chore(deps): update gitea chart from 8.3.0 to 10.0.0 (#2123)

## Description We would like to update the helm chart version of Gitea from 8.3.0 to 10.0.0. This will allow users to use the latest IB gitea image (v1.20.5), which is currently the only IB gitea image that received the necessary fix for working with the gitea helm chart (https://repo1.dso.mil/dsop/opensource/go-gitea/gitea/-/issues/98). We tested the v1.20.5 IB image with the 8.3.0 chart and the Gitea pod fails because of a breaking change in the init-app-ini initContainer, which passes a flag (that no longer exists) to the environment-to-ini command. This error is resolved by using the 9.5.1 chart (or later). This update requires several changes to the gitea values, which you can read more about in the [gitea chart upgrading docs](https://gitea.com/gitea/helm-chart#upgrading). ### Manual Testing * created zarf init with chart and values updates (with upstream gitea image and with IB gitea image) * deployed new init pkg on local k3d cluster * deployed DUBBD 0.11.1 on top successfully ## Related Issue TBD... ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --------- Co-authored-by: Wayne Starr <[email protected]>
zarf-dev · Dec 19, 2023 · 8a1c10b · 8a1c10b
1 parent d4bc36b
commit 8a1c10b
Show file tree

Hide file tree

Showing 12 changed files with 197 additions and 119 deletions.
diff --git a/docs/5-zarf-tutorials/8-custom-init-packages.md b/docs/5-zarf-tutorials/8-custom-init-packages.md
@@ -91,11 +91,10 @@ $ zarf package create . \
 --set REGISTRY_IMAGE_TAG=2.8.3 \
 --set REGISTRY_IMAGE="opensource/registry" \
 --set REGISTRY_IMAGE_DOMAIN="custom.enterprise.corp" \
---set GITEA_IMAGE="custom.enterprise.corp/opensource/gitea" \
---set GITEA_SERVER_VERSION="v1.19.3"
+--set GITEA_IMAGE="custom.enterprise.corp/opensource/gitea:v1.21.0-rootless"
 ```
 
-⚠️ - The Gitea image and version are different than the Agent and Registry in that Zarf will always prefer the `rootless` version of a given server image. This means that the above reference would template out to be `custom.enterprise.corp/opensource/gitea:v1.19.3-rootless`. If you need to change this, edit the `packages/gitea` package.
+⚠️ - The Gitea image is different from the Agent and Registry in that Zarf will always prefer the `rootless` version of a given server image. The image no longer must be tagged with `-rootless`, but it still needs to implement the [Gitea configuration of a rootless image](https://github.com/go-gitea/gitea/blob/main/Dockerfile.rootless). If you need to change this, edit the `packages/gitea` package.
 
 You can find all of the `--set` configurations by looking at the `zarf-config.toml` in the root of the repository.
 

diff --git a/packages/gitea/gitea-values.yaml b/packages/gitea/gitea-values.yaml
@@ -1,11 +1,12 @@
 persistence:
   storageClass: "###ZARF_STORAGE_CLASS###"
-  existingClaim: "###ZARF_VAR_GIT_SERVER_EXISTING_PVC###"
+  claimName: "###ZARF_VAR_GIT_SERVER_EXISTING_PVC###"
   size: "###ZARF_VAR_GIT_SERVER_PVC_SIZE###"
   accessModes:
     - "###ZARF_VAR_GIT_SERVER_PVC_ACCESS_MODE###"
+  create: ###ZARF_VAR_GIT_SERVER_CREATE_PVC###
 
-replicaCount: "###ZARF_VAR_GIT_SERVER_REPLICA_COUNT###"
+replicaCount: ###ZARF_VAR_GIT_SERVER_REPLICA_COUNT###
 
 gitea:
   admin:
@@ -29,6 +30,12 @@ gitea:
     repository:
       ENABLE_PUSH_CREATE_USER: true
       FORCE_PRIVATE: true
+    session:
+      PROVIDER: memory
+    cache:
+      ADAPTER: memory
+    queue:
+      TYPE: level
 resources:
   requests:
     cpu: "###ZARF_VAR_GIT_SERVER_CPU_REQ###"
@@ -37,13 +44,12 @@ resources:
     cpu: "###ZARF_VAR_GIT_SERVER_CPU_LIMIT###"
     memory: "###ZARF_VAR_GIT_SERVER_MEM_LIMIT###"
 
-memcached:
-  enabled: false
+image:
+  fullOverride: "###ZARF_CONST_GITEA_IMAGE###"
+  rootless: true
 
-postgresql:
+postgresql-ha:
   enabled: false
 
-image:
-  repository: "###ZARF_CONST_GITEA_IMAGE###"
-  tag: "###ZARF_CONST_GITEA_SERVER_VERSION###"
-  rootless: true
+redis-cluster:
+  enabled: false
diff --git a/packages/gitea/zarf.yaml b/packages/gitea/zarf.yaml
@@ -5,7 +5,7 @@ metadata:
 variables:
   - name: GIT_SERVER_EXISTING_PVC
     description: "Optional: Use an existing PVC for the git server instead of creating a new one. If this is set, the GIT_SERVER_PVC_SIZE variable will be ignored."
-    default: ""
+    default: "data-zarf-gitea-0"
 
   - name: GIT_SERVER_PVC_SIZE
     description: The size of the persistent volume claim for the git server
@@ -42,16 +42,14 @@ variables:
 constants:
   - name: GITEA_IMAGE
     value: "###ZARF_PKG_TMPL_GITEA_IMAGE###"
-  - name: GITEA_SERVER_VERSION
-    value: "###ZARF_PKG_TMPL_GITEA_SERVER_VERSION###"
 
 components:
   - name: git-server
     description: |
       Deploys Gitea to provide git repositories for Kubernetes configurations.
       Required for GitOps deployments if no other git server is available.
     images:
-      - "###ZARF_PKG_TMPL_GITEA_IMAGE###:###ZARF_PKG_TMPL_GITEA_SERVER_VERSION###-rootless"
+      - "###ZARF_PKG_TMPL_GITEA_IMAGE###"
     manifests:
       - name: git-connect
         namespace: zarf
@@ -61,13 +59,24 @@ components:
       - name: gitea
         releaseName: zarf-gitea
         url: https://dl.gitea.io/charts
-        version: 8.3.0
+        version: 10.0.0
         namespace: zarf
         valuesFiles:
           - gitea-values.yaml
     actions:
       onDeploy:
+        before:
+          - cmd: ./zarf internal update-gitea-pvc --no-progress 
+            setVariables:
+              - name: GIT_SERVER_CREATE_PVC
+            mute: true
         after:
+          - wait:
+              cluster:
+                kind: pod
+                namespace: zarf
+                name: app=gitea
+                condition: Ready
           - cmd: ./zarf internal create-read-only-gitea-user --no-progress
             maxRetries: 3
             maxTotalSeconds: 60
@@ -76,9 +85,6 @@ components:
             maxRetries: 3
             maxTotalSeconds: 60
             description: Create an artifact registry token
-          - wait:
-              cluster:
-                kind: pod
-                namespace: zarf
-                name: app=gitea
-                condition: Ready
+
+        onFailure:
+          - cmd: ./zarf internal update-gitea-pvc --rollback --no-progress
diff --git a/src/cmd/internal.go b/src/cmd/internal.go
@@ -23,6 +23,10 @@ import (
 	"github.com/spf13/pflag"
 )
 
+var (
+	rollback bool
+)
+
 var internalCmd = &cobra.Command{
 	Use:    "internal",
 	Hidden: true,
@@ -196,6 +200,22 @@ var createPackageRegistryToken = &cobra.Command{
 	},
 }
 
+var updateGiteaPVC = &cobra.Command{
+	Use:   "update-gitea-pvc",
+	Short: lang.CmdInternalUpdateGiteaPVCShort,
+	Long:  lang.CmdInternalUpdateGiteaPVCLong,
+	Run: func(cmd *cobra.Command, args []string) {
+
+		// There is a possibility that the pvc does not yet exist and Gitea helm chart should create it
+		helmShouldCreate, err := git.UpdateGiteaPVC(rollback)
+		if err != nil {
+			message.WarnErr(err, lang.CmdInternalUpdateGiteaPVCErr)
+		}
+
+		fmt.Print(helmShouldCreate)
+	},
+}
+
 var isValidHostname = &cobra.Command{
 	Use:   "is-valid-hostname",
 	Short: lang.CmdInternalIsValidHostnameShort,
@@ -229,8 +249,11 @@ func init() {
 	internalCmd.AddCommand(genTypesSchemaCmd)
 	internalCmd.AddCommand(createReadOnlyGiteaUser)
 	internalCmd.AddCommand(createPackageRegistryToken)
+	internalCmd.AddCommand(updateGiteaPVC)
 	internalCmd.AddCommand(isValidHostname)
 	internalCmd.AddCommand(computeCrc32)
+
+	updateGiteaPVC.Flags().BoolVarP(&rollback, "rollback", "r", false, lang.CmdInternalFlagUpdateGiteaPVCRollback)
 }
 
 func addHiddenDummyFlag(cmd *cobra.Command, flagDummy string) {

diff --git a/src/cmd/tools/zarf.go b/src/cmd/tools/zarf.go
@@ -146,7 +146,8 @@ var updateCredsCmd = &cobra.Command{
 				}
 			}
 			if slices.Contains(args, message.GitKey) && newState.GitServer.InternalServer {
-				err = h.UpdateZarfGiteaValues()
+				g := git.New(newState.GitServer)
+				err = g.UpdateZarfGiteaUsers(oldState)
 				if err != nil {
 					// Warn if we couldn't actually update the git server (it might not be installed and we should try to continue)
 					message.Warnf(lang.CmdToolsUpdateCredsUnableUpdateGit, err.Error())

diff --git a/src/config/lang/english.go b/src/config/lang/english.go
@@ -217,6 +217,12 @@ $ zarf init --artifact-push-password={PASSWORD} --artifact-push-username={USERNA
 		"This is called internally by the supported Gitea package component."
 	CmdInternalArtifactRegistryGiteaTokenErr = "Unable to create an artifact registry token for the Gitea service."
 
+	CmdInternalUpdateGiteaPVCShort = "Updates an existing Gitea persistent volume claim"
+	CmdInternalUpdateGiteaPVCLong  = "Updates an existing Gitea persistent volume claim by assessing if claim is a custom user provided claim or default." +
+		"This is called internally by the supported Gitea package component."
+	CmdInternalUpdateGiteaPVCErr          = "Unable to update the existing Gitea persistent volume claim."
+	CmdInternalFlagUpdateGiteaPVCRollback = "Roll back previous Gitea persistent volume claim updates."
+
 	CmdInternalIsValidHostnameShort = "Checks if the current machine's hostname is RFC1123 compliant"
 	CmdInternalIsValidHostnameErr   = "The hostname '%s' is not valid. Ensure the hostname meets RFC1123 requirements https://www.rfc-editor.org/rfc/rfc1123.html."