From f897e6350be5159670eb54a5a00cc8a90254748b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 27 May 2024 14:54:59 +0000 Subject: [PATCH 01/14] chore(deps): update workflow dependencies (minor & patch) (#660) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | alpine/helm | | minor | `3.14.4` -> `3.15.1` | | alpine/helm | container | minor | `3.14.4` -> `3.15.1` | | [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli) | devDependencies | minor | [`^0.40.0` -> `^0.41.0`](https://renovatebot.com/diffs/npm/markdownlint-cli/0.40.0/0.41.0) | --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/660 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/release-version.yml | 2 +- .gitea/workflows/test-pr.yml | 2 +- package-lock.json | 81 ++++++++++++++++------------ package.json | 2 +- 4 files changed, 50 insertions(+), 37 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index ef0e707..1f0b49f 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -7,7 +7,7 @@ on: env: # renovate: datasource=docker depName=alpine/helm - HELM_VERSION: "3.14.4" + HELM_VERSION: "3.15.1" jobs: generate-chart-publish: diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 7e1a196..01d3981 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -16,7 +16,7 @@ env: jobs: check-and-test: runs-on: ubuntu-latest - container: alpine/helm:3.14.4 + container: alpine/helm:3.15.1 steps: - name: install tools run: | diff --git a/package-lock.json b/package-lock.json index 7743c82..c00c95e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,7 +8,7 @@ "license": "MIT", "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.40.0" + "markdownlint-cli": "^0.41.0" }, "engines": { "node": ">=16.0.0", @@ -310,10 +310,11 @@ "dev": true }, "node_modules/jackspeak": { - "version": "2.3.6", - "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz", - "integrity": "sha512-N3yCS/NegsOBokc8GAdM8UcmfsKiSS8cipheD/nivzr700H+nsMOxJjQnvwOcRYVuFkdH0wGUvW2WbXGmrZGbQ==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.1.2.tgz", + "integrity": "sha512-kWmLKn2tRtfYMF/BakihVVRzBKOxz4gJMiL2Rj91WnAB5TPZumSH99R/Yf1qE1u4uRimvCSJfm6hnxohXeEXjQ==", "dev": true, + "license": "BlueOak-1.0.0", "dependencies": { "@isaacs/cliui": "^8.0.2" }, @@ -425,14 +426,15 @@ } }, "node_modules/markdownlint-cli": { - "version": "0.40.0", - "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.40.0.tgz", - "integrity": "sha512-JXhI3dRQcaqwiFYpPz6VJ7aKYheD53GmTz9y4D/d0F1MbZDGOp9pqKlbOfUX/pHP/iAoeiE4wYRmk8/kjLakxA==", + "version": "0.41.0", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.41.0.tgz", + "integrity": "sha512-kp29tKrMKdn+xonfefjp3a/MsNzAd9c5ke0ydMEI9PR98bOjzglYN4nfMSaIs69msUf1DNkgevAIAPtK2SeX0Q==", "dev": true, + "license": "MIT", "dependencies": { - "commander": "~12.0.0", + "commander": "~12.1.0", "get-stdin": "~9.0.0", - "glob": "~10.3.12", + "glob": "~10.4.1", "ignore": "~5.3.1", "js-yaml": "^4.1.0", "jsonc-parser": "~3.2.1", @@ -440,7 +442,7 @@ "markdownlint": "~0.34.0", "minimatch": "~9.0.4", "run-con": "~1.3.2", - "toml": "~3.0.0" + "smol-toml": "~1.2.0" }, "bin": { "markdownlint": "markdownlint.js" @@ -454,36 +456,39 @@ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", "dev": true, + "license": "MIT", "dependencies": { "balanced-match": "^1.0.0" } }, "node_modules/markdownlint-cli/node_modules/commander": { - "version": "12.0.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-12.0.0.tgz", - "integrity": "sha512-MwVNWlYjDTtOjX5PiD7o5pK0UrFU/OYgcJfjjK4RaHZETNtjJqrZa9Y9ds88+A+f+d5lv+561eZ+yCKoS3gbAA==", + "version": "12.1.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-12.1.0.tgz", + "integrity": "sha512-Vw8qHK3bZM9y/P10u3Vib8o/DdkvA2OtPtZvD871QKjy74Wj1WSKFILMPRPSdUSx5RFK1arlJzEtA4PkFgnbuA==", "dev": true, + "license": "MIT", "engines": { "node": ">=18" } }, "node_modules/markdownlint-cli/node_modules/glob": { - "version": "10.3.14", - "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.14.tgz", - "integrity": "sha512-4fkAqu93xe9Mk7le9v0y3VrPDqLKHarNi2s4Pv7f2yOvfhWfhc7hRPHC/JyqMqb8B/Dt/eGS4n7ykwf3fOsl8g==", + "version": "10.4.1", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.4.1.tgz", + "integrity": "sha512-2jelhlq3E4ho74ZyVLN03oKdAZVUa6UDZzFLVH1H7dnoax+y9qyaq8zBkfDIggjniU19z0wU18y16jMB2eyVIw==", "dev": true, + "license": "ISC", "dependencies": { "foreground-child": "^3.1.0", - "jackspeak": "^2.3.6", - "minimatch": "^9.0.1", - "minipass": "^7.0.4", - "path-scurry": "^1.11.0" + "jackspeak": "^3.1.2", + "minimatch": "^9.0.4", + "minipass": "^7.1.2", + "path-scurry": "^1.11.1" }, "bin": { "glob": "dist/esm/bin.mjs" }, "engines": { - "node": ">=16 || 14 >=14.17" + "node": ">=16 || 14 >=14.18" }, "funding": { "url": "https://github.com/sponsors/isaacs" @@ -494,6 +499,7 @@ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", "integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==", "dev": true, + "license": "ISC", "dependencies": { "brace-expansion": "^2.0.1" }, @@ -544,10 +550,11 @@ } }, "node_modules/minipass": { - "version": "7.1.1", - "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.1.tgz", - "integrity": "sha512-UZ7eQ+h8ywIRAW1hIEl2AqdwzJucU/Kp59+8kkZeSvafXhZjul247BvIJjEVFVeON6d7lM46XX1HXCduKAS8VA==", + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz", + "integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==", "dev": true, + "license": "ISC", "engines": { "node": ">=16 || 14 >=14.17" } @@ -580,16 +587,17 @@ } }, "node_modules/path-scurry": { - "version": "1.11.0", - "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.0.tgz", - "integrity": "sha512-LNHTaVkzaYaLGlO+0u3rQTz7QrHTFOuKyba9JMTQutkmtNew8dw8wOD7mTU/5fCPZzCWpfW0XnQKzY61P0aTaw==", + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz", + "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==", "dev": true, + "license": "BlueOak-1.0.0", "dependencies": { "lru-cache": "^10.2.0", "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" }, "engines": { - "node": ">=16 || 14 >=14.17" + "node": ">=16 || 14 >=14.18" }, "funding": { "url": "https://github.com/sponsors/isaacs" @@ -661,6 +669,17 @@ "url": "https://github.com/sponsors/isaacs" } }, + "node_modules/smol-toml": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.2.0.tgz", + "integrity": "sha512-KObxdQANC/xje3OoatMbSwQf2XAvJ0RbK+4nmQRszFNZptbNRnMWqbLF/zb4sMi9xJ6HNyhWXeuZ9zC/I/XY7w==", + "dev": true, + "license": "BSD-3-Clause", + "engines": { + "node": ">= 18", + "pnpm": ">= 9" + } + }, "node_modules/string-width": { "version": "5.1.2", "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", @@ -769,12 +788,6 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/toml": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/toml/-/toml-3.0.0.tgz", - "integrity": "sha512-y/mWCZinnvxjTKYhJ+pYxwD0mRLVvOtdS2Awbgxln6iEnt4rk0yBxeSBHkGJcPucRiG0e55mwWp+g/05rsrd6w==", - "dev": true - }, "node_modules/uc.micro": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-2.1.0.tgz", diff --git a/package.json b/package.json index 20522b5..3cc3449 100644 --- a/package.json +++ b/package.json @@ -14,6 +14,6 @@ }, "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.40.0" + "markdownlint-cli": "^0.41.0" } } From 157e87593d70410832ff09da953f04c7d4ee16ab Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 2 Jun 2024 00:23:26 +0000 Subject: [PATCH 02/14] chore(deps): update subcharts (minor & patch) (#663) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 8 ++++---- Chart.yaml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Chart.lock b/Chart.lock index 8387557..1126574 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.4.0 + version: 15.5.0 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.1.2 + version: 14.1.3 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 10.2.0 -digest: sha256:9cf8e9cc91ed8e7222943de488ff2a75f49ef16115ae9c252b969a0df0d5c696 -generated: "2024-05-25T00:43:29.277245931Z" +digest: sha256:f7feb678e253951354014684cca973ce7656aa8fd812e627534257dad7765069 +generated: "2024-06-01T00:49:20.470701261Z" diff --git a/Chart.yaml b/Chart.yaml index 16fd7e9..c8c3abd 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,12 +35,12 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.4.0 + version: 15.5.0 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.1.2 + version: 14.1.3 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster From 22848d0ce7d025567e73320ea95957897119e0c4 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 6 Jun 2024 20:36:53 +0000 Subject: [PATCH 03/14] Bump Gitea to 1.22 (#662) @justusbunsi I've been running 1.22 with this chart on some clusters for some days now without issues. I think no further adjustments are needed on the chart side. Maybe we can get some of the other open PRs in? Also: Let me know if you want to do the release this time - I did a lot lately, happy to let you have a go for this one :) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/662 Co-authored-by: pat-s Co-committed-by: pat-s --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index c8c3abd..a78360f 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.21.11 +appVersion: 1.22.0 icon: https://gitea.com/assets/img/logo.svg keywords: From b7b60dd51f11e998c17fc9be5fc20d6730b77100 Mon Sep 17 00:00:00 2001 From: Ceddaerrix Date: Thu, 6 Jun 2024 20:39:41 +0000 Subject: [PATCH 04/14] DRY improvements (#664) ### Description of the change Adding support for DRY principle (via use of the TPL function) to the PVC storage class and the ingress class ### Benefits It allows to reference a variable into another one to avoid duplicating them (or using YAML anchors). It is useful and valuable when including Gitea into an umbrella chart with multiple components and to have a single variable while the components variable only refer to that single one. Example 1 ``` global: persistence: storageClass: "storage-class" persistence: storageClass: "{{ .Values.global.persistence.storageClass }}" ``` This results in having `spec.storageClassName` equal to `storage-class` in the PVC object Example 2 ``` global: ingress: className: "ingress-class" ingress: className: "{{ .Values.global.ingress.className}}" ``` This results in having `spec.ingressClassName` equal to `ingress-class` in the Ingress object ### Possible drawbacks N/A ### Checklist - [X] Templating unittests are added Co-authored-by: 212597596 Co-authored-by: pat-s Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/664 Reviewed-by: pat-s Co-authored-by: Ceddaerrix Co-committed-by: Ceddaerrix --- templates/_helpers.tpl | 2 +- templates/gitea/ingress.yaml | 2 +- .../deployment/ingress-configuration.yaml | 24 +++++++++++++++++++ unittests/pvc/pvc-configuration.yaml | 19 +++++++++++++++ 4 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 unittests/pvc/pvc-configuration.yaml diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 30ee3b9..4c74291 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -74,7 +74,7 @@ imagePullSecrets: Storage Class */}} {{- define "gitea.persistence.storageClass" -}} -{{- $storageClass := .Values.persistence.storageClass | default .Values.global.storageClass }} +{{- $storageClass := (tpl ( default "" .Values.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }} {{- if $storageClass }} storageClassName: {{ $storageClass | quote }} {{- end }} diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml index 9991eec..cd743fe 100644 --- a/templates/gitea/ingress.yaml +++ b/templates/gitea/ingress.yaml @@ -21,7 +21,7 @@ metadata: {{- end }} spec: {{- if .Values.ingress.className }} - ingressClassName: {{ .Values.ingress.className }} + ingressClassName: {{ tpl .Values.ingress.className . }} {{- end }} {{- if .Values.ingress.tls }} tls: diff --git a/unittests/deployment/ingress-configuration.yaml b/unittests/deployment/ingress-configuration.yaml index 6a36eb0..a6998ee 100644 --- a/unittests/deployment/ingress-configuration.yaml +++ b/unittests/deployment/ingress-configuration.yaml @@ -15,9 +15,33 @@ tests: hosts: - "{{ .Values.global.giteaHostName }}" asserts: + - isKind: + of: Ingress - equal: path: spec.tls[0].hosts[0] value: "gitea.example.com" - equal: path: spec.rules[0].host value: "gitea.example.com" + - it: Ingress Class using TPL + set: + global.ingress.className: "ingress-class" + ingress.className: "{{ .Values.global.ingress.className }}" + ingress.enabled: true + ingress.hosts[0].host: "some-host" + ingress.tls: + - secretName: gitea-tls + hosts: + - "some-host" + asserts: + - isKind: + of: Ingress + - equal: + path: spec.tls[0].hosts[0] + value: "some-host" + - equal: + path: spec.rules[0].host + value: "some-host" + - equal: + path: spec.ingressClassName + value: "ingress-class" diff --git a/unittests/pvc/pvc-configuration.yaml b/unittests/pvc/pvc-configuration.yaml new file mode 100644 index 0000000..3431000 --- /dev/null +++ b/unittests/pvc/pvc-configuration.yaml @@ -0,0 +1,19 @@ +suite: PVC template +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/pvc.yaml +tests: + - it: Storage Class using TPL + set: + global.persistence.storageClass: "storage-class" + persistence.enabled: true + persistence.create: true + persistence.storageClass: "{{ .Values.global.persistence.storageClass }}" + asserts: + - isKind: + of: PersistentVolumeClaim + - equal: + path: spec.storageClassName + value: "storage-class" From d407eda496a8f012c30efa33171d1a51086e934a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 8 Jun 2024 01:01:27 +0000 Subject: [PATCH 05/14] chore(deps): update subcharts (minor & patch) (#665) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 10 +++++----- Chart.yaml | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Chart.lock b/Chart.lock index 1126574..68d902f 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.0 + version: 15.5.4 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.1.3 + version: 14.2.3 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.0 -digest: sha256:f7feb678e253951354014684cca973ce7656aa8fd812e627534257dad7765069 -generated: "2024-06-01T00:49:20.470701261Z" + version: 10.2.3 +digest: sha256:27f6cc8c2b72a70f8b53cb6ea2c0fc22a9bb9c61f7ce73d2103447d5c778eabf +generated: "2024-06-08T00:24:11.020661786Z" diff --git a/Chart.yaml b/Chart.yaml index a78360f..e2d8a59 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,15 +35,15 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.0 + version: 15.5.4 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.1.3 + version: 14.2.3 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.0 + version: 10.2.3 condition: redis-cluster.enabled From 030322170e17ecf8c2225c9343896f9bc27699ec Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 15 Jun 2024 00:42:23 +0000 Subject: [PATCH 06/14] chore(deps): update subcharts (minor & patch) (#667) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 8 ++++---- Chart.yaml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Chart.lock b/Chart.lock index 68d902f..721a358 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.4 + version: 15.5.5 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.3 + version: 14.2.5 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 10.2.3 -digest: sha256:27f6cc8c2b72a70f8b53cb6ea2c0fc22a9bb9c61f7ce73d2103447d5c778eabf -generated: "2024-06-08T00:24:11.020661786Z" +digest: sha256:9925f1f5b421918a3d81864e62df4e5793896327dd9996c153a19af627ed784f +generated: "2024-06-15T00:18:26.969328336Z" diff --git a/Chart.yaml b/Chart.yaml index e2d8a59..ae32bb4 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,12 +35,12 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.4 + version: 15.5.5 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.3 + version: 14.2.5 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster From 4dd17f045bce9009c9860da6105fc9960ffbd0db Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 22 Jun 2024 00:40:03 +0000 Subject: [PATCH 07/14] chore(deps): update alpine/helm docker tag to v3.15.2 (#668) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/release-version.yml | 2 +- .gitea/workflows/test-pr.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 1f0b49f..8bc374f 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -7,7 +7,7 @@ on: env: # renovate: datasource=docker depName=alpine/helm - HELM_VERSION: "3.15.1" + HELM_VERSION: "3.15.2" jobs: generate-chart-publish: diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 01d3981..df2ee51 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -16,7 +16,7 @@ env: jobs: check-and-test: runs-on: ubuntu-latest - container: alpine/helm:3.15.1 + container: alpine/helm:3.15.2 steps: - name: install tools run: | From c4168dd0298a51d97084cacbd5ee84fe1e2b4e5a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 23 Jun 2024 00:21:38 +0000 Subject: [PATCH 08/14] chore(deps): update subcharts (minor & patch) (#669) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 10 +++++----- Chart.yaml | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Chart.lock b/Chart.lock index 721a358..d86e447 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.5 + version: 15.5.9 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.5 + version: 14.2.7 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.3 -digest: sha256:9925f1f5b421918a3d81864e62df4e5793896327dd9996c153a19af627ed784f -generated: "2024-06-15T00:18:26.969328336Z" + version: 10.2.5 +digest: sha256:c4474ed68ad3a43182f8285aca05aca562939be06863e004ffed06829ed3c81b +generated: "2024-06-22T00:44:42.719713356Z" diff --git a/Chart.yaml b/Chart.yaml index ae32bb4..907be2f 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,15 +35,15 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.5 + version: 15.5.9 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.5 + version: 14.2.7 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.3 + version: 10.2.5 condition: redis-cluster.enabled From 1ac39a6f5dd0dc09c2fd933f79d75d883bf4278d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 30 Jun 2024 00:21:50 +0000 Subject: [PATCH 09/14] chore(deps): update subcharts (minor & patch) (#670) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 8 ++++---- Chart.yaml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Chart.lock b/Chart.lock index d86e447..a5d66f7 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.9 + version: 15.5.11 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.7 + version: 14.2.8 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 10.2.5 -digest: sha256:c4474ed68ad3a43182f8285aca05aca562939be06863e004ffed06829ed3c81b -generated: "2024-06-22T00:44:42.719713356Z" +digest: sha256:9707ed6d4527cb9e2055a20d53f921529e4649692ad0c104bd1bf2991365b812 +generated: "2024-06-29T00:19:17.596985596Z" diff --git a/Chart.yaml b/Chart.yaml index 907be2f..2d6c880 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,12 +35,12 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.9 + version: 15.5.11 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.7 + version: 14.2.8 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster From 6ffc0a37909c1318fa5d5e1242f2874e210bd570 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 6 Jul 2024 00:43:22 +0000 Subject: [PATCH 10/14] chore(deps): update subcharts (minor & patch) (#680) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 10 +++++----- Chart.yaml | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Chart.lock b/Chart.lock index a5d66f7..2a1aff0 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.11 + version: 15.5.14 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.8 + version: 14.2.11 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.5 -digest: sha256:9707ed6d4527cb9e2055a20d53f921529e4649692ad0c104bd1bf2991365b812 -generated: "2024-06-29T00:19:17.596985596Z" + version: 10.2.6 +digest: sha256:9bca43256b80ebb6c265a91f81b33ca30536a993d3089413c12fd4ac4d91d0d0 +generated: "2024-07-06T00:19:14.943493055Z" diff --git a/Chart.yaml b/Chart.yaml index 2d6c880..3a20799 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,15 +35,15 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.11 + version: 15.5.14 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.8 + version: 14.2.11 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.5 + version: 10.2.6 condition: redis-cluster.enabled From 6226e4eaea84b7ad3ab59bcb454bdd42c90b79a2 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sun, 7 Jul 2024 09:57:16 +0000 Subject: [PATCH 11/14] Add non-clustered redis as sub-chart (#672) Co-authored-by: Julien Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/672 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- Chart.lock | 7 +++-- Chart.yaml | 5 ++++ Makefile | 2 +- README.md | 32 +++++++++++++++------ templates/_helpers.tpl | 12 ++++++-- unittests/config/cache-config.yaml | 25 ++++++++++++++-- unittests/config/queue-config.yaml | 25 ++++++++++++++-- unittests/config/session-config.yaml | 25 ++++++++++++++-- unittests/dependency-major-image-check.yaml | 15 ++++++++++ unittests/values-conflicting-checks.yaml | 14 +++++++++ values.yaml | 22 +++++++++++++- 11 files changed, 163 insertions(+), 21 deletions(-) create mode 100644 unittests/values-conflicting-checks.yaml diff --git a/Chart.lock b/Chart.lock index 2a1aff0..a927d2d 100644 --- a/Chart.lock +++ b/Chart.lock @@ -8,5 +8,8 @@ dependencies: - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 10.2.6 -digest: sha256:9bca43256b80ebb6c265a91f81b33ca30536a993d3089413c12fd4ac4d91d0d0 -generated: "2024-07-06T00:19:14.943493055Z" +- name: redis + repository: oci://registry-1.docker.io/bitnamicharts + version: 19.6.1 +digest: sha256:b67d5866d0e5c17ae77d617f11d0c598c93b90dd4703684799f6a77282d8d96d +generated: "2024-07-07T11:54:30.9528697+02:00" diff --git a/Chart.yaml b/Chart.yaml index 3a20799..a8eec12 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -47,3 +47,8 @@ dependencies: repository: oci://registry-1.docker.io/bitnamicharts version: 10.2.6 condition: redis-cluster.enabled + # https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml + - name: redis + repository: oci://registry-1.docker.io/bitnamicharts + version: 19.6.1 + condition: redis.enabled diff --git a/Makefile b/Makefile index 4e4b5bd..cc92433 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ readme: prepare-environment .PHONY: unittests unittests: - helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' ./ + helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' -f 'unittests/values-conflicting-checks.yaml' ./ .PHONY: helm update-helm-dependencies: diff --git a/README.md b/README.md index defd747..56d902e 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ - [ReadinessProbe](#readinessprobe) - [StartupProbe](#startupprobe) - [redis-cluster](#redis-cluster) + - [redis](#redis) - [PostgreSQL HA](#postgresql-ha) - [PostgreSQL](#postgresql) - [Advanced](#advanced) @@ -98,7 +99,8 @@ These dependencies are enabled by default: Alternatively, the following non-HA replacements are available: -- PostgreSQL ([Bitnami PostgreSQL](postgresql](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml))) +- PostgreSQL ([Bitnami PostgreSQL]()) +- Redis ([Bitnami Redis]()) ### Dependency Versioning @@ -117,6 +119,7 @@ Please double-check the image repository and available tags in the sub-chart: - [PostgreSQL-HA](https://hub.docker.com/r/bitnami/postgresql-repmgr/tags) - [PostgreSQL](https://hub.docker.com/r/bitnami/postgresql/tags) - [Redis Cluster](https://hub.docker.com/r/bitnami/redis-cluster/tags) +- [Redis](https://hub.docker.com/r/bitnami/redis/tags) and look up the image tag which fits your needs on Dockerhub. @@ -244,7 +247,7 @@ External tools such as `redis-cluster` or `memcached` handle these workloads muc If HA is not needed/desired, the following configurations can be used to deploy a single-pod Gitea instance. -1. For a production-ready single-pod Gitea instance without external dependencies (using the chart dependency `postgresql`): +1. For a production-ready single-pod Gitea instance without external dependencies (using the chart dependency `postgresql` and `redis`):
@@ -253,6 +256,8 @@ If HA is not needed/desired, the following configurations can be used to deploy ```yaml redis-cluster: enabled: false + redis: + enabled: true postgresql: enabled: true postgresql-ha: @@ -265,12 +270,6 @@ If HA is not needed/desired, the following configurations can be used to deploy config: database: DB_TYPE: postgres - session: - PROVIDER: db - cache: - ADAPTER: memory - queue: - TYPE: level indexer: ISSUE_INDEXER_TYPE: bleve REPO_INDEXER_ENABLED: true @@ -290,6 +289,8 @@ If HA is not needed/desired, the following configurations can be used to deploy ```yaml redis-cluster: enabled: false + redis: + enabled: false postgresql: enabled: false postgresql-ha: @@ -1039,13 +1040,26 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo ### redis-cluster +Redis cluster and [Redis](#redis) cannot be enabled at the same time. + | Name | Description | Value | | -------------------------------- | -------------------------------------------- | ------- | -| `redis-cluster.enabled` | Enable redis | `true` | +| `redis-cluster.enabled` | Enable redis cluster | `true` | | `redis-cluster.usePassword` | Whether to use password authentication | `false` | | `redis-cluster.cluster.nodes` | Number of redis cluster master nodes | `3` | | `redis-cluster.cluster.replicas` | Number of redis cluster master node replicas | `0` | +### redis + +Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. + +| Name | Description | Value | +| ----------------------------- | ------------------------------------------ | ------------ | +| `redis.enabled` | Enable redis standalone or replicated | `false` | +| `redis.architecture` | Whether to use standalone or replication | `standalone` | +| `redis.global.redis.password` | Required password | `changeme` | +| `redis.master.count` | Number of Redis master instances to deploy | `1` | + ### PostgreSQL HA | Name | Description | Value | diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 4c74291..d8dfd7d 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -113,20 +113,28 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "redis.dns" -}} -{{- if (index .Values "redis-cluster").enabled -}} +{{- if and ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} +{{- fail "redis and redis-cluster cannot be enabled at the same time. Please only choose one." -}} +{{- else if (index .Values "redis-cluster").enabled -}} {{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}} +{{- else if (index .Values "redis").enabled -}} +{{- printf "redis://:%s@%s-redis-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis").master.service.ports.redis -}} {{- end -}} {{- end -}} {{- define "redis.port" -}} {{- if (index .Values "redis-cluster").enabled -}} {{ (index .Values "redis-cluster").service.ports.redis }} +{{- else if (index .Values "redis").enabled -}} +{{ (index .Values "redis").master.service.ports.redis }} {{- end -}} {{- end -}} {{- define "redis.servicename" -}} {{- if (index .Values "redis-cluster").enabled -}} {{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} +{{- else if (index .Values "redis").enabled -}} +{{- printf "%s-redis-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} {{- end -}} {{- end -}} @@ -271,7 +279,7 @@ https {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} {{- end -}} {{- /* redis queue */ -}} - {{- if (index .Values "redis-cluster").enabled -}} + {{- if or ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}} {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}} {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}} diff --git a/unittests/config/cache-config.yaml b/unittests/config/cache-config.yaml index cd55d90..8ebde62 100644 --- a/unittests/config/cache-config.yaml +++ b/unittests/config/cache-config.yaml @@ -8,6 +8,8 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -16,11 +18,28 @@ tests: ADAPTER=redis HOST=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& - - it: "cache is configured correctly for 'memory' when redis-cluster is disabled" + - it: "cache is configured correctly for redis" template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.cache + value: |- + ADAPTER=redis + HOST=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + + - it: "cache is configured correctly for 'memory' when redis (or redis-cluster) is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -29,11 +48,13 @@ tests: ADAPTER=memory HOST= - - it: "cache can be customized when redis-cluster is disabled" + - it: "cache can be customized when redis (or redis-cluster) is disabled" template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: false gitea.config.cache.ADAPTER: custom-adapter gitea.config.cache.HOST: custom-host asserts: diff --git a/unittests/config/queue-config.yaml b/unittests/config/queue-config.yaml index f83543a..b4946c7 100644 --- a/unittests/config/queue-config.yaml +++ b/unittests/config/queue-config.yaml @@ -8,6 +8,8 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -16,11 +18,28 @@ tests: CONN_STR=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& TYPE=redis - - it: "queue is configured correctly for 'levelDB' when redis-cluster is disabled" + - it: "queue is configured correctly for redis" template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.queue + value: |- + CONN_STR=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + TYPE=redis + + - it: "queue is configured correctly for 'levelDB' when redis (and redis-cluster) is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -29,11 +48,13 @@ tests: CONN_STR= TYPE=level - - it: "queue can be customized when redis-cluster is disabled" + - it: "queue can be customized when redis (and redis-cluster) are disabled" template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: false gitea.config.queue.TYPE: custom-type gitea.config.queue.CONN_STR: custom-connection-string asserts: diff --git a/unittests/config/session-config.yaml b/unittests/config/session-config.yaml index 2b6e771..5078cf2 100644 --- a/unittests/config/session-config.yaml +++ b/unittests/config/session-config.yaml @@ -8,6 +8,8 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -16,11 +18,28 @@ tests: PROVIDER=redis PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& - - it: "session is configured correctly for 'memory' when redis-cluster is disabled" + - it: "session is configured correctly for redis" template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.session + value: |- + PROVIDER=redis + PROVIDER_CONFIG=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + + - it: "session is configured correctly for 'memory' when redis (and redis-cluster) is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -29,11 +48,13 @@ tests: PROVIDER=memory PROVIDER_CONFIG= - - it: "session can be customized when redis-cluster is disabled" + - it: "session can be customized when redis (and redis-cluster) is disabled" template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: false gitea.config.session.PROVIDER: custom-provider gitea.config.session.PROVIDER_CONFIG: custom-provider-config asserts: diff --git a/unittests/dependency-major-image-check.yaml b/unittests/dependency-major-image-check.yaml index cd25274..2646ade 100644 --- a/unittests/dependency-major-image-check.yaml +++ b/unittests/dependency-major-image-check.yaml @@ -34,9 +34,24 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST pattern: bitnami/redis-cluster:7.+$ + - it: "[redis] ensures we detect major image version upgrades" + template: charts/redis/templates/master/application.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + matchRegex: + path: spec.template.spec.containers[0].image + # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST + pattern: bitnami/redis:7.+$ diff --git a/unittests/values-conflicting-checks.yaml b/unittests/values-conflicting-checks.yaml new file mode 100644 index 0000000..a257690 --- /dev/null +++ b/unittests/values-conflicting-checks.yaml @@ -0,0 +1,14 @@ +suite: Values conflicting checks +release: + name: gitea-unittests + namespace: testing +tests: + - it: fails when trying to configure redis and redis-cluster the same time + set: + redis-cluster: + enabled: true + redis: + enabled: true + asserts: + - failedTemplate: + errorMessage: redis and redis-cluster cannot be enabled at the same time. Please only choose one. diff --git a/values.yaml b/values.yaml index 4b6f017..8d93102 100644 --- a/values.yaml +++ b/values.yaml @@ -481,10 +481,13 @@ gitea: failureThreshold: 10 ## @section redis-cluster -## @param redis-cluster.enabled Enable redis +## @param redis-cluster.enabled Enable redis cluster ## @param redis-cluster.usePassword Whether to use password authentication ## @param redis-cluster.cluster.nodes Number of redis cluster master nodes ## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas +## @descriptionStart +## Redis cluster and [Redis](#redis) cannot be enabled at the same time. +## @descriptionEnd redis-cluster: enabled: true usePassword: false @@ -492,6 +495,23 @@ redis-cluster: nodes: 3 # default: 6 replicas: 0 # default: 1 +## @section redis +## @param redis.enabled Enable redis standalone or replicated +## @param redis.architecture Whether to use standalone or replication +## @param redis.global.redis.password Required password +## @param redis.master.count Number of Redis master instances to deploy +## @descriptionStart +## Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. +## @descriptionEnd +redis: + enabled: false + architecture: standalone + global: + redis: + password: changeme + master: + count: 1 + ## @section PostgreSQL HA # ## @param postgresql-ha.enabled Enable PostgreSQL HA From 1dbf171ad3566dc3cddd5aa74650708da0238d6e Mon Sep 17 00:00:00 2001 From: James Harmison Date: Sun, 7 Jul 2024 09:59:29 +0000 Subject: [PATCH 12/14] Enable admin user password creation/update mode in values (#677) ### Description of the change This enables sane modes for forcing reset, as well as providing more options to users of the chart by giving them the flexibility to set the mode for password creation/modification as part of init whether the user exists or not. ### Benefits The new default should revert to the behavior before #673 became an issue, while also providing more flexibility for users who want to be able to manage their initial admin user password out-of-band after creating it the first time. ### Possible drawbacks None that I can think of. ### Applicable issues - fixes #673 ### Additional information See the discussion in #675 as well ### Checklist - [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/677 Reviewed-by: justusbunsi Co-authored-by: James Harmison Co-committed-by: James Harmison --- README.md | 47 ++++++++++++++++++++++----------- templates/_helpers.tpl | 8 ++++++ templates/gitea/deployment.yaml | 2 ++ templates/gitea/init.yaml | 28 +++++++++++++++++--- values.yaml | 2 ++ 5 files changed, 67 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 56d902e..52dc794 100644 --- a/README.md +++ b/README.md @@ -569,6 +569,20 @@ gitea: existingSecret: gitea-admin-secret ``` +Whether you use the existing Secret or specify a user name and password, there are three modes for how the admin user password is created or set. + +- `keepUpdated` (the default) will set the admin user password, and reset it to the defined value every time the pod is recreated. +- `initialOnlyNoReset` will set the admin user password when creating it, but never try to update the password. +- `initialOnlyRequireReset` will set the admin user password when creating it, never update it, and require that the password be changed at the initial login. + +These modes can be set like the following: + +```yaml +gitea: + admin: + passwordMode: initialOnlyRequireReset +``` + ### LDAP Settings Like the admin user the LDAP settings can be updated. @@ -985,22 +999,23 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo ### Gitea -| Name | Description | Value | -| -------------------------------------- | ------------------------------------------------------------------------- | -------------------- | -| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` | -| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | -| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` | -| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` | -| `gitea.metrics.enabled` | Enable Gitea metrics | `false` | -| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor | `false` | -| `gitea.ldap` | LDAP configuration | `[]` | -| `gitea.oauth` | OAuth configuration | `[]` | -| `gitea.config.server.SSH_PORT` | SSH port for rootlful Gitea image | `22` | -| `gitea.config.server.SSH_LISTEN_PORT` | SSH port for rootless Gitea image | `2222` | -| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | -| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | -| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` | -| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` | +| Name | Description | Value | +| -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | -------------------- | +| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` | +| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | +| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` | +| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` | +| `gitea.admin.passwordMode` | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated | `keepUpdated` | +| `gitea.metrics.enabled` | Enable Gitea metrics | `false` | +| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor | `false` | +| `gitea.ldap` | LDAP configuration | `[]` | +| `gitea.oauth` | OAuth configuration | `[]` | +| `gitea.config.server.SSH_PORT` | SSH port for rootlful Gitea image | `22` | +| `gitea.config.server.SSH_LISTEN_PORT` | SSH port for rootless Gitea image | `2222` | +| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | +| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | +| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` | +| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` | ### LivenessProbe diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index d8dfd7d..c7d13d9 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -400,3 +400,11 @@ https {{- define "gitea.serviceAccountName" -}} {{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }} {{- end -}} + +{{- define "gitea.admin.passwordMode" -}} +{{- if has .Values.gitea.admin.passwordMode (tuple "keepUpdated" "initialOnlyNoReset" "initialOnlyRequireReset") -}} +{{ .Values.gitea.admin.passwordMode }} +{{- else -}} +{{ printf "gitea.admin.passwordMode must be set to one of 'keepUpdated', 'initialOnlyNoReset', or 'initialOnlyRequireReset'. Received: '%s'" .Values.gitea.admin.passwordMode | fail }} +{{- end -}} +{{- end -}} diff --git a/templates/gitea/deployment.yaml b/templates/gitea/deployment.yaml index ca1bdd9..f321f22 100644 --- a/templates/gitea/deployment.yaml +++ b/templates/gitea/deployment.yaml @@ -243,6 +243,8 @@ spec: - name: GITEA_ADMIN_PASSWORD value: {{ .Values.gitea.admin.password | quote }} {{- end }} + - name: GITEA_ADMIN_PASSWORD_MODE + value: {{ include "gitea.admin.passwordMode" $ }} {{- if .Values.deployment.env }} {{- toYaml .Values.deployment.env | nindent 12 }} {{- end }} diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index a67166b..0352836 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -109,13 +109,33 @@ stringData: local ACCOUNT_ID=$(echo "${actual_user_table}" | grep -E "\s+${GITEA_ADMIN_USERNAME}\s+" | awk -F " " "{printf \$1}") if [[ -z "${ACCOUNT_ID}" ]]; then + local -a create_args + create_args=(--admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }}) + if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = initialOnlyRequireReset ]]; then + create_args+=(--must-change-password=true) + else + create_args+=(--must-change-password=false) + fi echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..." - gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }} --must-change-password=false + gitea admin user create "${create_args[@]}" echo '...created.' else - echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." - gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" - echo '...password sync done.' + if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = keepUpdated ]]; then + echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." + # See https://gitea.com/gitea/helm-chart/issues/673 + # --must-change-password argument was added to change-password, defaulting to true, counter to the previous behavior + # which acted as if it were provided with =false. If the argument is present in this version of gitea, then we + # should add it to prevent requiring frequent admin password resets. + local -a change_args + change_args=(--username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}") + if gitea admin user change-password --help | grep -qF -- '--must-change-password'; then + change_args+=(--must-change-password=false) + fi + gitea admin user change-password "${change_args[@]}" + echo '...password sync done.' + else + echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist, but update mode is set to '${GITEA_ADMIN_PASSWORD_MODE}'. Skipping." + fi fi } diff --git a/values.yaml b/values.yaml index 8d93102..a44eca9 100644 --- a/values.yaml +++ b/values.yaml @@ -342,12 +342,14 @@ gitea: ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials ## @param gitea.admin.password Password for the Gitea admin user ## @param gitea.admin.email Email for the Gitea admin user + ## @param gitea.admin.passwordMode Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated admin: # existingSecret: gitea-admin-secret existingSecret: username: gitea_admin password: r8sA8CPHD9!bt6d email: "gitea@local.domain" + passwordMode: keepUpdated ## @param gitea.metrics.enabled Enable Gitea metrics ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor From 3265a5ed5358b8358dda6b434e773696e39d4ae9 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Sun, 7 Jul 2024 14:48:54 +0200 Subject: [PATCH 13/14] Drop helm signing to release 10.3.0 Right now, the generated `.prov` file is not uploaded along with the actual `.tgz` file. This makes it impossible to verify our Helm Charts. In addition, we only sign the old-fashioned `.tgz` file, not the OCI-based releases on DockerHub. The incentive to do this very commit is an expired GPG key that prevents our release. Signed-off-by: justusbunsi --- .gitea/workflows/release-version.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 8bc374f..c57421f 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -49,7 +49,6 @@ jobs: helm plugin install https://github.com/pat-s/helm-gpg helm dependency build helm package --version "${GITHUB_REF#refs/tags/v}" ./ - helm gpg sign "gitea-${GITHUB_REF#refs/tags/v}.tgz" mkdir gitea mv gitea*.tgz gitea/ curl -s -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml From 5c6cd932febf8c12cfa2d2858e66b6456e88ecad Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 13 Jul 2024 00:41:15 +0000 Subject: [PATCH 14/14] chore(deps): update postgresql docker tag to v15.5.16 (#683) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index a927d2d..fd62e33 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.14 + version: 15.5.16 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts version: 14.2.11 @@ -11,5 +11,5 @@ dependencies: - name: redis repository: oci://registry-1.docker.io/bitnamicharts version: 19.6.1 -digest: sha256:b67d5866d0e5c17ae77d617f11d0c598c93b90dd4703684799f6a77282d8d96d -generated: "2024-07-07T11:54:30.9528697+02:00" +digest: sha256:2f5e7ab97242b6254437fe1ebaff720ef93d159ae600b5ff84e6251a02ec4b25 +generated: "2024-07-13T00:17:56.909401868Z" diff --git a/Chart.yaml b/Chart.yaml index a8eec12..6e987e1 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,7 +35,7 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.14 + version: 15.5.16 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha