mirror of
https://gitea.com/gitea/helm-actions.git
synced 2026-07-16 11:14:44 +00:00
Compare commits
5 Commits
e456879b7d
...
feat/custo
| Author | SHA1 | Date | |
|---|---|---|---|
| 40128e86af | |||
| 12d63282a3 | |||
| 2a43b44c2b | |||
| 5fbf28ccbc | |||
| 29df27268d |
28
README.md
28
README.md
@ -29,6 +29,16 @@ Deploy with your values, make sure the path is correct:
|
|||||||
helm upgrade --install gitea-actions gitea-charts/actions -f values.yaml
|
helm upgrade --install gitea-actions gitea-charts/actions -f values.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Alternatively:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
helm upgrade --install gitea-actions gitea-charts/actions \
|
||||||
|
--set enabled=true \
|
||||||
|
--set giteaRootURL=https://gitea.com \
|
||||||
|
--set existingSecret=foo \
|
||||||
|
--set existingSecretKey=bar
|
||||||
|
```
|
||||||
|
|
||||||
You should be good to go!
|
You should be good to go!
|
||||||
|
|
||||||
### Runner Token Secret Template
|
### Runner Token Secret Template
|
||||||
@ -97,14 +107,16 @@ If `.Values.statefulset.dind.rootless: true` is set, then the following will be
|
|||||||
|
|
||||||
### Gitea Actions Init
|
### Gitea Actions Init
|
||||||
|
|
||||||
| Name | Description | Value |
|
| Name | Description | Value |
|
||||||
| ------------------------- | ---------------------------------------------------------------------------------------------------------- | -------------- |
|
| ----------------------------------- | ---------------------------------------------------------------------------------------------------------- | -------------- |
|
||||||
| `init.image.registry` | image registry, e.g. gcr.io,docker.io | `""` |
|
| `init.image.registry` | Image registry, e.g. gcr.io,docker.io | `""` |
|
||||||
| `init.image.repository` | The init image | `busybox` |
|
| `init.image.repository` | The init image (default: busyboxy but can be changed to alpine e.g.) | `busybox` |
|
||||||
| `init.image.tag` | the init image tag | `1.38.0` |
|
| `init.image.tag` | The init image tag | `1.38.0` |
|
||||||
| `init.image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` |
|
| `init.image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` |
|
||||||
| `init.image.pullPolicy` | The init image pullPolicy | `IfNotPresent` |
|
| `init.image.pullPolicy` | The init image pullPolicy | `IfNotPresent` |
|
||||||
| `init.image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. | `""` |
|
| `init.image.fullOverride` | Completely overrides the image registry, path/image, tag and digest | `""` |
|
||||||
|
| `init.connectionCommandOverride` | Possiblity to change the command with which the container tests its connection to the Gitea server | `""` |
|
||||||
|
| `init.preConnectionCommandOverride` | Possibility to add commands that happen before the connection test loop | `""` |
|
||||||
|
|
||||||
### Runner Token Secret Configuration
|
### Runner Token Secret Configuration
|
||||||
|
|
||||||
|
|||||||
@ -1,3 +1,3 @@
|
|||||||
# Gitea Actions Helm Chart Docs
|
# Gitea Actions Helm Chart Docs
|
||||||
|
|
||||||
- [Share dind with job container](share-dind-with-job-container.md)
|
- [connectionCommandOverride explanation](./connectionCommandOverride.md)
|
||||||
|
|||||||
@ -1,31 +0,0 @@
|
|||||||
# Gitea Actions
|
|
||||||
|
|
||||||
In order to use the Gitea Actions act-runner you must either:
|
|
||||||
|
|
||||||
- enable persistence (used for automatic deployment to be able to store the token in a place accessible for the Job)
|
|
||||||
- create a secret containing the act runner token and reference it as a `existingSecret`
|
|
||||||
|
|
||||||
In order to use Gitea Actions, you must log on the server that's running Gitea and run the command:
|
|
||||||
`gitea actions generate-runner-token`
|
|
||||||
|
|
||||||
This command will out a token that is needed by the act-runner to register with the Gitea backend.
|
|
||||||
|
|
||||||
Because this is a manual operation, we automated this using a Kubernetes Job using the following containers:
|
|
||||||
|
|
||||||
1) `actions-token-create`: it uses the current `gitea-rootless` image, mounts the persistent directory to `/data/` then it saves the output from `gitea actions generate-runner-token` to `/data/actions/token`
|
|
||||||
2) `actions-token-upload`: it uses a `bitnami/kubectl` image, mounts the scripts directory (`/scripts`) and
|
|
||||||
the persistent directory (`/data/`), and using the script from `/scripts/token.sh` stores the token in a Kubernetes secret
|
|
||||||
|
|
||||||
After the token is stored in a Kubernetes secret we can create the statefulset that contains the following containers:
|
|
||||||
|
|
||||||
1) `act-runner`: authenticates with Gitea using the token that was stored in the secret
|
|
||||||
2) `dind`: DockerInDocker image that is used to run the actions
|
|
||||||
|
|
||||||
If you are not using persistent volumes, you cannot use the Job to automatically generate the token.
|
|
||||||
In this case, you can use either the Web UI to generate the token or run a shell into a Gitea pod and invoke
|
|
||||||
the command `gitea actions generate-runner-token`. After generating the token, you must create a secret and use it via:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
existingSecret: "secret-name"
|
|
||||||
existingSecretKey: "secret-key"
|
|
||||||
```
|
|
||||||
48
docs/connectionCommandOverride.md
Normal file
48
docs/connectionCommandOverride.md
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
# Using a custom connectionCommand
|
||||||
|
|
||||||
|
By default, before the container starts it tries to reach the given giteaRootURL.
|
||||||
|
Normally this is done by the busybox image using the wget binary.
|
||||||
|
|
||||||
|
However, due to [Issue #162](https://gitea.com/gitea/helm-actions/issues/162) there has been a change made where we can customize that command.
|
||||||
|
|
||||||
|
Using the `values.yaml` file by default it calls `wget --spider --no-check-certificate <your giteaRootURL>` with a timeout of 10 seconds.
|
||||||
|
But with a custom init section like detailed below we can make our check compliant with whatever certificate you have.
|
||||||
|
|
||||||
|
Assuming:
|
||||||
|
```yaml
|
||||||
|
enabled: true
|
||||||
|
giteaRootURL: https://gitea.com
|
||||||
|
existingSecret: foo
|
||||||
|
existingSecretKey: bar
|
||||||
|
|
||||||
|
init:
|
||||||
|
image:
|
||||||
|
registry: ""
|
||||||
|
repository: alpine
|
||||||
|
# Overrides the image tag whose default is the chart appVersion.
|
||||||
|
tag: "3.24"
|
||||||
|
digest: ""
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
fullOverride: ""
|
||||||
|
|
||||||
|
connectionCommandOverride: "curl -I"
|
||||||
|
preConnectionCommandOverride: "apk add curl"
|
||||||
|
```
|
||||||
|
|
||||||
|
This now creates the following template section:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
- name: init-gitea
|
||||||
|
image: "alpine:latest"
|
||||||
|
command:
|
||||||
|
- sh
|
||||||
|
- -c
|
||||||
|
- |
|
||||||
|
apk add curl
|
||||||
|
echo 'Trying to reach Gitea on https://gitea.com'
|
||||||
|
until timeout 10 curl -I https://gitea.com; do
|
||||||
|
sleep 3
|
||||||
|
echo "Trying again in 3 seconds..."
|
||||||
|
done
|
||||||
|
echo "Gitea has been reached!"
|
||||||
|
```
|
||||||
@ -1,30 +0,0 @@
|
|||||||
# Share dind with job container
|
|
||||||
|
|
||||||
You can weaken isolation and allow jobs to call docker commands.
|
|
||||||
|
|
||||||
## Limitations
|
|
||||||
|
|
||||||
-
|
|
||||||
|
|
||||||
## Example Values
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
config: |
|
|
||||||
log:
|
|
||||||
level: debug
|
|
||||||
cache:
|
|
||||||
enabled: false
|
|
||||||
container:
|
|
||||||
require_docker: true
|
|
||||||
docker_timeout: 300s
|
|
||||||
|
|
||||||
## Specify an existing token secret
|
|
||||||
##
|
|
||||||
existingSecret: "runner-token2"
|
|
||||||
existingSecretKey: "token"
|
|
||||||
|
|
||||||
## Specify the root URL of the Gitea instance
|
|
||||||
giteaRootURL: "http://192.168.1.2:3000"
|
|
||||||
```
|
|
||||||
|
|
||||||
Now you can run docker commands inside your jobs.
|
|
||||||
@ -66,14 +66,21 @@ spec:
|
|||||||
- mountPath: /data
|
- mountPath: /data
|
||||||
name: data-runner
|
name: data-runner
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: init-gitea
|
- name: reach-gitea
|
||||||
image: "{{ include "gitea.actions.init.image" . }}"
|
image: "{{ include "gitea.actions.init.image" . }}"
|
||||||
command:
|
command:
|
||||||
- sh
|
- sh
|
||||||
- -c
|
- -c
|
||||||
- |
|
- |
|
||||||
|
{{- if .Values.init.preConnectionCommandOverride }}
|
||||||
|
{{ .Values.init.preConnectionCommandOverride }}
|
||||||
|
{{- end }}
|
||||||
echo 'Trying to reach Gitea on {{ include "gitea.actions.local_root_url" . }}'
|
echo 'Trying to reach Gitea on {{ include "gitea.actions.local_root_url" . }}'
|
||||||
|
{{- if .Values.init.connectionCommandOverride }}
|
||||||
|
until timeout 10 {{ .Values.init.connectionCommandOverride }} {{ include "gitea.actions.local_root_url" . }}; do
|
||||||
|
{{- else }}
|
||||||
until timeout 10 wget --no-check-certificate --spider {{ include "gitea.actions.local_root_url" . }}; do
|
until timeout 10 wget --no-check-certificate --spider {{ include "gitea.actions.local_root_url" . }}; do
|
||||||
|
{{- end }}
|
||||||
sleep 3
|
sleep 3
|
||||||
echo "Trying again in 3 seconds..."
|
echo "Trying again in 3 seconds..."
|
||||||
done
|
done
|
||||||
|
|||||||
14
values.yaml
14
values.yaml
@ -121,12 +121,15 @@ statefulset:
|
|||||||
|
|
||||||
## @section Gitea Actions Init
|
## @section Gitea Actions Init
|
||||||
#
|
#
|
||||||
## @param init.image.registry image registry, e.g. gcr.io,docker.io
|
## @param init.image.registry Image registry, e.g. gcr.io,docker.io
|
||||||
## @param init.image.repository The init image
|
## @param init.image.repository The init image (default: busyboxy but can be changed to alpine e.g.)
|
||||||
## @param init.image.tag the init image tag
|
## @param init.image.tag The init image tag
|
||||||
## @param init.image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
|
## @param init.image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
|
||||||
## @param init.image.pullPolicy The init image pullPolicy
|
## @param init.image.pullPolicy The init image pullPolicy
|
||||||
## @param init.image.fullOverride Completely overrides the image registry, path/image, tag and digest.
|
## @param init.image.fullOverride Completely overrides the image registry, path/image, tag and digest
|
||||||
|
#
|
||||||
|
## @param init.connectionCommandOverride Possiblity to change the command with which the container tests its connection to the Gitea server
|
||||||
|
## @param init.preConnectionCommandOverride Possibility to add commands that happen before the connection test loop
|
||||||
init:
|
init:
|
||||||
image:
|
image:
|
||||||
registry: ""
|
registry: ""
|
||||||
@ -137,6 +140,9 @@ init:
|
|||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
fullOverride: ""
|
fullOverride: ""
|
||||||
|
|
||||||
|
connectionCommandOverride: ""
|
||||||
|
preConnectionCommandOverride: ""
|
||||||
|
|
||||||
## @section Runner Token Secret Configuration
|
## @section Runner Token Secret Configuration
|
||||||
#
|
#
|
||||||
## @param existingSecret Secret that contains the token
|
## @param existingSecret Secret that contains the token
|
||||||
|
|||||||
Reference in New Issue
Block a user