diff --git a/.forgejo/actions/setup-node/action.yml b/.forgejo/actions/setup-node/action.yml index 5e74305..5ab39be 100644 --- a/.forgejo/actions/setup-node/action.yml +++ b/.forgejo/actions/setup-node/action.yml @@ -10,7 +10,7 @@ runs: with: standalone: true - - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 + - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version-file: .node-version cache: 'pnpm' diff --git a/.forgejo/renovate/k3s.json b/.forgejo/renovate/k3s.json new file mode 100644 index 0000000..edb593d --- /dev/null +++ b/.forgejo/renovate/k3s.json @@ -0,0 +1,57 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "packageRules": [ + { + "description": "Separate minor and patch updates for k3s", + "matchDatasources": ["github-releases"], + "matchPackageNames": ["k3s-io/k3s"], + "separateMultipleMinor": true, + "separateMinorPatch": true, + "branchTopic": "{{{depNameSanitized}}}{{#if isMinor}}-minor{{/if}}-{{{newMajor}}}{{#if isPatch}}.{{{newMinor}}}{{/if}}.x{{#if isLockfileUpdate}}-lockfile{{/if}}", + "commitMessageSuffix": "{{#if isMinor}}(minor){{/if}}{{#if isPatch}}(patch){{/if}}" + }, + { + "description": "No automerge for k3s major and minor updates", + "matchDatasources": ["github-releases"], + "matchPackageNames": ["k3s-io/k3s"], + "matchUpdateTypes": ["major", "minor"], + "automerge": false + }, + { + "description": "Group k3s patch updates", + "matchDatasources": ["github-releases"], + "matchPackageNames": ["k3s-io/k3s"], + "matchUpdateTypes": ["patch"], + "groupName": "k3s" + }, + { + "description": "Disable k3s major and minor updates for old versions", + "matchDatasources": ["github-releases"], + "matchFileNames": [".forgejo/workflows/**"], + "matchPackageNames": ["k3s-io/k3s"], + "matchUpdateTypes": ["major", "minor"], + "matchCurrentValue": "!/^v1.32/", + "enabled": false + } + ], + "customDatasources": { + "k3s": { + "defaultRegistryUrlTemplate": "https://update.k3s.io/v1-release/channels", + "transformTemplates": [ + "($isVersion:=function($name){$contains($name,/^v\\d+.\\d+$/)};{\"releases\":[data[$isVersion(name)].{\"version\":latest}],\"sourceUrl\":\"https://github.com/k3s-io/k3s\",\"homepage\":\"https://k3s.io/\"})" + ] + } + }, + "customManagers": [ + { + "customType": "regex", + "fileMatch": [".forgejo/renovate/k3s.json"], + "matchStrings": [ + "matchCurrentValue\": \"!\\/^v(?\\d+\\.\\d+)\\/" + ], + "depNameTemplate": "k3s", + "versioningTemplate": "npm", + "datasourceTemplate": "custom.k3s" + } + ] +} diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml index 781d7fa..5418491 100644 --- a/.forgejo/workflows/build.yml +++ b/.forgejo/workflows/build.yml @@ -8,15 +8,16 @@ on: - maint/** tags: - v* + workflow_dispatch: permissions: contents: read env: - HELM_VERSION: v3.17.0 # renovate: datasource=github-releases depName=helm packageName=helm/helm + HELM_VERSION: v3.17.2 # renovate: datasource=github-releases depName=helm packageName=helm/helm HELM_UNITTEST_VERSION: v0.7.2 # renovate: datasource=github-releases depName=helm-unittest packageName=helm-unittest/helm-unittest HELM_CHART_TESTING_VERSION: v3.12.0 # renovate: datasource=github-releases depName=chart-testing packageName=helm/chart-testing - KUBECTL_VERSION: v1.32.1 # renovate: datasource=github-releases depName=kubectl packageName=kubernetes/kubernetes + KUBECTL_VERSION: v1.32.3 # renovate: datasource=github-releases depName=kubectl packageName=kubernetes/kubernetes CT_GITHUB_GROUPS: true jobs: @@ -64,7 +65,7 @@ jobs: version: ${{ env.HELM_CHART_TESTING_VERSION }} - name: install helm - uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 with: version: ${{ env.HELM_VERSION }} @@ -88,12 +89,14 @@ jobs: strategy: matrix: k3s: + # https://github.com/k3s-io/k3s/branches # oldest supported version - v1.28.15+k3s1 # renovate: k3s + # https://github.com/k3s-io/k3s/blob/master/channel.yaml#L3-L4 # stable version - - v1.31.5+k3s1 # renovate: k3s + - v1.31.6+k3s1 # renovate: k3s # newest version - - v1.32.1+k3s1 # renovate: k3s + - v1.32.2+k3s1 # renovate: k3s steps: - run: cat /etc/os-release @@ -107,7 +110,7 @@ jobs: - uses: ./.forgejo/actions/setup - name: install helm - uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 with: version: ${{ env.HELM_VERSION }} @@ -123,12 +126,12 @@ jobs: - run: kubectl get no -o wide - name: install chart - uses: https://github.com/nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0 + uses: https://github.com/nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 with: timeout_minutes: 15 max_attempts: 3 retry_on: error - retry_wait_seconds: 60 + retry_wait_seconds: 120 polling_interval_seconds: 5 command: ct install --config tools/ct.yml --charts . @@ -176,7 +179,7 @@ jobs: - uses: ./.forgejo/actions/setup-node - name: install helm - uses: https://github.com/azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + uses: https://github.com/azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 with: version: ${{ env.HELM_VERSION }} diff --git a/.forgejo/workflows/mirror.yml b/.forgejo/workflows/mirror.yml index c4345e5..0e7c901 100644 --- a/.forgejo/workflows/mirror.yml +++ b/.forgejo/workflows/mirror.yml @@ -6,6 +6,8 @@ on: branches: - 'main' + workflow_dispatch: + jobs: mirror: runs-on: docker diff --git a/Chart.lock b/Chart.lock index 73add99..bff1098 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,18 @@ dependencies: +- name: common + repository: oci://ghcr.io/visualon/bitnamicharts + version: 2.30.0 - name: postgresql repository: oci://ghcr.io/visualon/bitnamicharts - version: 15.5.38 + version: 16.5.6 - name: postgresql-ha repository: oci://ghcr.io/visualon/bitnamicharts - version: 14.3.10 + version: 15.3.8 - name: redis-cluster repository: oci://ghcr.io/visualon/bitnamicharts - version: 11.4.1 -digest: sha256:d3ffe6e28eef50f27b517170b15c76ab627973f318b663b90c86a61a929da07b -generated: "2025-01-27T00:01:22.05229759Z" + version: 11.4.6 +- name: redis + repository: oci://ghcr.io/visualon/bitnamicharts + version: 20.11.4 +digest: sha256:a9c9f0779663336dd22ca4896f22bb64427e28f20aa567aee2f18474f8e31a23 +generated: "2025-03-26T15:31:33.532188569Z" diff --git a/Chart.yaml b/Chart.yaml index c9b2685..8218677 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: forgejo description: Forgejo Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 7.0.13 +appVersion: 10.0.3 icon: https://code.forgejo.org/forgejo/forgejo/raw/branch/forgejo/assets/logo.svg home: https://forgejo.org/ @@ -28,18 +28,29 @@ maintainers: # https://github.com/bitnami/charts/issues/30853 # https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 dependencies: + # https://github.com/bitnami/charts/blob/main/bitnami/common/Chart.yaml + - name: common + repository: oci://ghcr.io/visualon/bitnamicharts + tags: + - bitnami-common + version: 2.30.0 # https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml - name: postgresql repository: oci://ghcr.io/visualon/bitnamicharts - version: 15.5.38 + version: 16.5.6 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://ghcr.io/visualon/bitnamicharts - version: 14.3.10 + version: 15.3.8 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://ghcr.io/visualon/bitnamicharts - version: 11.4.1 + version: 11.4.6 condition: redis-cluster.enabled + # https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml + - name: redis + repository: oci://ghcr.io/visualon/bitnamicharts + version: 20.11.4 + condition: redis.enabled diff --git a/LICENSE b/LICENSE index bbf54de..b073755 100644 --- a/LICENSE +++ b/LICENSE @@ -1,5 +1,6 @@ MIT License +Copyright (c) 2023 The Forgejo Authors Copyright (c) 2020 The Gitea Authors Copyright (c) 2020 NOVUM-RGI Copyright (c) 2019 - 2020 Charlie Drage diff --git a/Makefile b/Makefile index 8354304..dd97d84 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ readme: prepare-environment .PHONY: unittests unittests: - helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' ./ + helm unittest --strict -f 'unittests/**/*.yaml' ./ .PHONY: helm update-helm-dependencies: diff --git a/README.md b/README.md index 2f0a6fe..8a448fa 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,6 @@ - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini) - [External Database](#external-database) - [Ports and external url](#ports-and-external-url) - - [ClusterIP](#clusterip) - [SSH and Ingress](#ssh-and-ingress) - [SSH on crio based kubernetes cluster](#ssh-on-crio-based-kubernetes-cluster) - [Cache](#cache) @@ -51,11 +50,16 @@ - [ReadinessProbe](#readinessprobe) - [StartupProbe](#startupprobe) - [Redis® Cluster](#redis-cluster) + - [Redis®](#redis) - [PostgreSQL HA](#postgresql-ha) - [PostgreSQL](#postgresql) - [Advanced](#advanced) - [Contributing](#contributing) - [Upgrading](#upgrading) + - [To v11](#to-v11) + - [To v10](#to-v10) + - [To v9](#to-v9) + - [To v8](#to-v8) - [To v7](#to-v7) - [To v6](#to-v6) @@ -97,7 +101,8 @@ These dependencies are enabled by default: Alternatively, the following non-HA replacements are available: -- PostgreSQL ([Bitnami PostgreSQL]()) +- PostgreSQL ([Bitnami PostgreSQL](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml)) +- Redis ([Bitnami Redis](https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml)) ### Dependency Versioning @@ -116,6 +121,7 @@ Please double-check the image repository and available tags in the sub-chart: - [PostgreSQL-HA](https://hub.docker.com/r/bitnami/postgresql-repmgr/tags) - [PostgreSQL](https://hub.docker.com/r/bitnami/postgresql/tags) - [Redis Cluster](https://hub.docker.com/r/bitnami/redis-cluster/tags) +- [Redis](https://hub.docker.com/r/bitnami/redis/tags) and look up the image tag which fits your needs on Dockerhub. @@ -170,14 +176,14 @@ gitea: This chart will set a few defaults in the Forgejo configuration based on the service and ingress settings. All defaults can be overwritten in `gitea.config`. -INSTALL_LOCK is always set to true, since we want to configure Forgejo with this helm chart and everything is taken care of. +INSTALL_LOCK is always set to true because the configuration in this helm chart makes any configuration via installer superfluous. _All default settings are made directly in the generated `app.ini`, not in the Values._ #### Database defaults -If a builtIn database is enabled the database configuration is set automatically. -For example, PostgreSQL builtIn will appear in the `app.ini` as: +If a database subchart is enabled, the database configuration is set automatically. +For example, PostgreSQL will appear in the `app.ini` as: ```ini [database] @@ -250,7 +256,7 @@ External tools such as `redis-cluster` or `memcached` handle these workloads muc If HA is not needed/desired, the following configurations can be used to deploy a single-pod Forgejo instance. -1. For a production-ready single-pod Forgejo instance without external dependencies (using the chart dependency `postgresql`): +1. For a production-ready single-pod Forgejo instance without external dependencies (using the chart dependency `postgresql` and `redis`):
