From 3b5bdc30f526ff4f5c9420a9c43b87651d79e965 Mon Sep 17 00:00:00 2001 From: Stephen Sullivan Date: Sun, 21 Sep 2025 15:24:49 +0000 Subject: [PATCH] feat(chart): Added helper functions to generate the container image values (#61) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ### Description of the change The change modifies how container images are managed in the Gitea Helm chart for Gitea Actions. Instead of using a simple string concatenation for image names, the patch introduces a more flexible templating approach. It adds three new templates in `_helpers.tpl`: * `gitea.actions.actRunner.image`: Constructs the full image name for the Gitea Actions Act Runner. * `gitea.actions.dind.image`: Creates the image name for the DinD (Docker-in-Docker) container. * `gitea.actions.init.image`: Generates the image name for the Init container. These templates build the image name dynamically using values from `values.yaml` and the chart's metadata. The logic prioritizes a full image override, a specified registry, or a default repository and tag. The patch also updates `statefulset.yaml` to use these new templates for the `init-gitea`, `act-runner`, and `dind` containers. Additionally, `values.yaml` is updated to include new, optional parameters for each image, such as `registry`, `digest`, and `fullOverride`, providing more granular control over the image source. ### Tests and Examples To test this change, you can use `helm template` with different configurations in a `values.yaml` file to observe the resulting Kubernetes manifest. #### Example 1: Default configuration With no changes to the new fields in `values.yaml`, the image names should resolve to the defaults: * **Act Runner**: `docker.gitea.com/gitea/act_runner:0.2.13` * **DinD**: `docker:28.3.3-dind` * **Init**: `busybox:1.37.0` #### Example 2: Using a `fullOverride` If you set `fullOverride` for the `actRunner` like this via CLI ```shell helm template test . \ --set giteaRootURL=https://localhost/gitea \ --set existingSecret=test --set existingSecretKey=test \ --set enabled=true \ --set statefulset.actRunner.fullOverride="my.private.registry/custom-gitea-runner:latest" ``` The `statefulset.yaml` for the `act-runner` container will have its image field set to `my.private.registry/custom-gitea-runner:latest`. ``` - name: act-runner image: "my.private.registry/custom-gitea-runner:latest" ``` #### Example 3: Using a custom `registry` and `digest` ```shell helm template test . \ --set giteaRootURL=https://localhost/gitea \ --set existingSecret=test --set existingSecretKey=test \ --set enabled=true \ --set statefulset.dind.registry="quay.io" \ --set statefulset.dind.digest="sha256:abcdef123456" ``` The `statefulset.yaml` for the `dind` container will have its image field set to `quay.io/docker:28.3.3-dind@sha256:abcdef123456`. ``` - name: dind image: "quay.io/docker:28.3.3-dind@sha256:abcdef123456" ``` #### Example 4: Using the `global.imageRegistry` If you set global.imageRegistry ```shell helm template test . \ --set giteaRootURL=https://localhost/gitea \ --set existingSecret=test --set existingSecretKey=test \ --set enabled=true \ --set global.imageRegistry=quay.io ``` The `statefulset.yaml` for each container will have the following values * **Act Runner**: `quay.io/gitea/act_runner:0.2.13` * **DinD**: `quay.io/docker:28.3.3-dind` * **Init**: `quay.io/busybox:1.37.0` ### Benefits There are no known limitations with this change. The new templating approach makes the chart more adaptable and configurable, offering more control than the previous method. ### Possible drawbacks Increased configuration complexity ### Applicable issues - Fixes #58 ### Additional information ### ⚠ BREAKING ### Checklist - [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [X] Helm templating unittests are added (required when changing anything in `templates` folder) - [X] All added template resources MUST render a namespace in metadata Co-authored-by: Christopher Homberger Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/61 Reviewed-by: Ross Golder Reviewed-by: DaanSelen Reviewed-by: Markus Pesch Reviewed-by: ChristopherHX Co-authored-by: Stephen Sullivan Co-committed-by: Stephen Sullivan --- README.md | 17 +++++ templates/_helpers.tpl | 43 +++++++++++ templates/statefulset.yaml | 6 +- unittests/helm/statefulset.yaml | 123 ++++++++++++++++++++++++++++++++ values.yaml | 24 +++++++ 5 files changed, 210 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index cfce7d3..ccdfb3e 100644 --- a/README.md +++ b/README.md @@ -57,13 +57,19 @@ You should be good to go! | `statefulset.tolerations` | Tolerations for the statefulset | `[]` | | `statefulset.affinity` | Affinity for the statefulset | `{}` | | `statefulset.extraVolumes` | Extra volumes for the statefulset | `[]` | +| `statefulset.actRunner.registry` | image registry, e.g. gcr.io,docker.io | `docker.gitea.com` | | `statefulset.actRunner.repository` | The Gitea act runner image | `gitea/act_runner` | | `statefulset.actRunner.tag` | The Gitea act runner tag | `0.2.13` | +| `statefulset.actRunner.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | | `statefulset.actRunner.pullPolicy` | The Gitea act runner pullPolicy | `IfNotPresent` | +| `statefulset.actRunner.fullOverride` | Completely overrides the image registry, path/image, tag and digest. | `""` | | `statefulset.actRunner.extraVolumeMounts` | Allows mounting extra volumes in the act runner container | `[]` | | `statefulset.actRunner.config` | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` | +| `statefulset.dind.registry` | image registry, e.g. gcr.io,docker.io | `""` | | `statefulset.dind.repository` | The Docker-in-Docker image | `docker` | | `statefulset.dind.tag` | The Docker-in-Docker image tag | `28.3.3-dind` | +| `statefulset.dind.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | +| `statefulset.dind.fullOverride` | Completely overrides the image registry, path/image, tag and digest. | `""` | | `statefulset.dind.pullPolicy` | The Docker-in-Docker pullPolicy | `IfNotPresent` | | `statefulset.dind.extraVolumeMounts` | Allows mounting extra volumes in the Docker-in-Docker container | `[]` | | `statefulset.dind.extraEnvs` | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY` | `[]` | @@ -72,6 +78,17 @@ You should be good to go! | `existingSecretKey` | Secret key | `""` | | `giteaRootURL` | URL the act_runner registers and connect with | `""` | +### Gitea Actions Init + +| Name | Description | Value | +| ------------------------- | ---------------------------------------------------------------------------------------------------------- | -------------- | +| `init.image.registry` | image registry, e.g. gcr.io,docker.io | `""` | +| `init.image.repository` | The init image | `busybox` | +| `init.image.tag` | the init image tag | `1.37.0` | +| `init.image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | +| `init.image.pullPolicy` | The init image pullPolicy | `IfNotPresent` | +| `init.image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. | `""` | + ### Global | Name | Description | Value | diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 599ee36..3d4216e 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -86,3 +86,46 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- define "gitea.actions.local_root_url" -}} {{- .Values.giteaRootURL -}} {{- end -}} + +{{/* +Common create image implementation +*/}} +{{- define "gitea.actions.common.image" -}} +{{- $fullOverride := .image.fullOverride | default "" -}} +{{- $registry := .root.Values.global.imageRegistry | default .image.registry -}} +{{- $repository := .image.repository -}} +{{- $separator := ":" -}} +{{- $tag := .image.tag | default .root.Chart.AppVersion | toString -}} +{{- $digest := "" -}} +{{- if .image.digest }} + {{- $digest = (printf "@%s" (.image.digest | toString)) -}} +{{- end -}} +{{- if $fullOverride }} + {{- printf "%s" $fullOverride -}} +{{- else if $registry }} + {{- printf "%s/%s%s%s%s" $registry $repository $separator $tag $digest -}} +{{- else -}} + {{- printf "%s%s%s%s" $repository $separator $tag $digest -}} +{{- end -}} +{{- end -}} + +{{/* +Create image for the Gitea Actions Act Runner +*/}} +{{- define "gitea.actions.actRunner.image" -}} +{{ include "gitea.actions.common.image" (dict "root" . "image" .Values.statefulset.actRunner) }} +{{- end -}} + +{{/* +Create image for DinD +*/}} +{{- define "gitea.actions.dind.image" -}} +{{ include "gitea.actions.common.image" (dict "root" . "image" .Values.statefulset.dind) }} +{{- end -}} + +{{/* +Create image for Init +*/}} +{{- define "gitea.actions.init.image" -}} +{{ include "gitea.actions.common.image" (dict "root" . "image" .Values.init.image) }} +{{- end -}} \ No newline at end of file diff --git a/templates/statefulset.yaml b/templates/statefulset.yaml index f621abd..d8af2be 100644 --- a/templates/statefulset.yaml +++ b/templates/statefulset.yaml @@ -32,7 +32,7 @@ spec: spec: initContainers: - name: init-gitea - image: "{{ .Values.init.image.repository }}:{{ .Values.init.image.tag }}" + image: "{{ include "gitea.actions.init.image" . }}" command: - sh - -c @@ -45,7 +45,7 @@ spec: echo "Gitea has been reached!" containers: - name: act-runner - image: "{{ .Values.statefulset.actRunner.repository }}:{{ .Values.statefulset.actRunner.tag }}" + image: "{{ include "gitea.actions.actRunner.image" . }}" imagePullPolicy: {{ .Values.statefulset.actRunner.pullPolicy }} workingDir: /data env: @@ -80,7 +80,7 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} - name: dind - image: "{{ .Values.statefulset.dind.repository }}:{{ .Values.statefulset.dind.tag }}" + image: "{{ include "gitea.actions.dind.image" . }}" imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }} env: - name: DOCKER_HOST diff --git a/unittests/helm/statefulset.yaml b/unittests/helm/statefulset.yaml index 70c38a9..93d6208 100644 --- a/unittests/helm/statefulset.yaml +++ b/unittests/helm/statefulset.yaml @@ -6,6 +6,129 @@ templates: - templates/statefulset.yaml - templates/config-act-runner.yaml tests: + - it: act-runner uses fullOverride + template: templates/statefulset.yaml + set: + enabled: true + existingSecret: "my-secret" + existingSecretKey: "my-secret-key" + statefulset.actRunner.fullOverride: test.io/act_runner:x.y.z + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: gitea-unittests-actions-act-runner + - equal: + path: spec.template.spec.containers[0].image + value: test.io/act_runner:x.y.z + - it: act-runner uses digest + template: templates/statefulset.yaml + set: + enabled: true + existingSecret: "my-secret" + existingSecretKey: "my-secret-key" + statefulset.actRunner.tag: 0.2.13 + statefulset.actRunner.digest: sha256:abcdef123456 + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: gitea-unittests-actions-act-runner + - equal: + path: spec.template.spec.containers[0].image + value: docker.gitea.com/gitea/act_runner:0.2.13@sha256:abcdef123456 + - it: act-runner uses global.imageRegistry + template: templates/statefulset.yaml + set: + enabled: true + existingSecret: "my-secret" + existingSecretKey: "my-secret-key" + global.imageRegistry: test.io + statefulset.actRunner.tag: 0.2.13 + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: gitea-unittests-actions-act-runner + - equal: + path: spec.template.spec.containers[0].image + value: test.io/gitea/act_runner:0.2.13 + - it: dind uses fullOverride + template: templates/statefulset.yaml + set: + enabled: true + existingSecret: "my-secret" + existingSecretKey: "my-secret-key" + statefulset.dind.fullOverride: test.io/dind:x.y.z + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: gitea-unittests-actions-act-runner + - equal: + path: spec.template.spec.containers[1].image + value: test.io/dind:x.y.z + - it: dind uses global.imageRegistry + template: templates/statefulset.yaml + set: + enabled: true + existingSecret: "my-secret" + existingSecretKey: "my-secret-key" + global.imageRegistry: test.io + statefulset.dind.tag: 28.3.3-dind + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: gitea-unittests-actions-act-runner + - equal: + path: spec.template.spec.containers[1].image + value: test.io/docker:28.3.3-dind + - it: init uses fullOverride + template: templates/statefulset.yaml + set: + enabled: true + existingSecret: "my-secret" + existingSecretKey: "my-secret-key" + init.image.fullOverride: test.io/busybox:x.y.z + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: gitea-unittests-actions-act-runner + - equal: + path: spec.template.spec.initContainers[0].image + value: test.io/busybox:x.y.z + - it: init uses global.imageRegistry + template: templates/statefulset.yaml + set: + enabled: true + existingSecret: "my-secret" + existingSecretKey: "my-secret-key" + global.imageRegistry: test.io + init.image.tag: 1.37.0 + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: gitea-unittests-actions-act-runner + - equal: + path: spec.template.spec.initContainers[0].image + value: test.io/busybox:1.37.0 - it: doesn't renders a StatefulSet by default template: templates/statefulset.yaml asserts: diff --git a/values.yaml b/values.yaml index 6eece4a..21a9813 100644 --- a/values.yaml +++ b/values.yaml @@ -13,13 +13,19 @@ ## @param statefulset.tolerations Tolerations for the statefulset ## @param statefulset.affinity Affinity for the statefulset ## @param statefulset.extraVolumes Extra volumes for the statefulset +## @param statefulset.actRunner.registry image registry, e.g. gcr.io,docker.io ## @param statefulset.actRunner.repository The Gitea act runner image ## @param statefulset.actRunner.tag The Gitea act runner tag +## @param statefulset.actRunner.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` ## @param statefulset.actRunner.pullPolicy The Gitea act runner pullPolicy +## @param statefulset.actRunner.fullOverride Completely overrides the image registry, path/image, tag and digest. ## @param statefulset.actRunner.extraVolumeMounts Allows mounting extra volumes in the act runner container ## @param statefulset.actRunner.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. +## @param statefulset.dind.registry image registry, e.g. gcr.io,docker.io ## @param statefulset.dind.repository The Docker-in-Docker image ## @param statefulset.dind.tag The Docker-in-Docker image tag +## @param statefulset.dind.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` +## @param statefulset.dind.fullOverride Completely overrides the image registry, path/image, tag and digest. ## @param statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy ## @param statefulset.dind.extraVolumeMounts Allows mounting extra volumes in the Docker-in-Docker container ## @param statefulset.dind.extraEnvs Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY` @@ -40,9 +46,12 @@ statefulset: extraVolumes: [] actRunner: + registry: "docker.gitea.com" repository: gitea/act_runner tag: 0.2.13 + digest: "" pullPolicy: IfNotPresent + fullOverride: "" extraVolumeMounts: [] # See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml @@ -56,9 +65,12 @@ statefulset: docker_timeout: 300s dind: + registry: "" repository: docker tag: 28.3.3-dind + digest: "" pullPolicy: IfNotPresent + fullOverride: "" extraVolumeMounts: [] # If the container keeps crashing in your environment, you might have to add the `DOCKER_IPTABLES_LEGACY` environment variable. @@ -71,11 +83,23 @@ statefulset: persistence: size: 1Gi +## @section Gitea Actions Init +# +## @param init.image.registry image registry, e.g. gcr.io,docker.io +## @param init.image.repository The init image +## @param init.image.tag the init image tag +## @param init.image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` +## @param init.image.pullPolicy The init image pullPolicy +## @param init.image.fullOverride Completely overrides the image registry, path/image, tag and digest. init: image: + registry: "" repository: busybox # Overrides the image tag whose default is the chart appVersion. tag: "1.37.0" + digest: "" + pullPolicy: IfNotPresent + fullOverride: "" ## Specify an existing token secret ##