8 Commits

Author SHA1 Message Date
2457ccae5c chore(config): migrate renovate config (#49)
All checks were successful
changelog / changelog (push) Successful in 12s
check-and-test / check-and-test (push) Successful in 27s
Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/49
Reviewed-by: techknowlogick <techknowlogick@noreply.gitea.com>
Reviewed-by: DaanSelen <daanselen@noreply.gitea.com>
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
2025-09-11 19:11:54 +00:00
1e51423d3a chore(revert): revert docker info changes and rely on act_runner built-in init-stage (#48)
All checks were successful
changelog / changelog (push) Successful in 19s
check-and-test / check-and-test (push) Successful in 34s
This PR aims to revert the change were we introduce the `docker info` command as the checker for Docker readiness.
We now rely on the act_runner's ability to do this itself.

Co-authored-by: Daan Selen <dselen@systemec.nl>
Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/48
Reviewed-by: ChristopherHX <christopherhx@noreply.gitea.com>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: DaanSelen <dselen@nerthus.nl>
Co-committed-by: DaanSelen <dselen@nerthus.nl>
2025-09-11 03:49:34 +00:00
6d82ade984 chore(docs): add job container dind docs (#44)
All checks were successful
changelog / changelog (push) Successful in 15s
check-and-test / check-and-test (push) Successful in 38s
Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/44
Reviewed-by: DaanSelen <daanselen@noreply.gitea.com>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: Markus Pesch <volker.raschek@noreply.gitea.com>
Co-authored-by: Christopher Homberger <christopher.homberger@web.de>
Co-committed-by: Christopher Homberger <christopher.homberger@web.de>
2025-08-27 05:38:01 +00:00
072b97470e chore(chart): add check to start once docker is available (#35)
All checks were successful
changelog / changelog (push) Successful in 8s
check-and-test / check-and-test (push) Successful in 21s
Should fix:
- https://gitea.com/gitea/helm-actions/issues/31
- https://gitea.com/gitea/helm-actions/issues/27

Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/35
Reviewed-by: ChristopherHX <christopherhx@noreply.gitea.com>
Co-authored-by: Daan Selen <dselen@nerthus.nl>
Co-committed-by: Daan Selen <dselen@nerthus.nl>
2025-08-22 20:22:55 +00:00
53393816ed chore(deps): bump runner and dind (#41)
* fix docker:28-dind cert problem

Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/41
Reviewed-by: DaanSelen <daanselen@noreply.gitea.com>
Co-authored-by: Christopher Homberger <christopher.homberger@web.de>
Co-committed-by: Christopher Homberger <christopher.homberger@web.de>
2025-08-22 18:27:58 +00:00
8a89d8bf21 chore: add maintainer volker.raschek to the chart (#34)
All checks were successful
changelog / changelog (push) Successful in 8s
check-and-test / check-and-test (push) Successful in 1m4s
Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/34
Reviewed-by: DaanSelen <daanselen@noreply.gitea.com>
Reviewed-by: ChristopherHX <christopherhx@noreply.gitea.com>
Co-authored-by: Markus Pesch <markus.pesch@cryptic.systems>
Co-committed-by: Markus Pesch <markus.pesch@cryptic.systems>
2025-08-21 13:14:45 +00:00
bb50a19f4d chore: add maintainer ChristopherHX to the chart (#33)
All checks were successful
changelog / changelog (push) Successful in 23s
check-and-test / check-and-test (push) Successful in 27s
Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/33
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-committed-by: ChristopherHX <christopher.homberger@web.de>
2025-08-21 04:16:07 +00:00
b2459f322b chore: add maintainers to the chart (#32)
All checks were successful
changelog / changelog (push) Successful in 15s
check-and-test / check-and-test (push) Successful in 29s
Add my own mainter note to the Chart.yaml

Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/32
Reviewed-by: ChristopherHX <christopherhx@noreply.gitea.com>
Co-authored-by: Daan Selen <dselen@nerthus.nl>
Co-committed-by: Daan Selen <dselen@nerthus.nl>
2025-08-20 20:48:31 +00:00
10 changed files with 138 additions and 76 deletions

View File

@ -1,68 +1,70 @@
name: check-secrets name: generate-chart
on: on:
push: push:
tags:
- "*"
env:
# renovate: datasource=docker depName=alpine/helm
HELM_VERSION: "3.17.1"
jobs: jobs:
check-secrets: generate-chart-publish:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: install tools
- name: Check all required secrets
run: | run: |
echo "=== Checking availability of required secrets ===" apt update -y
apt install -y curl ca-certificates curl gnupg
# List of all secrets used in the original workflow # helm
SECRETS=( curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
"GPGSIGN_KEY" tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
"GPGSIGN_PASSPHRASE" mv linux-amd64/helm /usr/local/bin/
"DOCKER_CHARTS_PASSWORD" rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
"DOCKER_CHARTS_USERNAME" helm version
"AWS_KEY_ID" # docker
"AWS_SECRET_ACCESS_KEY" install -m 0755 -d /etc/apt/keyrings
"AWS_REGION" curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
"AWS_S3_BUCKET" chmod a+r /etc/apt/keyrings/docker.gpg
) echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update -y
MISSING_SECRETS=() apt install -y python3 python3-pip apt-transport-https docker-ce-cli
AVAILABLE_SECRETS=() pip install awscli --break-system-packages
for secret in "${SECRETS[@]}"; do - name: Import GPG key
# Check if secret is set (not empty) id: import_gpg
if [ -z "${!secret:-}" ]; then uses: https://github.com/crazy-max/ghaction-import-gpg@v6
echo "❌ Secret '$secret' is NOT available or empty" with:
MISSING_SECRETS+=("$secret") gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
else passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
echo "✅ Secret '$secret' is available" fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
AVAILABLE_SECRETS+=("$secret")
fi # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
done - name: package chart
run: |
echo "" echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
echo "=== Summary ===" # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
echo "Available secrets: ${#AVAILABLE_SECRETS[@]}" helm plugin install https://github.com/pat-s/helm-gpg
echo "Missing secrets: ${#MISSING_SECRETS[@]}" helm dependency build
helm package --version "${GITHUB_REF#refs/tags/v}" ./
if [ ${#MISSING_SECRETS[@]} -gt 0 ]; then mkdir actions
echo "" mv actions*.tgz actions/
echo "Missing secrets:" curl -s -L -o actions/index.yaml https://dl.gitea.com/charts/index.yaml
for secret in "${MISSING_SECRETS[@]}"; do helm repo index actions/ --url https://dl.gitea.com/charts --merge actions/index.yaml
echo " - $secret" # push to dockerhub
done echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
echo "" helm push actions/actions-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
echo "❌ Some secrets are missing. Please configure them in repository settings." helm registry logout registry-1.docker.io
exit 1
else - name: aws credential configure
echo "" uses: https://github.com/aws-actions/configure-aws-credentials@v4
echo "✅ All required secrets are available!" with:
fi aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
env: aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
GPGSIGN_KEY: ${{ secrets.GPGSIGN_KEY }} aws-region: ${{ secrets.AWS_REGION }}
GPGSIGN_PASSPHRASE: ${{ secrets.GPGSIGN_PASSPHRASE }}
DOCKER_CHARTS_PASSWORD: ${{ secrets.DOCKER_CHARTS_PASSWORD }} - name: Copy files to S3 and clear cache
DOCKER_CHARTS_USERNAME: ${{ secrets.DOCKER_CHARTS_USERNAME }} run: |
AWS_KEY_ID: ${{ secrets.AWS_KEY_ID }} aws s3 sync actions/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}

1
CODEOWNERS Normal file
View File

@ -0,0 +1 @@
* @DaanSelen @volker.raschek @ChristopherHX

View File

@ -13,7 +13,18 @@ keywords:
sources: sources:
- https://gitea.com/gitea/helm-actions - https://gitea.com/gitea/helm-actions
- https://gitea.com/gitea/act - https://gitea.com/gitea/act
# FIXME:
# maintainers: maintainers:
# https://gitea.com/DaanSelen
- name: Daan Selen
email: dselen@nerthus.nl
# https://gitea.com/volker.raschek
- name: Markus Pesch
email: markus.pesch+apps@cryptic.systems
# https://gitea.com/ChristopherHX
- name: Christopher Homberger
email: christopher.homberger@web.de
dependencies: [] dependencies: []

View File

@ -6,6 +6,10 @@ The parameters which can be used to customize the deployment are described below
If you want to propose a new feature or mechanism, submit an [issue here](https://gitea.com/gitea/helm-actions/issues). If you want to propose a new feature or mechanism, submit an [issue here](https://gitea.com/gitea/helm-actions/issues).
## Docs
[Docs](./docs/README.md)
## Rootless Defaults ## Rootless Defaults
If `.Values.image.rootless: true`, then the following will occur. In case you use `.Values.image.fullOverride`, check that this works in your image: If `.Values.image.rootless: true`, then the following will occur. In case you use `.Values.image.fullOverride`, check that this works in your image:
@ -30,12 +34,12 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us
| `statefulset.affinity` | Affinity for the statefulset | `{}` | | `statefulset.affinity` | Affinity for the statefulset | `{}` |
| `statefulset.extraVolumes` | Extra volumes for the statefulset | `[]` | | `statefulset.extraVolumes` | Extra volumes for the statefulset | `[]` |
| `statefulset.actRunner.repository` | The Gitea act runner image | `gitea/act_runner` | | `statefulset.actRunner.repository` | The Gitea act runner image | `gitea/act_runner` |
| `statefulset.actRunner.tag` | The Gitea act runner tag | `0.2.11` | | `statefulset.actRunner.tag` | The Gitea act runner tag | `0.2.13` |
| `statefulset.actRunner.pullPolicy` | The Gitea act runner pullPolicy | `IfNotPresent` | | `statefulset.actRunner.pullPolicy` | The Gitea act runner pullPolicy | `IfNotPresent` |
| `statefulset.actRunner.extraVolumeMounts` | Allows mounting extra volumes in the act runner container | `[]` | | `statefulset.actRunner.extraVolumeMounts` | Allows mounting extra volumes in the act runner container | `[]` |
| `statefulset.actRunner.config` | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` | | `statefulset.actRunner.config` | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` |
| `statefulset.dind.repository` | The Docker-in-Docker image | `docker` | | `statefulset.dind.repository` | The Docker-in-Docker image | `docker` |
| `statefulset.dind.tag` | The Docker-in-Docker image tag | `25.0.2-dind` | | `statefulset.dind.tag` | The Docker-in-Docker image tag | `28.3.3-dind` |
| `statefulset.dind.pullPolicy` | The Docker-in-Docker pullPolicy | `IfNotPresent` | | `statefulset.dind.pullPolicy` | The Docker-in-Docker pullPolicy | `IfNotPresent` |
| `statefulset.dind.extraVolumeMounts` | Allows mounting extra volumes in the Docker-in-Docker container | `[]` | | `statefulset.dind.extraVolumeMounts` | Allows mounting extra volumes in the Docker-in-Docker container | `[]` |
| `statefulset.dind.extraEnvs` | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY` | `[]` | | `statefulset.dind.extraEnvs` | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY` | `[]` |

3
docs/README.md Normal file
View File

@ -0,0 +1,3 @@
# Gitea Actions Helm Chart Docs
- [Share dind with job container](share-dind-with-job-container.md)

View File

@ -0,0 +1,36 @@
# Share dind with job container
You can weaken isolation and allow jobs to call docker commands.
## Limitations
- Docker bind mounts like `-v /path/on/self/container:/path/to/new/container` do not work, because they are going to mount the path from the dind container
- Docker port expose to local host `-e 80:8080` is not going to work
## Example Values
```yaml
enabled: true
statefulset:
actRunner:
# See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
config: |
log:
level: debug
cache:
enabled: false
container:
valid_volumes:
- /var/run/docker.sock
options: -v /var/run/docker.sock:/var/run/docker.sock
## Specify an existing token secret
##
existingSecret: "runner-token2"
existingSecretKey: "token"
## Specify the root URL of the Gitea instance
giteaRootURL: "http://192.168.1.2:3000"
```
Now you can run docker commands inside your jobs.