@@ -259,6 +265,8 @@ If HA is not needed/desired, the following configurations can be used to deploy ```yaml redis-cluster: enabled: false + redis: + enabled: true postgresql: enabled: true postgresql-ha: @@ -271,12 +279,6 @@ If HA is not needed/desired, the following configurations can be used to deploy config: database: DB_TYPE: postgres - session: - PROVIDER: db - cache: - ADAPTER: memory - queue: - TYPE: level indexer: ISSUE_INDEXER_TYPE: bleve REPO_INDEXER_ENABLED: true @@ -296,6 +298,8 @@ If HA is not needed/desired, the following configurations can be used to deploy ```yaml redis-cluster: enabled: false + redis: + enabled: false postgresql: enabled: false postgresql-ha: @@ -445,23 +449,6 @@ This helm chart automatically configures the clone urls to use the correct ports You can change these ports by hand using the `gitea.config` dict. However you should know what you're doing. -### ClusterIP - -By default the `clusterIP` will be set to `None`, which is the default for headless services. -However if you want to omit the clusterIP field in the service, use the following values: - -```yaml -service: - http: - type: ClusterIP - port: 3000 - clusterIP: - ssh: - type: ClusterIP - port: 22 - clusterIP: -``` - ### SSH and Ingress If you're using ingress and want to use SSH, keep in mind, that ingress is not able to forward SSH Ports. @@ -471,7 +458,7 @@ You will need a LoadBalancer like `metallb` and a setting in your ssh service an service: ssh: annotations: - metallb.universe.tf/allow-shared-ip: test + metallb.io/allow-shared-ip: test ``` ### SSH on crio based kubernetes cluster @@ -544,8 +531,6 @@ postgresql: This chart enables you to create a default admin user. It is also possible to update the password for this user by upgrading or redeploying the chart. -It is not possible to delete an admin user after it has been created. -This has to be done in the ui. You cannot use `admin` as username. ```yaml @@ -575,6 +560,22 @@ gitea: existingSecret: gitea-admin-secret ``` +To delete the admin user, set `username` or `password` to an empty value and delete the user in the UI. + +Whether you use the existing Secret or specify a username and password directly, there are three modes for how the admin user password is created or set. + +- `keepUpdated` (the default) will set the admin user password, and reset it to the defined value every time the pod is recreated. +- `initialOnlyNoReset` will set the admin user password when creating it, but never try to update the password. +- `initialOnlyRequireReset` will set the admin user password when creating it, never update it, and require that the password be changed at the initial login. + +These modes can be set like the following: + +```yaml +gitea: + admin: + passwordMode: initialOnlyRequireReset +``` + ### LDAP Settings Like the admin user the LDAP settings can be updated. @@ -632,7 +633,7 @@ Affected options: Like the admin user, OAuth2 settings can be updated and disabled but not deleted. Deleting OAuth2 settings has to be done in the UI. -All OAuth2 values, which are documented [here](https://forgejo.org/docs/latest/admin/command-line/#admin), are available. +[All OAuth2 values](https://forgejo.org/docs/latest/admin/command-line/#admin-auth-add-oauth) are available. Multiple OAuth2 sources can be configured with additional OAuth list items. @@ -671,14 +672,29 @@ gitea: existingSecret: gitea-oauth-secret ``` +### Compatibility with OCP (OKD or OpenShift) + +Normally OCP is automatically detected and the compatibility mode set accordingly. To enforce the OCP compatibility mode use the following configuration: + +```yaml +global: + compatibility: + openshift: + adaptSecurityContext: force +``` + +An OCP route to access Forgejo can be enabled with the following config: + +```yaml +route: + enabled: true +``` + ## Configure commit signing -When using the rootless image the gpg key folder is not persistent by default. -If you consider using signed commits for internal Forgejo activities (e.g. initial commit), you'd need to provide a signing key. -Prior to [PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be re-imported once the container got replaced by another. - -The mentioned PR introduced a new configuration object `signing` allowing you to configure prerequisites for commit signing. -By default this section is disabled to maintain backwards compatibility. +When using the rootless image, the GPG key folder is not persistent by default. +If you want commits by Forgejo (e.g. initial commit) to be signed, +you need to provide a signing key: ```yaml signing: @@ -686,8 +702,10 @@ signing: gpgHome: /data/git/.gnupg ``` -Regardless of the used container image the `signing` object allows to specify a private gpg key. -Either using the `signing.privateKey` to define the key inline, or refer to an existing secret containing the key data by using `signing.existingSecret`. +By default this section is disabled to maintain backwards compatibility. + +Regardless of the used container image the `signing` object allows to specify a private GPG key. +Either using the `signing.privateKey` to define the key inline, or referring to an existing secret containing the key data with `signing.existingSecret`. ```yaml apiVersion: v1 @@ -707,7 +725,7 @@ signing: existingSecret: custom-gitea-gpg-key ``` -To use the gpg key, Forgejo needs to be configured accordingly. +To use the GPG key, Forgejo needs to be configured accordingly. A detailed description can be found in the [documentation](https://forgejo.org/docs/latest/admin/signing/#general-configuration). ## Metrics and profiling @@ -846,6 +864,7 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus | `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets` | `[]` | | `global.storageClass` | global storage class override | `""` | | `global.hostAliases` | global hostAliases which will be added to the pod's hosts files | `[]` | +| `namespaceOverride` | String to fully override common.names.namespace | `""` | | `replicaCount` | number of replicas for the deployment | `1` | ### strategy @@ -885,7 +904,7 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus | --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | `service.http.type` | Kubernetes service type for web traffic | `ClusterIP` | | `service.http.port` | Port number for web traffic | `3000` | -| `service.http.clusterIP` | ClusterIP setting for http autosetup for deployment is None | `None` | +| `service.http.clusterIP` | ClusterIP setting for http autosetup for deployment | `nil` | | `service.http.loadBalancerIP` | LoadBalancer IP setting | `nil` | | `service.http.nodePort` | NodePort for http service | `nil` | | `service.http.externalTrafficPolicy` | If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` | @@ -895,9 +914,10 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus | `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` | | `service.http.annotations` | HTTP service annotations | `{}` | | `service.http.labels` | HTTP service additional labels | `{}` | +| `service.http.loadBalancerClass` | Loadbalancer class | `nil` | | `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` | | `service.ssh.port` | Port number for ssh traffic | `22` | -| `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for deployment is None | `None` | +| `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for deployment | `nil` | | `service.ssh.loadBalancerIP` | LoadBalancer IP setting | `nil` | | `service.ssh.nodePort` | NodePort for ssh service | `nil` | | `service.ssh.externalTrafficPolicy` | If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` | @@ -908,19 +928,35 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus | `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` | | `service.ssh.annotations` | SSH service annotations | `{}` | | `service.ssh.labels` | SSH service additional labels | `{}` | +| `service.ssh.loadBalancerClass` | Loadbalancer class | `nil` | ### Ingress -| Name | Description | Value | -| ------------------------------------ | --------------------------------------------------------------------------- | ----------------- | -| `ingress.enabled` | Enable ingress | `false` | -| `ingress.className` | Ingress class name | `nil` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.hosts[0].host` | Default Ingress host | `git.example.com` | -| `ingress.hosts[0].paths[0].path` | Default Ingress path | `/` | -| `ingress.hosts[0].paths[0].pathType` | Ingress path type | `Prefix` | -| `ingress.tls` | Ingress tls settings | `[]` | -| `ingress.apiVersion` | Specify APIVersion of ingress object. Mostly would only be used for argocd. | | +| Name | Description | Value | +| ------------------------------------ | -------------------- | ----------------- | +| `ingress.enabled` | Enable ingress | `false` | +| `ingress.className` | Ingress class name | `nil` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.hosts[0].host` | Default Ingress host | `git.example.com` | +| `ingress.hosts[0].paths[0].path` | Default Ingress path | `/` | +| `ingress.hosts[0].paths[0].pathType` | Ingress path type | `Prefix` | +| `ingress.tls` | Ingress tls settings | `[]` | + +### Route + +| Name | Description | Value | +| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | +| `route.enabled` | Enable route | `false` | +| `route.annotations` | Route annotations | `{}` | +| `route.host` | Host to use for the route (will be assigned automatically by OKD / OpenShift is not defined) | `nil` | +| `route.wildcardPolicy` | Wildcard policy if any for the route, currently only 'Subdomain' or 'None' is allowed. | `nil` | +| `route.tls.termination` | termination type (see [OKD documentation](https://docs.okd.io/latest/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)) | `edge` | +| `route.tls.insecureEdgeTerminationPolicy` | the desired behavior for insecure connections to a route (e.g. with http) | `Redirect` | +| `route.tls.existingSecret` | the name of a predefined secret of type kubernetes.io/tls with both key (tls.crt and tls.key) set accordingly (if defined attributes 'certificate', 'caCertificate' and 'privateKey' are ignored) | `nil` | +| `route.tls.certificate` | PEM encoded single certificate | `nil` | +| `route.tls.privateKey` | PEM encoded private key | `nil` | +| `route.tls.caCertificate` | PEM encoded CA certificate or chain that issued the certificate | `nil` | +| `route.tls.destinationCACertificate` | PEM encoded CA certificate used to verify the authenticity of final end point when 'termination' is set to 'passthrough' (ignored otherwise) | `nil` | ### deployment @@ -985,25 +1021,27 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus | ------------------------ | ----------------------------------------------------------------- | ------------------ | | `signing.enabled` | Enable commit/action signing | `false` | | `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` | -| `signing.privateKey` | Inline private gpg key for signed internal Git activity | `""` | +| `signing.privateKey` | Inline private GPG key for signed internal Git activity | `""` | | `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""` | ### Gitea -| Name | Description | Value | -| -------------------------------------- | --------------------------------------------------------------------------- | -------------------- | -| `gitea.admin.username` | Username for the Forgejo admin user | `gitea_admin` | -| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | -| `gitea.admin.password` | Password for the Forgejo admin user | `r8sA8CPHD9!bt6d` | -| `gitea.admin.email` | Email for the Forgejo admin user | `gitea@local.domain` | -| `gitea.metrics.enabled` | Enable Forgejo metrics | `false` | -| `gitea.metrics.serviceMonitor.enabled` | Enable Forgejo metrics service monitor | `false` | -| `gitea.ldap` | LDAP configuration | `[]` | -| `gitea.oauth` | OAuth configuration | `[]` | -| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | -| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | -| `gitea.podAnnotations` | Annotations for the Forgejo pod | `{}` | -| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Forgejo image. | `INFO` | +| Name | Description | Value | +| ---------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | -------------------- | +| `gitea.admin.username` | Username for the Forgejo admin user | `gitea_admin` | +| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | +| `gitea.admin.password` | Password for the Forgejo admin user | `r8sA8CPHD9!bt6d` | +| `gitea.admin.email` | Email for the Forgejo admin user | `gitea@local.domain` | +| `gitea.admin.passwordMode` | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated | `keepUpdated` | +| `gitea.metrics.enabled` | Enable Forgejo metrics | `false` | +| `gitea.metrics.serviceMonitor.enabled` | Enable Forgejo metrics service monitor | `false` | +| `gitea.metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | +| `gitea.ldap` | LDAP configuration | `[]` | +| `gitea.oauth` | OAuth configuration | `[]` | +| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | +| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | +| `gitea.podAnnotations` | Annotations for the Forgejo pod | `{}` | +| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Forgejo image. | `INFO` | ### `app.ini` overrides @@ -1075,15 +1113,16 @@ blocks, while the keys themselves remain in all caps. ### ReadinessProbe -| Name | Description | Value | -| ------------------------------------------ | ------------------------------------------------- | ------ | -| `gitea.readinessProbe.enabled` | Enable readiness probe | `true` | -| `gitea.readinessProbe.tcpSocket.port` | Port to probe for readiness | `http` | -| `gitea.readinessProbe.initialDelaySeconds` | Initial delay before readiness probe is initiated | `5` | -| `gitea.readinessProbe.timeoutSeconds` | Timeout for readiness probe | `1` | -| `gitea.readinessProbe.periodSeconds` | Period for readiness probe | `10` | -| `gitea.readinessProbe.successThreshold` | Success threshold for readiness probe | `1` | -| `gitea.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `3` | +| Name | Description | Value | +| ------------------------------------------ | ------------------------------------------------- | -------------- | +| `gitea.readinessProbe.enabled` | Enable readiness probe | `true` | +| `gitea.readinessProbe.httpGet.path` | Path to probe for readiness | `/api/healthz` | +| `gitea.readinessProbe.httpGet.port` | Port to probe for readiness | `http` | +| `gitea.readinessProbe.initialDelaySeconds` | Initial delay before readiness probe is initiated | `5` | +| `gitea.readinessProbe.timeoutSeconds` | Timeout for readiness probe | `1` | +| `gitea.readinessProbe.periodSeconds` | Period for readiness probe | `10` | +| `gitea.readinessProbe.successThreshold` | Success threshold for readiness probe | `1` | +| `gitea.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `3` | ### StartupProbe @@ -1100,19 +1139,33 @@ blocks, while the keys themselves remain in all caps. ### Redis® Cluster Redis® Cluster is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) if enabled in the values. -Complete Configuration can be taken from their website. +Full configuration options are available on their website. +Redis cluster and [Redis](#redis) cannot be enabled at the same time. | Name | Description | Value | | -------------------------------- | -------------------------------------------- | ------- | -| `redis-cluster.enabled` | Enable redis | `true` | +| `redis-cluster.enabled` | Enable redis cluster | `true` | | `redis-cluster.usePassword` | Whether to use password authentication | `false` | | `redis-cluster.cluster.nodes` | Number of redis cluster master nodes | `3` | | `redis-cluster.cluster.replicas` | Number of redis cluster master node replicas | `0` | +### Redis® + +Redis® is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis) if enabled in the values. +Full configuration options are available on their website. +Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. + +| Name | Description | Value | +| ----------------------------- | ------------------------------------------ | ------------ | +| `redis.enabled` | Enable redis standalone or replicated | `false` | +| `redis.architecture` | Whether to use standalone or replication | `standalone` | +| `redis.global.redis.password` | Required password | `changeme` | +| `redis.master.count` | Number of Redis master instances to deploy | `1` | + ### PostgreSQL HA PostgreSQL HA is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) if enabled in the values. -Complete Configuration can be taken from their website. +Full configuration options are available on their website. | Name | Description | Value | | ------------------------------------------- | ---------------------------------------------------------------- | ----------- | @@ -1130,7 +1183,7 @@ Complete Configuration can be taken from their website. ### PostgreSQL PostgreSQL is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) if enabled in the values. -Complete Configuration can be taken from their website. +Full configuration options are available on their website. | Name | Description | Value | | ------------------------------------------------------- | ---------------------------------------------------------------- | ------- | @@ -1145,11 +1198,11 @@ Complete Configuration can be taken from their website. | Name | Description | Value | | ------------------ | ------------------------------------------------------------------ | --------- | -| `checkDeprecation` | Set it to false to skip this basic validation check. | `true` | -| `test.enabled` | Set it to false to disable test-connection Pod. | `true` | +| `checkDeprecation` | Whether to run this basic validation check. | `true` | +| `test.enabled` | Whether to use test-connection Pod. | `true` | | `test.image.name` | Image name for the wget container used in the test-connection Pod. | `busybox` | | `test.image.tag` | Image tag for the wget container used in the test-connection Pod. | `latest` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `extraDeploy` | Array of extra objects to deploy with the release. | `[]` | ## Contributing @@ -1165,6 +1218,33 @@ This section lists major and breaking changes of each Helm Chart version. Please read them carefully to upgrade successfully, especially the change of the **default database backend**! If you miss this, blindly upgrading may delete your Postgres instance and you may lose your data! +### To v11 + +PostgreSQL and PostgreSQL HA are now using PostgreSQL v17. +Please read PostgresSQL upgrade guide before upgrading. + +You need Forgejo v10+ to use this Helm Chart version. +Forgejo v9 is now EOL. + +ClusterIP is now emtpy instead of `None` for http and ssh service. +Unsupported api versions for `Ingress` and `PodDisruptionBudget` are removed. +`Ingress` and `Service` are now using named ports. +The ReadinessProbe is now using the `/api/healthz` endpoint. + +### To v10 + +You need Forgejo v9+ to use this Helm Chart version. +Forgejo v8 is now EOL. + +### To v9 + +Namespaces for all resources are now set to `common.names.namespace` by default. + +### To v8 + +You need Forgejo v8+ to use this Helm Chart version. +Use the v7 Helm Chart for Forgejo v7. + ### To v7 The Forgejo docker image is pulled from `code.forgejo.org` instead of `codeberg.org`. diff --git a/ci/default-values.yaml b/ci/default-values.yaml index 17d51f1..25fefaa 100644 --- a/ci/default-values.yaml +++ b/ci/default-values.yaml @@ -1,4 +1,4 @@ -# default values +# default values with some modifications # Use mirror # https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 diff --git a/ci/dev-values.yaml b/ci/dev-values.yaml index 9ab57c7..a47f3ba 100644 --- a/ci/dev-values.yaml +++ b/ci/dev-values.yaml @@ -1,7 +1,6 @@ # Test codeberg.org image image: registry: codeberg.org - # Use mirror # https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 test: diff --git a/ci/single-values.yaml b/ci/single-values.yaml index 578a267..6be58e6 100644 --- a/ci/single-values.yaml +++ b/ci/single-values.yaml @@ -1,12 +1,3 @@ -# Use mirror -# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 -global: - security: - allowInsecureImages: true -test: - image: - name: code.forgejo.org/oci/busybox - redis-cluster: enabled: false postgresql-ha: @@ -14,8 +5,19 @@ postgresql-ha: postgresql: enabled: true + # Use mirror + # https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 image: - registry: public.ecr.aws # Use mirror + registry: public.ecr.aws +global: + security: + allowInsecureImages: true + +# Use mirror +# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 +test: + image: + name: code.forgejo.org/oci/busybox persistence: enabled: true diff --git a/ci/v7-test-values.yaml b/ci/v10-values.yaml similarity index 89% rename from ci/v7-test-values.yaml rename to ci/v10-values.yaml index a2a3622..253b35b 100644 --- a/ci/v7-test-values.yaml +++ b/ci/v10-values.yaml @@ -1,7 +1,7 @@ image: registry: codeberg.org repository: forgejo-experimental/forgejo - tag: 7.0-test # don't pin, manifests can be missing + tag: 10 # don't pin, manifests can be missing # Use mirror # https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 diff --git a/ci/v11-values.yaml b/ci/v11-values.yaml new file mode 100644 index 0000000..6c1a24b --- /dev/null +++ b/ci/v11-values.yaml @@ -0,0 +1,29 @@ +image: + registry: codeberg.org + repository: forgejo-experimental/forgejo + tag: 11 # don't pin, manifests can be missing + +# Use mirror +# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 +test: + image: + name: code.forgejo.org/oci/busybox + +redis-cluster: + enabled: false +postgresql-ha: + enabled: false + +persistence: + enabled: false + +gitea: + config: + database: + DB_TYPE: sqlite3 + session: + PROVIDER: memory + cache: + ADAPTER: memory + queue: + TYPE: level diff --git a/ci/v12-values.yaml b/ci/v12-values.yaml new file mode 100644 index 0000000..8429086 --- /dev/null +++ b/ci/v12-values.yaml @@ -0,0 +1,29 @@ +image: + registry: codeberg.org + repository: forgejo-experimental/forgejo + tag: 12 # don't pin, manifests can be missing + +# Use mirror +# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 +test: + image: + name: code.forgejo.org/oci/busybox + +redis-cluster: + enabled: false +postgresql-ha: + enabled: false + +persistence: + enabled: false + +gitea: + config: + database: + DB_TYPE: sqlite3 + session: + PROVIDER: memory + cache: + ADAPTER: memory + queue: + TYPE: level diff --git a/package.json b/package.json index 92b7066..d4cccfc 100644 --- a/package.json +++ b/package.json @@ -11,21 +11,21 @@ "prettier-fix": "prettier --write --ignore-unknown --cache '**/*.*'", "readme:lint": "markdownlint *.md -f", "readme:parameters": "readme-generator -v values.yaml -r README.md", - "test": "helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' ./" + "test": "helm unittest --strict -f 'unittests/**/*.yaml' ./" }, "devDependencies": { "@bitnami/readme-generator-for-helm": "2.7.0", "clipanion": "3.2.1", "conventional-changelog-conventionalcommits": "8.0.0", - "conventional-changelog-core": "8.0.0", + "conventional-changelog-core": "9.0.0", "husky": "9.1.7", - "lint-staged": "15.4.3", + "lint-staged": "15.5.0", "markdownlint-cli": "0.44.0", - "prettier": "3.5.0" + "prettier": "3.5.3" }, - "packageManager": "pnpm@10.3.0", + "packageManager": "pnpm@10.7.0", "engines": { - "node": "^18.12.0 || >=20.9.0", + "node": "^22.0.0", "pnpm": "^10.0.0" } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index a18299d..387c3dc 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -18,35 +18,23 @@ importers: specifier: 8.0.0 version: 8.0.0 conventional-changelog-core: - specifier: 8.0.0 - version: 8.0.0(conventional-commits-filter@4.0.0) + specifier: 9.0.0 + version: 9.0.0(conventional-commits-filter@4.0.0) husky: specifier: 9.1.7 version: 9.1.7 lint-staged: - specifier: 15.4.3 - version: 15.4.3 + specifier: 15.5.0 + version: 15.5.0 markdownlint-cli: specifier: 0.44.0 version: 0.44.0 prettier: - specifier: 3.5.0 - version: 3.5.0 + specifier: 3.5.3 + version: 3.5.3 packages: - '@babel/code-frame@7.23.5': - resolution: {integrity: sha512-CgH3s1a96LipHCmSUmYFPwY7MNx8C3avkq7i4Wl3cfa662ldtUe4VM1TPXX70pfmrlWTb6jLqTYrZyT2ZTJBgA==} - engines: {node: '>=6.9.0'} - - '@babel/helper-validator-identifier@7.22.20': - resolution: {integrity: sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==} - engines: {node: '>=6.9.0'} - - '@babel/highlight@7.23.4': - resolution: {integrity: sha512-acGdbYSfp2WheJoJm/EBBBLh/ID8KDc64ISZ9DYtBmC8/Q204PZJLHyzeB5qMzJ5trcOkybd78M4x2KWsUq++A==} - engines: {node: '>=6.9.0'} - '@bitnami/readme-generator-for-helm@2.7.0': resolution: {integrity: sha512-fVxExmcuJ9NZb9ZE9OW3+lG8pUlXJAJdaO8UukV3A7WzYu4qOTr03MXPH9Gt5e/6mo3x4WYI/cXBksKfS0qn3w==} hasBin: true @@ -84,9 +72,6 @@ packages: '@types/ms@2.1.0': resolution: {integrity: sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==} - '@types/normalize-package-data@2.4.4': - resolution: {integrity: sha512-37i+OaWTh9qeK4LSHPsyRC7NahnGotNuZvjLSgcPzblpHB3rrCJxAOgI5gCdKm7coonsaX1Of0ILiTcnZjbfxA==} - '@types/semver@7.5.8': resolution: {integrity: sha512-I8EUhyrgfLrcTkzV3TSsGyl1tSuPrEDzr0yd5m90UgNxQkyDXULk3b6MlQqTCpZpNtWe1K0hzclnZkTcLBe2UQ==} @@ -108,10 +93,6 @@ packages: resolution: {integrity: sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==} engines: {node: '>=12'} - ansi-styles@3.2.1: - resolution: {integrity: sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==} - engines: {node: '>=4'} - ansi-styles@4.3.0: resolution: {integrity: sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==} engines: {node: '>=8'} @@ -139,10 +120,6 @@ packages: resolution: {integrity: sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==} engines: {node: '>=8'} - chalk@2.4.2: - resolution: {integrity: sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==} - engines: {node: '>=4'} - chalk@5.4.1: resolution: {integrity: sha512-zgVZuo2WcZgfUEmsn6eO3kINexW8RAE4maiQ8QNs8CtpPCSyMiYsULR3HQYkm3w8FIA3SberyMJMSldGsW+U3w==} engines: {node: ^12.17.0 || ^14.13 || >=16.0.0} @@ -169,16 +146,10 @@ packages: peerDependencies: typanion: '*' - color-convert@1.9.3: - resolution: {integrity: sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==} - color-convert@2.0.1: resolution: {integrity: sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==} engines: {node: '>=7.0.0'} - color-name@1.1.3: - resolution: {integrity: sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==} - color-name@1.1.4: resolution: {integrity: sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==} @@ -207,12 +178,12 @@ packages: resolution: {integrity: sha512-eOvlTO6OcySPyyyk8pKz2dP4jjElYunj9hn9/s0OB+gapTO8zwS9UQWrZ1pmF2hFs3vw1xhonOLGcGjy/zgsuA==} engines: {node: '>=18'} - conventional-changelog-core@8.0.0: - resolution: {integrity: sha512-EATUx5y9xewpEe10UEGNpbSHRC6cVZgO+hXQjofMqpy+gFIrcGvH3Fl6yk2VFKh7m+ffenup2N7SZJYpyD9evw==} + conventional-changelog-core@9.0.0: + resolution: {integrity: sha512-/XS1hE0axsZ+IwJAoXw1faEdbo5+A975pL6FeLHs5Iz8lgROZ9iAhEFmIFhjHW1/BOhGq7RJU9udzWbeumAfDQ==} engines: {node: '>=18'} - conventional-changelog-writer@8.0.0: - resolution: {integrity: sha512-TQcoYGRatlAnT2qEWDON/XSfnVG38JzA7E0wcGScu7RElQBkg9WWgZd1peCWFcWDh1xfb2CfsrcvOn1bbSzztA==} + conventional-changelog-writer@8.0.1: + resolution: {integrity: sha512-hlqcy3xHred2gyYg/zXSMXraY2mjAYYo0msUCpK+BGyaVJMFCKWVXPIHiaacGO2GGp13kvHWXFhYmxT4QQqW3Q==} engines: {node: '>=18'} hasBin: true @@ -224,8 +195,8 @@ packages: resolution: {integrity: sha512-tQMagCOC59EVgNZcC5zl7XqO30Wki9i9J3acbUvkaosCT6JX3EeFwJD7Qqp4MCikRnzS18WXV3BLIQ66ytu6+Q==} engines: {node: '>=18'} - conventional-commits-parser@6.0.0: - resolution: {integrity: sha512-TbsINLp48XeMXR8EvGjTnKGsZqBemisPoyWESlpRyR8lif0lcwzqz+NMtYSj1ooF/WYjSuu7wX0CtdeeMEQAmA==} + conventional-commits-parser@6.1.0: + resolution: {integrity: sha512-5nxDo7TwKB5InYBl4ZC//1g9GRwB/F3TXOGR9hgUjMGfvSP4Vu5NkpNro2+1+TIEy1vwxApl5ircECr2ri5JIw==} engines: {node: '>=18'} hasBin: true @@ -284,10 +255,6 @@ packages: resolution: {integrity: sha512-xUtoPkMggbz0MPyPiIWr1Kp4aeWJjDZ6SMvURhimjdZgsRuDplF5/s9hcgGhyXMhs+6vpnuoiZ2kFiu3FMnS8Q==} engines: {node: '>=18'} - escape-string-regexp@1.0.5: - resolution: {integrity: sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==} - engines: {node: '>=0.8.0'} - eventemitter3@5.0.1: resolution: {integrity: sha512-GWkBvjiSZK87ELrYOSESUYeVIc9mvLLf/nXalMOS5dYrgZq9o5OVkbZAVM06CVxYsCwH9BDZFPlQTlPA1j4ahA==} @@ -295,14 +262,13 @@ packages: resolution: {integrity: sha512-VyhnebXciFV2DESc+p6B+y0LjSm0krU4OgJN44qFAhBY0TJ+1V61tYD2+wHusZ6F9n5K+vl8k0sTy7PEfV4qpg==} engines: {node: '>=16.17'} + fd-package-json@1.2.0: + resolution: {integrity: sha512-45LSPmWf+gC5tdCQMNH4s9Sr00bIkiD9aN7dc5hqkrEw1geRYyDQS1v1oMHAW3ysfxfndqGsrDREHHjNNbKUfA==} + fill-range@7.1.1: resolution: {integrity: sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==} engines: {node: '>=8'} - find-up-simple@1.0.0: - resolution: {integrity: sha512-q7Us7kcjj2VMePAa02hDAF6d+MzsdsAWEwYyOpwUtlerRBkOEPBCRZrAV4XfcSN8fHAgaD0hP7miwoay6DCprw==} - engines: {node: '>=18'} - foreground-child@3.1.1: resolution: {integrity: sha512-TMKDUnIte6bfb5nWv7V/caI169OHgvwjb7V4WkeUvbQQdjr5rWKqHFiKWb/fcOwB+CzBT+qbWjvj+DVwRskpIg==} engines: {node: '>=14'} @@ -310,9 +276,6 @@ packages: fs.realpath@1.0.0: resolution: {integrity: sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==} - function-bind@1.1.2: - resolution: {integrity: sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==} - get-east-asian-width@1.2.0: resolution: {integrity: sha512-2nk+7SIVb14QrgXFHcm84tD4bKQz0RxPuMT8Ag5KPOq7J5fEmAg0UbXdTOSHqNuHSU28k55qnceesxXRZGzKWA==} engines: {node: '>=18'} @@ -344,17 +307,9 @@ packages: engines: {node: '>=0.4.7'} hasBin: true - has-flag@3.0.0: - resolution: {integrity: sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==} - engines: {node: '>=4'} - - hasown@2.0.0: - resolution: {integrity: sha512-vUptKVTpIJhcczKBbgnS+RtcuYMB8+oNzPK2/Hp3hanz8JmpATdmmgLgSaadVREkDm+e2giHwY3ZRkyjSIDDFA==} - engines: {node: '>= 0.4'} - - hosted-git-info@7.0.1: - resolution: {integrity: sha512-+K84LB1DYwMHoHSgaOY/Jfhw3ucPmSET5v98Ke/HdNSw4a0UktWzyW1mjhjpuxxTqOOsfWT/7iVshHmVZ4IpOA==} - engines: {node: ^16.14.0 || >=18.0.0} + hosted-git-info@8.0.2: + resolution: {integrity: sha512-sYKnA7eGln5ov8T8gnYlkSOxFJvywzEx9BueN6xo/GKO8PGiI6uK6xx+DIGe45T3bdVjLAQDQW1aicT8z8JwQg==} + engines: {node: ^18.17.0 || >=20.5.0} human-signals@5.0.0: resolution: {integrity: sha512-AXcZb6vzzrFAUE61HnN4mpLqd/cSIwNQjtNWR0euPm6y0iqx3G4gOXaIDdtdDwZmhwe82LA6+zinmW4UBWVePQ==} @@ -369,10 +324,6 @@ packages: resolution: {integrity: sha512-bAH5jbK/F3T3Jls4I0SO1hmPR0dKU0a7+SY6n1yzRtG54FLO8d6w/nxLFX2Nb7dBu6cCWXPaAME6cYqFUMmuCA==} engines: {node: '>= 4'} - index-to-position@0.1.2: - resolution: {integrity: sha512-MWDKS3AS1bGCHLBA2VLImJz42f7bJh8wQsTGCzI3j519/CASStoDONUBVz2I/VID0MpiX3SGSnbOD2xUalbE5g==} - engines: {node: '>=18'} - inflight@1.0.6: resolution: {integrity: sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==} deprecated: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. @@ -390,9 +341,6 @@ packages: is-alphanumerical@2.0.1: resolution: {integrity: sha512-hmbYhX/9MUMF5uh7tOXyK/n0ZvWpad5caBA17GsC6vyuCqaWliRG5K1qS9inmUhEMaOBIW7/whAnSwveW/LtZw==} - is-core-module@2.13.1: - resolution: {integrity: sha512-hHrIjvZsftOsvKSn2TRYl63zvxsgE0K+0mYMoH6gD4omR5IWB2KynivBQczo3+wF1cCkjzvptnI9Q0sPU66ilw==} - is-decimal@2.0.1: resolution: {integrity: sha512-AAB9hiomQs5DXWcRB1rqsxGUstbRroFOPPVAomNk/3XHR5JyEZChOyTWe2oayKnsSsr/kcGqF+z6yuH6HHpN0A==} @@ -429,9 +377,6 @@ packages: jackspeak@3.4.3: resolution: {integrity: sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==} - js-tokens@4.0.0: - resolution: {integrity: sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==} - js-yaml@4.1.0: resolution: {integrity: sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==} hasBin: true @@ -454,8 +399,8 @@ packages: linkify-it@5.0.0: resolution: {integrity: sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==} - lint-staged@15.4.3: - resolution: {integrity: sha512-FoH1vOeouNh1pw+90S+cnuoFwRfUD9ijY2GKy5h7HS3OR7JVir2N2xrsa0+Twc1B7cW72L+88geG5cW4wIhn7g==} + lint-staged@15.5.0: + resolution: {integrity: sha512-WyCzSbfYGhK7cU+UuDDkzUiytbfbi0ZdPy2orwtM75P3WTtQBzmG40cCxIa8Ii2+XjfxzLH6Be46tUfWS85Xfg==} engines: {node: '>=18.12.0'} hasBin: true @@ -611,9 +556,9 @@ packages: neo-async@2.6.2: resolution: {integrity: sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==} - normalize-package-data@6.0.0: - resolution: {integrity: sha512-UL7ELRVxYBHBgYEtZCXjxuD5vPxnmvMGq0jp/dGPKKrN7tfsBh2IY7TlJ15WWwdjRWD3RJbnsygUurTK3xkPkg==} - engines: {node: ^16.14.0 || >=18.0.0} + normalize-package-data@7.0.0: + resolution: {integrity: sha512-k6U0gKRIuNCTkwHGZqblCfLfBRh+w1vI6tBo+IeJwq2M8FUiOqhX7GH+GArQGScA7azd1WfyRCvxoXDO3hQDIA==} + engines: {node: ^18.17.0 || >=20.5.0} npm-run-path@5.2.0: resolution: {integrity: sha512-W4/tgAXFqFA0iL7fk0+uQ3g7wkL8xJmx3XdK0VGb4cHW//eZTtKGvFBBoRKVTpY7n6ze4NL9ly7rgXcHufqXKg==} @@ -636,10 +581,6 @@ packages: parse-entities@4.0.2: resolution: {integrity: sha512-GG2AQYWoLgL877gQIKeRPGO1xF9+eG1ujIb5soS5gPvLQ1y2o8FL90w2QWNdf9I361Mpp7726c+lj3U0qK1uGw==} - parse-json@8.1.0: - resolution: {integrity: sha512-rum1bPifK5SSar35Z6EKZuYPJx85pkNaFrxBK3mwdfSJ1/WKbYrjoW/zTPSjRRamfmVX1ACBIdFAO0VRErW/EA==} - engines: {node: '>=18'} - path-is-absolute@1.0.1: resolution: {integrity: sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==} engines: {node: '>=0.10.0'} @@ -665,8 +606,8 @@ packages: engines: {node: '>=0.10'} hasBin: true - prettier@3.5.0: - resolution: {integrity: sha512-quyMrVt6svPS7CjQ9gKb3GLEX/rl3BCL2oa/QkNcXv4YNVBC9olt3s+H7ukto06q7B1Qz46PbrKLO34PR6vXcA==} + prettier@3.5.3: + resolution: {integrity: sha512-QQtaxnoDJeAkDvDKWCLiwIXkTgRhwYDEQCghU9Z6q03iyek/rxRh/2lC3HB7P8sWT2xC/y5JDctPLBIGzHKbhw==} engines: {node: '>=14'} hasBin: true @@ -674,14 +615,6 @@ packages: resolution: {integrity: sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==} engines: {node: '>=6'} - read-package-up@11.0.0: - resolution: {integrity: sha512-MbgfoNPANMdb4oRBNg5eqLbB2t2r+o5Ua1pNt8BqGp4I0FJZhuVSOj3PaBPni4azWuSzEdNn2evevzVmEk1ohQ==} - engines: {node: '>=18'} - - read-pkg@9.0.1: - resolution: {integrity: sha512-9viLL4/n1BJUCT1NXVTdS1jtm80yDEgR5T4yCelII49Mbj0v1rZdKqj7zCiYdbB0CuCgdrvHcNogAKTFPBocFA==} - engines: {node: '>=18'} - repeat-string@1.6.1: resolution: {integrity: sha512-PV0dzCYDNfRi1jCDbJzpW7jNNDRuCOG/jI5ctQcGKt/clZD+YcPS3yIlWuTJMmESC8aevCFmWJy5wjAFgNqN6w==} engines: {node: '>=0.10'} @@ -774,10 +707,6 @@ packages: resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==} engines: {node: '>=8'} - supports-color@5.5.0: - resolution: {integrity: sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==} - engines: {node: '>=4'} - to-regex-range@5.0.1: resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==} engines: {node: '>=8.0'} @@ -785,10 +714,6 @@ packages: typanion@3.14.0: resolution: {integrity: sha512-ZW/lVMRabETuYCd9O9ZvMhAh8GslSqaUjxmK/JLPCh6l73CvLBiuXswj/+7LdnWOgYsQ130FqLzFz5aGT4I3Ug==} - type-fest@4.10.2: - resolution: {integrity: sha512-anpAG63wSpdEbLwOqH8L84urkL6PiVIov3EMmgIhhThevh9aiMQov+6Btx0wldNcvm4wV+e2/Rt1QdDwKHFbHw==} - engines: {node: '>=16'} - uc.micro@2.1.0: resolution: {integrity: sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==} @@ -797,13 +722,12 @@ packages: engines: {node: '>=0.8.0'} hasBin: true - unicorn-magic@0.1.0: - resolution: {integrity: sha512-lRfVq8fE8gz6QMBuDM6a+LO3IAzTi05H6gCVaUpir2E1Rwpo4ZUog45KpNXKC/Mn3Yb9UDuHumeFTo9iV/D9FQ==} - engines: {node: '>=18'} - validate-npm-package-license@3.0.4: resolution: {integrity: sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==} + walk-up-path@3.0.1: + resolution: {integrity: sha512-9YlCL/ynK3CTlrSRrDxZvUauLzAswPCrsaCgilqFevUYpeEW0/3ScEjaa3kbW/T0ghhkEr7mv+fpjqn1Y1YuTA==} + which@2.0.2: resolution: {integrity: sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==} engines: {node: '>= 8'} @@ -837,19 +761,6 @@ packages: snapshots: - '@babel/code-frame@7.23.5': - dependencies: - '@babel/highlight': 7.23.4 - chalk: 2.4.2 - - '@babel/helper-validator-identifier@7.22.20': {} - - '@babel/highlight@7.23.4': - dependencies: - '@babel/helper-validator-identifier': 7.22.20 - chalk: 2.4.2 - js-tokens: 4.0.0 - '@bitnami/readme-generator-for-helm@2.7.0': dependencies: commander: 13.1.0 @@ -858,13 +769,13 @@ snapshots: markdown-table: 2.0.0 yaml: 2.7.0 - '@conventional-changelog/git-client@1.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.0.0)': + '@conventional-changelog/git-client@1.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.1.0)': dependencies: '@types/semver': 7.5.8 semver: 7.6.0 optionalDependencies: conventional-commits-filter: 4.0.0 - conventional-commits-parser: 6.0.0 + conventional-commits-parser: 6.1.0 '@hutson/parse-repository-url@5.0.0': {} @@ -888,8 +799,6 @@ snapshots: '@types/ms@2.1.0': {} - '@types/normalize-package-data@2.4.4': {} - '@types/semver@7.5.8': {} '@types/unist@2.0.11': {} @@ -904,10 +813,6 @@ snapshots: ansi-regex@6.0.1: {} - ansi-styles@3.2.1: - dependencies: - color-convert: 1.9.3 - ansi-styles@4.3.0: dependencies: color-convert: 2.0.1 @@ -933,12 +838,6 @@ snapshots: dependencies: fill-range: 7.1.1 - chalk@2.4.2: - dependencies: - ansi-styles: 3.2.1 - escape-string-regexp: 1.0.5 - supports-color: 5.5.0 - chalk@5.4.1: {} character-entities-legacy@3.0.0: {} @@ -960,16 +859,10 @@ snapshots: dependencies: typanion: 3.14.0 - color-convert@1.9.3: - dependencies: - color-name: 1.1.3 - color-convert@2.0.1: dependencies: color-name: 1.1.4 - color-name@1.1.3: {} - color-name@1.1.4: {} colorette@2.0.20: {} @@ -991,24 +884,22 @@ snapshots: dependencies: compare-func: 2.0.0 - conventional-changelog-core@8.0.0(conventional-commits-filter@4.0.0): + conventional-changelog-core@9.0.0(conventional-commits-filter@4.0.0): dependencies: '@hutson/parse-repository-url': 5.0.0 add-stream: 1.0.0 - conventional-changelog-writer: 8.0.0 - conventional-commits-parser: 6.0.0 - git-raw-commits: 5.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.0.0) - git-semver-tags: 8.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.0.0) - hosted-git-info: 7.0.1 - normalize-package-data: 6.0.0 - read-package-up: 11.0.0 - read-pkg: 9.0.1 + conventional-changelog-writer: 8.0.1 + conventional-commits-parser: 6.1.0 + fd-package-json: 1.2.0 + git-raw-commits: 5.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.1.0) + git-semver-tags: 8.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.1.0) + hosted-git-info: 8.0.2 + normalize-package-data: 7.0.0 transitivePeerDependencies: - conventional-commits-filter - conventional-changelog-writer@8.0.0: + conventional-changelog-writer@8.0.1: dependencies: - '@types/semver': 7.5.8 conventional-commits-filter: 5.0.0 handlebars: 4.7.8 meow: 13.2.0 @@ -1019,7 +910,7 @@ snapshots: conventional-commits-filter@5.0.0: {} - conventional-commits-parser@6.0.0: + conventional-commits-parser@6.1.0: dependencies: meow: 13.2.0 @@ -1066,8 +957,6 @@ snapshots: environment@1.1.0: {} - escape-string-regexp@1.0.5: {} - eventemitter3@5.0.1: {} execa@8.0.1: @@ -1082,12 +971,14 @@ snapshots: signal-exit: 4.1.0 strip-final-newline: 3.0.0 + fd-package-json@1.2.0: + dependencies: + walk-up-path: 3.0.1 + fill-range@7.1.1: dependencies: to-regex-range: 5.0.1 - find-up-simple@1.0.0: {} - foreground-child@3.1.1: dependencies: cross-spawn: 7.0.3 @@ -1095,23 +986,21 @@ snapshots: fs.realpath@1.0.0: {} - function-bind@1.1.2: {} - get-east-asian-width@1.2.0: {} get-stream@8.0.1: {} - git-raw-commits@5.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.0.0): + git-raw-commits@5.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.1.0): dependencies: - '@conventional-changelog/git-client': 1.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.0.0) + '@conventional-changelog/git-client': 1.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.1.0) meow: 13.2.0 transitivePeerDependencies: - conventional-commits-filter - conventional-commits-parser - git-semver-tags@8.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.0.0): + git-semver-tags@8.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.1.0): dependencies: - '@conventional-changelog/git-client': 1.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.0.0) + '@conventional-changelog/git-client': 1.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.1.0) meow: 13.2.0 transitivePeerDependencies: - conventional-commits-filter @@ -1144,13 +1033,7 @@ snapshots: optionalDependencies: uglify-js: 3.17.4 - has-flag@3.0.0: {} - - hasown@2.0.0: - dependencies: - function-bind: 1.1.2 - - hosted-git-info@7.0.1: + hosted-git-info@8.0.2: dependencies: lru-cache: 10.2.0 @@ -1160,8 +1043,6 @@ snapshots: ignore@7.0.3: {} - index-to-position@0.1.2: {} - inflight@1.0.6: dependencies: once: 1.4.0 @@ -1178,10 +1059,6 @@ snapshots: is-alphabetical: 2.0.1 is-decimal: 2.0.1 - is-core-module@2.13.1: - dependencies: - hasown: 2.0.0 - is-decimal@2.0.1: {} is-fullwidth-code-point@3.0.0: {} @@ -1208,8 +1085,6 @@ snapshots: optionalDependencies: '@pkgjs/parseargs': 0.11.0 - js-tokens@4.0.0: {} - js-yaml@4.1.0: dependencies: argparse: 2.0.1 @@ -1228,7 +1103,7 @@ snapshots: dependencies: uc.micro: 2.1.0 - lint-staged@15.4.3: + lint-staged@15.5.0: dependencies: chalk: 5.4.1 commander: 13.1.0 @@ -1513,10 +1388,9 @@ snapshots: neo-async@2.6.2: {} - normalize-package-data@6.0.0: + normalize-package-data@7.0.0: dependencies: - hosted-git-info: 7.0.1 - is-core-module: 2.13.1 + hosted-git-info: 8.0.2 semver: 7.6.0 validate-npm-package-license: 3.0.4 @@ -1548,12 +1422,6 @@ snapshots: is-decimal: 2.0.1 is-hexadecimal: 2.0.1 - parse-json@8.1.0: - dependencies: - '@babel/code-frame': 7.23.5 - index-to-position: 0.1.2 - type-fest: 4.10.2 - path-is-absolute@1.0.1: {} path-key@3.1.1: {} @@ -1569,24 +1437,10 @@ snapshots: pidtree@0.6.0: {} - prettier@3.5.0: {} + prettier@3.5.3: {} punycode.js@2.3.1: {} - read-package-up@11.0.0: - dependencies: - find-up-simple: 1.0.0 - read-pkg: 9.0.1 - type-fest: 4.10.2 - - read-pkg@9.0.1: - dependencies: - '@types/normalize-package-data': 2.4.4 - normalize-package-data: 6.0.0 - parse-json: 8.1.0 - type-fest: 4.10.2 - unicorn-magic: 0.1.0 - repeat-string@1.6.1: {} restore-cursor@5.1.0: @@ -1675,30 +1529,24 @@ snapshots: strip-json-comments@3.1.1: {} - supports-color@5.5.0: - dependencies: - has-flag: 3.0.0 - to-regex-range@5.0.1: dependencies: is-number: 7.0.0 typanion@3.14.0: {} - type-fest@4.10.2: {} - uc.micro@2.1.0: {} uglify-js@3.17.4: optional: true - unicorn-magic@0.1.0: {} - validate-npm-package-license@3.0.4: dependencies: spdx-correct: 3.2.0 spdx-expression-parse: 3.0.1 + walk-up-path@3.0.1: {} + which@2.0.2: dependencies: isexe: 2.0.0 diff --git a/renovate.json b/renovate.json index ac609ad..9e09aef 100644 --- a/renovate.json +++ b/renovate.json @@ -2,17 +2,22 @@ "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ "forgejo-contrib/forgejo-renovate//base.json", - "github>visualon/renovate-config//k3s.json" + "forgejo-helm/forgejo-helm//.forgejo/renovate/k3s.json" ], "assignees": ["viceice"], "baseBranches": ["main", "/^maint\\/.+/"], "packageRules": [ { - "description": "Disable major chart updates for maintenance branches", + "description": "Separate multiple major sub chart updates", + "matchFileNames": ["Chart.yaml"], + "separateMultipleMajor": true + }, + { + "description": "Require approval for major sub chart updates for maintenance branches", "matchBaseBranches": ["/^maint\\/.+/"], "matchUpdateTypes": ["major"], "matchFileNames": ["Chart.yaml"], - "enabled": false + "dependencyDashboardApproval": true }, { "matchManagers": ["helmv3"], @@ -37,13 +42,13 @@ "semanticCommitType": "feat" }, { - "description": "Automerge and group helm subchart updates daily (minor & patch)", + "description": "Automerge and group helm subchart updates weekly (minor & patch)", "matchManagers": ["helmv3"], "matchFileNames": ["Chart.yaml"], "matchUpdateTypes": ["minor", "patch"], "automerge": true, "groupName": "subcharts", - "extends": ["schedule:daily"] + "extends": ["schedule:weekly"] }, { "description": "Automerge dev deps updates", @@ -69,21 +74,9 @@ "matchUpdateTypes": ["digest"], "automerge": true }, - { - "description": "Separate minor and patch updates for k3s", - "matchPackageNames": ["k3s-io/k3s"], - "separateMinorPatch": true - }, - { - "description": "Require approval and no automerge for k3s major and minor updates", - "matchPackageNames": ["k3s-io/k3s"], - "matchUpdateTypes": ["major", "minor"], - "dependencyDashboardApproval": true, - "automerge": false - }, { "description": "Use test scope for forgejo ci tests", - "matchFileNames": ["ci/*.yml"], + "matchFileNames": ["ci/*.yaml"], "additionalBranchPrefix": "ci-forgejo-", "semanticCommitType": "ci", "semanticCommitScope": "forgejo", @@ -92,10 +85,15 @@ }, { "description": "Disable updates for forgejo ci tests", - "matchFileNames": ["ci/*.yml"], + "matchFileNames": ["ci/*.yaml"], "matchUpdateTypes": ["major", "minor", "patch"], "enabled": false }, + { + "description": "Don't pin digests for forgejo ci tests, not supported", + "matchFileNames": ["ci/*.yaml"], + "pinDigests": false + }, { "description": "branch automerge not possible", "automergeType": "pr", @@ -134,6 +132,6 @@ } ], "helm-values": { - "fileMatch": ["^ci/.+\\.ya?ml$"] + "fileMatch": ["^ci/.+\\.yaml$"] } } diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 4f7bcdc..234c839 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -82,7 +82,7 @@ imagePullSecrets: Storage Class */}} {{- define "gitea.persistence.storageClass" -}} -{{- $storageClass := .Values.persistence.storageClass | default .Values.global.storageClass }} +{{- $storageClass := (tpl ( default "" .Values.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }} {{- if $storageClass }} storageClassName: {{ $storageClass | quote }} {{- end }} @@ -121,20 +121,28 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "redis.dns" -}} -{{- if (index .Values "redis-cluster").enabled -}} +{{- if and ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} +{{- fail "redis and redis-cluster cannot be enabled at the same time. Please only choose one." -}} +{{- else if (index .Values "redis-cluster").enabled -}} {{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}} +{{- else if (index .Values "redis").enabled -}} +{{- printf "redis://:%s@%s-redis-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis").master.service.ports.redis -}} {{- end -}} {{- end -}} {{- define "redis.port" -}} {{- if (index .Values "redis-cluster").enabled -}} {{ (index .Values "redis-cluster").service.ports.redis }} +{{- else if (index .Values "redis").enabled -}} +{{ (index .Values "redis").master.service.ports.redis }} {{- end -}} {{- end -}} {{- define "redis.servicename" -}} {{- if (index .Values "redis-cluster").enabled -}} {{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} +{{- else if (index .Values "redis").enabled -}} +{{- printf "%s-redis-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} {{- end -}} {{- end -}} @@ -216,7 +224,7 @@ https {{- $_ := set $inlines $key (join "\n" $section) -}} {{- end -}} {{- else }} - {{- if or (eq $key "APP_NAME") (eq $key "RUN_USER") (eq $key "RUN_MODE") -}} + {{- if or (eq $key "APP_NAME") (eq $key "RUN_USER") (eq $key "RUN_MODE") (eq $key "APP_SLOGAN") (eq $key "APP_DISPLAY_NAME_FORMAT") -}} {{- $generals = append $generals (printf "%s=%s" $key $value) -}} {{- else -}} {{- (printf "Key %s cannot be on top level of configuration" $key) | fail -}} @@ -279,7 +287,7 @@ https {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} {{- end -}} {{- /* redis queue */ -}} - {{- if (index .Values "redis-cluster").enabled -}} + {{- if or ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}} {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}} {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}} @@ -400,3 +408,11 @@ https {{- define "gitea.serviceAccountName" -}} {{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }} {{- end -}} + +{{- define "gitea.admin.passwordMode" -}} +{{- if has .Values.gitea.admin.passwordMode (tuple "keepUpdated" "initialOnlyNoReset" "initialOnlyRequireReset") -}} +{{ .Values.gitea.admin.passwordMode }} +{{- else -}} +{{ printf "gitea.admin.passwordMode must be set to one of 'keepUpdated', 'initialOnlyNoReset', or 'initialOnlyRequireReset'. Received: '%s'" .Values.gitea.admin.passwordMode | fail }} +{{- end -}} +{{- end -}} diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 280e21f..c551c96 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "gitea.fullname" . }}-inline-config + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} type: Opaque diff --git a/templates/gitea/deployment.yaml b/templates/gitea/deployment.yaml index ca1bdd9..f82c407 100644 --- a/templates/gitea/deployment.yaml +++ b/templates/gitea/deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "gitea.