bp99/helm-actions
1
0
Fork 0
mirror of https://gitea.com/gitea/helm-actions.git synced 2026-04-05 09:10:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Simplify dind setup to allow for default docker config in workflows (#46)

Browse Source 
### Description of the change

This switches the dind daemon to socket mode which allows default docker config in workflows.
If also simplifies the statefulset by leveraging sidecar containers and probes to replace the inline bash script

### Benefits

No need to override docker configs in workflows. Enable use of buildx

### Possible drawbacks

EOL kubernetes versions i.e before 1.29 may not support sidecar containers

### Applicable issues

- Fixes #40
- Fixes #27

### ⚠ BREAKING

Switches Docker client to socket mode instead of TCP. Any workflows that override the default docker client config will need to be updated.

### Checklist

- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [x] Breaking changes are documented in the `README.md`
- [x] Helm templating unittests are added (required when changing anything in `templates` folder)
- [x] Bash unittests are added (required when changing anything in `scripts` folder)
- [x] All added template resources MUST render a namespace in metadata

Co-authored-by: ThisIsQasim <18313886+ThisIsQasim@users.noreply.github.com>
Co-authored-by: ChristopherHX <christopherhx@noreply.gitea.com>
Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/46
Reviewed-by: DaanSelen <daanselen@noreply.gitea.com>
Reviewed-by: ChristopherHX <christopherhx@noreply.gitea.com>
Co-authored-by: thisisqasim <thisisqasim@noreply.gitea.com>
Co-committed-by: thisisqasim <thisisqasim@noreply.gitea.com>
This commit is contained in:
thisisqasim
2025-11-03 20:54:01 +00:00
committed by ChristopherHX
parent b91d297e32
commit d17d1fd865
2 changed files with 46 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
templates/statefulset.yaml
View File

@ -45,18 +45,42 @@ spec:
echo "Trying again in 3 seconds..." echo "Trying again in 3 seconds..."
done done
echo "Gitea has been reached!" echo "Gitea has been reached!"
- name: dind
image: "{{ include "gitea.actions.dind.image" . }}"
imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }}
{{- if .Values.statefulset.dind.extraEnvs }}
env:
{{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
{{- end }}
restartPolicy: Always
securityContext:
privileged: true
startupProbe:
exec:
command:
- /usr/bin/test
- -S
- /var/run/docker.sock
livenessProbe:
exec:
command:
- /usr/bin/test
- -S
- /var/run/docker.sock
resources:
{{- toYaml .Values.statefulset.resources | nindent 12 }}
volumeMounts:
- mountPath: /var/run/
name: docker-socket
{{- with .Values.statefulset.dind.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
containers: containers:
- name: act-runner - name: act-runner
image: "{{ include "gitea.actions.actRunner.image" . }}" image: "{{ include "gitea.actions.actRunner.image" . }}"
imagePullPolicy: {{ .Values.statefulset.actRunner.pullPolicy }} imagePullPolicy: {{ .Values.statefulset.actRunner.pullPolicy }}
workingDir: /data workingDir: /data
env: env:
- name: DOCKER_HOST
value: tcp://127.0.0.1:2376
- name: DOCKER_TLS_VERIFY
value: "1"
- name: DOCKER_CERT_PATH
value: /certs/client
- name: GITEA_RUNNER_REGISTRATION_TOKEN - name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@ -77,36 +101,14 @@ spec:
- mountPath: /actrunner/config.yaml - mountPath: /actrunner/config.yaml
name: act-runner-config name: act-runner-config
subPath: config.yaml subPath: config.yaml
- mountPath: /certs/client - mountPath: /var/run/docker.sock
name: docker-certs name: docker-socket
subPath: docker.sock
- mountPath: /data - mountPath: /data
name: data-act-runner name: data-act-runner
{{- with .Values.statefulset.actRunner.extraVolumeMounts }} {{- with .Values.statefulset.actRunner.extraVolumeMounts }}
{{- toYaml . | nindent 12 }} {{- toYaml . | nindent 12 }}
{{- end }} {{- end }}
- name: dind
image: "{{ include "gitea.actions.dind.image" . }}"
imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }}
env:
- name: DOCKER_HOST
value: tcp://127.0.0.1:2376
- name: DOCKER_TLS_VERIFY
value: "1"
- name: DOCKER_CERT_PATH
value: /certs/client
{{- if .Values.statefulset.dind.extraEnvs }}
{{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
{{- end }}
securityContext:
privileged: true
resources:
{{- toYaml .Values.statefulset.resources | nindent 12 }}
volumeMounts:
- mountPath: /certs/client
name: docker-certs
{{- with .Values.statefulset.dind.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- range $key, $value := .Values.statefulset.nodeSelector }} {{- range $key, $value := .Values.statefulset.nodeSelector }}
nodeSelector: nodeSelector:
{{ $key }}: {{ $value | quote }} {{ $key }}: {{ $value | quote }}
@ -123,7 +125,7 @@ spec:
- name: act-runner-config - name: act-runner-config
configMap: configMap:
name: {{ include "gitea.actions.fullname" . }}-act-runner-config name: {{ include "gitea.actions.fullname" . }}-act-runner-config
- name: docker-certs - name: docker-socket
emptyDir: {} emptyDir: {}
{{- with .Values.statefulset.extraVolumes }} {{- with .Values.statefulset.extraVolumes }}
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}

