bp99/helm-actions
1
0
Fork 0
mirror of https://gitea.com/gitea/helm-actions.git synced 2026-04-09 19:20:40 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Compare commits

base: bp99:v0.0.5
Branches Tags
bp99:main bp99:christopherhx/e2e bp99:check-release-secrets
bp99:v0.0.5 bp99:v0.0.4 bp99:v0.0.3 bp99:v0.0.2 bp99:v0.0.1
..
compare: bp99:christopherhx/e2e
Branches Tags
bp99:main bp99:christopherhx/e2e bp99:check-release-secrets
bp99:v0.0.5 bp99:v0.0.4 bp99:v0.0.3 bp99:v0.0.2 bp99:v0.0.1

20 Commits
v0.0.5 ... christophe

Author SHA1 Message Date
ChristopherHX
43e1080cd7 .gitea/workflows/e2e.yml aktualisiert 2026-03-19 11:26:21 +00:00
ChristopherHX
6945a48d11 .gitea/workflows/e2e.yml aktualisiert 2026-03-19 11:18:21 +00:00
ChristopherHX
91348eb00b Rename cluster 2026-03-19 11:01:02 +00:00
ChristopherHX
24863ef249 .gitea/workflows/e2e.yml aktualisiert 2026-03-19 10:51:14 +00:00
ChristopherHX
62c14d7877 .gitea/workflows/e2e.yml aktualisiert 2026-03-19 10:45:45 +00:00
ChristopherHX
3625cf2ff2 fixes 2026-03-19 10:38:42 +00:00
ChristopherHX
4a82e5d96d .gitea/workflows/e2e.yml aktualisiert 2026-03-19 10:35:18 +00:00
ChristopherHX
86c8067beb Keep cluster alive? 2026-03-19 10:31:35 +00:00
ChristopherHX
a21154e3a6 .gitea/workflows/e2e.yml aktualisiert 2026-03-18 22:51:06 +00:00
ChristopherHX
d1c20ced5e .gitea/workflows/e2e.yml aktualisiert 2026-03-18 22:46:09 +00:00
ChristopherHX
4e2e4c4b29 .gitea/workflows/e2e.yml aktualisiert 2026-03-18 22:42:30 +00:00
ChristopherHX
759dffa245 .gitea/workflows/e2e.yml aktualisiert 2026-03-18 22:34:19 +00:00
ChristopherHX
619d048017 .gitea/workflows/e2e.yml aktualisiert 2026-03-18 22:33:12 +00:00
ChristopherHX
2f455431a9 .gitea/workflows/e2e.yml aktualisiert 2026-03-18 22:28:40 +00:00
ChristopherHX
9a3b8afa55 .gitea/workflows/e2e.yml aktualisiert 2026-03-18 22:08:30 +00:00
ChristopherHX
e2bc1191d7 .gitea/workflows/e2e.yml aktualisiert 2026-03-18 21:54:05 +00:00
ChristopherHX
2325970518 another attempt 2026-03-18 21:46:02 +00:00
ChristopherHX
1c8e4d9ef6 .gitea/workflows/e2e.yml aktualisiert 2026-03-18 21:35:36 +00:00
ChristopherHX
7db5906c08 Add delete cluster 2026-03-18 21:20:54 +00:00
ChristopherHX
d24696be8c .gitea/workflows/e2e.yml hinzugefügt 2026-03-18 21:05:57 +00:00
19 changed files with 586 additions and 639 deletions
Expand all files Collapse all files

2
.gitea/workflows/changelog.yml
View File

@ -8,7 +8,7 @@ on:
jobs: jobs:
changelog: changelog:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: docker.io/thegeeklab/git-sv:2.0.11 container: docker.io/thegeeklab/git-sv:2.0.9
steps: steps:
- name: install tools - name: install tools
run: | run: |

2
.gitea/workflows/commitlint.yml
View File

@ -11,7 +11,7 @@ on:
jobs: jobs:
check-and-test: check-and-test:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: commitlint/commitlint:20.5.1 container: commitlint/commitlint:20.4.1
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@v6
- name: check PR title - name: check PR title

76
.gitea/workflows/e2e.yml Normal file
View File

@ -0,0 +1,76 @@
on: pull_request
jobs:
k8s-test:
runs-on: ubuntu-latest
env:
CLUSTER_NAME: test-cluster
steps:
- uses: actions/checkout@v4
- name: Install Docker CLI, kind, and kubectl
run: |
# Install Docker CLI (to talk to the host daemon via the mounted socket)
apt-get update && apt-get install -y docker.io jq
# Install kind
curl -Lo /usr/local/bin/kind https://kind.sigs.k8s.io/dl/v0.24.0/kind-linux-amd64
chmod +x /usr/local/bin/kind
# Install kubectl
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
install kubectl /usr/local/bin/
- name: Create kind cluster
run: |
kind delete cluster test-cluster2
docker inspect ${CLUSTER_NAME}-control-plane && mkdir -p ~/.kube && kind get kubeconfig --name ${CLUSTER_NAME} > ~/.kube/config || kind create cluster --name ${CLUSTER_NAME} --wait 5m
- name: Connect kind to the job container's network and fix kubeconfig
if: always()
run: |
# 1. Find the Docker network the job container is on
# The job container's hostname is the container ID
JOB_CONTAINER_ID=$(hostname)
NETWORK_NAME=$(docker inspect "$JOB_CONTAINER_ID" \
--format '{{range $k, $v := .NetworkSettings.Networks}}{{$k}}{{end}}')
echo "NETWORK_NAME=$NETWORK_NAME" >> $GITHUB_ENV
echo "Job container network: $NETWORK_NAME"
# 2. Get the kind control-plane container name
KIND_CONTAINER="${CLUSTER_NAME}-control-plane"
echo "KIND_CONTAINER=$KIND_CONTAINER" >> $GITHUB_ENV
# 3. Connect the kind container to the same network
docker network connect "$NETWORK_NAME" "$KIND_CONTAINER"
# 4. Get the kind container's IP on that network
KIND_IP=$(docker inspect "$KIND_CONTAINER" \
--format "{{(index .NetworkSettings.Networks \"$NETWORK_NAME\").IPAddress}}")
echo "Kind container IP on shared network: $KIND_IP"
# 5. Rewrite the kubeconfig to use the kind container's IP
# kind's API server listens on port 6443 inside the container
kubectl config set-cluster kind-${CLUSTER_NAME} \
--server="https://${KIND_IP}:6443"
# 6. Since the TLS cert won't match the new IP, use insecure mode
# OR set insecure-skip-tls-verify
kubectl config set-cluster kind-${CLUSTER_NAME} \
--insecure-skip-tls-verify=true
- name: Verify cluster access
if: always()
run: |
kubectl cluster-info
kubectl get nodes
kubectl get pods -A
- name: Disconnect Kind Network
if: always()
run: |
docker network disconnect "$NETWORK_NAME" "$KIND_CONTAINER"

60
.gitea/workflows/release-version.yml
View File

@ -7,76 +7,64 @@ on:
env: env:
# renovate: datasource=docker depName=alpine/helm # renovate: datasource=docker depName=alpine/helm
HELM_VERSION: "4.1.3" HELM_VERSION: "3.20.0"
jobs: jobs:
generate-chart-publish: generate-chart-publish:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@v6
- name: install Docker CLI
uses: https://github.com/docker/setup-buildx-action@v4 # Gitea
#uses: docker/setup-buildx-action@v4 # Github / Act
- name: install Helm
uses: https://github.com/Azure/setup-helm@v5 # Gitea
#uses: Azure/setup-helm@v5 # Github / Act
with:
version: "${{ env.HELM_VERSION }}"
- name: install tools - name: install tools
run: | run: |
apt update apt update -y
apt install -y curl ca-certificates curl gnupg python3 python3-pip apt-transport-https apt install -y curl ca-certificates curl gnupg
# helm
curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/
rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
helm version
# docker
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update -y
apt install -y python3 python3-pip apt-transport-https docker-ce-cli
pip install awscli --break-system-packages pip install awscli --break-system-packages
- name: import GPG key - name: Import GPG key
id: import_gpg id: import_gpg
uses: https://github.com/crazy-max/ghaction-import-gpg@v7 # Gitea uses: https://github.com/crazy-max/ghaction-import-gpg@v7
#uses: crazy-max/ghaction-import-gpg@v7 # Github / Act
with: with:
gpg_private_key: ${{ secrets.GPGSIGN_KEY }} gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }} passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0 fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
- name: log into Docker Hub
uses: https://github.com/docker/login-action@v4 # Gitea
#uses: docker/login-action@v4 # Github / Act
with:
username: ${{ secrets.DOCKER_CHARTS_USERNAME }}
password: ${{ secrets.DOCKER_CHARTS_PASSWORD }}
# Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
- name: package chart - name: package chart
run: | run: |
# Install Helm GPG plugin echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
helm plugin install https://github.com/technosophos/helm-gpg.git --verify=false # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
helm plugin install https://github.com/pat-s/helm-gpg
helm dependency build helm dependency build
helm package --version "${GITHUB_REF#refs/tags/v}" ./ helm package --version "${GITHUB_REF#refs/tags/v}" ./
# Package the chart
mkdir actions mkdir actions
mv actions*.tgz actions/ mv actions*.tgz actions/
curl -s -L -o actions/index.yaml https://dl.gitea.com/charts/index.yaml curl -s -L -o actions/index.yaml https://dl.gitea.com/charts/index.yaml
helm repo index actions/ --url https://dl.gitea.com/charts --merge actions/index.yaml helm repo index actions/ --url https://dl.gitea.com/charts --merge actions/index.yaml
# push to dockerhub
# Push to Docker Hub
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
helm push actions/actions-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts helm push actions/actions-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
helm registry logout registry-1.docker.io helm registry logout registry-1.docker.io
env:
TAR_OPTIONS: "--wildcards"
- name: aws credential configure - name: aws credential configure
uses: https://github.com/aws-actions/configure-aws-credentials@v6 # Gitea uses: https://github.com/aws-actions/configure-aws-credentials@v6
#uses: aws-actions/configure-aws-credentials@v6 # Github / Act
with: with:
aws-access-key-id: ${{ secrets.AWS_KEY_ID }} aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }} aws-region: ${{ secrets.AWS_REGION }}
- name: copy files to S3 and clear cache - name: Copy files to S3 and clear cache
if: startsWith(github.ref, 'refs/tags/')
run: | run: |
aws s3 sync actions/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/ aws s3 sync actions/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/

