diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml index abdfa4c..e221ec5 100644 --- a/.forgejo/workflows/build.yml +++ b/.forgejo/workflows/build.yml @@ -5,7 +5,7 @@ on: push: branches: - main - - release/** + - maint/** tags: - v* @@ -13,7 +13,7 @@ permissions: contents: read env: - HELM_VERSION: v3.15.0 # renovate: datasource=github-releases depName=helm packageName=helm/helm + HELM_VERSION: v3.15.1 # renovate: datasource=github-releases depName=helm packageName=helm/helm HELM_UNITTEST_VERSION: v0.5.1 # renovate: datasource=github-releases depName=helm-unittest packageName=helm-unittest/helm-unittest HELM_CHART_TESTING_VERSION: v3.11.0 # renovate: datasource=github-releases depName=chart-testing packageName=helm/chart-testing KIND_VERSION: v0.23.0 # renovate: datasource=github-releases depName=kind packageName=kubernetes-sigs/kind @@ -83,6 +83,7 @@ jobs: - v1.27.13 # renovate: kindest - v1.28.9 # renovate: kindest - v1.29.4 # renovate: kindest + - v1.30.0 # renovate: kindest steps: - run: cat /etc/os-release diff --git a/.node-version b/.node-version index f203ab8..48b14e6 100644 --- a/.node-version +++ b/.node-version @@ -1 +1 @@ -20.13.1 +20.14.0 diff --git a/Chart.lock b/Chart.lock index 4c738d0..4c96f8b 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.4.0 + version: 15.5.0 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.1.0 + version: 14.1.3 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.0.6 -digest: sha256:f5fa526c8388d241f9ed32007993893dd67a6eb9374644e7a7787824e2430349 -generated: "2024-05-23T13:45:46.804717004Z" + version: 10.2.0 +digest: sha256:f7feb678e253951354014684cca973ce7656aa8fd812e627534257dad7765069 +generated: "2024-05-29T18:01:33.490509906Z" diff --git a/Chart.yaml b/Chart.yaml index 8eac68c..8ffd13a 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: forgejo description: Forgejo Helm chart for Kubernetes type: application -version: 0.0.0 +version: 0.1.0 appVersion: 7.0.3 icon: https://code.forgejo.org/forgejo/forgejo/raw/branch/forgejo/assets/logo.svg home: https://forgejo.org/ @@ -29,15 +29,15 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.4.0 + version: 15.5.0 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.1.0 + version: 14.1.3 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.0.6 + version: 10.2.0 condition: redis-cluster.enabled diff --git a/README.md b/README.md index 86d7987..ced63dc 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,7 @@ - [ReadinessProbe](#readinessprobe) - [StartupProbe](#startupprobe) - [redis-cluster](#redis-cluster) - - [PostgreSQL-ha](#postgresql-ha) + - [PostgreSQL HA](#postgresql-ha) - [PostgreSQL](#postgresql) - [Advanced](#advanced) - [Contributing](#contributing) @@ -68,7 +68,7 @@ Additionally, this chart allows to provide LDAP and admin user configuration wit ## Update and versioning policy The Forgejo helm chart versioning does not follow Forgejo's versioning. -The latest chart version can be looked up in or in the [repository releases](https://codeberg.org/forgejo-contrib/forgejo-helm/releases). +The latest chart version can be looked up in or in the [repository releases](https://codeberg.org/forgejo-contrib/forgejo-helm/releases). The chart aims to follow Forgejo's releases closely. There might be times when the chart is behind the latest Forgejo release. @@ -982,7 +982,7 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus | ------------------------ | ----------------------------------------------------------------- | ------------------ | | `signing.enabled` | Enable commit/action signing | `false` | | `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` | -| `signing.privateKey` | Inline private gpg key for signed Forgejo actions | `""` | +| `signing.privateKey` | Inline private gpg key for signed internal Git activity | `""` | | `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""` | ### Gitea @@ -1122,7 +1122,7 @@ Complete Configuration can be taken from their website. | `postgresql-ha.postgresql.postgresPassword` | postgres Password | `changeme1` | | `postgresql-ha.pgpool.adminPassword` | pgpool adminPassword | `changeme3` | | `postgresql-ha.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` | -| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL-ha volume | `10Gi` | +| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL HA volume | `10Gi` | ### PostgreSQL @@ -1161,3 +1161,8 @@ Hop into [our Matrix room](https://matrix.to/#/#forgejo-helm-chart:matrix.org) i This section lists major and breaking changes of each Helm Chart version. Please read them carefully to upgrade successfully, especially the change of the **default database backend**! If you miss this, blindly upgrading may delete your Postgres instance and you may lose your data! + +### To v6.0.0 + +You need Forgejo v7+ to use this Helm Chart version. +Use the v5 Helm Chart for Forgejo v1.21. diff --git a/forgejo-0.1.0.tgz b/forgejo-0.1.0.tgz new file mode 100644 index 0000000..ee32efa Binary files /dev/null and b/forgejo-0.1.0.tgz differ diff --git a/package.json b/package.json index 17a874a..a2fbceb 100644 --- a/package.json +++ b/package.json @@ -18,11 +18,11 @@ "conventional-changelog-conventionalcommits": "8.0.0", "conventional-changelog-core": "8.0.0", "husky": "9.0.11", - "lint-staged": "15.2.4", - "markdownlint-cli": "0.40.0", + "lint-staged": "15.2.5", + "markdownlint-cli": "0.41.0", "prettier": "3.2.5" }, - "packageManager": "pnpm@9.1.2", + "packageManager": "pnpm@9.1.3", "engines": { "node": "^18.12.0 || >=20.9.0", "pnpm": "^9.0.0" diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 9a2dd2d..304868f 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -24,11 +24,11 @@ importers: specifier: 9.0.11 version: 9.0.11 lint-staged: - specifier: 15.2.4 - version: 15.2.4 + specifier: 15.2.5 + version: 15.2.5 markdownlint-cli: - specifier: 0.40.0 - version: 0.40.0 + specifier: 0.41.0 + version: 0.41.0 prettier: specifier: 3.2.5 version: 3.2.5 @@ -164,10 +164,6 @@ packages: colorette@2.0.20: resolution: {integrity: sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==} - commander@12.0.0: - resolution: {integrity: sha512-MwVNWlYjDTtOjX5PiD7o5pK0UrFU/OYgcJfjjK4RaHZETNtjJqrZa9Y9ds88+A+f+d5lv+561eZ+yCKoS3gbAA==} - engines: {node: '>=18'} - commander@12.1.0: resolution: {integrity: sha512-Vw8qHK3bZM9y/P10u3Vib8o/DdkvA2OtPtZvD871QKjy74Wj1WSKFILMPRPSdUSx5RFK1arlJzEtA4PkFgnbuA==} engines: {node: '>=18'} @@ -304,13 +300,14 @@ packages: engines: {node: '>=18'} hasBin: true - glob@10.3.12: - resolution: {integrity: sha512-TCNv8vJ+xz4QiqTpfOJA7HvYv+tNIRHKfUWw/q+v2jdgN4ebz+KY9tGx5J4rHP0o84mNP+ApH66HRX8us3Khqg==} - engines: {node: '>=16 || 14 >=14.17'} + glob@10.4.1: + resolution: {integrity: sha512-2jelhlq3E4ho74ZyVLN03oKdAZVUa6UDZzFLVH1H7dnoax+y9qyaq8zBkfDIggjniU19z0wU18y16jMB2eyVIw==} + engines: {node: '>=16 || 14 >=14.18'} hasBin: true glob@7.2.3: resolution: {integrity: sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==} + deprecated: Glob versions prior to v9 are no longer supported handlebars@4.7.8: resolution: {integrity: sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==} @@ -348,6 +345,7 @@ packages: inflight@1.0.6: resolution: {integrity: sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==} + deprecated: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. inherits@2.0.4: resolution: {integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==} @@ -386,8 +384,8 @@ packages: isexe@2.0.0: resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==} - jackspeak@2.3.6: - resolution: {integrity: sha512-N3yCS/NegsOBokc8GAdM8UcmfsKiSS8cipheD/nivzr700H+nsMOxJjQnvwOcRYVuFkdH0wGUvW2WbXGmrZGbQ==} + jackspeak@3.1.2: + resolution: {integrity: sha512-kWmLKn2tRtfYMF/BakihVVRzBKOxz4gJMiL2Rj91WnAB5TPZumSH99R/Yf1qE1u4uRimvCSJfm6hnxohXeEXjQ==} engines: {node: '>=14'} js-tokens@4.0.0: @@ -411,8 +409,8 @@ packages: linkify-it@5.0.0: resolution: {integrity: sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==} - lint-staged@15.2.4: - resolution: {integrity: sha512-3F9KRQIS2fVDGtCkBp4Bx0jswjX7zUcKx6OF0ZeY1prksUyKPRIIUqZhIUYAstJfvj6i48VFs4dwVIbCYwvTYQ==} + lint-staged@15.2.5: + resolution: {integrity: sha512-j+DfX7W9YUvdzEZl3Rk47FhDF6xwDBV5wwsCPw6BwWZVPYJemusQmvb9bRsW23Sqsaa+vRloAWogbK4BUuU2zA==} engines: {node: '>=18.12.0'} hasBin: true @@ -442,8 +440,8 @@ packages: markdown-table@2.0.0: resolution: {integrity: sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==} - markdownlint-cli@0.40.0: - resolution: {integrity: sha512-JXhI3dRQcaqwiFYpPz6VJ7aKYheD53GmTz9y4D/d0F1MbZDGOp9pqKlbOfUX/pHP/iAoeiE4wYRmk8/kjLakxA==} + markdownlint-cli@0.41.0: + resolution: {integrity: sha512-kp29tKrMKdn+xonfefjp3a/MsNzAd9c5ke0ydMEI9PR98bOjzglYN4nfMSaIs69msUf1DNkgevAIAPtK2SeX0Q==} engines: {node: '>=18'} hasBin: true @@ -465,8 +463,8 @@ packages: merge-stream@2.0.0: resolution: {integrity: sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==} - micromatch@4.0.6: - resolution: {integrity: sha512-Y4Ypn3oujJYxJcMacVgcs92wofTHxp9FzfDpQON4msDefoC0lb3ETvQLOdLcbhSwU1bz8HrL/1sygfBIHudrkQ==} + micromatch@4.0.7: + resolution: {integrity: sha512-LPP/3KorzCwBxfeUuZmaR6bG2kdeHSbe0P2tY3FLRU4vYrjYz5hI4QZwV0njUx3jeuKe67YukQ1LSPZBKDqO/Q==} engines: {node: '>=8.6'} mimic-fn@2.1.0: @@ -487,8 +485,8 @@ packages: minimist@1.2.8: resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==} - minipass@7.0.4: - resolution: {integrity: sha512-jYofLM5Dam9279rdkWzqHozUo4ybjdZmCsDHePy5V/PbBcVMiSZR97gmAy45aqi8CK1lG2ECd356FU86avfwUQ==} + minipass@7.1.2: + resolution: {integrity: sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==} engines: {node: '>=16 || 14 >=14.17'} ms@2.1.2: @@ -532,13 +530,13 @@ packages: resolution: {integrity: sha512-haREypq7xkM7ErfgIyA0z+Bj4AGKlMSdlQE2jvJo6huWD1EdkKYV+G/T4nq0YEF2vgTT8kqMFKo1uHn950r4SQ==} engines: {node: '>=12'} - path-scurry@1.10.2: - resolution: {integrity: sha512-7xTavNy5RQXnsjANvVvMkEjvloOinkAjv/Z6Ildz9v2RinZ4SBKTWFOVRbaF8p0vpHnyjV/UwNDdKuUv6M5qcA==} - engines: {node: '>=16 || 14 >=14.17'} + path-scurry@1.11.1: + resolution: {integrity: sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==} + engines: {node: '>=16 || 14 >=14.18'} - picomatch@4.0.2: - resolution: {integrity: sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==} - engines: {node: '>=12'} + picomatch@2.3.1: + resolution: {integrity: sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==} + engines: {node: '>=8.6'} pidtree@0.6.0: resolution: {integrity: sha512-eG2dWTVw5bzqGRztnHExczNxt5VGsE6OwTeCG3fdUf9KBsZzO3R5OIIIzWR+iZA0NtZ+RDVdaoE2dK1cn6jH4g==} @@ -605,6 +603,10 @@ packages: resolution: {integrity: sha512-bSiSngZ/jWeX93BqeIAbImyTbEihizcwNjFoRUIY/T1wWQsfsm2Vw1agPKylXvQTU7iASGdHhyqRlqQzfz+Htg==} engines: {node: '>=18'} + smol-toml@1.2.0: + resolution: {integrity: sha512-KObxdQANC/xje3OoatMbSwQf2XAvJ0RbK+4nmQRszFNZptbNRnMWqbLF/zb4sMi9xJ6HNyhWXeuZ9zC/I/XY7w==} + engines: {node: '>= 18', pnpm: '>= 9'} + source-map@0.6.1: resolution: {integrity: sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==} engines: {node: '>=0.10.0'} @@ -661,9 +663,6 @@ packages: resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==} engines: {node: '>=8.0'} - toml@3.0.0: - resolution: {integrity: sha512-y/mWCZinnvxjTKYhJ+pYxwD0mRLVvOtdS2Awbgxln6iEnt4rk0yBxeSBHkGJcPucRiG0e55mwWp+g/05rsrd6w==} - typanion@3.14.0: resolution: {integrity: sha512-ZW/lVMRabETuYCd9O9ZvMhAh8GslSqaUjxmK/JLPCh6l73CvLBiuXswj/+7LdnWOgYsQ130FqLzFz5aGT4I3Ug==} @@ -849,8 +848,6 @@ snapshots: colorette@2.0.20: {} - commander@12.0.0: {} - commander@12.1.0: {} commander@6.2.1: {} @@ -984,13 +981,13 @@ snapshots: - conventional-commits-filter - conventional-commits-parser - glob@10.3.12: + glob@10.4.1: dependencies: foreground-child: 3.1.1 - jackspeak: 2.3.6 + jackspeak: 3.1.2 minimatch: 9.0.4 - minipass: 7.0.4 - path-scurry: 1.10.2 + minipass: 7.1.2 + path-scurry: 1.11.1 glob@7.2.3: dependencies: @@ -1057,7 +1054,7 @@ snapshots: isexe@2.0.0: {} - jackspeak@2.3.6: + jackspeak@3.1.2: dependencies: '@isaacs/cliui': 8.0.2 optionalDependencies: @@ -1079,7 +1076,7 @@ snapshots: dependencies: uc.micro: 2.1.0 - lint-staged@15.2.4: + lint-staged@15.2.5: dependencies: chalk: 5.3.0 commander: 12.1.0 @@ -1087,7 +1084,7 @@ snapshots: execa: 8.0.1 lilconfig: 3.1.1 listr2: 8.2.1 - micromatch: 4.0.6 + micromatch: 4.0.7 pidtree: 0.6.0 string-argv: 0.3.2 yaml: 2.4.2 @@ -1132,11 +1129,11 @@ snapshots: dependencies: repeat-string: 1.6.1 - markdownlint-cli@0.40.0: + markdownlint-cli@0.41.0: dependencies: - commander: 12.0.0 + commander: 12.1.0 get-stdin: 9.0.0 - glob: 10.3.12 + glob: 10.4.1 ignore: 5.3.1 js-yaml: 4.1.0 jsonc-parser: 3.2.1 @@ -1144,7 +1141,7 @@ snapshots: markdownlint: 0.34.0 minimatch: 9.0.4 run-con: 1.3.2 - toml: 3.0.0 + smol-toml: 1.2.0 markdownlint-micromark@0.1.9: {} @@ -1159,10 +1156,10 @@ snapshots: merge-stream@2.0.0: {} - micromatch@4.0.6: + micromatch@4.0.7: dependencies: braces: 3.0.3 - picomatch: 4.0.2 + picomatch: 2.3.1 mimic-fn@2.1.0: {} @@ -1178,7 +1175,7 @@ snapshots: minimist@1.2.8: {} - minipass@7.0.4: {} + minipass@7.1.2: {} ms@2.1.2: {} @@ -1219,12 +1216,12 @@ snapshots: path-key@4.0.0: {} - path-scurry@1.10.2: + path-scurry@1.11.1: dependencies: lru-cache: 10.2.0 - minipass: 7.0.4 + minipass: 7.1.2 - picomatch@4.0.2: {} + picomatch@2.3.1: {} pidtree@0.6.0: {} @@ -1286,6 +1283,8 @@ snapshots: ansi-styles: 6.2.1 is-fullwidth-code-point: 5.0.0 + smol-toml@1.2.0: {} + source-map@0.6.1: {} spdx-correct@3.2.0: @@ -1342,8 +1341,6 @@ snapshots: dependencies: is-number: 7.0.0 - toml@3.0.0: {} - typanion@3.14.0: {} type-fest@3.13.1: {} diff --git a/renovate.json b/renovate.json index eb111ac..8ff496d 100644 --- a/renovate.json +++ b/renovate.json @@ -9,7 +9,15 @@ "custom.regex", "github-actions" ], + "baseBranches": ["main", "/^maint\\/.