bp99/helm-actions
1
0
Fork 0
mirror of https://gitea.com/gitea/helm-actions.git synced 2026-04-10 03:30:38 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Compare commits

base: bp99:d00ed8402e0abcb869790fd25775ed7c506f5b8d
Branches Tags
bp99:main bp99:christopherhx/e2e bp99:check-release-secrets
bp99:v0.0.5 bp99:v0.0.4 bp99:v0.0.3 bp99:v0.0.2 bp99:v0.0.1
..
compare: bp99:check-release-secrets
Branches Tags
bp99:main bp99:christopherhx/e2e bp99:check-release-secrets
bp99:v0.0.5 bp99:v0.0.4 bp99:v0.0.3 bp99:v0.0.2 bp99:v0.0.1

1 Commits
d00ed8402e ... check-rele

Author SHA1 Message Date
ChristopherHX
1600658386 .gitea/workflows/release-version.yml aktualisiert 2025-08-15 20:01:39 +00:00
15 changed files with 96 additions and 177 deletions
Expand all files Collapse all files

4
.gitea/workflows/changelog.yml
View File

@ -8,12 +8,12 @@ on:
jobs:
changelog:
runs-on: ubuntu-latest
container: docker.io/thegeeklab/git-sv:2.0.5
container: docker.io/thegeeklab/git-sv:1.0.12
steps:
- name: install tools
run: |
apk add -q --update --no-cache nodejs curl jq sed
- uses: actions/checkout@v5
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Generate upcoming changelog

2
.gitea/workflows/commitlint.yml
View File

@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-latest
container: commitlint/commitlint:19.7.1
steps:
- uses: actions/checkout@v5
- uses: actions/checkout@v4
- name: check PR title
run: |
echo "${{ gitea.event.pull_request.title }}" | commitlint --config .commitlintrc.json

122
.gitea/workflows/release-version.yml
View File

@ -1,70 +1,68 @@
name: generate-chart
name: check-secrets
on:
push:
tags:
- "*"
env:
# renovate: datasource=docker depName=alpine/helm
HELM_VERSION: "3.17.1"
jobs:
generate-chart-publish:
check-secrets:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- name: install tools
- uses: actions/checkout@v4
- name: Check all required secrets
run: |
apt update -y
apt install -y curl ca-certificates curl gnupg
# helm
curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/
rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
helm version
# docker
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update -y
apt install -y python3 python3-pip apt-transport-https docker-ce-cli
pip install awscli --break-system-packages
- name: Import GPG key
id: import_gpg
uses: https://github.com/crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
# Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
- name: package chart
run: |
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
# FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
helm plugin install https://github.com/pat-s/helm-gpg
helm dependency build
helm package --version "${GITHUB_REF#refs/tags/v}" ./
mkdir actions
mv actions*.tgz actions/
curl -s -L -o actions/index.yaml https://dl.gitea.com/charts/index.yaml
helm repo index actions/ --url https://dl.gitea.com/charts --merge actions/index.yaml
# push to dockerhub
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
helm push actions/actions-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
helm registry logout registry-1.docker.io
- name: aws credential configure
uses: https://github.com/aws-actions/configure-aws-credentials@v5
with:
aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Copy files to S3 and clear cache
run: |
aws s3 sync actions/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/
echo "=== Checking availability of required secrets ==="
# List of all secrets used in the original workflow
SECRETS=(
"GPGSIGN_KEY"
"GPGSIGN_PASSPHRASE"
"DOCKER_CHARTS_PASSWORD"
"DOCKER_CHARTS_USERNAME"
"AWS_KEY_ID"
"AWS_SECRET_ACCESS_KEY"
"AWS_REGION"
"AWS_S3_BUCKET"
)
MISSING_SECRETS=()
AVAILABLE_SECRETS=()
for secret in "${SECRETS[@]}"; do
# Check if secret is set (not empty)
if [ -z "${!secret:-}" ]; then
echo "❌ Secret '$secret' is NOT available or empty"
MISSING_SECRETS+=("$secret")
else
echo "✅ Secret '$secret' is available"
AVAILABLE_SECRETS+=("$secret")
fi
done
echo ""
echo "=== Summary ==="
echo "Available secrets: ${#AVAILABLE_SECRETS[@]}"
echo "Missing secrets: ${#MISSING_SECRETS[@]}"
if [ ${#MISSING_SECRETS[@]} -gt 0 ]; then
echo ""
echo "Missing secrets:"
for secret in "${MISSING_SECRETS[@]}"; do
echo " - $secret"
done
echo ""
echo "❌ Some secrets are missing. Please configure them in repository settings."
exit 1
else
echo ""
echo "✅ All required secrets are available!"
fi
env:
GPGSIGN_KEY: ${{ secrets.GPGSIGN_KEY }}
GPGSIGN_PASSPHRASE: ${{ secrets.GPGSIGN_PASSPHRASE }}
DOCKER_CHARTS_PASSWORD: ${{ secrets.DOCKER_CHARTS_PASSWORD }}
DOCKER_CHARTS_USERNAME: ${{ secrets.DOCKER_CHARTS_USERNAME }}
AWS_KEY_ID: ${{ secrets.AWS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}

2
.gitea/workflows/shellcheck.yml
View File

@ -9,6 +9,6 @@ jobs:
shellcheck:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- uses: actions/checkout@v4.2.2
- run: apt update --yes && apt install --yes shellcheck
- run: find . -type f -name "*.sh" -exec shellcheck -a {} \;

4
.gitea/workflows/test-pr.yml
View File

@ -10,7 +10,7 @@ on:
env:
# renovate: datasource=github-releases depName=helm-unittest/helm-unittest
HELM_UNITTEST_VERSION: "v1.0.1"
HELM_UNITTEST_VERSION: "v0.7.2"
jobs:
check-and-test:
@ -25,7 +25,7 @@ jobs:
uses: pnpm/action-setup@v4
with:
version: 10
- uses: actions/checkout@v5
- uses: actions/checkout@v4
- name: install chart dependencies
run: helm dependency build
- name: lint

1
CODEOWNERS
View File

@ -1 +0,0 @@
* @DaanSelen @volker.raschek @ChristopherHX

15
Chart.yaml
View File

@ -13,18 +13,7 @@ keywords:
sources:
- https://gitea.com/gitea/helm-actions
- https://gitea.com/gitea/act
maintainers:
# https://gitea.com/DaanSelen
- name: Daan Selen
email: dselen@nerthus.nl
# https://gitea.com/volker.raschek
- name: Markus Pesch
email: markus.pesch+apps@cryptic.systems
# https://gitea.com/ChristopherHX
- name: Christopher Homberger
email: christopher.homberger@web.de
# FIXME:
# maintainers:
dependencies: []

8
README.md
View File

@ -6,10 +6,6 @@ The parameters which can be used to customize the deployment are described below
If you want to propose a new feature or mechanism, submit an [issue here](https://gitea.com/gitea/helm-actions/issues).
## Docs
[Docs](./docs/README.md)
## Rootless Defaults
If `.Values.image.rootless: true`, then the following will occur. In case you use `.Values.image.fullOverride`, check that this works in your image:
@ -34,12 +30,12 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us
| `statefulset.affinity` | Affinity for the statefulset | `{}` |
| `statefulset.extraVolumes` | Extra volumes for the statefulset | `[]` |
| `statefulset.actRunner.repository` | The Gitea act runner image | `gitea/act_runner` |
| `statefulset.actRunner.tag` | The Gitea act runner tag | `0.2.13` |
| `statefulset.actRunner.tag` | The Gitea act runner tag | `0.2.11` |
| `statefulset.actRunner.pullPolicy` | The Gitea act runner pullPolicy | `IfNotPresent` |
| `statefulset.actRunner.extraVolumeMounts` | Allows mounting extra volumes in the act runner container | `[]` |
| `statefulset.actRunner.config` | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` |
| `statefulset.dind.repository` | The Docker-in-Docker image | `docker` |
| `statefulset.dind.tag` | The Docker-in-Docker image tag | `28.3.3-dind` |
| `statefulset.dind.tag` | The Docker-in-Docker image tag | `25.0.2-dind` |
| `statefulset.dind.pullPolicy` | The Docker-in-Docker pullPolicy | `IfNotPresent` |
| `statefulset.dind.extraVolumeMounts` | Allows mounting extra volumes in the Docker-in-Docker container | `[]` |
| `statefulset.dind.extraEnvs` | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY` | `[]` |

3
docs/README.md
View File

@ -1,3 +0,0 @@
# Gitea Actions Helm Chart Docs
- [Share dind with job container](share-dind-with-job-container.md)

36
docs/share-dind-with-job-container.md
View File

@ -1,36 +0,0 @@
# Share dind with job container
You can weaken isolation and allow jobs to call docker commands.
## Limitations
- Docker bind mounts like `-v /path/on/self/container:/path/to/new/container` do not work, because they are going to mount the path from the dind container
- Docker port expose to local host `-e 80:8080` is not going to work
## Example Values
```yaml
enabled: true
statefulset:
actRunner:
# See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
config: |
log:
level: debug
cache:
enabled: false
container:
valid_volumes:
- /var/run/docker.sock
options: -v /var/run/docker.sock:/var/run/docker.sock
## Specify an existing token secret
##
existingSecret: "runner-token2"
existingSecretKey: "token"
## Specify the root URL of the Gitea instance
giteaRootURL: "http://192.168.1.2:3000"
```
Now you can run docker commands inside your jobs.

26
pnpm-lock.yaml generated
View File

@ -10,15 +10,15 @@ importers:
devDependencies:
'@bitnami/readme-generator-for-helm':
specifier: ^2.7.0
version: 2.7.2
version: 2.7.0
markdownlint-cli:
specifier: ^0.44.0
version: 0.44.0
packages:
'@bitnami/readme-generator-for-helm@2.7.2':
resolution: {integrity: sha512-7eXyJzxQTQj2ajpHlIhadciCCYWOqN8ieaweU25bStHOZowQ2c2CQyjO/bX4gxIf73LoRKxHhEYgLTllJY9SIw==}
'@bitnami/readme-generator-for-helm@2.7.0':
resolution: {integrity: sha512-fVxExmcuJ9NZb9ZE9OW3+lG8pUlXJAJdaO8UukV3A7WzYu4qOTr03MXPH9Gt5e/6mo3x4WYI/cXBksKfS0qn3w==}
hasBin: true
'@isaacs/cliui@8.0.2':
@ -63,8 +63,8 @@ packages:
balanced-match@1.0.2:
resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==}
brace-expansion@1.1.12:
resolution: {integrity: sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==}
brace-expansion@1.1.11:
resolution: {integrity: sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==}
brace-expansion@2.0.1:
resolution: {integrity: sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==}
@ -419,20 +419,20 @@ packages:
wrappy@1.0.2:
resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==}
yaml@2.8.1:
resolution: {integrity: sha512-lcYcMxX2PO9XMGvAJkJ3OsNMw+/7FKes7/hgerGUYWIoWu5j/+YQqcZr5JnPZWzOsEBgMbSbiSTn/dv/69Mkpw==}
engines: {node: '>= 14.6'}
yaml@2.7.0:
resolution: {integrity: sha512-+hSoy/QHluxmC9kCIJyL/uyFmLmc+e5CFR5Wa+bpIhIj85LVb9ZH2nVnqrHoSvKogwODv0ClqZkmiSSaIH5LTA==}
engines: {node: '>= 14'}
hasBin: true
snapshots:
'@bitnami/readme-generator-for-helm@2.7.2':
'@bitnami/readme-generator-for-helm@2.7.0':
dependencies:
commander: 13.1.0
dot-object: 2.1.5
lodash: 4.17.21
markdown-table: 2.0.0
yaml: 2.8.1
yaml: 2.7.0
'@isaacs/cliui@8.0.2':
dependencies:
@ -470,7 +470,7 @@ snapshots:
balanced-match@1.0.2: {}
brace-expansion@1.1.12:
brace-expansion@1.1.11:
dependencies:
balanced-match: 1.0.2
concat-map: 0.0.1
@ -829,7 +829,7 @@ snapshots:
minimatch@3.1.2:
dependencies:
brace-expansion: 1.1.12
brace-expansion: 1.1.11
minimatch@9.0.5:
dependencies:
@ -929,4 +929,4 @@ snapshots:
wrappy@1.0.2: {}
yaml@2.8.1: {}
yaml@2.7.0: {}