2
.gitea/workflows/shellcheck.yml
View File

@ -1,4 +1,4 @@
name: shellcheck name: Lint Shell files
on: on:
pull_request: pull_request:

15
.gitea/workflows/test-pr.yml
View File

@ -1,7 +1,6 @@
name: check-and-test name: check-and-test
"on": on:
"workflow_dispatch":
pull_request: pull_request:
branches: branches:
- "*" - "*"
@ -16,27 +15,26 @@ env:
jobs: jobs:
check-and-test: check-and-test:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: alpine/helm:4.1.3 container: alpine/helm:3.20.0
steps: steps:
- name: install tools - name: install tools
run: | run: |
apk update apk update
apk add --update bash make nodejs npm yamllint ncurses apk add --update bash make nodejs npm yamllint ncurses
- name: Install pnpm - name: Install pnpm
uses: pnpm/action-setup@v5 uses: pnpm/action-setup@v4
with: with:
version: 10 version: 10
- uses: actions/checkout@v6 - uses: actions/checkout@v6
- name: install chart dependencies - name: install chart dependencies
run: helm dependency build run: helm dependency build
- name: lint - name: lint
run: helm lint . run: helm lint
- name: template - name: template
run: helm template --debug gitea-actions . run: helm template --debug gitea-actions .
- name: prepare unit test environment - name: prepare unit test environment
run: | run: |
helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} --verify=false \ helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
https://github.com/helm-unittest/helm-unittest.git # https://github.com/helm-unittest/helm-unittest?tab=readme-ov-file#install
git submodule update --init --recursive git submodule update --init --recursive
- name: unit tests - name: unit tests
env: env:
@ -48,5 +46,4 @@ jobs:
make readme make readme
git diff --exit-code --name-only README.md git diff --exit-code --name-only README.md
- name: yaml lint - name: yaml lint
# uses: ibiqlik/action-yamllint@v3 # Github / Act uses: https://github.com/ibiqlik/action-yamllint@v3
uses: https://github.com/ibiqlik/action-yamllint@v3 # Gitea

1
.gitignore vendored
View File

@ -2,4 +2,3 @@ charts/
node_modules/ node_modules/
.DS_Store .DS_Store
unittests/*/__snapshot__/ unittests/*/__snapshot__/
*secret*.yaml

86
README.md
View File

@ -6,9 +6,17 @@ The parameters which can be used to customize the deployment are described below
If you want to propose a new feature or mechanism, submit an [issue here](https://gitea.com/gitea/helm-actions/issues). If you want to propose a new feature or mechanism, submit an [issue here](https://gitea.com/gitea/helm-actions/issues).
## Quick-start ## Docs
[Documentation](./docs/README.md) [Docs](./docs/README.md)
## Rootless Defaults
If `.Values.image.rootless: true`, then the following will occur. In case you use `.Values.image.fullOverride`, check that this works in your image:
- If `.Values.provisioning.enabled: true`, then uses the rootless Gitea image, must match helm-Gitea.
## Quick-start
To get started, add the Helm repo, assuming you have not already: To get started, add the Helm repo, assuming you have not already:
@ -31,26 +39,6 @@ helm upgrade --install gitea-actions gitea-charts/actions -f values.yaml
You should be good to go! You should be good to go!
### Runner Token Secret Template
For reference, a template for the secret is given below:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: runner-secret
namespace: "my-gitea-namespace"
type: Opaque
stringData:
runner-token: "my-cool-runner-token-given-by-gitea"
```
### Rootless Options
If `.Values.statefulset.dind.rootless: true` is set, then the following will be required:
`.Values.statefulset.dind.tag` must be a rootless image such as: `29.3.1-dind-rootless`
## Parameters ## Parameters
### Gitea Actions ### Gitea Actions
@ -58,6 +46,8 @@ If `.Values.statefulset.dind.rootless: true` is set, then the following will be
| Name | Description | Value | | Name | Description | Value |
| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | | ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
| `enabled` | Create an act runner StatefulSet. | `false` | | `enabled` | Create an act runner StatefulSet. | `false` |
| `init.image.repository` | The image used for the init containers | `busybox` |
| `init.image.tag` | The image tag used for the init containers | `1.37.0` |
| `statefulset.replicas` | the amount of (replica) runner pods deployed | `1` | | `statefulset.replicas` | the amount of (replica) runner pods deployed | `1` |
| `statefulset.timezone` | is the timezone that will be set in the act_runner image | `Etc/UTC` | | `statefulset.timezone` | is the timezone that will be set in the act_runner image | `Etc/UTC` |
| `statefulset.annotations` | Act runner annotations | `{}` | | `statefulset.annotations` | Act runner annotations | `{}` |
@ -67,33 +57,28 @@ If `.Values.statefulset.dind.rootless: true` is set, then the following will be
| `statefulset.tolerations` | Tolerations for the statefulset | `[]` | | `statefulset.tolerations` | Tolerations for the statefulset | `[]` |
| `statefulset.affinity` | Affinity for the statefulset | `{}` | | `statefulset.affinity` | Affinity for the statefulset | `{}` |
| `statefulset.extraVolumes` | Extra volumes for the statefulset | `[]` | | `statefulset.extraVolumes` | Extra volumes for the statefulset | `[]` |
| `statefulset.persistence.size` | Size for persistence to store act runner data | `1Gi` |
| `statefulset.securityContext` | Customize the SecurityContext | `{}` |
| `statefulset.serviceAccountName` | Customize the service account name | `""` |
| `statefulset.runtimeClassName` | Select a different RuntimeClass for pods | `""` |
| `statefulset.hostAliases` | Inject entries into the /etc/hosts file | `[]` |
| `statefulset.persistence.size` | Size for persistence to store act runner data | `1Gi` |
| `statefulset.actRunner.registry` | image registry, e.g. gcr.io,docker.io | `docker.gitea.com` | | `statefulset.actRunner.registry` | image registry, e.g. gcr.io,docker.io | `docker.gitea.com` |
| `statefulset.actRunner.repository` | The Gitea act runner image | `act_runner` | | `statefulset.actRunner.repository` | The Gitea act runner image | `act_runner` |
| `statefulset.actRunner.tag` | The Gitea act runner tag | `0.3.1` | | `statefulset.actRunner.tag` | The Gitea act runner tag | `0.2.13` |
| `statefulset.actRunner.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | | `statefulset.actRunner.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` |
| `statefulset.actRunner.pullPolicy` | The Gitea act runner pullPolicy | `IfNotPresent` | | `statefulset.actRunner.pullPolicy` | The Gitea act runner pullPolicy | `IfNotPresent` |
| `statefulset.actRunner.fullOverride` | Completely overrides the image registry, path/image, tag and digest. | `""` | | `statefulset.actRunner.fullOverride` | Completely overrides the image registry, path/image, tag and digest. | `""` |
| `statefulset.actRunner.extraVolumeMounts` | Allows mounting extra volumes in the act runner container | `[]` | | `statefulset.actRunner.extraVolumeMounts` | Allows mounting extra volumes in the act runner container | `[]` |
| `statefulset.actRunner.extraEnvs` | Allows adding custom environment variables | `[]` |
| `statefulset.actRunner.flushCache` | whether to clear the .runner (cache) file by creating an extra init container, can slightly increase boot-up time | `false` |
| `statefulset.actRunner.config` | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` | | `statefulset.actRunner.config` | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` |
| `statefulset.dind.rootless` | a simple flag to let helm know we are dealing with a rootless dind container | `false` | | `statefulset.dind.registry` | image registry, e.g. gcr.io,docker.io | `""` |
| `statefulset.dind.uid` | a field to set the running user id for the rootless dind container, so it knows where to look for the socket | `""` | | `statefulset.actRunner.extraEnvs` | Allows adding custom environment variables | `[]` |
| `statefulset.dind.registry` | image registry, e.g. gcr.io,docker.io | `docker.io` |
| `statefulset.dind.repository` | The Docker-in-Docker image | `docker` | | `statefulset.dind.repository` | The Docker-in-Docker image | `docker` |
| `statefulset.dind.tag` | The Docker-in-Docker image tag | `29.4.0-dind` | | `statefulset.dind.tag` | The Docker-in-Docker image tag | `28.3.3-dind` |
| `statefulset.dind.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | | `statefulset.dind.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` |
| `statefulset.dind.fullOverride` | Completely overrides the image registry, path/image, tag and digest. | `""` | | `statefulset.dind.fullOverride` | Completely overrides the image registry, path/image, tag and digest. | `""` |
| `statefulset.dind.pullPolicy` | The Docker-in-Docker pullPolicy | `IfNotPresent` | | `statefulset.dind.pullPolicy` | The Docker-in-Docker pullPolicy | `IfNotPresent` |
| `statefulset.dind.extraVolumeMounts` | Allows mounting extra volumes in the Docker-in-Docker container | `[]` | | `statefulset.dind.extraVolumeMounts` | Allows mounting extra volumes in the Docker-in-Docker container | `[]` |
| `statefulset.dind.extraEnvs` | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY` | `[]` | | `statefulset.dind.extraEnvs` | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY` | `[]` |
| `statefulset.dind.extraArgs` | Allows adding custom arguments to the Docker Daemon | `[]` | | `statefulset.persistence.size` | Size for persistence to store act runner data | `1Gi` |
| `statefulset.securityContext` | Customize the SecurityContext | `{}` |
| `existingSecret` | Secret that contains the token | `""` |
| `existingSecretKey` | Secret key | `""` |
| `giteaRootURL` | URL the act_runner registers and connect with | `""` |
### Gitea Actions Init ### Gitea Actions Init
@ -106,30 +91,9 @@ If `.Values.statefulset.dind.rootless: true` is set, then the following will be
| `init.image.pullPolicy` | The init image pullPolicy | `IfNotPresent` | | `init.image.pullPolicy` | The init image pullPolicy | `IfNotPresent` |
| `init.image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. | `""` | | `init.image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. | `""` |
### Runner Token Secret Configuration
| Name | Description | Value |
| ------------------- | ------------------------------ | ----- |
| `existingSecret` | Secret that contains the token | `""` |
| `existingSecretKey` | Secret key | `""` |
### Gitea URL Setting
| Name | Description | Value |
| -------------- | --------------------------------------------- | ----- |
| `giteaRootURL` | URL the act_runner registers and connect with | `""` |
### Extra Init Containers
| Name | Description | Value |
| ------------------------- | ----------------------------------------------------------------------------------------------- | ----- |
| `preExtraInitContainers` | Additional init containers to run in the pod before Gitea-actions runs it owns init containers. | `[]` |
| `postExtraInitContainers` | Additional init containers to run in the pod after Gitea-actions runs it owns init containers. | `[]` |
### Global ### Global
| Name | Description | Value | | Name | Description | Value |
| ------------------------- | ---------------------------------- | ----- | | ---------------------- | ------------------------------ | ----- |
| `global.imageRegistry` | global image registry override | `""` | | `global.imageRegistry` | global image registry override | `""` |
| `global.imagePullSecrets` | global image registry pull secrets | `[]` | | `global.storageClass` | global storage class override | `""` |
| `global.storageClass` | global storage class override | `""` |

2
docs/actions-dev.md
View File

@ -26,6 +26,8 @@ In this case, you can use either the Web UI to generate the token or run a shell
the command `gitea actions generate-runner-token`. After generating the token, you must create a secret and use it via: the command `gitea actions generate-runner-token`. After generating the token, you must create a secret and use it via:
```yaml ```yaml
provisioning:
enabled: false
existingSecret: "secret-name" existingSecret: "secret-name"
existingSecretKey: "secret-key" existingSecretKey: "secret-key"
``` ```

14
docs/share-dind-with-job-container.md
View File

@ -4,19 +4,25 @@ You can weaken isolation and allow jobs to call docker commands.
## Limitations ## Limitations
- - Docker bind mounts like `-v /path/on/self/container:/path/to/new/container` do not work, because they are going to mount the path from the dind container
- Docker port expose to local host `-e 80:8080` is not going to work
## Example Values ## Example Values
```yaml ```yaml
enabled: true
statefulset:
actRunner:
# See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
config: | config: |
log: log:
level: debug level: debug
cache: cache:
enabled: false enabled: false
container: container:
require_docker: true valid_volumes:
docker_timeout: 300s - /var/run/docker.sock
options: -v /var/run/docker.sock:/var/run/docker.sock
## Specify an existing token secret ## Specify an existing token secret
## ##
@ -27,4 +33,4 @@ existingSecretKey: "token"
giteaRootURL: "http://192.168.1.2:3000" giteaRootURL: "http://192.168.1.2:3000"
``` ```
Now you can run docker commands inside your jobs. Now you can run docker commands inside your jobs.

2
package.json
View File

@ -14,6 +14,6 @@
}, },
"devDependencies": { "devDependencies": {
"@bitnami/readme-generator-for-helm": "^2.7.0", "@bitnami/readme-generator-for-helm": "^2.7.0",
"markdownlint-cli": "^0.48.0" "markdownlint-cli": "^0.47.0"
} }
} }

152
pnpm-lock.yaml generated
View File

@ -12,8 +12,8 @@ importers:
specifier: ^2.7.0 specifier: ^2.7.0
version: 2.7.2 version: 2.7.2
markdownlint-cli: markdownlint-cli:
specifier: ^0.48.0 specifier: ^0.47.0
version: 0.48.0 version: 0.47.0
packages: packages:
@ -21,8 +21,16 @@ packages:
resolution: {integrity: sha512-7eXyJzxQTQj2ajpHlIhadciCCYWOqN8ieaweU25bStHOZowQ2c2CQyjO/bX4gxIf73LoRKxHhEYgLTllJY9SIw==} resolution: {integrity: sha512-7eXyJzxQTQj2ajpHlIhadciCCYWOqN8ieaweU25bStHOZowQ2c2CQyjO/bX4gxIf73LoRKxHhEYgLTllJY9SIw==}
hasBin: true hasBin: true
'@types/debug@4.1.13': '@isaacs/balanced-match@4.0.1':
resolution: {integrity: sha512-KSVgmQmzMwPlmtljOomayoR89W4FynCAi3E8PPs7vmDVPe84hT+vGPKkJfThkmXs0x0jAaa9U8uW8bbfyS2fWw==} resolution: {integrity: sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==}
engines: {node: 20 || >=22}
'@isaacs/brace-expansion@5.0.1':
resolution: {integrity: sha512-WMz71T1JS624nWj2n2fnYAuPovhv7EUhk69R6i9dsVyzxt5eM3bjwvgk9L+APE1TRscGysAVMANkB0jh0LQZrQ==}
engines: {node: 20 || >=22}
'@types/debug@4.1.12':
resolution: {integrity: sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==}
'@types/katex@0.16.8': '@types/katex@0.16.8':
resolution: {integrity: sha512-trgaNyfU+Xh2Tc+ABIb44a5AYUpicB3uwirOioeOkNPPbmgRNtcWyDeeFRzjPZENO9Vq8gvVqfhaaXWLlevVwg==} resolution: {integrity: sha512-trgaNyfU+Xh2Tc+ABIb44a5AYUpicB3uwirOioeOkNPPbmgRNtcWyDeeFRzjPZENO9Vq8gvVqfhaaXWLlevVwg==}
@ -43,16 +51,8 @@ packages:
balanced-match@1.0.2: balanced-match@1.0.2:
resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==} resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==}
balanced-match@4.0.4: brace-expansion@1.1.12:
resolution: {integrity: sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==} resolution: {integrity: sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==}
engines: {node: 18 || 20 || >=22}
brace-expansion@1.1.13:
resolution: {integrity: sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==}
brace-expansion@5.0.5:
resolution: {integrity: sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==}
engines: {node: 18 || 20 || >=22}
character-entities-legacy@3.0.0: character-entities-legacy@3.0.0:
resolution: {integrity: sha512-RpPp0asT/6ufRm//AJVwpViZbGM/MkjQFxJccQRHmISF/22NBtsHqAWmL+/pmkPWoIUJdWyeVleTl1wydHATVQ==} resolution: {integrity: sha512-RpPp0asT/6ufRm//AJVwpViZbGM/MkjQFxJccQRHmISF/22NBtsHqAWmL+/pmkPWoIUJdWyeVleTl1wydHATVQ==}
@ -125,8 +125,8 @@ packages:
fs.realpath@1.0.0: fs.realpath@1.0.0:
resolution: {integrity: sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==} resolution: {integrity: sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==}
get-east-asian-width@1.5.0: get-east-asian-width@1.4.0:
resolution: {integrity: sha512-CQ+bEO+Tva/qlmw24dCejulK5pMzVnUOFOijVogd3KQs07HnRIgp8TGipvCCRT06xeYEbpbgwaCxglFyiuIcmA==} resolution: {integrity: sha512-QZjmEOC+IT1uk6Rx0sX22V6uHWVwbdbxf1faPqJ1QhLdGgsRGCZoyaQBm/piRdJy/D2um6hM1UP7ZEeQ4EkP+Q==}
engines: {node: '>=18'} engines: {node: '>=18'}
glob@7.2.3: glob@7.2.3:
@ -171,25 +171,25 @@ packages:
resolution: {integrity: sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==} resolution: {integrity: sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==}
engines: {node: '>=0.10.0'} engines: {node: '>=0.10.0'}
katex@0.16.45: katex@0.16.28:
resolution: {integrity: sha512-pQpZbdBu7wCTmQUh7ufPmLr0pFoObnGUoL/yhtwJDgmmQpbkg/0HSVti25Fu4rmd1oCR6NGWe9vqTWuWv3GcNA==} resolution: {integrity: sha512-YHzO7721WbmAL6Ov1uzN/l5mY5WWWhJBSW+jq4tkfZfsxmo1hu6frS0EOswvjBUnWE6NtjEs48SFn5CQESRLZg==}
hasBin: true hasBin: true
linkify-it@5.0.0: linkify-it@5.0.0:
resolution: {integrity: sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==} resolution: {integrity: sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==}
lodash@4.18.1: lodash@4.17.23:
resolution: {integrity: sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==} resolution: {integrity: sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==}
markdown-it@14.1.1: markdown-it@14.1.0:
resolution: {integrity: sha512-BuU2qnTti9YKgK5N+IeMubp14ZUKUUw7yeJbkjtosvHiP0AZ5c8IAgEMk79D0eC8F23r4Ac/q8cAIFdm2FtyoA==} resolution: {integrity: sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==}
hasBin: true hasBin: true
markdown-table@2.0.0: markdown-table@2.0.0:
resolution: {integrity: sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==} resolution: {integrity: sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==}
markdownlint-cli@0.48.0: markdownlint-cli@0.47.0:
resolution: {integrity: sha512-NkZQNu2E0Q5qLEEHwWj674eYISTLD4jMHkBzDobujXd1kv+yCxi8jOaD/rZoQNW1FBBMMGQpuW5So8B51N/e0A==} resolution: {integrity: sha512-HOcxeKFAdDoldvoYDofd85vI8LgNWy8vmYpCwnlLV46PJcodmGzD7COSSBlhHwsfT4o9KrAStGodImVBus31Bg==}
engines: {node: '>=20'} engines: {node: '>=20'}
hasBin: true hasBin: true
@ -275,12 +275,12 @@ packages:
micromark@4.0.2: micromark@4.0.2:
resolution: {integrity: sha512-zpe98Q6kvavpCr1NPVSCMebCKfD7CA2NqZ+rykeNhONIJBpc1tFKt9hucLGwha3jNTNI8lHpctWJWoimVF4PfA==} resolution: {integrity: sha512-zpe98Q6kvavpCr1NPVSCMebCKfD7CA2NqZ+rykeNhONIJBpc1tFKt9hucLGwha3jNTNI8lHpctWJWoimVF4PfA==}
minimatch@10.2.5: minimatch@10.1.2:
resolution: {integrity: sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==} resolution: {integrity: sha512-fu656aJ0n2kcXwsnwnv9g24tkU5uSmOlTjd6WyyaKm2Z+h1qmY6bAjrcaIxF/BslFqbZ8UBtbJi7KgQOZD2PTw==}
engines: {node: 18 || 20 || >=22} engines: {node: 20 || >=22}
minimatch@3.1.5: minimatch@3.1.2:
resolution: {integrity: sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==} resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==}
minimist@1.2.8: minimist@1.2.8:
resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==} resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==}
@ -298,8 +298,8 @@ packages:
resolution: {integrity: sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==} resolution: {integrity: sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==}
engines: {node: '>=0.10.0'} engines: {node: '>=0.10.0'}
picomatch@4.0.4: picomatch@4.0.3:
resolution: {integrity: sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==} resolution: {integrity: sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==}
engines: {node: '>=12'} engines: {node: '>=12'}
punycode.js@2.3.1: punycode.js@2.3.1:
@ -314,24 +314,24 @@ packages:
resolution: {integrity: sha512-CcfE+mYiTcKEzg0IqS08+efdnH0oJ3zV0wSUFBNrMHMuxCtXvBCLzCJHatwuXDcu/RlhjTziTo/a1ruQik6/Yg==} resolution: {integrity: sha512-CcfE+mYiTcKEzg0IqS08+efdnH0oJ3zV0wSUFBNrMHMuxCtXvBCLzCJHatwuXDcu/RlhjTziTo/a1ruQik6/Yg==}
hasBin: true hasBin: true
smol-toml@1.6.1: smol-toml@1.5.2:
resolution: {integrity: sha512-dWUG8F5sIIARXih1DTaQAX4SsiTXhInKf1buxdY9DIg4ZYPZK5nGM1VRIYmEbDbsHt7USo99xSLFu5Q1IqTmsg==} resolution: {integrity: sha512-QlaZEqcAH3/RtNyet1IPIYPsEWAaYyXXv1Krsi+1L/QHppjX4Ifm8MQsBISz9vE8cHicIq3clogsheili5vhaQ==}
engines: {node: '>= 18'} engines: {node: '>= 18'}
string-width@8.1.0: string-width@8.1.0:
resolution: {integrity: sha512-Kxl3KJGb/gxkaUMOjRsQ8IrXiGW75O4E3RPjFIINOVH8AMl2SQ/yWdTzWwF3FevIX9LcMAjJW+GRwAlAbTSXdg==} resolution: {integrity: sha512-Kxl3KJGb/gxkaUMOjRsQ8IrXiGW75O4E3RPjFIINOVH8AMl2SQ/yWdTzWwF3FevIX9LcMAjJW+GRwAlAbTSXdg==}
engines: {node: '>=20'} engines: {node: '>=20'}
strip-ansi@7.2.0: strip-ansi@7.1.2:
resolution: {integrity: sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==} resolution: {integrity: sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==}
engines: {node: '>=12'} engines: {node: '>=12'}
strip-json-comments@3.1.1: strip-json-comments@3.1.1:
resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==} resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==}
engines: {node: '>=8'} engines: {node: '>=8'}
tinyglobby@0.2.16: tinyglobby@0.2.15:
resolution: {integrity: sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==} resolution: {integrity: sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==}
engines: {node: '>=12.0.0'} engines: {node: '>=12.0.0'}
uc.micro@2.1.0: uc.micro@2.1.0:
@ -340,8 +340,8 @@ packages:
wrappy@1.0.2: wrappy@1.0.2:
resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==} resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==}
yaml@2.8.3: yaml@2.8.2:
resolution: {integrity: sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==} resolution: {integrity: sha512-mplynKqc1C2hTVYxd0PU2xQAc22TI1vShAYGksCCfxbn/dFwnHTNi1bvYsBTkhdUNtGIf5xNOg938rrSSYvS9A==}
engines: {node: '>= 14.6'} engines: {node: '>= 14.6'}
hasBin: true hasBin: true
@ -351,11 +351,17 @@ snapshots:
dependencies: dependencies:
commander: 13.1.0 commander: 13.1.0
dot-object: 2.1.5 dot-object: 2.1.5
lodash: 4.18.1 lodash: 4.17.23
markdown-table: 2.0.0 markdown-table: 2.0.0
yaml: 2.8.3 yaml: 2.8.2
'@types/debug@4.1.13': '@isaacs/balanced-match@4.0.1': {}
'@isaacs/brace-expansion@5.0.1':
dependencies:
'@isaacs/balanced-match': 4.0.1
'@types/debug@4.1.12':
dependencies: dependencies:
'@types/ms': 2.1.0 '@types/ms': 2.1.0
@ -371,17 +377,11 @@ snapshots:
balanced-match@1.0.2: {} balanced-match@1.0.2: {}
balanced-match@4.0.4: {} brace-expansion@1.1.12:
brace-expansion@1.1.13:
dependencies: dependencies:
balanced-match: 1.0.2 balanced-match: 1.0.2
concat-map: 0.0.1 concat-map: 0.0.1
brace-expansion@5.0.5:
dependencies:
balanced-match: 4.0.4
character-entities-legacy@3.0.0: {} character-entities-legacy@3.0.0: {}
character-entities@2.0.2: {} character-entities@2.0.2: {}
@ -421,20 +421,20 @@ snapshots:
entities@4.5.0: {} entities@4.5.0: {}
fdir@6.5.0(picomatch@4.0.4): fdir@6.5.0(picomatch@4.0.3):
optionalDependencies: optionalDependencies:
picomatch: 4.0.4 picomatch: 4.0.3
fs.realpath@1.0.0: {} fs.realpath@1.0.0: {}
get-east-asian-width@1.5.0: {} get-east-asian-width@1.4.0: {}
glob@7.2.3: glob@7.2.3:
dependencies: dependencies:
fs.realpath: 1.0.0 fs.realpath: 1.0.0
inflight: 1.0.6 inflight: 1.0.6
inherits: 2.0.4 inherits: 2.0.4
minimatch: 3.1.5 minimatch: 3.1.2
once: 1.4.0 once: 1.4.0
path-is-absolute: 1.0.1 path-is-absolute: 1.0.1
@ -468,7 +468,7 @@ snapshots:
jsonpointer@5.0.1: {} jsonpointer@5.0.1: {}
katex@0.16.45: katex@0.16.28:
dependencies: dependencies:
commander: 8.3.0 commander: 8.3.0
@ -476,9 +476,9 @@ snapshots:
dependencies: dependencies:
uc.micro: 2.1.0 uc.micro: 2.1.0
lodash@4.18.1: {} lodash@4.17.23: {}
markdown-it@14.1.1: markdown-it@14.1.0:
dependencies: dependencies:
argparse: 2.0.1 argparse: 2.0.1
entities: 4.5.0 entities: 4.5.0
@ -491,7 +491,7 @@ snapshots:
dependencies: dependencies:
repeat-string: 1.6.1 repeat-string: 1.6.1
markdownlint-cli@0.48.0: markdownlint-cli@0.47.0:
dependencies: dependencies:
commander: 14.0.3 commander: 14.0.3
deep-extend: 0.6.0 deep-extend: 0.6.0
@ -499,12 +499,12 @@ snapshots:
js-yaml: 4.1.1 js-yaml: 4.1.1
jsonc-parser: 3.3.1 jsonc-parser: 3.3.1
jsonpointer: 5.0.1 jsonpointer: 5.0.1
markdown-it: 14.1.1 markdown-it: 14.1.0
markdownlint: 0.40.0 markdownlint: 0.40.0
minimatch: 10.2.5 minimatch: 10.1.2
run-con: 1.3.2 run-con: 1.3.2
smol-toml: 1.6.1 smol-toml: 1.5.2
tinyglobby: 0.2.16 tinyglobby: 0.2.15
transitivePeerDependencies: transitivePeerDependencies:
- supports-color - supports-color
@ -583,7 +583,7 @@ snapshots:
dependencies: dependencies:
'@types/katex': 0.16.8 '@types/katex': 0.16.8
devlop: 1.1.0 devlop: 1.1.0
katex: 0.16.45 katex: 0.16.28
micromark-factory-space: 2.0.1 micromark-factory-space: 2.0.1
micromark-util-character: 2.1.1 micromark-util-character: 2.1.1
micromark-util-symbol: 2.0.1 micromark-util-symbol: 2.0.1
@ -676,7 +676,7 @@ snapshots:
micromark@4.0.2: micromark@4.0.2:
dependencies: dependencies:
'@types/debug': 4.1.13 '@types/debug': 4.1.12
debug: 4.4.3 debug: 4.4.3
decode-named-character-reference: 1.3.0 decode-named-character-reference: 1.3.0
devlop: 1.1.0 devlop: 1.1.0
@ -696,13 +696,13 @@ snapshots:
transitivePeerDependencies: transitivePeerDependencies:
- supports-color - supports-color
minimatch@10.2.5: minimatch@10.1.2:
dependencies: dependencies:
brace-expansion: 5.0.5 '@isaacs/brace-expansion': 5.0.1
minimatch@3.1.5: minimatch@3.1.2:
dependencies: dependencies:
brace-expansion: 1.1.13 brace-expansion: 1.1.12
minimist@1.2.8: {} minimist@1.2.8: {}
@ -724,7 +724,7 @@ snapshots:
path-is-absolute@1.0.1: {} path-is-absolute@1.0.1: {}
picomatch@4.0.4: {} picomatch@4.0.3: {}
punycode.js@2.3.1: {} punycode.js@2.3.1: {}
@ -737,26 +737,26 @@ snapshots:
minimist: 1.2.8 minimist: 1.2.8
strip-json-comments: 3.1.1 strip-json-comments: 3.1.1
smol-toml@1.6.1: {} smol-toml@1.5.2: {}
string-width@8.1.0: string-width@8.1.0:
dependencies: dependencies:
get-east-asian-width: 1.5.0 get-east-asian-width: 1.4.0
strip-ansi: 7.2.0 strip-ansi: 7.1.2
strip-ansi@7.2.0: strip-ansi@7.1.2:
dependencies: dependencies:
ansi-regex: 6.2.2 ansi-regex: 6.2.2
strip-json-comments@3.1.1: {} strip-json-comments@3.1.1: {}
tinyglobby@0.2.16: tinyglobby@0.2.15:
dependencies: dependencies:
fdir: 6.5.0(picomatch@4.0.4) fdir: 6.5.0(picomatch@4.0.3)
picomatch: 4.0.4 picomatch: 4.0.3
uc.micro@2.1.0: {} uc.micro@2.1.0: {}
wrappy@1.0.2: {} wrappy@1.0.2: {}
yaml@2.8.3: {} yaml@2.8.2: {}

20
templates/_helpers.tpl
View File

@ -14,14 +14,14 @@ If release name contains chart name it will be used as a full name.
*/}} */}}
{{- define "gitea.actions.fullname" -}} {{- define "gitea.actions.fullname" -}}
{{- if .Values.fullnameOverride -}} {{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}} {{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}} {{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}} {{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}} {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}} {{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
@ -36,7 +36,7 @@ Create a default worker name.
Create chart name and version as used by the chart label. Create chart name and version as used by the chart label.
*/}} */}}
{{- define "gitea.actions.chart" -}} {{- define "gitea.actions.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}} {{- end -}}
{{/* {{/*
@ -45,7 +45,7 @@ Storage Class
{{- define "gitea.actions.persistence.storageClass" -}} {{- define "gitea.actions.persistence.storageClass" -}}
{{- $storageClass := default (tpl ( default "" .Values.global.storageClass) .) }} {{- $storageClass := default (tpl ( default "" .Values.global.storageClass) .) }}
{{- if $storageClass }} {{- if $storageClass }}
storageClassName: {{ $storageClass | quote }} storageClassName: {{ $storageClass | quote }}
{{- end }} {{- end }}
{{- end -}} {{- end -}}
@ -128,4 +128,4 @@ Create image for Init
*/}} */}}
{{- define "gitea.actions.init.image" -}} {{- define "gitea.actions.init.image" -}}
{{ include "gitea.actions.common.image" (dict "root" . "image" .Values.init.image) }} {{ include "gitea.actions.common.image" (dict "root" . "image" .Values.init.image) }}
{{- end -}} {{- end -}}

4
templates/config-act-runner.yaml
View File

@ -11,9 +11,9 @@ data:
config.yaml: | config.yaml: |
{{- with .Values.statefulset.actRunner.config -}} {{- with .Values.statefulset.actRunner.config -}}
{{- if kindIs "string" . -}} {{- if kindIs "string" . -}}
{{ . | nindent 4}} {{ . | nindent 4}}
{{- else -}} {{- else -}}
{{ toYaml . | nindent 4}} {{ toYaml . | nindent 4}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- end }} {{- end }}

68
templates/statefulset.yaml
View File

@ -30,42 +30,9 @@ spec:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
spec: spec:
restartPolicy: Always
{{- if .Values.statefulset.serviceAccountName }}
serviceAccountName: {{ .Values.statefulset.serviceAccountName | quote }}
{{- end }}
{{- if .Values.statefulset.securityContext }}
securityContext: securityContext:
{{- toYaml .Values.statefulset.securityContext | nindent 8 }} {{- toYaml .Values.statefulset.securityContext | nindent 8 }}
{{- end }}
{{- if .Values.statefulset.runtimeClassName }}
runtimeClassName: {{ .Values.statefulset.runtimeClassName | quote }}
{{- end }}
{{- if .Values.statefulset.hostAliases }}
hostAliases:
{{- toYaml .Values.statefulset.hostAliases | nindent 8 }}
{{- end }}
initContainers: initContainers:
{{- if .Values.preExtraInitContainers }}
{{- toYaml .Values.preExtraInitContainers | nindent 8 }}
{{- end }}
{{- if .Values.statefulset.actRunner.flushCache }}
- name: cache-flusher
image: "{{ include "gitea.actions.init.image" . }}"
command:
- sh
- -c
- |
if [[ -f /data/.runner ]]; then
echo "Removing cache at /data/.runner"
rm -v /data/.runner
else
echo "No .runner file to remove"
fi
volumeMounts:
- mountPath: /data
name: data-act-runner
{{- end }}
- name: init-gitea - name: init-gitea
image: "{{ include "gitea.actions.init.image" . }}" image: "{{ include "gitea.actions.init.image" . }}"
command: command:
@ -80,53 +47,34 @@ spec:
echo "Gitea has been reached!" echo "Gitea has been reached!"
- name: dind - name: dind
image: "{{ include "gitea.actions.dind.image" . }}" image: "{{ include "gitea.actions.dind.image" . }}"
restartPolicy: Always
imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }} imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }}
{{- if .Values.statefulset.dind.extraEnvs }} {{- if .Values.statefulset.dind.extraEnvs }}
env: env:
{{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }} {{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
{{- end }} {{- end }}
restartPolicy: Always
securityContext: securityContext:
privileged: true privileged: true
{{- if .Values.statefulset.dind.extraArgs }}
args:
{{- toYaml .Values.statefulset.dind.extraArgs | nindent 12 }}
{{- end }}
startupProbe: startupProbe:
exec: exec:
command: command:
- /usr/bin/test - /usr/bin/test
- -S - -S
{{- if .Values.statefulset.dind.rootless }}
- /run/user/{{ .Values.statefulset.dind.uid | default 1000 }}/docker.sock
{{- else }}
- /var/run/docker.sock - /var/run/docker.sock
{{- end }}
livenessProbe: livenessProbe:
exec: exec:
command: command:
- /usr/bin/test - /usr/bin/test
- -S - -S
{{- if .Values.statefulset.dind.rootless }}
- /run/user/{{ .Values.statefulset.dind.uid | default 1000 }}/docker.sock
{{- else }}
- /var/run/docker.sock - /var/run/docker.sock
{{- end }}
resources: resources:
{{- toYaml .Values.statefulset.resources | nindent 12 }} {{- toYaml .Values.statefulset.resources | nindent 12 }}
volumeMounts: volumeMounts:
{{- if .Values.statefulset.dind.rootless }}
- mountPath: /run/user/{{ .Values.statefulset.dind.uid | default 1000 }}/
{{- else }}
- mountPath: /var/run/ - mountPath: /var/run/
{{- end }}
name: docker-socket name: docker-socket
{{- with .Values.statefulset.dind.extraVolumeMounts }} {{- with .Values.statefulset.dind.extraVolumeMounts }}
{{- toYaml . | nindent 12 }} {{- toYaml . | nindent 12 }}
{{- end }} {{- end }}
{{- if .Values.postExtraInitContainers }}
{{- toYaml .Values.postExtraInitContainers | nindent 8 }}
{{- end }}
containers: containers:
- name: act-runner - name: act-runner
image: "{{ include "gitea.actions.actRunner.image" . }}" image: "{{ include "gitea.actions.actRunner.image" . }}"
@ -136,8 +84,8 @@ spec:
- name: GITEA_RUNNER_REGISTRATION_TOKEN - name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: "{{ (tpl .Values.existingSecret . ) | default $secretName }}" name: "{{ .Values.existingSecret | default $secretName }}"
key: "{{ (tpl .Values.existingSecretKey . ) | default "token" }}" key: "{{ .Values.existingSecretKey | default "token" }}"
- name: GITEA_INSTANCE_URL - name: GITEA_INSTANCE_URL
value: {{ include "gitea.actions.local_root_url" . }} value: {{ include "gitea.actions.local_root_url" . }}
- name: CONFIG_FILE - name: CONFIG_FILE
@ -161,12 +109,6 @@ spec:
{{- with .Values.statefulset.actRunner.extraVolumeMounts }} {{- with .Values.statefulset.actRunner.extraVolumeMounts }}
{{- toYaml . | nindent 12 }} {{- toYaml . | nindent 12 }}
{{- end }} {{- end }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.statefulset.nodeSelector }} {{- range $key, $value := .Values.statefulset.nodeSelector }}
nodeSelector: nodeSelector:
{{ $key }}: {{ $value | quote }} {{ $key }}: {{ $value | quote }}
@ -193,9 +135,7 @@ spec:
name: data-act-runner name: data-act-runner
spec: spec:
accessModes: [ "ReadWriteOnce" ] accessModes: [ "ReadWriteOnce" ]
{{- if .Values.global.storageClass }} {{- include "gitea.actions.persistence.storageClass" . | nindent 8 }}
{{- include "gitea.actions.persistence.storageClass" . | indent 8 }}
{{- end }}
resources: resources:
requests: requests:
storage: {{ .Values.statefulset.persistence.size }} storage: {{ .Values.statefulset.persistence.size }}

2
unittests/helm/01-consistency-checks.yaml
View File

@ -1,6 +1,6 @@
suite: actions template | consistency checks suite: actions template | consistency checks
release: release:
name: gitea-actions-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/01-consistency-checks.yaml - templates/01-consistency-checks.yaml

8
unittests/helm/config-act-runner.yaml
View File

@ -1,7 +1,7 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
suite: actions template | config-act-runner suite: actions template | config-act-runner
release: release:
name: gitea-actions-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/config-act-runner.yaml - templates/config-act-runner.yaml
@ -31,7 +31,7 @@ tests:
- containsDocument: - containsDocument:
kind: ConfigMap kind: ConfigMap
apiVersion: v1 apiVersion: v1
name: gitea-actions-unittests-act-runner-config name: gitea-unittests-actions-act-runner-config
- equal: - equal:
path: data["config.yaml"] path: data["config.yaml"]
value: | value: |
@ -48,7 +48,7 @@ tests:
enabled: true enabled: true
statefulset: statefulset:
actRunner: actRunner:
config: | config:
container: container:
valid_volumes: valid_volumes:
- /var/run/docker.sock - /var/run/docker.sock
@ -59,7 +59,7 @@ tests:
- containsDocument: - containsDocument:
kind: ConfigMap kind: ConfigMap
apiVersion: v1 apiVersion: v1
name: gitea-actions-unittests-act-runner-config name: gitea-unittests-actions-act-runner-config
- matchRegex: - matchRegex:
path: data["config.yaml"] path: data["config.yaml"]
pattern: '(?m)^\s*options:\s*-v /var/run/docker.sock:/var/run/docker.sock\s*$' pattern: '(?m)^\s*options:\s*-v /var/run/docker.sock:/var/run/docker.sock\s*$'

630
unittests/helm/statefulset.yaml
View File

@ -1,225 +1,17 @@
suite: actions template | statefulset suite: actions template | statefulset
release: release:
name: gitea-actions-unittests name: gitea-unittests
namespace: testing namespace: testing
templates: templates:
- templates/statefulset.yaml - templates/statefulset.yaml
- templates/config-act-runner.yaml - templates/config-act-runner.yaml
tests: tests:
# - it: act-runner uses fullOverride
## GENERIC
#
- it: doesn't renders a StatefulSet by default
template: templates/statefulset.yaml
asserts:
- hasDocuments:
count: 0
- it: renders a StatefulSet (that tracks changes of the runner configuration as annotation)
template: templates/statefulset.yaml
set:
image.tag: "1.22.3" # lock image tag to prevent test failures on future Gitea upgrades
enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-act-runner
- equal:
path: spec.template.metadata.annotations["checksum/config"]
value: "368836e4e5d947f06f2d65c7cc3fc3ad050aaced506443f54a8ffc17bb11afd2"
- it: Has fsGroup in securityContext
template: templates/statefulset.yaml
set:
enabled: true
statefulset.securityContext:
fsGroup: 1000
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-act-runner
- equal:
path: spec.template.spec.securityContext["fsGroup"]
value: 1000
- it: Has fsGroupChangePolicy in securityContext
template: templates/statefulset.yaml
set:
enabled: true
statefulset.securityContext:
fsGroupChangePolicy: OnRootMismatch
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-act-runner
- equal:
path: spec.template.spec.securityContext["fsGroupChangePolicy"]
value: "OnRootMismatch"
- it: Has Always in securityContext
template: templates/statefulset.yaml
set:
enabled: true
statefulset.securityContext:
fsGroupChangePolicy: Always
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-act-runner
- equal:
path: spec.template.spec.securityContext["fsGroupChangePolicy"]
value: "Always"
- it: renders a StatefulSet (with given existingSecret/existingSecretKey)
template: templates/statefulset.yaml template: templates/statefulset.yaml
set: set:
enabled: true enabled: true
existingSecret: "my-secret" existingSecret: "my-secret"
existingSecretKey: "my-secret-key" existingSecretKey: "my-secret-key"
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-act-runner
- equal:
path: spec.template.spec.containers[0].env[0]
value:
name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: "my-secret"
key: "my-secret-key"
- it: renders a StatefulSet http (with correct GITEA_INSTANCE_URL env from giteaRootURL)
template: templates/statefulset.yaml
set:
giteaRootURL: "http://git.example.com"
enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-act-runner
- equal:
path: spec.template.spec.containers[0].env[1]
value:
name: GITEA_INSTANCE_URL
value: "http://git.example.com"
- equal:
path: spec.template.spec.initContainers[0].command[2]
value: |
echo 'Trying to reach Gitea on http://git.example.com'
until timeout 10 wget --no-check-certificate --spider http://git.example.com; do
sleep 3
echo "Trying again in 3 seconds..."
done
echo "Gitea has been reached!"
- it: renders a StatefulSet https (with correct GITEA_INSTANCE_URL env from giteaRootURL)
template: templates/statefulset.yaml
set:
giteaRootURL: "https://git.example.com"
enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-act-runner
- equal:
path: spec.template.spec.containers[0].env[1]
value:
name: GITEA_INSTANCE_URL
value: "https://git.example.com"
- equal:
path: spec.template.spec.initContainers[0].command[2]
value: |
echo 'Trying to reach Gitea on https://git.example.com'
until timeout 10 wget --no-check-certificate --spider https://git.example.com; do
sleep 3
echo "Trying again in 3 seconds..."
done
echo "Gitea has been reached!"
- it: renders a StatefulSet https with explicit port (with correct GITEA_INSTANCE_URL env from giteaRootURL)
template: templates/statefulset.yaml
set:
giteaRootURL: "https://git.example.com:8443"
enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-act-runner
- equal:
path: spec.template.spec.containers[0].env[1]
value:
name: GITEA_INSTANCE_URL
value: "https://git.example.com:8443"
- equal:
path: spec.template.spec.initContainers[0].command[2]
value: |
echo 'Trying to reach Gitea on https://git.example.com:8443'
until timeout 10 wget --no-check-certificate --spider https://git.example.com:8443; do
sleep 3
echo "Trying again in 3 seconds..."
done
echo "Gitea has been reached!"
- it: should render service account name correctly
template: templates/statefulset.yaml
set:
enabled: true
statefulset:
serviceAccountName: "my-service-account"
asserts:
- hasDocuments:
count: 1
- equal:
path: spec.template.spec.serviceAccountName
value: "my-service-account"
- it: should render runtime class name correctly
template: templates/statefulset.yaml
set:
enabled: true
statefulset:
runtimeClassName: "my-runtime-class-name"
asserts:
- hasDocuments:
count: 1
- equal:
path: spec.template.spec.runtimeClassName
value: "my-runtime-class-name"
#
## ACT_RUNNER
#
- it: act-runner uses fullOverride
template: templates/statefulset.yaml
set:
enabled: true
statefulset.actRunner.fullOverride: test.io/act_runner:x.y.z statefulset.actRunner.fullOverride: test.io/act_runner:x.y.z
asserts: asserts:
- hasDocuments: - hasDocuments:
@ -227,16 +19,17 @@ tests:
- containsDocument: - containsDocument:
kind: StatefulSet kind: StatefulSet
apiVersion: apps/v1 apiVersion: apps/v1
name: gitea-actions-unittests-act-runner name: gitea-unittests-actions-act-runner
- equal: - equal:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: test.io/act_runner:x.y.z value: test.io/act_runner:x.y.z
- it: act-runner uses digest - it: act-runner uses digest
template: templates/statefulset.yaml template: templates/statefulset.yaml
set: set:
enabled: true enabled: true
statefulset.actRunner.tag: 0.3.1 existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
statefulset.actRunner.tag: 0.2.13
statefulset.actRunner.digest: sha256:abcdef123456 statefulset.actRunner.digest: sha256:abcdef123456
asserts: asserts:
- hasDocuments: - hasDocuments:
@ -244,32 +37,104 @@ tests:
- containsDocument: - containsDocument:
kind: StatefulSet kind: StatefulSet
apiVersion: apps/v1 apiVersion: apps/v1
name: gitea-actions-unittests-act-runner name: gitea-unittests-actions-act-runner
- equal: - equal:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: docker.gitea.com/act_runner:0.3.1@sha256:abcdef123456 value: docker.gitea.com/act_runner:0.2.13@sha256:abcdef123456
- it: act-runner uses global.imageRegistry - it: act-runner uses global.imageRegistry
template: templates/statefulset.yaml template: templates/statefulset.yaml
set: set:
enabled: true enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
global.imageRegistry: test.io global.imageRegistry: test.io
statefulset.actRunner.tag: 0.3.1 statefulset.actRunner.tag: 0.2.13
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 1 count: 1
- containsDocument: - containsDocument:
kind: StatefulSet kind: StatefulSet
apiVersion: apps/v1 apiVersion: apps/v1
name: gitea-actions-unittests-act-runner name: gitea-unittests-actions-act-runner
- equal: - equal:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: test.io/act_runner:0.3.1 value: test.io/act_runner:0.2.13
- it: dind uses fullOverride
template: templates/statefulset.yaml
set:
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
statefulset.dind.fullOverride: test.io/dind:x.y.z
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.initContainers[1].image
value: test.io/dind:x.y.z
- it: dind uses global.imageRegistry
template: templates/statefulset.yaml
set:
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
global.imageRegistry: test.io
statefulset.dind.tag: 28.3.3-dind
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.initContainers[1].image
value: test.io/docker:28.3.3-dind
- it: init uses fullOverride
template: templates/statefulset.yaml
set:
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
init.image.fullOverride: test.io/busybox:x.y.z
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.initContainers[0].image
value: test.io/busybox:x.y.z
- it: init uses global.imageRegistry
template: templates/statefulset.yaml
set:
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
global.imageRegistry: test.io
init.image.tag: 1.37.0
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.initContainers[0].image
value: test.io/busybox:1.37.0
- it: renders additional environment variables for act-runner container in StatefulSet - it: renders additional environment variables for act-runner container in StatefulSet
template: templates/statefulset.yaml template: templates/statefulset.yaml
set: set:
enabled: true enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
statefulset: statefulset:
actRunner: actRunner:
extraEnvs: extraEnvs:
@ -285,7 +150,7 @@ tests:
- containsDocument: - containsDocument:
kind: StatefulSet kind: StatefulSet
apiVersion: apps/v1 apiVersion: apps/v1
name: gitea-actions-unittests-act-runner name: gitea-unittests-actions-act-runner
- equal: - equal:
path: spec.template.spec.containers[0].env[4] path: spec.template.spec.containers[0].env[4]
value: value:
@ -297,7 +162,223 @@ tests:
- matchRegex: - matchRegex:
path: spec.template.spec.containers[0].env[5].name path: spec.template.spec.containers[0].env[5].name
pattern: "GITEA_RUNNER_NAME" pattern: "GITEA_RUNNER_NAME"
- it: Has fsGroup in securityContext
template: templates/statefulset.yaml
set:
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
statefulset.securityContext:
fsGroup: 1000
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.securityContext["fsGroup"]
value: 1000
- it: Has fsGroupChangePolicy in securityContext
template: templates/statefulset.yaml
set:
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
statefulset.securityContext:
fsGroupChangePolicy: OnRootMismatch
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.securityContext["fsGroupChangePolicy"]
value: "OnRootMismatch"
- it: Has Always in securityContext
template: templates/statefulset.yaml
set:
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
statefulset.securityContext:
fsGroupChangePolicy: Always
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.securityContext["fsGroupChangePolicy"]
value: "Always"
- it: doesn't renders a StatefulSet by default
template: templates/statefulset.yaml
asserts:
- hasDocuments:
count: 0
- it: renders a StatefulSet (with given existingSecret/existingSecretKey)
template: templates/statefulset.yaml
set:
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.containers[0].env[0]
value:
name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: "my-secret"
key: "my-secret-key"
- it: renders a StatefulSet (with secret reference defaults for enabled provisioning)
template: templates/statefulset.yaml
set:
enabled: true
provisioning:
enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.containers[0].env[0]
value:
name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: "gitea-unittests-actions-token"
key: "token"
- it: renders a StatefulSet (that tracks changes of the runner configuration as annotation)
template: templates/statefulset.yaml
set:
image.tag: "1.22.3" # lock image tag to prevent test failures on future Gitea upgrades
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.metadata.annotations["checksum/config"]
value: "2bafbf04b3c4293c8ddf895ae3d908e14176ee54a6c724c8cf5b2a1e43c6ece7"
- it: renders a StatefulSet http (with correct GITEA_INSTANCE_URL env from giteaRootURL)
template: templates/statefulset.yaml
set:
giteaRootURL: "http://git.example.com"
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.containers[0].env[1]
value:
name: GITEA_INSTANCE_URL
value: "http://git.example.com"
- equal:
path: spec.template.spec.initContainers[0].command[2]
value: |
echo 'Trying to reach Gitea on http://git.example.com'
until timeout 10 wget --no-check-certificate --spider http://git.example.com; do
sleep 3
echo "Trying again in 3 seconds..."
done
echo "Gitea has been reached!"
- it: renders a StatefulSet https (with correct GITEA_INSTANCE_URL env from giteaRootURL)
template: templates/statefulset.yaml
set:
giteaRootURL: "https://git.example.com"
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.containers[0].env[1]
value:
name: GITEA_INSTANCE_URL
value: "https://git.example.com"
- equal:
path: spec.template.spec.initContainers[0].command[2]
value: |
echo 'Trying to reach Gitea on https://git.example.com'
until timeout 10 wget --no-check-certificate --spider https://git.example.com; do
sleep 3
echo "Trying again in 3 seconds..."
done
echo "Gitea has been reached!"
- it: renders a StatefulSet https (with correct GITEA_INSTANCE_URL env from giteaRootURL)
template: templates/statefulset.yaml
set:
giteaRootURL: "https://git.example.com:8443"
enabled: true
existingSecret: "my-secret"
existingSecretKey: "my-secret-key"
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-unittests-actions-act-runner
- equal:
path: spec.template.spec.containers[0].env[1]
value:
name: GITEA_INSTANCE_URL
value: "https://git.example.com:8443"
- equal:
path: spec.template.spec.initContainers[0].command[2]
value: |
echo 'Trying to reach Gitea on https://git.example.com:8443'
until timeout 10 wget --no-check-certificate --spider https://git.example.com:8443; do
sleep 3
echo "Trying again in 3 seconds..."
done
echo "Gitea has been reached!"
- it: allows adding custom environment variables to the docker-in-docker container
template: templates/statefulset.yaml
set:
enabled: true
statefulset:
dind:
extraEnvs:
- name: "CUSTOM_ENV_NAME"
value: "custom env value"
asserts:
- equal:
path: spec.template.spec.initContainers[1].env[0]
value:
name: "CUSTOM_ENV_NAME"
value: "custom env value"
- it: should mount an extra volume in the act runner container - it: should mount an extra volume in the act runner container
template: templates/statefulset.yaml template: templates/statefulset.yaml
set: set:
@ -316,67 +397,13 @@ tests:
- containsDocument: - containsDocument:
kind: StatefulSet kind: StatefulSet
apiVersion: apps/v1 apiVersion: apps/v1
name: gitea-actions-unittests-act-runner name: gitea-unittests-actions-act-runner
- contains: - contains:
any: true any: true
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
mountPath: /mnt mountPath: /mnt
name: my-act-runner-volume name: my-act-runner-volume
#
## DIND
#
- it: dind uses fullOverride
template: templates/statefulset.yaml
set:
enabled: true
statefulset.dind.fullOverride: test.io/dind:x.y.z
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-act-runner
- equal:
path: spec.template.spec.initContainers[1].image
value: test.io/dind:x.y.z
- it: dind uses global.imageRegistry
template: templates/statefulset.yaml
set:
enabled: true
global.imageRegistry: test.io
statefulset.dind.tag: 28.3.3-dind
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-act-runner
- equal:
path: spec.template.spec.initContainers[1].image
value: test.io/docker:28.3.3-dind
- it: allows adding custom environment variables to the docker-in-docker container
template: templates/statefulset.yaml
set:
enabled: true
statefulset:
dind:
extraEnvs:
- name: "CUSTOM_ENV_NAME"
value: "custom env value"
asserts:
- equal:
path: spec.template.spec.initContainers[1].env[0]
value:
name: "CUSTOM_ENV_NAME"
value: "custom env value"
- it: should mount an extra volume in the docker-in-docker container - it: should mount an extra volume in the docker-in-docker container
template: templates/statefulset.yaml template: templates/statefulset.yaml
set: set:
@ -395,47 +422,42 @@ tests:
- containsDocument: - containsDocument:
kind: StatefulSet kind: StatefulSet
apiVersion: apps/v1 apiVersion: apps/v1
name: gitea-actions-unittests-act-runner name: gitea-unittests-actions-act-runner
- contains: - contains:
any: true any: true
path: spec.template.spec.initContainers[1].volumeMounts path: spec.template.spec.initContainers[1].volumeMounts
content: content:
mountPath: /mnt mountPath: /mnt
name: my-dind-volume name: my-dind-volume
- it: should interpret Gitea Root URL templating
#
## INIT
#
- it: init uses fullOverride
template: templates/statefulset.yaml template: templates/statefulset.yaml
set: set:
global:
gitea:
service:
name: "my-gitea-svc-http"
port: 3210
enabled: true enabled: true
init.image.fullOverride: test.io/busybox:x.y.z giteaRootURL: "http://{{ .Values.global.gitea.service.name }}:{{ .Values.global.gitea.service.port }}"
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 1 count: 1
- containsDocument: - containsDocument:
kind: StatefulSet kind: StatefulSet
apiVersion: apps/v1 apiVersion: apps/v1
name: gitea-actions-unittests-act-runner name: gitea-unittests-actions-act-runner
- equal: - equal:
path: spec.template.spec.initContainers[0].image path: spec.template.spec.containers[0].env[1].name
value: test.io/busybox:x.y.z value: "GITEA_INSTANCE_URL"
- it: init uses global.imageRegistry
template: templates/statefulset.yaml
set:
enabled: true
global.imageRegistry: test.io
init.image.tag: 1.37.0
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: StatefulSet
apiVersion: apps/v1
name: gitea-actions-unittests-act-runner
- equal: - equal:
path: spec.template.spec.initContainers[0].image path: spec.template.spec.containers[0].env[1].value
value: test.io/busybox:1.37.0 value: "http://my-gitea-svc-http:3210"
- equal:
path: spec.template.spec.initContainers[0].command[2]
value: |
echo 'Trying to reach Gitea on http://my-gitea-svc-http:3210'
until timeout 10 wget --no-check-certificate --spider http://my-gitea-svc-http:3210; do
sleep 3
echo "Trying again in 3 seconds..."
done
echo "Gitea has been reached!"

79
values.yaml
View File

@ -2,6 +2,8 @@
## @section Gitea Actions ## @section Gitea Actions
# #
## @param enabled Create an act runner StatefulSet. ## @param enabled Create an act runner StatefulSet.
## @param init.image.repository The image used for the init containers
## @param init.image.tag The image tag used for the init containers
## @param statefulset.replicas the amount of (replica) runner pods deployed ## @param statefulset.replicas the amount of (replica) runner pods deployed
## @param statefulset.timezone is the timezone that will be set in the act_runner image ## @param statefulset.timezone is the timezone that will be set in the act_runner image
## @param statefulset.annotations Act runner annotations ## @param statefulset.annotations Act runner annotations
@ -11,14 +13,6 @@
## @param statefulset.tolerations Tolerations for the statefulset ## @param statefulset.tolerations Tolerations for the statefulset
## @param statefulset.affinity Affinity for the statefulset ## @param statefulset.affinity Affinity for the statefulset
## @param statefulset.extraVolumes Extra volumes for the statefulset ## @param statefulset.extraVolumes Extra volumes for the statefulset
## @param statefulset.persistence.size Size for persistence to store act runner data
## @param statefulset.securityContext Customize the SecurityContext
## @param statefulset.serviceAccountName Customize the service account name
## @param statefulset.runtimeClassName Select a different RuntimeClass for pods
## @param statefulset.hostAliases Inject entries into the /etc/hosts file
#
## @param statefulset.persistence.size Size for persistence to store act runner data
#
## @param statefulset.actRunner.registry image registry, e.g. gcr.io,docker.io ## @param statefulset.actRunner.registry image registry, e.g. gcr.io,docker.io
## @param statefulset.actRunner.repository The Gitea act runner image ## @param statefulset.actRunner.repository The Gitea act runner image
## @param statefulset.actRunner.tag The Gitea act runner tag ## @param statefulset.actRunner.tag The Gitea act runner tag
@ -26,13 +20,9 @@
## @param statefulset.actRunner.pullPolicy The Gitea act runner pullPolicy ## @param statefulset.actRunner.pullPolicy The Gitea act runner pullPolicy
## @param statefulset.actRunner.fullOverride Completely overrides the image registry, path/image, tag and digest. ## @param statefulset.actRunner.fullOverride Completely overrides the image registry, path/image, tag and digest.
## @param statefulset.actRunner.extraVolumeMounts Allows mounting extra volumes in the act runner container ## @param statefulset.actRunner.extraVolumeMounts Allows mounting extra volumes in the act runner container
## @param statefulset.actRunner.extraEnvs Allows adding custom environment variables
## @param statefulset.actRunner.flushCache whether to clear the .runner (cache) file by creating an extra init container, can slightly increase boot-up time
## @param statefulset.actRunner.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. ## @param statefulset.actRunner.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details.
#
## @param statefulset.dind.rootless [default: false] a simple flag to let helm know we are dealing with a rootless dind container
## @param statefulset.dind.uid a field to set the running user id for the rootless dind container, so it knows where to look for the socket
## @param statefulset.dind.registry image registry, e.g. gcr.io,docker.io ## @param statefulset.dind.registry image registry, e.g. gcr.io,docker.io
## @param statefulset.actRunner.extraEnvs Allows adding custom environment variables
## @param statefulset.dind.repository The Docker-in-Docker image ## @param statefulset.dind.repository The Docker-in-Docker image
## @param statefulset.dind.tag The Docker-in-Docker image tag ## @param statefulset.dind.tag The Docker-in-Docker image tag
## @param statefulset.dind.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` ## @param statefulset.dind.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
@ -40,8 +30,11 @@
## @param statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy ## @param statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy
## @param statefulset.dind.extraVolumeMounts Allows mounting extra volumes in the Docker-in-Docker container ## @param statefulset.dind.extraVolumeMounts Allows mounting extra volumes in the Docker-in-Docker container
## @param statefulset.dind.extraEnvs Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY` ## @param statefulset.dind.extraEnvs Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`
## @param statefulset.dind.extraArgs Allows adding custom arguments to the Docker Daemon ## @param statefulset.persistence.size Size for persistence to store act runner data
# ## @param statefulset.securityContext Customize the SecurityContext
## @param existingSecret Secret that contains the token
## @param existingSecretKey Secret key
## @param giteaRootURL URL the act_runner registers and connect with
enabled: false enabled: false
statefulset: statefulset:
replicas: 1 replicas: 1
@ -54,24 +47,11 @@ statefulset:
affinity: {} affinity: {}
extraVolumes: [] extraVolumes: []
securityContext: {} securityContext: {}
serviceAccountName: ""
runtimeClassName: ""
# Add /etc/hosts injections into the pods
hostAliases:
[]
# - ip: 8.8.8.8
# hostnames:
# - googel.com
# - googol.com
persistence:
size: 1Gi
actRunner: actRunner:
registry: "docker.gitea.com" registry: "docker.gitea.com"
repository: act_runner repository: act_runner
tag: 0.3.1 tag: 0.2.13
digest: "" digest: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
fullOverride: "" fullOverride: ""
@ -83,8 +63,6 @@ statefulset:
# fieldRef: # fieldRef:
# fieldPath: metadata.name # fieldPath: metadata.name
# See full details: https://gitea.com/gitea/helm-actions/issues/73
flushCache: false
# See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml # See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
config: | config: |
log: log:
@ -96,11 +74,9 @@ statefulset:
docker_timeout: 300s docker_timeout: 300s
dind: dind:
rootless: false registry: ""
uid: ""
registry: "docker.io"
repository: docker repository: docker
tag: 29.4.0-dind tag: 28.3.3-dind
digest: "" digest: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
fullOverride: "" fullOverride: ""
@ -113,11 +89,8 @@ statefulset:
# - name: "DOCKER_IPTABLES_LEGACY" # - name: "DOCKER_IPTABLES_LEGACY"
# value: "1" # value: "1"
# Option to add extra arguments/commands to the container/pod: persistence:
# [#22](https://gitea.com/gitea/helm-actions/issues/22) [k8s docs](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/) size: 1Gi
extraArgs:
[]
# - --mtu=1400
## @section Gitea Actions Init ## @section Gitea Actions Init
# #
@ -137,38 +110,18 @@ init:
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
fullOverride: "" fullOverride: ""
## @section Runner Token Secret Configuration ## Specify an existing token secret
# ##
## @param existingSecret Secret that contains the token
## @param existingSecretKey Secret key
existingSecret: "" existingSecret: ""
existingSecretKey: "" existingSecretKey: ""
## @section Gitea URL Setting ## Specify the root URL of the Gitea instance
#
## @param giteaRootURL URL the act_runner registers and connect with
giteaRootURL: "" giteaRootURL: ""
## @section Extra Init Containers
#
## @param preExtraInitContainers Additional init containers to run in the pod before Gitea-actions runs it owns init containers.
## @param postExtraInitContainers Additional init containers to run in the pod after Gitea-actions runs it owns init containers.
preExtraInitContainers: []
# - name: pre-init-container
# image: docker.io/library/busybox
# command: [ /bin/sh, -c, 'echo "Hello world! I am a pre init container."' ]
postExtraInitContainers: []
# - name: post-init-container
# image: docker.io/library/busybox
# command: [ /bin/sh, -c, 'echo "Hello world! I am a post init container."' ]
## @section Global ## @section Global
# #
## @param global.imageRegistry global image registry override ## @param global.imageRegistry global image registry override
## @param global.imagePullSecrets global image registry pull secrets
## @param global.storageClass global storage class override ## @param global.storageClass global storage class override
global: global:
imageRegistry: "" imageRegistry: ""
imagePullSecrets: []
storageClass: "" storageClass: ""