refactor: unittests and slightly add QoL (#127)

Reorder the unittests

---------

Co-authored-by: DaanSelen <dselen@systemec.nl>
Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/127

.gitea/workflows/changelog.yml

@@ -8,7 +8,7 @@ on:
 jobs:
   changelog:
     runs-on: ubuntu-latest
-    container: docker.io/thegeeklab/git-sv:2.0.9
+    container: docker.io/thegeeklab/git-sv:2.0.11
     steps:
       - name: install tools
         run: |

.gitea/workflows/commitlint.yml

@@ -11,7 +11,7 @@ on:
 jobs:
   check-and-test:
     runs-on: ubuntu-latest
-    container: commitlint/commitlint:20.4.1
+    container: commitlint/commitlint:20.5.1
     steps:
       - uses: actions/checkout@v6
       - name: check PR title

.gitea/workflows/release-version.yml

@@ -7,64 +7,76 @@ on:
 
 env:
   # renovate: datasource=docker depName=alpine/helm
-  HELM_VERSION: "3.20.0"
+  HELM_VERSION: "4.1.3"
 
 jobs:
   generate-chart-publish:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
+
+      - name: install Docker CLI
+        uses: https://github.com/docker/setup-buildx-action@v4 # Gitea
+        #uses: docker/setup-buildx-action@v4 # Github / Act
+
+      - name: install Helm
+        uses: https://github.com/Azure/setup-helm@v5 # Gitea
+        #uses: Azure/setup-helm@v5 # Github / Act
+        with:
+          version: "${{ env.HELM_VERSION }}"
+
       - name: install tools
         run: |
-          apt update -y
-          apt install -y curl ca-certificates curl gnupg
-          # helm
-          curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
-          tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
-          mv linux-amd64/helm /usr/local/bin/
-          rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
-          helm version
-          # docker
-          install -m 0755 -d /etc/apt/keyrings
-          curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
-          chmod a+r /etc/apt/keyrings/docker.gpg
-          echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
-          apt update -y
-          apt install -y python3 python3-pip apt-transport-https docker-ce-cli
+          apt update
+          apt install -y curl ca-certificates curl gnupg python3 python3-pip apt-transport-https
           pip install awscli --break-system-packages
 
-      - name: Import GPG key
+      - name: import GPG key
         id: import_gpg
-        uses: https://github.com/crazy-max/ghaction-import-gpg@v6
+        uses: https://github.com/crazy-max/ghaction-import-gpg@v7 # Gitea
+        #uses: crazy-max/ghaction-import-gpg@v7 # Github / Act
         with:
           gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
           passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
           fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
 
+      - name: log into Docker Hub
+        uses: https://github.com/docker/login-action@v4 # Gitea
+        #uses: docker/login-action@v4 # Github / Act
+        with:
+          username: ${{ secrets.DOCKER_CHARTS_USERNAME }}
+          password: ${{ secrets.DOCKER_CHARTS_PASSWORD }}
+
       # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
       - name: package chart
         run: |
-          echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
-          # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
-          helm plugin install https://github.com/pat-s/helm-gpg
+          # Install Helm GPG plugin
+          helm plugin install https://github.com/technosophos/helm-gpg.git --verify=false
           helm dependency build
           helm package --version "${GITHUB_REF#refs/tags/v}" ./
+
+          # Package the chart
           mkdir actions
           mv actions*.tgz actions/
           curl -s -L -o actions/index.yaml https://dl.gitea.com/charts/index.yaml
           helm repo index actions/ --url https://dl.gitea.com/charts --merge actions/index.yaml
-          # push to dockerhub
+
+          # Push to Docker Hub
           echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
           helm push actions/actions-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
           helm registry logout registry-1.docker.io
+        env:
+          TAR_OPTIONS: "--wildcards"
 
       - name: aws credential configure
-        uses: https://github.com/aws-actions/configure-aws-credentials@v6
+        uses: https://github.com/aws-actions/configure-aws-credentials@v6 # Gitea
+        #uses: aws-actions/configure-aws-credentials@v6 # Github / Act
         with:
           aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ secrets.AWS_REGION }}
 
-      - name: Copy files to S3 and clear cache
+      - name: copy files to S3 and clear cache
+        if: startsWith(github.ref, 'refs/tags/')
         run: |
           aws s3 sync actions/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/

.gitea/workflows/shellcheck.yml

@@ -1,4 +1,4 @@
-name: Lint Shell files
+name: shellcheck
 
 on:
   pull_request:

.gitea/workflows/test-pr.yml

@@ -1,6 +1,7 @@
 name: check-and-test
 
-on:
+"on":
+  "workflow_dispatch":
   pull_request:
     branches:
       - "*"
@@ -15,26 +16,27 @@ env:
 jobs:
   check-and-test:
     runs-on: ubuntu-latest
-    container: alpine/helm:3.20.0
+    container: alpine/helm:4.1.3
     steps:
       - name: install tools
         run: |
           apk update
           apk add --update bash make nodejs npm yamllint ncurses
       - name: Install pnpm
-        uses: pnpm/action-setup@v4
+        uses: pnpm/action-setup@v5
         with:
           version: 10
       - uses: actions/checkout@v6
       - name: install chart dependencies
         run: helm dependency build
       - name: lint
-        run: helm lint
+        run: helm lint .
       - name: template
         run: helm template --debug gitea-actions .
       - name: prepare unit test environment
         run: |
-          helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
+          helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} --verify=false \
+            https://github.com/helm-unittest/helm-unittest.git # https://github.com/helm-unittest/helm-unittest?tab=readme-ov-file#install
           git submodule update --init --recursive
       - name: unit tests
         env:
@@ -46,4 +48,5 @@ jobs:
           make readme
           git diff --exit-code --name-only README.md
       - name: yaml lint
-        uses: https://github.com/ibiqlik/action-yamllint@v3
+        # uses: ibiqlik/action-yamllint@v3 # Github / Act
+        uses: https://github.com/ibiqlik/action-yamllint@v3 # Gitea

.gitignore

@@ -2,3 +2,4 @@ charts/
 node_modules/
 .DS_Store
 unittests/*/__snapshot__/
+*secret*.yaml

README.md

@@ -6,18 +6,10 @@ The parameters which can be used to customize the deployment are described below
 
 If you want to propose a new feature or mechanism, submit an [issue here](https://gitea.com/gitea/helm-actions/issues).
 
-## Docs
-
-[Docs](./docs/README.md)
-
-## Rootless Defaults
-
-If `.Values.image.rootless: true`, then the following will occur. In case you use `.Values.image.fullOverride`, check that this works in your image:
-
-- If `.Values.provisioning.enabled: true`, then uses the rootless Gitea image, must match helm-Gitea.
-
 ## Quick-start
 
+[Documentation](./docs/README.md)
+
 To get started, add the Helm repo, assuming you have not already:
 
 ```sh
@@ -39,6 +31,26 @@ helm upgrade --install gitea-actions gitea-charts/actions -f values.yaml
 
 You should be good to go!
 
+### Runner Token Secret Template
+
+For reference, a template for the secret is given below:  
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: runner-secret
+  namespace: "my-gitea-namespace"
+type: Opaque
+stringData:
+    runner-token: "my-cool-runner-token-given-by-gitea"
+```
+
+### Rootless Options
+
+If `.Values.statefulset.dind.rootless: true` is set, then the following will be required:  
+`.Values.statefulset.dind.tag` must be a rootless image such as: `29.3.1-dind-rootless`
+
 ## Parameters
 
 ### Gitea Actions
@@ -46,8 +58,6 @@ You should be good to go!
 | Name                                      | Description                                                                                                                                 | Value                          |
 | ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
 | `enabled`                                 | Create an act runner StatefulSet.                                                                                                           | `false`                        |
-| `init.image.repository`                   | The image used for the init containers                                                                                                      | `busybox`                      |
-| `init.image.tag`                          | The image tag used for the init containers                                                                                                  | `1.37.0`                       |
 | `statefulset.replicas`                    | the amount of (replica) runner pods deployed                                                                                                | `1`                            |
 | `statefulset.timezone`                    | is the timezone that will be set in the act_runner image                                                                                    | `Etc/UTC`                      |
 | `statefulset.annotations`                 | Act runner annotations                                                                                                                      | `{}`                           |
@@ -57,28 +67,33 @@ You should be good to go!
 | `statefulset.tolerations`                 | Tolerations for the statefulset                                                                                                             | `[]`                           |
 | `statefulset.affinity`                    | Affinity for the statefulset                                                                                                                | `{}`                           |
 | `statefulset.extraVolumes`                | Extra volumes for the statefulset                                                                                                           | `[]`                           |
+| `statefulset.persistence.size`            | Size for persistence to store act runner data                                                                                               | `1Gi`                          |
+| `statefulset.securityContext`             | Customize the SecurityContext                                                                                                               | `{}`                           |
+| `statefulset.serviceAccountName`          | Customize the service account name                                                                                                          | `""`                           |
+| `statefulset.runtimeClassName`            | Select a different RuntimeClass for pods                                                                                                    | `""`                           |
+| `statefulset.hostAliases`                 | Inject entries into the /etc/hosts file                                                                                                     | `[]`                           |
+| `statefulset.persistence.size`            | Size for persistence to store act runner data                                                                                               | `1Gi`                          |
 | `statefulset.actRunner.registry`          | image registry, e.g. gcr.io,docker.io                                                                                                       | `docker.gitea.com`             |
 | `statefulset.actRunner.repository`        | The Gitea act runner image                                                                                                                  | `act_runner`                   |
-| `statefulset.actRunner.tag`               | The Gitea act runner tag                                                                                                                    | `0.2.13`                       |
+| `statefulset.actRunner.tag`               | The Gitea act runner tag                                                                                                                    | `0.3.1`                        |
 | `statefulset.actRunner.digest`            | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`                                  | `""`                           |
 | `statefulset.actRunner.pullPolicy`        | The Gitea act runner pullPolicy                                                                                                             | `IfNotPresent`                 |
 | `statefulset.actRunner.fullOverride`      | Completely overrides the image registry, path/image, tag and digest.                                                                        | `""`                           |
 | `statefulset.actRunner.extraVolumeMounts` | Allows mounting extra volumes in the act runner container                                                                                   | `[]`                           |
-| `statefulset.actRunner.config`            | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` |
-| `statefulset.dind.registry`               | image registry, e.g. gcr.io,docker.io                                                                                                       | `""`                           |
 | `statefulset.actRunner.extraEnvs`         | Allows adding custom environment variables                                                                                                  | `[]`                           |
+| `statefulset.actRunner.flushCache`        | whether to clear the .runner (cache) file by creating an extra init container, can slightly increase boot-up time                           | `false`                        |
+| `statefulset.actRunner.config`            | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` |
+| `statefulset.dind.rootless`               | a simple flag to let helm know we are dealing with a rootless dind container                                                                | `false`                        |
+| `statefulset.dind.uid`                    | a field to set the running user id for the rootless dind container, so it knows where to look for the socket                                | `""`                           |
+| `statefulset.dind.registry`               | image registry, e.g. gcr.io,docker.io                                                                                                       | `docker.io`                    |
 | `statefulset.dind.repository`             | The Docker-in-Docker image                                                                                                                  | `docker`                       |
-| `statefulset.dind.tag`                    | The Docker-in-Docker image tag                                                                                                              | `28.3.3-dind`                  |
+| `statefulset.dind.tag`                    | The Docker-in-Docker image tag                                                                                                              | `29.4.0-dind`                  |
 | `statefulset.dind.digest`                 | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`                                  | `""`                           |
 | `statefulset.dind.fullOverride`           | Completely overrides the image registry, path/image, tag and digest.                                                                        | `""`                           |
 | `statefulset.dind.pullPolicy`             | The Docker-in-Docker pullPolicy                                                                                                             | `IfNotPresent`                 |
 | `statefulset.dind.extraVolumeMounts`      | Allows mounting extra volumes in the Docker-in-Docker container                                                                             | `[]`                           |
 | `statefulset.dind.extraEnvs`              | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`                                                                | `[]`                           |
-| `statefulset.persistence.size`            | Size for persistence to store act runner data                                                                                               | `1Gi`                          |
-| `statefulset.securityContext`             | Customize the SecurityContext                                                                                                               | `{}`                           |
-| `existingSecret`                          | Secret that contains the token                                                                                                              | `""`                           |
-| `existingSecretKey`                       | Secret key                                                                                                                                  | `""`                           |
-| `giteaRootURL`                            | URL the act_runner registers and connect with                                                                                               | `""`                           |
+| `statefulset.dind.extraArgs`              | Allows adding custom arguments to the Docker Daemon                                                                                         | `[]`                           |
 
 ### Gitea Actions Init
 
@@ -91,9 +106,30 @@ You should be good to go!
 | `init.image.pullPolicy`   | The init image pullPolicy                                                                                  | `IfNotPresent` |
 | `init.image.fullOverride` | Completely overrides the image registry, path/image, tag and digest.                                       | `""`           |
 
+### Runner Token Secret Configuration
+
+| Name                | Description                    | Value |
+| ------------------- | ------------------------------ | ----- |
+| `existingSecret`    | Secret that contains the token | `""`  |
+| `existingSecretKey` | Secret key                     | `""`  |
+
+### Gitea URL Setting
+
+| Name           | Description                                   | Value |
+| -------------- | --------------------------------------------- | ----- |
+| `giteaRootURL` | URL the act_runner registers and connect with | `""`  |
+
+### Extra Init Containers
+
+| Name                      | Description                                                                                     | Value |
+| ------------------------- | ----------------------------------------------------------------------------------------------- | ----- |
+| `preExtraInitContainers`  | Additional init containers to run in the pod before Gitea-actions runs it owns init containers. | `[]`  |
+| `postExtraInitContainers` | Additional init containers to run in the pod after Gitea-actions runs it owns init containers.  | `[]`  |
+
 ### Global
 
-| Name                   | Description                    | Value |
-| ---------------------- | ------------------------------ | ----- |
-| `global.imageRegistry` | global image registry override | `""`  |
-| `global.storageClass`  | global storage class override  | `""`  |
+| Name                      | Description                        | Value |
+| ------------------------- | ---------------------------------- | ----- |
+| `global.imageRegistry`    | global image registry override     | `""`  |
+| `global.imagePullSecrets` | global image registry pull secrets | `[]`  |
+| `global.storageClass`     | global storage class override      | `""`  |

docs/actions-dev.md

@@ -26,8 +26,6 @@ In this case, you can use either the Web UI to generate the token or run a shell
 the command `gitea actions generate-runner-token`. After generating the token, you must create a secret and use it via:
 
 ```yaml
-provisioning:
-  enabled: false
 existingSecret: "secret-name"
 existingSecretKey: "secret-key"
 ```

docs/share-dind-with-job-container.md

@@ -4,25 +4,19 @@ You can weaken isolation and allow jobs to call docker commands.
 
 ## Limitations
 
-- Docker bind mounts like `-v /path/on/self/container:/path/to/new/container` do not work, because they are going to mount the path from the dind container
-- Docker port expose to local host `-e 80:8080` is not going to work
+-
 
 ## Example Values
 
 ```yaml
-enabled: true
-statefulset:
-  actRunner:
-    # See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
     config: |
       log:
         level: debug
       cache:
         enabled: false
       container:
-        valid_volumes:
-        - /var/run/docker.sock
-        options: -v /var/run/docker.sock:/var/run/docker.sock
+        require_docker: true
+        docker_timeout: 300s
 
 ## Specify an existing token secret
 ##
@@ -33,4 +27,4 @@ existingSecretKey: "token"
 giteaRootURL: "http://192.168.1.2:3000"
 ```
 
-Now you can run docker commands inside your jobs.
+Now you can run docker commands inside your jobs.

package.json

@@ -14,6 +14,6 @@
   },
   "devDependencies": {
     "@bitnami/readme-generator-for-helm": "^2.7.0",
-    "markdownlint-cli": "^0.47.0"
+    "markdownlint-cli": "^0.48.0"
   }
 }

pnpm-lock.yaml

@@ -12,8 +12,8 @@ importers:
         specifier: ^2.7.0
         version: 2.7.2
       markdownlint-cli:
-        specifier: ^0.47.0
-        version: 0.47.0
+        specifier: ^0.48.0
+        version: 0.48.0
 
 packages:
 
@@ -21,16 +21,8 @@ packages:
     resolution: {integrity: sha512-7eXyJzxQTQj2ajpHlIhadciCCYWOqN8ieaweU25bStHOZowQ2c2CQyjO/bX4gxIf73LoRKxHhEYgLTllJY9SIw==}
     hasBin: true
 
-  '@isaacs/balanced-match@4.0.1':
-    resolution: {integrity: sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==}
-    engines: {node: 20 || >=22}
-
-  '@isaacs/brace-expansion@5.0.1':
-    resolution: {integrity: sha512-WMz71T1JS624nWj2n2fnYAuPovhv7EUhk69R6i9dsVyzxt5eM3bjwvgk9L+APE1TRscGysAVMANkB0jh0LQZrQ==}
-    engines: {node: 20 || >=22}
-
-  '@types/debug@4.1.12':
-    resolution: {integrity: sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==}
+  '@types/debug@4.1.13':
+    resolution: {integrity: sha512-KSVgmQmzMwPlmtljOomayoR89W4FynCAi3E8PPs7vmDVPe84hT+vGPKkJfThkmXs0x0jAaa9U8uW8bbfyS2fWw==}
 
   '@types/katex@0.16.8':
     resolution: {integrity: sha512-trgaNyfU+Xh2Tc+ABIb44a5AYUpicB3uwirOioeOkNPPbmgRNtcWyDeeFRzjPZENO9Vq8gvVqfhaaXWLlevVwg==}
@@ -51,8 +43,16 @@ packages:
   balanced-match@1.0.2:
     resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==}
 
-  brace-expansion@1.1.12:
-    resolution: {integrity: sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==}
+  balanced-match@4.0.4:
+    resolution: {integrity: sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==}
+    engines: {node: 18 || 20 || >=22}
+
+  brace-expansion@1.1.13:
+    resolution: {integrity: sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==}
+
+  brace-expansion@5.0.5:
+    resolution: {integrity: sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==}
+    engines: {node: 18 || 20 || >=22}
 
   character-entities-legacy@3.0.0:
     resolution: {integrity: sha512-RpPp0asT/6ufRm//AJVwpViZbGM/MkjQFxJccQRHmISF/22NBtsHqAWmL+/pmkPWoIUJdWyeVleTl1wydHATVQ==}
@@ -125,8 +125,8 @@ packages:
   fs.realpath@1.0.0:
     resolution: {integrity: sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==}
 
-  get-east-asian-width@1.4.0:
-    resolution: {integrity: sha512-QZjmEOC+IT1uk6Rx0sX22V6uHWVwbdbxf1faPqJ1QhLdGgsRGCZoyaQBm/piRdJy/D2um6hM1UP7ZEeQ4EkP+Q==}
+  get-east-asian-width@1.5.0:
+    resolution: {integrity: sha512-CQ+bEO+Tva/qlmw24dCejulK5pMzVnUOFOijVogd3KQs07HnRIgp8TGipvCCRT06xeYEbpbgwaCxglFyiuIcmA==}
     engines: {node: '>=18'}
 
   glob@7.2.3:
@@ -171,25 +171,25 @@ packages:
     resolution: {integrity: sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==}
     engines: {node: '>=0.10.0'}
 
-  katex@0.16.28:
-    resolution: {integrity: sha512-YHzO7721WbmAL6Ov1uzN/l5mY5WWWhJBSW+jq4tkfZfsxmo1hu6frS0EOswvjBUnWE6NtjEs48SFn5CQESRLZg==}
+  katex@0.16.45:
+    resolution: {integrity: sha512-pQpZbdBu7wCTmQUh7ufPmLr0pFoObnGUoL/yhtwJDgmmQpbkg/0HSVti25Fu4rmd1oCR6NGWe9vqTWuWv3GcNA==}
     hasBin: true
 
   linkify-it@5.0.0:
     resolution: {integrity: sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==}
 
-  lodash@4.17.23:
-    resolution: {integrity: sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==}
+  lodash@4.18.1:
+    resolution: {integrity: sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==}
 
-  markdown-it@14.1.0:
-    resolution: {integrity: sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==}
+  markdown-it@14.1.1:
+    resolution: {integrity: sha512-BuU2qnTti9YKgK5N+IeMubp14ZUKUUw7yeJbkjtosvHiP0AZ5c8IAgEMk79D0eC8F23r4Ac/q8cAIFdm2FtyoA==}
     hasBin: true
 
   markdown-table@2.0.0:
     resolution: {integrity: sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==}
 
-  markdownlint-cli@0.47.0:
-    resolution: {integrity: sha512-HOcxeKFAdDoldvoYDofd85vI8LgNWy8vmYpCwnlLV46PJcodmGzD7COSSBlhHwsfT4o9KrAStGodImVBus31Bg==}
+  markdownlint-cli@0.48.0:
+    resolution: {integrity: sha512-NkZQNu2E0Q5qLEEHwWj674eYISTLD4jMHkBzDobujXd1kv+yCxi8jOaD/rZoQNW1FBBMMGQpuW5So8B51N/e0A==}
     engines: {node: '>=20'}
     hasBin: true
 
@@ -275,12 +275,12 @@ packages:
   micromark@4.0.2:
     resolution: {integrity: sha512-zpe98Q6kvavpCr1NPVSCMebCKfD7CA2NqZ+rykeNhONIJBpc1tFKt9hucLGwha3jNTNI8lHpctWJWoimVF4PfA==}
 
-  minimatch@10.1.2:
-    resolution: {integrity: sha512-fu656aJ0n2kcXwsnwnv9g24tkU5uSmOlTjd6WyyaKm2Z+h1qmY6bAjrcaIxF/BslFqbZ8UBtbJi7KgQOZD2PTw==}
-    engines: {node: 20 || >=22}
+  minimatch@10.2.5:
+    resolution: {integrity: sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==}
+    engines: {node: 18 || 20 || >=22}
 
-  minimatch@3.1.2:
-    resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==}
+  minimatch@3.1.5:
+    resolution: {integrity: sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==}
 
   minimist@1.2.8:
     resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==}
@@ -298,8 +298,8 @@ packages:
     resolution: {integrity: sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==}
     engines: {node: '>=0.10.0'}
 
-  picomatch@4.0.3:
-    resolution: {integrity: sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==}
+  picomatch@4.0.4:
+    resolution: {integrity: sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==}
     engines: {node: '>=12'}
 
   punycode.js@2.3.1:
@@ -314,24 +314,24 @@ packages:
     resolution: {integrity: sha512-CcfE+mYiTcKEzg0IqS08+efdnH0oJ3zV0wSUFBNrMHMuxCtXvBCLzCJHatwuXDcu/RlhjTziTo/a1ruQik6/Yg==}
     hasBin: true
 
-  smol-toml@1.5.2:
-    resolution: {integrity: sha512-QlaZEqcAH3/RtNyet1IPIYPsEWAaYyXXv1Krsi+1L/QHppjX4Ifm8MQsBISz9vE8cHicIq3clogsheili5vhaQ==}
+  smol-toml@1.6.1:
+    resolution: {integrity: sha512-dWUG8F5sIIARXih1DTaQAX4SsiTXhInKf1buxdY9DIg4ZYPZK5nGM1VRIYmEbDbsHt7USo99xSLFu5Q1IqTmsg==}
     engines: {node: '>= 18'}
 
   string-width@8.1.0:
     resolution: {integrity: sha512-Kxl3KJGb/gxkaUMOjRsQ8IrXiGW75O4E3RPjFIINOVH8AMl2SQ/yWdTzWwF3FevIX9LcMAjJW+GRwAlAbTSXdg==}
     engines: {node: '>=20'}
 
-  strip-ansi@7.1.2:
-    resolution: {integrity: sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==}
+  strip-ansi@7.2.0:
+    resolution: {integrity: sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==}
     engines: {node: '>=12'}
 
   strip-json-comments@3.1.1:
     resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==}
     engines: {node: '>=8'}
 
-  tinyglobby@0.2.15:
-    resolution: {integrity: sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==}
+  tinyglobby@0.2.16:
+    resolution: {integrity: sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==}
     engines: {node: '>=12.0.0'}
 
   uc.micro@2.1.0:
@@ -340,8 +340,8 @@ packages:
   wrappy@1.0.2:
     resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==}
 
-  yaml@2.8.2:
-    resolution: {integrity: sha512-mplynKqc1C2hTVYxd0PU2xQAc22TI1vShAYGksCCfxbn/dFwnHTNi1bvYsBTkhdUNtGIf5xNOg938rrSSYvS9A==}
+  yaml@2.8.3:
+    resolution: {integrity: sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==}
     engines: {node: '>= 14.6'}
     hasBin: true
 
@@ -351,17 +351,11 @@ snapshots:
     dependencies:
       commander: 13.1.0
       dot-object: 2.1.5
-      lodash: 4.17.23
+      lodash: 4.18.1
       markdown-table: 2.0.0
-      yaml: 2.8.2
+      yaml: 2.8.3
 
-  '@isaacs/balanced-match@4.0.1': {}
-
-  '@isaacs/brace-expansion@5.0.1':
-    dependencies:
-      '@isaacs/balanced-match': 4.0.1
-
-  '@types/debug@4.1.12':
+  '@types/debug@4.1.13':
     dependencies:
       '@types/ms': 2.1.0
 
@@ -377,11 +371,17 @@ snapshots:
 
   balanced-match@1.0.2: {}
 
-  brace-expansion@1.1.12:
+  balanced-match@4.0.4: {}
+
+  brace-expansion@1.1.13:
     dependencies:
       balanced-match: 1.0.2
       concat-map: 0.0.1
 
+  brace-expansion@5.0.5:
+    dependencies:
+      balanced-match: 4.0.4
+
   character-entities-legacy@3.0.0: {}
 
   character-entities@2.0.2: {}
@@ -421,20 +421,20 @@ snapshots:
 
   entities@4.5.0: {}
 
-  fdir@6.5.0(picomatch@4.0.3):
+  fdir@6.5.0(picomatch@4.0.4):
     optionalDependencies:
-      picomatch: 4.0.3
+      picomatch: 4.0.4
 
   fs.realpath@1.0.0: {}
 
-  get-east-asian-width@1.4.0: {}
+  get-east-asian-width@1.5.0: {}
 
   glob@7.2.3:
     dependencies:
       fs.realpath: 1.0.0
       inflight: 1.0.6
       inherits: 2.0.4
-      minimatch: 3.1.2
+      minimatch: 3.1.5
       once: 1.4.0
       path-is-absolute: 1.0.1
 
@@ -468,7 +468,7 @@ snapshots:
 
   jsonpointer@5.0.1: {}
 
-  katex@0.16.28:
+  katex@0.16.45:
     dependencies:
       commander: 8.3.0
 
@@ -476,9 +476,9 @@ snapshots:
     dependencies:
       uc.micro: 2.1.0
 
-  lodash@4.17.23: {}
+  lodash@4.18.1: {}
 
-  markdown-it@14.1.0:
+  markdown-it@14.1.1:
     dependencies:
       argparse: 2.0.1
       entities: 4.5.0
@@ -491,7 +491,7 @@ snapshots:
     dependencies:
       repeat-string: 1.6.1
 
-  markdownlint-cli@0.47.0:
+  markdownlint-cli@0.48.0:
     dependencies:
       commander: 14.0.3
       deep-extend: 0.6.0
@@ -499,12 +499,12 @@ snapshots:
       js-yaml: 4.1.1
       jsonc-parser: 3.3.1
       jsonpointer: 5.0.1
-      markdown-it: 14.1.0
+      markdown-it: 14.1.1
       markdownlint: 0.40.0
-      minimatch: 10.1.2
+      minimatch: 10.2.5
       run-con: 1.3.2
-      smol-toml: 1.5.2
-      tinyglobby: 0.2.15
+      smol-toml: 1.6.1
+      tinyglobby: 0.2.16
     transitivePeerDependencies:
       - supports-color
 
@@ -583,7 +583,7 @@ snapshots:
     dependencies:
       '@types/katex': 0.16.8
       devlop: 1.1.0
-      katex: 0.16.28
+      katex: 0.16.45
       micromark-factory-space: 2.0.1
       micromark-util-character: 2.1.1
       micromark-util-symbol: 2.0.1
@@ -676,7 +676,7 @@ snapshots:
 
   micromark@4.0.2:
     dependencies:
-      '@types/debug': 4.1.12
+      '@types/debug': 4.1.13
       debug: 4.4.3
       decode-named-character-reference: 1.3.0
       devlop: 1.1.0
@@ -696,13 +696,13 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  minimatch@10.1.2:
+  minimatch@10.2.5:
     dependencies:
-      '@isaacs/brace-expansion': 5.0.1
+      brace-expansion: 5.0.5
 
-  minimatch@3.1.2:
+  minimatch@3.1.5:
     dependencies:
-      brace-expansion: 1.1.12
+      brace-expansion: 1.1.13
 
   minimist@1.2.8: {}
 
@@ -724,7 +724,7 @@ snapshots:
 
   path-is-absolute@1.0.1: {}
 
-  picomatch@4.0.3: {}
+  picomatch@4.0.4: {}
 
   punycode.js@2.3.1: {}
 
@@ -737,26 +737,26 @@ snapshots:
       minimist: 1.2.8
       strip-json-comments: 3.1.1
 
-  smol-toml@1.5.2: {}
+  smol-toml@1.6.1: {}
 
   string-width@8.1.0:
     dependencies:
-      get-east-asian-width: 1.4.0
-      strip-ansi: 7.1.2
+      get-east-asian-width: 1.5.0
+      strip-ansi: 7.2.0
 
-  strip-ansi@7.1.2:
+  strip-ansi@7.2.0:
     dependencies:
       ansi-regex: 6.2.2
 
   strip-json-comments@3.1.1: {}
 
-  tinyglobby@0.2.15:
+  tinyglobby@0.2.16:
     dependencies:
-      fdir: 6.5.0(picomatch@4.0.3)
-      picomatch: 4.0.3
+      fdir: 6.5.0(picomatch@4.0.4)
+      picomatch: 4.0.4
 
   uc.micro@2.1.0: {}
 
   wrappy@1.0.2: {}
 
-  yaml@2.8.2: {}
+  yaml@2.8.3: {}

templates/_helpers.tpl

@@ -14,14 +14,14 @@ If release name contains chart name it will be used as a full name.
 */}}
 {{- define "gitea.actions.fullname" -}}
 {{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+  {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
+  {{- $name := default .Chart.Name .Values.nameOverride -}}
+  {{- if contains $name .Release.Name -}}
+    {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+    {{- else -}}
+    {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+  {{- end -}}
 {{- end -}}
 {{- end -}}
 
@@ -36,7 +36,7 @@ Create a default worker name.
 Create chart name and version as used by the chart label.
 */}}
 {{- define "gitea.actions.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
 {{/*
@@ -45,7 +45,7 @@ Storage Class
 {{- define "gitea.actions.persistence.storageClass" -}}
 {{- $storageClass :=  default (tpl ( default "" .Values.global.storageClass) .) }}
 {{- if $storageClass }}
-storageClassName: {{ $storageClass | quote }}
+  storageClassName: {{ $storageClass | quote }}
 {{- end }}
 {{- end -}}
 
@@ -128,4 +128,4 @@ Create image for Init
 */}}
 {{- define "gitea.actions.init.image" -}}
 {{ include "gitea.actions.common.image" (dict "root" . "image" .Values.init.image) }}
-{{- end -}}
+{{- end -}}

templates/config-act-runner.yaml

@@ -11,9 +11,9 @@ data:
   config.yaml: |
     {{- with .Values.statefulset.actRunner.config -}}
     {{- if kindIs "string" . -}}
-    {{ . | nindent 4}}
+      {{ . | nindent 4}}
     {{- else -}}
-    {{ toYaml . | nindent 4}}
+      {{ toYaml . | nindent 4}}
     {{- end -}}
     {{- end -}}
 {{- end }}

templates/statefulset.yaml

@@ -30,9 +30,42 @@ spec:
         {{- toYaml . | nindent 8 }}
         {{- end }}
     spec:
+      restartPolicy: Always
+      {{- if .Values.statefulset.serviceAccountName }}
+      serviceAccountName: {{ .Values.statefulset.serviceAccountName | quote }}
+      {{- end }}
+      {{- if .Values.statefulset.securityContext }}
       securityContext:
         {{- toYaml .Values.statefulset.securityContext | nindent 8 }}
+      {{- end }}
+      {{- if .Values.statefulset.runtimeClassName }}
+      runtimeClassName: {{ .Values.statefulset.runtimeClassName | quote }}
+      {{- end }}
+      {{- if .Values.statefulset.hostAliases }}
+      hostAliases:
+        {{- toYaml .Values.statefulset.hostAliases | nindent 8 }}
+      {{- end }}
       initContainers:
+        {{- if .Values.preExtraInitContainers }}
+        {{- toYaml .Values.preExtraInitContainers | nindent 8 }}
+        {{- end }}
+        {{- if .Values.statefulset.actRunner.flushCache }}
+        - name: cache-flusher
+          image: "{{ include "gitea.actions.init.image" . }}"
+          command:
+            - sh
+            - -c
+            - |
+              if [[ -f /data/.runner ]]; then
+                echo "Removing cache at /data/.runner"
+                rm -v /data/.runner
+              else
+                echo "No .runner file to remove"
+              fi
+          volumeMounts:
+            - mountPath: /data
+              name: data-act-runner
+        {{- end }}
         - name: init-gitea
           image: "{{ include "gitea.actions.init.image" . }}"
           command:
@@ -47,34 +80,53 @@ spec:
               echo "Gitea has been reached!"
         - name: dind
           image: "{{ include "gitea.actions.dind.image" . }}"
+          restartPolicy: Always
           imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }}
           {{- if .Values.statefulset.dind.extraEnvs }}
           env:
             {{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
           {{- end }}
-          restartPolicy: Always
           securityContext:
             privileged: true
+          {{- if .Values.statefulset.dind.extraArgs }}
+          args:
+            {{- toYaml .Values.statefulset.dind.extraArgs | nindent 12 }}
+          {{- end }}
           startupProbe:
             exec:
               command:
                 - /usr/bin/test
                 - -S
+                {{- if .Values.statefulset.dind.rootless }}
+                - /run/user/{{ .Values.statefulset.dind.uid | default 1000 }}/docker.sock
+                {{- else }}
                 - /var/run/docker.sock
+                {{- end }}
           livenessProbe:
             exec:
               command:
                 - /usr/bin/test
                 - -S
+                {{- if .Values.statefulset.dind.rootless }}
+                - /run/user/{{ .Values.statefulset.dind.uid | default 1000 }}/docker.sock
+                {{- else }}
                 - /var/run/docker.sock
+                {{- end }}
           resources:
             {{- toYaml .Values.statefulset.resources | nindent 12 }}
           volumeMounts:
+            {{- if .Values.statefulset.dind.rootless }}
+            - mountPath: /run/user/{{ .Values.statefulset.dind.uid | default 1000 }}/
+            {{- else }}
             - mountPath: /var/run/
+            {{- end }}
               name: docker-socket
             {{- with .Values.statefulset.dind.extraVolumeMounts }}
             {{- toYaml . | nindent 12 }}
             {{- end }}
+        {{- if .Values.postExtraInitContainers }}
+        {{- toYaml .Values.postExtraInitContainers | nindent 8 }}
+        {{- end }}
       containers:
         - name: act-runner
           image: "{{ include "gitea.actions.actRunner.image" . }}"
@@ -84,8 +136,8 @@ spec:
             - name: GITEA_RUNNER_REGISTRATION_TOKEN
               valueFrom:
                 secretKeyRef:
-                  name: "{{ .Values.existingSecret | default $secretName }}"
-                  key: "{{ .Values.existingSecretKey | default "token" }}"
+                  name: "{{ (tpl .Values.existingSecret . ) | default $secretName }}"
+                  key: "{{ (tpl .Values.existingSecretKey . ) | default "token" }}"
             - name: GITEA_INSTANCE_URL
               value: {{ include "gitea.actions.local_root_url" . }}
             - name: CONFIG_FILE
@@ -109,6 +161,12 @@ spec:
             {{- with .Values.statefulset.actRunner.extraVolumeMounts }}
             {{- toYaml . | nindent 12 }}
             {{- end }}
+      {{- if .Values.global.imagePullSecrets }}
+      imagePullSecrets:
+      {{- range .Values.global.imagePullSecrets }}
+        - name: {{ . }}
+      {{- end }}
+      {{- end }}
       {{- range $key, $value := .Values.statefulset.nodeSelector }}
       nodeSelector:
         {{ $key }}: {{ $value | quote }}
@@ -135,7 +193,9 @@ spec:
         name: data-act-runner
       spec:
         accessModes: [ "ReadWriteOnce" ]
-        {{- include "gitea.actions.persistence.storageClass" . | nindent 8 }}
+        {{- if .Values.global.storageClass }}
+        {{- include "gitea.actions.persistence.storageClass" . | indent 8 }}
+        {{- end }}
         resources:
           requests:
             storage: {{ .Values.statefulset.persistence.size }}

unittests/helm/01-consistency-checks.yaml

@@ -1,6 +1,6 @@
 suite: actions template | consistency checks
 release:
-  name: gitea-unittests
+  name: gitea-actions-unittests
   namespace: testing
 templates:
   - templates/01-consistency-checks.yaml

unittests/helm/config-act-runner.yaml

@@ -1,7 +1,7 @@
 # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
 suite: actions template | config-act-runner
 release:
-  name: gitea-unittests
+  name: gitea-actions-unittests
   namespace: testing
 templates:
   - templates/config-act-runner.yaml
@@ -31,7 +31,7 @@ tests:
       - containsDocument:
           kind: ConfigMap
           apiVersion: v1
-          name: gitea-unittests-actions-act-runner-config
+          name: gitea-actions-unittests-act-runner-config
       - equal:
           path: data["config.yaml"]
           value: |
@@ -48,7 +48,7 @@ tests:
       enabled: true
       statefulset:
         actRunner:
-          config:
+          config: |
             container:
               valid_volumes:
                 - /var/run/docker.sock
@@ -59,7 +59,7 @@ tests:
       - containsDocument:
           kind: ConfigMap
           apiVersion: v1
-          name: gitea-unittests-actions-act-runner-config
+          name: gitea-actions-unittests-act-runner-config
       - matchRegex:
           path: data["config.yaml"]
           pattern: '(?m)^\s*options:\s*-v /var/run/docker.sock:/var/run/docker.sock\s*$'

unittests/helm/statefulset.yaml

@@ -1,17 +1,225 @@
 suite: actions template | statefulset
 release:
-  name: gitea-unittests
+  name: gitea-actions-unittests
   namespace: testing
 templates:
   - templates/statefulset.yaml
   - templates/config-act-runner.yaml
 tests:
-  - it: act-runner uses fullOverride
+#
+## GENERIC
+#
+
+  - it: doesn't renders a StatefulSet by default
+    template: templates/statefulset.yaml
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: renders a StatefulSet (that tracks changes of the runner configuration as annotation)
+    template: templates/statefulset.yaml
+    set:
+      image.tag: "1.22.3" # lock image tag to prevent test failures on future Gitea upgrades
+      enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-actions-unittests-act-runner
+      - equal:
+          path: spec.template.metadata.annotations["checksum/config"]
+          value: "368836e4e5d947f06f2d65c7cc3fc3ad050aaced506443f54a8ffc17bb11afd2"
+
+  - it: Has fsGroup in securityContext
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      statefulset.securityContext:
+        fsGroup: 1000
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-actions-unittests-act-runner
+      - equal:
+          path: spec.template.spec.securityContext["fsGroup"]
+          value: 1000
+
+  - it: Has fsGroupChangePolicy in securityContext
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      statefulset.securityContext:
+        fsGroupChangePolicy: OnRootMismatch
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-actions-unittests-act-runner
+      - equal:
+          path: spec.template.spec.securityContext["fsGroupChangePolicy"]
+          value: "OnRootMismatch"
+
+  - it: Has Always in securityContext
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      statefulset.securityContext:
+        fsGroupChangePolicy: Always
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-actions-unittests-act-runner
+      - equal:
+          path: spec.template.spec.securityContext["fsGroupChangePolicy"]
+          value: "Always"
+
+  - it: renders a StatefulSet (with given existingSecret/existingSecretKey)
     template: templates/statefulset.yaml
     set:
       enabled: true
       existingSecret: "my-secret"
       existingSecretKey: "my-secret-key"
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-actions-unittests-act-runner
+      - equal:
+          path: spec.template.spec.containers[0].env[0]
+          value:
+            name: GITEA_RUNNER_REGISTRATION_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: "my-secret"
+                key: "my-secret-key"
+
+  - it: renders a StatefulSet http (with correct GITEA_INSTANCE_URL env from giteaRootURL)
+    template: templates/statefulset.yaml
+    set:
+      giteaRootURL: "http://git.example.com"
+      enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-actions-unittests-act-runner
+      - equal:
+          path: spec.template.spec.containers[0].env[1]
+          value:
+            name: GITEA_INSTANCE_URL
+            value: "http://git.example.com"
+      - equal:
+          path: spec.template.spec.initContainers[0].command[2]
+          value: |
+            echo 'Trying to reach Gitea on http://git.example.com'
+            until timeout 10 wget --no-check-certificate --spider http://git.example.com; do
+              sleep 3
+              echo "Trying again in 3 seconds..."
+            done
+            echo "Gitea has been reached!"
+
+  - it: renders a StatefulSet https (with correct GITEA_INSTANCE_URL env from giteaRootURL)
+    template: templates/statefulset.yaml
+    set:
+      giteaRootURL: "https://git.example.com"
+      enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-actions-unittests-act-runner
+      - equal:
+          path: spec.template.spec.containers[0].env[1]
+          value:
+            name: GITEA_INSTANCE_URL
+            value: "https://git.example.com"
+      - equal:
+          path: spec.template.spec.initContainers[0].command[2]
+          value: |
+            echo 'Trying to reach Gitea on https://git.example.com'
+            until timeout 10 wget --no-check-certificate --spider https://git.example.com; do
+              sleep 3
+              echo "Trying again in 3 seconds..."
+            done
+            echo "Gitea has been reached!"
+
+  - it: renders a StatefulSet https with explicit port (with correct GITEA_INSTANCE_URL env from giteaRootURL)
+    template: templates/statefulset.yaml
+    set:
+      giteaRootURL: "https://git.example.com:8443"
+      enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-actions-unittests-act-runner
+      - equal:
+          path: spec.template.spec.containers[0].env[1]
+          value:
+            name: GITEA_INSTANCE_URL
+            value: "https://git.example.com:8443"
+      - equal:
+          path: spec.template.spec.initContainers[0].command[2]
+          value: |
+            echo 'Trying to reach Gitea on https://git.example.com:8443'
+            until timeout 10 wget --no-check-certificate --spider https://git.example.com:8443; do
+              sleep 3
+              echo "Trying again in 3 seconds..."
+            done
+            echo "Gitea has been reached!"
+
+  - it: should render service account name correctly
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      statefulset:
+        serviceAccountName: "my-service-account"
+    asserts:
+      - hasDocuments:
+          count: 1
+      - equal:
+          path: spec.template.spec.serviceAccountName
+          value: "my-service-account"
+
+  - it: should render runtime class name correctly
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      statefulset:
+        runtimeClassName: "my-runtime-class-name"
+    asserts:
+      - hasDocuments:
+          count: 1
+      - equal:
+          path: spec.template.spec.runtimeClassName
+          value: "my-runtime-class-name"
+
+#
+## ACT_RUNNER
+#
+
+  - it: act-runner uses fullOverride
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
       statefulset.actRunner.fullOverride: test.io/act_runner:x.y.z
     asserts:
       - hasDocuments:
@@ -19,17 +227,16 @@ tests:
       - containsDocument:
           kind: StatefulSet
           apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
+          name: gitea-actions-unittests-act-runner
       - equal:
           path: spec.template.spec.containers[0].image
           value: test.io/act_runner:x.y.z
+
   - it: act-runner uses digest
     template: templates/statefulset.yaml
     set:
       enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-      statefulset.actRunner.tag: 0.2.13
+      statefulset.actRunner.tag: 0.3.1
       statefulset.actRunner.digest: sha256:abcdef123456
     asserts:
       - hasDocuments:
@@ -37,104 +244,32 @@ tests:
       - containsDocument:
           kind: StatefulSet
           apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
+          name: gitea-actions-unittests-act-runner
       - equal:
           path: spec.template.spec.containers[0].image
-          value: docker.gitea.com/act_runner:0.2.13@sha256:abcdef123456
+          value: docker.gitea.com/act_runner:0.3.1@sha256:abcdef123456
+
   - it: act-runner uses global.imageRegistry
     template: templates/statefulset.yaml
     set:
       enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
       global.imageRegistry: test.io
-      statefulset.actRunner.tag: 0.2.13
+      statefulset.actRunner.tag: 0.3.1
     asserts:
       - hasDocuments:
           count: 1
       - containsDocument:
           kind: StatefulSet
           apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
+          name: gitea-actions-unittests-act-runner
       - equal:
           path: spec.template.spec.containers[0].image
-          value: test.io/act_runner:0.2.13
-  - it: dind uses fullOverride
-    template: templates/statefulset.yaml
-    set:
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-      statefulset.dind.fullOverride: test.io/dind:x.y.z
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.initContainers[1].image
-          value: test.io/dind:x.y.z
-  - it: dind uses global.imageRegistry
-    template: templates/statefulset.yaml
-    set:
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-      global.imageRegistry: test.io
-      statefulset.dind.tag: 28.3.3-dind
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.initContainers[1].image
-          value: test.io/docker:28.3.3-dind
-  - it: init uses fullOverride
-    template: templates/statefulset.yaml
-    set:
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-      init.image.fullOverride: test.io/busybox:x.y.z
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.initContainers[0].image
-          value: test.io/busybox:x.y.z
-  - it: init uses global.imageRegistry
-    template: templates/statefulset.yaml
-    set:
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-      global.imageRegistry: test.io
-      init.image.tag: 1.37.0
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.initContainers[0].image
-          value: test.io/busybox:1.37.0
+          value: test.io/act_runner:0.3.1
+
   - it: renders additional environment variables for act-runner container in StatefulSet
     template: templates/statefulset.yaml
     set:
       enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
       statefulset:
         actRunner:
           extraEnvs:
@@ -150,7 +285,7 @@ tests:
       - containsDocument:
           kind: StatefulSet
           apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
+          name: gitea-actions-unittests-act-runner
       - equal:
           path: spec.template.spec.containers[0].env[4]
           value:
@@ -162,223 +297,7 @@ tests:
       - matchRegex:
           path: spec.template.spec.containers[0].env[5].name
           pattern: "GITEA_RUNNER_NAME"
-  - it: Has fsGroup in securityContext
-    template: templates/statefulset.yaml
-    set:
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-      statefulset.securityContext:
-        fsGroup: 1000
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.securityContext["fsGroup"]
-          value: 1000
-  - it: Has fsGroupChangePolicy in securityContext
-    template: templates/statefulset.yaml
-    set:
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-      statefulset.securityContext:
-        fsGroupChangePolicy: OnRootMismatch
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.securityContext["fsGroupChangePolicy"]
-          value: "OnRootMismatch"
-  - it: Has Always in securityContext
-    template: templates/statefulset.yaml
-    set:
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-      statefulset.securityContext:
-        fsGroupChangePolicy: Always
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.securityContext["fsGroupChangePolicy"]
-          value: "Always"
-  - it: doesn't renders a StatefulSet by default
-    template: templates/statefulset.yaml
-    asserts:
-      - hasDocuments:
-          count: 0
-  - it: renders a StatefulSet (with given existingSecret/existingSecretKey)
-    template: templates/statefulset.yaml
-    set:
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.containers[0].env[0]
-          value:
-            name: GITEA_RUNNER_REGISTRATION_TOKEN
-            valueFrom:
-              secretKeyRef:
-                name: "my-secret"
-                key: "my-secret-key"
-  - it: renders a StatefulSet (with secret reference defaults for enabled provisioning)
-    template: templates/statefulset.yaml
-    set:
-      enabled: true
-      provisioning:
-        enabled: true
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.containers[0].env[0]
-          value:
-            name: GITEA_RUNNER_REGISTRATION_TOKEN
-            valueFrom:
-              secretKeyRef:
-                name: "gitea-unittests-actions-token"
-                key: "token"
-  - it: renders a StatefulSet (that tracks changes of the runner configuration as annotation)
-    template: templates/statefulset.yaml
-    set:
-      image.tag: "1.22.3" # lock image tag to prevent test failures on future Gitea upgrades
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.metadata.annotations["checksum/config"]
-          value: "2bafbf04b3c4293c8ddf895ae3d908e14176ee54a6c724c8cf5b2a1e43c6ece7"
-  - it: renders a StatefulSet http (with correct GITEA_INSTANCE_URL env from giteaRootURL)
-    template: templates/statefulset.yaml
-    set:
-      giteaRootURL: "http://git.example.com"
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.containers[0].env[1]
-          value:
-            name: GITEA_INSTANCE_URL
-            value: "http://git.example.com"
-      - equal:
-          path: spec.template.spec.initContainers[0].command[2]
-          value: |
-            echo 'Trying to reach Gitea on http://git.example.com'
-            until timeout 10 wget --no-check-certificate --spider http://git.example.com; do
-              sleep 3
-              echo "Trying again in 3 seconds..."
-            done
-            echo "Gitea has been reached!"
-  - it: renders a StatefulSet https (with correct GITEA_INSTANCE_URL env from giteaRootURL)
-    template: templates/statefulset.yaml
-    set:
-      giteaRootURL: "https://git.example.com"
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.containers[0].env[1]
-          value:
-            name: GITEA_INSTANCE_URL
-            value: "https://git.example.com"
-      - equal:
-          path: spec.template.spec.initContainers[0].command[2]
-          value: |
-            echo 'Trying to reach Gitea on https://git.example.com'
-            until timeout 10 wget --no-check-certificate --spider https://git.example.com; do
-              sleep 3
-              echo "Trying again in 3 seconds..."
-            done
-            echo "Gitea has been reached!"
-  - it: renders a StatefulSet https (with correct GITEA_INSTANCE_URL env from giteaRootURL)
-    template: templates/statefulset.yaml
-    set:
-      giteaRootURL: "https://git.example.com:8443"
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.containers[0].env[1]
-          value:
-            name: GITEA_INSTANCE_URL
-            value: "https://git.example.com:8443"
-      - equal:
-          path: spec.template.spec.initContainers[0].command[2]
-          value: |
-            echo 'Trying to reach Gitea on https://git.example.com:8443'
-            until timeout 10 wget --no-check-certificate --spider https://git.example.com:8443; do
-              sleep 3
-              echo "Trying again in 3 seconds..."
-            done
-            echo "Gitea has been reached!"
-  - it: allows adding custom environment variables to the docker-in-docker container
-    template: templates/statefulset.yaml
-    set:
-      enabled: true
-      statefulset:
-        dind:
-          extraEnvs:
-            - name: "CUSTOM_ENV_NAME"
-              value: "custom env value"
-    asserts:
-      - equal:
-          path: spec.template.spec.initContainers[1].env[0]
-          value:
-            name: "CUSTOM_ENV_NAME"
-            value: "custom env value"
+
   - it: should mount an extra volume in the act runner container
     template: templates/statefulset.yaml
     set:
@@ -397,13 +316,67 @@ tests:
       - containsDocument:
           kind: StatefulSet
           apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
+          name: gitea-actions-unittests-act-runner
       - contains:
           any: true
           path: spec.template.spec.containers[0].volumeMounts
           content:
             mountPath: /mnt
             name: my-act-runner-volume
+
+#
+## DIND
+#
+
+  - it: dind uses fullOverride
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      statefulset.dind.fullOverride: test.io/dind:x.y.z
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-actions-unittests-act-runner
+      - equal:
+          path: spec.template.spec.initContainers[1].image
+          value: test.io/dind:x.y.z
+
+  - it: dind uses global.imageRegistry
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      global.imageRegistry: test.io
+      statefulset.dind.tag: 28.3.3-dind
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-actions-unittests-act-runner
+      - equal:
+          path: spec.template.spec.initContainers[1].image
+          value: test.io/docker:28.3.3-dind
+
+  - it: allows adding custom environment variables to the docker-in-docker container
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      statefulset:
+        dind:
+          extraEnvs:
+            - name: "CUSTOM_ENV_NAME"
+              value: "custom env value"
+    asserts:
+      - equal:
+          path: spec.template.spec.initContainers[1].env[0]
+          value:
+            name: "CUSTOM_ENV_NAME"
+            value: "custom env value"
+
   - it: should mount an extra volume in the docker-in-docker container
     template: templates/statefulset.yaml
     set:
@@ -422,42 +395,47 @@ tests:
       - containsDocument:
           kind: StatefulSet
           apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
+          name: gitea-actions-unittests-act-runner
       - contains:
           any: true
           path: spec.template.spec.initContainers[1].volumeMounts
           content:
             mountPath: /mnt
             name: my-dind-volume
-  - it: should interpret Gitea Root URL templating
+
+#
+## INIT
+#
+
+  - it: init uses fullOverride
     template: templates/statefulset.yaml
     set:
-      global:
-        gitea:
-          service:
-            name: "my-gitea-svc-http"
-            port: 3210
       enabled: true
-      giteaRootURL: "http://{{ .Values.global.gitea.service.name }}:{{ .Values.global.gitea.service.port }}"
+      init.image.fullOverride: test.io/busybox:x.y.z
     asserts:
       - hasDocuments:
           count: 1
       - containsDocument:
           kind: StatefulSet
           apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
+          name: gitea-actions-unittests-act-runner
       - equal:
-          path: spec.template.spec.containers[0].env[1].name
-          value: "GITEA_INSTANCE_URL"
+          path: spec.template.spec.initContainers[0].image
+          value: test.io/busybox:x.y.z
+
+  - it: init uses global.imageRegistry
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      global.imageRegistry: test.io
+      init.image.tag: 1.37.0
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-actions-unittests-act-runner
       - equal:
-          path: spec.template.spec.containers[0].env[1].value
-          value: "http://my-gitea-svc-http:3210"
-      - equal:
-          path: spec.template.spec.initContainers[0].command[2]
-          value: |
-            echo 'Trying to reach Gitea on http://my-gitea-svc-http:3210'
-            until timeout 10 wget --no-check-certificate --spider http://my-gitea-svc-http:3210; do
-              sleep 3
-              echo "Trying again in 3 seconds..."
-            done
-            echo "Gitea has been reached!"
+          path: spec.template.spec.initContainers[0].image
+          value: test.io/busybox:1.37.0

values.yaml

@@ -2,8 +2,6 @@
 ## @section Gitea Actions
 #
 ## @param enabled Create an act runner StatefulSet.
-## @param init.image.repository The image used for the init containers
-## @param init.image.tag The image tag used for the init containers
 ## @param statefulset.replicas the amount of (replica) runner pods deployed
 ## @param statefulset.timezone is the timezone that will be set in the act_runner image
 ## @param statefulset.annotations Act runner annotations
@@ -13,6 +11,14 @@
 ## @param statefulset.tolerations Tolerations for the statefulset
 ## @param statefulset.affinity Affinity for the statefulset
 ## @param statefulset.extraVolumes Extra volumes for the statefulset
+## @param statefulset.persistence.size Size for persistence to store act runner data
+## @param statefulset.securityContext Customize the SecurityContext
+## @param statefulset.serviceAccountName Customize the service account name
+## @param statefulset.runtimeClassName Select a different RuntimeClass for pods
+## @param statefulset.hostAliases Inject entries into the /etc/hosts file
+#
+## @param statefulset.persistence.size Size for persistence to store act runner data
+#
 ## @param statefulset.actRunner.registry image registry, e.g. gcr.io,docker.io
 ## @param statefulset.actRunner.repository The Gitea act runner image
 ## @param statefulset.actRunner.tag The Gitea act runner tag
@@ -20,9 +26,13 @@
 ## @param statefulset.actRunner.pullPolicy The Gitea act runner pullPolicy
 ## @param statefulset.actRunner.fullOverride Completely overrides the image registry, path/image, tag and digest.
 ## @param statefulset.actRunner.extraVolumeMounts Allows mounting extra volumes in the act runner container
-## @param statefulset.actRunner.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details.
-## @param statefulset.dind.registry image registry, e.g. gcr.io,docker.io
 ## @param statefulset.actRunner.extraEnvs Allows adding custom environment variables
+## @param statefulset.actRunner.flushCache whether to clear the .runner (cache) file by creating an extra init container, can slightly increase boot-up time
+## @param statefulset.actRunner.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details.
+#
+## @param statefulset.dind.rootless [default: false] a simple flag to let helm know we are dealing with a rootless dind container
+## @param statefulset.dind.uid a field to set the running user id for the rootless dind container, so it knows where to look for the socket
+## @param statefulset.dind.registry image registry, e.g. gcr.io,docker.io
 ## @param statefulset.dind.repository The Docker-in-Docker image
 ## @param statefulset.dind.tag The Docker-in-Docker image tag
 ## @param statefulset.dind.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
@@ -30,11 +40,8 @@
 ## @param statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy
 ## @param statefulset.dind.extraVolumeMounts Allows mounting extra volumes in the Docker-in-Docker container
 ## @param statefulset.dind.extraEnvs Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`
-## @param statefulset.persistence.size Size for persistence to store act runner data
-## @param statefulset.securityContext Customize the SecurityContext
-## @param existingSecret Secret that contains the token
-## @param existingSecretKey Secret key
-## @param giteaRootURL URL the act_runner registers and connect with
+## @param statefulset.dind.extraArgs Allows adding custom arguments to the Docker Daemon
+#
 enabled: false
 statefulset:
   replicas: 1
@@ -47,11 +54,24 @@ statefulset:
   affinity: {}
   extraVolumes: []
   securityContext: {}
+  serviceAccountName: ""
+  runtimeClassName: ""
+
+  # Add /etc/hosts injections into the pods
+  hostAliases:
+    []
+  #  - ip: 8.8.8.8
+  #    hostnames:
+  #      - googel.com
+  #      - googol.com
+
+  persistence:
+    size: 1Gi
 
   actRunner:
     registry: "docker.gitea.com"
     repository: act_runner
-    tag: 0.2.13
+    tag: 0.3.1
     digest: ""
     pullPolicy: IfNotPresent
     fullOverride: ""
@@ -63,6 +83,8 @@ statefulset:
       #     fieldRef:
       #       fieldPath: metadata.name
 
+    # See full details: https://gitea.com/gitea/helm-actions/issues/73
+    flushCache: false
     # See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
     config: |
       log:
@@ -74,9 +96,11 @@ statefulset:
         docker_timeout: 300s
 
   dind:
-    registry: ""
+    rootless: false
+    uid: ""
+    registry: "docker.io"
     repository: docker
-    tag: 28.3.3-dind
+    tag: 29.4.0-dind
     digest: ""
     pullPolicy: IfNotPresent
     fullOverride: ""
@@ -89,8 +113,11 @@ statefulset:
       #  - name: "DOCKER_IPTABLES_LEGACY"
       #    value: "1"
 
-  persistence:
-    size: 1Gi
+    # Option to add extra arguments/commands to the container/pod:
+    # [#22](https://gitea.com/gitea/helm-actions/issues/22) [k8s docs](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/)
+    extraArgs:
+      []
+      #  - --mtu=1400
 
 ## @section Gitea Actions Init
 #
@@ -110,18 +137,38 @@ init:
     pullPolicy: IfNotPresent
     fullOverride: ""
 
-## Specify an existing token secret
-##
+## @section Runner Token Secret Configuration
+#
+## @param existingSecret Secret that contains the token
+## @param existingSecretKey Secret key
 existingSecret: ""
 existingSecretKey: ""
 
-## Specify the root URL of the Gitea instance
+## @section Gitea URL Setting
+#
+## @param giteaRootURL URL the act_runner registers and connect with
 giteaRootURL: ""
 
+## @section Extra Init Containers
+#
+## @param preExtraInitContainers Additional init containers to run in the pod before Gitea-actions runs it owns init containers.
+## @param postExtraInitContainers Additional init containers to run in the pod after Gitea-actions runs it owns init containers.
+preExtraInitContainers: []
+# - name: pre-init-container
+#   image: docker.io/library/busybox
+#   command: [ /bin/sh, -c, 'echo "Hello world! I am a pre init container."' ]
+
+postExtraInitContainers: []
+# - name: post-init-container
+#   image: docker.io/library/busybox
+#   command: [ /bin/sh, -c, 'echo "Hello world! I am a post init container."' ]
+
 ## @section Global
 #
 ## @param global.imageRegistry global image registry override
+## @param global.imagePullSecrets global image registry pull secrets
 ## @param global.storageClass global storage class override
 global:
   imageRegistry: ""
+  imagePullSecrets: []
   storageClass: ""