refactor: unittests and slightly add QoL (#127)

Reorder the unittests

---------

Co-authored-by: DaanSelen <dselen@systemec.nl>
Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/127

.gitea/workflows/changelog.yml

@@ -8,7 +8,7 @@ on:
 jobs:
   changelog:
     runs-on: ubuntu-latest
-    container: docker.io/thegeeklab/git-sv:2.0.9
+    container: docker.io/thegeeklab/git-sv:2.0.11
     steps:
       - name: install tools
         run: |

.gitea/workflows/commitlint.yml

@@ -11,7 +11,7 @@ on:
 jobs:
   check-and-test:
     runs-on: ubuntu-latest
-    container: commitlint/commitlint:20.4.1
+    container: commitlint/commitlint:20.5.1
     steps:
       - uses: actions/checkout@v6
       - name: check PR title

.gitea/workflows/release-version.yml

@@ -7,64 +7,76 @@ on:
 
 env:
   # renovate: datasource=docker depName=alpine/helm
-  HELM_VERSION: "3.20.0"
+  HELM_VERSION: "4.1.3"
 
 jobs:
   generate-chart-publish:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
+
+      - name: install Docker CLI
+        uses: https://github.com/docker/setup-buildx-action@v4 # Gitea
+        #uses: docker/setup-buildx-action@v4 # Github / Act
+
+      - name: install Helm
+        uses: https://github.com/Azure/setup-helm@v5 # Gitea
+        #uses: Azure/setup-helm@v5 # Github / Act
+        with:
+          version: "${{ env.HELM_VERSION }}"
+
       - name: install tools
         run: |
-          apt update -y
+          apt update
-          apt install -y curl ca-certificates curl gnupg
+          apt install -y curl ca-certificates curl gnupg python3 python3-pip apt-transport-https
-          # helm
-          curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
-          tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
-          mv linux-amd64/helm /usr/local/bin/
-          rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
-          helm version
-          # docker
-          install -m 0755 -d /etc/apt/keyrings
-          curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
-          chmod a+r /etc/apt/keyrings/docker.gpg
-          echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
-          apt update -y
-          apt install -y python3 python3-pip apt-transport-https docker-ce-cli
           pip install awscli --break-system-packages
 
-      - name: Import GPG key
+      - name: import GPG key
         id: import_gpg
-        uses: https://github.com/crazy-max/ghaction-import-gpg@v7
+        uses: https://github.com/crazy-max/ghaction-import-gpg@v7 # Gitea
+        #uses: crazy-max/ghaction-import-gpg@v7 # Github / Act
         with:
           gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
           passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
           fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
 
+      - name: log into Docker Hub
+        uses: https://github.com/docker/login-action@v4 # Gitea
+        #uses: docker/login-action@v4 # Github / Act
+        with:
+          username: ${{ secrets.DOCKER_CHARTS_USERNAME }}
+          password: ${{ secrets.DOCKER_CHARTS_PASSWORD }}
+
       # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
       - name: package chart
         run: |
-          echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
+          # Install Helm GPG plugin
-          # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
+          helm plugin install https://github.com/technosophos/helm-gpg.git --verify=false
-          helm plugin install https://github.com/pat-s/helm-gpg
           helm dependency build
           helm package --version "${GITHUB_REF#refs/tags/v}" ./
+
+          # Package the chart
           mkdir actions
           mv actions*.tgz actions/
           curl -s -L -o actions/index.yaml https://dl.gitea.com/charts/index.yaml
           helm repo index actions/ --url https://dl.gitea.com/charts --merge actions/index.yaml
-          # push to dockerhub
+
+          # Push to Docker Hub
           echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
           helm push actions/actions-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
           helm registry logout registry-1.docker.io
+        env:
+          TAR_OPTIONS: "--wildcards"
 
       - name: aws credential configure
-        uses: https://github.com/aws-actions/configure-aws-credentials@v6
+        uses: https://github.com/aws-actions/configure-aws-credentials@v6 # Gitea
+        #uses: aws-actions/configure-aws-credentials@v6 # Github / Act
         with:
           aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ secrets.AWS_REGION }}
 
-      - name: Copy files to S3 and clear cache
+      - name: copy files to S3 and clear cache
+        if: startsWith(github.ref, 'refs/tags/')
         run: |
           aws s3 sync actions/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/

.gitea/workflows/shellcheck.yml

@@ -1,4 +1,4 @@
-name: Lint Shell files
+name: shellcheck
 
 on:
   pull_request:

.gitea/workflows/test-pr.yml

@@ -1,6 +1,7 @@
 name: check-and-test
 
-on:
+"on":
+  "workflow_dispatch":
   pull_request:
     branches:
       - "*"
@@ -15,7 +16,7 @@ env:
 jobs:
   check-and-test:
     runs-on: ubuntu-latest
-    container: alpine/helm:3.20.0
+    container: alpine/helm:4.1.3
     steps:
       - name: install tools
         run: |
@@ -29,12 +30,13 @@ jobs:
       - name: install chart dependencies
         run: helm dependency build
       - name: lint
-        run: helm lint
+        run: helm lint .
       - name: template
         run: helm template --debug gitea-actions .
       - name: prepare unit test environment
         run: |
-          helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
+          helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} --verify=false \
+            https://github.com/helm-unittest/helm-unittest.git # https://github.com/helm-unittest/helm-unittest?tab=readme-ov-file#install
           git submodule update --init --recursive
       - name: unit tests
         env:
@@ -46,4 +48,5 @@ jobs:
           make readme
           git diff --exit-code --name-only README.md
       - name: yaml lint
-        uses: https://github.com/ibiqlik/action-yamllint@v3
+        # uses: ibiqlik/action-yamllint@v3 # Github / Act
+        uses: https://github.com/ibiqlik/action-yamllint@v3 # Gitea

.gitignore

@@ -2,3 +2,4 @@ charts/
 node_modules/
 .DS_Store
 unittests/*/__snapshot__/
+*secret*.yaml

README.md

@@ -67,28 +67,33 @@ If `.Values.statefulset.dind.rootless: true` is set, then the following will be
 | `statefulset.tolerations`                 | Tolerations for the statefulset                                                                                                             | `[]`                           |
 | `statefulset.affinity`                    | Affinity for the statefulset                                                                                                                | `{}`                           |
 | `statefulset.extraVolumes`                | Extra volumes for the statefulset                                                                                                           | `[]`                           |
+| `statefulset.persistence.size`            | Size for persistence to store act runner data                                                                                               | `1Gi`                          |
+| `statefulset.securityContext`             | Customize the SecurityContext                                                                                                               | `{}`                           |
+| `statefulset.serviceAccountName`          | Customize the service account name                                                                                                          | `""`                           |
+| `statefulset.runtimeClassName`            | Select a different RuntimeClass for pods                                                                                                    | `""`                           |
+| `statefulset.hostAliases`                 | Inject entries into the /etc/hosts file                                                                                                     | `[]`                           |
+| `statefulset.persistence.size`            | Size for persistence to store act runner data                                                                                               | `1Gi`                          |
 | `statefulset.actRunner.registry`          | image registry, e.g. gcr.io,docker.io                                                                                                       | `docker.gitea.com`             |
 | `statefulset.actRunner.repository`        | The Gitea act runner image                                                                                                                  | `act_runner`                   |
-| `statefulset.actRunner.tag`               | The Gitea act runner tag                                                                                                                    | `0.3.0`                        |
+| `statefulset.actRunner.tag`               | The Gitea act runner tag                                                                                                                    | `0.3.1`                        |
 | `statefulset.actRunner.digest`            | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`                                  | `""`                           |
 | `statefulset.actRunner.pullPolicy`        | The Gitea act runner pullPolicy                                                                                                             | `IfNotPresent`                 |
 | `statefulset.actRunner.fullOverride`      | Completely overrides the image registry, path/image, tag and digest.                                                                        | `""`                           |
 | `statefulset.actRunner.extraVolumeMounts` | Allows mounting extra volumes in the act runner container                                                                                   | `[]`                           |
+| `statefulset.actRunner.extraEnvs`         | Allows adding custom environment variables                                                                                                  | `[]`                           |
+| `statefulset.actRunner.flushCache`        | whether to clear the .runner (cache) file by creating an extra init container, can slightly increase boot-up time                           | `false`                        |
 | `statefulset.actRunner.config`            | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` |
 | `statefulset.dind.rootless`               | a simple flag to let helm know we are dealing with a rootless dind container                                                                | `false`                        |
 | `statefulset.dind.uid`                    | a field to set the running user id for the rootless dind container, so it knows where to look for the socket                                | `""`                           |
 | `statefulset.dind.registry`               | image registry, e.g. gcr.io,docker.io                                                                                                       | `docker.io`                    |
-| `statefulset.actRunner.extraEnvs`         | Allows adding custom environment variables                                                                                                  | `[]`                           |
 | `statefulset.dind.repository`             | The Docker-in-Docker image                                                                                                                  | `docker`                       |
-| `statefulset.dind.tag`                    | The Docker-in-Docker image tag                                                                                                              | `29.3.1-dind`                  |
+| `statefulset.dind.tag`                    | The Docker-in-Docker image tag                                                                                                              | `29.4.0-dind`                  |
 | `statefulset.dind.digest`                 | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`                                  | `""`                           |
 | `statefulset.dind.fullOverride`           | Completely overrides the image registry, path/image, tag and digest.                                                                        | `""`                           |
 | `statefulset.dind.pullPolicy`             | The Docker-in-Docker pullPolicy                                                                                                             | `IfNotPresent`                 |
 | `statefulset.dind.extraVolumeMounts`      | Allows mounting extra volumes in the Docker-in-Docker container                                                                             | `[]`                           |
 | `statefulset.dind.extraEnvs`              | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`                                                                | `[]`                           |
-| `statefulset.persistence.size`            | Size for persistence to store act runner data                                                                                               | `1Gi`                          |
+| `statefulset.dind.extraArgs`              | Allows adding custom arguments to the Docker Daemon                                                                                         | `[]`                           |
-| `statefulset.securityContext`             | Customize the SecurityContext                                                                                                               | `{}`                           |
-| `statefulset.serviceAccountName`          | Customize the service account name                                                                                                          | `""`                           |
 
 ### Gitea Actions Init
 

package.json

@@ -14,6 +14,6 @@
   },
   "devDependencies": {
     "@bitnami/readme-generator-for-helm": "^2.7.0",
-    "markdownlint-cli": "^0.47.0"
+    "markdownlint-cli": "^0.48.0"
   }
 }

pnpm-lock.yaml

@@ -12,8 +12,8 @@ importers:
         specifier: ^2.7.0
         version: 2.7.2
       markdownlint-cli:
-        specifier: ^0.47.0
+        specifier: ^0.48.0
-        version: 0.47.0
+        version: 0.48.0
 
 packages:
 
@@ -171,15 +171,15 @@ packages:
     resolution: {integrity: sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==}
     engines: {node: '>=0.10.0'}
 
-  katex@0.16.44:
+  katex@0.16.45:
-    resolution: {integrity: sha512-EkxoDTk8ufHqHlf9QxGwcxeLkWRR3iOuYfRpfORgYfqc8s13bgb+YtRY59NK5ZpRaCwq1kqA6a5lpX8C/eLphQ==}
+    resolution: {integrity: sha512-pQpZbdBu7wCTmQUh7ufPmLr0pFoObnGUoL/yhtwJDgmmQpbkg/0HSVti25Fu4rmd1oCR6NGWe9vqTWuWv3GcNA==}
     hasBin: true
 
   linkify-it@5.0.0:
     resolution: {integrity: sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==}
 
-  lodash@4.17.21:
+  lodash@4.18.1:
-    resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==}
+    resolution: {integrity: sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==}
 
   markdown-it@14.1.1:
     resolution: {integrity: sha512-BuU2qnTti9YKgK5N+IeMubp14ZUKUUw7yeJbkjtosvHiP0AZ5c8IAgEMk79D0eC8F23r4Ac/q8cAIFdm2FtyoA==}
@@ -188,8 +188,8 @@ packages:
   markdown-table@2.0.0:
     resolution: {integrity: sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==}
 
-  markdownlint-cli@0.47.0:
+  markdownlint-cli@0.48.0:
-    resolution: {integrity: sha512-HOcxeKFAdDoldvoYDofd85vI8LgNWy8vmYpCwnlLV46PJcodmGzD7COSSBlhHwsfT4o9KrAStGodImVBus31Bg==}
+    resolution: {integrity: sha512-NkZQNu2E0Q5qLEEHwWj674eYISTLD4jMHkBzDobujXd1kv+yCxi8jOaD/rZoQNW1FBBMMGQpuW5So8B51N/e0A==}
     engines: {node: '>=20'}
     hasBin: true
 
@@ -275,9 +275,9 @@ packages:
   micromark@4.0.2:
     resolution: {integrity: sha512-zpe98Q6kvavpCr1NPVSCMebCKfD7CA2NqZ+rykeNhONIJBpc1tFKt9hucLGwha3jNTNI8lHpctWJWoimVF4PfA==}
 
-  minimatch@10.1.3:
+  minimatch@10.2.5:
-    resolution: {integrity: sha512-IF6URNyBX7Z6XfvjpaNy5meRxPZiIf2OqtOoSLs+hLJ9pJAScnM1RjrFcbCaD85y42KcI+oZmKjFIJKYDFjQfg==}
+    resolution: {integrity: sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==}
-    engines: {node: 20 || >=22}
+    engines: {node: 18 || 20 || >=22}
 
   minimatch@3.1.5:
     resolution: {integrity: sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==}
@@ -314,8 +314,8 @@ packages:
     resolution: {integrity: sha512-CcfE+mYiTcKEzg0IqS08+efdnH0oJ3zV0wSUFBNrMHMuxCtXvBCLzCJHatwuXDcu/RlhjTziTo/a1ruQik6/Yg==}
     hasBin: true
 
-  smol-toml@1.5.2:
+  smol-toml@1.6.1:
-    resolution: {integrity: sha512-QlaZEqcAH3/RtNyet1IPIYPsEWAaYyXXv1Krsi+1L/QHppjX4Ifm8MQsBISz9vE8cHicIq3clogsheili5vhaQ==}
+    resolution: {integrity: sha512-dWUG8F5sIIARXih1DTaQAX4SsiTXhInKf1buxdY9DIg4ZYPZK5nGM1VRIYmEbDbsHt7USo99xSLFu5Q1IqTmsg==}
     engines: {node: '>= 18'}
 
   string-width@8.1.0:
@@ -330,8 +330,8 @@ packages:
     resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==}
     engines: {node: '>=8'}
 
-  tinyglobby@0.2.15:
+  tinyglobby@0.2.16:
-    resolution: {integrity: sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==}
+    resolution: {integrity: sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==}
     engines: {node: '>=12.0.0'}
 
   uc.micro@2.1.0:
@@ -351,7 +351,7 @@ snapshots:
     dependencies:
       commander: 13.1.0
       dot-object: 2.1.5
-      lodash: 4.17.21
+      lodash: 4.18.1
       markdown-table: 2.0.0
       yaml: 2.8.3
 
@@ -468,7 +468,7 @@ snapshots:
 
   jsonpointer@5.0.1: {}
 
-  katex@0.16.44:
+  katex@0.16.45:
     dependencies:
       commander: 8.3.0
 
@@ -476,7 +476,7 @@ snapshots:
     dependencies:
       uc.micro: 2.1.0
 
-  lodash@4.17.21: {}
+  lodash@4.18.1: {}
 
   markdown-it@14.1.1:
     dependencies:
@@ -491,7 +491,7 @@ snapshots:
     dependencies:
       repeat-string: 1.6.1
 
-  markdownlint-cli@0.47.0:
+  markdownlint-cli@0.48.0:
     dependencies:
       commander: 14.0.3
       deep-extend: 0.6.0
@@ -501,10 +501,10 @@ snapshots:
       jsonpointer: 5.0.1
       markdown-it: 14.1.1
       markdownlint: 0.40.0
-      minimatch: 10.1.3
+      minimatch: 10.2.5
       run-con: 1.3.2
-      smol-toml: 1.5.2
+      smol-toml: 1.6.1
-      tinyglobby: 0.2.15
+      tinyglobby: 0.2.16
     transitivePeerDependencies:
       - supports-color
 
@@ -583,7 +583,7 @@ snapshots:
     dependencies:
       '@types/katex': 0.16.8
       devlop: 1.1.0
-      katex: 0.16.44
+      katex: 0.16.45
       micromark-factory-space: 2.0.1
       micromark-util-character: 2.1.1
       micromark-util-symbol: 2.0.1
@@ -696,7 +696,7 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  minimatch@10.1.3:
+  minimatch@10.2.5:
     dependencies:
       brace-expansion: 5.0.5
 
@@ -737,7 +737,7 @@ snapshots:
       minimist: 1.2.8
       strip-json-comments: 3.1.1
 
-  smol-toml@1.5.2: {}
+  smol-toml@1.6.1: {}
 
   string-width@8.1.0:
     dependencies:
@@ -750,7 +750,7 @@ snapshots:
 
   strip-json-comments@3.1.1: {}
 
-  tinyglobby@0.2.15:
+  tinyglobby@0.2.16:
     dependencies:
       fdir: 6.5.0(picomatch@4.0.4)
       picomatch: 4.0.4

templates/_helpers.tpl

@@ -14,14 +14,14 @@ If release name contains chart name it will be used as a full name.
 */}}
 {{- define "gitea.actions.fullname" -}}
 {{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+  {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
+  {{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
+  {{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+    {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
+    {{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+    {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
+  {{- end -}}
 {{- end -}}
 {{- end -}}
 
@@ -36,7 +36,7 @@ Create a default worker name.
 Create chart name and version as used by the chart label.
 */}}
 {{- define "gitea.actions.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
 {{/*
@@ -45,7 +45,7 @@ Storage Class
 {{- define "gitea.actions.persistence.storageClass" -}}
 {{- $storageClass :=  default (tpl ( default "" .Values.global.storageClass) .) }}
 {{- if $storageClass }}
-storageClassName: {{ $storageClass | quote }}
+  storageClassName: {{ $storageClass | quote }}
 {{- end }}
 {{- end -}}
 
@@ -128,4 +128,4 @@ Create image for Init
 */}}
 {{- define "gitea.actions.init.image" -}}
 {{ include "gitea.actions.common.image" (dict "root" . "image" .Values.init.image) }}
-{{- end -}}
+{{- end -}}

templates/config-act-runner.yaml

@@ -11,9 +11,9 @@ data:
   config.yaml: |
     {{- with .Values.statefulset.actRunner.config -}}
     {{- if kindIs "string" . -}}
-    {{ . | nindent 4}}
+      {{ . | nindent 4}}
     {{- else -}}
-    {{ toYaml . | nindent 4}}
+      {{ toYaml . | nindent 4}}
     {{- end -}}
     {{- end -}}
 {{- end }}

templates/statefulset.yaml

@@ -32,14 +32,40 @@ spec:
     spec:
       restartPolicy: Always
       {{- if .Values.statefulset.serviceAccountName }}
-      serviceAccountName: {{ .Values.statefulset.serviceAccountName }}
+      serviceAccountName: {{ .Values.statefulset.serviceAccountName | quote }}
       {{- end }}
+      {{- if .Values.statefulset.securityContext }}
       securityContext:
         {{- toYaml .Values.statefulset.securityContext | nindent 8 }}
+      {{- end }}
+      {{- if .Values.statefulset.runtimeClassName }}
+      runtimeClassName: {{ .Values.statefulset.runtimeClassName | quote }}
+      {{- end }}
+      {{- if .Values.statefulset.hostAliases }}
+      hostAliases:
+        {{- toYaml .Values.statefulset.hostAliases | nindent 8 }}
+      {{- end }}
       initContainers:
         {{- if .Values.preExtraInitContainers }}
         {{- toYaml .Values.preExtraInitContainers | nindent 8 }}
         {{- end }}
+        {{- if .Values.statefulset.actRunner.flushCache }}
+        - name: cache-flusher
+          image: "{{ include "gitea.actions.init.image" . }}"
+          command:
+            - sh
+            - -c
+            - |
+              if [[ -f /data/.runner ]]; then
+                echo "Removing cache at /data/.runner"
+                rm -v /data/.runner
+              else
+                echo "No .runner file to remove"
+              fi
+          volumeMounts:
+            - mountPath: /data
+              name: data-act-runner
+        {{- end }}
         - name: init-gitea
           image: "{{ include "gitea.actions.init.image" . }}"
           command:
@@ -62,6 +88,10 @@ spec:
           {{- end }}
           securityContext:
             privileged: true
+          {{- if .Values.statefulset.dind.extraArgs }}
+          args:
+            {{- toYaml .Values.statefulset.dind.extraArgs | nindent 12 }}
+          {{- end }}
           startupProbe:
             exec:
               command:

unittests/helm/01-consistency-checks.yaml

@@ -1,6 +1,6 @@
 suite: actions template | consistency checks
 release:
-  name: gitea-unittests
+  name: gitea-actions-unittests
   namespace: testing
 templates:
   - templates/01-consistency-checks.yaml

unittests/helm/config-act-runner.yaml

@@ -1,7 +1,7 @@
 # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
 suite: actions template | config-act-runner
 release:
-  name: gitea-unittests
+  name: gitea-actions-unittests
   namespace: testing
 templates:
   - templates/config-act-runner.yaml
@@ -31,7 +31,7 @@ tests:
       - containsDocument:
           kind: ConfigMap
           apiVersion: v1
-          name: gitea-unittests-actions-act-runner-config
+          name: gitea-actions-unittests-act-runner-config
       - equal:
           path: data["config.yaml"]
           value: |
@@ -59,7 +59,7 @@ tests:
       - containsDocument:
           kind: ConfigMap
           apiVersion: v1
-          name: gitea-unittests-actions-act-runner-config
+          name: gitea-actions-unittests-act-runner-config
       - matchRegex:
           path: data["config.yaml"]
           pattern: '(?m)^\s*options:\s*-v /var/run/docker.sock:/var/run/docker.sock\s*$'

unittests/helm/statefulset.yaml

@@ -1,17 +1,225 @@
 suite: actions template | statefulset
 release:
-  name: gitea-unittests
+  name: gitea-actions-unittests
   namespace: testing
 templates:
   - templates/statefulset.yaml
   - templates/config-act-runner.yaml
 tests:
-  - it: act-runner uses fullOverride
+#
+## GENERIC
+#
+
+  - it: doesn't renders a StatefulSet by default
+    template: templates/statefulset.yaml
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: renders a StatefulSet (that tracks changes of the runner configuration as annotation)
+    template: templates/statefulset.yaml
+    set:
+      image.tag: "1.22.3" # lock image tag to prevent test failures on future Gitea upgrades
+      enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-actions-unittests-act-runner
+      - equal:
+          path: spec.template.metadata.annotations["checksum/config"]
+          value: "368836e4e5d947f06f2d65c7cc3fc3ad050aaced506443f54a8ffc17bb11afd2"
+
+  - it: Has fsGroup in securityContext
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      statefulset.securityContext:
+        fsGroup: 1000
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-actions-unittests-act-runner
+      - equal:
+          path: spec.template.spec.securityContext["fsGroup"]
+          value: 1000
+
+  - it: Has fsGroupChangePolicy in securityContext
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      statefulset.securityContext:
+        fsGroupChangePolicy: OnRootMismatch
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-actions-unittests-act-runner
+      - equal:
+          path: spec.template.spec.securityContext["fsGroupChangePolicy"]
+          value: "OnRootMismatch"
+
+  - it: Has Always in securityContext
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      statefulset.securityContext:
+        fsGroupChangePolicy: Always
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-actions-unittests-act-runner
+      - equal:
+          path: spec.template.spec.securityContext["fsGroupChangePolicy"]
+          value: "Always"
+
+  - it: renders a StatefulSet (with given existingSecret/existingSecretKey)
     template: templates/statefulset.yaml
     set:
       enabled: true
       existingSecret: "my-secret"
       existingSecretKey: "my-secret-key"
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-actions-unittests-act-runner
+      - equal:
+          path: spec.template.spec.containers[0].env[0]
+          value:
+            name: GITEA_RUNNER_REGISTRATION_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: "my-secret"
+                key: "my-secret-key"
+
+  - it: renders a StatefulSet http (with correct GITEA_INSTANCE_URL env from giteaRootURL)
+    template: templates/statefulset.yaml
+    set:
+      giteaRootURL: "http://git.example.com"
+      enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-actions-unittests-act-runner
+      - equal:
+          path: spec.template.spec.containers[0].env[1]
+          value:
+            name: GITEA_INSTANCE_URL
+            value: "http://git.example.com"
+      - equal:
+          path: spec.template.spec.initContainers[0].command[2]
+          value: |
+            echo 'Trying to reach Gitea on http://git.example.com'
+            until timeout 10 wget --no-check-certificate --spider http://git.example.com; do
+              sleep 3
+              echo "Trying again in 3 seconds..."
+            done
+            echo "Gitea has been reached!"
+
+  - it: renders a StatefulSet https (with correct GITEA_INSTANCE_URL env from giteaRootURL)
+    template: templates/statefulset.yaml
+    set:
+      giteaRootURL: "https://git.example.com"
+      enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-actions-unittests-act-runner
+      - equal:
+          path: spec.template.spec.containers[0].env[1]
+          value:
+            name: GITEA_INSTANCE_URL
+            value: "https://git.example.com"
+      - equal:
+          path: spec.template.spec.initContainers[0].command[2]
+          value: |
+            echo 'Trying to reach Gitea on https://git.example.com'
+            until timeout 10 wget --no-check-certificate --spider https://git.example.com; do
+              sleep 3
+              echo "Trying again in 3 seconds..."
+            done
+            echo "Gitea has been reached!"
+
+  - it: renders a StatefulSet https with explicit port (with correct GITEA_INSTANCE_URL env from giteaRootURL)
+    template: templates/statefulset.yaml
+    set:
+      giteaRootURL: "https://git.example.com:8443"
+      enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-actions-unittests-act-runner
+      - equal:
+          path: spec.template.spec.containers[0].env[1]
+          value:
+            name: GITEA_INSTANCE_URL
+            value: "https://git.example.com:8443"
+      - equal:
+          path: spec.template.spec.initContainers[0].command[2]
+          value: |
+            echo 'Trying to reach Gitea on https://git.example.com:8443'
+            until timeout 10 wget --no-check-certificate --spider https://git.example.com:8443; do
+              sleep 3
+              echo "Trying again in 3 seconds..."
+            done
+            echo "Gitea has been reached!"
+
+  - it: should render service account name correctly
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      statefulset:
+        serviceAccountName: "my-service-account"
+    asserts:
+      - hasDocuments:
+          count: 1
+      - equal:
+          path: spec.template.spec.serviceAccountName
+          value: "my-service-account"
+
+  - it: should render runtime class name correctly
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      statefulset:
+        runtimeClassName: "my-runtime-class-name"
+    asserts:
+      - hasDocuments:
+          count: 1
+      - equal:
+          path: spec.template.spec.runtimeClassName
+          value: "my-runtime-class-name"
+
+#
+## ACT_RUNNER
+#
+
+  - it: act-runner uses fullOverride
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
       statefulset.actRunner.fullOverride: test.io/act_runner:x.y.z
     asserts:
       - hasDocuments:
@@ -19,17 +227,16 @@ tests:
       - containsDocument:
           kind: StatefulSet
           apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
+          name: gitea-actions-unittests-act-runner
       - equal:
           path: spec.template.spec.containers[0].image
           value: test.io/act_runner:x.y.z
+
   - it: act-runner uses digest
     template: templates/statefulset.yaml
     set:
       enabled: true
-      existingSecret: "my-secret"
+      statefulset.actRunner.tag: 0.3.1
-      existingSecretKey: "my-secret-key"
-      statefulset.actRunner.tag: 0.2.13
       statefulset.actRunner.digest: sha256:abcdef123456
     asserts:
       - hasDocuments:
@@ -37,104 +244,32 @@ tests:
       - containsDocument:
           kind: StatefulSet
           apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
+          name: gitea-actions-unittests-act-runner
       - equal:
           path: spec.template.spec.containers[0].image
-          value: docker.gitea.com/act_runner:0.2.13@sha256:abcdef123456
+          value: docker.gitea.com/act_runner:0.3.1@sha256:abcdef123456
+
   - it: act-runner uses global.imageRegistry
     template: templates/statefulset.yaml
     set:
       enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
       global.imageRegistry: test.io
-      statefulset.actRunner.tag: 0.2.13
+      statefulset.actRunner.tag: 0.3.1
     asserts:
       - hasDocuments:
           count: 1
       - containsDocument:
           kind: StatefulSet
           apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
+          name: gitea-actions-unittests-act-runner
       - equal:
           path: spec.template.spec.containers[0].image
-          value: test.io/act_runner:0.2.13
+          value: test.io/act_runner:0.3.1
-  - it: dind uses fullOverride
+
-    template: templates/statefulset.yaml
-    set:
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-      statefulset.dind.fullOverride: test.io/dind:x.y.z
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.initContainers[1].image
-          value: test.io/dind:x.y.z
-  - it: dind uses global.imageRegistry
-    template: templates/statefulset.yaml
-    set:
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-      global.imageRegistry: test.io
-      statefulset.dind.tag: 28.3.3-dind
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.initContainers[1].image
-          value: test.io/docker:28.3.3-dind
-  - it: init uses fullOverride
-    template: templates/statefulset.yaml
-    set:
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-      init.image.fullOverride: test.io/busybox:x.y.z
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.initContainers[0].image
-          value: test.io/busybox:x.y.z
-  - it: init uses global.imageRegistry
-    template: templates/statefulset.yaml
-    set:
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-      global.imageRegistry: test.io
-      init.image.tag: 1.37.0
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.initContainers[0].image
-          value: test.io/busybox:1.37.0
   - it: renders additional environment variables for act-runner container in StatefulSet
     template: templates/statefulset.yaml
     set:
       enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
       statefulset:
         actRunner:
           extraEnvs:
@@ -150,7 +285,7 @@ tests:
       - containsDocument:
           kind: StatefulSet
           apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
+          name: gitea-actions-unittests-act-runner
       - equal:
           path: spec.template.spec.containers[0].env[4]
           value:
@@ -162,223 +297,7 @@ tests:
       - matchRegex:
           path: spec.template.spec.containers[0].env[5].name
           pattern: "GITEA_RUNNER_NAME"
-  - it: Has fsGroup in securityContext
+
-    template: templates/statefulset.yaml
-    set:
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-      statefulset.securityContext:
-        fsGroup: 1000
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.securityContext["fsGroup"]
-          value: 1000
-  - it: Has fsGroupChangePolicy in securityContext
-    template: templates/statefulset.yaml
-    set:
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-      statefulset.securityContext:
-        fsGroupChangePolicy: OnRootMismatch
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.securityContext["fsGroupChangePolicy"]
-          value: "OnRootMismatch"
-  - it: Has Always in securityContext
-    template: templates/statefulset.yaml
-    set:
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-      statefulset.securityContext:
-        fsGroupChangePolicy: Always
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.securityContext["fsGroupChangePolicy"]
-          value: "Always"
-  - it: doesn't renders a StatefulSet by default
-    template: templates/statefulset.yaml
-    asserts:
-      - hasDocuments:
-          count: 0
-  - it: renders a StatefulSet (with given existingSecret/existingSecretKey)
-    template: templates/statefulset.yaml
-    set:
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.containers[0].env[0]
-          value:
-            name: GITEA_RUNNER_REGISTRATION_TOKEN
-            valueFrom:
-              secretKeyRef:
-                name: "my-secret"
-                key: "my-secret-key"
-  - it: renders a StatefulSet (with secret reference defaults for enabled provisioning)
-    template: templates/statefulset.yaml
-    set:
-      enabled: true
-      provisioning:
-        enabled: true
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.containers[0].env[0]
-          value:
-            name: GITEA_RUNNER_REGISTRATION_TOKEN
-            valueFrom:
-              secretKeyRef:
-                name: "gitea-unittests-actions-token"
-                key: "token"
-  - it: renders a StatefulSet (that tracks changes of the runner configuration as annotation)
-    template: templates/statefulset.yaml
-    set:
-      image.tag: "1.22.3" # lock image tag to prevent test failures on future Gitea upgrades
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.metadata.annotations["checksum/config"]
-          value: "2bafbf04b3c4293c8ddf895ae3d908e14176ee54a6c724c8cf5b2a1e43c6ece7"
-  - it: renders a StatefulSet http (with correct GITEA_INSTANCE_URL env from giteaRootURL)
-    template: templates/statefulset.yaml
-    set:
-      giteaRootURL: "http://git.example.com"
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.containers[0].env[1]
-          value:
-            name: GITEA_INSTANCE_URL
-            value: "http://git.example.com"
-      - equal:
-          path: spec.template.spec.initContainers[0].command[2]
-          value: |
-            echo 'Trying to reach Gitea on http://git.example.com'
-            until timeout 10 wget --no-check-certificate --spider http://git.example.com; do
-              sleep 3
-              echo "Trying again in 3 seconds..."
-            done
-            echo "Gitea has been reached!"
-  - it: renders a StatefulSet https (with correct GITEA_INSTANCE_URL env from giteaRootURL)
-    template: templates/statefulset.yaml
-    set:
-      giteaRootURL: "https://git.example.com"
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.containers[0].env[1]
-          value:
-            name: GITEA_INSTANCE_URL
-            value: "https://git.example.com"
-      - equal:
-          path: spec.template.spec.initContainers[0].command[2]
-          value: |
-            echo 'Trying to reach Gitea on https://git.example.com'
-            until timeout 10 wget --no-check-certificate --spider https://git.example.com; do
-              sleep 3
-              echo "Trying again in 3 seconds..."
-            done
-            echo "Gitea has been reached!"
-  - it: renders a StatefulSet https (with correct GITEA_INSTANCE_URL env from giteaRootURL)
-    template: templates/statefulset.yaml
-    set:
-      giteaRootURL: "https://git.example.com:8443"
-      enabled: true
-      existingSecret: "my-secret"
-      existingSecretKey: "my-secret-key"
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          kind: StatefulSet
-          apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
-      - equal:
-          path: spec.template.spec.containers[0].env[1]
-          value:
-            name: GITEA_INSTANCE_URL
-            value: "https://git.example.com:8443"
-      - equal:
-          path: spec.template.spec.initContainers[0].command[2]
-          value: |
-            echo 'Trying to reach Gitea on https://git.example.com:8443'
-            until timeout 10 wget --no-check-certificate --spider https://git.example.com:8443; do
-              sleep 3
-              echo "Trying again in 3 seconds..."
-            done
-            echo "Gitea has been reached!"
-  - it: allows adding custom environment variables to the docker-in-docker container
-    template: templates/statefulset.yaml
-    set:
-      enabled: true
-      statefulset:
-        dind:
-          extraEnvs:
-            - name: "CUSTOM_ENV_NAME"
-              value: "custom env value"
-    asserts:
-      - equal:
-          path: spec.template.spec.initContainers[1].env[0]
-          value:
-            name: "CUSTOM_ENV_NAME"
-            value: "custom env value"
   - it: should mount an extra volume in the act runner container
     template: templates/statefulset.yaml
     set:
@@ -397,13 +316,67 @@ tests:
       - containsDocument:
           kind: StatefulSet
           apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
+          name: gitea-actions-unittests-act-runner
       - contains:
           any: true
           path: spec.template.spec.containers[0].volumeMounts
           content:
             mountPath: /mnt
             name: my-act-runner-volume
+
+#
+## DIND
+#
+
+  - it: dind uses fullOverride
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      statefulset.dind.fullOverride: test.io/dind:x.y.z
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-actions-unittests-act-runner
+      - equal:
+          path: spec.template.spec.initContainers[1].image
+          value: test.io/dind:x.y.z
+
+  - it: dind uses global.imageRegistry
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      global.imageRegistry: test.io
+      statefulset.dind.tag: 28.3.3-dind
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-actions-unittests-act-runner
+      - equal:
+          path: spec.template.spec.initContainers[1].image
+          value: test.io/docker:28.3.3-dind
+
+  - it: allows adding custom environment variables to the docker-in-docker container
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      statefulset:
+        dind:
+          extraEnvs:
+            - name: "CUSTOM_ENV_NAME"
+              value: "custom env value"
+    asserts:
+      - equal:
+          path: spec.template.spec.initContainers[1].env[0]
+          value:
+            name: "CUSTOM_ENV_NAME"
+            value: "custom env value"
+
   - it: should mount an extra volume in the docker-in-docker container
     template: templates/statefulset.yaml
     set:
@@ -422,81 +395,47 @@ tests:
       - containsDocument:
           kind: StatefulSet
           apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
+          name: gitea-actions-unittests-act-runner
       - contains:
           any: true
           path: spec.template.spec.initContainers[1].volumeMounts
           content:
             mountPath: /mnt
             name: my-dind-volume
-  - it: should interpret existingSecret & existingSecretKey templating
+
+#
+## INIT
+#
+
+  - it: init uses fullOverride
     template: templates/statefulset.yaml
     set:
-      gitea:
-        token:
-          secret:
-            name: "gitea-secret"
-            key: "secret-key"
       enabled: true
-      existingSecret: "{{ .Release.Name }}-{{ .Values.gitea.token.secret.name}}"
+      init.image.fullOverride: test.io/busybox:x.y.z
-      existingSecretKey: "{{ .Values.gitea.token.secret.key}}"
     asserts:
       - hasDocuments:
           count: 1
       - containsDocument:
           kind: StatefulSet
           apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
+          name: gitea-actions-unittests-act-runner
       - equal:
-          path: spec.template.spec.containers[0].env[0].name
+          path: spec.template.spec.initContainers[0].image
-          value: "GITEA_RUNNER_REGISTRATION_TOKEN"
+          value: test.io/busybox:x.y.z
-      - equal:
+
-          path: spec.template.spec.containers[0].env[0].valueFrom.secretKeyRef.name
+  - it: init uses global.imageRegistry
-          value: "gitea-unittests-gitea-secret"
-      - equal:
-          path: spec.template.spec.containers[0].env[0].valueFrom.secretKeyRef.key
-          value: "secret-key"
-  - it: should interpret Gitea Root URL templating
     template: templates/statefulset.yaml
     set:
-      global:
-        gitea:
-          service:
-            name: "my-gitea-svc-http"
-            port: 3210
       enabled: true
-      giteaRootURL: "http://{{ .Values.global.gitea.service.name }}:{{ .Values.global.gitea.service.port }}"
+      global.imageRegistry: test.io
+      init.image.tag: 1.37.0
     asserts:
       - hasDocuments:
           count: 1
       - containsDocument:
           kind: StatefulSet
           apiVersion: apps/v1
-          name: gitea-unittests-actions-act-runner
+          name: gitea-actions-unittests-act-runner
       - equal:
-          path: spec.template.spec.containers[0].env[1].name
+          path: spec.template.spec.initContainers[0].image
-          value: "GITEA_INSTANCE_URL"
+          value: test.io/busybox:1.37.0
-      - equal:
-          path: spec.template.spec.containers[0].env[1].value
-          value: "http://my-gitea-svc-http:3210"
-      - equal:
-          path: spec.template.spec.initContainers[0].command[2]
-          value: |
-            echo 'Trying to reach Gitea on http://my-gitea-svc-http:3210'
-            until timeout 10 wget --no-check-certificate --spider http://my-gitea-svc-http:3210; do
-              sleep 3
-              echo "Trying again in 3 seconds..."
-            done
-            echo "Gitea has been reached!"
-  - it: should render service account name correctly
-    template: templates/statefulset.yaml
-    set:
-      enabled: true
-      statefulset:
-        serviceAccountName: "my-service-account"
-    asserts:
-      - hasDocuments:
-          count: 1
-      - equal:
-          path: spec.template.spec.serviceAccountName
-          value: "my-service-account"

