From 62b82459de0b3287ae0108c81b844c1f9b0d4114 Mon Sep 17 00:00:00 2001
From: luhahn <luhahn@noreply.gitea.io>
Date: Wed, 9 Mar 2022 14:47:55 +0800
Subject: [PATCH] Consider environment variables during app.ini creation (#298)

This PR improves the handling and injection into _app.ini_ of user defined environment variables via env-to-ini script.

Fixes #297

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/298
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: 6543 <6543@obermui.de>
---
 README.md                        | 34 +++++++++++++++++++++++++++
 templates/gitea/config.yaml      | 40 ++++++++++++++++++++++++++++++++
 templates/gitea/statefulset.yaml |  3 +++
 values.yaml                      |  2 ++
 4 files changed, 79 insertions(+)

diff --git a/README.md b/README.md
index 40510c9..9ed15c3 100644
--- a/README.md
+++ b/README.md
@@ -356,6 +356,40 @@ stringData:
     SAME_SITE=strict
 ```
 
+#### User defined environment variables in app.ini
+
+Users are able to define their own environment variables,
+which are loaded into the containers. We also support to
+directly interact with the generated _app.ini_.
+
+To inject self defined variables into the _app.ini_ a
+certain format needs to be honored. This is
+described in detail on the [env-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini)
+page.
+
+Note that the Prefix on this helm chart is `ENV_TO_INI`.
+
+For example a database setting needs to have the following
+format:
+
+```yaml
+gitea:
+  additionalConfigFromEnvs:
+    - name: ENV_TO_INI__DATABASE__HOST
+      value: my.own.host
+    - name: ENV_TO_INI__DATABASE__PASSWD
+      valueFrom:
+        secretKeyRef:
+          name: postgres-secret
+          key: password
+```
+
+Priority (highest to lowest) for defining app.ini variables:
+
+1. Environment variables prefixed with `ENV_TO_INI`
+2. Additional config sources
+3. Values defined in `gitea.config`
+
 ### External Database
 
 An external Database can be used instead of builtIn PostgreSQL or MySQL.
diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml
index 78bceab..8416ee6 100644
--- a/templates/gitea/config.yaml
+++ b/templates/gitea/config.yaml
@@ -63,6 +63,41 @@ stringData:
       export "ENV_TO_INI__${masked_section^^}__${setting^^}=${value}"        # '^^' makes the variable content uppercase
     }
 
+    function env2ini::reload_preset_envs() {
+      env2ini::log "Reloading preset envs..."
+
+      while read -r line; do
+        if [[ -z "${line}" ]]; then
+          # skip empty line
+          return
+        fi
+
+        # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line
+        local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)"
+
+        if [[ -z "${setting}" ]]; then
+          env2ini::log '  ! invalid setting'
+          exit 1
+        fi
+
+        local value=''
+        local regex="^${setting}(\s*)=(\s*)(.*)"
+        if [[ $line =~ $regex ]]; then
+          value="${BASH_REMATCH[3]}"
+        else
+          env2ini::log '  ! invalid setting'
+          exit 1
+        fi
+
+        env2ini::log "  + '${setting}'"
+
+        export "${setting^^}=${value}"                           # '^^' makes the variable content uppercase
+      done < "/tmp/existing-envs"
+
+      rm /tmp/existing-envs
+    }
+
+
     function env2ini::process_config_file() {
       local config_file="${1}"
       local section="$(basename "${config_file}")"
@@ -104,12 +139,17 @@ stringData:
       env2ini::log "...Initial secrets generated\n"
     }
 
+    env | (grep ENV_TO_INI || [[ $? == 1 ]]) > /tmp/existing-envs
+    
     # MUST BE CALLED BEFORE OTHER CONFIGURATION
     env2ini::generate_initial_secrets
 
     env2ini::load_config_sources '/env-to-ini-mounts/inlines/'
     env2ini::load_config_sources '/env-to-ini-mounts/additionals/'
 
+    # load existing envs to override auto generated envs
+    env2ini::reload_preset_envs
+
     env2ini::log "=== All configuration sources loaded ===\n"
 
     # safety to prevent rewrite of secret keys if an app.ini already exists
diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml
index d96ad34..ff6c9e1 100644
--- a/templates/gitea/statefulset.yaml
+++ b/templates/gitea/statefulset.yaml
@@ -87,6 +87,9 @@ spec:
             {{- if .Values.statefulset.env }}
             {{- toYaml .Values.statefulset.env | nindent 12 }}
             {{- end }}
+            {{- if .Values.gitea.additionalConfigFromEnvs }}
+            {{- toYaml .Values.gitea.additionalConfigFromEnvs | nindent 12 }}
+            {{- end }}
           volumeMounts:
             - name: config
               mountPath: /usr/sbin
diff --git a/values.yaml b/values.yaml
index 702e4d5..8bf8799 100644
--- a/values.yaml
+++ b/values.yaml
@@ -213,6 +213,8 @@ gitea:
   #   - configMap:
   #       name: gitea-app-ini-plaintext
 
+  additionalConfigFromEnvs: []
+
   podAnnotations: {}
 
   # Modify the liveness probe for your needs or completely disable it by commenting out.