gitea/helm-actions
Fork 12
Code Issues 12 Pull Requests 6 Actions Releases 2 Activity

feat(chart): Make the securityContext for the StatefulSet configurable #62

Merged
DaanSelen merged 4 commits from ssullivan/helm-actions:configure-pod-securitycontext into main 2025-11-03 17:43:27 +00:00
Conversation 10 Commits 4 Files Changed 4 +59
ssullivan commented 2025-09-19 20:28:10 +00:00
Contributor
Copy Link

Description of the change

This patch adds the ability to customize the SecurityContext for the statefulset of the Gitea Actions act_runner.
This allows users to configure pod-level security settings, such as fsGroup and fsGroupChangePolicy.
The patch introduces statefulset.podSecurityContext as a new configurable parameter.

Benefits

This change makes the chart more configurable for different kinds of deployment scenarios.

Possible drawbacks

Applicable issues

  • Fixes #

Additional information

  • The patch only adds the ability to customize the podSecurityContext for the statefulset. It does not modify any other security settings or introduce new features beyond this customization.
  • The default value for statefulset.podSecurityContext is an empty object {}, meaning no security context is applied unless the user explicitly defines it.

⚠ BREAKING

Checklist

  • Parameters are documented in the values.yaml and added to the README.md using readme-generator-for-helm
  • Helm templating unittests are added (required when changing anything in templates folder)
  • All added template resources MUST render a namespace in metadata
<!-- Before you open the request please review the following guidelines and tips to help it be more easily integrated: - Describe the scope of your change - i.e. what the change does. - Describe any known limitations with your change. - Please run any tests or examples that can exercise your modified code. Thank you for contributing! We will try to review, test and integrate the change as soon as we can. --> ### Description of the change <!-- Describe the scope of your change - i.e. what the change does. --> This patch adds the ability to **customize the `SecurityContext`** for the `statefulset` of the Gitea Actions `act_runner`. This allows users to configure pod-level security settings, such as `fsGroup` and `fsGroupChangePolicy`. The patch introduces `statefulset.podSecurityContext` as a new configurable parameter. ### Benefits <!-- What benefits will be realized by the code change? --> This change makes the chart more configurable for different kinds of deployment scenarios. ### Possible drawbacks <!-- Describe any known limitations with your change --> ### Applicable issues <!-- Enter any applicable Issues here (You can reference an issue using #). Please remove this section if there is no referenced issue. --> - Fixes # ### Additional information <!-- If there's anything else that's important and relevant to your pull request, mention that information here. Please remove this section if it remains empty. --> * The patch only adds the ability to customize the `podSecurityContext` for the `statefulset`. It does not modify any other security settings or introduce new features beyond this customization. * The default value for `statefulset.podSecurityContext` is an empty object `{}`, meaning no security context is applied unless the user explicitly defines it. ### ⚠ BREAKING <!-- If there's a breaking change, please shortly describe in which way users are affected and how they can mitigate it. If there are no breakings, please remove this section. --> ### Checklist <!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] --> - [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [X] Helm templating unittests are added (required when changing anything in `templates` folder) - [X] All added template resources MUST render a namespace in metadata
ssullivan added 1 commit 2025-09-19 20:28:10 +00:00
feat(chart): Make the securityContext for the StatefulSet configurable
Some checks failed
commitlint / check-and-test (pull_request) Has been cancelled
Details
Lint Shell files / shellcheck (pull_request) Has been cancelled
Details
check-and-test / check-and-test (pull_request) Has been cancelled
Details
0b9c3bd571
ssullivan requested review from DaanSelen 2025-09-19 20:28:10 +00:00
ssullivan requested review from volker.raschek 2025-09-19 20:28:10 +00:00
ssullivan requested review from ChristopherHX 2025-09-19 20:28:10 +00:00
DaanSelen approved these changes 2025-09-19 20:29:47 +00:00
Dismissed
DaanSelen commented 2025-09-19 20:29:54 +00:00
Member
Copy Link

Seems simple enough.

Seems simple enough.
ssullivan added 1 commit 2025-09-20 16:33:25 +00:00
Revert hash
All checks were successful
Lint Shell files / shellcheck (pull_request) Successful in 18s
Details
check-and-test / check-and-test (pull_request) Successful in 22s
Details
5103512150
ssullivan commented 2025-09-20 16:34:24 +00:00
Author
Contributor
Copy Link

Reverted the hash in the unit test

Reverted the hash in the unit test
ChristopherHX reviewed 2025-09-20 18:27:45 +00:00
values.yaml Outdated
@@ -38,6 +39,7 @@ statefulset:
tolerations: []
affinity: {}
extraVolumes: []
podSecurityContext: {}
ChristopherHX commented 2025-09-20 18:27:45 +00:00
Member
Copy Link

What was the reason for the name podSecurityContext? I would have called this just securityContext, e.g. using a name that kubernetes itself is using.

I am fine merging this either way

What was the reason for the name podSecurityContext? I would have called this just securityContext, e.g. using a name that kubernetes itself is using. _I am fine merging this either way_
ssullivan commented 2025-09-20 18:35:34 +00:00
Author
Contributor
Copy Link

I am good with changing this to securityContext. I’ll make that change… puts it more inline with the k8s schema

I am good with changing this to securityContext. I’ll make that change… puts it more inline with the k8s schema
ssullivan commented 2025-09-20 23:21:03 +00:00
Author
Contributor
Copy Link

@ChristopherHX I've updated this to be securityContext

@ChristopherHX I've updated this to be securityContext
ssullivan added 1 commit 2025-09-20 23:20:43 +00:00
Change podSecurityContext to securityContext
Some checks failed
Lint Shell files / shellcheck (pull_request) Successful in 17s
Details
check-and-test / check-and-test (pull_request) Failing after 19s
Details
bf62a90c57
ssullivan added 1 commit 2025-09-20 23:21:44 +00:00
Update README
Some checks failed
Lint Shell files / shellcheck (pull_request) Successful in 17s
Details
check-and-test / check-and-test (pull_request) Failing after 33s
Details
4e4090f925
ssullivan added 1 commit 2025-09-20 23:24:08 +00:00
Update unit tests
All checks were successful
check-and-test / check-and-test (pull_request) Successful in 21s
Details
Lint Shell files / shellcheck (pull_request) Successful in 42s
Details
3ae1c21eeb
DaanSelen commented 2025-09-21 15:40:34 +00:00
Member
Copy Link

@ssullivan Please apply the latest main branch into this, so we may merge gracefully.

@ssullivan Please apply the latest main branch into this, so we may merge gracefully.
ssullivan force-pushed configure-pod-securitycontext from 3ae1c21eeb to 79e8f90dc7 2025-09-21 18:29:01 +00:00 Compare
ssullivan commented 2025-09-21 18:29:37 +00:00
Author
Contributor
Copy Link

Just saw the changes to main. I've rebased this PR

Just saw the changes to main. I've rebased this PR
DaanSelen commented 2025-09-21 18:30:57 +00:00
Member
Copy Link

Looks good.

Looks good.
👍 1
DaanSelen approved these changes 2025-09-21 18:31:20 +00:00
Dismissed
ssullivan force-pushed configure-pod-securitycontext from 79e8f90dc7 to 9057b440e5 2025-09-21 21:50:16 +00:00 Compare
ssullivan force-pushed configure-pod-securitycontext from 9057b440e5 to 594e7a3e60 2025-09-22 12:54:09 +00:00 Compare
ssullivan commented 2025-09-22 15:57:41 +00:00
Author
Contributor
Copy Link

I've updated this with main again

I've updated this with main again
ssullivan force-pushed configure-pod-securitycontext from 594e7a3e60 to 88ff5d7fee 2025-09-26 11:11:24 +00:00 Compare
DaanSelen approved these changes 2025-11-03 17:43:20 +00:00
DaanSelen merged commit b91d297e32 into main 2025-11-03 17:43:27 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
volker.raschek
ChristopherHX
DaanSelen
Labels
Clear labels
bug
Something is not working
 duplicate
This issue or pull request already exists
 enhancement
New feature
 help wanted
Need some help
 invalid
Something is wrong
 need feedback
proposal
question
More information is needed
 wontfix
This won't be fixed
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
42wim 6543 a1012112796 Akkuman appleboy axifive betacat0 blumia bwko caicandong ChristopherHX DaanSelen davidsvantesson delvh denyskon fuxiaohei gary-kim garymoon giteabot guillep2k HesterG hiifong jaqra jolheiser jonasfranz jpraet kdumontnu kemzeb kerwin612 khmarbaise KN4CK3R kolaente lafriks lng2020 lotherk luhahn lunny mrsdizzie noerw puni9869 renovate-bot richmahn rossigee sapk screenshots sillyguodong silverwind smartclip_tim strk tboerger techknowlogick TheFox0x7 tobiasbp typeless volker.raschek wolfogre wxiaoguang yardenshoham yp05327 zeripath Zettat123
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: gitea/helm-actions#62
No description provided.
Delete Branch "ssullivan/helm-actions:configure-pod-securitycontext"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?