+/"], "packageRules": [ + { + "description": "Disable major chart updates for maintenance branches", + "matchBaseBranches": ["/^maint\\/.+/"], + "matchUpdateTypes": ["major"], + "matchFileNames": ["Chart.yaml"], + "enabled": false + }, { "matchManagers": ["helmv3"], "matchUpdateTypes": ["minor", "patch"], @@ -86,6 +94,11 @@ "description": "Update only daily for forgejo ci tests", "matchFileNames": ["ci/*.yml"], "extends": ["schedule:daily"] + }, + { + "description": "branch automerge not possible", + "matchPackagePatterns": [".+"], + "automergeType": "pr" } ], "customManagers": [ diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index dc76158..30ee3b9 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -3,26 +3,6 @@ Expand the name of the chart. */}} -{{- /* multiple replicas assertions */ -}} -{{- if gt .Values.replicaCount 1.0 -}} - {{- fail "When using multiple replicas, a RWX file system is required" -}} - {{- if eq (get (.Values.persistence.accessModes 0) "ReadWriteOnce") -}} - {{- fail "When using multiple replicas, a RWX file system is required" -}} - {{- end }} - - {{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}} - {{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}} - {{- end }} - - {{- if and (eq .Values.gitea.config.indexer.REPO_INDEXER_TYPE "bleve") (eq .Values.gitea.config.indexer.REPO_INDEXER_ENABLED "true") -}} - {{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}} - {{- end }} - - {{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}} - {{- (printf "DEBUG: When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'") | fail -}} - {{- end }} -{{- end }} - {{- define "gitea.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -60,7 +40,7 @@ Create image name and tag used by the deployment. {{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}} {{- $repository := .Values.image.repository -}} {{- $separator := ":" -}} -{{- $tag := .Values.image.tag | default .Chart.AppVersion -}} +{{- $tag := .Values.image.tag | default .Chart.AppVersion | toString -}} {{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}} {{- $digest := "" -}} {{- if .Values.image.digest }} diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 42645eb..80e39dd 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -18,35 +18,40 @@ type: Opaque stringData: assertions: | -{{- /*assert that only one PG dep is enabled */ -}} -{{- if and (.Values.postgresql.enabled) (index .Values "postgresql-ha" "enabled") -}} - {{- fail "Only one of postgresql or postgresql-ha can be enabled at the same time." -}} -{{- end }} - -{{- /* multiple replicas assertions */ -}} -{{- if gt .Values.replicaCount 1.0 -}} - {{- if (get (get .Values.gitea.config "cron.GIT_GC_REPOS") "ENABLED") -}} - {{- fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." -}} - {{- end }} - - {{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}} - {{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}} - {{- end }} - - {{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}} - {{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}} - {{- end }} - {{- if .Values.gitea.config.indexer.REPO_INDEXER_TYPE -}} - {{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_TYPE") "bleve" -}} - {{- if .Values.gitea.config.indexer.REPO_INDEXER_ENABLED -}} - {{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_ENABLED") "true" -}} - {{- fail "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -}} + {{- /*assert that only one PG dep is enabled */ -}} + {{- if and (.Values.postgresql.enabled) (index .Values "postgresql-ha" "enabled") -}} + {{- fail "Only one of postgresql or postgresql-ha can be enabled at the same time." -}} + {{- end }} + + {{- /* multiple replicas assertions */ -}} + {{- if gt .Values.replicaCount 1.0 -}} + {{- if .Values.gitea.config.cron -}} + {{- if .Values.gitea.config.cron.GIT_GC_REPOS -}} + {{- if eq .Values.gitea.config.cron.GIT_GC_REPOS.ENABLED true -}} + {{ fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." }} + {{- end }} + {{- end }} + {{- end }} + + {{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}} + {{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}} + {{- end }} + {{- if .Values.gitea.config.indexer -}} + {{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}} + {{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}} + {{- end }} + {{- if .Values.gitea.config.indexer.REPO_INDEXER_TYPE -}} + {{- if eq .Values.gitea.config.indexer.REPO_INDEXER_TYPE "bleve" -}} + {{- if .Values.gitea.config.indexer.REPO_INDEXER_ENABLED -}} + {{- if eq .Values.gitea.config.indexer.REPO_INDEXER_ENABLED true -}} + {{- fail "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -}} + {{- end }} + {{- end }} + {{- end }} {{- end }} {{- end }} - {{- end }} - {{- end }} -{{- end }} + {{- end }} config_environment.sh: |- #!/usr/bin/env bash set -euo pipefail diff --git a/templates/gitea/deployment.yaml b/templates/gitea/deployment.yaml index 247a560..ca1bdd9 100644 --- a/templates/gitea/deployment.yaml +++ b/templates/gitea/deployment.yaml @@ -8,6 +8,9 @@ metadata: {{- end }} labels: {{- include "gitea.labels" . | nindent 4 }} + {{- if .Values.deployment.labels }} + {{- toYaml .Values.deployment.labels | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.replicaCount }} strategy: @@ -397,4 +400,4 @@ spec: {{- else if not .Values.persistence.enabled }} - name: data emptyDir: {} - {{- end }} + {{- end }} \ No newline at end of file diff --git a/unittests/deployment/HA.yaml b/unittests/deployment/HA.yaml new file mode 100644 index 0000000..aeecad6 --- /dev/null +++ b/unittests/deployment/HA.yaml @@ -0,0 +1,59 @@ +suite: deployment template (HA) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/deployment.yaml + - templates/gitea/config.yaml +tests: + - it: fails with multiple replicas and "GIT_GC_REPOS" enabled + template: templates/gitea/deployment.yaml + set: + replicaCount: 2 + persistence: + accessModes: + - ReadWriteMany + gitea: + config: + cron: + GIT_GC_REPOS: + ENABLED: true + asserts: + - failedTemplate: + errorMessage: "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." + - it: fails with multiple replicas and RWX file system not set + template: templates/gitea/deployment.yaml + set: + replicaCount: 2 + asserts: + - failedTemplate: + errorMessage: 'When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany.' + - it: fails with multiple replicas and bleve issue indexer + template: templates/gitea/deployment.yaml + set: + replicaCount: 2 + persistence: + accessModes: + - ReadWriteMany + gitea: + config: + indexer: + ISSUE_INDEXER_TYPE: bleve + asserts: + - failedTemplate: + errorMessage: "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." + - it: fails with multiple replicas and bleve repo indexer + template: templates/gitea/deployment.yaml + set: + replicaCount: 2 + persistence: + accessModes: + - ReadWriteMany + gitea: + config: + indexer: + REPO_INDEXER_TYPE: bleve + REPO_INDEXER_ENABLED: true + asserts: + - failedTemplate: + errorMessage: "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." diff --git a/unittests/deployment/basic.yaml b/unittests/deployment/basic.yaml index bfcb9f2..133a7c2 100644 --- a/unittests/deployment/basic.yaml +++ b/unittests/deployment/basic.yaml @@ -15,3 +15,17 @@ tests: kind: Deployment apiVersion: apps/v1 name: forgejo-unittests + - it: deployment labels are set + template: templates/gitea/deployment.yaml + set: + deployment.labels: + hello: world + asserts: + - isSubset: + path: metadata.labels + content: + hello: world + - isSubset: + path: spec.template.metadata.labels + content: + hello: world diff --git a/unittests/deployment/image-configuration.yaml b/unittests/deployment/image-configuration.yaml index ab63f3d..9d15f54 100644 --- a/unittests/deployment/image-configuration.yaml +++ b/unittests/deployment/image-configuration.yaml @@ -91,3 +91,20 @@ tests: - equal: path: spec.template.spec.containers[0].image value: 'global.example.com/forgejo/forgejo:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a' + - it: correctly renders floating tag references + template: templates/gitea/deployment.yaml + set: + image.tag: 1.21 # use non-quoted value on purpose. See: https://gitea.com/gitea/helm-chart/issues/631 + asserts: + - equal: + path: spec.template.spec.initContainers[0].image + value: 'codeberg.org/forgejo/forgejo:1.21-rootless' + - equal: + path: spec.template.spec.initContainers[1].image + value: 'codeberg.org/forgejo/forgejo:1.21-rootless' + - equal: + path: spec.template.spec.initContainers[2].image + value: 'codeberg.org/forgejo/forgejo:1.21-rootless' + - equal: + path: spec.template.spec.containers[0].image + value: 'codeberg.org/forgejo/forgejo:1.21-rootless' diff --git a/unittests/init/init_directory_structure.sh-rootless.yaml b/unittests/init/init_directory_structure.sh-rootless.yaml index 29dac81..ea5f3cf 100644 --- a/unittests/init/init_directory_structure.sh-rootless.yaml +++ b/unittests/init/init_directory_structure.sh-rootless.yaml @@ -1,6 +1,6 @@ -suite: Init template +suite: Init template (rootless) release: - name: gitea-unittests + name: forgejo-unittests namespace: testing templates: - templates/gitea/init.yaml @@ -67,7 +67,6 @@ tests: chown 1000:1000 "${GNUPGHOME}" fi - it: it does not chown /data even when image.fullOverride is set - template: templates/gitea/init.yaml set: image.fullOverride: gitea/gitea:1.20.5 asserts: diff --git a/values.yaml b/values.yaml index b93216e..f268869 100644 --- a/values.yaml +++ b/values.yaml @@ -323,7 +323,7 @@ initContainers: # ## @param signing.enabled Enable commit/action signing ## @param signing.gpgHome GPG home directory -## @param signing.privateKey Inline private gpg key for signed Forgejo actions +## @param signing.privateKey Inline private gpg key for signed internal Git activity ## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey` signing: enabled: false @@ -654,7 +654,7 @@ redis-cluster: ## @param postgresql-ha.postgresql.postgresPassword postgres Password ## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword ## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) -## @param postgresql-ha.primary.persistence.size PVC Storage Request for PostgreSQL-ha volume +## @param postgresql-ha.primary.persistence.size PVC Storage Request for PostgreSQL HA volume postgresql-ha: global: postgresql: