From e456879b7d93f43d564ad1fbd23e07101bba723d Mon Sep 17 00:00:00 2001 From: Daan Date: Fri, 10 Jul 2026 14:05:51 +0000 Subject: [PATCH] feat: customize init command (#166) add feature to customize the reach gitea commands. See: https://gitea.com/gitea/helm-actions/src/branch/feat/customize-init-command/docs/connectionCommandOverride.mdReviewed-on: https://gitea.com/gitea/helm-actions/pulls/166 Co-authored-by: Daan --- README.md | 28 +++++++++++----- docs/README.md | 2 +- docs/actions-dev.md | 31 ----------------- docs/connectionCommandOverride.md | 48 +++++++++++++++++++++++++++ docs/share-dind-with-job-container.md | 30 ----------------- templates/statefulset.yaml | 9 ++++- values.yaml | 14 +++++--- 7 files changed, 87 insertions(+), 75 deletions(-) delete mode 100644 docs/actions-dev.md create mode 100644 docs/connectionCommandOverride.md delete mode 100644 docs/share-dind-with-job-container.md diff --git a/README.md b/README.md index c51eebc..73a2339 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,16 @@ Deploy with your values, make sure the path is correct: helm upgrade --install gitea-actions gitea-charts/actions -f values.yaml ``` +Alternatively: + +```sh +helm upgrade --install gitea-actions gitea-charts/actions \ + --set enabled=true \ + --set giteaRootURL=https://gitea.com \ + --set existingSecret=foo \ + --set existingSecretKey=bar +``` + You should be good to go! ### Runner Token Secret Template @@ -97,14 +107,16 @@ If `.Values.statefulset.dind.rootless: true` is set, then the following will be ### Gitea Actions Init -| Name | Description | Value | -| ------------------------- | ---------------------------------------------------------------------------------------------------------- | -------------- | -| `init.image.registry` | image registry, e.g. gcr.io,docker.io | `""` | -| `init.image.repository` | The init image | `busybox` | -| `init.image.tag` | the init image tag | `1.38.0` | -| `init.image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | -| `init.image.pullPolicy` | The init image pullPolicy | `IfNotPresent` | -| `init.image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. | `""` | +| Name | Description | Value | +| ----------------------------------- | ---------------------------------------------------------------------------------------------------------- | -------------- | +| `init.image.registry` | Image registry, e.g. gcr.io,docker.io | `""` | +| `init.image.repository` | The init image (default: busyboxy but can be changed to alpine e.g.) | `busybox` | +| `init.image.tag` | The init image tag | `1.38.0` | +| `init.image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | +| `init.image.pullPolicy` | The init image pullPolicy | `IfNotPresent` | +| `init.image.fullOverride` | Completely overrides the image registry, path/image, tag and digest | `""` | +| `init.connectionCommandOverride` | Possiblity to change the command with which the container tests its connection to the Gitea server | `""` | +| `init.preConnectionCommandOverride` | Possibility to add commands that happen before the connection test loop | `""` | ### Runner Token Secret Configuration diff --git a/docs/README.md b/docs/README.md index 891006f..76452ce 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,3 +1,3 @@ # Gitea Actions Helm Chart Docs -- [Share dind with job container](share-dind-with-job-container.md) \ No newline at end of file +- [connectionCommandOverride explanation](./connectionCommandOverride.md) diff --git a/docs/actions-dev.md b/docs/actions-dev.md deleted file mode 100644 index 7a6c83e..0000000 --- a/docs/actions-dev.md +++ /dev/null @@ -1,31 +0,0 @@ -# Gitea Actions - -In order to use the Gitea Actions act-runner you must either: - -- enable persistence (used for automatic deployment to be able to store the token in a place accessible for the Job) -- create a secret containing the act runner token and reference it as a `existingSecret` - -In order to use Gitea Actions, you must log on the server that's running Gitea and run the command: - `gitea actions generate-runner-token` - -This command will out a token that is needed by the act-runner to register with the Gitea backend. - -Because this is a manual operation, we automated this using a Kubernetes Job using the following containers: - -1) `actions-token-create`: it uses the current `gitea-rootless` image, mounts the persistent directory to `/data/` then it saves the output from `gitea actions generate-runner-token` to `/data/actions/token` -2) `actions-token-upload`: it uses a `bitnami/kubectl` image, mounts the scripts directory (`/scripts`) and -the persistent directory (`/data/`), and using the script from `/scripts/token.sh` stores the token in a Kubernetes secret - -After the token is stored in a Kubernetes secret we can create the statefulset that contains the following containers: - -1) `act-runner`: authenticates with Gitea using the token that was stored in the secret -2) `dind`: DockerInDocker image that is used to run the actions - -If you are not using persistent volumes, you cannot use the Job to automatically generate the token. -In this case, you can use either the Web UI to generate the token or run a shell into a Gitea pod and invoke -the command `gitea actions generate-runner-token`. After generating the token, you must create a secret and use it via: - -```yaml -existingSecret: "secret-name" -existingSecretKey: "secret-key" -``` diff --git a/docs/connectionCommandOverride.md b/docs/connectionCommandOverride.md new file mode 100644 index 0000000..2bf8d91 --- /dev/null +++ b/docs/connectionCommandOverride.md @@ -0,0 +1,48 @@ +# Using a custom connectionCommand + +By default, before the container starts it tries to reach the given giteaRootURL. +Normally this is done by the busybox image using the wget binary. + +However, due to [Issue #162](https://gitea.com/gitea/helm-actions/issues/162) there has been a change made where we can customize that command. + +Using the `values.yaml` file by default it calls `wget --spider --no-check-certificate ` with a timeout of 10 seconds. +But with a custom init section like detailed below we can make our check compliant with whatever certificate you have. + +Assuming: +```yaml +enabled: true +giteaRootURL: https://gitea.com +existingSecret: foo +existingSecretKey: bar + +init: + image: + registry: "" + repository: alpine + # Overrides the image tag whose default is the chart appVersion. + tag: "3.24" + digest: "" + pullPolicy: IfNotPresent + fullOverride: "" + + connectionCommandOverride: "curl -I" + preConnectionCommandOverride: "apk add curl" +``` + +This now creates the following template section: + +```yaml + - name: init-gitea + image: "alpine:latest" + command: + - sh + - -c + - | + apk add curl + echo 'Trying to reach Gitea on https://gitea.com' + until timeout 10 curl -I https://gitea.com; do + sleep 3 + echo "Trying again in 3 seconds..." + done + echo "Gitea has been reached!" +``` diff --git a/docs/share-dind-with-job-container.md b/docs/share-dind-with-job-container.md deleted file mode 100644 index f94fb1c..0000000 --- a/docs/share-dind-with-job-container.md +++ /dev/null @@ -1,30 +0,0 @@ -# Share dind with job container - -You can weaken isolation and allow jobs to call docker commands. - -## Limitations - -- - -## Example Values - -```yaml - config: | - log: - level: debug - cache: - enabled: false - container: - require_docker: true - docker_timeout: 300s - -## Specify an existing token secret -## -existingSecret: "runner-token2" -existingSecretKey: "token" - -## Specify the root URL of the Gitea instance -giteaRootURL: "http://192.168.1.2:3000" -``` - -Now you can run docker commands inside your jobs. diff --git a/templates/statefulset.yaml b/templates/statefulset.yaml index 19e4b51..6d1a98b 100644 --- a/templates/statefulset.yaml +++ b/templates/statefulset.yaml @@ -66,14 +66,21 @@ spec: - mountPath: /data name: data-runner {{- end }} - - name: init-gitea + - name: reach-gitea image: "{{ include "gitea.actions.init.image" . }}" command: - sh - -c - | + {{- if .Values.init.preConnectionCommandOverride }} + {{ .Values.init.preConnectionCommandOverride }} + {{- end }} echo 'Trying to reach Gitea on {{ include "gitea.actions.local_root_url" . }}' + {{- if .Values.init.connectionCommandOverride }} + until timeout 10 {{ .Values.init.connectionCommandOverride }} {{ include "gitea.actions.local_root_url" . }}; do + {{- else }} until timeout 10 wget --no-check-certificate --spider {{ include "gitea.actions.local_root_url" . }}; do + {{- end }} sleep 3 echo "Trying again in 3 seconds..." done diff --git a/values.yaml b/values.yaml index 62d1190..8d5e4c8 100644 --- a/values.yaml +++ b/values.yaml @@ -121,12 +121,15 @@ statefulset: ## @section Gitea Actions Init # -## @param init.image.registry image registry, e.g. gcr.io,docker.io -## @param init.image.repository The init image -## @param init.image.tag the init image tag +## @param init.image.registry Image registry, e.g. gcr.io,docker.io +## @param init.image.repository The init image (default: busyboxy but can be changed to alpine e.g.) +## @param init.image.tag The init image tag ## @param init.image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` ## @param init.image.pullPolicy The init image pullPolicy -## @param init.image.fullOverride Completely overrides the image registry, path/image, tag and digest. +## @param init.image.fullOverride Completely overrides the image registry, path/image, tag and digest +# +## @param init.connectionCommandOverride Possiblity to change the command with which the container tests its connection to the Gitea server +## @param init.preConnectionCommandOverride Possibility to add commands that happen before the connection test loop init: image: registry: "" @@ -137,6 +140,9 @@ init: pullPolicy: IfNotPresent fullOverride: "" + connectionCommandOverride: "" + preConnectionCommandOverride: "" + ## @section Runner Token Secret Configuration # ## @param existingSecret Secret that contains the token