexnVD3LKcBshjGGPefSMUQ==", "dev": true, "engines": { - "node": ">=10" + "node": "^12.13.0 || ^14.15.0 || >=16.0.0" + } + }, + "node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", + "dev": true + }, + "node_modules/jackspeak": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.2.0.tgz", + "integrity": "sha512-r5XBrqIJfwRIjRt/Xr5fv9Wh09qyhHfKnYddDlpM+ibRR20qrYActpCAgU6U+d53EOEjzkvxPMVHSlgR7leXrQ==", + "dev": true, + "dependencies": { + "@isaacs/cliui": "^8.0.2" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + }, + "optionalDependencies": { + "@pkgjs/parseargs": "^0.11.0" } }, "node_modules/js-yaml": { @@ -193,15 +340,15 @@ } }, "node_modules/jsonc-parser": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.0.0.tgz", - "integrity": "sha512-fQzRfAbIBnR0IQvftw9FJveWiHp72Fg20giDrHz6TdfB12UH/uue0D3hm57UB5KgAVuniLMCaS8P1IMj9NR7cA==", + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.2.0.tgz", + "integrity": "sha512-gfFQZrcTc8CnKXp6Y4/CBT3fTc0OVuDofpre4aEeEpSBPV5X5v4+Vmx+8snU7RLPrNHPKSgLxGo9YuQzz20o+w==", "dev": true }, "node_modules/linkify-it": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-3.0.3.tgz", - "integrity": "sha512-ynTsyrFSdE5oZ/O9GEf00kPngmOfVwazR5GKDq6EYfhlpFug3J2zybX56a2PRRpc9P+FuSoGNAwjlbDs9jJBPQ==", + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-4.0.1.tgz", + "integrity": "sha512-C7bfi1UZmoj8+PQx22XyeXCuBlokoyWQL5pWSP+EI6nzRylyThouddufc2c1NDIcP9k5agmN9fLpA7VNJfIiqw==", "dev": true, "dependencies": { "uc.micro": "^1.0.1" @@ -213,15 +360,24 @@ "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", "dev": true }, + "node_modules/lru-cache": { + "version": "9.1.1", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-9.1.1.tgz", + "integrity": "sha512-65/Jky17UwSb0BuB9V+MyDpsOtXKmYwzhyl+cOa9XUiI4uV2Ouy/2voFP3+al0BjZbJgMBD8FojMpAf+Z+qn4A==", + "dev": true, + "engines": { + "node": "14 || >=16.14" + } + }, "node_modules/markdown-it": { - "version": "12.3.2", - "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-12.3.2.tgz", - "integrity": "sha512-TchMembfxfNVpHkbtriWltGWc+m3xszaRD0CZup7GFFhzIgQqxIfn3eGj1yZpfuflzPvfkt611B2Q/Bsk1YnGg==", + "version": "13.0.1", + "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-13.0.1.tgz", + "integrity": "sha512-lTlxriVoy2criHP0JKRhO2VDG9c2ypWCsT237eDiLqi09rmbKoUetyGHq2uOIRoRS//kfoJckS0eUzzkDR+k2Q==", "dev": true, "dependencies": { "argparse": "^2.0.1", - "entities": "~2.1.0", - "linkify-it": "^3.0.1", + "entities": "~3.0.1", + "linkify-it": "^4.0.1", "mdurl": "^1.0.1", "uc.micro": "^1.0.5" }, @@ -243,67 +399,104 @@ } }, "node_modules/markdownlint": { - "version": "0.25.1", - "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.25.1.tgz", - "integrity": "sha512-AG7UkLzNa1fxiOv5B+owPsPhtM4D6DoODhsJgiaNg1xowXovrYgOnLqAgOOFQpWOlHFVQUzjMY5ypNNTeov92g==", + "version": "0.28.2", + "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.28.2.tgz", + "integrity": "sha512-yYaQXoKKPV1zgrFsyAuZPEQoe+JrY9GDag9ObKpk09twx4OCU5lut+0/kZPrQ3W7w82SmgKhd7D8m34aG1unVw==", "dev": true, "dependencies": { - "markdown-it": "12.3.2" + "markdown-it": "13.0.1", + "markdownlint-micromark": "0.1.2" }, "engines": { - "node": ">=12" + "node": ">=14.18.0" } }, "node_modules/markdownlint-cli": { - "version": "0.31.1", - "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.31.1.tgz", - "integrity": "sha512-keIOMwQn+Ch7MoBwA+TdkyVMuxAeZFEGmIIlvwgV0Z1TGS5MxPnRr29XCLhkNzCHU+uNKGjU+VEjLX+Z9kli6g==", + "version": "0.34.0", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.34.0.tgz", + "integrity": "sha512-4G9I++VBTZkaye6Yfc/7dU6HQHcyldZEVB+bYyQJLcpJOHKk/q5ZpGqK80oKMIdlxzsA3aWOJLZ4DkoaoUWXbQ==", "dev": true, "dependencies": { - "commander": "~9.0.0", + "commander": "~10.0.1", "get-stdin": "~9.0.0", - "glob": "~7.2.0", - "ignore": "~5.2.0", + "glob": "~10.2.2", + "ignore": "~5.2.4", "js-yaml": "^4.1.0", - "jsonc-parser": "~3.0.0", - "markdownlint": "~0.25.1", - "markdownlint-rule-helpers": "~0.16.0", - "minimatch": "~3.0.5", - "run-con": "~1.2.10" + "jsonc-parser": "~3.2.0", + "markdownlint": "~0.28.2", + "minimatch": "~9.0.0", + "run-con": "~1.2.11" }, "bin": { "markdownlint": "markdownlint.js" }, "engines": { - "node": ">=12" + "node": ">=14" + } + }, + "node_modules/markdownlint-cli/node_modules/brace-expansion": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "dev": true, + "dependencies": { + "balanced-match": "^1.0.0" } }, "node_modules/markdownlint-cli/node_modules/commander": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-9.0.0.tgz", - "integrity": "sha512-JJfP2saEKbQqvW+FI93OYUB4ByV5cizMpFMiiJI8xDbBvQvSkIk0VvQdn1CZ8mqAO8Loq2h0gYTYtDFUZUeERw==", + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==", "dev": true, "engines": { - "node": "^12.20.0 || >=14" + "node": ">=14" + } + }, + "node_modules/markdownlint-cli/node_modules/glob": { + "version": "10.2.2", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.2.2.tgz", + "integrity": "sha512-Xsa0BcxIC6th9UwNjZkhrMtNo/MnyRL8jGCP+uEwhA5oFOCY1f2s1/oNKY47xQ0Bg5nkjsfAEIej1VeH62bDDQ==", + "dev": true, + "dependencies": { + "foreground-child": "^3.1.0", + "jackspeak": "^2.0.3", + "minimatch": "^9.0.0", + "minipass": "^5.0.0", + "path-scurry": "^1.7.0" + }, + "bin": { + "glob": "dist/cjs/src/bin.js" + }, + "engines": { + "node": ">=16 || 14 >=14.17" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" } }, "node_modules/markdownlint-cli/node_modules/minimatch": { - "version": "3.0.8", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz", - "integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==", + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.0.tgz", + "integrity": "sha512-0jJj8AvgKqWN05mrwuqi8QYKx1WmYSUoKSxu5Qhs9prezTz10sxAHGNZe9J9cqIJzta8DWsleh2KaVaLl6Ru2w==", "dev": true, "dependencies": { - "brace-expansion": "^1.1.7" + "brace-expansion": "^2.0.1" }, "engines": { - "node": "*" + "node": ">=16 || 14 >=14.17" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" } }, - "node_modules/markdownlint-rule-helpers": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/markdownlint-rule-helpers/-/markdownlint-rule-helpers-0.16.0.tgz", - "integrity": "sha512-oEacRUVeTJ5D5hW1UYd2qExYI0oELdYK72k1TKGvIeYJIbqQWAz476NAc7LNixSySUhcNl++d02DvX0ccDk9/w==", - "dev": true + "node_modules/markdownlint-micromark": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.2.tgz", + "integrity": "sha512-jRxlQg8KpOfM2IbCL9RXM8ZiYWz2rv6DlZAnGv8ASJQpUh6byTBnEsbuMZ6T2/uIgntyf7SKg/mEaEBo1164fQ==", + "dev": true, + "engines": { + "node": ">=14.18.0" + } }, "node_modules/mdurl": { "version": "1.0.1", @@ -324,10 +517,22 @@ } }, "node_modules/minimist": { - "version": "1.2.6", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", - "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==", - "dev": true + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", + "dev": true, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/minipass": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-5.0.0.tgz", + "integrity": "sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==", + "dev": true, + "engines": { + "node": ">=8" + } }, "node_modules/once": { "version": "1.4.0", @@ -347,6 +552,31 @@ "node": ">=0.10.0" } }, + "node_modules/path-key": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/path-scurry": { + "version": "1.7.0", + "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.7.0.tgz", + "integrity": "sha512-UkZUeDjczjYRE495+9thsgcVgsaCPkaw80slmfVFgllxY+IO8ubTsOpFVjDPROBqJdHfVPUFRHPBV/WciOVfWg==", + "dev": true, + "dependencies": { + "lru-cache": "^9.0.0", + "minipass": "^5.0.0" + }, + "engines": { + "node": ">=16 || 14 >=14.17" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, "node_modules/repeat-string": { "version": "1.6.1", "resolved": "https://registry.npmjs.org/repeat-string/-/repeat-string-1.6.1.tgz", @@ -357,20 +587,149 @@ } }, "node_modules/run-con": { - "version": "1.2.10", - "resolved": "https://registry.npmjs.org/run-con/-/run-con-1.2.10.tgz", - "integrity": "sha512-n7PZpYmMM26ZO21dd8y3Yw1TRtGABjRtgPSgFS/nhzfvbJMXFtJhJVyEgayMiP+w/23craJjsnfDvx4W4ue/HQ==", + "version": "1.2.11", + "resolved": "https://registry.npmjs.org/run-con/-/run-con-1.2.11.tgz", + "integrity": "sha512-NEMGsUT+cglWkzEr4IFK21P4Jca45HqiAbIIZIBdX5+UZTB24Mb/21iNGgz9xZa8tL6vbW7CXmq7MFN42+VjNQ==", "dev": true, "dependencies": { "deep-extend": "^0.6.0", - "ini": "~2.0.0", - "minimist": "^1.2.5", + "ini": "~3.0.0", + "minimist": "^1.2.6", "strip-json-comments": "~3.1.1" }, "bin": { "run-con": "cli.js" } }, + "node_modules/shebang-command": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", + "dev": true, + "dependencies": { + "shebang-regex": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shebang-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/signal-exit": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.0.1.tgz", + "integrity": "sha512-uUWsN4aOxJAS8KOuf3QMyFtgm1pkb6I+KRZbRF/ghdf5T7sM+B1lLLzPDxswUjkmHyxQAVzEgG35E3NzDM9GVw==", + "dev": true, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/string-width": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", + "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==", + "dev": true, + "dependencies": { + "eastasianwidth": "^0.2.0", + "emoji-regex": "^9.2.2", + "strip-ansi": "^7.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/string-width-cjs": { + "name": "string-width", + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dev": true, + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/string-width-cjs/node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/string-width-cjs/node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "dev": true + }, + "node_modules/string-width-cjs/node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dev": true, + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-ansi": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.0.1.tgz", + "integrity": "sha512-cXNxvT8dFNRVfhVME3JAe98mkXDYN2O1l7jmcwMnOslDeESg1rF/OZMtK0nRAhiari1unG5cD4jG3rapUAkLbw==", + "dev": true, + "dependencies": { + "ansi-regex": "^6.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/strip-ansi?sponsor=1" + } + }, + "node_modules/strip-ansi-cjs": { + "name": "strip-ansi", + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dev": true, + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-ansi-cjs/node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dev": true, + "engines": { + "node": ">=8" + } + }, "node_modules/strip-json-comments": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", @@ -389,333 +748,126 @@ "integrity": "sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA==", "dev": true }, + "node_modules/which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "dev": true, + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "node-which": "bin/node-which" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/wrap-ansi": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", + "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==", + "dev": true, + "dependencies": { + "ansi-styles": "^6.1.0", + "string-width": "^5.0.1", + "strip-ansi": "^7.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/wrap-ansi-cjs": { + "name": "wrap-ansi", + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "dev": true, + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/wrap-ansi-cjs/node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/wrap-ansi-cjs/node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dev": true, + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/wrap-ansi-cjs/node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "dev": true + }, + "node_modules/wrap-ansi-cjs/node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dev": true, + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/wrap-ansi-cjs/node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dev": true, + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/wrappy": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", - "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", "dev": true }, "node_modules/yaml": { - "version": "2.1.3", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.1.3.tgz", - "integrity": "sha512-AacA8nRULjKMX2DvWvOAdBZMOfQlypSFkjcOcu9FalllIDJ1kvlREzcdIZmidQUqqeMv7jorHjq2HlLv/+c2lg==", + "version": "2.2.2", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.2.2.tgz", + "integrity": "sha512-CBKFWExMn46Foo4cldiChEzn7S7SRV+wqiluAb6xmueD/fGyRHIhX8m14vVGgeFWjN540nKCNVj6P21eQjgTuA==", "dev": true, "engines": { "node": ">= 14" } } - }, - "dependencies": { - "@bitnami/readme-generator-for-helm": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.4.2.tgz", - "integrity": "sha512-2kIXOjRiKJ3PBoBD6EaImp4SNyGM/w67ZPPwbuJi5NeXesupQjFyhIhcKliIledlpuiSrMeH9l80yl6hvmYHUA==", - "dev": true, - "requires": { - "commander": "^7.1.0", - "dot-object": "^2.1.4", - "lodash": "^4.17.21", - "markdown-table": "^2.0.0", - "yaml": "^2.0.0-3" - } - }, - "argparse": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", - "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", - "dev": true - }, - "balanced-match": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", - "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", - "dev": true - }, - "brace-expansion": { - "version": "1.1.11", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", - "dev": true, - "requires": { - "balanced-match": "^1.0.0", - "concat-map": "0.0.1" - } - }, - "commander": { - "version": "7.2.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-7.2.0.tgz", - "integrity": "sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==", - "dev": true - }, - "concat-map": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", - "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", - "dev": true - }, - "deep-extend": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.6.0.tgz", - "integrity": "sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==", - "dev": true - }, - "dot-object": { - "version": "2.1.4", - "resolved": "https://registry.npmjs.org/dot-object/-/dot-object-2.1.4.tgz", - "integrity": "sha512-7FXnyyCLFawNYJ+NhkqyP9Wd2yzuo+7n9pGiYpkmXCTYa8Ci2U0eUNDVg5OuO5Pm6aFXI2SWN8/N/w7SJWu1WA==", - "dev": true, - "requires": { - "commander": "^4.0.0", - "glob": "^7.1.5" - }, - "dependencies": { - "commander": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", - "integrity": "sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==", - "dev": true - } - } - }, - "entities": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/entities/-/entities-2.1.0.tgz", - "integrity": "sha512-hCx1oky9PFrJ611mf0ifBLBRW8lUUVRlFolb5gWRfIELabBlbp9xZvrqZLZAs+NxFnbfQoeGd8wDkygjg7U85w==", - "dev": true - }, - "fs.realpath": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", - "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==", - "dev": true - }, - "get-stdin": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", - "integrity": "sha512-dVKBjfWisLAicarI2Sf+JuBE/DghV4UzNAVe9yhEJuzeREd3JhOTE9cUaJTeSa77fsbQUK3pcOpJfM59+VKZaA==", - "dev": true - }, - "glob": { - "version": "7.2.3", - "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", - "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", - "dev": true, - "requires": { - "fs.realpath": "^1.0.0", - "inflight": "^1.0.4", - "inherits": "2", - "minimatch": "^3.1.1", - "once": "^1.3.0", - "path-is-absolute": "^1.0.0" - } - }, - "ignore": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.0.tgz", - "integrity": "sha512-CmxgYGiEPCLhfLnpPp1MoRmifwEIOgjcHXxOBjv7mY96c+eWScsOP9c112ZyLdWHi0FxHjI+4uVhKYp/gcdRmQ==", - "dev": true - }, - "inflight": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", - "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==", - "dev": true, - "requires": { - "once": "^1.3.0", - "wrappy": "1" - } - }, - "inherits": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", - "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", - "dev": true - }, - "ini": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ini/-/ini-2.0.0.tgz", - "integrity": "sha512-7PnF4oN3CvZF23ADhA5wRaYEQpJ8qygSkbtTXWBeXWXmEVRXK+1ITciHWwHhsjv1TmW0MgacIv6hEi5pX5NQdA==", - "dev": true - }, - "js-yaml": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", - "dev": true, - "requires": { - "argparse": "^2.0.1" - } - }, - "jsonc-parser": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.0.0.tgz", - "integrity": "sha512-fQzRfAbIBnR0IQvftw9FJveWiHp72Fg20giDrHz6TdfB12UH/uue0D3hm57UB5KgAVuniLMCaS8P1IMj9NR7cA==", - "dev": true - }, - "linkify-it": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-3.0.3.tgz", - "integrity": "sha512-ynTsyrFSdE5oZ/O9GEf00kPngmOfVwazR5GKDq6EYfhlpFug3J2zybX56a2PRRpc9P+FuSoGNAwjlbDs9jJBPQ==", - "dev": true, - "requires": { - "uc.micro": "^1.0.1" - } - }, - "lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", - "dev": true - }, - "markdown-it": { - "version": "12.3.2", - "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-12.3.2.tgz", - "integrity": "sha512-TchMembfxfNVpHkbtriWltGWc+m3xszaRD0CZup7GFFhzIgQqxIfn3eGj1yZpfuflzPvfkt611B2Q/Bsk1YnGg==", - "dev": true, - "requires": { - "argparse": "^2.0.1", - "entities": "~2.1.0", - "linkify-it": "^3.0.1", - "mdurl": "^1.0.1", - "uc.micro": "^1.0.5" - } - }, - "markdown-table": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/markdown-table/-/markdown-table-2.0.0.tgz", - "integrity": "sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==", - "dev": true, - "requires": { - "repeat-string": "^1.0.0" - } - }, - "markdownlint": { - "version": "0.25.1", - "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.25.1.tgz", - "integrity": "sha512-AG7UkLzNa1fxiOv5B+owPsPhtM4D6DoODhsJgiaNg1xowXovrYgOnLqAgOOFQpWOlHFVQUzjMY5ypNNTeov92g==", - "dev": true, - "requires": { - "markdown-it": "12.3.2" - } - }, - "markdownlint-cli": { - "version": "0.31.1", - "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.31.1.tgz", - "integrity": "sha512-keIOMwQn+Ch7MoBwA+TdkyVMuxAeZFEGmIIlvwgV0Z1TGS5MxPnRr29XCLhkNzCHU+uNKGjU+VEjLX+Z9kli6g==", - "dev": true, - "requires": { - "commander": "~9.0.0", - "get-stdin": "~9.0.0", - "glob": "~7.2.0", - "ignore": "~5.2.0", - "js-yaml": "^4.1.0", - "jsonc-parser": "~3.0.0", - "markdownlint": "~0.25.1", - "markdownlint-rule-helpers": "~0.16.0", - "minimatch": "~3.0.5", - "run-con": "~1.2.10" - }, - "dependencies": { - "commander": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-9.0.0.tgz", - "integrity": "sha512-JJfP2saEKbQqvW+FI93OYUB4ByV5cizMpFMiiJI8xDbBvQvSkIk0VvQdn1CZ8mqAO8Loq2h0gYTYtDFUZUeERw==", - "dev": true - }, - "minimatch": { - "version": "3.0.8", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz", - "integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==", - "dev": true, - "requires": { - "brace-expansion": "^1.1.7" - } - } - } - }, - "markdownlint-rule-helpers": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/markdownlint-rule-helpers/-/markdownlint-rule-helpers-0.16.0.tgz", - "integrity": "sha512-oEacRUVeTJ5D5hW1UYd2qExYI0oELdYK72k1TKGvIeYJIbqQWAz476NAc7LNixSySUhcNl++d02DvX0ccDk9/w==", - "dev": true - }, - "mdurl": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-1.0.1.tgz", - "integrity": "sha512-/sKlQJCBYVY9Ers9hqzKou4H6V5UWc/M59TH2dvkt+84itfnq7uFOMLpOiOS4ujvHP4etln18fmIxA5R5fll0g==", - "dev": true - }, - "minimatch": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", - "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", - "dev": true, - "requires": { - "brace-expansion": "^1.1.7" - } - }, - "minimist": { - "version": "1.2.6", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", - "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==", - "dev": true - }, - "once": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", - "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", - "dev": true, - "requires": { - "wrappy": "1" - } - }, - "path-is-absolute": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", - "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==", - "dev": true - }, - "repeat-string": { - "version": "1.6.1", - "resolved": "https://registry.npmjs.org/repeat-string/-/repeat-string-1.6.1.tgz", - "integrity": "sha512-PV0dzCYDNfRi1jCDbJzpW7jNNDRuCOG/jI5ctQcGKt/clZD+YcPS3yIlWuTJMmESC8aevCFmWJy5wjAFgNqN6w==", - "dev": true - }, - "run-con": { - "version": "1.2.10", - "resolved": "https://registry.npmjs.org/run-con/-/run-con-1.2.10.tgz", - "integrity": "sha512-n7PZpYmMM26ZO21dd8y3Yw1TRtGABjRtgPSgFS/nhzfvbJMXFtJhJVyEgayMiP+w/23craJjsnfDvx4W4ue/HQ==", - "dev": true, - "requires": { - "deep-extend": "^0.6.0", - "ini": "~2.0.0", - "minimist": "^1.2.5", - "strip-json-comments": "~3.1.1" - } - }, - "strip-json-comments": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", - "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", - "dev": true - }, - "uc.micro": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-1.0.6.tgz", - "integrity": "sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA==", - "dev": true - }, - "wrappy": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", - "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=", - "dev": true - }, - "yaml": { - "version": "2.1.3", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.1.3.tgz", - "integrity": "sha512-AacA8nRULjKMX2DvWvOAdBZMOfQlypSFkjcOcu9FalllIDJ1kvlREzcdIZmidQUqqeMv7jorHjq2HlLv/+c2lg==", - "dev": true - } } } diff --git a/package.json b/package.json index deaa802..53906d2 100644 --- a/package.json +++ b/package.json @@ -13,7 +13,7 @@ "readme:parameters": "readme-generator -v values.yaml -r README.md" }, "devDependencies": { - "@bitnami/readme-generator-for-helm": "^2.4.2", - "markdownlint-cli": "^0.31.1" + "@bitnami/readme-generator-for-helm": "^2.5.0", + "markdownlint-cli": "^0.34.0" } } From 9c7e85a2bb072d431662785db94078faadcabbcc Mon Sep 17 00:00:00 2001 From: pat-s Date: Sat, 13 May 2023 18:11:14 +0800 Subject: [PATCH 003/114] Sign helm releases (#427) fix #31 First stab, need to iterate most likely. @techknowlogick @lunny Could one of you add the GPG secrets here so the signing can be tested? Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/427 Reviewed-by: Lunny Xiao Co-authored-by: pat-s Co-committed-by: pat-s --- .gitea/workflows/release-version.yml | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index b30ee7f..239cd37 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -19,24 +19,35 @@ jobs: apt update -y apt install -y python helm python3-pip apt-transport-https pip install awscli + + - name: Import GPG key + id: import_gpg + uses: https://github.com/crazy-max/ghaction-import-gpg@v5 + with: + gpg_private_key: ${{ secrets.GPGSIGN_KEY }} + passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }} + fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0 + + # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 - name: package chart run: | + # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved + helm plugin install https://github.com/pat-s/helm-gpg helm dependency update helm package --version "${GITHUB_REF#refs/tags/v}" ./ + helm gpg sign "gitea-${GITHUB_REF#refs/tags/v}.tgz" mkdir gitea mv gitea*.tgz gitea/ curl -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml + - name: aws credential configure uses: https://github.com/aws-actions/configure-aws-credentials@v2 with: aws-access-key-id: ${{ secrets.AWS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ secrets.AWS_REGION }} - - name: install aws cli - run: | - apt update -y && - pip install awscli + - name: Copy files to S3 and clear cache run: | aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/ From 0ca013647d937bd5294331d72e72e2da0ff5ad39 Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 24 May 2023 05:01:22 +0800 Subject: [PATCH 004/114] Set `$HOME` to `/data/gitea/git` for rootless image (#447) fix #396 Set the default of `$HOME` to `/data/gitea/git` for rootless images to make chart openshift compliant. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/447 Reviewed-by: Lunny Xiao Co-authored-by: pat-s Co-committed-by: pat-s --- templates/gitea/statefulset.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index b11813b..afa9c05 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -173,6 +173,10 @@ spec: value: /data - name: GITEA_TEMP value: /tmp/gitea + {{- if .Values.image.rootless }} + - name: HOME + value: /data/gitea/git + {{- end }} {{- if .Values.gitea.ldap }} {{- range $idx, $value := .Values.gitea.ldap }} {{- if $value.existingSecret }} @@ -268,6 +272,10 @@ spec: value: /tmp/gitea - name: TMPDIR value: /tmp/gitea + {{- if .Values.image.rootless }} + - name: HOME + value: /data/gitea/git + {{- end }} {{- if .Values.signing.enabled }} - name: GNUPGHOME value: {{ .Values.signing.gpgHome }} From 5e5496f15d90755a6fb09b12c5e5389386707ee2 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Wed, 31 May 2023 08:47:58 +0000 Subject: [PATCH 005/114] Add support for ServiceAccount configuration (#451) ### Description of the change This adds a new values object `serviceAccount`, that allows creating a dedicated ServiceAccount with the Helm Release into the cluster. It supports all common options like labels, annotations, name override (or referring to an externally created ServiceAccount), auto-mount token, image pull secrets. It supersedes the stale PR #357. ### Benefits Users can deploy Gitea with more fine-tuned security settings. ### Applicable issues - related to #448 ### Additional information I've bumped the helm-unittest plugin in the CI build, to be able to use the `exists` and `notExists` feature in the new tests. ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/451 Reviewed-by: pat-s Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- .gitea/workflows/test-pr.yml | 2 +- CONTRIBUTING.md | 2 + README.md | 11 ++++ templates/_helpers.tpl | 4 ++ templates/gitea/serviceaccount.yaml | 21 +++++++ templates/gitea/statefulset.yaml | 3 + unittests/serviceaccount/basic.yaml | 82 +++++++++++++++++++++++++ unittests/serviceaccount/reference.yaml | 32 ++++++++++ values.yaml | 17 +++++ 9 files changed, 173 insertions(+), 1 deletion(-) create mode 100644 templates/gitea/serviceaccount.yaml create mode 100644 unittests/serviceaccount/basic.yaml create mode 100644 unittests/serviceaccount/reference.yaml diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index ea06564..7c351cd 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -26,7 +26,7 @@ jobs: helm template --debug gitea-helm . - name: unit tests run: | - helm plugin install --version 0.3.1 https://github.com/helm-unittest/helm-unittest + helm plugin install --version 0.3.3 https://github.com/helm-unittest/helm-unittest make unittests - name: verify readme run: | diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7f8f4f0..255d0ee 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -61,3 +61,5 @@ $ helm plugin install https://github.com/helm-unittest/helm-unittest # run the unittests make unittests ``` + +See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/v0.3.3/DOCUMENT.md) for usage instructions. diff --git a/README.md b/README.md index 34f7e99..ca052a3 100644 --- a/README.md +++ b/README.md @@ -655,6 +655,17 @@ gitea: | `statefulset.labels` | Labels for the statefulset | `{}` | | `statefulset.annotations` | Annotations for the Gitea StatefulSet to be created | `{}` | +### ServiceAccount + +| Name | Description | Value | +| --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `serviceAccount.create` | Enable the creation of a ServiceAccount | `false` | +| `serviceAccount.name` | Name of the created ServiceAccount, defaults to release name. Can also link to an externally provided ServiceAccount that should be used. | `""` | +| `serviceAccount.automountServiceAccountToken` | Enable/disable auto mounting of the service account token | `false` | +| `serviceAccount.imagePullSecrets` | Image pull secrets, available to the ServiceAccount | `[]` | +| `serviceAccount.annotations` | Custom annotations for the ServiceAccount | `{}` | +| `serviceAccount.labels` | Custom labels for the ServiceAccount | `{}` | + ### Persistence | Name | Description | Value | diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 97c286c..51ec558 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -311,3 +311,7 @@ https {{- define "gitea.gpg-key-secret-name" -}} {{ default (printf "%s-gpg-key" (include "gitea.fullname" .)) .Values.signing.existingSecret }} {{- end -}} + +{{- define "gitea.serviceAccountName" -}} +{{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }} +{{- end -}} diff --git a/templates/gitea/serviceaccount.yaml b/templates/gitea/serviceaccount.yaml new file mode 100644 index 0000000..e730f9c --- /dev/null +++ b/templates/gitea/serviceaccount.yaml @@ -0,0 +1,21 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gitea.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "gitea.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.labels }} + {{- . | toYaml | nindent 4 }} + {{- end }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- . | toYaml | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- with .Values.serviceAccount.imagePullSecrets }} +imagePullSecrets: + {{- . | toYaml | nindent 2 }} +{{- end }} +{{- end }} diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index afa9c05..9867dd2 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -39,6 +39,9 @@ spec: {{- if .Values.schedulerName }} schedulerName: "{{ .Values.schedulerName }}" {{- end }} + {{- if (or .Values.serviceAccount.create .Values.serviceAccount.name) }} + serviceAccountName: {{ include "gitea.serviceAccountName" . }} + {{- end }} {{- if .Values.priorityClassName }} priorityClassName: "{{ .Values.priorityClassName }}" {{- end }} diff --git a/unittests/serviceaccount/basic.yaml b/unittests/serviceaccount/basic.yaml new file mode 100644 index 0000000..73d8e1e --- /dev/null +++ b/unittests/serviceaccount/basic.yaml @@ -0,0 +1,82 @@ +suite: ServiceAccount template (basic) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/serviceaccount.yaml +tests: + - it: skips rendering by default + asserts: + - hasDocuments: + count: 0 + - it: renders default ServiceAccount object with serviceAccount.create=true + set: + serviceAccount.create: true + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: ServiceAccount + apiVersion: v1 + name: gitea-unittests + - equal: + path: automountServiceAccountToken + value: false + - notExists: + path: imagePullSecrets + - notExists: + path: metadata.annotations + - it: allows for adding custom labels + set: + serviceAccount: + create: true + labels: + custom: label + asserts: + - equal: + path: metadata.labels.custom + value: label + - it: allows for adding custom annotations + set: + serviceAccount: + create: true + annotations: + myCustom: annotation + asserts: + - equal: + path: metadata.annotations.myCustom + value: annotation + - it: allows to override the generated name + set: + serviceAccount: + create: true + name: provided-serviceaccount-name + asserts: + - equal: + path: metadata.name + value: provided-serviceaccount-name + - it: allows to mount the token + set: + serviceAccount: + create: true + automountServiceAccountToken: true + asserts: + - equal: + path: automountServiceAccountToken + value: true + - it: allows to reference image pull secrets + set: + serviceAccount: + create: true + imagePullSecrets: + - name: testing-image-pull-secret + - name: another-pull-secret + asserts: + - contains: + path: imagePullSecrets + content: + name: testing-image-pull-secret + - contains: + path: imagePullSecrets + content: + name: another-pull-secret diff --git a/unittests/serviceaccount/reference.yaml b/unittests/serviceaccount/reference.yaml new file mode 100644 index 0000000..9c01594 --- /dev/null +++ b/unittests/serviceaccount/reference.yaml @@ -0,0 +1,32 @@ +suite: ServiceAccount template (reference) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/serviceaccount.yaml + - templates/gitea/statefulset.yaml + - templates/gitea/config.yaml +tests: + - it: does not modify the StatefulSet by default + template: templates/gitea/statefulset.yaml + asserts: + - notExists: + path: spec.serviceAccountName + - it: adds the reference to the StatefulSet with serviceAccount.create=true + template: templates/gitea/statefulset.yaml + set: + serviceAccount.create: true + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: gitea-unittests + - it: allows referencing an externally created ServiceAccount to the StatefulSet + template: templates/gitea/statefulset.yaml + set: + serviceAccount: + create: false # explicitly set to define rendering behavior + name: "externally-existing-serviceaccount" + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: externally-existing-serviceaccount diff --git a/values.yaml b/values.yaml index 4e3e085..a73a88b 100644 --- a/values.yaml +++ b/values.yaml @@ -205,6 +205,23 @@ statefulset: labels: {} annotations: {} +## @section ServiceAccount + +## @param serviceAccount.create Enable the creation of a ServiceAccount +## @param serviceAccount.name Name of the created ServiceAccount, defaults to release name. Can also link to an externally provided ServiceAccount that should be used. +## @param serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token +## @param serviceAccount.imagePullSecrets Image pull secrets, available to the ServiceAccount +## @param serviceAccount.annotations Custom annotations for the ServiceAccount +## @param serviceAccount.labels Custom labels for the ServiceAccount +serviceAccount: + create: false + name: "" + automountServiceAccountToken: false + imagePullSecrets: [] + # - name: private-registry-access + annotations: {} + labels: {} + ## @section Persistence # ## @param persistence.enabled Enable persistent storage From b11c9c7568b7612feb90febed9f016f40dfb923c Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Sun, 11 Jun 2023 08:15:59 +0000 Subject: [PATCH 006/114] Add unittests to PR checklist (#455) ### Description of the change This should clarify that we more and more rely on unittests for the templating behavior. ### Applicable issues - fixes #199 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/455 Reviewed-by: pat-s Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- .gitea/PULL_REQUEST_TEMPLATE.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitea/PULL_REQUEST_TEMPLATE.md b/.gitea/PULL_REQUEST_TEMPLATE.md index 1121296..01ad275 100644 --- a/.gitea/PULL_REQUEST_TEMPLATE.md +++ b/.gitea/PULL_REQUEST_TEMPLATE.md @@ -39,3 +39,4 @@ - [ ] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [ ] Breaking changes are documented in the `README.md` +- [ ] Templating unittests are added From aa33330abeee32b3f1937322fa71e80112f83539 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sat, 17 Jun 2023 22:15:49 +0000 Subject: [PATCH 007/114] Add upgrading note WRT to postgres major version update (#458) Should help users with their move from PG 11 to 15. Thanks again @pi3ch! Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/458 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index ca052a3..a2f676f 100644 --- a/README.md +++ b/README.md @@ -809,6 +809,10 @@ With respect to `values.yaml`, parameters `username`, `database` and `password` `persistence` has also been regrouped under the `primary` key. Please adjust your `values.yaml` accordingly. +**Attention**: The Postgres upgrade is not automatically handled by the chart and must be done by yourself. +See [this comment](https://gitea.com/gitea/helm-chart/issues/452#issuecomment-740885) for an extensive walkthrough. +We again highly encourage users to use an external (managed) database for production instances. + ### To 7.0.0 #### Private GPG key configuration for Gitea signing actions From 5ed140088e4a9d2b1191876100ab9ae528e279f2 Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 27 Jun 2023 20:32:01 +0000 Subject: [PATCH 008/114] Set `image.rootless` to true by default (#449) fix #432 Assuming that "everybody" is meanwhile on > 1.14. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/449 --- README.md | 2 +- .../init_directory_structure.sh-rootless.yaml | 68 +++++++++++++++++++ .../init/init_directory_structure.sh.yaml | 4 ++ values.yaml | 2 +- 4 files changed, 74 insertions(+), 2 deletions(-) create mode 100644 unittests/init/init_directory_structure.sh-rootless.yaml diff --git a/README.md b/README.md index a2f676f..d4259c9 100644 --- a/README.md +++ b/README.md @@ -587,7 +587,7 @@ gitea: | `image.repository` | Image to start for this pod | `gitea/gitea` | | `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` | | `image.pullPolicy` | Image pull policy | `Always` | -| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` | +| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` | | `imagePullSecrets` | Secret to use for pulling the image | `[]` | ### Security diff --git a/unittests/init/init_directory_structure.sh-rootless.yaml b/unittests/init/init_directory_structure.sh-rootless.yaml new file mode 100644 index 0000000..854bcce --- /dev/null +++ b/unittests/init/init_directory_structure.sh-rootless.yaml @@ -0,0 +1,68 @@ +suite: Init template +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/init.yaml +tests: + - it: runs gpg in batch mode + set: + signing.enabled: true + signing.privateKey: |- + -----BEGIN PGP PRIVATE KEY BLOCK----- + {placeholder} + -----END PGP PRIVATE KEY BLOCK----- + asserts: + - equal: + path: stringData["configure_gpg_environment.sh"] + value: |- + #!/usr/bin/env bash + set -eu + + gpg --batch --import /raw/private.asc + - it: skips gpg script block for disabled signing + asserts: + - equal: + path: stringData["init_directory_structure.sh"] + value: |- + #!/usr/bin/env bash + + set -euo pipefail + + set -x + mkdir -p /data/git/.ssh + chmod -R 700 /data/git/.ssh + [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf + + # prepare temp directory structure + mkdir -p "${GITEA_TEMP}" + chmod ug+rwx "${GITEA_TEMP}" + - it: adds gpg script block for enabled signing + set: + signing.enabled: true + signing.privateKey: |- + -----BEGIN PGP PRIVATE KEY BLOCK----- + {placeholder} + -----END PGP PRIVATE KEY BLOCK----- + asserts: + - equal: + path: stringData["init_directory_structure.sh"] + value: |- + #!