Rework app.ini generation (#239) All checks were successful continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
App ini is now generated by environment-to-ini This should prevent some of the problems we had earlier with persisting the app.ini Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: gitea/helm-chart#239 Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io> Reviewed-by: Andrew Thornton <art27@cantab.net> Co-authored-by: luhahn <luhahn@noreply.gitea.io> Co-committed-by: luhahn <luhahn@noreply.gitea.io>
This commit was merged in pull request #239.
This commit is contained in:
luhahn @@ -6,7 +6,10 @@ metadata: | ||||
{{- include "gitea.labels" . | nindent 4 }} | ||||
type: Opaque | ||||
stringData: | ||||
app.ini: |- | ||||
config_environment.sh: |- | ||||
#!/usr/bin/env bash | ||||
set -euo pipefail | ||||
| ||||
{{- if not (hasKey .Values.gitea.config "cache") -}} | ||||
{{- $_ := set .Values.gitea.config "cache" dict -}} | ||||
{{- end -}} | ||||
@@ -31,6 +34,10 @@ stringData: | ||||
{{- $_ := set .Values.gitea.config "repository" dict -}} | ||||
{{- end -}} | ||||
| ||||
{{- if not (hasKey .Values.gitea.config "oauth2") -}} | ||||
{{- $_ := set .Values.gitea.config "oauth2" dict -}} | ||||
{{- end -}} | ||||
| ||||
{{- /* repository default settings */ -}} | ||||
{{- if not .Values.gitea.config.repository.ROOT -}} | ||||
{{- $_ := set .Values.gitea.config.repository "ROOT" "/data/git/gitea-repositories" -}} | ||||
@@ -132,17 +139,34 @@ stringData: | ||||
{{- end -}} | ||||
{{- end -}} | ||||
| ||||
{{- /* autogenerate app.ini */ -}} | ||||
{{- if not (hasKey .Values.gitea.config.security "INTERNAL_TOKEN") }} | ||||
export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN) | ||||
{{- end }} | ||||
{{- if not (hasKey .Values.gitea.config.security "SECRET_KEY") }} | ||||
export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY) | ||||
{{- end }} | ||||
{{- if not (hasKey .Values.gitea.config.oauth2 "JWT_SECRET") }} | ||||
export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET) | ||||
{{- end }} | ||||
| ||||
{{- /* autogenerate app.ini environment values */ -}} | ||||
{{- range $key, $value := .Values.gitea.config }} | ||||
{{- if kindIs "map" $value }} | ||||
{{- if gt (len $value) 0 }} | ||||
| ||||
[{{ $key }}] | ||||
{{- range $n_key, $n_value := $value }} | ||||
{{ $n_key | upper }} = {{ $n_value }} | ||||
export ENV_TO_INI__{{ $key | upper | replace "." "_0X2E_" | replace "-" "_0X2D_" }}__{{ $n_key | upper }}={{ $n_value }} | ||||
{{- end }} | ||||
{{- end }} | ||||
{{- else }} | ||||
{{ $key | upper }} = {{ $value }} | ||||
export ENV_TO_INI__{{ $key | upper | replace "." "_0X2E_" | replace "-" "_0X2D_" }}__{{ $key | upper }}={{ $value }} | ||||
{{- end }} | ||||
{{- end }} | ||||
| ||||
# safety to prevent rewrite of secret keys if an app.ini already exists | ||||
if [ -f ${GITEA_APP_INI} ]; then | ||||
unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN | ||||
unset ENV_TO_INI__SECURITY__SECRET_KEY | ||||
unset ENV_TO_INI__OAUTH2__JWT_SECRET | ||||
fi | ||||
| ||||
environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI | ||||
| ||||
@@ -33,9 +33,6 @@ stringData: | ||||
chown 1000:1000 "${GITEA_TEMP}" | ||||
chmod ug+rwx "${GITEA_TEMP}" | ||||
| ||||
# Copy config file to writable volume | ||||
cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini | ||||
chmod a+rwx /data/gitea/conf/app.ini | ||||
configure_gitea.sh: |- | ||||
#!/usr/bin/env bash | ||||
| ||||
| ||||
@@ -60,8 +60,31 @@ spec: | ||||
mountPath: /usr/sbin | ||||
- name: temp | ||||
mountPath: /tmp | ||||
- name: data | ||||
mountPath: /data | ||||
{{- if .Values.extraVolumeMounts }} | ||||
{{- toYaml .Values.extraVolumeMounts | nindent 12 }} | ||||
{{- end }} | ||||
- name: init-app-ini | ||||
image: "{{ include "gitea.image" . }}" | ||||
command: ["/usr/sbin/config_environment.sh"] | ||||
env: | ||||
- name: GITEA_APP_INI | ||||
value: /data/gitea/conf/app.ini | ||||
- name: GITEA_CUSTOM | ||||
value: /data/gitea | ||||
- name: GITEA_WORK_DIR | ||||
value: /data | ||||
- name: GITEA_TEMP | ||||
value: /tmp/gitea | ||||
{{- if .Values.statefulset.env }} | ||||
{{- toYaml .Values.statefulset.env | nindent 12 }} | ||||
{{- end }} | ||||
volumeMounts: | ||||
- name: config | ||||
mountPath: /etc/gitea/conf | ||||
mountPath: /usr/sbin | ||||
- name: temp | ||||
mountPath: /tmp | ||||
- name: data | ||||
mountPath: /data | ||||
{{- if .Values.extraVolumeMounts }} | ||||
@@ -236,10 +259,11 @@ spec: | ||||
- name: init | ||||
secret: | ||||
secretName: {{ include "gitea.fullname" . }}-init | ||||
defaultMode: 0777 | ||||
defaultMode: 110 | ||||
- name: config | ||||
secret: | ||||
secretName: {{ include "gitea.fullname" . }} | ||||
defaultMode: 110 | ||||
{{- if .Values.extraVolumes }} | ||||
{{- toYaml .Values.extraVolumes | nindent 8 }} | ||||
{{- end }} | ||||
| ||||
Reference in New Issue
Block a user