diff --git a/.markdownlintignore b/.markdownlintignore index 7aee9a3..2e1da46 100644 --- a/.markdownlintignore +++ b/.markdownlintignore @@ -1,4 +1,5 @@ .gitea/ node_modules/ charts/ -.helmignore \ No newline at end of file +.helmignore +Chart.lock diff --git a/.prettierignore b/.prettierignore new file mode 100644 index 0000000..fafeafa --- /dev/null +++ b/.prettierignore @@ -0,0 +1 @@ +Chart.lock \ No newline at end of file diff --git a/.woodpecker/lint.yml b/.woodpecker/lint.yml index 439e048..c05f472 100644 --- a/.woodpecker/lint.yml +++ b/.woodpecker/lint.yml @@ -36,7 +36,7 @@ pipeline: pull: true commands: - apk add --no-cache make helm git bash - - helm plugin install https://github.com/helm-unittest/helm-unittest + - helm plugin install --version 0.3.1 https://github.com/helm-unittest/helm-unittest - helm dependency update - make unittests diff --git a/README.md b/README.md index 99c8c68..f63ccd6 100644 --- a/README.md +++ b/README.md @@ -675,6 +675,7 @@ gitea: | `tolerations` | Tolerations for the statefulset | `[]` | | `affinity` | Affinity for the statefulset | `{}` | | `dnsConfig` | dnsConfig for the statefulset | `{}` | +| `priorityClassName` | priorityClassName for the statefulset | `""` | | `statefulset.env` | Additional environment variables to pass to containers | `[]` | | `statefulset.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod | `60` | | `statefulset.labels` | Labels for the statefulset | `{}` | @@ -699,9 +700,12 @@ gitea: ### Init -| Name | Description | Value | -| --------------- | --------------------------------------------------------------------- | ----- | -| `initPreScript` | Bash shell script copied verbatim to the start of the init-container. | `""` | +| Name | Description | Value | +| ------------------------------------------ | ------------------------------------------------------------------------------------ | ------- | +| `initPreScript` | Bash shell script copied verbatim to the start of the init-container. | `""` | +| `initContainers.resources.limits` | initContainers.limits Kubernetes resource limits for init containers | `{}` | +| `initContainers.resources.requests.cpu` | initContainers.requests.cpu Kubernetes cpu resource limits for init containers | `100m` | +| `initContainers.resources.requests.memory` | initContainers.requests.memory Kubernetes memory resource limits for init containers | `128Mi` | ### Signing diff --git a/renovate.json b/renovate.json index 3ea6fc6..20be1ea 100644 --- a/renovate.json +++ b/renovate.json @@ -41,6 +41,13 @@ "depNameTemplate": "forgejo", "packageNameTemplate": "codeberg.org/forgejo/forgejo", "datasourceTemplate": "docker" + }, + { + "fileMatch": ["^\\.woodpecker/[a-z-]+\\.yml$"], + "matchStrings": ["helm plugin install --version (?.+?) https://github.com/helm-unittest/helm-unittest\\s"], + "depNameTemplate": "helm-unittest", + "packageNameTemplate": "helm-unittest/helm-unittest", + "datasourceTemplate": "github-releases" } ] } diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 6394e9a..b11813b 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -39,6 +39,9 @@ spec: {{- if .Values.schedulerName }} schedulerName: "{{ .Values.schedulerName }}" {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} {{- include "gitea.images.pullSecrets" . | nindent 6 }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} @@ -76,6 +79,8 @@ spec: {{- include "gitea.init-additional-mounts" . | nindent 12 }} securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} + resources: + {{- toYaml .Values.initContainers.resources | nindent 12 }} - name: init-app-ini image: "{{ include "gitea.image" . }}" imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -114,6 +119,8 @@ spec: {{- include "gitea.init-additional-mounts" . | nindent 12 }} securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} + resources: + {{- toYaml .Values.initContainers.resources | nindent 12 }} {{- if .Values.signing.enabled }} - name: configure-gpg image: "{{ include "gitea.image" . }}" @@ -143,6 +150,8 @@ spec: {{- if .Values.extraVolumeMounts }} {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} + resources: + {{- toYaml .Values.initContainers.resources | nindent 12 }} {{- end }} - name: configure-gitea image: "{{ include "gitea.image" . }}" @@ -232,6 +241,8 @@ spec: subPath: {{ .Values.persistence.subPath }} {{- end }} {{- include "gitea.init-additional-mounts" . | nindent 12 }} + resources: + {{- toYaml .Values.initContainers.resources | nindent 12 }} terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }} containers: - name: {{ .Chart.Name }} diff --git a/unittests/init/init_directory_structure.sh.yaml b/unittests/init/init_directory_structure.sh.yaml index b77c002..90f8672 100644 --- a/unittests/init/init_directory_structure.sh.yaml +++ b/unittests/init/init_directory_structure.sh.yaml @@ -8,6 +8,10 @@ tests: - it: runs gpg in batch mode set: signing.enabled: true + signing.privateKey: |- + -----BEGIN PGP PRIVATE KEY BLOCK----- + {placeholder} + -----END PGP PRIVATE KEY BLOCK----- asserts: - equal: path: stringData["configure_gpg_environment.sh"] @@ -38,6 +42,10 @@ tests: - it: adds gpg script block for enabled signing set: signing.enabled: true + signing.privateKey: |- + -----BEGIN PGP PRIVATE KEY BLOCK----- + {placeholder} + -----END PGP PRIVATE KEY BLOCK----- asserts: - equal: path: stringData["init_directory_structure.sh"] diff --git a/unittests/statefulset/signing-disabled.yaml b/unittests/statefulset/signing-disabled.yaml index dc6b1b8..9e74700 100644 --- a/unittests/statefulset/signing-disabled.yaml +++ b/unittests/statefulset/signing-disabled.yaml @@ -17,9 +17,9 @@ tests: - it: skips gpg env in `init-directories` init container template: templates/gitea/statefulset.yaml set: - signing.enabled: true + signing.enabled: false asserts: - - contains: + - notContains: path: spec.template.spec.initContainers[0].env content: name: GNUPGHOME diff --git a/unittests/statefulset/signing-enabled.yaml b/unittests/statefulset/signing-enabled.yaml index 25e8cd7..9dd3901 100644 --- a/unittests/statefulset/signing-enabled.yaml +++ b/unittests/statefulset/signing-enabled.yaml @@ -42,6 +42,7 @@ tests: template: templates/gitea/statefulset.yaml set: signing.enabled: true + signing.existingSecret: "custom-gpg-secret" asserts: - contains: path: spec.template.spec.initContainers[0].env @@ -52,6 +53,7 @@ tests: template: templates/gitea/statefulset.yaml set: signing.enabled: true + signing.existingSecret: "custom-gpg-secret" asserts: - contains: path: spec.template.spec.containers[0].env @@ -63,6 +65,7 @@ tests: set: signing: enabled: true + existingSecret: "forgejo-unittests-gpg-key" asserts: - contains: path: spec.template.spec.volumes diff --git a/values.yaml b/values.yaml index b9951e7..400a309 100644 --- a/values.yaml +++ b/values.yaml @@ -189,6 +189,9 @@ affinity: {} ## @param dnsConfig dnsConfig for the statefulset dnsConfig: {} +## @param priorityClassName priorityClassName for the statefulset +priorityClassName: "" + ## @param statefulset.env Additional environment variables to pass to containers ## @param statefulset.terminationGracePeriodSeconds How long to wait until forcefully kill the pod ## @param statefulset.labels Labels for the statefulset @@ -255,6 +258,16 @@ initPreScript: "" # chown -R git:git /data/git/.postgresql/ # chmod 400 /data/git/.postgresql/postgresql.key +## @param initContainers.resources.limits initContainers.limits Kubernetes resource limits for init containers +## @param initContainers.resources.requests.cpu initContainers.requests.cpu Kubernetes cpu resource limits for init containers +## @param initContainers.resources.requests.memory initContainers.requests.memory Kubernetes memory resource limits for init containers +initContainers: + resources: + limits: {} + requests: + cpu: 100m + memory: 128Mi + # Configure commit/action signing prerequisites ## @section Signing #