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} annotations: {{- if .Values.deployment.annotations }} {{- toYaml .Values.deployment.annotations | nindent 4 }} @@ -56,7 +57,7 @@ spec: {{- end }} {{- include "gitea.images.pullSecrets" . | nindent 6 }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} initContainers: - name: init-directories image: "{{ include "gitea.image" . }}" @@ -90,7 +91,7 @@ spec: {{- end }} {{- include "gitea.init-additional-mounts" . | nindent 12 }} securityContext: - {{- toYaml .Values.containerSecurityContext | nindent 12 }} + {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} resources: {{- toYaml .Values.initContainers.resources | nindent 12 }} - name: init-app-ini @@ -130,7 +131,7 @@ spec: {{- end }} {{- include "gitea.init-additional-mounts" . | nindent 12 }} securityContext: - {{- toYaml .Values.containerSecurityContext | nindent 12 }} + {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} resources: {{- toYaml .Values.initContainers.resources | nindent 12 }} {{- if .Values.signing.enabled }} @@ -144,7 +145,7 @@ spec: {{- if not (hasKey $csc "runAsUser") -}} {{- $_ := set $csc "runAsUser" 1000 -}} {{- end -}} - {{- toYaml $csc | nindent 12 }} + {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $csc "context" $) | nindent 12 }} env: - name: GNUPGHOME value: {{ .Values.signing.gpgHome }} @@ -175,7 +176,7 @@ spec: {{- if not (hasKey $csc "runAsUser") -}} {{- $_ := set $csc "runAsUser" 1000 -}} {{- end -}} - {{- toYaml $csc | nindent 12 }} + {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $csc "context" $) | nindent 12 }} env: - name: GITEA_APP_INI value: /data/gitea/conf/app.ini @@ -243,6 +244,8 @@ spec: - name: GITEA_ADMIN_PASSWORD value: {{ .Values.gitea.admin.password | quote }} {{- end }} + - name: GITEA_ADMIN_PASSWORD_MODE + value: {{ include "gitea.admin.passwordMode" $ }} {{- if .Values.deployment.env }} {{- toYaml .Values.deployment.env | nindent 12 }} {{- end }} @@ -324,9 +327,9 @@ spec: securityContext: {{- /* Honor the deprecated securityContext variable when defined */ -}} {{- if .Values.containerSecurityContext -}} - {{ toYaml .Values.containerSecurityContext | nindent 12 -}} + {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} {{- else -}} - {{ toYaml .Values.securityContext | nindent 12 -}} + {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.securityContext "context" $) | nindent 12 }} {{- end }} volumeMounts: - name: temp @@ -350,7 +353,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: + topologySpreadConstraints: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} @@ -400,4 +403,4 @@ spec: {{- else if not .Values.persistence.enabled }} - name: data emptyDir: {} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/templates/gitea/gpg-secret.yaml b/templates/gitea/gpg-secret.yaml index 12dce66..0b7716a 100644 --- a/templates/gitea/gpg-secret.yaml +++ b/templates/gitea/gpg-secret.yaml @@ -7,6 +7,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "gitea.gpg-key-secret-name" . }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} type: Opaque diff --git a/templates/gitea/http-svc.yaml b/templates/gitea/http-svc.yaml index 0ec7370..6962930 100644 --- a/templates/gitea/http-svc.yaml +++ b/templates/gitea/http-svc.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "gitea.fullname" . }}-http + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} {{- if .Values.service.http.labels }} @@ -11,7 +12,11 @@ metadata: {{- toYaml .Values.service.http.annotations | nindent 4 }} spec: type: {{ .Values.service.http.type }} - {{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }} + {{- if eq .Values.service.http.type "LoadBalancer" }} + {{- if .Values.service.http.loadBalancerClass }} + loadBalancerClass: {{ .Values.service.http.loadBalancerClass }} + {{- end }} + {{- if and .Values.service.http.loadBalancerIP }} loadBalancerIP: {{ .Values.service.http.loadBalancerIP }} {{- end }} {{- if .Values.service.http.loadBalancerSourceRanges }} @@ -20,6 +25,7 @@ spec: - {{ . }} {{- end }} {{- end }} + {{- end }} {{- if .Values.service.http.externalIPs }} externalIPs: {{- toYaml .Values.service.http.externalIPs | nindent 4 }} @@ -43,6 +49,6 @@ spec: {{- if .Values.service.http.nodePort }} nodePort: {{ .Values.service.http.nodePort }} {{- end }} - targetPort: {{ .Values.gitea.config.server.HTTP_PORT }} + targetPort: http selector: {{- include "gitea.selectorLabels" . | nindent 4 }} diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml index 9991eec..d764bb6 100644 --- a/templates/gitea/ingress.yaml +++ b/templates/gitea/ingress.yaml @@ -1,18 +1,10 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "gitea.fullname" . -}} -{{- $httpPort := .Values.service.http.port -}} -{{- $apiVersion := "extensions/v1beta1" -}} -{{- if .Values.ingress.apiVersion -}} -{{- $apiVersion = .Values.ingress.apiVersion -}} -{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} -{{- $apiVersion = "networking.k8s.io/v1" }} -{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}} -{{- $apiVersion = "networking.k8s.io/v1beta1" }} -{{- end }} -apiVersion: {{ $apiVersion }} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} annotations: @@ -21,7 +13,7 @@ metadata: {{- end }} spec: {{- if .Values.ingress.className }} - ingressClassName: {{ .Values.ingress.className }} + ingressClassName: {{ tpl .Values.ingress.className . }} {{- end }} {{- if .Values.ingress.tls }} tls: @@ -40,19 +32,14 @@ spec: paths: {{- range .paths }} - path: {{ .path }} - {{- if and .pathType (eq $apiVersion "networking.k8s.io/v1") }} + {{- if .pathType }} pathType: {{ .pathType }} {{- end }} backend: - {{- if eq $apiVersion "networking.k8s.io/v1" }} service: name: {{ $fullName }}-http port: - number: {{ $httpPort }} - {{- else }} - serviceName: {{ $fullName }}-http - servicePort: {{ $httpPort }} - {{- end }} + name: http {{- end }} {{- end }} {{- end }} diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 6c89dc7..546f4c4 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "gitea.fullname" . }}-init + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} type: Opaque @@ -109,13 +110,26 @@ stringData: local ACCOUNT_ID=$(echo "${actual_user_table}" | grep -E "\s+${GITEA_ADMIN_USERNAME}\s+" | awk -F " " "{printf \$1}") if [[ -z "${ACCOUNT_ID}" ]]; then + local -a create_args + create_args=(--admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }}) + if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = initialOnlyRequireReset ]]; then + create_args+=(--must-change-password=true) + else + create_args+=(--must-change-password=false) + fi echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..." - gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }} --must-change-password=false + gitea admin user create "${create_args[@]}" echo '...created.' else - echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." - gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --must-change-password=false - echo '...password sync done.' + if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = keepUpdated ]]; then + echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." + local -a change_args + change_args=(--username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --must-change-password=false) + gitea admin user change-password "${change_args[@]}" + echo '...password sync done.' + else + echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist, but update mode is set to '${GITEA_ADMIN_PASSWORD_MODE}'. Skipping." + fi fi } diff --git a/templates/gitea/poddisruptionbudget.yaml b/templates/gitea/poddisruptionbudget.yaml index d2b7e17..d40a166 100644 --- a/templates/gitea/poddisruptionbudget.yaml +++ b/templates/gitea/poddisruptionbudget.yaml @@ -1,12 +1,9 @@ {{- if .Values.podDisruptionBudget -}} -{{- if .Capabilities.APIVersions.Has "policy/v1" }} apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} kind: PodDisruptionBudget metadata: name: {{ include "gitea.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} spec: @@ -14,4 +11,4 @@ spec: matchLabels: {{- include "gitea.selectorLabels" . | nindent 6 }} {{- toYaml .Values.podDisruptionBudget | nindent 2 }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/templates/gitea/pvc.yaml b/templates/gitea/pvc.yaml index 25b4af8..2c82cb0 100644 --- a/templates/gitea/pvc.yaml +++ b/templates/gitea/pvc.yaml @@ -3,7 +3,7 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ .Values.persistence.claimName }} - namespace: {{ $.Release.Namespace }} + namespace: {{ include "common.names.namespace" . | quote }} annotations: {{ .Values.persistence.annotations | toYaml | indent 4}} {{- if .Values.persistence.labels }} diff --git a/templates/gitea/route.yaml b/templates/gitea/route.yaml new file mode 100644 index 0000000..740721f --- /dev/null +++ b/templates/gitea/route.yaml @@ -0,0 +1,43 @@ +{{- if .Values.route.enabled -}} +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "gitea.fullname" . }}-http + namespace: {{ include "common.names.namespace" . | quote }} + labels: + {{- include "gitea.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.route.annotations | nindent 4 }} +spec: + {{- if .Values.route.host }} + host: {{ tpl .Values.route.host $ | quote }} + {{- end }} + {{- if .Values.route.wildcardPolicy }} + wildcardPolicy: {{ .Values.route.wildcardPolicy }} + {{- end }} + to: + kind: Service + name: {{ include "gitea.fullname" . }}-http + weight: 100 + port: + targetPort: http + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + {{- if .Values.route.tls.existingSecret }} + externalCertificate: {{ .Values.route.tls.existingSecret }} + {{- else if and .Values.route.tls.certificate + .Values.route.tls.privateKey + .Values.route.tls.caCertificate }} + certificate: | +{{ .Values.route.tls.certificate | indent 6 }} + key: | +{{ .Values.route.tls.privateKey | indent 6 }} + caCertificate: | +{{ .Values.route.tls.caCertificate | indent 6 }} + {{- else if or .Values.route.tls.certificate + .Values.route.tls.privateKey + .Values.route.tls.caCertificate }} + {{- fail "certificate, privateKey and caCertificate must be specified together" }} + {{- end }} +{{- end }} diff --git a/templates/gitea/serviceaccount.yaml b/templates/gitea/serviceaccount.yaml index e730f9c..e97608b 100644 --- a/templates/gitea/serviceaccount.yaml +++ b/templates/gitea/serviceaccount.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "gitea.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} {{- with .Values.serviceAccount.labels }} diff --git a/templates/gitea/servicemonitor.yaml b/templates/gitea/servicemonitor.yaml index 02750d0..c740ec8 100644 --- a/templates/gitea/servicemonitor.yaml +++ b/templates/gitea/servicemonitor.yaml @@ -3,6 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "gitea.fullname" . }} + namespace: {{ default (include "common.names.namespace" .) .Values.gitea.metrics.serviceMonitor.namespace | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} {{- if .Values.gitea.metrics.serviceMonitor.additionalLabels }} @@ -14,4 +15,4 @@ spec: {{- include "gitea.selectorLabels" . | nindent 6 }} endpoints: - port: http -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/templates/gitea/ssh-svc.yaml b/templates/gitea/ssh-svc.yaml index 3ee756c..c1576da 100644 --- a/templates/gitea/ssh-svc.yaml +++ b/templates/gitea/ssh-svc.