gitea/helm-chart
45
55
Fork 125
Code Issues 32 Pull Requests 8 Actions Releases 87 Activity

Customizable .gnupg folder location #186

Merged
techknowlogick merged 3 commits from justusbunsi/helm-chart:persistent-signing-keys-in-rootless into master 2021-06-29 19:23:32 +00:00
Conversation 1 Commits 3 Files Changed 3 +19
3 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@ -40,6 +40,17 @@ Previously the ROOT folder for the gitea repositories was located at /data/git/g
This chart will set the gitea.config.repository.ROOT value default to /data/git/gitea-repositories
## Configure Commit Signing
When using the rootless image the gpg key folder was is not persistent by default. If you consider using signed commits for internal Gitea activities (e.g. initial commit), you'd need to provide a signing key. Prior to [PR 186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be re-imported once the container got replaced by another.
The mentioned PR introduced a new configuration object `signing` allowing you to configure prerequisites for commit signing. By default this section is disabled to maintain backwards compatibility.
```yaml
signing:
enabled: false
gpgHome: /data/git/.gnupg
```
## Examples
### Gitea Configuration

4
templates/gitea/statefulset.yaml
View File

@ -120,6 +120,10 @@ spec:
value: /tmp/gitea
- name: TMPDIR
value: /tmp/gitea
{{- if .Values.signing.enabled }}
- name: GNUPGHOME
justusbunsi marked this conversation as resolved
luhahn commented 2021-06-28 08:11:08 +00:00
Review
Copy Link

It might be better, if we're going to set the GNUPGHOME via values.
If, for example, someone already has the keys imported to the default location, they will most likely get an error when using the new default.

By providing this via values, they would be able to configure it by hand (If neccessary).

It might be better, if we're going to set the GNUPGHOME via values. If, for example, someone already has the keys imported to the default location, they will most likely get an error when using the new default. By providing this via values, they would be able to configure it by hand (If neccessary).
justusbunsi commented 2021-06-28 19:29:15 +00:00
Review
Copy Link

Good catch.

Good catch.
value: {{ .Values.signing.gpgHome }}
{{- end }}
{{- if .Values.statefulset.env }}
{{- toYaml .Values.statefulset.env | nindent 12 }}
{{- end }}

4
values.yaml
View File

@ -127,6 +127,10 @@ initPreScript: ""
# chown -R git:git /data/git/.postgresql/
# chmod 400 /data/git/.postgresql/postgresql.key
# Configure commit/action signing prerequisites
signing:
enabled: false
gpgHome: /data/git/.gnupg
gitea:
admin: