diff --git a/.forgejo/actions/setup-node/action.yml b/.forgejo/actions/setup-node/action.yml index 5ab39be..f19c085 100644 --- a/.forgejo/actions/setup-node/action.yml +++ b/.forgejo/actions/setup-node/action.yml @@ -5,15 +5,11 @@ description: 'setup node' runs: using: 'composite' steps: - - name: Setup pnpm - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - with: - standalone: true - - - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 + - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version-file: .node-version - cache: 'pnpm' - + # cache: 'npm' + - shell: bash + run: corepack enable - shell: bash run: pnpm install --frozen-lockfile diff --git a/.forgejo/renovate/k3s.json b/.forgejo/renovate/k3s.json deleted file mode 100644 index edb593d..0000000 --- a/.forgejo/renovate/k3s.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "packageRules": [ - { - "description": "Separate minor and patch updates for k3s", - "matchDatasources": ["github-releases"], - "matchPackageNames": ["k3s-io/k3s"], - "separateMultipleMinor": true, - "separateMinorPatch": true, - "branchTopic": "{{{depNameSanitized}}}{{#if isMinor}}-minor{{/if}}-{{{newMajor}}}{{#if isPatch}}.{{{newMinor}}}{{/if}}.x{{#if isLockfileUpdate}}-lockfile{{/if}}", - "commitMessageSuffix": "{{#if isMinor}}(minor){{/if}}{{#if isPatch}}(patch){{/if}}" - }, - { - "description": "No automerge for k3s major and minor updates", - "matchDatasources": ["github-releases"], - "matchPackageNames": ["k3s-io/k3s"], - "matchUpdateTypes": ["major", "minor"], - "automerge": false - }, - { - "description": "Group k3s patch updates", - "matchDatasources": ["github-releases"], - "matchPackageNames": ["k3s-io/k3s"], - "matchUpdateTypes": ["patch"], - "groupName": "k3s" - }, - { - "description": "Disable k3s major and minor updates for old versions", - "matchDatasources": ["github-releases"], - "matchFileNames": [".forgejo/workflows/**"], - "matchPackageNames": ["k3s-io/k3s"], - "matchUpdateTypes": ["major", "minor"], - "matchCurrentValue": "!/^v1.32/", - "enabled": false - } - ], - "customDatasources": { - "k3s": { - "defaultRegistryUrlTemplate": "https://update.k3s.io/v1-release/channels", - "transformTemplates": [ - "($isVersion:=function($name){$contains($name,/^v\\d+.\\d+$/)};{\"releases\":[data[$isVersion(name)].{\"version\":latest}],\"sourceUrl\":\"https://github.com/k3s-io/k3s\",\"homepage\":\"https://k3s.io/\"})" - ] - } - }, - "customManagers": [ - { - "customType": "regex", - "fileMatch": [".forgejo/renovate/k3s.json"], - "matchStrings": [ - "matchCurrentValue\": \"!\\/^v(?\\d+\\.\\d+)\\/" - ], - "depNameTemplate": "k3s", - "versioningTemplate": "npm", - "datasourceTemplate": "custom.k3s" - } - ] -} diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml index 5418491..2c2c8d4 100644 --- a/.forgejo/workflows/build.yml +++ b/.forgejo/workflows/build.yml @@ -8,16 +8,15 @@ on: - maint/** tags: - v* - workflow_dispatch: permissions: contents: read env: - HELM_VERSION: v3.17.2 # renovate: datasource=github-releases depName=helm packageName=helm/helm - HELM_UNITTEST_VERSION: v0.7.2 # renovate: datasource=github-releases depName=helm-unittest packageName=helm-unittest/helm-unittest + HELM_VERSION: v3.17.0 # renovate: datasource=github-releases depName=helm packageName=helm/helm + HELM_UNITTEST_VERSION: v0.7.1 # renovate: datasource=github-releases depName=helm-unittest packageName=helm-unittest/helm-unittest HELM_CHART_TESTING_VERSION: v3.12.0 # renovate: datasource=github-releases depName=chart-testing packageName=helm/chart-testing - KUBECTL_VERSION: v1.32.3 # renovate: datasource=github-releases depName=kubectl packageName=kubernetes/kubernetes + KUBECTL_VERSION: v1.32.1 # renovate: datasource=github-releases depName=kubectl packageName=kubernetes/kubernetes CT_GITHUB_GROUPS: true jobs: @@ -65,7 +64,7 @@ jobs: version: ${{ env.HELM_CHART_TESTING_VERSION }} - name: install helm - uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 with: version: ${{ env.HELM_VERSION }} @@ -89,14 +88,12 @@ jobs: strategy: matrix: k3s: - # https://github.com/k3s-io/k3s/branches # oldest supported version - v1.28.15+k3s1 # renovate: k3s - # https://github.com/k3s-io/k3s/blob/master/channel.yaml#L3-L4 # stable version - - v1.31.6+k3s1 # renovate: k3s + - v1.31.4+k3s1 # renovate: k3s # newest version - - v1.32.2+k3s1 # renovate: k3s + - v1.32.0+k3s1 # renovate: k3s steps: - run: cat /etc/os-release @@ -110,7 +107,7 @@ jobs: - uses: ./.forgejo/actions/setup - name: install helm - uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 with: version: ${{ env.HELM_VERSION }} @@ -126,12 +123,12 @@ jobs: - run: kubectl get no -o wide - name: install chart - uses: https://github.com/nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 + uses: https://github.com/nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0 with: timeout_minutes: 15 max_attempts: 3 retry_on: error - retry_wait_seconds: 120 + retry_wait_seconds: 60 polling_interval_seconds: 5 command: ct install --config tools/ct.yml --charts . @@ -179,7 +176,7 @@ jobs: - uses: ./.forgejo/actions/setup-node - name: install helm - uses: https://github.com/azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 + uses: https://github.com/azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 with: version: ${{ env.HELM_VERSION }} diff --git a/.forgejo/workflows/mirror.yml b/.forgejo/workflows/mirror.yml index 0e7c901..c4345e5 100644 --- a/.forgejo/workflows/mirror.yml +++ b/.forgejo/workflows/mirror.yml @@ -6,8 +6,6 @@ on: branches: - 'main' - workflow_dispatch: - jobs: mirror: runs-on: docker diff --git a/.node-version b/.node-version index 7d41c73..6fa8dec 100644 --- a/.node-version +++ b/.node-version @@ -1 +1 @@ -22.14.0 +22.13.0 diff --git a/.vscode/settings.json b/.vscode/settings.json index da15f96..67a510e 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -4,7 +4,7 @@ ".github/workflows/*", ".forgejo/workflows/*" ], - "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.7.2/schema/helm-testsuite.json": [ + "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.7.1/schema/helm-testsuite.json": [ "/unittests/**/*.yaml" ] }, diff --git a/Chart.lock b/Chart.lock index bff1098..27ebaf6 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,18 +1,12 @@ dependencies: -- name: common - repository: oci://ghcr.io/visualon/bitnamicharts - version: 2.30.0 - name: postgresql repository: oci://ghcr.io/visualon/bitnamicharts - version: 16.5.6 + version: 15.5.38 - name: postgresql-ha repository: oci://ghcr.io/visualon/bitnamicharts - version: 15.3.8 + version: 14.3.10 - name: redis-cluster repository: oci://ghcr.io/visualon/bitnamicharts - version: 11.4.6 -- name: redis - repository: oci://ghcr.io/visualon/bitnamicharts - version: 20.11.4 -digest: sha256:a9c9f0779663336dd22ca4896f22bb64427e28f20aa567aee2f18474f8e31a23 -generated: "2025-03-26T15:31:33.532188569Z" + version: 11.4.0 +digest: sha256:968a09cece8b2b74ef9d0a11c99762a516302bfe6dedcb761b0b73fcfbbd6aa0 +generated: "2025-01-16T10:49:34.426855396Z" diff --git a/Chart.yaml b/Chart.yaml index 8218677..e3e41cb 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: forgejo description: Forgejo Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 10.0.3 +appVersion: 7.0.12 icon: https://code.forgejo.org/forgejo/forgejo/raw/branch/forgejo/assets/logo.svg home: https://forgejo.org/ @@ -28,29 +28,18 @@ maintainers: # https://github.com/bitnami/charts/issues/30853 # https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 dependencies: - # https://github.com/bitnami/charts/blob/main/bitnami/common/Chart.yaml - - name: common - repository: oci://ghcr.io/visualon/bitnamicharts - tags: - - bitnami-common - version: 2.30.0 # https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml - name: postgresql repository: oci://ghcr.io/visualon/bitnamicharts - version: 16.5.6 + version: 15.5.38 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://ghcr.io/visualon/bitnamicharts - version: 15.3.8 + version: 14.3.10 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://ghcr.io/visualon/bitnamicharts - version: 11.4.6 + version: 11.4.0 condition: redis-cluster.enabled - # https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml - - name: redis - repository: oci://ghcr.io/visualon/bitnamicharts - version: 20.11.4 - condition: redis.enabled diff --git a/LICENSE b/LICENSE index b073755..bbf54de 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,5 @@ MIT License -Copyright (c) 2023 The Forgejo Authors Copyright (c) 2020 The Gitea Authors Copyright (c) 2020 NOVUM-RGI Copyright (c) 2019 - 2020 Charlie Drage diff --git a/Makefile b/Makefile index dd97d84..8354304 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ readme: prepare-environment .PHONY: unittests unittests: - helm unittest --strict -f 'unittests/**/*.yaml' ./ + helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' ./ .PHONY: helm update-helm-dependencies: diff --git a/README.md b/README.md index 8a448fa..2f0a6fe 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini) - [External Database](#external-database) - [Ports and external url](#ports-and-external-url) + - [ClusterIP](#clusterip) - [SSH and Ingress](#ssh-and-ingress) - [SSH on crio based kubernetes cluster](#ssh-on-crio-based-kubernetes-cluster) - [Cache](#cache) @@ -50,16 +51,11 @@ - [ReadinessProbe](#readinessprobe) - [StartupProbe](#startupprobe) - [Redis® Cluster](#redis-cluster) - - [Redis®](#redis) - [PostgreSQL HA](#postgresql-ha) - [PostgreSQL](#postgresql) - [Advanced](#advanced) - [Contributing](#contributing) - [Upgrading](#upgrading) - - [To v11](#to-v11) - - [To v10](#to-v10) - - [To v9](#to-v9) - - [To v8](#to-v8) - [To v7](#to-v7) - [To v6](#to-v6) @@ -101,8 +97,7 @@ These dependencies are enabled by default: Alternatively, the following non-HA replacements are available: -- PostgreSQL ([Bitnami PostgreSQL](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml)) -- Redis ([Bitnami Redis](https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml)) +- PostgreSQL ([Bitnami PostgreSQL]()) ### Dependency Versioning @@ -121,7 +116,6 @@ Please double-check the image repository and available tags in the sub-chart: - [PostgreSQL-HA](https://hub.docker.com/r/bitnami/postgresql-repmgr/tags) - [PostgreSQL](https://hub.docker.com/r/bitnami/postgresql/tags) - [Redis Cluster](https://hub.docker.com/r/bitnami/redis-cluster/tags) -- [Redis](https://hub.docker.com/r/bitnami/redis/tags) and look up the image tag which fits your needs on Dockerhub. @@ -176,14 +170,14 @@ gitea: This chart will set a few defaults in the Forgejo configuration based on the service and ingress settings. All defaults can be overwritten in `gitea.config`. -INSTALL_LOCK is always set to true because the configuration in this helm chart makes any configuration via installer superfluous. +INSTALL_LOCK is always set to true, since we want to configure Forgejo with this helm chart and everything is taken care of. _All default settings are made directly in the generated `app.ini`, not in the Values._ #### Database defaults -If a database subchart is enabled, the database configuration is set automatically. -For example, PostgreSQL will appear in the `app.ini` as: +If a builtIn database is enabled the database configuration is set automatically. +For example, PostgreSQL builtIn will appear in the `app.ini` as: ```ini [database] @@ -256,7 +250,7 @@ External tools such as `redis-cluster` or `memcached` handle these workloads muc If HA is not needed/desired, the following configurations can be used to deploy a single-pod Forgejo instance. -1. For a production-ready single-pod Forgejo instance without external dependencies (using the chart dependency `postgresql` and `redis`): +1. For a production-ready single-pod Forgejo instance without external dependencies (using the chart dependency `postgresql`):
@@ -265,8 +259,6 @@ If HA is not needed/desired, the following configurations can be used to deploy ```yaml redis-cluster: enabled: false - redis: - enabled: true postgresql: enabled: true postgresql-ha: @@ -279,6 +271,12 @@ If HA is not needed/desired, the following configurations can be used to deploy config: database: DB_TYPE: postgres + session: + PROVIDER: db + cache: + ADAPTER: memory + queue: + TYPE: level indexer: ISSUE_INDEXER_TYPE: bleve REPO_INDEXER_ENABLED: true @@ -298,8 +296,6 @@ If HA is not needed/desired, the following configurations can be used to deploy ```yaml redis-cluster: enabled: false - redis: - enabled: false postgresql: enabled: false postgresql-ha: @@ -449,6 +445,23 @@ This helm chart automatically configures the clone urls to use the correct ports You can change these ports by hand using the `gitea.config` dict. However you should know what you're doing. +### ClusterIP + +By default the `clusterIP` will be set to `None`, which is the default for headless services. +However if you want to omit the clusterIP field in the service, use the following values: + +```yaml +service: + http: + type: ClusterIP + port: 3000 + clusterIP: + ssh: + type: ClusterIP + port: 22 + clusterIP: +``` + ### SSH and Ingress If you're using ingress and want to use SSH, keep in mind, that ingress is not able to forward SSH Ports. @@ -458,7 +471,7 @@ You will need a LoadBalancer like `metallb` and a setting in your ssh service an service: ssh: annotations: - metallb.io/allow-shared-ip: test + metallb.universe.tf/allow-shared-ip: test ``` ### SSH on crio based kubernetes cluster @@ -531,6 +544,8 @@ postgresql: This chart enables you to create a default admin user. It is also possible to update the password for this user by upgrading or redeploying the chart. +It is not possible to delete an admin user after it has been created. +This has to be done in the ui. You cannot use `admin` as username. ```yaml @@ -560,22 +575,6 @@ gitea: existingSecret: gitea-admin-secret ``` -To delete the admin user, set `username` or `password` to an empty value and delete the user in the UI. - -Whether you use the existing Secret or specify a username and password directly, there are three modes for how the admin user password is created or set. - -- `keepUpdated` (the default) will set the admin user password, and reset it to the defined value every time the pod is recreated. -- `initialOnlyNoReset` will set the admin user password when creating it, but never try to update the password. -- `initialOnlyRequireReset` will set the admin user password when creating it, never update it, and require that the password be changed at the initial login. - -These modes can be set like the following: - -```yaml -gitea: - admin: - passwordMode: initialOnlyRequireReset -``` - ### LDAP Settings Like the admin user the LDAP settings can be updated. @@ -633,7 +632,7 @@ Affected options: Like the admin user, OAuth2 settings can be updated and disabled but not deleted. Deleting OAuth2 settings has to be done in the UI. -[All OAuth2 values](https://forgejo.org/docs/latest/admin/command-line/#admin-auth-add-oauth) are available. +All OAuth2 values, which are documented [here](https://forgejo.org/docs/latest/admin/command-line/#admin), are available. Multiple OAuth2 sources can be configured with additional OAuth list items. @@ -672,29 +671,14 @@ gitea: existingSecret: gitea-oauth-secret ``` -### Compatibility with OCP (OKD or OpenShift) - -Normally OCP is automatically