View File

@ -9,19 +9,19 @@
labels: [ labels: [
'kind/dependency', 'kind/dependency',
], ],
"digest": { digest: {
"automerge": true automerge: true,
}, },
automergeStrategy: 'squash', automergeStrategy: 'squash',
'git-submodules': { 'git-submodules': {
'enabled': true enabled: true,
}, },
customManagers: [ customManagers: [
{ {
description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions', description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions',
customType: 'regex', customType: 'regex',
fileMatch: [ managerFilePatterns: [
'.gitea/workflows/.+\\.ya?ml$', '/.gitea/workflows/.+\\.ya?ml$/',
], ],
matchStrings: [ matchStrings: [
'# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?<currentValue>.+?)["\']?\\s', '# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?<currentValue>.+?)["\']?\\s',
@ -30,7 +30,9 @@
{ {
description: 'Detect helm-unittest yaml schema file', description: 'Detect helm-unittest yaml schema file',
customType: 'regex', customType: 'regex',
fileMatch: ['.vscode/settings\\.json$'], managerFilePatterns: [
'/.vscode/settings\\.json$/',
],
matchStrings: [ matchStrings: [
'https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json', 'https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json',
], ],

View File

@ -54,7 +54,7 @@ spec:
- name: DOCKER_TLS_VERIFY - name: DOCKER_TLS_VERIFY
value: "1" value: "1"
- name: DOCKER_CERT_PATH - name: DOCKER_CERT_PATH
value: /certs/server value: /certs/client
- name: GITEA_RUNNER_REGISTRATION_TOKEN - name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@ -70,7 +70,7 @@ spec:
- mountPath: /actrunner/config.yaml - mountPath: /actrunner/config.yaml
name: act-runner-config name: act-runner-config
subPath: config.yaml subPath: config.yaml
- mountPath: /certs/server - mountPath: /certs/client
name: docker-certs name: docker-certs
- mountPath: /data - mountPath: /data
name: data-act-runner name: data-act-runner
@ -86,7 +86,7 @@ spec:
- name: DOCKER_TLS_VERIFY - name: DOCKER_TLS_VERIFY
value: "1" value: "1"
- name: DOCKER_CERT_PATH - name: DOCKER_CERT_PATH
value: /certs/server value: /certs/client
{{- if .Values.statefulset.dind.extraEnvs }} {{- if .Values.statefulset.dind.extraEnvs }}
{{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }} {{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
{{- end }} {{- end }}
@ -95,7 +95,7 @@ spec:
resources: resources:
{{- toYaml .Values.statefulset.resources | nindent 12 }} {{- toYaml .Values.statefulset.resources | nindent 12 }}
volumeMounts: volumeMounts:
- mountPath: /certs/server - mountPath: /certs/client
name: docker-certs name: docker-certs
{{- with .Values.statefulset.dind.extraVolumeMounts }} {{- with .Values.statefulset.dind.extraVolumeMounts }}
{{- toYaml . | nindent 12 }} {{- toYaml . | nindent 12 }}

View File

@ -69,7 +69,7 @@ tests:
name: gitea-unittests-actions-act-runner name: gitea-unittests-actions-act-runner
- equal: - equal:
path: spec.template.metadata.annotations["checksum/config"] path: spec.template.metadata.annotations["checksum/config"]
value: "7566d9c60261bf8cbff6a6936fc7aead96cec540d8c793d142a5ad4664c56ba5" value: "2bafbf04b3c4293c8ddf895ae3d908e14176ee54a6c724c8cf5b2a1e43c6ece7"
- it: renders a StatefulSet http (with correct GITEA_INSTANCE_URL env from giteaRootURL) - it: renders a StatefulSet http (with correct GITEA_INSTANCE_URL env from giteaRootURL)
template: templates/statefulset.yaml template: templates/statefulset.yaml
set: set:

View File

@ -39,7 +39,7 @@ statefulset:
actRunner: actRunner:
repository: gitea/act_runner repository: gitea/act_runner
tag: 0.2.11 tag: 0.2.13
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
extraVolumeMounts: [] extraVolumeMounts: []
@ -49,10 +49,13 @@ statefulset:
level: debug level: debug
cache: cache:
enabled: false enabled: false
container:
require_docker: true
docker_timeout: 300s
dind: dind:
repository: docker repository: docker
tag: 25.0.2-dind tag: 28.3.3-dind
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
extraVolumeMounts: [] extraVolumeMounts: []