From 1b3cc64953114e7d687f7c63ae0333e0de4ca462 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Sat, 26 Jun 2021 10:59:06 +0200 Subject: [PATCH 1/2] Standardize .gnupg folder location The `HOME` path is not persistent when using the rootless image, so the `.gnupg` folder isn't either. Since the chart always used `/data/...` as mount point for storage of all kinds, it is a minimal impact to just relocate the dynamic `$HOME/.gnupg` folder location to the persistent `/data/git/.gnupg`. This is where the signing keys are stored when running root based environments. Doing so will - allow migrations between both image variants - persist signing keys for rootless environments Fixes: #155 --- templates/gitea/statefulset.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index b232478..78fd26a 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -120,6 +120,8 @@ spec: value: /tmp/gitea - name: TMPDIR value: /tmp/gitea + - name: GNUPGHOME + value: /data/git/.gnupg {{- if .Values.statefulset.env }} {{- toYaml .Values.statefulset.env | nindent 12 }} {{- end }} -- 2.40.1 From fa9a02b6af7cce49f5430f0f6a39b2e41339fb22 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Mon, 28 Jun 2021 21:09:07 +0200 Subject: [PATCH 2/2] Introduce new `signing` configuration object To allow customizing the path for stored signing keys (and potentially other options), a new section in `values.yaml` got introduced. --- README.md | 11 +++++++++++ templates/gitea/statefulset.yaml | 4 +++- values.yaml | 4 ++++ 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5c567cb..b709d45 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,17 @@ Previously the ROOT folder for the gitea repositories was located at /data/git/g This chart will set the gitea.config.repository.ROOT value default to /data/git/gitea-repositories +## Configure Commit Signing + +When using the rootless image the gpg key folder was is not persistent by default. If you consider using signed commits for internal Gitea activities (e.g. initial commit), you'd need to provide a signing key. Prior to [PR 186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be re-imported once the container got replaced by another. +The mentioned PR introduced a new configuration object `signing` allowing you to configure prerequisites for commit signing. By default this section is disabled to maintain backwards compatibility. + +```yaml + signing: + enabled: false + gpgHome: /data/git/.gnupg +``` + ## Examples ### Gitea Configuration diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 78fd26a..2a53dd9 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -120,8 +120,10 @@ spec: value: /tmp/gitea - name: TMPDIR value: /tmp/gitea + {{- if .Values.signing.enabled }} - name: GNUPGHOME - value: /data/git/.gnupg + value: {{ .Values.signing.gpgHome }} + {{- end }} {{- if .Values.statefulset.env }} {{- toYaml .Values.statefulset.env | nindent 12 }} {{- end }} diff --git a/values.yaml b/values.yaml index ef0d804..d49d861 100644 --- a/values.yaml +++ b/values.yaml @@ -127,6 +127,10 @@ initPreScript: "" # chown -R git:git /data/git/.postgresql/ # chmod 400 /data/git/.postgresql/postgresql.key +# Configure commit/action signing prerequisites +signing: + enabled: false + gpgHome: /data/git/.gnupg gitea: admin: -- 2.40.1