gitea/helm-chart
45
54
Fork 128
Code Issues 31 Pull Requests 7 Actions Releases 87 Activity

Add Gitea Actions act runner #596

Open
dementhorr wants to merge 16 commits from dementhorr/helm-chart:gitea-actions into main
pull from: dementhorr/helm-chart:gitea-actions
merge into: gitea:main
Conversation 17 Commits 16 Files Changed 25 +765 -10
dementhorr commented 2024-01-06 17:30:45 +00:00
First-time contributor
Copy Link

Description of the change

This adds support for Gitea actions that uses act runner. It allows for automatic act runner deployment.

Benefits

Users no longer need to deploy Gitea act runners manually.

Applicable issues

Closes #459.

Additional information

Following the discussion on #459, I agree with monester comments.

As specified in this comment I have saved the runner token in a k8s secret.

For this, it was required to create the secret using the Gitea CLI command gitea actions generate-runner-token and then to use the kubectl command with a service account to create the secret. This has been implement as a Job. The other way of generating the token can be seen in the discussion (using initContainers and changing the env variable to point to the file where the token is), but in order to create the k8s secret one needs to use a job with another service account. This chart uses the same way of storing a k8s secret that was generated with a CLI command.

As specified by monester, the act-runner must be a statefulset that has persistence volumes since the .runner is different for each pod and it can't be deregistered.

Also, the upstream problems from this comment still stand:

  • the act runner doesn't have nodejs installed; in this PR it is installed using a lifecycle.postStart.exec.command;
  • can't scale the statefulset because there are no exposed metrics.
<!-- Before you open the request please review the following guidelines and tips to help it be more easily integrated: - Describe the scope of your change - i.e. what the change does. - Describe any known limitations with your change. - Please run any tests or examples that can exercise your modified code. Thank you for contributing! We will try to review, test and integrate the change as soon as we can. --> ### Description of the change This adds support for [Gitea actions](https://docs.gitea.com/usage/actions/overview) that uses [act runner](https://gitea.com/gitea/act_runner). It allows for automatic act runner deployment. ### Benefits Users no longer need to deploy Gitea act runners manually. ### Applicable issues Closes [#459](https://gitea.com/gitea/helm-chart/issues/459). ### Additional information Following the discussion on [#459](https://gitea.com/gitea/helm-chart/issues/459), I agree with [monester](https://gitea.com/monester) comments. As specified in this [comment](https://gitea.com/gitea/helm-chart/issues/459#issuecomment-750798) I have saved the runner token in a k8s secret. For this, it was required to create the secret using the Gitea CLI command `gitea actions generate-runner-token` and then to use the kubectl command with a service account to create the secret. This has been implement as a Job. The other way of generating the token can be seen in the discussion (using initContainers and changing the env variable to point to the file where the token is), but in order to create the k8s secret one needs to use a job with another service account. This [chart](https://gitlab.com/ananace/charts/-/tree/master/charts/matrix-synapse) uses the same way of storing a k8s secret that was generated with a CLI command. As specified by monester, the act-runner must be a statefulset that has persistence volumes since the .runner is different for each pod and it can't be deregistered. Also, the upstream problems from this [comment](https://gitea.com/gitea/helm-chart/issues/459#issuecomment-752443) still stand: - the act runner doesn't have nodejs installed; in this PR it is installed using a lifecycle.postStart.exec.command; - can't scale the statefulset because there are no exposed metrics.
dementhorr added 2 commits 2024-01-06 17:30:46 +00:00
Added actions statefulset
Some checks failed
check-and-test / check-and-test (pull_request) Has been cancelled
Details
ad0db6235b
dementhorr added 1 commit 2024-01-06 17:41:13 +00:00
Removed lifecycle.postStart.exec.command
Some checks failed
check-and-test / check-and-test (pull_request) Has been cancelled
Details
ed576bb5f8
dementhorr commented 2024-01-06 17:44:21 +00:00
Author
First-time contributor
Copy Link

On second thought, the lifecycle.postStart.exec.command can be removed since you can install it inside the Gitea Action:

    steps:
      - name: install tools
        run: |
          apk update
          apk add --update make nodejs npm yamllint
On second thought, the lifecycle.postStart.exec.command can be removed since you can install it inside the Gitea Action: ``` steps: - name: install tools run: | apk update apk add --update make nodejs npm yamllint ```
pat-s commented 2024-01-08 12:42:43 +00:00
Member
Copy Link

@dementhorr Thanks for contributing!

Both me and @justusbunsi are quite busy during the start of the year. I'll try to add my review within the next days so we can make some progress/get an initial discussion going.
Yet what would definitely be a requirement in getting this merged (besides all details TBD) is the addition of unit tests (see the existing ones).

@dementhorr Thanks for contributing! Both me and @justusbunsi are quite busy during the start of the year. I'll try to add my review within the next days so we can make some progress/get an initial discussion going. Yet what would definitely be a requirement in getting this merged (besides all details TBD) is the addition of unit tests (see the existing ones).
dementhorr added 2 commits 2024-01-09 15:06:26 +00:00
Added initial unittests for gitea actions
Some checks failed
check-and-test / check-and-test (pull_request) Failing after 30s
Details
d4f7e4c156
pat-s reviewed 2024-01-10 09:35:53 +00:00
pat-s left a comment
Member
Copy Link

Thanks again for starting here! The effort is much appreciated.
I hope my review is not too overwhelming and you brought some resource for discussion. Some points still need discussion. We can also do so in the Gitea discord to not bloat this PR too much - feel free to ping me there.

I would suggest adding templates/act_runner and putting all new templates there instead of templates/gitea/actions/.

Open discussion points

Disclaimer: I haven't done a deep dive into act runner yet (and have no time right now), so everything I propose/state here relies on other, similar projects (GitHub self hosted runners, other charts which server external runners)

  • Do we need a statefulset? We moved from a statefuleset to a deployment (+RWX) in the chart some time ago for easier replica scaling.
    Given that there is no need for an internal leader selection in the act runner, a statefulset might not be needed or even make sense. This of course only applies if the persistent config is shared between them using a RWX. Other "runner" charts all make use of deployments, see e.g. https://github.com/actions/actions-runner-controller/blob/master/charts/gha-runner-scale-set-controller/templates/deployment.yaml.

  • Persistence: is it even needed? Or could the act runner also just live with env vars set in the deployment resource and the k8s secret for connectivity? Is it needed for logs or are they stored in the persistent dir of Gitea itself? If not, maybe we can configure it do so? Does the runner have an integrated logrotate config?

Persistence

Act runner should have it's own persistence mapping. This allows for more flexibility and less conflicts with the gitea persistence one. I wonder if it would even work this way since they would share the same PV/PVC right now AFAICS.

Images

We have the policy to use semver tags everywhere instead of latest. The repo uses renovate and all semver tags are updated in a bundled way in a specified interval. This makes it easier to control updates and inspect what could have broken something (yes, even if it's only a busybox image :))

Tests

For the tests, we should add some "meaningful" ones, i.e. we don't need to check that the configmaps/statefulsets are just existing (this is usually not an issue) but that they also "do" what they are supposed to do. I.e. if certain mappings result in certain resources/values which are created dynamically. Specifically, checking for actions of non-default values and their validity.

Thanks again for starting here! The effort is much appreciated. I hope my review is not too overwhelming and you brought some resource for discussion. Some points still need discussion. We can also do so in the Gitea discord to not bloat this PR too much - feel free to ping me there. I would suggest adding `templates/act_runner` and putting all new templates there instead of `templates/gitea/actions/`. ## Open discussion points Disclaimer: I haven't done a deep dive into act runner yet (and have no time right now), so everything I propose/state here relies on other, similar projects (GitHub self hosted runners, other charts which server external runners) - Do we need a statefulset? We moved from a statefuleset to a deployment (+RWX) in the chart some time ago for easier replica scaling. Given that there is no need for an internal leader selection in the act runner, a statefulset might not be needed or even make sense. This of course only applies if the persistent config is shared between them using a RWX. Other "runner" charts all make use of deployments, see e.g. https://github.com/actions/actions-runner-controller/blob/master/charts/gha-runner-scale-set-controller/templates/deployment.yaml. - Persistence: is it even needed? Or could the act runner also just live with env vars set in the deployment resource and the k8s secret for connectivity? Is it needed for logs or are they stored in the persistent dir of Gitea itself? If not, maybe we can configure it do so? Does the runner have an integrated logrotate config? ## Persistence Act runner should have it's own persistence mapping. This allows for more flexibility and less conflicts with the gitea persistence one. I wonder if it would even work this way since they would share the same PV/PVC right now AFAICS. ## Images We have the policy to use semver tags everywhere instead of latest. The repo uses renovate and all semver tags are updated in a bundled way in a specified interval. This makes it easier to control updates and inspect what could have broken something (yes, even if it's only a busybox image :)) ## Tests For the tests, we should add some "meaningful" ones, i.e. we don't need to check that the configmaps/statefulsets are just existing (this is usually not an issue) but that they also "do" what they are supposed to do. I.e. if certain mappings result in certain resources/values which are created dynamically. Specifically, checking for actions of non-default values and their validity.
scripts/token.sh
@ -0,0 +15,4 @@
create_token() {
echo "Waiting for new token to be generated..."
begin=$(date +%s)
end=$((begin + 300)) # 5 minutes
pat-s commented 2024-01-10 08:55:04 +00:00
Member
Copy Link

I think this should be way shorter. If a token doesn't exist or cannot be created for some reason, it won't resolve itself anyhow. I think 10-15 seconds would also suffice?

I think this should be way shorter. If a token doesn't exist or cannot be created for some reason, it won't resolve itself anyhow. I think 10-15 seconds would also suffice?
dementhorr marked this conversation as resolved
scripts/token.sh
@ -0,0 +34,4 @@
fi
if ! create_token; then
echo "Timed out waiting for a token to appear."
pat-s commented 2024-01-10 08:52:01 +00:00
Member
Copy Link

echo "Timed out waiting for a token to appear."

This reminds me about the "good old days" waiting for Pokemon XY to appear 😛

Suggestion:

"Checking for an existing act runner token in secret $SECRET_NAME timed out after $time".

> echo "Timed out waiting for a token to appear." This reminds me about the "good old days" waiting for Pokemon XY to appear 😛 Suggestion: "Checking for an existing act runner token in secret $SECRET_NAME timed out after $time".
dementhorr marked this conversation as resolved
templates/gitea/actions/config-act-runner.yaml Outdated
@ -0,0 +7,4 @@
labels:
{{- include "gitea.labels" . | nindent 4 }}
data:
config.yaml: |
pat-s commented 2024-01-10 08:57:28 +00:00
Member
Copy Link

The act runner config should be configurable in values.yml.

The act runner config should be configurable in `values.yml`.
dementhorr marked this conversation as resolved
templates/gitea/actions/config-scripts.yaml Outdated
@ -0,0 +6,4 @@
name: {{ include "gitea.fullname" . }}-scripts
labels:
{{- include "gitea.labels" . | nindent 4 }}
annotations:
pat-s commented 2024-01-10 08:58:45 +00:00
Member
Copy Link

Scheduling it as a post-install hook makes sense. Why did you comment it out here?

Scheduling it as a post-install hook makes sense. Why did you comment it out here?
dementhorr commented 2024-01-14 13:25:41 +00:00
Author
First-time contributor
Copy Link

I tried it but it didn't work. I had the chicken-egg problem, in order for the deployment to be completed it had to have the secret, but to have the secret, the deployment should have completed, so it was a deadlock.

I tried it but it didn't work. I had the chicken-egg problem, in order for the deployment to be completed it had to have the secret, but to have the secret, the deployment should have completed, so it was a deadlock.
templates/gitea/actions/job.yaml Outdated
@ -0,0 +28,4 @@
spec:
containers:
- name: actions-token-create
image: "{{ .Values.actions.job.tokenImage.repository }}:{{ .Values.actions.job.tokenImage.tag | default "latest-rootless" }}"
pat-s commented 2024-01-10 09:07:01 +00:00
Member
Copy Link

Instead of latest-rootless we should use a semver tag here and versionize it via renovate.

Instead of `latest-rootless` we should use a semver tag here and versionize it via `renovate`.
dementhorr commented 2024-01-14 13:26:21 +00:00
Author
First-time contributor
Copy Link

Changed the tag, but didn't modify renovate config.

Changed the tag, but didn't modify renovate config.
templates/gitea/actions/job.yaml Outdated
@ -0,0 +41,4 @@
sleep 5
done
echo "Generating token..."
pat-s commented 2024-01-10 09:00:43 +00:00
Member
Copy Link

echo "Generating act_runner token via 'gitea actions generate-runner-token' and storing in kubernetes secret..."

echo "Generating act_runner token via 'gitea actions generate-runner-token' and storing in kubernetes secret..."
dementhorr marked this conversation as resolved
templates/gitea/actions/job.yaml Outdated
@ -0,0 +53,4 @@
subPath: {{ .Values.persistence.subPath }}
{{- end }}
- name: actions-token-upload
image: "{{ .Values.actions.job.publishImage.repository }}:{{ .Values.actions.job.publishImage.tag | default "latest" }}"
pat-s commented 2024-01-10 09:08:08 +00:00
Member
Copy Link

Instead of latest we should use a semver tag here and versionize it via renovate.

Instead of `latest` we should use a semver tag here and versionize it via `renovate`.
dementhorr commented 2024-01-14 13:26:50 +00:00
Author
First-time contributor
Copy Link

Changed the tag, but didn't modify renovate config.

Changed the tag, but didn't modify renovate config.
templates/gitea/actions/job.yaml Outdated
@ -0,0 +62,4 @@
- sh
- -c
- |
printf "Checking rights to update secret... "
pat-s commented 2024-01-10 09:08:36 +00:00
Member
Copy Link

printf "Checking rights to update kubernetes act_runner secret... "

printf "Checking rights to update kubernetes act_runner secret... "
dementhorr marked this conversation as resolved
templates/gitea/actions/secret-token.yaml Outdated
@ -0,0 +8,4 @@
annotations:
# helm.sh/hook: post-install
# helm.sh/hook-delete-policy: never
argocd.argoproj.io/hook: Skip
pat-s commented 2024-01-10 09:09:35 +00:00
Member
Copy Link

What are those argocd hooks needed for?

What are those argocd hooks needed for?
templates/gitea/actions/statefulset.yaml Outdated
@ -0,0 +27,4 @@
spec:
initContainers:
- name: init-gitea
image: busybox:latest
pat-s commented 2024-01-10 09:10:29 +00:00
Member
Copy Link

Instead of latest we should use a semver tag here and versionize it via renovate.

Instead of `latest` we should use a semver tag here and versionize it via `renovate`.
dementhorr commented 2024-01-14 13:27:10 +00:00
Author
First-time contributor
Copy Link

Changed the tag, but didn't modify renovate config.

Changed the tag, but didn't modify renovate config.
templates/gitea/actions/statefulset.yaml Outdated
@ -0,0 +32,4 @@
- sh
- -c
- |
while ! nc -z gitea-http 3000; do
pat-s commented 2024-01-10 09:11:14 +00:00
Member
Copy Link

The port could differ and should dynamically use the respective port of the main gitea deployment.

The port could differ and should dynamically use the respective port of the main gitea deployment.
dementhorr marked this conversation as resolved
templates/gitea/actions/statefulset.yaml Outdated
@ -0,0 +37,4 @@
done
containers:
- name: act-runner
image: "{{ .Values.actions.statefulset.actRunnerImage.repository }}:{{ .Values.actions.statefulset.actRunnerImage.tag | default "latest" }}"
pat-s commented 2024-01-10 09:06:31 +00:00
Member
Copy Link

Instead of latest we should use a semver tag here and versionize it via renovate.

Instead of `latest` we should use a semver tag here and versionize it via `renovate`.
dementhorr commented 2024-01-14 13:27:35 +00:00
Author
First-time contributor
Copy Link

Changed the tag, but didn't modify renovate config.

Changed the tag, but didn't modify renovate config.
templates/gitea/actions/statefulset.yaml Outdated
@ -0,0 +52,4 @@
secretKeyRef:
name: {{ $secretName }}
key: token
- name: GITEA_INSTANCE_URL
pat-s commented 2024-01-10 09:04:08 +00:00
Member
Copy Link

This should be configurable/exposed in values.yml.

This should be configurable/exposed in `values.yml`.
dementhorr commented 2024-01-14 13:28:24 +00:00
Author
First-time contributor
Copy Link

Used the already defined variables from values.yml.

Used the already defined variables from `values.yml`.
dementhorr marked this conversation as resolved
templates/gitea/actions/statefulset.yaml Outdated
@ -0,0 +54,4 @@
key: token
- name: GITEA_INSTANCE_URL
value: http://gitea-http:3000
- name: GITEA_RUNNER_LABELS
pat-s commented 2024-01-10 09:04:15 +00:00
Member
Copy Link

This should be configurable/exposed in values.yml.

This should be configurable/exposed in `values.yml`.
dementhorr marked this conversation as resolved
templates/gitea/actions/statefulset.yaml Outdated
@ -0,0 +67,4 @@
- mountPath: /data
name: data-act-runner
- name: dind
image: "{{ .Values.actions.statefulset.dindImage.repository }}:{{ .Values.actions.statefulset.dindImage.tag | default "24.0.7-dind" }}"
pat-s commented 2024-01-10 09:05:54 +00:00
Member
Copy Link

We can expose the tag in values.yml directly and let the version be maintained by renovate.

We can expose the tag in `values.yml` directly and let the version be maintained by `renovate`.
dementhorr commented 2024-01-14 13:29:08 +00:00
Author
First-time contributor
Copy Link

Changed the tag, but didn't modify renovate config.

Changed the tag, but didn't modify renovate config.
unittests/actions/config-act-runner.yaml Outdated
@ -0,0 +5,4 @@
templates:
- templates/gitea/actions/config-act-runner.yaml
tests:
- it: renders a deployment
pat-s commented 2024-01-10 09:12:14 +00:00
Member
Copy Link
  • it: renders a valid statefulset
- it: renders a valid statefulset
dementhorr marked this conversation as resolved
dementhorr added 1 commit 2024-01-13 15:30:45 +00:00
Fixed mistakes
Some checks failed
check-and-test / check-and-test (pull_request) Failing after 15m6s
Details
018c0696e5
dementhorr commented 2024-01-13 15:31:56 +00:00
Author
First-time contributor
Copy Link
  • Do we need a statefulset? We moved from a statefuleset to a deployment (+RWX) in the chart some time ago for easier replica scaling.

I haven't seen a way to unregister an act runner, only to register it. This is a problem since they are registered in the Runners Management UI. If we don't store the the .runner config file in a persistent volume, each time a new runner will start it will have another name. So that means there will be very many runners. Right now (when using StatefulSet with persistence) I get:

Idle	1 	gitea-act-runner-0 v0.2.6 	Global	ubuntu-latest	3 minutes ago
Offline	2 	gitea-act-runner-1 v0.2.6 	Global	ubuntu-latest	5 minutes ago
Offline	3 	gitea-act-runner-2 v0.2.6 	Global	ubuntu-latest	5 minutes ago
Offline	4 	gitea-act-runner-3 v0.2.6 	Global	ubuntu-latest	5 minutes ago
Offline	5 	gitea-act-runner-4 v0.2.6 	Global	ubuntu-latest	5 minutes ago

If I scale the StatefulSet to 3 replicas, I get:

Idle	1 	gitea-act-runner-0 v0.2.6 	Global	ubuntu-latest	now
Idle	2 	gitea-act-runner-1 v0.2.6 	Global	ubuntu-latest	now
Idle	3 	gitea-act-runner-2 v0.2.6 	Global	ubuntu-latest	now
Offline	4 	gitea-act-runner-3 v0.2.6 	Global	ubuntu-latest	8 minutes ago
Offline	5 	gitea-act-runner-4 v0.2.6 	Global	ubuntu-latest	8 minutes ago

With a deployment, each time I scale, I would get another act-runner instance, so if I scale up and down 5 times from 1 to 5 replicas, I would have 1 Idle gitea-act-runner-XXXXXXX and 20 Offline gitea-act-runner-XXXXXX as I didn't find a way to really delete (unregister) act runners.

So the real reason for the StatefulSet is not for a leader, but to be able to store the .runner file. If this doesn't matter (the clutter), we can easily switch to a deployment and just ignore the offline runners.

  • Persistence: is it even needed?

The act runners' logs are stored in the gitea PVC, so we only need the PVC for the .runner file. If we switch to deployments, we won't need any PVCs.

Persistence for the Gitea dir is needed in order to store the Gitea Actions Token as a Kubernetes Secret. Right now, the token is stored in the the persistent Gitea dir /data/actions/token and the Job mounts the volume such that kubectl can patch the secret. Without persistency, the Job can't access the token.

Regarding renovate, I don't exactly know how to use and test it. I have changed the tags from latest to a semver tag, configurable in values.yaml.

- Do we need a statefulset? We moved from a statefuleset to a deployment (+RWX) in the chart some time ago for easier replica scaling. I haven't seen a way to unregister an act runner, only to register it. This is a problem since they are registered in the Runners Management UI. If we don't store the the `.runner` config file in a persistent volume, each time a new runner will start it will have another name. So that means there will be very many runners. Right now (when using StatefulSet with persistence) I get: ``` Idle 1 gitea-act-runner-0 v0.2.6 Global ubuntu-latest 3 minutes ago Offline 2 gitea-act-runner-1 v0.2.6 Global ubuntu-latest 5 minutes ago Offline 3 gitea-act-runner-2 v0.2.6 Global ubuntu-latest 5 minutes ago Offline 4 gitea-act-runner-3 v0.2.6 Global ubuntu-latest 5 minutes ago Offline 5 gitea-act-runner-4 v0.2.6 Global ubuntu-latest 5 minutes ago ``` If I scale the StatefulSet to 3 replicas, I get: ``` Idle 1 gitea-act-runner-0 v0.2.6 Global ubuntu-latest now Idle 2 gitea-act-runner-1 v0.2.6 Global ubuntu-latest now Idle 3 gitea-act-runner-2 v0.2.6 Global ubuntu-latest now Offline 4 gitea-act-runner-3 v0.2.6 Global ubuntu-latest 8 minutes ago Offline 5 gitea-act-runner-4 v0.2.6 Global ubuntu-latest 8 minutes ago ``` With a deployment, each time I scale, I would get another act-runner instance, so if I scale up and down 5 times from 1 to 5 replicas, I would have 1 Idle `gitea-act-runner-XXXXXXX` and 20 Offline `gitea-act-runner-XXXXXX` as I didn't find a way to really delete (unregister) act runners. So the real reason for the StatefulSet is not for a leader, but to be able to store the `.runner` file. If this doesn't matter (the clutter), we can easily switch to a deployment and just ignore the offline runners. - Persistence: is it even needed? The act runners' logs are stored in the gitea PVC, so we only need the PVC for the `.runner` file. If we switch to deployments, we won't need any PVCs. Persistence for the Gitea dir is needed in order to store the Gitea Actions Token as a Kubernetes Secret. Right now, the token is stored in the the persistent Gitea dir `/data/actions/token` and the Job mounts the volume such that kubectl can patch the secret. Without persistency, the Job can't access the token. Regarding renovate, I don't exactly know how to use and test it. I have changed the tags from latest to a semver tag, configurable in `values.yaml`.
dementhorr added 1 commit 2024-01-13 15:40:43 +00:00
Fixed unittests
Some checks failed
check-and-test / check-and-test (pull_request) Failing after 9m33s
Details
28e82905f7
dementhorr added 1 commit 2024-01-14 13:23:18 +00:00
Fixed readme
Some checks failed
check-and-test / check-and-test (pull_request) Failing after 57s
Details
4058aed0fe
pat-s commented 2024-01-22 09:50:08 +00:00
Member
Copy Link

@dementhorr I don't have enough time right now to get back to this, it's on the list though!

@dementhorr I don't have enough time right now to get back to this, it's on the list though!
pat-s commented 2024-01-30 10:30:58 +00:00
Member
Copy Link

Thanks for your patience!

Deployment vs. Statefulset

So the real reason for the StatefulSet is not for a leader, but to be able to store the .runner file. If this doesn't matter (the clutter), we can easily switch to a deployment and just ignore the offline runners.

You can also attach a PV to a deployment. That's how the chart currently works. The deployment resource doesn't necessarily mean it's stateless. The resource kind also has an effect on how k8s treats the pods WRT to updating/replacement. So deployment + RWX works quite well, what doesn't work so well is deployment + RWO or statefulset + RWX.

Statefulsets vs. deployments is a bigger topic which we already discussed before making the switch. Yet this doesn't mean we are bound to only deployments now, it always a new decision to make.

If we really need distinct pods for each runner with a persistent config then I guess statefulset + RWO (with a very small size) would be the best. What do you think?

One point which is still missing is affinity + nodeSelector. These are needed to control the placement of the agents, most commonly to force a placement on arm64 or amd64 nodes. Would you mind adding these to the statefulset definition?

Dind

Do we really need it? Some months ago we removed a similar approach in the Woodpecker helm chart as dind was not needed anymore. I need to check again on the details but maybe we could also omit it here.

Thanks for your patience! ## Deployment vs. Statefulset > So the real reason for the StatefulSet is not for a leader, but to be able to store the .runner file. If this doesn't matter (the clutter), we can easily switch to a deployment and just ignore the offline runners. You can also attach a PV to a deployment. That's how the chart currently works. The `deployment` resource doesn't necessarily mean it's stateless. The resource kind also has an effect on how k8s treats the pods WRT to updating/replacement. So deployment + RWX works quite well, what doesn't work so well is deployment + RWO or statefulset + RWX. Statefulsets vs. deployments is a bigger topic which we already discussed before making the switch. Yet this doesn't mean we are bound to only deployments now, it always a new decision to make. If we really need distinct pods for each runner with a persistent config then I guess statefulset + RWO (with a very small size) would be the best. What do you think? One point which is still missing is affinity + nodeSelector. These are needed to control the placement of the agents, most commonly to force a placement on `arm64` or `amd64` nodes. Would you mind adding these to the statefulset definition? ## Dind Do we really need it? Some months ago we removed a similar approach in the Woodpecker helm chart as dind was not needed anymore. I need to check again on the details but maybe we could also omit it here.
dementhorr added 1 commit 2024-02-07 18:23:50 +00:00
Added nodeSelector, tolerations and affinity for act runners
All checks were successful
check-and-test / check-and-test (pull_request) Successful in 39s
Details
50f607cdba
dementhorr commented 2024-02-07 18:26:30 +00:00
Author
First-time contributor
Copy Link

I have added affinity, tolerations and nodeSelector for the statefulset and for the job.

I don't think that using a deployment with a RWX would work since the Gitea act runner would create a .runner file in the current working directory and as soon as another pod would start it will overwrite that file. Maybe there is a way to create a new dir for each runner and change the dir with workingDir to match the hostname, but I think it would make the chart more complicated.

In my opinion we should either stick with the StatefulSet with a very small volume to accomodate the .runner file, or switch to Deployment without any volumes, and maybe in the future Gitea will do some garbage collection to delete inactive runners.

Regarding Dind, I don't think the act runners work the same way in Gitea as in Woodpecker. From my understanding, each step in Woodpecker would spawn a new container (inside a pod) that would run in the cluster (so it's like a First Citizen approach). For the act runner it seems that all the steps run in the same container and that's why we have two containers per runner (1 agent, 1 dind) (so there isn't any transparency as with Woodpecker k8s backend). I may be wrong, though.

I have added affinity, tolerations and nodeSelector for the statefulset and for the job. I don't think that using a deployment with a RWX would work since the Gitea act runner would create a `.runner` file in the current working directory and as soon as another pod would start it will overwrite that file. Maybe there is a way to create a new dir for each runner and change the dir with `workingDir` to match the hostname, but I think it would make the chart more complicated. In my opinion we should either stick with the **StatefulSet** with a very small volume to accomodate the `.runner` file, or switch to **Deployment** without any volumes, and maybe in the future Gitea will do some garbage collection to delete inactive runners. Regarding **Dind**, I don't think the act runners work the same way in Gitea as in Woodpecker. From my understanding, each step in Woodpecker would spawn a new container (inside a pod) that would run in the cluster (so it's like a First Citizen approach). For the act runner it seems that all the steps run in the same container and that's why we have two containers per runner (1 agent, 1 dind) (so there isn't any transparency as with Woodpecker k8s backend). I may be wrong, though.
pat-s reviewed 2024-02-11 11:52:36 +00:00
README.md Outdated
@ -980,6 +980,41 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
| `signing.privateKey` | Inline private gpg key for signed Gitea actions | `""` |
| `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""` |
### GiteaActions
pat-s commented 2024-02-11 11:38:44 +00:00
Member
Copy Link

Gitea Actions

Gitea Actions
dementhorr marked this conversation as resolved
README.md Outdated
@ -983,0 +984,4 @@
| Name | Description | Value |
| ----------------------------------------------- | --------------------------------------------------------------------------- | ------------------ |
| `actions.statefulset.enabled` | Create an act runner StatefulSet. | `false` |
pat-s commented 2024-02-11 11:39:58 +00:00
Member
Copy Link

I'd suggest using actions.enabled as a global flag for enabling actions.

I'd suggest using `actions.enabled` as a global flag for enabling actions.
dementhorr marked this conversation as resolved
README.md Outdated
@ -983,0 +997,4 @@
| `actions.statefulset.actRunnerImage.tag` | The Gitea act runner tag | `0.2.6` |
| `actions.statefulset.actRunnerImage.pullPolicy` | The Gitea act runner pullPolicy | `IfNotPresent` |
| `actions.statefulset.dindImage.repository` | The Docker-in-Docker image | `docker` |
| `actions.statefulset.dindImage.tag` | The Docker-in-Docker image tag | `24.0.7-dind` |
pat-s commented 2024-02-11 11:40:17 +00:00
Member
Copy Link

let's bump to 25.0.2

let's bump to 25.0.2
dementhorr marked this conversation as resolved
templates/_helpers.tpl
@ -47,1 +47,4 @@
{{/*
Create a default worker name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
pat-s commented 2024-02-11 11:42:33 +00:00
Member
Copy Link

I'd leave this comment out as it's too k8s-internal-specific and might cause more confusion than it possibly helps. We also don't have stdout comments in other places and I haven't seen any other chart doing this.

I'd leave this comment out as it's too k8s-internal-specific and might cause more confusion than it possibly helps. We also don't have stdout comments in other places and I haven't seen any other chart doing this.
dementhorr marked this conversation as resolved
templates/gitea/act_runner/config-scripts.yaml Outdated
@ -0,0 +1,11 @@
{{- if and (and .Values.actions.job.enabled .Values.persistence.enabled) .Values.persistence.mount }}
pat-s commented 2024-02-11 11:46:38 +00:00
Member
Copy Link

Would the non-creation of this part still lead to a functional actions?
If not, I would suggest to only condition essential parts on actions.enabled.

Would the non-creation of this part still lead to a functional actions? If not, I would suggest to only condition essential parts on `actions.enabled`.
dementhorr commented 2024-02-23 18:33:11 +00:00
Author
First-time contributor
Copy Link

In the current chart format, you can use the act-runner without the job and the persistence volumes if you manually generate the token (via Web UI or running a shell command into the pod) and save it to a Secret. After that you can specify actions.existingSecret and actions.existingSecretKey.

In the current chart format, you can use the `act-runner` without the job and the persistence volumes if you manually generate the `token` (via Web UI or running a shell command into the pod) and save it to a Secret. After that you can specify `actions.existingSecret` and `actions.existingSecretKey`.
values.yaml Outdated
@ -334,0 +380,4 @@
config: ""
runnerLabels: ""
actRunnerImage:
pat-s commented 2024-02-11 11:52:23 +00:00
Member
Copy Link

I'd remove the Image part from the name. Same for dind.

I'd remove the `Image` part from the name. Same for `dind`.
dementhorr marked this conversation as resolved
pat-s commented 2024-02-11 11:54:17 +00:00
Member
Copy Link

I don't think that using a deployment with a RWX would work since the Gitea act runner would create a .runner file in the current working directory and as soon as another pod would start it will overwrite that file. Maybe there is a way to create a new dir for each runner and change the dir with workingDir to match the hostname, but I think it would make the chart more complicated.

Yes, this would not make sense. I also didn't mean it that way, i.e. using RWX across all agents. I just explained the general "use" or deployment/statefulset and their possible combinations. E.g. for Gitea itself deployment + RWX makes a lot of sense as each deployment should share the same underlying files but can still act as an independent deployment resource.

In my opinion we should either stick with the StatefulSet with a very small volume to accomodate the .runner file, or switch to Deployment without any volumes, and maybe in the future Gitea will do some garbage collection to delete inactive runners.

I agree. Given that we don't now if the GC will ever happen, let's go with a STS and a small RWO volume.

Dind: In WP the buildx plugin is used which spawns the docker engine itself in the image, so no additional sidecar/service is needed. With GA, one needs to bring the docker engine yourself. So yes, in this case a dind sidecar is needed. So it's not about pod vs. container (btw in WP currently each step is it's own distinct pod but that will likely change) but about "who brings the docker engine". An alternative might actually be podman which could be included in the base image for the runner and then wouldn't require an additional service to boot up first. But this is another topic.

Moving forward: I assume you have tested this branch already and are likely also using it since some time? I think we are not too far from a merge, though I would definitely want to have a review from @justusbunsi too. He usually sees things I don't see 😄

> I don't think that using a deployment with a RWX would work since the Gitea act runner would create a .runner file in the current working directory and as soon as another pod would start it will overwrite that file. Maybe there is a way to create a new dir for each runner and change the dir with workingDir to match the hostname, but I think it would make the chart more complicated. Yes, this would not make sense. I also didn't mean it that way, i.e. using RWX across all agents. I just explained the general "use" or deployment/statefulset and their possible combinations. E.g. for Gitea itself deployment + RWX makes a lot of sense as each deployment should share the same underlying files but can still act as an independent deployment resource. > In my opinion we should either stick with the StatefulSet with a very small volume to accomodate the .runner file, or switch to Deployment without any volumes, and maybe in the future Gitea will do some garbage collection to delete inactive runners. I agree. Given that we don't now if the GC will ever happen, let's go with a STS and a small RWO volume. Dind: In WP the `buildx` plugin is used which spawns the docker engine itself in the image, so no additional sidecar/service is needed. With GA, [one needs to bring the docker engine yourself](https://docs.gitea.com/next/usage/actions/act-runner/#requirements). So yes, in this case a `dind` sidecar is needed. So it's not about pod vs. container (btw in WP currently each step is it's own distinct pod but that will likely change) but about "who brings the docker engine". An alternative might actually be `podman` which could be included in the base image for the runner and then wouldn't require an additional service to boot up first. But this is another topic. Moving forward: I assume you have tested this branch already and are likely also using it since some time? I think we are not too far from a merge, though I would definitely want to have a review from @justusbunsi too. He usually sees things I don't see 😄
dementhorr commented 2024-02-11 15:29:21 +00:00
Author
First-time contributor
Copy Link

I just found a setting in the Site Administration > Runners where one can edit current runners (including deleting inactive runners). I haven't found a downside to having inactive runners (just that they clutter the UI), so there is a way to delete them for estetic purposes.

I also have change the code from StatefulSet > Deployment. I can revert the commit if you prefer the StatefulSet.

I just found a setting in the `Site Administration` > `Runners` where one can edit current runners (including deleting inactive runners). I haven't found a downside to having inactive runners (just that they clutter the UI), so there is a way to delete them for estetic purposes. I also have change the code from StatefulSet > Deployment. I can revert the commit if you prefer the StatefulSet.
dementhorr added 1 commit 2024-02-11 15:29:30 +00:00
Changed actions from StatefulSet to Deployment
All checks were successful
check-and-test / check-and-test (pull_request) Successful in 36s
Details
e8aedb258c
pat-s commented 2024-02-13 09:14:19 +00:00
Member
Copy Link

I haven't found a downside to having inactive runners (just that they clutter the UI), so there is a way to delete them for estetic purposes.

They also clutter the DB at some point. When running in HA and frequent pod movements, the number can get quite large quickly.

I also have change the code from StatefulSet > Deployment. I can revert the commit if you prefer the StatefulSet.

I think a statefulset with a small RWO volume would be my preference right now.

> I haven't found a downside to having inactive runners (just that they clutter the UI), so there is a way to delete them for estetic purposes. They also clutter the DB at some point. When running in HA and frequent pod movements, the number can get quite large quickly. > I also have change the code from StatefulSet > Deployment. I can revert the commit if you prefer the StatefulSet. I think a statefulset with a small RWO volume would be my preference right now.
dementhorr added 1 commit 2024-02-14 18:14:45 +00:00
Revert "Changed actions from StatefulSet to Deployment" 
This reverts commit e8aedb258c.
All checks were successful
check-and-test / check-and-test (pull_request) Successful in 36s
Details
32cd9a846a
pat-s commented 2024-02-15 19:47:05 +00:00
Member
Copy Link

@dementhorr Thanks so far!

Open points:

  • Review comments

  • README documentation

  • Review from Justus

@dementhorr Did you already test this on a cluster of yours?

I think it would also be good if we would store a dev-focused tech-documentation alongside the templates, i.e. how all components play together, especially all the jobs and scripts.

@dementhorr Thanks so far! Open points: - [ ] Review comments - [ ] README documentation - [ ] Review from Justus @dementhorr Did you already test this on a cluster of yours? I think it would also be good if we would store a dev-focused tech-documentation alongside the templates, i.e. how all components play together, especially all the jobs and scripts.
CaptainMayotoast commented 2024-02-22 13:09:00 +00:00
First-time contributor
Copy Link

Hello! I am interested in testing this Actions runners addition and would be happy to share/help solve bugs that may crop up. Thanks to @dementhorr and @pat-s for your contributions to this feature - deploying runners easily and in an automated fashion would be great!

Hello! I am interested in testing this Actions runners addition and would be happy to share/help solve bugs that may crop up. Thanks to @dementhorr and @pat-s for your contributions to this feature - deploying runners easily and in an automated fashion would be great!
👍 1
dementhorr added 1 commit 2024-02-23 18:30:17 +00:00
Added tech-documentation for the Job
Some checks failed
check-and-test / check-and-test (pull_request) Failing after 30s
Details
3aacc83f10
dementhorr added 1 commit 2024-02-23 18:52:27 +00:00
Fixed unittests
Some checks failed
check-and-test / check-and-test (pull_request) Failing after 27s
Details
e4d11028a7
dementhorr commented 2024-02-23 18:56:13 +00:00
Author
First-time contributor
Copy Link

I have added documentation for the Job. I don't know exactly where to place it.
I have tested the chart on my cluster and it works fine.

I have added documentation for the Job. I don't know exactly where to place it. I have tested the chart on my cluster and it works fine.
👍 1
dementhorr added 1 commit 2024-02-24 14:33:08 +00:00
chore(deps): update subcharts (minor & patch) (#613) 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [postgresql](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/postgresql)) | minor | `13.3.1` -> `13.4.6` |
| [postgresql-ha](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/postgresql-ha)) | minor | `12.7.0` -> `12.8.2` |
| [redis-cluster](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/redis-cluster)) | minor | `9.2.1` -> `9.5.20` |

---

📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNDAuMTQiLCJ1cGRhdGVkSW5WZXIiOiIzNy4xNDAuMTQiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=-->

Co-authored-by: pat-s <patrick.schratz@gmail.com>
Reviewed-on: #613
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
All checks were successful
check-and-test / check-and-test (pull_request) Successful in 35s
Details
e540b53719
pat-s commented 2024-03-03 20:56:14 +00:00
Member
Copy Link

@dementhorr Great, thanks for the feedback! I'll try to finish everything up in the next weeks. The plan is to include it into the release which ships v1.22 (1.22 is currently in feature freeze).

Given that it is disabled by default, we can see which issues occur and fix them in subsequent releases.

@justusbunsi Your review is still welcome. If you can't make it in time, we can also address your comments post-merge. Given the amount of work and discussion that went into this already, I think it would be good to release this to users with the next version.

@dementhorr Great, thanks for the feedback! I'll try to finish everything up in the next weeks. The plan is to include it into the release which ships v1.22 (1.22 is currently in feature freeze). Given that it is disabled by default, we can see which issues occur and fix them in subsequent releases. @justusbunsi Your review is still welcome. If you can't make it in time, we can also address your comments post-merge. Given the amount of work and discussion that went into this already, I think it would be good to release this to users with the next version.
justusbunsi commented 2024-03-04 15:55:53 +00:00
Member
Copy Link

Apologies for not responding earlier. Even with being pinged twice. I am not sure if I have enough time until Friday but would love to give my review the upcoming weekend. Afaik this should still be within the feature freeze time slot of Gitea 1.22. Does this work for everyone?

Apologies for not responding earlier. Even with being pinged twice. I am not sure if I have enough time until Friday but would love to give my review the upcoming weekend. Afaik this should still be within the feature freeze time slot of Gitea 1.22. Does this work for everyone?
👍 1
justusbunsi requested changes 2024-03-10 18:02:21 +00:00
justusbunsi left a comment
Member
Copy Link

Hi everyone. First of all, thank you @dementhorr for contributing to this Chart in general, and to propose Gitea Actions in particular. 👍 I appreciate every minute you already have put into it. And @pat-s for reviewing so far.

Its much more complex than first thought, so I'll split my review into 2 parts:

  • chart user perspective (this very review below)
  • technical perspective (will follow in the next days)
Hi everyone. First of all, thank you @dementhorr for contributing to this Chart in general, and to propose Gitea Actions in particular. 👍 I appreciate every minute you already have put into it. And @pat-s for reviewing so far. Its much more complex than first thought, so I'll split my review into 2 parts: - `chart user perspective` (this very review below) - `technical perspective` (will follow in the next days)
README.md Outdated
@ -980,6 +980,41 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
| `signing.privateKey` | Inline private gpg key for signed Gitea actions | `""` |
| `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""` |
### Gitea Actions
justusbunsi commented 2024-03-10 15:35:38 +00:00
Member
Copy Link

This section misses a Table-of-content reference at the top of this file.

This section misses a Table-of-content reference at the top of this file.
dementhorr marked this conversation as resolved
readme-actions-dev.md Outdated
@ -0,0 +2,4 @@
In order to use the Gitea Actions act-runner you must:
- set the following environment variables to `deployment.env` (modify LOCAL_ROOT_URL if you used a different service name):
justusbunsi commented 2024-03-10 17:24:03 +00:00
Member
Copy Link

Obsolete documentation when considering https://gitea.com/gitea/helm-chart/pulls/596/files#issuecomment-811808

Obsolete documentation when considering https://gitea.com/gitea/helm-chart/pulls/596/files#issuecomment-811808
dementhorr marked this conversation as resolved
readme-actions-dev.md
@ -0,0 +13,4 @@
value: http://gitea-http:3000
```
- enable persistence (used for automatic deployment to be able to store the token in a place accessible for the Job)
justusbunsi commented 2024-03-10 17:23:56 +00:00
Member
Copy Link

Obsolete documentation when considering https://gitea.com/gitea/helm-chart/pulls/596/files#issuecomment-811808

Obsolete documentation when considering https://gitea.com/gitea/helm-chart/pulls/596/files#issuecomment-811808
dementhorr marked this conversation as resolved
templates/gitea/act_runner/config-act-runner.yaml Outdated
@ -0,0 +17,4 @@
log:
level: debug
cache:
enabled: false
justusbunsi commented 2024-03-10 15:52:25 +00:00
Member
Copy Link

Let's move the default config.yaml definition into values.yaml. That way it should be more obvious what content it should contain. And we eliminate the if-else here. 🙂

Let's move the default config.yaml definition into `values.yaml`. That way it should be more obvious what content it should contain. And we eliminate the if-else here. 🙂
dementhorr marked this conversation as resolved
templates/gitea/act_runner/statefulset.yaml Outdated
@ -0,0 +56,4 @@
- name: GITEA_INSTANCE_URL
value: "http://{{ include "gitea.fullname" . }}-http:{{ .Values.service.http.port }}"
- name: GITEA_RUNNER_LABELS
value: "{{ .Values.actions.statefulset.runnerLabels | default "ubuntu-latest" }}"
justusbunsi commented 2024-03-10 16:16:35 +00:00
Member
Copy Link

Let's move the default value into values.yaml. Eliminates the default usage here. 🙂

As an alternative thought: I've noticed that when running act_runner generate-config, you'll get a yaml structure where you can define a list of labels for the runner via runner.labels. Was there a reason for providing the labels as environment variable instead through the config.yaml? If not - and given the fact that it works - I suggest to move ubuntu-latest into the config.yaml and drop this environment variable and its values.yaml spec entirely.

Let's move the default value into `values.yaml`. Eliminates the default usage here. 🙂 As an alternative thought: I've noticed that when running `act_runner generate-config`, you'll get a yaml structure where you can define a list of labels for the runner via `runner.labels`. Was there a reason for providing the labels as environment variable instead through the config.yaml? If not - and given the fact that it works - I suggest to move `ubuntu-latest` into the config.yaml and drop this environment variable and its values.yaml spec entirely.
dementhorr marked this conversation as resolved
templates/gitea/act_runner/statefulset.yaml Outdated
@ -0,0 +80,4 @@
- name: DOCKER_CERT_PATH
value: /certs/server
securityContext:
# allowPrivilegeEscalation: true
justusbunsi commented 2024-03-10 16:43:52 +00:00
Member
Copy Link

Is this comment a left-over from testing?

Is this comment a left-over from testing?
dementhorr commented 2024-03-19 15:43:06 +00:00
Author
First-time contributor
Copy Link

yes

yes
dementhorr marked this conversation as resolved
values.yaml Outdated
@ -333,1 +333,4 @@
# Configure Gitea Actions
# - must enable persistence if the job is enabled
# - must define deployment.env.GITEA__ACTIONS__ENABLED and GITEA__SERVER__LOCAL_ROOT_URL
justusbunsi commented 2024-03-10 17:23:10 +00:00
Member
Copy Link

As mentioned for GITEA__ACTIONS__ENABLED in https://gitea.com/gitea/helm-chart/pulls/596/files#issuecomment-811807, these preconditions should be part of the templating logic.

  • Applying the chart must throw an error when actions.enabled: true and at the same time persistence.enabled: false.
  • Isn't GITEA__SERVER__LOCAL_ROOT_URL what is also dynamically built in templates/gitea/act_runner/statefulset.yaml for GITEA_INSTANCE_URL? We can define that environment variable for the user via helpers.tpl, too.
As mentioned for `GITEA__ACTIONS__ENABLED` in https://gitea.com/gitea/helm-chart/pulls/596/files#issuecomment-811807, these preconditions should be part of the templating logic. - Applying the chart must throw an error when `actions.enabled: true` and at the same time `persistence.enabled: false`. - Isn't `GITEA__SERVER__LOCAL_ROOT_URL` what is also dynamically built in `templates/gitea/act_runner/statefulset.yaml` for `GITEA_INSTANCE_URL`? We can define that environment variable for the user via [helpers.tpl](https://gitea.com/gitea/helm-chart/src/branch/main/templates/_helpers.tpl#L260), too.
dementhorr commented 2024-03-19 15:48:10 +00:00
Author
First-time contributor
Copy Link

The chart must throw an error when actions.provisioning.enabled: true and persistence.enabled: false. Otherwise actions.enabled: true with persistence.enabled: false is valid if actions.existingSecret and actions.existingSecretKey is defined. I have modified the readme-actions-dev.md file.

I wasn't able to modify the GITEA_INSTANCE_URL using the .Values.gitea.config.actions variable from _helpers.tpl.

The chart must throw an error when `actions.provisioning.enabled: true` and `persistence.enabled: false`. Otherwise `actions.enabled: true` with `persistence.enabled: false` is valid if `actions.existingSecret` and `actions.existingSecretKey` is defined. I have modified the `readme-actions-dev.md` file. I wasn't able to modify the `GITEA_INSTANCE_URL` using the `.Values.gitea.config.actions` variable from `_helpers.tpl`.
justusbunsi commented 2024-03-19 17:08:33 +00:00
Member
Copy Link

My initial comment was misleading - just realized that now. I didn't mean we should set GITEA_INSTANCE_URL via _helpers.tpl. This value is not known to the app.ini. But GITEA__SERVER__LOCAL_ROOT_URL is. And since the value for both environment variables are identical, there is no technical reason to define one but let the user define the other. 🙂
Sorry for that confusion.

My initial comment was misleading - just realized that now. I didn't mean we should set `GITEA_INSTANCE_URL` via `_helpers.tpl`. This value is not known to the `app.ini`. But `GITEA__SERVER__LOCAL_ROOT_URL` is. And since the value for both environment variables are identical, there is no technical reason to define one but let the user define the other. 🙂 Sorry for that confusion.
values.yaml Outdated
@ -334,0 +343,4 @@
## @param actions.statefulset.nodeSelector NodeSelector for the statefulset
## @param actions.statefulset.tolerations Tolerations for the statefulset
## @param actions.statefulset.affinity Affinity for the statefulset
## @param actions.statefulset.config Act runner custom configuration.
justusbunsi commented 2024-03-10 15:56:02 +00:00
Member
Copy Link

Suggestion:

- ## @param actions.statefulset.config Act runner custom configuration.
+ ## @param actions.statefulset.config Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details.

Or, combined with https://gitea.com/gitea/helm-chart/pulls/596/files#issuecomment-811801 (to prevent broken README generation 😆):

- ## @param actions.statefulset.config Act runner custom configuration.
+ ## @param actions.statefulset.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details.
Suggestion: ```diff - ## @param actions.statefulset.config Act runner custom configuration. + ## @param actions.statefulset.config Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. ``` Or, combined with https://gitea.com/gitea/helm-chart/pulls/596/files#issuecomment-811801 (to prevent broken README generation 😆): ```diff - ## @param actions.statefulset.config Act runner custom configuration. + ## @param actions.statefulset.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. ```
dementhorr marked this conversation as resolved
values.yaml Outdated
@ -334,0 +344,4 @@
## @param actions.statefulset.tolerations Tolerations for the statefulset
## @param actions.statefulset.affinity Affinity for the statefulset
## @param actions.statefulset.config Act runner custom configuration.
## @param actions.statefulset.runnerLabels Act runner labels.
justusbunsi commented 2024-03-10 16:02:41 +00:00
Member
Copy Link

Suggestion:

- ## @param actions.statefulset.runnerLabels Act runner labels.
+ ## @param actions.statefulset.runnerLabels Act runner labels. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#labels) for details.
Suggestion: ```diff - ## @param actions.statefulset.runnerLabels Act runner labels. + ## @param actions.statefulset.runnerLabels Act runner labels. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#labels) for details. ```
dementhorr marked this conversation as resolved
values.yaml Outdated
@ -334,0 +367,4 @@
## @param actions.existingSecret Secret that contains the token
## @param actions.existingSecretKey Secret key
actions:
enabled: false
justusbunsi commented 2024-03-10 17:05:51 +00:00
Member
Copy Link

The current approach of only documenting what a chart user has to do manually is not ideal. Setting actions.enabled: true should automatically configure the instance to have enable Gitea Actions. Means, it should either define gitea.config.actions.enabled as provided inline values while templating, or inject the environment variable GITEA__ACTIONS__ENABLED=true to the app.ini processing.

To keep the amount of injected envs as low as possible, I would prefer we do it via inline values. There already is a method for that in helpers.tpl defining other default values. Here, we also can detect conflicting configurations (e.g. actions.enabled: true and user-defined inline gitea.config.actions.enabled: false) and fail the templating process with an appropriate error message.

Making that part of the chart logic reduces usage errors.

The current approach of only documenting what a chart user has to do manually is not ideal. Setting `actions.enabled: true` should automatically configure the instance to have enable _Gitea Actions_. Means, it should either define `gitea.config.actions.enabled` as provided inline values while templating, or inject the environment variable `GITEA__ACTIONS__ENABLED=true` to the app.ini processing. To keep the amount of injected envs as low as possible, I would prefer we do it via inline values. There already is a method for that in [helpers.tpl](https://gitea.com/gitea/helm-chart/src/branch/main/templates/_helpers.tpl#L260) defining other default values. Here, we also can detect conflicting configurations (e.g. `actions.enabled: true` and user-defined inline `gitea.config.actions.enabled: false`) and fail the templating process with an appropriate error message. Making that part of the chart logic reduces usage errors.
dementhorr marked this conversation as resolved
values.yaml Outdated
@ -334,0 +377,4 @@
affinity: {}
config: ""
runnerLabels: ""
justusbunsi commented 2024-03-10 16:40:04 +00:00
Member
Copy Link

Since config and runnerLabels are only used within the actRunner container, we should move those values settings into actions.statefulset.actRunner to make that clear. It also gives a better understanding for administrators.

Since `config` and `runnerLabels` are only used within the `actRunner` container, we should move those values settings into `actions.statefulset.actRunner` to make that clear. It also gives a better understanding for administrators.
dementhorr marked this conversation as resolved
values.yaml Outdated
@ -334,0 +390,4 @@
pullPolicy: IfNotPresent
job:
enabled: false
justusbunsi commented 2024-03-10 17:40:54 +00:00
Member
Copy Link

Since job.enabled: true basically means to automatically connect the runner to Gitea, I suggest renaming the object from job to provisioning or autoConnect. That makes it easier for users to understand its purpose. The fact its a Kubernetes Job is not important for users.

Since `job.enabled: true` basically means to automatically connect the runner to Gitea, I suggest renaming the object from `job` to `provisioning` or `autoConnect`. That makes it easier for users to understand its purpose. The fact its a Kubernetes Job is not important for users.
dementhorr marked this conversation as resolved
dementhorr added 1 commit 2024-03-19 15:39:07 +00:00
Refractored code
All checks were successful
check-and-test / check-and-test (pull_request) Successful in 37s
Details
d7de52a309
dementhorr added 1 commit 2024-03-19 15:42:44 +00:00
Fixed readme
All checks were successful
check-and-test / check-and-test (pull_request) Successful in 31s
Details
24de019dca
justusbunsi reviewed 2024-03-19 17:15:52 +00:00
templates/_helpers.tpl
@ -321,6 +345,15 @@ https
{{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}}
{{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}}
{{- end -}}
{{- if not .Values.gitea.config.actions.GITEA__ACTIONS__ENABLED -}}
justusbunsi commented 2024-03-19 17:15:52 +00:00
Member
Copy Link

The whole actions related app.ini block is rendered when running helm template my-release ., although it is disabled by default. Looks like this check is missing. And a test that covers this.

The whole actions related `app.ini` block is rendered when running `helm template my-release .`, although it is disabled by default. Looks like this check is missing. And a test that covers this.
vjm commented 2024-04-30 14:14:19 +00:00
First-time contributor
Copy Link

Any help needed on this? I’d be happy to contribute

Any help needed on this? I’d be happy to contribute
pat-s commented 2024-05-02 08:27:51 +00:00
Member
Copy Link

We haven't heard from @dementhorr for two months now. A lot of time was already put in. The current state is a bit unclear.

@vjm If you want to continue, maybe use a separate PR based on this one to continue. This would allow @dementhorr to eventually continue here.

We haven't heard from @dementhorr for two months now. A lot of time was already put in. The current state is a bit unclear. @vjm If you want to continue, maybe use a separate PR based on this one to continue. This would allow @dementhorr to eventually continue here.
ogdabou commented 2024-05-15 10:42:45 +00:00
First-time contributor
Copy Link

Hey 👋

What requirements are left to be achieved in order to merge it ?

From the comments I can see:

  • Renovate for busybox / publish image
  • Do not generate _helpers part related to actions when actions.enabled: false. @justusbunsi you seem to have suggested to test that, right ? I'm not familiar with unittest, does it means testing the helpers.yaml file output ?
  • Clean decommissioned runners. I don't see any API endpoint to do so, how could it be achieved ?
    If it cannot, it is required to ship this chart ?
  • Rebase with main

Is moving from statefulset to deployments a requirement ?

Hey 👋 What requirements are left to be achieved in order to merge it ? From the comments I can see: - [ ] Renovate for busybox / publish image - [ ] Do not generate _helpers part related to `actions` when `actions.enabled: false`. @justusbunsi you seem to have suggested to test that, right ? I'm not familiar with `unittest`, does it means testing the `helpers.yaml` file output ? - [ ] Clean decommissioned runners. I don't see any API endpoint to do so, how could it be achieved ? If it cannot, it is required to ship this chart ? - [ ] Rebase with main Is moving from statefulset to deployments a requirement ?
All checks were successful
check-and-test / check-and-test (pull_request) Successful in 31s
Required
Details
This pull request has changes conflicting with the target branch.
  • Chart.lock
  • Chart.yaml
  • unittests/dependency-major-image-check.yaml
View command line instructions.

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u gitea-actions:dementhorr-gitea-actions
git checkout dementhorr-gitea-actions
Sign in to join this conversation.
Reviewers
No reviewers
justusbunsi
Labels
Clear labels   
has
backport

  
in progress

   
invalid
  
kind
breaking

  
kind
bug

  
kind
build

  
kind
dependency

  
kind
deployment

  
kind
docs

  
kind
enhancement

  
kind
feature

  
kind
lint

  
kind
proposal

  
kind
question

  
kind
refactor

  
kind
security

  
kind
testing

  
kind
translation

  
kind
ui

  
need
backport

  
priority
critical

  
priority
low

  
priority
maybe

  
priority
medium

  
reviewed
duplicate

  
reviewed
invalid

  
reviewed
wontfix

  
skip-changelog
  
status
blocked

  
status
needs-feedback

  
status
needs-reviews

  
status
wip

  
upstream
gitea

  
upstream
other

No Label
has
backport
in progress
invalid
kind
breaking
kind
bug
kind
build
kind
dependency
kind
deployment
kind
docs
kind
enhancement
kind
feature
kind
lint
kind
proposal
kind
question
kind
refactor
kind
security
kind
testing
kind
translation
kind
ui
need
backport
priority
critical
priority
low
priority
maybe
priority
medium
reviewed
duplicate
reviewed
invalid
reviewed
wontfix
skip-changelog
status
blocked
status
needs-feedback
status
needs-reviews
status
wip
upstream
gitea
upstream
other
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
6 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: gitea/helm-chart#596
No description provided.
Delete Branch "dementhorr/helm-chart:gitea-actions"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?