values.yaml

@@ -11,6 +11,14 @@
 ## @param statefulset.tolerations Tolerations for the statefulset
 ## @param statefulset.affinity Affinity for the statefulset
 ## @param statefulset.extraVolumes Extra volumes for the statefulset
+## @param statefulset.persistence.size Size for persistence to store act runner data
+## @param statefulset.securityContext Customize the SecurityContext
+## @param statefulset.serviceAccountName Customize the service account name
+## @param statefulset.runtimeClassName Select a different RuntimeClass for pods
+## @param statefulset.hostAliases Inject entries into the /etc/hosts file
+#
+## @param statefulset.persistence.size Size for persistence to store act runner data
+#
 ## @param statefulset.actRunner.registry image registry, e.g. gcr.io,docker.io
 ## @param statefulset.actRunner.repository The Gitea act runner image
 ## @param statefulset.actRunner.tag The Gitea act runner tag
@@ -18,11 +26,13 @@
 ## @param statefulset.actRunner.pullPolicy The Gitea act runner pullPolicy
 ## @param statefulset.actRunner.fullOverride Completely overrides the image registry, path/image, tag and digest.
 ## @param statefulset.actRunner.extraVolumeMounts Allows mounting extra volumes in the act runner container
+## @param statefulset.actRunner.extraEnvs Allows adding custom environment variables
+## @param statefulset.actRunner.flushCache whether to clear the .runner (cache) file by creating an extra init container, can slightly increase boot-up time
 ## @param statefulset.actRunner.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details.
+#
 ## @param statefulset.dind.rootless [default: false] a simple flag to let helm know we are dealing with a rootless dind container
 ## @param statefulset.dind.uid a field to set the running user id for the rootless dind container, so it knows where to look for the socket
 ## @param statefulset.dind.registry image registry, e.g. gcr.io,docker.io
-## @param statefulset.actRunner.extraEnvs Allows adding custom environment variables
 ## @param statefulset.dind.repository The Docker-in-Docker image
 ## @param statefulset.dind.tag The Docker-in-Docker image tag
 ## @param statefulset.dind.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
@@ -30,9 +40,8 @@
 ## @param statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy
 ## @param statefulset.dind.extraVolumeMounts Allows mounting extra volumes in the Docker-in-Docker container
 ## @param statefulset.dind.extraEnvs Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`
-## @param statefulset.persistence.size Size for persistence to store act runner data
+## @param statefulset.dind.extraArgs Allows adding custom arguments to the Docker Daemon
-## @param statefulset.securityContext Customize the SecurityContext
+#
-## @param statefulset.serviceAccountName Customize the service account name
 enabled: false
 statefulset:
   replicas: 1
@@ -46,11 +55,23 @@ statefulset:
   extraVolumes: []
   securityContext: {}
   serviceAccountName: ""
+  runtimeClassName: ""
+
+  # Add /etc/hosts injections into the pods
+  hostAliases:
+    []
+  #  - ip: 8.8.8.8
+  #    hostnames:
+  #      - googel.com
+  #      - googol.com
+
+  persistence:
+    size: 1Gi
 
   actRunner:
     registry: "docker.gitea.com"
     repository: act_runner
-    tag: 0.3.0
+    tag: 0.3.1
     digest: ""
     pullPolicy: IfNotPresent
     fullOverride: ""
@@ -62,6 +83,8 @@ statefulset:
       #     fieldRef:
       #       fieldPath: metadata.name
 
+    # See full details: https://gitea.com/gitea/helm-actions/issues/73
+    flushCache: false
     # See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
     config: |
       log:
@@ -77,7 +100,7 @@ statefulset:
     uid: ""
     registry: "docker.io"
     repository: docker
-    tag: 29.3.1-dind
+    tag: 29.4.0-dind
     digest: ""
     pullPolicy: IfNotPresent
     fullOverride: ""
@@ -90,8 +113,11 @@ statefulset:
       #  - name: "DOCKER_IPTABLES_LEGACY"
       #    value: "1"
 
-  persistence:
+    # Option to add extra arguments/commands to the container/pod:
-    size: 1Gi
+    # [#22](https://gitea.com/gitea/helm-actions/issues/22) [k8s docs](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/)
+    extraArgs:
+      []
+      #  - --mtu=1400
 
 ## @section Gitea Actions Init
 #
@@ -125,8 +151,8 @@ giteaRootURL: ""
 
 ## @section Extra Init Containers
 #
-## @param preExtraInitContainers Additional init containers to run in the pod before gitea-actions runs it owns init containers.
+## @param preExtraInitContainers Additional init containers to run in the pod before Gitea-actions runs it owns init containers.
-## @param postExtraInitContainers Additional init containers to run in the pod after gitea-actions runs it owns init containers.
+## @param postExtraInitContainers Additional init containers to run in the pod after Gitea-actions runs it owns init containers.
 preExtraInitContainers: []
 # - name: pre-init-container
 #   image: docker.io/library/busybox