Added helm depencies

.forgejo/actions/setup-node/action.yml

@@ -6,11 +6,11 @@ runs:
   using: 'composite'
   steps:
     - name: Setup pnpm
-      uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+      uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0
       with:
         standalone: true
 
-    - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
+    - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
       with:
         node-version-file: .node-version
         cache: 'pnpm'

.forgejo/renovate/k3s.json

@@ -30,7 +30,7 @@
       "matchFileNames": [".forgejo/workflows/**"],
       "matchPackageNames": ["k3s-io/k3s"],
       "matchUpdateTypes": ["major", "minor"],
-      "matchCurrentValue": "!/^v1.32/",
+      "matchCurrentValue": "!/^v1.31/",
       "enabled": false
     }
   ],

.forgejo/workflows/build.yml

@@ -14,10 +14,10 @@ permissions:
   contents: read
 
 env:
-  HELM_VERSION: v3.17.2 # renovate: datasource=github-releases depName=helm packageName=helm/helm
-  HELM_UNITTEST_VERSION: v0.7.2 # renovate: datasource=github-releases depName=helm-unittest packageName=helm-unittest/helm-unittest
-  HELM_CHART_TESTING_VERSION: v3.12.0 # renovate: datasource=github-releases depName=chart-testing packageName=helm/chart-testing
-  KUBECTL_VERSION: v1.32.3 # renovate: datasource=github-releases depName=kubectl packageName=kubernetes/kubernetes
+  HELM_VERSION: v3.16.3 # renovate: datasource=github-releases depName=helm packageName=helm/helm
+  HELM_UNITTEST_VERSION: v0.6.3 # renovate: datasource=github-releases depName=helm-unittest packageName=helm-unittest/helm-unittest
+  HELM_CHART_TESTING_VERSION: v3.11.0 # renovate: datasource=github-releases depName=chart-testing packageName=helm/chart-testing
+  KUBECTL_VERSION: v1.31.2 # renovate: datasource=github-releases depName=kubectl packageName=kubernetes/kubernetes
   CT_GITHUB_GROUPS: true
 
 jobs:
@@ -60,12 +60,12 @@ jobs:
       - uses: ./.forgejo/actions/setup
 
       - name: install chart-testing
-        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
+        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
         with:
           version: ${{ env.HELM_CHART_TESTING_VERSION }}
 
       - name: install helm
-        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
+        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
         with:
           version: ${{ env.HELM_VERSION }}
 
@@ -94,9 +94,9 @@ jobs:
           - v1.28.15+k3s1 # renovate: k3s
           # https://github.com/k3s-io/k3s/blob/master/channel.yaml#L3-L4
           # stable version
-          - v1.31.6+k3s1 # renovate: k3s
+          - v1.30.6+k3s1 # renovate: k3s
           # newest version
-          - v1.32.2+k3s1 # renovate: k3s
+          - v1.31.2+k3s1 # renovate: k3s
 
     steps:
       - run: cat /etc/os-release
@@ -110,12 +110,13 @@ jobs:
       - uses: ./.forgejo/actions/setup
 
       - name: install helm
-        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
+        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
         with:
           version: ${{ env.HELM_VERSION }}
 
       - name: Install chart-testing
-        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
+        # TODO: pin to version when this is released: https://github.com/helm/chart-testing-action/pull/137
+        uses: helm/chart-testing-action@5aa1c68405a43a57240a9b2869379324b2bec0fc # main
         with:
           version: ${{ env.HELM_CHART_TESTING_VERSION }}
 
@@ -126,7 +127,7 @@ jobs:
       - run: kubectl get no -o wide
 
       - name: install chart
-        uses: https://github.com/nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2
+        uses: https://github.com/nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
         with:
           timeout_minutes: 15
           max_attempts: 3
@@ -179,7 +180,7 @@ jobs:
       - uses: ./.forgejo/actions/setup-node
 
       - name: install helm
-        uses: https://github.com/azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
+        uses: https://github.com/azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
         with:
           version: ${{ env.HELM_VERSION }}
 

.gitignore

@@ -1,4 +1,3 @@
-charts/
 node_modules/
 .DS_Store
 unittests/*/__snapshot__/

.node-version

@@ -1 +1 @@
-22.14.0
+22.11.0

.vscode/settings.json

@@ -4,7 +4,7 @@
       ".github/workflows/*",
       ".forgejo/workflows/*"
     ],
-    "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.7.2/schema/helm-testsuite.json": [
+    "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.6.3/schema/helm-testsuite.json": [
       "/unittests/**/*.yaml"
     ]
   },

Chart.lock

@@ -1,18 +1,18 @@
 dependencies:
 - name: common
-  repository: oci://ghcr.io/visualon/bitnamicharts
-  version: 2.30.0
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 2.27.0
 - name: postgresql
-  repository: oci://ghcr.io/visualon/bitnamicharts
-  version: 16.5.6
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 15.5.38
 - name: postgresql-ha
-  repository: oci://ghcr.io/visualon/bitnamicharts
-  version: 15.3.8
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 14.3.7
 - name: redis-cluster
-  repository: oci://ghcr.io/visualon/bitnamicharts
-  version: 11.4.6
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 11.0.7
 - name: redis
-  repository: oci://ghcr.io/visualon/bitnamicharts
-  version: 20.11.4
-digest: sha256:a9c9f0779663336dd22ca4896f22bb64427e28f20aa567aee2f18474f8e31a23
-generated: "2025-03-26T15:31:33.532188569Z"
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 20.2.1
+digest: sha256:87c9fa74998fd7176efb062d1d9a7735262cd3018220693366a49a373e19b674
+generated: "2024-11-11T00:01:47.549106793Z"

Chart.yaml

@@ -3,7 +3,7 @@ name: forgejo
 description: Forgejo Helm chart for Kubernetes
 type: application
 version: 0.0.0
-appVersion: 10.0.3
+appVersion: 9.0.2
 icon: https://code.forgejo.org/forgejo/forgejo/raw/branch/forgejo/assets/logo.svg
 home: https://forgejo.org/
 
@@ -22,35 +22,33 @@ maintainers:
   - name: Michael Kriese
     email: michael.kriese@visualon.de
 
-# Bitnami charts are served from ghcr mirror because of rate limiting on Docker Hub
+# Bitnami charts are served from Docker Hub
 # https://hub.docker.com/u/bitnamicharts
 # https://blog.bitnami.com/2023/01/bitnami-helm-charts-available-as-oci.html
-# https://github.com/bitnami/charts/issues/30853
-# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045
 dependencies:
   # https://github.com/bitnami/charts/blob/main/bitnami/common/Chart.yaml
   - name: common
-    repository: oci://ghcr.io/visualon/bitnamicharts
+    repository: oci://registry-1.docker.io/bitnamicharts
     tags:
       - bitnami-common
-    version: 2.30.0
+    version: 2.27.0
   # https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml
   - name: postgresql
-    repository: oci://ghcr.io/visualon/bitnamicharts
-    version: 16.5.6
+    repository: oci://registry-1.docker.io/bitnamicharts
+    version: 15.5.38
     condition: postgresql.enabled
   # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml
   - name: postgresql-ha
-    repository: oci://ghcr.io/visualon/bitnamicharts
-    version: 15.3.8
+    repository: oci://registry-1.docker.io/bitnamicharts
+    version: 14.3.7
     condition: postgresql-ha.enabled
   # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml
   - name: redis-cluster
-    repository: oci://ghcr.io/visualon/bitnamicharts
-    version: 11.4.6
+    repository: oci://registry-1.docker.io/bitnamicharts
+    version: 11.0.7
     condition: redis-cluster.enabled
   # https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml
   - name: redis
-    repository: oci://ghcr.io/visualon/bitnamicharts
-    version: 20.11.4
+    repository: oci://registry-1.docker.io/bitnamicharts
+    version: 20.2.1
     condition: redis.enabled

README.md

@@ -20,6 +20,7 @@
     - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini)
   - [External Database](#external-database)
   - [Ports and external url](#ports-and-external-url)
+  - [ClusterIP](#clusterip)
   - [SSH and Ingress](#ssh-and-ingress)
   - [SSH on crio based kubernetes cluster](#ssh-on-crio-based-kubernetes-cluster)
   - [Cache](#cache)
@@ -56,7 +57,6 @@
   - [Advanced](#advanced)
 - [Contributing](#contributing)
 - [Upgrading](#upgrading)
-  - [To v11](#to-v11)
   - [To v10](#to-v10)
   - [To v9](#to-v9)
   - [To v8](#to-v8)
@@ -176,14 +176,14 @@ gitea:
 This chart will set a few defaults in the Forgejo configuration based on the service and ingress settings.
 All defaults can be overwritten in `gitea.config`.
 
-INSTALL_LOCK is always set to true because the configuration in this helm chart makes any configuration via installer superfluous.
+INSTALL_LOCK is always set to true, since we want to configure Forgejo with this helm chart and everything is taken care of.
 
 _All default settings are made directly in the generated `app.ini`, not in the Values._
 
 #### Database defaults
 
-If a database subchart is enabled, the database configuration is set automatically.
-For example, PostgreSQL will appear in the `app.ini` as:
+If a builtIn database is enabled the database configuration is set automatically.
+For example, PostgreSQL builtIn will appear in the `app.ini` as:
 
 ```ini
 [database]
@@ -449,6 +449,23 @@ This helm chart automatically configures the clone urls to use the correct ports
 You can change these ports by hand using the `gitea.config` dict.
 However you should know what you're doing.
 
+### ClusterIP
+
+By default the `clusterIP` will be set to `None`, which is the default for headless services.
+However if you want to omit the clusterIP field in the service, use the following values:
+
+```yaml
+service:
+  http:
+    type: ClusterIP
+    port: 3000
+    clusterIP:
+  ssh:
+    type: ClusterIP
+    port: 22
+    clusterIP:
+```
+
 ### SSH and Ingress
 
 If you're using ingress and want to use SSH, keep in mind, that ingress is not able to forward SSH Ports.
@@ -458,7 +475,7 @@ You will need a LoadBalancer like `metallb` and a setting in your ssh service an
 service:
   ssh:
     annotations:
-      metallb.io/allow-shared-ip: test
+      metallb.universe.tf/allow-shared-ip: test
 ```
 
 ### SSH on crio based kubernetes cluster
@@ -531,6 +548,8 @@ postgresql:
 
 This chart enables you to create a default admin user.
 It is also possible to update the password for this user by upgrading or redeploying the chart.
+It is not possible to delete an admin user after it has been created.
+This has to be done in the ui.
 You cannot use `admin` as username.
 
 ```yaml
@@ -560,9 +579,7 @@ gitea:
     existingSecret: gitea-admin-secret
 ```
 
-To delete the admin user, set `username` or `password` to an empty value and delete the user in the UI.
-
-Whether you use the existing Secret or specify a username and password directly, there are three modes for how the admin user password is created or set.
+Whether you use the existing Secret or specify a user name and password, there are three modes for how the admin user password is created or set.
 
 - `keepUpdated` (the default) will set the admin user password, and reset it to the defined value every time the pod is recreated.
 - `initialOnlyNoReset` will set the admin user password when creating it, but never try to update the password.
@@ -633,7 +650,7 @@ Affected options:
 
 Like the admin user, OAuth2 settings can be updated and disabled but not deleted.
 Deleting OAuth2 settings has to be done in the UI.
-[All OAuth2 values](https://forgejo.org/docs/latest/admin/command-line/#admin-auth-add-oauth) are available.
+All OAuth2 values, which are documented [here](https://forgejo.org/docs/latest/admin/command-line/#admin), are available.
 
 Multiple OAuth2 sources can be configured with additional OAuth list items.
 
@@ -692,9 +709,12 @@ route:
 
 ## Configure commit signing
 
-When using the rootless image, the GPG key folder is not persistent by default.
-If you want commits by Forgejo (e.g. initial commit) to be signed,
-you need to provide a signing key:
+When using the rootless image the gpg key folder is not persistent by default.
+If you consider using signed commits for internal Forgejo activities (e.g. initial commit), you'd need to provide a signing key.
+Prior to [PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be re-imported once the container got replaced by another.
+
+The mentioned PR introduced a new configuration object `signing` allowing you to configure prerequisites for commit signing.
+By default this section is disabled to maintain backwards compatibility.
 
 ```yaml
 signing:
@@ -702,10 +722,8 @@ signing:
   gpgHome: /data/git/.gnupg
 ```
 
-By default this section is disabled to maintain backwards compatibility.
-
-Regardless of the used container image the `signing` object allows to specify a private GPG key.
-Either using the `signing.privateKey` to define the key inline, or referring to an existing secret containing the key data with `signing.existingSecret`.
+Regardless of the used container image the `signing` object allows to specify a private gpg key.
+Either using the `signing.privateKey` to define the key inline, or refer to an existing secret containing the key data by using `signing.existingSecret`.
 
 ```yaml
 apiVersion: v1
@@ -725,7 +743,7 @@ signing:
   existingSecret: custom-gitea-gpg-key
 ```
 
-To use the GPG key, Forgejo needs to be configured accordingly.
+To use the gpg key, Forgejo needs to be configured accordingly.
 A detailed description can be found in the [documentation](https://forgejo.org/docs/latest/admin/signing/#general-configuration).
 
 ## Metrics and profiling
@@ -904,7 +922,7 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus
 | --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
 | `service.http.type`                     | Kubernetes service type for web traffic                                                                                                                                                              | `ClusterIP` |
 | `service.http.port`                     | Port number for web traffic                                                                                                                                                                          | `3000`      |
-| `service.http.clusterIP`                | ClusterIP setting for http autosetup for deployment                                                                                                                                                  | `nil`       |
+| `service.http.clusterIP`                | ClusterIP setting for http autosetup for deployment is None                                                                                                                                          | `None`      |
 | `service.http.loadBalancerIP`           | LoadBalancer IP setting                                                                                                                                                                              | `nil`       |
 | `service.http.nodePort`                 | NodePort for http service                                                                                                                                                                            | `nil`       |
 | `service.http.externalTrafficPolicy`    | If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation                                                                                         | `nil`       |
@@ -917,7 +935,7 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus
 | `service.http.loadBalancerClass`        | Loadbalancer class                                                                                                                                                                                   | `nil`       |
 | `service.ssh.type`                      | Kubernetes service type for ssh traffic                                                                                                                                                              | `ClusterIP` |
 | `service.ssh.port`                      | Port number for ssh traffic                                                                                                                                                                          | `22`        |
-| `service.ssh.clusterIP`                 | ClusterIP setting for ssh autosetup for deployment                                                                                                                                                   | `nil`       |
+| `service.ssh.clusterIP`                 | ClusterIP setting for ssh autosetup for deployment is None                                                                                                                                           | `None`      |
 | `service.ssh.loadBalancerIP`            | LoadBalancer IP setting                                                                                                                                                                              | `nil`       |
 | `service.ssh.nodePort`                  | NodePort for ssh service                                                                                                                                                                             | `nil`       |
 | `service.ssh.externalTrafficPolicy`     | If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation                                                                                          | `nil`       |
@@ -932,15 +950,16 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus
 
 ### Ingress
 
-| Name                                 | Description          | Value             |
-| ------------------------------------ | -------------------- | ----------------- |
-| `ingress.enabled`                    | Enable ingress       | `false`           |
-| `ingress.className`                  | Ingress class name   | `nil`             |
-| `ingress.annotations`                | Ingress annotations  | `{}`              |
-| `ingress.hosts[0].host`              | Default Ingress host | `git.example.com` |
-| `ingress.hosts[0].paths[0].path`     | Default Ingress path | `/`               |
-| `ingress.hosts[0].paths[0].pathType` | Ingress path type    | `Prefix`          |
-| `ingress.tls`                        | Ingress tls settings | `[]`              |
+| Name                                 | Description                                                                 | Value             |
+| ------------------------------------ | --------------------------------------------------------------------------- | ----------------- |
+| `ingress.enabled`                    | Enable ingress                                                              | `false`           |
+| `ingress.className`                  | Ingress class name                                                          | `nil`             |
+| `ingress.annotations`                | Ingress annotations                                                         | `{}`              |
+| `ingress.hosts[0].host`              | Default Ingress host                                                        | `git.example.com` |
+| `ingress.hosts[0].paths[0].path`     | Default Ingress path                                                        | `/`               |
+| `ingress.hosts[0].paths[0].pathType` | Ingress path type                                                           | `Prefix`          |
+| `ingress.tls`                        | Ingress tls settings                                                        | `[]`              |
+| `ingress.apiVersion`                 | Specify APIVersion of ingress object. Mostly would only be used for argocd. |                   |
 
 ### Route
 
@@ -1021,7 +1040,7 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus
 | ------------------------ | ----------------------------------------------------------------- | ------------------ |
 | `signing.enabled`        | Enable commit/action signing                                      | `false`            |
 | `signing.gpgHome`        | GPG home directory                                                | `/data/git/.gnupg` |
-| `signing.privateKey`     | Inline private GPG key for signed internal Git activity           | `""`               |
+| `signing.privateKey`     | Inline private gpg key for signed internal Git activity           | `""`               |
 | `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""`               |
 
 ### Gitea
@@ -1113,16 +1132,15 @@ blocks, while the keys themselves remain in all caps.
 
 ### ReadinessProbe
 
-| Name                                       | Description                                       | Value          |
-| ------------------------------------------ | ------------------------------------------------- | -------------- |
-| `gitea.readinessProbe.enabled`             | Enable readiness probe                            | `true`         |
-| `gitea.readinessProbe.httpGet.path`        | Path to probe for readiness                       | `/api/healthz` |
-| `gitea.readinessProbe.httpGet.port`        | Port to probe for readiness                       | `http`         |
-| `gitea.readinessProbe.initialDelaySeconds` | Initial delay before readiness probe is initiated | `5`            |
-| `gitea.readinessProbe.timeoutSeconds`      | Timeout for readiness probe                       | `1`            |
-| `gitea.readinessProbe.periodSeconds`       | Period for readiness probe                        | `10`           |
-| `gitea.readinessProbe.successThreshold`    | Success threshold for readiness probe             | `1`            |
-| `gitea.readinessProbe.failureThreshold`    | Failure threshold for readiness probe             | `3`            |
+| Name                                       | Description                                       | Value  |
+| ------------------------------------------ | ------------------------------------------------- | ------ |
+| `gitea.readinessProbe.enabled`             | Enable readiness probe                            | `true` |
+| `gitea.readinessProbe.tcpSocket.port`      | Port to probe for readiness                       | `http` |
+| `gitea.readinessProbe.initialDelaySeconds` | Initial delay before readiness probe is initiated | `5`    |
+| `gitea.readinessProbe.timeoutSeconds`      | Timeout for readiness probe                       | `1`    |
+| `gitea.readinessProbe.periodSeconds`       | Period for readiness probe                        | `10`   |
+| `gitea.readinessProbe.successThreshold`    | Success threshold for readiness probe             | `1`    |
+| `gitea.readinessProbe.failureThreshold`    | Failure threshold for readiness probe             | `3`    |
 
 ### StartupProbe
 
@@ -1139,7 +1157,7 @@ blocks, while the keys themselves remain in all caps.
 ### Redis® Cluster
 
 Redis® Cluster is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) if enabled in the values.
-Full configuration options are available on their website.
+Complete Configuration can be taken from their website.
 Redis cluster and [Redis](#redis) cannot be enabled at the same time.
 
 | Name                             | Description                                  | Value   |
@@ -1152,7 +1170,7 @@ Redis cluster and [Redis](#redis) cannot be enabled at the same time.
 ### Redis®
 
 Redis® is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis) if enabled in the values.
-Full configuration options are available on their website.
+Complete Configuration can be taken from their website.
 Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time.
 
 | Name                          | Description                                | Value        |
@@ -1165,7 +1183,7 @@ Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time.
 ### PostgreSQL HA
 
 PostgreSQL HA is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) if enabled in the values.
-Full configuration options are available on their website.
+Complete Configuration can be taken from their website.
 
 | Name                                        | Description                                                      | Value       |
 | ------------------------------------------- | ---------------------------------------------------------------- | ----------- |
@@ -1183,7 +1201,7 @@ Full configuration options are available on their website.
 ### PostgreSQL
 
 PostgreSQL is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) if enabled in the values.
-Full configuration options are available on their website.
+Complete Configuration can be taken from their website.
 
 | Name                                                    | Description                                                      | Value   |
 | ------------------------------------------------------- | ---------------------------------------------------------------- | ------- |
@@ -1198,11 +1216,11 @@ Full configuration options are available on their website.
 
 | Name               | Description                                                        | Value     |
 | ------------------ | ------------------------------------------------------------------ | --------- |
-| `checkDeprecation` | Whether to run this basic validation check.                        | `true`    |
-| `test.enabled`     | Whether to use test-connection Pod.                                | `true`    |
+| `checkDeprecation` | Set it to false to skip this basic validation check.               | `true`    |
+| `test.enabled`     | Set it to false to disable test-connection Pod.                    | `true`    |
 | `test.image.name`  | Image name for the wget container used in the test-connection Pod. | `busybox` |
 | `test.image.tag`   | Image tag for the wget container used in the test-connection Pod.  | `latest`  |
-| `extraDeploy`      | Array of extra objects to deploy with the release.                 | `[]`      |
+| `extraDeploy`      | Array of extra objects to deploy with the release                  | `[]`      |
 
 ## Contributing
 
@@ -1218,19 +1236,6 @@ This section lists major and breaking changes of each Helm Chart version.
 Please read them carefully to upgrade successfully, especially the change of the **default database backend**!
 If you miss this, blindly upgrading may delete your Postgres instance and you may lose your data!
 
-### To v11
-
-PostgreSQL and PostgreSQL HA are now using PostgreSQL v17.
-Please read PostgresSQL upgrade guide before upgrading.
-
-You need Forgejo v10+ to use this Helm Chart version.
-Forgejo v9 is now EOL.
-
-ClusterIP is now emtpy instead of `None` for http and ssh service.
-Unsupported api versions for `Ingress` and `PodDisruptionBudget` are removed.
-`Ingress` and `Service` are now using named ports.
-The ReadinessProbe is now using the `/api/healthz` endpoint.
-
 ### To v10
 
 You need Forgejo v9+ to use this Helm Chart version.

ci/default-values.yaml

@@ -1,20 +1 @@
 # default values with some modifications
-
-# Use mirror
-# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045
-global:
-  security:
-    allowInsecureImages: true
-redis-cluster:
-  image:
-    registry: public.ecr.aws
-postgresql-ha:
-  postgresql:
-    image:
-      registry: public.ecr.aws
-  pgpool:
-    image:
-      registry: public.ecr.aws
-test:
-  image:
-    name: code.forgejo.org/oci/busybox

ci/dev-values.yaml

@@ -1,11 +1,6 @@
 # Test codeberg.org image
 image:
   registry: codeberg.org
-# Use mirror
-# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045
-test:
-  image:
-    name: code.forgejo.org/oci/busybox
 
 redis-cluster:
   enabled: false

ci/single-values.yaml

@@ -1,23 +1,9 @@
 redis-cluster:
   enabled: false
-postgresql-ha:
-  enabled: false
-
 postgresql:
   enabled: true
-  # Use mirror
-  # https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045
-  image:
-    registry: public.ecr.aws
-global:
-  security:
-    allowInsecureImages: true
-
-# Use mirror
-# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045
-test:
-  image:
-    name: code.forgejo.org/oci/busybox
+postgresql-ha:
+  enabled: false
 
 persistence:
   enabled: true

ci/v10-test-values.yaml

@@ -1,13 +1,7 @@
 image:
   registry: codeberg.org
   repository: forgejo-experimental/forgejo
-  tag: 10 # don't pin, manifests can be missing
-
-# Use mirror
-# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045
-test:
-  image:
-    name: code.forgejo.org/oci/busybox
+  tag: 10.0-test # don't pin, manifests can be missing
 
 redis-cluster:
   enabled: false

ci/v8-test-values.yaml

@@ -1,13 +1,7 @@
 image:
   registry: codeberg.org
   repository: forgejo-experimental/forgejo
-  tag: 11 # don't pin, manifests can be missing
-
-# Use mirror
-# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045
-test:
-  image:
-    name: code.forgejo.org/oci/busybox
+  tag: 8.0-test # don't pin, manifests can be missing
 
 redis-cluster:
   enabled: false

ci/v9-test-values.yaml

@@ -1,13 +1,7 @@
 image:
   registry: codeberg.org
   repository: forgejo-experimental/forgejo
-  tag: 12 # don't pin, manifests can be missing
-
-# Use mirror
-# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045
-test:
-  image:
-    name: code.forgejo.org/oci/busybox
+  tag: 9.0-test # don't pin, manifests can be missing
 
 redis-cluster:
   enabled: false

package.json

@@ -14,18 +14,18 @@
     "test": "helm unittest --strict -f 'unittests/**/*.yaml' ./"
   },
   "devDependencies": {
-    "@bitnami/readme-generator-for-helm": "2.7.0",
+    "@bitnami/readme-generator-for-helm": "2.6.1",
     "clipanion": "3.2.1",
     "conventional-changelog-conventionalcommits": "8.0.0",
-    "conventional-changelog-core": "9.0.0",
-    "husky": "9.1.7",
-    "lint-staged": "15.5.0",
-    "markdownlint-cli": "0.44.0",
-    "prettier": "3.5.3"
+    "conventional-changelog-core": "8.0.0",
+    "husky": "9.1.6",
+    "lint-staged": "15.2.10",
+    "markdownlint-cli": "0.42.0",
+    "prettier": "3.3.3"
   },
-  "packageManager": "pnpm@10.7.0",
+  "packageManager": "pnpm@9.13.2",
   "engines": {
     "node": "^22.0.0",
-    "pnpm": "^10.0.0"
+    "pnpm": "^9.0.0"
   }
 }

templates/gitea/config.yaml

@@ -89,18 +89,15 @@ stringData:
 
       env2ini::log "    + '${setting}'"
 
-      local masked_setting="${setting//./_0X2E_}"                           # '//' instructs to replace all matches
-      masked_setting="${masked_setting//-/_0X2D_}"
-
       if [[ -z "${section}" ]]; then
-        export "FORGEJO____${masked_setting^^}=${value}"                           # '^^' makes the variable content uppercase
+        export "FORGEJO____${setting^^}=${value}"                           # '^^' makes the variable content uppercase
         return
       fi
 
       local masked_section="${section//./_0X2E_}"                           # '//' instructs to replace all matches
       masked_section="${masked_section//-/_0X2D_}"
 
-      export "FORGEJO__${masked_section^^}__${masked_setting^^}=${value}"          # '^^' makes the variable content uppercase
+      export "FORGEJO__${masked_section^^}__${setting^^}=${value}"          # '^^' makes the variable content uppercase
     }
 
     function env2ini::reload_preset_envs() {

templates/gitea/http-svc.yaml

@@ -49,6 +49,6 @@ spec:
     {{- if  .Values.service.http.nodePort }}
     nodePort: {{ .Values.service.http.nodePort }}
     {{- end }}
-    targetPort: http
+    targetPort: {{ .Values.gitea.config.server.HTTP_PORT }}
   selector:
     {{- include "gitea.selectorLabels" . | nindent 4 }}

templates/gitea/ingress.yaml

@@ -1,6 +1,15 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "gitea.fullname" . -}}
-apiVersion: networking.k8s.io/v1
+{{- $httpPort := .Values.service.http.port -}}
+{{- $apiVersion := "extensions/v1beta1" -}}
+{{- if .Values.ingress.apiVersion -}}
+{{- $apiVersion = .Values.ingress.apiVersion -}}
+{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}}
+{{- $apiVersion = "networking.k8s.io/v1" }}
+{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}}
+{{- $apiVersion = "networking.k8s.io/v1beta1" }}
+{{- end }}
+apiVersion: {{ $apiVersion }}
 kind: Ingress
 metadata:
   name: {{ $fullName }}
@@ -32,14 +41,19 @@ spec:
         paths:
           {{- range .paths }}
           - path: {{ .path }}
-            {{- if .pathType }}
+            {{- if and .pathType (eq $apiVersion "networking.k8s.io/v1") }}
             pathType: {{ .pathType }}
             {{- end }}
             backend:
+            {{- if eq $apiVersion "networking.k8s.io/v1" }}
               service:
                 name: {{ $fullName }}-http
                 port:
-                  name: http
+                  number: {{ $httpPort }}
+            {{- else }}
+              serviceName: {{ $fullName }}-http
+              servicePort: {{ $httpPort }}
+            {{- end }}
           {{- end }}
     {{- end }}
 {{- end }}

templates/gitea/poddisruptionbudget.yaml

@@ -1,5 +1,9 @@
 {{- if .Values.podDisruptionBudget -}}
+{{- if .Capabilities.APIVersions.Has "policy/v1" }}
 apiVersion: policy/v1
+{{- else }}
+apiVersion: policy/v1beta1
+{{- end }}
 kind: PodDisruptionBudget
 metadata:
   name: {{ include "gitea.fullname" . }}

templates/gitea/ssh-svc.yaml

@@ -47,7 +47,7 @@ spec:
   - name: ssh
     port: {{ .Values.service.ssh.port }}
     {{- if .Values.gitea.config.server.SSH_LISTEN_PORT }}
-    targetPort: ssh
+    targetPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }}
     {{- end }}
     protocol: TCP
     {{- if .Values.service.ssh.nodePort }}

templates/tests/test-http-connection.yaml

@@ -6,7 +6,7 @@ metadata:
   labels:
 {{ include "gitea.labels" . | nindent 4 }}
   annotations:
-    "helm.sh/hook": test
+    "helm.sh/hook": test-success
 spec:
   containers:
     - name: wget

unittests/dependency-major-image-check.yaml

@@ -15,7 +15,7 @@ tests:
         matchRegex:
           path: spec.template.spec.containers[0].image
           # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
-          pattern: ^docker.io/bitnami/postgresql-repmgr:17.+$
+          pattern: ^docker.io/bitnami/postgresql-repmgr:16.+$
   - it: '[postgresql] ensures we detect major image version upgrades'
     template: charts/postgresql/templates/primary/statefulset.yaml
     set:
@@ -28,7 +28,7 @@ tests:
         matchRegex:
           path: spec.template.spec.containers[0].image
           # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
-          pattern: ^docker.io/bitnami/postgresql:17.+$
+          pattern: ^docker.io/bitnami/postgresql:16.+$
   - it: '[redis-cluster] ensures we detect major image version upgrades'
     template: charts/redis-cluster/templates/redis-statefulset.yaml
     set:

unittests/deployment/svc-configuration.yaml

@@ -58,7 +58,7 @@ tests:
           value: 22
       - equal:
           path: spec.ports[0].targetPort
-          value: ssh
+          value: 2222
 
   - it: render service.ssh.loadBalancerClass if set and type is LoadBalancer
     template: templates/gitea/ssh-svc.yaml

values.yaml

@@ -101,7 +101,7 @@ podDisruptionBudget: {}
 service:
   ## @param service.http.type Kubernetes service type for web traffic
   ## @param service.http.port Port number for web traffic
-  ## @param service.http.clusterIP ClusterIP setting for http autosetup for deployment
+  ## @param service.http.clusterIP ClusterIP setting for http autosetup for deployment is None
   ## @param service.http.loadBalancerIP LoadBalancer IP setting
   ## @param service.http.nodePort NodePort for http service
   ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
@@ -115,7 +115,7 @@ service:
   http:
     type: ClusterIP
     port: 3000
-    clusterIP:
+    clusterIP: None
     loadBalancerIP:
     nodePort:
     externalTrafficPolicy:
@@ -128,7 +128,7 @@ service:
     loadBalancerClass:
   ## @param service.ssh.type Kubernetes service type for ssh traffic
   ## @param service.ssh.port Port number for ssh traffic
-  ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment
+  ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None
   ## @param service.ssh.loadBalancerIP LoadBalancer IP setting
   ## @param service.ssh.nodePort NodePort for ssh service
   ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
@@ -143,7 +143,7 @@ service:
   ssh:
     type: ClusterIP
     port: 22
-    clusterIP:
+    clusterIP: None
     loadBalancerIP:
     nodePort:
     externalTrafficPolicy:
@@ -164,6 +164,7 @@ service:
 ## @param ingress.hosts[0].paths[0].path Default Ingress path
 ## @param ingress.hosts[0].paths[0].pathType Ingress path type
 ## @param ingress.tls Ingress tls settings
+## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd.
 ingress:
   enabled: false
   # className: nginx
@@ -181,6 +182,9 @@ ingress:
   #  - secretName: chart-example-tls
   #    hosts:
   #      - git.example.com
+  # Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar
+  # If helm doesn't correctly detect your ingress API version you can set it here.
+  # apiVersion: networking.k8s.io/v1
 
 ## @section Route
 ## @param route.enabled Enable route
@@ -369,7 +373,7 @@ initContainers:
 #
 ## @param signing.enabled Enable commit/action signing
 ## @param signing.gpgHome GPG home directory
-## @param signing.privateKey Inline private GPG key for signed internal Git activity
+## @param signing.privateKey Inline private gpg key for signed internal Git activity
 ## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey`
 signing:
   enabled: false
@@ -633,8 +637,7 @@ gitea:
   ## @section ReadinessProbe
   #
   ## @param gitea.readinessProbe.enabled Enable readiness probe
-  ## @param gitea.readinessProbe.httpGet.path Path to probe for readiness
-  ## @param gitea.readinessProbe.httpGet.port Port to probe for readiness
+  ## @param gitea.readinessProbe.tcpSocket.port Port to probe for readiness
   ## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated
   ## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe
   ## @param gitea.readinessProbe.periodSeconds Period for readiness probe
@@ -643,8 +646,7 @@ gitea:
   # Modify the readiness probe for your needs or completely disable it by commenting out.
   readinessProbe:
     enabled: true
-    httpGet:
-      path: /api/healthz
+    tcpSocket:
       port: http
     initialDelaySeconds: 5
     timeoutSeconds: 1
@@ -675,7 +677,7 @@ gitea:
 ## @section Redis® Cluster
 ## @descriptionStart
 ## Redis® Cluster is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) if enabled in the values.
-## Full configuration options are available on their website.
+## Complete Configuration can be taken from their website.
 ## Redis cluster and [Redis](#redis) cannot be enabled at the same time.
 ## @descriptionEnd
 #
@@ -693,7 +695,7 @@ redis-cluster:
 ## @section Redis®
 ## @descriptionStart
 ## Redis® is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis) if enabled in the values.
-## Full configuration options are available on their website.
+## Complete Configuration can be taken from their website.
 ## Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time.
 ## @descriptionEnd
 #
@@ -713,7 +715,7 @@ redis:
 ## @section PostgreSQL HA
 ## @descriptionStart
 ## PostgreSQL HA is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) if enabled in the values.
-## Full configuration options are available on their website.
+## Complete Configuration can be taken from their website.
 ## @descriptionEnd
 #
 ## @param postgresql-ha.enabled Enable PostgreSQL HA chart
@@ -749,7 +751,7 @@ postgresql-ha:
 ## @section PostgreSQL
 ## @descriptionStart
 ## PostgreSQL is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) if enabled in the values.
-## Full configuration options are available on their website.
+## Complete Configuration can be taken from their website.
 ## @descriptionEnd
 #
 ## @param postgresql.enabled Enable PostgreSQL
@@ -776,8 +778,8 @@ postgresql:
 # By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update.
 # Set it to false to skip this basic validation check.
 ## @section Advanced
-## @param checkDeprecation Whether to run this basic validation check.
-## @param test.enabled Whether to use test-connection Pod.
+## @param checkDeprecation Set it to false to skip this basic validation check.
+## @param test.enabled Set it to false to disable test-connection Pod.
 ## @param test.image.name Image name for the wget container used in the test-connection Pod.
 ## @param test.image.tag Image tag for the wget container used in the test-connection Pod.
 checkDeprecation: true
@@ -787,6 +789,6 @@ test:
     name: busybox
     tag: latest
 
-## @param extraDeploy Array of extra objects to deploy with the release.
+## @param extraDeploy Array of extra objects to deploy with the release
 ##
 extraDeploy: []