8 Commits

Author SHA1 Message Date
40128e86af chore: patch docs accordingly 2026-07-09 15:21:07 +02:00
12d63282a3 chore: add reference in the readme 2026-07-09 15:18:42 +02:00
2a43b44c2b chore: remove redunant newline 2026-07-09 15:17:03 +02:00
5fbf28ccbc feat: add connectionCommandOverride and preConnectionCommandOverride parameters to values 2026-07-09 15:16:02 +02:00
29df27268d feat: add custom command override to the chart 2026-07-09 13:41:11 +02:00
764f89ee97 chore(deps): update workflow dependencies (minor & patch) (#163)
Some checks failed
changelog / changelog (push) Has been cancelled
check-and-test / check-and-test (push) Has been cancelled
This PR contains the following updates:

| Package | Type | Update | Change | Pending | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|---|---|---|
| [alpine/helm](https://github.com/alpine-docker/helm) ([changelog](https://github.com/helm/helm)) |  | patch | `4.2.1` → `4.2.2` |  | ![age](https://developer.mend.io/api/mc/badges/age/docker/alpine%2fhelm/4.2.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/alpine%2fhelm/4.2.1/4.2.2?slim=true) |
| [alpine/helm](https://github.com/alpine-docker/helm) ([changelog](https://github.com/helm/helm)) | container | patch | `4.2.1` → `4.2.2` |  | ![age](https://developer.mend.io/api/mc/badges/age/docker/alpine%2fhelm/4.2.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/alpine%2fhelm/4.2.1/4.2.2?slim=true) |
| [commitlint/commitlint](https://github.com/conventional-changelog/commitlint) | container | minor | `21.0.2` → `21.1.0` | `21.2.0` | ![age](https://developer.mend.io/api/mc/badges/age/docker/commitlint%2fcommitlint/21.1.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/commitlint%2fcommitlint/21.0.2/21.1.0?slim=true) |
| [docker.io/thegeeklab/git-sv](https://github.com/thegeeklab/git-sv) | container | patch | `2.1.2` → `2.1.3` |  | ![age](https://developer.mend.io/api/mc/badges/age/docker/docker.io%2fthegeeklab%2fgit-sv/2.1.3?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/docker.io%2fthegeeklab%2fgit-sv/2.1.2/2.1.3?slim=true) |
| [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli) | devDependencies | minor | [`^0.48.0` → `^0.49.0`](https://renovatebot.com/diffs/npm/markdownlint-cli/0.48.0/0.49.0) |  | ![age](https://developer.mend.io/api/mc/badges/age/npm/markdownlint-cli/0.49.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/markdownlint-cli/0.48.0/0.49.0?slim=true) |

---

### Release Notes

<details>
<summary>conventional-changelog/commitlint (commitlint/commitlint)</summary>

### [`v21.1.0`](https://github.com/conventional-changelog/commitlint/blob/HEAD/CHANGELOG.md#2110-2026-06-23)

[Compare Source](https://github.com/conventional-changelog/commitlint/compare/v21.0.2...v21.1.0)

##### Bug Fixes

- remove duplicate es-toolkit\@&#8203;1.47.1 keys from lockfile ([#&#8203;4833](https://github.com/conventional-changelog/commitlint/issues/4833)) ([b3323f5](b3323f5370)), closes [#&#8203;4831](https://github.com/conventional-changelog/commitlint/issues/4831)

##### Features

- **cli:** add --default-config flag to lint without a config file ([#&#8203;4805](https://github.com/conventional-changelog/commitlint/issues/4805)) ([7af27ba](7af27ba1bc)), closes [#&#8203;3662](https://github.com/conventional-changelog/commitlint/issues/3662)
- **lint:** allow for custom commit parser function ([#&#8203;4829](https://github.com/conventional-changelog/commitlint/issues/4829)) ([e820753](e8207534a9)), closes [#&#8203;4816](https://github.com/conventional-changelog/commitlint/issues/4816) [#&#8203;4816](https://github.com/conventional-changelog/commitlint/issues/4816)

#### [21.0.2](https://github.com/conventional-changelog/commitlint/compare/v21.0.1...v21.0.2) (2026-05-29)

##### Bug Fixes

- apply oxfmt formatting to get-edit-commit.ts ([#&#8203;4768](https://github.com/conventional-changelog/commitlint/issues/4768)) ([1af3138](1af313897e)), closes [#&#8203;4755](https://github.com/conventional-changelog/commitlint/issues/4755)
- **config-pnpm-scopes:** adapt to read-yaml-file v3 named export ([#&#8203;4701](https://github.com/conventional-changelog/commitlint/issues/4701)) ([8b55772](8b557726a4))
- disallow same commit hash for --from and --to ([#&#8203;4773](https://github.com/conventional-changelog/commitlint/issues/4773)) ([121005e](121005e863))
- emit actionable error when --edit cannot find COMMIT\_EDITMSG ([#&#8203;589](https://github.com/conventional-changelog/commitlint/issues/589)) ([#&#8203;4755](https://github.com/conventional-changelog/commitlint/issues/4755)) ([bb10907](bb10907174))
- **read:** fail when --from and --to share no merge-base [#&#8203;4555](https://github.com/conventional-changelog/commitlint/issues/4555) ([#&#8203;4754](https://github.com/conventional-changelog/commitlint/issues/4754)) ([e4595eb](e4595eb79e))
- update dependency [@&#8203;pnpm/read-project-manifest](https://github.com/pnpm/read-project-manifest) to v6 ([#&#8203;4617](https://github.com/conventional-changelog/commitlint/issues/4617)) ([ca16ec1](ca16ec111d))
- update vitest monorepo to \~4.1.0 ([#&#8203;4654](https://github.com/conventional-changelog/commitlint/issues/4654)) ([f1f25d5](f1f25d59e1))

#### [21.0.1](https://github.com/conventional-changelog/commitlint/compare/v21.0.0...v21.0.1) (2026-05-12)

##### Bug Fixes

- **load:** only resolve relative formatter paths ([#&#8203;4761](https://github.com/conventional-changelog/commitlint/issues/4761)) ([f8be069](f8be0698ff))
- **types:** add presetConfig to ParserPreset interface ([#&#8203;4749](https://github.com/conventional-changelog/commitlint/issues/4749)) ([e402cd4](e402cd415e)), closes [#&#8203;4748](https://github.com/conventional-changelog/commitlint/issues/4748)

</details>

<details>
<summary>thegeeklab/git-sv (docker.io/thegeeklab/git-sv)</summary>

### [`v2.1.3`](https://github.com/thegeeklab/git-sv/releases/tag/v2.1.3)

[Compare Source](https://github.com/thegeeklab/git-sv/compare/v2.1.2...v2.1.3)

#### v2.1.3 (2026-06-17)

##### Bug Fixes

- **deps:** update golang highfeq non-major to v3.10.0 ([#&#8203;330](https://github.com/thegeeklab/git-sv/issues/330)) ([`788378c`](https://github.com/thegeeklab/git-sv/commit/788378c))

##### Others

- **docker:** update docker digests ([#&#8203;331](https://github.com/thegeeklab/git-sv/issues/331)) ([`07d3006`](https://github.com/thegeeklab/git-sv/commit/07d3006))

</details>

<details>
<summary>igorshubovych/markdownlint-cli (markdownlint-cli)</summary>

### [`v0.49.0`](https://github.com/igorshubovych/markdownlint-cli/releases/tag/v0.49.0)

[Compare Source](https://github.com/igorshubovych/markdownlint-cli/compare/v0.48.0...v0.49.0)

- Update `markdownlint` dependency to `0.41.0`
  - Improve `MD022`/`MD028`/`MD035`/`MD042`/`MD051`/`MD060`
  - Remove handling of inline directive syntax (frequent false positives)
  - Remove support for end-of-life Node version 20
- Update all dependencies via `Dependabot`

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - Only on Sunday and Saturday (`* * * * 0,6`)
- Automerge
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTEuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE5MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJraW5kL2RlcGVuZGVuY3kiXX0=-->Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/163
Reviewed-by: DaanSelen <135789+daanselen@noreply.gitea.com>
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
2026-07-01 07:03:02 +00:00
26781c900b chore(deps): update lockfiles (#157)
This PR contains the following updates:

| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTEuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE5MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJraW5kL2RlcGVuZGVuY3kiXX0=-->Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/157
Reviewed-by: DaanSelen <135789+daanselen@noreply.gitea.com>
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
2026-07-01 07:02:44 +00:00
0dbbe94f0a chore(deps): update actions/checkout action to v7 (#164)
Some checks failed
changelog / changelog (push) Has been cancelled
check-and-test / check-and-test (push) Has been cancelled
Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/164
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
2026-06-27 19:57:19 +00:00
13 changed files with 97 additions and 85 deletions

View File

@ -13,7 +13,7 @@ jobs:
- name: install tools
run: |
apk add -q --update --no-cache nodejs curl jq sed
- uses: actions/checkout@v6
- uses: actions/checkout@v7
with:
fetch-depth: 0
- name: Generate upcoming changelog

View File

@ -11,9 +11,9 @@ on:
jobs:
check-and-test:
runs-on: ubuntu-latest
container: commitlint/commitlint:21.0.2
container: commitlint/commitlint:21.1.0
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- name: check PR title
run: |
echo "${{ gitea.event.pull_request.title }}" | commitlint --config .commitlintrc.json

