Unsupervised/helm-actions
1
0
Fork 0
forked from Gitea/helm-actions
Code Pull Requests Activity

Compare commits

base: Unsupervised:feat-inline-yaml-config
Branches Tags
Unsupervised:main Unsupervised:feat-inline-yaml-config Unsupervised:add-dind-docs Unsupervised:update-runner-dind Unsupervised:christopherhx-patch-1 Unsupervised:check-release-secrets
Gitea:v0.0.1
..
compare: Unsupervised:check-release-secrets
Branches Tags
Unsupervised:main Unsupervised:feat-inline-yaml-config Unsupervised:add-dind-docs Unsupervised:update-runner-dind Unsupervised:christopherhx-patch-1 Unsupervised:check-release-secrets Gitea:renovate/workflow-dependencies-(minor-and-patch) Gitea:renovate/lock-file-maintenance Gitea:renovate/major-commitlint-monorepo Gitea:main Gitea:feat-inline-yaml-config Gitea:add-dind-docs Gitea:update-runner-dind Gitea:christopherhx-patch-1 Gitea:check-release-secrets
Gitea:v0.0.1

1 Commits
feat-inlin ... check-rele

Author SHA1 Message Date
ChristopherHX
1600658386 .gitea/workflows/release-version.yml aktualisiert 2025-08-15 20:01:39 +00:00
8 changed files with 69 additions and 125 deletions
Expand all files Collapse all files

120
.gitea/workflows/release-version.yml
View File

@@ -1,70 +1,68 @@
name: generate-chart name: check-secrets
on: on:
push: push:
tags:
- "*"
env:
# renovate: datasource=docker depName=alpine/helm
HELM_VERSION: "3.17.1"
jobs: jobs:
generate-chart-publish: check-secrets:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: install tools
- name: Check all required secrets
run: | run: |
apt update -y echo "=== Checking availability of required secrets ==="
apt install -y curl ca-certificates curl gnupg
# helm # List of all secrets used in the original workflow
curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz SECRETS=(
tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz "GPGSIGN_KEY"
mv linux-amd64/helm /usr/local/bin/ "GPGSIGN_PASSPHRASE"
rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz "DOCKER_CHARTS_PASSWORD"
helm version "DOCKER_CHARTS_USERNAME"
# docker "AWS_KEY_ID"
install -m 0755 -d /etc/apt/keyrings "AWS_SECRET_ACCESS_KEY"
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg "AWS_REGION"
chmod a+r /etc/apt/keyrings/docker.gpg "AWS_S3_BUCKET"
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null )
apt update -y
apt install -y python3 python3-pip apt-transport-https docker-ce-cli MISSING_SECRETS=()
pip install awscli --break-system-packages AVAILABLE_SECRETS=()
- name: Import GPG key for secret in "${SECRETS[@]}"; do
id: import_gpg # Check if secret is set (not empty)
uses: https://github.com/crazy-max/ghaction-import-gpg@v6 if [ -z "${!secret:-}" ]; then
with: echo "❌ Secret '$secret' is NOT available or empty"
gpg_private_key: ${{ secrets.GPGSIGN_KEY }} MISSING_SECRETS+=("$secret")
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }} else
fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0 echo "✅ Secret '$secret' is available"
AVAILABLE_SECRETS+=("$secret")
# Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 fi
- name: package chart done
run: |
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin echo ""
# FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved echo "=== Summary ==="
helm plugin install https://github.com/pat-s/helm-gpg echo "Available secrets: ${#AVAILABLE_SECRETS[@]}"
helm dependency build echo "Missing secrets: ${#MISSING_SECRETS[@]}"
helm package --version "${GITHUB_REF#refs/tags/v}" ./
mkdir actions if [ ${#MISSING_SECRETS[@]} -gt 0 ]; then
mv actions*.tgz actions/ echo ""
curl -s -L -o actions/index.yaml https://dl.gitea.com/charts/index.yaml echo "Missing secrets:"
helm repo index actions/ --url https://dl.gitea.com/charts --merge actions/index.yaml for secret in "${MISSING_SECRETS[@]}"; do
# push to dockerhub echo " - $secret"
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin done
helm push actions/actions-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts echo ""
helm registry logout registry-1.docker.io echo "❌ Some secrets are missing. Please configure them in repository settings."
exit 1
- name: aws credential configure else
uses: https://github.com/aws-actions/configure-aws-credentials@v4 echo ""
with: echo "✅ All required secrets are available!"
aws-access-key-id: ${{ secrets.AWS_KEY_ID }} fi
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} env:
aws-region: ${{ secrets.AWS_REGION }} GPGSIGN_KEY: ${{ secrets.GPGSIGN_KEY }}
GPGSIGN_PASSPHRASE: ${{ secrets.GPGSIGN_PASSPHRASE }}
- name: Copy files to S3 and clear cache DOCKER_CHARTS_PASSWORD: ${{ secrets.DOCKER_CHARTS_PASSWORD }}
run: | DOCKER_CHARTS_USERNAME: ${{ secrets.DOCKER_CHARTS_USERNAME }}
aws s3 sync actions/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/ AWS_KEY_ID: ${{ secrets.AWS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}

