diff --git a/.forgejo/actions/setup-k3s/action.yml b/.forgejo/actions/setup-k3s/action.yml new file mode 100644 index 0000000..4c237b0 --- /dev/null +++ b/.forgejo/actions/setup-k3s/action.yml @@ -0,0 +1,25 @@ +# action.yml +name: setup-k3s +description: 'setup k3s' + +inputs: + version: + description: 'k3s version' + required: true + +runs: + using: 'composite' + steps: + - shell: bash + name: install k3s + run: | + curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=${INPUT_VERSION} K3S_KUBECONFIG_MODE=640 sh -s - server + echo "KUBECONFIG=/etc/rancher/k3s/k3s.yaml" >> $GITHUB_ENV + - shell: bash + name: check k3s + run: kubectl cluster-info + - shell: bash + name: wait for nodes ready + run: | + sleep 3 + kubectl wait --for=condition=Ready nodes --all --timeout=600s diff --git a/.forgejo/actions/setup-node/action.yml b/.forgejo/actions/setup-node/action.yml index 9d1ce2c..5ab39be 100644 --- a/.forgejo/actions/setup-node/action.yml +++ b/.forgejo/actions/setup-node/action.yml @@ -5,11 +5,15 @@ description: 'setup node' runs: using: 'composite' steps: - - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 + - name: Setup pnpm + uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 + with: + standalone: true + + - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version-file: .node-version - # cache: 'npm' - - shell: bash - run: corepack enable + cache: 'pnpm' + - shell: bash run: pnpm install --frozen-lockfile diff --git a/.forgejo/renovate/k3s.json b/.forgejo/renovate/k3s.json new file mode 100644 index 0000000..edb593d --- /dev/null +++ b/.forgejo/renovate/k3s.json @@ -0,0 +1,57 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "packageRules": [ + { + "description": "Separate minor and patch updates for k3s", + "matchDatasources": ["github-releases"], + "matchPackageNames": ["k3s-io/k3s"], + "separateMultipleMinor": true, + "separateMinorPatch": true, + "branchTopic": "{{{depNameSanitized}}}{{#if isMinor}}-minor{{/if}}-{{{newMajor}}}{{#if isPatch}}.{{{newMinor}}}{{/if}}.x{{#if isLockfileUpdate}}-lockfile{{/if}}", + "commitMessageSuffix": "{{#if isMinor}}(minor){{/if}}{{#if isPatch}}(patch){{/if}}" + }, + { + "description": "No automerge for k3s major and minor updates", + "matchDatasources": ["github-releases"], + "matchPackageNames": ["k3s-io/k3s"], + "matchUpdateTypes": ["major", "minor"], + "automerge": false + }, + { + "description": "Group k3s patch updates", + "matchDatasources": ["github-releases"], + "matchPackageNames": ["k3s-io/k3s"], + "matchUpdateTypes": ["patch"], + "groupName": "k3s" + }, + { + "description": "Disable k3s major and minor updates for old versions", + "matchDatasources": ["github-releases"], + "matchFileNames": [".forgejo/workflows/**"], + "matchPackageNames": ["k3s-io/k3s"], + "matchUpdateTypes": ["major", "minor"], + "matchCurrentValue": "!/^v1.32/", + "enabled": false + } + ], + "customDatasources": { + "k3s": { + "defaultRegistryUrlTemplate": "https://update.k3s.io/v1-release/channels", + "transformTemplates": [ + "($isVersion:=function($name){$contains($name,/^v\\d+.\\d+$/)};{\"releases\":[data[$isVersion(name)].{\"version\":latest}],\"sourceUrl\":\"https://github.com/k3s-io/k3s\",\"homepage\":\"https://k3s.io/\"})" + ] + } + }, + "customManagers": [ + { + "customType": "regex", + "fileMatch": [".forgejo/renovate/k3s.json"], + "matchStrings": [ + "matchCurrentValue\": \"!\\/^v(?\\d+\\.\\d+)\\/" + ], + "depNameTemplate": "k3s", + "versioningTemplate": "npm", + "datasourceTemplate": "custom.k3s" + } + ] +} diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml index 866096d..5418491 100644 --- a/.forgejo/workflows/build.yml +++ b/.forgejo/workflows/build.yml @@ -8,16 +8,17 @@ on: - maint/** tags: - v* + workflow_dispatch: permissions: contents: read env: - HELM_VERSION: v3.15.3 # renovate: datasource=github-releases depName=helm packageName=helm/helm - HELM_UNITTEST_VERSION: v0.5.2 # renovate: datasource=github-releases depName=helm-unittest packageName=helm-unittest/helm-unittest - HELM_CHART_TESTING_VERSION: v3.11.0 # renovate: datasource=github-releases depName=chart-testing packageName=helm/chart-testing - KIND_VERSION: v0.23.0 # renovate: datasource=github-releases depName=kind packageName=kubernetes-sigs/kind - KUBECTL_VERSION: v1.30.3 # renovate: datasource=github-releases depName=kubectl packageName=kubernetes/kubernetes + HELM_VERSION: v3.17.2 # renovate: datasource=github-releases depName=helm packageName=helm/helm + HELM_UNITTEST_VERSION: v0.7.2 # renovate: datasource=github-releases depName=helm-unittest packageName=helm-unittest/helm-unittest + HELM_CHART_TESTING_VERSION: v3.12.0 # renovate: datasource=github-releases depName=chart-testing packageName=helm/chart-testing + KUBECTL_VERSION: v1.32.3 # renovate: datasource=github-releases depName=kubectl packageName=kubernetes/kubernetes + CT_GITHUB_GROUPS: true jobs: lint-node: @@ -25,9 +26,11 @@ jobs: steps: - run: cat /etc/os-release - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: show-progress: false + fetch-depth: 0 # Important for changelog + filter: blob:none # We don't need all blobs - uses: ./.forgejo/actions/setup - uses: ./.forgejo/actions/setup-node @@ -37,6 +40,10 @@ jobs: - run: make readme - run: git diff --exit-code --name-only README.md + - name: changelog + run: | + pnpm changelog ${{ github.ref_type == 'tag' && 'true' || '' }} + lint-helm: runs-on: docker steps: @@ -44,7 +51,7 @@ jobs: - run: ps axf - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: show-progress: false fetch-depth: 0 @@ -53,12 +60,12 @@ jobs: - uses: ./.forgejo/actions/setup - name: install chart-testing - uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 + uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 with: version: ${{ env.HELM_CHART_TESTING_VERSION }} - name: install helm - uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 with: version: ${{ env.HELM_VERSION }} @@ -74,21 +81,27 @@ jobs: - run: ct lint --config tools/ct.yml --charts . e2e: + needs: + - lint-node + - lint-helm runs-on: k8s strategy: matrix: - k8s: - # from https://hub.docker.com/r/kindest/node/tags - - v1.27.13 # renovate: kindest - - v1.28.9 # renovate: kindest - - v1.29.4 # renovate: kindest - - v1.30.2 # renovate: kindest + k3s: + # https://github.com/k3s-io/k3s/branches + # oldest supported version + - v1.28.15+k3s1 # renovate: k3s + # https://github.com/k3s-io/k3s/blob/master/channel.yaml#L3-L4 + # stable version + - v1.31.6+k3s1 # renovate: k3s + # newest version + - v1.32.2+k3s1 # renovate: k3s steps: - run: cat /etc/os-release - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: show-progress: false fetch-depth: 0 @@ -97,34 +110,28 @@ jobs: - uses: ./.forgejo/actions/setup - name: install helm - uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 with: version: ${{ env.HELM_VERSION }} - name: Install chart-testing - # TODO: pin to version when this is released: https://github.com/helm/chart-testing-action/pull/137 - uses: helm/chart-testing-action@5aa1c68405a43a57240a9b2869379324b2bec0fc # main + uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 with: version: ${{ env.HELM_CHART_TESTING_VERSION }} - - uses: ./.forgejo/actions/setup-docker - - - name: Create kind cluster - uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 + - uses: ./.forgejo/actions/setup-k3s with: - node_image: kindest/node:${{ matrix.k8s }} - kubectl_version: ${{ env.KUBECTL_VERSION }} - version: ${{ env.KIND_VERSION }} + version: ${{ matrix.k3s }} - run: kubectl get no -o wide - name: install chart - uses: https://github.com/nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0 + uses: https://github.com/nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 with: timeout_minutes: 15 max_attempts: 3 retry_on: error - retry_wait_seconds: 60 + retry_wait_seconds: 120 polling_interval_seconds: 5 command: ct install --config tools/ct.yml --charts . @@ -162,7 +169,7 @@ jobs: if: ${{ github.ref_type == 'tag' }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: show-progress: false fetch-depth: 0 # Important for changelog @@ -172,7 +179,7 @@ jobs: - uses: ./.forgejo/actions/setup-node - name: install helm - uses: https://github.com/azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + uses: https://github.com/azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 with: version: ${{ env.HELM_VERSION }} diff --git a/.forgejo/workflows/mirror.yml b/.forgejo/workflows/mirror.yml index c4345e5..0e7c901 100644 --- a/.forgejo/workflows/mirror.yml +++ b/.forgejo/workflows/mirror.yml @@ -6,6 +6,8 @@ on: branches: - 'main' + workflow_dispatch: + jobs: mirror: runs-on: docker diff --git a/.node-version b/.node-version index 8ce7030..7d41c73 100644 --- a/.node-version +++ b/.node-version @@ -1 +1 @@ -20.16.0 +22.14.0 diff --git a/.vscode/settings.json b/.vscode/settings.json index a570123..da15f96 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -4,7 +4,7 @@ ".github/workflows/*", ".forgejo/workflows/*" ], - "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.2/schema/helm-testsuite.json": [ + "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.7.2/schema/helm-testsuite.json": [ "/unittests/**/*.yaml" ] }, diff --git a/Chart.lock b/Chart.lock index b2a0170..bff1098 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,18 @@ dependencies: +- name: common + repository: oci://ghcr.io/visualon/bitnamicharts + version: 2.30.0 - name: postgresql - repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.20 + repository: oci://ghcr.io/visualon/bitnamicharts + version: 16.5.6 - name: postgresql-ha - repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.14 + repository: oci://ghcr.io/visualon/bitnamicharts + version: 15.3.8 - name: redis-cluster - repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.9 -digest: sha256:1e9d1de99e188fbd7c3eb3305a9ff6e0428313b181b83b9dea1051e5b134de1b -generated: "2024-07-25T12:30:38.908174676Z" + repository: oci://ghcr.io/visualon/bitnamicharts + version: 11.4.6 +- name: redis + repository: oci://ghcr.io/visualon/bitnamicharts + version: 20.11.4 +digest: sha256:a9c9f0779663336dd22ca4896f22bb64427e28f20aa567aee2f18474f8e31a23 +generated: "2025-03-26T15:31:33.532188569Z" diff --git a/Chart.yaml b/Chart.yaml index 43165e1..8218677 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: forgejo description: Forgejo Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 7.0.6 +appVersion: 10.0.3 icon: https://code.forgejo.org/forgejo/forgejo/raw/branch/forgejo/assets/logo.svg home: https://forgejo.org/ @@ -22,22 +22,35 @@ maintainers: - name: Michael Kriese email: michael.kriese@visualon.de -# Bitnami charts are served from Docker Hub +# Bitnami charts are served from ghcr mirror because of rate limiting on Docker Hub # https://hub.docker.com/u/bitnamicharts # https://blog.bitnami.com/2023/01/bitnami-helm-charts-available-as-oci.html +# https://github.com/bitnami/charts/issues/30853 +# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 dependencies: + # https://github.com/bitnami/charts/blob/main/bitnami/common/Chart.yaml + - name: common + repository: oci://ghcr.io/visualon/bitnamicharts + tags: + - bitnami-common + version: 2.30.0 # https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml - name: postgresql - repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.20 + repository: oci://ghcr.io/visualon/bitnamicharts + version: 16.5.6 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha - repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.14 + repository: oci://ghcr.io/visualon/bitnamicharts + version: 15.3.8 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster - repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.9 + repository: oci://ghcr.io/visualon/bitnamicharts + version: 11.4.6 condition: redis-cluster.enabled + # https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml + - name: redis + repository: oci://ghcr.io/visualon/bitnamicharts + version: 20.11.4 + condition: redis.enabled diff --git a/LICENSE b/LICENSE index bbf54de..b073755 100644 --- a/LICENSE +++ b/LICENSE @@ -1,5 +1,6 @@ MIT License +Copyright (c) 2023 The Forgejo Authors Copyright (c) 2020 The Gitea Authors Copyright (c) 2020 NOVUM-RGI Copyright (c) 2019 - 2020 Charlie Drage diff --git a/Makefile b/Makefile index 8354304..dd97d84 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ readme: prepare-environment .PHONY: unittests unittests: - helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' ./ + helm unittest --strict -f 'unittests/**/*.yaml' ./ .PHONY: helm update-helm-dependencies: diff --git a/README.md b/README.md index a7881a2..8a448fa 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,6 @@ - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini) - [External Database](#external-database) - [Ports and external url](#ports-and-external-url) - - [ClusterIP](#clusterip) - [SSH and Ingress](#ssh-and-ingress) - [SSH on crio based kubernetes cluster](#ssh-on-crio-based-kubernetes-cluster) - [Cache](#cache) @@ -46,15 +45,23 @@ - [Init](#init) - [Signing](#signing) - [Gitea](#gitea) + - [`app.ini` overrides](#appini-overrides) - [LivenessProbe](#livenessprobe) - [ReadinessProbe](#readinessprobe) - [StartupProbe](#startupprobe) - - [redis-cluster](#redis-cluster) + - [Redis® Cluster](#redis-cluster) + - [Redis®](#redis) - [PostgreSQL HA](#postgresql-ha) - [PostgreSQL](#postgresql) - [Advanced](#advanced) - [Contributing](#contributing) - [Upgrading](#upgrading) + - [To v11](#to-v11) + - [To v10](#to-v10) + - [To v9](#to-v9) + - [To v8](#to-v8) + - [To v7](#to-v7) + - [To v6](#to-v6) [Forgejo](https://forgejo.org/) is a community managed lightweight code hosting solution written in Go. It is published under the MIT license. @@ -94,7 +101,8 @@ These dependencies are enabled by default: Alternatively, the following non-HA replacements are available: -- PostgreSQL ([Bitnami PostgreSQL]()) +- PostgreSQL ([Bitnami PostgreSQL](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml)) +- Redis ([Bitnami Redis](https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml)) ### Dependency Versioning @@ -113,6 +121,7 @@ Please double-check the image repository and available tags in the sub-chart: - [PostgreSQL-HA](https://hub.docker.com/r/bitnami/postgresql-repmgr/tags) - [PostgreSQL](https://hub.docker.com/r/bitnami/postgresql/tags) - [Redis Cluster](https://hub.docker.com/r/bitnami/redis-cluster/tags) +- [Redis](https://hub.docker.com/r/bitnami/redis/tags) and look up the image tag which fits your needs on Dockerhub. @@ -167,14 +176,14 @@ gitea: This chart will set a few defaults in the Forgejo configuration based on the service and ingress settings. All defaults can be overwritten in `gitea.config`. -INSTALL_LOCK is always set to true, since we want to configure Forgejo with this helm chart and everything is taken care of. +INSTALL_LOCK is always set to true because the configuration in this helm chart makes any configuration via installer superfluous. _All default settings are made directly in the generated `app.ini`, not in the Values._ #### Database defaults -If a builtIn database is enabled the database configuration is set automatically. -For example, PostgreSQL builtIn will appear in the `app.ini` as: +If a database subchart is enabled, the database configuration is set automatically. +For example, PostgreSQL will appear in the `app.ini` as: ```ini [database] @@ -247,7 +256,7 @@ External tools such as `redis-cluster` or `memcached` handle these workloads muc If HA is not needed/desired, the following configurations can be used to deploy a single-pod Forgejo instance. -1. For a production-ready single-pod Forgejo instance without external dependencies (using the chart dependency `postgresql`): +1. For a production-ready single-pod Forgejo instance without external dependencies (using the chart dependency `postgresql` and `redis`):
@@ -256,6 +265,8 @@ If HA is not needed/desired, the following configurations can be used to deploy ```yaml redis-cluster: enabled: false + redis: + enabled: true postgresql: enabled: true postgresql-ha: @@ -268,12 +279,6 @@ If HA is not needed/desired, the following configurations can be used to deploy config: database: DB_TYPE: postgres - session: - PROVIDER: db - cache: - ADAPTER: memory - queue: - TYPE: level indexer: ISSUE_INDEXER_TYPE: bleve REPO_INDEXER_ENABLED: true @@ -293,6 +298,8 @@ If HA is not needed/desired, the following configurations can be used to deploy ```yaml redis-cluster: enabled: false + redis: + enabled: false postgresql: enabled: false postgresql-ha: @@ -442,23 +449,6 @@ This helm chart automatically configures the clone urls to use the correct ports You can change these ports by hand using the `gitea.config` dict. However you should know what you're doing. -### ClusterIP - -By default the `clusterIP` will be set to `None`, which is the default for headless services. -However if you want to omit the clusterIP field in the service, use the following values: - -```yaml -service: - http: - type: ClusterIP - port: 3000 - clusterIP: - ssh: - type: ClusterIP - port: 22 - clusterIP: -``` - ### SSH and Ingress If you're using ingress and want to use SSH, keep in mind, that ingress is not able to forward SSH Ports. @@ -468,7 +458,7 @@ You will need a LoadBalancer like `metallb` and a setting in your ssh service an service: ssh: annotations: - metallb.universe.tf/allow-shared-ip: test + metallb.io/allow-shared-ip: test ``` ### SSH on crio based kubernetes cluster @@ -541,8 +531,6 @@ postgresql: This chart enables you to create a default admin user. It is also possible to update the password for this user by upgrading or redeploying the chart. -It is not possible to delete an admin user after it has been created. -This has to be done in the ui. You cannot use `admin` as username. ```yaml @@ -572,6 +560,22 @@ gitea: existingSecret: gitea-admin-secret ``` +To delete the admin user, set `username` or `password` to an empty value and delete the user in the UI. + +Whether you use the existing Secret or specify a username and password directly, there are three modes for how the admin user password is created or set. + +- `keepUpdated` (the default) will set the admin user password, and reset it to the defined value every time the pod is recreated. +- `initialOnlyNoReset` will set the admin user password when creating it, but never try to update the password. +- `initialOnlyRequireReset` will set the admin user password when creating it, never update it, and require that the password be changed at the initial login. + +These modes can be set like the following: + +```yaml +gitea: + admin: + passwordMode: initialOnlyRequireReset +``` + ### LDAP Settings Like the admin user the LDAP settings can be updated. @@ -629,7 +633,7 @@ Affected options: Like the admin user, OAuth2 settings can be updated and disabled but not deleted. Deleting OAuth2 settings has to be done in the UI. -All OAuth2 values, which are documented [here](https://forgejo.org/docs/latest/admin/command-line/#admin), are available. +[All OAuth2 values](https://forgejo.org/docs/latest/admin/command-line/#admin-auth-add-oauth) are available. Multiple OAuth2 sources can be configured with additional OAuth list items. @@ -668,14 +672,29 @@ gitea: existingSecret: gitea-oauth-secret ``` +### Compatibility with OCP (OKD or OpenShift) + +Normally OCP is automatically detected and the compatibility mode set accordingly. To enforce the OCP compatibility mode use the following configuration: + +```yaml +global: + compatibility: + openshift: + adaptSecurityContext: force +``` + +An OCP route to access Forgejo can be enabled with the following config: + +```yaml +route: + enabled: true +``` + ## Configure commit signing -When using the rootless image the gpg key folder is not persistent by default. -If you consider using signed commits for internal Forgejo activities (e.g. initial commit), you'd need to provide a signing key. -Prior to [PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be re-imported once the container got replaced by another. - -The mentioned PR introduced a new configuration object `signing` allowing you to configure prerequisites for commit signing. -By default this section is disabled to maintain backwards compatibility. +When using the rootless image, the GPG key folder is not persistent by default. +If you want commits by Forgejo (e.g. initial commit) to be signed, +you need to provide a signing key: ```yaml signing: @@ -683,8 +702,10 @@ signing: gpgHome: /data/git/.gnupg ``` -Regardless of the used container image the `signing` object allows to specify a private gpg key. -Either using the `signing.privateKey` to define the key inline, or refer to an existing secret containing the key data by using `signing.existingSecret`. +By default this section is disabled to maintain backwards compatibility. + +Regardless of the used container image the `signing` object allows to specify a private GPG key. +Either using the `signing.privateKey` to define the key inline, or referring to an existing secret containing the key data with `signing.existingSecret`. ```yaml apiVersion: v1 @@ -704,7 +725,7 @@ signing: existingSecret: custom-gitea-gpg-key ``` -To use the gpg key, Forgejo needs to be configured accordingly. +To use the GPG key, Forgejo needs to be configured accordingly. A detailed description can be found in the [documentation](https://forgejo.org/docs/latest/admin/signing/#general-configuration). ## Metrics and profiling @@ -843,6 +864,7 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus | `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets` | `[]` | | `global.storageClass` | global storage class override | `""` | | `global.hostAliases` | global hostAliases which will be added to the pod's hosts files | `[]` | +| `namespaceOverride` | String to fully override common.names.namespace | `""` | | `replicaCount` | number of replicas for the deployment | `1` | ### strategy @@ -882,7 +904,7 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus | --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | `service.http.type` | Kubernetes service type for web traffic | `ClusterIP` | | `service.http.port` | Port number for web traffic | `3000` | -| `service.http.clusterIP` | ClusterIP setting for http autosetup for deployment is None | `None` | +| `service.http.clusterIP` | ClusterIP setting for http autosetup for deployment | `nil` | | `service.http.loadBalancerIP` | LoadBalancer IP setting | `nil` | | `service.http.nodePort` | NodePort for http service | `nil` | | `service.http.externalTrafficPolicy` | If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` | @@ -892,9 +914,10 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus | `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` | | `service.http.annotations` | HTTP service annotations | `{}` | | `service.http.labels` | HTTP service additional labels | `{}` | +| `service.http.loadBalancerClass` | Loadbalancer class | `nil` | | `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` | | `service.ssh.port` | Port number for ssh traffic | `22` | -| `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for deployment is None | `None` | +| `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for deployment | `nil` | | `service.ssh.loadBalancerIP` | LoadBalancer IP setting | `nil` | | `service.ssh.nodePort` | NodePort for ssh service | `nil` | | `service.ssh.externalTrafficPolicy` | If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` | @@ -905,19 +928,35 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus | `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` | | `service.ssh.annotations` | SSH service annotations | `{}` | | `service.ssh.labels` | SSH service additional labels | `{}` | +| `service.ssh.loadBalancerClass` | Loadbalancer class | `nil` | ### Ingress -| Name | Description | Value | -| ------------------------------------ | --------------------------------------------------------------------------- | ----------------- | -| `ingress.enabled` | Enable ingress | `false` | -| `ingress.className` | Ingress class name | `nil` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.hosts[0].host` | Default Ingress host | `git.example.com` | -| `ingress.hosts[0].paths[0].path` | Default Ingress path | `/` | -| `ingress.hosts[0].paths[0].pathType` | Ingress path type | `Prefix` | -| `ingress.tls` | Ingress tls settings | `[]` | -| `ingress.apiVersion` | Specify APIVersion of ingress object. Mostly would only be used for argocd. | | +| Name | Description | Value | +| ------------------------------------ | -------------------- | ----------------- | +| `ingress.enabled` | Enable ingress | `false` | +| `ingress.className` | Ingress class name | `nil` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.hosts[0].host` | Default Ingress host | `git.example.com` | +| `ingress.hosts[0].paths[0].path` | Default Ingress path | `/` | +| `ingress.hosts[0].paths[0].pathType` | Ingress path type | `Prefix` | +| `ingress.tls` | Ingress tls settings | `[]` | + +### Route + +| Name | Description | Value | +| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | +| `route.enabled` | Enable route | `false` | +| `route.annotations` | Route annotations | `{}` | +| `route.host` | Host to use for the route (will be assigned automatically by OKD / OpenShift is not defined) | `nil` | +| `route.wildcardPolicy` | Wildcard policy if any for the route, currently only 'Subdomain' or 'None' is allowed. | `nil` | +| `route.tls.termination` | termination type (see [OKD documentation](https://docs.okd.io/latest/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)) | `edge` | +| `route.tls.insecureEdgeTerminationPolicy` | the desired behavior for insecure connections to a route (e.g. with http) | `Redirect` | +| `route.tls.existingSecret` | the name of a predefined secret of type kubernetes.io/tls with both key (tls.crt and tls.key) set accordingly (if defined attributes 'certificate', 'caCertificate' and 'privateKey' are ignored) | `nil` | +| `route.tls.certificate` | PEM encoded single certificate | `nil` | +| `route.tls.privateKey` | PEM encoded private key | `nil` | +| `route.tls.caCertificate` | PEM encoded CA certificate or chain that issued the certificate | `nil` | +| `route.tls.destinationCACertificate` | PEM encoded CA certificate used to verify the authenticity of final end point when 'termination' is set to 'passthrough' (ignored otherwise) | `nil` | ### deployment @@ -982,25 +1021,27 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus | ------------------------ | ----------------------------------------------------------------- | ------------------ | | `signing.enabled` | Enable commit/action signing | `false` | | `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` | -| `signing.privateKey` | Inline private gpg key for signed internal Git activity | `""` | +| `signing.privateKey` | Inline private GPG key for signed internal Git activity | `""` | | `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""` | ### Gitea -| Name | Description | Value | -| -------------------------------------- | --------------------------------------------------------------------------- | -------------------- | -| `gitea.admin.username` | Username for the Forgejo admin user | `gitea_admin` | -| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | -| `gitea.admin.password` | Password for the Forgejo admin user | `r8sA8CPHD9!bt6d` | -| `gitea.admin.email` | Email for the Forgejo admin user | `gitea@local.domain` | -| `gitea.metrics.enabled` | Enable Forgejo metrics | `false` | -| `gitea.metrics.serviceMonitor.enabled` | Enable Forgejo metrics service monitor | `false` | -| `gitea.ldap` | LDAP configuration | `[]` | -| `gitea.oauth` | OAuth configuration | `[]` | -| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | -| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | -| `gitea.podAnnotations` | Annotations for the Forgejo pod | `{}` | -| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Forgejo image. | `INFO` | +| Name | Description | Value | +| ---------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | -------------------- | +| `gitea.admin.username` | Username for the Forgejo admin user | `gitea_admin` | +| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | +| `gitea.admin.password` | Password for the Forgejo admin user | `r8sA8CPHD9!bt6d` | +| `gitea.admin.email` | Email for the Forgejo admin user | `gitea@local.domain` | +| `gitea.admin.passwordMode` | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated | `keepUpdated` | +| `gitea.metrics.enabled` | Enable Forgejo metrics | `false` | +| `gitea.metrics.serviceMonitor.enabled` | Enable Forgejo metrics service monitor | `false` | +| `gitea.metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | +| `gitea.ldap` | LDAP configuration | `[]` | +| `gitea.oauth` | OAuth configuration | `[]` | +| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | +| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | +| `gitea.podAnnotations` | Annotations for the Forgejo pod | `{}` | +| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Forgejo image. | `INFO` | ### `app.ini` overrides @@ -1072,15 +1113,16 @@ blocks, while the keys themselves remain in all caps. ### ReadinessProbe -| Name | Description | Value | -| ------------------------------------------ | ------------------------------------------------- | ------ | -| `gitea.readinessProbe.enabled` | Enable readiness probe | `true` | -| `gitea.readinessProbe.tcpSocket.port` | Port to probe for readiness | `http` | -| `gitea.readinessProbe.initialDelaySeconds` | Initial delay before readiness probe is initiated | `5` | -| `gitea.readinessProbe.timeoutSeconds` | Timeout for readiness probe | `1` | -| `gitea.readinessProbe.periodSeconds` | Period for readiness probe | `10` | -| `gitea.readinessProbe.successThreshold` | Success threshold for readiness probe | `1` | -| `gitea.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `3` | +| Name | Description | Value | +| ------------------------------------------ | ------------------------------------------------- | -------------- | +| `gitea.readinessProbe.enabled` | Enable readiness probe | `true` | +| `gitea.readinessProbe.httpGet.path` | Path to probe for readiness | `/api/healthz` | +| `gitea.readinessProbe.httpGet.port` | Port to probe for readiness | `http` | +| `gitea.readinessProbe.initialDelaySeconds` | Initial delay before readiness probe is initiated | `5` | +| `gitea.readinessProbe.timeoutSeconds` | Timeout for readiness probe | `1` | +| `gitea.readinessProbe.periodSeconds` | Period for readiness probe | `10` | +| `gitea.readinessProbe.successThreshold` | Success threshold for readiness probe | `1` | +| `gitea.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `3` | ### StartupProbe @@ -1097,19 +1139,33 @@ blocks, while the keys themselves remain in all caps. ### Redis® Cluster Redis® Cluster is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) if enabled in the values. -Complete Configuration can be taken from their website. +Full configuration options are available on their website. +Redis cluster and [Redis](#redis) cannot be enabled at the same time. | Name | Description | Value | | -------------------------------- | -------------------------------------------- | ------- | -| `redis-cluster.enabled` | Enable redis | `true` | +| `redis-cluster.enabled` | Enable redis cluster | `true` | | `redis-cluster.usePassword` | Whether to use password authentication | `false` | | `redis-cluster.cluster.nodes` | Number of redis cluster master nodes | `3` | | `redis-cluster.cluster.replicas` | Number of redis cluster master node replicas | `0` | +### Redis® + +Redis® is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis) if enabled in the values. +Full configuration options are available on their website. +Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. + +| Name | Description | Value | +| ----------------------------- | ------------------------------------------ | ------------ | +| `redis.enabled` | Enable redis standalone or replicated | `false` | +| `redis.architecture` | Whether to use standalone or replication | `standalone` | +| `redis.global.redis.password` | Required password | `changeme` | +| `redis.master.count` | Number of Redis master instances to deploy | `1` | + ### PostgreSQL HA PostgreSQL HA is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) if enabled in the values. -Complete Configuration can be taken from their website. +Full configuration options are available on their website. | Name | Description | Value | | ------------------------------------------- | ---------------------------------------------------------------- | ----------- | @@ -1127,7 +1183,7 @@ Complete Configuration can be taken from their website. ### PostgreSQL PostgreSQL is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) if enabled in the values. -Complete Configuration can be taken from their website. +Full configuration options are available on their website. | Name | Description | Value | | ------------------------------------------------------- | ---------------------------------------------------------------- | ------- | @@ -1142,11 +1198,11 @@ Complete Configuration can be taken from their website. | Name | Description | Value | | ------------------ | ------------------------------------------------------------------ | --------- | -| `checkDeprecation` | Set it to false to skip this basic validation check. | `true` | -| `test.enabled` | Set it to false to disable test-connection Pod. | `true` | +| `checkDeprecation` | Whether to run this basic validation check. | `true` | +| `test.enabled` | Whether to use test-connection Pod. | `true` | | `test.image.name` | Image name for the wget container used in the test-connection Pod. | `busybox` | | `test.image.tag` | Image tag for the wget container used in the test-connection Pod. | `latest` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `extraDeploy` | Array of extra objects to deploy with the release. | `[]` | ## Contributing @@ -1162,11 +1218,38 @@ This section lists major and breaking changes of each Helm Chart version. Please read them carefully to upgrade successfully, especially the change of the **default database backend**! If you miss this, blindly upgrading may delete your Postgres instance and you may lose your data! -### To v7.0.0 +### To v11 + +PostgreSQL and PostgreSQL HA are now using PostgreSQL v17. +Please read PostgresSQL upgrade guide before upgrading. + +You need Forgejo v10+ to use this Helm Chart version. +Forgejo v9 is now EOL. + +ClusterIP is now emtpy instead of `None` for http and ssh service. +Unsupported api versions for `Ingress` and `PodDisruptionBudget` are removed. +`Ingress` and `Service` are now using named ports. +The ReadinessProbe is now using the `/api/healthz` endpoint. + +### To v10 + +You need Forgejo v9+ to use this Helm Chart version. +Forgejo v8 is now EOL. + +### To v9 + +Namespaces for all resources are now set to `common.names.namespace` by default. + +### To v8 + +You need Forgejo v8+ to use this Helm Chart version. +Use the v7 Helm Chart for Forgejo v7. + +### To v7 The Forgejo docker image is pulled from `code.forgejo.org` instead of `codeberg.org`. -### To v6.0.0 +### To v6 You need Forgejo v7+ to use this Helm Chart version. Use the v5 Helm Chart for Forgejo v1.21. diff --git a/ci/default-values.yaml b/ci/default-values.yaml new file mode 100644 index 0000000..25fefaa --- /dev/null +++ b/ci/default-values.yaml @@ -0,0 +1,20 @@ +# default values with some modifications + +# Use mirror +# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 +global: + security: + allowInsecureImages: true +redis-cluster: + image: + registry: public.ecr.aws +postgresql-ha: + postgresql: + image: + registry: public.ecr.aws + pgpool: + image: + registry: public.ecr.aws +test: + image: + name: code.forgejo.org/oci/busybox diff --git a/ci/default.yml b/ci/default.yml deleted file mode 100644 index d6c93d3..0000000 --- a/ci/default.yml +++ /dev/null @@ -1 +0,0 @@ -# default values diff --git a/ci/dev-values.yml b/ci/dev-values.yaml similarity index 69% rename from ci/dev-values.yml rename to ci/dev-values.yaml index 2747d7c..a47f3ba 100644 --- a/ci/dev-values.yml +++ b/ci/dev-values.yaml @@ -1,11 +1,14 @@ # Test codeberg.org image image: registry: codeberg.org +# Use mirror +# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 +test: + image: + name: code.forgejo.org/oci/busybox redis-cluster: enabled: false -postgresql: - enabled: false postgresql-ha: enabled: false diff --git a/ci/single-values.yml b/ci/single-values.yaml similarity index 53% rename from ci/single-values.yml rename to ci/single-values.yaml index 46ea966..6be58e6 100644 --- a/ci/single-values.yml +++ b/ci/single-values.yaml @@ -1,10 +1,24 @@ redis-cluster: enabled: false -postgresql: - enabled: true postgresql-ha: enabled: false +postgresql: + enabled: true + # Use mirror + # https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 + image: + registry: public.ecr.aws +global: + security: + allowInsecureImages: true + +# Use mirror +# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 +test: + image: + name: code.forgejo.org/oci/busybox + persistence: enabled: true diff --git a/ci/v8-test.yml b/ci/v10-values.yaml similarity index 64% rename from ci/v8-test.yml rename to ci/v10-values.yaml index 87b8dd7..253b35b 100644 --- a/ci/v8-test.yml +++ b/ci/v10-values.yaml @@ -1,12 +1,16 @@ image: registry: codeberg.org repository: forgejo-experimental/forgejo - tag: 8.0-test@sha256:40e945bef50f975dfece6e4effbf03abe56c2f165d8f932b46e60d68dc6bd023 + tag: 10 # don't pin, manifests can be missing + +# Use mirror +# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 +test: + image: + name: code.forgejo.org/oci/busybox redis-cluster: enabled: false -postgresql: - enabled: false postgresql-ha: enabled: false diff --git a/ci/v9-test.yml b/ci/v11-values.yaml similarity index 64% rename from ci/v9-test.yml rename to ci/v11-values.yaml index be9a678..6c1a24b 100644 --- a/ci/v9-test.yml +++ b/ci/v11-values.yaml @@ -1,12 +1,16 @@ image: registry: codeberg.org repository: forgejo-experimental/forgejo - tag: 9.0-test@sha256:03b187b47c9c4dab681a10527ea65448cde53b80bf56ca0e8455ee20319cba2f + tag: 11 # don't pin, manifests can be missing + +# Use mirror +# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 +test: + image: + name: code.forgejo.org/oci/busybox redis-cluster: enabled: false -postgresql: - enabled: false postgresql-ha: enabled: false diff --git a/ci/v7-test.yml b/ci/v12-values.yaml similarity index 64% rename from ci/v7-test.yml rename to ci/v12-values.yaml index 4f1179d..8429086 100644 --- a/ci/v7-test.yml +++ b/ci/v12-values.yaml @@ -1,12 +1,16 @@ image: registry: codeberg.org repository: forgejo-experimental/forgejo - tag: 7.0-test@sha256:824921b3a518b5a160f891fd13efd2591ddfe65592aee68e829198b5a35564de + tag: 12 # don't pin, manifests can be missing + +# Use mirror +# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 +test: + image: + name: code.forgejo.org/oci/busybox redis-cluster: enabled: false -postgresql: - enabled: false postgresql-ha: enabled: false diff --git a/package.json b/package.json index 8f274e0..d4cccfc 100644 --- a/package.json +++ b/package.json @@ -11,21 +11,21 @@ "prettier-fix": "prettier --write --ignore-unknown --cache '**/*.*'", "readme:lint": "markdownlint *.md -f", "readme:parameters": "readme-generator -v values.yaml -r README.md", - "test": "helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' ./" + "test": "helm unittest --strict -f 'unittests/**/*.yaml' ./" }, "devDependencies": { - "@bitnami/readme-generator-for-helm": "2.6.1", + "@bitnami/readme-generator-for-helm": "2.7.0", "clipanion": "3.2.1", "conventional-changelog-conventionalcommits": "8.0.0", - "conventional-changelog-core": "8.0.0", - "husky": "9.1.4", - "lint-staged": "15.2.7", - "markdownlint-cli": "0.41.0", - "prettier": "3.3.3" + "conventional-changelog-core": "9.0.0", + "husky": "9.1.7", + "lint-staged": "15.5.0", + "markdownlint-cli": "0.44.0", + "prettier": "3.5.3" }, - "packageManager": "pnpm@9.6.0", + "packageManager": "pnpm@10.7.0", "engines": { - "node": "^18.12.0 || >=20.9.0", - "pnpm": "^9.0.0" + "node": "^22.0.0", + "pnpm": "^10.0.0" } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index b35617e..387c3dc 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -9,8 +9,8 @@ importers: .: devDependencies: '@bitnami/readme-generator-for-helm': - specifier: 2.6.1 - version: 2.6.1 + specifier: 2.7.0 + version: 2.7.0 clipanion: specifier: 3.2.1 version: 3.2.1(typanion@3.14.0) @@ -18,37 +18,25 @@ importers: specifier: 8.0.0 version: 8.0.0 conventional-changelog-core: - specifier: 8.0.0 - version: 8.0.0(conventional-commits-filter@4.0.0) + specifier: 9.0.0 + version: 9.0.0(conventional-commits-filter@4.0.0) husky: - specifier: 9.1.4 - version: 9.1.4 + specifier: 9.1.7 + version: 9.1.7 lint-staged: - specifier: 15.2.7 - version: 15.2.7 + specifier: 15.5.0 + version: 15.5.0 markdownlint-cli: - specifier: 0.41.0 - version: 0.41.0 + specifier: 0.44.0 + version: 0.44.0 prettier: - specifier: 3.3.3 - version: 3.3.3 + specifier: 3.5.3 + version: 3.5.3 packages: - '@babel/code-frame@7.23.5': - resolution: {integrity: sha512-CgH3s1a96LipHCmSUmYFPwY7MNx8C3avkq7i4Wl3cfa662ldtUe4VM1TPXX70pfmrlWTb6jLqTYrZyT2ZTJBgA==} - engines: {node: '>=6.9.0'} - - '@babel/helper-validator-identifier@7.22.20': - resolution: {integrity: sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==} - engines: {node: '>=6.9.0'} - - '@babel/highlight@7.23.4': - resolution: {integrity: sha512-acGdbYSfp2WheJoJm/EBBBLh/ID8KDc64ISZ9DYtBmC8/Q204PZJLHyzeB5qMzJ5trcOkybd78M4x2KWsUq++A==} - engines: {node: '>=6.9.0'} - - '@bitnami/readme-generator-for-helm@2.6.1': - resolution: {integrity: sha512-rN0m0sfbOuaNdCmQWBfSj9o4kgzz+Dw67Dl1ssDVqghv/UpLkrDmNuTxhD1CWu+sesGL66UYJ2VplGz9KxlAdg==} + '@bitnami/readme-generator-for-helm@2.7.0': + resolution: {integrity: sha512-fVxExmcuJ9NZb9ZE9OW3+lG8pUlXJAJdaO8UukV3A7WzYu4qOTr03MXPH9Gt5e/6mo3x4WYI/cXBksKfS0qn3w==} hasBin: true '@conventional-changelog/git-client@1.0.0': @@ -75,18 +63,27 @@ packages: resolution: {integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==} engines: {node: '>=14'} - '@types/normalize-package-data@2.4.4': - resolution: {integrity: sha512-37i+OaWTh9qeK4LSHPsyRC7NahnGotNuZvjLSgcPzblpHB3rrCJxAOgI5gCdKm7coonsaX1Of0ILiTcnZjbfxA==} + '@types/debug@4.1.12': + resolution: {integrity: sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==} + + '@types/katex@0.16.7': + resolution: {integrity: sha512-HMwFiRujE5PjrgwHQ25+bsLJgowjGjm5Z8FVSf0N6PwgJrwxH0QxzHYDcKsTfV3wva0vzrpqMTJS2jXPr5BMEQ==} + + '@types/ms@2.1.0': + resolution: {integrity: sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==} '@types/semver@7.5.8': resolution: {integrity: sha512-I8EUhyrgfLrcTkzV3TSsGyl1tSuPrEDzr0yd5m90UgNxQkyDXULk3b6MlQqTCpZpNtWe1K0hzclnZkTcLBe2UQ==} + '@types/unist@2.0.11': + resolution: {integrity: sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA==} + add-stream@1.0.0: resolution: {integrity: sha512-qQLMr+8o0WC4FZGQTcJiKBVC59JylcPSrTtk6usvmIDFUOCKegapy1VHQwRbFMOFyb/inzUVqHs+eMYKDM1YeQ==} - ansi-escapes@6.2.0: - resolution: {integrity: sha512-kzRaCqXnpzWs+3z5ABPQiVke+iq0KXkHo8xiWV4RPTi5Yli0l97BEQuhXV1s7+aSU/fu1kUuxgS4MsQ0fRuygw==} - engines: {node: '>=14.16'} + ansi-escapes@7.0.0: + resolution: {integrity: sha512-GdYO7a61mR0fOlAsvC9/rIHf7L96sBc6dEWzeOu+KAea5bZyQRPIpojrVoI4AXGJS/ycu/fBTdLrUkA4ODrvjw==} + engines: {node: '>=18'} ansi-regex@5.0.1: resolution: {integrity: sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==} @@ -96,10 +93,6 @@ packages: resolution: {integrity: sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==} engines: {node: '>=12'} - ansi-styles@3.2.1: - resolution: {integrity: sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==} - engines: {node: '>=4'} - ansi-styles@4.3.0: resolution: {integrity: sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==} engines: {node: '>=8'} @@ -127,17 +120,22 @@ packages: resolution: {integrity: sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==} engines: {node: '>=8'} - chalk@2.4.2: - resolution: {integrity: sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==} - engines: {node: '>=4'} - - chalk@5.3.0: - resolution: {integrity: sha512-dLitG79d+GV1Nb/VYcCDFivJeK1hiukt9QjRNVOsUtTy1rR1YJsmpGGTZ3qJos+uw7WmWF4wUwBd9jxjocFC2w==} + chalk@5.4.1: + resolution: {integrity: sha512-zgVZuo2WcZgfUEmsn6eO3kINexW8RAE4maiQ8QNs8CtpPCSyMiYsULR3HQYkm3w8FIA3SberyMJMSldGsW+U3w==} engines: {node: ^12.17.0 || ^14.13 || >=16.0.0} - cli-cursor@4.0.0: - resolution: {integrity: sha512-VGtlMu3x/4DOtIUwEkRezxUZ2lBacNJCHash0N0WeZDBS+7Ux1dm3XWAgWYxLJFMMdOeXMHXorshEFhbMSGelg==} - engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0} + character-entities-legacy@3.0.0: + resolution: {integrity: sha512-RpPp0asT/6ufRm//AJVwpViZbGM/MkjQFxJccQRHmISF/22NBtsHqAWmL+/pmkPWoIUJdWyeVleTl1wydHATVQ==} + + character-entities@2.0.2: + resolution: {integrity: sha512-shx7oQ0Awen/BRIdkjkvz54PnEEI/EjwXDSIZp86/KKdbafHh1Df/RYGBhn4hbe2+uKC9FnT5UCEdyPz3ai9hQ==} + + character-reference-invalid@2.0.1: + resolution: {integrity: sha512-iBZ4F4wRbyORVsu0jPV7gXkOsGYjGHPmAyv+HiHG8gi5PtC9KI2j1+v8/tlibRvjoWX027ypmG/n0HtO5t7unw==} + + cli-cursor@5.0.0: + resolution: {integrity: sha512-aCj4O5wKyszjMmDT4tZj93kxyydN/K5zPWSCe6/0AV/AA1pqe5ZBIw0a2ZfPQV7lL5/yb5HsUreJ6UFAF1tEQw==} + engines: {node: '>=18'} cli-truncate@4.0.0: resolution: {integrity: sha512-nPdaFdQ0h/GEigbPClz11D0v/ZJEwxmeVZGeMo3Z5StPtUTkA9o1lD6QwoirYiSDzbcwn2XcjwmCp68W1IS4TA==} @@ -148,33 +146,27 @@ packages: peerDependencies: typanion: '*' - color-convert@1.9.3: - resolution: {integrity: sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==} - color-convert@2.0.1: resolution: {integrity: sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==} engines: {node: '>=7.0.0'} - color-name@1.1.3: - resolution: {integrity: sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==} - color-name@1.1.4: resolution: {integrity: sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==} colorette@2.0.20: resolution: {integrity: sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==} - commander@12.1.0: - resolution: {integrity: sha512-Vw8qHK3bZM9y/P10u3Vib8o/DdkvA2OtPtZvD871QKjy74Wj1WSKFILMPRPSdUSx5RFK1arlJzEtA4PkFgnbuA==} + commander@13.1.0: + resolution: {integrity: sha512-/rFeCpNJQbhSZjGVwO9RFV3xPqbnERS8MmIQzCtD/zl6gpJuV/bMLuN92oG3F7d8oDEHHRrujSXNUr8fpjntKw==} engines: {node: '>=18'} commander@6.2.1: resolution: {integrity: sha512-U7VdrJFnJgo4xjrHpTzu0yrHPGImdsmD95ZlgYSEajAn2JKzDhDTPG9kBTefmObL2w/ngeZnilk+OV9CG3d7UA==} engines: {node: '>= 6'} - commander@7.2.0: - resolution: {integrity: sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==} - engines: {node: '>= 10'} + commander@8.3.0: + resolution: {integrity: sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==} + engines: {node: '>= 12'} compare-func@2.0.0: resolution: {integrity: sha512-zHig5N+tPWARooBnb0Zx1MFcdfpyJrfTJ3Y5L+IFvUm8rM74hHz66z0gw0x4tijh5CorKkKUCnW82R2vmpeCRA==} @@ -186,12 +178,12 @@ packages: resolution: {integrity: sha512-eOvlTO6OcySPyyyk8pKz2dP4jjElYunj9hn9/s0OB+gapTO8zwS9UQWrZ1pmF2hFs3vw1xhonOLGcGjy/zgsuA==} engines: {node: '>=18'} - conventional-changelog-core@8.0.0: - resolution: {integrity: sha512-EATUx5y9xewpEe10UEGNpbSHRC6cVZgO+hXQjofMqpy+gFIrcGvH3Fl6yk2VFKh7m+ffenup2N7SZJYpyD9evw==} + conventional-changelog-core@9.0.0: + resolution: {integrity: sha512-/XS1hE0axsZ+IwJAoXw1faEdbo5+A975pL6FeLHs5Iz8lgROZ9iAhEFmIFhjHW1/BOhGq7RJU9udzWbeumAfDQ==} engines: {node: '>=18'} - conventional-changelog-writer@8.0.0: - resolution: {integrity: sha512-TQcoYGRatlAnT2qEWDON/XSfnVG38JzA7E0wcGScu7RElQBkg9WWgZd1peCWFcWDh1xfb2CfsrcvOn1bbSzztA==} + conventional-changelog-writer@8.0.1: + resolution: {integrity: sha512-hlqcy3xHred2gyYg/zXSMXraY2mjAYYo0msUCpK+BGyaVJMFCKWVXPIHiaacGO2GGp13kvHWXFhYmxT4QQqW3Q==} engines: {node: '>=18'} hasBin: true @@ -203,8 +195,8 @@ packages: resolution: {integrity: sha512-tQMagCOC59EVgNZcC5zl7XqO30Wki9i9J3acbUvkaosCT6JX3EeFwJD7Qqp4MCikRnzS18WXV3BLIQ66ytu6+Q==} engines: {node: '>=18'} - conventional-commits-parser@6.0.0: - resolution: {integrity: sha512-TbsINLp48XeMXR8EvGjTnKGsZqBemisPoyWESlpRyR8lif0lcwzqz+NMtYSj1ooF/WYjSuu7wX0CtdeeMEQAmA==} + conventional-commits-parser@6.1.0: + resolution: {integrity: sha512-5nxDo7TwKB5InYBl4ZC//1g9GRwB/F3TXOGR9hgUjMGfvSP4Vu5NkpNro2+1+TIEy1vwxApl5ircECr2ri5JIw==} engines: {node: '>=18'} hasBin: true @@ -212,8 +204,8 @@ packages: resolution: {integrity: sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==} engines: {node: '>= 8'} - debug@4.3.4: - resolution: {integrity: sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==} + debug@4.4.0: + resolution: {integrity: sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==} engines: {node: '>=6.0'} peerDependencies: supports-color: '*' @@ -221,10 +213,20 @@ packages: supports-color: optional: true + decode-named-character-reference@1.0.2: + resolution: {integrity: sha512-O8x12RzrUF8xyVcY0KJowWsmaJxQbmy0/EtnNtHRpsOcT7dFk5W598coHqBVpmWo1oQQfsCqfCmkZN5DJrZVdg==} + deep-extend@0.6.0: resolution: {integrity: sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==} engines: {node: '>=4.0.0'} + dequal@2.0.3: + resolution: {integrity: sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==} + engines: {node: '>=6'} + + devlop@1.1.0: + resolution: {integrity: sha512-RWmIqhcFf1lRYBvNmr7qTNuyCt/7/ns2jbpp1+PalgE/rDQcBT0fioSMUpJ93irlUhC5hrg4cYqe6U+0ImW0rA==} + dot-object@2.1.5: resolution: {integrity: sha512-xHF8EP4XH/Ba9fvAF2LDd5O3IITVolerVV6xvkxoM8zlGEiCUrggpAnHyOoKJKCrhvPcGATFAUwIujj7bRG5UA==} hasBin: true @@ -249,9 +251,9 @@ packages: resolution: {integrity: sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==} engines: {node: '>=0.12'} - escape-string-regexp@1.0.5: - resolution: {integrity: sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==} - engines: {node: '>=0.8.0'} + environment@1.1.0: + resolution: {integrity: sha512-xUtoPkMggbz0MPyPiIWr1Kp4aeWJjDZ6SMvURhimjdZgsRuDplF5/s9hcgGhyXMhs+6vpnuoiZ2kFiu3FMnS8Q==} + engines: {node: '>=18'} eventemitter3@5.0.1: resolution: {integrity: sha512-GWkBvjiSZK87ELrYOSESUYeVIc9mvLLf/nXalMOS5dYrgZq9o5OVkbZAVM06CVxYsCwH9BDZFPlQTlPA1j4ahA==} @@ -260,14 +262,13 @@ packages: resolution: {integrity: sha512-VyhnebXciFV2DESc+p6B+y0LjSm0krU4OgJN44qFAhBY0TJ+1V61tYD2+wHusZ6F9n5K+vl8k0sTy7PEfV4qpg==} engines: {node: '>=16.17'} + fd-package-json@1.2.0: + resolution: {integrity: sha512-45LSPmWf+gC5tdCQMNH4s9Sr00bIkiD9aN7dc5hqkrEw1geRYyDQS1v1oMHAW3ysfxfndqGsrDREHHjNNbKUfA==} + fill-range@7.1.1: resolution: {integrity: sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==} engines: {node: '>=8'} - find-up-simple@1.0.0: - resolution: {integrity: sha512-q7Us7kcjj2VMePAa02hDAF6d+MzsdsAWEwYyOpwUtlerRBkOEPBCRZrAV4XfcSN8fHAgaD0hP7miwoay6DCprw==} - engines: {node: '>=18'} - foreground-child@3.1.1: resolution: {integrity: sha512-TMKDUnIte6bfb5nWv7V/caI169OHgvwjb7V4WkeUvbQQdjr5rWKqHFiKWb/fcOwB+CzBT+qbWjvj+DVwRskpIg==} engines: {node: '>=14'} @@ -275,17 +276,10 @@ packages: fs.realpath@1.0.0: resolution: {integrity: sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==} - function-bind@1.1.2: - resolution: {integrity: sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==} - get-east-asian-width@1.2.0: resolution: {integrity: sha512-2nk+7SIVb14QrgXFHcm84tD4bKQz0RxPuMT8Ag5KPOq7J5fEmAg0UbXdTOSHqNuHSU28k55qnceesxXRZGzKWA==} engines: {node: '>=18'} - get-stdin@9.0.0: - resolution: {integrity: sha512-dVKBjfWisLAicarI2Sf+JuBE/DghV4UzNAVe9yhEJuzeREd3JhOTE9cUaJTeSa77fsbQUK3pcOpJfM59+VKZaA==} - engines: {node: '>=12'} - get-stream@8.0.1: resolution: {integrity: sha512-VaUJspBffn/LMCJVoMvSAdmscJyS1auj5Zulnn5UoYcY531UWmdwhRWkcGKnGU93m5HSXP9LP2usOryrBtQowA==} engines: {node: '>=16'} @@ -300,9 +294,8 @@ packages: engines: {node: '>=18'} hasBin: true - glob@10.4.1: - resolution: {integrity: sha512-2jelhlq3E4ho74ZyVLN03oKdAZVUa6UDZzFLVH1H7dnoax+y9qyaq8zBkfDIggjniU19z0wU18y16jMB2eyVIw==} - engines: {node: '>=16 || 14 >=14.18'} + glob@10.4.5: + resolution: {integrity: sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==} hasBin: true glob@7.2.3: @@ -314,35 +307,23 @@ packages: engines: {node: '>=0.4.7'} hasBin: true - has-flag@3.0.0: - resolution: {integrity: sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==} - engines: {node: '>=4'} - - hasown@2.0.0: - resolution: {integrity: sha512-vUptKVTpIJhcczKBbgnS+RtcuYMB8+oNzPK2/Hp3hanz8JmpATdmmgLgSaadVREkDm+e2giHwY3ZRkyjSIDDFA==} - engines: {node: '>= 0.4'} - - hosted-git-info@7.0.1: - resolution: {integrity: sha512-+K84LB1DYwMHoHSgaOY/Jfhw3ucPmSET5v98Ke/HdNSw4a0UktWzyW1mjhjpuxxTqOOsfWT/7iVshHmVZ4IpOA==} - engines: {node: ^16.14.0 || >=18.0.0} + hosted-git-info@8.0.2: + resolution: {integrity: sha512-sYKnA7eGln5ov8T8gnYlkSOxFJvywzEx9BueN6xo/GKO8PGiI6uK6xx+DIGe45T3bdVjLAQDQW1aicT8z8JwQg==} + engines: {node: ^18.17.0 || >=20.5.0} human-signals@5.0.0: resolution: {integrity: sha512-AXcZb6vzzrFAUE61HnN4mpLqd/cSIwNQjtNWR0euPm6y0iqx3G4gOXaIDdtdDwZmhwe82LA6+zinmW4UBWVePQ==} engines: {node: '>=16.17.0'} - husky@9.1.4: - resolution: {integrity: sha512-bho94YyReb4JV7LYWRWxZ/xr6TtOTt8cMfmQ39MQYJ7f/YE268s3GdghGwi+y4zAeqewE5zYLvuhV0M0ijsDEA==} + husky@9.1.7: + resolution: {integrity: sha512-5gs5ytaNjBrh5Ow3zrvdUUY+0VxIuWVL4i9irt6friV+BqdCfmV11CQTWMiBYWHbXhco+J1kHfTOUkePhCDvMA==} engines: {node: '>=18'} hasBin: true - ignore@5.3.1: - resolution: {integrity: sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw==} + ignore@7.0.3: + resolution: {integrity: sha512-bAH5jbK/F3T3Jls4I0SO1hmPR0dKU0a7+SY6n1yzRtG54FLO8d6w/nxLFX2Nb7dBu6cCWXPaAME6cYqFUMmuCA==} engines: {node: '>= 4'} - index-to-position@0.1.2: - resolution: {integrity: sha512-MWDKS3AS1bGCHLBA2VLImJz42f7bJh8wQsTGCzI3j519/CASStoDONUBVz2I/VID0MpiX3SGSnbOD2xUalbE5g==} - engines: {node: '>=18'} - inflight@1.0.6: resolution: {integrity: sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==} deprecated: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. @@ -354,8 +335,14 @@ packages: resolution: {integrity: sha512-QQnnxNyfvmHFIsj7gkPcYymR8Jdw/o7mp5ZFihxn6h8Ci6fh3Dx4E1gPjpQEpIuPo9XVNY/ZUwh4BPMjGyL01g==} engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} - is-core-module@2.13.1: - resolution: {integrity: sha512-hHrIjvZsftOsvKSn2TRYl63zvxsgE0K+0mYMoH6gD4omR5IWB2KynivBQczo3+wF1cCkjzvptnI9Q0sPU66ilw==} + is-alphabetical@2.0.1: + resolution: {integrity: sha512-FWyyY60MeTNyeSRpkM2Iry0G9hpr7/9kD40mD/cGQEuilcZYS4okz8SN2Q6rLCJ8gbCt6fN+rC+6tMGS99LaxQ==} + + is-alphanumerical@2.0.1: + resolution: {integrity: sha512-hmbYhX/9MUMF5uh7tOXyK/n0ZvWpad5caBA17GsC6vyuCqaWliRG5K1qS9inmUhEMaOBIW7/whAnSwveW/LtZw==} + + is-decimal@2.0.1: + resolution: {integrity: sha512-AAB9hiomQs5DXWcRB1rqsxGUstbRroFOPPVAomNk/3XHR5JyEZChOyTWe2oayKnsSsr/kcGqF+z6yuH6HHpN0A==} is-fullwidth-code-point@3.0.0: resolution: {integrity: sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==} @@ -369,6 +356,9 @@ packages: resolution: {integrity: sha512-OVa3u9kkBbw7b8Xw5F9P+D/T9X+Z4+JruYVNapTjPYZYUznQ5YfWeFkOj606XYYW8yugTfC8Pj0hYqvi4ryAhA==} engines: {node: '>=18'} + is-hexadecimal@2.0.1: + resolution: {integrity: sha512-DgZQp241c8oO6cA1SbTEWiXeoxV42vlcJxgH+B3hi1AiqqKruZR3ZGF8In3fj4+/y/7rHvlOZLZtgJ/4ttYGZg==} + is-number@7.0.0: resolution: {integrity: sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==} engines: {node: '>=0.12.0'} @@ -384,45 +374,45 @@ packages: isexe@2.0.0: resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==} - jackspeak@3.1.2: - resolution: {integrity: sha512-kWmLKn2tRtfYMF/BakihVVRzBKOxz4gJMiL2Rj91WnAB5TPZumSH99R/Yf1qE1u4uRimvCSJfm6hnxohXeEXjQ==} - engines: {node: '>=14'} - - js-tokens@4.0.0: - resolution: {integrity: sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==} + jackspeak@3.4.3: + resolution: {integrity: sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==} js-yaml@4.1.0: resolution: {integrity: sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==} hasBin: true - jsonc-parser@3.2.1: - resolution: {integrity: sha512-AilxAyFOAcK5wA1+LeaySVBrHsGQvUFCDWXKpZjzaL0PqW+xfBOttn8GNtWKFWqneyMZj41MWF9Kl6iPWLwgOA==} + jsonc-parser@3.3.1: + resolution: {integrity: sha512-HUgH65KyejrUFPvHFPbqOY0rsFip3Bo5wb4ngvdi1EpCYWUQDC5V+Y7mZws+DLkr4M//zQJoanu1SP+87Dv1oQ==} jsonpointer@5.0.1: resolution: {integrity: sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==} engines: {node: '>=0.10.0'} - lilconfig@3.1.1: - resolution: {integrity: sha512-O18pf7nyvHTckunPWCV1XUNXU1piu01y2b7ATJ0ppkUkk8ocqVWBrYjJBCwHDjD/ZWcfyrA0P4gKhzWGi5EINQ==} + katex@0.16.21: + resolution: {integrity: sha512-XvqR7FgOHtWupfMiigNzmh+MgUVmDGU2kXZm899ZkPfcuoPuFxyHmXsgATDpFZDAXCI8tvinaVcDo8PIIJSo4A==} + hasBin: true + + lilconfig@3.1.3: + resolution: {integrity: sha512-/vlFKAoH5Cgt3Ie+JLhRbwOsCQePABiU3tJ1egGvyQ+33R/vcwM2Zl2QR/LzjsBeItPt3oSVXapn+m4nQDvpzw==} engines: {node: '>=14'} linkify-it@5.0.0: resolution: {integrity: sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==} - lint-staged@15.2.7: - resolution: {integrity: sha512-+FdVbbCZ+yoh7E/RosSdqKJyUM2OEjTciH0TFNkawKgvFp1zbGlEC39RADg+xKBG1R4mhoH2j85myBQZ5wR+lw==} + lint-staged@15.5.0: + resolution: {integrity: sha512-WyCzSbfYGhK7cU+UuDDkzUiytbfbi0ZdPy2orwtM75P3WTtQBzmG40cCxIa8Ii2+XjfxzLH6Be46tUfWS85Xfg==} engines: {node: '>=18.12.0'} hasBin: true - listr2@8.2.1: - resolution: {integrity: sha512-irTfvpib/rNiD637xeevjO2l3Z5loZmuaRi0L0YE5LfijwVY96oyVn0DFD3o/teAok7nfobMG1THvvcHh/BP6g==} + listr2@8.2.5: + resolution: {integrity: sha512-iyAZCeyD+c1gPyE9qpFu8af0Y+MRtmKOncdGoA2S5EY8iFq99dmmvkNnHiWo+pj0s7yH7l3KPIgee77tKpXPWQ==} engines: {node: '>=18.0.0'} lodash@4.17.21: resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==} - log-update@6.0.0: - resolution: {integrity: sha512-niTvB4gqvtof056rRIrTZvjNYE4rCUzO6X/X+kYjd7WFxXeJ0NwEFnRxX6ehkvv3jTwrXnNdtAak5XYZuIyPFw==} + log-update@6.1.0: + resolution: {integrity: sha512-9ie8ItPR6tjY5uYJh8K/Zrv/RMZ5VOlOWvtZdEHYSTFKZfIBPQa9tOAEeAWhd+AnIneLJ22w5fjOYtoutpWq5w==} engines: {node: '>=18'} lru-cache@10.2.0: @@ -440,17 +430,13 @@ packages: markdown-table@2.0.0: resolution: {integrity: sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==} - markdownlint-cli@0.41.0: - resolution: {integrity: sha512-kp29tKrMKdn+xonfefjp3a/MsNzAd9c5ke0ydMEI9PR98bOjzglYN4nfMSaIs69msUf1DNkgevAIAPtK2SeX0Q==} + markdownlint-cli@0.44.0: + resolution: {integrity: sha512-ZJTAONlvF9NkrIBltCdW15DxN9UTbPiKMEqAh2EU2gwIFlrCMavyCEPPO121cqfYOrLUJWW8/XKWongstmmTeQ==} engines: {node: '>=18'} hasBin: true - markdownlint-micromark@0.1.9: - resolution: {integrity: sha512-5hVs/DzAFa8XqYosbEAEg6ok6MF2smDj89ztn9pKkCtdKHVdPQuGMH7frFfYL9mLkvfFe4pTyAMffLbjf3/EyA==} - engines: {node: '>=18'} - - markdownlint@0.34.0: - resolution: {integrity: sha512-qwGyuyKwjkEMOJ10XN6OTKNOVYvOIi35RNvDLNxTof5s8UmyGHlCdpngRHoRGNvQVGuxO3BJ7uNSgdeX166WXw==} + markdownlint@0.37.4: + resolution: {integrity: sha512-u00joA/syf3VhWh6/ybVFkib5Zpj2e5KB/cfCei8fkSRuums6nyisTWGqjTWIOFoFwuXoTBQQiqlB4qFKp8ncQ==} engines: {node: '>=18'} mdurl@2.0.0: @@ -463,23 +449,98 @@ packages: merge-stream@2.0.0: resolution: {integrity: sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==} - micromatch@4.0.7: - resolution: {integrity: sha512-LPP/3KorzCwBxfeUuZmaR6bG2kdeHSbe0P2tY3FLRU4vYrjYz5hI4QZwV0njUx3jeuKe67YukQ1LSPZBKDqO/Q==} - engines: {node: '>=8.6'} + micromark-core-commonmark@2.0.2: + resolution: {integrity: sha512-FKjQKbxd1cibWMM1P9N+H8TwlgGgSkWZMmfuVucLCHaYqeSvJ0hFeHsIa65pA2nYbes0f8LDHPMrd9X7Ujxg9w==} - mimic-fn@2.1.0: - resolution: {integrity: sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==} - engines: {node: '>=6'} + micromark-extension-directive@3.0.2: + resolution: {integrity: sha512-wjcXHgk+PPdmvR58Le9d7zQYWy+vKEU9Se44p2CrCDPiLr2FMyiT4Fyb5UFKFC66wGB3kPlgD7q3TnoqPS7SZA==} + + micromark-extension-gfm-autolink-literal@2.1.0: + resolution: {integrity: sha512-oOg7knzhicgQ3t4QCjCWgTmfNhvQbDDnJeVu9v81r7NltNCVmhPy1fJRX27pISafdjL+SVc4d3l48Gb6pbRypw==} + + micromark-extension-gfm-footnote@2.1.0: + resolution: {integrity: sha512-/yPhxI1ntnDNsiHtzLKYnE3vf9JZ6cAisqVDauhp4CEHxlb4uoOTxOCJ+9s51bIB8U1N1FJ1RXOKTIlD5B/gqw==} + + micromark-extension-gfm-table@2.1.0: + resolution: {integrity: sha512-Ub2ncQv+fwD70/l4ou27b4YzfNaCJOvyX4HxXU15m7mpYY+rjuWzsLIPZHJL253Z643RpbcP1oeIJlQ/SKW67g==} + + micromark-extension-math@3.1.0: + resolution: {integrity: sha512-lvEqd+fHjATVs+2v/8kg9i5Q0AP2k85H0WUOwpIVvUML8BapsMvh1XAogmQjOCsLpoKRCVQqEkQBB3NhVBcsOg==} + + micromark-factory-destination@2.0.1: + resolution: {integrity: sha512-Xe6rDdJlkmbFRExpTOmRj9N3MaWmbAgdpSrBQvCFqhezUn4AHqJHbaEnfbVYYiexVSs//tqOdY/DxhjdCiJnIA==} + + micromark-factory-label@2.0.1: + resolution: {integrity: sha512-VFMekyQExqIW7xIChcXn4ok29YE3rnuyveW3wZQWWqF4Nv9Wk5rgJ99KzPvHjkmPXF93FXIbBp6YdW3t71/7Vg==} + + micromark-factory-space@2.0.1: + resolution: {integrity: sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==} + + micromark-factory-title@2.0.1: + resolution: {integrity: sha512-5bZ+3CjhAd9eChYTHsjy6TGxpOFSKgKKJPJxr293jTbfry2KDoWkhBb6TcPVB4NmzaPhMs1Frm9AZH7OD4Cjzw==} + + micromark-factory-whitespace@2.0.1: + resolution: {integrity: sha512-Ob0nuZ3PKt/n0hORHyvoD9uZhr+Za8sFoP+OnMcnWK5lngSzALgQYKMr9RJVOWLqQYuyn6ulqGWSXdwf6F80lQ==} + + micromark-util-character@2.1.1: + resolution: {integrity: sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==} + + micromark-util-chunked@2.0.1: + resolution: {integrity: sha512-QUNFEOPELfmvv+4xiNg2sRYeS/P84pTW0TCgP5zc9FpXetHY0ab7SxKyAQCNCc1eK0459uoLI1y5oO5Vc1dbhA==} + + micromark-util-classify-character@2.0.1: + resolution: {integrity: sha512-K0kHzM6afW/MbeWYWLjoHQv1sgg2Q9EccHEDzSkxiP/EaagNzCm7T/WMKZ3rjMbvIpvBiZgwR3dKMygtA4mG1Q==} + + micromark-util-combine-extensions@2.0.1: + resolution: {integrity: sha512-OnAnH8Ujmy59JcyZw8JSbK9cGpdVY44NKgSM7E9Eh7DiLS2E9RNQf0dONaGDzEG9yjEl5hcqeIsj4hfRkLH/Bg==} + + micromark-util-decode-numeric-character-reference@2.0.2: + resolution: {integrity: sha512-ccUbYk6CwVdkmCQMyr64dXz42EfHGkPQlBj5p7YVGzq8I7CtjXZJrubAYezf7Rp+bjPseiROqe7G6foFd+lEuw==} + + micromark-util-encode@2.0.1: + resolution: {integrity: sha512-c3cVx2y4KqUnwopcO9b/SCdo2O67LwJJ/UyqGfbigahfegL9myoEFoDYZgkT7f36T0bLrM9hZTAaAyH+PCAXjw==} + + micromark-util-html-tag-name@2.0.1: + resolution: {integrity: sha512-2cNEiYDhCWKI+Gs9T0Tiysk136SnR13hhO8yW6BGNyhOC4qYFnwF1nKfD3HFAIXA5c45RrIG1ub11GiXeYd1xA==} + + micromark-util-normalize-identifier@2.0.1: + resolution: {integrity: sha512-sxPqmo70LyARJs0w2UclACPUUEqltCkJ6PhKdMIDuJ3gSf/Q+/GIe3WKl0Ijb/GyH9lOpUkRAO2wp0GVkLvS9Q==} + + micromark-util-resolve-all@2.0.1: + resolution: {integrity: sha512-VdQyxFWFT2/FGJgwQnJYbe1jjQoNTS4RjglmSjTUlpUMa95Htx9NHeYW4rGDJzbjvCsl9eLjMQwGeElsqmzcHg==} + + micromark-util-sanitize-uri@2.0.1: + resolution: {integrity: sha512-9N9IomZ/YuGGZZmQec1MbgxtlgougxTodVwDzzEouPKo3qFWvymFHWcnDi2vzV1ff6kas9ucW+o3yzJK9YB1AQ==} + + micromark-util-subtokenize@2.0.4: + resolution: {integrity: sha512-N6hXjrin2GTJDe3MVjf5FuXpm12PGm80BrUAeub9XFXca8JZbP+oIwY4LJSVwFUCL1IPm/WwSVUN7goFHmSGGQ==} + + micromark-util-symbol@2.0.1: + resolution: {integrity: sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==} + + micromark-util-types@2.0.1: + resolution: {integrity: sha512-534m2WhVTddrcKVepwmVEVnUAmtrx9bfIjNoQHRqfnvdaHQiFytEhJoTgpWJvDEXCO5gLTQh3wYC1PgOJA4NSQ==} + + micromark@4.0.1: + resolution: {integrity: sha512-eBPdkcoCNvYcxQOAKAlceo5SNdzZWfF+FcSupREAzdAh9rRmE239CEQAiTwIgblwnoM8zzj35sZ5ZwvSEOF6Kw==} + + micromatch@4.0.8: + resolution: {integrity: sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==} + engines: {node: '>=8.6'} mimic-fn@4.0.0: resolution: {integrity: sha512-vqiC06CuhBTUdZH+RYl8sFrL096vA45Ok5ISO6sE/Mr1jRbGH4Csnhi8f3wKVl7x8mO4Au7Ir9D3Oyv1VYMFJw==} engines: {node: '>=12'} + mimic-function@5.0.1: + resolution: {integrity: sha512-VP79XUPxV2CigYP3jWwAUFSku2aKqBH7uTAapFWCBqutsbmDo96KY5o8uh6U+/YSIn5OxJnXp73beVkpqMIGhA==} + engines: {node: '>=18'} + minimatch@3.1.2: resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==} - minimatch@9.0.4: - resolution: {integrity: sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==} + minimatch@9.0.5: + resolution: {integrity: sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==} engines: {node: '>=16 || 14 >=14.17'} minimist@1.2.8: @@ -489,15 +550,15 @@ packages: resolution: {integrity: sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==} engines: {node: '>=16 || 14 >=14.17'} - ms@2.1.2: - resolution: {integrity: sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==} + ms@2.1.3: + resolution: {integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==} neo-async@2.6.2: resolution: {integrity: sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==} - normalize-package-data@6.0.0: - resolution: {integrity: sha512-UL7ELRVxYBHBgYEtZCXjxuD5vPxnmvMGq0jp/dGPKKrN7tfsBh2IY7TlJ15WWwdjRWD3RJbnsygUurTK3xkPkg==} - engines: {node: ^16.14.0 || >=18.0.0} + normalize-package-data@7.0.0: + resolution: {integrity: sha512-k6U0gKRIuNCTkwHGZqblCfLfBRh+w1vI6tBo+IeJwq2M8FUiOqhX7GH+GArQGScA7azd1WfyRCvxoXDO3hQDIA==} + engines: {node: ^18.17.0 || >=20.5.0} npm-run-path@5.2.0: resolution: {integrity: sha512-W4/tgAXFqFA0iL7fk0+uQ3g7wkL8xJmx3XdK0VGb4cHW//eZTtKGvFBBoRKVTpY7n6ze4NL9ly7rgXcHufqXKg==} @@ -506,18 +567,20 @@ packages: once@1.4.0: resolution: {integrity: sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==} - onetime@5.1.2: - resolution: {integrity: sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg==} - engines: {node: '>=6'} - onetime@6.0.0: resolution: {integrity: sha512-1FlR+gjXK7X+AsAHso35MnyN5KqGwJRi/31ft6x0M194ht7S+rWAvd7PHss9xSKMzE0asv1pyIHaJYq+BbacAQ==} engines: {node: '>=12'} - parse-json@8.1.0: - resolution: {integrity: sha512-rum1bPifK5SSar35Z6EKZuYPJx85pkNaFrxBK3mwdfSJ1/WKbYrjoW/zTPSjRRamfmVX1ACBIdFAO0VRErW/EA==} + onetime@7.0.0: + resolution: {integrity: sha512-VXJjc87FScF88uafS3JllDgvAm+c/Slfz06lorj2uAY34rlUu0Nt+v8wreiImcrgAjjIHp1rXpTDlLOGw29WwQ==} engines: {node: '>=18'} + package-json-from-dist@1.0.0: + resolution: {integrity: sha512-dATvCeZN/8wQsGywez1mzHtTlP22H8OEfPrVMLNr4/eGa+ijtLn/6M5f0dY8UKNrC2O9UCU6SSoG3qRKnt7STw==} + + parse-entities@4.0.2: + resolution: {integrity: sha512-GG2AQYWoLgL877gQIKeRPGO1xF9+eG1ujIb5soS5gPvLQ1y2o8FL90w2QWNdf9I361Mpp7726c+lj3U0qK1uGw==} + path-is-absolute@1.0.1: resolution: {integrity: sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==} engines: {node: '>=0.10.0'} @@ -543,8 +606,8 @@ packages: engines: {node: '>=0.10'} hasBin: true - prettier@3.3.3: - resolution: {integrity: sha512-i2tDNA0O5IrMO757lfrdQZCc2jPNDVntV0m/+4whiDfWaTKfMNgR7Qz0NAeGz/nRqF4m5/6CLzbP4/liHt12Ew==} + prettier@3.5.3: + resolution: {integrity: sha512-QQtaxnoDJeAkDvDKWCLiwIXkTgRhwYDEQCghU9Z6q03iyek/rxRh/2lC3HB7P8sWT2xC/y5JDctPLBIGzHKbhw==} engines: {node: '>=14'} hasBin: true @@ -552,24 +615,16 @@ packages: resolution: {integrity: sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==} engines: {node: '>=6'} - read-package-up@11.0.0: - resolution: {integrity: sha512-MbgfoNPANMdb4oRBNg5eqLbB2t2r+o5Ua1pNt8BqGp4I0FJZhuVSOj3PaBPni4azWuSzEdNn2evevzVmEk1ohQ==} - engines: {node: '>=18'} - - read-pkg@9.0.1: - resolution: {integrity: sha512-9viLL4/n1BJUCT1NXVTdS1jtm80yDEgR5T4yCelII49Mbj0v1rZdKqj7zCiYdbB0CuCgdrvHcNogAKTFPBocFA==} - engines: {node: '>=18'} - repeat-string@1.6.1: resolution: {integrity: sha512-PV0dzCYDNfRi1jCDbJzpW7jNNDRuCOG/jI5ctQcGKt/clZD+YcPS3yIlWuTJMmESC8aevCFmWJy5wjAFgNqN6w==} engines: {node: '>=0.10'} - restore-cursor@4.0.0: - resolution: {integrity: sha512-I9fPXU9geO9bHOt9pHHOhOkYerIMsmVaWB0rA2AI9ERh/+x/i7MV5HKBNrg+ljO5eoPVgCcnFuRjJ9uH6I/3eg==} - engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0} + restore-cursor@5.1.0: + resolution: {integrity: sha512-oMA2dcrw6u0YfxJQXm342bFKX/E4sG9rbTzO9ptUcR/e8A33cHuvStiYOwH7fszkZlZ1z/ta9AAoPk2F4qIOHA==} + engines: {node: '>=18'} - rfdc@1.3.1: - resolution: {integrity: sha512-r5a3l5HzYlIC68TpmYKlxWjmOP6wiPJ1vWv2HeLhNsRZMrCkxeqxiHlQ21oXmQ4F3SiryXBHhAD7JZqvOJjFmg==} + rfdc@1.4.1: + resolution: {integrity: sha512-q1b3N5QkRUWUl7iyylaaj3kOpIT0N2i9MqIEQXP73GVsN9cw3fdx8X63cEmWhJGi2PPCF23Ijp7ktmd39rawIA==} run-con@1.3.2: resolution: {integrity: sha512-CcfE+mYiTcKEzg0IqS08+efdnH0oJ3zV0wSUFBNrMHMuxCtXvBCLzCJHatwuXDcu/RlhjTziTo/a1ruQik6/Yg==} @@ -588,9 +643,6 @@ packages: resolution: {integrity: sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==} engines: {node: '>=8'} - signal-exit@3.0.7: - resolution: {integrity: sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==} - signal-exit@4.1.0: resolution: {integrity: sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==} engines: {node: '>=14'} @@ -603,9 +655,9 @@ packages: resolution: {integrity: sha512-bSiSngZ/jWeX93BqeIAbImyTbEihizcwNjFoRUIY/T1wWQsfsm2Vw1agPKylXvQTU7iASGdHhyqRlqQzfz+Htg==} engines: {node: '>=18'} - smol-toml@1.2.0: - resolution: {integrity: sha512-KObxdQANC/xje3OoatMbSwQf2XAvJ0RbK+4nmQRszFNZptbNRnMWqbLF/zb4sMi9xJ6HNyhWXeuZ9zC/I/XY7w==} - engines: {node: '>= 18', pnpm: '>= 9'} + smol-toml@1.3.1: + resolution: {integrity: sha512-tEYNll18pPKHroYSmLLrksq233j021G0giwW7P3D24jC54pQ5W5BXMsQ/Mvw1OJCmEYDgY+lrzT+3nNUtoNfXQ==} + engines: {node: '>= 18'} source-map@0.6.1: resolution: {integrity: sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==} @@ -655,10 +707,6 @@ packages: resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==} engines: {node: '>=8'} - supports-color@5.5.0: - resolution: {integrity: sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==} - engines: {node: '>=4'} - to-regex-range@5.0.1: resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==} engines: {node: '>=8.0'} @@ -666,14 +714,6 @@ packages: typanion@3.14.0: resolution: {integrity: sha512-ZW/lVMRabETuYCd9O9ZvMhAh8GslSqaUjxmK/JLPCh6l73CvLBiuXswj/+7LdnWOgYsQ130FqLzFz5aGT4I3Ug==} - type-fest@3.13.1: - resolution: {integrity: sha512-tLq3bSNx+xSpwvAJnzrK0Ep5CLNWjvFTOp71URMaAEWBfRb9nnJiBoUe0tF8bI4ZFO3omgBR6NvnbzVUT3Ly4g==} - engines: {node: '>=14.16'} - - type-fest@4.10.2: - resolution: {integrity: sha512-anpAG63wSpdEbLwOqH8L84urkL6PiVIov3EMmgIhhThevh9aiMQov+6Btx0wldNcvm4wV+e2/Rt1QdDwKHFbHw==} - engines: {node: '>=16'} - uc.micro@2.1.0: resolution: {integrity: sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==} @@ -682,13 +722,12 @@ packages: engines: {node: '>=0.8.0'} hasBin: true - unicorn-magic@0.1.0: - resolution: {integrity: sha512-lRfVq8fE8gz6QMBuDM6a+LO3IAzTi05H6gCVaUpir2E1Rwpo4ZUog45KpNXKC/Mn3Yb9UDuHumeFTo9iV/D9FQ==} - engines: {node: '>=18'} - validate-npm-package-license@3.0.4: resolution: {integrity: sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==} + walk-up-path@3.0.1: + resolution: {integrity: sha512-9YlCL/ynK3CTlrSRrDxZvUauLzAswPCrsaCgilqFevUYpeEW0/3ScEjaa3kbW/T0ghhkEr7mv+fpjqn1Y1YuTA==} + which@2.0.2: resolution: {integrity: sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==} engines: {node: '>= 8'} @@ -715,46 +754,28 @@ packages: yallist@4.0.0: resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==} - yaml@2.4.1: - resolution: {integrity: sha512-pIXzoImaqmfOrL7teGUBt/T7ZDnyeGBWyXQBvOVhLkWLN37GXv8NMLK406UY6dS51JfcQHsmcW5cJ441bHg6Lg==} - engines: {node: '>= 14'} - hasBin: true - - yaml@2.4.2: - resolution: {integrity: sha512-B3VqDZ+JAg1nZpaEmWtTXUlBneoGx6CPM9b0TENK6aoSu5t73dItudwdgmi6tHlIZZId4dZ9skcAQ2UbcyAeVA==} + yaml@2.7.0: + resolution: {integrity: sha512-+hSoy/QHluxmC9kCIJyL/uyFmLmc+e5CFR5Wa+bpIhIj85LVb9ZH2nVnqrHoSvKogwODv0ClqZkmiSSaIH5LTA==} engines: {node: '>= 14'} hasBin: true snapshots: - '@babel/code-frame@7.23.5': + '@bitnami/readme-generator-for-helm@2.7.0': dependencies: - '@babel/highlight': 7.23.4 - chalk: 2.4.2 - - '@babel/helper-validator-identifier@7.22.20': {} - - '@babel/highlight@7.23.4': - dependencies: - '@babel/helper-validator-identifier': 7.22.20 - chalk: 2.4.2 - js-tokens: 4.0.0 - - '@bitnami/readme-generator-for-helm@2.6.1': - dependencies: - commander: 7.2.0 + commander: 13.1.0 dot-object: 2.1.5 lodash: 4.17.21 markdown-table: 2.0.0 - yaml: 2.4.1 + yaml: 2.7.0 - '@conventional-changelog/git-client@1.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.0.0)': + '@conventional-changelog/git-client@1.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.1.0)': dependencies: '@types/semver': 7.5.8 semver: 7.6.0 optionalDependencies: conventional-commits-filter: 4.0.0 - conventional-commits-parser: 6.0.0 + conventional-commits-parser: 6.1.0 '@hutson/parse-repository-url@5.0.0': {} @@ -770,24 +791,28 @@ snapshots: '@pkgjs/parseargs@0.11.0': optional: true - '@types/normalize-package-data@2.4.4': {} + '@types/debug@4.1.12': + dependencies: + '@types/ms': 2.1.0 + + '@types/katex@0.16.7': {} + + '@types/ms@2.1.0': {} '@types/semver@7.5.8': {} + '@types/unist@2.0.11': {} + add-stream@1.0.0: {} - ansi-escapes@6.2.0: + ansi-escapes@7.0.0: dependencies: - type-fest: 3.13.1 + environment: 1.1.0 ansi-regex@5.0.1: {} ansi-regex@6.0.1: {} - ansi-styles@3.2.1: - dependencies: - color-convert: 1.9.3 - ansi-styles@4.3.0: dependencies: color-convert: 2.0.1 @@ -813,17 +838,17 @@ snapshots: dependencies: fill-range: 7.1.1 - chalk@2.4.2: - dependencies: - ansi-styles: 3.2.1 - escape-string-regexp: 1.0.5 - supports-color: 5.5.0 + chalk@5.4.1: {} - chalk@5.3.0: {} + character-entities-legacy@3.0.0: {} - cli-cursor@4.0.0: + character-entities@2.0.2: {} + + character-reference-invalid@2.0.1: {} + + cli-cursor@5.0.0: dependencies: - restore-cursor: 4.0.0 + restore-cursor: 5.1.0 cli-truncate@4.0.0: dependencies: @@ -834,25 +859,19 @@ snapshots: dependencies: typanion: 3.14.0 - color-convert@1.9.3: - dependencies: - color-name: 1.1.3 - color-convert@2.0.1: dependencies: color-name: 1.1.4 - color-name@1.1.3: {} - color-name@1.1.4: {} colorette@2.0.20: {} - commander@12.1.0: {} + commander@13.1.0: {} commander@6.2.1: {} - commander@7.2.0: {} + commander@8.3.0: {} compare-func@2.0.0: dependencies: @@ -865,24 +884,22 @@ snapshots: dependencies: compare-func: 2.0.0 - conventional-changelog-core@8.0.0(conventional-commits-filter@4.0.0): + conventional-changelog-core@9.0.0(conventional-commits-filter@4.0.0): dependencies: '@hutson/parse-repository-url': 5.0.0 add-stream: 1.0.0 - conventional-changelog-writer: 8.0.0 - conventional-commits-parser: 6.0.0 - git-raw-commits: 5.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.0.0) - git-semver-tags: 8.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.0.0) - hosted-git-info: 7.0.1 - normalize-package-data: 6.0.0 - read-package-up: 11.0.0 - read-pkg: 9.0.1 + conventional-changelog-writer: 8.0.1 + conventional-commits-parser: 6.1.0 + fd-package-json: 1.2.0 + git-raw-commits: 5.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.1.0) + git-semver-tags: 8.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.1.0) + hosted-git-info: 8.0.2 + normalize-package-data: 7.0.0 transitivePeerDependencies: - conventional-commits-filter - conventional-changelog-writer@8.0.0: + conventional-changelog-writer@8.0.1: dependencies: - '@types/semver': 7.5.8 conventional-commits-filter: 5.0.0 handlebars: 4.7.8 meow: 13.2.0 @@ -893,7 +910,7 @@ snapshots: conventional-commits-filter@5.0.0: {} - conventional-commits-parser@6.0.0: + conventional-commits-parser@6.1.0: dependencies: meow: 13.2.0 @@ -903,12 +920,22 @@ snapshots: shebang-command: 2.0.0 which: 2.0.2 - debug@4.3.4: + debug@4.4.0: dependencies: - ms: 2.1.2 + ms: 2.1.3 + + decode-named-character-reference@1.0.2: + dependencies: + character-entities: 2.0.2 deep-extend@0.6.0: {} + dequal@2.0.3: {} + + devlop@1.1.0: + dependencies: + dequal: 2.0.3 + dot-object@2.1.5: dependencies: commander: 6.2.1 @@ -928,7 +955,7 @@ snapshots: entities@4.5.0: {} - escape-string-regexp@1.0.5: {} + environment@1.1.0: {} eventemitter3@5.0.1: {} @@ -944,12 +971,14 @@ snapshots: signal-exit: 4.1.0 strip-final-newline: 3.0.0 + fd-package-json@1.2.0: + dependencies: + walk-up-path: 3.0.1 + fill-range@7.1.1: dependencies: to-regex-range: 5.0.1 - find-up-simple@1.0.0: {} - foreground-child@3.1.1: dependencies: cross-spawn: 7.0.3 @@ -957,36 +986,33 @@ snapshots: fs.realpath@1.0.0: {} - function-bind@1.1.2: {} - get-east-asian-width@1.2.0: {} - get-stdin@9.0.0: {} - get-stream@8.0.1: {} - git-raw-commits@5.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.0.0): + git-raw-commits@5.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.1.0): dependencies: - '@conventional-changelog/git-client': 1.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.0.0) + '@conventional-changelog/git-client': 1.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.1.0) meow: 13.2.0 transitivePeerDependencies: - conventional-commits-filter - conventional-commits-parser - git-semver-tags@8.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.0.0): + git-semver-tags@8.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.1.0): dependencies: - '@conventional-changelog/git-client': 1.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.0.0) + '@conventional-changelog/git-client': 1.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.1.0) meow: 13.2.0 transitivePeerDependencies: - conventional-commits-filter - conventional-commits-parser - glob@10.4.1: + glob@10.4.5: dependencies: foreground-child: 3.1.1 - jackspeak: 3.1.2 - minimatch: 9.0.4 + jackspeak: 3.4.3 + minimatch: 9.0.5 minipass: 7.1.2 + package-json-from-dist: 1.0.0 path-scurry: 1.11.1 glob@7.2.3: @@ -1007,23 +1033,15 @@ snapshots: optionalDependencies: uglify-js: 3.17.4 - has-flag@3.0.0: {} - - hasown@2.0.0: - dependencies: - function-bind: 1.1.2 - - hosted-git-info@7.0.1: + hosted-git-info@8.0.2: dependencies: lru-cache: 10.2.0 human-signals@5.0.0: {} - husky@9.1.4: {} + husky@9.1.7: {} - ignore@5.3.1: {} - - index-to-position@0.1.2: {} + ignore@7.0.3: {} inflight@1.0.6: dependencies: @@ -1034,9 +1052,14 @@ snapshots: ini@4.1.1: {} - is-core-module@2.13.1: + is-alphabetical@2.0.1: {} + + is-alphanumerical@2.0.1: dependencies: - hasown: 2.0.0 + is-alphabetical: 2.0.1 + is-decimal: 2.0.1 + + is-decimal@2.0.1: {} is-fullwidth-code-point@3.0.0: {} @@ -1046,6 +1069,8 @@ snapshots: dependencies: get-east-asian-width: 1.2.0 + is-hexadecimal@2.0.1: {} + is-number@7.0.0: {} is-obj@2.0.0: {} @@ -1054,58 +1079,60 @@ snapshots: isexe@2.0.0: {} - jackspeak@3.1.2: + jackspeak@3.4.3: dependencies: '@isaacs/cliui': 8.0.2 optionalDependencies: '@pkgjs/parseargs': 0.11.0 - js-tokens@4.0.0: {} - js-yaml@4.1.0: dependencies: argparse: 2.0.1 - jsonc-parser@3.2.1: {} + jsonc-parser@3.3.1: {} jsonpointer@5.0.1: {} - lilconfig@3.1.1: {} + katex@0.16.21: + dependencies: + commander: 8.3.0 + + lilconfig@3.1.3: {} linkify-it@5.0.0: dependencies: uc.micro: 2.1.0 - lint-staged@15.2.7: + lint-staged@15.5.0: dependencies: - chalk: 5.3.0 - commander: 12.1.0 - debug: 4.3.4 + chalk: 5.4.1 + commander: 13.1.0 + debug: 4.4.0 execa: 8.0.1 - lilconfig: 3.1.1 - listr2: 8.2.1 - micromatch: 4.0.7 + lilconfig: 3.1.3 + listr2: 8.2.5 + micromatch: 4.0.8 pidtree: 0.6.0 string-argv: 0.3.2 - yaml: 2.4.2 + yaml: 2.7.0 transitivePeerDependencies: - supports-color - listr2@8.2.1: + listr2@8.2.5: dependencies: cli-truncate: 4.0.0 colorette: 2.0.20 eventemitter3: 5.0.1 - log-update: 6.0.0 - rfdc: 1.3.1 + log-update: 6.1.0 + rfdc: 1.4.1 wrap-ansi: 9.0.0 lodash@4.17.21: {} - log-update@6.0.0: + log-update@6.1.0: dependencies: - ansi-escapes: 6.2.0 - cli-cursor: 4.0.0 + ansi-escapes: 7.0.0 + cli-cursor: 5.0.0 slice-ansi: 7.1.0 strip-ansi: 7.1.0 wrap-ansi: 9.0.0 @@ -1129,26 +1156,34 @@ snapshots: dependencies: repeat-string: 1.6.1 - markdownlint-cli@0.41.0: + markdownlint-cli@0.44.0: dependencies: - commander: 12.1.0 - get-stdin: 9.0.0 - glob: 10.4.1 - ignore: 5.3.1 + commander: 13.1.0 + glob: 10.4.5 + ignore: 7.0.3 js-yaml: 4.1.0 - jsonc-parser: 3.2.1 + jsonc-parser: 3.3.1 jsonpointer: 5.0.1 - markdownlint: 0.34.0 - minimatch: 9.0.4 + markdownlint: 0.37.4 + minimatch: 9.0.5 run-con: 1.3.2 - smol-toml: 1.2.0 + smol-toml: 1.3.1 + transitivePeerDependencies: + - supports-color - markdownlint-micromark@0.1.9: {} - - markdownlint@0.34.0: + markdownlint@0.37.4: dependencies: markdown-it: 14.1.0 - markdownlint-micromark: 0.1.9 + micromark: 4.0.1 + micromark-core-commonmark: 2.0.2 + micromark-extension-directive: 3.0.2 + micromark-extension-gfm-autolink-literal: 2.1.0 + micromark-extension-gfm-footnote: 2.1.0 + micromark-extension-gfm-table: 2.1.0 + micromark-extension-math: 3.1.0 + micromark-util-types: 2.0.1 + transitivePeerDependencies: + - supports-color mdurl@2.0.0: {} @@ -1156,20 +1191,192 @@ snapshots: merge-stream@2.0.0: {} - micromatch@4.0.7: + micromark-core-commonmark@2.0.2: + dependencies: + decode-named-character-reference: 1.0.2 + devlop: 1.1.0 + micromark-factory-destination: 2.0.1 + micromark-factory-label: 2.0.1 + micromark-factory-space: 2.0.1 + micromark-factory-title: 2.0.1 + micromark-factory-whitespace: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-chunked: 2.0.1 + micromark-util-classify-character: 2.0.1 + micromark-util-html-tag-name: 2.0.1 + micromark-util-normalize-identifier: 2.0.1 + micromark-util-resolve-all: 2.0.1 + micromark-util-subtokenize: 2.0.4 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-extension-directive@3.0.2: + dependencies: + devlop: 1.1.0 + micromark-factory-space: 2.0.1 + micromark-factory-whitespace: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + parse-entities: 4.0.2 + + micromark-extension-gfm-autolink-literal@2.1.0: + dependencies: + micromark-util-character: 2.1.1 + micromark-util-sanitize-uri: 2.0.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-extension-gfm-footnote@2.1.0: + dependencies: + devlop: 1.1.0 + micromark-core-commonmark: 2.0.2 + micromark-factory-space: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-normalize-identifier: 2.0.1 + micromark-util-sanitize-uri: 2.0.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-extension-gfm-table@2.1.0: + dependencies: + devlop: 1.1.0 + micromark-factory-space: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-extension-math@3.1.0: + dependencies: + '@types/katex': 0.16.7 + devlop: 1.1.0 + katex: 0.16.21 + micromark-factory-space: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-factory-destination@2.0.1: + dependencies: + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-factory-label@2.0.1: + dependencies: + devlop: 1.1.0 + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-factory-space@2.0.1: + dependencies: + micromark-util-character: 2.1.1 + micromark-util-types: 2.0.1 + + micromark-factory-title@2.0.1: + dependencies: + micromark-factory-space: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-factory-whitespace@2.0.1: + dependencies: + micromark-factory-space: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-util-character@2.1.1: + dependencies: + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-util-chunked@2.0.1: + dependencies: + micromark-util-symbol: 2.0.1 + + micromark-util-classify-character@2.0.1: + dependencies: + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-util-combine-extensions@2.0.1: + dependencies: + micromark-util-chunked: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-util-decode-numeric-character-reference@2.0.2: + dependencies: + micromark-util-symbol: 2.0.1 + + micromark-util-encode@2.0.1: {} + + micromark-util-html-tag-name@2.0.1: {} + + micromark-util-normalize-identifier@2.0.1: + dependencies: + micromark-util-symbol: 2.0.1 + + micromark-util-resolve-all@2.0.1: + dependencies: + micromark-util-types: 2.0.1 + + micromark-util-sanitize-uri@2.0.1: + dependencies: + micromark-util-character: 2.1.1 + micromark-util-encode: 2.0.1 + micromark-util-symbol: 2.0.1 + + micromark-util-subtokenize@2.0.4: + dependencies: + devlop: 1.1.0 + micromark-util-chunked: 2.0.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + + micromark-util-symbol@2.0.1: {} + + micromark-util-types@2.0.1: {} + + micromark@4.0.1: + dependencies: + '@types/debug': 4.1.12 + debug: 4.4.0 + decode-named-character-reference: 1.0.2 + devlop: 1.1.0 + micromark-core-commonmark: 2.0.2 + micromark-factory-space: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-chunked: 2.0.1 + micromark-util-combine-extensions: 2.0.1 + micromark-util-decode-numeric-character-reference: 2.0.2 + micromark-util-encode: 2.0.1 + micromark-util-normalize-identifier: 2.0.1 + micromark-util-resolve-all: 2.0.1 + micromark-util-sanitize-uri: 2.0.1 + micromark-util-subtokenize: 2.0.4 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.1 + transitivePeerDependencies: + - supports-color + + micromatch@4.0.8: dependencies: braces: 3.0.3 picomatch: 2.3.1 - mimic-fn@2.1.0: {} - mimic-fn@4.0.0: {} + mimic-function@5.0.1: {} + minimatch@3.1.2: dependencies: brace-expansion: 1.1.11 - minimatch@9.0.4: + minimatch@9.0.5: dependencies: brace-expansion: 2.0.1 @@ -1177,14 +1384,13 @@ snapshots: minipass@7.1.2: {} - ms@2.1.2: {} + ms@2.1.3: {} neo-async@2.6.2: {} - normalize-package-data@6.0.0: + normalize-package-data@7.0.0: dependencies: - hosted-git-info: 7.0.1 - is-core-module: 2.13.1 + hosted-git-info: 8.0.2 semver: 7.6.0 validate-npm-package-license: 3.0.4 @@ -1196,19 +1402,25 @@ snapshots: dependencies: wrappy: 1.0.2 - onetime@5.1.2: - dependencies: - mimic-fn: 2.1.0 - onetime@6.0.0: dependencies: mimic-fn: 4.0.0 - parse-json@8.1.0: + onetime@7.0.0: dependencies: - '@babel/code-frame': 7.23.5 - index-to-position: 0.1.2 - type-fest: 4.10.2 + mimic-function: 5.0.1 + + package-json-from-dist@1.0.0: {} + + parse-entities@4.0.2: + dependencies: + '@types/unist': 2.0.11 + character-entities-legacy: 3.0.0 + character-reference-invalid: 2.0.1 + decode-named-character-reference: 1.0.2 + is-alphanumerical: 2.0.1 + is-decimal: 2.0.1 + is-hexadecimal: 2.0.1 path-is-absolute@1.0.1: {} @@ -1225,32 +1437,18 @@ snapshots: pidtree@0.6.0: {} - prettier@3.3.3: {} + prettier@3.5.3: {} punycode.js@2.3.1: {} - read-package-up@11.0.0: - dependencies: - find-up-simple: 1.0.0 - read-pkg: 9.0.1 - type-fest: 4.10.2 - - read-pkg@9.0.1: - dependencies: - '@types/normalize-package-data': 2.4.4 - normalize-package-data: 6.0.0 - parse-json: 8.1.0 - type-fest: 4.10.2 - unicorn-magic: 0.1.0 - repeat-string@1.6.1: {} - restore-cursor@4.0.0: + restore-cursor@5.1.0: dependencies: - onetime: 5.1.2 - signal-exit: 3.0.7 + onetime: 7.0.0 + signal-exit: 4.1.0 - rfdc@1.3.1: {} + rfdc@1.4.1: {} run-con@1.3.2: dependencies: @@ -1269,8 +1467,6 @@ snapshots: shebang-regex@3.0.0: {} - signal-exit@3.0.7: {} - signal-exit@4.1.0: {} slice-ansi@5.0.0: @@ -1283,7 +1479,7 @@ snapshots: ansi-styles: 6.2.1 is-fullwidth-code-point: 5.0.0 - smol-toml@1.2.0: {} + smol-toml@1.3.1: {} source-map@0.6.1: {} @@ -1333,32 +1529,24 @@ snapshots: strip-json-comments@3.1.1: {} - supports-color@5.5.0: - dependencies: - has-flag: 3.0.0 - to-regex-range@5.0.1: dependencies: is-number: 7.0.0 typanion@3.14.0: {} - type-fest@3.13.1: {} - - type-fest@4.10.2: {} - uc.micro@2.1.0: {} uglify-js@3.17.4: optional: true - unicorn-magic@0.1.0: {} - validate-npm-package-license@3.0.4: dependencies: spdx-correct: 3.2.0 spdx-expression-parse: 3.0.1 + walk-up-path@3.0.1: {} + which@2.0.2: dependencies: isexe: 2.0.0 @@ -1387,6 +1575,4 @@ snapshots: yallist@4.0.0: {} - yaml@2.4.1: {} - - yaml@2.4.2: {} + yaml@2.7.0: {} diff --git a/renovate.json b/renovate.json index 0f47ba6..9e09aef 100644 --- a/renovate.json +++ b/renovate.json @@ -1,15 +1,23 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": ["forgejo-contrib/forgejo-renovate//base.json"], + "extends": [ + "forgejo-contrib/forgejo-renovate//base.json", + "forgejo-helm/forgejo-helm//.forgejo/renovate/k3s.json" + ], "assignees": ["viceice"], "baseBranches": ["main", "/^maint\\/.+/"], "packageRules": [ { - "description": "Disable major chart updates for maintenance branches", + "description": "Separate multiple major sub chart updates", + "matchFileNames": ["Chart.yaml"], + "separateMultipleMajor": true + }, + { + "description": "Require approval for major sub chart updates for maintenance branches", "matchBaseBranches": ["/^maint\\/.+/"], "matchUpdateTypes": ["major"], "matchFileNames": ["Chart.yaml"], - "enabled": false + "dependencyDashboardApproval": true }, { "matchManagers": ["helmv3"], @@ -34,13 +42,13 @@ "semanticCommitType": "feat" }, { - "description": "Automerge and group helm subchart updates daily (minor & patch)", + "description": "Automerge and group helm subchart updates weekly (minor & patch)", "matchManagers": ["helmv3"], "matchFileNames": ["Chart.yaml"], "matchUpdateTypes": ["minor", "patch"], "automerge": true, "groupName": "subcharts", - "extends": ["schedule:daily"] + "extends": ["schedule:weekly"] }, { "description": "Automerge dev deps updates", @@ -66,21 +74,9 @@ "matchUpdateTypes": ["digest"], "automerge": true }, - { - "description": "Separate minor and patch updates for kindest", - "matchPackageNames": ["kindest/node"], - "separateMinorPatch": true - }, - { - "description": "Require approval and no automerge for kindest major and minor updates", - "matchPackageNames": ["kindest/node"], - "matchUpdateTypes": ["major", "minor"], - "dependencyDashboardApproval": true, - "automerge": false - }, { "description": "Use test scope for forgejo ci tests", - "matchFileNames": ["ci/*.yml"], + "matchFileNames": ["ci/*.yaml"], "additionalBranchPrefix": "ci-forgejo-", "semanticCommitType": "ci", "semanticCommitScope": "forgejo", @@ -89,10 +85,15 @@ }, { "description": "Disable updates for forgejo ci tests", - "matchFileNames": ["ci/*.yml"], + "matchFileNames": ["ci/*.yaml"], "matchUpdateTypes": ["major", "minor", "patch"], "enabled": false }, + { + "description": "Don't pin digests for forgejo ci tests, not supported", + "matchFileNames": ["ci/*.yaml"], + "pinDigests": false + }, { "description": "branch automerge not possible", "automergeType": "pr", @@ -122,16 +123,15 @@ }, { "customType": "regex", - "description": "Update kindest kubernetes references", + "description": "Update k3s kubernetes references", "fileMatch": ["^\\.forgejo/workflows/[^/]+\\.ya?ml$"], - "matchStrings": [ - " +- (?v\\d+\\.\\d+\\.\\d+) # renovate: kindest\\n" - ], - "depNameTemplate": "kindest/node", - "datasourceTemplate": "docker" + "matchStrings": [" +- (?.+?) # renovate: k3s\\n"], + "depNameTemplate": "k3s", + "packageNameTemplate": "k3s-io/k3s", + "datasourceTemplate": "github-releases" } ], "helm-values": { - "fileMatch": ["^ci/.+\\.yml$"] + "fileMatch": ["^ci/.+\\.yaml$"] } } diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 30ee3b9..234c839 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -32,6 +32,14 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Get version from .Values.image.tag or Chart.AppVersion. +Trim optional docker digest. +*/}} +{{- define "gitea.version" -}} +{{- regexReplaceAll "@.+" (.Values.image.tag | default .Chart.AppVersion | toString) "" -}} +{{- end -}} + {{/* Create image name and tag used by the deployment. */}} @@ -74,7 +82,7 @@ imagePullSecrets: Storage Class */}} {{- define "gitea.persistence.storageClass" -}} -{{- $storageClass := .Values.persistence.storageClass | default .Values.global.storageClass }} +{{- $storageClass := (tpl ( default "" .Values.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }} {{- if $storageClass }} storageClassName: {{ $storageClass | quote }} {{- end }} @@ -87,8 +95,8 @@ Common labels helm.sh/chart: {{ include "gitea.chart" . }} app: {{ include "gitea.name" . }} {{ include "gitea.selectorLabels" . }} -app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} -version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ include "gitea.version" . | quote }} +version: {{ include "gitea.version" . | quote }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} @@ -113,20 +121,28 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "redis.dns" -}} -{{- if (index .Values "redis-cluster").enabled -}} +{{- if and ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} +{{- fail "redis and redis-cluster cannot be enabled at the same time. Please only choose one." -}} +{{- else if (index .Values "redis-cluster").enabled -}} {{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}} +{{- else if (index .Values "redis").enabled -}} +{{- printf "redis://:%s@%s-redis-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis").master.service.ports.redis -}} {{- end -}} {{- end -}} {{- define "redis.port" -}} {{- if (index .Values "redis-cluster").enabled -}} {{ (index .Values "redis-cluster").service.ports.redis }} +{{- else if (index .Values "redis").enabled -}} +{{ (index .Values "redis").master.service.ports.redis }} {{- end -}} {{- end -}} {{- define "redis.servicename" -}} {{- if (index .Values "redis-cluster").enabled -}} {{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} +{{- else if (index .Values "redis").enabled -}} +{{- printf "%s-redis-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} {{- end -}} {{- end -}} @@ -208,7 +224,7 @@ https {{- $_ := set $inlines $key (join "\n" $section) -}} {{- end -}} {{- else }} - {{- if or (eq $key "APP_NAME") (eq $key "RUN_USER") (eq $key "RUN_MODE") -}} + {{- if or (eq $key "APP_NAME") (eq $key "RUN_USER") (eq $key "RUN_MODE") (eq $key "APP_SLOGAN") (eq $key "APP_DISPLAY_NAME_FORMAT") -}} {{- $generals = append $generals (printf "%s=%s" $key $value) -}} {{- else -}} {{- (printf "Key %s cannot be on top level of configuration" $key) | fail -}} @@ -271,7 +287,7 @@ https {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} {{- end -}} {{- /* redis queue */ -}} - {{- if (index .Values "redis-cluster").enabled -}} + {{- if or ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}} {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}} {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}} @@ -392,3 +408,11 @@ https {{- define "gitea.serviceAccountName" -}} {{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }} {{- end -}} + +{{- define "gitea.admin.passwordMode" -}} +{{- if has .Values.gitea.admin.passwordMode (tuple "keepUpdated" "initialOnlyNoReset" "initialOnlyRequireReset") -}} +{{ .Values.gitea.admin.passwordMode }} +{{- else -}} +{{ printf "gitea.admin.passwordMode must be set to one of 'keepUpdated', 'initialOnlyNoReset', or 'initialOnlyRequireReset'. Received: '%s'" .Values.gitea.admin.passwordMode | fail }} +{{- end -}} +{{- end -}} diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 80e39dd..c551c96 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "gitea.fullname" . }}-inline-config + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} type: Opaque @@ -88,15 +89,18 @@ stringData: env2ini::log " + '${setting}'" + local masked_setting="${setting//./_0X2E_}" # '//' instructs to replace all matches + masked_setting="${masked_setting//-/_0X2D_}" + if [[ -z "${section}" ]]; then - export "FORGEJO____${setting^^}=${value}" # '^^' makes the variable content uppercase + export "FORGEJO____${masked_setting^^}=${value}" # '^^' makes the variable content uppercase return fi local masked_section="${section//./_0X2E_}" # '//' instructs to replace all matches masked_section="${masked_section//-/_0X2D_}" - export "FORGEJO__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase + export "FORGEJO__${masked_section^^}__${masked_setting^^}=${value}" # '^^' makes the variable content uppercase } function env2ini::reload_preset_envs() { diff --git a/templates/gitea/deployment.yaml b/templates/gitea/deployment.yaml index ca1bdd9..f82c407 100644 --- a/templates/gitea/deployment.yaml +++ b/templates/gitea/deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "gitea.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} annotations: {{- if .Values.deployment.annotations }} {{- toYaml .Values.deployment.annotations | nindent 4 }} @@ -56,7 +57,7 @@ spec: {{- end }} {{- include "gitea.images.pullSecrets" . | nindent 6 }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} initContainers: - name: init-directories image: "{{ include "gitea.image" . }}" @@ -90,7 +91,7 @@ spec: {{- end }} {{- include "gitea.init-additional-mounts" . | nindent 12 }} securityContext: - {{- toYaml .Values.containerSecurityContext | nindent 12 }} + {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} resources: {{- toYaml .Values.initContainers.resources | nindent 12 }} - name: init-app-ini @@ -130,7 +131,7 @@ spec: {{- end }} {{- include "gitea.init-additional-mounts" . | nindent 12 }} securityContext: - {{- toYaml .Values.containerSecurityContext | nindent 12 }} + {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} resources: {{- toYaml .Values.initContainers.resources | nindent 12 }} {{- if .Values.signing.enabled }} @@ -144,7 +145,7 @@ spec: {{- if not (hasKey $csc "runAsUser") -}} {{- $_ := set $csc "runAsUser" 1000 -}} {{- end -}} - {{- toYaml $csc | nindent 12 }} + {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $csc "context" $) | nindent 12 }} env: - name: GNUPGHOME value: {{ .Values.signing.gpgHome }} @@ -175,7 +176,7 @@ spec: {{- if not (hasKey $csc "runAsUser") -}} {{- $_ := set $csc "runAsUser" 1000 -}} {{- end -}} - {{- toYaml $csc | nindent 12 }} + {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $csc "context" $) | nindent 12 }} env: - name: GITEA_APP_INI value: /data/gitea/conf/app.ini @@ -243,6 +244,8 @@ spec: - name: GITEA_ADMIN_PASSWORD value: {{ .Values.gitea.admin.password | quote }} {{- end }} + - name: GITEA_ADMIN_PASSWORD_MODE + value: {{ include "gitea.admin.passwordMode" $ }} {{- if .Values.deployment.env }} {{- toYaml .Values.deployment.env | nindent 12 }} {{- end }} @@ -324,9 +327,9 @@ spec: securityContext: {{- /* Honor the deprecated securityContext variable when defined */ -}} {{- if .Values.containerSecurityContext -}} - {{ toYaml .Values.containerSecurityContext | nindent 12 -}} + {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} {{- else -}} - {{ toYaml .Values.securityContext | nindent 12 -}} + {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.securityContext "context" $) | nindent 12 }} {{- end }} volumeMounts: - name: temp @@ -350,7 +353,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: + topologySpreadConstraints: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} @@ -400,4 +403,4 @@ spec: {{- else if not .Values.persistence.enabled }} - name: data emptyDir: {} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/templates/gitea/gpg-secret.yaml b/templates/gitea/gpg-secret.yaml index 12dce66..0b7716a 100644 --- a/templates/gitea/gpg-secret.yaml +++ b/templates/gitea/gpg-secret.yaml @@ -7,6 +7,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "gitea.gpg-key-secret-name" . }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} type: Opaque diff --git a/templates/gitea/http-svc.yaml b/templates/gitea/http-svc.yaml index 0ec7370..6962930 100644 --- a/templates/gitea/http-svc.yaml +++ b/templates/gitea/http-svc.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "gitea.fullname" . }}-http + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} {{- if .Values.service.http.labels }} @@ -11,7 +12,11 @@ metadata: {{- toYaml .Values.service.http.annotations | nindent 4 }} spec: type: {{ .Values.service.http.type }} - {{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }} + {{- if eq .Values.service.http.type "LoadBalancer" }} + {{- if .Values.service.http.loadBalancerClass }} + loadBalancerClass: {{ .Values.service.http.loadBalancerClass }} + {{- end }} + {{- if and .Values.service.http.loadBalancerIP }} loadBalancerIP: {{ .Values.service.http.loadBalancerIP }} {{- end }} {{- if .Values.service.http.loadBalancerSourceRanges }} @@ -20,6 +25,7 @@ spec: - {{ . }} {{- end }} {{- end }} + {{- end }} {{- if .Values.service.http.externalIPs }} externalIPs: {{- toYaml .Values.service.http.externalIPs | nindent 4 }} @@ -43,6 +49,6 @@ spec: {{- if .Values.service.http.nodePort }} nodePort: {{ .Values.service.http.nodePort }} {{- end }} - targetPort: {{ .Values.gitea.config.server.HTTP_PORT }} + targetPort: http selector: {{- include "gitea.selectorLabels" . | nindent 4 }} diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml index 9991eec..d764bb6 100644 --- a/templates/gitea/ingress.yaml +++ b/templates/gitea/ingress.yaml @@ -1,18 +1,10 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "gitea.fullname" . -}} -{{- $httpPort := .Values.service.http.port -}} -{{- $apiVersion := "extensions/v1beta1" -}} -{{- if .Values.ingress.apiVersion -}} -{{- $apiVersion = .Values.ingress.apiVersion -}} -{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} -{{- $apiVersion = "networking.k8s.io/v1" }} -{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}} -{{- $apiVersion = "networking.k8s.io/v1beta1" }} -{{- end }} -apiVersion: {{ $apiVersion }} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} annotations: @@ -21,7 +13,7 @@ metadata: {{- end }} spec: {{- if .Values.ingress.className }} - ingressClassName: {{ .Values.ingress.className }} + ingressClassName: {{ tpl .Values.ingress.className . }} {{- end }} {{- if .Values.ingress.tls }} tls: @@ -40,19 +32,14 @@ spec: paths: {{- range .paths }} - path: {{ .path }} - {{- if and .pathType (eq $apiVersion "networking.k8s.io/v1") }} + {{- if .pathType }} pathType: {{ .pathType }} {{- end }} backend: - {{- if eq $apiVersion "networking.k8s.io/v1" }} service: name: {{ $fullName }}-http port: - number: {{ $httpPort }} - {{- else }} - serviceName: {{ $fullName }}-http - servicePort: {{ $httpPort }} - {{- end }} + name: http {{- end }} {{- end }} {{- end }} diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 6c89dc7..546f4c4 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "gitea.fullname" . }}-init + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} type: Opaque @@ -109,13 +110,26 @@ stringData: local ACCOUNT_ID=$(echo "${actual_user_table}" | grep -E "\s+${GITEA_ADMIN_USERNAME}\s+" | awk -F " " "{printf \$1}") if [[ -z "${ACCOUNT_ID}" ]]; then + local -a create_args + create_args=(--admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }}) + if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = initialOnlyRequireReset ]]; then + create_args+=(--must-change-password=true) + else + create_args+=(--must-change-password=false) + fi echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..." - gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }} --must-change-password=false + gitea admin user create "${create_args[@]}" echo '...created.' else - echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." - gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --must-change-password=false - echo '...password sync done.' + if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = keepUpdated ]]; then + echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." + local -a change_args + change_args=(--username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --must-change-password=false) + gitea admin user change-password "${change_args[@]}" + echo '...password sync done.' + else + echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist, but update mode is set to '${GITEA_ADMIN_PASSWORD_MODE}'. Skipping." + fi fi } diff --git a/templates/gitea/poddisruptionbudget.yaml b/templates/gitea/poddisruptionbudget.yaml index d2b7e17..d40a166 100644 --- a/templates/gitea/poddisruptionbudget.yaml +++ b/templates/gitea/poddisruptionbudget.yaml @@ -1,12 +1,9 @@ {{- if .Values.podDisruptionBudget -}} -{{- if .Capabilities.APIVersions.Has "policy/v1" }} apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} kind: PodDisruptionBudget metadata: name: {{ include "gitea.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} spec: @@ -14,4 +11,4 @@ spec: matchLabels: {{- include "gitea.selectorLabels" . | nindent 6 }} {{- toYaml .Values.podDisruptionBudget | nindent 2 }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/templates/gitea/pvc.yaml b/templates/gitea/pvc.yaml index 25b4af8..2c82cb0 100644 --- a/templates/gitea/pvc.yaml +++ b/templates/gitea/pvc.yaml @@ -3,7 +3,7 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ .Values.persistence.claimName }} - namespace: {{ $.Release.Namespace }} + namespace: {{ include "common.names.namespace" . | quote }} annotations: {{ .Values.persistence.annotations | toYaml | indent 4}} {{- if .Values.persistence.labels }} diff --git a/templates/gitea/route.yaml b/templates/gitea/route.yaml new file mode 100644 index 0000000..740721f --- /dev/null +++ b/templates/gitea/route.yaml @@ -0,0 +1,43 @@ +{{- if .Values.route.enabled -}} +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "gitea.fullname" . }}-http + namespace: {{ include "common.names.namespace" . | quote }} + labels: + {{- include "gitea.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.route.annotations | nindent 4 }} +spec: + {{- if .Values.route.host }} + host: {{ tpl .Values.route.host $ | quote }} + {{- end }} + {{- if .Values.route.wildcardPolicy }} + wildcardPolicy: {{ .Values.route.wildcardPolicy }} + {{- end }} + to: + kind: Service + name: {{ include "gitea.fullname" . }}-http + weight: 100 + port: + targetPort: http + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + {{- if .Values.route.tls.existingSecret }} + externalCertificate: {{ .Values.route.tls.existingSecret }} + {{- else if and .Values.route.tls.certificate + .Values.route.tls.privateKey + .Values.route.tls.caCertificate }} + certificate: | +{{ .Values.route.tls.certificate | indent 6 }} + key: | +{{ .Values.route.tls.privateKey | indent 6 }} + caCertificate: | +{{ .Values.route.tls.caCertificate | indent 6 }} + {{- else if or .Values.route.tls.certificate + .Values.route.tls.privateKey + .Values.route.tls.caCertificate }} + {{- fail "certificate, privateKey and caCertificate must be specified together" }} + {{- end }} +{{- end }} diff --git a/templates/gitea/serviceaccount.yaml b/templates/gitea/serviceaccount.yaml index e730f9c..e97608b 100644 --- a/templates/gitea/serviceaccount.yaml +++ b/templates/gitea/serviceaccount.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "gitea.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} {{- with .Values.serviceAccount.labels }} diff --git a/templates/gitea/servicemonitor.yaml b/templates/gitea/servicemonitor.yaml index 02750d0..c740ec8 100644 --- a/templates/gitea/servicemonitor.yaml +++ b/templates/gitea/servicemonitor.yaml @@ -3,6 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "gitea.fullname" . }} + namespace: {{ default (include "common.names.namespace" .) .Values.gitea.metrics.serviceMonitor.namespace | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} {{- if .Values.gitea.metrics.serviceMonitor.additionalLabels }} @@ -14,4 +15,4 @@ spec: {{- include "gitea.selectorLabels" . | nindent 6 }} endpoints: - port: http -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/templates/gitea/ssh-svc.yaml b/templates/gitea/ssh-svc.yaml index 3ee756c..c1576da 100644 --- a/templates/gitea/ssh-svc.yaml +++ b/templates/gitea/ssh-svc.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "gitea.fullname" . }}-ssh + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} {{- if .Values.service.ssh.labels }} @@ -12,6 +13,9 @@ metadata: spec: type: {{ .Values.service.ssh.type }} {{- if eq .Values.service.ssh.type "LoadBalancer" }} + {{- if .Values.service.ssh.loadBalancerClass }} + loadBalancerClass: {{ .Values.service.ssh.loadBalancerClass }} + {{- end }} {{- if .Values.service.ssh.loadBalancerIP }} loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }} {{- end -}} @@ -43,7 +47,7 @@ spec: - name: ssh port: {{ .Values.service.ssh.port }} {{- if .Values.gitea.config.server.SSH_LISTEN_PORT }} - targetPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }} + targetPort: ssh {{- end }} protocol: TCP {{- if .Values.service.ssh.nodePort }} diff --git a/templates/tests/test-http-connection.yaml b/templates/tests/test-http-connection.yaml index 8157442..1a2e13f 100644 --- a/templates/tests/test-http-connection.yaml +++ b/templates/tests/test-http-connection.yaml @@ -6,7 +6,7 @@ metadata: labels: {{ include "gitea.labels" . | nindent 4 }} annotations: - "helm.sh/hook": test-success + "helm.sh/hook": test spec: containers: - name: wget diff --git a/tools/changelog.mjs b/tools/changelog.mjs index 1336934..0fe6c09 100644 --- a/tools/changelog.mjs +++ b/tools/changelog.mjs @@ -1,67 +1,12 @@ -import conventionalChangelogCore from 'conventional-changelog-core'; -import conventionalChangelogPreset from 'conventional-changelog-conventionalcommits'; -import fs from 'node:fs'; +import { getChangelog } from './changelog/util.js'; -const config = conventionalChangelogPreset({ - types: [ - { - type: 'feat', - section: 'Features', - }, - { - type: 'fix', - section: 'Bug Fixes', - }, - { - type: 'perf', - section: 'Performance Improvements', - }, - { - type: 'revert', - section: 'Reverts', - }, - { - type: 'docs', - section: 'Documentation', - }, - { - type: 'style', - section: 'Styles', - }, - { - type: 'refactor', - section: 'Code Refactoring', - }, - { - type: 'test', - section: 'Tests', - }, - { - type: 'build', - section: 'Build System', - }, - { - type: 'ci', - section: 'Continuous Integration', - }, - { - type: 'chore', - section: 'Miscellaneous Chores', - }, - ], -}); +const stream = getChangelog(!!process.argv[2]).setEncoding('utf8'); -const file = process.argv[3] - ? fs.createWriteStream(process.argv[3]) - : process.stdout; +const changes = (await stream.toArray()).join(''); -conventionalChangelogCore( - { - config, - releaseCount: 2, - }, - { version: process.argv[2], linkCompare: false }, - undefined, - undefined, - { headerPartial: '' }, -).pipe(file); +if (!changes.length) { + console.error('No changelog found'); + process.exit(1); +} + +process.stdout.write(changes); diff --git a/tools/changelog/util.js b/tools/changelog/util.js index 6883d54..bbbe366 100644 --- a/tools/changelog/util.js +++ b/tools/changelog/util.js @@ -56,17 +56,16 @@ export const config = conventionalChangelogPreset({ /** * - * @param {string} version - * @param {boolean} onTag + * @param {boolean|undefined} onTag * @returns */ -export function getChangelog(version, onTag) { +export function getChangelog(onTag = false) { return conventionalChangelogCore( { config, releaseCount: onTag ? 2 : 1, }, - { version, linkCompare: false }, + undefined, undefined, undefined, { headerPartial: '' }, diff --git a/tools/ct.yml b/tools/ct.yml index 0f81989..3d241fc 100644 --- a/tools/ct.yml +++ b/tools/ct.yml @@ -1,3 +1,4 @@ +# https://github.com/helm/chart-testing/blob/main/doc/ct_install.md helm-extra-args: --timeout 3m check-version-increment: false debug: true diff --git a/tools/forgejo-release.js b/tools/forgejo-release.js index fe0f9bc..bdbe8e2 100644 --- a/tools/forgejo-release.js +++ b/tools/forgejo-release.js @@ -68,7 +68,7 @@ class GiteaReleaseCommand extends Command { return 1; } - const stream = getChangelog(tag, true).setEncoding('utf8'); + const stream = getChangelog(true).setEncoding('utf8'); const changes = (await stream.toArray()).join(''); this.context.stdout.write(`Creating release ${tag}.\n`); diff --git a/unittests/config/cache-config.yaml b/unittests/config/cache-config.yaml index f0291a4..b935fd1 100644 --- a/unittests/config/cache-config.yaml +++ b/unittests/config/cache-config.yaml @@ -8,6 +8,8 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -16,11 +18,28 @@ tests: ADAPTER=redis HOST=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& - - it: "cache is configured correctly for 'memory' when redis-cluster is disabled" + - it: 'cache is configured correctly for redis' template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.cache + value: |- + ADAPTER=redis + HOST=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + + - it: "cache is configured correctly for 'memory' when redis (or redis-cluster) is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -29,11 +48,13 @@ tests: ADAPTER=memory HOST= - - it: 'cache can be customized when redis-cluster is disabled' + - it: 'cache can be customized when redis (or redis-cluster) is disabled' template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: false gitea.config.cache.ADAPTER: custom-adapter gitea.config.cache.HOST: custom-host asserts: diff --git a/unittests/config/queue-config.yaml b/unittests/config/queue-config.yaml index fcc1998..cdb2678 100644 --- a/unittests/config/queue-config.yaml +++ b/unittests/config/queue-config.yaml @@ -8,6 +8,8 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -16,11 +18,28 @@ tests: CONN_STR=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& TYPE=redis - - it: "queue is configured correctly for 'levelDB' when redis-cluster is disabled" + - it: 'queue is configured correctly for redis' template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.queue + value: |- + CONN_STR=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + TYPE=redis + + - it: "queue is configured correctly for 'levelDB' when redis (and redis-cluster) is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -29,11 +48,13 @@ tests: CONN_STR= TYPE=level - - it: 'queue can be customized when redis-cluster is disabled' + - it: 'queue can be customized when redis (and redis-cluster) are disabled' template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: false gitea.config.queue.TYPE: custom-type gitea.config.queue.CONN_STR: custom-connection-string asserts: diff --git a/unittests/config/session-config.yaml b/unittests/config/session-config.yaml index cf5fb1b..2a49baa 100644 --- a/unittests/config/session-config.yaml +++ b/unittests/config/session-config.yaml @@ -8,6 +8,8 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -16,11 +18,28 @@ tests: PROVIDER=redis PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& - - it: "session is configured correctly for 'memory' when redis-cluster is disabled" + - it: 'session is configured correctly for redis' template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.session + value: |- + PROVIDER=redis + PROVIDER_CONFIG=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + + - it: "session is configured correctly for 'memory' when redis (and redis-cluster) is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -29,11 +48,13 @@ tests: PROVIDER=memory PROVIDER_CONFIG= - - it: 'session can be customized when redis-cluster is disabled' + - it: 'session can be customized when redis (and redis-cluster) is disabled' template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: false gitea.config.session.PROVIDER: custom-provider gitea.config.session.PROVIDER_CONFIG: custom-provider-config asserts: diff --git a/unittests/dependency-major-image-check.yaml b/unittests/dependency-major-image-check.yaml index a8967c3..1ff65cc 100644 --- a/unittests/dependency-major-image-check.yaml +++ b/unittests/dependency-major-image-check.yaml @@ -15,7 +15,7 @@ tests: matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST - pattern: ^docker.io/bitnami/postgresql-repmgr:16.+$ + pattern: ^docker.io/bitnami/postgresql-repmgr:17.+$ - it: '[postgresql] ensures we detect major image version upgrades' template: charts/postgresql/templates/primary/statefulset.yaml set: @@ -28,15 +28,30 @@ tests: matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST - pattern: ^docker.io/bitnami/postgresql:16.+$ + pattern: ^docker.io/bitnami/postgresql:17.+$ - it: '[redis-cluster] ensures we detect major image version upgrades' template: charts/redis-cluster/templates/redis-statefulset.yaml set: redis-cluster: enabled: true + redis: + enabled: false + asserts: + - documentIndex: 0 + matchRegex: + path: spec.template.spec.containers[0].image + # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST + pattern: bitnami/redis-cluster:7.+$ + - it: '[redis] ensures we detect major image version upgrades' + template: charts/redis/templates/master/application.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: true asserts: - documentIndex: 0 matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST - pattern: ^docker.io/bitnami/redis-cluster:7.+$ + pattern: bitnami/redis:7.+$ diff --git a/unittests/deployment/ingress-configuration.yaml b/unittests/deployment/ingress-configuration.yaml index 2d2476e..4dfda51 100644 --- a/unittests/deployment/ingress-configuration.yaml +++ b/unittests/deployment/ingress-configuration.yaml @@ -15,9 +15,33 @@ tests: hosts: - '{{ .Values.global.giteaHostName }}' asserts: + - isKind: + of: Ingress - equal: path: spec.tls[0].hosts[0] value: 'gitea.example.com' - equal: path: spec.rules[0].host value: 'gitea.example.com' + - it: Ingress Class using TPL + set: + global.ingress.className: 'ingress-class' + ingress.className: '{{ .Values.global.ingress.className }}' + ingress.enabled: true + ingress.hosts[0].host: 'some-host' + ingress.tls: + - secretName: gitea-tls + hosts: + - 'some-host' + asserts: + - isKind: + of: Ingress + - equal: + path: spec.tls[0].hosts[0] + value: 'some-host' + - equal: + path: spec.rules[0].host + value: 'some-host' + - equal: + path: spec.ingressClassName + value: 'ingress-class' diff --git a/unittests/deployment/route-configuration.yaml b/unittests/deployment/route-configuration.yaml new file mode 100644 index 0000000..b4da640 --- /dev/null +++ b/unittests/deployment/route-configuration.yaml @@ -0,0 +1,155 @@ +# $schema: https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json +suite: route template +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/route.yaml +tests: + - it: hostname using TPL + set: + global.giteaHostName: 'gitea.example.com' + route.enabled: true + route.host: '{{ .Values.global.giteaHostName }}' + asserts: + - isKind: + of: Route + - equal: + path: spec.host + value: 'gitea.example.com' + - notExists: + path: spec.wildcardPolicy + - it: wildcard policy + set: + global.giteaHostName: 'gitea.example.com' + route.enabled: true + route.wildcardPolicy: 'Subdomain' + asserts: + - isKind: + of: Route + - equal: + path: spec.wildcardPolicy + value: 'Subdomain' + - it: existing certificate + set: + route.enabled: true + route.tls.existingSecret: certificate-secret + route.tls.certificate: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + route.tls.privateKey: | + -----BEGIN PRIVATE KEY----- + ... + -----END PRIVATE KEY----- + route.tls.caCertificate: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + asserts: + - isKind: + of: Route + - equal: + path: spec.tls.externalCertificate + value: certificate-secret + - notExists: + path: spec.tls.certificate + - notExists: + path: spec.tls.key + - notExists: + path: spec.tls.caCertificate + - it: valid certificate values + set: + route.enabled: true + route.tls.certificate: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + route.tls.privateKey: | + -----BEGIN PRIVATE KEY----- + ... + -----END PRIVATE KEY----- + route.tls.caCertificate: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + asserts: + - isKind: + of: Route + - notExists: + path: spec.tls.externalCertificate + - equal: + path: spec.tls.certificate + value: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + - equal: + path: spec.tls.key + value: | + -----BEGIN PRIVATE KEY----- + ... + -----END PRIVATE KEY----- + - equal: + path: spec.tls.caCertificate + value: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + - it: missing certificate values + set: + route.enabled: true + route.tls.privateKey: | + -----BEGIN PRIVATE KEY----- + ... + -----END PRIVATE KEY----- + route.tls.caCertificate: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + asserts: + - failedTemplate: + errorMessage: certificate, privateKey and caCertificate must be specified together + - it: missing privateKey values + set: + route.enabled: true + route.tls.certificate: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + route.tls.caCertificate: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + asserts: + - failedTemplate: + errorMessage: certificate, privateKey and caCertificate must be specified together + - it: missing caCertificate values + set: + route.enabled: true + route.tls.certificate: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + route.tls.privateKey: | + -----BEGIN PRIVATE KEY----- + ... + -----END PRIVATE KEY----- + asserts: + - failedTemplate: + errorMessage: certificate, privateKey and caCertificate must be specified together diff --git a/unittests/deployment/security-context-normal.yaml b/unittests/deployment/security-context-normal.yaml new file mode 100644 index 0000000..2418371 --- /dev/null +++ b/unittests/deployment/security-context-normal.yaml @@ -0,0 +1,25 @@ +# $schema: https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json +suite: deployment template (security context) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/deployment.yaml + - templates/gitea/config.yaml +tests: + - it: FS group set to 1000 + template: templates/gitea/deployment.yaml + set: + image.rootless: false + asserts: + - equal: + path: spec.template.spec.securityContext.fsGroup + value: 1000 + - it: run configure-gitea with UID 1000 + template: templates/gitea/deployment.yaml + set: + image.rootless: false + asserts: + - equal: + path: spec.template.spec.initContainers[?(@.name == 'configure-gitea')].securityContext.runAsUser + value: 1000 diff --git a/unittests/deployment/security-context-ocp.yaml b/unittests/deployment/security-context-ocp.yaml new file mode 100644 index 0000000..5f7127a --- /dev/null +++ b/unittests/deployment/security-context-ocp.yaml @@ -0,0 +1,25 @@ +# $schema: https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json +suite: deployment template (security context) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/deployment.yaml + - templates/gitea/config.yaml +tests: + - it: FS group not set + template: templates/gitea/deployment.yaml + set: + image.rootless: false + global.compatibility.openshift.adaptSecurityContext: force + asserts: + - notExists: + path: spec.template.spec.securityContext.fsGroup + - it: configure-gitea without runaAsUser + template: templates/gitea/deployment.yaml + set: + image.rootless: false + global.compatibility.openshift.adaptSecurityContext: force + asserts: + - notExists: + path: spec.template.spec.initContainers[?(@.name == 'configure-gitea')].securityContext.runAsUser diff --git a/unittests/deployment/svc-configuration.yaml b/unittests/deployment/svc-configuration.yaml index 0ddccad..f39bb1b 100644 --- a/unittests/deployment/svc-configuration.yaml +++ b/unittests/deployment/svc-configuration.yaml @@ -58,4 +58,71 @@ tests: value: 22 - equal: path: spec.ports[0].targetPort - value: 2222 + value: ssh + + - it: render service.ssh.loadBalancerClass if set and type is LoadBalancer + template: templates/gitea/ssh-svc.yaml + set: + service: + ssh: + loadBalancerClass: 'example.com/class' + type: LoadBalancer + loadBalancerIP: '1.2.3.4' + loadBalancerSourceRanges: + - '1.2.3.4/32' + - '5.6.7.8/32' + asserts: + - equal: + path: spec.loadBalancerClass + value: 'example.com/class' + - equal: + path: spec.loadBalancerIP + value: '1.2.3.4' + - equal: + path: spec.loadBalancerSourceRanges + value: ['1.2.3.4/32', '5.6.7.8/32'] + + - it: does not render when loadbalancer properties are set but type is not loadBalancerClass + template: templates/gitea/http-svc.yaml + set: + service: + http: + type: ClusterIP + loadBalancerClass: 'example.com/class' + loadBalancerIP: '1.2.3.4' + loadBalancerSourceRanges: + - '1.2.3.4/32' + - '5.6.7.8/32' + asserts: + - notExists: + path: spec.loadBalancerClass + - notExists: + path: spec.loadBalancerIP + - notExists: + path: spec.loadBalancerSourceRanges + + - it: does not render loadBalancerClass by default even when type is LoadBalancer + template: templates/gitea/http-svc.yaml + set: + service: + http: + type: LoadBalancer + loadBalancerIP: '1.2.3.4' + asserts: + - notExists: + path: spec.loadBalancerClass + - equal: + path: spec.loadBalancerIP + value: '1.2.3.4' + + - it: both ssh and http services exist + templates: + - templates/gitea/ssh-svc.yaml + - templates/gitea/http-svc.yaml + asserts: + - matchRegex: + path: metadata.name + pattern: '^gitea-unittests-forgejo-(?:ssh|http)$' + - matchRegex: + path: spec.ports[0].name + pattern: '^(?:ssh|http)$' diff --git a/unittests/pvc/pvc-configuration.yaml b/unittests/pvc/pvc-configuration.yaml new file mode 100644 index 0000000..c3afaaf --- /dev/null +++ b/unittests/pvc/pvc-configuration.yaml @@ -0,0 +1,19 @@ +suite: PVC template +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/pvc.yaml +tests: + - it: Storage Class using TPL + set: + global.persistence.storageClass: 'storage-class' + persistence.enabled: true + persistence.create: true + persistence.storageClass: '{{ .Values.global.persistence.storageClass }}' + asserts: + - isKind: + of: PersistentVolumeClaim + - equal: + path: spec.storageClassName + value: 'storage-class' diff --git a/unittests/values-conflicting-checks.yaml b/unittests/values-conflicting-checks.yaml new file mode 100644 index 0000000..a257690 --- /dev/null +++ b/unittests/values-conflicting-checks.yaml @@ -0,0 +1,14 @@ +suite: Values conflicting checks +release: + name: gitea-unittests + namespace: testing +tests: + - it: fails when trying to configure redis and redis-cluster the same time + set: + redis-cluster: + enabled: true + redis: + enabled: true + asserts: + - failedTemplate: + errorMessage: redis and redis-cluster cannot be enabled at the same time. Please only choose one. diff --git a/values.yaml b/values.yaml index 058eb70..4af2e9f 100644 --- a/values.yaml +++ b/values.yaml @@ -20,6 +20,10 @@ global: # hostnames: # - example.com +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: '' + ## @param replicaCount number of replicas for the deployment replicaCount: 1 @@ -97,7 +101,7 @@ podDisruptionBudget: {} service: ## @param service.http.type Kubernetes service type for web traffic ## @param service.http.port Port number for web traffic - ## @param service.http.clusterIP ClusterIP setting for http autosetup for deployment is None + ## @param service.http.clusterIP ClusterIP setting for http autosetup for deployment ## @param service.http.loadBalancerIP LoadBalancer IP setting ## @param service.http.nodePort NodePort for http service ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation @@ -107,10 +111,11 @@ service: ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer ## @param service.http.annotations HTTP service annotations ## @param service.http.labels HTTP service additional labels + ## @param service.http.loadBalancerClass Loadbalancer class http: type: ClusterIP port: 3000 - clusterIP: None + clusterIP: loadBalancerIP: nodePort: externalTrafficPolicy: @@ -120,9 +125,10 @@ service: loadBalancerSourceRanges: [] annotations: {} labels: {} + loadBalancerClass: ## @param service.ssh.type Kubernetes service type for ssh traffic ## @param service.ssh.port Port number for ssh traffic - ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None + ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment ## @param service.ssh.loadBalancerIP LoadBalancer IP setting ## @param service.ssh.nodePort NodePort for ssh service ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation @@ -133,10 +139,11 @@ service: ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer ## @param service.ssh.annotations SSH service annotations ## @param service.ssh.labels SSH service additional labels + ## @param service.ssh.loadBalancerClass Loadbalancer class ssh: type: ClusterIP port: 22 - clusterIP: None + clusterIP: loadBalancerIP: nodePort: externalTrafficPolicy: @@ -147,6 +154,7 @@ service: loadBalancerSourceRanges: [] annotations: {} labels: {} + loadBalancerClass: ## @section Ingress ## @param ingress.enabled Enable ingress @@ -156,7 +164,6 @@ service: ## @param ingress.hosts[0].paths[0].path Default Ingress path ## @param ingress.hosts[0].paths[0].pathType Ingress path type ## @param ingress.tls Ingress tls settings -## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd. ingress: enabled: false # className: nginx @@ -174,9 +181,48 @@ ingress: # - secretName: chart-example-tls # hosts: # - git.example.com - # Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar - # If helm doesn't correctly detect your ingress API version you can set it here. - # apiVersion: networking.k8s.io/v1 + +## @section Route +## @param route.enabled Enable route +## @param route.annotations Route annotations +## @param route.host Host to use for the route (will be assigned automatically by OKD / OpenShift is not defined) +## @param route.wildcardPolicy Wildcard policy if any for the route, currently only 'Subdomain' or 'None' is allowed. +## @param route.tls.termination termination type (see [OKD documentation](https://docs.okd.io/latest/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)) +## @param route.tls.insecureEdgeTerminationPolicy the desired behavior for insecure connections to a route (e.g. with http) +## @param route.tls.existingSecret the name of a predefined secret of type kubernetes.io/tls with both key (tls.crt and tls.key) set accordingly (if defined attributes 'certificate', 'caCertificate' and 'privateKey' are ignored) +## @param route.tls.certificate PEM encoded single certificate +## @param route.tls.privateKey PEM encoded private key +## @param route.tls.caCertificate PEM encoded CA certificate or chain that issued the certificate +## @param route.tls.destinationCACertificate PEM encoded CA certificate used to verify the authenticity of final end point when 'termination' is set to 'passthrough' (ignored otherwise) +route: + enabled: false + annotations: {} + host: + wildcardPolicy: + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + existingSecret: + certificate: + # certificate: |- + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + privateKey: + # privateKey: |- + # -----BEGIN PRIVATE KEY----- + # ... + # -----END PRIVATE KEY----- + caCertificate: + # caCertificate: |- + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + destinationCACertificate: + # destinationCACertificate: |- + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- ## @section deployment # @@ -323,7 +369,7 @@ initContainers: # ## @param signing.enabled Enable commit/action signing ## @param signing.gpgHome GPG home directory -## @param signing.privateKey Inline private gpg key for signed internal Git activity +## @param signing.privateKey Inline private GPG key for signed internal Git activity ## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey` signing: enabled: false @@ -342,19 +388,23 @@ gitea: ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials ## @param gitea.admin.password Password for the Forgejo admin user ## @param gitea.admin.email Email for the Forgejo admin user + ## @param gitea.admin.passwordMode Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated admin: # existingSecret: gitea-admin-secret existingSecret: username: gitea_admin password: r8sA8CPHD9!bt6d email: 'gitea@local.domain' + passwordMode: keepUpdated ## @param gitea.metrics.enabled Enable Forgejo metrics ## @param gitea.metrics.serviceMonitor.enabled Enable Forgejo metrics service monitor + ## @param gitea.metrics.serviceMonitor.namespace Namespace in which Prometheus is running metrics: enabled: false serviceMonitor: enabled: false + namespace: '' # additionalLabels: # prometheus-release: prom1 @@ -410,12 +460,10 @@ gitea: ## @section `app.ini` overrides ## @descriptionStart - ## ## Every value described in the [Cheat ## Sheet](https://forgejo.org/docs/latest/admin/config-cheat-sheet/) can be ## set as a Helm value. Configuration sections map to (lowercased) YAML ## blocks, while the keys themselves remain in all caps. - ## ## @descriptionEnd config: # values in the DEFAULT section @@ -585,7 +633,8 @@ gitea: ## @section ReadinessProbe # ## @param gitea.readinessProbe.enabled Enable readiness probe - ## @param gitea.readinessProbe.tcpSocket.port Port to probe for readiness + ## @param gitea.readinessProbe.httpGet.path Path to probe for readiness + ## @param gitea.readinessProbe.httpGet.port Port to probe for readiness ## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated ## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe ## @param gitea.readinessProbe.periodSeconds Period for readiness probe @@ -594,7 +643,8 @@ gitea: # Modify the readiness probe for your needs or completely disable it by commenting out. readinessProbe: enabled: true - tcpSocket: + httpGet: + path: /api/healthz port: http initialDelaySeconds: 5 timeoutSeconds: 1 @@ -625,10 +675,11 @@ gitea: ## @section Redis® Cluster ## @descriptionStart ## Redis® Cluster is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) if enabled in the values. -## Complete Configuration can be taken from their website. +## Full configuration options are available on their website. +## Redis cluster and [Redis](#redis) cannot be enabled at the same time. ## @descriptionEnd # -## @param redis-cluster.enabled Enable redis +## @param redis-cluster.enabled Enable redis cluster ## @param redis-cluster.usePassword Whether to use password authentication ## @param redis-cluster.cluster.nodes Number of redis cluster master nodes ## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas @@ -639,10 +690,30 @@ redis-cluster: nodes: 3 # default: 6 replicas: 0 # default: 1 +## @section Redis® +## @descriptionStart +## Redis® is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis) if enabled in the values. +## Full configuration options are available on their website. +## Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. +## @descriptionEnd +# +## @param redis.enabled Enable redis standalone or replicated +## @param redis.architecture Whether to use standalone or replication +## @param redis.global.redis.password Required password +## @param redis.master.count Number of Redis master instances to deploy +redis: + enabled: false + architecture: standalone + global: + redis: + password: changeme + master: + count: 1 + ## @section PostgreSQL HA ## @descriptionStart ## PostgreSQL HA is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) if enabled in the values. -## Complete Configuration can be taken from their website. +## Full configuration options are available on their website. ## @descriptionEnd # ## @param postgresql-ha.enabled Enable PostgreSQL HA chart @@ -678,7 +749,7 @@ postgresql-ha: ## @section PostgreSQL ## @descriptionStart ## PostgreSQL is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) if enabled in the values. -## Complete Configuration can be taken from their website. +## Full configuration options are available on their website. ## @descriptionEnd # ## @param postgresql.enabled Enable PostgreSQL @@ -705,8 +776,8 @@ postgresql: # By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update. # Set it to false to skip this basic validation check. ## @section Advanced -## @param checkDeprecation Set it to false to skip this basic validation check. -## @param test.enabled Set it to false to disable test-connection Pod. +## @param checkDeprecation Whether to run this basic validation check. +## @param test.enabled Whether to use test-connection Pod. ## @param test.image.name Image name for the wget container used in the test-connection Pod. ## @param test.image.tag Image tag for the wget container used in the test-connection Pod. checkDeprecation: true @@ -716,6 +787,6 @@ test: name: busybox tag: latest -## @param extraDeploy Array of extra objects to deploy with the release +## @param extraDeploy Array of extra objects to deploy with the release. ## extraDeploy: []