5 Commits

8 changed files with 91 additions and 79 deletions

View File

@ -29,6 +29,16 @@ Deploy with your values, make sure the path is correct:
helm upgrade --install gitea-actions gitea-charts/actions -f values.yaml helm upgrade --install gitea-actions gitea-charts/actions -f values.yaml
``` ```
Alternatively:
```sh
helm upgrade --install gitea-actions gitea-charts/actions \
--set enabled=true \
--set giteaRootURL=https://gitea.com \
--set existingSecret=foo \
--set existingSecretKey=bar
```
You should be good to go! You should be good to go!
### Runner Token Secret Template ### Runner Token Secret Template
@ -98,13 +108,15 @@ If `.Values.statefulset.dind.rootless: true` is set, then the following will be
### Gitea Actions Init ### Gitea Actions Init
| Name | Description | Value | | Name | Description | Value |
| ------------------------- | ---------------------------------------------------------------------------------------------------------- | -------------- | | ----------------------------------- | ---------------------------------------------------------------------------------------------------------- | -------------- |
| `init.image.registry` | image registry, e.g. gcr.io,docker.io | `""` | | `init.image.registry` | Image registry, e.g. gcr.io,docker.io | `""` |
| `init.image.repository` | The init image | `busybox` | | `init.image.repository` | The init image (default: busyboxy but can be changed to alpine e.g.) | `busybox` |
| `init.image.tag` | the init image tag | `1.38.0` | | `init.image.tag` | The init image tag | `1.38.0` |
| `init.image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | | `init.image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` |
| `init.image.pullPolicy` | The init image pullPolicy | `IfNotPresent` | | `init.image.pullPolicy` | The init image pullPolicy | `IfNotPresent` |
| `init.image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. | `""` | | `init.image.fullOverride` | Completely overrides the image registry, path/image, tag and digest | `""` |
| `init.connectionCommandOverride` | Possiblity to change the command with which the container tests its connection to the Gitea server | `""` |
| `init.preConnectionCommandOverride` | Possibility to add commands that happen before the connection test loop | `""` |
### Runner Token Secret Configuration ### Runner Token Secret Configuration

View File

@ -1,3 +1,3 @@
# Gitea Actions Helm Chart Docs # Gitea Actions Helm Chart Docs
- [Share dind with job container](share-dind-with-job-container.md) - [connectionCommandOverride explanation](./connectionCommandOverride.md)

View File

@ -1,31 +0,0 @@
# Gitea Actions
In order to use the Gitea Actions act-runner you must either:
- enable persistence (used for automatic deployment to be able to store the token in a place accessible for the Job)
- create a secret containing the act runner token and reference it as a `existingSecret`
In order to use Gitea Actions, you must log on the server that's running Gitea and run the command:
`gitea actions generate-runner-token`
This command will out a token that is needed by the act-runner to register with the Gitea backend.
Because this is a manual operation, we automated this using a Kubernetes Job using the following containers:
1) `actions-token-create`: it uses the current `gitea-rootless` image, mounts the persistent directory to `/data/` then it saves the output from `gitea actions generate-runner-token` to `/data/actions/token`
2) `actions-token-upload`: it uses a `bitnami/kubectl` image, mounts the scripts directory (`/scripts`) and
the persistent directory (`/data/`), and using the script from `/scripts/token.sh` stores the token in a Kubernetes secret
After the token is stored in a Kubernetes secret we can create the statefulset that contains the following containers:
1) `act-runner`: authenticates with Gitea using the token that was stored in the secret
2) `dind`: DockerInDocker image that is used to run the actions
If you are not using persistent volumes, you cannot use the Job to automatically generate the token.
In this case, you can use either the Web UI to generate the token or run a shell into a Gitea pod and invoke
the command `gitea actions generate-runner-token`. After generating the token, you must create a secret and use it via:
```yaml
existingSecret: "secret-name"
existingSecretKey: "secret-key"
```

View File

@ -0,0 +1,48 @@
# Using a custom connectionCommand
By default, before the container starts it tries to reach the given giteaRootURL.
Normally this is done by the busybox image using the wget binary.
However, due to [Issue #162](https://gitea.com/gitea/helm-actions/issues/162) there has been a change made where we can customize that command.
Using the `values.yaml` file by default it calls `wget --spider --no-check-certificate <your giteaRootURL>` with a timeout of 10 seconds.
But with a custom init section like detailed below we can make our check compliant with whatever certificate you have.
Assuming:
```yaml
enabled: true
giteaRootURL: https://gitea.com
existingSecret: foo
existingSecretKey: bar
init:
image:
registry: ""
repository: alpine
# Overrides the image tag whose default is the chart appVersion.
tag: "3.24"
digest: ""
pullPolicy: IfNotPresent
fullOverride: ""
connectionCommandOverride: "curl -I"
preConnectionCommandOverride: "apk add curl"
```
This now creates the following template section:
```yaml
- name: init-gitea
image: "alpine:latest"
command:
- sh
- -c
- |
apk add curl
echo 'Trying to reach Gitea on https://gitea.com'
until timeout 10 curl -I https://gitea.com; do
sleep 3
echo "Trying again in 3 seconds..."
done
echo "Gitea has been reached!"
```

View File

@ -1,30 +0,0 @@
# Share dind with job container
You can weaken isolation and allow jobs to call docker commands.
## Limitations
-
## Example Values
```yaml
config: |
log:
level: debug
cache:
enabled: false
container:
require_docker: true
docker_timeout: 300s
## Specify an existing token secret
##
existingSecret: "runner-token2"
existingSecretKey: "token"
## Specify the root URL of the Gitea instance
giteaRootURL: "http://192.168.1.2:3000"
```
Now you can run docker commands inside your jobs.

8
pnpm-lock.yaml generated
View File

@ -175,8 +175,8 @@ packages:
resolution: {integrity: sha512-Eeo8Ys1doU1z+x8AZsPpQu+p/QcZBI5PeOo7QGQdy2x2m0MU/hYagBbGOmXwr5KVbEfVuWv9LpnQWeehogurjg==} resolution: {integrity: sha512-Eeo8Ys1doU1z+x8AZsPpQu+p/QcZBI5PeOo7QGQdy2x2m0MU/hYagBbGOmXwr5KVbEfVuWv9LpnQWeehogurjg==}
hasBin: true hasBin: true
linkify-it@5.0.2: linkify-it@5.0.1:
resolution: {integrity: sha512-ONTm2jCMAVZjgQa/Fy1kScXsuOoF5NPTsoFBdE1KVIZ2vAh/r9+Bqo+0jINCBYnavTPQZz38QzFTme79ENoN3Q==} resolution: {integrity: sha512-wVoTjP4Q6R0NW5hiZkVJaFZPWgtXfoGF+6LucL3/FtiNjmcHhYjEr5f1Kqjirc1nBW07J/ZuRFumqr2oqccEWg==}
lodash@4.18.1: lodash@4.18.1:
resolution: {integrity: sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==} resolution: {integrity: sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==}
@ -472,7 +472,7 @@ snapshots:
dependencies: dependencies:
commander: 8.3.0 commander: 8.3.0
linkify-it@5.0.2: linkify-it@5.0.1:
dependencies: dependencies:
uc.micro: 2.1.0 uc.micro: 2.1.0
@ -482,7 +482,7 @@ snapshots:
dependencies: dependencies:
argparse: 2.0.1 argparse: 2.0.1
entities: 4.5.0 entities: 4.5.0
linkify-it: 5.0.2 linkify-it: 5.0.1
mdurl: 2.0.0 mdurl: 2.0.0
punycode.js: 2.3.1 punycode.js: 2.3.1
uc.micro: 2.1.0 uc.micro: 2.1.0

View File

@ -66,14 +66,21 @@ spec:
- mountPath: /data - mountPath: /data
name: data-runner name: data-runner
{{- end }} {{- end }}
- name: init-gitea - name: reach-gitea
image: "{{ include "gitea.actions.init.image" . }}" image: "{{ include "gitea.actions.init.image" . }}"
command: command:
- sh - sh
- -c - -c
- | - |
{{- if .Values.init.preConnectionCommandOverride }}
{{ .Values.init.preConnectionCommandOverride }}
{{- end }}
echo 'Trying to reach Gitea on {{ include "gitea.actions.local_root_url" . }}' echo 'Trying to reach Gitea on {{ include "gitea.actions.local_root_url" . }}'
{{- if .Values.init.connectionCommandOverride }}
until timeout 10 {{ .Values.init.connectionCommandOverride }} {{ include "gitea.actions.local_root_url" . }}; do
{{- else }}
until timeout 10 wget --no-check-certificate --spider {{ include "gitea.actions.local_root_url" . }}; do until timeout 10 wget --no-check-certificate --spider {{ include "gitea.actions.local_root_url" . }}; do
{{- end }}
sleep 3 sleep 3
echo "Trying again in 3 seconds..." echo "Trying again in 3 seconds..."
done done

View File

@ -121,12 +121,15 @@ statefulset:
## @section Gitea Actions Init ## @section Gitea Actions Init
# #
## @param init.image.registry image registry, e.g. gcr.io,docker.io ## @param init.image.registry Image registry, e.g. gcr.io,docker.io
## @param init.image.repository The init image ## @param init.image.repository The init image (default: busyboxy but can be changed to alpine e.g.)
## @param init.image.tag the init image tag ## @param init.image.tag The init image tag
## @param init.image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` ## @param init.image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
## @param init.image.pullPolicy The init image pullPolicy ## @param init.image.pullPolicy The init image pullPolicy
## @param init.image.fullOverride Completely overrides the image registry, path/image, tag and digest. ## @param init.image.fullOverride Completely overrides the image registry, path/image, tag and digest
#
## @param init.connectionCommandOverride Possiblity to change the command with which the container tests its connection to the Gitea server
## @param init.preConnectionCommandOverride Possibility to add commands that happen before the connection test loop
init: init:
image: image:
registry: "" registry: ""
@ -137,6 +140,9 @@ init:
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
fullOverride: "" fullOverride: ""
connectionCommandOverride: ""
preConnectionCommandOverride: ""
## @section Runner Token Secret Configuration ## @section Runner Token Secret Configuration
# #
## @param existingSecret Secret that contains the token ## @param existingSecret Secret that contains the token