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "gitea.fullname" . }}-ssh + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} {{- if .Values.service.ssh.labels }} @@ -12,6 +13,9 @@ metadata: spec: type: {{ .Values.service.ssh.type }} {{- if eq .Values.service.ssh.type "LoadBalancer" }} + {{- if .Values.service.ssh.loadBalancerClass }} + loadBalancerClass: {{ .Values.service.ssh.loadBalancerClass }} + {{- end }} {{- if .Values.service.ssh.loadBalancerIP }} loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }} {{- end -}} @@ -43,7 +47,7 @@ spec: - name: ssh port: {{ .Values.service.ssh.port }} {{- if .Values.gitea.config.server.SSH_LISTEN_PORT }} - targetPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }} + targetPort: ssh {{- end }} protocol: TCP {{- if .Values.service.ssh.nodePort }} diff --git a/templates/tests/test-http-connection.yaml b/templates/tests/test-http-connection.yaml index 8157442..1a2e13f 100644 --- a/templates/tests/test-http-connection.yaml +++ b/templates/tests/test-http-connection.yaml @@ -6,7 +6,7 @@ metadata: labels: {{ include "gitea.labels" . | nindent 4 }} annotations: - "helm.sh/hook": test-success + "helm.sh/hook": test spec: containers: - name: wget diff --git a/tools/ct.yml b/tools/ct.yml index 0f81989..3d241fc 100644 --- a/tools/ct.yml +++ b/tools/ct.yml @@ -1,3 +1,4 @@ +# https://github.com/helm/chart-testing/blob/main/doc/ct_install.md helm-extra-args: --timeout 3m check-version-increment: false debug: true diff --git a/unittests/config/cache-config.yaml b/unittests/config/cache-config.yaml index f0291a4..b935fd1 100644 --- a/unittests/config/cache-config.yaml +++ b/unittests/config/cache-config.yaml @@ -8,6 +8,8 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -16,11 +18,28 @@ tests: ADAPTER=redis HOST=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& - - it: "cache is configured correctly for 'memory' when redis-cluster is disabled" + - it: 'cache is configured correctly for redis' template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.cache + value: |- + ADAPTER=redis + HOST=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + + - it: "cache is configured correctly for 'memory' when redis (or redis-cluster) is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -29,11 +48,13 @@ tests: ADAPTER=memory HOST= - - it: 'cache can be customized when redis-cluster is disabled' + - it: 'cache can be customized when redis (or redis-cluster) is disabled' template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: false gitea.config.cache.ADAPTER: custom-adapter gitea.config.cache.HOST: custom-host asserts: diff --git a/unittests/config/queue-config.yaml b/unittests/config/queue-config.yaml index fcc1998..cdb2678 100644 --- a/unittests/config/queue-config.yaml +++ b/unittests/config/queue-config.yaml @@ -8,6 +8,8 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -16,11 +18,28 @@ tests: CONN_STR=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& TYPE=redis - - it: "queue is configured correctly for 'levelDB' when redis-cluster is disabled" + - it: 'queue is configured correctly for redis' template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.queue + value: |- + CONN_STR=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + TYPE=redis + + - it: "queue is configured correctly for 'levelDB' when redis (and redis-cluster) is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -29,11 +48,13 @@ tests: CONN_STR= TYPE=level - - it: 'queue can be customized when redis-cluster is disabled' + - it: 'queue can be customized when redis (and redis-cluster) are disabled' template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: false gitea.config.queue.TYPE: custom-type gitea.config.queue.CONN_STR: custom-connection-string asserts: diff --git a/unittests/config/session-config.yaml b/unittests/config/session-config.yaml index cf5fb1b..2a49baa 100644 --- a/unittests/config/session-config.yaml +++ b/unittests/config/session-config.yaml @@ -8,6 +8,8 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -16,11 +18,28 @@ tests: PROVIDER=redis PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& - - it: "session is configured correctly for 'memory' when redis-cluster is disabled" + - it: 'session is configured correctly for redis' template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.session + value: |- + PROVIDER=redis + PROVIDER_CONFIG=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + + - it: "session is configured correctly for 'memory' when redis (and redis-cluster) is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -29,11 +48,13 @@ tests: PROVIDER=memory PROVIDER_CONFIG= - - it: 'session can be customized when redis-cluster is disabled' + - it: 'session can be customized when redis (and redis-cluster) is disabled' template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: false gitea.config.session.PROVIDER: custom-provider gitea.config.session.PROVIDER_CONFIG: custom-provider-config asserts: diff --git a/unittests/dependency-major-image-check.yaml b/unittests/dependency-major-image-check.yaml index a8967c3..1ff65cc 100644 --- a/unittests/dependency-major-image-check.yaml +++ b/unittests/dependency-major-image-check.yaml @@ -15,7 +15,7 @@ tests: matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST - pattern: ^docker.io/bitnami/postgresql-repmgr:16.+$ + pattern: ^docker.io/bitnami/postgresql-repmgr:17.+$ - it: '[postgresql] ensures we detect major image version upgrades' template: charts/postgresql/templates/primary/statefulset.yaml set: @@ -28,15 +28,30 @@ tests: matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST - pattern: ^docker.io/bitnami/postgresql:16.+$ + pattern: ^docker.io/bitnami/postgresql:17.+$ - it: '[redis-cluster] ensures we detect major image version upgrades' template: charts/redis-cluster/templates/redis-statefulset.yaml set: redis-cluster: enabled: true + redis: + enabled: false + asserts: + - documentIndex: 0 + matchRegex: + path: spec.template.spec.containers[0].image + # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST + pattern: bitnami/redis-cluster:7.+$ + - it: '[redis] ensures we detect major image version upgrades' + template: charts/redis/templates/master/application.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: true asserts: - documentIndex: 0 matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST - pattern: ^docker.io/bitnami/redis-cluster:7.+$ + pattern: bitnami/redis:7.+$ diff --git a/unittests/deployment/ingress-configuration.yaml b/unittests/deployment/ingress-configuration.yaml index 2d2476e..4dfda51 100644 --- a/unittests/deployment/ingress-configuration.yaml +++ b/unittests/deployment/ingress-configuration.yaml @@ -15,9 +15,33 @@ tests: hosts: - '{{ .Values.global.giteaHostName }}' asserts: + - isKind: + of: Ingress - equal: path: spec.tls[0].hosts[0] value: 'gitea.example.com' - equal: path: spec.rules[0].host value: 'gitea.example.com' + - it: Ingress Class using TPL + set: + global.ingress.className: 'ingress-class' + ingress.className: '{{ .Values.global.ingress.className }}' + ingress.enabled: true + ingress.hosts[0].host: 'some-host' + ingress.tls: + - secretName: gitea-tls + hosts: + - 'some-host' + asserts: + - isKind: + of: Ingress + - equal: + path: spec.tls[0].hosts[0] + value: 'some-host' + - equal: + path: spec.rules[0].host + value: 'some-host' + - equal: + path: spec.ingressClassName + value: 'ingress-class' diff --git a/unittests/deployment/route-configuration.yaml b/unittests/deployment/route-configuration.yaml new file mode 100644 index 0000000..b4da640 --- /dev/null +++ b/unittests/deployment/route-configuration.yaml @@ -0,0 +1,155 @@ +# $schema: https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json +suite: route template +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/route.yaml +tests: + - it: hostname using TPL + set: + global.giteaHostName: 'gitea.example.com' + route.enabled: true + route.host: '{{ .Values.global.giteaHostName }}' + asserts: + - isKind: + of: Route + - equal: + path: spec.host + value: 'gitea.example.com' + - notExists: + path: spec.wildcardPolicy + - it: wildcard policy + set: + global.giteaHostName: 'gitea.example.com' + route.enabled: true + route.wildcardPolicy: 'Subdomain' + asserts: + - isKind: + of: Route + - equal: + path: spec.wildcardPolicy + value: 'Subdomain' + - it: existing certificate + set: + route.enabled: true + route.tls.existingSecret: certificate-secret + route.tls.certificate: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + route.tls.privateKey: | + -----BEGIN PRIVATE KEY----- + ... + -----END PRIVATE KEY----- + route.tls.caCertificate: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + asserts: + - isKind: + of: Route + - equal: + path: spec.tls.externalCertificate + value: certificate-secret + - notExists: + path: spec.tls.certificate + - notExists: + path: spec.tls.key + - notExists: + path: spec.tls.caCertificate + - it: valid certificate values + set: + route.enabled: true + route.tls.certificate: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + route.tls.privateKey: | + -----BEGIN PRIVATE KEY----- + ... + -----END PRIVATE KEY----- + route.tls.caCertificate: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + asserts: + - isKind: + of: Route + - notExists: + path: spec.tls.externalCertificate + - equal: + path: spec.tls.certificate + value: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + - equal: + path: spec.tls.key + value: | + -----BEGIN PRIVATE KEY----- + ... + -----END PRIVATE KEY----- + - equal: + path: spec.tls.caCertificate + value: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + - it: missing certificate values + set: + route.enabled: true + route.tls.privateKey: | + -----BEGIN PRIVATE KEY----- + ... + -----END PRIVATE KEY----- + route.tls.caCertificate: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + asserts: + - failedTemplate: + errorMessage: certificate, privateKey and caCertificate must be specified together + - it: missing privateKey values + set: + route.enabled: true + route.tls.certificate: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + route.tls.caCertificate: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + asserts: + - failedTemplate: + errorMessage: certificate, privateKey and caCertificate must be specified together + - it: missing caCertificate values + set: + route.enabled: true + route.tls.certificate: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + route.tls.privateKey: | + -----BEGIN PRIVATE KEY----- + ... + -----END PRIVATE KEY----- + asserts: + - failedTemplate: + errorMessage: certificate, privateKey and caCertificate must be specified together diff --git a/unittests/deployment/security-context-normal.yaml b/unittests/deployment/security-context-normal.yaml new file mode 100644 index 0000000..2418371 --- /dev/null +++ b/unittests/deployment/security-context-normal.yaml @@ -0,0 +1,25 @@ +# $schema: https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json +suite: deployment template (security context) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/deployment.yaml + - templates/gitea/config.yaml +tests: + - it: FS group set to 1000 + template: templates/gitea/deployment.yaml + set: + image.rootless: false + asserts: + - equal: + path: spec.template.spec.securityContext.fsGroup + value: 1000 + - it: run configure-gitea with UID 1000 + template: templates/gitea/deployment.yaml + set: + image.rootless: false + asserts: + - equal: + path: spec.template.spec.initContainers[?(@.name == 'configure-gitea')].securityContext.runAsUser + value: 1000 diff --git a/unittests/deployment/security-context-ocp.yaml b/unittests/deployment/security-context-ocp.yaml new file mode 100644 index 0000000..5f7127a --- /dev/null +++ b/unittests/deployment/security-context-ocp.yaml @@ -0,0 +1,25 @@ +# $schema: https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json +suite: deployment template (security context) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/deployment.yaml + - templates/gitea/config.yaml +tests: + - it: FS group not set + template: templates/gitea/deployment.yaml + set: + image.rootless: false + global.compatibility.openshift.adaptSecurityContext: force + asserts: + - notExists: + path: spec.template.spec.securityContext.fsGroup + - it: configure-gitea without runaAsUser + template: templates/gitea/deployment.yaml + set: + image.rootless: false + global.compatibility.openshift.adaptSecurityContext: force + asserts: + - notExists: + path: spec.template.spec.initContainers[?