20 Commits

Author SHA1 Message Date
43e1080cd7 .gitea/workflows/e2e.yml aktualisiert 2026-03-19 11:26:21 +00:00
6945a48d11 .gitea/workflows/e2e.yml aktualisiert 2026-03-19 11:18:21 +00:00
91348eb00b Rename cluster 2026-03-19 11:01:02 +00:00
24863ef249 .gitea/workflows/e2e.yml aktualisiert 2026-03-19 10:51:14 +00:00
62c14d7877 .gitea/workflows/e2e.yml aktualisiert 2026-03-19 10:45:45 +00:00
3625cf2ff2 fixes 2026-03-19 10:38:42 +00:00
4a82e5d96d .gitea/workflows/e2e.yml aktualisiert 2026-03-19 10:35:18 +00:00
86c8067beb Keep cluster alive? 2026-03-19 10:31:35 +00:00
a21154e3a6 .gitea/workflows/e2e.yml aktualisiert 2026-03-18 22:51:06 +00:00
d1c20ced5e .gitea/workflows/e2e.yml aktualisiert 2026-03-18 22:46:09 +00:00
4e2e4c4b29 .gitea/workflows/e2e.yml aktualisiert 2026-03-18 22:42:30 +00:00
759dffa245 .gitea/workflows/e2e.yml aktualisiert 2026-03-18 22:34:19 +00:00
619d048017 .gitea/workflows/e2e.yml aktualisiert 2026-03-18 22:33:12 +00:00
2f455431a9 .gitea/workflows/e2e.yml aktualisiert 2026-03-18 22:28:40 +00:00
9a3b8afa55 .gitea/workflows/e2e.yml aktualisiert 2026-03-18 22:08:30 +00:00
e2bc1191d7 .gitea/workflows/e2e.yml aktualisiert 2026-03-18 21:54:05 +00:00
2325970518 another attempt 2026-03-18 21:46:02 +00:00
1c8e4d9ef6 .gitea/workflows/e2e.yml aktualisiert 2026-03-18 21:35:36 +00:00
7db5906c08 Add delete cluster 2026-03-18 21:20:54 +00:00
d24696be8c .gitea/workflows/e2e.yml hinzugefügt 2026-03-18 21:05:57 +00:00
23 changed files with 705 additions and 780 deletions

View File

@ -8,12 +8,12 @@ on:
jobs:
changelog:
runs-on: ubuntu-latest
container: docker.io/thegeeklab/git-sv:2.1.3
container: docker.io/thegeeklab/git-sv:2.0.9
steps:
- name: install tools
run: |
apk add -q --update --no-cache nodejs curl jq sed
- uses: actions/checkout@v7
- uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Generate upcoming changelog

View File

@ -11,9 +11,9 @@ on:
jobs:
check-and-test:
runs-on: ubuntu-latest
container: commitlint/commitlint:21.1.0
container: commitlint/commitlint:20.4.1
steps:
- uses: actions/checkout@v7
- uses: actions/checkout@v6
- name: check PR title
run: |
echo "${{ gitea.event.pull_request.title }}" | commitlint --config .commitlintrc.json

76
.gitea/workflows/e2e.yml Normal file
View File

@ -0,0 +1,76 @@
on: pull_request
jobs:
k8s-test:
runs-on: ubuntu-latest
env:
CLUSTER_NAME: test-cluster
steps:
- uses: actions/checkout@v4
- name: Install Docker CLI, kind, and kubectl
run: |
# Install Docker CLI (to talk to the host daemon via the mounted socket)
apt-get update && apt-get install -y docker.io jq
# Install kind
curl -Lo /usr/local/bin/kind https://kind.sigs.k8s.io/dl/v0.24.0/kind-linux-amd64
chmod +x /usr/local/bin/kind
# Install kubectl
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
install kubectl /usr/local/bin/
- name: Create kind cluster
run: |
kind delete cluster test-cluster2
docker inspect ${CLUSTER_NAME}-control-plane && mkdir -p ~/.kube && kind get kubeconfig --name ${CLUSTER_NAME} > ~/.kube/config || kind create cluster --name ${CLUSTER_NAME} --wait 5m
- name: Connect kind to the job container's network and fix kubeconfig
if: always()
run: |
# 1. Find the Docker network the job container is on
# The job container's hostname is the container ID
JOB_CONTAINER_ID=$(hostname)
NETWORK_NAME=$(docker inspect "$JOB_CONTAINER_ID" \
--format '{{range $k, $v := .NetworkSettings.Networks}}{{$k}}{{end}}')
echo "NETWORK_NAME=$NETWORK_NAME" >> $GITHUB_ENV
echo "Job container network: $NETWORK_NAME"
# 2. Get the kind control-plane container name
KIND_CONTAINER="${CLUSTER_NAME}-control-plane"
echo "KIND_CONTAINER=$KIND_CONTAINER" >> $GITHUB_ENV
# 3. Connect the kind container to the same network
docker network connect "$NETWORK_NAME" "$KIND_CONTAINER"
# 4. Get the kind container's IP on that network
KIND_IP=$(docker inspect "$KIND_CONTAINER" \
--format "{{(index .NetworkSettings.Networks \"$NETWORK_NAME\").IPAddress}}")
echo "Kind container IP on shared network: $KIND_IP"
# 5. Rewrite the kubeconfig to use the kind container's IP
# kind's API server listens on port 6443 inside the container
kubectl config set-cluster kind-${CLUSTER_NAME} \
--server="https://${KIND_IP}:6443"
# 6. Since the TLS cert won't match the new IP, use insecure mode
# OR set insecure-skip-tls-verify
kubectl config set-cluster kind-${CLUSTER_NAME} \
--insecure-skip-tls-verify=true
- name: Verify cluster access
if: always()
run: |
kubectl cluster-info
kubectl get nodes
kubectl get pods -A
- name: Disconnect Kind Network
if: always()
run: |
docker network disconnect "$NETWORK_NAME" "$KIND_CONTAINER"

View File

@ -7,75 +7,64 @@ on:
env:
# renovate: datasource=docker depName=alpine/helm
HELM_VERSION: "4.2.2"
HELM_VERSION: "3.20.0"
jobs:
generate-chart-publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
- name: install Docker CLI
uses: https://github.com/docker/setup-buildx-action@v4 # Gitea
#uses: docker/setup-buildx-action@v4 # Github / Act
- name: install Helm
uses: https://github.com/Azure/setup-helm@v5 # Gitea
#uses: Azure/setup-helm@v5 # Github / Act
with:
version: "${{ env.HELM_VERSION }}"
- uses: actions/checkout@v6
- name: install tools
run: |
apt update
apt install -y curl ca-certificates curl gnupg python3 python3-pip apt-transport-https
apt update -y
apt install -y curl ca-certificates curl gnupg
# helm
curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/
rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
helm version
# docker
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update -y
apt install -y python3 python3-pip apt-transport-https docker-ce-cli
pip install awscli --break-system-packages
- name: import GPG key
- name: Import GPG key
id: import_gpg
uses: https://github.com/crazy-max/ghaction-import-gpg@v7 # Gitea
#uses: crazy-max/ghaction-import-gpg@v7 # Github / Act
uses: https://github.com/crazy-max/ghaction-import-gpg@v7
with:
gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
- name: log into Docker Hub
uses: https://github.com/docker/login-action@v4 # Gitea
#uses: docker/login-action@v4 # Github / Act
with:
username: ${{ secrets.DOCKER_CHARTS_USERNAME }}
password: ${{ secrets.DOCKER_CHARTS_PASSWORD }}
# Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
- name: package chart
run: |
# Install Helm GPG plugin
helm plugin install https://github.com/technosophos/helm-gpg.git --verify=false
# Package the chart
mkdir ./actions
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
# FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
helm plugin install https://github.com/pat-s/helm-gpg
helm dependency build
helm package --version "${GITHUB_REF#refs/tags/v}" --destination ./actions ./
helm package --version "${GITHUB_REF#refs/tags/v}" ./
mkdir actions
mv actions*.tgz actions/
curl -s -L -o actions/index.yaml https://dl.gitea.com/charts/index.yaml
helm repo index actions/ --url https://dl.gitea.com/charts --merge actions/index.yaml
# Push to Docker Hub
# push to dockerhub
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
helm push actions/actions-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
helm registry logout registry-1.docker.io
env:
TAR_OPTIONS: "--wildcards"
- name: aws credential configure
uses: https://github.com/aws-actions/configure-aws-credentials@v6 # Gitea
#uses: aws-actions/configure-aws-credentials@v6 # Github / Act
uses: https://github.com/aws-actions/configure-aws-credentials@v6
with:
aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: copy files to S3 and clear cache
if: startsWith(github.ref, 'refs/tags/')
- name: Copy files to S3 and clear cache
run: |
aws s3 sync actions/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/

View File

@ -1,4 +1,4 @@
name: shellcheck
name: Lint Shell files
on:
pull_request:
@ -9,6 +9,6 @@ jobs:
shellcheck:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
- uses: actions/checkout@v6
- run: apt update --yes && apt install --yes shellcheck
- run: find . -type f -name "*.sh" -exec shellcheck -a {} \;

View File

@ -1,7 +1,6 @@
name: check-and-test
"on":
"workflow_dispatch":
on:
pull_request:
branches:
- "*"
@ -11,32 +10,31 @@ name: check-and-test
env:
# renovate: datasource=github-releases depName=helm-unittest/helm-unittest
HELM_UNITTEST_VERSION: "v1.1.1"
HELM_UNITTEST_VERSION: "v1.0.3"
jobs:
check-and-test:
runs-on: ubuntu-latest
container: alpine/helm:4.2.2
container: alpine/helm:3.20.0
steps:
- name: install tools
run: |
apk update
apk add --update bash make nodejs npm yamllint ncurses
- name: Install pnpm
uses: pnpm/action-setup@v6
uses: pnpm/action-setup@v4
with:
version: 11
- uses: actions/checkout@v7
version: 10
- uses: actions/checkout@v6
- name: install chart dependencies
run: helm dependency build
- name: lint
run: helm lint .
run: helm lint
- name: template
run: helm template --debug gitea-actions .
- name: prepare unit test environment
run: |
helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} --verify=false \
https://github.com/helm-unittest/helm-unittest.git # https://github.com/helm-unittest/helm-unittest?tab=readme-ov-file#install
helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
git submodule update --init --recursive
- name: unit tests
env:
@ -48,5 +46,4 @@ jobs:
make readme
git diff --exit-code --name-only README.md
- name: yaml lint
# uses: ibiqlik/action-yamllint@v3 # Github / Act
uses: https://github.com/ibiqlik/action-yamllint@v3 # Gitea
uses: https://github.com/ibiqlik/action-yamllint@v3

1
.gitignore vendored
View File

@ -2,4 +2,3 @@ charts/
node_modules/
.DS_Store
unittests/*/__snapshot__/
*secret*.yaml

View File

@ -1,20 +1,18 @@
apiVersion: v2
name: actions
description: Gitea Actions Helm chart for Kubernetes
description: Gitea Actions chart for Kubernetes
type: application
version: 0.1.1
# renovate datasource=gitea-releases depName=gitea/runner extractVersion=^v(?<version>.*)$
version: 0.0.0
# renovate datasource=github-releases depName=go-gitea/act extractVersion=^v(?<version>.*)$
appVersion: 0.261.3
keywords:
- cicd
- runner
- actions
home: https://gitea.com/
icon: https://gitea.com/assets/img/logo.svg
sources:
- https://gitea.com/gitea/helm-actions
- https://gitea.com/gitea/runner
- https://gitea.com/gitea/act
maintainers:
# https://gitea.com/DaanSelen

128
README.md
View File

@ -6,9 +6,17 @@ The parameters which can be used to customize the deployment are described below
If you want to propose a new feature or mechanism, submit an [issue here](https://gitea.com/gitea/helm-actions/issues).
## Quick-start
## Docs
[Documentation](./docs/README.md)
[Docs](./docs/README.md)
## Rootless Defaults
If `.Values.image.rootless: true`, then the following will occur. In case you use `.Values.image.fullOverride`, check that this works in your image:
- If `.Values.provisioning.enabled: true`, then uses the rootless Gitea image, must match helm-Gitea.
## Quick-start
To get started, add the Helm repo, assuming you have not already:
@ -29,119 +37,63 @@ Deploy with your values, make sure the path is correct:
helm upgrade --install gitea-actions gitea-charts/actions -f values.yaml
```
Alternatively:
```sh
helm upgrade --install gitea-actions gitea-charts/actions \
--set enabled=true \
--set giteaRootURL=https://gitea.com \
--set existingSecret=foo \
--set existingSecretKey=bar
```
You should be good to go!
### Runner Token Secret Template
For reference, a template for the secret is given below:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: runner-secret
namespace: "my-gitea-namespace"
type: Opaque
stringData:
runner-token: "my-cool-runner-token-given-by-gitea"
```
### Rootless Options
If `.Values.statefulset.dind.rootless: true` is set, then the following will be required:
`.Values.statefulset.dind.tag` must be a rootless image such as: `29.3.1-dind-rootless`
## Parameters
### Gitea Actions
| Name | Description | Value |
| -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
| `enabled` | Create a Gitea Runner StatefulSet. | `false` |
| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
| `enabled` | Create an act runner StatefulSet. | `false` |
| `init.image.repository` | The image used for the init containers | `busybox` |
| `init.image.tag` | The image tag used for the init containers | `1.37.0` |
| `statefulset.replicas` | the amount of (replica) runner pods deployed | `1` |
| `statefulset.timezone` | is the timezone that will be set in the runner image | `Etc/UTC` |
| `statefulset.annotations` | Gitea Runner annotations | `{}` |
| `statefulset.labels` | Gitea Runner labels | `{}` |
| `statefulset.resources` | Gitea Runner resources | `{}` |
| `statefulset.timezone` | is the timezone that will be set in the act_runner image | `Etc/UTC` |
| `statefulset.annotations` | Act runner annotations | `{}` |
| `statefulset.labels` | Act runner labels | `{}` |
| `statefulset.resources` | Act runner resources | `{}` |
| `statefulset.nodeSelector` | NodeSelector for the statefulset | `{}` |
| `statefulset.tolerations` | Tolerations for the statefulset | `[]` |
| `statefulset.affinity` | Affinity for the statefulset | `{}` |
| `statefulset.extraVolumes` | Extra volumes for the statefulset | `[]` |
| `statefulset.persistence.size` | Size for persistence to store Gitea Runner data | `1Gi` |
| `statefulset.securityContext` | Customize the SecurityContext | `{}` |
| `statefulset.serviceAccountName` | Customize the service account name | `""` |
| `statefulset.runtimeClassName` | Select a different RuntimeClass for pods | `""` |
| `statefulset.hostAliases` | Inject entries into the /etc/hosts file | `[]` |
| `statefulset.persistence.size` | Size for persistence to store Gitea Runner data | `1Gi` |
| `statefulset.runner.registry` | image registry, e.g. gcr.io,docker.io | `docker.gitea.com` |
| `statefulset.runner.repository` | The Gitea Runner image | `runner` |
| `statefulset.runner.tag` | The Gitea Runner tag | `1.0.6` |
| `statefulset.runner.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` |
| `statefulset.runner.pullPolicy` | The Gitea Runner pullPolicy | `IfNotPresent` |
| `statefulset.runner.fullOverride` | Completely overrides the image registry, path/image, tag and digest. | `""` |
| `statefulset.runner.extraVolumeMounts` | Allows mounting extra volumes in the Gitea Runner container | `[]` |
| `statefulset.runner.extraEnvs` | Allows adding custom environment variables | `[]` |
| `statefulset.runner.flushCache` | whether to clear the .runner (cache) file by creating an extra init container, can slightly increase boot-up time | `false` |
| `statefulset.runner.config` | Gitea Runner custom configuration. See [Gitea Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` |
| `statefulset.dind.rootless` | a simple flag to let helm know we are dealing with a rootless dind container | `false` |
| `statefulset.dind.uid` | a field to set the running user id for the rootless dind container, so it knows where to look for the socket | `""` |
| `statefulset.dind.registry` | image registry, e.g. gcr.io,docker.io | `docker.io` |
| `statefulset.actRunner.registry` | image registry, e.g. gcr.io,docker.io | `docker.gitea.com` |
| `statefulset.actRunner.repository` | The Gitea act runner image | `act_runner` |
| `statefulset.actRunner.tag` | The Gitea act runner tag | `0.2.13` |
| `statefulset.actRunner.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` |
| `statefulset.actRunner.pullPolicy` | The Gitea act runner pullPolicy | `IfNotPresent` |
| `statefulset.actRunner.fullOverride` | Completely overrides the image registry, path/image, tag and digest. | `""` |
| `statefulset.actRunner.extraVolumeMounts` | Allows mounting extra volumes in the act runner container | `[]` |
| `statefulset.actRunner.config` | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` |
| `statefulset.dind.registry` | image registry, e.g. gcr.io,docker.io | `""` |
| `statefulset.actRunner.extraEnvs` | Allows adding custom environment variables | `[]` |
| `statefulset.dind.repository` | The Docker-in-Docker image | `docker` |
| `statefulset.dind.tag` | The Docker-in-Docker image tag | `29.5.2-dind` |
| `statefulset.dind.tag` | The Docker-in-Docker image tag | `28.3.3-dind` |
| `statefulset.dind.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` |
| `statefulset.dind.fullOverride` | Completely overrides the image registry, path/image, tag and digest. | `""` |
| `statefulset.dind.pullPolicy` | The Docker-in-Docker pullPolicy | `IfNotPresent` |
| `statefulset.dind.extraVolumeMounts` | Allows mounting extra volumes in the Docker-in-Docker container | `[]` |
| `statefulset.dind.extraEnvs` | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY` | `[]` |
| `statefulset.dind.extraArgs` | Allows adding custom arguments to the Docker Daemon | `[]` |
| `statefulset.persistence.size` | Size for persistence to store act runner data | `1Gi` |
| `statefulset.securityContext` | Customize the SecurityContext | `{}` |
| `existingSecret` | Secret that contains the token | `""` |
| `existingSecretKey` | Secret key | `""` |
| `giteaRootURL` | URL the act_runner registers and connect with | `""` |
### Gitea Actions Init
| Name | Description | Value |
| ----------------------------------- | ---------------------------------------------------------------------------------------------------------- | -------------- |
| `init.image.registry` | Image registry, e.g. gcr.io,docker.io | `""` |
| `init.image.repository` | The init image (default: busyboxy but can be changed to alpine e.g.) | `busybox` |
| `init.image.tag` | The init image tag | `1.38.0` |
| ------------------------- | ---------------------------------------------------------------------------------------------------------- | -------------- |
| `init.image.registry` | image registry, e.g. gcr.io,docker.io | `""` |
| `init.image.repository` | The init image | `busybox` |
| `init.image.tag` | the init image tag | `1.37.0` |
| `init.image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` |
| `init.image.pullPolicy` | The init image pullPolicy | `IfNotPresent` |
| `init.image.fullOverride` | Completely overrides the image registry, path/image, tag and digest | `""` |
| `init.connectionCommandOverride` | Possiblity to change the command with which the container tests its connection to the Gitea server | `""` |
| `init.preConnectionCommandOverride` | Possibility to add commands that happen before the connection test loop | `""` |
### Runner Token Secret Configuration
| Name | Description | Value |
| ------------------- | ------------------------------ | ----- |
| `existingSecret` | Secret that contains the token | `""` |
| `existingSecretKey` | Secret key | `""` |
### Gitea URL Setting
| Name | Description | Value |
| -------------- | ------------------------------------------------ | ----- |
| `giteaRootURL` | URL the Gitea Runner registers and connects with | `""` |
### Extra Init Containers
| Name | Description | Value |
| ------------------------- | ----------------------------------------------------------------------------------------------- | ----- |
| `preExtraInitContainers` | Additional init containers to run in the pod before Gitea-actions runs it owns init containers. | `[]` |
| `postExtraInitContainers` | Additional init containers to run in the pod after Gitea-actions runs it owns init containers. | `[]` |
| `init.image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. | `""` |
### Global
| Name | Description | Value |
| ------------------------- | ---------------------------------- | ----- |
| ---------------------- | ------------------------------ | ----- |
| `global.imageRegistry` | global image registry override | `""` |
| `global.imagePullSecrets` | global image registry pull secrets | `[]` |
| `global.storageClass` | global storage class override | `""` |

View File

@ -1,3 +1,3 @@
# Gitea Actions Helm Chart Docs
- [connectionCommandOverride explanation](./connectionCommandOverride.md)
- [Share dind with job container](share-dind-with-job-container.md)

33
docs/actions-dev.md Normal file
View File

@ -0,0 +1,33 @@
# Gitea Actions
In order to use the Gitea Actions act-runner you must either:
- enable persistence (used for automatic deployment to be able to store the token in a place accessible for the Job)
- create a secret containing the act runner token and reference it as a `existingSecret`
In order to use Gitea Actions, you must log on the server that's running Gitea and run the command:
`gitea actions generate-runner-token`
This command will out a token that is needed by the act-runner to register with the Gitea backend.
Because this is a manual operation, we automated this using a Kubernetes Job using the following containers:
1) `actions-token-create`: it uses the current `gitea-rootless` image, mounts the persistent directory to `/data/` then it saves the output from `gitea actions generate-runner-token` to `/data/actions/token`
2) `actions-token-upload`: it uses a `bitnami/kubectl` image, mounts the scripts directory (`/scripts`) and
the persistent directory (`/data/`), and using the script from `/scripts/token.sh` stores the token in a Kubernetes secret
After the token is stored in a Kubernetes secret we can create the statefulset that contains the following containers:
1) `act-runner`: authenticates with Gitea using the token that was stored in the secret
2) `dind`: DockerInDocker image that is used to run the actions
If you are not using persistent volumes, you cannot use the Job to automatically generate the token.
In this case, you can use either the Web UI to generate the token or run a shell into a Gitea pod and invoke
the command `gitea actions generate-runner-token`. After generating the token, you must create a secret and use it via:
```yaml
provisioning:
enabled: false
existingSecret: "secret-name"
existingSecretKey: "secret-key"
```

View File

@ -1,48 +0,0 @@
# Using a custom connectionCommand
By default, before the container starts it tries to reach the given giteaRootURL.
Normally this is done by the busybox image using the wget binary.
However, due to [Issue #162](https://gitea.com/gitea/helm-actions/issues/162) there has been a change made where we can customize that command.
Using the `values.yaml` file by default it calls `wget --spider --no-check-certificate <your giteaRootURL>` with a timeout of 10 seconds.
But with a custom init section like detailed below we can make our check compliant with whatever certificate you have.
Assuming:
```yaml
enabled: true
giteaRootURL: https://gitea.com
existingSecret: foo
existingSecretKey: bar
init:
image:
registry: ""
repository: alpine
# Overrides the image tag whose default is the chart appVersion.
tag: "3.24"
digest: ""
pullPolicy: IfNotPresent
fullOverride: ""
connectionCommandOverride: "curl -I"
preConnectionCommandOverride: "apk add curl"
```
This now creates the following template section:
```yaml
- name: init-gitea
image: "alpine:latest"
command:
- sh
- -c
- |
apk add curl
echo 'Trying to reach Gitea on https://gitea.com'
until timeout 10 curl -I https://gitea.com; do
sleep 3
echo "Trying again in 3 seconds..."
done
echo "Gitea has been reached!"
```

View File

@ -0,0 +1,36 @@
# Share dind with job container
You can weaken isolation and allow jobs to call docker commands.
## Limitations
- Docker bind mounts like `-v /path/on/self/container:/path/to/new/container` do not work, because they are going to mount the path from the dind container
- Docker port expose to local host `-e 80:8080` is not going to work
## Example Values
```yaml
enabled: true
statefulset:
actRunner:
# See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
config: |
log:
level: debug
cache:
enabled: false
container:
valid_volumes:
- /var/run/docker.sock
options: -v /var/run/docker.sock:/var/run/docker.sock
## Specify an existing token secret
##
existingSecret: "runner-token2"
existingSecretKey: "token"
## Specify the root URL of the Gitea instance
giteaRootURL: "http://192.168.1.2:3000"
```
Now you can run docker commands inside your jobs.

View File

@ -14,6 +14,6 @@
},
"devDependencies": {
"@bitnami/readme-generator-for-helm": "^2.7.0",
"markdownlint-cli": "^0.49.0"
"markdownlint-cli": "^0.47.0"
}
}

198
pnpm-lock.yaml generated
View File

@ -12,8 +12,8 @@ importers:
specifier: ^2.7.0
version: 2.7.2
markdownlint-cli:
specifier: ^0.49.0
version: 0.49.0
specifier: ^0.47.0
version: 0.47.0
packages:
@ -21,8 +21,16 @@ packages:
resolution: {integrity: sha512-7eXyJzxQTQj2ajpHlIhadciCCYWOqN8ieaweU25bStHOZowQ2c2CQyjO/bX4gxIf73LoRKxHhEYgLTllJY9SIw==}
hasBin: true
'@types/debug@4.1.13':
resolution: {integrity: sha512-KSVgmQmzMwPlmtljOomayoR89W4FynCAi3E8PPs7vmDVPe84hT+vGPKkJfThkmXs0x0jAaa9U8uW8bbfyS2fWw==}
'@isaacs/balanced-match@4.0.1':
resolution: {integrity: sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==}
engines: {node: 20 || >=22}
'@isaacs/brace-expansion@5.0.1':
resolution: {integrity: sha512-WMz71T1JS624nWj2n2fnYAuPovhv7EUhk69R6i9dsVyzxt5eM3bjwvgk9L+APE1TRscGysAVMANkB0jh0LQZrQ==}
engines: {node: 20 || >=22}
'@types/debug@4.1.12':
resolution: {integrity: sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==}
'@types/katex@0.16.8':
resolution: {integrity: sha512-trgaNyfU+Xh2Tc+ABIb44a5AYUpicB3uwirOioeOkNPPbmgRNtcWyDeeFRzjPZENO9Vq8gvVqfhaaXWLlevVwg==}
@ -43,16 +51,8 @@ packages:
balanced-match@1.0.2:
resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==}
balanced-match@4.0.4:
resolution: {integrity: sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==}
engines: {node: 18 || 20 || >=22}
brace-expansion@1.1.15:
resolution: {integrity: sha512-EwOCDEex4quD37XhqM3omwtMoJjr//isUZz1JopUNWms+4Z2ViyM/k1YIRePpoVNnQhENnxtFjLaxNHrT7xIUg==}
brace-expansion@5.0.7:
resolution: {integrity: sha512-7oFy703dxfY3/NLxC1fh2SUCQ0H9rmAY+5EpDVfXjUTTs+HEwR2nYaqLv+GWcTsumwxPfiz6CzCNkwXwBUwqCA==}
engines: {node: 18 || 20 || >=22}
brace-expansion@1.1.12:
resolution: {integrity: sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==}
character-entities-legacy@3.0.0:
resolution: {integrity: sha512-RpPp0asT/6ufRm//AJVwpViZbGM/MkjQFxJccQRHmISF/22NBtsHqAWmL+/pmkPWoIUJdWyeVleTl1wydHATVQ==}
@ -67,9 +67,9 @@ packages:
resolution: {integrity: sha512-/rFeCpNJQbhSZjGVwO9RFV3xPqbnERS8MmIQzCtD/zl6gpJuV/bMLuN92oG3F7d8oDEHHRrujSXNUr8fpjntKw==}
engines: {node: '>=18'}
commander@15.0.0:
resolution: {integrity: sha512-z67u4ZhzCL/Tydu1lJARtEZYWbWaN7oYLHbsuzocr6y4N6WZAagG3RQ4FW61V1/0+jImpj293XfrcYnd1qxtPg==}
engines: {node: '>=22.12.0'}
commander@14.0.3:
resolution: {integrity: sha512-H+y0Jo/T1RZ9qPP4Eh1pkcQcLRglraJaSLoyOtHxu6AapkjWVCy2Sit1QQ4x3Dng8qDlSsZEet7g5Pq06MvTgw==}
engines: {node: '>=20'}
commander@6.2.1:
resolution: {integrity: sha512-U7VdrJFnJgo4xjrHpTzu0yrHPGImdsmD95ZlgYSEajAn2JKzDhDTPG9kBTefmObL2w/ngeZnilk+OV9CG3d7UA==}
@ -125,8 +125,8 @@ packages:
fs.realpath@1.0.0:
resolution: {integrity: sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==}
get-east-asian-width@1.6.0:
resolution: {integrity: sha512-QRbvDIbx6YklUe6RxeTeleMR0yv3cYH6PsPZHcnVn7xv7zO1BHN8r0XETu8n6Ye3Q+ahtSarc3WgtNWmehIBfA==}
get-east-asian-width@1.4.0:
resolution: {integrity: sha512-QZjmEOC+IT1uk6Rx0sX22V6uHWVwbdbxf1faPqJ1QhLdGgsRGCZoyaQBm/piRdJy/D2um6hM1UP7ZEeQ4EkP+Q==}
engines: {node: '>=18'}
glob@7.2.3:
@ -160,8 +160,8 @@ packages:
is-hexadecimal@2.0.1:
resolution: {integrity: sha512-DgZQp241c8oO6cA1SbTEWiXeoxV42vlcJxgH+B3hi1AiqqKruZR3ZGF8In3fj4+/y/7rHvlOZLZtgJ/4ttYGZg==}
js-yaml@4.2.0:
resolution: {integrity: sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==}
js-yaml@4.1.1:
resolution: {integrity: sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==}
hasBin: true
jsonc-parser@3.3.1:
@ -171,31 +171,31 @@ packages:
resolution: {integrity: sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==}
engines: {node: '>=0.10.0'}
katex@0.16.47:
resolution: {integrity: sha512-Eeo8Ys1doU1z+x8AZsPpQu+p/QcZBI5PeOo7QGQdy2x2m0MU/hYagBbGOmXwr5KVbEfVuWv9LpnQWeehogurjg==}
katex@0.16.28:
resolution: {integrity: sha512-YHzO7721WbmAL6Ov1uzN/l5mY5WWWhJBSW+jq4tkfZfsxmo1hu6frS0EOswvjBUnWE6NtjEs48SFn5CQESRLZg==}
hasBin: true
linkify-it@5.0.1:
resolution: {integrity: sha512-wVoTjP4Q6R0NW5hiZkVJaFZPWgtXfoGF+6LucL3/FtiNjmcHhYjEr5f1Kqjirc1nBW07J/ZuRFumqr2oqccEWg==}
linkify-it@5.0.0:
resolution: {integrity: sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==}
lodash@4.18.1:
resolution: {integrity: sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==}
lodash@4.17.23:
resolution: {integrity: sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==}
markdown-it@14.2.0:
resolution: {integrity: sha512-1TGiQiJVRQ3NPmZH6sx5Cfnmg6GQm9jvC1ch4TK511NjSJvjzKLzn5pPfZRNZkRPZP0HqCioSndqH8v2nRaWVQ==}
markdown-it@14.1.0:
resolution: {integrity: sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==}
hasBin: true
markdown-table@2.0.0:
resolution: {integrity: sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==}
markdownlint-cli@0.49.0:
resolution: {integrity: sha512-vS5tWq5W91Gg33LD4pyAaXPclnz/sRvo6/RGOyDQjQ3eds2DkK6H4szUuE0M9TiRB/u/VBx1gtd9Ktrtx5WlSA==}
engines: {node: '>=22'}
markdownlint-cli@0.47.0:
resolution: {integrity: sha512-HOcxeKFAdDoldvoYDofd85vI8LgNWy8vmYpCwnlLV46PJcodmGzD7COSSBlhHwsfT4o9KrAStGodImVBus31Bg==}
engines: {node: '>=20'}
hasBin: true
markdownlint@0.41.0:
resolution: {integrity: sha512-xMUI3ChBuRuxuLF4ENvCZyS8z/+Jly1coUcZwErKLIB3sDj7ojpaTBa1e9YVPhSN4jGEIjYGQCldbTJS/hqS+A==}
engines: {node: '>=22'}
markdownlint@0.40.0:
resolution: {integrity: sha512-UKybllYNheWac61Ia7T6fzuQNDZimFIpCg2w6hHjgV1Qu0w1TV0LlSgryUGzM0bkKQCBhy2FDhEELB73Kb0kAg==}
engines: {node: '>=20'}
mdurl@2.0.0:
resolution: {integrity: sha512-Lf+9+2r+Tdp5wXDXC4PcIBjTDtq4UKjCPMQhKIuzpJNW0b96kVqSwW0bT7FhRSfmAiFYgP+SCRvdrDozfh0U5w==}
@ -275,12 +275,12 @@ packages:
micromark@4.0.2:
resolution: {integrity: sha512-zpe98Q6kvavpCr1NPVSCMebCKfD7CA2NqZ+rykeNhONIJBpc1tFKt9hucLGwha3jNTNI8lHpctWJWoimVF4PfA==}
minimatch@10.2.5:
resolution: {integrity: sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==}
engines: {node: 18 || 20 || >=22}
minimatch@10.1.2:
resolution: {integrity: sha512-fu656aJ0n2kcXwsnwnv9g24tkU5uSmOlTjd6WyyaKm2Z+h1qmY6bAjrcaIxF/BslFqbZ8UBtbJi7KgQOZD2PTw==}
engines: {node: 20 || >=22}
minimatch@3.1.5:
resolution: {integrity: sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==}
minimatch@3.1.2:
resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==}
minimist@1.2.8:
resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==}
@ -298,8 +298,8 @@ packages:
resolution: {integrity: sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==}
engines: {node: '>=0.10.0'}
picomatch@4.0.4:
resolution: {integrity: sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==}
picomatch@4.0.3:
resolution: {integrity: sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==}
engines: {node: '>=12'}
punycode.js@2.3.1:
@ -314,24 +314,24 @@ packages:
resolution: {integrity: sha512-CcfE+mYiTcKEzg0IqS08+efdnH0oJ3zV0wSUFBNrMHMuxCtXvBCLzCJHatwuXDcu/RlhjTziTo/a1ruQik6/Yg==}
hasBin: true
smol-toml@1.6.1:
resolution: {integrity: sha512-dWUG8F5sIIARXih1DTaQAX4SsiTXhInKf1buxdY9DIg4ZYPZK5nGM1VRIYmEbDbsHt7USo99xSLFu5Q1IqTmsg==}
smol-toml@1.5.2:
resolution: {integrity: sha512-QlaZEqcAH3/RtNyet1IPIYPsEWAaYyXXv1Krsi+1L/QHppjX4Ifm8MQsBISz9vE8cHicIq3clogsheili5vhaQ==}
engines: {node: '>= 18'}
string-width@8.2.1:
resolution: {integrity: sha512-IIaP0g3iy9Cyy18w3M9YcaDudujEAVHKt3a3QJg1+sr/oX96TbaGUubG0hJyCjCBThFH+tFpcIyoUHUn1ogaLA==}
string-width@8.1.0:
resolution: {integrity: sha512-Kxl3KJGb/gxkaUMOjRsQ8IrXiGW75O4E3RPjFIINOVH8AMl2SQ/yWdTzWwF3FevIX9LcMAjJW+GRwAlAbTSXdg==}
engines: {node: '>=20'}
strip-ansi@7.2.0:
resolution: {integrity: sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==}
strip-ansi@7.1.2:
resolution: {integrity: sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==}
engines: {node: '>=12'}
strip-json-comments@3.1.1:
resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==}
engines: {node: '>=8'}
tinyglobby@0.2.17:
resolution: {integrity: sha512-wXR/dYpcqKmfWpEdZjiKJOwCNFndD0DMnrW/cYjVGttEkBfVgcLFHoNrlj47mjOVic9yyNu65alsgF4NQyTa2g==}
tinyglobby@0.2.15:
resolution: {integrity: sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==}
engines: {node: '>=12.0.0'}
uc.micro@2.1.0:
@ -340,8 +340,8 @@ packages:
wrappy@1.0.2:
resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==}
yaml@2.9.0:
resolution: {integrity: sha512-2AvhNX3mb8zd6Zy7INTtSpl1F15HW6Wnqj0srWlkKLcpYl/gMIMJiyuGq2KeI2YFxUPjdlB+3Lc10seMLtL4cA==}
yaml@2.8.2:
resolution: {integrity: sha512-mplynKqc1C2hTVYxd0PU2xQAc22TI1vShAYGksCCfxbn/dFwnHTNi1bvYsBTkhdUNtGIf5xNOg938rrSSYvS9A==}
engines: {node: '>= 14.6'}
hasBin: true
@ -351,11 +351,17 @@ snapshots:
dependencies:
commander: 13.1.0
dot-object: 2.1.5
lodash: 4.18.1
lodash: 4.17.23
markdown-table: 2.0.0
yaml: 2.9.0
yaml: 2.8.2
'@types/debug@4.1.13':
'@isaacs/balanced-match@4.0.1': {}
'@isaacs/brace-expansion@5.0.1':
dependencies:
'@isaacs/balanced-match': 4.0.1
'@types/debug@4.1.12':
dependencies:
'@types/ms': 2.1.0
@ -371,17 +377,11 @@ snapshots:
balanced-match@1.0.2: {}
balanced-match@4.0.4: {}
brace-expansion@1.1.15:
brace-expansion@1.1.12:
dependencies:
balanced-match: 1.0.2
concat-map: 0.0.1
brace-expansion@5.0.7:
dependencies:
balanced-match: 4.0.4
character-entities-legacy@3.0.0: {}
character-entities@2.0.2: {}
@ -390,7 +390,7 @@ snapshots:
commander@13.1.0: {}
commander@15.0.0: {}
commander@14.0.3: {}
commander@6.2.1: {}
@ -421,20 +421,20 @@ snapshots:
entities@4.5.0: {}
fdir@6.5.0(picomatch@4.0.4):
fdir@6.5.0(picomatch@4.0.3):
optionalDependencies:
picomatch: 4.0.4
picomatch: 4.0.3
fs.realpath@1.0.0: {}
get-east-asian-width@1.6.0: {}
get-east-asian-width@1.4.0: {}
glob@7.2.3:
dependencies:
fs.realpath: 1.0.0
inflight: 1.0.6
inherits: 2.0.4
minimatch: 3.1.5
minimatch: 3.1.2
once: 1.4.0
path-is-absolute: 1.0.1
@ -460,7 +460,7 @@ snapshots:
is-hexadecimal@2.0.1: {}
js-yaml@4.2.0:
js-yaml@4.1.1:
dependencies:
argparse: 2.0.1
@ -468,21 +468,21 @@ snapshots:
jsonpointer@5.0.1: {}
katex@0.16.47:
katex@0.16.28:
dependencies:
commander: 8.3.0
linkify-it@5.0.1:
linkify-it@5.0.0:
dependencies:
uc.micro: 2.1.0
lodash@4.18.1: {}
lodash@4.17.23: {}
markdown-it@14.2.0:
markdown-it@14.1.0:
dependencies:
argparse: 2.0.1
entities: 4.5.0
linkify-it: 5.0.1
linkify-it: 5.0.0
mdurl: 2.0.0
punycode.js: 2.3.1
uc.micro: 2.1.0
@ -491,24 +491,24 @@ snapshots:
dependencies:
repeat-string: 1.6.1
markdownlint-cli@0.49.0:
markdownlint-cli@0.47.0:
dependencies:
commander: 15.0.0
commander: 14.0.3
deep-extend: 0.6.0
ignore: 7.0.5
js-yaml: 4.2.0
js-yaml: 4.1.1
jsonc-parser: 3.3.1
jsonpointer: 5.0.1
markdown-it: 14.2.0
markdownlint: 0.41.0
minimatch: 10.2.5
markdown-it: 14.1.0
markdownlint: 0.40.0
minimatch: 10.1.2
run-con: 1.3.2
smol-toml: 1.6.1
tinyglobby: 0.2.17
smol-toml: 1.5.2
tinyglobby: 0.2.15
transitivePeerDependencies:
- supports-color
markdownlint@0.41.0:
markdownlint@0.40.0:
dependencies:
micromark: 4.0.2
micromark-core-commonmark: 2.0.3
@ -518,7 +518,7 @@ snapshots:
micromark-extension-gfm-table: 2.1.1
micromark-extension-math: 3.1.0
micromark-util-types: 2.0.2
string-width: 8.2.1
string-width: 8.1.0
transitivePeerDependencies:
- supports-color
@ -583,7 +583,7 @@ snapshots:
dependencies:
'@types/katex': 0.16.8
devlop: 1.1.0
katex: 0.16.47
katex: 0.16.28
micromark-factory-space: 2.0.1
micromark-util-character: 2.1.1
micromark-util-symbol: 2.0.1
@ -676,7 +676,7 @@ snapshots:
micromark@4.0.2:
dependencies:
'@types/debug': 4.1.13
'@types/debug': 4.1.12
debug: 4.4.3
decode-named-character-reference: 1.3.0
devlop: 1.1.0
@ -696,13 +696,13 @@ snapshots:
transitivePeerDependencies:
- supports-color
minimatch@10.2.5:
minimatch@10.1.2:
dependencies:
brace-expansion: 5.0.7
'@isaacs/brace-expansion': 5.0.1
minimatch@3.1.5:
minimatch@3.1.2:
dependencies:
brace-expansion: 1.1.15
brace-expansion: 1.1.12
minimist@1.2.8: {}
@ -724,7 +724,7 @@ snapshots:
path-is-absolute@1.0.1: {}
picomatch@4.0.4: {}
picomatch@4.0.3: {}
punycode.js@2.3.1: {}
@ -737,26 +737,26 @@ snapshots:
minimist: 1.2.8
strip-json-comments: 3.1.1
smol-toml@1.6.1: {}
smol-toml@1.5.2: {}
string-width@8.2.1:
string-width@8.1.0:
dependencies:
get-east-asian-width: 1.6.0
strip-ansi: 7.2.0
get-east-asian-width: 1.4.0
strip-ansi: 7.1.2
strip-ansi@7.2.0:
strip-ansi@7.1.2:
dependencies:
ansi-regex: 6.2.2
strip-json-comments@3.1.1: {}
tinyglobby@0.2.17:
tinyglobby@0.2.15:
dependencies:
fdir: 6.5.0(picomatch@4.0.4)
picomatch: 4.0.4
fdir: 6.5.0(picomatch@4.0.3)
picomatch: 4.0.3
uc.micro@2.1.0: {}
wrappy@1.0.2: {}
yaml@2.9.0: {}
yaml@2.8.2: {}

View File

@ -1,4 +1,5 @@
{{- if .Values.enabled -}}
{{- if or (empty .Values.existingSecret) (empty .Values.existingSecretKey) -}}
{{- fail "existingSecret and existingSecretKey are required when provisioning is disabled" -}}
{{- end -}}

View File

@ -20,7 +20,7 @@ If release name contains chart name it will be used as a full name.
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
@ -46,7 +46,7 @@ Storage Class
{{- $storageClass := default (tpl ( default "" .Values.global.storageClass) .) }}
{{- if $storageClass }}
storageClassName: {{ $storageClass | quote }}
{{- end -}}
{{- end }}
{{- end -}}
{{/*
@ -61,10 +61,10 @@ version: {{ default .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{- define "gitea.actions.labels.runner" -}}
{{- define "gitea.actions.labels.actRunner" -}}
helm.sh/chart: {{ include "gitea.actions.chart" . }}
app: {{ include "gitea.actions.name" . }}-runner
{{ include "gitea.actions.selectorLabels.runner" . }}
app: {{ include "gitea.actions.name" . }}-act-runner
{{ include "gitea.actions.selectorLabels.actRunner" . }}
app.kubernetes.io/version: {{ default .Chart.AppVersion | quote }}
version: {{ default .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
@ -78,8 +78,8 @@ app.kubernetes.io/name: {{ include "gitea.actions.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "gitea.actions.selectorLabels.runner" -}}
app.kubernetes.io/name: {{ include "gitea.actions.name" . }}-runner
{{- define "gitea.actions.selectorLabels.actRunner" -}}
app.kubernetes.io/name: {{ include "gitea.actions.name" . }}-act-runner
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
@ -112,8 +112,8 @@ Common create image implementation
{{/*
Create image for the Gitea Actions Act Runner
*/}}
{{- define "gitea.actions.runner.image" -}}
{{ include "gitea.actions.common.image" (dict "root" . "image" .Values.statefulset.runner) }}
{{- define "gitea.actions.actRunner.image" -}}
{{ include "gitea.actions.common.image" (dict "root" . "image" .Values.statefulset.actRunner) }}
{{- end -}}
{{/*

View File

@ -3,13 +3,13 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "gitea.actions.fullname" . }}-runner-configmap
name: {{ include "gitea.actions.fullname" . }}-act-runner-config
namespace: {{ .Values.namespace | default .Release.Namespace }}
labels:
{{- include "gitea.actions.labels" . | nindent 4 }}
data:
config.yaml: |
{{- with .Values.statefulset.runner.config -}}
{{- with .Values.statefulset.actRunner.config -}}
{{- if kindIs "string" . -}}
{{ . | nindent 4}}
{{- else -}}

View File

@ -5,7 +5,7 @@ apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
{{- include "gitea.actions.labels.runner" . | nindent 4 }}
{{- include "gitea.actions.labels.actRunner" . | nindent 4 }}
{{- with .Values.statefulset.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
@ -13,167 +13,102 @@ metadata:
{{- with .Values.statefulset.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "gitea.actions.fullname" . }}-runner
name: {{ include "gitea.actions.fullname" . }}-act-runner
namespace: {{ .Values.namespace | default .Release.Namespace }}
spec:
replicas: {{ .Values.statefulset.replicas | default 1 }}
selector:
matchLabels:
{{- include "gitea.actions.selectorLabels.runner" . | nindent 6 }}
{{- include "gitea.actions.selectorLabels.actRunner" . | nindent 6 }}
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/config: {{ include (print $.Template.BasePath "/config-act-runner.yaml") . | sha256sum }}
labels:
{{- include "gitea.actions.labels.runner" . | nindent 8 }}
{{- include "gitea.actions.labels.actRunner" . | nindent 8 }}
{{- with .Values.statefulset.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
restartPolicy: Always
{{- if .Values.statefulset.serviceAccountName }}
serviceAccountName: {{ .Values.statefulset.serviceAccountName | quote }}
{{- end }}
{{- if .Values.statefulset.securityContext }}
securityContext:
{{- toYaml .Values.statefulset.securityContext | nindent 8 }}
{{- end }}
{{- if .Values.statefulset.runtimeClassName }}
runtimeClassName: {{ .Values.statefulset.runtimeClassName | quote }}
{{- end }}
{{- if .Values.statefulset.hostAliases }}
hostAliases:
{{- toYaml .Values.statefulset.hostAliases | nindent 8 }}
{{- end }}
initContainers:
{{- if .Values.preExtraInitContainers }}
{{- toYaml .Values.preExtraInitContainers | nindent 8 }}
{{- end }}
{{- if .Values.statefulset.runner.flushCache }}
- name: cache-flusher
- name: init-gitea
image: "{{ include "gitea.actions.init.image" . }}"
command:
- sh
- -c
- |
if [[ -f /data/.runner ]]; then
echo "Removing cache at /data/.runner"
rm -v /data/.runner
else
echo "No .runner file to remove"
fi
volumeMounts:
- mountPath: /data
name: data-runner
{{- end }}
- name: reach-gitea
image: "{{ include "gitea.actions.init.image" . }}"
command:
- sh
- -c
- |
{{- if .Values.init.preConnectionCommandOverride }}
{{ .Values.init.preConnectionCommandOverride }}
{{- end }}
echo 'Trying to reach Gitea on {{ include "gitea.actions.local_root_url" . }}'
{{- if .Values.init.connectionCommandOverride }}
until timeout 10 {{ .Values.init.connectionCommandOverride }} {{ include "gitea.actions.local_root_url" . }}; do
{{- else }}
until timeout 10 wget --no-check-certificate --spider {{ include "gitea.actions.local_root_url" . }}; do
{{- end }}
sleep 3
echo "Trying again in 3 seconds..."
done
echo "Gitea has been reached!"
- name: dind
image: "{{ include "gitea.actions.dind.image" . }}"
restartPolicy: Always
imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }}
{{- if .Values.statefulset.dind.extraEnvs }}
env:
{{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
{{- end }}
restartPolicy: Always
securityContext:
privileged: true
{{- if .Values.statefulset.dind.extraArgs }}
args:
{{- toYaml .Values.statefulset.dind.extraArgs | nindent 12 }}
{{- end }}
startupProbe:
exec:
command:
- /usr/bin/test
- -S
{{- if .Values.statefulset.dind.rootless }}
- /run/user/{{ .Values.statefulset.dind.uid | default 1000 }}/docker.sock
{{- else }}
- /var/run/docker.sock
{{- end }}
livenessProbe:
exec:
command:
- /usr/bin/test
- -S
{{- if .Values.statefulset.dind.rootless }}
- /run/user/{{ .Values.statefulset.dind.uid | default 1000 }}/docker.sock
{{- else }}
- /var/run/docker.sock
{{- end }}
resources:
{{- toYaml .Values.statefulset.resources | nindent 12 }}
volumeMounts:
{{- if .Values.statefulset.dind.rootless }}
- mountPath: /run/user/{{ .Values.statefulset.dind.uid | default 1000 }}/
{{- else }}
- mountPath: /var/run/
{{- end }}
name: docker-socket
{{- with .Values.statefulset.dind.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.postExtraInitContainers }}
{{- toYaml .Values.postExtraInitContainers | nindent 8 }}
{{- end }}
containers:
- name: runner
image: "{{ include "gitea.actions.runner.image" . }}"
imagePullPolicy: {{ .Values.statefulset.runner.pullPolicy }}
- name: act-runner
image: "{{ include "gitea.actions.actRunner.image" . }}"
imagePullPolicy: {{ .Values.statefulset.actRunner.pullPolicy }}
workingDir: /data
env:
- name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: "{{ (tpl .Values.existingSecret . ) | default $secretName }}"
key: "{{ (tpl .Values.existingSecretKey . ) | default "token" }}"
name: "{{ .Values.existingSecret | default $secretName }}"
key: "{{ .Values.existingSecretKey | default "token" }}"
- name: GITEA_INSTANCE_URL
value: {{ include "gitea.actions.local_root_url" . }}
- name: CONFIG_FILE
value: /runner/config.yaml
value: /actrunner/config.yaml
- name: TZ
value: {{ .Values.statefulset.timezone | default "Etc/UTC" }}
{{- if .Values.statefulset.runner.extraEnvs }}
{{- toYaml .Values.statefulset.runner.extraEnvs | nindent 12 }}
{{- if .Values.statefulset.actRunner.extraEnvs }}
{{- toYaml .Values.statefulset.actRunner.extraEnvs | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.statefulset.resources | nindent 12 }}
volumeMounts:
- mountPath: /runner/config.yaml
name: runner-config
- mountPath: /actrunner/config.yaml
name: act-runner-config
subPath: config.yaml
- mountPath: /var/run/docker.sock
name: docker-socket
subPath: docker.sock
- mountPath: /data
name: data-runner
{{- with .Values.statefulset.runner.extraVolumeMounts }}
name: data-act-runner
{{- with .Values.statefulset.actRunner.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.statefulset.nodeSelector }}
nodeSelector:
{{ $key }}: {{ $value | quote }}
@ -187,9 +122,9 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: runner-config
- name: act-runner-config
configMap:
name: {{ include "gitea.actions.fullname" . }}-runner-configmap
name: {{ include "gitea.actions.fullname" . }}-act-runner-config
- name: docker-socket
emptyDir: {}
{{- with .Values.statefulset.extraVolumes }}
@ -197,10 +132,10 @@ spec:
{{- end }}
volumeClaimTemplates:
- metadata:
name: data-runner
name: data-act-runner
spec:
accessModes: [ "ReadWriteOnce" ]
{{- include "gitea.actions.persistence.storageClass" . | indent 8 }}
{{- include "gitea.actions.persistence.storageClass" . | nindent 8 }}
resources:
requests:
storage: {{ .Values.statefulset.persistence.size }}

View File

@ -1,6 +1,6 @@
suite: actions template | consistency checks
release:
name: gitea-actions-unittests
name: gitea-unittests
namespace: testing
templates:
- templates/01-consistency-checks.yaml

View File

@ -1,22 +1,22 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
suite: actions template | configmap
suite: actions template | config-act-runner
release:
name: gitea-actions-unittests
name: gitea-unittests
namespace: testing
templates:
- templates/configmap.yaml
- templates/config-act-runner.yaml
tests:
- it: doesn't renders a ConfigMap by default
template: templates/configmap.yaml
template: templates/config-act-runner.yaml
asserts:
- hasDocuments:
count: 0
- it: renders a ConfigMap
template: templates/configmap.yaml
template: templates/config-act-runner.yaml
set:
enabled: true
statefulset:
runner:
actRunner:
config: |
log:
level: info
@ -31,7 +31,7 @@ tests:
- containsDocument:
kind: ConfigMap
apiVersion: v1
name: gitea-actions-unittests-runner-configmap
name: gitea-unittests-actions-act-runner-config
- equal:
path: data["config.yaml"]
value: |
@ -43,12 +43,12 @@ tests:
labels:
- "ubuntu-latest"
- it: renders a ConfigMap with inline yaml
template: templates/configmap.yaml
template: templates/config-act-runner.yaml
set:
enabled: true
statefulset:
runner:
config: |
actRunner:
config:
container:
valid_volumes:
- /var/run/docker.sock
@ -59,7 +59,7 @@ tests:
- containsDocument:
kind: ConfigMap
apiVersion: v1
name: gitea-actions-unittests-runner-configmap
name: gitea-unittests-actions-act-runner-config
- matchRegex:
path: data["config.yaml"]
pattern: '(?m)^\s*options:\s*-v /var/run/docker.sock:/var/run/docker.sock\s*$'

View File

@ -1,41 +1,173 @@
suite: actions template | statefulset
release:
name: gitea-actions-unittests
name: gitea-unittests
namespace: testing
templates:
- templates/statefulset.yaml
- templates/configmap.yaml
- templates/config-act-runner.yaml
tests:
#
## GENERIC
#
- it: doesn't renders a StatefulSet by default
template: templates/statefulset.yaml
asserts:
- hasDocuments:
count: 0
- it: renders a StatefulSet (that tracks changes of the runner configuration as annotation)
- it: act-runner uses fullOverride
template: templates/statefulset.yaml
set:
image.tag: "1.22.3" # lock image tag to prevent test failures on future Gitea upgrades
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
statefulset.actRunner.fullOverride: test.io/act_runner:x.y.z
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-runner
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.metadata.annotations["checksum/config"]
value: "83e4d1bb70cc2a861cd18fdb42537e700d4055d431713e64e28c3874c5660097"
path: spec.template.spec.containers[0].image
value: test.io/act_runner:x.y.z
- it: act-runner uses digest
template: templates/statefulset.yaml
set:
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
statefulset.actRunner.tag: 0.2.13
statefulset.actRunner.digest: sha256:abcdef123456
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.containers[0].image
value: docker.gitea.com/act_runner:0.2.13@sha256:abcdef123456
- it: act-runner uses global.imageRegistry
template: templates/statefulset.yaml
set:
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
global.imageRegistry: test.io
statefulset.actRunner.tag: 0.2.13
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.containers[0].image
value: test.io/act_runner:0.2.13
- it: dind uses fullOverride
template: templates/statefulset.yaml
set:
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
statefulset.dind.fullOverride: test.io/dind:x.y.z
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.initContainers[1].image
value: test.io/dind:x.y.z
- it: dind uses global.imageRegistry
template: templates/statefulset.yaml
set:
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
global.imageRegistry: test.io
statefulset.dind.tag: 28.3.3-dind
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.initContainers[1].image
value: test.io/docker:28.3.3-dind
- it: init uses fullOverride
template: templates/statefulset.yaml
set:
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
init.image.fullOverride: test.io/busybox:x.y.z
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.initContainers[0].image
value: test.io/busybox:x.y.z
- it: init uses global.imageRegistry
template: templates/statefulset.yaml
set:
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
global.imageRegistry: test.io
init.image.tag: 1.37.0
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.initContainers[0].image
value: test.io/busybox:1.37.0
- it: renders additional environment variables for act-runner container in StatefulSet
template: templates/statefulset.yaml
set:
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
statefulset:
actRunner:
extraEnvs:
- name: "CUSTOM_ENV"
value: "1"
- name: "GITEA_RUNNER_NAME"
valueFrom:
fieldRef:
fieldPath: metadata.name
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.containers[0].env[4]
value:
name: CUSTOM_ENV
value: "1"
- matchRegex:
path: spec.template.spec.containers[0].env[5].valueFrom.fieldRef.fieldPath
pattern: "metadata\\.name"
- matchRegex:
path: spec.template.spec.containers[0].env[5].name
pattern: "GITEA_RUNNER_NAME"
- it: Has fsGroup in securityContext
template: templates/statefulset.yaml
set:
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
statefulset.securityContext:
fsGroup: 1000
asserts:
@ -44,15 +176,16 @@ tests:
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-runner
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.securityContext["fsGroup"]
value: 1000
- it: Has fsGroupChangePolicy in securityContext
template: templates/statefulset.yaml
set:
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
statefulset.securityContext:
fsGroupChangePolicy: OnRootMismatch
asserts:
@ -61,15 +194,16 @@ tests:
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-runner
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.securityContext["fsGroupChangePolicy"]
value: "OnRootMismatch"
- it: Has Always in securityContext
template: templates/statefulset.yaml
set:
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
statefulset.securityContext:
fsGroupChangePolicy: Always
asserts:
@ -78,11 +212,15 @@ tests:
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-runner
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.securityContext["fsGroupChangePolicy"]
value: "Always"
- it: doesn't renders a StatefulSet by default
template: templates/statefulset.yaml
asserts:
- hasDocuments:
count: 0
- it: renders a StatefulSet (with given existingSecret/existingSecretKey)
template: templates/statefulset.yaml
set:
@ -95,7 +233,7 @@ tests:
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-runner
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.containers[0].env[0]
value:
@ -104,11 +242,11 @@ tests:
secretKeyRef:
name: "my-secret"
key: "my-secret-key"
- it: renders a StatefulSet http (with correct GITEA_INSTANCE_URL env from giteaRootURL)
- it: renders a StatefulSet (with secret reference defaults for enabled provisioning)
template: templates/statefulset.yaml
set:
giteaRootURL: "http://git.example.com"
enabled: true
provisioning:
enabled: true
asserts:
- hasDocuments:
@ -116,7 +254,46 @@ tests:
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-runner
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.containers[0].env[0]
value:
name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: "gitea-unittests-actions-token"
key: "token"
- it: renders a StatefulSet (that tracks changes of the runner configuration as annotation)
template: templates/statefulset.yaml
set:
image.tag: "1.22.3" # lock image tag to prevent test failures on future Gitea upgrades
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.metadata.annotations["checksum/config"]
value: "2bafbf04b3c4293c8ddf895ae3d908e14176ee54a6c724c8cf5b2a1e43c6ece7"
- it: renders a StatefulSet http (with correct GITEA_INSTANCE_URL env from giteaRootURL)
template: templates/statefulset.yaml
set:
giteaRootURL: "http://git.example.com"
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.containers[0].env[1]
value:
@ -131,19 +308,20 @@ tests:
echo "Trying again in 3 seconds..."
done
echo "Gitea has been reached!"
- it: renders a StatefulSet https (with correct GITEA_INSTANCE_URL env from giteaRootURL)
template: templates/statefulset.yaml
set:
giteaRootURL: "https://git.example.com"
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-runner
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.containers[0].env[1]
value:
@ -158,19 +336,20 @@ tests:
echo "Trying again in 3 seconds..."
done
echo "Gitea has been reached!"
- it: renders a StatefulSet https with explicit port (with correct GITEA_INSTANCE_URL env from giteaRootURL)
- it: renders a StatefulSet https (with correct GITEA_INSTANCE_URL env from giteaRootURL)
template: templates/statefulset.yaml
set:
giteaRootURL: "https://git.example.com:8443"
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-runner
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.containers[0].env[1]
value:
@ -185,194 +364,6 @@ tests:
echo "Trying again in 3 seconds..."
done
echo "Gitea has been reached!"
- it: should render service account name correctly
template: templates/statefulset.yaml
set:
enabled: true
statefulset:
serviceAccountName: "my-service-account"
asserts:
- hasDocuments:
count: 1
- equal:
path: spec.template.spec.serviceAccountName
value: "my-service-account"
- it: should render runtime class name correctly
template: templates/statefulset.yaml
set:
enabled: true
statefulset:
runtimeClassName: "my-runtime-class-name"
asserts:
- hasDocuments:
count: 1
- equal:
path: spec.template.spec.runtimeClassName
value: "my-runtime-class-name"
- it: should render storageClass correctly
template: templates/statefulset.yaml
set:
enabled: true
global:
storageClass: "test-storageclass"
asserts:
- hasDocuments:
count: 1
- equal:
path: spec.volumeClaimTemplates[0].spec.storageClassName
value: "test-storageclass"
#
## GITEA_RUNNER
#
- it: act-runner uses fullOverride
template: templates/statefulset.yaml
set:
enabled: true
statefulset.runner.fullOverride: test.io/runner:x.y.z
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-runner
- equal:
path: spec.template.spec.containers[0].image
value: test.io/runner:x.y.z
- it: act-runner uses digest
template: templates/statefulset.yaml
set:
enabled: true
statefulset.runner.tag: 1.0.4
statefulset.runner.digest: sha256:abcdef123456
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-runner
- equal:
path: spec.template.spec.containers[0].image
value: docker.gitea.com/runner:1.0.4@sha256:abcdef123456
- it: act-runner uses global.imageRegistry
template: templates/statefulset.yaml
set:
enabled: true
global.imageRegistry: test.io
statefulset.runner.tag: 1.0.4
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-runner
- equal:
path: spec.template.spec.containers[0].image
value: test.io/runner:1.0.4
- it: renders additional environment variables for act-runner container in StatefulSet
template: templates/statefulset.yaml
set:
enabled: true
statefulset:
runner:
extraEnvs:
- name: "CUSTOM_ENV"
value: "1"
- name: "GITEA_RUNNER_NAME"
valueFrom:
fieldRef:
fieldPath: metadata.name
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-runner
- equal:
path: spec.template.spec.containers[0].env[4]
value:
name: CUSTOM_ENV
value: "1"
- matchRegex:
path: spec.template.spec.containers[0].env[5].valueFrom.fieldRef.fieldPath
pattern: "metadata\\.name"
- matchRegex:
path: spec.template.spec.containers[0].env[5].name
pattern: "GITEA_RUNNER_NAME"
- it: should mount an extra volume in the act runner container
template: templates/statefulset.yaml
set:
enabled: true
statefulset:
extraVolumes:
- name: my-act-runner-volume
emptyDir: {}
runner:
extraVolumeMounts:
- mountPath: /mnt
name: my-act-runner-volume
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-runner
- contains:
any: true
path: spec.template.spec.containers[0].volumeMounts
content:
mountPath: /mnt
name: my-act-runner-volume
#
## DIND
#
- it: dind uses fullOverride
template: templates/statefulset.yaml
set:
enabled: true
statefulset.dind.fullOverride: test.io/dind:x.y.z
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-runner
- equal:
path: spec.template.spec.initContainers[1].image
value: test.io/dind:x.y.z
- it: dind uses global.imageRegistry
template: templates/statefulset.yaml
set:
enabled: true
global.imageRegistry: test.io
statefulset.dind.tag: 28.3.3-dind
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-runner
- equal:
path: spec.template.spec.initContainers[1].image
value: test.io/docker:28.3.3-dind
- it: allows adding custom environment variables to the docker-in-docker container
template: templates/statefulset.yaml
set:
@ -388,7 +379,31 @@ tests:
value:
name: "CUSTOM_ENV_NAME"
value: "custom env value"
- it: should mount an extra volume in the act runner container
template: templates/statefulset.yaml
set:
enabled: true
statefulset:
extraVolumes:
- name: my-act-runner-volume
emptyDir: {}
actRunner:
extraVolumeMounts:
- mountPath: /mnt
name: my-act-runner-volume
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- contains:
any: true
path: spec.template.spec.containers[0].volumeMounts
content:
mountPath: /mnt
name: my-act-runner-volume
- it: should mount an extra volume in the docker-in-docker container
template: templates/statefulset.yaml
set:
@ -407,47 +422,42 @@ tests:
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-runner
name: gitea-unittests-actions-act-runner
- contains:
any: true
path: spec.template.spec.initContainers[1].volumeMounts
content:
mountPath: /mnt
name: my-dind-volume
#
## INIT
#
- it: init uses fullOverride
- it: should interpret Gitea Root URL templating
template: templates/statefulset.yaml
set:
global:
gitea:
service:
name: "my-gitea-svc-http"
port: 3210
enabled: true
init.image.fullOverride: test.io/busybox:x.y.z
giteaRootURL: "http://{{ .Values.global.gitea.service.name }}:{{ .Values.global.gitea.service.port }}"
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-runner
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.initContainers[0].image
value: test.io/busybox:x.y.z
- it: init uses global.imageRegistry
template: templates/statefulset.yaml
set:
enabled: true
global.imageRegistry: test.io
init.image.tag: 1.37.0
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-runner
path: spec.template.spec.containers[0].env[1].name
value: "GITEA_INSTANCE_URL"
- equal:
path: spec.template.spec.initContainers[0].image
value: test.io/busybox:1.37.0
path: spec.template.spec.containers[0].env[1].value
value: "http://my-gitea-svc-http:3210"
- equal:
path: spec.template.spec.initContainers[0].command[2]
value: |
echo 'Trying to reach Gitea on http://my-gitea-svc-http:3210'
until timeout 10 wget --no-check-certificate --spider http://my-gitea-svc-http:3210; do
sleep 3
echo "Trying again in 3 seconds..."
done
echo "Gitea has been reached!"

View File

@ -1,38 +1,28 @@
# Configure Gitea Actions
## @section Gitea Actions
#
## @param enabled Create a Gitea Runner StatefulSet.
## @param enabled Create an act runner StatefulSet.
## @param init.image.repository The image used for the init containers
## @param init.image.tag The image tag used for the init containers
## @param statefulset.replicas the amount of (replica) runner pods deployed
## @param statefulset.timezone is the timezone that will be set in the runner image
## @param statefulset.annotations Gitea Runner annotations
## @param statefulset.labels Gitea Runner labels
## @param statefulset.resources Gitea Runner resources
## @param statefulset.timezone is the timezone that will be set in the act_runner image
## @param statefulset.annotations Act runner annotations
## @param statefulset.labels Act runner labels
## @param statefulset.resources Act runner resources
## @param statefulset.nodeSelector NodeSelector for the statefulset
## @param statefulset.tolerations Tolerations for the statefulset
## @param statefulset.affinity Affinity for the statefulset
## @param statefulset.extraVolumes Extra volumes for the statefulset
## @param statefulset.persistence.size Size for persistence to store Gitea Runner data
## @param statefulset.securityContext Customize the SecurityContext
## @param statefulset.serviceAccountName Customize the service account name
## @param statefulset.runtimeClassName Select a different RuntimeClass for pods
## @param statefulset.hostAliases Inject entries into the /etc/hosts file
#
## @param statefulset.persistence.size Size for persistence to store Gitea Runner data
#
## @param statefulset.runner.registry image registry, e.g. gcr.io,docker.io
## @param statefulset.runner.repository The Gitea Runner image
## @param statefulset.runner.tag The Gitea Runner tag
## @param statefulset.runner.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
## @param statefulset.runner.pullPolicy The Gitea Runner pullPolicy
## @param statefulset.runner.fullOverride Completely overrides the image registry, path/image, tag and digest.
## @param statefulset.runner.extraVolumeMounts Allows mounting extra volumes in the Gitea Runner container
## @param statefulset.runner.extraEnvs Allows adding custom environment variables
## @param statefulset.runner.flushCache whether to clear the .runner (cache) file by creating an extra init container, can slightly increase boot-up time
## @param statefulset.runner.config [default: Too complex. See values.yaml] Gitea Runner custom configuration. See [Gitea Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details.
#
## @param statefulset.dind.rootless [default: false] a simple flag to let helm know we are dealing with a rootless dind container
## @param statefulset.dind.uid a field to set the running user id for the rootless dind container, so it knows where to look for the socket
## @param statefulset.actRunner.registry image registry, e.g. gcr.io,docker.io
## @param statefulset.actRunner.repository The Gitea act runner image
## @param statefulset.actRunner.tag The Gitea act runner tag
## @param statefulset.actRunner.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
## @param statefulset.actRunner.pullPolicy The Gitea act runner pullPolicy
## @param statefulset.actRunner.fullOverride Completely overrides the image registry, path/image, tag and digest.
## @param statefulset.actRunner.extraVolumeMounts Allows mounting extra volumes in the act runner container
## @param statefulset.actRunner.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details.
## @param statefulset.dind.registry image registry, e.g. gcr.io,docker.io
## @param statefulset.actRunner.extraEnvs Allows adding custom environment variables
## @param statefulset.dind.repository The Docker-in-Docker image
## @param statefulset.dind.tag The Docker-in-Docker image tag
## @param statefulset.dind.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
@ -40,8 +30,11 @@
## @param statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy
## @param statefulset.dind.extraVolumeMounts Allows mounting extra volumes in the Docker-in-Docker container
## @param statefulset.dind.extraEnvs Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`
## @param statefulset.dind.extraArgs Allows adding custom arguments to the Docker Daemon
#
## @param statefulset.persistence.size Size for persistence to store act runner data
## @param statefulset.securityContext Customize the SecurityContext
## @param existingSecret Secret that contains the token
## @param existingSecretKey Secret key
## @param giteaRootURL URL the act_runner registers and connect with
enabled: false
statefulset:
replicas: 1
@ -54,24 +47,11 @@ statefulset:
affinity: {}
extraVolumes: []
securityContext: {}
serviceAccountName: ""
runtimeClassName: ""
# Add /etc/hosts injections into the pods
hostAliases:
[]
# - ip: 8.8.8.8
# hostnames:
# - googel.com
# - googol.com
persistence:
size: 1Gi
runner:
actRunner:
registry: "docker.gitea.com"
repository: runner
tag: 1.0.6
repository: act_runner
tag: 0.2.13
digest: ""
pullPolicy: IfNotPresent
fullOverride: ""
@ -83,9 +63,7 @@ statefulset:
# fieldRef:
# fieldPath: metadata.name
# See full details: https://gitea.com/gitea/helm-actions/issues/73
flushCache: false
# See full example here: https://gitea.com/gitea/runner/src/branch/main/internal/pkg/config/config.example.yaml
# See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
config: |
log:
level: debug
@ -96,11 +74,9 @@ statefulset:
docker_timeout: 300s
dind:
rootless: false
uid: ""
registry: "docker.io"
registry: ""
repository: docker
tag: 29.5.2-dind
tag: 28.3.3-dind
digest: ""
pullPolicy: IfNotPresent
fullOverride: ""
@ -113,68 +89,39 @@ statefulset:
# - name: "DOCKER_IPTABLES_LEGACY"
# value: "1"
# Option to add extra arguments/commands to the container/pod:
# [#22](https://gitea.com/gitea/helm-actions/issues/22) [k8s docs](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/)
extraArgs:
[]
# - --mtu=1400
persistence:
size: 1Gi
## @section Gitea Actions Init
#
## @param init.image.registry Image registry, e.g. gcr.io,docker.io
## @param init.image.repository The init image (default: busyboxy but can be changed to alpine e.g.)
## @param init.image.tag The init image tag
## @param init.image.registry image registry, e.g. gcr.io,docker.io
## @param init.image.repository The init image
## @param init.image.tag the init image tag
## @param init.image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
## @param init.image.pullPolicy The init image pullPolicy
## @param init.image.fullOverride Completely overrides the image registry, path/image, tag and digest
#
## @param init.connectionCommandOverride Possiblity to change the command with which the container tests its connection to the Gitea server
## @param init.preConnectionCommandOverride Possibility to add commands that happen before the connection test loop
## @param init.image.fullOverride Completely overrides the image registry, path/image, tag and digest.
init:
image:
registry: ""
repository: busybox
# Overrides the image tag whose default is the chart appVersion.
tag: "1.38.0"
tag: "1.37.0"
digest: ""
pullPolicy: IfNotPresent
fullOverride: ""
connectionCommandOverride: ""
preConnectionCommandOverride: ""
## @section Runner Token Secret Configuration
#
## @param existingSecret Secret that contains the token
## @param existingSecretKey Secret key
## Specify an existing token secret
##
existingSecret: ""
existingSecretKey: ""
## @section Gitea URL Setting
#
## @param giteaRootURL URL the Gitea Runner registers and connects with
## Specify the root URL of the Gitea instance
giteaRootURL: ""
## @section Extra Init Containers
#
## @param preExtraInitContainers Additional init containers to run in the pod before Gitea-actions runs it owns init containers.
## @param postExtraInitContainers Additional init containers to run in the pod after Gitea-actions runs it owns init containers.
preExtraInitContainers: []
# - name: pre-init-container
# image: docker.io/library/busybox
# command: [ /bin/sh, -c, 'echo "Hello world! I am a pre init container."' ]
postExtraInitContainers: []
# - name: post-init-container
# image: docker.io/library/busybox
# command: [ /bin/sh, -c, 'echo "Hello world! I am a post init container."' ]
## @section Global
#
## @param global.imageRegistry global image registry override
## @param global.imagePullSecrets global image registry pull secrets
## @param global.storageClass global storage class override
global:
imageRegistry: ""
imagePullSecrets: []
storageClass: ""