From aee0e7c21613fbff5cae3a123dd693bb16de7e78 Mon Sep 17 00:00:00 2001
From: DaanSelen <dselen@systemec.nl>
Date: Wed, 18 Mar 2026 10:24:25 +0100
Subject: [PATCH] chore: add imagePullSecrets and slightly refac the
 statefulset

---
 README.md                             |  9 +++----
 templates/statefulset.yaml            | 12 ++++++++--
 unittests/helm/config-act-runner.yaml |  2 +-
 values.yaml                           | 34 ++++++++++++++-------------
 4 files changed, 34 insertions(+), 23 deletions(-)

diff --git a/README.md b/README.md
index bb31207..f2eec42 100644
--- a/README.md
+++ b/README.md
@@ -93,7 +93,8 @@ You should be good to go!
 
 ### Global
 
-| Name                   | Description                    | Value |
-| ---------------------- | ------------------------------ | ----- |
-| `global.imageRegistry` | global image registry override | `""`  |
-| `global.storageClass`  | global storage class override  | `""`  |
+| Name                      | Description                    | Value |
+| ------------------------- | ------------------------------ | ----- |
+| `global.imageRegistry`    | global image registry override | `""`  |
+| `global.imagePullSecrets` | global image pull secrets      | `""`  |
+| `global.storageClass`     | global storage class override  | `""`  |
diff --git a/templates/statefulset.yaml b/templates/statefulset.yaml
index 8cbcf3c..724b7ff 100644
--- a/templates/statefulset.yaml
+++ b/templates/statefulset.yaml
@@ -52,7 +52,6 @@ spec:
           env:
             {{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
           {{- end }}
-          restartPolicy: Always
           securityContext:
             privileged: true
           startupProbe:
@@ -75,6 +74,7 @@ spec:
             {{- with .Values.statefulset.dind.extraVolumeMounts }}
             {{- toYaml . | nindent 12 }}
             {{- end }}
+      restartPolicy: Always
       containers:
         - name: act-runner
           image: "{{ include "gitea.actions.actRunner.image" . }}"
@@ -109,6 +109,12 @@ spec:
             {{- with .Values.statefulset.actRunner.extraVolumeMounts }}
             {{- toYaml . | nindent 12 }}
             {{- end }}
+      {{- if .Values.global.imagePullSecrets }}
+      imagePullSecrets:
+      {{- range .Values.global.imagePullSecrets }}
+        - name: {{ . }}
+      {{- end }}
+      {{- end }}
       {{- range $key, $value := .Values.statefulset.nodeSelector }}
       nodeSelector:
         {{ $key }}: {{ $value | quote }}
@@ -135,7 +141,9 @@ spec:
         name: data-act-runner
       spec:
         accessModes: [ "ReadWriteOnce" ]
-        {{- include "gitea.actions.persistence.storageClass" . | nindent 8 }}
+        {{- if .Values.global.storageClass }}
+        {{- include "gitea.actions.persistence.storageClass" . | indent 8 }}
+        {{- end }}
         resources:
           requests:
             storage: {{ .Values.statefulset.persistence.size }}
diff --git a/unittests/helm/config-act-runner.yaml b/unittests/helm/config-act-runner.yaml
index 43e9524..7474bdf 100644
--- a/unittests/helm/config-act-runner.yaml
+++ b/unittests/helm/config-act-runner.yaml
@@ -48,7 +48,7 @@ tests:
       enabled: true
       statefulset:
         actRunner:
-          config:
+          config: |
             container:
               valid_volumes:
                 - /var/run/docker.sock
diff --git a/values.yaml b/values.yaml
index 6e89f6d..55d5705 100644
--- a/values.yaml
+++ b/values.yaml
@@ -48,6 +48,22 @@ statefulset:
   extraVolumes: []
   securityContext: {}
 
+  dind:
+    registry: ""
+    repository: docker
+    tag: 28.3.3-dind
+    digest: ""
+    pullPolicy: IfNotPresent
+    fullOverride: ""
+    extraVolumeMounts: []
+
+    # If the container keeps crashing in your environment, you might have to add the `DOCKER_IPTABLES_LEGACY` environment variable.
+    # See https://github.com/docker-library/docker/issues/463#issuecomment-1881909456
+    extraEnvs:
+      []
+      #  - name: "DOCKER_IPTABLES_LEGACY"
+      #    value: "1"
+
   actRunner:
     registry: "docker.gitea.com"
     repository: act_runner
@@ -73,22 +89,6 @@ statefulset:
         require_docker: true
         docker_timeout: 300s
 
-  dind:
-    registry: ""
-    repository: docker
-    tag: 28.3.3-dind
-    digest: ""
-    pullPolicy: IfNotPresent
-    fullOverride: ""
-    extraVolumeMounts: []
-
-    # If the container keeps crashing in your environment, you might have to add the `DOCKER_IPTABLES_LEGACY` environment variable.
-    # See https://github.com/docker-library/docker/issues/463#issuecomment-1881909456
-    extraEnvs:
-      []
-      #  - name: "DOCKER_IPTABLES_LEGACY"
-      #    value: "1"
-
   persistence:
     size: 1Gi
 
@@ -121,7 +121,9 @@ giteaRootURL: ""
 ## @section Global
 #
 ## @param global.imageRegistry global image registry override
+## @param global.imagePullSecrets global image registry pull secrets
 ## @param global.storageClass global storage class override
 global:
   imageRegistry: ""
+  imagePullSecrets: []
   storageClass: ""