View File

@ -13,7 +13,7 @@ jobs:
generate-chart-publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- name: install Docker CLI
uses: https://github.com/docker/setup-buildx-action@v4 # Gitea

View File

@ -9,6 +9,6 @@ jobs:
shellcheck:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- run: apt update --yes && apt install --yes shellcheck
- run: find . -type f -name "*.sh" -exec shellcheck -a {} \;

View File

@ -26,7 +26,7 @@ jobs:
uses: pnpm/action-setup@v6
with:
version: 11
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- name: install chart dependencies
run: helm dependency build
- name: lint

View File

@ -29,6 +29,16 @@ Deploy with your values, make sure the path is correct:
helm upgrade --install gitea-actions gitea-charts/actions -f values.yaml
```
Alternatively:
```sh
helm upgrade --install gitea-actions gitea-charts/actions \
--set enabled=true \
--set giteaRootURL=https://gitea.com \
--set existingSecret=foo \
--set existingSecretKey=bar
```
You should be good to go!
### Runner Token Secret Template
@ -98,13 +108,15 @@ If `.Values.statefulset.dind.rootless: true` is set, then the following will be
### Gitea Actions Init
| Name | Description | Value |
| ------------------------- | ---------------------------------------------------------------------------------------------------------- | -------------- |
| `init.image.registry` | image registry, e.g. gcr.io,docker.io | `""` |
| `init.image.repository` | The init image | `busybox` |
| `init.image.tag` | the init image tag | `1.38.0` |
| ----------------------------------- | ---------------------------------------------------------------------------------------------------------- | -------------- |
| `init.image.registry` | Image registry, e.g. gcr.io,docker.io | `""` |
| `init.image.repository` | The init image (default: busyboxy but can be changed to alpine e.g.) | `busybox` |
| `init.image.tag` | The init image tag | `1.38.0` |
| `init.image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` |
| `init.image.pullPolicy` | The init image pullPolicy | `IfNotPresent` |
| `init.image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. | `""` |
| `init.image.fullOverride` | Completely overrides the image registry, path/image, tag and digest | `""` |
| `init.connectionCommandOverride` | Possiblity to change the command with which the container tests its connection to the Gitea server | `""` |
| `init.preConnectionCommandOverride` | Possibility to add commands that happen before the connection test loop | `""` |
### Runner Token Secret Configuration

View File

@ -1,3 +1,3 @@
# Gitea Actions Helm Chart Docs
- [Share dind with job container](share-dind-with-job-container.md)
- [connectionCommandOverride explanation](./connectionCommandOverride.md)

View File

@ -1,31 +0,0 @@
# Gitea Actions
In order to use the Gitea Actions act-runner you must either:
- enable persistence (used for automatic deployment to be able to store the token in a place accessible for the Job)
- create a secret containing the act runner token and reference it as a `existingSecret`
In order to use Gitea Actions, you must log on the server that's running Gitea and run the command:
`gitea actions generate-runner-token`
This command will out a token that is needed by the act-runner to register with the Gitea backend.
Because this is a manual operation, we automated this using a Kubernetes Job using the following containers:
1) `actions-token-create`: it uses the current `gitea-rootless` image, mounts the persistent directory to `/data/` then it saves the output from `gitea actions generate-runner-token` to `/data/actions/token`
2) `actions-token-upload`: it uses a `bitnami/kubectl` image, mounts the scripts directory (`/scripts`) and
the persistent directory (`/data/`), and using the script from `/scripts/token.sh` stores the token in a Kubernetes secret
After the token is stored in a Kubernetes secret we can create the statefulset that contains the following containers:
1) `act-runner`: authenticates with Gitea using the token that was stored in the secret
2) `dind`: DockerInDocker image that is used to run the actions
If you are not using persistent volumes, you cannot use the Job to automatically generate the token.
In this case, you can use either the Web UI to generate the token or run a shell into a Gitea pod and invoke
the command `gitea actions generate-runner-token`. After generating the token, you must create a secret and use it via:
```yaml
existingSecret: "secret-name"
existingSecretKey: "secret-key"
```

View File

@ -0,0 +1,48 @@
# Using a custom connectionCommand
By default, before the container starts it tries to reach the given giteaRootURL.
Normally this is done by the busybox image using the wget binary.
However, due to [Issue #162](https://gitea.com/gitea/helm-actions/issues/162) there has been a change made where we can customize that command.
Using the `values.yaml` file by default it calls `wget --spider --no-check-certificate <your giteaRootURL>` with a timeout of 10 seconds.
But with a custom init section like detailed below we can make our check compliant with whatever certificate you have.
Assuming:
```yaml
enabled: true
giteaRootURL: https://gitea.com
existingSecret: foo
existingSecretKey: bar
init:
image:
registry: ""
repository: alpine
# Overrides the image tag whose default is the chart appVersion.
tag: "3.24"
digest: ""
pullPolicy: IfNotPresent
fullOverride: ""
connectionCommandOverride: "curl -I"
preConnectionCommandOverride: "apk add curl"
```
This now creates the following template section:
```yaml
- name: init-gitea
image: "alpine:latest"
command:
- sh
- -c
- |
apk add curl
echo 'Trying to reach Gitea on https://gitea.com'
until timeout 10 curl -I https://gitea.com; do
sleep 3
echo "Trying again in 3 seconds..."
done
echo "Gitea has been reached!"
```

View File

@ -1,30 +0,0 @@
# Share dind with job container
You can weaken isolation and allow jobs to call docker commands.
## Limitations
-
## Example Values
```yaml
config: |
log:
level: debug
cache:
enabled: false
container:
require_docker: true
docker_timeout: 300s
## Specify an existing token secret
##
existingSecret: "runner-token2"
existingSecretKey: "token"
## Specify the root URL of the Gitea instance
giteaRootURL: "http://192.168.1.2:3000"
```
Now you can run docker commands inside your jobs.

8
pnpm-lock.yaml generated
View File

@ -50,8 +50,8 @@ packages:
brace-expansion@1.1.15:
resolution: {integrity: sha512-EwOCDEex4quD37XhqM3omwtMoJjr//isUZz1JopUNWms+4Z2ViyM/k1YIRePpoVNnQhENnxtFjLaxNHrT7xIUg==}
brace-expansion@5.0.6:
resolution: {integrity: sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==}
brace-expansion@5.0.7:
resolution: {integrity: sha512-7oFy703dxfY3/NLxC1fh2SUCQ0H9rmAY+5EpDVfXjUTTs+HEwR2nYaqLv+GWcTsumwxPfiz6CzCNkwXwBUwqCA==}
engines: {node: 18 || 20 || >=22}
character-entities-legacy@3.0.0:
@ -378,7 +378,7 @@ snapshots:
balanced-match: 1.0.2
concat-map: 0.0.1
brace-expansion@5.0.6:
brace-expansion@5.0.7:
dependencies:
balanced-match: 4.0.4
@ -698,7 +698,7 @@ snapshots:
minimatch@10.2.5:
dependencies:
brace-expansion: 5.0.6
brace-expansion: 5.0.7
minimatch@3.1.5:
dependencies:

View File

@ -66,14 +66,21 @@ spec:
- mountPath: /data
name: data-runner
{{- end }}
- name: init-gitea
- name: reach-gitea
image: "{{ include "gitea.actions.init.image" . }}"
command:
- sh
- -c
- |
{{- if .Values.init.preConnectionCommandOverride }}
{{ .Values.init.preConnectionCommandOverride }}
{{- end }}
echo 'Trying to reach Gitea on {{ include "gitea.actions.local_root_url" . }}'
{{- if .Values.init.connectionCommandOverride }}
until timeout 10 {{ .Values.init.connectionCommandOverride }} {{ include "gitea.actions.local_root_url" . }}; do
{{- else }}
until timeout 10 wget --no-check-certificate --spider {{ include "gitea.actions.local_root_url" . }}; do
{{- end }}
sleep 3
echo "Trying again in 3 seconds..."
done

View File

@ -121,12 +121,15 @@ statefulset:
## @section Gitea Actions Init
#
## @param init.image.registry image registry, e.g. gcr.io,docker.io
## @param init.image.repository The init image
## @param init.image.tag the init image tag
## @param init.image.registry Image registry, e.g. gcr.io,docker.io
## @param init.image.repository The init image (default: busyboxy but can be changed to alpine e.g.)
## @param init.image.tag The init image tag
## @param init.image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
## @param init.image.pullPolicy The init image pullPolicy
## @param init.image.fullOverride Completely overrides the image registry, path/image, tag and digest.
## @param init.image.fullOverride Completely overrides the image registry, path/image, tag and digest
#
## @param init.connectionCommandOverride Possiblity to change the command with which the container tests its connection to the Gitea server
## @param init.preConnectionCommandOverride Possibility to add commands that happen before the connection test loop
init:
image:
registry: ""
@ -137,6 +140,9 @@ init:
pullPolicy: IfNotPresent
fullOverride: ""
connectionCommandOverride: ""
preConnectionCommandOverride: ""
## @section Runner Token Secret Configuration
#
## @param existingSecret Secret that contains the token