forked from Gitea/helm-actions
Compare commits
7 Commits
check-rele
...
feat-inlin
| Author | SHA1 | Date | |
|---|---|---|---|
|
6c0c43712c | ||
|
|
0630164f91 | ||
|
|
072b97470e | ||
|
|
53393816ed | ||
|
|
8a89d8bf21 | ||
|
|
bb50a19f4d | ||
|
|
b2459f322b |
@@ -1,68 +1,70 @@
|
||||
name: check-secrets
|
||||
name: generate-chart
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- "*"
|
||||
|
||||
env:
|
||||
# renovate: datasource=docker depName=alpine/helm
|
||||
HELM_VERSION: "3.17.1"
|
||||
|
||||
jobs:
|
||||
check-secrets:
|
||||
generate-chart-publish:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Check all required secrets
|
||||
- name: install tools
|
||||
run: |
|
||||
echo "=== Checking availability of required secrets ==="
|
||||
|
||||
# List of all secrets used in the original workflow
|
||||
SECRETS=(
|
||||
"GPGSIGN_KEY"
|
||||
"GPGSIGN_PASSPHRASE"
|
||||
"DOCKER_CHARTS_PASSWORD"
|
||||
"DOCKER_CHARTS_USERNAME"
|
||||
"AWS_KEY_ID"
|
||||
"AWS_SECRET_ACCESS_KEY"
|
||||
"AWS_REGION"
|
||||
"AWS_S3_BUCKET"
|
||||
)
|
||||
|
||||
MISSING_SECRETS=()
|
||||
AVAILABLE_SECRETS=()
|
||||
|
||||
for secret in "${SECRETS[@]}"; do
|
||||
# Check if secret is set (not empty)
|
||||
if [ -z "${!secret:-}" ]; then
|
||||
echo "❌ Secret '$secret' is NOT available or empty"
|
||||
MISSING_SECRETS+=("$secret")
|
||||
else
|
||||
echo "✅ Secret '$secret' is available"
|
||||
AVAILABLE_SECRETS+=("$secret")
|
||||
fi
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo "=== Summary ==="
|
||||
echo "Available secrets: ${#AVAILABLE_SECRETS[@]}"
|
||||
echo "Missing secrets: ${#MISSING_SECRETS[@]}"
|
||||
|
||||
if [ ${#MISSING_SECRETS[@]} -gt 0 ]; then
|
||||
echo ""
|
||||
echo "Missing secrets:"
|
||||
for secret in "${MISSING_SECRETS[@]}"; do
|
||||
echo " - $secret"
|
||||
done
|
||||
echo ""
|
||||
echo "❌ Some secrets are missing. Please configure them in repository settings."
|
||||
exit 1
|
||||
else
|
||||
echo ""
|
||||
echo "✅ All required secrets are available!"
|
||||
fi
|
||||
env:
|
||||
GPGSIGN_KEY: ${{ secrets.GPGSIGN_KEY }}
|
||||
GPGSIGN_PASSPHRASE: ${{ secrets.GPGSIGN_PASSPHRASE }}
|
||||
DOCKER_CHARTS_PASSWORD: ${{ secrets.DOCKER_CHARTS_PASSWORD }}
|
||||
DOCKER_CHARTS_USERNAME: ${{ secrets.DOCKER_CHARTS_USERNAME }}
|
||||
AWS_KEY_ID: ${{ secrets.AWS_KEY_ID }}
|
||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
AWS_REGION: ${{ secrets.AWS_REGION }}
|
||||
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
|
||||
apt update -y
|
||||
apt install -y curl ca-certificates curl gnupg
|
||||
# helm
|
||||
curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
|
||||
tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
|
||||
mv linux-amd64/helm /usr/local/bin/
|
||||
rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
|
||||
helm version
|
||||
# docker
|
||||
install -m 0755 -d /etc/apt/keyrings
|
||||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
||||
chmod a+r /etc/apt/keyrings/docker.gpg
|
||||
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||
apt update -y
|
||||
apt install -y python3 python3-pip apt-transport-https docker-ce-cli
|
||||
pip install awscli --break-system-packages
|
||||
|
||||
- name: Import GPG key
|
||||
id: import_gpg
|
||||
uses: https://github.com/crazy-max/ghaction-import-gpg@v6
|
||||
with:
|
||||
gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
|
||||
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
|
||||
fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
|
||||
|
||||
# Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
|
||||
- name: package chart
|
||||
run: |
|
||||
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
|