detected and the compatibility mode set accordingly. To enforce the OCP compatibility mode use the following configuration: - -```yaml -global: - compatibility: - openshift: - adaptSecurityContext: force -``` - -An OCP route to access Forgejo can be enabled with the following config: - -```yaml -route: - enabled: true -``` - ## Configure commit signing -When using the rootless image, the GPG key folder is not persistent by default. -If you want commits by Forgejo (e.g. initial commit) to be signed, -you need to provide a signing key: +When using the rootless image the gpg key folder is not persistent by default. +If you consider using signed commits for internal Forgejo activities (e.g. initial commit), you'd need to provide a signing key. +Prior to [PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be re-imported once the container got replaced by another. + +The mentioned PR introduced a new configuration object `signing` allowing you to configure prerequisites for commit signing. +By default this section is disabled to maintain backwards compatibility. ```yaml signing: @@ -702,10 +686,8 @@ signing: gpgHome: /data/git/.gnupg ``` -By default this section is disabled to maintain backwards compatibility. - -Regardless of the used container image the `signing` object allows to specify a private GPG key. -Either using the `signing.privateKey` to define the key inline, or referring to an existing secret containing the key data with `signing.existingSecret`. +Regardless of the used container image the `signing` object allows to specify a private gpg key. +Either using the `signing.privateKey` to define the key inline, or refer to an existing secret containing the key data by using `signing.existingSecret`. ```yaml apiVersion: v1 @@ -725,7 +707,7 @@ signing: existingSecret: custom-gitea-gpg-key ``` -To use the GPG key, Forgejo needs to be configured accordingly. +To use the gpg key, Forgejo needs to be configured accordingly. A detailed description can be found in the [documentation](https://forgejo.org/docs/latest/admin/signing/#general-configuration). ## Metrics and profiling @@ -864,7 +846,6 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus | `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets` | `[]` | | `global.storageClass` | global storage class override | `""` | | `global.hostAliases` | global hostAliases which will be added to the pod's hosts files | `[]` | -| `namespaceOverride` | String to fully override common.names.namespace | `""` | | `replicaCount` | number of replicas for the deployment | `1` | ### strategy @@ -904,7 +885,7 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus | --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | `service.http.type` | Kubernetes service type for web traffic | `ClusterIP` | | `service.http.port` | Port number for web traffic | `3000` | -| `service.http.clusterIP` | ClusterIP setting for http autosetup for deployment | `nil` | +| `service.http.clusterIP` | ClusterIP setting for http autosetup for deployment is None | `None` | | `service.http.loadBalancerIP` | LoadBalancer IP setting | `nil` | | `service.http.nodePort` | NodePort for http service | `nil` | | `service.http.externalTrafficPolicy` | If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` | @@ -914,10 +895,9 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus | `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` | | `service.http.annotations` | HTTP service annotations | `{}` | | `service.http.labels` | HTTP service additional labels | `{}` | -| `service.http.loadBalancerClass` | Loadbalancer class | `nil` | | `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` | | `service.ssh.port` | Port number for ssh traffic | `22` | -| `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for deployment | `nil` | +| `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for deployment is None | `None` | | `service.ssh.loadBalancerIP` | LoadBalancer IP setting | `nil` | | `service.ssh.nodePort` | NodePort for ssh service | `nil` | | `service.ssh.externalTrafficPolicy` | If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` | @@ -928,35 +908,19 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus | `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` | | `service.ssh.annotations` | SSH service annotations | `{}` | | `service.ssh.labels` | SSH service additional labels | `{}` | -| `service.ssh.loadBalancerClass` | Loadbalancer class | `nil` | ### Ingress -| Name | Description | Value | -| ------------------------------------ | -------------------- | ----------------- | -| `ingress.enabled` | Enable ingress | `false` | -| `ingress.className` | Ingress class name | `nil` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.hosts[0].host` | Default Ingress host | `git.example.com` | -| `ingress.hosts[0].paths[0].path` | Default Ingress path | `/` | -| `ingress.hosts[0].paths[0].pathType` | Ingress path type | `Prefix` | -| `ingress.tls` | Ingress tls settings | `[]` | - -### Route - -| Name | Description | Value | -| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | -| `route.enabled` | Enable route | `false` | -| `route.annotations` | Route annotations | `{}` | -| `route.host` | Host to use for the route (will be assigned automatically by OKD / OpenShift is not defined) | `nil` | -| `route.wildcardPolicy` | Wildcard policy if any for the route, currently only 'Subdomain' or 'None' is allowed. | `nil` | -| `route.tls.termination` | termination type (see [OKD documentation](https://docs.okd.io/latest/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)) | `edge` | -| `route.tls.insecureEdgeTerminationPolicy` | the desired behavior for insecure connections to a route (e.g. with http) | `Redirect` | -| `route.tls.existingSecret` | the name of a predefined secret of type kubernetes.io/tls with both key (tls.crt and tls.key) set accordingly (if defined attributes 'certificate', 'caCertificate' and 'privateKey' are ignored) | `nil` | -| `route.tls.certificate` | PEM encoded single certificate | `nil` | -| `route.tls.privateKey` | PEM encoded private key | `nil` | -| `route.tls.caCertificate` | PEM encoded CA certificate or chain that issued the certificate | `nil` | -| `route.tls.destinationCACertificate` | PEM encoded CA certificate used to verify the authenticity of final end point when 'termination' is set to 'passthrough' (ignored otherwise) | `nil` | +| Name | Description | Value | +| ------------------------------------ | --------------------------------------------------------------------------- | ----------------- | +| `ingress.enabled` | Enable ingress | `false` | +| `ingress.className` | Ingress class name | `nil` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.hosts[0].host` | Default Ingress host | `git.example.com` | +| `ingress.hosts[0].paths[0].path` | Default Ingress path | `/` | +| `ingress.hosts[0].paths[0].pathType` | Ingress path type | `Prefix` | +| `ingress.tls` | Ingress tls settings | `[]` | +| `ingress.apiVersion` | Specify APIVersion of ingress object. Mostly would only be used for argocd. | | ### deployment @@ -1021,27 +985,25 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus | ------------------------ | ----------------------------------------------------------------- | ------------------ | | `signing.enabled` | Enable commit/action signing | `false` | | `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` | -| `signing.privateKey` | Inline private GPG key for signed internal Git activity | `""` | +| `signing.privateKey` | Inline private gpg key for signed internal Git activity | `""` | | `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""` | ### Gitea -| Name | Description | Value | -| ---------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | -------------------- | -| `gitea.admin.username` | Username for the Forgejo admin user | `gitea_admin` | -| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | -| `gitea.admin.password` | Password for the Forgejo admin user | `r8sA8CPHD9!bt6d` | -| `gitea.admin.email` | Email for the Forgejo admin user | `gitea@local.domain` | -| `gitea.admin.passwordMode` | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated | `keepUpdated` | -| `gitea.metrics.enabled` | Enable Forgejo metrics | `false` | -| `gitea.metrics.serviceMonitor.enabled` | Enable Forgejo metrics service monitor | `false` | -| `gitea.metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | -| `gitea.ldap` | LDAP configuration | `[]` | -| `gitea.oauth` | OAuth configuration | `[]` | -| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | -| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | -| `gitea.podAnnotations` | Annotations for the Forgejo pod | `{}` | -| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Forgejo image. | `INFO` | +| Name | Description | Value | +| -------------------------------------- | --------------------------------------------------------------------------- | -------------------- | +| `gitea.admin.username` | Username for the Forgejo admin user | `gitea_admin` | +| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | +| `gitea.admin.password` | Password for the Forgejo admin user | `r8sA8CPHD9!bt6d` | +| `gitea.admin.email` | Email for the Forgejo admin user | `gitea@local.domain` | +| `gitea.metrics.enabled` | Enable Forgejo metrics | `false` | +| `gitea.metrics.serviceMonitor.enabled` | Enable Forgejo metrics service monitor | `false` | +| `gitea.ldap` | LDAP configuration | `[]` | +| `gitea.oauth` | OAuth configuration | `[]` | +| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | +| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | +| `gitea.podAnnotations` | Annotations for the Forgejo pod | `{}` | +| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Forgejo image. | `INFO` | ### `app.ini` overrides @@ -1113,16 +1075,15 @@ blocks, while the keys themselves remain in all caps. ### ReadinessProbe -| Name | Description | Value | -| ------------------------------------------ | ------------------------------------------------- | -------------- | -| `gitea.readinessProbe.enabled` | Enable readiness probe | `true` | -| `gitea.readinessProbe.httpGet.path` | Path to probe for readiness | `/api/healthz` | -| `gitea.readinessProbe.httpGet.port` | Port to probe for readiness | `http` | -| `gitea.readinessProbe.initialDelaySeconds` | Initial delay before readiness probe is initiated | `5` | -| `gitea.readinessProbe.timeoutSeconds` | Timeout for readiness probe | `1` | -| `gitea.readinessProbe.periodSeconds` | Period for readiness probe | `10` | -| `gitea.readinessProbe.successThreshold` | Success threshold for readiness probe | `1` | -| `gitea.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `3` | +| Name | Description | Value | +| ------------------------------------------ | ------------------------------------------------- | ------ | +| `gitea.readinessProbe.enabled` | Enable readiness probe | `true` | +| `gitea.readinessProbe.tcpSocket.port` | Port to probe for readiness | `http` | +| `gitea.readinessProbe.initialDelaySeconds` | Initial delay before readiness probe is initiated | `5` | +| `gitea.readinessProbe.timeoutSeconds` | Timeout for readiness probe | `1` | +| `gitea.readinessProbe.periodSeconds` | Period for readiness probe | `10` | +| `gitea.readinessProbe.successThreshold` | Success threshold for readiness probe | `1` | +| `gitea.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `3` | ### StartupProbe @@ -1139,33 +1100,19 @@ blocks, while the keys themselves remain in all caps. ### Redis® Cluster Redis® Cluster is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) if enabled in the values. -Full configuration options are available on their website. -Redis cluster and [Redis](#redis) cannot be enabled at the same time. +Complete Configuration can be taken from their website. | Name | Description | Value | | -------------------------------- | -------------------------------------------- | ------- | -| `redis-cluster.enabled` | Enable redis cluster | `true` | +| `redis-cluster.enabled` | Enable redis | `true` | | `redis-cluster.usePassword` | Whether to use password authentication | `false` | | `redis-cluster.cluster.nodes` | Number of redis cluster master nodes | `3` | | `redis-cluster.cluster.replicas` | Number of redis cluster master node replicas | `0` | -### Redis® - -Redis® is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis) if enabled in the values. -Full configuration options are available on their website. -Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. - -| Name | Description | Value | -| ----------------------------- | ------------------------------------------ | ------------ | -| `redis.enabled` | Enable redis standalone or replicated | `false` | -| `redis.architecture` | Whether to use standalone or replication | `standalone` | -| `redis.global.redis.password` | Required password | `changeme` | -| `redis.master.count` | Number of Redis master instances to deploy | `1` | - ### PostgreSQL HA PostgreSQL HA is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) if enabled in the values. -Full configuration options are available on their website. +Complete Configuration can be taken from their website. | Name | Description | Value | | ------------------------------------------- | ---------------------------------------------------------------- | ----------- | @@ -1183,7 +1130,7 @@ Full configuration options are available on their website. ### PostgreSQL PostgreSQL is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) if enabled in the values. -Full configuration options are available on their website. +Complete Configuration can be taken from their website. | Name | Description | Value | | ------------------------------------------------------- | ---------------------------------------------------------------- | ------- | @@ -1198,11 +1145,11 @@ Full configuration options are available on their website. | Name | Description | Value | | ------------------ | ------------------------------------------------------------------ | --------- | -| `checkDeprecation` | Whether to run this basic validation check. | `true` | -| `test.enabled` | Whether to use test-connection Pod. | `true` | +| `checkDeprecation` | Set it to false to skip this basic validation check. | `true` | +| `test.enabled` | Set it to false to disable test-connection Pod. | `true` | | `test.image.name` | Image name for the wget container used in the test-connection Pod. | `busybox` | | `test.image.tag` | Image tag for the wget container used in the test-connection Pod. | `latest` | -| `extraDeploy` | Array of extra objects to deploy with the release. | `[]` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | ## Contributing @@ -1218,33 +1165,6 @@ This section lists major and breaking changes of each Helm Chart version. Please read them carefully to upgrade successfully, especially the change of the **default database backend**! If you miss this, blindly upgrading may delete your Postgres instance and you may lose your data! -### To v11 - -PostgreSQL and PostgreSQL HA are now using PostgreSQL v17. -Please read PostgresSQL upgrade guide before upgrading. - -You need Forgejo v10+ to use this Helm Chart version. -Forgejo v9 is now EOL. - -ClusterIP is now emtpy instead of `None` for http and ssh service. -Unsupported api versions for `Ingress` and `PodDisruptionBudget` are removed. -`Ingress` and `Service` are now using named ports. -The ReadinessProbe is now using the `/api/healthz` endpoint. - -### To v10 - -You need Forgejo v9+ to use this Helm Chart version. -Forgejo v8 is now EOL. - -### To v9 - -Namespaces for all resources are now set to `common.names.namespace` by default. - -### To v8 - -You need Forgejo v8+ to use this Helm Chart version. -Use the v7 Helm Chart for Forgejo v7. - ### To v7 The Forgejo docker image is pulled from `code.forgejo.org` instead of `codeberg.org`. diff --git a/ci/default-values.yaml b/ci/default-values.yaml index 25fefaa..17d51f1 100644 --- a/ci/default-values.yaml +++ b/ci/default-values.yaml @@ -1,4 +1,4 @@ -# default values with some modifications +# default values # Use mirror # https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 diff --git a/ci/dev-values.yaml b/ci/dev-values.yaml index a47f3ba..9ab57c7 100644 --- a/ci/dev-values.yaml +++ b/ci/dev-values.yaml @@ -1,6 +1,7 @@ # Test codeberg.org image image: registry: codeberg.org + # Use mirror # https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 test: diff --git a/ci/single-values.yaml b/ci/single-values.yaml index 6be58e6..578a267 100644 --- a/ci/single-values.yaml +++ b/ci/single-values.yaml @@ -1,3 +1,12 @@ +# Use mirror +# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 +global: + security: + allowInsecureImages: true +test: + image: + name: code.forgejo.org/oci/busybox + redis-cluster: enabled: false postgresql-ha: @@ -5,19 +14,8 @@ postgresql-ha: postgresql: enabled: true - # Use mirror - # https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 image: - registry: public.ecr.aws -global: - security: - allowInsecureImages: true - -# Use mirror -# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 -test: - image: - name: code.forgejo.org/oci/busybox + registry: public.ecr.aws # Use mirror persistence: enabled: true diff --git a/ci/v11-values.yaml b/ci/v11-values.yaml deleted file mode 100644 index 6c1a24b..0000000 --- a/ci/v11-values.yaml +++ /dev/null @@ -1,29 +0,0 @@ -image: - registry: codeberg.org - repository: forgejo-experimental/forgejo - tag: 11 # don't pin, manifests can be missing - -# Use mirror -# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 -test: - image: - name: code.forgejo.org/oci/busybox - -redis-cluster: - enabled: false -postgresql-ha: - enabled: false - -persistence: - enabled: false - -gitea: - config: - database: - DB_TYPE: sqlite3 - session: - PROVIDER: memory - cache: - ADAPTER: memory - queue: - TYPE: level diff --git a/ci/v12-values.yaml b/ci/v12-values.yaml deleted file mode 100644 index 8429086..0000000 --- a/ci/v12-values.yaml +++ /dev/null @@ -1,29 +0,0 @@ -image: - registry: codeberg.org - repository: forgejo-experimental/forgejo - tag: 12 # don't pin, manifests can be missing - -# Use mirror -# https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 -test: - image: - name: code.forgejo.org/oci/busybox - -redis-cluster: - enabled: false -postgresql-ha: - enabled: false - -persistence: - enabled: false - -gitea: - config: - database: - DB_TYPE: sqlite3 - session: - PROVIDER: memory - cache: - ADAPTER: memory - queue: - TYPE: level diff --git a/ci/v10-values.yaml b/ci/v7-test-values.yaml similarity index 89% rename from ci/v10-values.yaml rename to ci/v7-test-values.yaml index 253b35b..a2a3622 100644 --- a/ci/v10-values.yaml +++ b/ci/v7-test-values.yaml @@ -1,7 +1,7 @@ image: registry: codeberg.org repository: forgejo-experimental/forgejo - tag: 10 # don't pin, manifests can be missing + tag: 7.0-test # don't pin, manifests can be missing # Use mirror # https://code.forgejo.org/forgejo-helm/forgejo-helm/issues/1045 diff --git a/package.json b/package.json index d4cccfc..4bc8ee8 100644 --- a/package.json +++ b/package.json @@ -11,21 +11,21 @@ "prettier-fix": "prettier --write --ignore-unknown --cache '**/*.*'", "readme:lint": "markdownlint *.md -f", "readme:parameters": "readme-generator -v values.yaml -r README.md", - "test": "helm unittest --strict -f 'unittests/**/*.yaml' ./" + "test": "helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' ./" }, "devDependencies": { - "@bitnami/readme-generator-for-helm": "2.7.0", + "@bitnami/readme-generator-for-helm": "2.6.1", "clipanion": "3.2.1", "conventional-changelog-conventionalcommits": "8.0.0", - "conventional-changelog-core": "9.0.0", + "conventional-changelog-core": "8.0.0", "husky": "9.1.7", - "lint-staged": "15.5.0", - "markdownlint-cli": "0.44.0", - "prettier": "3.5.3" + "lint-staged": "15.4.1", + "markdownlint-cli": "0.43.0", + "prettier": "3.4.2" }, - "packageManager": "pnpm@10.7.0", + "packageManager": "pnpm@9.15.4", "engines": { - "node": "^22.0.0", - "pnpm": "^10.0.0" + "node": "^18.12.0 || >=20.9.0", + "pnpm": "^9.0.0" } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 387c3dc..09b3a8e 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -9,8 +9,8 @@ importers: .: devDependencies: '@bitnami/readme-generator-for-helm': - specifier: 2.7.0 - version: 2.7.0 + specifier: 2.6.1 + version: 2.6.1 clipanion: specifier: 3.2.1 version: 3.2.1(typanion@3.14.0) @@ -18,25 +18,37 @@ importers: specifier: 8.0.0 version: 8.0.0 conventional-changelog-core: - specifier: 9.0.0 - version: 9.0.0(conventional-commits-filter@4.0.0) + specifier: 8.0.0 + version: 8.0.0(conventional-commits-filter@4.0.0) husky: specifier: 9.1.7 version: 9.1.7 lint-staged: - specifier: 15.5.0 - version: 15.5.0 + specifier: 15.4.1 + version: 15.4.1 markdownlint-cli: - specifier: 0.44.0 - version: 0.44.0 + specifier: 0.43.0 + version: 0.43.0 prettier: - specifier: 3.5.3 - version: 3.5.3 + specifier: 3.4.2 + version: 3.4.2 packages: - '@bitnami/readme-generator-for-helm@2.7.0': - resolution: {integrity: sha512-fVxExmcuJ9NZb9ZE9OW3+lG8pUlXJAJdaO8UukV3A7WzYu4qOTr03MXPH9Gt5e/6mo3x4WYI/cXBksKfS0qn3w==} + '@babel/code-frame@7.23.5': + resolution: {integrity: sha512-CgH3s1a96LipHCmSUmYFPwY7MNx8C3avkq7i4Wl3cfa662ldtUe4VM1TPXX70pfmrlWTb6jLqTYrZyT2ZTJBgA==} + engines: {node: '>=6.9.0'} + + '@babel/helper-validator-identifier@7.22.20': + resolution: {integrity: sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==} + engines: {node: '>=6.9.0'} + + '@babel/highlight@7.23.4': + resolution: {integrity: sha512-acGdbYSfp2WheJoJm/EBBBLh/ID8KDc64ISZ9DYtBmC8/Q204PZJLHyzeB5qMzJ5trcOkybd78M4x2KWsUq++A==} + engines: {node: '>=6.9.0'} + + '@bitnami/readme-generator-for-helm@2.6.1': + resolution: {integrity: sha512-rN0m0sfbOuaNdCmQWBfSj9o4kgzz+Dw67Dl1ssDVqghv/UpLkrDmNuTxhD1CWu+sesGL66UYJ2VplGz9KxlAdg==} hasBin: true '@conventional-changelog/git-client@1.0.0': @@ -59,25 +71,12 @@ packages: resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==} engines: {node: '>=12'} - '@pkgjs/parseargs@0.11.0': - resolution: {integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==} - engines: {node: '>=14'} - - '@types/debug@4.1.12': - resolution: {integrity: sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==} - - '@types/katex@0.16.7': - resolution: {integrity: sha512-HMwFiRujE5PjrgwHQ25+bsLJgowjGjm5Z8FVSf0N6PwgJrwxH0QxzHYDcKsTfV3wva0vzrpqMTJS2jXPr5BMEQ==} - - '@types/ms@2.1.0': - resolution: {integrity: sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==} + '@types/normalize-package-data@2.4.4': + resolution: {integrity: sha512-37i+OaWTh9qeK4LSHPsyRC7NahnGotNuZvjLSgcPzblpHB3rrCJxAOgI5gCdKm7coonsaX1Of0ILiTcnZjbfxA==} '@types/semver@7.5.8': resolution: {integrity: sha512-I8EUhyrgfLrcTkzV3TSsGyl1tSuPrEDzr0yd5m90UgNxQkyDXULk3b6MlQqTCpZpNtWe1K0hzclnZkTcLBe2UQ==} - '@types/unist@2.0.11': - resolution: {integrity: sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA==} - add-stream@1.0.0: resolution: {integrity: sha512-qQLMr+8o0WC4FZGQTcJiKBVC59JylcPSrTtk6usvmIDFUOCKegapy1VHQwRbFMOFyb/inzUVqHs+eMYKDM1YeQ==} @@ -93,6 +92,10 @@ packages: resolution: {integrity: sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==} engines: {node: '>=12'} + ansi-styles@3.2.1: + resolution: {integrity: sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==} + engines: {node: '>=4'} + ansi-styles@4.3.0: resolution: {integrity: sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==} engines: {node: '>=8'} @@ -120,19 +123,14 @@ packages: resolution: {integrity: sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==} engines: {node: '>=8'} + chalk@2.4.2: + resolution: {integrity: sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==} + engines: {node: '>=4'} + chalk@5.4.1: resolution: {integrity: sha512-zgVZuo2WcZgfUEmsn6eO3kINexW8RAE4maiQ8QNs8CtpPCSyMiYsULR3HQYkm3w8FIA3SberyMJMSldGsW+U3w==} engines: {node: ^12.17.0 || ^14.13 || >=16.0.0} - character-entities-legacy@3.0.0: - resolution: {integrity: sha512-RpPp0asT/6ufRm//AJVwpViZbGM/MkjQFxJccQRHmISF/22NBtsHqAWmL+/pmkPWoIUJdWyeVleTl1wydHATVQ==} - - character-entities@2.0.2: - resolution: {integrity: sha512-shx7oQ0Awen/BRIdkjkvz54PnEEI/EjwXDSIZp86/KKdbafHh1Df/RYGBhn4hbe2+uKC9FnT5UCEdyPz3ai9hQ==} - - character-reference-invalid@2.0.1: - resolution: {integrity: sha512-iBZ4F4wRbyORVsu0jPV7gXkOsGYjGHPmAyv+HiHG8gi5PtC9KI2j1+v8/tlibRvjoWX027ypmG/n0HtO5t7unw==} - cli-cursor@5.0.0: resolution: {integrity: sha512-aCj4O5wKyszjMmDT4tZj93kxyydN/K5zPWSCe6/0AV/AA1pqe5ZBIw0a2ZfPQV7lL5/yb5HsUreJ6UFAF1tEQw==} engines: {node: '>=18'} @@ -146,27 +144,33 @@ packages: peerDependencies: typanion: '*' + color-convert@1.9.3: + resolution: {integrity: sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==} + color-convert@2.0.1: resolution: {integrity: sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==} engines: {node: '>=7.0.0'} + color-name@1.1.3: + resolution: {integrity: sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==} + color-name@1.1.4: resolution: {integrity: sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==} colorette@2.0.20: resolution: {integrity: sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==} - commander@13.1.0: - resolution: {integrity: sha512-/rFeCpNJQbhSZjGVwO9RFV3xPqbnERS8MmIQzCtD/zl6gpJuV/bMLuN92oG3F7d8oDEHHRrujSXNUr8fpjntKw==} + commander@12.1.0: + resolution: {integrity: sha512-Vw8qHK3bZM9y/P10u3Vib8o/DdkvA2OtPtZvD871QKjy74Wj1WSKFILMPRPSdUSx5RFK1arlJzEtA4PkFgnbuA==} engines: {node: '>=18'} commander@6.2.1: resolution: {integrity: sha512-U7VdrJFnJgo4xjrHpTzu0yrHPGImdsmD95ZlgYSEajAn2JKzDhDTPG9kBTefmObL2w/ngeZnilk+OV9CG3d7UA==} engines: {node: '>= 6'} - commander@8.3.0: - resolution: {integrity: sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==} - engines: {node: '>= 12'} + commander@7.2.0: + resolution: {integrity: sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==} + engines: {node: '>= 10'} compare-func@2.0.0: resolution: {integrity: sha512-zHig5N+tPWARooBnb0Zx1MFcdfpyJrfTJ3Y5L+IFvUm8rM74hHz66z0gw0x4tijh5CorKkKUCnW82R2vmpeCRA==} @@ -178,12 +182,12 @@ packages: resolution: {integrity: sha512-eOvlTO6OcySPyyyk8pKz2dP4jjElYunj9hn9/s0OB+gapTO8zwS9UQWrZ1pmF2hFs3vw1xhonOLGcGjy/zgsuA==} engines: {node: '>=18'} - conventional-changelog-core@9.0.0: - resolution: {integrity: sha512-/XS1hE0axsZ+IwJAoXw1faEdbo5+A975pL6FeLHs5Iz8lgROZ9iAhEFmIFhjHW1/BOhGq7RJU9udzWbeumAfDQ==} + conventional-changelog-core@8.0.0: + resolution: {integrity: sha512-EATUx5y9xewpEe10UEGNpbSHRC6cVZgO+hXQjofMqpy+gFIrcGvH3Fl6yk2VFKh7m+ffenup2N7SZJYpyD9evw==} engines: {node: '>=18'} - conventional-changelog-writer@8.0.1: - resolution: {integrity: sha512-hlqcy3xHred2gyYg/zXSMXraY2mjAYYo0msUCpK+BGyaVJMFCKWVXPIHiaacGO2GGp13kvHWXFhYmxT4QQqW3Q==} + conventional-changelog-writer@8.0.0: + resolution: {integrity: sha512-TQcoYGRatlAnT2qEWDON/XSfnVG38JzA7E0wcGScu7RElQBkg9WWgZd1peCWFcWDh1xfb2CfsrcvOn1bbSzztA==} engines: {node: '>=18'} hasBin: true @@ -195,8 +199,8 @@ packages: resolution: {integrity: sha512-tQMagCOC59EVgNZcC5zl7XqO30Wki9i9J3acbUvkaosCT6JX3EeFwJD7Qqp4MCikRnzS18WXV3BLIQ66ytu6+Q==} engines: {node: '>=18'} - conventional-commits-parser@6.1.0: - resolution: {integrity: sha512-5nxDo7TwKB5InYBl4ZC//1g9GRwB/F3TXOGR9hgUjMGfvSP4Vu5NkpNro2+1+TIEy1vwxApl5ircECr2ri5JIw==} + conventional-commits-parser@6.0.0: + resolution: {integrity: sha512-TbsINLp48XeMXR8EvGjTnKGsZqBemisPoyWESlpRyR8lif0lcwzqz+NMtYSj1ooF/WYjSuu7wX0CtdeeMEQAmA==} engines: {node: '>=18'} hasBin: true @@ -213,20 +217,10 @@ packages: supports-color: optional: true - decode-named-character-reference@1.0.2: - resolution: {integrity: sha512-O8x12RzrUF8xyVcY0KJowWsmaJxQbmy0/EtnNtHRpsOcT7dFk5W598coHqBVpmWo1oQQfsCqfCmkZN5DJrZVdg==} - deep-extend@0.6.0: resolution: {integrity: sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==} engines: {node: '>=4.0.0'} - dequal@2.0.3: - resolution: {integrity: sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==} - engines: {node: '>=6'} - - devlop@1.1.0: - resolution: {integrity: sha512-RWmIqhcFf1lRYBvNmr7qTNuyCt/7/ns2jbpp1+PalgE/rDQcBT0fioSMUpJ93irlUhC5hrg4cYqe6U+0ImW0rA==} - dot-object@2.1.5: resolution: {integrity: sha512-xHF8EP4XH/Ba9fvAF2LDd5O3IITVolerVV6xvkxoM8zlGEiCUrggpAnHyOoKJKCrhvPcGATFAUwIujj7bRG5UA==} hasBin: true @@ -255,6 +249,10 @@ packages: resolution: {integrity: sha512-xUtoPkMggbz0MPyPiIWr1Kp4aeWJjDZ6SMvURhimjdZgsRuDplF5/s9hcgGhyXMhs+6vpnuoiZ2kFiu3FMnS8Q==} engines: {node: '>=18'} + escape-string-regexp@1.0.5: + resolution: {integrity: sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==} + engines: {node: '>=0.8.0'} + eventemitter3@5.0.1: resolution: {integrity: sha512-GWkBvjiSZK87ELrYOSESUYeVIc9mvLLf/nXalMOS5dYrgZq9o5OVkbZAVM06CVxYsCwH9BDZFPlQTlPA1j4ahA==} @@ -262,13 +260,14 @@ packages: resolution: {integrity: sha512-VyhnebXciFV2DESc+p6B+y0LjSm0krU4OgJN44qFAhBY0TJ+1V61tYD2+wHusZ6F9n5K+vl8k0sTy7PEfV4qpg==} engines: {node: '>=16.17'} - fd-package-json@1.2.0: - resolution: {integrity: sha512-45LSPmWf+gC5tdCQMNH4s9Sr00bIkiD9aN7dc5hqkrEw1geRYyDQS1v1oMHAW3ysfxfndqGsrDREHHjNNbKUfA==} - fill-range@7.1.1: resolution: {integrity: sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==} engines: {node: '>=8'} + find-up-simple@1.0.0: + resolution: {integrity: sha512-q7Us7kcjj2VMePAa02hDAF6d+MzsdsAWEwYyOpwUtlerRBkOEPBCRZrAV4XfcSN8fHAgaD0hP7miwoay6DCprw==} + engines: {node: '>=18'} + foreground-child@3.1.1: resolution: {integrity: sha512-TMKDUnIte6bfb5nWv7V/caI169OHgvwjb7V4WkeUvbQQdjr5rWKqHFiKWb/fcOwB+CzBT+qbWjvj+DVwRskpIg==} engines: {node: '>=14'} @@ -276,6 +275,9 @@ packages: fs.realpath@1.0.0: resolution: {integrity: sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==} + function-bind@1.1.2: + resolution: {integrity: sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==} + get-east-asian-width@1.2.0: resolution: {integrity: sha512-2nk+7SIVb14QrgXFHcm84tD4bKQz0RxPuMT8Ag5KPOq7J5fEmAg0UbXdTOSHqNuHSU28k55qnceesxXRZGzKWA==} engines: {node: '>=18'} @@ -294,8 +296,9 @@ packages: engines: {node: '>=18'} hasBin: true - glob@10.4.5: - resolution: {integrity: sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==} + glob@11.0.0: + resolution: {integrity: sha512-9UiX/Bl6J2yaBbxKoEBRm4Cipxgok8kQYcOPEhScPwebu2I0HoQOuYdIO6S3hLuWoZgpDpwQZMzTFxgpkyT76g==} + engines: {node: 20 || >=22} hasBin: true glob@7.2.3: @@ -307,9 +310,17 @@ packages: engines: {node: '>=0.4.7'} hasBin: true - hosted-git-info@8.0.2: - resolution: {integrity: sha512-sYKnA7eGln5ov8T8gnYlkSOxFJvywzEx9BueN6xo/GKO8PGiI6uK6xx+DIGe45T3bdVjLAQDQW1aicT8z8JwQg==} - engines: {node: ^18.17.0 || >=20.5.0} + has-flag@3.0.0: + resolution: {integrity: sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==} + engines: {node: '>=4'} + + hasown@2.0.0: + resolution: {integrity: sha512-vUptKVTpIJhcczKBbgnS+RtcuYMB8+oNzPK2/Hp3hanz8JmpATdmmgLgSaadVREkDm+e2giHwY3ZRkyjSIDDFA==} + engines: {node: '>= 0.4'} + + hosted-git-info@7.0.1: + resolution: {integrity: sha512-+K84LB1DYwMHoHSgaOY/Jfhw3ucPmSET5v98Ke/HdNSw4a0UktWzyW1mjhjpuxxTqOOsfWT/7iVshHmVZ4IpOA==} + engines: {node: ^16.14.0 || >=18.0.0} human-signals@5.0.0: resolution: {integrity: sha512-AXcZb6vzzrFAUE61HnN4mpLqd/cSIwNQjtNWR0euPm6y0iqx3G4gOXaIDdtdDwZmhwe82LA6+zinmW4UBWVePQ==} @@ -320,10 +331,14 @@ packages: engines: {node: '>=18'} hasBin: true - ignore@7.0.3: - resolution: {integrity: sha512-bAH5jbK/F3T3Jls4I0SO1hmPR0dKU0a7+SY6n1yzRtG54FLO8d6w/nxLFX2Nb7dBu6cCWXPaAME6cYqFUMmuCA==} + ignore@6.0.2: + resolution: {integrity: sha512-InwqeHHN2XpumIkMvpl/DCJVrAHgCsG5+cn1XlnLWGwtZBm8QJfSusItfrwx81CTp5agNZqpKU2J/ccC5nGT4A==} engines: {node: '>= 4'} + index-to-position@0.1.2: + resolution: {integrity: sha512-MWDKS3AS1bGCHLBA2VLImJz42f7bJh8wQsTGCzI3j519/CASStoDONUBVz2I/VID0MpiX3SGSnbOD2xUalbE5g==} + engines: {node: '>=18'} + inflight@1.0.6: resolution: {integrity: sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==} deprecated: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. @@ -335,14 +350,8 @@ packages: resolution: {integrity: sha512-QQnnxNyfvmHFIsj7gkPcYymR8Jdw/o7mp5ZFihxn6h8Ci6fh3Dx4E1gPjpQEpIuPo9XVNY/ZUwh4BPMjGyL01g==} engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} - is-alphabetical@2.0.1: - resolution: {integrity: sha512-FWyyY60MeTNyeSRpkM2Iry0G9hpr7/9kD40mD/cGQEuilcZYS4okz8SN2Q6rLCJ8gbCt6fN+rC+6tMGS99LaxQ==} - - is-alphanumerical@2.0.1: - resolution: {integrity: sha512-hmbYhX/9MUMF5uh7tOXyK/n0ZvWpad5caBA17GsC6vyuCqaWliRG5K1qS9inmUhEMaOBIW7/whAnSwveW/LtZw==} - - is-decimal@2.0.1: - resolution: {integrity: sha512-AAB9hiomQs5DXWcRB1rqsxGUstbRroFOPPVAomNk/3XHR5JyEZChOyTWe2oayKnsSsr/kcGqF+z6yuH6HHpN0A==} + is-core-module@2.13.1: + resolution: {integrity: sha512-hHrIjvZsftOsvKSn2TRYl63zvxsgE0K+0mYMoH6gD4omR5IWB2KynivBQczo3+wF1cCkjzvptnI9Q0sPU66ilw==} is-fullwidth-code-point@3.0.0: resolution: {integrity: sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==} @@ -356,9 +365,6 @@ packages: resolution: {integrity: sha512-OVa3u9kkBbw7b8Xw5F9P+D/T9X+Z4+JruYVNapTjPYZYUznQ5YfWeFkOj606XYYW8yugTfC8Pj0hYqvi4ryAhA==} engines: {node: '>=18'} - is-hexadecimal@2.0.1: - resolution: {integrity: sha512-DgZQp241c8oO6cA1SbTEWiXeoxV42vlcJxgH+B3hi1AiqqKruZR3ZGF8In3fj4+/y/7rHvlOZLZtgJ/4ttYGZg==} - is-number@7.0.0: resolution: {integrity: sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==} engines: {node: '>=0.12.0'} @@ -374,8 +380,12 @@ packages: isexe@2.0.0: resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==} - jackspeak@3.4.3: - resolution: {integrity: sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==} + jackspeak@4.0.2: + resolution: {integrity: sha512-bZsjR/iRjl1Nk1UkjGpAzLNfQtzuijhn2g+pbZb98HQ1Gk8vM9hfbxeMBP+M2/UUdwj0RqGG3mlvk2MsAqwvEw==} + engines: {node: 20 || >=22} + + js-tokens@4.0.0: + resolution: {integrity: sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==} js-yaml@4.1.0: resolution: {integrity: sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==} @@ -388,10 +398,6 @@ packages: resolution: {integrity: sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==} engines: {node: '>=0.10.0'} - katex@0.16.21: - resolution: {integrity: sha512-XvqR7FgOHtWupfMiigNzmh+MgUVmDGU2kXZm899ZkPfcuoPuFxyHmXsgATDpFZDAXCI8tvinaVcDo8PIIJSo4A==} - hasBin: true - lilconfig@3.1.3: resolution: {integrity: sha512-/vlFKAoH5Cgt3Ie+JLhRbwOsCQePABiU3tJ1egGvyQ+33R/vcwM2Zl2QR/LzjsBeItPt3oSVXapn+m4nQDvpzw==} engines: {node: '>=14'} @@ -399,8 +405,8 @@ packages: linkify-it@5.0.0: resolution: {integrity: sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==} - lint-staged@15.5.0: - resolution: {integrity: sha512-WyCzSbfYGhK7cU+UuDDkzUiytbfbi0ZdPy2orwtM75P3WTtQBzmG40cCxIa8Ii2+XjfxzLH6Be46tUfWS85Xfg==} + lint-staged@15.4.1: + resolution: {integrity: sha512-P8yJuVRyLrm5KxCtFx+gjI5Bil+wO7wnTl7C3bXhvtTaAFGirzeB24++D0wGoUwxrUKecNiehemgCob9YL39NA==} engines: {node: '>=18.12.0'} hasBin: true @@ -419,6 +425,10 @@ packages: resolution: {integrity: sha512-2bIM8x+VAf6JT4bKAljS1qUWgMsqZRPGJS6FSahIMPVvctcNhyVp7AJu7quxOW9jwkryBReKZY5tY5JYv2n/7Q==} engines: {node: 14 || >=16.14} + lru-cache@11.0.1: + resolution: {integrity: sha512-CgeuL5uom6j/ZVrg7G/+1IXqRY8JXX4Hghfy5YE0EhoYQWvndP1kufu58cmZLNIDKnRhZrXfdS9urVWx98AipQ==} + engines: {node: 20 || >=22} + lru-cache@6.0.0: resolution: {integrity: sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==} engines: {node: '>=10'} @@ -430,13 +440,17 @@ packages: markdown-table@2.0.0: resolution: {integrity: sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==} - markdownlint-cli@0.44.0: - resolution: {integrity: sha512-ZJTAONlvF9NkrIBltCdW15DxN9UTbPiKMEqAh2EU2gwIFlrCMavyCEPPO121cqfYOrLUJWW8/XKWongstmmTeQ==} + markdownlint-cli@0.43.0: + resolution: {integrity: sha512-6vwurKK4B21eyYzwgX6ph13cZS7hE6LZfcS8QyD722CyxVD2RtAvbZK2p7k+FZbbKORulEuwl+hJaEq1l6/hoQ==} engines: {node: '>=18'} hasBin: true - markdownlint@0.37.4: - resolution: {integrity: sha512-u00joA/syf3VhWh6/ybVFkib5Zpj2e5KB/cfCei8fkSRuums6nyisTWGqjTWIOFoFwuXoTBQQiqlB4qFKp8ncQ==} + markdownlint-micromark@0.1.12: + resolution: {integrity: sha512-RlB6EwMGgc0sxcIhOQ2+aq7Zw1V2fBnzbXKGgYK/mVWdT7cz34fteKSwfYeo4rL6+L/q2tyC9QtD/PgZbkdyJQ==} + engines: {node: '>=18'} + + markdownlint@0.36.1: + resolution: {integrity: sha512-s73fU2CQN7WCgjhaQUQ8wYESQNzGRNOKDd+3xgVqu8kuTEhmwepd/mxOv1LR2oV046ONrTLBFsM7IoKWNvmy5g==} engines: {node: '>=18'} mdurl@2.0.0: @@ -449,81 +463,6 @@ packages: merge-stream@2.0.0: resolution: {integrity: sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==} - micromark-core-commonmark@2.0.2: - resolution: {integrity: sha512-FKjQKbxd1cibWMM1P9N+H8TwlgGgSkWZMmfuVucLCHaYqeSvJ0hFeHsIa65pA2nYbes0f8LDHPMrd9X7Ujxg9w==} - - micromark-extension-directive@3.0.2: - resolution: {integrity: sha512-wjcXHgk+PPdmvR58Le9d7zQYWy+vKEU9Se44p2CrCDPiLr2FMyiT4Fyb5UFKFC66wGB3kPlgD7q3TnoqPS7SZA==} - - micromark-extension-gfm-autolink-literal@2.1.0: - resolution: {integrity: sha512-oOg7knzhicgQ3t4QCjCWgTmfNhvQbDDnJeVu9v81r7NltNCVmhPy1fJRX27pISafdjL+SVc4d3l48Gb6pbRypw==} - - micromark-extension-gfm-footnote@2.1.0: - resolution: {integrity: sha512-/yPhxI1ntnDNsiHtzLKYnE3vf9JZ6cAisqVDauhp4CEHxlb4uoOTxOCJ+9s51bIB8U1N1FJ1RXOKTIlD5B/gqw==} - - micromark-extension-gfm-table@2.1.0: - resolution: {integrity: sha512-Ub2ncQv+fwD70/l4ou27b4YzfNaCJOvyX4HxXU15m7mpYY+rjuWzsLIPZHJL253Z643RpbcP1oeIJlQ/SKW67g==} - - micromark-extension-math@3.1.0: - resolution: {integrity: sha512-lvEqd+fHjATVs+2v/8kg9i5Q0AP2k85H0WUOwpIVvUML8BapsMvh1XAogmQjOCsLpoKRCVQqEkQBB3NhVBcsOg==} - - micromark-factory-destination@2.0.1: - resolution: {integrity: sha512-Xe6rDdJlkmbFRExpTOmRj9N3MaWmbAgdpSrBQvCFqhezUn4AHqJHbaEnfbVYYiexVSs//tqOdY/DxhjdCiJnIA==} - - micromark-factory-label@2.0.1: - resolution: {integrity: sha512-VFMekyQExqIW7xIChcXn4ok29YE3rnuyveW3wZQWWqF4Nv9Wk5rgJ99KzPvHjkmPXF93FXIbBp6YdW3t71/7Vg==} - - micromark-factory-space@2.0.1: - resolution: {integrity: sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==} - - micromark-factory-title@2.0.1: - resolution: {integrity: sha512-5bZ+3CjhAd9eChYTHsjy6TGxpOFSKgKKJPJxr293jTbfry2KDoWkhBb6TcPVB4NmzaPhMs1Frm9AZH7OD4Cjzw==} - - micromark-factory-whitespace@2.0.1: - resolution: {integrity: sha512-Ob0nuZ3PKt/n0hORHyvoD9uZhr+Za8sFoP+OnMcnWK5lngSzALgQYKMr9RJVOWLqQYuyn6ulqGWSXdwf6F80lQ==} - - micromark-util-character@2.1.1: - resolution: {integrity: sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==} - - micromark-util-chunked@2.0.1: - resolution: {integrity: sha512-QUNFEOPELfmvv+4xiNg2sRYeS/P84pTW0TCgP5zc9FpXetHY0ab7SxKyAQCNCc1eK0459uoLI1y5oO5Vc1dbhA==} - - micromark-util-classify-character@2.0.1: - resolution: {integrity: sha512-K0kHzM6afW/MbeWYWLjoHQv1sgg2Q9EccHEDzSkxiP/EaagNzCm7T/WMKZ3rjMbvIpvBiZgwR3dKMygtA4mG1Q==} - - micromark-util-combine-extensions@2.0.1: - resolution: {integrity: sha512-OnAnH8Ujmy59JcyZw8JSbK9cGpdVY44NKgSM7E9Eh7DiLS2E9RNQf0dONaGDzEG9yjEl5hcqeIsj4hfRkLH/Bg==} - - micromark-util-decode-numeric-character-reference@2.0.2: - resolution: {integrity: sha512-ccUbYk6CwVdkmCQMyr64dXz42EfHGkPQlBj5p7YVGzq8I7CtjXZJrubAYezf7Rp+bjPseiROqe7G6foFd+lEuw==} - - micromark-util-encode@2.0.1: - resolution: {integrity: sha512-c3cVx2y4KqUnwopcO9b/SCdo2O67LwJJ/UyqGfbigahfegL9myoEFoDYZgkT7f36T0bLrM9hZTAaAyH+PCAXjw==} - - micromark-util-html-tag-name@2.0.1: - resolution: {integrity: sha512-2cNEiYDhCWKI+Gs9T0Tiysk136SnR13hhO8yW6BGNyhOC4qYFnwF1nKfD3HFAIXA5c45RrIG1ub11GiXeYd1xA==} - - micromark-util-normalize-identifier@2.0.1: - resolution: {integrity: sha512-sxPqmo70LyARJs0w2UclACPUUEqltCkJ6PhKdMIDuJ3gSf/Q+/GIe3WKl0Ijb/GyH9lOpUkRAO2wp0GVkLvS9Q==} - - micromark-util-resolve-all@2.0.1: - resolution: {integrity: sha512-VdQyxFWFT2/FGJgwQnJYbe1jjQoNTS4RjglmSjTUlpUMa95Htx9NHeYW4rGDJzbjvCsl9eLjMQwGeElsqmzcHg==} - - micromark-util-sanitize-uri@2.0.1: - resolution: {integrity: sha512-9N9IomZ/YuGGZZmQec1MbgxtlgougxTodVwDzzEouPKo3qFWvymFHWcnDi2vzV1ff6kas9ucW+o3yzJK9YB1AQ==} - - micromark-util-subtokenize@2.0.4: - resolution: {integrity: sha512-N6hXjrin2GTJDe3MVjf5FuXpm12PGm80BrUAeub9XFXca8JZbP+oIwY4LJSVwFUCL1IPm/WwSVUN7goFHmSGGQ==} - - micromark-util-symbol@2.0.1: - resolution: {integrity: sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==} - - micromark-util-types@2.0.1: - resolution: {integrity: sha512-534m2WhVTddrcKVepwmVEVnUAmtrx9bfIjNoQHRqfnvdaHQiFytEhJoTgpWJvDEXCO5gLTQh3wYC1PgOJA4NSQ==} - - micromark@4.0.1: - resolution: {integrity: sha512-eBPdkcoCNvYcxQOAKAlceo5SNdzZWfF+FcSupREAzdAh9rRmE239CEQAiTwIgblwnoM8zzj35sZ5ZwvSEOF6Kw==} - micromatch@4.0.8: resolution: {integrity: sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==} engines: {node: '>=8.6'} @@ -536,13 +475,13 @@ packages: resolution: {integrity: sha512-VP79XUPxV2CigYP3jWwAUFSku2aKqBH7uTAapFWCBqutsbmDo96KY5o8uh6U+/YSIn5OxJnXp73beVkpqMIGhA==} engines: {node: '>=18'} + minimatch@10.0.1: + resolution: {integrity: sha512-ethXTt3SGGR+95gudmqJ1eNhRO7eGEGIgYA9vnPatK4/etz2MEVDno5GMCibdMTuBMyElzIlgxMna3K94XDIDQ==} + engines: {node: 20 || >=22} + minimatch@3.1.2: resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==} - minimatch@9.0.5: - resolution: {integrity: sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==} - engines: {node: '>=16 || 14 >=14.17'} - minimist@1.2.8: resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==} @@ -556,9 +495,9 @@ packages: neo-async@2.6.2: resolution: {integrity: sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==} - normalize-package-data@7.0.0: - resolution: {integrity: sha512-k6U0gKRIuNCTkwHGZqblCfLfBRh+w1vI6tBo+IeJwq2M8FUiOqhX7GH+GArQGScA7azd1WfyRCvxoXDO3hQDIA==} - engines: {node: ^18.17.0 || >=20.5.0} + normalize-package-data@6.0.0: + resolution: {integrity: sha512-UL7ELRVxYBHBgYEtZCXjxuD5vPxnmvMGq0jp/dGPKKrN7tfsBh2IY7TlJ15WWwdjRWD3RJbnsygUurTK3xkPkg==} + engines: {node: ^16.14.0 || >=18.0.0} npm-run-path@5.2.0: resolution: {integrity: sha512-W4/tgAXFqFA0iL7fk0+uQ3g7wkL8xJmx3XdK0VGb4cHW//eZTtKGvFBBoRKVTpY7n6ze4NL9ly7rgXcHufqXKg==} @@ -578,8 +517,9 @@ packages: package-json-from-dist@1.0.0: resolution: {integrity: sha512-dATvCeZN/8wQsGywez1mzHtTlP22H8OEfPrVMLNr4/eGa+ijtLn/6M5f0dY8UKNrC2O9UCU6SSoG3qRKnt7STw==} - parse-entities@4.0.2: - resolution: {integrity: sha512-GG2AQYWoLgL877gQIKeRPGO1xF9+eG1ujIb5soS5gPvLQ1y2o8FL90w2QWNdf9I361Mpp7726c+lj3U0qK1uGw==} + parse-json@8.1.0: + resolution: {integrity: sha512-rum1bPifK5SSar35Z6EKZuYPJx85pkNaFrxBK3mwdfSJ1/WKbYrjoW/zTPSjRRamfmVX1ACBIdFAO0VRErW/EA==} + engines: {node: '>=18'} path-is-absolute@1.0.1: resolution: {integrity: sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==} @@ -593,9 +533,9 @@ packages: resolution: {integrity: sha512-haREypq7xkM7ErfgIyA0z+Bj4AGKlMSdlQE2jvJo6huWD1EdkKYV+G/T4nq0YEF2vgTT8kqMFKo1uHn950r4SQ==} engines: {node: '>=12'} - path-scurry@1.11.1: - resolution: {integrity: sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==} - engines: {node: '>=16 || 14 >=14.18'} + path-scurry@2.0.0: + resolution: {integrity: sha512-ypGJsmGtdXUOeM5u93TyeIEfEhM6s+ljAhrk5vAvSx8uyY/02OvrZnA0YNGUrPXfpJMgI1ODd3nwz8Npx4O4cg==} + engines: {node: 20 || >=22} picomatch@2.3.1: resolution: {integrity: sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==} @@ -606,8 +546,8 @@ packages: engines: {node: '>=0.10'} hasBin: true - prettier@3.5.3: - resolution: {integrity: sha512-QQtaxnoDJeAkDvDKWCLiwIXkTgRhwYDEQCghU9Z6q03iyek/rxRh/2lC3HB7P8sWT2xC/y5JDctPLBIGzHKbhw==} + prettier@3.4.2: + resolution: {integrity: sha512-e9MewbtFo+Fevyuxn/4rrcDAaq0IYxPGLvObpQjiZBMAzB9IGmzlnG9RZy3FFas+eBMu2vA0CszMeduow5dIuQ==} engines: {node: '>=14'} hasBin: true @@ -615,6 +555,14 @@ packages: resolution: {integrity: sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==} engines: {node: '>=6'} + read-package-up@11.0.0: + resolution: {integrity: sha512-MbgfoNPANMdb4oRBNg5eqLbB2t2r+o5Ua1pNt8BqGp4I0FJZhuVSOj3PaBPni4azWuSzEdNn2evevzVmEk1ohQ==} + engines: {node: '>=18'} + + read-pkg@9.0.1: + resolution: {integrity: sha512-9viLL4/n1BJUCT1NXVTdS1jtm80yDEgR5T4yCelII49Mbj0v1rZdKqj7zCiYdbB0CuCgdrvHcNogAKTFPBocFA==} + engines: {node: '>=18'} + repeat-string@1.6.1: resolution: {integrity: sha512-PV0dzCYDNfRi1jCDbJzpW7jNNDRuCOG/jI5ctQcGKt/clZD+YcPS3yIlWuTJMmESC8aevCFmWJy5wjAFgNqN6w==} engines: {node: '>=0.10'} @@ -707,6 +655,10 @@ packages: resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==} engines: {node: '>=8'} + supports-color@5.5.0: + resolution: {integrity: sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==} + engines: {node: '>=4'} + to-regex-range@5.0.1: resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==} engines: {node: '>=8.0'} @@ -714,6 +666,10 @@ packages: typanion@3.14.0: resolution: {integrity: sha512-ZW/lVMRabETuYCd9O9ZvMhAh8GslSqaUjxmK/JLPCh6l73CvLBiuXswj/+7LdnWOgYsQ130FqLzFz5aGT4I3Ug==} + type-fest@4.10.2: + resolution: {integrity: sha512-anpAG63wSpdEbLwOqH8L84urkL6PiVIov3EMmgIhhThevh9aiMQov+6Btx0wldNcvm4wV+e2/Rt1QdDwKHFbHw==} + engines: {node: '>=16'} + uc.micro@2.1.0: resolution: {integrity: sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==} @@ -722,12 +678,13 @@ packages: engines: {node: '>=0.8.0'} hasBin: true + unicorn-magic@0.1.0: + resolution: {integrity: sha512-lRfVq8fE8gz6QMBuDM6a+LO3IAzTi05H6gCVaUpir2E1Rwpo4ZUog45KpNXKC/Mn3Yb9UDuHumeFTo9iV/D9FQ==} + engines: {node: '>=18'} + validate-npm-package-license@3.0.4: resolution: {integrity: sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==} - walk-up-path@3.0.1: - resolution: {integrity: sha512-9YlCL/ynK3CTlrSRrDxZvUauLzAswPCrsaCgilqFevUYpeEW0/3ScEjaa3kbW/T0ghhkEr7mv+fpjqn1Y1YuTA==} - which@2.0.2: resolution: {integrity: sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==} engines: {node: '>= 8'} @@ -754,28 +711,46 @@ packages: yallist@4.0.0: resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==} - yaml@2.7.0: - resolution: {integrity: sha512-+hSoy/QHluxmC9kCIJyL/uyFmLmc+e5CFR5Wa+bpIhIj85LVb9ZH2nVnqrHoSvKogwODv0ClqZkmiSSaIH5LTA==} + yaml@2.4.1: + resolution: {integrity: sha512-pIXzoImaqmfOrL7teGUBt/T7ZDnyeGBWyXQBvOVhLkWLN37GXv8NMLK406UY6dS51JfcQHsmcW5cJ441bHg6Lg==} + engines: {node: '>= 14'} + hasBin: true + + yaml@2.6.1: + resolution: {integrity: sha512-7r0XPzioN/Q9kXBro/XPnA6kznR73DHq+GXh5ON7ZozRO6aMjbmiBuKste2wslTFkC5d1dw0GooOCepZXJ2SAg==} engines: {node: '>= 14'} hasBin: true snapshots: - '@bitnami/readme-generator-for-helm@2.7.0': + '@babel/code-frame@7.23.5': dependencies: - commander: 13.1.0 + '@babel/highlight': 7.23.4 + chalk: 2.4.2 + + '@babel/helper-validator-identifier@7.22.20': {} + + '@babel/highlight@7.23.4': + dependencies: + '@babel/helper-validator-identifier': 7.22.20 + chalk: 2.4.2 + js-tokens: 4.0.0 + + '@bitnami/readme-generator-for-helm@2.6.1': + dependencies: + commander: 7.2.0 dot-object: 2.1.5 lodash: 4.17.21 markdown-table: 2.0.0 - yaml: 2.7.0 + yaml: 2.4.1 - '@conventional-changelog/git-client@1.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.1.0)': + '@conventional-changelog/git-client@1.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.0.0)': dependencies: '@types/semver': 7.5.8 semver: 7.6.0 optionalDependencies: conventional-commits-filter: 4.0.0 - conventional-commits-parser: 6.1.0 + conventional-commits-parser: 6.0.0 '@hutson/parse-repository-url@5.0.0': {} @@ -788,21 +763,10 @@ snapshots: wrap-ansi: 8.1.0 wrap-ansi-cjs: wrap-ansi@7.0.0 - '@pkgjs/parseargs@0.11.0': - optional: true - - '@types/debug@4.1.12': - dependencies: - '@types/ms': 2.1.0 - - '@types/katex@0.16.7': {} - - '@types/ms@2.1.0': {} + '@types/normalize-package-data@2.4.4': {} '@types/semver@7.5.8': {} - '@types/unist@2.0.11': {} - add-stream@1.0.0: {} ansi-escapes@7.0.0: @@ -813,6 +777,10 @@ snapshots: ansi-regex@6.0.1: {} + ansi-styles@3.2.1: + dependencies: + color-convert: 1.9.3 + ansi-styles@4.3.0: dependencies: color-convert: 2.0.1 @@ -838,14 +806,14 @@ snapshots: dependencies: fill-range: 7.1.1 + chalk@2.4.2: + dependencies: + ansi-styles: 3.2.1 + escape-string-regexp: 1.0.5 + supports-color: 5.5.0 + chalk@5.4.1: {} - character-entities-legacy@3.0.0: {} - - character-entities@2.0.2: {} - - character-reference-invalid@2.0.1: {} - cli-cursor@5.0.0: dependencies: restore-cursor: 5.1.0 @@ -859,19 +827,25 @@ snapshots: dependencies: typanion: 3.14.0 + color-convert@1.9.3: + dependencies: + color-name: 1.1.3 + color-convert@2.0.1: dependencies: color-name: 1.1.4 + color-name@1.1.3: {} + color-name@1.1.4: {} colorette@2.0.20: {} - commander@13.1.0: {} + commander@12.1.0: {} commander@6.2.1: {} - commander@8.3.0: {} + commander@7.2.0: {} compare-func@2.0.0: dependencies: @@ -884,22 +858,24 @@ snapshots: dependencies: compare-func: 2.0.0 - conventional-changelog-core@9.0.0(conventional-commits-filter@4.0.0): + conventional-changelog-core@8.0.0(conventional-commits-filter@4.0.0): dependencies: '@hutson/parse-repository-url': 5.0.0 add-stream: 1.0.0 - conventional-changelog-writer: 8.0.1 - conventional-commits-parser: 6.1.0 - fd-package-json: 1.2.0 - git-raw-commits: 5.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.1.0) - git-semver-tags: 8.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.1.0) - hosted-git-info: 8.0.2 - normalize-package-data: 7.0.0 + conventional-changelog-writer: 8.0.0 + conventional-commits-parser: 6.0.0 + git-raw-commits: 5.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.0.0) + git-semver-tags: 8.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.0.0) + hosted-git-info: 7.0.1 + normalize-package-data: 6.0.0 + read-package-up: 11.0.0 + read-pkg: 9.0.1 transitivePeerDependencies: - conventional-commits-filter - conventional-changelog-writer@8.0.1: + conventional-changelog-writer@8.0.0: dependencies: + '@types/semver': 7.5.8 conventional-commits-filter: 5.0.0 handlebars: 4.7.8 meow: 13.2.0 @@ -910,7 +886,7 @@ snapshots: conventional-commits-filter@5.0.0: {} - conventional-commits-parser@6.1.0: + conventional-commits-parser@6.0.0: dependencies: meow: 13.2.0 @@ -924,18 +900,8 @@ snapshots: dependencies: ms: 2.1.3 - decode-named-character-reference@1.0.2: - dependencies: - character-entities: 2.0.2 - deep-extend@0.6.0: {} - dequal@2.0.3: {} - - devlop@1.1.0: - dependencies: - dequal: 2.0.3 - dot-object@2.1.5: dependencies: commander: 6.2.1 @@ -957,6 +923,8 @@ snapshots: environment@1.1.0: {} + escape-string-regexp@1.0.5: {} + eventemitter3@5.0.1: {} execa@8.0.1: @@ -971,14 +939,12 @@ snapshots: signal-exit: 4.1.0 strip-final-newline: 3.0.0 - fd-package-json@1.2.0: - dependencies: - walk-up-path: 3.0.1 - fill-range@7.1.1: dependencies: to-regex-range: 5.0.1 + find-up-simple@1.0.0: {} + foreground-child@3.1.1: dependencies: cross-spawn: 7.0.3 @@ -986,34 +952,36 @@ snapshots: fs.realpath@1.0.0: {} + function-bind@1.1.2: {} + get-east-asian-width@1.2.0: {} get-stream@8.0.1: {} - git-raw-commits@5.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.1.0): + git-raw-commits@5.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.0.0): dependencies: - '@conventional-changelog/git-client': 1.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.1.0) + '@conventional-changelog/git-client': 1.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.0.0) meow: 13.2.0 transitivePeerDependencies: - conventional-commits-filter - conventional-commits-parser - git-semver-tags@8.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.1.0): + git-semver-tags@8.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.0.0): dependencies: - '@conventional-changelog/git-client': 1.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.1.0) + '@conventional-changelog/git-client': 1.0.0(conventional-commits-filter@4.0.0)(conventional-commits-parser@6.0.0) meow: 13.2.0 transitivePeerDependencies: - conventional-commits-filter - conventional-commits-parser - glob@10.4.5: + glob@11.0.0: dependencies: foreground-child: 3.1.1 - jackspeak: 3.4.3 - minimatch: 9.0.5 + jackspeak: 4.0.2 + minimatch: 10.0.1 minipass: 7.1.2 package-json-from-dist: 1.0.0 - path-scurry: 1.11.1 + path-scurry: 2.0.0 glob@7.2.3: dependencies: @@ -1033,7 +1001,13 @@ snapshots: optionalDependencies: uglify-js: 3.17.4 - hosted-git-info@8.0.2: + has-flag@3.0.0: {} + + hasown@2.0.0: + dependencies: + function-bind: 1.1.2 + + hosted-git-info@7.0.1: dependencies: lru-cache: 10.2.0 @@ -1041,7 +1015,9 @@ snapshots: husky@9.1.7: {} - ignore@7.0.3: {} + ignore@6.0.2: {} + + index-to-position@0.1.2: {} inflight@1.0.6: dependencies: @@ -1052,14 +1028,9 @@ snapshots: ini@4.1.1: {} - is-alphabetical@2.0.1: {} - - is-alphanumerical@2.0.1: + is-core-module@2.13.1: dependencies: - is-alphabetical: 2.0.1 - is-decimal: 2.0.1 - - is-decimal@2.0.1: {} + hasown: 2.0.0 is-fullwidth-code-point@3.0.0: {} @@ -1069,8 +1040,6 @@ snapshots: dependencies: get-east-asian-width: 1.2.0 - is-hexadecimal@2.0.1: {} - is-number@7.0.0: {} is-obj@2.0.0: {} @@ -1079,11 +1048,11 @@ snapshots: isexe@2.0.0: {} - jackspeak@3.4.3: + jackspeak@4.0.2: dependencies: '@isaacs/cliui': 8.0.2 - optionalDependencies: - '@pkgjs/parseargs': 0.11.0 + + js-tokens@4.0.0: {} js-yaml@4.1.0: dependencies: @@ -1093,20 +1062,16 @@ snapshots: jsonpointer@5.0.1: {} - katex@0.16.21: - dependencies: - commander: 8.3.0 - lilconfig@3.1.3: {} linkify-it@5.0.0: dependencies: uc.micro: 2.1.0 - lint-staged@15.5.0: + lint-staged@15.4.1: dependencies: chalk: 5.4.1 - commander: 13.1.0 + commander: 12.1.0 debug: 4.4.0 execa: 8.0.1 lilconfig: 3.1.3 @@ -1114,7 +1079,7 @@ snapshots: micromatch: 4.0.8 pidtree: 0.6.0 string-argv: 0.3.2 - yaml: 2.7.0 + yaml: 2.6.1 transitivePeerDependencies: - supports-color @@ -1139,6 +1104,8 @@ snapshots: lru-cache@10.2.0: {} + lru-cache@11.0.1: {} + lru-cache@6.0.0: dependencies: yallist: 4.0.0 @@ -1156,34 +1123,25 @@ snapshots: dependencies: repeat-string: 1.6.1 - markdownlint-cli@0.44.0: + markdownlint-cli@0.43.0: dependencies: - commander: 13.1.0 - glob: 10.4.5 - ignore: 7.0.3 + commander: 12.1.0 + glob: 11.0.0 + ignore: 6.0.2 js-yaml: 4.1.0 jsonc-parser: 3.3.1 jsonpointer: 5.0.1 - markdownlint: 0.37.4 - minimatch: 9.0.5 + markdownlint: 0.36.1 + minimatch: 10.0.1 run-con: 1.3.2 smol-toml: 1.3.1 - transitivePeerDependencies: - - supports-color - markdownlint@0.37.4: + markdownlint-micromark@0.1.12: {} + + markdownlint@0.36.1: dependencies: markdown-it: 14.1.0 - micromark: 4.0.1 - micromark-core-commonmark: 2.0.2 - micromark-extension-directive: 3.0.2 - micromark-extension-gfm-autolink-literal: 2.1.0 - micromark-extension-gfm-footnote: 2.1.0 - micromark-extension-gfm-table: 2.1.0 - micromark-extension-math: 3.1.0 - micromark-util-types: 2.0.1 - transitivePeerDependencies: - - supports-color + markdownlint-micromark: 0.1.12 mdurl@2.0.0: {} @@ -1191,178 +1149,6 @@ snapshots: merge-stream@2.0.0: {} - micromark-core-commonmark@2.0.2: - dependencies: - decode-named-character-reference: 1.0.2 - devlop: 1.1.0 - micromark-factory-destination: 2.0.1 - micromark-factory-label: 2.0.1 - micromark-factory-space: 2.0.1 - micromark-factory-title: 2.0.1 - micromark-factory-whitespace: 2.0.1 - micromark-util-character: 2.1.1 - micromark-util-chunked: 2.0.1 - micromark-util-classify-character: 2.0.1 - micromark-util-html-tag-name: 2.0.1 - micromark-util-normalize-identifier: 2.0.1 - micromark-util-resolve-all: 2.0.1 - micromark-util-subtokenize: 2.0.4 - micromark-util-symbol: 2.0.1 - micromark-util-types: 2.0.1 - - micromark-extension-directive@3.0.2: - dependencies: - devlop: 1.1.0 - micromark-factory-space: 2.0.1 - micromark-factory-whitespace: 2.0.1 - micromark-util-character: 2.1.1 - micromark-util-symbol: 2.0.1 - micromark-util-types: 2.0.1 - parse-entities: 4.0.2 - - micromark-extension-gfm-autolink-literal@2.1.0: - dependencies: - micromark-util-character: 2.1.1 - micromark-util-sanitize-uri: 2.0.1 - micromark-util-symbol: 2.0.1 - micromark-util-types: 2.0.1 - - micromark-extension-gfm-footnote@2.1.0: - dependencies: - devlop: 1.1.0 - micromark-core-commonmark: 2.0.2 - micromark-factory-space: 2.0.1 - micromark-util-character: 2.1.1 - micromark-util-normalize-identifier: 2.0.1 - micromark-util-sanitize-uri: 2.0.1 - micromark-util-symbol: 2.0.1 - micromark-util-types: 2.0.1 - - micromark-extension-gfm-table@2.1.0: - dependencies: - devlop: 1.1.0 - micromark-factory-space: 2.0.1 - micromark-util-character: 2.1.1 - micromark-util-symbol: 2.0.1 - micromark-util-types: 2.0.1 - - micromark-extension-math@3.1.0: - dependencies: - '@types/katex': 0.16.7 - devlop: 1.1.0 - katex: 0.16.21 - micromark-factory-space: 2.0.1 - micromark-util-character: 2.1.1 - micromark-util-symbol: 2.0.1 - micromark-util-types: 2.0.1 - - micromark-factory-destination@2.0.1: - dependencies: - micromark-util-character: 2.1.1 - micromark-util-symbol: 2.0.1 - micromark-util-types: 2.0.1 - - micromark-factory-label@2.0.1: - dependencies: - devlop: 1.1.0 - micromark-util-character: 2.1.1 - micromark-util-symbol: 2.0.1 - micromark-util-types: 2.0.1 - - micromark-factory-space@2.0.1: - dependencies: - micromark-util-character: 2.1.1 - micromark-util-types: 2.0.1 - - micromark-factory-title@2.0.1: - dependencies: - micromark-factory-space: 2.0.1 - micromark-util-character: 2.1.1 - micromark-util-symbol: 2.0.1 - micromark-util-types: 2.0.1 - - micromark-factory-whitespace@2.0.1: - dependencies: - micromark-factory-space: 2.0.1 - micromark-util-character: 2.1.1 - micromark-util-symbol: 2.0.1 - micromark-util-types: 2.0.1 - - micromark-util-character@2.1.1: - dependencies: - micromark-util-symbol: 2.0.1 - micromark-util-types: 2.0.1 - - micromark-util-chunked@2.0.1: - dependencies: - micromark-util-symbol: 2.0.1 - - micromark-util-classify-character@2.0.1: - dependencies: - micromark-util-character: 2.1.1 - micromark-util-symbol: 2.0.1 - micromark-util-types: 2.0.1 - - micromark-util-combine-extensions@2.0.1: - dependencies: - micromark-util-chunked: 2.0.1 - micromark-util-types: 2.0.1 - - micromark-util-decode-numeric-character-reference@2.0.2: - dependencies: - micromark-util-symbol: 2.0.1 - - micromark-util-encode@2.0.1: {} - - micromark-util-html-tag-name@2.0.1: {} - - micromark-util-normalize-identifier@2.0.1: - dependencies: - micromark-util-symbol: 2.0.1 - - micromark-util-resolve-all@2.0.1: - dependencies: - micromark-util-types: 2.0.1 - - micromark-util-sanitize-uri@2.0.1: - dependencies: - micromark-util-character: 2.1.1 - micromark-util-encode: 2.0.1 - micromark-util-symbol: 2.0.1 - - micromark-util-subtokenize@2.0.4: - dependencies: - devlop: 1.1.0 - micromark-util-chunked: 2.0.1 - micromark-util-symbol: 2.0.1 - micromark-util-types: 2.0.1 - - micromark-util-symbol@2.0.1: {} - - micromark-util-types@2.0.1: {} - - micromark@4.0.1: - dependencies: - '@types/debug': 4.1.12 - debug: 4.4.0 - decode-named-character-reference: 1.0.2 - devlop: 1.1.0 - micromark-core-commonmark: 2.0.2 - micromark-factory-space: 2.0.1 - micromark-util-character: 2.1.1 - micromark-util-chunked: 2.0.1 - micromark-util-combine-extensions: 2.0.1 - micromark-util-decode-numeric-character-reference: 2.0.2 - micromark-util-encode: 2.0.1 - micromark-util-normalize-identifier: 2.0.1 - micromark-util-resolve-all: 2.0.1 - micromark-util-sanitize-uri: 2.0.1 - micromark-util-subtokenize: 2.0.4 - micromark-util-symbol: 2.0.1 - micromark-util-types: 2.0.1 - transitivePeerDependencies: - - supports-color - micromatch@4.0.8: dependencies: braces: 3.0.3 @@ -1372,14 +1158,14 @@ snapshots: mimic-function@5.0.1: {} + minimatch@10.0.1: + dependencies: + brace-expansion: 2.0.1 + minimatch@3.1.2: dependencies: brace-expansion: 1.1.11 - minimatch@9.0.5: - dependencies: - brace-expansion: 2.0.1 - minimist@1.2.8: {} minipass@7.1.2: {} @@ -1388,9 +1174,10 @@ snapshots: neo-async@2.6.2: {} - normalize-package-data@7.0.0: + normalize-package-data@6.0.0: dependencies: - hosted-git-info: 8.0.2 + hosted-git-info: 7.0.1 + is-core-module: 2.13.1 semver: 7.6.0 validate-npm-package-license: 3.0.4 @@ -1412,15 +1199,11 @@ snapshots: package-json-from-dist@1.0.0: {} - parse-entities@4.0.2: + parse-json@8.1.0: dependencies: - '@types/unist': 2.0.11 - character-entities-legacy: 3.0.0 - character-reference-invalid: 2.0.1 - decode-named-character-reference: 1.0.2 - is-alphanumerical: 2.0.1 - is-decimal: 2.0.1 - is-hexadecimal: 2.0.1 + '@babel/code-frame': 7.23.5 + index-to-position: 0.1.2 + type-fest: 4.10.2 path-is-absolute@1.0.1: {} @@ -1428,19 +1211,33 @@ snapshots: path-key@4.0.0: {} - path-scurry@1.11.1: + path-scurry@2.0.0: dependencies: - lru-cache: 10.2.0 + lru-cache: 11.0.1 minipass: 7.1.2 picomatch@2.3.1: {} pidtree@0.6.0: {} - prettier@3.5.3: {} + prettier@3.4.2: {} punycode.js@2.3.1: {} + read-package-up@11.0.0: + dependencies: + find-up-simple: 1.0.0 + read-pkg: 9.0.1 + type-fest: 4.10.2 + + read-pkg@9.0.1: + dependencies: + '@types/normalize-package-data': 2.4.4 + normalize-package-data: 6.0.0 + parse-json: 8.1.0 + type-fest: 4.10.2 + unicorn-magic: 0.1.0 + repeat-string@1.6.1: {} restore-cursor@5.1.0: @@ -1529,24 +1326,30 @@ snapshots: strip-json-comments@3.1.1: {} + supports-color@5.5.0: + dependencies: + has-flag: 3.0.0 + to-regex-range@5.0.1: dependencies: is-number: 7.0.0 typanion@3.14.0: {} + type-fest@4.10.2: {} + uc.micro@2.1.0: {} uglify-js@3.17.4: optional: true + unicorn-magic@0.1.0: {} + validate-npm-package-license@3.0.4: dependencies: spdx-correct: 3.2.0 spdx-expression-parse: 3.0.1 - walk-up-path@3.0.1: {} - which@2.0.2: dependencies: isexe: 2.0.0 @@ -1575,4 +1378,6 @@ snapshots: yallist@4.0.0: {} - yaml@2.7.0: {} + yaml@2.4.1: {} + + yaml@2.6.1: {} diff --git a/renovate.json b/renovate.json index 9e09aef..ac609ad 100644 --- a/renovate.json +++ b/renovate.json @@ -2,22 +2,17 @@ "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ "forgejo-contrib/forgejo-renovate//base.json", - "forgejo-helm/forgejo-helm//.forgejo/renovate/k3s.json" + "github>visualon/renovate-config//k3s.json" ], "assignees": ["viceice"], "baseBranches": ["main", "/^maint\\/.+/"], "packageRules": [ { - "description": "Separate multiple major sub chart updates", - "matchFileNames": ["Chart.yaml"], - "separateMultipleMajor": true - }, - { - "description": "Require approval for major sub chart updates for maintenance branches", + "description": "Disable major chart updates for maintenance branches", "matchBaseBranches": ["/^maint\\/.+/"], "matchUpdateTypes": ["major"], "matchFileNames": ["Chart.yaml"], - "dependencyDashboardApproval": true + "enabled": false }, { "matchManagers": ["helmv3"], @@ -42,13 +37,13 @@ "semanticCommitType": "feat" }, { - "description": "Automerge and group helm subchart updates weekly (minor & patch)", + "description": "Automerge and group helm subchart updates daily (minor & patch)", "matchManagers": ["helmv3"], "matchFileNames": ["Chart.yaml"], "matchUpdateTypes": ["minor", "patch"], "automerge": true, "groupName": "subcharts", - "extends": ["schedule:weekly"] + "extends": ["schedule:daily"] }, { "description": "Automerge dev deps updates", @@ -74,9 +69,21 @@ "matchUpdateTypes": ["digest"], "automerge": true }, + { + "description": "Separate minor and patch updates for k3s", + "matchPackageNames": ["k3s-io/k3s"], + "separateMinorPatch": true + }, + { + "description": "Require approval and no automerge for k3s major and minor updates", + "matchPackageNames": ["k3s-io/k3s"], + "matchUpdateTypes": ["major", "minor"], + "dependencyDashboardApproval": true, + "automerge": false + }, { "description": "Use test scope for forgejo ci tests", - "matchFileNames": ["ci/*.yaml"], + "matchFileNames": ["ci/*.yml"], "additionalBranchPrefix": "ci-forgejo-", "semanticCommitType": "ci", "semanticCommitScope": "forgejo", @@ -85,15 +92,10 @@ }, { "description": "Disable updates for forgejo ci tests", - "matchFileNames": ["ci/*.yaml"], + "matchFileNames": ["ci/*.yml"], "matchUpdateTypes": ["major", "minor", "patch"], "enabled": false }, - { - "description": "Don't pin digests for forgejo ci tests, not supported", - "matchFileNames": ["ci/*.yaml"], - "pinDigests": false - }, { "description": "branch automerge not possible", "automergeType": "pr", @@ -132,6 +134,6 @@ } ], "helm-values": { - "fileMatch": ["^ci/.+\\.yaml$"] + "fileMatch": ["^ci/.+\\.ya?ml$"] } } diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 234c839..4f7bcdc 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -82,7 +82,7 @@ imagePullSecrets: Storage Class */}} {{- define "gitea.persistence.storageClass" -}} -{{- $storageClass := (tpl ( default "" .Values.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }} +{{- $storageClass := .Values.persistence.storageClass | default .Values.global.storageClass }} {{- if $storageClass }} storageClassName: {{ $storageClass | quote }} {{- end }} @@ -121,28 +121,20 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "redis.dns" -}} -{{- if and ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} -{{- fail "redis and redis-cluster cannot be enabled at the same time. Please only choose one." -}} -{{- else if (index .Values "redis-cluster").enabled -}} +{{- if (index .Values "redis-cluster").enabled -}} {{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}} -{{- else if (index .Values "redis").enabled -}} -{{- printf "redis://:%s@%s-redis-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis").master.service.ports.redis -}} {{- end -}} {{- end -}} {{- define "redis.port" -}} {{- if (index .Values "redis-cluster").enabled -}} {{ (index .Values "redis-cluster").service.ports.redis }} -{{- else if (index .Values "redis").enabled -}} -{{ (index .Values "redis").master.service.ports.redis }} {{- end -}} {{- end -}} {{- define "redis.servicename" -}} {{- if (index .Values "redis-cluster").enabled -}} {{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} -{{- else if (index .Values "redis").enabled -}} -{{- printf "%s-redis-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} {{- end -}} {{- end -}} @@ -224,7 +216,7 @@ https {{- $_ := set $inlines $key (join "\n" $section) -}} {{- end -}} {{- else }} - {{- if or (eq $key "APP_NAME") (eq $key "RUN_USER") (eq $key "RUN_MODE") (eq $key "APP_SLOGAN") (eq $key "APP_DISPLAY_NAME_FORMAT") -}} + {{- if or (eq $key "APP_NAME") (eq $key "RUN_USER") (eq $key "RUN_MODE") -}} {{- $generals = append $generals (printf "%s=%s" $key $value) -}} {{- else -}} {{- (printf "Key %s cannot be on top level of configuration" $key) | fail -}} @@ -287,7 +279,7 @@ https {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} {{- end -}} {{- /* redis queue */ -}} - {{- if or ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} + {{- if (index .Values "redis-cluster").enabled -}} {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}} {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}} {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}} @@ -408,11 +400,3 @@ https {{- define "gitea.serviceAccountName" -}} {{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }} {{- end -}} - -{{- define "gitea.admin.passwordMode" -}} -{{- if has .Values.gitea.admin.passwordMode (tuple "keepUpdated" "initialOnlyNoReset" "initialOnlyRequireReset") -}} -{{ .Values.gitea.admin.passwordMode }} -{{- else -}} -{{ printf "gitea.admin.passwordMode must be set to one of 'keepUpdated', 'initialOnlyNoReset', or 'initialOnlyRequireReset'. Received: '%s'" .Values.gitea.admin.passwordMode | fail }} -{{- end -}} -{{- end -}} diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index c551c96..80e39dd 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -2,7 +2,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "gitea.fullname" . }}-inline-config - namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} type: Opaque @@ -89,18 +88,15 @@ stringData: env2ini::log " + '${setting}'" - local masked_setting="${setting//./_0X2E_}" # '//' instructs to replace all matches - masked_setting="${masked_setting//-/_0X2D_}" - if [[ -z "${section}" ]]; then - export "FORGEJO____${masked_setting^^}=${value}" # '^^' makes the variable content uppercase + export "FORGEJO____${setting^^}=${value}" # '^^' makes the variable content uppercase return fi local masked_section="${section//./_0X2E_}" # '//' instructs to replace all matches masked_section="${masked_section//-/_0X2D_}" - export "FORGEJO__${masked_section^^}__${masked_setting^^}=${value}" # '^^' makes the variable content uppercase + export "FORGEJO__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase } function env2ini::reload_preset_envs() { diff --git a/templates/gitea/deployment.yaml b/templates/gitea/deployment.yaml index f82c407..ca1bdd9 100644 --- a/templates/gitea/deployment.yaml +++ b/templates/gitea/deployment.yaml @@ -2,7 +2,6 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "gitea.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} annotations: {{- if .Values.deployment.annotations }} {{- toYaml .Values.deployment.annotations | nindent 4 }} @@ -57,7 +56,7 @@ spec: {{- end }} {{- include "gitea.images.pullSecrets" . | nindent 6 }} securityContext: - {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} + {{- toYaml .Values.podSecurityContext | nindent 8 }} initContainers: - name: init-directories image: "{{ include "gitea.image" . }}" @@ -91,7 +90,7 @@ spec: {{- end }} {{- include "gitea.init-additional-mounts" . | nindent 12 }} securityContext: - {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} + {{- toYaml .Values.containerSecurityContext | nindent 12 }} resources: {{- toYaml .Values.initContainers.resources | nindent 12 }} - name: init-app-ini @@ -131,7 +130,7 @@ spec: {{- end }} {{- include "gitea.init-additional-mounts" . | nindent 12 }} securityContext: - {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} + {{- toYaml .Values.containerSecurityContext | nindent 12 }} resources: {{- toYaml .Values.initContainers.resources | nindent 12 }} {{- if .Values.signing.enabled }} @@ -145,7 +144,7 @@ spec: {{- if not (hasKey $csc "runAsUser") -}} {{- $_ := set $csc "runAsUser" 1000 -}} {{- end -}} - {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $csc "context" $) | nindent 12 }} + {{- toYaml $csc | nindent 12 }} env: - name: GNUPGHOME value: {{ .Values.signing.gpgHome }} @@ -176,7 +175,7 @@ spec: {{- if not (hasKey $csc "runAsUser") -}} {{- $_ := set $csc "runAsUser" 1000 -}} {{- end -}} - {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $csc "context" $) | nindent 12 }} + {{- toYaml $csc | nindent 12 }} env: - name: GITEA_APP_INI value: /data/gitea/conf/app.ini @@ -244,8 +243,6 @@ spec: - name: GITEA_ADMIN_PASSWORD value: {{ .Values.gitea.admin.password | quote }} {{- end }} - - name: GITEA_ADMIN_PASSWORD_MODE - value: {{ include "gitea.admin.passwordMode" $ }} {{- if .Values.deployment.env }} {{- toYaml .Values.deployment.env | nindent 12 }} {{- end }} @@ -327,9 +324,9 @@ spec: securityContext: {{- /* Honor the deprecated securityContext variable when defined */ -}} {{- if .Values.containerSecurityContext -}} - {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} + {{ toYaml .Values.containerSecurityContext | nindent 12 -}} {{- else -}} - {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.securityContext "context" $) | nindent 12 }} + {{ toYaml .Values.securityContext | nindent 12 -}} {{- end }} volumeMounts: - name: temp @@ -353,7 +350,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: + topologySpreadConstraints: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} @@ -403,4 +400,4 @@ spec: {{- else if not .Values.persistence.enabled }} - name: data emptyDir: {} - {{- end }} + {{- end }} \ No newline at end of file diff --git a/templates/gitea/gpg-secret.yaml b/templates/gitea/gpg-secret.yaml index 0b7716a..12dce66 100644 --- a/templates/gitea/gpg-secret.yaml +++ b/templates/gitea/gpg-secret.yaml @@ -7,7 +7,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "gitea.gpg-key-secret-name" . }} - namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} type: Opaque diff --git a/templates/gitea/http-svc.yaml b/templates/gitea/http-svc.yaml index 6962930..0ec7370 100644 --- a/templates/gitea/http-svc.yaml +++ b/templates/gitea/http-svc.yaml @@ -2,7 +2,6 @@ apiVersion: v1 kind: Service metadata: name: {{ include "gitea.fullname" . }}-http - namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} {{- if .Values.service.http.labels }} @@ -12,11 +11,7 @@ metadata: {{- toYaml .Values.service.http.annotations | nindent 4 }} spec: type: {{ .Values.service.http.type }} - {{- if eq .Values.service.http.type "LoadBalancer" }} - {{- if .Values.service.http.loadBalancerClass }} - loadBalancerClass: {{ .Values.service.http.loadBalancerClass }} - {{- end }} - {{- if and .Values.service.http.loadBalancerIP }} + {{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }} loadBalancerIP: {{ .Values.service.http.loadBalancerIP }} {{- end }} {{- if .Values.service.http.loadBalancerSourceRanges }} @@ -25,7 +20,6 @@ spec: - {{ . }} {{- end }} {{- end }} - {{- end }} {{- if .Values.service.http.externalIPs }} externalIPs: {{- toYaml .Values.service.http.externalIPs | nindent 4 }} @@ -49,6 +43,6 @@ spec: {{- if .Values.service.http.nodePort }} nodePort: {{ .Values.service.http.nodePort }} {{- end }} - targetPort: http + targetPort: {{ .Values.gitea.config.server.HTTP_PORT }} selector: {{- include "gitea.selectorLabels" . | nindent 4 }} diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml index d764bb6..9991eec 100644 --- a/templates/gitea/ingress.yaml +++ b/templates/gitea/ingress.yaml @@ -1,10 +1,18 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "gitea.fullname" . -}} -apiVersion: networking.k8s.io/v1 +{{- $httpPort := .Values.service.http.port -}} +{{- $apiVersion := "extensions/v1beta1" -}} +{{- if .Values.ingress.apiVersion -}} +{{- $apiVersion = .Values.ingress.apiVersion -}} +{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} +{{- $apiVersion = "networking.k8s.io/v1" }} +{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}} +{{- $apiVersion = "networking.k8s.io/v1beta1" }} +{{- end }} +apiVersion: {{ $apiVersion }} kind: Ingress metadata: name: {{ $fullName }} - namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} annotations: @@ -13,7 +21,7 @@ metadata: {{- end }} spec: {{- if .Values.ingress.className }} - ingressClassName: {{ tpl .Values.ingress.className . }} + ingressClassName: {{ .Values.ingress.className }} {{- end }} {{- if .Values.ingress.tls }} tls: @@ -32,14 +40,19 @@ spec: paths: {{- range .paths }} - path: {{ .path }} - {{- if .pathType }} + {{- if and .pathType (eq $apiVersion "networking.k8s.io/v1") }} pathType: {{ .pathType }} {{- end }} backend: + {{- if eq $apiVersion "networking.k8s.io/v1" }} service: name: {{ $fullName }}-http port: - name: http + number: {{ $httpPort }} + {{- else }} + serviceName: {{ $fullName }}-http + servicePort: {{ $httpPort }} + {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 546f4c4..6c89dc7 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -2,7 +2,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "gitea.fullname" . }}-init - namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} type: Opaque @@ -110,26 +109,13 @@ stringData: local ACCOUNT_ID=$(echo "${actual_user_table}" | grep -E "\s+${GITEA_ADMIN_USERNAME}\s+" | awk -F " " "{printf \$1}") if [[ -z "${ACCOUNT_ID}" ]]; then - local -a create_args - create_args=(--admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }}) - if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = initialOnlyRequireReset ]]; then - create_args+=(--must-change-password=true) - else - create_args+=(--must-change-password=false) - fi echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..." - gitea admin user create "${create_args[@]}" + gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }} --must-change-password=false echo '...created.' else - if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = keepUpdated ]]; then - echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." - local -a change_args - change_args=(--username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --must-change-password=false) - gitea admin user change-password "${change_args[@]}" - echo '...password sync done.' - else - echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist, but update mode is set to '${GITEA_ADMIN_PASSWORD_MODE}'. Skipping." - fi + echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." + gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --must-change-password=false + echo '...password sync done.' fi } diff --git a/templates/gitea/poddisruptionbudget.yaml b/templates/gitea/poddisruptionbudget.yaml index d40a166..d2b7e17 100644 --- a/templates/gitea/poddisruptionbudget.yaml +++ b/templates/gitea/poddisruptionbudget.yaml @@ -1,9 +1,12 @@ {{- if .Values.podDisruptionBudget -}} +{{- if .Capabilities.APIVersions.Has "policy/v1" }} apiVersion: policy/v1 +{{- else }} +apiVersion: policy/v1beta1 +{{- end }} kind: PodDisruptionBudget metadata: name: {{ include "gitea.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} spec: @@ -11,4 +14,4 @@ spec: matchLabels: {{- include "gitea.selectorLabels" . | nindent 6 }} {{- toYaml .Values.podDisruptionBudget | nindent 2 }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/templates/gitea/pvc.yaml b/templates/gitea/pvc.yaml index 2c82cb0..25b4af8 100644 --- a/templates/gitea/pvc.yaml +++ b/templates/gitea/pvc.yaml @@ -3,7 +3,7 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ .Values.persistence.claimName }} - namespace: {{ include "common.names.namespace" . | quote }} + namespace: {{ $.Release.Namespace }} annotations: {{ .Values.persistence.annotations | toYaml | indent 4}} {{- if .Values.persistence.labels }} diff --git a/templates/gitea/route.yaml b/templates/gitea/route.yaml deleted file mode 100644 index 740721f..0000000 --- a/templates/gitea/route.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if .Values.route.enabled -}} -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ include "gitea.fullname" . }}-http - namespace: {{ include "common.names.namespace" . | quote }} - labels: - {{- include "gitea.labels" . | nindent 4 }} - annotations: - {{- toYaml .Values.route.annotations | nindent 4 }} -spec: - {{- if .Values.route.host }} - host: {{ tpl .Values.route.host $ | quote }} - {{- end }} - {{- if .Values.route.wildcardPolicy }} - wildcardPolicy: {{ .Values.route.wildcardPolicy }} - {{- end }} - to: - kind: Service - name: {{ include "gitea.fullname" . }}-http - weight: 100 - port: - targetPort: http - tls: - termination: edge - insecureEdgeTerminationPolicy: Redirect - {{- if .Values.route.tls.existingSecret }} - externalCertificate: {{ .Values.route.tls.existingSecret }} - {{- else if and .Values.route.tls.certificate - .Values.route.tls.privateKey - .Values.route.tls.caCertificate }} - certificate: | -{{ .Values.route.tls.certificate | indent 6 }} - key: | -{{ .Values.route.tls.privateKey | indent 6 }} - caCertificate: | -{{ .Values.route.tls.caCertificate | indent 6 }} - {{- else if or .Values.route.tls.certificate - .Values.route.tls.privateKey - .Values.route.tls.caCertificate }} - {{- fail "certificate, privateKey and caCertificate must be specified together" }} - {{- end }} -{{- end }} diff --git a/templates/gitea/serviceaccount.yaml b/templates/gitea/serviceaccount.yaml index e97608b..e730f9c 100644 --- a/templates/gitea/serviceaccount.yaml +++ b/templates/gitea/serviceaccount.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "gitea.serviceAccountName" . }} - namespace: {{ include "common.names.namespace" . | quote }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} {{- with .Values.serviceAccount.labels }} diff --git a/templates/gitea/servicemonitor.yaml b/templates/gitea/servicemonitor.yaml index c740ec8..02750d0 100644 --- a/templates/gitea/servicemonitor.yaml +++ b/templates/gitea/servicemonitor.yaml @@ -3,7 +3,6 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "gitea.fullname" . }} - namespace: {{ default (include "common.names.namespace" .) .Values.gitea.metrics.serviceMonitor.namespace | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} {{- if .Values.gitea.metrics.serviceMonitor.additionalLabels }} @@ -15,4 +14,4 @@ spec: {{- include "gitea.selectorLabels" . | nindent 6 }} endpoints: - port: http -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/templates/gitea/ssh-svc.yaml b/templates/gitea/ssh-svc.yaml index c1576da..3ee756c 100644 --- a/templates/gitea/ssh-svc.yaml +++ b/templates/gitea/ssh-svc.yaml @@ -2,7 +2,6 @@ apiVersion: v1 kind: Service metadata: name: {{ include "gitea.fullname" . }}-ssh - namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} {{- if .Values.service.ssh.labels }} @@ -13,9 +12,6 @@ metadata: spec: type: {{ .Values.service.ssh.type }} {{- if eq .Values.service.ssh.type "LoadBalancer" }} - {{- if .Values.service.ssh.loadBalancerClass }} - loadBalancerClass: {{ .Values.service.ssh.loadBalancerClass }} - {{- end }} {{- if .Values.service.ssh.loadBalancerIP }} loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }} {{- end -}} @@ -47,7 +43,7 @@ spec: - name: ssh port: {{ .Values.service.ssh.port }} {{- if .Values.gitea.config.server.SSH_LISTEN_PORT }} - targetPort: ssh + targetPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }} {{- end }} protocol: TCP {{- if .Values.service.ssh.nodePort }} diff --git a/templates/tests/test-http-connection.yaml b/templates/tests/test-http-connection.yaml index 1a2e13f..8157442 100644 --- a/templates/tests/test-http-connection.yaml +++ b/templates/tests/test-http-connection.yaml @@ -6,7 +6,7 @@ metadata: labels: {{ include "gitea.labels" . | nindent 4 }} annotations: - "helm.sh/hook": test + "helm.sh/hook": test-success spec: containers: - name: wget diff --git a/tools/ct.yml b/tools/ct.yml index 3d241fc..0f81989 100644 --- a/tools/ct.yml +++ b/tools/ct.yml @@ -1,4 +1,3 @@ -# https://github.com/helm/chart-testing/blob/main/doc/ct_install.md helm-extra-args: --timeout 3m check-version-increment: false debug: true diff --git a/unittests/config/cache-config.yaml b/unittests/config/cache-config.yaml index b935fd1..f0291a4 100644 --- a/unittests/config/cache-config.yaml +++ b/unittests/config/cache-config.yaml @@ -8,8 +8,6 @@ tests: set: redis-cluster: enabled: true - redis: - enabled: false asserts: - documentIndex: 0 equal: @@ -18,28 +16,11 @@ tests: ADAPTER=redis HOST=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& - - it: 'cache is configured correctly for redis' + - it: "cache is configured correctly for 'memory' when redis-cluster is disabled" template: templates/gitea/config.yaml set: redis-cluster: enabled: false - redis: - enabled: true - asserts: - - documentIndex: 0 - equal: - path: stringData.cache - value: |- - ADAPTER=redis - HOST=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& - - - it: "cache is configured correctly for 'memory' when redis (or redis-cluster) is disabled" - template: templates/gitea/config.yaml - set: - redis-cluster: - enabled: false - redis: - enabled: false asserts: - documentIndex: 0 equal: @@ -48,13 +29,11 @@ tests: ADAPTER=memory HOST= - - it: 'cache can be customized when redis (or redis-cluster) is disabled' + - it: 'cache can be customized when redis-cluster is disabled' template: templates/gitea/config.yaml set: redis-cluster: enabled: false - redis: - enabled: false gitea.config.cache.ADAPTER: custom-adapter gitea.config.cache.HOST: custom-host asserts: diff --git a/unittests/config/queue-config.yaml b/unittests/config/queue-config.yaml index cdb2678..fcc1998 100644 --- a/unittests/config/queue-config.yaml +++ b/unittests/config/queue-config.yaml @@ -8,8 +8,6 @@ tests: set: redis-cluster: enabled: true - redis: - enabled: false asserts: - documentIndex: 0 equal: @@ -18,28 +16,11 @@ tests: CONN_STR=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& TYPE=redis - - it: 'queue is configured correctly for redis' + - it: "queue is configured correctly for 'levelDB' when redis-cluster is disabled" template: templates/gitea/config.yaml set: redis-cluster: enabled: false - redis: - enabled: true - asserts: - - documentIndex: 0 - equal: - path: stringData.queue - value: |- - CONN_STR=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& - TYPE=redis - - - it: "queue is configured correctly for 'levelDB' when redis (and redis-cluster) is disabled" - template: templates/gitea/config.yaml - set: - redis-cluster: - enabled: false - redis: - enabled: false asserts: - documentIndex: 0 equal: @@ -48,13 +29,11 @@ tests: CONN_STR= TYPE=level - - it: 'queue can be customized when redis (and redis-cluster) are disabled' + - it: 'queue can be customized when redis-cluster is disabled' template: templates/gitea/config.yaml set: redis-cluster: enabled: false - redis: - enabled: false gitea.config.queue.TYPE: custom-type gitea.config.queue.CONN_STR: custom-connection-string asserts: diff --git a/unittests/config/session-config.yaml b/unittests/config/session-config.yaml index 2a49baa..cf5fb1b 100644 --- a/unittests/config/session-config.yaml +++ b/unittests/config/session-config.yaml @@ -8,8 +8,6 @@ tests: set: redis-cluster: enabled: true - redis: - enabled: false asserts: - documentIndex: 0 equal: @@ -18,28 +16,11 @@ tests: PROVIDER=redis PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& - - it: 'session is configured correctly for redis' + - it: "session is configured correctly for 'memory' when redis-cluster is disabled" template: templates/gitea/config.yaml set: redis-cluster: enabled: false - redis: - enabled: true - asserts: - - documentIndex: 0 - equal: - path: stringData.session - value: |- - PROVIDER=redis - PROVIDER_CONFIG=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& - - - it: "session is configured correctly for 'memory' when redis (and redis-cluster) is disabled" - template: templates/gitea/config.yaml - set: - redis-cluster: - enabled: false - redis: - enabled: false asserts: - documentIndex: 0 equal: @@ -48,13 +29,11 @@ tests: PROVIDER=memory PROVIDER_CONFIG= - - it: 'session can be customized when redis (and redis-cluster) is disabled' + - it: 'session can be customized when redis-cluster is disabled' template: templates/gitea/config.yaml set: redis-cluster: enabled: false - redis: - enabled: false gitea.config.session.PROVIDER: custom-provider gitea.config.session.PROVIDER_CONFIG: custom-provider-config asserts: diff --git a/unittests/dependency-major-image-check.yaml b/unittests/dependency-major-image-check.yaml index 1ff65cc..a8967c3 100644 --- a/unittests/dependency-major-image-check.yaml +++ b/unittests/dependency-major-image-check.yaml @@ -15,7 +15,7 @@ tests: matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST - pattern: ^docker.io/bitnami/postgresql-repmgr:17.+$ + pattern: ^docker.io/bitnami/postgresql-repmgr:16.+$ - it: '[postgresql] ensures we detect major image version upgrades' template: charts/postgresql/templates/primary/statefulset.yaml set: @@ -28,30 +28,15 @@ tests: matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST - pattern: ^docker.io/bitnami/postgresql:17.+$ + pattern: ^docker.io/bitnami/postgresql:16.+$ - it: '[redis-cluster] ensures we detect major image version upgrades' template: charts/redis-cluster/templates/redis-statefulset.yaml set: redis-cluster: enabled: true - redis: - enabled: false asserts: - documentIndex: 0 matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST - pattern: bitnami/redis-cluster:7.+$ - - it: '[redis] ensures we detect major image version upgrades' - template: charts/redis/templates/master/application.yaml - set: - redis-cluster: - enabled: false - redis: - enabled: true - asserts: - - documentIndex: 0 - matchRegex: - path: spec.template.spec.containers[0].image - # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST - pattern: bitnami/redis:7.+$ + pattern: ^docker.io/bitnami/redis-cluster:7.+$ diff --git a/unittests/deployment/ingress-configuration.yaml b/unittests/deployment/ingress-configuration.yaml index 4dfda51..2d2476e 100644 --- a/unittests/deployment/ingress-configuration.yaml +++ b/unittests/deployment/ingress-configuration.yaml @@ -15,33 +15,9 @@ tests: hosts: - '{{ .Values.global.giteaHostName }}' asserts: - - isKind: - of: Ingress - equal: path: spec.tls[0].hosts[0] value: 'gitea.example.com' - equal: path: spec.rules[0].host value: 'gitea.example.com' - - it: Ingress Class using TPL - set: - global.ingress.className: 'ingress-class' - ingress.className: '{{ .Values.global.ingress.className }}' - ingress.enabled: true - ingress.hosts[0].host: 'some-host' - ingress.tls: - - secretName: gitea-tls - hosts: - - 'some-host' - asserts: - - isKind: - of: Ingress - - equal: - path: spec.tls[0].hosts[0] - value: 'some-host' - - equal: - path: spec.rules[0].host - value: 'some-host' - - equal: - path: spec.ingressClassName - value: 'ingress-class' diff --git a/unittests/deployment/route-configuration.yaml b/unittests/deployment/route-configuration.yaml deleted file mode 100644 index b4da640..0000000 --- a/unittests/deployment/route-configuration.yaml +++ /dev/null @@ -1,155 +0,0 @@ -# $schema: https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json -suite: route template -release: - name: gitea-unittests - namespace: testing -templates: - - templates/gitea/route.yaml -tests: - - it: hostname using TPL - set: - global.giteaHostName: 'gitea.example.com' - route.enabled: true - route.host: '{{ .Values.global.giteaHostName }}' - asserts: - - isKind: - of: Route - - equal: - path: spec.host - value: 'gitea.example.com' - - notExists: - path: spec.wildcardPolicy - - it: wildcard policy - set: - global.giteaHostName: 'gitea.example.com' - route.enabled: true - route.wildcardPolicy: 'Subdomain' - asserts: - - isKind: - of: Route - - equal: - path: spec.wildcardPolicy - value: 'Subdomain' - - it: existing certificate - set: - route.enabled: true - route.tls.existingSecret: certificate-secret - route.tls.certificate: | - -----BEGIN CERTIFICATE----- - ... - -----END CERTIFICATE----- - route.tls.privateKey: | - -----BEGIN PRIVATE KEY----- - ... - -----END PRIVATE KEY----- - route.tls.caCertificate: | - -----BEGIN CERTIFICATE----- - ... - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - ... - -----END CERTIFICATE----- - asserts: - - isKind: - of: Route - - equal: - path: spec.tls.externalCertificate - value: certificate-secret - - notExists: - path: spec.tls.certificate - - notExists: - path: spec.tls.key - - notExists: - path: spec.tls.caCertificate - - it: valid certificate values - set: - route.enabled: true - route.tls.certificate: | - -----BEGIN CERTIFICATE----- - ... - -----END CERTIFICATE----- - route.tls.privateKey: | - -----BEGIN PRIVATE KEY----- - ... - -----END PRIVATE KEY----- - route.tls.caCertificate: | - -----BEGIN CERTIFICATE----- - ... - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - ... - -----END CERTIFICATE----- - asserts: - - isKind: - of: Route - - notExists: - path: spec.tls.externalCertificate - - equal: - path: spec.tls.certificate - value: | - -----BEGIN CERTIFICATE----- - ... - -----END CERTIFICATE----- - - equal: - path: spec.tls.key - value: | - -----BEGIN PRIVATE KEY----- - ... - -----END PRIVATE KEY----- - - equal: - path: spec.tls.caCertificate - value: | - -----BEGIN CERTIFICATE----- - ... - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - ... - -----END CERTIFICATE----- - - it: missing certificate values - set: - route.enabled: true - route.tls.privateKey: | - -----BEGIN PRIVATE KEY----- - ... - -----END PRIVATE KEY----- - route.tls.caCertificate: | - -----BEGIN CERTIFICATE----- - ... - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - ... - -----END CERTIFICATE----- - asserts: - - failedTemplate: - errorMessage: certificate, privateKey and caCertificate must be specified together - - it: missing privateKey values - set: - route.enabled: true - route.tls.certificate: | - -----BEGIN CERTIFICATE----- - ... - -----END CERTIFICATE----- - route.tls.caCertificate: | - -----BEGIN CERTIFICATE----- - ... - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - ... - -----END CERTIFICATE----- - asserts: - - failedTemplate: - errorMessage: certificate, privateKey and caCertificate must be specified together - - it: missing caCertificate values - set: - route.enabled: true - route.tls.certificate: | - -----BEGIN CERTIFICATE----- - ... - -----END CERTIFICATE----- - route.tls.privateKey: | - -----BEGIN PRIVATE KEY----- - ... - -----END PRIVATE KEY----- - asserts: - - failedTemplate: - errorMessage: certificate, privateKey and caCertificate must be specified together diff --git a/unittests/deployment/security-context-normal.yaml b/unittests/deployment/security-context-normal.yaml deleted file mode 100644 index 2418371..0000000 --- a/unittests/deployment/security-context-normal.