/usr/bin/env bash + + set -euo pipefail + + set -x + mkdir -p /data/git/.ssh + chmod -R 700 /data/git/.ssh + [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf + + # prepare temp directory structure + mkdir -p "${GITEA_TEMP}" + chmod ug+rwx "${GITEA_TEMP}" + + if [ ! -d "${GNUPGHOME}" ]; then + mkdir -p "${GNUPGHOME}" + chmod 700 "${GNUPGHOME}" + chown 1000:1000 "${GNUPGHOME}" + fi diff --git a/unittests/init/init_directory_structure.sh.yaml b/unittests/init/init_directory_structure.sh.yaml index ddfa981..7e59404 100644 --- a/unittests/init/init_directory_structure.sh.yaml +++ b/unittests/init/init_directory_structure.sh.yaml @@ -7,6 +7,7 @@ templates: tests: - it: runs gpg in batch mode set: + image.rootless: false signing.enabled: true signing.privateKey: |- -----BEGIN PGP PRIVATE KEY BLOCK----- @@ -21,6 +22,8 @@ tests: gpg --batch --import /raw/private.asc - it: skips gpg script block for disabled signing + set: + image.rootless: false asserts: - equal: path: stringData["init_directory_structure.sh"] @@ -41,6 +44,7 @@ tests: chmod ug+rwx "${GITEA_TEMP}" - it: adds gpg script block for enabled signing set: + image.rootless: false signing.enabled: true signing.privateKey: |- -----BEGIN PGP PRIVATE KEY BLOCK----- diff --git a/values.yaml b/values.yaml index a73a88b..c37edc2 100644 --- a/values.yaml +++ b/values.yaml @@ -38,7 +38,7 @@ image: # Overrides the image tag whose default is the chart appVersion. tag: "" pullPolicy: Always - rootless: false # only possible when running 1.14 or later + rootless: true ## @param imagePullSecrets Secret to use for pulling the image imagePullSecrets: [] From 81252dcb18c0209e8c06106c034d9ab300ee0d66 Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 28 Jun 2023 06:54:22 +0000 Subject: [PATCH 009/114] Add toc to README and lint contributing.md (#461) ### Description of the change - Add ToC to README for easier navigation (and add note to `contributing.md`) - Fix some heading levels in README - Put upgrading notes into collapsible blocks - Format `contributing.md` according to MD rules - Allow `details` and `summary` elements in README - Allow for longer headings ### Benefits Better documentation ### Possible drawbacks None Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/461 Co-authored-by: pat-s Co-committed-by: pat-s --- .markdownlint.yaml | 4 +- CONTRIBUTING.md | 29 ++++++------ README.md | 114 ++++++++++++++++++++++++++++++++++----------- 3 files changed, 102 insertions(+), 45 deletions(-) diff --git a/.markdownlint.yaml b/.markdownlint.yaml index 305545f..7b0c356 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -47,7 +47,7 @@ MD013: # Number of characters line_length: 200 # Number of characters for headings - heading_line_length: 80 + heading_line_length: 100 # Number of characters for code blocks code_block_line_length: 80 # Include code blocks @@ -106,7 +106,7 @@ MD030: # MD033/no-inline-html - Inline HTML MD033: # Allowed elements - allowed_elements: [] + allowed_elements: [details, summary] # MD035/hr-style - Horizontal rule style MD035: diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 255d0ee..ea00fdc 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -18,12 +18,12 @@ When using Visual Studio Code as IDE, following plugins might be useful: ## Documentation Requirements -The `README.md` must include all configuration options. The parameters section -is generated by extracting the parameter annotations from the `values.yaml` file, -by using [this tool](https://github.com/bitnami-labs/readme-generator-for-helm). +The `README.md` must include all configuration options. +The parameters section is generated by extracting the parameter annotations from the `values.yaml` file, by using [this tool](https://github.com/bitnami-labs/readme-generator-for-helm). -If changes were made on configuration options, run `make readme` to update the -README file. +If changes were made on configuration options, run `make readme` to update the README file. + +The ToC is created via the VSCode [Markdown All in One](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one) extension which can/must also be used used to update it. ## Pull Request Requirements @@ -41,16 +41,15 @@ For local development and testing of pull requests, the following workflow can be used: 1. Install `minikube` and `helm`. -2. Start a `minikube` cluster via `minikube start`. -3. From the `gitea/helm-chart` directory execute the following command. This - will install the dependencies listed in `Chart.yml` and deploy the current - state of the helm chart found locally. If you want to test a branch, make - sure to switch to the respective branch first. - `helm install --dependency-update gitea . -f values.yaml`. -4. Gitea is now deployed in `minikube`. To access it, it's port needs to be - forwarded first from `minikube` to localhost first via `kubectl --namespace - default port-forward svc/gitea-http 3000:3000`. Now Gitea is accessible at - [http://localhost:3000](http://localhost:3000). +1. Start a `minikube` cluster via `minikube start`. +1. From the `gitea/helm-chart` directory execute the following command. + This will install the dependencies listed in `Chart.yml` and deploy the current state of the helm chart found locally. + If you want to test a branch, make sure to switch to the respective branch first. + `helm install --dependency-update gitea . -f values.yaml`. +1. Gitea is now deployed in `minikube`. + To access it, it's port needs to be forwarded first from `minikube` to localhost first via `kubectl --namespace +default port-forward svc/gitea-http 3000:3000`. + Now Gitea is accessible at [http://localhost:3000](http://localhost:3000). ### Unit tests diff --git a/README.md b/README.md index d4259c9..766f04f 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,46 @@ -# Gitea Helm Chart +# Gitea Helm Chart + +- [Introduction](#introduction) +- [Update and versioning policy](#update-and-versioning-policy) +- [Dependencies](#dependencies) +- [Installing](#installing) +- [Prerequisites](#prerequisites) +- [Configuration](#configuration) + - [Default Configuration](#default-configuration) + - [Additional _app.ini_ settings](#additional-appini-settings) + - [External Database](#external-database) + - [Ports and external url](#ports-and-external-url) + - [ClusterIP](#clusterip) + - [SSH and Ingress](#ssh-and-ingress) + - [SSH on crio based kubernetes cluster](#ssh-on-crio-based-kubernetes-cluster) + - [Cache](#cache) + - [Persistence](#persistence) + - [Admin User](#admin-user) + - [LDAP Settings](#ldap-settings) + - [OAuth2 Settings](#oauth2-settings) +- [Configure commit signing](#configure-commit-signing) +- [Metrics and profiling](#metrics-and-profiling) +- [Pod annotations](#pod-annotations) +- [Parameters](#parameters) + - [Global](#global) + - [Image](#image) + - [Security](#security) + - [Service](#service) + - [Ingress](#ingress) + - [StatefulSet](#statefulset) + - [ServiceAccount](#serviceaccount) + - [Persistence](#persistence-1) + - [Init](#init) + - [Signing](#signing) + - [Gitea](#gitea) + - [LivenessProbe](#livenessprobe) + - [ReadinessProbe](#readinessprobe) + - [StartupProbe](#startupprobe) + - [Memcached](#memcached) + - [PostgreSQL](#postgresql) + - [Advanced](#advanced) +- [Contributing](#contributing) +- [Upgrading](#upgrading) [Gitea](https://gitea.io/en-us/) is a community managed lightweight code hosting solution written in Go. It is published under the MIT license. @@ -51,9 +93,7 @@ When upgrading, please refer to the [Upgrading](#upgrading) section at the botto - Helm 3.0+ - PV provisioner for persistent data support -## Examples - -### Gitea Configuration +## Configuration Gitea offers lots of configuration options. This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/). @@ -538,7 +578,7 @@ signing: To use the gpg key, Gitea needs to be configured accordingly. A detailed description can be found in the [official Gitea documentation](https://docs.gitea.io/en-us/signing/#general-configuration). -### Metrics and profiling +## Metrics and profiling A Prometheus `/metrics` endpoint on the `HTTP_PORT` and `pprof` profiling endpoints on port 6060 can be enabled under `gitea`. Beware that the metrics endpoint is exposed via the ingress, manage access using ingress annotations for example. @@ -557,7 +597,7 @@ gitea: ENABLE_PPROF: true ``` -### Pod Annotations +## Pod annotations Annotations can be added to the Gitea pod. @@ -794,14 +834,16 @@ See [CONTRIBUTORS GUIDE](CONTRIBUTING.md) for details. This section lists major and breaking changes of each Helm Chart version. Please read them carefully to upgrade successfully. -### To 8.0.0 +
-#### Removal of MariaDB and MySQL DB chart dependencies +To 8.0.0 + +### Removal of MariaDB and MySQL DB chart dependencies In this version support for DB chart dependencies of MySQL and MariaDB have been removed to simplify the maintenance of the helm chart. External MySQL and MariaDB databases are still supported and will be in the future. -#### Postgres Update from v11 to v15 +### Postgres Update from v11 to v15 This Chart version updates the Postgres chart dependency and subsequently Postgres from v11 to v15. Please read the [Postgres Release Notes](https://www.postgresql.org/docs/release/) for version-specific changes. @@ -813,16 +855,24 @@ Please adjust your `values.yaml` accordingly. See [this comment](https://gitea.com/gitea/helm-chart/issues/452#issuecomment-740885) for an extensive walkthrough. We again highly encourage users to use an external (managed) database for production instances. -### To 7.0.0 +
-#### Private GPG key configuration for Gitea signing actions +
+ +To 7.0.0 + +### Private GPG key configuration for Gitea signing actions Having `signing.enabled=true` now requires to use either `signing.privateKey` or `signing.existingSecret` so that the Chart can automatically prepare the GPG key for Gitea internal signing actions. See [Configure commit signing](#configure-commit-signing) for details. -### To 6.0.0 +
-#### Different volume mounts for init-containers and runtime container +
+ +To 6.0.0 + +### Different volume mounts for init-containers and runtime container **The `extraVolumeMounts` is deprecated** in favor of `extraInitVolumeMounts` and `extraContainerVolumeMounts`. You can now have different mounts for the initialization phase and Gitea runtime. @@ -831,7 +881,7 @@ If you want to switch to the new settings and want to mount specific volumes int **Combining values from the deprecated setting with values from the new settings is not possible.** -#### New `enabled` flag for `startupProbe` +### New `enabled` flag for `startupProbe` Prior to this version the `startupProbe` was just a commented sample within the `values.yaml`. With the migration to an auto-generated [Parameters](#parameters) section, a new parameter `gitea.startupProbe.enabled` has been introduced set to @@ -840,11 +890,15 @@ With the migration to an auto-generated [Parameters](#parameters) section, a new If you are using the `startupProbe` you need to add that new parameter and set it to `true`. Otherwise, your defined probe won't be considered after the upgrade. -### To 5.0.0 +
+ +
+ +To 5.0.0 > 💥 The Helm Chart now requires Gitea versions of at least 1.11.0. -#### Enable Dependencies +### Enable Dependencies The values to enable the dependencies, such as PostgreSQL, Memcached, MySQL and MariaDB have been moved from `gitea.database.builtIn.` to the dependency values. @@ -864,12 +918,12 @@ mariadb: enabled: false ``` -#### App.ini generation +### App.ini generation The app.ini generation has changed and now utilizes the environment-to-ini script provided by newer Gitea versions. This change ensures, that the app.ini is now persistent. -##### Secret Key generation +### Secret Key generation Gitea secret keys (SECRET_KEY, INTERNAL_TOKEN, JWT_SECRET) are now generated automatically in certain situations: @@ -882,7 +936,7 @@ Gitea secret keys (SECRET_KEY, INTERNAL_TOKEN, JWT_SECRET) are now generated aut > However, this it is not advisable to do so for existing installations. > Certain settings like _LDAP_ would not be readable anymore. -#### Probes +### Probes `gitea.customLivenessProbe`, `gitea.customReadinessProbe` and `gitea.customStartupProbe` have been removed. @@ -899,16 +953,20 @@ gitea: podAnnotations: {} ``` -#### Multiple OAuth and LDAP authentication sources +### Multiple OAuth and LDAP authentication sources With `5.0.0` of this Chart it is now possible to configure Gitea with multiple OAuth and LDAP sources. As a result, you need to update an existing OAuth/LDAP configuration in your customized `values.yaml` by replacing the object with settings to a list of settings objects. See [OAuth2 Settings](#oauth2-settings) and [LDAP Settings](#ldap-settings) section for details. -### To 4.0.0 +
-#### Ingress changes +
+ +To 4.0.0 + +### Ingress changes To provide a more flexible Ingress configuration we now support not only host settings but also provide configuration for the path and pathType. So this change changes the hosts from a simple string list, to a list containing a more complex object for more configuration. @@ -940,12 +998,12 @@ paths: pathType: Prefix ``` -#### Dropped kebab-case support +### Dropped kebab-case support In 3.x.x it was possible to provide an ldap configuration via kebab-case, this support has now been dropped and only camel case is supported. See [LDAP section](#ldap-settings) for more information. -#### Dependency update +### Dependency update The chart comes with multiple databases and Memcached as dependency, the latest release updated the dependencies. @@ -955,7 +1013,7 @@ The chart comes with multiple databases and Memcached as dependency, the latest If you're using the builtin databases you will most likely redeploy the chart in order to update the database correctly. -#### Execution of initPreScript +### Execution of initPreScript Generally spoken, this might not be a breaking change, but it is worth to be mentioned. @@ -965,11 +1023,11 @@ This also includes the execution of _initPreScript_. If you have such script, please be aware of this. Dynamically prepare the Gitea setup during execution by e.g. adding environment variables to the execution context won't work anymore. -### Misc - -#### Gitea Version 1.14.X repository ROOT +### Gitea Version 1.14.X repository ROOT Previously the ROOT folder for the Gitea repositories was located at `/data/git/gitea-repositories`. In version `1.14` has the path been changed to `/data/gitea-repositories`. This chart will set the `gitea.config.repository.ROOT` value default to `/data/git/gitea-repositories`. + +
From 868c029e4dc7ba3533d065516a1afbabc6791010 Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 28 Jun 2023 06:57:19 +0000 Subject: [PATCH 010/114] Document how to add custom themes (#460) ### Description of the change Add documentation how to add custom themes ### Benefits ### Possible drawbacks ### Applicable issues - fixes #301 ### Additional information ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [x] Breaking changes are documented in the `README.md` - [x] Templating unittests are added Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/460 Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/README.md b/README.md index 766f04f..cbe9708 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,7 @@ - [Configure commit signing](#configure-commit-signing) - [Metrics and profiling](#metrics-and-profiling) - [Pod annotations](#pod-annotations) +- [Themes](#themes) - [Parameters](#parameters) - [Global](#global) - [Image](#image) @@ -606,6 +607,48 @@ gitea: podAnnotations: {} ``` +## Themes + +Custom themes can be added via k8s secrets and referencing them in `values.yaml`. + +```yaml +extraVolumes: + - name: gitea-themes + secret: + secretName: gitea-themes + +extraVolumeMounts: + - name: gitea-themes + readOnly: true + mountPath: "/data/gitea/public/css" +``` + +The secret can be created via `terraform`: + +```hcl +resource "kubernetes_secret" "gitea-themes" { + metadata { + name = "gitea-themes" + namespace = "gitea" + } + + data = { + "theme-custom.css" = "${file("FULL-PATH-TO-CSS")}" + "theme-custom-dark.css" = "${file("FULL-PATH-TO-CSS")}" + } + + type = "Opaque" + + depends_on = [kubernetes_namespace.gitea] +} +``` + +or natively via `kubectl`: + +```bash +kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --namespace gitea +``` + ## Parameters ### Global From ca76cc571ceb3f918e4f8efbc76a1ca7599e79dc Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 12 Jul 2023 05:20:01 +0000 Subject: [PATCH 011/114] bump 1.19.4 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 0689e91..b91a078 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.19.3 +appVersion: 1.19.4 icon: https://docs.gitea.io/images/gitea.png keywords: From cab7f3d0b5b78450df1885ba171561b039c7d500 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sun, 16 Jul 2023 22:00:46 +0000 Subject: [PATCH 012/114] Change env-to-ini prefix and remove custom prefix (#464) ### Description of the change Change env-to-ini prefix and remove custom prefix. `GITEA` is the default prefix. ### Benefits Compatibility wit v1.20 (`-p` got removed) ### Possible drawbacks None ### Additional information See https://github.com/go-gitea/gitea/pull/25799 Tested with Gitea < 1.20 and >= 1.20 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/464 Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 8 +++----- templates/gitea/config.yaml | 24 ++++++++++++------------ 2 files changed, 15 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index cbe9708..71463f9 100644 --- a/README.md +++ b/README.md @@ -237,16 +237,14 @@ We also support to directly interact with the generated _app.ini_. To inject self defined variables into the _app.ini_ a certain format needs to be honored. This is described in detail on the [env-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini) page. -Note that the Prefix on this helm chart is `ENV_TO_INI`. - For example a database setting needs to have the following format: ```yaml gitea: additionalConfigFromEnvs: - - name: ENV_TO_INI__DATABASE__HOST + - name: GITEA__DATABASE__HOST value: my.own.host - - name: ENV_TO_INI__DATABASE__PASSWD + - name: GITEA__DATABASE__PASSWD valueFrom: secretKeyRef: name: postgres-secret @@ -255,7 +253,7 @@ gitea: Priority (highest to lowest) for defining app.ini variables: -1. Environment variables prefixed with `ENV_TO_INI` +1. Environment variables prefixed with `GITEA` 1. Additional config sources 1. Values defined in `gitea.config` diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index bcc7c4d..044ecd5 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -53,14 +53,14 @@ stringData: env2ini::log " + '${setting}'" if [[ -z "${section}" ]]; then - export "ENV_TO_INI____${setting^^}=${value}" # '^^' makes the variable content uppercase + export "GITEA____${setting^^}=${value}" # '^^' makes the variable content uppercase return fi local masked_section="${section//./_0X2E_}" # '//' instructs to replace all matches masked_section="${masked_section//-/_0X2D_}" - export "ENV_TO_INI__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase + export "GITEA__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase } function env2ini::reload_preset_envs() { @@ -134,15 +134,15 @@ stringData: # - initially used to set up Gitea # Anyway, they won't harm existing app.ini files - export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN) - export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY) - export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET) - export ENV_TO_INI__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET) + export GITEA__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN) + export GITEA__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY) + export GITEA__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET) + export GITEA__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET) env2ini::log "...Initial secrets generated\n" } - env | (grep ENV_TO_INI || [[ $? == 1 ]]) > /tmp/existing-envs + env | (grep GITEA || [[ $? == 1 ]]) > /tmp/existing-envs # MUST BE CALLED BEFORE OTHER CONFIGURATION env2ini::generate_initial_secrets @@ -163,10 +163,10 @@ stringData: env2ini::log ' - oauth2.JWT_SECRET' env2ini::log ' - server.LFS_JWT_SECRET' - unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN - unset ENV_TO_INI__SECURITY__SECRET_KEY - unset ENV_TO_INI__OAUTH2__JWT_SECRET - unset ENV_TO_INI__SERVER__LFS_JWT_SECRET + unset GITEA__SECURITY__INTERNAL_TOKEN + unset GITEA__SECURITY__SECRET_KEY + unset GITEA__OAUTH2__JWT_SECRET + unset GITEA__SERVER__LFS_JWT_SECRET fi - environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI + environment-to-ini -o $GITEA_APP_INI From 6814f7f6d936df89d9647dc088e2a3abe47fd63c Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Mon, 17 Jul 2023 01:26:32 +0000 Subject: [PATCH 013/114] bump 1.20.0 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index b91a078..fac51b9 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.19.4 +appVersion: 1.20.0 icon: https://docs.gitea.io/images/gitea.png keywords: From f66a192d455d78cfc87010716bc56ff0df56d000 Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 17 Jul 2023 07:42:51 +0200 Subject: [PATCH 014/114] document env-to-ini env saving --- templates/gitea/config.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 044ecd5..1e81ef6 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -141,7 +141,8 @@ stringData: env2ini::log "...Initial secrets generated\n" } - + + # save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs env | (grep GITEA || [[ $? == 1 ]]) > /tmp/existing-envs # MUST BE CALLED BEFORE OTHER CONFIGURATION From 8e27bb9bae1d1b09f16b5e0946f68b806daeb7d9 Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 17 Jul 2023 19:09:42 +0000 Subject: [PATCH 015/114] [Breaking] Add HA-support; switch to `Deployment` (#437) # Changes A big shoutout to @luhahn for all his work in #205 which served as the base for this PR. ## Documentation - [x] After thinking for some time about it, I still prefer the distinct option (as started in #350), i.e. having a standalone "HA" doc under `docs/ha-setup.md` to not have a very long README (which is already quite long). Most of the information below should go into it with more details and explanations behind all of the individual components. ## Chart deps ~~- Adds `meilisearch` as a chart dependency for a HA-ready issue indexer. Only works with >= Gitea 1.20~~ ~~- Adds `redis` as a chart dependency for a HA-ready session and queue store.~~ - Adds `redis-cluster` as a chart dependency for a HA-ready session and queue store (alternative to `redis`). Only works with >= Gitea 1.19.2. - Removes `memcached` instead of `redis-cluster` - Add `postgresql-ha` as default DB dep in favor of `postgres` ## Adds smart HA chart logic The goal is to set smart config values that result in a HA-ready Gitea deployment if `replicaCount` > 1. - If `replicaCount` > 1, - `gitea.config.session.PROVIDER` is automatically set to `redis-cluster` - `gitea.config.indexer.REPO_INDEXER_ENABLED` is automatically set to `false` unless the value is `elasticsearch` or `meilisearch` - `redis-cluster` is used for `[queue]` and `[cache]` and `[session]`mode or not Configuration of external instances of `meilisearch` and `minio` are documented in a new markdown doc. ## Deployment vs Statefulset Given all the discussions about this lately (#428), I think we could use both. In the end, we do not have the requirement for a sequential pod scale up/scale down as it would happen in statefulsets. On the other side, we do not have actual stateless pods as we are attaching a RWX to the deployment. Yet I think because we do not have a leader-election requirement, spawning the pods as a deployment makes "Rolling Updates" easier and also signals users that there is no "leader election" logic and each pod can just be "destroyed" at anytime without causing interruption. Hence I think we should be able to switch from a statefulset to a deployment, even in the single-replica case. This change also brought up a templating/linting issue: the definition of `.Values.gitea.config.server.SSH_LISTEN_PORT` in `ssh-svc.yaml` just "luckily" worked so far due to naming-related lint processing. Due to the change from "statefulset" to "deployment", the processing queue changed and caused a failure complaining about `config.server.SSH_LISTEN_PORT` not being defined yet. The only way I could see to fix this was to "properly" define the value in `values.yaml` instead of conditionally definining it in `helpers.tpl`. Maybe there's a better way? ## Chart PVC Creation I've adapted the automated PVC creation from another chart to be able to provide the `storageClassName` as I couldn't get dynamic provisioning for EFS going with the current implementation. In addition the naming and approach within the Gitea chart for PV creation is a bit unusual and aligning it might be beneficial. A semi-unrelated change which will result in a breaking change for existing users but this PR includes a lot of breaking changes already, so including another one might not make it much worse... - New `persistence.mount`: whether to mount an existing PVC (via `persistence.existingClaim` - New `persistence.create`: whether to create a new PVC ## Testing As this PR does a lot of things, we need proper testing. The helm chart can be installed from the Git branch via `helm-git` as follows: ``` helm repo add gitea-charts git+https://gitea.com/gitea/helm-chart@/?ref=deployment helm install gitea --version 0.0.0 ``` It is **highly recommended** to test the chart in a dedicated namespace. I've tested this myself with both `redis` and `redis-cluster` and it seemed to work fine. I just did some basic operations though and we should do more niche testing before merging. Examplary `values.yml` for testing (only needs a valid RWX storage class):
values.yaml ```yml image: tag: "dev" PullPolicy: "Always" rootless: true replicaCount: 2 persistence: enabled: true accessModes: - ReadWriteMany storageClass: FIXME redis-cluster: enabled: false global: redis: password: gitea gitea: config: indexer: ISSUE_INDEXER_ENABLED: true REPO_INDEXER_ENABLED: false ```
## Preferred setup The preferred HA setup with respect to performance and stability might currently be as follows: - Repos: RWX (e.g. EFS or Azurefiles NFS) - Issue indexer: Meilisearch (HA) - Session and cache: Redis Cluster (HA) - Attachments/Avatars: Minio (HA) This will result in a ~ 10-pod HA setup overall. All pods have very low resource requests. fix #98 Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/437 Co-authored-by: pat-s Co-committed-by: pat-s --- Chart.lock | 13 +- Chart.yaml | 16 +- README.md | 294 +++++++++++------- docs/ha-setup.md | 175 +++++++++++ templates/_helpers.tpl | 75 ++++- templates/gitea/config.yaml | 26 ++ .../{statefulset.yaml => deployment.yaml} | 76 ++--- templates/gitea/init.yaml | 21 ++ templates/gitea/poddisruptionbudget.yaml | 17 + templates/gitea/pvc.yaml | 24 ++ templates/gitea/ssh-svc.yaml | 2 + .../{statefulset => deployment}/basic.yaml | 10 +- .../signing-disabled.yaml | 12 +- .../signing-enabled.yaml | 14 +- .../ssh-configuration.yaml | 10 +- unittests/serviceaccount/reference.yaml | 14 +- values.yaml | 121 ++++--- 17 files changed, 675 insertions(+), 245 deletions(-) create mode 100644 docs/ha-setup.md rename templates/gitea/{statefulset.yaml => deployment.yaml} (88%) create mode 100644 templates/gitea/poddisruptionbudget.yaml create mode 100644 templates/gitea/pvc.yaml rename unittests/{statefulset => deployment}/basic.yaml (58%) rename unittests/{statefulset => deployment}/signing-disabled.yaml (76%) rename unittests/{statefulset => deployment}/signing-enabled.yaml (89%) rename unittests/{statefulset => deployment}/ssh-configuration.yaml (80%) diff --git a/Chart.lock b/Chart.lock index e8c974c..c5f80ef 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,9 +1,12 @@ dependencies: -- name: memcached - repository: oci://registry-1.docker.io/bitnamicharts - version: 6.3.14 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts version: 12.4.1 -digest: sha256:02d4846bf416038a42658dbca8f8001d0e3ce967b00e990048f8d420065c33fd -generated: "2023-04-28T09:32:05.295167+02:00" +- name: postgresql-ha + repository: oci://registry-1.docker.io/bitnamicharts + version: 11.6.1 +- name: redis-cluster + repository: oci://registry-1.docker.io/bitnamicharts + version: 8.4.4 +digest: sha256:3b203051c9fb8df9e771a4d67c276190a1c63aae9bf980ef3676e2a51b2f56c7 +generated: "2023-05-13T21:47:51.823348+02:00" diff --git a/Chart.yaml b/Chart.yaml index fac51b9..d5a2d32 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -34,13 +34,17 @@ maintainers: # Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details dependencies: # OCI registry: https://blog.bitnami.com/2023/01/bitnami-helm-charts-available-as-oci.html (2023-01) - # Chart release date: 2023-04 - - name: memcached - repository: oci://registry-1.docker.io/bitnamicharts - version: 6.3.14 - condition: memcached.enabled - # Chart release date: 2023-04 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts version: 12.4.1 condition: postgresql.enabled + # Chart release date: 2023-05 + - name: postgresql-ha + repository: oci://registry-1.docker.io/bitnamicharts + version: 11.6.1 + condition: postgresql-ha.enabled + # Chart release date: 2023-04 + - name: redis-cluster + repository: oci://registry-1.docker.io/bitnamicharts + version: 8.4.4 + condition: redis-cluster.enabled diff --git a/README.md b/README.md index 71463f9..a167589 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ - [Update and versioning policy](#update-and-versioning-policy) - [Dependencies](#dependencies) - [Installing](#installing) -- [Prerequisites](#prerequisites) +- [High Availability](#high-availability) - [Configuration](#configuration) - [Default Configuration](#default-configuration) - [Additional _app.ini_ settings](#additional-appini-settings) @@ -24,11 +24,12 @@ - [Themes](#themes) - [Parameters](#parameters) - [Global](#global) + - [strategy](#strategy) - [Image](#image) - [Security](#security) - [Service](#service) - [Ingress](#ingress) - - [StatefulSet](#statefulset) + - [deployment](#deployment) - [ServiceAccount](#serviceaccount) - [Persistence](#persistence-1) - [Init](#init) @@ -37,7 +38,8 @@ - [LivenessProbe](#livenessprobe) - [ReadinessProbe](#readinessprobe) - [StartupProbe](#startupprobe) - - [Memcached](#memcached) + - [redis-cluster](#redis-cluster) + - [PostgreSQL-ha](#postgresql-ha) - [PostgreSQL](#postgresql) - [Advanced](#advanced) - [Contributing](#contributing) @@ -49,8 +51,8 @@ It is published under the MIT license. ## Introduction This helm chart has taken some inspiration from [jfelten's helm chart](https://github.com/jfelten/gitea-helm-chart). -But takes a completely different approach in providing a database and cache with dependencies. -Additionally, this chart provides LDAP and admin user configuration with values, as well as being deployed as a statefulset to retain stored repositories. +Yet it takes a completely different approach in providing a database and cache with dependencies. +Additionally, this chart allows to provide LDAP and admin user configuration with values. ## Update and versioning policy @@ -75,8 +77,8 @@ This chart provides those dependencies, which can be enabled, or disabled via co Dependencies: -- PostgreSQL ([configuration](#postgresql)) -- Memcached ([configuration](#memcached)) +- PostgreSQL HA ([configuration](#postgresql)) +- Redis Cluster ([configuration](#cache)) ## Installing @@ -88,11 +90,13 @@ helm install gitea gitea-charts/gitea When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom of this document for major and breaking changes. -## Prerequisites +## High Availability -- Kubernetes 1.12+ -- Helm 3.0+ -- PV provisioner for persistent data support +Since version 9.0.0 this chart has experimental support for running Gitea and it's dependencies in a HA setup. +The setup is still experimental and care must be taken for production use as Gitea core is not yet officially HA-ready. + +Deploying a HA-ready Gitea instance requires some effort including using HA-ready dependencies. +See the [HA Setup](docs/ha-setup.md) document for more details. ## Configuration @@ -116,12 +120,12 @@ All defaults can be overwritten in `gitea.config`. INSTALL_LOCK is always set to true, since we want to configure Gitea with this helm chart and everything is taken care of. -_All default settings are made directly in the generated app.ini, not in the Values._ +_All default settings are made directly in the generated `app.ini`, not in the Values._ #### Database defaults If a builtIn database is enabled the database configuration is set automatically. -For example, PostgreSQL builtIn will appear in the app.ini as: +For example, PostgreSQL builtIn will appear in the `app.ini` as: ```ini [database] @@ -132,18 +136,6 @@ PASSWD = gitea USER = gitea ``` -#### Memcached defaults - -Memcached is handled the exact same way as database builtIn. -Once Memcached builtIn is enabled, this chart will generate the following part in the `app.ini`: - -```ini -[cache] -ADAPTER = memcache -ENABLED = true -HOST = RELEASE-NAME-memcached.default.svc.cluster.local:11211 -``` - #### Server defaults The server defaults are a bit more complex. @@ -192,8 +184,7 @@ gitea: name: gitea-app-ini-plaintext ``` -This would mount the two additional volumes (`oauth` and `some-additionals`) -from different sources to the init containerwhere the _app.ini_ gets updated. +This would mount the two additional volumes (`oauth` and `some-additionals`) from different sources to the init container where the _app.ini_ gets updated. All files mounted that way will be read and converted to environment variables and then added to the _app.ini_ using [environment-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini). The key of such additional source represents the section inside the _app.ini_. @@ -237,6 +228,9 @@ We also support to directly interact with the generated _app.ini_. To inject self defined variables into the _app.ini_ a certain format needs to be honored. This is described in detail on the [env-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini) page. +Prior to Gitea 1.20 and Chart 9.0.0 the helm chart had a custom prefix `ENV_TO_INI`. +After the support for a custom prefix was removed in Gite core, the prefix was changed to `GITEA`. + For example a database setting needs to have the following format: ```yaml @@ -259,7 +253,7 @@ Priority (highest to lowest) for defining app.ini variables: ### External Database -Any external Database listed in [https://docs.gitea.io/en-us/database-prep/](https://docs.gitea.io/en-us/database-prep/) can be used instead of the built-in PostgreSQL. +Any external database listed in [https://docs.gitea.io/en-us/database-prep/](https://docs.gitea.io/en-us/database-prep/) can be used instead of the built-in PostgreSQL. In fact, it is **highly recommended** to use an external database to ensure a stable Gitea installation longterm. If an external database is used, no matter which type, make sure to set `postgresql.enabled` to `false` to disable the use of the built-in PostgreSQL. @@ -345,34 +339,23 @@ More about this issue [here](https://gitea.com/gitea/helm-chart/issues/161). ### Cache -This helm chart can use a built in cache. -The default is Memcached from bitnami. +The cache handling is done via `redis-cluster` (via the `bitnami` chart) by default. +This deployment is HA-ready but can also be used for single-pod deployments. +By default, 6 replicas are deployed for a working `redis-cluster` deployment. +Many cloud providers offer a managed redis service, which can be used instead of the built-in `redis-cluster`. ```yaml -memcached: +redis-cluster: enabled: true ``` -If the built in cache should not be used simply configure the cache in `gitea.config`. - -```yaml -gitea: - config: - cache: - ENABLED: true - ADAPTER: memory - INTERVAL: 60 - HOST: 127.0.0.1:9090 -``` - ### Persistence -Gitea will be deployed as a statefulset. +Gitea will be deployed as a deployment. By simply enabling the persistence and setting the storage class according to your cluster everything else will be taken care of. -The following example will create a PVC as a part of the statefulset. -This PVC will not be deleted even if you uninstall the chart. +The following example will create a PVC as a part of the deployment. -Please note, that an empty storageClass in the persistence will result in kubernetes using your default storage class. +Please note, that an empty `storageClass` in the persistence will result in kubernetes using your default storage class. If you want to use your own storage class define it as follows: @@ -382,14 +365,12 @@ persistence: storageClass: myOwnStorageClass ``` -When using PostgreSQL as dependency, this will also be deployed as a statefulset by default. - If you want to manage your own PVC you can simply pass the PVC name to the chart. ```yaml persistence: enabled: true - existingClaim: MyAwesomeGiteaClaim + claimName: MyAwesomeGiteaClaim ``` In case that persistence has been disabled it will simply use an empty dir volume. @@ -401,13 +382,13 @@ You can interact with the postgres settings as displayed in the following exampl postgresql: persistence: enabled: true - existingClaim: MyAwesomeGiteaPostgresClaim + claimName: MyAwesomeGiteaPostgresClaim ``` ### Admin User This chart enables you to create a default admin user. -It is also possible to update the password for this user by upgrading or redeloying the chart. +It is also possible to update the password for this user by upgrading or redeploying the chart. It is not possible to delete an admin user after it has been created. This has to be done in the ui. You cannot use `admin` as username. @@ -651,14 +632,22 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na ### Global -| Name | Description | Value | -| ------------------------- | ------------------------------------------------------------------------- | --------------- | -| `global.imageRegistry` | global image registry override | `""` | -| `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets` | `[]` | -| `global.storageClass` | global storage class override | `""` | -| `global.hostAliases` | global hostAliases which will be added to the pod's hosts files | `[]` | -| `replicaCount` | number of replicas for the statefulset | `1` | -| `clusterDomain` | cluster domain | `cluster.local` | +| Name | Description | Value | +| ------------------------- | ------------------------------------------------------------------------- | ----- | +| `global.imageRegistry` | global image registry override | `""` | +| `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets` | `[]` | +| `global.storageClass` | global storage class override | `""` | +| `global.hostAliases` | global hostAliases which will be added to the pod's hosts files | `[]` | +| `replicaCount` | number of replicas for the deployment | `1` | + +### strategy + +| Name | Description | Value | +| --------------------------------------- | -------------- | --------------- | +| `strategy.type` | strategy type | `RollingUpdate` | +| `strategy.rollingUpdate.maxSurge` | maxSurge | `100%` | +| `strategy.rollingUpdate.maxUnavailable` | maxUnavailable | `0` | +| `clusterDomain` | cluster domain | `cluster.local` | ### Image @@ -678,6 +667,7 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | `podSecurityContext.fsGroup` | Set the shared file system group for all containers in the pod. | `1000` | | `containerSecurityContext` | Security context | `{}` | | `securityContext` | Run init and Gitea containers as a specific securityContext | `{}` | +| `podDisruptionBudget` | Pod disruption budget | `{}` | ### Service @@ -685,7 +675,7 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | `service.http.type` | Kubernetes service type for web traffic | `ClusterIP` | | `service.http.port` | Port number for web traffic | `3000` | -| `service.http.clusterIP` | ClusterIP setting for http autosetup for statefulset is None | `None` | +| `service.http.clusterIP` | ClusterIP setting for http autosetup for deployment is None | `None` | | `service.http.loadBalancerIP` | LoadBalancer IP setting | `nil` | | `service.http.nodePort` | NodePort for http service | `nil` | | `service.http.externalTrafficPolicy` | If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` | @@ -696,7 +686,7 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | `service.http.annotations` | HTTP service annotations | `{}` | | `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` | | `service.ssh.port` | Port number for ssh traffic | `22` | -| `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for statefulset is None | `None` | +| `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for deployment is None | `None` | | `service.ssh.loadBalancerIP` | LoadBalancer IP setting | `nil` | | `service.ssh.nodePort` | NodePort for ssh service | `nil` | | `service.ssh.externalTrafficPolicy` | If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` | @@ -720,21 +710,22 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | `ingress.tls` | Ingress tls settings | `[]` | | `ingress.apiVersion` | Specify APIVersion of ingress object. Mostly would only be used for argocd. | | -### StatefulSet +### deployment -| Name | Description | Value | -| ------------------------------------------- | ------------------------------------------------------ | ----- | -| `resources` | Kubernetes resources | `{}` | -| `schedulerName` | Use an alternate scheduler, e.g. "stork" | `""` | -| `nodeSelector` | NodeSelector for the statefulset | `{}` | -| `tolerations` | Tolerations for the statefulset | `[]` | -| `affinity` | Affinity for the statefulset | `{}` | -| `dnsConfig` | dnsConfig for the statefulset | `{}` | -| `priorityClassName` | priorityClassName for the statefulset | `""` | -| `statefulset.env` | Additional environment variables to pass to containers | `[]` | -| `statefulset.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod | `60` | -| `statefulset.labels` | Labels for the statefulset | `{}` | -| `statefulset.annotations` | Annotations for the Gitea StatefulSet to be created | `{}` | +| Name | Description | Value | +| ------------------------------------------ | ------------------------------------------------------ | ----- | +| `resources` | Kubernetes resources | `{}` | +| `schedulerName` | Use an alternate scheduler, e.g. "stork" | `""` | +| `nodeSelector` | NodeSelector for the deployment | `{}` | +| `tolerations` | Tolerations for the deployment | `[]` | +| `affinity` | Affinity for the deployment | `{}` | +| `topologySpreadConstraints` | TopologySpreadConstraints for the deployment | `[]` | +| `dnsConfig` | dnsConfig for the deployment | `{}` | +| `priorityClassName` | priorityClassName for the deployment | `""` | +| `deployment.env` | Additional environment variables to pass to containers | `[]` | +| `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod | `60` | +| `deployment.labels` | Labels for the deployment | `{}` | +| `deployment.annotations` | Annotations for the Gitea deployment to be created | `{}` | ### ServiceAccount @@ -749,20 +740,22 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na ### Persistence -| Name | Description | Value | -| ---------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------- | -| `persistence.enabled` | Enable persistent storage | `true` | -| `persistence.existingClaim` | Use an existing claim to store repository information | `nil` | -| `persistence.size` | Size for persistence to store repo information | `10Gi` | -| `persistence.accessModes` | AccessMode for persistence | `["ReadWriteOnce"]` | -| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` | -| `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` | -| `persistence.storageClass` | Name of the storage class to use | `nil` | -| `persistence.subPath` | Subdirectory of the volume to mount at | `nil` | -| `extraVolumes` | Additional volumes to mount to the Gitea statefulset | `[]` | -| `extraContainerVolumeMounts` | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]` | -| `extraInitVolumeMounts` | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. | `[]` | -| `extraVolumeMounts` | **DEPRECATED** Additional volume mounts for init containers and the Gitea main container | `[]` | +| Name | Description | Value | +| ---------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------- | +| `persistence.enabled` | Enable persistent storage | `true` | +| `persistence.create` | Whether to create the persistentVolumeClaim for shared storage | `true` | +| `persistence.mount` | Whether the persistentVolumeClaim should be mounted (even if not created) | `true` | +| `persistence.claimName` | Use an existing claim to store repository information | `gitea-shared-storage` | +| `persistence.size` | Size for persistence to store repo information | `10Gi` | +| `persistence.accessModes` | AccessMode for persistence | `["ReadWriteOnce"]` | +| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` | +| `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` | +| `persistence.storageClass` | Name of the storage class to use | `nil` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `nil` | +| `extraVolumes` | Additional volumes to mount to the Gitea deployment | `[]` | +| `extraContainerVolumeMounts` | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]` | +| `extraInitVolumeMounts` | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. | `[]` | +| `extraVolumeMounts` | **DEPRECATED** Additional volume mounts for init containers and the Gitea main container | `[]` | ### Init @@ -784,21 +777,22 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na ### Gitea -| Name | Description | Value | -| -------------------------------------- | ------------------------------------------------------------------------------------------------------------- | -------------------- | -| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` | -| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | -| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` | -| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` | -| `gitea.metrics.enabled` | Enable Gitea metrics | `false` | -| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor | `false` | -| `gitea.ldap` | LDAP configuration | `[]` | -| `gitea.oauth` | OAuth configuration | `[]` | -| `gitea.config` | Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) | `{}` | -| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | -| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | -| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` | -| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` | +| Name | Description | Value | +| -------------------------------------- | ------------------------------------------------------------------------- | -------------------- | +| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` | +| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | +| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` | +| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` | +| `gitea.metrics.enabled` | Enable Gitea metrics | `false` | +| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor | `false` | +| `gitea.ldap` | LDAP configuration | `[]` | +| `gitea.oauth` | OAuth configuration | `[]` | +| `gitea.config.server.SSH_PORT` | SSH port for rootlful Gitea image | `22` | +| `gitea.config.server.SSH_LISTEN_PORT` | SSH port for rootless Gitea image | `2222` | +| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | +| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | +| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` | +| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` | ### LivenessProbe @@ -836,18 +830,29 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | `gitea.startupProbe.successThreshold` | Success threshold for startup probe | `1` | | `gitea.startupProbe.failureThreshold` | Failure threshold for startup probe | `10` | -### Memcached +### redis-cluster -| Name | Description | Value | -| ----------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `memcached.enabled` | Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. | `true` | -| `memcached.service.ports.memcached` | Port for Memcached | `11211` | +| Name | Description | Value | +| ------------------------------------- | ---------------------------------------------------- | ------- | +| `redis-cluster.enabled` | Enable redis | `true` | +| `redis-cluster.global.redis.password` | Password for the "Gitea" user (overrides `password`) | `gitea` | + +### PostgreSQL-ha + +| Name | Description | Value | +| ---------------------------------------------------------------- | -------------------------------------------------------------------- | ------- | +| `postgresql-ha.enabled` | Enable PostgreSQL-ha | `true` | +| `postgresql-ha.global.postgresql-ha.auth.password` | Password for the `gitea` user (overrides `auth.password`) | `gitea` | +| `postgresql-ha.global.postgresql-ha.auth.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` | +| `postgresql-ha.global.postgresql-ha.auth.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` | +| `postgresql-ha.global.postgresql-ha.service.ports.postgresql-ha` | PostgreSQL-ha service port (overrides `service.ports.postgresql-ha`) | `5432` | +| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL-ha volume | `10Gi` | ### PostgreSQL | Name | Description | Value | | ------------------------------------------------------- | ---------------------------------------------------------------- | ------- | -| `postgresql.enabled` | Enable PostgreSQL | `true` | +| `postgresql.enabled` | Enable PostgreSQL | `false` | | `postgresql.global.postgresql.auth.password` | Password for the `gitea` user (overrides `auth.password`) | `gitea` | | `postgresql.global.postgresql.auth.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` | | `postgresql.global.postgresql.auth.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` | @@ -873,7 +878,72 @@ See [CONTRIBUTORS GUIDE](CONTRIBUTING.md) for details. ## Upgrading This section lists major and breaking changes of each Helm Chart version. -Please read them carefully to upgrade successfully. +Please read them carefully to upgrade successfully, especially the change of the **default database backend**! +If you miss this, blindly upgrading may delete your Postgres instance and you may lose your data! + +
+ +To 9.0.0 + +This chart release comes with many breaking changes while aiming for a HA-ready setup. +Please go through all of them carefully to perform a successful upgrade. +Here's a brief summary again, followed by more detailed migration instructions: + +- Switch from `Statefulset` to `Deployment` +- Switch from `Memcached` to `redis-cluster` as the default session and queue provider +- Switch from `postgres` to `postgres-ha` as the default database provider +- A chart-internal PVC bootstrapping logic + - New `persistence.mount`: whether to mount an existent PVC (even if not creating it) + - New `persistence.create`: whether to create a new PVC + - Renamed `persistence.existingClaim` to `persistence.claimName` + +While not required, we recommend to start with a RWX PV for new installations. +A RWX volume is required for installation aiming for HA. + +If you want to stay with a pre-existing RWO PV, you need to set + +- `persistence.mount=true` +- `persistence.create=false` +- `persistence.claimName` to the name of your existing PVC. + +If you do not, Gitea will create a new PVC which will in turn create a new PV. +If this happened to you by accident, you can still recover your data by setting using the settings from above in a subsequent run. + +If you want to stay with a `memcache` instead of `redis-cluster`, you need to deploy `memcache` manually (e.g. from [bitnami](https://github.com/bitnami/charts/tree/main/bitnami/memcached)) and set + +- `cache.HOST = ""` +- `cache.ADAPTER = "memcache"` +- `session.PROVIDER = "memcache"` +- `session.PROVIDER_CONFIG = ""` +- `queue.TYPE = "memcache"` +- `queue.CONN_STR = ""` + +The `memcache` connection string has the scheme `memcache://:`, e.g. `gitea-memcached.gitea.svc.cluster.local:11211`. +The first item here (``) will be different compared to the example if you deploy `memcache` yourself. + +The above changes are motivated by the idea to tidy dependencies but also have HA-ready ones at the same time. +The previous `memcache` default was not HA-ready, hence we decided to switch to `redis-cluster` by default. + + +**Transitioning from a RWO to RWX Persistent Volume** + +If you want to switch to a RWX volume and go for HA, you need to + +1. Backup the data stored under `/data` +2. Let the chart create a new RWX PV (or do it statically yourself) +3. Restore the backup to the same location in the new PV + + +**Transitioning from Postgres to Postgres HA** + +If you are running with a non-HA PG DB from a previous chart release, you need to set + +- `postgresql-ha.enabled=false` +- `postgresql.enabled=true` + +This is needed to stay with your existing single-instance DB (as the HA-variant is the new default). + +
diff --git a/docs/ha-setup.md b/docs/ha-setup.md new file mode 100644 index 0000000..1139706 --- /dev/null +++ b/docs/ha-setup.md @@ -0,0 +1,175 @@ +# High Availability + +**Experimental** + +All components (in-memory DB, volume/asset storage, code indexer) used by Gitea must be deployed in a HA-ready fashion to achieve a full HA-ready Gitea deployment. +The following document explains how to achieve this for all individual components. + +The resulting Gitea deployment will consist of ~ 10 pods (depending on the chosen components and their replicas). +One should evaluate upfront whether a HA-deployment is required as switching between HA/non-HA comes with some effort. +For production instances, HA is always recommended to increase uptime and have a frictionless update process. + +A general comment about chart dependencies and external services: +Instead of relying on chart dependencies, it is often better to rely on an external, (managed) instances (in-memory database, asset storage provider, database, etc.). +Many cloud providers offer such services, at least for databases or in-memory databases. +They might cost a bit more than using a self-hosted k8s variant but are usually easier to maintain and scale, if needed. +Also they can be centrally managed and are not linked to the Gitea helm chart or namespace. +Please consider using external services before you start with your Gitea HA setup, it will make your life (and the life of the Gitea maintainers) easier. + +This helm chart tries to help as much as possible to simplify and assert the provisioning of a HA-ready Gitea instance by implementing smart conditionals if `replicaCount` is set to a value > 1. +Nevertheless, we cannot guarantee for every possible combination of Gitea settings to work together perfectly in a HA setup. +As a general advice, we recommend to have a test environment aside on which to test possible changes/upgrades before applying these to a production installation. + +## Requirements for HA + +Storage-wise, the HA-Gitea setup requires a RWX file-system which can be shared among the deployment-based replica pods. +In addition, the following components are required for full HA-readiness: + +- A HA-ready issue (and optionally code) indexer: `elasticsearch` or `meilisearch` +- A HA-ready external object/asset storage (`minio`) (optional, assets can also be stored on the RWX file-system) +- A HA-ready cache (`redis-cluster`) +- A HA-ready DB + +`postgres.enabled`, which default to `true`, must be set to `false` for a HA setup. +The default `postgres` chart dependency is not HA-ready (there's a dedicated `postgres-ha` chart). + +The following sections discuss each of the components in more detail. +Note that for each component discussed, the shown configurations only provides a (working) starting point, not necessarily the most optimal setup. +We try to optimize this document over time as we have gained more experience with HA setups from users. + +## Indexers (Issues and code/repo) + +The default code indexer `bleve` is not able to allow multiple connections and hence cannot be used in a HA setup. +Alternatives are `elasticsearch` and `meilisearch` (as of >= 1.19.2). +Unless you have an existing `elasticsearch` cluster, we recommend using `meilisearch` as it is faster and requires way less resources. + +Unfortunately, `meilisearch` does only support the `ISSUE_INDEXER` and not the `REPO_INDEXER` yet ([tracking issue](https://github.com/go-gitea/gitea/pull/24149)). +This means that the `REPO_INDEXER` must still be disabled for a HA setup right now. +An alternative to the two options above for the `ISSUE_INDEXER` is `"db"`, however we recommend to just go with `meilisearch` in this case and to not bother the DB with indexing. + +To configure `meilisearch` within Gitea, do the following: + +```yml +gitea: + config: + indexer: + ISSUE_INDEXER_CONN_STR: .svc.cluster.local:7700> + ISSUE_INDEXER_ENABLED: true + ISSUE_INDEXER_TYPE: meilisearch + REPO_INDEXER_ENABLED: false + # REPO_INDEXER_TYPE: meilisearch # not yet working +``` + +Unfortunately `meilisearch` cannot be deployed in HA as of now. +Nevertheless it allows for multiple Gitea requests at the same time and is therefore required in a HA setup. + +Exemplary configuration for the [meilisearch-kubernetes](https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch) chart: + +```yaml +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 5Gi +``` + +## Cache, session and queue + +A `redis` instance is required for the in-memory cache. +Two options exist: + +- `redis` +- `redis-cluster` + +The chart provides `redis-cluster` as a dependency as this one can be used for both HA and non-HA setups. +You're also welcome to go with `redis` if you prefer or already have a running instance. + +It should be noted that `redis-cluster` support is only available starting with Gitea 1.19.2. +You can also configure an external (managed) `redis` instance to be used. +To do so, you need to set the following configuration values yourself: + +- `gitea.config.queue.TYPE`: redis` +- `gitea.config.queue.CONN_STR`: `` + +- `gitea.config.session.PROVIDER`: `redis` +- `gitea.config.session.PROVIDER_CONFIG`: `` + +- `gitea.config.cache.ENABLED`: `true` +- `gitea.config.cache.ADAPTER`: `redis` +- `gitea.config.cache.HOST`: `` + +## Object and asset storage + +Object/asset storage refers to the storage of attachments, avatars, LFS files, etc. +While most of these can be stored on the RWX file-system, it is recommended to use an external S3-compatible object storage for such, mainly for performance reasons. + +By default the chart provisions a single RWO volume to store everything (repos, avatars, packages, etc.). +This volume cannot be mounted by multiple pods. +Hence, a RWX volume is required and (optionally) an external HA-ready object storage. + +> **Note:** Double-check that the file permissions are set correctly on the RWX volume! That is everything should be owned by the `git` user which usually has `uid=1000` and `gid=1000`. + +To use `minio` you need to deploy and configure an external `minio` instance yourself and explicitly define the `STORAGE_TYPE` values as shown below. + +Note that `MINIO_BUCKET` here is just a name and does not refer to a S3 bucket. +It's the root access point for all objects belonging to the respective application, i.e., to Gitea in this case. + +```yaml +gitea: + config: + attachment: + STORAGE_TYPE: minio + lfs: + STORAGE_TYPE: minio + picture: + AVATAR_STORAGE_TYPE: minio + "storage.packages": + STORAGE_TYPE: minio + + storage: + MINIO_ENDPOINT: .svc.cluster.local:9000> + MINIO_LOCATION: + MINIO_ACCESS_KEY_ID: + MINIO_SECRET_ACCESS_KEY: + MINIO_BUCKET: + MINIO_USE_SSL: false +``` + +Exemplary configuration for the [bitnami minio](https://github.com/bitnami/charts/blob/main/bitnami/minio) chart: + +```yaml +auth: + rootUser: minio +mode: distributed +replicaCount: 4 +persistence: + enabled: true + size: 20Gi + accessModes: + - ReadWriteOnce +``` + +## Database + +If you do not have an HA-ready DB, using a managed database service in the cloud might be the easiest and most robust solution. +Remember: disable the built-in `postgres` dependency and configure the database connection manually via `gitea.config.database`: + +```yml +gitea: + database: + builtIn: + postgresql: + enabled: false + config: + database: + DB_TYPE: postgres + HOST: + NAME: + USER: +``` + +## Known issues + +- Currently Cron jobs are run on all replicas as no leader election is implemented. + See [https://github.com/go-gitea/gitea/issues/13791](https://github.com/go-gitea/gitea/issues/13791) for a discussion and possible solution. + +- Running with multiple replicas slows down Gitea a bit, i.e. page loading time increases. \ No newline at end of file diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 51ec558..a92a22c 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -2,6 +2,27 @@ {{/* Expand the name of the chart. */}} + +{{- /* multiple replicas assertions */ -}} +{{- if gt .Values.replicaCount 1.0 -}} + {{- fail "When using multiple replicas, a RWX file system is required" -}} + {{- if eq (get (.Values.persistence.accessModes 0) "ReadWriteOnce") -}} + {{- fail "When using multiple replicas, a RWX file system is required" -}} + {{- end }} + + {{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}} + {{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}} + {{- end }} + + {{- if and (eq .Values.gitea.config.indexer.REPO_INDEXER_TYPE "bleve") (eq .Values.gitea.config.indexer.REPO_INDEXER_ENABLED "true") -}} + {{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}} + {{- end }} + + {{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}} + {{- (printf "DEBUG: When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'") | fail -}} + {{- end }} +{{- end }} + {{- define "gitea.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -95,8 +116,22 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.service.ports.postgresql -}} {{- end -}} -{{- define "memcached.dns" -}} -{{- printf "%s-memcached.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.memcached.service.ports.memcached | trunc 63 | trimSuffix "-" -}} +{{- define "redis.dns" -}} +{{- if (index .Values "redis-cluster").enabled -}} +{{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}} +{{- end -}} +{{- end -}} + +{{- define "redis.port" -}} +{{- if (index .Values "redis-cluster").enabled -}} +{{ (index .Values "redis-cluster").service.ports.redis }} +{{- end -}} +{{- end -}} + +{{- define "redis.servicename" -}} +{{- if (index .Values "redis-cluster").enabled -}} +{{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} +{{- end -}} {{- end -}} {{- define "gitea.default_domain" -}} @@ -182,6 +217,7 @@ https {{- else -}} {{- (printf "Key %s cannot be on top level of configuration" $key) | fail -}} {{- end -}} + {{- end }} {{- end }} @@ -211,6 +247,18 @@ https {{- if not (hasKey .Values.gitea.config "oauth2") -}} {{- $_ := set .Values.gitea.config "oauth2" dict -}} {{- end -}} + {{- if not (hasKey .Values.gitea.config "session") -}} + {{- $_ := set .Values.gitea.config "session" dict -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config "queue") -}} + {{- $_ := set .Values.gitea.config "queue" dict -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config "queue.issue_indexer") -}} + {{- $_ := set .Values.gitea.config "queue.issue_indexer" dict -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config "indexer") -}} + {{- $_ := set .Values.gitea.config "indexer" dict -}} + {{- end -}} {{- end -}} {{- define "gitea.inline_configuration.defaults" -}} @@ -226,13 +274,30 @@ https {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}} {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} {{- end -}} - {{- if .Values.memcached.enabled -}} + {{- if (index .Values "redis-cluster").enabled -}} {{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}} - {{- $_ := set .Values.gitea.config.cache "ADAPTER" "memcache" -}} + {{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}} {{- if not (.Values.gitea.config.cache.HOST) -}} - {{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}} + {{- $_ := set .Values.gitea.config.cache "HOST" (include "redis.dns" .) -}} {{- end -}} {{- end -}} + {{- /* redis queue */ -}} + {{- if (index .Values "redis-cluster").enabled -}} + {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}} + {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}} + {{- end -}} + {{- /* multiple replicas */ -}} + {{- if gt .Values.replicaCount 1.0 -}} + {{- if not (get .Values.gitea.config.session "PROVIDER") -}} + {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}} + {{- end -}} + {{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}} + {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "redis.dns" .) -}} + {{- end -}} + {{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}} + {{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}} + {{- end -}} + {{- end -}} {{- end -}} {{- define "gitea.inline_configuration.defaults.server" -}} diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 1e81ef6..ab4832d 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -16,6 +16,32 @@ metadata: {{- include "gitea.labels" . | nindent 4 }} type: Opaque stringData: + assertions: | +{{- /* multiple replicas assertions */ -}} +{{- if gt .Values.replicaCount 1.0 -}} + {{- if .Values.gitea.config.cron.GIT_GC_REPOS -}} + {{- if .Values.gitea.config.cron.GIT_GC_REPOS.enabled -}} + {{- fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'GIT_GC_REPOS.enabled = false'." -}} + {{- end }} + {{- end }} + {{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}} + {{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}} + {{- end }} + + {{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}} + {{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}} + {{- end }} + {{- if .Values.gitea.config.indexer.REPO_INDEXER_TYPE -}} + {{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_TYPE") "bleve" -}} + {{- if .Values.gitea.config.indexer.REPO_INDEXER_ENABLED -}} + {{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_ENABLED") "true" -}} + {{- fail "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -}} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + +{{- end }} config_environment.sh: |- #!/usr/bin/env bash set -euo pipefail diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/deployment.yaml similarity index 88% rename from templates/gitea/statefulset.yaml rename to templates/gitea/deployment.yaml index 9867dd2..0176300 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/deployment.yaml @@ -1,20 +1,27 @@ apiVersion: apps/v1 -kind: StatefulSet +kind: Deployment metadata: name: {{ include "gitea.fullname" . }} annotations: - {{- if .Values.statefulset.annotations }} - {{- toYaml .Values.statefulset.annotations | nindent 4 }} + {{- if .Values.deployment.annotations }} + {{- toYaml .Values.deployment.annotations | nindent 4 }} {{- end }} labels: {{- include "gitea.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + {{- if eq .Values.strategy.type "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.rollingUpdate.maxUnavailable }} + maxSurge: {{ .Values.strategy.rollingUpdate.maxSurge }} + {{- end }} selector: matchLabels: {{- include "gitea.selectorLabels" . | nindent 6 }} - {{- if .Values.statefulset.labels }} - {{- toYaml .Values.statefulset.labels | nindent 6 }} + {{- if .Values.deployment.labels }} + {{- toYaml .Values.deployment.labels | nindent 6 }} {{- end }} serviceName: {{ include "gitea.fullname" . }} template: @@ -32,8 +39,8 @@ spec: {{- end }} labels: {{- include "gitea.labels" . | nindent 8 }} - {{- if .Values.statefulset.labels }} - {{- toYaml .Values.statefulset.labels | nindent 8 }} + {{- if .Values.deployment.labels }} + {{- toYaml .Values.deployment.labels | nindent 8 }} {{- end }} spec: {{- if .Values.schedulerName }} @@ -62,8 +69,8 @@ spec: value: /data - name: GITEA_TEMP value: /tmp/gitea - {{- if .Values.statefulset.env }} - {{- toYaml .Values.statefulset.env | nindent 12 }} + {{- if .Values.deployment.env }} + {{- toYaml .Values.deployment.env | nindent 12 }} {{- end }} {{- if .Values.signing.enabled }} - name: GNUPGHOME @@ -97,8 +104,8 @@ spec: value: /data - name: GITEA_TEMP value: /tmp/gitea - {{- if .Values.statefulset.env }} - {{- toYaml .Values.statefulset.env | nindent 12 }} + {{- if .Values.deployment.env }} + {{- toYaml .Values.deployment.env | nindent 12 }} {{- end }} {{- if .Values.gitea.additionalConfigFromEnvs }} {{- toYaml .Values.gitea.additionalConfigFromEnvs | nindent 12 }} @@ -234,8 +241,8 @@ spec: - name: GITEA_ADMIN_PASSWORD value: {{ .Values.gitea.admin.password | quote }} {{- end }} - {{- if .Values.statefulset.env }} - {{- toYaml .Values.statefulset.env | nindent 12 }} + {{- if .Values.deployment.env }} + {{- toYaml .Values.deployment.env | nindent 12 }} {{- end }} volumeMounts: - name: init @@ -250,7 +257,7 @@ spec: {{- include "gitea.init-additional-mounts" . | nindent 12 }} resources: {{- toYaml .Values.initContainers.resources | nindent 12 }} - terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }} containers: - name: {{ .Chart.Name }} image: "{{ include "gitea.image" . }}" @@ -283,8 +290,8 @@ spec: - name: GNUPGHOME value: {{ .Values.signing.gpgHome }} {{- end }} - {{- if .Values.statefulset.env }} - {{- toYaml .Values.statefulset.env | nindent 12 }} + {{- if .Values.deployment.env }} + {{- toYaml .Values.deployment.env | nindent 12 }} {{- end }} ports: - name: ssh @@ -340,6 +347,10 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} @@ -378,38 +389,13 @@ spec: path: private.asc defaultMode: 0100 {{- end }} - {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + {{- if .Values.persistence.enabled }} + {{- if .Values.persistence.mount }} - name: data persistentVolumeClaim: - {{- with .Values.persistence.existingClaim }} - claimName: {{ tpl . $ }} - {{- end }} + claimName: {{ .Values.persistence.claimName }} + {{- end }} {{- else if not .Values.persistence.enabled }} - name: data emptyDir: {} - {{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} - volumeClaimTemplates: - - metadata: - name: data - {{- with .Values.persistence.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - {{- with .Values.persistence.labels }} - labels: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - {{- include "gitea.persistence.storageClass" . | indent 8 }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} {{- end }} diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 838460b..f07f1a5 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -61,6 +61,27 @@ stringData: echo "Gitea migrate might fail due to database connection...This init-container will try again in a few seconds" exit 1 } + + {{- if include "redis.servicename" . }} + function test_redis_connection() { + local RETRY=0 + local MAX=30 + + echo 'Wait for redis to become avialable...' + until [ "${RETRY}" -ge "${MAX}" ]; do + nc -vz -w2 {{ include "redis.servicename" . }} {{ include "redis.port" . }} && break + RETRY=$[${RETRY}+1] + echo "...not ready yet (${RETRY}/${MAX})" + done + + if [ "${RETRY}" -ge "${MAX}" ]; then + echo "Redis not reachable after '${MAX}' attempts!" + exit 1 + fi + } + + test_redis_connection + {{- end }} {{- if or .Values.gitea.admin.existingSecret (and .Values.gitea.admin.username .Values.gitea.admin.password) }} diff --git a/templates/gitea/poddisruptionbudget.yaml b/templates/gitea/poddisruptionbudget.yaml new file mode 100644 index 0000000..d2b7e17 --- /dev/null +++ b/templates/gitea/poddisruptionbudget.yaml @@ -0,0 +1,17 @@ +{{- if .Values.podDisruptionBudget -}} +{{- if .Capabilities.APIVersions.Has "policy/v1" }} +apiVersion: policy/v1 +{{- else }} +apiVersion: policy/v1beta1 +{{- end }} +kind: PodDisruptionBudget +metadata: + name: {{ include "gitea.fullname" . }} + labels: + {{- include "gitea.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "gitea.selectorLabels" . | nindent 6 }} + {{- toYaml .Values.podDisruptionBudget | nindent 2 }} +{{- end -}} \ No newline at end of file diff --git a/templates/gitea/pvc.yaml b/templates/gitea/pvc.yaml new file mode 100644 index 0000000..d84ecc3 --- /dev/null +++ b/templates/gitea/pvc.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.persistence.enabled .Values.persistence.create }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ .Values.persistence.claimName }} + namespace: {{ $.Release.Namespace }} + annotations: +{{ .Values.persistence.annotations | toYaml | indent 4}} +spec: + accessModes: + {{- if gt .Values.replicaCount 1.0 }} + - ReadWriteMany + {{- else }} + {{- .Values.persistence.accessModes | toYaml | nindent 4 }} + {{- end }} + volumeMode: Filesystem + {{- if .Values.persistence.storageClass }} + storageClassName: {{ .Values.persistence.storageClass }} + {{- end }} + volumeName: "" + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- end }} \ No newline at end of file diff --git a/templates/gitea/ssh-svc.yaml b/templates/gitea/ssh-svc.yaml index 620f624..3e8b3c2 100644 --- a/templates/gitea/ssh-svc.yaml +++ b/templates/gitea/ssh-svc.yaml @@ -39,7 +39,9 @@ spec: ports: - name: ssh port: {{ .Values.service.ssh.port }} + {{- if .Values.gitea.config.server.SSH_LISTEN_PORT }} targetPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }} + {{- end }} protocol: TCP {{- if .Values.service.ssh.nodePort }} nodePort: {{ .Values.service.ssh.nodePort }} diff --git a/unittests/statefulset/basic.yaml b/unittests/deployment/basic.yaml similarity index 58% rename from unittests/statefulset/basic.yaml rename to unittests/deployment/basic.yaml index 047067b..64b7cf7 100644 --- a/unittests/statefulset/basic.yaml +++ b/unittests/deployment/basic.yaml @@ -1,17 +1,17 @@ -suite: Statefulset template (basic) +suite: deployment template (basic) release: name: gitea-unittests namespace: testing templates: - - templates/gitea/statefulset.yaml + - templates/gitea/deployment.yaml - templates/gitea/config.yaml tests: - - it: renders a statefulset - template: templates/gitea/statefulset.yaml + - it: renders a deployment + template: templates/gitea/deployment.yaml asserts: - hasDocuments: count: 1 - containsDocument: - kind: StatefulSet + kind: Deployment apiVersion: apps/v1 name: gitea-unittests diff --git a/unittests/statefulset/signing-disabled.yaml b/unittests/deployment/signing-disabled.yaml similarity index 76% rename from unittests/statefulset/signing-disabled.yaml rename to unittests/deployment/signing-disabled.yaml index cc7bad4..9e4519a 100644 --- a/unittests/statefulset/signing-disabled.yaml +++ b/unittests/deployment/signing-disabled.yaml @@ -1,13 +1,13 @@ -suite: Statefulset template (signing disabled) +suite: deployment template (signing disabled) release: name: gitea-unittests namespace: testing templates: - - templates/gitea/statefulset.yaml + - templates/gitea/deployment.yaml - templates/gitea/config.yaml tests: - it: skips gpg init container - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml asserts: - notContains: path: spec.template.spec.initContainers @@ -15,7 +15,7 @@ tests: content: name: configure-gpg - it: skips gpg env in `init-directories` init container - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml set: signing.enabled: false asserts: @@ -25,14 +25,14 @@ tests: name: GNUPGHOME value: /data/git/.gnupg - it: skips gpg env in runtime container - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml asserts: - notContains: path: spec.template.spec.containers[0].env content: name: GNUPGHOME - it: skips gpg volume spec - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml asserts: - notContains: path: spec.template.spec.volumes diff --git a/unittests/statefulset/signing-enabled.yaml b/unittests/deployment/signing-enabled.yaml similarity index 89% rename from unittests/statefulset/signing-enabled.yaml rename to unittests/deployment/signing-enabled.yaml index 0d68bd9..9ada1f5 100644 --- a/unittests/statefulset/signing-enabled.yaml +++ b/unittests/deployment/signing-enabled.yaml @@ -1,13 +1,13 @@ -suite: Statefulset template (signing enabled) +suite: deployment template (signing enabled) release: name: gitea-unittests namespace: testing templates: - - templates/gitea/statefulset.yaml + - templates/gitea/deployment.yaml - templates/gitea/config.yaml tests: - it: adds gpg init container - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml set: signing: enabled: true @@ -39,7 +39,7 @@ tests: mountPath: /raw readOnly: true - it: adds gpg env in `init-directories` init container - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml set: signing.enabled: true signing.existingSecret: "custom-gpg-secret" @@ -50,7 +50,7 @@ tests: name: GNUPGHOME value: /data/git/.gnupg - it: adds gpg env in runtime container - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml set: signing.enabled: true signing.existingSecret: "custom-gpg-secret" @@ -61,7 +61,7 @@ tests: name: GNUPGHOME value: /data/git/.gnupg - it: adds gpg volume spec - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml set: signing: enabled: true @@ -78,7 +78,7 @@ tests: path: private.asc defaultMode: 0100 - it: supports gpg volume spec with external reference - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml set: signing: enabled: true diff --git a/unittests/statefulset/ssh-configuration.yaml b/unittests/deployment/ssh-configuration.yaml similarity index 80% rename from unittests/statefulset/ssh-configuration.yaml rename to unittests/deployment/ssh-configuration.yaml index 24ffc3a..efd0525 100644 --- a/unittests/statefulset/ssh-configuration.yaml +++ b/unittests/deployment/ssh-configuration.yaml @@ -1,13 +1,13 @@ -suite: Statefulset template (SSH configuration) +suite: deployment template (SSH configuration) release: name: gitea-unittests namespace: testing templates: - - templates/gitea/statefulset.yaml + - templates/gitea/deployment.yaml - templates/gitea/config.yaml tests: - it: supports defining SSH log level for root based image - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml set: image.rootless: false asserts: @@ -17,7 +17,7 @@ tests: name: SSH_LOG_LEVEL value: "INFO" - it: supports overriding SSH log level - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml set: image.rootless: false gitea.ssh.logLevel: "DEBUG" @@ -28,7 +28,7 @@ tests: name: SSH_LOG_LEVEL value: "DEBUG" - it: skips SSH_LOG_LEVEL for rootless image - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml set: image.rootless: true gitea.ssh.logLevel: "DEBUG" # explicitly defining a non-standard level here diff --git a/unittests/serviceaccount/reference.yaml b/unittests/serviceaccount/reference.yaml index 9c01594..25faa03 100644 --- a/unittests/serviceaccount/reference.yaml +++ b/unittests/serviceaccount/reference.yaml @@ -4,24 +4,24 @@ release: namespace: testing templates: - templates/gitea/serviceaccount.yaml - - templates/gitea/statefulset.yaml + - templates/gitea/deployment.yaml - templates/gitea/config.yaml tests: - - it: does not modify the StatefulSet by default - template: templates/gitea/statefulset.yaml + - it: does not modify the deployment by default + template: templates/gitea/deployment.yaml asserts: - notExists: path: spec.serviceAccountName - - it: adds the reference to the StatefulSet with serviceAccount.create=true - template: templates/gitea/statefulset.yaml + - it: adds the reference to the deployment with serviceAccount.create=true + template: templates/gitea/deployment.yaml set: serviceAccount.create: true asserts: - equal: path: spec.template.spec.serviceAccountName value: gitea-unittests - - it: allows referencing an externally created ServiceAccount to the StatefulSet - template: templates/gitea/statefulset.yaml + - it: allows referencing an externally created ServiceAccount to the deployment + template: templates/gitea/deployment.yaml set: serviceAccount: create: false # explicitly set to define rendering behavior diff --git a/values.yaml b/values.yaml index c37edc2..324837a 100644 --- a/values.yaml +++ b/values.yaml @@ -20,9 +20,19 @@ global: # hostnames: # - example.com -## @param replicaCount number of replicas for the statefulset +## @param replicaCount number of replicas for the deployment replicaCount: 1 +## @section strategy +## @param strategy.type strategy type +## @param strategy.rollingUpdate.maxSurge maxSurge +## @param strategy.rollingUpdate.maxUnavailable maxUnavailable +strategy: + type: "RollingUpdate" + rollingUpdate: + maxSurge: "100%" + maxUnavailable: 0 + ## @param clusterDomain cluster domain clusterDomain: cluster.local @@ -74,11 +84,16 @@ containerSecurityContext: {} ## @param securityContext Run init and Gitea containers as a specific securityContext securityContext: {} +## @param podDisruptionBudget Pod disruption budget +podDisruptionBudget: {} +# maxUnavailable: 1 +# minAvailable: 1 + ## @section Service service: ## @param service.http.type Kubernetes service type for web traffic ## @param service.http.port Port number for web traffic - ## @param service.http.clusterIP ClusterIP setting for http autosetup for statefulset is None + ## @param service.http.clusterIP ClusterIP setting for http autosetup for deployment is None ## @param service.http.loadBalancerIP LoadBalancer IP setting ## @param service.http.nodePort NodePort for http service ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation @@ -101,7 +116,7 @@ service: annotations: {} ## @param service.ssh.type Kubernetes service type for ssh traffic ## @param service.ssh.port Port number for ssh traffic - ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for statefulset is None + ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None ## @param service.ssh.loadBalancerIP LoadBalancer IP setting ## @param service.ssh.nodePort NodePort for ssh service ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation @@ -155,7 +170,7 @@ ingress: # If helm doesn't correctly detect your ingress API version you can set it here. # apiVersion: networking.k8s.io/v1 -## @section StatefulSet +## @section deployment # ## @param resources Kubernetes resources resources: @@ -177,26 +192,29 @@ resources: ## @param schedulerName Use an alternate scheduler, e.g. "stork" schedulerName: "" -## @param nodeSelector NodeSelector for the statefulset +## @param nodeSelector NodeSelector for the deployment nodeSelector: {} -## @param tolerations Tolerations for the statefulset +## @param tolerations Tolerations for the deployment tolerations: [] -## @param affinity Affinity for the statefulset +## @param affinity Affinity for the deployment affinity: {} -## @param dnsConfig dnsConfig for the statefulset +## @param topologySpreadConstraints TopologySpreadConstraints for the deployment +topologySpreadConstraints: [] + +## @param dnsConfig dnsConfig for the deployment dnsConfig: {} -## @param priorityClassName priorityClassName for the statefulset +## @param priorityClassName priorityClassName for the deployment priorityClassName: "" -## @param statefulset.env Additional environment variables to pass to containers -## @param statefulset.terminationGracePeriodSeconds How long to wait until forcefully kill the pod -## @param statefulset.labels Labels for the statefulset -## @param statefulset.annotations Annotations for the Gitea StatefulSet to be created -statefulset: +## @param deployment.env Additional environment variables to pass to containers +## @param deployment.terminationGracePeriodSeconds How long to wait until forcefully kill the pod +## @param deployment.labels Labels for the deployment +## @param deployment.annotations Annotations for the Gitea deployment to be created +deployment: env: [] # - name: VARIABLE @@ -218,14 +236,16 @@ serviceAccount: name: "" automountServiceAccountToken: false imagePullSecrets: [] - # - name: private-registry-access + # - name: private-registry-access annotations: {} labels: {} ## @section Persistence # ## @param persistence.enabled Enable persistent storage -## @param persistence.existingClaim Use an existing claim to store repository information +## @param persistence.create Whether to create the persistentVolumeClaim for shared storage +## @param persistence.mount Whether the persistentVolumeClaim should be mounted (even if not created) +## @param persistence.claimName Use an existing claim to store repository information ## @param persistence.size Size for persistence to store repo information ## @param persistence.accessModes AccessMode for persistence ## @param persistence.labels Labels for the persistence volume claim to be created @@ -234,7 +254,9 @@ serviceAccount: ## @param persistence.subPath Subdirectory of the volume to mount at persistence: enabled: true - existingClaim: + create: true + mount: true + claimName: gitea-shared-storage size: 10Gi accessModes: - ReadWriteOnce @@ -243,7 +265,7 @@ persistence: storageClass: subPath: -## @param extraVolumes Additional volumes to mount to the Gitea statefulset +## @param extraVolumes Additional volumes to mount to the Gitea deployment extraVolumes: [] # - name: postgres-ssl-vol # secret: @@ -358,13 +380,14 @@ gitea: # customProfileUrl: # customEmailUrl: - ## @param gitea.config Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) - config: {} - # APP_NAME: "Gitea: Git with a cup of tea" - # RUN_MODE: dev - # - # server: - # SSH_PORT: 22 + ## @param gitea.config.server.SSH_PORT SSH port for rootlful Gitea image + ## @param gitea.config.server.SSH_LISTEN_PORT SSH port for rootless Gitea image + config: + # APP_NAME: "Gitea: Git with a cup of tea" + # RUN_MODE: dev + server: + SSH_PORT: 22 # rootful image + SSH_LISTEN_PORT: 2222 # rootless image # # security: # PASSWORD_COMPLEXITY: spec @@ -446,23 +469,37 @@ gitea: successThreshold: 1 failureThreshold: 10 -## @section Memcached -# -## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. -## ref: https://hub.docker.com/r/bitnami/memcached/tags/ -## @param memcached.service.ports.memcached Port for Memcached -memcached: +## @section redis-cluster +## @param redis-cluster.enabled Enable redis +## @param redis-cluster.global.redis.password Password for the "gitea" user (overrides `password`) +redis-cluster: enabled: true - # image: - # registry: docker.io - # repository: bitnami/memcached - # tag: "" - # digest: "" - # pullPolicy: IfNotPresent - # pullSecrets: [] - service: - ports: - memcached: 11211 + global: + redis: + password: gitea + +## @section postgresql-ha +# +## @param postgresql-ha.enabled Enable postgresql-ha +## @param postgresql-ha.global.postgresql-ha.auth.password Password for the `gitea` user (overrides `auth.password`) +## @param postgresql-ha.global.postgresql-ha.auth.database Name for a custom database to create (overrides `auth.database`) +## @param postgresql-ha.global.postgresql-ha.auth.username Name for a custom user to create (overrides `auth.username`) +## @param postgresql-ha.global.postgresql-ha.service.ports.postgresql-ha postgresql-ha service port (overrides `service.ports.postgresql-ha`) +## @param postgresql-ha.primary.persistence.size PVC Storage Request for postgresql-ha volume +postgresql-ha: + enabled: true + global: + postgresql-ha: + auth: + password: gitea + database: gitea + username: gitea + service: + ports: + postgresql-ha: 5432 + primary: + persistence: + size: 10Gi ## @section PostgreSQL # @@ -473,7 +510,7 @@ memcached: ## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) ## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume postgresql: - enabled: true + enabled: false global: postgresql: auth: From 950e46ce440568eaf3eb12315f2bd86c15d18348 Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 17 Jul 2023 21:13:01 +0200 Subject: [PATCH 016/114] add experimental note --- README.md | 2 ++ docs/ha-setup.md | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a167589..67adb87 100644 --- a/README.md +++ b/README.md @@ -92,6 +92,8 @@ When upgrading, please refer to the [Upgrading](#upgrading) section at the botto ## High Availability +⚠️ **EXPERIMENTAL** ⚠️ + Since version 9.0.0 this chart has experimental support for running Gitea and it's dependencies in a HA setup. The setup is still experimental and care must be taken for production use as Gitea core is not yet officially HA-ready. diff --git a/docs/ha-setup.md b/docs/ha-setup.md index 1139706..4620317 100644 --- a/docs/ha-setup.md +++ b/docs/ha-setup.md @@ -1,6 +1,6 @@ # High Availability -**Experimental** +⚠️ **EXPERIMENTAL** ⚠️ All components (in-memory DB, volume/asset storage, code indexer) used by Gitea must be deployed in a HA-ready fashion to achieve a full HA-ready Gitea deployment. The following document explains how to achieve this for all individual components. From a20c014e49968d89d67284b9aa6a6ce25f991359 Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 17 Jul 2023 21:17:26 +0200 Subject: [PATCH 017/114] add env-to-ini prefix to upgrading notes --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index 67adb87..c9690ae 100644 --- a/README.md +++ b/README.md @@ -927,6 +927,7 @@ The above changes are motivated by the idea to tidy dependencies but also have H The previous `memcache` default was not HA-ready, hence we decided to switch to `redis-cluster` by default. + **Transitioning from a RWO to RWX Persistent Volume** If you want to switch to a RWX volume and go for HA, you need to @@ -936,6 +937,7 @@ If you want to switch to a RWX volume and go for HA, you need to 3. Restore the backup to the same location in the new PV + **Transitioning from Postgres to Postgres HA** If you are running with a non-HA PG DB from a previous chart release, you need to set @@ -945,6 +947,16 @@ If you are running with a non-HA PG DB from a previous chart release, you need t This is needed to stay with your existing single-instance DB (as the HA-variant is the new default). + + +**Change of env-to-ini prefix** + +Before this release, the env-to-ini prefix was `ENV_TO_INI__`. +This allowed a clear distinction between user-provided and chart-provided env-to-ini variables. +Due to the removal custom prefix feature in the upstream implementation of env-to-ini, the prefix has been changed to the default `GITEA__`. + +If you previously had defined env vars that had the `ENV_TO_INI__` prefix, you need to change them to `GITEA__` in order for them to be picked up by the chart. +
From 00433b97c4ebd26c94b812a6c69c3c618de6fe9b Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 17 Jul 2023 21:19:48 +0200 Subject: [PATCH 018/114] add release process to contributing --- CONTRIBUTING.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ea00fdc..21d74c0 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -62,3 +62,9 @@ make unittests ``` See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/v0.3.3/DOCUMENT.md) for usage instructions. + +## Release process + +1. Create a tag following the tagging schema +1. Push the tag +1. Let CI do it's work \ No newline at end of file From ede76d4b68dbe3e15cae15c39e458ef2bf225aca Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 17 Jul 2023 21:26:45 +0200 Subject: [PATCH 019/114] update helm deps and add makefile rule --- Chart.lock | 10 +++++----- Chart.yaml | 12 ++++++------ Makefile | 5 +++++ 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/Chart.lock b/Chart.lock index c5f80ef..44d920b 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.4.1 + version: 12.6.6 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.6.1 + version: 11.7.9 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 8.4.4 -digest: sha256:3b203051c9fb8df9e771a4d67c276190a1c63aae9bf980ef3676e2a51b2f56c7 -generated: "2023-05-13T21:47:51.823348+02:00" + version: 8.6.9 +digest: sha256:52296a48610712a8eb69a32b1b5818b014bfb8dac79d883e11ebdaf97d41e85d +generated: "2023-07-17T21:24:06.888357+02:00" diff --git a/Chart.yaml b/Chart.yaml index d5a2d32..7160a58 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -33,18 +33,18 @@ maintainers: # Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details dependencies: - # OCI registry: https://blog.bitnami.com/2023/01/bitnami-helm-charts-available-as-oci.html (2023-01) + # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml) - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.4.1 + version: 12.6.6 condition: postgresql.enabled - # Chart release date: 2023-05 + # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml) - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.6.1 + version: 11.7.9 condition: postgresql-ha.enabled - # Chart release date: 2023-04 + # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml) - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 8.4.4 + version: 8.6.9 condition: redis-cluster.enabled diff --git a/Makefile b/Makefile index ff48c63..e3e4f03 100644 --- a/Makefile +++ b/Makefile @@ -10,3 +10,8 @@ readme: prepare-environment .PHONY: unittests unittests: helm unittest --strict -f 'unittests/**/*.yaml' ./ + +.PHONY: helm +update-helm-dependencies: + helm dependency update + \ No newline at end of file From 2ded843924404800d5dd670a7c52f97071f6ae04 Mon Sep 17 00:00:00 2001 From: yinheli Date: Tue, 18 Jul 2023 06:25:38 +0000 Subject: [PATCH 020/114] fix: Deployment has no field serviceName #466 (#467) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ### Description of the change remove deployment, `serviceName` ### Benefits ### Possible drawbacks ### Applicable issues - fixes #466 ### Additional information ### ⚠ BREAKING ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [x] Breaking changes are documented in the `README.md` - [x] Templating unittests are added Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/467 Co-authored-by: yinheli Co-committed-by: yinheli --- templates/gitea/deployment.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/templates/gitea/deployment.yaml b/templates/gitea/deployment.yaml index 0176300..247a560 100644 --- a/templates/gitea/deployment.yaml +++ b/templates/gitea/deployment.yaml @@ -23,7 +23,6 @@ spec: {{- if .Values.deployment.labels }} {{- toYaml .Values.deployment.labels | nindent 6 }} {{- end }} - serviceName: {{ include "gitea.fullname" . }} template: metadata: annotations: From de5a6edbc8189546f270bad18c6dce459890b81c Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 08:27:11 +0200 Subject: [PATCH 021/114] lint --- CONTRIBUTING.md | 2 +- README.md | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 21d74c0..f6c24bf 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -67,4 +67,4 @@ See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/v 1. Create a tag following the tagging schema 1. Push the tag -1. Let CI do it's work \ No newline at end of file +1. Let CI do it's work diff --git a/README.md b/README.md index c9690ae..af481ce 100644 --- a/README.md +++ b/README.md @@ -927,7 +927,6 @@ The above changes are motivated by the idea to tidy dependencies but also have H The previous `memcache` default was not HA-ready, hence we decided to switch to `redis-cluster` by default. - **Transitioning from a RWO to RWX Persistent Volume** If you want to switch to a RWX volume and go for HA, you need to @@ -937,7 +936,6 @@ If you want to switch to a RWX volume and go for HA, you need to 3. Restore the backup to the same location in the new PV - **Transitioning from Postgres to Postgres HA** If you are running with a non-HA PG DB from a previous chart release, you need to set @@ -948,7 +946,6 @@ If you are running with a non-HA PG DB from a previous chart release, you need t This is needed to stay with your existing single-instance DB (as the HA-variant is the new default). - **Change of env-to-ini prefix** Before this release, the env-to-ini prefix was `ENV_TO_INI__`. From 3a9e60ce4091c0ad8aaf6bfa4ac0d747c1f962e6 Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 18:10:38 +0200 Subject: [PATCH 022/114] fix postgresql.dns definition in helpers.tpl --- templates/_helpers.tpl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index a92a22c..65bf34c 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -113,7 +113,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "postgresql.dns" -}} -{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.service.ports.postgresql -}} +{{- printf "%s-postgresql-ha.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql-ha.global.postgresql-ha.service.ports.postgresql-ha -}} {{- end -}} {{- define "redis.dns" -}} @@ -274,7 +274,7 @@ https {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}} {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} {{- end -}} - {{- if (index .Values "redis-cluster").enabled -}} + {{- if (index .Values "redis-cluster").enabled -}} {{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}} {{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}} {{- if not (.Values.gitea.config.cache.HOST) -}} @@ -349,9 +349,9 @@ https {{- if not (.Values.gitea.config.database.HOST) -}} {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} {{- end -}} - {{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.auth.database -}} - {{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.auth.username -}} - {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.auth.password -}} + {{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql-ha.global.postgresql-ha.auth.database -}} + {{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql-ha.global.postgresql-ha.auth.username -}} + {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql-ha.global.postgresql-ha.auth.password -}} {{- end -}} {{- end -}} From 46fb4d8026fcfeaa63a07515f087e95310a37c49 Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 18:23:29 +0200 Subject: [PATCH 023/114] use index function for helm --- templates/_helpers.tpl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 65bf34c..2f734a9 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -113,7 +113,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "postgresql.dns" -}} -{{- printf "%s-postgresql-ha.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql-ha.global.postgresql-ha.service.ports.postgresql-ha -}} +{{- printf "%s-postgresql-ha.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "global" "postgresql-ha" "service" "ports" "postgresql-ha") -}} {{- end -}} {{- define "redis.dns" -}} @@ -349,9 +349,9 @@ https {{- if not (.Values.gitea.config.database.HOST) -}} {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} {{- end -}} - {{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql-ha.global.postgresql-ha.auth.database -}} - {{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql-ha.global.postgresql-ha.auth.username -}} - {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql-ha.global.postgresql-ha.auth.password -}} + {{- $_ := set .Values.gitea.config.database "NAME" (index .Values "postgresql-ha" "global" "postgresql-ha" "auth" "database") -}} + {{- $_ := set .Values.gitea.config.database "USER" (index .Values "postgresql-ha" "global" "postgresql-ha" "auth" "username") -}} + {{- $_ := set .Values.gitea.config.database "PASSWD" (index .Values "postgresql-ha" "global" "postgresql-ha" "auth" "password") -}} {{- end -}} {{- end -}} From de1d5af8c8b62c86f2483f9308b70f1133ca03a6 Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 18:31:58 +0200 Subject: [PATCH 024/114] more postgresql-ha adjustments --- templates/_helpers.tpl | 10 +++++----- values.yaml | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 2f734a9..6726856 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -113,7 +113,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "postgresql.dns" -}} -{{- printf "%s-postgresql-ha.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "global" "postgresql-ha" "service" "ports" "postgresql-ha") -}} +{{- printf "%s-postgresql-ha.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "global" "postgresql" "service" "ports" "postgresql") -}} {{- end -}} {{- define "redis.dns" -}} @@ -344,14 +344,14 @@ https {{- end -}} {{- define "gitea.inline_configuration.defaults.database" -}} - {{- if .Values.postgresql.enabled -}} + {{- if .Values.postgresql-ha.enabled -}} {{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}} {{- if not (.Values.gitea.config.database.HOST) -}} {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} {{- end -}} - {{- $_ := set .Values.gitea.config.database "NAME" (index .Values "postgresql-ha" "global" "postgresql-ha" "auth" "database") -}} - {{- $_ := set .Values.gitea.config.database "USER" (index .Values "postgresql-ha" "global" "postgresql-ha" "auth" "username") -}} - {{- $_ := set .Values.gitea.config.database "PASSWD" (index .Values "postgresql-ha" "global" "postgresql-ha" "auth" "password") -}} + {{- $_ := set .Values.gitea.config.database "NAME" (index .Values "postgresql-ha" "global" "postgresql" "auth" "database") -}} + {{- $_ := set .Values.gitea.config.database "USER" (index .Values "postgresql-ha" "global" "postgresql" "auth" "username") -}} + {{- $_ := set .Values.gitea.config.database "PASSWD" (index .Values "postgresql-ha" "global" "postgresql" "auth" "password") -}} {{- end -}} {{- end -}} diff --git a/values.yaml b/values.yaml index 324837a..1db6bfc 100644 --- a/values.yaml +++ b/values.yaml @@ -489,14 +489,14 @@ redis-cluster: postgresql-ha: enabled: true global: - postgresql-ha: + postgresql: auth: password: gitea database: gitea username: gitea service: ports: - postgresql-ha: 5432 + postgresql: 5432 primary: persistence: size: 10Gi From dc6bab1958bcfc8ca07bfcdb4a3bfb1154fb81e0 Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 18:34:56 +0200 Subject: [PATCH 025/114] another index --- templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 6726856..c21a8f4 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -344,7 +344,7 @@ https {{- end -}} {{- define "gitea.inline_configuration.defaults.database" -}} - {{- if .Values.postgresql-ha.enabled -}} + {{- if (index .Values "postgresql-ha" "enabled") -}} {{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}} {{- if not (.Values.gitea.config.database.HOST) -}} {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} From f108be0cd64048aaf099e56e5bb501a4eb4afec5 Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 18:50:18 +0200 Subject: [PATCH 026/114] fix postgresql.dns --- templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index c21a8f4..9078f72 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -113,7 +113,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "postgresql.dns" -}} -{{- printf "%s-postgresql-ha.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "global" "postgresql" "service" "ports" "postgresql") -}} +{{- printf "%s-postgresql-ha-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "global" "postgresql" "service" "ports" "postgresql") -}} {{- end -}} {{- define "redis.dns" -}} From c6fbb6d72e8a8016dc6c21695ac451a687eba7b4 Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 19:07:33 +0200 Subject: [PATCH 027/114] adjust postgresql-ha service port mappings --- templates/_helpers.tpl | 2 +- values.yaml | 13 ++++++------- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 9078f72..335cf9a 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -113,7 +113,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "postgresql.dns" -}} -{{- printf "%s-postgresql-ha-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "global" "postgresql" "service" "ports" "postgresql") -}} +{{- printf "%s-postgresql-ha-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}} {{- end -}} {{- define "redis.dns" -}} diff --git a/values.yaml b/values.yaml index 1db6bfc..ccd24d2 100644 --- a/values.yaml +++ b/values.yaml @@ -490,13 +490,12 @@ postgresql-ha: enabled: true global: postgresql: - auth: - password: gitea - database: gitea - username: gitea - service: - ports: - postgresql: 5432 + password: gitea + database: gitea + username: gitea + service: + ports: + postgresql: 5432 primary: persistence: size: 10Gi From 5f8de23c15ac05a03acebcd10549a97af90a2def Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 19:16:33 +0200 Subject: [PATCH 028/114] remove "auth" mapping in helpers.tpl --- templates/_helpers.tpl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 335cf9a..5eb1cb0 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -349,9 +349,9 @@ https {{- if not (.Values.gitea.config.database.HOST) -}} {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} {{- end -}} - {{- $_ := set .Values.gitea.config.database "NAME" (index .Values "postgresql-ha" "global" "postgresql" "auth" "database") -}} - {{- $_ := set .Values.gitea.config.database "USER" (index .Values "postgresql-ha" "global" "postgresql" "auth" "username") -}} - {{- $_ := set .Values.gitea.config.database "PASSWD" (index .Values "postgresql-ha" "global" "postgresql" "auth" "password") -}} + {{- $_ := set .Values.gitea.config.database "NAME" (index .Values "postgresql-ha" "global" "postgresql" "database") -}} + {{- $_ := set .Values.gitea.config.database "USER" (index .Values "postgresql-ha" "global" "postgresql" "username") -}} + {{- $_ := set .Values.gitea.config.database "PASSWD" (index .Values "postgresql-ha" "global" "postgresql" "password") -}} {{- end -}} {{- end -}} From a247071b07b37d65915ac0424b3629e1109e395b Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 19:22:51 +0200 Subject: [PATCH 029/114] don't condition session config on multiple replicas --- templates/_helpers.tpl | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 5eb1cb0..8006bb9 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -286,18 +286,15 @@ https {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}} {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}} {{- end -}} - {{- /* multiple replicas */ -}} - {{- if gt .Values.replicaCount 1.0 -}} - {{- if not (get .Values.gitea.config.session "PROVIDER") -}} + {{- if not (get .Values.gitea.config.session "PROVIDER") -}} {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}} - {{- end -}} - {{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}} + {{- end -}} + {{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}} {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "redis.dns" .) -}} - {{- end -}} + {{- end -}} {{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}} {{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}} {{- end -}} - {{- end -}} {{- end -}} {{- define "gitea.inline_configuration.defaults.server" -}} From 75893ad9c670cd2dee5e6ac041fd419be935cb1d Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 19:28:40 +0200 Subject: [PATCH 030/114] add explicit config example for `session`, `cache` and `queue` to migration instructions --- README.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/README.md b/README.md index af481ce..108ce97 100644 --- a/README.md +++ b/README.md @@ -926,6 +926,23 @@ The first item here (``) will be different compared to th The above changes are motivated by the idea to tidy dependencies but also have HA-ready ones at the same time. The previous `memcache` default was not HA-ready, hence we decided to switch to `redis-cluster` by default. +If you are coming from an existing deployment and [#356](https://gitea.com/gitea/helm-chart/issues/356) is still open, you need to set the config sections for `cache`, `session` and `queue` explicitly: + +```yaml + session: + PROVIDER: redis + PROVIDER_CONFIG: redis+cluster://:gitea@gitea-redis-cluster-headless..svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + + cache: + ENABLED: true + ADAPTER: redis + HOST: redis+cluster://:gitea@gitea-redis-cluster-headless..svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + + queue: + TYPE: redis + CONN_STR: redis+cluster://:gitea@gitea-redis-cluster-headless..svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& +``` + **Transitioning from a RWO to RWX Persistent Volume** From 29c9bbb4bfec04ab22761cc2d999eb0fcb8acbed Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 20:06:16 +0200 Subject: [PATCH 031/114] postgresql-ha: provide defaults for `postgresPassword` and `repmgrPassword` due to upstream bug --- README.md | 18 ++++++++++-------- values.yaml | 14 ++++++++++---- 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 108ce97..984312e 100644 --- a/README.md +++ b/README.md @@ -841,14 +841,16 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na ### PostgreSQL-ha -| Name | Description | Value | -| ---------------------------------------------------------------- | -------------------------------------------------------------------- | ------- | -| `postgresql-ha.enabled` | Enable PostgreSQL-ha | `true` | -| `postgresql-ha.global.postgresql-ha.auth.password` | Password for the `gitea` user (overrides `auth.password`) | `gitea` | -| `postgresql-ha.global.postgresql-ha.auth.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` | -| `postgresql-ha.global.postgresql-ha.auth.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` | -| `postgresql-ha.global.postgresql-ha.service.ports.postgresql-ha` | PostgreSQL-ha service port (overrides `service.ports.postgresql-ha`) | `5432` | -| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL-ha volume | `10Gi` | +| Name | Description | Value | +| -------------------------------------------------- | ---------------------------------------------------------------- | ---------- | +| `postgresql-ha.enabled` | Enable PostgreSQL-ha | `true` | +| `postgresql-ha.global.postgresql.password` | Password for the `gitea` user (overrides `auth.password`) | `gitea` | +| `postgresql-ha.global.postgresql.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` | +| `postgresql-ha.global.postgresql.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` | +| `postgresql-ha.global.postgresql.postgresPassword` | Postgres Password | `changeme` | +| `postgresql-ha.global.postgresql.repmgrPassword` | Repmgr Password | `changeme` | +| `postgresql-ha.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` | +| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL-ha volume | `10Gi` | ### PostgreSQL diff --git a/values.yaml b/values.yaml index ccd24d2..e2ac2cd 100644 --- a/values.yaml +++ b/values.yaml @@ -481,10 +481,12 @@ redis-cluster: ## @section postgresql-ha # ## @param postgresql-ha.enabled Enable postgresql-ha -## @param postgresql-ha.global.postgresql-ha.auth.password Password for the `gitea` user (overrides `auth.password`) -## @param postgresql-ha.global.postgresql-ha.auth.database Name for a custom database to create (overrides `auth.database`) -## @param postgresql-ha.global.postgresql-ha.auth.username Name for a custom user to create (overrides `auth.username`) -## @param postgresql-ha.global.postgresql-ha.service.ports.postgresql-ha postgresql-ha service port (overrides `service.ports.postgresql-ha`) +## @param postgresql-ha.global.postgresql.password Password for the `gitea` user (overrides `auth.password`) +## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`) +## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`) +## @param postgresql-ha.global.postgresql.postgresPassword Postgres Password +## @param postgresql-ha.global.postgresql.repmgrPassword Repmgr Password +## @param postgresql-ha.service.ports.postgresql postgresql service port (overrides `service.ports.postgresql`) ## @param postgresql-ha.primary.persistence.size PVC Storage Request for postgresql-ha volume postgresql-ha: enabled: true @@ -493,6 +495,10 @@ postgresql-ha: password: gitea database: gitea username: gitea + # FIXME: https://github.com/bitnami/charts/issues/17052 + postgresPassword: changeme + # FIXME: https://github.com/bitnami/charts/issues/17052 + repmgrPassword: changeme service: ports: postgresql: 5432 From 19841604f76f17e4334611b7933bf0ded062f061 Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 19 Jul 2023 09:57:44 +0200 Subject: [PATCH 032/114] use redis-cluster instead of redis --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 984312e..b24f08c 100644 --- a/README.md +++ b/README.md @@ -932,12 +932,12 @@ If you are coming from an existing deployment and [#356](https://gitea.com/gitea ```yaml session: - PROVIDER: redis + PROVIDER: redis-cluster PROVIDER_CONFIG: redis+cluster://:gitea@gitea-redis-cluster-headless..svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& cache: ENABLED: true - ADAPTER: redis + ADAPTER: redis-cluster HOST: redis+cluster://:gitea@gitea-redis-cluster-headless..svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& queue: From 565cbaf292c5f9055833b763ab5fdeb8e566991f Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 19 Jul 2023 12:37:53 +0000 Subject: [PATCH 033/114] Expose `persistence.volumeName` (#471) ### Benefits possibly fix #470 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/471 Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 1 + templates/gitea/pvc.yaml | 4 +++- values.yaml | 6 ++++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b24f08c..4477d7e 100644 --- a/README.md +++ b/README.md @@ -754,6 +754,7 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` | | `persistence.storageClass` | Name of the storage class to use | `nil` | | `persistence.subPath` | Subdirectory of the volume to mount at | `nil` | +| `persistence.volumeName` | Name of persistent volume in PVC | `""` | | `extraVolumes` | Additional volumes to mount to the Gitea deployment | `[]` | | `extraContainerVolumeMounts` | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]` | | `extraInitVolumeMounts` | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. | `[]` | diff --git a/templates/gitea/pvc.yaml b/templates/gitea/pvc.yaml index d84ecc3..995bd10 100644 --- a/templates/gitea/pvc.yaml +++ b/templates/gitea/pvc.yaml @@ -17,7 +17,9 @@ spec: {{- if .Values.persistence.storageClass }} storageClassName: {{ .Values.persistence.storageClass }} {{- end }} - volumeName: "" + {{- with .Values.persistence.volumeName }} + volumeName: {{ . }} + {{- end }} resources: requests: storage: {{ .Values.persistence.size }} diff --git a/values.yaml b/values.yaml index e2ac2cd..1204e58 100644 --- a/values.yaml +++ b/values.yaml @@ -252,6 +252,7 @@ serviceAccount: ## @param persistence.annotations Annotations for the persistence volume claim to be created ## @param persistence.storageClass Name of the storage class to use ## @param persistence.subPath Subdirectory of the volume to mount at +## @param persistence.volumeName Name of persistent volume in PVC persistence: enabled: true create: true @@ -264,6 +265,7 @@ persistence: annotations: {} storageClass: subPath: + volumeName: "" ## @param extraVolumes Additional volumes to mount to the Gitea deployment extraVolumes: [] @@ -496,9 +498,9 @@ postgresql-ha: database: gitea username: gitea # FIXME: https://github.com/bitnami/charts/issues/17052 - postgresPassword: changeme + postgresPassword: changeme # FIXME: https://github.com/bitnami/charts/issues/17052 - repmgrPassword: changeme + repmgrPassword: changeme service: ports: postgresql: 5432 From 81612bd7882f0b3b5d70308a8e7fcfb5d165ec7c Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 19 Jul 2023 15:16:45 +0000 Subject: [PATCH 034/114] Update default params of chart dependencies (#473) ### Description of the change Update default params of chart dependencies. Tested with multiple upgrades and fresh installations. Using no password auth for redis simplifies things for basic installations. Production installations should properly configure auth as they need it. ### Benefits To avoid/solve upgrading issues as in #407 and #472 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/473 Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 63 +++++++++++++++++++++++++++-------------------------- values.yaml | 31 +++++++++++++------------- 2 files changed, 48 insertions(+), 46 deletions(-) diff --git a/README.md b/README.md index 4477d7e..07b39fe 100644 --- a/README.md +++ b/README.md @@ -742,23 +742,23 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na ### Persistence -| Name | Description | Value | -| ---------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------- | -| `persistence.enabled` | Enable persistent storage | `true` | -| `persistence.create` | Whether to create the persistentVolumeClaim for shared storage | `true` | -| `persistence.mount` | Whether the persistentVolumeClaim should be mounted (even if not created) | `true` | -| `persistence.claimName` | Use an existing claim to store repository information | `gitea-shared-storage` | -| `persistence.size` | Size for persistence to store repo information | `10Gi` | -| `persistence.accessModes` | AccessMode for persistence | `["ReadWriteOnce"]` | -| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` | -| `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` | -| `persistence.storageClass` | Name of the storage class to use | `nil` | -| `persistence.subPath` | Subdirectory of the volume to mount at | `nil` | -| `persistence.volumeName` | Name of persistent volume in PVC | `""` | -| `extraVolumes` | Additional volumes to mount to the Gitea deployment | `[]` | -| `extraContainerVolumeMounts` | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]` | -| `extraInitVolumeMounts` | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. | `[]` | -| `extraVolumeMounts` | **DEPRECATED** Additional volume mounts for init containers and the Gitea main container | `[]` | +| Name | Description | Value | +| ------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------- | +| `persistence.enabled` | Enable persistent storage | `true` | +| `persistence.create` | Whether to create the persistentVolumeClaim for shared storage | `true` | +| `persistence.mount` | Whether the persistentVolumeClaim should be mounted (even if not created) | `true` | +| `persistence.claimName` | Use an existing claim to store repository information | `gitea-shared-storage` | +| `persistence.size` | Size for persistence to store repo information | `10Gi` | +| `persistence.accessModes` | AccessMode for persistence | `["ReadWriteOnce"]` | +| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` | +| `persistence.annotations.helm.sh/resource-policy` | Resource policy for the persistence volume claim | `keep` | +| `persistence.storageClass` | Name of the storage class to use | `nil` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `nil` | +| `persistence.volumeName` | Name of persistent volume in PVC | `""` | +| `extraVolumes` | Additional volumes to mount to the Gitea deployment | `[]` | +| `extraContainerVolumeMounts` | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]` | +| `extraInitVolumeMounts` | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. | `[]` | +| `extraVolumeMounts` | **DEPRECATED** Additional volume mounts for init containers and the Gitea main container | `[]` | ### Init @@ -835,23 +835,24 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na ### redis-cluster -| Name | Description | Value | -| ------------------------------------- | ---------------------------------------------------- | ------- | -| `redis-cluster.enabled` | Enable redis | `true` | -| `redis-cluster.global.redis.password` | Password for the "Gitea" user (overrides `password`) | `gitea` | +| Name | Description | Value | +| --------------------------- | -------------------------------------- | ------- | +| `redis-cluster.enabled` | Enable redis | `true` | +| `redis-cluster.usePassword` | Whether to use password authentication | `false` | ### PostgreSQL-ha -| Name | Description | Value | -| -------------------------------------------------- | ---------------------------------------------------------------- | ---------- | -| `postgresql-ha.enabled` | Enable PostgreSQL-ha | `true` | -| `postgresql-ha.global.postgresql.password` | Password for the `gitea` user (overrides `auth.password`) | `gitea` | -| `postgresql-ha.global.postgresql.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` | -| `postgresql-ha.global.postgresql.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` | -| `postgresql-ha.global.postgresql.postgresPassword` | Postgres Password | `changeme` | -| `postgresql-ha.global.postgresql.repmgrPassword` | Repmgr Password | `changeme` | -| `postgresql-ha.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` | -| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL-ha volume | `10Gi` | +| Name | Description | Value | +| ------------------------------------------- | ---------------------------------------------------------------- | ----------- | +| `postgresql-ha.enabled` | Enable PostgreSQL-ha | `true` | +| `postgresql-ha.postgresql.password` | Password for the `gitea` user (overrides `auth.password`) | `changeme4` | +| `postgresql-ha.global.postgresql.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` | +| `postgresql-ha.global.postgresql.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` | +| `postgresql-ha.postgresql.repmgrPassword` | Repmgr Password | `changeme2` | +| `postgresql-ha.postgresql.postgresPassword` | postgres Password | `changeme1` | +| `postgresql-ha.pgpool.adminPassword` | pgpool adminPassword | `changeme3` | +| `postgresql-ha.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` | +| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL-ha volume | `10Gi` | ### PostgreSQL diff --git a/values.yaml b/values.yaml index 1204e58..d3ad09e 100644 --- a/values.yaml +++ b/values.yaml @@ -249,7 +249,7 @@ serviceAccount: ## @param persistence.size Size for persistence to store repo information ## @param persistence.accessModes AccessMode for persistence ## @param persistence.labels Labels for the persistence volume claim to be created -## @param persistence.annotations Annotations for the persistence volume claim to be created +## @param persistence.annotations.helm.sh/resource-policy Resource policy for the persistence volume claim ## @param persistence.storageClass Name of the storage class to use ## @param persistence.subPath Subdirectory of the volume to mount at ## @param persistence.volumeName Name of persistent volume in PVC @@ -262,10 +262,11 @@ persistence: accessModes: - ReadWriteOnce labels: {} - annotations: {} storageClass: subPath: volumeName: "" + annotations: + helm.sh/resource-policy: keep ## @param extraVolumes Additional volumes to mount to the Gitea deployment extraVolumes: [] @@ -473,34 +474,34 @@ gitea: ## @section redis-cluster ## @param redis-cluster.enabled Enable redis -## @param redis-cluster.global.redis.password Password for the "gitea" user (overrides `password`) +## @param redis-cluster.usePassword Whether to use password authentication redis-cluster: enabled: true - global: - redis: - password: gitea + usePassword: false ## @section postgresql-ha # ## @param postgresql-ha.enabled Enable postgresql-ha -## @param postgresql-ha.global.postgresql.password Password for the `gitea` user (overrides `auth.password`) +## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`) ## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`) ## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`) -## @param postgresql-ha.global.postgresql.postgresPassword Postgres Password -## @param postgresql-ha.global.postgresql.repmgrPassword Repmgr Password +## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password +## @param postgresql-ha.postgresql.postgresPassword postgres Password +## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword ## @param postgresql-ha.service.ports.postgresql postgresql service port (overrides `service.ports.postgresql`) ## @param postgresql-ha.primary.persistence.size PVC Storage Request for postgresql-ha volume postgresql-ha: - enabled: true global: postgresql: - password: gitea database: gitea username: gitea - # FIXME: https://github.com/bitnami/charts/issues/17052 - postgresPassword: changeme - # FIXME: https://github.com/bitnami/charts/issues/17052 - repmgrPassword: changeme + enabled: true + postgresql: + repmgrPassword: changeme2 + postgresPassword: changeme1 + password: changeme4 + pgpool: + adminPassword: changeme3 service: ports: postgresql: 5432 From a5884ec67f22249315c8f4e9ea2787578c710b07 Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 19 Jul 2023 23:05:52 +0200 Subject: [PATCH 035/114] readd missing postgresql password for db --- README.md | 1 + values.yaml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/README.md b/README.md index 07b39fe..0748004 100644 --- a/README.md +++ b/README.md @@ -848,6 +848,7 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | `postgresql-ha.postgresql.password` | Password for the `gitea` user (overrides `auth.password`) | `changeme4` | | `postgresql-ha.global.postgresql.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` | | `postgresql-ha.global.postgresql.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` | +| `postgresql-ha.global.postgresql.password` | Name for a custom password to create (overrides `auth.password`) | `gitea` | | `postgresql-ha.postgresql.repmgrPassword` | Repmgr Password | `changeme2` | | `postgresql-ha.postgresql.postgresPassword` | postgres Password | `changeme1` | | `postgresql-ha.pgpool.adminPassword` | pgpool adminPassword | `changeme3` | diff --git a/values.yaml b/values.yaml index d3ad09e..c33e243 100644 --- a/values.yaml +++ b/values.yaml @@ -485,6 +485,7 @@ redis-cluster: ## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`) ## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`) ## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`) +## @param postgresql-ha.global.postgresql.password Name for a custom password to create (overrides `auth.password`) ## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password ## @param postgresql-ha.postgresql.postgresPassword postgres Password ## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword @@ -494,6 +495,7 @@ postgresql-ha: global: postgresql: database: gitea + password: gitea username: gitea enabled: true postgresql: From aa8f543c08f874754ccc3e5f136e0b46742b3992 Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 19 Jul 2023 23:08:55 +0200 Subject: [PATCH 036/114] bump to 1.20 nightly for env-to-ini fix --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 7160a58..844061b 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.20.0 +appVersion: 1.20-nightly icon: https://docs.gitea.io/images/gitea.png keywords: From 9dda709997fb67b9e1a39bef63775013f89fb2c9 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 20 Jul 2023 09:51:13 +0200 Subject: [PATCH 037/114] update terraform custom theme instructions --- README.md | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0748004..4fc4bb8 100644 --- a/README.md +++ b/README.md @@ -592,6 +592,8 @@ gitea: Custom themes can be added via k8s secrets and referencing them in `values.yaml`. +The [http provider](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) is useful here. + ```yaml extraVolumes: - name: gitea-themes @@ -614,13 +616,37 @@ resource "kubernetes_secret" "gitea-themes" { } data = { - "theme-custom.css" = "${file("FULL-PATH-TO-CSS")}" - "theme-custom-dark.css" = "${file("FULL-PATH-TO-CSS")}" + "my-theme.css" = data.http.gitea-theme-light.body + "my-theme-dark.css" = data.http.gitea-theme-dark.body + "my-theme-auto.css" = data.http.gitea-theme-auto.body } type = "Opaque" +} - depends_on = [kubernetes_namespace.gitea] + +data "http" "gitea-theme-light" { + url = "" + + request_headers = { + Accept = "application/json" + } +} + +data "http" "gitea-theme-dark" { + url = "" + + request_headers = { + Accept = "application/json" + } +} + +data "http" "gitea-theme-auto" { + url = "" + + request_headers = { + Accept = "application/json" + } } ``` From 269ca48586a9d2561b8e04059bebd38062b7ad37 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sat, 22 Jul 2023 10:50:27 +0200 Subject: [PATCH 038/114] 1.20.1 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 844061b..450d979 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.20-nightly +appVersion: 1.20.1 icon: https://docs.gitea.io/images/gitea.png keywords: From 860c2ce54249419745b116d1ef251c02af3bdd69 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sat, 22 Jul 2023 11:46:44 +0000 Subject: [PATCH 039/114] Auto-configure non-postgresql DNS and assert single PG instance (#478) ### Description of the change Before only `postgresql-ha` was auto-configured WRT to DNS. ### Benefits Add DNS auto-config for `postgresql` dependency and assert that either `postgresql` or `postgresql-ha` is enabled. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/478 Co-authored-by: pat-s Co-committed-by: pat-s --- templates/_helpers.tpl | 21 +++++++++++++++++++-- templates/gitea/config.yaml | 9 ++++++++- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 8006bb9..2dad930 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -112,9 +112,17 @@ app.kubernetes.io/name: {{ include "gitea.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} -{{- define "postgresql.dns" -}} +{{- define "postgresql-ha.dns" -}} +{{- if (index .Values "postgresql-ha").enabled -}} {{- printf "%s-postgresql-ha-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}} {{- end -}} +{{- end -}} + +{{- define "postgresql.dns" -}} +{{- if (index .Values "postgresql").enabled -}} +{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.service.ports.postgresql -}} +{{- end -}} +{{- end -}} {{- define "redis.dns" -}} {{- if (index .Values "redis-cluster").enabled -}} @@ -344,12 +352,21 @@ https {{- if (index .Values "postgresql-ha" "enabled") -}} {{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}} {{- if not (.Values.gitea.config.database.HOST) -}} - {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} + {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql-ha.dns" .) -}} {{- end -}} {{- $_ := set .Values.gitea.config.database "NAME" (index .Values "postgresql-ha" "global" "postgresql" "database") -}} {{- $_ := set .Values.gitea.config.database "USER" (index .Values "postgresql-ha" "global" "postgresql" "username") -}} {{- $_ := set .Values.gitea.config.database "PASSWD" (index .Values "postgresql-ha" "global" "postgresql" "password") -}} {{- end -}} + {{- if (index .Values "postgresql" "enabled") -}} + {{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}} + {{- if not (.Values.gitea.config.database.HOST) -}} + {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} + {{- end -}} + {{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.auth.database -}} + {{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.auth.username -}} + {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.auth.password -}} + {{- end -}} {{- end -}} {{- define "gitea.init-additional-mounts" -}} diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index ab4832d..3f8b7e6 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -17,6 +17,12 @@ metadata: type: Opaque stringData: assertions: | + +{{- /*assert that only one PG dep is enabled */ -}} +{{- if and (.Values.postgresql.enabled) (index .Values "postgresql-ha" "enabled") -}} + {{- fail "Only one of postgresql or postgresql-ha can be enabled at the same time." -}} +{{- end }} + {{- /* multiple replicas assertions */ -}} {{- if gt .Values.replicaCount 1.0 -}} {{- if .Values.gitea.config.cron.GIT_GC_REPOS -}} @@ -24,10 +30,11 @@ stringData: {{- fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'GIT_GC_REPOS.enabled = false'." -}} {{- end }} {{- end }} + {{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}} {{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}} {{- end }} - + {{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}} {{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}} {{- end }} From 478fd6044e971d3c991e34fa449201397c2f5ea8 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sat, 22 Jul 2023 14:06:08 +0200 Subject: [PATCH 040/114] add minimal config example --- README.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/README.md b/README.md index 4fc4bb8..5354701 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,7 @@ - [High Availability](#high-availability) - [Configuration](#configuration) - [Default Configuration](#default-configuration) + - [Minimal Configuration](#minimal-configuration) - [Additional _app.ini_ settings](#additional-appini-settings) - [External Database](#external-database) - [Ports and external url](#ports-and-external-url) @@ -166,6 +167,36 @@ The Prometheus `/metrics` endpoint is disabled by default. ENABLED = false ``` +### Minimal Configuration + +For a minimal installation, i.e. without HA dependencies and using the built-in SQLITE DB instead of Postgres, the following configuration can be used: + +```yaml +redis-cluster: + enabled: false +postgresql: + enabled: false +postgresql-ha: + enabled: false + +persistence: + enabled: false + +gitea: + config: + database: + DB_TYPE: sqlite3 + session: + PROVIDER: memory + cache: + ADAPTER: memory + queue: + TYPE: level +``` + +This will result in a single-pod Gitea instance without any dependencies and persistence. +Do not use this configuration for production use. + ### Additional _app.ini_ settings > **The [generic](https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default) From 1ea6cb4633c2e01d02dc910bcb67d7710842abc7 Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 31 Jul 2023 09:04:23 +0200 Subject: [PATCH 041/114] 1.20.2 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 450d979..47a4066 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.20.1 +appVersion: 1.20.2 icon: https://docs.gitea.io/images/gitea.png keywords: From 5e148748ce241ef11c9fe5649bdeac27fc7c8121 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Thu, 3 Aug 2023 07:25:52 +0000 Subject: [PATCH 042/114] Update documentations link to new addresses and some other links update (#482) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/482 Reviewed-by: pat-s Co-authored-by: Lunny Xiao Co-committed-by: Lunny Xiao --- .gitea/workflows/release-version.yml | 2 +- Chart.yaml | 2 +- README.md | 20 ++++++++++++-------- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 239cd37..c9cb40f 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -39,7 +39,7 @@ jobs: mkdir gitea mv gitea*.tgz gitea/ curl -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml - helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml + helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml - name: aws credential configure uses: https://github.com/aws-actions/configure-aws-credentials@v2 diff --git a/Chart.yaml b/Chart.yaml index 47a4066..672dc4b 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -4,7 +4,7 @@ description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 appVersion: 1.20.2 -icon: https://docs.gitea.io/images/gitea.png +icon: https://gitea.com/assets/img/logo.svg keywords: - git diff --git a/README.md b/README.md index 5354701..6881e51 100644 --- a/README.md +++ b/README.md @@ -7,8 +7,12 @@ - [High Availability](#high-availability) - [Configuration](#configuration) - [Default Configuration](#default-configuration) + - [Database defaults](#database-defaults) + - [Server defaults](#server-defaults) + - [Metrics defaults](#metrics-defaults) - [Minimal Configuration](#minimal-configuration) - [Additional _app.ini_ settings](#additional-appini-settings) + - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini) - [External Database](#external-database) - [Ports and external url](#ports-and-external-url) - [ClusterIP](#clusterip) @@ -46,7 +50,7 @@ - [Contributing](#contributing) - [Upgrading](#upgrading) -[Gitea](https://gitea.io/en-us/) is a community managed lightweight code hosting solution written in Go. +[Gitea](https://gitea.com) is a community managed lightweight code hosting solution written in Go. It is published under the MIT license. ## Introduction @@ -84,7 +88,7 @@ Dependencies: ## Installing ```sh -helm repo add gitea-charts https://dl.gitea.io/charts/ +helm repo add gitea-charts https://dl.gitea.com/charts/ helm repo update helm install gitea gitea-charts/gitea ``` @@ -104,7 +108,7 @@ See the [HA Setup](docs/ha-setup.md) document for more details. ## Configuration Gitea offers lots of configuration options. -This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/). +This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.com/administration/config-cheat-sheet). ```yaml gitea: @@ -199,7 +203,7 @@ Do not use this configuration for production use. ### Additional _app.ini_ settings -> **The [generic](https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default) +> **The [generic](https://docs.gitea.com/administration/config-cheat-sheet#overall-default) > section cannot be defined that way.** Some settings inside _app.ini_ (like passwords or whole authentication configurations) must be considered sensitive and therefore should not be passed via plain text inside the _values.yaml_ file. @@ -286,7 +290,7 @@ Priority (highest to lowest) for defining app.ini variables: ### External Database -Any external database listed in [https://docs.gitea.io/en-us/database-prep/](https://docs.gitea.io/en-us/database-prep/) can be used instead of the built-in PostgreSQL. +Any external database listed in [https://docs.gitea.com/installation/database-prep](https://docs.gitea.com/installation/database-prep) can be used instead of the built-in PostgreSQL. In fact, it is **highly recommended** to use an external database to ensure a stable Gitea installation longterm. If an external database is used, no matter which type, make sure to set `postgresql.enabled` to `false` to disable the use of the built-in PostgreSQL. @@ -456,7 +460,7 @@ gitea: ### LDAP Settings Like the admin user the LDAP settings can be updated. -All LDAP values from are available. +All LDAP values from are available. Multiple LDAP sources can be configured with additional LDAP list items. @@ -511,7 +515,7 @@ Affected options: Like the admin user, OAuth2 settings can be updated and disabled but not deleted. Deleting OAuth2 settings has to be done in the ui. -All OAuth2 values, which are documented [here](https://docs.gitea.io/en-us/command-line/#admin), are +All OAuth2 values, which are documented [here](https://docs.gitea.com/administration/command-line#admin), are available. Multiple OAuth2 sources can be configured with additional OAuth list items. @@ -589,7 +593,7 @@ signing: ``` To use the gpg key, Gitea needs to be configured accordingly. -A detailed description can be found in the [official Gitea documentation](https://docs.gitea.io/en-us/signing/#general-configuration). +A detailed description can be found in the [official Gitea documentation](https://docs.gitea.com/administration/signing#general-configuration). ## Metrics and profiling From 9e00bff9bd629f18573b1c059187db31b85f253c Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 21 Aug 2023 16:27:02 +0200 Subject: [PATCH 043/114] add upgrade note WRT to rootless image switch --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 6881e51..8ad2717 100644 --- a/README.md +++ b/README.md @@ -1009,6 +1009,11 @@ If you are coming from an existing deployment and [#356](https://gitea.com/gitea CONN_STR: redis+cluster://:gitea@gitea-redis-cluster-headless..svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& ``` + +**Switch to rootless image by default** +If you are facing errors like `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED` due to this automatic transition: +Have a look at [this discussion](https://gitea.com/gitea/helm-chart/issues/487#issue-220660) and either set `image.rootless: false` or manually update your `~/.ssh/known_hosts` file(s). + **Transitioning from a RWO to RWX Persistent Volume** From 35fcb41ce2d03b44186cc82d4ea619dc2fcb6f7d Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Mon, 21 Aug 2023 16:07:51 +0000 Subject: [PATCH 044/114] 1.20.3 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 672dc4b..16f1c70 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.20.2 +appVersion: 1.20.3 icon: https://gitea.com/assets/img/logo.svg keywords: From 1331ae5e960004f996017d5832e7f135e51e9daf Mon Sep 17 00:00:00 2001 From: pat-s Date: Sun, 27 Aug 2023 12:05:56 +0000 Subject: [PATCH 045/114] Fix GIT_GC_CHECK for multiple replicas (#490) ### Benefits Asserting the value existence failed previously. ### Applicable issues fixes #488 ### Additional information No unit tests possible as value is parsed as a secret and then into `app.ini`. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/490 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- templates/gitea/config.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 3f8b7e6..1c7ab1d 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -25,10 +25,8 @@ stringData: {{- /* multiple replicas assertions */ -}} {{- if gt .Values.replicaCount 1.0 -}} - {{- if .Values.gitea.config.cron.GIT_GC_REPOS -}} - {{- if .Values.gitea.config.cron.GIT_GC_REPOS.enabled -}} - {{- fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'GIT_GC_REPOS.enabled = false'." -}} - {{- end }} + {{- if (get (get .Values.gitea.config "cron.GIT_GC_REPOS") "ENABLED") -}} + {{- fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." -}} {{- end }} {{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}} From 7604d5606f6ecaa24b514cedb5ec85f069d3ee2d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 30 Aug 2023 06:42:34 +0000 Subject: [PATCH 046/114] Configure Renovate (#492) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Welcome to [Renovate](https://github.com/renovatebot/renovate)! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin. 🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged. --- ### Detected Package Files * `values.yaml` (helm-values) * `Chart.yaml` (helmv3) * `package.json` (npm) ### What to Expect With your current configuration, Renovate will create 6 Pull Requests:
Update dependency @​bitnami/readme-generator-for-helm to v2.5.1 - Schedule: ["at any time"] - Branch name: `renovate/bitnami-readme-generator-for-helm-2.x-lockfile` - Merge into: `main` - Upgrade [@bitnami/readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) to `2.5.1`
Update dependency markdownlint-cli to ^0.35.0 - Schedule: ["at any time"] - Branch name: `renovate/markdownlint-cli-0.x` - Merge into: `main` - Upgrade [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli) to `^0.35.0`
Update postgresql Docker tag to v12.10.0 - Schedule: ["at any time"] - Branch name: `renovate/postgresql-12.x` - Merge into: `main` - Upgrade postgresql to `12.10.0`
Update postgresql-ha Docker tag to v11.9.0 - Schedule: ["at any time"] - Branch name: `renovate/postgresql-ha-11.x` - Merge into: `main` - Upgrade postgresql-ha to `11.9.0`
Update redis-cluster Docker tag to v8.8.2 - Schedule: ["at any time"] - Branch name: `renovate/redis-cluster-8.x` - Merge into: `main` - Upgrade redis-cluster to `8.8.2`
Update redis-cluster Docker tag to v9 - Schedule: ["at any time"] - Branch name: `renovate/redis-cluster-9.x` - Merge into: `main` - Upgrade redis-cluster to `9.0.1`

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for `prhourlylimit` for details. --- ❓ Got questions? Check out Renovate's [Docs](https://docs.renovatebot.com/), particularly the Getting Started section. If you need any further assistance then you can also [request help here](https://github.com/renovatebot/renovate/discussions). --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/492 Reviewed-by: Jason Song Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- renovate.json | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 renovate.json diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..7190a60 --- /dev/null +++ b/renovate.json @@ -0,0 +1,3 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json" +} From ff83bab0e22f3643bef5721ca71c317372a5aaee Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 30 Aug 2023 07:04:59 +0000 Subject: [PATCH 047/114] Update dependency @bitnami/readme-generator-for-helm to v2.5.1 (#493) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [@bitnami/readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) | devDependencies | patch | [`2.5.0` -> `2.5.1`](https://renovatebot.com/diffs/npm/@bitnami%2freadme-generator-for-helm/2.5.0/2.5.1) | :warning: Release Notes retrieval for this PR were skipped because no github.com credentials were available. If you are self-hosted, please see [this instruction](https://github.com/renovatebot/renovate/blob/master/docs/usage/examples/self-hosting.md#githubcom-token-for-release-notes). --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/493 Reviewed-by: pat-s Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- package-lock.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index ffd22d5..182b98c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7,7 +7,7 @@ "name": "gitea-helm-chart", "license": "MIT", "devDependencies": { - "@bitnami/readme-generator-for-helm": "^2.5.0", + "@bitnami/readme-generator-for-helm": "^2.5.1", "markdownlint-cli": "^0.34.0" }, "engines": { @@ -16,9 +16,9 @@ } }, "node_modules/@bitnami/readme-generator-for-helm": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.5.0.tgz", - "integrity": "sha512-bYggL/kWwyxjctSrIBMOcrTQSj8LA3yYcEzfGTJIFoHKl5M7ifZtox//8G5K3FTw6qdOnPZcA10fl2y4N6uB/g==", + "version": "2.5.1", + "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.5.1.tgz", + "integrity": "sha512-LRSq43HwfgmTJZ4rwpXHf6d7DGnY+j2BtgVlc2hPqfRtqj36NRYl83Zv9WjRGvwF8Zr6Iwa1AgvewiAxdWlMzg==", "dev": true, "dependencies": { "commander": "^7.1.0", From 3dd6632c5f81465c15bba8dfc7c315e2bb677b4d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 30 Aug 2023 07:14:45 +0000 Subject: [PATCH 048/114] Update dependency markdownlint-cli to ^0.35.0 (#494) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli) | devDependencies | minor | [`^0.34.0` -> `^0.35.0`](https://renovatebot.com/diffs/npm/markdownlint-cli/0.34.0/0.35.0) | :warning: Release Notes retrieval for this PR were skipped because no github.com credentials were available. If you are self-hosted, please see [this instruction](https://github.com/renovatebot/renovate/blob/master/docs/usage/examples/self-hosting.md#githubcom-token-for-release-notes). --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [x] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/494 Reviewed-by: pat-s Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- package-lock.json | 60 +++++++++++++++++++++++------------------------ package.json | 2 +- 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/package-lock.json b/package-lock.json index 182b98c..9ce16b3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,7 +8,7 @@ "license": "MIT", "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.1", - "markdownlint-cli": "^0.34.0" + "markdownlint-cli": "^0.35.0" }, "engines": { "node": ">=16.0.0", @@ -399,39 +399,39 @@ } }, "node_modules/markdownlint": { - "version": "0.28.2", - "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.28.2.tgz", - "integrity": "sha512-yYaQXoKKPV1zgrFsyAuZPEQoe+JrY9GDag9ObKpk09twx4OCU5lut+0/kZPrQ3W7w82SmgKhd7D8m34aG1unVw==", + "version": "0.29.0", + "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.29.0.tgz", + "integrity": "sha512-ASAzqpODstu/Qsk0xW5BPgWnK/qjpBQ4e7IpsSvvFXcfYIjanLTdwFRJK1SIEEh0fGSMKXcJf/qhaZYHyME0wA==", "dev": true, "dependencies": { "markdown-it": "13.0.1", - "markdownlint-micromark": "0.1.2" + "markdownlint-micromark": "0.1.5" }, "engines": { - "node": ">=14.18.0" + "node": ">=16" } }, "node_modules/markdownlint-cli": { - "version": "0.34.0", - "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.34.0.tgz", - "integrity": "sha512-4G9I++VBTZkaye6Yfc/7dU6HQHcyldZEVB+bYyQJLcpJOHKk/q5ZpGqK80oKMIdlxzsA3aWOJLZ4DkoaoUWXbQ==", + "version": "0.35.0", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.35.0.tgz", + "integrity": "sha512-lVIIIV1MrUtjoocgDqXLxUCxlRbn7Ve8rsWppfwciUNwLlNS28AhNiyQ3PU7jjj4Qvj+rWTTvwkqg7AcdG988g==", "dev": true, "dependencies": { - "commander": "~10.0.1", + "commander": "~11.0.0", "get-stdin": "~9.0.0", - "glob": "~10.2.2", + "glob": "~10.2.7", "ignore": "~5.2.4", "js-yaml": "^4.1.0", "jsonc-parser": "~3.2.0", - "markdownlint": "~0.28.2", - "minimatch": "~9.0.0", + "markdownlint": "~0.29.0", + "minimatch": "~9.0.1", "run-con": "~1.2.11" }, "bin": { "markdownlint": "markdownlint.js" }, "engines": { - "node": ">=14" + "node": ">=16" } }, "node_modules/markdownlint-cli/node_modules/brace-expansion": { @@ -444,24 +444,24 @@ } }, "node_modules/markdownlint-cli/node_modules/commander": { - "version": "10.0.1", - "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", - "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==", + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-11.0.0.tgz", + "integrity": "sha512-9HMlXtt/BNoYr8ooyjjNRdIilOTkVJXB+GhxMTtOKwk0R4j4lS4NpjuqmRxroBfnfTSHQIHQB7wryHhXarNjmQ==", "dev": true, "engines": { - "node": ">=14" + "node": ">=16" } }, "node_modules/markdownlint-cli/node_modules/glob": { - "version": "10.2.2", - "resolved": "https://registry.npmjs.org/glob/-/glob-10.2.2.tgz", - "integrity": "sha512-Xsa0BcxIC6th9UwNjZkhrMtNo/MnyRL8jGCP+uEwhA5oFOCY1f2s1/oNKY47xQ0Bg5nkjsfAEIej1VeH62bDDQ==", + "version": "10.2.7", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.2.7.tgz", + "integrity": "sha512-jTKehsravOJo8IJxUGfZILnkvVJM/MOfHRs8QcXolVef2zNI9Tqyy5+SeuOAZd3upViEZQLyFpQhYiHLrMUNmA==", "dev": true, "dependencies": { "foreground-child": "^3.1.0", "jackspeak": "^2.0.3", - "minimatch": "^9.0.0", - "minipass": "^5.0.0", + "minimatch": "^9.0.1", + "minipass": "^5.0.0 || ^6.0.2", "path-scurry": "^1.7.0" }, "bin": { @@ -475,9 +475,9 @@ } }, "node_modules/markdownlint-cli/node_modules/minimatch": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.0.tgz", - "integrity": "sha512-0jJj8AvgKqWN05mrwuqi8QYKx1WmYSUoKSxu5Qhs9prezTz10sxAHGNZe9J9cqIJzta8DWsleh2KaVaLl6Ru2w==", + "version": "9.0.3", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.3.tgz", + "integrity": "sha512-RHiac9mvaRw0x3AYRgDC1CxAP7HTcNrrECeA8YYJeWnpo+2Q5CegtZjaotWTWxDG3UeGA1coE05iH1mPjT/2mg==", "dev": true, "dependencies": { "brace-expansion": "^2.0.1" @@ -490,12 +490,12 @@ } }, "node_modules/markdownlint-micromark": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.2.tgz", - "integrity": "sha512-jRxlQg8KpOfM2IbCL9RXM8ZiYWz2rv6DlZAnGv8ASJQpUh6byTBnEsbuMZ6T2/uIgntyf7SKg/mEaEBo1164fQ==", + "version": "0.1.5", + "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.5.tgz", + "integrity": "sha512-HvofNU4QCvfUCWnocQP1IAWaqop5wpWrB0mKB6SSh0fcpV0PdmQNS6tdUuFew1utpYlUvYYzz84oDkrD76GB9A==", "dev": true, "engines": { - "node": ">=14.18.0" + "node": ">=16" } }, "node_modules/mdurl": { diff --git a/package.json b/package.json index 53906d2..49c991d 100644 --- a/package.json +++ b/package.json @@ -14,6 +14,6 @@ }, "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.34.0" + "markdownlint-cli": "^0.35.0" } } From 22872112cd159b577acc2ec820230a42acc6877b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 31 Aug 2023 11:35:23 +0000 Subject: [PATCH 049/114] Update postgresql-ha Docker tag to v11.9.0 (#496) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | postgresql-ha | minor | `11.7.9` -> `11.9.0` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Co-authored-by: techknowlogick Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/496 Reviewed-by: pat-s Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 16f1c70..5fc5b00 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -41,7 +41,7 @@ dependencies: # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml) - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.7.9 + version: 11.9.0 condition: postgresql-ha.enabled # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml) - name: redis-cluster From 3276f1e76dfe846cc0c743f0278e732b998b1137 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 31 Aug 2023 11:35:49 +0000 Subject: [PATCH 050/114] Update postgresql Docker tag to v12.10.0 (#495) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | postgresql | minor | `12.6.6` -> `12.10.0` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Co-authored-by: techknowlogick Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/495 Reviewed-by: pat-s Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 5fc5b00..af193b0 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -36,7 +36,7 @@ dependencies: # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml) - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.6.6 + version: 12.10.0 condition: postgresql.enabled # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml) - name: postgresql-ha From 1550f9b4e09d9141a20f6a58a345ae59c64d0f3a Mon Sep 17 00:00:00 2001 From: tobiasbp Date: Thu, 31 Aug 2023 17:07:45 +0000 Subject: [PATCH 051/114] Quote values for ingress annotations as discussed in #483 (#497) Quote all values for Ingress annotations as discussed in https://gitea.com/gitea/helm-chart/issues/483 Annotations are currently not quoted, and can not be set to non-string values using the _--set_ with _helm_ (see examples in issue). Annotations for ingress-nginx MUST be quoted: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#annotations ``` !!! tip Annotation keys and values can only be strings. Other types, such as boolean or numeric values must be quoted, i.e. "true", "false", "100". ``` Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/497 Reviewed-by: pat-s Co-authored-by: tobiasbp Co-committed-by: tobiasbp --- templates/gitea/ingress.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml index 224e777..12100a6 100644 --- a/templates/gitea/ingress.yaml +++ b/templates/gitea/ingress.yaml @@ -15,10 +15,10 @@ metadata: name: {{ $fullName }} labels: {{- include "gitea.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} annotations: - {{- toYaml . | nindent 4 }} - {{- end }} + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} spec: {{- if .Values.ingress.className }} ingressClassName: {{ .Values.ingress.className }} From 30000677d7e2c41992a4be5ed5899667aca79af3 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 31 Aug 2023 19:12:49 +0200 Subject: [PATCH 052/114] update chart.lock --- Chart.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 44d920b..4292b72 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.6.6 + version: 12.10.0 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.7.9 + version: 11.9.0 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 8.6.9 -digest: sha256:52296a48610712a8eb69a32b1b5818b014bfb8dac79d883e11ebdaf97d41e85d -generated: "2023-07-17T21:24:06.888357+02:00" +digest: sha256:57053e05cac377167dea0f1beb6d98458f2d3789d2f57eeb8f2c54af4bb8ba60 +generated: "2023-08-31T19:12:23.741539+02:00" From 28bd87b5a98b6615bc54be8128160e9d27e97fc0 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Tue, 5 Sep 2023 08:35:29 +0200 Subject: [PATCH 053/114] Use modern renovate.json5 file Signed-off-by: justusbunsi --- renovate.json => renovate.json5 | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename renovate.json => renovate.json5 (100%) diff --git a/renovate.json b/renovate.json5 similarity index 100% rename from renovate.json rename to renovate.json5 From 0d9d6bcbb28984a346daa65b49f3a42c8eb21ba1 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Tue, 5 Sep 2023 08:43:24 +0200 Subject: [PATCH 054/114] Extends centralized renovate configuration Signed-off-by: justusbunsi --- renovate.json5 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index 7190a60..b099f0b 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -1,3 +1,4 @@ { - "$schema": "https://docs.renovatebot.com/renovate-schema.json" + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["gitea>gitea/renovate-config"], } From 07fe17caf44401eb1da9dd364373030590bbc621 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 5 Sep 2023 07:15:49 +0000 Subject: [PATCH 055/114] chore(deps): update postgresql-ha docker tag to v11.9.2 (#499) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [postgresql-ha](https://github.com/bitnami/charts) | patch | `11.9.0` -> `11.9.2` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/499 Reviewed-by: pat-s Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index af193b0..da05517 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -41,7 +41,7 @@ dependencies: # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml) - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.0 + version: 11.9.2 condition: postgresql-ha.enabled # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml) - name: redis-cluster From 054ee87a8c383f813e01d086182e0916bbe37ec6 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 5 Sep 2023 07:16:15 +0000 Subject: [PATCH 056/114] chore(deps): update dependency markdownlint-cli to ^0.36.0 (#500) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli) | devDependencies | minor | [`^0.35.0` -> `^0.36.0`](https://renovatebot.com/diffs/npm/markdownlint-cli/0.35.0/0.36.0) | --- ### Release Notes
igorshubovych/markdownlint-cli (markdownlint-cli) ### [`v0.36.0`](https://github.com/igorshubovych/markdownlint-cli/releases/tag/v0.36.0): 0.36.0 [Compare Source](https://github.com/igorshubovych/markdownlint-cli/compare/v0.35.0...v0.36.0) - Update `markdownlint` dependency to `0.30.0` - Use `micromark` in MD022/MD026/MD032/MD037/MD045/MD051 - Incorporate `micromark-extension-math` for math syntax - Allow custom rules to override information URL - Update all dependencies via `Dependabot`
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/500 Reviewed-by: pat-s Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- package-lock.json | 70 +++++++++++++++++++++++------------------------ package.json | 2 +- 2 files changed, 36 insertions(+), 36 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9ce16b3..7b58d1e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7,8 +7,8 @@ "name": "gitea-helm-chart", "license": "MIT", "devDependencies": { - "@bitnami/readme-generator-for-helm": "^2.5.1", - "markdownlint-cli": "^0.35.0" + "@bitnami/readme-generator-for-helm": "^2.5.0", + "markdownlint-cli": "^0.36.0" }, "engines": { "node": ">=16.0.0", @@ -286,12 +286,12 @@ "dev": true }, "node_modules/ini": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/ini/-/ini-3.0.1.tgz", - "integrity": "sha512-it4HyVAUTKBc6m8e1iXWvXSTdndF7HbdN713+kvLrymxTaU4AUBWrJ4vEooP+V7fexnVD3LKcBshjGGPefSMUQ==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/ini/-/ini-4.1.1.tgz", + "integrity": "sha512-QQnnxNyfvmHFIsj7gkPcYymR8Jdw/o7mp5ZFihxn6h8Ci6fh3Dx4E1gPjpQEpIuPo9XVNY/ZUwh4BPMjGyL01g==", "dev": true, "engines": { - "node": "^12.13.0 || ^14.15.0 || >=16.0.0" + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" } }, "node_modules/is-fullwidth-code-point": { @@ -399,33 +399,33 @@ } }, "node_modules/markdownlint": { - "version": "0.29.0", - "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.29.0.tgz", - "integrity": "sha512-ASAzqpODstu/Qsk0xW5BPgWnK/qjpBQ4e7IpsSvvFXcfYIjanLTdwFRJK1SIEEh0fGSMKXcJf/qhaZYHyME0wA==", + "version": "0.30.0", + "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.30.0.tgz", + "integrity": "sha512-nInuFvI/rEzanAOArW5490Ez4EYpB5ODqVM0mcDYCPx9DKJWCQqCgejjiCvbSeE7sjbDscVtZmwr665qpF5xGA==", "dev": true, "dependencies": { "markdown-it": "13.0.1", - "markdownlint-micromark": "0.1.5" + "markdownlint-micromark": "0.1.7" }, "engines": { "node": ">=16" } }, "node_modules/markdownlint-cli": { - "version": "0.35.0", - "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.35.0.tgz", - "integrity": "sha512-lVIIIV1MrUtjoocgDqXLxUCxlRbn7Ve8rsWppfwciUNwLlNS28AhNiyQ3PU7jjj4Qvj+rWTTvwkqg7AcdG988g==", + "version": "0.36.0", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.36.0.tgz", + "integrity": "sha512-h4WdqOam3+QOVOcJSOQuG8KvvN8dlS0OiJhbPwYWBk7VMZR40UtSSMIOpSP5B4EHPHg3W3ILSQUvqg1HNpTCxA==", "dev": true, "dependencies": { "commander": "~11.0.0", "get-stdin": "~9.0.0", - "glob": "~10.2.7", + "glob": "~10.3.4", "ignore": "~5.2.4", "js-yaml": "^4.1.0", "jsonc-parser": "~3.2.0", - "markdownlint": "~0.29.0", - "minimatch": "~9.0.1", - "run-con": "~1.2.11" + "markdownlint": "~0.30.0", + "minimatch": "~9.0.3", + "run-con": "~1.3.2" }, "bin": { "markdownlint": "markdownlint.js" @@ -453,16 +453,16 @@ } }, "node_modules/markdownlint-cli/node_modules/glob": { - "version": "10.2.7", - "resolved": "https://registry.npmjs.org/glob/-/glob-10.2.7.tgz", - "integrity": "sha512-jTKehsravOJo8IJxUGfZILnkvVJM/MOfHRs8QcXolVef2zNI9Tqyy5+SeuOAZd3upViEZQLyFpQhYiHLrMUNmA==", + "version": "10.3.4", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.4.tgz", + "integrity": "sha512-6LFElP3A+i/Q8XQKEvZjkEWEOTgAIALR9AO2rwT8bgPhDd1anmqDJDZ6lLddI4ehxxxR1S5RIqKe1uapMQfYaQ==", "dev": true, "dependencies": { "foreground-child": "^3.1.0", "jackspeak": "^2.0.3", "minimatch": "^9.0.1", - "minipass": "^5.0.0 || ^6.0.2", - "path-scurry": "^1.7.0" + "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0", + "path-scurry": "^1.10.1" }, "bin": { "glob": "dist/cjs/src/bin.js" @@ -490,9 +490,9 @@ } }, "node_modules/markdownlint-micromark": { - "version": "0.1.5", - "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.5.tgz", - "integrity": "sha512-HvofNU4QCvfUCWnocQP1IAWaqop5wpWrB0mKB6SSh0fcpV0PdmQNS6tdUuFew1utpYlUvYYzz84oDkrD76GB9A==", + "version": "0.1.7", + "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.7.tgz", + "integrity": "sha512-BbRPTC72fl5vlSKv37v/xIENSRDYL/7X/XoFzZ740FGEbs9vZerLrIkFRY0rv7slQKxDczToYuMmqQFN61fi4Q==", "dev": true, "engines": { "node": ">=16" @@ -562,13 +562,13 @@ } }, "node_modules/path-scurry": { - "version": "1.7.0", - "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.7.0.tgz", - "integrity": "sha512-UkZUeDjczjYRE495+9thsgcVgsaCPkaw80slmfVFgllxY+IO8ubTsOpFVjDPROBqJdHfVPUFRHPBV/WciOVfWg==", + "version": "1.10.1", + "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.1.tgz", + "integrity": "sha512-MkhCqzzBEpPvxxQ71Md0b1Kk51W01lrYvlMzSUaIzNsODdd7mqhiimSZlr+VegAz5Z6Vzt9Xg2ttE//XBhH3EQ==", "dev": true, "dependencies": { - "lru-cache": "^9.0.0", - "minipass": "^5.0.0" + "lru-cache": "^9.1.1 || ^10.0.0", + "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" }, "engines": { "node": ">=16 || 14 >=14.17" @@ -587,14 +587,14 @@ } }, "node_modules/run-con": { - "version": "1.2.11", - "resolved": "https://registry.npmjs.org/run-con/-/run-con-1.2.11.tgz", - "integrity": "sha512-NEMGsUT+cglWkzEr4IFK21P4Jca45HqiAbIIZIBdX5+UZTB24Mb/21iNGgz9xZa8tL6vbW7CXmq7MFN42+VjNQ==", + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/run-con/-/run-con-1.3.2.tgz", + "integrity": "sha512-CcfE+mYiTcKEzg0IqS08+efdnH0oJ3zV0wSUFBNrMHMuxCtXvBCLzCJHatwuXDcu/RlhjTziTo/a1ruQik6/Yg==", "dev": true, "dependencies": { "deep-extend": "^0.6.0", - "ini": "~3.0.0", - "minimist": "^1.2.6", + "ini": "~4.1.0", + "minimist": "^1.2.8", "strip-json-comments": "~3.1.1" }, "bin": { diff --git a/package.json b/package.json index 49c991d..e4034e1 100644 --- a/package.json +++ b/package.json @@ -14,6 +14,6 @@ }, "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.35.0" + "markdownlint-cli": "^0.36.0" } } From 74fef7e4c63373f0c1ee2a84756ce27cc0074a96 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 6 Sep 2023 03:29:23 +0000 Subject: [PATCH 057/114] chore(deps): update redis-cluster docker tag to v8.8.2 (#503) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [redis-cluster](https://github.com/bitnami/charts) | minor | `8.6.9` -> `8.8.2` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/503 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 8 ++++---- Chart.yaml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Chart.lock b/Chart.lock index 4292b72..2e49552 100644 --- a/Chart.lock +++ b/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 12.10.0 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.0 + version: 11.9.2 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 8.6.9 -digest: sha256:57053e05cac377167dea0f1beb6d98458f2d3789d2f57eeb8f2c54af4bb8ba60 -generated: "2023-08-31T19:12:23.741539+02:00" + version: 8.8.2 +digest: sha256:5544edad468242057ee287712f196453f7de3e3ff9b3f5858a0f95ab3b5983c7 +generated: "2023-09-05T16:21:13.411638065Z" diff --git a/Chart.yaml b/Chart.yaml index da05517..5412535 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -46,5 +46,5 @@ dependencies: # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml) - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 8.6.9 + version: 8.8.2 condition: redis-cluster.enabled From 38776e2b51910782a0451ce5b851a40800b27944 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 7 Sep 2023 02:23:12 +0000 Subject: [PATCH 058/114] chore(deps): update postgresql docker tag to v12.10.1 (#505) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [postgresql](https://github.com/bitnami/charts) | patch | `12.10.0` -> `12.10.1` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/505 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 2e49552..d35747b 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.10.0 + version: 12.10.1 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts version: 11.9.2 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 8.8.2 -digest: sha256:5544edad468242057ee287712f196453f7de3e3ff9b3f5858a0f95ab3b5983c7 -generated: "2023-09-05T16:21:13.411638065Z" +digest: sha256:a9506ea21ff576b301fd9d16a240a55d86ca2d5bbe20ec0fd78272c855786f7f +generated: "2023-09-07T00:03:27.653856865Z" diff --git a/Chart.yaml b/Chart.yaml index 5412535..c6afb71 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -36,7 +36,7 @@ dependencies: # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml) - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.10.0 + version: 12.10.1 condition: postgresql.enabled # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml) - name: postgresql-ha From eb1391638680bf9a301954a87f01357cf8e80050 Mon Sep 17 00:00:00 2001 From: pat-s Date: Fri, 8 Sep 2023 15:03:50 +0200 Subject: [PATCH 059/114] Gitea 1.20.4 --- Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index c6afb71..191cae1 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.20.3 +appVersion: 1.20.4 icon: https://gitea.com/assets/img/logo.svg keywords: @@ -33,17 +33,17 @@ maintainers: # Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details dependencies: - # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml) + #https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts version: 12.10.1 condition: postgresql.enabled - # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml) + # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts version: 11.9.2 condition: postgresql-ha.enabled - # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml) + # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 8.8.2 From 88d0f132d14ef85aa83bb2d3bfc8dfa5094c0b9c Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Fri, 8 Sep 2023 18:10:31 +0000 Subject: [PATCH 060/114] pin docker digests --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index b099f0b..09d21fb 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -1,4 +1,4 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": ["gitea>gitea/renovate-config"], + "extends": ["gitea>gitea/renovate-config","docker:pinDigests"], } From 95d5fb209b1c67415058a49171a95421efe27d8b Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Sat, 9 Sep 2023 14:11:47 +0000 Subject: [PATCH 061/114] Disable Docker digest pinning (#508) As per conversation in Discord. https://docs.renovatebot.com/configuration-options/#pindigests Signed-off-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/508 Reviewed-by: techknowlogick Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index 09d21fb..b099f0b 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -1,4 +1,4 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": ["gitea>gitea/renovate-config","docker:pinDigests"], + "extends": ["gitea>gitea/renovate-config"], } From 0e5bccd73220834f9d868b3075f9c119a3090e27 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sat, 9 Sep 2023 15:36:19 +0000 Subject: [PATCH 062/114] Add support for `image.digest` (#444) fix #398 Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/444 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 1 + templates/_helpers.tpl | 13 +++- unittests/deployment/image-configuration.yaml | 78 +++++++++++++++++++ values.yaml | 2 + 4 files changed, 90 insertions(+), 4 deletions(-) create mode 100644 unittests/deployment/image-configuration.yaml diff --git a/README.md b/README.md index 8ad2717..37e57ff 100644 --- a/README.md +++ b/README.md @@ -719,6 +719,7 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | `image.registry` | image registry, e.g. gcr.io,docker.io | `""` | | `image.repository` | Image to start for this pod | `gitea/gitea` | | `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` | +| `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | | `image.pullPolicy` | Image pull policy | `Always` | | `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` | | `imagePullSecrets` | Secret to use for pulling the image | `[]` | diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 2dad930..565f335 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -57,13 +57,18 @@ Create image name and tag used by the deployment. */}} {{- define "gitea.image" -}} {{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}} -{{- $name := .Values.image.repository -}} +{{- $repository := .Values.image.repository -}} +{{- $separator := ":" -}} {{- $tag := .Values.image.tag | default .Chart.AppVersion -}} {{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}} -{{- if $registry -}} - {{- printf "%s/%s:%s%s" $registry $name $tag $rootless -}} +{{- $digest := "" -}} +{{- if .Values.image.digest }} + {{- $digest = (printf "@%s" (.Values.image.digest | toString)) -}} +{{- end -}} +{{- if $registry }} + {{- printf "%s/%s%s%s%s%s" $registry $repository $separator $tag $rootless $digest -}} {{- else -}} - {{- printf "%s:%s%s" $name $tag $rootless -}} + {{- printf "%s%s%s%s%s" $repository $separator $tag $rootless $digest -}} {{- end -}} {{- end -}} diff --git a/unittests/deployment/image-configuration.yaml b/unittests/deployment/image-configuration.yaml new file mode 100644 index 0000000..cdfd73a --- /dev/null +++ b/unittests/deployment/image-configuration.yaml @@ -0,0 +1,78 @@ +suite: deployment template (image configuration) +release: + name: gitea-unittests + namespace: testing +chart: + # Override appVersion to be consistent with used digest :) + appVersion: 1.19.3 +templates: + - templates/gitea/deployment.yaml + - templates/gitea/config.yaml +tests: + - it: default values + template: templates/gitea/deployment.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "gitea/gitea:1.19.3-rootless" + - it: tag override + template: templates/gitea/deployment.yaml + set: + image.tag: "1.19.4" + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "gitea/gitea:1.19.4-rootless" + - it: root-based image + template: templates/gitea/deployment.yaml + set: + image.rootless: false + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "gitea/gitea:1.19.3" + - it: scoped registry + template: templates/gitea/deployment.yaml + set: + image.registry: "example.com" + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "example.com/gitea/gitea:1.19.3-rootless" + - it: global registry + template: templates/gitea/deployment.yaml + set: + global.imageRegistry: "global.example.com" + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "global.example.com/gitea/gitea:1.19.3-rootless" + - it: digest for rootless image + template: templates/gitea/deployment.yaml + set: + image: + rootless: true + digest: sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "gitea/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" + - it: digest for root-based image + template: templates/gitea/deployment.yaml + set: + image: + rootless: false + digest: sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "gitea/gitea:1.19.3@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" + - it: digest and global registry + template: templates/gitea/deployment.yaml + set: + global.imageRegistry: "global.example.com" + image.digest: "sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "global.example.com/gitea/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" diff --git a/values.yaml b/values.yaml index c33e243..34c859d 100644 --- a/values.yaml +++ b/values.yaml @@ -40,6 +40,7 @@ clusterDomain: cluster.local ## @param image.registry image registry, e.g. gcr.io,docker.io ## @param image.repository Image to start for this pod ## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. +## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` ## @param image.pullPolicy Image pull policy ## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher image: @@ -47,6 +48,7 @@ image: repository: gitea/gitea # Overrides the image tag whose default is the chart appVersion. tag: "" + digest: "" pullPolicy: Always rootless: true From 779563141db9e1fdcca60e8fee81d6464c5aea37 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 13 Sep 2023 07:48:55 +0000 Subject: [PATCH 063/114] chore(deps): update redis-cluster docker tag to v9 (#504) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [redis-cluster](https://github.com/bitnami/charts) | major | `8.8.2` -> `9.0.4` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/504 Reviewed-by: pat-s Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index d35747b..c3f5f53 100644 --- a/Chart.lock +++ b/Chart.lock @@ -7,6 +7,6 @@ dependencies: version: 11.9.2 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 8.8.2 -digest: sha256:a9506ea21ff576b301fd9d16a240a55d86ca2d5bbe20ec0fd78272c855786f7f -generated: "2023-09-07T00:03:27.653856865Z" + version: 9.0.4 +digest: sha256:eaa681df119bef7ef7973d8b13eea28e03c86e72c25a03648e4fc0d4b603ff6e +generated: "2023-09-12T00:03:47.823115644Z" diff --git a/Chart.yaml b/Chart.yaml index 191cae1..0ae1dcf 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -46,5 +46,5 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 8.8.2 + version: 9.0.4 condition: redis-cluster.enabled From 08c50abba93922cf41649faf149b95a8accd6fe2 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 14 Sep 2023 16:48:36 +0000 Subject: [PATCH 064/114] Update helm deps weekly (#510) As title. This modification should only apply the minor+patch updates for the helm deps of this chart on a weekly basis. Major updates should still come in with the daily renovate runs. Automerge is included but won't work as the bot cannot self-approve it's PRs and does not have merge permissions yet. The only way this might work if we allow the bot to push to a branch only and merge without opening a PR. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/510 Reviewed-by: Lunny Xiao Co-authored-by: pat-s Co-committed-by: pat-s --- renovate.json5 | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/renovate.json5 b/renovate.json5 index b099f0b..52383bb 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -1,4 +1,13 @@ { - "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": ["gitea>gitea/renovate-config"], + $schema: "https://docs.renovatebot.com/renovate-schema.json", + extends: ["gitea>gitea/renovate-config"], + packageRules: [ + { + description: "Automerge minor + patch dependency updates weekly", + matchManagers: ["helm"], + matchUpdateTypes: ["minor", "patch", "digest"], + automerge: true, + schedule: ["weekly"] + }, + ], } From c6887fde0a01cadb32e0cdc188ed620b5229a72c Mon Sep 17 00:00:00 2001 From: pat-s Date: Fri, 15 Sep 2023 09:11:53 +0100 Subject: [PATCH 065/114] fix renovate config --- renovate.json5 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/renovate.json5 b/renovate.json5 index 52383bb..f68b3e1 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -4,10 +4,10 @@ packageRules: [ { description: "Automerge minor + patch dependency updates weekly", - matchManagers: ["helm"], + matchManagers: ["helmv3"], matchUpdateTypes: ["minor", "patch", "digest"], automerge: true, - schedule: ["weekly"] + "extends": ["schedule:weekly"], }, ], } From 453ab0e211fb37cc981d5a324510c44eec2efb3e Mon Sep 17 00:00:00 2001 From: pat-s Date: Fri, 15 Sep 2023 09:12:22 +0100 Subject: [PATCH 066/114] json5 --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index f68b3e1..354914d 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -7,7 +7,7 @@ matchManagers: ["helmv3"], matchUpdateTypes: ["minor", "patch", "digest"], automerge: true, - "extends": ["schedule:weekly"], + extends: ["schedule:weekly"], }, ], } From 5e76871731b0c486351af543ecf8c2119fea57b5 Mon Sep 17 00:00:00 2001 From: Ceddaerrix Date: Fri, 22 Sep 2023 15:09:13 +0000 Subject: [PATCH 067/114] Improving DRY principle support on gitea Ingress host name (#498) ### Description of the change Introducing `tpl` function on variables related to hostname in `./templates/gitea/ingress.yaml` ### Benefits The change is intending to support the following syntax in a values.yaml such as: ``` global: giteaHostName: "gitea.my-org.com" ingress: enabled: true hosts: - host: "{{ .Values.global.giteaHostName }}" paths: - path: / pathType: Prefix tls: - secretName: gitea-tls hosts: - "{{ .Values.global.giteaHostName }}" ``` ### Possible drawbacks N/A ### Applicable issues N/A ### Additional information N/A Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/498 Reviewed-by: justusbunsi Co-authored-by: Ceddaerrix Co-committed-by: Ceddaerrix --- templates/gitea/ingress.yaml | 4 ++-- .../deployment/ingress-configuration.yaml | 23 +++++++++++++++++++ 2 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 unittests/deployment/ingress-configuration.yaml diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml index 12100a6..9991eec 100644 --- a/templates/gitea/ingress.yaml +++ b/templates/gitea/ingress.yaml @@ -28,14 +28,14 @@ spec: {{- range .Values.ingress.tls }} - hosts: {{- range .hosts }} - - {{ . | quote }} + - {{ tpl . $ | quote }} {{- end }} secretName: {{ .secretName }} {{- end }} {{- end }} rules: {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} + - host: {{ tpl .host $ | quote }} http: paths: {{- range .paths }} diff --git a/unittests/deployment/ingress-configuration.yaml b/unittests/deployment/ingress-configuration.yaml new file mode 100644 index 0000000..6a36eb0 --- /dev/null +++ b/unittests/deployment/ingress-configuration.yaml @@ -0,0 +1,23 @@ +suite: ingress template +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/ingress.yaml +tests: + - it: hostname using TPL + set: + global.giteaHostName: "gitea.example.com" + ingress.enabled: true + ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}" + ingress.tls: + - secretName: gitea-tls + hosts: + - "{{ .Values.global.giteaHostName }}" + asserts: + - equal: + path: spec.tls[0].hosts[0] + value: "gitea.example.com" + - equal: + path: spec.rules[0].host + value: "gitea.example.com" From 74cec11931af29b821ef000be3a1a7054c38d2a5 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 24 Sep 2023 17:55:21 +0000 Subject: [PATCH 068/114] chore(deps): update postgresql docker tag to v12.12.5 (#506) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index c3f5f53..5cac592 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.10.1 + version: 12.12.5 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts version: 11.9.2 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 9.0.4 -digest: sha256:eaa681df119bef7ef7973d8b13eea28e03c86e72c25a03648e4fc0d4b603ff6e -generated: "2023-09-12T00:03:47.823115644Z" +digest: sha256:aba0798b2d882a0e44119cc1e586278c3433227d65c37f9035e835ab3c554965 +generated: "2023-09-22T19:18:56.559259773Z" diff --git a/Chart.yaml b/Chart.yaml index 0ae1dcf..963a759 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -36,7 +36,7 @@ dependencies: #https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.10.1 + version: 12.12.5 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha From ffbec41c88c65d2ccc81f8a709a36ad2629a2db2 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 24 Sep 2023 17:58:16 +0000 Subject: [PATCH 069/114] chore(deps): update dependency markdownlint-cli to ^0.37.0 (#517) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- package-lock.json | 22 +++++++++++----------- package.json | 2 +- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/package-lock.json b/package-lock.json index 7b58d1e..61aa8a3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,7 +8,7 @@ "license": "MIT", "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.36.0" + "markdownlint-cli": "^0.37.0" }, "engines": { "node": ">=16.0.0", @@ -399,9 +399,9 @@ } }, "node_modules/markdownlint": { - "version": "0.30.0", - "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.30.0.tgz", - "integrity": "sha512-nInuFvI/rEzanAOArW5490Ez4EYpB5ODqVM0mcDYCPx9DKJWCQqCgejjiCvbSeE7sjbDscVtZmwr665qpF5xGA==", + "version": "0.31.1", + "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.31.1.tgz", + "integrity": "sha512-CKMR2hgcIBrYlIUccDCOvi966PZ0kJExDrUi1R+oF9PvqQmCrTqjOsgIvf2403OmJ+CWomuzDoylr6KbuMyvHA==", "dev": true, "dependencies": { "markdown-it": "13.0.1", @@ -412,9 +412,9 @@ } }, "node_modules/markdownlint-cli": { - "version": "0.36.0", - "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.36.0.tgz", - "integrity": "sha512-h4WdqOam3+QOVOcJSOQuG8KvvN8dlS0OiJhbPwYWBk7VMZR40UtSSMIOpSP5B4EHPHg3W3ILSQUvqg1HNpTCxA==", + "version": "0.37.0", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.37.0.tgz", + "integrity": "sha512-hNKAc0bWBBuVhJbSWbUhRzavstiB4o1jh3JeSpwC4/dt6eJ54lRfYHRxVdzVp4qGWBKbeE6Pg490PFEfrKjqSg==", "dev": true, "dependencies": { "commander": "~11.0.0", @@ -423,7 +423,7 @@ "ignore": "~5.2.4", "js-yaml": "^4.1.0", "jsonc-parser": "~3.2.0", - "markdownlint": "~0.30.0", + "markdownlint": "~0.31.1", "minimatch": "~9.0.3", "run-con": "~1.3.2" }, @@ -453,9 +453,9 @@ } }, "node_modules/markdownlint-cli/node_modules/glob": { - "version": "10.3.4", - "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.4.tgz", - "integrity": "sha512-6LFElP3A+i/Q8XQKEvZjkEWEOTgAIALR9AO2rwT8bgPhDd1anmqDJDZ6lLddI4ehxxxR1S5RIqKe1uapMQfYaQ==", + "version": "10.3.5", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.5.tgz", + "integrity": "sha512-bYUpUD7XDEHI4Q2O5a7PXGvyw4deKR70kHiDxzQbe925wbZknhOzUt2xBgTkYL6RBcVeXYuD9iNYeqoWbBZQnA==", "dev": true, "dependencies": { "foreground-child": "^3.1.0", diff --git a/package.json b/package.json index e4034e1..44ef232 100644 --- a/package.json +++ b/package.json @@ -14,6 +14,6 @@ }, "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.36.0" + "markdownlint-cli": "^0.37.0" } } From c2b0b677c1b555319732d3e4ab195525b04968e2 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 25 Sep 2023 03:41:55 +0000 Subject: [PATCH 070/114] chore(deps): update actions/checkout action to v4 (#509) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/release-version.yml | 2 +- .gitea/workflows/test-pr.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index c9cb40f..f1b6fb8 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -9,7 +9,7 @@ jobs: generate-chart-publish: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: install tools run: | apt update -y diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 7c351cd..74e87bd 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -7,7 +7,7 @@ jobs: check-and-test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: install tools run: | apt update -y From 7a9df83d18e8c8fa86567457086fee1d6885abf1 Mon Sep 17 00:00:00 2001 From: mmalyska Date: Wed, 27 Sep 2023 07:31:52 +0000 Subject: [PATCH 071/114] Update readme with renovate configuration for digest updates (#514) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ### Description of the change Update README with information how to configure renovate to update digest for gitea charts. ### Benefits Automatic digest updates for people using renovate. Co-authored-by: Michał Małyska <999598+mmalyska@users.noreply.github.com> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/514 Reviewed-by: justusbunsi Reviewed-by: pat-s Co-authored-by: mmalyska Co-committed-by: mmalyska --- README.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/README.md b/README.md index 37e57ff..03bed71 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,7 @@ - [Metrics and profiling](#metrics-and-profiling) - [Pod annotations](#pod-annotations) - [Themes](#themes) +- [Renovate](#renovate) - [Parameters](#parameters) - [Global](#global) - [strategy](#strategy) @@ -691,6 +692,34 @@ or natively via `kubectl`: kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --namespace gitea ``` +## Renovate + +To be able to use a digest value which is automatically updated by `Renovate` a [customManager](https://docs.renovatebot.com/modules/manager/regex/) is required. +Here's an examplary `values.yml` definition which makes use of a digest: + +```yaml +image: + repository: gitea/gitea + tag: 1.20.2 + digest: sha256:6e3b85a36653894d6741d0aefb41dfaac39044e028a42e0a520cc05ebd7bfc3f +``` + +By default Renovate adds digest after the `tag`. +To comply with the Gitea helm chart definition of the digest parameter, a "customManagers" definition is required: + +```json +"customManagers": [ + { + "customType": "regex", + "description": "Apply an explicit gitea digest field match", + "fileMatch": ["values\\.ya?ml"], + "matchStrings": ["(?gitea\\/gitea)\\n(?\\s+)tag: (?[^@].*?)\\n\\s+digest: (?sha256:[a-f0-9]+)"], + "datasourceTemplate": "docker", + "autoReplaceStringTemplate": "{{depName}}\n{{indentation}}tag: {{newValue}}\n{{indentation}}digest: {{#if newDigest}}{{{newDigest}}}{{else}}{{{currentDigest}}}{{/if}}" + } +] +``` + ## Parameters ### Global From 1f72352f14fdf66f08b3dc3e0c59672d1c9403d1 Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 27 Sep 2023 09:42:41 +0200 Subject: [PATCH 072/114] renovate: set automergeStrategy --- renovate.json5 | 1 + 1 file changed, 1 insertion(+) diff --git a/renovate.json5 b/renovate.json5 index 354914d..e8bcaaf 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -7,6 +7,7 @@ matchManagers: ["helmv3"], matchUpdateTypes: ["minor", "patch", "digest"], automerge: true, + automergeStrategy: "squash", extends: ["schedule:weekly"], }, ], From 155106594607f57a4558ac1a400ccc93be395c6a Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Tue, 3 Oct 2023 17:40:34 +0000 Subject: [PATCH 073/114] bump to gitea 1.20.5 --- Chart.yaml | 100 ++++++++++++++++++++++++++--------------------------- 1 file changed, 50 insertions(+), 50 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 963a759..c6236c2 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,50 +1,50 @@ -apiVersion: v2 -name: gitea -description: Gitea Helm chart for Kubernetes -type: application -version: 0.0.0 -appVersion: 1.20.4 -icon: https://gitea.com/assets/img/logo.svg - -keywords: - - git - - issue tracker - - code review - - wiki - - gitea - - gogs -sources: - - https://gitea.com/gitea/helm-chart - - https://github.com/go-gitea/gitea - - https://hub.docker.com/r/gitea/gitea/ -maintainers: - - name: Charlie Drage - email: charlie@charliedrage.com - - name: Gitea Authors - email: maintainers@gitea.io - - name: Konrad Lother - email: konrad.lother@novum-rgi.de - - name: Lucas Hahn - email: lucas.hahn@novum-rgi.de - - name: Steven Kriegler - email: sk.bunsenbrenner@gmail.com - - name: Patrick Schratz - email: patrick.schratz@gmail.com - -# Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details -dependencies: - #https://github.com/bitnami/charts/blob/main/bitnami/postgresql - - name: postgresql - repository: oci://registry-1.docker.io/bitnamicharts - version: 12.12.5 - condition: postgresql.enabled - # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - - name: postgresql-ha - repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.2 - condition: postgresql-ha.enabled - # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - - name: redis-cluster - repository: oci://registry-1.docker.io/bitnamicharts - version: 9.0.4 - condition: redis-cluster.enabled +apiVersion: v2 +name: gitea +description: Gitea Helm chart for Kubernetes +type: application +version: 0.0.0 +appVersion: 1.20.5 +icon: https://gitea.com/assets/img/logo.svg + +keywords: + - git + - issue tracker + - code review + - wiki + - gitea + - gogs +sources: + - https://gitea.com/gitea/helm-chart + - https://github.com/go-gitea/gitea + - https://hub.docker.com/r/gitea/gitea/ +maintainers: + - name: Charlie Drage + email: charlie@charliedrage.com + - name: Gitea Authors + email: maintainers@gitea.io + - name: Konrad Lother + email: konrad.lother@novum-rgi.de + - name: Lucas Hahn + email: lucas.hahn@novum-rgi.de + - name: Steven Kriegler + email: sk.bunsenbrenner@gmail.com + - name: Patrick Schratz + email: patrick.schratz@gmail.com + +# Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details +dependencies: + #https://github.com/bitnami/charts/blob/main/bitnami/postgresql + - name: postgresql + repository: oci://registry-1.docker.io/bitnamicharts + version: 12.12.5 + condition: postgresql.enabled + # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml + - name: postgresql-ha + repository: oci://registry-1.docker.io/bitnamicharts + version: 11.9.2 + condition: postgresql-ha.enabled + # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml + - name: redis-cluster + repository: oci://registry-1.docker.io/bitnamicharts + version: 9.0.4 + condition: redis-cluster.enabled From c1c186b9016a891195029a03e487f62b8cc0f02e Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 5 Oct 2023 21:24:10 +0200 Subject: [PATCH 074/114] login to docker before packaging chart --- .gitea/workflows/release-version.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index f1b6fb8..37a12ab 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -34,6 +34,7 @@ jobs: # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved helm plugin install https://github.com/pat-s/helm-gpg helm dependency update + echo "$DOCKER_PASSWORD" | docker login -u $DOCKER_USERNAME --password-stdin helm package --version "${GITHUB_REF#refs/tags/v}" ./ helm gpg sign "gitea-${GITHUB_REF#refs/tags/v}.tgz" mkdir gitea From dc8a2bd667c53ae3506c5638d4d19002e46646af Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 5 Oct 2023 21:27:16 +0200 Subject: [PATCH 075/114] login as the first action --- .gitea/workflows/release-version.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 37a12ab..20049d2 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -31,10 +31,10 @@ jobs: # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 - name: package chart run: | + echo "$DOCKER_PASSWORD" | docker login -u $DOCKER_USERNAME --password-stdin # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved helm plugin install https://github.com/pat-s/helm-gpg helm dependency update - echo "$DOCKER_PASSWORD" | docker login -u $DOCKER_USERNAME --password-stdin helm package --version "${GITHUB_REF#refs/tags/v}" ./ helm gpg sign "gitea-${GITHUB_REF#refs/tags/v}.tgz" mkdir gitea From cd4271a1ad3f3422d71d6334ff2b6ce59af8c269 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 5 Oct 2023 21:29:09 +0200 Subject: [PATCH 076/114] install `docker-ce-cli` --- .gitea/workflows/release-version.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 20049d2..3e26d40 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -17,7 +17,7 @@ jobs: curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list apt update -y - apt install -y python helm python3-pip apt-transport-https + apt install -y python helm python3-pip apt-transport-https docker-ce-cli pip install awscli - name: Import GPG key From 183b54fc27b2f62833c6cb4f07754c428271f73a Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 5 Oct 2023 21:32:54 +0200 Subject: [PATCH 077/114] add docker apt repo --- .gitea/workflows/release-version.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 3e26d40..ca9138c 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -16,7 +16,10 @@ jobs: apt install -y curl curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list + echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null apt update -y + curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg + chmod a+r /etc/apt/keyrings/docker.gpg apt install -y python helm python3-pip apt-transport-https docker-ce-cli pip install awscli From d2598c6161ed9a2abbfb6a439ca7ee43e1f05fc7 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 5 Oct 2023 21:33:39 +0200 Subject: [PATCH 078/114] remove sudo --- .gitea/workflows/release-version.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index ca9138c..874d041 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -16,9 +16,9 @@ jobs: apt install -y curl curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list - echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null apt update -y - curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg + curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg chmod a+r /etc/apt/keyrings/docker.gpg apt install -y python helm python3-pip apt-transport-https docker-ce-cli pip install awscli From cbaad0ed8fc1a48e281316d2f7c94ddb074299d1 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 5 Oct 2023 21:35:51 +0200 Subject: [PATCH 079/114] add gpg key first --- .gitea/workflows/release-version.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 874d041..fc9af3e 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -14,12 +14,15 @@ jobs: run: | apt update -y apt install -y curl + # helm curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list - echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null - apt update -y + # docker curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg chmod a+r /etc/apt/keyrings/docker.gpg + install -m 0755 -d /etc/apt/keyrings + echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null + apt update -y apt install -y python helm python3-pip apt-transport-https docker-ce-cli pip install awscli From ef4e0dc77dd62fb1e9127c759b38d53e26392b6e Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 5 Oct 2023 21:38:19 +0200 Subject: [PATCH 080/114] refine --- .gitea/workflows/release-version.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index fc9af3e..c0be7f0 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -13,14 +13,14 @@ jobs: - name: install tools run: | apt update -y - apt install -y curl + apt install -y curl ca-certificates curl gnupg # helm curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list # docker + install -m 0755 -d /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg chmod a+r /etc/apt/keyrings/docker.gpg - install -m 0755 -d /etc/apt/keyrings echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null apt update -y apt install -y python helm python3-pip apt-transport-https docker-ce-cli From 7d2a375685ed1017998f439cdeb6dd370632b6d4 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 5 Oct 2023 21:40:40 +0200 Subject: [PATCH 081/114] fix workflow secrets --- .gitea/workflows/release-version.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index c0be7f0..3fa25c3 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -37,7 +37,7 @@ jobs: # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 - name: package chart run: | - echo "$DOCKER_PASSWORD" | docker login -u $DOCKER_USERNAME --password-stdin + echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved helm plugin install https://github.com/pat-s/helm-gpg helm dependency update From 9802e9ae41ad6e88eb56704b4f8d86c0bee045eb Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 10 Oct 2023 19:48:00 +0000 Subject: [PATCH 082/114] Login to docker to fix workflow (#526) Same as for the release workflow. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/526 Co-authored-by: pat-s Co-committed-by: pat-s --- .gitea/workflows/test-pr.yml | 10 +++- Chart.yaml | 100 +++++++++++++++++------------------ 2 files changed, 59 insertions(+), 51 deletions(-) diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 74e87bd..c8b36a7 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -12,11 +12,19 @@ jobs: run: | apt update -y apt install -y curl make + # helm curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list + # docker + install -m 0755 -d /etc/apt/keyrings + curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg + chmod a+r /etc/apt/keyrings/docker.gpg + echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null apt update -y - apt install -y helm python3-pip + apt install -y helm python3-pip docker-ce-cli pip install yamllint + # login to docker + echo ${{ secrets.DOCKER_PASSWORD_PUBLIC }} | docker login -u ${{ secrets.DOCKER_USERNAME_PUBLIC }} --password-stdin - name: dependency update run: helm dependency update - name: lint diff --git a/Chart.yaml b/Chart.yaml index c6236c2..e2c394a 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,50 +1,50 @@ -apiVersion: v2 -name: gitea -description: Gitea Helm chart for Kubernetes -type: application -version: 0.0.0 -appVersion: 1.20.5 -icon: https://gitea.com/assets/img/logo.svg - -keywords: - - git - - issue tracker - - code review - - wiki - - gitea - - gogs -sources: - - https://gitea.com/gitea/helm-chart - - https://github.com/go-gitea/gitea - - https://hub.docker.com/r/gitea/gitea/ -maintainers: - - name: Charlie Drage - email: charlie@charliedrage.com - - name: Gitea Authors - email: maintainers@gitea.io - - name: Konrad Lother - email: konrad.lother@novum-rgi.de - - name: Lucas Hahn - email: lucas.hahn@novum-rgi.de - - name: Steven Kriegler - email: sk.bunsenbrenner@gmail.com - - name: Patrick Schratz - email: patrick.schratz@gmail.com - -# Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details -dependencies: - #https://github.com/bitnami/charts/blob/main/bitnami/postgresql - - name: postgresql - repository: oci://registry-1.docker.io/bitnamicharts - version: 12.12.5 - condition: postgresql.enabled - # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - - name: postgresql-ha - repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.2 - condition: postgresql-ha.enabled - # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - - name: redis-cluster - repository: oci://registry-1.docker.io/bitnamicharts - version: 9.0.4 - condition: redis-cluster.enabled +apiVersion: v2 +name: gitea +description: Gitea Helm chart for Kubernetes +type: application +version: 0.0.0 +appVersion: 1.20.5 +icon: https://gitea.com/assets/img/logo.svg + +keywords: + - git + - issue tracker + - code review + - wiki + - gitea + - gogs +sources: + - https://gitea.com/gitea/helm-chart + - https://github.com/go-gitea/gitea + - https://hub.docker.com/r/gitea/gitea/ +maintainers: + - name: Charlie Drage + email: charlie@charliedrage.com + - name: Gitea Authors + email: maintainers@gitea.io + - name: Konrad Lother + email: konrad.lother@novum-rgi.de + - name: Lucas Hahn + email: lucas.hahn@novum-rgi.de + - name: Steven Kriegler + email: sk.bunsenbrenner@gmail.com + - name: Patrick Schratz + email: patrick.schratz@gmail.com + +# Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details +dependencies: + # https://github.com/bitnami/charts/blob/main/bitnami/postgresql + - name: postgresql + repository: oci://registry-1.docker.io/bitnamicharts + version: 12.12.5 + condition: postgresql.enabled + # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml + - name: postgresql-ha + repository: oci://registry-1.docker.io/bitnamicharts + version: 11.9.2 + condition: postgresql-ha.enabled + # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml + - name: redis-cluster + repository: oci://registry-1.docker.io/bitnamicharts + version: 9.0.4 + condition: redis-cluster.enabled From 226564b74d7289a94bf17cd944821911f4af21ae Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 11 Oct 2023 19:04:37 +0000 Subject: [PATCH 083/114] Add single-pod configuration examples to README (#531) Relates to #524, #515. Both examples have been tested on a k8s dev install locally by deploying in a fresh namespace. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/531 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 99 ++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 72 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 03bed71..fa91de0 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ - [Database defaults](#database-defaults) - [Server defaults](#server-defaults) - [Metrics defaults](#metrics-defaults) - - [Minimal Configuration](#minimal-configuration) + - [Single-Pod Configurations](#single-pod-configurations) - [Additional _app.ini_ settings](#additional-appini-settings) - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini) - [External Database](#external-database) @@ -172,35 +172,77 @@ The Prometheus `/metrics` endpoint is disabled by default. ENABLED = false ``` -### Minimal Configuration +### Single-Pod Configurations -For a minimal installation, i.e. without HA dependencies and using the built-in SQLITE DB instead of Postgres, the following configuration can be used: +If HA is not needed/desired, the following configurations can be used to deploy a single-pod Gitea instance. -```yaml -redis-cluster: - enabled: false -postgresql: - enabled: false -postgresql-ha: - enabled: false +1. For a production-ready single-pod Gitea instance without external dependencies (using the chart dependency `postgresql`): -persistence: - enabled: false +
