From f5bb3e2403951c7e369e1fe373490e14274d1df2 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Fri, 6 Jun 2025 14:05:44 -0500 Subject: [PATCH] add gitea actions --- charts/gitea-actions/Chart.yaml | 15 ++ charts/gitea-actions/LICENSE | 18 +++ charts/gitea-actions/README.md | 71 +++++++++ charts/gitea-actions/templates/_helpers.tpl | 125 +++++++++++++++ .../gitea-actions/templates/config-map.yaml | 15 ++ .../gitea-actions/templates/stateful-set.yaml | 127 +++++++++++++++ charts/gitea-actions/values.yaml | 147 ++++++++++++++++++ 7 files changed, 518 insertions(+) create mode 100644 charts/gitea-actions/Chart.yaml create mode 100644 charts/gitea-actions/LICENSE create mode 100644 charts/gitea-actions/README.md create mode 100644 charts/gitea-actions/templates/_helpers.tpl create mode 100644 charts/gitea-actions/templates/config-map.yaml create mode 100644 charts/gitea-actions/templates/stateful-set.yaml create mode 100644 charts/gitea-actions/values.yaml diff --git a/charts/gitea-actions/Chart.yaml b/charts/gitea-actions/Chart.yaml new file mode 100644 index 0000000..e20111e --- /dev/null +++ b/charts/gitea-actions/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v2 +name: gitea-actions +version: 0.0.0 +description: Gitea Actions +keywords: + - cicd + - runner + - actions +sources: + - https://gitea.com/gitea/helm-actions + - https://gitea.com/gitea/act +maintainers: + - name: alexlebens +icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4 +appVersion: 0.261.3 diff --git a/charts/gitea-actions/LICENSE b/charts/gitea-actions/LICENSE new file mode 100644 index 0000000..73d3e90 --- /dev/null +++ b/charts/gitea-actions/LICENSE @@ -0,0 +1,18 @@ +MIT License + +Copyright (c) 2025 gitea + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and +associated documentation files (the "Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the +following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial +portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT +LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO +EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE +USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/charts/gitea-actions/README.md b/charts/gitea-actions/README.md new file mode 100644 index 0000000..0ec8246 --- /dev/null +++ b/charts/gitea-actions/README.md @@ -0,0 +1,71 @@ +# gitea-actions + +![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![AppVersion: 0.261.3](https://img.shields.io/badge/AppVersion-0.261.3-informational?style=flat-square) + +Gitea Actions + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| alexlebens | | | + +## Source Code + +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| enabled | bool | `false` | | +| existingSecret | string | `""` | | +| existingSecretKey | string | `""` | | +| giteaRootURL | string | `""` | | +| global.fullnameOverride | string | `""` | | +| global.imageRegistry | string | `""` | | +| global.nameOverride | string | `""` | | +| global.storageClass | string | `""` | | +| image.digest | string | `""` | | +| image.fullOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.registry | string | `"docker.gitea.com"` | | +| image.repository | string | `"gitea"` | | +| image.rootless | bool | `true` | | +| image.tag | string | `""` | | +| init.image.repository | string | `"busybox"` | | +| init.image.tag | string | `"1.37.0"` | | +| persistence.accessModes[0] | string | `"ReadWriteOnce"` | | +| persistence.annotations."helm.sh/resource-policy" | string | `"keep"` | | +| persistence.claimName | string | `"gitea-shared-storage"` | | +| persistence.create | bool | `true` | | +| persistence.enabled | bool | `true` | | +| persistence.labels | object | `{}` | | +| persistence.mount | bool | `true` | | +| persistence.size | string | `"10Gi"` | | +| persistence.storageClass | string | `nil` | | +| persistence.subPath | string | `nil` | | +| persistence.volumeName | string | `""` | | +| statefulset.actRunner.config | string | `"log:\n level: debug\ncache:\n enabled: false\n"` | | +| statefulset.actRunner.extraVolumeMounts | list | `[]` | | +| statefulset.actRunner.pullPolicy | string | `"IfNotPresent"` | | +| statefulset.actRunner.repository | string | `"gitea/act_runner"` | | +| statefulset.actRunner.tag | string | `"0.2.11"` | | +| statefulset.affinity | object | `{}` | | +| statefulset.annotations | object | `{}` | | +| statefulset.dind.extraEnvs | list | `[]` | | +| statefulset.dind.extraVolumeMounts | list | `[]` | | +| statefulset.dind.pullPolicy | string | `"IfNotPresent"` | | +| statefulset.dind.repository | string | `"docker"` | | +| statefulset.dind.tag | string | `"25.0.2-dind"` | | +| statefulset.extraVolumes | list | `[]` | | +| statefulset.labels | object | `{}` | | +| statefulset.nodeSelector | object | `{}` | | +| statefulset.persistence.size | string | `"1Gi"` | | +| statefulset.replicas | int | `1` | | +| statefulset.resources | object | `{}` | | +| statefulset.tolerations | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/charts/gitea-actions/templates/_helpers.tpl b/charts/gitea-actions/templates/_helpers.tpl new file mode 100644 index 0000000..eb11460 --- /dev/null +++ b/charts/gitea-actions/templates/_helpers.tpl @@ -0,0 +1,125 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} + +{{- define "gitea.actions.name" -}} +{{- default .Chart.Name .Values.global.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gitea.actions.fullname" -}} +{{- if .Values.global.fullnameOverride -}} +{{- .Values.global.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.global.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gitea.actions.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create image name and tag used by the deployment. +*/}} +{{- define "gitea.actions.image" -}} +{{- $fullOverride := .Values.image.fullOverride | default "" -}} +{{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}} +{{- $repository := .Values.image.repository -}} +{{- $separator := ":" -}} +{{- $tag := .Values.image.tag | default .Chart.AppVersion | toString -}} +{{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}} +{{- $digest := "" -}} +{{- if .Values.image.digest }} + {{- $digest = (printf "@%s" (.Values.image.digest | toString)) -}} +{{- end -}} +{{- if $fullOverride }} + {{- printf "%s" $fullOverride -}} +{{- else if $registry }} + {{- printf "%s/%s%s%s%s%s" $registry $repository $separator $tag $rootless $digest -}} +{{- else -}} + {{- printf "%s%s%s%s%s" $repository $separator $tag $rootless $digest -}} +{{- end -}} +{{- end -}} + +{{/* +Storage Class +*/}} +{{- define "gitea.actions.persistence.storageClass" -}} +{{- $storageClass := (tpl ( default "" .Values.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }} +{{- if $storageClass }} +storageClassName: {{ $storageClass | quote }} +{{- end }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "gitea.actions.labels" -}} +helm.sh/chart: {{ include "gitea.actions.chart" . }} +app: {{ include "gitea.actions.name" . }} +{{ include "gitea.actions.selectorLabels" . }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "gitea.actions.labels.actRunner" -}} +helm.sh/chart: {{ include "gitea.actions.chart" . }} +app: {{ include "gitea.actions.name" . }}-act-runner +{{ include "gitea.actions.selectorLabels.actRunner" . }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "gitea.actions.selectorLabels" -}} +app.kubernetes.io/name: {{ include "gitea.actions.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{- define "gitea.actions.selectorLabels.actRunner" -}} +app.kubernetes.io/name: {{ include "gitea.actions.name" . }}-act-runner +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{- define "gitea.actions.local_root_url" -}} + {{- .Values.giteaRootURL -}} +{{- end -}} + +{{/* +Parse the http url to hostname + port separated by space for the nc command +*/}} +{{- define "gitea.actions.nc" -}} +{{- $url := include "gitea.actions.local_root_url" . | urlParse -}} +{{- $host := get $url "host" -}} +{{- $scheme := get $url "scheme" -}} +{{- $port := "80" -}} +{{- if contains ":" $host -}} + {{- $hostAndPort := regexSplit ":" $host 2 -}} + {{- $host = index $hostAndPort 0 -}} + {{- $port = index $hostAndPort 1 -}} +{{- else if eq $scheme "https" -}} + {{- $port = "443" -}} +{{- else if eq $scheme "http" -}} + {{- $port = "80" -}} +{{- end -}} +{{- printf "%s %s" $host $port -}} +{{- end -}} diff --git a/charts/gitea-actions/templates/config-map.yaml b/charts/gitea-actions/templates/config-map.yaml new file mode 100644 index 0000000..e82664a --- /dev/null +++ b/charts/gitea-actions/templates/config-map.yaml @@ -0,0 +1,15 @@ +{{- if .Values.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "gitea.actions.fullname" . }}-act-runner-config + namespace: {{ .Values.namespace | default .Release.Namespace }} + labels: + {{- include "gitea.actions.labels" . | nindent 4 }} +data: + config.yaml: | + {{- with .Values.statefulset.actRunner.config -}} + {{ . | nindent 4}} + {{- end -}} +{{- end }} diff --git a/charts/gitea-actions/templates/stateful-set.yaml b/charts/gitea-actions/templates/stateful-set.yaml new file mode 100644 index 0000000..571fe8e --- /dev/null +++ b/charts/gitea-actions/templates/stateful-set.yaml @@ -0,0 +1,127 @@ +{{- if .Values.enabled }} +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + {{- include "gitea.actions.labels.actRunner" . | nindent 4 }} + {{- with .Values.statefulset.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + {{- with .Values.statefulset.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "gitea.actions.fullname" . }}-act-runner + namespace: {{ .Values.namespace | default .Release.Namespace }} +spec: + replicas: {{ .Values.statefulset.replicas }} + selector: + matchLabels: + {{- include "gitea.actions.selectorLabels.actRunner" . | nindent 6 }} + template: + metadata: + labels: + {{- include "gitea.actions.labels.actRunner" . | nindent 8 }} + {{- with .Values.statefulset.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + initContainers: + - name: init-gitea + image: "{{ .Values.init.image.repository }}:{{ .Values.init.image.tag }}" + command: + - sh + - -c + - | + while ! nc -z {{ include "gitea.actions.nc" . }}; do + sleep 5 + done + containers: + - name: act-runner + image: "{{ .Values.statefulset.actRunner.repository }}:{{ .Values.statefulset.actRunner.tag }}" + imagePullPolicy: {{ .Values.statefulset.actRunner.pullPolicy }} + workingDir: /data + env: + - name: DOCKER_HOST + value: tcp://127.0.0.1:2376 + - name: DOCKER_TLS_VERIFY + value: "1" + - name: DOCKER_CERT_PATH + value: /certs/server + - name: GITEA_RUNNER_REGISTRATION_TOKEN + valueFrom: + secretKeyRef: + name: "{{ .Values.existingSecret | default "gitea-actions-token" }}" + key: "{{ .Values.existingSecretKey | default "token" }}" + - name: GITEA_INSTANCE_URL + value: {{ include "gitea.actions.local_root_url" . }} + - name: CONFIG_FILE + value: /actrunner/config.yaml + resources: + {{- toYaml .Values.statefulset.resources | nindent 12 }} + volumeMounts: + - mountPath: /actrunner/config.yaml + name: act-runner-config + subPath: config.yaml + - mountPath: /certs/server + name: docker-certs + - mountPath: /data + name: data-act-runner + {{- with .Values.statefulset.actRunner.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + - name: dind + image: "{{ .Values.statefulset.dind.repository }}:{{ .Values.statefulset.dind.tag }}" + imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }} + env: + - name: DOCKER_HOST + value: tcp://127.0.0.1:2376 + - name: DOCKER_TLS_VERIFY + value: "1" + - name: DOCKER_CERT_PATH + value: /certs/server + {{- if .Values.statefulset.dind.extraEnvs }} + {{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }} + {{- end }} + securityContext: + privileged: true + resources: + {{- toYaml .Values.statefulset.resources | nindent 12 }} + volumeMounts: + - mountPath: /certs/server + name: docker-certs + {{- with .Values.statefulset.dind.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- range $key, $value := .Values.statefulset.nodeSelector }} + nodeSelector: + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- with .Values.statefulset.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.statefulset.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: act-runner-config + configMap: + name: {{ include "gitea.actions.fullname" . }}-act-runner-config + - name: docker-certs + emptyDir: {} + {{- with .Values.statefulset.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: data-act-runner + spec: + accessModes: [ "ReadWriteOnce" ] + {{- include "gitea.actions.persistence.storageClass" . | nindent 8 }} + resources: + requests: + storage: {{ .Values.statefulset.persistence.size }} +{{- end }} diff --git a/charts/gitea-actions/values.yaml b/charts/gitea-actions/values.yaml new file mode 100644 index 0000000..80a1bf2 --- /dev/null +++ b/charts/gitea-actions/values.yaml @@ -0,0 +1,147 @@ +# Configure Gitea Actions +# - must enable persistence if the job is enabled +## @section Gitea Actions +# +## @param enabled Create an act runner StatefulSet. +## @param init.image.repository The image used for the init containers +## @param init.image.tag The image tag used for the init containers +## @param statefulset.annotations Act runner annotations +## @param statefulset.labels Act runner labels +## @param statefulset.resources Act runner resources +## @param statefulset.nodeSelector NodeSelector for the statefulset +## @param statefulset.tolerations Tolerations for the statefulset +## @param statefulset.affinity Affinity for the statefulset +## @param statefulset.extraVolumes Extra volumes for the statefulset +## @param statefulset.actRunner.repository The Gitea act runner image +## @param statefulset.actRunner.tag The Gitea act runner tag +## @param statefulset.actRunner.pullPolicy The Gitea act runner pullPolicy +## @param statefulset.actRunner.extraVolumeMounts Allows mounting extra volumes in the act runner container +## @param statefulset.actRunner.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. +## @param statefulset.dind.repository The Docker-in-Docker image +## @param statefulset.dind.tag The Docker-in-Docker image tag +## @param statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy +## @param statefulset.dind.extraVolumeMounts Allows mounting extra volumes in the Docker-in-Docker container +## @param statefulset.dind.extraEnvs Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY` +## @param statefulset.persistence.size Size for persistence to store act runner data +## @param provisioning.enabled Create a job that will create and save the token in a Kubernetes Secret +## @param provisioning.annotations Job's annotations +## @param provisioning.labels Job's labels +## @param provisioning.resources Job's resources +## @param provisioning.nodeSelector NodeSelector for the job +## @param provisioning.tolerations Tolerations for the job +## @param provisioning.affinity Affinity for the job +## @param provisioning.ttlSecondsAfterFinished ttl for the job after finished in order to allow helm to properly recognize that the job completed +## @param provisioning.publish.repository The image that can create the secret via kubectl +## @param provisioning.publish.tag The publish image tag that can create the secret +## @param provisioning.publish.pullPolicy The publish image pullPolicy that can create the secret +## @param existingSecret Secret that contains the token +## @param existingSecretKey Secret key +## @param giteaRootURL URL the act_runner registers and connect with +enabled: false +statefulset: + replicas: 1 + annotations: {} + labels: {} + resources: {} + nodeSelector: {} + tolerations: [] + affinity: {} + extraVolumes: [] + + actRunner: + repository: gitea/act_runner + tag: 0.2.11 + pullPolicy: IfNotPresent + extraVolumeMounts: [] + + # See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml + config: | + log: + level: debug + cache: + enabled: false + + dind: + repository: docker + tag: 25.0.2-dind + pullPolicy: IfNotPresent + extraVolumeMounts: [] + + # If the container keeps crashing in your environment, you might have to add the `DOCKER_IPTABLES_LEGACY` environment variable. + # See https://github.com/docker-library/docker/issues/463#issuecomment-1881909456 + extraEnvs: + [] + # - name: "DOCKER_IPTABLES_LEGACY" + # value: "1" + + persistence: + size: 1Gi + +init: + image: + repository: busybox + tag: "1.37.0" + +## Specify an existing token secret +## +existingSecret: "" +existingSecretKey: "" + +## Specify the root URL of the Gitea instance +giteaRootURL: "" + +## @section Persistence +# +## @param persistence.enabled Enable persistent storage +## @param persistence.create Whether to create the persistentVolumeClaim for shared storage +## @param persistence.mount Whether the persistentVolumeClaim should be mounted (even if not created) +## @param persistence.claimName Use an existing claim to store repository information +## @param persistence.size Size for persistence to store repo information +## @param persistence.accessModes AccessMode for persistence +## @param persistence.labels Labels for the persistence volume claim to be created +## @param persistence.annotations.helm.sh/resource-policy Resource policy for the persistence volume claim +## @param persistence.storageClass Name of the storage class to use +## @param persistence.subPath Subdirectory of the volume to mount at +## @param persistence.volumeName Name of persistent volume in PVC +persistence: + enabled: true + create: true + mount: true + claimName: gitea-shared-storage + size: 10Gi + accessModes: + - ReadWriteOnce + labels: {} + storageClass: + subPath: + volumeName: "" + annotations: + helm.sh/resource-policy: keep + +## @section Image +## @param image.registry image registry, e.g. gcr.io,docker.io +## @param image.repository Image to start for this pod +## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. +## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` +## @param image.pullPolicy Image pull policy +## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher +## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** +image: + registry: "docker.gitea.com" + repository: gitea + # Overrides the image tag whose default is the chart appVersion. + tag: "" + digest: "" + pullPolicy: IfNotPresent + rootless: true + fullOverride: "" + +## @section Global +# +## @param global.imageRegistry global image registry override +## @param global.storageClass global storage class override +global: + imageRegistry: "" + storageClass: "" + nameOverride: "" + fullnameOverride: ""