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# $schema: https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json -suite: deployment template (security context) -release: - name: gitea-unittests - namespace: testing -templates: - - templates/gitea/deployment.yaml - - templates/gitea/config.yaml -tests: - - it: FS group set to 1000 - template: templates/gitea/deployment.yaml - set: - image.rootless: false - asserts: - - equal: - path: spec.template.spec.securityContext.fsGroup - value: 1000 - - it: run configure-gitea with UID 1000 - template: templates/gitea/deployment.yaml - set: - image.rootless: false - asserts: - - equal: - path: spec.template.spec.initContainers[?(@.name == 'configure-gitea')].securityContext.runAsUser - value: 1000 diff --git a/unittests/deployment/security-context-ocp.yaml b/unittests/deployment/security-context-ocp.yaml deleted file mode 100644 index 5f7127a..0000000 --- a/unittests/deployment/security-context-ocp.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# $schema: https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json -suite: deployment template (security context) -release: - name: gitea-unittests - namespace: testing -templates: - - templates/gitea/deployment.yaml - - templates/gitea/config.yaml -tests: - - it: FS group not set - template: templates/gitea/deployment.yaml - set: - image.rootless: false - global.compatibility.openshift.adaptSecurityContext: force - asserts: - - notExists: - path: spec.template.spec.securityContext.fsGroup - - it: configure-gitea without runaAsUser - template: templates/gitea/deployment.yaml - set: - image.rootless: false - global.compatibility.openshift.adaptSecurityContext: force - asserts: - - notExists: - path: spec.template.spec.initContainers[?(@.name == 'configure-gitea')].securityContext.runAsUser diff --git a/unittests/deployment/svc-configuration.yaml b/unittests/deployment/svc-configuration.yaml index f39bb1b..0ddccad 100644 --- a/unittests/deployment/svc-configuration.yaml +++ b/unittests/deployment/svc-configuration.yaml @@ -58,71 +58,4 @@ tests: value: 22 - equal: path: spec.ports[0].targetPort - value: ssh - - - it: render service.ssh.loadBalancerClass if set and type is LoadBalancer - template: templates/gitea/ssh-svc.yaml - set: - service: - ssh: - loadBalancerClass: 'example.com/class' - type: LoadBalancer - loadBalancerIP: '1.2.3.4' - loadBalancerSourceRanges: - - '1.2.3.4/32' - - '5.6.7.8/32' - asserts: - - equal: - path: spec.loadBalancerClass - value: 'example.com/class' - - equal: - path: spec.loadBalancerIP - value: '1.2.3.4' - - equal: - path: spec.loadBalancerSourceRanges - value: ['1.2.3.4/32', '5.6.7.8/32'] - - - it: does not render when loadbalancer properties are set but type is not loadBalancerClass - template: templates/gitea/http-svc.yaml - set: - service: - http: - type: ClusterIP - loadBalancerClass: 'example.com/class' - loadBalancerIP: '1.2.3.4' - loadBalancerSourceRanges: - - '1.2.3.4/32' - - '5.6.7.8/32' - asserts: - - notExists: - path: spec.loadBalancerClass - - notExists: - path: spec.loadBalancerIP - - notExists: - path: spec.loadBalancerSourceRanges - - - it: does not render loadBalancerClass by default even when type is LoadBalancer - template: templates/gitea/http-svc.yaml - set: - service: - http: - type: LoadBalancer - loadBalancerIP: '1.2.3.4' - asserts: - - notExists: - path: spec.loadBalancerClass - - equal: - path: spec.loadBalancerIP - value: '1.2.3.4' - - - it: both ssh and http services exist - templates: - - templates/gitea/ssh-svc.yaml - - templates/gitea/http-svc.yaml - asserts: - - matchRegex: - path: metadata.name - pattern: '^gitea-unittests-forgejo-(?:ssh|http)$' - - matchRegex: - path: spec.ports[0].name - pattern: '^(?:ssh|http)$' + value: 2222 diff --git a/unittests/pvc/pvc-configuration.yaml b/unittests/pvc/pvc-configuration.yaml deleted file mode 100644 index c3afaaf..0000000 --- a/unittests/pvc/pvc-configuration.yaml +++ /dev/null @@ -1,19 +0,0 @@ -suite: PVC template -release: - name: gitea-unittests - namespace: testing -templates: - - templates/gitea/pvc.yaml -tests: - - it: Storage Class using TPL - set: - global.persistence.storageClass: 'storage-class' - persistence.enabled: true - persistence.create: true - persistence.storageClass: '{{ .Values.global.persistence.storageClass }}' - asserts: - - isKind: - of: PersistentVolumeClaim - - equal: - path: spec.storageClassName - value: 'storage-class' diff --git a/unittests/values-conflicting-checks.yaml b/unittests/values-conflicting-checks.yaml deleted file mode 100644 index a257690..0000000 --- a/unittests/values-conflicting-checks.yaml +++ /dev/null @@ -1,14 +0,0 @@ -suite: Values conflicting checks -release: - name: gitea-unittests - namespace: testing -tests: - - it: fails when trying to configure redis and redis-cluster the same time - set: - redis-cluster: - enabled: true - redis: - enabled: true - asserts: - - failedTemplate: - errorMessage: redis and redis-cluster cannot be enabled at the same time. Please only choose one. diff --git a/values.yaml b/values.yaml index 4af2e9f..058eb70 100644 --- a/values.yaml +++ b/values.yaml @@ -20,10 +20,6 @@ global: # hostnames: # - example.com -## @param namespaceOverride String to fully override common.names.namespace -## -namespaceOverride: '' - ## @param replicaCount number of replicas for the deployment replicaCount: 1 @@ -101,7 +97,7 @@ podDisruptionBudget: {} service: ## @param service.http.type Kubernetes service type for web traffic ## @param service.http.port Port number for web traffic - ## @param service.http.clusterIP ClusterIP setting for http autosetup for deployment + ## @param service.http.clusterIP ClusterIP setting for http autosetup for deployment is None ## @param service.http.loadBalancerIP LoadBalancer IP setting ## @param service.http.nodePort NodePort for http service ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation @@ -111,11 +107,10 @@ service: ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer ## @param service.http.annotations HTTP service annotations ## @param service.http.labels HTTP service additional labels - ## @param service.http.loadBalancerClass Loadbalancer class http: type: ClusterIP port: 3000 - clusterIP: + clusterIP: None loadBalancerIP: nodePort: externalTrafficPolicy: @@ -125,10 +120,9 @@ service: loadBalancerSourceRanges: [] annotations: {} labels: {} - loadBalancerClass: ## @param service.ssh.type Kubernetes service type for ssh traffic ## @param service.ssh.port Port number for ssh traffic - ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment + ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None ## @param service.ssh.loadBalancerIP LoadBalancer IP setting ## @param service.ssh.nodePort NodePort for ssh service ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation @@ -139,11 +133,10 @@ service: ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer ## @param service.ssh.annotations SSH service annotations ## @param service.ssh.labels SSH service additional labels - ## @param service.ssh.loadBalancerClass Loadbalancer class ssh: type: ClusterIP port: 22 - clusterIP: + clusterIP: None loadBalancerIP: nodePort: externalTrafficPolicy: @@ -154,7 +147,6 @@ service: loadBalancerSourceRanges: [] annotations: {} labels: {} - loadBalancerClass: ## @section Ingress ## @param ingress.enabled Enable ingress @@ -164,6 +156,7 @@ service: ## @param ingress.hosts[0].paths[0].path Default Ingress path ## @param ingress.hosts[0].paths[0].pathType Ingress path type ## @param ingress.tls Ingress tls settings +## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd. ingress: enabled: false # className: nginx @@ -181,48 +174,9 @@ ingress: # - secretName: chart-example-tls # hosts: # - git.example.com - -## @section Route -## @param route.enabled Enable route -## @param route.annotations Route annotations -## @param route.host Host to use for the route (will be assigned automatically by OKD / OpenShift is not defined) -## @param route.wildcardPolicy Wildcard policy if any for the route, currently only 'Subdomain' or 'None' is allowed. -## @param route.tls.termination termination type (see [OKD documentation](https://docs.okd.io/latest/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)) -## @param route.tls.insecureEdgeTerminationPolicy the desired behavior for insecure connections to a route (e.g. with http) -## @param route.tls.existingSecret the name of a predefined secret of type kubernetes.io/tls with both key (tls.crt and tls.key) set accordingly (if defined attributes 'certificate', 'caCertificate' and 'privateKey' are ignored) -## @param route.tls.certificate PEM encoded single certificate -## @param route.tls.privateKey PEM encoded private key -## @param route.tls.caCertificate PEM encoded CA certificate or chain that issued the certificate -## @param route.tls.destinationCACertificate PEM encoded CA certificate used to verify the authenticity of final end point when 'termination' is set to 'passthrough' (ignored otherwise) -route: - enabled: false - annotations: {} - host: - wildcardPolicy: - tls: - termination: edge - insecureEdgeTerminationPolicy: Redirect - existingSecret: - certificate: - # certificate: |- - # -----BEGIN CERTIFICATE----- - # ... - # -----END CERTIFICATE----- - privateKey: - # privateKey: |- - # -----BEGIN PRIVATE KEY----- - # ... - # -----END PRIVATE KEY----- - caCertificate: - # caCertificate: |- - # -----BEGIN CERTIFICATE----- - # ... - # -----END CERTIFICATE----- - destinationCACertificate: - # destinationCACertificate: |- - # -----BEGIN CERTIFICATE----- - # ... - # -----END CERTIFICATE----- + # Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar + # If helm doesn't correctly detect your ingress API version you can set it here. + # apiVersion: networking.k8s.io/v1 ## @section deployment # @@ -369,7 +323,7 @@ initContainers: # ## @param signing.enabled Enable commit/action signing ## @param signing.gpgHome GPG home directory -## @param signing.privateKey Inline private GPG key for signed internal Git activity +## @param signing.privateKey Inline private gpg key for signed internal Git activity ## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey` signing: enabled: false @@ -388,23 +342,19 @@ gitea: ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials ## @param gitea.admin.password Password for the Forgejo admin user ## @param gitea.admin.email Email for the Forgejo admin user - ## @param gitea.admin.passwordMode Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated admin: # existingSecret: gitea-admin-secret existingSecret: username: gitea_admin password: r8sA8CPHD9!bt6d email: 'gitea@local.domain' - passwordMode: keepUpdated ## @param gitea.metrics.enabled Enable Forgejo metrics ## @param gitea.metrics.serviceMonitor.enabled Enable Forgejo metrics service monitor - ## @param gitea.metrics.serviceMonitor.namespace Namespace in which Prometheus is running metrics: enabled: false serviceMonitor: enabled: false - namespace: '' # additionalLabels: # prometheus-release: prom1 @@ -460,10 +410,12 @@ gitea: ## @section `app.ini` overrides ## @descriptionStart + ## ## Every value described in the [Cheat ## Sheet](https://forgejo.org/docs/latest/admin/config-cheat-sheet/) can be ## set as a Helm value. Configuration sections map to (lowercased) YAML ## blocks, while the keys themselves remain in all caps. + ## ## @descriptionEnd config: # values in the DEFAULT section @@ -633,8 +585,7 @@ gitea: ## @section ReadinessProbe # ## @param gitea.readinessProbe.enabled Enable readiness probe - ## @param gitea.readinessProbe.httpGet.path Path to probe for readiness - ## @param gitea.readinessProbe.httpGet.port Port to probe for readiness + ## @param gitea.readinessProbe.tcpSocket.port Port to probe for readiness ## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated ## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe ## @param gitea.readinessProbe.periodSeconds Period for readiness probe @@ -643,8 +594,7 @@ gitea: # Modify the readiness probe for your needs or completely disable it by commenting out. readinessProbe: enabled: true - httpGet: - path: /api/healthz + tcpSocket: port: http initialDelaySeconds: 5 timeoutSeconds: 1 @@ -675,11 +625,10 @@ gitea: ## @section Redis® Cluster ## @descriptionStart ## Redis® Cluster is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) if enabled in the values. -## Full configuration options are available on their website. -## Redis cluster and [Redis](#redis) cannot be enabled at the same time. +## Complete Configuration can be taken from their website. ## @descriptionEnd # -## @param redis-cluster.enabled Enable redis cluster +## @param redis-cluster.enabled Enable redis ## @param redis-cluster.usePassword Whether to use password authentication ## @param redis-cluster.cluster.nodes Number of redis cluster master nodes ## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas @@ -690,30 +639,10 @@ redis-cluster: nodes: 3 # default: 6 replicas: 0 # default: 1 -## @section Redis® -## @descriptionStart -## Redis® is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis) if enabled in the values. -## Full configuration options are available on their website. -## Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. -## @descriptionEnd -# -## @param redis.enabled Enable redis standalone or replicated -## @param redis.architecture Whether to use standalone or replication -## @param redis.global.redis.password Required password -## @param redis.master.count Number of Redis master instances to deploy -redis: - enabled: false - architecture: standalone - global: - redis: - password: changeme - master: - count: 1 - ## @section PostgreSQL HA ## @descriptionStart ## PostgreSQL HA is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) if enabled in the values. -## Full configuration options are available on their website. +## Complete Configuration can be taken from their website. ## @descriptionEnd # ## @param postgresql-ha.enabled Enable PostgreSQL HA chart @@ -749,7 +678,7 @@ postgresql-ha: ## @section PostgreSQL ## @descriptionStart ## PostgreSQL is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) if enabled in the values. -## Full configuration options are available on their website. +## Complete Configuration can be taken from their website. ## @descriptionEnd # ## @param postgresql.enabled Enable PostgreSQL @@ -776,8 +705,8 @@ postgresql: # By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update. # Set it to false to skip this basic validation check. ## @section Advanced -## @param checkDeprecation Whether to run this basic validation check. -## @param test.enabled Whether to use test-connection Pod. +## @param checkDeprecation Set it to false to skip this basic validation check. +## @param test.enabled Set it to false to disable test-connection Pod. ## @param test.image.name Image name for the wget container used in the test-connection Pod. ## @param test.image.tag Image tag for the wget container used in the test-connection Pod. checkDeprecation: true @@ -787,6 +716,6 @@ test: name: busybox tag: latest -## @param extraDeploy Array of extra objects to deploy with the release. +## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: []