diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml index 899e873..e221ec5 100644 --- a/.forgejo/workflows/build.yml +++ b/.forgejo/workflows/build.yml @@ -5,7 +5,7 @@ on: push: branches: - main - - release/** + - maint/** tags: - v* @@ -13,11 +13,11 @@ permissions: contents: read env: - HELM_VERSION: v3.14.4 # renovate: datasource=github-releases depName=helm packageName=helm/helm - HELM_UNITTEST_VERSION: v0.4.4 # renovate: datasource=github-releases depName=helm-unittest packageName=helm-unittest/helm-unittest + HELM_VERSION: v3.15.1 # renovate: datasource=github-releases depName=helm packageName=helm/helm + HELM_UNITTEST_VERSION: v0.5.1 # renovate: datasource=github-releases depName=helm-unittest packageName=helm-unittest/helm-unittest HELM_CHART_TESTING_VERSION: v3.11.0 # renovate: datasource=github-releases depName=chart-testing packageName=helm/chart-testing - KIND_VERSION: v0.22.0 # renovate: datasource=github-releases depName=kind packageName=kubernetes-sigs/kind - KUBECTL_VERSION: v1.30.0 # renovate: datasource=github-releases depName=kubectl packageName=kubernetes/kubernetes + KIND_VERSION: v0.23.0 # renovate: datasource=github-releases depName=kind packageName=kubernetes-sigs/kind + KUBECTL_VERSION: v1.30.1 # renovate: datasource=github-releases depName=kubectl packageName=kubernetes/kubernetes jobs: lint-node: @@ -25,7 +25,7 @@ jobs: steps: - run: cat /etc/os-release - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: show-progress: false @@ -44,7 +44,7 @@ jobs: - run: ps axf - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: show-progress: false fetch-depth: 0 @@ -80,14 +80,15 @@ jobs: matrix: k8s: # from https://hub.docker.com/r/kindest/node/tags - - v1.27.11 # renovate: kindest - - v1.28.7 # renovate: kindest - - v1.29.2 # renovate: kindest + - v1.27.13 # renovate: kindest + - v1.28.9 # renovate: kindest + - v1.29.4 # renovate: kindest + - v1.30.0 # renovate: kindest steps: - run: cat /etc/os-release - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: show-progress: false fetch-depth: 0 @@ -102,7 +103,7 @@ jobs: - name: Install chart-testing # TODO: pin to version when this is released: https://github.com/helm/chart-testing-action/pull/137 - uses: helm/chart-testing-action@16c6be374ac50a5ef2faa6a755d2fad76a94c9fd # main + uses: helm/chart-testing-action@4f62db170e3aa295575ba779f7141287841da474 # main with: version: ${{ env.HELM_CHART_TESTING_VERSION }} @@ -161,7 +162,7 @@ jobs: if: ${{ github.ref_type == 'tag' }} steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: show-progress: false fetch-depth: 0 # Important for changelog diff --git a/.node-version b/.node-version index 8783404..48b14e6 100644 --- a/.node-version +++ b/.node-version @@ -1 +1 @@ -20.12.2 +20.14.0 diff --git a/.vscode/settings.json b/.vscode/settings.json index 9cde5a4..a7776f2 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -4,7 +4,7 @@ ".github/workflows/*", ".forgejo/workflows/*" ], - "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.4.4/schema/helm-testsuite.json": [ + "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.1/schema/helm-testsuite.json": [ "/unittests/**/*.yaml" ] }, diff --git a/Chart.lock b/Chart.lock index 513159e..4c96f8b 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.2.9 + version: 15.5.0 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.0.10 + version: 14.1.3 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.0.2 -digest: sha256:d159195bf7a9eef7495e2eb69c6874fcf136ebc657002ca55779b29e0d33056b -generated: "2024-05-06T11:01:27.673699773Z" + version: 10.2.0 +digest: sha256:f7feb678e253951354014684cca973ce7656aa8fd812e627534257dad7765069 +generated: "2024-05-29T18:01:33.490509906Z" diff --git a/Chart.yaml b/Chart.yaml index ab4090a..8ffd13a 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,9 +2,9 @@ apiVersion: v2 name: forgejo description: Forgejo Helm chart for Kubernetes type: application -version: 0.0.0 -appVersion: 7.0.2 -icon: https://design.codeberg.org/logo-kit/icon.svg +version: 0.1.0 +appVersion: 7.0.3 +icon: https://code.forgejo.org/forgejo/forgejo/raw/branch/forgejo/assets/logo.svg home: https://forgejo.org/ keywords: @@ -29,15 +29,15 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.2.9 + version: 15.5.0 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.0.10 + version: 14.1.3 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.0.2 + version: 10.2.0 condition: redis-cluster.enabled diff --git a/README.md b/README.md index 8a2e0a6..ced63dc 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,5 @@ # Forgejo Helm Chart -[![status-badge](https://ci.dachary.org/api/badges/forgejo-contrib/forgejo-helm/status.svg)](https://ci.dachary.org/forgejo-contrib/forgejo-helm) - - [Introduction](#introduction) - [Update and versioning policy](#update-and-versioning-policy) - [Dependencies](#dependencies) @@ -52,7 +50,7 @@ - [ReadinessProbe](#readinessprobe) - [StartupProbe](#startupprobe) - [redis-cluster](#redis-cluster) - - [PostgreSQL-ha](#postgresql-ha) + - [PostgreSQL HA](#postgresql-ha) - [PostgreSQL](#postgresql) - [Advanced](#advanced) - [Contributing](#contributing) @@ -70,7 +68,7 @@ Additionally, this chart allows to provide LDAP and admin user configuration wit ## Update and versioning policy The Forgejo helm chart versioning does not follow Forgejo's versioning. -The latest chart version can be looked up in or in the [repository releases](https://codeberg.org/forgejo-contrib/forgejo-helm/releases). +The latest chart version can be looked up in or in the [repository releases](https://codeberg.org/forgejo-contrib/forgejo-helm/releases). The chart aims to follow Forgejo's releases closely. There might be times when the chart is behind the latest Forgejo release. @@ -984,7 +982,7 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus | ------------------------ | ----------------------------------------------------------------- | ------------------ | | `signing.enabled` | Enable commit/action signing | `false` | | `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` | -| `signing.privateKey` | Inline private gpg key for signed Forgejo actions | `""` | +| `signing.privateKey` | Inline private gpg key for signed internal Git activity | `""` | | `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""` | ### Gitea @@ -1124,7 +1122,7 @@ Complete Configuration can be taken from their website. | `postgresql-ha.postgresql.postgresPassword` | postgres Password | `changeme1` | | `postgresql-ha.pgpool.adminPassword` | pgpool adminPassword | `changeme3` | | `postgresql-ha.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` | -| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL-ha volume | `10Gi` | +| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL HA volume | `10Gi` | ### PostgreSQL @@ -1156,8 +1154,15 @@ Expected workflow is: Fork -> Patch -> Push -> Pull Request See [CONTRIBUTORS GUIDE](CONTRIBUTING.md) for details. +Hop into [our Matrix room](https://matrix.to/#/#forgejo-helm-chart:matrix.org) if you have any questions or want to get involved. + ## Upgrading This section lists major and breaking changes of each Helm Chart version. Please read them carefully to upgrade successfully, especially the change of the **default database backend**! If you miss this, blindly upgrading may delete your Postgres instance and you may lose your data! + +### To v6.0.0 + +You need Forgejo v7+ to use this Helm Chart version. +Use the v5 Helm Chart for Forgejo v1.21. diff --git a/forgejo-0.1.0.tgz b/forgejo-0.1.0.tgz new file mode 100644 index 0000000..ee32efa Binary files /dev/null and b/forgejo-0.1.0.tgz differ diff --git a/package.json b/package.json index 822823d..a2fbceb 100644 --- a/package.json +++ b/package.json @@ -13,16 +13,16 @@ "readme:parameters": "readme-generator -v values.yaml -r README.md" }, "devDependencies": { - "@bitnami/readme-generator-for-helm": "^2.4.2", - "clipanion": "^3.2.1", - "conventional-changelog-conventionalcommits": "^8.0.0", - "conventional-changelog-core": "^8.0.0", - "husky": "^9.0.0", - "lint-staged": "^15.2.0", - "markdownlint-cli": "^0.40.0", - "prettier": "^3.1.0" + "@bitnami/readme-generator-for-helm": "2.6.1", + "clipanion": "3.2.1", + "conventional-changelog-conventionalcommits": "8.0.0", + "conventional-changelog-core": "8.0.0", + "husky": "9.0.11", + "lint-staged": "15.2.5", + "markdownlint-cli": "0.41.0", + "prettier": "3.2.5" }, - "packageManager": "pnpm@9.1.0", + "packageManager": "pnpm@9.1.3", "engines": { "node": "^18.12.0 || >=20.9.0", "pnpm": "^9.0.0" diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index aa94fd0..304868f 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -9,28 +9,28 @@ importers: .: devDependencies: '@bitnami/readme-generator-for-helm': - specifier: ^2.4.2 + specifier: 2.6.1 version: 2.6.1 clipanion: - specifier: ^3.2.1 + specifier: 3.2.1 version: 3.2.1(typanion@3.14.0) conventional-changelog-conventionalcommits: - specifier: ^8.0.0 + specifier: 8.0.0 version: 8.0.0 conventional-changelog-core: - specifier: ^8.0.0 + specifier: 8.0.0 version: 8.0.0(conventional-commits-filter@4.0.0) husky: - specifier: ^9.0.0 + specifier: 9.0.11 version: 9.0.11 lint-staged: - specifier: ^15.2.0 - version: 15.2.2 + specifier: 15.2.5 + version: 15.2.5 markdownlint-cli: - specifier: ^0.40.0 - version: 0.40.0 + specifier: 0.41.0 + version: 0.41.0 prettier: - specifier: ^3.1.0 + specifier: 3.2.5 version: 3.2.5 packages: @@ -123,8 +123,8 @@ packages: brace-expansion@2.0.1: resolution: {integrity: sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==} - braces@3.0.2: - resolution: {integrity: sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==} + braces@3.0.3: + resolution: {integrity: sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==} engines: {node: '>=8'} chalk@2.4.2: @@ -164,12 +164,8 @@ packages: colorette@2.0.20: resolution: {integrity: sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==} - commander@11.1.0: - resolution: {integrity: sha512-yPVavfyCcRhmorC7rWlkHn15b4wDVgVmBA7kV4QVBsF7kv/9TKJAbAXVTxvTnwP8HHKjRCJDClKbciiYS7p0DQ==} - engines: {node: '>=16'} - - commander@12.0.0: - resolution: {integrity: sha512-MwVNWlYjDTtOjX5PiD7o5pK0UrFU/OYgcJfjjK4RaHZETNtjJqrZa9Y9ds88+A+f+d5lv+561eZ+yCKoS3gbAA==} + commander@12.1.0: + resolution: {integrity: sha512-Vw8qHK3bZM9y/P10u3Vib8o/DdkvA2OtPtZvD871QKjy74Wj1WSKFILMPRPSdUSx5RFK1arlJzEtA4PkFgnbuA==} engines: {node: '>=18'} commander@6.2.1: @@ -264,8 +260,8 @@ packages: resolution: {integrity: sha512-VyhnebXciFV2DESc+p6B+y0LjSm0krU4OgJN44qFAhBY0TJ+1V61tYD2+wHusZ6F9n5K+vl8k0sTy7PEfV4qpg==} engines: {node: '>=16.17'} - fill-range@7.0.1: - resolution: {integrity: sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==} + fill-range@7.1.1: + resolution: {integrity: sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==} engines: {node: '>=8'} find-up-simple@1.0.0: @@ -304,13 +300,14 @@ packages: engines: {node: '>=18'} hasBin: true - glob@10.3.12: - resolution: {integrity: sha512-TCNv8vJ+xz4QiqTpfOJA7HvYv+tNIRHKfUWw/q+v2jdgN4ebz+KY9tGx5J4rHP0o84mNP+ApH66HRX8us3Khqg==} - engines: {node: '>=16 || 14 >=14.17'} + glob@10.4.1: + resolution: {integrity: sha512-2jelhlq3E4ho74ZyVLN03oKdAZVUa6UDZzFLVH1H7dnoax+y9qyaq8zBkfDIggjniU19z0wU18y16jMB2eyVIw==} + engines: {node: '>=16 || 14 >=14.18'} hasBin: true glob@7.2.3: resolution: {integrity: sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==} + deprecated: Glob versions prior to v9 are no longer supported handlebars@4.7.8: resolution: {integrity: sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==} @@ -348,6 +345,7 @@ packages: inflight@1.0.6: resolution: {integrity: sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==} + deprecated: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. inherits@2.0.4: resolution: {integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==} @@ -386,8 +384,8 @@ packages: isexe@2.0.0: resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==} - jackspeak@2.3.6: - resolution: {integrity: sha512-N3yCS/NegsOBokc8GAdM8UcmfsKiSS8cipheD/nivzr700H+nsMOxJjQnvwOcRYVuFkdH0wGUvW2WbXGmrZGbQ==} + jackspeak@3.1.2: + resolution: {integrity: sha512-kWmLKn2tRtfYMF/BakihVVRzBKOxz4gJMiL2Rj91WnAB5TPZumSH99R/Yf1qE1u4uRimvCSJfm6hnxohXeEXjQ==} engines: {node: '>=14'} js-tokens@4.0.0: @@ -404,20 +402,20 @@ packages: resolution: {integrity: sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==} engines: {node: '>=0.10.0'} - lilconfig@3.0.0: - resolution: {integrity: sha512-K2U4W2Ff5ibV7j7ydLr+zLAkIg5JJ4lPn1Ltsdt+Tz/IjQ8buJ55pZAxoP34lqIiwtF9iAvtLv3JGv7CAyAg+g==} + lilconfig@3.1.1: + resolution: {integrity: sha512-O18pf7nyvHTckunPWCV1XUNXU1piu01y2b7ATJ0ppkUkk8ocqVWBrYjJBCwHDjD/ZWcfyrA0P4gKhzWGi5EINQ==} engines: {node: '>=14'} linkify-it@5.0.0: resolution: {integrity: sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==} - lint-staged@15.2.2: - resolution: {integrity: sha512-TiTt93OPh1OZOsb5B7k96A/ATl2AjIZo+vnzFZ6oHK5FuTk63ByDtxGQpHm+kFETjEWqgkF95M8FRXKR/LEBcw==} + lint-staged@15.2.5: + resolution: {integrity: sha512-j+DfX7W9YUvdzEZl3Rk47FhDF6xwDBV5wwsCPw6BwWZVPYJemusQmvb9bRsW23Sqsaa+vRloAWogbK4BUuU2zA==} engines: {node: '>=18.12.0'} hasBin: true - listr2@8.0.1: - resolution: {integrity: sha512-ovJXBXkKGfq+CwmKTjluEqFi3p4h8xvkxGQQAQan22YCgef4KZ1mKGjzfGh6PL6AW5Csw0QiQPNuQyH+6Xk3hA==} + listr2@8.2.1: + resolution: {integrity: sha512-irTfvpib/rNiD637xeevjO2l3Z5loZmuaRi0L0YE5LfijwVY96oyVn0DFD3o/teAok7nfobMG1THvvcHh/BP6g==} engines: {node: '>=18.0.0'} lodash@4.17.21: @@ -442,8 +440,8 @@ packages: markdown-table@2.0.0: resolution: {integrity: sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==} - markdownlint-cli@0.40.0: - resolution: {integrity: sha512-JXhI3dRQcaqwiFYpPz6VJ7aKYheD53GmTz9y4D/d0F1MbZDGOp9pqKlbOfUX/pHP/iAoeiE4wYRmk8/kjLakxA==} + markdownlint-cli@0.41.0: + resolution: {integrity: sha512-kp29tKrMKdn+xonfefjp3a/MsNzAd9c5ke0ydMEI9PR98bOjzglYN4nfMSaIs69msUf1DNkgevAIAPtK2SeX0Q==} engines: {node: '>=18'} hasBin: true @@ -465,8 +463,8 @@ packages: merge-stream@2.0.0: resolution: {integrity: sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==} - micromatch@4.0.5: - resolution: {integrity: sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==} + micromatch@4.0.7: + resolution: {integrity: sha512-LPP/3KorzCwBxfeUuZmaR6bG2kdeHSbe0P2tY3FLRU4vYrjYz5hI4QZwV0njUx3jeuKe67YukQ1LSPZBKDqO/Q==} engines: {node: '>=8.6'} mimic-fn@2.1.0: @@ -487,8 +485,8 @@ packages: minimist@1.2.8: resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==} - minipass@7.0.4: - resolution: {integrity: sha512-jYofLM5Dam9279rdkWzqHozUo4ybjdZmCsDHePy5V/PbBcVMiSZR97gmAy45aqi8CK1lG2ECd356FU86avfwUQ==} + minipass@7.1.2: + resolution: {integrity: sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==} engines: {node: '>=16 || 14 >=14.17'} ms@2.1.2: @@ -532,9 +530,9 @@ packages: resolution: {integrity: sha512-haREypq7xkM7ErfgIyA0z+Bj4AGKlMSdlQE2jvJo6huWD1EdkKYV+G/T4nq0YEF2vgTT8kqMFKo1uHn950r4SQ==} engines: {node: '>=12'} - path-scurry@1.10.2: - resolution: {integrity: sha512-7xTavNy5RQXnsjANvVvMkEjvloOinkAjv/Z6Ildz9v2RinZ4SBKTWFOVRbaF8p0vpHnyjV/UwNDdKuUv6M5qcA==} - engines: {node: '>=16 || 14 >=14.17'} + path-scurry@1.11.1: + resolution: {integrity: sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==} + engines: {node: '>=16 || 14 >=14.18'} picomatch@2.3.1: resolution: {integrity: sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==} @@ -605,6 +603,10 @@ packages: resolution: {integrity: sha512-bSiSngZ/jWeX93BqeIAbImyTbEihizcwNjFoRUIY/T1wWQsfsm2Vw1agPKylXvQTU7iASGdHhyqRlqQzfz+Htg==} engines: {node: '>=18'} + smol-toml@1.2.0: + resolution: {integrity: sha512-KObxdQANC/xje3OoatMbSwQf2XAvJ0RbK+4nmQRszFNZptbNRnMWqbLF/zb4sMi9xJ6HNyhWXeuZ9zC/I/XY7w==} + engines: {node: '>= 18', pnpm: '>= 9'} + source-map@0.6.1: resolution: {integrity: sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==} engines: {node: '>=0.10.0'} @@ -661,9 +663,6 @@ packages: resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==} engines: {node: '>=8.0'} - toml@3.0.0: - resolution: {integrity: sha512-y/mWCZinnvxjTKYhJ+pYxwD0mRLVvOtdS2Awbgxln6iEnt4rk0yBxeSBHkGJcPucRiG0e55mwWp+g/05rsrd6w==} - typanion@3.14.0: resolution: {integrity: sha512-ZW/lVMRabETuYCd9O9ZvMhAh8GslSqaUjxmK/JLPCh6l73CvLBiuXswj/+7LdnWOgYsQ130FqLzFz5aGT4I3Ug==} @@ -716,15 +715,16 @@ packages: yallist@4.0.0: resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==} - yaml@2.3.4: - resolution: {integrity: sha512-8aAvwVUSHpfEqTQ4w/KMlf3HcRdt50E5ODIQJBw1fQ5RL34xabzxtUlzTXVqc4rkZsPbvrXKWnABCD7kWSmocA==} - engines: {node: '>= 14'} - yaml@2.4.1: resolution: {integrity: sha512-pIXzoImaqmfOrL7teGUBt/T7ZDnyeGBWyXQBvOVhLkWLN37GXv8NMLK406UY6dS51JfcQHsmcW5cJ441bHg6Lg==} engines: {node: '>= 14'} hasBin: true + yaml@2.4.2: + resolution: {integrity: sha512-B3VqDZ+JAg1nZpaEmWtTXUlBneoGx6CPM9b0TENK6aoSu5t73dItudwdgmi6tHlIZZId4dZ9skcAQ2UbcyAeVA==} + engines: {node: '>= 14'} + hasBin: true + snapshots: '@babel/code-frame@7.23.5': @@ -809,9 +809,9 @@ snapshots: dependencies: balanced-match: 1.0.2 - braces@3.0.2: + braces@3.0.3: dependencies: - fill-range: 7.0.1 + fill-range: 7.1.1 chalk@2.4.2: dependencies: @@ -848,9 +848,7 @@ snapshots: colorette@2.0.20: {} - commander@11.1.0: {} - - commander@12.0.0: {} + commander@12.1.0: {} commander@6.2.1: {} @@ -946,7 +944,7 @@ snapshots: signal-exit: 4.1.0 strip-final-newline: 3.0.0 - fill-range@7.0.1: + fill-range@7.1.1: dependencies: to-regex-range: 5.0.1 @@ -983,13 +981,13 @@ snapshots: - conventional-commits-filter - conventional-commits-parser - glob@10.3.12: + glob@10.4.1: dependencies: foreground-child: 3.1.1 - jackspeak: 2.3.6 + jackspeak: 3.1.2 minimatch: 9.0.4 - minipass: 7.0.4 - path-scurry: 1.10.2 + minipass: 7.1.2 + path-scurry: 1.11.1 glob@7.2.3: dependencies: @@ -1056,7 +1054,7 @@ snapshots: isexe@2.0.0: {} - jackspeak@2.3.6: + jackspeak@3.1.2: dependencies: '@isaacs/cliui': 8.0.2 optionalDependencies: @@ -1072,28 +1070,28 @@ snapshots: jsonpointer@5.0.1: {} - lilconfig@3.0.0: {} + lilconfig@3.1.1: {} linkify-it@5.0.0: dependencies: uc.micro: 2.1.0 - lint-staged@15.2.2: + lint-staged@15.2.5: dependencies: chalk: 5.3.0 - commander: 11.1.0 + commander: 12.1.0 debug: 4.3.4 execa: 8.0.1 - lilconfig: 3.0.0 - listr2: 8.0.1 - micromatch: 4.0.5 + lilconfig: 3.1.1 + listr2: 8.2.1 + micromatch: 4.0.7 pidtree: 0.6.0 string-argv: 0.3.2 - yaml: 2.3.4 + yaml: 2.4.2 transitivePeerDependencies: - supports-color - listr2@8.0.1: + listr2@8.2.1: dependencies: cli-truncate: 4.0.0 colorette: 2.0.20 @@ -1131,11 +1129,11 @@ snapshots: dependencies: repeat-string: 1.6.1 - markdownlint-cli@0.40.0: + markdownlint-cli@0.41.0: dependencies: - commander: 12.0.0 + commander: 12.1.0 get-stdin: 9.0.0 - glob: 10.3.12 + glob: 10.4.1 ignore: 5.3.1 js-yaml: 4.1.0 jsonc-parser: 3.2.1 @@ -1143,7 +1141,7 @@ snapshots: markdownlint: 0.34.0 minimatch: 9.0.4 run-con: 1.3.2 - toml: 3.0.0 + smol-toml: 1.2.0 markdownlint-micromark@0.1.9: {} @@ -1158,9 +1156,9 @@ snapshots: merge-stream@2.0.0: {} - micromatch@4.0.5: + micromatch@4.0.7: dependencies: - braces: 3.0.2 + braces: 3.0.3 picomatch: 2.3.1 mimic-fn@2.1.0: {} @@ -1177,7 +1175,7 @@ snapshots: minimist@1.2.8: {} - minipass@7.0.4: {} + minipass@7.1.2: {} ms@2.1.2: {} @@ -1218,10 +1216,10 @@ snapshots: path-key@4.0.0: {} - path-scurry@1.10.2: + path-scurry@1.11.1: dependencies: lru-cache: 10.2.0 - minipass: 7.0.4 + minipass: 7.1.2 picomatch@2.3.1: {} @@ -1285,6 +1283,8 @@ snapshots: ansi-styles: 6.2.1 is-fullwidth-code-point: 5.0.0 + smol-toml@1.2.0: {} + source-map@0.6.1: {} spdx-correct@3.2.0: @@ -1341,8 +1341,6 @@ snapshots: dependencies: is-number: 7.0.0 - toml@3.0.0: {} - typanion@3.14.0: {} type-fest@3.13.1: {} @@ -1389,6 +1387,6 @@ snapshots: yallist@4.0.0: {} - yaml@2.3.4: {} - yaml@2.4.1: {} + + yaml@2.4.2: {} diff --git a/renovate.json b/renovate.json index 1f1bea1..8ff496d 100644 --- a/renovate.json +++ b/renovate.json @@ -2,8 +2,22 @@ "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": ["forgejo-contrib/forgejo-renovate//base.json"], "assignees": ["viceice"], - "enabledManagers": ["helmv3", "nodenv", "npm", "regex", "github-actions"], + "enabledManagers": [ + "helmv3", + "nodenv", + "npm", + "custom.regex", + "github-actions" + ], + "baseBranches": ["main", "/^maint\\/.+/"], "packageRules": [ + { + "description": "Disable major chart updates for maintenance branches", + "matchBaseBranches": ["/^maint\\/.+/"], + "matchUpdateTypes": ["major"], + "matchFileNames": ["Chart.yaml"], + "enabled": false + }, { "matchManagers": ["helmv3"], "matchUpdateTypes": ["minor", "patch"], @@ -15,13 +29,13 @@ "semanticCommitType": "feat" }, { - "matchManagers": ["regex"], + "matchManagers": ["custom.regex"], "matchDepNames": ["forgejo"], "matchUpdateTypes": ["patch"], "semanticCommitType": "fix" }, { - "matchManagers": ["regex"], + "matchManagers": ["custom.regex"], "matchDepNames": ["forgejo"], "matchUpdateTypes": ["major", "minor"], "semanticCommitType": "feat" @@ -29,7 +43,7 @@ { "description": "Automerge patch deps updates", "matchManagers": ["helmv3"], - "matchFiles": ["Chart.yaml"], + "matchFileNames": ["Chart.yaml"], "matchUpdateTypes": ["patch"], "automerge": true }, @@ -80,6 +94,11 @@ "description": "Update only daily for forgejo ci tests", "matchFileNames": ["ci/*.yml"], "extends": ["schedule:daily"] + }, + { + "description": "branch automerge not possible", + "matchPackagePatterns": [".+"], + "automergeType": "pr" } ], "customManagers": [ diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index dc76158..30ee3b9 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -3,26 +3,6 @@ Expand the name of the chart. */}} -{{- /* multiple replicas assertions */ -}} -{{- if gt .Values.replicaCount 1.0 -}} - {{- fail "When using multiple replicas, a RWX file system is required" -}} - {{- if eq (get (.Values.persistence.accessModes 0) "ReadWriteOnce") -}} - {{- fail "When using multiple replicas, a RWX file system is required" -}} - {{- end }} - - {{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}} - {{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}} - {{- end }} - - {{- if and (eq .Values.gitea.config.indexer.REPO_INDEXER_TYPE "bleve") (eq .Values.gitea.config.indexer.REPO_INDEXER_ENABLED "true") -}} - {{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}} - {{- end }} - - {{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}} - {{- (printf "DEBUG: When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'") | fail -}} - {{- end }} -{{- end }} - {{- define "gitea.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -60,7 +40,7 @@ Create image name and tag used by the deployment. {{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}} {{- $repository := .Values.image.repository -}} {{- $separator := ":" -}} -{{- $tag := .Values.image.tag | default .Chart.AppVersion -}} +{{- $tag := .Values.image.tag | default .Chart.AppVersion | toString -}} {{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}} {{- $digest := "" -}} {{- if .Values.image.digest }} diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 42645eb..80e39dd 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -18,35 +18,40 @@ type: Opaque stringData: assertions: | -{{- /*assert that only one PG dep is enabled */ -}} -{{- if and (.Values.postgresql.enabled) (index .Values "postgresql-ha" "enabled") -}} - {{- fail "Only one of postgresql or postgresql-ha can be enabled at the same time." -}} -{{- end }} - -{{- /* multiple replicas assertions */ -}} -{{- if gt .Values.replicaCount 1.0 -}} - {{- if (get (get .Values.gitea.config "cron.GIT_GC_REPOS") "ENABLED") -}} - {{- fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." -}} - {{- end }} - - {{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}} - {{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}} - {{- end }} - - {{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}} - {{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}} - {{- end }} - {{- if .Values.gitea.config.indexer.REPO_INDEXER_TYPE -}} - {{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_TYPE") "bleve" -}} - {{- if .Values.gitea.config.indexer.REPO_INDEXER_ENABLED -}} - {{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_ENABLED") "true" -}} - {{- fail "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -}} + {{- /*assert that only one PG dep is enabled */ -}} + {{- if and (.Values.postgresql.enabled) (index .Values "postgresql-ha" "enabled") -}} + {{- fail "Only one of postgresql or postgresql-ha can be enabled at the same time." -}} + {{- end }} + + {{- /* multiple replicas assertions */ -}} + {{- if gt .Values.replicaCount 1.0 -}} + {{- if .Values.gitea.config.cron -}} + {{- if .Values.gitea.config.cron.GIT_GC_REPOS -}} + {{- if eq .Values.gitea.config.cron.GIT_GC_REPOS.ENABLED true -}} + {{ fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." }} + {{- end }} + {{- end }} + {{- end }} + + {{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}} + {{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}} + {{- end }} + {{- if .Values.gitea.config.indexer -}} + {{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}} + {{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}} + {{- end }} + {{- if .Values.gitea.config.indexer.REPO_INDEXER_TYPE -}} + {{- if eq .Values.gitea.config.indexer.REPO_INDEXER_TYPE "bleve" -}} + {{- if .Values.gitea.config.indexer.REPO_INDEXER_ENABLED -}} + {{- if eq .Values.gitea.config.indexer.REPO_INDEXER_ENABLED true -}} + {{- fail "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -}} + {{- end }} + {{- end }} + {{- end }} {{- end }} {{- end }} - {{- end }} - {{- end }} -{{- end }} + {{- end }} config_environment.sh: |- #!/usr/bin/env bash set -euo pipefail diff --git a/templates/gitea/deployment.yaml b/templates/gitea/deployment.yaml index 247a560..ca1bdd9 100644 --- a/templates/gitea/deployment.yaml +++ b/templates/gitea/deployment.yaml @@ -8,6 +8,9 @@ metadata: {{- end }} labels: {{- include "gitea.labels" . | nindent 4 }} + {{- if .Values.deployment.labels }} + {{- toYaml .Values.deployment.labels | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.replicaCount }} strategy: @@ -397,4 +400,4 @@ spec: {{- else if not .Values.persistence.enabled }} - name: data emptyDir: {} - {{- end }} + {{- end }} \ No newline at end of file diff --git a/unittests/deployment/HA.yaml b/unittests/deployment/HA.yaml new file mode 100644 index 0000000..aeecad6 --- /dev/null +++ b/unittests/deployment/HA.yaml @@ -0,0 +1,59 @@ +suite: deployment template (HA) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/deployment.yaml + - templates/gitea/config.yaml +tests: + - it: fails with multiple replicas and "GIT_GC_REPOS" enabled + template: templates/gitea/deployment.yaml + set: + replicaCount: 2 + persistence: + accessModes: + - ReadWriteMany + gitea: + config: + cron: + GIT_GC_REPOS: + ENABLED: true + asserts: + - failedTemplate: + errorMessage: "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." + - it: fails with multiple replicas and RWX file system not set + template: templates/gitea/deployment.yaml + set: + replicaCount: 2 + asserts: + - failedTemplate: + errorMessage: 'When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany.' + - it: fails with multiple replicas and bleve issue indexer + template: templates/gitea/deployment.yaml + set: + replicaCount: 2 + persistence: + accessModes: + - ReadWriteMany + gitea: + config: + indexer: + ISSUE_INDEXER_TYPE: bleve + asserts: + - failedTemplate: + errorMessage: "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." + - it: fails with multiple replicas and bleve repo indexer + template: templates/gitea/deployment.yaml + set: + replicaCount: 2 + persistence: + accessModes: + - ReadWriteMany + gitea: + config: + indexer: + REPO_INDEXER_TYPE: bleve + REPO_INDEXER_ENABLED: true + asserts: + - failedTemplate: + errorMessage: "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." diff --git a/unittests/deployment/basic.yaml b/unittests/deployment/basic.yaml index bfcb9f2..133a7c2 100644 --- a/unittests/deployment/basic.yaml +++ b/unittests/deployment/basic.yaml @@ -15,3 +15,17 @@ tests: kind: Deployment apiVersion: apps/v1 name: forgejo-unittests + - it: deployment labels are set + template: templates/gitea/deployment.yaml + set: + deployment.labels: + hello: world + asserts: + - isSubset: + path: metadata.labels + content: + hello: world + - isSubset: + path: spec.template.metadata.labels + content: + hello: world diff --git a/unittests/deployment/image-configuration.yaml b/unittests/deployment/image-configuration.yaml index ab63f3d..9d15f54 100644 --- a/unittests/deployment/image-configuration.yaml +++ b/unittests/deployment/image-configuration.yaml @@ -91,3 +91,20 @@ tests: - equal: path: spec.template.spec.containers[0].image value: 'global.example.com/forgejo/forgejo:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a' + - it: correctly renders floating tag references + template: templates/gitea/deployment.yaml + set: + image.tag: 1.21 # use non-quoted value on purpose. See: https://gitea.com/gitea/helm-chart/issues/631 + asserts: + - equal: + path: spec.template.spec.initContainers[0].image + value: 'codeberg.org/forgejo/forgejo:1.21-rootless' + - equal: + path: spec.template.spec.initContainers[1].image + value: 'codeberg.org/forgejo/forgejo:1.21-rootless' + - equal: + path: spec.template.spec.initContainers[2].image + value: 'codeberg.org/forgejo/forgejo:1.21-rootless' + - equal: + path: spec.template.spec.containers[0].image + value: 'codeberg.org/forgejo/forgejo:1.21-rootless' diff --git a/unittests/init/init_directory_structure.sh-rootless.yaml b/unittests/init/init_directory_structure.sh-rootless.yaml index 29dac81..ea5f3cf 100644 --- a/unittests/init/init_directory_structure.sh-rootless.yaml +++ b/unittests/init/init_directory_structure.sh-rootless.yaml @@ -1,6 +1,6 @@ -suite: Init template +suite: Init template (rootless) release: - name: gitea-unittests + name: forgejo-unittests namespace: testing templates: - templates/gitea/init.yaml @@ -67,7 +67,6 @@ tests: chown 1000:1000 "${GNUPGHOME}" fi - it: it does not chown /data even when image.fullOverride is set - template: templates/gitea/init.yaml set: image.fullOverride: gitea/gitea:1.20.5 asserts: diff --git a/values.yaml b/values.yaml index b93216e..f268869 100644 --- a/values.yaml +++ b/values.yaml @@ -323,7 +323,7 @@ initContainers: # ## @param signing.enabled Enable commit/action signing ## @param signing.gpgHome GPG home directory -## @param signing.privateKey Inline private gpg key for signed Forgejo actions +## @param signing.privateKey Inline private gpg key for signed internal Git activity ## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey` signing: enabled: false @@ -654,7 +654,7 @@ redis-cluster: ## @param postgresql-ha.postgresql.postgresPassword postgres Password ## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword ## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) -## @param postgresql-ha.primary.persistence.size PVC Storage Request for PostgreSQL-ha volume +## @param postgresql-ha.primary.persistence.size PVC Storage Request for PostgreSQL HA volume postgresql-ha: global: postgresql: