mirror of
https://gitea.com/gitea/helm-chart.git
synced 2024-07-07 16:54:12 +02:00
### Description of the change This PR adds support for gpg key setup. It allows to pass the gpg private key content inline inside `values.yaml` or refer to an existing secret containing the key content data. ### Benefits Administrators don't need to manually setup the gpg environment from inside a running container. It also eliminates the breaking change of Gitea 1.17 regarding `[git].HOME` as the `GNUPGHOME` environment variable is used consistently to relocate the `.gnupg` directory to its former location. ### Applicable issues - fixes #107 ### Additional information This PR add the first unit tests to this Helm Chart, ensuring templating integrity for signing related configuration. ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com> Co-authored-by: pat-s <pat-s@noreply.gitea.io> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/343 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
94 lines
2.7 KiB
YAML
94 lines
2.7 KiB
YAML
suite: Statefulset template (signing enabled)
|
|
release:
|
|
name: gitea-unittests
|
|
namespace: testing
|
|
templates:
|
|
- templates/gitea/statefulset.yaml
|
|
- templates/gitea/config.yaml
|
|
tests:
|
|
- it: adds gpg init container
|
|
template: templates/gitea/statefulset.yaml
|
|
set:
|
|
signing:
|
|
enabled: true
|
|
existingSecret: "custom-gpg-secret"
|
|
asserts:
|
|
- equal:
|
|
path: spec.template.spec.initContainers[2].name
|
|
value: configure-gpg
|
|
- equal:
|
|
path: spec.template.spec.initContainers[2].command
|
|
value: ["/usr/sbin/configure_gpg_environment.sh"]
|
|
- equal:
|
|
path: spec.template.spec.initContainers[2].securityContext
|
|
value:
|
|
runAsUser: 1000
|
|
- equal:
|
|
path: spec.template.spec.initContainers[2].env
|
|
value:
|
|
- name: GNUPGHOME
|
|
value: /data/git/.gnupg
|
|
- equal:
|
|
path: spec.template.spec.initContainers[2].volumeMounts
|
|
value:
|
|
- name: init
|
|
mountPath: /usr/sbin
|
|
- name: data
|
|
mountPath: /data
|
|
- name: gpg-private-key
|
|
mountPath: /raw
|
|
readOnly: true
|
|
- it: adds gpg env in `init-directories` init container
|
|
template: templates/gitea/statefulset.yaml
|
|
set:
|
|
signing.enabled: true
|
|
asserts:
|
|
- contains:
|
|
path: spec.template.spec.initContainers[0].env
|
|
content:
|
|
name: GNUPGHOME
|
|
value: /data/git/.gnupg
|
|
- it: adds gpg env in runtime container
|
|
template: templates/gitea/statefulset.yaml
|
|
set:
|
|
signing.enabled: true
|
|
asserts:
|
|
- contains:
|
|
path: spec.template.spec.containers[0].env
|
|
content:
|
|
name: GNUPGHOME
|
|
value: /data/git/.gnupg
|
|
- it: adds gpg volume spec
|
|
template: templates/gitea/statefulset.yaml
|
|
set:
|
|
signing:
|
|
enabled: true
|
|
asserts:
|
|
- contains:
|
|
path: spec.template.spec.volumes
|
|
content:
|
|
name: gpg-private-key
|
|
secret:
|
|
secretName: gitea-unittests-gpg-key
|
|
items:
|
|
- key: privateKey
|
|
path: private.asc
|
|
defaultMode: 0100
|
|
- it: supports gpg volume spec with external reference
|
|
template: templates/gitea/statefulset.yaml
|
|
set:
|
|
signing:
|
|
enabled: true
|
|
existingSecret: custom-gpg-secret
|
|
asserts:
|
|
- contains:
|
|
path: spec.template.spec.volumes
|
|
content:
|
|
name: gpg-private-key
|
|
secret:
|
|
secretName: custom-gpg-secret
|
|
items:
|
|
- key: privateKey
|
|
path: private.asc
|
|
defaultMode: 0100
|