1
CODEOWNERS
View File

@@ -1 +0,0 @@
* @DaanSelen @volker.raschek @ChristopherHX

15
Chart.yaml
View File

@@ -13,18 +13,7 @@ keywords:
sources: sources:
- https://gitea.com/gitea/helm-actions - https://gitea.com/gitea/helm-actions
- https://gitea.com/gitea/act - https://gitea.com/gitea/act
# FIXME:
maintainers: # maintainers:
# https://gitea.com/DaanSelen
- name: Daan Selen
email: dselen@nerthus.nl
# https://gitea.com/volker.raschek
- name: Markus Pesch
email: markus.pesch+apps@cryptic.systems
# https://gitea.com/ChristopherHX
- name: Christopher Homberger
email: christopher.homberger@web.de
dependencies: [] dependencies: []

4
README.md
View File

@@ -30,12 +30,12 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us
| `statefulset.affinity` | Affinity for the statefulset | `{}` | | `statefulset.affinity` | Affinity for the statefulset | `{}` |
| `statefulset.extraVolumes` | Extra volumes for the statefulset | `[]` | | `statefulset.extraVolumes` | Extra volumes for the statefulset | `[]` |
| `statefulset.actRunner.repository` | The Gitea act runner image | `gitea/act_runner` | | `statefulset.actRunner.repository` | The Gitea act runner image | `gitea/act_runner` |
| `statefulset.actRunner.tag` | The Gitea act runner tag | `0.2.12` | | `statefulset.actRunner.tag` | The Gitea act runner tag | `0.2.11` |
| `statefulset.actRunner.pullPolicy` | The Gitea act runner pullPolicy | `IfNotPresent` | | `statefulset.actRunner.pullPolicy` | The Gitea act runner pullPolicy | `IfNotPresent` |
| `statefulset.actRunner.extraVolumeMounts` | Allows mounting extra volumes in the act runner container | `[]` | | `statefulset.actRunner.extraVolumeMounts` | Allows mounting extra volumes in the act runner container | `[]` |
| `statefulset.actRunner.config` | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` | | `statefulset.actRunner.config` | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` |
| `statefulset.dind.repository` | The Docker-in-Docker image | `docker` | | `statefulset.dind.repository` | The Docker-in-Docker image | `docker` |
| `statefulset.dind.tag` | The Docker-in-Docker image tag | `28.3.3-dind` | | `statefulset.dind.tag` | The Docker-in-Docker image tag | `25.0.2-dind` |
| `statefulset.dind.pullPolicy` | The Docker-in-Docker pullPolicy | `IfNotPresent` | | `statefulset.dind.pullPolicy` | The Docker-in-Docker pullPolicy | `IfNotPresent` |
| `statefulset.dind.extraVolumeMounts` | Allows mounting extra volumes in the Docker-in-Docker container | `[]` | | `statefulset.dind.extraVolumeMounts` | Allows mounting extra volumes in the Docker-in-Docker container | `[]` |
| `statefulset.dind.extraEnvs` | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY` | `[]` | | `statefulset.dind.extraEnvs` | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY` | `[]` |

4
templates/config-act-runner.yaml
View File

@@ -10,10 +10,6 @@ metadata:
data: data:
config.yaml: | config.yaml: |
{{- with .Values.statefulset.actRunner.config -}} {{- with .Values.statefulset.actRunner.config -}}
{{- if kindIs "string" . -}}
{{ . | nindent 4}} {{ . | nindent 4}}
{{- else -}}
{{ toYaml . | nindent 4}}
{{- end -}}
{{- end -}} {{- end -}}
{{- end }} {{- end }}

22
templates/statefulset.yaml
View File

@@ -48,27 +48,13 @@ spec:
image: "{{ .Values.statefulset.actRunner.repository }}:{{ .Values.statefulset.actRunner.tag }}" image: "{{ .Values.statefulset.actRunner.repository }}:{{ .Values.statefulset.actRunner.tag }}"
imagePullPolicy: {{ .Values.statefulset.actRunner.pullPolicy }} imagePullPolicy: {{ .Values.statefulset.actRunner.pullPolicy }}
workingDir: /data workingDir: /data
command:
# The following is a workaround for: https://gitea.com/gitea/act_runner/issues/731
# We must add the docker-cli package for the server AND client cert verification.
- sh
- -c
- |
apk add --no-cache docker-cli
echo "Waiting for Docker daemon..."
until timeout 10 docker info > /dev/null; do
echo "Failed, retrying..."
sleep 2
done
echo "Docker is ready, starting act-runner..."
exec run.sh
env: env:
- name: DOCKER_HOST - name: DOCKER_HOST
value: tcp://127.0.0.1:2376 value: tcp://127.0.0.1:2376
- name: DOCKER_TLS_VERIFY - name: DOCKER_TLS_VERIFY
value: "1" value: "1"
- name: DOCKER_CERT_PATH - name: DOCKER_CERT_PATH
value: /certs/client value: /certs/server
- name: GITEA_RUNNER_REGISTRATION_TOKEN - name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@@ -84,7 +70,7 @@ spec:
- mountPath: /actrunner/config.yaml - mountPath: /actrunner/config.yaml
name: act-runner-config name: act-runner-config
subPath: config.yaml subPath: config.yaml
- mountPath: /certs/client - mountPath: /certs/server
name: docker-certs name: docker-certs
- mountPath: /data - mountPath: /data
name: data-act-runner name: data-act-runner
@@ -100,7 +86,7 @@ spec:
- name: DOCKER_TLS_VERIFY - name: DOCKER_TLS_VERIFY
value: "1" value: "1"
- name: DOCKER_CERT_PATH - name: DOCKER_CERT_PATH
value: /certs/client value: /certs/server
{{- if .Values.statefulset.dind.extraEnvs }} {{- if .Values.statefulset.dind.extraEnvs }}
{{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }} {{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
{{- end }} {{- end }}
@@ -109,7 +95,7 @@ spec:
resources: resources:
{{- toYaml .Values.statefulset.resources | nindent 12 }} {{- toYaml .Values.statefulset.resources | nindent 12 }}
volumeMounts: volumeMounts:
- mountPath: /certs/client - mountPath: /certs/server
name: docker-certs name: docker-certs
{{- with .Values.statefulset.dind.extraVolumeMounts }} {{- with .Values.statefulset.dind.extraVolumeMounts }}
{{- toYaml . | nindent 12 }} {{- toYaml . | nindent 12 }}

24
unittests/helm/config-act-runner.yaml
View File

@@ -42,27 +42,3 @@ tests:
runner: runner:
labels: labels:
- "ubuntu-latest" - "ubuntu-latest"
- it: renders a ConfigMap with inline yaml
template: templates/config-act-runner.yaml
set:
enabled: true
statefulset:
actRunner:
config:
container:
valid_volumes:
- /var/run/docker.sock
options: -v /var/run/docker.sock:/var/run/docker.sock
asserts:
- hasDocuments:
count: 1
- containsDocument:
kind: ConfigMap
apiVersion: v1
name: gitea-unittests-actions-act-runner-config
- matchRegex:
path: data["config.yaml"]
pattern: '(?m)^\s*options:\s*-v /var/run/docker.sock:/var/run/docker.sock\s*$'
- matchRegex:
path: data["config.yaml"]
pattern: '(?m)^\s*valid_volumes:\s*\n\s*-\s*/var/run/docker.sock\s*$'

4
values.yaml
View File

@@ -39,7 +39,7 @@ statefulset:
actRunner: actRunner:
repository: gitea/act_runner repository: gitea/act_runner
tag: 0.2.12 tag: 0.2.11
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
extraVolumeMounts: [] extraVolumeMounts: []
@@ -52,7 +52,7 @@ statefulset:
dind: dind:
repository: docker repository: docker
tag: 28.3.3-dind tag: 25.0.2-dind
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
extraVolumeMounts: [] extraVolumeMounts: []