33
renovate.json5
View File

@ -9,19 +9,19 @@
labels: [
'kind/dependency',
],
digest: {
automerge: true,
"digest": {
"automerge": true
},
automergeStrategy: 'squash',
'git-submodules': {
enabled: true,
'enabled': true
},
customManagers: [
{
description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions',
customType: 'regex',
managerFilePatterns: [
'/.gitea/workflows/.+\\.ya?ml$/',
fileMatch: [
'.gitea/workflows/.+\\.ya?ml$',
],
matchStrings: [
'# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?<currentValue>.+?)["\']?\\s',
@ -30,23 +30,13 @@
{
description: 'Detect helm-unittest yaml schema file',
customType: 'regex',
managerFilePatterns: [
'/.vscode/settings\\.json$/',
],
fileMatch: ['.vscode/settings\\.json$'],
matchStrings: [
'https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json',
],
datasourceTemplate: 'github-releases',
},
],
lockFileMaintenance: {
"enabled": true,
"commitMessageAction": "update",
"commitMessageTopic": "lockfiles",
schedule: [
'at any time',
]
},
packageRules: [
{
groupName: 'subcharts (minor & patch)',
@ -59,17 +49,6 @@
'digest',
],
},
{
groupName: 'bats testing framework',
matchManagers: [
'git-submodules',
],
matchUpdateTypes: [
'minor',
'patch',
'digest',
],
},
{
groupName: 'workflow dependencies (minor & patch)',
matchManagers: [

8
templates/statefulset.yaml
View File

@ -54,7 +54,7 @@ spec:
- name: DOCKER_TLS_VERIFY
value: "1"
- name: DOCKER_CERT_PATH
value: /certs/client
value: /certs/server
- name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
@ -70,7 +70,7 @@ spec:
- mountPath: /actrunner/config.yaml
name: act-runner-config
subPath: config.yaml
- mountPath: /certs/client
- mountPath: /certs/server
name: docker-certs
- mountPath: /data
name: data-act-runner
@ -86,7 +86,7 @@ spec:
- name: DOCKER_TLS_VERIFY
value: "1"
- name: DOCKER_CERT_PATH
value: /certs/client
value: /certs/server
{{- if .Values.statefulset.dind.extraEnvs }}
{{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
{{- end }}
@ -95,7 +95,7 @@ spec:
resources:
{{- toYaml .Values.statefulset.resources | nindent 12 }}
volumeMounts:
- mountPath: /certs/client
- mountPath: /certs/server
name: docker-certs
{{- with .Values.statefulset.dind.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}

2
unittests/helm/statefulset.yaml
View File

@ -69,7 +69,7 @@ tests:
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.metadata.annotations["checksum/config"]
value: "2bafbf04b3c4293c8ddf895ae3d908e14176ee54a6c724c8cf5b2a1e43c6ece7"
value: "7566d9c60261bf8cbff6a6936fc7aead96cec540d8c793d142a5ad4664c56ba5"
- it: renders a StatefulSet http (with correct GITEA_INSTANCE_URL env from giteaRootURL)
template: templates/statefulset.yaml
set:

7
values.yaml
View File

@ -39,7 +39,7 @@ statefulset:
actRunner:
repository: gitea/act_runner
tag: 0.2.13
tag: 0.2.11
pullPolicy: IfNotPresent
extraVolumeMounts: []
@ -49,13 +49,10 @@ statefulset:
level: debug
cache:
enabled: false
container:
require_docker: true
docker_timeout: 300s
dind:
repository: docker
tag: 28.3.3-dind
tag: 25.0.2-dind
pullPolicy: IfNotPresent
extraVolumeMounts: []