-gitea: - config: - database: - DB_TYPE: sqlite3 - session: - PROVIDER: memory - cache: - ADAPTER: memory - queue: - TYPE: level -``` + values.yml -This will result in a single-pod Gitea instance without any dependencies and persistence. -Do not use this configuration for production use. + ```yaml + redis-cluster: + enabled: false + postgresql: + enabled: true + postgresql-ha: + enabled: false + + persistence: + enabled: true + + gitea: + config: + database: + DB_TYPE: postgres + session: + PROVIDER: db + cache: + ADAPTER: memory + queue: + TYPE: level + indexer: + ISSUE_INDEXER_TYPE: bleve + REPO_INDEXER_ENABLED: true + ``` + +
+ +2. For a minimal DEV installation (using the built-in sqlite DB instead of Postgres): + + This will result in a single-pod Gitea instance _without any dependencies and persistence_. + **Do not use this configuration for production use**. + +
+ + values.yml + + ```yaml + redis-cluster: + enabled: false + postgresql: + enabled: false + postgresql-ha: + enabled: false + + persistence: + enabled: false + + gitea: + config: + database: + DB_TYPE: sqlite3 + session: + PROVIDER: memory + cache: + ADAPTER: memory + queue: + TYPE: level + ``` + +
### Additional _app.ini_ settings @@ -1025,15 +1067,17 @@ The previous `memcache` default was not HA-ready, hence we decided to switch to If you are coming from an existing deployment and [#356](https://gitea.com/gitea/helm-chart/issues/356) is still open, you need to set the config sections for `cache`, `session` and `queue` explicitly: ```yaml +gitea: + config: session: PROVIDER: redis-cluster PROVIDER_CONFIG: redis+cluster://:gitea@gitea-redis-cluster-headless..svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& - + cache: ENABLED: true ADAPTER: redis-cluster HOST: redis+cluster://:gitea@gitea-redis-cluster-headless..svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& - + queue: TYPE: redis CONN_STR: redis+cluster://:gitea@gitea-redis-cluster-headless..svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& @@ -1041,6 +1085,7 @@ If you are coming from an existing deployment and [#356](https://gitea.com/gitea **Switch to rootless image by default** + If you are facing errors like `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED` due to this automatic transition: Have a look at [this discussion](https://gitea.com/gitea/helm-chart/issues/487#issue-220660) and either set `image.rootless: false` or manually update your `~/.ssh/known_hosts` file(s). From 40751af5c75a2e1909977022a3402d35c9f96eb2 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 12 Oct 2023 04:27:39 +0000 Subject: [PATCH 084/114] chore(deps): update dependency @bitnami/readme-generator-for-helm to v2.5.2 (#533) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [@bitnami/readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) | devDependencies | patch | [`2.5.1` -> `2.5.2`](https://renovatebot.com/diffs/npm/@bitnami%2freadme-generator-for-helm/2.5.1/2.5.2) | --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/533 Reviewed-by: justusbunsi Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 61aa8a3..87a8be1 100644 --- a/package-lock.json +++ b/package-lock.json @@ -16,9 +16,9 @@ } }, "node_modules/@bitnami/readme-generator-for-helm": { - "version": "2.5.1", - "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.5.1.tgz", - "integrity": "sha512-LRSq43HwfgmTJZ4rwpXHf6d7DGnY+j2BtgVlc2hPqfRtqj36NRYl83Zv9WjRGvwF8Zr6Iwa1AgvewiAxdWlMzg==", + "version": "2.5.2", + "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.5.2.tgz", + "integrity": "sha512-hOPksxEjC1maj5Ug0pC01M1BV0MZUU3xqvMpo1asMXvRIkKhdo649mI55sZy8mH+ow9oVWJ+0Xl5cVwCyCEXiQ==", "dev": true, "dependencies": { "commander": "^7.1.0", From ca903c9cf3235174bc76c371a908d82727aa59c9 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Fri, 13 Oct 2023 16:04:27 +0000 Subject: [PATCH 085/114] Fix `helm dependency build` once and for all (#535) ### Description of the change We are affected by a regression of a Helm bug from May 2023. I've tested the Helm versions 3.13.1, 3.13.0 and 3.12.3. Both 3.13.x are affected. 3.12.3 works. So let's downgrade and drop the docker login in PR builds. I've also switched the `apt install helm` with an official `alpine/helm` image I am using at work. Pinning the helm version and receiving updates helps us identifying such issues in the future. For the release workflow I was a bit more reluctant with changes, since I cannot easily test them. That's why I just pinned the Helm version. Renovate will provide one PR changing both files because it's the same dependency (alpine/helm) from the same datasource (docker). https://github.com/helm/helm/issues/12062 ### Applicable issues - implicitly fixes #527 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/535 Reviewed-by: pat-s Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- .gitea/workflows/release-version.yml | 6 ++++- .gitea/workflows/test-pr.yml | 33 ++++++++++------------------ renovate.json5 | 10 +++++++++ 3 files changed, 27 insertions(+), 22 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 3fa25c3..9e0d02f 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -5,6 +5,10 @@ on: tags: - "*" +env: + # renovate: datasource=docker depName=alpine/helm + HELM_VERSION: "3.12.3" + jobs: generate-chart-publish: runs-on: ubuntu-latest @@ -23,7 +27,7 @@ jobs: chmod a+r /etc/apt/keyrings/docker.gpg echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null apt update -y - apt install -y python helm python3-pip apt-transport-https docker-ce-cli + apt install -y python helm=${{ env.HELM_VERSION }}-1 python3-pip apt-transport-https docker-ce-cli pip install awscli - name: Import GPG key diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index c8b36a7..6b8b0f2 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -3,38 +3,29 @@ name: check-and-test on: - pull_request +env: + # renovate: datasource=github-releases depName=helm-unittest/helm-unittest + HELM_UNITTEST_VERSION: "0.3.3" + jobs: check-and-test: runs-on: ubuntu-latest + container: alpine/helm:3.12.3 steps: - - uses: actions/checkout@v4 - name: install tools run: | - apt update -y - apt install -y curl make - # helm - curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null - echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list - # docker - install -m 0755 -d /etc/apt/keyrings - curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg - chmod a+r /etc/apt/keyrings/docker.gpg - echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null - apt update -y - apt install -y helm python3-pip docker-ce-cli - pip install yamllint - # login to docker - echo ${{ secrets.DOCKER_PASSWORD_PUBLIC }} | docker login -u ${{ secrets.DOCKER_USERNAME_PUBLIC }} --password-stdin - - name: dependency update - run: helm dependency update + apk update + apk add --update make nodejs npm yamllint + - uses: actions/checkout@v4 + - name: install chart dependencies + run: helm dependency build - name: lint run: helm lint - name: template - run: | - helm template --debug gitea-helm . + run: helm template --debug gitea-helm . - name: unit tests run: | - helm plugin install --version 0.3.3 https://github.com/helm-unittest/helm-unittest + helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest make unittests - name: verify readme run: | diff --git a/renovate.json5 b/renovate.json5 index e8bcaaf..bb49f4b 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -1,6 +1,16 @@ { $schema: "https://docs.renovatebot.com/renovate-schema.json", extends: ["gitea>gitea/renovate-config"], + customManagers: [ + { + description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions', + customType: 'regex', + fileMatch: ['.gitea/workflows/.+\\.ya?ml$'], + matchStrings: [ + '# renovate: datasource=(?[a-z-.]+?) depName=(?[^\\s]+?)(?: (?:lookupName|packageName)=(?[^\\s]+?))?(?: versioning=(?[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?.+?)["\']?\\s', + ], + }, + ], packageRules: [ { description: "Automerge minor + patch dependency updates weekly", From 7d96eb29405b76d71ab858d063a32bc8879d231a Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Fri, 13 Oct 2023 19:19:06 +0000 Subject: [PATCH 086/114] Tell Renovate to use `kind/dependency` label (#538) As title. I think using that label helps categorizing Pull Requests. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/538 Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- renovate.json5 | 1 + 1 file changed, 1 insertion(+) diff --git a/renovate.json5 b/renovate.json5 index bb49f4b..f4b9100 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -1,6 +1,7 @@ { $schema: "https://docs.renovatebot.com/renovate-schema.json", extends: ["gitea>gitea/renovate-config"], + labels: ["kind/dependency"], customManagers: [ { description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions', From eb17917b5366eab3bb8858da6a02db480be6601e Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Fri, 13 Oct 2023 19:20:01 +0000 Subject: [PATCH 087/114] Bump helm-unittest to 0.3.4 (#537) There is a regression that prevents us from going directly to 0.3.5. To prevent the upcoming Renovate PR for 0.3.5 being stuck until 0.3.6, we can use 0.3.4 until a working version is released. The Renovate PR for 0.3.5 can then be closed directly so that Renovate ignores that version. https://github.com/helm-unittest/helm-unittest/issues/219 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/537 Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- .gitea/workflows/test-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 6b8b0f2..3a251ae 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -5,7 +5,7 @@ on: env: # renovate: datasource=github-releases depName=helm-unittest/helm-unittest - HELM_UNITTEST_VERSION: "0.3.3" + HELM_UNITTEST_VERSION: "0.3.4" jobs: check-and-test: From 64c6d80dcf6eeb3b153af5903db247eed7361fc4 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Fri, 13 Oct 2023 19:20:26 +0000 Subject: [PATCH 088/114] Add .vscode profile for easier contributions (#536) ### Description of the change This adds a `.vscode` folder with recommended extensions and some useful settings like unittest schema validation. The `.vscode` folder is already helm ignored during packaging. ### Possible drawbacks We would have to be careful about PR changes in that directory. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/536 Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- .vscode/extensions.json | 8 ++++++++ .vscode/settings.json | 8 ++++++++ CONTRIBUTING.md | 9 ++------- 3 files changed, 18 insertions(+), 7 deletions(-) create mode 100644 .vscode/extensions.json create mode 100644 .vscode/settings.json diff --git a/.vscode/extensions.json b/.vscode/extensions.json new file mode 100644 index 0000000..a216a96 --- /dev/null +++ b/.vscode/extensions.json @@ -0,0 +1,8 @@ +{ + "recommendations": [ + "yzhang.markdown-all-in-one", + "DavidAnson.vscode-markdownlint", + "Tim-Koehler.helm-intellisense", + "esbenp.prettier-vscode" + ] + } diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..d709909 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,8 @@ +{ + "yaml.schemas": { + "https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json": [ + "/unittests/**/*.yaml" + ] + }, + "yaml.schemaStore.enable": true +} diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f6c24bf..075cae0 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -9,12 +9,7 @@ refactorings for easier maintainability or documentation improvements. - [`helm`](https://helm.sh/docs/intro/install/) - `make` is optional; you may call the commands directly -When using Visual Studio Code as IDE, following plugins might be useful: - -- [Markdown All in One](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one) -- [markdownlint](https://marketplace.visualstudio.com/items?itemName=DavidAnson.vscode-markdownlint) -- [Helm Intellisense](https://marketplace.visualstudio.com/items?itemName=Tim-Koehler.helm-intellisense) -- [Prettier - Code formatter](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode) +When using Visual Studio Code as IDE, a [ready-to-use profile](.vscode/) is available. ## Documentation Requirements @@ -61,7 +56,7 @@ $ helm plugin install https://github.com/helm-unittest/helm-unittest make unittests ``` -See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/v0.3.3/DOCUMENT.md) for usage instructions. +See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/main/DOCUMENT.md) for usage instructions. ## Release process From 0cc8c6d5586fdc506f1560b18e0a9c338125a5c2 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 14 Oct 2023 00:14:31 +0000 Subject: [PATCH 089/114] chore(deps): update postgresql-ha docker tag to v11.9.8 (#507) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 5cac592..1201cd2 100644 --- a/Chart.lock +++ b/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 12.12.5 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.2 + version: 11.9.8 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 9.0.4 -digest: sha256:aba0798b2d882a0e44119cc1e586278c3433227d65c37f9035e835ab3c554965 -generated: "2023-09-22T19:18:56.559259773Z" +digest: sha256:b6c659aac77f90b1ea0e498c933e14647709e57269a15c2bfc612ff81d8d4001 +generated: "2023-10-14T00:06:39.299556322Z" diff --git a/Chart.yaml b/Chart.yaml index e2c394a..cbbcb76 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -41,7 +41,7 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.2 + version: 11.9.8 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster From b68b9d91cf834e3c05d65d29860ca5dbdda8210d Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Sat, 14 Oct 2023 16:05:59 +0000 Subject: [PATCH 090/114] [postgresql-ha] Use pgpool service as db connection proxy (#542) ### Description of the change The `postgresql-ha` provides a dedicated deployment and service called `pgpool`. This application is a proxy that routes the db queries to the active database replica. There's a note about that in their README[^1]. Issue #502 is a side-effect of not using that proxy. ### Possible drawbacks Using the Charts' default configuration, the `pgpool` deployment has 1 replica, making this a single-point of failure. But users can change the related `postgresql-ha.pgpool.replicaCount` to their needs. ### Applicable issues - fixes #502 ### Checklist - [x] Templating unittests are added [^1]: https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/templates/postgresql/statefulset.yaml#introduction Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/542 Reviewed-by: pat-s Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- templates/_helpers.tpl | 2 +- .../database-section_postgresql-ha.yaml | 30 +++++++++++++++++++ .../config/database-section_postgresql.yaml | 30 +++++++++++++++++++ 3 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 unittests/config/database-section_postgresql-ha.yaml create mode 100644 unittests/config/database-section_postgresql.yaml diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 565f335..08ab1be 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -119,7 +119,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- define "postgresql-ha.dns" -}} {{- if (index .Values "postgresql-ha").enabled -}} -{{- printf "%s-postgresql-ha-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}} +{{- printf "%s-postgresql-ha-pgpool.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}} {{- end -}} {{- end -}} diff --git a/unittests/config/database-section_postgresql-ha.yaml b/unittests/config/database-section_postgresql-ha.yaml new file mode 100644 index 0000000..f416d79 --- /dev/null +++ b/unittests/config/database-section_postgresql-ha.yaml @@ -0,0 +1,30 @@ +suite: config template | database section (postgresql-ha) +release: + name: gitea-unittests + namespace: testing +tests: + - it: connects to pgpool service + template: templates/gitea/config.yaml + set: + postgresql: + enabled: false + postgresql-ha: + enabled: true + asserts: + - documentIndex: 0 + matchRegex: + path: stringData.database + pattern: HOST=gitea-unittests-postgresql-ha-pgpool.testing.svc.cluster.local:5432 + - it: renders the referenced service + template: charts/postgresql-ha/templates/pgpool/service.yaml + set: + postgresql: + enabled: false + postgresql-ha: + enabled: true + asserts: + - containsDocument: + kind: Service + apiVersion: v1 + name: gitea-unittests-postgresql-ha-pgpool + namespace: testing diff --git a/unittests/config/database-section_postgresql.yaml b/unittests/config/database-section_postgresql.yaml new file mode 100644 index 0000000..5a7501b --- /dev/null +++ b/unittests/config/database-section_postgresql.yaml @@ -0,0 +1,30 @@ +suite: config template | database section (postgresql) +release: + name: gitea-unittests + namespace: testing +tests: + - it: "connects to postgresql service" + template: templates/gitea/config.yaml + set: + postgresql: + enabled: true + postgresql-ha: + enabled: false + asserts: + - documentIndex: 0 + matchRegex: + path: stringData.database + pattern: HOST=gitea-unittests-postgresql.testing.svc.cluster.local:5432 + - it: "renders the referenced service" + template: charts/postgresql/templates/primary/svc.yaml + set: + postgresql: + enabled: true + postgresql-ha: + enabled: false + asserts: + - containsDocument: + kind: Service + apiVersion: v1 + name: gitea-unittests-postgresql + namespace: testing From a249229ccffcf8b73fc5f1533f8de79f6f61f073 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sat, 14 Oct 2023 16:30:51 +0000 Subject: [PATCH 091/114] Downgrade postgresql-ha to 11.9.4 (#541) As 11.9.8 included (by mistake) a major version bump from 15 -> 16 https://github.com/bitnami/charts/issues/19596 Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/541 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 1201cd2..7d6993c 100644 --- a/Chart.lock +++ b/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 12.12.5 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.8 + version: 11.9.4 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 9.0.4 -digest: sha256:b6c659aac77f90b1ea0e498c933e14647709e57269a15c2bfc612ff81d8d4001 -generated: "2023-10-14T00:06:39.299556322Z" +digest: sha256:6111aece3947a0a81ba8976da17a06ef7ba98b311907e8a769a7c372a98ab52d +generated: "2023-10-14T16:47:26.657784+02:00" diff --git a/Chart.yaml b/Chart.yaml index cbbcb76..e4ff0e0 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -41,7 +41,7 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.8 + version: 11.9.4 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster From 074def2accbf94c4378a222b41c81d15a6959dfa Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 15 Oct 2023 01:15:46 +0000 Subject: [PATCH 092/114] chore(deps): update postgresql docker tag to v12.12.10 (#521) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 7d6993c..7628510 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.12.5 + version: 12.12.10 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts version: 11.9.4 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 9.0.4 -digest: sha256:6111aece3947a0a81ba8976da17a06ef7ba98b311907e8a769a7c372a98ab52d -generated: "2023-10-14T16:47:26.657784+02:00" +digest: sha256:4f258fc8ffd0f6c15942c99280f04c0b04a06bcf5998a92ea7719f13ea180be1 +generated: "2023-10-15T00:08:54.74476529Z" diff --git a/Chart.yaml b/Chart.yaml index e4ff0e0..0d21df7 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -36,7 +36,7 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.12.5 + version: 12.12.10 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha From 370775537323ba95fe93fe3d849ad46e860b8575 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 16 Oct 2023 00:05:56 +0000 Subject: [PATCH 093/114] chore(deps): update redis-cluster docker tag to v9.0.12 (#511) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 7628510..09bca68 100644 --- a/Chart.lock +++ b/Chart.lock @@ -7,6 +7,6 @@ dependencies: version: 11.9.4 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.0.4 -digest: sha256:4f258fc8ffd0f6c15942c99280f04c0b04a06bcf5998a92ea7719f13ea180be1 -generated: "2023-10-15T00:08:54.74476529Z" + version: 9.0.12 +digest: sha256:14cda459c5eeadc1e86835b7436f23a8a21122fcf4fb103404de6183075cb8a3 +generated: "2023-10-15T01:17:05.004977938Z" diff --git a/Chart.yaml b/Chart.yaml index 0d21df7..8fc2ef4 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -46,5 +46,5 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.0.4 + version: 9.0.12 condition: redis-cluster.enabled From f3abf73ebcb1199507b11ded1807f726f301bbc4 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 24 Oct 2023 00:07:01 +0000 Subject: [PATCH 094/114] chore(deps): update redis-cluster docker tag to v9.0.13 (#547) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 09bca68..c97be2f 100644 --- a/Chart.lock +++ b/Chart.lock @@ -7,6 +7,6 @@ dependencies: version: 11.9.4 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.0.12 -digest: sha256:14cda459c5eeadc1e86835b7436f23a8a21122fcf4fb103404de6183075cb8a3 -generated: "2023-10-15T01:17:05.004977938Z" + version: 9.0.13 +digest: sha256:3b6c4fa130c74d7c39224bdb4da79dc52c915e0b770b99cccf09825ba6648b9e +generated: "2023-10-23T00:07:09.656139992Z" diff --git a/Chart.yaml b/Chart.yaml index 8fc2ef4..7837e54 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -46,5 +46,5 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.0.12 + version: 9.0.13 condition: redis-cluster.enabled From ebc46009203f679de895b03a4ae08a061989b9d7 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 1 Nov 2023 08:34:47 +0000 Subject: [PATCH 095/114] chore(deps): update dependency @bitnami/readme-generator-for-helm to v2.6.0 (#546) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [@bitnami/readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) | devDependencies | minor | [`2.5.2` -> `2.6.0`](https://renovatebot.com/diffs/npm/@bitnami%2freadme-generator-for-helm/2.5.2/2.6.0) | --- ### Release Notes
bitnami-labs/readme-generator-for-helm (@​bitnami/readme-generator-for-helm) ### [`v2.6.0`](https://github.com/bitnami-labs/readme-generator-for-helm/releases/tag/2.6.0) [Compare Source](https://github.com/bitnami-labs/readme-generator-for-helm/compare/2.5.2...2.6.0) ##### Description of the changes This new version allows setting a default value for a parameter using the default modifier ##### Issues and PRs - [#​78](https://github.com/bitnami-labs/readme-generator-for-helm/issues/78)
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/546 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 87a8be1..0faac29 100644 --- a/package-lock.json +++ b/package-lock.json @@ -16,9 +16,9 @@ } }, "node_modules/@bitnami/readme-generator-for-helm": { - "version": "2.5.2", - "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.5.2.tgz", - "integrity": "sha512-hOPksxEjC1maj5Ug0pC01M1BV0MZUU3xqvMpo1asMXvRIkKhdo649mI55sZy8mH+ow9oVWJ+0Xl5cVwCyCEXiQ==", + "version": "2.6.0", + "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.6.0.tgz", + "integrity": "sha512-LcByNCryaC2OJExL9rnhyFJ18+vrZu1gVoN2Z7j/HI42EjV4kLgT4G1KEPNnrKbls9HvozBqMG+sKZIDh0McFg==", "dev": true, "dependencies": { "commander": "^7.1.0", From 82dc07767372cf76a67896e7acddaa87b5272f85 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 6 Nov 2023 00:17:45 +0000 Subject: [PATCH 096/114] chore(deps): update redis-cluster docker tag to v9.1.1 (#555) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index c97be2f..908e3d5 100644 --- a/Chart.lock +++ b/Chart.lock @@ -7,6 +7,6 @@ dependencies: version: 11.9.4 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.0.13 -digest: sha256:3b6c4fa130c74d7c39224bdb4da79dc52c915e0b770b99cccf09825ba6648b9e -generated: "2023-10-23T00:07:09.656139992Z" + version: 9.1.1 +digest: sha256:35358da69169541a009540a2d6a840584390e5b53dad5b647b19bd5c14c88f93 +generated: "2023-11-06T00:07:24.742145709Z" diff --git a/Chart.yaml b/Chart.yaml index 7837e54..5ce023a 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -46,5 +46,5 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.0.13 + version: 9.1.1 condition: redis-cluster.enabled From 41e389c7cd5ee003616804466c126b19e47b4f1f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 6 Nov 2023 08:05:05 +0000 Subject: [PATCH 097/114] chore(deps): update dependency helm-unittest/helm-unittest to v0.3.6 (#554) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [helm-unittest/helm-unittest](https://github.com/helm-unittest/helm-unittest) | patch | `0.3.4` -> `v0.3.6` | --- ### Release Notes
helm-unittest/helm-unittest (helm-unittest/helm-unittest) ### [`v0.3.6`](https://github.com/helm-unittest/helm-unittest/releases/tag/v0.3.6) [Compare Source](https://github.com/helm-unittest/helm-unittest/compare/v0.3.5...v0.3.6) **Added Features** - Added templated Test Suites, to make re-usable tests possible (credits [@​hanseltime](https://github.com/hanseltime), resolves [#​57](https://github.com/helm-unittest/helm-unittest/issues/57), resolves [#​186](https://github.com/helm-unittest/helm-unittest/issues/186)) **Improvements** - Optimize installation (resolves [#​176](https://github.com/helm-unittest/helm-unittest/issues/176), resolves [#​214](https://github.com/helm-unittest/helm-unittest/issues/214), resolves [#​225](https://github.com/helm-unittest/helm-unittest/issues/225)) **Fixes** - Fix incorrect filtering template files (resolves [#​219](https://github.com/helm-unittest/helm-unittest/issues/219)) - Fix snapshot validator with Empty documents (credits [@​matthyx](https://github.com/matthyx)) - Fix inconsistent results lengthEqual validator (credits [@​hanseltime](https://github.com/hanseltime)) - Fix global values (credit [@​zidoshare](https://github.com/zidoshare), resolves [#​215](https://github.com/helm-unittest/helm-unittest/issues/215)) **Updates** - Update packages to latest patch versions - Update documenation ### [`v0.3.5`](https://github.com/helm-unittest/helm-unittest/releases/tag/v0.3.5) [Compare Source](https://github.com/helm-unittest/helm-unittest/compare/v0.3.4...v0.3.5) **Fixes** - Fix recursive subchart testing (credits [@​zidoshare](https://github.com/zidoshare), resolves [#​206](https://github.com/helm-unittest/helm-unittest/issues/206)) - Fix old containsDocument behaviour to ignore other documents in multidocument validation (resolves [#​205](https://github.com/helm-unittest/helm-unittest/issues/205)) - Fix failed_template to also work when empty documents are found (resolves [#​191](https://github.com/helm-unittest/helm-unittest/issues/191)) - Fix failed_template multi colon handling (resolves [#​200](https://github.com/helm-unittest/helm-unittest/issues/200)) - Fix glob all valid filenames (resolves [#​201](https://github.com/helm-unittest/helm-unittest/issues/201)) **Updates** - Update packages to latest patch versions - Update documenation (thanks to [@​yariksheptykin](https://github.com/yariksheptykin))
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/554 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/test-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 3a251ae..0ec13da 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -5,7 +5,7 @@ on: env: # renovate: datasource=github-releases depName=helm-unittest/helm-unittest - HELM_UNITTEST_VERSION: "0.3.4" + HELM_UNITTEST_VERSION: "v0.3.6" jobs: check-and-test: From 7de8e834330c1a9cb1de3aae70c2076970f79875 Mon Sep 17 00:00:00 2001 From: Ceddaerrix Date: Mon, 6 Nov 2023 19:03:46 +0000 Subject: [PATCH 098/114] Further improvement on DRY principle support (#529) ### Description of the change - Adding TPL use into './templates/_helpers.tpl' in "gitea.inline_configuration.defaults.server" since '.Values.ingress.hosts' referred ### Benefits - Avoid error in deployment using Gitea CHart 9.5.0 such as "Invalid ROOT_URL 'https://{{ .Values.global.giteaHostName }}': parse "https://{{ .Values.global.giteaHostName }}": invalid character "{" in host name" ### Possible drawbacks N/A ### Applicable issues - fixes #530 ### Checklist - [x] Fixing './templates/_helpers.tpl' "gitea.inline_configuration.defaults.server - [x] Templating unittests are added Co-authored-by: pat-s Co-authored-by: justusbunsi Co-authored-by: 212597596 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/529 Reviewed-by: pat-s Reviewed-by: justusbunsi Co-authored-by: Ceddaerrix Co-committed-by: Ceddaerrix --- templates/_helpers.tpl | 2 +- unittests/deployment/inline-config.yaml | 33 +++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 unittests/deployment/inline-config.yaml diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 08ab1be..003d39f 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -319,7 +319,7 @@ https {{- end -}} {{- if not (.Values.gitea.config.server.DOMAIN) -}} {{- if gt (len .Values.ingress.hosts) 0 -}} - {{- $_ := set .Values.gitea.config.server "DOMAIN" (index .Values.ingress.hosts 0).host -}} + {{- $_ := set .Values.gitea.config.server "DOMAIN" ( tpl (index .Values.ingress.hosts 0).host $) -}} {{- else -}} {{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.default_domain" .) -}} {{- end -}} diff --git a/unittests/deployment/inline-config.yaml b/unittests/deployment/inline-config.yaml new file mode 100644 index 0000000..545bb36 --- /dev/null +++ b/unittests/deployment/inline-config.yaml @@ -0,0 +1,33 @@ +suite: config template +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/config.yaml +tests: + - it: inline config stringData.server using TPL + set: + global.giteaHostName: "gitea.example.com" + ingress.enabled: true + ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}" + ingress.tls: + - secretName: gitea-tls + hosts: + - "{{ .Values.global.giteaHostName }}" + asserts: + - documentIndex: 0 + matchRegex: + path: metadata.name + pattern: .*-inline-config$ + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: DOMAIN=gitea\.example\.com + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: ROOT_URL=https://gitea\.example\.com + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: SSH_DOMAIN=gitea\.example\.com From bc872acdd3d64498a32403b9d57c7f4ccd700983 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 13 Nov 2023 17:19:31 +0000 Subject: [PATCH 099/114] chore(deps): update alpine/helm docker tag to v3.13.2 (#562) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | alpine/helm | | minor | `3.12.3` -> `3.13.2` | | alpine/helm | container | minor | `3.12.3` -> `3.13.2` | --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/562 Reviewed-by: justusbunsi Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/release-version.yml | 2 +- .gitea/workflows/test-pr.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 9e0d02f..644e52f 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -7,7 +7,7 @@ on: env: # renovate: datasource=docker depName=alpine/helm - HELM_VERSION: "3.12.3" + HELM_VERSION: "3.13.2" jobs: generate-chart-publish: diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 0ec13da..9d61655 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -10,7 +10,7 @@ env: jobs: check-and-test: runs-on: ubuntu-latest - container: alpine/helm:3.12.3 + container: alpine/helm:3.13.2 steps: - name: install tools run: | From 23847eba1c99e4cc3bab14391dff7ebd5200633e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 14 Nov 2023 00:15:26 +0000 Subject: [PATCH 100/114] chore(deps): update redis-cluster docker tag to v9.1.3 (#561) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 908e3d5..a40418a 100644 --- a/Chart.lock +++ b/Chart.lock @@ -7,6 +7,6 @@ dependencies: version: 11.9.4 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.1.1 -digest: sha256:35358da69169541a009540a2d6a840584390e5b53dad5b647b19bd5c14c88f93 -generated: "2023-11-06T00:07:24.742145709Z" + version: 9.1.3 +digest: sha256:6bda620320a05a5ea4efb4189a86d30092aeb0a6f3e0009538f4bea312af0863 +generated: "2023-11-14T00:08:15.790217865Z" diff --git a/Chart.yaml b/Chart.yaml index 5ce023a..2fde9b9 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -46,5 +46,5 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.1.1 + version: 9.1.3 condition: redis-cluster.enabled From 3cf91bf6e7e02e3761a3435cae5c85ede92da15f Mon Sep 17 00:00:00 2001 From: TristanHoladay Date: Tue, 14 Nov 2023 21:42:26 +0000 Subject: [PATCH 101/114] Add `image.fullOverride` (#550) ### Description of the change This PR is a continuation of the work done by @dgershman in [534](https://gitea.com/gitea/helm-chart/pulls/534), to allow users to override the image from the default rootless behavior of appending `-rootless` to the end of the image tag. ### Benefits Allows more flexibility to use externally maintained images that are rootless but don't follow the `-rootless` tag convention. ### Applicable issues - fixes #532 ### Additional information No breaking changes. This does not affect the `image.rootless` conditional checks or the current behavior if someone still wants to rely on the chart to append `-rootless`. ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [x] Breaking changes are documented in the `README.md` - [x] Templating unittests are added Co-authored-by: TristanHoladay <40547442+TristanHoladay@users.noreply.github.com> Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/550 Reviewed-by: justusbunsi Reviewed-by: pat-s Co-authored-by: TristanHoladay Co-committed-by: TristanHoladay --- README.md | 48 ++++++++++++++----- templates/_helpers.tpl | 5 +- unittests/deployment/image-configuration.yaml | 15 ++++++ unittests/deployment/ssh-configuration.yaml | 24 ++++++++++ .../init_directory_structure.sh-rootless.yaml | 20 ++++++++ values.yaml | 2 + 6 files changed, 100 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index fa91de0..ad4799e 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,7 @@ - [Database defaults](#database-defaults) - [Server defaults](#server-defaults) - [Metrics defaults](#metrics-defaults) + - [Rootless defaults](#rootless-defaults) - [Single-Pod Configurations](#single-pod-configurations) - [Additional _app.ini_ settings](#additional-appini-settings) - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini) @@ -172,6 +173,26 @@ The Prometheus `/metrics` endpoint is disabled by default. ENABLED = false ``` +#### Rootless Defaults + +If `.Values.image.rootless: true`, then the following will occur. In case you use `.Values.image.fullOverride`, check that this works in your image: + +- `$HOME` becomes `/data/gitea/git` + + [see deployment.yaml](./templates/gitea/deployment.yaml) template inside (init-)container "env" declarations + +- `START_SSH_SERVER: true` (Unless explicity overwritten by `gitea.config.server.START_SSH_SERVER`) + + [see \_helpers.tpl](./templates/_helpers.tpl) in `gitea.inline_configuration.defaults.server` definition + +- `SSH_LISTEN_PORT: 2222` (Unless explicity overwritten by `gitea.config.server.SSH_LISTEN_PORT`) + + [see \_helpers.tpl](./templates/_helpers.tpl) in `gitea.inline_configuration.defaults.server` definition + +- `SSH_LOG_LEVEL` environment variable is not injected into the container + + [see deployment.yaml](./templates/gitea/deployment.yaml) template inside container "env" declarations + ### Single-Pod Configurations If HA is not needed/desired, the following configurations can be used to deploy a single-pod Gitea instance. @@ -216,9 +237,9 @@ If HA is not needed/desired, the following configurations can be used to deploy **Do not use this configuration for production use**.