||||
# FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
|
||||
helm plugin install https://github.com/pat-s/helm-gpg
|
||||
helm dependency build
|
||||
helm package --version "${GITHUB_REF#refs/tags/v}" ./
|
||||
mkdir actions
|
||||
mv actions*.tgz actions/
|
||||
curl -s -L -o actions/index.yaml https://dl.gitea.com/charts/index.yaml
|
||||
helm repo index actions/ --url https://dl.gitea.com/charts --merge actions/index.yaml
|
||||
# push to dockerhub
|
||||
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
|
||||
helm push actions/actions-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
|
||||
helm registry logout registry-1.docker.io
|
||||
|
||||
- name: aws credential configure
|
||||
uses: https://github.com/aws-actions/configure-aws-credentials@v4
|
||||
with:
|
||||
aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
aws-region: ${{ secrets.AWS_REGION }}
|
||||
|
||||
- name: Copy files to S3 and clear cache
|
||||
run: |
|
||||
aws s3 sync actions/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/
|
||||
|
||||
1
CODEOWNERS
Normal file
1
CODEOWNERS
Normal file
@@ -0,0 +1 @@
|
||||
* @DaanSelen @volker.raschek @ChristopherHX
|
||||
15
Chart.yaml
15
Chart.yaml
@@ -13,7 +13,18 @@ keywords:
|
||||
sources:
|
||||
- https://gitea.com/gitea/helm-actions
|
||||
- https://gitea.com/gitea/act
|
||||
# FIXME:
|
||||
# maintainers:
|
||||
|
||||
maintainers:
|
||||
# https://gitea.com/DaanSelen
|
||||
- name: Daan Selen
|
||||
email: dselen@nerthus.nl
|
||||
|
||||
# https://gitea.com/volker.raschek
|
||||
- name: Markus Pesch
|
||||
email: markus.pesch+apps@cryptic.systems
|
||||
|
||||
# https://gitea.com/ChristopherHX
|
||||
- name: Christopher Homberger
|
||||
email: christopher.homberger@web.de
|
||||
|
||||
dependencies: []
|
||||
|
||||
@@ -30,12 +30,12 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us
|
||||
| `statefulset.affinity` | Affinity for the statefulset | `{}` |
|
||||
| `statefulset.extraVolumes` | Extra volumes for the statefulset | `[]` |
|
||||
| `statefulset.actRunner.repository` | The Gitea act runner image | `gitea/act_runner` |
|
||||
| `statefulset.actRunner.tag` | The Gitea act runner tag | `0.2.11` |
|
||||
| `statefulset.actRunner.tag` | The Gitea act runner tag | `0.2.12` |
|
||||
| `statefulset.actRunner.pullPolicy` | The Gitea act runner pullPolicy | `IfNotPresent` |
|
||||
| `statefulset.actRunner.extraVolumeMounts` | Allows mounting extra volumes in the act runner container | `[]` |
|
||||
| `statefulset.actRunner.config` | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` |
|
||||
| `statefulset.dind.repository` | The Docker-in-Docker image | `docker` |
|
||||
| `statefulset.dind.tag` | The Docker-in-Docker image tag | `25.0.2-dind` |
|
||||
| `statefulset.dind.tag` | The Docker-in-Docker image tag | `28.3.3-dind` |
|
||||
| `statefulset.dind.pullPolicy` | The Docker-in-Docker pullPolicy | `IfNotPresent` |
|
||||
| `statefulset.dind.extraVolumeMounts` | Allows mounting extra volumes in the Docker-in-Docker container | `[]` |
|
||||
| `statefulset.dind.extraEnvs` | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY` | `[]` |
|
||||
|
||||
@@ -10,6 +10,10 @@ metadata:
|
||||
data:
|
||||
config.yaml: |
|
||||
{{- with .Values.statefulset.actRunner.config -}}
|
||||
{{- if kindIs "string" . -}}
|
||||
{{ . | nindent 4}}
|
||||
{{- else -}}
|
||||
{{ toYaml . | nindent 4}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
@@ -48,13 +48,27 @@ spec:
|
||||
image: "{{ .Values.statefulset.actRunner.repository }}:{{ .Values.statefulset.actRunner.tag }}"
|
||||
imagePullPolicy: {{ .Values.statefulset.actRunner.pullPolicy }}
|
||||
workingDir: /data
|
||||
command:
|
||||
# The following is a workaround for: https://gitea.com/gitea/act_runner/issues/731
|
||||
# We must add the docker-cli package for the server AND client cert verification.
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
apk add --no-cache docker-cli
|
||||
echo "Waiting for Docker daemon..."
|
||||
until timeout 10 docker info > /dev/null; do
|
||||
echo "Failed, retrying..."
|
||||
sleep 2
|
||||
done
|
||||
echo "Docker is ready, starting act-runner..."
|
||||
exec run.sh
|
||||
env:
|
||||
- name: DOCKER_HOST
|
||||
value: tcp://127.0.0.1:2376
|
||||
- name: DOCKER_TLS_VERIFY
|
||||
value: "1"
|
||||
- name: DOCKER_CERT_PATH
|
||||
value: /certs/server
|
||||
value: /certs/client
|
||||
- name: GITEA_RUNNER_REGISTRATION_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
@@ -70,7 +84,7 @@ spec:
|
||||
- mountPath: /actrunner/config.yaml
|
||||
name: act-runner-config
|
||||
subPath: config.yaml
|
||||
- mountPath: /certs/server
|
||||
- mountPath: /certs/client
|
||||
name: docker-certs
|
||||
- mountPath: /data
|
||||
name: data-act-runner
|
||||
@@ -86,7 +100,7 @@ spec:
|
||||
- name: DOCKER_TLS_VERIFY
|
||||
value: "1"
|
||||
- name: DOCKER_CERT_PATH
|
||||
value: /certs/server
|
||||
value: /certs/client
|
||||
{{- if .Values.statefulset.dind.extraEnvs }}
|
||||
{{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
|
||||
{{- end }}
|
||||
@@ -95,7 +109,7 @@ spec:
|
||||
resources:
|
||||
{{- toYaml .Values.statefulset.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
- mountPath: /certs/server
|
||||
- mountPath: /certs/client
|
||||
name: docker-certs
|
||||
{{- with .Values.statefulset.dind.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
|
||||
@@ -42,3 +42,27 @@ tests:
|
||||
runner:
|
||||
labels:
|
||||
- "ubuntu-latest"
|
||||
- it: renders a ConfigMap with inline yaml
|
||||
template: templates/config-act-runner.yaml
|
||||
set:
|
||||
enabled: true
|
||||
statefulset:
|
||||
actRunner:
|
||||
config:
|
||||
container:
|
||||
valid_volumes:
|
||||
- /var/run/docker.sock
|
||||
options: -v /var/run/docker.sock:/var/run/docker.sock
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
kind: ConfigMap
|
||||
apiVersion: v1
|
||||
name: gitea-unittests-actions-act-runner-config
|
||||
- matchRegex:
|
||||
path: data["config.yaml"]
|
||||
pattern: '(?m)^\s*options:\s*-v /var/run/docker.sock:/var/run/docker.sock\s*$'
|
||||
- matchRegex:
|
||||
path: data["config.yaml"]
|
||||
pattern: '(?m)^\s*valid_volumes:\s*\n\s*-\s*/var/run/docker.sock\s*$'
|
||||
|
||||
@@ -39,7 +39,7 @@ statefulset:
|
||||
|
||||
actRunner:
|
||||
repository: gitea/act_runner
|
||||
tag: 0.2.11
|
||||
tag: 0.2.12
|
||||
pullPolicy: IfNotPresent
|
||||
extraVolumeMounts: []
|
||||
|
||||
@@ -52,7 +52,7 @@ statefulset:
|
||||
|
||||
dind:
|
||||
repository: docker
|
||||
tag: 25.0.2-dind
|
||||
tag: 28.3.3-dind
|
||||
pullPolicy: IfNotPresent
|
||||
extraVolumeMounts: []
|
||||
|
||||
|
||||
Reference in New Issue
Block a user