24
unittests/helm/statefulset.yaml
View File

@ -74,7 +74,7 @@ tests:
apiVersion: apps/v1 apiVersion: apps/v1
name: gitea-unittests-actions-act-runner name: gitea-unittests-actions-act-runner
- equal: - equal:
path: spec.template.spec.containers[1].image path: spec.template.spec.initContainers[1].image
value: test.io/dind:x.y.z value: test.io/dind:x.y.z
- it: dind uses global.imageRegistry - it: dind uses global.imageRegistry
template: templates/statefulset.yaml template: templates/statefulset.yaml
@ -92,7 +92,7 @@ tests:
apiVersion: apps/v1 apiVersion: apps/v1
name: gitea-unittests-actions-act-runner name: gitea-unittests-actions-act-runner
- equal: - equal:
path: spec.template.spec.containers[1].image path: spec.template.spec.initContainers[1].image
value: test.io/docker:28.3.3-dind value: test.io/docker:28.3.3-dind
- it: init uses fullOverride - it: init uses fullOverride
template: templates/statefulset.yaml template: templates/statefulset.yaml
@ -152,15 +152,15 @@ tests:
apiVersion: apps/v1 apiVersion: apps/v1
name: gitea-unittests-actions-act-runner name: gitea-unittests-actions-act-runner
- equal: - equal:
path: spec.template.spec.containers[0].env[7] path: spec.template.spec.containers[0].env[4]
value: value:
name: CUSTOM_ENV name: CUSTOM_ENV
value: "1" value: "1"
- matchRegex: - matchRegex:
path: spec.template.spec.containers[0].env[8].valueFrom.fieldRef.fieldPath path: spec.template.spec.containers[0].env[5].valueFrom.fieldRef.fieldPath
pattern: "metadata\\.name" pattern: "metadata\\.name"
- matchRegex: - matchRegex:
path: spec.template.spec.containers[0].env[8].name path: spec.template.spec.containers[0].env[5].name
pattern: "GITEA_RUNNER_NAME" pattern: "GITEA_RUNNER_NAME"
- it: Has fsGroup in securityContext - it: Has fsGroup in securityContext
template: templates/statefulset.yaml template: templates/statefulset.yaml
@ -235,7 +235,7 @@ tests:
apiVersion: apps/v1 apiVersion: apps/v1
name: gitea-unittests-actions-act-runner name: gitea-unittests-actions-act-runner
- equal: - equal:
path: spec.template.spec.containers[0].env[3] path: spec.template.spec.containers[0].env[0]
value: value:
name: GITEA_RUNNER_REGISTRATION_TOKEN name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom: valueFrom:
@ -256,7 +256,7 @@ tests:
apiVersion: apps/v1 apiVersion: apps/v1
name: gitea-unittests-actions-act-runner name: gitea-unittests-actions-act-runner
- equal: - equal:
path: spec.template.spec.containers[0].env[3] path: spec.template.spec.containers[0].env[0]
value: value:
name: GITEA_RUNNER_REGISTRATION_TOKEN name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom: valueFrom:
@ -295,7 +295,7 @@ tests:
apiVersion: apps/v1 apiVersion: apps/v1
name: gitea-unittests-actions-act-runner name: gitea-unittests-actions-act-runner
- equal: - equal:
path: spec.template.spec.containers[0].env[4] path: spec.template.spec.containers[0].env[1]
value: value:
name: GITEA_INSTANCE_URL name: GITEA_INSTANCE_URL
value: "http://git.example.com" value: "http://git.example.com"
@ -323,7 +323,7 @@ tests:
apiVersion: apps/v1 apiVersion: apps/v1
name: gitea-unittests-actions-act-runner name: gitea-unittests-actions-act-runner
- equal: - equal:
path: spec.template.spec.containers[0].env[4] path: spec.template.spec.containers[0].env[1]
value: value:
name: GITEA_INSTANCE_URL name: GITEA_INSTANCE_URL
value: "https://git.example.com" value: "https://git.example.com"
@ -351,7 +351,7 @@ tests:
apiVersion: apps/v1 apiVersion: apps/v1
name: gitea-unittests-actions-act-runner name: gitea-unittests-actions-act-runner
- equal: - equal:
path: spec.template.spec.containers[0].env[4] path: spec.template.spec.containers[0].env[1]
value: value:
name: GITEA_INSTANCE_URL name: GITEA_INSTANCE_URL
value: "https://git.example.com:8443" value: "https://git.example.com:8443"
@ -375,7 +375,7 @@ tests:
value: "custom env value" value: "custom env value"
asserts: asserts:
- equal: - equal:
path: spec.template.spec.containers[1].env[3] path: spec.template.spec.initContainers[1].env[0]
value: value:
name: "CUSTOM_ENV_NAME" name: "CUSTOM_ENV_NAME"
value: "custom env value" value: "custom env value"
@ -425,7 +425,7 @@ tests:
name: gitea-unittests-actions-act-runner name: gitea-unittests-actions-act-runner
- contains: - contains:
any: true any: true
path: spec.template.spec.containers[1].volumeMounts path: spec.template.spec.initContainers[1].volumeMounts
content: content:
mountPath: /mnt mountPath: /mnt
name: my-dind-volume name: my-dind-volume