- + values.yml - + ```yaml redis-cluster: enabled: false @@ -226,10 +247,10 @@ If HA is not needed/desired, the following configurations can be used to deploy enabled: false postgresql-ha: enabled: false - + persistence: enabled: false - + gitea: config: database: @@ -785,15 +806,16 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo ### Image -| Name | Description | Value | -| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------- | ------------- | -| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` | -| `image.repository` | Image to start for this pod | `gitea/gitea` | -| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` | -| `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | -| `image.pullPolicy` | Image pull policy | `Always` | -| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` | -| `imagePullSecrets` | Secret to use for pulling the image | `[]` | +| Name | Description | Value | +| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | +| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` | +| `image.repository` | Image to start for this pod | `gitea/gitea` | +| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` | +| `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | +| `image.pullPolicy` | Image pull policy | `Always` | +| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` | +| `image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** | `""` | +| `imagePullSecrets` | Secret to use for pulling the image | `[]` | ### Security diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 003d39f..c2980ee 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -56,6 +56,7 @@ Create chart name and version as used by the chart label. Create image name and tag used by the deployment. */}} {{- define "gitea.image" -}} +{{- $fullOverride := .Values.image.fullOverride | default "" -}} {{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}} {{- $repository := .Values.image.repository -}} {{- $separator := ":" -}} @@ -65,7 +66,9 @@ Create image name and tag used by the deployment. {{- if .Values.image.digest }} {{- $digest = (printf "@%s" (.Values.image.digest | toString)) -}} {{- end -}} -{{- if $registry }} +{{- if $fullOverride }} + {{- printf "%s" $fullOverride -}} +{{- else if $registry }} {{- printf "%s/%s%s%s%s%s" $registry $repository $separator $tag $rootless $digest -}} {{- else -}} {{- printf "%s%s%s%s%s" $repository $separator $tag $rootless $digest -}} diff --git a/unittests/deployment/image-configuration.yaml b/unittests/deployment/image-configuration.yaml index cdfd73a..35f8981 100644 --- a/unittests/deployment/image-configuration.yaml +++ b/unittests/deployment/image-configuration.yaml @@ -57,6 +57,21 @@ tests: - equal: path: spec.template.spec.containers[0].image value: "gitea/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" + - it: image fullOverride (does not append rootless) + template: templates/gitea/deployment.yaml + set: + image: + fullOverride: gitea/gitea:1.19.3 + # setting rootless, registry, repository, tag, and digest to prove that override works + rootless: true + registry: example.com + repository: example/image + tag: "1.0.0" + digest: sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "gitea/gitea:1.19.3" - it: digest for root-based image template: templates/gitea/deployment.yaml set: diff --git a/unittests/deployment/ssh-configuration.yaml b/unittests/deployment/ssh-configuration.yaml index efd0525..543fd5f 100644 --- a/unittests/deployment/ssh-configuration.yaml +++ b/unittests/deployment/ssh-configuration.yaml @@ -27,6 +27,18 @@ tests: content: name: SSH_LOG_LEVEL value: "DEBUG" + - it: supports overriding SSH log level (even when image.fullOverride set) + template: templates/gitea/deployment.yaml + set: + image.fullOverride: gitea/gitea:1.19.3 + image.rootless: false + gitea.ssh.logLevel: "DEBUG" + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: SSH_LOG_LEVEL + value: "DEBUG" - it: skips SSH_LOG_LEVEL for rootless image template: templates/gitea/deployment.yaml set: @@ -38,3 +50,15 @@ tests: any: true content: name: SSH_LOG_LEVEL + - it: skips SSH_LOG_LEVEL for rootless image (even when image.fullOverride set) + template: templates/gitea/deployment.yaml + set: + image.fullOverride: gitea/gitea:1.19.3 + image.rootless: true + gitea.ssh.logLevel: "DEBUG" # explicitly defining a non-standard level here + asserts: + - notContains: + path: spec.template.spec.containers[0].env + any: true + content: + name: SSH_LOG_LEVEL diff --git a/unittests/init/init_directory_structure.sh-rootless.yaml b/unittests/init/init_directory_structure.sh-rootless.yaml index 854bcce..29dac81 100644 --- a/unittests/init/init_directory_structure.sh-rootless.yaml +++ b/unittests/init/init_directory_structure.sh-rootless.yaml @@ -66,3 +66,23 @@ tests: chmod 700 "${GNUPGHOME}" chown 1000:1000 "${GNUPGHOME}" fi + - it: it does not chown /data even when image.fullOverride is set + template: templates/gitea/init.yaml + set: + image.fullOverride: gitea/gitea:1.20.5 + asserts: + - equal: + path: stringData["init_directory_structure.sh"] + value: |- + #!/usr/bin/env bash + + set -euo pipefail + + set -x + mkdir -p /data/git/.ssh + chmod -R 700 /data/git/.ssh + [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf + + # prepare temp directory structure + mkdir -p "${GITEA_TEMP}" + chmod ug+rwx "${GITEA_TEMP}" diff --git a/values.yaml b/values.yaml index 34c859d..15ecd06 100644 --- a/values.yaml +++ b/values.yaml @@ -43,6 +43,7 @@ clusterDomain: cluster.local ## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` ## @param image.pullPolicy Image pull policy ## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher +## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** image: registry: "" repository: gitea/gitea @@ -51,6 +52,7 @@ image: digest: "" pullPolicy: Always rootless: true + fullOverride: "" ## @param imagePullSecrets Secret to use for pulling the image imagePullSecrets: [] From 7499fecc1ac74ac54e2e240ec1caa75f2fa46bb7 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Tue, 14 Nov 2023 22:23:01 +0000 Subject: [PATCH 102/114] Fix domain macro (#560) ### Description of the change This supersedes #359 by fixing the fallback domain value when no ingress host is defined. Memcached is not used anymore. PostgreSQL macro has already been fixed otherwise. ### Checklist - [x] Templating unittests are added Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/560 Reviewed-by: pat-s Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- templates/_helpers.tpl | 2 +- unittests/config/server-section_domain.yaml | 67 +++++++++++++++++++++ 2 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 unittests/config/server-section_domain.yaml diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index c2980ee..0843da5 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -151,7 +151,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "gitea.default_domain" -}} -{{- printf "%s-gitea.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain | trunc 63 | trimSuffix "-" -}} +{{- printf "%s-http.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain -}} {{- end -}} {{- define "gitea.ldap_settings" -}} diff --git a/unittests/config/server-section_domain.yaml b/unittests/config/server-section_domain.yaml new file mode 100644 index 0000000..27a59c7 --- /dev/null +++ b/unittests/config/server-section_domain.yaml @@ -0,0 +1,67 @@ +suite: config template | server section (domain related) +release: + name: gitea-unittests + namespace: testing +tests: + - it: "[default values] uses ingress host for DOMAIN|SSH_DOMAIN|ROOT_URL" + template: templates/gitea/config.yaml + asserts: + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nDOMAIN=git.example.com + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nSSH_DOMAIN=git.example.com + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nROOT_URL=http://git.example.com + +################################################ + + - it: "[no ingress hosts] uses gitea http service for DOMAIN|SSH_DOMAIN|ROOT_URL" + template: templates/gitea/config.yaml + set: + ingress: + hosts: [] + asserts: + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nDOMAIN=gitea-unittests-http.testing.svc.cluster.local + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nSSH_DOMAIN=gitea-unittests-http.testing.svc.cluster.local + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nROOT_URL=http://gitea-unittests-http.testing.svc.cluster.local + +################################################ + + - it: "[provided via values] uses that for DOMAIN|SSH_DOMAIN|ROOT_URL" + template: templates/gitea/config.yaml + set: + gitea.config.server.DOMAIN: provided.example.com + ingress: + hosts: + - host: non-used.example.com + paths: + - path: / + pathType: Prefix + asserts: + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nDOMAIN=provided.example.com + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nSSH_DOMAIN=provided.example.com + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nROOT_URL=http://provided.example.com From dcf1891eddd858d0ad56e1a2fa5ea1501d287d75 Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 14 Nov 2023 23:27:27 +0000 Subject: [PATCH 103/114] Publish chart on Dockerhub (#525) As title. Co-authored-by: techknowlogick Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/525 Reviewed-by: justusbunsi --- .gitea/workflows/release-version.yml | 6 +++++- README.md | 14 ++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 644e52f..829bb38 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -41,7 +41,7 @@ jobs: # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 - name: package chart run: | - echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin + echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved helm plugin install https://github.com/pat-s/helm-gpg helm dependency update @@ -51,6 +51,10 @@ jobs: mv gitea*.tgz gitea/ curl -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml + # push to dockerhub + echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin + helm push gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts + helm registry logout registry-1.docker.io - name: aws credential configure uses: https://github.com/aws-actions/configure-aws-credentials@v2 diff --git a/README.md b/README.md index ad4799e..0f5b2ce 100644 --- a/README.md +++ b/README.md @@ -95,6 +95,12 @@ helm repo update helm install gitea gitea-charts/gitea ``` +Alternatively, the chart can also be installed from Dockerhub (since v9.6.0) + +```sh +helm install gitea oci://registry-1.docker.io/giteacharts/gitea +``` + When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom of this document for major and breaking changes. ## High Availability @@ -1105,14 +1111,18 @@ gitea: CONN_STR: redis+cluster://:gitea@gitea-redis-cluster-headless..svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& ``` + **Switch to rootless image by default** + If you are facing errors like `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED` due to this automatic transition: Have a look at [this discussion](https://gitea.com/gitea/helm-chart/issues/487#issue-220660) and either set `image.rootless: false` or manually update your `~/.ssh/known_hosts` file(s). + **Transitioning from a RWO to RWX Persistent Volume** + If you want to switch to a RWX volume and go for HA, you need to @@ -1120,8 +1130,10 @@ If you want to switch to a RWX volume and go for HA, you need to 2. Let the chart create a new RWX PV (or do it statically yourself) 3. Restore the backup to the same location in the new PV + **Transitioning from Postgres to Postgres HA** + If you are running with a non-HA PG DB from a previous chart release, you need to set @@ -1130,8 +1142,10 @@ If you are running with a non-HA PG DB from a previous chart release, you need t This is needed to stay with your existing single-instance DB (as the HA-variant is the new default). + **Change of env-to-ini prefix** + Before this release, the env-to-ini prefix was `ENV_TO_INI__`. This allowed a clear distinction between user-provided and chart-provided env-to-ini variables. From 7eea1acf057b9c5ae957d4e0565fae8ef57ccf30 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 16 Nov 2023 10:14:34 +0000 Subject: [PATCH 104/114] chore: reduce redis-cluster pods and move HA out of "experimental" state (#565) The pod reduction for `redis-cluster` should help users seeking for a Gitea deployment with less pods. Users seeking for a minimal deployment are further advised to follow https://gitea.com/gitea/helm-chart#user-content-single-pod-configurations. HA is working fine in the provided configuration and should be moved out of the "experimental" state given that there were no reports of Gitea malfunctioning reported to HA usage in recent months/since v9 release. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/565 Reviewed-by: techknowlogick Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 18 +++++++++--------- docs/ha-setup.md | 7 +++++-- values.yaml | 5 +++++ 3 files changed, 19 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 0f5b2ce..6dfc5bd 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ - [Database defaults](#database-defaults) - [Server defaults](#server-defaults) - [Metrics defaults](#metrics-defaults) - - [Rootless defaults](#rootless-defaults) + - [Rootless Defaults](#rootless-defaults) - [Single-Pod Configurations](#single-pod-configurations) - [Additional _app.ini_ settings](#additional-appini-settings) - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini) @@ -105,10 +105,8 @@ When upgrading, please refer to the [Upgrading](#upgrading) section at the botto ## High Availability -⚠️ **EXPERIMENTAL** ⚠️ - -Since version 9.0.0 this chart has experimental support for running Gitea and it's dependencies in a HA setup. -The setup is still experimental and care must be taken for production use as Gitea core is not yet officially HA-ready. +Since version 9.0.0 this chart supports running Gitea and it's dependencies in HA mode. +Care must be taken for production use as not all implementation details of Gitea core are officially HA-ready yet. Deploying a HA-ready Gitea instance requires some effort including using HA-ready dependencies. See the [HA Setup](docs/ha-setup.md) document for more details. @@ -996,10 +994,12 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo ### redis-cluster -| Name | Description | Value | -| --------------------------- | -------------------------------------- | ------- | -| `redis-cluster.enabled` | Enable redis | `true` | -| `redis-cluster.usePassword` | Whether to use password authentication | `false` | +| Name | Description | Value | +| -------------------------------- | -------------------------------------------- | ------- | +| `redis-cluster.enabled` | Enable redis | `true` | +| `redis-cluster.usePassword` | Whether to use password authentication | `false` | +| `redis-cluster.cluster.nodes` | Number of redis cluster master nodes | `3` | +| `redis-cluster.cluster.replicas` | Number of redis cluster master node replicas | `0` | ### PostgreSQL-ha diff --git a/docs/ha-setup.md b/docs/ha-setup.md index 4620317..b3ed491 100644 --- a/docs/ha-setup.md +++ b/docs/ha-setup.md @@ -1,7 +1,5 @@ # High Availability -⚠️ **EXPERIMENTAL** ⚠️ - All components (in-memory DB, volume/asset storage, code indexer) used by Gitea must be deployed in a HA-ready fashion to achieve a full HA-ready Gitea deployment. The following document explains how to achieve this for all individual components. @@ -97,6 +95,11 @@ To do so, you need to set the following configuration values yourself: - `gitea.config.cache.ADAPTER`: `redis` - `gitea.config.cache.HOST`: `` +By default, the `redis-cluster` chart provisions three standalone master nodes of which each has a single replica. +To reduce the number of pods for a default Gitea deployment, we opted to omit the replicas (`replicas: 0`) by default. +Only the minimum required number of master pods for a functional `redis-cluster` deployment are provisioned. +For a "proper" `redis-cluster` setup however, we recommend to set `replicas: 1` and `nodes: 6`. + ## Object and asset storage Object/asset storage refers to the storage of attachments, avatars, LFS files, etc. diff --git a/values.yaml b/values.yaml index 15ecd06..b6712e7 100644 --- a/values.yaml +++ b/values.yaml @@ -479,9 +479,14 @@ gitea: ## @section redis-cluster ## @param redis-cluster.enabled Enable redis ## @param redis-cluster.usePassword Whether to use password authentication +## @param redis-cluster.cluster.nodes Number of redis cluster master nodes +## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas redis-cluster: enabled: true usePassword: false + cluster: + nodes: 3 # default: 6 + replicas: 0 # default: 1 ## @section postgresql-ha # From ead62a0dbcdaa6d347a622f9c2037dc25df37543 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 16 Nov 2023 20:42:17 +0000 Subject: [PATCH 105/114] Bump to 1.21.0 (#566) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/566 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- Chart.yaml | 2 +- README.md | 11 ++++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 2fde9b9..624a8b7 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.20.5 +appVersion: 1.21.0 icon: https://gitea.com/assets/img/logo.svg keywords: diff --git a/README.md b/README.md index 6dfc5bd..9f70734 100644 --- a/README.md +++ b/README.md @@ -706,7 +706,7 @@ extraVolumes: extraVolumeMounts: - name: gitea-themes readOnly: true - mountPath: "/data/gitea/public/css" + mountPath: "/data/gitea/public/assets/css" ``` The secret can be created via `terraform`: @@ -1051,6 +1051,15 @@ If you miss this, blindly upgrading may delete your Postgres instance and you ma
+To 9.6.0 + +Chart 9.6.0 ships with Gitea 1.21.0. +While there are no breaking changes in the chart, please check the changes of the [1.21 release blog post](https://blog.gitea.com/release-of-1.21.0/). + +
+ +
+ To 9.0.0 This chart release comes with many breaking changes while aiming for a HA-ready setup. From d52ead0be740beae4c4dc5b2670034e33630cd1b Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 16 Nov 2023 20:45:10 +0000 Subject: [PATCH 106/114] Renovate: run tests on branches, group deps and adjust schedule to weekends (#556) Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/556 Co-authored-by: pat-s Co-committed-by: pat-s --- .gitea/workflows/test-pr.yml | 8 ++++++- renovate.json5 | 44 +++++++++++++++++++++--------------- 2 files changed, 33 insertions(+), 19 deletions(-) diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 9d61655..6cef8e3 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -1,7 +1,13 @@ name: check-and-test on: - - pull_request + pull_request: + branches: + - "*" + push: + branches: + - main + - "renovate/**" env: # renovate: datasource=github-releases depName=helm-unittest/helm-unittest diff --git a/renovate.json5 b/renovate.json5 index f4b9100..b4fd56d 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -1,25 +1,33 @@ { - $schema: "https://docs.renovatebot.com/renovate-schema.json", - extends: ["gitea>gitea/renovate-config"], - labels: ["kind/dependency"], + $schema: 'https://docs.renovatebot.com/renovate-schema.json', + extends: [ + 'gitea>gitea/renovate-config', + ':automergeMinor', + 'schedule:automergeDaily', + 'schedule:weekends', + ], + labels: ['kind/dependency'], + automergeStrategy: 'squash', customManagers: [ - { - description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions', - customType: 'regex', - fileMatch: ['.gitea/workflows/.+\\.ya?ml$'], - matchStrings: [ - '# renovate: datasource=(?[a-z-.]+?) depName=(?[^\\s]+?)(?: (?:lookupName|packageName)=(?[^\\s]+?))?(?: versioning=(?[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?.+?)["\']?\\s', - ], - }, - ], + { + description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions', + customType: 'regex', + fileMatch: ['.gitea/workflows/.+\\.ya?ml$'], + matchStrings: [ + '# renovate: datasource=(?[a-z-.]+?) depName=(?[^\\s]+?)(?: (?:lookupName|packageName)=(?[^\\s]+?))?(?: versioning=(?[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?.+?)["\']?\\s', + ], + }, + ], packageRules: [ { - description: "Automerge minor + patch dependency updates weekly", - matchManagers: ["helmv3"], - matchUpdateTypes: ["minor", "patch", "digest"], - automerge: true, - automergeStrategy: "squash", - extends: ["schedule:weekly"], + groupName: 'subcharts (minor & patch)', + matchManagers: ['helmv3'], + matchUpdateTypes: ['minor', 'patch', 'digest'], + }, + { + groupName: 'workflow dependencies (minor & patch)', + matchManagers: ['github-actions', 'npm', 'regex'], + matchUpdateTypes: ['minor', 'patch', 'digest'], }, ], } From 6c0699e86e245885c8630c8b52ee76f13209c9a8 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Thu, 16 Nov 2023 21:00:39 +0000 Subject: [PATCH 107/114] Switch imagePullPolicy to "IfNotPresent" (#568) ### Benefits Less image pulls. ### Additional information committed via GUI - so no signature on first commit. Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/568 Reviewed-by: pat-s Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- README.md | 20 ++++++++++---------- unittests/config/server-section_domain.yaml | 4 ++-- values.yaml | 2 +- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 9f70734..f47df85 100644 --- a/README.md +++ b/README.md @@ -810,16 +810,16 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo ### Image -| Name | Description | Value | -| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | -| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` | -| `image.repository` | Image to start for this pod | `gitea/gitea` | -| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` | -| `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | -| `image.pullPolicy` | Image pull policy | `Always` | -| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` | -| `image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** | `""` | -| `imagePullSecrets` | Secret to use for pulling the image | `[]` | +| Name | Description | Value | +| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- | +| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` | +| `image.repository` | Image to start for this pod | `gitea/gitea` | +| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` | +| `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` | +| `image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** | `""` | +| `imagePullSecrets` | Secret to use for pulling the image | `[]` | ### Security diff --git a/unittests/config/server-section_domain.yaml b/unittests/config/server-section_domain.yaml index 27a59c7..cf5a3b8 100644 --- a/unittests/config/server-section_domain.yaml +++ b/unittests/config/server-section_domain.yaml @@ -19,7 +19,7 @@ tests: path: stringData.server pattern: \nROOT_URL=http://git.example.com -################################################ + ################################################ - it: "[no ingress hosts] uses gitea http service for DOMAIN|SSH_DOMAIN|ROOT_URL" template: templates/gitea/config.yaml @@ -40,7 +40,7 @@ tests: path: stringData.server pattern: \nROOT_URL=http://gitea-unittests-http.testing.svc.cluster.local -################################################ + ################################################ - it: "[provided via values] uses that for DOMAIN|SSH_DOMAIN|ROOT_URL" template: templates/gitea/config.yaml diff --git a/values.yaml b/values.yaml index b6712e7..2736a2f 100644 --- a/values.yaml +++ b/values.yaml @@ -50,7 +50,7 @@ image: # Overrides the image tag whose default is the chart appVersion. tag: "" digest: "" - pullPolicy: Always + pullPolicy: IfNotPresent rootless: true fullOverride: "" From f7d661ee3a3b1b750d0a7db8fbbf8a96c3199fda Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 16 Nov 2023 22:07:25 +0100 Subject: [PATCH 108/114] fix release workflow --- .gitea/workflows/release-version.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 829bb38..6458a88 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -49,11 +49,11 @@ jobs: helm gpg sign "gitea-${GITHUB_REF#refs/tags/v}.tgz" mkdir gitea mv gitea*.tgz gitea/ - curl -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml + curl -s -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml # push to dockerhub echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin - helm push gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts + helm push gitea/gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts helm registry logout registry-1.docker.io - name: aws credential configure From 5c4bcaa1e308f89070658abce5e7d6a9be04914e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 25 Nov 2023 04:10:18 +0000 Subject: [PATCH 109/114] chore(config): migrate renovate config (#575) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- renovate.json5 | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/renovate.json5 b/renovate.json5 index b4fd56d..74278dd 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -6,13 +6,17 @@ 'schedule:automergeDaily', 'schedule:weekends', ], - labels: ['kind/dependency'], + labels: [ + 'kind/dependency', + ], automergeStrategy: 'squash', customManagers: [ { description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions', customType: 'regex', - fileMatch: ['.gitea/workflows/.+\\.ya?ml$'], + fileMatch: [ + '.gitea/workflows/.+\\.ya?ml$', + ], matchStrings: [ '# renovate: datasource=(?[a-z-.]+?) depName=(?[^\\s]+?)(?: (?:lookupName|packageName)=(?[^\\s]+?))?(?: versioning=(?[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?.+?)["\']?\\s', ], @@ -21,13 +25,27 @@ packageRules: [ { groupName: 'subcharts (minor & patch)', - matchManagers: ['helmv3'], - matchUpdateTypes: ['minor', 'patch', 'digest'], + matchManagers: [ + 'helmv3', + ], + matchUpdateTypes: [ + 'minor', + 'patch', + 'digest', + ], }, { groupName: 'workflow dependencies (minor & patch)', - matchManagers: ['github-actions', 'npm', 'regex'], - matchUpdateTypes: ['minor', 'patch', 'digest'], + matchManagers: [ + 'github-actions', + 'npm', + 'custom.regex', + ], + matchUpdateTypes: [ + 'minor', + 'patch', + 'digest', + ], }, ], } From 34c1212939e1c4184ca3bd83171dc90ecbf3f9ca Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Mon, 27 Nov 2023 18:35:42 +0000 Subject: [PATCH 110/114] Use `helm dependency build` in release build (#563) Using `helm dependency update` may result in unwillingly updating the dependencies while cutting a release. I wasn't able to do so. Most likely due to the dependency pinning in Chart.yaml and Chart.lock. Based on Helm documentation, `update` uses Chart.yaml[^1] while `build` uses Chart.lock[^2]. All in all it is safer to use `helm dependency build`. :D [^1]: https://helm.sh/docs/helm/helm_dependency_update/ [^2]: https://helm.sh/docs/helm/helm_dependency_build/ Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/563 Reviewed-by: pat-s --- .gitea/workflows/release-version.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 6458a88..0b516ab 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -44,7 +44,7 @@ jobs: echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved helm plugin install https://github.com/pat-s/helm-gpg - helm dependency update + helm dependency build helm package --version "${GITHUB_REF#refs/tags/v}" ./ helm gpg sign "gitea-${GITHUB_REF#refs/tags/v}.tgz" mkdir gitea From 8bcd2dc63b00af2cd19d1c08113eaf7be19bca34 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Mon, 27 Nov 2023 18:36:47 +0000 Subject: [PATCH 111/114] Detect major dependency version bumps (#571) As seen in #507 and #569, there is no guarantee for us that minor dependency updates are actually minor updates for the dependent application itself. The Chart version might be minor - and therefore automatically merged when build is green - but the used Docker image inside the Chart could still be a major version change. To effectively prevent such automerge when the application major version changes, there is now a test file that has the currently used major versions hard-coded. In case of an actual major bump, this file has to be adjusted. Looking at `redis-cluster`, there might be several major Chart versions with the same major application version. This PR is related to #409 but does not fully resolve it. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/571 Reviewed-by: pat-s --- Makefile | 2 +- unittests/dependency-major-image-check.yaml | 42 +++++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 unittests/dependency-major-image-check.yaml diff --git a/Makefile b/Makefile index e3e4f03..4e4b5bd 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ readme: prepare-environment .PHONY: unittests unittests: - helm unittest --strict -f 'unittests/**/*.yaml' ./ + helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' ./ .PHONY: helm update-helm-dependencies: diff --git a/unittests/dependency-major-image-check.yaml b/unittests/dependency-major-image-check.yaml new file mode 100644 index 0000000..f50d58c --- /dev/null +++ b/unittests/dependency-major-image-check.yaml @@ -0,0 +1,42 @@ +suite: Dependency update consistency +release: + name: gitea-unittests + namespace: testing +tests: + - it: "[postgresql-ha] ensures we detect major image version upgrades" + template: charts/postgresql-ha/templates/postgresql/statefulset.yaml + set: + postgresql: + enabled: false + postgresql-ha: + enabled: true + asserts: + - documentIndex: 0 + matchRegex: + path: spec.template.spec.containers[0].image + # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST + pattern: ^docker.io/bitnami/postgresql-repmgr:15.+$ + - it: "[postgresql] ensures we detect major image version upgrades" + template: charts/postgresql/templates/primary/statefulset.yaml + set: + postgresql: + enabled: true + postgresql-ha: + enabled: false + asserts: + - documentIndex: 0 + matchRegex: + path: spec.template.spec.containers[0].image + # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST + pattern: ^docker.io/bitnami/postgresql:15.+$ + - it: "[redis-cluster] ensures we detect major image version upgrades" + template: charts/redis-cluster/templates/redis-statefulset.yaml + set: + redis-cluster: + enabled: true + asserts: + - documentIndex: 0 + matchRegex: + path: spec.template.spec.containers[0].image + # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST + pattern: ^docker.io/bitnami/redis-cluster:7.+$ From b265d87f55e9549a408e8e6c6a63e872303a10dd Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Mon, 27 Nov 2023 18:38:14 +0000 Subject: [PATCH 112/114] Improve experience on writing unittests (#570) While working on #409, I noticed that some unittests contains either invalid assertion methods (`isNotEmpty`) or invalid properties (`any`) for a specific assertion method (`notContains`). As our tests pass - and I have ensured that they can fail - this seems related to the YAML schema validation in the IDE. I've noticed that `isNotEmpty` was replaced by `isNotNullOrEmpty`[^1] in version v0.3.2[^2]. At least from a schema validation point of view. It is still working. Maybe deprecated? I don't know. Regarding the `any` property, the documentation seems incorrect. I've filed a PR for it[^3]. As soon as that PR is merged and released, we could probably validate the test YAML files in our PR workflow. Last, since we renovate the used helm-unittest version, we should also renovate the used YAML schema file. [^1]: https://github.com/helm-unittest/helm-unittest/pull/139 [^2]: https://github.com/helm-unittest/helm-unittest/releases/tag/v0.3.2 [^3]: https://github.com/helm-unittest/helm-unittest/pull/243 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/570 Reviewed-by: pat-s --- .vscode/settings.json | 2 +- renovate.json5 | 9 +++++++++ unittests/gpg-secret/signing-enabled.yaml | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index d709909..812b1f8 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,6 +1,6 @@ { "yaml.schemas": { - "https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json": [ + "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.3.6/schema/helm-testsuite.json": [ "/unittests/**/*.yaml" ] }, diff --git a/renovate.json5 b/renovate.json5 index 74278dd..1831179 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -21,6 +21,15 @@ '# renovate: datasource=(?[a-z-.]+?) depName=(?[^\\s]+?)(?: (?:lookupName|packageName)=(?[^\\s]+?))?(?: versioning=(?[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?.+?)["\']?\\s', ], }, + { + description: 'Detect helm-unittest yaml schema file', + customType: 'regex', + fileMatch: ['.vscode/settings\\.json$'], + matchStrings: [ + 'https:\\/\\/raw\\.githubusercontent\\.com\\/(?[^\\s]+?)\\/(?v[0-9.]+?)\\/schema\\/helm-testsuite\\.json', + ], + datasourceTemplate: 'github-releases', + }, ], packageRules: [ { diff --git a/unittests/gpg-secret/signing-enabled.yaml b/unittests/gpg-secret/signing-enabled.yaml index 4040793..8fcab68 100644 --- a/unittests/gpg-secret/signing-enabled.yaml +++ b/unittests/gpg-secret/signing-enabled.yaml @@ -33,7 +33,7 @@ tests: kind: Secret apiVersion: v1 name: gitea-unittests-gpg-key - - isNotEmpty: + - isNotNullOrEmpty: path: metadata.labels - equal: path: data.privateKey From 0081cabe0b2c6e758354630963055298e997b1de Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 27 Nov 2023 21:00:37 +0000 Subject: [PATCH 113/114] Bump to 1.21.1 (#576) Changelog: https://github.com/go-gitea/gitea/releases/tag/v1.21.1 Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/576 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 624a8b7..da438be 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.21.0 +appVersion: 1.21.1 icon: https://gitea.com/assets/img/logo.svg keywords: From 7e403d5ef67006b7c0ec0f7a319ee2992b60b523 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 4 Dec 2023 19:49:43 +0000 Subject: [PATCH 114/114] chore(deps): update postgresql-ha docker tag to v12 (#528) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [postgresql-ha](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/postgresql-ha)) | major | `11.9.4` -> `12.3.1` | --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/528 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- unittests/dependency-major-image-check.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Chart.lock b/Chart.lock index a40418a..5d48181 100644 --- a/Chart.lock +++ b/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 12.12.10 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.4 + version: 12.3.1 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 9.1.3 -digest: sha256:6bda620320a05a5ea4efb4189a86d30092aeb0a6f3e0009538f4bea312af0863 -generated: "2023-11-14T00:08:15.790217865Z" +digest: sha256:f0dc6b0142ec7bb8e7f89a48e04aca1912017f408e845db0f8b686f1217b9c7e +generated: "2023-12-01T00:12:50.856889705Z" diff --git a/Chart.yaml b/Chart.yaml index da438be..196d5c9 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -41,7 +41,7 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.4 + version: 12.3.1 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster diff --git a/unittests/dependency-major-image-check.yaml b/unittests/dependency-major-image-check.yaml index f50d58c..db33ed7 100644 --- a/unittests/dependency-major-image-check.yaml +++ b/unittests/dependency-major-image-check.yaml @@ -15,7 +15,7 @@ tests: matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST - pattern: ^docker.io/bitnami/postgresql-repmgr:15.+$ + pattern: ^docker.io/bitnami/postgresql-repmgr:16.+$ - it: "[postgresql] ensures we detect major image version upgrades" template: charts/postgresql/templates/primary/statefulset.yaml set: