bp99/helm-actions
1
0
Fork 0
mirror of https://gitea.com/gitea/helm-actions.git synced 2026-04-05 17:23:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: bp99:bump-helm
Branches Tags
bp99:main bp99:bump-helm bp99:renovate/lock-file-maintenance bp99:christopherhx/e2e bp99:check-release-secrets
bp99:v0.0.4 bp99:v0.0.3 bp99:v0.0.2 bp99:v0.0.1
..
compare: bp99:9c009fb2236c3044f64edab5532ebb0cf2bba3fe
Branches Tags
bp99:main bp99:bump-helm bp99:renovate/lock-file-maintenance bp99:christopherhx/e2e bp99:check-release-secrets
bp99:v0.0.4 bp99:v0.0.3 bp99:v0.0.2 bp99:v0.0.1

1 Commits
bump-helm ... 9c009fb223

Author SHA1 Message Date
Renovate Bot
9c009fb223 chore(deps): update alpine/helm docker tag to v4 2026-02-03 01:11:28 +00:00
11 changed files with 137 additions and 252 deletions
Expand all files Collapse all files

6
.gitea/workflows/release-version.yml
View File

@ -7,7 +7,7 @@ on:
env:
# renovate: datasource=docker depName=alpine/helm
HELM_VERSION: "4.1.3"
HELM_VERSION: "4.1.0"
jobs:
generate-chart-publish:
@ -35,7 +35,7 @@ jobs:
- name: Import GPG key
id: import_gpg
uses: https://github.com/crazy-max/ghaction-import-gpg@v7
uses: https://github.com/crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
@ -59,7 +59,7 @@ jobs:
helm registry logout registry-1.docker.io
- name: aws credential configure
uses: https://github.com/aws-actions/configure-aws-credentials@v6
uses: https://github.com/aws-actions/configure-aws-credentials@v5
with:
aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

2
.gitea/workflows/shellcheck.yml
View File

@ -1,4 +1,4 @@
name: shellcheck
name: Lint Shell files
on:
pull_request:

14
.gitea/workflows/test-pr.yml
View File

@ -1,7 +1,6 @@
name: check-and-test
"on":
"workflow_dispatch":
on:
pull_request:
branches:
- "*"
@ -16,26 +15,26 @@ env:
jobs:
check-and-test:
runs-on: ubuntu-latest
container: alpine/helm:4.1.3
container: alpine/helm:4.1.0
steps:
- name: install tools
run: |
apk update
apk add --update bash make nodejs npm yamllint ncurses
- name: Install pnpm
uses: pnpm/action-setup@v5
uses: pnpm/action-setup@v4
with:
version: 10
- uses: actions/checkout@v6
- name: install chart dependencies
run: helm dependency build
- name: lint
run: helm lint .
run: helm lint
- name: template
run: helm template --debug gitea-actions .
- name: prepare unit test environment
run: |
helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest --verify=false
helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
git submodule update --init --recursive
- name: unit tests
env:
@ -47,5 +46,4 @@ jobs:
make readme
git diff --exit-code --name-only README.md
- name: yaml lint
#uses: ibiqlik/action-yamllint@v3 # Github / Act
uses: https://github.com/ibiqlik/action-yamllint@v3 # Gitea
uses: https://github.com/ibiqlik/action-yamllint@v3

75
README.md
View File

@ -6,9 +6,17 @@ The parameters which can be used to customize the deployment are described below
If you want to propose a new feature or mechanism, submit an [issue here](https://gitea.com/gitea/helm-actions/issues).
## Quick-start
## Docs
[Documentation](./docs/README.md)
[Docs](./docs/README.md)
## Rootless Defaults
If `.Values.image.rootless: true`, then the following will occur. In case you use `.Values.image.fullOverride`, check that this works in your image:
- If `.Values.provisioning.enabled: true`, then uses the rootless Gitea image, must match helm-Gitea.
## Quick-start
To get started, add the Helm repo, assuming you have not already:
@ -31,26 +39,6 @@ helm upgrade --install gitea-actions gitea-charts/actions -f values.yaml
You should be good to go!
### Runner Token Secret Template
For reference, a template for the secret is given below:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: runner-secret
namespace: "my-gitea-namespace"
type: Opaque
stringData:
runner-token: "my-cool-runner-token-given-by-gitea"
```
### Rootless Options
If `.Values.statefulset.dind.rootless: true` is set, then the following will be required:
`.Values.statefulset.dind.tag` must be a rootless image such as: `29.3.1-dind-rootless`
## Parameters
### Gitea Actions
@ -58,6 +46,8 @@ If `.Values.statefulset.dind.rootless: true` is set, then the following will be
| Name | Description | Value |
| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
| `enabled` | Create an act runner StatefulSet. | `false` |
| `init.image.repository` | The image used for the init containers | `busybox` |
| `init.image.tag` | The image tag used for the init containers | `1.37.0` |
| `statefulset.replicas` | the amount of (replica) runner pods deployed | `1` |
| `statefulset.timezone` | is the timezone that will be set in the act_runner image | `Etc/UTC` |
| `statefulset.annotations` | Act runner annotations | `{}` |
@ -69,18 +59,16 @@ If `.Values.statefulset.dind.rootless: true` is set, then the following will be
| `statefulset.extraVolumes` | Extra volumes for the statefulset | `[]` |
| `statefulset.actRunner.registry` | image registry, e.g. gcr.io,docker.io | `docker.gitea.com` |
| `statefulset.actRunner.repository` | The Gitea act runner image | `act_runner` |
| `statefulset.actRunner.tag` | The Gitea act runner tag | `0.3.0` |
| `statefulset.actRunner.tag` | The Gitea act runner tag | `0.2.13` |
| `statefulset.actRunner.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` |
| `statefulset.actRunner.pullPolicy` | The Gitea act runner pullPolicy | `IfNotPresent` |
| `statefulset.actRunner.fullOverride` | Completely overrides the image registry, path/image, tag and digest. | `""` |
| `statefulset.actRunner.extraVolumeMounts` | Allows mounting extra volumes in the act runner container | `[]` |
| `statefulset.actRunner.config` | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` |
| `statefulset.dind.rootless` | a simple flag to let helm know we are dealing with a rootless dind container | `false` |
| `statefulset.dind.uid` | a field to set the running user id for the rootless dind container, so it knows where to look for the socket | `""` |
| `statefulset.dind.registry` | image registry, e.g. gcr.io,docker.io | `docker.io` |
| `statefulset.dind.registry` | image registry, e.g. gcr.io,docker.io | `""` |
| `statefulset.actRunner.extraEnvs` | Allows adding custom environment variables | `[]` |
| `statefulset.dind.repository` | The Docker-in-Docker image | `docker` |
| `statefulset.dind.tag` | The Docker-in-Docker image tag | `29.3.1-dind` |
| `statefulset.dind.tag` | The Docker-in-Docker image tag | `28.3.3-dind` |
| `statefulset.dind.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` |
| `statefulset.dind.fullOverride` | Completely overrides the image registry, path/image, tag and digest. | `""` |
| `statefulset.dind.pullPolicy` | The Docker-in-Docker pullPolicy | `IfNotPresent` |
@ -88,7 +76,9 @@ If `.Values.statefulset.dind.rootless: true` is set, then the following will be
| `statefulset.dind.extraEnvs` | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY` | `[]` |
| `statefulset.persistence.size` | Size for persistence to store act runner data | `1Gi` |
| `statefulset.securityContext` | Customize the SecurityContext | `{}` |
| `statefulset.serviceAccountName` | Customize the service account name | `""` |
| `existingSecret` | Secret that contains the token | `""` |
| `existingSecretKey` | Secret key | `""` |
| `giteaRootURL` | URL the act_runner registers and connect with | `""` |
### Gitea Actions Init
@ -101,30 +91,9 @@ If `.Values.statefulset.dind.rootless: true` is set, then the following will be
| `init.image.pullPolicy` | The init image pullPolicy | `IfNotPresent` |
| `init.image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. | `""` |
### Runner Token Secret Configuration
| Name | Description | Value |
| ------------------- | ------------------------------ | ----- |
| `existingSecret` | Secret that contains the token | `""` |
| `existingSecretKey` | Secret key | `""` |
### Gitea URL Setting
| Name | Description | Value |
| -------------- | --------------------------------------------- | ----- |
| `giteaRootURL` | URL the act_runner registers and connect with | `""` |
### Extra Init Containers
| Name | Description | Value |
| ------------------------- | ----------------------------------------------------------------------------------------------- | ----- |
| `preExtraInitContainers` | Additional init containers to run in the pod before Gitea-actions runs it owns init containers. | `[]` |
| `postExtraInitContainers` | Additional init containers to run in the pod after Gitea-actions runs it owns init containers. | `[]` |
### Global
| Name | Description | Value |
| ------------------------- | ---------------------------------- | ----- |
| `global.imageRegistry` | global image registry override | `""` |
| `global.imagePullSecrets` | global image registry pull secrets | `[]` |
| `global.storageClass` | global storage class override | `""` |
| Name | Description | Value |
| ---------------------- | ------------------------------ | ----- |
| `global.imageRegistry` | global image registry override | `""` |
| `global.storageClass` | global storage class override | `""` |

2
docs/actions-dev.md
View File

@ -26,6 +26,8 @@ In this case, you can use either the Web UI to generate the token or run a shell
the command `gitea actions generate-runner-token`. After generating the token, you must create a secret and use it via:
```yaml
provisioning:
enabled: false
existingSecret: "secret-name"
existingSecretKey: "secret-key"
```

14
docs/share-dind-with-job-container.md
View File

@ -4,19 +4,25 @@ You can weaken isolation and allow jobs to call docker commands.
## Limitations
-
- Docker bind mounts like `-v /path/on/self/container:/path/to/new/container` do not work, because they are going to mount the path from the dind container
- Docker port expose to local host `-e 80:8080` is not going to work
## Example Values
```yaml
enabled: true
statefulset:
actRunner:
# See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
config: |
log:
level: debug
cache:
enabled: false
container:
require_docker: true
docker_timeout: 300s
valid_volumes:
- /var/run/docker.sock
options: -v /var/run/docker.sock:/var/run/docker.sock
## Specify an existing token secret
##
@ -27,4 +33,4 @@ existingSecretKey: "token"
giteaRootURL: "http://192.168.1.2:3000"
```
Now you can run docker commands inside your jobs.
Now you can run docker commands inside your jobs.

154
pnpm-lock.yaml generated
View File

@ -21,11 +21,19 @@ packages:
resolution: {integrity: sha512-7eXyJzxQTQj2ajpHlIhadciCCYWOqN8ieaweU25bStHOZowQ2c2CQyjO/bX4gxIf73LoRKxHhEYgLTllJY9SIw==}
hasBin: true
'@types/debug@4.1.13':
resolution: {integrity: sha512-KSVgmQmzMwPlmtljOomayoR89W4FynCAi3E8PPs7vmDVPe84hT+vGPKkJfThkmXs0x0jAaa9U8uW8bbfyS2fWw==}
'@isaacs/balanced-match@4.0.1':
resolution: {integrity: sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==}
engines: {node: 20 || >=22}
'@types/katex@0.16.8':
resolution: {integrity: sha512-trgaNyfU+Xh2Tc+ABIb44a5AYUpicB3uwirOioeOkNPPbmgRNtcWyDeeFRzjPZENO9Vq8gvVqfhaaXWLlevVwg==}
'@isaacs/brace-expansion@5.0.0':
resolution: {integrity: sha512-ZT55BDLV0yv0RBm2czMiZ+SqCGO7AvmOM3G/w2xhVPH+te0aKgFjmBvGlL1dH+ql2tgGO3MVrbb3jCKyvpgnxA==}
engines: {node: 20 || >=22}
'@types/debug@4.1.12':
resolution: {integrity: sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==}
'@types/katex@0.16.7':
resolution: {integrity: sha512-HMwFiRujE5PjrgwHQ25+bsLJgowjGjm5Z8FVSf0N6PwgJrwxH0QxzHYDcKsTfV3wva0vzrpqMTJS2jXPr5BMEQ==}
'@types/ms@2.1.0':
resolution: {integrity: sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==}
@ -43,16 +51,8 @@ packages:
balanced-match@1.0.2:
resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==}
balanced-match@4.0.4:
resolution: {integrity: sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==}
engines: {node: 18 || 20 || >=22}
brace-expansion@1.1.13:
resolution: {integrity: sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==}
brace-expansion@5.0.5:
resolution: {integrity: sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==}
engines: {node: 18 || 20 || >=22}
brace-expansion@1.1.12:
resolution: {integrity: sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==}
character-entities-legacy@3.0.0:
resolution: {integrity: sha512-RpPp0asT/6ufRm//AJVwpViZbGM/MkjQFxJccQRHmISF/22NBtsHqAWmL+/pmkPWoIUJdWyeVleTl1wydHATVQ==}
@ -67,8 +67,8 @@ packages:
resolution: {integrity: sha512-/rFeCpNJQbhSZjGVwO9RFV3xPqbnERS8MmIQzCtD/zl6gpJuV/bMLuN92oG3F7d8oDEHHRrujSXNUr8fpjntKw==}
engines: {node: '>=18'}
commander@14.0.3:
resolution: {integrity: sha512-H+y0Jo/T1RZ9qPP4Eh1pkcQcLRglraJaSLoyOtHxu6AapkjWVCy2Sit1QQ4x3Dng8qDlSsZEet7g5Pq06MvTgw==}
commander@14.0.2:
resolution: {integrity: sha512-TywoWNNRbhoD0BXs1P3ZEScW8W5iKrnbithIl0YH+uCmBd0QpPOA8yc82DS3BIE5Ma6FnBVUsJ7wVUDz4dvOWQ==}
engines: {node: '>=20'}
commander@6.2.1:
@ -91,8 +91,8 @@ packages:
supports-color:
optional: true
decode-named-character-reference@1.3.0:
resolution: {integrity: sha512-GtpQYB283KrPp6nRw50q3U9/VfOutZOe103qlN7BPP6Ad27xYnOIWv4lPzo8HCAL+mMZofJ9KEy30fq6MfaK6Q==}
decode-named-character-reference@1.2.0:
resolution: {integrity: sha512-c6fcElNV6ShtZXmsgNgFFV5tVX2PaV4g+MOAkb8eXHvn6sryJBrZa9r0zV6+dtTyoCKxtDy5tyQ5ZwQuidtd+Q==}
deep-extend@0.6.0:
resolution: {integrity: sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==}
@ -125,13 +125,13 @@ packages:
fs.realpath@1.0.0:
resolution: {integrity: sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==}
get-east-asian-width@1.5.0:
resolution: {integrity: sha512-CQ+bEO+Tva/qlmw24dCejulK5pMzVnUOFOijVogd3KQs07HnRIgp8TGipvCCRT06xeYEbpbgwaCxglFyiuIcmA==}
get-east-asian-width@1.4.0:
resolution: {integrity: sha512-QZjmEOC+IT1uk6Rx0sX22V6uHWVwbdbxf1faPqJ1QhLdGgsRGCZoyaQBm/piRdJy/D2um6hM1UP7ZEeQ4EkP+Q==}
engines: {node: '>=18'}
glob@7.2.3:
resolution: {integrity: sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==}
deprecated: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
deprecated: Glob versions prior to v9 are no longer supported
ignore@7.0.5:
resolution: {integrity: sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==}
@ -171,18 +171,18 @@ packages:
resolution: {integrity: sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==}
engines: {node: '>=0.10.0'}
katex@0.16.44:
resolution: {integrity: sha512-EkxoDTk8ufHqHlf9QxGwcxeLkWRR3iOuYfRpfORgYfqc8s13bgb+YtRY59NK5ZpRaCwq1kqA6a5lpX8C/eLphQ==}
katex@0.16.27:
resolution: {integrity: sha512-aeQoDkuRWSqQN6nSvVCEFvfXdqo1OQiCmmW1kc9xSdjutPv7BGO7pqY9sQRJpMOGrEdfDgF2TfRXe5eUAD2Waw==}
hasBin: true
linkify-it@5.0.0:
resolution: {integrity: sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==}
lodash@4.18.1:
resolution: {integrity: sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==}
lodash@4.17.21:
resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==}
markdown-it@14.1.1:
resolution: {integrity: sha512-BuU2qnTti9YKgK5N+IeMubp14ZUKUUw7yeJbkjtosvHiP0AZ5c8IAgEMk79D0eC8F23r4Ac/q8cAIFdm2FtyoA==}
markdown-it@14.1.0:
resolution: {integrity: sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==}
hasBin: true
markdown-table@2.0.0:
@ -275,12 +275,12 @@ packages:
micromark@4.0.2:
resolution: {integrity: sha512-zpe98Q6kvavpCr1NPVSCMebCKfD7CA2NqZ+rykeNhONIJBpc1tFKt9hucLGwha3jNTNI8lHpctWJWoimVF4PfA==}
minimatch@10.1.3:
resolution: {integrity: sha512-IF6URNyBX7Z6XfvjpaNy5meRxPZiIf2OqtOoSLs+hLJ9pJAScnM1RjrFcbCaD85y42KcI+oZmKjFIJKYDFjQfg==}
minimatch@10.1.1:
resolution: {integrity: sha512-enIvLvRAFZYXJzkCYG5RKmPfrFArdLv+R+lbQ53BmIMLIry74bjKzX6iHAm8WYamJkhSSEabrWN5D97XnKObjQ==}
engines: {node: 20 || >=22}
minimatch@3.1.5:
resolution: {integrity: sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==}
minimatch@3.1.2:
resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==}
minimist@1.2.8:
resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==}
@ -298,8 +298,8 @@ packages:
resolution: {integrity: sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==}
engines: {node: '>=0.10.0'}
picomatch@4.0.4:
resolution: {integrity: sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==}
picomatch@4.0.3:
resolution: {integrity: sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==}
engines: {node: '>=12'}
punycode.js@2.3.1:
@ -322,8 +322,8 @@ packages:
resolution: {integrity: sha512-Kxl3KJGb/gxkaUMOjRsQ8IrXiGW75O4E3RPjFIINOVH8AMl2SQ/yWdTzWwF3FevIX9LcMAjJW+GRwAlAbTSXdg==}
engines: {node: '>=20'}
strip-ansi@7.2.0:
resolution: {integrity: sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==}
strip-ansi@7.1.2:
resolution: {integrity: sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==}
engines: {node: '>=12'}
strip-json-comments@3.1.1:
@ -340,8 +340,8 @@ packages:
wrappy@1.0.2:
resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==}
yaml@2.8.3:
resolution: {integrity: sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==}
yaml@2.8.2:
resolution: {integrity: sha512-mplynKqc1C2hTVYxd0PU2xQAc22TI1vShAYGksCCfxbn/dFwnHTNi1bvYsBTkhdUNtGIf5xNOg938rrSSYvS9A==}
engines: {node: '>= 14.6'}
hasBin: true
@ -351,15 +351,21 @@ snapshots:
dependencies:
commander: 13.1.0
dot-object: 2.1.5
lodash: 4.18.1
lodash: 4.17.21
markdown-table: 2.0.0
yaml: 2.8.3
yaml: 2.8.2
'@types/debug@4.1.13':
'@isaacs/balanced-match@4.0.1': {}
'@isaacs/brace-expansion@5.0.0':
dependencies:
'@isaacs/balanced-match': 4.0.1
'@types/debug@4.1.12':
dependencies:
'@types/ms': 2.1.0
'@types/katex@0.16.8': {}
'@types/katex@0.16.7': {}
'@types/ms@2.1.0': {}
@ -371,17 +377,11 @@ snapshots:
balanced-match@1.0.2: {}
balanced-match@4.0.4: {}
brace-expansion@1.1.13:
brace-expansion@1.1.12:
dependencies:
balanced-match: 1.0.2
concat-map: 0.0.1
brace-expansion@5.0.5:
dependencies:
balanced-match: 4.0.4
character-entities-legacy@3.0.0: {}
character-entities@2.0.2: {}
@ -390,7 +390,7 @@ snapshots:
commander@13.1.0: {}
commander@14.0.3: {}
commander@14.0.2: {}
commander@6.2.1: {}
@ -402,7 +402,7 @@ snapshots:
dependencies:
ms: 2.1.3
decode-named-character-reference@1.3.0:
decode-named-character-reference@1.2.0:
dependencies:
character-entities: 2.0.2
@ -421,20 +421,20 @@ snapshots:
entities@4.5.0: {}
fdir@6.5.0(picomatch@4.0.4):
fdir@6.5.0(picomatch@4.0.3):
optionalDependencies:
picomatch: 4.0.4
picomatch: 4.0.3
fs.realpath@1.0.0: {}
get-east-asian-width@1.5.0: {}
get-east-asian-width@1.4.0: {}
glob@7.2.3:
dependencies:
fs.realpath: 1.0.0
inflight: 1.0.6
inherits: 2.0.4
minimatch: 3.1.5
minimatch: 3.1.2
once: 1.4.0
path-is-absolute: 1.0.1
@ -468,7 +468,7 @@ snapshots:
jsonpointer@5.0.1: {}
katex@0.16.44:
katex@0.16.27:
dependencies:
commander: 8.3.0
@ -476,9 +476,9 @@ snapshots:
dependencies:
uc.micro: 2.1.0
lodash@4.18.1: {}
lodash@4.17.21: {}
markdown-it@14.1.1:
markdown-it@14.1.0:
dependencies:
argparse: 2.0.1
entities: 4.5.0
@ -493,15 +493,15 @@ snapshots:
markdownlint-cli@0.47.0:
dependencies:
commander: 14.0.3
commander: 14.0.2
deep-extend: 0.6.0
ignore: 7.0.5
js-yaml: 4.1.1
jsonc-parser: 3.3.1
jsonpointer: 5.0.1
markdown-it: 14.1.1
markdown-it: 14.1.0
markdownlint: 0.40.0
minimatch: 10.1.3
minimatch: 10.1.1
run-con: 1.3.2
smol-toml: 1.5.2
tinyglobby: 0.2.15
@ -526,7 +526,7 @@ snapshots:
micromark-core-commonmark@2.0.3:
dependencies:
decode-named-character-reference: 1.3.0
decode-named-character-reference: 1.2.0
devlop: 1.1.0
micromark-factory-destination: 2.0.1
micromark-factory-label: 2.0.1
@ -581,9 +581,9 @@ snapshots:
micromark-extension-math@3.1.0:
dependencies:
'@types/katex': 0.16.8
'@types/katex': 0.16.7
devlop: 1.1.0
katex: 0.16.44
katex: 0.16.27
micromark-factory-space: 2.0.1
micromark-util-character: 2.1.1
micromark-util-symbol: 2.0.1
@ -676,9 +676,9 @@ snapshots:
micromark@4.0.2:
dependencies:
'@types/debug': 4.1.13
'@types/debug': 4.1.12
debug: 4.4.3
decode-named-character-reference: 1.3.0
decode-named-character-reference: 1.2.0
devlop: 1.1.0
micromark-core-commonmark: 2.0.3
micromark-factory-space: 2.0.1
@ -696,13 +696,13 @@ snapshots:
transitivePeerDependencies:
- supports-color
minimatch@10.1.3:
minimatch@10.1.1:
dependencies:
brace-expansion: 5.0.5
'@isaacs/brace-expansion': 5.0.0
minimatch@3.1.5:
minimatch@3.1.2:
dependencies:
brace-expansion: 1.1.13
brace-expansion: 1.1.12
minimist@1.2.8: {}
@ -717,14 +717,14 @@ snapshots:
'@types/unist': 2.0.11
character-entities-legacy: 3.0.0
character-reference-invalid: 2.0.1
decode-named-character-reference: 1.3.0
decode-named-character-reference: 1.2.0
is-alphanumerical: 2.0.1
is-decimal: 2.0.1
is-hexadecimal: 2.0.1
path-is-absolute@1.0.1: {}
picomatch@4.0.4: {}
picomatch@4.0.3: {}
punycode.js@2.3.1: {}
@ -741,10 +741,10 @@ snapshots:
string-width@8.1.0:
dependencies:
get-east-asian-width: 1.5.0
strip-ansi: 7.2.0
get-east-asian-width: 1.4.0
strip-ansi: 7.1.2
strip-ansi@7.2.0:
strip-ansi@7.1.2:
dependencies:
ansi-regex: 6.2.2
@ -752,11 +752,11 @@ snapshots:
tinyglobby@0.2.15:
dependencies:
fdir: 6.5.0(picomatch@4.0.4)
picomatch: 4.0.4
fdir: 6.5.0(picomatch@4.0.3)
picomatch: 4.0.3
uc.micro@2.1.0: {}
wrappy@1.0.2: {}
yaml@2.8.3: {}
yaml@2.8.2: {}

38
templates/statefulset.yaml
View File

@ -30,16 +30,9 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
restartPolicy: Always
{{- if .Values.statefulset.serviceAccountName }}
serviceAccountName: {{ .Values.statefulset.serviceAccountName }}
{{- end }}
securityContext:
{{- toYaml .Values.statefulset.securityContext | nindent 8 }}
initContainers:
{{- if .Values.preExtraInitContainers }}
{{- toYaml .Values.preExtraInitContainers | nindent 8 }}
{{- end }}
- name: init-gitea
image: "{{ include "gitea.actions.init.image" . }}"
command:
@ -54,12 +47,12 @@ spec:
echo "Gitea has been reached!"
- name: dind
image: "{{ include "gitea.actions.dind.image" . }}"
restartPolicy: Always
imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }}
{{- if .Values.statefulset.dind.extraEnvs }}
env:
{{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
{{- end }}
restartPolicy: Always
securityContext:
privileged: true
startupProbe:
@ -67,36 +60,21 @@ spec:
command:
- /usr/bin/test
- -S
{{- if .Values.statefulset.dind.rootless }}
- /run/user/{{ .Values.statefulset.dind.uid | default 1000 }}/docker.sock
{{- else }}
- /var/run/docker.sock
{{- end }}
livenessProbe:
exec:
command:
- /usr/bin/test
- -S
{{- if .Values.statefulset.dind.rootless }}
- /run/user/{{ .Values.statefulset.dind.uid | default 1000 }}/docker.sock
{{- else }}
- /var/run/docker.sock
{{- end }}
resources:
{{- toYaml .Values.statefulset.resources | nindent 12 }}
volumeMounts:
{{- if .Values.statefulset.dind.rootless }}
- mountPath: /run/user/{{ .Values.statefulset.dind.uid | default 1000 }}/
{{- else }}
- mountPath: /var/run/
{{- end }}
name: docker-socket
{{- with .Values.statefulset.dind.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.postExtraInitContainers }}
{{- toYaml .Values.postExtraInitContainers | nindent 8 }}
{{- end }}
containers:
- name: act-runner
image: "{{ include "gitea.actions.actRunner.image" . }}"
@ -106,8 +84,8 @@ spec:
- name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: "{{ (tpl .Values.existingSecret . ) | default $secretName }}"
key: "{{ (tpl .Values.existingSecretKey . ) | default "token" }}"
name: "{{ .Values.existingSecret | default $secretName }}"
key: "{{ .Values.existingSecretKey | default "token" }}"
- name: GITEA_INSTANCE_URL
value: {{ include "gitea.actions.local_root_url" . }}
- name: CONFIG_FILE
@ -131,12 +109,6 @@ spec:
{{- with .Values.statefulset.actRunner.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.statefulset.nodeSelector }}
nodeSelector:
{{ $key }}: {{ $value | quote }}
@ -163,9 +135,7 @@ spec:
name: data-act-runner
spec:
accessModes: [ "ReadWriteOnce" ]
{{- if .Values.global.storageClass }}
{{- include "gitea.actions.persistence.storageClass" . | indent 8 }}
{{- end }}
{{- include "gitea.actions.persistence.storageClass" . | nindent 8 }}
resources:
requests:
storage: {{ .Values.statefulset.persistence.size }}

2
unittests/helm/config-act-runner.yaml
View File

@ -48,7 +48,7 @@ tests:
enabled: true
statefulset:
actRunner:
config: |
config:
container:
valid_volumes:
- /var/run/docker.sock

39
unittests/helm/statefulset.yaml
View File

@ -429,33 +429,6 @@ tests:
content:
mountPath: /mnt
name: my-dind-volume
- it: should interpret existingSecret & existingSecretKey templating
template: templates/statefulset.yaml
set:
gitea:
token:
secret:
name: "gitea-secret"
key: "secret-key"
enabled: true
existingSecret: "{{ .Release.Name }}-{{ .Values.gitea.token.secret.name}}"
existingSecretKey: "{{ .Values.gitea.token.secret.key}}"
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.containers[0].env[0].name
value: "GITEA_RUNNER_REGISTRATION_TOKEN"
- equal:
path: spec.template.spec.containers[0].env[0].valueFrom.secretKeyRef.name
value: "gitea-unittests-gitea-secret"
- equal:
path: spec.template.spec.containers[0].env[0].valueFrom.secretKeyRef.key
value: "secret-key"
- it: should interpret Gitea Root URL templating
template: templates/statefulset.yaml
set:
@ -488,15 +461,3 @@ tests:
echo "Trying again in 3 seconds..."
done
echo "Gitea has been reached!"
- it: should render service account name correctly
template: templates/statefulset.yaml
set:
enabled: true
statefulset:
serviceAccountName: "my-service-account"
asserts:
- hasDocuments:
count: 1
- equal:
path: spec.template.spec.serviceAccountName
value: "my-service-account"

43
values.yaml
View File

@ -2,6 +2,8 @@
## @section Gitea Actions
#
## @param enabled Create an act runner StatefulSet.
## @param init.image.repository The image used for the init containers
## @param init.image.tag The image tag used for the init containers
## @param statefulset.replicas the amount of (replica) runner pods deployed
## @param statefulset.timezone is the timezone that will be set in the act_runner image
## @param statefulset.annotations Act runner annotations
@ -19,8 +21,6 @@
## @param statefulset.actRunner.fullOverride Completely overrides the image registry, path/image, tag and digest.
## @param statefulset.actRunner.extraVolumeMounts Allows mounting extra volumes in the act runner container
## @param statefulset.actRunner.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details.
## @param statefulset.dind.rootless [default: false] a simple flag to let helm know we are dealing with a rootless dind container
## @param statefulset.dind.uid a field to set the running user id for the rootless dind container, so it knows where to look for the socket
## @param statefulset.dind.registry image registry, e.g. gcr.io,docker.io
## @param statefulset.actRunner.extraEnvs Allows adding custom environment variables
## @param statefulset.dind.repository The Docker-in-Docker image
@ -32,7 +32,9 @@
## @param statefulset.dind.extraEnvs Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`
## @param statefulset.persistence.size Size for persistence to store act runner data
## @param statefulset.securityContext Customize the SecurityContext
## @param statefulset.serviceAccountName Customize the service account name
## @param existingSecret Secret that contains the token
## @param existingSecretKey Secret key
## @param giteaRootURL URL the act_runner registers and connect with
enabled: false
statefulset:
replicas: 1
@ -45,12 +47,11 @@ statefulset:
affinity: {}
extraVolumes: []
securityContext: {}
serviceAccountName: ""
actRunner:
registry: "docker.gitea.com"
repository: act_runner
tag: 0.3.0
tag: 0.2.13
digest: ""
pullPolicy: IfNotPresent
fullOverride: ""
@ -73,11 +74,9 @@ statefulset:
docker_timeout: 300s
dind:
rootless: false
uid: ""
registry: "docker.io"
registry: ""
repository: docker
tag: 29.3.1-dind
tag: 28.3.3-dind
digest: ""
pullPolicy: IfNotPresent
fullOverride: ""
@ -111,38 +110,18 @@ init:
pullPolicy: IfNotPresent
fullOverride: ""
## @section Runner Token Secret Configuration
#
## @param existingSecret Secret that contains the token
## @param existingSecretKey Secret key
## Specify an existing token secret
##
existingSecret: ""
existingSecretKey: ""
## @section Gitea URL Setting
#
## @param giteaRootURL URL the act_runner registers and connect with
## Specify the root URL of the Gitea instance
giteaRootURL: ""
## @section Extra Init Containers
#
## @param preExtraInitContainers Additional init containers to run in the pod before gitea-actions runs it owns init containers.
## @param postExtraInitContainers Additional init containers to run in the pod after gitea-actions runs it owns init containers.
preExtraInitContainers: []
# - name: pre-init-container
# image: docker.io/library/busybox
# command: [ /bin/sh, -c, 'echo "Hello world! I am a pre init container."' ]
postExtraInitContainers: []
# - name: post-init-container
# image: docker.io/library/busybox
# command: [ /bin/sh, -c, 'echo "Hello world! I am a post init container."' ]
## @section Global
#
## @param global.imageRegistry global image registry override
## @param global.imagePullSecrets global image registry pull secrets
## @param global.storageClass global storage class override
global:
imageRegistry: ""
imagePullSecrets: []
storageClass: ""