(@.name == 'configure-gitea')].securityContext.runAsUser diff --git a/unittests/deployment/svc-configuration.yaml b/unittests/deployment/svc-configuration.yaml index 0ddccad..f39bb1b 100644 --- a/unittests/deployment/svc-configuration.yaml +++ b/unittests/deployment/svc-configuration.yaml @@ -58,4 +58,71 @@ tests: value: 22 - equal: path: spec.ports[0].targetPort - value: 2222 + value: ssh + + - it: render service.ssh.loadBalancerClass if set and type is LoadBalancer + template: templates/gitea/ssh-svc.yaml + set: + service: + ssh: + loadBalancerClass: 'example.com/class' + type: LoadBalancer + loadBalancerIP: '1.2.3.4' + loadBalancerSourceRanges: + - '1.2.3.4/32' + - '5.6.7.8/32' + asserts: + - equal: + path: spec.loadBalancerClass + value: 'example.com/class' + - equal: + path: spec.loadBalancerIP + value: '1.2.3.4' + - equal: + path: spec.loadBalancerSourceRanges + value: ['1.2.3.4/32', '5.6.7.8/32'] + + - it: does not render when loadbalancer properties are set but type is not loadBalancerClass + template: templates/gitea/http-svc.yaml + set: + service: + http: + type: ClusterIP + loadBalancerClass: 'example.com/class' + loadBalancerIP: '1.2.3.4' + loadBalancerSourceRanges: + - '1.2.3.4/32' + - '5.6.7.8/32' + asserts: + - notExists: + path: spec.loadBalancerClass + - notExists: + path: spec.loadBalancerIP + - notExists: + path: spec.loadBalancerSourceRanges + + - it: does not render loadBalancerClass by default even when type is LoadBalancer + template: templates/gitea/http-svc.yaml + set: + service: + http: + type: LoadBalancer + loadBalancerIP: '1.2.3.4' + asserts: + - notExists: + path: spec.loadBalancerClass + - equal: + path: spec.loadBalancerIP + value: '1.2.3.4' + + - it: both ssh and http services exist + templates: + - templates/gitea/ssh-svc.yaml + - templates/gitea/http-svc.yaml + asserts: + - matchRegex: + path: metadata.name + pattern: '^gitea-unittests-forgejo-(?:ssh|http)$' + - matchRegex: + path: spec.ports[0].name + pattern: '^(?:ssh|http)$' diff --git a/unittests/pvc/pvc-configuration.yaml b/unittests/pvc/pvc-configuration.yaml new file mode 100644 index 0000000..c3afaaf --- /dev/null +++ b/unittests/pvc/pvc-configuration.yaml @@ -0,0 +1,19 @@ +suite: PVC template +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/pvc.yaml +tests: + - it: Storage Class using TPL + set: + global.persistence.storageClass: 'storage-class' + persistence.enabled: true + persistence.create: true + persistence.storageClass: '{{ .Values.global.persistence.storageClass }}' + asserts: + - isKind: + of: PersistentVolumeClaim + - equal: + path: spec.storageClassName + value: 'storage-class' diff --git a/unittests/values-conflicting-checks.yaml b/unittests/values-conflicting-checks.yaml new file mode 100644 index 0000000..a257690 --- /dev/null +++ b/unittests/values-conflicting-checks.yaml @@ -0,0 +1,14 @@ +suite: Values conflicting checks +release: + name: gitea-unittests + namespace: testing +tests: + - it: fails when trying to configure redis and redis-cluster the same time + set: + redis-cluster: + enabled: true + redis: + enabled: true + asserts: + - failedTemplate: + errorMessage: redis and redis-cluster cannot be enabled at the same time. Please only choose one. diff --git a/values.yaml b/values.yaml index 058eb70..4af2e9f 100644 --- a/values.yaml +++ b/values.yaml @@ -20,6 +20,10 @@ global: # hostnames: # - example.com +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: '' + ## @param replicaCount number of replicas for the deployment replicaCount: 1 @@ -97,7 +101,7 @@ podDisruptionBudget: {} service: ## @param service.http.type Kubernetes service type for web traffic ## @param service.http.port Port number for web traffic - ## @param service.http.clusterIP ClusterIP setting for http autosetup for deployment is None + ## @param service.http.clusterIP ClusterIP setting for http autosetup for deployment ## @param service.http.loadBalancerIP LoadBalancer IP setting ## @param service.http.nodePort NodePort for http service ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation @@ -107,10 +111,11 @@ service: ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer ## @param service.http.annotations HTTP service annotations ## @param service.http.labels HTTP service additional labels + ## @param service.http.loadBalancerClass Loadbalancer class http: type: ClusterIP port: 3000 - clusterIP: None + clusterIP: loadBalancerIP: nodePort: externalTrafficPolicy: @@ -120,9 +125,10 @@ service: loadBalancerSourceRanges: [] annotations: {} labels: {} + loadBalancerClass: ## @param service.ssh.type Kubernetes service type for ssh traffic ## @param service.ssh.port Port number for ssh traffic - ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None + ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment ## @param service.ssh.loadBalancerIP LoadBalancer IP setting ## @param service.ssh.nodePort NodePort for ssh service ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation @@ -133,10 +139,11 @@ service: ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer ## @param service.ssh.annotations SSH service annotations ## @param service.ssh.labels SSH service additional labels + ## @param service.ssh.loadBalancerClass Loadbalancer class ssh: type: ClusterIP port: 22 - clusterIP: None + clusterIP: loadBalancerIP: nodePort: externalTrafficPolicy: @@ -147,6 +154,7 @@ service: loadBalancerSourceRanges: [] annotations: {} labels: {} + loadBalancerClass: ## @section Ingress ## @param ingress.enabled Enable ingress @@ -156,7 +164,6 @@ service: ## @param ingress.hosts[0].paths[0].path Default Ingress path ## @param ingress.hosts[0].paths[0].pathType Ingress path type ## @param ingress.tls Ingress tls settings -## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd. ingress: enabled: false # className: nginx @@ -174,9 +181,48 @@ ingress: # - secretName: chart-example-tls # hosts: # - git.example.com - # Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar - # If helm doesn't correctly detect your ingress API version you can set it here. - # apiVersion: networking.k8s.io/v1 + +## @section Route +## @param route.enabled Enable route +## @param route.annotations Route annotations +## @param route.host Host to use for the route (will be assigned automatically by OKD / OpenShift is not defined) +## @param route.wildcardPolicy Wildcard policy if any for the route, currently only 'Subdomain' or 'None' is allowed. +## @param route.tls.termination termination type (see [OKD documentation](https://docs.okd.io/latest/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)) +## @param route.tls.insecureEdgeTerminationPolicy the desired behavior for insecure connections to a route (e.g. with http) +## @param route.tls.existingSecret the name of a predefined secret of type kubernetes.io/tls with both key (tls.crt and tls.key) set accordingly (if defined attributes 'certificate', 'caCertificate' and 'privateKey' are ignored) +## @param route.tls.certificate PEM encoded single certificate +## @param route.tls.privateKey PEM encoded private key +## @param route.tls.caCertificate PEM encoded CA certificate or chain that issued the certificate +## @param route.tls.destinationCACertificate PEM encoded CA certificate used to verify the authenticity of final end point when 'termination' is set to 'passthrough' (ignored otherwise) +route: + enabled: false + annotations: {} + host: + wildcardPolicy: + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + existingSecret: + certificate: + # certificate: |- + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + privateKey: + # privateKey: |- + # -----BEGIN PRIVATE KEY----- + # ... + # -----END PRIVATE KEY----- + caCertificate: + # caCertificate: |- + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + destinationCACertificate: + # destinationCACertificate: |- + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- ## @section deployment # @@ -323,7 +369,7 @@ initContainers: # ## @param signing.enabled Enable commit/action signing ## @param signing.gpgHome GPG home directory -## @param signing.privateKey Inline private gpg key for signed internal Git activity +## @param signing.privateKey Inline private GPG key for signed internal Git activity ## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey` signing: enabled: false @@ -342,19 +388,23 @@ gitea: ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials ## @param gitea.admin.password Password for the Forgejo admin user ## @param gitea.admin.email Email for the Forgejo admin user + ## @param gitea.admin.passwordMode Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated admin: # existingSecret: gitea-admin-secret existingSecret: username: gitea_admin password: r8sA8CPHD9!bt6d email: 'gitea@local.domain' + passwordMode: keepUpdated ## @param gitea.metrics.enabled Enable Forgejo metrics ## @param gitea.metrics.serviceMonitor.enabled Enable Forgejo metrics service monitor + ## @param gitea.metrics.serviceMonitor.namespace Namespace in which Prometheus is running metrics: enabled: false serviceMonitor: enabled: false + namespace: '' # additionalLabels: # prometheus-release: prom1 @@ -410,12 +460,10 @@ gitea: ## @section `app.ini` overrides ## @descriptionStart - ## ## Every value described in the [Cheat ## Sheet](https://forgejo.org/docs/latest/admin/config-cheat-sheet/) can be ## set as a Helm value. Configuration sections map to (lowercased) YAML ## blocks, while the keys themselves remain in all caps. - ## ## @descriptionEnd config: # values in the DEFAULT section @@ -585,7 +633,8 @@ gitea: ## @section ReadinessProbe # ## @param gitea.readinessProbe.enabled Enable readiness probe - ## @param gitea.readinessProbe.tcpSocket.port Port to probe for readiness + ## @param gitea.readinessProbe.httpGet.path Path to probe for readiness + ## @param gitea.readinessProbe.httpGet.port Port to probe for readiness ## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated ## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe ## @param gitea.readinessProbe.periodSeconds Period for readiness probe @@ -594,7 +643,8 @@ gitea: # Modify the readiness probe for your needs or completely disable it by commenting out. readinessProbe: enabled: true - tcpSocket: + httpGet: + path: /api/healthz port: http initialDelaySeconds: 5 timeoutSeconds: 1 @@ -625,10 +675,11 @@ gitea: ## @section Redis® Cluster ## @descriptionStart ## Redis® Cluster is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) if enabled in the values. -## Complete Configuration can be taken from their website. +## Full configuration options are available on their website. +## Redis cluster and [Redis](#redis) cannot be enabled at the same time. ## @descriptionEnd # -## @param redis-cluster.enabled Enable redis +## @param redis-cluster.enabled Enable redis cluster ## @param redis-cluster.usePassword Whether to use password authentication ## @param redis-cluster.cluster.nodes Number of redis cluster master nodes ## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas @@ -639,10 +690,30 @@ redis-cluster: nodes: 3 # default: 6 replicas: 0 # default: 1 +## @section Redis® +## @descriptionStart +## Redis® is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis) if enabled in the values. +## Full configuration options are available on their website. +## Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. +## @descriptionEnd +# +## @param redis.enabled Enable redis standalone or replicated +## @param redis.architecture Whether to use standalone or replication +## @param redis.global.redis.password Required password +## @param redis.master.count Number of Redis master instances to deploy +redis: + enabled: false + architecture: standalone + global: + redis: + password: changeme + master: + count: 1 + ## @section PostgreSQL HA ## @descriptionStart ## PostgreSQL HA is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) if enabled in the values. -## Complete Configuration can be taken from their website. +## Full configuration options are available on their website. ## @descriptionEnd # ## @param postgresql-ha.enabled Enable PostgreSQL HA chart @@ -678,7 +749,7 @@ postgresql-ha: ## @section PostgreSQL ## @descriptionStart ## PostgreSQL is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) if enabled in the values. -## Complete Configuration can be taken from their website. +## Full configuration options are available on their website. ## @descriptionEnd # ## @param postgresql.enabled Enable PostgreSQL @@ -705,8 +776,8 @@ postgresql: # By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update. # Set it to false to skip this basic validation check. ## @section Advanced -## @param checkDeprecation Set it to false to skip this basic validation check. -## @param test.enabled Set it to false to disable test-connection Pod. +## @param checkDeprecation Whether to run this basic validation check. +## @param test.enabled Whether to use test-connection Pod. ## @param test.image.name Image name for the wget container used in the test-connection Pod. ## @param test.image.tag Image tag for the wget container used in the test-connection Pod. checkDeprecation: true @@ -716,6 +787,6 @@ test: name: busybox tag: latest -## @param extraDeploy Array of extra objects to deploy with the release +## @param extraDeploy Array of extra objects to deploy with the release. ## extraDeploy: []