DevFW-CICD/forgejo-helm
16
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: DevFW-CICD:main
Branches Tags
DevFW-CICD:main
DevFW-CICD:maint/v7
DevFW-CICD:renovate/maint/v7-conventional-changelog-core-9.x
DevFW-CICD:renovate/main-conventional-changelog-core-9.x
DevFW-CICD:renovate/maint/v7-helm-chart-testing-action-2.x
DevFW-CICD:renovate/main-helm-chart-testing-action-2.x
DevFW-CICD:renovate-test/main-k3s-minor-1.30.x
DevFW-CICD:renovate-test/main-k3s-minor-1.29.x
DevFW-CICD:v11.0.1-depends
DevFW-CICD:v9.0.0-depends
DevFW-CICD:v12.0.0-depends
DevFW-CICD:v12.0.0
DevFW-CICD:v11.0.2-depends
DevFW-CICD:v11.0.3-depends
DevFW-CICD:v11.0.5-depends
DevFW-CICD:v11.0.5
DevFW-CICD:v10.1.1-depends
DevFW-CICD:v7.1.9
DevFW-CICD:v11.0.3
DevFW-CICD:v7.1.8
DevFW-CICD:v11.0.2
DevFW-CICD:v11.0.1
DevFW-CICD:v7.1.7
DevFW-CICD:v11.0.0
DevFW-CICD:v10.1.2
DevFW-CICD:v7.1.6
DevFW-CICD:v10.1.1
DevFW-CICD:v7.1.5
DevFW-CICD:v10.1.0
DevFW-CICD:v10.0.2
DevFW-CICD:v7.1.4
DevFW-CICD:v10.0.1
DevFW-CICD:v7.1.3
DevFW-CICD:v10.0.0
DevFW-CICD:v9.0.0
DevFW-CICD:v8.2.3
DevFW-CICD:v7.1.2
DevFW-CICD:v8.2.2
DevFW-CICD:v8.2.1
DevFW-CICD:v7.1.1
DevFW-CICD:v8.2.0
DevFW-CICD:v7.1.0
DevFW-CICD:v7.0.7
DevFW-CICD:v7.0.6
DevFW-CICD:v8.1.2
DevFW-CICD:v7.0.5
DevFW-CICD:v8.1.1
DevFW-CICD:v8.1.0
DevFW-CICD:v8.0.1
DevFW-CICD:v8.0.0
DevFW-CICD:v7.0.4
DevFW-CICD:v7.0.3
DevFW-CICD:v5.1.3
DevFW-CICD:v7.0.2
DevFW-CICD:v7.0.1
DevFW-CICD:v5.1.2
DevFW-CICD:v7.0.0
DevFW-CICD:v6.1.1
DevFW-CICD:v5.1.1
DevFW-CICD:v5.1.0
DevFW-CICD:v6.1.0
DevFW-CICD:v6.0.8
DevFW-CICD:v6.0.7
DevFW-CICD:v6.0.6
DevFW-CICD:v6.0.5
DevFW-CICD:v6.0.3
DevFW-CICD:v6.0.2
DevFW-CICD:v6.0.1
DevFW-CICD:v6.0.0
DevFW-CICD:v5.0.5
DevFW-CICD:v5.0.4
DevFW-CICD:v5.0.3
DevFW-CICD:v5.0.2
DevFW-CICD:v5.0.1
DevFW-CICD:v5.0.0
DevFW-CICD:v4.0.3
DevFW-CICD:v4.0.2
DevFW-CICD:v4.0.1
DevFW-CICD:v4.0.0
DevFW-CICD:v3.0.3
DevFW-CICD:v3.0.2
DevFW-CICD:v3.0.1
DevFW-CICD:v3.0.0
DevFW-CICD:v2.0.0
DevFW-CICD:v1.1.7
DevFW-CICD:v1.1.6
DevFW-CICD:v1.1.5
DevFW-CICD:v1.1.4
DevFW-CICD:v1.1.3
DevFW-CICD:v1.1.2
DevFW-CICD:v1.1.1
DevFW-CICD:v1.1.0
DevFW-CICD:v1.0.4
DevFW-CICD:v1.0.3
DevFW-CICD:v1.0.2
DevFW-CICD:v1.0.1
DevFW-CICD:v1.0.0
DevFW-CICD:v0.16.2
DevFW-CICD:v0.16.1
DevFW-CICD:v0.16.0
DevFW-CICD:v0.15.0
DevFW-CICD:v0.14.0
DevFW-CICD:v0.13.0
DevFW-CICD:v0.12.1
DevFW-CICD:v0.12.0
DevFW-CICD:v0.11.1
DevFW-CICD:0.11.0
DevFW-CICD:v0.10.1
DevFW-CICD:v0.10.0
DevFW-CICD:v0.9.3
DevFW-CICD:v0.9.2
DevFW-CICD:v0.9.1
DevFW-CICD:v0.9.0
DevFW-CICD:v0.8.6
DevFW-CICD:v0.8.5
DevFW-CICD:v0.8.4
DevFW-CICD:v0.8.3
DevFW-CICD:v0.8.2
DevFW-CICD:v0.8.1
DevFW-CICD:v0.8.0
DevFW-CICD:v0.7.3
DevFW-CICD:v0.7.2
DevFW-CICD:v0.7.1
DevFW-CICD:v0.7.0
DevFW-CICD:v0.6.1
DevFW-CICD:v0.6.0
DevFW-CICD:v0.5.0
DevFW-CICD:v0.4.0
DevFW-CICD:v0.3.3
DevFW-CICD:v0.3.2
DevFW-CICD:v0.3.1
DevFW-CICD:v0.3.0
DevFW-CICD:v0.2.0
DevFW-CICD:v0.1.0
DevFW-CICD:v0.0.4
DevFW-CICD:v0.0.3
DevFW-CICD:v0.0.2
DevFW-CICD:v0.0.1
..
compare: DevFW-CICD:v1.1.5
Branches Tags
DevFW-CICD:main
DevFW-CICD:maint/v7
DevFW-CICD:renovate/maint/v7-conventional-changelog-core-9.x
DevFW-CICD:renovate/main-conventional-changelog-core-9.x
DevFW-CICD:renovate/maint/v7-helm-chart-testing-action-2.x
DevFW-CICD:renovate/main-helm-chart-testing-action-2.x
DevFW-CICD:renovate-test/main-k3s-minor-1.30.x
DevFW-CICD:renovate-test/main-k3s-minor-1.29.x
DevFW-CICD:v11.0.1-depends
DevFW-CICD:v9.0.0-depends
DevFW-CICD:v12.0.0-depends
DevFW-CICD:v12.0.0
DevFW-CICD:v11.0.2-depends
DevFW-CICD:v11.0.3-depends
DevFW-CICD:v11.0.5-depends
DevFW-CICD:v11.0.5
DevFW-CICD:v10.1.1-depends
DevFW-CICD:v7.1.9
DevFW-CICD:v11.0.3
DevFW-CICD:v7.1.8
DevFW-CICD:v11.0.2
DevFW-CICD:v11.0.1
DevFW-CICD:v7.1.7
DevFW-CICD:v11.0.0
DevFW-CICD:v10.1.2
DevFW-CICD:v7.1.6
DevFW-CICD:v10.1.1
DevFW-CICD:v7.1.5
DevFW-CICD:v10.1.0
DevFW-CICD:v10.0.2
DevFW-CICD:v7.1.4
DevFW-CICD:v10.0.1
DevFW-CICD:v7.1.3
DevFW-CICD:v10.0.0
DevFW-CICD:v9.0.0
DevFW-CICD:v8.2.3
DevFW-CICD:v7.1.2
DevFW-CICD:v8.2.2
DevFW-CICD:v8.2.1
DevFW-CICD:v7.1.1
DevFW-CICD:v8.2.0
DevFW-CICD:v7.1.0
DevFW-CICD:v7.0.7
DevFW-CICD:v7.0.6
DevFW-CICD:v8.1.2
DevFW-CICD:v7.0.5
DevFW-CICD:v8.1.1
DevFW-CICD:v8.1.0
DevFW-CICD:v8.0.1
DevFW-CICD:v8.0.0
DevFW-CICD:v7.0.4
DevFW-CICD:v7.0.3
DevFW-CICD:v5.1.3
DevFW-CICD:v7.0.2
DevFW-CICD:v7.0.1
DevFW-CICD:v5.1.2
DevFW-CICD:v7.0.0
DevFW-CICD:v6.1.1
DevFW-CICD:v5.1.1
DevFW-CICD:v5.1.0
DevFW-CICD:v6.1.0
DevFW-CICD:v6.0.8
DevFW-CICD:v6.0.7
DevFW-CICD:v6.0.6
DevFW-CICD:v6.0.5
DevFW-CICD:v6.0.3
DevFW-CICD:v6.0.2
DevFW-CICD:v6.0.1
DevFW-CICD:v6.0.0
DevFW-CICD:v5.0.5
DevFW-CICD:v5.0.4
DevFW-CICD:v5.0.3
DevFW-CICD:v5.0.2
DevFW-CICD:v5.0.1
DevFW-CICD:v5.0.0
DevFW-CICD:v4.0.3
DevFW-CICD:v4.0.2
DevFW-CICD:v4.0.1
DevFW-CICD:v4.0.0
DevFW-CICD:v3.0.3
DevFW-CICD:v3.0.2
DevFW-CICD:v3.0.1
DevFW-CICD:v3.0.0
DevFW-CICD:v2.0.0
DevFW-CICD:v1.1.7
DevFW-CICD:v1.1.6
DevFW-CICD:v1.1.5
DevFW-CICD:v1.1.4
DevFW-CICD:v1.1.3
DevFW-CICD:v1.1.2
DevFW-CICD:v1.1.1
DevFW-CICD:v1.1.0
DevFW-CICD:v1.0.4
DevFW-CICD:v1.0.3
DevFW-CICD:v1.0.2
DevFW-CICD:v1.0.1
DevFW-CICD:v1.0.0
DevFW-CICD:v0.16.2
DevFW-CICD:v0.16.1
DevFW-CICD:v0.16.0
DevFW-CICD:v0.15.0
DevFW-CICD:v0.14.0
DevFW-CICD:v0.13.0
DevFW-CICD:v0.12.1
DevFW-CICD:v0.12.0
DevFW-CICD:v0.11.1
DevFW-CICD:0.11.0
DevFW-CICD:v0.10.1
DevFW-CICD:v0.10.0
DevFW-CICD:v0.9.3
DevFW-CICD:v0.9.2
DevFW-CICD:v0.9.1
DevFW-CICD:v0.9.0
DevFW-CICD:v0.8.6
DevFW-CICD:v0.8.5
DevFW-CICD:v0.8.4
DevFW-CICD:v0.8.3
DevFW-CICD:v0.8.2
DevFW-CICD:v0.8.1
DevFW-CICD:v0.8.0
DevFW-CICD:v0.7.3
DevFW-CICD:v0.7.2
DevFW-CICD:v0.7.1
DevFW-CICD:v0.7.0
DevFW-CICD:v0.6.1
DevFW-CICD:v0.6.0
DevFW-CICD:v0.5.0
DevFW-CICD:v0.4.0
DevFW-CICD:v0.3.3
DevFW-CICD:v0.3.2
DevFW-CICD:v0.3.1
DevFW-CICD:v0.3.0
DevFW-CICD:v0.2.0
DevFW-CICD:v0.1.0
DevFW-CICD:v0.0.4
DevFW-CICD:v0.0.3
DevFW-CICD:v0.0.2
DevFW-CICD:v0.0.1

No commits in common. "main" and "v1.1.5" have entirely different histories.
main ... v1.1.5

69 changed files with 2852 additions and 3659 deletions
Show stats Expand all files Collapse all files

25
.forgejo/actions/setup-k3s/action.yml
View file

@ -1,25 +0,0 @@
# action.yml
name: setup-k3s
description: 'setup k3s'
inputs:
version:
description: 'k3s version'
required: true
runs:
using: 'composite'
steps:
- shell: bash
name: install k3s
run: |
curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=${INPUT_VERSION} K3S_KUBECONFIG_MODE=640 sh -s - server
echo "KUBECONFIG=/etc/rancher/k3s/k3s.yaml" >> $GITHUB_ENV
- shell: bash
name: check k3s
run: kubectl cluster-info
- shell: bash
name: wait for nodes ready
run: |
sleep 3
kubectl wait --for=condition=Ready nodes --all --timeout=600s

12
.forgejo/actions/setup-node/action.yml
View file

@ -5,15 +5,9 @@ description: 'setup node'
runs: runs:
using: 'composite' using: 'composite'
steps: steps:
- name: Setup pnpm - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
with:
standalone: true
- uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
with: with:
node-version-file: .node-version node-version-file: .node-version
cache: 'pnpm' cache: 'npm'
- shell: bash - shell: bash
run: pnpm install --frozen-lockfile run: npm ci

1
.forgejo/actions/setup/action.yml
View file

@ -23,5 +23,4 @@ runs:
python3-wheel \ python3-wheel \
python3-venv \ python3-venv \
unzip \ unzip \
wget \
; ;

57
.forgejo/renovate/k3s.json
View file

@ -1,57 +0,0 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"packageRules": [
{
"description": "Separate minor and patch updates for k3s",
"matchDatasources": ["github-releases"],
"matchPackageNames": ["k3s-io/k3s"],
"separateMultipleMinor": true,
"separateMinorPatch": true,
"branchTopic": "{{{depNameSanitized}}}{{#if isMinor}}-minor{{/if}}-{{{newMajor}}}{{#if isPatch}}.{{{newMinor}}}{{/if}}.x{{#if isLockfileUpdate}}-lockfile{{/if}}",
"commitMessageSuffix": "{{#if isMinor}}(minor){{/if}}{{#if isPatch}}(patch){{/if}}"
},
{
"description": "No automerge for k3s major and minor updates",
"matchDatasources": ["github-releases"],
"matchPackageNames": ["k3s-io/k3s"],
"matchUpdateTypes": ["major", "minor"],
"automerge": false
},
{
"description": "Group k3s patch updates",
"matchDatasources": ["github-releases"],
"matchPackageNames": ["k3s-io/k3s"],
"matchUpdateTypes": ["patch"],
"groupName": "k3s"
},
{
"description": "Disable k3s major and minor updates for old versions",
"matchDatasources": ["github-releases"],
"matchFileNames": [".forgejo/workflows/**"],
"matchPackageNames": ["k3s-io/k3s"],
"matchUpdateTypes": ["major", "minor"],
"matchCurrentValue": "!/^v1.32/",
"enabled": false
}
],
"customDatasources": {
"k3s": {
"defaultRegistryUrlTemplate": "https://update.k3s.io/v1-release/channels",
"transformTemplates": [
"($isVersion:=function($name){$contains($name,/^v\\d+.\\d+$/)};{\"releases\":[data[$isVersion(name)].{\"version\":latest}],\"sourceUrl\":\"https://github.com/k3s-io/k3s\",\"homepage\":\"https://k3s.io/\"})"
]
}
},
"customManagers": [
{
"customType": "regex",
"fileMatch": [".forgejo/renovate/k3s.json"],
"matchStrings": [
"matchCurrentValue\": \"!\\/^v(?<currentValue>\\d+\\.\\d+)\\/"
],
"depNameTemplate": "k3s",
"versioningTemplate": "npm",
"datasourceTemplate": "custom.k3s"
}
]
}

83
.forgejo/workflows/build.yml
View file

@ -5,20 +5,19 @@ on:
push: push:
branches: branches:
- main - main
- maint/** - release/**
tags: tags:
- v* - v*
workflow_dispatch:
permissions: permissions:
contents: read contents: read
env: env:
HELM_VERSION: v3.17.2 # renovate: datasource=github-releases depName=helm packageName=helm/helm HELM_VERSION: v3.14.0 # renovate: datasource=github-releases depName=helm packageName=helm/helm
HELM_UNITTEST_VERSION: v0.7.2 # renovate: datasource=github-releases depName=helm-unittest packageName=helm-unittest/helm-unittest HELM_UNITTEST_VERSION: v0.4.1 # renovate: datasource=github-releases depName=helm-unittest packageName=helm-unittest/helm-unittest
HELM_CHART_TESTING_VERSION: v3.12.0 # renovate: datasource=github-releases depName=chart-testing packageName=helm/chart-testing HELM_CHART_TESTING_VERSION: v3.10.1 # renovate: datasource=github-releases depName=chart-testing packageName=helm/chart-testing
KUBECTL_VERSION: v1.32.3 # renovate: datasource=github-releases depName=kubectl packageName=kubernetes/kubernetes KIND_VERSION: v0.20.0 # renovate: datasource=github-releases depName=kind packageName=kubernetes-sigs/kind
CT_GITHUB_GROUPS: true KUBECTL_VERSION: v1.29.1 # renovate: datasource=github-releases depName=kubectl packageName=kubernetes/kubernetes
jobs: jobs:
lint-node: lint-node:
@ -26,24 +25,18 @@ jobs:
steps: steps:
- run: cat /etc/os-release - run: cat /etc/os-release
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
show-progress: false show-progress: false
fetch-depth: 0 # Important for changelog
filter: blob:none # We don't need all blobs
- uses: ./.forgejo/actions/setup - uses: ./.forgejo/actions/setup
- uses: ./.forgejo/actions/setup-node - uses: ./.forgejo/actions/setup-node
- run: pnpm prettier - run: npm run prettier
- run: pnpm markdownlint . - run: npx markdownlint-cli .
- run: make readme - run: make readme
- run: git diff --exit-code --name-only README.md - run: git diff --exit-code --name-only README.md
- name: changelog
run: |
pnpm changelog ${{ github.ref_type == 'tag' && 'true' || '' }}
lint-helm: lint-helm:
runs-on: docker runs-on: docker
steps: steps:
@ -51,21 +44,20 @@ jobs:
- run: ps axf - run: ps axf
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
show-progress: false show-progress: false
fetch-depth: 0 fetch-depth: 0
filter: blob:none # We don't need all blobs
- uses: ./.forgejo/actions/setup - uses: ./.forgejo/actions/setup
- name: install chart-testing - name: install chart-testing
uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
with: with:
version: ${{ env.HELM_CHART_TESTING_VERSION }} version: ${{ env.HELM_CHART_TESTING_VERSION }}
- name: install helm - name: install helm
uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with: with:
version: ${{ env.HELM_VERSION }} version: ${{ env.HELM_VERSION }}
@ -81,59 +73,50 @@ jobs:
- run: ct lint --config tools/ct.yml --charts . - run: ct lint --config tools/ct.yml --charts .
e2e: e2e:
needs:
- lint-node
- lint-helm
runs-on: k8s runs-on: k8s
strategy: strategy:
matrix: matrix:
k3s: k8s:
# https://github.com/k3s-io/k3s/branches # from https://hub.docker.com/r/kindest/node/tags
# oldest supported version - v1.27.3 # renovate: kindest
- v1.28.15+k3s1 # renovate: k3s - v1.28.0 # renovate: kindest
# https://github.com/k3s-io/k3s/blob/master/channel.yaml#L3-L4 - v1.29.0 # renovate: kindest
# stable version
- v1.31.6+k3s1 # renovate: k3s
# newest version
- v1.32.2+k3s1 # renovate: k3s
steps: steps:
- run: cat /etc/os-release - run: cat /etc/os-release
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
show-progress: false show-progress: false
fetch-depth: 0 fetch-depth: 0
filter: blob:none # We don't need all blobs
- uses: ./.forgejo/actions/setup - uses: ./.forgejo/actions/setup
- name: install helm - name: install helm
uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with: with:
version: ${{ env.HELM_VERSION }} version: ${{ env.HELM_VERSION }}
- name: Install chart-testing - name: Install chart-testing
uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 # TODO: pin to version when this is released: https://github.com/helm/chart-testing-action/pull/137
uses: helm/chart-testing-action@df9dfa7259f5d09615a31c4aae53338e2c621f8f # main
with: with:
version: ${{ env.HELM_CHART_TESTING_VERSION }} version: ${{ env.HELM_CHART_TESTING_VERSION }}
- uses: ./.forgejo/actions/setup-k3s - uses: ./.forgejo/actions/setup-docker
- name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
with: with:
version: ${{ matrix.k3s }} node_image: kindest/node:${{ matrix.k8s }}
kubectl_version: ${{ env.KUBECTL_VERSION }}
version: ${{ env.KIND_VERSION }}
- run: kubectl get no -o wide - run: kubectl get no -o wide
- name: install chart - name: install chart
uses: https://github.com/nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 run: ct install --config tools/ct.yml --charts .
with:
timeout_minutes: 15
max_attempts: 3
retry_on: error
retry_wait_seconds: 120
polling_interval_seconds: 5
command: ct install --config tools/ct.yml --charts .
# # Catch-all required check for test matrix # # Catch-all required check for test matrix
test-success: test-success:
@ -169,7 +152,7 @@ jobs:
if: ${{ github.ref_type == 'tag' }} if: ${{ github.ref_type == 'tag' }}
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
show-progress: false show-progress: false
fetch-depth: 0 # Important for changelog fetch-depth: 0 # Important for changelog
@ -179,7 +162,7 @@ jobs:
- uses: ./.forgejo/actions/setup-node - uses: ./.forgejo/actions/setup-node
- name: install helm - name: install helm
uses: https://github.com/azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 uses: https://github.com/azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with: with:
version: ${{ env.HELM_VERSION }} version: ${{ env.HELM_VERSION }}
@ -190,7 +173,6 @@ jobs:
run: | run: |
echo ${CODEBERG_TOKEN} | helm registry login -u viceice --password-stdin codeberg.org/forgejo-contrib echo ${CODEBERG_TOKEN} | helm registry login -u viceice --password-stdin codeberg.org/forgejo-contrib
echo ${FORGEJO_TOKEN} | helm registry login -u viceice --password-stdin code.forgejo.org/forgejo-contrib echo ${FORGEJO_TOKEN} | helm registry login -u viceice --password-stdin code.forgejo.org/forgejo-contrib
echo ${FORGEJO_TOKEN} | helm registry login -u viceice --password-stdin code.forgejo.org/forgejo-helm
env: env:
CODEBERG_TOKEN: ${{secrets.API_TOKEN}} CODEBERG_TOKEN: ${{secrets.API_TOKEN}}
FORGEJO_TOKEN: ${{secrets.FORGEJO_API_TOKEN}} FORGEJO_TOKEN: ${{secrets.FORGEJO_API_TOKEN}}
@ -199,7 +181,6 @@ jobs:
run: | run: |
helm push tmp/forgejo-${GITHUB_REF_NAME#v}.tgz oci://codeberg.org/forgejo-contrib helm push tmp/forgejo-${GITHUB_REF_NAME#v}.tgz oci://codeberg.org/forgejo-contrib
helm push tmp/forgejo-${GITHUB_REF_NAME#v}.tgz oci://code.forgejo.org/forgejo-contrib helm push tmp/forgejo-${GITHUB_REF_NAME#v}.tgz oci://code.forgejo.org/forgejo-contrib
helm push tmp/forgejo-${GITHUB_REF_NAME#v}.tgz oci://code.forgejo.org/forgejo-helm
- name: publish forgejo release - name: publish forgejo release
run: pnpm forgejo:release run: npm run forgejo:release

26
.forgejo/workflows/mirror.yml
View file

@ -1,26 +0,0 @@
on:
schedule:
- cron: '@hourly'
push:
branches:
- 'main'
workflow_dispatch:
jobs:
mirror:
runs-on: docker
steps:
- name: git mirror branches {main,maint/*] & tags
run: |
git init --bare .
git remote add origin https://code.forgejo.org/${{ env.GITHUB_REPOSITORY }}
git fetch origin refs/heads/main:refs/mirror/main --tags
git ls-remote origin refs/heads/main/* | while read sha full_ref ; do
ref=${full_ref#refs/heads/}
git fetch origin $full_ref:refs/mirror/$ref
done
git push --force https://any:$CODEBERG_TOKEN@codeberg.org/forgejo-contrib/forgejo-helm refs/mirror/*:refs/heads/* --tags
env:
CODEBERG_TOKEN: ${{secrets.CODEBERG_TOKEN}}

2
.gitignore vendored
View file

@ -4,5 +4,3 @@ node_modules/
unittests/*/__snapshot__/ unittests/*/__snapshot__/
tmp/ tmp/
tmpcharts/ tmpcharts/
.pnpm-store/

3
.helmignore
View file

@ -60,6 +60,3 @@ tools/
.yamllint .yamllint
artifacthub* artifacthub*
renovate.json renovate.json
pnpm-lock.yaml
.pnpm-store/

5
.husky/pre-commit
View file

@ -1,3 +1,6 @@
#!/bin/sh #!/bin/sh
pnpm lint-staged # shellcheck source=/dev/null
. "$(dirname "$0")/_/husky.sh"
npx lint-staged

3
.lintstagedrc.json
View file

@ -1,6 +1,5 @@
{ {
"*.sh": "shellcheck", "*.sh": "shellcheck",
".husky/*": "shellcheck", ".husky/*": "shellcheck",
"!*.{sh,md}": "prettier --cache --ignore-unknown --write", "*": "prettier --ignore-unknown --write"
"*.md": ["markdownlint --fix", "prettier --cache --write"]
} }

4
.markdownlint.yaml
View file

@ -56,6 +56,8 @@ MD013:
tables: false tables: false
# Include headings # Include headings
headings: true headings: true
# Include headings
headers: true
# Strict length checking # Strict length checking
strict: false strict: false
# Stern length checking # Stern length checking
@ -71,7 +73,7 @@ MD022:
# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content # MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
MD024: MD024:
# Only check sibling headings # Only check sibling headings
siblings_only: true allow_different_nesting: true
# MD025/single-title/single-h1 - Multiple top-level headings in the same document # MD025/single-title/single-h1 - Multiple top-level headings in the same document
MD025: MD025:

2
.markdownlintignore
View file

@ -3,5 +3,3 @@ node_modules/
charts/ charts/
.helmignore .helmignore
Chart.lock Chart.lock
.pnpm-store/

2
.node-version
View file

@ -1 +1 @@
22.14.0 20.10.0

4
.npmrc
View file

@ -1,5 +1 @@
engine-strict=true engine-strict=true
# pnpm run settings
# https://pnpm.io/cli/run
shell-emulator = true

2
.prettierignore
View file

@ -1,7 +1,5 @@
Chart.lock Chart.lock
node_modules/ node_modules/
pnpm-lock.yaml
.pnpm-store/
# won't work # won't work
templates/**/*.yaml templates/**/*.yaml

2
.vscode/settings.json vendored
View file

@ -4,7 +4,7 @@
".github/workflows/*", ".github/workflows/*",
".forgejo/workflows/*" ".forgejo/workflows/*"
], ],
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.7.2/schema/helm-testsuite.json": [ "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.4.1/schema/helm-testsuite.json": [
"/unittests/**/*.yaml" "/unittests/**/*.yaml"
] ]
}, },

22
Chart.lock
View file

@ -1,18 +1,12 @@
dependencies: dependencies:
- name: common
repository: oci://ghcr.io/visualon/bitnamicharts
version: 2.30.0
- name: postgresql - name: postgresql
repository: oci://ghcr.io/visualon/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 16.5.6 version: 13.4.0
- name: postgresql-ha - name: postgresql-ha
repository: oci://ghcr.io/visualon/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 15.3.8 version: 12.7.0
- name: redis-cluster - name: redis-cluster
repository: oci://ghcr.io/visualon/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 11.4.6 version: 9.3.0
- name: redis digest: sha256:0b81ae20ba96a851141499f1b071b382b80e1e249609a350efafc37741e6ea64
repository: oci://ghcr.io/visualon/bitnamicharts generated: "2024-01-22T13:01:22.618130303Z"
version: 20.11.4
digest: sha256:a9c9f0779663336dd22ca4896f22bb64427e28f20aa567aee2f18474f8e31a23
generated: "2025-03-26T15:31:33.532188569Z"

33
Chart.yaml
View file

@ -3,8 +3,8 @@ name: forgejo
description: Forgejo Helm chart for Kubernetes description: Forgejo Helm chart for Kubernetes
type: application type: application
version: 0.0.0 version: 0.0.0
appVersion: 10.0.3 appVersion: 1.21.4-0
icon: https://code.forgejo.org/forgejo/forgejo/raw/branch/forgejo/assets/logo.svg icon: https://design.codeberg.org/logo-kit/icon.svg
home: https://forgejo.org/ home: https://forgejo.org/
keywords: keywords:
@ -16,41 +16,28 @@ keywords:
- gitea - gitea
- gogs - gogs
sources: sources:
- https://code.forgejo.org/forgejo-helm/forgejo-helm - https://codeberg.org/forgejo-contrib/forgejo-helm
- https://codeberg.org/forgejo/forgejo - https://codeberg.org/forgejo/forgejo
maintainers: maintainers:
- name: Michael Kriese - name: Michael Kriese
email: michael.kriese@visualon.de email: michael.kriese@visualon.de
# Bitnami charts are served from ghcr mirror because of rate limiting on Docker Hub # Bitnami charts are served from Docker Hub
# https://hub.docker.com/u/bitnamicharts # https://hub.docker.com/u/bitnamicharts
# https://blog.bitnami.com/2023/01/bitnami-helm-charts-available-as-oci.html # https://blog.bitnami.com/2023/01/bitnami-helm-charts-available-as-oci.html
# https://github.com/bitnami/charts/issues/30853
# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045
dependencies: dependencies:
# https://github.com/bitnami/charts/blob/main/bitnami/common/Chart.yaml
- name: common
repository: oci://ghcr.io/visualon/bitnamicharts
tags:
- bitnami-common
version: 2.30.0
# https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml # https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml
- name: postgresql - name: postgresql
repository: oci://ghcr.io/visualon/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 16.5.6 version: 13.4.0
condition: postgresql.enabled condition: postgresql.enabled
# https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml
- name: postgresql-ha - name: postgresql-ha
repository: oci://ghcr.io/visualon/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 15.3.8 version: 12.7.0
condition: postgresql-ha.enabled condition: postgresql-ha.enabled
# https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml
- name: redis-cluster - name: redis-cluster
repository: oci://ghcr.io/visualon/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 11.4.6 version: 9.3.0
condition: redis-cluster.enabled condition: redis-cluster.enabled
# https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml
- name: redis
repository: oci://ghcr.io/visualon/bitnamicharts
version: 20.11.4
condition: redis.enabled

1
LICENSE
View file

@ -1,6 +1,5 @@
MIT License MIT License
Copyright (c) 2023 The Forgejo Authors
Copyright (c) 2020 The Gitea Authors Copyright (c) 2020 The Gitea Authors
Copyright (c) 2020 NOVUM-RGI Copyright (c) 2020 NOVUM-RGI
Copyright (c) 2019 - 2020 Charlie Drage Copyright (c) 2019 - 2020 Charlie Drage

8
Makefile
View file

@ -1,15 +1,15 @@
.PHONY: prepare-environment .PHONY: prepare-environment
prepare-environment: prepare-environment:
pnpm install npm install
.PHONY: readme .PHONY: readme
readme: prepare-environment readme: prepare-environment
pnpm readme:parameters npm run readme:parameters
pnpm readme:lint npm run readme:lint
.PHONY: unittests .PHONY: unittests
unittests: unittests:
helm unittest --strict -f 'unittests/**/*.yaml' ./ helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' ./
.PHONY: helm .PHONY: helm
update-helm-dependencies: update-helm-dependencies:

443
README.md
View file

@ -1,11 +1,10 @@
# Forgejo Helm Chart <!-- omit from toc --> # Forgejo Helm Chart <!-- omit from toc -->
[![status-badge](https://ci.dachary.org/api/badges/forgejo-contrib/forgejo-helm/status.svg)](https://ci.dachary.org/forgejo-contrib/forgejo-helm)
- [Introduction](#introduction) - [Introduction](#introduction)
- [Update and versioning policy](#update-and-versioning-policy) - [Update and versioning policy](#update-and-versioning-policy)
- [Dependencies](#dependencies) - [Dependencies](#dependencies)
- [HA Dependencies](#ha-dependencies)
- [Non-HA Dependencies](#non-ha-dependencies)
- [Dependency Versioning](#dependency-versioning)
- [Installing](#installing) - [Installing](#installing)
- [High Availability](#high-availability) - [High Availability](#high-availability)
- [Configuration](#configuration) - [Configuration](#configuration)
@ -14,12 +13,12 @@
- [Server defaults](#server-defaults) - [Server defaults](#server-defaults)
- [Metrics defaults](#metrics-defaults) - [Metrics defaults](#metrics-defaults)
- [Rootless Defaults](#rootless-defaults) - [Rootless Defaults](#rootless-defaults)
- [Session, Cache and Queue](#session-cache-and-queue)
- [Single-Pod Configurations](#single-pod-configurations) - [Single-Pod Configurations](#single-pod-configurations)
- [Additional _app.ini_ settings](#additional-appini-settings) - [Additional _app.ini_ settings](#additional-appini-settings)
- [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini) - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini)
- [External Database](#external-database) - [External Database](#external-database)
- [Ports and external url](#ports-and-external-url) - [Ports and external url](#ports-and-external-url)
- [ClusterIP](#clusterip)
- [SSH and Ingress](#ssh-and-ingress) - [SSH and Ingress](#ssh-and-ingress)
- [SSH on crio based kubernetes cluster](#ssh-on-crio-based-kubernetes-cluster) - [SSH on crio based kubernetes cluster](#ssh-on-crio-based-kubernetes-cluster)
- [Cache](#cache) - [Cache](#cache)
@ -45,37 +44,29 @@
- [Init](#init) - [Init](#init)
- [Signing](#signing) - [Signing](#signing)
- [Gitea](#gitea) - [Gitea](#gitea)
- [`app.ini` overrides](#appini-overrides)
- [LivenessProbe](#livenessprobe) - [LivenessProbe](#livenessprobe)
- [ReadinessProbe](#readinessprobe) - [ReadinessProbe](#readinessprobe)
- [StartupProbe](#startupprobe) - [StartupProbe](#startupprobe)
- [Redis&reg; Cluster](#redis-cluster) - [redis-cluster](#redis-cluster)
- [Redis&reg;](#redis) - [PostgreSQL-ha](#postgresql-ha)
- [PostgreSQL HA](#postgresql-ha)
- [PostgreSQL](#postgresql) - [PostgreSQL](#postgresql)
- [Advanced](#advanced) - [Advanced](#advanced)
- [Contributing](#contributing) - [Contributing](#contributing)
- [Upgrading](#upgrading) - [Upgrading](#upgrading)
- [To v11](#to-v11)
- [To v10](#to-v10)
- [To v9](#to-v9)
- [To v8](#to-v8)
- [To v7](#to-v7)
- [To v6](#to-v6)
[Forgejo](https://forgejo.org/) is a community managed lightweight code hosting solution written in Go. [Forgejo](https://forgejo.org/) is a community managed lightweight code hosting solution written in Go.
It is published under the MIT license. It is published under the MIT license.
## Introduction ## Introduction
This Helm chart is based on the [Gitea chart](https://gitea.com/gitea/helm-chart). This helm chart is based on official [Gitea helm chart](https://gitea.com/gitea/helm-chart).
Yet it takes a completely different approach in providing a database and cache with dependencies. Yet it takes a completely different approach in providing a database and cache with dependencies.
Additionally, this chart allows to provide LDAP and admin user configuration with values. Additionally, this chart allows to provide LDAP and admin user configuration with values.
## Update and versioning policy ## Update and versioning policy
The Forgejo helm chart versioning does not follow Forgejo's versioning. The Forgejo helm chart versioning does not follow Forgejo's versioning.
The latest chart version can be looked up in <https://code.forgejo.org/forgejo-helm/-/packages/container/forgejo> or in the [repository releases](https://code.forgejo.org/forgejo-helm/forgejo-helm/releases). The latest chart version can be looked up in <https://codeberg.org/forgejo-contrib/-/packages/container/forgejo/0.8.0> or in the [repository releases](https://codeberg.org/forgejo-contrib/forgejo-helm/releases).
The chart aims to follow Forgejo's releases closely. The chart aims to follow Forgejo's releases closely.
There might be times when the chart is behind the latest Forgejo release. There might be times when the chart is behind the latest Forgejo release.
@ -90,51 +81,21 @@ Yet most often no issues will be encountered and the chart maintainers aim to co
Forgejo can be run with an external database and cache. Forgejo can be run with an external database and cache.
This chart provides those dependencies, which can be enabled, or disabled via configuration. This chart provides those dependencies, which can be enabled, or disabled via configuration.
### HA Dependencies Dependencies:
These dependencies are enabled by default: - PostgreSQL HA ([configuration](#postgresql))
- Redis Cluster ([configuration](#cache))
- PostgreSQL HA ([Bitnami PostgreSQL-HA](https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml))
- Redis-Cluster ([Bitnami Redis-Cluster](https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml))
### Non-HA Dependencies
Alternatively, the following non-HA replacements are available:
- PostgreSQL ([Bitnami PostgreSQL](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml))
- Redis ([Bitnami Redis](https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml))
### Dependency Versioning
Updates of sub-charts will be incorporated into the Gitea chart as they are released.
The reasoning behind this is that new users of the chart will start with the most recent sub-chart dependency versions.
**Note** If you want to stay on an older appVersion of a sub-chart dependency (e.g. PostgreSQL), you need to override the image tag in your `values.yaml` file.
In fact, we recommend to do so right from the start to be independent of major sub-chart dependency changes as they are released.
There is no need to update to every new PostgreSQL major version - you can happily skip some and do larger updates when you are ready for them.
We recommend to use a rolling tag like `:<majorVersion>-debian-<debian major version>` to incorporate minor and patch updates for the respective major version as they are released.
Alternatively you can also use a versioning helper tool like [renovate](https://github.com/renovatebot/renovate).
Please double-check the image repository and available tags in the sub-chart:
- [PostgreSQL-HA](https://hub.docker.com/r/bitnami/postgresql-repmgr/tags)
- [PostgreSQL](https://hub.docker.com/r/bitnami/postgresql/tags)
- [Redis Cluster](https://hub.docker.com/r/bitnami/redis-cluster/tags)
- [Redis](https://hub.docker.com/r/bitnami/redis/tags)
and look up the image tag which fits your needs on Dockerhub.
## Installing ## Installing
```sh ```sh
helm install forgejo oci://code.forgejo.org/forgejo-helm/forgejo helm install forgejo oci://codeberg.org/forgejo-contrib/forgejo
``` ```
In case you want to supply values, you can reference a `values.yaml` file: In case you want to supply values, you can reference a `values.yaml` file:
```sh ```sh
helm install forgejo -f values.yaml oci://code.forgejo.org/forgejo-helm/forgejo helm install forgejo -f values.yaml oci://codeberg.org/forgejo-contrib/forgejo
``` ```
When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom of this document for major and breaking changes. When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom of this document for major and breaking changes.
@ -150,23 +111,14 @@ See the [HA Setup](docs/ha-setup.md) document for more details.
## Configuration ## Configuration
Forgejo offers lots of configuration options. Forgejo offers lots of configuration options.
Every value described in the [Cheat Sheet](https://forgejo.org/docs/latest/admin/config-cheat-sheet/) can be set as a Helm value. This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.com/administration/config-cheat-sheet).
Configuration sections map to (lowercased) YAML blocks, while the keys themselves remain in all caps.
```yaml ```yaml
gitea: gitea:
config: config:
# values in the DEFAULT section APP_NAME: 'Forgejo: With a cup of tea.'
# (https://forgejo.org/docs/latest/admin/config-cheat-sheet/#overall-default)
# are un-namespaced
#
APP_NAME: 'Forgejo: Git with a cup of tea'
#
# https://forgejo.org/docs/latest/admin/config-cheat-sheet/#repository-repository
repository: repository:
ROOT: '~/gitea-repositories' ROOT: '~/gitea-repositories'
#
# https://forgejo.org/docs/latest/admin/config-cheat-sheet/#repository---pull-request-repositorypull-request
repository.pull-request: repository.pull-request:
WORK_IN_PROGRESS_PREFIXES: 'WIP:,[WIP]:' WORK_IN_PROGRESS_PREFIXES: 'WIP:,[WIP]:'
``` ```
@ -176,14 +128,14 @@ gitea:
This chart will set a few defaults in the Forgejo configuration based on the service and ingress settings. This chart will set a few defaults in the Forgejo configuration based on the service and ingress settings.
All defaults can be overwritten in `gitea.config`. All defaults can be overwritten in `gitea.config`.
INSTALL_LOCK is always set to true because the configuration in this helm chart makes any configuration via installer superfluous. INSTALL_LOCK is always set to true, since we want to configure Forgejo with this helm chart and everything is taken care of.
_All default settings are made directly in the generated `app.ini`, not in the Values._ _All default settings are made directly in the generated `app.ini`, not in the Values._
#### Database defaults #### Database defaults
If a database subchart is enabled, the database configuration is set automatically. If a builtIn database is enabled the database configuration is set automatically.
For example, PostgreSQL will appear in the `app.ini` as: For example, PostgreSQL builtIn will appear in the `app.ini` as:
```ini ```ini
[database] [database]
@ -242,21 +194,11 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us
[see deployment.yaml](./templates/gitea/deployment.yaml) template inside container "env" declarations [see deployment.yaml](./templates/gitea/deployment.yaml) template inside container "env" declarations
#### Session, Cache and Queue
The session, cache and queue settings are set to use the built-in Redis Cluster sub-chart dependency.
If Redis Cluster is disabled, the chart will fall back to the Gitea defaults which use "memory" for `session` and `cache` and "level" for `queue`.
While these will work and even not cause immediate issues after startup, **they are not recommended for production use**.
Reasons being that a single pod will take on all the work for `session` and `cache` tasks in its available memory.
It is likely that the pod will run out of memory or will face substantial memory spikes, depending on the workload.
External tools such as `redis-cluster` or `memcached` handle these workloads much better.
### Single-Pod Configurations ### Single-Pod Configurations
If HA is not needed/desired, the following configurations can be used to deploy a single-pod Forgejo instance. If HA is not needed/desired, the following configurations can be used to deploy a single-pod Forgejo instance.
1. For a production-ready single-pod Forgejo instance without external dependencies (using the chart dependency `postgresql` and `redis`): 1. For a production-ready single-pod Forgejo instance without external dependencies (using the chart dependency `postgresql`):
<details> <details>
@ -265,8 +207,6 @@ If HA is not needed/desired, the following configurations can be used to deploy
```yaml ```yaml
redis-cluster: redis-cluster:
enabled: false enabled: false
redis:
enabled: true
postgresql: postgresql:
enabled: true enabled: true
postgresql-ha: postgresql-ha:
@ -279,6 +219,12 @@ If HA is not needed/desired, the following configurations can be used to deploy
config: config:
database: database:
DB_TYPE: postgres DB_TYPE: postgres
session:
PROVIDER: db
cache:
ADAPTER: memory
queue:
TYPE: level
indexer: indexer:
ISSUE_INDEXER_TYPE: bleve ISSUE_INDEXER_TYPE: bleve
REPO_INDEXER_ENABLED: true REPO_INDEXER_ENABLED: true
@ -298,8 +244,6 @@ If HA is not needed/desired, the following configurations can be used to deploy
```yaml ```yaml
redis-cluster: redis-cluster:
enabled: false enabled: false
redis:
enabled: false
postgresql: postgresql:
enabled: false enabled: false
postgresql-ha: postgresql-ha:
@ -324,7 +268,7 @@ If HA is not needed/desired, the following configurations can be used to deploy
### Additional _app.ini_ settings ### Additional _app.ini_ settings
> **The [generic](https://forgejo.org/docs/latest/admin/config-cheat-sheet/#overall-default) > **The [generic](https://docs.gitea.com/administration/config-cheat-sheet#overall-default)
> section cannot be defined that way.** > section cannot be defined that way.**
Some settings inside _app.ini_ (like passwords or whole authentication configurations) must be considered sensitive and therefore should not be passed via plain text inside the _values.yaml_ file. Some settings inside _app.ini_ (like passwords or whole authentication configurations) must be considered sensitive and therefore should not be passed via plain text inside the _values.yaml_ file.
@ -381,7 +325,7 @@ stringData:
#### User defined environment variables in app.ini #### User defined environment variables in app.ini
Users are able to define their own environment variables, which are loaded into the containers. Users are able to define their own environment variables, which are loaded into the containers.
We also support interacting directly with the generated _app.ini_. We also support to directly interact with the generated _app.ini_.
To inject self defined variables into the _app.ini_ a certain format needs to be honored. To inject self defined variables into the _app.ini_ a certain format needs to be honored.
This is described in detail on the [env-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini) page. This is described in detail on the [env-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini) page.
@ -392,10 +336,9 @@ For example a database setting needs to have the following format:
```yaml ```yaml
gitea: gitea:
config:
database:
HOST: my.own.host
additionalConfigFromEnvs: additionalConfigFromEnvs:
- name: FORGEJO__DATABASE__HOST
value: my.own.host
- name: FORGEJO__DATABASE__PASSWD - name: FORGEJO__DATABASE__PASSWD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@ -412,7 +355,7 @@ Priority (highest to lowest) for defining app.ini variables:
### External Database ### External Database
A [supported external database](https://forgejo.org/docs/latest/admin/config-cheat-sheet/#database-database/)can be used instead of the built-in PostgreSQL. Any external database listed in [https://docs.gitea.com/installation/database-prep](https://docs.gitea.com/installation/database-prep) can be used instead of the built-in PostgreSQL.
In fact, it is **highly recommended** to use an external database to ensure a stable Forgejo installation longterm. In fact, it is **highly recommended** to use an external database to ensure a stable Forgejo installation longterm.
If an external database is used, no matter which type, make sure to set `postgresql.enabled` to `false` to disable the use of the built-in PostgreSQL. If an external database is used, no matter which type, make sure to set `postgresql.enabled` to `false` to disable the use of the built-in PostgreSQL.
@ -421,7 +364,7 @@ If an external database is used, no matter which type, make sure to set `postgre
gitea: gitea:
config: config:
database: database:
DB_TYPE: mysql # supported values are mysql, postgres, mssql, sqlite3 DB_TYPE: mysql
HOST: <mysql HOST> HOST: <mysql HOST>
NAME: gitea NAME: gitea
USER: root USER: root
@ -449,6 +392,23 @@ This helm chart automatically configures the clone urls to use the correct ports
You can change these ports by hand using the `gitea.config` dict. You can change these ports by hand using the `gitea.config` dict.
However you should know what you're doing. However you should know what you're doing.
### ClusterIP
By default the `clusterIP` will be set to `None`, which is the default for headless services.
However if you want to omit the clusterIP field in the service, use the following values:
```yaml
service:
http:
type: ClusterIP
port: 3000
clusterIP:
ssh:
type: ClusterIP
port: 22
clusterIP:
```
### SSH and Ingress ### SSH and Ingress
If you're using ingress and want to use SSH, keep in mind, that ingress is not able to forward SSH Ports. If you're using ingress and want to use SSH, keep in mind, that ingress is not able to forward SSH Ports.
@ -458,7 +418,7 @@ You will need a LoadBalancer like `metallb` and a setting in your ssh service an
service: service:
ssh: ssh:
annotations: annotations:
metallb.io/allow-shared-ip: test metallb.universe.tf/allow-shared-ip: test
``` ```
### SSH on crio based kubernetes cluster ### SSH on crio based kubernetes cluster
@ -531,6 +491,8 @@ postgresql:
This chart enables you to create a default admin user. This chart enables you to create a default admin user.
It is also possible to update the password for this user by upgrading or redeploying the chart. It is also possible to update the password for this user by upgrading or redeploying the chart.
It is not possible to delete an admin user after it has been created.
This has to be done in the ui.
You cannot use `admin` as username. You cannot use `admin` as username.
```yaml ```yaml
@ -560,26 +522,10 @@ gitea:
existingSecret: gitea-admin-secret existingSecret: gitea-admin-secret
``` ```
To delete the admin user, set `username` or `password` to an empty value and delete the user in the UI.
Whether you use the existing Secret or specify a username and password directly, there are three modes for how the admin user password is created or set.
- `keepUpdated` (the default) will set the admin user password, and reset it to the defined value every time the pod is recreated.
- `initialOnlyNoReset` will set the admin user password when creating it, but never try to update the password.
- `initialOnlyRequireReset` will set the admin user password when creating it, never update it, and require that the password be changed at the initial login.
These modes can be set like the following:
```yaml
gitea:
admin:
passwordMode: initialOnlyRequireReset
```
### LDAP Settings ### LDAP Settings
Like the admin user the LDAP settings can be updated. Like the admin user the LDAP settings can be updated.
All LDAP values from <https://forgejo.org/docs/latest/admin/command-line/#admin> are available. All LDAP values from <https://docs.gitea.com/administration/command-line#admin> are available.
Multiple LDAP sources can be configured with additional LDAP list items. Multiple LDAP sources can be configured with additional LDAP list items.
@ -632,8 +578,9 @@ Affected options:
### OAuth2 Settings ### OAuth2 Settings
Like the admin user, OAuth2 settings can be updated and disabled but not deleted. Like the admin user, OAuth2 settings can be updated and disabled but not deleted.
Deleting OAuth2 settings has to be done in the UI. Deleting OAuth2 settings has to be done in the ui.
[All OAuth2 values](https://forgejo.org/docs/latest/admin/command-line/#admin-auth-add-oauth) are available. All OAuth2 values, which are documented [here](https://docs.gitea.com/administration/command-line#admin), are
available.
Multiple OAuth2 sources can be configured with additional OAuth list items. Multiple OAuth2 sources can be configured with additional OAuth list items.
@ -672,29 +619,14 @@ gitea:
existingSecret: gitea-oauth-secret existingSecret: gitea-oauth-secret
``` ```
### Compatibility with OCP (OKD or OpenShift)
Normally OCP is automatically detected and the compatibility mode set accordingly. To enforce the OCP compatibility mode use the following configuration:
```yaml
global:
compatibility:
openshift:
adaptSecurityContext: force
```
An OCP route to access Forgejo can be enabled with the following config:
```yaml
route:
enabled: true
```
## Configure commit signing ## Configure commit signing
When using the rootless image, the GPG key folder is not persistent by default. When using the rootless image the gpg key folder is not persistent by default.
If you want commits by Forgejo (e.g. initial commit) to be signed, If you consider using signed commits for internal Forgejo activities (e.g. initial commit), you'd need to provide a signing key.
you need to provide a signing key: Prior to [PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be re-imported once the container got replaced by another.
The mentioned PR introduced a new configuration object `signing` allowing you to configure prerequisites for commit signing.
By default this section is disabled to maintain backwards compatibility.
```yaml ```yaml
signing: signing:
@ -702,10 +634,8 @@ signing:
gpgHome: /data/git/.gnupg gpgHome: /data/git/.gnupg
``` ```
By default this section is disabled to maintain backwards compatibility. Regardless of the used container image the `signing` object allows to specify a private gpg key.
Either using the `signing.privateKey` to define the key inline, or refer to an existing secret containing the key data by using `signing.existingSecret`.
Regardless of the used container image the `signing` object allows to specify a private GPG key.
Either using the `signing.privateKey` to define the key inline, or referring to an existing secret containing the key data with `signing.existingSecret`.
```yaml ```yaml
apiVersion: v1 apiVersion: v1
@ -725,8 +655,8 @@ signing:
existingSecret: custom-gitea-gpg-key existingSecret: custom-gitea-gpg-key
``` ```
To use the GPG key, Forgejo needs to be configured accordingly. To use the gpg key, Forgejo needs to be configured accordingly.
A detailed description can be found in the [documentation](https://forgejo.org/docs/latest/admin/signing/#general-configuration). A detailed description can be found in the [official Gitea documentation](https://docs.gitea.com/administration/signing#general-configuration).
## Metrics and profiling ## Metrics and profiling
@ -831,7 +761,7 @@ Here's an examplary `values.yml` definition which makes use of a digest:
```yaml ```yaml
image: image:
registry: code.forgejo.org registry: codeberg.org
repository: forgejo/forgejo repository: forgejo/forgejo
tag: 1.20.2-0 tag: 1.20.2-0
digest: sha256:f597c14a403c2fdee9a62dae8bae29d6442f7b2cc85872cc9bb535a24cb1630e digest: sha256:f597c14a403c2fdee9a62dae8bae29d6442f7b2cc85872cc9bb535a24cb1630e
@ -848,7 +778,7 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus
"fileMatch": ["values\\.ya?ml"], "fileMatch": ["values\\.ya?ml"],
"matchStrings": ["(?<depName>forgejo\\/forgejo)\\n(?<indentation>\\s+)tag: (?<currentValue>[^@].*?)\\n\\s+digest: (?<currentDigest>sha256:[a-f0-9]+)"], "matchStrings": ["(?<depName>forgejo\\/forgejo)\\n(?<indentation>\\s+)tag: (?<currentValue>[^@].*?)\\n\\s+digest: (?<currentDigest>sha256:[a-f0-9]+)"],
"datasourceTemplate": "docker", "datasourceTemplate": "docker",
"packageNameTemplate": "code.forgejo.org/{{depName}}", "packageNameTemplate": "codeberg.org/{{depName}}",
"autoReplaceStringTemplate": "{{depName}}\n{{indentation}}tag: {{newValue}}\n{{indentation}}digest: {{#if newDigest}}{{{newDigest}}}{{else}}{{{currentDigest}}}{{/if}}" "autoReplaceStringTemplate": "{{depName}}\n{{indentation}}tag: {{newValue}}\n{{indentation}}digest: {{#if newDigest}}{{{newDigest}}}{{else}}{{{currentDigest}}}{{/if}}"
} }
] ]
@ -864,7 +794,6 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus
| `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets` | `[]` | | `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets` | `[]` |
| `global.storageClass` | global storage class override | `""` | | `global.storageClass` | global storage class override | `""` |
| `global.hostAliases` | global hostAliases which will be added to the pod's hosts files | `[]` | | `global.hostAliases` | global hostAliases which will be added to the pod's hosts files | `[]` |
| `namespaceOverride` | String to fully override common.names.namespace | `""` |
| `replicaCount` | number of replicas for the deployment | `1` | | `replicaCount` | number of replicas for the deployment | `1` |
### strategy ### strategy
@ -878,16 +807,16 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus
### Image ### Image
| Name | Description | Value | | Name | Description | Value |
| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------ | | -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- |
| `image.registry` | image registry, e.g. gcr.io,docker.io | `code.forgejo.org` | | `image.registry` | image registry, e.g. gcr.io,docker.io | `codeberg.org` |
| `image.repository` | Image to start for this pod | `forgejo/forgejo` | | `image.repository` | Image to start for this pod | `forgejo/forgejo` |
| `image.tag` | Visit: [Image tag](https://code.forgejo.org/forgejo/-/packages/container/forgejo/versions). Defaults to `appVersion` within Chart.yaml. | `""` | | `image.tag` | Visit: [Image tag](https://codeberg.org/forgejo/-/packages/container/forgejo/versions). Defaults to `appVersion` within Chart.yaml. | `""` |
| `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | | `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `image.rootless` | Wether or not to pull the rootless version of Forgejo | `true` | | `image.rootless` | Wether or not to pull the rootless version of Forgejo | `true` |
| `image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** | `""` | | `image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** | `""` |
| `imagePullSecrets` | Secret to use for pulling the image | `[]` | | `imagePullSecrets` | Secret to use for pulling the image | `[]` |
### Security ### Security
@ -904,7 +833,7 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus
| --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
| `service.http.type` | Kubernetes service type for web traffic | `ClusterIP` | | `service.http.type` | Kubernetes service type for web traffic | `ClusterIP` |
| `service.http.port` | Port number for web traffic | `3000` | | `service.http.port` | Port number for web traffic | `3000` |
| `service.http.clusterIP` | ClusterIP setting for http autosetup for deployment | `nil` | | `service.http.clusterIP` | ClusterIP setting for http autosetup for deployment is None | `None` |
| `service.http.loadBalancerIP` | LoadBalancer IP setting | `nil` | | `service.http.loadBalancerIP` | LoadBalancer IP setting | `nil` |
| `service.http.nodePort` | NodePort for http service | `nil` | | `service.http.nodePort` | NodePort for http service | `nil` |
| `service.http.externalTrafficPolicy` | If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` | | `service.http.externalTrafficPolicy` | If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` |
@ -913,11 +842,9 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus
| `service.http.ipFamilies` | HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). | `nil` | | `service.http.ipFamilies` | HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). | `nil` |
| `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` | | `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` |
| `service.http.annotations` | HTTP service annotations | `{}` | | `service.http.annotations` | HTTP service annotations | `{}` |
| `service.http.labels` | HTTP service additional labels | `{}` |
| `service.http.loadBalancerClass` | Loadbalancer class | `nil` |
| `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` | | `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` |
| `service.ssh.port` | Port number for ssh traffic | `22` | | `service.ssh.port` | Port number for ssh traffic | `22` |
| `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for deployment | `nil` | | `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for deployment is None | `None` |
| `service.ssh.loadBalancerIP` | LoadBalancer IP setting | `nil` | | `service.ssh.loadBalancerIP` | LoadBalancer IP setting | `nil` |
| `service.ssh.nodePort` | NodePort for ssh service | `nil` | | `service.ssh.nodePort` | NodePort for ssh service | `nil` |
| `service.ssh.externalTrafficPolicy` | If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` | | `service.ssh.externalTrafficPolicy` | If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` |
@ -927,36 +854,19 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus
| `service.ssh.hostPort` | HostPort for ssh service | `nil` | | `service.ssh.hostPort` | HostPort for ssh service | `nil` |
| `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` | | `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` |
| `service.ssh.annotations` | SSH service annotations | `{}` | | `service.ssh.annotations` | SSH service annotations | `{}` |
| `service.ssh.labels` | SSH service additional labels | `{}` |
| `service.ssh.loadBalancerClass` | Loadbalancer class | `nil` |
### Ingress ### Ingress
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------ | -------------------- | ----------------- | | ------------------------------------ | --------------------------------------------------------------------------- | ----------------- |
| `ingress.enabled` | Enable ingress | `false` | | `ingress.enabled` | Enable ingress | `false` |
| `ingress.className` | Ingress class name | `nil` | | `ingress.className` | Ingress class name | `nil` |
| `ingress.annotations` | Ingress annotations | `{}` | | `ingress.annotations` | Ingress annotations | `{}` |
| `ingress.hosts[0].host` | Default Ingress host | `git.example.com` | | `ingress.hosts[0].host` | Default Ingress host | `git.example.com` |
| `ingress.hosts[0].paths[0].path` | Default Ingress path | `/` | | `ingress.hosts[0].paths[0].path` | Default Ingress path | `/` |
| `ingress.hosts[0].paths[0].pathType` | Ingress path type | `Prefix` | | `ingress.hosts[0].paths[0].pathType` | Ingress path type | `Prefix` |
| `ingress.tls` | Ingress tls settings | `[]` | | `ingress.tls` | Ingress tls settings | `[]` |
| `ingress.apiVersion` | Specify APIVersion of ingress object. Mostly would only be used for argocd. | |
### Route
| Name | Description | Value |
| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| `route.enabled` | Enable route | `false` |
| `route.annotations` | Route annotations | `{}` |
| `route.host` | Host to use for the route (will be assigned automatically by OKD / OpenShift is not defined) | `nil` |
| `route.wildcardPolicy` | Wildcard policy if any for the route, currently only 'Subdomain' or 'None' is allowed. | `nil` |
| `route.tls.termination` | termination type (see [OKD documentation](https://docs.okd.io/latest/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)) | `edge` |
| `route.tls.insecureEdgeTerminationPolicy` | the desired behavior for insecure connections to a route (e.g. with http) | `Redirect` |
| `route.tls.existingSecret` | the name of a predefined secret of type kubernetes.io/tls with both key (tls.crt and tls.key) set accordingly (if defined attributes 'certificate', 'caCertificate' and 'privateKey' are ignored) | `nil` |
| `route.tls.certificate` | PEM encoded single certificate | `nil` |
| `route.tls.privateKey` | PEM encoded private key | `nil` |
| `route.tls.caCertificate` | PEM encoded CA certificate or chain that issued the certificate | `nil` |
| `route.tls.destinationCACertificate` | PEM encoded CA certificate used to verify the authenticity of final end point when 'termination' is set to 'passthrough' (ignored otherwise) | `nil` |
### deployment ### deployment
@ -1021,83 +931,27 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus
| ------------------------ | ----------------------------------------------------------------- | ------------------ | | ------------------------ | ----------------------------------------------------------------- | ------------------ |
| `signing.enabled` | Enable commit/action signing | `false` | | `signing.enabled` | Enable commit/action signing | `false` |
| `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` | | `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` |
| `signing.privateKey` | Inline private GPG key for signed internal Git activity | `""` | | `signing.privateKey` | Inline private gpg key for signed Forgejo actions | `""` |
| `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""` | | `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""` |
### Gitea ### Gitea
| Name | Description | Value | | Name | Description | Value |
| ---------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | -------------------- | | -------------------------------------- | --------------------------------------------------------------------------- | -------------------- |
| `gitea.admin.username` | Username for the Forgejo admin user | `gitea_admin` | | `gitea.admin.username` | Username for the Forgejo admin user | `gitea_admin` |
| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | | `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` |
| `gitea.admin.password` | Password for the Forgejo admin user | `r8sA8CPHD9!bt6d` | | `gitea.admin.password` | Password for the Forgejo admin user | `r8sA8CPHD9!bt6d` |
| `gitea.admin.email` | Email for the Forgejo admin user | `gitea@local.domain` | | `gitea.admin.email` | Email for the Forgejo admin user | `gitea@local.domain` |
| `gitea.admin.passwordMode` | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated | `keepUpdated` | | `gitea.metrics.enabled` | Enable Forgejo metrics | `false` |
| `gitea.metrics.enabled` | Enable Forgejo metrics | `false` | | `gitea.metrics.serviceMonitor.enabled` | Enable Forgejo metrics service monitor | `false` |
| `gitea.metrics.serviceMonitor.enabled` | Enable Forgejo metrics service monitor | `false` | | `gitea.ldap` | LDAP configuration | `[]` |
| `gitea.metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | | `gitea.oauth` | OAuth configuration | `[]` |
| `gitea.ldap` | LDAP configuration | `[]` | | `gitea.config.server.SSH_PORT` | SSH port for rootlful Forgejo image | `22` |
| `gitea.oauth` | OAuth configuration | `[]` | | `gitea.config.server.SSH_LISTEN_PORT` | SSH port for rootless Forgejo image | `2222` |
| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | | `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` |
| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | | `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` |
| `gitea.podAnnotations` | Annotations for the Forgejo pod | `{}` | | `gitea.podAnnotations` | Annotations for the Forgejo pod | `{}` |
| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Forgejo image. | `INFO` | | `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Forgejo image. | `INFO` |
### `app.ini` overrides
Every value described in the [Cheat
Sheet](https://forgejo.org/docs/latest/admin/config-cheat-sheet/) can be
set as a Helm value. Configuration sections map to (lowercased) YAML
blocks, while the keys themselves remain in all caps.
| Name | Description | Value |
| ------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- |
| `gitea.config.APP_NAME` | Application name, used in the page title | `Forgejo: Beyond coding. We forge.` |
| `gitea.config.RUN_MODE` | Application run mode, affects performance and debugging: `dev` or `prod` | `prod` |
| `gitea.config.repository` | General repository settings | `{}` |
| `gitea.config.cors` | Cross-origin resource sharing settings | `{}` |
| `gitea.config.ui` | User interface settings | `{}` |
| `gitea.config.markdown` | Markdown parser settings | `{}` |
| `gitea.config.server` | General server settings | `{}` |
| `gitea.config.database` | Database configuration (only necessary with an [externally managed DB](https://code.forgejo.org/forgejo-helm/forgejo-helm#external-database)). | `{}` |
| `gitea.config.indexer` | Settings for what content is indexed and how | `{}` |
| `gitea.config.queue` | Job queue configuration | `{}` |
| `gitea.config.admin` | Admin user settings | `{}` |
| `gitea.config.security` | Site security settings | `{}` |
| `gitea.config.camo` | Settings for the [camo](https://github.com/cactus/go-camo) media proxy server (disabled by default) | `{}` |
| `gitea.config.openid` | Configuration for authentication with OpenID (disabled by default) | `{}` |
| `gitea.config.oauth2_client` | OAuth2 client settings | `{}` |
| `gitea.config.service` | Configuration for miscellaneous Forgejo services | `{}` |
| `gitea.config.ssh.minimum_key_sizes` | SSH minimum key sizes | `{}` |
| `gitea.config.webhook` | Webhook settings | `{}` |
| `gitea.config.mailer` | Mailer configuration (disabled by default) | `{}` |
| `gitea.config.email.incoming` | Configuration for handling incoming mail (disabled by default) | `{}` |
| `gitea.config.cache` | Cache configuration | `{}` |
| `gitea.config.session` | Session/cookie handling | `{}` |
| `gitea.config.picture` | User avatar settings | `{}` |
| `gitea.config.project` | Project board defaults | `{}` |
| `gitea.config.attachment` | Issue and PR attachment configuration | `{}` |
| `gitea.config.log` | Logging configuration | `{}` |
| `gitea.config.cron` | Cron job configuration | `{}` |
| `gitea.config.git` | Global settings for Git | `{}` |
| `gitea.config.metrics` | Settings for the Prometheus endpoint (disabled by default) | `{}` |
| `gitea.config.api` | Settings for the Swagger API documentation endpoints | `{}` |
| `gitea.config.oauth2` | Settings for the [OAuth2 provider](https://forgejo.org/docs/latest/admin/oauth2-provider/) | `{}` |
| `gitea.config.i18n` | Internationalization settings | `{}` |
| `gitea.config.markup` | Configuration for advanced markup processors | `{}` |
| `gitea.config.highlight.mapping` | File extension to language mapping overrides for syntax highlighting | `{}` |
| `gitea.config.time` | Locale settings | `{}` |
| `gitea.config.migrations` | Settings for Git repository migrations | `{}` |
| `gitea.config.federation` | Federation configuration | `{}` |
| `gitea.config.packages` | Package registry settings | `{}` |
| `gitea.config.mirror` | Configuration for repository mirroring | `{}` |
| `gitea.config.lfs` | Large File Storage configuration | `{}` |
| `gitea.config.repo-avatar` | Repository avatar storage configuration | `{}` |
| `gitea.config.avatar` | User/org avatar storage configuration | `{}` |
| `gitea.config.storage` | General storage settings | `{}` |
| `gitea.config.proxy` | Proxy configuration (disabled by default) | `{}` |
| `gitea.config.actions` | Configuration for [Forgejo Actions](https://forgejo.org/docs/latest/user/actions/) | `{}` |
| `gitea.config.other` | Uncategorized configuration options | `{}` |
### LivenessProbe ### LivenessProbe
@ -1113,16 +967,15 @@ blocks, while the keys themselves remain in all caps.
### ReadinessProbe ### ReadinessProbe
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------ | ------------------------------------------------- | -------------- | | ------------------------------------------ | ------------------------------------------------- | ------ |
| `gitea.readinessProbe.enabled` | Enable readiness probe | `true` | | `gitea.readinessProbe.enabled` | Enable readiness probe | `true` |
| `gitea.readinessProbe.httpGet.path` | Path to probe for readiness | `/api/healthz` | | `gitea.readinessProbe.tcpSocket.port` | Port to probe for readiness | `http` |
| `gitea.readinessProbe.httpGet.port` | Port to probe for readiness | `http` | | `gitea.readinessProbe.initialDelaySeconds` | Initial delay before readiness probe is initiated | `5` |
| `gitea.readinessProbe.initialDelaySeconds` | Initial delay before readiness probe is initiated | `5` | | `gitea.readinessProbe.timeoutSeconds` | Timeout for readiness probe | `1` |
| `gitea.readinessProbe.timeoutSeconds` | Timeout for readiness probe | `1` | | `gitea.readinessProbe.periodSeconds` | Period for readiness probe | `10` |
| `gitea.readinessProbe.periodSeconds` | Period for readiness probe | `10` | | `gitea.readinessProbe.successThreshold` | Success threshold for readiness probe | `1` |
| `gitea.readinessProbe.successThreshold` | Success threshold for readiness probe | `1` | | `gitea.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `3` |
| `gitea.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `3` |
### StartupProbe ### StartupProbe
@ -1139,33 +992,19 @@ blocks, while the keys themselves remain in all caps.
### Redis&reg; Cluster ### Redis&reg; Cluster
Redis&reg; Cluster is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) if enabled in the values. Redis&reg; Cluster is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) if enabled in the values.
Full configuration options are available on their website. Complete Configuration can be taken from their website.
Redis cluster and [Redis](#redis) cannot be enabled at the same time.
| Name | Description | Value | | Name | Description | Value |
| -------------------------------- | -------------------------------------------- | ------- | | -------------------------------- | -------------------------------------------- | ------- |
| `redis-cluster.enabled` | Enable redis cluster | `true` | | `redis-cluster.enabled` | Enable redis | `true` |
| `redis-cluster.usePassword` | Whether to use password authentication | `false` | | `redis-cluster.usePassword` | Whether to use password authentication | `false` |
| `redis-cluster.cluster.nodes` | Number of redis cluster master nodes | `3` | | `redis-cluster.cluster.nodes` | Number of redis cluster master nodes | `3` |
| `redis-cluster.cluster.replicas` | Number of redis cluster master node replicas | `0` | | `redis-cluster.cluster.replicas` | Number of redis cluster master node replicas | `0` |
### Redis&reg;
Redis&reg; is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis) if enabled in the values.
Full configuration options are available on their website.
Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time.
| Name | Description | Value |
| ----------------------------- | ------------------------------------------ | ------------ |
| `redis.enabled` | Enable redis standalone or replicated | `false` |
| `redis.architecture` | Whether to use standalone or replication | `standalone` |
| `redis.global.redis.password` | Required password | `changeme` |
| `redis.master.count` | Number of Redis master instances to deploy | `1` |
### PostgreSQL HA ### PostgreSQL HA
PostgreSQL HA is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) if enabled in the values. PostgreSQL HA is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) if enabled in the values.
Full configuration options are available on their website. Complete Configuration can be taken from their website.
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------- | ---------------------------------------------------------------- | ----------- | | ------------------------------------------- | ---------------------------------------------------------------- | ----------- |
@ -1178,12 +1017,12 @@ Full configuration options are available on their website.
| `postgresql-ha.postgresql.postgresPassword` | postgres Password | `changeme1` | | `postgresql-ha.postgresql.postgresPassword` | postgres Password | `changeme1` |
| `postgresql-ha.pgpool.adminPassword` | pgpool adminPassword | `changeme3` | | `postgresql-ha.pgpool.adminPassword` | pgpool adminPassword | `changeme3` |
| `postgresql-ha.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` | | `postgresql-ha.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` |
| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL HA volume | `10Gi` | | `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL-ha volume | `10Gi` |
### PostgreSQL ### PostgreSQL
PostgreSQL is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) if enabled in the values. PostgreSQL is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) if enabled in the values.
Full configuration options are available on their website. Complete Configuration can be taken from their website.
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------------------- | ---------------------------------------------------------------- | ------- | | ------------------------------------------------------- | ---------------------------------------------------------------- | ------- |
@ -1198,11 +1037,11 @@ Full configuration options are available on their website.
| Name | Description | Value | | Name | Description | Value |
| ------------------ | ------------------------------------------------------------------ | --------- | | ------------------ | ------------------------------------------------------------------ | --------- |
| `checkDeprecation` | Whether to run this basic validation check. | `true` | | `checkDeprecation` | Set it to false to skip this basic validation check. | `true` |
| `test.enabled` | Whether to use test-connection Pod. | `true` | | `test.enabled` | Set it to false to disable test-connection Pod. | `true` |
| `test.image.name` | Image name for the wget container used in the test-connection Pod. | `busybox` | | `test.image.name` | Image name for the wget container used in the test-connection Pod. | `busybox` |
| `test.image.tag` | Image tag for the wget container used in the test-connection Pod. | `latest` | | `test.image.tag` | Image tag for the wget container used in the test-connection Pod. | `latest` |
| `extraDeploy` | Array of extra objects to deploy with the release. | `[]` | | `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
## Contributing ## Contributing
@ -1210,46 +1049,8 @@ Expected workflow is: Fork -> Patch -> Push -> Pull Request
See [CONTRIBUTORS GUIDE](CONTRIBUTING.md) for details. See [CONTRIBUTORS GUIDE](CONTRIBUTING.md) for details.
Hop into [our Matrix room](https://matrix.to/#/#forgejo-helm-chart:matrix.org) if you have any questions or want to get involved.
## Upgrading ## Upgrading
This section lists major and breaking changes of each Helm Chart version. This section lists major and breaking changes of each Helm Chart version.
Please read them carefully to upgrade successfully, especially the change of the **default database backend**! Please read them carefully to upgrade successfully, especially the change of the **default database backend**!
If you miss this, blindly upgrading may delete your Postgres instance and you may lose your data! If you miss this, blindly upgrading may delete your Postgres instance and you may lose your data!
### To v11
PostgreSQL and PostgreSQL HA are now using PostgreSQL v17.
Please read PostgresSQL upgrade guide before upgrading.
You need Forgejo v10+ to use this Helm Chart version.
Forgejo v9 is now EOL.
ClusterIP is now emtpy instead of `None` for http and ssh service.
Unsupported api versions for `Ingress` and `PodDisruptionBudget` are removed.
`Ingress` and `Service` are now using named ports.
The ReadinessProbe is now using the `/api/healthz` endpoint.
### To v10
You need Forgejo v9+ to use this Helm Chart version.
Forgejo v8 is now EOL.
### To v9
Namespaces for all resources are now set to `common.names.namespace` by default.
### To v8
You need Forgejo v8+ to use this Helm Chart version.
Use the v7 Helm Chart for Forgejo v7.
### To v7
The Forgejo docker image is pulled from `code.forgejo.org` instead of `codeberg.org`.
### To v6
You need Forgejo v7+ to use this Helm Chart version.
Use the v5 Helm Chart for Forgejo v1.21.

2
artifacthub-repo.yml
View file

@ -2,7 +2,7 @@
# Artifact Hub repository metadata file # Artifact Hub repository metadata file
# https://artifacthub.io/docs/topics/repositories/helm-charts/#oci-support # https://artifacthub.io/docs/topics/repositories/helm-charts/#oci-support
# publish via: # publish via:
# oras push code.forgejo.org/forgejo-helm/forgejo:artifacthub.io --config artifacthub.config.json:application/vnd.cncf.artifacthub.config.v1+yaml artifacthub-repo.yml:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml # oras push codeberg.org/forgejo-contrib/forgejo:artifacthub.io --config artifacthub.config.json:application/vnd.cncf.artifacthub.config.v1+yaml artifacthub-repo.yml:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml
repositoryID: 'ec84c95a-a288-4aaa-a690-a656b57e3136' repositoryID: 'ec84c95a-a288-4aaa-a690-a656b57e3136'
owners: # (optional, used to claim repository ownership) owners: # (optional, used to claim repository ownership)
- name: viceice - name: viceice

20
ci/default-values.yaml
View file

@ -1,20 +0,0 @@
# default values with some modifications
# Use mirror
# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045
global:
security:
allowInsecureImages: true
redis-cluster:
image:
registry: public.ecr.aws
postgresql-ha:
postgresql:
image:
registry: public.ecr.aws
pgpool:
image:
registry: public.ecr.aws
test:
image:
name: code.forgejo.org/oci/busybox

1
ci/default.yml Normal file
View file

@ -0,0 +1 @@
# default values

11
ci/dev-values.yaml → ci/dev-values.yml
View file

@ -1,14 +1,7 @@
# Test codeberg.org image
image:
registry: codeberg.org
# Use mirror
# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045
test:
image:
name: code.forgejo.org/oci/busybox
redis-cluster: redis-cluster:
enabled: false enabled: false
postgresql:
enabled: false
postgresql-ha: postgresql-ha:
enabled: false enabled: false

18
ci/single-values.yaml → ci/single-values.yml
View file

@ -1,23 +1,9 @@
redis-cluster: redis-cluster:
enabled: false enabled: false
postgresql-ha:
enabled: false
postgresql: postgresql:
enabled: true enabled: true
# Use mirror postgresql-ha:
# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 enabled: false
image:
registry: public.ecr.aws
global:
security:
allowInsecureImages: true
# Use mirror
# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045
test:
image:
name: code.forgejo.org/oci/busybox
persistence: persistence:
enabled: true enabled: true

29
ci/v10-values.yaml
View file

@ -1,29 +0,0 @@
image:
registry: codeberg.org
repository: forgejo-experimental/forgejo
tag: 10 # don't pin, manifests can be missing
# Use mirror
# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045
test:
image:
name: code.forgejo.org/oci/busybox
redis-cluster:
enabled: false
postgresql-ha:
enabled: false
persistence:
enabled: false
gitea:
config:
database:
DB_TYPE: sqlite3
session:
PROVIDER: memory
cache:
ADAPTER: memory
queue:
TYPE: level

29
ci/v11-values.yaml
View file

@ -1,29 +0,0 @@
image:
registry: codeberg.org
repository: forgejo-experimental/forgejo
tag: 11 # don't pin, manifests can be missing
# Use mirror
# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045
test:
image:
name: code.forgejo.org/oci/busybox
redis-cluster:
enabled: false
postgresql-ha:
enabled: false
persistence:
enabled: false
gitea:
config:
database:
DB_TYPE: sqlite3
session:
PROVIDER: memory
cache:
ADAPTER: memory
queue:
TYPE: level

29
ci/v12-values.yaml
View file

@ -1,29 +0,0 @@
image:
registry: codeberg.org
repository: forgejo-experimental/forgejo
tag: 12 # don't pin, manifests can be missing
# Use mirror
# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045
test:
image:
name: code.forgejo.org/oci/busybox
redis-cluster:
enabled: false
postgresql-ha:
enabled: false
persistence:
enabled: false
gitea:
config:
database:
DB_TYPE: sqlite3
session:
PROVIDER: memory
cache:
ADAPTER: memory
queue:
TYPE: level

2358
package-lock.json generated Normal file
View file

File diff suppressed because it is too large Load diff

37
package.json
View file

@ -1,31 +1,30 @@
{ {
"name": "forgejo-helm-chart", "name": "forgejo-helm-chart",
"homepage": "https://code.forgejo.org/forgejo-helm/forgejo-helm", "homepage": "https://codeberg.org/forgejo-contrib/forgejo-helm.git",
"license": "MIT", "license": "MIT",
"private": true, "private": true,
"engineStrict": true,
"engines": {
"node": ">=16.0.0",
"npm": ">=8.0.0"
},
"scripts": { "scripts": {
"changelog": "node tools/changelog.mjs", "changelog": "node tools/changelog.mjs",
"forgejo:release": "node tools/forgejo-release.js", "forgejo:release": "node tools/forgejo-release.js",
"prepare": "husky", "prepare": "husky install",
"prettier": "prettier --check --ignore-unknown --cache '**/*.*'", "prettier": "prettier --check --ignore-unknown --cache \"**/*.*\"",
"prettier-fix": "prettier --write --ignore-unknown --cache '**/*.*'", "prettier-fix": "prettier --write --ignore-unknown --cache \"**/*.*\"",
"readme:lint": "markdownlint *.md -f", "readme:lint": "markdownlint *.md -f",
"readme:parameters": "readme-generator -v values.yaml -r README.md", "readme:parameters": "readme-generator -v values.yaml -r README.md"
"test": "helm unittest --strict -f 'unittests/**/*.yaml' ./"
}, },
"devDependencies": { "devDependencies": {
"@bitnami/readme-generator-for-helm": "2.7.0", "@bitnami/readme-generator-for-helm": "^2.4.2",
"clipanion": "3.2.1", "clipanion": "^3.2.1",
"conventional-changelog-conventionalcommits": "8.0.0", "conventional-changelog-conventionalcommits": "^7.0.0",
"conventional-changelog-core": "9.0.0", "conventional-changelog-core": "^7.0.0",
"husky": "9.1.7", "husky": "^8.0.3",
"lint-staged": "15.5.0", "lint-staged": "^15.2.0",
"markdownlint-cli": "0.44.0", "markdownlint-cli": "^0.38.0",
"prettier": "3.5.3" "prettier": "^3.1.0"
},
"packageManager": "pnpm@10.7.0",
"engines": {
"node": "^22.0.0",
"pnpm": "^10.0.0"
} }
} }

1578
pnpm-lock.yaml
View file

File diff suppressed because it is too large Load diff

113
renovate.json
View file

@ -1,24 +1,9 @@
{ {
"$schema": "https://docs.renovatebot.com/renovate-schema.json", "$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [ "extends": ["forgejo-contrib/forgejo-renovate//base.json"],
"forgejo-contrib/forgejo-renovate//base.json",
"forgejo-helm/forgejo-helm//.forgejo/renovate/k3s.json"
],
"assignees": ["viceice"], "assignees": ["viceice"],
"baseBranches": ["main", "/^maint\\/.+/"], "enabledManagers": ["helmv3", "npm", "regex", "github-actions"],
"packageRules": [ "packageRules": [
{
"description": "Separate multiple major sub chart updates",
"matchFileNames": ["Chart.yaml"],
"separateMultipleMajor": true
},
{
"description": "Require approval for major sub chart updates for maintenance branches",
"matchBaseBranches": ["/^maint\\/.+/"],
"matchUpdateTypes": ["major"],
"matchFileNames": ["Chart.yaml"],
"dependencyDashboardApproval": true
},
{ {
"matchManagers": ["helmv3"], "matchManagers": ["helmv3"],
"matchUpdateTypes": ["minor", "patch"], "matchUpdateTypes": ["minor", "patch"],
@ -30,74 +15,41 @@
"semanticCommitType": "feat" "semanticCommitType": "feat"
}, },
{ {
"matchManagers": ["custom.regex"], "matchManagers": ["regex"],
"matchDepNames": ["forgejo"], "matchDepNames": ["forgejo"],
"matchUpdateTypes": ["patch"], "matchUpdateTypes": ["patch"],
"semanticCommitType": "fix" "semanticCommitType": "fix"
}, },
{ {
"matchManagers": ["custom.regex"], "matchManagers": ["regex"],
"matchDepNames": ["forgejo"], "matchDepNames": ["forgejo"],
"matchUpdateTypes": ["major", "minor"], "matchUpdateTypes": ["major", "minor"],
"semanticCommitType": "feat" "semanticCommitType": "feat"
}, },
{ {
"description": "Automerge and group helm subchart updates weekly (minor & patch)", "description": "Automerge patch deps updates",
"matchManagers": ["helmv3"], "matchManagers": ["helmv3"],
"matchFileNames": ["Chart.yaml"], "matchFiles": ["Chart.yaml"],
"matchUpdateTypes": ["minor", "patch"], "matchUpdateTypes": ["patch"],
"automerge": true, "automerge": true
"groupName": "subcharts",
"extends": ["schedule:weekly"]
}, },
{ {
"description": "Automerge dev deps updates", "description": "Automerge dev deps updates",
"matchManagers": ["npm"], "matchManagers": ["npm"],
"matchDepTypes": ["devDependencies"], "matchDepTypes": ["devDependencies"],
"matchUpdateTypes": ["minor", "patch"],
"automerge": true "automerge": true
}, },
{ {
"description": "Automerge node updates", "description": "Separate minor and patch updates for kindest",
"matchManagers": ["nodenv"], "matchPackageNames": ["kindest/node"],
"matchUpdateTypes": ["minor", "patch"], "separateMinorPatch": true
"automerge": true
}, },
{ {
"description": "Automerge some updates", "description": "Require approval and no automerge for kindest major and minor updates",
"matchDepNames": ["pnpm", "helm-unittest"], "matchPackageNames": ["kindest/node"],
"matchUpdateTypes": ["minor", "patch"], "matchUpdateTypes": ["major", "minor"],
"automerge": true "dependencyDashboardApproval": true,
}, "automerge": false
{
"description": "Automerge digest updates",
"matchUpdateTypes": ["digest"],
"automerge": true
},
{
"description": "Use test scope for forgejo ci tests",
"matchFileNames": ["ci/*.yaml"],
"additionalBranchPrefix": "ci-forgejo-",
"semanticCommitType": "ci",
"semanticCommitScope": "forgejo",
"groupName": "experimental docker digests",
"extends": ["schedule:daily"]
},
{
"description": "Disable updates for forgejo ci tests",
"matchFileNames": ["ci/*.yaml"],
"matchUpdateTypes": ["major", "minor", "patch"],
"enabled": false
},
{
"description": "Don't pin digests for forgejo ci tests, not supported",
"matchFileNames": ["ci/*.yaml"],
"pinDigests": false
},
{
"description": "branch automerge not possible",
"automergeType": "pr",
"matchPackageNames": ["/.+/"]
} }
], ],
"customManagers": [ "customManagers": [
@ -107,31 +59,38 @@
"fileMatch": ["^Chart\\.yaml$"], "fileMatch": ["^Chart\\.yaml$"],
"matchStrings": ["appVersion: (?<currentValue>.+?)\\s"], "matchStrings": ["appVersion: (?<currentValue>.+?)\\s"],
"depNameTemplate": "forgejo", "depNameTemplate": "forgejo",
"packageNameTemplate": "code.forgejo.org/forgejo/forgejo", "packageNameTemplate": "codeberg.org/forgejo/forgejo",
"datasourceTemplate": "docker" "datasourceTemplate": "docker"
}, },
{ {
"description": "Detect helm-unittest yaml schema file", "description": "Update helm unittest plugin",
"customType": "regex", "customType": "regex",
"fileMatch": [".vscode/settings\\.json$"], "fileMatch": ["^\\.woodpecker/[a-z-]+\\.yml$"],
"matchStrings": [ "matchStrings": [
"https://raw\\.githubusercontent\\.com/helm-unittest/helm-unittest/(?<currentValue>v[0-9.]+?)/schema/helm-testsuite\\.json" "helm plugin install --version (?<currentValue>.+?) https://github.com/helm-unittest/helm-unittest\\s"
], ],
"depNameTemplate": "helm-unittest", "depNameTemplate": "helm-unittest",
"packageNameTemplate": "helm-unittest/helm-unittest", "packageNameTemplate": "helm-unittest/helm-unittest",
"datasourceTemplate": "github-releases" "datasourceTemplate": "github-releases"
}, },
{ {
"description": "Detect helm-unittest yaml schema file",
"customType": "regex", "customType": "regex",
"description": "Update k3s kubernetes references", "fileMatch": [".vscode/settings\\.json$"],
"fileMatch": ["^\\.forgejo/workflows/[^/]+\\.ya?ml$"], "matchStrings": [
"matchStrings": [" +- (?<currentValue>.+?) # renovate: k3s\\n"], "https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json"
"depNameTemplate": "k3s", ],
"packageNameTemplate": "k3s-io/k3s",
"datasourceTemplate": "github-releases" "datasourceTemplate": "github-releases"
},
{
"customType": "regex",
"description": "Update kindest kubernetes references",
"fileMatch": ["^\\.forgejo\\/workflows\\/[^/]+\\.ya?ml$"],
"matchStrings": [
" +- (?<currentValue>v\\d+\\.\\d+\\.\\d+) # renovate: kindest\\n"
],
"depNameTemplate": "kindest/node",
"datasourceTemplate": "docker"
} }
], ]
"helm-values": {
"fileMatch": ["^ci/.+\\.yaml$"]
}
} }

16
templates/NOTES.txt
View file

@ -18,19 +18,3 @@
echo "Visit http://127.0.0.1:{{ .Values.service.http.port }} to use your application" echo "Visit http://127.0.0.1:{{ .Values.service.http.port }} to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward svc/{{ .Release.Name }}-http {{ .Values.service.http.port }}:{{ .Values.service.http.port }} kubectl --namespace {{ .Release.Namespace }} port-forward svc/{{ .Release.Name }}-http {{ .Values.service.http.port }}:{{ .Values.service.http.port }}
{{- end }} {{- end }}
{{- $warnings := list -}}
{{- if eq (get .Values.gitea.config.cache "ADAPTER") "memory" -}}
{{- $warnings = append $warnings "Forgejo uses 'memory' for caching which is not recommended for production use. See https://forgejo.org/docs/latest/admin/config-cheat-sheet/#cache-cache for available options." -}}
{{- end }}
{{- if eq (get .Values.gitea.config.queue "TYPE") "level" -}}
{{- $warnings = append $warnings "Forgejo uses 'leveldb' for queue actions which is not recommended for production use. See https://forgejo.org/docs/latest/admin/config-cheat-sheet/#queue-queue-and-queue for available options." -}}
{{- end }}
{{- if eq (get .Values.gitea.config.session "PROVIDER") "memory" -}}
{{- $warnings = append $warnings "Forgejo uses 'memory' for sessions which is not recommended for production use. See https://forgejo.org/docs/latest/admin/config-cheat-sheet/#session-session for available options." -}}
{{- end }}
{{- if gt (len $warnings) 0 }}
2. Review these warnings:
{{- range $warnings }}
- {{ . }}
{{- end }}
{{- end }}

90
templates/_helpers.tpl
View file

@ -3,6 +3,26 @@
Expand the name of the chart. Expand the name of the chart.
*/}} */}}
{{- /* multiple replicas assertions */ -}}
{{- if gt .Values.replicaCount 1.0 -}}
{{- fail "When using multiple replicas, a RWX file system is required" -}}
{{- if eq (get (.Values.persistence.accessModes 0) "ReadWriteOnce") -}}
{{- fail "When using multiple replicas, a RWX file system is required" -}}
{{- end }}
{{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}}
{{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}}
{{- end }}
{{- if and (eq .Values.gitea.config.indexer.REPO_INDEXER_TYPE "bleve") (eq .Values.gitea.config.indexer.REPO_INDEXER_ENABLED "true") -}}
{{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}}
{{- end }}
{{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}}
{{- (printf "DEBUG: When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'") | fail -}}
{{- end }}
{{- end }}
{{- define "gitea.name" -}} {{- define "gitea.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}} {{- end -}}
@ -32,14 +52,6 @@ Create chart name and version as used by the chart label.
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}} {{- end -}}
{{/*
Get version from .Values.image.tag or Chart.AppVersion.
Trim optional docker digest.
*/}}
{{- define "gitea.version" -}}
{{- regexReplaceAll "@.+" (.Values.image.tag | default .Chart.AppVersion | toString) "" -}}
{{- end -}}
{{/* {{/*
Create image name and tag used by the deployment. Create image name and tag used by the deployment.
*/}} */}}
@ -48,7 +60,7 @@ Create image name and tag used by the deployment.
{{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}} {{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}}
{{- $repository := .Values.image.repository -}} {{- $repository := .Values.image.repository -}}
{{- $separator := ":" -}} {{- $separator := ":" -}}
{{- $tag := .Values.image.tag | default .Chart.AppVersion | toString -}} {{- $tag := .Values.image.tag | default .Chart.AppVersion -}}
{{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}} {{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}}
{{- $digest := "" -}} {{- $digest := "" -}}
{{- if .Values.image.digest }} {{- if .Values.image.digest }}
@ -82,7 +94,7 @@ imagePullSecrets:
Storage Class Storage Class
*/}} */}}
{{- define "gitea.persistence.storageClass" -}} {{- define "gitea.persistence.storageClass" -}}
{{- $storageClass := (tpl ( default "" .Values.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }} {{- $storageClass := .Values.global.storageClass | default .Values.persistence.storageClass }}
{{- if $storageClass }} {{- if $storageClass }}
storageClassName: {{ $storageClass | quote }} storageClassName: {{ $storageClass | quote }}
{{- end }} {{- end }}
@ -95,8 +107,8 @@ Common labels
helm.sh/chart: {{ include "gitea.chart" . }} helm.sh/chart: {{ include "gitea.chart" . }}
app: {{ include "gitea.name" . }} app: {{ include "gitea.name" . }}
{{ include "gitea.selectorLabels" . }} {{ include "gitea.selectorLabels" . }}
app.kubernetes.io/version: {{ include "gitea.version" . | quote }} app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
version: {{ include "gitea.version" . | quote }} version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}} {{- end -}}
@ -121,28 +133,20 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}} {{- end -}}
{{- define "redis.dns" -}} {{- define "redis.dns" -}}
{{- if and ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} {{- if (index .Values "redis-cluster").enabled -}}
{{- fail "redis and redis-cluster cannot be enabled at the same time. Please only choose one." -}}
{{- else if (index .Values "redis-cluster").enabled -}}
{{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}} {{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}}
{{- else if (index .Values "redis").enabled -}}
{{- printf "redis://:%s@%s-redis-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis").master.service.ports.redis -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- define "redis.port" -}} {{- define "redis.port" -}}
{{- if (index .Values "redis-cluster").enabled -}} {{- if (index .Values "redis-cluster").enabled -}}
{{ (index .Values "redis-cluster").service.ports.redis }} {{ (index .Values "redis-cluster").service.ports.redis }}
{{- else if (index .Values "redis").enabled -}}
{{ (index .Values "redis").master.service.ports.redis }}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- define "redis.servicename" -}} {{- define "redis.servicename" -}}
{{- if (index .Values "redis-cluster").enabled -}} {{- if (index .Values "redis-cluster").enabled -}}
{{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} {{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
{{- else if (index .Values "redis").enabled -}}
{{- printf "%s-redis-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
@ -224,7 +228,7 @@ https
{{- $_ := set $inlines $key (join "\n" $section) -}} {{- $_ := set $inlines $key (join "\n" $section) -}}
{{- end -}} {{- end -}}
{{- else }} {{- else }}
{{- if or (eq $key "APP_NAME") (eq $key "RUN_USER") (eq $key "RUN_MODE") (eq $key "APP_SLOGAN") (eq $key "APP_DISPLAY_NAME_FORMAT") -}} {{- if or (eq $key "APP_NAME") (eq $key "RUN_USER") (eq $key "RUN_MODE") -}}
{{- $generals = append $generals (printf "%s=%s" $key $value) -}} {{- $generals = append $generals (printf "%s=%s" $key $value) -}}
{{- else -}} {{- else -}}
{{- (printf "Key %s cannot be on top level of configuration" $key) | fail -}} {{- (printf "Key %s cannot be on top level of configuration" $key) | fail -}}
@ -286,33 +290,23 @@ https
{{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}} {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
{{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
{{- end -}} {{- end -}}
{{- if (index .Values "redis-cluster").enabled -}}
{{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}}
{{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}}
{{- if not (.Values.gitea.config.cache.HOST) -}}
{{- $_ := set .Values.gitea.config.cache "HOST" (include "redis.dns" .) -}}
{{- end -}}
{{- end -}}
{{- /* redis queue */ -}} {{- /* redis queue */ -}}
{{- if or ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} {{- if (index .Values "redis-cluster").enabled -}}
{{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}} {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}}
{{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}} {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}}
{{- end -}}
{{- if not (get .Values.gitea.config.session "PROVIDER") -}}
{{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}} {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}}
{{- end -}}
{{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}}
{{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "redis.dns" .) -}} {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "redis.dns" .) -}}
{{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}}
{{- $_ := set .Values.gitea.config.cache "HOST" (include "redis.dns" .) -}}
{{- else -}}
{{- if not (get .Values.gitea.config.session "PROVIDER") -}}
{{- $_ := set .Values.gitea.config.session "PROVIDER" "memory" -}}
{{- end -}}
{{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}}
{{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" "" -}}
{{- end -}}
{{- if not (get .Values.gitea.config.queue "TYPE") -}}
{{- $_ := set .Values.gitea.config.queue "TYPE" "level" -}}
{{- end -}}
{{- if not (get .Values.gitea.config.queue "CONN_STR") -}}
{{- $_ := set .Values.gitea.config.queue "CONN_STR" "" -}}
{{- end -}}
{{- if not (get .Values.gitea.config.cache "ADAPTER") -}}
{{- $_ := set .Values.gitea.config.cache "ADAPTER" "memory" -}}
{{- end -}}
{{- if not (get .Values.gitea.config.cache "HOST") -}}
{{- $_ := set .Values.gitea.config.cache "HOST" "" -}}
{{- end -}}
{{- end -}} {{- end -}}
{{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}} {{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}}
{{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}} {{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}}
@ -408,11 +402,3 @@ https
{{- define "gitea.serviceAccountName" -}} {{- define "gitea.serviceAccountName" -}}
{{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }} {{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }}
{{- end -}} {{- end -}}
{{- define "gitea.admin.passwordMode" -}}
{{- if has .Values.gitea.admin.passwordMode (tuple "keepUpdated" "initialOnlyNoReset" "initialOnlyRequireReset") -}}
{{ .Values.gitea.admin.passwordMode }}
{{- else -}}
{{ printf "gitea.admin.passwordMode must be set to one of 'keepUpdated', 'initialOnlyNoReset', or 'initialOnlyRequireReset'. Received: '%s'" .Values.gitea.admin.passwordMode | fail }}
{{- end -}}
{{- end -}}

75
templates/gitea/config.yaml
View file

@ -2,7 +2,6 @@ apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: {{ include "gitea.fullname" . }}-inline-config name: {{ include "gitea.fullname" . }}-inline-config
namespace: {{ include "common.names.namespace" . | quote }}
labels: labels:
{{- include "gitea.labels" . | nindent 4 }} {{- include "gitea.labels" . | nindent 4 }}
type: Opaque type: Opaque
@ -19,40 +18,35 @@ type: Opaque
stringData: stringData:
assertions: | assertions: |
{{- /*assert that only one PG dep is enabled */ -}} {{- /*assert that only one PG dep is enabled */ -}}
{{- if and (.Values.postgresql.enabled) (index .Values "postgresql-ha" "enabled") -}} {{- if and (.Values.postgresql.enabled) (index .Values "postgresql-ha" "enabled") -}}
{{- fail "Only one of postgresql or postgresql-ha can be enabled at the same time." -}} {{- fail "Only one of postgresql or postgresql-ha can be enabled at the same time." -}}
{{- end }} {{- end }}
{{- /* multiple replicas assertions */ -}}
{{- if gt .Values.replicaCount 1.0 -}}
{{- if .Values.gitea.config.cron -}}
{{- if .Values.gitea.config.cron.GIT_GC_REPOS -}}
{{- if eq .Values.gitea.config.cron.GIT_GC_REPOS.ENABLED true -}}
{{ fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." }}
{{- end }}
{{- end }}
{{- end }}
{{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}}
{{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}}
{{- end }}
{{- if .Values.gitea.config.indexer -}}
{{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}}
{{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}}
{{- end }}
{{- if .Values.gitea.config.indexer.REPO_INDEXER_TYPE -}}
{{- if eq .Values.gitea.config.indexer.REPO_INDEXER_TYPE "bleve" -}}
{{- if .Values.gitea.config.indexer.REPO_INDEXER_ENABLED -}}
{{- if eq .Values.gitea.config.indexer.REPO_INDEXER_ENABLED true -}}
{{- fail "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -}}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- /* multiple replicas assertions */ -}}
{{- if gt .Values.replicaCount 1.0 -}}
{{- if (get (get .Values.gitea.config "cron.GIT_GC_REPOS") "ENABLED") -}}
{{- fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." -}}
{{- end }}
{{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}}
{{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}}
{{- end }}
{{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}}
{{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}}
{{- end }}
{{- if .Values.gitea.config.indexer.REPO_INDEXER_TYPE -}}
{{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_TYPE") "bleve" -}}
{{- if .Values.gitea.config.indexer.REPO_INDEXER_ENABLED -}}
{{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_ENABLED") "true" -}}
{{- fail "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -}}
{{- end }}
{{- end }}
{{- end }} {{- end }}
{{- end }}
{{- end }}
config_environment.sh: |- config_environment.sh: |-
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
@ -69,7 +63,7 @@ stringData:
# skip empty line # skip empty line
return return
fi fi
# 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line
local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)" local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)"
@ -89,18 +83,15 @@ stringData:
env2ini::log " + '${setting}'" env2ini::log " + '${setting}'"
local masked_setting="${setting//./_0X2E_}" # '//' instructs to replace all matches
masked_setting="${masked_setting//-/_0X2D_}"
if [[ -z "${section}" ]]; then if [[ -z "${section}" ]]; then
export "FORGEJO____${masked_setting^^}=${value}" # '^^' makes the variable content uppercase export "FORGEJO____${setting^^}=${value}" # '^^' makes the variable content uppercase
return return
fi fi
local masked_section="${section//./_0X2E_}" # '//' instructs to replace all matches local masked_section="${section//./_0X2E_}" # '//' instructs to replace all matches
masked_section="${masked_section//-/_0X2D_}" masked_section="${masked_section//-/_0X2D_}"
export "FORGEJO__${masked_section^^}__${masked_setting^^}=${value}" # '^^' makes the variable content uppercase export "FORGEJO__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase
} }
function env2ini::reload_preset_envs() { function env2ini::reload_preset_envs() {
@ -182,10 +173,8 @@ stringData:
env2ini::log "...Initial secrets generated\n" env2ini::log "...Initial secrets generated\n"
} }
# save existing envs prior to script execution. Necessary to keep order of env | (grep FORGEJO || [[ $? == 1 ]]) > /tmp/existing-envs
# preexisting and custom envs
env | (grep -e '^FORGEJO__' || [[ $? == 1 ]]) > /tmp/existing-envs
# MUST BE CALLED BEFORE OTHER CONFIGURATION # MUST BE CALLED BEFORE OTHER CONFIGURATION
env2ini::generate_initial_secrets env2ini::generate_initial_secrets

22
templates/gitea/deployment.yaml
View file

@ -2,16 +2,12 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: {{ include "gitea.fullname" . }} name: {{ include "gitea.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
annotations: annotations:
{{- if .Values.deployment.annotations }} {{- if .Values.deployment.annotations }}
{{- toYaml .Values.deployment.annotations | nindent 4 }} {{- toYaml .Values.deployment.annotations | nindent 4 }}
{{- end }} {{- end }}
labels: labels:
{{- include "gitea.labels" . | nindent 4 }} {{- include "gitea.labels" . | nindent 4 }}
{{- if .Values.deployment.labels }}
{{- toYaml .Values.deployment.labels | nindent 4 }}
{{- end }}
spec: spec:
replicas: {{ .Values.replicaCount }} replicas: {{ .Values.replicaCount }}
strategy: strategy:
@ -57,7 +53,7 @@ spec:
{{- end }} {{- end }}
{{- include "gitea.images.pullSecrets" . | nindent 6 }} {{- include "gitea.images.pullSecrets" . | nindent 6 }}
securityContext: securityContext:
{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} {{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers: initContainers:
- name: init-directories - name: init-directories
image: "{{ include "gitea.image" . }}" image: "{{ include "gitea.image" . }}"
@ -91,7 +87,7 @@ spec:
{{- end }} {{- end }}
{{- include "gitea.init-additional-mounts" . | nindent 12 }} {{- include "gitea.init-additional-mounts" . | nindent 12 }}
securityContext: securityContext:
{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} {{- toYaml .Values.containerSecurityContext | nindent 12 }}
resources: resources:
{{- toYaml .Values.initContainers.resources | nindent 12 }} {{- toYaml .Values.initContainers.resources | nindent 12 }}
- name: init-app-ini - name: init-app-ini
@ -131,7 +127,7 @@ spec:
{{- end }} {{- end }}
{{- include "gitea.init-additional-mounts" . | nindent 12 }} {{- include "gitea.init-additional-mounts" . | nindent 12 }}
securityContext: securityContext:
{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} {{- toYaml .Values.containerSecurityContext | nindent 12 }}
resources: resources:
{{- toYaml .Values.initContainers.resources | nindent 12 }} {{- toYaml .Values.initContainers.resources | nindent 12 }}
{{- if .Values.signing.enabled }} {{- if .Values.signing.enabled }}
@ -145,7 +141,7 @@ spec:
{{- if not (hasKey $csc "runAsUser") -}} {{- if not (hasKey $csc "runAsUser") -}}
{{- $_ := set $csc "runAsUser" 1000 -}} {{- $_ := set $csc "runAsUser" 1000 -}}
{{- end -}} {{- end -}}
{{- include "common.compatibility.renderSecurityContext" (dict "secContext" $csc "context" $) | nindent 12 }} {{- toYaml $csc | nindent 12 }}
env: env:
- name: GNUPGHOME - name: GNUPGHOME
value: {{ .Values.signing.gpgHome }} value: {{ .Values.signing.gpgHome }}
@ -176,7 +172,7 @@ spec:
{{- if not (hasKey $csc "runAsUser") -}} {{- if not (hasKey $csc "runAsUser") -}}
{{- $_ := set $csc "runAsUser" 1000 -}} {{- $_ := set $csc "runAsUser" 1000 -}}
{{- end -}} {{- end -}}
{{- include "common.compatibility.renderSecurityContext" (dict "secContext" $csc "context" $) | nindent 12 }} {{- toYaml $csc | nindent 12 }}
env: env:
- name: GITEA_APP_INI - name: GITEA_APP_INI
value: /data/gitea/conf/app.ini value: /data/gitea/conf/app.ini
@ -244,8 +240,6 @@ spec:
- name: GITEA_ADMIN_PASSWORD - name: GITEA_ADMIN_PASSWORD
value: {{ .Values.gitea.admin.password | quote }} value: {{ .Values.gitea.admin.password | quote }}
{{- end }} {{- end }}
- name: GITEA_ADMIN_PASSWORD_MODE
value: {{ include "gitea.admin.passwordMode" $ }}
{{- if .Values.deployment.env }} {{- if .Values.deployment.env }}
{{- toYaml .Values.deployment.env | nindent 12 }} {{- toYaml .Values.deployment.env | nindent 12 }}
{{- end }} {{- end }}
@ -327,9 +321,9 @@ spec:
securityContext: securityContext:
{{- /* Honor the deprecated securityContext variable when defined */ -}} {{- /* Honor the deprecated securityContext variable when defined */ -}}
{{- if .Values.containerSecurityContext -}} {{- if .Values.containerSecurityContext -}}
{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} {{ toYaml .Values.containerSecurityContext | nindent 12 -}}
{{- else -}} {{- else -}}
{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.securityContext "context" $) | nindent 12 }} {{ toYaml .Values.securityContext | nindent 12 -}}
{{- end }} {{- end }}
volumeMounts: volumeMounts:
- name: temp - name: temp
@ -353,7 +347,7 @@ spec:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- with .Values.topologySpreadConstraints }} {{- with .Values.topologySpreadConstraints }}
topologySpreadConstraints: topologySpreadConstraints:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- with .Values.tolerations }} {{- with .Values.tolerations }}

1
templates/gitea/gpg-secret.yaml
View file

@ -7,7 +7,6 @@ apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: {{ include "gitea.gpg-key-secret-name" . }} name: {{ include "gitea.gpg-key-secret-name" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: labels:
{{- include "gitea.labels" . | nindent 4 }} {{- include "gitea.labels" . | nindent 4 }}
type: Opaque type: Opaque

13
templates/gitea/http-svc.yaml
View file

@ -2,21 +2,13 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: {{ include "gitea.fullname" . }}-http name: {{ include "gitea.fullname" . }}-http
namespace: {{ include "common.names.namespace" . | quote }}
labels: labels:
{{- include "gitea.labels" . | nindent 4 }} {{- include "gitea.labels" . | nindent 4 }}
{{- if .Values.service.http.labels }}
{{- toYaml .Values.service.http.labels | nindent 4 }}
{{- end }}
annotations: annotations:
{{- toYaml .Values.service.http.annotations | nindent 4 }} {{- toYaml .Values.service.http.annotations | nindent 4 }}
spec: spec:
type: {{ .Values.service.http.type }} type: {{ .Values.service.http.type }}
{{- if eq .Values.service.http.type "LoadBalancer" }} {{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }}
{{- if .Values.service.http.loadBalancerClass }}
loadBalancerClass: {{ .Values.service.http.loadBalancerClass }}
{{- end }}
{{- if and .Values.service.http.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.http.loadBalancerIP }} loadBalancerIP: {{ .Values.service.http.loadBalancerIP }}
{{- end }} {{- end }}
{{- if .Values.service.http.loadBalancerSourceRanges }} {{- if .Values.service.http.loadBalancerSourceRanges }}
@ -25,7 +17,6 @@ spec:
- {{ . }} - {{ . }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}
{{- if .Values.service.http.externalIPs }} {{- if .Values.service.http.externalIPs }}
externalIPs: externalIPs:
{{- toYaml .Values.service.http.externalIPs | nindent 4 }} {{- toYaml .Values.service.http.externalIPs | nindent 4 }}
@ -49,6 +40,6 @@ spec:
{{- if .Values.service.http.nodePort }} {{- if .Values.service.http.nodePort }}
nodePort: {{ .Values.service.http.nodePort }} nodePort: {{ .Values.service.http.nodePort }}
{{- end }} {{- end }}
targetPort: http targetPort: {{ .Values.gitea.config.server.HTTP_PORT }}
selector: selector:
{{- include "gitea.selectorLabels" . | nindent 4 }} {{- include "gitea.selectorLabels" . | nindent 4 }}

23
templates/gitea/ingress.yaml
View file

@ -1,10 +1,18 @@
{{- if .Values.ingress.enabled -}} {{- if .Values.ingress.enabled -}}
{{- $fullName := include "gitea.fullname" . -}} {{- $fullName := include "gitea.fullname" . -}}
apiVersion: networking.k8s.io/v1 {{- $httpPort := .Values.service.http.port -}}
{{- $apiVersion := "extensions/v1beta1" -}}
{{- if .Values.ingress.apiVersion -}}
{{- $apiVersion = .Values.ingress.apiVersion -}}
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}}
{{- $apiVersion = "networking.k8s.io/v1" }}
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}}
{{- $apiVersion = "networking.k8s.io/v1beta1" }}
{{- end }}
apiVersion: {{ $apiVersion }}
kind: Ingress kind: Ingress
metadata: metadata:
name: {{ $fullName }} name: {{ $fullName }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: labels:
{{- include "gitea.labels" . | nindent 4 }} {{- include "gitea.labels" . | nindent 4 }}
annotations: annotations:
@ -13,7 +21,7 @@ metadata:
{{- end }} {{- end }}
spec: spec:
{{- if .Values.ingress.className }} {{- if .Values.ingress.className }}
ingressClassName: {{ tpl .Values.ingress.className . }} ingressClassName: {{ .Values.ingress.className }}
{{- end }} {{- end }}
{{- if .Values.ingress.tls }} {{- if .Values.ingress.tls }}
tls: tls:
@ -32,14 +40,19 @@ spec:
paths: paths:
{{- range .paths }} {{- range .paths }}
- path: {{ .path }} - path: {{ .path }}
{{- if .pathType }} {{- if and .pathType (eq $apiVersion "networking.k8s.io/v1") }}
pathType: {{ .pathType }} pathType: {{ .pathType }}
{{- end }} {{- end }}
backend: backend:
{{- if eq $apiVersion "networking.k8s.io/v1" }}
service: service:
name: {{ $fullName }}-http name: {{ $fullName }}-http
port: port:
name: http number: {{ $httpPort }}
{{- else }}
serviceName: {{ $fullName }}-http
servicePort: {{ $httpPort }}
{{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

91
templates/gitea/init.yaml
View file

@ -2,7 +2,6 @@ apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: {{ include "gitea.fullname" . }}-init name: {{ include "gitea.fullname" . }}-init
namespace: {{ include "common.names.namespace" . | quote }}
labels: labels:
{{- include "gitea.labels" . | nindent 4 }} {{- include "gitea.labels" . | nindent 4 }}
type: Opaque type: Opaque
@ -87,49 +86,15 @@ stringData:
{{- if or .Values.gitea.admin.existingSecret (and .Values.gitea.admin.username .Values.gitea.admin.password) }} {{- if or .Values.gitea.admin.existingSecret (and .Values.gitea.admin.username .Values.gitea.admin.password) }}
function configure_admin_user() { function configure_admin_user() {
local full_admin_list=$(gitea admin user list --admin) local ACCOUNT_ID=$(gitea admin user list --admin | grep -e "\s\+${GITEA_ADMIN_USERNAME}\s\+" | awk -F " " "{printf \$1}")
local actual_user_table=''
# We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line
local regex="(.*)(ID\s+Username\s+Email\s+IsActive.*)"
if [[ "${full_admin_list}" =~ $regex ]]; then
actual_user_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline
else
# This code block should never be reached, as long as the output table header remains the same.
# If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script.
echo "ERROR: 'configure_admin_user' was not able to determine the current list of admin users."
echo " Please review the output of 'gitea admin user list --admin' shown below."
echo " If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues."
echo "DEBUG: Output of 'gitea admin user list --admin'"
echo "--"
echo "${full_admin_list}"
echo "--"
exit 1
fi
local ACCOUNT_ID=$(echo "${actual_user_table}" | grep -E "\s+${GITEA_ADMIN_USERNAME}\s+" | awk -F " " "{printf \$1}")
if [[ -z "${ACCOUNT_ID}" ]]; then if [[ -z "${ACCOUNT_ID}" ]]; then
local -a create_args
create_args=(--admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }})
if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = initialOnlyRequireReset ]]; then
create_args+=(--must-change-password=true)
else
create_args+=(--must-change-password=false)
fi
echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..." echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..."
gitea admin user create "${create_args[@]}" gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }} --must-change-password=false
echo '...created.' echo '...created.'
else else
if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = keepUpdated ]]; then echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..."
echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}"
local -a change_args echo '...password sync done.'
change_args=(--username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --must-change-password=false)
gitea admin user change-password "${change_args[@]}"
echo '...password sync done.'
else
echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist, but update mode is set to '${GITEA_ADMIN_PASSWORD_MODE}'. Skipping."
fi
fi fi
} }
@ -140,28 +105,7 @@ stringData:
{{- if .Values.gitea.ldap }} {{- if .Values.gitea.ldap }}
{{- range $idx, $value := .Values.gitea.ldap }} {{- range $idx, $value := .Values.gitea.ldap }}
local LDAP_NAME={{ (printf "%s" $value.name) | squote }} local LDAP_NAME={{ (printf "%s" $value.name) | squote }}
local full_auth_list=$(gitea admin auth list --vertical-bars) local GITEA_AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " " "{print \$1}")
local actual_auth_table=''
# We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line
local regex="(.*)(ID\s+\|Name\s+\|Type\s+\|Enabled.*)"
if [[ "${full_auth_list}" =~ $regex ]]; then
actual_auth_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline
else
# This code block should never be reached, as long as the output table header remains the same.
# If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script.
echo "ERROR: 'configure_ldap' was not able to determine the current list of authentication sources."
echo " Please review the output of 'gitea admin auth list --vertical-bars' shown below."
echo " If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues."
echo "DEBUG: Output of 'gitea admin auth list --vertical-bars'"
echo "--"
echo "${full_auth_list}"
echo "--"
exit 1
fi
local GITEA_AUTH_ID=$(echo "${actual_auth_table}" | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " " "{print \$1}")
if [[ -z "${GITEA_AUTH_ID}" ]]; then if [[ -z "${GITEA_AUTH_ID}" ]]; then
echo "No ldap configuration found with name '${LDAP_NAME}'. Installing it now..." echo "No ldap configuration found with name '${LDAP_NAME}'. Installing it now..."
@ -184,28 +128,7 @@ stringData:
{{- if .Values.gitea.oauth }} {{- if .Values.gitea.oauth }}
{{- range $idx, $value := .Values.gitea.oauth }} {{- range $idx, $value := .Values.gitea.oauth }}
local OAUTH_NAME={{ (printf "%s" $value.name) | squote }} local OAUTH_NAME={{ (printf "%s" $value.name) | squote }}
local full_auth_list=$(gitea admin auth list --vertical-bars) local AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}")
local actual_auth_table=''
# We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line
local regex="(.*)(ID\s+\|Name\s+\|Type\s+\|Enabled.*)"
if [[ "${full_auth_list}" =~ $regex ]]; then
actual_auth_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline
else
# This code block should never be reached, as long as the output table header remains the same.
# If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script.
echo "ERROR: 'configure_oauth' was not able to determine the current list of authentication sources."
echo " Please review the output of 'gitea admin auth list --vertical-bars' shown below."
echo " If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues."
echo "DEBUG: Output of 'gitea admin auth list --vertical-bars'"
echo "--"
echo "${full_auth_list}"
echo "--"
exit 1
fi
local AUTH_ID=$(echo "${actual_auth_table}" | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}")
if [[ -z "${AUTH_ID}" ]]; then if [[ -z "${AUTH_ID}" ]]; then
echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..." echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..."

7
templates/gitea/poddisruptionbudget.yaml
View file

@ -1,9 +1,12 @@
{{- if .Values.podDisruptionBudget -}} {{- if .Values.podDisruptionBudget -}}
{{- if .Capabilities.APIVersions.Has "policy/v1" }}
apiVersion: policy/v1 apiVersion: policy/v1
{{- else }}
apiVersion: policy/v1beta1
{{- end }}
kind: PodDisruptionBudget kind: PodDisruptionBudget
metadata: metadata:
name: {{ include "gitea.fullname" . }} name: {{ include "gitea.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: labels:
{{- include "gitea.labels" . | nindent 4 }} {{- include "gitea.labels" . | nindent 4 }}
spec: spec:
@ -11,4 +14,4 @@ spec:
matchLabels: matchLabels:
{{- include "gitea.selectorLabels" . | nindent 6 }} {{- include "gitea.selectorLabels" . | nindent 6 }}
{{- toYaml .Values.podDisruptionBudget | nindent 2 }} {{- toYaml .Values.podDisruptionBudget | nindent 2 }}
{{- end -}} {{- end -}}

12
templates/gitea/pvc.yaml
View file

@ -3,13 +3,9 @@ kind: PersistentVolumeClaim
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: {{ .Values.persistence.claimName }} name: {{ .Values.persistence.claimName }}
namespace: {{ include "common.names.namespace" . | quote }} namespace: {{ $.Release.Namespace }}
annotations: annotations:
{{ .Values.persistence.annotations | toYaml | indent 4}} {{ .Values.persistence.annotations | toYaml | indent 4}}
{{- if .Values.persistence.labels }}
labels:
{{ .Values.persistence.labels | toYaml | indent 4}}
{{- end }}
spec: spec:
accessModes: accessModes:
{{- if gt .Values.replicaCount 1.0 }} {{- if gt .Values.replicaCount 1.0 }}
@ -18,11 +14,13 @@ spec:
{{- .Values.persistence.accessModes | toYaml | nindent 4 }} {{- .Values.persistence.accessModes | toYaml | nindent 4 }}
{{- end }} {{- end }}
volumeMode: Filesystem volumeMode: Filesystem
{{- include "gitea.persistence.storageClass" . | nindent 2 }} {{- if .Values.persistence.storageClass }}
storageClassName: {{ .Values.persistence.storageClass }}
{{- end }}
{{- with .Values.persistence.volumeName }} {{- with .Values.persistence.volumeName }}
volumeName: {{ . }} volumeName: {{ . }}
{{- end }} {{- end }}
resources: resources:
requests: requests:
storage: {{ .Values.persistence.size }} storage: {{ .Values.persistence.size }}
{{- end }} {{- end }}

43
templates/gitea/route.yaml
View file

@ -1,43 +0,0 @@
{{- if .Values.route.enabled -}}
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: {{ include "gitea.fullname" . }}-http
namespace: {{ include "common.names.namespace" . | quote }}
labels:
{{- include "gitea.labels" . | nindent 4 }}
annotations:
{{- toYaml .Values.route.annotations | nindent 4 }}
spec:
{{- if .Values.route.host }}
host: {{ tpl .Values.route.host $ | quote }}
{{- end }}
{{- if .Values.route.wildcardPolicy }}
wildcardPolicy: {{ .Values.route.wildcardPolicy }}
{{- end }}
to:
kind: Service
name: {{ include "gitea.fullname" . }}-http
weight: 100
port:
targetPort: http
tls:
termination: edge
insecureEdgeTerminationPolicy: Redirect
{{- if .Values.route.tls.existingSecret }}
externalCertificate: {{ .Values.route.tls.existingSecret }}
{{- else if and .Values.route.tls.certificate
.Values.route.tls.privateKey
.Values.route.tls.caCertificate }}
certificate: |
{{ .Values.route.tls.certificate | indent 6 }}
key: |
{{ .Values.route.tls.privateKey | indent 6 }}
caCertificate: |
{{ .Values.route.tls.caCertificate | indent 6 }}
{{- else if or .Values.route.tls.certificate
.Values.route.tls.privateKey
.Values.route.tls.caCertificate }}
{{- fail "certificate, privateKey and caCertificate must be specified together" }}
{{- end }}
{{- end }}

2
templates/gitea/serviceaccount.yaml
View file

@ -3,7 +3,7 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: {{ include "gitea.serviceAccountName" . }} name: {{ include "gitea.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }} namespace: {{ .Release.Namespace | quote }}
labels: labels:
{{- include "gitea.labels" . | nindent 4 }} {{- include "gitea.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.labels }} {{- with .Values.serviceAccount.labels }}

3
templates/gitea/servicemonitor.yaml
View file

@ -3,7 +3,6 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
name: {{ include "gitea.fullname" . }} name: {{ include "gitea.fullname" . }}
namespace: {{ default (include "common.names.namespace" .) .Values.gitea.metrics.serviceMonitor.namespace | quote }}
labels: labels:
{{- include "gitea.labels" . | nindent 4 }} {{- include "gitea.labels" . | nindent 4 }}
{{- if .Values.gitea.metrics.serviceMonitor.additionalLabels }} {{- if .Values.gitea.metrics.serviceMonitor.additionalLabels }}
@ -15,4 +14,4 @@ spec:
{{- include "gitea.selectorLabels" . | nindent 6 }} {{- include "gitea.selectorLabels" . | nindent 6 }}
endpoints: endpoints:
- port: http - port: http
{{- end -}} {{- end -}}

9
templates/gitea/ssh-svc.yaml
View file

@ -2,20 +2,13 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: {{ include "gitea.fullname" . }}-ssh name: {{ include "gitea.fullname" . }}-ssh
namespace: {{ include "common.names.namespace" . | quote }}
labels: labels:
{{- include "gitea.labels" . | nindent 4 }} {{- include "gitea.labels" . | nindent 4 }}
{{- if .Values.service.ssh.labels }}
{{- toYaml .Values.service.ssh.labels | nindent 4 }}
{{- end }}
annotations: annotations:
{{- toYaml .Values.service.ssh.annotations | nindent 4 }} {{- toYaml .Values.service.ssh.annotations | nindent 4 }}
spec: spec:
type: {{ .Values.service.ssh.type }} type: {{ .Values.service.ssh.type }}
{{- if eq .Values.service.ssh.type "LoadBalancer" }} {{- if eq .Values.service.ssh.type "LoadBalancer" }}
{{- if .Values.service.ssh.loadBalancerClass }}
loadBalancerClass: {{ .Values.service.ssh.loadBalancerClass }}
{{- end }}
{{- if .Values.service.ssh.loadBalancerIP }} {{- if .Values.service.ssh.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }} loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }}
{{- end -}} {{- end -}}
@ -47,7 +40,7 @@ spec:
- name: ssh - name: ssh
port: {{ .Values.service.ssh.port }} port: {{ .Values.service.ssh.port }}
{{- if .Values.gitea.config.server.SSH_LISTEN_PORT }} {{- if .Values.gitea.config.server.SSH_LISTEN_PORT }}
targetPort: ssh targetPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }}
{{- end }} {{- end }}
protocol: TCP protocol: TCP
{{- if .Values.service.ssh.nodePort }} {{- if .Values.service.ssh.nodePort }}

2
templates/tests/test-http-connection.yaml
View file

@ -6,7 +6,7 @@ metadata:
labels: labels:
{{ include "gitea.labels" . | nindent 4 }} {{ include "gitea.labels" . | nindent 4 }}
annotations: annotations:
"helm.sh/hook": test "helm.sh/hook": test-success
spec: spec:
containers: containers:
- name: wget - name: wget

77
tools/changelog.mjs
View file

@ -1,12 +1,71 @@
import { getChangelog } from './changelog/util.js'; import conventionalChangelogCore from 'conventional-changelog-core';
import conventionalChangelogPreset from 'conventional-changelog-conventionalcommits';
import fs from 'node:fs';
const stream = getChangelog(!!process.argv[2]).setEncoding('utf8'); const config = conventionalChangelogPreset({
types: [
{
type: 'feat',
section: 'Features',
},
{
type: 'feature',
section: 'Features',
},
{
type: 'fix',
section: 'Bug Fixes',
},
{
type: 'perf',
section: 'Performance Improvements',
},
{
type: 'revert',
section: 'Reverts',
},
{
type: 'docs',
section: 'Documentation',
},
{
type: 'style',
section: 'Styles',
},
{
type: 'chore',
section: 'Miscellaneous Chores',
},
{
type: 'refactor',
section: 'Code Refactoring',
},
{
type: 'test',
section: 'Tests',
},
{
type: 'build',
section: 'Build System',
},
{
type: 'ci',
section: 'Continuous Integration',
},
],
});
const changes = (await stream.toArray()).join(''); const file = process.argv[3]
? fs.createWriteStream(process.argv[3])
: process.stdout;
if (!changes.length) { conventionalChangelogCore(
console.error('No changelog found'); {
process.exit(1); config,
} releaseCount: 2,
},
process.stdout.write(changes); { version: process.argv[2], linkCompare: false },
undefined,
undefined,
{ headerPartial: '' },
).pipe(file);

19
tools/changelog/util.js
View file

@ -11,6 +11,10 @@ export const config = conventionalChangelogPreset({
type: 'feat', type: 'feat',
section: 'Features', section: 'Features',
}, },
{
type: 'feature',
section: 'Features',
},
{ {
type: 'fix', type: 'fix',
section: 'Bug Fixes', section: 'Bug Fixes',
@ -31,6 +35,10 @@ export const config = conventionalChangelogPreset({
type: 'style', type: 'style',
section: 'Styles', section: 'Styles',
}, },
{
type: 'chore',
section: 'Miscellaneous Chores',
},
{ {
type: 'refactor', type: 'refactor',
section: 'Code Refactoring', section: 'Code Refactoring',
@ -47,25 +55,22 @@ export const config = conventionalChangelogPreset({
type: 'ci', type: 'ci',
section: 'Continuous Integration', section: 'Continuous Integration',
}, },
{
type: 'chore',
section: 'Miscellaneous Chores',
},
], ],
}); });
/** /**
* *
* @param {boolean|undefined} onTag * @param {string} version
* @param {boolean} onTag
* @returns * @returns
*/ */
export function getChangelog(onTag = false) { export function getChangelog(version, onTag) {
return conventionalChangelogCore( return conventionalChangelogCore(
{ {
config, config,
releaseCount: onTag ? 2 : 1, releaseCount: onTag ? 2 : 1,
}, },
undefined, { version, linkCompare: false },
undefined, undefined,
undefined, undefined,
{ headerPartial: '' }, { headerPartial: '' },

3
tools/ct.yml
View file

@ -1,5 +1,4 @@
# https://github.com/helm/chart-testing/blob/main/doc/ct_install.md helm-extra-args: --timeout 900s
helm-extra-args: --timeout 3m
check-version-increment: false check-version-increment: false
debug: true debug: true
target-branch: main target-branch: main

2
tools/forgejo-release.js
View file

@ -68,7 +68,7 @@ class GiteaReleaseCommand extends Command {
return 1; return 1;
} }
const stream = getChangelog(true).setEncoding('utf8'); const stream = getChangelog(tag, true).setEncoding('utf8');
const changes = (await stream.toArray()).join(''); const changes = (await stream.toArray()).join('');
this.context.stdout.write(`Creating release ${tag}.\n`); this.context.stdout.write(`Creating release ${tag}.\n`);

66
unittests/config/cache-config.yaml
View file

@ -1,66 +0,0 @@
suite: config template | cache config
release:
name: gitea-unittests
namespace: testing
tests:
- it: 'cache is configured correctly for redis-cluster'
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: true
redis:
enabled: false
asserts:
- documentIndex: 0
equal:
path: stringData.cache
value: |-
ADAPTER=redis
HOST=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
- it: 'cache is configured correctly for redis'
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: true
asserts:
- documentIndex: 0
equal:
path: stringData.cache
value: |-
ADAPTER=redis
HOST=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
- it: "cache is configured correctly for 'memory' when redis (or redis-cluster) is disabled"
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: false
asserts:
- documentIndex: 0
equal:
path: stringData.cache
value: |-
ADAPTER=memory
HOST=
- it: 'cache can be customized when redis (or redis-cluster) is disabled'
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: false
gitea.config.cache.ADAPTER: custom-adapter
gitea.config.cache.HOST: custom-host
asserts:
- documentIndex: 0
equal:
path: stringData.cache
value: |-
ADAPTER=custom-adapter
HOST=custom-host

66
unittests/config/queue-config.yaml
View file

@ -1,66 +0,0 @@
suite: config template | queue config
release:
name: gitea-unittests
namespace: testing
tests:
- it: 'queue is configured correctly for redis-cluster'
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: true
redis:
enabled: false
asserts:
- documentIndex: 0
equal:
path: stringData.queue
value: |-
CONN_STR=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
TYPE=redis
- it: 'queue is configured correctly for redis'
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: true
asserts:
- documentIndex: 0
equal:
path: stringData.queue
value: |-
CONN_STR=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
TYPE=redis
- it: "queue is configured correctly for 'levelDB' when redis (and redis-cluster) is disabled"
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: false
asserts:
- documentIndex: 0
equal:
path: stringData.queue
value: |-
CONN_STR=
TYPE=level
- it: 'queue can be customized when redis (and redis-cluster) are disabled'
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: false
gitea.config.queue.TYPE: custom-type
gitea.config.queue.CONN_STR: custom-connection-string
asserts:
- documentIndex: 0
equal:
path: stringData.queue
value: |-
CONN_STR=custom-connection-string
TYPE=custom-type

66
unittests/config/session-config.yaml
View file

@ -1,66 +0,0 @@
suite: config template | session config
release:
name: gitea-unittests
namespace: testing
tests:
- it: 'session is configured correctly for redis-cluster'
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: true
redis:
enabled: false
asserts:
- documentIndex: 0
equal:
path: stringData.session
value: |-
PROVIDER=redis
PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
- it: 'session is configured correctly for redis'
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: true
asserts:
- documentIndex: 0
equal:
path: stringData.session
value: |-
PROVIDER=redis
PROVIDER_CONFIG=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
- it: "session is configured correctly for 'memory' when redis (and redis-cluster) is disabled"
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: false
asserts:
- documentIndex: 0
equal:
path: stringData.session
value: |-
PROVIDER=memory
PROVIDER_CONFIG=
- it: 'session can be customized when redis (and redis-cluster) is disabled'
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: false
gitea.config.session.PROVIDER: custom-provider
gitea.config.session.PROVIDER_CONFIG: custom-provider-config
asserts:
- documentIndex: 0
equal:
path: stringData.session
value: |-
PROVIDER=custom-provider
PROVIDER_CONFIG=custom-provider-config

21
unittests/dependency-major-image-check.yaml
View file

@ -15,7 +15,7 @@ tests:
matchRegex: matchRegex:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
pattern: ^docker.io/bitnami/postgresql-repmgr:17.+$ pattern: ^docker.io/bitnami/postgresql-repmgr:16.+$
- it: '[postgresql] ensures we detect major image version upgrades' - it: '[postgresql] ensures we detect major image version upgrades'
template: charts/postgresql/templates/primary/statefulset.yaml template: charts/postgresql/templates/primary/statefulset.yaml
set: set:
@ -28,30 +28,15 @@ tests:
matchRegex: matchRegex:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
pattern: ^docker.io/bitnami/postgresql:17.+$ pattern: ^docker.io/bitnami/postgresql:16.+$
- it: '[redis-cluster] ensures we detect major image version upgrades' - it: '[redis-cluster] ensures we detect major image version upgrades'
template: charts/redis-cluster/templates/redis-statefulset.yaml template: charts/redis-cluster/templates/redis-statefulset.yaml
set: set:
redis-cluster: redis-cluster:
enabled: true enabled: true
redis:
enabled: false
asserts: asserts:
- documentIndex: 0 - documentIndex: 0
matchRegex: matchRegex:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
pattern: bitnami/redis-cluster:7.+$ pattern: ^docker.io/bitnami/redis-cluster:7.+$
- it: '[redis] ensures we detect major image version upgrades'
template: charts/redis/templates/master/application.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: true
asserts:
- documentIndex: 0
matchRegex:
path: spec.template.spec.containers[0].image
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
pattern: bitnami/redis:7.+$

59
unittests/deployment/HA.yaml
View file

@ -1,59 +0,0 @@
suite: deployment template (HA)
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/deployment.yaml
- templates/gitea/config.yaml
tests:
- it: fails with multiple replicas and "GIT_GC_REPOS" enabled
template: templates/gitea/deployment.yaml
set:
replicaCount: 2
persistence:
accessModes:
- ReadWriteMany
gitea:
config:
cron:
GIT_GC_REPOS:
ENABLED: true
asserts:
- failedTemplate:
errorMessage: "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'."
- it: fails with multiple replicas and RWX file system not set
template: templates/gitea/deployment.yaml
set:
replicaCount: 2
asserts:
- failedTemplate:
errorMessage: 'When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany.'
- it: fails with multiple replicas and bleve issue indexer
template: templates/gitea/deployment.yaml
set:
replicaCount: 2
persistence:
accessModes:
- ReadWriteMany
gitea:
config:
indexer:
ISSUE_INDEXER_TYPE: bleve
asserts:
- failedTemplate:
errorMessage: "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)."
- it: fails with multiple replicas and bleve repo indexer
template: templates/gitea/deployment.yaml
set:
replicaCount: 2
persistence:
accessModes:
- ReadWriteMany
gitea:
config:
indexer:
REPO_INDEXER_TYPE: bleve
REPO_INDEXER_ENABLED: true
asserts:
- failedTemplate:
errorMessage: "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled."

14
unittests/deployment/basic.yaml
View file

@ -15,17 +15,3 @@ tests:
kind: Deployment kind: Deployment
apiVersion: apps/v1 apiVersion: apps/v1
name: forgejo-unittests name: forgejo-unittests
- it: deployment labels are set
template: templates/gitea/deployment.yaml
set:
deployment.labels:
hello: world
asserts:
- isSubset:
path: metadata.labels
content:
hello: world
- isSubset:
path: spec.template.metadata.labels
content:
hello: world

27
unittests/deployment/image-configuration.yaml
View file

@ -14,7 +14,7 @@ tests:
asserts: asserts:
- equal: - equal:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: 'code.forgejo.org/forgejo/forgejo:1.19.3-rootless' value: 'codeberg.org/forgejo/forgejo:1.19.3-rootless'
- it: tag override - it: tag override
template: templates/gitea/deployment.yaml template: templates/gitea/deployment.yaml
set: set:
@ -22,7 +22,7 @@ tests:
asserts: asserts:
- equal: - equal:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: 'code.forgejo.org/forgejo/forgejo:1.19.4-rootless' value: 'codeberg.org/forgejo/forgejo:1.19.4-rootless'
- it: root-based image - it: root-based image
template: templates/gitea/deployment.yaml template: templates/gitea/deployment.yaml
set: set:
@ -30,7 +30,7 @@ tests:
asserts: asserts:
- equal: - equal:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: 'code.forgejo.org/forgejo/forgejo:1.19.3' value: 'codeberg.org/forgejo/forgejo:1.19.3'
- it: scoped registry - it: scoped registry
template: templates/gitea/deployment.yaml template: templates/gitea/deployment.yaml
set: set:
@ -56,7 +56,7 @@ tests:
asserts: asserts:
- equal: - equal:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: 'code.forgejo.org/forgejo/forgejo:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a' value: 'codeberg.org/forgejo/forgejo:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a'
- it: image fullOverride (does not append rootless) - it: image fullOverride (does not append rootless)
template: templates/gitea/deployment.yaml template: templates/gitea/deployment.yaml
set: set:
@ -81,7 +81,7 @@ tests:
asserts: asserts:
- equal: - equal:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: 'code.forgejo.org/forgejo/forgejo:1.19.3@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a' value: 'codeberg.org/forgejo/forgejo:1.19.3@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a'
- it: digest and global registry - it: digest and global registry
template: templates/gitea/deployment.yaml template: templates/gitea/deployment.yaml
set: set:
@ -91,20 +91,3 @@ tests:
- equal: - equal:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: 'global.example.com/forgejo/forgejo:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a' value: 'global.example.com/forgejo/forgejo:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a'
- it: correctly renders floating tag references
template: templates/gitea/deployment.yaml
set:
image.tag: 1.21 # use non-quoted value on purpose. See: https://gitea.com/gitea/helm-chart/issues/631
asserts:
- equal:
path: spec.template.spec.initContainers[0].image
value: 'code.forgejo.org/forgejo/forgejo:1.21-rootless'
- equal:
path: spec.template.spec.initContainers[1].image
value: 'code.forgejo.org/forgejo/forgejo:1.21-rootless'
- equal:
path: spec.template.spec.initContainers[2].image
value: 'code.forgejo.org/forgejo/forgejo:1.21-rootless'
- equal:
path: spec.template.spec.containers[0].image
value: 'code.forgejo.org/forgejo/forgejo:1.21-rootless'

24
unittests/deployment/ingress-configuration.yaml
View file

@ -15,33 +15,9 @@ tests:
hosts: hosts:
- '{{ .Values.global.giteaHostName }}' - '{{ .Values.global.giteaHostName }}'
asserts: asserts:
- isKind:
of: Ingress
- equal: - equal:
path: spec.tls[0].hosts[0] path: spec.tls[0].hosts[0]
value: 'gitea.example.com' value: 'gitea.example.com'
- equal: - equal:
path: spec.rules[0].host path: spec.rules[0].host
value: 'gitea.example.com' value: 'gitea.example.com'
- it: Ingress Class using TPL
set:
global.ingress.className: 'ingress-class'
ingress.className: '{{ .Values.global.ingress.className }}'
ingress.enabled: true
ingress.hosts[0].host: 'some-host'
ingress.tls:
- secretName: gitea-tls
hosts:
- 'some-host'
asserts:
- isKind:
of: Ingress
- equal:
path: spec.tls[0].hosts[0]
value: 'some-host'
- equal:
path: spec.rules[0].host
value: 'some-host'
- equal:
path: spec.ingressClassName
value: 'ingress-class'

155
unittests/deployment/route-configuration.yaml
View file

@ -1,155 +0,0 @@
# $schema: https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
suite: route template
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/route.yaml
tests:
- it: hostname using TPL
set:
global.giteaHostName: 'gitea.example.com'
route.enabled: true
route.host: '{{ .Values.global.giteaHostName }}'
asserts:
- isKind:
of: Route
- equal:
path: spec.host
value: 'gitea.example.com'
- notExists:
path: spec.wildcardPolicy
- it: wildcard policy
set:
global.giteaHostName: 'gitea.example.com'
route.enabled: true
route.wildcardPolicy: 'Subdomain'
asserts:
- isKind:
of: Route
- equal:
path: spec.wildcardPolicy
value: 'Subdomain'
- it: existing certificate
set:
route.enabled: true
route.tls.existingSecret: certificate-secret
route.tls.certificate: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
route.tls.privateKey: |
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
route.tls.caCertificate: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
asserts:
- isKind:
of: Route
- equal:
path: spec.tls.externalCertificate
value: certificate-secret
- notExists:
path: spec.tls.certificate
- notExists:
path: spec.tls.key
- notExists:
path: spec.tls.caCertificate
- it: valid certificate values
set:
route.enabled: true
route.tls.certificate: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
route.tls.privateKey: |
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
route.tls.caCertificate: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
asserts:
- isKind:
of: Route
- notExists:
path: spec.tls.externalCertificate
- equal:
path: spec.tls.certificate
value: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
- equal:
path: spec.tls.key
value: |
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
- equal:
path: spec.tls.caCertificate
value: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
- it: missing certificate values
set:
route.enabled: true
route.tls.privateKey: |
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
route.tls.caCertificate: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
asserts:
- failedTemplate:
errorMessage: certificate, privateKey and caCertificate must be specified together
- it: missing privateKey values
set:
route.enabled: true
route.tls.certificate: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
route.tls.caCertificate: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
asserts:
- failedTemplate:
errorMessage: certificate, privateKey and caCertificate must be specified together
- it: missing caCertificate values
set:
route.enabled: true
route.tls.certificate: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
route.tls.privateKey: |
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
asserts:
- failedTemplate:
errorMessage: certificate, privateKey and caCertificate must be specified together

25
unittests/deployment/security-context-normal.yaml
View file

@ -1,25 +0,0 @@
# $schema: https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
suite: deployment template (security context)
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/deployment.yaml
- templates/gitea/config.yaml
tests:
- it: FS group set to 1000
template: templates/gitea/deployment.yaml
set:
image.rootless: false
asserts:
- equal:
path: spec.template.spec.securityContext.fsGroup
value: 1000
- it: run configure-gitea with UID 1000
template: templates/gitea/deployment.yaml
set:
image.rootless: false
asserts:
- equal:
path: spec.template.spec.initContainers[?(@.name == 'configure-gitea')].securityContext.runAsUser
value: 1000

25
unittests/deployment/security-context-ocp.yaml
View file

@ -1,25 +0,0 @@
# $schema: https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
suite: deployment template (security context)
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/deployment.yaml
- templates/gitea/config.yaml
tests:
- it: FS group not set
template: templates/gitea/deployment.yaml
set:
image.rootless: false
global.compatibility.openshift.adaptSecurityContext: force
asserts:
- notExists:
path: spec.template.spec.securityContext.fsGroup
- it: configure-gitea without runaAsUser
template: templates/gitea/deployment.yaml
set:
image.rootless: false
global.compatibility.openshift.adaptSecurityContext: force
asserts:
- notExists:
path: spec.template.spec.initContainers[?(@.name == 'configure-gitea')].securityContext.runAsUser

39
unittests/deployment/storage-class-configuration.yaml
View file

@ -1,39 +0,0 @@
# File: tests/gitea-storageclass-tests.yaml
suite: storage class configuration tests
release:
name: gitea-storageclass-tests
namespace: testing
templates:
- templates/gitea/pvc.yaml
tests:
- it: should set storageClassName when persistence.storageClass is defined
template: templates/gitea/pvc.yaml
set:
persistence.storageClass: 'my-storage-class'
asserts:
- equal:
path: 'spec.storageClassName'
value: 'my-storage-class'
- it: should set global.storageClass when persistence.storageClass is not defined
template: templates/gitea/pvc.yaml
set:
global.storageClass: 'default-storage-class'
asserts:
- equal:
path: spec.storageClassName
value: 'default-storage-class'
- it: should set storageClassName when persistence.storageClass is defined and global.storageClass is defined
template: templates/gitea/pvc.yaml
set:
global.storageClass: 'default-storage-class'
persistence.storageClass: 'my-storage-class'
asserts:
- equal:
path: spec.storageClassName
value: 'my-storage-class'

128
unittests/deployment/svc-configuration.yaml
View file

@ -1,128 +0,0 @@
suite: ssh-svc / http-svc template (Services configuration)
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/ssh-svc.yaml
- templates/gitea/http-svc.yaml
tests:
- it: supports adding custom labels to ssh-svc
template: templates/gitea/ssh-svc.yaml
set:
service:
ssh:
labels:
gitea/testkey: testvalue
asserts:
- equal:
path: metadata.labels["gitea/testkey"]
value: 'testvalue'
- it: keeps existing labels (ssh)
template: templates/gitea/ssh-svc.yaml
set:
service:
ssh:
labels: {}
asserts:
- exists:
path: metadata.labels["app"]
- it: supports adding custom labels to http-svc
template: templates/gitea/http-svc.yaml
set:
service:
http:
labels:
gitea/testkey: testvalue
asserts:
- equal:
path: metadata.labels["gitea/testkey"]
value: 'testvalue'
- it: keeps existing labels (http)
template: templates/gitea/http-svc.yaml
set:
service:
http:
labels: {}
asserts:
- exists:
path: metadata.labels["app"]
- it: uses default ports to ssh-svc
template: templates/gitea/ssh-svc.yaml
asserts:
- equal:
path: spec.ports[0].port
value: 22
- equal:
path: spec.ports[0].targetPort
value: ssh
- it: render service.ssh.loadBalancerClass if set and type is LoadBalancer
template: templates/gitea/ssh-svc.yaml
set:
service:
ssh:
loadBalancerClass: 'example.com/class'
type: LoadBalancer
loadBalancerIP: '1.2.3.4'
loadBalancerSourceRanges:
- '1.2.3.4/32'
- '5.6.7.8/32'
asserts:
- equal:
path: spec.loadBalancerClass
value: 'example.com/class'
- equal:
path: spec.loadBalancerIP
value: '1.2.3.4'
- equal:
path: spec.loadBalancerSourceRanges
value: ['1.2.3.4/32', '5.6.7.8/32']
- it: does not render when loadbalancer properties are set but type is not loadBalancerClass
template: templates/gitea/http-svc.yaml
set:
service:
http:
type: ClusterIP
loadBalancerClass: 'example.com/class'
loadBalancerIP: '1.2.3.4'
loadBalancerSourceRanges:
- '1.2.3.4/32'
- '5.6.7.8/32'
asserts:
- notExists:
path: spec.loadBalancerClass
- notExists:
path: spec.loadBalancerIP
- notExists:
path: spec.loadBalancerSourceRanges
- it: does not render loadBalancerClass by default even when type is LoadBalancer
template: templates/gitea/http-svc.yaml
set:
service:
http:
type: LoadBalancer
loadBalancerIP: '1.2.3.4'
asserts:
- notExists:
path: spec.loadBalancerClass
- equal:
path: spec.loadBalancerIP
value: '1.2.3.4'
- it: both ssh and http services exist
templates:
- templates/gitea/ssh-svc.yaml
- templates/gitea/http-svc.yaml
asserts:
- matchRegex:
path: metadata.name
pattern: '^gitea-unittests-forgejo-(?:ssh|http)$'
- matchRegex:
path: spec.ports[0].name
pattern: '^(?:ssh|http)$'

5
unittests/init/init_directory_structure.sh-rootless.yaml
View file

@ -1,6 +1,6 @@
suite: Init template (rootless) suite: Init template
release: release:
name: forgejo-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/gitea/init.yaml - templates/gitea/init.yaml
@ -67,6 +67,7 @@ tests:
chown 1000:1000 "${GNUPGHOME}" chown 1000:1000 "${GNUPGHOME}"
fi fi
- it: it does not chown /data even when image.fullOverride is set - it: it does not chown /data even when image.fullOverride is set
template: templates/gitea/init.yaml
set: set:
image.fullOverride: gitea/gitea:1.20.5 image.fullOverride: gitea/gitea:1.20.5
asserts: asserts:

19
unittests/pvc/pvc-configuration.yaml
View file

@ -1,19 +0,0 @@
suite: PVC template
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/pvc.yaml
tests:
- it: Storage Class using TPL
set:
global.persistence.storageClass: 'storage-class'
persistence.enabled: true
persistence.create: true
persistence.storageClass: '{{ .Values.global.persistence.storageClass }}'
asserts:
- isKind:
of: PersistentVolumeClaim
- equal:
path: spec.storageClassName
value: 'storage-class'

14
unittests/values-conflicting-checks.yaml
View file

@ -1,14 +0,0 @@
suite: Values conflicting checks
release:
name: gitea-unittests
namespace: testing
tests:
- it: fails when trying to configure redis and redis-cluster the same time
set:
redis-cluster:
enabled: true
redis:
enabled: true
asserts:
- failedTemplate:
errorMessage: redis and redis-cluster cannot be enabled at the same time. Please only choose one.

283
values.yaml
View file

@ -20,10 +20,6 @@ global:
# hostnames: # hostnames:
# - example.com # - example.com
## @param namespaceOverride String to fully override common.names.namespace
##
namespaceOverride: ''
## @param replicaCount number of replicas for the deployment ## @param replicaCount number of replicas for the deployment
replicaCount: 1 replicaCount: 1
@ -43,13 +39,13 @@ clusterDomain: cluster.local
## @section Image ## @section Image
## @param image.registry image registry, e.g. gcr.io,docker.io ## @param image.registry image registry, e.g. gcr.io,docker.io
## @param image.repository Image to start for this pod ## @param image.repository Image to start for this pod
## @param image.tag Visit: [Image tag](https://code.forgejo.org/forgejo/-/packages/container/forgejo/versions). Defaults to `appVersion` within Chart.yaml. ## @param image.tag Visit: [Image tag](https://codeberg.org/forgejo/-/packages/container/forgejo/versions). Defaults to `appVersion` within Chart.yaml.
## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` ## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
## @param image.pullPolicy Image pull policy ## @param image.pullPolicy Image pull policy
## @param image.rootless Wether or not to pull the rootless version of Forgejo ## @param image.rootless Wether or not to pull the rootless version of Forgejo
## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** ## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).**
image: image:
registry: code.forgejo.org registry: codeberg.org
repository: forgejo/forgejo repository: forgejo/forgejo
# Overrides the image tag whose default is the chart appVersion. # Overrides the image tag whose default is the chart appVersion.
tag: '' tag: ''
@ -101,7 +97,7 @@ podDisruptionBudget: {}
service: service:
## @param service.http.type Kubernetes service type for web traffic ## @param service.http.type Kubernetes service type for web traffic
## @param service.http.port Port number for web traffic ## @param service.http.port Port number for web traffic
## @param service.http.clusterIP ClusterIP setting for http autosetup for deployment ## @param service.http.clusterIP ClusterIP setting for http autosetup for deployment is None
## @param service.http.loadBalancerIP LoadBalancer IP setting ## @param service.http.loadBalancerIP LoadBalancer IP setting
## @param service.http.nodePort NodePort for http service ## @param service.http.nodePort NodePort for http service
## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
@ -110,12 +106,10 @@ service:
## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). ## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer
## @param service.http.annotations HTTP service annotations ## @param service.http.annotations HTTP service annotations
## @param service.http.labels HTTP service additional labels
## @param service.http.loadBalancerClass Loadbalancer class
http: http:
type: ClusterIP type: ClusterIP
port: 3000 port: 3000
clusterIP: clusterIP: None
loadBalancerIP: loadBalancerIP:
nodePort: nodePort:
externalTrafficPolicy: externalTrafficPolicy:
@ -124,11 +118,9 @@ service:
ipFamilies: ipFamilies:
loadBalancerSourceRanges: [] loadBalancerSourceRanges: []
annotations: {} annotations: {}
labels: {}
loadBalancerClass:
## @param service.ssh.type Kubernetes service type for ssh traffic ## @param service.ssh.type Kubernetes service type for ssh traffic
## @param service.ssh.port Port number for ssh traffic ## @param service.ssh.port Port number for ssh traffic
## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None
## @param service.ssh.loadBalancerIP LoadBalancer IP setting ## @param service.ssh.loadBalancerIP LoadBalancer IP setting
## @param service.ssh.nodePort NodePort for ssh service ## @param service.ssh.nodePort NodePort for ssh service
## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
@ -138,12 +130,10 @@ service:
## @param service.ssh.hostPort HostPort for ssh service ## @param service.ssh.hostPort HostPort for ssh service
## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer
## @param service.ssh.annotations SSH service annotations ## @param service.ssh.annotations SSH service annotations
## @param service.ssh.labels SSH service additional labels
## @param service.ssh.loadBalancerClass Loadbalancer class
ssh: ssh:
type: ClusterIP type: ClusterIP
port: 22 port: 22
clusterIP: clusterIP: None
loadBalancerIP: loadBalancerIP:
nodePort: nodePort:
externalTrafficPolicy: externalTrafficPolicy:
@ -153,8 +143,6 @@ service:
hostPort: hostPort:
loadBalancerSourceRanges: [] loadBalancerSourceRanges: []
annotations: {} annotations: {}
labels: {}
loadBalancerClass:
## @section Ingress ## @section Ingress
## @param ingress.enabled Enable ingress ## @param ingress.enabled Enable ingress
@ -164,6 +152,7 @@ service:
## @param ingress.hosts[0].paths[0].path Default Ingress path ## @param ingress.hosts[0].paths[0].path Default Ingress path
## @param ingress.hosts[0].paths[0].pathType Ingress path type ## @param ingress.hosts[0].paths[0].pathType Ingress path type
## @param ingress.tls Ingress tls settings ## @param ingress.tls Ingress tls settings
## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd.
ingress: ingress:
enabled: false enabled: false
# className: nginx # className: nginx
@ -181,48 +170,9 @@ ingress:
# - secretName: chart-example-tls # - secretName: chart-example-tls
# hosts: # hosts:
# - git.example.com # - git.example.com
# Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar
## @section Route # If helm doesn't correctly detect your ingress API version you can set it here.
## @param route.enabled Enable route # apiVersion: networking.k8s.io/v1
## @param route.annotations Route annotations
## @param route.host Host to use for the route (will be assigned automatically by OKD / OpenShift is not defined)
## @param route.wildcardPolicy Wildcard policy if any for the route, currently only 'Subdomain' or 'None' is allowed.
## @param route.tls.termination termination type (see [OKD documentation](https://docs.okd.io/latest/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls))
## @param route.tls.insecureEdgeTerminationPolicy the desired behavior for insecure connections to a route (e.g. with http)
## @param route.tls.existingSecret the name of a predefined secret of type kubernetes.io/tls with both key (tls.crt and tls.key) set accordingly (if defined attributes 'certificate', 'caCertificate' and 'privateKey' are ignored)
## @param route.tls.certificate PEM encoded single certificate
## @param route.tls.privateKey PEM encoded private key
## @param route.tls.caCertificate PEM encoded CA certificate or chain that issued the certificate
## @param route.tls.destinationCACertificate PEM encoded CA certificate used to verify the authenticity of final end point when 'termination' is set to 'passthrough' (ignored otherwise)
route:
enabled: false
annotations: {}
host:
wildcardPolicy:
tls:
termination: edge
insecureEdgeTerminationPolicy: Redirect
existingSecret:
certificate:
# certificate: |-
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
privateKey:
# privateKey: |-
# -----BEGIN PRIVATE KEY-----
# ...
# -----END PRIVATE KEY-----
caCertificate:
# caCertificate: |-
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
destinationCACertificate:
# destinationCACertificate: |-
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
## @section deployment ## @section deployment
# #
@ -369,7 +319,7 @@ initContainers:
# #
## @param signing.enabled Enable commit/action signing ## @param signing.enabled Enable commit/action signing
## @param signing.gpgHome GPG home directory ## @param signing.gpgHome GPG home directory
## @param signing.privateKey Inline private GPG key for signed internal Git activity ## @param signing.privateKey Inline private gpg key for signed Forgejo actions
## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey` ## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey`
signing: signing:
enabled: false enabled: false
@ -388,23 +338,19 @@ gitea:
## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials
## @param gitea.admin.password Password for the Forgejo admin user ## @param gitea.admin.password Password for the Forgejo admin user
## @param gitea.admin.email Email for the Forgejo admin user ## @param gitea.admin.email Email for the Forgejo admin user
## @param gitea.admin.passwordMode Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated
admin: admin:
# existingSecret: gitea-admin-secret # existingSecret: gitea-admin-secret
existingSecret: existingSecret:
username: gitea_admin username: gitea_admin
password: r8sA8CPHD9!bt6d password: r8sA8CPHD9!bt6d
email: 'gitea@local.domain' email: 'gitea@local.domain'
passwordMode: keepUpdated
## @param gitea.metrics.enabled Enable Forgejo metrics ## @param gitea.metrics.enabled Enable Forgejo metrics
## @param gitea.metrics.serviceMonitor.enabled Enable Forgejo metrics service monitor ## @param gitea.metrics.serviceMonitor.enabled Enable Forgejo metrics service monitor
## @param gitea.metrics.serviceMonitor.namespace Namespace in which Prometheus is running
metrics: metrics:
enabled: false enabled: false
serviceMonitor: serviceMonitor:
enabled: false enabled: false
namespace: ''
# additionalLabels: # additionalLabels:
# prometheus-release: prom1 # prometheus-release: prom1
@ -441,6 +387,18 @@ gitea:
# customProfileUrl: # customProfileUrl:
# customEmailUrl: # customEmailUrl:
## @param gitea.config.server.SSH_PORT SSH port for rootlful Forgejo image
## @param gitea.config.server.SSH_LISTEN_PORT SSH port for rootless Forgejo image
config:
# APP_NAME: "Forgejo: Git with a cup of tea"
# RUN_MODE: dev
server:
SSH_PORT: 22 # rootful image
SSH_LISTEN_PORT: 2222 # rootless image
#
# security:
# PASSWORD_COMPLEXITY: spec
## @param gitea.additionalConfigSources Additional configuration from secret or configmap ## @param gitea.additionalConfigSources Additional configuration from secret or configmap
additionalConfigSources: [] additionalConfigSources: []
# - secret: # - secret:
@ -458,158 +416,6 @@ gitea:
ssh: ssh:
logLevel: 'INFO' logLevel: 'INFO'
## @section `app.ini` overrides
## @descriptionStart
## Every value described in the [Cheat
## Sheet](https://forgejo.org/docs/latest/admin/config-cheat-sheet/) can be
## set as a Helm value. Configuration sections map to (lowercased) YAML
## blocks, while the keys themselves remain in all caps.
## @descriptionEnd
config:
# values in the DEFAULT section
# (https://forgejo.org/docs/latest/admin/config-cheat-sheet/#overall-default)
# are un-namespaced
## @param gitea.config.APP_NAME Application name, used in the page title
APP_NAME: 'Forgejo: Beyond coding. We forge.'
## @param gitea.config.RUN_MODE Application run mode, affects performance and debugging: `dev` or `prod`
RUN_MODE: prod
## @param gitea.config.repository General repository settings
repository: {}
## @param gitea.config.cors Cross-origin resource sharing settings
cors: {}
## @param gitea.config.ui User interface settings
ui: {}
## @param gitea.config.markdown Markdown parser settings
markdown: {}
## @param gitea.config.server [object] General server settings
server:
SSH_PORT: 22 # rootful image
SSH_LISTEN_PORT: 2222 # rootless image
## @param gitea.config.database Database configuration (only necessary with an [externally managed DB](https://code.forgejo.org/forgejo-helm/forgejo-helm#external-database)).
database: {}
## @param gitea.config.indexer Settings for what content is indexed and how
indexer: {}
## @param gitea.config.queue Job queue configuration
queue: {}
## @param gitea.config.admin Admin user settings
admin: {}
## @param gitea.config.security Site security settings
security: {}
## @param gitea.config.camo Settings for the [camo](https://github.com/cactus/go-camo) media proxy server (disabled by default)
camo: {}
## @param gitea.config.openid Configuration for authentication with OpenID (disabled by default)
openid: {}
## @param gitea.config.oauth2_client OAuth2 client settings
oauth2_client: {}
## @param gitea.config.service Configuration for miscellaneous Forgejo services
service: {}
## @param gitea.config.ssh.minimum_key_sizes SSH minimum key sizes
ssh.minimum_key_sizes: {}
## @param gitea.config.webhook Webhook settings
webhook: {}
## @param gitea.config.mailer Mailer configuration (disabled by default)
mailer: {}
## @param gitea.config.email.incoming Configuration for handling incoming mail (disabled by default)
email.incoming: {}
## @param gitea.config.cache Cache configuration
cache: {}
## @param gitea.config.session Session/cookie handling
session: {}
## @param gitea.config.picture User avatar settings
picture: {}
## @param gitea.config.project Project board defaults
project: {}
## @param gitea.config.attachment Issue and PR attachment configuration
attachment: {}
## @param gitea.config.log Logging configuration
log: {}
## @param gitea.config.cron Cron job configuration
cron: {}
## @param gitea.config.git Global settings for Git
git: {}
## @param gitea.config.metrics Settings for the Prometheus endpoint (disabled by default)
metrics: {}
## @param gitea.config.api Settings for the Swagger API documentation endpoints
api: {}
## @param gitea.config.oauth2 Settings for the [OAuth2 provider](https://forgejo.org/docs/latest/admin/oauth2-provider/)
oauth2: {}
## @param gitea.config.i18n Internationalization settings
i18n: {}
## @param gitea.config.markup Configuration for advanced markup processors
markup: {}
## @param gitea.config.highlight.mapping File extension to language mapping overrides for syntax highlighting
highlight.mapping: {}
## @param gitea.config.time Locale settings
time: {}
## @param gitea.config.migrations Settings for Git repository migrations
migrations: {}
## @param gitea.config.federation Federation configuration
federation: {}
## @param gitea.config.packages Package registry settings
packages: {}
## @param gitea.config.mirror Configuration for repository mirroring
mirror: {}
## @param gitea.config.lfs Large File Storage configuration
lfs: {}
## @param gitea.config.repo-avatar Repository avatar storage configuration
repo-avatar: {}
## @param gitea.config.avatar User/org avatar storage configuration
avatar: {}
## @param gitea.config.storage General storage settings
storage: {}
## @param gitea.config.proxy Proxy configuration (disabled by default)
proxy: {}
## @param gitea.config.actions Configuration for [Forgejo Actions](https://forgejo.org/docs/latest/user/actions/)
actions: {}
## @param gitea.config.other Uncategorized configuration options
other: {}
## @section LivenessProbe ## @section LivenessProbe
# #
## @param gitea.livenessProbe.enabled Enable liveness probe ## @param gitea.livenessProbe.enabled Enable liveness probe
@ -633,8 +439,7 @@ gitea:
## @section ReadinessProbe ## @section ReadinessProbe
# #
## @param gitea.readinessProbe.enabled Enable readiness probe ## @param gitea.readinessProbe.enabled Enable readiness probe
## @param gitea.readinessProbe.httpGet.path Path to probe for readiness ## @param gitea.readinessProbe.tcpSocket.port Port to probe for readiness
## @param gitea.readinessProbe.httpGet.port Port to probe for readiness
## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated ## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated
## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe ## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe
## @param gitea.readinessProbe.periodSeconds Period for readiness probe ## @param gitea.readinessProbe.periodSeconds Period for readiness probe
@ -643,8 +448,7 @@ gitea:
# Modify the readiness probe for your needs or completely disable it by commenting out. # Modify the readiness probe for your needs or completely disable it by commenting out.
readinessProbe: readinessProbe:
enabled: true enabled: true
httpGet: tcpSocket:
path: /api/healthz
port: http port: http
initialDelaySeconds: 5 initialDelaySeconds: 5
timeoutSeconds: 1 timeoutSeconds: 1
@ -675,11 +479,10 @@ gitea:
## @section Redis&reg; Cluster ## @section Redis&reg; Cluster
## @descriptionStart ## @descriptionStart
## Redis&reg; Cluster is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) if enabled in the values. ## Redis&reg; Cluster is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) if enabled in the values.
## Full configuration options are available on their website. ## Complete Configuration can be taken from their website.
## Redis cluster and [Redis](#redis) cannot be enabled at the same time.
## @descriptionEnd ## @descriptionEnd
# #
## @param redis-cluster.enabled Enable redis cluster ## @param redis-cluster.enabled Enable redis
## @param redis-cluster.usePassword Whether to use password authentication ## @param redis-cluster.usePassword Whether to use password authentication
## @param redis-cluster.cluster.nodes Number of redis cluster master nodes ## @param redis-cluster.cluster.nodes Number of redis cluster master nodes
## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas ## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas
@ -690,30 +493,10 @@ redis-cluster:
nodes: 3 # default: 6 nodes: 3 # default: 6
replicas: 0 # default: 1 replicas: 0 # default: 1
## @section Redis&reg;
## @descriptionStart
## Redis&reg; is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis) if enabled in the values.
## Full configuration options are available on their website.
## Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time.
## @descriptionEnd
#
## @param redis.enabled Enable redis standalone or replicated
## @param redis.architecture Whether to use standalone or replication
## @param redis.global.redis.password Required password
## @param redis.master.count Number of Redis master instances to deploy
redis:
enabled: false
architecture: standalone
global:
redis:
password: changeme
master:
count: 1
## @section PostgreSQL HA ## @section PostgreSQL HA
## @descriptionStart ## @descriptionStart
## PostgreSQL HA is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) if enabled in the values. ## PostgreSQL HA is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) if enabled in the values.
## Full configuration options are available on their website. ## Complete Configuration can be taken from their website.
## @descriptionEnd ## @descriptionEnd
# #
## @param postgresql-ha.enabled Enable PostgreSQL HA chart ## @param postgresql-ha.enabled Enable PostgreSQL HA chart
@ -725,7 +508,7 @@ redis:
## @param postgresql-ha.postgresql.postgresPassword postgres Password ## @param postgresql-ha.postgresql.postgresPassword postgres Password
## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword ## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword
## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) ## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
## @param postgresql-ha.primary.persistence.size PVC Storage Request for PostgreSQL HA volume ## @param postgresql-ha.primary.persistence.size PVC Storage Request for PostgreSQL-ha volume
postgresql-ha: postgresql-ha:
global: global:
postgresql: postgresql:
@ -749,7 +532,7 @@ postgresql-ha:
## @section PostgreSQL ## @section PostgreSQL
## @descriptionStart ## @descriptionStart
## PostgreSQL is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) if enabled in the values. ## PostgreSQL is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) if enabled in the values.
## Full configuration options are available on their website. ## Complete Configuration can be taken from their website.
## @descriptionEnd ## @descriptionEnd
# #
## @param postgresql.enabled Enable PostgreSQL ## @param postgresql.enabled Enable PostgreSQL
@ -776,8 +559,8 @@ postgresql:
# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update. # By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update.
# Set it to false to skip this basic validation check. # Set it to false to skip this basic validation check.
## @section Advanced ## @section Advanced
## @param checkDeprecation Whether to run this basic validation check. ## @param checkDeprecation Set it to false to skip this basic validation check.
## @param test.enabled Whether to use test-connection Pod. ## @param test.enabled Set it to false to disable test-connection Pod.
## @param test.image.name Image name for the wget container used in the test-connection Pod. ## @param test.image.name Image name for the wget container used in the test-connection Pod.
## @param test.image.tag Image tag for the wget container used in the test-connection Pod. ## @param test.image.tag Image tag for the wget container used in the test-connection Pod.
checkDeprecation: true checkDeprecation: true
@ -787,6 +570,6 @@ test:
name: busybox name: busybox
tag: latest tag: latest
## @param extraDeploy Array of extra objects to deploy with the release. ## @param extraDeploy Array of extra objects to deploy with the release
## ##
extraDeploy: [] extraDeploy: []